sys-libs/glibc: Block too-old openssh in 2.31 and later, bug 708224

Bug: https://bugs.gentoo.org/708224
Package-Manager: Portage-2.3.89, Repoman-2.3.20
Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

2 files changed, 6 insertions, 0 deletions

diff --git a/sys-libs/glibc/glibc-2.31-r2.ebuild b/sys-libs/glibc/glibc-2.31-r2.ebuild
index 6afa9eaa6efa..f03483a5f7cf 100644
--- a/sys-libs/glibc/glibc-2.31-r2.ebuild
+++ b/sys-libs/glibc/glibc-2.31-r2.ebuild
@@ -85,6 +85,8 @@ fi
 # We need a new-enough binutils/gcc to match upstream baseline.
 # Also we need to make sure our binutils/gcc supports TLS,
 # and that gcc already contains the hardened patches.
+# Lastly, let's avoid some openssh nastiness, bug 708224, as
+# convenience to our users.
 BDEPEND="
 	${PYTHON_DEPS}
 	>=app-misc/pax-utils-0.1.10
@@ -101,6 +103,7 @@ COMMON_DEPEND="
 	suid? ( caps? ( sys-libs/libcap ) )
 	selinux? ( sys-libs/libselinux )
 	systemtap? ( dev-util/systemtap )
+	!<net-misc/openssh-8.1_p1-r2
 "
 DEPEND="${COMMON_DEPEND}
 	test? ( >=net-dns/libidn2-2.3.0 )
diff --git a/sys-libs/glibc/glibc-9999.ebuild b/sys-libs/glibc/glibc-9999.ebuild
index ca7219535589..dafe72da8ed7 100644
--- a/sys-libs/glibc/glibc-9999.ebuild
+++ b/sys-libs/glibc/glibc-9999.ebuild
@@ -84,6 +84,8 @@ fi
 # We need a new-enough binutils/gcc to match upstream baseline.
 # Also we need to make sure our binutils/gcc supports TLS,
 # and that gcc already contains the hardened patches.
+# Lastly, let's avoid some openssh nastiness, bug 708224, as
+# convenience to our users.
 BDEPEND="
 	${PYTHON_DEPS}
 	>=app-misc/pax-utils-0.1.10
@@ -100,6 +102,7 @@ COMMON_DEPEND="
 	suid? ( caps? ( sys-libs/libcap ) )
 	selinux? ( sys-libs/libselinux )
 	systemtap? ( dev-util/systemtap )
+	!<net-misc/openssh-8.1_p1-r2
 "
 DEPEND="${COMMON_DEPEND}
 	test? ( >=net-dns/libidn2-2.3.0 )