[gentoo-commits] repo/gentoo:master commit in: dev-libs/openssl/files/, dev-libs/openssl/

["Lars Wendler" <polynomial-c@gentoo.org>]

commit:     246f6b0590667adffa8967d9ba41bc993119a553
Author:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
AuthorDate: Mon Oct 31 07:10:08 2016 +0000
Commit:     Lars Wendler <polynomial-c <AT> gentoo <DOT> org>
CommitDate: Mon Oct 31 07:10:08 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=246f6b05

dev-libs/openssl: Removed vulnerable versions.

Package-Manager: portage-2.3.2
Signed-off-by: Lars Wendler <polynomial-c <AT> gentoo.org>

 dev-libs/openssl/Manifest                          |   2 -
 .../openssl/files/openssl-1.0.0d-windres.patch     |  76 -----
 .../files/openssl-1.0.2g-parallel-build.patch      | 318 ---------------------
 .../files/openssl-1.0.2h-CVE-2016-2177.patch       | 279 ------------------
 .../files/openssl-1.0.2h-CVE-2016-2178.patch       |  28 --
 dev-libs/openssl/openssl-1.0.2h-r2.ebuild          | 254 ----------------
 dev-libs/openssl/openssl-1.0.2i.ebuild             | 249 ----------------
 7 files changed, 1206 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 4d20371..3e6411e 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,5 +1,3 @@
 DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
-DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6
-DIST openssl-1.0.2i.tar.gz 5308232 SHA256 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f SHA512 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3 WHIRLPOOL ba1a4513aaa1de81e36912acfe0b6cf8e0acf7cc71d32b127b5e54eb2f6fc6ce63f4f61e9fc99fecc9e037cdccc496b9d15ea75b594b0fd8721b4478eab1f31d
 DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
 DIST openssl-1.1.0b.tar.gz 5162355 SHA256 a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 SHA512 b6d66261427f1acc049bf5469a0dc668490e752c2ba4802481809e7e35367213eca17ac9fdc3f23ed5f7a53d303abca78b13a48b169f154043199f2680ccf1a4 WHIRLPOOL bc926b2839f2e85751480ac0a6306bd37ca1ac12759b78654fba6861517bb9979245b95676a60900eab9257334ecf2e1b7d9e406c39a6075054a93ffc1f7a76a

diff --git a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
deleted file mode 100644
index 0b360d2..00000000
--- a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-URL: http://rt.openssl.org/Ticket/Display.html?id=2558&user=guest&pass=guest
-Subject: make windres controllable via build env var settings
-
-atm, the windres code in openssl is only usable via the cross-compile prefix 
-option unlike all the other build tools. so add support for the standard $RC 
-/ $WINDRES env vars as well.
-
-Index: Configure
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v
-retrieving revision 1.621.2.40
-diff -u -p -r1.621.2.40 Configure
---- Configure	30 Nov 2010 22:19:26 -0000	1.621.2.40
-+++ Configure	4 Jul 2011 23:12:32 -0000
-@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar
- my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
- my $ar = $ENV{'AR'} || "ar";
- my $arflags = $fields[$idx_arflags];
-+my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
- my $multilib = $fields[$idx_multilib];
- 
- # if $prefix/lib$multilib is not an existing directory, then
-@@ -1511,12 +1512,14 @@ while (<IN>)
- 		s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
- 		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
- 		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
-+		s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/;
- 		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
- 		}
- 	else	{
- 		s/^CC=.*$/CC= $cc/;
- 		s/^AR=\s*ar/AR= $ar/;
- 		s/^RANLIB=.*/RANLIB= $ranlib/;
-+		s/^WINDRES=.*/WINDRES= $windres/;
- 		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
- 		}
- 	s/^CFLAG=.*$/CFLAG= $cflags/;
-Index: Makefile.org
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v
-retrieving revision 1.295.2.10
-diff -u -p -r1.295.2.10 Makefile.org
---- Makefile.org	27 Jan 2010 16:06:58 -0000	1.295.2.10
-+++ Makefile.org	4 Jul 2011 23:13:08 -0000
-@@ -66,6 +66,7 @@ EXE_EXT= 
- ARFLAGS=
- AR=ar $(ARFLAGS) r
- RANLIB= ranlib
-+WINDRES= windres
- NM= nm
- PERL= perl
- TAR= tar
-@@ -180,6 +181,7 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESS
- 		CC='$(CC)' CFLAG='$(CFLAG)' 			\
- 		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
- 		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
-+		WINDRES='$(WINDRES)'				\
- 		CROSS_COMPILE='$(CROSS_COMPILE)'	\
- 		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
- 		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
-Index: Makefile.shared
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v
-retrieving revision 1.72.2.4
-diff -u -p -r1.72.2.4 Makefile.shared
---- Makefile.shared	21 Aug 2010 11:36:49 -0000	1.72.2.4
-+++ Makefile.shared	4 Jul 2011 23:13:52 -0000
-@@ -293,7 +293,7 @@ link_a.cygwin:
- 	fi; \
- 	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
- 	$(PERL) util/mkrc.pl $$dll_name | \
--		$(CROSS_COMPILE)windres -o rc.o; \
-+		$(WINDRES) -o rc.o; \
- 	extras="$$extras rc.o"; \
- 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \

diff --git a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
deleted file mode 100644
index 3582810..00000000
--- a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
+++ /dev/null
@@ -1,318 +0,0 @@
---- openssl-1.0.2g/crypto/Makefile
-+++ openssl-1.0.2g/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2g/engines/Makefile
-+++ openssl-1.0.2g/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- openssl-1.0.2g/Makefile.org
-+++ openssl-1.0.2g/Makefile.org
-@@ -279,17 +279,17 @@
- build_libssl: build_ssl libssl.pc
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -544,7 +544,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2g/Makefile.shared
-+++ openssl-1.0.2g/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2g/test/Makefile
-+++ openssl-1.0.2g/test/Makefile
-@@ -139,7 +139,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -421,130 +421,130 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
--	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
- 
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
--	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
- 
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
--	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
-+	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -557,7 +557,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 

diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
deleted file mode 100644
index ca934c2..00000000
--- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Thu, 5 May 2016 11:10:26 +0100
-Subject: [PATCH] Avoid some undefined pointer arithmetic
-
-A common idiom in the codebase is:
-
-if (p + len > limit)
-{
-    return; /* Too long */
-}
-
-Where "p" points to some malloc'd data of SIZE bytes and
-limit == p + SIZE
-
-"len" here could be from some externally supplied data (e.g. from a TLS
-message).
-
-The rules of C pointer arithmetic are such that "p + len" is only well
-defined where len <= SIZE. Therefore the above idiom is actually
-undefined behaviour.
-
-For example this could cause problems if some malloc implementation
-provides an address for "p" such that "p + len" actually overflows for
-values of len that are too big and therefore p + len < limit!
-
-Issue reported by Guido Vranken.
-
-CVE-2016-2177
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- ssl/s3_srvr.c  | 14 +++++++-------
- ssl/ssl_sess.c |  2 +-
- ssl/t1_lib.c   | 56 ++++++++++++++++++++++++++++++--------------------------
- 3 files changed, 38 insertions(+), 34 deletions(-)
-
-diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
-index ab28702..ab7f690 100644
---- a/ssl/s3_srvr.c
-+++ b/ssl/s3_srvr.c
-@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
- 
-         session_length = *(p + SSL3_RANDOM_SIZE);
- 
--        if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
-+        if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
-             al = SSL_AD_DECODE_ERROR;
-             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-             goto f_err;
-@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
-     /* get the session-id */
-     j = *(p++);
- 
--    if (p + j > d + n) {
-+    if ((d + n) - p < j) {
-         al = SSL_AD_DECODE_ERROR;
-         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-         goto f_err;
-@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
- 
-     if (SSL_IS_DTLS(s)) {
-         /* cookie stuff */
--        if (p + 1 > d + n) {
-+        if ((d + n) - p < 1) {
-             al = SSL_AD_DECODE_ERROR;
-             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-             goto f_err;
-         }
-         cookie_len = *(p++);
- 
--        if (p + cookie_len > d + n) {
-+        if ((d + n ) - p < cookie_len) {
-             al = SSL_AD_DECODE_ERROR;
-             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-             goto f_err;
-@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
-         }
-     }
- 
--    if (p + 2 > d + n) {
-+    if ((d + n ) - p < 2) {
-         al = SSL_AD_DECODE_ERROR;
-         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
-         goto f_err;
-@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
-     }
- 
-     /* i bytes of cipher data + 1 byte for compression length later */
--    if ((p + i + 1) > (d + n)) {
-+    if ((d + n) - p < i + 1) {
-         /* not enough data */
-         al = SSL_AD_DECODE_ERROR;
-         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
- 
-     /* compression */
-     i = *(p++);
--    if ((p + i) > (d + n)) {
-+    if ((d + n) - p < i) {
-         /* not enough data */
-         al = SSL_AD_DECODE_ERROR;
-         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
-diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
-index b182998..54ee783 100644
---- a/ssl/ssl_sess.c
-+++ b/ssl/ssl_sess.c
-@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
-     int r;
- #endif
- 
--    if (session_id + len > limit) {
-+    if (limit - session_id < len) {
-         fatal = 1;
-         goto err;
-     }
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index fb64607..cdac011 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
-         0x02, 0x03,             /* SHA-1/ECDSA */
-     };
- 
--    if (data >= (limit - 2))
-+    if (limit - data <= 2)
-         return;
-     data += 2;
- 
--    if (data > (limit - 4))
-+    if (limit - data < 4)
-         return;
-     n2s(data, type);
-     n2s(data, size);
-@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
-     if (type != TLSEXT_TYPE_server_name)
-         return;
- 
--    if (data + size > limit)
-+    if (limit - data < size)
-         return;
-     data += size;
- 
-@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
-         const size_t len1 = sizeof(kSafariExtensionsBlock);
-         const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
- 
--        if (data + len1 + len2 != limit)
-+        if (limit - data != (int)(len1 + len2))
-             return;
-         if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
-             return;
-@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
-     } else {
-         const size_t len = sizeof(kSafariExtensionsBlock);
- 
--        if (data + len != limit)
-+        if (limit - data != (int)(len))
-             return;
-         if (memcmp(data, kSafariExtensionsBlock, len) != 0)
-             return;
-@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
-     if (data == limit)
-         goto ri_check;
- 
--    if (data > (limit - 2))
-+    if (limit - data < 2)
-         goto err;
- 
-     n2s(data, len);
- 
--    if (data + len != limit)
-+    if (limit - data != len)
-         goto err;
- 
--    while (data <= (limit - 4)) {
-+    while (limit - data >= 4) {
-         n2s(data, type);
-         n2s(data, size);
- 
--        if (data + size > (limit))
-+        if (limit - data < size)
-             goto err;
- # if 0
-         fprintf(stderr, "Received extension type %d size %d\n", type, size);
-@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
-     if (s->hit || s->cert->srv_ext.meths_count == 0)
-         return 1;
- 
--    if (data >= limit - 2)
-+    if (limit - data <= 2)
-         return 1;
-     n2s(data, len);
- 
--    if (data > limit - len)
-+    if (limit - data < len)
-         return 1;
- 
--    while (data <= limit - 4) {
-+    while (limit - data >= 4) {
-         n2s(data, type);
-         n2s(data, size);
- 
--        if (data + size > limit)
-+        if (limit - data < size)
-             return 1;
-         if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
-             return 0;
-@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
-                              SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
- # endif
- 
--    if (data >= (d + n - 2))
-+    if ((d + n) - data <= 2)
-         goto ri_check;
- 
-     n2s(data, length);
--    if (data + length != d + n) {
-+    if ((d + n) - data != length) {
-         *al = SSL_AD_DECODE_ERROR;
-         return 0;
-     }
- 
--    while (data <= (d + n - 4)) {
-+    while ((d + n) - data >= 4) {
-         n2s(data, type);
-         n2s(data, size);
- 
--        if (data + size > (d + n))
-+        if ((d + n) - data < size)
-             goto ri_check;
- 
-         if (s->tlsext_debug_cb)
-@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
-     /* Skip past DTLS cookie */
-     if (SSL_IS_DTLS(s)) {
-         i = *(p++);
--        p += i;
--        if (p >= limit)
-+
-+        if (limit - p <= i)
-             return -1;
-+
-+        p += i;
-     }
-     /* Skip past cipher list */
-     n2s(p, i);
--    p += i;
--    if (p >= limit)
-+    if (limit - p <= i)
-         return -1;
-+    p += i;
-+
-     /* Skip past compression algorithm list */
-     i = *(p++);
--    p += i;
--    if (p > limit)
-+    if (limit - p < i)
-         return -1;
-+    p += i;
-+
-     /* Now at start of extensions */
--    if ((p + 2) >= limit)
-+    if (limit - p <= 2)
-         return 0;
-     n2s(p, i);
--    while ((p + 4) <= limit) {
-+    while (limit - p >= 4) {
-         unsigned short type, size;
-         n2s(p, type);
-         n2s(p, size);
--        if (p + size > limit)
-+        if (limit - p < size)
-             return 0;
-         if (type == TLSEXT_TYPE_session_ticket) {
-             int r;
--- 
-1.9.1
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch b/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
deleted file mode 100644
index a64141f..00000000
--- a/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_ossl.c;h=beb62b2ff058d3e2bde0397fbddd355e11cd457b;hp=ce1da1cd6fa121f1ae0961ac2d2e9f81de4d8c9b;hb=399944622df7bd81af62e67ea967c470534090e2;hpb=0a4c87a90c6cf6628c688868cd5f13e4b9a5f19d
-
-diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
-index ce1da1c..beb62b2 100644
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -248,9 +248,6 @@
-         if (!BN_rand_range(&k, dsa->q))
-             goto err;
-     while (BN_is_zero(&k)) ;
--    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
--        BN_set_flags(&k, BN_FLG_CONSTTIME);
--    }
- 
-     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
-         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-@@ -238,6 +234,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-     } else {
-         K = k;
-     }
-+
-+    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
-+        BN_set_flags(K, BN_FLG_CONSTTIME);
-+    }
-+
-     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
-                    dsa->method_mont_p);
-     if (!BN_mod(r, r, dsa->q, ctx))

diff --git a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild b/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
deleted file mode 100644
index 333ae66..00000000
--- a/dev-libs/openssl/openssl-1.0.2h-r2.ebuild
+++ /dev/null
@@ -1,254 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	# bugs 585142 and 585276
-	epatch "${FILESDIR}"/${P}-CVE-2016-2177.patch
-	epatch "${FILESDIR}"/${P}-CVE-2016-2178.patch
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
-		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.0.2i.ebuild b/dev-libs/openssl/openssl-1.0.2i.ebuild
deleted file mode 100644
index ce2aa66..00000000
--- a/dev-libs/openssl/openssl-1.0.2i.ebuild
+++ /dev/null
@@ -1,249 +0,0 @@
-# Copyright 1999-2016 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}