Attached patch adds a line to x86unix.pl (though it could probably be any relevant script in crypto/perlasm) which prints the necessary .section info to all .s files. This makes the 'append-flags -Wa,--no-exec-stacks' line in the ebuild redundant as well.
Created attachment 97249 [details, diff] Patch to fixe exec stacks in openssl
this should not be needed as -Wa,--noexecstack is forced into the build
I removed it - surely it is better to fix the application?
that's how upstream preferred to handle it last time i checked
Perhaps you could put a line in the ebuild stating this? Otherwise the Hardened exec stack guide seems to recommend patching the source instead of --no-exec-stack.