--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/033-without_cast128.patch Thu Oct 29 02:40:10 2015 -0700
@@ -0,0 +1,51 @@
+#
+# Removes cast128-cbc support.
+#
+# At this moment this algorithm is not listed in Approved Security
+# Technologies: Standards Details at all. Eventually it will be added as
+# deprecated.
+#
+# SunSSH did not support cast128-cbc. In this respect removing cast128-cbc from
+# OpenSSH doesn't constitute a regression in functionality from SunSSH.
+#
+# Interoperability gain provided by cast128-cbc is negligible, because all
+# relevant ssh implementations also provide several more common encryption
+# algorithms (aes256-ctr, aes128-cbc, ...) on top of cast128-cbc.
+#
+# This is a Solaris specific patch and it is not likely to be accepted upstream.
+#
+diff -pur old/cipher.c new/cipher.c
+--- old/cipher.c
++++ new/cipher.c
+@@ -88,8 +88,10 @@ static const struct sshcipher ciphers[]
+ { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+ { "blowfish-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
++#ifndef WITHOUT_CAST128
+ { "cast128-cbc",
+ SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_cast5_cbc },
++#endif
+ { "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 0, EVP_rc4 },
+ { "arcfour128", SSH_CIPHER_SSH2, 8, 16, 0, 0, 1536, 0, EVP_rc4 },
+ { "arcfour256", SSH_CIPHER_SSH2, 8, 32, 0, 0, 1536, 0, EVP_rc4 },
+diff -pur old/myproposal.h new/myproposal.h
+--- old/myproposal.h
++++ new/myproposal.h
+@@ -119,9 +119,16 @@
+ "aes128-ctr,aes192-ctr,aes256-ctr" \
+ AESGCM_CIPHER_MODES
+
++#ifdef WITHOUT_CAST128
++# define CAST128
++#else
++# define CAST128 "cast128-cbc"
++#endif
++
+ #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT "," \
+ "arcfour256,arcfour128," \
+- "aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc," \
++ "aes128-cbc,3des-cbc,blowfish-cbc," \
++ CAST128 \
+ "aes192-cbc,aes256-cbc,arcfour,[email protected]"
+
+ #define KEX_SERVER_MAC \