diff --git a/srcpkgs/retroshare/patches/fix-libressl-2.7-2.patch b/srcpkgs/retroshare/patches/fix-libressl-2.7-2.patch
new file mode 100644
index 00000000000..c1544f1c330
--- /dev/null
+++ b/srcpkgs/retroshare/patches/fix-libressl-2.7-2.patch
@@ -0,0 +1,14 @@
+--- ./libretroshare/src/tcponudp/bss_tou.c.orig	2018-04-24 21:11:00.988916163 +0200
++++ ./libretroshare/src/tcponudp/bss_tou.c	2018-04-24 21:12:01.766008033 +0200
+@@ -90,7 +90,9 @@ static int clear_tou_socket_error(int s)
+ 
+ #include "tou.h"
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL
++static int  BIO_get_init(BIO *a) { return a->init; }
++#elif OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ //static void BIO_set_shutdown(BIO *a,int s) { a->shutdown=s; }
+ 
+ static int  BIO_get_shutdown(BIO *a) { return a->shutdown; }
+
diff --git a/srcpkgs/retroshare/patches/fix-libressl-2.7.patch b/srcpkgs/retroshare/patches/fix-libressl-2.7.patch
new file mode 100644
index 00000000000..cacd42fb2dd
--- /dev/null
+++ b/srcpkgs/retroshare/patches/fix-libressl-2.7.patch
@@ -0,0 +1,277 @@
+--- ./libretroshare/src/gxs/gxssecurity.cc.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./libretroshare/src/gxs/gxssecurity.cc	2018-04-24 21:55:24.805942754 +0200
+@@ -41,7 +41,7 @@ static const uint32_t MULTI_ENCRYPTION_F
+         
+ static RsGxsId getRsaKeyFingerprint_old_insecure_method(RSA *pubkey)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+         int lenn = BN_num_bytes(pubkey -> n);
+ 
+         RsTemporaryMemory tmp(lenn) ;
+@@ -65,7 +65,7 @@ static RsGxsId getRsaKeyFingerprint_old_
+ }
+ static RsGxsId getRsaKeyFingerprint(RSA *pubkey)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+         int lenn = BN_num_bytes(pubkey -> n);
+         int lene = BN_num_bytes(pubkey -> e);
+ 
+--- ./libretroshare/src/gxstunnel/p3gxstunnel.cc.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./libretroshare/src/gxstunnel/p3gxstunnel.cc	2018-04-24 21:55:24.834942797 +0200
+@@ -1060,7 +1060,7 @@ bool p3GxsTunnelService::locked_sendDHPu
+ 	}
+ 
+ 	RsGxsTunnelDHPublicKeyItem *dhitem = new RsGxsTunnelDHPublicKeyItem ;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 	dhitem->public_key = BN_dup(dh->pub_key) ;
+ #else
+     const BIGNUM *pub_key=NULL ;
+@@ -1144,7 +1144,7 @@ bool p3GxsTunnelService::locked_initDHSe
+         return false ;
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     BN_hex2bn(&dh->p,dh_prime_2048_hex.c_str()) ;
+     BN_hex2bn(&dh->g,"5") ;
+ #else
+--- ./libretroshare/src/pqi/pqissl.cc.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./libretroshare/src/pqi/pqissl.cc	2018-04-24 21:55:24.906942906 +0200
+@@ -361,7 +361,7 @@ void pqissl::getCryptoParams(RsPeerCrypt
+ 
+ bool pqissl::actAsServer()
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 	return (bool)ssl_connection->server;
+ #else
+ 	return (bool)SSL_is_server(ssl_connection);
+@@ -1230,7 +1230,7 @@ int 	pqissl::Extract_Failed_SSL_Certific
+ 	RsPeerId sslid ;
+ 	getX509id(peercert, sslid) ;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 	RsPgpId gpgid(getX509CNString(peercert->cert_info->issuer));
+ 	std::string sslcn = getX509CNString(peercert->cert_info->subject);
+ #else
+--- ./libretroshare/src/pqi/pqissllistener.cc.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./libretroshare/src/pqi/pqissllistener.cc	2018-04-24 21:55:24.919942926 +0200
+@@ -493,7 +493,7 @@ int	pqissllistenbase::continueSSL(Incomi
+ #endif
+     if(x509 != NULL)
+     {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+         incoming_connexion_info.gpgid = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
+         incoming_connexion_info.sslcn = getX509CNString(x509->cert_info->subject);
+ #else
+@@ -892,7 +892,7 @@ int pqissllistener::completeConnection(i
+ 		AuthSSL::getAuthSSL()->CheckCertificate(newPeerId, peercert);
+ 
+ 		/* now need to get GPG id too */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 		RsPgpId pgpid(std::string(getX509CNString(peercert->cert_info->issuer)));
+ #else
+ 		RsPgpId pgpid(std::string(getX509CNString(X509_get_issuer_name(peercert))));
+--- ./libretroshare/src/pqi/sslfns.cc.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./libretroshare/src/pqi/sslfns.cc	2018-04-24 21:55:24.935942950 +0200
+@@ -602,7 +602,7 @@ bool getX509id(X509 *x509, RsPeerId& xid
+ 	}
+ 
+ 	// get the signature from the cert, and copy to the array.
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 	ASN1_BIT_STRING *signature = x509->signature;
+ #else
+ 	const ASN1_BIT_STRING *signature = NULL ;
+@@ -700,7 +700,7 @@ int	LoadCheckX509(const char *cert_file,
+ 	if (valid)
+ 	{
+ 		// extract the name.
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 		issuerName = RsPgpId(std::string(getX509CNString(x509->cert_info->issuer)));
+ 		location = getX509LocString(x509->cert_info->subject);
+ #else
+--- ./libretroshare/src/util/rsrecogn.cc.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./libretroshare/src/util/rsrecogn.cc	2018-04-24 21:55:24.955942980 +0200
+@@ -508,7 +508,7 @@ bool	RsRecogn::itemToRadix64(RsItem *ite
+ 
+ std::string RsRecogn::getRsaKeyId(RSA *pubkey)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 	int len = BN_num_bytes(pubkey -> n);
+ 	unsigned char tmp[len];
+ 	BN_bn2bin(pubkey -> n, tmp);
+--- ./openpgpsdk/src/openpgpsdk/openssl_crypto.c.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./openpgpsdk/src/openpgpsdk/openssl_crypto.c	2018-04-24 21:55:24.966942997 +0200
+@@ -45,7 +45,7 @@ void test_secret_key(const ops_secret_ke
+     {
+     RSA* test=RSA_new();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     test->n=BN_dup(skey->public_key.key.rsa.n);
+     test->e=BN_dup(skey->public_key.key.rsa.e);
+     test->d=BN_dup(skey->key.rsa.d);
+@@ -402,7 +402,7 @@ ops_boolean_t ops_dsa_verify(const unsig
+ 
+     osig=DSA_SIG_new();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     osig->r=sig->r;
+     osig->s=sig->s;
+ #else
+@@ -417,7 +417,7 @@ ops_boolean_t ops_dsa_verify(const unsig
+ 			 already_said=ops_true ;
+ 		 }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 		 osig->r=NULL;			// in this case, the values are not copied.
+ 		 osig->s=NULL;
+ #endif
+@@ -427,7 +427,7 @@ ops_boolean_t ops_dsa_verify(const unsig
+ 	 }
+ 
+     odsa=DSA_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     odsa->p=dsa->p;
+     odsa->q=dsa->q;
+     odsa->g=dsa->g;
+@@ -471,7 +471,7 @@ ops_boolean_t ops_dsa_verify(const unsig
+ 		return ops_false ;
+ 	 }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     osig->r=NULL;
+     osig->s=NULL;
+ 
+@@ -503,7 +503,7 @@ int ops_rsa_public_decrypt(unsigned char
+     int n;
+ 
+     orsa=RSA_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=rsa->n;
+     orsa->e=rsa->e;
+ #else
+@@ -512,7 +512,7 @@ int ops_rsa_public_decrypt(unsigned char
+ 
+     n=RSA_public_decrypt(length,in,out,orsa,RSA_NO_PADDING);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=orsa->e=NULL;
+ #endif
+     RSA_free(orsa);
+@@ -538,7 +538,7 @@ int ops_rsa_private_encrypt(unsigned cha
+     int n;
+ 
+     orsa=RSA_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=rsa->n;	// XXX: do we need n?
+     orsa->d=srsa->d;
+     orsa->p=srsa->q;
+@@ -564,7 +564,7 @@ int ops_rsa_private_encrypt(unsigned cha
+ 
+     n=RSA_private_encrypt(length,in,out,orsa,RSA_NO_PADDING);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=orsa->d=orsa->p=orsa->q=NULL;
+     orsa->e=NULL;
+ #endif
+@@ -592,7 +592,7 @@ int ops_rsa_private_decrypt(unsigned cha
+     char errbuf[1024];
+ 
+     orsa=RSA_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=rsa->n;	// XXX: do we need n?
+     orsa->d=srsa->d;
+     orsa->p=srsa->q;
+@@ -618,7 +618,7 @@ int ops_rsa_private_decrypt(unsigned cha
+         ERR_error_string(err,&errbuf[0]);
+         fprintf(stderr,"openssl error : %s\n",errbuf);
+         }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=orsa->d=orsa->p=orsa->q=NULL;
+     orsa->e=NULL;
+ #endif
+@@ -644,7 +644,7 @@ int ops_rsa_public_encrypt(unsigned char
+     //    printf("ops_rsa_public_encrypt: length=%ld\n", length);
+ 
+     orsa=RSA_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=rsa->n;
+     orsa->e=rsa->e;
+ #else
+@@ -664,7 +664,7 @@ int ops_rsa_public_encrypt(unsigned char
+ 	    BIO_free(fd_out) ;
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     orsa->n=orsa->e=NULL;
+ #endif
+     RSA_free(orsa);
+@@ -744,7 +744,7 @@ ops_boolean_t ops_rsa_generate_keypair(c
+     skey->public_key.days_valid=0;
+     skey->public_key.algorithm= OPS_PKA_RSA;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     skey->public_key.key.rsa.n=BN_dup(rsa->n);
+     skey->public_key.key.rsa.e=BN_dup(rsa->e);
+     skey->key.rsa.d=BN_dup(rsa->d);
+@@ -766,7 +766,7 @@ ops_boolean_t ops_rsa_generate_keypair(c
+     skey->octet_count=0;
+     skey->checksum=0;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     skey->key.rsa.p=BN_dup(rsa->p);
+     skey->key.rsa.q=BN_dup(rsa->q);
+     skey->key.rsa.u=BN_mod_inverse(NULL,rsa->p, rsa->q, ctx);
+@@ -888,7 +888,7 @@ DSA_SIG* ops_dsa_sign(unsigned char* has
+     DSA_SIG *dsasig;
+ 
+     odsa=DSA_new();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     odsa->p=dsa->p;
+     odsa->q=dsa->q;
+     odsa->g=dsa->g;
+@@ -901,7 +901,7 @@ DSA_SIG* ops_dsa_sign(unsigned char* has
+ 
+     dsasig=DSA_do_sign(hashbuf,hashsize,odsa);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+     odsa->p=odsa->q=odsa->g=odsa->pub_key=odsa->priv_key=NULL;
+ #endif
+     DSA_free(odsa);
+--- ./openpgpsdk/src/openpgpsdk/signature.c.orig	2017-08-03 21:29:52.000000000 +0200
++++ ./openpgpsdk/src/openpgpsdk/signature.c	2018-04-24 21:55:24.992943036 +0200
+@@ -298,7 +298,7 @@ static ops_boolean_t dsa_sign(ops_hash_t
+ 	dsasig=ops_dsa_sign(hashbuf, hashsize, sdsa, dsa);
+ 
+ 	// convert and write the sig out to memory
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+ 	ops_write_mpi(dsasig->r, cinfo);
+ 	ops_write_mpi(dsasig->s, cinfo);
+ #else
diff --git a/srcpkgs/retroshare/template b/srcpkgs/retroshare/template
index 626cf978a7d..074a956bfa8 100644
--- a/srcpkgs/retroshare/template
+++ b/srcpkgs/retroshare/template
@@ -1,7 +1,7 @@
 # Template file for 'retroshare'
 pkgname=retroshare
 version=0.6.3
-revision=2
+revision=3
 build_style=qmake
 wrksrc="RetroShare-${version}"
 homepage="http://retroshare.github.io"
@@ -16,9 +16,3 @@ makedepends="qt5-tools-devel qt5-multimedia-devel qt5-x11extras-devel
  pulseaudio-devel"
 distfiles="https://github.com/RetroShare/RetroShare/archive/v${version}.tar.gz"
 checksum=ddb64aa5148fdc950d4426f52f1cbb11578619b1242614e3c4ca4792ee5ce30b
-
-post_extract() {
-	sed -i \
-		's/OPENSSL_VERSION_NUMBER < 0x10100000L/\0 || defined(LIBRESSL_VERSION_NUMBER)/' \
-		$(grep -lr 'OPENSSL_VERSION_NUMBER < 0x10100000L')
-}