gentoo auto-resync : 17:01:2025 - 06:41:55

14 files changed, 1393 insertions, 7 deletions

diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz
index f743371e2176..af8de1e33396 100644
--- a/dev-libs/Manifest.gz
+++ b/dev-libs/Manifest.gz
diff --git a/dev-libs/apache-arrow/Manifest b/dev-libs/apache-arrow/Manifest
index 770bbacdead3..6ad679acf868 100644
--- a/dev-libs/apache-arrow/Manifest
+++ b/dev-libs/apache-arrow/Manifest
@@ -1,7 +1,10 @@
 DIST apache-arrow-18.0.0.tar.gz 19113236 BLAKE2B c358f8e61155432540a4002c6dfba7a3763d934a43eddae0a9a6f98bb26879df51e3cdcc64db6dd684ffde2ef8ef6dcff8906355b5769f71afae907aa1e920c5 SHA512 4df30ab5561da695eaa864422626b9898555d86ca56835c3b8a8ca93a1dbaf081582bb36e2440d1daf7e1dd48c76941f1152a4f25ce0dbcc1c2abe244a00c05e
 DIST apache-arrow-18.1.0.tar.gz 19132388 BLAKE2B 4a8c60d8a5dcf2b8ac4e2ae3a7f555dd0604d5ccc4b72ba317f18e16e75725b24553050fe88a02f382b0581310f20d0b795133b243f2851fa0e8d3801a839358 SHA512 7249c03a6097bc64fb0092143e4d4aaef3227565147e6254f026ddd504177c8dd565a184a0df39743dc989070dc3785e5b66f738c8e310ed9c982b61c2ec4914
+DIST apache-arrow-19.0.0.tar.gz 17830405 BLAKE2B cf611106b0ee5f92a4cbf341e9f5b6771f377710bb11c6eab555706a52b5c72fcf4590ba55c36100a97c6219ec421813f51ef6337530d84eb8394735ef2787b5 SHA512 6820de33a5d5b0922ea64dd8ff55d186ef02596ad0415578067aaf3e5cf7d3eead473bc3a5f92d6d3f19b97d153fe1c901359008d922d1ffb0fc2a65dc860c79
 DIST arrow-testing-4d209492d514c2d3cb2d392681b9aa00e6d8da1c.tar.gz 3572558 BLAKE2B fe5b6a46babbde8e2becefea09fecf090201a49faa7d4ee2f44b0bb4da42c344b37564999d32fdbd54a81a56c33fbde9b2d9d2fa664bf127cb5661e845fb6229 SHA512 6758ad936e1eeb2c5dd2b4b40fe90822a48a4ce67ee4d36657c168e1db5d9a17c092f4cf571b13d56b568a773515385441874d1ea36a1f6e5b15a99f67176fa3
+DIST parquet-testing-c7cf1374cf284c0c73024cd1437becea75558bf8.tar.gz 1076246 BLAKE2B 070323055ce6cbcff6987b03e6f483cb4647021b29fd2e62b6f05751637dc46df27601f7519e2aa1c6c4edb4b016d0dfc16f69d31e4a262c7231fbc96f21d711 SHA512 81799640604bec3c5f91499a4af7a3c1a4b669f8f4933d3cf622b556fcd376635eb869197d41371b3745a662118961488b6a8eed17fc664c0a1e0f879a1a42e4
 DIST parquet-testing-cb7a9674142c137367bf75a01b79c6e214a73199.tar.gz 1068025 BLAKE2B 0fdd12d04108b27b17564c60ca36e751453f5d74cfbbe3a076e8befa1696aa0f093e2d1a5eacb99e69a98deda502930ba79b8329403af1e8b9d696e6617c6075 SHA512 dd221d9d59442cebb7158d7cf769d6e5323416bfcde2852eee37a26ff089bc04ea10b9ae7158a37d8694c10469d77c7d251d0dd2549596a7b3899d9c39b45997
 EBUILD apache-arrow-18.0.0.ebuild 2988 BLAKE2B 2cbbb8d48ccf1f166255fef3cd83b6954070e166fbc92b25feaca9a205eacfd49dd20a4e4b84b3caa9e42d89d0a33eb3f0f74165e9d966ee82348aa28261b611 SHA512 56ea0d4ccdac63dcfe1640d6e9157cde776b12346ff876c3188dbf25fceb7c56163644aba89a7396571ffeaa477bc256cac811b5f72580eb0602a6de10a4596f
 EBUILD apache-arrow-18.1.0-r2.ebuild 3119 BLAKE2B a668badce41e7daba7bc8635211cb25d4478cf4cab9fdd586bb96e457e3e7700aa95f410002b225b82f91feabc2960631c787fafbc66e052b816a789c250e919 SHA512 3f11d6d87efb2519a6ce2d00ff6dfef898c4377415e085664e3b3dff4cd6104ef019ebbe1f6a29b78a723dff8a2be8a85ae82dba0aac4e0712919852e65d0fce
+EBUILD apache-arrow-19.0.0.ebuild 3145 BLAKE2B e43c6a641684106f836b0677e56700e2e0249db9d4c6fc86f4a4f9be3ea82696a274afb06066c6e61e11a2a513a0e9a4d851771bd6523a1e6ed4447cf647d679 SHA512 8b5f229263bff51af82ca4c8e7f2239d3c11228d4192012850d8d3ae36bdc15970f6213179ad9e8b909a327ca74064d3e5e5ee2c997b1af410c3a208ce8f6bfb
 MISC metadata.xml 912 BLAKE2B bffeb1e6d52455313e89396d9b1821fd7d5064e887213d13ae933ef8185318a40095c1623f3793f62d296ecb1afed591614fadc2ca3f75332df1e5a2f5a28d84 SHA512 11fb4dfe0e8c938e6bf3e7e53d1dccee08d80ba32396ac454226827e7c4ed2db70c53812060a9478e359fb2c48c221a05b3632409d73f2659b2117b7c56e8e51
diff --git a/dev-libs/apache-arrow/apache-arrow-19.0.0.ebuild b/dev-libs/apache-arrow/apache-arrow-19.0.0.ebuild
new file mode 100644
index 000000000000..9ac405157cf5
--- /dev/null
+++ b/dev-libs/apache-arrow/apache-arrow-19.0.0.ebuild
@@ -0,0 +1,129 @@
+# Copyright 2023-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake
+
+# arrow.git: testing
+ARROW_DATA_GIT_HASH=4d209492d514c2d3cb2d392681b9aa00e6d8da1c
+# arrow.git: cpp/submodules/parquet-testing
+PARQUET_DATA_GIT_HASH=c7cf1374cf284c0c73024cd1437becea75558bf8
+
+DESCRIPTION="A cross-language development platform for in-memory data."
+HOMEPAGE="
+	https://arrow.apache.org/
+	https://github.com/apache/arrow/
+"
+SRC_URI="
+	mirror://apache/arrow/arrow-${PV}/${P}.tar.gz
+	test? (
+		https://github.com/apache/parquet-testing/archive/${PARQUET_DATA_GIT_HASH}.tar.gz
+			-> parquet-testing-${PARQUET_DATA_GIT_HASH}.tar.gz
+		https://github.com/apache/arrow-testing/archive/${ARROW_DATA_GIT_HASH}.tar.gz
+			-> arrow-testing-${ARROW_DATA_GIT_HASH}.tar.gz
+	)
+"
+S="${WORKDIR}/${P}/cpp"
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~loong ~riscv ~s390 ~x86"
+IUSE="
+	+brotli bzip2 compute dataset +json lz4 +parquet re2 +snappy ssl
+	test zlib zstd
+"
+REQUIRED_USE="
+	test? (
+		json
+		parquet? ( zstd )
+	)
+	ssl? ( json )
+"
+RESTRICT="!test? ( test )"
+
+RDEPEND="
+	brotli? ( app-arch/brotli:= )
+	bzip2? ( app-arch/bzip2:= )
+	compute? ( dev-libs/libutf8proc:= )
+	dataset? (
+		dev-libs/libutf8proc:=
+	)
+	elibc_musl? ( sys-libs/timezone-data )
+	lz4? ( app-arch/lz4:= )
+	parquet? (
+		dev-libs/libutf8proc:=
+		dev-libs/thrift:=
+		ssl? ( dev-libs/openssl:= )
+	)
+	re2? ( dev-libs/re2:= )
+	snappy? ( app-arch/snappy:= )
+	zlib? ( sys-libs/zlib:= )
+	zstd? ( app-arch/zstd:= )
+"
+DEPEND="
+	${RDEPEND}
+	dev-cpp/xsimd
+	>=dev-libs/boost-1.81.0
+	json? ( dev-libs/rapidjson )
+	test? (
+		dev-cpp/gflags
+		dev-cpp/gtest
+	)
+"
+
+src_prepare() {
+	# use Gentoo CXXFLAGS, specify docdir at src_configure.
+	sed -i \
+		-e '/SetupCxxFlags/d' \
+		-e '/set(ARROW_DOC_DIR.*)/d' \
+		CMakeLists.txt \
+		|| die
+	cmake_src_prepare
+}
+
+src_configure() {
+	local mycmakeargs=(
+		-DARROW_BUILD_STATIC=OFF
+		-DARROW_BUILD_TESTS=$(usex test ON OFF)
+		-DARROW_COMPUTE=$(usex compute ON OFF)
+		-DARROW_CSV=ON
+		-DARROW_DATASET=$(usex dataset ON OFF)
+		-DARROW_DEPENDENCY_SOURCE=SYSTEM
+		-DARROW_DOC_DIR=share/doc/${PF}
+		-DARROW_FILESYSTEM=ON
+		-DARROW_HDFS=ON
+		-DARROW_JEMALLOC=OFF
+		-DARROW_JSON=$(usex json ON OFF)
+		-DARROW_MIMALLOC=OFF
+		-DARROW_PARQUET=$(usex parquet ON OFF)
+		-DPARQUET_REQUIRE_ENCRYPTION=$(usex ssl ON OFF)
+		-DARROW_USE_CCACHE=OFF
+		-DARROW_USE_SCCACHE=OFF
+		-DARROW_WITH_BROTLI=$(usex brotli ON OFF)
+		-DARROW_WITH_BZ2=$(usex bzip2 ON OFF)
+		-DARROW_WITH_LZ4=$(usex lz4 ON OFF)
+		-DARROW_WITH_RE2=$(usex re2 ON OFF)
+		-DARROW_WITH_SNAPPY=$(usex snappy ON OFF)
+		-DARROW_WITH_ZLIB=$(usex zlib ON OFF)
+		-DARROW_WITH_ZSTD=$(usex zstd ON OFF)
+		-DCMAKE_CXX_STANDARD=17
+	)
+	cmake_src_configure
+}
+
+src_test() {
+	local -x PARQUET_TEST_DATA="${WORKDIR}/parquet-testing-${PARQUET_DATA_GIT_HASH}/data"
+	local -x ARROW_TEST_DATA="${WORKDIR}/arrow-testing-${ARROW_DATA_GIT_HASH}/data"
+	cmake_src_test
+}
+
+src_install() {
+	cmake_src_install
+	if use test; then
+		cd "${D}"/usr/$(get_libdir) || die
+		rm -r cmake/ArrowTesting || die
+		rm libarrow_testing* || die
+		rm pkgconfig/arrow-testing.pc || die
+	fi
+}
diff --git a/dev-libs/libdex/Manifest b/dev-libs/libdex/Manifest
index dbbbd374be92..c5b7f3b35dc8 100644
--- a/dev-libs/libdex/Manifest
+++ b/dev-libs/libdex/Manifest
@@ -1,5 +1,5 @@
-DIST libdex-0.4.3.tar.xz 96820 BLAKE2B 51f6c9a209d8ff19d7e97f4d8cbc9065739f08c555712076c9b6f4d345d56522f31afa1b8dffe8da2cfc128d368d7dc5f6a93757f0fe5cfd0a55de17587d776e SHA512 26691373d560d20cefa3a23e31677259b234cdf623b17b8fb2b6976b03768e86e458d2670aa3b260638b595994f278240e972bf3ff5b765013fb6d3114f46cef
 DIST libdex-0.6.1.tar.xz 99056 BLAKE2B 3899f89ac652c2790c93e2799a5b0d066c45ee314c6f773bb586e49c89a8a78e6a09ebf08263b88b25900a15ac736d2bd37590720e0ac0e074581342534eaba3 SHA512 36be15d2da9edeae195abcb6f97639dd7fdea74463cdfdf752293007e44ab41a5e5350a7005883f202d70f96047567fba6370f1a2c45a0f898c242bebc88e847
-EBUILD libdex-0.4.3.ebuild 1481 BLAKE2B b88a3f2ee52b2ded6c15eaf019b022b4b732bf4ab548a98256dbd40133bf5938728a26708825130cce5a7651ebed72a4e8093724b98a02b7164ba8f75f9149f5 SHA512 cc31ea3c815fc288b4b18a542823ba60564af86944f1993437746d2924def8525ed8588b6e5bc1fa992a7fc9b2a10c56299d4c4bc3e0c5faea948ac6f8aff78b
+DIST libdex-0.8.1.tar.xz 99480 BLAKE2B 2a10a9a134cdb2017b6136a54e484f6fd2bb9329957f4d3f205edabdbcbb659f3a1c97a2b1a1c61a06f253a85733500b9475eebd8554e9af5cb0abcec232052d SHA512 fc3f4d81b3a3e5c87758b2f706dc02c558becafc489c620ca491ca3b658f4c00cbc48886c6f5271e7308c4d7255610ec7ece1ad77308b5fac6088402a96543e0
 EBUILD libdex-0.6.1.ebuild 1501 BLAKE2B 0a712c14a690465a004d6a5c70076d5ffe06a3c35b846370717f7d38668b02f5eef3ae0f3e199a3ee2f62d8bec5691b2dac10dc320c4d02ba862e984a9792466 SHA512 f88de052a04531d82041e3f4ad8a290c571c8c71738c6ad5c7500751b66eb73115d2e968d719992407f2f630970f05ef751456f26a030c52f116ce7a5afffd20
+EBUILD libdex-0.8.1.ebuild 1503 BLAKE2B 3898f9fd8a8e35fb95b4297e32c465b74df2a6f51e8ffef4926ddf4569500ced3cfc651ea3e2a6d3c7cb6dc0fd65bcbb7a871730ca6ce045f40e2e90a6438ce5 SHA512 d654f9d66c67e62541b47f8f03d5cb205497e3e0e24f223387c60d1141440a07f78959a9844a14fd4d01043750dc007a187266a88de67e3cef23cda3060b1803
 MISC metadata.xml 1034 BLAKE2B 279009c53ff4ecfd3fc2b053ec13f7497aeb65b5a6f0b225633067c173e353662654adbdf3cdd3eb5dc94fdf4c06b44750108309f917309b09957467eb3f12a3 SHA512 0d87d47c39375628cd18abdfb97db9a8d9d3ae1dab37f7937a60aa6935132dbcb36407bf7308b1b4239401676bbe65a1868e2a06f79e8da16f7f96e246bf5f8f
diff --git a/dev-libs/libdex/libdex-0.4.3.ebuild b/dev-libs/libdex/libdex-0.8.1.ebuild
index 93a7becd291c..bee830cf5288 100644
--- a/dev-libs/libdex/libdex-0.4.3.ebuild
+++ b/dev-libs/libdex/libdex-0.8.1.ebuild
@@ -1,16 +1,16 @@
-# Copyright 1999-2024 Gentoo Authors
+# Copyright 1999-2025 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=8
 
 inherit gnome.org linux-info meson vala
 
-DESCRIPTION="Deferred Execution library for GNOME and GTK"
+DESCRIPTION="Dex provides Future-based programming for GLib-based applications"
 HOMEPAGE="https://gitlab.gnome.org/GNOME/libdex"
 
 LICENSE="LGPL-2.1+"
 SLOT="0/1"
-KEYWORDS="amd64 ~arm64 ~x86"
+KEYWORDS="~amd64 ~arm64 ~x86"
 
 IUSE="+eventfd gtk-doc +introspection +liburing sysprof test vala"
 REQUIRED_USE="
diff --git a/dev-libs/newt/Manifest b/dev-libs/newt/Manifest
index 0a1779067973..e9daa8803c6a 100644
--- a/dev-libs/newt/Manifest
+++ b/dev-libs/newt/Manifest
@@ -2,5 +2,5 @@ AUX newt-0.52.21-python-sitedir.patch 954 BLAKE2B ed2a504cc2e2c06200e209fdf55e9b
 AUX newt-0.52.23-gold.patch 472 BLAKE2B 07753aa346032369a17030fa883d4c08e340c5510625211acbeead0f0d5143914d0935affdf47aed36ec3607da6f7c7b8849ee92292730e4578e87b47c92870b SHA512 518f257ff913bd2467cf34a0dc0e26ec9ff430bc1aff939044055805c79addede1c58de32097248724ca2a8c247690e173eb87c1c5144bb161eb6db52f7ac845
 AUX newt-0.52.24-c99-fix.patch 243 BLAKE2B 668d0ececb3315e5124c5649eba331b95dea85174b3f0e4925ee48fc17c820c909e5f763323ed68283a4840a4c645a558cd01224671f249be386f858bb2b2269 SHA512 c06b2bfe2aaf3de3ef451a79e9ab2b48af82d1d025125d48008e10c75663cbe01afa17421e587820c254498acdafb37ea579bfdff81753ac6ad6cf7a6c1fea6c
 DIST newt-0.52.24.tar.gz 128895 BLAKE2B fff7b3831f53a33b2d4f009fae0eb5603aef79c50f89e7f7179b80be837db35e44ecc860e4dc85e46195a59a87c12b2feae2ab043bef2fee0ea35a6efeded474 SHA512 999d8109dd3d74d04e813e84dc2e348278016dce7a678a1566197cf8fbc87810257b8a29fa766d29d48dc18bf4e1508b022460f15503fb6d029b3a05528b50be
-EBUILD newt-0.52.24-r1.ebuild 2217 BLAKE2B 446dccbc8522e7fb239f5efcc0c51c5be5ba99d98865c446ffcad060f38ba4c2455e36c300115f184e7a7a760e1a1e0550fe082742168e4a3fb8c3955e44fcbe SHA512 acc3c8ebc01542cb8e0b0ceec9fe27b1bae47a0fe37b80887c4d7f51343d22c6323ec6df13f98cef6da229c912f7ec69f275329c161adb7bc6f28d244a538b08
+EBUILD newt-0.52.24-r1.ebuild 2176 BLAKE2B 503c157e93c82d3412bd2d90287b61fb9e61caca508bb177a0cd50d52a91503d6a5a7c380cb09b29fda2fdfefa4988b7b5e0293f1ec2e0998f519bddfd994582 SHA512 ce9259e3b95b4aff17a0154535f49cf7bf6422e264a4b63622567c81c88cef8a94329e09a48d565023dcd15e65c5c1b849ce1c75996cf7fe2b9e94f8fe44239a
 MISC metadata.xml 333 BLAKE2B 5c5dc4580c21be4e57fd230e26cf7d9c79600b93f3f6788ba16b3f389c62a26c51a393a2d0147990492559c1b3fcc94751d7d8ac493f72e45efcedb152d2dd1f SHA512 34bb99d390ae88dbefde06ed990f5da92db8805fa7c2cd73ac86e651cbc14dbc6c8e00496ff1f38aee6c9c14ac654385bc41aa26020c63c49d39213dd5a0b9ca
diff --git a/dev-libs/newt/newt-0.52.24-r1.ebuild b/dev-libs/newt/newt-0.52.24-r1.ebuild
index f9ea2a31c2c5..61146a8dba41 100644
--- a/dev-libs/newt/newt-0.52.24-r1.ebuild
+++ b/dev-libs/newt/newt-0.52.24-r1.ebuild
@@ -41,7 +41,6 @@ S=${WORKDIR}/${PN}-${MY_PV}
 
 src_prepare() {
 	sed -i Makefile.in \
-		-e 's|$(SHCFLAGS) -o|$(LDFLAGS) &|g' \
 		-e 's|-g -o|$(CFLAGS) $(LDFLAGS) -o|g' \
 		-e 's|-shared -o|$(CFLAGS) $(LDFLAGS) &|g' \
 		-e 's|instroot|DESTDIR|g' \
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index f3aad19def48..43ca8b701b17 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -32,9 +32,13 @@ EBUILD openssl-3.0.13-r2.ebuild 8576 BLAKE2B 088d34e456b6b5f9eb4238a1bb9f2b16b3f
 EBUILD openssl-3.0.14.ebuild 8486 BLAKE2B 27b4cae37a13133a70b9cc4c724d93ab7ac03f14e4fe200c7739fac82d37ae55f860aa9a90576a6fac8683e0dbcb7308ea4e1a36b9006506dffeb0240fead10f SHA512 6d9ed1a0dc7d7f9b18000958fef23e22dd9774d5f3275e107693a399bc491d7ce5f0389a9bc375a3c1b52399e3ef982758d414d306fbd123f57034b2aaff853d
 EBUILD openssl-3.0.15-r1.ebuild 8616 BLAKE2B 84d772df58242053b7639b9c822261ab064ac16c534dc6b38d778d246c97ef5961d541c9a7878122c246d32d3134bf3b838a294fdcf4d3dd9df3124d4d384548 SHA512 f266010ace51125985ab15bc159ad77e732bf8f1c114fb328b926ec36e48db7bedac7c2e15df9652f7fe5a53c1a5c8756ade225006747f51664a300d4228e1da
 EBUILD openssl-3.0.15.ebuild 8560 BLAKE2B 037351a0c38c0f9718d7d14504b30dfffb7b9c4c68247700bc76016518f038a90cb42ed42dcdcc7158610b1a763409e10ae9eb5d78384561f5a54831873357bf SHA512 ca5140f12ed72840385febe08735079b4100728d7007e38c9bedb8c94bfca21e4a786de1c0db8df4d6204b9227f6ccb7346167b42055583fe0c89c82be7fefcb
+EBUILD openssl-3.0.9999.ebuild 8700 BLAKE2B fcbca7c445b385f2ea38f17c312e44d4f6220352ae70d8405fef454fb06a6b69c23b70cfcefee89164edf21f74691fd5d1e9fba15b7a72c28cafae103d74243b SHA512 a0b84f694000e14d7f7ef018ce780622735641929a489232aca45224606dac1f0805f893090810e09120ba162bc505c1426fd61e8aaa207ec2413cf1598f8c05
 EBUILD openssl-3.1.7-r1.ebuild 8653 BLAKE2B 8e5bd338024de4eb8f21ebf954855acea0f4bb35295d636ca0609dd42d21083553cee4a9db4201b6c498addb010191cc769feb618114289c64964d1eaff9e80d SHA512 5a3390c3bdf197f5a6d910d10dbedb1ccca0e03b6783a84bc108c6523744e2d0c989a83fffe7f0d4e3f2b611d480bdd4df12b51cde35aaea286da1aa363bb2ad
+EBUILD openssl-3.1.9999.ebuild 8734 BLAKE2B 3d468e940fd13eaddc14cf9758b144d34d781b60cb17a49439d48ce4b444f318d4dc6f6ff02b5124529b20d55bbf3d77b4c18acab48efe9a7b8767c7216557e9 SHA512 6b3d94f0d04c62aa868380dda7bb72dc610ddd81152ec9168ce638a277933b8f2cc45da598eb6a637befbcc84c6de0d48ddce6e27811cea01fa6ff258d44fa62
 EBUILD openssl-3.2.3-r1.ebuild 9297 BLAKE2B 615433d9a0b42433b821768e3227928e4d6bbdd2f96b73189b01df41d4968c989f0f96105fca850ed528e47c9e8ba95559d26d0148109414d109dc2c26081830 SHA512 e49fdce217dd78e3a024ffdbed753b349717ce31c2d21dc006d8d88e6b8600260fd81be3cb5d37a87016925717242aa2391316ab18a685cc2a32ccd2436ee4c4
+EBUILD openssl-3.2.9999.ebuild 9079 BLAKE2B 711a1c456e161580e5ceaabb68585ba2f7c6ef7b1d6afb2435647bbbe25d0905019981f0d9517a7078284141f6c15e93d8f2a6077816da9bba57f02e52d8f3e5 SHA512 a444ed5d89f926fc1930621817bfc8c7b445b272dd65551a51b62c46ebd9b374cc686330b87002279f53cd3ffe03e127a2c1833f338ed82334217ca294c4d3d7
 EBUILD openssl-3.3.2-r1.ebuild 9329 BLAKE2B 75e907c49f10d237e00d65cdb21e9151875f43c32b2657363ce68b5359868d72178685edfd19c3ad2f1cb17d6679562f872d6f49bde12fc96b2be3c0cb1407e0 SHA512 91cc0c0ed68c0c0d448ef70c0f601c8001f5bf143641e0dd71babe8fecb33f280d9bd838f5aaade2fb91eb069ac75fd33962c77d78cfd03c1d1dfb572aa38a47
 EBUILD openssl-3.3.2-r2.ebuild 9384 BLAKE2B a976a5f3a48475dd1ad3d0ab8a0ee3eb409678bc5045684683072ab100a45df04d47735484b13b21aa6462347f64e02a70f23089c448f9dda27965f9aaa11615 SHA512 a196b31f46dca8699aca35d9866779eb55072624634975fa66c11b92668523ab0ffcad71706b023604e1ee8c01184cd1c2b9627cb7acdbbe317412fc5c9dac75
 EBUILD openssl-3.3.2.ebuild 9274 BLAKE2B 510de2a09c086e94813d5f623dbb59a6df2fc0e7f11c4c691b5198606b934f59e7ac2ddf6a0171a06435fee820a2d4d4795996a2fec2cad15fc378557f947223 SHA512 be42e686822beab6937cd6350925c4071c85f26682feb55fc88435479fd1706f1d01cbda3618b41c1a7822ea4a83c1593e9ff7ad7db9e2fb52da84058ff355b0
+EBUILD openssl-3.3.9999.ebuild 9117 BLAKE2B 0ea48090d34a85fd8002dd3a36c533199c3f145ef0d7784468d8ca1aa81b531ac55a63cf9e55a035f2cb15f03baeccfcf96c7de94e45f0d2e35567a35c00e50e SHA512 f09b49a4615f615d0ed4c93b4f84e37ad543764dab9ef9ff20f4561507a3da3b90a0aeb1511fc6773e42b3ff574d1da276b5776bbc924453562e6ce5fa1b6822
 MISC metadata.xml 1674 BLAKE2B 2195a6538e1b4ec953c707460988f153e40abe7495fd761403c9a54b44ecb7cb5c69ac37ac7d4d18bc0086cf9b4accaaac19926fe5b2ac4b2c547ce1c9e08a6d SHA512 d4eda999c1027f9d8102c59275665f5b01d234c4a7636755a6d3c64b9aad2a657d14256b1527d9b7067cb653458b058db7f5bb20873e48927291092d9ccdd1c6
diff --git a/dev-libs/openssl/openssl-3.0.9999.ebuild b/dev-libs/openssl/openssl-3.0.9999.ebuild
new file mode 100644
index 000000000000..6d7eefcece55
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.0.9999.ebuild
@@ -0,0 +1,288 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://openssl-library.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == *9999 ]] ; then
+	[[ ${PV} == *.*.9999 ]] && EGIT_BRANCH="openssl-${PV%%.9999}"
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	inherit verify-sig
+	SRC_URI="
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
+	"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+
+	BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240920 )"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/3" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND+="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile || die
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
diff --git a/dev-libs/openssl/openssl-3.1.9999.ebuild b/dev-libs/openssl/openssl-3.1.9999.ebuild
new file mode 100644
index 000000000000..56f9601dd58f
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.1.9999.ebuild
@@ -0,0 +1,289 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://openssl-library.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == *9999 ]] ; then
+	[[ ${PV} == *.*.9999 ]] && EGIT_BRANCH="openssl-${PV%%.9999}"
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	inherit verify-sig
+	SRC_URI="
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
+	"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+
+	BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240920 )"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND+="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308
+	append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
diff --git a/dev-libs/openssl/openssl-3.2.9999.ebuild b/dev-libs/openssl/openssl-3.2.9999.ebuild
new file mode 100644
index 000000000000..162a9453a625
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.2.9999.ebuild
@@ -0,0 +1,295 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://openssl-library.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == *9999 ]] ; then
+	[[ ${PV} == *.*.9999 ]] && EGIT_BRANCH="openssl-${PV%%.9999}"
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	inherit verify-sig
+	SRC_URI="
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
+	"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+
+	BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240920 )"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND+="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308 -- check inserts GNU ld-compatible arguments
+	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+
+	if multilib_is_native_abi; then
+		emake build_docs
+	fi
+}
+
+multilib_src_test() {
+	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
+	#
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
diff --git a/dev-libs/openssl/openssl-3.3.9999.ebuild b/dev-libs/openssl/openssl-3.3.9999.ebuild
new file mode 100644
index 000000000000..41de3131f213
--- /dev/null
+++ b/dev-libs/openssl/openssl-3.3.9999.ebuild
@@ -0,0 +1,293 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openssl.org.asc
+inherit edo flag-o-matic linux-info toolchain-funcs
+inherit multilib multilib-minimal multiprocessing preserve-libs
+
+DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
+HOMEPAGE="https://openssl-library.org/"
+
+MY_P=${P/_/-}
+
+if [[ ${PV} == *9999 ]] ; then
+	[[ ${PV} == *.*.9999 ]] && EGIT_BRANCH="openssl-${PV%%.9999}"
+	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
+
+	inherit git-r3
+else
+	inherit verify-sig
+	SRC_URI="
+		https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz
+		verify-sig? (
+			https://github.com/openssl/openssl/releases/download/${P}/${P}.tar.gz.asc
+		)
+	"
+
+	if [[ ${PV} != *_alpha* && ${PV} != *_beta* ]] ; then
+		KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
+	fi
+
+	BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-openssl-20240920 )"
+fi
+
+S="${WORKDIR}"/${MY_P}
+
+LICENSE="Apache-2.0"
+SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
+IUSE="+asm cpu_flags_x86_sse2 fips ktls +quic rfc3779 sctp static-libs test tls-compression vanilla weak-ssl-ciphers"
+RESTRICT="!test? ( test )"
+
+COMMON_DEPEND="
+	!<net-misc/openssh-9.2_p1-r3
+	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
+"
+BDEPEND+="
+	>=dev-lang/perl-5
+	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
+	test? (
+		sys-apps/diffutils
+		app-alternatives/bc
+		sys-process/procps
+	)
+"
+DEPEND="${COMMON_DEPEND}"
+RDEPEND="${COMMON_DEPEND}"
+PDEPEND="app-misc/ca-certificates"
+
+MULTILIB_WRAPPED_HEADERS=(
+	/usr/include/openssl/configuration.h
+)
+
+pkg_setup() {
+	if use ktls ; then
+		if kernel_is -lt 4 18 ; then
+			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
+		else
+			CONFIG_CHECK="~TLS ~TLS_DEVICE"
+			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
+			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
+			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
+
+			linux-info_pkg_setup
+		fi
+	fi
+
+	[[ ${MERGE_TYPE} == binary ]] && return
+
+	# must check in pkg_setup; sysctl doesn't work with userpriv!
+	if use test && use sctp ; then
+		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
+		# if sctp.auth_enable is not enabled.
+		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
+		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
+			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
+		fi
+	fi
+}
+
+src_prepare() {
+	# Make sure we only ever touch Makefile.org and avoid patching a file
+	# that gets blown away anyways by the Configure script in src_configure
+	rm -f Makefile || die
+
+	if ! use vanilla ; then
+		PATCHES+=(
+			# Add patches which are Gentoo-specific customisations here
+		)
+	fi
+
+	default
+
+	if use test && use sctp && has network-sandbox ${FEATURES} ; then
+		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
+		rm test/recipes/80-test_ssl_new.t || die
+	fi
+
+	# Test fails depending on kernel configuration, bug #699134
+	rm test/recipes/30-test_afalg.t || die
+}
+
+src_configure() {
+	# Keep this in sync with app-misc/c_rehash
+	SSL_CNF_DIR="/etc/ssl"
+
+	# Quiet out unknown driver argument warnings since openssl
+	# doesn't have well-split CFLAGS and we're making it even worse
+	# and 'make depend' uses -Werror for added fun (bug #417795 again)
+	tc-is-clang && append-flags -Qunused-arguments
+
+	# We really, really need to build OpenSSL w/ strict aliasing disabled.
+	# It's filled with violations and it *will* result in miscompiled
+	# code. This has been in the ebuild for > 10 years but even in 2022,
+	# it's still relevant:
+	# - https://github.com/llvm/llvm-project/issues/55255
+	# - https://github.com/openssl/openssl/issues/12247
+	# - https://github.com/openssl/openssl/issues/18225
+	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
+	# Don't remove the no strict aliasing bits below!
+	filter-flags -fstrict-aliasing
+	append-flags -fno-strict-aliasing
+	# The OpenSSL developers don't test with LTO right now, it leads to various
+	# warnings/errors (which may or may not be false positives), it's considered
+	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
+	filter-lto
+
+	append-flags $(test-flags-CC -Wa,--noexecstack)
+
+	# bug #895308 -- check inserts GNU ld-compatible arguments
+	[[ ${CHOST} == *-darwin* ]] || append-atomic-flags
+	# Configure doesn't respect LIBS
+	export LDLIBS="${LIBS}"
+
+	# bug #197996
+	unset APPS
+	# bug #312551
+	unset SCRIPTS
+	# bug #311473
+	unset CROSS_COMPILE
+
+	tc-export AR CC CXX RANLIB RC
+
+	multilib-minimal_src_configure
+}
+
+multilib_src_configure() {
+	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
+
+	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
+
+	# See if our toolchain supports __uint128_t.  If so, it's 64bit
+	# friendly and can use the nicely optimized code paths, bug #460790.
+	#local ec_nistp_64_gcc_128
+	#
+	# Disable it for now though (bug #469976)
+	# Do NOT re-enable without substantial discussion first!
+	#
+	#echo "__uint128_t i;" > "${T}"/128.c
+	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
+	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
+	#fi
+
+	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
+	einfo "Using configuration: ${sslout:-(openssl knows best)}"
+
+	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
+	local myeconfargs=(
+		${sslout}
+
+		$(multilib_is_native_abi || echo "no-docs")
+		$(use cpu_flags_x86_sse2 || echo "no-sse2")
+		enable-camellia
+		enable-ec
+		enable-ec2m
+		enable-sm2
+		enable-srp
+		$(use elibc_musl && echo "no-async")
+		enable-idea
+		enable-mdc2
+		enable-rc5
+		$(use fips && echo "enable-fips")
+		$(use quic && echo "enable-quic")
+		$(use_ssl asm)
+		$(use_ssl ktls)
+		$(use_ssl rfc3779)
+		$(use_ssl sctp)
+		$(use test || echo "no-tests")
+		$(use_ssl tls-compression zlib)
+		$(use_ssl weak-ssl-ciphers)
+
+		--prefix="${EPREFIX}"/usr
+		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
+		--libdir=$(get_libdir)
+
+		shared
+		threads
+	)
+
+	edo perl "${S}/Configure" "${myeconfargs[@]}"
+}
+
+multilib_src_compile() {
+	emake build_sw
+}
+
+multilib_src_test() {
+	# See https://github.com/openssl/openssl/blob/master/test/README.md for options.
+	#
+	# VFP = show subtests verbosely and show failed tests verbosely
+	# Normal V=1 would show everything verbosely but this slows things down.
+	#
+	# -j1 here for https://github.com/openssl/openssl/issues/21999, but it
+	# shouldn't matter as tests were already built earlier, and HARNESS_JOBS
+	# controls running the tests.
+	emake -Onone -j1 HARNESS_JOBS="$(makeopts_jobs)" VFP=1 test
+}
+
+multilib_src_install() {
+	# Only -j1 is supported for the install targets:
+	# https://github.com/openssl/openssl/issues/21999#issuecomment-1771150305
+	emake DESTDIR="${D}" -j1 install_sw
+	if use fips; then
+		emake DESTDIR="${D}" -j1 install_fips
+		# Regen this in pkg_preinst, bug 900625
+		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
+	fi
+
+	if multilib_is_native_abi; then
+		emake DESTDIR="${D}" -j1 install_ssldirs
+		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} -j1 install_docs
+	fi
+
+	# This is crappy in that the static archives are still built even
+	# when USE=static-libs. But this is due to a failing in the openssl
+	# build system: the static archives are built as PIC all the time.
+	# Only way around this would be to manually configure+compile openssl
+	# twice; once with shared lib support enabled and once without.
+	if ! use static-libs ; then
+		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
+	fi
+}
+
+multilib_src_install_all() {
+	# openssl installs perl version of c_rehash by default, but
+	# we provide a shell version via app-misc/c_rehash
+	rm "${ED}"/usr/bin/c_rehash || die
+
+	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
+
+	# Create the certs directory
+	keepdir ${SSL_CNF_DIR}/certs
+
+	# bug #254521
+	dodir /etc/sandbox.d
+	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
+
+	diropts -m0700
+	keepdir ${SSL_CNF_DIR}/private
+}
+
+pkg_preinst() {
+	if use fips; then
+		# Regen fipsmodule.cnf, bug 900625
+		ebegin "Running openssl fipsinstall"
+		"${ED}/usr/bin/openssl" fipsinstall -quiet \
+			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
+			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
+		eend $?
+	fi
+
+	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
+
+pkg_postinst() {
+	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
+	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
+	eend $?
+
+	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
+		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
+}
diff --git a/dev-libs/qtkeychain/Manifest b/dev-libs/qtkeychain/Manifest
index a1f4ef2f0ea8..3691d7fa5e81 100644
--- a/dev-libs/qtkeychain/Manifest
+++ b/dev-libs/qtkeychain/Manifest
@@ -1,3 +1,5 @@
 DIST qtkeychain-0.14.3.tar.gz 50948 BLAKE2B 4f2189b2d6a1faf7b5041baeb1c2f00498d0297a8028799ab646aa92189d569114c76b45528d15a72d7cee8dc6252797bebd3e2849034e703709a3b41f74a805 SHA512 d1d87553db94bf54da1373016a847476e6cd608db6d427ed72532658e2272501daf45d7c9976efdde2f26ab3810ba9dbfec2518d46dee5a76ecaa369bfee2e4a
+DIST qtkeychain-0.15.0.tar.gz 55584 BLAKE2B e12b69a7fbc60a6cda75b06c5e8ae435b9a6e15a9564b71590cd3d5a8c491526e8bf840eaba0cadf36f4e7518dda1d6b45c0090aa26538a92c668c29d4646350 SHA512 b1068ae513d5eab8f300186497ddcce4075e11a2a569deddbc949177efaa27970ed7bdce0b1aff61a021144540e942f60c9259b975601a92c60b8a742754624a
 EBUILD qtkeychain-0.14.3.ebuild 1536 BLAKE2B 66108fdf560b85eba1c915adb7b3780c2e858850b1bc0bc7e0181901f7af5d7a65091375f922562ebb8fb5e8850691bcdb8577efd51590623300e469e7e723c9 SHA512 54fd75fa2dbce374aaff44f5139992f82ef535dfcb1fd0fe59bb58b7eb9fd879e11cd21497fff3c5d4b055bccb3689819c3a8defaafac80eac9533dcf422565b
+EBUILD qtkeychain-0.15.0.ebuild 1727 BLAKE2B d6a0214dfa1c327e3a3bf9f04424cf199ab5bb269769fe2b3314ff0205f03ada16e984403c283987a9a7f4f9d08752627b350a003766d2267896a9eccb288937 SHA512 1458170e30fcf977d6183f427f3c746defc9b15a7eb2169e077407b9c2c8bdbe2f16cce93feea76c91db7c972791af231fbb30de043e459c6d1791bfaa1005de
 MISC metadata.xml 340 BLAKE2B 4ae9796b7c395cbb0dc0c4a06d203db9a270ec00dba635bdeb0f46b350fffd3784f98a700f645238824cf6b474215c1cbed4c1ede1df16f47185598c81de5610 SHA512 3bf8c371c3268190a04f67f2213b89efe9f1dad96cbf2ee5ad3d112d5ea6b164ccbfefabaed55a6e0cdfa3e4bb06d6e7959b88513567a1d619aa1138957c5027
diff --git a/dev-libs/qtkeychain/qtkeychain-0.15.0.ebuild b/dev-libs/qtkeychain/qtkeychain-0.15.0.ebuild
new file mode 100644
index 000000000000..400dbfc6db2c
--- /dev/null
+++ b/dev-libs/qtkeychain/qtkeychain-0.15.0.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake multibuild
+
+DESCRIPTION="Qt API for storing passwords securely"
+HOMEPAGE="https://github.com/frankosterfeld/qtkeychain"
+
+if [[ ${PV} != *9999* ]]; then
+	SRC_URI="https://github.com/frankosterfeld/${PN}/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
+	KEYWORDS="~amd64 ~arm64 ~loong ~ppc64 ~riscv ~x86"
+else
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/frankosterfeld/${PN}.git"
+fi
+
+LICENSE="BSD-2"
+SLOT="0/1"
+IUSE="keyring qt5 +qt6 test"
+REQUIRED_USE="|| ( qt5 qt6 )"
+
+# tests require DBus
+RESTRICT="test !test? ( test )"
+
+RDEPEND="
+	keyring? (
+		app-crypt/libsecret
+		dev-libs/glib:2
+	)
+	qt5? (
+		dev-qt/qtcore:5
+		dev-qt/qtdbus:5
+	)
+	qt6? ( dev-qt/qtbase:6[dbus] )
+"
+DEPEND="${RDEPEND}
+	qt5? ( test? ( dev-qt/qttest:5 ) )
+"
+BDEPEND="
+	qt5? ( dev-qt/linguist-tools:5 )
+	qt6? ( dev-qt/qttools:6[linguist] )
+"
+
+DOCS=( ChangeLog ReadMe.md )
+
+pkg_setup() {
+	MULTIBUILD_VARIANTS=( $(usev qt5) $(usev qt6) )
+}
+
+src_configure() {
+	my_src_configure() {
+		local mycmakeargs=(
+			-DECM_MKSPECS_INSTALL_DIR="${EPREFIX}"/usr/$(get_libdir)/${MULTIBUILD_VARIANT}/mkspecs
+			-DBUILD_TEST_APPLICATION=OFF
+			-DBUILD_TRANSLATIONS=ON
+			-DLIBSECRET_SUPPORT=$(usex keyring)
+			-DBUILD_TESTING=$(usex test)
+		)
+
+		if [[ ${MULTIBUILD_VARIANT} == qt6 ]]; then
+			mycmakeargs+=( -DBUILD_WITH_QT6=ON )
+		else
+			mycmakeargs+=( -DBUILD_WITH_QT6=OFF )
+		fi
+
+		cmake_src_configure
+	}
+
+	multibuild_foreach_variant my_src_configure
+}
+
+src_compile() {
+	multibuild_foreach_variant cmake_src_compile
+}
+
+src_test() {
+	multibuild_foreach_variant cmake_src_test
+}
+
+src_install() {
+	multibuild_foreach_variant cmake_src_install
+}