summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-08-08 13:49:04 -0700
committerRobin H. Johnson <robbat2@gentoo.org>2015-08-08 17:38:18 -0700
commit56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch)
tree3f91093cdb475e565ae857f1c5a7fd339e2d781e /dev-libs/openssl/files
downloadgentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2
gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip
proj/gentoo: Initial commit
This commit represents a new era for Gentoo: Storing the gentoo-x86 tree in Git, as converted from CVS. This commit is the start of the NEW history. Any historical data is intended to be grafted onto this point. Creation process: 1. Take final CVS checkout snapshot 2. Remove ALL ChangeLog* files 3. Transform all Manifests to thin 4. Remove empty Manifests 5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$ 5.1. Do not touch files with -kb/-ko keyword flags. Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'dev-libs/openssl/files')
-rwxr-xr-xdev-libs/openssl/files/gentoo.config-0.9.8145
-rwxr-xr-xdev-libs/openssl/files/gentoo.config-1.0.0159
-rwxr-xr-xdev-libs/openssl/files/gentoo.config-1.0.1164
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch25
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch29
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8m-binutils.patch24
-rw-r--r--dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch326
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch29
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0d-windres.patch76
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch315
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch34
-rw-r--r--dev-libs/openssl/files/openssl-1.0.0r-x32.patch76
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch354
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1-x32.patch79
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch18
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch84
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch642
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch356
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch618
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch364
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch21
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1m-x32.patch66
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1p-default-source.patch30
-rw-r--r--dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch359
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch49
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch31
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch459
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-ipv6.patch611
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch354
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch17
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch38
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch314
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch64
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch37
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch63
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch43
-rw-r--r--dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch309
37 files changed, 6782 insertions, 0 deletions
diff --git a/dev-libs/openssl/files/gentoo.config-0.9.8 b/dev-libs/openssl/files/gentoo.config-0.9.8
new file mode 100755
index 000000000000..20d88a7d2acf
--- /dev/null
+++ b/dev-libs/openssl/files/gentoo.config-0.9.8
@@ -0,0 +1,145 @@
+#!/usr/bin/env bash
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# Openssl doesn't play along nicely with cross-compiling
+# like autotools based projects, so let's teach it new tricks.
+#
+# Review the bundled 'config' script to see why kind of targets
+# we can pass to the 'Configure' script.
+
+
+# Testing routines
+if [[ $1 == "test" ]] ; then
+ for c in \
+ "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
+ "armv5b-linux-gnu |linux-generic32 -DB_ENDIAN" \
+ "x86_64-pc-linux-gnu |linux-x86_64" \
+ "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
+ "i686-pc-linux-gnu |linux-elf" \
+ "whatever-gentoo-freebsdX.Y |BSD-generic32" \
+ "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
+ "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
+ "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
+ "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
+ "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
+ "powerpc-gentOO-linux-uclibc |linux-ppc" \
+ "powerpc64-unk-linux-gnu |linux-ppc64" \
+ "x86_64-apple-darwinX |darwin64-x86_64-cc" \
+ "powerpc64-apple-darwinX |darwin64-ppc-cc" \
+ "i686-apple-darwinX |darwin-i386-cc" \
+ "i386-apple-darwinX |darwin-i386-cc" \
+ "powerpc-apple-darwinX |darwin-ppc-cc" \
+ "i586-pc-winnt |winnt-parity" \
+ ;do
+ CHOST=${c/|*}
+ ret_want=${c/*|}
+ ret_got=$(CHOST=${CHOST} "$0")
+
+ if [[ ${ret_want} == "${ret_got}" ]] ; then
+ echo "PASS: ${CHOST}"
+ else
+ echo "FAIL: ${CHOST}"
+ echo -e "\twanted: ${ret_want}"
+ echo -e "\twe got: ${ret_got}"
+ fi
+ done
+ exit 0
+fi
+[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
+
+
+# Detect the operating system
+case ${CHOST} in
+ *-aix*) system="aix";;
+ *-darwin*) system="darwin";;
+ *-freebsd*) system="BSD";;
+ *-hpux*) system="hpux";;
+ *-linux*) system="linux";;
+ *-solaris*) system="solaris";;
+ *-winnt*) system="winnt";;
+ *) exit 0;;
+esac
+
+
+# Compiler munging
+compiler="gcc"
+if [[ ${CC} == "ccc" ]] ; then
+ compiler=${CC}
+fi
+
+
+# Detect target arch
+machine=""
+chost_machine=${CHOST%%-*}
+case ${system} in
+linux)
+ case ${chost_machine} in
+ alphaev56*) machine=alpha+bwx-${compiler};;
+ alphaev[678]*)machine=alpha+bwx-${compiler};;
+ alpha*) machine=alpha-${compiler};;
+ arm*b*) machine="generic32 -DB_ENDIAN";;
+ arm*) machine="generic32 -DL_ENDIAN";;
+ # hppa64*) machine=parisc64;;
+ hppa*) machine="generic32 -DB_ENDIAN";;
+ i[0-9]86*) machine=elf;;
+ ia64*) machine=ia64;;
+ m68*) machine="generic32 -DB_ENDIAN";;
+ mips*el*) machine="generic32 -DL_ENDIAN";;
+ mips*) machine="generic32 -DB_ENDIAN";;
+ powerpc64*) machine=ppc64;;
+ powerpc*) machine=ppc;;
+ # sh64*) machine=elf;;
+ sh*b*) machine="generic32 -DB_ENDIAN";;
+ sh*) machine="generic32 -DL_ENDIAN";;
+ sparc*v7*) machine="generic32 -DB_ENDIAN";;
+ sparc64*) machine=sparcv9;;
+ sparc*) machine=sparcv8;;
+ s390x*) machine="generic64 -DB_ENDIAN";;
+ s390*) machine="generic32 -DB_ENDIAN";;
+ x86_64*) machine=x86_64;;
+ esac
+ ;;
+BSD)
+ case ${chost_machine} in
+ alpha*) machine=generic64;;
+ i[6-9]86*) machine=x86-elf;;
+ ia64*) machine=ia64;;
+ sparc64*) machine=sparc64;;
+ x86_64*) machine=x86_64;;
+ *) machine=generic32;;
+ esac
+ ;;
+aix)
+ machine=${compiler}
+ ;;
+darwin)
+ case ${chost_machine} in
+ powerpc64) machine=ppc-cc; system=${system}64;;
+ powerpc) machine=ppc-cc;;
+ i?86*) machine=i386-cc;;
+ x86_64) machine=x86_64-cc; system=${system}64;;
+ esac
+ ;;
+hpux)
+ case ${chost_machine} in
+ ia64) machine=ia64-${compiler} ;;
+ esac
+ ;;
+solaris)
+ case ${chost_machine} in
+ i386) machine=x86-${compiler} ;;
+ x86_64*) machine=x86_64-${compiler}; system=${system}64;;
+ sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
+ sparc*) machine=sparcv8-${compiler};;
+ esac
+ ;;
+winnt)
+ machine=parity
+ ;;
+esac
+
+
+# If we have something, show it
+[[ -n ${machine} ]] && echo ${system}-${machine}
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.0 b/dev-libs/openssl/files/gentoo.config-1.0.0
new file mode 100755
index 000000000000..475bda37925a
--- /dev/null
+++ b/dev-libs/openssl/files/gentoo.config-1.0.0
@@ -0,0 +1,159 @@
+#!/usr/bin/env bash
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# Openssl doesn't play along nicely with cross-compiling
+# like autotools based projects, so let's teach it new tricks.
+#
+# Review the bundled 'config' script to see why kind of targets
+# we can pass to the 'Configure' script.
+
+
+# Testing routines
+if [[ $1 == "test" ]] ; then
+ for c in \
+ "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
+ "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \
+ "x86_64-pc-linux-gnu |linux-x86_64" \
+ "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
+ "i686-pc-linux-gnu |linux-elf" \
+ "whatever-gentoo-freebsdX.Y |BSD-generic32" \
+ "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
+ "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
+ "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
+ "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
+ "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
+ "powerpc-gentOO-linux-uclibc |linux-ppc" \
+ "powerpc64-unk-linux-gnu |linux-ppc64" \
+ "x86_64-apple-darwinX |darwin64-x86_64-cc" \
+ "powerpc64-apple-darwinX |darwin64-ppc-cc" \
+ "i686-apple-darwinX |darwin-i386-cc" \
+ "i386-apple-darwinX |darwin-i386-cc" \
+ "powerpc-apple-darwinX |darwin-ppc-cc" \
+ "i586-pc-winnt |winnt-parity" \
+ "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \
+ "s390x-linux-gnu |linux-s390x" \
+ ;do
+ CHOST=${c/|*}
+ ret_want=${c/*|}
+ ret_got=$(CHOST=${CHOST} "$0")
+
+ if [[ ${ret_want} == "${ret_got}" ]] ; then
+ echo "PASS: ${CHOST}"
+ else
+ echo "FAIL: ${CHOST}"
+ echo -e "\twanted: ${ret_want}"
+ echo -e "\twe got: ${ret_got}"
+ fi
+ done
+ exit 0
+fi
+[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
+
+
+# Detect the operating system
+case ${CHOST} in
+ *-aix*) system="aix";;
+ *-darwin*) system="darwin";;
+ *-freebsd*) system="BSD";;
+ *-hpux*) system="hpux";;
+ *-linux*) system="linux";;
+ *-solaris*) system="solaris";;
+ *-winnt*) system="winnt";;
+ x86_64-*-mingw*) system="mingw64";;
+ *mingw*) system="mingw";;
+ *) exit 0;;
+esac
+
+
+# Compiler munging
+compiler="gcc"
+if [[ ${CC} == "ccc" ]] ; then
+ compiler=${CC}
+fi
+
+
+# Detect target arch
+machine=""
+chost_machine=${CHOST%%-*}
+case ${system} in
+linux)
+ case ${chost_machine}:${ABI} in
+ alphaev56*) machine=alpha+bwx-${compiler};;
+ alphaev[678]*)machine=alpha+bwx-${compiler};;
+ alpha*) machine=alpha-${compiler};;
+ armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
+ armv[4-9]*) machine="armv4 -DL_ENDIAN";;
+ arm*b*) machine="generic32 -DB_ENDIAN";;
+ arm*) machine="generic32 -DL_ENDIAN";;
+ avr*) machine="generic32 -DL_ENDIAN";;
+ bfin*) machine="generic32 -DL_ENDIAN";;
+ # hppa64*) machine=parisc64;;
+ hppa*) machine="generic32 -DB_ENDIAN";;
+ i[0-9]86*|\
+ x86_64*:x86) machine=elf;;
+ ia64*) machine=ia64;;
+ m68*) machine="generic32 -DB_ENDIAN";;
+ mips*el*) machine="generic32 -DL_ENDIAN";;
+ mips*) machine="generic32 -DB_ENDIAN";;
+ powerpc64*) machine=ppc64;;
+ powerpc*) machine=ppc;;
+ # sh64*) machine=elf;;
+ sh*b*) machine="generic32 -DB_ENDIAN";;
+ sh*) machine="generic32 -DL_ENDIAN";;
+ sparc*v7*) machine="generic32 -DB_ENDIAN";;
+ sparc64*) machine=sparcv9;;
+ sparc*) machine=sparcv8;;
+ s390x*) machine=s390x;;
+ s390*) machine="generic32 -DB_ENDIAN";;
+ x86_64*:x32) machine=x32;;
+ x86_64*) machine=x86_64;;
+ esac
+ ;;
+BSD)
+ case ${chost_machine} in
+ alpha*) machine=generic64;;
+ i[6-9]86*) machine=x86-elf;;
+ ia64*) machine=ia64;;
+ sparc64*) machine=sparc64;;
+ x86_64*) machine=x86_64;;
+ *) machine=generic32;;
+ esac
+ ;;
+aix)
+ machine=${compiler}
+ ;;
+darwin)
+ case ${chost_machine} in
+ powerpc64) machine=ppc-cc; system=${system}64;;
+ powerpc) machine=ppc-cc;;
+ i?86*) machine=i386-cc;;
+ x86_64) machine=x86_64-cc; system=${system}64;;
+ esac
+ ;;
+hpux)
+ case ${chost_machine} in
+ ia64) machine=ia64-${compiler} ;;
+ esac
+ ;;
+solaris)
+ case ${chost_machine} in
+ i386) machine=x86-${compiler} ;;
+ x86_64*) machine=x86_64-${compiler}; system=${system}64;;
+ sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
+ sparc*) machine=sparcv8-${compiler};;
+ esac
+ ;;
+winnt)
+ machine=parity
+ ;;
+mingw*)
+ # special case ... no xxx-yyy style name
+ echo ${system}
+ ;;
+esac
+
+
+# If we have something, show it
+[[ -n ${machine} ]] && echo ${system}-${machine}
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.1 b/dev-libs/openssl/files/gentoo.config-1.0.1
new file mode 100755
index 000000000000..24c995a04f15
--- /dev/null
+++ b/dev-libs/openssl/files/gentoo.config-1.0.1
@@ -0,0 +1,164 @@
+#!/usr/bin/env bash
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# Openssl doesn't play along nicely with cross-compiling
+# like autotools based projects, so let's teach it new tricks.
+#
+# Review the bundled 'config' script to see why kind of targets
+# we can pass to the 'Configure' script.
+
+
+# Testing routines
+if [[ $1 == "test" ]] ; then
+ for c in \
+ "arm-gentoo-linux-uclibc |linux-generic32 -DL_ENDIAN" \
+ "armv5b-linux-gnu |linux-armv4 -DB_ENDIAN" \
+ "x86_64-pc-linux-gnu |linux-x86_64" \
+ "alpha-linux-gnu |linux-alpha-gcc" \
+ "alphaev56-unknown-linux-gnu |linux-alpha+bwx-gcc" \
+ "i686-pc-linux-gnu |linux-elf" \
+ "whatever-gentoo-freebsdX.Y |BSD-generic32" \
+ "i686-gentoo-freebsdX.Y |BSD-x86-elf" \
+ "sparc64-alpha-freebsdX.Y |BSD-sparc64" \
+ "ia64-gentoo-freebsd5.99234 |BSD-ia64" \
+ "x86_64-gentoo-freebsdX.Y |BSD-x86_64" \
+ "hppa64-aldsF-linux-gnu5.3 |linux-generic32 -DB_ENDIAN" \
+ "powerpc-gentOO-linux-uclibc |linux-ppc" \
+ "powerpc64-unk-linux-gnu |linux-ppc64" \
+ "x86_64-apple-darwinX |darwin64-x86_64-cc" \
+ "powerpc64-apple-darwinX |darwin64-ppc-cc" \
+ "i686-apple-darwinX |darwin-i386-cc" \
+ "i386-apple-darwinX |darwin-i386-cc" \
+ "powerpc-apple-darwinX |darwin-ppc-cc" \
+ "i586-pc-winnt |winnt-parity" \
+ "s390-ibm-linux-gnu |linux-generic32 -DB_ENDIAN" \
+ "s390x-linux-gnu |linux64-s390x" \
+ ;do
+ CHOST=${c/|*}
+ ret_want=${c/*|}
+ ret_got=$(CHOST=${CHOST} "$0")
+
+ if [[ ${ret_want} == "${ret_got}" ]] ; then
+ echo "PASS: ${CHOST}"
+ else
+ echo "FAIL: ${CHOST}"
+ echo -e "\twanted: ${ret_want}"
+ echo -e "\twe got: ${ret_got}"
+ fi
+ done
+ exit 0
+fi
+[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
+
+
+# Detect the operating system
+case ${CHOST} in
+ *-aix*) system="aix";;
+ *-darwin*) system="darwin";;
+ *-freebsd*) system="BSD";;
+ *-hpux*) system="hpux";;
+ *-linux*) system="linux";;
+ *-solaris*) system="solaris";;
+ *-winnt*) system="winnt";;
+ x86_64-*-mingw*) system="mingw64";;
+ *mingw*) system="mingw";;
+ *) exit 0;;
+esac
+
+
+# Compiler munging
+compiler="gcc"
+if [[ ${CC} == "ccc" ]] ; then
+ compiler=${CC}
+fi
+
+
+# Detect target arch
+machine=""
+chost_machine=${CHOST%%-*}
+case ${system} in
+linux)
+ case ${chost_machine}:${ABI} in
+ aarch64*be) machine="generic64 -DB_ENDIAN";;
+ aarch64*) machine="generic64 -DL_ENDIAN";;
+ alphaev56*|\
+ alphaev[678]*)machine=alpha+bwx-${compiler};;
+ alpha*) machine=alpha-${compiler};;
+ armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
+ armv[4-9]*) machine="armv4 -DL_ENDIAN";;
+ arm*b*) machine="generic32 -DB_ENDIAN";;
+ arm*) machine="generic32 -DL_ENDIAN";;
+ avr*) machine="generic32 -DL_ENDIAN";;
+ bfin*) machine="generic32 -DL_ENDIAN";;
+ # hppa64*) machine=parisc64;;
+ hppa*) machine="generic32 -DB_ENDIAN";;
+ i[0-9]86*|\
+ x86_64*:x86) machine=elf;;
+ ia64*) machine=ia64;;
+ m68*) machine="generic32 -DB_ENDIAN";;
+ mips*el*) machine="generic32 -DL_ENDIAN";;
+ mips*) machine="generic32 -DB_ENDIAN";;
+ powerpc64*le) machine="generic64 -DL_ENDIAN";;
+ powerpc64*) machine=ppc64;;
+ powerpc*le) machine="generic32 -DL_ENDIAN";;
+ powerpc*) machine=ppc;;
+ # sh64*) machine=elf;;
+ sh*b*) machine="generic32 -DB_ENDIAN";;
+ sh*) machine="generic32 -DL_ENDIAN";;
+ sparc*v7*) machine="generic32 -DB_ENDIAN";;
+ sparc64*) machine=sparcv9;;
+ sparc*) machine=sparcv8;;
+ s390x*) machine=s390x system=linux64;;
+ s390*) machine="generic32 -DB_ENDIAN";;
+ x86_64*:x32) machine=x32;;
+ x86_64*) machine=x86_64;;
+ esac
+ ;;
+BSD)
+ case ${chost_machine} in
+ alpha*) machine=generic64;;
+ i[6-9]86*) machine=x86-elf;;
+ ia64*) machine=ia64;;
+ sparc64*) machine=sparc64;;
+ x86_64*) machine=x86_64;;
+ *) machine=generic32;;
+ esac
+ ;;
+aix)
+ machine=${compiler}
+ ;;
+darwin)
+ case ${chost_machine} in
+ powerpc64) machine=ppc-cc; system=${system}64;;
+ powerpc) machine=ppc-cc;;
+ i?86*) machine=i386-cc;;
+ x86_64) machine=x86_64-cc; system=${system}64;;
+ esac
+ ;;
+hpux)
+ case ${chost_machine} in
+ ia64) machine=ia64-${compiler} ;;
+ esac
+ ;;
+solaris)
+ case ${chost_machine} in
+ i386) machine=x86-${compiler} ;;
+ x86_64*) machine=x86_64-${compiler}; system=${system}64;;
+ sparcv9*) machine=sparcv9-${compiler}; system=${system}64;;
+ sparc*) machine=sparcv8-${compiler};;
+ esac
+ ;;
+winnt)
+ machine=parity
+ ;;
+mingw*)
+ # special case ... no xxx-yyy style name
+ echo ${system}
+ ;;
+esac
+
+
+# If we have something, show it
+[[ -n ${machine} ]] && echo ${system}-${machine}
diff --git a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
new file mode 100644
index 000000000000..a798164a9069
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
@@ -0,0 +1,25 @@
+--- a/Configure
++++ b/Configure
+@@ -365,7 +365,7 @@
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+-"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+
+the -B flag is a no-op nowadays
+
+--- a/crypto/des/Makefile
++++ b/crypto/des/Makefile
+@@ -62,7 +62,7 @@
+ $(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+
+ des_enc-sparc.S: asm/des_enc.m4
+- m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
++ m4 asm/des_enc.m4 > des_enc-sparc.S
+
+ # ELF
+ dx86-elf.s: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
new file mode 100644
index 000000000000..64cc7bde0504
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
@@ -0,0 +1,29 @@
+http://bugs.gentoo.org/181438
+http://bugs.gentoo.org/327421
+https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest
+
+make sure we respect LDFLAGS
+
+also make sure we don't add useless -rpath flags to the system libdir
+
+--- openssl-0.9.8h/Makefile.org
++++ openssl-0.9.8h/Makefile.org
+@@ -180,6 +181,7 @@
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}' \
+ MAKEDEPPROG='${MAKEDEPPROG}' \
++ LDFLAGS='${LDFLAGS}' \
+ SHARED_LDFLAGS='${SHARED_LDFLAGS}' \
+ KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' \
+ EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' \
+--- openssl-0.9.8h/Makefile.shared
++++ openssl-0.9.8h/Makefile.shared
+@@ -153,7 +153,7 @@
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
+
+ #This is rather special. It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
new file mode 100644
index 000000000000..9fa79b9a65fb
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
@@ -0,0 +1,24 @@
+http://bugs.gentoo.org/289130
+
+Ripped from Fedora
+
+--- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils 2009-11-12 15:17:29.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl 2009-11-12 17:24:18.000000000 +0100
+@@ -150,7 +150,7 @@ ___
+ sub BODY_20_39 {
+ my ($i,$a,$b,$c,$d,$e,$f)=@_;
+ my $j=$i+1;
+-my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
++my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
+ $code.=<<___ if ($i<79);
+ lea $K($xi,$e),$f
+ mov `4*($j%16)`(%rsp),$xi
+@@ -187,7 +187,7 @@ sub BODY_40_59 {
+ my ($i,$a,$b,$c,$d,$e,$f)=@_;
+ my $j=$i+1;
+ $code.=<<___;
+- lea 0x8f1bbcdc($xi,$e),$f
++ lea -0x70e44324($xi,$e),$f
+ mov `4*($j%16)`(%rsp),$xi
+ mov $b,$t0
+ mov $b,$t1
diff --git a/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch
new file mode 100644
index 000000000000..facb77d203a1
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch
@@ -0,0 +1,326 @@
+--- openssl-0.9.8ze/crypto/asn1/a_type.c
++++ openssl-0.9.8ze/crypto/asn1/a_type.c
+@@ -121,6 +121,9 @@
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
++ case V_ASN1_BOOLEAN:
++ result = a->value.boolean - b->value.boolean;
++ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
+--- openssl-0.9.8ze/crypto/asn1/tasn_dec.c
++++ openssl-0.9.8ze/crypto/asn1/tasn_dec.c
+@@ -128,11 +128,17 @@
+ {
+ ASN1_TLC c;
+ ASN1_VALUE *ptmpval = NULL;
+- if (!pval)
+- pval = &ptmpval;
+ c.valid = 0;
+- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+- return *pval;
++ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++ ptmpval = *pval;
++ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++ if (*pval)
++ ASN1_item_free(*pval, it);
++ *pval = ptmpval;
++ }
++ return ptmpval;
++ }
+ return NULL;
+ }
+
+@@ -309,9 +315,16 @@
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+
+- /* Allocate structure */
+- if (!*pval && !ASN1_item_ex_new(pval, it))
+- {
++ if (*pval) {
++ /* Free up and zero CHOICE value if initialised */
++ i = asn1_get_choice_selector(pval, it);
++ if ((i >= 0) && (i < it->tcount)) {
++ tt = it->templates + i;
++ pchptr = asn1_get_field_ptr(pval, tt);
++ ASN1_template_free(pchptr, tt);
++ asn1_set_choice_selector(pval, -1, it);
++ }
++ } else if (!ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+@@ -405,6 +418,17 @@
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ goto auxerr;
+
++ /* Free up and zero any ADB found */
++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++ if (tt->flags & ASN1_TFLG_ADB_MASK) {
++ const ASN1_TEMPLATE *seqtt;
++ ASN1_VALUE **pseqval;
++ seqtt = asn1_do_adb(pval, tt, 1);
++ pseqval = asn1_get_field_ptr(pval, seqtt);
++ ASN1_template_free(pseqval, seqtt);
++ }
++ }
++
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ {
+--- openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
++++ openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
+@@ -151,6 +151,25 @@
+ EVP_PKEY *pkey;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++ /*
++ * The content field in the PKCS7 ContentInfo is optional, but that really
++ * only applies to inner content (precisely, detached signatures).
++ *
++ * When reading content, missing outer content is therefore treated as an
++ * error.
++ *
++ * When creating content, PKCS7_content_new() must be called before
++ * calling this method, so a NULL p7->d is always an error.
++ */
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -344,6 +363,16 @@
+ STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+ PKCS7_RECIP_INFO *ri=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -637,6 +666,16 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ EVP_MD_CTX_init(&ctx_tmp);
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+@@ -668,6 +707,7 @@
+ /* If detached data then the content is excluded */
+ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.sign->contents->d.data = NULL;
+ }
+ break;
+@@ -678,6 +718,7 @@
+ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.digest->contents->d.data = NULL;
+ }
+ break;
+@@ -815,6 +856,11 @@
+
+ if (!PKCS7_is_detached(p7))
+ {
++ /*
++ * NOTE(emilia): I think we only reach os == NULL here because detached
++ */
++ if (os == NULL)
++ goto err;
+ btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+ if (btmp == NULL)
+ {
+@@ -849,6 +895,16 @@
+ STACK_OF(X509) *cert;
+ X509 *x509;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ if (PKCS7_type_is_signed(p7))
+ {
+ cert=p7->d.sign->cert;
+--- openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
++++ openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
+@@ -70,6 +70,7 @@
+
+ switch (cmd)
+ {
++ /* NOTE(emilia): does not support detached digested data. */
+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed)
+ {
+@@ -473,6 +474,8 @@
+
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ {
++ if (p7 == NULL || p7->d.ptr == NULL)
++ return NULL;
+ if (PKCS7_type_is_signed(p7))
+ {
+ return(p7->d.sign->signer_info);
+--- openssl-0.9.8ze/doc/crypto/d2i_X509.pod
++++ openssl-0.9.8ze/doc/crypto/d2i_X509.pod
+@@ -199,6 +199,12 @@
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -210,7 +216,9 @@
+
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>.
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
+--- openssl-0.9.8ze/ssl/s2_lib.c
++++ openssl-0.9.8ze/ssl/s2_lib.c
+@@ -410,7 +410,7 @@
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+- < (int)sizeof(s->session->master_key));
++ <= (int)sizeof(s->session->master_key));
+ EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ EVP_DigestUpdate(&ctx,&c,1);
+ c++;
+--- openssl-0.9.8ze/ssl/s2_srvr.c
++++ openssl-0.9.8ze/ssl/s2_srvr.c
+@@ -446,10 +446,6 @@
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ return(-1);
+ }
+- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+-
+ is_export=SSL_C_IS_EXPORT(s->session->cipher);
+
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+@@ -467,21 +463,59 @@
+ else
+ ek=5;
+
++ /*
++ * The format of the CLIENT-MASTER-KEY message is
++ * 1 byte message type
++ * 3 bytes cipher
++ * 2-byte clear key length (stored in s->s2->tmp.clear)
++ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++ * 2-byte key args length (IV etc)
++ * clear key
++ * encrypted key
++ * key args
++ *
++ * If the cipher is an export cipher, then the encrypted key bytes
++ * are a fixed portion of the total key (5 or 8 bytes). The size of
++ * this portion is in |ek|. If the cipher is not an export cipher,
++ * then the entire key material is encrypted (i.e., clear key length
++ * must be zero).
++ */
++ if ((!is_export && s->s2->tmp.clear != 0) ||
++ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++ return -1;
++ }
++ /*
++ * The encrypted blob must decrypt to the encrypted portion of the key.
++ * Decryption can't be expanding, so if we don't have enough encrypted
++ * bytes to fit the key in the buffer, stop now.
++ */
++ if ((is_export && s->s2->tmp.enc < ek) ||
++ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++ return -1;
++ }
++
++ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++ &(p[s->s2->tmp.clear]),
++ &(p[s->s2->tmp.clear]),
++ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++ RSA_PKCS1_PADDING);
++
+ /* bad decrypt */
+ #if 1
+ /* If a bad decrypt, continue with protocol but with a
+ * random master secret (Bleichenbacher attack) */
+- if ((i < 0) ||
+- ((!is_export && (i != EVP_CIPHER_key_length(c)))
+- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+- (unsigned int)EVP_CIPHER_key_length(c))))))
+- {
++ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++ || (is_export && i != ek))) {
+ ERR_clear_error();
+ if (is_export)
+ i=ek;
+ else
+ i=EVP_CIPHER_key_length(c);
+- if (RAND_pseudo_bytes(p,i) <= 0)
++ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ return 0;
+ }
+ #else
+@@ -505,7 +539,8 @@
+ }
+ #endif
+
+- if (is_export) i+=s->s2->tmp.clear;
++ if (is_export)
++ i = EVP_CIPHER_key_length(c);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ {
diff --git a/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch b/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch
new file mode 100644
index 000000000000..c99ef4abb852
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch
@@ -0,0 +1,29 @@
+http://bugs.gentoo.org/181438
+http://bugs.gentoo.org/327421
+https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest
+
+make sure we respect LDFLAGS
+
+also make sure we don't add useless -rpath flags to the system libdir
+
+--- Makefile.org
++++ Makefile.org
+@@ -189,6 +189,7 @@
+ MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
+ DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)' \
+ MAKEDEPPROG='$(MAKEDEPPROG)' \
++ LDFLAGS='${LDFLAGS}' \
+ SHARED_LDFLAGS='$(SHARED_LDFLAGS)' \
+ KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)' \
+ ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)' \
+--- Makefile.shared
++++ Makefile.shared
+@@ -153,7 +153,7 @@
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
+
+ #This is rather special. It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/dev-libs/openssl/files/openssl-1.0.0d-windres.patch b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
new file mode 100644
index 000000000000..0b360d2b3bea
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.0d-windres.patch
@@ -0,0 +1,76 @@
+URL: http://rt.openssl.org/Ticket/Display.html?id=2558&user=guest&pass=guest
+Subject: make windres controllable via build env var settings
+
+atm, the windres code in openssl is only usable via the cross-compile prefix
+option unlike all the other build tools. so add support for the standard $RC
+/ $WINDRES env vars as well.
+
+Index: Configure
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v
+retrieving revision 1.621.2.40
+diff -u -p -r1.621.2.40 Configure
+--- Configure 30 Nov 2010 22:19:26 -0000 1.621.2.40
++++ Configure 4 Jul 2011 23:12:32 -0000
+@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar
+ my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
+ my $ar = $ENV{'AR'} || "ar";
+ my $arflags = $fields[$idx_arflags];
++my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
+ my $multilib = $fields[$idx_multilib];
+
+ # if $prefix/lib$multilib is not an existing directory, then
+@@ -1511,12 +1512,14 @@ while (<IN>)
+ s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
+ s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
+ s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
++ s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+ }
+ else {
+ s/^CC=.*$/CC= $cc/;
+ s/^AR=\s*ar/AR= $ar/;
+ s/^RANLIB=.*/RANLIB= $ranlib/;
++ s/^WINDRES=.*/WINDRES= $windres/;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+ }
+ s/^CFLAG=.*$/CFLAG= $cflags/;
+Index: Makefile.org
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v
+retrieving revision 1.295.2.10
+diff -u -p -r1.295.2.10 Makefile.org
+--- Makefile.org 27 Jan 2010 16:06:58 -0000 1.295.2.10
++++ Makefile.org 4 Jul 2011 23:13:08 -0000
+@@ -66,6 +66,7 @@ EXE_EXT=
+ ARFLAGS=
+ AR=ar $(ARFLAGS) r
+ RANLIB= ranlib
++WINDRES= windres
+ NM= nm
+ PERL= perl
+ TAR= tar
+@@ -180,6 +181,7 @@ BUILDENV= PLATFORM='$(PLATFORM)' PROCESS
+ CC='$(CC)' CFLAG='$(CFLAG)' \
+ AS='$(CC)' ASFLAG='$(CFLAG) -c' \
+ AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)' \
++ WINDRES='$(WINDRES)' \
+ CROSS_COMPILE='$(CROSS_COMPILE)' \
+ PERL='$(PERL)' ENGDIRS='$(ENGDIRS)' \
+ SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)' \
+Index: Makefile.shared
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v
+retrieving revision 1.72.2.4
+diff -u -p -r1.72.2.4 Makefile.shared
+--- Makefile.shared 21 Aug 2010 11:36:49 -0000 1.72.2.4
++++ Makefile.shared 4 Jul 2011 23:13:52 -0000
+@@ -293,7 +293,7 @@ link_a.cygwin:
+ fi; \
+ dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+ $(PERL) util/mkrc.pl $$dll_name | \
+- $(CROSS_COMPILE)windres -o rc.o; \
++ $(WINDRES) -o rc.o; \
+ extras="$$extras rc.o"; \
+ ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
diff --git a/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
new file mode 100644
index 000000000000..e1a030f9ebf9
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.0e-parallel-build.patch
@@ -0,0 +1,315 @@
+http://rt.openssl.org/Ticket/Display.html?id=2084
+
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -247,17 +247,17 @@
+ build_libs: build_crypto build_ssl build_engines
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
++build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -497,9 +497,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -508,6 +508,13 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+@@ -511,7 +511,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; for i in $(LIBS) ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -593,12 +600,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+
+@@ -110,7 +110,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -119,7 +119,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -123,7 +123,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -345,106 +345,106 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(BUILD_CMD)
++ +@target=$(SSLTEST); $(BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -457,7 +457,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
diff --git a/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch b/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch
new file mode 100644
index 000000000000..66fd8220c5b0
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.0h-pkg-config.patch
@@ -0,0 +1,34 @@
+https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest
+
+depend on other pc files rather than encoding library info directly in
+every pkg-config file
+
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -335,11 +335,11 @@ libssl.pc: Makefile
+ echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
+ echo 'includedir=$${prefix}/include'; \
+ echo ''; \
+- echo 'Name: OpenSSL'; \
++ echo 'Name: OpenSSL-libssl'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries'; \
+ echo 'Version: '$(VERSION); \
+- echo 'Requires: '; \
+- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
++ echo 'Requires.private: libcrypto'; \
++ echo 'Libs: -L$${libdir} -lssl'; \
+ echo 'Libs.private: $(EX_LIBS)'; \
+ echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc
+
+@@ -352,10 +353,7 @@ openssl.pc: Makefile
+ echo 'Name: OpenSSL'; \
+ echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+ echo 'Version: '$(VERSION); \
+- echo 'Requires: '; \
+- echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+- echo 'Libs.private: $(EX_LIBS)'; \
+- echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
++ echo 'Requires: libssl libcrypto' ) > openssl.pc
+
+ Makefile: Makefile.org Configure config
+ @echo "Makefile is older than Makefile.org, Configure or config."
diff --git a/dev-libs/openssl/files/openssl-1.0.0r-x32.patch b/dev-libs/openssl/files/openssl-1.0.0r-x32.patch
new file mode 100644
index 000000000000..2d715eb5af0e
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.0r-x32.patch
@@ -0,0 +1,76 @@
+--- openssl-1.0.0r/Configure
++++ openssl-1.0.0r/Configure
+@@ -353,6 +353,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-s390x", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+--- openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+ * machine.
+ */
+
+-# ifdef _WIN64
++# if defined _WIN64 || !defined __LP64__
+ # define BN_ULONG unsigned long long
+ # else
+ # define BN_ULONG unsigned long
+@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons
+
+ asm volatile (" subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " adcq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " adcq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
+@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons
+
+ asm volatile (" subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " sbbq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " sbbq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
+--- openssl-1.0.0r/crypto/bn/bn_exp.c
++++ openssl-1.0.0r/crypto/bn/bn_exp.c
+@@ -564,7 +564,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+ * multiple.
+ */
+ #define MOD_EXP_CTIME_ALIGN(x_) \
+- ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
++ ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+ /*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
+--- openssl-1.0.0r/crypto/bn/bn.h
++++ openssl-1.0.0r/crypto/bn/bn.h
+@@ -174,6 +174,15 @@ extern "C" {
+ # endif
+
+ /*
++ * Address type.
++ */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
++/*
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+ */
diff --git a/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
new file mode 100644
index 000000000000..19f859abb210
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1-parallel-build.patch
@@ -0,0 +1,354 @@
+http://rt.openssl.org/Ticket/Display.html?id=2084
+
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -247,17 +247,17 @@
+ build_libs: build_crypto build_ssl build_engines
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
++build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -497,9 +497,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -508,6 +508,13 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+@@ -511,7 +511,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -593,12 +600,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -105,6 +105,7 @@ LINK_SO= \
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +124,7 @@ SYMLINK_SO= \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+
+@@ -110,7 +110,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -119,7 +119,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -123,7 +123,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -365,109 +365,109 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -480,7 +480,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+--- a/crypto/objects/Makefile
++++ b/crypto/objects/Makefile
+@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+- @sleep 1; touch obj_mac.h; sleep 1
+
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+- @sleep 1; touch obj_xref.h; sleep 1
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/dev-libs/openssl/files/openssl-1.0.1-x32.patch b/dev-libs/openssl/files/openssl-1.0.1-x32.patch
new file mode 100644
index 000000000000..5106cb6e82a3
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1-x32.patch
@@ -0,0 +1,79 @@
+http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721
+
+UpstreamStatus: Pending
+
+Received from H J Liu @ Intel
+Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
+
+ported the patch to the 1.0.0e version
+Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
+Index: openssl-1.0.0e/Configure
+===================================================================
+--- openssl-1.0.0e.orig/Configure
++++ openssl-1.0.0e/Configure
+@@ -393,6 +393,7 @@ my %table=(
+ "debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "dist", "cc:-O::(unknown)::::::",
+
+ # Basic configs that should work on any (32 and less bit) box
+Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
+===================================================================
+--- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+ * machine.
+ */
+
+-#ifdef _WIN64
++#if defined _WIN64 || !defined __LP64__
+ #define BN_ULONG unsigned long long
+ #else
+ #define BN_ULONG unsigned long
+@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
+ asm (
+ " subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " adcq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " adcq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n"
+@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
+ asm (
+ " subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " sbbq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " sbbq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n"
+Index: openssl-1.0.0e/crypto/bn/bn.h
+===================================================================
+--- openssl-1.0.0e.orig/crypto/bn/bn.h
++++ openssl-1.0.0e/crypto/bn/bn.h
+@@ -172,6 +172,13 @@ extern "C" {
+ # endif
+ #endif
+
++/* Address type. */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
+ /* assuming long is 64bit - this is the DEC Alpha
+ * unsigned long long is only 64 bits :-(, don't define
+ * BN_LLONG for the DEC Alpha */
diff --git a/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
new file mode 100644
index 000000000000..03e4f59989cb
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1e-s_client-verify.patch
@@ -0,0 +1,18 @@
+https://bugs.gentoo.org/472584
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
+
+fix verification handling in s_client. when loading paths, make sure
+we properly fallback to setting the default paths.
+
+--- a/apps/s_client.c
++++ b/apps/s_client.c
+@@ -899,7 +899,7 @@
+ if (!set_cert_key_stuff(ctx,cert,key))
+ goto end;
+
+- if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
++ if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) &&
+ (!SSL_CTX_set_default_verify_paths(ctx)))
+ {
+ /* BIO_printf(bio_err,"error setting default verify locations\n"); */
+
diff --git a/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch b/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch
new file mode 100644
index 000000000000..1a942d27ebd0
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1f-revert-alpha-perl-generation.patch
@@ -0,0 +1,84 @@
+https://bugs.gentoo.org/499086
+https://rt.openssl.org/Ticket/Display.html?id=3333&user=guest&pass=guest
+
+when gcc is given a .s file and told to preprocess it, it outputs nothing
+
+From a2976461784ce463fc7f336cd0dce607d21c2fad Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 25 Jan 2014 05:44:47 -0500
+Subject: [PATCH] Revert "Make Makefiles OSF-make-friendly."
+
+This reverts commit d1cf23ac86c05b22b8780e2c03b67230564d2d34.
+---
+ crypto/Makefile | 4 +---
+ crypto/bn/Makefile | 4 +---
+ crypto/evp/Makefile | 2 +-
+ crypto/modes/Makefile | 5 +----
+ crypto/sha/Makefile | 4 +---
+ util/shlib_wrap.sh | 6 +-----
+ 6 files changed, 6 insertions(+), 19 deletions(-)
+
+diff --git a/crypto/Makefile b/crypto/Makefile
+index b253f50..1de9d5f 100644
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -86,9 +86,7 @@ ia64cpuid.s: ia64cpuid.S; $(CC) $(CFLAGS) -E ia64cpuid.S > $@
+ ppccpuid.s: ppccpuid.pl; $(PERL) ppccpuid.pl $(PERLASM_SCHEME) $@
+ pariscid.s: pariscid.pl; $(PERL) pariscid.pl $(PERLASM_SCHEME) $@
+ alphacpuid.s: alphacpuid.pl
+- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+- $(PERL) alphacpuid.pl > $$preproc && \
+- $(CC) -E $$preproc > $@ && rm $$preproc)
++ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+
+ subdirs:
+ @target=all; $(RECURSIVE_MAKE)
+diff --git a/crypto/bn/Makefile b/crypto/bn/Makefile
+index b62b676..6c03363 100644
+--- a/crypto/bn/Makefile
++++ b/crypto/bn/Makefile
+@@ -136,9 +136,7 @@ ppc-mont.s: asm/ppc-mont.pl;$(PERL) asm/ppc-mont.pl $(PERLASM_SCHEME) $@
+ ppc64-mont.s: asm/ppc64-mont.pl;$(PERL) asm/ppc64-mont.pl $(PERLASM_SCHEME) $@
+
+ alpha-mont.s: asm/alpha-mont.pl
+- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+- $(PERL) asm/alpha-mont.pl > $$preproc && \
+- $(CC) -E $$preproc > $@ && rm $$preproc)
++ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+
+ # GNU make "catch all"
+ %-mont.S: asm/%-mont.pl; $(PERL) $< $(PERLASM_SCHEME) $@
+diff --git a/crypto/modes/Makefile b/crypto/modes/Makefile
+index ce0dcd6..88ac65e 100644
+--- a/crypto/modes/Makefile
++++ b/crypto/modes/Makefile
+@@ -55,10 +55,7 @@ aesni-gcm-x86_64.s: asm/aesni-gcm-x86_64.pl
+ ghash-sparcv9.s: asm/ghash-sparcv9.pl
+ $(PERL) asm/ghash-sparcv9.pl $@ $(CFLAGS)
+ ghash-alpha.s: asm/ghash-alpha.pl
+- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+- $(PERL) asm/ghash-alpha.pl > $$preproc && \
+- $(CC) -E $$preproc > $@ && rm $$preproc)
+-
++ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+ ghash-parisc.s: asm/ghash-parisc.pl
+ $(PERL) asm/ghash-parisc.pl $(PERLASM_SCHEME) $@
+
+diff --git a/crypto/sha/Makefile b/crypto/sha/Makefile
+index 64eab6c..63fba69 100644
+--- a/crypto/sha/Makefile
++++ b/crypto/sha/Makefile
+@@ -60,9 +60,7 @@ sha256-armv4.S: asm/sha256-armv4.pl
+ $(PERL) $< $(PERLASM_SCHEME) $@
+
+ sha1-alpha.s: asm/sha1-alpha.pl
+- (preproc=/tmp/$$$$.$@; trap "rm $$preproc" INT; \
+- $(PERL) asm/sha1-alpha.pl > $$preproc && \
+- $(CC) -E $$preproc > $@ && rm $$preproc)
++ $(PERL) $< | $(CC) -E - | tee $@ > /dev/null
+
+ # Solaris make has to be explicitly told
+ sha1-x86_64.s: asm/sha1-x86_64.pl; $(PERL) asm/sha1-x86_64.pl $(PERLASM_SCHEME) > $@
+--
+1.8.5.3
+
diff --git a/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
new file mode 100644
index 000000000000..10c1ba222f1c
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1h-ipv6.patch
@@ -0,0 +1,642 @@
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+
+Forward ported from openssl-1.0.1e-ipv6.patch
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+--- openssl-1.0.1h/apps/s_apps.h
++++ openssl-1.0.1h/apps/s_apps.h
+@@ -148,7 +148,7 @@
+ #define PORT_STR "4433"
+ #define PROTOCOL "tcp"
+
+-int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
++int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -156,7 +156,7 @@
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
+ int should_retry(int i);
+ int extract_port(char *str, short *port_ptr);
+ int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
+--- openssl-1.0.1h/apps/s_client.c
++++ openssl-1.0.1h/apps/s_client.c
+@@ -285,6 +285,10 @@
+ {
+ BIO_printf(bio_err,"usage: s_client args\n");
+ BIO_printf(bio_err,"\n");
++ BIO_printf(bio_err," -4 - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++ BIO_printf(bio_err," -6 - use IPv6 only\n");
++#endif
+ BIO_printf(bio_err," -host host - use -connect instead\n");
+ BIO_printf(bio_err," -port port - use -connect instead\n");
+ BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
+@@ -568,6 +572,7 @@
+ int sbuf_len,sbuf_off;
+ fd_set readfds,writefds;
+ short port=PORT;
++ int use_ipv4, use_ipv6;
+ int full_log=1;
+ char *host=SSL_HOST_NAME;
+ char *cert_file=NULL,*key_file=NULL;
+@@ -613,7 +618,11 @@
+ #endif
+ char *sess_in = NULL;
+ char *sess_out = NULL;
+- struct sockaddr peer;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage peer;
++#else
++ struct sockaddr_in peer;
++#endif
+ int peerlen = sizeof(peer);
+ int enable_timeouts = 0 ;
+ long socket_mtu = 0;
+@@ -628,6 +637,12 @@
+
+ meth=SSLv23_client_method();
+
++ use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++ use_ipv6 = 1;
++#else
++ use_ipv6 = 0;
++#endif
+ apps_startup();
+ c_Pause=0;
+ c_quiet=0;
+@@ -949,6 +964,18 @@
+ jpake_secret = *++argv;
+ }
+ #endif
++ else if (strcmp(*argv,"-4") == 0)
++ {
++ use_ipv4 = 1;
++ use_ipv6 = 0;
++ }
++#if OPENSSL_USE_IPV6
++ else if (strcmp(*argv,"-6") == 0)
++ {
++ use_ipv4 = 0;
++ use_ipv6 = 1;
++ }
++#endif
+ #ifndef OPENSSL_NO_SRTP
+ else if (strcmp(*argv,"-use_srtp") == 0)
+ {
+@@ -1260,7 +1287,7 @@
+
+ re_start:
+
+- if (init_client(&s,host,port,socket_type) == 0)
++ if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
+ {
+ BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
+ SHUTDOWN(s);
+@@ -1286,7 +1313,7 @@
+ {
+
+ sbio=BIO_new_dgram(s,BIO_NOCLOSE);
+- if (getsockname(s, &peer, (void *)&peerlen) < 0)
++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
+ {
+ BIO_printf(bio_err, "getsockname:errno=%d\n",
+ get_last_socket_error());
+--- openssl-1.0.1h/apps/s_server.c
++++ openssl-1.0.1h/apps/s_server.c
+@@ -560,6 +560,10 @@
+ BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+ # endif
+ #endif
++ BIO_printf(bio_err," -4 - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++ BIO_printf(bio_err," -6 - use IPv6 only\n");
++#endif
+ BIO_printf(bio_err," -keymatexport label - Export keying material using label\n");
+ BIO_printf(bio_err," -keymatexportlen len - Export len bytes of keying material (default 20)\n");
+ }
+@@ -947,6 +951,7 @@
+ int state=0;
+ const SSL_METHOD *meth=NULL;
+ int socket_type=SOCK_STREAM;
++ int use_ipv4, use_ipv6;
+ ENGINE *e=NULL;
+ char *inrand=NULL;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+@@ -975,6 +980,12 @@
+ #endif
+ meth=SSLv23_server_method();
+
++ use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++ use_ipv6 = 1;
++#else
++ use_ipv6 = 0;
++#endif
+ local_argc=argc;
+ local_argv=argv;
+
+@@ -1323,6 +1334,18 @@
+ jpake_secret = *(++argv);
+ }
+ #endif
++ else if (strcmp(*argv,"-4") == 0)
++ {
++ use_ipv4 = 1;
++ use_ipv6 = 0;
++ }
++#if OPENSSL_USE_IPV6
++ else if (strcmp(*argv,"-6") == 0)
++ {
++ use_ipv4 = 0;
++ use_ipv6 = 1;
++ }
++#endif
+ #ifndef OPENSSL_NO_SRTP
+ else if (strcmp(*argv,"-use_srtp") == 0)
+ {
+@@ -1881,9 +1904,9 @@
+ BIO_printf(bio_s_out,"ACCEPT\n");
+ (void)BIO_flush(bio_s_out);
+ if (www)
+- do_server(port,socket_type,&accept_socket,www_body, context);
++ do_server(port,socket_type,&accept_socket,www_body, context, use_ipv4, use_ipv6);
+ else
+- do_server(port,socket_type,&accept_socket,sv_body, context);
++ do_server(port,socket_type,&accept_socket,sv_body, context, use_ipv4, use_ipv6);
+ print_stats(bio_s_out,ctx);
+ ret=0;
+ end:
+--- openssl-1.0.1h/apps/s_socket.c
++++ openssl-1.0.1h/apps/s_socket.c
+@@ -97,16 +97,16 @@
+ #include "netdb.h"
+ #endif
+
+-static struct hostent *GetHostByName(char *name);
++static struct hostent *GetHostByName(char *name, int domain);
+ #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ static void ssl_sock_cleanup(void);
+ #endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port,char *ip, int type);
++static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
++static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
+ static int do_accept(int acc_sock, int *sock, char **host);
+-static int host_ip(char *str, unsigned char ip[4]);
++static int host_ip(char *str, unsigned char *ip, int domain);
+
+ #ifdef OPENSSL_SYS_WIN16
+ #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+@@ -234,38 +234,68 @@
+ return(1);
+ }
+
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
+ {
++#if OPENSSL_USE_IPV6
++ unsigned char ip[16];
++#else
+ unsigned char ip[4];
++#endif
+
+- memset(ip, '\0', sizeof ip);
+- if (!host_ip(host,&(ip[0])))
+- return 0;
+- return init_client_ip(sock,ip,port,type);
+- }
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+- {
+- unsigned long addr;
++ if (use_ipv4)
++ if (host_ip(host,ip,AF_INET))
++ return(init_client_ip(sock,ip,port,type,AF_INET));
++#if OPENSSL_USE_IPV6
++ if (use_ipv6)
++ if (host_ip(host,ip,AF_INET6))
++ return(init_client_ip(sock,ip,port,type,AF_INET6));
++#endif
++ return 0;
++ }
++
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
++ {
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage them;
++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
++#else
+ struct sockaddr_in them;
++ struct sockaddr_in *them_in = &them;
++#endif
++ socklen_t addr_len;
+ int s,i;
+
+ if (!ssl_sock_init()) return(0);
+
+ memset((char *)&them,0,sizeof(them));
+- them.sin_family=AF_INET;
+- them.sin_port=htons((unsigned short)port);
+- addr=(unsigned long)
+- ((unsigned long)ip[0]<<24L)|
+- ((unsigned long)ip[1]<<16L)|
+- ((unsigned long)ip[2]<< 8L)|
+- ((unsigned long)ip[3]);
+- them.sin_addr.s_addr=htonl(addr);
++ if (domain == AF_INET)
++ {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in);
++ them_in->sin_family=AF_INET;
++ them_in->sin_port=htons((unsigned short)port);
++#ifndef BIT_FIELD_LIMITS
++ memcpy(&them_in->sin_addr.s_addr, ip, 4);
++#else
++ memcpy(&them_in->sin_addr, ip, 4);
++#endif
++ }
++ else
++#if OPENSSL_USE_IPV6
++ {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++ them_in6->sin6_family=AF_INET6;
++ them_in6->sin6_port=htons((unsigned short)port);
++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
++ }
++#else
++ return(0);
++#endif
+
+ if (type == SOCK_STREAM)
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
+ else /* ( type == SOCK_DGRAM) */
+- s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
++ s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
+@@ -277,29 +307,27 @@
+ if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
+ }
+ #endif
+-
+- if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
++ if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
+ { closesocket(s); perror("connect"); return(0); }
+ *sock=s;
+ return(1);
+ }
+
+-int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
++int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context, int use_ipv4, int use_ipv6)
+ {
+ int sock;
+ char *name = NULL;
+ int accept_socket = 0;
+ int i;
+
+- if (!init_server(&accept_socket,port,type)) return(0);
+-
++ if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
+ if (ret != NULL)
+ {
+ *ret=accept_socket;
+ /* return(1);*/
+ }
+- for (;;)
+- {
++ for (;;)
++ {
+ if (type==SOCK_STREAM)
+ {
+ if (do_accept(accept_socket,&sock,&name) == 0)
+@@ -322,41 +350,88 @@
+ }
+ }
+
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
+ {
+ int ret=0;
++ int domain;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage server;
++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
++#else
+ struct sockaddr_in server;
++ struct sockaddr_in *server_in = &server;
++#endif
++ socklen_t addr_len;
+ int s= -1;
+
++ if (!use_ipv4 && !use_ipv6)
++ goto err;
++#if OPENSSL_USE_IPV6
++ /* we are fine here */
++#else
++ if (use_ipv6)
++ goto err;
++#endif
+ if (!ssl_sock_init()) return(0);
+
+- memset((char *)&server,0,sizeof(server));
+- server.sin_family=AF_INET;
+- server.sin_port=htons((unsigned short)port);
+- if (ip == NULL)
+- server.sin_addr.s_addr=INADDR_ANY;
+- else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-#ifndef BIT_FIELD_LIMITS
+- memcpy(&server.sin_addr.s_addr,ip,4);
++#if OPENSSL_USE_IPV6
++ domain = use_ipv6 ? AF_INET6 : AF_INET;
+ #else
+- memcpy(&server.sin_addr,ip,4);
++ domain = AF_INET;
+ #endif
+-
+- if (type == SOCK_STREAM)
+- s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
+- else /* type == SOCK_DGRAM */
+- s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
++ if (type == SOCK_STREAM)
++ s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
++ else /* type == SOCK_DGRAM */
++ s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET) goto err;
+ #if defined SOL_SOCKET && defined SO_REUSEADDR
++ {
++ int j = 1;
++ setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
++ (void *) &j, sizeof j);
++ }
++#endif
++#if OPENSSL_USE_IPV6
++ if ((use_ipv4 == 0) && (use_ipv6 == 1))
++ {
++ const int on = 1;
++
++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++ (const void *) &on, sizeof(int));
++ }
++#endif
++ if (domain == AF_INET)
++ {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in);
++ memset(server_in, 0, sizeof(struct sockaddr_in));
++ server_in->sin_family=AF_INET;
++ server_in->sin_port = htons((unsigned short)port);
++ if (ip == NULL)
++ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
++ else
++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
++#ifndef BIT_FIELD_LIMITS
++ memcpy(&server_in->sin_addr.s_addr, ip, 4);
++#else
++ memcpy(&server_in->sin_addr, ip, 4);
++#endif
++ }
++#if OPENSSL_USE_IPV6
++ else
+ {
+- int j = 1;
+- setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+- (void *) &j, sizeof j);
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++ memset(server_in6, 0, sizeof(struct sockaddr_in6));
++ server_in6->sin6_family = AF_INET6;
++ server_in6->sin6_port = htons((unsigned short)port);
++ if (ip == NULL)
++ server_in6->sin6_addr = in6addr_any;
++ else
++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
+ }
+ #endif
+- if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
+ {
+ #ifndef OPENSSL_SYS_WINDOWS
+ perror("bind");
+@@ -375,16 +450,23 @@
+ return(ret);
+ }
+
+-static int init_server(int *sock, int port, int type)
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
+ {
+- return(init_server_long(sock, port, NULL, type));
++ return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
+ }
+
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+ int ret;
+ struct hostent *h1,*h2;
+- static struct sockaddr_in from;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage from;
++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
++#else
++ struct sockaddr_in from;
++ struct sockaddr_in *from_in = &from;
++#endif
+ int len;
+ /* struct linger ling; */
+
+@@ -431,13 +513,23 @@
+ */
+
+ if (host == NULL) goto end;
++#if OPENSSL_USE_IPV6
++ if (from.ss_family == AF_INET)
++#else
++ if (from.sin_family == AF_INET)
++#endif
+ #ifndef BIT_FIELD_LIMITS
+- /* I should use WSAAsyncGetHostByName() under windows */
+- h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
+- sizeof(from.sin_addr.s_addr),AF_INET);
++ /* I should use WSAAsyncGetHostByName() under windows */
++ h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
++ sizeof(from_in->sin_addr.s_addr), AF_INET);
+ #else
+- h1=gethostbyaddr((char *)&from.sin_addr,
+- sizeof(struct in_addr),AF_INET);
++ h1=gethostbyaddr((char *)&from_in->sin_addr,
++ sizeof(struct in_addr), AF_INET);
++#endif
++#if OPENSSL_USE_IPV6
++ else
++ h1=gethostbyaddr((char *)&from_in6->sin6_addr,
++ sizeof(struct in6_addr), AF_INET6);
+ #endif
+ if (h1 == NULL)
+ {
+@@ -455,16 +547,25 @@
+ }
+ BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
+
+- h2=GetHostByName(*host);
++#if OPENSSL_USE_IPV6
++ h2=GetHostByName(*host, from.ss_family);
++#else
++ h2=GetHostByName(*host, from.sin_family);
++#endif
++
+ if (h2 == NULL)
+ {
+ BIO_printf(bio_err,"gethostbyname failure\n");
+ closesocket(ret);
+ return(0);
+ }
+- if (h2->h_addrtype != AF_INET)
++#if OPENSSL_USE_IPV6
++ if (h2->h_addrtype != from.ss_family)
++#else
++ if (h2->h_addrtype != from.sin_family)
++#endif
+ {
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
++ BIO_printf(bio_err,"gethostbyname addr address is not correct\n");
+ closesocket(ret);
+ return(0);
+ }
+@@ -480,7 +581,7 @@
+ char *h,*p;
+
+ h=str;
+- p=strchr(str,':');
++ p=strrchr(str,':');
+ if (p == NULL)
+ {
+ BIO_printf(bio_err,"no port defined\n");
+@@ -488,7 +589,7 @@
+ }
+ *(p++)='\0';
+
+- if ((ip != NULL) && !host_ip(str,ip))
++ if ((ip != NULL) && !host_ip(str,ip,AF_INET))
+ goto err;
+ if (host_ptr != NULL) *host_ptr=h;
+
+@@ -499,48 +600,58 @@
+ return(0);
+ }
+
+-static int host_ip(char *str, unsigned char ip[4])
++static int host_ip(char *str, unsigned char *ip, int domain)
+ {
+- unsigned int in[4];
++ unsigned int in[4];
++ unsigned long l;
+ int i;
+
+- if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
++ if ((domain == AF_INET) &&
++ (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
+ {
++
+ for (i=0; i<4; i++)
+ if (in[i] > 255)
+ {
+ BIO_printf(bio_err,"invalid IP address\n");
+ goto err;
+ }
+- ip[0]=in[0];
+- ip[1]=in[1];
+- ip[2]=in[2];
+- ip[3]=in[3];
+- }
++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
++ memcpy(ip, &l, 4);
++ return 1;
++ }
++#if OPENSSL_USE_IPV6
++ else if ((domain == AF_INET6) &&
++ (inet_pton(AF_INET6, str, ip) == 1))
++ return 1;
++#endif
+ else
+ { /* do a gethostbyname */
+ struct hostent *he;
+
+ if (!ssl_sock_init()) return(0);
+
+- he=GetHostByName(str);
++ he=GetHostByName(str,domain);
+ if (he == NULL)
+ {
+ BIO_printf(bio_err,"gethostbyname failure\n");
+ goto err;
+ }
+ /* cast to short because of win16 winsock definition */
+- if ((short)he->h_addrtype != AF_INET)
++ if ((short)he->h_addrtype != domain)
+ {
+- BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
++ BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
+ return(0);
+ }
+- ip[0]=he->h_addr_list[0][0];
+- ip[1]=he->h_addr_list[0][1];
+- ip[2]=he->h_addr_list[0][2];
+- ip[3]=he->h_addr_list[0][3];
++ if (domain == AF_INET)
++ memset(ip, 0, 4);
++#if OPENSSL_USE_IPV6
++ else
++ memset(ip, 0, 16);
++#endif
++ memcpy(ip, he->h_addr_list[0], he->h_length);
++ return 1;
+ }
+- return(1);
+ err:
+ return(0);
+ }
+@@ -577,7 +688,7 @@
+ static unsigned long ghbn_hits=0L;
+ static unsigned long ghbn_miss=0L;
+
+-static struct hostent *GetHostByName(char *name)
++static struct hostent *GetHostByName(char *name, int domain)
+ {
+ struct hostent *ret;
+ int i,lowi=0;
+@@ -592,14 +703,20 @@
+ }
+ if (ghbn_cache[i].order > 0)
+ {
+- if (strncmp(name,ghbn_cache[i].name,128) == 0)
++ if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
++ (ghbn_cache[i].ent.h_addrtype == domain))
+ break;
+ }
+ }
+ if (i == GHBN_NUM) /* no hit*/
+ {
+ ghbn_miss++;
+- ret=gethostbyname(name);
++ if (domain == AF_INET)
++ ret=gethostbyname(name);
++#if OPENSSL_USE_IPV6
++ else
++ ret=gethostbyname2(name, AF_INET6);
++#endif
+ if (ret == NULL) return(NULL);
+ /* else add to cache */
+ if(strlen(name) < sizeof ghbn_cache[0].name)
diff --git a/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch b/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch
new file mode 100644
index 000000000000..811f573a1107
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch
@@ -0,0 +1,356 @@
+--- openssl-1.0.1l/crypto/asn1/a_type.c
++++ openssl-1.0.1l/crypto/asn1/a_type.c
+@@ -124,6 +124,9 @@
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
++ case V_ASN1_BOOLEAN:
++ result = a->value.boolean - b->value.boolean;
++ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
+--- openssl-1.0.1l/crypto/asn1/tasn_dec.c
++++ openssl-1.0.1l/crypto/asn1/tasn_dec.c
+@@ -130,11 +130,17 @@
+ {
+ ASN1_TLC c;
+ ASN1_VALUE *ptmpval = NULL;
+- if (!pval)
+- pval = &ptmpval;
+ asn1_tlc_clear_nc(&c);
+- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+- return *pval;
++ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++ ptmpval = *pval;
++ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++ if (*pval)
++ ASN1_item_free(*pval, it);
++ *pval = ptmpval;
++ }
++ return ptmpval;
++ }
+ return NULL;
+ }
+
+@@ -311,9 +317,16 @@
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+
+- /* Allocate structure */
+- if (!*pval && !ASN1_item_ex_new(pval, it))
+- {
++ if (*pval) {
++ /* Free up and zero CHOICE value if initialised */
++ i = asn1_get_choice_selector(pval, it);
++ if ((i >= 0) && (i < it->tcount)) {
++ tt = it->templates + i;
++ pchptr = asn1_get_field_ptr(pval, tt);
++ ASN1_template_free(pchptr, tt);
++ asn1_set_choice_selector(pval, -1, it);
++ }
++ } else if (!ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+@@ -407,6 +420,17 @@
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+
++ /* Free up and zero any ADB found */
++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++ if (tt->flags & ASN1_TFLG_ADB_MASK) {
++ const ASN1_TEMPLATE *seqtt;
++ ASN1_VALUE **pseqval;
++ seqtt = asn1_do_adb(pval, tt, 1);
++ pseqval = asn1_get_field_ptr(pval, seqtt);
++ ASN1_template_free(pseqval, seqtt);
++ }
++ }
++
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ {
+--- openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
++++ openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
+@@ -272,6 +272,25 @@
+ PKCS7_RECIP_INFO *ri=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++ /*
++ * The content field in the PKCS7 ContentInfo is optional, but that really
++ * only applies to inner content (precisely, detached signatures).
++ *
++ * When reading content, missing outer content is therefore treated as an
++ * error.
++ *
++ * When creating content, PKCS7_content_new() must be called before
++ * calling this method, so a NULL p7->d is always an error.
++ */
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -433,6 +452,16 @@
+ unsigned char *ek = NULL, *tkey = NULL;
+ int eklen = 0, tkeylen = 0;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+
+@@ -752,6 +781,16 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ ASN1_OCTET_STRING *os=NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ EVP_MD_CTX_init(&ctx_tmp);
+ i=OBJ_obj2nid(p7->type);
+ p7->state=PKCS7_S_HEADER;
+@@ -796,6 +835,7 @@
+ /* If detached data then the content is excluded */
+ if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.sign->contents->d.data = NULL;
+ }
+ break;
+@@ -806,6 +846,7 @@
+ if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.digest->contents->d.data = NULL;
+ }
+ break;
+@@ -878,24 +919,31 @@
+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ }
+
+- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
+- {
++ if (!PKCS7_is_detached(p7)) {
++ /*
++ * NOTE(emilia): I think we only reach os == NULL here because detached
++ * digested data support is broken.
++ */
++ if (os == NULL)
++ goto err;
++ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
+ char *cont;
+ long contlen;
+- btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+- if (btmp == NULL)
+- {
+- PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+- goto err;
+- }
++ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
++ if (btmp == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++ goto err;
++ }
+ contlen = BIO_get_mem_data(btmp, &cont);
+- /* Mark the BIO read only then we can use its copy of the data
++ /*
++ * Mark the BIO read only then we can use its copy of the data
+ * instead of making an extra copy.
+ */
+ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+ BIO_set_mem_eof_return(btmp, 0);
+ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+- }
++ }
++ }
+ ret=1;
+ err:
+ EVP_MD_CTX_cleanup(&ctx_tmp);
+@@ -971,6 +1019,16 @@
+ STACK_OF(X509) *cert;
+ X509 *x509;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ if (PKCS7_type_is_signed(p7))
+ {
+ cert=p7->d.sign->cert;
+--- openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
++++ openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
+@@ -71,6 +71,7 @@
+
+ switch (cmd)
+ {
++ /* NOTE(emilia): does not support detached digested data. */
+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed)
+ {
+@@ -459,6 +460,8 @@
+
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ {
++ if (p7 == NULL || p7->d.ptr == NULL)
++ return NULL;
+ if (PKCS7_type_is_signed(p7))
+ {
+ return(p7->d.sign->signer_info);
+--- openssl-1.0.1l/doc/crypto/d2i_X509.pod
++++ openssl-1.0.1l/doc/crypto/d2i_X509.pod
+@@ -199,6 +199,12 @@
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -210,7 +216,9 @@
+
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>.
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
+--- openssl-1.0.1l/ssl/s2_lib.c
++++ openssl-1.0.1l/ssl/s2_lib.c
+@@ -488,7 +488,7 @@
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+- < (int)sizeof(s->session->master_key));
++ <= (int)sizeof(s->session->master_key));
+ EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ EVP_DigestUpdate(&ctx,&c,1);
+ c++;
+--- openssl-1.0.1l/ssl/s2_srvr.c
++++ openssl-1.0.1l/ssl/s2_srvr.c
+@@ -454,10 +454,6 @@
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ return(-1);
+ }
+- i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+- &(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+- (s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+-
+ is_export=SSL_C_IS_EXPORT(s->session->cipher);
+
+ if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
+@@ -475,21 +471,59 @@
+ else
+ ek=5;
+
++ /*
++ * The format of the CLIENT-MASTER-KEY message is
++ * 1 byte message type
++ * 3 bytes cipher
++ * 2-byte clear key length (stored in s->s2->tmp.clear)
++ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++ * 2-byte key args length (IV etc)
++ * clear key
++ * encrypted key
++ * key args
++ *
++ * If the cipher is an export cipher, then the encrypted key bytes
++ * are a fixed portion of the total key (5 or 8 bytes). The size of
++ * this portion is in |ek|. If the cipher is not an export cipher,
++ * then the entire key material is encrypted (i.e., clear key length
++ * must be zero).
++ */
++ if ((!is_export && s->s2->tmp.clear != 0) ||
++ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++ return -1;
++ }
++ /*
++ * The encrypted blob must decrypt to the encrypted portion of the key.
++ * Decryption can't be expanding, so if we don't have enough encrypted
++ * bytes to fit the key in the buffer, stop now.
++ */
++ if ((is_export && s->s2->tmp.enc < ek) ||
++ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++ return -1;
++ }
++
++ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++ &(p[s->s2->tmp.clear]),
++ &(p[s->s2->tmp.clear]),
++ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++ RSA_PKCS1_PADDING);
++
+ /* bad decrypt */
+ #if 1
+ /* If a bad decrypt, continue with protocol but with a
+ * random master secret (Bleichenbacher attack) */
+- if ((i < 0) ||
+- ((!is_export && (i != EVP_CIPHER_key_length(c)))
+- || (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+- (unsigned int)EVP_CIPHER_key_length(c))))))
+- {
++ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++ || (is_export && i != ek))) {
+ ERR_clear_error();
+ if (is_export)
+ i=ek;
+ else
+ i=EVP_CIPHER_key_length(c);
+- if (RAND_pseudo_bytes(p,i) <= 0)
++ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ return 0;
+ }
+ #else
+@@ -513,7 +547,8 @@
+ }
+ #endif
+
+- if (is_export) i+=s->s2->tmp.clear;
++ if (is_export)
++ i = EVP_CIPHER_key_length(c);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ {
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch
new file mode 100644
index 000000000000..34a7e53c08ca
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch
@@ -0,0 +1,618 @@
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+
+Forward ported from openssl-1.0.1h-ipv6.patch
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+--- openssl-1.0.1m/apps/s_apps.h
++++ openssl-1.0.1m/apps/s_apps.h
+@@ -153,7 +153,7 @@ typedef fd_mask fd_set;
+
+ int do_server(int port, int type, int *ret,
+ int (*cb) (char *hostname, int s, unsigned char *context),
+- unsigned char *context);
++ unsigned char *context, int use_ipv4, int use_ipv6);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -161,7 +161,8 @@ int MS_CALLBACK verify_callback(int ok,
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, int port, int type,
++ int use_ipv4, int use_ipv6);
+ int should_retry(int i);
+ int extract_port(char *str, short *port_ptr);
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+--- openssl-1.0.1m/apps/s_client.c
++++ openssl-1.0.1m/apps/s_client.c
+@@ -299,6 +299,10 @@ static void sc_usage(void)
+ {
+ BIO_printf(bio_err, "usage: s_client args\n");
+ BIO_printf(bio_err, "\n");
++ BIO_printf(bio_err," -4 - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++ BIO_printf(bio_err," -6 - use IPv6 only\n");
++#endif
+ BIO_printf(bio_err, " -host host - use -connect instead\n");
+ BIO_printf(bio_err, " -port port - use -connect instead\n");
+ BIO_printf(bio_err,
+@@ -629,6 +633,7 @@ int MAIN(int argc, char **argv)
+ int sbuf_len, sbuf_off;
+ fd_set readfds, writefds;
+ short port = PORT;
++ int use_ipv4, use_ipv6;
+ int full_log = 1;
+ char *host = SSL_HOST_NAME;
+ char *cert_file = NULL, *key_file = NULL;
+@@ -673,7 +678,11 @@ int MAIN(int argc, char **argv)
+ #endif
+ char *sess_in = NULL;
+ char *sess_out = NULL;
+- struct sockaddr peer;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage peer;
++#else
++ struct sockaddr_in peer;
++#endif
+ int peerlen = sizeof(peer);
+ int fallback_scsv = 0;
+ int enable_timeouts = 0;
+@@ -689,6 +698,13 @@ int MAIN(int argc, char **argv)
+
+ meth = SSLv23_client_method();
+
++ use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++ use_ipv6 = 1;
++#else
++ use_ipv6 = 0;
++#endif
++
+ apps_startup();
+ c_Pause = 0;
+ c_quiet = 0;
+@@ -985,6 +1001,16 @@ int MAIN(int argc, char **argv)
+ jpake_secret = *++argv;
+ }
+ #endif
++ else if (strcmp(*argv,"-4") == 0) {
++ use_ipv4 = 1;
++ use_ipv6 = 0;
++ }
++#if OPENSSL_USE_IPV6
++ else if (strcmp(*argv,"-6") == 0) {
++ use_ipv4 = 0;
++ use_ipv6 = 1;
++ }
++#endif
+ #ifndef OPENSSL_NO_SRTP
+ else if (strcmp(*argv, "-use_srtp") == 0) {
+ if (--argc < 1)
+@@ -1256,7 +1282,7 @@ int MAIN(int argc, char **argv)
+
+ re_start:
+
+- if (init_client(&s, host, port, socket_type) == 0) {
++ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
+ BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+ SHUTDOWN(s);
+ goto end;
+@@ -1279,7 +1305,7 @@ int MAIN(int argc, char **argv)
+ if (SSL_version(con) == DTLS1_VERSION) {
+
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+- if (getsockname(s, &peer, (void *)&peerlen) < 0) {
++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
+ BIO_printf(bio_err, "getsockname:errno=%d\n",
+ get_last_socket_error());
+ SHUTDOWN(s);
+--- openssl-1.0.1m/apps/s_server.c
++++ openssl-1.0.1m/apps/s_server.c
+@@ -609,6 +609,10 @@ static void sv_usage(void)
+ " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+ # endif
+ #endif
++ BIO_printf(bio_err," -4 - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++ BIO_printf(bio_err," -6 - use IPv6 only\n");
++#endif
+ BIO_printf(bio_err,
+ " -keymatexport label - Export keying material using label\n");
+ BIO_printf(bio_err,
+@@ -1003,6 +1007,7 @@ int MAIN(int argc, char *argv[])
+ int state = 0;
+ const SSL_METHOD *meth = NULL;
+ int socket_type = SOCK_STREAM;
++ int use_ipv4, use_ipv6;
+ ENGINE *e = NULL;
+ char *inrand = NULL;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+@@ -1031,6 +1036,13 @@ int MAIN(int argc, char *argv[])
+ #endif
+ meth = SSLv23_server_method();
+
++ use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++ use_ipv6 = 1;
++#else
++ use_ipv6 = 0;
++#endif
++
+ local_argc = argc;
+ local_argv = argv;
+
+@@ -1356,6 +1368,16 @@ int MAIN(int argc, char *argv[])
+ jpake_secret = *(++argv);
+ }
+ #endif
++ else if (strcmp(*argv,"-4") == 0) {
++ use_ipv4 = 1;
++ use_ipv6 = 0;
++ }
++#if OPENSSL_USE_IPV6
++ else if (strcmp(*argv,"-6") == 0) {
++ use_ipv4 = 0;
++ use_ipv6 = 1;
++ }
++#endif
+ #ifndef OPENSSL_NO_SRTP
+ else if (strcmp(*argv, "-use_srtp") == 0) {
+ if (--argc < 1)
+@@ -1850,9 +1872,11 @@ int MAIN(int argc, char *argv[])
+ BIO_printf(bio_s_out, "ACCEPT\n");
+ (void)BIO_flush(bio_s_out);
+ if (www)
+- do_server(port, socket_type, &accept_socket, www_body, context);
++ do_server(port, socket_type, &accept_socket, www_body, context,
++ use_ipv4, use_ipv6);
+ else
+- do_server(port, socket_type, &accept_socket, sv_body, context);
++ do_server(port, socket_type, &accept_socket, sv_body, context,
++ use_ipv4, use_ipv6);
+ print_stats(bio_s_out, ctx);
+ ret = 0;
+ end:
+--- openssl-1.0.1m/apps/s_socket.c
++++ openssl-1.0.1m/apps/s_socket.c
+@@ -101,16 +101,16 @@ typedef unsigned int u_int;
+ # include "netdb.h"
+ # endif
+
+-static struct hostent *GetHostByName(char *name);
++static struct hostent *GetHostByName(char *name, int domain);
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ static void ssl_sock_cleanup(void);
+ # endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port, char *ip, int type);
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
+ static int do_accept(int acc_sock, int *sock, char **host);
+-static int host_ip(char *str, unsigned char ip[4]);
++static int host_ip(char *str, unsigned char *ip, int domain);
+
+ # ifdef OPENSSL_SYS_WIN16
+ # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+@@ -231,38 +231,66 @@ static int ssl_sock_init(void)
+ return (1);
+ }
+
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
+ {
++#if OPENSSL_USE_IPV6
++ unsigned char ip[16];
++#else
+ unsigned char ip[4];
++#endif
+
+- memset(ip, '\0', sizeof ip);
+- if (!host_ip(host, &(ip[0])))
+- return 0;
+- return init_client_ip(sock, ip, port, type);
+-}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-{
+- unsigned long addr;
++ if (use_ipv4)
++ if (host_ip(host,ip,AF_INET))
++ return(init_client_ip(sock,ip,port,type,AF_INET));
++#if OPENSSL_USE_IPV6
++ if (use_ipv6)
++ if (host_ip(host,ip,AF_INET6))
++ return(init_client_ip(sock,ip,port,type,AF_INET6));
++#endif
++ return 0;
++}
++
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
++{
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage them;
++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
++#else
+ struct sockaddr_in them;
++ struct sockaddr_in *them_in = &them;
++#endif
++ socklen_t addr_len;
+ int s, i;
+
+ if (!ssl_sock_init())
+ return (0);
+
+ memset((char *)&them, 0, sizeof(them));
+- them.sin_family = AF_INET;
+- them.sin_port = htons((unsigned short)port);
+- addr = (unsigned long)
+- ((unsigned long)ip[0] << 24L) |
+- ((unsigned long)ip[1] << 16L) |
+- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+- them.sin_addr.s_addr = htonl(addr);
++ if (domain == AF_INET) {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in);
++ them_in->sin_family=AF_INET;
++ them_in->sin_port=htons((unsigned short)port);
++#ifndef BIT_FIELD_LIMITS
++ memcpy(&them_in->sin_addr.s_addr, ip, 4);
++#else
++ memcpy(&them_in->sin_addr, ip, 4);
++#endif
++ } else {
++#if OPENSSL_USE_IPV6
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++ them_in6->sin6_family=AF_INET6;
++ them_in6->sin6_port=htons((unsigned short)port);
++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
++ }
++#else
++ return(0);
++#endif
+
+ if (type == SOCK_STREAM)
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+ else /* ( type == SOCK_DGRAM) */
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET) {
+ perror("socket");
+@@ -280,7 +308,7 @@ static int init_client_ip(int *sock, uns
+ }
+ # endif
+
+- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
++ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
+ closesocket(s);
+ perror("connect");
+ return (0);
+@@ -291,14 +319,14 @@ static int init_client_ip(int *sock, uns
+
+ int do_server(int port, int type, int *ret,
+ int (*cb) (char *hostname, int s, unsigned char *context),
+- unsigned char *context)
++ unsigned char *context, int use_ipv4, int use_ipv6)
+ {
+ int sock;
+ char *name = NULL;
+ int accept_socket = 0;
+ int i;
+
+- if (!init_server(&accept_socket, port, type))
++ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
+ return (0);
+
+ if (ret != NULL) {
+@@ -325,32 +353,45 @@ int do_server(int port, int type, int *r
+ }
+ }
+
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server_long(int *sock, int port, char *ip, int type,
++ int use_ipv4, int use_ipv6)
+ {
+ int ret = 0;
++ int domain;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage server;
++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
++#else
+ struct sockaddr_in server;
++ struct sockaddr_in *server_in = &server;
++#endif
++ socklen_t addr_len;
+ int s = -1;
+
++ if (!use_ipv4 && !use_ipv6)
++ goto err;
++#if OPENSSL_USE_IPV6
++ /*
++ * we are fine here
++ */
++#else
++ if (use_ipv6)
++ goto err;
++#endif
+ if (!ssl_sock_init())
+ return (0);
+
+- memset((char *)&server, 0, sizeof(server));
+- server.sin_family = AF_INET;
+- server.sin_port = htons((unsigned short)port);
+- if (ip == NULL)
+- server.sin_addr.s_addr = INADDR_ANY;
+- else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-# ifndef BIT_FIELD_LIMITS
+- memcpy(&server.sin_addr.s_addr, ip, 4);
++#if OPENSSL_USE_IPV6
++ domain = use_ipv6 ? AF_INET6 : AF_INET;
+ # else
+- memcpy(&server.sin_addr, ip, 4);
++ domain = AF_INET;
+ # endif
+
+ if (type == SOCK_STREAM)
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+ else /* type == SOCK_DGRAM */
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET)
+ goto err;
+@@ -360,7 +401,44 @@ static int init_server_long(int *sock, i
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+ }
+ # endif
+- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
++#if OPENSSL_USE_IPV6
++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
++ const int on = 1;
++
++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++ (const void *) &on, sizeof(int));
++ }
++#endif
++ if (domain == AF_INET) {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in);
++ memset(server_in, 0, sizeof(struct sockaddr_in));
++ server_in->sin_family=AF_INET;
++ server_in->sin_port = htons((unsigned short)port);
++ if (ip == NULL)
++ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
++ else
++/*
++ * Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov)
++ */
++#ifndef BIT_FIELD_LIMITS
++ memcpy(&server_in->sin_addr.s_addr, ip, 4);
++#else
++ memcpy(&server_in->sin_addr, ip, 4);
++#endif
++ }
++#if OPENSSL_USE_IPV6
++ else {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++ memset(server_in6, 0, sizeof(struct sockaddr_in6));
++ server_in6->sin6_family = AF_INET6;
++ server_in6->sin6_port = htons((unsigned short)port);
++ if (ip == NULL)
++ server_in6->sin6_addr = in6addr_any;
++ else
++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
++ }
++#endif
++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
+ # ifndef OPENSSL_SYS_WINDOWS
+ perror("bind");
+ # endif
+@@ -378,16 +456,24 @@ static int init_server_long(int *sock, i
+ return (ret);
+ }
+
+-static int init_server(int *sock, int port, int type)
++static int init_server(int *sock, int port, int type,
++ int use_ipv4, int use_ipv6)
+ {
+- return (init_server_long(sock, port, NULL, type));
++ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
+ }
+
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+ int ret;
+ struct hostent *h1, *h2;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage from;
++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
++#else
+ static struct sockaddr_in from;
++ struct sockaddr_in *from_in = &from;
++#endif
+ int len;
+ /* struct linger ling; */
+
+@@ -437,14 +523,24 @@ static int do_accept(int acc_sock, int *
+
+ if (host == NULL)
+ goto end;
++#if OPENSSL_USE_IPV6
++ if (from.ss_family == AF_INET)
++#else
++ if (from.sin_family == AF_INET)
++#endif
+ # ifndef BIT_FIELD_LIMITS
+ /* I should use WSAAsyncGetHostByName() under windows */
+- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+- sizeof(from.sin_addr.s_addr), AF_INET);
++ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
++ sizeof(from_in->sin_addr.s_addr), AF_INET);
+ # else
+- h1 = gethostbyaddr((char *)&from.sin_addr,
++ h1 = gethostbyaddr((char *)&from_in->sin_addr,
+ sizeof(struct in_addr), AF_INET);
+ # endif
++#if OPENSSL_USE_IPV6
++ else
++ h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
++ sizeof(struct in6_addr), AF_INET6);
++#endif
+ if (h1 == NULL) {
+ BIO_printf(bio_err, "bad gethostbyaddr\n");
+ *host = NULL;
+@@ -457,14 +553,23 @@ static int do_accept(int acc_sock, int *
+ }
+ BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
+
+- h2 = GetHostByName(*host);
++#if OPENSSL_USE_IPV6
++ h2 = GetHostByName(*host, from.ss_family);
++#else
++ h2 = GetHostByName(*host, from.sin_family);
++#endif
++
+ if (h2 == NULL) {
+ BIO_printf(bio_err, "gethostbyname failure\n");
+ closesocket(ret);
+ return (0);
+ }
+- if (h2->h_addrtype != AF_INET) {
+- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++#if OPENSSL_USE_IPV6
++ if (h2->h_addrtype != from.ss_family) {
++#else
++ if (h2->h_addrtype != from.sin_family) {
++#endif
++ BIO_printf(bio_err, "gethostbyname addr address is not correct\n");
+ closesocket(ret);
+ return (0);
+ }
+@@ -480,14 +585,14 @@ int extract_host_port(char *str, char **
+ char *h, *p;
+
+ h = str;
+- p = strchr(str, ':');
++ p = strrchr(str, ':');
+ if (p == NULL) {
+ BIO_printf(bio_err, "no port defined\n");
+ return (0);
+ }
+ *(p++) = '\0';
+
+- if ((ip != NULL) && !host_ip(str, ip))
++ if ((ip != NULL) && !host_ip(str, ip, AF_INET))
+ goto err;
+ if (host_ptr != NULL)
+ *host_ptr = h;
+@@ -499,44 +604,54 @@ int extract_host_port(char *str, char **
+ return (0);
+ }
+
+-static int host_ip(char *str, unsigned char ip[4])
++static int host_ip(char *str, unsigned char *ip, int domain)
+ {
+ unsigned int in[4];
++ unsigned long l;
+ int i;
+
+- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
+- 4) {
++ if ((domain == AF_INET) &&
++ (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
++ 4)) {
+ for (i = 0; i < 4; i++)
+ if (in[i] > 255) {
+ BIO_printf(bio_err, "invalid IP address\n");
+ goto err;
+ }
+- ip[0] = in[0];
+- ip[1] = in[1];
+- ip[2] = in[2];
+- ip[3] = in[3];
+- } else { /* do a gethostbyname */
++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
++ memcpy(ip, &l, 4);
++ return 1;
++ }
++#if OPENSSL_USE_IPV6
++ else if ((domain == AF_INET6) &&
++ (inet_pton(AF_INET6, str, ip) == 1))
++ return 1;
++#endif
++ else { /* do a gethostbyname */
+ struct hostent *he;
+
+ if (!ssl_sock_init())
+ return (0);
+
+- he = GetHostByName(str);
++ he = GetHostByName(str, domain);
+ if (he == NULL) {
+ BIO_printf(bio_err, "gethostbyname failure\n");
+ goto err;
+ }
+ /* cast to short because of win16 winsock definition */
+- if ((short)he->h_addrtype != AF_INET) {
+- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++ if ((short)he->h_addrtype != domain) {
++ BIO_printf(bio_err, "gethostbyname addr family is not correct\n");
+ return (0);
+ }
+- ip[0] = he->h_addr_list[0][0];
+- ip[1] = he->h_addr_list[0][1];
+- ip[2] = he->h_addr_list[0][2];
+- ip[3] = he->h_addr_list[0][3];
++ if (domain == AF_INET)
++ memset(ip, 0, 4);
++#if OPENSSL_USE_IPV6
++ else
++ memset(ip, 0, 16);
++#endif
++ memcpy(ip, he->h_addr_list[0], he->h_length);
++ return 1;
+ }
+- return (1);
+ err:
+ return (0);
+ }
+@@ -570,7 +685,7 @@ static struct ghbn_cache_st {
+ static unsigned long ghbn_hits = 0L;
+ static unsigned long ghbn_miss = 0L;
+
+-static struct hostent *GetHostByName(char *name)
++static struct hostent *GetHostByName(char *name, int domain)
+ {
+ struct hostent *ret;
+ int i, lowi = 0;
+@@ -582,13 +697,19 @@ static struct hostent *GetHostByName(cha
+ lowi = i;
+ }
+ if (ghbn_cache[i].order > 0) {
+- if (strncmp(name, ghbn_cache[i].name, 128) == 0)
++ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) &&
++ (ghbn_cache[i].ent.h_addrtype == domain))
+ break;
+ }
+ }
+ if (i == GHBN_NUM) { /* no hit */
+ ghbn_miss++;
+- ret = gethostbyname(name);
++ if (domain == AF_INET)
++ ret = gethostbyname(name);
++#if OPENSSL_USE_IPV6
++ else
++ ret=gethostbyname2(name, AF_INET6);
++#endif
+ if (ret == NULL)
+ return (NULL);
+ /* else add to cache */
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch
new file mode 100644
index 000000000000..db92b79f6ae8
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch
@@ -0,0 +1,364 @@
+http://rt.openssl.org/Ticket/Display.html?id=2084
+
+--- openssl-1.0.1m/crypto/Makefile
++++ openssl-1.0.1m/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.1m/crypto/objects/Makefile
++++ openssl-1.0.1m/crypto/objects/Makefile
+@@ -44,11 +44,11 @@
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+- @sleep 1; touch obj_mac.h; sleep 1
+
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+- @sleep 1; touch obj_xref.h; sleep 1
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+--- openssl-1.0.1m/engines/Makefile
++++ openssl-1.0.1m/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- openssl-1.0.1m/Makefile.org
++++ openssl-1.0.1m/Makefile.org
+@@ -273,17 +273,17 @@
+ build_libs: build_crypto build_ssl build_engines
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
+- @dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
++build_ssl: build_crypto
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
++build_engines: build_crypto
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
++build_apps: build_libs
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
++build_tests: build_libs
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
++build_tools: build_libs
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -538,9 +538,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -549,12 +549,19 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -634,12 +641,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--- openssl-1.0.1m/Makefile.shared
++++ openssl-1.0.1m/Makefile.shared
+@@ -105,6 +105,7 @@
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- openssl-1.0.1m/test/Makefile
++++ openssl-1.0.1m/test/Makefile
+@@ -130,7 +130,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -388,118 +388,118 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -512,7 +512,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch
new file mode 100644
index 000000000000..8aa29e488f52
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch
@@ -0,0 +1,21 @@
+https://bugs.gentoo.org/472584
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
+
+fix verification handling in s_client. when loading paths, make sure
+we properly fallback to setting the default paths.
+
+Forward-ported from openssl-1.0.1e-s_client-verify.patch
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+--- openssl-1.0.1m/apps/s_client.c
++++ openssl-1.0.1m/apps/s_client.c
+@@ -1177,7 +1177,7 @@ int MAIN(int argc, char **argv)
+ if (!set_cert_key_stuff(ctx, cert, key))
+ goto end;
+
+- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
++ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
+ (!SSL_CTX_set_default_verify_paths(ctx))) {
+ /*
+ * BIO_printf(bio_err,"error setting default verify locations\n");
diff --git a/dev-libs/openssl/files/openssl-1.0.1m-x32.patch b/dev-libs/openssl/files/openssl-1.0.1m-x32.patch
new file mode 100644
index 000000000000..48717a569a23
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1m-x32.patch
@@ -0,0 +1,66 @@
+--- openssl-1.0.1m/Configure
++++ openssl-1.0.1m/Configure
+@@ -361,6 +361,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64", "gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32", "gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux64-s390x", "gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+--- openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+ * machine.
+ */
+
+-# ifdef _WIN64
++# if defined _WIN64 || !defined __LP64__
+ # define BN_ULONG unsigned long long
+ # else
+ # define BN_ULONG unsigned long
+@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons
+
+ asm volatile (" subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " adcq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " adcq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
+@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons
+
+ asm volatile (" subq %2,%2 \n"
+ ".p2align 4 \n"
+- "1: movq (%4,%2,8),%0 \n"
+- " sbbq (%5,%2,8),%0 \n"
+- " movq %0,(%3,%2,8) \n"
++ "1: movq (%q4,%2,8),%0 \n"
++ " sbbq (%q5,%2,8),%0 \n"
++ " movq %0,(%q3,%2,8) \n"
+ " leaq 1(%2),%2 \n"
+ " loop 1b \n"
+ " sbbq %0,%0 \n":"=&a" (ret), "+c"(n),
+--- openssl-1.0.1m/crypto/bn/bn.h
++++ openssl-1.0.1m/crypto/bn/bn.h
+@@ -174,6 +174,16 @@ extern "C" {
+ # endif
+
+ /*
++ * Address type.
++ */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
++
++/*
+ * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+ * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+ */
diff --git a/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch b/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch
new file mode 100644
index 000000000000..73029985ae09
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch
@@ -0,0 +1,30 @@
+https://bugs.gentoo.org/554338
+https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest
+
+From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Fri, 10 Jul 2015 01:50:52 -0400
+Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions
+
+The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro. Using
+just the former with newer versions leads to a build time warning, so
+make sure to use the new macro too.
+---
+ ssl/ssltest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ssl/ssltest.c b/ssl/ssltest.c
+index 26cf96c..b36f667 100644
+--- a/ssl/ssltest.c
++++ b/ssl/ssltest.c
+@@ -141,6 +141,7 @@
+ */
+
+ /* Or gethostname won't be declared properly on Linux and GNU platforms. */
++#define _DEFAULT_SOURCE 1
+ #define _BSD_SOURCE 1
+
+ #include <assert.h>
+--
+2.4.4
+
diff --git a/dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch
new file mode 100644
index 000000000000..dfefd5675845
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.1p-parallel-build.patch
@@ -0,0 +1,359 @@
+http://rt.openssl.org/Ticket/Display.html?id=2084
+
+--- openssl-1.0.1p/crypto/Makefile
++++ openssl-1.0.1p/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ [ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.1p/crypto/objects/Makefile
++++ openssl-1.0.1p/crypto/objects/Makefile
+@@ -44,11 +44,11 @@
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+- @sleep 1; touch obj_mac.h; sleep 1
+
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+- @sleep 1; touch obj_xref.h; sleep 1
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+--- openssl-1.0.1p/engines/Makefile
++++ openssl-1.0.1p/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- openssl-1.0.1p/Makefile.org
++++ openssl-1.0.1p/Makefile.org
+@@ -273,17 +273,17 @@
+ build_libs: build_crypto build_ssl build_engines
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -538,9 +538,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -549,12 +549,19 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -634,12 +641,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--- openssl-1.0.1p/Makefile.shared
++++ openssl-1.0.1p/Makefile.shared
+@@ -105,6 +105,7 @@
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- openssl-1.0.1p/test/Makefile
++++ openssl-1.0.1p/test/Makefile
+@@ -130,7 +130,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -388,118 +388,118 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -512,7 +512,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
new file mode 100644
index 000000000000..6d396b42bef5
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch
@@ -0,0 +1,49 @@
+https://bugs.gentoo.org/541502
+
+From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 9 Feb 2015 11:38:41 +0000
+Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
+
+CVE-2015-0209
+
+Reviewed-by: Emilia Käsper <emilia@openssl.org>
+---
+ crypto/ec/ec_asn1.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 30b7df4..d3e8316 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+ ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+- if (a)
+- *a = ret;
+ } else
+ ret = *a;
+
+@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+ }
+ }
+
++ if (a)
++ *a = ret;
+ ok = 1;
+ err:
+ if (!ok) {
+- if (ret)
++ if (ret && (a == NULL || *a != ret))
+ EC_KEY_free(ret);
+ ret = NULL;
+ }
+--
+2.3.1
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
new file mode 100644
index 000000000000..a6a10b0a2ca1
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch
@@ -0,0 +1,31 @@
+https://bugs.gentoo.org/542038
+
+From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Wed, 18 Feb 2015 00:34:59 +0000
+Subject: [PATCH] Check public key is not NULL.
+
+CVE-2015-0288
+PR#3708
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ crypto/x509/x509_req.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
+index bc6e566..01795f4 100644
+--- a/crypto/x509/x509_req.c
++++ b/crypto/x509/x509_req.c
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+ goto err;
+
+ pktmp = X509_get_pubkey(x);
++ if (pktmp == NULL)
++ goto err;
+ i = X509_REQ_set_pubkey(ret, pktmp);
+ EVP_PKEY_free(pktmp);
+ if (!i)
+--
+2.3.1
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
new file mode 100644
index 000000000000..852d06e9181a
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch
@@ -0,0 +1,459 @@
+--- openssl-1.0.2/crypto/asn1/a_type.c
++++ openssl-1.0.2/crypto/asn1/a_type.c
+@@ -119,6 +119,9 @@
+ case V_ASN1_OBJECT:
+ result = OBJ_cmp(a->value.object, b->value.object);
+ break;
++ case V_ASN1_BOOLEAN:
++ result = a->value.boolean - b->value.boolean;
++ break;
+ case V_ASN1_NULL:
+ result = 0; /* They do not have content. */
+ break;
+--- openssl-1.0.2/crypto/asn1/tasn_dec.c
++++ openssl-1.0.2/crypto/asn1/tasn_dec.c
+@@ -140,11 +140,17 @@
+ {
+ ASN1_TLC c;
+ ASN1_VALUE *ptmpval = NULL;
+- if (!pval)
+- pval = &ptmpval;
+ asn1_tlc_clear_nc(&c);
+- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+- return *pval;
++ if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++ ptmpval = *pval;
++ if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++ if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++ if (*pval)
++ ASN1_item_free(*pval, it);
++ *pval = ptmpval;
++ }
++ return ptmpval;
++ }
+ return NULL;
+ }
+
+@@ -304,9 +310,16 @@
+ case ASN1_ITYPE_CHOICE:
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+-
+- /* Allocate structure */
+- if (!*pval && !ASN1_item_ex_new(pval, it)) {
++ if (*pval) {
++ /* Free up and zero CHOICE value if initialised */
++ i = asn1_get_choice_selector(pval, it);
++ if ((i >= 0) && (i < it->tcount)) {
++ tt = it->templates + i;
++ pchptr = asn1_get_field_ptr(pval, tt);
++ ASN1_template_free(pchptr, tt);
++ asn1_set_choice_selector(pval, -1, it);
++ }
++ } else if (!ASN1_item_ex_new(pval, it)) {
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+ }
+@@ -386,6 +399,17 @@
+ if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ goto auxerr;
+
++ /* Free up and zero any ADB found */
++ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++ if (tt->flags & ASN1_TFLG_ADB_MASK) {
++ const ASN1_TEMPLATE *seqtt;
++ ASN1_VALUE **pseqval;
++ seqtt = asn1_do_adb(pval, tt, 1);
++ pseqval = asn1_get_field_ptr(pval, seqtt);
++ ASN1_template_free(pseqval, seqtt);
++ }
++ }
++
+ /* Get each field entry */
+ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+ const ASN1_TEMPLATE *seqtt;
+--- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
++++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
+@@ -261,6 +261,25 @@
+ PKCS7_RECIP_INFO *ri = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++ /*
++ * The content field in the PKCS7 ContentInfo is optional, but that really
++ * only applies to inner content (precisely, detached signatures).
++ *
++ * When reading content, missing outer content is therefore treated as an
++ * error.
++ *
++ * When creating content, PKCS7_content_new() must be called before
++ * calling this method, so a NULL p7->d is always an error.
++ */
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+
+@@ -411,6 +430,16 @@
+ unsigned char *ek = NULL, *tkey = NULL;
+ int eklen = 0, tkeylen = 0;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++ return NULL;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++ return NULL;
++ }
++
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+
+@@ -707,6 +736,16 @@
+ STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+ ASN1_OCTET_STRING *os = NULL;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ EVP_MD_CTX_init(&ctx_tmp);
+ i = OBJ_obj2nid(p7->type);
+ p7->state = PKCS7_S_HEADER;
+@@ -746,6 +785,7 @@
+ /* If detached data then the content is excluded */
+ if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.sign->contents->d.data = NULL;
+ }
+ break;
+@@ -755,6 +795,7 @@
+ /* If detached data then the content is excluded */
+ if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+ M_ASN1_OCTET_STRING_free(os);
++ os = NULL;
+ p7->d.digest->contents->d.data = NULL;
+ }
+ break;
+@@ -820,22 +861,30 @@
+ M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ }
+
+- if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
+- char *cont;
+- long contlen;
+- btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+- if (btmp == NULL) {
+- PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+- goto err;
+- }
+- contlen = BIO_get_mem_data(btmp, &cont);
++ if (!PKCS7_is_detached(p7)) {
+ /*
+- * Mark the BIO read only then we can use its copy of the data
+- * instead of making an extra copy.
++ * NOTE(emilia): I think we only reach os == NULL here because detached
++ * digested data support is broken.
+ */
+- BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+- BIO_set_mem_eof_return(btmp, 0);
+- ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++ if (os == NULL)
++ goto err;
++ if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
++ char *cont;
++ long contlen;
++ btmp = BIO_find_type(bio, BIO_TYPE_MEM);
++ if (btmp == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++ goto err;
++ }
++ contlen = BIO_get_mem_data(btmp, &cont);
++ /*
++ * Mark the BIO read only then we can use its copy of the data
++ * instead of making an extra copy.
++ */
++ BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
++ BIO_set_mem_eof_return(btmp, 0);
++ ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++ }
+ }
+ ret = 1;
+ err:
+@@ -910,6 +959,16 @@
+ STACK_OF(X509) *cert;
+ X509 *x509;
+
++ if (p7 == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++ return 0;
++ }
++
++ if (p7->d.ptr == NULL) {
++ PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++ return 0;
++ }
++
+ if (PKCS7_type_is_signed(p7)) {
+ cert = p7->d.sign->cert;
+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+--- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
++++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
+@@ -70,6 +70,7 @@
+ nid = OBJ_obj2nid(p7->type);
+
+ switch (cmd) {
++ /* NOTE(emilia): does not support detached digested data. */
+ case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ if (nid == NID_pkcs7_signed) {
+ ret = p7->detached = (int)larg;
+@@ -444,6 +445,8 @@
+
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ {
++ if (p7 == NULL || p7->d.ptr == NULL)
++ return NULL;
+ if (PKCS7_type_is_signed(p7)) {
+ return (p7->d.sign->signer_info);
+ } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+--- openssl-1.0.2/crypto/rsa/rsa_ameth.c
++++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
+@@ -698,9 +698,10 @@
+ RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+ return -1;
+ }
+- if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
++ if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
+ /* Carry on */
+ return 2;
++ }
+ return -1;
+ }
+
+--- openssl-1.0.2/doc/crypto/d2i_X509.pod
++++ openssl-1.0.2/doc/crypto/d2i_X509.pod
+@@ -207,6 +207,12 @@
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -233,7 +239,9 @@
+
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>.
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
+--- openssl-1.0.2/ssl/d1_lib.c
++++ openssl-1.0.2/ssl/d1_lib.c
+@@ -543,6 +543,9 @@
+ {
+ int ret;
+
++ /* Ensure there is no state left over from a previous invocation */
++ SSL_clear(s);
++
+ SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+ s->d1->listen = 1;
+
+--- openssl-1.0.2/ssl/s2_lib.c
++++ openssl-1.0.2/ssl/s2_lib.c
+@@ -493,7 +493,7 @@
+
+ OPENSSL_assert(s->session->master_key_length >= 0
+ && s->session->master_key_length
+- < (int)sizeof(s->session->master_key));
++ <= (int)sizeof(s->session->master_key));
+ EVP_DigestUpdate(&ctx, s->session->master_key,
+ s->session->master_key_length);
+ EVP_DigestUpdate(&ctx, &c, 1);
+--- openssl-1.0.2/ssl/s2_srvr.c
++++ openssl-1.0.2/ssl/s2_srvr.c
+@@ -454,11 +454,6 @@
+ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
+ return (-1);
+ }
+- i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
+- &(p[s->s2->tmp.clear]),
+- &(p[s->s2->tmp.clear]),
+- (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
+- RSA_PKCS1_PADDING);
+
+ is_export = SSL_C_IS_EXPORT(s->session->cipher);
+
+@@ -475,23 +470,61 @@
+ } else
+ ek = 5;
+
++ /*
++ * The format of the CLIENT-MASTER-KEY message is
++ * 1 byte message type
++ * 3 bytes cipher
++ * 2-byte clear key length (stored in s->s2->tmp.clear)
++ * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++ * 2-byte key args length (IV etc)
++ * clear key
++ * encrypted key
++ * key args
++ *
++ * If the cipher is an export cipher, then the encrypted key bytes
++ * are a fixed portion of the total key (5 or 8 bytes). The size of
++ * this portion is in |ek|. If the cipher is not an export cipher,
++ * then the entire key material is encrypted (i.e., clear key length
++ * must be zero).
++ */
++ if ((!is_export && s->s2->tmp.clear != 0) ||
++ (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++ return -1;
++ }
++ /*
++ * The encrypted blob must decrypt to the encrypted portion of the key.
++ * Decryption can't be expanding, so if we don't have enough encrypted
++ * bytes to fit the key in the buffer, stop now.
++ */
++ if ((is_export && s->s2->tmp.enc < ek) ||
++ (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++ ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++ return -1;
++ }
++
++ i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++ &(p[s->s2->tmp.clear]),
++ &(p[s->s2->tmp.clear]),
++ (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++ RSA_PKCS1_PADDING);
++
+ /* bad decrypt */
+ # if 1
+ /*
+ * If a bad decrypt, continue with protocol but with a random master
+ * secret (Bleichenbacher attack)
+ */
+- if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
+- || (is_export && ((i != ek)
+- || (s->s2->tmp.clear +
+- (unsigned int)i != (unsigned int)
+- EVP_CIPHER_key_length(c)))))) {
++ if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++ || (is_export && i != ek))) {
+ ERR_clear_error();
+ if (is_export)
+ i = ek;
+ else
+ i = EVP_CIPHER_key_length(c);
+- if (RAND_pseudo_bytes(p, i) <= 0)
++ if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ return 0;
+ }
+ # else
+@@ -513,7 +546,7 @@
+ # endif
+
+ if (is_export)
+- i += s->s2->tmp.clear;
++ i = EVP_CIPHER_key_length(c);
+
+ if (i > SSL_MAX_MASTER_KEY_LENGTH) {
+ ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+--- openssl-1.0.2/ssl/s3_pkt.c
++++ openssl-1.0.2/ssl/s3_pkt.c
+@@ -780,7 +780,7 @@
+
+ i = ssl3_write_pending(s, type, &buf[tot], nw);
+ if (i <= 0) {
+- if (i < 0) {
++ if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+ OPENSSL_free(wb->buf);
+ wb->buf = NULL;
+ }
+--- openssl-1.0.2/ssl/s3_srvr.c
++++ openssl-1.0.2/ssl/s3_srvr.c
+@@ -2251,10 +2251,17 @@
+ if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+ int idx = -1;
+ EVP_PKEY *skey = NULL;
+- if (n)
++ if (n) {
+ n2s(p, i);
+- else
++ } else {
++ if (alg_k & SSL_kDHE) {
++ al = SSL_AD_HANDSHAKE_FAILURE;
++ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++ SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
++ goto f_err;
++ }
+ i = 0;
++ }
+ if (n && n != i + 2) {
+ if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+--- openssl-1.0.2/ssl/t1_lib.c
++++ openssl-1.0.2/ssl/t1_lib.c
+@@ -2965,6 +2965,7 @@
+ if (s->cert->shared_sigalgs) {
+ OPENSSL_free(s->cert->shared_sigalgs);
+ s->cert->shared_sigalgs = NULL;
++ s->cert->shared_sigalgslen = 0;
+ }
+ /* Clear certificate digests and validity flags */
+ for (i = 0; i < SSL_PKEY_NUM; i++) {
+@@ -3618,6 +3619,7 @@
+ if (c->shared_sigalgs) {
+ OPENSSL_free(c->shared_sigalgs);
+ c->shared_sigalgs = NULL;
++ c->shared_sigalgslen = 0;
+ }
+ /* If client use client signature algorithms if not NULL */
+ if (!s->server && c->client_sigalgs && !is_suiteb) {
+@@ -3640,12 +3642,14 @@
+ preflen = c->peer_sigalgslen;
+ }
+ nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
+- if (!nmatch)
+- return 1;
+- salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
+- if (!salgs)
+- return 0;
+- nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
++ if (nmatch) {
++ salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
++ if (!salgs)
++ return 0;
++ nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
++ } else {
++ salgs = NULL;
++ }
+ c->shared_sigalgs = salgs;
+ c->shared_sigalgslen = nmatch;
+ return 1;
diff --git a/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch
new file mode 100644
index 000000000000..27574ea616de
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch
@@ -0,0 +1,611 @@
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+
+--- openssl-1.0.2/apps/s_apps.h
++++ openssl-1.0.2/apps/s_apps.h
+@@ -154,7 +154,7 @@
+ int do_server(int port, int type, int *ret,
+ int (*cb) (char *hostname, int s, int stype,
+ unsigned char *context), unsigned char *context,
+- int naccept);
++ int naccept, int use_ipv4, int use_ipv6);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -167,7 +167,8 @@
+ int ssl_print_curves(BIO *out, SSL *s, int noshared);
+ #endif
+ int ssl_print_tmp_key(BIO *out, SSL *s);
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, int port, int type,
++ int use_ipv4, int use_ipv6);
+ int should_retry(int i);
+ int extract_port(char *str, short *port_ptr);
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+--- openssl-1.0.2/apps/s_client.c
++++ openssl-1.0.2/apps/s_client.c
+@@ -302,6 +302,10 @@
+ {
+ BIO_printf(bio_err, "usage: s_client args\n");
+ BIO_printf(bio_err, "\n");
++ BIO_printf(bio_err, " -4 - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++ BIO_printf(bio_err, " -6 - use IPv6 only\n");
++#endif
+ BIO_printf(bio_err, " -host host - use -connect instead\n");
+ BIO_printf(bio_err, " -port port - use -connect instead\n");
+ BIO_printf(bio_err,
+@@ -658,6 +662,7 @@
+ int sbuf_len, sbuf_off;
+ fd_set readfds, writefds;
+ short port = PORT;
++ int use_ipv4, use_ipv6;
+ int full_log = 1;
+ char *host = SSL_HOST_NAME;
+ char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
+@@ -709,7 +714,11 @@
+ #endif
+ char *sess_in = NULL;
+ char *sess_out = NULL;
+- struct sockaddr peer;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage peer;
++#else
++ struct sockaddr_in peer;
++#endif
+ int peerlen = sizeof(peer);
+ int fallback_scsv = 0;
+ int enable_timeouts = 0;
+@@ -737,6 +746,12 @@
+
+ meth = SSLv23_client_method();
+
++ use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++ use_ipv6 = 1;
++#else
++ use_ipv6 = 0;
++#endif
+ apps_startup();
+ c_Pause = 0;
+ c_quiet = 0;
+@@ -1096,6 +1111,16 @@
+ jpake_secret = *++argv;
+ }
+ #endif
++ else if (strcmp(*argv,"-4") == 0) {
++ use_ipv4 = 1;
++ use_ipv6 = 0;
++ }
++#if OPENSSL_USE_IPV6
++ else if (strcmp(*argv,"-6") == 0) {
++ use_ipv4 = 0;
++ use_ipv6 = 1;
++ }
++#endif
+ #ifndef OPENSSL_NO_SRTP
+ else if (strcmp(*argv, "-use_srtp") == 0) {
+ if (--argc < 1)
+@@ -1421,7 +1446,7 @@
+
+ re_start:
+
+- if (init_client(&s, host, port, socket_type) == 0) {
++ if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
+ BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+ SHUTDOWN(s);
+ goto end;
+@@ -1444,7 +1469,7 @@
+ if (socket_type == SOCK_DGRAM) {
+
+ sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+- if (getsockname(s, &peer, (void *)&peerlen) < 0) {
++ if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
+ BIO_printf(bio_err, "getsockname:errno=%d\n",
+ get_last_socket_error());
+ SHUTDOWN(s);
+--- openssl-1.0.2/apps/s_server.c
++++ openssl-1.0.2/apps/s_server.c
+@@ -643,6 +643,10 @@
+ BIO_printf(bio_err,
+ " -alpn arg - set the advertised protocols for the ALPN extension (comma-separated list)\n");
+ #endif
++ BIO_printf(bio_err, " -4 - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++ BIO_printf(bio_err, " -6 - use IPv6 only\n");
++#endif
+ BIO_printf(bio_err,
+ " -keymatexport label - Export keying material using label\n");
+ BIO_printf(bio_err,
+@@ -1070,6 +1074,7 @@
+ int state = 0;
+ const SSL_METHOD *meth = NULL;
+ int socket_type = SOCK_STREAM;
++ int use_ipv4, use_ipv6;
+ ENGINE *e = NULL;
+ char *inrand = NULL;
+ int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+@@ -1111,6 +1116,12 @@
+
+ meth = SSLv23_server_method();
+
++ use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++ use_ipv6 = 1;
++#else
++ use_ipv6 = 0;
++#endif
+ local_argc = argc;
+ local_argv = argv;
+
+@@ -1503,6 +1514,16 @@
+ jpake_secret = *(++argv);
+ }
+ #endif
++ else if (strcmp(*argv,"-4") == 0) {
++ use_ipv4 = 1;
++ use_ipv6 = 0;
++ }
++#if OPENSSL_USE_IPV6
++ else if (strcmp(*argv,"-6") == 0) {
++ use_ipv4 = 0;
++ use_ipv6 = 1;
++ }
++#endif
+ #ifndef OPENSSL_NO_SRTP
+ else if (strcmp(*argv, "-use_srtp") == 0) {
+ if (--argc < 1)
+@@ -2023,13 +2044,13 @@
+ (void)BIO_flush(bio_s_out);
+ if (rev)
+ do_server(port, socket_type, &accept_socket, rev_body, context,
+- naccept);
++ naccept, use_ipv4, use_ipv6);
+ else if (www)
+ do_server(port, socket_type, &accept_socket, www_body, context,
+- naccept);
++ naccept, use_ipv4, use_ipv6);
+ else
+ do_server(port, socket_type, &accept_socket, sv_body, context,
+- naccept);
++ naccept, use_ipv4, use_ipv6);
+ print_stats(bio_s_out, ctx);
+ ret = 0;
+ end:
+--- openssl-1.0.2/apps/s_socket.c
++++ openssl-1.0.2/apps/s_socket.c
+@@ -101,16 +101,16 @@
+ # include "netdb.h"
+ # endif
+
+-static struct hostent *GetHostByName(char *name);
++static struct hostent *GetHostByName(char *name, int domain);
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ static void ssl_sock_cleanup(void);
+ # endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port, char *ip, int type);
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
+ static int do_accept(int acc_sock, int *sock, char **host);
+-static int host_ip(char *str, unsigned char ip[4]);
++static int host_ip(char *str, unsigned char *ip, int domain);
+
+ # ifdef OPENSSL_SYS_WIN16
+ # define SOCKET_PROTOCOL 0 /* more microsoft stupidity */
+@@ -231,38 +231,68 @@
+ return (1);
+ }
+
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
+ {
++# if OPENSSL_USE_IPV6
++ unsigned char ip[16];
++# else
+ unsigned char ip[4];
++# endif
+
+- memset(ip, '\0', sizeof ip);
+- if (!host_ip(host, &(ip[0])))
+- return 0;
+- return init_client_ip(sock, ip, port, type);
+-}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-{
+- unsigned long addr;
++ if (use_ipv4)
++ if (host_ip(host, ip, AF_INET))
++ return(init_client_ip(sock, ip, port, type, AF_INET));
++# if OPENSSL_USE_IPV6
++ if (use_ipv6)
++ if (host_ip(host, ip, AF_INET6))
++ return(init_client_ip(sock, ip, port, type, AF_INET6));
++# endif
++ return 0;
++}
++
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
++{
++# if OPENSSL_USE_IPV6
++ struct sockaddr_storage them;
++ struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
++ struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
++# else
+ struct sockaddr_in them;
++ struct sockaddr_in *them_in = &them;
++# endif
++ socklen_t addr_len;
+ int s, i;
+
+ if (!ssl_sock_init())
+ return (0);
+
+ memset((char *)&them, 0, sizeof(them));
+- them.sin_family = AF_INET;
+- them.sin_port = htons((unsigned short)port);
+- addr = (unsigned long)
+- ((unsigned long)ip[0] << 24L) |
+- ((unsigned long)ip[1] << 16L) |
+- ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+- them.sin_addr.s_addr = htonl(addr);
++ if (domain == AF_INET) {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in);
++ them_in->sin_family=AF_INET;
++ them_in->sin_port=htons((unsigned short)port);
++# ifndef BIT_FIELD_LIMITS
++ memcpy(&them_in->sin_addr.s_addr, ip, 4);
++# else
++ memcpy(&them_in->sin_addr, ip, 4);
++# endif
++ }
++ else
++# if OPENSSL_USE_IPV6
++ {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++ them_in6->sin6_family=AF_INET6;
++ them_in6->sin6_port=htons((unsigned short)port);
++ memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
++ }
++# else
++ return(0);
++# endif
+
+ if (type == SOCK_STREAM)
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++ s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+ else /* ( type == SOCK_DGRAM) */
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++ s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET) {
+ perror("socket");
+@@ -280,7 +310,7 @@
+ }
+ # endif
+
+- if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
++ if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
+ closesocket(s);
+ perror("connect");
+ return (0);
+@@ -292,14 +322,14 @@
+ int do_server(int port, int type, int *ret,
+ int (*cb) (char *hostname, int s, int stype,
+ unsigned char *context), unsigned char *context,
+- int naccept)
++ int naccept, int use_ipv4, int use_ipv6)
+ {
+ int sock;
+ char *name = NULL;
+ int accept_socket = 0;
+ int i;
+
+- if (!init_server(&accept_socket, port, type))
++ if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
+ return (0);
+
+ if (ret != NULL) {
+@@ -328,32 +358,41 @@
+ }
+ }
+
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
+ {
+ int ret = 0;
++ int domain;
++# if OPENSSL_USE_IPV6
++ struct sockaddr_storage server;
++ struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
++ struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
++# else
+ struct sockaddr_in server;
++ struct sockaddr_in *server_in = &server;
++# endif
++ socklen_t addr_len;
+ int s = -1;
+
++ if (!use_ipv4 && !use_ipv6)
++ goto err;
++# if OPENSSL_USE_IPV6
++ /* we are fine here */
++# else
++ if (use_ipv6)
++ goto err;
++# endif
+ if (!ssl_sock_init())
+ return (0);
+
+- memset((char *)&server, 0, sizeof(server));
+- server.sin_family = AF_INET;
+- server.sin_port = htons((unsigned short)port);
+- if (ip == NULL)
+- server.sin_addr.s_addr = INADDR_ANY;
+- else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-# ifndef BIT_FIELD_LIMITS
+- memcpy(&server.sin_addr.s_addr, ip, 4);
++#if OPENSSL_USE_IPV6
++ domain = use_ipv6 ? AF_INET6 : AF_INET;
+ # else
+- memcpy(&server.sin_addr, ip, 4);
++ domain = AF_INET;
+ # endif
+-
+ if (type == SOCK_STREAM)
+- s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+- else /* type == SOCK_DGRAM */
+- s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++ s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
++ else /* type == SOCK_DGRAM */
++ s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+
+ if (s == INVALID_SOCKET)
+ goto err;
+@@ -363,7 +402,42 @@
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+ }
+ # endif
+- if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
++# if OPENSSL_USE_IPV6
++ if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
++ const int on = 1;
++
++ setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++ (const void *) &on, sizeof(int));
++ }
++# endif
++ if (domain == AF_INET) {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in);
++ memset(server_in, 0, sizeof(struct sockaddr_in));
++ server_in->sin_family=AF_INET;
++ server_in->sin_port = htons((unsigned short)port);
++ if (ip == NULL)
++ server_in->sin_addr.s_addr = htonl(INADDR_ANY);
++ else
++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
++# ifndef BIT_FIELD_LIMITS
++ memcpy(&server_in->sin_addr.s_addr, ip, 4);
++# else
++ memcpy(&server_in->sin_addr, ip, 4);
++# endif
++ }
++# if OPENSSL_USE_IPV6
++ else {
++ addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++ memset(server_in6, 0, sizeof(struct sockaddr_in6));
++ server_in6->sin6_family = AF_INET6;
++ server_in6->sin6_port = htons((unsigned short)port);
++ if (ip == NULL)
++ server_in6->sin6_addr = in6addr_any;
++ else
++ memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
++ }
++# endif
++ if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
+ # ifndef OPENSSL_SYS_WINDOWS
+ perror("bind");
+ # endif
+@@ -381,16 +455,23 @@
+ return (ret);
+ }
+
+-static int init_server(int *sock, int port, int type)
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
+ {
+- return (init_server_long(sock, port, NULL, type));
++ return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
+ }
+
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+ int ret;
+ struct hostent *h1, *h2;
+- static struct sockaddr_in from;
++#if OPENSSL_USE_IPV6
++ struct sockaddr_storage from;
++ struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
++ struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
++#else
++ struct sockaddr_in from;
++ struct sockaddr_in *from_in = &from;
++#endif
+ int len;
+ /* struct linger ling; */
+
+@@ -440,14 +521,25 @@
+
+ if (host == NULL)
+ goto end;
++# if OPENSSL_USE_IPV6
++ if (from.ss_family == AF_INET)
++# else
++ if (from.sin_family == AF_INET)
++# endif
+ # ifndef BIT_FIELD_LIMITS
+- /* I should use WSAAsyncGetHostByName() under windows */
+- h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+- sizeof(from.sin_addr.s_addr), AF_INET);
++ /* I should use WSAAsyncGetHostByName() under windows */
++ h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
++ sizeof(from_in->sin_addr.s_addr), AF_INET);
+ # else
+- h1 = gethostbyaddr((char *)&from.sin_addr,
+- sizeof(struct in_addr), AF_INET);
++ h1 = gethostbyaddr((char *)&from_in->sin_addr,
++ sizeof(struct in_addr), AF_INET);
++# endif
++# if OPENSSL_USE_IPV6
++ else
++ h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
++ sizeof(struct in6_addr), AF_INET6);
+ # endif
++
+ if (h1 == NULL) {
+ BIO_printf(bio_err, "bad gethostbyaddr\n");
+ *host = NULL;
+@@ -460,14 +552,22 @@
+ }
+ BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
+
+- h2 = GetHostByName(*host);
++# if OPENSSL_USE_IPV6
++ h2=GetHostByName(*host, from.ss_family);
++# else
++ h2=GetHostByName(*host, from.sin_family);
++# endif
+ if (h2 == NULL) {
+ BIO_printf(bio_err, "gethostbyname failure\n");
+ closesocket(ret);
+ return (0);
+ }
+- if (h2->h_addrtype != AF_INET) {
+- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++# if OPENSSL_USE_IPV6
++ if (h2->h_addrtype != from.ss_family) {
++# else
++ if (h2->h_addrtype != from.sin_family) {
++# endif
++ BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+ closesocket(ret);
+ return (0);
+ }
+@@ -483,14 +583,14 @@
+ char *h, *p;
+
+ h = str;
+- p = strchr(str, ':');
++ p = strrchr(str, ':');
+ if (p == NULL) {
+ BIO_printf(bio_err, "no port defined\n");
+ return (0);
+ }
+ *(p++) = '\0';
+
+- if ((ip != NULL) && !host_ip(str, ip))
++ if ((ip != NULL) && !host_ip(str, ip, AF_INET))
+ goto err;
+ if (host_ptr != NULL)
+ *host_ptr = h;
+@@ -502,44 +602,51 @@
+ return (0);
+ }
+
+-static int host_ip(char *str, unsigned char ip[4])
++static int host_ip(char *str, unsigned char *ip, int domain)
+ {
+ unsigned int in[4];
++ unsigned long l;
+ int i;
+
+- if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
+- 4) {
++ if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
+ for (i = 0; i < 4; i++)
+ if (in[i] > 255) {
+ BIO_printf(bio_err, "invalid IP address\n");
+ goto err;
+ }
+- ip[0] = in[0];
+- ip[1] = in[1];
+- ip[2] = in[2];
+- ip[3] = in[3];
+- } else { /* do a gethostbyname */
++ l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
++ memcpy(ip, &l, 4);
++ return 1;
++ }
++# if OPENSSL_USE_IPV6
++ else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
++ return 1;
++# endif
++ else { /* do a gethostbyname */
+ struct hostent *he;
+
+ if (!ssl_sock_init())
+ return (0);
+
+- he = GetHostByName(str);
++ he = GetHostByName(str, domain);
+ if (he == NULL) {
+ BIO_printf(bio_err, "gethostbyname failure\n");
+ goto err;
+ }
+ /* cast to short because of win16 winsock definition */
+- if ((short)he->h_addrtype != AF_INET) {
+- BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++ if ((short)he->h_addrtype != domain) {
++ BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+ return (0);
+ }
+- ip[0] = he->h_addr_list[0][0];
+- ip[1] = he->h_addr_list[0][1];
+- ip[2] = he->h_addr_list[0][2];
+- ip[3] = he->h_addr_list[0][3];
++ if (domain == AF_INET)
++ memset(ip, 0, 4);
++# if OPENSSL_USE_IPV6
++ else
++ memset(ip, 0, 16);
++# endif
++ memcpy(ip, he->h_addr_list[0], he->h_length);
++ return 1;
+ }
+- return (1);
+ err:
+ return (0);
+ }
+@@ -573,7 +680,7 @@
+ static unsigned long ghbn_hits = 0L;
+ static unsigned long ghbn_miss = 0L;
+
+-static struct hostent *GetHostByName(char *name)
++static struct hostent *GetHostByName(char *name, int domain)
+ {
+ struct hostent *ret;
+ int i, lowi = 0;
+@@ -585,13 +692,18 @@
+ lowi = i;
+ }
+ if (ghbn_cache[i].order > 0) {
+- if (strncmp(name, ghbn_cache[i].name, 128) == 0)
++ if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
+ break;
+ }
+ }
+ if (i == GHBN_NUM) { /* no hit */
+ ghbn_miss++;
+- ret = gethostbyname(name);
++ if (domain == AF_INET)
++ ret = gethostbyname(name);
++# if OPENSSL_USE_IPV6
++ else
++ ret = gethostbyname2(name, AF_INET6);
++# endif
+ if (ret == NULL)
+ return (NULL);
+ /* else add to cache */
diff --git a/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
new file mode 100644
index 000000000000..31d3f1d634de
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-parallel-build.patch
@@ -0,0 +1,354 @@
+http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
+
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -247,17 +247,17 @@
+ build_libs: build_crypto build_ssl build_engines
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
++build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -497,9 +497,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -508,6 +508,13 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+@@ -511,7 +511,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -593,12 +600,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--- a/Makefile.shared
++++ b/Makefile.shared
+@@ -105,6 +105,7 @@ LINK_SO= \
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +124,7 @@ SYMLINK_SO= \
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- a/crypto/Makefile
++++ b/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB) || echo Never mind.
+
+@@ -110,7 +110,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -119,7 +119,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- a/engines/Makefile
++++ b/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- a/test/Makefile
++++ b/test/Makefile
+@@ -123,7 +123,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -365,109 +365,109 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -480,7 +480,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
+--- a/crypto/objects/Makefile
++++ b/crypto/objects/Makefile
+@@ -44,11 +44,11 @@ obj_dat.h: obj_dat.pl obj_mac.h
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+- @sleep 1; touch obj_mac.h; sleep 1
+
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+- @sleep 1; touch obj_xref.h; sleep 1
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
diff --git a/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch b/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch
new file mode 100644
index 000000000000..803a91dde99c
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch
@@ -0,0 +1,17 @@
+https://bugs.gentoo.org/472584
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
+
+fix verification handling in s_client. when loading paths, make sure
+we properly fallback to setting the default paths.
+
+--- openssl-1.0.2/apps/s_client.c
++++ openssl-1.0.2/apps/s_client.c
+@@ -1337,7 +1337,7 @@
+
+ SSL_CTX_set_verify(ctx, verify, verify_callback);
+
+- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
++ if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
+ (!SSL_CTX_set_default_verify_paths(ctx))) {
+ /*
+ * BIO_printf(bio_err,"error setting default verify locations\n");
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch b/dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch
new file mode 100644
index 000000000000..831e5759a260
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch
@@ -0,0 +1,38 @@
+https://rt.openssl.org/Ticket/Display.html?id=3758
+
+From 7b4152089fe39c3495508076ab81ed4aca3d65ba Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 21 Mar 2015 05:08:41 -0400
+Subject: [PATCH] fix malloc define typo
+
+Reported-by: Conrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de>
+URL: https://bugs.gentoo.org/543828
+---
+ crypto/bio/bss_dgram.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
+index aef8149..ed275d1 100644
+--- a/crypto/bio/bss_dgram.c
++++ b/crypto/bio/bss_dgram.c
+@@ -1338,7 +1338,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
+ (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+ authchunks = OPENSSL_malloc(optlen);
+ if (!authchunks) {
+- BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
++ BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ memset(authchunks, 0, optlen);
+@@ -1410,7 +1410,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
+ char *tmp;
+ data->saved_message.bio = b;
+ if(!(tmp = OPENSSL_malloc(inl))) {
+- BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
++ BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
+ return -1;
+ }
+ if (data->saved_message.data)
+--
+2.3.3
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch
new file mode 100644
index 000000000000..f4226c3b6d38
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch
@@ -0,0 +1,314 @@
+https://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
+https://rt.openssl.org/Ticket/Display.html?id=3738&user=guest&pass=guest
+
+--- openssl-1.0.2a/crypto/Makefile
++++ openssl-1.0.2a/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2a/engines/Makefile
++++ openssl-1.0.2a/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- openssl-1.0.2a/Makefile.org
++++ openssl-1.0.2a/Makefile.org
+@@ -274,17 +274,17 @@
+ build_libs: build_crypto build_ssl build_engines
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
++build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
++build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
++build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
++build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
++build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -555,7 +555,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+--- openssl-1.0.2a/Makefile.shared
++++ openssl-1.0.2a/Makefile.shared
+@@ -105,6 +105,7 @@
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- openssl-1.0.2a/test/Makefile
++++ openssl-1.0.2a/test/Makefile
+@@ -133,7 +133,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -402,121 +402,121 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+- @target=$(V3NAMETEST); $(BUILD_CMD)
++ +@target=$(V3NAMETEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -529,7 +529,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch
new file mode 100644
index 000000000000..0198818c5fa3
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch
@@ -0,0 +1,64 @@
+https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest
+
+From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 8 Mar 2015 01:32:01 -0500
+Subject: [PATCH] fix parallel install with dir creation
+
+The mkdir-p.pl does not handle parallel creation of directories.
+This comes up when the install_sw and install_docs rules run and
+both call mkdir-p.pl on sibling directory trees.
+
+Instead, lets create a single install_dirs rule that makes all of
+the dirs we need, and have these two install steps depend on that.
+---
+ Makefile.org | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index a6d9471..78e6143 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -536,9 +536,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -547,6 +547,13 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+@@ -636,12 +643,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+--
+2.3.4
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch
new file mode 100644
index 000000000000..a7d6f4effea7
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch
@@ -0,0 +1,37 @@
+https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest
+
+From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 8 Mar 2015 01:34:48 -0500
+Subject: [PATCH] fix parallel generation of obj headers
+
+The current code has dummy sleep/touch commands to try and work
+around the parallel issue, but that is obviously racy. Instead
+lets force one of the files to depend on the other so we know
+they'll never run in parallel.
+---
+ crypto/objects/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile
+index ad2db1e..7d32504 100644
+--- a/crypto/objects/Makefile
++++ b/crypto/objects/Makefile
+@@ -44,11 +44,11 @@
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ $(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+- @sleep 1; touch obj_mac.h; sleep 1
+
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ $(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+- @sleep 1; touch obj_xref.h; sleep 1
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+--
+2.3.4
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch b/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch
new file mode 100644
index 000000000000..f2be696b1068
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch
@@ -0,0 +1,63 @@
+https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
+
+From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Fri, 3 Apr 2015 01:16:23 -0400
+Subject: [PATCH] fix race when symlink shareds libs
+
+When the crypto/ssl targets attempt to build their shared libs, they run:
+ cd ..; make libcrypto.so.1.0.0
+The top level Makefile in turn runs the build-shared target for that lib.
+
+The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared.
+When building in parallel, make is allowed to run both of these. They
+both run Makefile.shared for their respective targets:
+do_$(SHLIB_TARGET) ->
+ link_a.linux-shared ->
+ link_a.gnu ->
+ ...; $(LINK_SO_A) ->
+ $(LINK_SO) ->
+ $(SYMLINK_SO)
+link-shared ->
+ symlink.linux-shared ->
+ symlink.gnu ->
+ ...; $(SYMLINK_SO)
+
+The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails
+basic TOCTOU semantics. Depending on the load, that means two processes
+will run the sequence:
+ rm -f libcrypto.so
+ ln -s libcrypto.so.1.0.0 libcrypto.so
+
+Which obviously fails:
+ ln: failed to create symbolic link 'libcrypto.so': File exists
+
+Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't
+bother depending on link-shared at all in the top level Makefile when
+building things.
+
+Reported-by: Martin von Gagern <Martin.vGagern@gmx.net>
+URL: https://bugs.gentoo.org/545028
+---
+ Makefile.org | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index 890bfe4..576c60e 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -350,7 +350,10 @@ link-shared:
+ libs="$$libs -l$$i"; \
+ done
+
+-build-shared: do_$(SHLIB_TARGET) link-shared
++# The link target in Makefile.shared will create the symlink for us, so no need
++# to call link-shared directly. Doing so will cause races with two processes
++# trying to symlink the lib.
++build-shared: do_$(SHLIB_TARGET)
+
+ do_$(SHLIB_TARGET):
+ @ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
+--
+2.3.4
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch
new file mode 100644
index 000000000000..3a005c9b099d
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch
@@ -0,0 +1,43 @@
+https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
+
+From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 21 Mar 2015 06:01:25 -0400
+Subject: [PATCH] crypto: use bigint in x86-64 perl
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers. Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+---
+ crypto/perlasm/x86_64-xlate.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+index aae8288..0bf9774 100755
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -195,6 +195,10 @@ my %globals;
+ sub out {
+ my $self = shift;
+
++ # When building on x32 ABIs, the expanded hex value might be too
++ # big to fit into 32bits. Enable transparent 64bit support here
++ # so we can safely print it out.
++ use bigint;
+ if ($gas) {
+ # Solaris /usr/ccs/bin/as can't handle multiplications
+ # in $self->{value}
+--
+2.3.3
+
diff --git a/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch b/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch
new file mode 100644
index 000000000000..b7aa0ea8092c
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2d-parallel-build.patch
@@ -0,0 +1,309 @@
+https://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
+https://rt.openssl.org/Ticket/Display.html?id=3738&user=guest&pass=guest
+
+--- openssl-1.0.2d/crypto/Makefile
++++ openssl-1.0.2d/crypto/Makefile
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2d/engines/Makefile
++++ openssl-1.0.2d/engines/Makefile
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+--- openssl-1.0.2d/Makefile.org
++++ openssl-1.0.2d/Makefile.org
+@@ -274,17 +274,17 @@
+ build_libs: build_crypto build_ssl build_engines
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -555,7 +555,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+--- openssl-1.0.2d/Makefile.shared
++++ openssl-1.0.2d/Makefile.shared
+@@ -105,6 +105,7 @@
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+--- openssl-1.0.2d/test/Makefile
++++ openssl-1.0.2d/test/Makefile
+@@ -133,7 +133,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -402,121 +402,121 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+- @target=$(V3NAMETEST); $(BUILD_CMD)
++ +@target=$(V3NAMETEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -529,7 +529,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+