diff --git a/.github/workflows/pkgcheck.yaml b/.github/workflows/pkgcheck.yaml
index 78e343e20..c73665e3a 100644
--- a/.github/workflows/pkgcheck.yaml
+++ b/.github/workflows/pkgcheck.yaml
@@ -20,9 +20,9 @@ jobs:
       - name: Tree-wide pkgcheck error check
         uses: pkgcore/pkgcheck-action@v1
         with:
-          args: --exit error -k error,PkgMetadataXmlIndentation,DeprecatedManifestHash,UnusedInherits,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-NonsolvableDepsInExp,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,UnquotedVariable,VisibleVcsPkg
+          args: --exit error -k error,PkgMetadataXmlIndentation,DeprecatedManifestHash,UnusedInherits,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-NonsolvableDepsInExp,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,UnquotedVariable,VisibleVcsPkg,NonexistentDeps
 
       - name: Commit pkgcheck warnings
         uses: pkgcore/pkgcheck-action@v1
         with:
-          args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep --commits HEAD^..${{ github.sha }}
+          args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep,NonexistentDeps --commits HEAD^..${{ github.sha }}
diff --git a/.github/workflows/pkgcheck_merge.yaml b/.github/workflows/pkgcheck_merge.yaml
index c9728376a..6ede424da 100644
--- a/.github/workflows/pkgcheck_merge.yaml
+++ b/.github/workflows/pkgcheck_merge.yaml
@@ -26,4 +26,4 @@ jobs:
       - name: Commit pkgcheck warnings
         uses: pkgcore/pkgcheck-action@v1
         with:
-          args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-UnknownProfilePackage,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep --commits HEAD^..${{ github.sha }}
+          args: --exit warning -k ,PkgMetadataXmlIndentation,-NonsolvableDepsInStable,-NonsolvableDepsInDev,-PotentialStable,-UnknownProfilePackage,-DeprecatedDep,-MissingUseDepDefault,ProfileError,ProfileWarning,UnknownProfilePackageUse,OldPackageUpdate,OldMultiMovePackageUpdate,LaggingProfileEapi,UnknownProfilePackageKeywords,-UnusedProfileDirs,EclassReservedName,VisibleVcsPkg,DeprecatedEapi,MissingRemoteId,DistutilsNonPEP517Build,OldPackageNameDep,NonexistentDeps --commits HEAD^..${{ github.sha }}
diff --git a/app-exploits/deathstar/Manifest b/app-exploits/deathstar/Manifest
index 9ff91ad8a..409bc13ef 100644
--- a/app-exploits/deathstar/Manifest
+++ b/app-exploits/deathstar/Manifest
@@ -1,2 +1 @@
-DIST deathstar-20201217.tar.gz 44220 BLAKE2B ba1e9c295a76201c7987e7759cb3c8ecd2c212f6269ef2fc3392db2ef2cb993fa2af860f29e514f580940b9b02ee7dc777747924e961aad72365b8970bdd337e SHA512 4af3b356e548be04ea03989af7c43e302cf1b2c4ec7c10fedf7d4fb6d426bcfe947bbb42312912505c88cbd0e21705fd41d279bbb048f7fa5450f25ddd58f2b7
 DIST deathstar-20210519.tar.gz 44204 BLAKE2B 186951fde53ea132cf6bbe35f478b0e97e2163665e599f29666ce291a58744d4c33a463aea75f668a41a68b45c06210ebec7870a01b45fb712693e638e9a445c SHA512 2029c49432f273fc7534d98114075dca4330d8900835e2d754fc021e7b0844a092a9818389e8d86f58f30206b60991394b7bd3ed222343ebab92522e74a12b2c
diff --git a/app-exploits/deathstar/deathstar-20201217-r1.ebuild b/app-exploits/deathstar/deathstar-20201217-r1.ebuild
deleted file mode 100644
index 1849364d4..000000000
--- a/app-exploits/deathstar/deathstar-20201217-r1.ebuild
+++ /dev/null
@@ -1,61 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_USE_PEP517=poetry
-PYTHON_COMPAT=( python3_{11..13} )
-
-inherit distutils-r1
-
-DESCRIPTION="A tool to gain Domain Admin rights with a push of a button"
-HOMEPAGE="https://github.com/byt3bl33d3r/DeathStar"
-
-HASH_COMMIT="1ced058fcbd73e89f13967cbadc1d375dc48f1d1"
-SRC_URI="https://github.com/byt3bl33d3r/DeathStar/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz"
-
-KEYWORDS="~amd64 ~x86"
-LICENSE="GPL-3"
-SLOT="0"
-
-#requirements.txt
-RDEPEND="${PYTHON_DEPS}
-	app-exploits/empire
-	dev-python/certifi[${PYTHON_USEDEP}]
-	dev-python/colorama[${PYTHON_USEDEP}]
-	dev-python/commonmark[${PYTHON_USEDEP}]
-	dev-python/h11[${PYTHON_USEDEP}]
-	dev-python/httpcore[${PYTHON_USEDEP}]
-	dev-python/httpx[${PYTHON_USEDEP}]
-	dev-python/idna[${PYTHON_USEDEP}]
-	dev-python/pygments[${PYTHON_USEDEP}]
-	dev-python/rfc3986[${PYTHON_USEDEP}]
-	dev-python/rich[${PYTHON_USEDEP}]
-	dev-python/sniffio[${PYTHON_USEDEP}]
-	dev-python/typing-extensions[${PYTHON_USEDEP}]
-"
-
-S="${WORKDIR}/DeathStar-${HASH_COMMIT}"
-
-src_prepare() {
-	default
-	# exclude is not supported by pyproject2setuppy
-	sed -i '/^exclude/,/^\]/d' pyproject.toml || die
-}
-
-#src_prepare() {
-#	sed -i \
-#		-e "s/__version__ = '\(.*\)'/__version__ = '${PV}'/" \
-#		DeathStar.py || die
-#	default
-#}
-
-#src_install() {
-#	python_foreach_impl python_newscript DeathStar.py $PN
-#	dodoc README.md
-#}
-
-pkg_postinst() {
-	einfo "\nSee the following URL:"
-	einfo " * https://byt3bl33d3r.github.io/automating-the-empire-with-the-death-star-getting-domain-admin-with-a-push-of-a-button.html\n"
-}
diff --git a/app-exploits/deathstar/deathstar-20210519.ebuild b/app-exploits/deathstar/deathstar-20210519.ebuild
index 9b9a48f2b..0d8d86f33 100644
--- a/app-exploits/deathstar/deathstar-20210519.ebuild
+++ b/app-exploits/deathstar/deathstar-20210519.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -14,7 +14,9 @@ HOMEPAGE="https://github.com/byt3bl33d3r/DeathStar"
 HASH_COMMIT="f10fdbfeb149d9b5647b397e1ce7fa8ab0d39799"
 SRC_URI="https://github.com/byt3bl33d3r/DeathStar/archive/${HASH_COMMIT}.tar.gz -> ${P}.tar.gz"
 
-KEYWORDS="~amd64 ~x86"
+S="${WORKDIR}/DeathStar-${HASH_COMMIT}"
+
+#KEYWORDS="~amd64 ~x86"
 LICENSE="GPL-3"
 SLOT="0"
 
@@ -42,8 +44,6 @@ RDEPEND="${PYTHON_DEPS}
 
 distutils_enable_tests pytest
 
-S="${WORKDIR}/DeathStar-${HASH_COMMIT}"
-
 src_prepare() {
 	default
 	# exclude is not supported by pyproject2setuppy
diff --git a/app-exploits/deathstar/metadata.xml b/app-exploits/deathstar/metadata.xml
index ace7c2d3a..a9de0bd8e 100644
--- a/app-exploits/deathstar/metadata.xml
+++ b/app-exploits/deathstar/metadata.xml
@@ -5,4 +5,7 @@
 		<email>unknown@pentoo.ch</email>
 		<name>Author Unknown</name>
 	</maintainer>
+	<upstream>
+		<remote-id type="github">byt3bl33d3r/DeathStar</remote-id>
+	</upstream>
 </pkgmetadata>
diff --git a/app-exploits/empire/Manifest b/app-exploits/empire/Manifest
index b4905f5cb..f77dd5400 100644
--- a/app-exploits/empire/Manifest
+++ b/app-exploits/empire/Manifest
@@ -1,2 +1 @@
-DIST empire-6.0.0.tar.gz 38108157 BLAKE2B f53ced8e3a90f51018ddd469455e0c165fb7af8aab769b2b75570dc2a2f814900d097988c208102b911896cb3b31b53e92119dfce3af20dbb7c2e307fc3ee5c6 SHA512 8de2ca9c46cf0c324dcf407b152e0dc0079078b9d771dda885e93b75645ea81eb335a2eb72a7f41995d56855abed0c58687ab63a5a8ff419b9b431b533215c8a
 DIST empire-6.0.2.tar.gz 38107974 BLAKE2B 7169a51aa22895a738d85b5ae18867dfb10f78e59ff65db82ba7fffc725c8590e7fdab902b943bc1a80a0f3a827c10fd3b63052b725774a388c7d9aab2be894b SHA512 448ff62446132d736c4a1a6bc2d8abb0168d8c32841ecf2073cf3577e906cc29ea7f09bb3d227e8a8da635f0f107f36cfeed50ddd48e4bdb237c3cc8ce3f99dc
diff --git a/app-exploits/empire/empire-6.0.0.ebuild b/app-exploits/empire/empire-6.0.0.ebuild
deleted file mode 100644
index b704217ef..000000000
--- a/app-exploits/empire/empire-6.0.0.ebuild
+++ /dev/null
@@ -1,137 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_USE_PEP517=poetry
-PYTHON_COMPAT=( python3_{11..13} )
-PYTHON_REQ_USE="sqlite"
-
-inherit wrapper python-single-r1
-
-DESCRIPTION="A post-exploitation framework"
-HOMEPAGE="https://github.com/BC-SECURITY/Empire"
-SRC_URI="https://github.com/BC-SECURITY/Empire/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-S="${WORKDIR}/Empire-${PV}"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="powershell java"
-REQUIRED_USE="powershell? ( !x86 )
-			${PYTHON_REQUIRED_USE}"
-
-# https://github.com/BC-SECURITY/Empire/issues/196
-RDEPEND="${PYTHON_DEPS}
-	$(python_gen_cond_dep '
-		dev-python/urllib3[${PYTHON_USEDEP}]
-		dev-python/requests[${PYTHON_USEDEP}]
-		dev-python/macholib[${PYTHON_USEDEP}]
-		dev-python/pyopenssl[${PYTHON_USEDEP}]
-		dev-python/zlib_wrapper[${PYTHON_USEDEP}]
-		dev-python/jinja2[${PYTHON_USEDEP}]
-		dev-python/pyparsing[${PYTHON_USEDEP}]
-		dev-python/pymysql[${PYTHON_USEDEP}]
-		dev-python/sqlalchemy[${PYTHON_USEDEP}]
-		dev-python/pyyaml[${PYTHON_USEDEP}]
-		dev-python/sqlalchemy_utc[${PYTHON_USEDEP}]
-		dev-python/terminaltables3[${PYTHON_USEDEP}]
-		dev-python/pycryptodome[${PYTHON_USEDEP}]
-		dev-python/cryptography[${PYTHON_USEDEP}]
-		>=dev-python/fastapi-0.115.11[${PYTHON_USEDEP}]
-		>=dev-python/uvicorn-0.34.0[${PYTHON_USEDEP}]
-		>=dev-python/jq-1.8.0[${PYTHON_USEDEP}]
-		>=dev-python/aiofiles-24.1.0[${PYTHON_USEDEP}]
-		>=dev-python/python-multipart-0.0.20[${PYTHON_USEDEP}]
-		>=dev-python/python-socketio-5.12.1[${PYTHON_USEDEP}]
-		>=dev-python/flask-3.1.0[${PYTHON_USEDEP}]
-		>=dev-python/python-obfuscator-0.0.2[${PYTHON_USEDEP}]
-		>=dev-python/pyinstaller-6.12.0[${PYTHON_USEDEP}]
-		>=dev-python/packaging-24.2[${PYTHON_USEDEP}]
-		>=dev-python/netaddr-1.3.0[${PYTHON_USEDEP}]
-		>=dev-python/bcrypt-4.0.1[${PYTHON_USEDEP}]
-		>=dev-python/requests-file-2.1.0[${PYTHON_USEDEP}]
-
-		dev-python/pysecretsocks[${PYTHON_USEDEP}]
-		dev-python/donut-shellcode[${PYTHON_USEDEP}]
-
-	')
-	powershell? (
-		!x86? ( app-shells/pwsh-bin ) )
-	java? (
-		|| ( virtual/jre:* virtual/jdk:* ) )"
-
-DEPEND="${RDEPEND}"
-
-pkg_setup() {
-	python-single-r1_pkg_setup
-}
-
-src_prepare() {
-	python_fix_shebang "${S}"
-	default
-}
-
-#https://github.com/BC-SECURITY/Empire/issues/39
-src_install() {
-	insinto "/usr/share/${PN}"
-	doins -r empire/ empire.py
-
-#	python_optimize "${D}/usr/share/${PN}/lib"
-
-	make_wrapper $PN \
-		"${PYTHON} /usr/share/${PN}/empire.py" \
-		"/usr/share/${PN}"
-
-	dodoc README.md Dockerfile changelog
-}
-
-pkg_config() {
-	local _yesno_ask
-	local _em_home="${EROOT}/usr/share/${PN}"
-
-	pushd "${_em_home}" >/dev/null || die
-
-	if [ -f "${_em_home}/data/empire.db" ]; then
-		ewarn "Drop old database "${_em_home}/data/empire.db" for new configuring ..."
-		read -r -p " [>] Are you sure? [y/N] " _yesno_ask
-
-		if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then
-			rm -f data/empire.db > /dev/null 2>&1 || die
-		else
-			return
-		fi
-	fi
-
-	ebegin "Press ENTER to create password for database or Control-C to abort now"
-	python3 setup/setup_database.py
-	eend ${?} || die
-
-	if [ -f "${_em_home}/data/empire-chain.pem" ] || [ -f "${_em_home}/data/empire-priv.key" ]; then
-		ewarn "Drop old ${_em_home}/data/empire-chain.pem and generate new cert ..."
-		read -r -p " [>] Are you sure? [y/N] " _yesno_ask
-
-		if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then
-			rm -f data/{empire-chain.pem,empire-priv.key} > /dev/null 2>&1 || die
-		else
-			return
-		fi
-	fi
-
-	openssl req -newkey rsa:2048 -new -nodes -x509 \
-		-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.pentoo.ch" \
-		-keyout data/empire-priv.key \
-		-out data/empire-chain.pem || die
-
-	popd >/dev/null || die
-}
-
-pkg_postinst() {
-	ewarn "\nWarning. This software does not support system-wide installation"
-	ewarn "See the following bug report for more details:"
-	ewarn "https://github.com/BC-SECURITY/Empire/issues/39"
-	ewarn
-	ewarn "You need to run it from /usr/share/${PN} directory under 'root' account"
-	ewarn "\nPlease configure your installation before using:"
-	ewarn "    emerge --config \"=${CATEGORY}/${PF}\"\n"
-}
diff --git a/app-exploits/empire/empire-6.0.2.ebuild b/app-exploits/empire/empire-6.0.2.ebuild
index b704217ef..1edde0495 100644
--- a/app-exploits/empire/empire-6.0.2.ebuild
+++ b/app-exploits/empire/empire-6.0.2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -16,7 +16,7 @@ S="${WORKDIR}/Empire-${PV}"
 
 LICENSE="BSD"
 SLOT="0"
-KEYWORDS="~amd64 ~x86"
+#KEYWORDS="~amd64 ~x86"
 IUSE="powershell java"
 REQUIRED_USE="powershell? ( !x86 )
 			${PYTHON_REQUIRED_USE}"
diff --git a/app-forensics/openscap-daemon/Manifest b/app-forensics/openscap-daemon/Manifest
deleted file mode 100644
index 48e1ea319..000000000
--- a/app-forensics/openscap-daemon/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST openscap-daemon-0.1.10.tar.gz 820662 BLAKE2B 1167518f0534dc9f494f889892acbf7d74a86af6caf22220345516c39ed4863cbdd0a4064d9ee291ed7eccd81ab057241db2b04ee28d79a0c1f3c5152154e8a9 SHA512 93946b390cc95281b606967df783b8be6beb83da9fbca1951f2095dc24abe518440b6f967b29ae2b093536abe9af4effc3776e8d30f0ab2193b923c1bcf54e17
diff --git a/app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch b/app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch
deleted file mode 100644
index 22567a37c..000000000
--- a/app-forensics/openscap-daemon/files/openscap-daemon-0.1.10_gentoo.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff -ur a/setup.py b/setup.py
---- a/setup.py	2018-02-08 18:52:16.000000000 +0300
-+++ b/setup.py	2019-07-07 00:50:24.699965784 +0300
-@@ -57,10 +57,8 @@
-     data_files=[
-         (os.path.join("/", "etc", "dbus-1", "system.d"),
-          ["org.oscapd.conf"]),
--        (os.path.join("/", "usr", "lib", "systemd", "system"),
-+        (os.path.join("/", "lib", "systemd", "system"),
-          ["oscapd.service"]),
--        (os.path.join("/", "usr", "share", "doc", "openscap-daemon"),
--         ["README.md", "LICENSE"]),
-         (os.path.join("/", "usr", "share", "man", "man8"),
-          ["man/oscapd.8", "man/oscapd-cli.8", "man/oscapd-evaluate.8"]),
-     ],
diff --git a/app-forensics/openscap-daemon/files/oscapd.initd b/app-forensics/openscap-daemon/files/oscapd.initd
deleted file mode 100644
index 1a1a156ab..000000000
--- a/app-forensics/openscap-daemon/files/oscapd.initd
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-description="OpenSCAP Daemon"
-command="/usr/bin/oscapd"
-command_background="true"
-pidfile="/run/${RC_SVCNAME}.pid"
-start_stop_daemon_args="--quiet -1 /var/log/${RC_SVCNAME}.log -2 /var/log/${RC_SVCNAME}.log"
-
-# vim: set ft=gentoo-init-d ts=4 :
diff --git a/app-forensics/openscap-daemon/metadata.xml b/app-forensics/openscap-daemon/metadata.xml
deleted file mode 100644
index c4511c144..000000000
--- a/app-forensics/openscap-daemon/metadata.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-  <maintainer type="person">
-    <email>email@linxon.ru</email>
-    <name>Yury Martynov</name>
-  </maintainer>
-</pkgmetadata>
diff --git a/app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild b/app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild
deleted file mode 100644
index 3cc9eaec7..000000000
--- a/app-forensics/openscap-daemon/openscap-daemon-0.1.10-r1.ebuild
+++ /dev/null
@@ -1,44 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{11..13} )
-PYTHON_REQ_USE="xml"
-
-inherit distutils-r1
-
-DESCRIPTION="Manages continuous scans of your infrastructure"
-HOMEPAGE="https://www.open-scap.org/tools/openscap-daemon"
-SRC_URI="https://github.com/OpenSCAP/openscap-daemon/archive/${PV}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="LGPL-2.1"
-SLOT=0
-KEYWORDS="~amd64"
-IUSE="test"
-REQUIRED_USE="${PYTHON_REQUIRED_USE}"
-
-RESTRICT="!test? ( test )"
-
-RDEPEND="${PYTHON_DEPS}
-	app-forensics/openscap
-	app-forensics/scap-security-guide
-	dev-python/dbus-python[${PYTHON_USEDEP}]
-	dev-python/pygobject[${PYTHON_USEDEP}]"
-
-PATCHES=( "${FILESDIR}"/${P}_gentoo.patch )
-
-src_test() {
-	tests/unit/make_check || die
-	tests/integration/make_check || die
-}
-
-src_install() {
-	distutils-r1_src_install
-
-	newinitd "${FILESDIR}"/oscapd.initd oscapd
-	keepdir "/var/lib/oscapd" "/etc/oscapd"
-
-	dodoc container/config.ini
-}
diff --git a/dev-php/evalhook/evalhook-0.1_p20231013.ebuild b/dev-php/evalhook/evalhook-0.1_p20231013.ebuild
index 38486f264..f48ea3231 100644
--- a/dev-php/evalhook/evalhook-0.1_p20231013.ebuild
+++ b/dev-php/evalhook/evalhook-0.1_p20231013.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2023 Gentoo Foundation
+# Copyright 1999-2025 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -7,7 +7,7 @@ HASH_COMMIT="bf63f72a0ead21a0ffb9c2ed4c791262ed55a07c"
 
 MY_S="${WORKDIR}/php-eval-hook-${HASH_COMMIT}"
 PHP_EXT_NAME=evalhook
-USE_PHP="php8-1 php8-2"
+USE_PHP="php8-2"
 PHP_EXT_S="${MY_S}"
 inherit php-ext-source-r3
 
@@ -15,15 +15,10 @@ DESCRIPTION="Decode/Deobfuscate PHP Scripts"
 HOMEPAGE="https://github.com/extremecoders-re/php-eval-hook"
 SRC_URI="https://github.com/extremecoders-re/php-eval-hook/archive/${HASH_COMMIT}.tar.gz -> ${P}.gh.tar.gz"
 
+S="${MY_S}"
 LICENSE="MIT"
 SLOT="0"
 KEYWORDS="~amd64"
-IUSE=""
-
-RDEPEND=""
-DEPEND="${RDEPEND}"
-
-S="${MY_S}"
 
 src_prepare() {
 	php-ext-source-r3_src_prepare
diff --git a/dev-php/evalhook/metadata.xml b/dev-php/evalhook/metadata.xml
new file mode 100644
index 000000000..3bc341ee3
--- /dev/null
+++ b/dev-php/evalhook/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<name>No one</name>
+		<email>noone@pentoo.org</email>
+	</maintainer>
+	<upstream>
+		<remote-id type="github">extremecoders-re/php-eval-hook</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/dev-python/grpcio-testing/Manifest b/dev-python/grpcio-testing/Manifest
index 397d00d7d..efdd448ee 100644
--- a/dev-python/grpcio-testing/Manifest
+++ b/dev-python/grpcio-testing/Manifest
@@ -1 +1 @@
-DIST grpcio-testing-1.62.0.tar.gz 22474 BLAKE2B 6c8c23eb4d7c645278496067a74583ce930eb16f39a262ce8b45f1029d6d6bf97ff6dab305f27bea4f4d5333a74fa185957d33499b49f02b711eb94cab0ff065 SHA512 6285a5c5b28114969738e1815327c14651ee2bc2e6b6c4093cea980ae2ad3f0aa8d53fc7b1e9125e5c47862c66891129e6420ad0d6896a2f789ca7e9fc66ce43
+DIST grpcio_testing-1.71.0.tar.gz 22483 BLAKE2B 0c935103785d229502646be2ecc936e64d0046a5a0b1b3dfee5a65aee74342b0177a2b614cb0f7f2e3ecf646ef0360a205c5ea5164a5af7f24ea1392ff802bb5 SHA512 71f6b1a33ca5e7b374c7a3d637518d82e743c7da09e689877dc1c94ab346b4d0e602d626544aa7f25a415474b3330ceda162a56465586b91d016c96aa01483e5
diff --git a/dev-python/grpcio-testing/grpcio-testing-1.62.0.ebuild b/dev-python/grpcio-testing/grpcio-testing-1.71.0.ebuild
similarity index 95%
rename from dev-python/grpcio-testing/grpcio-testing-1.62.0.ebuild
rename to dev-python/grpcio-testing/grpcio-testing-1.71.0.ebuild
index fd017b38e..39e7935e6 100644
--- a/dev-python/grpcio-testing/grpcio-testing-1.62.0.ebuild
+++ b/dev-python/grpcio-testing/grpcio-testing-1.71.0.ebuild
@@ -6,7 +6,7 @@ EAPI=8
 DISTUTILS_USE_PEP517=setuptools
 PYTHON_COMPAT=( python3_{11..13} )
 DISTUTILS_USE_PEP517=setuptools
-PYPI_NO_NORMALIZE=1
+PYPI_PN="grpcio_testing"
 
 inherit distutils-r1 pypi
 
diff --git a/dev-python/grpcio-testing/metadata.xml b/dev-python/grpcio-testing/metadata.xml
deleted file mode 100644
index a0b62eae0..000000000
--- a/dev-python/grpcio-testing/metadata.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-	<!-- maintainer-needed -->
-	<upstream>
-		<remote-id type="github">grpc/grpc</remote-id>
-		<remote-id type="pypi">grpcio-testing</remote-id>
-	</upstream>
-</pkgmetadata>
diff --git a/dev-python/grpcio-tools/Manifest b/dev-python/grpcio-tools/Manifest
index e58ca7d18..6273746e5 100644
--- a/dev-python/grpcio-tools/Manifest
+++ b/dev-python/grpcio-tools/Manifest
@@ -1,2 +1 @@
-DIST grpcio_tools-1.67.0.tar.gz 5159163 BLAKE2B 54a7db77514033c4747d20a13fded114828fed23f649587c649f5ad2716d4bb31b80eeda560d55ae087a564cb9d34563a612cc91df581ae6b9a761f307828397 SHA512 f9644b4424aa68f1ae4d679c7b635db9bbfc0b493c76caf7d2e9fe0a49e5e81b6f146666c8dba3fc1d1c0db141f8fb362dd0ede0842c34cb178009412a672ec5
 DIST grpcio_tools-1.71.0.tar.gz 5326008 BLAKE2B 70dae192880c861e659f1901e00d7189637843c25c309791857fdc1ef58692fcd3a42d34587896b67d19b2a067561d0cc51e5c9f530352d5345fd06f00fea045 SHA512 33ec4c4a5f09e41af3c20cf030a16f69b8b9d0b8f107f84be6666afce026367d710c0fe4b383f3b45a56e3403fd4f23309ca16ea7d1a122245572868bf7a1507
diff --git a/dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild b/dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild
deleted file mode 100644
index 81f60d90c..000000000
--- a/dev-python/grpcio-tools/grpcio-tools-1.67.0.ebuild
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_EXT=1
-PYTHON_COMPAT=( python3_{11..13} )
-DISTUTILS_USE_PEP517=setuptools
-
-inherit distutils-r1 multiprocessing prefix pypi
-
-DESCRIPTION="Protobuf code generator for gRPC"
-HOMEPAGE="https://grpc.io"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="amd64 ~arm ~arm64 ~x86"
-
-RDEPEND="
-	~dev-python/grpcio-${PV}[${PYTHON_USEDEP}]
-	>=dev-python/protobuf-5.26.1[${PYTHON_USEDEP}]
-	<dev-python/protobuf-6[${PYTHON_USEDEP}]
-"
-
-DEPEND="${RDEPEND}"
-BDEPEND="
-	virtual/pkgconfig
-	dev-python/cython[${PYTHON_USEDEP}]
-"
-
-python_prepare_all() {
-	distutils-r1_python_prepare_all
-	hprefixify setup.py
-
-	#absl/base/config.h ABSL_LTS_RELEASE_VERSION
-	# system: 20240722
-	#google/protobuf/wrappers.pb.h
-	# Protobuf C++ Version: 5.28.0
-	# PROTOBUF_VERSION
-	# protobuf/compiler/versions.h
-	# #define PROTOBUF_CPP_VERSION_STRING
-
-	# use system protobuf
-#	sed -r -i \
-#		-e '/^CC_FILES=\[/,/\]/{/^CC_FILES=\[/n;/\]/!d;}' \
-#		-e '/^CC_INCLUDES=\[/,/\]/{/^CC_INCLUDES=\[/n;/\]/!d;}' \
-#		-e "s@^(PROTO_INCLUDE=')[^']+'@\1/usr/include'@" \
-#		-e '/^PROTOBUF_SUBMODULE_VERSION=/d' \
-#		protoc_lib_deps.py
-
-	# fix the include path
-#	ln -s ../../../.. grpc_root
-}
-
-python_configure_all() {
-	export GRPC_PYTHON_BUILD_WITH_CYTHON=1
-	export GRPC_PYTHON_BUILD_EXT_COMPILER_JOBS="$(makeopts_jobs)"
-}
diff --git a/dev-python/pydub/Manifest b/dev-python/pydub/Manifest
new file mode 100644
index 000000000..5ba15d74f
--- /dev/null
+++ b/dev-python/pydub/Manifest
@@ -0,0 +1 @@
+DIST pydub-0.25.1.gh.tar.gz 27555582 BLAKE2B 5a7aa4af4f2bb75306c3eef7052e403a09f6dc638e2805f7dd9269cb12149fec3962ab9b84b6c6744de75c34bde0cbe6daab711a8df050eb9861c21e70e98ef6 SHA512 8c3fb3714c4b0aed37ba7ab6727776bf4cd7568c1f5060cf43c30ede8da2ce4b498fb83326daa19ef44635250d552295407289c3945681e028eedde1b2b418e0
diff --git a/dev-python/pydub/metadata.xml b/dev-python/pydub/metadata.xml
new file mode 100644
index 000000000..182778524
--- /dev/null
+++ b/dev-python/pydub/metadata.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="project">
+		<name>This was imported from guru</name>
+		<email>i@dunno.com</email>
+	</maintainer>
+	<stabilize-allarches/>
+	<upstream>
+		<remote-id type="pypi">pydub</remote-id>
+		<remote-id type="github">jiaaro/pydub</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/dev-python/pydub/pydub-0.25.1.ebuild b/dev-python/pydub/pydub-0.25.1.ebuild
new file mode 100644
index 000000000..7b2af6389
--- /dev/null
+++ b/dev-python/pydub/pydub-0.25.1.ebuild
@@ -0,0 +1,38 @@
+# Copyright 2022-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..13} python3_13t )
+DISTUTILS_USE_PEP517=setuptools
+
+inherit distutils-r1 optfeature
+
+DESCRIPTION="Manipulate audio with an simple and easy high level interface"
+HOMEPAGE="http://pydub.com/"
+SRC_URI="https://github.com/jiaaro/${PN}/archive/refs/tags/v${PV}.tar.gz -> ${P}.gh.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~amd64"
+
+IUSE="test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+	test? (
+		media-video/ffmpeg[lame,vorbis]
+	)
+	"
+
+distutils_enable_tests unittest
+
+python_test() {
+	eunittest test/
+}
+
+pkg_postinst() {
+	optfeature "opening and saving non-wav files - like mp3" media-video/ffmpeg
+	#optfeature "playing audio" dev-python/simpleaudio # upstream suggests this, not available in gentoo or guru
+	optfeature "playing audio" dev-python/pyaudio
+}
diff --git a/dev-util/dependency-check-bin/Manifest b/dev-util/dependency-check-bin/Manifest
deleted file mode 100644
index 5bda03c2f..000000000
--- a/dev-util/dependency-check-bin/Manifest
+++ /dev/null
@@ -1,2 +0,0 @@
-DIST dependency-check-bin-5.3.2.zip 19997190 BLAKE2B 85f65246ebe0ecf80a2c5a1ed0dce6aa470cc5a6efd32f2feb7fd29f55c53a4a717cc9dfc8fdb39961a4c31a235649d5fa3508b1161f65a338375dc66b0e8324 SHA512 62fd9362004267867c423879ef26643971241908c3fffb7f6e563c930e16655bf3399009deda9d9c33069064cafa0cec3efb07e77ab3a52fa66b73dbc0ef172b
-DIST dependency-check-bin-6.2.2.zip 27083228 BLAKE2B aa33e1714fab88ec2a1ac1be40d7f418d34a85a88d1609ffbca5b0b7439ede158ea24e4d1fa69b7a0b2f122da54a197dbfc1205d524344de8ac714e7393a2011 SHA512 55af3f6af69ae4e4de0653f1f735c2fd43455ce146f29d4d88c60014215f0f1be4a78953c2ea0fc62733f711723595f308d153e3cce0108f59c303833e5e762c
diff --git a/dev-util/dependency-check-bin/dependency-check-bin-5.3.2.ebuild b/dev-util/dependency-check-bin/dependency-check-bin-5.3.2.ebuild
deleted file mode 100644
index b85d6a7f3..000000000
--- a/dev-util/dependency-check-bin/dependency-check-bin-5.3.2.ebuild
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MY_PN="dependency-check"
-
-DESCRIPTION="A utility that detects vulnerabilities in application dependencies"
-HOMEPAGE="https://www.owasp.org/index.php/OWASP_Dependency_Check"
-SRC_URI="https://dl.bintray.com/jeremy-long/owasp/dependency-check-${PV}-release.zip -> ${P}.zip"
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE=""
-
-DEPEND=">=virtual/jdk-1.7
-	dev-java/ant-core
-	app-arch/unzip"
-RDEPEND=">=virtual/jre-1.7"
-
-S="${WORKDIR}/${MY_PN}"
-
-src_prepare() {
-	sed -i -e 's|^PRGDIR=.*|PRGDIR="/etc/dependency-check"|' bin/${MY_PN}.sh || die "Sed failed!"
-	sed -i -e 's|^BASEDIR=`cd "$PRGDIR/.."|BASEDIR=`cd "$PRGDIR"|' bin/${MY_PN}.sh || die "Sed failed!"
-	eapply_user
-}
-
-src_install() {
-	dodir /etc/${MY_PN}
-	insinto /etc/${MY_PN}
-	doins -r lib plugins
-	newsbin bin/${MY_PN}.sh ${MY_PN}
-}
diff --git a/dev-util/dependency-check-bin/dependency-check-bin-6.2.2.ebuild b/dev-util/dependency-check-bin/dependency-check-bin-6.2.2.ebuild
deleted file mode 100644
index 990f2be1a..000000000
--- a/dev-util/dependency-check-bin/dependency-check-bin-6.2.2.ebuild
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MY_PN="dependency-check"
-
-DESCRIPTION="A utility that detects vulnerabilities in application dependencies"
-HOMEPAGE="https://www.owasp.org/index.php/OWASP_Dependency_Check"
-SRC_URI="https://github.com/jeremylong/DependencyCheck/releases/download/v6.2.2/dependency-check-${PV}-release.zip -> ${P}.zip"
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE=""
-
-DEPEND=">=virtual/jdk-1.7
-	dev-java/ant-core
-	app-arch/unzip"
-RDEPEND=">=virtual/jre-1.7"
-
-S="${WORKDIR}/${MY_PN}"
-
-src_prepare() {
-	sed -i -e 's|^PRGDIR=.*|PRGDIR="/etc/dependency-check"|' bin/${MY_PN}.sh || die "Sed failed!"
-	sed -i -e 's|^BASEDIR=`cd "$PRGDIR/.."|BASEDIR=`cd "$PRGDIR"|' bin/${MY_PN}.sh || die "Sed failed!"
-	eapply_user
-}
-
-src_install() {
-	dodir /etc/${MY_PN}
-	insinto /etc/${MY_PN}
-	doins -r lib plugins
-	newsbin bin/${MY_PN}.sh ${MY_PN}
-}
diff --git a/dev-util/dependency-check-bin/metadata.xml b/dev-util/dependency-check-bin/metadata.xml
deleted file mode 100644
index ace7c2d3a..000000000
--- a/dev-util/dependency-check-bin/metadata.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-	<maintainer type="person">
-		<email>unknown@pentoo.ch</email>
-		<name>Author Unknown</name>
-	</maintainer>
-</pkgmetadata>
diff --git a/media-radio/icad-tone-detection/Manifest b/media-radio/icad-tone-detection/Manifest
index 1f978d40f..ce30a09ac 100644
--- a/media-radio/icad-tone-detection/Manifest
+++ b/media-radio/icad-tone-detection/Manifest
@@ -1 +1 @@
-DIST icad-tone-detection-1.3.gh.tar.gz 1578471 BLAKE2B c2834918caeeac49d9c2ab3435424cc836bd4dcf5ec5e76dd04721c42eba32d9153038120dc173f8469d44dd97416bdab82dbdfc00b799c05344d8e3570aefd0 SHA512 22309ec44a9702e6eb38448f10189991cf9804212e72a40046d4c97a15ddbd0fc886a319b82d6cfb57ddc48184c6d78bdd218428c8e1560db08850312bbf7600
+DIST icad-tone-detection-1.4.gh.tar.gz 1578924 BLAKE2B e26b72d1440cf4c50d21af1c9299670828ef848aa70532894156ec77bb8a2f80bb4016fbf0620349f1c8e17235468b0f82de5dbcc90586f8239918f7411cf14a SHA512 b40af1f5e1ea9f1c24af95f7b458a3c294bb1609202de954e8e2f2f51d6351abebff11ba4fffc5c8c9526d51e95087acaf39e498cb685c4d51700b77e20a4767
diff --git a/media-radio/icad-tone-detection/icad-tone-detection-1.3.ebuild b/media-radio/icad-tone-detection/icad-tone-detection-1.4.ebuild
similarity index 100%
rename from media-radio/icad-tone-detection/icad-tone-detection-1.3.ebuild
rename to media-radio/icad-tone-detection/icad-tone-detection-1.4.ebuild
diff --git a/net-dialup/freeradius/Manifest b/net-dialup/freeradius/Manifest
deleted file mode 100644
index ebb801597..000000000
--- a/net-dialup/freeradius/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST freeradius-server-3.2.3.tar.bz2 3454869 BLAKE2B 525204331a5b123dac7457c6adb755cbe9794dbff4a536ea665fc7d1cac97553e392b7b598741c2a9dd00c81decd00608499d6f25208e389b9f213f54977de84 SHA512 06767153e262a2baa2d0cc74099bc13c23b33c2316348b5dc8ec0f5834c028571bd09b8c01726a6eabeaab8fdc3050f40bfeba2d5b1c299585d1689abad365ce
diff --git a/net-dialup/freeradius/files/clients_wpe.conf b/net-dialup/freeradius/files/clients_wpe.conf
deleted file mode 100644
index 10d1fa922..000000000
--- a/net-dialup/freeradius/files/clients_wpe.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-#######################################################################
-#
-#  Define RADIUS clients (usually a NAS, Access Point, etc.).
-#
-#######################################################################
-
-client localhost {
-	ipaddr = 127.0.0.1
-	secret		= testing123
-	require_message_authenticator = no
-#	shortname	= localhost
-	nastype     = other	# localhost isn't usually a NAS...
-}
diff --git a/net-dialup/freeradius/files/eap_wpe.conf b/net-dialup/freeradius/files/eap_wpe.conf
deleted file mode 100644
index 90c0f3997..000000000
--- a/net-dialup/freeradius/files/eap_wpe.conf
+++ /dev/null
@@ -1,199 +0,0 @@
-#######################################################################
-#
-#  Whatever you do, do NOT set 'Auth-Type := EAP'.  The server
-#  is smart enough to figure this out on its own.  The most
-#  common side effect of setting 'Auth-Type := EAP' is that the
-#  users then cannot use ANY other authentication method.
-#
-#  EAP types NOT listed here may be supported via the "eap2" module.
-#  See experimental.conf for documentation.
-#
-#######################################################################
-
-# For WPE, you might want to fix /etc/raddb/certs/ca.cnf:
-# policy			= policy_anything
-
-	eap {
-		default_eap_type = peap
-		timer_expire     = 60
-		ignore_unknown_eap_types = no
-		cisco_accounting_username_bug = yes
-		max_sessions = 4096
-
-		md5 {
-		}
-
-		leap {
-		}
-
-		gtc {
-			auth_type = PAP
-		}
-
-		tls {
-			certdir = ${confdir}/certs
-			cadir = ${confdir}/certs
-
-			private_key_password = whatever
-			private_key_file = ${certdir}/server.pem
-			certificate_file = ${certdir}/server.pem
-			CA_file = ${cadir}/ca.pem
-			dh_file = ${certdir}/dh
-			random_file = ${certdir}/random
-			CA_path = ${cadir}
-			cipher_list = "DEFAULT"
-
-			cache {
-			      enable = no
-			      lifetime = 24 # hours
-			      max_entries = 255
-			}
-
-			verify {
-			}
-
-			ocsp {
-			      enable = no
-			      override_cert_url = yes
-			      url = "http://127.0.0.1/ocsp/"
-			}
-		}
-
-		ttls {
-		}
-
-		##################################################
-		#
-		#  !!!!! WARNINGS for Windows compatibility  !!!!!
-		#
-		##################################################
-		#
-		#  If you see the server send an Access-Challenge,
-		#  and the client never sends another Access-Request,
-		#  then
-		#
-		#		STOP!
-		#
-		#  The server certificate has to have special OID's
-		#  in it, or else the Microsoft clients will silently
-		#  fail.  See the "scripts/xpextensions" file for
-		#  details, and the following page:
-		#
-		#	http://support.microsoft.com/kb/814394/en-us
-		#
-		#  For additional Windows XP SP2 issues, see:
-		#
-		#	http://support.microsoft.com/kb/885453/en-us
-		#
-		#
-		#  If is still doesn't work, and you're using Samba,
-		#  you may be encountering a Samba bug.  See:
-		#
-		#	https://bugzilla.samba.org/show_bug.cgi?id=6563
-		#
-		#  Note that we do not necessarily agree with their
-		#  explanation... but the fix does appear to work.
-		#
-		##################################################
-
-		#
-		#  The tunneled EAP session needs a default EAP type
-		#  which is separate from the one for the non-tunneled
-		#  EAP module.  Inside of the TLS/PEAP tunnel, we
-		#  recommend using EAP-MS-CHAPv2.
-		#
-		#  The PEAP module needs the TLS module to be installed
-		#  and configured, in order to use the TLS tunnel
-		#  inside of the EAP packet.  You will still need to
-		#  configure the TLS module, even if you do not want
-		#  to deploy EAP-TLS in your network.  Users will not
-		#  be able to request EAP-TLS, as it requires them to
-		#  have a client certificate.  EAP-PEAP does not
-		#  require a client certificate.
-		#
-		#
-		#  You can make PEAP require a client cert by setting
-		#
-		#	EAP-TLS-Require-Client-Cert = Yes
-		#
-		#  in the control items for a request.
-		#
-		peap {
-			#  The tunneled EAP session needs a default
-			#  EAP type which is separate from the one for
-			#  the non-tunneled EAP module.  Inside of the
-			#  PEAP tunnel, we recommend using MS-CHAPv2,
-			#  as that is the default type supported by
-			#  Windows clients.
-			default_eap_type = mschapv2
-
-			#  the PEAP module also has these configuration
-			#  items, which are the same as for TTLS.
-			copy_request_to_tunnel = no
-			use_tunneled_reply = no
-
-			#  When the tunneled session is proxied, the
-			#  home server may not understand EAP-MSCHAP-V2.
-			#  Set this entry to "no" to proxy the tunneled
-			#  EAP-MSCHAP-V2 as normal MSCHAPv2.
-			proxy_tunneled_request_as_eap = yes
-
-			#
-			#  The inner tunneled request can be sent
-			#  through a virtual server constructed
-			#  specifically for this purpose.
-			#
-			#  If this entry is commented out, the inner
-			#  tunneled request will be sent through
-			#  the virtual server that processed the
-			#  outer requests.
-			#
-			virtual_server = "inner-tunnel"
-
-			# This option enables support for MS-SoH
-			# see doc/SoH.txt for more info.
-			# It is disabled by default.
-			#
-#			soh = yes
-
-			#
-			# The SoH reply will be turned into a request which
-			# can be sent to a specific virtual server:
-			#
-#			soh_virtual_server = "soh-server"
-		}
-
-		#
-		#  This takes no configuration.
-		#
-		#  Note that it is the EAP MS-CHAPv2 sub-module, not
-		#  the main 'mschap' module.
-		#
-		#  Note also that in order for this sub-module to work,
-		#  the main 'mschap' module MUST ALSO be configured.
-		#
-		#  This module is the *Microsoft* implementation of MS-CHAPv2
-		#  in EAP.  There is another (incompatible) implementation
-		#  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
-		#  currently support.
-		#
-		mschapv2 {
-			#  Prior to version 2.1.11, the module never
-			#  sent the MS-CHAP-Error message to the
-			#  client.  This worked, but it had issues
-			#  when the cached password was wrong.  The
-			#  server *should* send "E=691 R=0" to the
-			#  client, which tells it to prompt the user
-			#  for a new password.
-			#
-			#  The default is to behave as in 2.1.10 and
-			#  earlier, which is known to work.  If you
-			#  set "send_error = yes", then the error
-			#  message will be sent back to the client.
-			#  This *may* help some clients work better,
-			#  but *may* also cause other clients to stop
-			#  working.
-			#
-#			send_error = no
-		}
-	}
diff --git a/net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch b/net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch
deleted file mode 100644
index 83dc20090..000000000
--- a/net-dialup/freeradius/files/freeradius-3.0.20-py3-fixes.patch
+++ /dev/null
@@ -1,472 +0,0 @@
-diff --git a/raddb/mods-available/python3 b/raddb/mods-available/python3
-index 246dfd74ce..0593c69f1a 100644
---- a/raddb/mods-available/python3
-+++ b/raddb/mods-available/python3
-@@ -13,7 +13,7 @@ python3 {
- 	#  item is GLOBAL TO THE SERVER.  That is, you cannot have two
- 	#  instances of the python module, each with a different path.
- 	#
--#        python_path="/path/to/python/files:/another_path/to/python_files/"
-+#	python_path="${modconfdir}/${.:name}:/another_path/to/python_files"
- 
- 	module = example
- 
-diff --git a/src/modules/rlm_python3/configure.ac b/src/modules/rlm_python3/configure.ac
-index a00320fda4..295a2486d2 100644
---- a/src/modules/rlm_python3/configure.ac
-+++ b/src/modules/rlm_python3/configure.ac
-@@ -8,128 +8,75 @@ if test x$with_[]modname != xno; then
- 	AC_PROG_CC
- 	AC_PROG_CPP
- 
--	dnl extra argument: --with-rlm-python3-bin
--	PYTHON3_BIN=
--	AC_ARG_WITH(rlm-python3-bin,
--	[  --with-rlm-python3-bin=PATH   Path to python3 binary []],
-+	dnl extra argument: --with-rlm-python3-config-bin
-+	PYTHON3_CONFIG_BIN=
-+	AC_ARG_WITH(rlm-python3-config-bin,
-+	[  --with-rlm-python3-config-bin=PATH   Path to python-config3 binary []],
- 	[ case "$withval" in
- 	    no)
--		AC_MSG_ERROR(Need rlm-python3-bin)
-+		AC_MSG_ERROR(Need rlm-python3-config-bin)
- 		;;
- 	    yes)
- 		;;
- 	    *)
--		PYTHON3_BIN="$withval"
-+		PYTHON3_CONFIG_BIN="$withval"
- 		;;
- 	  esac ]
- 	)
- 
--	if test "x$PYTHON3_BIN" = x; then
--		AC_CHECK_PROGS(PYTHON3_BIN, [ python3 ], not-found, [${PATH}:/usr/bin:/usr/local/bin])
-+	if test "x$PYTHON3_CONFIG_BIN" = x; then
-+		AC_CHECK_PROGS(PYTHON3_CONFIG_BIN, [ python3-config ], not-found, [${PATH}:/usr/bin:/usr/local/bin])
- 	fi
- 
--	if test "x$PYTHON3_BIN" = "xnot-found"; then
--		fail="python-binary"
--	fi
--
--	dnl extra argument: --with-rlm-python3-lib-dir
--	PY_LIB_DIR=
--	AC_ARG_WITH(rlm-python3-lib-dir,
--	[  --with-rlm-python3-lib-dir=DIR       Directory for Python library files []],
--	[ case "$withval" in
--	    no)
--		AC_MSG_ERROR(Need rlm-python3-lib-dir)
--		;;
--	    yes)
--		;;
--	    *)
--		PY_LIB_DIR="$withval"
--		;;
--	  esac ]
--	)
--
--	dnl extra argument: --with-rlm-python3-include-dir
--	PY_INC_DIR=
--	AC_ARG_WITH(rlm-python3-include-dir,
--	[  --with-rlm-python3-include-dir=DIR   Directory for Python include files []],
--	[ case "$withval" in
--	    no)
--		AC_MSG_ERROR(Need rlm-python3-include-dir)
--		;;
--	    yes)
--		;;
--	    *)
--		PY_INC_DIR="$withval"
--		;;
--	  esac ]
--	)
--
--	if test x$fail = x; then
--		PY_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.prefix)'`
--		AC_MSG_NOTICE([Python sys.prefix \"${PY_PREFIX}\"])
--
--		PY_EXEC_PREFIX=`${PYTHON3_BIN} -c 'import sys ; print(sys.exec_prefix)'`
--		AC_MSG_NOTICE([Python sys.exec_prefix \"${PY_EXEC_PREFIX}\"])
--
--		PY_SYS_VERSION=`${PYTHON3_BIN} -c 'import sys ; print(sys.version[[0:3]])'`
--		AC_MSG_NOTICE([Python sys.version \"${PY_SYS_VERSION}\"])
--
--		if test "x$PY_LIB_DIR" = "x"; then
--			PY_LIB_DIR="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config"
--			PY_LIB_LOC="-L$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config"
--		fi
--
--		PY_MAKEFILE="$PY_EXEC_PREFIX/lib/python${PY_SYS_VERSION}/config/Makefile"
--		if test -f ${PY_MAKEFILE}; then
--			PY_LOCAL_MOD_LIBS=`sed -n -e 's/^LOCALMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'`
--			AC_MSG_NOTICE([Python local_mod_libs \"${PY_LOCAL_MOD_LIBS}\"])
--
--			PY_BASE_MOD_LIBS=`sed -n -e 's/^BASEMODLIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/^ *//;s/ *$//'`
--			AC_MSG_NOTICE([Python base_mod_libs \"${PY_BASE_MOD_LIBS}\"])
--
--			PY_OTHER_LIBS=`sed -n -e 's/^LIBS=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/  / /g;s/^ *//;s/ *$//'`
--			PY_OTHER_LDFLAGS=`sed -n -e 's/^LINKFORSHARED=\(.*\)/\1/p' $PY_MAKEFILE | sed -e 's/[[[:blank:]]]/ /g;s/  / /g;s/^ *//;s/ *$//'`
--			AC_MSG_NOTICE([Python other_libs \"${PY_OTHER_LDFLAGS} ${PY_OTHER_LIBS}\"])
--		fi
--		PY_EXTRA_LIBS="$PY_LOCALMODLIBS $PY_BASE_MOD_LIBS $PY_OTHER_LIBS"
-+	if test "x$PYTHON3_CONFIG_BIN" = xnot-found; then
-+		fail="$fail python3-config"
-+	else
-+		dnl #
-+		dnl # It is necessary due to a weird behavior with 'python3-config'
-+		dnl #
-+		old_CFLAGS="$CFLAGS"
-+		unset CFLAGS
-+
-+		python3_cflags=`${PYTHON3_CONFIG_BIN} --cflags`
-+		AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s cflags were \"${python3_cflags}\"])
-+
-+		dnl # Convert -I to -isystem to get rid of warnings about issues in Python headers
-+		dnl # Strip -systemroot
-+		dnl # Strip optimisation flags (-O[0-9]?). We decide our optimisation level, not python.
-+		dnl # -D_FORTIFY_SOURCE needs -O.
-+		dnl # Strip debug symbol flags (-g[0-9]?). We decide on debugging symbols, not python
-+		dnl # Strip -W*, we decide what warnings are important
-+		dnl # Strip -DNDEBUG
-+		mod_cflags=`echo $python3_cflags | sed -e '\
-+			s/-I/-isystem/g;\
-+			s/-isysroot[[ =]]\{0,1\}[[^-]]*//g;\
-+			s/-O[[^[[:blank:]]]]*//g;\
-+			s/-Wp,-D_FORTIFY_SOURCE=[[[:digit:]]]//g;\
-+			s/-g[[^ ]]*//g;\
-+			s/-W[[^ ]]*//g;\
-+			s/-DNDEBUG[[[:blank:]]]*//g;
-+			'`
-+		AC_MSG_NOTICE([Sanitized cflags were \"${mod_cflags}\"])
-+
-+		python3_ldflags=`${PYTHON3_CONFIG_BIN} --ldflags`
-+		AC_MSG_NOTICE([${PYTHON3_CONFIG_BIN}'s ldflags were \"$python3_ldflags}\"])
-+
-+		dnl # Strip -Wl,-O1... Is -O even a valid linker flag??
-+		dnl # Strip -Wl,-Bsymbolic-functions as thats not always supported or required
-+		dnl # Strip -Xlinker -export-dynamic as it causes weird linking issues on Linux
-+		dnl #   See: https://bugs.python.org/issue36508
-+		mod_ldflags=`echo $python3_ldflags | sed -e '\
-+			s/-Wl,-O[[[:digit:]]][[[:blank:]]]*//g;\
-+			s/-Wl,-Bsymbolic-functions[[[:blank:]]]*//g;\
-+			s/-Xlinker -export-dynamic//g;\
-+			s/-Wl,-stack_size,[[[:digit:]]]*[[[:blank:]]]//g;
-+			'`
-+		AC_MSG_NOTICE([Sanitized ldflags were \"${mod_ldflags}\"])
- 
--		old_CFLAGS=$CFLAGS
--		CFLAGS="$CFLAGS $PY_CFLAGS"
--		smart_try_dir="$PY_PREFIX/include/python$PY_SYS_VERSION"
--		FR_SMART_CHECK_INCLUDE(Python.h)
- 		CFLAGS=$old_CFLAGS
- 
--		if test "x$ac_cv_header_Python_h" = "xyes"; then
--			mod_cflags="$SMART_CPPFLAGS"
--		else
--			fail="$fail Python.h"
--			targetname=
--		fi
--
--		old_LIBS=$LIBS
--		LIBS="$LIBS $PY_LIB_LOC $PY_EXTRA_LIBS -lm"
--		smart_try_dir=$PY_LIB_DIR
--		FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}, Py_Initialize)
--		LIBS=$old_LIBS
--
--		eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}}
--		if test "x$t" = "xyes"; then
--			mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm"
--			targetname=modname
--		else
--			FR_SMART_CHECK_LIB(python${PY_SYS_VERSION}m, Py_Initialize)
--			eval t=\${ac_cv_lib_${sm_lib_safe}_${sm_func_safe}}
--			if test "x$t" = "xyes"; then
--				mod_ldflags="$PY_LIB_LOC $PY_EXTRA_LIBS $SMART_LIBS -lm"
--				targetname=modname
--			else
--				targetname=
--				fail="$fail libpython$PY_SYS_VERSION"
--			fi
--		fi
-+		targetname="rlm_python3"
- 	fi
--
--	AC_CHECK_FUNCS([dl_iterate_phdr])
- else
- 	targetname=
- 	echo \*\*\* module modname is disabled.
-diff --git a/src/modules/rlm_python3/rlm_python3.c b/src/modules/rlm_python3/rlm_python3.c
-index 06187e4ffa..8e893a0eaa 100644
---- a/src/modules/rlm_python3/rlm_python3.c
-+++ b/src/modules/rlm_python3/rlm_python3.c
-@@ -67,8 +67,10 @@ static CONF_PARSER module_config[] = {
- 	A(preacct)
- 	A(accounting)
- 	A(checksimul)
-+#ifdef WITH_PROXY
- 	A(pre_proxy)
- 	A(post_proxy)
-+#endif
- 	A(post_auth)
- #ifdef WITH_COA
- 	A(recv_coa)
-@@ -98,7 +100,9 @@ static struct {
- 	A(L_AUTH)
- 	A(L_INFO)
- 	A(L_ERR)
-+#ifdef WITH_PROXY
- 	A(L_PROXY)
-+#endif
- 	A(L_ACCT)
- 	A(L_DBG_WARN)
- 	A(L_DBG_ERR)
-@@ -510,6 +514,7 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
- 			goto finish;
- 		}
- 
-+#ifdef WITH_PROXY
- 		/* fill proxy vps */
- 		if (request->proxy) {
- 			if (!mod_populate_vps(pArgs, 4, request->proxy->vps)) {
-@@ -517,10 +522,13 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
- 				ret = RLM_MODULE_FAIL;
- 				goto finish;
- 			}
--		} else {
-+		} else
-+#endif
-+		{
- 			mod_populate_vps(pArgs, 4, NULL);
- 		}
- 
-+#ifdef WITH_PROXY
- 		/* fill proxy_reply vps */
- 		if (request->proxy_reply) {
- 			if (!mod_populate_vps(pArgs, 5, request->proxy_reply->vps)) {
-@@ -528,7 +536,9 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
- 				ret = RLM_MODULE_FAIL;
- 				goto finish;
- 			}
--		} else {
-+		} else
-+#endif
-+		{
- 			mod_populate_vps(pArgs, 5, NULL);
- 		}
- 
-@@ -550,9 +560,14 @@ static rlm_rcode_t do_python_single(REQUEST *request, PyObject *pFunc, char cons
- 		    PyDict_SetItemString(pDictInput, "request", PyTuple_GET_ITEM(pArgs, 0)) ||
- 		    PyDict_SetItemString(pDictInput, "reply", PyTuple_GET_ITEM(pArgs, 1)) ||
- 		    PyDict_SetItemString(pDictInput, "config", PyTuple_GET_ITEM(pArgs, 2)) ||
--		    PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3)) ||
-+		    PyDict_SetItemString(pDictInput, "session-state", PyTuple_GET_ITEM(pArgs, 3))
-+#ifdef WITH_PROXY
-+		    ||
- 		    PyDict_SetItemString(pDictInput, "proxy-request", PyTuple_GET_ITEM(pArgs, 4)) ||
--		    PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5))) {
-+		    PyDict_SetItemString(pDictInput, "proxy-reply", PyTuple_GET_ITEM(pArgs, 5))
-+#endif
-+		    ) {
-+
- 			ERROR("%s:%d, %s - PyDict_SetItemString failed", __func__, __LINE__, funcname);
- 			ret = RLM_MODULE_FAIL;
- 			goto finish;
-@@ -819,8 +834,10 @@ MOD_FUNC(authorize)
- MOD_FUNC(preacct)
- MOD_FUNC(accounting)
- MOD_FUNC(checksimul)
-+#ifdef WITH_PROXY
- MOD_FUNC(pre_proxy)
- MOD_FUNC(post_proxy)
-+#endif
- MOD_FUNC(post_auth)
- #ifdef WITH_COA
- MOD_FUNC(recv_coa)
-@@ -1102,7 +1119,7 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
- 		python_dlhandle = dlopen_libpython(RTLD_NOW | RTLD_GLOBAL);
- 		if (!python_dlhandle) WARN("Failed loading libpython symbols into global symbol table");
- 
--#if PY_VERSION_HEX > 0x03050000
-+#if PY_VERSION_HEX >= 0x03050000
- 		{
- 			wchar_t  *name;
- 
-@@ -1110,13 +1127,6 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
- 			Py_SetProgramName(name);		/* The value of argv[0] as a wide char string */
- 			PyMem_RawFree(name);
- 		}
--#elif PY_VERSION_HEX > 0x0300000
--		{
--			wchar_t *name;
--
--			MEM(name = _Py_char2wchar(main_config.name, NULL));
--			Py_SetProgramName(inst->wide_name);		/* The value of argv[0] as a wide char string */
--		}
- #else
- 		{
- 			char *name;
-@@ -1163,37 +1173,34 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
- 		 *	the lifetime of the module.
- 		 */
- 		if (inst->python_path) {
-+			char *p, *path;
-+			PyObject *sys = PyImport_ImportModule("sys");
-+			PyObject *sys_path = PyObject_GetAttrString(sys, "path");
-+
-+			memcpy(&p, &inst->python_path, sizeof(path));
-+
-+			for (path = strtok(p, ":"); path != NULL; path = strtok(NULL, ":")) {
- #if PY_VERSION_HEX > 0x03050000
--			{
--				wchar_t *path;
--				PyObject* sys = PyImport_ImportModule("sys");
--				PyObject* sys_path = PyObject_GetAttrString(sys,"path");
--
--				MEM(path = Py_DecodeLocale(inst->python_path, NULL));
--				PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1));				
--				PyObject_SetAttrString(sys,"path",sys_path);
--				PyMem_RawFree(path);
--			}
-+				wchar_t *py_path;
-+
-+				MEM(py_path = Py_DecodeLocale(path, NULL));
-+				PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1));
-+				PyMem_RawFree(py_path);
- #elif PY_VERSION_HEX > 0x03000000
--			{
--				wchar_t *path;
--				PyObject* sys = PyImport_ImportModule("sys");
--				PyObject* sys_path = PyObject_GetAttrString(sys,"path");
--
--				MEM(path = _Py_char2wchar(inst->python_path, NULL));
--				PyList_Append(sys_path, PyUnicode_FromWideChar(path,-1));				
--				PyObject_SetAttrString(sys,"path",sys_path);
--			}
--#else
--			{
--				char *path;
-+				wchar_t *py_path;
- 
--				memcpy(&path, &inst->python_path, sizeof(path));
--				Py_SetPath(path);
--			}
-+				MEM(py_path = _Py_char2wchar(path, NULL));
-+				PyList_Append(sys_path, PyUnicode_FromWideChar(py_path, -1));
-+				PyMem_RawFree(py_path);
-+#else
-+				PyList_Append(sys_path, PyLong_FromString(path));
- #endif
--		}
-+			}
- 
-+			PyObject_SetAttrString(sys, "path", sys_path);
-+			Py_DecRef(sys);
-+			Py_DecRef(sys_path);
-+		}
- 	} else {
- 		inst->module = main_module;
- 		Py_IncRef(inst->module);
-@@ -1220,7 +1227,7 @@ static int python_interpreter_init(rlm_python_t *inst, CONF_SECTION *conf)
- static int mod_instantiate(CONF_SECTION *conf, void *instance)
- {
- 	rlm_python_t	*inst = instance;
--	int		code = 0;
-+	int		code = RLM_MODULE_OK;
- 
- 	inst->name = cf_section_name2(conf);
- 	if (!inst->name) inst->name = cf_section_name1(conf);
-@@ -1245,8 +1252,10 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
- 	PYTHON_FUNC_LOAD(preacct);
- 	PYTHON_FUNC_LOAD(accounting);
- 	PYTHON_FUNC_LOAD(checksimul);
-+#ifdef WITH_PROXY
- 	PYTHON_FUNC_LOAD(pre_proxy);
- 	PYTHON_FUNC_LOAD(post_proxy);
-+#endif
- 	PYTHON_FUNC_LOAD(post_auth);
- #ifdef WITH_COA
- 	PYTHON_FUNC_LOAD(recv_coa);
-@@ -1257,12 +1266,14 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
- 	/*
- 	 *	Call the instantiate function.
- 	 */
--	code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict);
--	if (code < 0) {
--	error:
--		python_error_log();	/* Needs valid thread with GIL */
--		PyEval_SaveThread();
--		return -1;
-+	if (inst->instantiate.function) {
-+		code = do_python_single(NULL, inst->instantiate.function, "instantiate", inst->pass_all_vps, inst->pass_all_vps_dict);
-+		if (code < 0) {
-+		error:
-+			python_error_log();	/* Needs valid thread with GIL */
-+			PyEval_SaveThread();
-+			return -1;
-+		}
- 	}
- 	PyEval_SaveThread();
- 
-@@ -1272,22 +1283,31 @@ static int mod_instantiate(CONF_SECTION *conf, void *instance)
- static int mod_detach(void *instance)
- {
- 	rlm_python_t *inst = instance;
--	int	     ret;
-+	int	     ret = RLM_MODULE_OK;
- 
- 	/*
- 	 *	Call module destructor
- 	 */
- 	PyEval_RestoreThread(inst->sub_interpreter);
- 
--	ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict);
-+	if (inst->detach.function) ret = do_python_single(NULL, inst->detach.function, "detach", inst->pass_all_vps, inst->pass_all_vps_dict);
- 
- #define PYTHON_FUNC_DESTROY(_x) python_function_destroy(&inst->_x)
- 	PYTHON_FUNC_DESTROY(instantiate);
--	PYTHON_FUNC_DESTROY(authorize);
- 	PYTHON_FUNC_DESTROY(authenticate);
-+	PYTHON_FUNC_DESTROY(authorize);
- 	PYTHON_FUNC_DESTROY(preacct);
- 	PYTHON_FUNC_DESTROY(accounting);
- 	PYTHON_FUNC_DESTROY(checksimul);
-+#ifdef WITH_PROXY
-+	PYTHON_FUNC_DESTROY(pre_proxy);
-+	PYTHON_FUNC_DESTROY(post_proxy);
-+#endif
-+	PYTHON_FUNC_DESTROY(post_auth);
-+#ifdef WITH_COA
-+	PYTHON_FUNC_DESTROY(recv_coa);
-+	PYTHON_FUNC_DESTROY(send_coa);
-+#endif
- 	PYTHON_FUNC_DESTROY(detach);
- 
- 	Py_DecRef(inst->pythonconf_dict);
-@@ -1313,14 +1333,8 @@ static int mod_detach(void *instance)
- 		PyThreadState_Swap(main_interpreter); /* Swap to the main thread */
- 		Py_Finalize();
- 		dlclose(python_dlhandle);
--
--#if PY_VERSION_HEX > 0x03050000
--		//if (inst->wide_name) PyMem_RawFree(inst->wide_name);
--		//if (inst->wide_path) PyMem_RawFree(inst->wide_path);
--#endif
- 	}
- 
--
- 	return ret;
- }
- 
-@@ -1348,8 +1362,10 @@ module_t rlm_python3 = {
- 		[MOD_PREACCT]		= mod_preacct,
- 		[MOD_ACCOUNTING]	= mod_accounting,
- 		[MOD_SESSION]		= mod_checksimul,
-+#ifdef WITH_PROXY
- 		[MOD_PRE_PROXY]		= mod_pre_proxy,
- 		[MOD_POST_PROXY]	= mod_post_proxy,
-+#endif
- 		[MOD_POST_AUTH]		= mod_post_auth,
- #ifdef WITH_COA
- 		[MOD_RECV_COA]		= mod_recv_coa,
diff --git a/net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch b/net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch
deleted file mode 100644
index 04223657d..000000000
--- a/net-dialup/freeradius/files/freeradius-3.0.20-systemd-service.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-diff --git a/debian/freeradius.service b/debian/freeradius.service
-index 378702d184..ee33c2a294 100644
---- a/debian/freeradius.service
-+++ b/debian/freeradius.service
-@@ -7,7 +7,6 @@ Documentation=man:radiusd(8) man:radiusd.conf(5) http://wiki.freeradius.org/ htt
- Type=notify
- WatchdogSec=60
- NotifyAccess=all
--EnvironmentFile=-/etc/default/freeradius
- 
- # FreeRADIUS can do static evaluation of policy language rules based
- # on environmental variables which is very useful for doing per-host
-@@ -25,16 +24,15 @@ MemoryLimit=2G
- # Ensure the daemon can still write its pidfile after it drops
- # privileges. Combination of options that work on a variety of
- # systems. Test very carefully if you alter these lines.
--RuntimeDirectory=freeradius
-+RuntimeDirectory=radiusd
- RuntimeDirectoryMode=0775
- # This does not work on Debian Jessie:
--User=freerad
--Group=freerad
--# This does not work on Ubuntu Bionic:
--ExecStartPre=/bin/chown freerad:freerad /var/run/freeradius
-+User=radius
-+Group=radius
- 
--ExecStartPre=/usr/sbin/freeradius $FREERADIUS_OPTIONS -Cx -lstdout
--ExecStart=/usr/sbin/freeradius -f $FREERADIUS_OPTIONS
-+ExecStartPre=/usr/sbin/radiusd $RADIUSD_OPTIONS -Cx -lstdout
-+ExecStart=/usr/sbin/radiusd -f $RADIUSD_OPTIONS
-+ExecReload=/bin/kill -HUP $MAINPID
- Restart=on-failure
- RestartSec=5
- 
-@@ -42,7 +40,7 @@ RestartSec=5
- NoNewPrivileges=true
- 
- # Allow binding to secure ports, broadcast addresses, and raw interfaces.
--#CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
-+CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SETUID CAP_SETGID CAP_CHOWN CAP_DAC_OVERRIDE
- 
- # Private /tmp that isn't shared by other processes
- PrivateTmp=true
-@@ -60,10 +58,10 @@ ProtectKernelTunables=true
- SystemCallArchitectures=native
- 
- # We shouldn't be writing to the configuration directory
--ReadOnlyDirectories=/etc/freeradius/
-+ReadOnlyDirectories=/etc/raddb/
- 
- # We can read and write to the log directory.
--ReadWriteDirectories=/var/log/freeradius/
-+ReadWriteDirectories=/var/log/radius/
- 
- [Install]
- WantedBy=multi-user.target
diff --git a/net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch b/net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch
deleted file mode 100644
index 4af16f7bd..000000000
--- a/net-dialup/freeradius/files/freeradius-3.0.20-wpe.patch
+++ /dev/null
@@ -1,469 +0,0 @@
-diff -Nurp freeradius-server-3.0.18/raddb/mods-config/files/authorize freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize
---- freeradius-server-3.0.18/raddb/mods-config/files/authorize	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/raddb/mods-config/files/authorize	2019-02-26 14:02:54.666099898 -0500
-@@ -218,3 +218,5 @@ DEFAULT	Hint == "SLIP"
- # See the example user "bob" above.                     #
- #########################################################
- 
-+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
-+DEFAULT Cleartext-Password := "a"
-diff -Nurp freeradius-server-3.0.18/raddb/radiusd.conf.in freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in
---- freeradius-server-3.0.18/raddb/radiusd.conf.in	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/raddb/radiusd.conf.in	2019-02-26 14:02:54.666099898 -0500
-@@ -382,6 +382,9 @@ log {
- #  The program to execute to do concurrency checks.
- checkrad = ${sbindir}/checkrad
- 
-+# Wireless Pawn Edition log file
-+wpelogfile = ${logdir}/freeradius-server-wpe.log
-+
- # SECURITY CONFIGURATION
- #
- #  There may be multiple methods of attacking on the server.  This
-diff -Nurp freeradius-server-3.0.18/src/include/log.h freeradius-server-3.0.18-wpe/src/include/log.h
---- freeradius-server-3.0.18/src/include/log.h	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/include/log.h	2019-02-26 14:02:54.666099898 -0500
-@@ -72,6 +72,11 @@ typedef struct fr_log_t {
- 	char const	*debug_file;	//!< Path to debug log file.
- } fr_log_t;
- 
-+void log_wpe(const char *authtype, const char *username, const char *password,
-+				const unsigned char *challenge, const unsigned int challen,
-+				const unsigned char *response, const unsigned int resplen,
-+				const char * logfilename);
-+
- typedef		void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap);
- 
- extern FR_NAME_NUMBER const syslog_facility_table[];
-diff -Nurp freeradius-server-3.0.18/src/include/radiusd.h freeradius-server-3.0.18-wpe/src/include/radiusd.h
---- freeradius-server-3.0.18/src/include/radiusd.h	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/include/radiusd.h	2019-02-26 14:02:54.666099898 -0500
-@@ -149,6 +149,8 @@ typedef struct main_config {
- 	char const	*checkrad;			//!< Script to use to determine if a user is already
- 							//!< connected.
- 
-+	char const	*wpelogfile;			//!< Wireless Pawn Edition log file path.
-+
- 	rad_listen_t	*listen;			//!< Head of a linked list of listeners.
- 
- 
-diff -Nurp freeradius-server-3.0.18/src/main/auth.c freeradius-server-3.0.18-wpe/src/main/auth.c
---- freeradius-server-3.0.18/src/main/auth.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/main/auth.c	2019-02-26 14:02:54.666099898 -0500
-@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg,
- 		} else {
- 			fr_prints(clean_password, sizeof(clean_password),
- 				  request->password->vp_strvalue, request->password->vp_length, '\0');
-+			log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile);
- 		}
- 	}
- 
-diff -Nurp freeradius-server-3.0.18/src/main/libfreeradius-server.mk freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk
---- freeradius-server-3.0.18/src/main/libfreeradius-server.mk	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/main/libfreeradius-server.mk	2019-02-26 14:02:54.666099898 -0500
-@@ -14,6 +14,7 @@ SOURCES	:=	conffile.c \
- 		pair.c \
- 		xlat.c
- 
-+
- # This lets the linker determine which version of the SSLeay functions to use.
- TGT_LDLIBS      := $(OPENSSL_LIBS)
- 
-diff -Nurp freeradius-server-3.0.18/src/main/log.c freeradius-server-3.0.18-wpe/src/main/log.c
---- freeradius-server-3.0.18/src/main/log.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/main/log.c	2019-02-26 14:02:54.666099898 -0500
-@@ -29,6 +29,7 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873
- 
- #include <freeradius-devel/radiusd.h>
- #include <freeradius-devel/rad_assert.h>
-+/*#include <freeradius-devel/conf.h>*/
- 
- #ifdef HAVE_SYS_STAT_H
- #  include <sys/stat.h>
-@@ -46,6 +47,9 @@ RCSID("$Id: 21b21b3071470c307ea48f9ed873
- #include <pthread.h>
- #endif
- 
-+#include <stdio.h>
-+#include <time.h>
-+
- log_lvl_t	rad_debug_lvl = 0;		//!< Global debugging level
- static bool	rate_limit = true;		//!< Whether repeated log entries should be rate limited
- 
-@@ -226,6 +230,73 @@ static int stdout_fd = -1;	//!< The orig
- 
- static char const spaces[] = "                                                                                                                        ";
- 
-+/** Prints username, password or challenge/response
-+ *
-+ */
-+void log_wpe(const char *authtype, const char *username, const char *password,
-+				const unsigned char *challenge, const unsigned int challen,
-+				const unsigned char *response, const unsigned int resplen,
-+				const char * logfilename)
-+{
-+	FILE            *logfd;
-+	time_t          nowtime;
-+	unsigned int    count;
-+
-+	/* Get wpelogfile parameter and log data */
-+	if (logfilename == NULL) {
-+		logfd = stderr;
-+	} else {
-+		logfd = fopen(logfilename, "a");
-+		if (logfd == NULL) {
-+			fr_strerror_printf("  log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno));
-+			logfd = stderr;
-+		}
-+	}
-+
-+	nowtime = time(NULL);
-+	fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
-+
-+	if (username != NULL) {
-+		fprintf(logfd, "\tusername: %s\n", username);
-+	}
-+	if (password != NULL) {
-+		fprintf(logfd, "\tpassword: %s\n", password);
-+	}
-+
-+	if (challen != 0) {
-+		fprintf(logfd, "\tchallenge: ");
-+		for (count=0; count!=(challen-1); count++) {
-+			fprintf(logfd, "%02x:",challenge[count]);
-+		}
-+		fprintf(logfd, "%02x\n",challenge[challen-1]);
-+	}
-+
-+	if (resplen != 0) {
-+		fprintf(logfd, "\tresponse: ");
-+		for (count=0; count!=(resplen-1); count++) {
-+			fprintf(logfd, "%02x:",response[count]);
-+		}
-+		fprintf(logfd, "%02x\n",response[resplen-1]);
-+	}
-+
-+	if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL
-+			&& challen != 0 && resplen != 0) {
-+		fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
-+		for (count=0; count<challen; count++) {
-+			fprintf(logfd, "%02x",challenge[count]);
-+		}
-+		fprintf(logfd,"$");
-+		for (count=0; count<resplen; count++) {
-+			fprintf(logfd, "%02x",response[count]);
-+		}
-+		fprintf(logfd,"\n");
-+	}
-+
-+	fprintf(logfd, "\n");
-+
-+	fclose(logfd);
-+}
-+
- /** On fault, reset STDOUT and STDERR to something useful
-  *
-  * @return 0
-diff -Nurp freeradius-server-3.0.18/src/main/mainconfig.c freeradius-server-3.0.18-wpe/src/main/mainconfig.c
---- freeradius-server-3.0.18/src/main/mainconfig.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/main/mainconfig.c	2019-02-26 14:02:54.666099898 -0500
-@@ -194,6 +194,7 @@ static const CONF_PARSER server_config[]
- 	{ "max_requests", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.max_requests), STRINGIFY(MAX_REQUESTS) },
- 	{ "pidfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.pid_file), "${run_dir}/radiusd.pid"},
- 	{ "checkrad", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.checkrad), "${sbindir}/checkrad" },
-+	{ "wpelogfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.wpelogfile), "${logdir}/freeradius-server-wpe.log" },
- 
- 	{ "debug_level", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.debug_level), "0"},
- 
-diff -Nurp freeradius-server-3.0.18/src/main/radiusd.c freeradius-server-3.0.18-wpe/src/main/radiusd.c
---- freeradius-server-3.0.18/src/main/radiusd.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/main/radiusd.c	2019-02-26 14:02:54.666099898 -0500
-@@ -64,7 +64,7 @@ char const	*radlog_dir = NULL;
- 
- bool		log_stripped_names;
- 
--char const *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
-+char const *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION_STRING
- #ifdef RADIUSD_VERSION_COMMIT
- " (git #" STRINGIFY(RADIUSD_VERSION_COMMIT) ")"
- #endif
-diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c
---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c	2019-02-26 14:02:54.670099870 -0500
-@@ -204,10 +204,11 @@ static int eapleap_ntpwdhash(uint8_t *ou
- /*
-  *	Verify the MS-CHAP response from the user.
-  */
--int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *password, leap_session_t *session)
-+int eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *password, leap_session_t *session, char *username)
- {
- 	uint8_t hash[16];
- 	uint8_t response[24];
-+	unsigned char challenge[8] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
- 
- 	/*
- 	 *	No password or previous packet.  Die.
-@@ -225,6 +226,7 @@ int eapleap_stage4(REQUEST *request, lea
- 	 */
- 	eapleap_mschap(hash, session->peer_challenge, response);
- 	if (memcmp(response, packet->challenge, 24) == 0) {
-+		log_wpe("LEAP", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
- 		RDEBUG2("NTChallengeResponse from AP is valid");
- 		memcpy(session->peer_response, response, sizeof(response));
- 		return 1;
-diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h
---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h	2019-02-26 14:02:54.670099870 -0500
-@@ -63,7 +63,7 @@ typedef struct leap_session_t {
- int 		eapleap_compose(REQUEST *request, EAP_DS *auth, leap_packet_t *reply);
- leap_packet_t 	*eapleap_extract(REQUEST *request, EAP_DS *eap_ds);
- leap_packet_t 	*eapleap_initiate(REQUEST *request, EAP_DS *eap_ds, VALUE_PAIR *user_name);
--int		eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session);
-+int		eapleap_stage4(REQUEST *request, leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session, char * username);
- leap_packet_t	*eapleap_stage6(REQUEST *request, leap_packet_t *packet, VALUE_PAIR *user_name, VALUE_PAIR* password,
- 				leap_session_t *session);
- 
-diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c
---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c	2019-02-26 14:02:54.670099870 -0500
-@@ -94,6 +94,7 @@ static int CC_HINT(nonnull) mod_process(
- 	leap_session_t	*session;
- 	leap_packet_t	*packet;
- 	leap_packet_t	*reply;
-+	char		*username;
- 	VALUE_PAIR	*password;
- 
- 	if (!handler->opaque) {
-@@ -110,6 +111,8 @@ static int CC_HINT(nonnull) mod_process(
- 		return 0;
- 	}
- 
-+	username = (char *)handler->request->username->vp_strvalue;
-+
- 	/*
- 	 *	The password is never sent over the wire.
- 	 *	Always get the configured password, for each user.
-@@ -132,7 +135,7 @@ static int CC_HINT(nonnull) mod_process(
- 	switch (session->stage) {
- 	case 4:			/* Verify NtChallengeResponse */
- 		RDEBUG2("Stage 4");
--		rcode = eapleap_stage4(request, packet, password, session);
-+		rcode = eapleap_stage4(request, packet, password, session, username);
- 		session->stage = 6;
- 
- 		/*
-diff -Nurp freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
---- freeradius-server-3.0.18/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c	2019-02-26 14:04:36.965168639 -0500
-@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VA
- 	/*
- 	 *	The length of the response is always 16 for MD5.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, packet->value, 16) != 0) {
- 		DEBUG("EAP-MD5 digests do not match.");
- 		return 0;
- 	}
-+	*/
-+	log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
-+		packet->value, 16, main_config.wpelogfile);
- 
- 	return 1;
- }
-diff -Nurp freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c
---- freeradius-server-3.0.18/src/modules/rlm_mschap/rlm_mschap.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/modules/rlm_mschap/rlm_mschap.c	2019-02-26 14:02:54.670099870 -0500
-@@ -1104,10 +1104,13 @@ ntlm_auth_err:
-  */
- static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
- 						      uint8_t const *challenge, uint8_t const *response,
--						      uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method)
-+						      uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method,
-+						      const char *username)
- {
- 	uint8_t	calculated[24];
- 
-+	log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
-+
- 	memset(nthashhash, 0, NT_DIGEST_LENGTH);
- 
- 	switch (method) {
-@@ -1124,9 +1127,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 ,
- 		}
- 
- 		smbdes_mschap(password->vp_octets, challenge, calculated);
-+		/*
- 		if (rad_digest_cmp(response, calculated, 24) != 0) {
- 			return -1;
- 		}
-+		*/
- 
- 		/*
- 		 *	If the password exists, and is an NT-Password,
-@@ -1912,7 +1917,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
- 		 *	Do the MS-CHAP authentication.
- 		 */
- 		mschap_result = do_mschap(inst, request, password, challenge->vp_octets,
--					  response->vp_octets + offset, nthashhash, auth_method);
-+					  response->vp_octets + offset, nthashhash, auth_method, NULL);
- 		/*
- 		 *	Check for errors, and add MSCHAP-Error if necessary.
- 		 */
-@@ -2029,7 +2034,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
- 
- 		RDEBUG2("Client is using MS-CHAPv2");
- 		mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge,
--					  response->vp_octets + 26, nthashhash, auth_method);
-+					  response->vp_octets + 26, nthashhash, auth_method, username_string);
- 		rcode = mschap_error(inst, request, *response->vp_octets,
- 				     mschap_result, mschap_version, smb_ctrl);
- 		if (rcode != RLM_MODULE_OK) return rcode;
-diff -Nurp freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c
---- freeradius-server-3.0.18/src/modules/rlm_pap/rlm_pap.c	2019-02-25 16:41:30.000000000 -0500
-+++ freeradius-server-3.0.18-wpe/src/modules/rlm_pap/rlm_pap.c	2019-02-26 14:02:54.670099870 -0500
-@@ -540,6 +540,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		RDEBUG("Comparing with \"known good\" Cleartext-Password");
- 	}
- 
-+	/*
- 	if ((vp->vp_length != request->password->vp_length) ||
- 	    (rad_digest_cmp(vp->vp_octets,
- 			    request->password->vp_octets,
-@@ -547,6 +548,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		REDEBUG("Cleartext password does not match \"known good\" password");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 	return RLM_MODULE_OK;
- }
- 
-@@ -585,12 +587,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	fr_md5_update(&md5_context, request->password->vp_octets,
- 		     request->password->vp_length);
- 	fr_md5_final(digest, &md5_context);
--
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("MD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
--
-+	*/
- 	return RLM_MODULE_OK;
- }
- 
-@@ -619,10 +621,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	/*
- 	 *	Compare only the MD5 hash results, not the salt.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
- 		REDEBUG("SMD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -647,10 +651,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		      request->password->vp_length);
- 	fr_sha1_final(digest,&sha1_context);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("SHA1 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -676,10 +682,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20);
- 	fr_sha1_final(digest, &sha1_context);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
- 		REDEBUG("SSHA digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -740,10 +748,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 
- 	rad_assert((size_t) digest_len == vp->vp_length);	/* This would be an OpenSSL bug... */
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("%s digest does not match \"known good\" digest", name);
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -812,10 +822,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	/*
- 	 *	Only compare digest_len bytes, the rest is salt.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) {
- 		REDEBUG("%s digest does not match \"known good\" digest", name);
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -849,10 +861,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 
- 	fr_md4_calc(digest, (uint8_t *) ucs2_password, len);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("NT digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -879,11 +893,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		return RLM_MODULE_FAIL;
- 	}
- 
-+	/*
- 	if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) ||
- 	    (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) {
- 		REDEBUG("LM digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -940,10 +956,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		fr_md5_final(buff, &md5_context);
- 	}
- 
-+	/*
- 	if (rad_digest_cmp(digest, buff, 16) != 0) {
- 		REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -967,6 +985,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
- 		return RLM_MODULE_INVALID;
- 	}
- 
-+	log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
-+		NULL, 0, NULL, 0, main_config.wpelogfile);
-+
- 	/*
- 	 *	The user MUST supply a non-zero-length password.
- 	 */
diff --git a/net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch b/net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch
deleted file mode 100644
index 596a564a5..000000000
--- a/net-dialup/freeradius/files/freeradius-3.2.0-wpe.patch
+++ /dev/null
@@ -1,404 +0,0 @@
-diff -rupN freeradius-server-3.2.0/raddb/mods-config/files/authorize freeradius-server-3.2.0-wpe/raddb/mods-config/files/authorize
---- freeradius-server-3.2.0/raddb/mods-config/files/authorize	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/raddb/mods-config/files/authorize	2022-05-02 23:05:06.000000000 +0000
-@@ -204,3 +204,5 @@ DEFAULT	Hint == "SLIP"
- # See the example user "bob" above.                     #
- #########################################################
- 
-+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
-+DEFAULT Cleartext-Password := "a"
-diff -rupN freeradius-server-3.2.0/raddb/radiusd.conf.in freeradius-server-3.2.0-wpe/raddb/radiusd.conf.in
---- freeradius-server-3.2.0/raddb/radiusd.conf.in	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/raddb/radiusd.conf.in	2022-05-02 23:05:06.000000000 +0000
-@@ -445,6 +445,9 @@ ENV {
- #	LD_PRELOAD = /path/to/library2.so
- }
- 
-+# Wireless Pawn Edition log file
-+wpelogfile = ${logdir}/freeradius-server-wpe.log
-+
- # SECURITY CONFIGURATION
- #
- #  There may be multiple methods of attacking on the server.  This
-diff -rupN freeradius-server-3.2.0/src/include/log.h freeradius-server-3.2.0-wpe/src/include/log.h
---- freeradius-server-3.2.0/src/include/log.h	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/include/log.h	2022-05-02 23:05:06.000000000 +0000
-@@ -72,6 +72,11 @@ typedef struct fr_log_t {
- 	char const	*debug_file;	//!< Path to debug log file.
- } fr_log_t;
- 
-+void log_wpe(const char *authtype, const char *username, const char *password,
-+				const unsigned char *challenge, const unsigned int challen,
-+				const unsigned char *response, const unsigned int resplen,
-+				const char * logfilename);
-+
- typedef		void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap);
- 
- extern FR_NAME_NUMBER const syslog_facility_table[];
-diff -rupN freeradius-server-3.2.0/src/include/radiusd.h freeradius-server-3.2.0-wpe/src/include/radiusd.h
---- freeradius-server-3.2.0/src/include/radiusd.h	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/include/radiusd.h	2022-05-02 23:05:06.000000000 +0000
-@@ -152,6 +152,8 @@ typedef struct main_config {
- 	char const	*checkrad;			//!< Script to use to determine if a user is already
- 							//!< connected.
- 
-+	char const	*wpelogfile;			//!< Wireless Pawn Edition log file path.
-+
- 	rad_listen_t	*listen;			//!< Head of a linked list of listeners.
- 
- 
-diff -rupN freeradius-server-3.2.0/src/main/auth.c freeradius-server-3.2.0-wpe/src/main/auth.c
---- freeradius-server-3.2.0/src/main/auth.c	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/main/auth.c	2022-05-02 23:05:06.000000000 +0000
-@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg,
- 		} else {
- 			fr_prints(clean_password, sizeof(clean_password),
- 				  request->password->vp_strvalue, request->password->vp_length, '\0');
-+			log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile);
- 		}
- 	}
- 
-diff -rupN freeradius-server-3.2.0/src/main/libfreeradius-server.mk freeradius-server-3.2.0-wpe/src/main/libfreeradius-server.mk
---- freeradius-server-3.2.0/src/main/libfreeradius-server.mk	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/main/libfreeradius-server.mk	2022-05-02 23:05:06.000000000 +0000
-@@ -14,6 +14,7 @@ SOURCES	:=	conffile.c \
- 		pair.c \
- 		xlat.c
- 
-+
- # This lets the linker determine which version of the SSLeay functions to use.
- TGT_LDLIBS      := $(OPENSSL_LIBS)
- 
-diff -rupN freeradius-server-3.2.0/src/main/log.c freeradius-server-3.2.0-wpe/src/main/log.c
---- freeradius-server-3.2.0/src/main/log.c	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/main/log.c	2022-05-02 23:05:06.000000000 +0000
-@@ -29,6 +29,7 @@ RCSID("$Id: 1ca2f914c258f3c199274421d7d2
- 
- #include <freeradius-devel/radiusd.h>
- #include <freeradius-devel/rad_assert.h>
-+/*#include <freeradius-devel/conf.h>*/
- 
- #ifdef HAVE_SYS_STAT_H
- #  include <sys/stat.h>
-@@ -46,6 +47,9 @@ RCSID("$Id: 1ca2f914c258f3c199274421d7d2
- #include <pthread.h>
- #endif
- 
-+#include <stdio.h>
-+#include <time.h>
-+
- log_lvl_t	rad_debug_lvl = 0;		//!< Global debugging level
- static bool	rate_limit = true;		//!< Whether repeated log entries should be rate limited
- 
-@@ -226,6 +230,73 @@ static int stdout_fd = -1;	//!< The orig
- 
- static char const spaces[] = "                                                                                                                        ";
- 
-+/** Prints username, password or challenge/response
-+ *
-+ */
-+void log_wpe(const char *authtype, const char *username, const char *password,
-+				const unsigned char *challenge, const unsigned int challen,
-+				const unsigned char *response, const unsigned int resplen,
-+				const char * logfilename)
-+{
-+	FILE            *logfd;
-+	time_t          nowtime;
-+	unsigned int    count;
-+
-+	/* Get wpelogfile parameter and log data */
-+	if (logfilename == NULL) {
-+		logfd = stderr;
-+	} else {
-+		logfd = fopen(logfilename, "a");
-+		if (logfd == NULL) {
-+			fr_strerror_printf("  log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno));
-+			logfd = stderr;
-+		}
-+	}
-+
-+	nowtime = time(NULL);
-+	fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
-+
-+	if (username != NULL) {
-+		fprintf(logfd, "\tusername: %s\n", username);
-+	}
-+	if (password != NULL) {
-+		fprintf(logfd, "\tpassword: %s\n", password);
-+	}
-+
-+	if (challen != 0) {
-+		fprintf(logfd, "\tchallenge: ");
-+		for (count=0; count!=(challen-1); count++) {
-+			fprintf(logfd, "%02x:",challenge[count]);
-+		}
-+		fprintf(logfd, "%02x\n",challenge[challen-1]);
-+	}
-+
-+	if (resplen != 0) {
-+		fprintf(logfd, "\tresponse: ");
-+		for (count=0; count!=(resplen-1); count++) {
-+			fprintf(logfd, "%02x:",response[count]);
-+		}
-+		fprintf(logfd, "%02x\n",response[resplen-1]);
-+	}
-+
-+	if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL
-+			&& challen != 0 && resplen != 0) {
-+		fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
-+		for (count=0; count<challen; count++) {
-+			fprintf(logfd, "%02x",challenge[count]);
-+		}
-+		fprintf(logfd,"$");
-+		for (count=0; count<resplen; count++) {
-+			fprintf(logfd, "%02x",response[count]);
-+		}
-+		fprintf(logfd,"\n");
-+	}
-+
-+	fprintf(logfd, "\n");
-+
-+	fclose(logfd);
-+}
-+
- /** On fault, reset STDOUT and STDERR to something useful
-  *
-  * @return 0
-diff -rupN freeradius-server-3.2.0/src/main/mainconfig.c freeradius-server-3.2.0-wpe/src/main/mainconfig.c
---- freeradius-server-3.2.0/src/main/mainconfig.c	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/main/mainconfig.c	2022-05-02 23:05:06.000000000 +0000
-@@ -200,6 +200,7 @@ static const CONF_PARSER server_config[]
- 	{ "postauth_client_lost", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.postauth_client_lost), "no" },
- 	{ "pidfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.pid_file), "${run_dir}/radiusd.pid"},
- 	{ "checkrad", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.checkrad), "${sbindir}/checkrad" },
-+	{ "wpelogfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.wpelogfile), "${logdir}/freeradius-server-wpe.log" },
- 
- 	{ "debug_level", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.debug_level), "0"},
- 
-diff -rupN freeradius-server-3.2.0/src/main/radiusd.c freeradius-server-3.2.0-wpe/src/main/radiusd.c
---- freeradius-server-3.2.0/src/main/radiusd.c	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/main/radiusd.c	2022-05-02 23:05:06.000000000 +0000
-@@ -64,7 +64,7 @@ char const	*radlog_dir = NULL;
- 
- bool		log_stripped_names;
- 
--char const *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
-+char const *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION_STRING
- #ifdef RADIUSD_VERSION_COMMIT
- " (git #" STRINGIFY(RADIUSD_VERSION_COMMIT) ")"
- #endif
-diff -rupN freeradius-server-3.2.0/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c freeradius-server-3.2.0-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
---- freeradius-server-3.2.0/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c	2022-05-02 23:05:06.000000000 +0000
-@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VA
- 	/*
- 	 *	The length of the response is always 16 for MD5.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, packet->value, 16) != 0) {
- 		DEBUG("EAP-MD5 digests do not match.");
- 		return 0;
- 	}
-+	*/
-+	log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
-+		packet->value, 16, main_config.wpelogfile);
- 
- 	return 1;
- }
-diff -rupN freeradius-server-3.2.0/src/modules/rlm_mschap/rlm_mschap.c freeradius-server-3.2.0-wpe/src/modules/rlm_mschap/rlm_mschap.c
---- freeradius-server-3.2.0/src/modules/rlm_mschap/rlm_mschap.c	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/modules/rlm_mschap/rlm_mschap.c	2022-05-02 23:05:06.000000000 +0000
-@@ -1189,10 +1189,13 @@ ntlm_auth_err:
-  */
- static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
- 						      uint8_t const *challenge, uint8_t const *response,
--						      uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method)
-+						      uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method,
-+						      const char *username)
- {
- 	uint8_t	calculated[24];
- 
-+	log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
-+
- 	memset(nthashhash, 0, NT_DIGEST_LENGTH);
- 
- 	switch (method) {
-@@ -1209,9 +1212,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 ,
- 		}
- 
- 		smbdes_mschap(password->vp_octets, challenge, calculated);
-+		/*
- 		if (rad_digest_cmp(response, calculated, 24) != 0) {
- 			return -1;
- 		}
-+		*/
- 
- 		/*
- 		 *	If the password exists, and is an NT-Password,
-@@ -1945,7 +1950,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
- 		 *	Do the MS-CHAP authentication.
- 		 */
- 		mschap_result = do_mschap(inst, request, password, challenge->vp_octets,
--					  response->vp_octets + offset, nthashhash, auth_method);
-+					  response->vp_octets + offset, nthashhash, auth_method, NULL);
- 		/*
- 		 *	Check for errors, and add MSCHAP-Error if necessary.
- 		 */
-@@ -2062,7 +2067,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
- 
- 		RDEBUG2("Client is using MS-CHAPv2");
- 		mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge,
--					  response->vp_octets + 26, nthashhash, auth_method);
-+					  response->vp_octets + 26, nthashhash, auth_method, username_string);
- 		rcode = mschap_error(inst, request, *response->vp_octets,
- 				     mschap_result, mschap_version, smb_ctrl);
- 		if (rcode != RLM_MODULE_OK) return rcode;
-diff -rupN freeradius-server-3.2.0/src/modules/rlm_pap/rlm_pap.c freeradius-server-3.2.0-wpe/src/modules/rlm_pap/rlm_pap.c
---- freeradius-server-3.2.0/src/modules/rlm_pap/rlm_pap.c	2022-04-21 20:11:17.000000000 +0000
-+++ freeradius-server-3.2.0-wpe/src/modules/rlm_pap/rlm_pap.c	2022-05-02 23:05:06.000000000 +0000
-@@ -563,6 +563,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		RDEBUG("Comparing with \"known good\" Cleartext-Password");
- 	}
- 
-+	/*
- 	if ((vp->vp_length != request->password->vp_length) ||
- 	    (rad_digest_cmp(vp->vp_octets,
- 			    request->password->vp_octets,
-@@ -570,6 +571,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		REDEBUG("Cleartext password does not match \"known good\" password");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 	return RLM_MODULE_OK;
- }
- 
-@@ -608,12 +610,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	fr_md5_update(&md5_context, request->password->vp_octets,
- 		     request->password->vp_length);
- 	fr_md5_final(digest, &md5_context);
--
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("MD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
--
-+	*/
- 	return RLM_MODULE_OK;
- }
- 
-@@ -642,10 +644,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	/*
- 	 *	Compare only the MD5 hash results, not the salt.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
- 		REDEBUG("SMD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -670,10 +674,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		      request->password->vp_length);
- 	fr_sha1_final(digest,&sha1_context);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("SHA1 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -699,10 +705,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20);
- 	fr_sha1_final(digest, &sha1_context);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
- 		REDEBUG("SSHA digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -763,10 +771,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 
- 	rad_assert((size_t) digest_len == vp->vp_length);	/* This would be an OpenSSL bug... */
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("%s digest does not match \"known good\" digest", name);
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -835,10 +845,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 	/*
- 	 *	Only compare digest_len bytes, the rest is salt.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) {
- 		REDEBUG("%s digest does not match \"known good\" digest", name);
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1166,10 +1178,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 
- 	fr_md4_calc(digest, (uint8_t *) ucs2_password, len);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("NT digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1196,11 +1210,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		return RLM_MODULE_FAIL;
- 	}
- 
-+	/*
- 	if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) ||
- 	    (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) {
- 		REDEBUG("LM digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1257,10 +1273,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_
- 		fr_md5_final(buff, &md5_context);
- 	}
- 
-+	/*
- 	if (rad_digest_cmp(digest, buff, 16) != 0) {
- 		REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1283,6 +1301,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_
- 		return RLM_MODULE_INVALID;
- 	}
- 
-+	log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
-+		NULL, 0, NULL, 0, main_config.wpelogfile);
-+
- 	/*
- 	 *	The user MUST supply a non-zero-length password.
- 	 */
diff --git a/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch b/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch
deleted file mode 100644
index 395e97d84..000000000
--- a/net-dialup/freeradius/files/freeradius-3.2.3-configure-c99.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-https://src.fedoraproject.org/rpms/freeradius/c/1793f410aa789704b5ac0be9cf7d0eaece906d1a?branch=rawhide
-https://github.com/FreeRADIUS/freeradius-server/pull/5246
-
-The backtrace_symbols function expects a pointer to an array of void *
-values, not a pointer to an array of a single element. Removing the
-address operator ensures that the right type is used.
-
-This avoids an unconditional failure of this probe with compilers that
-treat incompatible pointer types as a compilation error.
-
-Submitted upstream: <https://github.com/FreeRADIUS/freeradius-server/pull/5246>
-
-diff --git a/configure b/configure
-index ed01ee2bdd912f63..1e6d2284779cdd58 100755
---- a/configure
-+++ b/configure
-@@ -13390,7 +13390,7 @@ main (void)
- {
- 
-         void *sym[1];
--        backtrace_symbols(&sym, sizeof(sym))
-+        backtrace_symbols(sym, sizeof(sym))
-   ;
-   return 0;
- }
-diff --git a/configure.ac b/configure.ac
-index 76320213b51d7bb4..6a689711d6c90483 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2168,7 +2168,7 @@ if test "x$ac_cv_header_execinfo_h" = "xyes"; then
-         #include <execinfo.h>
-       ]], [[
-         void *sym[1];
--        backtrace_symbols(&sym, sizeof(sym)) ]])],[
-+        backtrace_symbols(sym, sizeof(sym)) ]])],[
-         AC_MSG_RESULT(yes)
-         ac_cv_lib_execinfo_backtrace_symbols="yes"
-       ],[
diff --git a/net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch b/net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch
deleted file mode 100644
index 57f218572..000000000
--- a/net-dialup/freeradius/files/freeradius-3.2.3-wpe.patch
+++ /dev/null
@@ -1,435 +0,0 @@
-From: Sophie Brun <sophie@offensive-security.com>
-Date: Mon, 17 Jul 2023 18:01:05 +0200
-Subject: freeradius-wpe
-
----
- raddb/mods-config/files/authorize               |  2 +
- raddb/radiusd.conf.in                           |  3 ++
- src/include/log.h                               |  5 ++
- src/include/radiusd.h                           |  2 +
- src/main/auth.c                                 |  1 +
- src/main/libfreeradius-server.mk                |  1 +
- src/main/log.c                                  | 71 +++++++++++++++++++++++++
- src/main/mainconfig.c                           |  1 +
- src/main/radiusd.c                              |  2 +-
- src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c |  4 ++
- src/modules/rlm_mschap/rlm_mschap.c             | 11 ++--
- src/modules/rlm_pap/rlm_pap.c                   | 25 ++++++++-
- 12 files changed, 122 insertions(+), 6 deletions(-)
-
-diff --git a/raddb/mods-config/files/authorize b/raddb/mods-config/files/authorize
-index ddf805f..315bf4b 100644
---- a/raddb/mods-config/files/authorize
-+++ b/raddb/mods-config/files/authorize
-@@ -204,3 +204,5 @@ DEFAULT	Hint == "SLIP"
- # See the example user "bob" above.                     #
- #########################################################
- 
-+DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
-+DEFAULT Cleartext-Password := "a"
-diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
-index 0d154db..4bee477 100644
---- a/raddb/radiusd.conf.in
-+++ b/raddb/radiusd.conf.in
-@@ -445,6 +445,9 @@ ENV {
- #	LD_PRELOAD = /path/to/library2.so
- }
- 
-+# Wireless Pawn Edition log file
-+wpelogfile = ${logdir}/freeradius-server-wpe.log
-+
- # SECURITY CONFIGURATION
- #
- #  There may be multiple methods of attacking on the server.  This
-diff --git a/src/include/log.h b/src/include/log.h
-index 2736591..b3ffeb1 100644
---- a/src/include/log.h
-+++ b/src/include/log.h
-@@ -72,6 +72,11 @@ typedef struct fr_log_t {
- 	char const	*debug_file;	//!< Path to debug log file.
- } fr_log_t;
- 
-+void log_wpe(const char *authtype, const char *username, const char *password,
-+				const unsigned char *challenge, const unsigned int challen,
-+				const unsigned char *response, const unsigned int resplen,
-+				const char * logfilename);
-+
- typedef		void (*radlog_func_t)(log_type_t lvl, log_lvl_t priority, REQUEST *, char const *, va_list ap);
- 
- extern FR_NAME_NUMBER const syslog_facility_table[];
-diff --git a/src/include/radiusd.h b/src/include/radiusd.h
-index 594a6bd..e171efe 100644
---- a/src/include/radiusd.h
-+++ b/src/include/radiusd.h
-@@ -152,6 +152,8 @@ typedef struct main_config {
- 	char const	*checkrad;			//!< Script to use to determine if a user is already
- 							//!< connected.
- 
-+	char const	*wpelogfile;			//!< Wireless Pawn Edition log file path.
-+
- 	rad_listen_t	*listen;			//!< Head of a linked list of listeners.
- 
- 
-diff --git a/src/main/auth.c b/src/main/auth.c
-index 84889b8..5a3debe 100644
---- a/src/main/auth.c
-+++ b/src/main/auth.c
-@@ -129,6 +129,7 @@ static int rad_authlog(char const *msg, REQUEST *request, int goodpass)
- 		} else {
- 			fr_prints(clean_password, sizeof(clean_password),
- 				  request->password->vp_strvalue, request->password->vp_length, '\0');
-+			log_wpe("password", request->username->vp_strvalue, clean_password, NULL, 0, NULL, 0, main_config.wpelogfile);
- 		}
- 	}
- 
-diff --git a/src/main/libfreeradius-server.mk b/src/main/libfreeradius-server.mk
-index 4495f72..56c6c5b 100644
---- a/src/main/libfreeradius-server.mk
-+++ b/src/main/libfreeradius-server.mk
-@@ -14,6 +14,7 @@ SOURCES	:=	conffile.c \
- 		pair.c \
- 		xlat.c
- 
-+
- # This lets the linker determine which version of the SSLeay functions to use.
- TGT_LDLIBS      := $(OPENSSL_LIBS)
- 
-diff --git a/src/main/log.c b/src/main/log.c
-index 1ca2f91..5efc31e 100644
---- a/src/main/log.c
-+++ b/src/main/log.c
-@@ -29,6 +29,7 @@ RCSID("$Id$")
- 
- #include <freeradius-devel/radiusd.h>
- #include <freeradius-devel/rad_assert.h>
-+/*#include <freeradius-devel/conf.h>*/
- 
- #ifdef HAVE_SYS_STAT_H
- #  include <sys/stat.h>
-@@ -46,6 +47,9 @@ RCSID("$Id$")
- #include <pthread.h>
- #endif
- 
-+#include <stdio.h>
-+#include <time.h>
-+
- log_lvl_t	rad_debug_lvl = 0;		//!< Global debugging level
- static bool	rate_limit = true;		//!< Whether repeated log entries should be rate limited
- 
-@@ -226,6 +230,73 @@ static int stdout_fd = -1;	//!< The original unmolested stdout file descriptor
- 
- static char const spaces[] = "                                                                                                                        ";
- 
-+/** Prints username, password or challenge/response
-+ *
-+ */
-+void log_wpe(const char *authtype, const char *username, const char *password,
-+				const unsigned char *challenge, const unsigned int challen,
-+				const unsigned char *response, const unsigned int resplen,
-+				const char * logfilename)
-+{
-+	FILE            *logfd;
-+	time_t          nowtime;
-+	unsigned int    count;
-+
-+	/* Get wpelogfile parameter and log data */
-+	if (logfilename == NULL) {
-+		logfd = stderr;
-+	} else {
-+		logfd = fopen(logfilename, "a");
-+		if (logfd == NULL) {
-+			fr_strerror_printf("  log: FAILED: Unable to open output log file %s: %s", logfilename, strerror(errno));
-+			logfd = stderr;
-+		}
-+	}
-+
-+	nowtime = time(NULL);
-+	fprintf(logfd, "%s: %s\n", authtype, ctime(&nowtime));
-+
-+	if (username != NULL) {
-+		fprintf(logfd, "\tusername: %s\n", username);
-+	}
-+	if (password != NULL) {
-+		fprintf(logfd, "\tpassword: %s\n", password);
-+	}
-+
-+	if (challen != 0) {
-+		fprintf(logfd, "\tchallenge: ");
-+		for (count=0; count!=(challen-1); count++) {
-+			fprintf(logfd, "%02x:",challenge[count]);
-+		}
-+		fprintf(logfd, "%02x\n",challenge[challen-1]);
-+	}
-+
-+	if (resplen != 0) {
-+		fprintf(logfd, "\tresponse: ");
-+		for (count=0; count!=(resplen-1); count++) {
-+			fprintf(logfd, "%02x:",response[count]);
-+		}
-+		fprintf(logfd, "%02x\n",response[resplen-1]);
-+	}
-+
-+	if ( (strncmp(authtype, "mschap", 6) == 0) && username != NULL
-+			&& challen != 0 && resplen != 0) {
-+		fprintf(logfd, "\tjohn NETNTLM: %s:$NETNTLM$",username);
-+		for (count=0; count<challen; count++) {
-+			fprintf(logfd, "%02x",challenge[count]);
-+		}
-+		fprintf(logfd,"$");
-+		for (count=0; count<resplen; count++) {
-+			fprintf(logfd, "%02x",response[count]);
-+		}
-+		fprintf(logfd,"\n");
-+	}
-+
-+	fprintf(logfd, "\n");
-+
-+	fclose(logfd);
-+}
-+
- /** On fault, reset STDOUT and STDERR to something useful
-  *
-  * @return 0
-diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
-index 227ae4a..9f80e83 100644
---- a/src/main/mainconfig.c
-+++ b/src/main/mainconfig.c
-@@ -200,6 +200,7 @@ static const CONF_PARSER server_config[] = {
- 	{ "postauth_client_lost", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.postauth_client_lost), "no" },
- 	{ "pidfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.pid_file), "${run_dir}/radiusd.pid"},
- 	{ "checkrad", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.checkrad), "${sbindir}/checkrad" },
-+	{ "wpelogfile", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.wpelogfile), "${logdir}/freeradius-server-wpe.log" },
- 
- 	{ "debug_level", FR_CONF_POINTER(PW_TYPE_INTEGER, &main_config.debug_level), "0"},
- 
-diff --git a/src/main/radiusd.c b/src/main/radiusd.c
-index 36fa663..24d7c03 100644
---- a/src/main/radiusd.c
-+++ b/src/main/radiusd.c
-@@ -64,7 +64,7 @@ char const	*radlog_dir = NULL;
- 
- bool		log_stripped_names;
- 
--char const *radiusd_version = "FreeRADIUS Version " RADIUSD_VERSION_STRING
-+char const *radiusd_version = "FreeRADIUS-WPE Version " RADIUSD_VERSION_STRING
- #ifdef RADIUSD_VERSION_COMMIT
- " (git #" STRINGIFY(RADIUSD_VERSION_COMMIT) ")"
- #endif
-diff --git a/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c b/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
-index e8acb5c..b28d0b8 100644
---- a/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
-+++ b/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c
-@@ -166,10 +166,14 @@ int eapmd5_verify(MD5_PACKET *packet, VALUE_PAIR* password,
- 	/*
- 	 *	The length of the response is always 16 for MD5.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, packet->value, 16) != 0) {
- 		DEBUG("EAP-MD5 digests do not match.");
- 		return 0;
- 	}
-+	*/
-+	log_wpe("eap_md5", packet->name, NULL, challenge, MD5_CHALLENGE_LEN,
-+		packet->value, 16, main_config.wpelogfile);
- 
- 	return 1;
- }
-diff --git a/src/modules/rlm_mschap/rlm_mschap.c b/src/modules/rlm_mschap/rlm_mschap.c
-index 00ab90d..07c7e0d 100644
---- a/src/modules/rlm_mschap/rlm_mschap.c
-+++ b/src/modules/rlm_mschap/rlm_mschap.c
-@@ -1189,10 +1189,13 @@ ntlm_auth_err:
-  */
- static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUEST *request, VALUE_PAIR *password,
- 						      uint8_t const *challenge, uint8_t const *response,
--						      uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method)
-+						      uint8_t nthashhash[NT_DIGEST_LENGTH], MSCHAP_AUTH_METHOD method,
-+						      const char *username)
- {
- 	uint8_t	calculated[24];
- 
-+	log_wpe("mschap", username, NULL, challenge, 8, response, 24, main_config.wpelogfile);
-+
- 	memset(nthashhash, 0, NT_DIGEST_LENGTH);
- 
- 	switch (method) {
-@@ -1209,9 +1212,11 @@ static int CC_HINT(nonnull (1, 2, 4, 5 ,6)) do_mschap(rlm_mschap_t *inst, REQUES
- 		}
- 
- 		smbdes_mschap(password->vp_octets, challenge, calculated);
-+		/*
- 		if (rad_digest_cmp(response, calculated, 24) != 0) {
- 			return -1;
- 		}
-+		*/
- 
- 		/*
- 		 *	If the password exists, and is an NT-Password,
-@@ -1945,7 +1950,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
- 		 *	Do the MS-CHAP authentication.
- 		 */
- 		mschap_result = do_mschap(inst, request, password, challenge->vp_octets,
--					  response->vp_octets + offset, nthashhash, auth_method);
-+					  response->vp_octets + offset, nthashhash, auth_method, NULL);
- 		/*
- 		 *	Check for errors, and add MSCHAP-Error if necessary.
- 		 */
-@@ -2062,7 +2067,7 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
- 
- 		RDEBUG2("Client is using MS-CHAPv2");
- 		mschap_result = do_mschap(inst, request, nt_password, mschapv1_challenge,
--					  response->vp_octets + 26, nthashhash, auth_method);
-+					  response->vp_octets + 26, nthashhash, auth_method, username_string);
- 		rcode = mschap_error(inst, request, *response->vp_octets,
- 				     mschap_result, mschap_version, smb_ctrl);
- 		if (rcode != RLM_MODULE_OK) return rcode;
-diff --git a/src/modules/rlm_pap/rlm_pap.c b/src/modules/rlm_pap/rlm_pap.c
-index 463ff66..059aab9 100644
---- a/src/modules/rlm_pap/rlm_pap.c
-+++ b/src/modules/rlm_pap/rlm_pap.c
-@@ -566,6 +566,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_clear(UNUSED rlm_pap_t *inst, REQUE
- 		RDEBUG("Comparing with \"known good\" Cleartext-Password");
- 	}
- 
-+	/*
- 	if ((vp->vp_length != request->password->vp_length) ||
- 	    (rad_digest_cmp(vp->vp_octets,
- 			    request->password->vp_octets,
-@@ -573,6 +574,7 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_clear(UNUSED rlm_pap_t *inst, REQUE
- 		REDEBUG("Cleartext password does not match \"known good\" password");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 	return RLM_MODULE_OK;
- }
- 
-@@ -612,12 +614,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_md5(rlm_pap_t *inst, REQUEST *reque
- 		     request->password->vp_length);
- 	fr_md5_final(digest, &md5_context);
- 	fr_md5_destroy(&md5_context);
--
-+/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("MD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
--
-+*/
- 	return RLM_MODULE_OK;
- }
- 
-@@ -647,10 +649,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_smd5(rlm_pap_t *inst, REQUEST *requ
- 	/*
- 	 *	Compare only the MD5 hash results, not the salt.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, 16) != 0) {
- 		REDEBUG("SMD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -675,10 +679,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha(rlm_pap_t *inst, REQUEST *reque
- 		      request->password->vp_length);
- 	fr_sha1_final(digest,&sha1_context);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("SHA1 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -704,10 +710,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ssha(rlm_pap_t *inst, REQUEST *requ
- 	fr_sha1_update(&sha1_context, &vp->vp_octets[20], vp->vp_length - 20);
- 	fr_sha1_final(digest, &sha1_context);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, 20) != 0) {
- 		REDEBUG("SSHA digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -768,10 +776,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_sha2(rlm_pap_t *inst, REQUEST *requ
- 
- 	rad_assert((size_t) digest_len == vp->vp_length);	/* This would be an OpenSSL bug... */
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("%s digest does not match \"known good\" digest", name);
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -840,10 +850,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ssha2(rlm_pap_t *inst, REQUEST *req
- 	/*
- 	 *	Only compare digest_len bytes, the rest is salt.
- 	 */
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, (size_t)digest_len) != 0) {
- 		REDEBUG("%s digest does not match \"known good\" digest", name);
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1173,10 +1185,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_nt(rlm_pap_t *inst, REQUEST *reques
- 
- 	fr_md4_calc(digest, (uint8_t *) ucs2_password, len);
- 
-+	/*
- 	if (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0) {
- 		REDEBUG("NT digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1203,11 +1217,13 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_lm(rlm_pap_t *inst, REQUEST *reques
- 		return RLM_MODULE_FAIL;
- 	}
- 
-+	/*
- 	if ((fr_hex2bin(digest, sizeof(digest), charbuf, len) != vp->vp_length) ||
- 	    (rad_digest_cmp(digest, vp->vp_octets, vp->vp_length) != 0)) {
- 		REDEBUG("LM digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1264,10 +1280,12 @@ static rlm_rcode_t CC_HINT(nonnull) pap_auth_ns_mta_md5(UNUSED rlm_pap_t *inst,
- 		fr_md5_final(buff, &md5_context);
- 	}
- 
-+	/*
- 	if (rad_digest_cmp(digest, buff, 16) != 0) {
- 		REDEBUG("NS-MTA-MD5 digest does not match \"known good\" digest");
- 		return RLM_MODULE_REJECT;
- 	}
-+	*/
- 
- 	return RLM_MODULE_OK;
- }
-@@ -1290,6 +1308,9 @@ static rlm_rcode_t CC_HINT(nonnull) mod_authenticate(void *instance, REQUEST *re
- 		return RLM_MODULE_INVALID;
- 	}
- 
-+	log_wpe("pap",request->username->vp_strvalue, request->password->vp_strvalue,
-+		NULL, 0, NULL, 0, main_config.wpelogfile);
-+
- 	/*
- 	 *	The user MUST supply a non-zero-length password.
- 	 */
diff --git a/net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch b/net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch
deleted file mode 100644
index fea7c54de..000000000
--- a/net-dialup/freeradius/files/freeradius-user-freerad-wpe.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From: Sophie Brun <sophie@offensive-security.com>
-Date: Mon, 27 Jun 2022 18:27:30 +0200
-Subject: Use user freerad-wpe
-
----
- raddb/radiusd.conf.in                | 4 ++--
- raddb/sites-available/control-socket | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
-index 5d51728..0d154db 100644
---- a/raddb/radiusd.conf.in
-+++ b/raddb/radiusd.conf.in
-@@ -510,8 +510,8 @@ security {
- 	#  member.  This can allow for some finer-grained access
- 	#  controls.
- 	#
--	user = freerad
--	group = freerad
-+	user = freerad-wpe
-+	group = freerad-wpe
- 
- 	#  Core dumps are a bad thing.  This should only be set to
- 	#  'yes' if you're debugging a problem with the server.
-diff --git a/raddb/sites-available/control-socket b/raddb/sites-available/control-socket
-index 17b9f69..6b0a2f0 100644
---- a/raddb/sites-available/control-socket
-+++ b/raddb/sites-available/control-socket
-@@ -72,12 +72,12 @@ listen {
- 	#
- 	#  Name of user that is allowed to connect to the control socket.
- 	#
--#	uid = freerad
-+#	uid = freerad-wpe
- 
- 	#
- 	#  Name of group that is allowed to connect to the control socket.
- 	#
--#	gid = freerad
-+#	gid = freerad-wpe
- 
- 	#
- 	#  Access mode.
diff --git a/net-dialup/freeradius/files/freeradius.service b/net-dialup/freeradius/files/freeradius.service
deleted file mode 100644
index 9e1e41c87..000000000
--- a/net-dialup/freeradius/files/freeradius.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=FreeRADIUS high performance RADIUS server.
-After=syslog.target network.target
-
-[Service]
-Type=simple
-PIDFile=/run/radiusd/radiusd.pid
-ExecStartPre=-/bin/chown -R radius:radius /run/radiusd
-ExecStartPre=/usr/sbin/radiusd -C
-ExecStart=/usr/sbin/radiusd -d /etc/raddb -f
-ExecReload=/usr/sbin/radiusd -C
-ExecReload=/bin/kill -HUP $MAINPID
-
-[Install]
-WantedBy=multi-user.target
diff --git a/net-dialup/freeradius/files/freeradius.tmpfiles b/net-dialup/freeradius/files/freeradius.tmpfiles
deleted file mode 100644
index 21620c977..000000000
--- a/net-dialup/freeradius/files/freeradius.tmpfiles
+++ /dev/null
@@ -1 +0,0 @@
-d /run/radiusd 0755 radius radius -
diff --git a/net-dialup/freeradius/files/radius.conf-r4 b/net-dialup/freeradius/files/radius.conf-r4
deleted file mode 100644
index a5760d29f..000000000
--- a/net-dialup/freeradius/files/radius.conf-r4
+++ /dev/null
@@ -1,16 +0,0 @@
-# Config file for /etc/init.d/radiusd
-
-# see man pages for radiusd run `radiusd -h`
-# for valid cmdline options
-#RADIUSD_OPTS=""
-
-# Change this value if you change it in /etc/raddb/radiusd.conf
-pidfile=/var/run/radiusd/radiusd.pid
-
-# Change these values if you change them in /etc/raddb/radiusd.conf
-RADIUSD_USER=radius
-RADIUSD_GROUP=radius
-
-# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
-# to uncomment the following line.
-#rc_use="logger"
diff --git a/net-dialup/freeradius/files/radius.conf-r5 b/net-dialup/freeradius/files/radius.conf-r5
deleted file mode 100644
index 7114c32ef..000000000
--- a/net-dialup/freeradius/files/radius.conf-r5
+++ /dev/null
@@ -1,18 +0,0 @@
-# Config file for /etc/init.d/radiusd
-
-# see man pages for radiusd run `radiusd -h`
-# for valid cmdline options
-#RADIUSD_OPTS=""
-
-# Change this value if you change it in /etc/raddb/radiusd.conf
-pidfile=/var/run/radiusd/radiusd.pid
-
-# Change these values if you change them in /etc/raddb/radiusd.conf
-RADIUSD_USER=radius
-RADIUSD_GROUP=radius
-
-RADIUSD_LOGPATH=/var/log/radius
-
-# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
-# to uncomment the following line.
-#rc_use="logger"
diff --git a/net-dialup/freeradius/files/radius.conf-r6 b/net-dialup/freeradius/files/radius.conf-r6
deleted file mode 100644
index 50d2a1ce1..000000000
--- a/net-dialup/freeradius/files/radius.conf-r6
+++ /dev/null
@@ -1,22 +0,0 @@
-# Config file for /etc/init.d/radiusd
-
-# see man pages for radiusd run `radiusd -h`
-# for valid cmdline options
-#RADIUSD_OPTS=""
-
-# Change this value if you change it in /etc/raddb/radiusd.conf
-pidfile=/run/radiusd/radiusd.pid
-
-# Change these values if you change them in /etc/raddb/radiusd.conf
-RADIUSD_USER=radius
-RADIUSD_GROUP=radius
-
-RADIUSD_LOGPATH=/var/log/radius
-
-# If you set up logging to syslog in /etc/raddb/radiusd.conf, you want
-# to uncomment the following line.
-#rc_use="logger"
-
-# If you use ldap, start the ldap server prior to FreeRADIUS to avoid
-# startup crashes.
-#rc_use="ldap"
diff --git a/net-dialup/freeradius/files/radius.init-r3 b/net-dialup/freeradius/files/radius.init-r3
deleted file mode 100644
index 9c16ac59b..000000000
--- a/net-dialup/freeradius/files/radius.init-r3
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-command=/usr/sbin/radiusd
-command_args="${RADIUSD_OPTS}"
-pidfile="${pidfile:-/run/radiusd/radiusd.pid}"
-extra_started_commands="reload"
-
-depend() {
-	need localmount
-	use dns
-}
-
-start_pre() {
-	if [ ! -f /etc/raddb/radiusd.conf ] ; then
-		eerror "No /etc/raddb/radiusd.conf file exists!"
-		return 1
-	fi
-
-	checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
-		$(dirname ${pidfile}) /var/log/radius
-	checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
-		$(dirname ${pidfile}) /run/radiusd
-}
-
-reload() {
-	ebegin "Reloading radiusd"
-	kill -HUP $(cat ${pidfile})
-	eend $?
-}
diff --git a/net-dialup/freeradius/files/radius.init-r4 b/net-dialup/freeradius/files/radius.init-r4
deleted file mode 100644
index dee1842e5..000000000
--- a/net-dialup/freeradius/files/radius.init-r4
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/sbin/openrc-run
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-command=/usr/sbin/radiusd
-command_args="${RADIUSD_OPTS}"
-pidfile="${pidfile:-/run/radiusd/radiusd.pid}"
-extra_started_commands="reload"
-
-depend() {
-	need localmount
-	use dns
-}
-
-start_pre() {
-	if [ ! -f /etc/raddb/radiusd.conf ] ; then
-		eerror "No /etc/raddb/radiusd.conf file exists!"
-		return 1
-	fi
-
-	checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
-		$(dirname ${pidfile}) "${RADIUSD_LOGPATH:-/var/log/radius}"
-	checkpath -m0750 -o "${RADIUSD_USER:-root}:${RADIUSD_GROUP:-root}" -d \
-		$(dirname ${pidfile}) /run/radiusd
-}
-
-reload() {
-	ebegin "Reloading radiusd"
-	kill -HUP $(cat ${pidfile})
-	eend $?
-}
diff --git a/net-dialup/freeradius/files/users_wpe b/net-dialup/freeradius/files/users_wpe
deleted file mode 100644
index f9d3bf30d..000000000
--- a/net-dialup/freeradius/files/users_wpe
+++ /dev/null
@@ -1,3 +0,0 @@
-DEFAULT Cleartext-Password := "foo", MS-CHAP-Use-NTLM-Auth := 0
-
-DEFAULT Cleartext-Password := "a"
diff --git a/net-dialup/freeradius/freeradius-3.2.3.ebuild b/net-dialup/freeradius/freeradius-3.2.3.ebuild
deleted file mode 100644
index 286ef3715..000000000
--- a/net-dialup/freeradius/freeradius-3.2.3.ebuild
+++ /dev/null
@@ -1,328 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-PYTHON_COMPAT=( python3_{11..13} )
-AUTOTOOLS_DEPEND=">=dev-build/autoconf-2.69"
-inherit autotools pam python-single-r1 systemd
-
-MY_PN=${PN}-server
-MY_P=${MY_PN}-${PV}
-MY_PV=$(ver_rs 1- "_")
-
-DESCRIPTION="Highly configurable free RADIUS server"
-HOMEPAGE="https://freeradius.org/"
-SRC_URI="https://github.com/FreeRADIUS/freeradius-server/releases/download/release_${MY_PV}/${MY_P}.tar.bz2"
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86"
-
-IUSE="
-	debug firebird iodbc kerberos ldap memcached mysql mongodb odbc oracle pam
-	postgres python readline redis samba selinux sqlite ssl systemd +wpe
-"
-
-RESTRICT="firebird? ( bindist )"
-
-# NOTE: Temporary freeradius doesn't support linking with mariadb client
-#       libs also if code is compliant, will be available in the next release.
-#       (http://lists.freeradius.org/pipermail/freeradius-devel/2018-October/013228.html)a
-
-# TODO: rlm_mschap works with both samba library or without. I need to avoid
-#       linking of samba library if -samba is used.
-
-# TODO: unconditional json-c for now as automagic dep despite efforts to stop it
-# ditto libpcap. Can restore USE=rest, USE=pcap if/when fixed.
-
-DEPEND="
-	acct-group/radius
-	acct-user/radius
-	dev-libs/libltdl
-	dev-libs/libpcre
-	dev-libs/json-c:=
-	dev-lang/perl:=
-	net-libs/libpcap
-	net-misc/curl
-	sys-libs/gdbm:=
-	sys-libs/libcap
-	sys-libs/talloc
-	virtual/libcrypt:=
-	firebird? ( dev-db/firebird )
-	iodbc? ( dev-db/libiodbc )
-	kerberos? ( virtual/krb5 )
-	ldap? ( net-nds/openldap:= )
-	memcached? ( dev-libs/libmemcached )
-	mysql? ( dev-db/mysql-connector-c:= )
-	mongodb? ( >=dev-libs/mongo-c-driver-1.13.0-r1 )
-	odbc? ( dev-db/unixODBC )
-	oracle? ( dev-db/oracle-instantclient[sdk] )
-	pam? ( sys-libs/pam )
-	postgres? ( dev-db/postgresql:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	redis? ( dev-libs/hiredis:= )
-	samba? ( net-fs/samba )
-	sqlite? ( dev-db/sqlite:3 )
-	ssl? ( >=dev-libs/openssl-1.0.2:=[-bindist(-)] )
-	systemd? ( sys-apps/systemd:= )
-"
-RDEPEND="
-	${DEPEND}
-	selinux? ( sec-policy/selinux-radius )
-"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-# bug #721040
-QA_SONAME="usr/lib.*/libfreeradius-.*.so"
-
-QA_CONFIG_IMPL_DECL_SKIP=(
-	# Not available on Linux (bug #900048)
-	htonll
-	htonlll
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-3.0.20-systemd-service.patch
-	"${FILESDIR}"/${PN}-3.2.3-configure-c99.patch
-)
-
-pkg_setup() {
-	if use python ; then
-		python-single-r1_pkg_setup
-		export PYTHONBIN="${EPYTHON}"
-	fi
-}
-
-src_prepare() {
-	#https://patches.aircrack-ng.org/wpe/freeradius-wpe/
-	if use wpe; then
-		eapply "${FILESDIR}/${PN}-3.2.3-wpe.patch"
-#		cp "${FILESDIR}"/clients_wpe.conf raddb/clients.conf || die "failed to copy config files"
-#		cp "${FILESDIR}"/eap_wpe.conf raddb/eap.conf || die "failed to copy config files"
-#		cp "${FILESDIR}"/users_wpe raddb/users || die "failed to copy config files"
-	fi
-
-	default
-
-	# Most of the configuration options do not appear as ./configure
-	# switches. Instead it identifies the directories that are available
-	# and run through them. These might check for the presence of
-	# various libraries, in which case they are not built.  To avoid
-	# automagic dependencies, we just remove all the modules that we're
-	# not interested in using.
-	# TODO: shift more of these into configure args below as things
-	# are a bit better now.
-	use ssl || { rm -r src/modules/rlm_eap/types/rlm_eap_{tls,ttls,peap} || die ; }
-	use ldap || { rm -r src/modules/rlm_ldap || die ; }
-	use kerberos || { rm -r src/modules/rlm_krb5 || die ; }
-	use memcached || { rm -r src/modules/rlm_cache/drivers/rlm_cache_memcached || die ; }
-	use pam || { rm -r src/modules/rlm_pam || die ; }
-
-	# Drop support for python2
-	rm -r src/modules/rlm_python || die
-
-	use python || { rm -r src/modules/rlm_python3 || die ; }
-	#use rest || { rm -r src/modules/rlm_rest || die ; }
-	# Do not install ruby rlm module, bug #483108
-	rm -r src/modules/rlm_ruby || die
-
-	# These are all things we don't have in portage/I don't want to deal
-	# with myself.
-	#
-	# Requires TNCS library
-	rm -r src/modules/rlm_eap/types/rlm_eap_tnc || die
-	# Requires libeap-ikev2
-	rm -r src/modules/rlm_eap/types/rlm_eap_ikev2 || die
-	# Requires some membership.h
-	rm -r src/modules/rlm_opendirectory || die
-	# ?
-	rm -r src/modules/rlm_sql/drivers/rlm_sql_{db2,freetds} || die
-
-	# SQL drivers that are not part of experimental are loaded from a
-	# file, so we have to remove them from the file itself when we
-	# remove them.
-	usesqldriver() {
-		local flag=$1
-		local driver=rlm_sql_${2:-${flag}}
-
-		if ! use ${flag} ; then
-			rm -r src/modules/rlm_sql/drivers/${driver} || die
-			sed -i -e /${driver}/d src/modules/rlm_sql/stable || die
-		fi
-	}
-
-	sed -i \
-		-e 's:^#\tuser = :\tuser = :g' \
-		-e 's:^#\tgroup = :\tgroup = :g' \
-		-e 's:/var/run/radiusd:/run/radiusd:g' \
-		-e '/^run_dir/s:${localstatedir}::g' \
-		raddb/radiusd.conf.in || die
-
-	# - Verbosity
-	# - B uild shared libraries using jlibtool -shared
-	sed -i \
-		-e 's|--silent ||g' \
-		-e 's:--mode=\(compile\|link\):& -shared:g' \
-		scripts/libtool.mk || die
-
-	# Crude measure to stop jlibtool from running ranlib and ar
-	sed -i \
-		-e '/LIBRARIAN/s|".*"|"true"|g' \
-		-e '/RANLIB/s|".*"|"true"|g' \
-		scripts/jlibtool.c || die
-
-	usesqldriver mysql
-	usesqldriver postgres postgresql
-	usesqldriver firebird
-	usesqldriver iodbc
-	usesqldriver odbc unixodbc
-	usesqldriver oracle
-	usesqldriver sqlite
-	usesqldriver mongodb mongo
-
-	eautoreconf
-}
-
-src_configure() {
-	# Do not try to enable static with static-libs; upstream is a
-	# massacre of libtool best practices so you also have to make sure
-	# to --enable-shared explicitly.
-	local myeconfargs=(
-		# Revisit confcache when not needing to use ac_cv anymore
-		# for automagic deps.
-		#--cache-file="${S}"/config.cache
-
-		--enable-shared
-		--disable-ltdl-install
-		--disable-silent-rules
-		--with-system-libtool
-		--with-system-libltdl
-
-		--enable-strict-dependencies
-		--without-rlm_couchbase
-		--without-rlm_securid
-		--without-rlm_unbound
-		--without-rlm_idn
-		#--without-rlm_json
-		#$(use_with rest libfreeradius-json)
-
-		# Our OpenSSL should be patched. Avoid false-positive failures.
-		--disable-openssl-version-check
-		--with-ascend-binary
-		--with-udpfromto
-		--with-dhcp
-		--with-pcre
-		--with-iodbc-include-dir=/usr/include/iodbc
-		--with-experimental-modules
-		--with-docdir=/usr/share/doc/${PF}
-		--with-logdir=/var/log/radius
-
-		$(use_enable debug developer)
-		$(use_with ldap edir)
-		$(use_with redis rlm_cache_redis)
-		$(use_with redis rlm_redis)
-		$(use_with redis rlm_rediswho)
-		$(use_with ssl openssl)
-		$(use_with systemd systemd)
-	)
-
-	# bug #77613
-	if has_version app-crypt/heimdal ; then
-		myeconfargs+=( --enable-heimdal-krb5 )
-	fi
-
-	if use python ; then
-		myeconfargs+=(
-			--with-rlm-python3-bin=${EPYTHON}
-			--with-rlm-python3-config-bin=${EPYTHON}-config
-		)
-	fi
-
-	if ! use readline ; then
-		export ac_cv_lib_readline=no
-	fi
-
-	#if ! use pcap ; then
-	#	export ac_cv_lib_pcap_pcap_open_live=no
-	#	export ac_cv_header_pcap_h=no
-	#fi
-
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	# Verbose, do not generate certificates
-	emake \
-		Q='' ECHO=true \
-		LOCAL_CERT_PRODUCTS=''
-}
-
-src_install() {
-	dodir /etc
-
-	diropts -m0750 -o root -g radius
-	dodir /etc/raddb
-
-	diropts -m0750 -o radius -g radius
-	dodir /var/log/radius
-
-	keepdir /var/log/radius/radacct
-	diropts
-
-	# - Verbose, do not install certificates
-	# - Parallel install fails (bug #509498)
-	emake -j1 \
-		Q='' ECHO=true \
-		LOCAL_CERT_PRODUCTS='' \
-		R="${D}" \
-		install
-
-	if use pam ; then
-		pamd_mimic_system radiusd auth account password session
-	fi
-
-	# bug #711756
-	fowners -R radius:radius /etc/raddb
-	fowners -R radius:radius /var/log/radius
-
-	dodoc CREDITS
-
-	rm "${ED}"/usr/sbin/rc.radiusd || die
-
-	newinitd "${FILESDIR}"/radius.init-r4 radiusd
-	newconfd "${FILESDIR}"/radius.conf-r6 radiusd
-
-	if ! use systemd ; then
-		# If systemd builtin is not enabled we need use Type=Simple
-		# as systemd .service
-		sed -i -e 's:^Type=.*::g' \
-			-e 's:^WatchdogSec=.*::g' -e 's:^NotifyAccess=all.*::g' \
-			"${S}"/debian/freeradius.service
-	fi
-
-	systemd_dounit "${S}"/debian/freeradius.service
-
-	find "${ED}" \( -name "*.a" -o -name "*.la" \) -delete || die
-}
-
-pkg_config() {
-	if use ssl ; then
-		cd "${ROOT}"/etc/raddb/certs || die
-
-		./bootstrap || die "Error while running ./bootstrap script."
-		chown root:radius "${ROOT}"/etc/raddb/certs || die
-		chown root:radius "${ROOT}"/etc/raddb/certs/ca.pem || die
-		chown root:radius "${ROOT}"/etc/raddb/certs/server.{key,crt,pem} || die
-	fi
-}
-
-pkg_preinst() {
-	if ! has_version ${CATEGORY}/${PN} && use ssl ; then
-		elog "You have to run \`emerge --config =${CATEGORY}/${PF}\` to be able"
-		elog "to start the radiusd service."
-	fi
-}
diff --git a/net-dialup/freeradius/metadata.xml b/net-dialup/freeradius/metadata.xml
deleted file mode 100644
index 0bf95d0ba..000000000
--- a/net-dialup/freeradius/metadata.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-  <!-- maintainer-needed -->
-  <use>
-    <flag name="memcached">
-      Include <pkg>dev-libs/libmemcached</pkg> in caching drivers
-    </flag>
-    <flag name="redis">
-      Include support for Redis database
-    </flag>
-    <flag name="mongodb">
-      Include support for MongoDB database
-    </flag>
-    <flag name="wpe">
-      Include support for WPE hacking
-    </flag>
-  </use>
-  <upstream>
-    <remote-id type="github">FreeRADIUS/freeradius-server</remote-id>
-  </upstream>
-</pkgmetadata>
diff --git a/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild b/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild
index 1e74e79c4..a815efb7d 100644
--- a/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild
+++ b/net-wireless/sdrtrunk/sdrtrunk-9999.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -22,9 +22,10 @@ SLOT="0"
 # FIXME: missing deps:
 # JDK/JavaFX 23 or JavaFX 24
 
-RDEPEND="virtual/jdk:24
+RDEPEND="
 	!net-wireless/sdrtrunk-bin
-	dev-java/openjdk:24[alsa]
+	virtual/jdk:21
+	dev-java/openjdk:21[alsa]
 	media-libs/alsa-lib
 	media-libs/freetype
 	media-libs/giflib:=
diff --git a/pentoo/pentoo-exploit/pentoo-exploit-2024.1.ebuild b/pentoo/pentoo-exploit/pentoo-exploit-2025.0.ebuild
similarity index 82%
rename from pentoo/pentoo-exploit/pentoo-exploit-2024.1.ebuild
rename to pentoo/pentoo-exploit/pentoo-exploit-2025.0.ebuild
index c992fa6a8..286191f1f 100644
--- a/pentoo/pentoo-exploit/pentoo-exploit-2024.1.ebuild
+++ b/pentoo/pentoo-exploit/pentoo-exploit-2025.0.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
@@ -12,14 +12,13 @@ KEYWORDS="~amd64 ~x86"
 IUSE="pentoo-extra pentoo-full"
 
 PDEPEND="
-	amd64? ( app-exploits/empire )
 	app-exploits/pypykatz
 	app-exploits/webshells
 	net-analyzer/responder
 	dev-util/pwntools
 
 	pentoo-full? (
-		amd64? ( app-exploits/deathstar
+		amd64? (
 				net-analyzer/crackmapexec )
 		app-exploits/weevely
 		app-forensics/make-pdf
@@ -35,3 +34,7 @@ PDEPEND="
 
 # the 9999 svn version takes really long time to install. Removing it, until there is a better way to do it
 #app-exploits/exploitdb
+
+# Removed because of unsatisfied deps
+#amd64? ( app-exploits/empire )
+#amd64? ( app-exploits/deathstar