{"bugs":[],"categories":[{"categoryid":1490,"name":"acct-group","summary":"The acct-group category contains packages for system groups."},{"categoryid":1491,"name":"acct-user","summary":"The acct-user category contains packages for system users."},{"categoryid":393,"name":"dev-libs","summary":"The dev-libs category contains various miscellaneous programming libraries."},{"categoryid":320,"name":"net-libs","summary":"The net-libs category contains libraries that are network-related."},{"categoryid":451,"name":"net-misc","summary":"The net-misc category contains various miscellaneous networking tools and utilities."},{"categoryid":343,"name":"sys-apps","summary":"The sys-apps category contains various core system applications, and some non-core system applications which have not yet been moved out into other sys- categories."},{"categoryid":447,"name":"sys-auth","summary":"The sys-auth category contains applications and libraries to support authentication and authorization facilities. Here belongs PAM modules, NSS modules and login apps."},{"categoryid":363,"name":"sys-kernel","summary":"The sys-kernel category contains kernel source ebuilds and kernel-related tools."},{"categoryid":381,"name":"sys-libs","summary":"The sys-libs category contains various system-level libraries."},{"categoryid":325,"name":"sys-process","summary":"The sys-process category contains packages which query or manipulate processes. The 'cron' daemons are included in this."},{"categoryid":396,"name":"virtual","summary":"The virtual category contains packages which satisfy virtual dependencies."}],"changelog":[{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"88bfff7c7fb12ec3977c5a038695c437dc5b04ef","committime":"2026-01-05T17:00:52","packageid":78509,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean <chutzpah@gentoo.org>","commitid":"a98012b786ca3f6fbbed7e0eca743c02b3e651b8","committime":"2026-01-05T16:48:13","packageid":78509,"repoid":1,"summary":"net-misc\/pkixssh: add 17.2.2"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"5a1adb610b1d91ab6683cbe671e266f424224c16","committime":"2025-11-04T08:35:48","packageid":78509,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"mgorny@gentoo.org","authorname":"Michał Górny","body":"Update done using:\n\n```\ngit grep -l sys-libs\/zlib net-* | xargs sed -i -e s@sys-libs\/zlib@virtual\/zlib@g\ngit diff --name-only | xargs copybump\ngit diff --name-only | xargs grep -l PYTHON_COMPAT | xargs gpy-impl -@dead\npkgcheck scan --commits -c SourcingCheck,VisibilityCheck --exit error\n```\n\nFollowed by revert in net-misc\/turbovnc.\n\nSigned-off-by: Michał Górny <mgorny@gentoo.org>","commitid":"9e2a2f1a08f1368e1842b3b8f2d4e190bddee73c","committime":"2025-11-04T08:12:25","packageid":78509,"repoid":1,"summary":"net-*\/*: update for virtual\/zlib"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"1c9d89453bfff748c27aa7240bdf1f9355d7dcbb","committime":"2025-10-27T22:33:30","packageid":78509,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean <chutzpah@gentoo.org>","commitid":"9242e864c62f7e0db3f5b803df50ba60726acf1b","committime":"2025-10-27T22:18:03","packageid":78509,"repoid":1,"summary":"net-misc\/pkixssh: add 17.1.2"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"44ab3b7aff206ce60f6dc78f6881ac983ddca6b1","committime":"2025-10-07T18:18:47","packageid":78509,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean <chutzpah@gentoo.org>","commitid":"bbeec1f5361ff28206a9a359bd3895270f422799","committime":"2025-10-07T18:00:28","packageid":78509,"repoid":1,"summary":"net-misc\/pkixssh: add 17.1.1"},{"authoremail":"repomirrorci@gentoo.org","authorname":"Repository mirror & CI","commitid":"8359b09436d408dd701e4b6084775687b31b95a6","committime":"2025-09-05T20:18:46","packageid":78509,"repoid":1,"summary":"Merge updates from master"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean <chutzpah@gentoo.org>","commitid":"945ee0ffe23c4b13f4e76ad3eb8c03ee100fa369","committime":"2025-09-05T20:13:16","packageid":78509,"repoid":1,"summary":"net-misc\/pkixssh: Remove references to ssl USE flag"},{"authoremail":"chutzpah@gentoo.org","authorname":"Patrick McLean","body":"Signed-off-by: Patrick McLean <chutzpah@gentoo.org>","commitid":"ea14a9d9fdb0bba0389580525358512d102a1bd7","committime":"2025-09-05T20:09:46","packageid":78509,"repoid":1,"summary":"net-misc\/pkixssh: new package, add 17.0"}],"dependencies":[{"block":true,"categoryid":451,"description":"Port of OpenBSD's free SSH release","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssh","packageid":42420,"summary":"OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0."},{"block":false,"categoryid":325,"description":"Userspace utilities for storing and processing auditing records","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"robbat2@gentoo.org","name":"audit","packageid":42525},{"block":false,"categoryid":381,"description":"Linux-PAM (Pluggable Authentication Modules)","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"pam-bugs@gentoo.org","name":"pam","packageid":46798},{"block":false,"categoryid":393,"description":"Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssl","packageid":47630},{"block":false,"categoryid":381,"description":"SELinux userland library","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"selinux@gentoo.org","maintainername":"SELinux Team","name":"libselinux","packageid":48679,"summary":"Libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API."},{"block":false,"categoryid":363,"description":"Linux system headers","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"toolchain@gentoo.org","maintainername":"Gentoo Toolchain Project","name":"linux-headers","packageid":52472},{"block":false,"categoryid":393,"description":"BSD replacement for libreadline","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"bsd@gentoo.org","maintainername":"BSD Project","name":"libedit","packageid":53869,"summary":"GNU Readline is cool, but BSD Readline is cooler :) Thus here is libedit by the NetBSD folks! The glibc\/bsdlibc stuff comes from the debian tarball, thanks to them too :) The patch is handcrafted with a few ideas from libedit.sf.net and a few ideas from the debian package. This patch aims to be as small as possible (so as to make future cvs snapshots cake)."},{"block":false,"categoryid":320,"description":"Library that aims to simplify DNS programming in C","ebuildids":[874723,874723,874723,878195,878195,878195,880207,880207,880207,886129,886129,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"mschiff@gentoo.org","maintainername":"Marc Schiffbauer","name":"ldns","packageid":55577,"summary":"ldns is a library with the aim to simplify DNS programming in C. All lowlevel DNS\/DNSSEC operations are supported. We also define a higher level API which allows a programmer to (for instance) create or sign packets."},{"block":false,"categoryid":396,"description":"Virtual for Kerberos V implementation","ebuildids":[874723,878195,880207,886129],"firstseen":"2011-03-13T14:41:37.560066","maintainer":"kerberos@gentoo.org","maintainername":"Kerberos","name":"krb5","packageid":57087},{"block":false,"categoryid":396,"description":"Virtual for operating system headers","ebuildids":[874723,878195,880207,886129],"firstseen":"2011-04-14T14:38:49.700200","maintainer":"toolchain@gentoo.org","maintainername":"Gentoo Toolchain Project","name":"os-headers","packageid":57232},{"block":false,"categoryid":1490,"description":"System group: sshd","ebuildids":[874723,878195,880207,886129],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70786},{"block":false,"categoryid":1491,"description":"User for ssh","ebuildids":[874723,878195,880207,886129],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70787},{"block":false,"categoryid":396,"description":"Virtual for libcrypt.so","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2020-02-06T19:43:53.689104","name":"libcrypt","packageid":70797},{"block":true,"categoryid":451,"description":"Port of OpenBSD's free SSH release with HPN\/X509 patches","ebuildids":[874723,878195,880207,886129],"firstseen":"2023-05-11T21:20:47.473901","name":"openssh-contrib","packageid":76137,"summary":"OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. This package represents an effort to extend upstream OpenSSH with three big patchsets. WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have correctness issues. The patches are: * HPN (High performance SSH\/SCP) adds custom ciphers that allow for more aggressive buffering and\/or multithreading, leading to better network throughput. Many of these optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or because more CPU performant ciphers are being used in this day and age (ChaCha20). WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon. * SCTP patches by Patrick McLean. These enable SSH over SCTP. * X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for authenticating users. This patch series adds support for X509 certificates."},{"block":false,"categoryid":396,"description":"Virtual for libz.so providers","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2025-11-04T07:31:41.418357","name":"zlib","packageid":78605}],"depending":[{"block":false,"categoryid":396,"description":"Virtual for net-misc\/openssh and variants","ebuildids":[874724],"firstseen":"2023-05-11T21:20:47.473901","name":"openssh","packageid":76138}],"ebuilds":[{"archs":["~amd64"],"ebuildid":886129,"firstseen":"2026-01-05T17:04:46.637299","license":"BSD GPL-2","moddate":"2026-03-22T20:20:57","packageid":78509,"repoid":1,"slot":"0","uses":["abi_mips_n32","audit","debug","kerberos","ldns","libedit","livecd","pam","selinux","ssl-engine","static","test"],"version":"17.2.2"},{"archs":["~amd64"],"ebuildid":880207,"firstseen":"2025-10-27T22:45:01.632838","license":"BSD GPL-2","moddate":"2026-03-22T20:20:57","packageid":78509,"repoid":1,"slot":"0","uses":["abi_mips_n32","audit","debug","kerberos","ldns","libedit","livecd","pam","pie","selinux","ssl-engine","static","test","xmss"],"version":"17.1.2"},{"archs":["~amd64"],"ebuildid":878195,"firstseen":"2025-10-07T19:36:03.092466","license":"BSD GPL-2","moddate":"2026-03-22T20:20:57","packageid":78509,"repoid":1,"slot":"0","uses":["abi_mips_n32","audit","debug","kerberos","ldns","libedit","livecd","pam","pie","selinux","ssl-engine","static","test","xmss"],"version":"17.1.1"},{"archs":["~amd64"],"ebuildid":874723,"firstseen":"2025-09-05T21:38:30.040166","license":"BSD GPL-2","moddate":"2026-03-22T20:20:57","packageid":78509,"repoid":1,"slot":"0","uses":["abi_mips_n32","audit","debug","kerberos","ldns","libedit","livecd","pam","pie","selinux","ssl-engine","static","test","xmss"],"version":"17.0"}],"masks":[],"package":{"categoryid":451,"description":"OpenSSH fork with X.509 v3 certificate support","firstseen":"2025-09-05T21:38:30.040166","name":"pkixssh","packageid":78509},"rdependencies":[{"block":true,"categoryid":451,"description":"Port of OpenBSD's free SSH release","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssh","packageid":42420,"summary":"OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0."},{"block":false,"categoryid":325,"description":"Userspace utilities for storing and processing auditing records","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"robbat2@gentoo.org","name":"audit","packageid":42525},{"block":false,"categoryid":381,"description":"Linux-PAM (Pluggable Authentication Modules)","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"pam-bugs@gentoo.org","name":"pam","packageid":46798},{"block":false,"categoryid":393,"description":"Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"openssl","packageid":47630},{"block":false,"categoryid":381,"description":"SELinux userland library","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"selinux@gentoo.org","maintainername":"SELinux Team","name":"libselinux","packageid":48679,"summary":"Libselinux provides an API for SELinux applications to get and set process and file security contexts and to obtain security policy decisions. Required for any applications that use the SELinux API."},{"block":false,"categoryid":393,"description":"BSD replacement for libreadline","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"bsd@gentoo.org","maintainername":"BSD Project","name":"libedit","packageid":53869,"summary":"GNU Readline is cool, but BSD Readline is cooler :) Thus here is libedit by the NetBSD folks! The glibc\/bsdlibc stuff comes from the debian tarball, thanks to them too :) The patch is handcrafted with a few ideas from libedit.sf.net and a few ideas from the debian package. This patch aims to be as small as possible (so as to make future cvs snapshots cake)."},{"block":false,"categoryid":343,"description":"Utilities to deal with user accounts","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"base-system@gentoo.org","maintainername":"Gentoo Base System","name":"shadow","packageid":55072},{"block":false,"categoryid":447,"description":"PAM base configuration files","ebuildids":[874723,878195,880207,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"pam-bugs@gentoo.org","name":"pambase","packageid":55230},{"block":false,"categoryid":320,"description":"Library that aims to simplify DNS programming in C","ebuildids":[874723,874723,878195,878195,880207,880207,886129,886129],"firstseen":"2010-05-04T00:54:45.661860","maintainer":"mschiff@gentoo.org","maintainername":"Marc Schiffbauer","name":"ldns","packageid":55577,"summary":"ldns is a library with the aim to simplify DNS programming in C. All lowlevel DNS\/DNSSEC operations are supported. We also define a higher level API which allows a programmer to (for instance) create or sign packets."},{"block":false,"categoryid":396,"description":"Virtual for Kerberos V implementation","ebuildids":[874723,878195,880207,886129],"firstseen":"2011-03-13T14:41:37.560066","maintainer":"kerberos@gentoo.org","maintainername":"Kerberos","name":"krb5","packageid":57087},{"block":false,"categoryid":1490,"description":"System group: sshd","ebuildids":[874723,878195,880207,886129],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70786},{"block":false,"categoryid":1491,"description":"User for ssh","ebuildids":[874723,878195,880207,886129],"firstseen":"2020-02-05T02:48:51.569604","name":"sshd","packageid":70787},{"block":false,"categoryid":396,"description":"Virtual for libcrypt.so","ebuildids":[874723,878195,880207,886129],"firstseen":"2020-02-06T19:43:53.689104","name":"libcrypt","packageid":70797},{"block":true,"categoryid":451,"description":"Port of OpenBSD's free SSH release with HPN\/X509 patches","ebuildids":[874723,878195,880207,886129],"firstseen":"2023-05-11T21:20:47.473901","name":"openssh-contrib","packageid":76137,"summary":"OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods. The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included is sshd which is the server side of the package, and the other basic utilities like ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen and sftp-server. OpenSSH supports SSH protocol versions 1.3, 1.5, and 2.0. This package represents an effort to extend upstream OpenSSH with three big patchsets. WARNING: These patches are of lower quality than vanilla upstream OpenSSH and often have correctness issues. The patches are: * HPN (High performance SSH\/SCP) adds custom ciphers that allow for more aggressive buffering and\/or multithreading, leading to better network throughput. Many of these optimizations are not relevant anymore due to AEAD ciphers changing MAC nesting or because more CPU performant ciphers are being used in this day and age (ChaCha20). WARNING: HPN's multi-threaded AES CTR cipher is known to be broken and should not be relied upon. * SCTP patches by Patrick McLean. These enable SSH over SCTP. * X509 patches by Roumen Petrov. OpenSSH upstream will never support standard PKIs for authenticating users. This patch series adds support for X509 certificates."},{"block":false,"categoryid":396,"description":"Virtual for libz.so providers","ebuildids":[874723,878195,880207,886129],"firstseen":"2025-11-04T07:31:41.418357","name":"zlib","packageid":78605}],"repos":[{"branch":"master","lastcommit":"f87ce2b74421571078063820dc1065e7089c9fa7","name":"gentoo","path":"\/usr\/portage","repoid":1,"upstream":"origin"}],"tracked":false,"urls":["https:\/\/roumenpetrov.info\/secsh\/"],"uses":[{"description":"Enable support for Linux audit subsystem using sys-process\/audit","isdefault":false,"use":"audit"},{"description":"Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https:\/\/wiki.gentoo.org\/wiki\/Project:Quality_Assurance\/Backtraces","isdefault":false,"use":"debug"},{"description":"Add kerberos support","isdefault":false,"use":"kerberos"},{"description":"Use LDNS for DNSSEC\/SSHFP validation.","isdefault":false,"packageid":78509,"use":"ldns"},{"description":"Use the libedit library (replacement for readline)","isdefault":false,"use":"libedit"},{"description":"!!internal use only!! DO NOT SET THIS FLAG YOURSELF!, used during livecd building","isdefault":false,"use":"livecd"},{"description":"Add support for PAM (Pluggable Authentication Modules) - DANGEROUS to arbitrarily flip","isdefault":false,"use":"pam"},{"defaultflag":true,"description":"Build programs as Position Independent Executables (a security hardening technique)","isdefault":true,"use":"pie"},{"description":"!!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur","isdefault":false,"use":"selinux"},{"defaultflag":true,"description":"Enable OpenSSL (hardware) ENGINE support","isdefault":true,"packageid":78509,"use":"ssl-engine"},{"description":"!!do not set this during bootstrap!! Causes binaries to be statically linked instead of dynamically","isdefault":false,"use":"static"},{"description":"Enable dependencies and\/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)","isdefault":false,"use":"test"},{"description":"Enable XMSS post-quantum authentication algorithm","isdefault":false,"packageid":78509,"use":"xmss"},{"description":"64-bit (32-bit pointer) libraries","group":"abi_mips","isdefault":false,"use":"n32"}]}