public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2018-02-08 18:04 Fabian Groffen
  0 siblings, 0 replies; 8+ messages in thread
From: Fabian Groffen @ 2018-02-08 18:04 UTC (permalink / raw
  To: gentoo-commits

commit:     ed94450ee6c76aad055c5db84c02ea392650662b
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Thu Feb  8 18:04:19 2018 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Thu Feb  8 18:04:19 2018 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=ed94450e

dev-libs/openssl: sync, bug #647006

Closes: https://bugs.gentoo.org/647006
Package-Manager: Portage-2.3.18-prefix, Repoman-2.3.6

 dev-libs/openssl/Manifest                          |  11 +-
 .../files/openssl-1.1.0g-CVE-2017-3738.patch       |  77 ++++++
 dev-libs/openssl/openssl-1.0.2k.ebuild             | 267 ---------------------
 ...openssl-1.0.2l.ebuild => openssl-1.0.2n.ebuild} |  36 ++-
 ...nssl-1.1.0f.ebuild => openssl-1.1.0g-r2.ebuild} |  56 ++++-
 5 files changed, 151 insertions(+), 296 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index b15d822eca..aa1b1accb1 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,3 +1,8 @@
-DIST openssl-1.0.2k.tar.gz 5309236 BLAKE2B 97069b9c7aaab2381ae5be989caff6907cd44ab1831d84685c3421ad985889a2bbc3a462decdff9c4c158ace96975de2b9e49e4f1b9f306990c3dc0f03767dad SHA512 0d314b42352f4b1df2c40ca1094abc7e9ad684c5c35ea997efdd58204c70f22a1abcb17291820f0fff3769620a4e06906034203d31eb1a4d540df3e0db294016
-DIST openssl-1.0.2l.tar.gz 5365054 BLAKE2B 0a459a93a0013269dea79bd6df96a434b9dad95b6d98b24a48bc1b1438415c0a8de01b67166ac13a73ae65fb64131568924c3e6f945d862b7e960f05332cf097 SHA512 047d964508ad6025c79caabd8965efd2416dc026a56183d0ef4de7a0a6769ce8e0b4608a3f8393d326f6d03b26a2b067e6e0c750f35b20be190e595e8290c0e3
-DIST openssl-1.1.0f.tar.gz 5278176 SHA256 12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765 SHA512 340ab3f38c90dea346e543b58bc0eff0adede15be212ad20b7cf38718a7f94fab51996da414855c180540f7488b8bd31d8b9a0d04bb19159f735c46d8f6df22c WHIRLPOOL bb4ce1d100c5eb567de0139e4a1c0a2bb1cd308bd014704d6bb796d3fcfc16b91fe69839068944831746e0b937a6ccb234b5cea3b4911fab4283500ed380f0b6
+DIST openssl-1.0.2-patches-1.0.tar.xz 11572 BLAKE2B bdb9d2b8388f1aadf3a9274133aa8f86b0029fae1ce86d005baa39a7347657f8d4d84395b54e8ccd67944356ee197dfb527f843b4f146e305533e2ad5450721d SHA512 15234ade359a0acf001cf10c7a7fc05f54603a44c67831529c2a6eda03342f9ba1cf40664ac782b5b73c50b23ec5649fb48ccff2aea8f0df2ef634959c47e3e9
+DIST openssl-1.0.2n.tar.gz 5375802 BLAKE2B 2e04f8c3d5e2296859b8474d7e100e270f53f18a26c6d37a4cf5e01cd14f44d24d334b4e705da05d77c33b5dc91cffea0feea9f7c83c77ba16c9b6d5f5085894 SHA512 144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687
+DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
+DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
+DIST openssl-1.1.0g.tar.gz 5404748 BLAKE2B 23daf80e4143aad4654ae86f8e96042dd7328a9d1186b4922e284fcfe0f68259ea12d21c4472d92d65a7fcef21e049cf9371cc9bdad11b66a3df11286418ed42 SHA512 6c76f698fc2a4540f3977d97c889e139acf7d3f9eb85f349974175e8a7707b19743ef91c5ce32839310b6ea06ca88a03d9709ee011687b4634c5c50b5814f42a
+DIST openssl-1.1.0g_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
+DIST openssl-1.1.0g_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
+DIST openssl-1.1.0g_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch b/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
new file mode 100644
index 0000000000..4b01feb8e8
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
@@ -0,0 +1,77 @@
+From e502cc86df9dafded1694fceb3228ee34d11c11a Mon Sep 17 00:00:00 2001
+From: Andy Polyakov <appro@openssl.org>
+Date: Fri, 24 Nov 2017 11:35:50 +0100
+Subject: [PATCH] bn/asm/rsaz-avx2.pl: fix digit correction bug in
+ rsaz_1024_mul_avx2.
+
+Credit to OSS-Fuzz for finding this.
+
+CVE-2017-3738
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+---
+ crypto/bn/asm/rsaz-avx2.pl | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
+index 0c1b236ef98..46d746b7d0e 100755
+--- a/crypto/bn/asm/rsaz-avx2.pl
++++ b/crypto/bn/asm/rsaz-avx2.pl
+@@ -246,7 +246,7 @@
+ 	vmovdqu		32*8-128($ap), $ACC8
+ 
+ 	lea	192(%rsp), $tp0			# 64+128=192
+-	vpbroadcastq	.Land_mask(%rip), $AND_MASK
++	vmovdqu	.Land_mask(%rip), $AND_MASK
+ 	jmp	.LOOP_GRANDE_SQR_1024
+ 
+ .align	32
+@@ -1077,10 +1077,10 @@
+ 	vpmuludq	32*6-128($np),$Yi,$TEMP1
+ 	vpaddq		$TEMP1,$ACC6,$ACC6
+ 	vpmuludq	32*7-128($np),$Yi,$TEMP2
+-	 vpblendd	\$3, $ZERO, $ACC9, $ACC9	# correct $ACC3
++	 vpblendd	\$3, $ZERO, $ACC9, $TEMP1	# correct $ACC3
+ 	vpaddq		$TEMP2,$ACC7,$ACC7
+ 	vpmuludq	32*8-128($np),$Yi,$TEMP0
+-	 vpaddq		$ACC9, $ACC3, $ACC3		# correct $ACC3
++	 vpaddq		$TEMP1, $ACC3, $ACC3		# correct $ACC3
+ 	vpaddq		$TEMP0,$ACC8,$ACC8
+ 
+ 	mov	%rbx, %rax
+@@ -1093,7 +1093,9 @@
+ 	 vmovdqu	-8+32*2-128($ap),$TEMP2
+ 
+ 	mov	$r1, %rax
++	 vpblendd	\$0xfc, $ZERO, $ACC9, $ACC9	# correct $ACC3
+ 	imull	$n0, %eax
++	 vpaddq		$ACC9,$ACC4,$ACC4		# correct $ACC3
+ 	and	\$0x1fffffff, %eax
+ 
+ 	 imulq	16-128($ap),%rbx
+@@ -1329,15 +1331,12 @@
+ #	But as we underutilize resources, it's possible to correct in
+ #	each iteration with marginal performance loss. But then, as
+ #	we do it in each iteration, we can correct less digits, and
+-#	avoid performance penalties completely. Also note that we
+-#	correct only three digits out of four. This works because
+-#	most significant digit is subjected to less additions.
++#	avoid performance penalties completely.
+ 
+ $TEMP0 = $ACC9;
+ $TEMP3 = $Bi;
+ $TEMP4 = $Yi;
+ $code.=<<___;
+-	vpermq		\$0, $AND_MASK, $AND_MASK
+ 	vpaddq		(%rsp), $TEMP1, $ACC0
+ 
+ 	vpsrlq		\$29, $ACC0, $TEMP1
+@@ -1770,7 +1769,7 @@
+ 
+ .align	64
+ .Land_mask:
+-	.quad	0x1fffffff,0x1fffffff,0x1fffffff,-1
++	.quad	0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
+ .Lscatter_permd:
+ 	.long	0,2,4,6,7,7,7,7
+ .Lgather_permd:

diff --git a/dev-libs/openssl/openssl-1.0.2k.ebuild b/dev-libs/openssl/openssl-1.0.2k.ebuild
deleted file mode 100644
index d512d107f2..0000000000
--- a/dev-libs/openssl/openssl-1.0.2k.ebuild
+++ /dev/null
@@ -1,267 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0"
-KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-
-		# Solaris /bin/sh does not support "[ -e file ]", added by patches
-		sed -e 's/\[ -e /\[ -r /' -i Makefile.shared
-	fi
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		Makefile.org \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-
-	epatch "${FILESDIR}"/${PN}-1.0.2a-aix-soname.patch # like libtool
-	epatch "${FILESDIR}"/${PN}-0.9.8g-engines-installnames.patch
-	epatch "${FILESDIR}"/${PN}-1.0.0b-darwin-bundle-compile-fix.patch
-	epatch "${FILESDIR}"/${PN}-1.0.2-gethostbyname2-solaris.patch
-
-	# remove -arch for Darwin
-	sed -i '/^"darwin/s,-arch [^ ]\+,,g' Configure || die
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	use prefix-chain && sed -i '1s,^:$,#!/usr/bin/env perl,' Configure #141906
-	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	# https://github.com/openssl/openssl/issues/2286
-	if use ia64 ; then
-		replace-flags -g3 -g2
-		replace-flags -ggdb3 -ggdb2
-	fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		enable-tlsext \
-		$(use_ssl asm) \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl sslv2 ssl2) \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-	# rehash is needed to prep the certs/ dir; do this
-	# separately to avoid parallel build issues.
-	emake rehash
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
-	use rfc3779 && dodoc engines/ccgost/README.gost
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || find "${ED}"usr/lib* -mindepth 1 -maxdepth 1 \
-		-name "lib*.a" -not -name "lib*$(get_libname)" -delete
-
-	# create the certs directory
-	dodir ${SSL_CNF_DIR}/certs
-	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
-	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED}"/usr/share/man
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.0.2l.ebuild b/dev-libs/openssl/openssl-1.0.2n.ebuild
similarity index 90%
rename from dev-libs/openssl/openssl-1.0.2l.ebuild
rename to dev-libs/openssl/openssl-1.0.2n.ebuild
index 21850a7d25..b797b4284c 100644
--- a/dev-libs/openssl/openssl-1.0.2l.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2n.ebuild
@@ -1,14 +1,17 @@
 # Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI="5"
+EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
+PATCH_SET="openssl-1.0.2-patches-1.0"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	mirror://gentoo/${PATCH_SET}.tar.xz
+	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz"
 
 LICENSE="openssl"
 SLOT="0"
@@ -44,21 +47,14 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
-		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
-		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
-
-		epatch_user #332661
-
-		# Solaris /bin/sh does not support "[ -e file ]", added by patches
-		sed -e 's/\[ -e /\[ -r /' -i Makefile.shared
+		eapply "${WORKDIR}"/patch/*.patch
 	fi
 
+	eapply_user
+
+	# Solaris /bin/sh does not support "[ -e file ]", added by patches
+	sed -e 's/\[ -e /\[ -r /' -i Makefile.shared
+
 	# disable fips in the build
 	# make sure the man pages are suffixed #302165
 	# don't bother building man pages if they're disabled
@@ -96,13 +92,12 @@ src_prepare() {
 
 	# allow openssl to be cross-compiled
 	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config
+	chmod a+rx gentoo.config || die
 
 	append-flags -fno-strict-aliasing
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	use prefix-chain && sed -i '1s,^:$,#!/usr/bin/env perl,' Configure #141906
 	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
@@ -216,8 +211,9 @@ multilib_src_install_all() {
 	# we provide a shell version via app-misc/c_rehash
 	rm "${ED}"/usr/bin/c_rehash || die
 
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
-	dohtml -r doc/*
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
 	use rfc3779 && dodoc engines/ccgost/README.gost
 
 	# This is crappy in that the static archives are still built even

diff --git a/dev-libs/openssl/openssl-1.1.0f.ebuild b/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
similarity index 80%
rename from dev-libs/openssl/openssl-1.1.0f.ebuild
rename to dev-libs/openssl/openssl-1.1.0g-r2.ebuild
index 2ae77799e5..6401834253 100644
--- a/dev-libs/openssl/openssl-1.1.0f.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0g-r2.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=5
+EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
@@ -13,7 +13,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
 KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -27,6 +27,27 @@ DEPEND="${RDEPEND}
 	)"
 PDEPEND="app-misc/ca-certificates"
 
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f27'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
 S="${WORKDIR}/${MY_P}"
 
 MULTILIB_WRAPPED_HEADERS=(
@@ -35,9 +56,27 @@ MULTILIB_WRAPPED_HEADERS=(
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+	"${FILESDIR}"/${PN}-1.1.0g-CVE-2017-3738.patch
 )
 
 src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			epatch "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
@@ -47,11 +86,12 @@ src_prepare() {
 
 	if ! use vanilla ; then
 		epatch "${PATCHES[@]}"
-		epatch_user #332661
 	fi
 
 	epatch "${FILESDIR}"/${PN}-1.1.0f-winnt.patch # parity
 
+	eapply_user #332661
+
 	# make sure the man pages are suffixed #302165
 	# don't bother building man pages if they're disabled
 	# Make DOCDIR Gentoo compliant
@@ -134,6 +174,8 @@ multilib_src_configure() {
 	local config="Configure"
 	[[ -z ${sslout} ]] && config="config"
 
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
 	echoit \
 	./${config} \
 		${sslout} \
@@ -141,7 +183,10 @@ multilib_src_configure() {
 		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		disable-deprecated \
-		$(use_ssl !bindist ec) \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
 		enable-mdc2 \
@@ -195,7 +240,6 @@ multilib_src_install_all() {
 	rm "${ED}"/usr/bin/c_rehash || die
 
 	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-	dohtml -r doc/*
 
 	# This is crappy in that the static archives are still built even
 	# when USE=static-libs.  But this is due to a failing in the openssl


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2018-11-19 14:53 Fabian Groffen
  0 siblings, 0 replies; 8+ messages in thread
From: Fabian Groffen @ 2018-11-19 14:53 UTC (permalink / raw
  To: gentoo-commits

commit:     0d6773f8e9422113d42c128b659b273775cee6c8
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Nov 19 14:53:26 2018 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Nov 19 14:53:26 2018 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=0d6773f8

dev-libs/openssl: sync

Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>
Package-Manager: Portage-2.3.40.3-prefix, Repoman-2.3.9

 dev-libs/openssl/Manifest                          |  18 +--
 .../files/openssl-1.1.0i-CVE-2018-0734.patch       | 131 +++++++++++++++++++++
 .../files/openssl-1.1.0i-CVE-2018-0735.patch       |  44 +++++++
 .../files/openssl-1.1.1-CVE-2018-0734.patch        | 131 +++++++++++++++++++++
 .../files/openssl-1.1.1-CVE-2018-0735.patch        |  44 +++++++
 ...l-1.0.2o-r6.ebuild => openssl-1.0.2p-r1.ebuild} |  39 +++---
 ...l-1.1.0h-r2.ebuild => openssl-1.1.0i-r3.ebuild} |  12 +-
 7 files changed, 389 insertions(+), 30 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 9bd5105d08..e5ab2701a9 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,11 +1,11 @@
-DIST openssl-1.0.2-patches-1.4.tar.xz 12864 BLAKE2B ace6a782ef97b61af44988f978d089adffb06894617f9d66d3fce664c04d360b2774e1dd38c2171151fa93fe92428d405674bc2d452d520f10da426f95d09aee SHA512 d152af2841f1bf11c7f2a5ebba9a2b903fb4bcdef0468c56af0f9cc8c020adbf4490ac1a62f5bae8cbe18e379934fa997bfda1c2d49ec62365c07a0c0515a72d
-DIST openssl-1.0.2o.tar.gz 5329472 BLAKE2B 30226db49be04317da3a76cce68d5aa401decd198f92505bddb0c72a7ef6a79f3c9c06d4a816db734e2a0991ebcab8b207feced26d83639e50c821d9e76ddc45 SHA512 8a2c93657c85143e76785bb32ee836908c31a6f5f8db993fa9777acba6079e630cdddd03edbad65d1587199fc13a1507789eacf038b56eb99139c2091d9df7fd
-DIST openssl-1.0.2o_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2o_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2o_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3
+DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
+DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
 DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
-DIST openssl-1.1.0h.tar.gz 5422717 BLAKE2B 11de1468855c0bb1836fb346c8efdfedd06139a774fc4dbae1b0e95fea7a33aa39b541e3d2d27f83f2b5f4dd3846cca2356020aa6ec81793085842ab78b3a127 SHA512 fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39
-DIST openssl-1.1.0h_ec_curve.c 18393 BLAKE2B 49dca7ddbc23270e5927454925df7bb18c8d9eb58f79e3a4fbcd8b7fc22fad36e2cb54ff9b63c2beeeea15c0c075a96e4ce8d03991355419af41fa9dc2aed3ad SHA512 ee3e576825bccdf02cede4205ab92c42ae9dd3a8e75ce58617a3a5980a61d144eb3c5197d9dcd378a5d49bf34c4b2f591aa6a619fee92b7a22825d72681ab879
-DIST openssl-1.1.0h_ectest.c 29907 BLAKE2B 73dc800c1de5449f14d7753f7f7b8e672cd36bd4570e6df07f246d1d823c7dbbeef492f25cdd0ebfd693f5956732bc84c9d91fc6a22c854fe4b245ecf3890bda SHA512 90cec9d46326cb7216236811c8e963032b6fa7500117cea36f28534eb50a5ab1260c7f9a5c8c490d845236b0769576a8d97bc7471f970e9c5e70cb3408c20dae
-DIST openssl-1.1.0h_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0i.tar.gz 5453234 BLAKE2B ae6bec9c116769d98a77165b96fb7d201fe2ede8ee98e3cb68eba496cc90a5fae38dbcbb68b824c9eeacb25605aa80c3ccca9b4f00725658da3ad646834b0f9d SHA512 4a9d454031f644a3072a980f4ea20df976f6c5c58178549dfa62fd4dcf1417509e3be517d2ccb265c87688836f2993531b142fc5971bac5c41d33060057627df
+DIST openssl-1.1.0i_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
+DIST openssl-1.1.0i_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
+DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch
new file mode 100644
index 0000000000..47b082f408
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0734.patch
@@ -0,0 +1,131 @@
+CVE-2018-0734
+https://github.com/openssl/openssl/commit/415c33563528667868c3c653a612e6fc8736fd79
+https://github.com/openssl/openssl/commit/ef11e19d1365eea2b1851e6f540a0bf365d303e7
+
+--- a/crypto/dsa/dsa_ossl.c
++++ b/crypto/dsa/dsa_ossl.c
+@@ -11,6 +11,7 @@
+ 
+ #include <stdio.h>
+ #include "internal/cryptlib.h"
++#include "internal/bn_int.h"
+ #include <openssl/bn.h>
+ #include <openssl/sha.h>
+ #include "dsa_locl.h"
+@@ -25,6 +26,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+ static int dsa_init(DSA *dsa);
+ static int dsa_finish(DSA *dsa);
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx);
+ 
+ static DSA_METHOD openssl_dsa_meth = {
+     "OpenSSL DSA method",
+@@ -180,9 +183,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ {
+     BN_CTX *ctx = NULL;
+     BIGNUM *k, *kinv = NULL, *r = *rp;
+-    BIGNUM *l, *m;
++    BIGNUM *l;
+     int ret = 0;
+-    int q_bits;
++    int q_bits, q_words;
+ 
+     if (!dsa->p || !dsa->q || !dsa->g) {
+         DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+@@ -191,8 +194,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     k = BN_new();
+     l = BN_new();
+-    m = BN_new();
+-    if (k == NULL || l == NULL || m == NULL)
++    if (k == NULL || l == NULL)
+         goto err;
+ 
+     if (ctx_in == NULL) {
+@@ -203,9 +205,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     /* Preallocate space */
+     q_bits = BN_num_bits(dsa->q);
+-    if (!BN_set_bit(k, q_bits)
+-        || !BN_set_bit(l, q_bits)
+-        || !BN_set_bit(m, q_bits))
++    q_words = bn_get_top(dsa->q);
++    if (!bn_wexpand(k, q_words + 2)
++        || !bn_wexpand(l, q_words + 2))
+         goto err;
+ 
+     /* Get random k */
+@@ -240,14 +242,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+      * small timing information leakage.  We then choose the sum that is
+      * one bit longer than the modulus.
+      *
+-     * TODO: revisit the BN_copy aiming for a memory access agnostic
+-     * conditional copy.
++     * There are some concerns about the efficacy of doing this.  More
++     * specificly refer to the discussion starting with:
++     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
++     * The fix is to rework BN so these gymnastics aren't required.
+      */
+     if (!BN_add(l, k, dsa->q)
+-        || !BN_add(m, l, dsa->q)
+-        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
++        || !BN_add(k, l, dsa->q))
+         goto err;
+ 
++    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
++
+     if ((dsa)->meth->bn_mod_exp != NULL) {
+             if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                        dsa->method_mont_p))
+@@ -260,8 +265,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+     if (!BN_mod(r, r, dsa->q, ctx))
+         goto err;
+ 
+-    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+-    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
++    /* Compute part of 's = inv(k) (m + xr) mod q' */
++    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
+         goto err;
+ 
+     BN_clear_free(*kinvp);
+@@ -275,7 +280,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+         BN_CTX_free(ctx);
+     BN_clear_free(k);
+     BN_clear_free(l);
+-    BN_clear_free(m);
+     return ret;
+ }
+ 
+@@ -395,3 +399,31 @@ static int dsa_finish(DSA *dsa)
+     BN_MONT_CTX_free(dsa->method_mont_p);
+     return (1);
+ }
++
++/*
++ * Compute the inverse of k modulo q.
++ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
++ * mod-exp operation.  Both the exponent and modulus are public information
++ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
++ * BIGNUM is returned which the caller must free.
++ */
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx)
++{
++    BIGNUM *res = NULL;
++    BIGNUM *r, *e;
++
++    if ((r = BN_new()) == NULL)
++        return NULL;
++
++    BN_CTX_start(ctx);
++    if ((e = BN_CTX_get(ctx)) != NULL
++            && BN_set_word(r, 2)
++            && BN_sub(e, q, r)
++            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
++        res = r;
++    else
++        BN_free(r);
++    BN_CTX_end(ctx);
++    return res;
++}

diff --git a/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0735.patch b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0735.patch
new file mode 100644
index 0000000000..5762c04fa3
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0i-CVE-2018-0735.patch
@@ -0,0 +1,44 @@
+From 56fb454d281a023b3f950d969693553d3f3ceea1 Mon Sep 17 00:00:00 2001
+From: Pauli <paul.dale@oracle.com>
+Date: Fri, 26 Oct 2018 10:54:58 +1000
+Subject: [PATCH] Timing vulnerability in ECDSA signature generation
+ (CVE-2018-0735)
+
+Preallocate an extra limb for some of the big numbers to avoid a reallocation
+that can potentially provide a side channel.
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+(Merged from https://github.com/openssl/openssl/pull/7486)
+
+(cherry picked from commit 99540ec79491f59ed8b46b4edf130e17dc907f52)
+---
+ crypto/ec/ec_mult.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
+index 22bb30ffa1..ff882cce20 100644
+--- a/crypto/ec/ec_mult.c
++++ b/crypto/ec/ec_mult.c
+@@ -177,8 +177,8 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
+      */
+     cardinality_bits = BN_num_bits(cardinality);
+     group_top = bn_get_top(cardinality);
+-    if ((bn_wexpand(k, group_top + 1) == NULL)
+-        || (bn_wexpand(lambda, group_top + 1) == NULL))
++    if ((bn_wexpand(k, group_top + 2) == NULL)
++        || (bn_wexpand(lambda, group_top + 2) == NULL))
+         goto err;
+ 
+     if (!BN_copy(k, scalar))
+@@ -205,7 +205,7 @@ static int ec_mul_consttime(const EC_GROUP *group, EC_POINT *r,
+      * k := scalar + 2*cardinality
+      */
+     kbit = BN_is_bit_set(lambda, cardinality_bits);
+-    BN_consttime_swap(kbit, k, lambda, group_top + 1);
++    BN_consttime_swap(kbit, k, lambda, group_top + 2);
+ 
+     group_top = bn_get_top(group->field);
+     if ((bn_wexpand(s->X, group_top) == NULL)
+-- 
+2.19.1
+

diff --git a/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch
new file mode 100644
index 0000000000..dbc379c80d
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch
@@ -0,0 +1,131 @@
+CVE-2018-0734
+https://github.com/openssl/openssl/commit/f1b12b8713a739f27d74e6911580b2e70aea2fa4
+https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f
+
+--- a/crypto/dsa/dsa_ossl.c
++++ b/crypto/dsa/dsa_ossl.c
+@@ -9,6 +9,7 @@
+ 
+ #include <stdio.h>
+ #include "internal/cryptlib.h"
++#include "internal/bn_int.h"
+ #include <openssl/bn.h>
+ #include <openssl/sha.h>
+ #include "dsa_locl.h"
+@@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                          DSA_SIG *sig, DSA *dsa);
+ static int dsa_init(DSA *dsa);
+ static int dsa_finish(DSA *dsa);
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx);
+ 
+ static DSA_METHOD openssl_dsa_meth = {
+     "OpenSSL DSA method",
+@@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ {
+     BN_CTX *ctx = NULL;
+     BIGNUM *k, *kinv = NULL, *r = *rp;
+-    BIGNUM *l, *m;
++    BIGNUM *l;
+     int ret = 0;
+-    int q_bits;
++    int q_bits, q_words;
+ 
+     if (!dsa->p || !dsa->q || !dsa->g) {
+         DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+@@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     k = BN_new();
+     l = BN_new();
+-    m = BN_new();
+-    if (k == NULL || l == NULL || m == NULL)
++    if (k == NULL || l == NULL)
+         goto err;
+ 
+     if (ctx_in == NULL) {
+@@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+ 
+     /* Preallocate space */
+     q_bits = BN_num_bits(dsa->q);
+-    if (!BN_set_bit(k, q_bits)
+-        || !BN_set_bit(l, q_bits)
+-        || !BN_set_bit(m, q_bits))
++    q_words = bn_get_top(dsa->q);
++    if (!bn_wexpand(k, q_words + 2)
++        || !bn_wexpand(l, q_words + 2))
+         goto err;
+ 
+     /* Get random k */
+@@ -238,14 +240,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+      * small timing information leakage.  We then choose the sum that is
+      * one bit longer than the modulus.
+      *
+-     * TODO: revisit the BN_copy aiming for a memory access agnostic
+-     * conditional copy.
++     * There are some concerns about the efficacy of doing this.  More
++     * specificly refer to the discussion starting with:
++     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
++     * The fix is to rework BN so these gymnastics aren't required.
+      */
+     if (!BN_add(l, k, dsa->q)
+-        || !BN_add(m, l, dsa->q)
+-        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
++        || !BN_add(k, l, dsa->q))
+         goto err;
+ 
++    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
++
+     if ((dsa)->meth->bn_mod_exp != NULL) {
+             if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
+                                        dsa->method_mont_p))
+@@ -258,8 +263,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+     if (!BN_mod(r, r, dsa->q, ctx))
+         goto err;
+ 
+-    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+-    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
++    /* Compute part of 's = inv(k) (m + xr) mod q' */
++    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
+         goto err;
+ 
+     BN_clear_free(*kinvp);
+@@ -273,7 +278,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+         BN_CTX_free(ctx);
+     BN_clear_free(k);
+     BN_clear_free(l);
+-    BN_clear_free(m);
+     return ret;
+ }
+ 
+@@ -393,3 +397,31 @@ static int dsa_finish(DSA *dsa)
+     BN_MONT_CTX_free(dsa->method_mont_p);
+     return 1;
+ }
++
++/*
++ * Compute the inverse of k modulo q.
++ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
++ * mod-exp operation.  Both the exponent and modulus are public information
++ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
++ * BIGNUM is returned which the caller must free.
++ */
++static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
++                                      BN_CTX *ctx)
++{
++    BIGNUM *res = NULL;
++    BIGNUM *r, *e;
++
++    if ((r = BN_new()) == NULL)
++        return NULL;
++
++    BN_CTX_start(ctx);
++    if ((e = BN_CTX_get(ctx)) != NULL
++            && BN_set_word(r, 2)
++            && BN_sub(e, q, r)
++            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
++        res = r;
++    else
++        BN_free(r);
++    BN_CTX_end(ctx);
++    return res;
++}

diff --git a/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0735.patch b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0735.patch
new file mode 100644
index 0000000000..295f5dbe8d
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0735.patch
@@ -0,0 +1,44 @@
+From b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 Mon Sep 17 00:00:00 2001
+From: Pauli <paul.dale@oracle.com>
+Date: Fri, 26 Oct 2018 10:54:58 +1000
+Subject: [PATCH] Timing vulnerability in ECDSA signature generation
+ (CVE-2018-0735)
+
+Preallocate an extra limb for some of the big numbers to avoid a reallocation
+that can potentially provide a side channel.
+
+Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
+(Merged from https://github.com/openssl/openssl/pull/7486)
+
+(cherry picked from commit 99540ec79491f59ed8b46b4edf130e17dc907f52)
+---
+ crypto/ec/ec_mult.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
+index 7e1b3650e7..0e0a5e1394 100644
+--- a/crypto/ec/ec_mult.c
++++ b/crypto/ec/ec_mult.c
+@@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+      */
+     cardinality_bits = BN_num_bits(cardinality);
+     group_top = bn_get_top(cardinality);
+-    if ((bn_wexpand(k, group_top + 1) == NULL)
+-        || (bn_wexpand(lambda, group_top + 1) == NULL)) {
++    if ((bn_wexpand(k, group_top + 2) == NULL)
++        || (bn_wexpand(lambda, group_top + 2) == NULL)) {
+         ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
+         goto err;
+     }
+@@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
+      * k := scalar + 2*cardinality
+      */
+     kbit = BN_is_bit_set(lambda, cardinality_bits);
+-    BN_consttime_swap(kbit, k, lambda, group_top + 1);
++    BN_consttime_swap(kbit, k, lambda, group_top + 2);
+ 
+     group_top = bn_get_top(group->field);
+     if ((bn_wexpand(s->X, group_top) == NULL)
+-- 
+2.19.1
+

diff --git a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
similarity index 90%
rename from dev-libs/openssl/openssl-1.0.2o-r6.ebuild
rename to dev-libs/openssl/openssl-1.0.2p-r1.ebuild
index abda3fe827..925641f754 100644
--- a/dev-libs/openssl/openssl-1.0.2o-r6.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
@@ -1,18 +1,21 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PATCH_SET="openssl-1.0.2-patches-1.4"
+PATCH_SET="openssl-1.0.2-patches-1.6"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
 SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	mirror://gentoo/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
-	https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz"
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
 
 LICENSE="openssl"
 SLOT="0"
@@ -74,7 +77,7 @@ src_prepare() {
 		for i in "${FEDORA_PATCH[@]}" ; do
 			eapply "${DISTDIR}"/"${i}"
 		done
-		eapply "${FILESDIR}"/openssl-1.0.2o-hobble-ecc.patch
+		eapply "${FILESDIR}"/openssl-1.0.2p-hobble-ecc.patch
 		# Also see the configure parts below:
 		# enable-ec \
 		# $(use_ssl !bindist ec2m) \
@@ -90,7 +93,6 @@ src_prepare() {
 
 	if ! use vanilla ; then
 		eapply "${WORKDIR}"/patch/*.patch
-		eapply "${FILESDIR}"/${P}-CVE-2018-0732.patch
 	fi
 
 	eapply_user
@@ -107,7 +109,7 @@ src_prepare() {
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
 		Makefile.org \
 		|| die
 	# show the actual commands in the log
@@ -126,7 +128,8 @@ src_prepare() {
 	# since we're forcing $(CC) as makedep anyway, just fix
 	# the conditional as always-on
 	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
 
 	# quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
@@ -213,8 +216,8 @@ multilib_src_configure() {
 		$(use_ssl sslv3 ssl3) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
 		shared threads \
 		|| die
@@ -237,7 +240,7 @@ multilib_src_configure() {
 multilib_src_compile() {
 	# depend is needed to use $confopts; it also doesn't matter
 	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
+	emake -j1 V=1 depend
 	emake all
 	# rehash is needed to prep the certs/ dir; do this
 	# separately to avoid parallel build issues.
@@ -249,13 +252,19 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake INSTALL_PREFIX="${D}" install
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED%/}"/usr || die
+	fi
+
+	emake INSTALL_PREFIX="${D%/}" install
 }
 
 multilib_src_install_all() {
 	# openssl installs perl version of c_rehash by default, but
 	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
+	rm "${ED%/}"/usr/bin/c_rehash || die
 
 	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
 	einstalldocs
@@ -267,7 +276,7 @@ multilib_src_install_all() {
 	# build system: the static archives are built as PIC all the time.
 	# Only way around this would be to manually configure+compile openssl
 	# twice; once with shared lib support enabled and once without.
-	use static-libs || find "${ED}"usr/lib* -mindepth 1 -maxdepth 1 \
+	use static-libs || find "${ED}"/usr/lib* -mindepth 1 -maxdepth 1 \
 		-name "lib*.a" -not -name "*.dll.a" -not -name "*$(get_libname)" -delete
 
 	# create the certs directory

diff --git a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild b/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
similarity index 97%
rename from dev-libs/openssl/openssl-1.1.0h-r2.ebuild
rename to dev-libs/openssl/openssl-1.1.0i-r3.ebuild
index dbd701f3c0..348a3a8a12 100644
--- a/dev-libs/openssl/openssl-1.1.0h-r2.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -36,7 +36,7 @@ SOURCE13=ectest.c
 PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
 PATCH37=openssl-1.1.0-ec-curves.patch
 FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f27'
+FEDORA_GIT_BRANCH='f28'
 FEDORA_SRC_URI=()
 FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
 FEDORA_PATCH=( $PATCH1 $PATCH37 )
@@ -56,8 +56,8 @@ MULTILIB_WRAPPED_HEADERS=(
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${P}-CVE-2018-0737.patch
-	"${FILESDIR}"/${P}-CVE-2018-0732.patch
+	"${FILESDIR}"/${P}-CVE-2018-0734.patch
+	"${FILESDIR}"/${P}-CVE-2018-0735.patch
 )
 
 src_prepare() {
@@ -103,7 +103,7 @@ src_prepare() {
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
 			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
 		Configurations/unix-Makefile.tmpl \
 		|| die
 
@@ -247,7 +247,7 @@ multilib_src_install_all() {
 	# build system: the static archives are built as PIC all the time.
 	# Only way around this would be to manually configure+compile openssl
 	# twice; once with shared lib support enabled and once without.
-	use static-libs || find "${ED}"usr/lib* -mindepth 1 -maxdepth 1 \
+	use static-libs || find "${ED%/}"/usr/lib* -mindepth 1 -maxdepth 1 \
 		-name "lib*.a" -not -name "*.dll.a" -not -name "*$(get_libname)" -delete
 
 	# create the certs directory


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2018-12-28 17:44 Fabian Groffen
  0 siblings, 0 replies; 8+ messages in thread
From: Fabian Groffen @ 2018-12-28 17:44 UTC (permalink / raw
  To: gentoo-commits

commit:     dd93cf9c699667de3270dc5f439786f9c1f71c31
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 28 17:44:24 2018 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Fri Dec 28 17:44:24 2018 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=dd93cf9c

dev-libs/openssl: sync 1.1.0j

Package-Manager: Portage-2.3.52.2-prefix, Repoman-2.3.12
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/openssl/Manifest                           |  4 ++++
 .../files/openssl-1.1.0j-parallel_install_fix.patch | 21 +++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.0i-r3.ebuild           |  3 +--
 ...enssl-1.1.0i-r3.ebuild => openssl-1.1.0j.ebuild} |  9 ++-------
 4 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index e5ab2701a9..72b6620c97 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -9,3 +9,7 @@ DIST openssl-1.1.0i.tar.gz 5453234 BLAKE2B ae6bec9c116769d98a77165b96fb7d201fe2e
 DIST openssl-1.1.0i_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
 DIST openssl-1.1.0i_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
+DIST openssl-1.1.0j_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
+DIST openssl-1.1.0j_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
+DIST openssl-1.1.0j_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch b/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch
new file mode 100644
index 0000000000..c837e208cf
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0j-parallel_install_fix.patch
@@ -0,0 +1,21 @@
+https://github.com/openssl/openssl/issues/7679
+
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -77,8 +77,14 @@
+      # to. You're welcome.
+      sub dependmagic {
+          my $target = shift;
+-
+-         return "$target: build_generated\n\t\$(MAKE) depend && \$(MAKE) _$target\n_$target";
++		  my $magic = <<"_____";
++$target: build_generated depend
++		 \$(MAKE) _$target
++_$target
++_____
++		 # Remove line ending
++		 $magic =~ s|\R$||;
++		 return $magic;
+      }
+      '';
+ -}

diff --git a/dev-libs/openssl/openssl-1.1.0i-r3.ebuild b/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
index 50b63a1a20..348a3a8a12 100644
--- a/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
@@ -145,8 +145,7 @@ multilib_src_configure() {
 	unset SCRIPTS #312551
 	unset CROSS_COMPILE #311473
 
-	tc-export CC AR RANLIB RC CPP
-	# for CPP, see: https://github.com/openssl/openssl/issues/5867
+	tc-export CC AR RANLIB RC
 
 	# Clean out patent-or-otherwise-encumbered code
 	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)

diff --git a/dev-libs/openssl/openssl-1.1.0i-r3.ebuild b/dev-libs/openssl/openssl-1.1.0j.ebuild
similarity index 97%
copy from dev-libs/openssl/openssl-1.1.0i-r3.ebuild
copy to dev-libs/openssl/openssl-1.1.0j.ebuild
index 50b63a1a20..44d04df06b 100644
--- a/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0j.ebuild
@@ -56,8 +56,7 @@ MULTILIB_WRAPPED_HEADERS=(
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${P}-CVE-2018-0734.patch
-	"${FILESDIR}"/${P}-CVE-2018-0735.patch
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
 )
 
 src_prepare() {
@@ -89,9 +88,6 @@ src_prepare() {
 		eapply "${PATCHES[@]}"
 	fi
 
-	# 2018-06-21 grobian: still necessary/in use?
-	#epatch "${FILESDIR}"/${PN}-1.1.0f-winnt.patch # parity
-
 	eapply_user #332661
 
 	# make sure the man pages are suffixed #302165
@@ -145,8 +141,7 @@ multilib_src_configure() {
 	unset SCRIPTS #312551
 	unset CROSS_COMPILE #311473
 
-	tc-export CC AR RANLIB RC CPP
-	# for CPP, see: https://github.com/openssl/openssl/issues/5867
+	tc-export CC AR RANLIB RC
 
 	# Clean out patent-or-otherwise-encumbered code
 	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2019-02-13 10:07 Michael Haubenwallner
  0 siblings, 0 replies; 8+ messages in thread
From: Michael Haubenwallner @ 2019-02-13 10:07 UTC (permalink / raw
  To: gentoo-commits

commit:     115c900ced8385c2ccf38780b95f53b224f47731
Author:     Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
AuthorDate: Wed Feb 13 10:01:44 2019 +0000
Commit:     Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
CommitDate: Wed Feb 13 10:01:57 2019 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=115c900c

dev-libs/openssl: sync and cleanup

remaining diffs in ebuilds:
* Configure shebang
* static libs removal
remaining diffs in files/gentoo.config-1.0.2:
* cygwin
* winnt
* sparc-solaris

Package-Manager: Portage-2.3.55.1-prefix, Repoman-2.3.12
Signed-off-by: Michael Haubenwallner <haubi <AT> gentoo.org>

 dev-libs/openssl/Manifest                          |  13 +-
 dev-libs/openssl/files/gentoo.config-0.9.8         | 148 -----
 dev-libs/openssl/files/gentoo.config-1.0.0         | 159 -----
 dev-libs/openssl/files/gentoo.config-1.0.1         | 165 -----
 dev-libs/openssl/files/gentoo.config-1.0.2         |  14 +-
 .../files/openssl-0.9.7-alpha-default-gcc.patch    |  12 -
 dev-libs/openssl/files/openssl-0.9.7e-gentoo.patch |  16 -
 .../files/openssl-0.9.8-make-engines-dir.patch     |  12 -
 .../openssl/files/openssl-0.9.8-makedepend.patch   |  15 -
 .../openssl/files/openssl-0.9.8b-doc-updates.patch | 270 --------
 .../openssl/files/openssl-0.9.8e-bsd-sparc64.patch |  25 -
 dev-libs/openssl/files/openssl-0.9.8e-make.patch   |  26 -
 .../openssl/files/openssl-0.9.8g-interix.patch     |  38 --
 dev-libs/openssl/files/openssl-0.9.8g-mint.patch   |  33 -
 .../files/openssl-0.9.8g-sslv3-no-tlsext.patch     |  31 -
 .../openssl/files/openssl-0.9.8h-ldflags.patch     |  29 -
 dev-libs/openssl/files/openssl-0.9.8h-winnt.patch  | 104 ----
 .../files/openssl-0.9.8j-parallel-build.patch      |  25 -
 dev-libs/openssl/files/openssl-0.9.8k-aixdll.patch |  46 --
 dev-libs/openssl/files/openssl-0.9.8k-cc-mxx.patch |  51 --
 .../openssl/files/openssl-0.9.8k-toolchain.patch   |  22 -
 dev-libs/openssl/files/openssl-0.9.8k-winnt.patch  |  92 ---
 .../files/openssl-0.9.8l-CVE-2009-1377.patch       |  53 --
 .../files/openssl-0.9.8l-CVE-2009-1378.patch       |  24 -
 .../files/openssl-0.9.8l-CVE-2009-1379.patch       |  22 -
 .../files/openssl-0.9.8l-CVE-2009-1387.patch       |  59 --
 .../files/openssl-0.9.8l-CVE-2009-2409.patch       |  71 ---
 dev-libs/openssl/files/openssl-0.9.8l-aixso.patch  |  30 -
 .../openssl/files/openssl-0.9.8l-binutils.patch    |  67 --
 .../openssl/files/openssl-0.9.8l-dtls-compat.patch | 167 -----
 .../openssl/files/openssl-0.9.8m-binutils.patch    |  24 -
 .../openssl/files/openssl-0.9.8n-interix.patch     |  39 --
 dev-libs/openssl/files/openssl-0.9.8n-mint.patch   |  33 -
 .../openssl/files/openssl-1.0.0a-alpha-mont.patch  | 125 ----
 .../openssl/files/openssl-1.0.0a-alphacpuid.patch  |  18 -
 .../files/openssl-1.0.0a-fix-double-free.patch     |  12 -
 .../openssl/files/openssl-1.0.0a-interix.patch     |  36 --
 .../openssl/files/openssl-1.0.0a-ldflags.patch     |  29 -
 dev-libs/openssl/files/openssl-1.0.0a-mint.patch   |  33 -
 .../openssl/files/openssl-1.0.0b-rev19998.patch    |  16 -
 .../files/openssl-1.0.0d-alpha-fix-unalign.patch   |  59 --
 .../openssl/files/openssl-1.0.0d-alpha-typo.patch  |  13 -
 .../openssl/files/openssl-1.0.0d-fbsd-amd64.patch  |  12 -
 .../openssl/files/openssl-1.0.0d-windres.patch     |  76 ---
 .../files/openssl-1.0.0e-parallel-build.patch      | 315 ----------
 .../openssl/files/openssl-1.0.0e-pkg-config.patch  |  42 --
 dev-libs/openssl/files/openssl-1.0.0e-x32.patch    |  92 ---
 .../openssl/files/openssl-1.0.0h-pkg-config.patch  |  34 --
 .../openssl-1.0.1-gethostbyname2-solaris.patch     |  17 -
 dev-libs/openssl/files/openssl-1.0.1-ipv6.patch    | 678 ---------------------
 .../files/openssl-1.0.1-parallel-build.patch       | 354 -----------
 dev-libs/openssl/files/openssl-1.0.1-x32.patch     |  79 ---
 .../files/openssl-1.0.1e-bad-mac-aes-ni.patch      |  35 --
 dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch   | 656 --------------------
 .../openssl/files/openssl-1.0.1e-perl-5.18.patch   | 375 ------------
 .../files/openssl-1.0.1e-rdrand-explicit.patch     |  28 -
 .../files/openssl-1.0.1e-s_client-verify.patch     |  18 -
 .../files/openssl-1.0.1e-tls-ver-crash.patch       |  34 --
 .../openssl/files/openssl-1.0.1f-perl-5.18.patch   | 356 -----------
 ...enssl-1.0.1f-revert-alpha-perl-generation.patch |  84 ---
 dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch   | 642 -------------------
 .../openssl/files/openssl-1.0.1k-aix-soname.patch  |  76 ---
 .../files/openssl-1.0.1p-default-source.patch      |  30 -
 .../files/openssl-1.0.2-CVE-2015-0209.patch        |  49 --
 .../files/openssl-1.0.2-CVE-2015-0288.patch        |  31 -
 .../files/openssl-1.0.2-CVE-2015-0291.patch        | 459 --------------
 dev-libs/openssl/files/openssl-1.0.2-ipv6.patch    | 611 -------------------
 .../files/openssl-1.0.2-parallel-build.patch       | 354 -----------
 .../files/openssl-1.0.2-s_client-verify.patch      |  17 -
 .../openssl/files/openssl-1.0.2_beta2-ipv6.patch   | 640 -------------------
 .../openssl/files/openssl-1.0.2a-malloc-typo.patch |  38 --
 .../files/openssl-1.0.2a-parallel-build.patch      | 314 ----------
 .../openssl-1.0.2a-parallel-install-dirs.patch     |  64 --
 .../openssl-1.0.2a-parallel-obj-headers.patch      |  37 --
 .../files/openssl-1.0.2a-parallel-symlinking.patch |  63 --
 .../files/openssl-1.0.2d-parallel-build.patch      | 309 ----------
 .../files/openssl-1.0.2e-parallel-build.patch      | 314 ----------
 .../files/openssl-1.0.2g-parallel-build.patch      | 318 ----------
 .../files/openssl-1.0.2i-parallel-build.patch      | 326 ----------
 .../files/openssl-1.0.2o-CVE-2018-0732.patch       |  39 --
 .../openssl/files/openssl-1.0.2p-hobble-ecc.patch  | 283 +++++++++
 .../files/openssl-1.1.0g-CVE-2017-3738.patch       |  77 ---
 .../files/openssl-1.1.0h-CVE-2018-0732.patch       |  39 --
 .../files/openssl-1.1.0h-CVE-2018-0737.patch       |  31 -
 .../files/openssl-1.1.1-CVE-2018-0734.patch        | 131 ----
 .../files/openssl-1.1.1-CVE-2018-0735.patch        |  44 --
 ...-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch |  27 +
 ...ix-cert-with-rsa-instead-of-rsaEncryption.patch |  97 +++
 ...ix-some-SSL_export_keying_material-issues.patch | 420 +++++++++++++
 ...a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch |  26 +
 ...ure-build_SYS_str_reasons_preserves_errno.patch |  68 +++
 .../openssl-1.1.1a-preserve-errno-on-dlopen.patch  |  51 ++
 ...-system-error-number-in-a-few-more-places.patch |  57 ++
 ...t-reduce-stack-usage-in-tls13_hkdf_expand.patch |  56 ++
 dev-libs/openssl/openssl-1.1.0j.ebuild             |  26 +-
 ...nssl-1.1.0j.ebuild => openssl-1.1.1a-r1.ebuild} |  57 +-
 ...openssl-1.1.0j.ebuild => openssl-1.1.1a.ebuild} |  46 +-
 97 files changed, 1185 insertions(+), 10643 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 72b6620c97..7620ca80de 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -4,12 +4,19 @@ DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1
 DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
+DIST openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
 DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
+DIST openssl-1.1.0-ec-curves_d2ede125556ac99aa0faa7744c703af3f559094e.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
 DIST openssl-1.1.0i.tar.gz 5453234 BLAKE2B ae6bec9c116769d98a77165b96fb7d201fe2ede8ee98e3cb68eba496cc90a5fae38dbcbb68b824c9eeacb25605aa80c3ccca9b4f00725658da3ad646834b0f9d SHA512 4a9d454031f644a3072a980f4ea20df976f6c5c58178549dfa62fd4dcf1417509e3be517d2ccb265c87688836f2993531b142fc5971bac5c41d33060057627df
 DIST openssl-1.1.0i_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
 DIST openssl-1.1.0i_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
-DIST openssl-1.1.0j_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
-DIST openssl-1.1.0j_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
-DIST openssl-1.1.0j_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
+DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
+DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
+DIST openssl-1.1.1a.tar.gz 8350547 BLAKE2B 71dae2f44ade3e31983599a491b5efe5da63bbe4f32a2336a8022b282f844a9d898f3b1c3fa825a5973cb16898e8e87fcd73d68e9b602b58f500c3f3e047b199 SHA512 1523985ba90f38aa91aa6c2d57652f4e243cb2a095ce6336bf34b39b5a9b5b876804299a6825c758b65990e57948da532cca761aa12b10958c97478d04dd6d34
+DIST openssl-1.1.1a_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
+DIST openssl-1.1.1a_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
+DIST openssl-1.1.1a_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/files/gentoo.config-0.9.8 b/dev-libs/openssl/files/gentoo.config-0.9.8
deleted file mode 100755
index 09e5b0b7f8..0000000000
--- a/dev-libs/openssl/files/gentoo.config-0.9.8
+++ /dev/null
@@ -1,148 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/files/gentoo.config-0.9.8,v 1.18 2012/05/25 17:41:21 vapier Exp $
-#
-# Openssl doesn't play along nicely with cross-compiling
-# like autotools based projects, so let's teach it new tricks.
-#
-# Review the bundled 'config' script to see why kind of targets
-# we can pass to the 'Configure' script.
-
-
-# Testing routines
-if [[ $1 == "test" ]] ; then
-	for c in \
-		"arm-gentoo-linux-uclibc      |linux-generic32 -DL_ENDIAN" \
-		"armv5b-linux-gnu             |linux-generic32 -DB_ENDIAN" \
-		"x86_64-pc-linux-gnu          |linux-x86_64" \
-		"alphaev56-unknown-linux-gnu  |linux-alpha+bwx-gcc" \
-		"i686-pc-linux-gnu            |linux-elf" \
-		"whatever-gentoo-freebsdX.Y   |BSD-generic32" \
-		"i686-gentoo-freebsdX.Y       |BSD-x86-elf" \
-		"sparc64-alpha-freebsdX.Y     |BSD-sparc64" \
-		"ia64-gentoo-freebsd5.99234   |BSD-ia64" \
-		"x86_64-gentoo-freebsdX.Y     |BSD-x86_64" \
-		"hppa64-aldsF-linux-gnu5.3    |linux-generic32 -DB_ENDIAN" \
-		"powerpc-gentOO-linux-uclibc  |linux-ppc" \
-		"powerpc64-unk-linux-gnu      |linux-ppc64" \
-		"x86_64-apple-darwinX         |darwin64-x86_64-cc" \
-		"powerpc64-apple-darwinX      |darwin64-ppc-cc" \
-		"i686-apple-darwinX           |darwin-i386-cc" \
-		"i386-apple-darwinX           |darwin-i386-cc" \
-		"powerpc-apple-darwinX        |darwin-ppc-cc" \
-		"i586-pc-winnt                |winnt-parity" \
-	;do
-		CHOST=${c/|*}
-		ret_want=${c/*|}
-		ret_got=$(CHOST=${CHOST} "$0")
-
-		if [[ ${ret_want} == "${ret_got}" ]] ; then
-			echo "PASS: ${CHOST}"
-		else
-			echo "FAIL: ${CHOST}"
-			echo -e "\twanted: ${ret_want}"
-			echo -e "\twe got: ${ret_got}"
-		fi
-	done
-	exit 0
-fi
-[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
-
-
-# Detect the operating system
-case ${CHOST} in
-	*-aix*)      system="aix";;
-	*-darwin*)   system="darwin";;
-	*-freebsd*)  system="BSD";;
-	*-hpux*)     system="hpux";;
-	*-linux*)    system="linux";;
-	*-solaris*)  system="solaris";;
-	*-winnt*)    system="winnt";;
-	*)           exit 0;;
-esac
-
-
-# Compiler munging
-compiler="gcc"
-if [[ ${CC} == "ccc" ]] ; then
-	compiler=${CC}
-fi
-
-
-# Detect target arch
-machine=""
-chost_machine=${CHOST%%-*}
-case ${system} in
-linux)
-	case ${chost_machine} in
-		alphaev56*)   machine=alpha+bwx-${compiler};;
-		alphaev[678]*)machine=alpha+bwx-${compiler};;
-		alpha*)       machine=alpha-${compiler};;
-		arm*b*)       machine="generic32 -DB_ENDIAN";;
-		arm*)         machine="generic32 -DL_ENDIAN";;
-	#	hppa64*)      machine=parisc64;;
-		hppa*)        machine="generic32 -DB_ENDIAN";;
-		i[0-9]86*)    machine=elf;;
-		ia64*)        machine=ia64;;
-		m68*)         machine="generic32 -DB_ENDIAN";;
-		mips*el*)     machine="generic32 -DL_ENDIAN";;
-		mips*)        machine="generic32 -DB_ENDIAN";;
-		powerpc64*)   machine=ppc64;;
-		powerpc*)     machine=ppc;;
-	#	sh64*)        machine=elf;;
-		sh*b*)        machine="generic32 -DB_ENDIAN";;
-		sh*)          machine="generic32 -DL_ENDIAN";;
-		sparc*v7*)    machine="generic32 -DB_ENDIAN";;
-		sparc64*)     machine=sparcv9;;
-		sparc*)       machine=sparcv8;;
-		s390x*)       machine="generic64 -DB_ENDIAN";;
-		s390*)        machine="generic32 -DB_ENDIAN";;
-		x86_64*)      machine=x86_64;;
-	esac
-	;;
-BSD)
-	case ${chost_machine} in
-		alpha*)       machine=generic64;;
-		i[6-9]86*)    machine=x86-elf;;
-		ia64*)        machine=ia64;;
-		sparc64*)     machine=sparc64;;
-		x86_64*)      machine=x86_64;;
-		*)            machine=generic32;;
-	esac
-	;;
-aix)
-	machine=${compiler}
-	;;
-darwin)
-	case ${chost_machine} in
-		powerpc64)    machine=ppc-cc; system=${system}64;;
-		powerpc)      machine=ppc-cc;;
-		i?86*)        machine=i386-cc;;
-		x86_64)       machine=x86_64-cc; system=${system}64;;
-	esac
-	;;
-hpux)
-	case ${chost_machine} in
-		ia64)   machine=ia64-${compiler} ;;
-		hppa64) machine=parisc2-${compiler}; system=${system}64 ;;
-		hppa1*) machine=parisc-${compiler} ;;
-		hppa*)  machine=parisc2-${compiler} ;;
-	esac
-	;;
-solaris)
-	case ${chost_machine} in
-		i386)         machine=x86-${compiler} ;;
-		x86_64*)      machine=x86_64-${compiler}; system=${system}64;;
-		sparcv9*)     machine=sparcv9-${compiler}; system=${system}64;;
-		sparc*)       machine=sparcv8-${compiler};;
-	esac
-	;;
-winnt)
-	machine=parity
-	;;
-esac
-
-
-# If we have something, show it
-[[ -n ${machine} ]] && echo ${system}-${machine}

diff --git a/dev-libs/openssl/files/gentoo.config-1.0.0 b/dev-libs/openssl/files/gentoo.config-1.0.0
deleted file mode 100755
index 0c479f1692..0000000000
--- a/dev-libs/openssl/files/gentoo.config-1.0.0
+++ /dev/null
@@ -1,159 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 1999-2011 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/files/gentoo.config-1.0.0,v 1.5 2012/05/25 17:41:21 vapier Exp $
-#
-# Openssl doesn't play along nicely with cross-compiling
-# like autotools based projects, so let's teach it new tricks.
-#
-# Review the bundled 'config' script to see why kind of targets
-# we can pass to the 'Configure' script.
-
-
-# Testing routines
-if [[ $1 == "test" ]] ; then
-	for c in \
-		"arm-gentoo-linux-uclibc      |linux-generic32 -DL_ENDIAN" \
-		"armv5b-linux-gnu             |linux-armv4 -DB_ENDIAN" \
-		"x86_64-pc-linux-gnu          |linux-x86_64" \
-		"alphaev56-unknown-linux-gnu  |linux-alpha+bwx-gcc" \
-		"i686-pc-linux-gnu            |linux-elf" \
-		"whatever-gentoo-freebsdX.Y   |BSD-generic32" \
-		"i686-gentoo-freebsdX.Y       |BSD-x86-elf" \
-		"sparc64-alpha-freebsdX.Y     |BSD-sparc64" \
-		"ia64-gentoo-freebsd5.99234   |BSD-ia64" \
-		"x86_64-gentoo-freebsdX.Y     |BSD-x86_64" \
-		"hppa64-aldsF-linux-gnu5.3    |linux-generic32 -DB_ENDIAN" \
-		"powerpc-gentOO-linux-uclibc  |linux-ppc" \
-		"powerpc64-unk-linux-gnu      |linux-ppc64" \
-		"x86_64-apple-darwinX         |darwin64-x86_64-cc" \
-		"powerpc64-apple-darwinX      |darwin64-ppc-cc" \
-		"i686-apple-darwinX           |darwin-i386-cc" \
-		"i386-apple-darwinX           |darwin-i386-cc" \
-		"powerpc-apple-darwinX        |darwin-ppc-cc" \
-		"i586-pc-winnt                |winnt-parity" \
-		"s390-ibm-linux-gnu           |linux-generic32 -DB_ENDIAN" \
-		"s390x-linux-gnu              |linux-s390x" \
-	;do
-		CHOST=${c/|*}
-		ret_want=${c/*|}
-		ret_got=$(CHOST=${CHOST} "$0")
-
-		if [[ ${ret_want} == "${ret_got}" ]] ; then
-			echo "PASS: ${CHOST}"
-		else
-			echo "FAIL: ${CHOST}"
-			echo -e "\twanted: ${ret_want}"
-			echo -e "\twe got: ${ret_got}"
-		fi
-	done
-	exit 0
-fi
-[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
-
-
-# Detect the operating system
-case ${CHOST} in
-	*-aix*)          system="aix";;
-	*-darwin*)       system="darwin";;
-	*-freebsd*)      system="BSD";;
-	*-hpux*)         system="hpux";;
-	*-linux*)        system="linux";;
-	*-solaris*)      system="solaris";;
-	*-winnt*)        system="winnt";;
-	x86_64-*-mingw*) system="mingw64";;
-	*mingw*)         system="mingw";;
-	*)               exit 0;;
-esac
-
-
-# Compiler munging
-compiler="gcc"
-if [[ ${CC} == "ccc" ]] ; then
-	compiler=${CC}
-fi
-
-
-# Detect target arch
-machine=""
-chost_machine=${CHOST%%-*}
-case ${system} in
-linux)
-	case ${chost_machine}:${ABI} in
-		alphaev56*)   machine=alpha+bwx-${compiler};;
-		alphaev[678]*)machine=alpha+bwx-${compiler};;
-		alpha*)       machine=alpha-${compiler};;
-		armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
-		armv[4-9]*)   machine="armv4 -DL_ENDIAN";;
-		arm*b*)       machine="generic32 -DB_ENDIAN";;
-		arm*)         machine="generic32 -DL_ENDIAN";;
-		avr*)         machine="generic32 -DL_ENDIAN";;
-		bfin*)        machine="generic32 -DL_ENDIAN";;
-	#	hppa64*)      machine=parisc64;;
-		hppa*)        machine="generic32 -DB_ENDIAN";;
-		i[0-9]86*|\
-		x86_64*:x86)  machine=elf;;
-		ia64*)        machine=ia64;;
-		m68*)         machine="generic32 -DB_ENDIAN";;
-		mips*el*)     machine="generic32 -DL_ENDIAN";;
-		mips*)        machine="generic32 -DB_ENDIAN";;
-		powerpc64*)   machine=ppc64;;
-		powerpc*)     machine=ppc;;
-	#	sh64*)        machine=elf;;
-		sh*b*)        machine="generic32 -DB_ENDIAN";;
-		sh*)          machine="generic32 -DL_ENDIAN";;
-		sparc*v7*)    machine="generic32 -DB_ENDIAN";;
-		sparc64*)     machine=sparcv9;;
-		sparc*)       machine=sparcv8;;
-		s390x*)       machine=s390x;;
-		s390*)        machine="generic32 -DB_ENDIAN";;
-		x86_64*:x32)  machine=x32;;
-		x86_64*)      machine=x86_64;;
-	esac
-	;;
-BSD)
-	case ${chost_machine} in
-		alpha*)       machine=generic64;;
-		i[6-9]86*)    machine=x86-elf;;
-		ia64*)        machine=ia64;;
-		sparc64*)     machine=sparc64;;
-		x86_64*)      machine=x86_64;;
-		*)            machine=generic32;;
-	esac
-	;;
-aix)
-	machine=${compiler}
-	;;
-darwin)
-	case ${chost_machine} in
-		powerpc64)    machine=ppc-cc; system=${system}64;;
-		powerpc)      machine=ppc-cc;;
-		i?86*)        machine=i386-cc;;
-		x86_64)       machine=x86_64-cc; system=${system}64;;
-	esac
-	;;
-hpux)
-	case ${chost_machine} in
-		ia64)	machine=ia64-${compiler} ;;
-	esac
-	;;
-solaris)
-	case ${chost_machine} in
-		i386)         machine=x86-${compiler} ;;
-		x86_64*)      machine=x86_64-${compiler}; system=${system}64;;
-		sparcv9*)     machine=sparcv9-${compiler}; system=${system}64;;
-		sparc*)       machine=sparcv8-${compiler};;
-	esac
-	;;
-winnt)
-	machine=parity
-	;;
-mingw*)
-	# special case ... no xxx-yyy style name
-	echo ${system}
-	;;
-esac
-
-
-# If we have something, show it
-[[ -n ${machine} ]] && echo ${system}-${machine}

diff --git a/dev-libs/openssl/files/gentoo.config-1.0.1 b/dev-libs/openssl/files/gentoo.config-1.0.1
deleted file mode 100644
index cca1c261ff..0000000000
--- a/dev-libs/openssl/files/gentoo.config-1.0.1
+++ /dev/null
@@ -1,165 +0,0 @@
-#!/usr/bin/env bash
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/files/gentoo.config-1.0.1,v 1.2 2014/01/17 04:27:03 vapier Exp $
-#
-# Openssl doesn't play along nicely with cross-compiling
-# like autotools based projects, so let's teach it new tricks.
-#
-# Review the bundled 'config' script to see why kind of targets
-# we can pass to the 'Configure' script.
-
-
-# Testing routines
-if [[ $1 == "test" ]] ; then
-	for c in \
-		"arm-gentoo-linux-uclibc      |linux-generic32 -DL_ENDIAN" \
-		"armv5b-linux-gnu             |linux-armv4 -DB_ENDIAN" \
-		"x86_64-pc-linux-gnu          |linux-x86_64" \
-		"alpha-linux-gnu              |linux-alpha-gcc" \
-		"alphaev56-unknown-linux-gnu  |linux-alpha+bwx-gcc" \
-		"i686-pc-linux-gnu            |linux-elf" \
-		"whatever-gentoo-freebsdX.Y   |BSD-generic32" \
-		"i686-gentoo-freebsdX.Y       |BSD-x86-elf" \
-		"sparc64-alpha-freebsdX.Y     |BSD-sparc64" \
-		"ia64-gentoo-freebsd5.99234   |BSD-ia64" \
-		"x86_64-gentoo-freebsdX.Y     |BSD-x86_64" \
-		"hppa64-aldsF-linux-gnu5.3    |linux-generic32 -DB_ENDIAN" \
-		"powerpc-gentOO-linux-uclibc  |linux-ppc" \
-		"powerpc64-unk-linux-gnu      |linux-ppc64" \
-		"x86_64-apple-darwinX         |darwin64-x86_64-cc" \
-		"powerpc64-apple-darwinX      |darwin64-ppc-cc" \
-		"i686-apple-darwinX           |darwin-i386-cc" \
-		"i386-apple-darwinX           |darwin-i386-cc" \
-		"powerpc-apple-darwinX        |darwin-ppc-cc" \
-		"i586-pc-winnt                |winnt-parity" \
-		"s390-ibm-linux-gnu           |linux-generic32 -DB_ENDIAN" \
-		"s390x-linux-gnu              |linux64-s390x" \
-		"powerpc-ibm-aixX.Y           |aix-gcc --with-aix-soname=svr4" \
-	;do
-		CHOST=${c/|*}
-		ret_want=${c/*|}
-		ret_got=$(CHOST=${CHOST} "$0")
-
-		if [[ ${ret_want} == "${ret_got}" ]] ; then
-			echo "PASS: ${CHOST}"
-		else
-			echo "FAIL: ${CHOST}"
-			echo -e "\twanted: ${ret_want}"
-			echo -e "\twe got: ${ret_got}"
-		fi
-	done
-	exit 0
-fi
-[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
-
-
-# Detect the operating system
-case ${CHOST} in
-	*-aix*)          system="aix";;
-	*-darwin*)       system="darwin";;
-	*-freebsd*)      system="BSD";;
-	*-hpux*)         system="hpux";;
-	*-linux*)        system="linux";;
-	*-solaris*)      system="solaris";;
-	*-winnt*)        system="winnt";;
-	x86_64-*-mingw*) system="mingw64";;
-	*mingw*)         system="mingw";;
-	*)               exit 0;;
-esac
-
-
-# Compiler munging
-compiler="gcc"
-if [[ ${CC} == "ccc" ]] ; then
-	compiler=${CC}
-fi
-
-
-# Detect target arch
-machine=""
-chost_machine=${CHOST%%-*}
-case ${system} in
-linux)
-	case ${chost_machine}:${ABI} in
-		aarch64*be)   machine="generic64 -DB_ENDIAN";;
-		aarch64*)     machine="generic64 -DL_ENDIAN";;
-		alphaev56*|\
-		alphaev[678]*)machine=alpha+bwx-${compiler};;
-		alpha*)       machine=alpha-${compiler};;
-		armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
-		armv[4-9]*)   machine="armv4 -DL_ENDIAN";;
-		arm*b*)       machine="generic32 -DB_ENDIAN";;
-		arm*)         machine="generic32 -DL_ENDIAN";;
-		avr*)         machine="generic32 -DL_ENDIAN";;
-		bfin*)        machine="generic32 -DL_ENDIAN";;
-	#	hppa64*)      machine=parisc64;;
-		hppa*)        machine="generic32 -DB_ENDIAN";;
-		i[0-9]86*|\
-		x86_64*:x86)  machine=elf;;
-		ia64*)        machine=ia64;;
-		m68*)         machine="generic32 -DB_ENDIAN";;
-		mips*el*)     machine="generic32 -DL_ENDIAN";;
-		mips*)        machine="generic32 -DB_ENDIAN";;
-		powerpc64*le) machine="generic64 -DL_ENDIAN";;
-		powerpc64*)   machine=ppc64;;
-		powerpc*le)   machine="generic32 -DL_ENDIAN";;
-		powerpc*)     machine=ppc;;
-	#	sh64*)        machine=elf;;
-		sh*b*)        machine="generic32 -DB_ENDIAN";;
-		sh*)          machine="generic32 -DL_ENDIAN";;
-		sparc*v7*)    machine="generic32 -DB_ENDIAN";;
-		sparc64*)     machine=sparcv9;;
-		sparc*)       machine=sparcv8;;
-		s390x*)       machine=s390x system=linux64;;
-		s390*)        machine="generic32 -DB_ENDIAN";;
-		x86_64*:x32)  machine=x32;;
-		x86_64*)      machine=x86_64;;
-	esac
-	;;
-BSD)
-	case ${chost_machine} in
-		alpha*)       machine=generic64;;
-		i[6-9]86*)    machine=x86-elf;;
-		ia64*)        machine=ia64;;
-		sparc64*)     machine=sparc64;;
-		x86_64*)      machine=x86_64;;
-		*)            machine=generic32;;
-	esac
-	;;
-aix)
-	machine="${compiler} --with-aix-soname=svr4"
-	;;
-darwin)
-	case ${chost_machine} in
-		powerpc64)    machine=ppc-cc; system=${system}64;;
-		powerpc)      machine=ppc-cc;;
-		i?86*)        machine=i386-cc;;
-		x86_64)       machine=x86_64-cc; system=${system}64;;
-	esac
-	;;
-hpux)
-	case ${chost_machine} in
-		ia64)	machine=ia64-${compiler} ;;
-	esac
-	;;
-solaris)
-	case ${chost_machine} in
-		i386)         machine=x86-${compiler} ;;
-		x86_64*)      machine=x86_64-${compiler}; system=${system}64;;
-		sparcv9*)     machine=sparcv9-${compiler}; system=${system}64;;
-		sparc*)       machine=sparcv8-${compiler};;
-	esac
-	;;
-winnt)
-	machine=parity
-	;;
-mingw*)
-	# special case ... no xxx-yyy style name
-	echo ${system}
-	;;
-esac
-
-
-# If we have something, show it
-[[ -n ${machine} ]] && echo ${system}-${machine}

diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
index 64933771ca..3decbee261 100755
--- a/dev-libs/openssl/files/gentoo.config-1.0.2
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
-# $Id$
 #
 # Openssl doesn't play along nicely with cross-compiling
 # like autotools based projects, so let's teach it new tricks.
@@ -85,8 +84,8 @@ chost_machine=${CHOST%%-*}
 case ${system} in
 linux)
 	case ${chost_machine}:${ABI} in
-		aarch64*be*)  machine="generic64 -DB_ENDIAN";;
-		aarch64*)     machine="generic64 -DL_ENDIAN";;
+		aarch64*be*)  machine="aarch64 -DB_ENDIAN";;
+		aarch64*)     machine="aarch64 -DL_ENDIAN";;
 		alphaev56*|\
 		alphaev[678]*)machine=alpha+bwx-${compiler};;
 		alpha*)       machine=alpha-${compiler};;
@@ -111,8 +110,13 @@ linux)
 	#	sh64*)        machine=elf;;
 		sh*b*)        machine="generic32 -DB_ENDIAN";;
 		sh*)          machine="generic32 -DL_ENDIAN";;
+		# TODO: Might want to do -mcpu probing like glibc to determine a
+		# better default for sparc-linux-gnu targets.  This logic will
+		# break v7 and older systems when they use it.
 		sparc*v7*)    machine="generic32 -DB_ENDIAN";;
-		sparc64*)     machine=sparcv9;;
+		sparc64*)     machine=sparcv9 system=linux64;;
+		sparc*v9*)    machine=sparcv9;;
+		sparc*v8*)    machine=sparcv8;;
 		sparc*)       machine=sparcv8;;
 		s390x*)       machine=s390x system=linux64;;
 		s390*)        machine="generic32 -DB_ENDIAN";;

diff --git a/dev-libs/openssl/files/openssl-0.9.7-alpha-default-gcc.patch b/dev-libs/openssl/files/openssl-0.9.7-alpha-default-gcc.patch
deleted file mode 100644
index a56e76e17a..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.7-alpha-default-gcc.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ur openssl-0.9.7d.orig/config openssl-0.9.7d/config
---- openssl-0.9.7d.orig/config	2004-12-11 19:01:11.077248504 -0500
-+++ openssl-0.9.7d/config	2004-12-11 19:08:52.099162520 -0500
-@@ -452,7 +452,7 @@
- 	sed 's/.* C V\([0-9]\)\.\([0-9]\).*/\1\2/'`
-   CCCVER=${CCCVER:-0}
-   if [ $CCCVER -gt 60 ]; then
--    CC=ccc	# overrides gcc!!! well, ccc outperforms inoticeably
-+    CC=gcc	# overrides gcc!!! well, ccc outperforms inoticeably
- 		# only on hash routines and des, otherwise gcc (2.95)
- 		# keeps along rather tight...
-   fi

diff --git a/dev-libs/openssl/files/openssl-0.9.7e-gentoo.patch b/dev-libs/openssl/files/openssl-0.9.7e-gentoo.patch
deleted file mode 100644
index b3753d20de..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.7e-gentoo.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-diff -r -c -C 2 openssl-0.9.6g-orig/test/Makefile openssl-0.9.6g/test/Makefile
-*** openssl-0.9.6g-orig/test/Makefile	Thu Sep 26 15:20:47 2002
---- openssl-0.9.6g/test/Makefile	Thu Sep 26 15:23:26 2002
-***************
-*** 28,32 ****
-  DLIBCRYPTO= ../libcrypto.a
-  DLIBSSL= ../libssl.a
-! LIBCRYPTO= -L.. -lcrypto
-  LIBSSL= -L.. -lssl
-  
---- 28,32 ----
-  DLIBCRYPTO= ../libcrypto.a
-  DLIBSSL= ../libssl.a
-! LIBCRYPTO= -L.. -lcrypto -lcrypt
-  LIBSSL= -L.. -lssl
-  

diff --git a/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch b/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch
deleted file mode 100644
index 5cba456c7e..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8-make-engines-dir.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2082
-
---- openssl-0.9.8/engines/Makefile
-+++ openssl-0.9.8.az/engines/Makefile
-@@ -88,6 +88,7 @@
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
-+		$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines; \
- 		for l in $(LIBNAMES); do \
- 			( echo installing $$l; \
- 			  if [ "$(PLATFORM)" != "Cygwin" ]; then \

diff --git a/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch b/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch
deleted file mode 100644
index 9abbe8ef37..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8-makedepend.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-http://bugs.gentoo.org/149583
-
-http://rt.openssl.org/Ticket/Display.html?id=2085
-
---- util/domd
-+++ util/domd
-@@ -14,7 +14,7 @@
- cp Makefile Makefile.save
- # fake the presence of Kerberos
- touch $TOP/krb5.h
--if [ "$MAKEDEPEND" = "gcc" ]; then
-+if [ "$MAKEDEPEND" != "makedepend" ]; then
-     args=""
-     while [ $# -gt 0 ]; do
- 	if [ "$1" != "--" ]; then args="$args $1"; fi

diff --git a/dev-libs/openssl/files/openssl-0.9.8b-doc-updates.patch b/dev-libs/openssl/files/openssl-0.9.8b-doc-updates.patch
deleted file mode 100644
index 37cc34cb4c..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8b-doc-updates.patch
+++ /dev/null
@@ -1,270 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2083
-
---- doc/crypto/ASN1_generate_nconf.pod
-+++ doc/crypto/ASN1_generate_nconf.pod
-@@ -6,6 +6,8 @@ ASN1_generate_nconf, ASN1_generate_v3 - 
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/asn1.h>
-+
-  ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf);
-  ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf);
- 
---- doc/crypto/ASN1_OBJECT_new.pod
-+++ doc/crypto/ASN1_OBJECT_new.pod
-@@ -6,6 +6,8 @@ ASN1_OBJECT_new, ASN1_OBJECT_free, - obj
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/asn1.h>
-+
-  ASN1_OBJECT *ASN1_OBJECT_new(void);
-  void ASN1_OBJECT_free(ASN1_OBJECT *a);
- 
---- doc/crypto/ASN1_STRING_length.pod
-+++ doc/crypto/ASN1_STRING_length.pod
-@@ -8,6 +8,8 @@ ASN1_STRING utility functions
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/asn1.h>
-+
-  int ASN1_STRING_length(ASN1_STRING *x);
-  unsigned char * ASN1_STRING_data(ASN1_STRING *x);
- 
---- doc/crypto/ASN1_STRING_new.pod
-+++ doc/crypto/ASN1_STRING_new.pod
-@@ -7,6 +7,8 @@ ASN1_STRING allocation functions
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/asn1.h>
-+
-  ASN1_STRING * ASN1_STRING_new(void);
-  ASN1_STRING * ASN1_STRING_type_new(int type);
-  void ASN1_STRING_free(ASN1_STRING *a);
---- doc/crypto/bn_internal.pod
-+++ doc/crypto/bn_internal.pod
-@@ -13,6 +13,8 @@ library internal functions
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/bn.h>
-+
-  BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w);
-  BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num,
-    BN_ULONG w);
---- doc/crypto/CRYPTO_set_ex_data.pod
-+++ doc/crypto/CRYPTO_set_ex_data.pod
-@@ -6,6 +6,8 @@ CRYPTO_set_ex_data, CRYPTO_get_ex_data -
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/crypto.h>
-+
-  int CRYPTO_set_ex_data(CRYPTO_EX_DATA *r, int idx, void *arg);
- 
-  void *CRYPTO_get_ex_data(CRYPTO_EX_DATA *r, int idx);
---- doc/crypto/OBJ_nid2obj.pod
-+++ doc/crypto/OBJ_nid2obj.pod
-@@ -8,6 +8,8 @@ functions
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/objects.h>
-+
-  ASN1_OBJECT * OBJ_nid2obj(int n);
-  const char *  OBJ_nid2ln(int n);
-  const char *  OBJ_nid2sn(int n);
---- doc/crypto/PKCS7_decrypt.pod
-+++ doc/crypto/PKCS7_decrypt.pod
-@@ -6,7 +6,9 @@ PKCS7_decrypt - decrypt content from a P
- 
- =head1 SYNOPSIS
- 
--int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
-+ #include <openssl/pkcs7.h>
-+
-+ int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/PKCS7_encrypt.pod
-+++ doc/crypto/PKCS7_encrypt.pod
-@@ -6,7 +6,9 @@ PKCS7_encrypt - create a PKCS#7 envelope
- 
- =head1 SYNOPSIS
- 
--PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
-+ #include <openssl/pkcs7.h>
-+
-+ PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, int flags);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/PKCS7_sign.pod
-+++ doc/crypto/PKCS7_sign.pod
-@@ -6,7 +6,9 @@ PKCS7_sign - create a PKCS#7 signedData 
- 
- =head1 SYNOPSIS
- 
--PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
-+ #include <openssl/pkcs7.h>
-+
-+ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, BIO *data, int flags);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/PKCS7_verify.pod
-+++ doc/crypto/PKCS7_verify.pod
-@@ -6,9 +6,11 @@ PKCS7_verify - verify a PKCS#7 signedDat
- 
- =head1 SYNOPSIS
- 
--int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
-+ #include <openssl/pkcs7.h>
- 
--STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
-+ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, BIO *indata, BIO *out, int flags);
-+
-+ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/SMIME_read_PKCS7.pod
-+++ doc/crypto/SMIME_read_PKCS7.pod
-@@ -6,7 +6,9 @@ SMIME_read_PKCS7 - parse S/MIME message.
- 
- =head1 SYNOPSIS
- 
--PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
-+ #include <openssl/pkcs7.h>
-+
-+ PKCS7 *SMIME_read_PKCS7(BIO *in, BIO **bcont);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/SMIME_write_PKCS7.pod
-+++ doc/crypto/SMIME_write_PKCS7.pod
-@@ -6,7 +6,9 @@ SMIME_write_PKCS7 - convert PKCS#7 struc
- 
- =head1 SYNOPSIS
- 
--int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
-+ #include <openssl/pkcs7.h>
-+
-+ int SMIME_write_PKCS7(BIO *out, PKCS7 *p7, BIO *data, int flags);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/ui_compat.pod
-+++ doc/crypto/ui_compat.pod
-@@ -7,6 +7,8 @@ Compatibility user interface functions
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/des_old.h>
-+
-  int des_read_password(DES_cblock *key,const char *prompt,int verify);
-  int des_read_2passwords(DES_cblock *key1,DES_cblock *key2,
-  	const char *prompt,int verify);
---- doc/crypto/X509_NAME_add_entry_by_txt.pod
-+++ doc/crypto/X509_NAME_add_entry_by_txt.pod
-@@ -7,15 +7,17 @@ X509_NAME_add_entry, X509_NAME_delete_en
- 
- =head1 SYNOPSIS
- 
--int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
-+ #include <openssl/x509.h>
- 
--int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
-+ int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set);
- 
--int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
-+ int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, unsigned char *bytes, int len, int loc, int set);
- 
--int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
-+ int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, unsigned char *bytes, int len, int loc, int set);
- 
--X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
-+ int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, int loc, int set);
-+
-+ X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/X509_NAME_ENTRY_get_object.pod
-+++ doc/crypto/X509_NAME_ENTRY_get_object.pod
-@@ -9,15 +9,17 @@ X509_NAME_ENTRY_create_by_OBJ - X509_NAM
- 
- =head1 SYNOPSIS
- 
--ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
--ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
-+ #include <openssl/x509.h>
- 
--int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
--int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-+ ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne);
-+ ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne);
- 
--X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
--X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
--X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
-+ int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj);
-+ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, const unsigned char *bytes, int len);
-+
-+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, const char *field, int type, const unsigned char *bytes, int len);
-+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, int type,unsigned char *bytes, int len);
-+ X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/X509_NAME_get_index_by_NID.pod
-+++ doc/crypto/X509_NAME_get_index_by_NID.pod
-@@ -8,14 +8,16 @@ X509_NAME lookup and enumeration functio
- 
- =head1 SYNOPSIS
- 
--int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
--int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
-+ #include <openssl/x509.h>
- 
--int X509_NAME_entry_count(X509_NAME *name);
--X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-+ int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos);
-+ int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, int lastpos);
- 
--int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
--int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
-+ int X509_NAME_entry_count(X509_NAME *name);
-+ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc);
-+
-+ int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf,int len);
-+ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,int len);
- 
- =head1 DESCRIPTION
- 
---- doc/crypto/X509_new.pod
-+++ doc/crypto/X509_new.pod
-@@ -6,6 +6,8 @@ X509_new, X509_free - X509 certificate A
- 
- =head1 SYNOPSIS
- 
-+ #include <openssl/x509.h>
-+
-  X509 *X509_new(void);
-  void X509_free(X509 *a);
- 
---- Makefile.org
-+++ Makefile.org
-@@ -218,7 +218,7 @@
- MANDIR=$(OPENSSLDIR)/man
- MAN1=1
- MAN3=3
--MANSUFFIX=
-+MANSUFFIX=ssl
- SHELL=/bin/sh
- 
- TOP=    .

diff --git a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
deleted file mode 100644
index a798164a90..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
+++ /dev/null
@@ -1,25 +0,0 @@
---- a/Configure
-+++ b/Configure
-@@ -365,7 +365,7 @@
- # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
- # simply *happens* to work around a compiler bug in gcc 3.3.3,
- # triggered by RIPEMD160 code.
--"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
-
-the -B flag is a no-op nowadays
-
---- a/crypto/des/Makefile
-+++ b/crypto/des/Makefile
-@@ -62,7 +62,7 @@
- 	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
- 
- des_enc-sparc.S:	asm/des_enc.m4
--	m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
-+	m4 asm/des_enc.m4 > des_enc-sparc.S
- 
- # ELF
- dx86-elf.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

diff --git a/dev-libs/openssl/files/openssl-0.9.8e-make.patch b/dev-libs/openssl/files/openssl-0.9.8e-make.patch
deleted file mode 100644
index 54f4302cbe..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8e-make.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-respect $MAKE if it is set in the environment so we don't get a mix
-of the host `make` and whatever $MAKE is set to when recursing
-
-http://bugs.gentoo.org/146316
-
-http://rt.openssl.org/Ticket/Display.html?id=2080
-
---- openssl-0.9.8e/Configure
-+++ openssl-0.9.8e/Configure
-@@ -931,6 +931,7 @@
- $default_ranlib= &which("ranlib") or $default_ranlib="true";
- $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
-   or $perl="perl";
-+my $make = $ENV{'MAKE'} || "make";
- 
- chop $openssldir if $openssldir =~ /\/$/;
- chop $prefix if $prefix =~ /\/$/;
-@@ -1554,7 +1557,7 @@
- EOF
- 	close(OUT);
- } else {
--	my $make_command = "make PERL=\'$perl\'";
-+	my $make_command = "$make PERL=\'$perl\'";
- 	my $make_targets = "";
- 	$make_targets .= " links" if $symlink;
- 	$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;

diff --git a/dev-libs/openssl/files/openssl-0.9.8g-interix.patch b/dev-libs/openssl/files/openssl-0.9.8g-interix.patch
deleted file mode 100644
index 545e95dcf8..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8g-interix.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-reported upstream to rt@openssl.org on 24 Apr 2009:
-http://rt.openssl.org/Ticket/Display.html?id=1908
-
-diff -ru openssl-0.9.8g.orig/Configure openssl-0.9.8g/Configure
---- openssl-0.9.8g.orig/Configure	Mon Jan 21 11:20:03 2008
-+++ openssl-0.9.8g/Configure	Mon Jan 21 11:22:20 2008
-@@ -464,6 +464,9 @@
- "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- "VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- 
-+# Interix (GCC)
-+"interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Borland C++ 4.5
- "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
- 
-diff -ru openssl-0.9.8g.orig/config openssl-0.9.8g/config
---- openssl-0.9.8g.orig/config	Mon Jan 21 11:20:03 2008
-+++ openssl-0.9.8g/config	Mon Jan 21 11:31:46 2008
-@@ -336,6 +336,10 @@
- 	echo "mips-sony-newsos4"; exit 0;
- 	;;
- 
-+	Interix*)
-+	echo "i586-pc-interix${VERSION}"; exit 0;
-+	;;
-+
-     MINGW*)
- 	echo "${MACHINE}-whatever-mingw"; exit 0;
- 	;;
-@@ -763,6 +767,7 @@
-   t3e-cray-unicosmk) OUT="cray-t3e" ;;
-   j90-cray-unicos) OUT="cray-j90" ;;
-   nsr-tandem-nsk) OUT="tandem-c89" ;;
-+  *-interix*) OUT="interix-gcc" ;;
-   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
- esac
- 

diff --git a/dev-libs/openssl/files/openssl-0.9.8g-mint.patch b/dev-libs/openssl/files/openssl-0.9.8g-mint.patch
deleted file mode 100644
index ab881c8893..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8g-mint.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- Configure.old	2008-04-11 21:28:45.000000000 +0100
-+++ Configure	2008-04-11 23:46:19.000000000 +0100
-@@ -467,6 +467,9 @@
- # Interix (GCC)
- "interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
-+# FreeMiNT (GCC)
-+"mint-gcc", "gcc:-O2 -fomit-frame-pointer -DB_ENDIAN -DTERMIOS::-D_REENTRANT:::BN_LLONG:::",
-+
- # Borland C++ 4.5
- "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
- 
---- config.old	2008-04-11 23:41:29.000000000 +0100
-+++ config	2008-04-11 23:42:19.000000000 +0100
-@@ -340,6 +340,10 @@
- 	echo "i586-pc-interix${VERSION}"; exit 0;
- 	;;
- 
-+	FreeMiNT*)
-+	echo "m68k-atari-mint"; exit 0;
-+	;;
-+
-     MINGW*)
- 	echo "${MACHINE}-whatever-mingw"; exit 0;
- 	;;
-@@ -768,6 +772,7 @@
-   j90-cray-unicos) OUT="cray-j90" ;;
-   nsr-tandem-nsk) OUT="tandem-c89" ;;
-   *-interix*) OUT="interix-gcc" ;;
-+  *-mint*) OUT="mint-gcc" ;;
-   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
- esac
- 

diff --git a/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch b/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch
deleted file mode 100644
index ef6134b02c..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8g-sslv3-no-tlsext.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Fix from upstream cvs
-
-Index: ssl/t1_lib.c
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/t1_lib.c,v
-retrieving revision 1.64
-retrieving revision 1.65
-diff -u -p -r1.64 -r1.65
---- ssl/t1_lib.c	29 Dec 2008 16:15:27 -0000  1.64
-+++ ssl/t1_lib.c	28 Apr 2009 22:10:54 -0000  1.65
-@@ -267,6 +267,10 @@ unsigned char *ssl_add_clienthello_tlsex
- 	int extdatalen=0;
- 	unsigned char *ret = p;
- 
-+	/* don't add extensions for SSLv3 */
-+	if (s->client_version == SSL3_VERSION)
-+		return p;
-+
- 	ret+=2;
- 
- 	if (ret>=limit) return NULL; /* this really never occurs, but ... */
-@@ -448,6 +452,10 @@ unsigned char *ssl_add_serverhello_tlsex
- 	int extdatalen=0;
- 	unsigned char *ret = p;
- 
-+	/* don't add extensions for SSLv3 */
-+	if (s->version == SSL3_VERSION)
-+		return p;
-+	
- 	ret+=2;
- 	if (ret>=limit) return NULL; /* this really never occurs, but ... */

diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
deleted file mode 100644
index 64cc7bde05..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-http://bugs.gentoo.org/181438
-http://bugs.gentoo.org/327421
-https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest
-
-make sure we respect LDFLAGS
-
-also make sure we don't add useless -rpath flags to the system libdir
-
---- openssl-0.9.8h/Makefile.org
-+++ openssl-0.9.8h/Makefile.org
-@@ -180,6 +181,7 @@
- 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
- 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
- 		MAKEDEPPROG='${MAKEDEPPROG}'			\
-+		LDFLAGS='${LDFLAGS}'		\
- 		SHARED_LDFLAGS='${SHARED_LDFLAGS}'		\
- 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
- 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
---- openssl-0.9.8h/Makefile.shared
-+++ openssl-0.9.8h/Makefile.shared
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to

diff --git a/dev-libs/openssl/files/openssl-0.9.8h-winnt.patch b/dev-libs/openssl/files/openssl-0.9.8h-winnt.patch
deleted file mode 100644
index 957c4217a2..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8h-winnt.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-diff -ru openssl-0.9.8h.orig/Configure openssl-0.9.8h/Configure
---- openssl-0.9.8h.orig/Configure	2008-08-28 07:50:21 +0200
-+++ openssl-0.9.8h/Configure	2008-08-28 07:55:02 +0200
-@@ -468,6 +468,7 @@
- "VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- "VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-+"winnt-parity","parity.gnu.gcc:-DNOCRYPT:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::::win32:gnu:-fPIC -DPIC:-shared:.so",
- 
- # Interix (GCC)
- "interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-diff -ru openssl-0.9.8h.orig/Makefile.org openssl-0.9.8h/Makefile.org
---- openssl-0.9.8h.orig/Makefile.org	2008-08-28 07:50:37 +0200
-+++ openssl-0.9.8h/Makefile.org	2008-08-28 07:54:26 +0200
-@@ -269,6 +269,7 @@
- 			done; \
- 		fi; \
- 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-+		( set -x; rm -f lib$$i$(SHLIB_EXT)* ); \
- 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
- 			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- 		fi; \
-@@ -507,9 +508,11 @@
- 			if [ -f "$$i" -o -f "$$i.a" ]; then \
- 			(       echo installing $$i; \
- 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
--					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
--					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
--					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-+					for x in $${i}*; do \
-+						cp $$x $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x.new; \
-+						chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x.new; \
-+						mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x; \
-+					done; \
- 				else \
- 					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-diff -ru openssl-0.9.8h.orig/engines/Makefile openssl-0.9.8h/engines/Makefile
---- openssl-0.9.8h.orig/engines/Makefile	2008-08-28 07:50:34 +0200
-+++ openssl-0.9.8h/engines/Makefile	2008-08-28 07:54:28 +0200
-@@ -96,6 +96,7 @@
- 				case "$(CFLAGS)" in \
- 				*DSO_DLFCN*)	sfx="so";;	\
- 				*DSO_DL*)	sfx="sl";;	\
-+				*DSO_WIN*)	sfx="so.dll";; \
- 				*)		sfx="bad";;	\
- 				esac; \
- 				cp lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
-diff -ru openssl-0.9.8h.orig/util/mklink.pl openssl-0.9.8h/util/mklink.pl
---- openssl-0.9.8h.orig/util/mklink.pl	2008-08-28 07:50:42 +0200
-+++ openssl-0.9.8h/util/mklink.pl	2008-08-28 07:54:26 +0200
-@@ -50,23 +50,7 @@
- my $to = join('/', @to_path);
- 
- my $file;
--$symlink_exists=eval {symlink("",""); 1};
- foreach $file (@files) {
--    my $err = "";
--    if ($symlink_exists) {
--	unlink "$from/$file";
--	symlink("$to/$file", "$from/$file") or $err = " [$!]";
--    } else {
--	unlink "$from/$file"; 
--	open (OLD, "<$file") or die "Can't open $file: $!";
--	open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
--	binmode(OLD);
--	binmode(NEW);
--	while (<OLD>) {
--	    print NEW $_;
--	}
--	close (OLD) or die "Can't close $file: $!";
--	close (NEW) or die "Can't close $from/$file: $!";
--    }
--    print $file . " => $from/$file$err\n";
-+	$err=eval {system("rm -f $from/$file; cp $file $from/$file"); 1};
-+    print $file . " => $from/$file => $err\n";
- }
-diff -ru openssl-0.9.8h.orig/util/opensslwrap.sh openssl-0.9.8h/util/opensslwrap.sh
---- openssl-0.9.8h.orig/util/opensslwrap.sh	2008-08-28 07:50:42 +0200
-+++ openssl-0.9.8h/util/opensslwrap.sh	2008-08-28 07:54:26 +0200
-@@ -7,6 +7,11 @@
- 	OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES
- fi
- 
-+if [ "`uname`" = "Interix" ]; then
-+	LD_LIBRARY_PATH="${HERE}..:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
-+	exec "${OPENSSL}" "$@"
-+fi
-+
- if [ -x "${OPENSSL}.exe" ]; then
- 	# The original reason for this script existence is to work around
- 	# certain caveats in run-time linker behaviour. On Windows platforms
-diff -ru openssl-0.9.8h.orig/util/domd openssl-0.9.8h/util/domd
---- openssl-0.9.8h.orig/util/domd	2008-08-28 08:37:35 +0200
-+++ openssl-0.9.8h/util/domd	2008-08-28 08:37:00 +0200
-@@ -23,7 +23,7 @@
-     done
-     sed -e '/^# DO NOT DELETE.*/,$d' < Makefile > Makefile.tmp
-     echo '# DO NOT DELETE THIS LINE -- make depend depends on it.' >> Makefile.tmp
--    gcc -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
-+    ${MAKEDEPEND} -D OPENSSL_DOING_MAKEDEPEND -M $args >> Makefile.tmp
-     ${PERL} $TOP/util/clean-depend.pl < Makefile.tmp > Makefile.new
-     rm -f Makefile.tmp
- else

diff --git a/dev-libs/openssl/files/openssl-0.9.8j-parallel-build.patch b/dev-libs/openssl/files/openssl-0.9.8j-parallel-build.patch
deleted file mode 100644
index b9bb7a6a46..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8j-parallel-build.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- openssl-0.9.8j/Makefile.org
-+++ openssl-0.9.8j/Makefile.org
-@@ -333,15 +333,15 @@
- 		dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_fips:
- 	@dir=fips; target=all; [ -z "$(FIPSCANLIB)" ] || $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
- 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
- 	@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
- 	@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
- 	@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
- 	@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps

diff --git a/dev-libs/openssl/files/openssl-0.9.8k-aixdll.patch b/dev-libs/openssl/files/openssl-0.9.8k-aixdll.patch
deleted file mode 100644
index 593382e824..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8k-aixdll.patch
+++ /dev/null
@@ -1,46 +0,0 @@
---- Makefile.shared.orig	2009-11-02 16:31:28 +0100
-+++ Makefile.shared	2009-11-02 17:03:31 +0100
-@@ -506,10 +506,16 @@
- 	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
- 	SHLIB=lib$(LIBNAME).so; \
- 	SHLIB_SUFFIX=; \
--	ALLSYMSFLAGS='-bnogc'; \
-+	ALLSYMSFLAGS=''; \
- 	NOALLSYMSFLAGS=''; \
--	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
--	$(LINK_SO_A_VIA_O)
-+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-G,-bexpall,-bnolibpath,-bernotok'; \
-+	INHIBIT_SYMLINKS=yes; \
-+	set dummy $(AR); $$2 t lib$(LIBNAME).a | grep $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX >/dev/null || { \
-+		$(LINK_SO_A_UNPACKED); \
-+		mv -f lib$(LIBNAME).a lib$(LIBNAME).sa; \
-+	}; \
-+	rm -f lib$(LIBNAME).a; \
-+	$(AR) lib$(LIBNAME).a $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX;
- link_app.aix:
- 	LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
- 	$(LINK_APP)
-@@ -535,10 +541,11 @@
- 
- # Targets to build symbolic links when needed
- symlink.gnu symlink.solaris symlink.svr3 symlink.svr5 symlink.irix \
--symlink.aix symlink.reliantunix:
-+symlink.reliantunix:
- 	@ $(CALC_VERSIONS); \
- 	SHLIB=lib$(LIBNAME).so; \
- 	$(SYMLINK_SO)
-+symlink.aix:
- symlink.darwin:
- 	@ $(CALC_VERSIONS); \
- 	SHLIB=lib$(LIBNAME); \
---- Makefile.org.orig	2009-11-02 16:37:36 +0100
-+++ Makefile.org	2009-11-02 16:38:19 +0100
-@@ -638,7 +638,7 @@
- 			mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- 		fi; \
- 	done;
--	@set -e; if [ -n "$(SHARED_LIBS)" ]; then \
-+	@set -e; if [ -n "$(SHARED_LIBS)" -a "$(SHLIB_TARGET)" != "aix-shared" ]; then \
- 		tmp="$(SHARED_LIBS)"; \
- 		for i in $${tmp:-x}; \
- 		do \

diff --git a/dev-libs/openssl/files/openssl-0.9.8k-cc-mxx.patch b/dev-libs/openssl/files/openssl-0.9.8k-cc-mxx.patch
deleted file mode 100644
index 4a57151a03..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8k-cc-mxx.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-Allow compilation using e.g. CC="gcc -m32"
-
---- apps/Makefile
-+++ apps/Makefile
-@@ -153,12 +153,12 @@
- 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
- 		shlib_target="$(SHLIB_TARGET)"; \
- 	elif [ -n "$(FIPSCANLIB)" ]; then \
--	  FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-+	  FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
- 	fi; \
- 	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
- 	[ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
- 	$(MAKE) -f $(TOP)/Makefile.shared -e \
--		CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
-+		CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
- 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
- 		link_app.$${shlib_target}
- 	-(cd ..; \
---- test/Makefile
-+++ test/Makefile
-@@ -402,13 +402,13 @@
- 	if [ "$(FIPSCANLIB)" = "libfips" ]; then \
- 		LIBRARIES="-L$(TOP) -lfips"; \
- 	elif [ -n "$(FIPSCANLIB)" ]; then \
--		FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-+		FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
- 		LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
- 	else \
- 		LIBRARIES="$(LIBCRYPTO)"; \
- 	fi; \
- 	$(MAKE) -f $(TOP)/Makefile.shared -e \
--		CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-+		CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
- 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
- 		link_app.$${shlib_target}
- 
-@@ -417,11 +417,11 @@
- 	fi; \
- 	LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
- 	if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
--		FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
-+		FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
- 	fi; \
- 	[ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
- 	$(MAKE) -f $(TOP)/Makefile.shared -e \
--		CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
-+		CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
- 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
- 		link_app.$${shlib_target}
- 

diff --git a/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch b/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch
deleted file mode 100644
index 78d77d0a74..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8k-toolchain.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2081
-
---- Configure
-+++ Configure
-@@ -979,7 +979,8 @@
- my $shared_cflag = $fields[$idx_shared_cflag];
- my $shared_ldflag = $fields[$idx_shared_ldflag];
- my $shared_extension = $fields[$idx_shared_extension];
--my $ranlib = $fields[$idx_ranlib];
-+my $ar = $ENV{'AR'} || "ar";
-+my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
- my $arflags = $fields[$idx_arflags];
- 
- if ($fips)
-@@ -1487,6 +1488,7 @@
- 	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
- 	s/^PROCESSOR=.*/PROCESSOR= $processor/;
- 	s/^RANLIB=.*/RANLIB= $ranlib/;
-+	s/^AR=ar /AR= $ar /;
- 	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
- 	s/^PERL=.*/PERL= $perl/;
- 	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;

diff --git a/dev-libs/openssl/files/openssl-0.9.8k-winnt.patch b/dev-libs/openssl/files/openssl-0.9.8k-winnt.patch
deleted file mode 100644
index 6894d1cdef..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8k-winnt.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-diff -ru openssl-0.9.8h.orig/Configure openssl-0.9.8h/Configure
---- openssl-0.9.8h.orig/Configure	2008-08-28 07:50:21 +0200
-+++ openssl-0.9.8h/Configure	2008-08-28 07:55:02 +0200
-@@ -468,6 +468,7 @@
- "VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- "VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
-+"winnt-parity","parity.gnu.gcc:-DNOCRYPT:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}::::::::::::win32:gnu:-fPIC -DPIC:-shared:.so",
- 
- # Interix (GCC)
- "interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-diff -ru openssl-0.9.8h.orig/Makefile.org openssl-0.9.8h/Makefile.org
---- openssl-0.9.8h.orig/Makefile.org	2008-08-28 07:50:37 +0200
-+++ openssl-0.9.8h/Makefile.org	2008-08-28 07:54:26 +0200
-@@ -269,6 +269,7 @@
- 			done; \
- 		fi; \
- 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-+		( set -x; rm -f lib$$i$(SHLIB_EXT)* ); \
- 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
- 			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
- 		fi; \
-@@ -507,9 +508,11 @@
- 			if [ -f "$$i" -o -f "$$i.a" ]; then \
- 			(       echo installing $$i; \
- 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
--					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
--					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
--					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
-+					for x in $${i}*; do \
-+						cp $$x $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x.new; \
-+						chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x.new; \
-+						mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$x; \
-+					done; \
- 				else \
- 					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
- 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
-diff -ru openssl-0.9.8h.orig/engines/Makefile openssl-0.9.8h/engines/Makefile
---- openssl-0.9.8h.orig/engines/Makefile	2008-08-28 07:50:34 +0200
-+++ openssl-0.9.8h/engines/Makefile	2008-08-28 07:54:28 +0200
-@@ -96,6 +96,7 @@
- 				case "$(CFLAGS)" in \
- 				*DSO_DLFCN*)	sfx="so";;	\
- 				*DSO_DL*)	sfx="sl";;	\
-+				*DSO_WIN*)	sfx="so.dll";; \
- 				*)		sfx="bad";;	\
- 				esac; \
- 				cp lib$$l.$$sfx $(INSTALL_PREFIX)$(INSTALLTOP)/lib/engines/lib$$l.$$sfx.new; \
-diff -ru openssl-0.9.8h.orig/util/mklink.pl openssl-0.9.8h/util/mklink.pl
---- openssl-0.9.8h.orig/util/mklink.pl	2008-08-28 07:50:42 +0200
-+++ openssl-0.9.8h/util/mklink.pl	2008-08-28 07:54:26 +0200
-@@ -50,23 +50,7 @@
- my $to = join('/', @to_path);
- 
- my $file;
--$symlink_exists=eval {symlink("",""); 1};
- foreach $file (@files) {
--    my $err = "";
--    if ($symlink_exists) {
--	unlink "$from/$file";
--	symlink("$to/$file", "$from/$file") or $err = " [$!]";
--    } else {
--	unlink "$from/$file"; 
--	open (OLD, "<$file") or die "Can't open $file: $!";
--	open (NEW, ">$from/$file") or die "Can't open $from/$file: $!";
--	binmode(OLD);
--	binmode(NEW);
--	while (<OLD>) {
--	    print NEW $_;
--	}
--	close (OLD) or die "Can't close $file: $!";
--	close (NEW) or die "Can't close $from/$file: $!";
--    }
--    print $file . " => $from/$file$err\n";
-+	$err=eval {system("rm -f $from/$file; cp $file $from/$file"); 1};
-+    print $file . " => $from/$file => $err\n";
- }
-diff -ru openssl-0.9.8h.orig/util/opensslwrap.sh openssl-0.9.8h/util/opensslwrap.sh
---- openssl-0.9.8h.orig/util/opensslwrap.sh	2008-08-28 07:50:42 +0200
-+++ openssl-0.9.8h/util/opensslwrap.sh	2008-08-28 07:54:26 +0200
-@@ -7,6 +7,11 @@
- 	OPENSSL_ENGINES="${HERE}../engines"; export OPENSSL_ENGINES
- fi
- 
-+if [ "`uname`" = "Interix" ]; then
-+	LD_LIBRARY_PATH="${HERE}..:$LD_LIBRARY_PATH"; export LD_LIBRARY_PATH
-+	exec "${OPENSSL}" "$@"
-+fi
-+
- if [ -x "${OPENSSL}.exe" ]; then
- 	# The original reason for this script existence is to work around
- 	# certain caveats in run-time linker behaviour. On Windows platforms

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
deleted file mode 100644
index 761698e0f1..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1377.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
-
-Index: openssl/crypto/pqueue/pqueue.c
-RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v
-rcsdiff -q -kk '-r1.2.2.4' '-r1.2.2.5' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.c,v' 2>/dev/null
---- crypto/pqueue/pqueue.c	2005/06/28 12:53:33	1.2.2.4
-+++ crypto/pqueue/pqueue.c	2009/05/16 16:18:44	1.2.2.5
-@@ -234,3 +234,17 @@
- 
- 	return ret;
- 	}
-+
-+int
-+pqueue_size(pqueue_s *pq)
-+{
-+	pitem *item = pq->items;
-+	int count = 0;
-+	
-+	while(item != NULL)
-+	{
-+		count++;
-+		item = item->next;
-+	}
-+	return count;
-+}
-Index: openssl/crypto/pqueue/pqueue.h
-RCS File: /v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v
-rcsdiff -q -kk '-r1.2.2.1' '-r1.2.2.2' -u '/v/openssl/cvs/openssl/crypto/pqueue/pqueue.h,v' 2>/dev/null
---- crypto/pqueue/pqueue.h	2005/05/30 22:34:27	1.2.2.1
-+++ crypto/pqueue/pqueue.h	2009/05/16 16:18:44	1.2.2.2
-@@ -91,5 +91,6 @@
- pitem *pqueue_next(piterator *iter);
- 
- void   pqueue_print(pqueue pq);
-+int    pqueue_size(pqueue pq);
- 
- #endif /* ! HEADER_PQUEUE_H */
-Index: openssl/ssl/d1_pkt.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
-rcsdiff -q -kk '-r1.4.2.17' '-r1.4.2.18' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
---- ssl/d1_pkt.c	2009/05/16 15:51:59	1.4.2.17
-+++ ssl/d1_pkt.c	2009/05/16 16:18:45	1.4.2.18
-@@ -167,6 +167,10 @@
-     DTLS1_RECORD_DATA *rdata;
- 	pitem *item;
- 
-+	/* Limit the size of the queue to prevent DOS attacks */
-+	if (pqueue_size(queue->q) >= 100)
-+		return 0;
-+		
- 	rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
- 	item = pitem_new(priority, rdata);
- 	if (rdata == NULL || item == NULL)

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
deleted file mode 100644
index f111a4c086..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1378.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=1931&user=guest&pass=guest
-
-Index: ssl/d1_both.c
-===================================================================
---- ssl/d1_both.c.orig
-+++ ssl/d1_both.c
-@@ -561,7 +561,16 @@ dtls1_process_out_of_seq_message(SSL *s,
- 	if ((msg_hdr->frag_off+frag_len) > msg_hdr->msg_len)
- 		goto err;
- 
--	if (msg_hdr->seq <= s->d1->handshake_read_seq)
-+	/* Try to find item in queue, to prevent duplicate entries */
-+	pq_64bit_init(&seq64);
-+	pq_64bit_assign_word(&seq64, msg_hdr->seq);
-+	item = pqueue_find(s->d1->buffered_messages, seq64);
-+	pq_64bit_free(&seq64);
-+	
-+	/* Discard the message if sequence number was already there, is
-+	 * too far in the future or the fragment is already in the queue */
-+	if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-+		msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL)
- 		{
- 		unsigned char devnull [256];
- 

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
deleted file mode 100644
index 7067324350..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1379.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Index: openssl/ssl/d1_both.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_both.c,v
-rcsdiff -q -kk '-r1.14.2.6' '-r1.14.2.7' -u '/v/openssl/cvs/openssl/ssl/d1_both.c,v' 2>/dev/null
---- d1_both.c	2009/04/22 12:17:02	1.14.2.6
-+++ d1_both.c	2009/05/13 11:51:30	1.14.2.7
-@@ -519,6 +519,7 @@
- 
- 	if ( s->d1->handshake_read_seq == frag->msg_header.seq)
- 		{
-+		unsigned long frag_len = frag->msg_header.frag_len;
- 		pqueue_pop(s->d1->buffered_messages);
- 
- 		al=dtls1_preprocess_fragment(s,&frag->msg_header,max);
-@@ -536,7 +537,7 @@
- 		if (al==0)
- 			{
- 			*ok = 1;
--			return frag->msg_header.frag_len;
-+			return frag_len;
- 			}
- 
- 		ssl3_send_alert(s,SSL3_AL_FATAL,al);

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch
deleted file mode 100644
index a9e5ea054f..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-1387.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-http://bugs.gentoo.org/270305
-
-fix from upstream
-
-Index: ssl/d1_both.c
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/ssl/d1_both.c,v
-retrieving revision 1.4.2.7
-retrieving revision 1.4.2.8
-diff -u -p -r1.4.2.7 -r1.4.2.8
---- ssl/d1_both.c	17 Oct 2007 21:17:49 -0000	1.4.2.7
-+++ ssl/d1_both.c	2 Apr 2009 22:12:13 -0000	1.4.2.8
-@@ -575,30 +575,31 @@ dtls1_process_out_of_seq_message(SSL *s,
- 			}
- 		}
- 
--	frag = dtls1_hm_fragment_new(frag_len);
--	if ( frag == NULL)
--		goto err;
-+	if (frag_len)
-+	{
-+		frag = dtls1_hm_fragment_new(frag_len);
-+		if ( frag == NULL)
-+			goto err;
- 
--	memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-+		memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
- 
--	if (frag_len)
--		{
--		/* read the body of the fragment (header has already been read */
-+		/* read the body of the fragment (header has already been read) */
- 		i = s->method->ssl_read_bytes(s,SSL3_RT_HANDSHAKE,
- 			frag->fragment,frag_len,0);
- 		if (i<=0 || (unsigned long)i!=frag_len)
- 			goto err;
--		}
- 
--	pq_64bit_init(&seq64);
--	pq_64bit_assign_word(&seq64, msg_hdr->seq);
-+		pq_64bit_init(&seq64);
-+		pq_64bit_assign_word(&seq64, msg_hdr->seq);
- 
--	item = pitem_new(seq64, frag);
--	pq_64bit_free(&seq64);
--	if ( item == NULL)
--		goto err;
-+		item = pitem_new(seq64, frag);
-+		pq_64bit_free(&seq64);
-+		if ( item == NULL)
-+			goto err;
-+
-+		pqueue_insert(s->d1->buffered_messages, item);
-+	}
- 
--	pqueue_insert(s->d1->buffered_messages, item);
- 	return DTLS1_HM_FRAGMENT_RETRY;
- 
- err:

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch b/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch
deleted file mode 100644
index b097869f3b..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-CVE-2009-2409.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-http://bugs.gentoo.org/280591
-
-fix from upstream
-
-http://cvs.openssl.org/chngview?cn=18260
-
-Index: openssl/crypto/x509/x509_vfy.c
-RCS File: /v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v
-rcsdiff -q -kk '-r1.77.2.8' '-r1.77.2.9' -u '/v/openssl/cvs/openssl/crypto/x509/x509_vfy.c,v' 2>/dev/null
---- crypto/x509/x509_vfy.c	2008/07/13 14:33:15	1.77.2.8
-+++ crypto/x509/x509_vfy.c	2009/06/15 14:52:38	1.77.2.9
-@@ -986,7 +986,11 @@
- 	while (n >= 0)
- 		{
- 		ctx->error_depth=n;
--		if (!xs->valid)
-+
-+		/* Skip signature check for self signed certificates. It
-+		 * doesn't add any security and just wastes time.
-+		 */
-+		if (!xs->valid && xs != xi)
- 			{
- 			if ((pkey=X509_get_pubkey(xi)) == NULL)
- 				{
-@@ -996,13 +1000,6 @@
- 				if (!ok) goto end;
- 				}
- 			else if (X509_verify(xs,pkey) <= 0)
--				/* XXX  For the final trusted self-signed cert,
--				 * this is a waste of time.  That check should
--				 * optional so that e.g. 'openssl x509' can be
--				 * used to detect invalid self-signatures, but
--				 * we don't verify again and again in SSL
--				 * handshakes and the like once the cert has
--				 * been declared trusted. */
- 				{
- 				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
- 				ctx->current_cert=xs;
-
-http://cvs.openssl.org/chngview?cn=18317
-
-Index: openssl/crypto/evp/c_alld.c
-RCS File: /v/openssl/cvs/openssl/crypto/evp/c_alld.c,v
-rcsdiff -q -kk '-r1.7' '-r1.7.2.1' -u '/v/openssl/cvs/openssl/crypto/evp/c_alld.c,v' 2>/dev/null
---- crypto/evp/c_alld.c	2005/04/30 21:51:40	1.7
-+++ crypto/evp/c_alld.c	2009/07/08 08:33:26	1.7.2.1
-@@ -64,9 +64,6 @@
- 
- void OpenSSL_add_all_digests(void)
- 	{
--#ifndef OPENSSL_NO_MD2
--	EVP_add_digest(EVP_md2());
--#endif
- #ifndef OPENSSL_NO_MD4
- 	EVP_add_digest(EVP_md4());
- #endif
-Index: openssl/ssl/ssl_algs.c
-RCS File: /v/openssl/cvs/openssl/ssl/ssl_algs.c,v
-rcsdiff -q -kk '-r1.12.2.3' '-r1.12.2.4' -u '/v/openssl/cvs/openssl/ssl/ssl_algs.c,v' 2>/dev/null
---- ssl/ssl_algs.c	2007/04/23 23:50:21	1.12.2.3
-+++ ssl/ssl_algs.c	2009/07/08 08:33:27	1.12.2.4
-@@ -92,9 +92,6 @@
- 	EVP_add_cipher(EVP_seed_cbc());
- #endif
- 
--#ifndef OPENSSL_NO_MD2
--	EVP_add_digest(EVP_md2());
--#endif
- #ifndef OPENSSL_NO_MD5
- 	EVP_add_digest(EVP_md5());
- 	EVP_add_digest_alias(SN_md5,"ssl2-md5");

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-aixso.patch b/dev-libs/openssl/files/openssl-0.9.8l-aixso.patch
deleted file mode 100644
index a89d070b86..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-aixso.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-With a little help from my friend, the native-cctools wrapping ld to support
-'-soname' flag on AIX, we can provide full soname support there (#213277).
-However, this patch is not for upstream, as they cannot rely on that ld wrapper:
-They would have to do the aix-soname magic themself instead.
-
---- Makefile.shared.orig	2009-11-24 09:25:23.835657176 +0100
-+++ Makefile.shared	2009-11-24 09:25:53.165563599 +0100
-@@ -498,7 +498,7 @@
- 	SHLIB_SUFFIX=; \
- 	ALLSYMSFLAGS=''; \
- 	NOALLSYMSFLAGS=''; \
--	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
-+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
- 	$(LINK_SO_O);
- link_a.aix:
- 	@ $(CALC_VERSIONS); \
-@@ -506,10 +506,10 @@
- 	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
- 	SHLIB=lib$(LIBNAME).so; \
- 	SHLIB_SUFFIX=; \
--	ALLSYMSFLAGS='-bnogc'; \
-+	ALLSYMSFLAGS=; \
- 	NOALLSYMSFLAGS=''; \
--	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
--	$(LINK_SO_A_VIA_O)
-+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-bexpall,-bnolibpath,-G,-bernotok,-bsymbolic,'"-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"; \
-+	$(LINK_SO_A_UNPACKED)
- link_app.aix:
- 	LDFLAGS="$(CFLAGS) -Wl,-brtl,-blibpath:$(LIBRPATH):$${LIBPATH:-/usr/lib:/lib}"; \
- 	$(LINK_APP)

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8l-binutils.patch
deleted file mode 100644
index d1bb7754f5..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-binutils.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-fix from upstream for building with newer binutils
-
-http://bugs.gentoo.org/289130
-
-Index: crypto/md5/asm/md5-x86_64.pl
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/crypto/md5/asm/md5-x86_64.pl,v
-retrieving revision 1.2.2.1
-retrieving revision 1.2.2.2
-diff -u -p -r1.2.2.1 -r1.2.2.2
---- openssl/crypto/md5/asm/md5-x86_64.pl	11 Nov 2007 13:34:06 -0000	1.2.2.1
-+++ openssl/crypto/md5/asm/md5-x86_64.pl	13 Nov 2009 14:14:46 -0000	1.2.2.2
-@@ -19,6 +19,7 @@ my $code;
- sub round1_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
-     $code .= " mov	%edx,		%r11d		/* (NEXT STEP) z' = %edx */\n" if ($pos == -1);
-     $code .= <<EOF;
-@@ -42,6 +43,7 @@ EOF
- sub round2_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	1*4(%rsi),	%r10d		/* (NEXT STEP) X[1] */\n" if ($pos == -1);
-     $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
-     $code .= <<EOF;
-@@ -65,6 +67,7 @@ EOF
- sub round3_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	5*4(%rsi),	%r10d		/* (NEXT STEP) X[5] */\n" if ($pos == -1);
-     $code .= " mov	%ecx,		%r11d		/* (NEXT STEP) y' = %ecx */\n" if ($pos == -1);
-     $code .= <<EOF;
-@@ -87,6 +90,7 @@ EOF
- sub round4_step
- {
-     my ($pos, $dst, $x, $y, $z, $k_next, $T_i, $s) = @_;
-+    $T_i = unpack("l",pack("l", hex($T_i))); # convert to 32-bit signed decimal
-     $code .= " mov	0*4(%rsi),	%r10d		/* (NEXT STEP) X[0] */\n" if ($pos == -1);
-     $code .= " mov	\$0xffffffff,	%r11d\n" if ($pos == -1);
-     $code .= " xor	%edx,		%r11d		/* (NEXT STEP) not z' = not %edx*/\n"
-
-Ripped from Fedora
-
---- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils	2009-11-12 15:17:29.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl	2009-11-12 17:24:18.000000000 +0100
-@@ -150,7 +150,7 @@ ___
- sub BODY_20_39 {
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
--my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
-+my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
- $code.=<<___ if ($i<79);
- 	lea	$K($xi,$e),$f
- 	mov	`4*($j%16)`(%rsp),$xi
-@@ -187,7 +187,7 @@ sub BODY_40_59 {
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
- $code.=<<___;
--	lea	0x8f1bbcdc($xi,$e),$f
-+	lea	-0x70e44324($xi,$e),$f
- 	mov	`4*($j%16)`(%rsp),$xi
- 	mov	$b,$t0
- 	mov	$b,$t1

diff --git a/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch b/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch
deleted file mode 100644
index 4d30c9b47d..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8l-dtls-compat.patch
+++ /dev/null
@@ -1,167 +0,0 @@
-http://bugs.gentoo.org/280370
-
-fix from upstream
-
-Index: openssl/ssl/d1_clnt.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_clnt.c,v
-rcsdiff -q -kk '-r1.3.2.15' '-r1.3.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_clnt.c,v' 2>/dev/null
---- d1_clnt.c	2009/04/14 15:20:47	1.3.2.15
-+++ d1_clnt.c	2009/04/19 18:08:11	1.3.2.16
-@@ -130,7 +130,7 @@
- 
- static SSL_METHOD *dtls1_get_client_method(int ver)
- 	{
--	if (ver == DTLS1_VERSION)
-+	if (ver == DTLS1_VERSION || ver == DTLS1_BAD_VER)
- 		return(DTLSv1_client_method());
- 	else
- 		return(NULL);
-@@ -181,7 +181,8 @@
- 			s->server=0;
- 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1);
- 
--			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00))
-+			if ((s->version & 0xff00 ) != (DTLS1_VERSION & 0xff00) &&
-+			    (s->version & 0xff00 ) != (DTLS1_BAD_VER & 0xff00))
- 				{
- 				SSLerr(SSL_F_DTLS1_CONNECT, ERR_R_INTERNAL_ERROR);
- 				ret = -1;
-Index: openssl/ssl/d1_lib.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_lib.c,v
-rcsdiff -q -kk '-r1.1.2.7' '-r1.1.2.8' -u '/v/openssl/cvs/openssl/ssl/d1_lib.c,v' 2>/dev/null
---- d1_lib.c	2009/04/02 22:34:59	1.1.2.7
-+++ d1_lib.c	2009/04/19 18:08:11	1.1.2.8
-@@ -198,7 +198,10 @@
- void dtls1_clear(SSL *s)
- 	{
- 	ssl3_clear(s);
--	s->version=DTLS1_VERSION;
-+	if (s->options & SSL_OP_CISCO_ANYCONNECT)
-+		s->version=DTLS1_BAD_VER;
-+	else
-+		s->version=DTLS1_VERSION;
- 	}
- 
- /*
-Index: openssl/ssl/d1_pkt.c
-RCS File: /v/openssl/cvs/openssl/ssl/d1_pkt.c,v
-rcsdiff -q -kk '-r1.4.2.15' '-r1.4.2.16' -u '/v/openssl/cvs/openssl/ssl/d1_pkt.c,v' 2>/dev/null
---- d1_pkt.c	2009/04/02 22:34:59	1.4.2.15
-+++ d1_pkt.c	2009/04/19 18:08:12	1.4.2.16
-@@ -1024,15 +1024,17 @@
- 	if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC)
- 		{
- 		struct ccs_header_st ccs_hdr;
-+		int ccs_hdr_len = DTLS1_CCS_HEADER_LENGTH;
- 
- 		dtls1_get_ccs_header(rr->data, &ccs_hdr);
- 
- 		/* 'Change Cipher Spec' is just a single byte, so we know
- 		 * exactly what the record payload has to look like */
- 		/* XDTLS: check that epoch is consistent */
--		if (	(s->client_version == DTLS1_BAD_VER && rr->length != 3) ||
--			(s->client_version != DTLS1_BAD_VER && rr->length != DTLS1_CCS_HEADER_LENGTH) || 
--			(rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
-+		if (s->client_version == DTLS1_BAD_VER || s->version == DTLS1_BAD_VER)
-+			ccs_hdr_len = 3;
-+
-+		if ((rr->length != ccs_hdr_len) || (rr->off != 0) || (rr->data[0] != SSL3_MT_CCS))
- 			{
- 			i=SSL_AD_ILLEGAL_PARAMETER;
- 			SSLerr(SSL_F_DTLS1_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC);
-@@ -1358,7 +1360,7 @@
- #if 0
- 	/* 'create_empty_fragment' is true only when this function calls itself */
- 	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done
--		&& SSL_version(s) != DTLS1_VERSION)
-+	    && SSL_version(s) != DTLS1_VERSION && SSL_version(s) != DTLS1_BAD_VER)
- 		{
- 		/* countermeasure against known-IV weakness in CBC ciphersuites
- 		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) 
-Index: openssl/ssl/s3_clnt.c
-RCS File: /v/openssl/cvs/openssl/ssl/s3_clnt.c,v
-rcsdiff -q -kk '-r1.88.2.21' '-r1.88.2.22' -u '/v/openssl/cvs/openssl/ssl/s3_clnt.c,v' 2>/dev/null
---- s3_clnt.c	2009/02/14 21:50:14	1.88.2.21
-+++ s3_clnt.c	2009/04/19 18:08:12	1.88.2.22
-@@ -708,7 +708,7 @@
- 
- 	if (!ok) return((int)n);
- 
--	if ( SSL_version(s) == DTLS1_VERSION)
-+	if ( SSL_version(s) == DTLS1_VERSION || SSL_version(s) == DTLS1_BAD_VER)
- 		{
- 		if ( s->s3->tmp.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST)
- 			{
-Index: openssl/ssl/ssl.h
-RCS File: /v/openssl/cvs/openssl/ssl/ssl.h,v
-rcsdiff -q -kk '-r1.161.2.21' '-r1.161.2.22' -u '/v/openssl/cvs/openssl/ssl/ssl.h,v' 2>/dev/null
---- ssl.h	2008/08/13 19:44:44	1.161.2.21
-+++ ssl.h	2009/04/19 18:08:12	1.161.2.22
-@@ -510,6 +510,8 @@
- #define SSL_OP_COOKIE_EXCHANGE              0x00002000L
- /* Don't use RFC4507 ticket extension */
- #define SSL_OP_NO_TICKET	            0x00004000L
-+/* Use Cisco's "speshul" version of DTLS_BAD_VER (as client)  */
-+#define SSL_OP_CISCO_ANYCONNECT		    0x00008000L
- 
- /* As server, disallow session resumption on renegotiation */
- #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION	0x00010000L
-Index: openssl/ssl/ssl_lib.c
-RCS File: /v/openssl/cvs/openssl/ssl/ssl_lib.c,v
-rcsdiff -q -kk '-r1.133.2.16' '-r1.133.2.17' -u '/v/openssl/cvs/openssl/ssl/ssl_lib.c,v' 2>/dev/null
---- ssl_lib.c	2009/02/23 16:02:47	1.133.2.16
-+++ ssl_lib.c	2009/04/19 18:08:12	1.133.2.17
-@@ -995,7 +995,8 @@
- 		s->max_cert_list=larg;
- 		return(l);
- 	case SSL_CTRL_SET_MTU:
--		if (SSL_version(s) == DTLS1_VERSION)
-+		if (SSL_version(s) == DTLS1_VERSION ||
-+		    SSL_version(s) == DTLS1_BAD_VER)
- 			{
- 			s->d1->mtu = larg;
- 			return larg;
-Index: openssl/ssl/ssl_sess.c
-RCS File: /v/openssl/cvs/openssl/ssl/ssl_sess.c,v
-rcsdiff -q -kk '-r1.51.2.9' '-r1.51.2.10' -u '/v/openssl/cvs/openssl/ssl/ssl_sess.c,v' 2>/dev/null
---- ssl_sess.c	2008/06/04 18:35:27	1.51.2.9
-+++ ssl_sess.c	2009/04/19 18:08:12	1.51.2.10
-@@ -211,6 +211,11 @@
- 			ss->ssl_version=TLS1_VERSION;
- 			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
- 			}
-+		else if (s->version == DTLS1_BAD_VER)
-+			{
-+			ss->ssl_version=DTLS1_BAD_VER;
-+			ss->session_id_length=SSL3_SSL_SESSION_ID_LENGTH;
-+			}
- 		else if (s->version == DTLS1_VERSION)
- 			{
- 			ss->ssl_version=DTLS1_VERSION;
-Index: openssl/ssl/t1_enc.c
-RCS File: /v/openssl/cvs/openssl/ssl/t1_enc.c,v
-rcsdiff -q -kk '-r1.35.2.8' '-r1.35.2.9' -u '/v/openssl/cvs/openssl/ssl/t1_enc.c,v' 2>/dev/null
---- t1_enc.c	2009/01/05 14:43:07	1.35.2.8
-+++ t1_enc.c	2009/04/19 18:08:12	1.35.2.9
-@@ -765,10 +765,10 @@
- 	HMAC_CTX_init(&hmac);
- 	HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL);
- 
--	if (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER)
-+	if (ssl->version == DTLS1_BAD_VER ||
-+	    (ssl->version == DTLS1_VERSION && ssl->client_version != DTLS1_BAD_VER))
- 		{
- 		unsigned char dtlsseq[8],*p=dtlsseq;
--
- 		s2n(send?ssl->d1->w_epoch:ssl->d1->r_epoch, p);
- 		memcpy (p,&seq[2],6);
- 
-@@ -793,7 +793,7 @@
- {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); }
- #endif
- 
--	if ( SSL_version(ssl) != DTLS1_VERSION)
-+	if ( SSL_version(ssl) != DTLS1_VERSION && SSL_version(ssl) != DTLS1_BAD_VER)
- 		{
- 		for (i=7; i>=0; i--)
- 			{

diff --git a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
deleted file mode 100644
index 9fa79b9a65..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-http://bugs.gentoo.org/289130
-
-Ripped from Fedora
-
---- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils	2009-11-12 15:17:29.000000000 +0100
-+++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl	2009-11-12 17:24:18.000000000 +0100
-@@ -150,7 +150,7 @@ ___
- sub BODY_20_39 {
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
--my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
-+my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
- $code.=<<___ if ($i<79);
- 	lea	$K($xi,$e),$f
- 	mov	`4*($j%16)`(%rsp),$xi
-@@ -187,7 +187,7 @@ sub BODY_40_59 {
- my ($i,$a,$b,$c,$d,$e,$f)=@_;
- my $j=$i+1;
- $code.=<<___;
--	lea	0x8f1bbcdc($xi,$e),$f
-+	lea	-0x70e44324($xi,$e),$f
- 	mov	`4*($j%16)`(%rsp),$xi
- 	mov	$b,$t0
- 	mov	$b,$t1

diff --git a/dev-libs/openssl/files/openssl-0.9.8n-interix.patch b/dev-libs/openssl/files/openssl-0.9.8n-interix.patch
deleted file mode 100644
index fa42fa8a5a..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8n-interix.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-reported upstream to rt@openssl.org on 24 Apr 2009:
-http://rt.openssl.org/Ticket/Display.html?id=1908
-
-diff -ru openssl-0.9.8g.orig/Configure openssl-0.9.8g/Configure
---- openssl-0.9.8g.orig/Configure	Mon Jan 21 11:20:03 2008
-+++ openssl-0.9.8g/Configure	Mon Jan 21 11:22:20 2008
-@@ -464,6 +464,9 @@
- "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- "VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- 
-+# Interix (GCC)
-+"interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Borland C++ 4.5
- "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
- 
-diff -ru openssl-0.9.8g.orig/config openssl-0.9.8g/config
---- openssl-0.9.8g.orig/config	Mon Jan 21 11:20:03 2008
-+++ openssl-0.9.8g/config	Mon Jan 21 11:31:46 2008
-@@ -336,6 +336,10 @@
- 	echo "mips-sony-newsos4"; exit 0;
- 	;;
- 
-+	Interix*)
-+	echo "i586-pc-interix${VERSION}"; exit 0;
-+	;;
-+
-     MINGW*)
- 	echo "${MACHINE}-whatever-mingw"; exit 0;
- 	;;
-@@ -763,6 +767,7 @@
-   t3e-cray-unicosmk) OUT="cray-t3e" ;;
-   j90-cray-unicos) OUT="cray-j90" ;;
-   nsr-tandem-nsk) OUT="tandem-c89" ;;
-+  *-interix*) OUT="interix-gcc" ;;
-   x86pc-*-qnx6) OUT="QNX6-i386" ;;
-   *-*-qnx6) OUT="QNX6" ;;
-   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
-

diff --git a/dev-libs/openssl/files/openssl-0.9.8n-mint.patch b/dev-libs/openssl/files/openssl-0.9.8n-mint.patch
deleted file mode 100644
index f241fbad93..0000000000
--- a/dev-libs/openssl/files/openssl-0.9.8n-mint.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- Configure.old	2008-04-11 21:28:45.000000000 +0100
-+++ Configure	2008-04-11 23:46:19.000000000 +0100
-@@ -467,6 +467,9 @@
- # Interix (GCC)
- "interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
-+# FreeMiNT (GCC)
-+"mint-gcc", "gcc:-O2 -fomit-frame-pointer -DB_ENDIAN -DTERMIOS::-D_REENTRANT:::BN_LLONG:::",
-+
- # Borland C++ 4.5
- "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
- 
---- config.old	2008-04-11 23:41:29.000000000 +0100
-+++ config	2008-04-11 23:42:19.000000000 +0100
-@@ -340,6 +340,10 @@
- 	echo "i586-pc-interix${VERSION}"; exit 0;
- 	;;
- 
-+	FreeMiNT*)
-+	echo "m68k-atari-mint"; exit 0;
-+	;;
-+
-     MINGW*)
- 	echo "${MACHINE}-whatever-mingw"; exit 0;
- 	;;
-@@ -768,6 +772,7 @@
-   j90-cray-unicos) OUT="cray-j90" ;;
-   nsr-tandem-nsk) OUT="tandem-c89" ;;
-   *-interix*) OUT="interix-gcc" ;;
-+  *-mint*) OUT="mint-gcc" ;;
-   x86pc-*-qnx6) OUT="QNX6-i386" ;;
-   *-*-qnx6) OUT="QNX6" ;;
-   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;

diff --git a/dev-libs/openssl/files/openssl-1.0.0a-alpha-mont.patch b/dev-libs/openssl/files/openssl-1.0.0a-alpha-mont.patch
deleted file mode 100644
index cb7d5655aa..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0a-alpha-mont.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-get the new alpha-mont code building with GNU toolchains
-
-https://bugs.gentoo.org/330915
-
-Index: crypto/bn/asm/alpha-mont.pl
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/crypto/bn/asm/alpha-mont.pl,v
-retrieving revision 1.6
-retrieving revision 1.7
-diff -u -p -r1.6 -r1.7
---- crypto/bn/asm/alpha-mont.pl	10 Apr 2010 13:33:04 -0000	1.6
-+++ crypto/bn/asm/alpha-mont.pl	13 Sep 2010 13:28:51 -0000	1.7
-@@ -41,8 +41,12 @@ $j="s4";
- $m1="s5";
- 
- $code=<<___;
-+#ifdef __linux__
-+#include <asm/regdef.h>
-+#else
- #include <asm.h>
- #include <regdef.h>
-+#endif
- 
- .text
- 
-@@ -76,7 +80,7 @@ bn_mul_mont:
- 	ldq	$aj,8($ap)
- 	subq	sp,AT,sp
- 	ldq	$bi,0($bp)	# bp[0]
--	mov	-4096,AT
-+	lda	AT,-4096(zero)	# mov	-4096,AT
- 	ldq	$n0,0($n0)
- 	and	sp,AT,sp
- 
-@@ -106,9 +110,9 @@ bn_mul_mont:
- .align	4
- .L1st:
- 	.set	noreorder
--	ldq	$aj,($aj)
-+	ldq	$aj,0($aj)
- 	addl	$j,1,$j
--	ldq	$nj,($nj)
-+	ldq	$nj,0($nj)
- 	lda	$tp,8($tp)
- 
- 	addq	$alo,$hi0,$lo0
-@@ -159,12 +163,12 @@ bn_mul_mont:
- .align	4
- .Louter:
- 	s8addq	$i,$bp,$bi
--	ldq	$hi0,($ap)
-+	ldq	$hi0,0($ap)
- 	ldq	$aj,8($ap)
--	ldq	$bi,($bi)
--	ldq	$hi1,($np)
-+	ldq	$bi,0($bi)
-+	ldq	$hi1,0($np)
- 	ldq	$nj,8($np)
--	ldq	$tj,(sp)
-+	ldq	$tj,0(sp)
- 
- 	mulq	$hi0,$bi,$lo0
- 	umulh	$hi0,$bi,$hi0
-@@ -195,10 +199,10 @@ bn_mul_mont:
- 	.set	noreorder
- 	ldq	$tj,8($tp)	#L0
- 	nop			#U1
--	ldq	$aj,($aj)	#L1
-+	ldq	$aj,0($aj)	#L1
- 	s8addq	$j,$np,$nj	#U0
- 
--	ldq	$nj,($nj)	#L0
-+	ldq	$nj,0($nj)	#L0
- 	nop			#U1
- 	addq	$alo,$hi0,$lo0	#L1
- 	lda	$tp,8($tp)
-@@ -247,7 +251,7 @@ bn_mul_mont:
- 	addq	$hi1,v0,$hi1
- 
- 	addq	$hi1,$hi0,$lo1
--	stq	$j,($tp)
-+	stq	$j,0($tp)
- 	cmpult	$lo1,$hi0,$hi1
- 	addq	$lo1,$tj,$lo1
- 	cmpult	$lo1,$tj,AT
-@@ -265,8 +269,8 @@ bn_mul_mont:
- 	mov	0,$hi0		# clear borrow bit
- 
- .align	4
--.Lsub:	ldq	$lo0,($tp)
--	ldq	$lo1,($np)
-+.Lsub:	ldq	$lo0,0($tp)
-+	ldq	$lo1,0($np)
- 	lda	$tp,8($tp)
- 	lda	$np,8($np)
- 	subq	$lo0,$lo1,$lo1	# tp[i]-np[i]
-@@ -274,7 +278,7 @@ bn_mul_mont:
- 	subq	$lo1,$hi0,$lo0
- 	cmpult	$lo1,$lo0,$hi0
- 	or	$hi0,AT,$hi0
--	stq	$lo0,($rp)
-+	stq	$lo0,0($rp)
- 	cmpult	$tp,$tj,v0
- 	lda	$rp,8($rp)
- 	bne	v0,.Lsub
-@@ -288,7 +292,7 @@ bn_mul_mont:
- 	bis	$bp,$ap,$ap	# ap=borrow?tp:rp
- 
- .align	4
--.Lcopy:	ldq	$aj,($ap)	# copy or in-place refresh
-+.Lcopy:	ldq	$aj,0($ap)	# copy or in-place refresh
- 	lda	$tp,8($tp)
- 	lda	$rp,8($rp)
- 	lda	$ap,8($ap)
-@@ -309,8 +313,8 @@ bn_mul_mont:
- 	lda	sp,48(sp)
- 	ret	(ra)
- .end	bn_mul_mont
--.rdata
--.asciiz	"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
-+.ascii	"Montgomery Multiplication for Alpha, CRYPTOGAMS by <appro\@openssl.org>"
-+.align	2
- ___
- 
- print $code;

diff --git a/dev-libs/openssl/files/openssl-1.0.0a-alphacpuid.patch b/dev-libs/openssl/files/openssl-1.0.0a-alphacpuid.patch
deleted file mode 100644
index 0c4cc71e70..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0a-alphacpuid.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-fix by Matt Turner to alpha syntax
-
-https://bugs.gentoo.org/330915
-
---- a/crypto/alphacpuid.s
-+++ b/crypto/alphacpuid.s
-@@ -68,9 +68,9 @@ OPENSSL_wipe_cpu:
- OPENSSL_atomic_add:
- 	.frame	$30,0,$26
- 	.prologue 0
--1:	ldl_l	$0,($16)
-+1:	ldl_l	$0,0($16)
- 	addl	$0,$17,$1
--	stl_c	$1,($16)
-+	stl_c	$1,0($16)
- 	beq	$1,1b
- 	addl	$0,$17,$0
- 	ret	($26)

diff --git a/dev-libs/openssl/files/openssl-1.0.0a-fix-double-free.patch b/dev-libs/openssl/files/openssl-1.0.0a-fix-double-free.patch
deleted file mode 100644
index a5aaf1eac0..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0a-fix-double-free.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-http://bugs.gentoo.org/332027
-
---- ssl/s3_clnt.c
-+++ ssl/s3_clnt.c
-@@ -1508,6 +1508,7 @@
- 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
- 		ecdh=NULL;
- 		BN_CTX_free(bn_ctx);
-+		bn_ctx = NULL;
- 		EC_POINT_free(srvr_ecpoint);
- 		srvr_ecpoint = NULL;
- 		}

diff --git a/dev-libs/openssl/files/openssl-1.0.0a-interix.patch b/dev-libs/openssl/files/openssl-1.0.0a-interix.patch
deleted file mode 100644
index ce32350dc8..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0a-interix.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-reported upstream to rt@openssl.org on 24 Apr 2009:
-http://rt.openssl.org/Ticket/Display.html?id=1908
-
---- Configure
-+++ Configure
-@@ -499,6 +499,9 @@
- "debug-VC-WIN32","cl:-W3 -WX -Gs0 -GF -Gy -Zi -nologo -DOPENSSL_SYSNAME_WIN32 -DWIN32_LEAN_AND_MEAN -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE:::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${x86_asm}:win32n:win32",
- "VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
- 
-+# Interix (GCC)
-+"interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl::${no_asm}:dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-+
- # Borland C++ 4.5
- "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
- 
---- config
-+++ config
-@@ -344,6 +344,10 @@
- 	echo "mips-sony-newsos4"; exit 0;
- 	;;
- 
-+	Interix*)
-+	echo "i586-pc-interix${VERSION}"; exit 0;
-+	;;
-+
-     MINGW*)
- 	echo "${MACHINE}-whatever-mingw"; exit 0;
- 	;;
-@@ -807,6 +811,7 @@
-   t3e-cray-unicosmk) OUT="cray-t3e" ;;
-   j90-cray-unicos) OUT="cray-j90" ;;
-   nsr-tandem-nsk) OUT="tandem-c89" ;;
-+  *-interix*) OUT="interix-gcc" ;;
-   beos-*) OUT="$GUESSOS" ;;
-   x86pc-*-qnx6) OUT="QNX6-i386" ;;
-   *-*-qnx6) OUT="QNX6" ;;

diff --git a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch b/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch
deleted file mode 100644
index c99ef4abb8..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-http://bugs.gentoo.org/181438
-http://bugs.gentoo.org/327421
-https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest
-
-make sure we respect LDFLAGS
-
-also make sure we don't add useless -rpath flags to the system libdir
-
---- Makefile.org
-+++ Makefile.org
-@@ -189,6 +189,7 @@
- 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
- 		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
- 		MAKEDEPPROG='$(MAKEDEPPROG)'			\
-+		LDFLAGS='${LDFLAGS}'				\
- 		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
- 		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
- 		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
---- Makefile.shared
-+++ Makefile.shared
-@@ -153,7 +153,7 @@
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
- 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
- 
--DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
-+DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
- 
- #This is rather special.  It's a special target with which one can link
- #applications without bothering with any features that have anything to

diff --git a/dev-libs/openssl/files/openssl-1.0.0a-mint.patch b/dev-libs/openssl/files/openssl-1.0.0a-mint.patch
deleted file mode 100644
index 88ff3ba036..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0a-mint.patch
+++ /dev/null
@@ -1,33 +0,0 @@
---- Configure
-+++ Configure
-@@ -502,6 +502,9 @@
- # Interix (GCC)
- "interix-gcc", "gcc:-D_ALL_SOURCE -DL_ENDIAN -DTERMIOS -O2 -Wall::-D_REENTRANT::-ldl:::::::::::::dlfcn:gnu:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- 
-+# FreeMiNT (GCC)
-+"mint-gcc", "gcc:-O2 -fomit-frame-pointer -DB_ENDIAN -DTERMIOS::-D_REENTRANT:::BN_LLONG:::",
-+
- # Borland C++ 4.5
- "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
- 
---- config
-+++ config
-@@ -348,6 +348,10 @@
- 	echo "i586-pc-interix${VERSION}"; exit 0;
- 	;;
- 
-+	FreeMiNT*)
-+	echo "m68k-atari-mint"; exit 0;
-+	;;
-+
-     MINGW*)
- 	echo "${MACHINE}-whatever-mingw"; exit 0;
- 	;;
-@@ -812,6 +816,7 @@
-   j90-cray-unicos) OUT="cray-j90" ;;
-   nsr-tandem-nsk) OUT="tandem-c89" ;;
-   *-interix*) OUT="interix-gcc" ;;
-+  *-mint*) OUT="mint-gcc" ;;
-   beos-*) OUT="$GUESSOS" ;;
-   x86pc-*-qnx6) OUT="QNX6-i386" ;;
-   *-*-qnx6) OUT="QNX6" ;;

diff --git a/dev-libs/openssl/files/openssl-1.0.0b-rev19998.patch b/dev-libs/openssl/files/openssl-1.0.0b-rev19998.patch
deleted file mode 100644
index d986ae512f..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0b-rev19998.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Index: openssl/ssl/t1_lib.c
-RCS File: /v/openssl/cvs/openssl/ssl/t1_lib.c,v
-rcsdiff -q -kk '-r1.64.2.15' '-r1.64.2.16' -u '/v/openssl/cvs/openssl/ssl/t1_lib.c,v' 2>/dev/null
---- t1_lib.c	2010/11/16 13:26:24	1.64.2.15
-+++ t1_lib.c	2010/11/16 22:41:07	1.64.2.16
-@@ -779,8 +779,8 @@
- 				{
- 				if(s->session->tlsext_ecpointformatlist)
- 					{
--					*al = TLS1_AD_DECODE_ERROR;
--					return 0;
-+					OPENSSL_free(s->session->tlsext_ecpointformatlist);
-+					s->session->tlsext_ecpointformatlist = NULL;
- 					}
- 				s->session->tlsext_ecpointformatlist_length = 0;
- 				if ((s->session->tlsext_ecpointformatlist = OPENSSL_malloc(ecpointformatlist_length)) == NULL)

diff --git a/dev-libs/openssl/files/openssl-1.0.0d-alpha-fix-unalign.patch b/dev-libs/openssl/files/openssl-1.0.0d-alpha-fix-unalign.patch
deleted file mode 100644
index c8fe3301fb..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0d-alpha-fix-unalign.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-fix unaligned access in alpha specific 'OPENSSL_cleanse' function
-
-Debugged with the following simple program:
-    // gcc cleanse_test.c -o ct -lcrypto
-    #include <openssl/crypto.h>
-    int main(void)
-    {
-        char buffer [128];
-        int off;
-        int sz;
-        for (off = 0; off < sizeof (buffer); ++off)
-            for (sz = 0; sz < sizeof (buffer) - off; ++sz)
-                OPENSSL_cleanse (buffer + off, sz);
-        return 0;
-    }
-    $ prctl --unaligned=signal ./cleanse_test
-    Bus error
-
-https://bugs.gentoo.org/show_bug.cgi?id=371561
-http://cvs.openssl.org/chngview?cn=21233
-Reported by Tobias Klausmann <klausman@gentoo.org>
-Fixed by Andy Polyakov <appro@openssl.org>
-diff --git a/crypto/alphacpuid.pl b/crypto/alphacpuid.pl
-index 11f2e30..5b0e21b 100644
---- a/crypto/alphacpuid.pl
-+++ b/crypto/alphacpuid.pl
-@@ -99,19 +99,19 @@ OPENSSL_cleanse:
- 	beq	$0,.Laligned
- 
- .Little:
-+	subq	$0,8,$0
- 	ldq_u	$1,0($16)
- 	mov	$16,$2
- .Lalign:
- 	mskbl	$1,$16,$1
- 	lda	$16,1($16)
- 	subq	$17,1,$17
--	subq	$0,1,$0
-+	addq	$0,1,$0
- 	beq	$17,.Lout
- 	bne	$0,.Lalign
- .Lout:	stq_u	$1,0($2)
- 	beq	$17,.Ldone
- 	bic	$17,7,$at
--	mov	$17,$0
- 	beq	$at,.Little
- 
- .Laligned:
-@@ -120,9 +120,7 @@ OPENSSL_cleanse:
- 	lda	$16,8($16)
- 	bic	$17,7,$at
- 	bne	$at,.Laligned
--	beq	$17,.Ldone
--	mov	$17,$0
--	br	.Little
-+	bne	$17,.Little
- .Ldone: ret	($26)
- .end	OPENSSL_cleanse
- ___

diff --git a/dev-libs/openssl/files/openssl-1.0.0d-alpha-typo.patch b/dev-libs/openssl/files/openssl-1.0.0d-alpha-typo.patch
deleted file mode 100644
index 1d5496daed..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0d-alpha-typo.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-http://bugs.gentoo.org/364699
-
---- crypto/bn/asm/alpha-mont.pl
-+++ crypto/bn/asm/alpha-mont.pl
-@@ -41,7 +41,7 @@ $j="s4";
- $m1="s5";
- 
- $code=<<___;
--#indef __linux__
-+#ifdef __linux__
- #include <asm/regdef.h>
- #else
- #include <asm.h>

diff --git a/dev-libs/openssl/files/openssl-1.0.0d-fbsd-amd64.patch b/dev-libs/openssl/files/openssl-1.0.0d-fbsd-amd64.patch
deleted file mode 100644
index 5b27ce5c33..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0d-fbsd-amd64.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-Taken from http://rt.openssl.org/Ticket/Display.html?id=2440
-
---- crypto/sha/asm/sha512-x86_64.pl	2008-12-19 11:17:28.000000000 +0000
-+++ crypto/sha/asm/sha512-x86_64.pl	2011-01-15 23:33:13.000000000 +0000
-@@ -51,6 +51,7 @@
- ( $xlate="${dir}../../perlasm/x86_64-xlate.pl" and -f $xlate) or
- die "can't locate x86_64-xlate.pl";
- 
-+close STDOUT;
- open STDOUT,"| $^X $xlate $flavour $output";
- 
- if ($output =~ /512/) {

diff --git a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
deleted file mode 100644
index 0b360d2b3b..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-URL: http://rt.openssl.org/Ticket/Display.html?id=2558&user=guest&pass=guest
-Subject: make windres controllable via build env var settings
-
-atm, the windres code in openssl is only usable via the cross-compile prefix 
-option unlike all the other build tools. so add support for the standard $RC 
-/ $WINDRES env vars as well.
-
-Index: Configure
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v
-retrieving revision 1.621.2.40
-diff -u -p -r1.621.2.40 Configure
---- Configure	30 Nov 2010 22:19:26 -0000	1.621.2.40
-+++ Configure	4 Jul 2011 23:12:32 -0000
-@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar
- my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
- my $ar = $ENV{'AR'} || "ar";
- my $arflags = $fields[$idx_arflags];
-+my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
- my $multilib = $fields[$idx_multilib];
- 
- # if $prefix/lib$multilib is not an existing directory, then
-@@ -1511,12 +1512,14 @@ while (<IN>)
- 		s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
- 		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
- 		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
-+		s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/;
- 		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
- 		}
- 	else	{
- 		s/^CC=.*$/CC= $cc/;
- 		s/^AR=\s*ar/AR= $ar/;
- 		s/^RANLIB=.*/RANLIB= $ranlib/;
-+		s/^WINDRES=.*/WINDRES= $windres/;
- 		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
- 		}
- 	s/^CFLAG=.*$/CFLAG= $cflags/;
-Index: Makefile.org
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v
-retrieving revision 1.295.2.10
-diff -u -p -r1.295.2.10 Makefile.org
---- Makefile.org	27 Jan 2010 16:06:58 -0000	1.295.2.10
-+++ Makefile.org	4 Jul 2011 23:13:08 -0000
-@@ -66,6 +66,7 @@ EXE_EXT= 
- ARFLAGS=
- AR=ar $(ARFLAGS) r
- RANLIB= ranlib
-+WINDRES= windres
- NM= nm
- PERL= perl
- TAR= tar
-@@ -180,6 +181,7 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESS
- 		CC='$(CC)' CFLAG='$(CFLAG)' 			\
- 		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
- 		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
-+		WINDRES='$(WINDRES)'				\
- 		CROSS_COMPILE='$(CROSS_COMPILE)'	\
- 		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
- 		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
-Index: Makefile.shared
-===================================================================
-RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v
-retrieving revision 1.72.2.4
-diff -u -p -r1.72.2.4 Makefile.shared
---- Makefile.shared	21 Aug 2010 11:36:49 -0000	1.72.2.4
-+++ Makefile.shared	4 Jul 2011 23:13:52 -0000
-@@ -293,7 +293,7 @@ link_a.cygwin:
- 	fi; \
- 	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
- 	$(PERL) util/mkrc.pl $$dll_name | \
--		$(CROSS_COMPILE)windres -o rc.o; \
-+		$(WINDRES) -o rc.o; \
- 	extras="$$extras rc.o"; \
- 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
- 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \

diff --git a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
deleted file mode 100644
index e1a030f9eb..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
+++ /dev/null
@@ -1,315 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
- 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
- 
--install: all install_docs install_sw
-+install: install_docs install_sw
- 
--install_sw:
-+install_dirs:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+	@$(PERL) $(TOP)/util/mkdir-p.pl \
-+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- 	do \
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; for i in $(LIBS) ;\
- 	do \
- 		if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
- 		done; \
- 	done
- 
--install_docs:
--	@$(PERL) $(TOP)/util/mkdir-p.pl \
--		$(INSTALL_PREFIX)$(MANDIR)/man1 \
--		$(INSTALL_PREFIX)$(MANDIR)/man3 \
--		$(INSTALL_PREFIX)$(MANDIR)/man5 \
--		$(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- 	here="`pwd`"; \
- 	filecase=; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	$(RANLIB) $(LIB) || echo Never mind.
- 
-@@ -110,7 +110,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -345,106 +345,106 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(BUILD_CMD)
-+	+@target=$(SSLTEST); $(BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -457,7 +457,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 

diff --git a/dev-libs/openssl/files/openssl-1.0.0e-pkg-config.patch b/dev-libs/openssl/files/openssl-1.0.0e-pkg-config.patch
deleted file mode 100644
index fcf286c2ec..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0e-pkg-config.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-move internal libraries to ".private" fields so that the default
---libs output matches only what we need
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -325,7 +325,8 @@ libcrypto.pc: Makefile
- 	    echo 'Description: OpenSSL cryptography library'; \
- 	    echo 'Version: '$(VERSION); \
- 	    echo 'Requires: '; \
--	    echo 'Libs: -L$${libdir} -lcrypto $(EX_LIBS)'; \
-+	    echo 'Libs: -L$${libdir} -lcrypto'; \
-+	    echo 'Libs.private: $(EX_LIBS)'; \
- 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libcrypto.pc
- 
- libssl.pc: Makefile
-@@ -334,11 +335,12 @@ libssl.pc: Makefile
- 	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- 	    echo 'includedir=$${prefix}/include'; \
- 	    echo ''; \
--	    echo 'Name: OpenSSL'; \
-+	    echo 'Name: OpenSSL-libssl'; \
- 	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- 	    echo 'Version: '$(VERSION); \
--	    echo 'Requires: '; \
--	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
-+	    echo 'Requires.private: libcrypto'; \
-+	    echo 'Libs: -L$${libdir} -lssl'; \
-+	    echo 'Libs.private: $(EX_LIBS)'; \
- 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
- 
- openssl.pc: Makefile
-@@ -350,9 +352,7 @@ openssl.pc: Makefile
- 	    echo 'Name: OpenSSL'; \
- 	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- 	    echo 'Version: '$(VERSION); \
--	    echo 'Requires: '; \
--	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
--	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-+	    echo 'Requires: libssl libcrypto' ) > openssl.pc
- 
- Makefile: Makefile.org Configure config
- 	@echo "Makefile is older than Makefile.org, Configure or config."

diff --git a/dev-libs/openssl/files/openssl-1.0.0e-x32.patch b/dev-libs/openssl/files/openssl-1.0.0e-x32.patch
deleted file mode 100644
index d73a050ec9..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0e-x32.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721
-
-UpstreamStatus: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.0e/Configure
-===================================================================
---- openssl-1.0.0e.orig/Configure
-+++ openssl-1.0.0e/Configure
-@@ -393,6 +393,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32",	"gcc:-DL_ENDIAN 	-DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### SPARC Linux setups
- # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
-Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
- 
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	adcq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	adcq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	sbbq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	sbbq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-Index: openssl-1.0.0e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/bn.h
-+++ openssl-1.0.0e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
- # endif
- #endif
- 
-+/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */
-Index: openssl-1.0.0e/crypto/bn/bn_exp.c
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.0e/crypto/bn/bn_exp.c
-@@ -561,7 +561,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- 
- /* Given a pointer value, compute the next address that is a cache line multiple. */
- #define MOD_EXP_CTIME_ALIGN(x_) \
--	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- 
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
-  * precomputation memory layout to limit data-dependency to a minimum

diff --git a/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch b/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch
deleted file mode 100644
index 66fd8220c5..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest
-
-depend on other pc files rather than encoding library info directly in
-every pkg-config file
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -335,11 +335,11 @@ libssl.pc: Makefile
- 	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
- 	    echo 'includedir=$${prefix}/include'; \
- 	    echo ''; \
--	    echo 'Name: OpenSSL'; \
-+	    echo 'Name: OpenSSL-libssl'; \
- 	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
- 	    echo 'Version: '$(VERSION); \
--	    echo 'Requires: '; \
--	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-+	    echo 'Requires.private: libcrypto'; \
-+	    echo 'Libs: -L$${libdir} -lssl'; \
- 	    echo 'Libs.private: $(EX_LIBS)'; \
- 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
- 
-@@ -352,10 +353,7 @@ openssl.pc: Makefile
- 	    echo 'Name: OpenSSL'; \
- 	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
- 	    echo 'Version: '$(VERSION); \
--	    echo 'Requires: '; \
--	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
--	    echo 'Libs.private: $(EX_LIBS)'; \
--	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
-+	    echo 'Requires: libssl libcrypto' ) > openssl.pc
- 
- Makefile: Makefile.org Configure config
- 	@echo "Makefile is older than Makefile.org, Configure or config."

diff --git a/dev-libs/openssl/files/openssl-1.0.1-gethostbyname2-solaris.patch b/dev-libs/openssl/files/openssl-1.0.1-gethostbyname2-solaris.patch
deleted file mode 100644
index a65e3c3f7a..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1-gethostbyname2-solaris.patch
+++ /dev/null
@@ -1,17 +0,0 @@
---- apps/s_socket.c
-+++ apps/s_socket.c
-@@ -718,9 +718,14 @@
- 		if (domain == AF_INET)
- 			ret=gethostbyname(name);
- #if OPENSSL_USE_IPV6
-+#if defined (__SVR4) && defined (__sun)
-+		else
-+			ret=getipnodebyname(name, AF_INET6, AI_DEFAULT, NULL);
-+#else
- 		else
- 			ret=gethostbyname2(name, AF_INET6);
- #endif
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)

diff --git a/dev-libs/openssl/files/openssl-1.0.1-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1-ipv6.patch
deleted file mode 100644
index 4955c65d31..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1-ipv6.patch
+++ /dev/null
@@ -1,678 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051
-user/pass: guest/guest
-
-Index: apps/s_apps.h
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v
-retrieving revision 1.21.2.1
-diff -u -r1.21.2.1 s_apps.h
---- apps/s_apps.h	4 Sep 2009 17:42:04 -0000	1.21.2.1
-+++ apps/s_apps.h	28 Dec 2011 00:28:14 -0000
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
- 
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -156,7 +156,7 @@
- int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
- int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
- #endif
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-Index: apps/s_cb.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_cb.c,v
-retrieving revision 1.27.2.8.2.2
-diff -u -r1.27.2.8.2.2 s_cb.c
---- apps/s_cb.c	13 Nov 2011 13:13:13 -0000	1.27.2.8.2.2
-+++ apps/s_cb.c	28 Dec 2011 00:28:14 -0000
-Index: apps/s_client.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v
-retrieving revision 1.123.2.6.2.10
-diff -u -r1.123.2.6.2.10 s_client.c
---- apps/s_client.c	14 Dec 2011 22:18:02 -0000	1.123.2.6.2.10
-+++ apps/s_client.c	28 Dec 2011 00:28:14 -0000
-@@ -285,6 +285,9 @@
- 	{
- 	BIO_printf(bio_err,"usage: s_client args\n");
- 	BIO_printf(bio_err,"\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6             - use IPv6\n");
-+#endif
- 	BIO_printf(bio_err," -host host     - use -connect instead\n");
- 	BIO_printf(bio_err," -port port     - use -connect instead\n");
- 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -564,6 +567,7 @@
- 	int sbuf_len,sbuf_off;
- 	fd_set readfds,writefds;
- 	short port=PORT;
-+	int use_ipv4, use_ipv6;
- 	int full_log=1;
- 	char *host=SSL_HOST_NAME;
- 	char *cert_file=NULL,*key_file=NULL;
-@@ -609,7 +613,11 @@
- #endif
- 	char *sess_in = NULL;
- 	char *sess_out = NULL;
--	struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage peer;
-+#else
-+	struct sockaddr_in peer;
-+#endif
- 	int peerlen = sizeof(peer);
- 	int enable_timeouts = 0 ;
- 	long socket_mtu = 0;
-@@ -630,6 +638,8 @@
- 	meth=SSLv2_client_method();
- #endif
- 
-+	use_ipv4 = 1;
-+	use_ipv6 = 0;
- 	apps_startup();
- 	c_Pause=0;
- 	c_quiet=0;
-@@ -951,6 +961,13 @@
- 			jpake_secret = *++argv;
- 			}
- #endif
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -967,7 +984,7 @@
- 			keymatexportlen=atoi(*(++argv));
- 			if (keymatexportlen == 0) goto bad;
- 			}
--                else
-+		else
- 			{
- 			BIO_printf(bio_err,"unknown option %s\n",*argv);
- 			badop=1;
-@@ -1259,7 +1276,7 @@
- 
- re_start:
- 
--	if (init_client(&s,host,port,socket_type) == 0)
-+	if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- 		{
- 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- 		SHUTDOWN(s);
-@@ -1285,7 +1302,7 @@
- 		{
- 
- 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+		if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- 			{
- 			BIO_printf(bio_err, "getsockname:errno=%d\n",
- 				get_last_socket_error());
-@@ -2036,7 +2061,7 @@
- 	BIO_printf(bio,"Expansion: %s\n",
- 		expansion ? SSL_COMP_get_name(expansion) : "NONE");
- #endif
-- 
-+
- #ifdef SSL_DEBUG
- 	{
- 	/* Print out local port of connection: useful for debugging */
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v
-retrieving revision 1.136.2.15.2.13
-diff -u -r1.136.2.15.2.13 s_server.c
---- apps/s_server.c	27 Dec 2011 14:23:22 -0000	1.136.2.15.2.13
-+++ apps/s_server.c	28 Dec 2011 00:28:14 -0000
-@@ -558,6 +558,10 @@
- # endif
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
- #endif
-+	BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
- 	}
-@@ -943,6 +947,7 @@
- 	int state=0;
- 	const SSL_METHOD *meth=NULL;
- 	int socket_type=SOCK_STREAM;
-+	int use_ipv4, use_ipv6;
- 	ENGINE *e=NULL;
- 	char *inrand=NULL;
- 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -981,6 +986,12 @@
-   /*  #error no SSL version enabled */
- #endif
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	local_argc=argc;
- 	local_argv=argv;
- 
-@@ -1329,6 +1340,18 @@
- 			jpake_secret = *(++argv);
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -1884,9 +1907,9 @@
- 	BIO_printf(bio_s_out,"ACCEPT\n");
- 	(void)BIO_flush(bio_s_out);
- 	if (www)
--		do_server(port,socket_type,&accept_socket,www_body, context);
-+		do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
- 	else
--		do_server(port,socket_type,&accept_socket,sv_body, context);
-+		do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
- 	print_stats(bio_s_out,ctx);
- 	ret=0;
- end:
-Index: apps/s_socket.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v
-retrieving revision 1.43.2.3.2.2
-diff -u -r1.43.2.3.2.2 s_socket.c
---- apps/s_socket.c	2 Dec 2011 14:39:40 -0000	1.43.2.3.2.2
-+++ apps/s_socket.c	28 Dec 2011 00:28:14 -0000
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-@@ -234,38 +234,76 @@
- 	return(1);
- 	}
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- 	{
-+#if OPENSSL_USE_IPV6
-+	unsigned char ip[16];
-+#else
- 	unsigned char ip[4];
-+#endif
- 
--	memset(ip, '\0', sizeof ip);
--	if (!host_ip(host,&(ip[0])))
-+	if (!use_ipv4 && !use_ipv6)
- 		return 0;
--	return init_client_ip(sock,ip,port,type);
--	}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--	{
--	unsigned long addr;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		return 0;
-+#endif
-+	if (use_ipv4)
-+		if (host_ip(host,ip,AF_INET))
-+			return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+	if (use_ipv6)
-+		if (host_ip(host,ip,AF_INET6))
-+			return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+	return 0;
-+	}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+	{
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage them;
-+	struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+	struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- 	struct sockaddr_in them;
-+	struct sockaddr_in *them_in = &them;
-+#endif
-+	socklen_t addr_len;
- 	int s,i;
- 
- 	if (!ssl_sock_init()) return(0);
- 
- 	memset((char *)&them,0,sizeof(them));
--	them.sin_family=AF_INET;
--	them.sin_port=htons((unsigned short)port);
--	addr=(unsigned long)
--		((unsigned long)ip[0]<<24L)|
--		((unsigned long)ip[1]<<16L)|
--		((unsigned long)ip[2]<< 8L)|
--		((unsigned long)ip[3]);
--	them.sin_addr.s_addr=htonl(addr);
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		them_in->sin_family=AF_INET;
-+		them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+		memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+		memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+		}
-+	else
-+#if OPENSSL_USE_IPV6
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		them_in6->sin6_family=AF_INET6;
-+		them_in6->sin6_port=htons((unsigned short)port);
-+		memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+		}
-+#else
-+		return(0);
-+#endif
- 
- 	if (type == SOCK_STREAM)
--		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- 	else /* ( type == SOCK_DGRAM) */
--		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+		s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
- 			
- 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
- 
-@@ -277,29 +315,27 @@
- 		if (i < 0) { perror("keepalive"); return(0); }
- 		}
- #endif
--
--	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+	if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- 		{ closesocket(s); perror("connect"); return(0); }
- 	*sock=s;
- 	return(1);
- 	}
- 
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
- 	{
- 	int sock;
- 	char *name = NULL;
- 	int accept_socket = 0;
- 	int i;
- 
--	if (!init_server(&accept_socket,port,type)) return(0);
--
-+	if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- 	if (ret != NULL)
- 		{
- 		*ret=accept_socket;
- 		/* return(1);*/
- 		}
--  	for (;;)
--  		{
-+	for (;;)
-+		{
- 		if (type==SOCK_STREAM)
- 			{
- 			if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -322,41 +358,88 @@
- 		}
- 	}
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- 	{
- 	int ret=0;
-+	int domain;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage server;
-+	struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+	struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- 	struct sockaddr_in server;
-+	struct sockaddr_in *server_in = &server;
-+#endif
-+	socklen_t addr_len;
- 	int s= -1;
- 
-+	if (!use_ipv4 && !use_ipv6)
-+		goto err;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		goto err;
-+#endif
- 	if (!ssl_sock_init()) return(0);
- 
--	memset((char *)&server,0,sizeof(server));
--	server.sin_family=AF_INET;
--	server.sin_port=htons((unsigned short)port);
--	if (ip == NULL)
--		server.sin_addr.s_addr=INADDR_ANY;
--	else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--		memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+	domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--		memcpy(&server.sin_addr,ip,4);
-+	domain = AF_INET;
- #endif
--	
--		if (type == SOCK_STREAM)
--			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--		else /* type == SOCK_DGRAM */
--			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+	if (type == SOCK_STREAM)
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+	else /* type == SOCK_DGRAM */
-+		s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
- 
- 	if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+	{
-+	int j = 1;
-+	setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+		   (void *) &j, sizeof j);
-+	}
-+#endif
-+#if OPENSSL_USE_IPV6
-+	if ((use_ipv4 == 0) && (use_ipv6 == 1))
- 		{
--		int j = 1;
--		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--			   (void *) &j, sizeof j);
-+		const int on = 1;
-+
-+		setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		           (const void *) &on, sizeof(int));
- 		}
- #endif
--	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		memset(server_in, 0, sizeof(struct sockaddr_in));
-+		server_in->sin_family=AF_INET;
-+		server_in->sin_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+		else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+			memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+			memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+		}
-+#if OPENSSL_USE_IPV6
-+	else
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+		server_in6->sin6_family = AF_INET6;
-+		server_in6->sin6_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in6->sin6_addr = in6addr_any;
-+		else
-+			memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
-+		}
-+#endif
-+	if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- 		{
- #ifndef OPENSSL_SYS_WINDOWS
- 		perror("bind");
-@@ -375,16 +458,23 @@
- 	return(ret);
- 	}
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- 	{
--	return(init_server_long(sock, port, NULL, type));
-+	return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- 	}
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- 	{
- 	int ret;
- 	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage from;
-+	struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+	struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+	struct sockaddr_in from;
-+	struct sockaddr_in *from_in = &from;
-+#endif
- 	int len;
- /*	struct linger ling; */
- 
-@@ -431,13 +521,23 @@
- */
- 
- 	if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+	if (from.ss_family == AF_INET)
-+#else
-+	if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--	/* I should use WSAAsyncGetHostByName() under windows */
--	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--		sizeof(from.sin_addr.s_addr),AF_INET);
-+		/* I should use WSAAsyncGetHostByName() under windows */
-+		h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+		                 sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--	h1=gethostbyaddr((char *)&from.sin_addr,
--		sizeof(struct in_addr),AF_INET);
-+		h1=gethostbyaddr((char *)&from_in->sin_addr,
-+		                 sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+	else
-+		h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+		                 sizeof(struct in6_addr), AF_INET6);
- #endif
- 	if (h1 == NULL)
- 		{
-@@ -454,15 +554,23 @@
- 			}
- 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6
-+		h2=GetHostByName(*host, from.ss_family);
-+#else
-+		h2=GetHostByName(*host, from.sin_family);
-+#endif
- 		if (h2 == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			return(0);
- 			}
--		if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+		if (h2->h_addrtype != from.ss_family)
-+#else
-+		if (h2->h_addrtype != from.sin_family)
-+#endif
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
- 			return(0);
- 			}
- 		}
-@@ -477,7 +585,7 @@
- 	char *h,*p;
- 
- 	h=str;
--	p=strchr(str,':');
-+	p=strrchr(str,':');
- 	if (p == NULL)
- 		{
- 		BIO_printf(bio_err,"no port defined\n");
-@@ -485,7 +593,7 @@
- 		}
- 	*(p++)='\0';
- 
--	if ((ip != NULL) && !host_ip(str,ip))
-+	if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- 		goto err;
- 	if (host_ptr != NULL) *host_ptr=h;
- 
-@@ -496,48 +604,58 @@
- 	return(0);
- 	}
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- 	{
--	unsigned int in[4]; 
-+	unsigned int in[4];
-+	unsigned long l;
- 	int i;
- 
--	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+	if ((domain == AF_INET) &&
-+	    (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- 		{
-+		
- 		for (i=0; i<4; i++)
- 			if (in[i] > 255)
- 				{
- 				BIO_printf(bio_err,"invalid IP address\n");
- 				goto err;
- 				}
--		ip[0]=in[0];
--		ip[1]=in[1];
--		ip[2]=in[2];
--		ip[3]=in[3];
--		}
-+		l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+		memcpy(ip, &l, 4);
-+		return 1;
-+		}
-+#if OPENSSL_USE_IPV6
-+	else if ((domain == AF_INET6) &&
-+	         (inet_pton(AF_INET6, str, ip) == 1))
-+	         return 1;
-+#endif
- 	else
- 		{ /* do a gethostbyname */
- 		struct hostent *he;
- 
- 		if (!ssl_sock_init()) return(0);
- 
--		he=GetHostByName(str);
-+		he=GetHostByName(str,domain);
- 		if (he == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			goto err;
- 			}
- 		/* cast to short because of win16 winsock definition */
--		if ((short)he->h_addrtype != AF_INET)
-+		if ((short)he->h_addrtype != domain)
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- 			return(0);
- 			}
--		ip[0]=he->h_addr_list[0][0];
--		ip[1]=he->h_addr_list[0][1];
--		ip[2]=he->h_addr_list[0][2];
--		ip[3]=he->h_addr_list[0][3];
-+		if (domain == AF_INET)
-+			memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+		else
-+			memset(ip, 0, 16);
-+#endif
-+		memcpy(ip, he->h_addr_list[0], he->h_length);
-+		return 1;
- 		}
--	return(1);
- err:
- 	return(0);
- 	}
-@@ -574,7 +692,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- 	{
- 	struct hostent *ret;
- 	int i,lowi=0;
-@@ -589,14 +707,20 @@
- 			}
- 		if (ghbn_cache[i].order > 0)
- 			{
--			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+			if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+			    (ghbn_cache[i].ent.h_addrtype == domain))
- 				break;
- 			}
- 		}
- 	if (i == GHBN_NUM) /* no hit*/
- 		{
- 		ghbn_miss++;
--		ret=gethostbyname(name);
-+		if (domain == AF_INET)
-+			ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+		else
-+			ret=gethostbyname2(name, AF_INET6);
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)

diff --git a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
deleted file mode 100644
index 19f859abb2..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
+++ /dev/null
@@ -1,354 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
- 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
- 
--install: all install_docs install_sw
-+install: install_docs install_sw
- 
--install_sw:
-+install_dirs:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+	@$(PERL) $(TOP)/util/mkdir-p.pl \
-+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- 	do \
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
- 		done; \
- 	done
- 
--install_docs:
--	@$(PERL) $(TOP)/util/mkdir-p.pl \
--		$(INSTALL_PREFIX)$(MANDIR)/man1 \
--		$(INSTALL_PREFIX)$(MANDIR)/man3 \
--		$(INSTALL_PREFIX)$(MANDIR)/man5 \
--		$(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- 	here="`pwd`"; \
- 	filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO=	\
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +124,7 @@ SYMLINK_SO=	\
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	$(RANLIB) $(LIB) || echo Never mind.
- 
-@@ -110,7 +110,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -365,109 +365,109 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -480,7 +480,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 
---- a/crypto/objects/Makefile
-+++ b/crypto/objects/Makefile
-@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
- 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
--	@sleep 1; touch obj_mac.h; sleep 1
- 
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
- 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
--	@sleep 1; touch obj_xref.h; sleep 1
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

diff --git a/dev-libs/openssl/files/openssl-1.0.1-x32.patch b/dev-libs/openssl/files/openssl-1.0.1-x32.patch
deleted file mode 100644
index 5106cb6e82..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1-x32.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721
-
-UpstreamStatus: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.0e/Configure
-===================================================================
---- openssl-1.0.0e.orig/Configure
-+++ openssl-1.0.0e/Configure
-@@ -393,6 +393,7 @@ my %table=(
- "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32",	"gcc:-DL_ENDIAN 	-DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "dist",		"cc:-O::(unknown)::::::",
- 
- # Basic configs that should work on any (32 and less bit) box
-Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
- 
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	adcq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	adcq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	sbbq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	sbbq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-Index: openssl-1.0.0e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/bn.h
-+++ openssl-1.0.0e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
- # endif
- #endif
- 
-+/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */

diff --git a/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch b/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch
deleted file mode 100644
index 4422a62c42..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1e-bad-mac-aes-ni.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-https://bugs.gentoo.org/463444
-
-From 9ab3ce124616cb12bd39c6aa1e1bde0f46969b29 Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Mon, 18 Mar 2013 19:29:41 +0100
-Subject: [PATCH] e_aes_cbc_hmac_sha1.c: fix rare bad record mac on AES-NI
- plaforms.
-
-PR: 3002
-(cherry picked from commit 5c60046553716fcf160718f59160493194f212dc)
----
- crypto/evp/e_aes_cbc_hmac_sha1.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/evp/e_aes_cbc_hmac_sha1.c b/crypto/evp/e_aes_cbc_hmac_sha1.c
-index 483e04b..fb2c884 100644
---- a/crypto/evp/e_aes_cbc_hmac_sha1.c
-+++ b/crypto/evp/e_aes_cbc_hmac_sha1.c
-@@ -328,10 +328,11 @@ static int aesni_cbc_hmac_sha1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
- 
- 				if (res!=SHA_CBLOCK) continue;
- 
--				mask = 0-((inp_len+8-j)>>(sizeof(j)*8-1));
-+				/* j is not incremented yet */
-+				mask = 0-((inp_len+7-j)>>(sizeof(j)*8-1));
- 				data->u[SHA_LBLOCK-1] |= bitlen&mask;
- 				sha1_block_data_order(&key->md,data,1);
--				mask &= 0-((j-inp_len-73)>>(sizeof(j)*8-1));
-+				mask &= 0-((j-inp_len-72)>>(sizeof(j)*8-1));
- 				pmac->u[0] |= key->md.h0 & mask;
- 				pmac->u[1] |= key->md.h1 & mask;
- 				pmac->u[2] |= key->md.h2 & mask;
--- 
-1.8.2.1
-

diff --git a/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch
deleted file mode 100644
index 521cfb5ed6..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1e-ipv6.patch
+++ /dev/null
@@ -1,656 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051
-user/pass: guest/guest
-
-Index: apps/s_apps.h
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_apps.h,v
-retrieving revision 1.21.2.1
-diff -u -r1.21.2.1 s_apps.h
---- apps/s_apps.h	4 Sep 2009 17:42:04 -0000	1.21.2.1
-+++ apps/s_apps.h	28 Dec 2011 00:28:14 -0000
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
- 
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -156,7 +156,7 @@
- int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
- int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
- #endif
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
-Index: apps/s_client.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_client.c,v
-retrieving revision 1.123.2.6.2.10
-diff -u -r1.123.2.6.2.10 s_client.c
---- apps/s_client.c	14 Dec 2011 22:18:02 -0000	1.123.2.6.2.10
-+++ apps/s_client.c	28 Dec 2011 00:28:14 -0000
-@@ -285,6 +285,10 @@
- 	{
- 	BIO_printf(bio_err,"usage: s_client args\n");
- 	BIO_printf(bio_err,"\n");
-+	BIO_printf(bio_err," -4             - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6             - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -host host     - use -connect instead\n");
- 	BIO_printf(bio_err," -port port     - use -connect instead\n");
- 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -564,6 +567,7 @@
- 	int sbuf_len,sbuf_off;
- 	fd_set readfds,writefds;
- 	short port=PORT;
-+	int use_ipv4, use_ipv6;
- 	int full_log=1;
- 	char *host=SSL_HOST_NAME;
- 	char *cert_file=NULL,*key_file=NULL;
-@@ -609,7 +613,11 @@
- #endif
- 	char *sess_in = NULL;
- 	char *sess_out = NULL;
--	struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage peer;
-+#else
-+	struct sockaddr_in peer;
-+#endif
- 	int peerlen = sizeof(peer);
- 	int enable_timeouts = 0 ;
- 	long socket_mtu = 0;
-@@ -630,6 +638,12 @@
- 	meth=SSLv2_client_method();
- #endif
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	apps_startup();
- 	c_Pause=0;
- 	c_quiet=0;
-@@ -951,6 +961,18 @@
- 			jpake_secret = *++argv;
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- #ifndef OPENSSL_NO_SRTP
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
-@@ -1259,7 +1276,7 @@
- 
- re_start:
- 
--	if (init_client(&s,host,port,socket_type) == 0)
-+	if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- 		{
- 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- 		SHUTDOWN(s);
-@@ -1285,7 +1302,7 @@
- 		{
- 
- 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+		if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- 			{
- 			BIO_printf(bio_err, "getsockname:errno=%d\n",
- 				get_last_socket_error());
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_server.c,v
-retrieving revision 1.136.2.15.2.13
-diff -u -r1.136.2.15.2.13 s_server.c
---- apps/s_server.c	27 Dec 2011 14:23:22 -0000	1.136.2.15.2.13
-+++ apps/s_server.c	28 Dec 2011 00:28:14 -0000
-@@ -558,6 +558,10 @@
- # endif
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list");
- #endif
-+	BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
- 	}
-@@ -943,6 +947,7 @@
- 	int state=0;
- 	const SSL_METHOD *meth=NULL;
- 	int socket_type=SOCK_STREAM;
-+	int use_ipv4, use_ipv6;
- 	ENGINE *e=NULL;
- 	char *inrand=NULL;
- 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -981,6 +986,12 @@
-   /*  #error no SSL version enabled */
- #endif
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	local_argc=argc;
- 	local_argv=argv;
- 
-@@ -1329,6 +1340,18 @@
- 			jpake_secret = *(++argv);
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- #ifndef OPENSSL_NO_SRTP
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
-@@ -1884,9 +1907,9 @@
- 	BIO_printf(bio_s_out,"ACCEPT\n");
- 	(void)BIO_flush(bio_s_out);
- 	if (www)
--		do_server(port,socket_type,&accept_socket,www_body, context);
-+		do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
- 	else
--		do_server(port,socket_type,&accept_socket,sv_body, context);
-+		do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
- 	print_stats(bio_s_out,ctx);
- 	ret=0;
- end:
-Index: apps/s_socket.c
-===================================================================
-RCS file: /v/openssl/cvs/openssl/apps/s_socket.c,v
-retrieving revision 1.43.2.3.2.2
-diff -u -r1.43.2.3.2.2 s_socket.c
---- apps/s_socket.c	2 Dec 2011 14:39:40 -0000	1.43.2.3.2.2
-+++ apps/s_socket.c	28 Dec 2011 00:28:14 -0000
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-@@ -234,38 +234,68 @@
- 	return(1);
- 	}
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- 	{
-+#if OPENSSL_USE_IPV6
-+	unsigned char ip[16];
-+#else
- 	unsigned char ip[4];
-+#endif
- 
--	memset(ip, '\0', sizeof ip);
--	if (!host_ip(host,&(ip[0])))
--		return 0;
--	return init_client_ip(sock,ip,port,type);
--	}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--	{
--	unsigned long addr;
-+	if (use_ipv4)
-+		if (host_ip(host,ip,AF_INET))
-+			return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+	if (use_ipv6)
-+		if (host_ip(host,ip,AF_INET6))
-+			return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+	return 0;
-+	}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+	{
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage them;
-+	struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+	struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- 	struct sockaddr_in them;
-+	struct sockaddr_in *them_in = &them;
-+#endif
-+	socklen_t addr_len;
- 	int s,i;
- 
- 	if (!ssl_sock_init()) return(0);
- 
- 	memset((char *)&them,0,sizeof(them));
--	them.sin_family=AF_INET;
--	them.sin_port=htons((unsigned short)port);
--	addr=(unsigned long)
--		((unsigned long)ip[0]<<24L)|
--		((unsigned long)ip[1]<<16L)|
--		((unsigned long)ip[2]<< 8L)|
--		((unsigned long)ip[3]);
--	them.sin_addr.s_addr=htonl(addr);
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		them_in->sin_family=AF_INET;
-+		them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+		memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+		memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+		}
-+	else
-+#if OPENSSL_USE_IPV6
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		them_in6->sin6_family=AF_INET6;
-+		them_in6->sin6_port=htons((unsigned short)port);
-+		memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+		}
-+#else
-+		return(0);
-+#endif
- 
- 	if (type == SOCK_STREAM)
--		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- 	else /* ( type == SOCK_DGRAM) */
--		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+		s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
- 			
- 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
- 
-@@ -277,29 +315,27 @@
- 		if (i < 0) { perror("keepalive"); return(0); }
- 		}
- #endif
--
--	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+	if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- 		{ closesocket(s); perror("connect"); return(0); }
- 	*sock=s;
- 	return(1);
- 	}
- 
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
- 	{
- 	int sock;
- 	char *name = NULL;
- 	int accept_socket = 0;
- 	int i;
- 
--	if (!init_server(&accept_socket,port,type)) return(0);
--
-+	if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- 	if (ret != NULL)
- 		{
- 		*ret=accept_socket;
- 		/* return(1);*/
- 		}
--  	for (;;)
--  		{
-+	for (;;)
-+		{
- 		if (type==SOCK_STREAM)
- 			{
- 			if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -322,41 +358,88 @@
- 		}
- 	}
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- 	{
- 	int ret=0;
-+	int domain;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage server;
-+	struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+	struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- 	struct sockaddr_in server;
-+	struct sockaddr_in *server_in = &server;
-+#endif
-+	socklen_t addr_len;
- 	int s= -1;
- 
-+	if (!use_ipv4 && !use_ipv6)
-+		goto err;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		goto err;
-+#endif
- 	if (!ssl_sock_init()) return(0);
- 
--	memset((char *)&server,0,sizeof(server));
--	server.sin_family=AF_INET;
--	server.sin_port=htons((unsigned short)port);
--	if (ip == NULL)
--		server.sin_addr.s_addr=INADDR_ANY;
--	else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--		memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+	domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--		memcpy(&server.sin_addr,ip,4);
-+	domain = AF_INET;
- #endif
--	
--		if (type == SOCK_STREAM)
--			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--		else /* type == SOCK_DGRAM */
--			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+	if (type == SOCK_STREAM)
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+	else /* type == SOCK_DGRAM */
-+		s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
- 
- 	if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+	{
-+	int j = 1;
-+	setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+		   (void *) &j, sizeof j);
-+	}
-+#endif
-+#if OPENSSL_USE_IPV6
-+	if ((use_ipv4 == 0) && (use_ipv6 == 1))
- 		{
--		int j = 1;
--		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--			   (void *) &j, sizeof j);
-+		const int on = 1;
-+
-+		setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		           (const void *) &on, sizeof(int));
- 		}
- #endif
--	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		memset(server_in, 0, sizeof(struct sockaddr_in));
-+		server_in->sin_family=AF_INET;
-+		server_in->sin_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+		else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+			memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+			memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+		}
-+#if OPENSSL_USE_IPV6
-+	else
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+		server_in6->sin6_family = AF_INET6;
-+		server_in6->sin6_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in6->sin6_addr = in6addr_any;
-+		else
-+			memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
-+		}
-+#endif
-+	if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- 		{
- #ifndef OPENSSL_SYS_WINDOWS
- 		perror("bind");
-@@ -375,16 +458,23 @@
- 	return(ret);
- 	}
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- 	{
--	return(init_server_long(sock, port, NULL, type));
-+	return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- 	}
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- 	{
- 	int ret;
- 	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage from;
-+	struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+	struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+	struct sockaddr_in from;
-+	struct sockaddr_in *from_in = &from;
-+#endif
- 	int len;
- /*	struct linger ling; */
- 
-@@ -431,13 +521,23 @@
- */
- 
- 	if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+	if (from.ss_family == AF_INET)
-+#else
-+	if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--	/* I should use WSAAsyncGetHostByName() under windows */
--	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--		sizeof(from.sin_addr.s_addr),AF_INET);
-+		/* I should use WSAAsyncGetHostByName() under windows */
-+		h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+		                 sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--	h1=gethostbyaddr((char *)&from.sin_addr,
--		sizeof(struct in_addr),AF_INET);
-+		h1=gethostbyaddr((char *)&from_in->sin_addr,
-+		                 sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+	else
-+		h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+		                 sizeof(struct in6_addr), AF_INET6);
- #endif
- 	if (h1 == NULL)
- 		{
-@@ -454,15 +554,23 @@
- 			}
- 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6
-+		h2=GetHostByName(*host, from.ss_family);
-+#else
-+		h2=GetHostByName(*host, from.sin_family);
-+#endif
- 		if (h2 == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			return(0);
- 			}
--		if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+		if (h2->h_addrtype != from.ss_family)
-+#else
-+		if (h2->h_addrtype != from.sin_family)
-+#endif
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
- 			return(0);
- 			}
- 		}
-@@ -477,7 +585,7 @@
- 	char *h,*p;
- 
- 	h=str;
--	p=strchr(str,':');
-+	p=strrchr(str,':');
- 	if (p == NULL)
- 		{
- 		BIO_printf(bio_err,"no port defined\n");
-@@ -485,7 +593,7 @@
- 		}
- 	*(p++)='\0';
- 
--	if ((ip != NULL) && !host_ip(str,ip))
-+	if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- 		goto err;
- 	if (host_ptr != NULL) *host_ptr=h;
- 
-@@ -496,48 +604,58 @@
- 	return(0);
- 	}
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- 	{
--	unsigned int in[4]; 
-+	unsigned int in[4];
-+	unsigned long l;
- 	int i;
- 
--	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+	if ((domain == AF_INET) &&
-+	    (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- 		{
-+		
- 		for (i=0; i<4; i++)
- 			if (in[i] > 255)
- 				{
- 				BIO_printf(bio_err,"invalid IP address\n");
- 				goto err;
- 				}
--		ip[0]=in[0];
--		ip[1]=in[1];
--		ip[2]=in[2];
--		ip[3]=in[3];
--		}
-+		l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+		memcpy(ip, &l, 4);
-+		return 1;
-+		}
-+#if OPENSSL_USE_IPV6
-+	else if ((domain == AF_INET6) &&
-+	         (inet_pton(AF_INET6, str, ip) == 1))
-+	         return 1;
-+#endif
- 	else
- 		{ /* do a gethostbyname */
- 		struct hostent *he;
- 
- 		if (!ssl_sock_init()) return(0);
- 
--		he=GetHostByName(str);
-+		he=GetHostByName(str,domain);
- 		if (he == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			goto err;
- 			}
- 		/* cast to short because of win16 winsock definition */
--		if ((short)he->h_addrtype != AF_INET)
-+		if ((short)he->h_addrtype != domain)
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- 			return(0);
- 			}
--		ip[0]=he->h_addr_list[0][0];
--		ip[1]=he->h_addr_list[0][1];
--		ip[2]=he->h_addr_list[0][2];
--		ip[3]=he->h_addr_list[0][3];
-+		if (domain == AF_INET)
-+			memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+		else
-+			memset(ip, 0, 16);
-+#endif
-+		memcpy(ip, he->h_addr_list[0], he->h_length);
-+		return 1;
- 		}
--	return(1);
- err:
- 	return(0);
- 	}
-@@ -574,7 +692,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- 	{
- 	struct hostent *ret;
- 	int i,lowi=0;
-@@ -589,14 +707,20 @@
- 			}
- 		if (ghbn_cache[i].order > 0)
- 			{
--			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+			if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+			    (ghbn_cache[i].ent.h_addrtype == domain))
- 				break;
- 			}
- 		}
- 	if (i == GHBN_NUM) /* no hit*/
- 		{
- 		ghbn_miss++;
--		ret=gethostbyname(name);
-+		if (domain == AF_INET)
-+			ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+		else
-+			ret=gethostbyname2(name, AF_INET6);
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)

diff --git a/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch b/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch
deleted file mode 100644
index 6427c53599..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1e-perl-5.18.patch
+++ /dev/null
@@ -1,375 +0,0 @@
-https://bugs.gentoo.org/483820
-
-Submitted By: Martin Ward <macros_the_black at ntlworld dot com>
-Date: 2013-06-18
-Initial Package Version: 1.0.1e
-Upstream Status: Unknown
-Origin: self, based on fedora
-Description: Fixes install with perl-5.18.
-
---- openssl-1.0.1e.orig/doc/apps/cms.pod
-+++ openssl-1.0.1e/doc/apps/cms.pod
-@@ -450,28 +450,28 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item C<1>
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item C<2>
- 
- one of the input files could not be read.
- 
--=item 3
-+=item C<3>
- 
- an error occurred creating the CMS file or when reading the MIME
- message.
- 
--=item 4
-+=item C<4>
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item C<5>
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
---- openssl-1.0.1e.orig/doc/apps/smime.pod
-+++ openssl-1.0.1e/doc/apps/smime.pod
-@@ -308,28 +308,28 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item C<1>
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item C<2>
- 
- one of the input files could not be read.
- 
--=item 3
-+=item C<3>
- 
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
- 
--=item 4
-+=item C<4>
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item C<5>
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
---- openssl-1.0.1e.orig/doc/crypto/X509_STORE_CTX_get_error.pod
-+++ openssl-1.0.1e/doc/crypto/X509_STORE_CTX_get_error.pod
-@@ -278,6 +278,8 @@
- an application specific error. This will never be returned unless explicitly
- set by an application.
- 
-+=back
-+
- =head1 NOTES
- 
- The above functions should be used instead of directly referencing the fields
---- openssl-1.0.1e.orig/doc/ssl/SSL_accept.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_accept.pod
-@@ -44,12 +44,12 @@
- 
- =over 4
- 
--=item 1
-+=item C<1>
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
- 
--=item 0
-+=item C<0>
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
---- openssl-1.0.1e.orig/doc/ssl/SSL_clear.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_clear.pod
-@@ -56,12 +56,12 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The SSL_clear() operation was successful.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_COMP_add_compression_method.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_COMP_add_compression_method.pod
-@@ -53,11 +53,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation succeeded.
- 
--=item 1
-+=item C<1>
- 
- The operation failed. Check the error queue to find out the reason.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_connect.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_connect.pod
-@@ -41,12 +41,12 @@
- 
- =over 4
- 
--=item 1
-+=item C<1>
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
- 
--=item 0
-+=item C<0>
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_add_session.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_add_session.pod
-@@ -52,13 +52,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
-  The operation failed. In case of the add operation, it was tried to add
-  the same (identical) session twice. In case of the remove operation, the
-  session was not found in the cache.
- 
--=item 1
-+=item C<1>
-  
-  The operation succeeded.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_load_verify_locations.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_load_verify_locations.pod
-@@ -100,13 +100,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_client_CA_list.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_client_CA_list.pod
-@@ -66,11 +66,11 @@
- 
- =over 4
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
--=item 0
-+=item C<0>
- 
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_session_id_context.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_session_id_context.pod
-@@ -64,13 +64,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_set_ssl_version.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_set_ssl_version.pod
-@@ -42,11 +42,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The new choice failed, check the error stack to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-@@ -81,6 +81,8 @@
- 
- Return values from the server callback are interpreted as follows:
- 
-+=over
-+
- =item > 0
- 
- PSK identity was found and the server callback has provided the PSK
-@@ -94,9 +96,11 @@
- connection will fail with decryption_error before it will be finished
- completely.
- 
--=item 0
-+=item C<0>
- 
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
- 
-+=back
-+
- =cut
---- openssl-1.0.1e.orig/doc/ssl/SSL_do_handshake.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_do_handshake.pod
-@@ -45,12 +45,12 @@
- 
- =over 4
- 
--=item 1
-+=item C<1>
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
- 
--=item 0
-+=item C<0>
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
---- openssl-1.0.1e.orig/doc/ssl/SSL_read.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_read.pod
-@@ -86,7 +86,7 @@
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
- 
--=item 0
-+=item C<0>
- 
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
---- openssl-1.0.1e.orig/doc/ssl/SSL_session_reused.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_session_reused.pod
-@@ -27,11 +27,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- A new session was negotiated.
- 
--=item 1
-+=item C<1>
- 
- A session was reused.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_fd.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_set_fd.pod
-@@ -35,11 +35,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation failed. Check the error stack to find out why.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_set_session.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_set_session.pod
-@@ -37,11 +37,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation failed; check the error stack to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1e.orig/doc/ssl/SSL_shutdown.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_shutdown.pod
-@@ -92,12 +92,12 @@
- 
- =over 4
- 
--=item 1
-+=item C<1>
- 
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
- 
--=item 0
-+=item C<0>
- 
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
---- openssl-1.0.1e.orig/doc/ssl/SSL_write.pod
-+++ openssl-1.0.1e/doc/ssl/SSL_write.pod
-@@ -79,7 +79,7 @@
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
- 
--=item 0
-+=item C<0>
- 
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,

diff --git a/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch b/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch
deleted file mode 100644
index 8c414a42ee..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1e-rdrand-explicit.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-https://chromium-review.googlesource.com/181001
-
-From 8a1956f3eac8b164f8c741ff1a259008bab3bac1 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Wed, 11 Dec 2013 14:45:12 +0000
-Subject: [PATCH] Don't use rdrand engine as default unless explicitly
- requested. (cherry picked from commit
- 16898401bd47a153fbf799127ff57fdcfcbd324f)
-
----
- crypto/engine/eng_rdrand.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
-index a9ba5ae..4e9e91d 100644
---- a/crypto/engine/eng_rdrand.c
-+++ b/crypto/engine/eng_rdrand.c
-@@ -104,6 +104,7 @@ static int bind_helper(ENGINE *e)
- 	{
- 	if (!ENGINE_set_id(e, engine_e_rdrand_id) ||
- 	    !ENGINE_set_name(e, engine_e_rdrand_name) ||
-+            !ENGINE_set_flags(e, ENGINE_FLAGS_NO_REGISTER_ALL) ||
- 	    !ENGINE_set_init_function(e, rdrand_init) ||
- 	    !ENGINE_set_RAND(e, &rdrand_meth) )
- 		return 0;
--- 
-1.8.4.3
-

diff --git a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
deleted file mode 100644
index 03e4f59989..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-https://bugs.gentoo.org/472584
-http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
-
-fix verification handling in s_client.  when loading paths, make sure
-we properly fallback to setting the default paths.
-
---- a/apps/s_client.c
-+++ b/apps/s_client.c
-@@ -899,7 +899,7 @@
- 	if (!set_cert_key_stuff(ctx,cert,key))
- 		goto end;
- 
--	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
-+	if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) &&
- 		(!SSL_CTX_set_default_verify_paths(ctx)))
- 		{
- 		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
-

diff --git a/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch b/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch
deleted file mode 100644
index 034da7d414..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1e-tls-ver-crash.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-https://bugs.gentoo.org/494816
-https://bugzilla.redhat.com/show_bug.cgi?id=1045363
-http://rt.openssl.org/Ticket/Display.html?id=3200&user=guest&pass=guest
-
-From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Thu, 19 Dec 2013 14:37:39 +0000
-Subject: [PATCH] Use version in SSL_METHOD not SSL structure.
-
-When deciding whether to use TLS 1.2 PRF and record hash algorithms
-use the version number in the corresponding SSL_METHOD structure
-instead of the SSL structure. The SSL structure version is sometimes
-inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already.
-(CVE-2013-6449)
----
- ssl/s3_lib.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
-index bf832bb..c4ef273 100644
---- a/ssl/s3_lib.c
-+++ b/ssl/s3_lib.c
-@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT.
- long ssl_get_algorithm2(SSL *s)
- 	{
- 	long alg2 = s->s3->tmp.new_cipher->algorithm2;
--	if (TLS1_get_version(s) >= TLS1_2_VERSION &&
-+	if (s->method->version == TLS1_2_VERSION &&
- 	    alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF))
- 		return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256;
- 	return alg2;
--- 
-1.8.4.3
-

diff --git a/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch b/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch
deleted file mode 100644
index c662096377..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1f-perl-5.18.patch
+++ /dev/null
@@ -1,356 +0,0 @@
-Forward-ported from openssl-1.0.1e-perl-5.18.patch
-Fixes install with perl-5.18.
-
-https://bugs.gentoo.org/show_bug.cgi?id=497286
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-
---- openssl-1.0.1f/doc/apps/cms.pod
-+++ openssl-1.0.1f/doc/apps/cms.pod
-@@ -450,28 +450,28 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item C<1>
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item C<2>
- 
- one of the input files could not be read.
- 
--=item 3
-+=item C<3>
- 
- an error occurred creating the CMS file or when reading the MIME
- message.
- 
--=item 4
-+=item C<4>
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item C<5>
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
---- openssl-1.0.1f/doc/apps/smime.pod
-+++ openssl-1.0.1f/doc/apps/smime.pod
-@@ -308,28 +308,28 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- the operation was completely successfully.
- 
--=item 1 
-+=item C<1>
- 
- an error occurred parsing the command options.
- 
--=item 2
-+=item C<2>
- 
- one of the input files could not be read.
- 
--=item 3
-+=item C<3>
- 
- an error occurred creating the PKCS#7 file or when reading the MIME
- message.
- 
--=item 4
-+=item C<4>
- 
- an error occurred decrypting or verifying the message.
- 
--=item 5
-+=item C<5>
- 
- the message was verified correctly but an error occurred writing out
- the signers certificates.
---- openssl-1.0.1f/doc/ssl/SSL_accept.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_accept.pod
-@@ -44,13 +44,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
---- openssl-1.0.1f/doc/ssl/SSL_clear.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_clear.pod
-@@ -56,12 +56,12 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The SSL_clear() operation could not be performed. Check the error stack to
- find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The SSL_clear() operation was successful.
- 
---- openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_COMP_add_compression_method.pod
-@@ -53,11 +53,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation succeeded.
- 
--=item 1
-+=item C<1>
- 
- The operation failed. Check the error queue to find out the reason.
- 
---- openssl-1.0.1f/doc/ssl/SSL_connect.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_connect.pod
-@@ -41,13 +41,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
---- openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_add_session.pod
-@@ -52,13 +52,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
-  The operation failed. In case of the add operation, it was tried to add
-  the same (identical) session twice. In case of the remove operation, the
-  session was not found in the cache.
- 
--=item 1
-+=item C<1>
-  
-  The operation succeeded.
- 
---- openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_load_verify_locations.pod
-@@ -100,13 +100,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation failed because B<CAfile> and B<CApath> are NULL or the
- processing at one of the locations specified failed. Check the error
- stack to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_client_CA_list.pod
-@@ -66,13 +66,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- A failure while manipulating the STACK_OF(X509_NAME) object occurred or
- the X509_NAME could not be extracted from B<cacert>. Check the error stack
- to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_session_id_context.pod
-@@ -64,13 +64,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The length B<sid_ctx_len> of the session id context B<sid_ctx> exceeded
- the maximum allowed length of B<SSL_MAX_SSL_SESSION_ID_LENGTH>. The error
- is logged to the error stack.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_set_ssl_version.pod
-@@ -42,11 +42,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The new choice failed, check the error stack to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_CTX_use_psk_identity_hint.pod
-@@ -96,7 +96,7 @@
- connection will fail with decryption_error before it will be finished
- completely.
- 
--=item 0
-+=item C<0>
- 
- PSK identity was not found. An "unknown_psk_identity" alert message
- will be sent and the connection setup fails.
---- openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_do_handshake.pod
-@@ -45,13 +45,13 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The TLS/SSL handshake was not successful but was shut down controlled and
- by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
- return value B<ret> to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
- established.
---- openssl-1.0.1f/doc/ssl/SSL_read.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_read.pod
-@@ -86,7 +86,7 @@
- The read operation was successful; the return value is the number of
- bytes actually read from the TLS/SSL connection.
- 
--=item 0
-+=item C<0>
- 
- The read operation was not successful. The reason may either be a clean
- shutdown due to a "close notify" alert sent by the peer (in which case
---- openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_session_reused.pod
-@@ -27,11 +27,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- A new session was negotiated.
- 
--=item 1
-+=item C<1>
- 
- A session was reused.
- 
---- openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_set_fd.pod
-@@ -35,11 +35,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation failed. Check the error stack to find out why.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1f/doc/ssl/SSL_set_session.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_set_session.pod
-@@ -37,11 +37,11 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The operation failed; check the error stack to find out the reason.
- 
--=item 1
-+=item C<1>
- 
- The operation succeeded.
- 
---- openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_shutdown.pod
-@@ -92,14 +92,14 @@
- 
- =over 4
- 
--=item 0
-+=item C<0>
- 
- The shutdown is not yet finished. Call SSL_shutdown() for a second time,
- if a bidirectional shutdown shall be performed.
- The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
- erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
- 
--=item 1
-+=item C<1>
- 
- The shutdown was successfully completed. The "close notify" alert was sent
- and the peer's "close notify" alert was received.
---- openssl-1.0.1f/doc/ssl/SSL_write.pod
-+++ openssl-1.0.1f/doc/ssl/SSL_write.pod
-@@ -79,7 +79,7 @@
- The write operation was successful, the return value is the number of
- bytes actually written to the TLS/SSL connection.
- 
--=item 0
-+=item C<0>
- 
- The write operation was not successful. Probably the underlying connection
- was closed. Call SSL_get_error() with the return value B<ret> to find out,

diff --git a/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch b/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch
deleted file mode 100644
index 1a942d27eb..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-https://bugs.gentoo.org/499086
-https://rt.openssl.org/Ticket/Display.html?id=3333&user=guest&pass=guest
-
-when gcc is given a .s file and told to preprocess it, it outputs nothing
-
-From a2976461784ce463fc7f336cd0dce607d21c2fad Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 25 Jan 2014 05:44:47 -0500
-Subject: [PATCH] Revert "Make Makefiles OSF-make-friendly."
-
-This reverts commit d1cf23ac86c05b22b8780e2c03b67230564d2d34.
----
- crypto/Makefile       | 4 +---
- crypto/bn/Makefile    | 4 +---
- crypto/evp/Makefile   | 2 +-
- crypto/modes/Makefile | 5 +----
- crypto/sha/Makefile   | 4 +---
- util/shlib_wrap.sh    | 6 +-----
- 6 files changed, 6 insertions(+), 19 deletions(-)
-
-diff --git a/crypto/Makefile b/crypto/Makefile
-index b253f50..1de9d5f 100644
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -86,9 +86,7 @@ ia64cpuid.s:	ia64cpuid.S;	$(CC) $(CFLAGS) -E ia64cpuid.S > $@
- ppccpuid.s:	ppccpuid.pl;	$(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
- pariscid.s:	pariscid.pl;	$(PERL) pariscid.pl $(PERLASM_SCHEME) $@
- alphacpuid.s:	alphacpuid.pl
--	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
--	$(PERL) alphacpuid.pl > $$preproc && \
--	$(CC) -E $$preproc > $@ && rm $$preproc)
-+	$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
- 
- subdirs:
- 	@target=all; $(RECURSIVE_MAKE)
-diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile
-index b62b676..6c03363 100644
---- a/crypto/bn/Makefile
-+++ b/crypto/bn/Makefile
-@@ -136,9 +136,7 @@ ppc-mont.s:	asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
- ppc64-mont.s:	asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
- 
- alpha-mont.s:	asm/alpha-mont.pl
--	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
--	$(PERL) asm/alpha-mont.pl > $$preproc && \
--	$(CC) -E $$preproc > $@ && rm $$preproc)
-+	$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
- 
- # GNU make "catch all"
- %-mont.S:	asm/%-mont.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
-diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile
-index ce0dcd6..88ac65e 100644
---- a/crypto/modes/Makefile
-+++ b/crypto/modes/Makefile
-@@ -55,10 +55,7 @@ aesni-gcm-x86_64.s:	asm/aesni-gcm-x86_64.pl
- ghash-sparcv9.s:	asm/ghash-sparcv9.pl
- 	$(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
- ghash-alpha.s:	asm/ghash-alpha.pl
--	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
--	$(PERL) asm/ghash-alpha.pl > $$preproc && \
--	$(CC) -E $$preproc > $@ && rm $$preproc)
--
-+	$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
- ghash-parisc.s:	asm/ghash-parisc.pl
- 	$(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
- 
-diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile
-index 64eab6c..63fba69 100644
---- a/crypto/sha/Makefile
-+++ b/crypto/sha/Makefile
-@@ -60,9 +60,7 @@ sha256-armv4.S: asm/sha256-armv4.pl
- 	$(PERL) $< $(PERLASM_SCHEME) $@
- 
- sha1-alpha.s:	asm/sha1-alpha.pl
--	(preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
--	$(PERL) asm/sha1-alpha.pl > $$preproc && \
--	$(CC) -E $$preproc > $@ && rm $$preproc)
-+	$(PERL) $< | $(CC) -E - | tee $@ > /dev/null
- 
- # Solaris make has to be explicitly told
- sha1-x86_64.s:	asm/sha1-x86_64.pl;	$(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
--- 
-1.8.5.3
-

diff --git a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
deleted file mode 100644
index 10c1ba222f..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
+++ /dev/null
@@ -1,642 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-
-Forward ported from openssl-1.0.1e-ipv6.patch
-
-Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
-
---- openssl-1.0.1h/apps/s_apps.h
-+++ openssl-1.0.1h/apps/s_apps.h
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
- 
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -156,7 +156,7 @@
- int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
- int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
- #endif
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
---- openssl-1.0.1h/apps/s_client.c
-+++ openssl-1.0.1h/apps/s_client.c
-@@ -285,6 +285,10 @@
- 	{
- 	BIO_printf(bio_err,"usage: s_client args\n");
- 	BIO_printf(bio_err,"\n");
-+	BIO_printf(bio_err," -4             - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6             - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -host host     - use -connect instead\n");
- 	BIO_printf(bio_err," -port port     - use -connect instead\n");
- 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -568,6 +572,7 @@
- 	int sbuf_len,sbuf_off;
- 	fd_set readfds,writefds;
- 	short port=PORT;
-+	int use_ipv4, use_ipv6;
- 	int full_log=1;
- 	char *host=SSL_HOST_NAME;
- 	char *cert_file=NULL,*key_file=NULL;
-@@ -613,7 +618,11 @@
- #endif
- 	char *sess_in = NULL;
- 	char *sess_out = NULL;
--	struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage peer;
-+#else
-+	struct sockaddr_in peer;
-+#endif
- 	int peerlen = sizeof(peer);
- 	int enable_timeouts = 0 ;
- 	long socket_mtu = 0;
-@@ -628,6 +637,12 @@
- 
- 	meth=SSLv23_client_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	apps_startup();
- 	c_Pause=0;
- 	c_quiet=0;
-@@ -949,6 +964,18 @@
- 			jpake_secret = *++argv;
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- #ifndef OPENSSL_NO_SRTP
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
-@@ -1260,7 +1287,7 @@
- 
- re_start:
- 
--	if (init_client(&s,host,port,socket_type) == 0)
-+	if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- 		{
- 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- 		SHUTDOWN(s);
-@@ -1286,7 +1313,7 @@
- 		{
- 
- 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+		if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- 			{
- 			BIO_printf(bio_err, "getsockname:errno=%d\n",
- 				get_last_socket_error());
---- openssl-1.0.1h/apps/s_server.c
-+++ openssl-1.0.1h/apps/s_server.c
-@@ -560,6 +560,10 @@
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
- # endif
- #endif
-+	BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
- 	}
-@@ -947,6 +951,7 @@
- 	int state=0;
- 	const SSL_METHOD *meth=NULL;
- 	int socket_type=SOCK_STREAM;
-+	int use_ipv4, use_ipv6;
- 	ENGINE *e=NULL;
- 	char *inrand=NULL;
- 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -975,6 +980,12 @@
- #endif
- 	meth=SSLv23_server_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	local_argc=argc;
- 	local_argv=argv;
- 
-@@ -1323,6 +1334,18 @@
- 			jpake_secret = *(++argv);
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- #ifndef OPENSSL_NO_SRTP
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
-@@ -1881,9 +1904,9 @@
- 	BIO_printf(bio_s_out,"ACCEPT\n");
- 	(void)BIO_flush(bio_s_out);
- 	if (www)
--		do_server(port,socket_type,&accept_socket,www_body, context);
-+		do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
- 	else
--		do_server(port,socket_type,&accept_socket,sv_body, context);
-+		do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
- 	print_stats(bio_s_out,ctx);
- 	ret=0;
- end:
---- openssl-1.0.1h/apps/s_socket.c
-+++ openssl-1.0.1h/apps/s_socket.c
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-@@ -234,38 +234,68 @@
- 	return(1);
- 	}
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- 	{
-+#if OPENSSL_USE_IPV6
-+	unsigned char ip[16];
-+#else
- 	unsigned char ip[4];
-+#endif
- 
--	memset(ip, '\0', sizeof ip);
--	if (!host_ip(host,&(ip[0])))
--		return 0;
--	return init_client_ip(sock,ip,port,type);
--	}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--	{
--	unsigned long addr;
-+	if (use_ipv4)
-+		if (host_ip(host,ip,AF_INET))
-+			return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+	if (use_ipv6)
-+		if (host_ip(host,ip,AF_INET6))
-+			return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+	return 0;
-+	}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+	{
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage them;
-+	struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+	struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- 	struct sockaddr_in them;
-+	struct sockaddr_in *them_in = &them;
-+#endif
-+	socklen_t addr_len;
- 	int s,i;
- 
- 	if (!ssl_sock_init()) return(0);
- 
- 	memset((char *)&them,0,sizeof(them));
--	them.sin_family=AF_INET;
--	them.sin_port=htons((unsigned short)port);
--	addr=(unsigned long)
--		((unsigned long)ip[0]<<24L)|
--		((unsigned long)ip[1]<<16L)|
--		((unsigned long)ip[2]<< 8L)|
--		((unsigned long)ip[3]);
--	them.sin_addr.s_addr=htonl(addr);
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		them_in->sin_family=AF_INET;
-+		them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+		memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+		memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+		}
-+	else
-+#if OPENSSL_USE_IPV6
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		them_in6->sin6_family=AF_INET6;
-+		them_in6->sin6_port=htons((unsigned short)port);
-+		memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+		}
-+#else
-+		return(0);
-+#endif
- 
- 	if (type == SOCK_STREAM)
--		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- 	else /* ( type == SOCK_DGRAM) */
--		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+		s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
- 			
- 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
- 
-@@ -277,29 +307,27 @@
- 		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
- 		}
- #endif
--
--	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+	if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- 		{ closesocket(s); perror("connect"); return(0); }
- 	*sock=s;
- 	return(1);
- 	}
- 
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
- 	{
- 	int sock;
- 	char *name = NULL;
- 	int accept_socket = 0;
- 	int i;
- 
--	if (!init_server(&accept_socket,port,type)) return(0);
--
-+	if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- 	if (ret != NULL)
- 		{
- 		*ret=accept_socket;
- 		/* return(1);*/
- 		}
--  	for (;;)
--  		{
-+	for (;;)
-+		{
- 		if (type==SOCK_STREAM)
- 			{
- 			if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -322,41 +350,88 @@
- 		}
- 	}
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- 	{
- 	int ret=0;
-+	int domain;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage server;
-+	struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+	struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- 	struct sockaddr_in server;
-+	struct sockaddr_in *server_in = &server;
-+#endif
-+	socklen_t addr_len;
- 	int s= -1;
- 
-+	if (!use_ipv4 && !use_ipv6)
-+		goto err;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		goto err;
-+#endif
- 	if (!ssl_sock_init()) return(0);
- 
--	memset((char *)&server,0,sizeof(server));
--	server.sin_family=AF_INET;
--	server.sin_port=htons((unsigned short)port);
--	if (ip == NULL)
--		server.sin_addr.s_addr=INADDR_ANY;
--	else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--		memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+	domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--		memcpy(&server.sin_addr,ip,4);
-+	domain = AF_INET;
- #endif
--	
--		if (type == SOCK_STREAM)
--			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--		else /* type == SOCK_DGRAM */
--			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+	if (type == SOCK_STREAM)
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+	else /* type == SOCK_DGRAM */
-+		s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
- 
- 	if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+	{
-+	int j = 1;
-+	setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+		   (void *) &j, sizeof j);
-+	}
-+#endif
-+#if OPENSSL_USE_IPV6
-+	if ((use_ipv4 == 0) && (use_ipv6 == 1))
-+		{
-+		const int on = 1;
-+
-+		setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		           (const void *) &on, sizeof(int));
-+		}
-+#endif
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		memset(server_in, 0, sizeof(struct sockaddr_in));
-+		server_in->sin_family=AF_INET;
-+		server_in->sin_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+		else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+			memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+			memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+		}
-+#if OPENSSL_USE_IPV6
-+	else
- 		{
--		int j = 1;
--		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--			   (void *) &j, sizeof j);
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+		server_in6->sin6_family = AF_INET6;
-+		server_in6->sin6_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in6->sin6_addr = in6addr_any;
-+		else
-+			memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
- 		}
- #endif
--	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+	if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- 		{
- #ifndef OPENSSL_SYS_WINDOWS
- 		perror("bind");
-@@ -375,16 +450,23 @@
- 	return(ret);
- 	}
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- 	{
--	return(init_server_long(sock, port, NULL, type));
-+	return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- 	}
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- 	{
- 	int ret;
- 	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage from;
-+	struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+	struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+	struct sockaddr_in from;
-+	struct sockaddr_in *from_in = &from;
-+#endif
- 	int len;
- /*	struct linger ling; */
- 
-@@ -431,13 +513,23 @@
- */
- 
- 	if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+	if (from.ss_family == AF_INET)
-+#else
-+	if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--	/* I should use WSAAsyncGetHostByName() under windows */
--	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--		sizeof(from.sin_addr.s_addr),AF_INET);
-+		/* I should use WSAAsyncGetHostByName() under windows */
-+		h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+		                 sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--	h1=gethostbyaddr((char *)&from.sin_addr,
--		sizeof(struct in_addr),AF_INET);
-+		h1=gethostbyaddr((char *)&from_in->sin_addr,
-+		                 sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+	else
-+		h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+		                 sizeof(struct in6_addr), AF_INET6);
- #endif
- 	if (h1 == NULL)
- 		{
-@@ -455,16 +547,25 @@
- 			}
- 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6		
-+		h2=GetHostByName(*host, from.ss_family);
-+#else
-+		h2=GetHostByName(*host, from.sin_family);
-+#endif
-+
- 		if (h2 == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			closesocket(ret);
- 			return(0);
- 			}
--		if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+		if (h2->h_addrtype != from.ss_family)
-+#else
-+		if (h2->h_addrtype != from.sin_family)
-+#endif
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
- 			closesocket(ret);
- 			return(0);
- 			}
-@@ -480,7 +581,7 @@
- 	char *h,*p;
- 
- 	h=str;
--	p=strchr(str,':');
-+	p=strrchr(str,':');
- 	if (p == NULL)
- 		{
- 		BIO_printf(bio_err,"no port defined\n");
-@@ -488,7 +589,7 @@
- 		}
- 	*(p++)='\0';
- 
--	if ((ip != NULL) && !host_ip(str,ip))
-+	if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- 		goto err;
- 	if (host_ptr != NULL) *host_ptr=h;
- 
-@@ -499,48 +600,58 @@
- 	return(0);
- 	}
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- 	{
--	unsigned int in[4]; 
-+	unsigned int in[4];
-+	unsigned long l;
- 	int i;
- 
--	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+	if ((domain == AF_INET) &&
-+	    (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- 		{
-+		
- 		for (i=0; i<4; i++)
- 			if (in[i] > 255)
- 				{
- 				BIO_printf(bio_err,"invalid IP address\n");
- 				goto err;
- 				}
--		ip[0]=in[0];
--		ip[1]=in[1];
--		ip[2]=in[2];
--		ip[3]=in[3];
--		}
-+		l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+		memcpy(ip, &l, 4);
-+		return 1;
-+		}
-+#if OPENSSL_USE_IPV6
-+	else if ((domain == AF_INET6) &&
-+	         (inet_pton(AF_INET6, str, ip) == 1))
-+	         return 1;
-+#endif
- 	else
- 		{ /* do a gethostbyname */
- 		struct hostent *he;
- 
- 		if (!ssl_sock_init()) return(0);
- 
--		he=GetHostByName(str);
-+		he=GetHostByName(str,domain);
- 		if (he == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			goto err;
- 			}
- 		/* cast to short because of win16 winsock definition */
--		if ((short)he->h_addrtype != AF_INET)
-+		if ((short)he->h_addrtype != domain)
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- 			return(0);
- 			}
--		ip[0]=he->h_addr_list[0][0];
--		ip[1]=he->h_addr_list[0][1];
--		ip[2]=he->h_addr_list[0][2];
--		ip[3]=he->h_addr_list[0][3];
-+		if (domain == AF_INET)
-+			memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+		else
-+			memset(ip, 0, 16);
-+#endif
-+		memcpy(ip, he->h_addr_list[0], he->h_length);
-+		return 1;
- 		}
--	return(1);
- err:
- 	return(0);
- 	}
-@@ -577,7 +688,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- 	{
- 	struct hostent *ret;
- 	int i,lowi=0;
-@@ -592,14 +703,20 @@
- 			}
- 		if (ghbn_cache[i].order > 0)
- 			{
--			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+			if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+			    (ghbn_cache[i].ent.h_addrtype == domain))
- 				break;
- 			}
- 		}
- 	if (i == GHBN_NUM) /* no hit*/
- 		{
- 		ghbn_miss++;
--		ret=gethostbyname(name);
-+		if (domain == AF_INET)
-+			ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+		else
-+			ret=gethostbyname2(name, AF_INET6);
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)

diff --git a/dev-libs/openssl/files/openssl-1.0.1k-aix-soname.patch b/dev-libs/openssl/files/openssl-1.0.1k-aix-soname.patch
deleted file mode 100644
index 50c11d1c47..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1k-aix-soname.patch
+++ /dev/null
@@ -1,76 +0,0 @@
---- Configure
-+++ Configure
-@@ -933,6 +933,10 @@
- 				{
- 				$cross_compile_prefix=$1;
- 				}
-+			elsif (/^--with-aix-soname=(aix|both|svr4)$/)
-+				{
-+				$withargs{"aix-soname"}=$1;
-+				}
- 			else
- 				{
- 				print STDERR $usage;
-@@ -1386,6 +1390,10 @@
- 	$no_shared_warn = 1 if !$no_shared;
- 	$no_shared = 1;
- 	}
-+elsif ($shared_target eq "aix-shared" && defined($withargs{"aix-soname"}))
-+	{
-+	$shared_target .= "-" . $withargs{"aix-soname"};
-+	}
- if (!$no_shared)
- 	{
- 	if ($shared_cflag ne "")
---- Makefile.shared
-+++ Makefile.shared
-@@ -545,6 +545,38 @@
- 	NOALLSYMSFLAGS=''; \
- 	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \
- 	$(LINK_SO_O);
-+link_a.aix.svr4:
-+	@ $(CALC_VERSIONS); \
-+	OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
-+	OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
-+	SHLIB=lib$(LIBNAME).so; \
-+	SHLIB_SUFFIX=; \
-+	test "$$OBJECT_MODE" = 64 && shr='shr_64' || shr='shr'; \
-+	shrexp=$$SHLIB$$SHLIB_SOVER.d/$$shr.exp; \
-+	shrimp=$$SHLIB$$SHLIB_SOVER.d/$$shr.imp; \
-+	ALLSYMSFLAGS="-Wl,-bexport:$$shrexp"; \
-+	NOALLSYMSFLAGS=''; \
-+	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-G,-bernotok,-bsymbolic,-bnolibpath'; \
-+	NM='$(NM)'; : $${NM:=nm}; \
-+	AR='$(AR)'; : $${AR:=ar r}; \
-+	STRIP='$(STRIP)'; : $${STRIP:=strip}; \
-+	SHOBJECTS="lib$(LIBNAME).a $(LIBEXTRAS)"; \
-+	( rm -rf $$SHLIB$$SHLIB_SOVER.d && \
-+	  mkdir $$SHLIB$$SHLIB_SOVER.d && \
-+	  $${NM} -PCpgl $$SHOBJECTS \
-+	    | awk '{ \
-+		if ((($$ 2 == "T") || ($$ 2 == "D") || ($$ 2 == "B") || ($$ 2 == "W") || ($$ 2 == "V") || ($$ 2 == "Z")) && (substr($$ 1, 1, 1) != ".")) { \
-+		  if (($$ 2 == "W") || ($$ 2 == "V") || ($$ 2 == "Z")) { print $$ 1 " weak" } else { print $$ 1 } \
-+	      } }' \
-+	    | sort -u > $$shrexp && \
-+	  { echo "#! $$SHLIB$$SHLIB_SOVER($$shr.o)"; echo "# $$OBJECT_MODE"; cat $$shrexp; } > $$shrimp && \
-+	  INHIBIT_SYMLINKS=1; \
-+	  SHLIB_SUFFIX=".d/$$shr.o"; \
-+	  $(LINK_SO) && \
-+	  $${STRIP} -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX && \
-+	  $${AR} $$SHLIB$$SHLIB_SOVER $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX $$shrimp && \
-+	  rm -rf $$SHLIB$$SHLIB_SOVER.d \
-+	) && $(SYMLINK_SO)
- link_a.aix:
- 	@ $(CALC_VERSIONS); \
- 	OBJECT_MODE=`expr "x$(SHARED_LDFLAGS)" : 'x\-[a-z]*\(64\)'` || : ; \
-@@ -649,6 +681,10 @@
- link_a.aix-shared: link_a.aix
- link_app.aix-shared: link_app.aix
- symlink.aix-shared: symlink.aix
-+link_o.aix-shared-svr4: link_o.aix
-+link_a.aix-shared-svr4: link_a.aix.svr4
-+link_app.aix-shared-svr4: link_app.aix
-+symlink.aix-shared-svr4: symlink.aix
- link_o.reliantunix-shared: link_o.reliantunix
- link_a.reliantunix-shared: link_a.reliantunix
- link_app.reliantunix-shared: link_app.reliantunix

diff --git a/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch b/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch
deleted file mode 100644
index 73029985ae..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-https://bugs.gentoo.org/554338
-https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest
-
-From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Fri, 10 Jul 2015 01:50:52 -0400
-Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions
-
-The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro.  Using
-just the former with newer versions leads to a build time warning, so
-make sure to use the new macro too.
----
- ssl/ssltest.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/ssl/ssltest.c b/ssl/ssltest.c
-index 26cf96c..b36f667 100644
---- a/ssl/ssltest.c
-+++ b/ssl/ssltest.c
-@@ -141,6 +141,7 @@
-  */
- 
- /* Or gethostname won't be declared properly on Linux and GNU platforms. */
-+#define _DEFAULT_SOURCE 1
- #define _BSD_SOURCE 1
- 
- #include <assert.h>
--- 
-2.4.4
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
deleted file mode 100644
index 6d396b42be..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-https://bugs.gentoo.org/541502
-
-From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Mon, 9 Feb 2015 11:38:41 +0000
-Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
-
-CVE-2015-0209
-
-Reviewed-by: Emilia Käsper <emilia@openssl.org>
----
- crypto/ec/ec_asn1.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index 30b7df4..d3e8316 100644
---- a/crypto/ec/ec_asn1.c
-+++ b/crypto/ec/ec_asn1.c
-@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
-             ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-             goto err;
-         }
--        if (a)
--            *a = ret;
-     } else
-         ret = *a;
- 
-@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
-         }
-     }
- 
-+    if (a)
-+        *a = ret;
-     ok = 1;
-  err:
-     if (!ok) {
--        if (ret)
-+        if (ret && (a == NULL || *a != ret))
-             EC_KEY_free(ret);
-         ret = NULL;
-     }
--- 
-2.3.1
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
deleted file mode 100644
index a6a10b0a2c..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-https://bugs.gentoo.org/542038
-
-From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001
-From: "Dr. Stephen Henson" <steve@openssl.org>
-Date: Wed, 18 Feb 2015 00:34:59 +0000
-Subject: [PATCH] Check public key is not NULL.
-
-CVE-2015-0288
-PR#3708
-
-Reviewed-by: Matt Caswell <matt@openssl.org>
----
- crypto/x509/x509_req.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
-index bc6e566..01795f4 100644
---- a/crypto/x509/x509_req.c
-+++ b/crypto/x509/x509_req.c
-@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-         goto err;
- 
-     pktmp = X509_get_pubkey(x);
-+    if (pktmp == NULL)
-+        goto err;
-     i = X509_REQ_set_pubkey(ret, pktmp);
-     EVP_PKEY_free(pktmp);
-     if (!i)
--- 
-2.3.1
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
deleted file mode 100644
index 852d06e918..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
+++ /dev/null
@@ -1,459 +0,0 @@
---- openssl-1.0.2/crypto/asn1/a_type.c
-+++ openssl-1.0.2/crypto/asn1/a_type.c
-@@ -119,6 +119,9 @@
-     case V_ASN1_OBJECT:
-         result = OBJ_cmp(a->value.object, b->value.object);
-         break;
-+    case V_ASN1_BOOLEAN:
-+        result = a->value.boolean - b->value.boolean;
-+        break;
-     case V_ASN1_NULL:
-         result = 0;             /* They do not have content. */
-         break;
---- openssl-1.0.2/crypto/asn1/tasn_dec.c
-+++ openssl-1.0.2/crypto/asn1/tasn_dec.c
-@@ -140,11 +140,17 @@
- {
-     ASN1_TLC c;
-     ASN1_VALUE *ptmpval = NULL;
--    if (!pval)
--        pval = &ptmpval;
-     asn1_tlc_clear_nc(&c);
--    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
--        return *pval;
-+    if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
-+        ptmpval = *pval;
-+    if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
-+        if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
-+            if (*pval)
-+                ASN1_item_free(*pval, it);
-+            *pval = ptmpval;
-+        }
-+        return ptmpval;
-+    }
-     return NULL;
- }
- 
-@@ -304,9 +310,16 @@
-     case ASN1_ITYPE_CHOICE:
-         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-             goto auxerr;
--
--        /* Allocate structure */
--        if (!*pval && !ASN1_item_ex_new(pval, it)) {
-+        if (*pval) {
-+            /* Free up and zero CHOICE value if initialised */
-+            i = asn1_get_choice_selector(pval, it);
-+            if ((i >= 0) && (i < it->tcount)) {
-+                tt = it->templates + i;
-+                pchptr = asn1_get_field_ptr(pval, tt);
-+                ASN1_template_free(pchptr, tt);
-+                asn1_set_choice_selector(pval, -1, it);
-+            }
-+        } else if (!ASN1_item_ex_new(pval, it)) {
-             ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-             goto err;
-         }
-@@ -386,6 +399,17 @@
-         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
-             goto auxerr;
- 
-+        /* Free up and zero any ADB found */
-+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
-+                const ASN1_TEMPLATE *seqtt;
-+                ASN1_VALUE **pseqval;
-+                seqtt = asn1_do_adb(pval, tt, 1);
-+                pseqval = asn1_get_field_ptr(pval, seqtt);
-+                ASN1_template_free(pseqval, seqtt);
-+            }
-+        }
-+
-         /* Get each field entry */
-         for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
-             const ASN1_TEMPLATE *seqtt;
---- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
-+++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
-@@ -261,6 +261,25 @@
-     PKCS7_RECIP_INFO *ri = NULL;
-     ASN1_OCTET_STRING *os = NULL;
- 
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
-+        return NULL;
-+    }
-+    /*
-+     * The content field in the PKCS7 ContentInfo is optional, but that really
-+     * only applies to inner content (precisely, detached signatures).
-+     *
-+     * When reading content, missing outer content is therefore treated as an
-+     * error.
-+     *
-+     * When creating content, PKCS7_content_new() must be called before
-+     * calling this method, so a NULL p7->d is always an error.
-+     */
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
-+        return NULL;
-+    }
-+
-     i = OBJ_obj2nid(p7->type);
-     p7->state = PKCS7_S_HEADER;
- 
-@@ -411,6 +430,16 @@
-     unsigned char *ek = NULL, *tkey = NULL;
-     int eklen = 0, tkeylen = 0;
- 
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
-+        return NULL;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
-+        return NULL;
-+    }
-+
-     i = OBJ_obj2nid(p7->type);
-     p7->state = PKCS7_S_HEADER;
- 
-@@ -707,6 +736,16 @@
-     STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
-     ASN1_OCTET_STRING *os = NULL;
- 
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
-+        return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
-+        return 0;
-+    }
-+
-     EVP_MD_CTX_init(&ctx_tmp);
-     i = OBJ_obj2nid(p7->type);
-     p7->state = PKCS7_S_HEADER;
-@@ -746,6 +785,7 @@
-         /* If detached data then the content is excluded */
-         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-             M_ASN1_OCTET_STRING_free(os);
-+            os = NULL;
-             p7->d.sign->contents->d.data = NULL;
-         }
-         break;
-@@ -755,6 +795,7 @@
-         /* If detached data then the content is excluded */
-         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
-             M_ASN1_OCTET_STRING_free(os);
-+            os = NULL;
-             p7->d.digest->contents->d.data = NULL;
-         }
-         break;
-@@ -820,22 +861,30 @@
-         M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-     }
- 
--    if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
--        char *cont;
--        long contlen;
--        btmp = BIO_find_type(bio, BIO_TYPE_MEM);
--        if (btmp == NULL) {
--            PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
--            goto err;
--        }
--        contlen = BIO_get_mem_data(btmp, &cont);
-+    if (!PKCS7_is_detached(p7)) {
-         /*
--         * Mark the BIO read only then we can use its copy of the data
--         * instead of making an extra copy.
-+         * NOTE(emilia): I think we only reach os == NULL here because detached
-+         * digested data support is broken.
-          */
--        BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
--        BIO_set_mem_eof_return(btmp, 0);
--        ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-+        if (os == NULL)
-+            goto err;
-+        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
-+            char *cont;
-+            long contlen;
-+            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
-+            if (btmp == NULL) {
-+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-+                goto err;
-+            }
-+            contlen = BIO_get_mem_data(btmp, &cont);
-+            /*
-+             * Mark the BIO read only then we can use its copy of the data
-+             * instead of making an extra copy.
-+             */
-+            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-+            BIO_set_mem_eof_return(btmp, 0);
-+            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
-+        }
-     }
-     ret = 1;
-  err:
-@@ -910,6 +959,16 @@
-     STACK_OF(X509) *cert;
-     X509 *x509;
- 
-+    if (p7 == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
-+        return 0;
-+    }
-+
-+    if (p7->d.ptr == NULL) {
-+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
-+        return 0;
-+    }
-+
-     if (PKCS7_type_is_signed(p7)) {
-         cert = p7->d.sign->cert;
-     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
---- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
-+++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
-@@ -70,6 +70,7 @@
-     nid = OBJ_obj2nid(p7->type);
- 
-     switch (cmd) {
-+    /* NOTE(emilia): does not support detached digested data. */
-     case PKCS7_OP_SET_DETACHED_SIGNATURE:
-         if (nid == NID_pkcs7_signed) {
-             ret = p7->detached = (int)larg;
-@@ -444,6 +445,8 @@
- 
- STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
- {
-+    if (p7 == NULL || p7->d.ptr == NULL)
-+        return NULL;
-     if (PKCS7_type_is_signed(p7)) {
-         return (p7->d.sign->signer_info);
-     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
---- openssl-1.0.2/crypto/rsa/rsa_ameth.c
-+++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
-@@ -698,9 +698,10 @@
-         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
-         return -1;
-     }
--    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
-+    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
-         /* Carry on */
-         return 2;
-+    }
-     return -1;
- }
- 
---- openssl-1.0.2/doc/crypto/d2i_X509.pod
-+++ openssl-1.0.2/doc/crypto/d2i_X509.pod
-@@ -207,6 +207,12 @@
- persist if they are not present in the new one. As a result the use
- of this "reuse" behaviour is strongly discouraged.
- 
-+Current versions of OpenSSL will not modify B<*px> if an error occurs.
-+If parsing succeeds then B<*px> is freed (if it is not NULL) and then
-+set to the value of the newly decoded structure. As a result B<*px>
-+B<must not> be allocated on the stack or an attempt will be made to
-+free an invalid pointer.
-+
- i2d_X509() will not return an error in many versions of OpenSSL,
- if mandatory fields are not initialized due to a programming error
- then the encoded structure may contain invalid data or omit the
-@@ -233,7 +239,9 @@
- 
- d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
- or B<NULL> if an error occurs. The error code that can be obtained by
--L<ERR_get_error(3)|ERR_get_error(3)>. 
-+L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
-+with a valid X509 structure being passed in via B<px> then the object is not
-+modified in the event of error.
- 
- i2d_X509() returns the number of bytes successfully encoded or a negative
- value if an error occurs. The error code can be obtained by
---- openssl-1.0.2/ssl/d1_lib.c
-+++ openssl-1.0.2/ssl/d1_lib.c
-@@ -543,6 +543,9 @@
- {
-     int ret;
- 
-+    /* Ensure there is no state left over from a previous invocation */
-+    SSL_clear(s);
-+
-     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
-     s->d1->listen = 1;
- 
---- openssl-1.0.2/ssl/s2_lib.c
-+++ openssl-1.0.2/ssl/s2_lib.c
-@@ -493,7 +493,7 @@
- 
-         OPENSSL_assert(s->session->master_key_length >= 0
-                        && s->session->master_key_length
--                       < (int)sizeof(s->session->master_key));
-+                       <= (int)sizeof(s->session->master_key));
-         EVP_DigestUpdate(&ctx, s->session->master_key,
-                          s->session->master_key_length);
-         EVP_DigestUpdate(&ctx, &c, 1);
---- openssl-1.0.2/ssl/s2_srvr.c
-+++ openssl-1.0.2/ssl/s2_srvr.c
-@@ -454,11 +454,6 @@
-         SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
-         return (-1);
-     }
--    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
--                                &(p[s->s2->tmp.clear]),
--                                &(p[s->s2->tmp.clear]),
--                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
--                                RSA_PKCS1_PADDING);
- 
-     is_export = SSL_C_IS_EXPORT(s->session->cipher);
- 
-@@ -475,23 +470,61 @@
-     } else
-         ek = 5;
- 
-+    /*
-+     * The format of the CLIENT-MASTER-KEY message is
-+     * 1 byte message type
-+     * 3 bytes cipher
-+     * 2-byte clear key length (stored in s->s2->tmp.clear)
-+     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
-+     * 2-byte key args length (IV etc)
-+     * clear key
-+     * encrypted key
-+     * key args
-+     *
-+     * If the cipher is an export cipher, then the encrypted key bytes
-+     * are a fixed portion of the total key (5 or 8 bytes). The size of
-+     * this portion is in |ek|. If the cipher is not an export cipher,
-+     * then the entire key material is encrypted (i.e., clear key length
-+     * must be zero).
-+     */
-+    if ((!is_export && s->s2->tmp.clear != 0) ||
-+        (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
-+        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
-+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
-+        return -1;
-+    }
-+    /*
-+     * The encrypted blob must decrypt to the encrypted portion of the key.
-+     * Decryption can't be expanding, so if we don't have enough encrypted
-+     * bytes to fit the key in the buffer, stop now.
-+     */
-+    if ((is_export && s->s2->tmp.enc < ek) ||
-+        (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
-+        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
-+        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
-+        return -1;
-+    }
-+
-+    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
-+                                &(p[s->s2->tmp.clear]),
-+                                &(p[s->s2->tmp.clear]),
-+                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
-+                                RSA_PKCS1_PADDING);
-+
-     /* bad decrypt */
- # if 1
-     /*
-      * If a bad decrypt, continue with protocol but with a random master
-      * secret (Bleichenbacher attack)
-      */
--    if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
--                    || (is_export && ((i != ek)
--                                      || (s->s2->tmp.clear +
--                                          (unsigned int)i != (unsigned int)
--                                          EVP_CIPHER_key_length(c)))))) {
-+    if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
-+                    || (is_export && i != ek))) {
-         ERR_clear_error();
-         if (is_export)
-             i = ek;
-         else
-             i = EVP_CIPHER_key_length(c);
--        if (RAND_pseudo_bytes(p, i) <= 0)
-+        if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
-             return 0;
-     }
- # else
-@@ -513,7 +546,7 @@
- # endif
- 
-     if (is_export)
--        i += s->s2->tmp.clear;
-+        i = EVP_CIPHER_key_length(c);
- 
-     if (i > SSL_MAX_MASTER_KEY_LENGTH) {
-         ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
---- openssl-1.0.2/ssl/s3_pkt.c
-+++ openssl-1.0.2/ssl/s3_pkt.c
-@@ -780,7 +780,7 @@
- 
-             i = ssl3_write_pending(s, type, &buf[tot], nw);
-             if (i <= 0) {
--                if (i < 0) {
-+                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
-                     OPENSSL_free(wb->buf);
-                     wb->buf = NULL;
-                 }
---- openssl-1.0.2/ssl/s3_srvr.c
-+++ openssl-1.0.2/ssl/s3_srvr.c
-@@ -2251,10 +2251,17 @@
-     if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
-         int idx = -1;
-         EVP_PKEY *skey = NULL;
--        if (n)
-+        if (n) {
-             n2s(p, i);
--        else
-+        } else {
-+            if (alg_k & SSL_kDHE) {
-+                al = SSL_AD_HANDSHAKE_FAILURE;
-+                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
-+                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
-+                goto f_err;
-+            }
-             i = 0;
-+        }
-         if (n && n != i + 2) {
-             if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
-                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
---- openssl-1.0.2/ssl/t1_lib.c
-+++ openssl-1.0.2/ssl/t1_lib.c
-@@ -2965,6 +2965,7 @@
-     if (s->cert->shared_sigalgs) {
-         OPENSSL_free(s->cert->shared_sigalgs);
-         s->cert->shared_sigalgs = NULL;
-+        s->cert->shared_sigalgslen = 0;
-     }
-     /* Clear certificate digests and validity flags */
-     for (i = 0; i < SSL_PKEY_NUM; i++) {
-@@ -3618,6 +3619,7 @@
-     if (c->shared_sigalgs) {
-         OPENSSL_free(c->shared_sigalgs);
-         c->shared_sigalgs = NULL;
-+        c->shared_sigalgslen = 0;
-     }
-     /* If client use client signature algorithms if not NULL */
-     if (!s->server && c->client_sigalgs && !is_suiteb) {
-@@ -3640,12 +3642,14 @@
-         preflen = c->peer_sigalgslen;
-     }
-     nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
--    if (!nmatch)
--        return 1;
--    salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
--    if (!salgs)
--        return 0;
--    nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
-+    if (nmatch) {
-+        salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
-+        if (!salgs)
-+            return 0;
-+        nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
-+    } else {
-+        salgs = NULL;
-+    }
-     c->shared_sigalgs = salgs;
-     c->shared_sigalgslen = nmatch;
-     return 1;

diff --git a/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch
deleted file mode 100644
index 27574ea616..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch
+++ /dev/null
@@ -1,611 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-
---- openssl-1.0.2/apps/s_apps.h
-+++ openssl-1.0.2/apps/s_apps.h
-@@ -154,7 +154,7 @@
- int do_server(int port, int type, int *ret,
-               int (*cb) (char *hostname, int s, int stype,
-                          unsigned char *context), unsigned char *context,
--              int naccept);
-+              int naccept, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -167,7 +167,8 @@
- int ssl_print_curves(BIO *out, SSL *s, int noshared);
- #endif
- int ssl_print_tmp_key(BIO *out, SSL *s);
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type,
-+		int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
---- openssl-1.0.2/apps/s_client.c
-+++ openssl-1.0.2/apps/s_client.c
-@@ -302,6 +302,10 @@
- {
-     BIO_printf(bio_err, "usage: s_client args\n");
-     BIO_printf(bio_err, "\n");
-+    BIO_printf(bio_err, " -4             - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+    BIO_printf(bio_err, " -6             - use IPv6 only\n");
-+#endif
-     BIO_printf(bio_err, " -host host     - use -connect instead\n");
-     BIO_printf(bio_err, " -port port     - use -connect instead\n");
-     BIO_printf(bio_err,
-@@ -658,6 +662,7 @@
-     int sbuf_len, sbuf_off;
-     fd_set readfds, writefds;
-     short port = PORT;
-+    int use_ipv4, use_ipv6;
-     int full_log = 1;
-     char *host = SSL_HOST_NAME;
-     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
-@@ -709,7 +714,11 @@
- #endif
-     char *sess_in = NULL;
-     char *sess_out = NULL;
--    struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+    struct sockaddr_storage peer;
-+#else
-+    struct sockaddr_in peer;
-+#endif
-     int peerlen = sizeof(peer);
-     int fallback_scsv = 0;
-     int enable_timeouts = 0;
-@@ -737,6 +746,12 @@
- 
-     meth = SSLv23_client_method();
- 
-+    use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+    use_ipv6 = 1;
-+#else
-+    use_ipv6 = 0;
-+#endif
-     apps_startup();
-     c_Pause = 0;
-     c_quiet = 0;
-@@ -1096,6 +1111,16 @@
-             jpake_secret = *++argv;
-         }
- #endif
-+	else if (strcmp(*argv,"-4") == 0) {
-+	    use_ipv4 = 1;
-+	    use_ipv6 = 0;
-+	}
-+#if OPENSSL_USE_IPV6
-+	else if (strcmp(*argv,"-6") == 0) {
-+	    use_ipv4 = 0;
-+	    use_ipv6 = 1;
-+	}
-+#endif
- #ifndef OPENSSL_NO_SRTP
-         else if (strcmp(*argv, "-use_srtp") == 0) {
-             if (--argc < 1)
-@@ -1421,7 +1446,7 @@
- 
-  re_start:
- 
--    if (init_client(&s, host, port, socket_type) == 0) {
-+    if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
-         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
-         SHUTDOWN(s);
-         goto end;
-@@ -1444,7 +1469,7 @@
-     if (socket_type == SOCK_DGRAM) {
- 
-         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
--        if (getsockname(s, &peer, (void *)&peerlen) < 0) {
-+        if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
-             BIO_printf(bio_err, "getsockname:errno=%d\n",
-                        get_last_socket_error());
-             SHUTDOWN(s);
---- openssl-1.0.2/apps/s_server.c
-+++ openssl-1.0.2/apps/s_server.c
-@@ -643,6 +643,10 @@
-     BIO_printf(bio_err,
-                " -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
- #endif
-+    BIO_printf(bio_err, " -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+    BIO_printf(bio_err, " -6            - use IPv6 only\n");
-+#endif
-     BIO_printf(bio_err,
-                " -keymatexport label   - Export keying material using label\n");
-     BIO_printf(bio_err,
-@@ -1070,6 +1074,7 @@
-     int state = 0;
-     const SSL_METHOD *meth = NULL;
-     int socket_type = SOCK_STREAM;
-+    int use_ipv4, use_ipv6;
-     ENGINE *e = NULL;
-     char *inrand = NULL;
-     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -1111,6 +1116,12 @@
- 
-     meth = SSLv23_server_method();
- 
-+    use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+    use_ipv6 = 1;
-+#else
-+    use_ipv6 = 0;
-+#endif
-     local_argc = argc;
-     local_argv = argv;
- 
-@@ -1503,6 +1514,16 @@
-             jpake_secret = *(++argv);
-         }
- #endif
-+	else if (strcmp(*argv,"-4") == 0) {
-+	    use_ipv4 = 1;
-+	    use_ipv6 = 0;
-+	}
-+#if OPENSSL_USE_IPV6
-+	else if (strcmp(*argv,"-6") == 0) {
-+	    use_ipv4 = 0;
-+	    use_ipv6 = 1;
-+	}
-+#endif
- #ifndef OPENSSL_NO_SRTP
-         else if (strcmp(*argv, "-use_srtp") == 0) {
-             if (--argc < 1)
-@@ -2023,13 +2044,13 @@
-     (void)BIO_flush(bio_s_out);
-     if (rev)
-         do_server(port, socket_type, &accept_socket, rev_body, context,
--                  naccept);
-+                  naccept, use_ipv4, use_ipv6);
-     else if (www)
-         do_server(port, socket_type, &accept_socket, www_body, context,
--                  naccept);
-+                  naccept, use_ipv4, use_ipv6);
-     else
-         do_server(port, socket_type, &accept_socket, sv_body, context,
--                  naccept);
-+                  naccept, use_ipv4, use_ipv6);
-     print_stats(bio_s_out, ctx);
-     ret = 0;
-  end:
---- openssl-1.0.2/apps/s_socket.c
-+++ openssl-1.0.2/apps/s_socket.c
-@@ -101,16 +101,16 @@
- #  include "netdb.h"
- # endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- # endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port, char *ip, int type);
-+static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- # ifdef OPENSSL_SYS_WIN16
- #  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
-@@ -231,38 +231,68 @@
-     return (1);
- }
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- {
-+# if OPENSSL_USE_IPV6
-+    unsigned char ip[16];
-+# else
-     unsigned char ip[4];
-+# endif
- 
--    memset(ip, '\0', sizeof ip);
--    if (!host_ip(host, &(ip[0])))
--        return 0;
--    return init_client_ip(sock, ip, port, type);
--}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--{
--    unsigned long addr;
-+    if (use_ipv4)
-+	if (host_ip(host, ip, AF_INET))
-+	    return(init_client_ip(sock, ip, port, type, AF_INET));
-+# if OPENSSL_USE_IPV6
-+    if (use_ipv6)
-+	if (host_ip(host, ip, AF_INET6))
-+	    return(init_client_ip(sock, ip, port, type, AF_INET6));
-+# endif
-+    return 0;
-+}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+{
-+# if OPENSSL_USE_IPV6
-+    struct sockaddr_storage them;
-+    struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+    struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+# else
-     struct sockaddr_in them;
-+    struct sockaddr_in *them_in = &them;
-+# endif
-+    socklen_t addr_len;
-     int s, i;
- 
-     if (!ssl_sock_init())
-         return (0);
- 
-     memset((char *)&them, 0, sizeof(them));
--    them.sin_family = AF_INET;
--    them.sin_port = htons((unsigned short)port);
--    addr = (unsigned long)
--        ((unsigned long)ip[0] << 24L) |
--        ((unsigned long)ip[1] << 16L) |
--        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
--    them.sin_addr.s_addr = htonl(addr);
-+    if (domain == AF_INET) {
-+	addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+	them_in->sin_family=AF_INET;
-+	them_in->sin_port=htons((unsigned short)port);
-+# ifndef BIT_FIELD_LIMITS
-+	memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+# else
-+	memcpy(&them_in->sin_addr, ip, 4);
-+# endif
-+    }
-+    else
-+# if OPENSSL_USE_IPV6
-+    {
-+	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+	them_in6->sin6_family=AF_INET6;
-+	them_in6->sin6_port=htons((unsigned short)port);
-+	memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+    }
-+# else
-+	return(0);
-+# endif
- 
-     if (type == SOCK_STREAM)
--        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
-+        s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
-     else                        /* ( type == SOCK_DGRAM) */
--        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-+        s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
- 
-     if (s == INVALID_SOCKET) {
-         perror("socket");
-@@ -280,7 +310,7 @@
-     }
- # endif
- 
--    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
-+    if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
-         closesocket(s);
-         perror("connect");
-         return (0);
-@@ -292,14 +322,14 @@
- int do_server(int port, int type, int *ret,
-               int (*cb) (char *hostname, int s, int stype,
-                          unsigned char *context), unsigned char *context,
--              int naccept)
-+              int naccept, int use_ipv4, int use_ipv6)
- {
-     int sock;
-     char *name = NULL;
-     int accept_socket = 0;
-     int i;
- 
--    if (!init_server(&accept_socket, port, type))
-+    if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
-         return (0);
- 
-     if (ret != NULL) {
-@@ -328,32 +358,41 @@
-     }
- }
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- {
-     int ret = 0;
-+    int domain;
-+# if OPENSSL_USE_IPV6
-+    struct sockaddr_storage server;
-+    struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+    struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+# else
-     struct sockaddr_in server;
-+    struct sockaddr_in *server_in = &server;
-+# endif
-+    socklen_t addr_len;
-     int s = -1;
- 
-+    if (!use_ipv4 && !use_ipv6)
-+	goto err;
-+# if OPENSSL_USE_IPV6
-+    /* we are fine here */
-+# else
-+    if (use_ipv6)
-+	goto err;
-+# endif
-     if (!ssl_sock_init())
-         return (0);
- 
--    memset((char *)&server, 0, sizeof(server));
--    server.sin_family = AF_INET;
--    server.sin_port = htons((unsigned short)port);
--    if (ip == NULL)
--        server.sin_addr.s_addr = INADDR_ANY;
--    else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--# ifndef BIT_FIELD_LIMITS
--        memcpy(&server.sin_addr.s_addr, ip, 4);
-+#if OPENSSL_USE_IPV6
-+    domain = use_ipv6 ? AF_INET6 : AF_INET;
- # else
--        memcpy(&server.sin_addr, ip, 4);
-+    domain = AF_INET;
- # endif
--
-     if (type == SOCK_STREAM)
--        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
--    else                        /* type == SOCK_DGRAM */
--        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
-+	s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
-+    else /* type == SOCK_DGRAM */
-+	s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
- 
-     if (s == INVALID_SOCKET)
-         goto err;
-@@ -363,7 +402,42 @@
-         setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
-     }
- # endif
--    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
-+# if OPENSSL_USE_IPV6
-+    if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
-+	const int on = 1;
-+
-+	setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		    (const void *) &on, sizeof(int));
-+    }
-+# endif
-+    if (domain == AF_INET) {
-+	addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+	memset(server_in, 0, sizeof(struct sockaddr_in));
-+	server_in->sin_family=AF_INET;
-+	server_in->sin_port = htons((unsigned short)port);
-+	if (ip == NULL)
-+	    server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+	else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+# ifndef BIT_FIELD_LIMITS
-+	    memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+# else
-+	    memcpy(&server_in->sin_addr, ip, 4);
-+# endif
-+    }
-+# if OPENSSL_USE_IPV6
-+    else {
-+	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+	memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+	server_in6->sin6_family = AF_INET6;
-+	server_in6->sin6_port = htons((unsigned short)port);
-+	if (ip == NULL)
-+	    server_in6->sin6_addr = in6addr_any;
-+	else
-+	    memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
-+    }
-+# endif
-+    if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
- # ifndef OPENSSL_SYS_WINDOWS
-         perror("bind");
- # endif
-@@ -381,16 +455,23 @@
-     return (ret);
- }
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- {
--    return (init_server_long(sock, port, NULL, type));
-+    return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- }
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- {
-     int ret;
-     struct hostent *h1, *h2;
--    static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+    struct sockaddr_storage from;
-+    struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+    struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+    struct sockaddr_in from;
-+    struct sockaddr_in *from_in = &from;
-+#endif
-     int len;
- /*      struct linger ling; */
- 
-@@ -440,14 +521,25 @@
- 
-     if (host == NULL)
-         goto end;
-+# if OPENSSL_USE_IPV6
-+    if (from.ss_family == AF_INET)
-+# else
-+    if (from.sin_family == AF_INET)
-+# endif
- # ifndef BIT_FIELD_LIMITS
--    /* I should use WSAAsyncGetHostByName() under windows */
--    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
--                       sizeof(from.sin_addr.s_addr), AF_INET);
-+	/* I should use WSAAsyncGetHostByName() under windows */
-+	h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+                	    sizeof(from_in->sin_addr.s_addr), AF_INET);
- # else
--    h1 = gethostbyaddr((char *)&from.sin_addr,
--                       sizeof(struct in_addr), AF_INET);
-+	h1 = gethostbyaddr((char *)&from_in->sin_addr,
-+            		    sizeof(struct in_addr), AF_INET);
-+# endif
-+# if OPENSSL_USE_IPV6
-+    else
-+	h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
-+			    sizeof(struct in6_addr), AF_INET6);
- # endif
-+	    
-     if (h1 == NULL) {
-         BIO_printf(bio_err, "bad gethostbyaddr\n");
-         *host = NULL;
-@@ -460,14 +552,22 @@
-         }
-         BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
- 
--        h2 = GetHostByName(*host);
-+# if OPENSSL_USE_IPV6
-+	h2=GetHostByName(*host, from.ss_family);
-+# else
-+	h2=GetHostByName(*host, from.sin_family);
-+# endif
-         if (h2 == NULL) {
-             BIO_printf(bio_err, "gethostbyname failure\n");
-             closesocket(ret);
-             return (0);
-         }
--        if (h2->h_addrtype != AF_INET) {
--            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-+# if OPENSSL_USE_IPV6
-+	if (h2->h_addrtype != from.ss_family) {
-+# else
-+	if (h2->h_addrtype != from.sin_family) {
-+# endif
-+            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
-             closesocket(ret);
-             return (0);
-         }
-@@ -483,14 +583,14 @@
-     char *h, *p;
- 
-     h = str;
--    p = strchr(str, ':');
-+    p = strrchr(str, ':');
-     if (p == NULL) {
-         BIO_printf(bio_err, "no port defined\n");
-         return (0);
-     }
-     *(p++) = '\0';
- 
--    if ((ip != NULL) && !host_ip(str, ip))
-+    if ((ip != NULL) && !host_ip(str, ip, AF_INET))
-         goto err;
-     if (host_ptr != NULL)
-         *host_ptr = h;
-@@ -502,44 +602,51 @@
-     return (0);
- }
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- {
-     unsigned int in[4];
-+    unsigned long l;
-     int i;
- 
--    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
--        4) {
-+    if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
-         for (i = 0; i < 4; i++)
-             if (in[i] > 255) {
-                 BIO_printf(bio_err, "invalid IP address\n");
-                 goto err;
-             }
--        ip[0] = in[0];
--        ip[1] = in[1];
--        ip[2] = in[2];
--        ip[3] = in[3];
--    } else {                    /* do a gethostbyname */
-+	l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+	memcpy(ip, &l, 4);
-+	return 1;
-+    }
-+# if OPENSSL_USE_IPV6
-+    else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
-+	return 1;
-+# endif
-+    else {                    /* do a gethostbyname */
-         struct hostent *he;
- 
-         if (!ssl_sock_init())
-             return (0);
- 
--        he = GetHostByName(str);
-+        he = GetHostByName(str, domain);
-         if (he == NULL) {
-             BIO_printf(bio_err, "gethostbyname failure\n");
-             goto err;
-         }
-         /* cast to short because of win16 winsock definition */
--        if ((short)he->h_addrtype != AF_INET) {
--            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
-+        if ((short)he->h_addrtype != domain) {
-+            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
-             return (0);
-         }
--        ip[0] = he->h_addr_list[0][0];
--        ip[1] = he->h_addr_list[0][1];
--        ip[2] = he->h_addr_list[0][2];
--        ip[3] = he->h_addr_list[0][3];
-+	if (domain == AF_INET)
-+	    memset(ip, 0, 4);
-+# if OPENSSL_USE_IPV6
-+	else
-+	    memset(ip, 0, 16);
-+# endif
-+	memcpy(ip, he->h_addr_list[0], he->h_length);
-+	return 1;
-     }
--    return (1);
-  err:
-     return (0);
- }
-@@ -573,7 +680,7 @@
- static unsigned long ghbn_hits = 0L;
- static unsigned long ghbn_miss = 0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- {
-     struct hostent *ret;
-     int i, lowi = 0;
-@@ -585,13 +692,18 @@
-             lowi = i;
-         }
-         if (ghbn_cache[i].order > 0) {
--            if (strncmp(name, ghbn_cache[i].name, 128) == 0)
-+            if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
-                 break;
-         }
-     }
-     if (i == GHBN_NUM) {        /* no hit */
-         ghbn_miss++;
--        ret = gethostbyname(name);
-+        if (domain == AF_INET)
-+    	    ret = gethostbyname(name);
-+# if OPENSSL_USE_IPV6
-+	else
-+	    ret = gethostbyname2(name, AF_INET6);
-+# endif
-         if (ret == NULL)
-             return (NULL);
-         /* else add to cache */

diff --git a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
deleted file mode 100644
index 31d3f1d634..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
+++ /dev/null
@@ -1,354 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
-
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -247,17 +247,17 @@
- build_libs: build_crypto build_ssl build_engines
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -497,9 +497,9 @@
- dist_pem_h:
- 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
- 
--install: all install_docs install_sw
-+install: install_docs install_sw
- 
--install_sw:
-+install_dirs:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -508,6 +508,13 @@
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+	@$(PERL) $(TOP)/util/mkdir-p.pl \
-+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- 	do \
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -511,7 +511,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
-@@ -593,12 +600,7 @@
- 		done; \
- 	done
- 
--install_docs:
--	@$(PERL) $(TOP)/util/mkdir-p.pl \
--		$(INSTALL_PREFIX)$(MANDIR)/man1 \
--		$(INSTALL_PREFIX)$(MANDIR)/man3 \
--		$(INSTALL_PREFIX)$(MANDIR)/man5 \
--		$(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- 	here="`pwd`"; \
- 	filecase=; \
---- a/Makefile.shared
-+++ b/Makefile.shared
-@@ -105,6 +105,7 @@ LINK_SO=	\
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +124,7 @@ SYMLINK_SO=	\
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- a/crypto/Makefile
-+++ b/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	$(RANLIB) $(LIB) || echo Never mind.
- 
-@@ -110,7 +110,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -119,7 +119,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- a/engines/Makefile
-+++ b/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- a/test/Makefile
-+++ b/test/Makefile
-@@ -123,7 +123,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -365,109 +365,109 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -480,7 +480,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 
---- a/crypto/objects/Makefile
-+++ b/crypto/objects/Makefile
-@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
- 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
--	@sleep 1; touch obj_mac.h; sleep 1
- 
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
- 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
--	@sleep 1; touch obj_xref.h; sleep 1
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

diff --git a/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch
deleted file mode 100644
index 803a91dde9..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-https://bugs.gentoo.org/472584
-http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
-
-fix verification handling in s_client.  when loading paths, make sure
-we properly fallback to setting the default paths.
-
---- openssl-1.0.2/apps/s_client.c
-+++ openssl-1.0.2/apps/s_client.c
-@@ -1337,7 +1337,7 @@
- 
-     SSL_CTX_set_verify(ctx, verify, verify_callback);
- 
--    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
-+    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
-         (!SSL_CTX_set_default_verify_paths(ctx))) {
-         /*
-          * BIO_printf(bio_err,"error setting default verify locations\n");

diff --git a/dev-libs/openssl/files/openssl-1.0.2_beta2-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.2_beta2-ipv6.patch
deleted file mode 100644
index 8683d2829f..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2_beta2-ipv6.patch
+++ /dev/null
@@ -1,640 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-
---- openssl-1.0.2-beta2/apps/s_apps.h
-+++ openssl-1.0.2-beta2/apps/s_apps.h
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
- 
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -161,7 +161,7 @@
- int ssl_print_curves(BIO *out, SSL *s, int noshared);
- #endif
- int ssl_print_tmp_key(BIO *out, SSL *s);
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
---- openssl-1.0.2-beta2/apps/s_client.c
-+++ openssl-1.0.2-beta2/apps/s_client.c
-@@ -288,6 +288,10 @@
- 	{
- 	BIO_printf(bio_err,"usage: s_client args\n");
- 	BIO_printf(bio_err,"\n");
-+	BIO_printf(bio_err," -4             - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6             - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -host host     - use -connect instead\n");
- 	BIO_printf(bio_err," -port port     - use -connect instead\n");
- 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -595,6 +599,7 @@
- 	int sbuf_len,sbuf_off;
- 	fd_set readfds,writefds;
- 	short port=PORT;
-+	int use_ipv4, use_ipv6;
- 	int full_log=1;
- 	char *host=SSL_HOST_NAME;
- 	char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
-@@ -647,7 +652,11 @@
- #endif
- 	char *sess_in = NULL;
- 	char *sess_out = NULL;
--	struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage peer;
-+#else
-+	struct sockaddr_in peer;
-+#endif
- 	int peerlen = sizeof(peer);
- 	int enable_timeouts = 0 ;
- 	long socket_mtu = 0;
-@@ -674,6 +683,12 @@
- 
- 	meth=SSLv23_client_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	apps_startup();
- 	c_Pause=0;
- 	c_quiet=0;
-@@ -1079,6 +1094,18 @@
- 			jpake_secret = *++argv;
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -1445,7 +1472,7 @@
- 
- re_start:
- 
--	if (init_client(&s,host,port,socket_type) == 0)
-+	if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- 		{
- 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- 		SHUTDOWN(s);
-@@ -1471,7 +1498,7 @@
- 		{
- 
- 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+		if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- 			{
- 			BIO_printf(bio_err, "getsockname:errno=%d\n",
- 				get_last_socket_error());
---- openssl-1.0.2-beta2/apps/s_server.c
-+++ openssl-1.0.2-beta2/apps/s_server.c
-@@ -584,6 +584,10 @@
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
- 	BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
- #endif
-+	BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
- 	BIO_printf(bio_err," -status           - respond to certificate status requests\n");
-@@ -1014,6 +1018,7 @@
- 	int state=0;
- 	const SSL_METHOD *meth=NULL;
- 	int socket_type=SOCK_STREAM;
-+	int use_ipv4, use_ipv6;
- 	ENGINE *e=NULL;
- 	char *inrand=NULL;
- 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -1055,6 +1060,12 @@
- 
- 	meth=SSLv23_server_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	local_argc=argc;
- 	local_argv=argv;
- 
-@@ -1493,6 +1504,18 @@
- 			jpake_secret = *(++argv);
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -2063,11 +2086,11 @@
- 	BIO_printf(bio_s_out,"ACCEPT\n");
- 	(void)BIO_flush(bio_s_out);
- 	if (rev)
--		do_server(port,socket_type,&accept_socket,rev_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,rev_body, context, naccept, use_ipv4, use_ipv6);
- 	else if (www)
--		do_server(port,socket_type,&accept_socket,www_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,www_body, context, naccept, use_ipv4, use_ipv6);
- 	else
--		do_server(port,socket_type,&accept_socket,sv_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,sv_body, context, naccept, use_ipv4, use_ipv6);
- 	print_stats(bio_s_out,ctx);
- 	ret=0;
- end:
---- openssl-1.0.2-beta2/apps/s_socket.c
-+++ openssl-1.0.2-beta2/apps/s_socket.c
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-@@ -234,38 +234,68 @@
- 	return(1);
- 	}
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- 	{
-+#if OPENSSL_USE_IPV6
-+	unsigned char ip[16];
-+#else
- 	unsigned char ip[4];
-+#endif
- 
--	memset(ip, '\0', sizeof ip);
--	if (!host_ip(host,&(ip[0])))
--		return 0;
--	return init_client_ip(sock,ip,port,type);
--	}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--	{
--	unsigned long addr;
-+	if (use_ipv4)
-+		if (host_ip(host,ip,AF_INET))
-+			return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+	if (use_ipv6)
-+		if (host_ip(host,ip,AF_INET6))
-+			return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+	return 0;
-+	}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+	{
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage them;
-+	struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+	struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- 	struct sockaddr_in them;
-+	struct sockaddr_in *them_in = &them;
-+#endif
-+	socklen_t addr_len;
- 	int s,i;
- 
- 	if (!ssl_sock_init()) return(0);
- 
- 	memset((char *)&them,0,sizeof(them));
--	them.sin_family=AF_INET;
--	them.sin_port=htons((unsigned short)port);
--	addr=(unsigned long)
--		((unsigned long)ip[0]<<24L)|
--		((unsigned long)ip[1]<<16L)|
--		((unsigned long)ip[2]<< 8L)|
--		((unsigned long)ip[3]);
--	them.sin_addr.s_addr=htonl(addr);
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		them_in->sin_family=AF_INET;
-+		them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+		memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+		memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+		}
-+	else
-+#if OPENSSL_USE_IPV6
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		them_in6->sin6_family=AF_INET6;
-+		them_in6->sin6_port=htons((unsigned short)port);
-+		memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+		}
-+#else
-+		return(0);
-+#endif
- 
- 	if (type == SOCK_STREAM)
--		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- 	else /* ( type == SOCK_DGRAM) */
--		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+		s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
- 			
- 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
- 
-@@ -277,29 +307,27 @@
- 		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
- 		}
- #endif
--
--	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+	if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- 		{ closesocket(s); perror("connect"); return(0); }
- 	*sock=s;
- 	return(1);
- 	}
- 
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6)
- 	{
- 	int sock;
- 	char *name = NULL;
- 	int accept_socket = 0;
- 	int i;
- 
--	if (!init_server(&accept_socket,port,type)) return(0);
--
-+	if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- 	if (ret != NULL)
- 		{
- 		*ret=accept_socket;
- 		/* return(1);*/
- 		}
--  	for (;;)
--  		{
-+	for (;;)
-+		{
- 		if (type==SOCK_STREAM)
- 			{
- 			if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -324,41 +352,88 @@
- 		}
- 	}
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- 	{
- 	int ret=0;
-+	int domain;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage server;
-+	struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+	struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- 	struct sockaddr_in server;
-+	struct sockaddr_in *server_in = &server;
-+#endif
-+	socklen_t addr_len;
- 	int s= -1;
- 
-+	if (!use_ipv4 && !use_ipv6)
-+		goto err;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		goto err;
-+#endif
- 	if (!ssl_sock_init()) return(0);
- 
--	memset((char *)&server,0,sizeof(server));
--	server.sin_family=AF_INET;
--	server.sin_port=htons((unsigned short)port);
--	if (ip == NULL)
--		server.sin_addr.s_addr=INADDR_ANY;
--	else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--		memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+	domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--		memcpy(&server.sin_addr,ip,4);
-+	domain = AF_INET;
- #endif
--	
--		if (type == SOCK_STREAM)
--			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--		else /* type == SOCK_DGRAM */
--			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+	if (type == SOCK_STREAM)
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+	else /* type == SOCK_DGRAM */
-+		s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
- 
- 	if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+	{
-+	int j = 1;
-+	setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+		   (void *) &j, sizeof j);
-+	}
-+#endif
-+#if OPENSSL_USE_IPV6
-+	if ((use_ipv4 == 0) && (use_ipv6 == 1))
-+		{
-+		const int on = 1;
-+
-+		setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		           (const void *) &on, sizeof(int));
-+		}
-+#endif
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		memset(server_in, 0, sizeof(struct sockaddr_in));
-+		server_in->sin_family=AF_INET;
-+		server_in->sin_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+		else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+			memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+			memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+		}
-+#if OPENSSL_USE_IPV6
-+	else
- 		{
--		int j = 1;
--		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--			   (void *) &j, sizeof j);
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+		server_in6->sin6_family = AF_INET6;
-+		server_in6->sin6_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in6->sin6_addr = in6addr_any;
-+		else
-+			memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
- 		}
- #endif
--	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+	if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- 		{
- #ifndef OPENSSL_SYS_WINDOWS
- 		perror("bind");
-@@ -377,16 +452,23 @@
- 	return(ret);
- 	}
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- 	{
--	return(init_server_long(sock, port, NULL, type));
-+	return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- 	}
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- 	{
- 	int ret;
- 	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage from;
-+	struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+	struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+	struct sockaddr_in from;
-+	struct sockaddr_in *from_in = &from;
-+#endif
- 	int len;
- /*	struct linger ling; */
- 
-@@ -433,13 +515,23 @@
- */
- 
- 	if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+	if (from.ss_family == AF_INET)
-+#else
-+	if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--	/* I should use WSAAsyncGetHostByName() under windows */
--	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--		sizeof(from.sin_addr.s_addr),AF_INET);
-+		/* I should use WSAAsyncGetHostByName() under windows */
-+		h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+		                 sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--	h1=gethostbyaddr((char *)&from.sin_addr,
--		sizeof(struct in_addr),AF_INET);
-+		h1=gethostbyaddr((char *)&from_in->sin_addr,
-+		                 sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+	else
-+		h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+		                 sizeof(struct in6_addr), AF_INET6);
- #endif
- 	if (h1 == NULL)
- 		{
-@@ -457,16 +549,24 @@
- 			}
- 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6
-+		h2=GetHostByName(*host, from.ss_family);
-+#else
-+		h2=GetHostByName(*host, from.sin_family);
-+#endif
- 		if (h2 == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			closesocket(ret);
- 			return(0);
- 			}
--		if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+		if (h2->h_addrtype != from.ss_family)
-+#else
-+		if (h2->h_addrtype != from.sin_family)
-+#endif
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr is not correct\n");
- 			closesocket(ret);
- 			return(0);
- 			}
-@@ -482,7 +582,7 @@
- 	char *h,*p;
- 
- 	h=str;
--	p=strchr(str,':');
-+	p=strrchr(str,':');
- 	if (p == NULL)
- 		{
- 		BIO_printf(bio_err,"no port defined\n");
-@@ -490,7 +590,7 @@
- 		}
- 	*(p++)='\0';
- 
--	if ((ip != NULL) && !host_ip(str,ip))
-+	if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- 		goto err;
- 	if (host_ptr != NULL) *host_ptr=h;
- 
-@@ -501,48 +601,58 @@
- 	return(0);
- 	}
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- 	{
--	unsigned int in[4]; 
-+	unsigned int in[4];
-+	unsigned long l;
- 	int i;
- 
--	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+	if ((domain == AF_INET) &&
-+	    (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- 		{
-+		
- 		for (i=0; i<4; i++)
- 			if (in[i] > 255)
- 				{
- 				BIO_printf(bio_err,"invalid IP address\n");
- 				goto err;
- 				}
--		ip[0]=in[0];
--		ip[1]=in[1];
--		ip[2]=in[2];
--		ip[3]=in[3];
--		}
-+		l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+		memcpy(ip, &l, 4);
-+		return 1;
-+		}
-+#if OPENSSL_USE_IPV6
-+	else if ((domain == AF_INET6) &&
-+	         (inet_pton(AF_INET6, str, ip) == 1))
-+	         return 1;
-+#endif
- 	else
- 		{ /* do a gethostbyname */
- 		struct hostent *he;
- 
- 		if (!ssl_sock_init()) return(0);
- 
--		he=GetHostByName(str);
-+		he=GetHostByName(str,domain);
- 		if (he == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			goto err;
- 			}
- 		/* cast to short because of win16 winsock definition */
--		if ((short)he->h_addrtype != AF_INET)
-+		if ((short)he->h_addrtype != domain)
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- 			return(0);
- 			}
--		ip[0]=he->h_addr_list[0][0];
--		ip[1]=he->h_addr_list[0][1];
--		ip[2]=he->h_addr_list[0][2];
--		ip[3]=he->h_addr_list[0][3];
-+		if (domain == AF_INET)
-+			memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+		else
-+			memset(ip, 0, 16);
-+#endif
-+		memcpy(ip, he->h_addr_list[0], he->h_length);
-+		return 1;
- 		}
--	return(1);
- err:
- 	return(0);
- 	}
-@@ -579,7 +689,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- 	{
- 	struct hostent *ret;
- 	int i,lowi=0;
-@@ -594,14 +704,20 @@
- 			}
- 		if (ghbn_cache[i].order > 0)
- 			{
--			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+			if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+			    (ghbn_cache[i].ent.h_addrtype == domain))
- 				break;
- 			}
- 		}
- 	if (i == GHBN_NUM) /* no hit*/
- 		{
- 		ghbn_miss++;
--		ret=gethostbyname(name);
-+		if (domain == AF_INET)
-+			ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+		else
-+			ret=gethostbyname2(name, AF_INET6);
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)

diff --git a/dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch b/dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch
deleted file mode 100644
index 831e5759a2..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3758
-
-From 7b4152089fe39c3495508076ab81ed4aca3d65ba Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sat, 21 Mar 2015 05:08:41 -0400
-Subject: [PATCH] fix malloc define typo
-
-Reported-by: Conrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de>
-URL: https://bugs.gentoo.org/543828
----
- crypto/bio/bss_dgram.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
-index aef8149..ed275d1 100644
---- a/crypto/bio/bss_dgram.c
-+++ b/crypto/bio/bss_dgram.c
-@@ -1338,7 +1338,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
-                 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
-             authchunks = OPENSSL_malloc(optlen);
-             if (!authchunks) {
--                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
-+                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
-                 return -1;
-             }
-             memset(authchunks, 0, optlen);
-@@ -1410,7 +1410,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
-         char *tmp;
-         data->saved_message.bio = b;
-         if(!(tmp = OPENSSL_malloc(inl))) {
--            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
-+            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
-             return -1;
-         }
-         if (data->saved_message.data)
--- 
-2.3.3
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch
deleted file mode 100644
index f4226c3b6d..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch
+++ /dev/null
@@ -1,314 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
-https://rt.openssl.org/Ticket/Display.html?id=3738&user=guest&pass=guest
-
---- openssl-1.0.2a/crypto/Makefile
-+++ openssl-1.0.2a/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2a/engines/Makefile
-+++ openssl-1.0.2a/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- openssl-1.0.2a/Makefile.org
-+++ openssl-1.0.2a/Makefile.org
-@@ -274,17 +274,17 @@
- build_libs: build_crypto build_ssl build_engines
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
--build_ssl:
-+build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
--build_engines:
-+build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
--build_apps:
-+build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
--build_tests:
-+build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
--build_tools:
-+build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -555,7 +555,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2a/Makefile.shared
-+++ openssl-1.0.2a/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2a/test/Makefile
-+++ openssl-1.0.2a/test/Makefile
-@@ -133,7 +133,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -402,121 +402,121 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -529,7 +529,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 

diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch
deleted file mode 100644
index 0198818c5f..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest
-
-From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 8 Mar 2015 01:32:01 -0500
-Subject: [PATCH] fix parallel install with dir creation
-
-The mkdir-p.pl does not handle parallel creation of directories.
-This comes up when the install_sw and install_docs rules run and
-both call mkdir-p.pl on sibling directory trees.
-
-Instead, lets create a single install_dirs rule that makes all of
-the dirs we need, and have these two install steps depend on that.
----
- Makefile.org | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index a6d9471..78e6143 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -536,9 +536,9 @@
- dist_pem_h:
- 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
- 
--install: all install_docs install_sw
-+install: install_docs install_sw
- 
--install_sw:
-+install_dirs:
- 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
- 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
-@@ -547,6 +547,13 @@
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
- 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
-+	@$(PERL) $(TOP)/util/mkdir-p.pl \
-+		$(INSTALL_PREFIX)$(MANDIR)/man1 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man3 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man5 \
-+		$(INSTALL_PREFIX)$(MANDIR)/man7
-+
-+install_sw: install_dirs
- 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
- 	do \
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
-@@ -636,12 +643,7 @@
- 		done; \
- 	done
- 
--install_docs:
--	@$(PERL) $(TOP)/util/mkdir-p.pl \
--		$(INSTALL_PREFIX)$(MANDIR)/man1 \
--		$(INSTALL_PREFIX)$(MANDIR)/man3 \
--		$(INSTALL_PREFIX)$(MANDIR)/man5 \
--		$(INSTALL_PREFIX)$(MANDIR)/man7
-+install_docs: install_dirs
- 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
- 	here="`pwd`"; \
- 	filecase=; \
--- 
-2.3.4
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch
deleted file mode 100644
index a7d6f4effe..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest
-
-From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 8 Mar 2015 01:34:48 -0500
-Subject: [PATCH] fix parallel generation of obj headers
-
-The current code has dummy sleep/touch commands to try and work
-around the parallel issue, but that is obviously racy.  Instead
-lets force one of the files to depend on the other so we know
-they'll never run in parallel.
----
- crypto/objects/Makefile | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile
-index ad2db1e..7d32504 100644
---- a/crypto/objects/Makefile
-+++ b/crypto/objects/Makefile
-@@ -44,11 +44,11 @@
- # objects.pl both reads and writes obj_mac.num
- obj_mac.h: objects.pl objects.txt obj_mac.num
- 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
--	@sleep 1; touch obj_mac.h; sleep 1
- 
--obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
-+# This doesn't really need obj_mac.h, but since that rule reads & writes
-+# obj_mac.num, we can't run in parallel with it.
-+obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
- 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
--	@sleep 1; touch obj_xref.h; sleep 1
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
--- 
-2.3.4
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch
deleted file mode 100644
index f2be696b10..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
-
-From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Fri, 3 Apr 2015 01:16:23 -0400
-Subject: [PATCH] fix race when symlink shareds libs
-
-When the crypto/ssl targets attempt to build their shared libs, they run:
-	cd ..; make libcrypto.so.1.0.0
-The top level Makefile in turn runs the build-shared target for that lib.
-
-The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared.
-When building in parallel, make is allowed to run both of these.  They
-both run Makefile.shared for their respective targets:
-do_$(SHLIB_TARGET) ->
-	link_a.linux-shared ->
-	link_a.gnu ->
-	...; $(LINK_SO_A) ->
-	$(LINK_SO) ->
-	$(SYMLINK_SO)
-link-shared ->
-	symlink.linux-shared ->
-	symlink.gnu ->
-	...; $(SYMLINK_SO)
-
-The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails
-basic TOCTOU semantics.  Depending on the load, that means two processes
-will run the sequence:
-	rm -f libcrypto.so
-	ln -s libcrypto.so.1.0.0 libcrypto.so
-
-Which obviously fails:
-	ln: failed to create symbolic link 'libcrypto.so': File exists
-
-Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't
-bother depending on link-shared at all in the top level Makefile when
-building things.
-
-Reported-by: Martin von Gagern <Martin.vGagern@gmx.net>
-URL: https://bugs.gentoo.org/545028
----
- Makefile.org | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/Makefile.org b/Makefile.org
-index 890bfe4..576c60e 100644
---- a/Makefile.org
-+++ b/Makefile.org
-@@ -350,7 +350,10 @@ link-shared:
- 		libs="$$libs -l$$i"; \
- 	done
- 
--build-shared: do_$(SHLIB_TARGET) link-shared
-+# The link target in Makefile.shared will create the symlink for us, so no need
-+# to call link-shared directly.  Doing so will cause races with two processes
-+# trying to symlink the lib.
-+build-shared: do_$(SHLIB_TARGET)
- 
- do_$(SHLIB_TARGET):
- 	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
--- 
-2.3.4
-

diff --git a/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch
deleted file mode 100644
index b7aa0ea809..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch
+++ /dev/null
@@ -1,309 +0,0 @@
-https://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
-https://rt.openssl.org/Ticket/Display.html?id=3738&user=guest&pass=guest
-
---- openssl-1.0.2d/crypto/Makefile
-+++ openssl-1.0.2d/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2d/engines/Makefile
-+++ openssl-1.0.2d/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- openssl-1.0.2d/Makefile.org
-+++ openssl-1.0.2d/Makefile.org
-@@ -274,17 +274,17 @@
- build_libs: build_crypto build_ssl build_engines
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -555,7 +555,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2d/Makefile.shared
-+++ openssl-1.0.2d/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2d/test/Makefile
-+++ openssl-1.0.2d/test/Makefile
-@@ -133,7 +133,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -402,121 +402,121 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -529,7 +529,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 

diff --git a/dev-libs/openssl/files/openssl-1.0.2e-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2e-parallel-build.patch
deleted file mode 100644
index 53d4baa764..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2e-parallel-build.patch
+++ /dev/null
@@ -1,314 +0,0 @@
---- openssl-1.0.2e/crypto/Makefile
-+++ openssl-1.0.2e/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2e/engines/Makefile
-+++ openssl-1.0.2e/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- openssl-1.0.2e/Makefile.org
-+++ openssl-1.0.2e/Makefile.org
-@@ -280,17 +280,17 @@
- build_libssl: build_ssl libssl.pc
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -548,7 +548,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2e/Makefile.shared
-+++ openssl-1.0.2e/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2e/test/Makefile
-+++ openssl-1.0.2e/test/Makefile
-@@ -138,7 +138,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -416,127 +416,127 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
--	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
- 
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
--	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -549,7 +549,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 

diff --git a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
deleted file mode 100644
index 3582810da2..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch
+++ /dev/null
@@ -1,318 +0,0 @@
---- openssl-1.0.2g/crypto/Makefile
-+++ openssl-1.0.2g/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2g/engines/Makefile
-+++ openssl-1.0.2g/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- openssl-1.0.2g/Makefile.org
-+++ openssl-1.0.2g/Makefile.org
-@@ -279,17 +279,17 @@
- build_libssl: build_ssl libssl.pc
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -544,7 +544,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2g/Makefile.shared
-+++ openssl-1.0.2g/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2g/test/Makefile
-+++ openssl-1.0.2g/test/Makefile
-@@ -139,7 +139,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -421,130 +421,130 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
--	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
- 
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
--	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
- 
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
--	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
-+	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -557,7 +557,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 

diff --git a/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch
deleted file mode 100644
index 387a077da2..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch
+++ /dev/null
@@ -1,326 +0,0 @@
---- openssl-1.0.2i/crypto/Makefile
-+++ openssl-1.0.2i/crypto/Makefile
-@@ -85,11 +85,11 @@
- 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
- 
- subdirs:
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
--	@target=files; $(RECURSIVE_MAKE)
-+	+@target=files; $(RECURSIVE_MAKE)
- 
- links:
- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
-@@ -100,7 +100,7 @@
- # lib: $(LIB): are splitted to avoid end-less loop
- lib:	$(LIB)
- 	@touch lib
--$(LIB):	$(LIBOBJ)
-+$(LIB):	$(LIBOBJ) | subdirs
- 	$(AR) $(LIB) $(LIBOBJ)
- 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
- 	$(RANLIB) $(LIB) || echo Never mind.
-@@ -111,7 +111,7 @@
- 	fi
- 
- libs:
--	@target=lib; $(RECURSIVE_MAKE)
-+	+@target=lib; $(RECURSIVE_MAKE)
- 
- install:
- 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
-@@ -120,7 +120,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- lint:
- 	@target=lint; $(RECURSIVE_MAKE)
---- openssl-1.0.2i/engines/Makefile
-+++ openssl-1.0.2i/engines/Makefile
-@@ -72,7 +72,7 @@
- 
- all:	lib subdirs
- 
--lib:	$(LIBOBJ)
-+lib:	$(LIBOBJ) | subdirs
- 	@if [ -n "$(SHARED_LIBS)" ]; then \
- 		set -e; \
- 		for l in $(LIBNAMES); do \
-@@ -89,7 +89,7 @@
- 
- subdirs:
- 	echo $(EDIRS)
--	@target=all; $(RECURSIVE_MAKE)
-+	+@target=all; $(RECURSIVE_MAKE)
- 
- files:
- 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
-@@ -128,7 +128,7 @@
- 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
- 		done; \
- 	fi
--	@target=install; $(RECURSIVE_MAKE)
-+	+@target=install; $(RECURSIVE_MAKE)
- 
- tags:
- 	ctags $(SRC)
---- openssl-1.0.2i/Makefile.org
-+++ openssl-1.0.2i/Makefile.org
-@@ -281,17 +281,17 @@
- build_libssl: build_ssl libssl.pc
- 
- build_crypto:
--	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-+	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
- build_ssl: build_crypto
--	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-+	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
- build_engines: build_crypto
--	@dir=engines; target=all; $(BUILD_ONE_CMD)
-+	+@dir=engines; target=all; $(BUILD_ONE_CMD)
- build_apps: build_libs
--	@dir=apps; target=all; $(BUILD_ONE_CMD)
-+	+@dir=apps; target=all; $(BUILD_ONE_CMD)
- build_tests: build_libs
--	@dir=test; target=all; $(BUILD_ONE_CMD)
-+	+@dir=test; target=all; $(BUILD_ONE_CMD)
- build_tools: build_libs
--	@dir=tools; target=all; $(BUILD_ONE_CMD)
-+	+@dir=tools; target=all; $(BUILD_ONE_CMD)
- 
- all_testapps: build_libs build_testapps
- build_testapps:
-@@ -547,7 +547,7 @@
- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
- 	done;
--	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
-+	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
- 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
- 	do \
- 		if [ -f "$$i" ]; then \
---- openssl-1.0.2i/Makefile.shared
-+++ openssl-1.0.2i/Makefile.shared
-@@ -105,6 +105,7 @@
-     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
-     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
-     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
-+    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
-     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
-     $${SHAREDCMD} $${SHAREDFLAGS} \
- 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
-@@ -122,6 +123,7 @@
- 			done; \
- 		fi; \
- 		if [ -n "$$SHLIB_SOVER" ]; then \
-+			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
- 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
- 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
- 		fi; \
---- openssl-1.0.2i/test/Makefile
-+++ openssl-1.0.2i/test/Makefile
-@@ -144,7 +144,7 @@
- tags:
- 	ctags $(SRC)
- 
--tests:	exe apps $(TESTS)
-+tests:	exe $(TESTS)
- 
- apps:
- 	@(cd ..; $(MAKE) DIRS=apps all)
-@@ -435,136 +435,136 @@
- 		link_app.$${shlib_target}
- 
- $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
--	@target=$(RSATEST); $(BUILD_CMD)
-+	+@target=$(RSATEST); $(BUILD_CMD)
- 
- $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
--	@target=$(BNTEST); $(BUILD_CMD)
-+	+@target=$(BNTEST); $(BUILD_CMD)
- 
- $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
--	@target=$(ECTEST); $(BUILD_CMD)
-+	+@target=$(ECTEST); $(BUILD_CMD)
- 
- $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
--	@target=$(EXPTEST); $(BUILD_CMD)
-+	+@target=$(EXPTEST); $(BUILD_CMD)
- 
- $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
--	@target=$(IDEATEST); $(BUILD_CMD)
-+	+@target=$(IDEATEST); $(BUILD_CMD)
- 
- $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
--	@target=$(MD2TEST); $(BUILD_CMD)
-+	+@target=$(MD2TEST); $(BUILD_CMD)
- 
- $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
--	@target=$(SHATEST); $(BUILD_CMD)
-+	+@target=$(SHATEST); $(BUILD_CMD)
- 
- $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
--	@target=$(SHA1TEST); $(BUILD_CMD)
-+	+@target=$(SHA1TEST); $(BUILD_CMD)
- 
- $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
--	@target=$(SHA256TEST); $(BUILD_CMD)
-+	+@target=$(SHA256TEST); $(BUILD_CMD)
- 
- $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
--	@target=$(SHA512TEST); $(BUILD_CMD)
-+	+@target=$(SHA512TEST); $(BUILD_CMD)
- 
- $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
--	@target=$(RMDTEST); $(BUILD_CMD)
-+	+@target=$(RMDTEST); $(BUILD_CMD)
- 
- $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
--	@target=$(MDC2TEST); $(BUILD_CMD)
-+	+@target=$(MDC2TEST); $(BUILD_CMD)
- 
- $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
--	@target=$(MD4TEST); $(BUILD_CMD)
-+	+@target=$(MD4TEST); $(BUILD_CMD)
- 
- $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
--	@target=$(MD5TEST); $(BUILD_CMD)
-+	+@target=$(MD5TEST); $(BUILD_CMD)
- 
- $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
--	@target=$(HMACTEST); $(BUILD_CMD)
-+	+@target=$(HMACTEST); $(BUILD_CMD)
- 
- $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
--	@target=$(WPTEST); $(BUILD_CMD)
-+	+@target=$(WPTEST); $(BUILD_CMD)
- 
- $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
--	@target=$(RC2TEST); $(BUILD_CMD)
-+	+@target=$(RC2TEST); $(BUILD_CMD)
- 
- $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
--	@target=$(BFTEST); $(BUILD_CMD)
-+	+@target=$(BFTEST); $(BUILD_CMD)
- 
- $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
--	@target=$(CASTTEST); $(BUILD_CMD)
-+	+@target=$(CASTTEST); $(BUILD_CMD)
- 
- $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
--	@target=$(RC4TEST); $(BUILD_CMD)
-+	+@target=$(RC4TEST); $(BUILD_CMD)
- 
- $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
--	@target=$(RC5TEST); $(BUILD_CMD)
-+	+@target=$(RC5TEST); $(BUILD_CMD)
- 
- $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
--	@target=$(DESTEST); $(BUILD_CMD)
-+	+@target=$(DESTEST); $(BUILD_CMD)
- 
- $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
--	@target=$(RANDTEST); $(BUILD_CMD)
-+	+@target=$(RANDTEST); $(BUILD_CMD)
- 
- $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
--	@target=$(DHTEST); $(BUILD_CMD)
-+	+@target=$(DHTEST); $(BUILD_CMD)
- 
- $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
--	@target=$(DSATEST); $(BUILD_CMD)
-+	+@target=$(DSATEST); $(BUILD_CMD)
- 
- $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
--	@target=$(METHTEST); $(BUILD_CMD)
-+	+@target=$(METHTEST); $(BUILD_CMD)
- 
- $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
-+	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
- 
- $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
--	@target=$(ENGINETEST); $(BUILD_CMD)
-+	+@target=$(ENGINETEST); $(BUILD_CMD)
- 
- $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
--	@target=$(EVPTEST); $(BUILD_CMD)
-+	+@target=$(EVPTEST); $(BUILD_CMD)
- 
- $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
--	@target=$(EVPEXTRATEST); $(BUILD_CMD)
-+	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
- 
- $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
--	@target=$(ECDSATEST); $(BUILD_CMD)
-+	+@target=$(ECDSATEST); $(BUILD_CMD)
- 
- $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
--	@target=$(ECDHTEST); $(BUILD_CMD)
-+	+@target=$(ECDHTEST); $(BUILD_CMD)
- 
- $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
--	@target=$(IGETEST); $(BUILD_CMD)
-+	+@target=$(IGETEST); $(BUILD_CMD)
- 
- $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
--	@target=$(JPAKETEST); $(BUILD_CMD)
-+	+@target=$(JPAKETEST); $(BUILD_CMD)
- 
- $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
--	@target=$(ASN1TEST); $(BUILD_CMD)
-+	+@target=$(ASN1TEST); $(BUILD_CMD)
- 
- $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
--	@target=$(SRPTEST); $(BUILD_CMD)
-+	+@target=$(SRPTEST); $(BUILD_CMD)
- 
- $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
--	@target=$(V3NAMETEST); $(BUILD_CMD)
-+	+@target=$(V3NAMETEST); $(BUILD_CMD)
- 
- $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
--	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
-+	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
- 
- $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
--	@target=$(CONSTTIMETEST) $(BUILD_CMD)
-+	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
- 
- $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
--	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
-+	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
- 
- $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
--	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
-+	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
- 
- $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
--	@target=$(BADDTLSTEST) $(BUILD_CMD)
-+	+@target=$(BADDTLSTEST) $(BUILD_CMD)
- 
- $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
--	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
-+	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
- 
- $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
--	@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
-+	+@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
- 
- #$(AESTEST).o: $(AESTEST).c
- #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
-@@ -577,7 +577,7 @@
- #	fi
- 
- dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
--	@target=dummytest; $(BUILD_CMD)
-+	+@target=dummytest; $(BUILD_CMD)
- 
- # DO NOT DELETE THIS LINE -- make depend depends on it.
- 

diff --git a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch
deleted file mode 100644
index 148e7c3bc1..0000000000
--- a/dev-libs/openssl/files/openssl-1.0.2o-CVE-2018-0732.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken@gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 387558f1467..f235e0d682b 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
-     int ok = 0;
-     int generate_new_key = 0;
-     unsigned l;
--    BN_CTX *ctx;
-+    BN_CTX *ctx = NULL;
-     BN_MONT_CTX *mont = NULL;
-     BIGNUM *pub_key = NULL, *priv_key = NULL;
- 
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     ctx = BN_CTX_new();
-     if (ctx == NULL)
-         goto err;

diff --git a/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch b/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
new file mode 100644
index 0000000000..3a458a7836
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2p-hobble-ecc.patch
@@ -0,0 +1,283 @@
+Port of Fedora's Hobble-EC patches for OpenSSL 1.0 series.
+
+From https://src.fedoraproject.org/git/rpms/openssl.git
+
+Contains parts of the following patches, rediffed. The patches are on various
+different branches.
+f23 openssl-1.0.2c-ecc-suiteb.patch
+f23 openssl-1.0.2a-fips-ec.patch
+f28 openssl-1.1.0-ec-curves.patch
+
+Signed-off-By: Robin H. Johnson <robbat2@gentoo.org>
+
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -989,10 +989,7 @@ int MAIN(int argc, char **argv)
+         } else
+ # endif
+ # ifndef OPENSSL_NO_ECDSA
+-        if (strcmp(*argv, "ecdsap160") == 0)
+-            ecdsa_doit[R_EC_P160] = 2;
+-        else if (strcmp(*argv, "ecdsap192") == 0)
+-            ecdsa_doit[R_EC_P192] = 2;
++	if (0) {}
+         else if (strcmp(*argv, "ecdsap224") == 0)
+             ecdsa_doit[R_EC_P224] = 2;
+         else if (strcmp(*argv, "ecdsap256") == 0)
+@@ -1001,36 +998,13 @@ int MAIN(int argc, char **argv)
+             ecdsa_doit[R_EC_P384] = 2;
+         else if (strcmp(*argv, "ecdsap521") == 0)
+             ecdsa_doit[R_EC_P521] = 2;
+-        else if (strcmp(*argv, "ecdsak163") == 0)
+-            ecdsa_doit[R_EC_K163] = 2;
+-        else if (strcmp(*argv, "ecdsak233") == 0)
+-            ecdsa_doit[R_EC_K233] = 2;
+-        else if (strcmp(*argv, "ecdsak283") == 0)
+-            ecdsa_doit[R_EC_K283] = 2;
+-        else if (strcmp(*argv, "ecdsak409") == 0)
+-            ecdsa_doit[R_EC_K409] = 2;
+-        else if (strcmp(*argv, "ecdsak571") == 0)
+-            ecdsa_doit[R_EC_K571] = 2;
+-        else if (strcmp(*argv, "ecdsab163") == 0)
+-            ecdsa_doit[R_EC_B163] = 2;
+-        else if (strcmp(*argv, "ecdsab233") == 0)
+-            ecdsa_doit[R_EC_B233] = 2;
+-        else if (strcmp(*argv, "ecdsab283") == 0)
+-            ecdsa_doit[R_EC_B283] = 2;
+-        else if (strcmp(*argv, "ecdsab409") == 0)
+-            ecdsa_doit[R_EC_B409] = 2;
+-        else if (strcmp(*argv, "ecdsab571") == 0)
+-            ecdsa_doit[R_EC_B571] = 2;
+         else if (strcmp(*argv, "ecdsa") == 0) {
+-            for (i = 0; i < EC_NUM; i++)
++            for (i = R_EC_P224; i < R_EC_P521; i++)
+                 ecdsa_doit[i] = 1;
+         } else
+ # endif
+ # ifndef OPENSSL_NO_ECDH
+-        if (strcmp(*argv, "ecdhp160") == 0)
+-            ecdh_doit[R_EC_P160] = 2;
+-        else if (strcmp(*argv, "ecdhp192") == 0)
+-            ecdh_doit[R_EC_P192] = 2;
++	if (0) {}
+         else if (strcmp(*argv, "ecdhp224") == 0)
+             ecdh_doit[R_EC_P224] = 2;
+         else if (strcmp(*argv, "ecdhp256") == 0)
+@@ -1039,28 +1013,8 @@ int MAIN(int argc, char **argv)
+             ecdh_doit[R_EC_P384] = 2;
+         else if (strcmp(*argv, "ecdhp521") == 0)
+             ecdh_doit[R_EC_P521] = 2;
+-        else if (strcmp(*argv, "ecdhk163") == 0)
+-            ecdh_doit[R_EC_K163] = 2;
+-        else if (strcmp(*argv, "ecdhk233") == 0)
+-            ecdh_doit[R_EC_K233] = 2;
+-        else if (strcmp(*argv, "ecdhk283") == 0)
+-            ecdh_doit[R_EC_K283] = 2;
+-        else if (strcmp(*argv, "ecdhk409") == 0)
+-            ecdh_doit[R_EC_K409] = 2;
+-        else if (strcmp(*argv, "ecdhk571") == 0)
+-            ecdh_doit[R_EC_K571] = 2;
+-        else if (strcmp(*argv, "ecdhb163") == 0)
+-            ecdh_doit[R_EC_B163] = 2;
+-        else if (strcmp(*argv, "ecdhb233") == 0)
+-            ecdh_doit[R_EC_B233] = 2;
+-        else if (strcmp(*argv, "ecdhb283") == 0)
+-            ecdh_doit[R_EC_B283] = 2;
+-        else if (strcmp(*argv, "ecdhb409") == 0)
+-            ecdh_doit[R_EC_B409] = 2;
+-        else if (strcmp(*argv, "ecdhb571") == 0)
+-            ecdh_doit[R_EC_B571] = 2;
+         else if (strcmp(*argv, "ecdh") == 0) {
+-            for (i = 0; i < EC_NUM; i++)
++	    for (i = R_EC_P224; i <= R_EC_P521; i++)
+                 ecdh_doit[i] = 1;
+         } else
+ # endif
+@@ -1149,21 +1103,13 @@ int MAIN(int argc, char **argv)
+             BIO_printf(bio_err, "dsa512   dsa1024  dsa2048\n");
+ # endif
+ # ifndef OPENSSL_NO_ECDSA
+-            BIO_printf(bio_err, "ecdsap160 ecdsap192 ecdsap224 "
++            BIO_printf(bio_err, "ecdsap224 "
+                        "ecdsap256 ecdsap384 ecdsap521\n");
+-            BIO_printf(bio_err,
+-                       "ecdsak163 ecdsak233 ecdsak283 ecdsak409 ecdsak571\n");
+-            BIO_printf(bio_err,
+-                       "ecdsab163 ecdsab233 ecdsab283 ecdsab409 ecdsab571\n");
+             BIO_printf(bio_err, "ecdsa\n");
+ # endif
+ # ifndef OPENSSL_NO_ECDH
+-            BIO_printf(bio_err, "ecdhp160  ecdhp192  ecdhp224 "
++            BIO_printf(bio_err, "ecdhp224 "
+                        "ecdhp256  ecdhp384  ecdhp521\n");
+-            BIO_printf(bio_err,
+-                       "ecdhk163  ecdhk233  ecdhk283  ecdhk409  ecdhk571\n");
+-            BIO_printf(bio_err,
+-                       "ecdhb163  ecdhb233  ecdhb283  ecdhb409  ecdhb571\n");
+             BIO_printf(bio_err, "ecdh\n");
+ # endif
+ 
+@@ -1242,11 +1188,11 @@ int MAIN(int argc, char **argv)
+         for (i = 0; i < DSA_NUM; i++)
+             dsa_doit[i] = 1;
+ # ifndef OPENSSL_NO_ECDSA
+-        for (i = 0; i < EC_NUM; i++)
++        for (i = R_EC_P224; i <= R_EC_P521; i++)
+             ecdsa_doit[i] = 1;
+ # endif
+ # ifndef OPENSSL_NO_ECDH
+-        for (i = 0; i < EC_NUM; i++)
++        for (i = R_EC_P224; i <= R_EC_P521; i++)
+             ecdh_doit[i] = 1;
+ # endif
+     }
+--- a/crypto/ec/ecp_smpl.c
++++ b/crypto/ec/ecp_smpl.c
+@@ -187,6 +187,11 @@ int ec_GFp_simple_group_set_curve(EC_GROUP *group,
+         return 0;
+     }
+ 
++    if (BN_num_bits(p) < 224) {
++        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
++        return 0;
++    }
++
+     if (ctx == NULL) {
+         ctx = new_ctx = BN_CTX_new();
+         if (ctx == NULL)
+--- a/crypto/ecdh/ecdhtest.c
++++ b/crypto/ecdh/ecdhtest.c
+@@ -501,11 +501,13 @@ int main(int argc, char *argv[])
+         goto err;
+ 
+     /* NIST PRIME CURVES TESTS */
++# if 0
+     if (!test_ecdh_curve
+         (NID_X9_62_prime192v1, "NIST Prime-Curve P-192", ctx, out))
+         goto err;
+     if (!test_ecdh_curve(NID_secp224r1, "NIST Prime-Curve P-224", ctx, out))
+         goto err;
++# endif
+     if (!test_ecdh_curve
+         (NID_X9_62_prime256v1, "NIST Prime-Curve P-256", ctx, out))
+         goto err;
+@@ -536,13 +538,14 @@ int main(int argc, char *argv[])
+     if (!test_ecdh_curve(NID_sect571r1, "NIST Binary-Curve B-571", ctx, out))
+         goto err;
+ # endif
++# if 0
+     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP256r1", 256))
+         goto err;
+     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP384r1", 384))
+         goto err;
+     if (!test_ecdh_kat(out, "Brainpool Prime-Curve brainpoolP512r1", 512))
+         goto err;
+-
++# endif
+     ret = 0;
+ 
+  err:
+--- a/crypto/ecdsa/ecdsatest.c
++++ b/crypto/ecdsa/ecdsatest.c
+@@ -138,9 +138,12 @@ int restore_rand(void)
+ }
+ 
+ static int fbytes_counter = 0, use_fake = 0;
+-static const char *numbers[8] = {
++static const char *numbers[10] = {
++    "651056770906015076056810763456358567190100156695615665659",
+     "651056770906015076056810763456358567190100156695615665659",
+     "6140507067065001063065065565667405560006161556565665656654",
++    "8763001015071075675010661307616710783570106710677817767166"
++        "71676178726717",
+     "8763001015071075675010661307616710783570106710677817767166"
+         "71676178726717",
+     "7000000175690566466555057817571571075705015757757057795755"
+@@ -163,7 +166,7 @@ int fbytes(unsigned char *buf, int num)
+ 
+     use_fake = 0;
+ 
+-    if (fbytes_counter >= 8)
++    if (fbytes_counter >= 10)
+         return 0;
+     tmp = BN_new();
+     if (!tmp)
+@@ -539,8 +542,10 @@ int main(void)
+     RAND_seed(rnd_seed, sizeof(rnd_seed));
+ 
+     /* the tests */
++# if 0
+     if (!x9_62_tests(out))
+         goto err;
++# endif
+     if (!test_builtin(out))
+         goto err;
+ 
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -271,10 +271,7 @@ static const unsigned char eccurves_auto[] = {
+     0, 23,                      /* secp256r1 (23) */
+     /* Other >= 256-bit prime curves. */
+     0, 25,                      /* secp521r1 (25) */
+-    0, 28,                      /* brainpool512r1 (28) */
+-    0, 27,                      /* brainpoolP384r1 (27) */
+     0, 24,                      /* secp384r1 (24) */
+-    0, 26,                      /* brainpoolP256r1 (26) */
+     0, 22,                      /* secp256k1 (22) */
+ # ifndef OPENSSL_NO_EC2M
+     /* >= 256-bit binary curves. */
+@@ -292,10 +289,7 @@ static const unsigned char eccurves_all[] = {
+     0, 23,                      /* secp256r1 (23) */
+     /* Other >= 256-bit prime curves. */
+     0, 25,                      /* secp521r1 (25) */
+-    0, 28,                      /* brainpool512r1 (28) */
+-    0, 27,                      /* brainpoolP384r1 (27) */
+     0, 24,                      /* secp384r1 (24) */
+-    0, 26,                      /* brainpoolP256r1 (26) */
+     0, 22,                      /* secp256k1 (22) */
+ # ifndef OPENSSL_NO_EC2M
+     /* >= 256-bit binary curves. */
+@@ -310,13 +304,6 @@ static const unsigned char eccurves_all[] = {
+      * Remaining curves disabled by default but still permitted if set
+      * via an explicit callback or parameters.
+      */
+-    0, 20,                      /* secp224k1 (20) */
+-    0, 21,                      /* secp224r1 (21) */
+-    0, 18,                      /* secp192k1 (18) */
+-    0, 19,                      /* secp192r1 (19) */
+-    0, 15,                      /* secp160k1 (15) */
+-    0, 16,                      /* secp160r1 (16) */
+-    0, 17,                      /* secp160r2 (17) */
+ # ifndef OPENSSL_NO_EC2M
+     0, 8,                       /* sect239k1 (8) */
+     0, 6,                       /* sect233k1 (6) */
+@@ -351,29 +338,21 @@ static const unsigned char fips_curves_default[] = {
+     0, 9,                       /* sect283k1 (9) */
+     0, 10,                      /* sect283r1 (10) */
+ #  endif
+-    0, 22,                      /* secp256k1 (22) */
+     0, 23,                      /* secp256r1 (23) */
+ #  ifndef OPENSSL_NO_EC2M
+     0, 8,                       /* sect239k1 (8) */
+     0, 6,                       /* sect233k1 (6) */
+     0, 7,                       /* sect233r1 (7) */
+ #  endif
+-    0, 20,                      /* secp224k1 (20) */
+-    0, 21,                      /* secp224r1 (21) */
+ #  ifndef OPENSSL_NO_EC2M
+     0, 4,                       /* sect193r1 (4) */
+     0, 5,                       /* sect193r2 (5) */
+ #  endif
+-    0, 18,                      /* secp192k1 (18) */
+-    0, 19,                      /* secp192r1 (19) */
+ #  ifndef OPENSSL_NO_EC2M
+     0, 1,                       /* sect163k1 (1) */
+     0, 2,                       /* sect163r1 (2) */
+     0, 3,                       /* sect163r2 (3) */
+ #  endif
+-    0, 15,                      /* secp160k1 (15) */
+-    0, 16,                      /* secp160r1 (16) */
+-    0, 17,                      /* secp160r2 (17) */
+ };
+ # endif
+ 

diff --git a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch b/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
deleted file mode 100644
index 4b01feb8e8..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.0g-CVE-2017-3738.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-From e502cc86df9dafded1694fceb3228ee34d11c11a Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Fri, 24 Nov 2017 11:35:50 +0100
-Subject: [PATCH] bn/asm/rsaz-avx2.pl: fix digit correction bug in
- rsaz_1024_mul_avx2.
-
-Credit to OSS-Fuzz for finding this.
-
-CVE-2017-3738
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
----
- crypto/bn/asm/rsaz-avx2.pl | 15 +++++++--------
- 1 file changed, 7 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/bn/asm/rsaz-avx2.pl b/crypto/bn/asm/rsaz-avx2.pl
-index 0c1b236ef98..46d746b7d0e 100755
---- a/crypto/bn/asm/rsaz-avx2.pl
-+++ b/crypto/bn/asm/rsaz-avx2.pl
-@@ -246,7 +246,7 @@
- 	vmovdqu		32*8-128($ap), $ACC8
- 
- 	lea	192(%rsp), $tp0			# 64+128=192
--	vpbroadcastq	.Land_mask(%rip), $AND_MASK
-+	vmovdqu	.Land_mask(%rip), $AND_MASK
- 	jmp	.LOOP_GRANDE_SQR_1024
- 
- .align	32
-@@ -1077,10 +1077,10 @@
- 	vpmuludq	32*6-128($np),$Yi,$TEMP1
- 	vpaddq		$TEMP1,$ACC6,$ACC6
- 	vpmuludq	32*7-128($np),$Yi,$TEMP2
--	 vpblendd	\$3, $ZERO, $ACC9, $ACC9	# correct $ACC3
-+	 vpblendd	\$3, $ZERO, $ACC9, $TEMP1	# correct $ACC3
- 	vpaddq		$TEMP2,$ACC7,$ACC7
- 	vpmuludq	32*8-128($np),$Yi,$TEMP0
--	 vpaddq		$ACC9, $ACC3, $ACC3		# correct $ACC3
-+	 vpaddq		$TEMP1, $ACC3, $ACC3		# correct $ACC3
- 	vpaddq		$TEMP0,$ACC8,$ACC8
- 
- 	mov	%rbx, %rax
-@@ -1093,7 +1093,9 @@
- 	 vmovdqu	-8+32*2-128($ap),$TEMP2
- 
- 	mov	$r1, %rax
-+	 vpblendd	\$0xfc, $ZERO, $ACC9, $ACC9	# correct $ACC3
- 	imull	$n0, %eax
-+	 vpaddq		$ACC9,$ACC4,$ACC4		# correct $ACC3
- 	and	\$0x1fffffff, %eax
- 
- 	 imulq	16-128($ap),%rbx
-@@ -1329,15 +1331,12 @@
- #	But as we underutilize resources, it's possible to correct in
- #	each iteration with marginal performance loss. But then, as
- #	we do it in each iteration, we can correct less digits, and
--#	avoid performance penalties completely. Also note that we
--#	correct only three digits out of four. This works because
--#	most significant digit is subjected to less additions.
-+#	avoid performance penalties completely.
- 
- $TEMP0 = $ACC9;
- $TEMP3 = $Bi;
- $TEMP4 = $Yi;
- $code.=<<___;
--	vpermq		\$0, $AND_MASK, $AND_MASK
- 	vpaddq		(%rsp), $TEMP1, $ACC0
- 
- 	vpsrlq		\$29, $ACC0, $TEMP1
-@@ -1770,7 +1769,7 @@
- 
- .align	64
- .Land_mask:
--	.quad	0x1fffffff,0x1fffffff,0x1fffffff,-1
-+	.quad	0x1fffffff,0x1fffffff,0x1fffffff,0x1fffffff
- .Lscatter_permd:
- 	.long	0,2,4,6,7,7,7,7
- .Lgather_permd:

diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch
deleted file mode 100644
index e7dfba43f2..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0732.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From ea7abeeabf92b7aca160bdd0208636d4da69f4f4 Mon Sep 17 00:00:00 2001
-From: Guido Vranken <guidovranken@gmail.com>
-Date: Mon, 11 Jun 2018 19:38:54 +0200
-Subject: [PATCH] Reject excessively large primes in DH key generation.
-
-CVE-2018-0732
-
-Signed-off-by: Guido Vranken <guidovranken@gmail.com>
-
-(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
-
-Reviewed-by: Tim Hudson <tjh@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/6457)
----
- crypto/dh/dh_key.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index fce9ff47f36..58003d70878 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -78,10 +78,15 @@ static int generate_key(DH *dh)
-     int ok = 0;
-     int generate_new_key = 0;
-     unsigned l;
--    BN_CTX *ctx;
-+    BN_CTX *ctx = NULL;
-     BN_MONT_CTX *mont = NULL;
-     BIGNUM *pub_key = NULL, *priv_key = NULL;
- 
-+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
-+        DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
-+        return 0;
-+    }
-+
-     ctx = BN_CTX_new();
-     if (ctx == NULL)
-         goto err;

diff --git a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch b/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch
deleted file mode 100644
index 34c9cc02fa..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.0h-CVE-2018-0737.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
-From: Billy Brumley <bbrumley@gmail.com>
-Date: Wed, 11 Apr 2018 10:10:58 +0300
-Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
- both get called with BN_FLG_CONSTTIME flag set.
-
-CVE-2018-0737
-
-Reviewed-by: Rich Salz <rsalz@openssl.org>
-Reviewed-by: Matt Caswell <matt@openssl.org>
-(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
----
- crypto/rsa/rsa_gen.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index 9ca5dfe..42b89a8 100644
---- a/crypto/rsa/rsa_gen.c
-+++ b/crypto/rsa/rsa_gen.c
-@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
-     if (BN_copy(rsa->e, e_value) == NULL)
-         goto err;
- 
-+    BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
-+    BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
-     BN_set_flags(r2, BN_FLG_CONSTTIME);
-     /* generate p and q */
-     for (;;) {
--- 
-2.7.4
-

diff --git a/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch
deleted file mode 100644
index dbc379c80d..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0734.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-CVE-2018-0734
-https://github.com/openssl/openssl/commit/f1b12b8713a739f27d74e6911580b2e70aea2fa4
-https://github.com/openssl/openssl/commit/8abfe72e8c1de1b95f50aa0d9134803b4d00070f
-
---- a/crypto/dsa/dsa_ossl.c
-+++ b/crypto/dsa/dsa_ossl.c
-@@ -9,6 +9,7 @@
- 
- #include <stdio.h>
- #include "internal/cryptlib.h"
-+#include "internal/bn_int.h"
- #include <openssl/bn.h>
- #include <openssl/sha.h>
- #include "dsa_locl.h"
-@@ -23,6 +24,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
-                          DSA_SIG *sig, DSA *dsa);
- static int dsa_init(DSA *dsa);
- static int dsa_finish(DSA *dsa);
-+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
-+                                      BN_CTX *ctx);
- 
- static DSA_METHOD openssl_dsa_meth = {
-     "OpenSSL DSA method",
-@@ -178,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- {
-     BN_CTX *ctx = NULL;
-     BIGNUM *k, *kinv = NULL, *r = *rp;
--    BIGNUM *l, *m;
-+    BIGNUM *l;
-     int ret = 0;
--    int q_bits;
-+    int q_bits, q_words;
- 
-     if (!dsa->p || !dsa->q || !dsa->g) {
-         DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
-@@ -189,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- 
-     k = BN_new();
-     l = BN_new();
--    m = BN_new();
--    if (k == NULL || l == NULL || m == NULL)
-+    if (k == NULL || l == NULL)
-         goto err;
- 
-     if (ctx_in == NULL) {
-@@ -201,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
- 
-     /* Preallocate space */
-     q_bits = BN_num_bits(dsa->q);
--    if (!BN_set_bit(k, q_bits)
--        || !BN_set_bit(l, q_bits)
--        || !BN_set_bit(m, q_bits))
-+    q_words = bn_get_top(dsa->q);
-+    if (!bn_wexpand(k, q_words + 2)
-+        || !bn_wexpand(l, q_words + 2))
-         goto err;
- 
-     /* Get random k */
-@@ -238,14 +240,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-      * small timing information leakage.  We then choose the sum that is
-      * one bit longer than the modulus.
-      *
--     * TODO: revisit the BN_copy aiming for a memory access agnostic
--     * conditional copy.
-+     * There are some concerns about the efficacy of doing this.  More
-+     * specificly refer to the discussion starting with:
-+     *     https://github.com/openssl/openssl/pull/7486#discussion_r228323705
-+     * The fix is to rework BN so these gymnastics aren't required.
-      */
-     if (!BN_add(l, k, dsa->q)
--        || !BN_add(m, l, dsa->q)
--        || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
-+        || !BN_add(k, l, dsa->q))
-         goto err;
- 
-+    BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
-+
-     if ((dsa)->meth->bn_mod_exp != NULL) {
-             if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
-                                        dsa->method_mont_p))
-@@ -258,8 +263,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-     if (!BN_mod(r, r, dsa->q, ctx))
-         goto err;
- 
--    /* Compute  part of 's = inv(k) (m + xr) mod q' */
--    if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
-+    /* Compute part of 's = inv(k) (m + xr) mod q' */
-+    if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
-         goto err;
- 
-     BN_clear_free(*kinvp);
-@@ -273,7 +278,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
-         BN_CTX_free(ctx);
-     BN_clear_free(k);
-     BN_clear_free(l);
--    BN_clear_free(m);
-     return ret;
- }
- 
-@@ -393,3 +397,31 @@ static int dsa_finish(DSA *dsa)
-     BN_MONT_CTX_free(dsa->method_mont_p);
-     return 1;
- }
-+
-+/*
-+ * Compute the inverse of k modulo q.
-+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
-+ * mod-exp operation.  Both the exponent and modulus are public information
-+ * so a mod-exp that doesn't leak the base is sufficient.  A newly allocated
-+ * BIGNUM is returned which the caller must free.
-+ */
-+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
-+                                      BN_CTX *ctx)
-+{
-+    BIGNUM *res = NULL;
-+    BIGNUM *r, *e;
-+
-+    if ((r = BN_new()) == NULL)
-+        return NULL;
-+
-+    BN_CTX_start(ctx);
-+    if ((e = BN_CTX_get(ctx)) != NULL
-+            && BN_set_word(r, 2)
-+            && BN_sub(e, q, r)
-+            && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
-+        res = r;
-+    else
-+        BN_free(r);
-+    BN_CTX_end(ctx);
-+    return res;
-+}

diff --git a/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0735.patch b/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0735.patch
deleted file mode 100644
index 295f5dbe8d..0000000000
--- a/dev-libs/openssl/files/openssl-1.1.1-CVE-2018-0735.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 Mon Sep 17 00:00:00 2001
-From: Pauli <paul.dale@oracle.com>
-Date: Fri, 26 Oct 2018 10:54:58 +1000
-Subject: [PATCH] Timing vulnerability in ECDSA signature generation
- (CVE-2018-0735)
-
-Preallocate an extra limb for some of the big numbers to avoid a reallocation
-that can potentially provide a side channel.
-
-Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
-(Merged from https://github.com/openssl/openssl/pull/7486)
-
-(cherry picked from commit 99540ec79491f59ed8b46b4edf130e17dc907f52)
----
- crypto/ec/ec_mult.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/crypto/ec/ec_mult.c b/crypto/ec/ec_mult.c
-index 7e1b3650e7..0e0a5e1394 100644
---- a/crypto/ec/ec_mult.c
-+++ b/crypto/ec/ec_mult.c
-@@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
-      */
-     cardinality_bits = BN_num_bits(cardinality);
-     group_top = bn_get_top(cardinality);
--    if ((bn_wexpand(k, group_top + 1) == NULL)
--        || (bn_wexpand(lambda, group_top + 1) == NULL)) {
-+    if ((bn_wexpand(k, group_top + 2) == NULL)
-+        || (bn_wexpand(lambda, group_top + 2) == NULL)) {
-         ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
-         goto err;
-     }
-@@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
-      * k := scalar + 2*cardinality
-      */
-     kbit = BN_is_bit_set(lambda, cardinality_bits);
--    BN_consttime_swap(kbit, k, lambda, group_top + 1);
-+    BN_consttime_swap(kbit, k, lambda, group_top + 2);
- 
-     group_top = bn_get_top(group->field);
-     if ((bn_wexpand(s->X, group_top) == NULL)
--- 
-2.19.1
-

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch
new file mode 100644
index 0000000000..8014be130a
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-fix-a-minor-nit-in-hkdflabel-size.patch
@@ -0,0 +1,27 @@
+From 3be71a31a1dda204bb95462a92cf7f247e64b939 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sun, 16 Dec 2018 12:43:59 +0100
+Subject: [PATCH] Fix a minor nit in the hkdflabel size
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/7913)
+
+(cherry picked from commit 0b4233f5a4a181a6dcb7c511cd2663e500e659a4)
+---
+ ssl/tls13_enc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
+index c3021d18aa9..e36b7d3a066 100644
+--- a/ssl/tls13_enc.c
++++ b/ssl/tls13_enc.c
+@@ -41,7 +41,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+      * + bytes for the hash itself
+      */
+     unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+-                            + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
++                            + (sizeof(label_prefix) - 1) + TLS13_MAX_LABEL_LEN
+                             + 1 + EVP_MAX_MD_SIZE];
+     WPACKET pkt;
+ 

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-cert-with-rsa-instead-of-rsaEncryption.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-cert-with-rsa-instead-of-rsaEncryption.patch
new file mode 100644
index 0000000000..8f249e22a1
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-fix-cert-with-rsa-instead-of-rsaEncryption.patch
@@ -0,0 +1,97 @@
+From c25ae0fff78cb3cb784ef79167329d5cd55b62de Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Thu, 27 Dec 2018 22:18:21 +0100
+Subject: [PATCH] Fix cert with rsa instead of rsaEncryption as public key
+ algorithm
+
+Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
+(Merged from https://github.com/openssl/openssl/pull/7962)
+
+(cherry picked from commit 1f483a69bce11c940309edc437eee6e32294d5f2)
+---
+ crypto/rsa/rsa_ameth.c        |  9 ++++++---
+ test/certs/root-cert-rsa2.pem | 18 ++++++++++++++++++
+ test/recipes/25-test_verify.t |  4 +++-
+ 3 files changed, 27 insertions(+), 4 deletions(-)
+ create mode 100644 test/certs/root-cert-rsa2.pem
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index a6595aec054..75debb3e0a9 100644
+--- a/crypto/rsa/rsa_ameth.c
++++ b/crypto/rsa/rsa_ameth.c
+@@ -34,7 +34,7 @@ static int rsa_param_encode(const EVP_PKEY *pkey,
+ 
+     *pstr = NULL;
+     /* If RSA it's just NULL type */
+-    if (pkey->ameth->pkey_id == EVP_PKEY_RSA) {
++    if (pkey->ameth->pkey_id != EVP_PKEY_RSA_PSS) {
+         *pstrtype = V_ASN1_NULL;
+         return 1;
+     }
+@@ -58,7 +58,7 @@ static int rsa_param_decode(RSA *rsa, const X509_ALGOR *alg)
+     int algptype;
+ 
+     X509_ALGOR_get0(&algoid, &algptype, &algp, alg);
+-    if (OBJ_obj2nid(algoid) == EVP_PKEY_RSA)
++    if (OBJ_obj2nid(algoid) != EVP_PKEY_RSA_PSS)
+         return 1;
+     if (algptype == V_ASN1_UNDEF)
+         return 1;
+@@ -109,7 +109,10 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+         RSA_free(rsa);
+         return 0;
+     }
+-    EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa);
++    if (!EVP_PKEY_assign(pkey, pkey->ameth->pkey_id, rsa)) {
++        RSA_free(rsa);
++        return 0;
++    }
+     return 1;
+ }
+ 
+diff --git a/test/certs/root-cert-rsa2.pem b/test/certs/root-cert-rsa2.pem
+new file mode 100644
+index 00000000000..b817fdf3e5d
+--- /dev/null
++++ b/test/certs/root-cert-rsa2.pem
+@@ -0,0 +1,18 @@
++-----BEGIN CERTIFICATE-----
++MIIC7DCCAdSgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
++IENBMCAXDTE2MDExNTA4MTk0OVoYDzIxMTYwMTE2MDgxOTQ5WjASMRAwDgYDVQQD
++DAdSb290IENBMIIBHTAIBgRVCAEBBQADggEPADCCAQoCggEBAOHmAPUGvKBGOHkP
++Px5xGRNtAt8rm3Zr/KywIe3WkQhCO6VjNexSW6CiSsXWAJQDl1o9uWco0n3jIVyk
++7cY8jY6E0Z1Uwz3ZdKKWdmdx+cYaUHez/XjuW+DjjIkjwpoi7D7UN54HzcArVREX
++OjRCHGkNOhiw7RWUXsb9nofGHOeUGpLAXwXBc0PlA94JkckkztiOi34u4DFI0YYq
++alUmeugLNk6XseCkydpcaUsDgAhWg6Mfsiq4wUz+xbFN1MABqu2+ziW97mmt9gfN
++biuhiVT1aOuYCe3JYGbLM2JKA7Bo1g6rX8E1VX79Ru6669y2oqPthX9337VoIkN+
++ZiQjr8UCAwEAAaNQME4wHQYDVR0OBBYEFI71Ja8em2uEPXyAmslTnE1y96NSMB8G
++A1UdIwQYMBaAFI71Ja8em2uEPXyAmslTnE1y96NSMAwGA1UdEwQFMAMBAf8wDQYJ
++KoZIhvcNAQELBQADggEBAJ0OIdog3uQ1pmsjv1Qtf1w4If1geOn5uK0EOj2wYBHt
++NxlFn7l8d9+51QMZFO+RlQJ0s3Webyo1ReuaL2dMn2LGJhWMoSBAwrMALAENU3lv
++8jioRbfO2OamsdpJpKxQUyUJYudNe+BoKNX/ry3rxezmsFsRr9nDMiJZpmBCXiMm
++mFFJOJkG0CheexBbMkua4kyStIOwO4rb5bSHszVso/9ucdGHBSC7oRcJXoWSDjBx
++PdQPPBK5g4yqL8Lz26ehgsmhRKL9k32eVyjDKcIzgpmgcPTfTqNbd1KHQJKx4ssb
++7nEpGKHalSo5Oq5L9s9qYrUv37kwBY4OpJFtmGaodoI=
++-----END CERTIFICATE-----
+diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
+index 6c3deab7c67..b80a1cde3ed 100644
+--- a/test/recipes/25-test_verify.t
++++ b/test/recipes/25-test_verify.t
+@@ -27,7 +27,7 @@ sub verify {
+     run(app([@args]));
+ }
+ 
+-plan tests => 134;
++plan tests => 135;
+ 
+ # Canonical success
+ ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
+@@ -361,6 +361,8 @@ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"]
+     "Not too many names and constraints to check (2)");
+ ok(verify("some-names2", "sslserver", ["many-constraints"], ["many-constraints"], ),
+     "Not too many names and constraints to check (3)");
++ok(verify("root-cert-rsa2", "sslserver", ["root-cert-rsa2"], [], "-check_ss_sig"),
++    "Public Key Algorithm rsa instead of rsaEncryption");
+ 
+ SKIP: {
+     skip "Ed25519 is not supported by this OpenSSL build", 1

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-some-SSL_export_keying_material-issues.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-some-SSL_export_keying_material-issues.patch
new file mode 100644
index 0000000000..2db64d83e4
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-fix-some-SSL_export_keying_material-issues.patch
@@ -0,0 +1,420 @@
+From 0fb2815b873304d145ed00283454fc9f3bd35e6b Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 4 Dec 2018 08:37:04 +0000
+Subject: [PATCH] Fix some SSL_export_keying_material() issues
+
+Fix some issues in tls13_hkdf_expand() which impact the above function
+for TLSv1.3. In particular test that we can use the maximum label length
+in TLSv1.3.
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/7755)
+---
+ doc/man3/SSL_export_keying_material.pod |  3 +-
+ ssl/ssl_locl.h                          |  2 +-
+ ssl/statem/extensions.c                 |  2 +-
+ ssl/statem/statem_clnt.c                |  2 +-
+ ssl/statem/statem_srvr.c                |  2 +-
+ ssl/tls13_enc.c                         | 73 +++++++++++++++++--------
+ test/sslapitest.c                       | 48 ++++++++++++----
+ test/tls13secretstest.c                 |  2 +-
+ 8 files changed, 92 insertions(+), 42 deletions(-)
+
+diff --git a/doc/man3/SSL_export_keying_material.pod b/doc/man3/SSL_export_keying_material.pod
+index abebf911fc3..4c81a60ffbb 100644
+--- a/doc/man3/SSL_export_keying_material.pod
++++ b/doc/man3/SSL_export_keying_material.pod
+@@ -59,7 +59,8 @@ B<label> and should be B<llen> bytes long. Typically this will be a value from
+ the IANA Exporter Label Registry
+ (L<https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels>).
+ Alternatively labels beginning with "EXPERIMENTAL" are permitted by the standard
+-to be used without registration.
++to be used without registration. TLSv1.3 imposes a maximum label length of
++249 bytes.
+ 
+ Note that this function is only defined for TLSv1.0 and above, and DTLSv1.0 and
+ above. Attempting to use it in SSLv3 will result in an error.
+diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h
+index 70e5a1740f9..307131de93a 100644
+--- a/ssl/ssl_locl.h
++++ b/ssl/ssl_locl.h
+@@ -2461,7 +2461,7 @@ __owur int tls13_hkdf_expand(SSL *s, const EVP_MD *md,
+                              const unsigned char *secret,
+                              const unsigned char *label, size_t labellen,
+                              const unsigned char *data, size_t datalen,
+-                             unsigned char *out, size_t outlen);
++                             unsigned char *out, size_t outlen, int fatal);
+ __owur int tls13_derive_key(SSL *s, const EVP_MD *md,
+                             const unsigned char *secret, unsigned char *key,
+                             size_t keylen);
+diff --git a/ssl/statem/extensions.c b/ssl/statem/extensions.c
+index 63e61c6184a..716d6d23e08 100644
+--- a/ssl/statem/extensions.c
++++ b/ssl/statem/extensions.c
+@@ -1506,7 +1506,7 @@ int tls_psk_do_binder(SSL *s, const EVP_MD *md, const unsigned char *msgstart,
+ 
+     /* Generate the binder key */
+     if (!tls13_hkdf_expand(s, md, early_secret, label, labelsize, hash,
+-                           hashsize, binderkey, hashsize)) {
++                           hashsize, binderkey, hashsize, 1)) {
+         /* SSLfatal() already called */
+         goto err;
+     }
+diff --git a/ssl/statem/statem_clnt.c b/ssl/statem/statem_clnt.c
+index 5a8f1163dfa..a0e495d8e83 100644
+--- a/ssl/statem/statem_clnt.c
++++ b/ssl/statem/statem_clnt.c
+@@ -2740,7 +2740,7 @@ MSG_PROCESS_RETURN tls_process_new_session_ticket(SSL *s, PACKET *pkt)
+                                PACKET_data(&nonce),
+                                PACKET_remaining(&nonce),
+                                s->session->master_key,
+-                               hashlen)) {
++                               hashlen, 1)) {
+             /* SSLfatal() already called */
+             goto err;
+         }
+diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
+index e7c11c4bea4..a8e862ced55 100644
+--- a/ssl/statem/statem_srvr.c
++++ b/ssl/statem/statem_srvr.c
+@@ -4099,7 +4099,7 @@ int tls_construct_new_session_ticket(SSL *s, WPACKET *pkt)
+                                tick_nonce,
+                                TICKET_NONCE_SIZE,
+                                s->session->master_key,
+-                               hashlen)) {
++                               hashlen, 1)) {
+             /* SSLfatal() already called */
+             goto err;
+         }
+diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
+index f7ab0fa4704..c3021d18aa9 100644
+--- a/ssl/tls13_enc.c
++++ b/ssl/tls13_enc.c
+@@ -13,7 +13,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/kdf.h>
+ 
+-#define TLS13_MAX_LABEL_LEN     246
++#define TLS13_MAX_LABEL_LEN     249
+ 
+ /* Always filled with zeros */
+ static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
+@@ -22,30 +22,47 @@ static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
+  * Given a |secret|; a |label| of length |labellen|; and |data| of length
+  * |datalen| (e.g. typically a hash of the handshake messages), derive a new
+  * secret |outlen| bytes long and store it in the location pointed to be |out|.
+- * The |data| value may be zero length. Returns 1 on success  0 on failure.
++ * The |data| value may be zero length. Any errors will be treated as fatal if
++ * |fatal| is set. Returns 1 on success  0 on failure.
+  */
+ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                              const unsigned char *label, size_t labellen,
+                              const unsigned char *data, size_t datalen,
+-                             unsigned char *out, size_t outlen)
++                             unsigned char *out, size_t outlen, int fatal)
+ {
+-    const unsigned char label_prefix[] = "tls13 ";
++    static const unsigned char label_prefix[] = "tls13 ";
+     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+     int ret;
+     size_t hkdflabellen;
+     size_t hashlen;
+     /*
+-     * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
+-     * prefix and label + bytes for the label itself + bytes for the hash
++     * 2 bytes for length of derived secret + 1 byte for length of combined
++     * prefix and label + bytes for the label itself + 1 byte length of hash
++     * + bytes for the hash itself
+      */
+     unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+                             + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN
+-                            + EVP_MAX_MD_SIZE];
++                            + 1 + EVP_MAX_MD_SIZE];
+     WPACKET pkt;
+ 
+     if (pctx == NULL)
+         return 0;
+ 
++    if (labellen > TLS13_MAX_LABEL_LEN) {
++        if (fatal) {
++            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
++                     ERR_R_INTERNAL_ERROR);
++        } else {
++            /*
++             * Probably we have been called from SSL_export_keying_material(),
++             * or SSL_export_keying_material_early().
++             */
++            SSLerr(SSL_F_TLS13_HKDF_EXPAND, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
++        }
++        EVP_PKEY_CTX_free(pctx);
++        return 0;
++    }
++
+     hashlen = EVP_MD_size(md);
+ 
+     if (!WPACKET_init_static_len(&pkt, hkdflabel, sizeof(hkdflabel), 0)
+@@ -59,8 +76,11 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+             || !WPACKET_finish(&pkt)) {
+         EVP_PKEY_CTX_free(pctx);
+         WPACKET_cleanup(&pkt);
+-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+-                 ERR_R_INTERNAL_ERROR);
++        if (fatal)
++            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
++                     ERR_R_INTERNAL_ERROR);
++        else
++            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
+         return 0;
+     }
+ 
+@@ -74,9 +94,13 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+ 
+     EVP_PKEY_CTX_free(pctx);
+ 
+-    if (ret != 0)
+-        SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
+-                 ERR_R_INTERNAL_ERROR);
++    if (ret != 0) {
++        if (fatal)
++            SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_TLS13_HKDF_EXPAND,
++                     ERR_R_INTERNAL_ERROR);
++        else
++            SSLerr(SSL_F_TLS13_HKDF_EXPAND, ERR_R_INTERNAL_ERROR);
++    }
+ 
+     return ret == 0;
+ }
+@@ -91,7 +115,7 @@ int tls13_derive_key(SSL *s, const EVP_MD *md, const unsigned char *secret,
+     static const unsigned char keylabel[] = "key";
+ 
+     return tls13_hkdf_expand(s, md, secret, keylabel, sizeof(keylabel) - 1,
+-                             NULL, 0, key, keylen);
++                             NULL, 0, key, keylen, 1);
+ }
+ 
+ /*
+@@ -104,7 +128,7 @@ int tls13_derive_iv(SSL *s, const EVP_MD *md, const unsigned char *secret,
+     static const unsigned char ivlabel[] = "iv";
+ 
+     return tls13_hkdf_expand(s, md, secret, ivlabel, sizeof(ivlabel) - 1,
+-                             NULL, 0, iv, ivlen);
++                             NULL, 0, iv, ivlen, 1);
+ }
+ 
+ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+@@ -114,7 +138,7 @@ int tls13_derive_finishedkey(SSL *s, const EVP_MD *md,
+     static const unsigned char finishedlabel[] = "finished";
+ 
+     return tls13_hkdf_expand(s, md, secret, finishedlabel,
+-                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen);
++                             sizeof(finishedlabel) - 1, NULL, 0, fin, finlen, 1);
+ }
+ 
+ /*
+@@ -177,7 +201,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
+         if (!tls13_hkdf_expand(s, md, prevsecret,
+                                (unsigned char *)derived_secret_label,
+                                sizeof(derived_secret_label) - 1, hash, mdlen,
+-                               preextractsec, mdlen)) {
++                               preextractsec, mdlen, 1)) {
+             /* SSLfatal() already called */
+             EVP_PKEY_CTX_free(pctx);
+             return 0;
+@@ -337,7 +361,7 @@ static int derive_secret_key_and_iv(SSL *s, int sending, const EVP_MD *md,
+     hashlen = (size_t)hashleni;
+ 
+     if (!tls13_hkdf_expand(s, md, insecret, label, labellen, hash, hashlen,
+-                           secret, hashlen)) {
++                           secret, hashlen, 1)) {
+         /* SSLfatal() already called */
+         goto err;
+     }
+@@ -517,7 +541,8 @@ int tls13_change_cipher_state(SSL *s, int which)
+                                    early_exporter_master_secret,
+                                    sizeof(early_exporter_master_secret) - 1,
+                                    hashval, hashlen,
+-                                   s->early_exporter_master_secret, hashlen)) {
++                                   s->early_exporter_master_secret, hashlen,
++                                   1)) {
+                 SSLfatal(s, SSL_AD_INTERNAL_ERROR,
+                          SSL_F_TLS13_CHANGE_CIPHER_STATE, ERR_R_INTERNAL_ERROR);
+                 goto err;
+@@ -604,7 +629,7 @@ int tls13_change_cipher_state(SSL *s, int which)
+                                resumption_master_secret,
+                                sizeof(resumption_master_secret) - 1,
+                                hashval, hashlen, s->resumption_master_secret,
+-                               hashlen)) {
++                               hashlen, 1)) {
+             /* SSLfatal() already called */
+             goto err;
+         }
+@@ -624,7 +649,7 @@ int tls13_change_cipher_state(SSL *s, int which)
+                                exporter_master_secret,
+                                sizeof(exporter_master_secret) - 1,
+                                hash, hashlen, s->exporter_master_secret,
+-                               hashlen)) {
++                               hashlen, 1)) {
+             /* SSLfatal() already called */
+             goto err;
+         }
+@@ -738,10 +763,10 @@ int tls13_export_keying_material(SSL *s, unsigned char *out, size_t olen,
+             || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+             || !tls13_hkdf_expand(s, md, s->exporter_master_secret,
+                                   (const unsigned char *)label, llen,
+-                                  data, datalen, exportsecret, hashsize)
++                                  data, datalen, exportsecret, hashsize, 0)
+             || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                   sizeof(exporterlabel) - 1, hash, hashsize,
+-                                  out, olen))
++                                  out, olen, 0))
+         goto err;
+ 
+     ret = 1;
+@@ -797,10 +822,10 @@ int tls13_export_keying_material_early(SSL *s, unsigned char *out, size_t olen,
+             || EVP_DigestFinal_ex(ctx, data, &datalen) <= 0
+             || !tls13_hkdf_expand(s, md, s->early_exporter_master_secret,
+                                   (const unsigned char *)label, llen,
+-                                  data, datalen, exportsecret, hashsize)
++                                  data, datalen, exportsecret, hashsize, 0)
+             || !tls13_hkdf_expand(s, md, exportsecret, exporterlabel,
+                                   sizeof(exporterlabel) - 1, hash, hashsize,
+-                                  out, olen))
++                                  out, olen, 0))
+         goto err;
+ 
+     ret = 1;
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 108d57e4781..a4bbb4fead4 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -4028,20 +4028,25 @@ static int test_serverinfo(int tst)
+  * no test vectors so all we do is test that both sides of the communication
+  * produce the same results for different protocol versions.
+  */
++#define SMALL_LABEL_LEN 10
++#define LONG_LABEL_LEN  249
+ static int test_export_key_mat(int tst)
+ {
+     int testresult = 0;
+     SSL_CTX *cctx = NULL, *sctx = NULL, *sctx2 = NULL;
+     SSL *clientssl = NULL, *serverssl = NULL;
+-    const char label[] = "test label";
++    const char label[LONG_LABEL_LEN + 1] = "test label";
+     const unsigned char context[] = "context";
+     const unsigned char *emptycontext = NULL;
+     unsigned char ckeymat1[80], ckeymat2[80], ckeymat3[80];
+     unsigned char skeymat1[80], skeymat2[80], skeymat3[80];
++    size_t labellen;
+     const int protocols[] = {
+         TLS1_VERSION,
+         TLS1_1_VERSION,
+         TLS1_2_VERSION,
++        TLS1_3_VERSION,
++        TLS1_3_VERSION,
+         TLS1_3_VERSION
+     };
+ 
+@@ -4058,7 +4063,7 @@ static int test_export_key_mat(int tst)
+         return 1;
+ #endif
+ #ifdef OPENSSL_NO_TLS1_3
+-    if (tst == 3)
++    if (tst >= 3)
+         return 1;
+ #endif
+     if (!TEST_true(create_ssl_ctx_pair(TLS_server_method(), TLS_client_method(),
+@@ -4076,33 +4081,52 @@ static int test_export_key_mat(int tst)
+                                                 SSL_ERROR_NONE)))
+         goto end;
+ 
++    if (tst == 5) {
++        /*
++         * TLSv1.3 imposes a maximum label len of 249 bytes. Check we fail if we
++         * go over that.
++         */
++        if (!TEST_int_le(SSL_export_keying_material(clientssl, ckeymat1,
++                                                    sizeof(ckeymat1), label,
++                                                    LONG_LABEL_LEN + 1, context,
++                                                    sizeof(context) - 1, 1), 0))
++            goto end;
++
++        testresult = 1;
++        goto end;
++    } else if (tst == 4) {
++        labellen = LONG_LABEL_LEN;
++    } else {
++        labellen = SMALL_LABEL_LEN;
++    }
++
+     if (!TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat1,
+                                                 sizeof(ckeymat1), label,
+-                                                sizeof(label) - 1, context,
++                                                labellen, context,
+                                                 sizeof(context) - 1, 1), 1)
+             || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat2,
+                                                        sizeof(ckeymat2), label,
+-                                                       sizeof(label) - 1,
++                                                       labellen,
+                                                        emptycontext,
+                                                        0, 1), 1)
+             || !TEST_int_eq(SSL_export_keying_material(clientssl, ckeymat3,
+                                                        sizeof(ckeymat3), label,
+-                                                       sizeof(label) - 1,
++                                                       labellen,
+                                                        NULL, 0, 0), 1)
+             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat1,
+                                                        sizeof(skeymat1), label,
+-                                                       sizeof(label) - 1,
++                                                       labellen,
+                                                        context,
+                                                        sizeof(context) -1, 1),
+                             1)
+             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat2,
+                                                        sizeof(skeymat2), label,
+-                                                       sizeof(label) - 1,
++                                                       labellen,
+                                                        emptycontext,
+                                                        0, 1), 1)
+             || !TEST_int_eq(SSL_export_keying_material(serverssl, skeymat3,
+                                                        sizeof(skeymat3), label,
+-                                                       sizeof(label) - 1,
++                                                       labellen,
+                                                        NULL, 0, 0), 1)
+                /*
+                 * Check that both sides created the same key material with the
+@@ -4131,10 +4155,10 @@ static int test_export_key_mat(int tst)
+      * Check that an empty context and no context produce different results in
+      * protocols less than TLSv1.3. In TLSv1.3 they should be the same.
+      */
+-    if ((tst != 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
++    if ((tst < 3 && !TEST_mem_ne(ckeymat2, sizeof(ckeymat2), ckeymat3,
+                                   sizeof(ckeymat3)))
+-            || (tst ==3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
+-                                        sizeof(ckeymat3))))
++            || (tst >= 3 && !TEST_mem_eq(ckeymat2, sizeof(ckeymat2), ckeymat3,
++                                         sizeof(ckeymat3))))
+         goto end;
+ 
+     testresult = 1;
+@@ -5909,7 +5933,7 @@ int setup_tests(void)
+     ADD_ALL_TESTS(test_custom_exts, 3);
+ #endif
+     ADD_ALL_TESTS(test_serverinfo, 8);
+-    ADD_ALL_TESTS(test_export_key_mat, 4);
++    ADD_ALL_TESTS(test_export_key_mat, 6);
+ #ifndef OPENSSL_NO_TLS1_3
+     ADD_ALL_TESTS(test_export_key_mat_early, 3);
+ #endif
+diff --git a/test/tls13secretstest.c b/test/tls13secretstest.c
+index 319df17bab0..de318df02b4 100644
+--- a/test/tls13secretstest.c
++++ b/test/tls13secretstest.c
+@@ -226,7 +226,7 @@ static int test_secret(SSL *s, unsigned char *prk,
+     }
+ 
+     if (!tls13_hkdf_expand(s, md, prk, label, labellen, hash, hashsize,
+-                           gensecret, hashsize)) {
++                           gensecret, hashsize, 1)) {
+         TEST_error("Secret generation failed");
+         return 0;
+     }

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch b/dev-libs/openssl/files/openssl-1.1.1a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch
new file mode 100644
index 0000000000..c2f8bb638b
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch
@@ -0,0 +1,26 @@
+From 3ccccb91ae1c07a4310778b3d7ba74ff4ff787f0 Mon Sep 17 00:00:00 2001
+From: Paul Yang <yang.yang@baishancloud.com>
+Date: Wed, 21 Nov 2018 13:16:27 +0800
+Subject: [PATCH] Fix wrong return value in ssl3_ctx_ctrl
+
+This fixes issue #7677
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/7678)
+---
+ ssl/s3_lib.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
+index 866ca4dfa9b..99ae48199c2 100644
+--- a/ssl/s3_lib.c
++++ b/ssl/s3_lib.c
+@@ -3781,7 +3781,7 @@ long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
+                                   EVP_PKEY_security_bits(pkdh), 0, pkdh)) {
+                 SSLerr(SSL_F_SSL3_CTX_CTRL, SSL_R_DH_KEY_TOO_SMALL);
+                 EVP_PKEY_free(pkdh);
+-                return 1;
++                return 0;
+             }
+             EVP_PKEY_free(ctx->cert->dh_tmp);
+             ctx->cert->dh_tmp = pkdh;

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-make-sure-build_SYS_str_reasons_preserves_errno.patch b/dev-libs/openssl/files/openssl-1.1.1a-make-sure-build_SYS_str_reasons_preserves_errno.patch
new file mode 100644
index 0000000000..cfa84c73a5
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-make-sure-build_SYS_str_reasons_preserves_errno.patch
@@ -0,0 +1,68 @@
+From 99992ad22019e752c7b103a45f860a48b6bc0972 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 21 Nov 2018 11:44:42 +0000
+Subject: [PATCH] Make sure build_SYS_str_reasons() preserves errno
+
+This function can end up being called during ERR_get_error() if we are
+initialising. ERR_get_error() must preserve errno since it gets called via
+SSL_get_error(). If that function returns SSL_ERROR_SYSCALL then you are
+supposed to inspect errno.
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/7680)
+
+(cherry picked from commit 71b1ceffc4c795f5db21861dd1016fbe23a53a53)
+---
+
+diff --git a/crypto/err/err.c b/crypto/err/err.c
+index 03cbd73..2eeeab2 100644
+--- a/crypto/err/err.c
++++ b/crypto/err/err.c
+@@ -19,6 +19,7 @@
+ #include <openssl/bio.h>
+ #include <openssl/opensslconf.h>
+ #include "internal/thread_once.h"
++#include "e_os.h"
+ 
+ static int err_load_strings(const ERR_STRING_DATA *str);
+ 
+@@ -201,6 +202,7 @@ static void build_SYS_str_reasons(void)
+     static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+     static int init = 1;
+     int i;
++    int saveerrno = get_last_sys_error();
+ 
+     CRYPTO_THREAD_write_lock(err_string_lock);
+     if (!init) {
+@@ -229,6 +231,8 @@ static void build_SYS_str_reasons(void)
+     init = 0;
+ 
+     CRYPTO_THREAD_unlock(err_string_lock);
++    /* openssl_strerror_r could change errno, but we want to preserve it */
++    set_sys_error(saveerrno);
+     err_load_strings(SYS_str_reasons);
+ }
+ #endif
+diff --git a/e_os.h b/e_os.h
+index 5340593..8e6efa9 100644
+--- a/e_os.h
++++ b/e_os.h
+@@ -49,6 +49,7 @@
+ 
+ # define get_last_sys_error()    errno
+ # define clear_sys_error()       errno=0
++# define set_sys_error(e)        errno=(e)
+ 
+ /********************************************************************
+  The Microsoft section
+@@ -66,8 +67,10 @@
+ # ifdef WIN32
+ #  undef get_last_sys_error
+ #  undef clear_sys_error
++#  undef set_sys_error
+ #  define get_last_sys_error()    GetLastError()
+ #  define clear_sys_error()       SetLastError(0)
++#  define set_sys_error(e)        SetLastError(e)
+ #  if !defined(WINNT)
+ #   define WIN_CONSOLE_BUG
+ #  endif

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-preserve-errno-on-dlopen.patch b/dev-libs/openssl/files/openssl-1.1.1a-preserve-errno-on-dlopen.patch
new file mode 100644
index 0000000000..ed8f2dd96b
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-preserve-errno-on-dlopen.patch
@@ -0,0 +1,51 @@
+From ef97becf522fc4e2e9d98e6ae7bcb26651883d9a Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Wed, 21 Nov 2018 11:57:04 +0000
+Subject: [PATCH] Preserve errno on dlopen
+
+For the same reasons as in the previous commit we must preserve errno
+across dlopen calls. Some implementations (e.g. solaris) do not preserve
+errno even on a successful dlopen call.
+
+Fixes #6953
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/7680)
+
+(cherry picked from commit 3cb4e7dc1cf92022f62b9bbdd59695885a1265ff)
+---
+ crypto/dso/dso_dlfcn.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/crypto/dso/dso_dlfcn.c b/crypto/dso/dso_dlfcn.c
+index ad8899c289a..4240f5f5e30 100644
+--- a/crypto/dso/dso_dlfcn.c
++++ b/crypto/dso/dso_dlfcn.c
+@@ -17,6 +17,7 @@
+ #endif
+ 
+ #include "dso_locl.h"
++#include "e_os.h"
+ 
+ #ifdef DSO_DLFCN
+ 
+@@ -99,6 +100,7 @@ static int dlfcn_load(DSO *dso)
+     /* See applicable comments in dso_dl.c */
+     char *filename = DSO_convert_filename(dso, NULL);
+     int flags = DLOPEN_FLAG;
++    int saveerrno = get_last_sys_error();
+ 
+     if (filename == NULL) {
+         DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
+@@ -118,6 +120,11 @@ static int dlfcn_load(DSO *dso)
+         ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+         goto err;
+     }
++    /*
++     * Some dlopen() implementations (e.g. solaris) do no preserve errno, even
++     * on a successful call.
++     */
++    set_sys_error(saveerrno);
+     if (!sk_void_push(dso->meth_data, (char *)ptr)) {
+         DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
+         goto err;

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-preserve-system-error-number-in-a-few-more-places.patch b/dev-libs/openssl/files/openssl-1.1.1a-preserve-system-error-number-in-a-few-more-places.patch
new file mode 100644
index 0000000000..84c43a3c3e
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-preserve-system-error-number-in-a-few-more-places.patch
@@ -0,0 +1,57 @@
+From 145419423e1a74ae54cdbd3aed8bb15cbd53c7cc Mon Sep 17 00:00:00 2001
+From: Richard Levitte <levitte@openssl.org>
+Date: Fri, 14 Dec 2018 19:33:55 +0100
+Subject: [PATCH] ERR: preserve system error number in a few more places
+
+It turns out that intialization may change the error number, so we
+need to preserve the system error number in functions where
+initialization is called for.
+These are ERR_get_state() and err_shelve_state()
+
+Fixes #7897
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/7902)
+
+(cherry picked from commit 91c5473035aaf2c0d86e4039c2a29a5b70541905)
+---
+ crypto/err/err.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/crypto/err/err.c b/crypto/err/err.c
+index 5cfb02d821b..aef2543d60b 100644
+--- a/crypto/err/err.c
++++ b/crypto/err/err.c
+@@ -697,6 +697,7 @@ DEFINE_RUN_ONCE_STATIC(err_do_init)
+ ERR_STATE *ERR_get_state(void)
+ {
+     ERR_STATE *state;
++    int saveerrno = get_last_sys_error();
+ 
+     if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+         return NULL;
+@@ -728,6 +729,7 @@ ERR_STATE *ERR_get_state(void)
+         OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+     }
+ 
++    set_sys_error(saveerrno);
+     return state;
+ }
+ 
+@@ -737,6 +739,8 @@ ERR_STATE *ERR_get_state(void)
+  */
+ int err_shelve_state(void **state)
+ {
++    int saveerrno = get_last_sys_error();
++
+     if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
+         return 0;
+ 
+@@ -747,6 +751,7 @@ int err_shelve_state(void **state)
+     if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
+         return 0;
+ 
++    set_sys_error(saveerrno);
+     return 1;
+ }
+ 

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch b/dev-libs/openssl/files/openssl-1.1.1a-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch
new file mode 100644
index 0000000000..5ea4fb97bf
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch
@@ -0,0 +1,56 @@
+From ed371b8cbac0d0349667558c061c1ae380cf75eb Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 3 Dec 2018 18:14:57 +0000
+Subject: [PATCH] Revert "Reduce stack usage in tls13_hkdf_expand"
+
+This reverts commit ec0c5f5693e39c5a013f81e6dd9dfd09ec65162d.
+
+SSL_export_keying_material() may use longer label lengths.
+
+Fixes #7712
+
+Reviewed-by: Tim Hudson <tjh@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/7755)
+---
+ ssl/tls13_enc.c | 16 ++++------------
+ 1 file changed, 4 insertions(+), 12 deletions(-)
+
+diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
+index b6825d20c2d..f7ab0fa4704 100644
+--- a/ssl/tls13_enc.c
++++ b/ssl/tls13_enc.c
+@@ -13,14 +13,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/kdf.h>
+ 
+-/*
+- * RFC 8446, 7.1 Key Schedule, says:
+- * Note: With common hash functions, any label longer than 12 characters
+- * requires an additional iteration of the hash function to compute.
+- * The labels in this specification have all been chosen to fit within
+- * this limit.
+- */
+-#define TLS13_MAX_LABEL_LEN     12
++#define TLS13_MAX_LABEL_LEN     246
+ 
+ /* Always filled with zeros */
+ static const unsigned char default_zeros[EVP_MAX_MD_SIZE];
+@@ -36,15 +29,14 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
+                              const unsigned char *data, size_t datalen,
+                              unsigned char *out, size_t outlen)
+ {
+-    static const unsigned char label_prefix[] = "tls13 ";
++    const unsigned char label_prefix[] = "tls13 ";
+     EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL);
+     int ret;
+     size_t hkdflabellen;
+     size_t hashlen;
+     /*
+-     * 2 bytes for length of derived secret + 1 byte for length of combined
+-     * prefix and label + bytes for the label itself + 1 byte length of hash
+-     * + bytes for the hash itself
++     * 2 bytes for length of whole HkdfLabel + 1 byte for length of combined
++     * prefix and label + bytes for the label itself + bytes for the hash
+      */
+     unsigned char hkdflabel[sizeof(uint16_t) + sizeof(uint8_t) +
+                             + sizeof(label_prefix) + TLS13_MAX_LABEL_LEN

diff --git a/dev-libs/openssl/openssl-1.1.0j.ebuild b/dev-libs/openssl/openssl-1.1.0j.ebuild
index 44d04df06b..2bb60257ca 100644
--- a/dev-libs/openssl/openssl-1.1.0j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0j.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -37,14 +37,15 @@ PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
 PATCH37=openssl-1.1.0-ec-curves.patch
 FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
 FEDORA_GIT_BRANCH='f28'
+FEDORA_GIT_COMMIT="d2ede125556ac99aa0faa7744c703af3f559094e"
 FEDORA_SRC_URI=()
 FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
 FEDORA_PATCH=( $PATCH1 $PATCH37 )
 for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${P}_${FEDORA_GIT_COMMIT}_${i}" )
 done
 for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH}&id=${FEDORA_GIT_COMMIT} -> ${i%.patch}_${FEDORA_GIT_COMMIT}.patch" )
 done
 SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
 
@@ -61,16 +62,28 @@ PATCHES=(
 
 src_prepare() {
 	if use bindist; then
+		# we need to patch the patch but we cannot patch in DISTDIR...
+		mkdir "${WORKDIR}"/fedora_patches || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			cp "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch" "${WORKDIR}"/fedora_patches || die
+		done
+
+		# now patch the path, due to OpenSSL change cb193560e0da17a41b40ce574a2349f1d4d59ed1
+		sed -i -e 's#test/evptests.txt#test/recipes/30-test_evp_data/evppkey.txt#g' \
+			"${WORKDIR}"/fedora_patches/openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch || \
+			die
+
 		# This just removes the prefix, and puts it into WORKDIR like the RPM.
 		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+			cp -f "${DISTDIR}"/"${P}_${FEDORA_GIT_COMMIT}_${i}" "${WORKDIR}"/"${i}" || die
 		done
 		# .spec %prep
 		bash "${WORKDIR}"/"${SOURCE1}" || die
 		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
 		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
 		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
+			#eapply "${DISTDIR}"/"${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
+			eapply "${WORKDIR}/fedora_patches/${i%.patch}_${FEDORA_GIT_COMMIT}.patch"
 		done
 		# Also see the configure parts below:
 		# enable-ec \
@@ -119,7 +132,8 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	# Prefixify Configure shebang (#141906)
+	# Prefixify Configure shebang (#141906), need to
+	# search PATH for EAPI 7 cross prefix situations.
 	sed \
 		-e "1s,/usr/bin/env,$(type -P env)," \
 		-i Configure || die

diff --git a/dev-libs/openssl/openssl-1.1.0j.ebuild b/dev-libs/openssl/openssl-1.1.1a-r1.ebuild
similarity index 84%
copy from dev-libs/openssl/openssl-1.1.0j.ebuild
copy to dev-libs/openssl/openssl-1.1.1a-r1.ebuild
index 44d04df06b..3736d72b2c 100644
--- a/dev-libs/openssl/openssl-1.1.0j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1a-r1.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -12,8 +12,9 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -27,19 +28,29 @@ DEPEND="${RDEPEND}
 	)"
 PDEPEND="app-misc/ca-certificates"
 
+PATCHES=(
+	"${FILESDIR}"/${P}-make-sure-build_SYS_str_reasons_preserves_errno.patch
+	"${FILESDIR}"/${P}-preserve-errno-on-dlopen.patch
+	"${FILESDIR}"/${P}-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch
+	"${FILESDIR}"/${P}-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch
+	"${FILESDIR}"/${P}-fix-some-SSL_export_keying_material-issues.patch
+	"${FILESDIR}"/${P}-preserve-system-error-number-in-a-few-more-places.patch
+	"${FILESDIR}"/${P}-fix-a-minor-nit-in-hkdflabel-size.patch
+	"${FILESDIR}"/${P}-fix-cert-with-rsa-instead-of-rsaEncryption.patch
+)
+
 # This does not copy the entire Fedora patchset, but JUST the parts that
 # are needed to make it safe to use EC with RESTRICT=bindist.
 # See openssl.spec for the matching numbering of SourceNNN, PatchNNN
 SOURCE1=hobble-openssl
 SOURCE12=ec_curve.c
 SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
+PATCH37=openssl-1.1.1-ec-curves.patch
 FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f28'
+FEDORA_GIT_BRANCH='f29'
 FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
+FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
+FEDORA_PATCH=( ${PATCH37} )
 for i in "${FEDORA_SOURCE[@]}" ; do
 	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
 done
@@ -54,11 +65,6 @@ MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-)
-
 src_prepare() {
 	if use bindist; then
 		# This just removes the prefix, and puts it into WORKDIR like the RPM.
@@ -77,6 +83,7 @@ src_prepare() {
 		# $(use_ssl !bindist ec2m) \
 
 	fi
+
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
@@ -85,7 +92,9 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		eapply "${PATCHES[@]}"
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
 	fi
 
 	eapply_user #332661
@@ -98,14 +107,11 @@ src_prepare() {
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
 		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
 		Configurations/unix-Makefile.tmpl \
 		|| die
 
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
-
 	# quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
 	# and 'make depend' uses -Werror for added fun (#417795 again)
@@ -119,7 +125,8 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	# Prefixify Configure shebang (#141906)
+	# Prefixify Configure shebang (#141906), need to
+	# search PATH for EAPI 7 cross prefix situations.
 	sed \
 		-e "1s,/usr/bin/env,$(type -P env)," \
 		-i Configure || die
@@ -188,13 +195,15 @@ multilib_src_configure() {
 		enable-idea \
 		enable-mdc2 \
 		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
 		$(use_ssl asm) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
 		shared threads \
 		|| die
@@ -228,7 +237,13 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED%/}"/usr || die
+	fi
+
+	emake DESTDIR="${D%/}" install
 }
 
 multilib_src_install_all() {

diff --git a/dev-libs/openssl/openssl-1.1.0j.ebuild b/dev-libs/openssl/openssl-1.1.1a.ebuild
similarity index 89%
copy from dev-libs/openssl/openssl-1.1.0j.ebuild
copy to dev-libs/openssl/openssl-1.1.1a.ebuild
index 44d04df06b..8c55c63627 100644
--- a/dev-libs/openssl/openssl-1.1.0j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1a.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
@@ -12,8 +12,9 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
 KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 
 RDEPEND=">=app-misc/c_rehash-1.7-r1
@@ -33,13 +34,12 @@ PDEPEND="app-misc/ca-certificates"
 SOURCE1=hobble-openssl
 SOURCE12=ec_curve.c
 SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
+PATCH37=openssl-1.1.1-ec-curves.patch
 FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f28'
+FEDORA_GIT_BRANCH='f29'
 FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
+FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
+FEDORA_PATCH=( ${PATCH37} )
 for i in "${FEDORA_SOURCE[@]}" ; do
 	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
 done
@@ -54,11 +54,6 @@ MULTILIB_WRAPPED_HEADERS=(
 	usr/include/openssl/opensslconf.h
 )
 
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-)
-
 src_prepare() {
 	if use bindist; then
 		# This just removes the prefix, and puts it into WORKDIR like the RPM.
@@ -77,6 +72,7 @@ src_prepare() {
 		# $(use_ssl !bindist ec2m) \
 
 	fi
+
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
 
@@ -85,7 +81,9 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		eapply "${PATCHES[@]}"
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
 	fi
 
 	eapply_user #332661
@@ -98,14 +96,11 @@ src_prepare() {
 		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
 		-e $(has noman FEATURES \
 			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
 		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
 		Configurations/unix-Makefile.tmpl \
 		|| die
 
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
-
 	# quiet out unknown driver argument warnings since openssl
 	# doesn't have well-split CFLAGS and we're making it even worse
 	# and 'make depend' uses -Werror for added fun (#417795 again)
@@ -119,7 +114,8 @@ src_prepare() {
 	append-flags $(test-flags-CC -Wa,--noexecstack)
 	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
 
-	# Prefixify Configure shebang (#141906)
+	# Prefixify Configure shebang (#141906), need to
+	# search PATH for EAPI 7 cross prefix situations.
 	sed \
 		-e "1s,/usr/bin/env,$(type -P env)," \
 		-i Configure || die
@@ -188,13 +184,15 @@ multilib_src_configure() {
 		enable-idea \
 		enable-mdc2 \
 		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
 		$(use_ssl asm) \
 		$(use_ssl rfc3779) \
 		$(use_ssl sctp) \
 		$(use_ssl tls-heartbeat heartbeats) \
 		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--prefix="${EPREFIX%/}"/usr \
+		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
 		--libdir=$(get_libdir) \
 		shared threads \
 		|| die
@@ -228,7 +226,13 @@ multilib_src_test() {
 }
 
 multilib_src_install() {
-	emake DESTDIR="${D}" install
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED%/}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED%/}"/usr || die
+	fi
+
+	emake DESTDIR="${D%/}" install
 }
 
 multilib_src_install_all() {


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2019-02-15 18:58 Michael Haubenwallner
  0 siblings, 0 replies; 8+ messages in thread
From: Michael Haubenwallner @ 2019-02-15 18:58 UTC (permalink / raw
  To: gentoo-commits

commit:     1dbc9be7219d95a6c05f0cea520ec931d9e18541
Author:     Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 15 18:57:28 2019 +0000
Commit:     Michael Haubenwallner <haubi <AT> gentoo <DOT> org>
CommitDate: Fri Feb 15 18:57:43 2019 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=1dbc9be7

dev-libs/openssl: fix cygwin binmode

Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Michael Haubenwallner <haubi <AT> gentoo.org>

 .../files/openssl-1.1.1a-cygwin-binmode.patch      | 32 ++++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.1a-r1.ebuild          |  4 +--
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
new file mode 100644
index 0000000000..7ab2fd5065
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1a-cygwin-binmode.patch
@@ -0,0 +1,32 @@
+For the setmode(O_TEXT), not submitted upstream yet:
+https://cygwin.com/ml/cygwin/2019-02/msg00150.html
+https://cygwin.com/ml/cygwin/2019-02/msg00190.html
+
+For the chmod 644, accepted upstream:
+https://github.com/openssl/openssl/pull/8226
+--- openssl-1.1.1a/crypto/bio/bss_file.c.orig	2019-02-15 19:41:48.605378800 +0100
++++ openssl-1.1.1a/crypto/bio/bss_file.c	2019-02-15 19:42:53.136709200 +0100
+@@ -251,12 +251,6 @@
+                 } else
+                     _setmode(fd, _O_BINARY);
+             }
+-#  elif defined(OPENSSL_SYS_WIN32_CYGWIN)
+-            int fd = fileno((FILE *)ptr);
+-            if (num & BIO_FP_TEXT)
+-                setmode(fd, O_TEXT);
+-            else
+-                setmode(fd, O_BINARY);
+ #  endif
+         }
+         break;
+--- openssl-1.1.1a/Configurations/unix-Makefile.tmpl.orig	2019-02-15 19:47:36.464755100 +0100
++++ openssl-1.1.1a/Configurations/unix-Makefile.tmpl	2019-02-15 19:47:42.605379700 +0100
+@@ -650,7 +650,7 @@
+ 		: {- output_off() unless windowsdll(); "" -}; \
+ 		$(ECHO) "install $$s -> $(DESTDIR)$(INSTALLTOP)/bin/$$fn"; \
+ 		cp $$s $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+-		chmod 644 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
++		chmod 755 $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new; \
+ 		mv -f $(DESTDIR)$(INSTALLTOP)/bin/$$fn.new \
+ 		      $(DESTDIR)$(INSTALLTOP)/bin/$$fn; \
+ 		: {- output_on() unless windowsdll(); "" -}{- output_off() if windowsdll(); "" -}; \

diff --git a/dev-libs/openssl/openssl-1.1.1a-r1.ebuild b/dev-libs/openssl/openssl-1.1.1a-r1.ebuild
index 7e5e38380f..a6f6e713e2 100644
--- a/dev-libs/openssl/openssl-1.1.1a-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1a-r1.ebuild
@@ -37,6 +37,7 @@ PATCHES=(
 	"${FILESDIR}"/${P}-preserve-system-error-number-in-a-few-more-places.patch
 	"${FILESDIR}"/${P}-fix-a-minor-nit-in-hkdflabel-size.patch
 	"${FILESDIR}"/${P}-fix-cert-with-rsa-instead-of-rsaEncryption.patch
+	"${FILESDIR}"/${P}-cygwin-binmode.patch
 )
 
 # This does not copy the entire Fedora patchset, but JUST the parts that
@@ -95,8 +96,6 @@ src_prepare() {
 		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
 			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
 		fi
-		# for Cygwin, https://github.com/openssl/openssl/pull/8226
-		sed -i -e '/chmod 644 .*bin/s/644/755/' Configurations/unix-Makefile.tmpl || die
 	fi
 
 	eapply_user #332661
@@ -138,7 +137,6 @@ src_prepare() {
 			-e '/^$config{dirs}/s@ "test",@@' \
 			-i Configure || die
 	fi
-
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
 	./config --test-sanity || die "I AM NOT SANE"


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2019-03-25  8:17 Fabian Groffen
  0 siblings, 0 replies; 8+ messages in thread
From: Fabian Groffen @ 2019-03-25  8:17 UTC (permalink / raw
  To: gentoo-commits

commit:     b1d5472013269f1775bf37aac0c7fcca457a3bbe
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Mar 25 08:17:13 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Mar 25 08:17:13 2019 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=b1d54720

dev-libs/openssl: sync

This should bring in the right versions such that the distfiles can be
fetched from the mirrors.  This should fix the failure of
x86_64-pc-cygwin/20190324.

Package-Manager: Portage-2.3.62-prefix, Repoman-2.3.12
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/openssl/Manifest                          |  24 +-
 .../files/openssl-1.1.1b-CVE-2019-1543.patch       |  66 +++++
 ...nssl-1.0.2p-r1.ebuild => openssl-1.0.2r.ebuild} |   7 +-
 dev-libs/openssl/openssl-1.1.0i-r3.ebuild          | 290 --------------------
 ...nssl-1.1.0j.ebuild => openssl-1.1.0j-r1.ebuild} |   1 +
 dev-libs/openssl/openssl-1.1.1a-r1.ebuild          | 305 ---------------------
 ...nssl-1.1.1a.ebuild => openssl-1.1.1b-r2.ebuild} |  17 +-
 7 files changed, 95 insertions(+), 615 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 7620ca80de..ee4ab6891a 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -1,22 +1,16 @@
-DIST openssl-1.0.2-patches-1.6.tar.xz 16004 BLAKE2B 28c7e9a8c8b09a34aa6ed21dec18b04c1d6140276e319cfa99b63db5ae188ca7837c444e8352748ffc86e6df7676534aef2f28788e825ee8207c0f876efb5b7b SHA512 eac9bbbebd8d942707ef385ee466929045bb4698985f7a0fb16f529f2101a246735cc2e654bfbdaa8a178224bb5ac564478a7587e6156cfcbdfe62a719bfb0a3
-DIST openssl-1.0.2p.tar.gz 5338192 BLAKE2B fe4c0e2bf75d47a76e7377c7977be7bcaaa532061ab89ee989786eeb6495295711a29a88bf026c85d9ed55c97e71b0e9c8cf4c29b6e58a3dc56bcff518666823 SHA512 958c5a7c3324bbdc8f07dfb13e11329d9a1b4452c07cf41fbd2d42b5fe29c95679332a3476d24c2dc2b88be16e4a24744aba675a05a388c0905756c77a8a2f16
-DIST openssl-1.0.2p_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
-DIST openssl-1.0.2p_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
-DIST openssl-1.0.2p_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
-DIST openssl-1.1.0-build.patch 3028 BLAKE2B f8cf981ed3717af234ce02fa50f27cdbcbf2b766968a5957fc6f0a4ea997549505fa77398444d7f3b9a75f66048447fe62542b9cb1d5f0268add87c44915a6fd SHA512 b19a912900970052f80c67f28975e793ae9e70ebfc62efae0544e09931079e98c4cd29ce1cc8d937ceca97aff9a12fdc1ff9ce6c2b47fea68c79e7065464a0f0
+DIST openssl-1.0.2-patches-1.5.tar.xz 12404 BLAKE2B 6c1b8c28f339f539b2ab8643379502a24cf62bffde00041dce54d5dd9e8d2620b181362ee5464b0ab32ba4948e209697bfabadbea2944a409a1009100d298f24 SHA512 5725e2d9d1ee8cc074bcef3bed61c71bdab2ff1c114362110c3fb8da11ad5bc8f2ff28e90a293f5f3a5cf96ecda54dffdb7ab3fb3f8b23ef6472250dc3037659
+DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e831a5f9c193b2da660f9d04acbf407d8b752274783765416c0f5ba557c24ee293ad7fb7d727771db289e6acc901 SHA512 6eb2211f3ad56d7573ac26f388338592c37e5faaf5e2d44c0fa9062c12186e56a324f135d1c956a89b55fcce047e6428bec2756658d103e7275e08b46f741235
+DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
+DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
+DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
 DIST openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
-DIST openssl-1.1.0-ec-curves.patch 2967 BLAKE2B 1c639514445ea85cf731732aa7901b5a03ddb5f637b0483ab2ec6825433ad978723c5a07316db684bdaca4a12fc673b4e049a49c0cd4dbe5f25a5e2bd3b75cf5 SHA512 8fb9c6759ae2077ad3697ba77e85ab3970fd8b3f64b21eb260b4f6333b7ebf2f5a53c7eee311229edfbd96a2b904ec5e5e00dfa5b62cf1105fece13069077bd2
 DIST openssl-1.1.0-ec-curves_d2ede125556ac99aa0faa7744c703af3f559094e.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
-DIST openssl-1.1.0i.tar.gz 5453234 BLAKE2B ae6bec9c116769d98a77165b96fb7d201fe2ede8ee98e3cb68eba496cc90a5fae38dbcbb68b824c9eeacb25605aa80c3ccca9b4f00725658da3ad646834b0f9d SHA512 4a9d454031f644a3072a980f4ea20df976f6c5c58178549dfa62fd4dcf1417509e3be517d2ccb265c87688836f2993531b142fc5971bac5c41d33060057627df
-DIST openssl-1.1.0i_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
-DIST openssl-1.1.0i_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
-DIST openssl-1.1.0i_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
-DIST openssl-1.1.1a.tar.gz 8350547 BLAKE2B 71dae2f44ade3e31983599a491b5efe5da63bbe4f32a2336a8022b282f844a9d898f3b1c3fa825a5973cb16898e8e87fcd73d68e9b602b58f500c3f3e047b199 SHA512 1523985ba90f38aa91aa6c2d57652f4e243cb2a095ce6336bf34b39b5a9b5b876804299a6825c758b65990e57948da532cca761aa12b10958c97478d04dd6d34
-DIST openssl-1.1.1a_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
-DIST openssl-1.1.1a_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
-DIST openssl-1.1.1a_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d
+DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
+DIST openssl-1.1.1b_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
+DIST openssl-1.1.1b_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826

diff --git a/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch b/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch
new file mode 100644
index 0000000000..4d478c484c
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.1b-CVE-2019-1543.patch
@@ -0,0 +1,66 @@
+From f426625b6ae9a7831010750490a5f0ad689c5ba3 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Tue, 5 Mar 2019 14:39:15 +0000
+Subject: [PATCH] Prevent over long nonces in ChaCha20-Poly1305
+
+ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for
+every encryption operation. RFC 7539 specifies that the nonce value (IV)
+should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and
+front pads the nonce with 0 bytes if it is less than 12 bytes. However it
+also incorrectly allows a nonce to be set of up to 16 bytes. In this case
+only the last 12 bytes are significant and any additional leading bytes are
+ignored.
+
+It is a requirement of using this cipher that nonce values are unique.
+Messages encrypted using a reused nonce value are susceptible to serious
+confidentiality and integrity attacks. If an application changes the
+default nonce length to be longer than 12 bytes and then makes a change to
+the leading bytes of the nonce expecting the new value to be a new unique
+nonce then such an application could inadvertently encrypt messages with a
+reused nonce.
+
+Additionally the ignored bytes in a long nonce are not covered by the
+integrity guarantee of this cipher. Any application that relies on the
+integrity of these ignored leading bytes of a long nonce may be further
+affected.
+
+Any OpenSSL internal use of this cipher, including in SSL/TLS, is safe
+because no such use sets such a long nonce value. However user
+applications that use this cipher directly and set a non-default nonce
+length to be longer than 12 bytes may be vulnerable.
+
+CVE-2019-1543
+
+Fixes #8345
+
+Reviewed-by: Paul Dale <paul.dale@oracle.com>
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+(Merged from https://github.com/openssl/openssl/pull/8406)
+
+(cherry picked from commit 2a3d0ee9d59156c48973592331404471aca886d6)
+---
+ crypto/evp/e_chacha20_poly1305.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/evp/e_chacha20_poly1305.c b/crypto/evp/e_chacha20_poly1305.c
+index c1917bb86a6..d3e2c622a1b 100644
+--- a/crypto/evp/e_chacha20_poly1305.c
++++ b/crypto/evp/e_chacha20_poly1305.c
+@@ -30,6 +30,8 @@ typedef struct {
+ 
+ #define data(ctx)   ((EVP_CHACHA_KEY *)(ctx)->cipher_data)
+ 
++#define CHACHA20_POLY1305_MAX_IVLEN     12
++
+ static int chacha_init_key(EVP_CIPHER_CTX *ctx,
+                            const unsigned char user_key[CHACHA_KEY_SIZE],
+                            const unsigned char iv[CHACHA_CTR_SIZE], int enc)
+@@ -533,7 +535,7 @@ static int chacha20_poly1305_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
+         return 1;
+ 
+     case EVP_CTRL_AEAD_SET_IVLEN:
+-        if (arg <= 0 || arg > CHACHA_CTR_SIZE)
++        if (arg <= 0 || arg > CHACHA20_POLY1305_MAX_IVLEN)
+             return 0;
+         actx->nonce_len = arg;
+         return 1;

diff --git a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild b/dev-libs/openssl/openssl-1.0.2r.ebuild
similarity index 97%
rename from dev-libs/openssl/openssl-1.0.2p-r1.ebuild
rename to dev-libs/openssl/openssl-1.0.2r.ebuild
index 925641f754..98d1f809f5 100644
--- a/dev-libs/openssl/openssl-1.0.2p-r1.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2r.ebuild
@@ -1,11 +1,14 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="6"
 
 inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
 
-PATCH_SET="openssl-1.0.2-patches-1.6"
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
 MY_P=${P/_/-}
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"

diff --git a/dev-libs/openssl/openssl-1.1.0i-r3.ebuild b/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
deleted file mode 100644
index 348a3a8a12..0000000000
--- a/dev-libs/openssl/openssl-1.1.0i-r3.ebuild
+++ /dev/null
@@ -1,290 +0,0 @@
-# Copyright 1999-2018 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
-PATCH37=openssl-1.1.0-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f28'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
-FEDORA_PATCH=( $PATCH1 $PATCH37 )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
-	"${FILESDIR}"/${P}-CVE-2018-0734.patch
-	"${FILESDIR}"/${P}-CVE-2018-0735.patch
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		eapply "${PATCHES[@]}"
-	fi
-
-	# 2018-06-21 grobian: still necessary/in use?
-	#epatch "${FILESDIR}"/${PN}-1.1.0f-winnt.patch # parity
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# show the actual commands in the log
-	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906)
-	sed \
-		-e "1s,/usr/bin/env,$(type -P env)," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX}"/usr \
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || find "${ED%/}"/usr/lib* -mindepth 1 -maxdepth 1 \
-		-name "lib*.a" -not -name "*.dll.a" -not -name "*$(get_libname)" -delete
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED%/}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.0j.ebuild b/dev-libs/openssl/openssl-1.1.0j-r1.ebuild
similarity index 99%
rename from dev-libs/openssl/openssl-1.1.0j.ebuild
rename to dev-libs/openssl/openssl-1.1.0j-r1.ebuild
index 2bb60257ca..94b0db972b 100644
--- a/dev-libs/openssl/openssl-1.1.0j.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0j-r1.ebuild
@@ -58,6 +58,7 @@ MULTILIB_WRAPPED_HEADERS=(
 PATCHES=(
 	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
 	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.1b-CVE-2019-1543.patch
 )
 
 src_prepare() {

diff --git a/dev-libs/openssl/openssl-1.1.1a-r1.ebuild b/dev-libs/openssl/openssl-1.1.1a-r1.ebuild
deleted file mode 100644
index af571a552b..0000000000
--- a/dev-libs/openssl/openssl-1.1.1a-r1.ebuild
+++ /dev/null
@@ -1,305 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit flag-o-matic toolchain-funcs multilib multilib-minimal
-
-MY_P=${P/_/-}
-DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-[[ "${PV}" = *_pre* ]] || \
-KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
-IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
-RESTRICT="!bindist? ( bindist )"
-
-RDEPEND=">=app-misc/c_rehash-1.7-r1
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-	)"
-PDEPEND="app-misc/ca-certificates"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-make-sure-build_SYS_str_reasons_preserves_errno.patch
-	"${FILESDIR}"/${P}-preserve-errno-on-dlopen.patch
-	"${FILESDIR}"/${P}-fix-wrong-return-value-in-ssl3_ctx_ctrl.patch
-	"${FILESDIR}"/${P}-revert-reduce-stack-usage-in-tls13_hkdf_expand.patch
-	"${FILESDIR}"/${P}-fix-some-SSL_export_keying_material-issues.patch
-	"${FILESDIR}"/${P}-preserve-system-error-number-in-a-few-more-places.patch
-	"${FILESDIR}"/${P}-fix-a-minor-nit-in-hkdflabel-size.patch
-	"${FILESDIR}"/${P}-fix-cert-with-rsa-instead-of-rsaEncryption.patch
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
-	"${FILESDIR}"/${P}-cygwin-binmode.patch
-)
-
-# This does not copy the entire Fedora patchset, but JUST the parts that
-# are needed to make it safe to use EC with RESTRICT=bindist.
-# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
-SOURCE1=hobble-openssl
-SOURCE12=ec_curve.c
-SOURCE13=ectest.c
-PATCH37=openssl-1.1.1-ec-curves.patch
-FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
-FEDORA_GIT_BRANCH='f29'
-FEDORA_SRC_URI=()
-FEDORA_SOURCE=( ${SOURCE1} ${SOURCE12} ${SOURCE13} )
-FEDORA_PATCH=( ${PATCH37} )
-for i in "${FEDORA_SOURCE[@]}" ; do
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
-done
-for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
-	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
-done
-SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
-
-S="${WORKDIR}/${MY_P}"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-src_prepare() {
-	if use bindist; then
-		# This just removes the prefix, and puts it into WORKDIR like the RPM.
-		for i in "${FEDORA_SOURCE[@]}" ; do
-			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
-		done
-		# .spec %prep
-		bash "${WORKDIR}"/"${SOURCE1}" || die
-		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
-		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
-		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
-		done
-		# Also see the configure parts below:
-		# enable-ec \
-		# $(use_ssl !bindist ec2m) \
-
-	fi
-
-	# keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
-	fi
-
-	eapply_user #332661
-
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	# Make DOCDIR Gentoo compliant
-	sed -i \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:='${EPREFIX%/}'/usr/share/man:') \
-		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
-		Configurations/unix-Makefile.tmpl \
-		|| die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
-	chmod a+rx gentoo.config || die
-
-	append-flags -fno-strict-aliasing
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	# Prefixify Configure shebang (#141906), need to
-	# search PATH for EAPI 7 cross prefix situations.
-	sed \
-		-e "1s,/usr/bin/env,$(type -P env)," \
-		-i Configure || die
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-	# The MS Azure build agent does set SYSTEM=build. Ignore such vars.
-	sed -i '1aunset MACHINE RELEASE SYSTEM VERSION' config || die
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-	unset CROSS_COMPILE #311473
-
-	tc-export CC AR RANLIB RC
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
-	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths. #460790
-	local ec_nistp_64_gcc_128
-	# Disable it for now though #469976
-	#if ! use bindist ; then
-	#	echo "__uint128_t i;" > "${T}"/128.c
-	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#	fi
-	#fi
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	# Fedora hobbled-EC needs 'no-ec2m'
-	# 'srp' was restricted until early 2017 as well.
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
-		enable-camellia \
-		enable-ec \
-		$(use_ssl !bindist ec2m) \
-		enable-srp \
-		$(use elibc_musl && echo "no-async") \
-		${ec_nistp_64_gcc_128} \
-		enable-idea \
-		enable-mdc2 \
-		enable-rc5 \
-		$(use_ssl sslv3 ssl3) \
-		$(use_ssl sslv3 ssl3-method) \
-		$(use_ssl asm) \
-		$(use_ssl rfc3779) \
-		$(use_ssl sctp) \
-		$(use_ssl tls-heartbeat heartbeats) \
-		$(use_ssl zlib) \
-		--prefix="${EPREFIX%/}"/usr \
-		--openssldir="${EPREFIX%/}"${SSL_CNF_DIR} \
-		--libdir=$(get_libdir) \
-		shared threads \
-		|| die
-
-	# Clean out hardcoded flags that openssl uses
-	# Fix quoting for sed
-	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAGS=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-		-e 's:\\:\\\\:g' \
-	)
-	sed -i \
-		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
-		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts; it also doesn't matter
-	# that it's -j1 as the code itself serializes subdirs
-	emake -j1 depend
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	# We need to create $ED/usr on our own to avoid a race condition #665130
-	if [[ ! -d "${ED%/}/usr" ]]; then
-		# We can only create this directory once
-		mkdir "${ED%/}"/usr || die
-	fi
-
-	emake DESTDIR="${D%/}" install
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED%/}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs.  But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	use static-libs || find "${ED%/}"/usr/lib* -mindepth 1 -maxdepth 1 \
-		-name "lib*.a" -not -name "*.dll.a" -not -name "*$(get_libname)" -delete
-
-	# create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# Namespace openssl programs to prevent conflicts with other man pages
-	cd "${ED%/}"/usr/share/man || die
-	local m d s
-	for m in $(find . -type f | xargs grep -L '#include') ; do
-		d=${m%/*} ; d=${d#./} ; m=${m##*/}
-		[[ ${m} == openssl.1* ]] && continue
-		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
-		mv ${d}/{,ssl-}${m}
-		# fix up references to renamed man pages
-		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
-		ln -s ssl-${m} ${d}/openssl-${m}
-		# locate any symlinks that point to this man page ... we assume
-		# that any broken links are due to the above renaming
-		for s in $(find -L ${d} -type l) ; do
-			s=${s##*/}
-			rm -f ${d}/${s}
-			# We don't want to "|| die" here
-			ln -s ssl-${m} ${d}/ssl-${s}
-			ln -s ssl-${s} ${d}/openssl-${s}
-		done
-	done
-	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
-
-	dodir /etc/sandbox.d #254521
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED%/}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
-	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
-	eend $?
-}

diff --git a/dev-libs/openssl/openssl-1.1.1a.ebuild b/dev-libs/openssl/openssl-1.1.1b-r2.ebuild
similarity index 95%
rename from dev-libs/openssl/openssl-1.1.1a.ebuild
rename to dev-libs/openssl/openssl-1.1.1b-r2.ebuild
index 74bbb4eb74..79cbc9170e 100644
--- a/dev-libs/openssl/openssl-1.1.1a.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1b-r2.ebuild
@@ -28,6 +28,11 @@ DEPEND="${RDEPEND}
 	)"
 PDEPEND="app-misc/ca-certificates"
 
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${P}-CVE-2019-1543.patch
+)
+
 # This does not copy the entire Fedora patchset, but JUST the parts that
 # are needed to make it safe to use EC with RESTRICT=bindist.
 # See openssl.spec for the matching numbering of SourceNNN, PatchNNN
@@ -60,12 +65,18 @@ src_prepare() {
 		for i in "${FEDORA_SOURCE[@]}" ; do
 			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
 		done
+
 		# .spec %prep
 		bash "${WORKDIR}"/"${SOURCE1}" || die
 		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
 		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
 		for i in "${FEDORA_PATCH[@]}" ; do
-			eapply "${DISTDIR}"/"${i}"
+			if [[ "${i}" == "${PATCH37}" ]] ; then
+				# apply our own for OpenSSL 1.1.1b adjusted version of this patch
+				eapply "${FILESDIR}"/openssl-1.1.1b-ec-curves-patch.patch
+			else
+				eapply "${DISTDIR}"/"${i}"
+			fi
 		done
 		# Also see the configure parts below:
 		# enable-ec \
@@ -84,8 +95,6 @@ src_prepare() {
 		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
 			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
 		fi
-		# for Cygwin, https://github.com/openssl/openssl/pull/8226
-		sed -i -e '/chmod 644 .*bin/s/644/755/' Configurations/unix-Makefile.tmpl || die
 	fi
 
 	eapply_user #332661
@@ -129,6 +138,8 @@ src_prepare() {
 	fi
 	# The config script does stupid stuff to prompt the user.  Kill it.
 	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	# The MS Azure build agent does set SYSTEM=build. Ignore such vars.
+	sed -i '1aunset MACHINE RELEASE SYSTEM VERSION' config || die
 	./config --test-sanity || die "I AM NOT SANE"
 
 	multilib_copy_sources


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2019-09-15 18:42 Fabian Groffen
  0 siblings, 0 replies; 8+ messages in thread
From: Fabian Groffen @ 2019-09-15 18:42 UTC (permalink / raw
  To: gentoo-commits

commit:     e02d57b7ea578d206e577ab90788b3dbe6441e7c
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 15 18:42:19 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Sun Sep 15 18:42:19 2019 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=e02d57b7

dev-libs/openssl: sync (1.1.0l disabled, bug #694516)

Package-Manager: Portage-2.3.68-prefix, Repoman-2.3.17
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/openssl/Manifest                          |   6 +
 .../openssl-0.9.8g-engines-installnames.patch      |   6 +-
 .../openssl-1.0.0b-darwin-bundle-compile-fix.patch |  12 +-
 .../openssl/files/openssl-1.0.2a-aix-soname.patch  |   8 +-
 dev-libs/openssl/openssl-1.0.2t.ebuild             | 322 +++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.0l.ebuild             | 310 ++++++++++++++++++++
 dev-libs/openssl/openssl-1.1.1d.ebuild             | 310 ++++++++++++++++++++
 7 files changed, 961 insertions(+), 13 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index ee4ab6891a..5442ba3658 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -3,14 +3,20 @@ DIST openssl-1.0.2r.tar.gz 5348369 BLAKE2B 9f9c2d2fe6eaf9acacab29b394a318f30c38e
 DIST openssl-1.0.2r_ec_curve.c 17254 BLAKE2B d40d8d6e770443f07abe70e2c4ddda6aec1cc8e37dc1f226a3fdd9ed5d228f09c6d372e8956b1948b55ee1d57d1429493e7288d0f54d9466a37fec805c85aacb SHA512 8e92fb100bcf4bd918c82b9a6cbd75a55abe1a2c08230a007e441c51577f974f8cc336e9ac8a672b32641480428ca8cead5380da1fe81bacb088145a1b754a15
 DIST openssl-1.0.2r_ectest.c 30735 BLAKE2B 95333a27f1cf0a4305a3cee7f6d46b9d4673582ca9acfcf5ba2a0d9d317ab6219cd0d2ff0ba3a55a317c8f5819342f05cc17ba80ec2c92b2b4cab9a3552382e1 SHA512 f2e4d34327b490bc8371f0845c69df3f9fc51ea16f0ea0de0411a0c1fa9d49bb2b6fafc363eb3b3cd919dc7c24e4a0d075c6ff878c01d70dae918f2540874c19
 DIST openssl-1.0.2r_hobble-openssl 1302 BLAKE2B 647caa6a0f4c53a2e77baa3b8e5961eaef3bb0ff38e7d5475eab8deef3439f7fe49028ec9ed0406f3453870b62cac67c496b3a048ee4c9ff4c6866d520235960 SHA512 3d757a4708e74a03dd5cb9b8114dfe442ed9520739a6eca693be4c4265771696f1449ea06d1c9bcfc6e94fc9b0dd0c10e153f1c3b0334831c0550b36cd63326e
+DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1c838de945903fcf959c62cc29ddcd1a0cb360fc5db234df86860a6a4c096f5ecc237611e4c2946b986a5500c24ba93c208ef4 SHA512 a48a7efb9b973b865bcc5009d450b428ed6b4b95e4cefe70c51056e47392c8a7bec58215168d8b07712419dc74646c2bd2fd23bcfbba2031376e292249a6b1b6
+DIST openssl-1.0.2t.tar.gz 5355422 BLAKE2B dcbc883151ff6c5b60f5849d8789c2e76a384cb3d5eb5f08a6109776d0edf134580dc33fa8b946ae2344542560f04ecef17f218406952dd8d31e4200c4882022 SHA512 0b88868933f42fab87e8b22449435a1091cc6e75f986aad6c173e01ad123161fcae8c226759073701bc65c9f2f0b6ce6a63a61203008ed873cfb6e484f32bc71
 DIST openssl-1.1.0-build_d2ede125556ac99aa0faa7744c703af3f559094e.patch 3001 BLAKE2B 8f0ac4be6409b4ec50bec171697da2aebe2688e8ae06bd0dfac8b0c74661d38ebeb0a12bde0ef941b213eee9b85965262213b140636060285dcfb02a3bd14961 SHA512 ec6710e9669ac19e4c6f1286c89a383e7d276a773a2740037f98a8f2dbf18305614e7d30d9ed530923a0e7d10a3776fea2ca77229adc25df13ecad55589a3673
 DIST openssl-1.1.0-ec-curves_d2ede125556ac99aa0faa7744c703af3f559094e.patch 5311 BLAKE2B e9ec985adf6f13eb04412158a05da7cbe10be7d64bce73b899152ea379336ece7b7069089ef46993ac301ef850fd46fd0352898e249b2ea9fff5baf20896e5b5 SHA512 c38c4b05195f2b323a07efd8d17335ba2a168a16a59d7941da36568081f1c043da8d2216b7084b0617963635ded9bafeee736ecddbfa251cf0a02e4cba64cdc8
 DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce44ee19f377a820f89ba66b9e0a7509cf39e0fb00c104ae6440a6bd811e388239b458ffe685d8601235bab2afb2f1 SHA512 e7d30951ebb3cbcb6d59e3eb40f64f5a84634b7f5c380a588d378973f1c415395e3ab71a9aaff6478a89ec6efcc88f17f1882c99c25dcd18165f1435a51e5768
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909
+DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
 DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d
 DIST openssl-1.1.1b_ec_curve.c 17938 BLAKE2B d5cbde40dcd8608087aed6ffa9feb040ffadecf0c46b7f3978cc468a9503f0a5ad0a426ea6f8db56f49a64474a508bebdf946e01ebf09adc727675f3b180bcdc SHA512 ec470f6514cb9a4f680b8cbbe02e2bbe71639b288f3429d976726047901d9c50377dfb2737f32429da2fb0e52fd67878a86debb54520e307ee196d97b5c66415
 DIST openssl-1.1.1b_ectest.c 35091 BLAKE2B a9602255ab529751c2af2419206ce113f03f93b7b776691ea2ec550f26ddbecd241844bb81dc86988fdbb1c0a587318f82ce4faecba1a6142a19cf08d40fb2c5 SHA512 7813d9b6b7ab62119a7f2dd5431c17c5839f4c320ac7071b0714c9b8528bda5fda779dbb263328dca6ee8446e9fa09c663da659c9a82832a65cf53d1cd8a4cef
 DIST openssl-1.1.1b_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
+DIST openssl-1.1.1d-bindist-1.0.tar.xz 13180 BLAKE2B 680bd7400d3dd3930067ee7efa9718b74b30afa9be2397ad80f88031920806b6603b6469beede02b6e7a742abf5f82ebdd7c9b8e69c1ffe223e4860dc9581128 SHA512 9e4296326852010d5cebc204d1a34a34198d8d65460bc91a2bd37c80be892a5ae519513e4b0109e6b51b6faab0e171ef6cdae868868c158711558d147083c06f
+DIST openssl-1.1.1d.tar.gz 8845861 BLAKE2B d3155f07b487ebd8dd4fe25396c874f9af18b5cfd7e622298d29c4f2c8ce14ad4534609d321314a4bcd0d44414e1306190340daaacd3c8fca061c04498446244 SHA512 2bc9f528c27fe644308eb7603c992bac8740e9f0c3601a130af30c9ffebbf7e0f5c28b76a00bbb478bad40fbe89b4223a58d604001e1713da71ff4b7fe6a08a7

diff --git a/dev-libs/openssl/files/openssl-0.9.8g-engines-installnames.patch b/dev-libs/openssl/files/openssl-0.9.8g-engines-installnames.patch
index f748ef7ce9..8673e0612b 100644
--- a/dev-libs/openssl/files/openssl-0.9.8g-engines-installnames.patch
+++ b/dev-libs/openssl/files/openssl-0.9.8g-engines-installnames.patch
@@ -1,9 +1,9 @@
 * grobian@gentoo.org: shared objects, even when disguised as .so files,
                       need to have a proper install_name in order to
-					  work without getting trapped by the kernel
+                      work without getting trapped by the kernel
 
---- Makefile.shared
-+++ Makefile.shared
+--- a/Makefile.shared
++++ b/Makefile.shared
 @@ -213,6 +213,7 @@
  	if [ -n "$$SHLIB_SOVER_NODOT" ]; then \
  		SHAREDFLAGS="$$SHAREDFLAGS -compatibility_version $$SHLIB_SOVER_NODOT"; \

diff --git a/dev-libs/openssl/files/openssl-1.0.0b-darwin-bundle-compile-fix.patch b/dev-libs/openssl/files/openssl-1.0.0b-darwin-bundle-compile-fix.patch
index e31d57c22a..c865de6799 100644
--- a/dev-libs/openssl/files/openssl-1.0.0b-darwin-bundle-compile-fix.patch
+++ b/dev-libs/openssl/files/openssl-1.0.0b-darwin-bundle-compile-fix.patch
@@ -1,5 +1,5 @@
---- Makefile.shared
-+++ Makefile.shared
+--- a/Makefile.shared
++++ b/Makefile.shared
 @@ -226,7 +226,7 @@
  link_o.darwin:
  	@ $(CALC_VERSIONS); \
@@ -18,8 +18,8 @@
  	$(LINK_SO_O)
  link_a.darwin:
  	@ $(CALC_VERSIONS); \
---- engines/Makefile
-+++ engines/Makefile
+--- a/engines/Makefile
++++ b/engines/Makefile
 @@ -114,7 +114,12 @@
  			  if [ "$(PLATFORM)" != "Cygwin" ]; then \
  				case "$(CFLAGS)" in \
@@ -34,8 +34,8 @@
  				*DSO_DL*)	sfx=".sl";;	\
  				*DSO_WIN32*)	sfx="eay32.dll"; pfx=;;	\
  				*)		sfx=".bad";;	\
---- engines/ccgost/Makefile
-+++ engines/ccgost/Makefile
+--- a/engines/ccgost/Makefile
++++ b/engines/ccgost/Makefile
 @@ -48,7 +48,12 @@
  		if [ "$(PLATFORM)" != "Cygwin" ]; then \
  			case "$(CFLAGS)" in \

diff --git a/dev-libs/openssl/files/openssl-1.0.2a-aix-soname.patch b/dev-libs/openssl/files/openssl-1.0.2a-aix-soname.patch
index 93f0fdcbba..a2fcca4cf9 100644
--- a/dev-libs/openssl/files/openssl-1.0.2a-aix-soname.patch
+++ b/dev-libs/openssl/files/openssl-1.0.2a-aix-soname.patch
@@ -1,5 +1,5 @@
---- Configure
-+++ Configure
+--- a/Configure
++++ b/Configure
 @@ -967,6 +967,10 @@
  				{
  				$cross_compile_prefix=$1;
@@ -22,8 +22,8 @@
  if (!$no_shared)
  	{
  	if ($shared_cflag ne "")
---- Makefile.shared
-+++ Makefile.shared
+--- a/Makefile.shared
++++ b/Makefile.shared
 @@ -545,6 +545,38 @@
  	NOALLSYMSFLAGS=''; \
  	SHAREDFLAGS='$(CFLAGS) $(SHARED_LDFLAGS) -Wl,-bexpall,-bnolibpath,-bM:SRE'; \

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t.ebuild
new file mode 100644
index 0000000000..324a0685df
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.0.2t.ebuild
@@ -0,0 +1,322 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+# openssl-1.0.2-patches-1.6 contain additional CVE patches
+# which got fixed with this release.
+# Please use 1.7 version number when rolling a new tarball!
+PATCH_SET="openssl-1.0.2-patches-1.5"
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 25,
+# see https://src.fedoraproject.org/rpms/openssl/blob/25/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.0.2t-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)
+	!vanilla? (
+		mirror://gentoo/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~chutzpah/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~whissi/dist/${PN}/${PATCH_SET}.tar.xz
+		https://dev.gentoo.org/~polynomial-c/dist/${PATCH_SET}.tar.xz
+	)"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+MY_PKGINSTDEPS=">=app-misc/c_rehash-1.7-r1"
+RDEPEND="!prefix-stack? ( ${MY_PKGINSTDEPS} )
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	prefix-stack? ( ${MY_PKGINSTDEPS} )
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/crypto/ec/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+		# $(use_ssl !bindist srp) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user
+
+	# <=Solaris-10 /bin/sh does not support "[ -e file ]", added by patches
+	sed -e 's/\[ -e /\[ -r /' -i Makefile.shared
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	eapply "${FILESDIR}"/${PN}-1.0.2a-aix-soname.patch # like libtool
+	eapply "${FILESDIR}"/${PN}-0.9.8g-engines-installnames.patch
+	eapply "${FILESDIR}"/${PN}-1.0.0b-darwin-bundle-compile-fix.patch
+	eapply "${FILESDIR}"/${PN}-1.0.2l-winnt.patch # parity
+
+	# remove -arch for Darwin
+	sed -i '/^"darwin/s,-arch [^ ]\+,,g' Configure || die
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	# this breaks build with 1.0.2p, not sure if it is needed anymore
+	#sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'"$(type -P perl)"',' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	# https://github.com/openssl/openssl/issues/2286
+	if use ia64 ; then
+		replace-flags -g3 -g2
+		replace-flags -ggdb3 -ggdb2
+	fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m', 'no-srp'
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		$(use_ssl !bindist srp) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 V=1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	local -a DOCS=( CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el )
+	einstalldocs
+
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || find "${ED}"/usr/lib* -mindepth 1 -maxdepth 1 \
+		-name "lib*.a" -not -name "*.dll.a" -not -name "*$(get_libname)" -delete
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

diff --git a/dev-libs/openssl/openssl-1.1.0l.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild
new file mode 100644
index 0000000000..f9d64c8261
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.0l.ebuild
@@ -0,0 +1,310 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 28,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f28/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED
+############# MISSING: FIX WHEN #694516 gets fixed: see KEYWORDS #############
+BINDIST_PATCH_SET="openssl-1.1.0k-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+#KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+MY_PKGINSTDEPS=">=app-misc/c_rehash-1.7-r1"
+RDEPEND="!prefix-stack? ( ${MY_PKGINSTDEPS} )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	prefix-stack? ( ${MY_PKGINSTDEPS} )"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+	"${FILESDIR}"/${PN}-1.1.0k-fix-test_fuzz.patch
+)
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+
+		use bindist || eapply "${FILESDIR}"/${PN}-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906), need to
+	# search PATH for EAPI 7 cross prefix situations.
+	sed \
+		-e "1s,/usr/bin/env,$(type -P env)," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || find "${ED}"/usr/lib* -mindepth 1 -maxdepth 1 \
+		-name "lib*.a" -not -name "*.dll.a" -not -name "*$(get_libname)" -delete
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

diff --git a/dev-libs/openssl/openssl-1.1.1d.ebuild b/dev-libs/openssl/openssl-1.1.1d.ebuild
new file mode 100644
index 0000000000..b79d7747ba
--- /dev/null
+++ b/dev-libs/openssl/openssl-1.1.1d.ebuild
@@ -0,0 +1,310 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+
+# This patch set is based on the following files from Fedora 31,
+# see https://src.fedoraproject.org/rpms/openssl/blob/f31/f/openssl.spec
+# for more details:
+# - hobble-openssl (SOURCE1)
+# - ec_curve.c (SOURCE12) -- MODIFIED
+# - ectest.c (SOURCE13)
+# - openssl-1.1.1-ec-curves.patch (PATCH37) -- MODIFIED
+BINDIST_PATCH_SET="openssl-1.1.1d-bindist-1.0.tar.xz"
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="https://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	bindist? (
+		mirror://gentoo/${BINDIST_PATCH_SET}
+		https://dev.gentoo.org/~whissi/dist/openssl/${BINDIST_PATCH_SET}
+	)"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+[[ "${PV}" = *_pre* ]] || \
+KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+MY_PKGINSTDEPS=">=app-misc/c_rehash-1.7-r1"
+RDEPEND="!prefix-stack? ( ${MY_PKGINSTDEPS} )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	prefix-stack? ( ${MY_PKGINSTDEPS} )"
+BDEPEND="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch #671602
+)
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	if use bindist; then
+		mv "${WORKDIR}"/bindist-patches/hobble-openssl "${WORKDIR}" || die
+		bash "${WORKDIR}"/hobble-openssl || die
+
+		cp -f "${WORKDIR}"/bindist-patches/ec_curve.c "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/bindist-patches/ectest.c "${S}"/test/ || die
+
+		eapply "${WORKDIR}"/bindist-patches/ec-curves.patch
+
+		local known_failing_test
+		for known_failing_test in \
+			30-test_evp_extra.t \
+			80-test_ssl_new.t \
+		; do
+			ebegin "Disabling test '${known_failing_test}' which is known to fail with USE=bindist"
+			rm test/recipes/${known_failing_test} || die
+			eend $?
+		done
+
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+	fi
+
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
+			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
+		fi
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PVR}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config || die
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906), need to
+	# search PATH for EAPI 7 cross prefix situations.
+	sed \
+		-e "1s,/usr/bin/env,$(type -P env)," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# use GNU ld full option, not to confuse it on Solaris
+	sed -i \
+		-e 's/-Wl,-M,/-Wl,--version-script=/' \
+		-e 's/-Wl,-h,/-Wl,--soname=/' \
+		Configurations/10-main.conf || die
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	# The MS Azure build agent does set SYSTEM=build. Ignore such vars.
+	sed -i '1aunset MACHINE RELEASE SYSTEM VERSION' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	# "disable-deprecated" option breaks too many consumers.
+	# Don't set it without thorough revdeps testing.
+	# Make sure user flags don't get added *yet* to avoid duplicated
+	# flags.
+	CFLAGS= LDFLAGS= echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl sslv3 ssl3-method) \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:\(^\| \)-fomit-frame-pointer::g' \
+		-e 's:\(^\| \)-O[^ ]*::g' \
+		-e 's:\(^\| \)-march=[^ ]*::g' \
+		-e 's:\(^\| \)-mcpu=[^ ]*::g' \
+		-e 's:\(^\| \)-m[^ ]*::g' \
+		-e 's:^ *::' \
+		-e 's: *$::' \
+		-e 's: \+: :g' \
+		-e 's:\\:\\\\:g'
+	)
+
+	# Now insert clean default flags with user flags
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	# We need to create $ED/usr on our own to avoid a race condition #665130
+	if [[ ! -d "${ED}/usr" ]]; then
+		# We can only create this directory once
+		mkdir "${ED}"/usr || die
+	fi
+
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || find "${ED}"/usr/lib* -mindepth 1 -maxdepth 1 \
+		-name "lib*.a" -not -name "*.dll.a" -not -name "*$(get_libname)" -delete
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man || die
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			# We don't want to "|| die" here
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}


^ permalink raw reply related	[flat|nested] 8+ messages in thread

* [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/
@ 2019-09-16  8:24 Fabian Groffen
  0 siblings, 0 replies; 8+ messages in thread
From: Fabian Groffen @ 2019-09-16  8:24 UTC (permalink / raw
  To: gentoo-commits

commit:     28e9a37f7b5617f82c30c3a7780f4e55cea2128d
Author:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
AuthorDate: Mon Sep 16 08:24:02 2019 +0000
Commit:     Fabian Groffen <grobian <AT> gentoo <DOT> org>
CommitDate: Mon Sep 16 08:24:02 2019 +0000
URL:        https://gitweb.gentoo.org/repo/proj/prefix.git/commit/?id=28e9a37f

dev-libs/openssl: sync for latest patch fixes

Package-Manager: Portage-2.3.68-prefix, Repoman-2.3.17
Signed-off-by: Fabian Groffen <grobian <AT> gentoo.org>

 dev-libs/openssl/Manifest                          |  2 +-
 .../openssl-1.0.2-gethostbyname2-solaris.patch     |  6 +++--
 .../files/openssl-1.1.0k-fix-test_fuzz.patch       | 19 ++++++++++++++
 .../openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch | 30 ++++++++++++++++++++++
 ...nssl-1.0.2t.ebuild => openssl-1.0.2t-r1.ebuild} |  8 +++---
 dev-libs/openssl/openssl-1.1.0l.ebuild             |  5 ++--
 6 files changed, 60 insertions(+), 10 deletions(-)

diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index 5442ba3658..f8fd70d980 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,7 +11,7 @@ DIST openssl-1.1.0j.tar.gz 5411919 BLAKE2B 0fbd936f38d30b64bea717a67cd59704c5ce4
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ec_curve.c 18401 BLAKE2B f969071ac1b5d0e43b50d54e50b5c4d9201fc8b94458902e9849f14841b5505a2e43ed57a8c13255f042a211af9ee904776c155c36da838a8ad22e1052b02bc1 SHA512 a1c2bb3c3e3d342bddc8c952985e87fc4bad2e8142d5d760b18f346c44c20f00db61c4856f3dcf879b2098e0c036330762915f65d80a1a2cba717d2caeb95457
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_ectest.c 30688 BLAKE2B 6673ef0fd139af82d830794179b19b9e06be25fac4a13b8bdfa5fd5dad25f594ce8eab118aab9ec2aab25001e1de127c03f8e1a04f4f3ef4c464b7fb1811ed4a SHA512 240fc72916caf4a8b0af774ce307abfe9a93a762eba6fae760cec79d619fe3db0d6919fc92a8951cb031f73958237700b45f590aa7f9f2890762cccda1f1e74b
 DIST openssl-1.1.0j_d2ede125556ac99aa0faa7744c703af3f559094e_hobble-openssl 1117 BLAKE2B c3a1477e63331e83cf1cbe58e9ef131ec500a311e22d3da55034800ca353c387b2e202575acf3badb00b236ff91d4bac1bb131a33930939646d26bec27be6e04 SHA512 fa9cc70afa11a7a292548b4bddbba8159824a364ce5c279b483768e6ae2aa4b5491d9bf2cc734819f30a11c8ee0d91bcb991c4a7ab357296aeb4c04feac74826
-DIST openssl-1.1.0k-bindist-1.0.tar.xz 11716 BLAKE2B c491ba0899c44dbcc63f85b255548c439c965a20a04ac2a6324a4122c4691b7c95ec18e62be6d708a7ea62ea197d32e5091987cb5043969878f89e5bc26243d4 SHA512 1d5bc9d7b24cf55d32d996e2421d43a1218b605720293f00d07814afb481387856f0dc000ad3c3e4cba2361055668cfe79a945be44ab85a249555f37e683a909
+DIST openssl-1.1.0l-bindist-1.0.tar.xz 13184 BLAKE2B c09e023458faff17b10d6f20c28462c0851757a20d59b4b751220ab307324d5778252df112ad74fd319407cc75fdd1cd507d48058dd0234dc8c03020c882ed42 SHA512 39720ecee3ec6080c1416f2fb7c9246b89ee55b21be2baabad51eb6823dbe1559450b1ae92fa61ac1cf5ba04ac8c02438aa469bc65eae6905cf1ea486f270793
 DIST openssl-1.1.0l.tar.gz 5294857 BLAKE2B 0e4f30f9e8a22414325bd780dc4e875e962487fbe72967f0392ace959955429192541881a98d097d7bb75ed7238b1817b0c3c2c4da04421512bd538f2b07cdd7 SHA512 81b74149f40ea7d9f7e235820a4f977844653ad1e2b302e65e712c12193f47542fe7e3385fd1e25e3dd074e4e6d04199836cbc492656f5a7692edab5e234f4ad
 DIST openssl-1.1.1-ec-curves.patch 7265 BLAKE2B 04725d226c430132cf54afbfaa30a82f8f8bbfd3608823d1d0cd42c3c13f417e90762759da3134d7b0c4373e531925db337b681340f2f284cb2f16a4caef22e3 SHA512 de4d0f1635740c57217836a476c420141c0d34a5f90cbf7957aed7a80e7ac9ca036de2d8448e6bf4c122999e308730575899f61cea6e51ab6825dd04890d75a1
 DIST openssl-1.1.1b.tar.gz 8213737 BLAKE2B 7ad9da9548052e2a033a684038f97c420cfffd57994604bcb3fa12640796c8c0aea3d24fb05648ee4940fbec40b81462e81c353da5a41a2575c0585d9718eae8 SHA512 b54025fbb4fe264466f3b0d762aad4be45bd23cd48bdb26d901d4c41a40bfd776177e02230995ab181a695435039dbad313f4b9a563239a70807a2e19ecf045d

diff --git a/dev-libs/openssl/files/openssl-1.0.2-gethostbyname2-solaris.patch b/dev-libs/openssl/files/openssl-1.0.2-gethostbyname2-solaris.patch
index 7a5aee30b1..3474281ae8 100644
--- a/dev-libs/openssl/files/openssl-1.0.2-gethostbyname2-solaris.patch
+++ b/dev-libs/openssl/files/openssl-1.0.2-gethostbyname2-solaris.patch
@@ -1,5 +1,7 @@
---- apps/s_socket.c
-+++ apps/s_socket.c
+introduced by Gentoo's own patches, not present upstream
+
+--- a/apps/s_socket.c
++++ b/apps/s_socket.c
 @@ -718,8 +718,13 @@
          if (domain == AF_INET)
      	    ret = gethostbyname(name);

diff --git a/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch
new file mode 100644
index 0000000000..2c4cc31257
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0k-fix-test_fuzz.patch
@@ -0,0 +1,19 @@
+Test fuzz was forgotten when
+
+   Perl: Use our own globbing wrapper rather than File::Glob::glob
+
+was backported to openssl-1.1.0 branch.
+
+Link: https://github.com/openssl/openssl/commit/b81cfa07ada850fd287d0a0c82ba280907f18ce7
+
+--- a/test/recipes/90-test_fuzz.t
++++ b/test/recipes/90-test_fuzz.t
+@@ -9,7 +9,7 @@
+ use strict;
+ use warnings;
+ 
+-use if $^O ne "VMS", 'File::Glob' => qw/glob/;
++use OpenSSL::Glob;
+ use OpenSSL::Test qw/:DEFAULT srctop_file/;
+ use OpenSSL::Test::Utils;
+ 

diff --git a/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch b/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch
new file mode 100644
index 0000000000..35a435df28
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.1.0l-fix-no-ec2m-in-ec_curve.c.patch
@@ -0,0 +1,30 @@
+From bcf6a94c4bc912ad313ea21abdf7e83bbae450e5 Mon Sep 17 00:00:00 2001
+From: Nicola Tuveri <nic.tuv@gmail.com>
+Date: Thu, 12 Sep 2019 01:57:47 +0300
+Subject: [PATCH] Fix no-ec2m in ec_curve.c (1.1.0)
+
+I made a mistake in d4a5dac9f9242c580fb9d0a4389440eccd3494a7 and
+inverted the GF2m and GFp calls in ec_point_get_affine_coordinates, this
+fixes it.
+---
+ crypto/ec/ec_curve.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
+index 2d28d7f70bb..6a58b3a23e0 100644
+--- a/crypto/ec/ec_curve.c
++++ b/crypto/ec/ec_curve.c
+@@ -3200,11 +3200,11 @@ int ec_point_get_affine_coordinates(const EC_GROUP *group,
+ 
+ #ifndef OPENSSL_NO_EC2M
+     if (field_nid == NID_X9_62_characteristic_two_field) {
+-        return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
++        return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx);
+     } else
+ #endif /* !def(OPENSSL_NO_EC2M) */
+     if (field_nid == NID_X9_62_prime_field) {
+-        return EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx);
++        return EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx);
+     } else {
+         /* this should never happen */
+         return 0;

diff --git a/dev-libs/openssl/openssl-1.0.2t.ebuild b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
similarity index 98%
rename from dev-libs/openssl/openssl-1.0.2t.ebuild
rename to dev-libs/openssl/openssl-1.0.2t-r1.ebuild
index 324a0685df..41dd63e4b0 100644
--- a/dev-libs/openssl/openssl-1.0.2t.ebuild
+++ b/dev-libs/openssl/openssl-1.0.2t-r1.ebuild
@@ -47,7 +47,8 @@ RDEPEND="!prefix-stack? ( ${MY_PKGINSTDEPS} )
 	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
 DEPEND="${RDEPEND}
-	prefix-stack? ( ${MY_PKGINSTDEPS} )
+	prefix-stack? ( ${MY_PKGINSTDEPS} )"
+BDEPEND="
 	>=dev-lang/perl-5
 	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? (
@@ -86,9 +87,7 @@ src_prepare() {
 	rm -f Makefile
 
 	if ! use vanilla ; then
-		if [[ $(declare -p PATCHES 2>/dev/null) == "declare -a"* ]] ; then
-			[[ ${#PATCHES[@]} -gt 0 ]] && eapply "${PATCHES[@]}"
-		fi
+		eapply "${WORKDIR}"/patch/*.patch
 	fi
 
 	eapply_user
@@ -114,6 +113,7 @@ src_prepare() {
 	eapply "${FILESDIR}"/${PN}-1.0.2a-aix-soname.patch # like libtool
 	eapply "${FILESDIR}"/${PN}-0.9.8g-engines-installnames.patch
 	eapply "${FILESDIR}"/${PN}-1.0.0b-darwin-bundle-compile-fix.patch
+	eapply "${FILESDIR}"/${PN}-1.0.2-gethostbyname2-solaris.patch
 	eapply "${FILESDIR}"/${PN}-1.0.2l-winnt.patch # parity
 
 	# remove -arch for Darwin

diff --git a/dev-libs/openssl/openssl-1.1.0l.ebuild b/dev-libs/openssl/openssl-1.1.0l.ebuild
index f9d64c8261..38562bc38f 100644
--- a/dev-libs/openssl/openssl-1.1.0l.ebuild
+++ b/dev-libs/openssl/openssl-1.1.0l.ebuild
@@ -14,8 +14,7 @@ MY_P=${P/_/-}
 # - ec_curve.c (SOURCE12) -- MODIFIED
 # - ectest.c (SOURCE13)
 # - openssl-1.1.0-ec-curves.patch (PATCH37) -- MODIFIED
-############# MISSING: FIX WHEN #694516 gets fixed: see KEYWORDS #############
-BINDIST_PATCH_SET="openssl-1.1.0k-bindist-1.0.tar.xz"
+BINDIST_PATCH_SET="openssl-1.1.0l-bindist-1.0.tar.xz"
 
 DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
 HOMEPAGE="https://www.openssl.org/"
@@ -27,7 +26,7 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0/1.1" # .so version of libssl/libcrypto
-#KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
+KEYWORDS="~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt"
 IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
 


^ permalink raw reply related	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2019-09-16  8:24 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-09-15 18:42 [gentoo-commits] repo/proj/prefix:master commit in: dev-libs/openssl/, dev-libs/openssl/files/ Fabian Groffen
  -- strict thread matches above, loose matches on Subject: below --
2019-09-16  8:24 Fabian Groffen
2019-03-25  8:17 Fabian Groffen
2019-02-15 18:58 Michael Haubenwallner
2019-02-13 10:07 Michael Haubenwallner
2018-12-28 17:44 Fabian Groffen
2018-11-19 14:53 Fabian Groffen
2018-02-08 18:04 Fabian Groffen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox