Merge pull request #178 from mischief/openssl-sync-2015-03-24

bump(dev-libs/openssl): sync with upstream

sdk_container/src/third_party/portage-stable/dev-libs/openssl/ChangeLog

@@ -1,6 +1,149 @@
 # ChangeLog for dev-libs/openssl
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.614 2015/01/08 20:20:40 zlogene Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/ChangeLog,v 1.644 2015/03/21 11:02:41 vapier Exp $
+
+  21 Mar 2015; Mike Frysinger <vapier@gentoo.org>
+  +files/openssl-1.0.2a-x32-asm.patch, openssl-1.0.2a.ebuild:
+  Fix building on x32 ABIs #542618 by Bertrand Jacquin.
+
+  21 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2a.ebuild,
+  metadata.xml:
+  Add USE=asm so people can easily turn off assembly code for testing purposes
+  #528158 by Joakim Tjernlund.
+
+  21 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2a.ebuild:
+  Use existing use_ssl helper for sctp flags.
+
+  21 Mar 2015; Mike Frysinger <vapier@gentoo.org>
+  +files/openssl-1.0.2a-malloc-typo.patch, openssl-1.0.2a.ebuild:
+  Fix typo in malloc define #543828 by Conrad Kostecki.
+
+  19 Mar 2015; Ulrich Müller <ulm@gentoo.org> openssl-0.9.8z_p6.ebuild,
+  openssl-1.0.0r.ebuild, openssl-1.0.1m.ebuild:
+  [QA] Re-add RESTRICT to all ebuilds.
+
+  19 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2-r3.ebuild,
+  openssl-1.0.2a.ebuild:
+  Fix typos and re-add RESTRICT in newer ebuild.
+
+*openssl-1.0.2a (19 Mar 2015)
+*openssl-1.0.1m (19 Mar 2015)
+*openssl-1.0.0r (19 Mar 2015)
+*openssl-0.9.8z_p6 (19 Mar 2015)
+
+  19 Mar 2015; Lars Wendler <polynomial-c@gentoo.org>
+  -openssl-0.9.8z_p1-r2.ebuild, -openssl-0.9.8z_p2.ebuild,
+  -openssl-0.9.8z_p3.ebuild, -openssl-0.9.8z_p4.ebuild,
+  -openssl-0.9.8z_p5.ebuild, +openssl-0.9.8z_p6.ebuild, -openssl-1.0.0q.ebuild,
+  +openssl-1.0.0r.ebuild, -openssl-1.0.1j.ebuild, -openssl-1.0.1k.ebuild,
+  -openssl-1.0.1l.ebuild, +openssl-1.0.1m.ebuild, -openssl-1.0.2-r1.ebuild,
+  -openssl-1.0.2-r2.ebuild, +openssl-1.0.2a.ebuild,
+  -files/openssl-1.0.0e-x32.patch, +files/openssl-1.0.0r-x32.patch,
+  +files/openssl-1.0.1m-ipv6.patch, +files/openssl-1.0.1m-parallel-build.patch,
+  +files/openssl-1.0.1m-s_client-verify.patch, +files/openssl-1.0.1m-x32.patch,
+  +files/openssl-1.0.2a-parallel-build.patch:
+  Version bump. Removed old.
+
+  19 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssl-1.0.1l-r1.ebuild:
+  Mark arm64/m68k stable.
+
+  19 Mar 2015; Ulrich Müller <ulm@gentoo.org> openssl-0.9.8z_p5-r1.ebuild,
+  openssl-1.0.1l-r1.ebuild, openssl-1.0.2-r3.ebuild:
+  [QA] Add conditional bindist restriction, bug 541414.
+
+  19 Mar 2015; Jeroen Roovers <jer@gentoo.org> openssl-1.0.1l-r1.ebuild:
+  Stable for HPPA (bug #543552).
+
+  19 Mar 2015; Agostino Sarubbo <ago@gentoo.org> openssl-0.9.8z_p5-r1.ebuild,
+  openssl-1.0.1l-r1.ebuild:
+  Stable for alpha/amd64/arm/ia64/ppc/ppc64/s390/sh/sparc/x86, wrt bug #543552
+
+*openssl-0.9.8z_p5-r1 (19 Mar 2015)
+
+  19 Mar 2015; Lars Wendler <polynomial-c@gentoo.org>
+  +openssl-0.9.8z_p5-r1.ebuild, +files/openssl-0.9.8ze-CVE-2015-0286.patch:
+  Security bump (bug #543552).
+
+*openssl-1.0.2-r3 (19 Mar 2015)
+*openssl-1.0.1l-r1 (19 Mar 2015)
+
+  19 Mar 2015; Lars Wendler <polynomial-c@gentoo.org>
+  +openssl-1.0.1l-r1.ebuild, +openssl-1.0.2-r3.ebuild,
+  +files/openssl-1.0.1l-CVE-2015-0286.patch,
+  +files/openssl-1.0.2-CVE-2015-0291.patch:
+  Security bump (bug #543552).
+
+  04 Mar 2015; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2-r2.ebuild:
+  Require recent lksctp-tools #506046#8 by Maciej Szmigiero.
+
+*openssl-1.0.2-r2 (04 Mar 2015)
+
+  04 Mar 2015; Mike Frysinger <vapier@gentoo.org>
+  +files/openssl-1.0.2-CVE-2015-0209.patch,
+  +files/openssl-1.0.2-CVE-2015-0288.patch, +openssl-1.0.2-r2.ebuild:
+  Add fix from upstream for CVE-2015-0209 #541502 by Agostino Sarubbo and
+  CVE-2015-0288 #542038 by Kristian Fiskerstrand.
+
+  28 Jan 2015; Michał Górny <mgorny@gentoo.org> openssl-0.9.8z_p1-r2.ebuild,
+  openssl-0.9.8z_p2.ebuild, openssl-0.9.8z_p3.ebuild, openssl-0.9.8z_p4.ebuild,
+  openssl-0.9.8z_p5.ebuild, openssl-1.0.0q.ebuild, openssl-1.0.1j.ebuild,
+  openssl-1.0.1k.ebuild, openssl-1.0.1l.ebuild, openssl-1.0.2-r1.ebuild:
+  Switch to CPU_FLAGS_X86.
+
+*openssl-1.0.2-r1 (23 Jan 2015)
+
+  23 Jan 2015; Lars Wendler <polynomial-c@gentoo.org> -openssl-1.0.2.ebuild,
+  +openssl-1.0.2-r1.ebuild, metadata.xml:
+  Removed "ssl2" USE flag again. Broke ABI and caused some packages to fail
+  like curl (bug #537452) and mozilla packages.
+
+*openssl-1.0.2 (23 Jan 2015)
+
+  23 Jan 2015; Lars Wendler <polynomial-c@gentoo.org>
+  -openssl-1.0.2_beta3.ebuild, +openssl-1.0.2.ebuild,
+  +files/openssl-1.0.2-ipv6.patch, +files/openssl-1.0.2-s_client-verify.patch,
+  -files/openssl-1.0.2_beta2-ipv6.patch, metadata.xml:
+  Version bump. Removed old. Added "ssl2" USE flag (bug #510798).
+
+  16 Jan 2015; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.1k.ebuild:
+  Stable for ia64, wrt bug #536042
+
+*openssl-1.0.1l (15 Jan 2015)
+*openssl-1.0.0q (15 Jan 2015)
+*openssl-0.9.8z_p5 (15 Jan 2015)
+
+  15 Jan 2015; Lars Wendler <polynomial-c@gentoo.org>
+  +openssl-0.9.8z_p5.ebuild, -openssl-1.0.0p.ebuild, +openssl-1.0.0q.ebuild,
+  +openssl-1.0.1l.ebuild:
+  Version bump. Removed old.
+
+  14 Jan 2015; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.1k.ebuild:
+  Stable for ppc64, wrt bug #536042
+
+  13 Jan 2015; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.1k.ebuild:
+  Stable for sparc, wrt bug #536042
+
+  11 Jan 2015; Markus Meier <maekke@gentoo.org> openssl-1.0.1k.ebuild:
+  arm stable, bug #536042
+
+  11 Jan 2015; Markus Meier <maekke@gentoo.org> openssl-0.9.8z_p4.ebuild:
+  arm stable, bug #536042
+
+  09 Jan 2015; Andreas Schuerch <nativemad@gentoo.org>
+  openssl-0.9.8z_p4.ebuild, openssl-1.0.1k.ebuild:
+  x86 stable, see bug 536042
+
+  09 Jan 2015; Tobias Klausmann <klausman@gentoo.org> openssl-1.0.1k.ebuild:
+  Stable on alpha, bug 536042
+
+  09 Jan 2015; Tobias Klausmann <klausman@gentoo.org> openssl-0.9.8z_p4.ebuild:
+  Stable on alpha, bug 536042
+
+  09 Jan 2015; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.1k.ebuild:
+  Stable for ppc, wrt bug #536042
+
+  08 Jan 2015; Jeroen Roovers <jer@gentoo.org> openssl-1.0.1k.ebuild:
+  Stable for HPPA (bug #536042).
 
   08 Jan 2015; Mikle Kolyada <zlogene@gentoo.org> openssl-0.9.8z_p4.ebuild,
   openssl-1.0.1k.ebuild:

sdk_container/src/third_party/portage-stable/dev-libs/openssl/Manifest

@@ -7,43 +7,62 @@ AUX gentoo.config-1.0.1 4980 SHA256 e7dd01bc76f0262c91b0a3a56bbf0675feedd6d5c6e6
 AUX openssl-0.9.8e-bsd-sparc64.patch 1484 SHA256 8a79f022a17a7fadb4eb708538b41a7a034e21ad84162beb1f7fa7cff5eb487e SHA512 dbbfae5ce19a4247a6b1ca4a45ca6c15904e13e6bf603447cb5d9820292ceb411792e29db0001c5869e3c4cb0a8afe7fb64d35f007052efc68098301c2e81def WHIRLPOOL 36959cfb8a3f2ac05b28fb6c0e28574f0267ddb6f89471e663ee370a1a1ce3e6c85c6a637098acdac4644f4c20370e2775d9c2610ff03a5ae2a7662d79a60e95
 AUX openssl-0.9.8h-ldflags.patch 1151 SHA256 29fe4b5e51cbe330451e505a5be9a74a3c83bebdca677848097967cf62f1770f SHA512 7f98c5ad310710aeceefd6fac440682bf2baaf41ce17de535add54af88c45fa0689e6e6c26bafb4fe2290fd3b6d80c51d85ffda1e276a73a3d66a319585aab11 WHIRLPOOL 43069cdcf5ae1b644a73292fc53c148e8356786069dfaadaba9e0f21b1adba5c14dbdfe061c4cffedefa072bc99d54b2af9a39b1063dcef7ab54bb45d01a7ce8
 AUX openssl-0.9.8m-binutils.patch 684 SHA256 1e4475f7183ec237d129b686d4ca5265bf7eb34642e7d9e77cbe8ad9a97b4876 SHA512 5e8a20111bd4809e7375c7323dab2c2edd6a131d1ec2377ee99c5e06ceb7b4b000e9606ba6d0e68cd67d8e001cc8194e11e301eace0feb066d5f3c5b331b5f04 WHIRLPOOL dd4a0329e571e4f9322806fce2e6c510b978b68e5c6c64bfbe6993da16989c1a5451fe1e5b0509c0022925ca356cf3309799cdc204998107425fb016cb49da2d
+AUX openssl-0.9.8ze-CVE-2015-0286.patch 9784 SHA256 9c599a0e5d174ac26f1957aac085d86941972af02754d4faa94994880e43bc60 SHA512 f7864beb8b7a69fb5be7e5455b7b38583cb74f3acf8a959454eab66f111feea13a37e71cdf6545718ab6b0f037bedc903b736c55bad72f09bfd49018f53f2832 WHIRLPOOL 6f820b1195c26d34ff0d2daa3c763fb2c2a4a93ed4c8fe16dcc373fa88f97f2d4bbc9b5fc253fe8178de0adcc4164fafcd886a78223b383b103a7cabad71a9cd
 AUX openssl-1.0.0a-ldflags.patch 1095 SHA256 2489ffbae4af11e1642d54992c404ca81b0c2a9c169032281f4f7778d945836f SHA512 d5a3f90ca0e9755940da525b8daba5b5d09b2b251863e9ca4f2b3b0a5db461e0aa25b2ae7a7d36d13a92ff64f2a37d4809b70aff9672c0f43398369bc7099979 WHIRLPOOL b7c2fbc833be856388110f2ac891976903e7c5dd4030249bcd79f915ae94fa93bff955ff3eaaf4a4bab306a09512bd861099c2738f5af7027174b79d023f7261
 AUX openssl-1.0.0d-windres.patch 2912 SHA256 e5dbfd6af69bc3f69b51787cf1f6245207be9824dfffbdd9b4e278772ed8ab32 SHA512 d7a0238edea29aac7d20dca0778c67f8ae4dc0da190e5277e1b3519ae536f2c44533ac5dc1cbcd138bc4277ad669b13fca316bd962f26e2cb387f2ad3fd0111b WHIRLPOOL d62156820e55898d0a0393473c6ad8e49c5aa7bb9d3fc7043795de7102c3003d5f8b874c751e03cf832e306ac290790e871e1318bb830b3558a43e09be5b45b4
 AUX openssl-1.0.0e-parallel-build.patch 9055 SHA256 dc7b14a29d4efc26bf14c5c37e9c3696448826a639ebf9c8485f9f2ddd7efc9b SHA512 1c34083ae3b4833792a0236a6fc73d14056aeb4f4ad086be42865f46dc81a15f017f76cc82c5e8d7cc296f6c7826fb060bf5388cba1653dc7d1fda78208513c5 WHIRLPOOL 5d31f5fdbddad7869912762bb39bcb0e93b0cfc81f3e3a5833f35517349662b9c59369524a05848fde92be600e8decc486219913a0ca3ea27761736cbee96ead
-AUX openssl-1.0.0e-x32.patch 4113 SHA256 e3c5118541d580d3cac2fe9f8af54059f81518b9bec0f07aaa1b77e03b85b1c9 SHA512 3e45360aea727f7835c192bc7f0271b0b8fc29c7262b6a96744c88aa56242044872fe170f64e48e0757b5d0a8b7650c786b2b3799bb353d3803253c42691dfaf WHIRLPOOL 1afe85e83041773fea3fbe7264f67d13e6ca0c821a64d3e78de694085cb2270b6f6bfa88c17c1fd5ec9ccc13c58355bca04b6652646b9a754636bdb07c1f8659
 AUX openssl-1.0.0h-pkg-config.patch 1363 SHA256 dbbcc175f02e5edced01a13dd1e7d35dc4322c0970f78a7fd781a6c0766886af SHA512 c2f7a68c96098bd742235a40f27d6b1e5a0ebece53ca32dd0be74b85210479064efa1d5dc76e457b786067185768492fab2ed53762a22c511c2a2e3d43ed137b WHIRLPOOL 7f795dbed2124d8d2d126886d106675662f09b8e79c70fa2af3298486fdb75b7f1285dc17a53daf985bd4af1e58c36e13e49f46d18af860f0dabad1b3898c3b0
+AUX openssl-1.0.0r-x32.patch 3851 SHA256 a6cfbd7b761b25fedb287f3b3b741a1c0fcff8ae3bc28da0ceeb7cd2d6cbb496 SHA512 3f5cb466367b32779fdb0a2e09cba85f28395884bf5872802b438f565b4da3c0b54db18553d4952c40009b91e2b02f84956ef8a232dca49db76ff5d370ae4e05 WHIRLPOOL c9316c6b4075d1a4fa1580d49fb6b98dbe41c9846ff2788fd1259d780a56fa45104b31a7920374805f565bdd35488bc4bff4ddb43a1a67538d4d59e744840fdc
 AUX openssl-1.0.1-parallel-build.patch 10614 SHA256 f3aa674880ffa53a891d3f9054a1ff162c4461b3ec160a365990275907636259 SHA512 439015b3b007adfbab047a1e3e12a9700030779a593bba1a30e9554c7c02eb1cffe9acb089546954e87163847cf86b13130abf9646eb5d00a2ff725b534f84d5 WHIRLPOOL 673f6f045765effb9ded607bf8116a81e7bfeee78ba0e8a34892081c272239a2b75fbb14f4c48b61d93593fac8e1b1e8bef7223f4cc64e8443e19c8f337ab6bc
 AUX openssl-1.0.1-x32.patch 3273 SHA256 a4f05b8757e225a05a9c5a3ea485159066760d878c9ee54c4eaf61760e33c6cf SHA512 6bed57fe2fbe2d0ced1279b53804d94426a679d5d6b80ad7d0ed18523a7fda397e02038032c08cdd4e6034f9ff6e82cad365ff2a724d49d91467cf2b77f47752 WHIRLPOOL 1366632e7dc1c6e54efc5b9791bf24833d20e7a61ca29aa38d31b5b9629febf926a29742e370b7cd6767c810c0a1676100ca9169f0d836dfd19ff0b2c29e49c1
 AUX openssl-1.0.1e-s_client-verify.patch 592 SHA256 6f540fce663eefbe68cee16ad7d8d561d6c898eeb4180c2f4a4caa7e43c6d0c9 SHA512 117b1017e1259667078d3ccdcd9fd46357c6f85cf2702794f49c612b37acdc044fe88f871dbe46fcad9ed4cd8aaaaee800dddb5286203322802efd7549a43b68 WHIRLPOOL 70a4cc36b1dcb24d7e9bcef016684fb2394977f7f20aa332ebd0aa15e3f4c16c74563d2fc0ba8d70669f6cc9a13bf8a30cdb28ebafe2d102cd2859a4e32c38d7
 AUX openssl-1.0.1f-revert-alpha-perl-generation.patch 3102 SHA256 6e502275b32ac0eca80f28448ae1bb88506f9135258f420fd857ea0b9b485778 SHA512 c80439da3d268e70fd492d0ca73c0a17ddb088b9330610794a338d1921ee13dad9caca4c81ca103b82a7541c8712f77e51f352ec1b1b02789d9aed291acb0cdc WHIRLPOOL cb760366c8759b1c78c5307134bb48c4fc12b1556276c2ef55455ea54725d20cb433ade966a7453f512d2feb5ae89a9798078ab535e4605366633a8e003c7ac6
 AUX openssl-1.0.1h-ipv6.patch 17788 SHA256 7adeeb88cc544f8b210efbe2baff48fccf5029b582dff7010ae70e0e1f097d7b SHA512 0f0990d4294abcb5f3e51c84080883046a054c710b57a23f99b3323727d5e9aeb5ddeb6b6c2565b4be364f7c21419c90ce5288154e404cd663678f87e0d1c259 WHIRLPOOL cfe7a2e141a4a6252ffcfe215b16dd1082bc14a757dad7eb01bb9819de41ef0ee51a4b2dbf110c27b52e483341c337bf4d1f77f4f9f3172d2fee9e348c30af7e
+AUX openssl-1.0.1l-CVE-2015-0286.patch 10790 SHA256 3d234f4b7bd79b7de1a6fe2f42016531732c81dcb73af45edc5b280858d32cb8 SHA512 432a9e556df26e3f0059f53556dbc088cfe7e30e2c38354e7a7879bb4db204330702ab8050b9b31b3ef48badb8f0abdbf047445b71aa0c4c96f5aeb0bf16f9df WHIRLPOOL c4834efebdca3bee769819fee40099f2d83f4282db98a96da853164dae2639adaef18fe3caf87801f52e53b47752a99fd693aab66239e30344b714119c4c1c7a
+AUX openssl-1.0.1m-ipv6.patch 19626 SHA256 335bef8cca314593a71d81d9225ec81b95fcfc4183cffb1846d6247e907b53fe SHA512 924a5d1925a8d0c62d2615a05ce76dcb83046ee02d578097eac0bf0145460d97965c974674c6340a08347261440cf0d67b8fe9b6ee8a2853774596dc7e1e1dba WHIRLPOOL 82ffe7d315dcd8f903633faad00ef03377ca9d451b9dc045b4ce51222dac3314ea17fc7a6d468115b4ebfa98ca2b7407281e7e9abe4877da123201e32fd632b3
+AUX openssl-1.0.1m-parallel-build.patch 11132 SHA256 87e9694d79ca6cc85a140e67eedf056e8d57cda45d904bc4445a52e810bba161 SHA512 4f5bde6deae9fe609f248eacb7f2d09276371a608508a3edf8032026291858767feb47d03b6233322008b40dfe5399a3bd2780186036311eae83fd417fe883fa WHIRLPOOL 22698861059f95f134ccbbddd23a39e5260015482e626a046183ffdc81948893e685da7e7d1f95dad5b9f78acc2399fa9505bfe7be87e1464dadc6c6f2eaf4ee
+AUX openssl-1.0.1m-s_client-verify.patch 803 SHA256 bac4ce4d0ee9213dd63e95d8d6dcca11da6e4d4991c3005247bfdd34c3996e82 SHA512 a1b5fb62fce5ba33cb1aea889c4e726542c9d0aea701bd7ca2e9c2078746205305b64401f2e3766ba3bb49038f725c384d2d47ce19149f46cecd55b915c93cdc WHIRLPOOL ccfa8298a1fc0ba3acaf582bd80a7ca3932df197aca9cf9c9cc041fb8aa1512705faa1d8225df69a88bdaa17e2748bb686b1cfd76c630d2bd418e825988de7ca
+AUX openssl-1.0.1m-x32.patch 3306 SHA256 ef4be84cb0cdf7e9d551ddd87029f4c63ed833fe5af1de996ce9d770b0482c2c SHA512 365e8898cdfbafe89e5c0fd6859019314f63e14e5989e04ff392e5a95520a61c9e580136b5abbd8f7a4734e4c999155a73d68d1ecbd3fd46efebbbdf8d5e12dc WHIRLPOOL e7d0394eff912c5fb34f075f4a7491a207479ab520109f588ce89a15ef0b233567dbb3a5691ecf961fdfc218c25f09d17d7d28e8d117dc5befae4db0e9be2018
+AUX openssl-1.0.2-CVE-2015-0209.patch 1282 SHA256 6be2b1fa0d440bc1c1b15da4a9d32811a04c3e7c701678eb8ee72454bbf87401 SHA512 db5b73c815582453d3231d49c9c24d60824e56f67a74f815818d0f90bccd485e98a98b449386aa297fa055b5fc27e2a058c03bc410478fb98051a729ac75b4db WHIRLPOOL 46ddfaff115622e2426c544e757bf882fc5069f35d169189cf277d90a5ad36c274beaf1ff89cdc593e2e5cd1593588c389262dce3bb6a166c5fd7eb908458fec
+AUX openssl-1.0.2-CVE-2015-0288.patch 800 SHA256 613acdc06a22ec5cbc274cc39022b1fa1fd73e409551493bcab6d4a273983484 SHA512 4785d9c4620492c4997cbe7c83a42a9804a9e8c3d94e35dd7d3e6bd16f607a9b294b77123686f24c953e6330f96907008dccf1379648d806fa85bbdd20b81ca0 WHIRLPOOL 738831379e3c117f260306e2f39aacd51b895ed4bcb7dd0189f14a7301c09ffd4fbd882fbd05d7e71cd6c9524fc289124909e5fd2dcc23607fa4ce71ba3a0df7
+AUX openssl-1.0.2-CVE-2015-0291.patch 16069 SHA256 be4f9fa463a027e7c77396a8d3ddc1d6ad6c0bbc8b07c2f7af0738621c619710 SHA512 2ee10f21ce02f1c46ee6c446c60d4e1e3af05366769603f38c971018ce07341369db87cb050432d0501f152cabf377c03848df501694ea46ef2f6578d19cf030 WHIRLPOOL 1ea004fe43633b18c91a8cf390285c274b1c05d3bed313ccc6f9bebb92e0b313504f17d4fe41a643feedc626a8851c6e568b34b2d5bf7d62683e170f5c3e5301
+AUX openssl-1.0.2-ipv6.patch 18811 SHA256 9ff3150c75f3f3e6a9773ffe54d90994cbf68cc919134aea68e09e7ed921763d SHA512 58e293f8f19a3fad08729b842dd977b73fedb0c49208d87a056bfea857c0e2b79a310d7d098c04429b65564fce64defeda6d1dcc3068ad5a80ef276db6421e54 WHIRLPOOL 36a0fffc7238011b93077bed94c9507f2ffc1cf199e6c06e94d01589cdc84a6568b9122e1a120b8262bd0a1c43f25169a29796c92a78338dd9f03b4cc2cdf0b8
 AUX openssl-1.0.2-parallel-build.patch 10661 SHA256 bc5622150a964dc2d9909f41557140b696ce1bdfa4e2b12cc3e0e51029ead32b SHA512 a4957304a4424016cd8a1c6552c422cd042d737e12f96235ec54d1e601ccbe8cb79d931ac8777d1a599bd4a70eac4e6700a24362f14fb04eb273df82f2de0d01 WHIRLPOOL 5b34e45dcb0db6649e26d275925ca008f5201afbc22184e15c5324513bc0ed40ee271a70686e10a20bb219b3c4bd2148323b317ead97cdc27a3c897c0a07d228
-AUX openssl-1.0.2_beta2-ipv6.patch 18212 SHA256 92cd8a8713e26e569307a427d93572041d55b2cd862bd7384a9f16ca956580e8 SHA512 11949db52a9f9885b272cdfe3da7b5abb1307e1b047c9f54fa5bf0af98fe68c90cadccc8f856748d64abc446bbdbc1647465bd7cdb8baaa9967630d4e378a98d WHIRLPOOL bd47b347c66279c92a9a982cfffa296fdc8fd07f66f3befa722b5b847a1666e35edc4c37740f18a63379defcb1a6b7bb4db256717872c83901a4adace4d6398c
+AUX openssl-1.0.2-s_client-verify.patch 648 SHA256 b6ca2278dd9833f87a1d0037cb3cac8aee0f8326ff13ece1f08a536b8545eb77 SHA512 78b09ae700096205582785584a268776af46fc5bc94a0faa1ce6087ffcc945649e69269ff7fa88dedd5df1a5cdecc53e885de1e39506470f23b02028ca962104 WHIRLPOOL 8e7c90d37c1736b4b2f2c38d1c12dcfee4996a50a2a7dd07645a0c0b6616006d11232dd0f88ab735833e1c46aa171ceb5e1288c3d57296010bdda59295de7599
-DIST openssl-0.9.8za.tar.gz 3787508 SHA256 cdcb98d0fbc026ca798b17919334310271d3a593554ffd6a59659b9222fd4e48 SHA512 3e16cd427bb7da4c740fa56dbee3d3e77d59bc255a474be07521354ef1db507fbd3befd35e30eaabf1c84458602bfe0ec887167604a22ae832acdcb113edb753 WHIRLPOOL 6a8f9fead39dfeb0c4e702e8395dcb6554fac03c351d31693e08a613fba3be638dcd52c5feb583b68c7729efe5adc1f5bef8deae47590183b747462fe3873c3d
+AUX openssl-1.0.2a-malloc-typo.patch 1388 SHA256 0e1fb553295c90082f7ca8410f4bf5d879b73fb194b7ca2c42ad2c070f575110 SHA512 03d7d3d200a8e5ab72388370d6124769fa20e7d6c014f6078f5d690aa4616909c1ba2e1c5b5c873177a71794b00cab201142a5b22683ff6b943b84dbf13737b0 WHIRLPOOL a6919aa7b832192f40288d18cc42079629829fa8eb5a90c6232d52fe6b7433e9b44a36f2c63288aac9ff66886b5129d178d5303e65dc7194d858c3eea5730fd8
-DIST openssl-0.9.8zb.tar.gz 3727934 SHA256 950e2298237de1697168debd42860bf41ead618e0c03dc9a3a56e23258e435be SHA512 b563a7d9c7ae602aefb3ba8e5cd54d0460c805b7a4ef0b1b369907d6447f5b1977ebb1e261d37254a487d74d56f40bf825e2a279c6ae56ffcc9b7fd785dc7dbd WHIRLPOOL 60aeeb8171222d358c26361494c2d06f3cc6d66a385f3fcd58005e1220c3819add0e952cd4add16457191d8317b11efcdb7f6ae4696880d21a77c95df2c56a6a
+AUX openssl-1.0.2a-parallel-build.patch 11315 SHA256 eb5bd4e1eefb386b2fa60f39d08d9190a645bf09131140499db5bfc07e1ae539 SHA512 62fcde74c57b45047d43d8b24bfeae131bbca61c927eb7450811e9672ba2409575fe0e39ae25963609e38c5cd6a823eb11e2cec329a9a78b6a906209cf39ccd4 WHIRLPOOL 992a5b209415459084312019ee65bc22352592eeda4e5419abc64d5bbb07cd7eef49e3135bfaa38595133c5b5e4574ae87104b422c0fabe8507486289153fee0
-DIST openssl-0.9.8zc.tar.gz 3735406 SHA256 461cc694f29e72f59c22e7ea61bf44671a5fc2f8b3fc2eeac89714b7be915881 SHA512 e4a68857b509bbaa5c66bf43491541e309e37f136816a1380664488420805edc74dc7f94c6318e34e077b29d53d060f971ba69b9efcfa0da9605934b2be45ef4 WHIRLPOOL 5fef377db08b93dc67cda509beb7c366af10cca3dfab3ce9e9f89798169984691ddec784a02bc839e190ddc08641d337f3adf6b0ced3ed796a5ed4f247805e90
+AUX openssl-1.0.2a-x32-asm.patch 1487 SHA256 9f25af447f6acd835254ef42a04aa64ca7c70be82190093ce0cbc302df65bda4 SHA512 65462611b5ed58d1c295b63f59ede54f097aa67994fa00d0205148fd9b2da682c7de317ebd3c31b38317e587de9097bd928be7fd265d49b8e6d8743f57021255 WHIRLPOOL 1f7e13282adf4cd9d6239720675e91efd784ca9e44cfc6e5ad453bb56e2ab05f4021c56347a4879444ef4be136fe334e3600186889b8a585b0b95fc8af36ed4a
-DIST openssl-0.9.8zd.tar.gz 3737538 SHA256 59266dcfb0be0fbe6181edead044ac3edaf83bc58991f264dcf532b01d531ee3 SHA512 97c1dd58d57ebe76aa4d5aa4a31ad62660401c4dd5283276148a95de78a6f7c9547c14559cc3be2563af15b7b69eba35418496de6b39fa030fe055596758fb41 WHIRLPOOL 48bfda1d8f2c7919a95e59fa5a470ad4e19e82018818c7a1d84f86922ba626d01479777a6675113fa7038183dae089245ca0134a6fcc7303265ad4d4e0efc36b
+DIST openssl-0.9.8ze.tar.gz 3734873 SHA256 ee3da602826e975b47e4d7af8a27be8258c160876194898c58881eab814b55b8 SHA512 6ab08065ab2cdf6699e462e2a082e6d4c21f027383e12d4dd1d0dce2a4073ae52230494215b3fe24b8a8d73f5f5dd3a1fe53c66acd8db6e162e4bf3636e229c3 WHIRLPOOL 8a5de0aed7b48007b3b8092726c9c8eb6771c49d388baaff4d7ba3591be0b1856cb17842db5bc608994b38f5d87a8b07a441c874523e577b786a4612bba7789f
-DIST openssl-1.0.0p.tar.gz 4008663 SHA256 b745d11f19531620a2e7402167d54845d253f2da3e523c2d0950595aef104fc8 SHA512 0f9fc847160b4139f778cf64eaf7ad3220710f86dab9812cdade04638f236e069059b05caff47880b40db7bba8fedb3d7e944abff081f78f164c78fbab048953 WHIRLPOOL 6d0cadef7f4f9657cf55f12d76139a82ae9b854d4cbfa0c749708d09e6022a1299e0368c2713a0120b32e15c879be63557ee515747abcfcac71773cd34add067
+DIST openssl-0.9.8zf.tar.gz 3822386 SHA256 d5245a29128984192acc5b1fc01e37429b7a01c53cadcb2645e546718b300edb SHA512 8a68f024c31b7de25e19732ad556a27d69cface8e7a546ca4221873053a270e5e36336626f7fe857bbbec5427204bddbb5fc9dea8d7a187a8db6719d970431ab WHIRLPOOL 842e5bc71a12bf363fe797e95faf988ae949aa15f8faee935ee8861e4093e9d4e0b766b24dda8d415f29d2ee2821050cfc3ce095d265d59574e7fe0af4024c66
-DIST openssl-1.0.1j.tar.gz 4432964 SHA256 1b60ca8789ba6f03e8ef20da2293b8dc131c39d83814e775069f02d26354edf3 SHA512 a786bb99b68d88c1de79d3c5372767f091ebeefb5abc1d4883253fd3ab5a86af53389f5ff36fdd8faa27c5fb78be8bbff406392c373358697da80d250eadebb8 WHIRLPOOL 467aa3b02d04837e3281670401985e492d15b561c03b97246e3c8e61b0d3b1927332e3a226de4ed5bd02265a04fb31ce84c3501f4af9685633d00a9b43c56978
+DIST openssl-1.0.0r.tar.gz 4095201 SHA256 6538b33a1b95681c86ac8c5cc54d22835f0f0a5bf42ee6df4138c672d7e75f17 SHA512 a65292a7b43f7d0637952476356a95908b5843ca17f717158dd4d2171113192f04c92f4f9133bb4750172f06367dae64733aa239b90c52d4d9323f467012428f WHIRLPOOL 71c7d726a3a5d70735d4b34c3e00c15fa2ef8640801f8a265e4e92cf01db4a517630084dd7632850f3df6f4dbd848a3a7ec908a71db996a45c29f1ac53ac7877
-DIST openssl-1.0.1k.tar.gz 4434910 SHA256 8f9faeaebad088e772f4ef5e38252d472be4d878c6b3a2718c10a4fcebe7a41c SHA512 8b000fbd1bf919d9913a314f99aedd48a69f6caa4ccf43237889e73e08cbe0d82bfc27e9c7c4cade09fc459f91d6c4a831a9b3fc8bca0344fb864eadd7d1e8e8 WHIRLPOOL 5236a966d610c971e473cfc30e5412a72eef116fd259ada9c50da08bcd4ca967f80bb19babf530b4e5b9f1f24e9275e00391eb2e12a26d4544f593e2b4ba20b8
+DIST openssl-1.0.1l.tar.gz 4429979 SHA256 b2cf4d48fe5d49f240c61c9e624193a6f232b5ed0baf010681e725963c40d1d4 SHA512 27fe42f33815a3aafff75f2b9a5604c328fe5945c5cecaca74e5d2c2a1e066d64ddcc1fdb14b54fc7523cc730ab8a57d7d56b2879c289e86673f91fee0cca65e WHIRLPOOL 79f5698585c68ba647fcdfc4b342a43d06d69230658ca1bc265dd10d8da939c3e27b9a4125bd2adfbf50002b1dddef18be086dfc23a5050e69fb77350131909f
-DIST openssl-1.0.2-beta3.tar.gz 5149260 SHA256 264d2d5114d3da3c0e1712312ad0c77bd41757f1cc12f543250063d1e57259e6 SHA512 d18ce87429d0addba11a02d121affd16ec63237a97474167ae1ed914dbc5d284b090d72443b0bfed1e0ad165a37655dd96d3be87053b792a871515e819ccfa72 WHIRLPOOL 26bbce30122106cb5f36d426fb1f50c0bca952caf6d7224e17a6252a5731e3b4ec9da1a96553f152631e7b0243332d3c0f7c8bc2e512b64f3a126955d4355a53
+DIST openssl-1.0.1m.tar.gz 4533406 SHA256 095f0b7b09116c0c5526422088058dc7e6e000aa14d22acca6a4e2babcdfef74 SHA512 f37b60cb4449674d5c06a4056acc3d11f1c9773da6111148fa3fbf8d14362ba1ff5eb5e0c0e06c2b5c84543b2b974584617e393ca83de2230cbbe69b52975afc WHIRLPOOL c33cc05debc31d5044be4de58267e1a07281f28f9d68f4288d3da1c3cdfcff6939a47abe1f50b377272d0dbd9475ae5fec84919b0c53d37e0bd3d94c44f68c91
+DIST openssl-1.0.2.tar.gz 5265809 SHA256 8c48baf3babe0d505d16cfc0cf272589c66d3624264098213db0fb00034728e9 SHA512 dea46225a5445edc4986b02b99fbc90153819374b9a9bfdd892b60cd18ac7fefaf21a7e9d2bb05d0e3bfa4d2704e0ee24b06cc8e7081a542d7598cc9e73c67c5 WHIRLPOOL fe628a38125390deb75728b31427c308efbf65637a569fd1f139f6313fea533514ef05bf3d01bbdc793f77eb259400c95c53074a294d32d73576939d16f22e25
+DIST openssl-1.0.2a.tar.gz 5262089 SHA256 15b6393c20030aab02c8e2fe0243cb1d1d18062f6c095d67bca91871dc7f324a SHA512 02d228578824add52b73433d64697706e6503c2334933fe8dd6b477f59c430977012c3c34da207096229a425e1dcb6f3ae806043894b5ac98c27bbcddb794dd4 WHIRLPOOL a590c71794f5d29b80afa28b18621b7535e96b714b3690d793c1422a90b09a89cbcb912841d400c5982a8197bb02c13051190e96ba0e4d530509b48b43067cd7
 DIST openssl-c_rehash.sh.1.7 4167 SHA256 4999ee79892f52bd6a4a7baba9fac62262454d573bbffd72685d3aae9e48cee0 SHA512 55e8c2e827750a4f375cb83c86bfe2d166c01ffa5d7e9b16657b72b38b747c8985dd2c98f854c911dfbbee2ff3e92aff39fdf089d979b2e3534b7685ee8b80da WHIRLPOOL c88f06a3b8651f76b6289552cccceb64e13f6697c5f0ce3ff114c781ce1c218912b8ee308af9d087cd76a9600fdacda1953175bff07d7d3eb21b0c0b7f4f1ce1
-EBUILD openssl-0.9.8z_p1-r2.ebuild 4538 SHA256 f66c582eae2dd464bd42393c675d1452a7693681af7d479d346cd5e896fca697 SHA512 fd93cb629f8853964922547a8e8ff04f840eeedeacdd266e8bb75b96d12853c83a325ee45058a3f07265c1ac143f2be73616677465e1eeea95bde57d62093223 WHIRLPOOL b3b42ae1ef384ef220a5503d302674608578bd015b7041f33b782aa3cb79d69e35d51fb4f1b38d499187864fae755cf09fe7b71e81ebf86829e72f8f7e45f86c
+EBUILD openssl-0.9.8z_p5-r1.ebuild 5108 SHA256 d32cbde07bf210f2c8cd049400aac1a4b978f65b329869f0b21a0a09d80707b3 SHA512 fd5c39321e7999791d5e077b2298f3fe6f14378f5f5883491528684eabd69a522e4c16fbf832284258d24a8ba90d2747320adc040b87f2a30e439cf63a9d2388 WHIRLPOOL c8e2a914555839ae67e2111812110969a4dd627a79643c242d9762ba8d6648d3a52edba546089f61b7cf7f0f0b5e228cf6000cb949a6989614f879133191cd3c
-EBUILD openssl-0.9.8z_p2.ebuild 4981 SHA256 2e5abcc57ef84f093dfea05047746af19b364a885c72febf2d82e9b7fedac6e3 SHA512 fcf9fe7e968c89e74c905a5d21b75cbee92157cde55cfd7b345c37a26cf0c4e632c4883276bcc7fe6053e9c1eedb08d462034f8742f32964920a24ae498137f5 WHIRLPOOL 1d4e415755a4f6cb5f531c0e043b5aa3ffccc6f3b0e42e29708335dbcbee8f79076cb6602e190cefa649e2a1213fd8735935711fedfd29deee2c5f70985c4d97
+EBUILD openssl-0.9.8z_p6.ebuild 5051 SHA256 59167540165d8aa15cf1af22540d05e233606d7426f9f1c01fdb40f1256f23da SHA512 ddf5a417526098b6afa20da3b210b943e46461cf623880a5b60852fac3ab730804c0db59dda984e5c608f438d4dc54aa06c5e34064e7e8d0fca3c749580db49a WHIRLPOOL 8f622a14a129f786f3f3cd1861d47b63bdc0f55b848004a076751292292ea8726490ae75e3021fbe481b15e764ee8742ec58a2759c110ed6b0215333359688e7
-EBUILD openssl-0.9.8z_p3.ebuild 4989 SHA256 c9aa34c65343bbcfb7036186dff3a88015075afc5b4fe6c1c5cc2d103b76db64 SHA512 98699bb16870c53790b670f71e74dac94d2aeb4bc766e217872b2d79e007c52d7e25bcc86ea2f63fe3761a7a3a70d81bf288597fbc07e2b6c5b04d34bfec1a1e WHIRLPOOL 92c304ecf1f27edece67b4711429a94263bb82cc53c6e22425ade7e6f35129a1f80994892435deccbc7ea95cfe20a705b46362f5db950d123c1f3ab42c8a69bd
+EBUILD openssl-1.0.0r.ebuild 7105 SHA256 9a73119cf74c7e219a4a25edfb3b8510f46a97b5d54524dcf2e4bd10d1a80483 SHA512 5f55cba93417efd5a3d034d3f45df087fe3301ab87d5e0c9fcc601f2f3e7ed22f83dace214c131275f440702936523b84abe0b7c3845513800444a3762ad831e WHIRLPOOL bdeb464e6ad334878fb01a41ce2ef5ca1b293aba8a06ba5e693ad5f7ac7b0d483c75024a8cc9523b08d0ad2ddad2e8a0092a9d38b1a7c688ee607dfc2db7fef2
-EBUILD openssl-0.9.8z_p4.ebuild 4993 SHA256 331d66d214dfc81a496b8b323c675b0fe3e950427e5744228440c4a9ae6c5045 SHA512 f3035008bd9784b19bc647d9faaa7df97aecd715d81e64d14f20e2b62713bd2ee367ad52067a2dc2300573abd8b03bf040404eff98d49e6870a1e851e45fe22c WHIRLPOOL 952b271e0e5e588bdb7a52f88644c791a0bc42d979a2b3df36b73696e32c35943e470a4cefa72c0e4bdfb8e85845992f8692e1ae00719c85987b855aa7b423ed
+EBUILD openssl-1.0.1l-r1.ebuild 8880 SHA256 eed2ddde72a8e8d33027839ea595c1cac8ce93168db7aaa11ec909de1c89f6a4 SHA512 95983b1fbc937baa686b4265abf80b41c804946a8db15b1b1e7e282b408d61ab0d7c69c1970763b34a45876a4c822a662fafa47e976df797930d75ac458f7330 WHIRLPOOL 11d26c49e525bc162cadf7ab7ea068f480b21e9fe7e5b61eb8552c050d34371f5d4cf23257cf07c42b152dfdca0efbf78441f9942480bedf4b2ba032ac074903
-EBUILD openssl-1.0.0p.ebuild 7053 SHA256 9b9256cacd42ec7f7c454c985b759c3dc38cfa677c30626aff2952788532fd69 SHA512 58657ce4aa34f7efc7f6a97f50ae3e282c6a61cdfc87372eebc570e766fa2979752692e4cdff521fef66f0eaa13364b1424559793cba07e3e29eb3387cf7faca WHIRLPOOL 27cf19bd2a79c0742f3ec9592a1b1b14fef15695c4bba15e46399dc55ee869feacc1f611a5ecbccccfa5b66067caf2b60d40ce6d02af8750cb8fda4752574080
+EBUILD openssl-1.0.1m.ebuild 8825 SHA256 84b6db3267866e27dd0e20a446aa48b1ed153d9d863ee2ac40abb581a66781c5 SHA512 9a91a519fb3d3e7b1587b9ba79e0cadfc4a8ffd6d4dd0727131e880f15cef63a886284a3bfa22b7194229aefbc40750205ba65d011246b4c03112cc8ee2692f4 WHIRLPOOL 819642d7f8e8a13aabd816a680b475de737d259d7a260c5d621454bae3425034820c916f0d61ef023fa71ab723badb64fef2f508bd1383d6fafe9d953bbcbd7b
-EBUILD openssl-1.0.1j.ebuild 8753 SHA256 d8d6837da8e3e74531d752a181836087d214de18ce57ca985317badb1e4a8b97 SHA512 02a154b3aeb6ec4e51f872ae811c83ed27c0caac2ca25450f1ec54b4ce82367042e09600ddfc9e4fd4bcd439e24c8a5a0d787f74ba0d148e0d6fe44e0d6eb6d2 WHIRLPOOL b36cdf732b11cb9d36b4a328d67d000a99c3ab50a9372937e988734e705787ec2f68c195dfed1047df8b746abf6de6ea0a8961401c309af141531847a3e9eb9c
+EBUILD openssl-1.0.2-r3.ebuild 8925 SHA256 16b32e6b3a83e270e067558d29a80578576e23adca0f35a5a4176492c32170cf SHA512 25ca31b089457de899b1c2ba409041f4b1b866830aa27ac5b62e344f6141e4587d54d5c1d7e5530c3df36e6093613c8d34a0d7e96553f3427f5c374e498621dd WHIRLPOOL 38cf25a45265d8f01973f982c5c7bb16df6bd5e7ac4721f5aa84e8c95a066284ed538c688489bb06af7067b07bb1590ddcfee5be31a82aeca82f46bd25c04219
-EBUILD openssl-1.0.1k.ebuild 8765 SHA256 71637f7092bfd05dac9d4aa508301c16777103b3919ca9edb567758020a06f7c SHA512 1e07f21244282965e1cbc5137f277fb27f2a11b35b979148015e45c56565ff9b9ed38621900ce1e098e3616820e3ff3b534a10cbb27701f216e86f358e3976c0 WHIRLPOOL f57c1f246fe7cdd326dc09c84efc519b5016a3b090342ad10e9a5d12a9ba2e5954d58155fd3fae1ec75e3e0272190ab538c3e4d9a0d5af8381cef686029f773d
+EBUILD openssl-1.0.2a.ebuild 8892 SHA256 2fa0a89a32176ac0d385e869c709d7ea2e90a80f05af7c4c010d81fcbc37871b SHA512 955ba1256ee1136bd97d1075b31d6dcae8e0db163cd9603b0b99afff3bb7ff816833d30e69766b09efa648463129124f863408a4c7937eef44857d41980a0c62 WHIRLPOOL 30c6c6d9a955fc4be9066a5aada55ea074b151a9f8652fde27b88ddf49bfd29094acaadf320c5bdbde6c7c1bbea4bee7937c2dbadcec17a570f5a9b855f44da4
-EBUILD openssl-1.0.2_beta3.ebuild 8651 SHA256 f0a4eece15dd48460b0a3e7fcb2bdadd087d049ec0f5ff67194e4ce78dffa540 SHA512 a6c915f4c03d638470c8edb8f57a09b01d9709feb09c65a8fc4562088f28f94898946dcbbe800b4ecd8a523a100ac7e90a7003163c9159ef1c188711f7f36ce0 WHIRLPOOL 3624424fe3435d492035964b8c7bce134bce13b27cd3e508673aefe31477b42231cd3957e6bf0236ca2352a39e236db5939b4ece2709eecbafb2881117637b73
+MISC ChangeLog 99746 SHA256 07dbb2e005d3063619c80a41449a3d3bc7c1c80c1926e80021ddf734a6d1c677 SHA512 80b9712f357692b5c9972c592ecabfc4be4327e3174c57d1fb40cf8ac88e0d733cfd1dc44b5a8bdc7e6a3d4bc8c112fdb5f2ea7c6577af92d97c38a5e1ba3052 WHIRLPOOL e5ef6bc2d0335596959d84f9ea5ba7ed5fce5788f4016623a5e0bf1e7f074084a470ff60c70b7e9f2a5a69bed024eacfba89875e3cba0f136eff7f0a4eb91693
-MISC ChangeLog 94037 SHA256 481b89ed0245de4ec7cab6fe8c5fa16885669f369f906e4d16a8001342e8cd31 SHA512 360a63768d3d8dcc5df73a56f8dc713c5aa1f76b12a7cb399b58aa3c600efef26baa0051875d202b7df6ec0dde12220b0e9083f99e9c1eb3e52421e6771d18c1 WHIRLPOOL 85df1370028457fa1d86347149449083aecd06c015ace424fb2ef4a12c270812e653f12d89c47aa440a56bfdb7b582d55ba3d2cec6619b7e46db15bec9196525
+MISC metadata.xml 730 SHA256 229ceddc7f42d44d7cee107774dc210810cfcf866040306eb95e1c09da0279fc SHA512 31e307f60d08e38d39892f13f8d7bff9b530bf99d489983d224c9a0d061593448732f2a60beb70abc560672b49347567e20ea5692892274882bf4e955cbd52cd WHIRLPOOL edbcd6c8010d6282a798faf68279bb5a74420588f339ee2c59d110546a61d2911b30071bac8f7e2b60b33711d4d13b5226c6b5a195aa458ab8502fa1fe520c90
-MISC metadata.xml 562 SHA256 5c61e2a07ffdb4ba157e0add7f84ff74458c890092d5e6980fd936dfdb457c34 SHA512 f83769af7ffd223923b72a62db27cbc80ca31925b95b720845b6bedd2a9b52837f70f9da93ee43e272ceb3c8424a8c9f35a31ebd5274bc04c91cd63ace1af844 WHIRLPOOL d98f2af2cf3e13c09ad526a2fe06fe8ef02e1db20fd4e3843f1793a97c9ae6a2897308c84038a9a37d6d68fadc7af6d913b980f4f079dac36ea3860a33aca8c2
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
-iJwEAQEIAAYFAlSu5joACgkQG9wOWsQutdY/LgP/YB54ui9Pwe7KaB4vvl028phx
+iQIcBAEBCAAGBQJVDU/SAAoJEPGu1DbS6WIAbaQQAJmv3776CVOP3AL1csnX7ZPl
-/tDXgzQ0QCIdU5gqvJaCMUerPrGEMDBut8rfccKEOdn7mv1KHmhkaqdQiK1GdPEZ
+FQ1NAAFXn6YFmiPdPVXbDMymNGGU3UrpyANBwKcoQZFx3n2Gs9nhbl3O6Mth0Zfj
-X8U/vj1HGHTil8PTqk9jBJ+9v9SpGV3BtN/5vdPf1hTDWXkwJjer09H46CZf4dMi
+tjFY5sZv7sbp07WQ3itPMUteogkpegGHGRc8DzlNH7cHI964qlIy/2f0ifYuLh9+
-o4aGSjQBvZ9geXW7UVg=
+fMBY3PZC3sytM8k9baltXbw6fabfpHZtPrPSMwxFs/5tzTs6KQ4XVRGLxAbe5c71
-=PLB0
+TGQI3K93O39Wvuy3llcShWCurSQUnHOcUEqJ7YKyo/8WLQMNbTpqUQoA1h7nfdwT
+iiUR98MbyV0Uy0U8QRCSDBa5uqBnJSG5SCmvg4Z2s9atMzjZeDE3V5Xqt63WNW9p
+Cf9Zw1W9u8vKO2UDjeynn1zLDqgFrzZKCERUm1lS3cKDFqtLliuLgXOPzZp+LwAc
+tQ8oaNiHSoqT6WO9jbeyvkmNsfRVJXkyDQZX3/4jXOr4nVsq0bwSYG2lJu01kbyc
+Fuu7g0dNKnCOXQOFo8SPxCEgundsG/Y/YMpIS/9M0LgLTq8zVCsAQ+CqV49pftjt
+holCYswUUOiDvGnKrskRNvb1gR4jzDiKFtunLezCK04r13v5UQL8m8X+JGoQS6XT
+Bh11ZDASl8HMMoUhloeDWQZFsClMrEwbKq6Oz3yB335aTMshdaph2eKhGpxeggFz
+FXE3xz9s42BL2UY8BR6D
+=MhMh
 -----END PGP SIGNATURE-----

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-0.9.8ze-CVE-2015-0286.patch

@@ -0,0 +1,326 @@
+--- openssl-0.9.8ze/crypto/asn1/a_type.c
++++ openssl-0.9.8ze/crypto/asn1/a_type.c
+@@ -121,6 +121,9 @@
+ 	case V_ASN1_OBJECT:
+ 		result = OBJ_cmp(a->value.object, b->value.object);
+ 		break;
++	case V_ASN1_BOOLEAN:
++		result = a->value.boolean - b->value.boolean;
++		break;
+ 	case V_ASN1_NULL:
+ 		result = 0;	/* They do not have content. */
+ 		break;
+--- openssl-0.9.8ze/crypto/asn1/tasn_dec.c
++++ openssl-0.9.8ze/crypto/asn1/tasn_dec.c
+@@ -128,11 +128,17 @@
+ 	{
+ 	ASN1_TLC c;
+ 	ASN1_VALUE *ptmpval = NULL;
+-	if (!pval)
+-		pval = &ptmpval;
+ 	c.valid = 0;
+-	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+-		return *pval;
++	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++	    ptmpval = *pval;
++	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++	    if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++		if (*pval)
++		    ASN1_item_free(*pval, it);
++		*pval = ptmpval;
++	    }
++	    return ptmpval;
++	}
+ 	return NULL;
+ 	}
+ 
+@@ -309,9 +315,16 @@
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ 				goto auxerr;
+ 
+-		/* Allocate structure */
+-		if (!*pval && !ASN1_item_ex_new(pval, it))
+-			{
++		if (*pval) {
++		    /* Free up and zero CHOICE value if initialised */
++		    i = asn1_get_choice_selector(pval, it);
++		    if ((i >= 0) && (i < it->tcount)) {
++			tt = it->templates + i;
++			pchptr = asn1_get_field_ptr(pval, tt);
++			ASN1_template_free(pchptr, tt);
++			asn1_set_choice_selector(pval, -1, it);
++		    }
++		} else if (!ASN1_item_ex_new(pval, it)) {
+ 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ 						ERR_R_NESTED_ASN1_ERROR);
+ 			goto err;
+@@ -405,6 +418,17 @@
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+ 				goto auxerr;
+ 
++		/* Free up and zero any ADB found */
++		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++		    if (tt->flags & ASN1_TFLG_ADB_MASK) {
++			const ASN1_TEMPLATE *seqtt;
++			ASN1_VALUE **pseqval;
++			seqtt = asn1_do_adb(pval, tt, 1);
++			pseqval = asn1_get_field_ptr(pval, seqtt);
++			ASN1_template_free(pseqval, seqtt);
++		    }
++		}
++
+ 		/* Get each field entry */
+ 		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ 			{
+--- openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
++++ openssl-0.9.8ze/crypto/pkcs7/pk7_doit.c
+@@ -151,6 +151,25 @@
+ 	EVP_PKEY *pkey;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++	return NULL;
++    }
++    /*
++     * The content field in the PKCS7 ContentInfo is optional, but that really
++     * only applies to inner content (precisely, detached signatures).
++     *
++     * When reading content, missing outer content is therefore treated as an
++     * error.
++     *
++     * When creating content, PKCS7_content_new() must be called before
++     * calling this method, so a NULL p7->d is always an error.
++     */
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++	return NULL;
++    }
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -344,6 +363,16 @@
+ 	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
+ 	PKCS7_RECIP_INFO *ri=NULL;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++	return NULL;
++    }
++    
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++	return NULL;
++    }
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -637,6 +666,16 @@
+ 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++	return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++	return 0;
++    }
++
+ 	EVP_MD_CTX_init(&ctx_tmp);
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+@@ -668,6 +707,7 @@
+ 		/* If detached data then the content is excluded */
+ 		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.sign->contents->d.data = NULL;
+ 		}
+ 		break;
+@@ -678,6 +718,7 @@
+ 		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ 			{
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.digest->contents->d.data = NULL;
+ 			}
+ 		break;
+@@ -815,6 +856,11 @@
+ 
+ 	if (!PKCS7_is_detached(p7))
+ 		{
++		/*
++		 * NOTE(emilia): I think we only reach os == NULL here because detached
++		 */
++		if (os == NULL)
++		    goto err;
+ 		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+ 		if (btmp == NULL)
+ 			{
+@@ -849,6 +895,16 @@
+ 	STACK_OF(X509) *cert;
+ 	X509 *x509;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++	return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++	return 0;
++    }
++
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		cert=p7->d.sign->cert;
+--- openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
++++ openssl-0.9.8ze/crypto/pkcs7/pk7_lib.c
+@@ -70,6 +70,7 @@
+ 
+ 	switch (cmd)
+ 		{
++	/* NOTE(emilia): does not support detached digested data. */
+ 	case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ 		if (nid == NID_pkcs7_signed)
+ 			{
+@@ -473,6 +474,8 @@
+ 
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ 	{
++	if (p7 == NULL || p7->d.ptr == NULL)
++		return NULL;
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		return(p7->d.sign->signer_info);
+--- openssl-0.9.8ze/doc/crypto/d2i_X509.pod
++++ openssl-0.9.8ze/doc/crypto/d2i_X509.pod
+@@ -199,6 +199,12 @@
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+ 
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -210,7 +216,9 @@
+ 
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>. 
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+ 
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
+--- openssl-0.9.8ze/ssl/s2_lib.c
++++ openssl-0.9.8ze/ssl/s2_lib.c
+@@ -410,7 +410,7 @@
+ 
+ 		OPENSSL_assert(s->session->master_key_length >= 0
+ 		    && s->session->master_key_length
+-		    < (int)sizeof(s->session->master_key));
++		    <= (int)sizeof(s->session->master_key));
+ 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ 		EVP_DigestUpdate(&ctx,&c,1);
+ 		c++;
+--- openssl-0.9.8ze/ssl/s2_srvr.c
++++ openssl-0.9.8ze/ssl/s2_srvr.c
+@@ -446,10 +446,6 @@
+ 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ 		return(-1);
+ 		}
+-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+-
+ 	is_export=SSL_C_IS_EXPORT(s->session->cipher);
+ 	
+ 	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL))
+@@ -467,21 +463,59 @@
+ 	else
+ 		ek=5;
+ 
++	/*
++	 * The format of the CLIENT-MASTER-KEY message is
++	 * 1 byte message type
++	 * 3 bytes cipher
++	 * 2-byte clear key length (stored in s->s2->tmp.clear)
++	 * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++	 * 2-byte key args length (IV etc)
++	 * clear key
++	 * encrypted key
++	 * key args
++	 *
++	 * If the cipher is an export cipher, then the encrypted key bytes
++	 * are a fixed portion of the total key (5 or 8 bytes). The size of
++	 * this portion is in |ek|. If the cipher is not an export cipher,
++	 * then the entire key material is encrypted (i.e., clear key length
++	 * must be zero).
++	 */
++	if ((!is_export && s->s2->tmp.clear != 0) ||
++	    (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++	    ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++	    SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++	    return -1;
++	}
++	/*
++	 * The encrypted blob must decrypt to the encrypted portion of the key.
++	 * Decryption can't be expanding, so if we don't have enough encrypted
++	 * bytes to fit the key in the buffer, stop now.
++	 */
++	if ((is_export && s->s2->tmp.enc < ek) ||
++	    (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++	    ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++	    SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++	    return -1;
++	}
++
++	i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++				    &(p[s->s2->tmp.clear]),
++				    &(p[s->s2->tmp.clear]),
++				    (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++				    RSA_PKCS1_PADDING);
++
+ 	/* bad decrypt */
+ #if 1
+ 	/* If a bad decrypt, continue with protocol but with a
+ 	 * random master secret (Bleichenbacher attack) */
+-	if ((i < 0) ||
+-		((!is_export && (i != EVP_CIPHER_key_length(c)))
+-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+-			(unsigned int)EVP_CIPHER_key_length(c))))))
+-		{
++	if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++			|| (is_export && i != ek))) {
+ 		ERR_clear_error();
+ 		if (is_export)
+ 			i=ek;
+ 		else
+ 			i=EVP_CIPHER_key_length(c);
+-		if (RAND_pseudo_bytes(p,i) <= 0)
++		if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ 			return 0;
+ 		}
+ #else
+@@ -505,7 +539,8 @@
+ 		}
+ #endif
+ 
+-	if (is_export) i+=s->s2->tmp.clear;
++	if (is_export)
++		i = EVP_CIPHER_key_length(c);
+ 
+ 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ 		{

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.0e-x32.patch

@@ -1,92 +0,0 @@
-http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=51bfed2e26fc13a66e8b5710aa2ce1d7a04af721
-
-UpstreamStatus: Pending
-
-Received from H J Liu @ Intel
-Make the assembly syntax compatible with x32 gcc. Othewise x32 gcc throws errors.
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/07/13
-
-ported the patch to the 1.0.0e version
-Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> 2011/12/01
-Index: openssl-1.0.0e/Configure
-===================================================================
---- openssl-1.0.0e.orig/Configure
-+++ openssl-1.0.0e/Configure
-@@ -393,6 +393,7 @@ my %table=(
- "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-+"linux-x32",	"gcc:-DL_ENDIAN 	-DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
- "linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
- #### SPARC Linux setups
- # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
-Index: openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/asm/x86_64-gcc.c
-+++ openssl-1.0.0e/crypto/bn/asm/x86_64-gcc.c
-@@ -55,7 +55,7 @@
-  *    machine.
-  */
- 
--#ifdef _WIN64
-+#if defined _WIN64 || !defined __LP64__
- #define BN_ULONG unsigned long long
- #else
- #define BN_ULONG unsigned long
-@@ -192,9 +192,9 @@ BN_ULONG bn_add_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	adcq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	adcq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-@@ -215,9 +215,9 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, con
- 	asm (
- 	"	subq	%2,%2		\n"
- 	".p2align 4			\n"
--	"1:	movq	(%4,%2,8),%0	\n"
--	"	sbbq	(%5,%2,8),%0	\n"
--	"	movq	%0,(%3,%2,8)	\n"
-+	"1:	movq	(%q4,%2,8),%0	\n"
-+	"	sbbq	(%q5,%2,8),%0	\n"
-+	"	movq	%0,(%q3,%2,8)	\n"
- 	"	leaq	1(%2),%2	\n"
- 	"	loop	1b		\n"
- 	"	sbbq	%0,%0		\n"
-Index: openssl-1.0.0e/crypto/bn/bn.h
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/bn.h
-+++ openssl-1.0.0e/crypto/bn/bn.h
-@@ -172,6 +172,13 @@ extern "C" {
- # endif
- #endif
- 
-+/* Address type.  */
-+#ifdef _WIN64
-+#define BN_ADDR unsigned long long
-+#else
-+#define BN_ADDR unsigned long
-+#endif
-+
- /* assuming long is 64bit - this is the DEC Alpha
-  * unsigned long long is only 64 bits :-(, don't define
-  * BN_LLONG for the DEC Alpha */
-Index: openssl-1.0.0e/crypto/bn/bn_exp.c
-===================================================================
---- openssl-1.0.0e.orig/crypto/bn/bn_exp.c
-+++ openssl-1.0.0e/crypto/bn/bn_exp.c
-@@ -561,7 +561,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
- 
- /* Given a pointer value, compute the next address that is a cache line multiple. */
- #define MOD_EXP_CTIME_ALIGN(x_) \
--	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
-+	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
- 
- /* This variant of BN_mod_exp_mont() uses fixed windows and the special
-  * precomputation memory layout to limit data-dependency to a minimum

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.0r-x32.patch

@@ -0,0 +1,76 @@
+--- openssl-1.0.0r/Configure
++++ openssl-1.0.0r/Configure
+@@ -353,6 +353,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32",	"gcc:-DL_ENDIAN 	-DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### SPARC Linux setups
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+--- openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.0r/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+  *    machine.
+  */
+ 
+-# ifdef _WIN64
++# if defined _WIN64 || !defined __LP64__
+ #  define BN_ULONG unsigned long long
+ # else
+ #  define BN_ULONG unsigned long
+@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons
+ 
+     asm volatile ("       subq    %2,%2           \n"
+                   ".p2align 4                     \n"
+-                  "1:     movq    (%4,%2,8),%0    \n"
+-                  "       adcq    (%5,%2,8),%0    \n"
+-                  "       movq    %0,(%3,%2,8)    \n"
++                  "1:     movq    (%q4,%2,8),%0   \n"
++                  "       adcq    (%q5,%2,8),%0   \n"
++                  "       movq    %0,(%q3,%2,8)   \n"
+                   "       leaq    1(%2),%2        \n"
+                   "       loop    1b              \n"
+                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n),
+@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons
+ 
+     asm volatile ("       subq    %2,%2           \n"
+                   ".p2align 4                     \n"
+-                  "1:     movq    (%4,%2,8),%0    \n"
+-                  "       sbbq    (%5,%2,8),%0    \n"
+-                  "       movq    %0,(%3,%2,8)    \n"
++                  "1:     movq    (%q4,%2,8),%0   \n"
++                  "       sbbq    (%q5,%2,8),%0   \n"
++                  "       movq    %0,(%q3,%2,8)   \n"
+                   "       leaq    1(%2),%2        \n"
+                   "       loop    1b              \n"
+                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n),
+--- openssl-1.0.0r/crypto/bn/bn_exp.c
++++ openssl-1.0.0r/crypto/bn/bn_exp.c
+@@ -564,7 +564,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBU
+  * multiple.
+  */
+ #define MOD_EXP_CTIME_ALIGN(x_) \
+-        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
++        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ADDR)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+ 
+ /*
+  * This variant of BN_mod_exp_mont() uses fixed windows and the special
+--- openssl-1.0.0r/crypto/bn/bn.h
++++ openssl-1.0.0r/crypto/bn/bn.h
+@@ -174,6 +174,15 @@ extern "C" {
+ # endif
+ 
+ /*
++ * Address type.
++ */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
++/*
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+  */

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1l-CVE-2015-0286.patch

@@ -0,0 +1,356 @@
+--- openssl-1.0.1l/crypto/asn1/a_type.c
++++ openssl-1.0.1l/crypto/asn1/a_type.c
+@@ -124,6 +124,9 @@
+ 	case V_ASN1_OBJECT:
+ 		result = OBJ_cmp(a->value.object, b->value.object);
+ 		break;
++	case V_ASN1_BOOLEAN:
++		result = a->value.boolean - b->value.boolean;
++		break;
+ 	case V_ASN1_NULL:
+ 		result = 0;	/* They do not have content. */
+ 		break;
+--- openssl-1.0.1l/crypto/asn1/tasn_dec.c
++++ openssl-1.0.1l/crypto/asn1/tasn_dec.c
+@@ -130,11 +130,17 @@
+ 	{
+ 	ASN1_TLC c;
+ 	ASN1_VALUE *ptmpval = NULL;
+-	if (!pval)
+-		pval = &ptmpval;
+ 	asn1_tlc_clear_nc(&c);
+-	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
+-		return *pval;
++	if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++	    ptmpval = *pval;
++	if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++	    if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++		if (*pval)
++		    ASN1_item_free(*pval, it);
++		*pval = ptmpval;
++	    }
++	    return ptmpval;
++	}
+ 	return NULL;
+ 	}
+ 
+@@ -311,9 +317,16 @@
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+ 
+-		/* Allocate structure */
+-		if (!*pval && !ASN1_item_ex_new(pval, it))
+-			{
++		if (*pval) {
++		    /* Free up and zero CHOICE value if initialised */
++		    i = asn1_get_choice_selector(pval, it);
++		    if ((i >= 0) && (i < it->tcount)) {
++			tt = it->templates + i;
++			pchptr = asn1_get_field_ptr(pval, tt);
++			ASN1_template_free(pchptr, tt);
++			asn1_set_choice_selector(pval, -1, it);
++		    }
++		} else if (!ASN1_item_ex_new(pval, it)) {
+ 			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+ 						ERR_R_NESTED_ASN1_ERROR);
+ 			goto err;
+@@ -407,6 +420,17 @@
+ 		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+ 				goto auxerr;
+ 
++		/* Free up and zero any ADB found */
++		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++		    if (tt->flags & ASN1_TFLG_ADB_MASK) {
++			const ASN1_TEMPLATE *seqtt;
++			ASN1_VALUE **pseqval;
++			seqtt = asn1_do_adb(pval, tt, 1);
++			pseqval = asn1_get_field_ptr(pval, seqtt);
++			ASN1_template_free(pseqval, seqtt);
++		    }
++		}
++
+ 		/* Get each field entry */
+ 		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
+ 			{
+--- openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
++++ openssl-1.0.1l/crypto/pkcs7/pk7_doit.c
+@@ -272,6 +272,25 @@
+ 	PKCS7_RECIP_INFO *ri=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++	return NULL;
++    }
++    /*
++     * The content field in the PKCS7 ContentInfo is optional, but that really
++     * only applies to inner content (precisely, detached signatures).
++     *
++     * When reading content, missing outer content is therefore treated as an
++     * error.
++     *
++     * When creating content, PKCS7_content_new() must be called before
++     * calling this method, so a NULL p7->d is always an error.
++     */
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++	return NULL;
++    }
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -433,6 +452,16 @@
+        unsigned char *ek = NULL, *tkey = NULL;
+        int eklen = 0, tkeylen = 0;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++	return NULL;
++    }
++    
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++	return NULL;
++    }
++
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+ 
+@@ -752,6 +781,16 @@
+ 	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
+ 	ASN1_OCTET_STRING *os=NULL;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++	return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++	return 0;
++    }
++
+ 	EVP_MD_CTX_init(&ctx_tmp);
+ 	i=OBJ_obj2nid(p7->type);
+ 	p7->state=PKCS7_S_HEADER;
+@@ -796,6 +835,7 @@
+ 		/* If detached data then the content is excluded */
+ 		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.sign->contents->d.data = NULL;
+ 		}
+ 		break;
+@@ -806,6 +846,7 @@
+ 		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
+ 			{
+ 			M_ASN1_OCTET_STRING_free(os);
++			os = NULL;
+ 			p7->d.digest->contents->d.data = NULL;
+ 			}
+ 		break;
+@@ -878,24 +919,31 @@
+ 		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+ 		}
+ 
+-	if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF))
+-		{
++	if (!PKCS7_is_detached(p7)) {
++	    /*
++	     * NOTE(emilia): I think we only reach os == NULL here because detached
++	     * digested data support is broken.
++	     */
++	    if (os == NULL)
++		goto err;
++	    if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
+ 		char *cont;
+ 		long contlen;
+-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
+-		if (btmp == NULL)
+-			{
+-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+-			goto err;
+-			}
++		btmp = BIO_find_type(bio, BIO_TYPE_MEM);
++		if (btmp == NULL) {
++		    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++		    goto err;
++		}
+ 		contlen = BIO_get_mem_data(btmp, &cont);
+-		/* Mark the BIO read only then we can use its copy of the data
++		/*
++		 * Mark the BIO read only then we can use its copy of the data
+ 		 * instead of making an extra copy.
+ 		 */
+ 		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+ 		BIO_set_mem_eof_return(btmp, 0);
+ 		ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
+-		}
++	    }
++	}
+ 	ret=1;
+ err:
+ 	EVP_MD_CTX_cleanup(&ctx_tmp);
+@@ -971,6 +1019,16 @@
+ 	STACK_OF(X509) *cert;
+ 	X509 *x509;
+ 
++    if (p7 == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++	return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++	PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++	return 0;
++    }
++
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		cert=p7->d.sign->cert;
+--- openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
++++ openssl-1.0.1l/crypto/pkcs7/pk7_lib.c
+@@ -71,6 +71,7 @@
+ 
+ 	switch (cmd)
+ 		{
++	/* NOTE(emilia): does not support detached digested data. */
+ 	case PKCS7_OP_SET_DETACHED_SIGNATURE:
+ 		if (nid == NID_pkcs7_signed)
+ 			{
+@@ -459,6 +460,8 @@
+ 
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ 	{
++	if (p7 == NULL || p7->d.ptr == NULL)
++		return NULL;
+ 	if (PKCS7_type_is_signed(p7))
+ 		{
+ 		return(p7->d.sign->signer_info);
+--- openssl-1.0.1l/doc/crypto/d2i_X509.pod
++++ openssl-1.0.1l/doc/crypto/d2i_X509.pod
+@@ -199,6 +199,12 @@
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+ 
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -210,7 +216,9 @@
+ 
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>. 
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+ 
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
+--- openssl-1.0.1l/ssl/s2_lib.c
++++ openssl-1.0.1l/ssl/s2_lib.c
+@@ -488,7 +488,7 @@
+ 
+ 		OPENSSL_assert(s->session->master_key_length >= 0
+ 		    && s->session->master_key_length
+-		    < (int)sizeof(s->session->master_key));
++		    <= (int)sizeof(s->session->master_key));
+ 		EVP_DigestUpdate(&ctx,s->session->master_key,s->session->master_key_length);
+ 		EVP_DigestUpdate(&ctx,&c,1);
+ 		c++;
+--- openssl-1.0.1l/ssl/s2_srvr.c
++++ openssl-1.0.1l/ssl/s2_srvr.c
+@@ -454,10 +454,6 @@
+ 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_NO_PRIVATEKEY);
+ 		return(-1);
+ 		}
+-	i=ssl_rsa_private_decrypt(s->cert,s->s2->tmp.enc,
+-		&(p[s->s2->tmp.clear]),&(p[s->s2->tmp.clear]),
+-		(s->s2->ssl2_rollback)?RSA_SSLV23_PADDING:RSA_PKCS1_PADDING);
+-
+ 	is_export=SSL_C_IS_EXPORT(s->session->cipher);
+ 	
+ 	if (!ssl_cipher_get_evp(s->session,&c,&md,NULL,NULL,NULL))
+@@ -475,21 +471,59 @@
+ 	else
+ 		ek=5;
+ 
++	/*
++	 * The format of the CLIENT-MASTER-KEY message is
++	 * 1 byte message type
++	 * 3 bytes cipher
++	 * 2-byte clear key length (stored in s->s2->tmp.clear)
++	 * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++	 * 2-byte key args length (IV etc)
++	 * clear key
++	 * encrypted key
++	 * key args
++	 *
++	 * If the cipher is an export cipher, then the encrypted key bytes
++	 * are a fixed portion of the total key (5 or 8 bytes). The size of
++	 * this portion is in |ek|. If the cipher is not an export cipher,
++	 * then the entire key material is encrypted (i.e., clear key length
++	 * must be zero).
++	 */
++	if ((!is_export && s->s2->tmp.clear != 0) ||
++	    (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++	    ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++	    SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++	    return -1;
++	}
++	/*
++	 * The encrypted blob must decrypt to the encrypted portion of the key.
++	 * Decryption can't be expanding, so if we don't have enough encrypted
++	 * bytes to fit the key in the buffer, stop now.
++	 */
++	if ((is_export && s->s2->tmp.enc < ek) ||
++	    (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++	    ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++	    SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++	    return -1;
++	}
++
++	i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++				    &(p[s->s2->tmp.clear]),
++				    &(p[s->s2->tmp.clear]),
++				    (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++				    RSA_PKCS1_PADDING);
++
+ 	/* bad decrypt */
+ #if 1
+ 	/* If a bad decrypt, continue with protocol but with a
+ 	 * random master secret (Bleichenbacher attack) */
+-	if ((i < 0) ||
+-		((!is_export && (i != EVP_CIPHER_key_length(c)))
+-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+-			(unsigned int)EVP_CIPHER_key_length(c))))))
+-		{
++	if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++			|| (is_export && i != ek))) {
+ 		ERR_clear_error();
+ 		if (is_export)
+ 			i=ek;
+ 		else
+ 			i=EVP_CIPHER_key_length(c);
+-		if (RAND_pseudo_bytes(p,i) <= 0)
++		if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+ 			return 0;
+ 		}
+ #else
+@@ -513,7 +547,8 @@
+ 		}
+ #endif
+ 
+-	if (is_export) i+=s->s2->tmp.clear;
++	if (is_export)
++		i = EVP_CIPHER_key_length(c);
+ 
+ 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+ 		{

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1m-ipv6.patch

@@ -0,0 +1,618 @@
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+
+Forward ported from openssl-1.0.1h-ipv6.patch
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+--- openssl-1.0.1m/apps/s_apps.h
++++ openssl-1.0.1m/apps/s_apps.h
+@@ -153,7 +153,7 @@ typedef fd_mask fd_set;
+ 
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, unsigned char *context),
+-              unsigned char *context);
++              unsigned char *context, int use_ipv4, int use_ipv6);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -161,7 +161,8 @@ int MS_CALLBACK verify_callback(int ok,
+ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
+ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+ #endif
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, int port, int type,
++		int use_ipv4, int use_ipv6);
+ int should_retry(int i);
+ int extract_port(char *str, short *port_ptr);
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+--- openssl-1.0.1m/apps/s_client.c
++++ openssl-1.0.1m/apps/s_client.c
+@@ -299,6 +299,10 @@ static void sc_usage(void)
+ {
+     BIO_printf(bio_err, "usage: s_client args\n");
+     BIO_printf(bio_err, "\n");
++    BIO_printf(bio_err," -4             - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err," -6             - use IPv6 only\n");
++#endif    
+     BIO_printf(bio_err, " -host host     - use -connect instead\n");
+     BIO_printf(bio_err, " -port port     - use -connect instead\n");
+     BIO_printf(bio_err,
+@@ -629,6 +633,7 @@ int MAIN(int argc, char **argv)
+     int sbuf_len, sbuf_off;
+     fd_set readfds, writefds;
+     short port = PORT;
++    int use_ipv4, use_ipv6;
+     int full_log = 1;
+     char *host = SSL_HOST_NAME;
+     char *cert_file = NULL, *key_file = NULL;
+@@ -673,7 +678,11 @@ int MAIN(int argc, char **argv)
+ #endif
+     char *sess_in = NULL;
+     char *sess_out = NULL;
+-    struct sockaddr peer;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage peer;
++#else
++    struct sockaddr_in peer;	
++#endif
+     int peerlen = sizeof(peer);
+     int fallback_scsv = 0;
+     int enable_timeouts = 0;
+@@ -689,6 +698,13 @@ int MAIN(int argc, char **argv)
+ 
+     meth = SSLv23_client_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
++
+     apps_startup();
+     c_Pause = 0;
+     c_quiet = 0;
+@@ -985,6 +1001,16 @@ int MAIN(int argc, char **argv)
+             jpake_secret = *++argv;
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -1256,7 +1282,7 @@ int MAIN(int argc, char **argv)
+ 
+  re_start:
+ 
+-    if (init_client(&s, host, port, socket_type) == 0) {
++    if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
+         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+         SHUTDOWN(s);
+         goto end;
+@@ -1279,7 +1305,7 @@ int MAIN(int argc, char **argv)
+     if (SSL_version(con) == DTLS1_VERSION) {
+ 
+         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+-        if (getsockname(s, &peer, (void *)&peerlen) < 0) {
++        if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
+             BIO_printf(bio_err, "getsockname:errno=%d\n",
+                        get_last_socket_error());
+             SHUTDOWN(s);
+--- openssl-1.0.1m/apps/s_server.c
++++ openssl-1.0.1m/apps/s_server.c
+@@ -609,6 +609,10 @@ static void sv_usage(void)
+                " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
+ # endif
+ #endif
++    BIO_printf(bio_err," -4            - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err," -6            - use IPv6 only\n");
++#endif
+     BIO_printf(bio_err,
+                " -keymatexport label   - Export keying material using label\n");
+     BIO_printf(bio_err,
+@@ -1003,6 +1007,7 @@ int MAIN(int argc, char *argv[])
+     int state = 0;
+     const SSL_METHOD *meth = NULL;
+     int socket_type = SOCK_STREAM;
++    int use_ipv4, use_ipv6;
+     ENGINE *e = NULL;
+     char *inrand = NULL;
+     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+@@ -1031,6 +1036,13 @@ int MAIN(int argc, char *argv[])
+ #endif
+     meth = SSLv23_server_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
++
+     local_argc = argc;
+     local_argv = argv;
+ 
+@@ -1356,6 +1368,16 @@ int MAIN(int argc, char *argv[])
+             jpake_secret = *(++argv);
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -1850,9 +1872,11 @@ int MAIN(int argc, char *argv[])
+     BIO_printf(bio_s_out, "ACCEPT\n");
+     (void)BIO_flush(bio_s_out);
+     if (www)
+-        do_server(port, socket_type, &accept_socket, www_body, context);
++        do_server(port, socket_type, &accept_socket, www_body, context,
++    		    use_ipv4, use_ipv6);
+     else
+-        do_server(port, socket_type, &accept_socket, sv_body, context);
++        do_server(port, socket_type, &accept_socket, sv_body, context,
++    		    use_ipv4, use_ipv6);
+     print_stats(bio_s_out, ctx);
+     ret = 0;
+  end:
+--- openssl-1.0.1m/apps/s_socket.c
++++ openssl-1.0.1m/apps/s_socket.c
+@@ -101,16 +101,16 @@ typedef unsigned int u_int;
+ #  include "netdb.h"
+ # endif
+ 
+-static struct hostent *GetHostByName(char *name);
++static struct hostent *GetHostByName(char *name, int domain);
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ static void ssl_sock_cleanup(void);
+ # endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port, char *ip, int type);
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
+ static int do_accept(int acc_sock, int *sock, char **host);
+-static int host_ip(char *str, unsigned char ip[4]);
++static int host_ip(char *str, unsigned char *ip, int domain);
+ 
+ # ifdef OPENSSL_SYS_WIN16
+ #  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
+@@ -231,38 +231,66 @@ static int ssl_sock_init(void)
+     return (1);
+ }
+ 
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
+ {
++#if OPENSSL_USE_IPV6
++    unsigned char ip[16];
++#else
+     unsigned char ip[4];
++#endif
+ 
+-    memset(ip, '\0', sizeof ip);
+-    if (!host_ip(host, &(ip[0])))
+-        return 0;
+-    return init_client_ip(sock, ip, port, type);
+-}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-{
+-    unsigned long addr;
++    if (use_ipv4)
++	if (host_ip(host,ip,AF_INET))
++	    return(init_client_ip(sock,ip,port,type,AF_INET));
++#if OPENSSL_USE_IPV6
++    if (use_ipv6)
++	if (host_ip(host,ip,AF_INET6))
++	    return(init_client_ip(sock,ip,port,type,AF_INET6));
++#endif
++    return 0;
++}
++
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
++{
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage them;
++    struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
++    struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
++#else
+     struct sockaddr_in them;
++    struct sockaddr_in *them_in = &them;
++#endif
++    socklen_t addr_len;
+     int s, i;
+ 
+     if (!ssl_sock_init())
+         return (0);
+ 
+     memset((char *)&them, 0, sizeof(them));
+-    them.sin_family = AF_INET;
+-    them.sin_port = htons((unsigned short)port);
+-    addr = (unsigned long)
+-        ((unsigned long)ip[0] << 24L) |
+-        ((unsigned long)ip[1] << 16L) |
+-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+-    them.sin_addr.s_addr = htonl(addr);
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	them_in->sin_family=AF_INET;
++	them_in->sin_port=htons((unsigned short)port);
++#ifndef BIT_FIELD_LIMITS
++	memcpy(&them_in->sin_addr.s_addr, ip, 4);
++#else
++	memcpy(&them_in->sin_addr, ip, 4);
++#endif
++    } else {
++#if OPENSSL_USE_IPV6
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	them_in6->sin6_family=AF_INET6;
++	them_in6->sin6_port=htons((unsigned short)port);
++	memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
++    }
++#else
++    return(0);
++#endif
+ 
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++        s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+     else                        /* ( type == SOCK_DGRAM) */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++        s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET) {
+         perror("socket");
+@@ -280,7 +308,7 @@ static int init_client_ip(int *sock, uns
+     }
+ # endif
+ 
+-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
++    if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
+         closesocket(s);
+         perror("connect");
+         return (0);
+@@ -291,14 +319,14 @@ static int init_client_ip(int *sock, uns
+ 
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, unsigned char *context),
+-              unsigned char *context)
++              unsigned char *context, int use_ipv4, int use_ipv6)
+ {
+     int sock;
+     char *name = NULL;
+     int accept_socket = 0;
+     int i;
+ 
+-    if (!init_server(&accept_socket, port, type))
++    if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
+         return (0);
+ 
+     if (ret != NULL) {
+@@ -325,32 +353,45 @@ int do_server(int port, int type, int *r
+     }
+ }
+ 
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server_long(int *sock, int port, char *ip, int type,
++			    int use_ipv4, int use_ipv6)
+ {
+     int ret = 0;
++    int domain;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage server;
++    struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
++    struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
++#else
+     struct sockaddr_in server;
++    struct sockaddr_in *server_in = &server;
++#endif
++    socklen_t addr_len;
+     int s = -1;
+ 
++    if (!use_ipv4 && !use_ipv6)
++	goto err;
++#if OPENSSL_USE_IPV6
++    /*
++     * we are fine here
++     */
++#else
++    if (use_ipv6)
++	goto err;
++#endif
+     if (!ssl_sock_init())
+         return (0);
+ 
+-    memset((char *)&server, 0, sizeof(server));
+-    server.sin_family = AF_INET;
+-    server.sin_port = htons((unsigned short)port);
+-    if (ip == NULL)
+-        server.sin_addr.s_addr = INADDR_ANY;
+-    else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-# ifndef BIT_FIELD_LIMITS
+-        memcpy(&server.sin_addr.s_addr, ip, 4);
++#if OPENSSL_USE_IPV6
++    domain = use_ipv6 ? AF_INET6 : AF_INET;
+ # else
+-        memcpy(&server.sin_addr, ip, 4);
++    domain = AF_INET;
+ # endif
+ 
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++        s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+     else                        /* type == SOCK_DGRAM */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++        s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET)
+         goto err;
+@@ -360,7 +401,44 @@ static int init_server_long(int *sock, i
+         setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+     }
+ # endif
+-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
++#if OPENSSL_USE_IPV6
++    if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
++	const int on = 1;
++
++	setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++		    (const void *) &on, sizeof(int));
++    }
++#endif
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	memset(server_in, 0, sizeof(struct sockaddr_in));
++	server_in->sin_family=AF_INET;
++	server_in->sin_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in->sin_addr.s_addr = htonl(INADDR_ANY);
++	else
++/*
++ * Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov)
++ */
++#ifndef BIT_FIELD_LIMITS
++	    memcpy(&server_in->sin_addr.s_addr, ip, 4);
++#else
++	    memcpy(&server_in->sin_addr, ip, 4);
++#endif
++    }
++#if OPENSSL_USE_IPV6
++    else {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	memset(server_in6, 0, sizeof(struct sockaddr_in6));
++	server_in6->sin6_family = AF_INET6;
++	server_in6->sin6_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in6->sin6_addr = in6addr_any;
++	else
++	    memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
++    }
++#endif
++    if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
+ # ifndef OPENSSL_SYS_WINDOWS
+         perror("bind");
+ # endif
+@@ -378,16 +456,24 @@ static int init_server_long(int *sock, i
+     return (ret);
+ }
+ 
+-static int init_server(int *sock, int port, int type)
++static int init_server(int *sock, int port, int type,
++			int use_ipv4, int use_ipv6)
+ {
+-    return (init_server_long(sock, port, NULL, type));
++    return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
+ }
+ 
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+     int ret;
+     struct hostent *h1, *h2;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage from;
++    struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
++    struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
++#else
+     static struct sockaddr_in from;
++    struct sockaddr_in *from_in = &from;
++#endif
+     int len;
+ /*      struct linger ling; */
+ 
+@@ -437,14 +523,24 @@ static int do_accept(int acc_sock, int *
+ 
+     if (host == NULL)
+         goto end;
++#if OPENSSL_USE_IPV6
++    if (from.ss_family == AF_INET)
++#else
++    if (from.sin_family == AF_INET)
++#endif
+ # ifndef BIT_FIELD_LIMITS
+     /* I should use WSAAsyncGetHostByName() under windows */
+-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+-                       sizeof(from.sin_addr.s_addr), AF_INET);
++    h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
++                       sizeof(from_in->sin_addr.s_addr), AF_INET);
+ # else
+-    h1 = gethostbyaddr((char *)&from.sin_addr,
++    h1 = gethostbyaddr((char *)&from_in->sin_addr,
+                        sizeof(struct in_addr), AF_INET);
+ # endif
++#if OPENSSL_USE_IPV6
++    else
++	h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
++			    sizeof(struct in6_addr), AF_INET6);
++#endif
+     if (h1 == NULL) {
+         BIO_printf(bio_err, "bad gethostbyaddr\n");
+         *host = NULL;
+@@ -457,14 +553,23 @@ static int do_accept(int acc_sock, int *
+         }
+         BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
+ 
+-        h2 = GetHostByName(*host);
++#if OPENSSL_USE_IPV6
++        h2 = GetHostByName(*host, from.ss_family);
++#else
++	h2 = GetHostByName(*host, from.sin_family);
++#endif
++	
+         if (h2 == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             closesocket(ret);
+             return (0);
+         }
+-        if (h2->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++#if OPENSSL_USE_IPV6
++        if (h2->h_addrtype != from.ss_family) {
++#else
++	if (h2->h_addrtype != from.sin_family) {
++#endif
++            BIO_printf(bio_err, "gethostbyname addr address is not correct\n");
+             closesocket(ret);
+             return (0);
+         }
+@@ -480,14 +585,14 @@ int extract_host_port(char *str, char **
+     char *h, *p;
+ 
+     h = str;
+-    p = strchr(str, ':');
++    p = strrchr(str, ':');
+     if (p == NULL) {
+         BIO_printf(bio_err, "no port defined\n");
+         return (0);
+     }
+     *(p++) = '\0';
+ 
+-    if ((ip != NULL) && !host_ip(str, ip))
++    if ((ip != NULL) && !host_ip(str, ip, AF_INET))
+         goto err;
+     if (host_ptr != NULL)
+         *host_ptr = h;
+@@ -499,44 +604,54 @@ int extract_host_port(char *str, char **
+     return (0);
+ }
+ 
+-static int host_ip(char *str, unsigned char ip[4])
++static int host_ip(char *str, unsigned char *ip, int domain)
+ {
+     unsigned int in[4];
++    unsigned long l;
+     int i;
+ 
+-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
+-        4) {
++    if ((domain == AF_INET) &&
++	(sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
++        4)) {
+         for (i = 0; i < 4; i++)
+             if (in[i] > 255) {
+                 BIO_printf(bio_err, "invalid IP address\n");
+                 goto err;
+             }
+-        ip[0] = in[0];
+-        ip[1] = in[1];
+-        ip[2] = in[2];
+-        ip[3] = in[3];
+-    } else {                    /* do a gethostbyname */
++        l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
++        memcpy(ip, &l, 4);
++        return 1;
++    }
++#if OPENSSL_USE_IPV6
++    else if ((domain == AF_INET6) &&
++	    (inet_pton(AF_INET6, str, ip) == 1))
++	    return 1;
++#endif
++    else {                    /* do a gethostbyname */
+         struct hostent *he;
+ 
+         if (!ssl_sock_init())
+             return (0);
+ 
+-        he = GetHostByName(str);
++        he = GetHostByName(str, domain);
+         if (he == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             goto err;
+         }
+         /* cast to short because of win16 winsock definition */
+-        if ((short)he->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++        if ((short)he->h_addrtype != domain) {
++            BIO_printf(bio_err, "gethostbyname addr family is not correct\n");
+             return (0);
+         }
+-        ip[0] = he->h_addr_list[0][0];
+-        ip[1] = he->h_addr_list[0][1];
+-        ip[2] = he->h_addr_list[0][2];
+-        ip[3] = he->h_addr_list[0][3];
++        if (domain == AF_INET)
++	    memset(ip, 0, 4);
++#if OPENSSL_USE_IPV6
++	else
++	    memset(ip, 0, 16);
++#endif
++	memcpy(ip, he->h_addr_list[0], he->h_length);
++	return 1;
+     }
+-    return (1);
+  err:
+     return (0);
+ }
+@@ -570,7 +685,7 @@ static struct ghbn_cache_st {
+ static unsigned long ghbn_hits = 0L;
+ static unsigned long ghbn_miss = 0L;
+ 
+-static struct hostent *GetHostByName(char *name)
++static struct hostent *GetHostByName(char *name, int domain)
+ {
+     struct hostent *ret;
+     int i, lowi = 0;
+@@ -582,13 +697,19 @@ static struct hostent *GetHostByName(cha
+             lowi = i;
+         }
+         if (ghbn_cache[i].order > 0) {
+-            if (strncmp(name, ghbn_cache[i].name, 128) == 0)
++            if ((strncmp(name, ghbn_cache[i].name, 128) == 0) &&
++        	(ghbn_cache[i].ent.h_addrtype == domain))
+                 break;
+         }
+     }
+     if (i == GHBN_NUM) {        /* no hit */
+         ghbn_miss++;
+-        ret = gethostbyname(name);
++        if (domain == AF_INET)
++	    ret = gethostbyname(name);
++#if OPENSSL_USE_IPV6
++	else
++	    ret=gethostbyname2(name, AF_INET6);
++#endif
+         if (ret == NULL)
+             return (NULL);
+         /* else add to cache */

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1m-parallel-build.patch

@@ -0,0 +1,364 @@
+http://rt.openssl.org/Ticket/Display.html?id=2084
+
+--- openssl-1.0.1m/crypto/Makefile
++++ openssl-1.0.1m/crypto/Makefile
+@@ -85,11 +85,11 @@
+ 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+-	@target=files; $(RECURSIVE_MAKE)
++	+@target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+ 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:	$(LIB)
+ 	@touch lib
+-$(LIB):	$(LIBOBJ)
++$(LIB):	$(LIBOBJ) | subdirs
+ 	$(AR) $(LIB) $(LIBOBJ)
+ 	[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ 	$(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ 	fi
+ 
+ libs:
+-	@target=lib; $(RECURSIVE_MAKE)
++	+@target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+ 	@target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.1m/crypto/objects/Makefile
++++ openssl-1.0.1m/crypto/objects/Makefile
+@@ -44,11 +44,11 @@
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+-	@sleep 1; touch obj_mac.h; sleep 1
+ 
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+-	@sleep 1; touch obj_xref.h; sleep 1
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+--- openssl-1.0.1m/engines/Makefile
++++ openssl-1.0.1m/engines/Makefile
+@@ -72,7 +72,7 @@
+ 
+ all:	lib subdirs
+ 
+-lib:	$(LIBOBJ)
++lib:	$(LIBOBJ) | subdirs
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+ 		for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+ 	echo $(EDIRS)
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+ 	ctags $(SRC)
+--- openssl-1.0.1m/Makefile.org
++++ openssl-1.0.1m/Makefile.org
+@@ -273,17 +273,17 @@
+ build_libs: build_crypto build_ssl build_engines
+ 
+ build_crypto:
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
++	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
++build_ssl: build_crypto
++	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
++build_engines: build_crypto
++	+@dir=engines; target=all; $(BUILD_ONE_CMD)
++build_apps: build_libs
++	+@dir=apps; target=all; $(BUILD_ONE_CMD)
++build_tests: build_libs
++	+@dir=test; target=all; $(BUILD_ONE_CMD)
++build_tools: build_libs
++	+@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -538,9 +538,9 @@
+ dist_pem_h:
+ 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ 
+-install: all install_docs install_sw
++install: install_docs install_sw
+ 
+-install_sw:
++install_dirs:
+ 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -549,12 +549,19 @@
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
++	@$(PERL) $(TOP)/util/mkdir-p.pl \
++		$(INSTALL_PREFIX)$(MANDIR)/man1 \
++		$(INSTALL_PREFIX)$(MANDIR)/man3 \
++		$(INSTALL_PREFIX)$(MANDIR)/man5 \
++		$(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ 	do \
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
++	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+@@ -634,12 +641,7 @@
+ 		done; \
+ 	done
+ 
+-install_docs:
+-	@$(PERL) $(TOP)/util/mkdir-p.pl \
+-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ 	here="`pwd`"; \
+ 	filecase=; \
+--- openssl-1.0.1m/Makefile.shared
++++ openssl-1.0.1m/Makefile.shared
+@@ -105,6 +105,7 @@
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ 			done; \
+ 		fi; \
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ 		fi; \
+--- openssl-1.0.1m/test/Makefile
++++ openssl-1.0.1m/test/Makefile
+@@ -130,7 +130,7 @@
+ tags:
+ 	ctags $(SRC)
+ 
+-tests:	exe apps $(TESTS)
++tests:	exe $(TESTS)
+ 
+ apps:
+ 	@(cd ..; $(MAKE) DIRS=apps all)
+@@ -388,118 +388,118 @@
+ 		link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-	@target=$(RSATEST); $(BUILD_CMD)
++	+@target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-	@target=$(BNTEST); $(BUILD_CMD)
++	+@target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-	@target=$(ECTEST); $(BUILD_CMD)
++	+@target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-	@target=$(EXPTEST); $(BUILD_CMD)
++	+@target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-	@target=$(IDEATEST); $(BUILD_CMD)
++	+@target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-	@target=$(MD2TEST); $(BUILD_CMD)
++	+@target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-	@target=$(SHATEST); $(BUILD_CMD)
++	+@target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA1TEST); $(BUILD_CMD)
++	+@target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA256TEST); $(BUILD_CMD)
++	+@target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA512TEST); $(BUILD_CMD)
++	+@target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-	@target=$(RMDTEST); $(BUILD_CMD)
++	+@target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-	@target=$(MDC2TEST); $(BUILD_CMD)
++	+@target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-	@target=$(MD4TEST); $(BUILD_CMD)
++	+@target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-	@target=$(MD5TEST); $(BUILD_CMD)
++	+@target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-	@target=$(HMACTEST); $(BUILD_CMD)
++	+@target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-	@target=$(WPTEST); $(BUILD_CMD)
++	+@target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-	@target=$(RC2TEST); $(BUILD_CMD)
++	+@target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-	@target=$(BFTEST); $(BUILD_CMD)
++	+@target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-	@target=$(CASTTEST); $(BUILD_CMD)
++	+@target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-	@target=$(RC4TEST); $(BUILD_CMD)
++	+@target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-	@target=$(RC5TEST); $(BUILD_CMD)
++	+@target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-	@target=$(DESTEST); $(BUILD_CMD)
++	+@target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-	@target=$(RANDTEST); $(BUILD_CMD)
++	+@target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-	@target=$(DHTEST); $(BUILD_CMD)
++	+@target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-	@target=$(DSATEST); $(BUILD_CMD)
++	+@target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-	@target=$(METHTEST); $(BUILD_CMD)
++	+@target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
++	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-	@target=$(ENGINETEST); $(BUILD_CMD)
++	+@target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-	@target=$(EVPTEST); $(BUILD_CMD)
++	+@target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+-	@target=$(EVPEXTRATEST); $(BUILD_CMD)
++	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-	@target=$(ECDSATEST); $(BUILD_CMD)
++	+@target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-	@target=$(ECDHTEST); $(BUILD_CMD)
++	+@target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-	@target=$(IGETEST); $(BUILD_CMD)
++	+@target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-	@target=$(JPAKETEST); $(BUILD_CMD)
++	+@target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-	@target=$(ASN1TEST); $(BUILD_CMD)
++	+@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-	@target=$(SRPTEST); $(BUILD_CMD)
++	+@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+-	@target=$(CONSTTIMETEST) $(BUILD_CMD)
++	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -512,7 +512,7 @@
+ #	fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-	@target=dummytest; $(BUILD_CMD)
++	+@target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1m-s_client-verify.patch

@@ -0,0 +1,21 @@
+https://bugs.gentoo.org/472584
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
+
+fix verification handling in s_client.  when loading paths, make sure
+we properly fallback to setting the default paths.
+
+Forward-ported from openssl-1.0.1e-s_client-verify.patch
+
+Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+--- openssl-1.0.1m/apps/s_client.c
++++ openssl-1.0.1m/apps/s_client.c
+@@ -1177,7 +1177,7 @@ int MAIN(int argc, char **argv)
+     if (!set_cert_key_stuff(ctx, cert, key))
+         goto end;
+ 
+-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
++    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
+         (!SSL_CTX_set_default_verify_paths(ctx))) {
+         /*
+          * BIO_printf(bio_err,"error setting default verify locations\n");

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1m-x32.patch

@@ -0,0 +1,66 @@
+--- openssl-1.0.1m/Configure
++++ openssl-1.0.1m/Configure
+@@ -361,6 +361,7 @@ my %table=(
+ "linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
++"linux-x32",	"gcc:-DL_ENDIAN -DTERMIO -O2 -pipe -g -feliminate-unused-debug-types -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+ #### So called "highgprs" target for z/Architecture CPUs
+ # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
+--- openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c
++++ openssl-1.0.1m/crypto/bn/asm/x86_64-gcc.c
+@@ -55,7 +55,7 @@
+  *    machine.
+  */
+ 
+-# ifdef _WIN64
++# if defined _WIN64 || !defined __LP64__
+ #  define BN_ULONG unsigned long long
+ # else
+ #  define BN_ULONG unsigned long
+@@ -211,9 +211,9 @@ BN_ULONG bn_add_words(BN_ULONG *rp, cons
+ 
+     asm volatile ("       subq    %2,%2           \n"
+                   ".p2align 4                     \n"
+-                  "1:     movq    (%4,%2,8),%0    \n"
+-                  "       adcq    (%5,%2,8),%0    \n"
+-                  "       movq    %0,(%3,%2,8)    \n"
++                  "1:     movq    (%q4,%2,8),%0   \n"
++                  "       adcq    (%q5,%2,8),%0   \n"
++                  "       movq    %0,(%q3,%2,8)   \n"
+                   "       leaq    1(%2),%2        \n"
+                   "       loop    1b              \n"
+                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n),
+@@ -235,9 +235,9 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, cons
+ 
+     asm volatile ("       subq    %2,%2           \n"
+                   ".p2align 4                     \n"
+-                  "1:     movq    (%4,%2,8),%0    \n"
+-                  "       sbbq    (%5,%2,8),%0    \n"
+-                  "       movq    %0,(%3,%2,8)    \n"
++                  "1:     movq    (%q4,%2,8),%0   \n"
++                  "       sbbq    (%q5,%2,8),%0   \n"
++                  "       movq    %0,(%q3,%2,8)   \n"
+                   "       leaq    1(%2),%2        \n"
+                   "       loop    1b              \n"
+                   "       sbbq    %0,%0           \n":"=&a" (ret), "+c"(n),
+--- openssl-1.0.1m/crypto/bn/bn.h
++++ openssl-1.0.1m/crypto/bn/bn.h
+@@ -174,6 +174,16 @@ extern "C" {
+ # endif
+ 
+ /*
++ * Address type.
++ */
++#ifdef _WIN64
++#define BN_ADDR unsigned long long
++#else
++#define BN_ADDR unsigned long
++#endif
++
++
++/*
+  * assuming long is 64bit - this is the DEC Alpha unsigned long long is only
+  * 64 bits :-(, don't define BN_LLONG for the DEC Alpha
+  */

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0209.patch

@@ -0,0 +1,49 @@
+https://bugs.gentoo.org/541502
+
+From 1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Mon, 9 Feb 2015 11:38:41 +0000
+Subject: [PATCH] Fix a failure to NULL a pointer freed on error.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Inspired by BoringSSL commit 517073cd4b by Eric Roman <eroman@chromium.org>
+
+CVE-2015-0209
+
+Reviewed-by: Emilia Käsper <emilia@openssl.org>
+---
+ crypto/ec/ec_asn1.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 30b7df4..d3e8316 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -1014,8 +1014,6 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+             ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+             goto err;
+         }
+-        if (a)
+-            *a = ret;
+     } else
+         ret = *a;
+ 
+@@ -1067,10 +1065,12 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+         }
+     }
+ 
++    if (a)
++        *a = ret;
+     ok = 1;
+  err:
+     if (!ok) {
+-        if (ret)
++        if (ret && (a == NULL || *a != ret))
+             EC_KEY_free(ret);
+         ret = NULL;
+     }
+-- 
+2.3.1
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0288.patch

@@ -0,0 +1,31 @@
+https://bugs.gentoo.org/542038
+
+From 28a00bcd8e318da18031b2ac8778c64147cd54f9 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" <steve@openssl.org>
+Date: Wed, 18 Feb 2015 00:34:59 +0000
+Subject: [PATCH] Check public key is not NULL.
+
+CVE-2015-0288
+PR#3708
+
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ crypto/x509/x509_req.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/crypto/x509/x509_req.c b/crypto/x509/x509_req.c
+index bc6e566..01795f4 100644
+--- a/crypto/x509/x509_req.c
++++ b/crypto/x509/x509_req.c
+@@ -92,6 +92,8 @@ X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
+         goto err;
+ 
+     pktmp = X509_get_pubkey(x);
++    if (pktmp == NULL)
++        goto err;
+     i = X509_REQ_set_pubkey(ret, pktmp);
+     EVP_PKEY_free(pktmp);
+     if (!i)
+-- 
+2.3.1
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-CVE-2015-0291.patch

@@ -0,0 +1,459 @@
+--- openssl-1.0.2/crypto/asn1/a_type.c
++++ openssl-1.0.2/crypto/asn1/a_type.c
+@@ -119,6 +119,9 @@
+     case V_ASN1_OBJECT:
+         result = OBJ_cmp(a->value.object, b->value.object);
+         break;
++    case V_ASN1_BOOLEAN:
++        result = a->value.boolean - b->value.boolean;
++        break;
+     case V_ASN1_NULL:
+         result = 0;             /* They do not have content. */
+         break;
+--- openssl-1.0.2/crypto/asn1/tasn_dec.c
++++ openssl-1.0.2/crypto/asn1/tasn_dec.c
+@@ -140,11 +140,17 @@
+ {
+     ASN1_TLC c;
+     ASN1_VALUE *ptmpval = NULL;
+-    if (!pval)
+-        pval = &ptmpval;
+     asn1_tlc_clear_nc(&c);
+-    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+-        return *pval;
++    if (pval && *pval && it->itype == ASN1_ITYPE_PRIMITIVE)
++        ptmpval = *pval;
++    if (ASN1_item_ex_d2i(&ptmpval, in, len, it, -1, 0, 0, &c) > 0) {
++        if (pval && it->itype != ASN1_ITYPE_PRIMITIVE) {
++            if (*pval)
++                ASN1_item_free(*pval, it);
++            *pval = ptmpval;
++        }
++        return ptmpval;
++    }
+     return NULL;
+ }
+ 
+@@ -304,9 +310,16 @@
+     case ASN1_ITYPE_CHOICE:
+         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+             goto auxerr;
+-
+-        /* Allocate structure */
+-        if (!*pval && !ASN1_item_ex_new(pval, it)) {
++        if (*pval) {
++            /* Free up and zero CHOICE value if initialised */
++            i = asn1_get_choice_selector(pval, it);
++            if ((i >= 0) && (i < it->tcount)) {
++                tt = it->templates + i;
++                pchptr = asn1_get_field_ptr(pval, tt);
++                ASN1_template_free(pchptr, tt);
++                asn1_set_choice_selector(pval, -1, it);
++            }
++        } else if (!ASN1_item_ex_new(pval, it)) {
+             ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+             goto err;
+         }
+@@ -386,6 +399,17 @@
+         if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
+             goto auxerr;
+ 
++        /* Free up and zero any ADB found */
++        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
++            if (tt->flags & ASN1_TFLG_ADB_MASK) {
++                const ASN1_TEMPLATE *seqtt;
++                ASN1_VALUE **pseqval;
++                seqtt = asn1_do_adb(pval, tt, 1);
++                pseqval = asn1_get_field_ptr(pval, seqtt);
++                ASN1_template_free(pseqval, seqtt);
++            }
++        }
++
+         /* Get each field entry */
+         for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+             const ASN1_TEMPLATE *seqtt;
+--- openssl-1.0.2/crypto/pkcs7/pk7_doit.c
++++ openssl-1.0.2/crypto/pkcs7/pk7_doit.c
+@@ -261,6 +261,25 @@
+     PKCS7_RECIP_INFO *ri = NULL;
+     ASN1_OCTET_STRING *os = NULL;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
++        return NULL;
++    }
++    /*
++     * The content field in the PKCS7 ContentInfo is optional, but that really
++     * only applies to inner content (precisely, detached signatures).
++     *
++     * When reading content, missing outer content is therefore treated as an
++     * error.
++     *
++     * When creating content, PKCS7_content_new() must be called before
++     * calling this method, so a NULL p7->d is always an error.
++     */
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
++        return NULL;
++    }
++
+     i = OBJ_obj2nid(p7->type);
+     p7->state = PKCS7_S_HEADER;
+ 
+@@ -411,6 +430,16 @@
+     unsigned char *ek = NULL, *tkey = NULL;
+     int eklen = 0, tkeylen = 0;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
++        return NULL;
++    }
++
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
++        return NULL;
++    }
++
+     i = OBJ_obj2nid(p7->type);
+     p7->state = PKCS7_S_HEADER;
+ 
+@@ -707,6 +736,16 @@
+     STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+     ASN1_OCTET_STRING *os = NULL;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
++        return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
++        return 0;
++    }
++
+     EVP_MD_CTX_init(&ctx_tmp);
+     i = OBJ_obj2nid(p7->type);
+     p7->state = PKCS7_S_HEADER;
+@@ -746,6 +785,7 @@
+         /* If detached data then the content is excluded */
+         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+             M_ASN1_OCTET_STRING_free(os);
++            os = NULL;
+             p7->d.sign->contents->d.data = NULL;
+         }
+         break;
+@@ -755,6 +795,7 @@
+         /* If detached data then the content is excluded */
+         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+             M_ASN1_OCTET_STRING_free(os);
++            os = NULL;
+             p7->d.digest->contents->d.data = NULL;
+         }
+         break;
+@@ -820,22 +861,30 @@
+         M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+     }
+ 
+-    if (!PKCS7_is_detached(p7) && !(os->flags & ASN1_STRING_FLAG_NDEF)) {
+-        char *cont;
+-        long contlen;
+-        btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+-        if (btmp == NULL) {
+-            PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+-            goto err;
+-        }
+-        contlen = BIO_get_mem_data(btmp, &cont);
++    if (!PKCS7_is_detached(p7)) {
+         /*
+-         * Mark the BIO read only then we can use its copy of the data
+-         * instead of making an extra copy.
++         * NOTE(emilia): I think we only reach os == NULL here because detached
++         * digested data support is broken.
+          */
+-        BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+-        BIO_set_mem_eof_return(btmp, 0);
+-        ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++        if (os == NULL)
++            goto err;
++        if (!(os->flags & ASN1_STRING_FLAG_NDEF)) {
++            char *cont;
++            long contlen;
++            btmp = BIO_find_type(bio, BIO_TYPE_MEM);
++            if (btmp == NULL) {
++                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
++                goto err;
++            }
++            contlen = BIO_get_mem_data(btmp, &cont);
++            /*
++             * Mark the BIO read only then we can use its copy of the data
++             * instead of making an extra copy.
++             */
++            BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
++            BIO_set_mem_eof_return(btmp, 0);
++            ASN1_STRING_set0(os, (unsigned char *)cont, contlen);
++        }
+     }
+     ret = 1;
+  err:
+@@ -910,6 +959,16 @@
+     STACK_OF(X509) *cert;
+     X509 *x509;
+ 
++    if (p7 == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
++        return 0;
++    }
++
++    if (p7->d.ptr == NULL) {
++        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
++        return 0;
++    }
++
+     if (PKCS7_type_is_signed(p7)) {
+         cert = p7->d.sign->cert;
+     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+--- openssl-1.0.2/crypto/pkcs7/pk7_lib.c
++++ openssl-1.0.2/crypto/pkcs7/pk7_lib.c
+@@ -70,6 +70,7 @@
+     nid = OBJ_obj2nid(p7->type);
+ 
+     switch (cmd) {
++    /* NOTE(emilia): does not support detached digested data. */
+     case PKCS7_OP_SET_DETACHED_SIGNATURE:
+         if (nid == NID_pkcs7_signed) {
+             ret = p7->detached = (int)larg;
+@@ -444,6 +445,8 @@
+ 
+ STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
+ {
++    if (p7 == NULL || p7->d.ptr == NULL)
++        return NULL;
+     if (PKCS7_type_is_signed(p7)) {
+         return (p7->d.sign->signer_info);
+     } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+--- openssl-1.0.2/crypto/rsa/rsa_ameth.c
++++ openssl-1.0.2/crypto/rsa/rsa_ameth.c
+@@ -698,9 +698,10 @@
+         RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+         return -1;
+     }
+-    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey))
++    if (rsa_pss_to_ctx(ctx, NULL, sigalg, pkey) > 0) {
+         /* Carry on */
+         return 2;
++    }
+     return -1;
+ }
+ 
+--- openssl-1.0.2/doc/crypto/d2i_X509.pod
++++ openssl-1.0.2/doc/crypto/d2i_X509.pod
+@@ -207,6 +207,12 @@
+ persist if they are not present in the new one. As a result the use
+ of this "reuse" behaviour is strongly discouraged.
+ 
++Current versions of OpenSSL will not modify B<*px> if an error occurs.
++If parsing succeeds then B<*px> is freed (if it is not NULL) and then
++set to the value of the newly decoded structure. As a result B<*px>
++B<must not> be allocated on the stack or an attempt will be made to
++free an invalid pointer.
++
+ i2d_X509() will not return an error in many versions of OpenSSL,
+ if mandatory fields are not initialized due to a programming error
+ then the encoded structure may contain invalid data or omit the
+@@ -233,7 +239,9 @@
+ 
+ d2i_X509(), d2i_X509_bio() and d2i_X509_fp() return a valid B<X509> structure
+ or B<NULL> if an error occurs. The error code that can be obtained by
+-L<ERR_get_error(3)|ERR_get_error(3)>. 
++L<ERR_get_error(3)|ERR_get_error(3)>. If the "reuse" capability has been used
++with a valid X509 structure being passed in via B<px> then the object is not
++modified in the event of error.
+ 
+ i2d_X509() returns the number of bytes successfully encoded or a negative
+ value if an error occurs. The error code can be obtained by
+--- openssl-1.0.2/ssl/d1_lib.c
++++ openssl-1.0.2/ssl/d1_lib.c
+@@ -543,6 +543,9 @@
+ {
+     int ret;
+ 
++    /* Ensure there is no state left over from a previous invocation */
++    SSL_clear(s);
++
+     SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
+     s->d1->listen = 1;
+ 
+--- openssl-1.0.2/ssl/s2_lib.c
++++ openssl-1.0.2/ssl/s2_lib.c
+@@ -493,7 +493,7 @@
+ 
+         OPENSSL_assert(s->session->master_key_length >= 0
+                        && s->session->master_key_length
+-                       < (int)sizeof(s->session->master_key));
++                       <= (int)sizeof(s->session->master_key));
+         EVP_DigestUpdate(&ctx, s->session->master_key,
+                          s->session->master_key_length);
+         EVP_DigestUpdate(&ctx, &c, 1);
+--- openssl-1.0.2/ssl/s2_srvr.c
++++ openssl-1.0.2/ssl/s2_srvr.c
+@@ -454,11 +454,6 @@
+         SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_PRIVATEKEY);
+         return (-1);
+     }
+-    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
+-                                &(p[s->s2->tmp.clear]),
+-                                &(p[s->s2->tmp.clear]),
+-                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
+-                                RSA_PKCS1_PADDING);
+ 
+     is_export = SSL_C_IS_EXPORT(s->session->cipher);
+ 
+@@ -475,23 +470,61 @@
+     } else
+         ek = 5;
+ 
++    /*
++     * The format of the CLIENT-MASTER-KEY message is
++     * 1 byte message type
++     * 3 bytes cipher
++     * 2-byte clear key length (stored in s->s2->tmp.clear)
++     * 2-byte encrypted key length (stored in s->s2->tmp.enc)
++     * 2-byte key args length (IV etc)
++     * clear key
++     * encrypted key
++     * key args
++     *
++     * If the cipher is an export cipher, then the encrypted key bytes
++     * are a fixed portion of the total key (5 or 8 bytes). The size of
++     * this portion is in |ek|. If the cipher is not an export cipher,
++     * then the entire key material is encrypted (i.e., clear key length
++     * must be zero).
++     */
++    if ((!is_export && s->s2->tmp.clear != 0) ||
++        (is_export && s->s2->tmp.clear + ek != EVP_CIPHER_key_length(c))) {
++        ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_BAD_LENGTH);
++        return -1;
++    }
++    /*
++     * The encrypted blob must decrypt to the encrypted portion of the key.
++     * Decryption can't be expanding, so if we don't have enough encrypted
++     * bytes to fit the key in the buffer, stop now.
++     */
++    if ((is_export && s->s2->tmp.enc < ek) ||
++        (!is_export && s->s2->tmp.enc < EVP_CIPHER_key_length(c))) {
++        ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++        SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_LENGTH_TOO_SHORT);
++        return -1;
++    }
++
++    i = ssl_rsa_private_decrypt(s->cert, s->s2->tmp.enc,
++                                &(p[s->s2->tmp.clear]),
++                                &(p[s->s2->tmp.clear]),
++                                (s->s2->ssl2_rollback) ? RSA_SSLV23_PADDING :
++                                RSA_PKCS1_PADDING);
++
+     /* bad decrypt */
+ # if 1
+     /*
+      * If a bad decrypt, continue with protocol but with a random master
+      * secret (Bleichenbacher attack)
+      */
+-    if ((i < 0) || ((!is_export && (i != EVP_CIPHER_key_length(c)))
+-                    || (is_export && ((i != ek)
+-                                      || (s->s2->tmp.clear +
+-                                          (unsigned int)i != (unsigned int)
+-                                          EVP_CIPHER_key_length(c)))))) {
++    if ((i < 0) || ((!is_export && i != EVP_CIPHER_key_length(c))
++                    || (is_export && i != ek))) {
+         ERR_clear_error();
+         if (is_export)
+             i = ek;
+         else
+             i = EVP_CIPHER_key_length(c);
+-        if (RAND_pseudo_bytes(p, i) <= 0)
++        if (RAND_pseudo_bytes(&p[s->s2->tmp.clear], i) <= 0)
+             return 0;
+     }
+ # else
+@@ -513,7 +546,7 @@
+ # endif
+ 
+     if (is_export)
+-        i += s->s2->tmp.clear;
++        i = EVP_CIPHER_key_length(c);
+ 
+     if (i > SSL_MAX_MASTER_KEY_LENGTH) {
+         ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+--- openssl-1.0.2/ssl/s3_pkt.c
++++ openssl-1.0.2/ssl/s3_pkt.c
+@@ -780,7 +780,7 @@
+ 
+             i = ssl3_write_pending(s, type, &buf[tot], nw);
+             if (i <= 0) {
+-                if (i < 0) {
++                if (i < 0 && (!s->wbio || !BIO_should_retry(s->wbio))) {
+                     OPENSSL_free(wb->buf);
+                     wb->buf = NULL;
+                 }
+--- openssl-1.0.2/ssl/s3_srvr.c
++++ openssl-1.0.2/ssl/s3_srvr.c
+@@ -2251,10 +2251,17 @@
+     if (alg_k & (SSL_kEDH | SSL_kDHr | SSL_kDHd)) {
+         int idx = -1;
+         EVP_PKEY *skey = NULL;
+-        if (n)
++        if (n) {
+             n2s(p, i);
+-        else
++        } else {
++            if (alg_k & SSL_kDHE) {
++                al = SSL_AD_HANDSHAKE_FAILURE;
++                SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
++                       SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG);
++                goto f_err;
++            }
+             i = 0;
++        }
+         if (n && n != i + 2) {
+             if (!(s->options & SSL_OP_SSLEAY_080_CLIENT_DH_BUG)) {
+                 SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+--- openssl-1.0.2/ssl/t1_lib.c
++++ openssl-1.0.2/ssl/t1_lib.c
+@@ -2965,6 +2965,7 @@
+     if (s->cert->shared_sigalgs) {
+         OPENSSL_free(s->cert->shared_sigalgs);
+         s->cert->shared_sigalgs = NULL;
++        s->cert->shared_sigalgslen = 0;
+     }
+     /* Clear certificate digests and validity flags */
+     for (i = 0; i < SSL_PKEY_NUM; i++) {
+@@ -3618,6 +3619,7 @@
+     if (c->shared_sigalgs) {
+         OPENSSL_free(c->shared_sigalgs);
+         c->shared_sigalgs = NULL;
++        c->shared_sigalgslen = 0;
+     }
+     /* If client use client signature algorithms if not NULL */
+     if (!s->server && c->client_sigalgs && !is_suiteb) {
+@@ -3640,12 +3642,14 @@
+         preflen = c->peer_sigalgslen;
+     }
+     nmatch = tls12_do_shared_sigalgs(NULL, pref, preflen, allow, allowlen);
+-    if (!nmatch)
+-        return 1;
+-    salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
+-    if (!salgs)
+-        return 0;
+-    nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
++    if (nmatch) {
++        salgs = OPENSSL_malloc(nmatch * sizeof(TLS_SIGALGS));
++        if (!salgs)
++            return 0;
++        nmatch = tls12_do_shared_sigalgs(salgs, pref, preflen, allow, allowlen);
++    } else {
++        salgs = NULL;
++    }
+     c->shared_sigalgs = salgs;
+     c->shared_sigalgslen = nmatch;
+     return 1;

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch

@@ -0,0 +1,611 @@
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+
+--- openssl-1.0.2/apps/s_apps.h
++++ openssl-1.0.2/apps/s_apps.h
+@@ -154,7 +154,7 @@
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, int stype,
+                          unsigned char *context), unsigned char *context,
+-              int naccept);
++              int naccept, int use_ipv4, int use_ipv6);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -167,7 +167,8 @@
+ int ssl_print_curves(BIO *out, SSL *s, int noshared);
+ #endif
+ int ssl_print_tmp_key(BIO *out, SSL *s);
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, int port, int type,
++		int use_ipv4, int use_ipv6);
+ int should_retry(int i);
+ int extract_port(char *str, short *port_ptr);
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+--- openssl-1.0.2/apps/s_client.c
++++ openssl-1.0.2/apps/s_client.c
+@@ -302,6 +302,10 @@
+ {
+     BIO_printf(bio_err, "usage: s_client args\n");
+     BIO_printf(bio_err, "\n");
++    BIO_printf(bio_err, " -4             - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err, " -6             - use IPv6 only\n");
++#endif
+     BIO_printf(bio_err, " -host host     - use -connect instead\n");
+     BIO_printf(bio_err, " -port port     - use -connect instead\n");
+     BIO_printf(bio_err,
+@@ -658,6 +662,7 @@
+     int sbuf_len, sbuf_off;
+     fd_set readfds, writefds;
+     short port = PORT;
++    int use_ipv4, use_ipv6;
+     int full_log = 1;
+     char *host = SSL_HOST_NAME;
+     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
+@@ -709,7 +714,11 @@
+ #endif
+     char *sess_in = NULL;
+     char *sess_out = NULL;
+-    struct sockaddr peer;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage peer;
++#else
++    struct sockaddr_in peer;
++#endif
+     int peerlen = sizeof(peer);
+     int fallback_scsv = 0;
+     int enable_timeouts = 0;
+@@ -737,6 +746,12 @@
+ 
+     meth = SSLv23_client_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
+     apps_startup();
+     c_Pause = 0;
+     c_quiet = 0;
+@@ -1096,6 +1111,16 @@
+             jpake_secret = *++argv;
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -1421,7 +1446,7 @@
+ 
+  re_start:
+ 
+-    if (init_client(&s, host, port, socket_type) == 0) {
++    if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
+         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+         SHUTDOWN(s);
+         goto end;
+@@ -1444,7 +1469,7 @@
+     if (socket_type == SOCK_DGRAM) {
+ 
+         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+-        if (getsockname(s, &peer, (void *)&peerlen) < 0) {
++        if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
+             BIO_printf(bio_err, "getsockname:errno=%d\n",
+                        get_last_socket_error());
+             SHUTDOWN(s);
+--- openssl-1.0.2/apps/s_server.c
++++ openssl-1.0.2/apps/s_server.c
+@@ -643,6 +643,10 @@
+     BIO_printf(bio_err,
+                " -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
+ #endif
++    BIO_printf(bio_err, " -4            - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err, " -6            - use IPv6 only\n");
++#endif
+     BIO_printf(bio_err,
+                " -keymatexport label   - Export keying material using label\n");
+     BIO_printf(bio_err,
+@@ -1070,6 +1074,7 @@
+     int state = 0;
+     const SSL_METHOD *meth = NULL;
+     int socket_type = SOCK_STREAM;
++    int use_ipv4, use_ipv6;
+     ENGINE *e = NULL;
+     char *inrand = NULL;
+     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+@@ -1111,6 +1116,12 @@
+ 
+     meth = SSLv23_server_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
+     local_argc = argc;
+     local_argv = argv;
+ 
+@@ -1503,6 +1514,16 @@
+             jpake_secret = *(++argv);
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -2023,13 +2044,13 @@
+     (void)BIO_flush(bio_s_out);
+     if (rev)
+         do_server(port, socket_type, &accept_socket, rev_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     else if (www)
+         do_server(port, socket_type, &accept_socket, www_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     else
+         do_server(port, socket_type, &accept_socket, sv_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     print_stats(bio_s_out, ctx);
+     ret = 0;
+  end:
+--- openssl-1.0.2/apps/s_socket.c
++++ openssl-1.0.2/apps/s_socket.c
+@@ -101,16 +101,16 @@
+ #  include "netdb.h"
+ # endif
+ 
+-static struct hostent *GetHostByName(char *name);
++static struct hostent *GetHostByName(char *name, int domain);
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ static void ssl_sock_cleanup(void);
+ # endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port, char *ip, int type);
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
+ static int do_accept(int acc_sock, int *sock, char **host);
+-static int host_ip(char *str, unsigned char ip[4]);
++static int host_ip(char *str, unsigned char *ip, int domain);
+ 
+ # ifdef OPENSSL_SYS_WIN16
+ #  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
+@@ -231,38 +231,68 @@
+     return (1);
+ }
+ 
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
+ {
++# if OPENSSL_USE_IPV6
++    unsigned char ip[16];
++# else
+     unsigned char ip[4];
++# endif
+ 
+-    memset(ip, '\0', sizeof ip);
+-    if (!host_ip(host, &(ip[0])))
+-        return 0;
+-    return init_client_ip(sock, ip, port, type);
+-}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-{
+-    unsigned long addr;
++    if (use_ipv4)
++	if (host_ip(host, ip, AF_INET))
++	    return(init_client_ip(sock, ip, port, type, AF_INET));
++# if OPENSSL_USE_IPV6
++    if (use_ipv6)
++	if (host_ip(host, ip, AF_INET6))
++	    return(init_client_ip(sock, ip, port, type, AF_INET6));
++# endif
++    return 0;
++}
++
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
++{
++# if OPENSSL_USE_IPV6
++    struct sockaddr_storage them;
++    struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
++    struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
++# else
+     struct sockaddr_in them;
++    struct sockaddr_in *them_in = &them;
++# endif
++    socklen_t addr_len;
+     int s, i;
+ 
+     if (!ssl_sock_init())
+         return (0);
+ 
+     memset((char *)&them, 0, sizeof(them));
+-    them.sin_family = AF_INET;
+-    them.sin_port = htons((unsigned short)port);
+-    addr = (unsigned long)
+-        ((unsigned long)ip[0] << 24L) |
+-        ((unsigned long)ip[1] << 16L) |
+-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+-    them.sin_addr.s_addr = htonl(addr);
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	them_in->sin_family=AF_INET;
++	them_in->sin_port=htons((unsigned short)port);
++# ifndef BIT_FIELD_LIMITS
++	memcpy(&them_in->sin_addr.s_addr, ip, 4);
++# else
++	memcpy(&them_in->sin_addr, ip, 4);
++# endif
++    }
++    else
++# if OPENSSL_USE_IPV6
++    {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	them_in6->sin6_family=AF_INET6;
++	them_in6->sin6_port=htons((unsigned short)port);
++	memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
++    }
++# else
++	return(0);
++# endif
+ 
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++        s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+     else                        /* ( type == SOCK_DGRAM) */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++        s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET) {
+         perror("socket");
+@@ -280,7 +310,7 @@
+     }
+ # endif
+ 
+-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
++    if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
+         closesocket(s);
+         perror("connect");
+         return (0);
+@@ -292,14 +322,14 @@
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, int stype,
+                          unsigned char *context), unsigned char *context,
+-              int naccept)
++              int naccept, int use_ipv4, int use_ipv6)
+ {
+     int sock;
+     char *name = NULL;
+     int accept_socket = 0;
+     int i;
+ 
+-    if (!init_server(&accept_socket, port, type))
++    if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
+         return (0);
+ 
+     if (ret != NULL) {
+@@ -328,32 +358,41 @@
+     }
+ }
+ 
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
+ {
+     int ret = 0;
++    int domain;
++# if OPENSSL_USE_IPV6
++    struct sockaddr_storage server;
++    struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
++    struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
++# else
+     struct sockaddr_in server;
++    struct sockaddr_in *server_in = &server;
++# endif
++    socklen_t addr_len;
+     int s = -1;
+ 
++    if (!use_ipv4 && !use_ipv6)
++	goto err;
++# if OPENSSL_USE_IPV6
++    /* we are fine here */
++# else
++    if (use_ipv6)
++	goto err;
++# endif
+     if (!ssl_sock_init())
+         return (0);
+ 
+-    memset((char *)&server, 0, sizeof(server));
+-    server.sin_family = AF_INET;
+-    server.sin_port = htons((unsigned short)port);
+-    if (ip == NULL)
+-        server.sin_addr.s_addr = INADDR_ANY;
+-    else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-# ifndef BIT_FIELD_LIMITS
+-        memcpy(&server.sin_addr.s_addr, ip, 4);
++#if OPENSSL_USE_IPV6
++    domain = use_ipv6 ? AF_INET6 : AF_INET;
+ # else
+-        memcpy(&server.sin_addr, ip, 4);
++    domain = AF_INET;
+ # endif
+-
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+-    else                        /* type == SOCK_DGRAM */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++	s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
++    else /* type == SOCK_DGRAM */
++	s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET)
+         goto err;
+@@ -363,7 +402,42 @@
+         setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+     }
+ # endif
+-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
++# if OPENSSL_USE_IPV6
++    if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
++	const int on = 1;
++
++	setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++		    (const void *) &on, sizeof(int));
++    }
++# endif
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	memset(server_in, 0, sizeof(struct sockaddr_in));
++	server_in->sin_family=AF_INET;
++	server_in->sin_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in->sin_addr.s_addr = htonl(INADDR_ANY);
++	else
++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
++# ifndef BIT_FIELD_LIMITS
++	    memcpy(&server_in->sin_addr.s_addr, ip, 4);
++# else
++	    memcpy(&server_in->sin_addr, ip, 4);
++# endif
++    }
++# if OPENSSL_USE_IPV6
++    else {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	memset(server_in6, 0, sizeof(struct sockaddr_in6));
++	server_in6->sin6_family = AF_INET6;
++	server_in6->sin6_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in6->sin6_addr = in6addr_any;
++	else
++	    memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
++    }
++# endif
++    if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
+ # ifndef OPENSSL_SYS_WINDOWS
+         perror("bind");
+ # endif
+@@ -381,16 +455,23 @@
+     return (ret);
+ }
+ 
+-static int init_server(int *sock, int port, int type)
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
+ {
+-    return (init_server_long(sock, port, NULL, type));
++    return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
+ }
+ 
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+     int ret;
+     struct hostent *h1, *h2;
+-    static struct sockaddr_in from;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage from;
++    struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
++    struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
++#else
++    struct sockaddr_in from;
++    struct sockaddr_in *from_in = &from;
++#endif
+     int len;
+ /*      struct linger ling; */
+ 
+@@ -440,14 +521,25 @@
+ 
+     if (host == NULL)
+         goto end;
++# if OPENSSL_USE_IPV6
++    if (from.ss_family == AF_INET)
++# else
++    if (from.sin_family == AF_INET)
++# endif
+ # ifndef BIT_FIELD_LIMITS
+-    /* I should use WSAAsyncGetHostByName() under windows */
+-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+-                       sizeof(from.sin_addr.s_addr), AF_INET);
++	/* I should use WSAAsyncGetHostByName() under windows */
++	h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
++                	    sizeof(from_in->sin_addr.s_addr), AF_INET);
+ # else
+-    h1 = gethostbyaddr((char *)&from.sin_addr,
+-                       sizeof(struct in_addr), AF_INET);
++	h1 = gethostbyaddr((char *)&from_in->sin_addr,
++            		    sizeof(struct in_addr), AF_INET);
++# endif
++# if OPENSSL_USE_IPV6
++    else
++	h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
++			    sizeof(struct in6_addr), AF_INET6);
+ # endif
++	    
+     if (h1 == NULL) {
+         BIO_printf(bio_err, "bad gethostbyaddr\n");
+         *host = NULL;
+@@ -460,14 +552,22 @@
+         }
+         BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
+ 
+-        h2 = GetHostByName(*host);
++# if OPENSSL_USE_IPV6
++	h2=GetHostByName(*host, from.ss_family);
++# else
++	h2=GetHostByName(*host, from.sin_family);
++# endif
+         if (h2 == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             closesocket(ret);
+             return (0);
+         }
+-        if (h2->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++# if OPENSSL_USE_IPV6
++	if (h2->h_addrtype != from.ss_family) {
++# else
++	if (h2->h_addrtype != from.sin_family) {
++# endif
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+             closesocket(ret);
+             return (0);
+         }
+@@ -483,14 +583,14 @@
+     char *h, *p;
+ 
+     h = str;
+-    p = strchr(str, ':');
++    p = strrchr(str, ':');
+     if (p == NULL) {
+         BIO_printf(bio_err, "no port defined\n");
+         return (0);
+     }
+     *(p++) = '\0';
+ 
+-    if ((ip != NULL) && !host_ip(str, ip))
++    if ((ip != NULL) && !host_ip(str, ip, AF_INET))
+         goto err;
+     if (host_ptr != NULL)
+         *host_ptr = h;
+@@ -502,44 +602,51 @@
+     return (0);
+ }
+ 
+-static int host_ip(char *str, unsigned char ip[4])
++static int host_ip(char *str, unsigned char *ip, int domain)
+ {
+     unsigned int in[4];
++    unsigned long l;
+     int i;
+ 
+-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
+-        4) {
++    if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
+         for (i = 0; i < 4; i++)
+             if (in[i] > 255) {
+                 BIO_printf(bio_err, "invalid IP address\n");
+                 goto err;
+             }
+-        ip[0] = in[0];
+-        ip[1] = in[1];
+-        ip[2] = in[2];
+-        ip[3] = in[3];
+-    } else {                    /* do a gethostbyname */
++	l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
++	memcpy(ip, &l, 4);
++	return 1;
++    }
++# if OPENSSL_USE_IPV6
++    else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
++	return 1;
++# endif
++    else {                    /* do a gethostbyname */
+         struct hostent *he;
+ 
+         if (!ssl_sock_init())
+             return (0);
+ 
+-        he = GetHostByName(str);
++        he = GetHostByName(str, domain);
+         if (he == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             goto err;
+         }
+         /* cast to short because of win16 winsock definition */
+-        if ((short)he->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++        if ((short)he->h_addrtype != domain) {
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+             return (0);
+         }
+-        ip[0] = he->h_addr_list[0][0];
+-        ip[1] = he->h_addr_list[0][1];
+-        ip[2] = he->h_addr_list[0][2];
+-        ip[3] = he->h_addr_list[0][3];
++	if (domain == AF_INET)
++	    memset(ip, 0, 4);
++# if OPENSSL_USE_IPV6
++	else
++	    memset(ip, 0, 16);
++# endif
++	memcpy(ip, he->h_addr_list[0], he->h_length);
++	return 1;
+     }
+-    return (1);
+  err:
+     return (0);
+ }
+@@ -573,7 +680,7 @@
+ static unsigned long ghbn_hits = 0L;
+ static unsigned long ghbn_miss = 0L;
+ 
+-static struct hostent *GetHostByName(char *name)
++static struct hostent *GetHostByName(char *name, int domain)
+ {
+     struct hostent *ret;
+     int i, lowi = 0;
+@@ -585,13 +692,18 @@
+             lowi = i;
+         }
+         if (ghbn_cache[i].order > 0) {
+-            if (strncmp(name, ghbn_cache[i].name, 128) == 0)
++            if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
+                 break;
+         }
+     }
+     if (i == GHBN_NUM) {        /* no hit */
+         ghbn_miss++;
+-        ret = gethostbyname(name);
++        if (domain == AF_INET)
++    	    ret = gethostbyname(name);
++# if OPENSSL_USE_IPV6
++	else
++	    ret = gethostbyname2(name, AF_INET6);
++# endif
+         if (ret == NULL)
+             return (NULL);
+         /* else add to cache */

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-s_client-verify.patch

@@ -0,0 +1,17 @@
+https://bugs.gentoo.org/472584
+http://rt.openssl.org/Ticket/Display.html?id=2387&user=guest&pass=guest
+
+fix verification handling in s_client.  when loading paths, make sure
+we properly fallback to setting the default paths.
+
+--- openssl-1.0.2/apps/s_client.c
++++ openssl-1.0.2/apps/s_client.c
+@@ -1337,7 +1337,7 @@
+ 
+     SSL_CTX_set_verify(ctx, verify, verify_callback);
+ 
+-    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
++    if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) &&
+         (!SSL_CTX_set_default_verify_paths(ctx))) {
+         /*
+          * BIO_printf(bio_err,"error setting default verify locations\n");

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2_beta2-ipv6.patch

@@ -1,640 +0,0 @@
-http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
-
---- openssl-1.0.2-beta2/apps/s_apps.h
-+++ openssl-1.0.2-beta2/apps/s_apps.h
-@@ -148,7 +148,7 @@
- #define PORT_STR        "4433"
- #define PROTOCOL        "tcp"
- 
--int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);
-+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6);
- #ifdef HEADER_X509_H
- int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
- #endif
-@@ -161,7 +161,7 @@
- int ssl_print_curves(BIO *out, SSL *s, int noshared);
- #endif
- int ssl_print_tmp_key(BIO *out, SSL *s);
--int init_client(int *sock, char *server, int port, int type);
-+int init_client(int *sock, char *server, int port, int type, int use_ipv4, int use_ipv6);
- int should_retry(int i);
- int extract_port(char *str, short *port_ptr);
- int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);
---- openssl-1.0.2-beta2/apps/s_client.c
-+++ openssl-1.0.2-beta2/apps/s_client.c
-@@ -288,6 +288,10 @@
- 	{
- 	BIO_printf(bio_err,"usage: s_client args\n");
- 	BIO_printf(bio_err,"\n");
-+	BIO_printf(bio_err," -4             - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6             - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -host host     - use -connect instead\n");
- 	BIO_printf(bio_err," -port port     - use -connect instead\n");
- 	BIO_printf(bio_err," -connect host:port - who to connect to (default is %s:%s)\n",SSL_HOST_NAME,PORT_STR);
-@@ -595,6 +599,7 @@
- 	int sbuf_len,sbuf_off;
- 	fd_set readfds,writefds;
- 	short port=PORT;
-+	int use_ipv4, use_ipv6;
- 	int full_log=1;
- 	char *host=SSL_HOST_NAME;
- 	char *cert_file=NULL,*key_file=NULL,*chain_file=NULL;
-@@ -647,7 +652,11 @@
- #endif
- 	char *sess_in = NULL;
- 	char *sess_out = NULL;
--	struct sockaddr peer;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage peer;
-+#else
-+	struct sockaddr_in peer;
-+#endif
- 	int peerlen = sizeof(peer);
- 	int enable_timeouts = 0 ;
- 	long socket_mtu = 0;
-@@ -674,6 +683,12 @@
- 
- 	meth=SSLv23_client_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	apps_startup();
- 	c_Pause=0;
- 	c_quiet=0;
-@@ -1079,6 +1094,18 @@
- 			jpake_secret = *++argv;
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -1445,7 +1472,7 @@
- 
- re_start:
- 
--	if (init_client(&s,host,port,socket_type) == 0)
-+	if (init_client(&s,host,port,socket_type,use_ipv4,use_ipv6) == 0)
- 		{
- 		BIO_printf(bio_err,"connect:errno=%d\n",get_last_socket_error());
- 		SHUTDOWN(s);
-@@ -1471,7 +1498,7 @@
- 		{
- 
- 		sbio=BIO_new_dgram(s,BIO_NOCLOSE);
--		if (getsockname(s, &peer, (void *)&peerlen) < 0)
-+		if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0)
- 			{
- 			BIO_printf(bio_err, "getsockname:errno=%d\n",
- 				get_last_socket_error());
---- openssl-1.0.2-beta2/apps/s_server.c
-+++ openssl-1.0.2-beta2/apps/s_server.c
-@@ -584,6 +584,10 @@
-         BIO_printf(bio_err," -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
- 	BIO_printf(bio_err," -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
- #endif
-+	BIO_printf(bio_err," -4            - use IPv4 only\n");
-+#if OPENSSL_USE_IPV6
-+	BIO_printf(bio_err," -6            - use IPv6 only\n");
-+#endif
- 	BIO_printf(bio_err," -keymatexport label   - Export keying material using label\n");
- 	BIO_printf(bio_err," -keymatexportlen len  - Export len bytes of keying material (default 20)\n");
- 	BIO_printf(bio_err," -status           - respond to certificate status requests\n");
-@@ -1014,6 +1018,7 @@
- 	int state=0;
- 	const SSL_METHOD *meth=NULL;
- 	int socket_type=SOCK_STREAM;
-+	int use_ipv4, use_ipv6;
- 	ENGINE *e=NULL;
- 	char *inrand=NULL;
- 	int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
-@@ -1055,6 +1060,12 @@
- 
- 	meth=SSLv23_server_method();
- 
-+	use_ipv4 = 1;
-+#if OPENSSL_USE_IPV6
-+	use_ipv6 = 1;
-+#else
-+	use_ipv6 = 0;
-+#endif
- 	local_argc=argc;
- 	local_argv=argv;
- 
-@@ -1493,6 +1504,18 @@
- 			jpake_secret = *(++argv);
- 			}
- #endif
-+		else if (strcmp(*argv,"-4") == 0)
-+			{
-+			use_ipv4 = 1;
-+			use_ipv6 = 0;
-+			}
-+#if OPENSSL_USE_IPV6
-+		else if (strcmp(*argv,"-6") == 0)
-+			{
-+			use_ipv4 = 0;
-+			use_ipv6 = 1;
-+			}
-+#endif
- 		else if (strcmp(*argv,"-use_srtp") == 0)
- 			{
- 			if (--argc < 1) goto bad;
-@@ -2063,11 +2086,11 @@
- 	BIO_printf(bio_s_out,"ACCEPT\n");
- 	(void)BIO_flush(bio_s_out);
- 	if (rev)
--		do_server(port,socket_type,&accept_socket,rev_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,rev_body, context, naccept, use_ipv4, use_ipv6);
- 	else if (www)
--		do_server(port,socket_type,&accept_socket,www_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,www_body, context, naccept, use_ipv4, use_ipv6);
- 	else
--		do_server(port,socket_type,&accept_socket,sv_body, context, naccept);
-+		do_server(port,socket_type,&accept_socket,sv_body, context, naccept, use_ipv4, use_ipv6);
- 	print_stats(bio_s_out,ctx);
- 	ret=0;
- end:
---- openssl-1.0.2-beta2/apps/s_socket.c
-+++ openssl-1.0.2-beta2/apps/s_socket.c
-@@ -97,16 +97,16 @@
- #include "netdb.h"
- #endif
- 
--static struct hostent *GetHostByName(char *name);
-+static struct hostent *GetHostByName(char *name, int domain);
- #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
- static void ssl_sock_cleanup(void);
- #endif
- static int ssl_sock_init(void);
--static int init_client_ip(int *sock,unsigned char ip[4], int port, int type);
--static int init_server(int *sock, int port, int type);
--static int init_server_long(int *sock, int port,char *ip, int type);
-+static int init_client_ip(int *sock,unsigned char *ip, int port, int type, int domain);
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
-+static int init_server_long(int *sock, int port,char *ip, int type, int use_ipv4, int use_ipv6);
- static int do_accept(int acc_sock, int *sock, char **host);
--static int host_ip(char *str, unsigned char ip[4]);
-+static int host_ip(char *str, unsigned char *ip, int domain);
- 
- #ifdef OPENSSL_SYS_WIN16
- #define SOCKET_PROTOCOL	0 /* more microsoft stupidity */
-@@ -234,38 +234,68 @@
- 	return(1);
- 	}
- 
--int init_client(int *sock, char *host, int port, int type)
-+int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
- 	{
-+#if OPENSSL_USE_IPV6
-+	unsigned char ip[16];
-+#else
- 	unsigned char ip[4];
-+#endif
- 
--	memset(ip, '\0', sizeof ip);
--	if (!host_ip(host,&(ip[0])))
--		return 0;
--	return init_client_ip(sock,ip,port,type);
--	}
--
--static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
--	{
--	unsigned long addr;
-+	if (use_ipv4)
-+		if (host_ip(host,ip,AF_INET))
-+			return(init_client_ip(sock,ip,port,type,AF_INET));
-+#if OPENSSL_USE_IPV6
-+	if (use_ipv6)
-+		if (host_ip(host,ip,AF_INET6))
-+			return(init_client_ip(sock,ip,port,type,AF_INET6));
-+#endif
-+	return 0;
-+	}
-+
-+static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
-+	{
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage them;
-+	struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
-+	struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
-+#else
- 	struct sockaddr_in them;
-+	struct sockaddr_in *them_in = &them;
-+#endif
-+	socklen_t addr_len;
- 	int s,i;
- 
- 	if (!ssl_sock_init()) return(0);
- 
- 	memset((char *)&them,0,sizeof(them));
--	them.sin_family=AF_INET;
--	them.sin_port=htons((unsigned short)port);
--	addr=(unsigned long)
--		((unsigned long)ip[0]<<24L)|
--		((unsigned long)ip[1]<<16L)|
--		((unsigned long)ip[2]<< 8L)|
--		((unsigned long)ip[3]);
--	them.sin_addr.s_addr=htonl(addr);
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		them_in->sin_family=AF_INET;
-+		them_in->sin_port=htons((unsigned short)port);
-+#ifndef BIT_FIELD_LIMITS
-+		memcpy(&them_in->sin_addr.s_addr, ip, 4);
-+#else
-+		memcpy(&them_in->sin_addr, ip, 4);
-+#endif
-+		}
-+	else
-+#if OPENSSL_USE_IPV6
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		them_in6->sin6_family=AF_INET6;
-+		them_in6->sin6_port=htons((unsigned short)port);
-+		memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
-+		}
-+#else
-+		return(0);
-+#endif
- 
- 	if (type == SOCK_STREAM)
--		s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
- 	else /* ( type == SOCK_DGRAM) */
--		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
-+		s=socket(domain,SOCK_DGRAM,IPPROTO_UDP);
- 			
- 	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
- 
-@@ -277,29 +307,27 @@
- 		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
- 		}
- #endif
--
--	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
-+	if (connect(s,(struct sockaddr *)&them,addr_len) == -1)
- 		{ closesocket(s); perror("connect"); return(0); }
- 	*sock=s;
- 	return(1);
- 	}
- 
--int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept)
-+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept, int use_ipv4, int use_ipv6)
- 	{
- 	int sock;
- 	char *name = NULL;
- 	int accept_socket = 0;
- 	int i;
- 
--	if (!init_server(&accept_socket,port,type)) return(0);
--
-+	if (!init_server(&accept_socket,port,type, use_ipv4, use_ipv6)) return(0);
- 	if (ret != NULL)
- 		{
- 		*ret=accept_socket;
- 		/* return(1);*/
- 		}
--  	for (;;)
--  		{
-+	for (;;)
-+		{
- 		if (type==SOCK_STREAM)
- 			{
- 			if (do_accept(accept_socket,&sock,&name) == 0)
-@@ -324,41 +352,88 @@
- 		}
- 	}
- 
--static int init_server_long(int *sock, int port, char *ip, int type)
-+static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
- 	{
- 	int ret=0;
-+	int domain;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage server;
-+	struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
-+	struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
-+#else
- 	struct sockaddr_in server;
-+	struct sockaddr_in *server_in = &server;
-+#endif
-+	socklen_t addr_len;
- 	int s= -1;
- 
-+	if (!use_ipv4 && !use_ipv6)
-+		goto err;
-+#if OPENSSL_USE_IPV6
-+	/* we are fine here */
-+#else
-+	if (use_ipv6)
-+		goto err;
-+#endif
- 	if (!ssl_sock_init()) return(0);
- 
--	memset((char *)&server,0,sizeof(server));
--	server.sin_family=AF_INET;
--	server.sin_port=htons((unsigned short)port);
--	if (ip == NULL)
--		server.sin_addr.s_addr=INADDR_ANY;
--	else
--/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
--#ifndef BIT_FIELD_LIMITS
--		memcpy(&server.sin_addr.s_addr,ip,4);
-+#if OPENSSL_USE_IPV6
-+	domain = use_ipv6 ? AF_INET6 : AF_INET;
- #else
--		memcpy(&server.sin_addr,ip,4);
-+	domain = AF_INET;
- #endif
--	
--		if (type == SOCK_STREAM)
--			s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL);
--		else /* type == SOCK_DGRAM */
--			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);
-+	if (type == SOCK_STREAM)
-+		s=socket(domain,SOCK_STREAM,SOCKET_PROTOCOL);
-+	else /* type == SOCK_DGRAM */
-+		s=socket(domain, SOCK_DGRAM,IPPROTO_UDP);
- 
- 	if (s == INVALID_SOCKET) goto err;
- #if defined SOL_SOCKET && defined SO_REUSEADDR
-+	{
-+	int j = 1;
-+	setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
-+		   (void *) &j, sizeof j);
-+	}
-+#endif
-+#if OPENSSL_USE_IPV6
-+	if ((use_ipv4 == 0) && (use_ipv6 == 1))
-+		{
-+		const int on = 1;
-+
-+		setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
-+		           (const void *) &on, sizeof(int));
-+		}
-+#endif
-+	if (domain == AF_INET)
-+		{
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in);
-+		memset(server_in, 0, sizeof(struct sockaddr_in));
-+		server_in->sin_family=AF_INET;
-+		server_in->sin_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in->sin_addr.s_addr = htonl(INADDR_ANY);
-+		else
-+/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
-+#ifndef BIT_FIELD_LIMITS
-+			memcpy(&server_in->sin_addr.s_addr, ip, 4);
-+#else
-+			memcpy(&server_in->sin_addr, ip, 4);
-+#endif
-+		}
-+#if OPENSSL_USE_IPV6
-+	else
- 		{
--		int j = 1;
--		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
--			   (void *) &j, sizeof j);
-+		addr_len = (socklen_t)sizeof(struct sockaddr_in6);
-+		memset(server_in6, 0, sizeof(struct sockaddr_in6));
-+		server_in6->sin6_family = AF_INET6;
-+		server_in6->sin6_port = htons((unsigned short)port);
-+		if (ip == NULL)
-+			server_in6->sin6_addr = in6addr_any;
-+		else
-+			memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
- 		}
- #endif
--	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
-+	if (bind(s, (struct sockaddr *)&server, addr_len) == -1)
- 		{
- #ifndef OPENSSL_SYS_WINDOWS
- 		perror("bind");
-@@ -377,16 +452,23 @@
- 	return(ret);
- 	}
- 
--static int init_server(int *sock, int port, int type)
-+static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
- 	{
--	return(init_server_long(sock, port, NULL, type));
-+	return(init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
- 	}
- 
- static int do_accept(int acc_sock, int *sock, char **host)
- 	{
- 	int ret;
- 	struct hostent *h1,*h2;
--	static struct sockaddr_in from;
-+#if OPENSSL_USE_IPV6
-+	struct sockaddr_storage from;
-+	struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
-+	struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
-+#else
-+	struct sockaddr_in from;
-+	struct sockaddr_in *from_in = &from;
-+#endif
- 	int len;
- /*	struct linger ling; */
- 
-@@ -433,13 +515,23 @@
- */
- 
- 	if (host == NULL) goto end;
-+#if OPENSSL_USE_IPV6
-+	if (from.ss_family == AF_INET)
-+#else
-+	if (from.sin_family == AF_INET)
-+#endif
- #ifndef BIT_FIELD_LIMITS
--	/* I should use WSAAsyncGetHostByName() under windows */
--	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
--		sizeof(from.sin_addr.s_addr),AF_INET);
-+		/* I should use WSAAsyncGetHostByName() under windows */
-+		h1=gethostbyaddr((char *)&from_in->sin_addr.s_addr,
-+		                 sizeof(from_in->sin_addr.s_addr), AF_INET);
- #else
--	h1=gethostbyaddr((char *)&from.sin_addr,
--		sizeof(struct in_addr),AF_INET);
-+		h1=gethostbyaddr((char *)&from_in->sin_addr,
-+		                 sizeof(struct in_addr), AF_INET);
-+#endif
-+#if OPENSSL_USE_IPV6
-+	else
-+		h1=gethostbyaddr((char *)&from_in6->sin6_addr,
-+		                 sizeof(struct in6_addr), AF_INET6);
- #endif
- 	if (h1 == NULL)
- 		{
-@@ -457,16 +549,24 @@
- 			}
- 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);
- 
--		h2=GetHostByName(*host);
-+#if OPENSSL_USE_IPV6
-+		h2=GetHostByName(*host, from.ss_family);
-+#else
-+		h2=GetHostByName(*host, from.sin_family);
-+#endif
- 		if (h2 == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			closesocket(ret);
- 			return(0);
- 			}
--		if (h2->h_addrtype != AF_INET)
-+#if OPENSSL_USE_IPV6
-+		if (h2->h_addrtype != from.ss_family)
-+#else
-+		if (h2->h_addrtype != from.sin_family)
-+#endif
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr is not correct\n");
- 			closesocket(ret);
- 			return(0);
- 			}
-@@ -482,7 +582,7 @@
- 	char *h,*p;
- 
- 	h=str;
--	p=strchr(str,':');
-+	p=strrchr(str,':');
- 	if (p == NULL)
- 		{
- 		BIO_printf(bio_err,"no port defined\n");
-@@ -490,7 +590,7 @@
- 		}
- 	*(p++)='\0';
- 
--	if ((ip != NULL) && !host_ip(str,ip))
-+	if ((ip != NULL) && !host_ip(str,ip,AF_INET))
- 		goto err;
- 	if (host_ptr != NULL) *host_ptr=h;
- 
-@@ -501,48 +601,58 @@
- 	return(0);
- 	}
- 
--static int host_ip(char *str, unsigned char ip[4])
-+static int host_ip(char *str, unsigned char *ip, int domain)
- 	{
--	unsigned int in[4]; 
-+	unsigned int in[4];
-+	unsigned long l;
- 	int i;
- 
--	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
-+	if ((domain == AF_INET) &&
-+	    (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4))
- 		{
-+		
- 		for (i=0; i<4; i++)
- 			if (in[i] > 255)
- 				{
- 				BIO_printf(bio_err,"invalid IP address\n");
- 				goto err;
- 				}
--		ip[0]=in[0];
--		ip[1]=in[1];
--		ip[2]=in[2];
--		ip[3]=in[3];
--		}
-+		l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
-+		memcpy(ip, &l, 4);
-+		return 1;
-+		}
-+#if OPENSSL_USE_IPV6
-+	else if ((domain == AF_INET6) &&
-+	         (inet_pton(AF_INET6, str, ip) == 1))
-+	         return 1;
-+#endif
- 	else
- 		{ /* do a gethostbyname */
- 		struct hostent *he;
- 
- 		if (!ssl_sock_init()) return(0);
- 
--		he=GetHostByName(str);
-+		he=GetHostByName(str,domain);
- 		if (he == NULL)
- 			{
- 			BIO_printf(bio_err,"gethostbyname failure\n");
- 			goto err;
- 			}
- 		/* cast to short because of win16 winsock definition */
--		if ((short)he->h_addrtype != AF_INET)
-+		if ((short)he->h_addrtype != domain)
- 			{
--			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
-+			BIO_printf(bio_err,"gethostbyname addr family is not correct\n");
- 			return(0);
- 			}
--		ip[0]=he->h_addr_list[0][0];
--		ip[1]=he->h_addr_list[0][1];
--		ip[2]=he->h_addr_list[0][2];
--		ip[3]=he->h_addr_list[0][3];
-+		if (domain == AF_INET)
-+			memset(ip, 0, 4);
-+#if OPENSSL_USE_IPV6
-+		else
-+			memset(ip, 0, 16);
-+#endif
-+		memcpy(ip, he->h_addr_list[0], he->h_length);
-+		return 1;
- 		}
--	return(1);
- err:
- 	return(0);
- 	}
-@@ -579,7 +689,7 @@
- static unsigned long ghbn_hits=0L;
- static unsigned long ghbn_miss=0L;
- 
--static struct hostent *GetHostByName(char *name)
-+static struct hostent *GetHostByName(char *name, int domain)
- 	{
- 	struct hostent *ret;
- 	int i,lowi=0;
-@@ -594,14 +704,20 @@
- 			}
- 		if (ghbn_cache[i].order > 0)
- 			{
--			if (strncmp(name,ghbn_cache[i].name,128) == 0)
-+			if ((strncmp(name,ghbn_cache[i].name,128) == 0) &&
-+			    (ghbn_cache[i].ent.h_addrtype == domain))
- 				break;
- 			}
- 		}
- 	if (i == GHBN_NUM) /* no hit*/
- 		{
- 		ghbn_miss++;
--		ret=gethostbyname(name);
-+		if (domain == AF_INET)
-+			ret=gethostbyname(name);
-+#if OPENSSL_USE_IPV6
-+		else
-+			ret=gethostbyname2(name, AF_INET6);
-+#endif
- 		if (ret == NULL) return(NULL);
- 		/* else add to cache */
- 		if(strlen(name) < sizeof ghbn_cache[0].name)

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2a-malloc-typo.patch

@@ -0,0 +1,36 @@
+From 7b4152089fe39c3495508076ab81ed4aca3d65ba Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 21 Mar 2015 05:08:41 -0400
+Subject: [PATCH] fix malloc define typo
+
+Reported-by: Conrad Kostecki <ck+gentoobugzilla@bl4ckb0x.de>
+URL: https://bugs.gentoo.org/543828
+---
+ crypto/bio/bss_dgram.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/bio/bss_dgram.c b/crypto/bio/bss_dgram.c
+index aef8149..ed275d1 100644
+--- a/crypto/bio/bss_dgram.c
++++ b/crypto/bio/bss_dgram.c
+@@ -1338,7 +1338,7 @@ static int dgram_sctp_read(BIO *b, char *out, int outl)
+                 (socklen_t) (sizeof(sctp_assoc_t) + 256 * sizeof(uint8_t));
+             authchunks = OPENSSL_malloc(optlen);
+             if (!authchunks) {
+-                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_ERROR);
++                BIOerr(BIO_F_DGRAM_SCTP_READ, ERR_R_MALLOC_FAILURE);
+                 return -1;
+             }
+             memset(authchunks, 0, optlen);
+@@ -1410,7 +1410,7 @@ static int dgram_sctp_write(BIO *b, const char *in, int inl)
+         char *tmp;
+         data->saved_message.bio = b;
+         if(!(tmp = OPENSSL_malloc(inl))) {
+-            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_ERROR);
++            BIOerr(BIO_F_DGRAM_SCTP_WRITE, ERR_R_MALLOC_FAILURE);
+             return -1;
+         }
+         if (data->saved_message.data)
+-- 
+2.3.3
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2a-parallel-build.patch

@@ -0,0 +1,368 @@
+http://rt.openssl.org/Ticket/Display.html?id=2084&user=guest&pass=guest
+
+--- openssl-1.0.2a/crypto/Makefile
++++ openssl-1.0.2a/crypto/Makefile
+@@ -85,11 +85,11 @@
+ 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+-	@target=files; $(RECURSIVE_MAKE)
++	+@target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+ 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:	$(LIB)
+ 	@touch lib
+-$(LIB):	$(LIBOBJ)
++$(LIB):	$(LIBOBJ) | subdirs
+ 	$(AR) $(LIB) $(LIBOBJ)
+ 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ 	$(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ 	fi
+ 
+ libs:
+-	@target=lib; $(RECURSIVE_MAKE)
++	+@target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+ 	@target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2a/crypto/objects/Makefile
++++ openssl-1.0.2a/crypto/objects/Makefile
+@@ -44,11 +44,11 @@
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+-	@sleep 1; touch obj_mac.h; sleep 1
+ 
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+-	@sleep 1; touch obj_xref.h; sleep 1
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+--- openssl-1.0.2a/engines/Makefile
++++ openssl-1.0.2a/engines/Makefile
+@@ -72,7 +72,7 @@
+ 
+ all:	lib subdirs
+ 
+-lib:	$(LIBOBJ)
++lib:	$(LIBOBJ) | subdirs
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+ 		for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+ 	echo $(EDIRS)
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+ 	ctags $(SRC)
+--- openssl-1.0.2a/Makefile.org
++++ openssl-1.0.2a/Makefile.org
+@@ -274,17 +274,17 @@
+ build_libs: build_crypto build_ssl build_engines
+ 
+ build_crypto:
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
+-build_ssl:
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
+-build_engines:
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
+-build_apps:
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
+-build_tests:
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
+-build_tools:
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
++	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
++build_ssl: build_crypto
++	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
++build_engines: build_crypto
++	+@dir=engines; target=all; $(BUILD_ONE_CMD)
++build_apps: build_libs
++	+@dir=apps; target=all; $(BUILD_ONE_CMD)
++build_tests: build_libs
++	+@dir=test; target=all; $(BUILD_ONE_CMD)
++build_tools: build_libs
++	+@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -536,9 +536,9 @@
+ dist_pem_h:
+ 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ 
+-install: all install_docs install_sw
++install: install_docs install_sw
+ 
+-install_sw:
++install_dirs:
+ 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -547,12 +547,19 @@
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
++	@$(PERL) $(TOP)/util/mkdir-p.pl \
++		$(INSTALL_PREFIX)$(MANDIR)/man1 \
++		$(INSTALL_PREFIX)$(MANDIR)/man3 \
++		$(INSTALL_PREFIX)$(MANDIR)/man5 \
++		$(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ 	do \
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
++	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+@@ -636,12 +643,7 @@
+ 		done; \
+ 	done
+ 
+-install_docs:
+-	@$(PERL) $(TOP)/util/mkdir-p.pl \
+-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ 	here="`pwd`"; \
+ 	filecase=; \
+--- openssl-1.0.2a/Makefile.shared
++++ openssl-1.0.2a/Makefile.shared
+@@ -105,6 +105,7 @@
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ 			done; \
+ 		fi; \
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ 		fi; \
+--- openssl-1.0.2a/test/Makefile
++++ openssl-1.0.2a/test/Makefile
+@@ -133,7 +133,7 @@
+ tags:
+ 	ctags $(SRC)
+ 
+-tests:	exe apps $(TESTS)
++tests:	exe $(TESTS)
+ 
+ apps:
+ 	@(cd ..; $(MAKE) DIRS=apps all)
+@@ -402,121 +402,121 @@
+ 		link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-	@target=$(RSATEST); $(BUILD_CMD)
++	+@target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-	@target=$(BNTEST); $(BUILD_CMD)
++	+@target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-	@target=$(ECTEST); $(BUILD_CMD)
++	+@target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-	@target=$(EXPTEST); $(BUILD_CMD)
++	+@target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-	@target=$(IDEATEST); $(BUILD_CMD)
++	+@target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-	@target=$(MD2TEST); $(BUILD_CMD)
++	+@target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-	@target=$(SHATEST); $(BUILD_CMD)
++	+@target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA1TEST); $(BUILD_CMD)
++	+@target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA256TEST); $(BUILD_CMD)
++	+@target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA512TEST); $(BUILD_CMD)
++	+@target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-	@target=$(RMDTEST); $(BUILD_CMD)
++	+@target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-	@target=$(MDC2TEST); $(BUILD_CMD)
++	+@target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-	@target=$(MD4TEST); $(BUILD_CMD)
++	+@target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-	@target=$(MD5TEST); $(BUILD_CMD)
++	+@target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-	@target=$(HMACTEST); $(BUILD_CMD)
++	+@target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-	@target=$(WPTEST); $(BUILD_CMD)
++	+@target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-	@target=$(RC2TEST); $(BUILD_CMD)
++	+@target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-	@target=$(BFTEST); $(BUILD_CMD)
++	+@target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-	@target=$(CASTTEST); $(BUILD_CMD)
++	+@target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-	@target=$(RC4TEST); $(BUILD_CMD)
++	+@target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-	@target=$(RC5TEST); $(BUILD_CMD)
++	+@target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-	@target=$(DESTEST); $(BUILD_CMD)
++	+@target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-	@target=$(RANDTEST); $(BUILD_CMD)
++	+@target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-	@target=$(DHTEST); $(BUILD_CMD)
++	+@target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-	@target=$(DSATEST); $(BUILD_CMD)
++	+@target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-	@target=$(METHTEST); $(BUILD_CMD)
++	+@target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
++	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-	@target=$(ENGINETEST); $(BUILD_CMD)
++	+@target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-	@target=$(EVPTEST); $(BUILD_CMD)
++	+@target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+-	@target=$(EVPEXTRATEST); $(BUILD_CMD)
++	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-	@target=$(ECDSATEST); $(BUILD_CMD)
++	+@target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-	@target=$(ECDHTEST); $(BUILD_CMD)
++	+@target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-	@target=$(IGETEST); $(BUILD_CMD)
++	+@target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-	@target=$(JPAKETEST); $(BUILD_CMD)
++	+@target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-	@target=$(ASN1TEST); $(BUILD_CMD)
++	+@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-	@target=$(SRPTEST); $(BUILD_CMD)
++	+@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+-	@target=$(V3NAMETEST); $(BUILD_CMD)
++	+@target=$(V3NAMETEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+-	@target=$(CONSTTIMETEST) $(BUILD_CMD)
++	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -529,7 +529,7 @@
+ #	fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-	@target=dummytest; $(BUILD_CMD)
++	+@target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch

@@ -0,0 +1,41 @@
+From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 21 Mar 2015 06:01:25 -0400
+Subject: [PATCH] crypto: use bigint in x86-64 perl
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers.  Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+---
+ crypto/perlasm/x86_64-xlate.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+index aae8288..0bf9774 100755
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -195,6 +195,10 @@ my %globals;
+     sub out {
+     	my $self = shift;
+ 
++	# When building on x32 ABIs, the expanded hex value might be too
++	# big to fit into 32bits.  Enable transparent 64bit support here
++	# so we can safely print it out.
++	use bigint;
+ 	if ($gas) {
+ 	    # Solaris /usr/ccs/bin/as can't handle multiplications
+ 	    # in $self->{value}
+-- 
+2.3.3
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/metadata.xml

@@ -3,7 +3,9 @@
 <pkgmetadata>
 <herd>base-system</herd>
 <use>
- <flag name='bindist'>Disable EC/RC5 algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name='asm'>Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
+ <flag name='bindist'>Disable EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name='sctp'>Support for Stream Control Transmission Protocol</flag>
  <flag name='rfc3779'>Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
  <flag name='tls-heartbeat'>Enable the Heartbeat Extension in TLS and DTLS</flag>
 </use>

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-0.9.8z_p1-r2.ebuild

@@ -1,149 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8z_p1-r2.ebuild,v 1.11 2014/09/15 08:18:46 ago Exp $
-
-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
-MY_PV=${PV/_p*/${PLEVEL}}
-MY_P=${PN}-${MY_PV}
-S="${WORKDIR}/${MY_P}"
-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0.9.8"
-KEYWORDS="alpha amd64 ~arm ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos sse2 test zlib"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r4
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)
-	!=dev-libs/openssl-0.9.8*:0"
-DEPEND="${RDEPEND}
-	sys-apps/diffutils
-	>=dev-lang/perl-5
-	test? ( sys-devel/bc )"
-
-# Do not install any docs
-DOCS=()
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
-	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
-	epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-		Makefile{,.org} \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-	# update the enginedir path.
-	# punt broken config we don't care about as it fails sanity check.
-	sed -i \
-		-e '/^"debug-ben-debug-64"/d' \
-		-e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
-		Configure || die
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags -Wa,--noexecstack
-
-	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-	sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-
-	tc-export CC AR RANLIB
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		enable-idea \
-		enable-mdc2 \
-		$(use_ssl !bindist rc5) \
-		enable-tlsext \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl zlib) \
-		--prefix=/usr \
-		--openssldir=/etc/ssl \
-		shared threads \
-		|| die "Configure failed"
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts
-	emake -j1 depend
-	emake -j1 build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.0.9.8
-}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-0.9.8z_p2.ebuild

@@ -1,159 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8z_p2.ebuild,v 1.8 2014/09/19 10:34:21 ago Exp $
-
-# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
-
-EAPI="5"
-
-inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
-
-PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
-MY_PV=${PV/_p*/${PLEVEL}}
-MY_P=${PN}-${MY_PV}
-S="${WORKDIR}/${MY_P}"
-DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
-HOMEPAGE="http://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
-
-LICENSE="openssl"
-SLOT="0.9.8"
-KEYWORDS="alpha amd64 arm ~hppa ia64 m68k ~mips ~ppc ~ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos sse2 test zlib"
-
-RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
-	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
-	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
-	abi_x86_32? (
-		!<=app-emulation/emul-linux-x86-baselibs-20140508-r4
-		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
-	)
-	!=dev-libs/openssl-0.9.8*:0"
-DEPEND="${RDEPEND}
-	sys-apps/diffutils
-	>=dev-lang/perl-5
-	test? ( sys-devel/bc )"
-
-# Do not install any docs
-DOCS=()
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
-	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
-	epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
-
-	# disable fips in the build
-	# make sure the man pages are suffixed #302165
-	# don't bother building man pages if they're disabled
-	sed -i \
-		-e '/DIRS/s: fips : :g' \
-		-e '/^MANSUFFIX/s:=.*:=ssl:' \
-		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
-		-e $(has noman FEATURES \
-			&& echo '/^install:/s:install_docs::' \
-			|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
-		Makefile{,.org} \
-		|| die
-	# show the actual commands in the log
-	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
-	# update the enginedir path.
-	# punt broken config we don't care about as it fails sanity check.
-	sed -i \
-		-e '/^"debug-ben-debug-64"/d' \
-		-e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
-		Configure || die
-
-	# since we're forcing $(CC) as makedep anyway, just fix
-	# the conditional as always-on
-	# helps clang (#417795), and versioned gcc (#499818)
-	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
-
-	# quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (#417795 again)
-	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
-
-	# allow openssl to be cross-compiled
-	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
-	chmod a+rx gentoo.config
-
-	append-flags -fno-strict-aliasing
-	append-flags -Wa,--noexecstack
-
-	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
-	sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
-	./config --test-sanity || die "I AM NOT SANE"
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	unset APPS #197996
-	unset SCRIPTS #312551
-
-	tc-export CC AR RANLIB
-
-	# Clean out patent-or-otherwise-encumbered code
-	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
-	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
-	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
-	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
-
-	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
-	echoit() { echo "$@" ; "$@" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	local sslout=$(./gentoo.config)
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config="Configure"
-	[[ -z ${sslout} ]] && config="config"
-
-	echoit \
-	./${config} \
-		${sslout} \
-		$(use sse2 || echo "no-sse2") \
-		enable-camellia \
-		$(use_ssl !bindist ec) \
-		enable-idea \
-		enable-mdc2 \
-		$(use_ssl !bindist rc5) \
-		enable-tlsext \
-		$(use_ssl gmp gmp -lgmp) \
-		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
-		$(use_ssl zlib) \
-		--prefix=/usr \
-		--openssldir=/etc/ssl \
-		shared threads \
-		|| die "Configure failed"
-
-	# Clean out hardcoded flags that openssl uses
-	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
-		-e 's:^CFLAG=::' \
-		-e 's:-fomit-frame-pointer ::g' \
-		-e 's:-O[0-9] ::g' \
-		-e 's:-march=[-a-z0-9]* ::g' \
-		-e 's:-mcpu=[-a-z0-9]* ::g' \
-		-e 's:-m[a-z0-9]* ::g' \
-	)
-	sed -i \
-		-e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
-		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
-		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
-		Makefile || die
-}
-
-multilib_src_compile() {
-	# depend is needed to use $confopts
-	emake -j1 depend
-	emake -j1 build_libs
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	dolib.so lib{crypto,ssl}.so.0.9.8
-}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild

@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8z_p3.ebuild,v 1.5 2014/10/22 19:17:14 maekke Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8z_p5-r1.ebuild,v 1.3 2015/03/19 17:55:24 ulm Exp $
 
 # this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
 
@@ -18,8 +18,9 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0.9.8"
-KEYWORDS="alpha amd64 arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd"
+KEYWORDS="alpha amd64 arm ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos sse2 test zlib"
+IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
+RESTRICT="!bindist? ( bindist )"
 
 RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
@@ -41,6 +42,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
 	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
 	epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
+	epatch "${FILESDIR}"/${PN}-0.9.8ze-CVE-2015-0286.patch #543552
 
 	# disable fips in the build
 	# make sure the man pages are suffixed #302165
@@ -113,7 +115,7 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		$(use sse2 || echo "no-sse2") \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		$(use_ssl !bindist ec) \
 		enable-idea \

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-0.9.8z_p6.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8z_p4.ebuild,v 1.2 2015/01/08 20:20:40 zlogene Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-0.9.8z_p6.ebuild,v 1.2 2015/03/19 23:07:42 ulm Exp $
 
 # this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
 
@@ -18,8 +18,9 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
 
 LICENSE="openssl"
 SLOT="0.9.8"
-KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos sse2 test zlib"
+IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
+RESTRICT="!bindist? ( bindist )"
 
 RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
 	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
@@ -113,7 +114,7 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		$(use sse2 || echo "no-sse2") \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		$(use_ssl !bindist ec) \
 		enable-idea \

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.0r.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.0p.ebuild,v 1.1 2015/01/08 17:28:53 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.0r.ebuild,v 1.2 2015/03/19 23:07:42 ulm Exp $
 
 EAPI="4"
 
@@ -15,7 +15,8 @@ SRC_URI="mirror://openssl/source/${P}.tar.gz
 LICENSE="openssl"
 SLOT="0"
 KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd"
-IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test zlib"
+IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test zlib"
+RESTRICT="!bindist? ( bindist )"
 
 # Have the sub-libs in RDEPEND with [static-libs] since, logically,
 # our libssl.a depends on libz.a/etc... at runtime.
@@ -49,7 +50,7 @@ src_prepare() {
 	epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
 	epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
 	epatch "${FILESDIR}"/${PN}-1.0.0e-parallel-build.patch
-	epatch "${FILESDIR}"/${PN}-1.0.0e-x32.patch
+	epatch "${FILESDIR}"/${PN}-1.0.0r-x32.patch
 	epatch_user #332661
 
 	# disable fips in the build
@@ -104,7 +105,7 @@ src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		$(use sse2 || echo "no-sse2") \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		$(use_ssl !bindist ec) \
 		enable-idea \

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1l-r1.ebuild

@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1j.ebuild,v 1.10 2014/10/22 23:46:29 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1l-r1.ebuild,v 1.5 2015/03/19 18:03:39 vapier Exp $
 
 EAPI="4"
 
@@ -15,7 +15,8 @@ SRC_URI="mirror://openssl/source/${P}.tar.gz
 LICENSE="openssl"
 SLOT="0"
 KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
+IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
 
 # The blocks are temporary just to make sure people upgrade to a
 # version that lack runtime version checking.  We'll drop them in
@@ -63,6 +64,7 @@ src_prepare() {
 		epatch "${FILESDIR}"/${PN}-1.0.1h-ipv6.patch
 		epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
 		epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
+		epatch "${FILESDIR}"/${PN}-1.0.1l-CVE-2015-0286.patch #543552
 		epatch_user #332661
 	fi
 
@@ -144,7 +146,7 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		$(use sse2 || echo "no-sse2") \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.1m.ebuild

@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1k.ebuild,v 1.2 2015/01/08 20:20:40 zlogene Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.1m.ebuild,v 1.2 2015/03/19 23:07:42 ulm Exp $
 
 EAPI="4"
 
@@ -14,8 +14,9 @@ SRC_URI="mirror://openssl/source/${P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
+IUSE="bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
 
 # The blocks are temporary just to make sure people upgrade to a
 # version that lack runtime version checking.  We'll drop them in
@@ -58,10 +59,10 @@ src_prepare() {
 		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
 		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
 		epatch "${FILESDIR}"/${PN}-1.0.0h-pkg-config.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.1m-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1-x32.patch
+		epatch "${FILESDIR}"/${PN}-1.0.1m-x32.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1h-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.1m-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
+		epatch "${FILESDIR}"/${PN}-1.0.1m-s_client-verify.patch #472584
 		epatch "${FILESDIR}"/${PN}-1.0.1f-revert-alpha-perl-generation.patch #499086
 		epatch_user #332661
 	fi
@@ -144,7 +145,7 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		$(use sse2 || echo "no-sse2") \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2-r3.ebuild

@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2_beta3.ebuild,v 1.1 2014/09/26 06:05:53 polynomial-c Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2-r3.ebuild,v 1.3 2015/03/19 21:14:17 vapier Exp $
 
 EAPI="4"
 
@@ -15,8 +15,9 @@ SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
 
 LICENSE="openssl"
 SLOT="0"
-#KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
-IUSE="bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib"
+IUSE="bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
 
 # The blocks are temporary just to make sure people upgrade to a
 # version that lack runtime version checking.  We'll drop them in
@@ -33,6 +34,7 @@ RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
 DEPEND="${RDEPEND}
 	sys-apps/diffutils
 	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
 	test? ( sys-devel/bc )"
 PDEPEND="app-misc/ca-certificates"
 
@@ -54,12 +56,15 @@ src_prepare() {
 	# that gets blown away anyways by the Configure script in src_configure
 	rm -f Makefile
 
+	epatch "${FILESDIR}"/${P}-CVE-2015-0209.patch #541502
+	epatch "${FILESDIR}"/${P}-CVE-2015-0288.patch #542038
 	if ! use vanilla ; then
 		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
 		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
 		epatch "${FILESDIR}"/${PN}-1.0.2-parallel-build.patch
-		epatch "${FILESDIR}"/${PN}-1.0.2_beta2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
-		epatch "${FILESDIR}"/${PN}-1.0.1e-s_client-verify.patch #472584
+		epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584
+		epatch "${FILESDIR}"/${PN}-1.0.2-CVE-2015-0291.patch
 
 		epatch_user #332661
 	fi
@@ -117,7 +122,7 @@ multilib_src_configure() {
 	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
 	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
 	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
-	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
 
 	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
 	echoit() { echo "$@" ; "$@" ; }
@@ -143,13 +148,14 @@ multilib_src_configure() {
 	echoit \
 	./${config} \
 		${sslout} \
-		$(use sse2 || echo "no-sse2") \
+		$(use sctp && echo "sctp") \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
 		enable-camellia \
 		$(use_ssl !bindist ec) \
 		${ec_nistp_64_gcc_128} \
 		enable-idea \
 		enable-mdc2 \
-		$(use_ssl !bindist rc5) \
+		enable-rc5 \
 		enable-tlsext \
 		$(use_ssl gmp gmp -lgmp) \
 		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2a.ebuild

@@ -0,0 +1,263 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/openssl/openssl-1.0.2a.ebuild,v 1.6 2015/03/21 11:02:41 vapier Exp $
+
+EAPI="4"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+REV="1.7"
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
+	http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/${PN}/${PN}-c_rehash.sh?rev=${REV} -> ${PN}-c_rehash.sh.${REV}"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+# The blocks are temporary just to make sure people upgrade to a
+# version that lack runtime version checking.  We'll drop them in
+# the future.
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)
+	!<net-misc/openssh-5.9_p1-r4
+	!<net-libs/neon-0.29.6-r1"
+DEPEND="${RDEPEND}
+	sys-apps/diffutils
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? ( sys-devel/bc )"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	SSL_CNF_DIR="/etc/ssl"
+	sed \
+		-e "/^DIR=/s:=.*:=${EPREFIX}${SSL_CNF_DIR}:" \
+		-e "s:SSL_CMD=/usr:SSL_CMD=${EPREFIX}/usr:" \
+		"${DISTDIR}"/${PN}-c_rehash.sh.${REV} \
+		> "${WORKDIR}"/c_rehash || die #416717
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2-s_client-verify.patch #472584
+		epatch "${FILESDIR}"/${PN}-1.0.2a-malloc-typo.patch #543828
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.1 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	dobin "${WORKDIR}"/c_rehash #333117
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+
+	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+}

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-0.9.8z_p2

@@ -1,13 +0,0 @@
-DEFINED_PHASES=compile configure install prepare test
-DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0 sys-apps/diffutils >=dev-lang/perl-5 test? ( sys-devel/bc )
-DESCRIPTION=Toolkit for SSL v2/v3 and TLS v1
-EAPI=5
-HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos sse2 test zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
-KEYWORDS=alpha amd64 arm ~hppa ia64 m68k ~mips ~ppc ~ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd
-LICENSE=openssl
-RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0
-SLOT=0.9.8
-SRC_URI=mirror://openssl/source/openssl-0.9.8zb.tar.gz
-_eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=b8b9d561e452106e46e43cdd211de56a

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-0.9.8z_p3

@@ -1,13 +0,0 @@
-DEFINED_PHASES=compile configure install prepare test
-DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0 sys-apps/diffutils >=dev-lang/perl-5 test? ( sys-devel/bc )
-DESCRIPTION=Toolkit for SSL v2/v3 and TLS v1
-EAPI=5
-HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos sse2 test zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
-KEYWORDS=alpha amd64 arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd
-LICENSE=openssl
-RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0
-SLOT=0.9.8
-SRC_URI=mirror://openssl/source/openssl-0.9.8zc.tar.gz
-_eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=a5947a135c951f5477432c39d8e93d32

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-0.9.8z_p5-r1

@@ -3,11 +3,12 @@ DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(
 DESCRIPTION=Toolkit for SSL v2/v3 and TLS v1
 EAPI=5
 HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos sse2 test zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+IUSE=bindist gmp kerberos cpu_flags_x86_sse2 test zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
-KEYWORDS=alpha amd64 ~arm ~hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~sparc-fbsd ~x86-fbsd
+KEYWORDS=alpha amd64 arm ~hppa ia64 ~m68k ~mips ppc ppc64 s390 sh sparc x86 ~sparc-fbsd ~x86-fbsd
 LICENSE=openssl
 RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0
+RESTRICT=!bindist? ( bindist )
 SLOT=0.9.8
-SRC_URI=mirror://openssl/source/openssl-0.9.8za.tar.gz
+SRC_URI=mirror://openssl/source/openssl-0.9.8ze.tar.gz
 _eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=0414fef872d68d686260ea6a1946137c
+_md5_=74def226a2092ede9932aa93660c5537

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-0.9.8z_p6

@@ -3,11 +3,12 @@ DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(
 DESCRIPTION=Toolkit for SSL v2/v3 and TLS v1
 EAPI=5
 HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos sse2 test zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+IUSE=bindist gmp kerberos cpu_flags_x86_sse2 test zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
 KEYWORDS=~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd
 LICENSE=openssl
 RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0
+RESTRICT=!bindist? ( bindist )
 SLOT=0.9.8
-SRC_URI=mirror://openssl/source/openssl-0.9.8zd.tar.gz
+SRC_URI=mirror://openssl/source/openssl-0.9.8zf.tar.gz
 _eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=88a93dcd11a1b3ff5df047b19041d9c6
+_md5_=76d89bf0e23e57404090efe0840538b4

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.0r

@@ -3,12 +3,13 @@ DEPEND=static-libs? ( gmp? ( dev-libs/gmp[static-libs(+)] ) zlib? ( sys-libs/zli
 DESCRIPTION=full-strength general purpose cryptography library (including SSL v2/v3 and TLS v1)
 EAPI=4
 HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos rfc3779 sse2 static-libs test zlib
+IUSE=bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test zlib
 KEYWORDS=~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~sparc-fbsd ~x86-fbsd
 LICENSE=openssl
 PDEPEND=app-misc/ca-certificates
 RDEPEND=static-libs? ( gmp? ( dev-libs/gmp[static-libs(+)] ) zlib? ( sys-libs/zlib[static-libs(+)] ) kerberos? ( app-crypt/mit-krb5 ) ) !static-libs? ( gmp? ( dev-libs/gmp ) zlib? ( sys-libs/zlib ) kerberos? ( app-crypt/mit-krb5 ) )
+RESTRICT=!bindist? ( bindist )
 SLOT=0
-SRC_URI=mirror://openssl/source/openssl-1.0.0p.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
+SRC_URI=mirror://openssl/source/openssl-1.0.0r.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
 _eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=c75e857cf12edce4326b14c991d6a75f
+_md5_=e9cde23b934ade988aeeec42672d2c6b

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.1l-r1

@@ -3,12 +3,13 @@ DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(
 DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
 EAPI=4
 HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+IUSE=bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
 KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
 LICENSE=openssl
 PDEPEND=app-misc/ca-certificates
 RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !<net-misc/openssh-5.9_p1-r4 !<net-libs/neon-0.29.6-r1
+RESTRICT=!bindist? ( bindist )
 SLOT=0
-SRC_URI=mirror://openssl/source/openssl-1.0.1j.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
+SRC_URI=mirror://openssl/source/openssl-1.0.1l.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
 _eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=5a93c627f9f4f0bd7300eb2860e90b87
+_md5_=cb9afcf129e8e78211ea1ab597fc10ce

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.1m

@@ -3,12 +3,13 @@ DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(
 DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
 EAPI=4
 HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+IUSE=bindist gmp kerberos rfc3779 cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
 KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
 LICENSE=openssl
 PDEPEND=app-misc/ca-certificates
 RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140406-r3 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !<net-misc/openssh-5.9_p1-r4 !<net-libs/neon-0.29.6-r1
+RESTRICT=!bindist? ( bindist )
 SLOT=0
-SRC_URI=mirror://openssl/source/openssl-1.0.1k.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
+SRC_URI=mirror://openssl/source/openssl-1.0.1m.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
 _eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=8bb8fe62bb948a5060d4c1974e7aa093
+_md5_=ff57745c870ecf8acf7d705f1903247f

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.2-r3

@@ -1,13 +1,15 @@
 DEFINED_PHASES=compile configure install postinst preinst prepare test
-DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !<net-misc/openssh-5.9_p1-r4 !<net-libs/neon-0.29.6-r1 sys-apps/diffutils >=dev-lang/perl-5 test? ( sys-devel/bc )
+DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !<net-misc/openssh-5.9_p1-r4 !<net-libs/neon-0.29.6-r1 sys-apps/diffutils >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-devel/bc )
 DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
 EAPI=4
 HOMEPAGE=http://www.openssl.org/
-IUSE=bindist gmp kerberos rfc3779 sse2 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+IUSE=bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
 LICENSE=openssl
 PDEPEND=app-misc/ca-certificates
 RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !<net-misc/openssh-5.9_p1-r4 !<net-libs/neon-0.29.6-r1
+RESTRICT=!bindist? ( bindist )
 SLOT=0
-SRC_URI=mirror://openssl/source/openssl-1.0.2-beta3.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
+SRC_URI=mirror://openssl/source/openssl-1.0.2.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
 _eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
-_md5_=b30898d9072e3b3e59ab695afdd5462c
+_md5_=615ae023d070fa0694b53834694a0c06

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.2a

@@ -0,0 +1,15 @@
+DEFINED_PHASES=compile configure install postinst preinst prepare test
+DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !<net-misc/openssh-5.9_p1-r4 !<net-libs/neon-0.29.6-r1 sys-apps/diffutils >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-devel/bc )
+DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
+EAPI=4
+HOMEPAGE=http://www.openssl.org/
+IUSE=+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=openssl
+PDEPEND=app-misc/ca-certificates
+RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !<net-misc/openssh-5.9_p1-r4 !<net-libs/neon-0.29.6-r1
+RESTRICT=!bindist? ( bindist )
+SLOT=0
+SRC_URI=mirror://openssl/source/openssl-1.0.2a.tar.gz http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssl/openssl-c_rehash.sh?rev=1.7 -> openssl-c_rehash.sh.1.7
+_eclasses_=eutils	6faef4c127028ccbba3a11400d24ae34	flag-o-matic	eda1c0b5ba85b3eeb555a071d69eb819	multibuild	ddc59d206214ef1c240093e1bb2513cf	multilib	3bf24e6abb9b76d9f6c20600f0b716bf	multilib-build	9eb4b5fb858228316d8bb32ada51f6a5	multilib-minimal	5bbdc77877c1aa3c6bd89ca3f9196d11	multiprocessing	d7f2985a2c76c365ee20269db5261414	toolchain-funcs	0dfbfa13f57c6184f4728d12ac002aac
+_md5_=0b88d8b4c0331642ed21dfc438e9af64