Index: net/rdesktop/Makefile
===================================================================
--- net/rdesktop/Makefile
+++ net/rdesktop/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	rdesktop
 PORTVERSION=	1.8.3
+PORTREVISION=	1
 CATEGORIES=	net comms ipv6
 MASTER_SITES=	SF
 
@@ -10,8 +11,9 @@
 COMMENT=	RDP client for Windows NT/2000/2003 Terminal Server
 
 LICENSE=	GPLv3
+LICENSE_FILE=	${WRKSRC}/COPYING
 
-USE_XORG=	x11
+USE_XORG=	x11 xrandr
 USES=		gmake iconv pkgconfig ssl
 CONFIGURE_ARGS+=	${ICONV_CONFIGURE_ARG} --disable-credssp
 GNU_CONFIGURE=	yes
Index: net/rdesktop/distinfo
===================================================================
--- net/rdesktop/distinfo
+++ net/rdesktop/distinfo
@@ -1,2 +1,3 @@
+TIMESTAMP = 1529982832
 SHA256 (rdesktop-1.8.3.tar.gz) = 88b20156b34eff5f1b453f7c724e0a3ff9370a599e69c01dc2bf0b5e650eece4
 SIZE (rdesktop-1.8.3.tar.gz) = 320212
Index: net/rdesktop/files/patch-openssl
===================================================================
--- /dev/null
+++ net/rdesktop/files/patch-openssl
@@ -0,0 +1,125 @@
+From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001
+From: Jani Hakala <jjhakala@gmail.com>
+Date: Thu, 16 Jun 2016 14:28:15 +0300
+Subject: [PATCH] Fix OpenSSL 1.1 compability issues
+
+Some data types have been made opaque in OpenSSL version 1.1 so
+stack allocation and accessing struct fields directly does not work.
+---
+ ssl.c | 65 ++++++++++++++++++++++++++++++++++++++++-------------------------
+ 1 file changed, 40 insertions(+), 25 deletions(-)
+
+diff --git a/ssl.c b/ssl.c
+index 4875125..032e9b9 100644
+--- ssl.c.orig
++++ ssl.c
+@@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
+ 		  uint8 * exponent)
+ {
+ 	BN_CTX *ctx;
+-	BIGNUM mod, exp, x, y;
++	BIGNUM *mod, *exp, *x, *y;
+ 	uint8 inr[SEC_MAX_MODULUS_SIZE];
+ 	int outlen;
+ 
+@@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
+ 	reverse(inr, len);
+ 
+ 	ctx = BN_CTX_new();
+-	BN_init(&mod);
+-	BN_init(&exp);
+-	BN_init(&x);
+-	BN_init(&y);
+-
+-	BN_bin2bn(modulus, modulus_size, &mod);
+-	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
+-	BN_bin2bn(inr, len, &x);
+-	BN_mod_exp(&y, &x, &exp, &mod, ctx);
+-	outlen = BN_bn2bin(&y, out);
++	mod = BN_new();
++	exp = BN_new();
++	x = BN_new();
++	y = BN_new();
++
++	BN_bin2bn(modulus, modulus_size, mod);
++	BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp);
++	BN_bin2bn(inr, len, x);
++	BN_mod_exp(y, x, exp, mod, ctx);
++	outlen = BN_bn2bin(y, out);
+ 	reverse(out, outlen);
+ 	if (outlen < (int) modulus_size)
+ 		memset(out + outlen, 0, modulus_size - outlen);
+ 
+-	BN_free(&y);
+-	BN_clear_free(&x);
+-	BN_free(&exp);
+-	BN_free(&mod);
++	BN_free(y);
++	BN_clear_free(x);
++	BN_free(exp);
++	BN_free(mod);
+ 	BN_CTX_free(ctx);
+ }
+ 
+@@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
+ 
+ 	   Kudos to Richard Levitte for the following (. intiutive .) 
+ 	   lines of code that resets the OID and let's us extract the key. */
+-	nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
++
++	X509_PUBKEY *key = NULL;
++	X509_ALGOR *algor = NULL;
++
++	key = X509_get_X509_PUBKEY(cert);
++	algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
++
++	nid = OBJ_obj2nid(algor->algorithm);
++
+ 	if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
+ 	{
+ 		DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
+-		ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
+-		cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
++		X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption),
++				       0, NULL, NULL, 0);
+ 	}
+ 	epk = X509_get_pubkey(cert);
+ 	if (NULL == epk)
+@@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len,
+ {
+ 	int len;
+ 
+-	if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
+-	    (BN_num_bytes(rkey->n) > (int) max_mod_len))
++	BIGNUM *e = NULL;
++	BIGNUM *n = NULL;
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++	e = rkey->e;
++	n = rkey->n;
++#else
++	RSA_get0_key(rkey, &e, &n, NULL);
++#endif
++
++	if ((BN_num_bytes(e) > (int) max_exp_len) ||
++	    (BN_num_bytes(n) > (int) max_mod_len))
+ 	{
+ 		return 1;
+ 	}
+-	len = BN_bn2bin(rkey->e, exponent);
++	len = BN_bn2bin(e, exponent);
+ 	reverse(exponent, len);
+-	len = BN_bn2bin(rkey->n, modulus);
++	len = BN_bn2bin(n, modulus);
+ 	reverse(modulus, len);
+ 	return 0;
+ }
+@@ -229,8 +247,5 @@ void
+ rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len,
+ 	       unsigned char *md)
+ {
+-	HMAC_CTX ctx;
+-	HMAC_CTX_init(&ctx);
+ 	HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);
+-	HMAC_CTX_cleanup(&ctx);
+ }
Index: net/rdesktop/files/patch-openssl2
===================================================================
--- /dev/null
+++ net/rdesktop/files/patch-openssl2
@@ -0,0 +1,55 @@
+From c6e8e1074b8ac57de6c80c4e3ed38e105b4d94f1 Mon Sep 17 00:00:00 2001
+From: Henrik Andersson <hean01@cendio.com>
+Date: Mon, 24 Oct 2016 10:24:35 +0200
+Subject: [PATCH] Fix crash in rdssl_cert_to_rkey.
+
+This crash was introduced by merging OpenSSL 1.1 PR done on
+commit 50b39d11. Where algor was overwritten with return value
+of X509_PUBKEY_get0_param(). I also added additional error
+handling for X509_get_X509_PUBKEY.
+
+Thanks to TingPing that found this error in PR.
+---
+ ssl.c | 15 ++++++++++++++-
+ 1 file changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/ssl.c b/ssl.c
+index 032e9b9..07d7aa5 100644
+--- ssl.c.orig
++++ ssl.c
+@@ -3,6 +3,7 @@
+    Secure sockets abstraction layer
+    Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
+    Copyright (C) Jay Sorg <j@american-data.com> 2006-2008
++   Copyright (C) Henrik Andersson <hean01@cendio.com> 2016
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -140,6 +141,7 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
+ 	EVP_PKEY *epk = NULL;
+ 	RDSSL_RKEY *lkey;
+ 	int nid;
++	int ret;
+ 
+ 	/* By some reason, Microsoft sets the OID of the Public RSA key to
+ 	   the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
+@@ -151,7 +153,18 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
+ 	X509_ALGOR *algor = NULL;
+ 
+ 	key = X509_get_X509_PUBKEY(cert);
+-	algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
++	if (key == NULL)
++	{
++		error("Failed to get public key from certificate.\n");
++		return NULL;
++	}
++
++	ret = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
++	if (ret != 1)
++	{
++		error("Faild to get algorithm used for public key.\n");
++		return NULL;
++	}
+ 
+ 	nid = OBJ_obj2nid(algor->algorithm);
+ 
Index: net/rdesktop/files/patch-openssl3
===================================================================
--- /dev/null
+++ net/rdesktop/files/patch-openssl3
@@ -0,0 +1,70 @@
+Logical backport of the following patch from rdesktop git, to 1.8.3 release.
+Significantly, it fixes the reversal of 'n' and 'e' parameters to
+RSA_get0_key() in rdssl_rkey_get_exp_mod() introduced in files/patch-openssl.
+
+From a3dfceefc2c729243b71270e3f503fa2dd57ec8d Mon Sep 17 00:00:00 2001
+From: Alexander Zakharov <uglym8@gmail.com>
+Date: Wed, 21 Jun 2017 15:28:31 +0300
+Subject: [PATCH] Workaround for key caching in OpenSSL > 1.1.0
+
+Since v.1.1.0 the key caching has been added to OpenSSL.
+After X.509 had been parsed there is no point in changing of key
+algorithm as the key had already been decoded and cached result will
+be returned anyway. (check crypto/x509/x_pubkey.c: X509_PUBKEY_get0())
+---
+ ssl.c | 34 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/ssl.c b/ssl.c
+index c248449e..45d8ee42 100644
+--- ssl.c.orig
++++ ssl.c
+@@ -143,6 +143,11 @@
+ 	int nid;
+ 	int ret;
+ 
++	const unsigned char *p;
++	int pklen;
++
++	RSA *rsa = NULL;
++
+ 	/* By some reason, Microsoft sets the OID of the Public RSA key to
+ 	   the oid for "MD5 with RSA Encryption" instead of "RSA Encryption"
+ 
+@@ -170,10 +175,27 @@
+ 
+ 	if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
+ 	{
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 		DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
+ 		X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption),
+ 				       0, NULL, NULL, 0);
++#else
++		if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, key)) {
++			error("failed to get algorithm used for public key.\n");
++			return NULL;
++		}
++
++		if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
++			error("failed to extract public key from certificate.\n");
++			return NULL;
++		}
++
++		lkey = RSAPublicKey_dup(rsa);
++		*key_len = RSA_size(lkey);
++		return lkey;
++#endif
+ 	}
++
+ 	epk = X509_get_pubkey(cert);
+ 	if (NULL == epk)
+ 	{
+@@ -229,7 +251,7 @@
+ 	e = rkey->e;
+ 	n = rkey->n;
+ #else
+-	RSA_get0_key(rkey, &e, &n, NULL);
++	RSA_get0_key(rkey, &n, &e, NULL);
+ #endif
+ 
+ 	if ((BN_num_bytes(e) > (int) max_exp_len) ||