--- /usr/portage/dev-libs/openssl/openssl-1.0.2g-r2.ebuild	2016-03-03 19:53:05.000000000 +0100
+++ /usr/portage/dev-libs/openssl/openssl-1.0.2g-r3.ebuild	2016-03-04 07:43:04.234884227 +0100
@@ -14,7 +14,7 @@
 LICENSE="openssl"
 # subslot set to 1.0.2g version as this is the first release without SSLv2
 # support and thus breaks nearly every openssl consumer (see bug #575548)
-SLOT="0"
+SLOT="0/1.0.2g"
 KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~arm-linux ~x86-linux"
 IUSE="+asm bindist gmp kerberos rfc3779 sctp cpu_flags_x86_sse2 static-libs test +tls-heartbeat vanilla zlib"
 RESTRICT="!bindist? ( bindist )"
@@ -47,6 +47,42 @@
 	usr/include/openssl/opensslconf.h
 )
 
+pkg_pretend() {
+	if has_version "<dev-libs/openssl-1.0.2g-r3:0" &&
+		( has_version "<=net-misc/wget-1.16.3-r1[ssl,-gnutls,-static]" ||
+			has_version ">=net-misc/wget-1.16.3-r2[ssl,-gnutls,-libressl,-static]" )
+	then
+		eerror "Due to SSLv2 being officially disabled by default in"
+		eerror "openssl-1.0.2g for security reasons, a non-statically-linked"
+		eerror "Wget will crash from missing symbols until it is recompiled,"
+		eerror "preventing packages from being downloaded by Portage, including"
+		eerror "Wget itself if you don't have its tarball already."
+		eerror
+		eerror "To solve this, you must first temporarily compile net-misc/wget"
+		eerror "with USE=\"static\". After you do this, you will be able to"
+		eerror "emerge >=openssl-1.0.2g-r3, and then recompile Wget"
+		eerror "non-statically if you wish. You MUST at least recompile Wget"
+		eerror "once anyway, to include the new OpenSSL libraries with their"
+		eerror "security updates."
+		eerror
+		eerror "You can also compile Wget with USE=\"gnutls\" or"
+		eerror "USE=\"libressl\" (starting from wget-1.16.3-r2) instead, in"
+		eerror "which case it won't depend on OpenSSL, and there won't be any"
+		eerror "issue with it after upgrading OpenSSL, even if non-statically"
+		eerror "linked."
+		eerror
+		eerror "Be also warned that other packages depending on OpenSSL will"
+		eerror "crash because of the missing symbols, until they are"
+		eerror "recompiled. To recompile them all, run the following command"
+		eerror "as soon as possible after installing >=openssl-1.0.2g-r3:"
+		eerror
+		eerror "revdep-rebuild -i -L \"libssl.so.*\""
+		eerror
+
+		die "You must first temporarily compile net-misc/wget statically."
+	fi
+}
+
 src_prepare() {
 	# keep this in sync with app-misc/c_rehash
 	SSL_CNF_DIR="/etc/ssl"
@@ -156,7 +192,6 @@
 		enable-mdc2 \
 		enable-rc5 \
 		enable-tlsext \
-		enable-ssl2 \
 		$(use_ssl asm) \
 		$(use_ssl gmp gmp -lgmp) \
 		$(use_ssl kerberos krb5 --with-krb5-flavor=${krb5}) \
@@ -265,4 +300,13 @@
 
 	has_version ${CATEGORY}/${PN}:0.9.8 && return 0
 	preserve_old_lib_notify /usr/$(get_libdir)/lib{crypto,ssl}.so.0.9.8
+
+	ewarn "If you have upgraded from <openssl-1.0.2g-r3, you MUST recompile NOW"
+	ewarn "all packages depending on OpenSSL. Many of them will crash"
+	ewarn "otherwise, due to missing SSLv2 symbols (SSLv2 being now disabled"
+	ewarn "for security reasons). See bugs #575548 and #576128."
+	ewarn
+	ewarn "To compile them all, run the following command AS SOON AS POSSIBLE:"
+	ewarn
+	ewarn "revdep-rebuild -i -L \"libssl.so.*\""
 }