gentoo resync : 14.07.2018

19 files changed, 715 insertions, 0 deletions

diff --git a/dev-lang/python/files/2.7-disable-nis.patch b/dev-lang/python/files/2.7-disable-nis.patch
new file mode 100644
index 000000000000..5a6cb3e403f1
--- /dev/null
+++ b/dev-lang/python/files/2.7-disable-nis.patch
@@ -0,0 +1,21 @@
+--- a/setup.py
++++ b/setup.py
+@@ -1346,17 +1346,7 @@ class PyBuildExt(build_ext):
+             else:
+                 missing.append('resource')
+ 
+-            # Sun yellow pages. Some systems have the functions in libc.
+-            if (host_platform not in ['cygwin', 'atheos', 'qnx6'] and
+-                find_file('rpcsvc/yp_prot.h', inc_dirs, []) is not None):
+-                if (self.compiler.find_library_file(lib_dirs, 'nsl')):
+-                    libs = ['nsl']
+-                else:
+-                    libs = []
+-                exts.append( Extension('nis', ['nismodule.c'],
+-                                       libraries = libs) )
+-            else:
+-                missing.append('nis')
++            missing.append('nis')
+         else:
+             missing.extend(['nis', 'resource', 'termios'])
+ 
diff --git a/dev-lang/python/files/3.4-getentropy-linux.patch b/dev-lang/python/files/3.4-getentropy-linux.patch
new file mode 100644
index 000000000000..9f12389bb253
--- /dev/null
+++ b/dev-lang/python/files/3.4-getentropy-linux.patch
@@ -0,0 +1,40 @@
+From 5635d44079e1bbd9c495951ede8d078e7b8d67d5 Mon Sep 17 00:00:00 2001
+From: Victor Stinner <victor.stinner@gmail.com>
+Date: Mon, 9 Jan 2017 11:10:41 +0100
+Subject: [PATCH] Don't use getentropy() on Linux
+
+Issue #29188: Support glibc 2.24 on Linux: don't use getentropy() function but
+read from /dev/urandom to get random bytes, for example in os.urandom().  On
+Linux, getentropy() is implemented which getrandom() is blocking mode, whereas
+os.urandom() should not block.
+---
+ Python/random.c | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/Python/random.c b/Python/random.c
+index af3d0bd0d5..dc6400d3b8 100644
+--- a/Python/random.c
++++ b/Python/random.c
+@@ -67,9 +67,16 @@ win32_urandom(unsigned char *buffer, Py_ssize_t size, int raise)
+     return 0;
+ }
+ 
+-/* Issue #25003: Don' use getentropy() on Solaris (available since
+- * Solaris 11.3), it is blocking whereas os.urandom() should not block. */
+-#elif defined(HAVE_GETENTROPY) && !defined(sun)
++/* Issue #25003: Don't use getentropy() on Solaris (available since
++   Solaris 11.3), it is blocking whereas os.urandom() should not block.
++
++   Issue #29188: Don't use getentropy() on Linux since the glibc 2.24
++   implements it with the getrandom() syscall which can fail with ENOSYS,
++   and this error is not supported in py_getentropy() and getrandom() is called
++   with flags=0 which blocks until system urandom is initialized, which is not
++   the desired behaviour to seed the Python hash secret nor for os.urandom():
++   see the PEP 524 which was only implemented in Python 3.6. */
++#elif defined(HAVE_GETENTROPY) && !defined(sun) && !defined(linux)
+ #define PY_GETENTROPY 1
+ 
+ /* Fill buffer with size pseudo-random bytes generated by getentropy().
+-- 
+2.15.0.rc2
+
diff --git a/dev-lang/python/files/3.6-blake2.patch b/dev-lang/python/files/3.6-blake2.patch
new file mode 100644
index 000000000000..48ee58559524
--- /dev/null
+++ b/dev-lang/python/files/3.6-blake2.patch
@@ -0,0 +1,37 @@
+From 2e7c906c085a01ea8175a19e1e143257abc8f566 Mon Sep 17 00:00:00 2001
+From: Mike Gilbert <floppym@gentoo.org>
+Date: Sun, 30 Jul 2017 11:17:39 -0400
+Subject: [PATCH] blake2: remove commented code
+
+The nested comments cause a build failure.
+
+Bug: https://bugs.gentoo.org/608586
+---
+ Modules/_blake2/impl/blake2s-load-xop.h | 11 -----------
+ 1 file changed, 11 deletions(-)
+
+diff --git a/Modules/_blake2/impl/blake2s-load-xop.h b/Modules/_blake2/impl/blake2s-load-xop.h
+index a3b5d65e2d..7e76c399c6 100644
+--- a/Modules/_blake2/impl/blake2s-load-xop.h
++++ b/Modules/_blake2/impl/blake2s-load-xop.h
+@@ -18,17 +18,6 @@
+ 
+ #define TOB(x) ((x)*4*0x01010101 + 0x03020100) /* ..or not TOB */
+ 
+-/* Basic VPPERM emulation, for testing purposes */
+-/*static __m128i _mm_perm_epi8(const __m128i src1, const __m128i src2, const __m128i sel)
+-{
+-   const __m128i sixteen = _mm_set1_epi8(16);
+-   const __m128i t0 = _mm_shuffle_epi8(src1, sel);
+-   const __m128i s1 = _mm_shuffle_epi8(src2, _mm_sub_epi8(sel, sixteen));
+-   const __m128i mask = _mm_or_si128(_mm_cmpeq_epi8(sel, sixteen),
+-                                     _mm_cmpgt_epi8(sel, sixteen)); /* (>=16) = 0xff : 00 */
+-   return _mm_blendv_epi8(t0, s1, mask);
+-}*/
+-
+ #define LOAD_MSG_0_1(buf) \
+ buf = _mm_perm_epi8(m0, m1, _mm_set_epi32(TOB(6),TOB(4),TOB(2),TOB(0)) );
+ 
+-- 
+2.13.3
+
diff --git a/dev-lang/python/files/3.6-disable-nis.patch b/dev-lang/python/files/3.6-disable-nis.patch
new file mode 100644
index 000000000000..4e81847b5070
--- /dev/null
+++ b/dev-lang/python/files/3.6-disable-nis.patch
@@ -0,0 +1,21 @@
+--- a/setup.py
++++ b/setup.py
+@@ -1332,17 +1332,7 @@ class PyBuildExt(build_ext):
+             # Jeremy Hylton's rlimit interface
+             exts.append( Extension('resource', ['resource.c']) )
+ 
+-            # Sun yellow pages. Some systems have the functions in libc.
+-            if (host_platform not in ['cygwin', 'qnx6'] and
+-                find_file('rpcsvc/yp_prot.h', inc_dirs, []) is not None):
+-                if (self.compiler.find_library_file(lib_dirs, 'nsl')):
+-                    libs = ['nsl']
+-                else:
+-                    libs = []
+-                exts.append( Extension('nis', ['nismodule.c'],
+-                                       libraries = libs) )
+-            else:
+-                missing.append('nis')
++            missing.append('nis')
+         else:
+             missing.extend(['nis', 'resource', 'termios'])
+ 
diff --git a/dev-lang/python/files/3.6.5-disable-nis.patch b/dev-lang/python/files/3.6.5-disable-nis.patch
new file mode 100644
index 000000000000..3937c6fe795d
--- /dev/null
+++ b/dev-lang/python/files/3.6.5-disable-nis.patch
@@ -0,0 +1,11 @@
+--- a/setup.py
++++ b/setup.py
+@@ -1364,7 +1364,7 @@ class PyBuildExt(build_ext):
+         else:
+             missing.extend(['resource', 'termios'])
+ 
+-        nis = self._detect_nis(inc_dirs, lib_dirs)
++        nis = None
+         if nis is not None:
+             exts.append(nis)
+         else:
diff --git a/dev-lang/python/files/pydoc.conf b/dev-lang/python/files/pydoc.conf
new file mode 100644
index 000000000000..3c6920cc96c4
--- /dev/null
+++ b/dev-lang/python/files/pydoc.conf
@@ -0,0 +1,6 @@
+# /etc/init.d/pydoc.conf
+
+# This file contains the configuration for pydoc's internal webserver.
+
+# Default port for Python's pydoc server.
+@PYDOC_PORT_VARIABLE@="7464"
diff --git a/dev-lang/python/files/pydoc.init b/dev-lang/python/files/pydoc.init
new file mode 100644
index 000000000000..f8e05636da4e
--- /dev/null
+++ b/dev-lang/python/files/pydoc.init
@@ -0,0 +1,24 @@
+#!/sbin/openrc-run
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public Licence v2
+
+start() {
+	local pydoc_port="${@PYDOC_PORT_VARIABLE@-${PYDOC_PORT}}"
+
+	if [ -z "${pydoc_port}" ]; then
+		eerror "Port not set"
+		return 1
+	fi
+
+	ebegin "Starting pydoc server on port ${pydoc_port}" 
+	start-stop-daemon --start --background --make-pidfile \
+			  --pidfile /var/run/@PYDOC@.pid \
+			  --exec /usr/bin/@PYDOC@ -- -p "${pydoc_port}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping pydoc server"
+	start-stop-daemon --stop --quiet --pidfile /var/run/@PYDOC@.pid
+	eend $?
+}
diff --git a/dev-lang/python/files/python-2.7-libressl-compatibility.patch b/dev-lang/python/files/python-2.7-libressl-compatibility.patch
new file mode 100644
index 000000000000..c9e7a8458e35
--- /dev/null
+++ b/dev-lang/python/files/python-2.7-libressl-compatibility.patch
@@ -0,0 +1,92 @@
+# From https://github.com/python/cpython/pull/6215
+
+# LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
+# LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
+# LibreSSL < 2.7.
+
+# Documentation updates and fixes for failing tests will be provided in
+# another patch set.
+
+# Signed-off-by: Christian Heimes christian@python.org.
+# (cherry picked from commit 4ca0739)
+
+#Co-authored-by: Christian Heimes christian@python.org
+
+--- a/Modules/_ssl.c	2017-09-16 17:38:35.000000000 +0000
++++ b/Modules/_ssl.c	2018-04-13 15:55:10.919424126 +0000
+@@ -97,6 +102,12 @@
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+ #  define OPENSSL_VERSION_1_1 1
++#  define PY_OPENSSL_1_1_API 1
++#endif
++
++/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++#  define PY_OPENSSL_1_1_API 1
+ #endif
+ 
+ /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
+@@ -118,24 +129,44 @@
+ #endif
+ 
+ /* ALPN added in OpenSSL 1.0.2 */
+-#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1000200fL && !defined(OPENSSL_NO_TLSEXT)
+-# define HAVE_ALPN
++#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
++# define HAVE_ALPN 1
++#else
++# define HAVE_ALPN 0
++#endif
++
++/* We cannot rely on OPENSSL_NO_NEXTPROTONEG because LibreSSL 2.6.1 dropped
++ * NPN support but did not set OPENSSL_NO_NEXTPROTONEG for compatibility
++ * reasons. The check for TLSEXT_TYPE_next_proto_neg works with
++ * OpenSSL 1.0.1+ and LibreSSL.
++ * OpenSSL 1.1.1-pre1 dropped NPN but still has TLSEXT_TYPE_next_proto_neg.
++ */
++#ifdef OPENSSL_NO_NEXTPROTONEG
++# define HAVE_NPN 0
++#elif (OPENSSL_VERSION_NUMBER >= 0x10101000L) && !defined(LIBRESSL_VERSION_NUMBER)
++# define HAVE_NPN 0
++#elif defined(TLSEXT_TYPE_next_proto_neg)
++# define HAVE_NPN 1
++#else
++# define HAVE_NPN 0
+ #endif
+ 
+ #ifndef INVALID_SOCKET /* MS defines this */
+ #define INVALID_SOCKET (-1)
+ #endif
+ 
+-#ifdef OPENSSL_VERSION_1_1
+-/* OpenSSL 1.1.0+ */
+-#ifndef OPENSSL_NO_SSL2
+-#define OPENSSL_NO_SSL2
+-#endif
+-#else /* OpenSSL < 1.1.0 */
+-#if defined(WITH_THREAD)
++/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
++#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
+ #define HAVE_OPENSSL_CRYPTO_LOCK
+ #endif
+ 
++#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
++#define OPENSSL_NO_SSL2
++#endif
++
++#ifndef PY_OPENSSL_1_1_API
++/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
++
+ #define TLS_method SSLv23_method
+ 
+ static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+@@ -178,7 +209,7 @@
+ {
+     return store->param;
+ }
+-#endif /* OpenSSL < 1.1.0 or LibreSSL */
++#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
+ 
+ 
+ enum py_ssl_error {
diff --git a/dev-lang/python/files/python-2.7.10-cross-compile-warn-test.patch b/dev-lang/python/files/python-2.7.10-cross-compile-warn-test.patch
new file mode 100644
index 000000000000..38433de925ed
--- /dev/null
+++ b/dev-lang/python/files/python-2.7.10-cross-compile-warn-test.patch
@@ -0,0 +1,24 @@
+https://bugs.python.org/issue25397
+
+improve the cross-compile tests to be more focused
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -1339,7 +1339,7 @@ if test "$GCC" = "yes"
+ then
+   AC_MSG_CHECKING(whether gcc supports ParseTuple __format__)
+   save_CFLAGS=$CFLAGS
+-  CFLAGS="$CFLAGS -Werror -Wformat"
++  CFLAGS="$CFLAGS -Werror=format"
+   AC_COMPILE_IFELSE([
+     AC_LANG_PROGRAM([[void f(char*,...)__attribute((format(PyArg_ParseTuple, 1, 2)));]], [[]])
+   ],[
+@@ -4458,7 +4458,7 @@ then
+   [ac_cv_have_long_long_format="cross -- assuming no"
+    if test x$GCC = xyes; then
+     save_CFLAGS=$CFLAGS
+-    CFLAGS="$CFLAGS -Werror -Wformat"
++    CFLAGS="$CFLAGS -Werror=format"
+     AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+         #include <stdio.h>
+         #include <stddef.h>
diff --git a/dev-lang/python/files/python-2.7.10-system-libffi.patch b/dev-lang/python/files/python-2.7.10-system-libffi.patch
new file mode 100644
index 000000000000..0b49b794bd8d
--- /dev/null
+++ b/dev-lang/python/files/python-2.7.10-system-libffi.patch
@@ -0,0 +1,36 @@
+make sure we respect the system libffi setting in our build config.
+the compiler probing is fragile and can break in some situations.
+
+--- a/setup.py
++++ b/setup.py
+@@ -2069,7 +2069,7 @@ class PyBuildExt(build_ext):
+         return True
+ 
+     def detect_ctypes(self, inc_dirs, lib_dirs):
+-        self.use_system_libffi = False
++        self.use_system_libffi = ('--with-system-ffi' in sysconfig.get_config_var("CONFIG_ARGS"))
+         include_dirs = []
+         extra_compile_args = []
+         extra_link_args = []
+@@ -2113,7 +2113,7 @@ class PyBuildExt(build_ext):
+                              sources=['_ctypes/_ctypes_test.c'])
+         self.extensions.extend([ext, ext_test])
+ 
+-        if not '--with-system-ffi' in sysconfig.get_config_var("CONFIG_ARGS"):
++        if not self.use_system_libffi:
+             return
+ 
+         if host_platform == 'darwin':
+@@ -2141,10 +2141,10 @@ class PyBuildExt(build_ext):
+                     ffi_lib = lib_name
+                     break
+ 
+-        if ffi_inc and ffi_lib:
++        if ffi_inc:
+             ext.include_dirs.extend(ffi_inc)
++        if ffi_lib:
+             ext.libraries.append(ffi_lib)
+-            self.use_system_libffi = True
+ 
+ 
+ class PyBuildInstall(install):
diff --git a/dev-lang/python/files/python-2.7.5-nonfatal-compileall.patch b/dev-lang/python/files/python-2.7.5-nonfatal-compileall.patch
new file mode 100644
index 000000000000..a762dfb10882
--- /dev/null
+++ b/dev-lang/python/files/python-2.7.5-nonfatal-compileall.patch
@@ -0,0 +1,18 @@
+diff --git a/Makefile.pre.in b/Makefile.pre.in
+--- a/Makefile.pre.in
++++ b/Makefile.pre.in
+@@ -1000,12 +1000,12 @@
+ 		$(INSTALL_DATA) $(srcdir)/Modules/xxmodule.c \
+ 			$(DESTDIR)$(LIBDEST)/distutils/tests ; \
+ 	fi
+-	PYTHONPATH=$(DESTDIR)$(LIBDEST)  $(RUNSHARED) \
++	-PYTHONPATH=$(DESTDIR)$(LIBDEST)  $(RUNSHARED) \
+ 		$(PYTHON_FOR_BUILD) -Wi -tt $(DESTDIR)$(LIBDEST)/compileall.py \
+ 		-d $(LIBDEST) -f \
+ 		-x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \
+ 		$(DESTDIR)$(LIBDEST)
+-	PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
++	-PYTHONPATH=$(DESTDIR)$(LIBDEST) $(RUNSHARED) \
+ 		$(PYTHON_FOR_BUILD) -Wi -tt -O $(DESTDIR)$(LIBDEST)/compileall.py \
+ 		-d $(LIBDEST) -f \
+ 		-x 'bad_coding|badsyntax|site-packages|lib2to3/tests/data' \
diff --git a/dev-lang/python/files/python-2.7.9-ncurses-pkg-config.patch b/dev-lang/python/files/python-2.7.9-ncurses-pkg-config.patch
new file mode 100644
index 000000000000..38ce6f78b91b
--- /dev/null
+++ b/dev-lang/python/files/python-2.7.9-ncurses-pkg-config.patch
@@ -0,0 +1,13 @@
+do not hardcode /usr/include paths
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -4316,7 +4316,7 @@ fi
+ 
+ # first curses configure check
+ ac_save_cppflags="$CPPFLAGS"
+-CPPFLAGS="$CPPFLAGS -I/usr/include/ncursesw"
++CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags ncursesw`"
+ 
+ AC_CHECK_HEADERS(curses.h ncurses.h)
+ 
diff --git a/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch b/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch
new file mode 100644
index 000000000000..8bfad1142789
--- /dev/null
+++ b/dev-lang/python/files/python-3.4.3-ncurses-pkg-config.patch
@@ -0,0 +1,13 @@
+do not hardcode /usr/include paths
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -4402,7 +4402,7 @@ fi
+ 
+ # first curses header check
+ ac_save_cppflags="$CPPFLAGS"
+-CPPFLAGS="$CPPFLAGS -I/usr/include/ncursesw"
++CPPFLAGS="$CPPFLAGS `$PKG_CONFIG --cflags ncursesw`"
+ 
+ AC_CHECK_HEADERS(curses.h ncurses.h)
+ 
diff --git a/dev-lang/python/files/python-3.4.5-cross.patch b/dev-lang/python/files/python-3.4.5-cross.patch
new file mode 100644
index 000000000000..7a016ffbd488
--- /dev/null
+++ b/dev-lang/python/files/python-3.4.5-cross.patch
@@ -0,0 +1,11 @@
+--- a/Lib/distutils/command/build_ext.py
++++ b/Lib/distutils/command/build_ext.py
+@@ -729,7 +729,7 @@
+             if sysconfig.get_config_var('Py_ENABLE_SHARED'):
+                 pythonlib = 'python{}.{}{}'.format(
+                     sys.hexversion >> 24, (sys.hexversion >> 16) & 0xff,
+-                    sys.abiflags)
++                    sysconfig.get_config_var('ABIFLAGS'))
+                 return ext.libraries + [pythonlib]
+             else:
+                 return ext.libraries
diff --git a/dev-lang/python/files/python-3.5-distutils-OO-build.patch b/dev-lang/python/files/python-3.5-distutils-OO-build.patch
new file mode 100644
index 000000000000..8af8c30c76fe
--- /dev/null
+++ b/dev-lang/python/files/python-3.5-distutils-OO-build.patch
@@ -0,0 +1,80 @@
+From 90507018442f9adabb586fd3d0a0206b9c2f2f50 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= <mgorny@gentoo.org>
+Date: Sun, 5 Jun 2016 08:18:01 +0200
+Subject: [PATCH] distutils: make -OO enable both opt-1 and opt-2 optimization
+
+Bug: http://bugs.python.org/issue27226
+Bug: https://bugs.gentoo.org/585060
+---
+ Lib/distutils/command/build_py.py    |  8 ++++----
+ Lib/distutils/command/install_lib.py | 12 ++++++------
+ 2 files changed, 10 insertions(+), 10 deletions(-)
+
+diff --git a/Lib/distutils/command/build_py.py b/Lib/distutils/command/build_py.py
+index cf0ca57..838d4e4 100644
+--- a/Lib/distutils/command/build_py.py
++++ b/Lib/distutils/command/build_py.py
+@@ -315,9 +315,9 @@ class build_py (Command):
+                 if self.compile:
+                     outputs.append(importlib.util.cache_from_source(
+                         filename, optimization=''))
+-                if self.optimize > 0:
++                for opt in range(1, self.optimize + 1):
+                     outputs.append(importlib.util.cache_from_source(
+-                        filename, optimization=self.optimize))
++                        filename, optimization=opt))
+ 
+         outputs += [
+             os.path.join(build_dir, filename)
+@@ -387,8 +387,8 @@ class build_py (Command):
+         if self.compile:
+             byte_compile(files, optimize=0,
+                          force=self.force, prefix=prefix, dry_run=self.dry_run)
+-        if self.optimize > 0:
+-            byte_compile(files, optimize=self.optimize,
++        for opt in range(1, self.optimize + 1):
++            byte_compile(files, optimize=opt,
+                          force=self.force, prefix=prefix, dry_run=self.dry_run)
+ 
+ class build_py_2to3(build_py, Mixin2to3):
+diff --git a/Lib/distutils/command/install_lib.py b/Lib/distutils/command/install_lib.py
+index 6154cf0..049b662 100644
+--- a/Lib/distutils/command/install_lib.py
++++ b/Lib/distutils/command/install_lib.py
+@@ -24,8 +24,8 @@ class install_lib(Command):
+     #   2) compile .pyc only (--compile --no-optimize; default)
+     #   3) compile .pyc and "opt-1" .pyc (--compile --optimize)
+     #   4) compile "opt-1" .pyc only (--no-compile --optimize)
+-    #   5) compile .pyc and "opt-2" .pyc (--compile --optimize-more)
+-    #   6) compile "opt-2" .pyc only (--no-compile --optimize-more)
++    #   5) compile .pyc, "opt-1" and "opt-2" .pyc (--compile --optimize-more)
++    #   6) compile "opt-1" and "opt-2" .pyc (--no-compile --optimize-more)
+     #
+     # The UI for this is two options, 'compile' and 'optimize'.
+     # 'compile' is strictly boolean, and only decides whether to
+@@ -132,8 +132,8 @@ class install_lib(Command):
+             byte_compile(files, optimize=0,
+                          force=self.force, prefix=install_root,
+                          dry_run=self.dry_run)
+-        if self.optimize > 0:
+-            byte_compile(files, optimize=self.optimize,
++        for opt in range(1, self.optimize + 1):
++            byte_compile(files, optimize=opt,
+                          force=self.force, prefix=install_root,
+                          verbose=self.verbose, dry_run=self.dry_run)
+ 
+@@ -167,9 +167,9 @@ class install_lib(Command):
+             if self.compile:
+                 bytecode_files.append(importlib.util.cache_from_source(
+                     py_file, optimization=''))
+-            if self.optimize > 0:
++            for opt in range(1, self.optimize + 1):
+                 bytecode_files.append(importlib.util.cache_from_source(
+-                    py_file, optimization=self.optimize))
++                    py_file, optimization=opt))
+ 
+         return bytecode_files
+ 
+-- 
+2.8.3
+
diff --git a/dev-lang/python/files/python-3.5.5-hash-unaligned.patch b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch
new file mode 100644
index 000000000000..c418f40b7da4
--- /dev/null
+++ b/dev-lang/python/files/python-3.5.5-hash-unaligned.patch
@@ -0,0 +1,43 @@
+The hash implementation casts the input pointer to uint64_t* and directly reads
+from this, which may cause unaligned accesses. Use memcpy() instead so this code
+will not crash with SIGBUS on sparc.
+
+--- a/Python/pyhash.c	2017-11-29 10:21:20.283094068 +0100
++++ b/Python/pyhash.c	2017-11-29 10:24:26.733087813 +0100
+@@ -372,7 +372,7 @@ siphash24(const void *src, Py_ssize_t sr
+     PY_UINT64_T k0 = _le64toh(_Py_HashSecret.siphash.k0);
+     PY_UINT64_T k1 = _le64toh(_Py_HashSecret.siphash.k1);
+     PY_UINT64_T b = (PY_UINT64_T)src_sz << 56;
+-    const PY_UINT64_T *in = (PY_UINT64_T*)src;
++    const PY_UINT8_T *in = (PY_UINT8_T*)src;
+ 
+     PY_UINT64_T v0 = k0 ^ 0x736f6d6570736575ULL;
+     PY_UINT64_T v1 = k1 ^ 0x646f72616e646f6dULL;
+@@ -381,12 +381,14 @@ siphash24(const void *src, Py_ssize_t sr
+ 
+     PY_UINT64_T t;
+     PY_UINT8_T *pt;
+-    PY_UINT8_T *m;
++    const PY_UINT8_T *m;
+ 
+     while (src_sz >= 8) {
+-        PY_UINT64_T mi = _le64toh(*in);
+-        in += 1;
+-        src_sz -= 8;
++        PY_UINT64_T mi;
++        memcpy(&mi, in, sizeof(mi));
++        mi = _le64toh(mi);
++        in += sizeof(mi);
++        src_sz -= sizeof(mi);
+         v3 ^= mi;
+         DOUBLE_ROUND(v0,v1,v2,v3);
+         v0 ^= mi;
+@@ -394,7 +396,7 @@ siphash24(const void *src, Py_ssize_t sr
+ 
+     t = 0;
+     pt = (PY_UINT8_T *)&t;
+-    m = (PY_UINT8_T *)in;
++    m = in;
+     switch (src_sz) {
+         case 7: pt[6] = m[6];
+         case 6: pt[5] = m[5];
diff --git a/dev-lang/python/files/python-3.5.5-libressl-compatibility.patch b/dev-lang/python/files/python-3.5.5-libressl-compatibility.patch
new file mode 100644
index 000000000000..67d57d0c138b
--- /dev/null
+++ b/dev-lang/python/files/python-3.5.5-libressl-compatibility.patch
@@ -0,0 +1,69 @@
+# From 8d89a385b71a2e4cce0fba0cfc8d91b63485edc5 Mon Sep 17 00:00:00 2001
+# From: Christian Heimes <christian@python.org>
+# Date: Sat, 24 Mar 2018 18:38:14 +0100
+# Subject: [PATCH] [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0
+# (GH-6210) (GH-6214)
+#
+# LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
+# LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
+# LibreSSL < 2.7.
+
+# Documentation updates and fixes for failing tests will be provided in
+# another patch set.
+
+# Signed-off-by: Christian Heimes <christian@python.org>.
+# (cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
+
+# Co-authored-by: Christian Heimes <christian@python.org>
+# Patch modified by Aaron Bauman <bman@gentoo.org> for 3.5.5
+
+--- a/Modules/_ssl.c	2018-04-13 18:33:17.397649561 -0400
++++ b/Modules/_ssl.c	2018-04-13 18:40:22.319852014 -0400
+@@ -101,6 +101,12 @@
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+ #  define OPENSSL_VERSION_1_1 1
++#  define PY_OPENSSL_1_1_API 1
++#endif
++
++/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++#  define PY_OPENSSL_1_1_API 1
+ #endif
+ 
+ /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
+@@ -129,16 +135,18 @@
+ #define INVALID_SOCKET (-1)
+ #endif
+ 
+-#ifdef OPENSSL_VERSION_1_1
+-/* OpenSSL 1.1.0+ */
+-#ifndef OPENSSL_NO_SSL2
+-#define OPENSSL_NO_SSL2
+-#endif
+-#else /* OpenSSL < 1.1.0 */
+-#if defined(WITH_THREAD)
++/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
++#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
+ #define HAVE_OPENSSL_CRYPTO_LOCK
+ #endif
+ 
++#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
++#define OPENSSL_NO_SSL2
++#endif
++
++#ifndef PY_OPENSSL_1_1_API
++/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
++
+ #define TLS_method SSLv23_method
+ 
+ static int X509_NAME_ENTRY_set(const X509_NAME_ENTRY *ne)
+@@ -187,7 +195,7 @@
+ {
+     return store->param;
+ }
+-#endif /* OpenSSL < 1.1.0 or LibreSSL */
++#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
+ 
+ 
+ enum py_ssl_error {
diff --git a/dev-lang/python/files/python-3.6.5-hash-unaligned.patch b/dev-lang/python/files/python-3.6.5-hash-unaligned.patch
new file mode 100644
index 000000000000..d096887cbfb7
--- /dev/null
+++ b/dev-lang/python/files/python-3.6.5-hash-unaligned.patch
@@ -0,0 +1,42 @@
+The hash implementation casts the input pointer to uint64_t* and directly reads
+from this, which may cause unaligned accesses. Use memcpy() instead so this code
+will not crash with SIGBUS on sparc.
+
+--- a/Python/pyhash.c	2017-11-29 10:21:20.283094068 +0100
++++ b/Python/pyhash.c	2017-11-29 10:24:26.733087813 +0100
+@@ -369,7 +369,7 @@
+     uint64_t k0 = _le64toh(_Py_HashSecret.siphash.k0);
+     uint64_t k1 = _le64toh(_Py_HashSecret.siphash.k1);
+     uint64_t b = (uint64_t)src_sz << 56;
+-    const uint64_t *in = (uint64_t*)src;
++    const uint8_t *in = (uint8_t*)src;
+ 
+     uint64_t v0 = k0 ^ 0x736f6d6570736575ULL;
+     uint64_t v1 = k1 ^ 0x646f72616e646f6dULL;
+@@ -378,11 +378,13 @@
+ 
+     uint64_t t;
+     uint8_t *pt;
+-    uint8_t *m;
++    const uint8_t *m;
+ 
+     while (src_sz >= 8) {
+-        uint64_t mi = _le64toh(*in);
+-        in += 1;
+-        src_sz -= 8;
++        uint64_t mi;
++        memcpy(&mi, in, sizeof(mi));
++        mi = _le64toh(mi);
++        in += sizeof(mi);
++        src_sz -= sizeof(mi);
+         v3 ^= mi;
+         DOUBLE_ROUND(v0,v1,v2,v3);
+@@ -391,7 +393,7 @@
+ 
+     t = 0;
+     pt = (uint8_t *)&t;
+-    m = (uint8_t *)in;
++    m = in;
+     switch (src_sz) {
+         case 7: pt[6] = m[6]; /* fall through */
+         case 6: pt[5] = m[5]; /* fall through */
diff --git a/dev-lang/python/files/python-3.6.5-libressl-compatibility.patch b/dev-lang/python/files/python-3.6.5-libressl-compatibility.patch
new file mode 100644
index 000000000000..2f9e6a2bef24
--- /dev/null
+++ b/dev-lang/python/files/python-3.6.5-libressl-compatibility.patch
@@ -0,0 +1,114 @@
+From 8d89a385b71a2e4cce0fba0cfc8d91b63485edc5 Mon Sep 17 00:00:00 2001
+From: Christian Heimes <christian@python.org>
+Date: Sat, 24 Mar 2018 18:38:14 +0100
+Subject: [PATCH] [3.6] bpo-33127: Compatibility patch for LibreSSL 2.7.0
+ (GH-6210) (GH-6214)
+
+LibreSSL 2.7 introduced OpenSSL 1.1.0 API. The ssl module now detects
+LibreSSL 2.7 and only provides API shims for OpenSSL < 1.1.0 and
+LibreSSL < 2.7.
+
+Documentation updates and fixes for failing tests will be provided in
+another patch set.
+
+Signed-off-by: Christian Heimes <christian@python.org>.
+(cherry picked from commit 4ca0739c9d97ac7cd45499e0d31be68dc659d0e1)
+
+Co-authored-by: Christian Heimes <christian@python.org>
+---
+ Lib/test/test_ssl.py                          |  1 +
+ .../2018-03-24-15-08-24.bpo-33127.olJmHv.rst  |  1 +
+ Modules/_ssl.c                                | 24 ++++++++++++-------
+ Tools/ssl/multissltests.py                    |  3 ++-
+ 4 files changed, 20 insertions(+), 9 deletions(-)
+ create mode 100644 Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
+
+diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
+index 8dd3b41450..9785a59a7e 100644
+--- a/Lib/test/test_ssl.py
++++ b/Lib/test/test_ssl.py
+@@ -1687,6 +1687,7 @@ class SimpleBackgroundTests(unittest.TestCase):
+         self.assertEqual(len(ctx.get_ca_certs()), 1)
+ 
+     @needs_sni
++    @unittest.skipUnless(hasattr(ssl, "PROTOCOL_TLSv1_2"), "needs TLS 1.2")
+     def test_context_setget(self):
+         # Check that the context of a connected socket can be replaced.
+         ctx1 = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
+diff --git a/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
+new file mode 100644
+index 0000000000..635aabbde0
+--- /dev/null
++++ b/Misc/NEWS.d/next/Library/2018-03-24-15-08-24.bpo-33127.olJmHv.rst
+@@ -0,0 +1 @@
++The ssl module now compiles with LibreSSL 2.7.1.
+diff --git a/Modules/_ssl.c b/Modules/_ssl.c
+index c54e43c2b4..5e007da858 100644
+--- a/Modules/_ssl.c
++++ b/Modules/_ssl.c
+@@ -106,6 +106,12 @@ struct py_ssl_library_code {
+ 
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
+ #  define OPENSSL_VERSION_1_1 1
++#  define PY_OPENSSL_1_1_API 1
++#endif
++
++/* LibreSSL 2.7.0 provides necessary OpenSSL 1.1.0 APIs */
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++#  define PY_OPENSSL_1_1_API 1
+ #endif
+ 
+ /* Openssl comes with TLSv1.1 and TLSv1.2 between 1.0.0h and 1.0.1
+@@ -152,16 +158,18 @@ struct py_ssl_library_code {
+ #define INVALID_SOCKET (-1)
+ #endif
+ 
+-#ifdef OPENSSL_VERSION_1_1
+-/* OpenSSL 1.1.0+ */
+-#ifndef OPENSSL_NO_SSL2
+-#define OPENSSL_NO_SSL2
+-#endif
+-#else /* OpenSSL < 1.1.0 */
+-#if defined(WITH_THREAD)
++/* OpenSSL 1.0.2 and LibreSSL needs extra code for locking */
++#if !defined(OPENSSL_VERSION_1_1) && defined(WITH_THREAD)
+ #define HAVE_OPENSSL_CRYPTO_LOCK
+ #endif
+ 
++#if defined(OPENSSL_VERSION_1_1) && !defined(OPENSSL_NO_SSL2)
++#define OPENSSL_NO_SSL2
++#endif
++
++#ifndef PY_OPENSSL_1_1_API
++/* OpenSSL 1.1 API shims for OpenSSL < 1.1.0 and LibreSSL < 2.7.0 */
++
+ #define TLS_method SSLv23_method
+ #define TLS_client_method SSLv23_client_method
+ #define TLS_server_method SSLv23_server_method
+@@ -227,7 +235,7 @@ SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
+     return s->tlsext_tick_lifetime_hint;
+ }
+ 
+-#endif /* OpenSSL < 1.1.0 or LibreSSL */
++#endif /* OpenSSL < 1.1.0 or LibreSSL < 2.7.0 */
+ 
+ 
+ enum py_ssl_error {
+diff --git a/Tools/ssl/multissltests.py b/Tools/ssl/multissltests.py
+index ce5bbd8530..ba4529ae06 100755
+--- a/Tools/ssl/multissltests.py
++++ b/Tools/ssl/multissltests.py
+@@ -57,8 +57,9 @@ LIBRESSL_OLD_VERSIONS = [
+ ]
+ 
+ LIBRESSL_RECENT_VERSIONS = [
+-    "2.5.3",
+     "2.5.5",
++    "2.6.4",
++    "2.7.1",
+ ]
+ 
+ # store files in ../multissl
+-- 
+2.17.0
+