[gentoo-commits] proj/hardened-dev:musl commit in: dev-libs/openssl/files/, dev-libs/openssl/

["Anthony G. Basile" <blueness@gentoo.org>]

commit:     4f63a7552e10907b1776b1bd15ff1b5561c427b8
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Jan  6 22:31:25 2014 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Jan  6 22:35:52 2014 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=4f63a755

dev-libs/openssl: fix bump to 1.01e

---
 .../openssl/files/openssl-1.0.0d-fbsd-amd64.patch  |  12 -
 dev-libs/openssl/files/openssl-1.0.1-ipv6.patch    | 678 ---------------------
 dev-libs/openssl/openssl-1.0.1c-r99.ebuild         | 222 -------
 dev-libs/openssl/openssl-1.0.1e-r99.ebuild         |  20 +-
 4 files changed, 12 insertions(+), 920 deletions(-)

diff --git a/dev-libs/openssl/files/openssl-1.0.0d-fbsd-amd64.patch b/dev-libs/openssl/files/openssl-1.0.0d-fbsd-amd64.patch
deleted file mode 100644
index 5b27ce5..0000000
--- a/dev-libs/openssl/files/openssl-1.0.0d-fbsd-amd64.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Taken from http://rt.openssl.org/Ticket/Display.html?id=2440
-
---- crypto/sha/asm/sha512-x86_64.pl	2008-12-19 11:17:28.000000000 +0000
-+++ crypto/sha/asm/sha512-x86_64.pl	2011-01-15 23:33:13.000000000 +0000
-@@ -51,6 +51,7 @@
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
- 
-+close STDOUT;
- open STDOUT,"| $^X $xlate $flavour $output";
- 
- if ($output =~ /512/) {

diff --git a/dev-libs/openssl/files/openssl-1.0.1-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1-ipv6.patch
deleted file mode 100644
index 4955c65..0000000
--- a/dev-libs/openssl/files/openssl-1.0.1-ipv6.patch
+++ /dev/null
@@ -1,678 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051
-user/pass: guest/guest
-
-Index: apps/s_apps.h
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v
-retrieving revision 1.21.2.1
-diff -u -r1.21.2.1 s_apps.h
---- apps/s_apps.h	4 Sep 2009 17:42:04 -0000	1.21.2.1
-+++ apps/s_apps.h	28 Dec 2011 00:28:14 -0000
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
- 
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -156,7 +156,7 @@
- int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
- int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
- #endif
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-Index: apps/s_cb.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_cb.c,v
-retrieving revision 1.27.2.8.2.2
-diff -u -r1.27.2.8.2.2 s_cb.c
---- apps/s_cb.c	13 Nov 2011 13:13:13 -0000	1.27.2.8.2.2
-+++ apps/s_cb.c	28 Dec 2011 00:28:14 -0000
-Index: apps/s_client.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v
-retrieving revision 1.123.2.6.2.10
-diff -u -r1.123.2.6.2.10 s_client.c
---- apps/s_client.c	14 Dec 2011 22:18:02 -0000	1.123.2.6.2.10
-+++ apps/s_client.c	28 Dec 2011 00:28:14 -0000
-@@ -285,6 +285,9 @@
- 	{
- 	BIO_printf(bio_err,"usage: s_client args\n");
- 	BIO_printf(bio_err,"\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6             - use IPv6\n");
-+#endif
- 	BIO_printf(bio_err," -host host     - use -connect instead\n");
- 	BIO_printf(bio_err," -port port     - use -connect instead\n");
- 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -564,6 +567,7 @@
- 	int sbuf_len,sbuf_off;
- 	fd_set readfds,writefds;
- 	short port=PORT;
-+	int use_ipv4, use_ipv6;
- 	int full_log=1;
- 	char *host=SSL_HOST_NAME;
- 	char *cert_file=NULL,*key_file=NULL;
-@@ -609,7 +613,11 @@
- #endif
- 	char *sess_in = NULL;
- 	char *sess_out = NULL;
--	struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage peer;
-+#else
-+	struct sockaddr_in peer;
-+#endif
- 	int peerlen = sizeof(peer);
- 	int enable_timeouts = 0 ;
- 	long socket_mtu = 0;
-@@ -630,6 +638,8 @@
- 	meth=SSLv2_client_method();
- #endif
- 
-+	use_ipv4 = 1;
-+	use_ipv6 = 0;
- 	apps_startup();
- 	c_Pause=0;
- 	c_quiet=0;
-@@ -951,6 +961,13 @@
- 			jpake_secret = *++argv;
- 			}
- #endif
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -967,7 +984,7 @@
- 			keymatexportlen=atoi(*(++argv));
- 			if (keymatexportlen == 0) goto bad;
- 			}
--                else
-+		else
- 			{
- 			BIO_printf(bio_err,"unknown option %s\n",*argv);
- 			badop=1;
-@@ -1259,7 +1276,7 @@
- 
- re_start:
- 
--	if (init_client(&s,host,port,socket_type) == 0)
-+	if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- 		{
- 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- 		SHUTDOWN(s);
-@@ -1285,7 +1302,7 @@
- 		{
- 
- 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+		if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- 			{
- 			BIO_printf(bio_err, "getsockname:errno=%d\n",
- 				get_last_socket_error());
-@@ -2036,7 +2061,7 @@
- 	BIO_printf(bio,"Expansion: %s\n",
- 		expansion ? SSL_COMP_get_name(expansion) : "NONE");
- #endif
-- 
-+
- #ifdef SSL_DEBUG
- 	{
- 	/* Print out local port of connection: useful for debugging */
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v
-retrieving revision 1.136.2.15.2.13
-diff -u -r1.136.2.15.2.13 s_server.c
---- apps/s_server.c	27 Dec 2011 14:23:22 -0000	1.136.2.15.2.13
-+++ apps/s_server.c	28 Dec 2011 00:28:14 -0000
-@@ -558,6 +558,10 @@
- # endif
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
- #endif
-+	BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
- 	}
-@@ -943,6 +947,7 @@
- 	int state=0;
- 	const SSL_METHOD *meth=NULL;
- 	int socket_type=SOCK_STREAM;
-+	int use_ipv4, use_ipv6;
- 	ENGINE *e=NULL;
- 	char *inrand=NULL;
- 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -981,6 +986,12 @@
-   /*  #error no SSL version enabled */
- #endif
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	local_argc=argc;
- 	local_argv=argv;
- 
-@@ -1329,6 +1340,18 @@
- 			jpake_secret = *(++argv);
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -1884,9 +1907,9 @@
- 	BIO_printf(bio_s_out,"ACCEPT\n");
- 	(void)BIO_flush(bio_s_out);
- 	if (www)
--		do_server(port,socket_type,&accept_socket,www_body, context);
-+		do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
- 	else
--		do_server(port,socket_type,&accept_socket,sv_body, context);
-+		do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
- 	print_stats(bio_s_out,ctx);
- 	ret=0;
- end:
-Index: apps/s_socket.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v
-retrieving revision 1.43.2.3.2.2
-diff -u -r1.43.2.3.2.2 s_socket.c
---- apps/s_socket.c	2 Dec 2011 14:39:40 -0000	1.43.2.3.2.2
-+++ apps/s_socket.c	28 Dec 2011 00:28:14 -0000
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-@@ -234,38 +234,76 @@
- 	return(1);
- 	}
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- 	{
-+#if OPENSSL_USE_IPV6
-+	unsigned char ip[16];
-+#else
- 	unsigned char ip[4];
-+#endif
- 
--	memset(ip, '\0', sizeof ip);
--	if (!host_ip(host,&(ip[0])))
-+	if (!use_ipv4 && !use_ipv6)
- 		return 0;
--	return init_client_ip(sock,ip,port,type);
--	}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--	{
--	unsigned long addr;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		return 0;
-+#endif
-+	if (use_ipv4)
-+		if (host_ip(host,ip,AF_INET))
-+			return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+	if (use_ipv6)
-+		if (host_ip(host,ip,AF_INET6))
-+			return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+	return 0;
-+	}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+	{
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage them;
-+	struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+	struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- 	struct sockaddr_in them;
-+	struct sockaddr_in *them_in = &them;
-+#endif
-+	socklen_t addr_len;
- 	int s,i;
- 
- 	if (!ssl_sock_init()) return(0);
- 
- 	memset((char *)&them,0,sizeof(them));
--	them.sin_family=AF_INET;
--	them.sin_port=htons((unsigned short)port);
--	addr=(unsigned long)
--		((unsigned long)ip[0]<<24L)|
--		((unsigned long)ip[1]<<16L)|
--		((unsigned long)ip[2]<< 8L)|
--		((unsigned long)ip[3]);
--	them.sin_addr.s_addr=htonl(addr);
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		them_in->sin_family=AF_INET;
-+		them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+		memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+		memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+		}
-+	else
-+#if OPENSSL_USE_IPV6
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		them_in6->sin6_family=AF_INET6;
-+		them_in6->sin6_port=htons((unsigned short)port);
-+		memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+		}
-+#else
-+		return(0);
-+#endif
- 
- 	if (type == SOCK_STREAM)
--		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- 	else /* ( type == SOCK_DGRAM) */
--		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+		s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
- 			
- 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
- 
-@@ -277,29 +315,27 @@
- 		if (i < 0) { perror("keepalive"); return(0); }
- 		}
- #endif
--
--	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+	if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- 		{ closesocket(s); perror("connect"); return(0); }
- 	*sock=s;
- 	return(1);
- 	}
- 
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
- 	{
- 	int sock;
- 	char *name = NULL;
- 	int accept_socket = 0;
- 	int i;
- 
--	if (!init_server(&accept_socket,port,type)) return(0);
--
-+	if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- 	if (ret != NULL)
- 		{
- 		*ret=accept_socket;
- 		/* return(1);*/
- 		}
--  	for (;;)
--  		{
-+	for (;;)
-+		{
- 		if (type==SOCK_STREAM)
- 			{
- 			if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -322,41 +358,88 @@
- 		}
- 	}
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- 	{
- 	int ret=0;
-+	int domain;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage server;
-+	struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+	struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- 	struct sockaddr_in server;
-+	struct sockaddr_in *server_in = &server;
-+#endif
-+	socklen_t addr_len;
- 	int s= -1;
- 
-+	if (!use_ipv4 && !use_ipv6)
-+		goto err;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		goto err;
-+#endif
- 	if (!ssl_sock_init()) return(0);
- 
--	memset((char *)&server,0,sizeof(server));
--	server.sin_family=AF_INET;
--	server.sin_port=htons((unsigned short)port);
--	if (ip == NULL)
--		server.sin_addr.s_addr=INADDR_ANY;
--	else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--		memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+	domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--		memcpy(&server.sin_addr,ip,4);
-+	domain = AF_INET;
- #endif
--	
--		if (type == SOCK_STREAM)
--			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--		else /* type == SOCK_DGRAM */
--			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+	if (type == SOCK_STREAM)
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+	else /* type == SOCK_DGRAM */
-+		s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
- 
- 	if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+	{
-+	int j = 1;
-+	setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+		   (void *) &j, sizeof j);
-+	}
-+#endif
-+#if OPENSSL_USE_IPV6
-+	if ((use_ipv4 == 0) && (use_ipv6 == 1))
- 		{
--		int j = 1;
--		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--			   (void *) &j, sizeof j);
-+		const int on = 1;
-+
-+		setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		           (const void *) &on, sizeof(int));
- 		}
- #endif
--	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		memset(server_in, 0, sizeof(struct sockaddr_in));
-+		server_in->sin_family=AF_INET;
-+		server_in->sin_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+		else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+			memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+			memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+		}
-+#if OPENSSL_USE_IPV6
-+	else
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+		server_in6->sin6_family = AF_INET6;
-+		server_in6->sin6_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in6->sin6_addr = in6addr_any;
-+		else
-+			memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
-+		}
-+#endif
-+	if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- 		{
- #ifndef OPENSSL_SYS_WINDOWS
- 		perror("bind");
-@@ -375,16 +458,23 @@
- 	return(ret);
- 	}
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- 	{
--	return(init_server_long(sock, port, NULL, type));
-+	return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- 	}
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- 	{
- 	int ret;
- 	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage from;
-+	struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+	struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+	struct sockaddr_in from;
-+	struct sockaddr_in *from_in = &from;
-+#endif
- 	int len;
- /*	struct linger ling; */
- 
-@@ -431,13 +521,23 @@
- */
- 
- 	if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+	if (from.ss_family == AF_INET)
-+#else
-+	if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--	/* I should use WSAAsyncGetHostByName() under windows */
--	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--		sizeof(from.sin_addr.s_addr),AF_INET);
-+		/* I should use WSAAsyncGetHostByName() under windows */
-+		h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+		                 sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--	h1=gethostbyaddr((char *)&from.sin_addr,
--		sizeof(struct in_addr),AF_INET);
-+		h1=gethostbyaddr((char *)&from_in->sin_addr,
-+		                 sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+	else
-+		h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+		                 sizeof(struct in6_addr), AF_INET6);
- #endif
- 	if (h1 == NULL)
- 		{
-@@ -454,15 +554,23 @@
- 			}
- 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6
-+		h2=GetHostByName(*host, from.ss_family);
-+#else
-+		h2=GetHostByName(*host, from.sin_family);
-+#endif
- 		if (h2 == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			return(0);
- 			}
--		if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+		if (h2->h_addrtype != from.ss_family)
-+#else
-+		if (h2->h_addrtype != from.sin_family)
-+#endif
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
- 			return(0);
- 			}
- 		}
-@@ -477,7 +585,7 @@
- 	char *h,*p;
- 
- 	h=str;
--	p=strchr(str,':');
-+	p=strrchr(str,':');
- 	if (p == NULL)
- 		{
- 		BIO_printf(bio_err,"no port defined\n");
-@@ -485,7 +593,7 @@
- 		}
- 	*(p++)='\0';
- 
--	if ((ip != NULL) && !host_ip(str,ip))
-+	if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- 		goto err;
- 	if (host_ptr != NULL) *host_ptr=h;
- 
-@@ -496,48 +604,58 @@
- 	return(0);
- 	}
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- 	{
--	unsigned int in[4]; 
-+	unsigned int in[4];
-+	unsigned long l;
- 	int i;
- 
--	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+	if ((domain == AF_INET) &&
-+	    (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- 		{
-+		
- 		for (i=0; i<4; i++)
- 			if (in[i] > 255)
- 				{
- 				BIO_printf(bio_err,"invalid IP address\n");
- 				goto err;
- 				}
--		ip[0]=in[0];
--		ip[1]=in[1];
--		ip[2]=in[2];
--		ip[3]=in[3];
--		}
-+		l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+		memcpy(ip, &l, 4);
-+		return 1;
-+		}
-+#if OPENSSL_USE_IPV6
-+	else if ((domain == AF_INET6) &&
-+	         (inet_pton(AF_INET6, str, ip) == 1))
-+	         return 1;
-+#endif
- 	else
- 		{ /* do a gethostbyname */
- 		struct hostent *he;
- 
- 		if (!ssl_sock_init()) return(0);
- 
--		he=GetHostByName(str);
-+		he=GetHostByName(str,domain);
- 		if (he == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			goto err;
- 			}
- 		/* cast to short because of win16 winsock definition */
--		if ((short)he->h_addrtype != AF_INET)
-+		if ((short)he->h_addrtype != domain)
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- 			return(0);
- 			}
--		ip[0]=he->h_addr_list[0][0];
--		ip[1]=he->h_addr_list[0][1];
--		ip[2]=he->h_addr_list[0][2];
--		ip[3]=he->h_addr_list[0][3];
-+		if (domain == AF_INET)
-+			memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+		else
-+			memset(ip, 0, 16);
-+#endif
-+		memcpy(ip, he->h_addr_list[0], he->h_length);
-+		return 1;
- 		}
--	return(1);
- err:
- 	return(0);
- 	}
-@@ -574,7 +692,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- 	{
- 	struct hostent *ret;
- 	int i,lowi=0;
-@@ -589,14 +707,20 @@
- 			}
- 		if (ghbn_cache[i].order > 0)
- 			{
--			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+			if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+			    (ghbn_cache[i].ent.h_addrtype == domain))
- 				break;
- 			}
- 		}
- 	if (i == GHBN_NUM) /* no hit*/
- 		{
- 		ghbn_miss++;
--		ret=gethostbyname(name);
-+		if (domain == AF_INET)
-+			ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+		else
-+			ret=gethostbyname2(name, AF_INET6);
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)

diff --git a/dev-libs/openssl/openssl-1.0.1c-r99.ebuild b/dev-libs/openssl/openssl-1.0.1c-r99.ebuild
deleted file mode 100644
index 6918a7a..0000000
--- a/dev-libs/openssl/openssl-1.0.1c-r99.ebuild
+++ /dev/null
@@ -1,222 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1c.ebuild,v 1.14 2013/05/21 17:53:18 vapier Exp $
-
-EAPI="4"
-
-inherit eutils flag-o-matic toolchain-funcs multilib
-
-REV="1.7"
-DESCRIPTION="full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${P}.tar.gz
-	http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test vanilla zlib"
-
-# Have the sub-libs in RDEPEND with [static-libs] since, logically,
-# our libssl.a depends on libz.a/etc... at runtime.
-LIB_DEPEND="gmp? ( dev-libs/gmp[static-libs(+)] )
-	zlib? ( sys-libs/zlib[static-libs(+)] )
-	kerberos? ( app-crypt/mit-krb5 )"
-# The blocks are temporary just to make sure people upgrade to a
-# version that lack runtime version checking.  We'll drop them in
-# the future.
-RDEPEND="static-libs? ( ${LIB_DEPEND} )
-	!static-libs? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	!<net-misc/openssh-5.9_p1-r4
-	!<net-libs/neon-0.29.6-r1"
-DEPEND="${RDEPEND}
-	sys-apps/diffutils
-	>=dev-lang/perl-5
-	test? ( sys-devel/bc )"
-PDEPEND="app-misc/ca-certificates"
-
-src_unpack() {
-	unpack ${P}.tar.gz
-	SSL_CNF_DIR="/etc/ssl"
-	sed \
-		-e "/^DIR=/s:=.*:=${SSL_CNF_DIR}:" \
-		"${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
-		> "${WORKDIR}"/c_rehash || die #416717
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.0d-fbsd-amd64.patch #363089
-		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-		epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1c-force-termios.patch
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-	./config --test-sanity || die "I AM NOT SANE"
-}
-
-src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		enable-idea \
-		enable-mdc2 \
-		$(use_ssl !bindist rc5) \
-		enable-tlsext \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl zlib) \
-		--prefix=/usr \
-		--openssldir=${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-src_test() {
-	emake -j1 test
-}
-
-src_install() {
-	emake INSTALL_PREFIX="${D}" install
-	dobin "${WORKDIR}"/c_rehash #333117
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${D}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${D}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${D}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${D}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${D}"/etc/sandbox.d/10openssl
-
-	#diropts -m0700
-	#keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${ROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${ROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-
-	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
-}

diff --git a/dev-libs/openssl/openssl-1.0.1e-r99.ebuild b/dev-libs/openssl/openssl-1.0.1e-r99.ebuild
index 78ec202..c550dab 100644
--- a/dev-libs/openssl/openssl-1.0.1e-r99.ebuild
+++ b/dev-libs/openssl/openssl-1.0.1e-r99.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r1.ebuild,v 1.16 2013/10/15 01:53:27 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1e-r3.ebuild,v 1.1 2013/12/20 19:26:59 vapier Exp $
 
 EAPI="4"
 
@@ -14,7 +14,7 @@ SRC_URI="mirror://openssl/source/${P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="amd64"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
 
 # Have the sub-libs in RDEPEND with [static-libs] since, logically,
@@ -59,6 +59,9 @@ src_prepare() {
 		epatch "${FILESDIR}"/${PN}-1.0.1e-ipv6.patch
 		epatch "${FILESDIR}"/${P}-bad-mac-aes-ni.patch #463444
 		epatch "${FILESDIR}"/${PN}-1.0.1e-perl-5.18.patch #483820
+		epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
+		epatch "${FILESDIR}"/${P}-tls-ver-crash.patch #494816
+		epatch "${FILESDIR}"/${P}-rdrand-explicit.patch
 		epatch "${FILESDIR}"/${PN}-1.0.1c-force-termios.patch
 		epatch_user #332661
 	fi
@@ -113,12 +116,13 @@ src_configure() {
 	# See if our toolchain supports __uint128_t.  If so, it's 64bit
 	# friendly and can use the nicely optimized code paths. #460790
 	local ec_nistp_64_gcc_128
-	if ! use bindist ; then
-		echo "__uint128_t i;" > "${T}"/128.c
-		if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-			ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-		fi
-	fi
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
 
 	local sslout=$(./gentoo.config)
 	einfo "Use configuration ${sslout:-(openssl knows best)}"