15 files changed, 92 insertions, 869 deletions

diff --git a/dev-libs/Manifest.gz b/dev-libs/Manifest.gz
index be7ad3582a2c..c03f40282849 100644
--- a/dev-libs/Manifest.gz
+++ b/dev-libs/Manifest.gz
diff --git a/dev-libs/crypto++/Manifest b/dev-libs/crypto++/Manifest
index ac140ae578fa..24a0ad3ec7c3 100644
--- a/dev-libs/crypto++/Manifest
+++ b/dev-libs/crypto++/Manifest
@@ -3,6 +3,9 @@ DIST cryptopp860.zip 9274149 BLAKE2B c93998e2deb93abf12b801877404f0f82547bfbbbc5
 DIST cryptopp860.zip.sig 659 BLAKE2B 591a535092c61964c0fbb1ba31e44e70fc5f15757b9b56476ff64de0c28d47a13fe99d7f5819cfeb52e514ade1454622451b267bcc751868defcb080ddf79e8c SHA512 6231816b1ccec75cbcdd09daa8895830c5f4c595a4a0aa24dacc3e377832d8db5efa1aeadf815e53db32fc5263b09dd1b249668f34da4bfad5d5cba6f031ce21
 DIST cryptopp880.zip 9279806 BLAKE2B bdce352af83ff148cedbe0233efd3352d5052e6b4ea04484de11e35a8cb5d51cf6bd5aa641ada1bc4535454c1a1afdbfb96f4ae2ef5131d79a7985247810f423 SHA512 3fb1c591735f28dbd1329a6de6de9c495388c88bd5c4f077894c41668398ed313f14121a4553e0d4aa71e552ee8c3b744b770711748528ade71043ecc6159c80
 DIST cryptopp880.zip.sig 659 BLAKE2B a7d46e43cbe671714c5320b99824a91708058528be46e1a770bc214696b936aa5ba062279475966ce6108af6cacb3a22256df91ad5b9bbb54c81a69b9dcfca7b SHA512 8f3987841ff08f65a28fafed1ba3b0111e2c790d247ad739c28e6edb02a77e076b961007c4ba8684bc9e6c880730244b144ccc5f3416fb5fe57566b8021ee92e
+DIST cryptopp890.zip 9288053 BLAKE2B 95fe0585cff826587a301dd3df863c39cba889d407bb70ae7b35a4f9a0f7f5fef83b1c65cb95923a05f8ae91f18ed20e88738e8bb081a3f9c8c49c2d67d44ecc SHA512 903970c4c0312272e93bae0cc3477be66b273dd38c9329fda9f7157ec44e247a3bc16b9d2b4ad625f258af0eaf2dc2c4210d4d14829b455f180983859a5c4b41
+DIST cryptopp890.zip.sig 659 BLAKE2B 741ec10a01a444573fbcf749258e26461ff131935fede8f47b3f2dd8c51f3b43a9af894e0e31f9ad925baf451bdd747b7e22cc8b178992e4190bba503f9bf648 SHA512 4891cf446a47000453884f36f4f8db2da254e11b573c02690fd5e1de604f01498a479847a732abaf0f75b1cdf3cd5bc104f6be240d0de6c7184a3651c674ac95
 EBUILD crypto++-8.6.0-r1.ebuild 1905 BLAKE2B b4d299ec0496b007cd9b6b4be2dd130437040ab65dfb8e86d1905071e5271a27fbe53ee1abad41143226d3a233d8b9c4f17d83129f2c14b92bd258aa794a2b95 SHA512 92815d8c3f6dac4d4d2a768820ba25d45d5d488856645111948825ff926a9bfe04bb8fd5422b9670fa743f450abdb9c468527126b63d6b4ca6590d7a2b726ca3
 EBUILD crypto++-8.8.0.ebuild 1883 BLAKE2B 5e7897faecbdb63ca77b3c9236a768b2a8a09e6f8c79394a80331705aa8bad9a2d69c9b5f54038e3f465fe5940246e3bd14d183fb96f6bb3006e54c5d9bd8357 SHA512 5c3d63ead7b3118bbb91f93e5d21f9548b4cff4018b56c443dc3a482793e6d2e6877481a0f6420d533ea170b01155a8a1120c4be8e41933c903230e126339302
+EBUILD crypto++-8.9.0.ebuild 1889 BLAKE2B 3008b1f5f49f8da5da038a1a374924a59ac2e5e3c484bb53ac39976edc897f0a009f0f6eb539a0f846355addac89dde1f2100b02e2c0f10bda8a337f5f694790 SHA512 0955d8f6e1cb7f7b3db8db24681938b71bf5d25e1c40237bfb5581a4ec543d5224283c63e88edadecddf428f56b9503c5486b8ef3adaf1132f01aeb132a793f4
 MISC metadata.xml 506 BLAKE2B 5d6a8770ad53c178e43d30c04be9924718eaf373e8d9945f637db7af71fccf9b21bf46141910ec1cb1ea12e3817dfef4c7881d935fb6f441898ee949ac13ee5f SHA512 8d195dfc2d4f627f59d3a37d4988a0bc59e420a64f8615b819760e32449640eff2f357160b2b9797817d38b0e44c8d6bc04bc4f84a2bd20cfdb7fb5d12df7f2d
diff --git a/dev-libs/crypto++/crypto++-8.9.0.ebuild b/dev-libs/crypto++/crypto++-8.9.0.ebuild
new file mode 100644
index 000000000000..e2ee6042f908
--- /dev/null
+++ b/dev-libs/crypto++/crypto++-8.9.0.ebuild
@@ -0,0 +1,73 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/crypto++.asc
+inherit flag-o-matic toolchain-funcs verify-sig
+
+DESCRIPTION="C++ class library of cryptographic schemes"
+HOMEPAGE="https://cryptopp.com"
+SRC_URI="
+	https://www.cryptopp.com/cryptopp${PV//.}.zip
+	verify-sig? ( https://cryptopp.com/cryptopp${PV//.}.zip.sig )
+"
+
+S="${WORKDIR}"
+
+LICENSE="Boost-1.0"
+# ABI notes:
+# - Bumped to 8.5 in 8.5.0 out of caution
+# subslot is so version (was broken in 8.3.0, check on bumps!)
+# Seems to be broken in 8.6 again too
+#
+# - See https://cryptopp.com/#news, but releases usually say
+# "recompile of programs required". Even if it doesn't,
+# verify with abidiff!
+SLOT="0/${PV}"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86 ~x64-macos"
+IUSE="+asm static-libs"
+
+BDEPEND="
+	app-arch/unzip
+	verify-sig? ( sec-keys/openpgp-keys-crypto++ )
+"
+
+config_uncomment() {
+	sed -i -e "s://\s*\(#define\s*$1\):\1:" config.h || die
+}
+
+src_prepare() {
+	default
+
+	use asm || config_uncomment CRYPTOPP_DISABLE_ASM
+
+	# ASM isn't Darwin/Mach-O ready, #479554, buildsys doesn't grok CPPFLAGS
+	[[ ${CHOST} == *-darwin* ]] && config_uncomment CRYPTOPP_DISABLE_ASM
+}
+
+src_configure() {
+	export CXX="$(tc-getCXX)"
+	export LIBDIR="${EPREFIX}/usr/$(get_libdir)"
+	export PREFIX="${EPREFIX}/usr"
+	tc-export AR RANLIB
+
+	# Long history of correctness bugs:
+	# https://github.com/weidai11/cryptopp/issues/1134
+	# https://github.com/weidai11/cryptopp/issues/1141
+	# https://github.com/weidai11/cryptopp/pull/1147
+	append-flags -fno-strict-aliasing
+	filter-lto
+
+	default
+}
+
+src_compile() {
+	emake -f GNUmakefile LDCONF=true all shared libcryptopp.pc
+}
+
+src_install() {
+	emake DESTDIR="${D}" LDCONF=true install
+
+	use static-libs || rm -f "${ED}"/usr/$(get_libdir)/*.a
+}
diff --git a/dev-libs/openssl/Manifest b/dev-libs/openssl/Manifest
index d1b5c7a6b88c..45221acdb647 100644
--- a/dev-libs/openssl/Manifest
+++ b/dev-libs/openssl/Manifest
@@ -11,8 +11,6 @@ DIST openssl-1.0.2t-bindist-1.0.tar.xz 13872 BLAKE2B b2aade96a6e0ca6209a39e205b1
 DIST openssl-1.0.2u.tar.gz 5355412 BLAKE2B b2ff2a10e5851af5aca4093422a9a072c794e87b997263826c1c35910c040f695fac63decac5856cb49399ed03d410f97701d9fd4e1ebfbcacd8f3a74ce8bf57 SHA512 c455bb309e20e2c2d47fdc5619c734d107d5c8c38c1409903ce979acc120b0d5fa0312917c0aa0d630e402d092a703d4249643f36078e8528a3cafc9dac6ab32
 DIST openssl-1.1.1u.tar.gz 9892176 BLAKE2B 5de9cb856e497596ecba008bad6515eefd093849b9c66dd7447031723996f3ba66ac37a323a5f7d01b1d42df4daaceb523372f5897d5c53b935ffab91c566594 SHA512 d00aeb0b4c4676deff06ff95af7ac33dd683b92f972b4a8ae55cf384bb37c7ec30ab83c6c0745daf87cf1743a745fced6a347fd11fed4c548aa0953610ed4919
 DIST openssl-1.1.1u.tar.gz.asc 833 BLAKE2B 7a978a94264a14be04372fea39868e9177e8a0b0f24344267702022e19ee0f52e91ad141d7c54da870f7ec0df9b2e43b80939f1d274dd0b44d36da2670e3a468 SHA512 40245d65ace95b2002bf64bcba184c92fec3420b08d9f61f3a709c4842e9478595105d8adce33a08eb98d351d2a0989ec342b08cdd9104498ea0543b6e592d28
-DIST openssl-1.1.1v.tar.gz 9893443 BLAKE2B 9b3066d1911466dec909052667aafe9b974d2fa0a9798105b7501d62300e5a61a154fb94e633e46918303e9fcc1afc077e6efb5727eb967b75a795d8e2ed60a7 SHA512 1a67340d99026aa62bf50ff89165d9f77fe4a6690fe30d1751b5021dd3f238391afd581b41724687c322c4e3af1770c44a63766a06e9b8cab6425101153e0c7e
-DIST openssl-1.1.1v.tar.gz.asc 833 BLAKE2B a851629231591679c37a53342a7da565879fe626ce56ee586184c6e3694ee9cb15cf10b52e6ef17eac6cb25b66e3d50d1a703d42a5056a51f1567178956bfb11 SHA512 3e188f60d57f844fda6e6382623cb082e18d7caec38f9e6ab13d8d101ca0b0d234cfd7aba041ab975d5cd168c1ec0f147ff8a77e515a416461bfd108cb4244e0
 DIST openssl-1.1.1w.tar.gz 9893384 BLAKE2B 2fdba6ca0188928ab2f74e606136afca66cfa0467170fa6298ef160b64ac6fdcad1e81e5dd14013ce0e9921d0f7417edec531cd0beaf1196fec704c2c6d48395 SHA512 b4c625fe56a4e690b57b6a011a225ad0cb3af54bd8fb67af77b5eceac55cc7191291d96a660c5b568a08a2fbf62b4612818e7cca1bb95b2b6b4fc649b0552b6d
 DIST openssl-1.1.1w.tar.gz.asc 833 BLAKE2B d990be69ed913509d52b78e7473668429d4485adb29ef03e4612dd0cadbac4f04c7289d8e5baf6f397bcedeaac9f802f18fc719964d882ae0514ed1ca16ae277 SHA512 0f3d7aa48b1cabf8dd43e8108aeed10a4dffb4f5a244d4da9c86ea358b0c8b90c46da561d21e01c567c2f5035d824ed82ec104aad1776b7f33a1be85990e98ef
 DIST openssl-3.0.10.tar.gz 15194904 BLAKE2B 8bb3bd02b8dc64441ebfea98c4778d3ee0794540186904371a5aed81cb4f6d6903809bf97faafbc2a719617353234484f0d610f2806621229131fdad343f7231 SHA512 fc12f3beed5e2d2f4767aeb772ceb6ba26f6cbfabc247765854108266b27a1223134f0e81735867a9069bc9c07a14b9816e85903cef91bd1b90f781f0b98b61a
@@ -21,22 +19,17 @@ DIST openssl-3.0.11.tar.gz 15198318 BLAKE2B e522573aa72c8f6ffef82f20de36178fc6f9
 DIST openssl-3.0.11.tar.gz.asc 833 BLAKE2B e6e2636d5bb5fffb86833e64437fb440bbfd1c4e2bfbfdd72280cf1ce388b70d30eeea56ef6f3bb673e7dcd12020d993ef95f96bf099ded38e8cde4b549b38fa SHA512 3c1fe94fc46861870d99d1edcfe3c151272f7864dde36b66e87a0c79d2289e9ed5cfc48bfa65ba0e88eadcb3cc8307d702e01155f48af8ffc2d4f8fbbf3aa03c
 DIST openssl-3.0.9.tar.gz 15181285 BLAKE2B cc1df41fa12ba4443e15e94f6ebdc5e103b9dab5eab2e1c8f74e6a74fa2c38207817921b65d7293cb241c190a910191c7163600bb75243adde0e2f9ec31cc885 SHA512 86c99146b37236419b110db77dd3ac3992e6bed78c258f0cc3434ca233460b4e17c0ac81d7058547fe9cb72a9fd80ee56d4b4916bb731dbe2bbcf1c3d46bf31a
 DIST openssl-3.0.9.tar.gz.asc 833 BLAKE2B 9943ac65f83f48465cae83b37a1d004f6be4622e53c3025166d42954abe9215f1a6c2af58d4aa2b45fa51182fee5019e740969f694655b6c592bb278c68aacef SHA512 9949de6b57d5aa21da1d4b68a29eb37e302403c983bd7d2d8769b320aac4268a9f9091c5fb182862a4f89a9099660939fe609df87c66991b75f7695faf357caf
-DIST openssl-3.1.1.tar.gz 15544757 BLAKE2B 094f7e28f16de6528016fcd21df1d7382b0dbdcd80ec469d37add9c37f638c059dda3ffb4415eba890a33d146ddc9016bcc7192df101c73be5e70faf6e3b1097 SHA512 8ba9dd6ab87451e126c19cc106ccd1643ca48667d6c37504d0ab98205fbccf855fd0db54474b4113c4c3a15215a4ef77a039fb897a69f71bcab2054b2effd1d9
-DIST openssl-3.1.1.tar.gz.asc 833 BLAKE2B 5a2a9aeb475b843862e133d53bc5bb3c8e12e8e03b1e2da41d0eaa0eade1ae03c4318ad1f5c490c5e1ed7e6ac6275a6d7c881d99993911722b043b15d1622b25 SHA512 83349020c67e5b956f3ef37604a03a1970ea393f862691f5fd5d85930c01e559e25db17d397d8fd230c3862a8b2fba2d5c7df883d56d7472f4c01dab3a661cb2
 DIST openssl-3.1.2.tar.gz 15560427 BLAKE2B 7b4ba35df7d5680c5f13a1986e4c6abaf4592690647dcfa84d7f14c196326355e8ad0ea62f81f8269f0605f0d29f18e9def9c2158fcbe00baefabf819f82374d SHA512 9f41113e5537aee4c3f92711ff85fa12da080363fef0c8b8b34e5b3fc608473c6e4cadd9d8c78f2fcbe97462e51f26a0bb6781656a69ad40226e68af2cf2c762
 DIST openssl-3.1.2.tar.gz.asc 833 BLAKE2B aba3207c5eafaafc34bea078a9684612f7d9b4c5a888a27781cfe2421d27de6c2af3539abfc6efdac81ab0b923b7044a9b764902aa76edfd44ce5979f871a8b9 SHA512 fe143d2d90de1d3d30590ef9801185f8d2837668474ef3879d409bd4eb9417a127dee6c2a4e45076aa3ae3e443bfedd24de434ba4cf3ea0589c113990345a9ce
 DIST openssl-3.1.3.tar.gz 15561739 BLAKE2B a279a5c80191b95ca735aed20beb56ab899ee302258ce3529c377820739bf55075537cd900b06b3ca07b85efdce95cb081bcad1dfd4d33f81695c7ef0cefdf03 SHA512 2388eaa8e99acf1e8af4691a645b9b9af456900c74959e82d4cb02808301e11dcfecc86954a922262b16fa4b664b459894d133ab7d35ec82e1633a33194b7b20
 DIST openssl-3.1.3.tar.gz.asc 833 BLAKE2B 27427a4523c9fa9f9ffc0e00d6492e4bab4cd0d24ebf903fee05197c5089c4d201a76ef0073e856bedd86abf54ae01491e78d259eedf21a4797eee6c9cbd8fcf SHA512 0b8f12dd8623160f7358c24a8f36edb5d8c3460d1f7d711e1367051b172d9ac90c2c7c4980da1aa9f9c89d72384a034fe888b109650156fa197c363a14337127
 EBUILD openssl-1.0.2u-r1.ebuild 9993 BLAKE2B 2128588b25f90830c4b9120a0e5aa079b127c28aaa590a65900d735999ce777bd8a5f04de75ba476cf5062f3d862021654a2e41a800a0f06359aaa9947269d5b SHA512 e37897b8262f7365aa6484252cbd6b56567552ec90fb299518479cb91f9b88490324c426716cc2ae4facb8d479753d8dacce56a6676adb3afd66558ce693543a
-EBUILD openssl-1.1.1u.ebuild 8043 BLAKE2B 6c19ba4e37ff0942992c2fd639840301900ff3c68dfb8f3c0ce295e58aa1717c4ed68f620e7fb29ec4fdc8f05c3ae8ff36bdb4e41ad55a19d8ca1de018e7401f SHA512 db2d39ab22c9a2e35497b74cde43c656c78e3e8015eaff5598b2a56100d8ba236a05d98945253ebcdd90b56a93fd2895d96f205bfc66f3b7c89a6b26f4b16a28
-EBUILD openssl-1.1.1v.ebuild 8051 BLAKE2B 27fa7e805f68c0e8e0c4e50df1f5a4097c08af675b0456ef2852816a665eebbcac37533fa1044093d0712efd93cd2b156cc51232397d44ba4462e4068f9c642e SHA512 70c85b6028ea7ee19227527379e5ec91ef47390faaedf6b06165634b00742d42ae6961786056dd557da98f2b4cae5e879a3331b4846b14eed4528885eec20bca
-EBUILD openssl-1.1.1w.ebuild 8051 BLAKE2B 27fa7e805f68c0e8e0c4e50df1f5a4097c08af675b0456ef2852816a665eebbcac37533fa1044093d0712efd93cd2b156cc51232397d44ba4462e4068f9c642e SHA512 70c85b6028ea7ee19227527379e5ec91ef47390faaedf6b06165634b00742d42ae6961786056dd557da98f2b4cae5e879a3331b4846b14eed4528885eec20bca
-EBUILD openssl-3.0.10.ebuild 8525 BLAKE2B 236e32172e0f4e3eb7b6c4b98b7ff34ae98dc79a39f4d13c165b545947b54524ed735b5d2bb591917c3d9fcbfc2277d428e6984636189e007b2916a8220128ad SHA512 0836ed537a6398c6b10c6007b62f05c312301955803e22ebe4b36c6039283021ed688bbd8d2f33c52aaeccecc52aefcf19493941ef7fb72dc9dac12e964b74f3
-EBUILD openssl-3.0.11.ebuild 8533 BLAKE2B 38a0bee55a6cdd1f6eae0f8288df82fa66a857846d85c88670872a78b2fa1bd01c380c828dc5bdf0a892f41f6ae5ddd95eb0731374eda5fab59348cd8a80a200 SHA512 c08fb6671c9c1bc58480291843a70d37b908eb9e8664eeae1a0a29b4c592e9e7b95dc11f29ff9ca6eefa8b8e74c88cd2de3ae6745591b00b3974b58397702343
-EBUILD openssl-3.0.9-r1.ebuild 8490 BLAKE2B ba9e5ee5633b3c1bb2b9129142757cff35eaf28183d118a0339c617e520f0c86fca9cd6f4f2696c9bd35c860e10b7e6e56d91d4d43e5e1fdb91a2b0fff8a3afd SHA512 67401d7cbffd2c2b53dcf9e3ac076fa15f4c3051f7d4be1d914220b79d1818eb860e136c96b4a3c742dcd27df8ec21ec52b3658efb91c17732e6e7a6248ddaad
-EBUILD openssl-3.0.9-r2.ebuild 8583 BLAKE2B 8d1ced5dffdabbe0f63ac79b4e3739a61e7c7f534d3f2d7d26f9818ee3dadd87fa26ec4c81066af3f9128e8ee6d4b802844a5c3f641a1eea546c92712f9c2aa3 SHA512 5bca3c8df0d3d2f36fca349fa2901990ba6e5a120aded696093afa5cadcdfb3e550512b9bd58b2ac014508c80dff2464fbcb74659e997c3eabac7d0c8da5bfbb
-EBUILD openssl-3.1.1-r1.ebuild 8531 BLAKE2B 67643a995e293072f9c30787d95dd4f67a28a5d96c7e771b94c58df59cc6d1bbedd1c982bf6dfa27394a8285f1d5d854ac49d5c39f86127d52e620fa03a58b7b SHA512 7cbab87a59866ee6dc0f3660ddecf62d149e707ca8ea0c7627c40ceda02260cbe4ca63ff169f88c3070278d8d79be2b117910ef27bff2293dab076853a8667b9
-EBUILD openssl-3.1.1-r2.ebuild 8624 BLAKE2B 09de30addbfc7655aa4897a2d3cd84c400d018fc249fdd45e9aa0a8efa29a58c78f55a458777f7a9939e70e310e806cb3c3e84f52a6c6945ca98ead8a86b386f SHA512 75d2bb956155ea22fce102309cbdc60e1fccfcb8746ea042a88dfcd3f59e295b4cd066177a5e0c7ab4dcab507ec8c1fae5060402e0622d75a4ae6e10a7b8d759
-EBUILD openssl-3.1.2.ebuild 8579 BLAKE2B aa919a057031f3176ad0cd479e90ca05b26b26597676a6836395d254c1ec16e18d14751d6072f9ed106fd060c1ba8b6a46c2ae2ac2cc664b98af04ddbd71d2ca SHA512 d5f719d36a296797e0354267c7d02e23ed89ba9a1d488d9147d2c9fa80fd9145185e7197a550d6669a82e8b3670fc3fb583e2f02d968fb114190b9ddee0aad3d
-EBUILD openssl-3.1.3.ebuild 8579 BLAKE2B aa919a057031f3176ad0cd479e90ca05b26b26597676a6836395d254c1ec16e18d14751d6072f9ed106fd060c1ba8b6a46c2ae2ac2cc664b98af04ddbd71d2ca SHA512 d5f719d36a296797e0354267c7d02e23ed89ba9a1d488d9147d2c9fa80fd9145185e7197a550d6669a82e8b3670fc3fb583e2f02d968fb114190b9ddee0aad3d
+EBUILD openssl-1.1.1u.ebuild 8046 BLAKE2B ce0b11e91b2b901675f8651c741207c0f26291a84f4dfc9e8f5916bc5e82415e8bb4dab057e416ef5e4c79f01551c63bff12ca39dc8d36a71abe891334a732fe SHA512 c36ae6f86830ce41b699277faabb662684b4ae70f223a7dad7f925353b1b5190e531dfdcf42d29f4edb6e0b4ea40177c66d8c2c8405111774d9a127431c4742a
+EBUILD openssl-1.1.1w.ebuild 8054 BLAKE2B 20c1fed9799369fde0813ba1be90353ffb4983eb5235125cf1871d6b3849b6cc8f50f146e0987d1e6e5c9500416b66aee7908a2ea78dbc11b14b534e994d3274 SHA512 4639f887eb41fa838e7c4f623e599bbffdc0cb003860c97ee3755f89b07d6c032d1ff4ab457427829eef79dfc8675d0843f5aeffc0e07f28c9690e4f06566a8a
+EBUILD openssl-3.0.10.ebuild 8528 BLAKE2B a4195c916d91f1074946899c35e07f064f56e74f2de05b47681a3e4f7568a5cb485d34f229afb7c715927952c70ed069561ece17a654a309e21f5b8d6d29f77f SHA512 9d760d8249e935e47d66d8336c494edd2cbbf0166703bfd98952592f40bcc6616340ae43eb874b2241b36dd07ab695f6f386c8065c429b6abb2ec63743044c46
+EBUILD openssl-3.0.11.ebuild 8536 BLAKE2B 72b03f892402785131ef8e4e65ce706e4b4de764ccc05034b77ded23f320dbc260e408793b90268e3b02330bf18b355dad2866e8f09ade59b039a1a943024ed9 SHA512 caeede0e828d3f4ad00d86c7a117b691c19edd8c91b1ffd2ffb10ec034cf8cdd1670842319203e30c672ffd1d0dfc0ba1a8f39055edacfa7829196870735c32c
+EBUILD openssl-3.0.9-r1.ebuild 8493 BLAKE2B 851fac7d928f0f9cde96ac4a3fa1cd6002e501ee8070def2869cb68280c70bb9e393a9edae4391a1a3e0649d8fdc8066c46eedfbe0c7ec028b2a312798f368ba SHA512 579257ff9e960c42f91f407ced21cd44eef33f171e7e9d726a4e8b3d6e7f46e2afdd94edbd6d0514dac1927d660abef180d68126b3c26a0ff05df6ecdc65ac72
+EBUILD openssl-3.0.9-r2.ebuild 8586 BLAKE2B 958142587d7f69df7ba8d6cb4ae36537e51b5edad32156141587b4367ae0e49c00f797b80ffc0731901dedeaf211a4c5282712e86fb25e0ebc590d791139acc4 SHA512 c2c1840cc0fe24a49ecf206fd3e37c28e8654d205092d4d6232164d908349d8f52955781918da2560fa9ce8c73f0371cca8def0915f21c064199eb8a8f8872ba
+EBUILD openssl-3.1.2.ebuild 8582 BLAKE2B 1ce521d304575b61b85ceb8a416f393bbea1d2d254d055a3820c3b61d829a6f51617d381ed9ab12651fe96fe432ad10575f2ba2d48c3f40546cb7ac4c974d791 SHA512 1693b8566af7ff16543188af28fbb86ddf4f274ea6f9e5d787e7e02afe1a3561c4801a2012de46d2c5a3bc48f655f65d6550553fb9582d4e60cc6667a7b9deb3
+EBUILD openssl-3.1.3.ebuild 8582 BLAKE2B 1ce521d304575b61b85ceb8a416f393bbea1d2d254d055a3820c3b61d829a6f51617d381ed9ab12651fe96fe432ad10575f2ba2d48c3f40546cb7ac4c974d791 SHA512 1693b8566af7ff16543188af28fbb86ddf4f274ea6f9e5d787e7e02afe1a3561c4801a2012de46d2c5a3bc48f655f65d6550553fb9582d4e60cc6667a7b9deb3
 MISC metadata.xml 1664 BLAKE2B cf9d4613e5387e7ec0787b1a6c137baa71effb8458fa63b5dea0be4d5cf7c8607257262dbf89dcc0c3db7b17b10232d32902b7569827bd4f2717b3ef7dffaaa9 SHA512 01deef1de981201c14101630d2a4ae270abcac9a4b27b068359d76f63aeb6075aceb33db60175c105294cb7045aae389168f4cf1edf0f6e3656ccc2fe92e9c92
diff --git a/dev-libs/openssl/openssl-1.1.1u.ebuild b/dev-libs/openssl/openssl-1.1.1u.ebuild
index 90cdec1ab00b..c90541dca291 100644
--- a/dev-libs/openssl/openssl-1.1.1u.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1u.ebuild
@@ -67,7 +67,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
diff --git a/dev-libs/openssl/openssl-1.1.1v.ebuild b/dev-libs/openssl/openssl-1.1.1v.ebuild
deleted file mode 100644
index 6a237499b429..000000000000
--- a/dev-libs/openssl/openssl-1.1.1v.ebuild
+++ /dev/null
@@ -1,265 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic toolchain-funcs multilib-minimal verify-sig
-
-MY_P=${P/_/-}
-DESCRIPTION="Full-strength general purpose cryptography library (including SSL and TLS)"
-HOMEPAGE="https://www.openssl.org/"
-SRC_URI="mirror://openssl/source/${MY_P}.tar.gz
-	verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="openssl"
-SLOT="0/1.1" # .so version of libssl/libcrypto
-if [[ ${PV} != *_pre* ]] ; then
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~arm64-macos ~ppc-macos ~x64-macos ~x64-solaris"
-fi
-IUSE="+asm rfc3779 sctp cpu_flags_x86_sse2 sslv3 static-libs test tls-compression tls-heartbeat vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )"
-DEPEND="${RDEPEND}"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		kernel_linux? ( sys-process/procps )
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230801 )"
-PDEPEND="app-misc/ca-certificates"
-
-# force upgrade to prevent broken login, bug #696950
-RDEPEND+=" !<net-misc/openssh-8.0_p1-r3"
-
-MULTILIB_WRAPPED_HEADERS=(
-	usr/include/openssl/opensslconf.h
-)
-
-PATCHES=(
-	# General patches which are suitable to always apply
-	# If they're Gentoo specific, add to USE=-vanilla logic in src_prepare!
-	"${FILESDIR}"/${PN}-1.1.0j-parallel_install_fix.patch # bug #671602
-	"${FILESDIR}"/${PN}-1.1.1i-riscv32.patch
-)
-
-pkg_setup() {
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]]; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES}; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-
-	# Remove test target when FEATURES=test isn't set
-	if ! use test ; then
-		sed \
-			-e '/^$config{dirs}/s@ "test",@@' \
-			-i Configure || die
-	fi
-
-	if use prefix && [[ ${CHOST} == *-solaris* ]] ; then
-		# use GNU ld full option, not to confuse it on Solaris
-		sed -i \
-			-e 's/-Wl,-M,/-Wl,--version-script=/' \
-			-e 's/-Wl,-h,/-Wl,--soname=/' \
-			Configurations/10-main.conf || die
-	fi
-
-	# The config script does stupid stuff to prompt the user.  Kill it.
-	sed -i '/stty -icanon min 0 time 50; read waste/d' config || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-cppflags -DOPENSSL_NO_BUF_FREELISTS
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#	ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Use configuration ${sslout:-(openssl knows best)}"
-	local config=( perl "${S}/Configure" )
-	[[ -z ${sslout} ]] && config=( sh "${S}/config" -v )
-
-	# "disable-deprecated" option breaks too many consumers.
-	# Don't set it without thorough revdeps testing.
-	# Make sure user flags don't get added *yet* to avoid duplicated
-	# flags.
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		${ec_nistp_64_gcc_128}
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use_ssl sslv3 ssl3)
-		$(use_ssl sslv3 ssl3-method)
-		$(use_ssl asm)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl tls-heartbeat heartbeats)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo "${config[@]}" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake all
-}
-
-multilib_src_test() {
-	emake -j1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} MANSUFFIX=ssl install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc CHANGES* FAQ NEWS README doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-}
diff --git a/dev-libs/openssl/openssl-1.1.1w.ebuild b/dev-libs/openssl/openssl-1.1.1w.ebuild
index 6a237499b429..7440cf3d3dcc 100644
--- a/dev-libs/openssl/openssl-1.1.1w.ebuild
+++ b/dev-libs/openssl/openssl-1.1.1w.ebuild
@@ -67,7 +67,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
diff --git a/dev-libs/openssl/openssl-3.0.10.ebuild b/dev-libs/openssl/openssl-3.0.10.ebuild
index 4251a16a6dea..b469b0b55dc6 100644
--- a/dev-libs/openssl/openssl-3.0.10.ebuild
+++ b/dev-libs/openssl/openssl-3.0.10.ebuild
@@ -81,7 +81,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
diff --git a/dev-libs/openssl/openssl-3.0.11.ebuild b/dev-libs/openssl/openssl-3.0.11.ebuild
index 5d69a16c495e..9d573d00feeb 100644
--- a/dev-libs/openssl/openssl-3.0.11.ebuild
+++ b/dev-libs/openssl/openssl-3.0.11.ebuild
@@ -81,7 +81,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
diff --git a/dev-libs/openssl/openssl-3.0.9-r1.ebuild b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
index 7f042b6d39c0..766737ef1a4b 100644
--- a/dev-libs/openssl/openssl-3.0.9-r1.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r1.ebuild
@@ -81,7 +81,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
diff --git a/dev-libs/openssl/openssl-3.0.9-r2.ebuild b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
index e4516c8a708f..72845dd2599a 100644
--- a/dev-libs/openssl/openssl-3.0.9-r2.ebuild
+++ b/dev-libs/openssl/openssl-3.0.9-r2.ebuild
@@ -86,7 +86,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
diff --git a/dev-libs/openssl/openssl-3.1.1-r1.ebuild b/dev-libs/openssl/openssl-3.1.1-r1.ebuild
deleted file mode 100644
index 7f787b960f44..000000000000
--- a/dev-libs/openssl/openssl-3.1.1-r1.ebuild
+++ /dev/null
@@ -1,288 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
diff --git a/dev-libs/openssl/openssl-3.1.1-r2.ebuild b/dev-libs/openssl/openssl-3.1.1-r2.ebuild
deleted file mode 100644
index cfa017e58411..000000000000
--- a/dev-libs/openssl/openssl-3.1.1-r2.ebuild
+++ /dev/null
@@ -1,293 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-VERIFY_SIG_OPENPGP_KEY_PATH="${BROOT}"/usr/share/openpgp-keys/openssl.org.asc
-inherit edo flag-o-matic linux-info toolchain-funcs
-inherit multilib multilib-minimal multiprocessing preserve-libs verify-sig
-
-DESCRIPTION="Robust, full-featured Open Source Toolkit for the Transport Layer Security (TLS)"
-HOMEPAGE="https://www.openssl.org/"
-
-MY_P=${P/_/-}
-
-if [[ ${PV} == 9999 ]] ; then
-	EGIT_REPO_URI="https://github.com/openssl/openssl.git"
-
-	inherit git-r3
-else
-	SRC_URI="
-		mirror://openssl/source/${MY_P}.tar.gz
-		verify-sig? ( mirror://openssl/source/${MY_P}.tar.gz.asc )
-	"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
-fi
-
-S="${WORKDIR}"/${MY_P}
-
-LICENSE="Apache-2.0"
-SLOT="0/$(ver_cut 1)" # .so version of libssl/libcrypto
-IUSE="+asm cpu_flags_x86_sse2 fips ktls rfc3779 sctp static-libs test tls-compression vanilla verify-sig weak-ssl-ciphers"
-RESTRICT="!test? ( test )"
-
-COMMON_DEPEND="
-	!<net-misc/openssh-9.2_p1-r3
-	tls-compression? ( >=sys-libs/zlib-1.2.8-r1[static-libs(+)?,${MULTILIB_USEDEP}] )
-"
-BDEPEND="
-	>=dev-lang/perl-5
-	sctp? ( >=net-misc/lksctp-tools-1.0.12 )
-	test? (
-		sys-apps/diffutils
-		sys-devel/bc
-		sys-process/procps
-	)
-	verify-sig? ( >=sec-keys/openpgp-keys-openssl-20230207 )"
-
-DEPEND="${COMMON_DEPEND}"
-RDEPEND="${COMMON_DEPEND}"
-PDEPEND="app-misc/ca-certificates"
-
-MULTILIB_WRAPPED_HEADERS=(
-	/usr/include/openssl/configuration.h
-)
-
-PATCHES=(
-	"${FILESDIR}"/${P}-CVE-2023-2975.patch
-	"${FILESDIR}"/${P}-CVE-2023-3446.patch
-)
-
-pkg_setup() {
-	if use ktls ; then
-		if kernel_is -lt 4 18 ; then
-			ewarn "Kernel implementation of TLS (USE=ktls) requires kernel >=4.18!"
-		else
-			CONFIG_CHECK="~TLS ~TLS_DEVICE"
-			ERROR_TLS="You will be unable to offload TLS to kernel because CONFIG_TLS is not set!"
-			ERROR_TLS_DEVICE="You will be unable to offload TLS to kernel because CONFIG_TLS_DEVICE is not set!"
-			use test && CONFIG_CHECK+=" ~CRYPTO_USER_API_SKCIPHER"
-
-			linux-info_pkg_setup
-		fi
-	fi
-
-	[[ ${MERGE_TYPE} == binary ]] && return
-
-	# must check in pkg_setup; sysctl doesn't work with userpriv!
-	if use test && use sctp ; then
-		# test_ssl_new will fail with "Ensure SCTP AUTH chunks are enabled in kernel"
-		# if sctp.auth_enable is not enabled.
-		local sctp_auth_status=$(sysctl -n net.sctp.auth_enable 2>/dev/null)
-		if [[ -z "${sctp_auth_status}" ]] || [[ ${sctp_auth_status} != 1 ]] ; then
-			die "FEATURES=test with USE=sctp requires net.sctp.auth_enable=1!"
-		fi
-	fi
-}
-
-src_unpack() {
-	# Can delete this once test fix patch is dropped
-	if use verify-sig ; then
-		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
-	fi
-
-	default
-}
-
-src_prepare() {
-	# Make sure we only ever touch Makefile.org and avoid patching a file
-	# that gets blown away anyways by the Configure script in src_configure
-	rm -f Makefile
-
-	if ! use vanilla ; then
-		PATCHES+=(
-			# Add patches which are Gentoo-specific customisations here
-		)
-	fi
-
-	default
-
-	if use test && use sctp && has network-sandbox ${FEATURES} ; then
-		einfo "Disabling test '80-test_ssl_new.t' which is known to fail with FEATURES=network-sandbox ..."
-		rm test/recipes/80-test_ssl_new.t || die
-	fi
-
-	# Test fails depending on kernel configuration, bug #699134
-	rm test/recipes/30-test_afalg.t || die
-}
-
-src_configure() {
-	# Keep this in sync with app-misc/c_rehash
-	SSL_CNF_DIR="/etc/ssl"
-
-	# Quiet out unknown driver argument warnings since openssl
-	# doesn't have well-split CFLAGS and we're making it even worse
-	# and 'make depend' uses -Werror for added fun (bug #417795 again)
-	tc-is-clang && append-flags -Qunused-arguments
-
-	# We really, really need to build OpenSSL w/ strict aliasing disabled.
-	# It's filled with violations and it *will* result in miscompiled
-	# code. This has been in the ebuild for > 10 years but even in 2022,
-	# it's still relevant:
-	# - https://github.com/llvm/llvm-project/issues/55255
-	# - https://github.com/openssl/openssl/issues/18225
-	# - https://github.com/openssl/openssl/issues/18663#issuecomment-1181478057
-	# Don't remove the no strict aliasing bits below!
-	filter-flags -fstrict-aliasing
-	append-flags -fno-strict-aliasing
-	# The OpenSSL developers don't test with LTO right now, it leads to various
-	# warnings/errors (which may or may not be false positives), it's considered
-	# unsupported, and it's not tested in CI: https://github.com/openssl/openssl/issues/18663.
-	filter-lto
-
-	append-flags $(test-flags-CC -Wa,--noexecstack)
-
-	# bug #895308
-	append-atomic-flags
-	# Configure doesn't respect LIBS
-	export LDLIBS="${LIBS}"
-
-	# bug #197996
-	unset APPS
-	# bug #312551
-	unset SCRIPTS
-	# bug #311473
-	unset CROSS_COMPILE
-
-	tc-export AR CC CXX RANLIB RC
-
-	multilib-minimal_src_configure
-}
-
-multilib_src_configure() {
-	use_ssl() { usex $1 "enable-${2:-$1}" "no-${2:-$1}" " ${*:3}" ; }
-
-	local krb5=$(has_version app-crypt/mit-krb5 && echo "MIT" || echo "Heimdal")
-
-	# See if our toolchain supports __uint128_t.  If so, it's 64bit
-	# friendly and can use the nicely optimized code paths, bug #460790.
-	#local ec_nistp_64_gcc_128
-	#
-	# Disable it for now though (bug #469976)
-	# Do NOT re-enable without substantial discussion first!
-	#
-	#echo "__uint128_t i;" > "${T}"/128.c
-	#if ${CC} ${CFLAGS} -c "${T}"/128.c -o /dev/null >&/dev/null ; then
-	#       ec_nistp_64_gcc_128="enable-ec_nistp_64_gcc_128"
-	#fi
-
-	local sslout=$(bash "${FILESDIR}/gentoo.config-1.0.4")
-	einfo "Using configuration: ${sslout:-(openssl knows best)}"
-
-	# https://github.com/openssl/openssl/blob/master/INSTALL.md#enable-and-disable-features
-	local myeconfargs=(
-		${sslout}
-
-		$(use cpu_flags_x86_sse2 || echo "no-sse2")
-		enable-camellia
-		enable-ec
-		enable-ec2m
-		enable-sm2
-		enable-srp
-		$(use elibc_musl && echo "no-async")
-		enable-idea
-		enable-mdc2
-		enable-rc5
-		$(use fips && echo "enable-fips")
-		$(use_ssl asm)
-		$(use_ssl ktls)
-		$(use_ssl rfc3779)
-		$(use_ssl sctp)
-		$(use test || echo "no-tests")
-		$(use_ssl tls-compression zlib)
-		$(use_ssl weak-ssl-ciphers)
-
-		--prefix="${EPREFIX}"/usr
-		--openssldir="${EPREFIX}"${SSL_CNF_DIR}
-		--libdir=$(get_libdir)
-
-		shared
-		threads
-	)
-
-	edo perl "${S}/Configure" "${myeconfargs[@]}"
-}
-
-multilib_src_compile() {
-	emake build_sw
-
-	if multilib_is_native_abi; then
-		emake build_docs
-	fi
-}
-
-multilib_src_test() {
-	# VFP = show subtests verbosely and show failed tests verbosely
-	# Normal V=1 would show everything verbosely but this slows things down.
-	emake HARNESS_JOBS="$(makeopts_jobs)" -Onone VFP=1 test
-}
-
-multilib_src_install() {
-	emake DESTDIR="${D}" install_sw
-	if use fips; then
-		emake DESTDIR="${D}" install_fips
-		# Regen this in pkg_preinst, bug 900625
-		rm "${ED}${SSL_CNF_DIR}"/fipsmodule.cnf || die
-	fi
-
-	if multilib_is_native_abi; then
-		emake DESTDIR="${D}" install_ssldirs
-		emake DESTDIR="${D}" DOCDIR='$(INSTALLTOP)'/share/doc/${PF} install_docs
-	fi
-
-	# This is crappy in that the static archives are still built even
-	# when USE=static-libs. But this is due to a failing in the openssl
-	# build system: the static archives are built as PIC all the time.
-	# Only way around this would be to manually configure+compile openssl
-	# twice; once with shared lib support enabled and once without.
-	if ! use static-libs ; then
-		rm "${ED}"/usr/$(get_libdir)/lib{crypto,ssl}.a || die
-	fi
-}
-
-multilib_src_install_all() {
-	# openssl installs perl version of c_rehash by default, but
-	# we provide a shell version via app-misc/c_rehash
-	rm "${ED}"/usr/bin/c_rehash || die
-
-	dodoc {AUTHORS,CHANGES,NEWS,README,README-PROVIDERS}.md doc/*.txt doc/${PN}-c-indent.el
-
-	# Create the certs directory
-	keepdir ${SSL_CNF_DIR}/certs
-
-	# bug #254521
-	dodir /etc/sandbox.d
-	echo 'SANDBOX_PREDICT="/dev/crypto"' > "${ED}"/etc/sandbox.d/10openssl
-
-	diropts -m0700
-	keepdir ${SSL_CNF_DIR}/private
-}
-
-pkg_preinst() {
-	if use fips; then
-		# Regen fipsmodule.cnf, bug 900625
-		ebegin "Running openssl fipsinstall"
-		"${ED}/usr/bin/openssl" fipsinstall -quiet \
-			-out "${ED}${SSL_CNF_DIR}/fipsmodule.cnf" \
-			-module "${ED}/usr/$(get_libdir)/ossl-modules/fips.so"
-		eend $?
-	fi
-
-	preserve_old_lib /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
-
-pkg_postinst() {
-	ebegin "Running 'openssl rehash ${EROOT}${SSL_CNF_DIR}/certs' to rebuild hashes (bug #333069)"
-	openssl rehash "${EROOT}${SSL_CNF_DIR}/certs"
-	eend $?
-
-	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1) \
-		/usr/$(get_libdir)/lib{crypto,ssl}$(get_libname 1.1)
-}
diff --git a/dev-libs/openssl/openssl-3.1.2.ebuild b/dev-libs/openssl/openssl-3.1.2.ebuild
index cbdd13f19657..67cd58d980dc 100644
--- a/dev-libs/openssl/openssl-3.1.2.ebuild
+++ b/dev-libs/openssl/openssl-3.1.2.ebuild
@@ -84,7 +84,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default
diff --git a/dev-libs/openssl/openssl-3.1.3.ebuild b/dev-libs/openssl/openssl-3.1.3.ebuild
index cbdd13f19657..67cd58d980dc 100644
--- a/dev-libs/openssl/openssl-3.1.3.ebuild
+++ b/dev-libs/openssl/openssl-3.1.3.ebuild
@@ -84,7 +84,7 @@ src_unpack() {
 	# Can delete this once test fix patch is dropped
 	if use verify-sig ; then
 		# Needed for downloaded patch (which is unsigned, which is fine)
-		verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.asc}
+		verify-sig_verify_detached "${DISTDIR}"/${MY_P}.tar.gz{,.asc}
 	fi
 
 	default