9 files changed, 626 insertions, 18 deletions
diff --git a/app-emulation/lxc/lxc-scm.ebuild b/app-emulation/lxc/lxc-scm.ebuild
index ee656f7..2c289e1 100644
--- a/app-emulation/lxc/lxc-scm.ebuild
+++ b/app-emulation/lxc/lxc-scm.ebuild
@@ -106,8 +106,6 @@ pkg_setup() {
 }
 
 src_prepare() {
-	eapply "${FILESDIR}"/${P}-bash-completion.patch
-	#558854
 	eapply "${FILESDIR}"/${PN}-2.0.5-omit-sysconfig.patch
 #	eapply "${FILESDIR}"/${PN}-2.0.6-major.patch
 	eapply_user
@@ -143,36 +141,36 @@ src_configure() {
 		$(use_enable seccomp)
 }
 
-python_compile() {
-	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
-}
+#python_compile() {
+#	distutils-r1_python_compile build_ext -I ../ -L ../${PN}
+#}
 
 src_compile() {
 	default
 
-	if use python; then
-		pushd "${S}/src/python-${PN}" > /dev/null
-		distutils-r1_src_compile
-		popd > /dev/null
-	fi
+#	if use python; then
+#		pushd "${S}/src/python-${PN}" > /dev/null
+#		distutils-r1_src_compile
+#		popd > /dev/null
+#	fi
 }
 
 src_install() {
 	default
 
-	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
+#	mv "${ED}"/usr/share/bash-completion/completions/${PN} "${ED}"/$(get_bashcompdir)/${PN}-start || die
 	# start-ephemeral is no longer a command but removing it here
 	# generates QA warnings (still in upstream completion script)
 	bashcomp_alias ${PN}-start \
 		${PN}-{attach,cgroup,copy,console,create,destroy,device,execute,freeze,info,monitor,snapshot,start-ephemeral,stop,unfreeze,wait}
 
-	if use python; then
-		pushd "${S}/src/python-lxc" > /dev/null
-		# Unset DOCS. This has been handled by the default target
-		unset DOCS
-		distutils-r1_src_install
-		popd > /dev/null
-	fi
+#	if use python; then
+#		pushd "${S}/src/python-lxc" > /dev/null
+#		# Unset DOCS. This has been handled by the default target
+#		unset DOCS
+#		distutils-r1_src_install
+#		popd > /dev/null
+#	fi
 
 	keepdir /etc/lxc /var/lib/lxc/rootfs /var/log/lxc
 
diff --git a/dev-libs/openssl/files/gentoo.config-1.0.2 b/dev-libs/openssl/files/gentoo.config-1.0.2
new file mode 100644
index 0000000..37b83cc
--- /dev/null
+++ b/dev-libs/openssl/files/gentoo.config-1.0.2
@@ -0,0 +1,169 @@
+#!/usr/bin/env bash
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+# Openssl doesn't play along nicely with cross-compiling
+# like autotools based projects, so let's teach it new tricks.
+#
+# Review the bundled 'config' script to see why kind of targets
+# we can pass to the 'Configure' script.
+
+
+# Testing routines
+if [[ $1 == "test" ]] ; then
+	for c in \
+		"arm-gentoo-linux-uclibc      |linux-generic32 -DL_ENDIAN" \
+		"armv5b-linux-gnu             |linux-armv4 -DB_ENDIAN" \
+		"x86_64-pc-linux-gnu          |linux-x86_64" \
+		"alpha-linux-gnu              |linux-alpha-gcc" \
+		"alphaev56-unknown-linux-gnu  |linux-alpha+bwx-gcc" \
+		"i686-pc-linux-gnu            |linux-elf" \
+		"whatever-gentoo-freebsdX.Y   |BSD-generic32" \
+		"i686-gentoo-freebsdX.Y       |BSD-x86-elf" \
+		"sparc64-alpha-freebsdX.Y     |BSD-sparc64" \
+		"ia64-gentoo-freebsd5.99234   |BSD-ia64" \
+		"x86_64-gentoo-freebsdX.Y     |BSD-x86_64" \
+		"hppa64-aldsF-linux-gnu5.3    |linux-generic32 -DB_ENDIAN" \
+		"powerpc-gentOO-linux-uclibc  |linux-ppc" \
+		"powerpc64-unk-linux-gnu      |linux-ppc64" \
+		"powerpc64le-linux-gnu        |linux-ppc64le" \
+		"x86_64-apple-darwinX         |darwin64-x86_64-cc" \
+		"powerpc64-apple-darwinX      |darwin64-ppc-cc" \
+		"i686-apple-darwinX           |darwin-i386-cc" \
+		"i386-apple-darwinX           |darwin-i386-cc" \
+		"powerpc-apple-darwinX        |darwin-ppc-cc" \
+		"i586-pc-winnt                |winnt-parity" \
+		"s390-ibm-linux-gnu           |linux-generic32 -DB_ENDIAN" \
+		"s390x-linux-gnu              |linux64-s390x" \
+	;do
+		CHOST=${c/|*}
+		ret_want=${c/*|}
+		ret_got=$(CHOST=${CHOST} "$0")
+
+		if [[ ${ret_want} == "${ret_got}" ]] ; then
+			echo "PASS: ${CHOST}"
+		else
+			echo "FAIL: ${CHOST}"
+			echo -e "\twanted: ${ret_want}"
+			echo -e "\twe got: ${ret_got}"
+		fi
+	done
+	exit 0
+fi
+[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
+
+
+# Detect the operating system
+case ${CHOST} in
+	*-aix*)          system="aix";;
+	*-darwin*)       system="darwin";;
+	*-freebsd*)      system="BSD";;
+	*-hpux*)         system="hpux";;
+	*-linux*)        system="linux";;
+	*-solaris*)      system="solaris";;
+	*-winnt*)        system="winnt";;
+	x86_64-*-mingw*) system="mingw64";;
+	*mingw*)         system="mingw";;
+	*)               exit 0;;
+esac
+
+
+# Compiler munging
+compiler="gcc"
+if [[ ${CC} == "ccc" ]] ; then
+	compiler=${CC}
+fi
+
+
+# Detect target arch
+machine=""
+chost_machine=${CHOST%%-*}
+case ${system} in
+linux)
+	case ${chost_machine}:${ABI} in
+		aarch64*be*)  machine="generic64 -DB_ENDIAN";;
+		aarch64*)     machine="generic64 -DL_ENDIAN";;
+		alphaev56*|\
+		alphaev[678]*)machine=alpha+bwx-${compiler};;
+		alpha*)       machine=alpha-${compiler};;
+		armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
+		armv[4-9]*)   machine="armv4 -DL_ENDIAN";;
+		arm*b*)       machine="generic32 -DB_ENDIAN";;
+		arm*)         machine="generic32 -DL_ENDIAN";;
+		avr*)         machine="generic32 -DL_ENDIAN";;
+		bfin*)        machine="generic32 -DL_ENDIAN";;
+	#	hppa64*)      machine=parisc64;;
+		hppa*)        machine="generic32 -DB_ENDIAN";;
+		i[0-9]86*|\
+		x86_64*:x86)  machine=elf;;
+		ia64*)        machine=ia64;;
+		m68*)         machine="generic32 -DB_ENDIAN";;
+		mips*el*)     machine="generic32 -DL_ENDIAN";;
+		mips*)        machine="generic32 -DB_ENDIAN";;
+		powerpc64*le*)machine=ppc64le;;
+		powerpc64*)   machine=ppc64;;
+		powerpc*le*)  machine="generic32 -DL_ENDIAN";;
+		powerpc*)     machine=ppc;;
+	#	sh64*)        machine=elf;;
+		sh*b*)        machine="generic32 -DB_ENDIAN";;
+		sh*)          machine="generic32 -DL_ENDIAN";;
+		# TODO: Might want to do -mcpu probing like glibc to determine a
+		# better default for sparc-linux-gnu targets.  This logic will
+		# break v7 and older systems when they use it.
+		sparc*v7*)    machine="generic32 -DB_ENDIAN";;
+		sparc64*)     machine=sparcv9 system=linux64;;
+		sparc*v9*)    machine=sparcv9;;
+		sparc*v8*)    machine=sparcv8;;
+		sparc*)       machine=sparcv8;;
+		s390x*)       machine=s390x system=linux64;;
+		s390*)        machine="generic32 -DB_ENDIAN";;
+		x86_64*:x32)  machine=x32;;
+		x86_64*)      machine=x86_64;;
+	esac
+	;;
+BSD)
+	case ${chost_machine} in
+		alpha*)       machine=generic64;;
+		i[6-9]86*)    machine=x86-elf;;
+		ia64*)        machine=ia64;;
+		sparc64*)     machine=sparc64;;
+		x86_64*)      machine=x86_64;;
+		*)            machine=generic32;;
+	esac
+	;;
+aix)
+	machine=${compiler}
+	;;
+darwin)
+	case ${chost_machine} in
+		powerpc64)    machine=ppc-cc; system=${system}64;;
+		powerpc)      machine=ppc-cc;;
+		i?86*)        machine=i386-cc;;
+		x86_64)       machine=x86_64-cc; system=${system}64;;
+	esac
+	;;
+hpux)
+	case ${chost_machine} in
+		ia64)	machine=ia64-${compiler} ;;
+	esac
+	;;
+solaris)
+	case ${chost_machine} in
+		i386)         machine=x86-${compiler} ;;
+		x86_64*)      machine=x86_64-${compiler}; system=${system}64;;
+		sparcv9*)     machine=sparcv9-${compiler}; system=${system}64;;
+		sparc*)       machine=sparcv8-${compiler};;
+	esac
+	;;
+winnt)
+	machine=parity
+	;;
+mingw*)
+	# special case ... no xxx-yyy style name
+	echo ${system}
+	;;
+esac
+
+
+# If we have something, show it
+[[ -n ${machine} ]] && echo ${system}-${machine}
diff --git a/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
new file mode 100644
index 0000000..a798164
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch
@@ -0,0 +1,25 @@
+--- a/Configure
++++ b/Configure
+@@ -365,7 +365,7 @@
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+-"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+
+the -B flag is a no-op nowadays
+
+--- a/crypto/des/Makefile
++++ b/crypto/des/Makefile
+@@ -62,7 +62,7 @@
+ 	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+ 
+ des_enc-sparc.S:	asm/des_enc.m4
+-	m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
++	m4 asm/des_enc.m4 > des_enc-sparc.S
+ 
+ # ELF
+ dx86-elf.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
new file mode 100644
index 0000000..64cc7bd
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch
@@ -0,0 +1,29 @@
+http://bugs.gentoo.org/181438
+http://bugs.gentoo.org/327421
+https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest
+
+make sure we respect LDFLAGS
+
+also make sure we don't add useless -rpath flags to the system libdir
+
+--- openssl-0.9.8h/Makefile.org
++++ openssl-0.9.8h/Makefile.org
+@@ -180,6 +181,7 @@
+ 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
+ 		MAKEDEPPROG='${MAKEDEPPROG}'			\
++		LDFLAGS='${LDFLAGS}'		\
+ 		SHARED_LDFLAGS='${SHARED_LDFLAGS}'		\
+ 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
+ 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
+--- openssl-0.9.8h/Makefile.shared
++++ openssl-0.9.8h/Makefile.shared
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
new file mode 100644
index 0000000..9fa79b9
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch
@@ -0,0 +1,24 @@
+http://bugs.gentoo.org/289130
+
+Ripped from Fedora
+
+--- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils	2009-11-12 15:17:29.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl	2009-11-12 17:24:18.000000000 +0100
+@@ -150,7 +150,7 @@ ___
+ sub BODY_20_39 {
+ my ($i,$a,$b,$c,$d,$e,$f)=@_;
+ my $j=$i+1;
+-my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
++my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
+ $code.=<<___ if ($i<79);
+ 	lea	$K($xi,$e),$f
+ 	mov	`4*($j%16)`(%rsp),$xi
+@@ -187,7 +187,7 @@ sub BODY_40_59 {
+ my ($i,$a,$b,$c,$d,$e,$f)=@_;
+ my $j=$i+1;
+ $code.=<<___;
+-	lea	0x8f1bbcdc($xi,$e),$f
++	lea	-0x70e44324($xi,$e),$f
+ 	mov	`4*($j%16)`(%rsp),$xi
+ 	mov	$b,$t0
+ 	mov	$b,$t1
diff --git a/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch b/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch
new file mode 100644
index 0000000..c932b82
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-0.9.8z_p8-perl-5.26.patch
@@ -0,0 +1,13 @@
+https://bugs.gentoo.org/639876
+
+--- a/crypto/des/asm/des-586.pl
++++ b/crypto/des/asm/des-586.pl
+@@ -4,7 +4,7 @@
+ # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>
+ #
+ 
+-push(@INC,"perlasm","../../perlasm");
++push(@INC,".","perlasm","../../perlasm");
+ require "x86asm.pl";
+ require "cbc.pl";
+ require "desboth.pl";
diff --git a/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch
new file mode 100644
index 0000000..3a005c9
--- /dev/null
+++ b/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch
@@ -0,0 +1,43 @@
+https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
+
+From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 21 Mar 2015 06:01:25 -0400
+Subject: [PATCH] crypto: use bigint in x86-64 perl
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers.  Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+---
+ crypto/perlasm/x86_64-xlate.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+index aae8288..0bf9774 100755
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -195,6 +195,10 @@ my %globals;
+     sub out {
+     	my $self = shift;
+ 
++	# When building on x32 ABIs, the expanded hex value might be too
++	# big to fit into 32bits.  Enable transparent 64bit support here
++	# so we can safely print it out.
++	use bigint;
+ 	if ($gas) {
+ 	    # Solaris /usr/ccs/bin/as can't handle multiplications
+ 	    # in $self->{value}
+-- 
+2.3.3
+
diff --git a/dev-libs/openssl/metadata.xml b/dev-libs/openssl/metadata.xml
new file mode 100644
index 0000000..5ca8d93
--- /dev/null
+++ b/dev-libs/openssl/metadata.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+</maintainer>
+<use>
+ <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
+ <flag name="bindist">Disable/Restrict EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
+ <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
+ <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
+ <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>
+</use>
+<upstream>
+ <remote-id type="cpe">cpe:/a:openssl:openssl</remote-id>
+</upstream>
+<slots>
+ <slot name="0">For building against. This is the only slot
+  that provides headers and command line tools.</slot>
+ <slot name="0.9.8">For binary compatibility, provides libcrypto.so.0.9.8
+  and libssl.so.0.9.8 only.</slot>
+ <subslots>Reflect ABI of libcrypto.so and libssl.so.</subslots>
+</slots>
+</pkgmetadata>
diff --git a/dev-libs/openssl/openssl-scm.ebuild b/dev-libs/openssl/openssl-scm.ebuild
new file mode 100644
index 0000000..02c9388
--- /dev/null
+++ b/dev-libs/openssl/openssl-scm.ebuild
@@ -0,0 +1,281 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal git-r3
+
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI=""
+EGIT_REPO_URI="git://git.openssl.org/openssl.git"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist elibc_musl rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+# This does not copy the entire Fedora patchset, but JUST the parts that
+# are needed to make it safe to use EC with RESTRICT=bindist.
+# See openssl.spec for the matching numbering of SourceNNN, PatchNNN
+SOURCE1=hobble-openssl
+SOURCE12=ec_curve.c
+SOURCE13=ectest.c
+PATCH1=openssl-1.1.0-build.patch # Fixes EVP testcase for EC
+PATCH37=openssl-1.1.0-ec-curves.patch
+FEDORA_GIT_BASE='https://src.fedoraproject.org/cgit/rpms/openssl.git/plain/'
+FEDORA_GIT_BRANCH='f27'
+FEDORA_SRC_URI=()
+FEDORA_SOURCE=( $SOURCE1 $SOURCE12 $SOURCE13 )
+FEDORA_PATCH=( $PATCH1 $PATCH37 )
+for i in "${FEDORA_SOURCE[@]}" ; do
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${P}_${i}" )
+done
+for i in "${FEDORA_PATCH[@]}" ; do # Already have a version prefix
+	FEDORA_SRC_URI+=( "${FEDORA_GIT_BASE}/${i}?h=${FEDORA_GIT_BRANCH} -> ${i}" )
+done
+SRC_URI+=" bindist? ( ${FEDORA_SRC_URI[@]} )"
+
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+)
+
+src_prepare() {
+	if use bindist; then
+		# This just removes the prefix, and puts it into WORKDIR like the RPM.
+		for i in "${FEDORA_SOURCE[@]}" ; do
+			cp -f "${DISTDIR}"/"${P}_${i}" "${WORKDIR}"/"${i}" || die
+		done
+		# .spec %prep
+		bash "${WORKDIR}"/"${SOURCE1}" || die
+		cp -f "${WORKDIR}"/"${SOURCE12}" "${S}"/crypto/ec/ || die
+		cp -f "${WORKDIR}"/"${SOURCE13}" "${S}"/test/ || die
+		for i in "${FEDORA_PATCH[@]}" ; do
+			epatch "${DISTDIR}"/"${i}"
+		done
+		# Also see the configure parts below:
+		# enable-ec \
+		# $(use_ssl !bindist ec2m) \
+
+	fi
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${PATCHES[@]}"
+	fi
+
+	eapply_user #332661
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            https://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 https://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    https://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 https://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 https://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	# Fedora hobbled-EC needs 'no-ec2m'
+	# 'srp' was restricted until early 2017 as well.
+	echoit \
+	./${config} \
+		${sslout} \
+		--api=1.0.0 \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		enable-ec \
+		$(use_ssl !bindist ec2m) \
+		enable-srp \
+		$(use elibc_musl && echo "no-async") \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}