From deba8115d2c2af26df42966b91ef04ff4dd79cde Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Thu, 14 May 2020 11:09:11 +0100
Subject: gentoo resync : 14.05.2020

---
 net-vpn/Manifest.gz                                | Bin 6881 -> 6885 bytes
 net-vpn/libreswan/Manifest                         |   2 +
 net-vpn/libreswan/libreswan-3.32.ebuild            | 117 ++++++++
 net-vpn/networkmanager-openvpn/Manifest            |   3 +-
 .../networkmanager-openvpn-1.8.10-r1.ebuild        |  58 ----
 .../networkmanager-openvpn-1.8.10-r2.ebuild        |   2 +-
 net-vpn/networkmanager-pptp/Manifest               |   3 +-
 .../networkmanager-pptp-1.2.8-r1.ebuild            |  53 ----
 .../networkmanager-pptp-1.2.8-r2.ebuild            |   2 +-
 net-vpn/networkmanager-sstp/Manifest               |   2 +-
 .../networkmanager-sstp-1.2.0-r1.ebuild            |  53 ++++
 .../networkmanager-sstp-1.2.0.ebuild               |  51 ----
 net-vpn/networkmanager-strongswan/Manifest         |   8 +-
 ...-strongswan-1.5.1-change-appdata-location.patch |  29 ++
 net-vpn/networkmanager-strongswan/metadata.xml     |   3 -
 .../networkmanager-strongswan-1.4.5-r1.ebuild      |  52 ----
 .../networkmanager-strongswan-1.4.5-r2.ebuild      |   2 +-
 .../networkmanager-strongswan-1.5.1.ebuild         |  59 ++++
 net-vpn/networkmanager-vpnc/Manifest               |   3 +-
 .../networkmanager-vpnc-1.2.6-r1.ebuild            |  51 ----
 .../networkmanager-vpnc-1.2.6-r2.ebuild            |   2 +-
 net-vpn/ocserv/Manifest                            |   4 +-
 net-vpn/ocserv/ocserv-1.0.0.ebuild                 |  81 ------
 net-vpn/ocserv/ocserv-1.0.1.ebuild                 |  82 ++++++
 net-vpn/openconnect/Manifest                       |   7 +-
 .../files/8.09-gnutls-buffer-overflow.patch        |  62 +++++
 net-vpn/openconnect/openconnect-8.08.ebuild        |   2 +-
 net-vpn/openconnect/openconnect-8.09-r1.ebuild     | 150 ++++++++++
 net-vpn/openconnect/openconnect-9999.ebuild        |   4 +-
 net-vpn/openfortivpn/Manifest                      |   2 +
 net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild    |  38 +++
 net-vpn/openvpn/Manifest                           |  14 +-
 .../files/openvpn-2.4.5-libressl-macro-fix.patch   |  63 -----
 net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch |  49 ----
 .../files/openvpn-2.5-external-cmocka.patch        |  65 -----
 .../openvpn/files/openvpn-external-cmocka.patch    |  62 -----
 net-vpn/openvpn/openvpn-2.4.6-r1.ebuild            | 156 -----------
 net-vpn/openvpn/openvpn-2.4.6.ebuild               | 156 -----------
 net-vpn/openvpn/openvpn-2.4.7-r1.ebuild            | 157 -----------
 net-vpn/openvpn/openvpn-2.4.8.ebuild               | 145 ----------
 net-vpn/openvpn/openvpn-2.4.9.ebuild               |  38 ++-
 net-vpn/peervpn/Manifest                           |   2 +-
 net-vpn/peervpn/peervpn-0.044-r4.ebuild            |  68 -----
 net-vpn/peervpn/peervpn-0.044-r5.ebuild            |  75 +++++
 net-vpn/strongswan/Manifest                        |   2 +
 net-vpn/strongswan/strongswan-5.8.4.ebuild         | 308 +++++++++++++++++++++
 net-vpn/tailscale/Manifest                         |   7 +-
 net-vpn/tailscale/tailscale-0.97_p45.ebuild        |  50 ----
 net-vpn/tailscale/tailscale-0.98_p0.ebuild         |   2 +-
 net-vpn/wireguard-modules/Manifest                 |   5 +-
 ...d-modules-1.0.20200413-sch_generic-header.patch |  26 --
 .../wireguard-modules-1.0.20200413.ebuild          | 102 -------
 .../wireguard-modules-1.0.20200506.ebuild          | 100 +++++++
 net-vpn/wireguard-tools/Manifest                   |   4 +-
 .../wireguard-tools-1.0.20200319.ebuild            |   4 -
 .../wireguard-tools-1.0.20200513.ebuild            | 101 +++++++
 56 files changed, 1237 insertions(+), 1511 deletions(-)
 create mode 100644 net-vpn/libreswan/libreswan-3.32.ebuild
 delete mode 100644 net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r1.ebuild
 delete mode 100644 net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r1.ebuild
 create mode 100644 net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0-r1.ebuild
 delete mode 100644 net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0.ebuild
 create mode 100644 net-vpn/networkmanager-strongswan/files/networkmanager-strongswan-1.5.1-change-appdata-location.patch
 delete mode 100644 net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r1.ebuild
 create mode 100644 net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.1.ebuild
 delete mode 100644 net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r1.ebuild
 delete mode 100644 net-vpn/ocserv/ocserv-1.0.0.ebuild
 create mode 100644 net-vpn/ocserv/ocserv-1.0.1.ebuild
 create mode 100644 net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
 create mode 100644 net-vpn/openconnect/openconnect-8.09-r1.ebuild
 create mode 100644 net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild
 delete mode 100644 net-vpn/openvpn/files/openvpn-2.4.5-libressl-macro-fix.patch
 delete mode 100644 net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
 delete mode 100644 net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch
 delete mode 100644 net-vpn/openvpn/files/openvpn-external-cmocka.patch
 delete mode 100644 net-vpn/openvpn/openvpn-2.4.6-r1.ebuild
 delete mode 100644 net-vpn/openvpn/openvpn-2.4.6.ebuild
 delete mode 100644 net-vpn/openvpn/openvpn-2.4.7-r1.ebuild
 delete mode 100644 net-vpn/openvpn/openvpn-2.4.8.ebuild
 delete mode 100644 net-vpn/peervpn/peervpn-0.044-r4.ebuild
 create mode 100644 net-vpn/peervpn/peervpn-0.044-r5.ebuild
 create mode 100644 net-vpn/strongswan/strongswan-5.8.4.ebuild
 delete mode 100644 net-vpn/tailscale/tailscale-0.97_p45.ebuild
 delete mode 100644 net-vpn/wireguard-modules/files/wireguard-modules-1.0.20200413-sch_generic-header.patch
 delete mode 100644 net-vpn/wireguard-modules/wireguard-modules-1.0.20200413.ebuild
 create mode 100644 net-vpn/wireguard-modules/wireguard-modules-1.0.20200506.ebuild
 create mode 100644 net-vpn/wireguard-tools/wireguard-tools-1.0.20200513.ebuild

(limited to 'net-vpn')

diff --git a/net-vpn/Manifest.gz b/net-vpn/Manifest.gz
index 27aff08a88f7..e86646b070a2 100644
Binary files a/net-vpn/Manifest.gz and b/net-vpn/Manifest.gz differ
diff --git a/net-vpn/libreswan/Manifest b/net-vpn/libreswan/Manifest
index b30326cc96bf..9470d59044f4 100644
--- a/net-vpn/libreswan/Manifest
+++ b/net-vpn/libreswan/Manifest
@@ -1,6 +1,8 @@
 AUX libreswan-3.30-ip-path.patch 563 BLAKE2B 838ae401b4e7c04378e8cbb2561a6d348896883942683682c8ac3b31de56d360460bc2ea2c26f579a6f36078101270167b775579fd2502c72dd680620c12a585 SHA512 a8a391386014cff3b867fb8c0ba8c83ecb93c11d35aea205877b66e3104712311e19f13eb9659ee158833512c199d0104b5a796ebef37a1bc210e254abc6f573
 DIST libreswan-3.29.tar.gz 3848730 BLAKE2B 32dc839186fb511534a4959014082f8efe27708da7bc09dc5977532ffc7ea0ccdc92407932b3c3166f14b9ff85933e9a3f76325bbe620e09a5fa5a5c496d1f44 SHA512 4b4d91204d8b1724e0a9ad3ed55fc232c9a526211c3b47b6cc33fd160feb72538ef1661becca250bde815b9d7b75709bf16c7b372476605557b47c785cdf2535
 DIST libreswan-3.31.tar.gz 4127675 BLAKE2B 0b773e4cfda761a88e8cb6ed412ecdd50bb52df7a58029141d41c77f959ad06c6cd04625b9094efa8586328381e3c75050ff68c2d8dd6d832ed5dd6e747d9391 SHA512 edaddeb209c4fb974b16790ba843a41f4f1d269dd28333aa02b820801a222435c2ca5622e77558d1e95970b4ef24a663d9c44ef4ede7ff4e66e1f0d9b6e880d2
+DIST libreswan-3.32.tar.gz 4141631 BLAKE2B 37a4cb5c1f52d69b17ba60abd2b7a181d9f5567914a453ab875185110aeda4d33ecdaacfc83e361f153860a1db66faec70e0ad06af65e310af28ae72ce68fc6a SHA512 bb65512351059e2fac6f1c3ed1e291eabd6835faacf6d9c58649dd71dab1bb4fe6d6074178dea6dea01f24d39f3fbefd84c6060e4d8436b5d057fa55ae4467f3
 EBUILD libreswan-3.29.ebuild 3062 BLAKE2B 5d6b9ef04607c52c292d0c509129cfb82dc2d8ed2d30b90ecbc81a76de048c45b0c945f22cafbdc3c4fb35511bb9cb5b7992968fccd041cfc06e48f5a3cafef9 SHA512 640827da7fc1e7acce3b53d555e782cf685f0937b1ddab1c89888533fa067b19a9a931fbeb62ece60b474e576401d7a06b1f8fa6893adb748a09260d62716704
 EBUILD libreswan-3.31.ebuild 3127 BLAKE2B dfd79e648967070d3a2ae7018873647a03d162bf904f4f70fa7d2baf9969d7912407a56869986f0c83675e65e5f27e5622ffccf4c6b1b3bcecb3200472976372 SHA512 5937f4ee0eba31fa8cbfcb477e19e5d2f74b1fafba9be035cdb64e88e80d5bc0acfd6dd995de54e449be6a8ff01a893ad64d578d4eb7b5e72f42f748fc829333
+EBUILD libreswan-3.32.ebuild 3129 BLAKE2B 898c335ac5250ef25dbf1197799158bea2a8ee562f2dce91eff51086fc0149c49665689a5b27c65eca26cc80b2c35ab1c3c5ef8c403f5b54e48fa9ed9cc643b7 SHA512 b221c0dc62b3326072dd05fda6e6b3dacca223b2fba0f2db38fa1114716b800071f804365c0051653f2b7c24a39cfacb532095d75c8a02216470538715da659e
 MISC metadata.xml 319 BLAKE2B 6bae0756e29efeb1cf77d60f7e38fe62ffa5f24c3745e07900e6ef5f65194c50f6a479d97fdcc24804ccdcfefd9707b12f08dffe613fcf798afc421826de36e4 SHA512 924161f15c0f7a9666a6d7a422b45da679190e1a0f2859b997ddd753cbf49df9da337e5420040210736f76fa712dca3ec8862480f62bd321de71e74bee7c0865
diff --git a/net-vpn/libreswan/libreswan-3.32.ebuild b/net-vpn/libreswan/libreswan-3.32.ebuild
new file mode 100644
index 000000000000..f81f028d3f9b
--- /dev/null
+++ b/net-vpn/libreswan/libreswan-3.32.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs
+
+SRC_URI="https://download.libreswan.org/${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~ppc ~x86"
+
+DESCRIPTION="IPsec implementation for Linux, fork of Openswan"
+HOMEPAGE="https://libreswan.org/"
+
+LICENSE="GPL-2 BSD-4 RSA DES"
+SLOT="0"
+IUSE="caps curl dnssec ldap pam seccomp selinux systemd test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/gmp:0=
+	dev-libs/libevent:0=
+	dev-libs/nspr
+	>=dev-libs/nss-3.42
+	>=sys-kernel/linux-headers-4.19
+	caps? ( sys-libs/libcap-ng )
+	curl? ( net-misc/curl )
+	dnssec? ( >=net-dns/unbound-1.9.1-r1:= net-libs/ldns )
+	ldap? ( net-nds/openldap )
+	pam? ( sys-libs/pam )
+	seccomp? ( sys-libs/libseccomp )
+	selinux? ( sys-libs/libselinux )
+	systemd? ( sys-apps/systemd:0= )
+"
+BDEPEND="
+	app-text/docbook-xml-dtd:4.1.2
+	app-text/xmlto
+	dev-libs/nss
+	sys-devel/bison
+	sys-devel/flex
+	virtual/pkgconfig
+	test? ( dev-python/setproctitle )
+"
+RDEPEND="${DEPEND}
+	dev-libs/nss[utils(+)]
+	sys-apps/iproute2
+	!net-vpn/strongswan
+	selinux? ( sec-policy/selinux-ipsec )
+"
+
+usetf() {
+	usex "$1" true false
+}
+
+PATCHES=( "${FILESDIR}/${PN}-3.30-ip-path.patch" )
+
+src_prepare() {
+	sed -i -e 's:/sbin/runscript:/sbin/openrc-run:' initsystems/openrc/ipsec.init.in || die
+	sed -i -e '/^install/ s/postcheck//' -e '/^doinstall/ s/oldinitdcheck//' initsystems/systemd/Makefile || die
+	default
+}
+
+src_configure() {
+	tc-export AR CC
+	export INC_USRLOCAL=/usr
+	export INC_MANDIR=share/man
+	export FINALEXAMPLECONFDIR=/usr/share/doc/${PF}
+	export FINALDOCDIR=/usr/share/doc/${PF}/html
+	export INITSYSTEM=openrc
+	export INC_RCDIRS=
+	export INC_RCDEFAULT=/etc/init.d
+	export USERCOMPILE=
+	export USERLINK=
+	export USE_DNSSEC=$(usetf dnssec)
+	export USE_LABELED_IPSEC=$(usetf selinux)
+	export USE_LIBCAP_NG=$(usetf caps)
+	export USE_LIBCURL=$(usetf curl)
+	export USE_LINUX_AUDIT=$(usetf selinux)
+	export USE_LDAP=$(usetf ldap)
+	export USE_SECCOMP=$(usetf seccomp)
+	export USE_SYSTEMD_WATCHDOG=$(usetf systemd)
+	export SD_WATCHDOGSEC=$(usex systemd 200 0)
+	export USE_XAUTHPAM=$(usetf pam)
+	export DEBUG_CFLAGS=
+	export OPTIMIZE_CFLAGS=
+	export WERROR_CFLAGS=
+}
+
+src_compile() {
+	emake all
+	emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" all
+}
+
+src_test() {
+	: # integration tests only that require set of kvms to be set up
+}
+
+src_install() {
+	default
+	emake -C initsystems INITSYSTEM=systemd SYSTEMUNITDIR="$(systemd_get_systemunitdir)" SYSTEMTMPFILESDIR="/usr/lib/tmpfiles.d" DESTDIR="${D}" install
+
+	echo "include /etc/ipsec.d/*.secrets" > "${D}"/etc/ipsec.secrets
+	fperms 0600 /etc/ipsec.secrets
+
+	dodoc -r docs
+
+	find "${D}" -type d -empty -delete || die
+}
+
+pkg_postinst() {
+	local IPSEC_CONFDIR=${ROOT}/etc/ipsec.d
+	if [[ ! -f ${IPSEC_CONFDIR}/cert8.db && ! -f ${IPSEC_CONFDIR}/cert9.db ]] ; then
+		ebegin "Setting up NSS database in ${IPSEC_CONFDIR} with empty password"
+		certutil -N -d "${IPSEC_CONFDIR}" --empty-password
+		eend $?
+		einfo "To set a password: certutil -W -d sql:${IPSEC_CONFDIR}"
+	fi
+}
diff --git a/net-vpn/networkmanager-openvpn/Manifest b/net-vpn/networkmanager-openvpn/Manifest
index 12f6130615d4..dd678509aa06 100644
--- a/net-vpn/networkmanager-openvpn/Manifest
+++ b/net-vpn/networkmanager-openvpn/Manifest
@@ -1,4 +1,3 @@
 DIST NetworkManager-openvpn-1.8.10.tar.xz 564540 BLAKE2B e117395b91efbd0ee10bdefe0aaff8a39fdd1fe232dc1543224be7dfd9bb18729ad873091301e6348f8955f28579e106f5565c7138309571e06598aa35dc5bba SHA512 f710848fccf21ac4554a2b46e80cf890c011edc6d64d9a49d6d8669f3ff71f7990e11e6f4681bb85d30238ec05f2fc79c4619983f6860c6ab0d714f941a3dfcc
-EBUILD networkmanager-openvpn-1.8.10-r1.ebuild 1320 BLAKE2B cf2237f0372112b43d518f96be782b54e9c77a8c200fd27bc2ee6d9e4692ffc441732f5e798e56e6760b5f001f0c37f16a740bdb7a967e0be1a5a4a11ef2e629 SHA512 5d1b387f332881601f1e2a6b782504e3ad2fb0501b7aed85e7dd1c08372fe87caf3a768133f94b371145944b4ebaf4de16ab69087863a3b8c98299d8be494fa0
-EBUILD networkmanager-openvpn-1.8.10-r2.ebuild 1303 BLAKE2B 4edae669bf5d5dfe2ae6e477caa54cb2a00d9174c22cc708fa98ccb48057d1a9a914d91a88e179d2b8de96bea9eef8154ea1ad08b0c5f763cab39b9177717e44 SHA512 3a04136edd3a9cdec7a25f66cc60c4adb8921f6eb91cb0957f4d0de2f082c50fbf5e2bbacb8a8b2cf465283194e821e4286162a64c538ca5c8e71481e077faf0
+EBUILD networkmanager-openvpn-1.8.10-r2.ebuild 1302 BLAKE2B 451a9e8e1e8a1de6a943927529fe439b36fd7048115db948b7fe90698c4730470dc6a73735106c0b7c4b90e892b2ee07a1b993c0397ac1b620062c585a2f7558 SHA512 6f8f1aea4ff54490b07a2d72777d6a5eec0e36de17014703ed0000a4d516966a7f8b4ad8635c988aa9a4b18ae6c8c844b79a85a9fa76d19e9ce89c04c75ed284
 MISC metadata.xml 253 BLAKE2B a1efbd3751efaa83ee173f557ec1c8a4497a90b60896cf5a7a07da40b4f94a7a299ca0385477e82b2f5e5dbdf9afa482ccbe21f35ef44214e9c451d764b65529 SHA512 8d59f413993268ca783f7407b676900bb2d964754bf705d4175e2bafbe058a52af74f3928e4bd84d292518f8cf13fab7051486ab7cdc61d02fae6e0188d44442
diff --git a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r1.ebuild b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r1.ebuild
deleted file mode 100644
index 58c66c7c02ab..000000000000
--- a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r1.ebuild
+++ /dev/null
@@ -1,58 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-GNOME_ORG_MODULE="NetworkManager-${PN##*-}"
-
-inherit gnome2 user
-
-DESCRIPTION="NetworkManager OpenVPN plugin"
-HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="amd64 ~arm x86"
-IUSE="gtk test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=dev-libs/glib-2.32:2
-	>=net-misc/networkmanager-1.7.0:=
-	>=net-vpn/openvpn-2.1
-	gtk? (
-		>=app-crypt/libsecret-0.18
-		<net-misc/networkmanager-1.19
-		>=gnome-extra/nm-applet-1.7.0[gtk]
-		>=x11-libs/gtk+-3.4:3
-	)
-"
-DEPEND="${RDEPEND}
-	dev-libs/libxml2:2
-	sys-devel/gettext
-	>=dev-util/intltool-0.35
-	virtual/pkgconfig
-"
-
-pkg_setup() {
-	enewgroup nm-openvpn
-	enewuser nm-openvpn -1 -1 -1 nm-openvpn
-}
-
-src_prepare() {
-	# Test will fail if the machine doesn't have a particular locale installed
-	# FAIL: (tls-import-data) unexpected 'ca' secret value, upstream bug #742708
-	sed '/test_non_utf8_import (plugin, test_dir)/ d' \
-		-i properties/tests/test-import-export.c || die "sed failed"
-
-	gnome2_src_prepare
-}
-
-src_configure() {
-	# --localstatedir=/var needed per bug #536248
-	gnome2_src_configure \
-		--localstatedir=/var \
-		--disable-more-warnings \
-		--disable-static \
-		--with-dist-version=Gentoo \
-		$(use_with gtk gnome)
-}
diff --git a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild
index f8b8700353f5..98147f688619 100644
--- a/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild
+++ b/net-vpn/networkmanager-openvpn/networkmanager-openvpn-1.8.10-r2.ebuild
@@ -11,7 +11,7 @@ HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
 
 LICENSE="GPL-2+"
 SLOT="0"
-KEYWORDS="amd64 ~arm ~x86"
+KEYWORDS="amd64 ~arm x86"
 IUSE="gtk test"
 RESTRICT="!test? ( test )"
 
diff --git a/net-vpn/networkmanager-pptp/Manifest b/net-vpn/networkmanager-pptp/Manifest
index 5625fa07c76c..4f955a03f8b9 100644
--- a/net-vpn/networkmanager-pptp/Manifest
+++ b/net-vpn/networkmanager-pptp/Manifest
@@ -1,4 +1,3 @@
 DIST NetworkManager-pptp-1.2.8.tar.xz 401540 BLAKE2B 64b3fe344a39eb64b462bda9204fb80b95a6cb54988efef9dbd1a5a6b04b3577edee97afabef410488868736d751846bdd98f3965a96806790527434c8207ec8 SHA512 ff1bee257d6aa6750c2fbd302edc3022780e9182fde1d79d4b37246daf01b0a9e5115dd64ec70a4b128e273eff6f9bc22af87fe2b25618008be6f452bbcd41a7
-EBUILD networkmanager-pptp-1.2.8-r1.ebuild 1296 BLAKE2B 3b76312220594f32ec8652edce5c4c80f8ef045d8170b05a5105926c7224483e2b905d13e89bc7a93d2f71a98afcb3b0994abeee9135e85d75426e1830a221ec SHA512 94c9a4ff66f7098e88e647c96b0c7824c017028154de0b09acf7ed1bb730094dba2af021841e489a8c1310c1911ab64ec16e244ac8ca62f5e2d844d0429c2cf0
-EBUILD networkmanager-pptp-1.2.8-r2.ebuild 1279 BLAKE2B cd1492ed7f97a1e0f7dca2849058eff09ceb00590f5b6a9bf9b6a28e6c881842ae7a32145b15498210b916c4e07d2a80d0c4e3f31324c9c241c6a2fe0e6d450c SHA512 4c3445bc13eea26cfab2735ac587f7578633508c315e56997f2cb8e9ea8fd32df8d82a4560c323dbbb81ed12b08b8521fdf20328c8ab509faee7d93d09a3e88e
+EBUILD networkmanager-pptp-1.2.8-r2.ebuild 1278 BLAKE2B 6719b10c3226e823cfef615119d30311eb9206e7be7d59eb3be2b56fc35a03a15bcaddb1d0b6a3d91877f5a14d56d7c51c532ec6dbe035a971010bfe3694ac71 SHA512 e33dfe7f0131379699064ca796bc0da09c5287bffe6e6a3cb469866ec82aa6c0a51081ad679580dc5d65ff20aa645918fb92dfedc0d2e413ec44aeff4c9e08d3
 MISC metadata.xml 253 BLAKE2B a1efbd3751efaa83ee173f557ec1c8a4497a90b60896cf5a7a07da40b4f94a7a299ca0385477e82b2f5e5dbdf9afa482ccbe21f35ef44214e9c451d764b65529 SHA512 8d59f413993268ca783f7407b676900bb2d964754bf705d4175e2bafbe058a52af74f3928e4bd84d292518f8cf13fab7051486ab7cdc61d02fae6e0188d44442
diff --git a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r1.ebuild b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r1.ebuild
deleted file mode 100644
index f1715f8f01a7..000000000000
--- a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r1.ebuild
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-GNOME_ORG_MODULE="NetworkManager-${PN##*-}"
-
-inherit gnome2
-
-DESCRIPTION="NetworkManager PPTP VPN plugin"
-HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager/VPN"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="amd64 ~arm x86"
-IUSE="gtk"
-
-RDEPEND="
-	>=net-misc/networkmanager-1.2.0:=
-	>=dev-libs/dbus-glib-0.74
-	>=dev-libs/glib-2.32:2
-	net-dialup/ppp:=
-	net-dialup/pptpclient
-	gtk? (
-		>=app-crypt/libsecret-0.18
-		<net-misc/networkmanager-1.19
-		>=gnome-extra/nm-applet-1.2.0[gtk]
-		>=x11-libs/gtk+-3.4:3
-	)
-"
-# libxml2 required for glib-compile-resources
-DEPEND="${RDEPEND}
-	sys-devel/gettext
-	dev-libs/libxml2:2
-	dev-util/gdbus-codegen
-	dev-util/intltool
-	virtual/pkgconfig
-"
-
-src_configure() {
-	local myconf
-	# Same hack as net-dialup/pptpd to get proper plugin dir for ppp, bug #519986
-	local PPPD_VER=`best_version net-dialup/ppp`
-	PPPD_VER=${PPPD_VER#*/*-} #reduce it to ${PV}-${PR}
-	PPPD_VER=${PPPD_VER%%[_-]*} # main version without beta/pre/patch/revision
-	myconf="${myconf} --with-pppd-plugin-dir=/usr/$(get_libdir)/pppd/${PPPD_VER}"
-
-	gnome2_src_configure \
-		--disable-more-warnings \
-		--disable-static \
-		--with-dist-version=Gentoo \
-		$(use_with gtk gnome) \
-		${myconf}
-}
diff --git a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild
index 276b82f69612..19626ac200af 100644
--- a/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild
+++ b/net-vpn/networkmanager-pptp/networkmanager-pptp-1.2.8-r2.ebuild
@@ -11,7 +11,7 @@ HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager/VPN"
 
 LICENSE="GPL-2+"
 SLOT="0"
-KEYWORDS="amd64 ~arm ~x86"
+KEYWORDS="amd64 ~arm x86"
 IUSE="gtk"
 
 RDEPEND="
diff --git a/net-vpn/networkmanager-sstp/Manifest b/net-vpn/networkmanager-sstp/Manifest
index db2506ed3e8d..4ee18ea2c031 100644
--- a/net-vpn/networkmanager-sstp/Manifest
+++ b/net-vpn/networkmanager-sstp/Manifest
@@ -1,3 +1,3 @@
 DIST NetworkManager-sstp-1.2.0.tar.bz2 440695 BLAKE2B 170221842c25945da09f94364642be94993ac4ef7bbaffebefc463e18eeff78f3a58d95607a6f0be9fb5ecdabee244d64abb02eb56deb213ac089019089821f4 SHA512 31c7f61c2d0326c2ddc681690d4a9e0a25f29b3b5f51c44ea196cd74aab1002a6eb66bd06bddd8218961b18e666d5c28e57cfe0b2694a686ea8eb4195fcd9776
-EBUILD networkmanager-sstp-1.2.0.ebuild 1132 BLAKE2B c5f5b15d432a656f310413cbcab1a777eaa5e6a461e4a81c4c626bc89f844d9ea7be919d271409534dda2be0018e9990c687c3b1cc2f26bb1f4a061e5ce65f5c SHA512 ef7458f94cf0a3542d7cc5f296cae087d49858163975f2a8c4e5fc7b56f9d7302a6d403789741852bc85d6867ee407df0f92e0eae14089fa5f632b4070f1e1f8
+EBUILD networkmanager-sstp-1.2.0-r1.ebuild 1218 BLAKE2B 119d67bc269a808cbc0c6c29f90ce8f0de9140376eba85519746903154551ca6475aaebc0360ac044106edcf7e9d51a5652e45c75f984024bb090217ed6cf1be SHA512 fd8156aee6ab86c21f73216b0efc2c910c263149b679ab261533af456579f1929e223cdba29331a321ac4f318d9ad0f818464a654380faf1dc3adbde909363a6
 MISC metadata.xml 246 BLAKE2B 44260db10886a6891e62e7d8b799e396e797d165b32782fca4770c5fe3d1bcb14e5f466ac18a631b4a79fd3055dba5cd25f3de6750810af4b2fcbc8a9a3aafb8 SHA512 aa5aca1504443263cd365d72174fb0d6450c41f02710290ae8e523690359be34964f607a9e837756203fdc0d4d4af361a56a2e9c1d4518a34ec9a09486dc100f
diff --git a/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0-r1.ebuild b/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0-r1.ebuild
new file mode 100644
index 000000000000..e3d6d9c1d49b
--- /dev/null
+++ b/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0-r1.ebuild
@@ -0,0 +1,53 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+MY_PN="NetworkManager-sstp"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Client for the proprietary Microsoft Secure Socket Tunneling Protocol(SSTP)"
+HOMEPAGE="https://sourceforge.net/projects/sstp-client/"
+SRC_URI="mirror://sourceforge/project/sstp-client/network-manager-sstp/${PV}/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="gtk"
+
+RDEPEND="
+	>=dev-libs/glib-2.32:2
+	net-misc/sstp-client
+	>=net-misc/networkmanager-1.1.0
+	net-dialup/ppp:=
+	gtk? (
+		>=x11-libs/gtk+-3.4:3
+		>=net-libs/libnma-1.1.0
+		app-crypt/libsecret
+	)
+"
+
+DEPEND="${RDEPEND}
+	dev-util/gdbus-codegen
+	virtual/pkgconfig
+	sys-devel/gettext
+	dev-util/intltool
+"
+
+S="${WORKDIR}/${MY_P}"
+
+src_configure() {
+	local PPPD_VERSION="$(echo $(best_version net-dialup/ppp) | sed -e 's:net-dialup/ppp-\(.*\):\1:' -e 's:-r.*$::')"
+	econf \
+		--disable-more-warnings \
+		--disable-static \
+		--with-dist-version=Gentoo \
+		--with-pppd-plugin-dir="${EPREFIX}/usr/$(get_libdir)/pppd/${PPPD_VERSION}" \
+		 $(use_with gtk gnome) \
+		 --without-libnm-glib
+}
+
+src_install() {
+	default
+	find "${ED}" -type f -name '*.la' -delete || die
+}
diff --git a/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0.ebuild b/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0.ebuild
deleted file mode 100644
index cfd469aae6bc..000000000000
--- a/net-vpn/networkmanager-sstp/networkmanager-sstp-1.2.0.ebuild
+++ /dev/null
@@ -1,51 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit eutils ltprune
-
-MY_PN="NetworkManager-sstp"
-MY_P="${MY_PN}-${PV}"
-
-DESCRIPTION="Client for the proprietary Microsoft Secure Socket Tunneling Protocol(SSTP)"
-HOMEPAGE="https://sourceforge.net/projects/sstp-client/"
-SRC_URI="mirror://sourceforge/project/sstp-client/network-manager-sstp/${PV}/${MY_P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="gtk"
-
-RDEPEND=">=dev-libs/dbus-glib-0.74
-	net-misc/sstp-client
-	>=net-misc/networkmanager-${PV}
-	net-dialup/ppp:=
-	gtk? (
-		x11-libs/gtk+:3
-		app-crypt/libsecret
-	)
-"
-
-DEPEND="${RDEPEND}
-	virtual/pkgconfig
-	sys-devel/gettext
-	dev-util/intltool
-"
-
-S="${WORKDIR}/${MY_P}"
-
-src_configure() {
-	local PPPD_VERSION="$(echo $(best_version net-dialup/ppp) | sed -e 's:net-dialup/ppp-\(.*\):\1:' -e 's:-r.*$::')"
-	econf \
-		--disable-more-warnings \
-		--disable-static \
-		--with-dist-version=Gentoo \
-		--with-pppd-plugin-dir="${EPREFIX}/usr/$(get_libdir)/pppd/${PPPD_VERSION}" \
-		 $(use_with gtk gnome)
-}
-
-src_install() {
-	default
-	prune_libtool_files
-}
diff --git a/net-vpn/networkmanager-strongswan/Manifest b/net-vpn/networkmanager-strongswan/Manifest
index 9d40b973dd4c..d88c0aac0493 100644
--- a/net-vpn/networkmanager-strongswan/Manifest
+++ b/net-vpn/networkmanager-strongswan/Manifest
@@ -1,4 +1,6 @@
+AUX networkmanager-strongswan-1.5.1-change-appdata-location.patch 993 BLAKE2B 9451e326976ab31790868fe8c7e41d458f5e49b069e3e829d207807377f861d70408636bb3c1f7926f2bb978059a7449819b2eb4913d8edf7e8d2b024b55f665 SHA512 aa06591d5b9444d8c0ec7130f39af0f69dbb0a9f59e461caa392874227e0f2dea4967054be0472e9c6c1809d5550538f61c8a1d847dcfbd4061447ae046373fd
 DIST NetworkManager-strongswan-1.4.5.tar.bz2 306689 BLAKE2B c00a45eede846b927ea63c97d8fec75ceae296fe0f32aa61c87438adbb4bb0108c61c5b6e056dc8973f8bab6a51f8c63443695816a03b9c360565cb880b2d6f5 SHA512 b1c8958ec40065ec251f625ac69707d3e86e2d3b0466bd33a23edbdabefa952582ee066fc7e61bfd5921ed8340a7233353a219cff50fdc279a67c8269920cb86
-EBUILD networkmanager-strongswan-1.4.5-r1.ebuild 1006 BLAKE2B 0a2f15fd65e58d5cc9d6010f173fe522260cfee428a7cf8f45ad8a756c990b508e7fca85c56fb883cfc33a4421fc666d3fec12c96296bcc310fab4146d7a44e3 SHA512 36024d9b44be4eb9dc60470f271a14aa4717d4660af1a47eca1f7d178d63232ace708727811be1a3794aaa63fe1cbe87dd3758eed9d755d325b878930c522368
-EBUILD networkmanager-strongswan-1.4.5-r2.ebuild 918 BLAKE2B aa9fc33976555dcf368f4aac5b0a7bb2bee49bf7be09a4a0e4b91572565bc0950a1e65df0cfca8368bcb106a69edd9d6e526826b84cd80fc86d9bba601a9d095 SHA512 2a3f007fc4c95480deec9174c2e615ef4660a12e72bba3a70ebe5a89b3833c6eb9ee849be2bac6aa4a1bb2dc16276c35a5d66b3332c43523d4dddd5c4851aec3
-MISC metadata.xml 325 BLAKE2B da2fbfdaf5a51c3c6513f31b232b157bffe4864190935c363f54df5389d044b0ed0829db75703a297ef85dd123301e68296d868317d294f9356cd6e9dba94a66 SHA512 74543db61d0c4222e3e36d41d18b0da04b440b2b13e42d78cb202d36366842569c6af971c48d2b97043b4e7c9f37bf12e1d15e074f5b97f31e3a120c614233d9
+DIST NetworkManager-strongswan-1.5.1.tar.bz2 300700 BLAKE2B 543cdf340eafcaa6690f6ecf6ef9c3de944ceb47d867c2b8835285fd324ca2212b824665b194b2589ad8dbb3f3b1e89cdf24d554d2531da1d8bb800d7c0ef41a SHA512 3ef305dd5d95f377784db3069d5af4f60df2ce2fd8459577a20f99fd0cef43a973610acffa5b305c79e7d1754dfa138ea1ba1d59e57b2826ff5f85c97100fb06
+EBUILD networkmanager-strongswan-1.4.5-r2.ebuild 917 BLAKE2B 8163558c167b08e633ef46a30e5b1b664fc7e6121a2724b1fb65f301efe0de10ad4c46b7d7576b1765cd11ff42ba58f2efb2f73300582a64ddf5b1b567e26539 SHA512 83930fd4237db1d9771d6f8e80daab49baaa299d15b95fd7c4bc7bfee263d1a94dadfb86a442667fc629a34fee7a600bf3c96aac82311639c4d5966f5219125c
+EBUILD networkmanager-strongswan-1.5.1.ebuild 1038 BLAKE2B a039a8c9f9481529b85fadf243abb4ecc17bd6b1803a4b7b05fefccd144c7a28a9a2f121baf400c75c8e9044048ed9183e0b5706970c0d751fb92b8c67499965 SHA512 7c75556f52d12c65b728704c7f189cc69792e321d0e6f310dad996dd717ea73638729f3d3b01cc782a7546fe412166e7e40f237f8783feaf58e4e32d1e85c347
+MISC metadata.xml 250 BLAKE2B d57634b040c498296655940e3ee580c8580075a4190e2600113cee5548ff44a2025568380f3d5d9f3ca0fcd1ea5d41c9871395ffbcf4bd32d8df6a494852a885 SHA512 c225bdf339347a1768b255d905f3831904cdc375f3d4e90e41c68645b8bcfe2dfdf8e6aa4c67063103f459808a387c8edd9b35b073b8be175f7a3bd490fe3dca
diff --git a/net-vpn/networkmanager-strongswan/files/networkmanager-strongswan-1.5.1-change-appdata-location.patch b/net-vpn/networkmanager-strongswan/files/networkmanager-strongswan-1.5.1-change-appdata-location.patch
new file mode 100644
index 000000000000..13f329b97e69
--- /dev/null
+++ b/net-vpn/networkmanager-strongswan/files/networkmanager-strongswan-1.5.1-change-appdata-location.patch
@@ -0,0 +1,29 @@
+From 24791dab2deb6beb064b7c0a2f23de4a37690374 Mon Sep 17 00:00:00 2001
+From: Conrad Kostecki <conrad@kostecki.com>
+Date: Sun, 10 May 2020 17:04:41 +0200
+Subject: [PATCH] Makefile.am: store appdata to /usr/share/metainfo
+
+The path '/usr/share/appdata' is deprecated and
+should be changed to '/usr/share/metainfo'.
+
+See section: 2.1.2. Filesystem locations
+https://www.freedesktop.org/software/appstream/docs/chap-Metadata.html
+
+Signed-off-by: Conrad Kostecki <conrad@kostecki.com>
+---
+ Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/frontends/gnome/Makefile.am b/src/frontends/gnome/Makefile.am
+index 9b8c6765a3..e9fa5ca4af 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -6,7 +6,7 @@ nmvpnservice_DATA = nm-strongswan-service.name
+ 
+ @INTLTOOL_DESKTOP_RULE@
+ 
+-appdatadir = $(datadir)/appdata
++appdatadir = $(datadir)/metainfo
+ appdata_DATA = $(appdata_in_files:.xml.in=.xml)
+ appdata_in_files = NetworkManager-strongswan.appdata.xml.in
+ @INTLTOOL_XML_RULE@
diff --git a/net-vpn/networkmanager-strongswan/metadata.xml b/net-vpn/networkmanager-strongswan/metadata.xml
index c61eaedb88a0..3e3880cf1051 100644
--- a/net-vpn/networkmanager-strongswan/metadata.xml
+++ b/net-vpn/networkmanager-strongswan/metadata.xml
@@ -5,7 +5,4 @@
 		<email>conikost@gentoo.org</email>
 		<name>Conrad Kostecki</name>
 	</maintainer>
-	<use>
-		<flag name="glib">Enable libnm-glib compatibility.</flag>
-	</use>
 </pkgmetadata>
diff --git a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r1.ebuild b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r1.ebuild
deleted file mode 100644
index 9946b63c9bba..000000000000
--- a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r1.ebuild
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-MY_PN="NetworkManager"
-MY_P="${P/networkmanager/${MY_PN}}"
-
-DESCRIPTION="NetworkManager StrongSwan plugin"
-HOMEPAGE="https://www.strongswan.org/"
-SRC_URI="https://download.strongswan.org/${MY_PN}/${MY_P}.tar.bz2"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="amd64 x86"
-IUSE="+glib"
-
-RDEPEND="
-	app-crypt/libsecret
-	gnome-extra/nm-applet
-	net-misc/networkmanager
-	net-vpn/strongswan[networkmanager]
-	x11-libs/gtk+:3
-	glib? ( gnome-extra/nm-applet[gtk]
-		<net-misc/networkmanager-1.19 )
-"
-
-DEPEND="
-	${RDEPEND}
-	dev-util/intltool
-"
-
-BDEPEND="virtual/pkgconfig"
-
-S="${WORKDIR}/${MY_P}"
-
-src_configure() {
-	local myeconfargs=(
-		# Don't enable all warnings, as some are treated as errors and the compilation will fail
-		--disable-more-warnings
-		--disable-static
-		$(usex glib '' --without-libnm-glib)
-	)
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-
-	find "${D}" -name '*.la' -delete || die
-}
diff --git a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild
index 186623723a20..334738c79eeb 100644
--- a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild
+++ b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.4.5-r2.ebuild
@@ -12,7 +12,7 @@ SRC_URI="https://download.strongswan.org/${MY_PN}/${MY_P}.tar.bz2"
 
 LICENSE="GPL-2+"
 SLOT="0"
-KEYWORDS="amd64 ~x86"
+KEYWORDS="amd64 x86"
 IUSE=""
 
 RDEPEND="
diff --git a/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.1.ebuild b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.1.ebuild
new file mode 100644
index 000000000000..9392a19c6911
--- /dev/null
+++ b/net-vpn/networkmanager-strongswan/networkmanager-strongswan-1.5.1.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools
+
+MY_PN="NetworkManager"
+MY_P="${P/networkmanager/${MY_PN}}"
+
+DESCRIPTION="NetworkManager StrongSwan plugin"
+HOMEPAGE="https://www.strongswan.org/"
+SRC_URI="https://download.strongswan.org/${MY_PN}/${MY_P}.tar.bz2"
+
+LICENSE="GPL-2+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+RDEPEND="
+	app-crypt/libsecret
+	>=net-libs/libnma-1.1.0
+	net-misc/networkmanager
+	>=net-vpn/strongswan-5.8.3[networkmanager]
+	x11-libs/gtk+:3
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	dev-util/intltool
+	virtual/pkgconfig
+"
+
+S="${WORKDIR}/${MY_P}"
+
+PATCHES="${FILESDIR}/${P}-change-appdata-location.patch"
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		# Don't enable all warnings, as some are treated as errors and the compilation will fail
+		--disable-more-warnings
+		--disable-static
+		--without-libnm-glib
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+
+	find "${D}" -name '*.la' -delete || die
+}
diff --git a/net-vpn/networkmanager-vpnc/Manifest b/net-vpn/networkmanager-vpnc/Manifest
index 28642dd764d4..185bf8b88b0e 100644
--- a/net-vpn/networkmanager-vpnc/Manifest
+++ b/net-vpn/networkmanager-vpnc/Manifest
@@ -1,4 +1,3 @@
 DIST NetworkManager-vpnc-1.2.6.tar.xz 417412 BLAKE2B 00072e2f5449687a55ff4dc0382c4ef2bb2042f9b2a4437d1d6790084ff1b88210e45909808048498f315d59ed5408630ae15d09a1d22e4acbf840554e452546 SHA512 4f8adf58d73cef74a950d822c6f17cd813a1e74fcd3c0391f847541c279e448a6353b83984d593fe5e11138a37b7f1c21b9a24a6843c1d35e4cb68bc29bc3eb1
-EBUILD networkmanager-vpnc-1.2.6-r1.ebuild 1128 BLAKE2B afc2a37cf8dd4d4c0064da45ed4cba3b88d63b22c1f153f577104e8a53018dd2f70c38a600cc6b87edb389dc8d9ca455b74def05dcfdc1770fac4f46807f1710 SHA512 5d2ee7a297c4c327e3a6b7c2344b951caa15727dc299b1870bfbac741a9fab53aba211a04b0a74aa9d91e38ab9d950d4cf4bdb82de161b0f44a51e1a9b2360d9
-EBUILD networkmanager-vpnc-1.2.6-r2.ebuild 1111 BLAKE2B ea495819c5873223aad927bb20a5ec025c71ce4d34e4acd939041dcb3f3afd41181cfd992993cb761f03caa57659d9fa1e237cfc189b44038876b509612ebd53 SHA512 b3eb4983d4cd41caf08a5402c6a180ecf94f0b3c1cf8da3ca935b90aad84932d43752062fb2be122d4faad83dea8ec4c2ce343a5dbd67649235eec708e45a1c4
+EBUILD networkmanager-vpnc-1.2.6-r2.ebuild 1110 BLAKE2B 2eca31a7e7539ca8a000c3c2a256c23d106c66d8d68376839c48a7a632c423bcd1c9063910c76c384c811a75328adfccd26f5fb8f32dfb4aa381076767a750a7 SHA512 a655427ecdec2dd22965368e9ff5a1c471c193b713d9129794bda3caabaf723f894b596536fd21d49fea84d2ca7c21d8e74ab3b6fc1b18fb500ef7306e1dc2dc
 MISC metadata.xml 253 BLAKE2B a1efbd3751efaa83ee173f557ec1c8a4497a90b60896cf5a7a07da40b4f94a7a299ca0385477e82b2f5e5dbdf9afa482ccbe21f35ef44214e9c451d764b65529 SHA512 8d59f413993268ca783f7407b676900bb2d964754bf705d4175e2bafbe058a52af74f3928e4bd84d292518f8cf13fab7051486ab7cdc61d02fae6e0188d44442
diff --git a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r1.ebuild b/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r1.ebuild
deleted file mode 100644
index 1fe48859e722..000000000000
--- a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r1.ebuild
+++ /dev/null
@@ -1,51 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-GNOME_ORG_MODULE="NetworkManager-${PN##*-}"
-
-inherit gnome2
-
-DESCRIPTION="NetworkManager VPNC plugin"
-HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
-
-LICENSE="GPL-2+"
-SLOT="0"
-KEYWORDS="amd64 ~arm x86"
-IUSE="gtk test"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-misc/networkmanager-1.2.0:=
-	>=dev-libs/dbus-glib-0.74
-	>=dev-libs/glib-2.32:2
-	>=net-vpn/vpnc-0.5.3_p550
-	gtk? (
-		>=app-crypt/libsecret-0.18
-		<net-misc/networkmanager-1.19
-		>=gnome-extra/nm-applet-1.2.0[gtk]
-		>=x11-libs/gtk+-3.4:3
-	)
-"
-DEPEND="${RDEPEND}
-	sys-devel/gettext
-	dev-util/intltool
-	virtual/pkgconfig
-"
-
-src_prepare() {
-	# Test will fail if the machine doesn't have a particular locale installed
-	# https://bugzilla.gnome.org/show_bug.cgi?id=742708
-	sed '/test_non_utf8_import (plugin/ d' \
-		-i properties/tests/test-import-export.c || die "sed failed"
-
-	gnome2_src_prepare
-}
-
-src_configure() {
-	gnome2_src_configure \
-		--disable-more-warnings \
-		--disable-static \
-		--with-dist-version=Gentoo \
-		$(use_with gtk gnome)
-}
diff --git a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild b/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild
index bc252ba5f8d5..0c2c68f02749 100644
--- a/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild
+++ b/net-vpn/networkmanager-vpnc/networkmanager-vpnc-1.2.6-r2.ebuild
@@ -11,7 +11,7 @@ HOMEPAGE="https://wiki.gnome.org/Projects/NetworkManager"
 
 LICENSE="GPL-2+"
 SLOT="0"
-KEYWORDS="amd64 ~arm ~x86"
+KEYWORDS="amd64 ~arm x86"
 IUSE="gtk test"
 RESTRICT="!test? ( test )"
 
diff --git a/net-vpn/ocserv/Manifest b/net-vpn/ocserv/Manifest
index 2a827af77e55..eeacd0a52ffb 100644
--- a/net-vpn/ocserv/Manifest
+++ b/net-vpn/ocserv/Manifest
@@ -1,4 +1,4 @@
 AUX ocserv 182 BLAKE2B b7ea6c381fed7406bda8fae3638445d6cd2e2acaf5f5c310227fc56f62e3286df6bb49063db8d2ab8dce2c6d5e8487b50085875f2af057b662aeb37b5adfe77a SHA512 9e0dcc3668e5e7584b4f01f56c0b48c7a1099b3658ee2387cd899050030328c497e64f9409a1af589ab42f8b6b1e7f13828a50b478906721ccad9d3013f3b06a
-DIST ocserv-1.0.0.tar.xz 785020 BLAKE2B 6fff9459a29508e4f0e25f77b28d2c8883b4c3ba43fc758b71f6f0c0a369946287dd810f3af91e037e79f8b4a4085961246f313d2cb982cacba66615c24b0bb9 SHA512 6f396c9180004f8d439e094f9de0490016b085dad6bd7a5d17d3433480b37de65c25fc0c52452f5ea408bb7bc997ddcbfcdd80a3bbe454af3267aa14edbb3df9
-EBUILD ocserv-1.0.0.ebuild 1703 BLAKE2B 6f9ce5f0078af7e1cdefdb6eb460f0f99f4ec400d29c087d0d90313598d70dfee1a2ba93c49db9e829971e504b7e02ccdee1a212e2ff5f0dbb23a0c440746e7b SHA512 b89cca5c3e195e7cc2ef8df9a725e51bd99d44bd876e8388fc0484ee47afb430bfdfd342ba8a8c9fab63743306353349ce8cd985d9c917143a0d9e6af786bbc4
+DIST ocserv-1.0.1.tar.xz 787800 BLAKE2B 655a2a6e1434a5b31b157e0f73df3d6d04011c06fd5a1f39f1152752abdc837974c739bc0694a804a1e96b4e219c78c5cf1a58040bbcdcad3e326d0c9e584c7b SHA512 953e1b6084f68f8627b5383e28b5fcde987881e66feac645a40fa37d895f0711b171c9029c3703773dfbd5432d747f92c71af9240c2df3381599902a7d5fe880
+EBUILD ocserv-1.0.1.ebuild 1746 BLAKE2B ad469392d07f290272849f0c5d47c0f47407fc0447630d8dbdee381db2b182a592baa2343bd0342bd018ab1493a872f02815efcf4769b627ab80f511ab0f629e SHA512 cb8a5c077e27e4b1ea3477509cf64f545cea41a5504e3197aac6f53dcb3a029900aba205bd2dd5e1f732b983ceb47e337077ad25f9c6d7ac54dec8d1e22da076
 MISC metadata.xml 325 BLAKE2B 1bb6068aff761fbf40d489d5d60bcbf295a079a2fffbb99af64abfcecaedf7cb5407b3f94b6823b58690912f43dc4427cd8d7a658d2f809b45462702ba5f0aeb SHA512 4fb35360034ac9639198ebd1e0917848b807e0a53ec10eb2d4e1a90a4f3f631b582e6f3d6e3a7d50f2f284ff47dc1a2ec4d362fa73f6b5a1834ef531bb2bc5ca
diff --git a/net-vpn/ocserv/ocserv-1.0.0.ebuild b/net-vpn/ocserv/ocserv-1.0.0.ebuild
deleted file mode 100644
index 069c2334ddd7..000000000000
--- a/net-vpn/ocserv/ocserv-1.0.0.ebuild
+++ /dev/null
@@ -1,81 +0,0 @@
-# Copyright 2019-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd
-
-DESCRIPTION="Openconnect SSL VPN server"
-HOMEPAGE="https://ocserv.gitlab.io/www/index.html"
-SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64"
-IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test"
-RESTRICT="!test? ( test )"
-
-BDEPEND="
-	virtual/pkgconfig
-	test? (
-		net-libs/gnutls[tools(+)]
-		net-libs/socket_wrapper
-		sys-libs/nss_wrapper
-		sys-libs/uid_wrapper
-	)
-"
-DEPEND="
-	dev-libs/libnl:3=
-	dev-libs/libev:0=
-	>=dev-libs/nettle-2.7:0=
-	dev-libs/pcl:0=
-	dev-libs/protobuf-c:0=
-	>=net-libs/gnutls-3.3.0:0=
-	net-libs/http-parser:0=
-	sys-libs/readline:0=
-	sys-libs/talloc:0=
-	geoip? ( dev-libs/geoip:0= )
-	kerberos? ( virtual/krb5 )
-	lz4? ( app-arch/lz4:0= )
-	otp? ( sys-auth/oath-toolkit:0= )
-	pam? ( sys-libs/pam:0= )
-	radius? ( net-dialup/freeradius-client:0= )
-	seccomp? ( sys-libs/libseccomp:0= )
-	systemd? ( sys-apps/systemd:0= )
-	tcpd? ( sys-apps/tcp-wrappers:0= )
-"
-RDEPEND="${DEPEND}"
-
-src_configure() {
-	local myconf=(
-		--without-root-tests
-		--without-docker-tests
-		--without-nuttcp-tests
-
-		$(use_enable seccomp)
-		$(use_enable systemd)
-
-		$(use_with geoip)
-		$(use_with kerberos gssapi)
-		$(use_with lz4)
-		$(use_with otp liboath)
-		$(use_with radius)
-		$(use_with tcpd libwrap)
-	)
-	econf "${myconf[@]}"
-}
-
-src_install() {
-	default
-
-	dodoc doc/sample.{config,passwd}
-	use otp && dodoc doc/sample.otp
-
-	doinitd "${FILESDIR}"/ocserv
-
-	if use systemd; then
-		systemd_dounit doc/systemd/socket-activated/ocserv.{service,socket}
-	else
-		systemd_dounit doc/systemd/standalone/ocserv.service
-	fi
-}
diff --git a/net-vpn/ocserv/ocserv-1.0.1.ebuild b/net-vpn/ocserv/ocserv-1.0.1.ebuild
new file mode 100644
index 000000000000..19106a233893
--- /dev/null
+++ b/net-vpn/ocserv/ocserv-1.0.1.ebuild
@@ -0,0 +1,82 @@
+# Copyright 2019-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd
+
+DESCRIPTION="Openconnect SSL VPN server"
+HOMEPAGE="https://ocserv.gitlab.io/www/index.html"
+SRC_URI="ftp://ftp.infradead.org/pub/ocserv/${P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="amd64 ~arm arm64 ppc64 ~x86"
+IUSE="geoip kerberos +lz4 otp pam radius +seccomp systemd tcpd test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="
+	virtual/pkgconfig
+	test? (
+		net-libs/gnutls[tools(+)]
+		net-libs/socket_wrapper
+		net-vpn/openconnect
+		sys-libs/nss_wrapper
+		sys-libs/uid_wrapper
+	)
+"
+DEPEND="
+	dev-libs/libnl:3=
+	dev-libs/libev:0=
+	>=dev-libs/nettle-2.7:0=
+	dev-libs/pcl:0=
+	dev-libs/protobuf-c:0=
+	>=net-libs/gnutls-3.3.0:0=
+	net-libs/http-parser:0=
+	sys-libs/readline:0=
+	sys-libs/talloc:0=
+	geoip? ( dev-libs/geoip:0= )
+	kerberos? ( virtual/krb5 )
+	lz4? ( app-arch/lz4:0= )
+	otp? ( sys-auth/oath-toolkit:0= )
+	pam? ( sys-libs/pam:0= )
+	radius? ( net-dialup/freeradius-client:0= )
+	seccomp? ( sys-libs/libseccomp:0= )
+	systemd? ( sys-apps/systemd:0= )
+	tcpd? ( sys-apps/tcp-wrappers:0= )
+"
+RDEPEND="${DEPEND}"
+
+src_configure() {
+	local myconf=(
+		--without-root-tests
+		--without-docker-tests
+		--without-nuttcp-tests
+
+		$(use_enable seccomp)
+		$(use_enable systemd)
+
+		$(use_with geoip)
+		$(use_with kerberos gssapi)
+		$(use_with lz4)
+		$(use_with otp liboath)
+		$(use_with radius)
+		$(use_with tcpd libwrap)
+	)
+	econf "${myconf[@]}"
+}
+
+src_install() {
+	default
+
+	dodoc doc/sample.{config,passwd}
+	use otp && dodoc doc/sample.otp
+
+	doinitd "${FILESDIR}"/ocserv
+
+	if use systemd; then
+		systemd_dounit doc/systemd/socket-activated/ocserv.{service,socket}
+	else
+		systemd_dounit doc/systemd/standalone/ocserv.service
+	fi
+}
diff --git a/net-vpn/openconnect/Manifest b/net-vpn/openconnect/Manifest
index 02c9069843b3..c03b54e9a7a7 100644
--- a/net-vpn/openconnect/Manifest
+++ b/net-vpn/openconnect/Manifest
@@ -1,11 +1,14 @@
+AUX 8.09-gnutls-buffer-overflow.patch 2172 BLAKE2B 6c1251936ad2606c9b68036820e930efc392132b365faa14e690a6df4daa339c24614f856423a2d7d04bcbb3b799e96486dfb18430a6b9d8016eaeaf60a19ee5 SHA512 d74920e6eb5f8ef6ca4dcf03cf8d47a5e2ed480573dfd0c8742851e9b830fc6b379b24e945c5b429a50919a7a5041f007ba76ba93dc22eaecb27e84a84a89011
 AUX README.OpenRC.txt 715 BLAKE2B 1f76faac7bf705fc3a4adbb8902e0fbd3354e654f0af59cb59b92fc4188400c9dfeef0267ebe39c8eb4842df8a6421aaf472e7bd20097cdc0d620e10fbafd28a SHA512 172b845cc46465119d14e304a0ea9a13d28497bc9e80688eab3ccce0e14ee17917fb6b8a06dd7e9a4657ef4f51a023045ac45bc5d8823e29b2d0cb9854425f66
 AUX openconnect.conf.in 941 BLAKE2B 8cfa197edfe3b3754e45281b33d51bee0dd80746ac129b071710ca9d6f5aa5da16a3c3ad5fa52c6bfdc0ae4a9b1e3cfea2c20909c6164e67e0dba880cf08fc8a SHA512 a689df7141621c80bca77fdd1e01397b98882c7fd8db79b2fe1495916656522234e3af739538002533c003e4243e9af4bf80cd73bae961e15568997ce89ef6d5
 AUX openconnect.init.in-r4 1775 BLAKE2B 2237238a2d149532e90c96190829e9ef51afa50487a0fd45c3c4d2e983fb8755bdf0de3eca44df740b286f4d353b03d71fcd2c2a27129f18031b2bd01989f738 SHA512 7b832550ef21ddb4b1c0eae7f3838b925745a5ebbdb74f1583fb8710b75175ebcbc7b1558ce95f59cd78542bec8bc01f7ab6d32ec4a5b168bb8a516a8907d362
 AUX openconnect.logrotate 116 BLAKE2B 308d088f7c06239ec68831e415df420362c1825ae279fa6f736f36df0bf2e7efc8ea6a4ab43d9b53680dd0ab5028c92bf70a0597b56a20da06b302457e7d5f07 SHA512 ea1b6caf6278fea515c299072ee799ab3676014784703d7fa8e4f4d7bfc4599650c386d9706a3e6d92c195c9e5e1628fa6efc1124e1ae72875cc9eaab73cb077
 DIST openconnect-8.06.tar.gz 2030905 BLAKE2B d9659e4f027e11a0348c1c4358831e5f470f0305e04c22716010c68810ae300a7062ab8f57e3fc80b7d90caf855ce2f1c0af1b04eb7032b70486eee2eacc47e5 SHA512 6319aa6b20bf16994b376c2cc2a7cbf2b26a36f35e9607c1886e8fa7a2e1fe111bfb37f9349693ef52a3d2ce718c37e15fe263664e6c0bcbd33ced5ddb9e31b2
 DIST openconnect-8.08.tar.gz 2038269 BLAKE2B 78e76aee1d22179dc1e8fff03e57ee5df0d7a04cf88c5f844ba5b87c9b8a0f89766489e0dcc6b1023c07ea8b2e4da8ea2723470423b3c0c8d4bc47ed1c1e3fa4 SHA512 3bf42e194b88f06bbc6c385002e7b76952964e230fc86ee1d803be72204073ffe41286a3d8e189456fd7b905fa63577e6adc64137e893eccada80419c114eeb8
+DIST openconnect-8.09.tar.gz 2083279 BLAKE2B 4588c693a7a641faad271b034e8713f00fda04a872641e45a8ce3e1a236b8d2f4e1b8d973d20e7a9fc656f9460a0e990cbaada008d4ecf9a46353f20c25ac87a SHA512 f6890f5bce4b36b162e4590bce8a61d65fc0ae803d62a3dd408fbb13e96ce41b6443740132808491093032545aea919f9076e34bc11160c503c5e3c46457e7bd
 DIST vpnc-scripts-20200226.tar.gz 21460 BLAKE2B 8f00ce3dc49725758abce27f3688946df1bbd4e92769ef02aa9ee66db8b9f41bef3442eaa5405ab1467476899c6d364dfea898ed924ca83497823a85515d48e5 SHA512 3a1eac4ccfaefb0f837189c8cef696b33ab8b8a68cb50a3ad29206b708d0aa479e8eed0c09bef6f60d056cd98d63cc898a1609d734030a63df3be2cfa6c00f9a
 EBUILD openconnect-8.06.ebuild 2902 BLAKE2B e35780d945d40094ab41e08aa27f026432561734b16bb705f5472e7c8ed20e26e3adfb4c7326aceb8b57244cb7a7c7a34f908e225bdab20b4d6596c921016bd5 SHA512 06960353039c6ae6827c4f661ea32848395ba12dcea7c3067a33ef9a492cfc639a8724cf2282b45a79c0040ac25098998239f5efd41b4d0edb384b90798b37ab
-EBUILD openconnect-8.08.ebuild 2993 BLAKE2B 15b25c5bfc81538da3d0107f8b5636a6485221bc9365b48d815c5843070130e35f406ff0f2cdf7b8dd02ef6f4172e27935a0e654d066f0a99b3aaeb5342e05d0 SHA512 a920129fb6bddd45ea4903720676f3536d398a1609818a29c721b96290a07573a1733a8b13b6dcdf6f5af67e6df93a58b9ff13d4ef633fae44ecca2e4365c9c2
-EBUILD openconnect-9999.ebuild 2993 BLAKE2B 15b25c5bfc81538da3d0107f8b5636a6485221bc9365b48d815c5843070130e35f406ff0f2cdf7b8dd02ef6f4172e27935a0e654d066f0a99b3aaeb5342e05d0 SHA512 a920129fb6bddd45ea4903720676f3536d398a1609818a29c721b96290a07573a1733a8b13b6dcdf6f5af67e6df93a58b9ff13d4ef633fae44ecca2e4365c9c2
+EBUILD openconnect-8.08.ebuild 3000 BLAKE2B a5b19466dc4a8f5cfb00520520c9d82044da2bf41011689d73bdc0d08b0665cc475362449ff4408537116ff3de2440163db899404f478e53706b839a357042d3 SHA512 7687a960a30a0438ba5d86e615224900b1095ed289a6349f429d77e9b86ac41bc557360270b73ac2fce0f7106031066eece093cc269250233d82016d46bf0cc6
+EBUILD openconnect-8.09-r1.ebuild 3089 BLAKE2B 8467127dcfed473dbfad66a8ac013353db30a80c89915fc3b111fd842aeebf3cdd01102c57e7fcad41a14d10227e2a2d104cea41774c61c3f59f109105b87531 SHA512 db7f2f027fc6b358ec88352a9a3da6901dd357b98d0e0bb2a4cef85f0023f042857e5940e7765abd5e1d2a973b81adfaaa3ccd3012e55425b2ca34bc32bed24f
+EBUILD openconnect-9999.ebuild 3005 BLAKE2B 8c279c574aa355a0c5325d145031623d2dcd11476a9be3f6d30a862b4fa9ee7f4e9faf03332dd2a51345c9f4287f7cc1e0936572005aabbb05fe3e0c497e1db3 SHA512 98734450f88bbeb0b292895ef4b43bcc0d1044df4aa8f02c0f3f09b3c436fbb10401070d3422ab43b474d59fc779aa07c13caecf268679a1845d44f593ed5c92
 MISC metadata.xml 523 BLAKE2B c4a4ebc18284b99d3b983740180460ad1c83933860c4d8df14886a740cad0a1dbf363881ffd430adb24feaf49a2a9d02f6d3a80d5bcd96fc36f2cdb1aea2bff5 SHA512 7701ea4b9ed4d0051d915700fbd20eb28ca03024f8c4beecd8e0192e8cfd82c136cec32f29cd1e76a3059913f1b04af8066ee2700cab393bb270a8cbe18214c8
diff --git a/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
new file mode 100644
index 000000000000..bf8990ae3d3c
--- /dev/null
+++ b/net-vpn/openconnect/files/8.09-gnutls-buffer-overflow.patch
@@ -0,0 +1,62 @@
+From eef4c1f9d24478aa1d2dd9ac7ec32efb2137f474 Mon Sep 17 00:00:00 2001
+From: Sergei Trofimovich <slyfox@gentoo.org>
+Date: Fri, 8 May 2020 10:39:41 -0400
+Subject: [PATCH] gnutls: prevent buffer overflow in get_cert_name
+
+The test suite for ocserv calls openconnect with a certificate that has
+a name that is 84 bytes in length. The buffer passed to get_cert_name is
+currently 80 bytes.
+
+The gnutls_x509_crt_get_dn_by_oid function will update the buffer size
+parameter if the buffer is too small.
+
+http://man7.org/linux/man-pages/man3/gnutls_x509_crt_get_dn_by_oid.3.html
+
+RETURNS
+       GNUTLS_E_SHORT_MEMORY_BUFFER if the provided buffer is not long
+       enough, and in that case the  buf_size will be updated with the
+       required size. GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE if there are no
+       data in the current index. On success 0 is returned.
+
+Use a temporary variable to avoid clobbering the namelen variable that is
+passed to get_cert_name.
+
+Bug: https://bugs.gentoo.org/721570
+Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org>
+Signed-off-by: Mike Gilbert <floppym@gentoo.org>
+---
+ gnutls.c | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/gnutls.c b/gnutls.c
+index 36bc82e0..53bf2a43 100644
+--- a/gnutls.c
++++ b/gnutls.c
+@@ -546,12 +546,19 @@ static int count_x509_certificates(gnutls_datum_t *datum)
+ 
+ static int get_cert_name(gnutls_x509_crt_t cert, char *name, size_t namelen)
+ {
++	/* When the name buffer is not big enough, gnutls_x509_crt_get_dn*() will
++	 * update the length argument to the required size, and return
++	 * GNUTLS_E_SHORT_MEMORY_BUFFER. We need to avoid clobbering the original
++	 * length variable. */
++	size_t nl = namelen;
+ 	if (gnutls_x509_crt_get_dn_by_oid(cert, GNUTLS_OID_X520_COMMON_NAME,
+-					  0, 0, name, &namelen) &&
+-	    gnutls_x509_crt_get_dn(cert, name, &namelen)) {
+-		name[namelen-1] = 0;
+-		snprintf(name, namelen-1, "<unknown>");
+-		return -EINVAL;
++					  0, 0, name, &nl)) {
++		nl = namelen;
++		if (gnutls_x509_crt_get_dn(cert, name, &nl)) {
++			name[namelen-1] = 0;
++			snprintf(name, namelen-1, "<unknown>");
++			return -EINVAL;
++		}
+ 	}
+ 	return 0;
+ }
+-- 
+2.26.2
+
diff --git a/net-vpn/openconnect/openconnect-8.08.ebuild b/net-vpn/openconnect/openconnect-8.08.ebuild
index 85ac062266be..cd814ccbd7ec 100644
--- a/net-vpn/openconnect/openconnect-8.08.ebuild
+++ b/net-vpn/openconnect/openconnect-8.08.ebuild
@@ -13,7 +13,7 @@ if [[ ${PV} == 9999 ]]; then
 	inherit git-r3 autotools
 else
 	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="~amd64"
+	KEYWORDS="~amd64 ~ppc64"
 fi
 VPNC_VER=20200226
 SRC_URI="${ARCHIVE_URI}
diff --git a/net-vpn/openconnect/openconnect-8.09-r1.ebuild b/net-vpn/openconnect/openconnect-8.09-r1.ebuild
new file mode 100644
index 000000000000..26838ebbd2c6
--- /dev/null
+++ b/net-vpn/openconnect/openconnect-8.09-r1.ebuild
@@ -0,0 +1,150 @@
+# Copyright 2011-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{3_6,3_7} )
+PYTHON_REQ_USE="xml"
+
+inherit linux-info python-any-r1
+
+if [[ ${PV} == 9999 ]]; then
+	EGIT_REPO_URI="https://gitlab.com/openconnect/openconnect.git"
+	inherit git-r3 autotools
+else
+	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
+	KEYWORDS="amd64 ~arm arm64 ppc64 ~x86"
+fi
+VPNC_VER=20200226
+SRC_URI="${ARCHIVE_URI}
+	ftp://ftp.infradead.org/pub/vpnc-scripts/vpnc-scripts-${VPNC_VER}.tar.gz"
+
+DESCRIPTION="Free client for Cisco AnyConnect SSL VPN software"
+HOMEPAGE="http://www.infradead.org/openconnect.html"
+
+LICENSE="LGPL-2.1 GPL-2"
+SLOT="0/5"
+IUSE="doc +gnutls gssapi libproxy lz4 nls smartcard static-libs stoken test"
+RESTRICT="!test? ( test )"
+
+DEPEND="
+	dev-libs/libxml2
+	sys-libs/zlib
+	!gnutls? (
+		>=dev-libs/openssl-1.0.1h:0=[static-libs?]
+	)
+	gnutls? (
+		app-crypt/trousers
+		app-misc/ca-certificates
+		dev-libs/nettle
+		>=net-libs/gnutls-3.6.13:0=[static-libs?]
+	)
+	gssapi? ( virtual/krb5 )
+	libproxy? ( net-libs/libproxy )
+	lz4? ( app-arch/lz4:= )
+	nls? ( virtual/libintl )
+	smartcard? ( sys-apps/pcsc-lite:0= )
+	stoken? ( app-crypt/stoken )
+"
+RDEPEND="${DEPEND}
+	sys-apps/iproute2
+"
+BDEPEND="
+	virtual/pkgconfig
+	doc? ( ${PYTHON_DEPS} sys-apps/groff )
+	nls? ( sys-devel/gettext )
+	test? (
+		net-libs/socket_wrapper
+		net-vpn/ocserv
+		sys-libs/uid_wrapper
+	)
+"
+
+CONFIG_CHECK="~TUN"
+
+pkg_pretend() {
+	check_extra_config
+}
+
+pkg_setup() {
+	:
+}
+
+src_unpack() {
+	if [[ ${PV} == 9999 ]]; then
+		git-r3_src_unpack
+	fi
+	default
+}
+
+src_prepare() {
+	local PATCHES=(
+		"${FILESDIR}"/8.09-gnutls-buffer-overflow.patch
+	)
+	default
+	if [[ ${PV} == 9999 ]]; then
+		eautoreconf
+	fi
+}
+
+src_configure() {
+	if use doc; then
+		python_setup
+	else
+		export ac_cv_path_PYTHON=
+	fi
+
+	# Used by tests if userpriv is disabled
+	addwrite /run/netns
+
+	local myconf=(
+		--disable-dsa-tests
+		$(use_enable nls)
+		$(use_enable static-libs static)
+		$(use_with !gnutls openssl)
+		$(use_with gnutls)
+		$(use_with libproxy)
+		$(use_with lz4)
+		$(use_with gssapi)
+		$(use_with smartcard libpcsclite)
+		$(use_with stoken)
+		--with-vpnc-script="${EPREFIX}/etc/openconnect/openconnect.sh"
+		--without-java
+	)
+
+	econf "${myconf[@]}"
+}
+
+src_test() {
+	local charset
+	for charset in UTF-8 ISO8859-2; do
+		if [[ $(LC_ALL=cs_CZ.${charset} locale charmap 2>/dev/null) != ${charset} ]]; then
+			# If we don't have valid cs_CZ locale data, auth-nonascii will fail.
+			# Force a test skip by exiting with status 77.
+			sed -i -e '2i exit 77' tests/auth-nonascii || die
+			break
+		fi
+	done
+	default
+}
+
+src_install() {
+	default
+
+	find "${ED}" -name '*.la' -delete || die
+
+	dodoc "${FILESDIR}"/README.OpenRC.txt
+
+	newinitd "${FILESDIR}"/openconnect.init.in-r4 openconnect
+	insinto /etc/openconnect
+
+	newconfd "${FILESDIR}"/openconnect.conf.in openconnect
+
+	exeinto /etc/openconnect
+	newexe "${WORKDIR}"/vpnc-scripts-${VPNC_VER}/vpnc-script openconnect.sh
+
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}"/openconnect.logrotate openconnect
+
+	keepdir /var/log/openconnect
+}
diff --git a/net-vpn/openconnect/openconnect-9999.ebuild b/net-vpn/openconnect/openconnect-9999.ebuild
index 85ac062266be..bda6b965640b 100644
--- a/net-vpn/openconnect/openconnect-9999.ebuild
+++ b/net-vpn/openconnect/openconnect-9999.ebuild
@@ -13,7 +13,7 @@ if [[ ${PV} == 9999 ]]; then
 	inherit git-r3 autotools
 else
 	ARCHIVE_URI="ftp://ftp.infradead.org/pub/${PN}/${P}.tar.gz"
-	KEYWORDS="~amd64"
+	KEYWORDS="~amd64 ~ppc64"
 fi
 VPNC_VER=20200226
 SRC_URI="${ARCHIVE_URI}
@@ -37,7 +37,7 @@ DEPEND="
 		app-crypt/trousers
 		app-misc/ca-certificates
 		dev-libs/nettle
-		>=net-libs/gnutls-3:0=[static-libs?]
+		>=net-libs/gnutls-3.6.13:0=[static-libs?]
 	)
 	gssapi? ( virtual/krb5 )
 	libproxy? ( net-libs/libproxy )
diff --git a/net-vpn/openfortivpn/Manifest b/net-vpn/openfortivpn/Manifest
index 40cbd90b3305..81a907a35f60 100644
--- a/net-vpn/openfortivpn/Manifest
+++ b/net-vpn/openfortivpn/Manifest
@@ -1,3 +1,5 @@
 DIST openfortivpn-1.13.2.tar.gz 82977 BLAKE2B 5daf2fdacaf2f9c3bc0a4bc3fc26543ed0ab424b70d2795e7b3d74b38cba53b1a8a9823564198ea5292b63f872c12f17ed3f65111a7024faee19640fff765cd7 SHA512 6be456784618d0af26190bad4af20a5f7163d3d984e3317fa3aac04b605ddd39f8973b192cf35fc8a371bf5ca4cbff8f644991b0cc031f558bf7881066fe8ec2
+DIST openfortivpn-1.13.3.tar.gz 150681 BLAKE2B 378837373f743c474233e5c7d0f8698a1bbaa5b2b84c89173547e4d0674e4ffe8949bf105462b7d355e603483577008d7ef99315e78a7511dca043426b668885 SHA512 57f87e1f1243b2eb1f4ef17dfacea203c8b11fd0e65440eef4c6b08af0b821c5a087a85d98423540114a7d977d12c4a99d0edcc348f0107fd230f573e3df0fbf
 EBUILD openfortivpn-1.13.2.ebuild 761 BLAKE2B 8282264a7cba753bb9682a94c04e84781792f7ec69abb18262796eb2e7bee770d8fa8d6405e4f7a84e90d46eb815c883508c9d8c43b15c8bcd3d08a41f934466 SHA512 5ba0d44db4b9275be265a2fcd6cda3f7a8001c90b2bee335eeca98b6c70c054f39b91b61dcc6a5b80a49c873dd498fb0b27987cee581f07d8d62d54a5ddc310f
+EBUILD openfortivpn-1.13.3.ebuild 762 BLAKE2B ce26d3b3dc03a3e5ba10d5bd61ab2a360e48d8476f8b232c30b38c2b0977696cb8be99a4773bb3b113dc63c34641d9f710ad60d888937c7f93bea190f47a43ee SHA512 6086c741a67ddd90474724986be6b5687b1f84c7f6c6c62217038af6a1e769e8f26f6927097317a00f7cb8ca35c72874c6541fbdc348d9d7597e0f14157018c5
 MISC metadata.xml 334 BLAKE2B f24aad8486bdfc65b3b679b17aee075a53b08cda8e80df8c6119cf224885d6ed25a23b14ca38bda9a1c8a651263d59e42d84719dd27749f25d109e7a6f8a3783 SHA512 383c645edf7e7baa6588a4639ec81290b4260d329f3839e540ecd506d7945a72a35bd039514b377454c0c81f23ecadaa9334c746e96aa91e0408712f112148fd
diff --git a/net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild b/net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild
new file mode 100644
index 000000000000..2cda60426dcc
--- /dev/null
+++ b/net-vpn/openfortivpn/openfortivpn-1.13.3.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools linux-info
+
+DESCRIPTION="Fortinet compatible VPN client"
+HOMEPAGE="https://github.com/adrienverge/openfortivpn"
+SRC_URI="https://github.com/adrienverge/openfortivpn/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3-with-openssl-exception openssl"
+SLOT="0"
+KEYWORDS="~amd64"
+IUSE="libressl"
+
+DEPEND="
+	net-dialup/ppp
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )
+"
+RDEPEND="${DEPEND}"
+
+CONFIG_CHECK="~PPP ~PPP_ASYNC"
+
+src_prepare() {
+	default
+
+	sed -i 's/-Werror//g' Makefile.am || die "Failed to remove -Werror from Makefile.am"
+
+	eautoreconf
+}
+
+src_install() {
+	default
+
+	keepdir /etc/openfortivpn
+}
diff --git a/net-vpn/openvpn/Manifest b/net-vpn/openvpn/Manifest
index 5a7b3a18f636..650a20f1ffd0 100644
--- a/net-vpn/openvpn/Manifest
+++ b/net-vpn/openvpn/Manifest
@@ -1,20 +1,8 @@
 AUX down.sh 943 BLAKE2B 9853748aebd819c46cec0229971375d28922abe91ff6442a572090f300cd901ccd80c04fc3df30a1251492a55e593a4783f7f5a4b380053f27bb387f5417444b SHA512 5defd61edf11cc63f3f8f60bef7fa730c4bcdd2545d664bd94666dd3aea80bd9d190263d8835a555e4287a594f6fce0f52426aed49c60233ff637a2a6164a997
 AUX openvpn-2.1.conf 892 BLAKE2B d0ce49ecc6275c9677e56de5d13afcc69169666441cb6d8eb958642786f0ee7ff6acb1830af0001fd1945b666daf5af1d9be211032817fc345e33242e1d86885 SHA512 982ade883afbe2e656a9cbbe36c31c0e8b4f7bbbe5b63df9f7b834f02a9153032fb7445c85d3e91f62c68a7ddd13c3afbf420fb71cdd13d9c4b69f867bdd9f37
 AUX openvpn-2.1.init 4187 BLAKE2B 9ab133bda1db2d94afbf1e35840515452029319c38bb796af90b117dcfcd8552da2ea236399c2708a4862de753a8f92cdff80a69cfdcc5d53e206f9f3ffc48d8 SHA512 2d97a41b3998c196c440dcaf43ad8992eae27c5356c94b24f4cc4b20169350f3d6c8d65bb9c2517415ee15637fa60298d9cd8252ad9aa3eec6ae3a847ede0611
-AUX openvpn-2.4.5-libressl-macro-fix.patch 2096 BLAKE2B d3d277c8bd800827ceabc01431c2ff22e78a89921ff2460460e9acdfbfb7466188456557031de2b0bf2c00703a573c05ba1fcbff96da4b5def596c82717ac81a SHA512 77026186911e852e8434b19662026fa5503a389ecc1a7a8fb3a395beeb2397bc75426ca310e7728ac24ec540b59e00fd623324e262276007c772f9a1cda16863
-AUX openvpn-2.4.7-libressl.patch 1929 BLAKE2B 175375bd8f233a0315ee99fb3ff6ca84f77cd850fabe8cf3f53033f56f99e0ce5ee9de4f4970011909a91e940c2665cc65004f5dce987c9545390b698b580676 SHA512 8fab84df8e268e1ec88bff3443e8e35c5228dfabff71b75f64ba29f6ff09523b36a1c8af9c9cbf20bff9d241d5de3136a1278b3f76675c28238d4c3a12ff535c
-AUX openvpn-2.5-external-cmocka.patch 2279 BLAKE2B a20cb45170590c332813fa6a0c539b8972ed329fec4ddb644996d5caa32f821dc4be75a9bc525917562e47588f8135b0def65aed9e747609b836d06a9f6ea666 SHA512 5f6d01b7051511e37a8822a0a514cfbdea3118cf52a86bec3addc2de713640842e972346ce598147e354353dd9483ecdbb13efc211e9b74c58598d6c11038f1e
-AUX openvpn-external-cmocka.patch 2083 BLAKE2B 4e9f0a2ca509a4c37d2efe061ed7a027ba7e069041d193a237d214c493b839fc36e87898aad160eb8198845306b7910f4d9da0e87671b9310425786fbe676bf4 SHA512 6c34518f626992031735f6433861fafd44e3cf35e95668cf5945aee7b341a049e3b6a73dd9937a0f287e4a750a2415532ae49aac11011767e0c7a3355f8ff6ca
 AUX up.sh 2865 BLAKE2B f359c0078148a8ec59b68227844f39d784df2271e9640b54f50a9c0b6b67450cf8b397dba8fd735931790648c1d485c149a55ffcbf095623b491b8a827eccab9 SHA512 35201b0e60ad20358080007e595eb4f96d186ba8e88f0485c55d164c28e3d78a12f3e09347ba3d76abb9b8b03fb4a53664bd74ab484be1548090022b956925fd
-DIST mock_msg.h 1356 BLAKE2B da7585cfeee89c0a4d3aa6326de6e2324804ed2a57a0e8bf7c2e51b25a91a8e1fcf9d29bba90fe58e40bf0197793a76fc1e83d8b6d677228cdc5e5333253b1a3 SHA512 930775a5837bc7f97a26817ea028782d555e0e71ba06b04c39941f4c01bbc3ca0a5dc63bcf19dc694e0e746b3a382f22daf6a6373a3443c5afd7398cbaaef6ea
-DIST openvpn-2.4.6.tar.gz 1431971 BLAKE2B 1ab0746a845fc56bf738c1730cc187c27f61d5bb763df149640978f0bf87450a01e3e40372265440f1aae4e1c58b6d9a1ee1f2aade970d19fd8e8813e0b487a7 SHA512 cdd70bfd03177bc6cb70d0d614e40389df00816b7097740b4cda9d7bee094d1463fdb5afeaf604c52c7b3167d1edb098a2e095e131a8b9fed0ed8b29da90cbe8
-DIST openvpn-2.4.7.tar.gz 998094 BLAKE2B 90f91d74279a547b49704cd14d9ac3dde26c522cd77eb851ea603addb1b220eda9be4de6cf5d74fe7717f34b3ff5fc802ca977a1402c5ed75616139d449fceb0 SHA512 ba9bc08c02fad85ba05c27488b0bfcb3540ba9c625c42334e24cb1d5e253b91c518c02641d755e03b8747ae8c2ebd340c55d51f7aedbbf2550ee4e4b79823c9c
-DIST openvpn-2.4.8.tar.gz 997417 BLAKE2B 1c56d25c125039b9f0723d8f498c9cc7233c9da940d961a430c82a3c41448c0c4fc64255adad59513d4e39b8e778cf58ced965e1501793c47bc73d211c339e4e SHA512 6a5f6f6a5cccc5011019e64ed452ad395942b751589893bd6fd3159b20577d734f2fe35d2f51f30303adee3a21e67da6d25369ea4421288ba7c2e09445e2c001
 DIST openvpn-2.4.9.tar.gz 1000602 BLAKE2B 4a10ec76d1a816f9184dd33e4384623e011a1af40ea38ad56cc06f70ab2c911b6fd92cf8ffcd2ec3ab4179fef87feb187fc9df61c5bea92b1c69ee4113093866 SHA512 7683dfb93592968459f080a07ea750992b7444708cdb1a5aafc0118ab8528fc488f2b9fbd7d042e57ad1811303208875237ae9decf0bb4977c45cd30da53751b
-EBUILD openvpn-2.4.6-r1.ebuild 4497 BLAKE2B 5ca911e21c950e34cb3b5f69a175690c443b6179c0b00afe0a6579c8fa4537b96153134ddfd14776076e324b2cc4be11a94e0ff56da42745f2673aa39431788c SHA512 f0500f9e54769d8bfed7a4e1bf657e7dfb5cad5600ce7de7165eadaf79e528f232595da55cd40fae6304ebd1eaf86a3484e3faa59963ded673d5caf41d0b2260
-EBUILD openvpn-2.4.6.ebuild 4491 BLAKE2B 120448a1525ed205a2ddfb1a0841cb4167cfd6ac7a3db2cdd6ff9d100028090d54c835908062ce6f08da0ff7fe6fce5a9ced21a5d1ba93cdc9f7fe397e651ed8 SHA512 88b5c883e041823672da5c4cd54594054832c4610f793eeb601e0b655b9a1eda0858aa11fe20ec5d5eb3ad2c50b97348ace5965360b79441fe8fbce96d491b58
-EBUILD openvpn-2.4.7-r1.ebuild 4538 BLAKE2B b0b02615e4c1f478078422dacda49f8d5832aa3d201097d245037245c00cd178062b125dd73d386d6a72b357a9ae2d46325d2e72292cf5c1986f22ebd5727b73 SHA512 0e311676afff67fe3da4d5b7a7df15e67af40b9100349b4aca3da9a427f0e414eda39056bd725abeea5504c905db3c80ec9533021cfb8765bb73afe7032a24ce
-EBUILD openvpn-2.4.8.ebuild 4013 BLAKE2B 6ce18ef028e85459815792bf315524a1ac71790829d86d6822e5273d93abb35a54813689298573a53a7bc9afdb57ded9002930e637531f86ff63372e3c48838a SHA512 f0c13bd66ac9976a894fabef51b496643ed351c8ca2dd8cb0a98c769918b8458a20cb7bce6909f1472a03dbc7eecfae6e60def81eaf51e8818bf337dabbdfa37
-EBUILD openvpn-2.4.9.ebuild 4008 BLAKE2B 0c0eb93b706fd2eaf22989240f0105f82648b67eb1914cc1e97a5eb407f79650771e8611c678796c8058e16f5f2fab8bb5e7cd71dff7283495afc16bf667a8ab SHA512 83043fca1cf8cfa04dfbef0dabf6f5945d0ee2602931fab1a02209e826e17342e4484438e7b09fb377e1bda4c5c380579bf41513b70a7d0c78b475b586bf6328
+EBUILD openvpn-2.4.9.ebuild 4163 BLAKE2B 74c7a130da53fcfe4aad644534c87dc2f00a1321e55a91d671f20b6afe0d1676135663991f4110d44ae0feea3433a4841d0c5d251f81fc32decefd3b5288f32f SHA512 5382fdc7fe0e8f27311ea4cccba195969666acafc43979ce79268912d628d03d8f09ba5f912db75873d009e6bb869448b88efe452a80ed338c6f7972db8bda55
 EBUILD openvpn-9999.ebuild 4148 BLAKE2B d2942eb2659d5cc1cef40143b6cd84e4e869031cc23ac419865db1286c7bf3ec7c66433ed2c3149d654206f74b3db14b3cea17a5d90332e9bfa5cbb6b172fdf5 SHA512 0807ceb96db862c33e42c7b2eb1224cfdb01d32e09048250bb69a05244af9835e805a9a87fb47d8a0a2422c12088ab515389b180d93286093f2089eab2709c8d
 MISC metadata.xml 998 BLAKE2B 800c147b67d26d0ae3856c3aebfd7bec9326aaa67ffcb16b57e00ad722b8154bcd4cd6daef741ebb0f12032ef986e0b3b5a4cf99014df1fbd54699a98ed13a0c SHA512 d7e07e98986611dc410a3ab1b0bf2bb3925fcc9f3388c9649ce7a01baa2fa076d7766b4e1b9749048aa1d1850cb9053e8822ce7a1870002805c176c6a60e6db8
diff --git a/net-vpn/openvpn/files/openvpn-2.4.5-libressl-macro-fix.patch b/net-vpn/openvpn/files/openvpn-2.4.5-libressl-macro-fix.patch
deleted file mode 100644
index 13b976009524..000000000000
--- a/net-vpn/openvpn/files/openvpn-2.4.5-libressl-macro-fix.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 626b4dd..2a8e87f 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -948,6 +948,18 @@ if test "${with_crypto_library}" = "openssl"; then
- 			EC_GROUP_order_bits
- 		]
- 	)
-+	AC_CHECK_DECLS(
-+		[
-+			SSL_CTX_get_min_proto_version,
-+			SSL_CTX_get_max_proto_version,
-+			SSL_CTX_set_min_proto_version,
-+			SSL_CTX_set_max_proto_version,
-+		],
-+		,
-+		,
-+		[[#include <openssl/ssl.h>]]
-+
-+	)
- 
- 	CFLAGS="${saved_CFLAGS}"
- 	LIBS="${saved_LIBS}"
-diff --git a/src/openvpn/openssl_compat.h b/src/openvpn/openssl_compat.h
-index d375fab..340d452 100644
---- a/src/openvpn/openssl_compat.h
-+++ b/src/openvpn/openssl_compat.h
-@@ -661,7 +661,7 @@ EC_GROUP_order_bits(const EC_GROUP *group)
- #define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT       RSA_F_RSA_EAY_PRIVATE_ENCRYPT
- #endif
- 
--#ifndef SSL_CTX_get_min_proto_version
-+#if !HAVE_DECL_SSL_CTX_GET_MIN_PROTO_VERSION
- /** Return the min SSL protocol version currently enabled in the context.
-  *  If no valid version >= TLS1.0 is found, return 0. */
- static inline int
-@@ -684,7 +684,7 @@ SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
- }
- #endif /* SSL_CTX_get_min_proto_version */
- 
--#ifndef SSL_CTX_get_max_proto_version
-+#if !HAVE_DECL_SSL_CTX_GET_MAX_PROTO_VERSION
- /** Return the max SSL protocol version currently enabled in the context.
-  *  If no valid version >= TLS1.0 is found, return 0. */
- static inline int
-@@ -707,7 +707,7 @@ SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
- }
- #endif /* SSL_CTX_get_max_proto_version */
- 
--#ifndef SSL_CTX_set_min_proto_version
-+#if !HAVE_DECL_SSL_CTX_SET_MIN_PROTO_VERSION
- /** Mimics SSL_CTX_set_min_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
-@@ -736,7 +736,7 @@ SSL_CTX_set_min_proto_version(SSL_CTX *ctx, long tls_ver_min)
- }
- #endif /* SSL_CTX_set_min_proto_version */
- 
--#ifndef SSL_CTX_set_max_proto_version
-+#if !HAVE_DECL_SSL_CTX_SET_MAX_PROTO_VERSION
- /** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
- static inline int
- SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
diff --git a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch b/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
deleted file mode 100644
index 210189cd4d4d..000000000000
--- a/net-vpn/openvpn/files/openvpn-2.4.7-libressl.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 4faf695e3c42a81131c2aae96c4a60228aa237a5 Mon Sep 17 00:00:00 2001
-From: Stefan Strogin <stefan.strogin@gmail.com>
-Date: Sat, 23 Feb 2019 20:13:41 +0200
-Subject: [PATCH] Fix compilation with LibreSSL
-
-TLS 1.3 is not ready yet in LibreSSL.
-Also SSL_get1_supported_ciphers() has been just added into master (not yet
-released).
-
-Upstream-Status: Submitted [https://github.com/OpenVPN/openvpn/pull/123]
-Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
----
- src/openvpn/ssl_openssl.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
-index a78dae99..6a8fcef3 100644
---- a/src/openvpn/ssl_openssl.c
-+++ b/src/openvpn/ssl_openssl.c
-@@ -459,7 +459,7 @@ tls_ctx_restrict_ciphers_tls13(struct tls_root_ctx *ctx, const char *ciphers)
-         return;
-     }
- 
--#if (OPENSSL_VERSION_NUMBER < 0x1010100fL)
-+#if (OPENSSL_VERSION_NUMBER < 0x1010100fL) || defined(LIBRESSL_VERSION_NUMBER)
-         crypto_msg(M_WARN, "Not compiled with OpenSSL 1.1.1 or higher. "
-                        "Ignoring TLS 1.3 only tls-ciphersuites '%s' setting.",
-                         ciphers);
-@@ -1846,7 +1846,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
-         crypto_msg(M_FATAL, "Cannot create SSL_CTX object");
-     }
- 
--#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL)
-+#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER))
-     if (tls13)
-     {
-         SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
-@@ -1867,7 +1867,7 @@ show_available_tls_ciphers_list(const char *cipher_list,
-         crypto_msg(M_FATAL, "Cannot create SSL object");
-     }
- 
--#if (OPENSSL_VERSION_NUMBER < 0x1010000fL)
-+#if (OPENSSL_VERSION_NUMBER < 0x1010000fL) || defined(LIBRESSL_VERSION_NUMBER)
-     STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
- #else
-     STACK_OF(SSL_CIPHER) *sk = SSL_get1_supported_ciphers(ssl);
--- 
-2.20.1
-
diff --git a/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch
deleted file mode 100644
index d339dcd558b1..000000000000
--- a/net-vpn/openvpn/files/openvpn-2.5-external-cmocka.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index 1e6891b1..c801789c 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1312,6 +1312,21 @@ if test "${enable_async_push}" = "yes"; then
-        )
- fi
-
-+AC_ARG_ENABLE(
-+       [tests],
-+       AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@])
-+)
-+
-+if test "${enable_tests}" = "yes"; then
-+       PKG_CHECK_MODULES([CMOCKA], [cmocka])
-+       TEST_CFLAGS="${CMOCKA_CFLAGS}"
-+       TEST_LDFLAGS="${CMOCKA_LIBS}"
-+       AC_SUBST([TEST_CFLAGS])
-+       AC_SUBST([TEST_LDFLAGS])
-+fi
-+AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"])
-+AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
-+
- CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
- AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
-
-@@ -1360,27 +1375,6 @@ AC_SUBST([VENDOR_SRC_ROOT])
- AC_SUBST([VENDOR_BUILD_ROOT])
- AC_SUBST([VENDOR_DIST_ROOT])
-
--TEST_LDFLAGS="${OPTIONAL_CRYPTO_LIBS} ${OPTIONAL_PKCS11_LIBS} -lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib"
--TEST_CFLAGS="${OPTIONAL_CRYPTO_CFLAGS} ${OPTIONAL_PKCS11_CFLAGS} -I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include"
--
--AC_SUBST([TEST_LDFLAGS])
--AC_SUBST([TEST_CFLAGS])
--
--# Check if cmake is available and cmocka git submodule is initialized,
--# needed for unit testing
--AC_CHECK_PROGS([CMAKE], [cmake])
--if test -n "${CMAKE}"; then
--   if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then
--      AM_CONDITIONAL([CMOCKA_INITIALIZED], [true])
--   else
--      AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
--      AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated.  Unit testing cannot be performed.])
--   fi
--else
--   AC_MSG_RESULT([!! WARNING !! CMake is NOT available.  Unit testing cannot be performed.])
--   AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
--fi
--
-
- AC_CONFIG_FILES([
-        version.sh
-diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am
-index 31d37b89..4b7fb41d 100644
---- a/tests/unit_tests/Makefile.am
-+++ b/tests/unit_tests/Makefile.am
-@@ -1,5 +1,5 @@
- AUTOMAKE_OPTIONS = foreign
-
--if CMOCKA_INITIALIZED
-+if ENABLE_TESTS
- SUBDIRS = example_test openvpn plugins
- endif
diff --git a/net-vpn/openvpn/files/openvpn-external-cmocka.patch b/net-vpn/openvpn/files/openvpn-external-cmocka.patch
deleted file mode 100644
index eecc5076b4e8..000000000000
--- a/net-vpn/openvpn/files/openvpn-external-cmocka.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-diff --git a/configure.ac b/configure.ac
-index f4073d0..9afcc90 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -1211,6 +1211,21 @@ if test "${enable_async_push}" = "yes"; then
- 	)
- fi
- 
-+AC_ARG_ENABLE(
-+	[tests],
-+	AS_HELP_STRING([--enable-tests], [enable unit tests @<:@default=no@:>@])
-+)
-+
-+if test "${enable_tests}" = "yes"; then
-+	PKG_CHECK_MODULES([CMOCKA], [cmocka])
-+	TEST_CFLAGS="${CMOCKA_CFLAGS}"
-+	TEST_LDFLAGS="${CMOCKA_LIBS}"
-+	AC_SUBST([TEST_CFLAGS])
-+	AC_SUBST([TEST_LDFLAGS])
-+fi
-+AM_CONDITIONAL([ENABLE_TESTS], [test "${enable_tests}" = "yes"])
-+AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
-+
- CONFIGURE_DEFINES="`set | grep '^enable_.*=' ; set | grep '^with_.*='`"
- AC_DEFINE_UNQUOTED([CONFIGURE_DEFINES], ["`echo ${CONFIGURE_DEFINES}`"], [Configuration settings])
- 
-@@ -1257,28 +1272,6 @@ AC_SUBST([VENDOR_SRC_ROOT])
- AC_SUBST([VENDOR_BUILD_ROOT])
- AC_SUBST([VENDOR_DIST_ROOT])
- 
--TEST_LDFLAGS="-lcmocka -L\$(abs_top_builddir)/vendor/dist/lib -Wl,-rpath,\$(abs_top_builddir)/vendor/dist/lib"
--TEST_CFLAGS="-I\$(top_srcdir)/include -I\$(abs_top_builddir)/vendor/dist/include"
--
--AC_SUBST([TEST_LDFLAGS])
--AC_SUBST([TEST_CFLAGS])
--
--# Check if cmake is available and cmocka git submodule is initialized,
--# needed for unit testing
--AC_CHECK_PROGS([CMAKE], [cmake])
--if test -n "${CMAKE}"; then
--   if test -f "${srcdir}/vendor/cmocka/CMakeLists.txt"; then
--      AM_CONDITIONAL([CMOCKA_INITIALIZED], [true])
--   else
--      AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
--      AC_MSG_RESULT([!! WARNING !! The cmoka git submodule has not been initialized or updated.  Unit testing cannot be performed.])
--   fi
--else
--   AC_MSG_RESULT([!! WARNING !! CMake is NOT available.  Unit testing cannot be performed.])
--   AM_CONDITIONAL([CMOCKA_INITIALIZED], [false])
--fi
--
--
- AC_CONFIG_FILES([
- 	version.sh
- 	Makefile
-diff --git a/tests/unit_tests/Makefile.am b/tests/unit_tests/Makefile.am
-index 31d37b8..4b7fb41 100644
---- a/tests/unit_tests/Makefile.am
-+++ b/tests/unit_tests/Makefile.am
-@@ -3 +3 @@ AUTOMAKE_OPTIONS = foreign
--if CMOCKA_INITIALIZED
-+if ENABLE_TESTS
diff --git a/net-vpn/openvpn/openvpn-2.4.6-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.6-r1.ebuild
deleted file mode 100644
index 3c4d220281f4..000000000000
--- a/net-vpn/openvpn/openvpn-2.4.6-r1.ebuild
+++ /dev/null
@@ -1,156 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools flag-o-matic user systemd linux-info
-
-DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
-SRC_URI="https://swupdate.openvpn.net/community/releases/${P}.tar.gz
-	test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )"
-HOMEPAGE="https://openvpn.net/"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos"
-
-IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
-IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD"
-
-RESTRICT="!test? ( test )"
-REQUIRED_USE="pkcs11? ( ssl )
-	!plugins? ( !pam !down-root )
-	inotify? ( plugins )"
-
-CDEPEND="
-	kernel_linux? (
-		iproute2? ( sys-apps/iproute2[-minimal] )
-		!iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 )
-	)
-	pam? ( sys-libs/pam )
-	ssl? (
-		!mbedtls? (
-			!libressl? ( >=dev-libs/openssl-0.9.8:0= )
-			libressl? ( dev-libs/libressl:0= )
-		)
-		mbedtls? ( net-libs/mbedtls )
-	)
-	lz4? ( app-arch/lz4 )
-	lzo? ( >=dev-libs/lzo-1.07 )
-	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
-	systemd? ( sys-apps/systemd )"
-DEPEND="${CDEPEND}
-	test? ( dev-util/cmocka )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-openvpn )"
-
-CONFIG_CHECK="~TUN"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-external-cmocka.patch"
-	"${FILESDIR}/${PN}-2.4.5-libressl-macro-fix.patch"
-)
-
-pkg_setup() {
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	default
-	eautoreconf
-
-	if use test; then
-		cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die
-	fi
-}
-
-src_configure() {
-	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
-	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
-	IFCONFIG=/bin/ifconfig \
-	ROUTE=/bin/route \
-	econf \
-		$(use_enable inotify async-push) \
-		$(use_enable ssl crypto) \
-		$(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \
-		$(use_enable lz4) \
-		$(use_enable lzo) \
-		$(use_enable pkcs11) \
-		$(use_enable plugins) \
-		$(use_enable iproute2) \
-		$(use_enable pam plugin-auth-pam) \
-		$(use_enable down-root plugin-down-root) \
-		$(use_enable test tests) \
-		$(use_enable systemd)
-}
-
-src_test() {
-	make check || die "top-level tests failed"
-	pushd tests/unit_tests > /dev/null || die
-	make check || die "unit tests failed"
-	popd > /dev/null || die
-}
-
-src_install() {
-	default
-	find "${ED}/usr" -name '*.la' -delete
-	# install documentation
-	dodoc AUTHORS ChangeLog PORTS README README.IPv6
-
-	# Install some helper scripts
-	keepdir /etc/openvpn
-	exeinto /etc/openvpn
-	doexe "${FILESDIR}/up.sh"
-	doexe "${FILESDIR}/down.sh"
-
-	# Install the init script and config file
-	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
-	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
-
-	# install examples, controlled by the respective useflag
-	if use examples ; then
-		# dodoc does not supportly support directory traversal, #15193
-		insinto /usr/share/doc/${PF}/examples
-		doins -r sample contrib
-	fi
-}
-
-pkg_postinst() {
-	# Add openvpn user so openvpn servers can drop privs
-	# Clients should run as root so they can change ip addresses,
-	# dns information and other such things.
-	enewgroup openvpn
-	enewuser openvpn "" "" "" openvpn
-
-	if use x64-macos; then
-		elog "You might want to install tuntaposx for TAP interface support:"
-		elog "http://tuntaposx.sourceforge.net"
-	fi
-
-	elog "The openvpn init script expects to find the configuration file"
-	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
-	elog ""
-	elog "To create more VPNs, simply create a new .conf file for it and"
-	elog "then create a symlink to the openvpn init script from a link called"
-	elog "openvpn.newconfname - like so"
-	elog "   cd /etc/openvpn"
-	elog "   ${EDITOR##*/} foo.conf"
-	elog "   cd /etc/init.d"
-	elog "   ln -s openvpn openvpn.foo"
-	elog ""
-	elog "You can then treat openvpn.foo as any other service, so you can"
-	elog "stop one vpn and start another if you need to."
-
-	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
-		ewarn ""
-		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
-		ewarn "a client by our init script and as such we force up,down scripts."
-		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
-		ewarn "can move your scripts to."
-	fi
-
-	if use plugins ; then
-		einfo ""
-		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
-	fi
-}
diff --git a/net-vpn/openvpn/openvpn-2.4.6.ebuild b/net-vpn/openvpn/openvpn-2.4.6.ebuild
deleted file mode 100644
index eb359996e004..000000000000
--- a/net-vpn/openvpn/openvpn-2.4.6.ebuild
+++ /dev/null
@@ -1,156 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools flag-o-matic user systemd linux-info
-
-DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
-SRC_URI="https://swupdate.openvpn.net/community/releases/${P}.tar.gz
-	test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )"
-HOMEPAGE="https://openvpn.net/"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos"
-
-IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
-IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD"
-
-RESTRICT="!test? ( test )"
-REQUIRED_USE="pkcs11? ( ssl )
-	!plugins? ( !pam !down-root )
-	inotify? ( plugins )"
-
-CDEPEND="
-	kernel_linux? (
-		iproute2? ( sys-apps/iproute2[-minimal] )
-		!iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 )
-	)
-	pam? ( sys-libs/pam )
-	ssl? (
-		!mbedtls? (
-			!libressl? ( >=dev-libs/openssl-0.9.8:0= )
-			libressl? ( dev-libs/libressl:0= )
-		)
-		mbedtls? ( net-libs/mbedtls )
-	)
-	lz4? ( app-arch/lz4 )
-	lzo? ( >=dev-libs/lzo-1.07 )
-	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
-	systemd? ( sys-apps/systemd )"
-DEPEND="${CDEPEND}
-	test? ( dev-util/cmocka )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-openvpn )"
-
-CONFIG_CHECK="~TUN"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-external-cmocka.patch"
-	"${FILESDIR}/${PN}-2.4.5-libressl-macro-fix.patch"
-)
-
-pkg_setup() {
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	default
-	eautoreconf
-
-	if use test; then
-		cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die
-	fi
-}
-
-src_configure() {
-	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
-	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
-	IFCONFIG=/bin/ifconfig \
-	ROUTE=/bin/route \
-	econf \
-		$(use_enable inotify async-push) \
-		$(use_enable ssl crypto) \
-		$(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \
-		$(use_enable lz4) \
-		$(use_enable lzo) \
-		$(use_enable pkcs11) \
-		$(use_enable plugins) \
-		$(use_enable iproute2) \
-		$(use_enable pam plugin-auth-pam) \
-		$(use_enable down-root plugin-down-root) \
-		$(use_enable test tests) \
-		$(use_enable systemd)
-}
-
-src_test() {
-	make check || die "top-level tests failed"
-	pushd tests/unit_tests > /dev/null || die
-	make check || die "unit tests failed"
-	popd > /dev/null || die
-}
-
-src_install() {
-	default
-	find "${ED}/usr" -name '*.la' -delete
-	# install documentation
-	dodoc AUTHORS ChangeLog PORTS README README.IPv6
-
-	# Install some helper scripts
-	keepdir /etc/openvpn
-	exeinto /etc/openvpn
-	doexe "${FILESDIR}/up.sh"
-	doexe "${FILESDIR}/down.sh"
-
-	# Install the init script and config file
-	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
-	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
-
-	# install examples, controlled by the respective useflag
-	if use examples ; then
-		# dodoc does not supportly support directory traversal, #15193
-		insinto /usr/share/doc/${PF}/examples
-		doins -r sample contrib
-	fi
-}
-
-pkg_postinst() {
-	# Add openvpn user so openvpn servers can drop privs
-	# Clients should run as root so they can change ip addresses,
-	# dns information and other such things.
-	enewgroup openvpn
-	enewuser openvpn "" "" "" openvpn
-
-	if use x64-macos; then
-		elog "You might want to install tuntaposx for TAP interface support:"
-		elog "http://tuntaposx.sourceforge.net"
-	fi
-
-	elog "The openvpn init script expects to find the configuration file"
-	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
-	elog ""
-	elog "To create more VPNs, simply create a new .conf file for it and"
-	elog "then create a symlink to the openvpn init script from a link called"
-	elog "openvpn.newconfname - like so"
-	elog "   cd /etc/openvpn"
-	elog "   ${EDITOR##*/} foo.conf"
-	elog "   cd /etc/init.d"
-	elog "   ln -s openvpn openvpn.foo"
-	elog ""
-	elog "You can then treat openvpn.foo as any other service, so you can"
-	elog "stop one vpn and start another if you need to."
-
-	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
-		ewarn ""
-		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
-		ewarn "a client by our init script and as such we force up,down scripts."
-		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
-		ewarn "can move your scripts to."
-	fi
-
-	if use plugins ; then
-		einfo ""
-		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
-	fi
-}
diff --git a/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild b/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild
deleted file mode 100644
index 845ec4ad7b0f..000000000000
--- a/net-vpn/openvpn/openvpn-2.4.7-r1.ebuild
+++ /dev/null
@@ -1,157 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools flag-o-matic user systemd linux-info
-
-DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
-SRC_URI="https://github.com/OpenVPN/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz
-	test? ( https://raw.githubusercontent.com/OpenVPN/${PN}/v${PV}/tests/unit_tests/${PN}/mock_msg.h )"
-HOMEPAGE="https://openvpn.net/"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos"
-
-IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
-IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD"
-
-RESTRICT="!test? ( test )"
-REQUIRED_USE="pkcs11? ( ssl )
-	!plugins? ( !pam !down-root )
-	inotify? ( plugins )"
-
-CDEPEND="
-	kernel_linux? (
-		iproute2? ( sys-apps/iproute2[-minimal] )
-		!iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 )
-	)
-	pam? ( sys-libs/pam )
-	ssl? (
-		!mbedtls? (
-			!libressl? ( >=dev-libs/openssl-0.9.8:0= )
-			libressl? ( dev-libs/libressl:0= )
-		)
-		mbedtls? ( net-libs/mbedtls:= )
-	)
-	lz4? ( app-arch/lz4 )
-	lzo? ( >=dev-libs/lzo-1.07 )
-	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
-	systemd? ( sys-apps/systemd )"
-DEPEND="${CDEPEND}
-	test? ( dev-util/cmocka )"
-RDEPEND="${CDEPEND}
-	selinux? ( sec-policy/selinux-openvpn )"
-
-CONFIG_CHECK="~TUN"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-external-cmocka.patch"
-	"${FILESDIR}/${PN}-2.4.5-libressl-macro-fix.patch"
-	"${FILESDIR}/${P}-libressl.patch"
-)
-
-pkg_setup() {
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	default
-	eautoreconf
-
-	if use test; then
-		cp "${DISTDIR}/mock_msg.h" tests/unit_tests/${PN} || die
-	fi
-}
-
-src_configure() {
-	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
-	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
-	IFCONFIG=/bin/ifconfig \
-	ROUTE=/bin/route \
-	econf \
-		$(use_enable inotify async-push) \
-		$(use_enable ssl crypto) \
-		$(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \
-		$(use_enable lz4) \
-		$(use_enable lzo) \
-		$(use_enable pkcs11) \
-		$(use_enable plugins) \
-		$(use_enable iproute2) \
-		$(use_enable pam plugin-auth-pam) \
-		$(use_enable down-root plugin-down-root) \
-		$(use_enable test tests) \
-		$(use_enable systemd)
-}
-
-src_test() {
-	make check || die "top-level tests failed"
-	pushd tests/unit_tests > /dev/null || die
-	make check || die "unit tests failed"
-	popd > /dev/null || die
-}
-
-src_install() {
-	default
-	find "${ED}/usr" -name '*.la' -delete
-	# install documentation
-	dodoc AUTHORS ChangeLog PORTS README README.IPv6
-
-	# Install some helper scripts
-	keepdir /etc/openvpn
-	exeinto /etc/openvpn
-	doexe "${FILESDIR}/up.sh"
-	doexe "${FILESDIR}/down.sh"
-
-	# Install the init script and config file
-	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
-	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
-
-	# install examples, controlled by the respective useflag
-	if use examples ; then
-		# dodoc does not supportly support directory traversal, #15193
-		insinto /usr/share/doc/${PF}/examples
-		doins -r sample contrib
-	fi
-}
-
-pkg_postinst() {
-	# Add openvpn user so openvpn servers can drop privs
-	# Clients should run as root so they can change ip addresses,
-	# dns information and other such things.
-	enewgroup openvpn
-	enewuser openvpn "" "" "" openvpn
-
-	if use x64-macos; then
-		elog "You might want to install tuntaposx for TAP interface support:"
-		elog "http://tuntaposx.sourceforge.net"
-	fi
-
-	elog "The openvpn init script expects to find the configuration file"
-	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
-	elog ""
-	elog "To create more VPNs, simply create a new .conf file for it and"
-	elog "then create a symlink to the openvpn init script from a link called"
-	elog "openvpn.newconfname - like so"
-	elog "   cd /etc/openvpn"
-	elog "   ${EDITOR##*/} foo.conf"
-	elog "   cd /etc/init.d"
-	elog "   ln -s openvpn openvpn.foo"
-	elog ""
-	elog "You can then treat openvpn.foo as any other service, so you can"
-	elog "stop one vpn and start another if you need to."
-
-	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
-		ewarn ""
-		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
-		ewarn "a client by our init script and as such we force up,down scripts."
-		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
-		ewarn "can move your scripts to."
-	fi
-
-	if use plugins ; then
-		einfo ""
-		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
-	fi
-}
diff --git a/net-vpn/openvpn/openvpn-2.4.8.ebuild b/net-vpn/openvpn/openvpn-2.4.8.ebuild
deleted file mode 100644
index 0310e511f604..000000000000
--- a/net-vpn/openvpn/openvpn-2.4.8.ebuild
+++ /dev/null
@@ -1,145 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic systemd linux-info
-
-DESCRIPTION="Robust and highly flexible tunneling application compatible with many OSes"
-SRC_URI="https://github.com/OpenVPN/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
-HOMEPAGE="https://openvpn.net/"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~x86-macos"
-
-IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
-IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD"
-
-RESTRICT="!test? ( test )"
-REQUIRED_USE="pkcs11? ( ssl )
-	!plugins? ( !pam !down-root )
-	inotify? ( plugins )
-"
-
-CDEPEND="
-	kernel_linux? (
-		iproute2? ( sys-apps/iproute2[-minimal] )
-		!iproute2? ( >=sys-apps/net-tools-1.60_p20160215155418 )
-	)
-	pam? ( sys-libs/pam )
-	ssl? (
-		!mbedtls? (
-			!libressl? ( >=dev-libs/openssl-0.9.8:0= )
-			libressl? ( dev-libs/libressl:0= )
-		)
-		mbedtls? ( net-libs/mbedtls:= )
-	)
-	lz4? ( app-arch/lz4 )
-	lzo? ( >=dev-libs/lzo-1.07 )
-	pkcs11? ( >=dev-libs/pkcs11-helper-1.11 )
-	systemd? ( sys-apps/systemd )
-"
-DEPEND="${CDEPEND}
-	test? ( dev-util/cmocka )
-"
-RDEPEND="${CDEPEND}
-	acct-group/openvpn
-	acct-user/openvpn
-	selinux? ( sec-policy/selinux-openvpn )
-"
-
-CONFIG_CHECK="~TUN"
-
-pkg_setup() {
-	linux-info_pkg_setup
-}
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_configure() {
-	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
-	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
-	IFCONFIG=/bin/ifconfig \
-	ROUTE=/bin/route \
-	econf \
-		$(use_enable inotify async-push) \
-		$(use_enable ssl crypto) \
-		$(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \
-		$(use_enable lz4) \
-		$(use_enable lzo) \
-		$(use_enable pkcs11) \
-		$(use_enable plugins) \
-		$(use_enable iproute2) \
-		$(use_enable pam plugin-auth-pam) \
-		$(use_enable down-root plugin-down-root) \
-		$(use_enable systemd)
-}
-
-src_test() {
-	make check || die "top-level tests failed"
-	pushd tests/unit_tests > /dev/null || die
-	make check || die "unit tests failed"
-	popd > /dev/null || die
-}
-
-src_install() {
-	default
-	find "${ED}/usr" -name '*.la' -delete
-	# install documentation
-	dodoc AUTHORS ChangeLog PORTS README README.IPv6
-
-	# Install some helper scripts
-	keepdir /etc/openvpn
-	exeinto /etc/openvpn
-	doexe "${FILESDIR}/up.sh"
-	doexe "${FILESDIR}/down.sh"
-
-	# Install the init script and config file
-	newinitd "${FILESDIR}/${PN}-2.1.init" openvpn
-	newconfd "${FILESDIR}/${PN}-2.1.conf" openvpn
-
-	# install examples, controlled by the respective useflag
-	if use examples ; then
-		# dodoc does not supportly support directory traversal, #15193
-		docinto /usr/share/doc/${PF}/examples
-		dodoc -r sample contrib
-	fi
-}
-
-pkg_postinst() {
-	if use x64-macos; then
-		elog "You might want to install tuntaposx for TAP interface support:"
-		elog "http://tuntaposx.sourceforge.net"
-	fi
-
-	elog "The openvpn init script expects to find the configuration file"
-	elog "openvpn.conf in /etc/openvpn along with any extra files it may need."
-	elog ""
-	elog "To create more VPNs, simply create a new .conf file for it and"
-	elog "then create a symlink to the openvpn init script from a link called"
-	elog "openvpn.newconfname - like so"
-	elog "   cd /etc/openvpn"
-	elog "   ${EDITOR##*/} foo.conf"
-	elog "   cd /etc/init.d"
-	elog "   ln -s openvpn openvpn.foo"
-	elog ""
-	elog "You can then treat openvpn.foo as any other service, so you can"
-	elog "stop one vpn and start another if you need to."
-
-	if grep -Eq "^[ \t]*(up|down)[ \t].*" "${ROOT}/etc/openvpn"/*.conf 2>/dev/null ; then
-		ewarn ""
-		ewarn "WARNING: If you use the remote keyword then you are deemed to be"
-		ewarn "a client by our init script and as such we force up,down scripts."
-		ewarn "These scripts call /etc/openvpn/\$SVCNAME-{up,down}.sh where you"
-		ewarn "can move your scripts to."
-	fi
-
-	if use plugins ; then
-		einfo ""
-		einfo "plugins have been installed into /usr/$(get_libdir)/${PN}/plugins"
-	fi
-}
diff --git a/net-vpn/openvpn/openvpn-2.4.9.ebuild b/net-vpn/openvpn/openvpn-2.4.9.ebuild
index 684a4871fe82..9e3998296da6 100644
--- a/net-vpn/openvpn/openvpn-2.4.9.ebuild
+++ b/net-vpn/openvpn/openvpn-2.4.9.ebuild
@@ -11,7 +11,7 @@ HOMEPAGE="https://openvpn.net/"
 
 LICENSE="GPL-2"
 SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos"
+KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86 ~amd64-linux ~x86-linux ~x86-macos"
 
 IUSE="down-root examples inotify iproute2 libressl lz4 +lzo mbedtls pam"
 IUSE+=" pkcs11 +plugins selinux +ssl systemd test userland_BSD"
@@ -61,22 +61,34 @@ src_prepare() {
 }
 
 src_configure() {
+	local myeconfargs=(
+		$(use_enable inotify async-push)
+		$(use_enable ssl crypto)
+	)
+	if use ssl; then
+		myeconfargs+=(
+			$(use_with ssl crypto-library $(usex mbedtls mbedtls openssl))
+		)
+		if use libressl || ! use mbedtls; then
+			myeconfargs+=(
+				$(use_enable pkcs11)
+			)
+		fi
+	fi
+	myeconfargs+=(
+		$(use_enable lz4)
+		$(use_enable lzo)
+		$(use_enable plugins)
+		$(use_enable iproute2)
+		$(use_enable pam plugin-auth-pam)
+		$(use_enable down-root plugin-down-root)
+		$(use_enable systemd)
+	)
 	SYSTEMD_UNIT_DIR=$(systemd_get_systemunitdir) \
 	TMPFILES_DIR="/usr/lib/tmpfiles.d" \
 	IFCONFIG=/bin/ifconfig \
 	ROUTE=/bin/route \
-	econf \
-		$(use_enable inotify async-push) \
-		$(use_enable ssl crypto) \
-		$(use_with ssl crypto-library $(usex mbedtls mbedtls openssl)) \
-		$(use_enable lz4) \
-		$(use_enable lzo) \
-		$(use_enable pkcs11) \
-		$(use_enable plugins) \
-		$(use_enable iproute2) \
-		$(use_enable pam plugin-auth-pam) \
-		$(use_enable down-root plugin-down-root) \
-		$(use_enable systemd)
+	econf "${myeconfargs[@]}"
 }
 
 src_test() {
diff --git a/net-vpn/peervpn/Manifest b/net-vpn/peervpn/Manifest
index 488154f9606d..72f994dc8641 100644
--- a/net-vpn/peervpn/Manifest
+++ b/net-vpn/peervpn/Manifest
@@ -3,5 +3,5 @@ AUX peervpn.initd 590 BLAKE2B 39a2ec06a71eb99de9a37cd42b05c63fd07af042b8b48652e0
 AUX peervpn.logrotated 87 BLAKE2B c6b72aed372a87d766a9ba0e69b48929fd2484743c5576f9d87333be3a241479794f83d201e366483dee30aee48a4e5a2ad9fb7e6864f84bb9e4b47556dfaf67 SHA512 474d2cd0c92786d5b7b45604a235a9102197e9e3520c812db86c1183bc0ab0963dbbb538ff684a44bc47184eb3e87d77e6b2ddab72c52fccca529cc16f56f515
 AUX peervpn.service 256 BLAKE2B 51abeea30d4ebe81a7b9acf1ae0e5e8b65ddcaedd4ae2c3f0e6ab3e4524d75d9848328bfed737f8b39effeedd68e7d7ed9f1376ac144ae27c4d77b0603fdd496 SHA512 d2d7336ed77324f30d3a4d83fe47b43bbafc3340525eac862bd7637e3a72a70dba1dc9ea21ed59e1606c8d1c03c3ee5ab9da73b49e71cf70e536369ae9ecf01c
 DIST peervpn-0.044.tar.gz 81948 BLAKE2B 7fcf4805846b304c8d26ab06a5f56fa7aa281eab05860f192e635ba12173954cd00502328239771b1882b0b74c8f24f796c51e86fd5d39765f51d2aa26953c6b SHA512 5dd8e056287a905f3aaddf93d6dad917047e6f7da30942f412ff7b2846afd26fb9f4e500cfcb76966b4045db2a37096f1aa43b87e777ff31c2e467aa0415cdba
-EBUILD peervpn-0.044-r4.ebuild 1612 BLAKE2B 6c8c2aa310a0dc62a44c9b71c39e5fecd82e725bdcba6e45bbcd2adbe482ba2f7d077765a87cfa889a2a03697fb4b7ae9d8ba05400b5db253bd08d16dbb70f2f SHA512 2e3819dbf047301ac4acaa2799cb0c24c1f24f8a7b1df7ab52128df342aeef2ce8742b5b6a6e50deaf1df08ca24b7976340ad4908852194878cf7268b469107e
+EBUILD peervpn-0.044-r5.ebuild 1984 BLAKE2B 06f2d9ccae4306a25c09cc6f4e88667cf99512f15bb8e44160e3a4abcb047780dae809b80886719550a5d9726af45ea06d4e76916904b9ce4efcff528a33892a SHA512 aa5dbbe642f80062f87e0696ca24cb6e0b5b6972c6e21ebcca8f1967adc2ab42566b3087f1c370e6c4be9ffe019a09c475a3a09f2af92a106a65091a167ce21a
 MISC metadata.xml 306 BLAKE2B 23943cc835dbc20f40533bd627de75557c7995bb72195979385903e53834c0961fd4b3e0346aabf10020aa9df18a619e138a1504e9e1f1614fda1a840a0d0f1e SHA512 29286f5271bd2e6cb8aa39d626bc581cdfce7206e3a76e964418b460c20ab844e096a009db6c3ef1f3bc09f56622a2e388bce8aeeedd3be65d936e244915a7db
diff --git a/net-vpn/peervpn/peervpn-0.044-r4.ebuild b/net-vpn/peervpn/peervpn-0.044-r4.ebuild
deleted file mode 100644
index 0415a2741e17..000000000000
--- a/net-vpn/peervpn/peervpn-0.044-r4.ebuild
+++ /dev/null
@@ -1,68 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit systemd toolchain-funcs user
-
-DESCRIPTION="P2P mesh VPN"
-HOMEPAGE="https://github.com/peervpn/peervpn"
-EGIT_COMMIT="eb35174277fbf745c5ee0d5875d659dad819adfc"
-SRC_URI="https://github.com/peervpn/peervpn/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="libressl"
-RDEPEND="libressl? ( dev-libs/libressl:0= )
-	!libressl? ( <dev-libs/openssl-1.1:0= )"
-DEPEND="${RDEPEND}"
-
-S=${WORKDIR}/${PN}-${EGIT_COMMIT}
-
-PATCHES=(
-	"${FILESDIR}/${P}-strncpy-null-terminator.patch"
-)
-
-pkg_setup() {
-	enewgroup ${PN}
-	enewuser ${PN} -1 -1 -1 ${PN}
-}
-
-src_prepare() {
-	default
-	sed -e 's|^CFLAGS+=-O2||' -i Makefile || die
-}
-
-src_compile() {
-	emake CC=$(tc-getCC)
-}
-
-src_install() {
-	dosbin ${PN}
-
-	insinto /etc/${PN}
-	newins peervpn.conf peervpn.conf.example
-	# read-only group access for bug 629418
-	fowners root:${PN} /etc/${PN}
-	fperms 0750 /etc/${PN}
-
-	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
-	systemd_dounit "${FILESDIR}/${PN}.service"
-
-	keepdir /var/log/${PN}
-	insinto /etc/logrotate.d
-	newins "${FILESDIR}/${PN}.logrotated" "${PN}"
-}
-
-pkg_preinst() {
-	if ! has_version '>=net-vpn/peervpn-0.044-r4' && \
-		[[ -d ${EROOT}etc/${PN} &&
-		$(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print) ]]; then
-		ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418"
-		while read -r -d ''; do
-			chown root:${PN} "${REPLY}" || die
-			chmod g+rX-w,o-rwx "${REPLY}" || die
-		done < <(find "${EROOT}etc/${PN}" -user "${PN}" ! -type l -print0)
-	fi
-}
diff --git a/net-vpn/peervpn/peervpn-0.044-r5.ebuild b/net-vpn/peervpn/peervpn-0.044-r5.ebuild
new file mode 100644
index 000000000000..a768d8ee2efb
--- /dev/null
+++ b/net-vpn/peervpn/peervpn-0.044-r5.ebuild
@@ -0,0 +1,75 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit systemd toolchain-funcs user
+
+DESCRIPTION="P2P mesh VPN"
+HOMEPAGE="https://github.com/peervpn/peervpn"
+EGIT_COMMIT="eb35174277fbf745c5ee0d5875d659dad819adfc"
+SRC_URI="https://github.com/peervpn/peervpn/archive/${EGIT_COMMIT}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="libressl"
+RDEPEND="libressl? ( dev-libs/libressl:0= )
+	!libressl? ( <dev-libs/openssl-1.1:0= )"
+DEPEND="${RDEPEND}"
+
+S=${WORKDIR}/${PN}-${EGIT_COMMIT}
+
+PATCHES=(
+	"${FILESDIR}/${P}-strncpy-null-terminator.patch"
+)
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 -1 ${PN}
+}
+
+src_prepare() {
+	default
+	sed -e 's|^CFLAGS+=-O2||' -i Makefile || die
+}
+
+src_compile() {
+	emake CC=$(tc-getCC)
+}
+
+src_install() {
+	dosbin ${PN}
+
+	insinto /etc/${PN}
+	newins peervpn.conf peervpn.conf.example
+	# read-only group access for bug 629418
+	fowners root:${PN} /etc/${PN}
+	fperms 0750 /etc/${PN}
+
+	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	keepdir /var/log/${PN}
+	insinto /etc/logrotate.d
+	newins "${FILESDIR}/${PN}.logrotated" "${PN}"
+}
+
+pkg_preinst() {
+	if ! has_version '>=net-vpn/peervpn-0.044-r4' && \
+		[[ -d ${EROOT}/etc/${PN} && ! -L ${EROOT}/etc/${PN} &&
+		$(find "${EROOT}/etc/${PN}" -maxdepth 1 -user "${PN}" ! -type l -print) ]]; then
+		ewarn "Tightening '${EROOT}/etc/${PN}' permissions for bug 629418"
+		# Tighten the parent directory permissions first, in
+		# order to protect against race conditions involving a
+		# less-privileged user.
+		chown root:${PN} "${EROOT}/etc/${PN}"
+		chmod g+rX-w,o-rwx "${EROOT}/etc/${PN}"
+		# Don't chown/chmod the referent of a symlink
+		# owned by a less-privileged user.
+		while read -r -d ''; do
+			chown root:${PN} "${REPLY}" || die
+			chmod g+rX-w,o-rwx "${REPLY}" || die
+		done < <(find "${EROOT}/etc/${PN}" -mindepth 1 -maxdepth 1 -user "${PN}" ! -type l -print0)
+	fi
+}
diff --git a/net-vpn/strongswan/Manifest b/net-vpn/strongswan/Manifest
index 0cc1777affef..5edd695fa9e3 100644
--- a/net-vpn/strongswan/Manifest
+++ b/net-vpn/strongswan/Manifest
@@ -2,6 +2,8 @@ AUX ipsec 451 BLAKE2B deb3fff7043e04c1630119bb0cbbd6fa9b6f15666131ac9744a32d35cf
 AUX strongswan-5.8.2-gcc-10.patch 1276 BLAKE2B 217fdbc9f858ce01ca13ccc3572d3ea7eae2d059ec6979e5263b919cee6da3eef2681a413265a1b78a267840d06341531d3676b9f5aa58717b577e976beeff5c SHA512 3762446b8bb0acce29882172afb826cc52be94187f28cbdb125be53a7b3c0f1229c1069194be7d96d7315ad056021d9271fe9f8b1d68980df6bc97ddc3d84aa7
 DIST strongswan-5.8.1.tar.bz2 4517921 BLAKE2B 07a82309515a054b267a063fc0e2f49fd03d16b221b1ee26a33c8d367df140797320e1ef7007a39074e40c472022d941656b3ae93d2eb860152cdc5a5d3dbc8a SHA512 630d24643b3d61e931bb25cdd083ad3c55f92fe41f3fcd3198012eee486fb3b1a16dc3f80936162afb7da9e471d45d92b7d183a00153a558babb2a79e5f6813f
 DIST strongswan-5.8.2.tar.bz2 4533402 BLAKE2B edbfa8dbe1ac00c140cfe9e906ac7aa1b6f3ddfd528dec84e7b1799e5ecdd0f6114679168ebcff9185c8abae78b46dfc43ddc4dabecd44f720285bd175d7a249 SHA512 423e7924acfe8a03ad7d4359ae9086fd516798fcf5eb948a27b52ea719f4d8954b83ea30ce94191ea1647616611df8a1215cb4d5c7ec48676624df6c41853e1d
+DIST strongswan-5.8.4.tar.bz2 4546240 BLAKE2B f58f53a17c02924a3ad75bfadd5956f62098c41468ec5fe8d51bf0f0465c8936d8ca846a41a0b6ff6ac24ccd2229e726d3ea2b48904abf5743bbe766e5f5f81c SHA512 15e866b0d6cc4ea94f17856b519d926ae08c15d3b62f675f62685d0722ca8fa26b46afb1ad1c866e9d5f347d77a747f57d0c6d7f6bd57762f37d7798f9e28103
 EBUILD strongswan-5.8.1.ebuild 9507 BLAKE2B 3912bd097b1c8f7d5b5aed00ff9396b2863ae3165f9f656e4dd6f0793f9b02d321115f23ad3c21558d6b2be13ebd6f14d28513209a703c61870b528cde566ec3 SHA512 17b8df9b5eab7c26425208e3d14d1b2596f3373d88314337cc2d397da574665d94bdca61a35ed6a143e5bc807f4b5514f7066841802a328b18f693c28e434fb9
 EBUILD strongswan-5.8.2.ebuild 9554 BLAKE2B 973ba926d32ac8d506925b2cabc0bc131571a4dd49627420bf0b8a528fedad36e2d734db07d66a5e0a24cf01a262398988b1854ad56c494e803622a66be16cb7 SHA512 f1b8267dfd94967a10d159a04c8aa9e1f558be69c30d6f6ce851845b25f6e87e0f788b079409ac2efdad1311b8d4ae7472ef6a9bb09a7fe1fe66a6ef4e16ad52
+EBUILD strongswan-5.8.4.ebuild 9511 BLAKE2B c512f2d683468f13ba7393c20ab1917c1cab56fb3389382bdec3571f0f30282accdd72182f626afd8e3203cbb404f336fa0c4e1b297d4c5a22a465155dd01fe5 SHA512 659a2196f090442a7cb721efc462210e530c089b8f9af319dbad718b3ed60d401e92c0201bddeaafe63dd12bd958e23dcb391198f3ca8e390a9a3d91a45448a5
 MISC metadata.xml 4135 BLAKE2B 13739675c455765d7ce73df9744779636d36d3f93eee4567c931fb40e528e56d34912e26a82bd35e377fbd34613c0b7044841ff6c2dc26694187d0de355f8b86 SHA512 e09ef1afdf5002dab542312753cbce56e830b906aa5c5ac8fd5c7b57cbaf021eb0c466241cf810f446693b8dedd90f185f3e2c7a53a0b9a43e14913dcdd83b23
diff --git a/net-vpn/strongswan/strongswan-5.8.4.ebuild b/net-vpn/strongswan/strongswan-5.8.4.ebuild
new file mode 100644
index 000000000000..aa83509c3d2d
--- /dev/null
+++ b/net-vpn/strongswan/strongswan-5.8.4.ebuild
@@ -0,0 +1,308 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+inherit linux-info systemd user
+
+DESCRIPTION="IPsec-based VPN solution, supporting IKEv1/IKEv2 and MOBIKE"
+HOMEPAGE="https://www.strongswan.org/"
+SRC_URI="https://download.strongswan.org/${P}.tar.bz2"
+
+LICENSE="GPL-2 RSA DES"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~ppc ~ppc64 ~x86"
+IUSE="+caps curl +constraints debug dhcp eap farp gcrypt +gmp ldap mysql networkmanager +non-root +openssl selinux sqlite systemd pam pkcs11"
+
+STRONGSWAN_PLUGINS_STD="led lookip systime-fix unity vici"
+STRONGSWAN_PLUGINS_OPT="aesni blowfish ccm chapoly ctr forecast gcm ha ipseckey newhope ntru padlock rdrand save-keys unbound whitelist"
+for mod in $STRONGSWAN_PLUGINS_STD; do
+	IUSE="${IUSE} +strongswan_plugins_${mod}"
+done
+
+for mod in $STRONGSWAN_PLUGINS_OPT; do
+	IUSE="${IUSE} strongswan_plugins_${mod}"
+done
+
+COMMON_DEPEND="!net-misc/openswan
+	gmp? ( >=dev-libs/gmp-4.1.5:= )
+	gcrypt? ( dev-libs/libgcrypt:0 )
+	caps? ( sys-libs/libcap )
+	curl? ( net-misc/curl )
+	ldap? ( net-nds/openldap )
+	openssl? ( >=dev-libs/openssl-0.9.8:=[-bindist] )
+	mysql? ( dev-db/mysql-connector-c:= )
+	sqlite? ( >=dev-db/sqlite-3.3.1 )
+	systemd? ( sys-apps/systemd )
+	networkmanager? ( net-misc/networkmanager )
+	pam? ( sys-libs/pam )
+	strongswan_plugins_unbound? ( net-dns/unbound:= net-libs/ldns )"
+DEPEND="${COMMON_DEPEND}
+	virtual/linux-sources
+	sys-kernel/linux-headers"
+RDEPEND="${COMMON_DEPEND}
+	virtual/logger
+	sys-apps/iproute2
+	!net-vpn/libreswan
+	selinux? ( sec-policy/selinux-ipsec )"
+
+UGID="ipsec"
+
+pkg_setup() {
+	linux-info_pkg_setup
+
+	elog "Linux kernel version: ${KV_FULL}"
+
+	if ! kernel_is -ge 2 6 16; then
+		eerror
+		eerror "This ebuild currently only supports ${PN} with the"
+		eerror "native Linux 2.6 IPsec stack on kernels >= 2.6.16."
+		eerror
+	fi
+
+	if kernel_is -lt 2 6 34; then
+		ewarn
+		ewarn "IMPORTANT KERNEL NOTES: Please read carefully..."
+		ewarn
+
+		if kernel_is -lt 2 6 29; then
+			ewarn "[ < 2.6.29 ] Due to a missing kernel feature, you have to"
+			ewarn "include all required IPv6 modules even if you just intend"
+			ewarn "to run on IPv4 only."
+			ewarn
+			ewarn "This has been fixed with kernels >= 2.6.29."
+			ewarn
+		fi
+
+		if kernel_is -lt 2 6 33; then
+			ewarn "[ < 2.6.33 ] Kernels prior to 2.6.33 include a non-standards"
+			ewarn "compliant implementation for SHA-2 HMAC support in ESP and"
+			ewarn "miss SHA384 and SHA512 HMAC support altogether."
+			ewarn
+			ewarn "If you need any of those features, please use kernel >= 2.6.33."
+			ewarn
+		fi
+
+		if kernel_is -lt 2 6 34; then
+			ewarn "[ < 2.6.34 ] Support for the AES-GMAC authentification-only"
+			ewarn "ESP cipher is only included in kernels >= 2.6.34."
+			ewarn
+			ewarn "If you need it, please use kernel >= 2.6.34."
+			ewarn
+		fi
+	fi
+
+	if use non-root; then
+		enewgroup ${UGID}
+		enewuser ${UGID} -1 -1 -1 ${UGID}
+	fi
+}
+
+src_configure() {
+	local myconf=""
+
+	if use non-root; then
+		myconf="${myconf} --with-user=${UGID} --with-group=${UGID}"
+	fi
+
+	# If a user has already enabled db support, those plugins will
+	# most likely be desired as well. Besides they don't impose new
+	# dependencies and come at no cost (except for space).
+	if use mysql || use sqlite; then
+		myconf="${myconf} --enable-attr-sql --enable-sql"
+	fi
+
+	# strongSwan builds and installs static libs by default which are
+	# useless to the user (and to strongSwan for that matter) because no
+	# header files or alike get installed... so disabling them is safe.
+	if use pam && use eap; then
+		myconf="${myconf} --enable-eap-gtc"
+	else
+		myconf="${myconf} --disable-eap-gtc"
+	fi
+
+	for mod in $STRONGSWAN_PLUGINS_STD; do
+		if use strongswan_plugins_${mod}; then
+			myconf+=" --enable-${mod}"
+		fi
+	done
+
+	for mod in $STRONGSWAN_PLUGINS_OPT; do
+		if use strongswan_plugins_${mod}; then
+			myconf+=" --enable-${mod}"
+		fi
+	done
+
+	econf \
+		--disable-static \
+		--enable-ikev1 \
+		--enable-ikev2 \
+		--enable-swanctl \
+		--enable-socket-dynamic \
+		$(use_enable curl) \
+		$(use_enable constraints) \
+		$(use_enable ldap) \
+		$(use_enable debug leak-detective) \
+		$(use_enable dhcp) \
+		$(use_enable eap eap-sim) \
+		$(use_enable eap eap-sim-file) \
+		$(use_enable eap eap-simaka-sql) \
+		$(use_enable eap eap-simaka-pseudonym) \
+		$(use_enable eap eap-simaka-reauth) \
+		$(use_enable eap eap-identity) \
+		$(use_enable eap eap-md5) \
+		$(use_enable eap eap-aka) \
+		$(use_enable eap eap-aka-3gpp2) \
+		$(use_enable eap md4) \
+		$(use_enable eap eap-mschapv2) \
+		$(use_enable eap eap-radius) \
+		$(use_enable eap eap-tls) \
+		$(use_enable eap eap-ttls) \
+		$(use_enable eap xauth-eap) \
+		$(use_enable eap eap-dynamic) \
+		$(use_enable farp) \
+		$(use_enable gmp) \
+		$(use_enable gcrypt) \
+		$(use_enable mysql) \
+		$(use_enable networkmanager nm) \
+		$(use_enable openssl) \
+		$(use_enable pam xauth-pam) \
+		$(use_enable pkcs11) \
+		$(use_enable sqlite) \
+		$(use_enable systemd) \
+		$(use_with caps capabilities libcap) \
+		--with-piddir=/run \
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)" \
+		${myconf}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	if ! use systemd; then
+		rm -rf "${ED}"/lib/systemd || die
+	fi
+
+	doinitd "${FILESDIR}"/ipsec
+
+	local dir_ugid
+	if use non-root; then
+		fowners ${UGID}:${UGID} \
+			/etc/ipsec.conf \
+			/etc/strongswan.conf
+
+		dir_ugid="${UGID}"
+	else
+		dir_ugid="root"
+	fi
+
+	diropts -m 0750 -o ${dir_ugid} -g ${dir_ugid}
+	dodir /etc/ipsec.d \
+		/etc/ipsec.d/aacerts \
+		/etc/ipsec.d/acerts \
+		/etc/ipsec.d/cacerts \
+		/etc/ipsec.d/certs \
+		/etc/ipsec.d/crls \
+		/etc/ipsec.d/ocspcerts \
+		/etc/ipsec.d/private \
+		/etc/ipsec.d/reqs
+
+	dodoc NEWS README TODO
+
+	# shared libs are used only internally and there are no static libs,
+	# so it's safe to get rid of the .la files
+	find "${D}" -name '*.la' -delete || die "Failed to remove .la files."
+}
+
+pkg_preinst() {
+	has_version "<net-vpn/strongswan-4.3.6-r1"
+	upgrade_from_leq_4_3_6=$(( !$? ))
+
+	has_version "<net-vpn/strongswan-4.3.6-r1[-caps]"
+	previous_4_3_6_with_caps=$(( !$? ))
+}
+
+pkg_postinst() {
+	if ! use openssl && ! use gcrypt; then
+		elog
+		elog "${PN} has been compiled without both OpenSSL and libgcrypt support."
+		elog "Please note that this might effect availability and speed of some"
+		elog "cryptographic features. You are advised to enable the OpenSSL plugin."
+	elif ! use openssl; then
+		elog
+		elog "${PN} has been compiled without the OpenSSL plugin. This might effect"
+		elog "availability and speed of some cryptographic features. There will be"
+		elog "no support for Elliptic Curve Cryptography (Diffie-Hellman groups 19-21,"
+		elog "25, 26) and ECDSA."
+	fi
+
+	if [[ $upgrade_from_leq_4_3_6 == 1 ]]; then
+		chmod 0750 "${ROOT}"/etc/ipsec.d \
+			"${ROOT}"/etc/ipsec.d/aacerts \
+			"${ROOT}"/etc/ipsec.d/acerts \
+			"${ROOT}"/etc/ipsec.d/cacerts \
+			"${ROOT}"/etc/ipsec.d/certs \
+			"${ROOT}"/etc/ipsec.d/crls \
+			"${ROOT}"/etc/ipsec.d/ocspcerts \
+			"${ROOT}"/etc/ipsec.d/private \
+			"${ROOT}"/etc/ipsec.d/reqs
+
+		ewarn
+		ewarn "The default permissions for /etc/ipsec.d/* have been tightened for"
+		ewarn "security reasons. Your system installed directories have been"
+		ewarn "updated accordingly. Please check if necessary."
+		ewarn
+
+		if [[ $previous_4_3_6_with_caps == 1 ]]; then
+			if ! use non-root; then
+				ewarn
+				ewarn "IMPORTANT: You previously had ${PN} installed without root"
+				ewarn "privileges because it was implied by the 'caps' USE flag."
+				ewarn "This has been changed. If you want ${PN} with user privileges,"
+				ewarn "you have to re-emerge it with the 'non-root' USE flag enabled."
+				ewarn
+			fi
+		fi
+	fi
+	if ! use caps && ! use non-root; then
+		ewarn
+		ewarn "You have decided to run ${PN} with root privileges and built it"
+		ewarn "without support for POSIX capability dropping. It is generally"
+		ewarn "strongly suggested that you reconsider- especially if you intend"
+		ewarn "to run ${PN} as server with a public ip address."
+		ewarn
+		ewarn "You should re-emerge ${PN} with at least the 'caps' USE flag enabled."
+		ewarn
+	fi
+	if use non-root; then
+		elog
+		elog "${PN} has been installed without superuser privileges (USE=non-root)."
+		elog "This imposes several limitations mainly to the IKEv1 daemon 'pluto'"
+		elog "but also a few to the IKEv2 daemon 'charon'."
+		elog
+		elog "Please carefully read: http://wiki.strongswan.org/wiki/nonRoot"
+		elog
+		elog "pluto uses a helper script by default to insert/remove routing and"
+		elog "policy rules upon connection start/stop which requires superuser"
+		elog "privileges. charon in contrast does this internally and can do so"
+		elog "even with reduced (user) privileges."
+		elog
+		elog "Thus if you require IKEv1 (pluto) or need to specify a custom updown"
+		elog "script to pluto or charon which requires superuser privileges, you"
+		elog "can work around this limitation by using sudo to grant the"
+		elog "user \"ipsec\" the appropriate rights."
+		elog "For example (the default case):"
+		elog "/etc/sudoers:"
+		elog "  ipsec ALL=(ALL) NOPASSWD: SETENV: /usr/sbin/ipsec"
+		elog "Under the specific connection block in /etc/ipsec.conf:"
+		elog "  leftupdown=\"sudo -E ipsec _updown iptables\""
+		elog
+	fi
+	elog
+	elog "Make sure you have _all_ required kernel modules available including"
+	elog "the appropriate cryptographic algorithms. A list is available at:"
+	elog "  http://wiki.strongswan.org/projects/strongswan/wiki/KernelModules"
+	elog
+	elog "The up-to-date manual is available online at:"
+	elog "  http://wiki.strongswan.org/"
+	elog
+}
diff --git a/net-vpn/tailscale/Manifest b/net-vpn/tailscale/Manifest
index 014dfb548f48..00faa08fef0a 100644
--- a/net-vpn/tailscale/Manifest
+++ b/net-vpn/tailscale/Manifest
@@ -1,14 +1,9 @@
 AUX tailscale.tmpfiles 79 BLAKE2B 8391d38d1ba704d356f894040cf998c42397e567970d285cf0ef82a854b48d534446231597e4e50ef913c03d8540488eb81ef296c8dbd0dc2c61ebd9678ad708 SHA512 9c220d99fae73ef3b8d76d35e137b48254719836087d75859027ae087190e57eaa1de21379efde05cdf285fe4cbd767e2ba9d7280b699695294150d351598c88
 AUX tailscaled.confd 147 BLAKE2B abea10fa6d05304a0c953dfd0fa1a4c10054129294d8554846d961457164513a52c551cea2603daffb4cbaeea9c22332dbb32c251dab334e095253ad474206d3 SHA512 db2e0727b84aba6d473a65cee1029fff0058754f1474c1062f37215da51ea85942b5ab3aabfb3f904d47aa5ec5844cab2c7126313dcdca35f10144a7525dd916
 AUX tailscaled.initd 416 BLAKE2B b4196852147dad2bf9a948b3d36f2d3b02e18266174d0a1f3b252ceca71132d232fa1de63a1b03992ccb39dcbdbb29b69791bf51e2e130c7192271114887c1e5 SHA512 a65a386715cfd21a02723ec6c7d05f874e0ac370142867c8145a7f9701cce0eacc2861aed69041363ca6e01fa5f87941464c653822ae187f1ea5ab66a1587bd2
-DIST tailscale_0.97-45_386.tgz 11879684 BLAKE2B 690e707e499e6986bd9676875af818f9fc68a7b9a4f66b2384efab4efa0c0d95cabe1a4c816152a7e61d14f33b16f1da00a8e7f9c26950412c2ac971a0ba090b SHA512 c81ae265c20bc2f8e9528b78dd39fd53d74b7a90d354617673912632d6599c9c0b866156ff8032b6a92f8452ae95789fdd0be3db87cf13aca2bb6ecdb13edf28
-DIST tailscale_0.97-45_amd64.tgz 12233156 BLAKE2B 120781c003be7cd244dd8b3659e817aea6567d0c0d4e34f468f2fb584b62a34cadec4e37b5d96076e7b4c9ffc6611b4dd7d41375ce6e54812e89d974af70a558 SHA512 6ed0dc7d847c75b3597deff0febb5a72b07d027e8b4889151c00126d77dd1dc3fd878080a2d0d4737a3b9a5f3b11993e2ff6991fc7e5fde2eed7838239515338
-DIST tailscale_0.97-45_arm.tgz 11328113 BLAKE2B 1ca588dfd8bb2c6e2b79d323b39f919ad2aebbb4c1812330a2875752b102bc461a304fa9c9761bd090d6361a966e04a06128535885383cb5baca0a679013e5b4 SHA512 78d8f44a07365ebc226df9c0a808f8da2a3e1f102db7aae3c9612c5c7e6ed5a32fcf0d43b43f23c507bba7ca4049be7a33c52473cff53d3fd7e9f9ae6b4d84bb
-DIST tailscale_0.97-45_arm64.tgz 11321460 BLAKE2B bdaadbb8c384cab4d098b9aabab299767744bc0ada5b31f7510505e5dd83b507b369010ba4d9e96935fbe8cdd9fafe3fd9308d3ccd5aaf829c3aa85887bc144e SHA512 e6a68fe36219024fa01ce0bc5b2ab56614197dade1cdc131ef8f966684fa513e0e51589fc4e7740812f08f05a2b08127a8679de3005b925a613a1bef8675a48f
 DIST tailscale_0.98-0_386.tgz 11772623 BLAKE2B 085f798bb1aabc8f6e286184428cca84cc552037bb67b503227e7c56acc90b6b9b860d3147498bbdeb5dc39164d472ba4ea441b93a57dd37b5aa4a977f2f1702 SHA512 10bbdbc7da71e018189eb63fe126237bd978cad8169a824f8bf70c065e53bd3d0f2741ce0bf7f810f27f68a273d33caf4cd086acde51956109c0d5317862352e
 DIST tailscale_0.98-0_amd64.tgz 12080659 BLAKE2B f3935a51c0210930d93c1779022e0e11508a92899fab5ba50c2a14a8670bc03a601de18847c02428971188647b60ba0154b12027c5d4224d47735964fa031ef7 SHA512 119ffa7a7035327b388dbabc118b37cc4af5f0b2bc01a4a757719b37659fefc2363eb48ef68c8009a05bff3cf3caf92a5f918683f49cdb052fc6c618ad08ed45
 DIST tailscale_0.98-0_arm.tgz 11276678 BLAKE2B 06e176c8fcd68761b8c3a9399e189b7793d2284315187b77c5c36309d6e5d8ce3a4675531315a47cba54fb402b0f07e02bcf2f9cd4c502f99131d86a1b0e422b SHA512 95913a397d636188d9673d1eca37e3b4fcf87ade0fcf7b69d086b2d05e5d854aba786ace03a1b7f406d02140a0c9197c925a5666c8a3bc1d11e15479f6440deb
 DIST tailscale_0.98-0_arm64.tgz 11288963 BLAKE2B 4244bcb6ff79dfaece4c82917a39804b6d58ce6a5f0572d19f62d9ba4cd40a0031eb723aee5a12dedc1303fbb8e9926d1b6eb9964080c5f162149dd049f8322b SHA512 b81c90a5a4a999a03c7edeaf65a0a2900771ade17a888ee03c29762c491d9fce605ce77f812949cbc36ad113d8a5ce5d2e21d69e91a7b4b8a87a8fc93129aaf4
-EBUILD tailscale-0.97_p45.ebuild 1148 BLAKE2B 51bdffb3879948dbfa6874f15885d6471bf0f971a3872bf789d49df150458eeacd94b43578f78adb625ee060a1dbf47008fde1229ac90b2f70081e0c6ec3dce1 SHA512 f03e1f52a4cc8893603e9603f38d51bf03a31aa76076c0d521d0cc3e59dc636b2457222343851402283a3dc40ce2417ebc31a799df95f58da3bf11711eba60b1
-EBUILD tailscale-0.98_p0.ebuild 1144 BLAKE2B ab6207222e23e25b2b8a06f228da56d225745326f5435d663b63b02d7fe075988b71b90edff207b857d2997dcd486941f2897472f5372f4c4492d0ae05b40152 SHA512 fd64e1e33fcc11e7b1653f1811368b243fa4eb113e11e281df13118013a39d17380872809611cf75459a7fa08d4e336f628009781d6e07d2bfd1a696fcf1aeb9
+EBUILD tailscale-0.98_p0.ebuild 1149 BLAKE2B 1521c4a30ee1380cb3b0317a0a23d0002a6a6f5ebf9bcc11e719e223d5eb908e4d50dbce367e9a0cac36688e7a83b5f94250c2c5395cac9df8c3a56f7b8db79a SHA512 bfe31ac24857f4840c4c2549256a9ea9567f979f217a4f9c7ce6bedb2e2e30f588074540eacf0ca2b14845eddbca67fabfdd48c8ffa7fe2d7b12ac7736f91f5c
 MISC metadata.xml 249 BLAKE2B 51ba583d3f040316570785a91020f260c7eacf5a322cc4b905648f547f06f413976d1834f7f010db5b6183aad6d6503f9bccb21e74508b5a5af1a5d96e82c805 SHA512 276a98a5eb50222440ab5bba11bfc895a0f89be2c2f2e561214b97b6138fe7c4341f6ca1fcb29bc03fa5a89844ede7f82a942c20ed649ce3e7da459a1b2481d5
diff --git a/net-vpn/tailscale/tailscale-0.97_p45.ebuild b/net-vpn/tailscale/tailscale-0.97_p45.ebuild
deleted file mode 100644
index 42558405f114..000000000000
--- a/net-vpn/tailscale/tailscale-0.97_p45.ebuild
+++ /dev/null
@@ -1,50 +0,0 @@
-# Copyright 2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit systemd tmpfiles
-
-DESCRIPTION="Tailscale vpn client"
-HOMEPAGE="https://tailscale.com"
-
-MY_PV="${PV//_p/-}"
-MY_P="${PN}_${MY_PV}"
-SRC_URI="
-	amd64? ( https://pkgs.tailscale.com/stable/${MY_P}_amd64.tgz )
-	arm? ( https://pkgs.tailscale.com/stable/${MY_P}_arm.tgz )
-	arm64? ( https://pkgs.tailscale.com/stable/${MY_P}_arm64.tgz )
-	x86? ( https://pkgs.tailscale.com/stable/${MY_P}_386.tgz )
-"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~x86"
-
-RDEPEND="net-firewall/iptables"
-
-QA_PRECOMPILED="**"
-
-src_unpack() {
-	default
-	use amd64 && S="${WORKDIR}/${MY_P}_amd64"
-	use arm && S="${WORKDIR}/${MY_P}_arm"
-	use arm64 && S="${WORKDIR}/${MY_P}_arm64"
-	use x86 && S="${WORKDIR}/${MY_P}_386"
-}
-
-src_install() {
-	dosbin ${PN}d
-	dobin ${PN}
-
-	systemd_dounit systemd/*.service
-	insinto /etc/default
-	newins systemd/tailscaled.defaults ${PN}
-	keepdir /var/lib/${PN}
-	fperms 0750 /var/lib/${PN}
-
-	newtmpfiles "${FILESDIR}/${PN}.tmpfiles" ${PN}.conf
-
-	newinitd "${FILESDIR}/${PN}d.initd" ${PN}
-	newconfd "${FILESDIR}/${PN}d.confd" ${PN}
-}
diff --git a/net-vpn/tailscale/tailscale-0.98_p0.ebuild b/net-vpn/tailscale/tailscale-0.98_p0.ebuild
index 1a9d74fe71a7..4b6378a2c008 100644
--- a/net-vpn/tailscale/tailscale-0.98_p0.ebuild
+++ b/net-vpn/tailscale/tailscale-0.98_p0.ebuild
@@ -39,7 +39,7 @@ src_install() {
 
 	systemd_dounit systemd/*.service
 	insinto /etc/default
-	newins systemd/tailscaled.defaults ${PN}
+	newins systemd/tailscaled.defaults tailscaled
 	keepdir /var/lib/${PN}
 	fperms 0750 /var/lib/${PN}
 
diff --git a/net-vpn/wireguard-modules/Manifest b/net-vpn/wireguard-modules/Manifest
index dd8fa42b1b4e..3ceb6cfce938 100644
--- a/net-vpn/wireguard-modules/Manifest
+++ b/net-vpn/wireguard-modules/Manifest
@@ -1,5 +1,4 @@
-AUX wireguard-modules-1.0.20200413-sch_generic-header.patch 860 BLAKE2B a3eb14274fd7c9a2d4e04aedb17f6fb87711b4c0d092651137f9b5a1c7aff43894a3a2de88ece6da18c8638a870128d9c61eb5f1fc5b7c9c40d150a95ff046d9 SHA512 2824c822f94c15644b990b1a8c7a9fbe6e752556736eb47e6330a11e7d4bdd1077d922dd41e0f63ef519f427653497014154c1074bd1bfb564fcaeb0ec0b4f6c
-DIST wireguard-linux-compat-1.0.20200413.tar.xz 261480 BLAKE2B 4a6e6571ba6e0285b08bb8b08b041cef02fdab99b516dd8717acf0f4cf86308382ed7b4f7333c5a97bd338aa973df83a7c8acd41c7022242700ec8db60f3aa64 SHA512 1df6802bf7bbae9292479b36a0ab54fc486ec0aa97e3c507634e4459b55f6755995ae73758ab169ed279e5d5dcf32bf3f38c18ce156d30f80be8ed77308fa8e8
-EBUILD wireguard-modules-1.0.20200413.ebuild 3499 BLAKE2B e7e3f05f8d854621fbf1ba6f19dbe5bc63c6c8c628b2ffa52594749bb149abc1fd0cc5b693df1422f0ef25a88511d1a203d897f8aa7ffd93b12d9f5d528d22cc SHA512 770a2d3d666560e022de710c0045f9057caa25989119417041d80e479a61628208b4adceb0534494f36ae9acf686b7334f48daca7816765e1e0e2e8acf090b66
+DIST wireguard-linux-compat-1.0.20200506.tar.xz 263228 BLAKE2B cc721009659a64efeab933d25bd901595fee313a0716e8e344d05e51f8458a1cde21b87418a62ad06e94614a28ce0ff26988f1375b74c567e3a827e970b79f15 SHA512 39a27a515919933dbed71624be3f8f3f512073b522e1e16248c9eda749dd72a3db5a02d85d29855160eb182415f489a4c02c1659ef9589507c99dbfe74ea3074
+EBUILD wireguard-modules-1.0.20200506.ebuild 3442 BLAKE2B 81c97ff68c71ce60d343266035852d2128246a3aa1c4ca95d0847904c021c5e4a7bb652d8c531e50be1dcc430fa34e54682462595101fded003af71e97e037e6 SHA512 1979d83d24156acf594edfc23c76e8e30e9a21ef9cd3fd45a06462ba20a30a9c90618852a611793af53424a52e0486a93d9198e18f89b7c57f9e8e06b434c9d5
 EBUILD wireguard-modules-9999.ebuild 3442 BLAKE2B 81c97ff68c71ce60d343266035852d2128246a3aa1c4ca95d0847904c021c5e4a7bb652d8c531e50be1dcc430fa34e54682462595101fded003af71e97e037e6 SHA512 1979d83d24156acf594edfc23c76e8e30e9a21ef9cd3fd45a06462ba20a30a9c90618852a611793af53424a52e0486a93d9198e18f89b7c57f9e8e06b434c9d5
 MISC metadata.xml 661 BLAKE2B bb9a48b3a4f3162f8ccec522734cbc8ffdc7a92868cc7dc32adc1f7ef89f7b2eab1df573bed421d4b76204f9f38ad4fee45f9db4b41c7dc3b86d9d9bb3120a8f SHA512 e9daa3bb8fa72cc60373a3187610231cf396bc5014f33412b65d069ffd02caa659c426819aa76d46a0dd15e8cb579325b46df5296a3b2136d020ec378e5f98a5
diff --git a/net-vpn/wireguard-modules/files/wireguard-modules-1.0.20200413-sch_generic-header.patch b/net-vpn/wireguard-modules/files/wireguard-modules-1.0.20200413-sch_generic-header.patch
deleted file mode 100644
index 8e263e9622a9..000000000000
--- a/net-vpn/wireguard-modules/files/wireguard-modules-1.0.20200413-sch_generic-header.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From bd388363a66d67f0e04f9c45b20a9f33dfcf79f6 Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Thu, 16 Apr 2020 00:27:33 -0600
-Subject: compat: include sch_generic.h header for skb_reset_tc
-
-Reported-by: King DuckZ <dev00@gmx.it>
-Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
----
- src/compat/compat.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/compat/compat.h b/src/compat/compat.h
-index 75bd3b7..bb996b8 100644
---- a/src/compat/compat.h
-+++ b/src/compat/compat.h
-@@ -1029,6 +1029,7 @@ out:
- 
- #if LINUX_VERSION_CODE < KERNEL_VERSION(5, 4, 29) || (LINUX_VERSION_CODE >= KERNEL_VERSION(5, 5, 0) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 5, 14))
- #include <linux/skbuff.h>
-+#include <net/sch_generic.h>
- static inline void skb_reset_redirect(struct sk_buff *skb)
- {
- #ifdef CONFIG_NET_SCHED
--- 
-cgit v1.2.3-4-ga26e
-
diff --git a/net-vpn/wireguard-modules/wireguard-modules-1.0.20200413.ebuild b/net-vpn/wireguard-modules/wireguard-modules-1.0.20200413.ebuild
deleted file mode 100644
index 8a425d4191e6..000000000000
--- a/net-vpn/wireguard-modules/wireguard-modules-1.0.20200413.ebuild
+++ /dev/null
@@ -1,102 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-MODULES_OPTIONAL_USE="module"
-inherit linux-mod bash-completion-r1
-
-DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography."
-HOMEPAGE="https://www.wireguard.com/"
-
-if [[ ${PV} == 9999 ]]; then
-	inherit git-r3
-	EGIT_REPO_URI="https://git.zx2c4.com/wireguard-linux-compat"
-	KEYWORDS=""
-else
-	SRC_URI="https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${PV}.tar.xz"
-	S="${WORKDIR}/wireguard-linux-compat-${PV}"
-	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
-fi
-
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="debug +module module-src"
-
-DEPEND=""
-RDEPEND="${DEPEND} !<virtual/wireguard-1"
-
-MODULE_NAMES="wireguard(kernel/drivers/net:src)"
-BUILD_TARGETS="module"
-CONFIG_CHECK="NET INET NET_UDP_TUNNEL CRYPTO_ALGAPI"
-
-PATCHES=( "${FILESDIR}/${P}-sch_generic-header.patch" )
-
-pkg_setup() {
-	if use module; then
-		linux-mod_pkg_setup
-		if kernel_is -ge 5 6 0; then
-			eerror
-			eerror "WireGuard has been merged upstream in Linux 5.6. Therefore,"
-			eerror "you no longer need this compatibility ebuild. Instead, simply"
-			eerror "enable CONFIG_WIREGUARD=y in your kernel configuration."
-			eerror
-			die "Use CONFIG_WIREGUARD=y for kernels >= 5.6, and do not use this package."
-		elif kernel_is -lt 3 10 0; then
-			die "This version of ${PN} requires Linux >= 3.10."
-		fi
-	fi
-}
-
-src_compile() {
-	BUILD_PARAMS="KERNELDIR=${KV_OUT_DIR}"
-	use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}"
-	use module && linux-mod_src_compile
-}
-
-src_install() {
-	use module && linux-mod_src_install
-	use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install
-}
-
-pkg_postinst() {
-	if use module-src && ! use module; then
-		einfo
-		einfo "You have enabled the module-src USE flag without the module USE"
-		einfo "flag. This means that sources are installed to"
-		einfo "${ROOT}/usr/src/wireguard instead of having the"
-		einfo "kernel module compiled. You will need to compile the module"
-		einfo "yourself. Most likely, you don't want this USE flag, and should"
-		einfo "rather use USE=module"
-		einfo
-	fi
-
-	if use module; then
-		linux-mod_pkg_postinst
-		local old new
-		if [[ $(uname -r) != "${KV_FULL}" ]]; then
-			ewarn
-			ewarn "You have just built WireGuard for kernel ${KV_FULL}, yet the currently running"
-			ewarn "kernel is $(uname -r). If you intend to use this WireGuard module on the currently"
-			ewarn "running machine, you will first need to reboot it into the kernel ${KV_FULL}, for"
-			ewarn "which this module was built."
-			ewarn
-		elif [[ -f /sys/module/wireguard/version ]] && \
-		     old="$(< /sys/module/wireguard/version)" && \
-		     new="$(modinfo -F version "${ROOT}/lib/modules/${KV_FULL}/net/wireguard.ko" 2>/dev/null)" && \
-		     [[ $old != "$new" ]]; then
-			ewarn
-			ewarn "You appear to have just upgraded WireGuard from version v$old to v$new."
-			ewarn "However, the old version is still running on your system. In order to use the"
-			ewarn "new version, you will need to remove the old module and load the new one. As"
-			ewarn "root, you can accomplish this with the following commands:"
-			ewarn
-			ewarn "    # rmmod wireguard"
-			ewarn "    # modprobe wireguard"
-			ewarn
-			ewarn "Do note that doing this will remove current WireGuard interfaces, so you may want"
-			ewarn "to gracefully remove them yourself prior."
-			ewarn
-		fi
-	fi
-}
diff --git a/net-vpn/wireguard-modules/wireguard-modules-1.0.20200506.ebuild b/net-vpn/wireguard-modules/wireguard-modules-1.0.20200506.ebuild
new file mode 100644
index 000000000000..16df945c1ab1
--- /dev/null
+++ b/net-vpn/wireguard-modules/wireguard-modules-1.0.20200506.ebuild
@@ -0,0 +1,100 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+MODULES_OPTIONAL_USE="module"
+inherit linux-mod bash-completion-r1
+
+DESCRIPTION="Simple yet fast and modern VPN that utilizes state-of-the-art cryptography."
+HOMEPAGE="https://www.wireguard.com/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.zx2c4.com/wireguard-linux-compat"
+	KEYWORDS=""
+else
+	SRC_URI="https://git.zx2c4.com/wireguard-linux-compat/snapshot/wireguard-linux-compat-${PV}.tar.xz"
+	S="${WORKDIR}/wireguard-linux-compat-${PV}"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="debug +module module-src"
+
+DEPEND=""
+RDEPEND="${DEPEND} !<virtual/wireguard-1"
+
+MODULE_NAMES="wireguard(kernel/drivers/net:src)"
+BUILD_TARGETS="module"
+CONFIG_CHECK="NET INET NET_UDP_TUNNEL CRYPTO_ALGAPI"
+
+pkg_setup() {
+	if use module; then
+		linux-mod_pkg_setup
+		if kernel_is -ge 5 6 0; then
+			eerror
+			eerror "WireGuard has been merged upstream in Linux 5.6. Therefore,"
+			eerror "you no longer need this compatibility ebuild. Instead, simply"
+			eerror "enable CONFIG_WIREGUARD=y in your kernel configuration."
+			eerror
+			die "Use CONFIG_WIREGUARD=y for kernels >= 5.6, and do not use this package."
+		elif kernel_is -lt 3 10 0; then
+			die "This version of ${PN} requires Linux >= 3.10."
+		fi
+	fi
+}
+
+src_compile() {
+	BUILD_PARAMS="KERNELDIR=${KV_OUT_DIR}"
+	use debug && BUILD_PARAMS="CONFIG_WIREGUARD_DEBUG=y ${BUILD_PARAMS}"
+	use module && linux-mod_src_compile
+}
+
+src_install() {
+	use module && linux-mod_src_install
+	use module-src && emake DESTDIR="${D}" PREFIX="${EPREFIX}/usr" -C src dkms-install
+}
+
+pkg_postinst() {
+	if use module-src && ! use module; then
+		einfo
+		einfo "You have enabled the module-src USE flag without the module USE"
+		einfo "flag. This means that sources are installed to"
+		einfo "${ROOT}/usr/src/wireguard instead of having the"
+		einfo "kernel module compiled. You will need to compile the module"
+		einfo "yourself. Most likely, you don't want this USE flag, and should"
+		einfo "rather use USE=module"
+		einfo
+	fi
+
+	if use module; then
+		linux-mod_pkg_postinst
+		local old new
+		if [[ $(uname -r) != "${KV_FULL}" ]]; then
+			ewarn
+			ewarn "You have just built WireGuard for kernel ${KV_FULL}, yet the currently running"
+			ewarn "kernel is $(uname -r). If you intend to use this WireGuard module on the currently"
+			ewarn "running machine, you will first need to reboot it into the kernel ${KV_FULL}, for"
+			ewarn "which this module was built."
+			ewarn
+		elif [[ -f /sys/module/wireguard/version ]] && \
+		     old="$(< /sys/module/wireguard/version)" && \
+		     new="$(modinfo -F version "${ROOT}/lib/modules/${KV_FULL}/net/wireguard.ko" 2>/dev/null)" && \
+		     [[ $old != "$new" ]]; then
+			ewarn
+			ewarn "You appear to have just upgraded WireGuard from version v$old to v$new."
+			ewarn "However, the old version is still running on your system. In order to use the"
+			ewarn "new version, you will need to remove the old module and load the new one. As"
+			ewarn "root, you can accomplish this with the following commands:"
+			ewarn
+			ewarn "    # rmmod wireguard"
+			ewarn "    # modprobe wireguard"
+			ewarn
+			ewarn "Do note that doing this will remove current WireGuard interfaces, so you may want"
+			ewarn "to gracefully remove them yourself prior."
+			ewarn
+		fi
+	fi
+}
diff --git a/net-vpn/wireguard-tools/Manifest b/net-vpn/wireguard-tools/Manifest
index dcc4afd3a370..a10f93aefc19 100644
--- a/net-vpn/wireguard-tools/Manifest
+++ b/net-vpn/wireguard-tools/Manifest
@@ -1,3 +1,5 @@
 DIST wireguard-tools-1.0.20200319.tar.xz 92324 BLAKE2B 9f514748708ef6a5b7f5b043c9054c954d17bb77de7a354b5a9a4e63cfb5f441237e98b16b288426441a7e709e1874d396cf67b04b38bb0ebbe7822bb32ada57 SHA512 d5bcd153f9b10f184b9a1bf9a81f33a9713ab4863ab5aa190eac60e92919756c8fecbb0d3cfb83bae20ac78fc43fdd7168f37294cdd7c5ee21f2a1b2db5fdf41
-EBUILD wireguard-tools-1.0.20200319.ebuild 3457 BLAKE2B 13c8ba245677c71d0487b7e7752b2ea31d26644520227b5b2aea302b83e953152b9752a608d8b10d23ef1ade89a78b814a20c31136989b2a6ec0cd14d3b63515 SHA512 a50707ab26b9c81b435dbd0edbf08da7ab06674d332818b3f715142adfce4d1ca8f5deba9291ecda4c26e23bc6214cde38114238faee9295163bfa6625f82093
+DIST wireguard-tools-1.0.20200513.tar.xz 94500 BLAKE2B 34a39533018416df382d180da76d6494feec1d40208c9df427c1979817dbe138c217fe4c4f4cf5cecd3c4053e6f73f1863d1e0a9ed2cad41899dda5387c15844 SHA512 4d27b262350b6b47843a323c2e7ab8d2bdd48065c265778abdec85b3f6fc92aa9af77d76e368df9cc8e435eae1c0ce50fed52e1d78db54358c1884d34be08d2c
+EBUILD wireguard-tools-1.0.20200319.ebuild 3227 BLAKE2B 28d1a50c5379f54153138c0cca1681cc2ef9c34833ccbb465b15b2cdf4e288235fc1a3beede3059d5c040ccbe1289be7a0c7250491b8fb714db5f158c129fcc1 SHA512 e1afcba37c0270e4e121fe26346314818e51b8fa8a627ec39c69e3014fbd1ea7cc7c44f47a4925ef3086ec60a2fd11b532f8af9102db825856ab34545770ffd2
+EBUILD wireguard-tools-1.0.20200513.ebuild 3234 BLAKE2B 0dcfc0ad5c8f7e893fc8fa7989da618b31025f2e7c28defd22278bf3f0228eb87014e8b32d6787ac257b94bb6ffdb2b2c34dadd06b0375d948a28685bb7698cd SHA512 f2a43c9a53144ef7a8fa7fb62a7fff5126f9422df3b946c54ec36c3637e846533df92e62dd2062ef2e405c44ee6440af5825f929d99779913bb55face199c383
 MISC metadata.xml 362 BLAKE2B b6c8384cc5434b65a80b2326df412ca38a96bfd137feb34cea5124eebe13d383851b3ceea17cfc0b937555a0760608e0f3d0a7834da15271e65f669bfbfb8d2a SHA512 bf494cd4c95dbbbf783fc847cdf03f9a83b2673bf3a0a78fa12480abd1e2657f255019cf4f68db5143b11c5c63d6c16e9e18480800115751be9bc3cae910c8ea
diff --git a/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild
index 6d3ad039ded4..252d5e050c21 100644
--- a/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild
+++ b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200319.ebuild
@@ -96,10 +96,6 @@ pkg_postinst() {
 	einfo "  \$ chromium http://192.168.4.1"
 	einfo "  \$ ping 192.168.4.1"
 	einfo
-	einfo "If you'd like to redirect your internet traffic, you can run it with the"
-	einfo "\"default-route\" argument. You may not use this server for any abusive or illegal"
-	einfo "purposes. It is for quick testing only."
-	einfo
 	einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/"
 	einfo
 }
diff --git a/net-vpn/wireguard-tools/wireguard-tools-1.0.20200513.ebuild b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200513.ebuild
new file mode 100644
index 000000000000..ab890be7d847
--- /dev/null
+++ b/net-vpn/wireguard-tools/wireguard-tools-1.0.20200513.ebuild
@@ -0,0 +1,101 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit linux-info bash-completion-r1 systemd toolchain-funcs
+
+DESCRIPTION="Required tools for WireGuard, such as wg(8) and wg-quick(8)"
+HOMEPAGE="https://www.wireguard.com/"
+
+if [[ ${PV} == 9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://git.zx2c4.com/wireguard-tools"
+	KEYWORDS=""
+else
+	SRC_URI="https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-${PV}.tar.xz"
+	KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc ~x86"
+fi
+
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="+wg-quick"
+
+BDEPEND="virtual/pkgconfig"
+DEPEND=""
+RDEPEND="${DEPEND}
+	wg-quick? (
+		|| ( net-firewall/nftables net-firewall/iptables )
+		virtual/resolvconf
+	)
+	!<virtual/wireguard-1
+"
+
+wg_quick_optional_config_nob() {
+	CONFIG_CHECK="$CONFIG_CHECK ~$1"
+	declare -g ERROR_$1="CONFIG_$1: This option is required for automatic routing of default routes inside of wg-quick(8), though it is not required for general WireGuard usage."
+}
+
+pkg_setup() {
+	use wg-quick || return 0
+	wg_quick_optional_config_nob IP_ADVANCED_ROUTER
+	wg_quick_optional_config_nob IP_MULTIPLE_TABLES
+	wg_quick_optional_config_nob IPV6_MULTIPLE_TABLES
+	if has_version net-firewall/nftables; then
+		wg_quick_optional_config_nob NF_TABLES
+		wg_quick_optional_config_nob NF_TABLES_IPV4
+		wg_quick_optional_config_nob NF_TABLES_IPV6
+		wg_quick_optional_config_nob NFT_CT
+		wg_quick_optional_config_nob NFT_FIB
+		wg_quick_optional_config_nob NFT_FIB_IPV4
+		wg_quick_optional_config_nob NFT_FIB_IPV6
+		wg_quick_optional_config_nob NF_CONNTRACK_MARK
+	elif has_version net-firewall/iptables; then
+		wg_quick_optional_config_nob NETFILTER_XTABLES
+		wg_quick_optional_config_nob NETFILTER_XT_MARK
+		wg_quick_optional_config_nob NETFILTER_XT_CONNMARK
+		wg_quick_optional_config_nob NETFILTER_XT_MATCH_COMMENT
+		wg_quick_optional_config_nob IP6_NF_RAW
+		wg_quick_optional_config_nob IP_NF_RAW
+		wg_quick_optional_config_nob IP6_NF_FILTER
+		wg_quick_optional_config_nob IP_NF_FILTER
+	fi
+	linux-info_pkg_setup
+}
+
+src_compile() {
+	emake RUNSTATEDIR="${EPREFIX}/run" -C src CC="$(tc-getCC)" LD="$(tc-getLD)"
+}
+
+src_install() {
+	dodoc README.md
+	dodoc -r contrib
+	emake \
+		WITH_BASHCOMPLETION=yes \
+		WITH_SYSTEMDUNITS=yes \
+		WITH_WGQUICK=$(usex wg-quick) \
+		DESTDIR="${D}" \
+		BASHCOMPDIR="$(get_bashcompdir)" \
+		SYSTEMDUNITDIR="$(systemd_get_systemunitdir)" \
+		PREFIX="${EPREFIX}/usr" \
+		-C src install
+}
+
+pkg_postinst() {
+	einfo
+	einfo "After installing WireGuard, if you'd like to try sending some packets through"
+	einfo "WireGuard, you may use, for testing purposes only, the insecure client.sh"
+	einfo "test example script:"
+	einfo
+	einfo "  \$ bzcat ${ROOT}/usr/share/doc/${PF}/contrib/ncat-client-server/client.sh.bz2 | sudo bash -"
+	einfo
+	einfo "This will automatically setup interface wg0, through a very insecure transport"
+	einfo "that is only suitable for demonstration purposes. You can then try loading the"
+	einfo "hidden website or sending pings:"
+	einfo
+	einfo "  \$ chromium http://192.168.4.1"
+	einfo "  \$ ping 192.168.4.1"
+	einfo
+	einfo "More info on getting started can be found at: https://www.wireguard.com/quickstart/"
+	einfo
+}
-- 
cgit v1.2.3