bump(dev-python/cryptography): sync with upstream

sdk_container/src/third_party/portage-stable/dev-libs/openssl/ChangeLog

@@ -0,0 +1,769 @@
+# ChangeLog for dev-libs/openssl
+# Copyright 1999-2016 Gentoo Foundation; Distributed under the GPL v2
+# (auto-generated from git log)
+
+*openssl-1.0.2d (09 Aug 2015)
+*openssl-1.0.2c (09 Aug 2015)
+*openssl-1.0.2b (09 Aug 2015)
+*openssl-1.0.2a (09 Aug 2015)
+*openssl-1.0.2-r3 (09 Aug 2015)
+*openssl-1.0.1p (09 Aug 2015)
+*openssl-1.0.1o (09 Aug 2015)
+*openssl-1.0.1n (09 Aug 2015)
+*openssl-1.0.1m (09 Aug 2015)
+*openssl-1.0.1l-r1 (09 Aug 2015)
+*openssl-1.0.0r (09 Aug 2015)
+*openssl-0.9.8z_p7 (09 Aug 2015)
+*openssl-0.9.8z_p6 (09 Aug 2015)
+*openssl-0.9.8z_p5-r1 (09 Aug 2015)
+
+  09 Aug 2015; Robin H. Johnson <robbat2@gentoo.org>
+  +files/gentoo.config-0.9.8, +files/gentoo.config-1.0.0,
+  +files/gentoo.config-1.0.1, +files/openssl-0.9.8e-bsd-sparc64.patch,
+  +files/openssl-0.9.8h-ldflags.patch, +files/openssl-0.9.8m-binutils.patch,
+  +files/openssl-0.9.8ze-CVE-2015-0286.patch,
+  +files/openssl-1.0.0a-ldflags.patch, +files/openssl-1.0.0d-windres.patch,
+  +files/openssl-1.0.0e-parallel-build.patch,
+  +files/openssl-1.0.0h-pkg-config.patch, +files/openssl-1.0.0r-x32.patch,
+  +files/openssl-1.0.1-parallel-build.patch, +files/openssl-1.0.1-x32.patch,
+  +files/openssl-1.0.1e-s_client-verify.patch,
+  +files/openssl-1.0.1f-revert-alpha-perl-generation.patch,
+  +files/openssl-1.0.1h-ipv6.patch, +files/openssl-1.0.1l-CVE-2015-0286.patch,
+  +files/openssl-1.0.1m-ipv6.patch,
+  +files/openssl-1.0.1m-parallel-build.patch,
+  +files/openssl-1.0.1m-s_client-verify.patch,
+  +files/openssl-1.0.1m-x32.patch, +files/openssl-1.0.1p-default-source.patch,
+  +files/openssl-1.0.1p-parallel-build.patch,
+  +files/openssl-1.0.2-CVE-2015-0209.patch,
+  +files/openssl-1.0.2-CVE-2015-0288.patch,
+  +files/openssl-1.0.2-CVE-2015-0291.patch, +files/openssl-1.0.2-ipv6.patch,
+  +files/openssl-1.0.2-parallel-build.patch,
+  +files/openssl-1.0.2-s_client-verify.patch,
+  +files/openssl-1.0.2a-malloc-typo.patch,
+  +files/openssl-1.0.2a-parallel-build.patch,
+  +files/openssl-1.0.2a-parallel-install-dirs.patch,
+  +files/openssl-1.0.2a-parallel-obj-headers.patch,
+  +files/openssl-1.0.2a-parallel-symlinking.patch,
+  +files/openssl-1.0.2a-x32-asm.patch,
+  +files/openssl-1.0.2d-parallel-build.patch, +metadata.xml,
+  +openssl-0.9.8z_p5-r1.ebuild, +openssl-0.9.8z_p6.ebuild,
+  +openssl-0.9.8z_p7.ebuild, +openssl-1.0.0r.ebuild,
+  +openssl-1.0.1l-r1.ebuild, +openssl-1.0.1m.ebuild, +openssl-1.0.1n.ebuild,
+  +openssl-1.0.1o.ebuild, +openssl-1.0.1p.ebuild, +openssl-1.0.2-r3.ebuild,
+  +openssl-1.0.2a.ebuild, +openssl-1.0.2b.ebuild, +openssl-1.0.2c.ebuild,
+  +openssl-1.0.2d.ebuild:
+  proj/gentoo: Initial commit
+
+  This commit represents a new era for Gentoo:
+  Storing the gentoo-x86 tree in Git, as converted from CVS.
+
+  This commit is the start of the NEW history.
+  Any historical data is intended to be grafted onto this point.
+
+  Creation process:
+  1. Take final CVS checkout snapshot
+  2. Remove ALL ChangeLog* files
+  3. Transform all Manifests to thin
+  4. Remove empty Manifests
+  5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
+  5.1. Do not touch files with -kb/-ko keyword flags.
+
+  Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
+  X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration
+  tests
+  X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this
+  project
+  X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo
+  developer, wrote Git features for the migration
+  X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve
+  cvs2svn
+  X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
+  X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014
+  work in migration
+  X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
+  X-Thanks: All of other Gentoo developers - many ideas and lots of paint on
+  the bikeshed
+
+  09 Aug 2015; Ulrich Müller <ulm@gentoo.org> files/gentoo.config-0.9.8,
+  files/gentoo.config-1.0.0, files/gentoo.config-1.0.1:
+  [QA] Remove executable bit from files, bug 550434.
+
+  24 Aug 2015; Justin Lecher <jlec@gentoo.org> metadata.xml:
+  Use https by default
+
+  Convert all URLs for sites supporting encrypted connections from http to
+  https
+
+  Signed-off-by: Justin Lecher <jlec@gentoo.org>
+
+  24 Aug 2015; Mike Gilbert <floppym@gentoo.org> metadata.xml:
+  Revert DOCTYPE SYSTEM https changes in metadata.xml
+
+  repoman does not yet accept the https version.
+  This partially reverts eaaface92ee81f30a6ac66fe7acbcc42c00dc450.
+
+  Bug: https://bugs.gentoo.org/552720
+
+  26 Aug 2015; Mikle Kolyada <zlogene@gentoo.org> openssl-1.0.2d.ebuild:
+  amd64 stable wrt bug #555176
+
+  Package-Manager: portage-2.2.20.1
+
+  30 Aug 2015; Tobias Klausmann <klausman@gentoo.org> openssl-1.0.2d.ebuild:
+  add alpha keyword
+
+  Gentoo-Bug: 555176
+
+  Package-Manager: portage-2.2.20.1
+
+  02 Sep 2015; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2d.ebuild:
+  Stable for HPPA PPC64 (bug #555176).
+
+  Package-Manager: portage-2.2.20.1
+
+  02 Sep 2015; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2d.ebuild:
+  mark 1.0.2d arm64/ia64/m68k/s390/sh stable #555176
+
+  02 Sep 2015; Mike Frysinger <vapier@gentoo.org> -files/gentoo.config-1.0.0,
+  -files/openssl-0.9.8ze-CVE-2015-0286.patch,
+  -files/openssl-1.0.0e-parallel-build.patch, -files/openssl-1.0.0r-x32.patch,
+  -files/openssl-1.0.1-parallel-build.patch, -files/openssl-1.0.1-x32.patch,
+  -files/openssl-1.0.1e-s_client-verify.patch,
+  -files/openssl-1.0.1h-ipv6.patch, -files/openssl-1.0.1l-CVE-2015-0286.patch,
+  -files/openssl-1.0.1m-parallel-build.patch,
+  -files/openssl-1.0.1m-s_client-verify.patch,
+  -files/openssl-1.0.2-CVE-2015-0209.patch,
+  -files/openssl-1.0.2-CVE-2015-0288.patch,
+  -files/openssl-1.0.2-CVE-2015-0291.patch,
+  -files/openssl-1.0.2-parallel-build.patch, -openssl-0.9.8z_p5-r1.ebuild,
+  -openssl-0.9.8z_p6.ebuild, -openssl-1.0.0r.ebuild,
+  -openssl-1.0.1l-r1.ebuild, -openssl-1.0.1m.ebuild, -openssl-1.0.1n.ebuild,
+  -openssl-1.0.1o.ebuild, -openssl-1.0.2-r3.ebuild:
+  delete old
+
+  02 Sep 2015; Markus Meier <maekke@gentoo.org> openssl-1.0.2d.ebuild:
+  arm stable, bug #555176
+
+  Package-Manager: portage-2.2.20.1
+  RepoMan-Options: --include-arches="arm"
+
+  03 Sep 2015; Anthony G. Basile <blueness@gentoo.org> openssl-1.0.2d.ebuild:
+  stable on ppc, bug #555176
+
+  Package-Manager: portage-2.2.20.1
+
+  05 Sep 2015; Mikle Kolyada <zlogene@gentoo.org> openssl-1.0.2d.ebuild:
+  x86 stable wrt bug #555176
+
+  Package-Manager: portage-2.2.20.1
+
+  20 Sep 2015; Mike Frysinger <vapier@gentoo.org> +files/gentoo.config-1.0.2,
+  openssl-1.0.2d.ebuild:
+  fix config script for a few targets #560812
+
+  We were missing trailing globs for aarch64/be and ppc/le to match the
+  ABI value.  This also updates the ppc64le target to use the new config
+  value that is available with the 1.0.2 series.
+
+  21 Sep 2015; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2d.ebuild:
+  sparc stable wrt bug #555176
+
+  Package-Manager: portage-2.2.20.1
+  RepoMan-Options: --include-arches="sparc"
+
+*openssl-1.0.2d-r1 (01 Oct 2015)
+
+  01 Oct 2015; Julian Ospald <hasufell@gentoo.org> +openssl-1.0.2d-r1.ebuild:
+  use app-misc/c_rehash
+
+  Gentoo-Bug: 561852
+  Reviewed-By: SpanKY <vapier@gentoo.org>
+
+*openssl-1.0.2d-r2 (01 Oct 2015)
+
+  01 Oct 2015; Julian Ospald <hasufell@gentoo.org> -openssl-1.0.2d-r1.ebuild,
+  +openssl-1.0.2d-r2.ebuild:
+  fix file collision with app-misc/c_rehash
+
+  Although we didn't install our c_rehash script, the
+  default install rules from the openssl build system
+  installs a perl version, triggering a file collision.
+
+  Gentoo-Bug: 561852
+
+  01 Oct 2015; Julian Ospald <hasufell@gentoo.org> openssl-1.0.2d-r2.ebuild:
+  improve error handling
+
+  05 Oct 2015; Mike Frysinger <vapier@gentoo.org> openssl-0.9.8z_p7.ebuild,
+  openssl-1.0.2d.ebuild, openssl-1.0.2d-r2.ebuild:
+  move diffutils behind USE=test #55560
+
+  The `cmp` prog is only used when running tests, so put it behind USE=test
+  rather than requiring it at build time all the time.
+
+  20 Oct 2015; Julian Ospald <hasufell@gentoo.org> metadata.xml:
+  add SLOT description to metadata.xml
+
+*openssl-1.0.2e (03 Dec 2015)
+*openssl-0.9.8z_p8 (03 Dec 2015)
+
+  03 Dec 2015; Mike Frysinger <vapier@gentoo.org>
+  +files/openssl-1.0.2e-pod2man.patch, +openssl-0.9.8z_p8.ebuild,
+  +openssl-1.0.2e.ebuild:
+  version bump to 0.9.8zh & 1.0.2e #567476
+
+  03 Dec 2015; Lars Wendler <polynomial-c@gentoo.org>
+  +files/openssl-1.0.2e-parallel-build.patch, openssl-1.0.2e.ebuild:
+  Added new parallel build patch for 1.0.2e version.
+
+  Package-Manager: portage-2.2.26
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  03 Dec 2015; Mike Frysinger <vapier@gentoo.org>
+  -files/openssl-1.0.2e-pod2man.patch, openssl-1.0.2e.ebuild:
+  update manifest after upstream rebuilt releases #567476
+
+  05 Dec 2015; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2e.ebuild:
+  Stable for HPPA PPC64 (bug #567476).
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --ignore-arches
+
+  06 Dec 2015; Matt Turner <mattst88@gentoo.org> openssl-1.0.2e.ebuild:
+  alpha stable, bug 567476.
+
+  07 Dec 2015; Agostino Sarubbo <ago@gentoo.org> openssl-0.9.8z_p8.ebuild,
+  openssl-1.0.2e.ebuild:
+  amd64 stable wrt bug #567476
+
+  Package-Manager: portage-2.2.20.1
+  RepoMan-Options: --include-arches="amd64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  09 Dec 2015; Markus Meier <maekke@gentoo.org> openssl-1.0.2e.ebuild:
+  arm stable, bug #567476
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="arm"
+
+  11 Dec 2015; Mikle Kolyada <zlogene@gentoo.org> openssl-1.0.2e.ebuild:
+  ia64 stable wrt bug #567476
+
+  Package-Manager: portage-2.2.20.1
+
+  13 Dec 2015; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2e.ebuild:
+  mark 1.0.2e arm64/m68k/s390/sh/sparc/x86 stable #567476
+
+  26 Dec 2015; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2e.ebuild:
+  ppc stable wrt bug #567476
+
+  Package-Manager: portage-2.2.24
+  RepoMan-Options: --include-arches="ppc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  26 Dec 2015; Agostino Sarubbo <ago@gentoo.org> openssl-0.9.8z_p8.ebuild:
+  x86 stable wrt bug #567476
+
+  Package-Manager: portage-2.2.24
+  RepoMan-Options: --include-arches="x86"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  17 Jan 2016; Mike Frysinger <vapier@gentoo.org> files/gentoo.config-1.0.2:
+  fix sparc builds (mostly 64-bit)
+
+  24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
+  Unify quoting in metadata.xml files for machine processing
+
+  Force unified quoting in all metadata.xml files since lxml does not
+  preserve original use of single and double quotes. Ensuring unified
+  quoting before the process allows distinguishing the GLEP 67-related
+  metadata.xml changes from unrelated quoting changes.
+
+  24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
+  Replace all herds with appropriate projects (GLEP 67)
+
+  Replace all uses of herd with appropriate project maintainers, or no
+  maintainers in case of herds requested to be disbanded.
+
+  24 Jan 2016; Michał Górny <mgorny@gentoo.org> metadata.xml:
+  Set appropriate maintainer types in metadata.xml (GLEP 67)
+
+*openssl-1.0.2f (29 Jan 2016)
+*openssl-1.0.1r (29 Jan 2016)
+
+  29 Jan 2016; Lars Wendler <polynomial-c@gentoo.org>
+  +files/openssl-1.0.1r-x32.patch, +openssl-1.0.1r.ebuild,
+  +openssl-1.0.2f.ebuild:
+  Security bump to versions 1.0.1r and 1.0.2f (bug #572854).
+
+  Package-Manager: portage-2.2.27
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  29 Jan 2016; Lars Wendler <polynomial-c@gentoo.org>
+  -files/openssl-1.0.2-s_client-verify.patch,
+  -files/openssl-1.0.2a-malloc-typo.patch,
+  -files/openssl-1.0.2a-parallel-build.patch,
+  -files/openssl-1.0.2d-parallel-build.patch, -openssl-1.0.2a.ebuild,
+  -openssl-1.0.2b.ebuild, -openssl-1.0.2c.ebuild, -openssl-1.0.2d.ebuild,
+  -openssl-1.0.2d-r2.ebuild:
+  Removed old.
+
+  Package-Manager: portage-2.2.27
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  29 Jan 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.1r.ebuild,
+  openssl-1.0.2f.ebuild:
+  stable for alpha/amd64/arm/ia64/ppc/ppc64/s390/sh/sparc/x86 wrt security bug
+  #572854
+
+  Package-Manager: portage-2.2.26
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  30 Jan 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2f.ebuild:
+  Stable for HPPA (bug #572854).
+
+  Package-Manager: portage-2.2.27
+  RepoMan-Options: --ignore-arches
+
+  30 Jan 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.1r.ebuild:
+  Stable for HPPA (bug #572854).
+
+  Package-Manager: portage-2.2.27
+  RepoMan-Options: --ignore-arches
+
+  02 Feb 2016; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2f.ebuild:
+  mark 1.0.2f arm64/m68k stable
+
+*openssl-1.0.2f-r1 (09 Feb 2016)
+*openssl-1.0.2e-r1 (09 Feb 2016)
+
+  09 Feb 2016; Jason A. Donenfeld <zx2c4@gentoo.org>
+  +files/openssl-1.0.2e-chacha20poly1305.patch, +openssl-1.0.2e-r1.ebuild,
+  +openssl-1.0.2f-r1.ebuild:
+  carry cloudflare's chacha20poly1305 patch
+
+  09 Feb 2016; Robin H. Johnson <robbat2@gentoo.org>
+  -files/openssl-1.0.2e-chacha20poly1305.patch, openssl-1.0.2e-r1.ebuild,
+  openssl-1.0.2f-r1.ebuild:
+  move large patch to mirrors.
+
+  Package-Manager: portage-2.2.27
+
+  09 Feb 2016; Jason A. Donenfeld <zx2c4@gentoo.org>
+  -openssl-1.0.2e-r1.ebuild, -openssl-1.0.2f-r1.ebuild:
+  the team didn't like my chacha patch
+
+  26 Feb 2016; Doug Goldstein <cardoe@gentoo.org>
+  -files/openssl-1.0.0h-pkg-config.patch,
+  -files/openssl-1.0.1f-revert-alpha-perl-generation.patch,
+  -files/openssl-1.0.1m-ipv6.patch, -files/openssl-1.0.1m-x32.patch,
+  -files/openssl-1.0.1p-parallel-build.patch, -files/openssl-1.0.1r-x32.patch,
+  -openssl-1.0.1p.ebuild, -openssl-1.0.1r.ebuild, -openssl-1.0.2e.ebuild:
+  remove vulnerable versions
+
+  Due to multiple vulnerabilities remove outdated versions of OpenSSL.
+
+  Gentoo-Bug: 567476
+
+  Package-Manager: portage-2.2.26
+  Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
+
+  26 Feb 2016; Doug Goldstein <cardoe@gentoo.org> -openssl-0.9.8z_p7.ebuild:
+  remove vulnerable version
+
+  Due to multiple vulnerabilities remove outdated version of OpenSSL.
+
+  Gentoo-Bug: 567476
+
+  Package-Manager: portage-2.2.26
+  Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
+
+  26 Feb 2016; Doug Goldstein <cardoe@gentoo.org> -files/gentoo.config-1.0.1:
+  remove no longer necessary file
+
+  Package-Manager: portage-2.2.26
+  Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
+
+*openssl-1.0.2g (01 Mar 2016)
+
+  01 Mar 2016; Lars Wendler <polynomial-c@gentoo.org>
+  +files/openssl-1.0.2g-parallel-build.patch, +openssl-1.0.2g.ebuild:
+  Security bump to version 1.0.2g (bug #575548).
+
+  Package-Manager: portage-2.2.27
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+*openssl-1.0.2g-r1 (01 Mar 2016)
+
+  01 Mar 2016; Lars Wendler <polynomial-c@gentoo.org> -openssl-1.0.2g.ebuild,
+  +openssl-1.0.2g-r1.ebuild:
+  Revbump to add subslot that reflects lack of SSLv2 (#575548).
+
+  Package-Manager: portage-2.2.27
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+*openssl-1.0.2g-r2 (03 Mar 2016)
+
+  03 Mar 2016; Doug Goldstein <cardoe@gentoo.org> -openssl-1.0.2g-r1.ebuild,
+  +openssl-1.0.2g-r2.ebuild:
+  re-enable SSLv2
+
+  Re-enable SSLv2 since disabling it changes the ABI without a SONAME change
+  causing a lot of breakage.
+
+  Gentoo-Bug: 576128
+  Gentoo-Bug: 575548
+
+  Package-Manager: portage-2.2.26
+  Signed-off-by: Doug Goldstein <cardoe@gentoo.org>
+
+  07 Mar 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  amd64 stable wrt bug #575548
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="amd64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  08 Mar 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  Stable for HPPA PPC64 (bug #575548).
+
+  Package-Manager: portage-2.2.27
+  RepoMan-Options: --ignore-arches
+
+  10 Mar 2016; Markus Meier <maekke@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  arm/x86 stable, bug #575548
+
+  Package-Manager: portage-2.2.27
+  RepoMan-Options: --include-arches="arm x86"
+
+  15 Mar 2016; Tobias Klausmann <klausman@gentoo.org>
+  openssl-1.0.2g-r2.ebuild:
+  1.0.2g-r2: add alpha keyword
+
+  Gentoo-Bug: 575548
+
+  Package-Manager: portage-2.2.28
+
+  16 Mar 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  ppc stable wrt bug #575548
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="ppc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  19 Mar 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  sparc stable wrt bug #575548
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="sparc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  20 Mar 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  ia64 stable wrt bug #575548
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="ia64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  21 Mar 2016; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  mark 1.0.2g-r2 arm64/m68k/s390/sh stable
+
+  21 Mar 2016; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2g-r2.ebuild:
+  drop really old blockers
+
+*openssl-1.0.2h (03 May 2016)
+
+  03 May 2016; Lars Wendler <polynomial-c@gentoo.org> +openssl-1.0.2h.ebuild:
+  Security bump to version 1.0.2h
+
+  Package-Manager: portage-2.2.28
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  03 May 2016; Lars Wendler <polynomial-c@gentoo.org>
+  -files/openssl-1.0.2e-parallel-build.patch, -openssl-1.0.2f.ebuild:
+  Removed old.
+
+  Package-Manager: portage-2.2.28
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  04 May 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2h.ebuild:
+  Stable for PPC64 (bug #581234).
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --ignore-arches
+
+  04 May 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2h.ebuild:
+  Stable for HPPA (bug #581234).
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --ignore-arches
+
+  04 May 2016; Lars Wendler <polynomial-c@gentoo.org> openssl-1.0.2h.ebuild:
+  Stable for amd64 (bug #581234)
+
+  Package-Manager: portage-2.2.28
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  04 May 2016; Lars Wendler <polynomial-c@gentoo.org> openssl-1.0.2h.ebuild:
+  Stable for x86 (bug #581234).
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="x86"
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  12 May 2016; Markus Meier <maekke@gentoo.org> openssl-1.0.2h.ebuild:
+  arm stable, bug #581234
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="arm"
+
+  20 May 2016; Tobias Klausmann <klausman@gentoo.org> openssl-1.0.2h.ebuild:
+  1.0.2h-r0: add alpha keyword
+
+  Gentoo-Bug: 581234
+
+  Package-Manager: portage-2.3.0_rc1
+
+  24 May 2016; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2h.ebuild:
+  mark 1.0.2h arm64/ia64/m68k/ppc/s390/sh/sparc stable #581234
+
+*openssl-1.0.2h-r1 (24 May 2016)
+
+  24 May 2016; Mike Frysinger <vapier@gentoo.org> metadata.xml,
+  +openssl-1.0.2h-r1.ebuild:
+  add USE=sslv2 #576128 and USE=sslv3 #577504
+
+  27 May 2016; Lars Wendler <polynomial-c@gentoo.org>
+  openssl-1.0.2h-r1.ebuild:
+  Added missing $Id$ header line.
+
+  Package-Manager: portage-2.2.28
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+*openssl-1.0.2h-r2 (25 Jun 2016)
+
+  25 Jun 2016; Patrick McLean <chutzpah@gentoo.org>
+  +files/openssl-1.0.2h-CVE-2016-2177.patch,
+  +files/openssl-1.0.2h-CVE-2016-2178.patch, +openssl-1.0.2h-r2.ebuild:
+  Revision bump to 1.0.2h-r2 to fix bug 585142 & bug 585276
+
+  This fixes CVE-2016-2177 and CVE-2016-2178.
+
+  Package-Manager: portage-2.3.0
+
+  27 Jun 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  amd64 stable wrt bug #585276
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="amd64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  27 Jun 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  x86 stable wrt bug #585276
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="x86"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  30 Jun 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  Stable for HPPA (bug #585276).
+
+  Package-Manager: portage-2.3.0
+  RepoMan-Options: --ignore-arches
+
+  30 Jun 2016; Tobias Klausmann <klausman@gentoo.org>
+  openssl-1.0.2h-r2.ebuild:
+  1.0.2h-r2: add alpha keyword
+
+  Gentoo-Bug: 585276
+
+  Package-Manager: portage-2.3.0
+
+  30 Jun 2016; Michael Palimaka <kensington@gentoo.org> metadata.xml:
+  add subslot description
+
+  As discussed with Cardoe in #gentoo-dev.
+
+  Package-Manager: portage-2.3.0
+
+  02 Jul 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  Stable for PPC64 (bug #585276).
+
+  Package-Manager: portage-2.3.0
+  RepoMan-Options: --ignore-arches
+
+  05 Jul 2016; Markus Meier <maekke@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  arm stable, bug #585276
+
+  Package-Manager: portage-2.3.0
+  RepoMan-Options: --include-arches="arm"
+
+  07 Jul 2016; Steev Klimaszewski <steev@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  arm64 stable wrt bug 585276
+
+  Package-Manager: portage-2.3.0
+
+  08 Jul 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  ppc stable wrt bug #585276
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="ppc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  08 Jul 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  sparc stable wrt bug #585276
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="sparc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  08 Jul 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  ia64 stable wrt bug #585276
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="ia64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  19 Jul 2016; Mike Frysinger <vapier@gentoo.org> openssl-1.0.2h-r2.ebuild:
+  mark 1.0.2h-r2 m68k/s390/sh stable #585276
+
+  08 Aug 2016; Andrew Savchenko <bircoph@gentoo.org> metadata.xml:
+  USE=sctp is now global
+
+  Removing local sctp USE flag description, as flag is global now,
+  see [1] for details.
+
+  [1] https://archives.gentoo.org/gentoo-
+  dev/message/427fac41fbe21ec98dfba63b1d68efe5
+
+  Package-Manager: portage-2.3.0
+  Signed-off-by: Andrew Savchenko <bircoph@gentoo.org>
+
+*openssl-1.1.0 (26 Aug 2016)
+
+  26 Aug 2016; Lars Wendler <polynomial-c@gentoo.org>
+  +files/openssl-1.1.0-threads.patch, +files/openssl-1.1.0_pre4-ldflags.patch,
+  +openssl-1.1.0.ebuild:
+  Bump to version 1.1.0
+
+  Package-Manager: portage-2.3.0
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  26 Aug 2016; Lars Wendler <polynomial-c@gentoo.org>
+  -files/openssl-1.1.0-threads.patch, +files/openssl-1.1.01-ldflags.patch,
+  -files/openssl-1.1.0_pre4-ldflags.patch, openssl-1.1.0.ebuild:
+  Fixed broken ldflags patch (thanks to floppym).
+
+  Package-Manager: portage-2.3.0
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  26 Aug 2016; Mike Gilbert <floppym@gentoo.org>
+  +files/openssl-1.1.0-ldflags.patch, -files/openssl-1.1.01-ldflags.patch:
+  fix typo in patch filename
+
+  Package-Manager: portage-2.3.0_p22
+
+*openssl-1.1.0a (22 Sep 2016)
+*openssl-1.0.2i (22 Sep 2016)
+
+  22 Sep 2016; Lars Wendler <polynomial-c@gentoo.org>
+  +files/openssl-1.0.2i-parallel-build.patch, +openssl-1.0.2i.ebuild,
+  +openssl-1.1.0a.ebuild:
+  Sec bump to versions 1.0.2i and 1.1.0a (bug #594500).
+
+  Package-Manager: portage-2.3.1
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  22 Sep 2016; Lars Wendler <polynomial-c@gentoo.org>
+  -openssl-1.0.2g-r2.ebuild, -openssl-1.0.2h.ebuild,
+  -openssl-1.0.2h-r1.ebuild, -openssl-1.1.0.ebuild:
+  Removed old.
+
+  Package-Manager: portage-2.3.1
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  22 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2i.ebuild:
+  amd64 stable wrt bug #594500
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="amd64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  22 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2i.ebuild:
+  x86 stable wrt bug #594500
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="x86"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  23 Sep 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2i.ebuild:
+  Stable for HPPA PPC64 (bug #594500).
+
+  Package-Manager: portage-2.3.1
+  RepoMan-Options: --ignore-arches
+
+*openssl-1.1.0b (26 Sep 2016)
+*openssl-1.0.2j (26 Sep 2016)
+
+  26 Sep 2016; Lars Wendler <polynomial-c@gentoo.org> +openssl-1.0.2j.ebuild,
+  -openssl-1.1.0a.ebuild, +openssl-1.1.0b.ebuild:
+  Sec bump to versions 1.0.2j and 1.1.0b (bug #595186).
+
+  Removed old.
+
+  Package-Manager: portage-2.3.1
+  Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
+
+  26 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2j.ebuild:
+  amd64 stable wrt bug #595186
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="amd64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  26 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2j.ebuild:
+  x86 stable wrt bug #595186
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="x86"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  27 Sep 2016; Jeroen Roovers <jer@gentoo.org> openssl-1.0.2j.ebuild:
+  Stable for HPPA PPC64 (bug #595186).
+
+  Package-Manager: portage-2.3.1
+  RepoMan-Options: --ignore-arches
+
+  27 Sep 2016; Tobias Klausmann <klausman@gentoo.org> openssl-1.0.2j.ebuild:
+  1.0.2j-r0: stable on alpha
+
+  Gentoo-Bug: 595186
+
+  29 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2j.ebuild:
+  sparc stable wrt bug #595186
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="sparc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  29 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2j.ebuild:
+  ppc stable wrt bug #595186
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="ppc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  29 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2j.ebuild:
+  arm stable wrt bug #595186
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="arm"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  29 Sep 2016; Agostino Sarubbo <ago@gentoo.org> openssl-1.0.2j.ebuild:
+  ia64 stable wrt bug #595186
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="ia64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/Manifest

@@ -0,0 +1,31 @@
+AUX gentoo.config-0.9.8 4135 SHA256 c20dbc096a75746746792a60b3551796c7d15f097b130f6163374ac5506e975b SHA512 5e53f623aff0960e8b462d62078eaf56d16f8894db7436e47a902be6c0f3ae680be281981fa542aeac169a84bc8f31a9b617c809ec30a776ebe3b2632c663a72 WHIRLPOOL fed064bbc3b5857f59e970b71770acfdc124efddf21116cb7c2b65781dfc640cf86876d3155037735809bd0e0b24bcaa008e10e2e757bb384b2a03f5d65172c0
+AUX gentoo.config-1.0.2 5169 SHA256 ab554965dfc27185efcb9ab11546b06d305fd54ce4f6078481bf72e3853ed9ce SHA512 00a4af1a6325c74c25e80f013ca28ec4043103b57e0aeeefa832658d280e3051acd6dd9aa0bebca5136c334dad1a1c78388a9ad020ccb8349c40f4cec9f6201d WHIRLPOOL 721a6173447d0fda0694a2df5042eb2a3be30d15acbacca24a847a10d3efd1f053c77ad8222c573a30b00f7369cd58a042afbfeae3e1fa024452b8017384e3b9
+AUX openssl-0.9.8e-bsd-sparc64.patch 1484 SHA256 8a79f022a17a7fadb4eb708538b41a7a034e21ad84162beb1f7fa7cff5eb487e SHA512 dbbfae5ce19a4247a6b1ca4a45ca6c15904e13e6bf603447cb5d9820292ceb411792e29db0001c5869e3c4cb0a8afe7fb64d35f007052efc68098301c2e81def WHIRLPOOL 36959cfb8a3f2ac05b28fb6c0e28574f0267ddb6f89471e663ee370a1a1ce3e6c85c6a637098acdac4644f4c20370e2775d9c2610ff03a5ae2a7662d79a60e95
+AUX openssl-0.9.8h-ldflags.patch 1151 SHA256 29fe4b5e51cbe330451e505a5be9a74a3c83bebdca677848097967cf62f1770f SHA512 7f98c5ad310710aeceefd6fac440682bf2baaf41ce17de535add54af88c45fa0689e6e6c26bafb4fe2290fd3b6d80c51d85ffda1e276a73a3d66a319585aab11 WHIRLPOOL 43069cdcf5ae1b644a73292fc53c148e8356786069dfaadaba9e0f21b1adba5c14dbdfe061c4cffedefa072bc99d54b2af9a39b1063dcef7ab54bb45d01a7ce8
+AUX openssl-0.9.8m-binutils.patch 684 SHA256 1e4475f7183ec237d129b686d4ca5265bf7eb34642e7d9e77cbe8ad9a97b4876 SHA512 5e8a20111bd4809e7375c7323dab2c2edd6a131d1ec2377ee99c5e06ceb7b4b000e9606ba6d0e68cd67d8e001cc8194e11e301eace0feb066d5f3c5b331b5f04 WHIRLPOOL dd4a0329e571e4f9322806fce2e6c510b978b68e5c6c64bfbe6993da16989c1a5451fe1e5b0509c0022925ca356cf3309799cdc204998107425fb016cb49da2d
+AUX openssl-1.0.0a-ldflags.patch 1095 SHA256 17bb0b9988de0be6b8bb916d953d5d62cf054943f3bc24c5d7c8fea91d864350 SHA512 80c3677313a6268fdc2eb7b556dc081f1047694cf932a8669820923952bf0e3002da4cd92d6a335b44f8a6ece7d88319c15e9c0171118bfc03ff7a9b718726d8 WHIRLPOOL 55bc5d8f0ee620d8e56215572a6eb65a06ff9bf180d6b33f6db74e2129e5373252238772ba6db25293f398a6713b7259c6ae959b15ce8292da9aeb3071a34243
+AUX openssl-1.0.0d-windres.patch 2912 SHA256 e5dbfd6af69bc3f69b51787cf1f6245207be9824dfffbdd9b4e278772ed8ab32 SHA512 d7a0238edea29aac7d20dca0778c67f8ae4dc0da190e5277e1b3519ae536f2c44533ac5dc1cbcd138bc4277ad669b13fca316bd962f26e2cb387f2ad3fd0111b WHIRLPOOL d62156820e55898d0a0393473c6ad8e49c5aa7bb9d3fc7043795de7102c3003d5f8b874c751e03cf832e306ac290790e871e1318bb830b3558a43e09be5b45b4
+AUX openssl-1.0.1p-default-source.patch 861 SHA256 390b6857e76cd0513a089ff3eeed60097c3b30bec4b004bb6adbb8eaab02dc4a SHA512 cbd47ae5553ec0e683a92171cb1c2e68d7eb0cf2b1787e3fe332ca2df0aefa31a1a74d60345d5e42d00bdda439019d089560cf2f5464dfe19ff7a3d6a310d06b WHIRLPOOL d734c8776c2d4f17a562f580f676de08bf35e07b04005f1c2a6e7f2752e3a1b57f6d771195f84d7d9709bf2e669b119fe3ae37e473de192e9c10a8ffb1c8969f
+AUX openssl-1.0.2-ipv6.patch 18811 SHA256 9ff3150c75f3f3e6a9773ffe54d90994cbf68cc919134aea68e09e7ed921763d SHA512 58e293f8f19a3fad08729b842dd977b73fedb0c49208d87a056bfea857c0e2b79a310d7d098c04429b65564fce64defeda6d1dcc3068ad5a80ef276db6421e54 WHIRLPOOL 36a0fffc7238011b93077bed94c9507f2ffc1cf199e6c06e94d01589cdc84a6568b9122e1a120b8262bd0a1c43f25169a29796c92a78338dd9f03b4cc2cdf0b8
+AUX openssl-1.0.2a-parallel-install-dirs.patch 2013 SHA256 eddd8a5123748052c598214487ac178e4bfa4e31ba2ec520c70d59c8c5bfa2e9 SHA512 c3b97fa318b9627bcaf4f39d1615c46322c1081cded135af5b5115beb2be74ead46084119fce5643b12c54b6851c33bfb624694ccf6f3d32060b6d56239d3674 WHIRLPOOL 59228ad2796e28edf7508a3b3bbdab36f7b678922566a1ed43a86727371c7b6b8c362431f49812e7c60a9aa72134d7fffaeb7be0efb6b5ca0f10e1c716b6a557
+AUX openssl-1.0.2a-parallel-obj-headers.patch 1359 SHA256 147c3eeaad614c044749ea527cb433eae5e2d5cad34a78c6ba61cd967bfbe01f SHA512 ac8224bc088099d72e7e6761303b8653766372bd027536951c458bd22fd0526163de22bf27675e0292a12ae7257a5c1edf26a92747e00cc139e13e1b624b4072 WHIRLPOOL 58b1de7c90ed96a077065ff6abfdeaffd98ce68cc9a2551dab7ff3d04e9b38be8d4bb94a6830f4e6c3d997747345c43f76c31f4c7b825f56fd488e85b9c6179e
+AUX openssl-1.0.2a-parallel-symlinking.patch 2041 SHA256 30cb49489de5041841a74da9155cd4fabfbce33237262ba7cd23974314ae2956 SHA512 b87ab581784c285ef394b31baa1196a831a86c3b2d578704c9d8b80d68c70a8b19cfa88bd29b84578ed024135ae2d2ac4d622c91e1040074016b8fd104d6c05a WHIRLPOOL c8200ec6755efdce550afd2f59b3d5dc36324c6810b3ae7427af7130be9ba0db5857c13811f97dd6672230b9f096f81ebb4136c9589d53d25dcfe5c064355a46
+AUX openssl-1.0.2a-x32-asm.patch 1561 SHA256 8bcff04217c5ad82448e27d14f3559a157c2cad89b5fb2b6af701fff1664f86d SHA512 fbb23393e68776e9d34953f85ba3cbb285421d50f06bd297b485c7cffc8d89ca8caff6783f21038ae668b5c75056c89dc652217ac8609b5328e2c28e70ac294c WHIRLPOOL 70163beaed966de948562c3a633828846d12eda7b04526c7e33746c67af5a20ecf47e9e9e5cce33abf7444676f4b15b770204e95db75d0b91a9db13c46ff92bb
+AUX openssl-1.0.2g-parallel-build.patch 9751 SHA256 a2ac3d132f77f6eaca8beabde454d373f1bfaea7a61b56cb3b5b8469293da601 SHA512 29f784f19e1a4eadd4ecdae3f5a1d4f7123db388943b7940b8917db2cb8f6debb633d5e845a45bc73b5159d0a7b6479c7c582da59e53dc063953a67f31c011bb WHIRLPOOL 60fe9c0b138e3070c519c73bdd77b7369ca3440ddc53ccaed920237b356ef1010a919babe09027f66c3d1c1c90a57ce5cce01ec3aa16b913a861615d3efa6048
+AUX openssl-1.0.2h-CVE-2016-2177.patch 8135 SHA256 e321860623758c8a98b15dfa0b4671244e2cff34b5c62a489c43437d1053ed06 SHA512 6e149213d1c4cbab06e0aedeb04562f96c1430e6e8f9b9836ff4ddd79da361db2bcfbdf83f6615369e8feaaefecfc0dc5f9cee3b56c2eeeca57233a2daf25d2c WHIRLPOOL 31ccd2931172dc4ae6052009c964e0fb063492775c87aacf94a2fe8397f198845a5bb352cd257126d85b37058ae26a86cec8b333a6d8528a941a5ff62125dc88
+AUX openssl-1.0.2h-CVE-2016-2178.patch 1111 SHA256 a418cadb3858c285c080d6c333cb03604e53aef164838ea31324b26a0e136013 SHA512 3225fff5f3e3bfff3a0acd6c294c5b3a6ce58184b6583aec7bf1e1b35cc590f59b25dfc44eda698f95e8c18553a51d36f26e4dc9af2b9a6d601ccd5d95fa9ea4 WHIRLPOOL 9b6e66f7c13d0e417176776bb49939d0e21218a5b6c3ddb2ca73e3a51b2aed4f01d9330e63ae5173ad137c475451fda0db4acd063797810a4a7e1bd9d07092aa
+AUX openssl-1.0.2i-parallel-build.patch 10065 SHA256 264233dd15fb73ccb8cd8dd2b09b90ae6d1c5bf6f0b5a2013f1f682e173827f4 SHA512 2a95103d22263ca68582caccfb6860d45da20b92741824a794697eaa4e199199abc95ac8a62b821fc42aeab96098aeb89731ee535726e0a9e779dcd9bf39d12d WHIRLPOOL 95e53be866eda7458ab2289172f70517473d581d293af8d337226508440f1091a56eb2b9ae38e3167db42afb7a6e5cd1f936f5e537efd191f014ab289e34ec37
+AUX openssl-1.1.0-ldflags.patch 462 SHA256 95de4f6b5968024f850242bff9d659c4d2a8d32e0062a9a66cbb9b5742e1b364 SHA512 96aa86cd34ee266ad60d2c46639687e78931f3229151a92c4676cac49c3351509a308e2bf8fd4181d7768ccda48abba5238b5f839ffb039cbf5cd2ae7fa7f3c5 WHIRLPOOL 5a8b54b718ab1088d0484e4a69585dfacff9cca6e742302bfe7684369136fe728d02994e5890eb52c8be8c15b071df03987658d5440b640cc810f4978d14fb24
+DIST openssl-0.9.8zh.tar.gz 3818524 SHA256 f1d9f3ed1b85a82ecf80d0e2d389e1fda3fca9a4dba0bf07adbf231e1a5e2fd6 SHA512 b97fa2468211f86c0719c68ad1781eff84f772c479ed5193d6da14bac086b4ca706e7d851209d9df3f0962943b5e5333ab0def00110fb2e517caa73c0c6674c6 WHIRLPOOL 8ed3362e6aed89cd6ae02438bc3fb58ff3a91afb8a2d401d1d66c1ee4fd96f4befb50558131dd03a60fc15b588172fc1ede5d56bb1f68e184453bfe3b34f9abf
+DIST openssl-1.0.2h.tar.gz 5274412 SHA256 1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919 SHA512 780601f6f3f32f42b6d7bbc4c593db39a3575f9db80294a10a68b2b0bb79448d9bd529ca700b9977354cbdfc65887c76af0aa7b90d3ee421f74ab53e6f15c303 WHIRLPOOL 41b6cf0c08b547f1432dc8167a4c7835da0b6907f8932969e0a352fab8bdbb4d8f612a5bf431e415d93ff1c8238652b2ee3ce0bd935cc2f59e8ea4f40fe6b5d6
+DIST openssl-1.0.2i.tar.gz 5308232 SHA256 9287487d11c9545b6efb287cdb70535d4e9b284dd10d51441d9b9963d000de6f SHA512 41764debd5d64e4e770945f30d682e2c887d9cefb39b358c5c7f9d2cdce34393ed28d49b24e95c4639db2df01c278cbcde71bed2b03f9aafafc76766b03850e3 WHIRLPOOL ba1a4513aaa1de81e36912acfe0b6cf8e0acf7cc71d32b127b5e54eb2f6fc6ce63f4f61e9fc99fecc9e037cdccc496b9d15ea75b594b0fd8721b4478eab1f31d
+DIST openssl-1.0.2j.tar.gz 5307912 SHA256 e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431 SHA512 7d6ccae4aa3ccec3a5d128da29c68401cdb1210cba6d212d55235fc3bc63d7085e2f119e2bbee7ddff6b7b5eef07c6196156791724cd2caf313a4c2fef724edd WHIRLPOOL 1f17e80bc10da2eab9d4c1c3a662b0e2b4f7e8bc448aabb44cd98a96ba3d6cd0ef6cf9a3371d44b39a4d11b1a4087c8f0d056272ace6eba5bd2417f7ab9503b7
+DIST openssl-1.1.0b.tar.gz 5162355 SHA256 a45de072bf9be4dea437230aaf036000f0e68c6a665931c57e76b5b036cef6f7 SHA512 b6d66261427f1acc049bf5469a0dc668490e752c2ba4802481809e7e35367213eca17ac9fdc3f23ed5f7a53d303abca78b13a48b169f154043199f2680ccf1a4 WHIRLPOOL bc926b2839f2e85751480ac0a6306bd37ca1ac12759b78654fba6861517bb9979245b95676a60900eab9257334ecf2e1b7d9e406c39a6075054a93ffc1f7a76a
+EBUILD openssl-0.9.8z_p8.ebuild 4947 SHA256 81aa87c023da6925fa5cc445cb5af4a1b1ddf6ac493cf892acb711c13eb8e232 SHA512 00ab05012403aa156318a01f6b45764ebf9541bfc011551680ef21521a644871025b959c2a3cd014642976c86e9dc7a9876afd865f0fe633e902280f7e818aca WHIRLPOOL 2f884374b87cc618f71aabfa0d3f63f42d0033e6b97830c1b54ba66faf54d033eb42c8a694106e718f604106597db2be008537fec83d604692f3903fc8c6f6cb
+EBUILD openssl-1.0.2h-r2.ebuild 8391 SHA256 bba6022ff6ada79c678dc98ed7479f8aa0add1ea12c9de83d80a0932a482756f SHA512 04e3bb89202a91409a6ef527bc4ab40a3d41fe05ec349baf28acfe8666e436909427210706a50f700ede06656e348698c3af8795d22837c7edcad6ecbb3490ad WHIRLPOOL bf87900993f532ca0491bc7ca04016bd7bc699c91800d9f4ec8684ee0ccb9bb336cf834953f81d86da98d69c5a76720b4ea1a2d938ca42335ba90811fb61da2b
+EBUILD openssl-1.0.2i.ebuild 8221 SHA256 2fc64be82c00fcbc4094b2f8064da3a089f7f11cadbf0994f84ef5724bcadd65 SHA512 340757a97acf966b1548f0844ac9993605f65a30a16d4ba112f24849c63647f9a7049e44b63829d91449185d2830f9729bb7ba35d8ffc361dce3a0a54cd9460d WHIRLPOOL 716ae422bf366ac88e1e6d50e3492c30d873a759cf95b291562f6749ef4e8a8667127a00e881aaeed181f34f9e142e6e0a5afa1c28036a48fa4b4bf887c5790f
+EBUILD openssl-1.0.2j.ebuild 8216 SHA256 0837002b9a46219ed712d335b34613ef03c94cacd37151b99f84e8c23b690a84 SHA512 5f89b4ffe194d1f2941b97eeed3d5929708c3d49320cc96836b1a9cd88fffee34e9e2256ced76d742456d47aadeeb32ab289c7d3462e5286746a1aa4209cf302 WHIRLPOOL 9e05a602fef6e59f4363c6fc30c52837744097054c8eceda8fae9676bf5bfc96c6a1fa074d31f462d7c188aa28e10f5d7ff487477f28564ca411ba7926825a55
+EBUILD openssl-1.1.0b.ebuild 7475 SHA256 6c28d0d4d8413bc6ed0d123f46585cb54111c478d77ae04e077563a00ce80ac3 SHA512 54ad5d54993cf1d7a39a24e9ac3e9a97b13160671f92890fe741515bb010890623c94a8e4ef492c404b7dbe9b2a3be5131a56c37a9e5f0f3219b7a38c74b1f30 WHIRLPOOL 17e3c7f6d7bb01c96ab7955af5b421745a8d4772c0d4f493d6a75186bb18a68c65f9a0e4e2e55733399188b06dc5d5568eb799fe7af7b21f9a91ab5524dbbd78
+MISC ChangeLog 26359 SHA256 0d91047753594ade7b8e0197cfcbaa795ac8c0ea1bbbbcb4334dab7884a97fb6 SHA512 3106412fbbcdabcc6c53faf9f9f8f57195def975e7dddd846ca9ee892a99a24b0ae947c8aa6e3e434eae3a7f27728e43d97ac8ae36ea1536887fede592dd5302 WHIRLPOOL b420ef5b892cd5b65de904e56e5036845c3326e0a48240e58040c1026682f2e51cf288bd2af4f605177d2838e9d0165c4422ae5b334e149e2380ce890c432826
+MISC ChangeLog-2015 105012 SHA256 78da8e54f925dd55fa0e87800ab2e3ad9833cb33f6c334a4364339195d44a8a8 SHA512 fa8deec570b40406f273a5ea929f10113d81d828815c67f225968bbbaa6737f6c4832502a100b06fe6c8cf124529fedaa04cbaf7a70f037680a420ce244be1e5 WHIRLPOOL a2acbfb3283a9521492b4b96d9d2283aefc3445df87e47e584c66f87547cfa954914beaddd040c7097fded7029897f9481cded1d1f2d1ad7fa7b2e5425b285ba
+MISC metadata.xml 1264 SHA256 a592ac3e0dfafaf2cc5feb9d582332caf2fd92c9e48ebe261e7859fe6e377abb SHA512 573f280724e4c5a176d2f624b83b780f936e71cf960cd0cbbad417b6aa2e6c5b1886fb8b732a561f40e2360c4d750d57a281ee1c1bd242dc2d3001a8f229b271 WHIRLPOOL 10cd6b0c28bfa8948c16259ecf8e009c8c227e4762eae8da50aa2b0e6959ca985697be123bc5a1ec42be6691c413a4cef9f55d5aace93fae440eeaa4fd8fe3ee

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/gentoo.config-0.9.8

@@ -0,0 +1,145 @@
+#!/usr/bin/env bash
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# Openssl doesn't play along nicely with cross-compiling
+# like autotools based projects, so let's teach it new tricks.
+#
+# Review the bundled 'config' script to see why kind of targets
+# we can pass to the 'Configure' script.
+
+
+# Testing routines
+if [[ $1 == "test" ]] ; then
+	for c in \
+		"arm-gentoo-linux-uclibc      |linux-generic32 -DL_ENDIAN" \
+		"armv5b-linux-gnu             |linux-generic32 -DB_ENDIAN" \
+		"x86_64-pc-linux-gnu          |linux-x86_64" \
+		"alphaev56-unknown-linux-gnu  |linux-alpha+bwx-gcc" \
+		"i686-pc-linux-gnu            |linux-elf" \
+		"whatever-gentoo-freebsdX.Y   |BSD-generic32" \
+		"i686-gentoo-freebsdX.Y       |BSD-x86-elf" \
+		"sparc64-alpha-freebsdX.Y     |BSD-sparc64" \
+		"ia64-gentoo-freebsd5.99234   |BSD-ia64" \
+		"x86_64-gentoo-freebsdX.Y     |BSD-x86_64" \
+		"hppa64-aldsF-linux-gnu5.3    |linux-generic32 -DB_ENDIAN" \
+		"powerpc-gentOO-linux-uclibc  |linux-ppc" \
+		"powerpc64-unk-linux-gnu      |linux-ppc64" \
+		"x86_64-apple-darwinX         |darwin64-x86_64-cc" \
+		"powerpc64-apple-darwinX      |darwin64-ppc-cc" \
+		"i686-apple-darwinX           |darwin-i386-cc" \
+		"i386-apple-darwinX           |darwin-i386-cc" \
+		"powerpc-apple-darwinX        |darwin-ppc-cc" \
+		"i586-pc-winnt                |winnt-parity" \
+	;do
+		CHOST=${c/|*}
+		ret_want=${c/*|}
+		ret_got=$(CHOST=${CHOST} "$0")
+
+		if [[ ${ret_want} == "${ret_got}" ]] ; then
+			echo "PASS: ${CHOST}"
+		else
+			echo "FAIL: ${CHOST}"
+			echo -e "\twanted: ${ret_want}"
+			echo -e "\twe got: ${ret_got}"
+		fi
+	done
+	exit 0
+fi
+[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
+
+
+# Detect the operating system
+case ${CHOST} in
+	*-aix*)      system="aix";;
+	*-darwin*)   system="darwin";;
+	*-freebsd*)  system="BSD";;
+	*-hpux*)     system="hpux";;
+	*-linux*)    system="linux";;
+	*-solaris*)  system="solaris";;
+	*-winnt*)    system="winnt";;
+	*)           exit 0;;
+esac
+
+
+# Compiler munging
+compiler="gcc"
+if [[ ${CC} == "ccc" ]] ; then
+	compiler=${CC}
+fi
+
+
+# Detect target arch
+machine=""
+chost_machine=${CHOST%%-*}
+case ${system} in
+linux)
+	case ${chost_machine} in
+		alphaev56*)   machine=alpha+bwx-${compiler};;
+		alphaev[678]*)machine=alpha+bwx-${compiler};;
+		alpha*)       machine=alpha-${compiler};;
+		arm*b*)       machine="generic32 -DB_ENDIAN";;
+		arm*)         machine="generic32 -DL_ENDIAN";;
+	#	hppa64*)      machine=parisc64;;
+		hppa*)        machine="generic32 -DB_ENDIAN";;
+		i[0-9]86*)    machine=elf;;
+		ia64*)        machine=ia64;;
+		m68*)         machine="generic32 -DB_ENDIAN";;
+		mips*el*)     machine="generic32 -DL_ENDIAN";;
+		mips*)        machine="generic32 -DB_ENDIAN";;
+		powerpc64*)   machine=ppc64;;
+		powerpc*)     machine=ppc;;
+	#	sh64*)        machine=elf;;
+		sh*b*)        machine="generic32 -DB_ENDIAN";;
+		sh*)          machine="generic32 -DL_ENDIAN";;
+		sparc*v7*)    machine="generic32 -DB_ENDIAN";;
+		sparc64*)     machine=sparcv9;;
+		sparc*)       machine=sparcv8;;
+		s390x*)       machine="generic64 -DB_ENDIAN";;
+		s390*)        machine="generic32 -DB_ENDIAN";;
+		x86_64*)      machine=x86_64;;
+	esac
+	;;
+BSD)
+	case ${chost_machine} in
+		alpha*)       machine=generic64;;
+		i[6-9]86*)    machine=x86-elf;;
+		ia64*)        machine=ia64;;
+		sparc64*)     machine=sparc64;;
+		x86_64*)      machine=x86_64;;
+		*)            machine=generic32;;
+	esac
+	;;
+aix)
+	machine=${compiler}
+	;;
+darwin)
+	case ${chost_machine} in
+		powerpc64)    machine=ppc-cc; system=${system}64;;
+		powerpc)      machine=ppc-cc;;
+		i?86*)        machine=i386-cc;;
+		x86_64)       machine=x86_64-cc; system=${system}64;;
+	esac
+	;;
+hpux)
+	case ${chost_machine} in
+		ia64)	machine=ia64-${compiler} ;;
+	esac
+	;;
+solaris)
+	case ${chost_machine} in
+		i386)         machine=x86-${compiler} ;;
+		x86_64*)      machine=x86_64-${compiler}; system=${system}64;;
+		sparcv9*)     machine=sparcv9-${compiler}; system=${system}64;;
+		sparc*)       machine=sparcv8-${compiler};;
+	esac
+	;;
+winnt)
+	machine=parity
+	;;
+esac
+
+
+# If we have something, show it
+[[ -n ${machine} ]] && echo ${system}-${machine}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/gentoo.config-1.0.2

@@ -0,0 +1,170 @@
+#!/usr/bin/env bash
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+#
+# Openssl doesn't play along nicely with cross-compiling
+# like autotools based projects, so let's teach it new tricks.
+#
+# Review the bundled 'config' script to see why kind of targets
+# we can pass to the 'Configure' script.
+
+
+# Testing routines
+if [[ $1 == "test" ]] ; then
+	for c in \
+		"arm-gentoo-linux-uclibc      |linux-generic32 -DL_ENDIAN" \
+		"armv5b-linux-gnu             |linux-armv4 -DB_ENDIAN" \
+		"x86_64-pc-linux-gnu          |linux-x86_64" \
+		"alpha-linux-gnu              |linux-alpha-gcc" \
+		"alphaev56-unknown-linux-gnu  |linux-alpha+bwx-gcc" \
+		"i686-pc-linux-gnu            |linux-elf" \
+		"whatever-gentoo-freebsdX.Y   |BSD-generic32" \
+		"i686-gentoo-freebsdX.Y       |BSD-x86-elf" \
+		"sparc64-alpha-freebsdX.Y     |BSD-sparc64" \
+		"ia64-gentoo-freebsd5.99234   |BSD-ia64" \
+		"x86_64-gentoo-freebsdX.Y     |BSD-x86_64" \
+		"hppa64-aldsF-linux-gnu5.3    |linux-generic32 -DB_ENDIAN" \
+		"powerpc-gentOO-linux-uclibc  |linux-ppc" \
+		"powerpc64-unk-linux-gnu      |linux-ppc64" \
+		"powerpc64le-linux-gnu        |linux-ppc64le" \
+		"x86_64-apple-darwinX         |darwin64-x86_64-cc" \
+		"powerpc64-apple-darwinX      |darwin64-ppc-cc" \
+		"i686-apple-darwinX           |darwin-i386-cc" \
+		"i386-apple-darwinX           |darwin-i386-cc" \
+		"powerpc-apple-darwinX        |darwin-ppc-cc" \
+		"i586-pc-winnt                |winnt-parity" \
+		"s390-ibm-linux-gnu           |linux-generic32 -DB_ENDIAN" \
+		"s390x-linux-gnu              |linux64-s390x" \
+	;do
+		CHOST=${c/|*}
+		ret_want=${c/*|}
+		ret_got=$(CHOST=${CHOST} "$0")
+
+		if [[ ${ret_want} == "${ret_got}" ]] ; then
+			echo "PASS: ${CHOST}"
+		else
+			echo "FAIL: ${CHOST}"
+			echo -e "\twanted: ${ret_want}"
+			echo -e "\twe got: ${ret_got}"
+		fi
+	done
+	exit 0
+fi
+[[ -z ${CHOST} && -n $1 ]] && CHOST=$1
+
+
+# Detect the operating system
+case ${CHOST} in
+	*-aix*)          system="aix";;
+	*-darwin*)       system="darwin";;
+	*-freebsd*)      system="BSD";;
+	*-hpux*)         system="hpux";;
+	*-linux*)        system="linux";;
+	*-solaris*)      system="solaris";;
+	*-winnt*)        system="winnt";;
+	x86_64-*-mingw*) system="mingw64";;
+	*mingw*)         system="mingw";;
+	*)               exit 0;;
+esac
+
+
+# Compiler munging
+compiler="gcc"
+if [[ ${CC} == "ccc" ]] ; then
+	compiler=${CC}
+fi
+
+
+# Detect target arch
+machine=""
+chost_machine=${CHOST%%-*}
+case ${system} in
+linux)
+	case ${chost_machine}:${ABI} in
+		aarch64*be*)  machine="generic64 -DB_ENDIAN";;
+		aarch64*)     machine="generic64 -DL_ENDIAN";;
+		alphaev56*|\
+		alphaev[678]*)machine=alpha+bwx-${compiler};;
+		alpha*)       machine=alpha-${compiler};;
+		armv[4-9]*b*) machine="armv4 -DB_ENDIAN";;
+		armv[4-9]*)   machine="armv4 -DL_ENDIAN";;
+		arm*b*)       machine="generic32 -DB_ENDIAN";;
+		arm*)         machine="generic32 -DL_ENDIAN";;
+		avr*)         machine="generic32 -DL_ENDIAN";;
+		bfin*)        machine="generic32 -DL_ENDIAN";;
+	#	hppa64*)      machine=parisc64;;
+		hppa*)        machine="generic32 -DB_ENDIAN";;
+		i[0-9]86*|\
+		x86_64*:x86)  machine=elf;;
+		ia64*)        machine=ia64;;
+		m68*)         machine="generic32 -DB_ENDIAN";;
+		mips*el*)     machine="generic32 -DL_ENDIAN";;
+		mips*)        machine="generic32 -DB_ENDIAN";;
+		powerpc64*le*)machine=ppc64le;;
+		powerpc64*)   machine=ppc64;;
+		powerpc*le*)  machine="generic32 -DL_ENDIAN";;
+		powerpc*)     machine=ppc;;
+	#	sh64*)        machine=elf;;
+		sh*b*)        machine="generic32 -DB_ENDIAN";;
+		sh*)          machine="generic32 -DL_ENDIAN";;
+		# TODO: Might want to do -mcpu probing like glibc to determine a
+		# better default for sparc-linux-gnu targets.  This logic will
+		# break v7 and older systems when they use it.
+		sparc*v7*)    machine="generic32 -DB_ENDIAN";;
+		sparc64*)     machine=sparcv9 system=linux64;;
+		sparc*v9*)    machine=sparcv9;;
+		sparc*v8*)    machine=sparcv8;;
+		sparc*)       machine=sparcv8;;
+		s390x*)       machine=s390x system=linux64;;
+		s390*)        machine="generic32 -DB_ENDIAN";;
+		x86_64*:x32)  machine=x32;;
+		x86_64*)      machine=x86_64;;
+	esac
+	;;
+BSD)
+	case ${chost_machine} in
+		alpha*)       machine=generic64;;
+		i[6-9]86*)    machine=x86-elf;;
+		ia64*)        machine=ia64;;
+		sparc64*)     machine=sparc64;;
+		x86_64*)      machine=x86_64;;
+		*)            machine=generic32;;
+	esac
+	;;
+aix)
+	machine=${compiler}
+	;;
+darwin)
+	case ${chost_machine} in
+		powerpc64)    machine=ppc-cc; system=${system}64;;
+		powerpc)      machine=ppc-cc;;
+		i?86*)        machine=i386-cc;;
+		x86_64)       machine=x86_64-cc; system=${system}64;;
+	esac
+	;;
+hpux)
+	case ${chost_machine} in
+		ia64)	machine=ia64-${compiler} ;;
+	esac
+	;;
+solaris)
+	case ${chost_machine} in
+		i386)         machine=x86-${compiler} ;;
+		x86_64*)      machine=x86_64-${compiler}; system=${system}64;;
+		sparcv9*)     machine=sparcv9-${compiler}; system=${system}64;;
+		sparc*)       machine=sparcv8-${compiler};;
+	esac
+	;;
+winnt)
+	machine=parity
+	;;
+mingw*)
+	# special case ... no xxx-yyy style name
+	echo ${system}
+	;;
+esac
+
+
+# If we have something, show it
+[[ -n ${machine} ]] && echo ${system}-${machine}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-0.9.8e-bsd-sparc64.patch

@@ -0,0 +1,25 @@
+--- a/Configure
++++ b/Configure
+@@ -365,7 +365,7 @@
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+-"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:ULTRASPARC::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+
+the -B flag is a no-op nowadays
+
+--- a/crypto/des/Makefile
++++ b/crypto/des/Makefile
+@@ -62,7 +62,7 @@
+ 	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+ 
+ des_enc-sparc.S:	asm/des_enc.m4
+-	m4 -B 8192 asm/des_enc.m4 > des_enc-sparc.S
++	m4 asm/des_enc.m4 > des_enc-sparc.S
+ 
+ # ELF
+ dx86-elf.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-0.9.8h-ldflags.patch

@@ -0,0 +1,29 @@
+http://bugs.gentoo.org/181438
+http://bugs.gentoo.org/327421
+https://rt.openssl.org/Ticket/Display.html?id=3332&user=guest&pass=guest
+
+make sure we respect LDFLAGS
+
+also make sure we don't add useless -rpath flags to the system libdir
+
+--- openssl-0.9.8h/Makefile.org
++++ openssl-0.9.8h/Makefile.org
+@@ -180,6 +181,7 @@
+ 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD ${MAKEDEPPROG}' \
+ 		DEPFLAG='-DOPENSSL_NO_DEPRECATED ${DEPFLAG}'	\
+ 		MAKEDEPPROG='${MAKEDEPPROG}'			\
++		LDFLAGS='${LDFLAGS}'		\
+ 		SHARED_LDFLAGS='${SHARED_LDFLAGS}'		\
+ 		KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}'	\
+ 		EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}'	\
+--- openssl-0.9.8h/Makefile.shared
++++ openssl-0.9.8h/Makefile.shared
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-0.9.8m-binutils.patch

@@ -0,0 +1,24 @@
+http://bugs.gentoo.org/289130
+
+Ripped from Fedora
+
+--- openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl.binutils	2009-11-12 15:17:29.000000000 +0100
++++ openssl-1.0.0-beta4/crypto/sha/asm/sha1-x86_64.pl	2009-11-12 17:24:18.000000000 +0100
+@@ -150,7 +150,7 @@ ___
+ sub BODY_20_39 {
+ my ($i,$a,$b,$c,$d,$e,$f)=@_;
+ my $j=$i+1;
+-my $K=($i<40)?0x6ed9eba1:0xca62c1d6;
++my $K=($i<40)?0x6ed9eba1:-0x359d3e2a;
+ $code.=<<___ if ($i<79);
+ 	lea	$K($xi,$e),$f
+ 	mov	`4*($j%16)`(%rsp),$xi
+@@ -187,7 +187,7 @@ sub BODY_40_59 {
+ my ($i,$a,$b,$c,$d,$e,$f)=@_;
+ my $j=$i+1;
+ $code.=<<___;
+-	lea	0x8f1bbcdc($xi,$e),$f
++	lea	-0x70e44324($xi,$e),$f
+ 	mov	`4*($j%16)`(%rsp),$xi
+ 	mov	$b,$t0
+ 	mov	$b,$t1

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.0a-ldflags.patch

@@ -0,0 +1,29 @@
+http://bugs.gentoo.org/181438
+http://bugs.gentoo.org/327421
+https://rt.openssl.org/Ticket/Display.html?id=3331&user=guest&pass=guest
+
+make sure we respect LDFLAGS
+
+also make sure we don't add useless -rpath flags to the system libdir
+
+--- Makefile.org
++++ Makefile.org
+@@ -189,6 +189,7 @@
+ 		MAKEDEPEND='$$$${TOP}/util/domd $$$${TOP} -MD $(MAKEDEPPROG)' \
+ 		DEPFLAG='-DOPENSSL_NO_DEPRECATED $(DEPFLAG)'	\
+ 		MAKEDEPPROG='$(MAKEDEPPROG)'			\
++		LDFLAGS='${LDFLAGS}'				\
+ 		SHARED_LDFLAGS='$(SHARED_LDFLAGS)'		\
+ 		KRB5_INCLUDES='$(KRB5_INCLUDES)' LIBKRB5='$(LIBKRB5)'	\
+ 		ZLIB_INCLUDE='$(ZLIB_INCLUDE)' LIBZLIB='$(LIBZLIB)'	\
+--- Makefile.shared
++++ Makefile.shared
+@@ -153,7 +153,7 @@
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+ 
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(LDFLAGS) $(CFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.0d-windres.patch

@@ -0,0 +1,76 @@
+URL: http://rt.openssl.org/Ticket/Display.html?id=2558&user=guest&pass=guest
+Subject: make windres controllable via build env var settings
+
+atm, the windres code in openssl is only usable via the cross-compile prefix 
+option unlike all the other build tools. so add support for the standard $RC 
+/ $WINDRES env vars as well.
+
+Index: Configure
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/Configure,v
+retrieving revision 1.621.2.40
+diff -u -p -r1.621.2.40 Configure
+--- Configure	30 Nov 2010 22:19:26 -0000	1.621.2.40
++++ Configure	4 Jul 2011 23:12:32 -0000
+@@ -1094,6 +1094,7 @@ my $shared_extension = $fields[$idx_shar
+ my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
+ my $ar = $ENV{'AR'} || "ar";
+ my $arflags = $fields[$idx_arflags];
++my $windres = $ENV{'RC'} || $ENV{'WINDRES'} || "windres";
+ my $multilib = $fields[$idx_multilib];
+ 
+ # if $prefix/lib$multilib is not an existing directory, then
+@@ -1511,12 +1512,14 @@ while (<IN>)
+ 		s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
+ 		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
+ 		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
++		s/^WINDRES=\s*/WINDRES= \$\(CROSS_COMPILE\)/;
+ 		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
+ 		}
+ 	else	{
+ 		s/^CC=.*$/CC= $cc/;
+ 		s/^AR=\s*ar/AR= $ar/;
+ 		s/^RANLIB=.*/RANLIB= $ranlib/;
++		s/^WINDRES=.*/WINDRES= $windres/;
+ 		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+ 		}
+ 	s/^CFLAG=.*$/CFLAG= $cflags/;
+Index: Makefile.org
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.org,v
+retrieving revision 1.295.2.10
+diff -u -p -r1.295.2.10 Makefile.org
+--- Makefile.org	27 Jan 2010 16:06:58 -0000	1.295.2.10
++++ Makefile.org	4 Jul 2011 23:13:08 -0000
+@@ -66,6 +66,7 @@ EXE_EXT= 
+ ARFLAGS=
+ AR=ar $(ARFLAGS) r
+ RANLIB= ranlib
++WINDRES= windres
+ NM= nm
+ PERL= perl
+ TAR= tar
+@@ -180,6 +181,7 @@ BUILDENV=	PLATFORM='$(PLATFORM)' PROCESS
+ 		CC='$(CC)' CFLAG='$(CFLAG)' 			\
+ 		AS='$(CC)' ASFLAG='$(CFLAG) -c'			\
+ 		AR='$(AR)' NM='$(NM)' RANLIB='$(RANLIB)'	\
++		WINDRES='$(WINDRES)'				\
+ 		CROSS_COMPILE='$(CROSS_COMPILE)'	\
+ 		PERL='$(PERL)' ENGDIRS='$(ENGDIRS)'		\
+ 		SDIRS='$(SDIRS)' LIBRPATH='$(INSTALLTOP)/$(LIBDIR)'	\
+Index: Makefile.shared
+===================================================================
+RCS file: /usr/local/src/openssl/CVSROOT/openssl/Makefile.shared,v
+retrieving revision 1.72.2.4
+diff -u -p -r1.72.2.4 Makefile.shared
+--- Makefile.shared	21 Aug 2010 11:36:49 -0000	1.72.2.4
++++ Makefile.shared	4 Jul 2011 23:13:52 -0000
+@@ -293,7 +293,7 @@ link_a.cygwin:
+ 	fi; \
+ 	dll_name=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX; \
+ 	$(PERL) util/mkrc.pl $$dll_name | \
+-		$(CROSS_COMPILE)windres -o rc.o; \
++		$(WINDRES) -o rc.o; \
+ 	extras="$$extras rc.o"; \
+ 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.1p-default-source.patch

@@ -0,0 +1,30 @@
+https://bugs.gentoo.org/554338
+https://rt.openssl.org/Ticket/Display.html?id=3934&user=guest&pass=guest
+
+From 7c2e97f8bbae517496fdc11f475b4ae54b2534f5 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Fri, 10 Jul 2015 01:50:52 -0400
+Subject: [PATCH] test: use _DEFAULT_SOURCE with newer glibc versions
+
+The _BSD_SOURCE macro is replaced by the _DEFAULT_SOURCE macro.  Using
+just the former with newer versions leads to a build time warning, so
+make sure to use the new macro too.
+---
+ ssl/ssltest.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ssl/ssltest.c b/ssl/ssltest.c
+index 26cf96c..b36f667 100644
+--- a/ssl/ssltest.c
++++ b/ssl/ssltest.c
+@@ -141,6 +141,7 @@
+  */
+ 
+ /* Or gethostname won't be declared properly on Linux and GNU platforms. */
++#define _DEFAULT_SOURCE 1
+ #define _BSD_SOURCE 1
+ 
+ #include <assert.h>
+-- 
+2.4.4
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2-ipv6.patch

@@ -0,0 +1,611 @@
+http://rt.openssl.org/Ticket/Display.html?id=2051&user=guest&pass=guest
+
+--- openssl-1.0.2/apps/s_apps.h
++++ openssl-1.0.2/apps/s_apps.h
+@@ -154,7 +154,7 @@
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, int stype,
+                          unsigned char *context), unsigned char *context,
+-              int naccept);
++              int naccept, int use_ipv4, int use_ipv6);
+ #ifdef HEADER_X509_H
+ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
+ #endif
+@@ -167,7 +167,8 @@
+ int ssl_print_curves(BIO *out, SSL *s, int noshared);
+ #endif
+ int ssl_print_tmp_key(BIO *out, SSL *s);
+-int init_client(int *sock, char *server, int port, int type);
++int init_client(int *sock, char *server, int port, int type,
++		int use_ipv4, int use_ipv6);
+ int should_retry(int i);
+ int extract_port(char *str, short *port_ptr);
+ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
+--- openssl-1.0.2/apps/s_client.c
++++ openssl-1.0.2/apps/s_client.c
+@@ -302,6 +302,10 @@
+ {
+     BIO_printf(bio_err, "usage: s_client args\n");
+     BIO_printf(bio_err, "\n");
++    BIO_printf(bio_err, " -4             - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err, " -6             - use IPv6 only\n");
++#endif
+     BIO_printf(bio_err, " -host host     - use -connect instead\n");
+     BIO_printf(bio_err, " -port port     - use -connect instead\n");
+     BIO_printf(bio_err,
+@@ -658,6 +662,7 @@
+     int sbuf_len, sbuf_off;
+     fd_set readfds, writefds;
+     short port = PORT;
++    int use_ipv4, use_ipv6;
+     int full_log = 1;
+     char *host = SSL_HOST_NAME;
+     char *cert_file = NULL, *key_file = NULL, *chain_file = NULL;
+@@ -709,7 +714,11 @@
+ #endif
+     char *sess_in = NULL;
+     char *sess_out = NULL;
+-    struct sockaddr peer;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage peer;
++#else
++    struct sockaddr_in peer;
++#endif
+     int peerlen = sizeof(peer);
+     int fallback_scsv = 0;
+     int enable_timeouts = 0;
+@@ -737,6 +746,12 @@
+ 
+     meth = SSLv23_client_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
+     apps_startup();
+     c_Pause = 0;
+     c_quiet = 0;
+@@ -1096,6 +1111,16 @@
+             jpake_secret = *++argv;
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -1421,7 +1446,7 @@
+ 
+  re_start:
+ 
+-    if (init_client(&s, host, port, socket_type) == 0) {
++    if (init_client(&s, host, port, socket_type, use_ipv4, use_ipv6) == 0) {
+         BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
+         SHUTDOWN(s);
+         goto end;
+@@ -1444,7 +1469,7 @@
+     if (socket_type == SOCK_DGRAM) {
+ 
+         sbio = BIO_new_dgram(s, BIO_NOCLOSE);
+-        if (getsockname(s, &peer, (void *)&peerlen) < 0) {
++        if (getsockname(s, (struct sockaddr *)&peer, (void *)&peerlen) < 0) {
+             BIO_printf(bio_err, "getsockname:errno=%d\n",
+                        get_last_socket_error());
+             SHUTDOWN(s);
+--- openssl-1.0.2/apps/s_server.c
++++ openssl-1.0.2/apps/s_server.c
+@@ -643,6 +643,10 @@
+     BIO_printf(bio_err,
+                " -alpn arg  - set the advertised protocols for the ALPN extension (comma-separated list)\n");
+ #endif
++    BIO_printf(bio_err, " -4            - use IPv4 only\n");
++#if OPENSSL_USE_IPV6
++    BIO_printf(bio_err, " -6            - use IPv6 only\n");
++#endif
+     BIO_printf(bio_err,
+                " -keymatexport label   - Export keying material using label\n");
+     BIO_printf(bio_err,
+@@ -1070,6 +1074,7 @@
+     int state = 0;
+     const SSL_METHOD *meth = NULL;
+     int socket_type = SOCK_STREAM;
++    int use_ipv4, use_ipv6;
+     ENGINE *e = NULL;
+     char *inrand = NULL;
+     int s_cert_format = FORMAT_PEM, s_key_format = FORMAT_PEM;
+@@ -1111,6 +1116,12 @@
+ 
+     meth = SSLv23_server_method();
+ 
++    use_ipv4 = 1;
++#if OPENSSL_USE_IPV6
++    use_ipv6 = 1;
++#else
++    use_ipv6 = 0;
++#endif
+     local_argc = argc;
+     local_argv = argv;
+ 
+@@ -1503,6 +1514,16 @@
+             jpake_secret = *(++argv);
+         }
+ #endif
++	else if (strcmp(*argv,"-4") == 0) {
++	    use_ipv4 = 1;
++	    use_ipv6 = 0;
++	}
++#if OPENSSL_USE_IPV6
++	else if (strcmp(*argv,"-6") == 0) {
++	    use_ipv4 = 0;
++	    use_ipv6 = 1;
++	}
++#endif
+ #ifndef OPENSSL_NO_SRTP
+         else if (strcmp(*argv, "-use_srtp") == 0) {
+             if (--argc < 1)
+@@ -2023,13 +2044,13 @@
+     (void)BIO_flush(bio_s_out);
+     if (rev)
+         do_server(port, socket_type, &accept_socket, rev_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     else if (www)
+         do_server(port, socket_type, &accept_socket, www_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     else
+         do_server(port, socket_type, &accept_socket, sv_body, context,
+-                  naccept);
++                  naccept, use_ipv4, use_ipv6);
+     print_stats(bio_s_out, ctx);
+     ret = 0;
+  end:
+--- openssl-1.0.2/apps/s_socket.c
++++ openssl-1.0.2/apps/s_socket.c
+@@ -101,16 +101,16 @@
+ #  include "netdb.h"
+ # endif
+ 
+-static struct hostent *GetHostByName(char *name);
++static struct hostent *GetHostByName(char *name, int domain);
+ # if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
+ static void ssl_sock_cleanup(void);
+ # endif
+ static int ssl_sock_init(void);
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type);
+-static int init_server(int *sock, int port, int type);
+-static int init_server_long(int *sock, int port, char *ip, int type);
++static int init_client_ip(int *sock, unsigned char *ip, int port, int type, int domain);
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6);
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6);
+ static int do_accept(int acc_sock, int *sock, char **host);
+-static int host_ip(char *str, unsigned char ip[4]);
++static int host_ip(char *str, unsigned char *ip, int domain);
+ 
+ # ifdef OPENSSL_SYS_WIN16
+ #  define SOCKET_PROTOCOL 0     /* more microsoft stupidity */
+@@ -231,38 +231,68 @@
+     return (1);
+ }
+ 
+-int init_client(int *sock, char *host, int port, int type)
++int init_client(int *sock, char *host, int port, int type, int use_ipv4, int use_ipv6)
+ {
++# if OPENSSL_USE_IPV6
++    unsigned char ip[16];
++# else
+     unsigned char ip[4];
++# endif
+ 
+-    memset(ip, '\0', sizeof ip);
+-    if (!host_ip(host, &(ip[0])))
+-        return 0;
+-    return init_client_ip(sock, ip, port, type);
+-}
+-
+-static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
+-{
+-    unsigned long addr;
++    if (use_ipv4)
++	if (host_ip(host, ip, AF_INET))
++	    return(init_client_ip(sock, ip, port, type, AF_INET));
++# if OPENSSL_USE_IPV6
++    if (use_ipv6)
++	if (host_ip(host, ip, AF_INET6))
++	    return(init_client_ip(sock, ip, port, type, AF_INET6));
++# endif
++    return 0;
++}
++
++static int init_client_ip(int *sock, unsigned char ip[4], int port, int type, int domain)
++{
++# if OPENSSL_USE_IPV6
++    struct sockaddr_storage them;
++    struct sockaddr_in *them_in = (struct sockaddr_in *)&them;
++    struct sockaddr_in6 *them_in6 = (struct sockaddr_in6 *)&them;
++# else
+     struct sockaddr_in them;
++    struct sockaddr_in *them_in = &them;
++# endif
++    socklen_t addr_len;
+     int s, i;
+ 
+     if (!ssl_sock_init())
+         return (0);
+ 
+     memset((char *)&them, 0, sizeof(them));
+-    them.sin_family = AF_INET;
+-    them.sin_port = htons((unsigned short)port);
+-    addr = (unsigned long)
+-        ((unsigned long)ip[0] << 24L) |
+-        ((unsigned long)ip[1] << 16L) |
+-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+-    them.sin_addr.s_addr = htonl(addr);
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	them_in->sin_family=AF_INET;
++	them_in->sin_port=htons((unsigned short)port);
++# ifndef BIT_FIELD_LIMITS
++	memcpy(&them_in->sin_addr.s_addr, ip, 4);
++# else
++	memcpy(&them_in->sin_addr, ip, 4);
++# endif
++    }
++    else
++# if OPENSSL_USE_IPV6
++    {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	them_in6->sin6_family=AF_INET6;
++	them_in6->sin6_port=htons((unsigned short)port);
++	memcpy(&(them_in6->sin6_addr), ip, sizeof(struct in6_addr));
++    }
++# else
++	return(0);
++# endif
+ 
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
++        s = socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
+     else                        /* ( type == SOCK_DGRAM) */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++        s = socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET) {
+         perror("socket");
+@@ -280,7 +310,7 @@
+     }
+ # endif
+ 
+-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
++    if (connect(s, (struct sockaddr *)&them, addr_len) == -1) {
+         closesocket(s);
+         perror("connect");
+         return (0);
+@@ -292,14 +322,14 @@
+ int do_server(int port, int type, int *ret,
+               int (*cb) (char *hostname, int s, int stype,
+                          unsigned char *context), unsigned char *context,
+-              int naccept)
++              int naccept, int use_ipv4, int use_ipv6)
+ {
+     int sock;
+     char *name = NULL;
+     int accept_socket = 0;
+     int i;
+ 
+-    if (!init_server(&accept_socket, port, type))
++    if (!init_server(&accept_socket, port, type, use_ipv4, use_ipv6))
+         return (0);
+ 
+     if (ret != NULL) {
+@@ -328,32 +358,41 @@
+     }
+ }
+ 
+-static int init_server_long(int *sock, int port, char *ip, int type)
++static int init_server_long(int *sock, int port, char *ip, int type, int use_ipv4, int use_ipv6)
+ {
+     int ret = 0;
++    int domain;
++# if OPENSSL_USE_IPV6
++    struct sockaddr_storage server;
++    struct sockaddr_in *server_in = (struct sockaddr_in *)&server;
++    struct sockaddr_in6 *server_in6 = (struct sockaddr_in6 *)&server;
++# else
+     struct sockaddr_in server;
++    struct sockaddr_in *server_in = &server;
++# endif
++    socklen_t addr_len;
+     int s = -1;
+ 
++    if (!use_ipv4 && !use_ipv6)
++	goto err;
++# if OPENSSL_USE_IPV6
++    /* we are fine here */
++# else
++    if (use_ipv6)
++	goto err;
++# endif
+     if (!ssl_sock_init())
+         return (0);
+ 
+-    memset((char *)&server, 0, sizeof(server));
+-    server.sin_family = AF_INET;
+-    server.sin_port = htons((unsigned short)port);
+-    if (ip == NULL)
+-        server.sin_addr.s_addr = INADDR_ANY;
+-    else
+-/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
+-# ifndef BIT_FIELD_LIMITS
+-        memcpy(&server.sin_addr.s_addr, ip, 4);
++#if OPENSSL_USE_IPV6
++    domain = use_ipv6 ? AF_INET6 : AF_INET;
+ # else
+-        memcpy(&server.sin_addr, ip, 4);
++    domain = AF_INET;
+ # endif
+-
+     if (type == SOCK_STREAM)
+-        s = socket(AF_INET, SOCK_STREAM, SOCKET_PROTOCOL);
+-    else                        /* type == SOCK_DGRAM */
+-        s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
++	s=socket(domain, SOCK_STREAM, SOCKET_PROTOCOL);
++    else /* type == SOCK_DGRAM */
++	s=socket(domain, SOCK_DGRAM, IPPROTO_UDP);
+ 
+     if (s == INVALID_SOCKET)
+         goto err;
+@@ -363,7 +402,42 @@
+         setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+     }
+ # endif
+-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
++# if OPENSSL_USE_IPV6
++    if ((use_ipv4 == 0) && (use_ipv6 == 1)) {
++	const int on = 1;
++
++	setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY,
++		    (const void *) &on, sizeof(int));
++    }
++# endif
++    if (domain == AF_INET) {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in);
++	memset(server_in, 0, sizeof(struct sockaddr_in));
++	server_in->sin_family=AF_INET;
++	server_in->sin_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in->sin_addr.s_addr = htonl(INADDR_ANY);
++	else
++/* Added for T3E, address-of fails on bit field (beckman@acl.lanl.gov) */
++# ifndef BIT_FIELD_LIMITS
++	    memcpy(&server_in->sin_addr.s_addr, ip, 4);
++# else
++	    memcpy(&server_in->sin_addr, ip, 4);
++# endif
++    }
++# if OPENSSL_USE_IPV6
++    else {
++	addr_len = (socklen_t)sizeof(struct sockaddr_in6);
++	memset(server_in6, 0, sizeof(struct sockaddr_in6));
++	server_in6->sin6_family = AF_INET6;
++	server_in6->sin6_port = htons((unsigned short)port);
++	if (ip == NULL)
++	    server_in6->sin6_addr = in6addr_any;
++	else
++	    memcpy(&server_in6->sin6_addr, ip, sizeof(struct in6_addr));
++    }
++# endif
++    if (bind(s, (struct sockaddr *)&server, addr_len) == -1) {
+ # ifndef OPENSSL_SYS_WINDOWS
+         perror("bind");
+ # endif
+@@ -381,16 +455,23 @@
+     return (ret);
+ }
+ 
+-static int init_server(int *sock, int port, int type)
++static int init_server(int *sock, int port, int type, int use_ipv4, int use_ipv6)
+ {
+-    return (init_server_long(sock, port, NULL, type));
++    return (init_server_long(sock, port, NULL, type, use_ipv4, use_ipv6));
+ }
+ 
+ static int do_accept(int acc_sock, int *sock, char **host)
+ {
+     int ret;
+     struct hostent *h1, *h2;
+-    static struct sockaddr_in from;
++#if OPENSSL_USE_IPV6
++    struct sockaddr_storage from;
++    struct sockaddr_in *from_in = (struct sockaddr_in *)&from;
++    struct sockaddr_in6 *from_in6 = (struct sockaddr_in6 *)&from;
++#else
++    struct sockaddr_in from;
++    struct sockaddr_in *from_in = &from;
++#endif
+     int len;
+ /*      struct linger ling; */
+ 
+@@ -440,14 +521,25 @@
+ 
+     if (host == NULL)
+         goto end;
++# if OPENSSL_USE_IPV6
++    if (from.ss_family == AF_INET)
++# else
++    if (from.sin_family == AF_INET)
++# endif
+ # ifndef BIT_FIELD_LIMITS
+-    /* I should use WSAAsyncGetHostByName() under windows */
+-    h1 = gethostbyaddr((char *)&from.sin_addr.s_addr,
+-                       sizeof(from.sin_addr.s_addr), AF_INET);
++	/* I should use WSAAsyncGetHostByName() under windows */
++	h1 = gethostbyaddr((char *)&from_in->sin_addr.s_addr,
++                	    sizeof(from_in->sin_addr.s_addr), AF_INET);
+ # else
+-    h1 = gethostbyaddr((char *)&from.sin_addr,
+-                       sizeof(struct in_addr), AF_INET);
++	h1 = gethostbyaddr((char *)&from_in->sin_addr,
++            		    sizeof(struct in_addr), AF_INET);
++# endif
++# if OPENSSL_USE_IPV6
++    else
++	h1 = gethostbyaddr((char *)&from_in6->sin6_addr,
++			    sizeof(struct in6_addr), AF_INET6);
+ # endif
++	    
+     if (h1 == NULL) {
+         BIO_printf(bio_err, "bad gethostbyaddr\n");
+         *host = NULL;
+@@ -460,14 +552,22 @@
+         }
+         BUF_strlcpy(*host, h1->h_name, strlen(h1->h_name) + 1);
+ 
+-        h2 = GetHostByName(*host);
++# if OPENSSL_USE_IPV6
++	h2=GetHostByName(*host, from.ss_family);
++# else
++	h2=GetHostByName(*host, from.sin_family);
++# endif
+         if (h2 == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             closesocket(ret);
+             return (0);
+         }
+-        if (h2->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++# if OPENSSL_USE_IPV6
++	if (h2->h_addrtype != from.ss_family) {
++# else
++	if (h2->h_addrtype != from.sin_family) {
++# endif
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+             closesocket(ret);
+             return (0);
+         }
+@@ -483,14 +583,14 @@
+     char *h, *p;
+ 
+     h = str;
+-    p = strchr(str, ':');
++    p = strrchr(str, ':');
+     if (p == NULL) {
+         BIO_printf(bio_err, "no port defined\n");
+         return (0);
+     }
+     *(p++) = '\0';
+ 
+-    if ((ip != NULL) && !host_ip(str, ip))
++    if ((ip != NULL) && !host_ip(str, ip, AF_INET))
+         goto err;
+     if (host_ptr != NULL)
+         *host_ptr = h;
+@@ -502,44 +602,51 @@
+     return (0);
+ }
+ 
+-static int host_ip(char *str, unsigned char ip[4])
++static int host_ip(char *str, unsigned char *ip, int domain)
+ {
+     unsigned int in[4];
++    unsigned long l;
+     int i;
+ 
+-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
+-        4) {
++    if ((domain == AF_INET) && (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) == 4)) {
+         for (i = 0; i < 4; i++)
+             if (in[i] > 255) {
+                 BIO_printf(bio_err, "invalid IP address\n");
+                 goto err;
+             }
+-        ip[0] = in[0];
+-        ip[1] = in[1];
+-        ip[2] = in[2];
+-        ip[3] = in[3];
+-    } else {                    /* do a gethostbyname */
++	l=htonl((in[0]<<24L)|(in[1]<<16L)|(in[2]<<8L)|in[3]);
++	memcpy(ip, &l, 4);
++	return 1;
++    }
++# if OPENSSL_USE_IPV6
++    else if ((domain == AF_INET6) && (inet_pton(AF_INET6, str, ip) == 1))
++	return 1;
++# endif
++    else {                    /* do a gethostbyname */
+         struct hostent *he;
+ 
+         if (!ssl_sock_init())
+             return (0);
+ 
+-        he = GetHostByName(str);
++        he = GetHostByName(str, domain);
+         if (he == NULL) {
+             BIO_printf(bio_err, "gethostbyname failure\n");
+             goto err;
+         }
+         /* cast to short because of win16 winsock definition */
+-        if ((short)he->h_addrtype != AF_INET) {
+-            BIO_printf(bio_err, "gethostbyname addr is not AF_INET\n");
++        if ((short)he->h_addrtype != domain) {
++            BIO_printf(bio_err, "gethostbyname addr is not correct\n");
+             return (0);
+         }
+-        ip[0] = he->h_addr_list[0][0];
+-        ip[1] = he->h_addr_list[0][1];
+-        ip[2] = he->h_addr_list[0][2];
+-        ip[3] = he->h_addr_list[0][3];
++	if (domain == AF_INET)
++	    memset(ip, 0, 4);
++# if OPENSSL_USE_IPV6
++	else
++	    memset(ip, 0, 16);
++# endif
++	memcpy(ip, he->h_addr_list[0], he->h_length);
++	return 1;
+     }
+-    return (1);
+  err:
+     return (0);
+ }
+@@ -573,7 +680,7 @@
+ static unsigned long ghbn_hits = 0L;
+ static unsigned long ghbn_miss = 0L;
+ 
+-static struct hostent *GetHostByName(char *name)
++static struct hostent *GetHostByName(char *name, int domain)
+ {
+     struct hostent *ret;
+     int i, lowi = 0;
+@@ -585,13 +692,18 @@
+             lowi = i;
+         }
+         if (ghbn_cache[i].order > 0) {
+-            if (strncmp(name, ghbn_cache[i].name, 128) == 0)
++            if ((strncmp(name, ghbn_cache[i].name, 128) == 0) && (ghbn_cache[i].ent.h_addrtype == domain))
+                 break;
+         }
+     }
+     if (i == GHBN_NUM) {        /* no hit */
+         ghbn_miss++;
+-        ret = gethostbyname(name);
++        if (domain == AF_INET)
++    	    ret = gethostbyname(name);
++# if OPENSSL_USE_IPV6
++	else
++	    ret = gethostbyname2(name, AF_INET6);
++# endif
+         if (ret == NULL)
+             return (NULL);
+         /* else add to cache */

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2a-parallel-install-dirs.patch

@@ -0,0 +1,64 @@
+https://rt.openssl.org/Ticket/Display.html?id=3736&user=guest&pass=guest
+
+From aba899f2eca21e11e5e9797bf8258e7265dea9f5 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 8 Mar 2015 01:32:01 -0500
+Subject: [PATCH] fix parallel install with dir creation
+
+The mkdir-p.pl does not handle parallel creation of directories.
+This comes up when the install_sw and install_docs rules run and
+both call mkdir-p.pl on sibling directory trees.
+
+Instead, lets create a single install_dirs rule that makes all of
+the dirs we need, and have these two install steps depend on that.
+---
+ Makefile.org | 17 +++++++++--------
+ 1 file changed, 9 insertions(+), 8 deletions(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index a6d9471..78e6143 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -536,9 +536,9 @@
+ dist_pem_h:
+ 	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+ 
+-install: all install_docs install_sw
++install: install_docs install_sw
+ 
+-install_sw:
++install_dirs:
+ 	@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ 		$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -547,6 +547,13 @@
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ 		$(INSTALL_PREFIX)$(OPENSSLDIR)/private
++	@$(PERL) $(TOP)/util/mkdir-p.pl \
++		$(INSTALL_PREFIX)$(MANDIR)/man1 \
++		$(INSTALL_PREFIX)$(MANDIR)/man3 \
++		$(INSTALL_PREFIX)$(MANDIR)/man5 \
++		$(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ 	@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ 	do \
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+@@ -636,12 +643,7 @@
+ 		done; \
+ 	done
+ 
+-install_docs:
+-	@$(PERL) $(TOP)/util/mkdir-p.pl \
+-		$(INSTALL_PREFIX)$(MANDIR)/man1 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+-		$(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ 	here="`pwd`"; \
+ 	filecase=; \
+-- 
+2.3.4
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2a-parallel-obj-headers.patch

@@ -0,0 +1,37 @@
+https://rt.openssl.org/Ticket/Display.html?id=3737&user=guest&pass=guest
+
+From ce279d4361e07e9af9ceca8a6e326e661758ad53 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sun, 8 Mar 2015 01:34:48 -0500
+Subject: [PATCH] fix parallel generation of obj headers
+
+The current code has dummy sleep/touch commands to try and work
+around the parallel issue, but that is obviously racy.  Instead
+lets force one of the files to depend on the other so we know
+they'll never run in parallel.
+---
+ crypto/objects/Makefile | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/crypto/objects/Makefile b/crypto/objects/Makefile
+index ad2db1e..7d32504 100644
+--- a/crypto/objects/Makefile
++++ b/crypto/objects/Makefile
+@@ -44,11 +44,11 @@
+ # objects.pl both reads and writes obj_mac.num
+ obj_mac.h: objects.pl objects.txt obj_mac.num
+ 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+-	@sleep 1; touch obj_mac.h; sleep 1
+ 
+-obj_xref.h: objxref.pl obj_xref.txt obj_mac.num
++# This doesn't really need obj_mac.h, but since that rule reads & writes
++# obj_mac.num, we can't run in parallel with it.
++obj_xref.h: objxref.pl obj_xref.txt obj_mac.num obj_mac.h
+ 	$(PERL) objxref.pl obj_mac.num obj_xref.txt > obj_xref.h
+-	@sleep 1; touch obj_xref.h; sleep 1
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+-- 
+2.3.4
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2a-parallel-symlinking.patch

@@ -0,0 +1,63 @@
+https://rt.openssl.org/Ticket/Display.html?id=3780&user=guest&pass=guest
+
+From cc81af135bda47eaa6956a0329cbbc55bf993ac1 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Fri, 3 Apr 2015 01:16:23 -0400
+Subject: [PATCH] fix race when symlink shareds libs
+
+When the crypto/ssl targets attempt to build their shared libs, they run:
+	cd ..; make libcrypto.so.1.0.0
+The top level Makefile in turn runs the build-shared target for that lib.
+
+The build-shared target depends on both do_$(SHLIB_TARGET) & link-shared.
+When building in parallel, make is allowed to run both of these.  They
+both run Makefile.shared for their respective targets:
+do_$(SHLIB_TARGET) ->
+	link_a.linux-shared ->
+	link_a.gnu ->
+	...; $(LINK_SO_A) ->
+	$(LINK_SO) ->
+	$(SYMLINK_SO)
+link-shared ->
+	symlink.linux-shared ->
+	symlink.gnu ->
+	...; $(SYMLINK_SO)
+
+The shell code for SYMLINK_SO attempts to do a [ -e lib ] check, but fails
+basic TOCTOU semantics.  Depending on the load, that means two processes
+will run the sequence:
+	rm -f libcrypto.so
+	ln -s libcrypto.so.1.0.0 libcrypto.so
+
+Which obviously fails:
+	ln: failed to create symbolic link 'libcrypto.so': File exists
+
+Since we know do_$(SHLIB_TARGET) will create the symlink for us, don't
+bother depending on link-shared at all in the top level Makefile when
+building things.
+
+Reported-by: Martin von Gagern <Martin.vGagern@gmx.net>
+URL: https://bugs.gentoo.org/545028
+---
+ Makefile.org | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index 890bfe4..576c60e 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -350,7 +350,10 @@ link-shared:
+ 		libs="$$libs -l$$i"; \
+ 	done
+ 
+-build-shared: do_$(SHLIB_TARGET) link-shared
++# The link target in Makefile.shared will create the symlink for us, so no need
++# to call link-shared directly.  Doing so will cause races with two processes
++# trying to symlink the lib.
++build-shared: do_$(SHLIB_TARGET)
+ 
+ do_$(SHLIB_TARGET):
+ 	@ set -e; libs='-L. $(SHLIBDEPS)'; for i in $(SHLIBDIRS); do \
+-- 
+2.3.4
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2a-x32-asm.patch

@@ -0,0 +1,43 @@
+https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
+
+From 6257d59b3a68d2feb9d64317a1c556dc3813ee61 Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Sat, 21 Mar 2015 06:01:25 -0400
+Subject: [PATCH] crypto: use bigint in x86-64 perl
+
+When building on x32 systems where the default type is 32bit, make sure
+we can transparently represent 64bit integers.  Otherwise we end up with
+build errors like:
+/usr/bin/perl asm/ghash-x86_64.pl elf > ghash-x86_64.s
+Integer overflow in hexadecimal number at asm/../../perlasm/x86_64-xlate.pl line 201, <> line 890.
+...
+ghash-x86_64.s: Assembler messages:
+ghash-x86_64.s:890: Error: junk '.15473355479995e+19' after expression
+
+We don't enable this globally as there are some cases where we'd get
+32bit values interpreted as unsigned when we need them as signed.
+
+Reported-by: Bertrand Jacquin <bertrand@jacquin.bzh>
+URL: https://bugs.gentoo.org/542618
+---
+ crypto/perlasm/x86_64-xlate.pl | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
+index aae8288..0bf9774 100755
+--- a/crypto/perlasm/x86_64-xlate.pl
++++ b/crypto/perlasm/x86_64-xlate.pl
+@@ -195,6 +195,10 @@ my %globals;
+     sub out {
+     	my $self = shift;
+ 
++	# When building on x32 ABIs, the expanded hex value might be too
++	# big to fit into 32bits.  Enable transparent 64bit support here
++	# so we can safely print it out.
++	use bigint;
+ 	if ($gas) {
+ 	    # Solaris /usr/ccs/bin/as can't handle multiplications
+ 	    # in $self->{value}
+-- 
+2.3.3
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2g-parallel-build.patch

@@ -0,0 +1,318 @@
+--- openssl-1.0.2g/crypto/Makefile
++++ openssl-1.0.2g/crypto/Makefile
+@@ -85,11 +85,11 @@
+ 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+-	@target=files; $(RECURSIVE_MAKE)
++	+@target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+ 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:	$(LIB)
+ 	@touch lib
+-$(LIB):	$(LIBOBJ)
++$(LIB):	$(LIBOBJ) | subdirs
+ 	$(AR) $(LIB) $(LIBOBJ)
+ 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ 	$(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ 	fi
+ 
+ libs:
+-	@target=lib; $(RECURSIVE_MAKE)
++	+@target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+ 	@target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2g/engines/Makefile
++++ openssl-1.0.2g/engines/Makefile
+@@ -72,7 +72,7 @@
+ 
+ all:	lib subdirs
+ 
+-lib:	$(LIBOBJ)
++lib:	$(LIBOBJ) | subdirs
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+ 		for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+ 	echo $(EDIRS)
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+ 	ctags $(SRC)
+--- openssl-1.0.2g/Makefile.org
++++ openssl-1.0.2g/Makefile.org
+@@ -279,17 +279,17 @@
+ build_libssl: build_ssl libssl.pc
+ 
+ build_crypto:
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
++	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
++	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
++	+@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
++	+@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
++	+@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
++	+@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -544,7 +544,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
++	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+--- openssl-1.0.2g/Makefile.shared
++++ openssl-1.0.2g/Makefile.shared
+@@ -105,6 +105,7 @@
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ 			done; \
+ 		fi; \
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ 		fi; \
+--- openssl-1.0.2g/test/Makefile
++++ openssl-1.0.2g/test/Makefile
+@@ -139,7 +139,7 @@
+ tags:
+ 	ctags $(SRC)
+ 
+-tests:	exe apps $(TESTS)
++tests:	exe $(TESTS)
+ 
+ apps:
+ 	@(cd ..; $(MAKE) DIRS=apps all)
+@@ -421,130 +421,130 @@
+ 		link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-	@target=$(RSATEST); $(BUILD_CMD)
++	+@target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-	@target=$(BNTEST); $(BUILD_CMD)
++	+@target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-	@target=$(ECTEST); $(BUILD_CMD)
++	+@target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-	@target=$(EXPTEST); $(BUILD_CMD)
++	+@target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-	@target=$(IDEATEST); $(BUILD_CMD)
++	+@target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-	@target=$(MD2TEST); $(BUILD_CMD)
++	+@target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-	@target=$(SHATEST); $(BUILD_CMD)
++	+@target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA1TEST); $(BUILD_CMD)
++	+@target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA256TEST); $(BUILD_CMD)
++	+@target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA512TEST); $(BUILD_CMD)
++	+@target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-	@target=$(RMDTEST); $(BUILD_CMD)
++	+@target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-	@target=$(MDC2TEST); $(BUILD_CMD)
++	+@target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-	@target=$(MD4TEST); $(BUILD_CMD)
++	+@target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-	@target=$(MD5TEST); $(BUILD_CMD)
++	+@target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-	@target=$(HMACTEST); $(BUILD_CMD)
++	+@target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-	@target=$(WPTEST); $(BUILD_CMD)
++	+@target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-	@target=$(RC2TEST); $(BUILD_CMD)
++	+@target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-	@target=$(BFTEST); $(BUILD_CMD)
++	+@target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-	@target=$(CASTTEST); $(BUILD_CMD)
++	+@target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-	@target=$(RC4TEST); $(BUILD_CMD)
++	+@target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-	@target=$(RC5TEST); $(BUILD_CMD)
++	+@target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-	@target=$(DESTEST); $(BUILD_CMD)
++	+@target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-	@target=$(RANDTEST); $(BUILD_CMD)
++	+@target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-	@target=$(DHTEST); $(BUILD_CMD)
++	+@target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-	@target=$(DSATEST); $(BUILD_CMD)
++	+@target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-	@target=$(METHTEST); $(BUILD_CMD)
++	+@target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
++	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-	@target=$(ENGINETEST); $(BUILD_CMD)
++	+@target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-	@target=$(EVPTEST); $(BUILD_CMD)
++	+@target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+-	@target=$(EVPEXTRATEST); $(BUILD_CMD)
++	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-	@target=$(ECDSATEST); $(BUILD_CMD)
++	+@target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-	@target=$(ECDHTEST); $(BUILD_CMD)
++	+@target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-	@target=$(IGETEST); $(BUILD_CMD)
++	+@target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-	@target=$(JPAKETEST); $(BUILD_CMD)
++	+@target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-	@target=$(ASN1TEST); $(BUILD_CMD)
++	+@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-	@target=$(SRPTEST); $(BUILD_CMD)
++	+@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+-	@target=$(V3NAMETEST); $(BUILD_CMD)
++	+@target=$(V3NAMETEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+-	@target=$(CONSTTIMETEST) $(BUILD_CMD)
++	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
+ 
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+-	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
++	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+ 
+ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+-	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
++	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ 
+ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
+-	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
++	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -557,7 +557,7 @@
+ #	fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-	@target=dummytest; $(BUILD_CMD)
++	+@target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2177.patch

@@ -0,0 +1,279 @@
+From a004e72b95835136d3f1ea90517f706c24c03da7 Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Thu, 5 May 2016 11:10:26 +0100
+Subject: [PATCH] Avoid some undefined pointer arithmetic
+
+A common idiom in the codebase is:
+
+if (p + len > limit)
+{
+    return; /* Too long */
+}
+
+Where "p" points to some malloc'd data of SIZE bytes and
+limit == p + SIZE
+
+"len" here could be from some externally supplied data (e.g. from a TLS
+message).
+
+The rules of C pointer arithmetic are such that "p + len" is only well
+defined where len <= SIZE. Therefore the above idiom is actually
+undefined behaviour.
+
+For example this could cause problems if some malloc implementation
+provides an address for "p" such that "p + len" actually overflows for
+values of len that are too big and therefore p + len < limit!
+
+Issue reported by Guido Vranken.
+
+CVE-2016-2177
+
+Reviewed-by: Rich Salz <rsalz@openssl.org>
+---
+ ssl/s3_srvr.c  | 14 +++++++-------
+ ssl/ssl_sess.c |  2 +-
+ ssl/t1_lib.c   | 56 ++++++++++++++++++++++++++++++--------------------------
+ 3 files changed, 38 insertions(+), 34 deletions(-)
+
+diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c
+index ab28702..ab7f690 100644
+--- a/ssl/s3_srvr.c
++++ b/ssl/s3_srvr.c
+@@ -980,7 +980,7 @@ int ssl3_get_client_hello(SSL *s)
+ 
+         session_length = *(p + SSL3_RANDOM_SIZE);
+ 
+-        if (p + SSL3_RANDOM_SIZE + session_length + 1 >= d + n) {
++        if (SSL3_RANDOM_SIZE + session_length + 1 >= (d + n) - p) {
+             al = SSL_AD_DECODE_ERROR;
+             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+             goto f_err;
+@@ -998,7 +998,7 @@ int ssl3_get_client_hello(SSL *s)
+     /* get the session-id */
+     j = *(p++);
+ 
+-    if (p + j > d + n) {
++    if ((d + n) - p < j) {
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+         goto f_err;
+@@ -1054,14 +1054,14 @@ int ssl3_get_client_hello(SSL *s)
+ 
+     if (SSL_IS_DTLS(s)) {
+         /* cookie stuff */
+-        if (p + 1 > d + n) {
++        if ((d + n) - p < 1) {
+             al = SSL_AD_DECODE_ERROR;
+             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+             goto f_err;
+         }
+         cookie_len = *(p++);
+ 
+-        if (p + cookie_len > d + n) {
++        if ((d + n ) - p < cookie_len) {
+             al = SSL_AD_DECODE_ERROR;
+             SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+             goto f_err;
+@@ -1131,7 +1131,7 @@ int ssl3_get_client_hello(SSL *s)
+         }
+     }
+ 
+-    if (p + 2 > d + n) {
++    if ((d + n ) - p < 2) {
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_TOO_SHORT);
+         goto f_err;
+@@ -1145,7 +1145,7 @@ int ssl3_get_client_hello(SSL *s)
+     }
+ 
+     /* i bytes of cipher data + 1 byte for compression length later */
+-    if ((p + i + 1) > (d + n)) {
++    if ((d + n) - p < i + 1) {
+         /* not enough data */
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+@@ -1211,7 +1211,7 @@ int ssl3_get_client_hello(SSL *s)
+ 
+     /* compression */
+     i = *(p++);
+-    if ((p + i) > (d + n)) {
++    if ((d + n) - p < i) {
+         /* not enough data */
+         al = SSL_AD_DECODE_ERROR;
+         SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_LENGTH_MISMATCH);
+diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
+index b182998..54ee783 100644
+--- a/ssl/ssl_sess.c
++++ b/ssl/ssl_sess.c
+@@ -573,7 +573,7 @@ int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len,
+     int r;
+ #endif
+ 
+-    if (session_id + len > limit) {
++    if (limit - session_id < len) {
+         fatal = 1;
+         goto err;
+     }
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index fb64607..cdac011 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -1867,11 +1867,11 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+         0x02, 0x03,             /* SHA-1/ECDSA */
+     };
+ 
+-    if (data >= (limit - 2))
++    if (limit - data <= 2)
+         return;
+     data += 2;
+ 
+-    if (data > (limit - 4))
++    if (limit - data < 4)
+         return;
+     n2s(data, type);
+     n2s(data, size);
+@@ -1879,7 +1879,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+     if (type != TLSEXT_TYPE_server_name)
+         return;
+ 
+-    if (data + size > limit)
++    if (limit - data < size)
+         return;
+     data += size;
+ 
+@@ -1887,7 +1887,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+         const size_t len1 = sizeof(kSafariExtensionsBlock);
+         const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
+ 
+-        if (data + len1 + len2 != limit)
++        if (limit - data != (int)(len1 + len2))
+             return;
+         if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
+             return;
+@@ -1896,7 +1896,7 @@ static void ssl_check_for_safari(SSL *s, const unsigned char *data,
+     } else {
+         const size_t len = sizeof(kSafariExtensionsBlock);
+ 
+-        if (data + len != limit)
++        if (limit - data != (int)(len))
+             return;
+         if (memcmp(data, kSafariExtensionsBlock, len) != 0)
+             return;
+@@ -2053,19 +2053,19 @@ static int ssl_scan_clienthello_tlsext(SSL *s, unsigned char **p,
+     if (data == limit)
+         goto ri_check;
+ 
+-    if (data > (limit - 2))
++    if (limit - data < 2)
+         goto err;
+ 
+     n2s(data, len);
+ 
+-    if (data + len != limit)
++    if (limit - data != len)
+         goto err;
+ 
+-    while (data <= (limit - 4)) {
++    while (limit - data >= 4) {
+         n2s(data, type);
+         n2s(data, size);
+ 
+-        if (data + size > (limit))
++        if (limit - data < size)
+             goto err;
+ # if 0
+         fprintf(stderr, "Received extension type %d size %d\n", type, size);
+@@ -2472,18 +2472,18 @@ static int ssl_scan_clienthello_custom_tlsext(SSL *s,
+     if (s->hit || s->cert->srv_ext.meths_count == 0)
+         return 1;
+ 
+-    if (data >= limit - 2)
++    if (limit - data <= 2)
+         return 1;
+     n2s(data, len);
+ 
+-    if (data > limit - len)
++    if (limit - data < len)
+         return 1;
+ 
+-    while (data <= limit - 4) {
++    while (limit - data >= 4) {
+         n2s(data, type);
+         n2s(data, size);
+ 
+-        if (data + size > limit)
++        if (limit - data < size)
+             return 1;
+         if (custom_ext_parse(s, 1 /* server */ , type, data, size, al) <= 0)
+             return 0;
+@@ -2569,20 +2569,20 @@ static int ssl_scan_serverhello_tlsext(SSL *s, unsigned char **p,
+                              SSL_TLSEXT_HB_DONT_SEND_REQUESTS);
+ # endif
+ 
+-    if (data >= (d + n - 2))
++    if ((d + n) - data <= 2)
+         goto ri_check;
+ 
+     n2s(data, length);
+-    if (data + length != d + n) {
++    if ((d + n) - data != length) {
+         *al = SSL_AD_DECODE_ERROR;
+         return 0;
+     }
+ 
+-    while (data <= (d + n - 4)) {
++    while ((d + n) - data >= 4) {
+         n2s(data, type);
+         n2s(data, size);
+ 
+-        if (data + size > (d + n))
++        if ((d + n) - data < size)
+             goto ri_check;
+ 
+         if (s->tlsext_debug_cb)
+@@ -3307,29 +3307,33 @@ int tls1_process_ticket(SSL *s, unsigned char *session_id, int len,
+     /* Skip past DTLS cookie */
+     if (SSL_IS_DTLS(s)) {
+         i = *(p++);
+-        p += i;
+-        if (p >= limit)
++
++        if (limit - p <= i)
+             return -1;
++
++        p += i;
+     }
+     /* Skip past cipher list */
+     n2s(p, i);
+-    p += i;
+-    if (p >= limit)
++    if (limit - p <= i)
+         return -1;
++    p += i;
++
+     /* Skip past compression algorithm list */
+     i = *(p++);
+-    p += i;
+-    if (p > limit)
++    if (limit - p < i)
+         return -1;
++    p += i;
++
+     /* Now at start of extensions */
+-    if ((p + 2) >= limit)
++    if (limit - p <= 2)
+         return 0;
+     n2s(p, i);
+-    while ((p + 4) <= limit) {
++    while (limit - p >= 4) {
+         unsigned short type, size;
+         n2s(p, type);
+         n2s(p, size);
+-        if (p + size > limit)
++        if (limit - p < size)
+             return 0;
+         if (type == TLSEXT_TYPE_session_ticket) {
+             int r;
+-- 
+1.9.1
+

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2h-CVE-2016-2178.patch

@@ -0,0 +1,28 @@
+X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fdsa%2Fdsa_ossl.c;h=beb62b2ff058d3e2bde0397fbddd355e11cd457b;hp=ce1da1cd6fa121f1ae0961ac2d2e9f81de4d8c9b;hb=399944622df7bd81af62e67ea967c470534090e2;hpb=0a4c87a90c6cf6628c688868cd5f13e4b9a5f19d
+
+diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
+index ce1da1c..beb62b2 100644
+--- a/crypto/dsa/dsa_ossl.c
++++ b/crypto/dsa/dsa_ossl.c
+@@ -248,9 +248,6 @@
+         if (!BN_rand_range(&k, dsa->q))
+             goto err;
+     while (BN_is_zero(&k)) ;
+-    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+-        BN_set_flags(&k, BN_FLG_CONSTTIME);
+-    }
+ 
+     if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+         if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+@@ -238,6 +234,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
+     } else {
+         K = k;
+     }
++
++    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
++        BN_set_flags(K, BN_FLG_CONSTTIME);
++    }
++
+     DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+                    dsa->method_mont_p);
+     if (!BN_mod(r, r, dsa->q, ctx))

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.0.2i-parallel-build.patch

@@ -0,0 +1,326 @@
+--- openssl-1.0.2i/crypto/Makefile
++++ openssl-1.0.2i/crypto/Makefile
+@@ -85,11 +85,11 @@
+ 	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+ 
+ subdirs:
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+-	@target=files; $(RECURSIVE_MAKE)
++	+@target=files; $(RECURSIVE_MAKE)
+ 
+ links:
+ 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib:	$(LIB)
+ 	@touch lib
+-$(LIB):	$(LIBOBJ)
++$(LIB):	$(LIBOBJ) | subdirs
+ 	$(AR) $(LIB) $(LIBOBJ)
+ 	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ 	$(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ 	fi
+ 
+ libs:
+-	@target=lib; $(RECURSIVE_MAKE)
++	+@target=lib; $(RECURSIVE_MAKE)
+ 
+ install:
+ 	@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ lint:
+ 	@target=lint; $(RECURSIVE_MAKE)
+--- openssl-1.0.2i/engines/Makefile
++++ openssl-1.0.2i/engines/Makefile
+@@ -72,7 +72,7 @@
+ 
+ all:	lib subdirs
+ 
+-lib:	$(LIBOBJ)
++lib:	$(LIBOBJ) | subdirs
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		set -e; \
+ 		for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+ 
+ subdirs:
+ 	echo $(EDIRS)
+-	@target=all; $(RECURSIVE_MAKE)
++	+@target=all; $(RECURSIVE_MAKE)
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ 			  mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ 		done; \
+ 	fi
+-	@target=install; $(RECURSIVE_MAKE)
++	+@target=install; $(RECURSIVE_MAKE)
+ 
+ tags:
+ 	ctags $(SRC)
+--- openssl-1.0.2i/Makefile.org
++++ openssl-1.0.2i/Makefile.org
+@@ -281,17 +281,17 @@
+ build_libssl: build_ssl libssl.pc
+ 
+ build_crypto:
+-	@dir=crypto; target=all; $(BUILD_ONE_CMD)
++	+@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+-	@dir=ssl; target=all; $(BUILD_ONE_CMD)
++	+@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+-	@dir=engines; target=all; $(BUILD_ONE_CMD)
++	+@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+-	@dir=apps; target=all; $(BUILD_ONE_CMD)
++	+@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+-	@dir=test; target=all; $(BUILD_ONE_CMD)
++	+@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+-	@dir=tools; target=all; $(BUILD_ONE_CMD)
++	+@dir=tools; target=all; $(BUILD_ONE_CMD)
+ 
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -547,7 +547,7 @@
+ 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ 	done;
+-	@set -e; target=install; $(RECURSIVE_BUILD_CMD)
++	+@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ 	@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ 	do \
+ 		if [ -f "$$i" ]; then \
+--- openssl-1.0.2i/Makefile.shared
++++ openssl-1.0.2i/Makefile.shared
+@@ -105,6 +105,7 @@
+     SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+     LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+     LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++    [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+     LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+     $${SHAREDCMD} $${SHAREDFLAGS} \
+ 	-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ 			done; \
+ 		fi; \
+ 		if [ -n "$$SHLIB_SOVER" ]; then \
++			[ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ 			( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ 			  ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ 		fi; \
+--- openssl-1.0.2i/test/Makefile
++++ openssl-1.0.2i/test/Makefile
+@@ -144,7 +144,7 @@
+ tags:
+ 	ctags $(SRC)
+ 
+-tests:	exe apps $(TESTS)
++tests:	exe $(TESTS)
+ 
+ apps:
+ 	@(cd ..; $(MAKE) DIRS=apps all)
+@@ -435,136 +435,136 @@
+ 		link_app.$${shlib_target}
+ 
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+-	@target=$(RSATEST); $(BUILD_CMD)
++	+@target=$(RSATEST); $(BUILD_CMD)
+ 
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+-	@target=$(BNTEST); $(BUILD_CMD)
++	+@target=$(BNTEST); $(BUILD_CMD)
+ 
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+-	@target=$(ECTEST); $(BUILD_CMD)
++	+@target=$(ECTEST); $(BUILD_CMD)
+ 
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+-	@target=$(EXPTEST); $(BUILD_CMD)
++	+@target=$(EXPTEST); $(BUILD_CMD)
+ 
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+-	@target=$(IDEATEST); $(BUILD_CMD)
++	+@target=$(IDEATEST); $(BUILD_CMD)
+ 
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+-	@target=$(MD2TEST); $(BUILD_CMD)
++	+@target=$(MD2TEST); $(BUILD_CMD)
+ 
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+-	@target=$(SHATEST); $(BUILD_CMD)
++	+@target=$(SHATEST); $(BUILD_CMD)
+ 
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA1TEST); $(BUILD_CMD)
++	+@target=$(SHA1TEST); $(BUILD_CMD)
+ 
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA256TEST); $(BUILD_CMD)
++	+@target=$(SHA256TEST); $(BUILD_CMD)
+ 
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+-	@target=$(SHA512TEST); $(BUILD_CMD)
++	+@target=$(SHA512TEST); $(BUILD_CMD)
+ 
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+-	@target=$(RMDTEST); $(BUILD_CMD)
++	+@target=$(RMDTEST); $(BUILD_CMD)
+ 
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+-	@target=$(MDC2TEST); $(BUILD_CMD)
++	+@target=$(MDC2TEST); $(BUILD_CMD)
+ 
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+-	@target=$(MD4TEST); $(BUILD_CMD)
++	+@target=$(MD4TEST); $(BUILD_CMD)
+ 
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+-	@target=$(MD5TEST); $(BUILD_CMD)
++	+@target=$(MD5TEST); $(BUILD_CMD)
+ 
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+-	@target=$(HMACTEST); $(BUILD_CMD)
++	+@target=$(HMACTEST); $(BUILD_CMD)
+ 
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+-	@target=$(WPTEST); $(BUILD_CMD)
++	+@target=$(WPTEST); $(BUILD_CMD)
+ 
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+-	@target=$(RC2TEST); $(BUILD_CMD)
++	+@target=$(RC2TEST); $(BUILD_CMD)
+ 
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+-	@target=$(BFTEST); $(BUILD_CMD)
++	+@target=$(BFTEST); $(BUILD_CMD)
+ 
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+-	@target=$(CASTTEST); $(BUILD_CMD)
++	+@target=$(CASTTEST); $(BUILD_CMD)
+ 
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+-	@target=$(RC4TEST); $(BUILD_CMD)
++	+@target=$(RC4TEST); $(BUILD_CMD)
+ 
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+-	@target=$(RC5TEST); $(BUILD_CMD)
++	+@target=$(RC5TEST); $(BUILD_CMD)
+ 
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+-	@target=$(DESTEST); $(BUILD_CMD)
++	+@target=$(DESTEST); $(BUILD_CMD)
+ 
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+-	@target=$(RANDTEST); $(BUILD_CMD)
++	+@target=$(RANDTEST); $(BUILD_CMD)
+ 
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+-	@target=$(DHTEST); $(BUILD_CMD)
++	+@target=$(DHTEST); $(BUILD_CMD)
+ 
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+-	@target=$(DSATEST); $(BUILD_CMD)
++	+@target=$(DSATEST); $(BUILD_CMD)
+ 
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+-	@target=$(METHTEST); $(BUILD_CMD)
++	+@target=$(METHTEST); $(BUILD_CMD)
+ 
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(SSLTEST); $(FIPS_BUILD_CMD)
++	+@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ 
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+-	@target=$(ENGINETEST); $(BUILD_CMD)
++	+@target=$(ENGINETEST); $(BUILD_CMD)
+ 
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+-	@target=$(EVPTEST); $(BUILD_CMD)
++	+@target=$(EVPTEST); $(BUILD_CMD)
+ 
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+-	@target=$(EVPEXTRATEST); $(BUILD_CMD)
++	+@target=$(EVPEXTRATEST); $(BUILD_CMD)
+ 
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+-	@target=$(ECDSATEST); $(BUILD_CMD)
++	+@target=$(ECDSATEST); $(BUILD_CMD)
+ 
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+-	@target=$(ECDHTEST); $(BUILD_CMD)
++	+@target=$(ECDHTEST); $(BUILD_CMD)
+ 
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+-	@target=$(IGETEST); $(BUILD_CMD)
++	+@target=$(IGETEST); $(BUILD_CMD)
+ 
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+-	@target=$(JPAKETEST); $(BUILD_CMD)
++	+@target=$(JPAKETEST); $(BUILD_CMD)
+ 
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+-	@target=$(ASN1TEST); $(BUILD_CMD)
++	+@target=$(ASN1TEST); $(BUILD_CMD)
+ 
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+-	@target=$(SRPTEST); $(BUILD_CMD)
++	+@target=$(SRPTEST); $(BUILD_CMD)
+ 
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+-	@target=$(V3NAMETEST); $(BUILD_CMD)
++	+@target=$(V3NAMETEST); $(BUILD_CMD)
+ 
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+-	@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++	+@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+ 
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+-	@target=$(CONSTTIMETEST) $(BUILD_CMD)
++	+@target=$(CONSTTIMETEST) $(BUILD_CMD)
+ 
+ $(VERIFYEXTRATEST)$(EXE_EXT): $(VERIFYEXTRATEST).o
+-	@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
++	+@target=$(VERIFYEXTRATEST) $(BUILD_CMD)
+ 
+ $(CLIENTHELLOTEST)$(EXE_EXT): $(CLIENTHELLOTEST).o
+-	@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
++	+@target=$(CLIENTHELLOTEST) $(BUILD_CMD)
+ 
+ $(BADDTLSTEST)$(EXE_EXT): $(BADDTLSTEST).o
+-	@target=$(BADDTLSTEST) $(BUILD_CMD)
++	+@target=$(BADDTLSTEST) $(BUILD_CMD)
+ 
+ $(SSLV2CONFTEST)$(EXE_EXT): $(SSLV2CONFTEST).o
+-	@target=$(SSLV2CONFTEST) $(BUILD_CMD)
++	+@target=$(SSLV2CONFTEST) $(BUILD_CMD)
+ 
+ $(DTLSTEST)$(EXE_EXT): $(DTLSTEST).o ssltestlib.o $(DLIBSSL) $(DLIBCRYPTO)
+-	@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
++	+@target=$(DTLSTEST); exobj=ssltestlib.o; $(BUILD_CMD)
+ 
+ #$(AESTEST).o: $(AESTEST).c
+ #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -577,7 +577,7 @@
+ #	fi
+ 
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+-	@target=dummytest; $(BUILD_CMD)
++	+@target=dummytest; $(BUILD_CMD)
+ 
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+ 

sdk_container/src/third_party/portage-stable/dev-libs/openssl/files/openssl-1.1.0-ldflags.patch

@@ -0,0 +1,11 @@
+--- openssl-1.1.0-pre4/Makefile.shared
++++ openssl-1.1.0-pre4/Makefile.shared
+@@ -175,7 +175,7 @@
+ 	ALLSYMSFLAGS='-Wl,--whole-archive'; \
+ 	NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ 	$(DO_GNU_SO_COMMON)
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS) $(LDFLAGS)"
+ 
+ #This is rather special.  It's a special target with which one can link
+ #applications without bothering with any features that have anything to

sdk_container/src/third_party/portage-stable/dev-libs/openssl/metadata.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+</maintainer>
+<use>
+ <flag name="asm">Support assembly hand optimized crypto functions (i.e. faster run time)</flag>
+ <flag name="bindist">Disable EC algorithms (as they seem to be patented) -- note: changes the ABI</flag>
+ <flag name="rfc3779">Enable support for RFC 3779 (X.509 Extensions for IP Addresses and AS Identifiers)</flag>
+ <flag name="sslv2">Support for the old/insecure SSLv2 protocol -- note: not required for TLS/https</flag>
+ <flag name="sslv3">Support for the old/insecure SSLv3 protocol -- note: not required for TLS/https</flag>
+ <flag name="tls-heartbeat">Enable the Heartbeat Extension in TLS and DTLS</flag>
+</use>
+<upstream>
+ <remote-id type="cpe">cpe:/a:openssl:openssl</remote-id>
+</upstream>
+<slots>
+ <slot name="0">For building against. This is the only slot
+  that provides headers and command line tools.</slot>
+ <slot name="0.9.8">For binary compatibility, provides libcrypto.so.0.9.8
+  and libssl.so.0.9.8 only.</slot>
+ <subslots>Reflect ABI of libcrypto.so and libssl.so.</subslots>
+</slots>
+</pkgmetadata>

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-0.9.8z_p8.ebuild

@@ -0,0 +1,162 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# this ebuild is only for the libcrypto.so.0.9.8 and libssl.so.0.9.8 SONAME for ABI compat
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+PLEVEL=$(echo "${PV##*_p}" | tr '[1-9]' '[a-i]')
+MY_PV=${PV/_p*/${PLEVEL}}
+MY_P=${PN}-${MY_PV}
+S="${WORKDIR}/${MY_P}"
+DESCRIPTION="Toolkit for SSL v2/v3 and TLS v1"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0.9.8"
+KEYWORDS="~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd"
+IUSE="bindist gmp kerberos cpu_flags_x86_sse2 test zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND="gmp? ( >=dev-libs/gmp-5.1.3-r1[${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )
+	abi_x86_32? (
+		!<=app-emulation/emul-linux-x86-baselibs-20140508-r4
+		!app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+	)
+	!=dev-libs/openssl-0.9.8*:0"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+
+# Do not install any docs
+DOCS=()
+
+src_prepare() {
+	epatch "${FILESDIR}"/${PN}-0.9.8e-bsd-sparc64.patch
+	epatch "${FILESDIR}"/${PN}-0.9.8h-ldflags.patch #181438
+	epatch "${FILESDIR}"/${PN}-0.9.8m-binutils.patch #289130
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:=/usr/share/man:') \
+		Makefile{,.org} \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+	# update the enginedir path.
+	# punt broken config we don't care about as it fails sanity check.
+	sed -i \
+		-e '/^"debug-ben-debug-64"/d' \
+		-e "/foo.*engines/s|/lib/engines|/$(get_libdir)/engines|" \
+		Configure || die
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-0.9.8 gentoo.config || die "cp cross-compile failed"
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags -Wa,--noexecstack
+
+	sed -i '1s,^:$,#!/usr/bin/perl,' Configure #141906
+	sed -i '/^"debug-bodo/d' Configure # 0.9.8za shipped broken
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+
+	tc-export CC AR RANLIB
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      5,724,428 03/03/2015    http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { use $1 && echo "enable-${2:-$1} ${*:3}" || echo "no-${2:-$1}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		enable-idea \
+		enable-mdc2 \
+		$(use_ssl !bindist rc5) \
+		enable-tlsext \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl zlib) \
+		--prefix=/usr \
+		--openssldir=/etc/ssl \
+		shared threads \
+		|| die "Configure failed"
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^LIBDIR=/s|=.*|=$(get_libdir)|" \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts
+	emake -j1 depend
+	emake -j1 build_libs
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	dolib.so lib{crypto,ssl}.so.0.9.8
+}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2h-r2.ebuild

@@ -0,0 +1,254 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	# bugs 585142 and 585276
+	epatch "${FILESDIR}"/${P}-CVE-2016-2177.patch
+	epatch "${FILESDIR}"/${P}-CVE-2016-2178.patch
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.0d-windres.patch #373743
+		epatch "${FILESDIR}"/${PN}-1.0.2g-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2i.ebuild

@@ -0,0 +1,249 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.0.2j.ebuild

@@ -0,0 +1,249 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0"
+KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+	kerberos? ( >=app-crypt/mit-krb5-1.11.4[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${FILESDIR}"/${PN}-1.0.0a-ldflags.patch #327421
+		epatch "${FILESDIR}"/${PN}-1.0.2i-parallel-build.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-obj-headers.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-install-dirs.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-parallel-symlinking.patch #545028
+		epatch "${FILESDIR}"/${PN}-1.0.2-ipv6.patch
+		epatch "${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+		epatch "${FILESDIR}"/${PN}-1.0.1p-default-source.patch #554338
+
+		epatch_user #332661
+	fi
+
+	# disable fips in the build
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	sed -i \
+		-e '/DIRS/s: fips : :g' \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		Makefile.org \
+		|| die
+	# show the actual commands in the log
+	sed -i '/^SET_X/s:=.*:=set -x:' Makefile.shared
+
+	# since we're forcing $(CC) as makedep anyway, just fix
+	# the conditional as always-on
+	# helps clang (#417795), and versioned gcc (#499818)
+	sed -i 's/expr.*MAKEDEPEND.*;/true;/' util/domd || die
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	sed -i '1s,^:$,#!'${EPREFIX}'/usr/bin/perl,' Configure #141906
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		enable-tlsext \
+		$(use_ssl asm) \
+		$(use_ssl gmp gmp -lgmp) \
+		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl sslv2 ssl2) \
+		$(use_ssl sslv3 ssl3) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	local CFLAG=$(grep ^CFLAG= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAG=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+	)
+	sed -i \
+		-e "/^CFLAG/s|=.*|=${CFLAG} ${CFLAGS}|" \
+		-e "/^SHARED_LDFLAGS=/s|$| ${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+	# rehash is needed to prep the certs/ dir; do this
+	# separately to avoid parallel build issues.
+	emake rehash
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake INSTALL_PREFIX="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/c-indentation.el
+	dohtml -r doc/*
+	use rfc3779 && dodoc engines/ccgost/README.gost
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	dodir ${SSL_CNF_DIR}/certs
+	cp -RP certs/* "${ED}"${SSL_CNF_DIR}/certs/ || die
+	rm -r "${ED}"${SSL_CNF_DIR}/certs/{demo,expired}
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

sdk_container/src/third_party/portage-stable/dev-libs/openssl/openssl-1.1.0b.ebuild

@@ -0,0 +1,242 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+
+inherit eutils flag-o-matic toolchain-funcs multilib multilib-minimal
+
+MY_P=${P/_/-}
+DESCRIPTION="full-strength general purpose cryptography library (including SSL and TLS)"
+HOMEPAGE="http://www.openssl.org/"
+SRC_URI="mirror://openssl/source/${MY_P}.tar.gz"
+
+LICENSE="openssl"
+SLOT="0/1.1" # .so version of libssl/libcrypto
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
+IUSE="+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib"
+RESTRICT="!bindist? ( bindist )"
+
+RDEPEND=">=app-misc/c_rehash-1.7-r1
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		sys-devel/bc
+	)"
+PDEPEND="app-misc/ca-certificates"
+
+S="${WORKDIR}/${MY_P}"
+
+MULTILIB_WRAPPED_HEADERS=(
+	usr/include/openssl/opensslconf.h
+)
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.1.0-ldflags.patch #327421
+	"${FILESDIR}"/${PN}-1.0.2a-x32-asm.patch #542618
+)
+
+src_prepare() {
+	# keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		epatch "${PATCHES[@]}"
+		epatch_user #332661
+	fi
+
+	# make sure the man pages are suffixed #302165
+	# don't bother building man pages if they're disabled
+	# Make DOCDIR Gentoo compliant
+	sed -i \
+		-e '/^MANSUFFIX/s:=.*:=ssl:' \
+		-e '/^MAKEDEPPROG/s:=.*:=$(CC):' \
+		-e $(has noman FEATURES \
+			&& echo '/^install:/s:install_docs::' \
+			|| echo '/^MANDIR=/s:=.*:='${EPREFIX}'/usr/share/man:') \
+		-e "/^DOCDIR/s@\$(BASENAME)@&-${PF}@" \
+		Configurations/unix-Makefile.tmpl \
+		|| die
+
+	# show the actual commands in the log
+	sed -i '/^SET_X/s@=.*@=set -x@' Makefile.shared
+
+	# quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (#417795 again)
+	[[ ${CC} == *clang* ]] && append-flags -Qunused-arguments
+
+	# allow openssl to be cross-compiled
+	cp "${FILESDIR}"/gentoo.config-1.0.2 gentoo.config || die
+	chmod a+rx gentoo.config
+
+	append-flags -fno-strict-aliasing
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
+
+	# Prefixify Configure shebang (#141906)
+	sed \
+		-e "1s,/usr/bin/env,${EPREFIX}&," \
+		-i Configure || die
+	# Remove test target when FEATURES=test isn't set
+	if ! use test ; then
+		sed \
+			-e '/^$config{dirs}/s@ "test",@@' \
+			-i Configure || die
+	fi
+	# The config script does stupid stuff to prompt the user.  Kill it.
+	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
+	./config --test-sanity || die "I AM NOT SANE"
+
+	multilib_copy_sources
+}
+
+multilib_src_configure() {
+	unset APPS #197996
+	unset SCRIPTS #312551
+	unset CROSS_COMPILE #311473
+
+	tc-export CC AR RANLIB RC
+
+	# Clean out patent-or-otherwise-encumbered code
+	# Camellia: Royalty Free            http://en.wikipedia.org/wiki/Camellia_(cipher)
+	# IDEA:     Expired                 http://en.wikipedia.org/wiki/International_Data_Encryption_Algorithm
+	# EC:       ????????? ??/??/2015    http://en.wikipedia.org/wiki/Elliptic_Curve_Cryptography
+	# MDC2:     Expired                 http://en.wikipedia.org/wiki/MDC-2
+	# RC5:      Expired                 http://en.wikipedia.org/wiki/RC5
+
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+	echoit() { echo "$@" ; "$@" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths. #460790
+	local ec_nistp_64_gcc_128
+	# Disable it for now though #469976
+	#if ! use bindist ; then
+	#	echo "__uint128_t i;" > "${T}"/128.c
+	#	if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#		ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#	fi
+	#fi
+
+	local sslout=$(./gentoo.config)
+	einfo "Use configuration ${sslout:-(openssl knows best)}"
+	local config="Configure"
+	[[ -z ${sslout} ]] && config="config"
+
+	echoit \
+	./${config} \
+		${sslout} \
+		--api=1.1.0 \
+		$(use cpu_flags_x86_sse2 || echo "no-sse2") \
+		enable-camellia \
+		disable-deprecated \
+		$(use_ssl !bindist ec) \
+		${ec_nistp_64_gcc_128} \
+		enable-idea \
+		enable-mdc2 \
+		enable-rc5 \
+		$(use_ssl asm) \
+		$(use_ssl rfc3779) \
+		$(use_ssl sctp) \
+		$(use_ssl tls-heartbeat heartbeats) \
+		$(use_ssl zlib) \
+		--prefix="${EPREFIX}"/usr \
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR} \
+		--libdir=$(get_libdir) \
+		shared threads \
+		|| die
+
+	# Clean out hardcoded flags that openssl uses
+	# Fix quoting for sed
+	local DEFAULT_CFLAGS=$(grep ^CFLAGS= Makefile | LC_ALL=C sed \
+		-e 's:^CFLAGS=::' \
+		-e 's:-fomit-frame-pointer ::g' \
+		-e 's:-O[0-9] ::g' \
+		-e 's:-march=[-a-z0-9]* ::g' \
+		-e 's:-mcpu=[-a-z0-9]* ::g' \
+		-e 's:-m[a-z0-9]* ::g' \
+		-e 's:\\:\\\\:g' \
+	)
+	sed -i \
+		-e "/^CFLAGS=/s|=.*|=${DEFAULT_CFLAGS} ${CFLAGS}|" \
+		-e "/^LDFLAGS=/s|=[[:space:]]*$|=${LDFLAGS}|" \
+		Makefile || die
+}
+
+multilib_src_compile() {
+	# depend is needed to use $confopts; it also doesn't matter
+	# that it's -j1 as the code itself serializes subdirs
+	emake -j1 depend
+	emake all
+}
+
+multilib_src_test() {
+	emake -j1 test
+}
+
+multilib_src_install() {
+	emake DESTDIR="${D}" install
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
+	dohtml -r doc/*
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs.  But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	use static-libs || rm -f "${ED}"/usr/lib*/lib*.a
+
+	# create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# Namespace openssl programs to prevent conflicts with other man pages
+	cd "${ED}"/usr/share/man
+	local m d s
+	for m in $(find . -type f | xargs grep -L '#include') ; do
+		d=${m%/*} ; d=${d#./} ; m=${m##*/}
+		[[ ${m} == openssl.1* ]] && continue
+		[[ -n $(find -L ${d} -type l) ]] && die "erp, broken links already!"
+		mv ${d}/{,ssl-}${m}
+		# fix up references to renamed man pages
+		sed -i '/^[.]SH "SEE ALSO"/,/^[.]/s:\([^(, ]*(1)\):ssl-\1:g' ${d}/ssl-${m}
+		ln -s ssl-${m} ${d}/openssl-${m}
+		# locate any symlinks that point to this man page ... we assume
+		# that any broken links are due to the above renaming
+		for s in $(find -L ${d} -type l) ; do
+			s=${s##*/}
+			rm -f ${d}/${s}
+			ln -s ssl-${m} ${d}/ssl-${s}
+			ln -s ssl-${s} ${d}/openssl-${s}
+		done
+	done
+	[[ -n $(find -L ${d} -type l) ]] && die "broken manpage links found :("
+
+	dodir /etc/sandbox.d #254521
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_postinst() {
+	ebegin "Running 'c_rehash ${EROOT%/}${SSL_CNF_DIR}/certs/' to rebuild hashes #333069"
+	c_rehash "${EROOT%/}${SSL_CNF_DIR}/certs" >/dev/null
+	eend $?
+}

sdk_container/src/third_party/portage-stable/dev-python/cryptography/ChangeLog

@@ -365,3 +365,139 @@
 
   Signed-off-by: Jason A. Donenfeld <zx2c4@gentoo.org>
 
+  02 Mar 2016; Mike Gilbert <floppym@gentoo.org> cryptography-1.1.2.ebuild,
+  files/cryptography-1.2.2-openssl-1.0.2g-mem_buf.patch:
+  Backport openssl 1.0.2g fix to stable ebuild
+
+  The replaces the patch by zx2c4 with a more flexible patch
+  from upstream. This ensures that the package can build against any
+  version of openssl in the tree.
+
+  Package-Manager: portage-2.2.27_p64
+
+*cryptography-1.2.3 (02 Mar 2016)
+
+  02 Mar 2016; Mike Frysinger <vapier@gentoo.org> +cryptography-1.2.3.ebuild:
+  verison bump to 1.2.3 and add openssl subslot #576128
+
+  16 Mar 2016; Agostino Sarubbo <ago@gentoo.org> cryptography-1.1.2.ebuild:
+  ppc stable wrt bug #574150
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="ppc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  19 Mar 2016; Agostino Sarubbo <ago@gentoo.org> cryptography-1.1.2.ebuild:
+  sparc stable wrt bug #574150
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="sparc"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  20 Mar 2016; Dirkjan Ochtman <djc@gentoo.org> -cryptography-1.1.ebuild,
+  -cryptography-1.1.1.ebuild, -cryptography-1.2.1.ebuild,
+  -cryptography-1.2.2.ebuild:
+  remove old versions
+
+  Package-Manager: portage-2.2.26
+
+*cryptography-1.3 (20 Mar 2016)
+
+  20 Mar 2016; Dirkjan Ochtman <djc@gentoo.org> +cryptography-1.3.ebuild:
+  version bump to 1.3
+
+  Package-Manager: portage-2.2.26
+
+  22 Mar 2016; Agostino Sarubbo <ago@gentoo.org> cryptography-1.1.2.ebuild:
+  ia64 stable wrt bug #574150
+
+  Package-Manager: portage-2.2.26
+  RepoMan-Options: --include-arches="ia64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  22 Mar 2016; Mike Frysinger <vapier@gentoo.org> cryptography-1.1.2.ebuild:
+  mark 1.1.2 arm64/m68k/s390/sh stable #574150
+
+*cryptography-1.3.1 (03 Apr 2016)
+
+  03 Apr 2016; Patrick Lauer <patrick@gentoo.org> +cryptography-1.3.1.ebuild:
+  Bump
+
+  Package-Manager: portage-2.2.28
+
+  01 Jun 2016; Tobias Klausmann <klausman@gentoo.org>
+  cryptography-1.3.1.ebuild:
+  1.3.1-r0: add alpha keyword
+
+  Gentoo-Bug: 583884
+
+  Package-Manager: portage-2.3.0_rc1
+
+  02 Jun 2016; Markus Meier <maekke@gentoo.org> cryptography-1.3.1.ebuild:
+  arm stable, bug #583884
+
+  Package-Manager: portage-2.3.0_rc1
+  RepoMan-Options: --include-arches="arm"
+
+  04 Jun 2016; Dirkjan Ochtman <djc@gentoo.org> -cryptography-1.0.2.ebuild,
+  -cryptography-1.2.3.ebuild, -cryptography-1.3.ebuild:
+  remove old versions
+
+  Package-Manager: portage-2.2.28
+
+*cryptography-1.3.4 (04 Jun 2016)
+
+  04 Jun 2016; Dirkjan Ochtman <djc@gentoo.org> +cryptography-1.3.4.ebuild:
+  version bump to 1.3.4 (fixes bug 584806)
+
+  Package-Manager: portage-2.2.28
+
+  06 Jun 2016; Agostino Sarubbo <ago@gentoo.org> cryptography-1.3.1.ebuild:
+  amd64 stable wrt bug #583884
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="amd64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  21 Jun 2016; Mike Frysinger <vapier@gentoo.org> cryptography-1.3.1.ebuild:
+  mark 1.3.1 arm64/ia64/m68k/ppc/ppc64/s390/sh/sparc stable #583884
+
+  22 Jul 2016; Bernard Cafarelli <voyageur@gentoo.org>
+  cryptography-1.3.1.ebuild:
+  x86 stable wrt bug #583884
+
+  Package-Manager: portage-2.3.0
+
+*cryptography-1.5 (10 Sep 2016)
+
+  10 Sep 2016; Dirkjan Ochtman <djc@gentoo.org> +cryptography-1.5.ebuild:
+  version bump to 1.5
+
+  Package-Manager: portage-2.2.28
+
+  22 Sep 2016; Tobias Klausmann <klausman@gentoo.org>
+  cryptography-1.3.4.ebuild:
+  1.3.4-r0: add alpha keyword
+
+  Gentoo-Bug: 592618
+
+  26 Sep 2016; Agostino Sarubbo <ago@gentoo.org> cryptography-1.3.4.ebuild:
+  amd64 stable wrt bug #592618
+
+  Package-Manager: portage-2.2.28
+  RepoMan-Options: --include-arches="amd64"
+  Signed-off-by: Agostino Sarubbo <ago@gentoo.org>
+
+  01 Oct 2016; Jeroen Roovers <jer@gentoo.org> cryptography-1.3.4.ebuild:
+  Stable for HPPA (bug #592618).
+
+  Package-Manager: portage-2.3.1
+  RepoMan-Options: --ignore-arches
+
+*cryptography-1.5.2 (01 Oct 2016)
+
+  01 Oct 2016; Patrick Lauer <patrick@gentoo.org> +cryptography-1.5.2.ebuild:
+  Bump
+
+  Package-Manager: portage-2.3.0
+

sdk_container/src/third_party/portage-stable/dev-python/cryptography/Manifest

@@ -1,18 +1,14 @@
 AUX cryptography-1.2.2-openssl-1.0.2g-mem_buf.patch 991 SHA256 73144a1b18abc936e6974d58b66c469b8eaf58957a08531321bf1b5b1727be6e SHA512 2cc71dfd3a0b430b1109ef0111c1ada585a3ecc25e3861896c073151de6b029dcd9f751b7bd8861427f11834378c68606f1f068ca8ce2840150c8089116be508 WHIRLPOOL 4e9e11974b4050d0ce57bc29ba018fd5583a23e114a32eba5831886e728f36f8b03779206cf9bac171af4fd9540dedaa49b51065b038c7566aea8acac14febfb
-DIST cryptography-1.0.2.tar.gz 332870 SHA256 d64cd491e91ddf642c643bea16532c2a2da2da054cca6df756edadd55a8bacca SHA512 f266fbee6ab06ed6a552599dffe6d3e959dd858e6be7b81c0d4489c384fbb2b5de5ecf4f1e43e1dacbaa6ddefd1562f10961caec73cb3ed256faa03a5d4eff85 WHIRLPOOL ba8c13df5c58ab551f43ddf51cde8e85835a06eda83e5a5039e32308431b6f365692b01ea343adba6fcafe80d045a04b8ef37324e5bf1ada0adef10752f1e321
-DIST cryptography-1.1.1.tar.gz 348988 SHA256 2912923af7455fb2d2439a037242507c12caece7dd6659d62fa82a61edb2bae0 SHA512 d23b755cd57dfd983069c9ea8d8bb6f8ff6a1ef5a874de783a3686ec9ec9141f67f83956e676929188f93a1cca191a05f5172d94005ec38a8200f5d55bbfb1a7 WHIRLPOOL 829a5525de38712e0f155c2f22ce730ad33100b042ae905cf92897c2cbeda3026c97f1477bdd43cc191a4340d1993a03f26643e2493a1694b63a897143a227b9
 DIST cryptography-1.1.2.tar.gz 349022 SHA256 7f51459f84d670444275e615839f4542c93547a12e938a0a4906dafe5f7de153 SHA512 566e346a76cfd6b1c6afbf64d1fe496770b1ad5f471c42877ad6931a441ab77408815ae066ba3f0450766c86ae9dd10d7a5966321f93a979a4e1ab9e1201371b WHIRLPOOL 9a552e65047c45e19e313e0530031fa282aec51577bcc64f9346f37ac99663db052f7ccc1798532103edffa6e778f9585e937a862a475f6d7bd9140d06bbcf57
-DIST cryptography-1.1.tar.gz 348676 SHA256 059bc6428b1d0e2317f505698602642f1d8dda5b120ec573a59a430d8cb7a32d SHA512 8d5b5ac7cc2dcf7271dcd85c65c42cd815b95ec8502864da1b7c32c4a5905ecc6ae45f54d11e7b539d9ddf10d8bd3de9f40233c0b3cbdd1132b2ffbd4ebb318f WHIRLPOOL 0f154e624a51ebbc342ea082fc00a66b21024c81f3265e7d0e22e089afc5e83dcfe2857113d911db3a8e253d6fe93413ff94b91a83e97fd9405c3f08becc8a03
-DIST cryptography-1.2.1.tar.gz 372763 SHA256 a13217a03a47e743d26edff7299e4be7358c2fd12a223ac5d6de3229690b6ee5 SHA512 8ec01e23cfc4c6f9dd38a4a3238a670e68e0174e23d815a3babe37b3355cd453586ee271848f5d9d194f6b3b28483101558376e062ef7bb20cc4508261eb1ad7 WHIRLPOOL fa11a9e8ee9c675c0d8d282f420d072e4029e349df5c07202cfd93fcfb94834a0481e2f858f1426b0aba46bf173843ff40975a23d5b006583241f64442307638
-DIST cryptography-1.2.2.tar.gz 372894 SHA256 3f219cb9106d9b737ea9c332c4d15d70ac328f91b59fd9d79f78bdea8f826a67 SHA512 9c838e116b23bf22c5b01ecdd6f7fa0c4c92ce857516d500b983ae71bab002331cafcb404caa454362878ecbe4a818626c5f94636340bcad0518390671a36845 WHIRLPOOL 29c86d3d6f271f5a9a5da9afa39acc49c579e752e2c040e4b1014c0446a4604fa955ff2a6486ed1c0389fbe5ca54c3181af0bcef279a3fd4e8f4a37e3e09c190
-DIST cryptography-1.2.3.tar.gz 373165 SHA256 8eb11c77dd8e73f48df6b2f7a7e16173fe0fe8fdfe266232832e88477e08454e SHA512 f05f6ffd3386e839998437b3cb6b3bcc38af604e77aefe43904c8e155c26f9113f70666d7f089a76f5f646350f2ffa0aeb1e546d14da1d99c1d3de3419c833e3 WHIRLPOOL 5aeab8267500fffa6ca242c606c3724b0d03770129ac96250c913e4b2b433a8a8e83a6bcb2f5309adbe18e1c02004afecec9ae0c12c7ff381be4f36ff985f10b
-EBUILD cryptography-1.0.2.ebuild 1573 SHA256 42ad65cbc1f9f59f76156302a043b053db9968227b03f8dd90e3fe81489b9ee5 SHA512 aad45de00cb9b4b2fbfe19d46fbf5b5e3c2124e79cb8c76b75f41c37f1a2d1fdd16a26f7c9b18738c9f92a76d5425a16630037d1fcbd7c1cbbeb692633d2f811 WHIRLPOOL d15fc6ce0970b0393169499b57ecde95f40988533d7832331438bd5b42b6a4e87eac50295f7d225666f6562fa335ba4d8eaa8826a6ea1c0823d786a9a3accb0f
-EBUILD cryptography-1.1.1.ebuild 1592 SHA256 83ff4ebc4db22e94c2c47d78844dd8cb8418c55fee711c25b69b6a651f0e9120 SHA512 2c0b93b18efe01461af6f648c6f4f2317e604f106fb25603c3cc62e818e532b80ed127e695f64334963c4ad67e7dede8c5ef34b9e0df9b5a773ea38eba840a4a WHIRLPOOL 5bf499c2907a310c5ae283c57340a9e5d08a6f2883859cd846eb657bd2f8b1f52d59a8a1e94dfa0512e9a678b6a6e1aec73acfc3883a386114fe2aa26cb2d0b5
-EBUILD cryptography-1.1.2.ebuild 1654 SHA256 8b45f920a3d05fdd75f170bab02b9a3b74fa494287e7103264317e8d7fb70fcb SHA512 e31775001b3ecec17c8177ea8a0acb38453929a69fc40d09b41167c096f236f18120c6f50f6124697703c8e6934f99820d7b9e666aa5b5e5b5f30dd5aebcfc23 WHIRLPOOL ece550cccab0d3153292ef2aee3bddbcfa8eb3376805e1d18964823b04f568502bc98ae2eddc0a28c02ac16631847213e96b43cdd9f827d4a4a3965617354576
-EBUILD cryptography-1.1.ebuild 1592 SHA256 83ff4ebc4db22e94c2c47d78844dd8cb8418c55fee711c25b69b6a651f0e9120 SHA512 2c0b93b18efe01461af6f648c6f4f2317e604f106fb25603c3cc62e818e532b80ed127e695f64334963c4ad67e7dede8c5ef34b9e0df9b5a773ea38eba840a4a WHIRLPOOL 5bf499c2907a310c5ae283c57340a9e5d08a6f2883859cd846eb657bd2f8b1f52d59a8a1e94dfa0512e9a678b6a6e1aec73acfc3883a386114fe2aa26cb2d0b5
-EBUILD cryptography-1.2.1.ebuild 1598 SHA256 4788648284f4768efe546c66b5fa039efa76e07b99ca85d6220de1bcf464352d SHA512 13cef6573764842e762557e095fb430263fead5745af2e02f329a09ecf50b762c45fbcde7069d7a080744f0459f8245a19b95833ba7ac73d21108db90abed325 WHIRLPOOL 74e8ca8016480428b59032108ba41020c8b8a27b5fd15e24095051e8338d83aae2c4d8ff5ba403869e8d312b9d642fbf4fcb0f3909291d96298ee4128bc2daae
-EBUILD cryptography-1.2.2.ebuild 1666 SHA256 c5c04a65e16080e57fb50909470c5ba0f0ba9f169b8f205320029ead04958518 SHA512 796af0092275c854d4f82334e0b41b9372f51f31362b27b9a949c20feec910478ea15dfbfeebb8d3981263da76a40979618b93d5d5bd7aada376b53ea4d8af35 WHIRLPOOL 7130c8a5feec65b1a8eab4b0da7cc8ec2fbc58068199f374f03683dac9afd304aff1a33e5041d9eb142e01b13c7ac6c05bc823fa8e5b66676aca762729c606a5
-EBUILD cryptography-1.2.3.ebuild 1601 SHA256 66287bd596f8d784185892cf811c1795ef3d8ac37ab0989e7dde6740f6bcbeee SHA512 702b132cf738623578c21838f38b420765349997944cc7065bd25d3ef2c6e0c30c90042e340647e13d322e8c52f945ac91967c856e9aa1c40da89311ed9aa36e WHIRLPOOL a97ff983b11a63ba6ced34965f7c26920a7a3299ff99acec9621206cf30a8c4df1d1327a059cad5205f78f749217e0449219622737809d80a199c3b04f9ec80e
-MISC ChangeLog 12096 SHA256 17a122f4da90342e7866d19b4875014718650a8015d46b0db7f7684472bf6e79 SHA512 af3215afc35ba3b40351092a670513bd5760289f598e2040d668acafc9cf07ef9aec7d4e9f5520e5a6ab9cabe22cb498fa26fc36daecd051a818d51a8a45567e WHIRLPOOL d096832bd25c3b21712903c3e78832d86cff92452f36ce6d74b0bc7c2233e2bb6f371abc069ec159dabcfe62bd22a805b5f4ebe1cfbebd45777d505b25662833
+DIST cryptography-1.3.1.tar.gz 383852 SHA256 b4b36175e0f95ddc88435c26dbe3397edce48e2ff5fe41d504cdb3beddcd53e2 SHA512 8b833619d0aec5e6630c8e069e886f6b708b0b3a4f4ca4e37797a24c69be4cacf162f20c068deaecc3222ee0323583582d384e49fa3dbaeaeefc0d7d8c92918a WHIRLPOOL f9e7c75e910699afdf4adc4fb7257135b97c357c967bbca95f332e1f2ed262716ebba6a648427f86a524e75f6ac46aea7f891fe42100c9d7cf8ffcc317fb7905
+DIST cryptography-1.3.4.tar.gz 384109 SHA256 423ff890c01be7c70dbfeaa967eeef5146f1a43a5f810ffdc07b178e48a105a9 SHA512 abbc027433658702d2331282c9f63d99ea2eb42f5cdfe066b2b0ae6d9b86a35e23891716bb2e9e2ca707aa0d38fb69cba22ec5d95d2b9073047444fdae7a9224 WHIRLPOOL 5bd007cfe304620a7237b0f63fbe87ab22bd1cc252941f4815398382122b1c56c5a22e2dc35ce86aba2c2b2d9403de3313bafde23a3695bd26e4eb0f23c9dea9
+DIST cryptography-1.5.2.tar.gz 400673 SHA256 eb8875736734e8e870b09be43b17f40472dc189b1c422a952fa8580768204832 SHA512 7f50edfe7a7270a7acef52b7c55a32eca1845c5e410f078c42690a2e18fce001ed5dfd268fb18a2219011eff073914f1e2271d8e957c58b5200615a815a4b4c0 WHIRLPOOL 2625cbe43d7b0ce41cfcb4a1a9f8127b5933abe86bf30151cfd0b2dc8de0aeea01dc19649528474989ec0121c8b6e6e2e9c8fe72a60e1f2eb10536d7042ea272
+DIST cryptography-1.5.tar.gz 400318 SHA256 52f47ec9a57676043f88e3ca133638790b6b71e56e8890d9d7f3ae4fcd75fa24 SHA512 762b313296baf8ec6eb86557a844065022b83a623c7babc374bd63f575085dc845611c385df870050a2633d6b8c6c8399d8470647328b8f2ff44b17937a04756 WHIRLPOOL 8c37b57703961e911c59d0d396c86b83322564506bd80a66b38c068c8e3e018421eeede6a2dda7718b2f134aafc0327b4525eacb9bfa8714c225babed50045ed
+EBUILD cryptography-1.1.2.ebuild 1647 SHA256 41c18581dd75d09aae5a55c816bf0d8662353612ad0790cdc9d80ebac9f75d64 SHA512 87e4b8fb2d2d22d1b5bf4b5e5247f12003876b959394f495852173bee78b91557059cde14a98d73c9c27f33af94200dd8fe12bbeedf7d23c4c8771417c22708e WHIRLPOOL ef38566b7db6ee0a39b4e003f3a0fa8859674c51c1c4efe1ace79131ccd5b4b9d6d6e8924749bdb5594b7563e30dea2840413f760b5c48a07ad4ee1a5e5bcfc9
+EBUILD cryptography-1.3.1.ebuild 1589 SHA256 db0f340d41d1b093ca13641dd2a0cbddc130a2bdea5c6969657026da69e14378 SHA512 d28605cdefb806a073323d96c840b6a230e41b96e5ac198a584b712b6db4454896e7c4fc5cc015f94e02bfe7dd03fb96e1c0cb81bc4c3915311b9339e5235cb8 WHIRLPOOL cdcaec72948a622f0716182f727b92cc0562453f1ecfade865ce21d93c3dadf33995bbacd932ebbf1cce726b54b10f5d5bf09cb310b826f9ac9481a12ac3fc44
+EBUILD cryptography-1.3.4.ebuild 1598 SHA256 0055360cfdf23ffd28e1311bb2c326fc3c54f2a71142e9723f60e20b58435f91 SHA512 d4b86283f68f63e978e6c60629866c22ddc28a05de4d5bed510c075fffbe0a1de9d945f799aa789aab53aea25bd6afb639c6151b3360acbbc73536f461658cd4 WHIRLPOOL 8a0df35c8c81e8a61fba5e9b94f47be8c9e94e484312f7500926eef08e2f979d9459e8f5ae2f9dfb9d1942428c82388f12e542b1eb86d5295e078b0600156dca
+EBUILD cryptography-1.5.2.ebuild 1609 SHA256 06b11338d72b04bed299d9f11f50a28a9a4467881eda47c40c6ff1162a511e04 SHA512 534014d71d7c4482cdf29e938282739871567a6bec3760c604338912c3e89341c87218d5daa81af17b532a09ad8b20ed484f5b452b8c09e9e3597ddd82c82b75 WHIRLPOOL 41f5e1a585d38f73f6e1167aaa9a1162b5fb05abff7081cde8885d9264d6a4c27927e6ce39525dd532eb2cd66722f0271952f01303811e474071a2f6d40b946b
+EBUILD cryptography-1.5.ebuild 1609 SHA256 06b11338d72b04bed299d9f11f50a28a9a4467881eda47c40c6ff1162a511e04 SHA512 534014d71d7c4482cdf29e938282739871567a6bec3760c604338912c3e89341c87218d5daa81af17b532a09ad8b20ed484f5b452b8c09e9e3597ddd82c82b75 WHIRLPOOL 41f5e1a585d38f73f6e1167aaa9a1162b5fb05abff7081cde8885d9264d6a4c27927e6ce39525dd532eb2cd66722f0271952f01303811e474071a2f6d40b946b
+MISC ChangeLog 16164 SHA256 94de97182fb6267c2c245220ec4080f55c2c15a33965da27d32836d64284575e SHA512 a458fc06d4e6362f0a6c539e3cbe76a7e4c0e14d07c246164b8d3ee7ae55eb70b83d7a050bfdb559111437de78fb20b68220af5230b7fc5a7283d1d07c320d79 WHIRLPOOL c2058e70f662408a68cffefb9f1deb0ec5a834300f8706d21544381c440ff09d51e21e7743d8e8ec26ce853fbaf0ea215055d591acfeda32be753cb2a994d556
 MISC ChangeLog-2015 8237 SHA256 c22eb0f4c94dd39980a8ce9b7d3b7149bc4ce59a7496f87c7e34951715c94e4a SHA512 b11fd6ecb95dd1265087e007ead9245b577ae76591343ed8f9bbf7c730344f0f31e3562edb87768a4a4dc3ab78a982b31bcbdae52b0060f805a7c4d0d64ec798 WHIRLPOOL 5e148ed158f1a68f8c1580c0ed5ccd3b50a6c88ce2a6228c80f5354eac95f8cfbf31ea6c2e2cc65633b1ef7332eb181efac8eaeb1a954a3004b081b3ed162286
 MISC metadata.xml 384 SHA256 1eb9fe441314061b742ab80221c14c78f22fb93cb64f7eab4f3c89c6b95eadcf SHA512 c2806f846608bdd0720b589494e13f57ab2d64026747f2b13f412c9a0e9d2bef6b16fc357e4d16b74ad7a2a2af8daa5e28d0b6bfe4d2141ce68881c724fd24c7 WHIRLPOOL b29d989556a30a69dd73203ee4fb22e15cefa78d441e10f153e0924f4666817530c703e44047f551379c5fa31666d5856c4b3684883064d130913fa9732f6c92

sdk_container/src/third_party/portage-stable/dev-python/cryptography/cryptography-1.0.2.ebuild

@@ -1,48 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-# only works with >=pypy-2.6
-PYTHON_COMPAT=( python2_7 python3_{3,4} pypy )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.python.org/pypi/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-linux ~x86-linux"
-IUSE="libressl test"
-
-RDEPEND="
-	!libressl? ( dev-libs/openssl:0 )
-	libressl? ( dev-libs/libressl )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.1.0:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy)
-	>=dev-python/idna-2.0[${PYTHON_USEDEP}]
-	>=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	$(python_gen_cond_dep '>=virtual/pypy-2.6.0' pypy )
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		>=dev-python/pytest-2.4.2[${PYTHON_USEDEP}]
-		<dev-python/pytest-2.8[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_test() {
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}

sdk_container/src/third_party/portage-stable/dev-python/cryptography/cryptography-1.1.1.ebuild

@@ -1,48 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Id$
-
-EAPI=5
-
-PYTHON_COMPAT=( python2_7 python3_{3,4,5} pypy )
-PYTHON_REQ_USE="threads(+)"
-
-inherit distutils-r1
-
-DESCRIPTION="Library providing cryptographic recipes and primitives"
-HOMEPAGE="https://github.com/pyca/cryptography/ https://pypi.python.org/pypi/cryptography/"
-SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
-
-LICENSE="|| ( Apache-2.0 BSD )"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
-IUSE="libressl test"
-
-RDEPEND="
-	!libressl? ( dev-libs/openssl:0 )
-	libressl? ( dev-libs/libressl )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.1.0:=[${PYTHON_USEDEP}]' 'python*')
-	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy)
-	>=dev-python/idna-2.0[${PYTHON_USEDEP}]
-	>=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}]
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	>=dev-python/six-1.4.1[${PYTHON_USEDEP}]
-	$(python_gen_cond_dep '>=virtual/pypy-2.6.0' pypy )
-	virtual/python-ipaddress[${PYTHON_USEDEP}]
-	"
-DEPEND="${RDEPEND}
-	dev-python/setuptools[${PYTHON_USEDEP}]
-	test? (
-		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
-		dev-python/hypothesis[${PYTHON_USEDEP}]
-		dev-python/iso8601[${PYTHON_USEDEP}]
-		dev-python/pretend[${PYTHON_USEDEP}]
-		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		dev-python/pytest[${PYTHON_USEDEP}]
-	)"
-
-DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
-
-python_test() {
-	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
-}

sdk_container/src/third_party/portage-stable/dev-python/cryptography/cryptography-1.1.2.ebuild

@@ -15,7 +15,7 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
 
 LICENSE="|| ( Apache-2.0 BSD )"
 SLOT="0"
-KEYWORDS="alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux"
 IUSE="libressl test"
 
 RDEPEND="

sdk_container/src/third_party/portage-stable/dev-python/cryptography/cryptography-1.3.1.ebuild

@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
-EAPI=5
+EAPI="5"
 
 PYTHON_COMPAT=( python2_7 python3_{3,4,5} pypy )
 PYTHON_REQ_USE="threads(+)"
@@ -15,11 +15,11 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
 
 LICENSE="|| ( Apache-2.0 BSD )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="alpha amd64 arm arm64 ~hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux"
 IUSE="libressl test"
 
 RDEPEND="
-	!libressl? ( dev-libs/openssl:0 )
+	!libressl? ( dev-libs/openssl:0= )
 	libressl? ( dev-libs/libressl )
 	$(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*')
 	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy)
@@ -43,8 +43,6 @@ DEPEND="${RDEPEND}
 
 DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )
 
-PATCHES=( "${FILESDIR}/${PN}-1.2.2-openssl-1.0.2g-mem_buf.patch" )
-
 python_test() {
 	py.test -v -v -x || die "Tests fail with ${EPYTHON}"
 }

sdk_container/src/third_party/portage-stable/dev-python/cryptography/cryptography-1.3.4.ebuild

@@ -1,8 +1,8 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
-EAPI=5
+EAPI="5"
 
 PYTHON_COMPAT=( python2_7 python3_{3,4,5} pypy )
 PYTHON_REQ_USE="threads(+)"
@@ -15,13 +15,13 @@ SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz"
 
 LICENSE="|| ( Apache-2.0 BSD )"
 SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+KEYWORDS="alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
 IUSE="libressl test"
 
 RDEPEND="
-	!libressl? ( dev-libs/openssl:0 )
+	!libressl? ( dev-libs/openssl:0= )
 	libressl? ( dev-libs/libressl )
-	$(python_gen_cond_dep '>=dev-python/cffi-1.1.0:=[${PYTHON_USEDEP}]' 'python*')
+	$(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*')
 	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy)
 	>=dev-python/idna-2.0[${PYTHON_USEDEP}]
 	>=dev-python/pyasn1-0.1.8[${PYTHON_USEDEP}]
@@ -31,7 +31,7 @@ RDEPEND="
 	virtual/python-ipaddress[${PYTHON_USEDEP}]
 	"
 DEPEND="${RDEPEND}
-	dev-python/setuptools[${PYTHON_USEDEP}]
+	>=dev-python/setuptools-1.0[${PYTHON_USEDEP}]
 	test? (
 		~dev-python/cryptography-vectors-${PV}[${PYTHON_USEDEP}]
 		dev-python/hypothesis[${PYTHON_USEDEP}]

sdk_container/src/third_party/portage-stable/dev-python/cryptography/cryptography-1.5.2.ebuild

@@ -38,7 +38,7 @@ DEPEND="${RDEPEND}
 		dev-python/iso8601[${PYTHON_USEDEP}]
 		dev-python/pretend[${PYTHON_USEDEP}]
 		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		dev-python/pytest[${PYTHON_USEDEP}]
+		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
 	)"
 
 DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )

sdk_container/src/third_party/portage-stable/dev-python/cryptography/cryptography-1.5.ebuild

@@ -2,7 +2,7 @@
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
-EAPI=5
+EAPI="5"
 
 PYTHON_COMPAT=( python2_7 python3_{3,4,5} pypy )
 PYTHON_REQ_USE="threads(+)"
@@ -19,7 +19,7 @@ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~s
 IUSE="libressl test"
 
 RDEPEND="
-	!libressl? ( dev-libs/openssl:0 )
+	!libressl? ( dev-libs/openssl:0= )
 	libressl? ( dev-libs/libressl )
 	$(python_gen_cond_dep '>=dev-python/cffi-1.4.1:=[${PYTHON_USEDEP}]' 'python*')
 	$(python_gen_cond_dep 'dev-python/enum34[${PYTHON_USEDEP}]' python2_7 python3_3 pypy)
@@ -38,7 +38,7 @@ DEPEND="${RDEPEND}
 		dev-python/iso8601[${PYTHON_USEDEP}]
 		dev-python/pretend[${PYTHON_USEDEP}]
 		dev-python/pyasn1-modules[${PYTHON_USEDEP}]
-		dev-python/pytest[${PYTHON_USEDEP}]
+		>=dev-python/pytest-2.9.0[${PYTHON_USEDEP}]
 	)"
 
 DOCS=( AUTHORS.rst CONTRIBUTING.rst README.rst )

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-0.9.8z_p8

@@ -0,0 +1,14 @@
+DEFINED_PHASES=compile configure install prepare test
+DEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0 >=dev-lang/perl-5 test? ( sys-apps/diffutils sys-devel/bc )
+DESCRIPTION=Toolkit for SSL v2/v3 and TLS v1
+EAPI=5
+HOMEPAGE=http://www.openssl.org/
+IUSE=bindist gmp kerberos cpu_flags_x86_sse2 test zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=~alpha amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc x86 ~sparc-fbsd ~x86-fbsd
+LICENSE=openssl
+RDEPEND=gmp? ( >=dev-libs/gmp-5.1.3-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) abi_x86_32? ( !<=app-emulation/emul-linux-x86-baselibs-20140508-r4 !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] ) !=dev-libs/openssl-0.9.8*:0
+RESTRICT=!bindist? ( bindist )
+SLOT=0.9.8
+SRC_URI=mirror://openssl/source/openssl-0.9.8zh.tar.gz
+_eclasses_=eutils	9d81603248f2ba3ec59124320d123e5e	flag-o-matic	d270fa247153df66074f795fa42dba3e	multibuild	742139c87a9fa3766f0c2b155e5522bf	multilib	3972ca401cf7dbb430df9995f5d8d580	multilib-build	8fe2e81aeb36cdf8a6cc5f50443879cc	multilib-minimal	0224dee31c0f98405d572e14ad6dee65	toolchain-funcs	7a212e5e01adfa4805c9978366e6ee85
+_md5_=cc620dfaec5d071d43b376b1775c4c37

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.2h-r2

@@ -0,0 +1,15 @@
+DEFINED_PHASES=compile configure install postinst prepare test
+DEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-apps/diffutils sys-devel/bc )
+DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
+EAPI=5
+HOMEPAGE=http://www.openssl.org/
+IUSE=+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=openssl
+PDEPEND=app-misc/ca-certificates
+RDEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] )
+RESTRICT=!bindist? ( bindist )
+SLOT=0
+SRC_URI=mirror://openssl/source/openssl-1.0.2h.tar.gz
+_eclasses_=eutils	9d81603248f2ba3ec59124320d123e5e	flag-o-matic	d270fa247153df66074f795fa42dba3e	multibuild	742139c87a9fa3766f0c2b155e5522bf	multilib	3972ca401cf7dbb430df9995f5d8d580	multilib-build	8fe2e81aeb36cdf8a6cc5f50443879cc	multilib-minimal	0224dee31c0f98405d572e14ad6dee65	toolchain-funcs	7a212e5e01adfa4805c9978366e6ee85
+_md5_=9ecad97c6d1e60c63f00c13e19055fc4

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.2i

@@ -0,0 +1,15 @@
+DEFINED_PHASES=compile configure install postinst prepare test
+DEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-apps/diffutils sys-devel/bc )
+DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
+EAPI=5
+HOMEPAGE=http://www.openssl.org/
+IUSE=+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=~alpha amd64 ~arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=openssl
+PDEPEND=app-misc/ca-certificates
+RDEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] )
+RESTRICT=!bindist? ( bindist )
+SLOT=0
+SRC_URI=mirror://openssl/source/openssl-1.0.2i.tar.gz
+_eclasses_=eutils	9d81603248f2ba3ec59124320d123e5e	flag-o-matic	d270fa247153df66074f795fa42dba3e	multibuild	742139c87a9fa3766f0c2b155e5522bf	multilib	3972ca401cf7dbb430df9995f5d8d580	multilib-build	8fe2e81aeb36cdf8a6cc5f50443879cc	multilib-minimal	0224dee31c0f98405d572e14ad6dee65	toolchain-funcs	7a212e5e01adfa4805c9978366e6ee85
+_md5_=b7df8825c4099ed5a62f18c5d430dd4a

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.0.2j

@@ -0,0 +1,15 @@
+DEFINED_PHASES=compile configure install postinst prepare test
+DEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-apps/diffutils sys-devel/bc )
+DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
+EAPI=5
+HOMEPAGE=http://www.openssl.org/
+IUSE=+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 sslv2 +sslv3 static-libs test +tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=openssl
+PDEPEND=app-misc/ca-certificates
+RDEPEND=>=app-misc/c_rehash-1.7-r1 gmp? ( >=dev-libs/gmp-5.1.3-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) kerberos? ( >=app-crypt/mit-krb5-1.11.4[abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] )
+RESTRICT=!bindist? ( bindist )
+SLOT=0
+SRC_URI=mirror://openssl/source/openssl-1.0.2j.tar.gz
+_eclasses_=eutils	9d81603248f2ba3ec59124320d123e5e	flag-o-matic	d270fa247153df66074f795fa42dba3e	multibuild	742139c87a9fa3766f0c2b155e5522bf	multilib	3972ca401cf7dbb430df9995f5d8d580	multilib-build	8fe2e81aeb36cdf8a6cc5f50443879cc	multilib-minimal	0224dee31c0f98405d572e14ad6dee65	toolchain-funcs	7a212e5e01adfa4805c9978366e6ee85
+_md5_=78007bf74078622e71b0fbba9e3d7a4b

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-libs/openssl-1.1.0b

@@ -0,0 +1,15 @@
+DEFINED_PHASES=compile configure install postinst prepare test
+DEPEND=>=app-misc/c_rehash-1.7-r1 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] ) >=dev-lang/perl-5 sctp? ( >=net-misc/lksctp-tools-1.0.12 ) test? ( sys-apps/diffutils sys-devel/bc )
+DESCRIPTION=full-strength general purpose cryptography library (including SSL and TLS)
+EAPI=5
+HOMEPAGE=http://www.openssl.org/
+IUSE=+asm bindist rfc3779 sctp cpu_flags_x86_sse2 static-libs test tls-heartbeat vanilla zlib abi_x86_32 abi_x86_64 abi_x86_x32 abi_mips_n32 abi_mips_n64 abi_mips_o32 abi_ppc_32 abi_ppc_64 abi_s390_32 abi_s390_64
+KEYWORDS=~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux
+LICENSE=openssl
+PDEPEND=app-misc/ca-certificates
+RDEPEND=>=app-misc/c_rehash-1.7-r1 zlib? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,abi_x86_32(-)?,abi_x86_64(-)?,abi_x86_x32(-)?,abi_mips_n32(-)?,abi_mips_n64(-)?,abi_mips_o32(-)?,abi_ppc_32(-)?,abi_ppc_64(-)?,abi_s390_32(-)?,abi_s390_64(-)?] )
+RESTRICT=!bindist? ( bindist )
+SLOT=0/1.1
+SRC_URI=mirror://openssl/source/openssl-1.1.0b.tar.gz
+_eclasses_=eutils	9d81603248f2ba3ec59124320d123e5e	flag-o-matic	d270fa247153df66074f795fa42dba3e	multibuild	742139c87a9fa3766f0c2b155e5522bf	multilib	3972ca401cf7dbb430df9995f5d8d580	multilib-build	8fe2e81aeb36cdf8a6cc5f50443879cc	multilib-minimal	0224dee31c0f98405d572e14ad6dee65	toolchain-funcs	7a212e5e01adfa4805c9978366e6ee85
+_md5_=e5db5f00637291f84ce8d12682d96c10

sdk_container/src/third_party/portage-stable/metadata/md5-cache/dev-python/cryptography-1.1.2

@@ -4,11 +4,11 @@ DESCRIPTION=Library providing cryptographic recipes and primitives
 EAPI=5
 HOMEPAGE=https://github.com/pyca/cryptography/ https://pypi.python.org/pypi/cryptography/
 IUSE=libressl test python_targets_pypy python_targets_python2_7 python_targets_python3_3 python_targets_python3_4 python_targets_python3_5
-KEYWORDS=alpha amd64 arm ~arm64 hppa ~ia64 ~m68k ~mips ~ppc ppc64 ~s390 ~sh ~sparc x86 ~amd64-linux ~x86-linux
+KEYWORDS=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~x86-linux
 LICENSE=|| ( Apache-2.0 BSD )
 RDEPEND=!libressl? ( dev-libs/openssl:0 ) libressl? ( dev-libs/libressl ) python_targets_python2_7? ( >=dev-python/cffi-1.1.0:=[python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_3(-)?,-python_single_target_python3_3(-),python_targets_python3_4(-)?,-python_single_target_python3_4(-),python_targets_python3_5(-)?,-python_single_target_python3_5(-)] ) python_targets_python3_3? ( >=dev-python/cffi-1.1.0:=[python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_3(-)?,-python_single_target_python3_3(-),python_targets_python3_4(-)?,-python_single_target_python3_4(-),python_targets_python3_5(-)?,-python_single_target_python3_5(-)] ) python_targets_python3_4? ( >=dev-python/cffi-1.1.0:=[python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_3(-)?,-python_single_target_python3_3(-),python_targets_python3_4(-)?,-python_single_target_python3_4(-),python_targets_python3_5(-)?,-python_single_target_python3_5(-)] ) python_targets_python3_5? ( >=dev-python/cffi-1.1.0:=[python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_3(-)?,-python_single_target_python3_3(-),python_targets_python3_4(-)?,-python_single_target_python3_4(-),python_targets_python3_5(-)?,-python_single_target_python3_5(-)] ) python_targets_pypy? ( dev-python/enum34[python_targets_pypy(-)?,-python_single_target_pypy(-),python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_3(-)?,-python_single_target_python3_3(-)] ) python_targets_python2_7? ( dev-python/enum34[python_targets_pypy(-)?,-python_single_target_pypy(-),python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_3(-)?,-python_single_target_python3_3(-)] ) python_targets_python3_3? ( dev-python/enum34[python_targets_pypy(-)?,-python_single_target_pypy(-),python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_3(-)?,-python_single_target_python3_3(-)] ) >=dev-python/idna-2.0[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] >=dev-python/pyasn1-0.1.8[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] dev-python/setuptools[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] >=dev-python/six-1.4.1[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] python_targets_pypy? ( >=virtual/pypy-2.6.0 ) virtual/python-ipaddress[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)] python_targets_pypy? ( virtual/pypy:0=[threads(+)] ) python_targets_python2_7? ( >=dev-lang/python-2.7.5-r2:2.7[threads(+)] ) python_targets_python3_3? ( >=dev-lang/python-3.3.2-r2:3.3[threads(+)] ) python_targets_python3_4? ( dev-lang/python:3.4[threads(+)] ) python_targets_python3_5? ( dev-lang/python:3.5[threads(+)] ) >=dev-lang/python-exec-2:=[python_targets_pypy(-)?,python_targets_python2_7(-)?,python_targets_python3_3(-)?,python_targets_python3_4(-)?,python_targets_python3_5(-)?,-python_single_target_pypy(-),-python_single_target_python2_7(-),-python_single_target_python3_3(-),-python_single_target_python3_4(-),-python_single_target_python3_5(-)]
 REQUIRED_USE=|| ( python_targets_pypy python_targets_python2_7 python_targets_python3_3 python_targets_python3_4 python_targets_python3_5 )
 SLOT=0
 SRC_URI=mirror://pypi/c/cryptography/cryptography-1.1.2.tar.gz
 _eclasses_=distutils-r1	4e8ac1ba76ddacd8f7c0289aa586a34c	eutils	9d81603248f2ba3ec59124320d123e5e	multibuild	742139c87a9fa3766f0c2b155e5522bf	multilib	3972ca401cf7dbb430df9995f5d8d580	multiprocessing	e32940a7b2a9992ad217eccddb84d548	python-r1	0f6937650a475d673baa5d0c8c0b37b3	python-utils-r1	2e6826f6a93ad2acf904eecf5b5fb6d2	toolchain-funcs	7a212e5e01adfa4805c9978366e6ee85
-_md5_=bc705d08c954ecc4ba2828c7f75c3538
+_md5_=7b70142b9536e18b759636b109ccb731