--- plamo/00_base/old/openssh-20160317/PlamoBuild.openssh-7.2p2	2016-03-17 19:06:05.000000000 +0900
+++ plamo/00_base/openssh/PlamoBuild.openssh-7.2p2	2016-06-15 21:03:13.000000000 +0900
@@ -1,15 +1,16 @@
 #!/bin/sh
 
 ######################################################################
-url="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p2.tar.gz"
+url="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-7.2p2.tar.gz
+    ftp://plamo.linet.gr.jp/pub/Plamo-src.new/plamo/00_base/openssh/CVE-2015-8325.patch"
 pkgbase=openssh
 vers=7.2p2
 arch=`uname -m`
-build=P2
+build=P4
 src=$pkgbase-$vers
-OPT_CONFIG="--sysconfdir=/etc/ssh --localstatedir=/var --with-pam
-    --with-privsep-user=sshd --with-privsep-path=/var/lib/sshd
-    --with-md5-passwords"
+patchfiles="CVE-2015-8325.patch"
+OPT_CONFIG="--sysconfdir=/etc/ssh --with-pam --with-privsep-user=sshd
+    --with-privsep-path=/var/lib/sshd --with-md5-passwords"
 DOCS="CREDITS INSTALL LICENCE OVERVIEW PROTOCOL PROTOCOL.agent
     `echo PROTOCOL.{certkeys,chacha20poly1305,key,krl,mux}`
     README `echo README.{dns,platform,privsep,tun}` TODO ChangeLog"
@@ -189,13 +190,35 @@
 fi
 if [ $opt_download -eq 1 ] ; then
   for i in $url ; do
-    if [ ! -f ${i##*/} ] ; then wget $i ; fi
+    if [ ! -f ${i##*/} ] ; then
+      wget $i ; j=${i%.*}
+      for sig in asc sig{,n} {sha{256,1},md5}{,sum} ; do
+        if wget --spider $i.$sig ; then wget $i.$sig ; break ; fi
+        if wget --spider $j.$sig ; then
+          case ${i##*.} in
+          gz) gunzip -c ${i##*/} > ${j##*/} ;;
+          bz2) bunzip2 -c ${i##*/} > ${j##*/} ;;
+          xz) unxz -c ${i##*/} > ${j##*/} ;;
+          esac
+          touch -r ${i##*/} ${j##*/} ; i=$j ; wget $i.$sig ; break
+        fi
+      done
+      if [ -f ${i##*/}.$sig ] ; then
+        case $sig in
+        asc|sig|sign) gpg2 --verify ${i##*/}.$sig ;;
+        sha256|sha1|md5) ${sig}sum -c ${i##*/}.$sig ;;
+        *) $sig -c ${i##*/}.$sig ;;
+        esac
+        if [ $? -ne 0 ] ; then echo "archive verify failed" ; exit ; fi
+      fi
+    fi
   done
   for i in $url ; do
     case ${i##*.} in
     tar) tar xvpf ${i##*/} ;;
-    gz) tar xvpzf ${i##*/} ;;
-    bz2) tar xvpjf ${i##*/} ;;
+    gz|tgz) tar xvpzf ${i##*/} ;;
+    bz2|tbz) tar xvpjf ${i##*/} ;;
+    xz|txz) tar xvpJf ${i##*/} ;;
     esac
   done
 fi
@@ -203,6 +226,10 @@
   for i in `seq 0 $((${#B[@]} - 1))` ; do
     if [ -d ${B[$i]} ] ; then rm -rf ${B[$i]} ; fi ; cp -a ${S[$i]} ${B[$i]}
   done
+  for i in `seq 0 $((${#B[@]} - 1))` ; do
+    cd ${B[$i]}
+    for j in ${patchfiles[$i]} ; do patch -Np1 -i $W/$j ; done
+  done
   cd $B
   cp -p sshd_config{,.orig}
   sed -i -e 's@^#\(UsePAM\) no$@\1 yes@g' \
@@ -220,8 +247,8 @@
       rm -rf config.cache config.log
     fi
     if [ -x configure ] ; then
-      ./configure --prefix=/usr --libdir='${exec_prefix}'/$libdir \
-          --infodir='${prefix}'/share/info \
+      ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
+          --libdir='${exec_prefix}'/$libdir --infodir='${prefix}'/share/info \
           --mandir='${prefix}'/share/man ${OPT_CONFIG[$i]}
     fi
   done
@@ -286,11 +313,11 @@
   cat <<- "EOF" >> $P/install/doinst.sh
 	
 	ssh_config() {
+	  mv etc/ssh/${1}_config.new /tmp
 	  if [ -f etc/ssh/${1}_config ] ; then
-	    rm etc/${1}_config.new
+	    mv /tmp/${1}_config.new etc/ssh/${1}_config.dist
 	  else
-	    mv etc/${1}_config.new /tmp
-	    mv /tmp/${1}_config.new etc/${1}_config
+	    mv /tmp/${1}_config.new etc/ssh/${1}_config
 	  fi
 	}