put user stuff in user, not system

161 files changed, 14933 insertions, 0 deletions

diff --git a/user/apr-util/APKBUILD b/user/apr-util/APKBUILD
new file mode 100644
index 000000000..415c3e9cd
--- /dev/null
+++ b/user/apr-util/APKBUILD
@@ -0,0 +1,64 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=apr-util
+pkgver=1.6.1
+pkgrel=0
+pkgdesc="The Apache Portable Runtime Utility Library"
+url="http://apr.apache.org/"
+arch="all"
+license="ASL 2.0"
+depends=
+subpackages="$pkgname-dev $pkgname-dbm_db $pkgname-dbd_pgsql
+	$pkgname-dbd_sqlite3 $pkgname-ldap"
+
+depends_dev="expat-dev apr-dev openldap-dev sqlite-dev postgresql-dev
+	db-dev openssl-dev"
+makedepends="$depends_dev bash chrpath openssl"
+source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2"
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--with-apr=/usr \
+		--with-ldap \
+		--with-pgsql \
+		--with-sqlite3 \
+		--with-berkeley-db \
+		--with-crypto \
+		--with-openssl \
+		--without-sqlite2 \
+		--without-gdbm
+	make
+}
+
+check() {
+	cd "$builddir"
+	# testxlate fails because UTF-7 is unsupported
+	make check || return 0
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	rm "$pkgdir"/usr/lib/*.exp
+	chrpath -d "$pkgdir"/usr/lib/*.so.*
+}
+
+_mv_mod() {
+	pkgdesc="The Apache Portable Runtime Utility Library - $2 driver"
+	depends=
+	local _moddir="usr/lib/apr-util-1"
+	mkdir -p "$subpkgdir"/$_moddir
+	mv "$pkgdir"/$_moddir/apr_$1*.so "$subpkgdir"/$_moddir/
+}
+
+dbm_db() { _mv_mod dbm_db "Berkley DB"; }
+dbd_pgsql() { _mv_mod dbd_pgsql "PostgreSQL"; }
+dbd_mysql() { _mv_mod dbd_mysql "MySQL"; }
+dbd_sqlite3() { _mv_mod dbd_sqlite "SQLite3"; }
+ldap() { _mv_mod ldap "LDAP"; }
+
+sha512sums="40eff8a37c0634f7fdddd6ca5e596b38de15fd10767a34c30bbe49c632816e8f3e1e230678034f578dd5816a94f246fb5dfdf48d644829af13bf28de3225205d  apr-util-1.6.1.tar.bz2"
diff --git a/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch b/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
new file mode 100644
index 000000000..93e3ac995
--- /dev/null
+++ b/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
@@ -0,0 +1,55 @@
+From ab11be0becb90542f10d5713659b559842c53af2 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 29 Mar 2016 15:15:17 +0200
+Subject: [PATCH] libavutil: clean up unused FF_SYMVER macro
+
+There is nothing using it since commit d63443b9 (lavc: drop the
+av_fast_{re,m}alloc compatibility wrappers).
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ libavutil/internal.h | 28 ----------------------------
+ 1 file changed, 28 deletions(-)
+
+diff --git a/libavutil/internal.h b/libavutil/internal.h
+index 61784b5..69d63d5 100644
+--- a/libavutil/internal.h
++++ b/libavutil/internal.h
+@@ -177,34 +177,6 @@
+ #endif
+ 
+ /**
+- * Define a function with only the non-default version specified.
+- *
+- * On systems with ELF shared libraries, all symbols exported from
+- * FFmpeg libraries are tagged with the name and major version of the
+- * library to which they belong.  If a function is moved from one
+- * library to another, a wrapper must be retained in the original
+- * location to preserve binary compatibility.
+- *
+- * Functions defined with this macro will never be used to resolve
+- * symbols by the build-time linker.
+- *
+- * @param type return type of function
+- * @param name name of function
+- * @param args argument list of function
+- * @param ver  version tag to assign function
+- */
+-#if HAVE_SYMVER_ASM_LABEL
+-#   define FF_SYMVER(type, name, args, ver)                     \
+-    type ff_##name args __asm__ (EXTERN_PREFIX #name "@" ver);  \
+-    type ff_##name args
+-#elif HAVE_SYMVER_GNU_ASM
+-#   define FF_SYMVER(type, name, args, ver)                             \
+-    __asm__ (".symver ff_" #name "," EXTERN_PREFIX #name "@" ver);      \
+-    type ff_##name args;                                                \
+-    type ff_##name args
+-#endif
+-
+-/**
+  * Return NULL if a threading library has not been enabled.
+  * Used to disable threading functions in AVCodec definitions
+  * when not needed.
+-- 
+2.7.4
+
diff --git a/user/ffmpeg/APKBUILD b/user/ffmpeg/APKBUILD
new file mode 100644
index 000000000..a963e33f8
--- /dev/null
+++ b/user/ffmpeg/APKBUILD
@@ -0,0 +1,104 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ffmpeg
+pkgver=3.4
+pkgrel=1
+pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
+url="http://ffmpeg.org/"
+arch="all"
+license="GPL"
+options="!check textrels"  # Test suite requires proper licensing headers on all files,
+                  # which upstream does not provide.
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+makedepends="gnutls-dev lame-dev libvorbis-dev xvidcore-dev zlib-dev libvdpau-dev
+	imlib2-dev libtheora-dev coreutils bzip2-dev perl-dev libvpx-dev
+	pulseaudio-dev sdl2-dev libxfixes-dev libva-dev alsa-lib-dev rtmpdump-dev
+	v4l-utils-dev yasm opus-dev x265-dev xz-dev freetype-dev speex-dev
+	ladspa-dev libcdio-dev libcdio-paranoia-dev wavpack-dev libwebp-dev"
+source="http://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
+	0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
+	"
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+#   3.3.4-r0:
+#     - CVE-2017-14054
+#     - CVE-2017-14055
+#     - CVE-2017-14056
+#     - CVE-2017-14057
+#     - CVE-2017-14058
+#     - CVE-2017-14059
+#     - CVE-2017-14169
+#     - CVE-2017-14170
+#     - CVE-2017-14171
+#     - CVE-2017-14222
+#     - CVE-2017-14223
+#     - CVE-2017-14225
+
+build() {
+	local _dbg="--disable-debug"
+	local _asm=""
+	[ -n "$DEBUG" ] && _dbg="--enable-debug"
+
+	case "$CARCH" in
+	x86 | arm*) _asm="--disable-asm" ;;
+	ppc64) _asm="--cpu=G5" ;;
+	esac
+
+	cd "$builddir"
+	./configure \
+		--prefix=/usr \
+		--enable-avresample \
+		--enable-avfilter \
+		--enable-gnutls \
+		--enable-gpl \
+		--enable-libmp3lame \
+		--enable-librtmp \
+		--enable-libvorbis \
+		--enable-libvpx \
+		--enable-libxvid \
+		--enable-libx265 \
+		--enable-libtheora \
+		--enable-libv4l2 \
+		--enable-postproc \
+		--enable-pic \
+		--enable-pthreads \
+		--enable-shared \
+		--enable-libxcb \
+		--disable-stripping \
+		--disable-static \
+		--enable-vaapi \
+		--enable-vdpau \
+		--enable-libopus \
+		--enable-libcdio \
+		--enable-ladspa \
+		--enable-lzma \
+		--enable-libspeex \
+		--enable-libfreetype \
+		--enable-libwavpack \
+		--enable-libwebp \
+		--enable-libpulse \
+		$_asm $_dbg
+	make
+	${CC:-gcc} -o tools/qt-faststart $CFLAGS tools/qt-faststart.c
+	make doc/ffmpeg.1 doc/ffplay.1 doc/ffserver.1
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install install-man
+	install -D -m755 tools/qt-faststart "$pkgdir/usr/bin/qt-faststart"
+#	strip --strip-debug "$pkgdir"/usr/lib/*.a
+}
+
+libs() {
+	pkgdesc="Libraries for ffmpeg"
+	replaces="ffmpeg"
+	mkdir -p "$subpkgdir"/usr
+	mv "$pkgdir"/usr/lib "$subpkgdir"/usr
+}
+
+sha512sums="357445f0152848d43f8a22f1078825bc44adacff9194e12cc78e8b5edac8e826bbdf73dc8b37e0f2a3036125b76b6b9190153760c761e63ebd2452a39e39536f  ffmpeg-3.4.tar.xz
+32652e18d4eb231a2e32ad1cacffdf33264aac9d459e0e2e6dd91484fced4e1ca5a62886057b1f0b4b1589c014bbe793d17c78adbaffec195f9a75733b5b18cb  0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch"
diff --git a/user/freetype/0001-Enable-table-validation-modules.patch b/user/freetype/0001-Enable-table-validation-modules.patch
new file mode 100644
index 000000000..3e9451fa8
--- /dev/null
+++ b/user/freetype/0001-Enable-table-validation-modules.patch
@@ -0,0 +1,34 @@
+From c3680bf8d38cf759c1e33dcc2d2d51e0a4fea2f9 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 23 Jun 2015 08:40:29 +0200
+Subject: [PATCH 1/3] Enable table validation modules
+
+---
+ modules.cfg | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules.cfg b/modules.cfg
+index f30049c38cc45159..7b8e50fe1b34584a 100644
+--- a/modules.cfg
++++ b/modules.cfg
+@@ -120,7 +120,7 @@ AUX_MODULES += cache
+ # TrueType GX/AAT table validation.  Needs ftgxval.c below.
+ #
+ # No FT_CONFIG_OPTION_PIC support.
+-# AUX_MODULES += gxvalid
++AUX_MODULES += gxvalid
+ 
+ # Support for streams compressed with gzip (files with suffix .gz).
+ #
+@@ -143,7 +143,7 @@ AUX_MODULES += bzip2
+ # OpenType table validation.  Needs ftotval.c below.
+ #
+ # No FT_CONFIG_OPTION_PIC support.
+-# AUX_MODULES += otvalid
++AUX_MODULES += otvalid
+ 
+ # Auxiliary PostScript driver component to share common code.
+ #
+-- 
+2.9.3
+
diff --git a/user/freetype/0002-Enable-subpixel-rendering.patch b/user/freetype/0002-Enable-subpixel-rendering.patch
new file mode 100644
index 000000000..dfb57966e
--- /dev/null
+++ b/user/freetype/0002-Enable-subpixel-rendering.patch
@@ -0,0 +1,25 @@
+From 96f09f08417887b2618c177bccfb6da2906568d9 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 23 Jun 2015 08:43:07 +0200
+Subject: [PATCH 2/3] Enable subpixel rendering
+
+---
+ include/freetype/config/ftoption.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h
+index 90c123ef93e9ea04..67a361dd41e0b026 100644
+--- a/include/freetype/config/ftoption.h
++++ b/include/freetype/config/ftoption.h
+@@ -122,7 +122,7 @@ FT_BEGIN_HEADER
+   /* This is done to allow FreeType clients to run unmodified, forcing     */
+   /* them to display normal gray-level anti-aliased glyphs.                */
+   /*                                                                       */
+-/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */
++#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING
+ 
+ 
+   /*************************************************************************/
+-- 
+2.9.3
+
diff --git a/user/freetype/0003-Enable-infinality-subpixel-hinting.patch b/user/freetype/0003-Enable-infinality-subpixel-hinting.patch
new file mode 100644
index 000000000..bbfa2a2cd
--- /dev/null
+++ b/user/freetype/0003-Enable-infinality-subpixel-hinting.patch
@@ -0,0 +1,27 @@
+From 220e96a9a8d7aff6ad0f0f1aa12c79cdb563331c Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Mon, 29 Aug 2016 08:43:10 +0200
+Subject: [PATCH 3/3] Enable infinality subpixel hinting
+
+---
+ include/freetype/config/ftoption.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h
+index 67a361dd41e0b026..c4812862518b66a6 100644
+--- a/include/freetype/config/ftoption.h
++++ b/include/freetype/config/ftoption.h
+@@ -675,8 +675,8 @@ FT_BEGIN_HEADER
+   /* [1] http://www.microsoft.com/typography/cleartype/truetypecleartype.aspx */
+   /*                                                                       */
+ /* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING  1         */
+-#define TT_CONFIG_OPTION_SUBPIXEL_HINTING  2
+-/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING  ( 1 | 2 ) */
++/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING  2         */
++#define TT_CONFIG_OPTION_SUBPIXEL_HINTING     ( 1 | 2 )
+ 
+ 
+   /*************************************************************************/
+-- 
+2.9.3
+
diff --git a/user/freetype/0004-Enable-long-PCF-family-names.patch b/user/freetype/0004-Enable-long-PCF-family-names.patch
new file mode 100644
index 000000000..675423a7c
--- /dev/null
+++ b/user/freetype/0004-Enable-long-PCF-family-names.patch
@@ -0,0 +1,25 @@
+From 62da6a0f7f5cb77859a793863c386c452411e2a6 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Sun, 14 May 2017 18:09:31 +0200
+Subject: [PATCH 4/4] Enable long PCF family names
+
+---
+ include/freetype/config/ftoption.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h
+index ebb44acdbbef9a47..0b39b417162707e4 100644
+--- a/include/freetype/config/ftoption.h
++++ b/include/freetype/config/ftoption.h
+@@ -865,7 +865,7 @@ FT_BEGIN_HEADER
+   /* If this option is activated, it can be controlled with the            */
+   /* `no-long-family-names' property of the pcf driver module.             */
+   /*                                                                       */
+-/* #define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES */
++#define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES
+ 
+ 
+   /*************************************************************************/
+-- 
+2.13.0
+
diff --git a/user/freetype/40-memcpy-fix.patch b/user/freetype/40-memcpy-fix.patch
new file mode 100644
index 000000000..89e61cd0b
--- /dev/null
+++ b/user/freetype/40-memcpy-fix.patch
@@ -0,0 +1,14 @@
+--- ./src/psaux/psobjs.c~	2006-04-26 16:38:17.000000000 +0200
++++ ./src/psaux/psobjs.c	2006-09-10 15:01:13.000000000 +0200
+@@ -165,6 +165,11 @@
+       return PSaux_Err_Invalid_Argument;
+     }
+ 
++    if ( length < 0 ) {
++      FT_ERROR(( "ps_table_add: invalid length\n" ));
++      return PSaux_Err_Invalid_Argument;
++    }
++
+     /* grow the base block if needed */
+     if ( table->cursor + length > table->capacity )
+     {
diff --git a/user/freetype/APKBUILD b/user/freetype/APKBUILD
new file mode 100644
index 000000000..fbb4e0103
--- /dev/null
+++ b/user/freetype/APKBUILD
@@ -0,0 +1,59 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=freetype
+pkgver=2.8.1
+pkgrel=2
+pkgdesc="TrueType font rendering library"
+url="https://www.freetype.org/"
+arch="all"
+license="GPL"
+options="!check"
+depends=""
+depends_dev=""
+makedepends="$depends_dev zlib-dev libpng-dev bzip2-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://download.savannah.gnu.org/releases/freetype/freetype-$pkgver.tar.bz2
+	40-memcpy-fix.patch
+	0001-Enable-table-validation-modules.patch
+	0003-Enable-infinality-subpixel-hinting.patch
+	0004-Enable-long-PCF-family-names.patch
+
+	freetype-profile.sh
+	"
+
+# secfixes:
+#   2.7.1-r1:
+#     - CVE-2017-8105
+#     - CVE-2017-8287
+
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-static \
+		--with-bzip2 \
+		--with-png
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+
+	install -Dm644 "$srcdir"/freetype-profile.sh \
+		"$pkgdir"/etc/profile.d/freetype.sh
+}
+
+sha512sums="ca59e47f0fceeeb9b8032be2671072604d0c79094675df24187829c05e99757d0a48a0f8062d4d688e056f783aa8f6090d732ad116562e94784fccf1339eb823  freetype-2.8.1.tar.bz2
+9981be8a3ea6f2cf856860b87a4e895e4610c9d5ea4beb611815e757e6080e060f6853ace02dd8ea55e5888cdf4bae5ad5eadd2d8a123754bb3c0bfe7ef41dea  40-memcpy-fix.patch
+41a84be2631b53072a76b78c582575aa48b650ee7b00017d018381002bc25df10cf33da4954c95ef50db39f1fa566678e3b4ae9bfee1dfd705423fb53e53e494  0001-Enable-table-validation-modules.patch
+7b52a3d67750d59b2c98e83dab4e0a0ab263142c2ca7bd5f8be5f8fe9cd1dc1f4debad44111c7886665329d8d2a3163756455618a6615df8f85d82bb0372d4dd  0003-Enable-infinality-subpixel-hinting.patch
+64c20fbcbf48372ea35fe2e0dae8fec4be8c601c899a4a71913060c6ea4082a2f41d69701da511e09fee126bf198d560986469e2356bd088d2dd5961f437df63  0004-Enable-long-PCF-family-names.patch
+7100cde5b2ca16bfbe968fce3e2eba5ba49e6ed53792d5db889c8d89e572d7d80da1338ccc9eeb9b243664ca2337467e9f73c1074bee0b34c417f6c7832ed390  freetype-profile.sh"
diff --git a/user/freetype/freetype-profile.sh b/user/freetype/freetype-profile.sh
new file mode 100644
index 000000000..a4cc6423b
--- /dev/null
+++ b/user/freetype/freetype-profile.sh
@@ -0,0 +1,12 @@
+# Subpixel hinting mode can be chosen by setting the right TrueType interpreter
+# version. The available settings are:
+#
+#     truetype:interpreter-version=35  # Classic mode (default in 2.6)
+#     truetype:interpreter-version=38  # Infinality mode
+#     truetype:interpreter-version=40  # Minimal mode (default in 2.7)
+#
+# There are more properties that can be set, separated by whitespace. Please
+# refer to the FreeType documentation for details.
+
+# Uncomment and configure below
+export FREETYPE_PROPERTIES="truetype:interpreter-version=38"
diff --git a/user/glib-networking/APKBUILD b/user/glib-networking/APKBUILD
new file mode 100644
index 000000000..65ae109a0
--- /dev/null
+++ b/user/glib-networking/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=glib-networking
+pkgver=2.54.1
+_maj=${pkgver%%.*}
+_min=${pkgver#${_maj}.}
+_min=${_min%%.*}
+_ver=$_maj.$_min
+pkgrel=1
+pkgdesc="Networking support for GLib"
+url="http://www.gnome.org"
+arch="all"
+license="LGPL-2.1+"
+depends="ca-certificates"
+makedepends="glib-dev gnutls-dev libproxy-dev intltool libgcrypt-dev bash p11-kit-dev"
+install=
+subpackages="$pkgname-lang"
+source="http://download.gnome.org/sources/glib-networking/$_ver/glib-networking-$pkgver.tar.xz"
+
+build() {
+	cd "$builddir"
+	CONFIG_SHELL=/bin/bash ./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--disable-more-warnings \
+		--with-libproxy \
+		--with-gnutls
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	rm -f "$pkgdir"/usr/lib/gio/modules/*.a
+}
+
+sha512sums="8356d835914e33df43f4f2bb6a915ddcd48dd0565e4d5bc1f1d692e9c3124ee4421b99f87f2586f74e9fed24ef7421159f3242fd1eb7bd74950bd25e860896ec  glib-networking-2.54.1.tar.xz"
diff --git a/user/glib-networking/proxy-test.patch b/user/glib-networking/proxy-test.patch
new file mode 100644
index 000000000..2cab5d9f6
--- /dev/null
+++ b/user/glib-networking/proxy-test.patch
@@ -0,0 +1,13 @@
+--- ./Makefile.am.orig
++++ ./Makefile.am
+@@ -11,9 +11,9 @@
+ 
+ if HAVE_GNOME_PROXY
+ SUBDIRS += proxy/gnome
++SUBDIRS += proxy/tests
+ endif
+ 
+-SUBDIRS += proxy/tests
+ 
+ if HAVE_GNUTLS
+ SUBDIRS += tls/gnutls
diff --git a/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch b/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch
new file mode 100644
index 000000000..50a9a8c28
--- /dev/null
+++ b/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch
@@ -0,0 +1,47 @@
+From e4216dee57f5156e192b2910f13eb855a104cb18 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 6 Jul 2016 12:38:40 +0200
+Subject: [PATCH] gquark: fix initialization with c++ constructors
+
+C++ constructors may want create new quarks, but we can not guarantee
+that the glib library ctor is executed first. Therefore we make sure
+that quarks are always initialized from g_quark_from_string and
+g_quark_from_static_string
+
+This fixes crashes in glibmm with musl which likely happens on AIX too.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=768215
+https://bugzilla.gnome.org/show_bug.cgi?id=756139#c14
+---
+ glib/gquark.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/glib/gquark.c b/glib/gquark.c
+index 9e51a92..17ecd7f 100644
+--- a/glib/gquark.c
++++ b/glib/gquark.c
+@@ -57,6 +57,11 @@ static gint           quark_block_offset = 0;
+ void
+ g_quark_init (void)
+ {
++  /* we may be initialized from c++ constructor or the glib ctor, but we
++  cannot guarantee in what order. So we check if we have been initialized */
++  if (quark_ht != NULL)
++    return;
++
+   g_assert (quark_seq_id == 0);
+   quark_ht = g_hash_table_new (g_str_hash, g_str_equal);
+   quarks = g_new (gchar*, QUARK_BLOCK_SIZE);
+@@ -179,6 +184,9 @@ quark_from_string (const gchar *string,
+ {
+   GQuark quark = 0;
+ 
++  if (G_UNLIKELY (quark_ht == NULL))
++    g_quark_init();
++
+   quark = GPOINTER_TO_UINT (g_hash_table_lookup (quark_ht, string));
+ 
+   if (!quark)
+-- 
+2.9.0
+
diff --git a/user/glib/APKBUILD b/user/glib/APKBUILD
new file mode 100644
index 000000000..89a98754f
--- /dev/null
+++ b/user/glib/APKBUILD
@@ -0,0 +1,103 @@
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=glib
+pkgver=2.54.2
+pkgrel=1
+pkgdesc="Common C routines used by Gtk+ and other libs"
+url="https://developer.gnome.org/glib/"
+arch="all"
+license="GPL"
+depends=
+triggers="$pkgname.trigger=/usr/share/glib-2.0/schemas:/usr/lib/gio/modules"
+depends_dev="perl python3 attr-dev gettext-dev zlib-dev bzip2-dev libffi-dev
+	util-linux-dev"
+makedepends="$depends_dev pcre-dev xmlto"
+checkdepends="tzdata"
+options="!checkroot"
+source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz
+	0001-gquark-fix-initialization-with-c-constructors.patch
+	broken-gio-tests.patch
+	fix-spawn.patch
+	i386-fpu-test.patch
+	musl-no-locale.patch
+	ridiculous-strerror-nonconformance.patch
+	thread-test-fix.patch
+	"
+subpackages="$pkgname-dbg $pkgname-doc $pkgname-static $pkgname-dev $pkgname-lang $pkgname-bash-completion:bashcomp:noarch"
+builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+	cd "$builddir"
+	default_prepare
+
+	# workaround packaging issue. gtk-doc.make timestamp was newer than
+	# Makefile.am, which triggers automake re-run
+	touch -r docs/reference/glib/Makefile.am gtk-doc.make
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--mandir=/usr/share/man \
+		--disable-gtk-doc \
+		--disable-compile-warnings \
+		--disable-selinux \
+		--with-pcre=system \
+		--with-python=python3 \
+		--with-pic \
+		--enable-static
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	rm -rf "$pkgdir"/usr/lib/charset.alias
+}
+
+dev() {
+	default_dev
+	mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/share
+		find "$pkgdir"/usr/bin ! -name "glib-compile-schemas" -a \( \
+		-name "gdbus-codegen" -o \
+		-name "gobject-query" -o \
+		-name "gresource" -o \
+		-name "gtester*" -o \
+		-name "glib-*" \) \
+		-exec mv {} "$subpkgdir"/usr/bin \;
+	mv "$pkgdir"/usr/share/gdb "$pkgdir"/usr/share/glib-2.0 \
+		"$subpkgdir"/usr/share
+}
+
+static() {
+	pkgdesc="glib static libraries"
+	depends="gettext-static"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
+}
+
+bashcomp() {
+	pkgdesc="Bash completion for $pkgname"
+	depends=
+	install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
+	mkdir -p "$subpkgdir"/usr/share
+	mv "$pkgdir"/usr/share/bash-completion "$subpkgdir"/usr/share
+	[ "$(ls -A "$pkgdir"/usr/share)" ] || rmdir "$pkgdir"/usr/share
+}
+
+sha512sums="09ee6fa3a6f3f15af229bd789bef536e3570f36d1e4ce624a57e97c4040577f6baccd6ab5746257863ccf7173b558cfa753951d562a278f854e52604104ba7ee  glib-2.54.2.tar.xz
+32e5aca9a315fb985fafa0b4355e4498c1f877fc1f0b58ad4ac261fb9fbced9f026c7756a5f2af7d61ce756b55c8cd02811bb08df397040e93510056f073756b  0001-gquark-fix-initialization-with-c-constructors.patch
+9bf99de4672765704759098c883cfc4d2747cf10d9d568ae97134806a089e4bebae57886bae45dcc53694e0190248abe6ae52cc38dc742cd754d352406ac0680  broken-gio-tests.patch
+0f0a98784aeed92f33cd9239d2f668bdc6c09b84ed020825ae88f6aacf6a922152dc3e1384c40d9f30f54c5ab78fe17e0ee5c42b268b297b595d2a6cde5b8998  fix-spawn.patch
+aa7444bbdf7b88798adc67c15cdb8b7459450c0b7357caea16b74462c5c9179ba80d4018b1e656e90a5e3be5b2e3c14e9b8c0ccbb2ee4d8c92dc8fa627518b84  i386-fpu-test.patch
+10d23961072e3d8c8bbe5ee9a6b6ad709734690485c7148f1f8a2081a3ecc06cc3e3ff02ea870e1b429cd8464df6ef6e9f266148010d889fd187f4e411f65bab  musl-no-locale.patch
+56c10a0f64cbd8ce584d428f818e7e678fdeb40a32df792843208ddfa3135d362cc2077bc9fe3bfebe13ee6af0ecf6403a593ad727e0a92276074a17a9c7029c  ridiculous-strerror-nonconformance.patch
+0cebf9cbf87a92c3160054eb30189a827847f5820a8b90f4842b4ad5ab5cc343ba06e5f55214864bd0f0d5a21e55ec5e7f35c66207e77b1496142b7ee0c75567  thread-test-fix.patch"
diff --git a/user/glib/broken-gio-tests.patch b/user/glib/broken-gio-tests.patch
new file mode 100644
index 000000000..d7006db87
--- /dev/null
+++ b/user/glib/broken-gio-tests.patch
@@ -0,0 +1,100 @@
+Requires update-desktop-database
+--- glib-2.52.1/gio/tests/appinfo.c.old	2016-10-22 00:17:49.000000000 -0500
++++ glib-2.52.1/gio/tests/appinfo.c	2017-08-20 23:23:32.581229536 -0500
+@@ -486,7 +486,7 @@
+   g_test_add_func ("/appinfo/launch-context", test_launch_context);
+   g_test_add_func ("/appinfo/launch-context-signals", test_launch_context_signals);
+   g_test_add_func ("/appinfo/tryexec", test_tryexec);
+-  g_test_add_func ("/appinfo/associations", test_associations);
++  //g_test_add_func ("/appinfo/associations", test_associations);
+   g_test_add_func ("/appinfo/environment", test_environment);
+   g_test_add_func ("/appinfo/startup-wm-class", test_startup_wm_class);
+   g_test_add_func ("/appinfo/supported-types", test_supported_types);
+ 
+
+Requires shared-mime-info
+--- glib-2.53.7/gio/tests/contenttype.c.old	2017-07-13 18:03:39.000000000 -0500
++++ glib-2.53.7/gio/tests/contenttype.c	2017-09-05 21:41:46.312547646 -0500
+@@ -345,9 +345,9 @@
+ 
+   g_test_bug_base ("http://bugzilla.gnome.org/");
+ 
+-  g_test_add_func ("/contenttype/guess", test_guess);
++  //g_test_add_func ("/contenttype/guess", test_guess);
+   g_test_add_func ("/contenttype/unknown", test_unknown);
+-  g_test_add_func ("/contenttype/subtype", test_subtype);
++  /*g_test_add_func ("/contenttype/subtype", test_subtype);
+   g_test_add_func ("/contenttype/list", test_list);
+   g_test_add_func ("/contenttype/executable", test_executable);
+   g_test_add_func ("/contenttype/description", test_description);
+@@ -355,7 +355,7 @@
+   g_test_add_func ("/contenttype/symbolic-icon", test_symbolic_icon);
+   g_test_add_func ("/contenttype/tree", test_tree);
+   g_test_add_func ("/contenttype/test_type_is_a_special_case",
+-                   test_type_is_a_special_case);
++                   test_type_is_a_special_case);*/
+ 
+   return g_test_run ();
+ }
+
+
+Requires working iconv
+--- glib-2.52.1/gio/tests/converter-stream.c.old	2016-10-22 00:18:11.000000000 -0500
++++ glib-2.52.1/gio/tests/converter-stream.c	2017-08-20 23:21:31.711358101 -0500
+@@ -1203,7 +1203,7 @@
+   };
+   CharsetTest charset_tests[] = {
+     { "/converter-input-stream/charset/utf8->latin1", "UTF-8", "\303\205rr Sant\303\251", "ISO-8859-1", "\305rr Sant\351", 0 },
+-    { "/converter-input-stream/charset/latin1->utf8", "ISO-8859-1", "\305rr Sant\351", "UTF-8", "\303\205rr Sant\303\251", 0 },
++    //{ "/converter-input-stream/charset/latin1->utf8", "ISO-8859-1", "\305rr Sant\351", "UTF-8", "\303\205rr Sant\303\251", 0 },
+-    { "/converter-input-stream/charset/fallbacks", "UTF-8", "Some characters just don't fit into latin1: πא", "ISO-8859-1", "Some characters just don't fit into latin1: \\CF\\80\\D7\\90", 4 },
++    //{ "/converter-input-stream/charset/fallbacks", "UTF-8", "Some characters just don't fit into latin1: πא", "ISO-8859-1", "Some characters just don't fit into latin1: \\CF\\80\\D7\\90", 4 },
+   };
+ 
+
+
+Requires dconf
+--- glib-2.52.1/gio/tests/gsettings.c.old	2017-08-20 23:26:31.284378974 -0500
++++ glib-2.52.1/gio/tests/gsettings.c	2017-08-20 23:26:46.637699607 -0500
+@@ -2603,6 +2603,8 @@
+   gchar *schema_text;
+   gchar *enums;
+   gint result;
++  printf("1..0\n");
++  return 0;
+ 
+   setlocale (LC_ALL, "");
+ 
+
+Requires update-desktop-database
+--- glib-2.52.1/gio/tests/desktop-app-info.c.old	2016-10-22 00:17:55.000000000 -0500
++++ glib-2.52.1/gio/tests/desktop-app-info.c	2017-08-20 23:38:16.840439686 -0500
+@@ -761,6 +761,8 @@
+ {
+   gint result;
+ 
++  printf("1..0\n");
++  return 0;
+   g_test_init (&argc, &argv, NULL);
+ 
+   basedir = g_get_current_dir ();
+
+
+--- glib-2.52.1/gio/tests/resources.c.old	2016-10-22 00:18:12.000000000 -0500
++++ glib-2.52.1/gio/tests/resources.c	2017-08-20 23:39:47.127025718 -0500
+@@ -426,6 +426,7 @@
+       g_assert_cmpstr (g_bytes_get_data (data, NULL), ==, "test1\n");
+       g_bytes_unref (data);
+ 
++#if 0  // dlclose is noop on musl
+       g_type_module_unuse (G_TYPE_MODULE (module));
+ 
+       found = g_resources_get_info ("/resourceplugin/test1.txt",
+@@ -434,6 +435,7 @@
+       g_assert (!found);
+       g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+       g_clear_error (&error);
++#endif
+     }
+ }
+ 
diff --git a/user/glib/fix-spawn.patch b/user/glib/fix-spawn.patch
new file mode 100644
index 000000000..df352fdc3
--- /dev/null
+++ b/user/glib/fix-spawn.patch
@@ -0,0 +1,22 @@
+--- glib-2.52.1/glib/tests/spawn-singlethread.c.old	2016-10-22 00:21:35.000000000 -0500
++++ glib-2.52.1/glib/tests/spawn-singlethread.c	2017-08-20 22:31:52.548311424 -0500
+@@ -210,7 +210,7 @@
+   g_test_init (&argc, &argv, NULL);
+ 
+   dirname = g_path_get_dirname (argv[0]);
+-  echo_prog_path = g_build_filename (dirname, "test-spawn-echo" EXEEXT, NULL);
++  echo_prog_path = g_build_filename (dirname, "../test-spawn-echo" EXEEXT, NULL);
+   if (!g_file_test (echo_prog_path, G_FILE_TEST_EXISTS))
+     {
+       g_free (echo_prog_path);
+--- glib-2.52.1/glib/tests/spawn-multithreaded.c.old	2016-10-22 00:21:44.000000000 -0500
++++ glib-2.52.1/glib/tests/spawn-multithreaded.c	2017-08-20 22:32:15.981614460 -0500
+@@ -222,7 +222,7 @@
+   g_test_init (&argc, &argv, NULL);
+ 
+   dirname = g_path_get_dirname (argv[0]);
+-  echo_prog_path = g_build_filename (dirname, "test-spawn-echo" EXEEXT, NULL);
++  echo_prog_path = g_build_filename (dirname, "../test-spawn-echo" EXEEXT, NULL);
+   if (!g_file_test (echo_prog_path, G_FILE_TEST_EXISTS))
+     {
+       g_free (echo_prog_path);
diff --git a/user/glib/glib.trigger b/user/glib/glib.trigger
new file mode 100644
index 000000000..cf23eff7d
--- /dev/null
+++ b/user/glib/glib.trigger
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+for i in "$@"; do
+	if ! [ -e "$i" ]; then
+		continue
+	fi
+	case "$i" in
+	*/modules)
+		/usr/bin/gio-querymodules "$i"
+		;;
+	*/schemas)
+		/usr/bin/glib-compile-schemas "$i"
+		;;
+	esac
+done
+
diff --git a/user/glib/i386-fpu-test.patch b/user/glib/i386-fpu-test.patch
new file mode 100644
index 000000000..986c33164
--- /dev/null
+++ b/user/glib/i386-fpu-test.patch
@@ -0,0 +1,13 @@
+--- glib-2.54.2/glib/tests/timer.c.old	2016-10-22 00:21:30.000000000 -0500
++++ glib-2.54.2/glib/tests/timer.c	2018-03-03 18:39:40.424741042 -0600
+@@ -203,7 +203,10 @@
+ {
+   g_test_init (&argc, &argv, NULL);
+ 
++  /* This test fails on the i386 because of crappy FPU */
++#ifndef __i386__
+   g_test_add_func ("/timer/basic", test_timer_basic);
++#endif
+   g_test_add_func ("/timer/stop", test_timer_stop);
+   g_test_add_func ("/timer/continue", test_timer_continue);
+   g_test_add_func ("/timer/reset", test_timer_reset);
diff --git a/user/glib/musl-no-locale.patch b/user/glib/musl-no-locale.patch
new file mode 100644
index 000000000..4b36b0b2e
--- /dev/null
+++ b/user/glib/musl-no-locale.patch
@@ -0,0 +1,55 @@
+--- glib-2.52.1/glib/tests/option-context.c.old	2016-10-22 05:21:34.000000000 +0000
++++ glib-2.52.1/glib/tests/option-context.c	2017-08-20 23:14:46.364133517 +0000
+@@ -638,7 +638,7 @@
+   
+   old_locale = g_strdup (setlocale (LC_NUMERIC, locale));
+   current_locale = setlocale (LC_NUMERIC, NULL);
+-  if (strcmp (current_locale, locale) != 0)
++  //if (strcmp (current_locale, locale) != 0)
+     {
+       fprintf (stderr, "Cannot set locale to %s, skipping\n", locale);
+       goto cleanup; 
+--- glib-2.52.1/glib/tests/gdatetime.c.old	2017-03-16 20:12:05.000000000 -0500
++++ glib-2.52.1/glib/tests/gdatetime.c	2017-08-20 22:20:37.805908983 -0500
+@@ -1068,7 +1068,7 @@
+ 
+   oldlocale = g_strdup (setlocale (LC_ALL, NULL));
+   setlocale (LC_ALL, "fa_IR.utf-8");
+-  if (strstr (setlocale (LC_ALL, NULL), "fa_IR") != NULL)
++  if ((1 == 0) && strstr (setlocale (LC_ALL, NULL), "fa_IR") != NULL)
+     {
+       TEST_PRINTF_TIME (23, 0, 0, "%OH", "\333\262\333\263");    /* '23' */
+       TEST_PRINTF_TIME (23, 0, 0, "%OI", "\333\261\333\261");    /* '11' */
+--- glib-2.52.1/glib/tests/convert.c.old	2016-10-22 00:21:34.000000000 -0500
++++ glib-2.52.1/glib/tests/convert.c	2017-08-20 22:51:48.363430954 -0500
+@@ -707,7 +707,7 @@
+ 
+   g_test_add_func ("/conversion/no-conv", test_no_conv);
+   g_test_add_func ("/conversion/iconv-state", test_iconv_state);
+-  g_test_add_func ("/conversion/illegal-sequence", test_one_half);
++  //g_test_add_func ("/conversion/illegal-sequence", test_one_half);
+-  g_test_add_func ("/conversion/byte-order", test_byte_order);
++  //g_test_add_func ("/conversion/byte-order", test_byte_order);
+   g_test_add_func ("/conversion/unicode", test_unicode_conversions);
+   g_test_add_func ("/conversion/filename-utf8", test_filename_utf8);
+--- glib-2.54.2/glib/tests/collate.c.old	2017-03-08 21:37:21.000000000 -0600
++++ glib-2.54.2/glib/tests/collate.c	2018-03-01 01:07:56.957714447 -0600
+@@ -279,7 +279,7 @@
+ 
+   g_setenv ("LC_ALL", "en_US", TRUE);
+   locale = setlocale (LC_ALL, "");
+-  if (locale == NULL || strcmp (locale, "en_US") != 0)
++  //if (locale == NULL || strcmp (locale, "en_US") != 0)
+     {
+       g_test_message ("No suitable locale, skipping tests");
+       missing_locale = TRUE;
+--- glib-2.54.2/tests/run-collate-tests.sh.old	2016-10-22 00:17:10.000000000 -0500
++++ glib-2.54.2/tests/run-collate-tests.sh	2018-03-01 01:22:01.107722429 -0600
+@@ -1,5 +1,7 @@
+ #! /bin/sh
+ 
++exit 77
++
+ fail ()
+ {
+   echo "Test failed: $*"
diff --git a/user/glib/ridiculous-strerror-nonconformance.patch b/user/glib/ridiculous-strerror-nonconformance.patch
new file mode 100644
index 000000000..3ffc0aafa
--- /dev/null
+++ b/user/glib/ridiculous-strerror-nonconformance.patch
@@ -0,0 +1,11 @@
+--- glib-2.52.1/glib/tests/strfuncs.c.old	2016-10-22 00:21:44.000000000 -0500
++++ glib-2.52.1/glib/tests/strfuncs.c	2017-08-20 22:48:18.233702952 -0500
+@@ -1335,7 +1335,7 @@
+   setlocale (LC_ALL, "C");
+ 
+   strs = g_hash_table_new (g_str_hash, g_str_equal);
+-  for (i = 1; i < 200; i++)
++  for (i = 1; i < 40; i++)
+     {
+       str = g_strerror (i);
+       g_assert (str != NULL);
diff --git a/user/glib/thread-test-fix.patch b/user/glib/thread-test-fix.patch
new file mode 100644
index 000000000..bcfcfc441
--- /dev/null
+++ b/user/glib/thread-test-fix.patch
@@ -0,0 +1,11 @@
+--- glib-2.52.1/glib/tests/thread.c.old	2016-10-22 05:21:37.000000000 +0000
++++ glib-2.52.1/glib/tests/thread.c	2017-08-20 04:51:46.756496035 +0000
+@@ -174,7 +174,7 @@
+ static gpointer
+ thread6_func (gpointer data)
+ {
+-#ifdef HAVE_PTHREAD_SETNAME_NP_WITH_TID
++#if 0
+   char name[16];
+ 
+   pthread_getname_np (pthread_self(), name, 16);
diff --git a/user/gnutls/APKBUILD b/user/gnutls/APKBUILD
new file mode 100644
index 000000000..b64faaa64
--- /dev/null
+++ b/user/gnutls/APKBUILD
@@ -0,0 +1,74 @@
+# Contriburo: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gnutls
+pkgver=3.6.1
+pkgrel=0
+pkgdesc="A TLS protocol implementation"
+url="http://www.gnutls.org/"
+arch="all"
+license="GPL"
+checkdepends="diffutils"
+makedepends="nettle-dev zlib-dev libtasn1-dev p11-kit-dev libunistring-dev texinfo"
+subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils $pkgname-c++:xx"
+_v=${pkgver%.*}
+case $pkgver in
+*.*.*.*) _v=${_v%.*};;
+esac
+source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz
+	tests-date-compat.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+#   3.5.13-r0:
+#     - CVE-2017-7507
+
+build() {
+	cd "$builddir"
+	LIBS="-lgmp" ./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-openssl-compatibility \
+		--disable-rpath \
+		--disable-static \
+		--disable-guile \
+		--disable-valgrind-tests \
+		--without-included-libtasn1 \
+		--enable-cxx \
+		--enable-manpages \
+		--enable-tests \
+		--disable-full-test-suite \
+		--disable-sslv2-support \
+		--with-zlib \
+		--with-p11-kit
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make -j1 DESTDIR="$pkgdir" install
+}
+
+utils() {
+	pkgdesc="Command line tools for TLS protocol"
+	mkdir -p "$subpkgdir"/usr/
+	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+}
+
+xx() {
+	pkgdesc="The C++ interface to GnuTLS"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
+}
+
+sha512sums="1f2bd3203ea96844c531be700b44623b79f46743143edf97011aab07895ca18d62f1659c7fafc5e1c4b0686fde490836f00358bdd60d6ac0b842526db002da23  gnutls-3.6.1.tar.xz
+14b1be86a0180c914aaaada261ccf01914d48df9510b57572e4f32683d1dd984a907ecf2c848cc4773b1c139059de26383a2c617f509f8c75b985668a23fd28d  tests-date-compat.patch"
diff --git a/user/gnutls/tests-date-compat.patch b/user/gnutls/tests-date-compat.patch
new file mode 100644
index 000000000..2717ab230
--- /dev/null
+++ b/user/gnutls/tests-date-compat.patch
@@ -0,0 +1,12 @@
+Busybox date does not support %N, this is GNU extension.
+--- a/tests/scripts/common.sh
++++ b/tests/scripts/common.sh
+@@ -59,7 +59,7 @@
+ }
+ 
+ # Find a port number not currently in use.
+-GETPORT='rc=0; myrandom=$(date +%N | sed s/^0*//)
++GETPORT='rc=0; myrandom=$(date +%s | sed s/^0*//)
+     while test $rc = 0;do
+ 	PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))"
+ 	check_if_port_in_use $PORT;rc=$?
diff --git a/user/gpgme/APKBUILD b/user/gpgme/APKBUILD
new file mode 100644
index 000000000..10ffc83de
--- /dev/null
+++ b/user/gpgme/APKBUILD
@@ -0,0 +1,59 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gpgme
+pkgver=1.9.0
+pkgrel=2
+pkgdesc="GnuPG Made Easy"
+url="http://www.gnupg.org/related_software/gpgme/"
+arch="all"
+license="GPL"
+depends="gnupg"
+depends_dev="libgpg-error-dev libassuan-dev qt5-qtbase-dev"
+makedepends="$depends_dev doxygen"
+subpackages="$pkgname-dev $pkgname-doc gpgmepp qgpgme"
+source="ftp://ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2
+	fix-bashism.patch"
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+qgpgme() {
+	pkgdesc="$pkgdesc (Qt 5 library)"
+	mkdir -p "$subpkgdir"/usr/lib/
+	mv "$pkgdir"/usr/lib/libqgpgme.so* "$subpkgdir"/usr/lib/
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+gpgmepp() {
+	pkgdesc="C++ bindings for GPGME"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libgpgmepp.so.* "$subpkgdir"/usr/lib/
+}
+
+
+sha512sums="2a33343e907d9d70cc57dc1ef4e1c01995e1030bb0db937f44435643d6abfbb1bd55d52ba241701fa702783ebf035c09941131604fd8a811474b8bee41afccc8  gpgme-1.9.0.tar.bz2
+6d83139277026d280fa08827623196c90c6158ecb9a39b58f58f3b4211d8d1e9694aa255eb71a08e40028776f6cc9df9b8f6a71d918065479504de14619a11bd  fix-bashism.patch"
diff --git a/user/gpgme/fix-bashism.patch b/user/gpgme/fix-bashism.patch
new file mode 100644
index 000000000..19508c96e
--- /dev/null
+++ b/user/gpgme/fix-bashism.patch
@@ -0,0 +1,10 @@
+diff --git a/tests/gpg/pinentry b/tests/gpg/pinentry
+index 3b99726..b12caae 100755
+--- a/tests/gpg/pinentry
++++ b/tests/gpg/pinentry
+@@ -1,4 +1,4 @@
+-#! /bin/bash
++#! /bin/sh
+ # Dummy pinentry
+ # 
+ # Copyright 2008 g10 Code GmbH
diff --git a/user/graphviz/0001-clone-nameclash.patch b/user/graphviz/0001-clone-nameclash.patch
new file mode 100644
index 000000000..6222238d8
--- /dev/null
+++ b/user/graphviz/0001-clone-nameclash.patch
@@ -0,0 +1,87 @@
+From cb8bbbd3a48fa1f41965617852d11e02eb20b1f0 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 26 Jul 2011 12:41:21 +0000
+Subject: [PATCH] clone nameclash
+
+---
+ lib/gvpr/actions.c |    6 +++---
+ lib/gvpr/actions.h |    2 +-
+ lib/gvpr/compile.c |    2 +-
+ lib/gvpr/gvpr.c    |    4 ++--
+ 4 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/lib/gvpr/actions.c b/lib/gvpr/actions.c
+index 05bfcd1..b3b4a60 100644
+--- a/lib/gvpr/actions.c
++++ b/lib/gvpr/actions.c
+@@ -380,7 +380,7 @@ Agraph_t *cloneG(Agraph_t * g, char* name)
+  * graph. Otherwise, create a clone subgraph of g.
+  * Assume obj != NULL.
+  */
+-Agobj_t *clone(Agraph_t * g, Agobj_t * obj)
++Agobj_t *cloneO(Agraph_t * g, Agobj_t * obj)
+ {
+     Agobj_t *nobj = 0;
+     Agedge_t *e;
+@@ -415,8 +415,8 @@ Agobj_t *clone(Agraph_t * g, Agobj_t * obj)
+     case AGINEDGE:
+     case AGOUTEDGE:
+ 	e = (Agedge_t *) obj;
+-	t = (Agnode_t *) clone(g, OBJ(agtail(e)));
+-	h = (Agnode_t *) clone(g, OBJ(aghead(e)));
++	t = (Agnode_t *) cloneO(g, OBJ(agtail(e)));
++	h = (Agnode_t *) cloneO(g, OBJ(aghead(e)));
+ 	name = agnameof (AGMKOUT(e));
+ 	nobj = (Agobj_t *) openEdge(g, t, h, name);
+ 	if (nobj)
+diff --git a/lib/gvpr/actions.h b/lib/gvpr/actions.h
+index 5c62a3b..4223c52 100644
+--- a/lib/gvpr/actions.h
++++ b/lib/gvpr/actions.h
+@@ -22,7 +22,7 @@ extern "C" {
+ #include "expr.h"
+ 
+     extern void nodeInduce(Agraph_t * selected);
+-    extern Agobj_t *clone(Agraph_t * g, Agobj_t * obj);
++    extern Agobj_t *cloneO(Agraph_t * g, Agobj_t * obj);
+     extern Agraph_t *cloneG(Agraph_t * g, char* name);
+     extern Agobj_t *copy(Agraph_t * g, Agobj_t * obj);
+     extern int copyAttr(Agobj_t * obj, Agobj_t * obj1);
+diff --git a/lib/gvpr/compile.c b/lib/gvpr/compile.c
+index c157572..0914210 100644
+--- a/lib/gvpr/compile.c
++++ b/lib/gvpr/compile.c
+@@ -1087,7 +1087,7 @@ getval(Expr_t * pgm, Exnode_t * node, Exid_t * sym, Exref_t * ref,
+ 		error(ERROR_WARNING, "NULL object passed to clone()");
+ 		v.integer = 0;
+ 	    } else
+-		v.integer = PTR2INT(clone(gp, objp));
++		v.integer = PTR2INT(cloneO(gp, objp));
+ 	    break;
+ 	case F_cloneG:
+ 	    gp = INT2PTR(Agraph_t *, args[0].integer);
+diff --git a/lib/gvpr/gvpr.c b/lib/gvpr/gvpr.c
+index 0d47d70..9a1bfd1 100644
+--- a/lib/gvpr/gvpr.c
++++ b/lib/gvpr/gvpr.c
+@@ -803,7 +803,7 @@ addOutputGraph (Gpr_t* state, gvpropts* uopts)
+     Agraph_t* g = state->outgraph;
+ 
+     if ((agroot(g) == state->curgraph) && !uopts->ingraphs)
+-	g = (Agraph_t*)clone (0, (Agobj_t *)g);
++	g = (Agraph_t*)cloneO (0, (Agobj_t *)g);
+ 
+     uopts->n_outgraphs++;
+     uopts->outgraphs = oldof(uopts->outgraphs,Agraph_t*,uopts->n_outgraphs,0);
+@@ -988,7 +988,7 @@ int gvpr (int argc, char *argv[], gvpropts * uopts)
+ 
+ 		/* begin graph */
+ 		if (incoreGraphs && (opts->compflags & CLONE))
+-		    state->curgraph = (Agraph_t*)clone (0, (Agobj_t*)(state->curgraph));
++		    state->curgraph = (Agraph_t*)cloneO (0, (Agobj_t*)(state->curgraph));
+ 		state->curobj = (Agobj_t *) state->curgraph;
+ 		state->tvroot = 0;
+ 		if (bp->begg_stmt)
+-- 
+1.7.6
+
diff --git a/user/graphviz/APKBUILD b/user/graphviz/APKBUILD
new file mode 100644
index 000000000..7f5b34c1f
--- /dev/null
+++ b/user/graphviz/APKBUILD
@@ -0,0 +1,120 @@
+# Contributor: Sören Tempel <soeren/alpine@soeren-tempel.net>
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=graphviz
+pkgver=2.40.1
+pkgrel=1
+pkgdesc="Graph Visualization Tools"
+url="http://www.graphviz.org/"
+arch="all"
+license="EPL"
+options="!check"  # Requires unpackaged Criterion test framework
+depends=""
+depends_dev="zlib-dev libpng-dev libjpeg-turbo-dev expat-dev
+	fontconfig-dev libsm-dev libxext-dev cairo-dev pango-dev
+	librsvg-dev gmp-dev freetype-dev"
+makedepends="$depends_dev flex swig guile-dev m4 libtool
+	bison gtk+2.0-dev lua5.2-dev libltdl tcl"
+install="$pkgname.pre-deinstall"
+triggers="$pkgname.trigger=/usr/lib/graphviz"
+subpackages="$pkgname-dev $pkgname-doc lua-$pkgname:_lua
+	$pkgname-gtk $pkgname-graphs guile-$pkgname:guile"
+source="http://www.graphviz.org/pub/graphviz/stable/SOURCES/graphviz-$pkgver.tar.bz2
+	$pkgname.trigger
+	0001-clone-nameclash.patch
+	"
+
+prepare() {
+	# Rename unpacked directory with hash in the name to something sane...
+	mv "$srcdir"/$pkgname-stable_release_$pkgver-* "$builddir"
+
+	default_prepare
+
+	cd "$builddir"
+	./autogen.sh NOCONFIG
+}
+
+build() {
+	cd "$builddir"
+
+	LIBPOSTFIX=/ \
+	LUA=lua5.2 \
+	LUA_CFLAGS="$(pkg-config --cflags lua5.2)" \
+	LUA_LIBS="$(pkg-config --libs lua5.2)" \
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--without-included-ltdl \
+		--disable-ltdl-install \
+		--disable-silent-rules \
+		--enable-ltdl \
+		--with-x \
+		--disable-static \
+		--disable-dependency-tracking \
+		--enable-java=no \
+		--enable-lua=yes \
+		--enable-python34=yes \
+		--enable-tcl=no \
+		--without-mylibgd \
+		--with-ipsepcola \
+		--with-pangocairo \
+		--with-gdk-pixbuf \
+		--with-png \
+		--with-jpeg \
+		--with-rsvg
+
+	if [ "$CARCH" = "x86_64" ]; then
+		# the configure script thinks we have sincos. we dont.
+		sed -i -e '/HAVE_SINCOS/d' config.h
+	fi
+
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" \
+		pkgconfigdir=/usr/lib/pkgconfig \
+		install
+
+	mkdir -p "$pkgdir"/usr/share/doc
+	mv "$pkgdir"/usr/share/graphviz/doc \
+		"$pkgdir"/usr/share/doc/graphviz
+}
+
+guile() {
+	pkgdesc="Guile bindings for graphviz"
+	mkdir -p "$subpkgdir"/usr/lib/graphviz
+	mv "$pkgdir"/usr/lib/graphviz/guile* \
+		"$subpkgdir"/usr/lib/graphviz/
+}
+
+_lua() {
+	pkgdesc="Lua extension for graphviz"
+	mkdir -p "$subpkgdir"/usr/lib/graphviz \
+		"$subpkgdir"/usr/lib/lua
+	mv "$pkgdir"/usr/lib/graphviz/lua \
+		"$subpkgdir"/usr/lib/graphviz
+	mv "$pkgdir"/usr/lib/lua "$subpkgdir"/usr/lib/
+}
+
+gtk() {
+	pkgdesc="Gtk extension for graphviz"
+	mkdir -p "$subpkgdir"/usr/lib/graphviz
+	mv "$pkgdir"/usr/lib/graphviz/libgvplugin_g?k* \
+		"$pkgdir"/usr/lib/graphviz/libgvplugin_rsvg* \
+		"$subpkgdir"/usr/lib/graphviz
+}
+
+graphs() {
+	pkgdesc="Demo graphs for graphviz"
+	mkdir -p "$subpkgdir"/usr/share/graphviz
+	mv "$pkgdir"/usr/share/graphviz/graphs \
+		"$subpkgdir"/usr/share/graphviz/
+}
+
+sha512sums="4e819b3906f3b8e31245a021acd6fae4a1bc55df0a4df6b57a3578a62017e9db0b474a38f3f54682b9e9136d332f2374feee308af489e2848f8bc303ffab58ac  graphviz-2.40.1.tar.bz2
+50947e6a11929f724759266f7716d52d10923eba6d59704ab39e4bdf18f8471d548c2b11ab051dd4b67cb82742aaf54d6358890d049d5b5982f3383b65f7ae8c  graphviz.trigger
+aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d  0001-clone-nameclash.patch"
diff --git a/user/graphviz/graphviz.pre-deinstall b/user/graphviz/graphviz.pre-deinstall
new file mode 100644
index 000000000..cfc43bf6a
--- /dev/null
+++ b/user/graphviz/graphviz.pre-deinstall
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ -e /usr/lib/graphviz/config6 ]; then
+	rm /usr/lib/graphviz/config6
+fi
diff --git a/user/graphviz/graphviz.trigger b/user/graphviz/graphviz.trigger
new file mode 100644
index 000000000..99d447b9b
--- /dev/null
+++ b/user/graphviz/graphviz.trigger
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /usr/bin/dot -c
diff --git a/user/gsl/APKBUILD b/user/gsl/APKBUILD
new file mode 100644
index 000000000..2820f36d6
--- /dev/null
+++ b/user/gsl/APKBUILD
@@ -0,0 +1,42 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+pkgname=gsl
+pkgver=2.4
+pkgrel=2
+pkgdesc="The GNU Scientific Library (GSL) is a modern numerical library for C and C++ programmers"
+url="http://www.gnu.org/software/gsl/gsl.html"
+arch="all"
+license="GPL-3.0+"
+depends=
+makedepends=
+install=
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://ftp.gnu.org/gnu/gsl/gsl-$pkgver.tar.gz
+	dont-disable-deprecated.patch
+	aarch64-test-failure.patch"
+
+# dont-disable-deprecated.patch is workaround for:
+# https://github.com/SciRuby/rb-gsl/issues/40
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="12442b023dd959e8b22a9c486646b5cedec7fdba0daf2604cda365cf96d10d99aefdec2b42e59c536cc071da1525373454e5ed6f4b15293b305ca9b1dc6db130  gsl-2.4.tar.gz
+88d40e599a9e619d8968f9848a91c54492d99032734371ee23072c8dae9d9920da445c1f8a880baa613479facec4afca3d3dec1070c240e5dfd5a662a41c92e8  dont-disable-deprecated.patch
+68b685270a377341b3c3ce566ae6eff4ebfc27b75a73f3c7915c57446798bdcca7c1d9f0fa4ce8a50118b371bfe3e2947f9bf33590c86e85db8e807b3b0deae6  aarch64-test-failure.patch"
diff --git a/user/gsl/aarch64-test-failure.patch b/user/gsl/aarch64-test-failure.patch
new file mode 100644
index 000000000..0b6e80380
--- /dev/null
+++ b/user/gsl/aarch64-test-failure.patch
@@ -0,0 +1,13 @@
+https://lists.gnu.org/archive/html/help-gsl/2017-02/msg00002.html
+
+--- gsl-2.4/linalg/test_cholesky.c.old	2017-06-19 10:00:43.000000000 +0000
++++ gsl-2.4/linalg/test_cholesky.c	2018-05-30 07:37:04.835628069 +0000
+@@ -551,7 +551,7 @@
+       if (N <= 4)
+         {
+           create_hilbert_matrix2(m);
+-          test_mcholesky_invert_eps(m, 256.0 * N * GSL_DBL_EPSILON, "mcholesky_invert unscaled hilbert");
++          test_mcholesky_invert_eps(m, 512.0 * N * GSL_DBL_EPSILON, "mcholesky_invert unscaled hilbert");
+         }
+ 
+       gsl_matrix_free(m);
diff --git a/user/gsl/dont-disable-deprecated.patch b/user/gsl/dont-disable-deprecated.patch
new file mode 100644
index 000000000..40a7c3bce
--- /dev/null
+++ b/user/gsl/dont-disable-deprecated.patch
@@ -0,0 +1,24 @@
+diff -urp gsl-2.2.1/configure.ac patched/configure.ac
+--- gsl-2.2.1/configure.ac	2016-08-31 15:54:07.000000000 +0100
++++ patched/configure.ac	2017-01-31 14:52:10.000000000 +0000
+@@ -575,10 +575,6 @@ AH_BOTTOM([#if defined(GSL_RANGE_CHECK_O
+ AH_BOTTOM([#define RETURN_IF_NULL(x) if (!x) { return ; }
+ ])
+ 
+-AH_VERBATIM([GSL_DISABLE_DEPRECATED],
+-[/* Disable deprecated functions and enums while building */
+-#define GSL_DISABLE_DEPRECATED 1])
+-
+ dnl
+ AC_CONFIG_FILES([            \
+ Makefile                     \
+--- gsl-2.2.1/config.h.in       2016-08-31 15:54:51.000000000 +0100
++++ patched/config.h.in 2017-01-31 16:01:17.000000000 +0000
+@@ -1,8 +1,5 @@
+ /* config.h.in.  Generated from configure.ac by autoheader.  */
+
+-/* Disable deprecated functions and enums while building */
+-#define GSL_DISABLE_DEPRECATED 1
+-
+ /* Define if you have inline with C99 behavior */
+ #undef HAVE_C99_INLINE
diff --git a/user/hexchat/APKBUILD b/user/hexchat/APKBUILD
new file mode 100644
index 000000000..5f43c168d
--- /dev/null
+++ b/user/hexchat/APKBUILD
@@ -0,0 +1,61 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=hexchat
+pkgver=2.12.4
+pkgrel=1
+pkgdesc="A popular and easy to use graphical IRC (chat) client"
+url="https://hexchat.github.io"
+arch="all"
+license="GPL2+"
+depends=""
+makedepends="gtk+2.0-dev openssl-dev dbus-glib-dev perl-dev libsexy-dev
+	libnotify-dev libproxy-dev bash libtool autoconf automake"
+install=""
+subpackages="$pkgname-doc $pkgname-lang $pkgname-perl:_perl"
+source="https://dl.hexchat.net/hexchat/hexchat-$pkgver-repack.tar.xz
+	pixdata.patch
+	"
+
+builddir="$srcdir"/hexchat-$pkgver
+prepare() {
+	cd "$builddir"
+	default_prepare
+	autoreconf -vif
+}
+
+build() {
+	cd "$builddir"
+	LUA=lua5.3 \
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--enable-openssl \
+		--enable-dbus \
+		--disable-textfe \
+		--enable-perl \
+		--disable-python \
+		--disable-lua
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	# not worth a -dev pkg
+	rm -r "$pkgdir"/usr/include
+}
+
+_perl() {
+	pkgdesc="Perl plugin for Hexchat"
+	depends="$pkgname=$pkgver-r$pkgrel"
+	install_if="$pkgname=$pkgver-r$pkgrel perl"
+	mkdir -p "$subpkgdir"/usr/lib/hexchat/plugins
+	mv "$pkgdir"/usr/lib/hexchat/plugins/perl.so \
+		"$subpkgdir"/usr/lib/hexchat/plugins
+}
+
+sha512sums="30d42f5b488abec3fa457254720a39f62619338a5a2c3fe2e5a255aafe1b19817451b01cd260eab90868df1ebf9f663c60b78b6db974ca3c777272327c0b8a25  hexchat-2.12.4-repack.tar.xz
+5cb7ac95e6d53d677d7ec82485636f2c36003ba7fa0c4d4d353095dc6207c51abdc7a2230d43616895fef8ce2c7c2096bec21ac47117d0adbc7416ff3d4ba2c3  pixdata.patch"
diff --git a/user/hexchat/libressl.patch b/user/hexchat/libressl.patch
new file mode 100644
index 000000000..d829dee39
--- /dev/null
+++ b/user/hexchat/libressl.patch
@@ -0,0 +1,105 @@
+From d583ca7d922e5ac6ff466df2e4411b1303a3a2a3 Mon Sep 17 00:00:00 2001
+From: Florian Stinglmayr <florian@n0la.org>
+Date: Tue, 13 Dec 2016 18:41:43 +0100
+Subject: [PATCH] Use AC_CHECK_FUNCS to find functions not in LibreSSL
+
+LibreSSL might not have all functions of OpenSSL 1.1.0 so use
+AC_CHECK_FUNCS to find them first before using them.
+
+Closes #1899
+Fixes #1898
+---
+ configure.ac     | 2 ++
+ src/common/ssl.c | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 34e6def..1f442c5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -374,6 +374,8 @@ AS_IF([test "$openssl" != no], [
+ 		openssl=yes
+ 		COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS"
+ 		COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS"
++		dnl Test for various functions that are not available in LibreSSL
++		AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid])
+ 	], [
+ 		unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h
+ 		AS_IF([test "$openssl" != yes], [
+diff --git a/src/common/ssl.c b/src/common/ssl.c
+index cb58ce2..76fea7b 100644
+--- a/src/common/ssl.c
++++ b/src/common/ssl.c
+@@ -176,7 +176,7 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
+ 		return 1;
+ 
+ 	alg = OBJ_obj2nid (algor->algorithm);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_X509_GET_SIGNATURE_NID
+ 	sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
+ #else
+ 	sign_alg = X509_get_signature_nid (peer_cert);
+@@ -306,7 +306,7 @@ _SSL_socket (SSL_CTX *ctx, int sd)
+ 
+ 	SSL_set_fd (ssl, sd);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_SSL_CTX_GET_SSL_METHOD
+ 	method = ctx->method;
+ #else
+ 	method = SSL_CTX_get_ssl_method (ctx);
+From aa7080f8fe63939d7ff4a0d0b1ec60f0c3eb31be Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <tingping@tingping.se>
+Date: Tue, 13 Dec 2016 17:29:26 -0500
+Subject: [PATCH] Fix building fishlim against libressl also
+
+Also part of #1898
+---
+ configure.ac             | 2 +-
+ plugins/fishlim/dh1080.c | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1f442c5..10a1550 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -375,7 +375,7 @@ AS_IF([test "$openssl" != no], [
+ 		COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS"
+ 		COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS"
+ 		dnl Test for various functions that are not available in LibreSSL
+-		AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid])
++		AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid DH_set0_pqg DH_get0_key DH_set0_key])
+ 	], [
+ 		unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h
+ 		AS_IF([test "$openssl" != yes], [
+diff --git a/plugins/fishlim/dh1080.c b/plugins/fishlim/dh1080.c
+index ff6e579..3611758 100644
+--- a/plugins/fishlim/dh1080.c
++++ b/plugins/fishlim/dh1080.c
+@@ -74,7 +74,7 @@ dh1080_init (void)
+ 
+ 		BN_set_word (g, 2);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_DH_SET0_PQG
+ 		g_dh->p = p;
+ 		g_dh->g = g;
+ #else
+@@ -162,7 +162,7 @@ dh1080_generate_key (char **priv_key, char **pub_key)
+ 		return 0;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_DH_GET0_KEY
+ 	dh_pub_key = dh->pub_key;
+ 	dh_priv_key = dh->priv_key;
+ #else
+@@ -213,7 +213,7 @@ dh1080_compute_key (const char *priv_key, const char *pub_key, char **secret_key
+ 
+ 	  	priv_key_data = dh1080_decode_b64 (priv_key, &priv_key_len);
+ 		priv_key_num = BN_bin2bn(priv_key_data, priv_key_len, NULL);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_DH_SET0_KEY
+ 		dh->priv_key = priv_key_num;
+ #else
+ 		DH_set0_key (dh, NULL, priv_key_num);
diff --git a/user/hexchat/pixdata.patch b/user/hexchat/pixdata.patch
new file mode 100644
index 000000000..4e720a848
--- /dev/null
+++ b/user/hexchat/pixdata.patch
@@ -0,0 +1,56 @@
+From 4c178782a779f013fafab476506f7d4dae372b8a Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <tingping@tingping.se>
+Date: Sat, 17 Dec 2016 19:55:06 -0500
+Subject: [PATCH] Don't combine compression with pixdata option for icon
+ resources
+
+This made minimal difference and is not recommended by upstream.
+It also is affected by a regression in the latest gdk-pixbuf release.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=776105
+---
+ data/hexchat.gresource.xml | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/data/hexchat.gresource.xml b/data/hexchat.gresource.xml
+index c125da2..5845da5 100644
+--- a/data/hexchat.gresource.xml
++++ b/data/hexchat.gresource.xml
+@@ -1,23 +1,23 @@
+ <?xml version="1.0" encoding="UTF-8"?>
+ <gresources>
+ 	<gresource prefix="/icons">
+-		<file alias="hexchat.png" preprocess="to-pixdata" compressed="true">icons/hexchat.png</file>
+-		<file alias="book.png" preprocess="to-pixdata" compressed="true">icons/book.png</file>
++		<file alias="hexchat.png" preprocess="to-pixdata">icons/hexchat.png</file>
++		<file alias="book.png" preprocess="to-pixdata">icons/book.png</file>
+ 
+-		<file alias="ulist_voice.png" preprocess="to-pixdata" compressed="true">icons/ulist_voice.png</file>
+-		<file alias="ulist_halfop.png" preprocess="to-pixdata" compressed="true">icons/ulist_halfop.png</file>
+-		<file alias="ulist_op.png" preprocess="to-pixdata" compressed="true">icons/ulist_op.png</file>
+-		<file alias="ulist_owner.png" preprocess="to-pixdata" compressed="true">icons/ulist_owner.png</file>
+-		<file alias="ulist_founder.png" preprocess="to-pixdata" compressed="true">icons/ulist_founder.png</file>
+-		<file alias="ulist_netop.png" preprocess="to-pixdata" compressed="true">icons/ulist_netop.png</file>
++		<file alias="ulist_voice.png" preprocess="to-pixdata">icons/ulist_voice.png</file>
++		<file alias="ulist_halfop.png" preprocess="to-pixdata">icons/ulist_halfop.png</file>
++		<file alias="ulist_op.png" preprocess="to-pixdata">icons/ulist_op.png</file>
++		<file alias="ulist_owner.png" preprocess="to-pixdata">icons/ulist_owner.png</file>
++		<file alias="ulist_founder.png" preprocess="to-pixdata">icons/ulist_founder.png</file>
++		<file alias="ulist_netop.png" preprocess="to-pixdata">icons/ulist_netop.png</file>
+ 
+-		<file alias="tray_fileoffer.png" preprocess="to-pixdata" compressed="true">icons/tray_fileoffer.png</file>
+-		<file alias="tray_highlight.png" preprocess="to-pixdata" compressed="true">icons/tray_highlight.png</file>
+-		<file alias="tray_message.png" preprocess="to-pixdata" compressed="true">icons/tray_message.png</file>
++		<file alias="tray_fileoffer.png" preprocess="to-pixdata">icons/tray_fileoffer.png</file>
++		<file alias="tray_highlight.png" preprocess="to-pixdata">icons/tray_highlight.png</file>
++		<file alias="tray_message.png" preprocess="to-pixdata">icons/tray_message.png</file>
+ 
+ 		<file alias="tree_channel.png" preprocess="to-pixdata">icons/tree_channel.png</file>
+-		<file alias="tree_dialog.png" preprocess="to-pixdata" compressed="true">icons/tree_dialog.png</file>
+-		<file alias="tree_server.png" preprocess="to-pixdata" compressed="true">icons/tree_server.png</file>
+-		<file alias="tree_util.png" preprocess="to-pixdata" compressed="true">icons/tree_util.png</file>
++		<file alias="tree_dialog.png" preprocess="to-pixdata">icons/tree_dialog.png</file>
++		<file alias="tree_server.png" preprocess="to-pixdata">icons/tree_server.png</file>
++		<file alias="tree_util.png" preprocess="to-pixdata">icons/tree_util.png</file>
+ 	</gresource>
+ </gresources>
diff --git a/user/i3lock/APKBUILD b/user/i3lock/APKBUILD
new file mode 100644
index 000000000..c11e9bca8
--- /dev/null
+++ b/user/i3lock/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Johannes Matheis <jomat+alpinebuild@jmt.gr>
+# Maintainer: Johannes Matheis <jomat+alpinebuild@jmt.gr>
+pkgname=i3lock
+pkgver=2.10
+pkgrel=0
+pkgdesc="An improved screenlocker based upon XCB and PAM"
+url="https://i3wm.org/i3lock/"
+arch="all"
+license="MIT"
+depends="xkeyboard-config"
+makedepends="libev-dev cairo-dev linux-pam-dev libxkbcommon-dev
+	xcb-util-image-dev which"
+subpackages="$pkgname-doc"
+source="$url/$pkgname-$pkgver.tar.bz2"
+builddir="$srcdir/$pkgname-$pkgver"
+
+prepare() {
+	default_prepare
+
+	cd "$builddir"
+
+	# Fix ticket FS#31544, sed line taken from gentoo
+	sed -i -e 's:login:base-auth:g' i3lock.pam
+}
+
+build() {
+	cd "$builddir"
+	make
+}
+
+check() {
+	cd "$builddir"
+	./i3lock -v
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	install -m755 -d "$pkgdir/usr/share/man/man1/"
+	install -m644 $pkgname.1 "$pkgdir/usr/share/man/man1/"
+}
+
+sha512sums="ea865b202668212b58d0b97d0263171847e1bd0c529e2fd3d26c15ef253861b9a8357ff2efaa6a4f342c4d0d1ab03bc00f95f4d4008760ec8e0767ac29195517  i3lock-2.10.tar.bz2"
diff --git a/user/jasper/APKBUILD b/user/jasper/APKBUILD
new file mode 100644
index 000000000..74504d503
--- /dev/null
+++ b/user/jasper/APKBUILD
@@ -0,0 +1,49 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=jasper
+pkgver=2.0.14
+pkgrel=0
+pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
+url="http://www.ece.uvic.ca/~mdadams/jasper/"
+arch="all"
+license="custom:JasPer2.0"
+depends=  #"libjpeg>=8 freeglut libxi libxmu mesa"
+makedepends="libjpeg-turbo-dev cmake"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz
+	"
+builddir="$srcdir"/$pkgname-$pkgver
+
+# secfixes:
+#   2.0.12-r1:
+#     - CVE-2017-1000050
+
+build() {
+	mkdir "$builddir"/obj
+	cd "$builddir"/obj
+	# default of 16 causes stack overflow
+	export CFLAGS="${CFLAGS} -DJPC_QMFB_COLGRPSIZE=6"
+	cmake ..  \
+		-DCMAKE_BUILD_TYPE=Release \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DCMAKE_INSTALL_LIBDIR=/usr/lib
+
+	make
+}
+
+check() {
+	cd "$builddir"/obj
+	make test
+}
+
+package() {
+	cd "$builddir"/obj
+	make DESTDIR="$pkgdir" install
+}
+
+libs() {
+	pkgdesc="JPEG-2000 library"
+	install -d "$subpkgdir"/usr/
+	mv "$pkgdir"/usr/lib "$subpkgdir"/usr
+}
+
+sha512sums="9e5cffd2e899e37ba08890e2377ddfc3c2fb13d9fe00dea6b4612e4d241a6f4327de6835809b415c41ae4bf44208cf7871c1982ff5fc04ae6bc09fd376b0afc8  jasper-2.0.14.tar.gz"
diff --git a/user/libbluray/APKBUILD b/user/libbluray/APKBUILD
new file mode 100644
index 000000000..925ad2cfd
--- /dev/null
+++ b/user/libbluray/APKBUILD
@@ -0,0 +1,36 @@
+# Contributor: Timo Teräs <timo.teras@iki.fi>
+# Maintainer: Timo Teräs <timo.teras@iki.fi>
+pkgname=libbluray
+pkgver=1.0.0
+pkgrel=1
+pkgdesc="a library designed for Blu-Ray Discs playback"
+url="http://www.videolan.org/developers/libbluray.html"
+arch="all"
+license="LGPL"
+options="!check"  # Test requires an actual BD-ROM to play
+makedepends="fontconfig-dev libxml2-dev"
+subpackages="$pkgname-dev"
+source="http://download.videolan.org/pub/videolan/libbluray/$pkgver/libbluray-$pkgver.tar.bz2"
+builddir="$srcdir"/libbluray-$pkgver
+
+build() {
+	cd "$builddir"
+
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+		--disable-bdjava
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="fcf2193c3b76f3436bc88ce8853cac16f29c3bb6c66447109c14202a41ea938cb6814502a8f724fb1b31add6bd36b42d3aed3eb4a8010c123537e073bd7a0be1  libbluray-1.0.0.tar.bz2"
diff --git a/user/libcanberra/APKBUILD b/user/libcanberra/APKBUILD
new file mode 100644
index 000000000..31cae167b
--- /dev/null
+++ b/user/libcanberra/APKBUILD
@@ -0,0 +1,95 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: William Pitcock <nenolod@dereferenced.org>
+pkgname=libcanberra
+pkgver=0.30
+pkgrel=2
+pkgdesc="simple audio library for GTK applications"
+url="http://0pointer.de/lennart/projects/libcanberra/"
+license="LGPL"
+options="!check"  # No test suite.
+depends=
+makedepends="gtk+-dev libogg-dev libvorbis-dev alsa-lib-dev libtool gtk+3.0-dev
+	pulseaudio-dev gstreamer-dev"
+install=
+subpackages="$pkgname-dev $pkgname-doc $pkgname-gtk2 $pkgname-gtk3
+	$pkgname-gstreamer $pkgname-pulse"
+source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz"
+arch="all"
+
+depends_dev="$makedepends"
+
+builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+	cd "$builddir"
+	update_config_sub
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-oss
+	make
+}
+
+package() {
+	cd "$builddir"
+	make -j1 DESTDIR="$pkgdir" install
+}
+
+gtk2() {
+	pkgdesc="Gtk+ 2.x Bindings for libcanberra"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libcanberra-gtk.so.* \
+		"$subpkgdir"/usr/lib/
+	mv "$pkgdir"/usr/lib/gtk-2.0 \
+		"$subpkgdir"/usr/lib/
+}
+
+gtk3() {
+	pkgdesc="Gtk+ 3.x Bindings for libcanberra"
+	mkdir -p "$subpkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules \
+		"$subpkgdir"/usr/bin \
+		"$subpkgdir"/usr/share/gnome/autostart \
+		"$subpkgdir"/usr/share/gnome/shutdown \
+		"$subpkgdir"/usr/share/gdm/autostart/LoginWindow
+	mv "$pkgdir"/usr/lib/gtk-3.0 \
+		"$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libcanberra-gtk3.so.* \
+		"$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/bin/canberra-gtk-play \
+		"$subpkgdir"/usr/bin/
+	mv "$pkgdir"/usr/share/gnome/autostart/libcanberra-login-sound.desktop \
+		"$subpkgdir"/usr/share/gnome/autostart
+	mv "$pkgdir"/usr/share/gnome/shutdown/libcanberra-logout-sound.sh \
+		"$subpkgdir"/usr/share/gnome/autostart/
+	mv "$pkgdir"/usr/share/gdm/autostart/LoginWindow/libcanberra-ready-sound.desktop \
+		"$subpkgdir"/usr/share/gdm/autostart/LoginWindow/
+	mv "$pkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules/canberra-gtk-module.desktop \
+		"$subpkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules/
+}
+
+gstreamer() {
+	pkgdesc="GStreamer backend for libcanberra"
+	install_if="$pkgname=$pkgver-$pkgrel gstreamer"
+	mkdir -p "$subpkgdir"/usr/lib/libcanberra-$pkgver
+	mv "$pkgdir"/usr/lib/libcanberra-$pkgver/libcanberra-gstreamer.so \
+		"$subpkgdir"/usr/lib/libcanberra-$pkgver/
+}
+
+pulse() {
+	pkgdesc="PulseAudio backend for libcanberra"
+	install_if="$pkgname=$pkgver-$pkgrel pulseaudio"
+	mkdir -p "$subpkgdir"/usr/lib/libcanberra-$pkgver
+	mv "$pkgdir"/usr/lib/libcanberra-$pkgver/libcanberra-pulse.so \
+		"$subpkgdir"/usr/lib/libcanberra-$pkgver/
+}
+
+sha512sums="f7543582122256826cd01d0f5673e1e58d979941a93906400182305463d6166855cb51f35c56d807a56dc20b7a64f7ce4391368d24990c1b70782a7d0b4429c2  libcanberra-0.30.tar.xz"
diff --git a/user/libgit2/APKBUILD b/user/libgit2/APKBUILD
new file mode 100644
index 000000000..e7e4bbfad
--- /dev/null
+++ b/user/libgit2/APKBUILD
@@ -0,0 +1,52 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Pierre-Gilas MILLON <pgmillon@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libgit2
+pkgver=0.26.0
+pkgrel=0
+pkgdesc="A linkable library for Git"
+url="https://libgit2.github.com/"
+arch="all"
+license="GPL-2.0"
+depends=""
+depends_dev="curl-dev libssh2-dev"
+makedepends="$depends_dev python3 cmake zlib-dev openssl-dev"
+subpackages="$pkgname-dev"
+source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
+	build-both-static-dynamic.patch
+	"
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+#   0.25.1-r0:
+#   - CVE-2016-10128
+#   - CVE-2016-10129
+#   - CVE-2016-10130
+#   0.24.3-r0:
+#   - CVE-2016-8568
+#   - CVE-2016-8569
+
+build() {
+	cd "$builddir"
+	cmake \
+		-DCMAKE_BUILD_TYPE=RelWithDebugInfo \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DCMAKE_INSTALL_LIBDIR=lib \
+		-DCMAKE_CXX_FLAGS="$CXXFLAGS" \
+		-DCMAKE_C_FLAGS="$CFLAGS"
+	make
+}
+
+check() {
+	cd "$builddir"
+	CTEST_OUTPUT_ON_FAILURE=TRUE ctest
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="b6e51f2216c7c23f352572b780ea1325a25a517396709f036bb573295c2bd02aa505ba616846ac7e07863e99e640e7d47fefc5727478a257b283da99060ee47c  libgit2-0.26.0.tar.gz
+39534d10f38f394446f93df810233464807fca3b0e903ee40067971ecbe1d78102bbe04283435032f757f970e6846ecf279eb727ab137c01e84427bd16913ee6  build-both-static-dynamic.patch"
diff --git a/user/libgit2/build-both-static-dynamic.patch b/user/libgit2/build-both-static-dynamic.patch
new file mode 100644
index 000000000..eeb179a1e
--- /dev/null
+++ b/user/libgit2/build-both-static-dynamic.patch
@@ -0,0 +1,53 @@
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Mon, 11 Apr 2017 3:23:00 +0200
+Subject: [PATCH] Build both static and dynamic library
+
+This is very hack-ish, it makes option BUILD_SHARED_LIBS unusable.
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -28,7 +28,6 @@
+ # Build options
+ #
+ OPTION( SONAME				"Set the (SO)VERSION of the target"		ON  )
+-OPTION( BUILD_SHARED_LIBS	"Build Shared Library (OFF for Static)"	ON  )
+ OPTION( THREADSAFE			"Build libgit2 as threadsafe"			ON )
+ OPTION( BUILD_CLAR			"Build Tests using the Clar suite"		ON  )
+ OPTION( BUILD_EXAMPLES		"Build library usage example apps"		OFF )
+@@ -44,6 +43,8 @@
+ OPTION( CURL			"Use curl for HTTP if available" ON)
+ OPTION( DEBUG_POOL			"Enable debug pool allocator"			OFF )
+ 
++SET( BUILD_SHARED_LIBS ON )
++
+ IF(DEBUG_POOL)
+ 	ADD_DEFINITIONS(-DGIT_DEBUG_POOL)
+ ENDIF()
+@@ -602,7 +603,8 @@
+ ENDIF()
+ 
+ # Compile and link libgit2
+-ADD_LIBRARY(git2 ${SRC_H} ${SRC_GIT2} ${SRC_OS} ${SRC_ZLIB} ${SRC_HTTP} ${SRC_REGEX} ${SRC_SSH} ${SRC_SHA1} ${WIN_RC})
++ADD_LIBRARY(objlib OBJECT ${SRC_H} ${SRC_GIT2} ${SRC_OS} ${SRC_ZLIB} ${SRC_HTTP} ${SRC_REGEX} ${SRC_SSH} ${SRC_SHA1} ${WIN_RC})
++ADD_LIBRARY(git2 SHARED $<TARGET_OBJECTS:objlib>)
+ TARGET_LINK_LIBRARIES(git2 ${SECURITY_DIRS})
+ TARGET_LINK_LIBRARIES(git2 ${COREFOUNDATION_DIRS})
+ TARGET_LINK_LIBRARIES(git2 ${SSL_LIBRARIES})
+@@ -611,6 +613,9 @@
+ TARGET_LINK_LIBRARIES(git2 ${ICONV_LIBRARIES})
+ TARGET_OS_LIBRARIES(git2)
+ 
++ADD_LIBRARY(git2_static STATIC $<TARGET_OBJECTS:objlib>)
++SET_TARGET_PROPERTIES(git2_static PROPERTIES OUTPUT_NAME git2 CLEAN_DIRECT_OUTPUT 1)
++
+ # Workaround for Cmake bug #0011240 (see http://public.kitware.com/Bug/view.php?id=11240)
+ # Win64+MSVC+static libs = linker error
+ IF(MSVC AND GIT_ARCH_64 AND NOT BUILD_SHARED_LIBS)
+@@ -639,7 +644,7 @@
+ ENDIF ()
+ 
+ # Install
+-INSTALL(TARGETS git2
++INSTALL(TARGETS git2 git2_static
+ 	RUNTIME DESTINATION ${BIN_INSTALL_DIR}
+ 	LIBRARY DESTINATION ${LIB_INSTALL_DIR}
+ 	ARCHIVE DESTINATION ${LIB_INSTALL_DIR}
diff --git a/user/libgit2/libressl.patch b/user/libgit2/libressl.patch
new file mode 100644
index 000000000..967cdc498
--- /dev/null
+++ b/user/libgit2/libressl.patch
@@ -0,0 +1,12 @@
+diff -ru src.orig/libgit2-0.25.1/src/openssl_stream.h src/libgit2-0.25.1/src/openssl_stream.h
+--- libgit2-0.25.1/src/copenssl_stream.h.orig
++++ libgit2-0.25.1/src/openssl_stream.h
+@@ -27,7 +27,7 @@
+ 
+ 
+ 
+-# if OPENSSL_VERSION_NUMBER < 0x10100000L
++# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
+ {
diff --git a/user/libgit2/pkgconfig-do-not-quote-Libs.patch b/user/libgit2/pkgconfig-do-not-quote-Libs.patch
new file mode 100644
index 000000000..86133612e
--- /dev/null
+++ b/user/libgit2/pkgconfig-do-not-quote-Libs.patch
@@ -0,0 +1,26 @@
+From 452ba68cde25423d13ebb36f0a54559f07aa53a2 Mon Sep 17 00:00:00 2001
+From: Igor Gnatenko <ignatenko@redhat.com>
+Date: Tue, 7 Feb 2017 16:37:47 +0100
+Subject: [PATCH] pkgconfig: do not quote Libs
+
+It doesn't make sense at all.
+---
+ libgit2.pc.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libgit2.pc.in b/libgit2.pc.in
+index 329a560a7..880266a30 100644
+--- a/libgit2.pc.in
++++ b/libgit2.pc.in
+@@ -6,7 +6,7 @@ Name: libgit2
+ Description: The git library, take 2
+ Version: @LIBGIT2_VERSION_STRING@
+ 
+-Libs: -L"${libdir}" -lgit2
++Libs: -L${libdir} -lgit2
+ Libs.private: @LIBGIT2_PC_LIBS@
+ Requires.private: @LIBGIT2_PC_REQUIRES@
+ 
+-- 
+2.11.0
+
diff --git a/user/libnih/APKBUILD b/user/libnih/APKBUILD
new file mode 100644
index 000000000..f12895d65
--- /dev/null
+++ b/user/libnih/APKBUILD
@@ -0,0 +1,57 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: William Pitcock <nenolod@dereferenced.org>
+pkgname=libnih
+pkgver=1.0.3
+pkgrel=5
+pkgdesc="glib-like library for embedded use"
+url="http://launchpad.net/libnih"
+arch="all"
+license="LGPL"
+options="!checkroot"
+depends=
+depends_dev="dbus-dev expat-dev"
+makedepends="$depends_dev gettext-dev"
+checkdepends="dbus-x11 linux-headers"
+install=""
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://launchpad.net/libnih/${pkgver%.*}/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz
+	musl-fix-signals.patch
+	disable-broken-test.patch
+	musl-enomem-message.patch
+	parse-test-fix.patch
+	"
+
+builddir="${srcdir}/${pkgname}-${pkgver}"
+prepare() {
+	cd "$builddir"
+	update_config_sub
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+	LIBS="-lintl" ./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--libdir=/lib \
+		--sysconfdir=/etc \
+		--localstatedir=/var
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="fce40d2445b28c27b8838631681ca3206a4f053b2dd4fc488fc9ef98bbd3d933e3d62b82cf346be2ef1677f6457f692cf5544cd915a6bb1e5c618f98ffa101b4  libnih-1.0.3.tar.gz
+77a979b3076c4e4229359f28c2e9d4fb66d799a66d60391ab6fd7e0dfe2a615b88330a979877b105293a95ed147546596eca174f52b75beca0457c49a017d040  musl-fix-signals.patch
+b5b77b1f18d7aa5d603a0d312b785c28200c38b7bbe5c384ee576c762bd9e3163682c29dd5410baf18c5c3734f0b719602caa1de096f1758d624d94b7753066a  disable-broken-test.patch
+b800c99153ad66c9d7399bc7544a0237de0c7a4ddac129509f13eb1c31805fcac31c93bbf2945da557dfc900c9ec837ec0fded1c3f9887095dae52ff6fc046ec  musl-enomem-message.patch
+3f24f648c27e9b5a6872859fe97b34055b0f43b11f0321508852b20b6dd94de5c8d24a6dbaab9d49e7004bf0c571c11ebf520d49630d8a89bceeb7783de7dcd2  parse-test-fix.patch"
diff --git a/user/libnih/disable-broken-test.patch b/user/libnih/disable-broken-test.patch
new file mode 100644
index 000000000..15027945a
--- /dev/null
+++ b/user/libnih/disable-broken-test.patch
@@ -0,0 +1,11 @@
+--- libnih-1.0.3/nih/tests/test_child.c.old	2010-09-20 18:17:01.000000000 -0500
++++ libnih-1.0.3/nih/tests/test_child.c	2017-09-27 20:22:23.576368549 -0500
+@@ -652,7 +652,7 @@
+       char *argv[])
+ {
+ 	test_add_watch ();
+-	test_poll ();
++	// test_poll ();
+ 
+ 	return 0;
+ }
diff --git a/user/libnih/musl-enomem-message.patch b/user/libnih/musl-enomem-message.patch
new file mode 100644
index 000000000..2adeff852
--- /dev/null
+++ b/user/libnih/musl-enomem-message.patch
@@ -0,0 +1,489 @@
+--- libnih-1.0.3/nih-dbus-tool/tests/test_parse.c.old	2010-09-20 18:17:01.000000000 -0500
++++ libnih-1.0.3/nih-dbus-tool/tests/test_parse.c	2017-09-27 20:40:32.998734677 -0500
+@@ -1583,11 +1583,16 @@
+ 	Signal *   signal;
+ 	Property * property;
+ 	Argument * argument;
++	char       mem_error[280] = "test:foo:[0-9]*:[0-9]*: ";
+ 
+ 	TEST_FUNCTION ("parse_xml");
+ 	fp = tmpfile ();
+ 	output = tmpfile ();
+ 
++ 
++	strerror_r(ENOMEM, mem_error+24, 254);
++	mem_error[strlen(mem_error)] = '\n';
++
+ 	/* Check that a file containing a single node entity is parsed
+ 	 * successfully, returning a Node structure with no information
+ 	 * attached.
+@@ -1608,8 +1613,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -1645,8 +1649,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -1686,8 +1689,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -1743,8 +1745,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -1800,8 +1801,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -1857,8 +1857,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -1916,8 +1915,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -1973,8 +1971,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2047,8 +2044,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2121,8 +2117,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2195,8 +2190,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2271,8 +2265,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2345,8 +2338,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2419,8 +2411,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2493,8 +2484,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2567,8 +2557,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2641,8 +2630,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2729,8 +2717,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2817,8 +2804,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2904,8 +2890,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -2992,8 +2977,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3107,8 +3091,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3199,8 +3182,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3291,8 +3273,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3417,8 +3398,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3575,8 +3555,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3647,8 +3626,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3719,8 +3697,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3791,8 +3768,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3865,8 +3841,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -3937,8 +3912,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4023,8 +3997,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4108,8 +4081,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4194,8 +4166,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4306,8 +4277,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4426,8 +4396,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4579,8 +4548,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4652,8 +4620,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4725,8 +4692,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4800,8 +4766,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4875,8 +4840,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -4950,8 +4914,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -5027,8 +4990,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -5104,8 +5066,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -5233,8 +5194,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -5570,8 +5530,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
+@@ -5996,8 +5955,7 @@
+ 		if (test_alloc_failed) {
+ 			TEST_EQ_P (node, NULL);
+ 
+-			TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+-						  "Cannot allocate memory\n"));
++			TEST_FILE_MATCH (output, mem_error);
+ 			TEST_FILE_END (output);
+ 			TEST_FILE_RESET (output);
+ 			continue;
diff --git a/user/libnih/musl-fix-signals.patch b/user/libnih/musl-fix-signals.patch
new file mode 100644
index 000000000..97ef8196d
--- /dev/null
+++ b/user/libnih/musl-fix-signals.patch
@@ -0,0 +1,12 @@
+--- libnih-1.0.3.orig/nih/signal.c
++++ libnih-1.0.3/nih/signal.c
+@@ -87,7 +87,9 @@
+ 	{ SIGSTKFLT, "STKFLT" },
+ #endif
+ 	{ SIGCHLD,   "CHLD"   },
++#ifdef SIGCLD
+ 	{ SIGCLD,    "CLD"    },
++#endif
+ 	{ SIGCONT,   "CONT"   },
+ 	{ SIGSTOP,   "STOP"   },
+ 	{ SIGTSTP,   "TSTP"   },
diff --git a/user/libnih/parse-test-fix.patch b/user/libnih/parse-test-fix.patch
new file mode 100644
index 000000000..e993bf324
--- /dev/null
+++ b/user/libnih/parse-test-fix.patch
@@ -0,0 +1,11 @@
+--- libnih-1.0.3/nih-dbus-tool/tests/test_parse.c.old	2018-03-02 16:54:29.969068332 -0600
++++ libnih-1.0.3/nih-dbus-tool/tests/test_parse.c	2018-03-02 17:05:41.629074683 -0600
+@@ -7908,7 +7908,7 @@
+ 
+ 		TEST_EQ_P (node, NULL);
+ 
+-		TEST_FILE_EQ (output, ("test:foo:2:0: "
++		TEST_FILE_EQ (output, ("test:foo:1:36: "
+ 				       "Invalid object path in <node> name attribute\n"));
+ 		TEST_FILE_END (output);
+ 		TEST_FILE_RESET (output);
diff --git a/user/libnotify/APKBUILD b/user/libnotify/APKBUILD
new file mode 100644
index 000000000..a59730e1b
--- /dev/null
+++ b/user/libnotify/APKBUILD
@@ -0,0 +1,34 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libnotify
+pkgver=0.7.7
+pkgrel=1
+pkgdesc="Desktop notification library"
+url="http://library.gnome.org/devel/notification-spec/"
+arch="all"
+license="LGPL"
+options="!check"  # Test suite requires running X11
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+depends_dev="dbus-dev"
+makedepends="$depends_dev gdk-pixbuf-dev glib-dev autoconf automake
+	gobject-introspection-dev"
+source="https://download.gnome.org/sources/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz"
+
+builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--disable-static \
+		--disable-tests
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+sha512sums="133874114407bf12267ef609f5941657181760bc7cf115c5973b1810cb72bf55072b621c143e32be1e7e8b49f244851925d14bc3f9f26457747b8a8695ee9954  libnotify-0.7.7.tar.xz"
diff --git a/user/libsndfile/APKBUILD b/user/libsndfile/APKBUILD
new file mode 100644
index 000000000..66abef4f7
--- /dev/null
+++ b/user/libsndfile/APKBUILD
@@ -0,0 +1,61 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libsndfile
+pkgver=1.0.28
+pkgrel=3
+pkgdesc="A C library for reading and writing files containing sampled sound"
+url="http://www.mega-nerd.com/libsndfile"
+arch="all"
+license="LGPL2+"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+depends_dev="flac-dev libvorbis-dev libogg-dev"
+makedepends="linux-headers alsa-lib-dev $depends_dev"
+source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz
+	CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
+	CVE-2017-8362.patch
+	CVE-2017-12562.patch
+	varargs-32bit.patch
+	"
+
+# secfixes:
+#   1.0.28-r2:
+#   - CVE-2017-12562
+#   1.0.28-r0:
+#   - CVE-2017-7585
+#   - CVE-2017-7741
+#   - CVE-2017-7742
+#   1.0.28-r1:
+#   - CVE-2017-8361
+#   - CVE-2017-8362
+#   - CVE-2017-8363
+#   - CVE-2017-8365
+
+builddir="$srcdir/$pkgname-$pkgver"
+build () {
+	cd "$builddir"
+	ac_cv_sys_largefile_CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" \
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--disable-sqlite \
+		--enable-largefile
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f  libsndfile-1.0.28.tar.gz
+f98c40696fca3e7bca867df993de55bb4145c23428e65d1a669182eb2293046478ac727ae7f94bb77123ef0355c3c53be4f9d6a432665c90c74687d8d3afd9e3  CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
+dfd4b5f1c7471fc416eed5c6040580a020543f145de9103751adaad6ce1c5c6a22abc1cf0ffd381aed3072644cd5ee03ba3598265aa7d202d63167da251cb595  CVE-2017-8362.patch
+814139567d90fb07908014e858c341fe933e04dca69b88ad66078910888237bbeba94f85d9e1489883c424f35fca312eb98c21ae2b122d9289bb6418725cd02e  CVE-2017-12562.patch
+2b83bacec23665cd31a596a1ce1fb543f935c7609dfff93a85822f81d66b3483cd547cd043eefb901d543276c270a17add70bf0db6348b5279220a7ecbd8b339  varargs-32bit.patch"
diff --git a/user/libsndfile/CVE-2017-12562.patch b/user/libsndfile/CVE-2017-12562.patch
new file mode 100644
index 000000000..f195e87e4
--- /dev/null
+++ b/user/libsndfile/CVE-2017-12562.patch
@@ -0,0 +1,88 @@
+From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
+Date: Wed, 14 Jun 2017 12:25:40 +0200
+Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
+ in binheader
+
+Fixes the following problems:
+ 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
+ 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
+    big switch statement by an amount (16 bytes) which is enough for all cases
+    where only a single value gets added. Cases 's', 'S', 'p' however
+    additionally write an arbitrary length block of data and again enlarge the
+    buffer to the required amount. However, the required space calculation does
+    not take into account the size of the length field which gets output before
+    the data.
+ 3. Buffer size requirement calculation in case 'S' does not account for the
+    padding byte ("size += (size & 1) ;" happens after the calculation which
+    uses "size").
+ 4. Case 'S' can overrun the header buffer by 1 byte when no padding is
+    involved
+    ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
+    the buffer is only guaranteed to have "size" space available).
+ 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
+    beyond the space which is guaranteed to be allocated in the header buffer.
+ 6. Case 's' can overrun the provided source string by 1 byte if padding is
+    involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
+    where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
+    plus optionally another 1 which is padding and not guaranteed to be
+    readable via the source string pointer).
+
+Closes: https://github.com/erikd/libsndfile/issues/292
+---
+ src/common.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/common.c b/src/common.c
+index 1a6204ca..6b2a2ee9 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					/* Write a C string (guaranteed to have a zero terminator). */
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) + 1 ;
+-					size += (size & 1) ;
+ 
+-					if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+-						header_put_be_int (psf, size) ;
++						header_put_be_int (psf, size + (size & 1)) ;
+ 					else
+-						header_put_le_int (psf, size) ;
++						header_put_le_int (psf, size + (size & 1)) ;
+ 					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
++					size += (size & 1) ;
+ 					psf->header.indx += size ;
+ 					psf->header.ptr [psf->header.indx - 1] = 0 ;
+ 					count += 4 + size ;
+@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					*/
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) ;
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+ 						header_put_be_int (psf, size) ;
+ 					else
+ 						header_put_le_int (psf, size) ;
+-					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
++					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
+ 					size += (size & 1) ;
+ 					psf->header.indx += size ;
+-					psf->header.ptr [psf->header.indx] = 0 ;
+ 					count += 4 + size ;
+ 					break ;
+ 
+@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					size = (size & 1) ? size : size + 1 ;
+ 					size = (size > 254) ? 254 : size ;
+ 
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ 						return count ;
+ 
+ 					header_put_byte (psf, size) ;
diff --git a/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch b/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
new file mode 100644
index 000000000..1dc5b57f1
--- /dev/null
+++ b/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
@@ -0,0 +1,64 @@
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+---
+ src/common.h  |  1 +
+ src/flac.c    | 13 +++++++++++++
+ src/sndfile.c |  1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c3..e2669b6a 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ 	SFE_FLAC_INIT_DECODER,
+ 	SFE_FLAC_LOST_SYNC,
+ 	SFE_FLAC_BAD_SAMPLE_RATE,
++	SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ 	SFE_FLAC_UNKOWN_ERROR,
+ 
+ 	SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e26..986a7b8f 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 
+ 	switch (metadata->type)
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
++			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++									"Nothing to be but to error out.\n" ,
++									psf->sf.channels, metadata->data.stream_info.channels) ;
++				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++				return ;
++				} ;
++
++			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++									"Carrying on as if nothing happened.",
++									psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++				} ;
+ 			psf->sf.channels = metadata->data.stream_info.channels ;
+ 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ 			psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 41875610..e2a87be8 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },
+ 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },
+ 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },
+ 
+ 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },
diff --git a/user/libsndfile/CVE-2017-8362.patch b/user/libsndfile/CVE-2017-8362.patch
new file mode 100644
index 000000000..54fbfb44c
--- /dev/null
+++ b/user/libsndfile/CVE-2017-8362.patch
@@ -0,0 +1,50 @@
+From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Fri, 14 Apr 2017 15:19:16 +1000
+Subject: [PATCH] src/flac.c: Fix a buffer read overflow
+
+A file (generated by a fuzzer) which increased the number of channels
+from one frame to the next could cause a read beyond the end of the
+buffer provided by libFLAC. Only option is to abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/231
+---
+ src/flac.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/flac.c b/src/flac.c
+index 5a4f8c21..e4f9aaa0 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const int32_t* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset, channels, len ;
+ 
++	if (psf->sf.channels != (int) frame->header.channels)
++	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
++									"Nothing to do but to error out.\n" ,
++									psf->sf.channels, frame->header.channels) ;
++		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++		return 0 ;
++		} ;
++
+ 	/*
+ 	**	frame->header.blocksize is variable and we're using a constant blocksize
+ 	**	of FLAC__MAX_BLOCK_SIZE.
+@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		return 0 ;
+ 		} ;
+ 
+-
+ 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
+ 
+ 	if (pflac->remain % channels != 0)
+@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ 	{	case FLAC__METADATA_TYPE_STREAMINFO :
+ 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+-									"Nothing to be but to error out.\n" ,
++									"Nothing to do but to error out.\n" ,
+ 									psf->sf.channels, metadata->data.stream_info.channels) ;
+ 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ 				return ;
diff --git a/user/libsndfile/varargs-32bit.patch b/user/libsndfile/varargs-32bit.patch
new file mode 100644
index 000000000..81f149add
--- /dev/null
+++ b/user/libsndfile/varargs-32bit.patch
@@ -0,0 +1,11 @@
+--- libsndfile-1.0.28/src/rf64.c.old	2017-04-02 02:43:22.000000000 -0500
++++ libsndfile-1.0.28/src/rf64.c	2018-03-04 22:35:31.072461118 -0600
+@@ -737,7 +737,7 @@
+ 
+ 	pad_size = psf->dataoffset - 16 - psf->header.indx ;
+ 	if (pad_size >= 0)
+-		psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
++		psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ;
+ 
+ 	if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
+ 		psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
diff --git a/user/libssh2/APKBUILD b/user/libssh2/APKBUILD
new file mode 100644
index 000000000..1bfdfdef9
--- /dev/null
+++ b/user/libssh2/APKBUILD
@@ -0,0 +1,41 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libssh2
+pkgver=1.8.0
+pkgrel=1
+pkgdesc="library for accessing ssh1/ssh2 protocol servers"
+url="http://libssh2.org/"
+arch="all"
+license="BSD"
+makedepends_host="openssl-dev zlib-dev"
+options="!check"
+subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc"
+source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz"
+builddir="$srcdir"/libssh2-$pkgver
+
+prepare() {
+	cd "$builddir"
+	update_config_sub
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+		--with-libssl-prefix="${CBUILDROOT}"/usr \
+		--disable-rpath
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="289aa45c4f99653bebf5f99565fe9c519abc204feb2084b47b7cc3badc8bf4ecdedd49ea6acdce8eb902b3c00995d5f92a3ca77b2508b92f04ae0e7de7287558  libssh2-1.8.0.tar.gz"
diff --git a/user/libvpx/APKBUILD b/user/libvpx/APKBUILD
new file mode 100644
index 000000000..27de30e06
--- /dev/null
+++ b/user/libvpx/APKBUILD
@@ -0,0 +1,52 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libvpx
+pkgver=1.6.1
+pkgrel=1
+pkgdesc="Library for the vp8 codec"
+url="http://www.webmproject.org/"
+arch="all"
+license="GPL"
+options="!check"
+depends=""
+makedepends="coreutils yasm bash perl which"
+subpackages="$pkgname-dev $pkgname-utils"
+source="https://storage.googleapis.com/downloads.webmproject.org/releases/webm/$pkgname-$pkgver.tar.bz2"
+
+builddir="$srcdir"/$pkgname-$pkgver
+build() {
+	cd "$builddir"
+	# build fix for arm
+	export CROSS=" "
+	bash ./configure \
+		--enable-pic \
+		--enable-libs \
+		--enable-runtime-cpu-detect \
+		--enable-vp8 \
+		--enable-vp9 \
+		--enable-shared \
+		--disable-install-srcs \
+		--enable-postproc
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DIST_DIR="$pkgdir"/usr install
+	chmod 644 "$pkgdir"/usr/include/vpx/*.h \
+		"$pkgdir"/usr/lib/pkgconfig/*
+	chown root:root -R "$pkgdir"
+	chmod 755 "$pkgdir"/usr/lib/*
+}
+
+utils() {
+	pkgdesc="VP8 utilities and tools"
+	install -d "$subpkgdir"/usr
+	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+}
+
+sha512sums="1a4b009fe1737715c6563a79848126a5859394a5074b1e9cca9bc2e213df90890c15e708040d5f2c96c7c21e268f51e1352ac6911514bf891a4bf3eea154159d  libvpx-1.6.1.tar.bz2"
diff --git a/user/libvpx/libm-pc.patch b/user/libvpx/libm-pc.patch
new file mode 100644
index 000000000..87f07a398
--- /dev/null
+++ b/user/libvpx/libm-pc.patch
@@ -0,0 +1,11 @@
+--- ./libs.mk.orig
++++ ./libs.mk
+@@ -241,7 +241,7 @@
+ 	$(qexec)echo 'Version: $(VERSION_MAJOR).$(VERSION_MINOR).$(VERSION_PATCH)' >> $@
+ 	$(qexec)echo 'Requires:' >> $@
+ 	$(qexec)echo 'Conflicts:' >> $@
+-	$(qexec)echo 'Libs: -L$${libdir} -lvpx' >> $@
++	$(qexec)echo 'Libs: -L$${libdir} -lvpx -lm' >> $@
+ 	$(qexec)echo 'Cflags: -I$${includedir}' >> $@
+ INSTALL-LIBS-yes += $(LIBSUBDIR)/pkgconfig/vpx.pc
+ INSTALL_MAPS += $(LIBSUBDIR)/pkgconfig/%.pc %.pc
diff --git a/user/lighttpd/APKBUILD b/user/lighttpd/APKBUILD
new file mode 100644
index 000000000..356bce93e
--- /dev/null
+++ b/user/lighttpd/APKBUILD
@@ -0,0 +1,116 @@
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lighttpd
+pkgver=1.4.48
+pkgrel=0
+pkgdesc="A secure, fast, compliant and very flexible web-server"
+url="http://www.lighttpd.net/"
+arch="all"
+license="custom"
+install="$pkgname.pre-install $pkgname.pre-upgrade"
+pkgusers="lighttpd"
+pkggroups="lighttpd"
+makedepends="flex pcre-dev openssl-dev zlib-dev bzip2-dev lua5.2-dev
+	automake autoconf openldap-dev libxml2-dev sqlite-dev libev-dev
+	gamin-dev attr-dev"
+subpackages="$pkgname-doc $pkgname-dbg $pkgname-mod_auth $pkgname-openrc
+	$pkgname-mod_webdav"
+source="http://download.lighttpd.net/lighttpd/releases-1.4.x/$pkgname-$pkgver.tar.xz
+	$pkgname.initd
+	$pkgname.confd
+	$pkgname.logrotate
+	lighttpd.conf
+	mime-types.conf
+	mod_cgi.conf
+	mod_fastcgi.conf
+	mod_fastcgi_fpm.conf
+	char-signedness.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+	cd "$builddir"
+
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--disable-dependency-tracking \
+		--enable-lfs \
+		--libdir=/usr/lib/lighttpd \
+		--without-mysql \
+		--with-attr \
+		--without-kerberos5 \
+		--with-fam \
+		--with-webdav-props \
+		--with-webdav-locks \
+		--without-gdbm \
+		--with-bzip2 \
+		--with-ldap \
+		--with-openssl \
+		--with-libev \
+		--with-lua
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+
+	make DESTDIR="$pkgdir" install
+
+	# create dirs
+	install -d -m755 -o lighttpd -g lighttpd \
+		"$pkgdir"/var/log/lighttpd/
+	install -d -m755 \
+		"$pkgdir"/etc/lighttpd/ \
+		"$pkgdir"/var/www/localhost/htdocs
+
+	# lighttpd
+	install -D -m755 "$srcdir"/lighttpd.initd \
+		"$pkgdir"/etc/init.d/lighttpd
+	install -D -m644 "$srcdir"/lighttpd.confd \
+		"$pkgdir"/etc/conf.d/lighttpd
+	install -D -m644 "$srcdir"/lighttpd.logrotate \
+		"$pkgdir"/etc/logrotate.d/lighttpd
+
+	# config files
+	local i; for i in lighttpd.conf mime-types.conf mod_cgi.conf \
+		mod_fastcgi.conf mod_fastcgi_fpm.conf
+	do
+		install -m644 "$srcdir"/$i "$pkgdir"/etc/lighttpd/$i
+	done
+}
+
+_mv_mod() {
+	mkdir -p "$subpkgdir"/usr/lib/lighttpd
+	while [ $# -gt 0 ]; do
+		mv "$pkgdir"/usr/lib/lighttpd/$1.so \
+			"$subpkgdir"/usr/lib/lighttpd/
+		shift
+	done
+}
+
+mod_auth() {
+	pkgdesc="Authentication module for lighttpd"
+	_mv_mod mod_auth
+}
+
+mod_webdav() {
+	pkgdesc="WebDAV module for lighttpd"
+	_mv_mod mod_webdav
+}
+
+sha512sums="361dbf07b280aa7345f3026cce6d12d0aeaa3bb535b5a5b2a894a568395f46a9c7ce723dfd1948225117495f3e63ec207b72d5e4b680da7cd56419e23cf8bae4  lighttpd-1.4.48.tar.xz
+f2f3c5c7731550237fd75a8de66275f427eaf897cffff7ac7ef44178328ad8fad6c4ec6654759bfc665cbaf7991ddcdf0aaa916831c8b6aa440192d57b242038  lighttpd.initd
+9d2ab5deb7353ebf290e90936b511941df440859c78589d0bcf130ef69a5e9c79e4d318548b6b118df002083c46f7476230a28954b7a10a9dbd05040e02b1291  lighttpd.confd
+0536b4f21d2e8659f7831b45998c13d9f6051ae7ecde13be01f372f837d255bfc4e211de48a7686cc743d53aa9c08ab3f10ec19788896dcf8356b90053ca7a16  lighttpd.logrotate
+b0fd7500ea7f7f7f9fbf04bb66eb06050cfed57bdc1730900b4c559598176442e4504395f1d406e037e7cffeaa1451d40a6cad408570f7f7e1dd6cc26c968912  lighttpd.conf
+a3f2f5763885d7e4f510491b24164e34aaf62bb02daa12991575dc64335c12668355af5bb8d6ce191eb4e9cce95324b1f7c9ba61b323b4e7b50a1e03e021afcf  mime-types.conf
+27cc638d8068dcf47bd9db44943d1db6c6f4e8e6abd6b42af7cea004b1c093440068541d98c68f8bea70b956713adaf8ed59a4b642dea826ee8620a05f8cfde5  mod_cgi.conf
+1d15b84c03fb648a0e67ab5c5411b85478b4454c44bc2959cc96d1700eeadd7ff429520a5f1550db6527267646622dccd3d47d3fd1258869fccaf5c22d4ad4b2  mod_fastcgi.conf
+f9efc4b70d825600f5356c30e57d0b6cac11c01739337f7192c09c2cfd96cb76c8328b11d818ea4c2addc1a6d253975b84700106ae75854d55d0df73e220bd2b  mod_fastcgi_fpm.conf
+ce35c1d65d7b4fedd1fcfadd8a5e906d5efa8dcda318a4fa69958b708c2df329f708591f43b12adaaac4da6a2913d0cc8f9745e636e7f2016c1075bcd52c6bb2  char-signedness.patch"
diff --git a/user/lighttpd/char-signedness.patch b/user/lighttpd/char-signedness.patch
new file mode 100644
index 000000000..43f7f5faf
--- /dev/null
+++ b/user/lighttpd/char-signedness.patch
@@ -0,0 +1,46 @@
+
+Added by gstrauss 16 days ago
+
+    ID d4083effab0f9bf76528d5c47198b17e7471ed13
+    Parent 0c95ed37
+    Child 37f9b60d
+
+[core] fix base64 decode when char is unsigned (fixes #2848)
+
+thx, codehero
+
+x-ref:
+"buffer_append_base64_decode() broken on compilers where char is assumed unsigned"
+https://redmine.lighttpd.net/issues/2848
+
+diff --git a/src/base64.c b/src/base64.c
+index f39dbaa2..3034181a 100644
+--- a/src/base64.c
++++ b/src/base64.c
+@@ -11,7 +11,7 @@
+
+ /* BASE64_STANDARD: "A-Z a-z 0-9 + /" maps to 0-63, pad with "=" */
+ static const char base64_standard_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+-static const char base64_standard_reverse_table[] = {
++static const signed char base64_standard_reverse_table[] = {
+ /*	 0   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F */
+ 	-1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */
+ 	-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */
+@@ -25,7 +25,7 @@ static const char base64_standard_reverse_table[] = {
+
+ /* BASE64_URL: "A-Z a-z 0-9 - _" maps to 0-63, pad with "." */
+ static const char base64_url_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";
+-static const char base64_url_reverse_table[] = {
++static const signed char base64_url_reverse_table[] = {
+ /*	 0   1   2   3   4   5   6   7   8   9   A   B   C   D   E   F */
+ 	-1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */
+ 	-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */
+@@ -42,7 +42,7 @@ unsigned char* buffer_append_base64_decode(buffer *out, const char* in, size_t i
+ 	size_t out_pos = 0; /* current output character (position) that is decoded. can contain partial result */
+ 	unsigned int group = 0; /* how many base64 digits in the current group were decoded already. each group has up to 4 digits */
+ 	size_t i;
+-	const char *base64_reverse_table;
++	const signed char *base64_reverse_table;
+
+ 	switch (charset) {
+ 	case BASE64_STANDARD:
diff --git a/user/lighttpd/lighttpd.conf b/user/lighttpd/lighttpd.conf
new file mode 100644
index 000000000..cfec00065
--- /dev/null
+++ b/user/lighttpd/lighttpd.conf
@@ -0,0 +1,261 @@
+###################################
+# Default lighttpd.conf for Adélie
+###################################
+
+
+######## Variables ########
+var.basedir  = "/var/www/localhost"
+var.logdir   = "/var/log/lighttpd"
+var.statedir = "/var/lib/lighttpd"
+
+
+######## Modules ########
+# NOTE: the order of modules is important.
+server.modules = (
+#	"mod_rewrite",
+#	"mod_redirect",
+#	"mod_alias",
+	"mod_access",
+#	"mod_cml",
+#	"mod_trigger_b4_dl",
+#	"mod_auth",
+#	"mod_status",
+	"mod_setenv",
+#	"mod_proxy",
+#	"mod_simple_vhost",
+#	"mod_evhost",
+#	"mod_userdir",
+	"mod_compress",
+#	"mod_ssi",
+#	"mod_usertrack",
+	"mod_expire",
+#	"mod_secdownload",
+#	"mod_rrdtool",
+#	"mod_webdav",
+	"mod_accesslog"
+)
+
+
+######## Inclusions ########
+include "mime-types.conf"
+# uncomment for cgi support
+#   include "mod_cgi.conf"
+# uncomment for php/fastcgi support
+#   include "mod_fastcgi.conf"
+# uncomment for php/fastcgi fpm support
+#   include "mod_fastcgi_fpm.conf"
+
+
+######## Global Settings ########
+server.username      = "lighttpd"
+server.groupname     = "lighttpd"
+
+server.document-root = var.basedir + "/htdocs"
+server.pid-file      = "/run/lighttpd.pid"
+
+server.errorlog      = var.logdir  + "/error.log"
+# To log errors to syslog instead, use:
+# server.errorlog-use-syslog = "enable"
+
+server.indexfiles    = ("index.html", "index.htm", "default.htm")
+
+# server.tag           = "lighttpd"
+
+server.follow-symlink = "enable"
+
+server.event-handler = "linux-sysepoll"
+
+# To chroot to a directory:
+# server.chroot      = "/"
+
+# Default bind port is 80.  To change:
+# server.port          = 81
+
+# Default bind address is global (0.0.0.0).  To change:
+# server.bind          = "grisu.home.kneschke.de"
+
+# error-handler for status 404
+# server.error-handler-404 = "/error-handler.html"
+
+# Format: <errorfile-prefix><status-code>.html
+# -> ..../status-404.html for 'File not found'
+# server.errorfile-prefix    = var.basedir + "/error/status-"
+
+# FAM support for caching stat() calls
+server.stat-cache-engine = "fam"
+
+# which extensions should not be handled via static-file transfer
+# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
+static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
+
+
+######## mod_accesslog config ########
+accesslog.filename   = var.logdir + "/access.log"
+
+
+######## mod_dirlisting config ########
+# Enable directory listings if no indexfile is present.
+#dir-listing.activate      = "enable"
+
+# Don't list hidden files/directories (beginning with '.')
+#dir-listing.hide-dotfiles = "enable"
+#
+# Specify a path here for custom directory listing CSS:
+#dir-listing.external-css  = "/path/to/dir-listing.css"
+#
+# Exclude files that match any regex in this list from directory listings:
+#dir-listing.exclude = ("^\.", "~$")
+
+
+######## mod_access config ########
+# See access.txt in lighttpd-doc package for more info.
+
+url.access-deny = ("~", ".inc")
+
+
+######## mod_userdir config ########
+# This will give all users with valid homedirs the chance to publish a
+# webpage from this server using traditional /~username/ paths.
+# See userdir.txt in lighttpd-doc package for more info.
+#
+#userdir.path = "public_html"
+#userdir.exclude-user = ("root")
+
+
+######## mod_ssi config ########
+# This allows you to use server-side includes.
+#ssi.extension = (".shtml")
+
+
+######## SSL config ########
+# See ssl.txt in lighttpd-doc package for more info.
+# The defaults here are NOT the server defaults.  You need to uncomment
+# them to use them.  They are HIGHLY recommended; by default, lighttpd
+# will serve older TLS protocols that may be vulnerable to attack.
+#
+#ssl.engine				= "enable"
+#ssl.honor-cipher-order			= "enable"
+#ssl.disable-client-renegotiation	= "enable"
+# pemfile is cert+privkey, ca-file is the intermediate chain in one file
+#ssl.pemfile				= "/path/to/signed_cert_plus_private_key.pem"
+#ssl.ca-file				= "/path/to/intermediate_certificate.pem"
+# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
+#ssl.ec-curve				= "secp384r1"
+# Environment flag for HTTPS enabled
+#setenv.add-environment = (
+#	"HTTPS" => "on"
+#)
+# Modern configuration, tweak to your needs
+#ssl.use-sslv2				= "disable"
+#ssl.use-sslv3				= "disable"
+#ssl.cipher-list			= "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+# HSTS(15768000 seconds = 6 months)
+#setenv.add-response-header  = (
+#	"Strict-Transport-Security" => "max-age=15768000;"
+#)
+
+
+######## mod_status config ########
+# This is generally handy and won't expose any sensitive info.
+#status.status-url  = "/server-status"
+# This will expose some of your configuration to the world!
+#status.config-url  = "/server-config"
+
+
+######## mod_compress config ########
+compress.cache-dir	= var.statedir + "/cache/compress"
+compress.filetype	= ("text/plain", "text/html")
+
+
+######## mod_proxy config ########
+# See proxy.txt in lighttpd-doc package for more info.
+# proxy.server               = ( ".php" =>
+#                               ( "localhost" =>
+#                                 (
+#                                   "host" => "192.168.0.101",
+#                                   "port" => 80
+#                                 )
+#                               )
+#                             )
+# }}}
+
+
+######## mod_auth config ########
+# See authentication.txt in lighttpd-doc package for more info.
+#auth.backend               = "plain"
+#auth.backend.plain.userfile = "lighttpd.user"
+#auth.backend.plain.groupfile = "lighttpd.group"
+
+#auth.backend.ldap.hostname = "localhost"
+#auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
+#auth.backend.ldap.filter   = "(uid=$)"
+
+#auth.require               = ( "/server-status" =>
+#                               (
+#                                 "method"  => "digest",
+#                                 "realm"   => "download archiv",
+#                                 "require" => "user=jan"
+#                               ),
+#                               "/server-info" =>
+#                               (
+#                                 "method"  => "digest",
+#                                 "realm"   => "download archiv",
+#                                 "require" => "valid-user"
+#                               )
+#                             )
+
+
+######## mod_rewrite config ########
+# Apache-style mod_rewrite for implementing URL rewriting.
+# See rewrite.txt in lighttpd-doc package for more info.
+#
+#url.rewrite = (
+#	"^/$"		=>		"/server-status"
+#)
+
+
+######## mod_redirect config ########
+# See redirect.txt in lighttpd-doc package for more info.
+#
+#url.redirect = (
+#	"^/wishlist/(.+)"		=>		"http://www.123.org/$1"
+#)
+
+
+######## mod_expire config ########
+# It is highly recommended you configure Expire: headers correctly to
+# conserve bandwidth, especially for users on slow links.
+#expire.url = (
+#	"/buggy/"		=>		"access 2 hours",
+#	"/asdhas/"		=>		"access plus 1 seconds 2 minutes"
+#)
+
+# {{{ mod_trigger_b4_dl
+# see trigger_b4_dl.txt
+#
+# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
+# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
+# trigger-before-download.trigger-url = "^/trigger/"
+# trigger-before-download.download-url = "^/download/"
+# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
+# trigger-before-download.trigger-timeout = 10
+# }}}
+
+
+######## mod_webdav config ########
+# lighttpd can act as a WebDAV server.
+# See webdav.txt in lighttpd-doc package for more info.
+#
+#$HTTP["url"] =~ "^/dav($|/)" {
+#	webdav.activate = "enable"
+#	webdav.is-readonly = "enable"
+#}
+
+
+######## Debugging options ########
+# debug.log-request-header   = "enable"
+# debug.log-response-header  = "enable"
+# debug.log-request-handling = "enable"
+# debug.log-file-not-found   = "enable"
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/lighttpd.confd b/user/lighttpd/lighttpd.confd
new file mode 100644
index 000000000..da524afb4
--- /dev/null
+++ b/user/lighttpd/lighttpd.confd
@@ -0,0 +1,12 @@
+# /etc/conf.d/lighttpd
+
+# Location of a shell used by the 'include_shell' directive
+# in the lighttpd's configuration file
+#export SHELL="/bin/bash"
+
+# Location of the lighttpd configuration file
+LIGHTTPD_CONF="/etc/lighttpd/lighttpd.conf"
+
+# Location of the lighttpd pid file
+LIGHTTPD_PID="/run/lighttpd.pid"
+
diff --git a/user/lighttpd/lighttpd.initd b/user/lighttpd/lighttpd.initd
new file mode 100644
index 000000000..614cb2132
--- /dev/null
+++ b/user/lighttpd/lighttpd.initd
@@ -0,0 +1,75 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd,v 1.21 2012/01/08 20:45:46 hwoarang Exp $
+
+extra_started_commands="reload graceful"
+required_files=$LIGHTTPD_CONF
+
+depend() {
+	need net
+	use mysql logger spawn-fcgi ldap slapd netmount dns
+	after firewall
+	after famd
+	after sshd
+}
+
+checkconfig() {
+	if [ ! -f "${LIGHTTPD_CONF}" ] ; then
+		ewarn "${LIGHTTPD_CONF} does not exist."
+		return 1
+	fi
+
+	if [ -z "${LIGHTTPD_PID}" ] ; then
+		ewarn "server.pid-file variable in ${LIGHTTPD_CONF}"
+		ewarn "is not set. Falling back to lighttpd.pid"
+		LIGHTTPD_PID="/run/lighttpd.pid"
+	fi
+	/usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null
+}
+
+start() {
+	checkconfig || return 1
+	checkpath -d -q -m 0750 -o lighttpd:lighttpd /run/lighttpd/
+
+	ebegin "Starting lighttpd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \
+		--pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}"
+	eend $?
+}
+
+stop() {
+	local rv=0
+	ebegin "Stopping lighttpd"
+	start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}"
+	eend $?
+}
+
+reload() {
+	if ! service_started "${SVCNAME}" ; then
+		eerror "${SVCNAME} isn't running"
+		return 1
+	fi
+	checkconfig || return 1
+
+	ebegin "Re-opening lighttpd log files"
+	start-stop-daemon --quiet --pidfile "${LIGHTTPD_PID}" \
+		--signal HUP
+	eend $?
+}
+
+graceful() {
+	if ! service_started "${SVCNAME}" ; then
+		eerror "${SVCNAME} isn't running"
+		return 1
+	fi
+	checkconfig || return 1
+
+	ebegin "Gracefully stopping lighttpd"
+	start-stop-daemon --quiet --pidfile "${LIGHTTPD_PID}" \
+		--signal INT
+	if eend $? ; then
+		rm -f "${LIGHTTPD_PID}"
+		start
+	fi
+}
diff --git a/user/lighttpd/lighttpd.logrotate b/user/lighttpd/lighttpd.logrotate
new file mode 100644
index 000000000..8fbb20fb0
--- /dev/null
+++ b/user/lighttpd/lighttpd.logrotate
@@ -0,0 +1,15 @@
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.logrotate,v 1.2 2006/05/30 19:49:29 bangert Exp $
+# lighttpd logrotate script for Gentoo
+
+/var/log/lighttpd/*.log {
+        daily
+        missingok
+		copytruncate
+        rotate 7
+        compress
+        notifempty
+        sharedscripts
+        postrotate
+		/etc/init.d/lighttpd --quiet --ifstarted reload
+        endscript
+}
diff --git a/user/lighttpd/lighttpd.pre-install b/user/lighttpd/lighttpd.pre-install
new file mode 100644
index 000000000..81ccda1f9
--- /dev/null
+++ b/user/lighttpd/lighttpd.pre-install
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+addgroup -S lighttpd 2>/dev/null
+adduser -S -D -H -h /var/www/localhost/htdocs -s /sbin/nologin -G lighttpd -g lighttpd lighttpd 2>/dev/null
+addgroup lighttpd www-data 2>/dev/null
+
+exit 0
diff --git a/user/lighttpd/lighttpd.pre-upgrade b/user/lighttpd/lighttpd.pre-upgrade
new file mode 120000
index 000000000..18a7fef66
--- /dev/null
+++ b/user/lighttpd/lighttpd.pre-upgrade
@@ -0,0 +1 @@
+lighttpd.pre-install
\ No newline at end of file
diff --git a/user/lighttpd/mime-types.conf b/user/lighttpd/mime-types.conf
new file mode 100644
index 000000000..f24d4d858
--- /dev/null
+++ b/user/lighttpd/mime-types.conf
@@ -0,0 +1,79 @@
+###############################################################################
+# Default mime-types.conf for Gentoo.
+# include'd from lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.4 2010/03/14 21:45:18 bangert Exp $
+###############################################################################
+
+# {{{ mime types
+mimetype.assign             = (
+  ".svg"          =>      "image/svg+xml",
+  ".svgz"         =>      "image/svg+xml",
+  ".pdf"          =>      "application/pdf",
+  ".sig"          =>      "application/pgp-signature",
+  ".spl"          =>      "application/futuresplash",
+  ".class"        =>      "application/octet-stream",
+  ".ps"           =>      "application/postscript",
+  ".torrent"      =>      "application/x-bittorrent",
+  ".dvi"          =>      "application/x-dvi",
+  ".gz"           =>      "application/x-gzip",
+  ".pac"          =>      "application/x-ns-proxy-autoconfig",
+  ".swf"          =>      "application/x-shockwave-flash",
+  ".tar.gz"       =>      "application/x-tgz",
+  ".tgz"          =>      "application/x-tgz",
+  ".tar"          =>      "application/x-tar",
+  ".zip"          =>      "application/zip",
+  ".dmg"          =>      "application/x-apple-diskimage",
+  ".mp3"          =>      "audio/mpeg",
+  ".m3u"          =>      "audio/x-mpegurl",
+  ".wma"          =>      "audio/x-ms-wma",
+  ".wax"          =>      "audio/x-ms-wax",
+  ".ogg"          =>      "application/ogg",
+  ".wav"          =>      "audio/x-wav",
+  ".gif"          =>      "image/gif",
+  ".jpg"          =>      "image/jpeg",
+  ".jpeg"         =>      "image/jpeg",
+  ".png"          =>      "image/png",
+  ".xbm"          =>      "image/x-xbitmap",
+  ".xpm"          =>      "image/x-xpixmap",
+  ".xwd"          =>      "image/x-xwindowdump",
+  ".css"          =>      "text/css",
+  ".html"         =>      "text/html",
+  ".htm"          =>      "text/html",
+  ".js"           =>      "text/javascript",
+  ".asc"          =>      "text/plain",
+  ".c"            =>      "text/plain",
+  ".h"            =>      "text/plain",
+  ".cc"           =>      "text/plain",
+  ".cpp"          =>      "text/plain",
+  ".hh"           =>      "text/plain",
+  ".hpp"          =>      "text/plain",
+  ".conf"         =>      "text/plain",
+  ".log"          =>      "text/plain",
+  ".text"         =>      "text/plain",
+  ".txt"          =>      "text/plain",
+  ".diff"         =>      "text/plain",
+  ".patch"        =>      "text/plain",
+  ".ebuild"       =>      "text/plain",
+  ".eclass"       =>      "text/plain",
+  ".rtf"          =>      "application/rtf",
+  ".bmp"          =>      "image/bmp",
+  ".tif"          =>      "image/tiff",
+  ".tiff"         =>      "image/tiff",
+  ".ico"          =>      "image/x-icon",
+  ".dtd"          =>      "text/xml",
+  ".xml"          =>      "text/xml",
+  ".mpeg"         =>      "video/mpeg",
+  ".mpg"          =>      "video/mpeg",
+  ".mov"          =>      "video/quicktime",
+  ".qt"           =>      "video/quicktime",
+  ".avi"          =>      "video/x-msvideo",
+  ".asf"          =>      "video/x-ms-asf",
+  ".asx"          =>      "video/x-ms-asf",
+  ".wmv"          =>      "video/x-ms-wmv",
+  ".bz2"          =>      "application/x-bzip",
+  ".tbz"          =>      "application/x-bzip-compressed-tar",
+  ".tar.bz2"      =>      "application/x-bzip-compressed-tar"
+ )
+# }}}
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/mod_cgi.conf b/user/lighttpd/mod_cgi.conf
new file mode 100644
index 000000000..1cb3770f9
--- /dev/null
+++ b/user/lighttpd/mod_cgi.conf
@@ -0,0 +1,33 @@
+###############################################################################
+# mod_cgi.conf
+# include'd by lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $
+###############################################################################
+
+#
+# see cgi.txt for more information on using mod_cgi
+#
+
+server.modules += ("mod_cgi")
+
+# NOTE: this requires mod_alias
+alias.url = (
+     "/cgi-bin/"	    =>	    var.basedir + "/cgi-bin/"
+)
+
+#
+# Note that you'll also want to enable the
+# cgi-bin alias via mod_alias (above).
+#
+
+$HTTP["url"] =~ "^/cgi-bin/" {
+    # disable directory listings
+    dir-listing.activate = "disable"
+    # only allow cgi's in this directory
+    cgi.assign = (
+		".pl"	=>	"/usr/bin/perl",
+		".cgi"	=>	"/usr/bin/perl"
+	)
+}
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/mod_fastcgi.conf b/user/lighttpd/mod_fastcgi.conf
new file mode 100644
index 000000000..549b84c2e
--- /dev/null
+++ b/user/lighttpd/mod_fastcgi.conf
@@ -0,0 +1,17 @@
+###############################################################################
+# mod_fastcgi.conf
+# include'd by lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $
+###############################################################################
+
+server.modules += ("mod_fastcgi")
+fastcgi.server = ( ".php" =>
+		            ( "localhost" =>
+			            (
+				            "socket"		=>		"/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket",
+				            "bin-path"	=>		"/usr/bin/php-cgi"
+			            )
+		            )
+	            )
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/mod_fastcgi_fpm.conf b/user/lighttpd/mod_fastcgi_fpm.conf
new file mode 100644
index 000000000..926137a43
--- /dev/null
+++ b/user/lighttpd/mod_fastcgi_fpm.conf
@@ -0,0 +1,16 @@
+###############################################################################
+# mod_fastcgi_fpm.conf
+# include'd by lighttpd.conf.
+###############################################################################
+
+server.modules += ("mod_fastcgi")
+fastcgi.server = ( ".php" =>
+		            ( "localhost" =>
+			            (
+				            "host" => "127.0.0.1",
+				            "port" => "9000"
+			            )
+		            )
+	            )
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lm_sensors/APKBUILD b/user/lm_sensors/APKBUILD
new file mode 100644
index 000000000..694adb868
--- /dev/null
+++ b/user/lm_sensors/APKBUILD
@@ -0,0 +1,85 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lm_sensors
+pkgver=3.4.0
+pkgrel=5
+pkgdesc="Collection of user space tools for general SMBus access and hardware monitoring."
+url="http://www.lm-sensors.org/"
+arch="all"
+license="GPL"
+options="!check"  # No test suite.
+depends="bash sysfsutils"
+makedepends="perl rrdtool-dev bison flex which"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-detect $pkgname-sensord
+	$pkgname-sensord-openrc:sensord_openrc"
+#install=sensors.install
+
+# 2015-11-11 (bpiotrowski): upstream website is down, Fedora mirrored the file
+#source="http://dl.lm-sensors.org/lm-sensors/releases/$pkgname-$pkgver.tar.bz2
+source="http://pkgs.fedoraproject.org/repo/pkgs/lm_sensors/lm_sensors-3.4.0.tar.bz2/c03675ae9d43d60322110c679416901a/lm_sensors-3.4.0.tar.bz2
+	sensors-detect-alpine.patch
+	musl-fix-includes.patch
+	fancontrol.initd
+	sensord.confd
+	sensord.initd
+	"
+
+prepare() {
+	cd "$builddir"
+	sed -i -e 's:^# \(PROG_EXTRA\):\1:' Makefile
+	# Respect LDFLAGS
+	sed -i -e 's/\$(LIBDIR)$/\$(LIBDIR) \$(LDFLAGS)/g' Makefile
+	sed -i -e 's/\$(LIBSHSONAME) -o/$(LIBSHSONAME) \$(LDFLAGS) -o/g' \
+		lib/Module.mk
+
+	# do not check for libiconv in ldconfig cache
+	sed -i -e 's/^LIBICONV.*/LIBICONV ?=/' prog/sensors/Module.mk
+
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+	export CFLAGS="$CFLAGS -fno-stack-protector"
+	make PREFIX=/usr user
+}
+
+package() {
+	cd "$builddir"
+	make PROG_EXTRA:=sensord user_install \
+		PREFIX=/usr \
+		MANDIR=/usr/share/man \
+		DESTDIR="$pkgdir"
+
+	cd "$srcdir"
+	install -Dm755 fancontrol.initd "$pkgdir"/etc/init.d/fancontrol
+}
+
+detect() {
+	depends="perl"
+	pkgdesc="Detection/migration scripts for lm_sensors"
+	mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin
+	cd "$pkgdir"
+	mv usr/bin/sensors-conf-convert "$subpkgdir"/usr/bin/
+	mv usr/sbin/sensors-detect "$subpkgdir"/usr/bin/
+}
+
+sensord() {
+	pkgdesc="sensord daemon"
+	cd "$builddir"
+	mkdir -p "$subpkgdir"/usr/sbin
+	mv "$pkgdir"/usr/sbin/sensord "$subpkgdir"/usr/sbin/sensord
+}
+
+sensord_openrc() {
+	pkgdesc="sensord daemon (OpenRC init scripts)"
+	install_if="sensord=$pkgver-r$pkgrel openrc"
+	install -Dm755 "$srcdir"/sensord.initd "$subpkgdir"/etc/init.d/sensord
+	install -Dm755 "$srcdir"/sensord.confd "$subpkgdir"/etc/conf.d/sensord
+}
+
+sha512sums="993064bd14b855c1ae8c057e89313df5b3d5efe441fb2e8c3e508f42bb15658564df2563fac8fabbdb0d650dfdbc694037736c748d45cb9d85dfb8fb5a3d1ea9  lm_sensors-3.4.0.tar.bz2
+794cf2aaa2a9e809c6b67f4c888a89064bba3e5b9333a9f0101a92372c25012e506fa48e86523f57cf30e5c2a808bc38058fd8640c870ea6b48faab44794cfbb  sensors-detect-alpine.patch
+333751cb580c94f2d32ef5520d2f2acc0ef7e1cd4a6390ea75cae4c755fbdfcade1805c979ba3319905f1267bdc120a6746e6f70d89e0c72a8c2faefd34a9e79  musl-fix-includes.patch
+04756c3844033dc7897e1348181140a43f8470c1bb863f1524b21bbe6be2f13fbf17ac3a68270c96a70d8c148124fea569d1ef75619bbe383e15ec705ea18b21  fancontrol.initd
+a77d81ab7ded085ba19e4c637e93268f889ccb8ce9e008a210ae135cb6e2140be07e5d455cf7fcc1084fd57cfbfb3f2bb37207123aebe9566f78b5183806fd7d  sensord.confd
+9a19874c158e82ab076ed5fb96a40d4bfb4957bfd5a2ce66aa207c06e577bc1b048336c0046a9f856f6d00dc10e68a0dc9726f6e726a8f7bfd50c4043ee1e26a  sensord.initd"
diff --git a/user/lm_sensors/fancontrol.initd b/user/lm_sensors/fancontrol.initd
new file mode 100644
index 000000000..cb29a9ee9
--- /dev/null
+++ b/user/lm_sensors/fancontrol.initd
@@ -0,0 +1,33 @@
+#!/sbin/openrc-run
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/fancontrol-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $
+
+CONFIG=/etc/fancontrol
+PID=/var/run/fancontrol.pid
+
+depend() {
+	after lm_sensors
+}
+
+checkconfig() {
+	if [ ! -f ${CONFIG} ]; then
+		eerror "Configuration file ${CONFIG} not found"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting fancontrol"
+	start-stop-daemon --start --quiet --background --pidfile ${PID} \
+		--exec /usr/sbin/fancontrol -- ${CONFIG}
+	eend ${?}
+}
+
+stop() {
+	ebegin "Stopping fancontrol"
+	start-stop-daemon --stop --pidfile ${PID}
+	eend ${?}
+}
diff --git a/user/lm_sensors/musl-fix-includes.patch b/user/lm_sensors/musl-fix-includes.patch
new file mode 100644
index 000000000..501f2dd76
--- /dev/null
+++ b/user/lm_sensors/musl-fix-includes.patch
@@ -0,0 +1,62 @@
+--- lm_sensors-3.3.4.orig/prog/dump/isadump.c
++++ lm_sensors-3.3.4/prog/dump/isadump.c
+@@ -36,13 +36,7 @@
+ #include "util.h"
+ #include "superio.h"
+ 
+-
+-/* To keep glibc2 happy */
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+ 
+ #ifdef __powerpc__
+ unsigned long isa_io_base = 0; /* XXX for now */
+--- lm_sensors-3.3.4.orig/prog/dump/isaset.c
++++ lm_sensors-3.3.4/prog/dump/isaset.c
+@@ -32,13 +32,7 @@
+ #include <string.h>
+ #include "util.h"
+ 
+-
+-/* To keep glibc2 happy */
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+ 
+ #ifdef __powerpc__
+ unsigned long isa_io_base = 0; /* XXX for now */
+--- lm_sensors-3.3.4.orig/prog/dump/superio.c
++++ lm_sensors-3.3.4/prog/dump/superio.c
+@@ -20,12 +20,7 @@
+ */
+ 
+ #include <stdlib.h>
+-
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+ 
+ #include "superio.h"
+ 
+--- lm_sensors-3.3.4.orig/prog/dump/util.c
++++ lm_sensors-3.3.4/prog/dump/util.c
+@@ -11,12 +11,7 @@
+ #include <stdio.h>
+ #include "util.h"
+ 
+-/* To keep glibc2 happy */
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+ 
+ /* Return 1 if we should continue, 0 if we should abort */
+ int user_ack(int def)
diff --git a/user/lm_sensors/sensord.confd b/user/lm_sensors/sensord.confd
new file mode 100644
index 000000000..d82841aeb
--- /dev/null
+++ b/user/lm_sensors/sensord.confd
@@ -0,0 +1,3 @@
+# Extra options to pass to the sensord daemon,
+# see sensord(8) for more information
+SENSORD_OPTIONS=""
diff --git a/user/lm_sensors/sensord.initd b/user/lm_sensors/sensord.initd
new file mode 100644
index 000000000..c100b1aa1
--- /dev/null
+++ b/user/lm_sensors/sensord.initd
@@ -0,0 +1,33 @@
+#!/sbin/openrc-run
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/sensord-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $
+
+CONFIG=/etc/sensors3.conf
+
+depend() {
+	need logger
+	use lm_sensors
+}
+
+checkconfig() {
+	if [ ! -f ${CONFIG} ]; then
+		eerror "Configuration file ${CONFIG} not found"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting sensord"
+	start-stop-daemon --start --exec /usr/sbin/sensord \
+		-- --config-file ${CONFIG} ${SENSORD_OPTIONS}
+	eend ${?}
+}
+
+stop() {
+	ebegin "Stopping sensord"
+	start-stop-daemon --stop --pidfile /var/run/sensord.pid
+	eend ${?}
+}
diff --git a/user/lm_sensors/sensors-detect-alpine.patch b/user/lm_sensors/sensors-detect-alpine.patch
new file mode 100644
index 000000000..319fcec06
--- /dev/null
+++ b/user/lm_sensors/sensors-detect-alpine.patch
@@ -0,0 +1,47 @@
+diff --git a/prog/detect/sensors-detect b/prog/detect/sensors-detect
+index 08721f0..6e83e97 100755
+--- a/prog/detect/sensors-detect
++++ b/prog/detect/sensors-detect
+@@ -7059,31 +7059,20 @@ sub write_config
+ 		}
+ 	}
+ 
+-	my $have_sysconfig = -d '/etc/sysconfig';
+-	printf "Do you want to \%s /etc/sysconfig/lm_sensors? (\%s): ",
+-	       (-e '/etc/sysconfig/lm_sensors' ? 'overwrite' : 'generate'),
+-	       ($have_sysconfig ? 'YES/no' : 'yes/NO');
++	my $config = '/etc/modules-load.d/lm_sensors.conf';
++	my $have_config = -f $config;
++	printf "Do you want to \%s \%s? (\%s): ",
++	       (-e $config ? 'overwrite' : 'generate'),
++	       $config,
++	       ($have_config ? 'YES/no' : 'yes/NO');
+ 	$_ = read_answer();
+-	if (($have_sysconfig and not m/^\s*n/i) or m/^\s*y/i) {
+-		unless ($have_sysconfig) {
+-			mkdir('/etc/sysconfig', 0777)
+-				or die "Sorry, can't create /etc/sysconfig ($!)";
+-		}
+-		open(local *SYSCONFIG, ">/etc/sysconfig/lm_sensors")
+-			or die "Sorry, can't create /etc/sysconfig/lm_sensors ($!)";
++	if (($have_config and not m/^\s*n/i) or m/^\s*y/i) {
++		open(local *SYSCONFIG, ">$config")
++			or die "Sorry, can't create $config ($!)";
+ 		print SYSCONFIG "# Generated by sensors-detect on " . scalar localtime() . "\n";
+-		print SYSCONFIG <<'EOT';
+-# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
+-# be loaded/unloaded.
+-#
+-# The format of this file is a shell script that simply defines variables:
+-# HWMON_MODULES for hardware monitoring driver modules, and optionally
+-# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
+-
+-EOT
+-		print SYSCONFIG "BUS_MODULES=\"", join(" ", @{$bus_modules}), "\"\n"
++		print SYSCONFIG join("\n", @{$bus_modules}), "\n"
+ 			if @{$bus_modules};
+-		print SYSCONFIG "HWMON_MODULES=\"", join(" ", @{$hwmon_modules}), "\"\n";
++		print SYSCONFIG join("\n", @{$hwmon_modules}), "\n";
+ 		close(SYSCONFIG);
+ 
+ 		if (-x "/bin/systemctl" && -d "/lib/systemd/system" &&
diff --git a/user/lm_sensors/sensors.install b/user/lm_sensors/sensors.install
new file mode 100644
index 000000000..d593f8414
--- /dev/null
+++ b/user/lm_sensors/sensors.install
@@ -0,0 +1,12 @@
+post_install() {
+	echo ">>> to control the lm_sensors daemon type"
+	echo ">>> \"/etc/rc.d/sensors start|stop|restart\" "
+	echo ">>> --------------------------------------"
+	echo ">>> before you can use the fancontrol daemon"
+	echo ">>> first create a fancontrol config file, use \"pwmconfig\""
+	echo ">>> then type \"/etc/rc.d/fancontrol start|stop|restart\" "
+	echo ">>> --------------------------------------"
+	echo ">>> to decode memory SPD timings modprobe eeprom module"
+	echo ">>> and get this perl script from"
+	echo ">>> \"http://www.lm-sensors.org/browser/lm-sensors/trunk/prog/eeprom/decode-dimms.pl\""
+}
diff --git a/user/ltrace/APKBUILD b/user/ltrace/APKBUILD
new file mode 100644
index 000000000..bd07768bf
--- /dev/null
+++ b/user/ltrace/APKBUILD
@@ -0,0 +1,44 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ltrace
+pkgver=0.7.3
+pkgrel=2
+pkgdesc="Tracks runtime library calls in dynamically linked programs"
+url="http://ltrace.alioth.debian.org/"
+arch="all"
+options="!check"  # Test suite has glibc stuff hardcoded.
+license="GPL-2.0+"
+makedepends="linux-headers libelf-dev autoconf automake"
+subpackages="$pkgname-doc"
+# you find latest release here, but need a login:
+# https://alioth.debian.org/frs/?group_id=30892
+source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.bz2
+	musl.patch
+	aarch64.patch
+	add_ppc64le.patch"
+
+builddir="$srcdir/$pkgname-$pkgver"
+prepare() {
+	default_prepare
+	aclocal && autoconf && automake --add-missing --force
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--disable-werror
+	make
+}
+
+package() {
+	cd "$builddir"
+	make install INSTALL=install DESTDIR="$pkgdir"
+}
+
+sha512sums="a842b16dcb81da869afa0bddc755fdff0d57b35672505bf2c7164fd983b1938d28b126714128930994cc1230ced69d779456d0cfc16f4008c9b6d19f0852285d  ltrace-0.7.3.tar.bz2
+c53e05471c52e161a7f7389994c6467e8f3671c5d8478546bc1897f067c62aeab848d728295f339a241a3fc186e180d47bcc2872a6335877c3813b1b62834698  musl.patch
+e6682f8c9e1e049286b6462bbab03cbdcf31c1770f649be997393cbd9b3b2ce8ada93766474e16bb604624ffe3e3d46d467bfbedecac2af31b904bb4e763d43a  aarch64.patch
+987c6d18bdb559e8fe739f09cfb0b567dafcf79b2bd5db7ca32ebb205f3b1d74a8008576e4d73ea90873c1ab9bed17d96ddb7ad8752bf0a160ea0638c955eb1f  add_ppc64le.patch"
diff --git a/user/ltrace/aarch-part2.patch b/user/ltrace/aarch-part2.patch
new file mode 100644
index 000000000..c40d0a797
--- /dev/null
+++ b/user/ltrace/aarch-part2.patch
@@ -0,0 +1,1982 @@
+From ae7249250ea650ec82bc545d4281b852020c7a6f Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Fri, 24 Jan 2014 00:50:06 +0100
+Subject: [PATCH 1/1] Implement aarch64 support
+
+- IFUNC support is not implemented, the rest works well.  The only
+  other failure is in wide char functions, and that occurs on x86_64
+  as well.
+---
+ configure.ac                           |    3 +-
+ sysdeps/linux-gnu/Makefile.am          |    4 +-
+ sysdeps/linux-gnu/aarch64/Makefile.am  |   25 +
+ sysdeps/linux-gnu/aarch64/arch.h       |   37 ++
+ sysdeps/linux-gnu/aarch64/fetch.c      |  365 +++++++++++
+ sysdeps/linux-gnu/aarch64/plt.c        |   38 ++
+ sysdeps/linux-gnu/aarch64/ptrace.h     |   22 +
+ sysdeps/linux-gnu/aarch64/regs.c       |  130 ++++
+ sysdeps/linux-gnu/aarch64/signalent.h  |   52 ++
+ sysdeps/linux-gnu/aarch64/syscallent.h | 1100 ++++++++++++++++++++++++++++++++
+ sysdeps/linux-gnu/aarch64/trace.c      |   83 +++
+ 11 files changed, 1857 insertions(+), 2 deletions(-)
+ create mode 100644 sysdeps/linux-gnu/aarch64/Makefile.am
+ create mode 100644 sysdeps/linux-gnu/aarch64/arch.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/fetch.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/plt.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/ptrace.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/regs.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/signalent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/syscallent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/trace.c
+
+diff --git a/configure.ac b/configure.ac
+index c6e6bf0..0e9a124 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1,6 +1,6 @@
+ # -*- Autoconf -*-
+ # This file is part of ltrace.
+-# Copyright (C) 2010,2013 Petr Machata, Red Hat Inc.
++# Copyright (C) 2010,2012,2013,2014 Petr Machata, Red Hat Inc.
+ # Copyright (C) 2010,2011 Joe Damato
+ # Copyright (C) 2010 Marc Kleine-Budde
+ # Copyright (C) 2010 Zachary T Welch
+@@ -399,6 +399,7 @@ AC_CONFIG_FILES([
+ 	Makefile
+ 	sysdeps/Makefile
+ 	sysdeps/linux-gnu/Makefile
++	sysdeps/linux-gnu/aarch64/Makefile
+ 	sysdeps/linux-gnu/alpha/Makefile
+ 	sysdeps/linux-gnu/arm/Makefile
+ 	sysdeps/linux-gnu/cris/Makefile
+diff --git a/sysdeps/linux-gnu/Makefile.am b/sysdeps/linux-gnu/Makefile.am
+index ecee577..ec26162 100644
+--- a/sysdeps/linux-gnu/Makefile.am
++++ b/sysdeps/linux-gnu/Makefile.am
+@@ -1,4 +1,5 @@
+ # This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
+ # Copyright (C) 2010,2012 Marc Kleine-Budde, Pengutronix
+ #
+ # This program is free software; you can redistribute it and/or
+@@ -16,7 +17,8 @@
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ # 02110-1301 USA
+ 
+-DIST_SUBDIRS = alpha arm cris ia64 m68k mips ppc s390 sparc x86
++DIST_SUBDIRS = aarch64 alpha arm cris ia64 m68k mips ppc s390	\
++	       sparc x86
+ 
+ SUBDIRS = \
+ 	$(HOST_CPU)
+diff --git a/sysdeps/linux-gnu/aarch64/Makefile.am b/sysdeps/linux-gnu/aarch64/Makefile.am
+new file mode 100644
+index 0000000..0af4e6e
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/Makefile.am
+@@ -0,0 +1,25 @@
++# This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of the
++# License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++# General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++# 02110-1301 USA
++
++noinst_LTLIBRARIES = ../libcpu.la
++
++___libcpu_la_SOURCES = fetch.c plt.c regs.c trace.c
++
++noinst_HEADERS = arch.h ptrace.h signalent.h syscallent.h
++
++MAINTAINERCLEANFILES = Makefile.in
+diff --git a/sysdeps/linux-gnu/aarch64/arch.h b/sysdeps/linux-gnu/aarch64/arch.h
+new file mode 100644
+index 0000000..4137613
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/arch.h
+@@ -0,0 +1,37 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++#ifndef LTRACE_AARCH64_ARCH_H
++#define LTRACE_AARCH64_ARCH_H
++
++/* | 31                 21 | 20       5 | 4       0 | *
++ * | 1 1 0 1 0 1 0 0 0 0 1 |    imm16   | 0 0 0 0 0 | */
++#define BREAKPOINT_VALUE { 0xd4, 0x20, 0, 0 }
++#define BREAKPOINT_LENGTH 4
++#define DECR_PC_AFTER_BREAK 0
++
++#define LT_ELFCLASS	ELFCLASS64
++#define LT_ELF_MACHINE	EM_AARCH64
++
++#define ARCH_HAVE_FETCH_ARG
++#define ARCH_ENDIAN_BIG
++#define ARCH_HAVE_SIZEOF
++#define ARCH_HAVE_ALIGNOF
++
++#endif /* LTRACE_AARCH64_ARCH_H */
+diff --git a/sysdeps/linux-gnu/aarch64/fetch.c b/sysdeps/linux-gnu/aarch64/fetch.c
+new file mode 100644
+index 0000000..8779f03
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/fetch.c
+@@ -0,0 +1,365 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include "fetch.h"
++#include "proc.h"
++#include "type.h"
++#include "value.h"
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++int aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs);
++
++
++struct fetch_context
++{
++	struct user_pt_regs gregs;
++	struct user_fpsimd_state fpregs;
++	arch_addr_t nsaa;
++	unsigned ngrn;
++	unsigned nsrn;
++	arch_addr_t x8;
++};
++
++static int
++context_init(struct fetch_context *context, struct Process *proc)
++{
++	if (aarch64_read_gregs(proc, &context->gregs) < 0
++	    || aarch64_read_fregs(proc, &context->fpregs) < 0)
++		return -1;
++
++	context->ngrn = 0;
++	context->nsrn = 0;
++	/* XXX double cast */
++	context->nsaa = (arch_addr_t) (uintptr_t) context->gregs.sp;
++	context->x8 = 0;
++
++	return 0;
++}
++
++struct fetch_context *
++arch_fetch_arg_clone(struct Process *proc, struct fetch_context *context)
++{
++	struct fetch_context *ret = malloc(sizeof(*ret));
++	if (ret == NULL)
++		return NULL;
++	return memcpy(ret, context, sizeof(*ret));
++}
++
++static void
++fetch_next_gpr(struct fetch_context *context, unsigned char *buf)
++{
++	uint64_t u = context->gregs.regs[context->ngrn++];
++	memcpy(buf, &u, 8);
++}
++
++static int
++fetch_gpr(struct fetch_context *context, struct value *value, size_t sz)
++{
++	if (sz < 8)
++		sz = 8;
++
++	unsigned char *buf = value_reserve(value, sz);
++	if (buf == NULL)
++		return -1;
++
++	size_t i;
++	for (i = 0; i < sz; i += 8)
++		fetch_next_gpr(context, buf + i);
++
++	return 0;
++}
++
++static void
++fetch_next_sse(struct fetch_context *context, unsigned char *buf, size_t sz)
++{
++	__int128 u = context->fpregs.vregs[context->nsrn++];
++	memcpy(buf, &u, sz);
++}
++
++static int
++fetch_sse(struct fetch_context *context, struct value *value, size_t sz)
++{
++	unsigned char *buf = value_reserve(value, sz);
++	if (buf == NULL)
++		return -1;
++
++	fetch_next_sse(context, buf, sz);
++	return 0;
++}
++
++static int
++fetch_hfa(struct fetch_context *context,
++	  struct value *value, struct arg_type_info *hfa_t, size_t count)
++{
++	size_t sz = type_sizeof(value->inferior, hfa_t);
++	unsigned char *buf = value_reserve(value, sz * count);
++	if (buf == NULL)
++		return -1;
++
++	size_t i;
++	for (i = 0; i < count; ++i) {
++		fetch_next_sse(context, buf, sz);
++		buf += sz;
++	}
++	return 0;
++}
++
++static int
++fetch_stack(struct fetch_context *context, struct value *value,
++	    size_t align, size_t sz)
++{
++	if (align < 8)
++		align = 8;
++	size_t amount = ((sz + align - 1) / align) * align;
++
++	/* XXX double casts */
++	uintptr_t sp = (uintptr_t) context->nsaa;
++	sp = ((sp + align - 1) / align) * align;
++
++	value_in_inferior(value, (arch_addr_t) sp);
++
++	sp += amount;
++	context->nsaa = (arch_addr_t) sp;
++
++	return 0;
++}
++
++enum convert_method {
++	CVT_ERR = -1,
++	CVT_NOP = 0,
++	CVT_BYREF,
++};
++
++enum fetch_method {
++	FETCH_NOP,
++	FETCH_STACK,
++	FETCH_GPR,
++	FETCH_SSE,
++	FETCH_HFA,
++};
++
++struct fetch_script {
++	enum convert_method c;
++	enum fetch_method f;
++	size_t sz;
++	struct arg_type_info *hfa_t;
++	size_t count;
++};
++
++static struct fetch_script
++pass_arg(struct fetch_context const *context,
++	 struct Process *proc, struct arg_type_info *info)
++{
++	enum fetch_method cvt = CVT_NOP;
++
++	size_t sz = type_sizeof(proc, info);
++	if (sz == (size_t) -1)
++		return (struct fetch_script) { CVT_ERR, FETCH_NOP, sz };
++
++	switch (info->type) {
++	case ARGTYPE_VOID:
++		return (struct fetch_script) { cvt, FETCH_NOP, sz };
++
++	case ARGTYPE_STRUCT:
++	case ARGTYPE_ARRAY:;
++		size_t count;
++		struct arg_type_info *hfa_t = type_get_hfa_type(info, &count);
++		if (hfa_t != NULL && count <= 4) {
++			if (context->nsrn + count <= 8)
++				return (struct fetch_script)
++					{ cvt, FETCH_HFA, sz, hfa_t, count };
++			return (struct fetch_script)
++				{ cvt, FETCH_STACK, sz, hfa_t, count };
++		}
++
++		if (sz <= 16) {
++			size_t count = sz / 8;
++			if (context->ngrn + count <= 8)
++				return (struct fetch_script)
++					{ cvt, FETCH_GPR, sz };
++		}
++
++		cvt = CVT_BYREF;
++		sz = 8;
++		/* Fall through.  */
++
++	case ARGTYPE_POINTER:
++	case ARGTYPE_INT:
++	case ARGTYPE_UINT:
++	case ARGTYPE_LONG:
++	case ARGTYPE_ULONG:
++	case ARGTYPE_CHAR:
++	case ARGTYPE_SHORT:
++	case ARGTYPE_USHORT:
++		if (context->ngrn < 8 && sz <= 8)
++			return (struct fetch_script) { cvt, FETCH_GPR, sz };
++		/* We don't support types wider than 8 bytes as of
++		 * now.  */
++		assert(sz <= 8);
++
++		return (struct fetch_script) { cvt, FETCH_STACK, sz };
++
++	case ARGTYPE_FLOAT:
++	case ARGTYPE_DOUBLE:
++		if (context->nsrn < 8) {
++			/* ltrace doesn't support float128.  */
++			assert(sz <= 8);
++			return (struct fetch_script) { cvt, FETCH_SSE, sz };
++		}
++
++		return (struct fetch_script) { cvt, FETCH_STACK, sz };
++	}
++
++	assert(! "Failed to allocate argument.");
++	abort();
++}
++
++static int
++convert_arg(struct value *value, struct fetch_script how)
++{
++	switch (how.c) {
++	case CVT_NOP:
++		return 0;
++	case CVT_BYREF:
++		return value_pass_by_reference(value);
++	case CVT_ERR:
++		return -1;
++	}
++
++	assert(! "Don't know how to convert argument.");
++	abort();
++}
++
++static int
++fetch_arg(struct fetch_context *context,
++	  struct Process *proc, struct arg_type_info *info,
++	  struct value *value, struct fetch_script how)
++{
++	if (convert_arg(value, how) < 0)
++		return -1;
++
++	switch (how.f) {
++	case FETCH_NOP:
++		return 0;
++
++	case FETCH_STACK:
++		if (how.hfa_t != NULL && how.count != 0 && how.count <= 8)
++			context->nsrn = 8;
++		return fetch_stack(context, value,
++				   type_alignof(proc, info), how.sz);
++
++	case FETCH_GPR:
++		return fetch_gpr(context, value, how.sz);
++
++	case FETCH_SSE:
++		return fetch_sse(context, value, how.sz);
++
++	case FETCH_HFA:
++		return fetch_hfa(context, value, how.hfa_t, how.count);
++	}
++
++	assert(! "Don't know how to fetch argument.");
++	abort();
++}
++
++struct fetch_context *
++arch_fetch_arg_init(enum tof type, struct Process *proc,
++		    struct arg_type_info *ret_info)
++{
++	struct fetch_context *context = malloc(sizeof *context);
++	if (context == NULL || context_init(context, proc) < 0) {
++	fail:
++		free(context);
++		return NULL;
++	}
++
++	/* There's a provision in ARMv8 parameter passing convention
++	 * for returning types that, if passed as first argument to a
++	 * function, would be passed on stack.  For those types, x8
++	 * contains an address where the return argument should be
++	 * placed.  The callee doesn't need to preserve the value of
++	 * x8, so we need to fetch it now.
++	 *
++	 * To my knowledge, there are currently no types where this
++	 * holds, but the code is here, utterly untested.  */
++
++	struct fetch_script how = pass_arg(context, proc, ret_info);
++	if (how.c == CVT_ERR)
++		goto fail;
++	if (how.c == CVT_NOP && how.f == FETCH_STACK) {
++		/* XXX double cast.  */
++		context->x8 = (arch_addr_t) (uintptr_t) context->gregs.regs[8];
++		/* See the comment above about the assert.  */
++		assert(! "Unexpected: first argument passed on stack.");
++		abort();
++	}
++
++	return context;
++}
++
++int
++arch_fetch_arg_next(struct fetch_context *context, enum tof type,
++		    struct Process *proc, struct arg_type_info *info,
++		    struct value *value)
++{
++	return fetch_arg(context, proc, info, value,
++			 pass_arg(context, proc, info));
++}
++
++int
++arch_fetch_retval(struct fetch_context *context, enum tof type,
++		  struct Process *proc, struct arg_type_info *info,
++		  struct value *value)
++{
++	if (context->x8 != 0) {
++		value_in_inferior(value, context->x8);
++		return 0;
++	}
++
++	if (context_init(context, proc) < 0)
++		return -1;
++
++	return fetch_arg(context, proc, info, value,
++			 pass_arg(context, proc, info));
++}
++
++void
++arch_fetch_arg_done(struct fetch_context *context)
++{
++	if (context != NULL)
++		free(context);
++}
++
++size_t
++arch_type_sizeof(struct Process *proc, struct arg_type_info *arg)
++{
++	return (size_t) -2;
++}
++
++size_t
++arch_type_alignof(struct Process *proc, struct arg_type_info *arg)
++{
++	return (size_t) -2;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/plt.c b/sysdeps/linux-gnu/aarch64/plt.c
+new file mode 100644
+index 0000000..29dc4c9
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/plt.c
+@@ -0,0 +1,38 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <gelf.h>
++
++#include "backend.h"
++#include "proc.h"
++#include "library.h"
++#include "ltrace-elf.h"
++
++arch_addr_t
++sym2addr(struct Process *proc, struct library_symbol *sym)
++{
++	return sym->enter_addr;
++}
++
++GElf_Addr
++arch_plt_sym_val(struct ltelf *lte, size_t ndx, GElf_Rela *rela)
++{
++	return lte->plt_addr + 32 + ndx * 16;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/ptrace.h b/sysdeps/linux-gnu/aarch64/ptrace.h
+new file mode 100644
+index 0000000..283c314
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/ptrace.h
+@@ -0,0 +1,22 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
+diff --git a/sysdeps/linux-gnu/aarch64/regs.c b/sysdeps/linux-gnu/aarch64/regs.c
+new file mode 100644
+index 0000000..06eb72b
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/regs.c
+@@ -0,0 +1,131 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <linux/uio.h>
++#include <assert.h>
++#include <stdlib.h>
++#include <stdio.h>
++
++#include "backend.h"
++#include "proc.h"
++
++#define PC_OFF (32 * 4)
++
++int
++aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++	*regs = (struct user_pt_regs) {};
++	struct iovec iovec;
++	iovec.iov_base = regs;
++	iovec.iov_len = sizeof *regs;
++	return ptrace(PTRACE_GETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++		? -1 : 0;
++}
++
++int
++aarch64_write_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++	struct iovec iovec;
++	iovec.iov_base = regs;
++	iovec.iov_len = sizeof *regs;
++	return ptrace(PTRACE_SETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++		? -1 : 0;
++}
++
++int
++aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs)
++{
++	*regs = (struct user_fpsimd_state) {};
++	struct iovec iovec;
++	iovec.iov_base = regs;
++	iovec.iov_len = sizeof *regs;
++	return ptrace(PTRACE_GETREGSET, proc->pid, NT_FPREGSET, &iovec) < 0
++		? -1 : 0;
++}
++
++arch_addr_t
++get_instruction_pointer(struct Process *proc)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_instruction_pointer: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return 0;
++	}
++
++	/* 
++	char buf[128];
++	sprintf(buf, "cat /proc/%d/maps", proc->pid);
++	system(buf);
++	*/
++
++	/* XXX double cast */
++	return (arch_addr_t) (uintptr_t) regs.pc;
++}
++
++void
++set_instruction_pointer(struct Process *proc, arch_addr_t addr)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_instruction_pointer: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return;
++	}
++
++	/* XXX double cast */
++	regs.pc = (uint64_t) (uintptr_t) addr;
++
++	if (aarch64_write_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_instruction_pointer: "
++			"Couldn't write registers of %d.\n", proc->pid);
++		return;
++	}
++}
++
++arch_addr_t
++get_stack_pointer(struct Process *proc)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_stack_pointer: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return 0;
++	}
++
++	/* XXX double cast */
++	return (arch_addr_t) (uintptr_t) regs.sp;
++}
++
++arch_addr_t
++get_return_addr(struct Process *proc, arch_addr_t stack_pointer)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_return_addr: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return 0;
++	}
++
++	/* XXX double cast */
++	return (arch_addr_t) (uintptr_t) regs.regs[30];
++}
+diff --git a/sysdeps/linux-gnu/aarch64/signalent.h b/sysdeps/linux-gnu/aarch64/signalent.h
+new file mode 100644
+index 0000000..bf56ebc
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/signalent.h
+@@ -0,0 +1,52 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2006 Ian Wienand
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++	"SIG_0",			/* 0 */
++	"SIGHUP",			/* 1 */
++	"SIGINT",			/* 2 */
++	"SIGQUIT",			/* 3 */
++	"SIGILL",			/* 4 */
++	"SIGTRAP",			/* 5 */
++	"SIGABRT",			/* 6 */
++	"SIGBUS",			/* 7 */
++	"SIGFPE",			/* 8 */
++	"SIGKILL",			/* 9 */
++	"SIGUSR1",			/* 10 */
++	"SIGSEGV",			/* 11 */
++	"SIGUSR2",			/* 12 */
++	"SIGPIPE",			/* 13 */
++	"SIGALRM",			/* 14 */
++	"SIGTERM",			/* 15 */
++	"SIGSTKFLT",			/* 16 */
++	"SIGCHLD",			/* 17 */
++	"SIGCONT",			/* 18 */
++	"SIGSTOP",			/* 19 */
++	"SIGTSTP",			/* 20 */
++	"SIGTTIN",			/* 21 */
++	"SIGTTOU",			/* 22 */
++	"SIGURG",			/* 23 */
++	"SIGXCPU",			/* 24 */
++	"SIGXFSZ",			/* 25 */
++	"SIGVTALRM",			/* 26 */
++	"SIGPROF",			/* 27 */
++	"SIGWINCH",			/* 28 */
++	"SIGIO",			/* 29 */
++	"SIGPWR",			/* 30 */
++	"SIGSYS",			/* 31 */
+diff --git a/sysdeps/linux-gnu/aarch64/syscallent.h b/sysdeps/linux-gnu/aarch64/syscallent.h
+new file mode 100644
+index 0000000..aca8191
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/syscallent.h
+@@ -0,0 +1,1100 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++	"io_setup",                        /* 0 */
++	"io_destroy",                      /* 1 */
++	"io_submit",                       /* 2 */
++	"io_cancel",                       /* 3 */
++	"io_getevents",                    /* 4 */
++	"setxattr",                        /* 5 */
++	"lsetxattr",                       /* 6 */
++	"fsetxattr",                       /* 7 */
++	"getxattr",                        /* 8 */
++	"lgetxattr",                       /* 9 */
++	"fgetxattr",                       /* 10 */
++	"listxattr",                       /* 11 */
++	"llistxattr",                      /* 12 */
++	"flistxattr",                      /* 13 */
++	"removexattr",                     /* 14 */
++	"lremovexattr",                    /* 15 */
++	"fremovexattr",                    /* 16 */
++	"getcwd",                          /* 17 */
++	"lookup_dcookie",                  /* 18 */
++	"eventfd2",                        /* 19 */
++	"epoll_create1",                   /* 20 */
++	"epoll_ctl",                       /* 21 */
++	"epoll_pwait",                     /* 22 */
++	"dup",                             /* 23 */
++	"dup3",                            /* 24 */
++	"fcntl",                           /* 25 */
++	"inotify_init1",                   /* 26 */
++	"inotify_add_watch",               /* 27 */
++	"inotify_rm_watch",                /* 28 */
++	"ioctl",                           /* 29 */
++	"ioprio_set",                      /* 30 */
++	"ioprio_get",                      /* 31 */
++	"flock",                           /* 32 */
++	"mknodat",                         /* 33 */
++	"mkdirat",                         /* 34 */
++	"unlinkat",                        /* 35 */
++	"symlinkat",                       /* 36 */
++	"linkat",                          /* 37 */
++	"renameat",                        /* 38 */
++	"umount2",                         /* 39 */
++	"mount",                           /* 40 */
++	"pivot_root",                      /* 41 */
++	"nfsservctl",                      /* 42 */
++	"statfs",                          /* 43 */
++	"fstatfs",                         /* 44 */
++	"truncate",                        /* 45 */
++	"ftruncate",                       /* 46 */
++	"fallocate",                       /* 47 */
++	"faccessat",                       /* 48 */
++	"chdir",                           /* 49 */
++	"fchdir",                          /* 50 */
++	"chroot",                          /* 51 */
++	"fchmod",                          /* 52 */
++	"fchmodat",                        /* 53 */
++	"fchownat",                        /* 54 */
++	"fchown",                          /* 55 */
++	"openat",                          /* 56 */
++	"close",                           /* 57 */
++	"vhangup",                         /* 58 */
++	"pipe2",                           /* 59 */
++	"quotactl",                        /* 60 */
++	"getdents64",                      /* 61 */
++	"lseek",                           /* 62 */
++	"read",                            /* 63 */
++	"write",                           /* 64 */
++	"readv",                           /* 65 */
++	"writev",                          /* 66 */
++	"pread64",                         /* 67 */
++	"pwrite64",                        /* 68 */
++	"preadv",                          /* 69 */
++	"pwritev",                         /* 70 */
++	"sendfile",                        /* 71 */
++	"pselect6",                        /* 72 */
++	"ppoll",                           /* 73 */
++	"signalfd4",                       /* 74 */
++	"vmsplice",                        /* 75 */
++	"splice",                          /* 76 */
++	"tee",                             /* 77 */
++	"readlinkat",                      /* 78 */
++	"fstatat",                         /* 79 */
++	"fstat",                           /* 80 */
++	"sync",                            /* 81 */
++	"fsync",                           /* 82 */
++	"fdatasync",                       /* 83 */
++	"sync_file_range",                 /* 84 */
++	"timerfd_create",                  /* 85 */
++	"timerfd_settime",                 /* 86 */
++	"timerfd_gettime",                 /* 87 */
++	"utimensat",                       /* 88 */
++	"acct",                            /* 89 */
++	"capget",                          /* 90 */
++	"capset",                          /* 91 */
++	"personality",                     /* 92 */
++	"exit",                            /* 93 */
++	"exit_group",                      /* 94 */
++	"waitid",                          /* 95 */
++	"set_tid_address",                 /* 96 */
++	"unshare",                         /* 97 */
++	"futex",                           /* 98 */
++	"set_robust_list",                 /* 99 */
++	"get_robust_list",                 /* 100 */
++	"nanosleep",                       /* 101 */
++	"getitimer",                       /* 102 */
++	"setitimer",                       /* 103 */
++	"kexec_load",                      /* 104 */
++	"init_module",                     /* 105 */
++	"delete_module",                   /* 106 */
++	"timer_create",                    /* 107 */
++	"timer_gettime",                   /* 108 */
++	"timer_getoverrun",                /* 109 */
++	"timer_settime",                   /* 110 */
++	"timer_delete",                    /* 111 */
++	"clock_settime",                   /* 112 */
++	"clock_gettime",                   /* 113 */
++	"clock_getres",                    /* 114 */
++	"clock_nanosleep",                 /* 115 */
++	"syslog",                          /* 116 */
++	"ptrace",                          /* 117 */
++	"sched_setparam",                  /* 118 */
++	"sched_setscheduler",              /* 119 */
++	"sched_getscheduler",              /* 120 */
++	"sched_getparam",                  /* 121 */
++	"sched_setaffinity",               /* 122 */
++	"sched_getaffinity",               /* 123 */
++	"sched_yield",                     /* 124 */
++	"sched_get_priority_max",          /* 125 */
++	"sched_get_priority_min",          /* 126 */
++	"sched_rr_get_interval",           /* 127 */
++	"restart_syscall",                 /* 128 */
++	"kill",                            /* 129 */
++	"tkill",                           /* 130 */
++	"tgkill",                          /* 131 */
++	"sigaltstack",                     /* 132 */
++	"rt_sigsuspend",                   /* 133 */
++	"rt_sigaction",                    /* 134 */
++	"rt_sigprocmask",                  /* 135 */
++	"rt_sigpending",                   /* 136 */
++	"rt_sigtimedwait",                 /* 137 */
++	"rt_sigqueueinfo",                 /* 138 */
++	"rt_sigreturn",                    /* 139 */
++	"setpriority",                     /* 140 */
++	"getpriority",                     /* 141 */
++	"reboot",                          /* 142 */
++	"setregid",                        /* 143 */
++	"setgid",                          /* 144 */
++	"setreuid",                        /* 145 */
++	"setuid",                          /* 146 */
++	"setresuid",                       /* 147 */
++	"getresuid",                       /* 148 */
++	"setresgid",                       /* 149 */
++	"getresgid",                       /* 150 */
++	"setfsuid",                        /* 151 */
++	"setfsgid",                        /* 152 */
++	"times",                           /* 153 */
++	"setpgid",                         /* 154 */
++	"getpgid",                         /* 155 */
++	"getsid",                          /* 156 */
++	"setsid",                          /* 157 */
++	"getgroups",                       /* 158 */
++	"setgroups",                       /* 159 */
++	"uname",                           /* 160 */
++	"sethostname",                     /* 161 */
++	"setdomainname",                   /* 162 */
++	"getrlimit",                       /* 163 */
++	"setrlimit",                       /* 164 */
++	"getrusage",                       /* 165 */
++	"umask",                           /* 166 */
++	"prctl",                           /* 167 */
++	"getcpu",                          /* 168 */
++	"gettimeofday",                    /* 169 */
++	"settimeofday",                    /* 170 */
++	"adjtimex",                        /* 171 */
++	"getpid",                          /* 172 */
++	"getppid",                         /* 173 */
++	"getuid",                          /* 174 */
++	"geteuid",                         /* 175 */
++	"getgid",                          /* 176 */
++	"getegid",                         /* 177 */
++	"gettid",                          /* 178 */
++	"sysinfo",                         /* 179 */
++	"mq_open",                         /* 180 */
++	"mq_unlink",                       /* 181 */
++	"mq_timedsend",                    /* 182 */
++	"mq_timedreceive",                 /* 183 */
++	"mq_notify",                       /* 184 */
++	"mq_getsetattr",                   /* 185 */
++	"msgget",                          /* 186 */
++	"msgctl",                          /* 187 */
++	"msgrcv",                          /* 188 */
++	"msgsnd",                          /* 189 */
++	"semget",                          /* 190 */
++	"semctl",                          /* 191 */
++	"semtimedop",                      /* 192 */
++	"semop",                           /* 193 */
++	"shmget",                          /* 194 */
++	"shmctl",                          /* 195 */
++	"shmat",                           /* 196 */
++	"shmdt",                           /* 197 */
++	"socket",                          /* 198 */
++	"socketpair",                      /* 199 */
++	"bind",                            /* 200 */
++	"listen",                          /* 201 */
++	"accept",                          /* 202 */
++	"connect",                         /* 203 */
++	"getsockname",                     /* 204 */
++	"getpeername",                     /* 205 */
++	"sendto",                          /* 206 */
++	"recvfrom",                        /* 207 */
++	"setsockopt",                      /* 208 */
++	"getsockopt",                      /* 209 */
++	"shutdown",                        /* 210 */
++	"sendmsg",                         /* 211 */
++	"recvmsg",                         /* 212 */
++	"readahead",                       /* 213 */
++	"brk",                             /* 214 */
++	"munmap",                          /* 215 */
++	"mremap",                          /* 216 */
++	"add_key",                         /* 217 */
++	"request_key",                     /* 218 */
++	"keyctl",                          /* 219 */
++	"clone",                           /* 220 */
++	"execve",                          /* 221 */
++	"mmap",                            /* 222 */
++	"fadvise64",                       /* 223 */
++	"swapon",                          /* 224 */
++	"swapoff",                         /* 225 */
++	"mprotect",                        /* 226 */
++	"msync",                           /* 227 */
++	"mlock",                           /* 228 */
++	"munlock",                         /* 229 */
++	"mlockall",                        /* 230 */
++	"munlockall",                      /* 231 */
++	"mincore",                         /* 232 */
++	"madvise",                         /* 233 */
++	"remap_file_pages",                /* 234 */
++	"mbind",                           /* 235 */
++	"get_mempolicy",                   /* 236 */
++	"set_mempolicy",                   /* 237 */
++	"migrate_pages",                   /* 238 */
++	"move_pages",                      /* 239 */
++	"rt_tgsigqueueinfo",               /* 240 */
++	"perf_event_open",                 /* 241 */
++	"accept4",                         /* 242 */
++	"recvmmsg",                        /* 243 */
++	"arch_specific_syscall",           /* 244 */
++	"245",                             /* 245 */
++	"246",                             /* 246 */
++	"247",                             /* 247 */
++	"248",                             /* 248 */
++	"249",                             /* 249 */
++	"250",                             /* 250 */
++	"251",                             /* 251 */
++	"252",                             /* 252 */
++	"253",                             /* 253 */
++	"254",                             /* 254 */
++	"255",                             /* 255 */
++	"256",                             /* 256 */
++	"257",                             /* 257 */
++	"258",                             /* 258 */
++	"259",                             /* 259 */
++	"wait4",                           /* 260 */
++	"prlimit64",                       /* 261 */
++	"fanotify_init",                   /* 262 */
++	"fanotify_mark",                   /* 263 */
++	"name_to_handle_at",               /* 264 */
++	"open_by_handle_at",               /* 265 */
++	"clock_adjtime",                   /* 266 */
++	"syncfs",                          /* 267 */
++	"setns",                           /* 268 */
++	"sendmmsg",                        /* 269 */
++	"process_vm_readv",                /* 270 */
++	"process_vm_writev",               /* 271 */
++	"kcmp",                            /* 272 */
++	"finit_module",                    /* 273 */
++	"syscalls",                        /* 274 */
++	"275",                             /* 275 */
++	"276",                             /* 276 */
++	"277",                             /* 277 */
++	"278",                             /* 278 */
++	"279",                             /* 279 */
++	"280",                             /* 280 */
++	"281",                             /* 281 */
++	"282",                             /* 282 */
++	"283",                             /* 283 */
++	"284",                             /* 284 */
++	"285",                             /* 285 */
++	"286",                             /* 286 */
++	"287",                             /* 287 */
++	"288",                             /* 288 */
++	"289",                             /* 289 */
++	"290",                             /* 290 */
++	"291",                             /* 291 */
++	"292",                             /* 292 */
++	"293",                             /* 293 */
++	"294",                             /* 294 */
++	"295",                             /* 295 */
++	"296",                             /* 296 */
++	"297",                             /* 297 */
++	"298",                             /* 298 */
++	"299",                             /* 299 */
++	"300",                             /* 300 */
++	"301",                             /* 301 */
++	"302",                             /* 302 */
++	"303",                             /* 303 */
++	"304",                             /* 304 */
++	"305",                             /* 305 */
++	"306",                             /* 306 */
++	"307",                             /* 307 */
++	"308",                             /* 308 */
++	"309",                             /* 309 */
++	"310",                             /* 310 */
++	"311",                             /* 311 */
++	"312",                             /* 312 */
++	"313",                             /* 313 */
++	"314",                             /* 314 */
++	"315",                             /* 315 */
++	"316",                             /* 316 */
++	"317",                             /* 317 */
++	"318",                             /* 318 */
++	"319",                             /* 319 */
++	"320",                             /* 320 */
++	"321",                             /* 321 */
++	"322",                             /* 322 */
++	"323",                             /* 323 */
++	"324",                             /* 324 */
++	"325",                             /* 325 */
++	"326",                             /* 326 */
++	"327",                             /* 327 */
++	"328",                             /* 328 */
++	"329",                             /* 329 */
++	"330",                             /* 330 */
++	"331",                             /* 331 */
++	"332",                             /* 332 */
++	"333",                             /* 333 */
++	"334",                             /* 334 */
++	"335",                             /* 335 */
++	"336",                             /* 336 */
++	"337",                             /* 337 */
++	"338",                             /* 338 */
++	"339",                             /* 339 */
++	"340",                             /* 340 */
++	"341",                             /* 341 */
++	"342",                             /* 342 */
++	"343",                             /* 343 */
++	"344",                             /* 344 */
++	"345",                             /* 345 */
++	"346",                             /* 346 */
++	"347",                             /* 347 */
++	"348",                             /* 348 */
++	"349",                             /* 349 */
++	"350",                             /* 350 */
++	"351",                             /* 351 */
++	"352",                             /* 352 */
++	"353",                             /* 353 */
++	"354",                             /* 354 */
++	"355",                             /* 355 */
++	"356",                             /* 356 */
++	"357",                             /* 357 */
++	"358",                             /* 358 */
++	"359",                             /* 359 */
++	"360",                             /* 360 */
++	"361",                             /* 361 */
++	"362",                             /* 362 */
++	"363",                             /* 363 */
++	"364",                             /* 364 */
++	"365",                             /* 365 */
++	"366",                             /* 366 */
++	"367",                             /* 367 */
++	"368",                             /* 368 */
++	"369",                             /* 369 */
++	"370",                             /* 370 */
++	"371",                             /* 371 */
++	"372",                             /* 372 */
++	"373",                             /* 373 */
++	"374",                             /* 374 */
++	"375",                             /* 375 */
++	"376",                             /* 376 */
++	"377",                             /* 377 */
++	"378",                             /* 378 */
++	"379",                             /* 379 */
++	"380",                             /* 380 */
++	"381",                             /* 381 */
++	"382",                             /* 382 */
++	"383",                             /* 383 */
++	"384",                             /* 384 */
++	"385",                             /* 385 */
++	"386",                             /* 386 */
++	"387",                             /* 387 */
++	"388",                             /* 388 */
++	"389",                             /* 389 */
++	"390",                             /* 390 */
++	"391",                             /* 391 */
++	"392",                             /* 392 */
++	"393",                             /* 393 */
++	"394",                             /* 394 */
++	"395",                             /* 395 */
++	"396",                             /* 396 */
++	"397",                             /* 397 */
++	"398",                             /* 398 */
++	"399",                             /* 399 */
++	"400",                             /* 400 */
++	"401",                             /* 401 */
++	"402",                             /* 402 */
++	"403",                             /* 403 */
++	"404",                             /* 404 */
++	"405",                             /* 405 */
++	"406",                             /* 406 */
++	"407",                             /* 407 */
++	"408",                             /* 408 */
++	"409",                             /* 409 */
++	"410",                             /* 410 */
++	"411",                             /* 411 */
++	"412",                             /* 412 */
++	"413",                             /* 413 */
++	"414",                             /* 414 */
++	"415",                             /* 415 */
++	"416",                             /* 416 */
++	"417",                             /* 417 */
++	"418",                             /* 418 */
++	"419",                             /* 419 */
++	"420",                             /* 420 */
++	"421",                             /* 421 */
++	"422",                             /* 422 */
++	"423",                             /* 423 */
++	"424",                             /* 424 */
++	"425",                             /* 425 */
++	"426",                             /* 426 */
++	"427",                             /* 427 */
++	"428",                             /* 428 */
++	"429",                             /* 429 */
++	"430",                             /* 430 */
++	"431",                             /* 431 */
++	"432",                             /* 432 */
++	"433",                             /* 433 */
++	"434",                             /* 434 */
++	"435",                             /* 435 */
++	"436",                             /* 436 */
++	"437",                             /* 437 */
++	"438",                             /* 438 */
++	"439",                             /* 439 */
++	"440",                             /* 440 */
++	"441",                             /* 441 */
++	"442",                             /* 442 */
++	"443",                             /* 443 */
++	"444",                             /* 444 */
++	"445",                             /* 445 */
++	"446",                             /* 446 */
++	"447",                             /* 447 */
++	"448",                             /* 448 */
++	"449",                             /* 449 */
++	"450",                             /* 450 */
++	"451",                             /* 451 */
++	"452",                             /* 452 */
++	"453",                             /* 453 */
++	"454",                             /* 454 */
++	"455",                             /* 455 */
++	"456",                             /* 456 */
++	"457",                             /* 457 */
++	"458",                             /* 458 */
++	"459",                             /* 459 */
++	"460",                             /* 460 */
++	"461",                             /* 461 */
++	"462",                             /* 462 */
++	"463",                             /* 463 */
++	"464",                             /* 464 */
++	"465",                             /* 465 */
++	"466",                             /* 466 */
++	"467",                             /* 467 */
++	"468",                             /* 468 */
++	"469",                             /* 469 */
++	"470",                             /* 470 */
++	"471",                             /* 471 */
++	"472",                             /* 472 */
++	"473",                             /* 473 */
++	"474",                             /* 474 */
++	"475",                             /* 475 */
++	"476",                             /* 476 */
++	"477",                             /* 477 */
++	"478",                             /* 478 */
++	"479",                             /* 479 */
++	"480",                             /* 480 */
++	"481",                             /* 481 */
++	"482",                             /* 482 */
++	"483",                             /* 483 */
++	"484",                             /* 484 */
++	"485",                             /* 485 */
++	"486",                             /* 486 */
++	"487",                             /* 487 */
++	"488",                             /* 488 */
++	"489",                             /* 489 */
++	"490",                             /* 490 */
++	"491",                             /* 491 */
++	"492",                             /* 492 */
++	"493",                             /* 493 */
++	"494",                             /* 494 */
++	"495",                             /* 495 */
++	"496",                             /* 496 */
++	"497",                             /* 497 */
++	"498",                             /* 498 */
++	"499",                             /* 499 */
++	"500",                             /* 500 */
++	"501",                             /* 501 */
++	"502",                             /* 502 */
++	"503",                             /* 503 */
++	"504",                             /* 504 */
++	"505",                             /* 505 */
++	"506",                             /* 506 */
++	"507",                             /* 507 */
++	"508",                             /* 508 */
++	"509",                             /* 509 */
++	"510",                             /* 510 */
++	"511",                             /* 511 */
++	"512",                             /* 512 */
++	"513",                             /* 513 */
++	"514",                             /* 514 */
++	"515",                             /* 515 */
++	"516",                             /* 516 */
++	"517",                             /* 517 */
++	"518",                             /* 518 */
++	"519",                             /* 519 */
++	"520",                             /* 520 */
++	"521",                             /* 521 */
++	"522",                             /* 522 */
++	"523",                             /* 523 */
++	"524",                             /* 524 */
++	"525",                             /* 525 */
++	"526",                             /* 526 */
++	"527",                             /* 527 */
++	"528",                             /* 528 */
++	"529",                             /* 529 */
++	"530",                             /* 530 */
++	"531",                             /* 531 */
++	"532",                             /* 532 */
++	"533",                             /* 533 */
++	"534",                             /* 534 */
++	"535",                             /* 535 */
++	"536",                             /* 536 */
++	"537",                             /* 537 */
++	"538",                             /* 538 */
++	"539",                             /* 539 */
++	"540",                             /* 540 */
++	"541",                             /* 541 */
++	"542",                             /* 542 */
++	"543",                             /* 543 */
++	"544",                             /* 544 */
++	"545",                             /* 545 */
++	"546",                             /* 546 */
++	"547",                             /* 547 */
++	"548",                             /* 548 */
++	"549",                             /* 549 */
++	"550",                             /* 550 */
++	"551",                             /* 551 */
++	"552",                             /* 552 */
++	"553",                             /* 553 */
++	"554",                             /* 554 */
++	"555",                             /* 555 */
++	"556",                             /* 556 */
++	"557",                             /* 557 */
++	"558",                             /* 558 */
++	"559",                             /* 559 */
++	"560",                             /* 560 */
++	"561",                             /* 561 */
++	"562",                             /* 562 */
++	"563",                             /* 563 */
++	"564",                             /* 564 */
++	"565",                             /* 565 */
++	"566",                             /* 566 */
++	"567",                             /* 567 */
++	"568",                             /* 568 */
++	"569",                             /* 569 */
++	"570",                             /* 570 */
++	"571",                             /* 571 */
++	"572",                             /* 572 */
++	"573",                             /* 573 */
++	"574",                             /* 574 */
++	"575",                             /* 575 */
++	"576",                             /* 576 */
++	"577",                             /* 577 */
++	"578",                             /* 578 */
++	"579",                             /* 579 */
++	"580",                             /* 580 */
++	"581",                             /* 581 */
++	"582",                             /* 582 */
++	"583",                             /* 583 */
++	"584",                             /* 584 */
++	"585",                             /* 585 */
++	"586",                             /* 586 */
++	"587",                             /* 587 */
++	"588",                             /* 588 */
++	"589",                             /* 589 */
++	"590",                             /* 590 */
++	"591",                             /* 591 */
++	"592",                             /* 592 */
++	"593",                             /* 593 */
++	"594",                             /* 594 */
++	"595",                             /* 595 */
++	"596",                             /* 596 */
++	"597",                             /* 597 */
++	"598",                             /* 598 */
++	"599",                             /* 599 */
++	"600",                             /* 600 */
++	"601",                             /* 601 */
++	"602",                             /* 602 */
++	"603",                             /* 603 */
++	"604",                             /* 604 */
++	"605",                             /* 605 */
++	"606",                             /* 606 */
++	"607",                             /* 607 */
++	"608",                             /* 608 */
++	"609",                             /* 609 */
++	"610",                             /* 610 */
++	"611",                             /* 611 */
++	"612",                             /* 612 */
++	"613",                             /* 613 */
++	"614",                             /* 614 */
++	"615",                             /* 615 */
++	"616",                             /* 616 */
++	"617",                             /* 617 */
++	"618",                             /* 618 */
++	"619",                             /* 619 */
++	"620",                             /* 620 */
++	"621",                             /* 621 */
++	"622",                             /* 622 */
++	"623",                             /* 623 */
++	"624",                             /* 624 */
++	"625",                             /* 625 */
++	"626",                             /* 626 */
++	"627",                             /* 627 */
++	"628",                             /* 628 */
++	"629",                             /* 629 */
++	"630",                             /* 630 */
++	"631",                             /* 631 */
++	"632",                             /* 632 */
++	"633",                             /* 633 */
++	"634",                             /* 634 */
++	"635",                             /* 635 */
++	"636",                             /* 636 */
++	"637",                             /* 637 */
++	"638",                             /* 638 */
++	"639",                             /* 639 */
++	"640",                             /* 640 */
++	"641",                             /* 641 */
++	"642",                             /* 642 */
++	"643",                             /* 643 */
++	"644",                             /* 644 */
++	"645",                             /* 645 */
++	"646",                             /* 646 */
++	"647",                             /* 647 */
++	"648",                             /* 648 */
++	"649",                             /* 649 */
++	"650",                             /* 650 */
++	"651",                             /* 651 */
++	"652",                             /* 652 */
++	"653",                             /* 653 */
++	"654",                             /* 654 */
++	"655",                             /* 655 */
++	"656",                             /* 656 */
++	"657",                             /* 657 */
++	"658",                             /* 658 */
++	"659",                             /* 659 */
++	"660",                             /* 660 */
++	"661",                             /* 661 */
++	"662",                             /* 662 */
++	"663",                             /* 663 */
++	"664",                             /* 664 */
++	"665",                             /* 665 */
++	"666",                             /* 666 */
++	"667",                             /* 667 */
++	"668",                             /* 668 */
++	"669",                             /* 669 */
++	"670",                             /* 670 */
++	"671",                             /* 671 */
++	"672",                             /* 672 */
++	"673",                             /* 673 */
++	"674",                             /* 674 */
++	"675",                             /* 675 */
++	"676",                             /* 676 */
++	"677",                             /* 677 */
++	"678",                             /* 678 */
++	"679",                             /* 679 */
++	"680",                             /* 680 */
++	"681",                             /* 681 */
++	"682",                             /* 682 */
++	"683",                             /* 683 */
++	"684",                             /* 684 */
++	"685",                             /* 685 */
++	"686",                             /* 686 */
++	"687",                             /* 687 */
++	"688",                             /* 688 */
++	"689",                             /* 689 */
++	"690",                             /* 690 */
++	"691",                             /* 691 */
++	"692",                             /* 692 */
++	"693",                             /* 693 */
++	"694",                             /* 694 */
++	"695",                             /* 695 */
++	"696",                             /* 696 */
++	"697",                             /* 697 */
++	"698",                             /* 698 */
++	"699",                             /* 699 */
++	"700",                             /* 700 */
++	"701",                             /* 701 */
++	"702",                             /* 702 */
++	"703",                             /* 703 */
++	"704",                             /* 704 */
++	"705",                             /* 705 */
++	"706",                             /* 706 */
++	"707",                             /* 707 */
++	"708",                             /* 708 */
++	"709",                             /* 709 */
++	"710",                             /* 710 */
++	"711",                             /* 711 */
++	"712",                             /* 712 */
++	"713",                             /* 713 */
++	"714",                             /* 714 */
++	"715",                             /* 715 */
++	"716",                             /* 716 */
++	"717",                             /* 717 */
++	"718",                             /* 718 */
++	"719",                             /* 719 */
++	"720",                             /* 720 */
++	"721",                             /* 721 */
++	"722",                             /* 722 */
++	"723",                             /* 723 */
++	"724",                             /* 724 */
++	"725",                             /* 725 */
++	"726",                             /* 726 */
++	"727",                             /* 727 */
++	"728",                             /* 728 */
++	"729",                             /* 729 */
++	"730",                             /* 730 */
++	"731",                             /* 731 */
++	"732",                             /* 732 */
++	"733",                             /* 733 */
++	"734",                             /* 734 */
++	"735",                             /* 735 */
++	"736",                             /* 736 */
++	"737",                             /* 737 */
++	"738",                             /* 738 */
++	"739",                             /* 739 */
++	"740",                             /* 740 */
++	"741",                             /* 741 */
++	"742",                             /* 742 */
++	"743",                             /* 743 */
++	"744",                             /* 744 */
++	"745",                             /* 745 */
++	"746",                             /* 746 */
++	"747",                             /* 747 */
++	"748",                             /* 748 */
++	"749",                             /* 749 */
++	"750",                             /* 750 */
++	"751",                             /* 751 */
++	"752",                             /* 752 */
++	"753",                             /* 753 */
++	"754",                             /* 754 */
++	"755",                             /* 755 */
++	"756",                             /* 756 */
++	"757",                             /* 757 */
++	"758",                             /* 758 */
++	"759",                             /* 759 */
++	"760",                             /* 760 */
++	"761",                             /* 761 */
++	"762",                             /* 762 */
++	"763",                             /* 763 */
++	"764",                             /* 764 */
++	"765",                             /* 765 */
++	"766",                             /* 766 */
++	"767",                             /* 767 */
++	"768",                             /* 768 */
++	"769",                             /* 769 */
++	"770",                             /* 770 */
++	"771",                             /* 771 */
++	"772",                             /* 772 */
++	"773",                             /* 773 */
++	"774",                             /* 774 */
++	"775",                             /* 775 */
++	"776",                             /* 776 */
++	"777",                             /* 777 */
++	"778",                             /* 778 */
++	"779",                             /* 779 */
++	"780",                             /* 780 */
++	"781",                             /* 781 */
++	"782",                             /* 782 */
++	"783",                             /* 783 */
++	"784",                             /* 784 */
++	"785",                             /* 785 */
++	"786",                             /* 786 */
++	"787",                             /* 787 */
++	"788",                             /* 788 */
++	"789",                             /* 789 */
++	"790",                             /* 790 */
++	"791",                             /* 791 */
++	"792",                             /* 792 */
++	"793",                             /* 793 */
++	"794",                             /* 794 */
++	"795",                             /* 795 */
++	"796",                             /* 796 */
++	"797",                             /* 797 */
++	"798",                             /* 798 */
++	"799",                             /* 799 */
++	"800",                             /* 800 */
++	"801",                             /* 801 */
++	"802",                             /* 802 */
++	"803",                             /* 803 */
++	"804",                             /* 804 */
++	"805",                             /* 805 */
++	"806",                             /* 806 */
++	"807",                             /* 807 */
++	"808",                             /* 808 */
++	"809",                             /* 809 */
++	"810",                             /* 810 */
++	"811",                             /* 811 */
++	"812",                             /* 812 */
++	"813",                             /* 813 */
++	"814",                             /* 814 */
++	"815",                             /* 815 */
++	"816",                             /* 816 */
++	"817",                             /* 817 */
++	"818",                             /* 818 */
++	"819",                             /* 819 */
++	"820",                             /* 820 */
++	"821",                             /* 821 */
++	"822",                             /* 822 */
++	"823",                             /* 823 */
++	"824",                             /* 824 */
++	"825",                             /* 825 */
++	"826",                             /* 826 */
++	"827",                             /* 827 */
++	"828",                             /* 828 */
++	"829",                             /* 829 */
++	"830",                             /* 830 */
++	"831",                             /* 831 */
++	"832",                             /* 832 */
++	"833",                             /* 833 */
++	"834",                             /* 834 */
++	"835",                             /* 835 */
++	"836",                             /* 836 */
++	"837",                             /* 837 */
++	"838",                             /* 838 */
++	"839",                             /* 839 */
++	"840",                             /* 840 */
++	"841",                             /* 841 */
++	"842",                             /* 842 */
++	"843",                             /* 843 */
++	"844",                             /* 844 */
++	"845",                             /* 845 */
++	"846",                             /* 846 */
++	"847",                             /* 847 */
++	"848",                             /* 848 */
++	"849",                             /* 849 */
++	"850",                             /* 850 */
++	"851",                             /* 851 */
++	"852",                             /* 852 */
++	"853",                             /* 853 */
++	"854",                             /* 854 */
++	"855",                             /* 855 */
++	"856",                             /* 856 */
++	"857",                             /* 857 */
++	"858",                             /* 858 */
++	"859",                             /* 859 */
++	"860",                             /* 860 */
++	"861",                             /* 861 */
++	"862",                             /* 862 */
++	"863",                             /* 863 */
++	"864",                             /* 864 */
++	"865",                             /* 865 */
++	"866",                             /* 866 */
++	"867",                             /* 867 */
++	"868",                             /* 868 */
++	"869",                             /* 869 */
++	"870",                             /* 870 */
++	"871",                             /* 871 */
++	"872",                             /* 872 */
++	"873",                             /* 873 */
++	"874",                             /* 874 */
++	"875",                             /* 875 */
++	"876",                             /* 876 */
++	"877",                             /* 877 */
++	"878",                             /* 878 */
++	"879",                             /* 879 */
++	"880",                             /* 880 */
++	"881",                             /* 881 */
++	"882",                             /* 882 */
++	"883",                             /* 883 */
++	"884",                             /* 884 */
++	"885",                             /* 885 */
++	"886",                             /* 886 */
++	"887",                             /* 887 */
++	"888",                             /* 888 */
++	"889",                             /* 889 */
++	"890",                             /* 890 */
++	"891",                             /* 891 */
++	"892",                             /* 892 */
++	"893",                             /* 893 */
++	"894",                             /* 894 */
++	"895",                             /* 895 */
++	"896",                             /* 896 */
++	"897",                             /* 897 */
++	"898",                             /* 898 */
++	"899",                             /* 899 */
++	"900",                             /* 900 */
++	"901",                             /* 901 */
++	"902",                             /* 902 */
++	"903",                             /* 903 */
++	"904",                             /* 904 */
++	"905",                             /* 905 */
++	"906",                             /* 906 */
++	"907",                             /* 907 */
++	"908",                             /* 908 */
++	"909",                             /* 909 */
++	"910",                             /* 910 */
++	"911",                             /* 911 */
++	"912",                             /* 912 */
++	"913",                             /* 913 */
++	"914",                             /* 914 */
++	"915",                             /* 915 */
++	"916",                             /* 916 */
++	"917",                             /* 917 */
++	"918",                             /* 918 */
++	"919",                             /* 919 */
++	"920",                             /* 920 */
++	"921",                             /* 921 */
++	"922",                             /* 922 */
++	"923",                             /* 923 */
++	"924",                             /* 924 */
++	"925",                             /* 925 */
++	"926",                             /* 926 */
++	"927",                             /* 927 */
++	"928",                             /* 928 */
++	"929",                             /* 929 */
++	"930",                             /* 930 */
++	"931",                             /* 931 */
++	"932",                             /* 932 */
++	"933",                             /* 933 */
++	"934",                             /* 934 */
++	"935",                             /* 935 */
++	"936",                             /* 936 */
++	"937",                             /* 937 */
++	"938",                             /* 938 */
++	"939",                             /* 939 */
++	"940",                             /* 940 */
++	"941",                             /* 941 */
++	"942",                             /* 942 */
++	"943",                             /* 943 */
++	"944",                             /* 944 */
++	"945",                             /* 945 */
++	"946",                             /* 946 */
++	"947",                             /* 947 */
++	"948",                             /* 948 */
++	"949",                             /* 949 */
++	"950",                             /* 950 */
++	"951",                             /* 951 */
++	"952",                             /* 952 */
++	"953",                             /* 953 */
++	"954",                             /* 954 */
++	"955",                             /* 955 */
++	"956",                             /* 956 */
++	"957",                             /* 957 */
++	"958",                             /* 958 */
++	"959",                             /* 959 */
++	"960",                             /* 960 */
++	"961",                             /* 961 */
++	"962",                             /* 962 */
++	"963",                             /* 963 */
++	"964",                             /* 964 */
++	"965",                             /* 965 */
++	"966",                             /* 966 */
++	"967",                             /* 967 */
++	"968",                             /* 968 */
++	"969",                             /* 969 */
++	"970",                             /* 970 */
++	"971",                             /* 971 */
++	"972",                             /* 972 */
++	"973",                             /* 973 */
++	"974",                             /* 974 */
++	"975",                             /* 975 */
++	"976",                             /* 976 */
++	"977",                             /* 977 */
++	"978",                             /* 978 */
++	"979",                             /* 979 */
++	"980",                             /* 980 */
++	"981",                             /* 981 */
++	"982",                             /* 982 */
++	"983",                             /* 983 */
++	"984",                             /* 984 */
++	"985",                             /* 985 */
++	"986",                             /* 986 */
++	"987",                             /* 987 */
++	"988",                             /* 988 */
++	"989",                             /* 989 */
++	"990",                             /* 990 */
++	"991",                             /* 991 */
++	"992",                             /* 992 */
++	"993",                             /* 993 */
++	"994",                             /* 994 */
++	"995",                             /* 995 */
++	"996",                             /* 996 */
++	"997",                             /* 997 */
++	"998",                             /* 998 */
++	"999",                             /* 999 */
++	"1000",                            /* 1000 */
++	"1001",                            /* 1001 */
++	"1002",                            /* 1002 */
++	"1003",                            /* 1003 */
++	"1004",                            /* 1004 */
++	"1005",                            /* 1005 */
++	"1006",                            /* 1006 */
++	"1007",                            /* 1007 */
++	"1008",                            /* 1008 */
++	"1009",                            /* 1009 */
++	"1010",                            /* 1010 */
++	"1011",                            /* 1011 */
++	"1012",                            /* 1012 */
++	"1013",                            /* 1013 */
++	"1014",                            /* 1014 */
++	"1015",                            /* 1015 */
++	"1016",                            /* 1016 */
++	"1017",                            /* 1017 */
++	"1018",                            /* 1018 */
++	"1019",                            /* 1019 */
++	"1020",                            /* 1020 */
++	"1021",                            /* 1021 */
++	"1022",                            /* 1022 */
++	"1023",                            /* 1023 */
++	"open",                            /* 1024 */
++	"link",                            /* 1025 */
++	"unlink",                          /* 1026 */
++	"mknod",                           /* 1027 */
++	"chmod",                           /* 1028 */
++	"chown",                           /* 1029 */
++	"mkdir",                           /* 1030 */
++	"rmdir",                           /* 1031 */
++	"lchown",                          /* 1032 */
++	"access",                          /* 1033 */
++	"rename",                          /* 1034 */
++	"readlink",                        /* 1035 */
++	"symlink",                         /* 1036 */
++	"utimes",                          /* 1037 */
++	"stat",                            /* 1038 */
++	"lstat",                           /* 1039 */
++	"pipe",                            /* 1040 */
++	"dup2",                            /* 1041 */
++	"epoll_create",                    /* 1042 */
++	"inotify_init",                    /* 1043 */
++	"eventfd",                         /* 1044 */
++	"signalfd",                        /* 1045 */
++	"sendfile",                        /* 1046 */
++	"ftruncate",                       /* 1047 */
++	"truncate",                        /* 1048 */
++	"stat",                            /* 1049 */
++	"lstat",                           /* 1050 */
++	"fstat",                           /* 1051 */
++	"fcntl",                           /* 1052 */
++	"fadvise64",                       /* 1053 */
++	"newfstatat",                      /* 1054 */
++	"fstatfs",                         /* 1055 */
++	"statfs",                          /* 1056 */
++	"lseek",                           /* 1057 */
++	"mmap",                            /* 1058 */
++	"alarm",                           /* 1059 */
++	"getpgrp",                         /* 1060 */
++	"pause",                           /* 1061 */
++	"time",                            /* 1062 */
++	"utime",                           /* 1063 */
++	"creat",                           /* 1064 */
++	"getdents",                        /* 1065 */
++	"futimesat",                       /* 1066 */
++	"select",                          /* 1067 */
++	"poll",                            /* 1068 */
++	"epoll_wait",                      /* 1069 */
++	"ustat",                           /* 1070 */
++	"vfork",                           /* 1071 */
++	"oldwait4",                        /* 1072 */
++	"recv",                            /* 1073 */
++	"send",                            /* 1074 */
++	"bdflush",                         /* 1075 */
++	"umount",                          /* 1076 */
++	"uselib",                          /* 1077 */
++	"_sysctl",                         /* 1078 */
++	"fork",                            /* 1079 */
+diff --git a/sysdeps/linux-gnu/aarch64/trace.c b/sysdeps/linux-gnu/aarch64/trace.c
+new file mode 100644
+index 0000000..5544b51
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/trace.c
+@@ -0,0 +1,84 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++#include <asm/ptrace.h>
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++
++#include "backend.h"
++#include "proc.h"
++
++void
++get_arch_dep(struct Process *proc)
++{
++}
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++
++/* The syscall instruction is:
++ * | 31                   21 | 20    5 | 4       0 |
++ * | 1 1 0 1 0 1 0 0 | 0 0 0 |  imm16  | 0 0 0 0 1 | */
++#define SVC_MASK  0xffe0001f
++#define SVC_VALUE 0xd4000001
++
++int
++syscall_p(struct Process *proc, int status, int *sysnum)
++{
++	if (WIFSTOPPED(status)
++	    && WSTOPSIG(status) == (SIGTRAP | proc->tracesysgood)) {
++
++		struct user_pt_regs regs;
++		if (aarch64_read_gregs(proc, &regs) < 0) {
++			fprintf(stderr, "syscall_p: "
++				"Couldn't read registers of %d.\n", proc->pid);
++			return -1;
++		}
++
++		errno = 0;
++		unsigned long insn = (unsigned long) ptrace(PTRACE_PEEKTEXT,
++							    proc->pid,
++							    regs.pc - 4, 0);
++		if (insn == -1UL && errno != 0) {
++			fprintf(stderr, "syscall_p: "
++				"Couldn't peek into %d: %s\n", proc->pid,
++				strerror(errno));
++			return -1;
++		}
++
++		insn &= 0xffffffffUL;
++		if ((insn & SVC_MASK) == SVC_VALUE) {
++			*sysnum = regs.regs[8];
++
++			size_t d1 = proc->callstack_depth - 1;
++			if (proc->callstack_depth > 0
++			    && proc->callstack[d1].is_syscall
++			    && proc->callstack[d1].c_un.syscall == *sysnum)
++				return 2;
++
++			return 1;
++		}
++	}
++
++	return 0;
++}
+-- 
+1.9.1
+
diff --git a/user/ltrace/aarch64.patch b/user/ltrace/aarch64.patch
new file mode 100644
index 000000000..a89c3073a
--- /dev/null
+++ b/user/ltrace/aarch64.patch
@@ -0,0 +1,2155 @@
+From 982cbca34b2b49a158086ff5f43eb9bba89edead Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Wed, 6 Feb 2013 15:46:04 +0100
+Subject: [PATCH] Move get_hfa_type from IA64 backend to type.c, name it
+ type_get_hfa_type
+
+---
+ sysdeps/linux-gnu/ia64/fetch.c | 48 ++++++++----------------------------------
+ type.c                         | 36 +++++++++++++++++++++++++++++++
+ type.h                         | 11 +++++++++-
+ 3 files changed, 55 insertions(+), 40 deletions(-)
+
+diff --git a/sysdeps/linux-gnu/ia64/fetch.c b/sysdeps/linux-gnu/ia64/fetch.c
+index e90dbed..171c7a2 100644
+--- a/sysdeps/linux-gnu/ia64/fetch.c
++++ b/sysdeps/linux-gnu/ia64/fetch.c
+@@ -1,6 +1,6 @@
+ /*
+  * This file is part of ltrace.
+- * Copyright (C) 2012 Petr Machata, Red Hat Inc.
++ * Copyright (C) 2012,2013 Petr Machata, Red Hat Inc.
+  * Copyright (C) 2008,2009 Juan Cespedes
+  * Copyright (C) 2006 Steve Fink
+  * Copyright (C) 2006 Ian Wienand
+@@ -249,37 +249,6 @@ allocate_float(struct fetch_context *ctx, struct process *proc,
+ 	return 0;
+ }
+ 
+-static enum arg_type
+-get_hfa_type(struct arg_type_info *info, size_t *countp)
+-{
+-	size_t n = type_aggregate_size(info);
+-	if (n == (size_t)-1)
+-		return ARGTYPE_VOID;
+-
+-	enum arg_type type = ARGTYPE_VOID;
+-	*countp = 0;
+-
+-	while (n-- > 0) {
+-		struct arg_type_info *emt = type_element(info, n);
+-
+-		enum arg_type emt_type = emt->type;
+-		size_t emt_count = 1;
+-		if (emt_type == ARGTYPE_STRUCT || emt_type == ARGTYPE_ARRAY)
+-			emt_type = get_hfa_type(emt, &emt_count);
+-
+-		if (type == ARGTYPE_VOID) {
+-			if (emt_type != ARGTYPE_FLOAT
+-			    && emt_type != ARGTYPE_DOUBLE)
+-				return ARGTYPE_VOID;
+-			type = emt_type;
+-		}
+-		if (emt_type != type)
+-			return ARGTYPE_VOID;
+-		*countp += emt_count;
+-	}
+-	return type;
+-}
+-
+ static int
+ allocate_hfa(struct fetch_context *ctx, struct process *proc,
+ 	     struct arg_type_info *info, struct value *valuep,
+@@ -380,10 +349,11 @@ allocate_ret(struct fetch_context *ctx, struct process *proc,
+ 	 * floating-point registers, beginning with f8.  */
+ 	if (info->type == ARGTYPE_STRUCT || info->type == ARGTYPE_ARRAY) {
+ 		size_t hfa_size;
+-		enum arg_type hfa_type = get_hfa_type(info, &hfa_size);
+-		if (hfa_type != ARGTYPE_VOID && hfa_size <= 8)
++		struct arg_type_info *hfa_info
++			= type_get_hfa_type(info, &hfa_size);
++		if (hfa_info != NULL && hfa_size <= 8)
+ 			return allocate_hfa(ctx, proc, info, valuep,
+-					    hfa_type, hfa_size);
++					    hfa_info->type, hfa_size);
+ 	}
+ 
+ 	/* Integers and pointers are passed in r8.  128-bit integers
+@@ -409,7 +379,7 @@ arch_fetch_arg_next(struct fetch_context *ctx, enum tof type,
+ 		    struct arg_type_info *info, struct value *valuep)
+ {
+ 	switch (info->type) {
+-		enum arg_type hfa_type;
++		struct arg_type_info *hfa_info;
+ 		size_t hfa_size;
+ 
+ 	case ARGTYPE_VOID:
+@@ -421,10 +391,10 @@ arch_fetch_arg_next(struct fetch_context *ctx, enum tof type,
+ 		return allocate_float(ctx, proc, info, valuep, 1);
+ 
+ 	case ARGTYPE_STRUCT:
+-		hfa_type = get_hfa_type(info, &hfa_size);
+-		if (hfa_type != ARGTYPE_VOID)
++		hfa_info = type_get_hfa_type(info, &hfa_size);
++		if (hfa_info != NULL)
+ 			return allocate_hfa(ctx, proc, info, valuep,
+-					    hfa_type, hfa_size);
++					    hfa_info->type, hfa_size);
+ 		/* Fall through.  */
+ 	case ARGTYPE_CHAR:
+ 	case ARGTYPE_SHORT:
+diff --git a/type.c b/type.c
+index 11b4ce1..d5bc98f 100644
+--- a/type.c
++++ b/type.c
+@@ -564,3 +564,39 @@ type_get_fp_equivalent(struct arg_type_info *info)
+ 	}
+ 	abort();
+ }
++
++struct arg_type_info *
++type_get_hfa_type(struct arg_type_info *info, size_t *countp)
++{
++	assert(info != NULL);
++	if (info->type != ARGTYPE_STRUCT
++	    && info->type != ARGTYPE_ARRAY)
++		return NULL;
++
++	size_t n = type_aggregate_size(info);
++	if (n == (size_t)-1)
++		return NULL;
++
++	struct arg_type_info *ret = NULL;
++	*countp = 0;
++
++	while (n-- > 0) {
++		struct arg_type_info *emt = type_element(info, n);
++
++		size_t emt_count = 1;
++		if (emt->type == ARGTYPE_STRUCT || emt->type == ARGTYPE_ARRAY)
++			emt = type_get_hfa_type(emt, &emt_count);
++		if (emt == NULL)
++			return NULL;
++		if (ret == NULL) {
++			if (emt->type != ARGTYPE_FLOAT
++			    && emt->type != ARGTYPE_DOUBLE)
++				return NULL;
++			ret = emt;
++		}
++		if (emt->type != ret->type)
++			return NULL;
++		*countp += emt_count;
++	}
++	return ret;
++}
+diff --git a/type.h b/type.h
+index b92c1af..3210677 100644
+--- a/type.h
++++ b/type.h
+@@ -1,6 +1,6 @@
+ /*
+  * This file is part of ltrace.
+- * Copyright (C) 2011,2012 Petr Machata, Red Hat Inc.
++ * Copyright (C) 2011,2012,2013 Petr Machata, Red Hat Inc.
+  * Copyright (C) 1997-2009 Juan Cespedes
+  *
+  * This program is free software; you can redistribute it and/or
+@@ -142,4 +142,13 @@ int type_is_signed(enum arg_type type);
+  * type.  */
+ struct arg_type_info *type_get_fp_equivalent(struct arg_type_info *info);
+ 
++/* If INFO is homogeneous floating-point aggregate, return the
++ * corresponding floating point type, and set *COUNTP to number of
++ * fields of the structure.  Otherwise return NULL.  INFO is a HFA if
++ * it's an aggregate whose each field is either a HFA, or a
++ * floating-point type.  */
++struct arg_type_info *type_get_hfa_type(struct arg_type_info *info,
++					size_t *countp);
++
++
+ #endif /* TYPE_H */
+-- 
+1.9.1
+
+From ae7249250ea650ec82bc545d4281b852020c7a6f Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Fri, 24 Jan 2014 00:50:06 +0100
+Subject: [PATCH 1/1] Implement aarch64 support
+
+- IFUNC support is not implemented, the rest works well.  The only
+  other failure is in wide char functions, and that occurs on x86_64
+  as well.
+---
+ configure.ac                           |    3 +-
+ sysdeps/linux-gnu/Makefile.am          |    4 +-
+ sysdeps/linux-gnu/aarch64/Makefile.am  |   25 +
+ sysdeps/linux-gnu/aarch64/arch.h       |   37 ++
+ sysdeps/linux-gnu/aarch64/fetch.c      |  365 +++++++++++
+ sysdeps/linux-gnu/aarch64/plt.c        |   38 ++
+ sysdeps/linux-gnu/aarch64/ptrace.h     |   22 +
+ sysdeps/linux-gnu/aarch64/regs.c       |  130 ++++
+ sysdeps/linux-gnu/aarch64/signalent.h  |   52 ++
+ sysdeps/linux-gnu/aarch64/syscallent.h | 1100 ++++++++++++++++++++++++++++++++
+ sysdeps/linux-gnu/aarch64/trace.c      |   83 +++
+ 11 files changed, 1857 insertions(+), 2 deletions(-)
+ create mode 100644 sysdeps/linux-gnu/aarch64/Makefile.am
+ create mode 100644 sysdeps/linux-gnu/aarch64/arch.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/fetch.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/plt.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/ptrace.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/regs.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/signalent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/syscallent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/trace.c
+
+diff --git a/configure.ac b/configure.ac
+index c6e6bf0..0e9a124 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1,6 +1,6 @@
+ # -*- Autoconf -*-
+ # This file is part of ltrace.
+-# Copyright (C) 2010,2013 Petr Machata, Red Hat Inc.
++# Copyright (C) 2010,2012,2013,2014 Petr Machata, Red Hat Inc.
+ # Copyright (C) 2010,2011 Joe Damato
+ # Copyright (C) 2010 Marc Kleine-Budde
+ # Copyright (C) 2010 Zachary T Welch
+@@ -399,6 +399,7 @@ AC_CONFIG_FILES([
+ 	Makefile
+ 	sysdeps/Makefile
+ 	sysdeps/linux-gnu/Makefile
++	sysdeps/linux-gnu/aarch64/Makefile
+ 	sysdeps/linux-gnu/alpha/Makefile
+ 	sysdeps/linux-gnu/arm/Makefile
+ 	sysdeps/linux-gnu/cris/Makefile
+diff --git a/sysdeps/linux-gnu/Makefile.am b/sysdeps/linux-gnu/Makefile.am
+index ecee577..ec26162 100644
+--- a/sysdeps/linux-gnu/Makefile.am
++++ b/sysdeps/linux-gnu/Makefile.am
+@@ -1,4 +1,5 @@
+ # This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
+ # Copyright (C) 2010,2012 Marc Kleine-Budde, Pengutronix
+ #
+ # This program is free software; you can redistribute it and/or
+@@ -16,7 +17,8 @@
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ # 02110-1301 USA
+ 
+-DIST_SUBDIRS = alpha arm cris ia64 m68k mips ppc s390 sparc x86
++DIST_SUBDIRS = aarch64 alpha arm cris ia64 m68k mips ppc s390	\
++	       sparc x86
+ 
+ SUBDIRS = \
+ 	$(HOST_CPU)
+diff --git a/sysdeps/linux-gnu/aarch64/Makefile.am b/sysdeps/linux-gnu/aarch64/Makefile.am
+new file mode 100644
+index 0000000..0af4e6e
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/Makefile.am
+@@ -0,0 +1,25 @@
++# This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of the
++# License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++# General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++# 02110-1301 USA
++
++noinst_LTLIBRARIES = ../libcpu.la
++
++___libcpu_la_SOURCES = fetch.c plt.c regs.c trace.c
++
++noinst_HEADERS = arch.h ptrace.h signalent.h syscallent.h
++
++MAINTAINERCLEANFILES = Makefile.in
+diff --git a/sysdeps/linux-gnu/aarch64/arch.h b/sysdeps/linux-gnu/aarch64/arch.h
+new file mode 100644
+index 0000000..4137613
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/arch.h
+@@ -0,0 +1,37 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++#ifndef LTRACE_AARCH64_ARCH_H
++#define LTRACE_AARCH64_ARCH_H
++
++/* | 31                 21 | 20       5 | 4       0 | *
++ * | 1 1 0 1 0 1 0 0 0 0 1 |    imm16   | 0 0 0 0 0 | */
++#define BREAKPOINT_VALUE { 0xd4, 0x20, 0, 0 }
++#define BREAKPOINT_LENGTH 4
++#define DECR_PC_AFTER_BREAK 0
++
++#define LT_ELFCLASS	ELFCLASS64
++#define LT_ELF_MACHINE	EM_AARCH64
++
++#define ARCH_HAVE_FETCH_ARG
++#define ARCH_ENDIAN_BIG
++#define ARCH_HAVE_SIZEOF
++#define ARCH_HAVE_ALIGNOF
++
++#endif /* LTRACE_AARCH64_ARCH_H */
+diff --git a/sysdeps/linux-gnu/aarch64/fetch.c b/sysdeps/linux-gnu/aarch64/fetch.c
+new file mode 100644
+index 0000000..8779f03
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/fetch.c
+@@ -0,0 +1,365 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include "fetch.h"
++#include "proc.h"
++#include "type.h"
++#include "value.h"
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++int aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs);
++
++
++struct fetch_context
++{
++	struct user_pt_regs gregs;
++	struct user_fpsimd_state fpregs;
++	arch_addr_t nsaa;
++	unsigned ngrn;
++	unsigned nsrn;
++	arch_addr_t x8;
++};
++
++static int
++context_init(struct fetch_context *context, struct Process *proc)
++{
++	if (aarch64_read_gregs(proc, &context->gregs) < 0
++	    || aarch64_read_fregs(proc, &context->fpregs) < 0)
++		return -1;
++
++	context->ngrn = 0;
++	context->nsrn = 0;
++	/* XXX double cast */
++	context->nsaa = (arch_addr_t) (uintptr_t) context->gregs.sp;
++	context->x8 = 0;
++
++	return 0;
++}
++
++struct fetch_context *
++arch_fetch_arg_clone(struct Process *proc, struct fetch_context *context)
++{
++	struct fetch_context *ret = malloc(sizeof(*ret));
++	if (ret == NULL)
++		return NULL;
++	return memcpy(ret, context, sizeof(*ret));
++}
++
++static void
++fetch_next_gpr(struct fetch_context *context, unsigned char *buf)
++{
++	uint64_t u = context->gregs.regs[context->ngrn++];
++	memcpy(buf, &u, 8);
++}
++
++static int
++fetch_gpr(struct fetch_context *context, struct value *value, size_t sz)
++{
++	if (sz < 8)
++		sz = 8;
++
++	unsigned char *buf = value_reserve(value, sz);
++	if (buf == NULL)
++		return -1;
++
++	size_t i;
++	for (i = 0; i < sz; i += 8)
++		fetch_next_gpr(context, buf + i);
++
++	return 0;
++}
++
++static void
++fetch_next_sse(struct fetch_context *context, unsigned char *buf, size_t sz)
++{
++	__int128 u = context->fpregs.vregs[context->nsrn++];
++	memcpy(buf, &u, sz);
++}
++
++static int
++fetch_sse(struct fetch_context *context, struct value *value, size_t sz)
++{
++	unsigned char *buf = value_reserve(value, sz);
++	if (buf == NULL)
++		return -1;
++
++	fetch_next_sse(context, buf, sz);
++	return 0;
++}
++
++static int
++fetch_hfa(struct fetch_context *context,
++	  struct value *value, struct arg_type_info *hfa_t, size_t count)
++{
++	size_t sz = type_sizeof(value->inferior, hfa_t);
++	unsigned char *buf = value_reserve(value, sz * count);
++	if (buf == NULL)
++		return -1;
++
++	size_t i;
++	for (i = 0; i < count; ++i) {
++		fetch_next_sse(context, buf, sz);
++		buf += sz;
++	}
++	return 0;
++}
++
++static int
++fetch_stack(struct fetch_context *context, struct value *value,
++	    size_t align, size_t sz)
++{
++	if (align < 8)
++		align = 8;
++	size_t amount = ((sz + align - 1) / align) * align;
++
++	/* XXX double casts */
++	uintptr_t sp = (uintptr_t) context->nsaa;
++	sp = ((sp + align - 1) / align) * align;
++
++	value_in_inferior(value, (arch_addr_t) sp);
++
++	sp += amount;
++	context->nsaa = (arch_addr_t) sp;
++
++	return 0;
++}
++
++enum convert_method {
++	CVT_ERR = -1,
++	CVT_NOP = 0,
++	CVT_BYREF,
++};
++
++enum fetch_method {
++	FETCH_NOP,
++	FETCH_STACK,
++	FETCH_GPR,
++	FETCH_SSE,
++	FETCH_HFA,
++};
++
++struct fetch_script {
++	enum convert_method c;
++	enum fetch_method f;
++	size_t sz;
++	struct arg_type_info *hfa_t;
++	size_t count;
++};
++
++static struct fetch_script
++pass_arg(struct fetch_context const *context,
++	 struct Process *proc, struct arg_type_info *info)
++{
++	enum fetch_method cvt = CVT_NOP;
++
++	size_t sz = type_sizeof(proc, info);
++	if (sz == (size_t) -1)
++		return (struct fetch_script) { CVT_ERR, FETCH_NOP, sz };
++
++	switch (info->type) {
++	case ARGTYPE_VOID:
++		return (struct fetch_script) { cvt, FETCH_NOP, sz };
++
++	case ARGTYPE_STRUCT:
++	case ARGTYPE_ARRAY:;
++		size_t count;
++		struct arg_type_info *hfa_t = type_get_hfa_type(info, &count);
++		if (hfa_t != NULL && count <= 4) {
++			if (context->nsrn + count <= 8)
++				return (struct fetch_script)
++					{ cvt, FETCH_HFA, sz, hfa_t, count };
++			return (struct fetch_script)
++				{ cvt, FETCH_STACK, sz, hfa_t, count };
++		}
++
++		if (sz <= 16) {
++			size_t count = sz / 8;
++			if (context->ngrn + count <= 8)
++				return (struct fetch_script)
++					{ cvt, FETCH_GPR, sz };
++		}
++
++		cvt = CVT_BYREF;
++		sz = 8;
++		/* Fall through.  */
++
++	case ARGTYPE_POINTER:
++	case ARGTYPE_INT:
++	case ARGTYPE_UINT:
++	case ARGTYPE_LONG:
++	case ARGTYPE_ULONG:
++	case ARGTYPE_CHAR:
++	case ARGTYPE_SHORT:
++	case ARGTYPE_USHORT:
++		if (context->ngrn < 8 && sz <= 8)
++			return (struct fetch_script) { cvt, FETCH_GPR, sz };
++		/* We don't support types wider than 8 bytes as of
++		 * now.  */
++		assert(sz <= 8);
++
++		return (struct fetch_script) { cvt, FETCH_STACK, sz };
++
++	case ARGTYPE_FLOAT:
++	case ARGTYPE_DOUBLE:
++		if (context->nsrn < 8) {
++			/* ltrace doesn't support float128.  */
++			assert(sz <= 8);
++			return (struct fetch_script) { cvt, FETCH_SSE, sz };
++		}
++
++		return (struct fetch_script) { cvt, FETCH_STACK, sz };
++	}
++
++	assert(! "Failed to allocate argument.");
++	abort();
++}
++
++static int
++convert_arg(struct value *value, struct fetch_script how)
++{
++	switch (how.c) {
++	case CVT_NOP:
++		return 0;
++	case CVT_BYREF:
++		return value_pass_by_reference(value);
++	case CVT_ERR:
++		return -1;
++	}
++
++	assert(! "Don't know how to convert argument.");
++	abort();
++}
++
++static int
++fetch_arg(struct fetch_context *context,
++	  struct Process *proc, struct arg_type_info *info,
++	  struct value *value, struct fetch_script how)
++{
++	if (convert_arg(value, how) < 0)
++		return -1;
++
++	switch (how.f) {
++	case FETCH_NOP:
++		return 0;
++
++	case FETCH_STACK:
++		if (how.hfa_t != NULL && how.count != 0 && how.count <= 8)
++			context->nsrn = 8;
++		return fetch_stack(context, value,
++				   type_alignof(proc, info), how.sz);
++
++	case FETCH_GPR:
++		return fetch_gpr(context, value, how.sz);
++
++	case FETCH_SSE:
++		return fetch_sse(context, value, how.sz);
++
++	case FETCH_HFA:
++		return fetch_hfa(context, value, how.hfa_t, how.count);
++	}
++
++	assert(! "Don't know how to fetch argument.");
++	abort();
++}
++
++struct fetch_context *
++arch_fetch_arg_init(enum tof type, struct Process *proc,
++		    struct arg_type_info *ret_info)
++{
++	struct fetch_context *context = malloc(sizeof *context);
++	if (context == NULL || context_init(context, proc) < 0) {
++	fail:
++		free(context);
++		return NULL;
++	}
++
++	/* There's a provision in ARMv8 parameter passing convention
++	 * for returning types that, if passed as first argument to a
++	 * function, would be passed on stack.  For those types, x8
++	 * contains an address where the return argument should be
++	 * placed.  The callee doesn't need to preserve the value of
++	 * x8, so we need to fetch it now.
++	 *
++	 * To my knowledge, there are currently no types where this
++	 * holds, but the code is here, utterly untested.  */
++
++	struct fetch_script how = pass_arg(context, proc, ret_info);
++	if (how.c == CVT_ERR)
++		goto fail;
++	if (how.c == CVT_NOP && how.f == FETCH_STACK) {
++		/* XXX double cast.  */
++		context->x8 = (arch_addr_t) (uintptr_t) context->gregs.regs[8];
++		/* See the comment above about the assert.  */
++		assert(! "Unexpected: first argument passed on stack.");
++		abort();
++	}
++
++	return context;
++}
++
++int
++arch_fetch_arg_next(struct fetch_context *context, enum tof type,
++		    struct Process *proc, struct arg_type_info *info,
++		    struct value *value)
++{
++	return fetch_arg(context, proc, info, value,
++			 pass_arg(context, proc, info));
++}
++
++int
++arch_fetch_retval(struct fetch_context *context, enum tof type,
++		  struct Process *proc, struct arg_type_info *info,
++		  struct value *value)
++{
++	if (context->x8 != 0) {
++		value_in_inferior(value, context->x8);
++		return 0;
++	}
++
++	if (context_init(context, proc) < 0)
++		return -1;
++
++	return fetch_arg(context, proc, info, value,
++			 pass_arg(context, proc, info));
++}
++
++void
++arch_fetch_arg_done(struct fetch_context *context)
++{
++	if (context != NULL)
++		free(context);
++}
++
++size_t
++arch_type_sizeof(struct Process *proc, struct arg_type_info *arg)
++{
++	return (size_t) -2;
++}
++
++size_t
++arch_type_alignof(struct Process *proc, struct arg_type_info *arg)
++{
++	return (size_t) -2;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/plt.c b/sysdeps/linux-gnu/aarch64/plt.c
+new file mode 100644
+index 0000000..29dc4c9
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/plt.c
+@@ -0,0 +1,38 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <gelf.h>
++
++#include "backend.h"
++#include "proc.h"
++#include "library.h"
++#include "ltrace-elf.h"
++
++arch_addr_t
++sym2addr(struct Process *proc, struct library_symbol *sym)
++{
++	return sym->enter_addr;
++}
++
++GElf_Addr
++arch_plt_sym_val(struct ltelf *lte, size_t ndx, GElf_Rela *rela)
++{
++	return lte->plt_addr + 32 + ndx * 16;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/ptrace.h b/sysdeps/linux-gnu/aarch64/ptrace.h
+new file mode 100644
+index 0000000..283c314
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/ptrace.h
+@@ -0,0 +1,22 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
+diff --git a/sysdeps/linux-gnu/aarch64/regs.c b/sysdeps/linux-gnu/aarch64/regs.c
+new file mode 100644
+index 0000000..06eb72b
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/regs.c
+@@ -0,0 +1,131 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <linux/uio.h>
++#include <assert.h>
++#include <stdlib.h>
++#include <stdio.h>
++
++#include "backend.h"
++#include "proc.h"
++
++#define PC_OFF (32 * 4)
++
++int
++aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++	*regs = (struct user_pt_regs) {};
++	struct iovec iovec;
++	iovec.iov_base = regs;
++	iovec.iov_len = sizeof *regs;
++	return ptrace(PTRACE_GETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++		? -1 : 0;
++}
++
++int
++aarch64_write_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++	struct iovec iovec;
++	iovec.iov_base = regs;
++	iovec.iov_len = sizeof *regs;
++	return ptrace(PTRACE_SETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++		? -1 : 0;
++}
++
++int
++aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs)
++{
++	*regs = (struct user_fpsimd_state) {};
++	struct iovec iovec;
++	iovec.iov_base = regs;
++	iovec.iov_len = sizeof *regs;
++	return ptrace(PTRACE_GETREGSET, proc->pid, NT_FPREGSET, &iovec) < 0
++		? -1 : 0;
++}
++
++arch_addr_t
++get_instruction_pointer(struct Process *proc)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_instruction_pointer: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return 0;
++	}
++
++	/* 
++	char buf[128];
++	sprintf(buf, "cat /proc/%d/maps", proc->pid);
++	system(buf);
++	*/
++
++	/* XXX double cast */
++	return (arch_addr_t) (uintptr_t) regs.pc;
++}
++
++void
++set_instruction_pointer(struct Process *proc, arch_addr_t addr)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_instruction_pointer: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return;
++	}
++
++	/* XXX double cast */
++	regs.pc = (uint64_t) (uintptr_t) addr;
++
++	if (aarch64_write_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_instruction_pointer: "
++			"Couldn't write registers of %d.\n", proc->pid);
++		return;
++	}
++}
++
++arch_addr_t
++get_stack_pointer(struct Process *proc)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_stack_pointer: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return 0;
++	}
++
++	/* XXX double cast */
++	return (arch_addr_t) (uintptr_t) regs.sp;
++}
++
++arch_addr_t
++get_return_addr(struct Process *proc, arch_addr_t stack_pointer)
++{
++	struct user_pt_regs regs;
++	if (aarch64_read_gregs(proc, &regs) < 0) {
++		fprintf(stderr, "get_return_addr: "
++			"Couldn't read registers of %d.\n", proc->pid);
++		return 0;
++	}
++
++	/* XXX double cast */
++	return (arch_addr_t) (uintptr_t) regs.regs[30];
++}
+diff --git a/sysdeps/linux-gnu/aarch64/signalent.h b/sysdeps/linux-gnu/aarch64/signalent.h
+new file mode 100644
+index 0000000..bf56ebc
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/signalent.h
+@@ -0,0 +1,52 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2006 Ian Wienand
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++	"SIG_0",			/* 0 */
++	"SIGHUP",			/* 1 */
++	"SIGINT",			/* 2 */
++	"SIGQUIT",			/* 3 */
++	"SIGILL",			/* 4 */
++	"SIGTRAP",			/* 5 */
++	"SIGABRT",			/* 6 */
++	"SIGBUS",			/* 7 */
++	"SIGFPE",			/* 8 */
++	"SIGKILL",			/* 9 */
++	"SIGUSR1",			/* 10 */
++	"SIGSEGV",			/* 11 */
++	"SIGUSR2",			/* 12 */
++	"SIGPIPE",			/* 13 */
++	"SIGALRM",			/* 14 */
++	"SIGTERM",			/* 15 */
++	"SIGSTKFLT",			/* 16 */
++	"SIGCHLD",			/* 17 */
++	"SIGCONT",			/* 18 */
++	"SIGSTOP",			/* 19 */
++	"SIGTSTP",			/* 20 */
++	"SIGTTIN",			/* 21 */
++	"SIGTTOU",			/* 22 */
++	"SIGURG",			/* 23 */
++	"SIGXCPU",			/* 24 */
++	"SIGXFSZ",			/* 25 */
++	"SIGVTALRM",			/* 26 */
++	"SIGPROF",			/* 27 */
++	"SIGWINCH",			/* 28 */
++	"SIGIO",			/* 29 */
++	"SIGPWR",			/* 30 */
++	"SIGSYS",			/* 31 */
+diff --git a/sysdeps/linux-gnu/aarch64/syscallent.h b/sysdeps/linux-gnu/aarch64/syscallent.h
+new file mode 100644
+index 0000000..aca8191
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/syscallent.h
+@@ -0,0 +1,1100 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++	"io_setup",                        /* 0 */
++	"io_destroy",                      /* 1 */
++	"io_submit",                       /* 2 */
++	"io_cancel",                       /* 3 */
++	"io_getevents",                    /* 4 */
++	"setxattr",                        /* 5 */
++	"lsetxattr",                       /* 6 */
++	"fsetxattr",                       /* 7 */
++	"getxattr",                        /* 8 */
++	"lgetxattr",                       /* 9 */
++	"fgetxattr",                       /* 10 */
++	"listxattr",                       /* 11 */
++	"llistxattr",                      /* 12 */
++	"flistxattr",                      /* 13 */
++	"removexattr",                     /* 14 */
++	"lremovexattr",                    /* 15 */
++	"fremovexattr",                    /* 16 */
++	"getcwd",                          /* 17 */
++	"lookup_dcookie",                  /* 18 */
++	"eventfd2",                        /* 19 */
++	"epoll_create1",                   /* 20 */
++	"epoll_ctl",                       /* 21 */
++	"epoll_pwait",                     /* 22 */
++	"dup",                             /* 23 */
++	"dup3",                            /* 24 */
++	"fcntl",                           /* 25 */
++	"inotify_init1",                   /* 26 */
++	"inotify_add_watch",               /* 27 */
++	"inotify_rm_watch",                /* 28 */
++	"ioctl",                           /* 29 */
++	"ioprio_set",                      /* 30 */
++	"ioprio_get",                      /* 31 */
++	"flock",                           /* 32 */
++	"mknodat",                         /* 33 */
++	"mkdirat",                         /* 34 */
++	"unlinkat",                        /* 35 */
++	"symlinkat",                       /* 36 */
++	"linkat",                          /* 37 */
++	"renameat",                        /* 38 */
++	"umount2",                         /* 39 */
++	"mount",                           /* 40 */
++	"pivot_root",                      /* 41 */
++	"nfsservctl",                      /* 42 */
++	"statfs",                          /* 43 */
++	"fstatfs",                         /* 44 */
++	"truncate",                        /* 45 */
++	"ftruncate",                       /* 46 */
++	"fallocate",                       /* 47 */
++	"faccessat",                       /* 48 */
++	"chdir",                           /* 49 */
++	"fchdir",                          /* 50 */
++	"chroot",                          /* 51 */
++	"fchmod",                          /* 52 */
++	"fchmodat",                        /* 53 */
++	"fchownat",                        /* 54 */
++	"fchown",                          /* 55 */
++	"openat",                          /* 56 */
++	"close",                           /* 57 */
++	"vhangup",                         /* 58 */
++	"pipe2",                           /* 59 */
++	"quotactl",                        /* 60 */
++	"getdents64",                      /* 61 */
++	"lseek",                           /* 62 */
++	"read",                            /* 63 */
++	"write",                           /* 64 */
++	"readv",                           /* 65 */
++	"writev",                          /* 66 */
++	"pread64",                         /* 67 */
++	"pwrite64",                        /* 68 */
++	"preadv",                          /* 69 */
++	"pwritev",                         /* 70 */
++	"sendfile",                        /* 71 */
++	"pselect6",                        /* 72 */
++	"ppoll",                           /* 73 */
++	"signalfd4",                       /* 74 */
++	"vmsplice",                        /* 75 */
++	"splice",                          /* 76 */
++	"tee",                             /* 77 */
++	"readlinkat",                      /* 78 */
++	"fstatat",                         /* 79 */
++	"fstat",                           /* 80 */
++	"sync",                            /* 81 */
++	"fsync",                           /* 82 */
++	"fdatasync",                       /* 83 */
++	"sync_file_range",                 /* 84 */
++	"timerfd_create",                  /* 85 */
++	"timerfd_settime",                 /* 86 */
++	"timerfd_gettime",                 /* 87 */
++	"utimensat",                       /* 88 */
++	"acct",                            /* 89 */
++	"capget",                          /* 90 */
++	"capset",                          /* 91 */
++	"personality",                     /* 92 */
++	"exit",                            /* 93 */
++	"exit_group",                      /* 94 */
++	"waitid",                          /* 95 */
++	"set_tid_address",                 /* 96 */
++	"unshare",                         /* 97 */
++	"futex",                           /* 98 */
++	"set_robust_list",                 /* 99 */
++	"get_robust_list",                 /* 100 */
++	"nanosleep",                       /* 101 */
++	"getitimer",                       /* 102 */
++	"setitimer",                       /* 103 */
++	"kexec_load",                      /* 104 */
++	"init_module",                     /* 105 */
++	"delete_module",                   /* 106 */
++	"timer_create",                    /* 107 */
++	"timer_gettime",                   /* 108 */
++	"timer_getoverrun",                /* 109 */
++	"timer_settime",                   /* 110 */
++	"timer_delete",                    /* 111 */
++	"clock_settime",                   /* 112 */
++	"clock_gettime",                   /* 113 */
++	"clock_getres",                    /* 114 */
++	"clock_nanosleep",                 /* 115 */
++	"syslog",                          /* 116 */
++	"ptrace",                          /* 117 */
++	"sched_setparam",                  /* 118 */
++	"sched_setscheduler",              /* 119 */
++	"sched_getscheduler",              /* 120 */
++	"sched_getparam",                  /* 121 */
++	"sched_setaffinity",               /* 122 */
++	"sched_getaffinity",               /* 123 */
++	"sched_yield",                     /* 124 */
++	"sched_get_priority_max",          /* 125 */
++	"sched_get_priority_min",          /* 126 */
++	"sched_rr_get_interval",           /* 127 */
++	"restart_syscall",                 /* 128 */
++	"kill",                            /* 129 */
++	"tkill",                           /* 130 */
++	"tgkill",                          /* 131 */
++	"sigaltstack",                     /* 132 */
++	"rt_sigsuspend",                   /* 133 */
++	"rt_sigaction",                    /* 134 */
++	"rt_sigprocmask",                  /* 135 */
++	"rt_sigpending",                   /* 136 */
++	"rt_sigtimedwait",                 /* 137 */
++	"rt_sigqueueinfo",                 /* 138 */
++	"rt_sigreturn",                    /* 139 */
++	"setpriority",                     /* 140 */
++	"getpriority",                     /* 141 */
++	"reboot",                          /* 142 */
++	"setregid",                        /* 143 */
++	"setgid",                          /* 144 */
++	"setreuid",                        /* 145 */
++	"setuid",                          /* 146 */
++	"setresuid",                       /* 147 */
++	"getresuid",                       /* 148 */
++	"setresgid",                       /* 149 */
++	"getresgid",                       /* 150 */
++	"setfsuid",                        /* 151 */
++	"setfsgid",                        /* 152 */
++	"times",                           /* 153 */
++	"setpgid",                         /* 154 */
++	"getpgid",                         /* 155 */
++	"getsid",                          /* 156 */
++	"setsid",                          /* 157 */
++	"getgroups",                       /* 158 */
++	"setgroups",                       /* 159 */
++	"uname",                           /* 160 */
++	"sethostname",                     /* 161 */
++	"setdomainname",                   /* 162 */
++	"getrlimit",                       /* 163 */
++	"setrlimit",                       /* 164 */
++	"getrusage",                       /* 165 */
++	"umask",                           /* 166 */
++	"prctl",                           /* 167 */
++	"getcpu",                          /* 168 */
++	"gettimeofday",                    /* 169 */
++	"settimeofday",                    /* 170 */
++	"adjtimex",                        /* 171 */
++	"getpid",                          /* 172 */
++	"getppid",                         /* 173 */
++	"getuid",                          /* 174 */
++	"geteuid",                         /* 175 */
++	"getgid",                          /* 176 */
++	"getegid",                         /* 177 */
++	"gettid",                          /* 178 */
++	"sysinfo",                         /* 179 */
++	"mq_open",                         /* 180 */
++	"mq_unlink",                       /* 181 */
++	"mq_timedsend",                    /* 182 */
++	"mq_timedreceive",                 /* 183 */
++	"mq_notify",                       /* 184 */
++	"mq_getsetattr",                   /* 185 */
++	"msgget",                          /* 186 */
++	"msgctl",                          /* 187 */
++	"msgrcv",                          /* 188 */
++	"msgsnd",                          /* 189 */
++	"semget",                          /* 190 */
++	"semctl",                          /* 191 */
++	"semtimedop",                      /* 192 */
++	"semop",                           /* 193 */
++	"shmget",                          /* 194 */
++	"shmctl",                          /* 195 */
++	"shmat",                           /* 196 */
++	"shmdt",                           /* 197 */
++	"socket",                          /* 198 */
++	"socketpair",                      /* 199 */
++	"bind",                            /* 200 */
++	"listen",                          /* 201 */
++	"accept",                          /* 202 */
++	"connect",                         /* 203 */
++	"getsockname",                     /* 204 */
++	"getpeername",                     /* 205 */
++	"sendto",                          /* 206 */
++	"recvfrom",                        /* 207 */
++	"setsockopt",                      /* 208 */
++	"getsockopt",                      /* 209 */
++	"shutdown",                        /* 210 */
++	"sendmsg",                         /* 211 */
++	"recvmsg",                         /* 212 */
++	"readahead",                       /* 213 */
++	"brk",                             /* 214 */
++	"munmap",                          /* 215 */
++	"mremap",                          /* 216 */
++	"add_key",                         /* 217 */
++	"request_key",                     /* 218 */
++	"keyctl",                          /* 219 */
++	"clone",                           /* 220 */
++	"execve",                          /* 221 */
++	"mmap",                            /* 222 */
++	"fadvise64",                       /* 223 */
++	"swapon",                          /* 224 */
++	"swapoff",                         /* 225 */
++	"mprotect",                        /* 226 */
++	"msync",                           /* 227 */
++	"mlock",                           /* 228 */
++	"munlock",                         /* 229 */
++	"mlockall",                        /* 230 */
++	"munlockall",                      /* 231 */
++	"mincore",                         /* 232 */
++	"madvise",                         /* 233 */
++	"remap_file_pages",                /* 234 */
++	"mbind",                           /* 235 */
++	"get_mempolicy",                   /* 236 */
++	"set_mempolicy",                   /* 237 */
++	"migrate_pages",                   /* 238 */
++	"move_pages",                      /* 239 */
++	"rt_tgsigqueueinfo",               /* 240 */
++	"perf_event_open",                 /* 241 */
++	"accept4",                         /* 242 */
++	"recvmmsg",                        /* 243 */
++	"arch_specific_syscall",           /* 244 */
++	"245",                             /* 245 */
++	"246",                             /* 246 */
++	"247",                             /* 247 */
++	"248",                             /* 248 */
++	"249",                             /* 249 */
++	"250",                             /* 250 */
++	"251",                             /* 251 */
++	"252",                             /* 252 */
++	"253",                             /* 253 */
++	"254",                             /* 254 */
++	"255",                             /* 255 */
++	"256",                             /* 256 */
++	"257",                             /* 257 */
++	"258",                             /* 258 */
++	"259",                             /* 259 */
++	"wait4",                           /* 260 */
++	"prlimit64",                       /* 261 */
++	"fanotify_init",                   /* 262 */
++	"fanotify_mark",                   /* 263 */
++	"name_to_handle_at",               /* 264 */
++	"open_by_handle_at",               /* 265 */
++	"clock_adjtime",                   /* 266 */
++	"syncfs",                          /* 267 */
++	"setns",                           /* 268 */
++	"sendmmsg",                        /* 269 */
++	"process_vm_readv",                /* 270 */
++	"process_vm_writev",               /* 271 */
++	"kcmp",                            /* 272 */
++	"finit_module",                    /* 273 */
++	"syscalls",                        /* 274 */
++	"275",                             /* 275 */
++	"276",                             /* 276 */
++	"277",                             /* 277 */
++	"278",                             /* 278 */
++	"279",                             /* 279 */
++	"280",                             /* 280 */
++	"281",                             /* 281 */
++	"282",                             /* 282 */
++	"283",                             /* 283 */
++	"284",                             /* 284 */
++	"285",                             /* 285 */
++	"286",                             /* 286 */
++	"287",                             /* 287 */
++	"288",                             /* 288 */
++	"289",                             /* 289 */
++	"290",                             /* 290 */
++	"291",                             /* 291 */
++	"292",                             /* 292 */
++	"293",                             /* 293 */
++	"294",                             /* 294 */
++	"295",                             /* 295 */
++	"296",                             /* 296 */
++	"297",                             /* 297 */
++	"298",                             /* 298 */
++	"299",                             /* 299 */
++	"300",                             /* 300 */
++	"301",                             /* 301 */
++	"302",                             /* 302 */
++	"303",                             /* 303 */
++	"304",                             /* 304 */
++	"305",                             /* 305 */
++	"306",                             /* 306 */
++	"307",                             /* 307 */
++	"308",                             /* 308 */
++	"309",                             /* 309 */
++	"310",                             /* 310 */
++	"311",                             /* 311 */
++	"312",                             /* 312 */
++	"313",                             /* 313 */
++	"314",                             /* 314 */
++	"315",                             /* 315 */
++	"316",                             /* 316 */
++	"317",                             /* 317 */
++	"318",                             /* 318 */
++	"319",                             /* 319 */
++	"320",                             /* 320 */
++	"321",                             /* 321 */
++	"322",                             /* 322 */
++	"323",                             /* 323 */
++	"324",                             /* 324 */
++	"325",                             /* 325 */
++	"326",                             /* 326 */
++	"327",                             /* 327 */
++	"328",                             /* 328 */
++	"329",                             /* 329 */
++	"330",                             /* 330 */
++	"331",                             /* 331 */
++	"332",                             /* 332 */
++	"333",                             /* 333 */
++	"334",                             /* 334 */
++	"335",                             /* 335 */
++	"336",                             /* 336 */
++	"337",                             /* 337 */
++	"338",                             /* 338 */
++	"339",                             /* 339 */
++	"340",                             /* 340 */
++	"341",                             /* 341 */
++	"342",                             /* 342 */
++	"343",                             /* 343 */
++	"344",                             /* 344 */
++	"345",                             /* 345 */
++	"346",                             /* 346 */
++	"347",                             /* 347 */
++	"348",                             /* 348 */
++	"349",                             /* 349 */
++	"350",                             /* 350 */
++	"351",                             /* 351 */
++	"352",                             /* 352 */
++	"353",                             /* 353 */
++	"354",                             /* 354 */
++	"355",                             /* 355 */
++	"356",                             /* 356 */
++	"357",                             /* 357 */
++	"358",                             /* 358 */
++	"359",                             /* 359 */
++	"360",                             /* 360 */
++	"361",                             /* 361 */
++	"362",                             /* 362 */
++	"363",                             /* 363 */
++	"364",                             /* 364 */
++	"365",                             /* 365 */
++	"366",                             /* 366 */
++	"367",                             /* 367 */
++	"368",                             /* 368 */
++	"369",                             /* 369 */
++	"370",                             /* 370 */
++	"371",                             /* 371 */
++	"372",                             /* 372 */
++	"373",                             /* 373 */
++	"374",                             /* 374 */
++	"375",                             /* 375 */
++	"376",                             /* 376 */
++	"377",                             /* 377 */
++	"378",                             /* 378 */
++	"379",                             /* 379 */
++	"380",                             /* 380 */
++	"381",                             /* 381 */
++	"382",                             /* 382 */
++	"383",                             /* 383 */
++	"384",                             /* 384 */
++	"385",                             /* 385 */
++	"386",                             /* 386 */
++	"387",                             /* 387 */
++	"388",                             /* 388 */
++	"389",                             /* 389 */
++	"390",                             /* 390 */
++	"391",                             /* 391 */
++	"392",                             /* 392 */
++	"393",                             /* 393 */
++	"394",                             /* 394 */
++	"395",                             /* 395 */
++	"396",                             /* 396 */
++	"397",                             /* 397 */
++	"398",                             /* 398 */
++	"399",                             /* 399 */
++	"400",                             /* 400 */
++	"401",                             /* 401 */
++	"402",                             /* 402 */
++	"403",                             /* 403 */
++	"404",                             /* 404 */
++	"405",                             /* 405 */
++	"406",                             /* 406 */
++	"407",                             /* 407 */
++	"408",                             /* 408 */
++	"409",                             /* 409 */
++	"410",                             /* 410 */
++	"411",                             /* 411 */
++	"412",                             /* 412 */
++	"413",                             /* 413 */
++	"414",                             /* 414 */
++	"415",                             /* 415 */
++	"416",                             /* 416 */
++	"417",                             /* 417 */
++	"418",                             /* 418 */
++	"419",                             /* 419 */
++	"420",                             /* 420 */
++	"421",                             /* 421 */
++	"422",                             /* 422 */
++	"423",                             /* 423 */
++	"424",                             /* 424 */
++	"425",                             /* 425 */
++	"426",                             /* 426 */
++	"427",                             /* 427 */
++	"428",                             /* 428 */
++	"429",                             /* 429 */
++	"430",                             /* 430 */
++	"431",                             /* 431 */
++	"432",                             /* 432 */
++	"433",                             /* 433 */
++	"434",                             /* 434 */
++	"435",                             /* 435 */
++	"436",                             /* 436 */
++	"437",                             /* 437 */
++	"438",                             /* 438 */
++	"439",                             /* 439 */
++	"440",                             /* 440 */
++	"441",                             /* 441 */
++	"442",                             /* 442 */
++	"443",                             /* 443 */
++	"444",                             /* 444 */
++	"445",                             /* 445 */
++	"446",                             /* 446 */
++	"447",                             /* 447 */
++	"448",                             /* 448 */
++	"449",                             /* 449 */
++	"450",                             /* 450 */
++	"451",                             /* 451 */
++	"452",                             /* 452 */
++	"453",                             /* 453 */
++	"454",                             /* 454 */
++	"455",                             /* 455 */
++	"456",                             /* 456 */
++	"457",                             /* 457 */
++	"458",                             /* 458 */
++	"459",                             /* 459 */
++	"460",                             /* 460 */
++	"461",                             /* 461 */
++	"462",                             /* 462 */
++	"463",                             /* 463 */
++	"464",                             /* 464 */
++	"465",                             /* 465 */
++	"466",                             /* 466 */
++	"467",                             /* 467 */
++	"468",                             /* 468 */
++	"469",                             /* 469 */
++	"470",                             /* 470 */
++	"471",                             /* 471 */
++	"472",                             /* 472 */
++	"473",                             /* 473 */
++	"474",                             /* 474 */
++	"475",                             /* 475 */
++	"476",                             /* 476 */
++	"477",                             /* 477 */
++	"478",                             /* 478 */
++	"479",                             /* 479 */
++	"480",                             /* 480 */
++	"481",                             /* 481 */
++	"482",                             /* 482 */
++	"483",                             /* 483 */
++	"484",                             /* 484 */
++	"485",                             /* 485 */
++	"486",                             /* 486 */
++	"487",                             /* 487 */
++	"488",                             /* 488 */
++	"489",                             /* 489 */
++	"490",                             /* 490 */
++	"491",                             /* 491 */
++	"492",                             /* 492 */
++	"493",                             /* 493 */
++	"494",                             /* 494 */
++	"495",                             /* 495 */
++	"496",                             /* 496 */
++	"497",                             /* 497 */
++	"498",                             /* 498 */
++	"499",                             /* 499 */
++	"500",                             /* 500 */
++	"501",                             /* 501 */
++	"502",                             /* 502 */
++	"503",                             /* 503 */
++	"504",                             /* 504 */
++	"505",                             /* 505 */
++	"506",                             /* 506 */
++	"507",                             /* 507 */
++	"508",                             /* 508 */
++	"509",                             /* 509 */
++	"510",                             /* 510 */
++	"511",                             /* 511 */
++	"512",                             /* 512 */
++	"513",                             /* 513 */
++	"514",                             /* 514 */
++	"515",                             /* 515 */
++	"516",                             /* 516 */
++	"517",                             /* 517 */
++	"518",                             /* 518 */
++	"519",                             /* 519 */
++	"520",                             /* 520 */
++	"521",                             /* 521 */
++	"522",                             /* 522 */
++	"523",                             /* 523 */
++	"524",                             /* 524 */
++	"525",                             /* 525 */
++	"526",                             /* 526 */
++	"527",                             /* 527 */
++	"528",                             /* 528 */
++	"529",                             /* 529 */
++	"530",                             /* 530 */
++	"531",                             /* 531 */
++	"532",                             /* 532 */
++	"533",                             /* 533 */
++	"534",                             /* 534 */
++	"535",                             /* 535 */
++	"536",                             /* 536 */
++	"537",                             /* 537 */
++	"538",                             /* 538 */
++	"539",                             /* 539 */
++	"540",                             /* 540 */
++	"541",                             /* 541 */
++	"542",                             /* 542 */
++	"543",                             /* 543 */
++	"544",                             /* 544 */
++	"545",                             /* 545 */
++	"546",                             /* 546 */
++	"547",                             /* 547 */
++	"548",                             /* 548 */
++	"549",                             /* 549 */
++	"550",                             /* 550 */
++	"551",                             /* 551 */
++	"552",                             /* 552 */
++	"553",                             /* 553 */
++	"554",                             /* 554 */
++	"555",                             /* 555 */
++	"556",                             /* 556 */
++	"557",                             /* 557 */
++	"558",                             /* 558 */
++	"559",                             /* 559 */
++	"560",                             /* 560 */
++	"561",                             /* 561 */
++	"562",                             /* 562 */
++	"563",                             /* 563 */
++	"564",                             /* 564 */
++	"565",                             /* 565 */
++	"566",                             /* 566 */
++	"567",                             /* 567 */
++	"568",                             /* 568 */
++	"569",                             /* 569 */
++	"570",                             /* 570 */
++	"571",                             /* 571 */
++	"572",                             /* 572 */
++	"573",                             /* 573 */
++	"574",                             /* 574 */
++	"575",                             /* 575 */
++	"576",                             /* 576 */
++	"577",                             /* 577 */
++	"578",                             /* 578 */
++	"579",                             /* 579 */
++	"580",                             /* 580 */
++	"581",                             /* 581 */
++	"582",                             /* 582 */
++	"583",                             /* 583 */
++	"584",                             /* 584 */
++	"585",                             /* 585 */
++	"586",                             /* 586 */
++	"587",                             /* 587 */
++	"588",                             /* 588 */
++	"589",                             /* 589 */
++	"590",                             /* 590 */
++	"591",                             /* 591 */
++	"592",                             /* 592 */
++	"593",                             /* 593 */
++	"594",                             /* 594 */
++	"595",                             /* 595 */
++	"596",                             /* 596 */
++	"597",                             /* 597 */
++	"598",                             /* 598 */
++	"599",                             /* 599 */
++	"600",                             /* 600 */
++	"601",                             /* 601 */
++	"602",                             /* 602 */
++	"603",                             /* 603 */
++	"604",                             /* 604 */
++	"605",                             /* 605 */
++	"606",                             /* 606 */
++	"607",                             /* 607 */
++	"608",                             /* 608 */
++	"609",                             /* 609 */
++	"610",                             /* 610 */
++	"611",                             /* 611 */
++	"612",                             /* 612 */
++	"613",                             /* 613 */
++	"614",                             /* 614 */
++	"615",                             /* 615 */
++	"616",                             /* 616 */
++	"617",                             /* 617 */
++	"618",                             /* 618 */
++	"619",                             /* 619 */
++	"620",                             /* 620 */
++	"621",                             /* 621 */
++	"622",                             /* 622 */
++	"623",                             /* 623 */
++	"624",                             /* 624 */
++	"625",                             /* 625 */
++	"626",                             /* 626 */
++	"627",                             /* 627 */
++	"628",                             /* 628 */
++	"629",                             /* 629 */
++	"630",                             /* 630 */
++	"631",                             /* 631 */
++	"632",                             /* 632 */
++	"633",                             /* 633 */
++	"634",                             /* 634 */
++	"635",                             /* 635 */
++	"636",                             /* 636 */
++	"637",                             /* 637 */
++	"638",                             /* 638 */
++	"639",                             /* 639 */
++	"640",                             /* 640 */
++	"641",                             /* 641 */
++	"642",                             /* 642 */
++	"643",                             /* 643 */
++	"644",                             /* 644 */
++	"645",                             /* 645 */
++	"646",                             /* 646 */
++	"647",                             /* 647 */
++	"648",                             /* 648 */
++	"649",                             /* 649 */
++	"650",                             /* 650 */
++	"651",                             /* 651 */
++	"652",                             /* 652 */
++	"653",                             /* 653 */
++	"654",                             /* 654 */
++	"655",                             /* 655 */
++	"656",                             /* 656 */
++	"657",                             /* 657 */
++	"658",                             /* 658 */
++	"659",                             /* 659 */
++	"660",                             /* 660 */
++	"661",                             /* 661 */
++	"662",                             /* 662 */
++	"663",                             /* 663 */
++	"664",                             /* 664 */
++	"665",                             /* 665 */
++	"666",                             /* 666 */
++	"667",                             /* 667 */
++	"668",                             /* 668 */
++	"669",                             /* 669 */
++	"670",                             /* 670 */
++	"671",                             /* 671 */
++	"672",                             /* 672 */
++	"673",                             /* 673 */
++	"674",                             /* 674 */
++	"675",                             /* 675 */
++	"676",                             /* 676 */
++	"677",                             /* 677 */
++	"678",                             /* 678 */
++	"679",                             /* 679 */
++	"680",                             /* 680 */
++	"681",                             /* 681 */
++	"682",                             /* 682 */
++	"683",                             /* 683 */
++	"684",                             /* 684 */
++	"685",                             /* 685 */
++	"686",                             /* 686 */
++	"687",                             /* 687 */
++	"688",                             /* 688 */
++	"689",                             /* 689 */
++	"690",                             /* 690 */
++	"691",                             /* 691 */
++	"692",                             /* 692 */
++	"693",                             /* 693 */
++	"694",                             /* 694 */
++	"695",                             /* 695 */
++	"696",                             /* 696 */
++	"697",                             /* 697 */
++	"698",                             /* 698 */
++	"699",                             /* 699 */
++	"700",                             /* 700 */
++	"701",                             /* 701 */
++	"702",                             /* 702 */
++	"703",                             /* 703 */
++	"704",                             /* 704 */
++	"705",                             /* 705 */
++	"706",                             /* 706 */
++	"707",                             /* 707 */
++	"708",                             /* 708 */
++	"709",                             /* 709 */
++	"710",                             /* 710 */
++	"711",                             /* 711 */
++	"712",                             /* 712 */
++	"713",                             /* 713 */
++	"714",                             /* 714 */
++	"715",                             /* 715 */
++	"716",                             /* 716 */
++	"717",                             /* 717 */
++	"718",                             /* 718 */
++	"719",                             /* 719 */
++	"720",                             /* 720 */
++	"721",                             /* 721 */
++	"722",                             /* 722 */
++	"723",                             /* 723 */
++	"724",                             /* 724 */
++	"725",                             /* 725 */
++	"726",                             /* 726 */
++	"727",                             /* 727 */
++	"728",                             /* 728 */
++	"729",                             /* 729 */
++	"730",                             /* 730 */
++	"731",                             /* 731 */
++	"732",                             /* 732 */
++	"733",                             /* 733 */
++	"734",                             /* 734 */
++	"735",                             /* 735 */
++	"736",                             /* 736 */
++	"737",                             /* 737 */
++	"738",                             /* 738 */
++	"739",                             /* 739 */
++	"740",                             /* 740 */
++	"741",                             /* 741 */
++	"742",                             /* 742 */
++	"743",                             /* 743 */
++	"744",                             /* 744 */
++	"745",                             /* 745 */
++	"746",                             /* 746 */
++	"747",                             /* 747 */
++	"748",                             /* 748 */
++	"749",                             /* 749 */
++	"750",                             /* 750 */
++	"751",                             /* 751 */
++	"752",                             /* 752 */
++	"753",                             /* 753 */
++	"754",                             /* 754 */
++	"755",                             /* 755 */
++	"756",                             /* 756 */
++	"757",                             /* 757 */
++	"758",                             /* 758 */
++	"759",                             /* 759 */
++	"760",                             /* 760 */
++	"761",                             /* 761 */
++	"762",                             /* 762 */
++	"763",                             /* 763 */
++	"764",                             /* 764 */
++	"765",                             /* 765 */
++	"766",                             /* 766 */
++	"767",                             /* 767 */
++	"768",                             /* 768 */
++	"769",                             /* 769 */
++	"770",                             /* 770 */
++	"771",                             /* 771 */
++	"772",                             /* 772 */
++	"773",                             /* 773 */
++	"774",                             /* 774 */
++	"775",                             /* 775 */
++	"776",                             /* 776 */
++	"777",                             /* 777 */
++	"778",                             /* 778 */
++	"779",                             /* 779 */
++	"780",                             /* 780 */
++	"781",                             /* 781 */
++	"782",                             /* 782 */
++	"783",                             /* 783 */
++	"784",                             /* 784 */
++	"785",                             /* 785 */
++	"786",                             /* 786 */
++	"787",                             /* 787 */
++	"788",                             /* 788 */
++	"789",                             /* 789 */
++	"790",                             /* 790 */
++	"791",                             /* 791 */
++	"792",                             /* 792 */
++	"793",                             /* 793 */
++	"794",                             /* 794 */
++	"795",                             /* 795 */
++	"796",                             /* 796 */
++	"797",                             /* 797 */
++	"798",                             /* 798 */
++	"799",                             /* 799 */
++	"800",                             /* 800 */
++	"801",                             /* 801 */
++	"802",                             /* 802 */
++	"803",                             /* 803 */
++	"804",                             /* 804 */
++	"805",                             /* 805 */
++	"806",                             /* 806 */
++	"807",                             /* 807 */
++	"808",                             /* 808 */
++	"809",                             /* 809 */
++	"810",                             /* 810 */
++	"811",                             /* 811 */
++	"812",                             /* 812 */
++	"813",                             /* 813 */
++	"814",                             /* 814 */
++	"815",                             /* 815 */
++	"816",                             /* 816 */
++	"817",                             /* 817 */
++	"818",                             /* 818 */
++	"819",                             /* 819 */
++	"820",                             /* 820 */
++	"821",                             /* 821 */
++	"822",                             /* 822 */
++	"823",                             /* 823 */
++	"824",                             /* 824 */
++	"825",                             /* 825 */
++	"826",                             /* 826 */
++	"827",                             /* 827 */
++	"828",                             /* 828 */
++	"829",                             /* 829 */
++	"830",                             /* 830 */
++	"831",                             /* 831 */
++	"832",                             /* 832 */
++	"833",                             /* 833 */
++	"834",                             /* 834 */
++	"835",                             /* 835 */
++	"836",                             /* 836 */
++	"837",                             /* 837 */
++	"838",                             /* 838 */
++	"839",                             /* 839 */
++	"840",                             /* 840 */
++	"841",                             /* 841 */
++	"842",                             /* 842 */
++	"843",                             /* 843 */
++	"844",                             /* 844 */
++	"845",                             /* 845 */
++	"846",                             /* 846 */
++	"847",                             /* 847 */
++	"848",                             /* 848 */
++	"849",                             /* 849 */
++	"850",                             /* 850 */
++	"851",                             /* 851 */
++	"852",                             /* 852 */
++	"853",                             /* 853 */
++	"854",                             /* 854 */
++	"855",                             /* 855 */
++	"856",                             /* 856 */
++	"857",                             /* 857 */
++	"858",                             /* 858 */
++	"859",                             /* 859 */
++	"860",                             /* 860 */
++	"861",                             /* 861 */
++	"862",                             /* 862 */
++	"863",                             /* 863 */
++	"864",                             /* 864 */
++	"865",                             /* 865 */
++	"866",                             /* 866 */
++	"867",                             /* 867 */
++	"868",                             /* 868 */
++	"869",                             /* 869 */
++	"870",                             /* 870 */
++	"871",                             /* 871 */
++	"872",                             /* 872 */
++	"873",                             /* 873 */
++	"874",                             /* 874 */
++	"875",                             /* 875 */
++	"876",                             /* 876 */
++	"877",                             /* 877 */
++	"878",                             /* 878 */
++	"879",                             /* 879 */
++	"880",                             /* 880 */
++	"881",                             /* 881 */
++	"882",                             /* 882 */
++	"883",                             /* 883 */
++	"884",                             /* 884 */
++	"885",                             /* 885 */
++	"886",                             /* 886 */
++	"887",                             /* 887 */
++	"888",                             /* 888 */
++	"889",                             /* 889 */
++	"890",                             /* 890 */
++	"891",                             /* 891 */
++	"892",                             /* 892 */
++	"893",                             /* 893 */
++	"894",                             /* 894 */
++	"895",                             /* 895 */
++	"896",                             /* 896 */
++	"897",                             /* 897 */
++	"898",                             /* 898 */
++	"899",                             /* 899 */
++	"900",                             /* 900 */
++	"901",                             /* 901 */
++	"902",                             /* 902 */
++	"903",                             /* 903 */
++	"904",                             /* 904 */
++	"905",                             /* 905 */
++	"906",                             /* 906 */
++	"907",                             /* 907 */
++	"908",                             /* 908 */
++	"909",                             /* 909 */
++	"910",                             /* 910 */
++	"911",                             /* 911 */
++	"912",                             /* 912 */
++	"913",                             /* 913 */
++	"914",                             /* 914 */
++	"915",                             /* 915 */
++	"916",                             /* 916 */
++	"917",                             /* 917 */
++	"918",                             /* 918 */
++	"919",                             /* 919 */
++	"920",                             /* 920 */
++	"921",                             /* 921 */
++	"922",                             /* 922 */
++	"923",                             /* 923 */
++	"924",                             /* 924 */
++	"925",                             /* 925 */
++	"926",                             /* 926 */
++	"927",                             /* 927 */
++	"928",                             /* 928 */
++	"929",                             /* 929 */
++	"930",                             /* 930 */
++	"931",                             /* 931 */
++	"932",                             /* 932 */
++	"933",                             /* 933 */
++	"934",                             /* 934 */
++	"935",                             /* 935 */
++	"936",                             /* 936 */
++	"937",                             /* 937 */
++	"938",                             /* 938 */
++	"939",                             /* 939 */
++	"940",                             /* 940 */
++	"941",                             /* 941 */
++	"942",                             /* 942 */
++	"943",                             /* 943 */
++	"944",                             /* 944 */
++	"945",                             /* 945 */
++	"946",                             /* 946 */
++	"947",                             /* 947 */
++	"948",                             /* 948 */
++	"949",                             /* 949 */
++	"950",                             /* 950 */
++	"951",                             /* 951 */
++	"952",                             /* 952 */
++	"953",                             /* 953 */
++	"954",                             /* 954 */
++	"955",                             /* 955 */
++	"956",                             /* 956 */
++	"957",                             /* 957 */
++	"958",                             /* 958 */
++	"959",                             /* 959 */
++	"960",                             /* 960 */
++	"961",                             /* 961 */
++	"962",                             /* 962 */
++	"963",                             /* 963 */
++	"964",                             /* 964 */
++	"965",                             /* 965 */
++	"966",                             /* 966 */
++	"967",                             /* 967 */
++	"968",                             /* 968 */
++	"969",                             /* 969 */
++	"970",                             /* 970 */
++	"971",                             /* 971 */
++	"972",                             /* 972 */
++	"973",                             /* 973 */
++	"974",                             /* 974 */
++	"975",                             /* 975 */
++	"976",                             /* 976 */
++	"977",                             /* 977 */
++	"978",                             /* 978 */
++	"979",                             /* 979 */
++	"980",                             /* 980 */
++	"981",                             /* 981 */
++	"982",                             /* 982 */
++	"983",                             /* 983 */
++	"984",                             /* 984 */
++	"985",                             /* 985 */
++	"986",                             /* 986 */
++	"987",                             /* 987 */
++	"988",                             /* 988 */
++	"989",                             /* 989 */
++	"990",                             /* 990 */
++	"991",                             /* 991 */
++	"992",                             /* 992 */
++	"993",                             /* 993 */
++	"994",                             /* 994 */
++	"995",                             /* 995 */
++	"996",                             /* 996 */
++	"997",                             /* 997 */
++	"998",                             /* 998 */
++	"999",                             /* 999 */
++	"1000",                            /* 1000 */
++	"1001",                            /* 1001 */
++	"1002",                            /* 1002 */
++	"1003",                            /* 1003 */
++	"1004",                            /* 1004 */
++	"1005",                            /* 1005 */
++	"1006",                            /* 1006 */
++	"1007",                            /* 1007 */
++	"1008",                            /* 1008 */
++	"1009",                            /* 1009 */
++	"1010",                            /* 1010 */
++	"1011",                            /* 1011 */
++	"1012",                            /* 1012 */
++	"1013",                            /* 1013 */
++	"1014",                            /* 1014 */
++	"1015",                            /* 1015 */
++	"1016",                            /* 1016 */
++	"1017",                            /* 1017 */
++	"1018",                            /* 1018 */
++	"1019",                            /* 1019 */
++	"1020",                            /* 1020 */
++	"1021",                            /* 1021 */
++	"1022",                            /* 1022 */
++	"1023",                            /* 1023 */
++	"open",                            /* 1024 */
++	"link",                            /* 1025 */
++	"unlink",                          /* 1026 */
++	"mknod",                           /* 1027 */
++	"chmod",                           /* 1028 */
++	"chown",                           /* 1029 */
++	"mkdir",                           /* 1030 */
++	"rmdir",                           /* 1031 */
++	"lchown",                          /* 1032 */
++	"access",                          /* 1033 */
++	"rename",                          /* 1034 */
++	"readlink",                        /* 1035 */
++	"symlink",                         /* 1036 */
++	"utimes",                          /* 1037 */
++	"stat",                            /* 1038 */
++	"lstat",                           /* 1039 */
++	"pipe",                            /* 1040 */
++	"dup2",                            /* 1041 */
++	"epoll_create",                    /* 1042 */
++	"inotify_init",                    /* 1043 */
++	"eventfd",                         /* 1044 */
++	"signalfd",                        /* 1045 */
++	"sendfile",                        /* 1046 */
++	"ftruncate",                       /* 1047 */
++	"truncate",                        /* 1048 */
++	"stat",                            /* 1049 */
++	"lstat",                           /* 1050 */
++	"fstat",                           /* 1051 */
++	"fcntl",                           /* 1052 */
++	"fadvise64",                       /* 1053 */
++	"newfstatat",                      /* 1054 */
++	"fstatfs",                         /* 1055 */
++	"statfs",                          /* 1056 */
++	"lseek",                           /* 1057 */
++	"mmap",                            /* 1058 */
++	"alarm",                           /* 1059 */
++	"getpgrp",                         /* 1060 */
++	"pause",                           /* 1061 */
++	"time",                            /* 1062 */
++	"utime",                           /* 1063 */
++	"creat",                           /* 1064 */
++	"getdents",                        /* 1065 */
++	"futimesat",                       /* 1066 */
++	"select",                          /* 1067 */
++	"poll",                            /* 1068 */
++	"epoll_wait",                      /* 1069 */
++	"ustat",                           /* 1070 */
++	"vfork",                           /* 1071 */
++	"oldwait4",                        /* 1072 */
++	"recv",                            /* 1073 */
++	"send",                            /* 1074 */
++	"bdflush",                         /* 1075 */
++	"umount",                          /* 1076 */
++	"uselib",                          /* 1077 */
++	"_sysctl",                         /* 1078 */
++	"fork",                            /* 1079 */
+diff --git a/sysdeps/linux-gnu/aarch64/trace.c b/sysdeps/linux-gnu/aarch64/trace.c
+new file mode 100644
+index 0000000..5544b51
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/trace.c
+@@ -0,0 +1,84 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++#include <asm/ptrace.h>
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++
++#include "backend.h"
++#include "proc.h"
++
++void
++get_arch_dep(struct Process *proc)
++{
++}
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++
++/* The syscall instruction is:
++ * | 31                   21 | 20    5 | 4       0 |
++ * | 1 1 0 1 0 1 0 0 | 0 0 0 |  imm16  | 0 0 0 0 1 | */
++#define SVC_MASK  0xffe0001f
++#define SVC_VALUE 0xd4000001
++
++int
++syscall_p(struct Process *proc, int status, int *sysnum)
++{
++	if (WIFSTOPPED(status)
++	    && WSTOPSIG(status) == (SIGTRAP | proc->tracesysgood)) {
++
++		struct user_pt_regs regs;
++		if (aarch64_read_gregs(proc, &regs) < 0) {
++			fprintf(stderr, "syscall_p: "
++				"Couldn't read registers of %d.\n", proc->pid);
++			return -1;
++		}
++
++		errno = 0;
++		unsigned long insn = (unsigned long) ptrace(PTRACE_PEEKTEXT,
++							    proc->pid,
++							    regs.pc - 4, 0);
++		if (insn == -1UL && errno != 0) {
++			fprintf(stderr, "syscall_p: "
++				"Couldn't peek into %d: %s\n", proc->pid,
++				strerror(errno));
++			return -1;
++		}
++
++		insn &= 0xffffffffUL;
++		if ((insn & SVC_MASK) == SVC_VALUE) {
++			*sysnum = regs.regs[8];
++
++			size_t d1 = proc->callstack_depth - 1;
++			if (proc->callstack_depth > 0
++			    && proc->callstack[d1].is_syscall
++			    && proc->callstack[d1].c_un.syscall == *sysnum)
++				return 2;
++
++			return 1;
++		}
++	}
++
++	return 0;
++}
+-- 
+1.9.1
+
diff --git a/user/ltrace/add_ppc64le.patch b/user/ltrace/add_ppc64le.patch
new file mode 100644
index 000000000..32efa8b52
--- /dev/null
+++ b/user/ltrace/add_ppc64le.patch
@@ -0,0 +1,54 @@
+--- ltrace-0.7.3.orig/configure.ac
++++ ltrace-0.7.3/configure.ac
+@@ -43,7 +43,7 @@
+     arm*|sa110)		HOST_CPU="arm" ;;
+     cris*)		HOST_CPU="cris" ;;
+     mips*)		HOST_CPU="mips" ;;
+-    powerpc|powerpc64)	HOST_CPU="ppc" ;;
++    powerpc|powerpc64|powerpc64le)	HOST_CPU="ppc" ;;
+     sun4u|sparc64)	HOST_CPU="sparc" ;;
+     s390x)		HOST_CPU="s390" ;;
+     i?86|x86_64)	HOST_CPU="x86" ;;
+@@ -159,7 +159,7 @@
+       arm*|sa110)         UNWIND_ARCH="arm" ;;
+       i?86)               UNWIND_ARCH="x86" ;;
+       powerpc)            UNWIND_ARCH="ppc32" ;;
+-      powerpc64)          UNWIND_ARCH="ppc64" ;;
++      powerpc64|powerpc64le)          UNWIND_ARCH="ppc64" ;;
+       mips*)              UNWIND_ARCH="mips" ;;
+       *)                  UNWIND_ARCH="${host_cpu}" ;;
+   esac
+--- ltrace-0.7.3.orig/sysdeps/linux-gnu/ppc/ptrace.h
++++ ltrace-0.7.3/sysdeps/linux-gnu/ppc/ptrace.h
+@@ -18,4 +18,5 @@
+  * 02110-1301 USA
+  */
+ 
++#include <asm/ptrace.h>
+ #include <sys/ptrace.h>
+--- ltrace-0.7.3.orig/sysdeps/linux-gnu/ppc/regs.c
++++ ltrace-0.7.3/sysdeps/linux-gnu/ppc/regs.c
+@@ -26,7 +26,9 @@
+ #include <sys/ptrace.h>
+ #include <asm/ptrace.h>
+ #include <errno.h>
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+ 
+ #include "proc.h"
+ #include "common.h"
+@@ -47,8 +49,11 @@
+ void
+ set_instruction_pointer(Process *proc, void *addr)
+ {
+-	if (ptrace(PTRACE_POKEUSER, proc->pid, sizeof(long)*PT_NIP, addr) != 0)
+-		error(0, errno, "set_instruction_pointer");
++	if (ptrace(PTRACE_POKEUSER, proc->pid, sizeof(long)*PT_NIP, addr) != 0){
++		strerror(0, errno, "set_instruction_pointer");
++		report_global_error("%s: set_instruction_pointer",
++			strerror(errno));
++	}
+ }
+ 
+ void *
diff --git a/user/ltrace/musl.patch b/user/ltrace/musl.patch
new file mode 100644
index 000000000..2dc909c95
--- /dev/null
+++ b/user/ltrace/musl.patch
@@ -0,0 +1,153 @@
+--- ./configure.ac.orig
++++ ./configure.ac
+@@ -34,6 +34,7 @@
+ case "${host_os}" in
+     linux-gnu*) HOST_OS="linux-gnu" ;;
+     linux-uclibc*) HOST_OS="linux-gnu" ;;
++    linux-musl*) HOST_OS="linux-gnu" ;;
+     *)		AC_MSG_ERROR([unkown host-os ${host_os}]) ;;
+ esac
+ AC_SUBST(HOST_OS)
+@@ -234,6 +235,7 @@
+ 	sys/param.h \
+ 	sys/time.h \
+ 	unistd.h \
++	error.h \
+ ])
+ 
+ # Checks for typedefs, structures, and compiler characteristics.
+diff --git a/expr.c b/expr.c
+index 32860fd..374c549 100644
+--- a/expr.c
++++ b/expr.c
+@@ -19,9 +19,12 @@
+  */
+ 
+ #include <string.h>
++#include <stdio.h>
+ #include <assert.h>
+ #include <errno.h>
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+ #include <stdlib.h>
+ 
+ #include "expr.h"
+@@ -330,8 +333,11 @@ expr_self(void)
+ 	static struct expr_node *node = NULL;
+ 	if (node == NULL) {
+ 		node = malloc(sizeof(*node));
+-		if (node == NULL)
+-			error(1, errno, "malloc expr_self");
++		if (node == NULL) {
++			fprintf(stderr, "%s: malloc expr_self\n",
++				strerror(errno));
++			exit(1);
++		}
+ 		expr_init_self(node);
+ 	}
+ 	return node;
+diff --git a/glob.c b/glob.c
+index 075c867..06fec47 100644
+--- a/glob.c
++++ b/glob.c
+@@ -180,7 +180,7 @@ glob_to_regex(const char *glob, char **retp)
+ 			goto fail;
+ 	}
+ 	*retp = buf;
+-	return REG_NOERROR;
++	return 0;
+ }
+ 
+ int
+@@ -188,7 +188,7 @@ globcomp(regex_t *preg, const char *glob, int cflags)
+ {
+ 	char *regex = NULL;
+ 	int status = glob_to_regex(glob, &regex);
+-	if (status != REG_NOERROR)
++	if (status != 0)
+ 		return status;
+ 	assert(regex != NULL);
+ 	status = regcomp(preg, regex, cflags);
+diff --git a/options.c b/options.c
+index 1e19dc7..1dc5e1e 100644
+--- a/options.c
++++ b/options.c
+@@ -204,7 +204,7 @@ compile_libname(const char *expr, const char *a_lib, int lib_re_p,
+ 
+ 		regex_t lib_re;
+ 		int status = (lib_re_p ? regcomp : globcomp)(&lib_re, lib, 0);
+-		if (status != REG_NOERROR) {
++		if (status != 0) {
+ 			char buf[100];
+ 			regerror(status, &lib_re, buf, sizeof buf);
+ 			fprintf(stderr, "Rule near '%s' will be ignored: %s.\n",
+diff --git a/read_config_file.c b/read_config_file.c
+index e247436..73528fe 100644
+--- a/read_config_file.c
++++ b/read_config_file.c
+@@ -27,7 +27,9 @@
+ #include <stdlib.h>
+ #include <ctype.h>
+ #include <errno.h>
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+ #include <assert.h>
+ 
+ #include "common.h"
+@@ -1258,8 +1260,12 @@ void
+ init_global_config(void)
+ {
+ 	struct arg_type_info *info = malloc(2 * sizeof(*info));
+-	if (info == NULL)
+-		error(1, errno, "malloc in init_global_config");
++	if (info == NULL) {
++		report_error(filename, line_no,
++			     "%s: malloc in init_global_config",
++			     strerror(errno));
++		exit(1);
++	}
+ 
+ 	memset(info, 0, 2 * sizeof(*info));
+ 	info[0].type = ARGTYPE_POINTER;
+diff --git a/zero.c b/zero.c
+index bc119ee..e685f59 100644
+--- a/zero.c
++++ b/zero.c
+@@ -18,8 +18,11 @@
+  * 02110-1301 USA
+  */
+ 
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+ #include <errno.h>
++#include <string.h>
+ 
+ #include "zero.h"
+ #include "common.h"
+@@ -96,8 +99,11 @@ expr_node_zero(void)
+ 	static struct expr_node *node = NULL;
+ 	if (node == NULL) {
+ 		node = malloc(sizeof(*node));
+-		if (node == NULL)
+-			error(1, errno, "malloc expr_node_zero");
++		if (node == NULL) {
++			report_global_error("%s: malloc expr_node_zero",
++					strerror(errno));
++			exit(1);
++		}
+ 		expr_init_cb1(node, &zero1_callback,
+ 			      expr_self(), 0, (void *)-1);
+ 	}
+--- ./proc.h.orig
++++ ./proc.h
+@@ -26,6 +26,7 @@
+ #include "config.h"
+ 
+ #include <sys/time.h>
++#include <unistd.h>
+ 
+ #if defined(HAVE_LIBUNWIND)
+ # include <libunwind.h>
diff --git a/user/mlt/APKBUILD b/user/mlt/APKBUILD
new file mode 100644
index 000000000..0dc7d8041
--- /dev/null
+++ b/user/mlt/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer:
+pkgname=mlt
+pkgver=6.8.0
+pkgrel=0
+pkgdesc="MLT Multimedia Framework"
+url="https://www.mltframework.org/"
+arch="all !s390x" # depends on fftw which does not work on s390x
+options="!check"  # No test suite.
+license="LGPL-2.1"
+makedepends="ffmpeg-dev libsamplerate-dev sox-dev gtk+2.0-dev sdl_image-dev
+	frei0r-plugins-dev libxml2-dev fftw-dev sdl2-dev sdl-dev libexif-dev
+	bsd-compat-headers qt5-qttools-dev qt5-qtsvg-dev"
+subpackages="$pkgname-dev"
+source="https://github.com/mltframework/mlt/releases/download/v$pkgver/mlt-$pkgver.tar.gz
+	mlt-6.8.0-locale-header.patch
+	"
+builddir="$srcdir/mlt-$pkgver"
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var \
+		--avformat-swscale \
+		--enable-motion-est \
+		--enable-gpl \
+		--enable-gpl3 \
+		--disable-rtaudio
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="5f88d82b0b1656875d19c7cd322181cf974e1cad36692854835ae313723dfd412e6ba4fbb6cca9d70756ca83b512b0f78e95df517cfa007c76f94b26a9901ec8  mlt-6.8.0.tar.gz
+c7c9fe70475ccf78c719c1ca6e1a7f2189e08abe04d556fe558dd787799bd7808d61326cfb2818eefe4a6868eed300b0c0d1480aa3df302b65b79a9a9aacc1b1  mlt-6.8.0-locale-header.patch"
diff --git a/user/mlt/mlt-6.8.0-locale-header.patch b/user/mlt/mlt-6.8.0-locale-header.patch
new file mode 100644
index 000000000..5b45b600a
--- /dev/null
+++ b/user/mlt/mlt-6.8.0-locale-header.patch
@@ -0,0 +1,18 @@
+Extremely incorrect logic here; fix it so that locale_t is defined properly.
+
+--- mlt-6.8.0/src/framework/mlt_property.h.old	2018-05-10 20:16:56.000000000 -0500
++++ mlt-6.8.0/src/framework/mlt_property.h	2018-06-07 05:22:57.345580154 -0500
+@@ -30,10 +30,10 @@
+ #include <sys/param.h>
+ #endif
+ 
+-#if (defined(__GLIBC__) && !defined(__APPLE__)) || HAVE_LOCALE_H
+-#  include <locale.h>
+-#elif defined(__APPLE__) || (__FreeBSD_version >= 900506)
++#if defined(__APPLE__) || (__FreeBSD_version >= 900506)
+ #  include <xlocale.h>
++#elif defined(__linux__) || HAVE_LOCALE_H
++#  include <locale.h>
+ #else
+ typedef char* locale_t;
+ #endif
diff --git a/user/mutt/APKBUILD b/user/mutt/APKBUILD
new file mode 100644
index 000000000..2b3424421
--- /dev/null
+++ b/user/mutt/APKBUILD
@@ -0,0 +1,61 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Andrew Manison<amanison@anselsystems.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mutt
+pkgver=1.9.1
+pkgrel=0
+pkgdesc="a small but very powerful text-mode email client"
+url="http://www.mutt.org"
+arch="all"
+license="GPL"
+makedepends="cyrus-sasl-dev gdbm-dev gettext-dev gpgme-dev
+	libidn-dev ncurses-dev openssl-dev perl"
+options="suid !check"
+subpackages="$pkgname-doc $pkgname-lang"
+source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz"
+builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+	cd "$builddir"
+	ISPELL=/usr/bin/hunspell \
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--enable-imap \
+		--enable-pop \
+		--enable-smtp \
+		--enable-hcache \
+		--enable-gpgme \
+		--enable-sidebar \
+		--enable-smime \
+		--with-curses \
+		--with-mailpath=/var/spool/mail \
+		--with-docdir=/usr/share/doc/$pkgname \
+		--without-included-gettext \
+		--with-ssl \
+		--with-sasl
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+
+	rm "$pkgdir"/etc/*.dist \
+		"$pkgdir"/etc/mime.types \
+		"$pkgdir"/usr/bin/muttbug \
+		"$pkgdir"/usr/bin/flea
+
+	# Don't tamper with the global configuration file.
+	# Many options set in the global config cannot be
+	# overwritten in the users configuration file.
+	# Example: Resetting colors isn't possible.
+	install -Dm644 contrib/gpg.rc \
+		"$pkgdir"/etc/Muttrc.gpg.dist
+}
+
+sha512sums="1a6871eb8499c60ae18b03d56b81e64de1643c68f8fbe05bbe114085b20098be58175e5bd6d2515e8332a824cbed75640744a261d4f10654c56625f903224095  mutt-1.9.1.tar.gz"
diff --git a/user/neon/APKBUILD b/user/neon/APKBUILD
new file mode 100644
index 000000000..a0ddbd5d4
--- /dev/null
+++ b/user/neon/APKBUILD
@@ -0,0 +1,41 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=neon
+pkgver=0.30.2
+pkgrel=2
+pkgdesc="HTTP and WebDAV client library with a C interface"
+url="http://www.webdav.org/neon/"
+arch="all"
+license="GPL LGPL"
+makedepends="expat-dev openssl-dev zlib-dev"
+depends="ca-certificates"
+depends_dev="$makedepends"
+subpackages="$pkgname-dev $pkgname-doc"
+source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver.tar.gz"
+
+build () {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--with-ssl \
+		--with-expat \
+		--without-gssapi \
+		--disable-nls \
+		--enable-shared \
+		--disable-static \
+		--enable-threadsafe-ssl=posix \
+		--with-ca-bundle=/etc/ssl/certs/ca-certificates.crt
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+sha512sums="634caf87522e0bd2695c6fba39cae2465e403f9fbd8007eb10e4e035c765d24cb8da932c67bfa35c34aa51b90c7bc7037ebebaa1ec43259366d5d07233efc631  neon-0.30.2.tar.gz"
diff --git a/user/openldap/APKBUILD b/user/openldap/APKBUILD
new file mode 100644
index 000000000..84cbc1471
--- /dev/null
+++ b/user/openldap/APKBUILD
@@ -0,0 +1,212 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+#
+# secfixes:
+#   2.4.46:
+#   - CVE-2017-14159
+#   - CVE-2017-17740
+#   2.4.44-r5:
+#   - CVE-2017-9287
+#
+pkgname=openldap
+pkgver=2.4.46
+pkgrel=0
+pkgdesc="LDAP Server"
+url="http://www.openldap.org/"
+arch="all"
+options="!check"  # Test suite takes > 2 hours to complete on each builder.
+license="custom"
+depends=""
+pkgusers="ldap"
+pkggroups="ldap"
+depends_dev="openssl-dev cyrus-sasl-dev util-linux-dev"
+makedepends="$depends_dev db-dev groff unixodbc-dev libtool
+	autoconf automake libtool"
+subpackages="$pkgname-dev $pkgname-doc libldap $pkgname-openrc
+	$pkgname-clients $pkgname-passwd-pbkdf2:passwd_pbkdf2
+	$pkgname-backend-all:_backend_all:noarch
+	$pkgname-overlay-all:_overlay_all:noarch"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
+source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz
+	openldap-2.4-ppolicy.patch
+	openldap-2.4.11-libldap_r.patch
+	fix-manpages.patch
+	configs.patch
+
+	slapd.initd
+	slapd.confd
+	"
+builddir="$srcdir/$pkgname-$pkgver"
+
+# SLAPD backends
+_backends=""
+for _name in bdb dnssrv hdb ldap mdb meta monitor null passwd \
+	relay shell sql sock
+do
+	subpackages="$subpackages $pkgname-back-$_name:_backend"
+	_backends="$_backends $pkgname-back-$_name"
+done
+
+# SLAPD overlays
+_overlays=""
+for _name in accesslog auditlog collect constraint dds deref dyngroup \
+	dynlist memberof ppolicy proxycache refint retcode rwm seqmod \
+	sssvlv syncprov translucent unique valsort
+do
+	subpackages="$subpackages $pkgname-overlay-$_name:_overlay"
+	_overlays="$_overlays $pkgname-overlay-$_name"
+done
+
+prepare() {
+	cd "$builddir"
+	update_config_sub
+
+	sed -i '/^STRIP/s,-s,,g' build/top.mk
+	libtoolize --force && aclocal && autoconf
+}
+
+build () {
+	cd "$builddir"
+
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--libexecdir=/usr/lib \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var/lib/openldap \
+		--enable-slapd \
+		--enable-crypt \
+		--enable-modules \
+		--enable-dynamic \
+		--enable-bdb=mod \
+		--enable-dnssrv=mod \
+		--enable-hdb=mod \
+		--enable-ldap=mod \
+		--enable-mdb=mod \
+		--enable-meta=mod \
+		--enable-monitor=mod \
+		--enable-null=mod \
+		--enable-passwd=mod \
+		--enable-relay=mod \
+		--enable-shell=mod \
+		--enable-sock=mod \
+		--enable-sql=mod \
+		--enable-overlays=mod \
+		--with-tls=openssl \
+		--with-cyrus-sasl
+	make
+
+	# Build passwd pbkdf2.
+	make prefix=/usr libexecdir=/usr/lib \
+		-C contrib/slapd-modules/passwd/pbkdf2
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+
+	make DESTDIR="$pkgdir" install
+
+	# Install passwd pbkdf2.
+	make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \
+		-C contrib/slapd-modules/passwd/pbkdf2 install
+
+	cd "$pkgdir"
+
+	rmdir var/lib/openldap/run
+
+	# Fix tools symlinks to slapd.
+	local path; for path in $(find usr/sbin/ -type l); do
+		ln -sf slapd $path
+	done
+
+	# Move executable from lib to sbin.
+	mv usr/lib/slapd usr/sbin/
+
+	# Move *.default configs to docs.
+	mkdir -p usr/share/doc/$pkgname
+	mv etc/openldap/*.default usr/share/doc/$pkgname/
+
+	chgrp ldap etc/openldap/slapd.*
+	chmod g+r etc/openldap/slapd.*
+
+	install -d -m 700 -o ldap -g ldap \
+		var/lib/openldap \
+		var/lib/openldap/openldap-data
+
+	install -D -m 755 "$srcdir"/slapd.initd etc/init.d/slapd
+	install -D -m 644 "$srcdir"/slapd.confd etc/conf.d/slapd
+}
+
+libldap() {
+	pkgdesc="OpenLDAP libraries"
+	depends=""
+	install=""
+
+	_submv "usr/lib/*.so*" etc/openldap/ldap.conf
+}
+
+clients() {
+	pkgdesc="LDAP client utilities"
+
+	_submv usr/bin
+}
+
+passwd_pbkdf2() {
+	pkgdesc="PBKDF2 OpenLDAP support"
+	depends="$pkgname"
+
+	_submv "usr/lib/openldap/pw-pbkdf2.*"
+}
+
+_backend_all() {
+	pkgdesc="Virtual package that installs all OpenLDAP backends"
+	depends="$_backends"
+
+	mkdir -p "$subpkgdir"
+}
+
+_overlay_all() {
+	pkgdesc="Virtual package that installs all OpenLDAP overlays"
+	depends="$_overlays"
+
+	mkdir -p "$subpkgdir"
+}
+
+_backend() {
+	backend_name="${subpkgname#openldap-back-}"
+	pkgdesc="OpenLDAP $backend_name backend"
+
+	_submv "usr/lib/openldap/back_$backend_name*"
+}
+
+_overlay() {
+	overlay_name="${subpkgname#openldap-overlay-}"
+	pkgdesc="OpenLDAP $backend_name overlay"
+
+	case "$overlay_name" in
+		proxycache) overlay_name=pcache;;
+	esac
+	_submv "usr/lib/openldap/$overlay_name*"
+}
+
+_submv() {
+	local path; for path in "$@"; do
+		mkdir -p "$subpkgdir"/${path%/*}
+		mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/
+	done
+}
+
+sha512sums="eef39d43f04aa09c657a1422cefef060fe00368559ae40d0d97536c08ebeaaa1ab06207b3f121ba6afcde54abdc550027c3505e5217e5fd47ae6f8c001260186  openldap-2.4.46.tgz
+5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38  openldap-2.4-ppolicy.patch
+44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357  openldap-2.4.11-libldap_r.patch
+8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177  fix-manpages.patch
+0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca  configs.patch
+0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532  slapd.initd
+64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a  slapd.confd"
diff --git a/user/openldap/CVE-2017-9287.patch b/user/openldap/CVE-2017-9287.patch
new file mode 100644
index 000000000..1599c1331
--- /dev/null
+++ b/user/openldap/CVE-2017-9287.patch
@@ -0,0 +1,28 @@
+From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan@nardis.ca>
+Date: Wed, 17 May 2017 20:07:39 -0700
+Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0
+
+Fixes a double free when a search includes the Paged Results control
+with a page size of 0 and the search base matches the filter.
+---
+ servers/slapd/back-mdb/search.c |    3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
+index 301d1a4..43442aa 100644
+--- a/servers/slapd/back-mdb/search.c
++++ b/servers/slapd/back-mdb/search.c
+@@ -1066,7 +1066,8 @@ notfound:
+ 			/* check size limit */
+ 			if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ 				if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+-					mdb_entry_return( op, e );
++					if (e != base)
++						mdb_entry_return( op, e );
+ 					e = NULL;
+ 					send_paged_response( op, rs, &lastid, tentries );
+ 					goto done;
+-- 
+1.7.10.4
+
diff --git a/user/openldap/configs.patch b/user/openldap/configs.patch
new file mode 100644
index 000000000..e7ec65c4b
--- /dev/null
+++ b/user/openldap/configs.patch
@@ -0,0 +1,117 @@
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
+@@ -2,7 +2,7 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include		%SYSCONFDIR%/schema/core.schema
++include		/etc/openldap/schema/core.schema
+ 
+ # Define global ACLs to disable default read access.
+ 
+@@ -10,13 +10,16 @@
+ # service AND an understanding of referrals.
+ #referral	ldap://root.openldap.org
+ 
+-pidfile		%LOCALSTATEDIR%/run/slapd.pid
+-argsfile	%LOCALSTATEDIR%/run/slapd.args
++# If you change this, adjust pidfile path also in runscript!
++pidfile		/run/openldap/slapd.pid
++argsfile	/run/openldap/slapd.args
+ 
+ # Load dynamic backend modules:
+-# modulepath	%MODULEDIR%
+-# moduleload	back_mdb.la
+-# moduleload	back_ldap.la
++modulepath	/usr/lib/openldap
++moduleload	back_mdb.so
++# moduleload	back_hdb.so
++# moduleload	back_bbd.so
++# moduleload	back_ldap.so
+ 
+ # Sample security restrictions
+ #	Require integrity protection (prevent hijacking)
+@@ -53,13 +56,16 @@
+ maxsize		1073741824
+ suffix		"dc=my-domain,dc=com"
+ rootdn		"cn=Manager,dc=my-domain,dc=com"
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoid.  See slappasswd(8) and slapd.conf(5) for details.
+ # Use of strong authentication encouraged.
+ rootpw		secret
++
+ # The database directory MUST exist prior to running slapd AND 
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-directory	%LOCALSTATEDIR%/openldap-data
++directory	/var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ index	objectClass	eq
+--- a/servers/slapd/slapd.ldif
++++ b/servers/slapd/slapd.ldif
+@@ -9,8 +9,9 @@
+ #
+ # Define global ACLs to disable default read access.
+ #
+-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
+-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
++# If you change this, set pidfile variable in /etc/conf.d/slapd!
++olcPidFile: /run/openldap/slapd.pid
++olcArgsFile: /run/openldap/slapd.args
+ #
+ # Do not enable referrals until AFTER you have a working directory
+ # service AND an understanding of referrals.
+@@ -26,22 +27,23 @@
+ #
+ # Load dynamic backend modules:
+ #
+-#dn: cn=module,cn=config
+-#objectClass: olcModuleList
+-#cn: module
+-#olcModulepath:	%MODULEDIR%
+-#olcModuleload:	back_bdb.la
+-#olcModuleload:	back_hdb.la
+-#olcModuleload:	back_ldap.la
+-#olcModuleload:	back_passwd.la
+-#olcModuleload:	back_shell.la
++dn: cn=module,cn=config
++objectClass: olcModuleList
++cn: module
++olcModulepath:	/usr/lib/openldap
++#olcModuleload:	back_bdb.so
++#olcModuleload:	back_hdb.so
++#olcModuleload:	back_ldap.so
++olcModuleload:	back_mdb.so
++#olcModuleload:	back_passwd.so
++#olcModuleload:	back_shell.so
+ 
+ 
+ dn: cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: schema
+ 
+-include: file://%SYSCONFDIR%/schema/core.ldif
++include: file:///etc/openldap/schema/core.ldif
+ 
+ # Frontend settings
+ #
+@@ -83,13 +85,16 @@
+ olcDatabase: mdb
+ olcSuffix: dc=my-domain,dc=com
+ olcRootDN: cn=Manager,dc=my-domain,dc=com
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoided.  See slappasswd(8) and slapd-config(5) for details.
+ # Use of strong authentication encouraged.
+ olcRootPW: secret
++
+ # The database directory MUST exist prior to running slapd AND 
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-olcDbDirectory:	%LOCALSTATEDIR%/openldap-data
++olcDbDirectory:	/var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ olcDbIndex: objectClass eq
diff --git a/user/openldap/fix-manpages.patch b/user/openldap/fix-manpages.patch
new file mode 100644
index 000000000..179569494
--- /dev/null
+++ b/user/openldap/fix-manpages.patch
@@ -0,0 +1,75 @@
+Various manual pages changes:
+* removes LIBEXECDIR from slapd.8
+* removes references to non-existing manpages (bz 624616)
+
+Patch-Source: https://src.fedoraproject.org/rpms/openldap/blob/f27/f/openldap-manpages.patch
+
+diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
+index 3def6da..466c772 100644
+--- a/doc/man/man1/ldapmodify.1
++++ b/doc/man/man1/ldapmodify.1
+@@ -397,8 +397,7 @@ exit status and a diagnostic message being written to standard error.
+ .BR ldap_add_ext (3),
+ .BR ldap_delete_ext (3),
+ .BR ldap_modify_ext (3),
+-.BR ldap_modrdn_ext (3),
+-.BR ldif (5).
++.BR ldif (5)
+ .SH AUTHOR
+ The OpenLDAP Project <http://www.openldap.org/>
+ .SH ACKNOWLEDGEMENTS
+diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
+index cfde143..63592cb 100644
+--- a/doc/man/man5/ldap.conf.5
++++ b/doc/man/man5/ldap.conf.5
+@@ -317,6 +317,7 @@ certificates in separate individual files. The
+ .B TLS_CACERT
+ is always used before
+ .B TLS_CACERTDIR.
++The specified directory must be managed with the LibreSSL c_rehash utility.
+ This parameter is ignored with GnuTLS.
+ 
+ When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
+diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
+index b739f4d..e2a1a00 100644
+--- a/doc/man/man8/slapd.8
++++ b/doc/man/man8/slapd.8
+@@ -5,7 +5,7 @@
+ .SH NAME
+ slapd \- Stand-alone LDAP Daemon
+ .SH SYNOPSIS
+-.B LIBEXECDIR/slapd 
++.B slapd
+ [\c
+ .BR \-4 | \-6 ]
+ [\c
+@@ -317,7 +317,7 @@ the LDAP databases defined in the default config file, just type:
+ .LP
+ .nf
+ .ft tt
+-	LIBEXECDIR/slapd
++	slapd
+ .ft
+ .fi
+ .LP
+@@ -328,7 +328,7 @@ on voluminous debugging which will be printed on standard error, type:
+ .LP
+ .nf
+ .ft tt
+-	LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
++	slapd -f /var/tmp/slapd.conf -d 255
+ .ft
+ .fi
+ .LP
+@@ -336,7 +336,7 @@ To test whether the configuration file is correct or not, type:
+ .LP
+ .nf
+ .ft tt
+-	LIBEXECDIR/slapd \-Tt
++	slapd -Tt
+ .ft
+ .fi
+ .LP
+-- 
+1.8.1.4
+
diff --git a/user/openldap/libressl.patch b/user/openldap/libressl.patch
new file mode 100644
index 000000000..ac0106418
--- /dev/null
+++ b/user/openldap/libressl.patch
@@ -0,0 +1,65 @@
+--- a/libraries/libldap/tls_o.c.orig	2017-06-04 16:31:28 UTC
++++ b/libraries/libldap/tls_o.c
+@@ -47,7 +47,7 @@
+ #include <ssl.h>
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ #define ASN1_STRING_data(x)	ASN1_STRING_get0_data(x)
+ #endif
+ 
+@@ -157,7 +157,7 @@ tlso_init( void )
+ 	(void) tlso_seed_PRNG( lo->ldo_tls_randfile );
+ #endif
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ 	SSL_load_error_strings();
+ 	SSL_library_init();
+ 	OpenSSL_add_all_digests();
+@@ -205,7 +205,7 @@ static void
+ tlso_ctx_ref( tls_ctx *ctx )
+ {
+ 	tlso_ctx *c = (tlso_ctx *)ctx;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define	SSL_CTX_up_ref(ctx)	CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
+ #endif
+ 	SSL_CTX_up_ref( c );
+@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
+ 	if (!x) return LDAP_INVALID_CREDENTIALS;
+ 	
+ 	xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ 	der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
+ 		return LDAP_INVALID_CREDENTIALS;
+ 
+ 	xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ 	der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ 	der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -721,7 +721,7 @@ struct tls_data {
+ 	Sockbuf_IO_Desc		*sbiod;
+ };
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define BIO_set_init(b, x)	b->init = x
+ #define BIO_set_data(b, x)	b->ptr = x
+ #define BIO_clear_flags(b, x)	b->flags &= ~(x)
+@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
+ 	return tlso_bio_write( b, str, strlen( str ) );
+ }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ struct bio_method_st {
+     int type;
+     const char *name;
diff --git a/user/openldap/openldap-2.4-ppolicy.patch b/user/openldap/openldap-2.4-ppolicy.patch
new file mode 100644
index 000000000..c05790e3e
--- /dev/null
+++ b/user/openldap/openldap-2.4-ppolicy.patch
@@ -0,0 +1,13 @@
+diff -urN ./clients.orig/tools/common.c ./clients/tools/common.c
+--- ./clients.orig/tools/common.c	2007-09-01 01:13:50.000000000 +0200
++++ ./clients/tools/common.c	2008-01-13 21:50:06.000000000 +0100
+@@ -1262,8 +1262,8 @@
+ 	int		nsctrls = 0;
+ 
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
++	LDAPControl c;
+ 	if ( ppolicy ) {
+-		LDAPControl c;
+ 		c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ 		c.ldctl_value.bv_val = NULL;
+ 		c.ldctl_value.bv_len = 0;
diff --git a/user/openldap/openldap-2.4.11-libldap_r.patch b/user/openldap/openldap-2.4.11-libldap_r.patch
new file mode 100644
index 000000000..448249a3b
--- /dev/null
+++ b/user/openldap/openldap-2.4.11-libldap_r.patch
@@ -0,0 +1,11 @@
+diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
+--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in	2008-02-11 15:26:49.000000000 -0800
++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in	2008-10-14 02:10:18.402799262 -0700
+@@ -37,6 +37,7 @@
+ XLIBS = $(LIBRARY)
+ XXLIBS = 
+ NT_LINK_LIBS = $(AC_LIBS)
++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
+ 
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+ XDEFS = $(MODULES_CPPFLAGS)
diff --git a/user/openldap/openldap-mqtt-overlay.patch b/user/openldap/openldap-mqtt-overlay.patch
new file mode 100644
index 000000000..795480f1e
--- /dev/null
+++ b/user/openldap/openldap-mqtt-overlay.patch
@@ -0,0 +1,447 @@
+diff --git a/contrib/slapd-modules/mqtt/Makefile b/contrib/slapd-modules/mqtt/Makefile
+new file mode 100644
+index 0000000..2cb4db7
+--- /dev/null
++++ b/contrib/slapd-modules/mqtt/Makefile
+@@ -0,0 +1,45 @@
++# $OpenLDAP$
++
++LDAP_SRC = ../../..
++LDAP_BUILD = ../../..
++LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
++LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
++	$(LDAP_BUILD)/libraries/liblber/liblber.la
++
++LIBTOOL = $(LDAP_BUILD)/libtool
++CC = gcc
++OPT = -g -O2 -Wall
++DEFS = 
++INCS = $(LDAP_INC)
++LIBS = $(LDAP_LIB) -lmosquitto
++
++PROGRAMS = mqtt.la
++LTVER = 0:0:0
++
++prefix=/usr/local
++exec_prefix=$(prefix)
++ldap_subdir=/openldap
++
++libdir=$(exec_prefix)/lib
++libexecdir=$(exec_prefix)/libexec
++moduledir = $(libdir)$(ldap_subdir)
++
++.SUFFIXES: .c .o .lo
++
++.c.lo:
++	$(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++
++all: $(PROGRAMS)
++
++mqtt.la: mqtt.lo
++	$(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++	-rpath $(moduledir) -module -o $@ $? $(LIBS)
++
++clean:
++	rm -rf *.o *.lo *.la .libs
++
++install: $(PROGRAMS)
++	mkdir -p $(DESTDIR)$(moduledir)
++	for p in $(PROGRAMS) ; do \
++		$(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
++	done
+diff --git a/contrib/slapd-modules/mqtt/mqtt.c b/contrib/slapd-modules/mqtt/mqtt.c
+new file mode 100644
+index 0000000..b3a0a31
+--- /dev/null
++++ b/contrib/slapd-modules/mqtt/mqtt.c
+@@ -0,0 +1,389 @@
++/* $OpenLDAP$ */
++/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
++ *
++ * Copyright 2014 Timo Teräs <timo.teras@iki.fi>.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted only as authorized by the OpenLDAP
++ * Public License.
++ *
++ * A copy of this license is available in file LICENSE in the
++ * top-level directory of the distribution or, alternatively, at
++ * http://www.OpenLDAP.org/license.html.
++ */
++/* mqtt-overlay
++ *
++ * This is an OpenLDAP overlay that... */
++
++#include <mosquitto.h>
++#include <unistd.h>
++
++#include "portable.h" 
++#include "slap.h"
++#include "config.h"
++
++typedef struct mqtt_notify_t {
++	struct mqtt_notify_t	*next;
++	char			*topic;
++	char			*dn_group_str;
++	char			*oc_group_str;
++	char			*str_member;
++
++	struct berval		ndn_group;
++	ObjectClass		*oc_group;
++	AttributeDescription	*ad_member;
++	int			notify_pending;
++} mqtt_notify_t;
++
++typedef struct mqtt_t {
++	struct mosquitto *mq;
++	int port;
++	char *hostname, *username, *password;
++	mqtt_notify_t *notify_map;
++} mqtt_t;
++
++static ConfigDriver mqtt_config_notify;
++
++static ConfigTable mqttcfg[] = {
++	{ "mqtt-hostname", "hostname", 2, 2, 0,
++		ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, hostname),
++		"( OLcfgCtAt:5.1 NAME 'olcMqttHostname' "
++		"DESC 'Hostname of MQTT broker' "
++		"SYNTAX OMsDirectoryString SINGLE-VALUE )",
++		NULL, NULL },
++	{ "mqtt-port", "port", 2, 2, 0,
++		ARG_INT|ARG_OFFSET, (void *)offsetof(mqtt_t, port),
++		"( OLcfgCtAt:5.2 NAME 'olcMqttPort' "
++		"DESC 'Port of MQTT broker' "
++		"SYNTAX OMsInteger SINGLE-VALUE )",
++		NULL, NULL },
++	{ "mqtt-username", "username", 2, 2, 0,
++		ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, username),
++		"( OLcfgCtAt:5.3 NAME 'olcMqttUsername' "
++		"DESC 'Username for MQTT broker' "
++		"SYNTAX OMsDirectoryString SINGLE-VALUE )",
++		NULL, NULL },
++	{ "mqtt-password", "password", 2, 2, 0,
++		ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, password),
++		"( OLcfgCtAt:5.4 NAME 'olcMqttPassword' "
++		"DESC 'Password for MQTT broker' "
++		"SYNTAX OMsDirectoryString SINGLE-VALUE )",
++		NULL, NULL },
++	{ "mqtt-notify-password", "topic> <group-dn> <group-oc> <member-ad", 2, 5, 0,
++		ARG_MAGIC, mqtt_config_notify,
++		"( OLcfgCtAt:5.5 NAME 'olcMqttNotifyPassword' "
++		"DESC 'Notify password change on <topic>, optionally checking that the object is in the specified group.'"
++		"SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
++		NULL, NULL },
++	{ NULL, NULL, 0, 0, 0, ARG_IGNORED }
++};
++
++static ConfigOCs mqttocs[] = {
++	{ "( OLcfgCtOc:5.1 "
++	  "NAME 'olcMqttConfig' "
++	  "DESC 'MQTT configuration' "
++	  "SUP olcOverlayConfig "
++	  "MAY ( "
++		"olcMqttHostname "
++		"$ olcMqttPort"
++		"$ olcMqttUsername"
++		"$ olcMqttPassword"
++		"$ olcMqttNotifyPassword"
++	  " ) )",
++	  Cft_Overlay, mqttcfg },
++
++	{ NULL, 0, NULL }
++};
++
++static int mqtt_init(BackendInfo *bi)
++{
++	return mosquitto_lib_init();
++}
++
++static int mqtt_destroy(BackendInfo *bi)
++{
++	return mosquitto_lib_cleanup();
++}
++
++static const char *ca_arg(ConfigArgs *c, int n)
++{
++	return (c->argc <= n) ? NULL : c->argv[n];
++}
++
++static void free_notify(mqtt_notify_t *n)
++{
++	ch_free(n->topic);
++	ch_free(n->oc_group_str);
++	ch_free(n->str_member);
++	ch_free(n->dn_group_str);
++	if (!BER_BVISNULL(&n->ndn_group))
++		ber_memfree(n->ndn_group.bv_val);
++	ch_free(n);
++}
++
++static void free_all_notifies(mqtt_t *mqtt)
++{
++	mqtt_notify_t *n, *next;
++
++	for (n = mqtt->notify_map; n; n = next) {
++		next = n->next;
++		free_notify(n);
++	}
++	mqtt->notify_map = NULL;
++}
++
++static int mqtt_config_notify(ConfigArgs *c)
++{
++	slap_overinst *on = (slap_overinst *)c->bi;
++	mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++	mqtt_notify_t *n, **pprev;
++	const char *text = NULL;
++	struct berval bv = BER_BVNULL, ndn = BER_BVNULL;
++	int rc, i;
++
++	switch (c->op) {
++	case SLAP_CONFIG_EMIT:
++		for (i = 0, n = mqtt->notify_map; n; n = n->next, i++) {
++			char *ptr = c->cr_msg, *end = &c->cr_msg[sizeof(c->cr_msg)-1];
++
++			ptr += snprintf(ptr, end-ptr, SLAP_X_ORDERED_FMT "%s", i, n->topic);
++			if (n->dn_group_str)
++				ptr += snprintf(ptr, end-ptr, " \"%s\"", n->dn_group_str);
++			if (n->oc_group_str)
++				ptr += snprintf(ptr, end-ptr, " \"%s\"", n->oc_group_str);
++			if (n->str_member)
++				ptr += snprintf(ptr, end-ptr, " \"%s\"", n->str_member);
++
++			bv.bv_val = c->cr_msg;
++			bv.bv_len = ptr - bv.bv_val;
++			value_add_one(&c->rvalue_vals, &bv);
++		}
++		return 0;
++	case LDAP_MOD_DELETE:
++		if (c->valx < 0) {
++			free_all_notifies(mqtt);
++		} else {
++			pprev = &mqtt->notify_map;
++			n = mqtt->notify_map;
++			for (i = 0; i < c->valx; i++) {
++				pprev = &n->next;
++				n = n->next;
++			}
++			*pprev = n->next;
++			free_notify(n);
++		}
++		return 0;
++	}
++
++	const char *groupdn = ca_arg(c, 2);
++	const char *oc_name = ca_arg(c, 3);
++	const char *ad_name = ca_arg(c, 4);
++	ObjectClass *oc = NULL;
++	AttributeDescription *ad = NULL;
++
++	if (groupdn) {
++		oc = oc_find(oc_name ?: SLAPD_GROUP_CLASS);
++		if (oc == NULL) {
++			Debug(LDAP_DEBUG_ANY, "mqtt_db_open: unable to find objectClass=\"%s\"\n",
++				oc_name, 0, 0);
++			return 1;
++		}
++
++		rc = slap_str2ad(ad_name ?: SLAPD_GROUP_ATTR, &ad, &text);
++		if (rc != LDAP_SUCCESS) {
++			Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: unable to find attribute=\"%s\": %s (%d)\n",
++				ad_name, text, rc);
++			return rc;
++		}
++
++		ber_str2bv(groupdn, 0, 0, &bv);
++		rc = dnNormalize(0, NULL, NULL, &bv, &ndn, NULL);
++		if (rc != LDAP_SUCCESS) {
++			Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: DN normalization failed for \"%s\": %d\n",
++				groupdn, rc, 0);
++			return rc;
++		}
++	}
++
++	n = ch_calloc(1, sizeof(*n));
++	n->topic = ch_strdup(c->argv[1]);
++	n->dn_group_str = groupdn ? ch_strdup(groupdn) : NULL;
++	n->oc_group_str = oc_name ? ch_strdup(oc_name) : NULL;
++	n->str_member   = ad_name ? ch_strdup(ad_name) : NULL;
++	n->ndn_group = ndn;
++	n->oc_group = oc;
++	n->ad_member = ad;
++
++	for (pprev = &mqtt->notify_map; *pprev; pprev = &(*pprev)->next);
++	*pprev = n;
++
++	return 0;
++}
++
++static void mqtt_send_notify(mqtt_t *mqtt, mqtt_notify_t *n)
++{
++	Debug(LDAP_DEBUG_TRACE, "mqtt_send_notify: pub on topic '%s'\n", n->topic, 0, 0);
++	n->notify_pending = mosquitto_publish(mqtt->mq, NULL, n->topic, 0, NULL, 1, true) == MOSQ_ERR_NO_CONN;
++}
++
++static void mqtt_on_connect(struct mosquitto *mq, void *obj, int rc)
++{
++	slap_overinst *on = (slap_overinst *) obj;
++	mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++	mqtt_notify_t *n;
++
++	Debug(LDAP_DEBUG_TRACE, "mqtt_on_connect: connected with status %d\n", rc, 0, 0);
++	if (rc != 0)
++		return;
++	
++	for (n = mqtt->notify_map; n; n = n->next)
++		if (n->notify_pending)
++			mqtt_send_notify(mqtt, n);
++}
++
++static int mqtt_db_init(BackendDB *be, ConfigReply *cr)
++{
++	slap_overinst *on = (slap_overinst *) be->bd_info;
++
++	Debug(LDAP_DEBUG_TRACE, "mqtt_db_init: initialize overlay\n", 0, 0, 0);
++	on->on_bi.bi_private = ch_calloc(1, sizeof(mqtt_t));
++
++	return 0;
++}
++
++static int mqtt_db_destroy(BackendDB *be, ConfigReply *cr)
++{
++	slap_overinst *on = (slap_overinst *) be->bd_info;
++	mqtt_t *mqtt = on->on_bi.bi_private;
++
++	Debug(LDAP_DEBUG_TRACE, "mqtt_db_destroy: destroy overlay\n", 0, 0, 0);
++	free_all_notifies(mqtt);
++	ch_free(mqtt);
++
++	return 0;
++}
++
++static int mqtt_db_open(BackendDB *be, ConfigReply *cr)
++{
++	slap_overinst *on = (slap_overinst *) be->bd_info;
++	mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++	struct mosquitto *mq;
++	char id[256];
++	int n;
++
++	n = snprintf(id, sizeof(id), "openldap-mqtt/%d/", getpid());
++	gethostname(&id[n], sizeof(id) - n);
++
++	Debug(LDAP_DEBUG_TRACE, "mqtt_db_open, id='%s'\n", id, 0, 0);
++	mqtt->mq = mq = mosquitto_new(id, true, on);
++	if (!mq) return 1;
++
++	if (mqtt->username && mqtt->password)
++		mosquitto_username_pw_set(mq, mqtt->username, mqtt->password);
++
++	mosquitto_connect_callback_set(mq, mqtt_on_connect);
++	mosquitto_connect_async(mq, mqtt->hostname ?: "127.0.0.1", mqtt->port ?: 1883, 60);
++	mosquitto_loop_start(mq);
++
++	return 0;
++}
++
++static int mqtt_db_close(BackendDB *be, ConfigReply *cr)
++{
++	slap_overinst *on = (slap_overinst *) be->bd_info;
++	mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++
++	Debug(LDAP_DEBUG_TRACE, "mqtt_db_close\n", 0, 0, 0);
++	mosquitto_disconnect(mqtt->mq);
++	mosquitto_loop_stop(mqtt->mq, false);
++	mosquitto_destroy(mqtt->mq);
++
++	free(mqtt->hostname); mqtt->hostname = NULL;
++	free(mqtt->username); mqtt->username = NULL;
++	free(mqtt->password); mqtt->password = NULL;
++
++	return 0;
++}
++
++static int mqtt_response(Operation *op, SlapReply *rs)
++{
++	slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
++	mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++	Attribute *a;
++	Modifications *m;
++	bool change = false;
++
++	switch (op->o_tag) {
++	case LDAP_REQ_ADD:
++		for (a = op->ora_e->e_attrs; a; a = a->a_next) {
++			if (a->a_desc == slap_schema.si_ad_userPassword) {
++				change = true;
++				break;
++			}
++		}
++		break;
++	case LDAP_REQ_MODIFY:
++		for (m = op->orm_modlist; m; m = m->sml_next) {
++			if (m->sml_desc == slap_schema.si_ad_userPassword) {
++				change = true;
++				break;
++			}
++		}
++		break;
++	case LDAP_REQ_EXTENDED:
++		if (ber_bvcmp(&slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid) == 0)
++			change = true;
++		break;
++	}
++
++	if (change) {
++		mqtt_notify_t *n;
++		int r, cache;
++
++		for (n = mqtt->notify_map; n; n = n->next) {
++			if (n->oc_group) {
++				cache = op->o_do_not_cache;
++				op->o_do_not_cache = 1;
++				r = backend_group(op, NULL, &n->ndn_group, &op->o_req_ndn, n->oc_group, n->ad_member);
++				op->o_do_not_cache = cache;
++			} else {
++				r = 0;
++			}
++
++			Debug(LDAP_DEBUG_TRACE, "tested o_req_ndn='%s' in ndn_group='%s' r=%d\n",
++				op->o_req_ndn.bv_val, n->ndn_group.bv_val, r);
++
++			if (r == 0)
++				mqtt_send_notify(mqtt, n);
++		}
++	}
++
++	return SLAP_CB_CONTINUE;
++}
++
++static int mqtt_init_overlay() 
++{
++	static slap_overinst ov;
++	int rc;
++
++	ov.on_bi.bi_type = "mqtt";
++	ov.on_bi.bi_init = mqtt_init;
++	ov.on_bi.bi_destroy = mqtt_destroy;
++	ov.on_bi.bi_db_init = mqtt_db_init;
++	ov.on_bi.bi_db_destroy = mqtt_db_destroy;
++	ov.on_bi.bi_db_open = mqtt_db_open;
++	ov.on_bi.bi_db_close = mqtt_db_close;
++	ov.on_bi.bi_cf_ocs = mqttocs;
++	ov.on_response = mqtt_response;
++
++	rc = config_register_schema(mqttcfg, mqttocs);
++	if (rc) return rc;
++
++	return overlay_register(&ov);
++}
++
++int init_module(int argc, char *argv[]) 
++{
++	return mqtt_init_overlay();
++}
+
diff --git a/user/openldap/openldap.post-install b/user/openldap/openldap.post-install
new file mode 100644
index 000000000..e90d25760
--- /dev/null
+++ b/user/openldap/openldap.post-install
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+cat >&2 <<-EOF
+*
+* To use LDAP server, you have to install some backend. Most users would need MDB
+* backend which you can install with: apk add openldap-back-mdb.
+*
+* If you use overlays, you have to install them separately too:
+* apk add openldap-overlay-<name>, or openldap-overlay-all to install them all.
+*
+EOF
diff --git a/user/openldap/openldap.post-upgrade b/user/openldap/openldap.post-upgrade
new file mode 100644
index 000000000..7be8906a9
--- /dev/null
+++ b/user/openldap/openldap.post-upgrade
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+new_ver="$1"
+old_ver="$2"
+
+if [ "$(apk version -t "$old_ver" "2.4.45-r2")" = "<" ]; then
+	cat >&2 <<-EOF
+	*
+	* All SLAPD backends and overlays have been moved to subpackages.
+	* You can install specific backend or overlay with apk:
+	*
+	*     apk add openldap-back-<name>
+	*     apk add openldap-overlay-<name>
+	*
+	* Or you can install all of them using metapackages openldap-back-all
+	* and openldap-overlay-all.
+	EOF
+	if [ -e /var/lib/openldap/openldap-data/data.mdb ]; then
+		cat >&2 <<-EOF
+		*
+		* Found existing MDB database. You have to install MDB backend:
+		*     apk add openldap-back-mdb
+		*
+		* and add "moduleload back_mdb.so" to /etc/openldap/slapd.conf,
+		* or "olcModuleload back_mdb.so" to slapd.ldif.
+		*
+		EOF
+	else
+		echo "*" >&2
+	fi
+fi
diff --git a/user/openldap/openldap.pre-install b/user/openldap/openldap.pre-install
new file mode 100644
index 000000000..eb6b10fa4
--- /dev/null
+++ b/user/openldap/openldap.pre-install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+addgroup -S ldap 2>/dev/null
+adduser -S -D -H -h /usr/lib/openldap -s /sbin/nologin -G ldap \
+	-g "OpenLdap User" ldap 2>/dev/null
+
+exit 0
diff --git a/user/openldap/slapd.confd b/user/openldap/slapd.confd
new file mode 100644
index 000000000..f69f92b4a
--- /dev/null
+++ b/user/openldap/slapd.confd
@@ -0,0 +1,12 @@
+# Configuration for /etc/init.d/slapd
+
+# Location of the configuration file.
+cfgfile="/etc/openldap/slapd.conf"
+
+# Location of the configuration directory (OpenLDAP 2.3+).
+#cfgdir=""
+
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+#command_args="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
diff --git a/user/openldap/slapd.initd b/user/openldap/slapd.initd
new file mode 100644
index 000000000..350cc0d50
--- /dev/null
+++ b/user/openldap/slapd.initd
@@ -0,0 +1,34 @@
+#!/sbin/openrc-run
+
+: ${pidfile:="/run/openldap/slapd.pid"}
+
+name="LDAP server"
+extra_commands="checkconfig"
+description_checkconfig="Check slapd.conf for errors"
+
+command="/usr/sbin/slapd"
+# OPTS is for backward compatibility
+cfg_opt="${cfgdir:+"-F $cfgdir"} ${cfgfile:+"-f $cfgfile"}"
+command_args="-u ldap -g ldap $cfg_opt ${command_args:-${OPTS:-}}"
+
+stopsig=2
+start_stop_daemon_args="
+	${KRB5_KTNAME:+"--env KRB5_KTNAME=$KRB5_KTNAME"}"
+
+depend() {
+	need net
+	after firewall
+	before dbus hald avahi-daemon
+	provide ldap
+}
+
+start_pre() {
+	checkpath --directory --owner ldap:ldap "${pidfile%/*}"
+	/usr/sbin/slaptest -u -Q $cfg_opt || /usr/sbin/slaptest -u $cfg_opt
+}
+
+checkconfig() {
+	ebegin "Checking $name configuration..."
+	/usr/sbin/slaptest -u $cfg_opt
+	eend $?
+}
diff --git a/user/orbit2/APKBUILD b/user/orbit2/APKBUILD
new file mode 100644
index 000000000..5caf3dcbc
--- /dev/null
+++ b/user/orbit2/APKBUILD
@@ -0,0 +1,45 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=orbit2
+pkgver=2.14.19
+pkgrel=4
+pkgdesc="CORBA implementation for GNOME"
+url="http://projects.gnome.org/ORBit2"
+arch="all"
+license="LGPL"
+depends=
+makedepends="glib-dev libidl-dev"
+install=""
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://ftp.gnome.org/pub/GNOME/sources/ORBit2/${pkgver%.*}/ORBit2-${pkgver}.tar.bz2
+	glib-2.36.patch"
+
+builddir="${srcdir}/ORBit2-${pkgver}"
+prepare() {
+	cd "$builddir"
+	update_config_sub
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="313e125234e8d1195be277ad125af169f12ce312cb541a4641c5d57d3c905bbdc6a46672a86a012409cf4d7af58b5122f0e5db250730b65e8d95b2d5f4c4657e  ORBit2-2.14.19.tar.bz2
+b90d8e200d16b735bece54454d1e2b1a7c1b75aaac83986263b5a9ac38c4235eed747408a07a266c0aaaeb9c7a75e7fda1ef1b2ed54300003da38ff2251fdcfa  glib-2.36.patch"
diff --git a/user/orbit2/glib-2.36.patch b/user/orbit2/glib-2.36.patch
new file mode 100644
index 000000000..c94f920f7
--- /dev/null
+++ b/user/orbit2/glib-2.36.patch
@@ -0,0 +1,15 @@
+$NetBSD: patch-linc2_src_Makefile.in,v 1.1 2013/04/19 14:28:54 prlw1 Exp $
+
+Avoid compilation error caused by use of deprecated g_thread API
+
+--- ./linc2/src/Makefile.in.orig	2010-09-28 09:39:39.000000000 +0000
++++ ./linc2/src/Makefile.in
+@@ -244,7 +244,7 @@ noinst_LTLIBRARIES = liblinc.la
+ #	-I$(top_srcdir)/include    
+ INCLUDES = -I$(top_builddir)/linc2/include \
+ 	-I$(top_srcdir)/linc2/include $(LINC_CFLAGS) $(WARN_CFLAGS) \
+-	-DG_DISABLE_DEPRECATED $(am__append_1)
++	$(am__append_1)
+ liblinc_la_SOURCES = \
+ 	linc.c			\
+ 	linc-connection.c	\
diff --git a/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch b/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
new file mode 100644
index 000000000..1498e831a
--- /dev/null
+++ b/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
@@ -0,0 +1,108 @@
+From 2428beec9189bb93e6e1fdd5bdde35acf5279a03 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Sun, 20 May 2012 15:42:56 +0200
+Subject: [PATCH] Bug 50145 - make netgroup support optional
+
+https://bugs.freedesktop.org/show_bug.cgi?id=50145
+
+netgroups are not defined in POSIX and are not be available on
+all systems.
+
+We check for getnetgrent in configure script.
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ configure.ac                                             |    2 +-
+ src/polkitbackend/polkitbackendlocalauthority.c          |    8 ++++++--
+ src/polkitbackend/polkitbackendlocalauthorizationstore.c |    3 ++-
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f325922..711aa7c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -141,7 +141,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+ 
+-AC_CHECK_FUNCS(clearenv)
++AC_CHECK_FUNCS(clearenv getnetgrent)
+ 
+ if test "x$GCC" = "xyes"; then
+   LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
+index b53eda3..f14e924 100644
+--- a/src/polkitbackend/polkitbackendlocalauthority.c
++++ b/src/polkitbackend/polkitbackendlocalauthority.c
+@@ -52,9 +52,10 @@
+ 
+ static GList *get_users_in_group (PolkitIdentity              *group,
+                                   gboolean                     include_root);
+-
++#if defined HAVE_GETNETGRENT
+ static GList *get_users_in_net_group (PolkitIdentity          *group,
+                                       gboolean                 include_root);
++#endif
+ 
+ static GList *get_groups_for_user (PolkitIdentity              *user);
+ 
+@@ -511,10 +512,12 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti
+         {
+           ret = g_list_concat (ret, get_users_in_group (identity, FALSE));
+         }
++#if defined HAVE_GETNETGRENT
+       else if (POLKIT_IS_UNIX_NETGROUP (identity))
+         {
+           ret =  g_list_concat (ret, get_users_in_net_group (identity, FALSE));
+         }
++#endif
+       else
+         {
+           g_warning ("Unsupported identity %s", admin_identities[n]);
+@@ -690,6 +693,7 @@ get_users_in_group (PolkitIdentity                    *group,
+   return ret;
+ }
+ 
++#if defined HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity                    *group,
+                         gboolean                           include_root)
+@@ -741,7 +745,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
+   endnetgrent ();
+   return ret;
+ }
+-
++#endif
+ 
+ static GList *
+ get_groups_for_user (PolkitIdentity *user)
+diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+index 2ddfe75..02553c4 100644
+--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
++++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+@@ -725,6 +725,7 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
+             break;
+         }
+ 
++#if defined HAVE_GETNETGRENT
+       /* if no identity specs matched and identity is a user, match against netgroups */
+       if (ll == NULL && POLKIT_IS_UNIX_USER (identity))
+         {
+@@ -732,13 +733,13 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
+           const gchar *user_name = polkit_unix_user_get_name (user_identity);
+           if (!user_name)
+             continue;
+-
+           for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next)
+             {
+               if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL))
+                 break;
+             }
+         }
++#endif
+ 
+       if (ll == NULL)
+         continue;
+-- 
+1.7.10.2
+
diff --git a/user/polkit/APKBUILD b/user/polkit/APKBUILD
new file mode 100644
index 000000000..fdc37d634
--- /dev/null
+++ b/user/polkit/APKBUILD
@@ -0,0 +1,80 @@
+# Contributor: Carlo Landmeter
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=polkit
+pkgver=0.105
+pkgrel=8
+pkgdesc="Application development toolkit for controlling system-wide privileges"
+url="http://www.freedesktop.org/wiki/Software/polkit/"
+arch="all"
+license="LGPL"
+depends=
+options="suid"
+depends_dev="eggdbus-dev dbus-glib-dev linux-pam-dev"
+makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev
+	intltool autoconf automake libtool"
+install=
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
+	0001-Bug-50145-make-netgroup-support-optional.patch
+	CVE-2013-4288.patch
+	CVE-2015-3218.patch
+	CVE-2015-3255.patch
+	CVE-2015-4625.patch
+	automake.patch
+	fix-parallel-make.patch
+	fix-consolekit-db-stat.patch
+	fix-test-fgetpwent.patch
+	disable-ck-test.patch
+"
+
+prepare() {
+	cd "$builddir"
+	update_config_sub
+	default_prepare
+	libtoolize --force && aclocal && autoconf && automake --add-missing
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--libexecdir=/usr/lib/polkit-1 \
+		--localstatedir=/var \
+		--disable-static \
+		--enable-nls \
+		--enable-introspection \
+		--with-os-type=alpine \
+		--with-pam-include=base-auth \
+		--disable-gtk-doc \
+		--disable-gtk-doc-html \
+		--disable-gtk-doc-pdf
+
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3  polkit-0.105.tar.gz
+09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e  0001-Bug-50145-make-netgroup-support-optional.patch
+d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb  CVE-2013-4288.patch
+625be61ca38267508bb360002c410414f7ca814487f4a51257906118731e208be0c90d21f45ac90fd9f64f2f5937fa1e312d6900179853fabbaaf5e75073c82c  CVE-2015-3218.patch
+0b26b819da0b34f10ff8a768850560b3207a6e10a7141bd1aa4769c1cb2829eb110164974b99d993d4e3a62145ace0fc5375489f84d2b56fe08e3430e3232aa8  CVE-2015-3255.patch
+32ecc38db938fc1e3d14ffd9c492d12a42a91750e0eb1f66f8346d0cefd6e18fd0dffac8bffc65578cfb56c9598d3b336721477e8496de2619d6d69f1a6b309e  CVE-2015-4625.patch
+25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf  automake.patch
+6b0d9262ba8b3c000acdcc8c86bd6fc043e5750a0155730638d4e3a92e63f43cb476d63b11856c041d60d8f38f7eb5ada0eb0eced9100bdac3bc2c7dd5108ddd  fix-parallel-make.patch
+95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24  fix-consolekit-db-stat.patch
+966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b  fix-test-fgetpwent.patch
+f73ab05ab5fdc90d3961fdcf88fa57eee8c90af4960b20d7ac845d2395c4cc20873ddc72bfd00fd127471336807faa705d0845444a0218343e74063e8f190980  disable-ck-test.patch"
diff --git a/user/polkit/CVE-2013-4288.patch b/user/polkit/CVE-2013-4288.patch
new file mode 100644
index 000000000..0ca8131e8
--- /dev/null
+++ b/user/polkit/CVE-2013-4288.patch
@@ -0,0 +1,123 @@
+From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Mon, 19 Aug 2013 12:16:11 -0400
+Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too
+
+The uid is a new addition; this allows callers such as libvirt to
+close a race condition in reading the uid of the process talking to
+them.  They can read it via getsockopt(SO_PEERCRED) or equivalent,
+rather than having pkcheck look at /proc later after the fact.
+
+Programs which invoke pkcheck but need to know beforehand (i.e.  at
+compile time) whether or not it supports passing the uid can
+use:
+
+pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+test x$pkcheck_supports_uid = xyes
+
+Conflicts:
+	docs/man/pkcheck.xml
+	src/programs/pkcheck.c
+---
+ data/polkit-gobject-1.pc.in |  3 +++
+ docs/man/pkcheck.xml        | 33 +++++++++++++++++++++------------
+ src/programs/pkcheck.c      |  7 ++++++-
+ 3 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
+index c39677d..5c4c620 100644
+--- a/data/polkit-gobject-1.pc.in
++++ b/data/polkit-gobject-1.pc.in
+@@ -11,3 +11,6 @@ Version: @VERSION@
+ Libs: -L${libdir} -lpolkit-gobject-1
+ Cflags: -I${includedir}/polkit-1
+ Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
++# Programs using pkcheck can use this to determine
++# whether or not it can be passed a uid.
++pkcheck_supports_uid=true
+diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
+index 6b8a874..9f2faef 100644
+--- a/docs/man/pkcheck.xml
++++ b/docs/man/pkcheck.xml
+@@ -55,6 +55,9 @@
+             <arg choice="plain">
+               <replaceable>pid,pid-start-time</replaceable>
+             </arg>
++            <arg choice="plain">
++              <replaceable>pid,pid-start-time,uid</replaceable>
++            </arg>
+           </group>
+         </arg>
+         <arg choice="plain">
+@@ -90,7 +93,7 @@
+     <title>DESCRIPTION</title>
+     <para>
+       <command>pkcheck</command> is used to check whether a process, specified by
+-      either <option>--process</option> or <option>--system-bus-name</option>,
++      either <option>--process</option> (see below) or <option>--system-bus-name</option>,
+       is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
+       option can be used zero or more times to pass details about <replaceable>action</replaceable>.
+       If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
+@@ -160,17 +163,23 @@ KEY3=VALUE3
+   <refsect1 id="pkcheck-notes">
+     <title>NOTES</title>
+     <para>
+-      Since process identifiers can be recycled, the caller should always use
+-      <replaceable>pid,pid-start-time</replaceable> to specify the process
+-      to check for authorization when using the <option>--process</option> option.
+-      The value of <replaceable>pid-start-time</replaceable>
+-      can be determined by consulting e.g. the
+-      <citerefentry>
+-        <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum>
+-      </citerefentry>
+-      file system depending on the operating system. If only <replaceable>pid</replaceable>
+-      is passed to the <option>--process</option> option, then <command>pkcheck</command>
+-      will look up the start time itself but note that this may be racy.
++      Do not use either the bare <replaceable>pid</replaceable> or
++      <replaceable>pid,start-time</replaceable> syntax forms for
++      <option>--process</option>.  There are race conditions in both.
++      New code should always use
++      <replaceable>pid,pid-start-time,uid</replaceable>.  The value of
++      <replaceable>start-time</replaceable> can be determined by
++      consulting e.g. the
++      <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
++      file system depending on the operating system.  If fewer than 3
++      arguments are passed, <command>pkcheck</command> will attempt to
++      look up them up internally, but note that this may be racy.
++    </para>
++    <para>
++      If your program is a daemon with e.g. a custom Unix domain
++      socket, you should determine the <replaceable>uid</replaceable>
++      parameter via operating system mechanisms such as
++      <literal>PEERCRED</literal>.
+     </para>
+   </refsect1>
+ 
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 719a36c..057e926 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -372,6 +372,7 @@ main (int argc, char *argv[])
+       else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
+         {
+           gint pid;
++	  guint uid;
+           guint64 pid_start_time;
+ 
+           n++;
+@@ -381,7 +382,11 @@ main (int argc, char *argv[])
+               goto out;
+             }
+ 
+-          if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
++          if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
++            {
++              subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
++            }
++          else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+             {
+               subject = polkit_unix_process_new_full (pid, pid_start_time);
+             }
+-- 
+1.8.5.1
+
diff --git a/user/polkit/CVE-2015-3218.patch b/user/polkit/CVE-2015-3218.patch
new file mode 100644
index 000000000..977825102
--- /dev/null
+++ b/user/polkit/CVE-2015-3218.patch
@@ -0,0 +1,115 @@
+From 48e646918efb2bf0b3b505747655726d7869f31c Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Sat, 30 May 2015 09:06:23 -0400
+Subject: CVE-2015-3218: backend: Handle invalid object paths in
+ RegisterAuthenticationAgent
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Properly propagate the error, otherwise we dereference a `NULL`
+pointer.  This is a local, authenticated DoS.
+
+`RegisterAuthenticationAgentWithOptions` and
+`UnregisterAuthentication` have been validated to not need changes for
+this.
+
+http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
+https://bugs.freedesktop.org/show_bug.cgi?id=90829
+
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Philip Withnall <philip@tecnocode.co.uk>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index f6ea0fc..587f954 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -1566,36 +1566,42 @@ authentication_agent_new (PolkitSubject *scope,
+                           const gchar *unique_system_bus_name,
+                           const gchar *locale,
+                           const gchar *object_path,
+-                          GVariant    *registration_options)
++                          GVariant    *registration_options,
++                          GError     **error)
+ {
+   AuthenticationAgent *agent;
+-  GError *error;
++  GDBusProxy *proxy;
+ 
+-  agent = g_new0 (AuthenticationAgent, 1);
++  if (!g_variant_is_object_path (object_path))
++    {
++      g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
++                   "Invalid object path '%s'", object_path);
++      return NULL;
++    }
++
++  proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
++                                         G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
++                                         G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
++                                         NULL, /* GDBusInterfaceInfo* */
++                                         unique_system_bus_name,
++                                         object_path,
++                                         "org.freedesktop.PolicyKit1.AuthenticationAgent",
++                                         NULL, /* GCancellable* */
++                                         error);
++  if (proxy == NULL)
++    {
++      g_prefix_error (error, "Failed to construct proxy for agent: " );
++      return NULL;
++    }
+ 
++  agent = g_new0 (AuthenticationAgent, 1);
+   agent->ref_count = 1;
+   agent->scope = g_object_ref (scope);
+   agent->object_path = g_strdup (object_path);
+   agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+   agent->locale = g_strdup (locale);
+   agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+-
+-  error = NULL;
+-  agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
+-                                                G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
+-                                                G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
+-                                                NULL, /* GDBusInterfaceInfo* */
+-                                                agent->unique_system_bus_name,
+-                                                agent->object_path,
+-                                                "org.freedesktop.PolicyKit1.AuthenticationAgent",
+-                                                NULL, /* GCancellable* */
+-                                                &error);
+-  if (agent->proxy == NULL)
+-    {
+-      g_warning ("Error constructing proxy for agent: %s", error->message);
+-      g_error_free (error);
+-      /* TODO: Make authentication_agent_new() return NULL and set a GError */
+-    }
++  agent->proxy = proxy;
+ 
+   return agent;
+ }
+@@ -2398,8 +2404,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+   caller_cmdline = NULL;
+   agent = NULL;
+ 
+-  /* TODO: validate that object path is well-formed */
+-
+   interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
+   priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
+ 
+@@ -2486,7 +2490,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+                                     polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+                                     locale,
+                                     object_path,
+-                                    options);
++                                    options,
++                                    error);
++  if (!agent)
++    goto out;
+ 
+   g_hash_table_insert (priv->hash_scope_to_authentication_agent,
+                        g_object_ref (subject),
+-- 
+cgit v0.10.2
+
diff --git a/user/polkit/CVE-2015-3255.patch b/user/polkit/CVE-2015-3255.patch
new file mode 100644
index 000000000..1bd7c6bcf
--- /dev/null
+++ b/user/polkit/CVE-2015-3255.patch
@@ -0,0 +1,67 @@
+From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
+Date: Wed, 1 Apr 2015 05:22:37 +0200
+Subject: CVE-2015-3255 Fix GHashTable usage.
+
+Don't assume that the hash table with free both the key and the value
+at the same time, supply proper deallocation functions for the key
+and value separately.
+
+Then drop ParsedAction::action_id which is no longer used for anything.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=69501
+and
+https://bugs.freedesktop.org/show_bug.cgi?id=83590
+
+CVE: CVE-2015-3255
+
+diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
+index bc14381..3894fe9 100644
+--- a/src/polkitbackend/polkitbackendactionpool.c
++++ b/src/polkitbackend/polkitbackendactionpool.c
+@@ -40,7 +40,6 @@
+ 
+ typedef struct
+ {
+-  gchar *action_id;
+   gchar *vendor_name;
+   gchar *vendor_url;
+   gchar *icon_name;
+@@ -62,7 +61,6 @@ typedef struct
+ static void
+ parsed_action_free (ParsedAction *action)
+ {
+-  g_free (action->action_id);
+   g_free (action->vendor_name);
+   g_free (action->vendor_url);
+   g_free (action->icon_name);
+@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool)
+ 
+   priv->parsed_actions = g_hash_table_new_full (g_str_hash,
+                                                 g_str_equal,
+-                                                NULL,
++                                                g_free,
+                                                 (GDestroyNotify) parsed_action_free);
+ 
+   priv->parsed_files = g_hash_table_new_full (g_str_hash,
+@@ -988,7 +986,6 @@ _end (void *data, const char *el)
+           icon_name = pd->global_icon_name;
+ 
+         action = g_new0 (ParsedAction, 1);
+-        action->action_id = g_strdup (pd->action_id);
+         action->vendor_name = g_strdup (vendor);
+         action->vendor_url = g_strdup (vendor_url);
+         action->icon_name = g_strdup (icon_name);
+@@ -1003,7 +1000,8 @@ _end (void *data, const char *el)
+         action->implicit_authorization_inactive = pd->implicit_authorization_inactive;
+         action->implicit_authorization_active = pd->implicit_authorization_active;
+ 
+-        g_hash_table_insert (priv->parsed_actions, action->action_id, action);
++        g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id),
++                             action);
+ 
+         /* we steal these hash tables */
+         pd->annotations = NULL;
+-- 
+cgit v0.10.2
+
diff --git a/user/polkit/CVE-2015-4625.patch b/user/polkit/CVE-2015-4625.patch
new file mode 100644
index 000000000..4a43fb433
--- /dev/null
+++ b/user/polkit/CVE-2015-4625.patch
@@ -0,0 +1,1008 @@
+From ea544ffc18405237ccd95d28d7f45afef49aca17 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Thu, 4 Jun 2015 12:15:18 -0400
+Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Tavis noted that it'd be possible with a 32 bit counter for someone to
+cause the cookie to wrap by creating Authentication requests in a
+loop.
+
+Something important to note here is that wrapping of signed integers
+is undefined behavior in C, so we definitely want to fix that.  All
+counter integers used in this patch are unsigned.
+
+See the comment above `authentication_agent_generate_cookie` for
+details, but basically we're now using a cookie of the form:
+
+```
+        <agent serial> - <agent random id> - <session serial> - <session
+random id>
+```
+
+Which has multiple 64 bit counters, plus unpredictable random 128 bit
+integer ids (effectively UUIDs, but we're not calling them that
+because we don't need to be globally unique.
+
+We further ensure that the cookies are not visible to other processes
+by changing the setuid helper to accept them over standard input.  This
+means that an attacker would have to guess both ids.
+
+In any case, the security hole here is better fixed with the other
+change to bind user id (uid) of the agent with cookie lookups, making
+cookie guessing worthless.
+
+Nevertheless, I think it's worth doing this change too, for defense in
+depth.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832
+CVE: CVE-2015-4625
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c
+index 937386e..19062aa 100644
+--- a/src/polkitagent/polkitagenthelper-pam.c
++++ b/src/polkitagent/polkitagenthelper-pam.c
+@@ -65,7 +65,7 @@ main (int argc, char *argv[])
+ {
+   int rc;
+   const char *user_to_auth;
+-  const char *cookie;
++  char *cookie = NULL;
+   struct pam_conv pam_conversation;
+   pam_handle_t *pam_h;
+   const void *authed_user;
+@@ -97,7 +97,7 @@ main (int argc, char *argv[])
+   openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ 
+   /* check for correct invocation */
+-  if (argc != 3)
++  if (!(argc == 2 || argc == 3))
+     {
+       syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+       fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -105,7 +105,10 @@ main (int argc, char *argv[])
+     }
+ 
+   user_to_auth = argv[1];
+-  cookie = argv[2];
++
++  cookie = read_cookie (argc, argv);
++  if (!cookie)
++    goto error;
+ 
+   if (getuid () != 0)
+     {
+@@ -203,6 +206,8 @@ main (int argc, char *argv[])
+       goto error;
+     }
+ 
++  free (cookie);
++
+ #ifdef PAH_DEBUG
+   fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -212,6 +217,7 @@ main (int argc, char *argv[])
+   return 0;
+ 
+ error:
++  free (cookie);
+   if (pam_h != NULL)
+     pam_end (pam_h, rc);
+ 
+diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c
+index a4f73ac..e877915 100644
+--- a/src/polkitagent/polkitagenthelper-shadow.c
++++ b/src/polkitagent/polkitagenthelper-shadow.c
+@@ -46,7 +46,7 @@ main (int argc, char *argv[])
+ {
+   struct spwd *shadow;
+   const char *user_to_auth;
+-  const char *cookie;
++  char *cookie = NULL;
+   time_t now;
+ 
+   /* clear the entire environment to avoid attacks with
+@@ -67,7 +67,7 @@ main (int argc, char *argv[])
+   openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+ 
+   /* check for correct invocation */
+-  if (argc != 3)
++  if (!(argc == 2 || argc == 3))
+     {
+       syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+       fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -86,7 +86,10 @@ main (int argc, char *argv[])
+     }
+ 
+   user_to_auth = argv[1];
+-  cookie = argv[2];
++
++  cookie = read_cookie (argc, argv);
++  if (!cookie)
++    goto error;
+ 
+ #ifdef PAH_DEBUG
+   fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
+@@ -153,6 +156,8 @@ main (int argc, char *argv[])
+       goto error;
+     }
+ 
++  free (cookie);
++
+ #ifdef PAH_DEBUG
+   fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -162,6 +167,7 @@ main (int argc, char *argv[])
+   return 0;
+ 
+ error:
++  free (cookie);
+   fprintf (stdout, "FAILURE\n");
+   flush_and_wait ();
+   return 1;
+diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
+index cfa77fc..e23f9f5 100644
+--- a/src/polkitagent/polkitagenthelperprivate.c
++++ b/src/polkitagent/polkitagenthelperprivate.c
+@@ -23,6 +23,7 @@
+ #include "config.h"
+ #include "polkitagenthelperprivate.h"
+ #include <stdio.h>
++#include <string.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+ 
+@@ -45,6 +46,38 @@ _polkit_clearenv (void)
+ #endif
+ 
+ 
++char *
++read_cookie (int argc, char **argv)
++{
++  /* As part of CVE-2015-4625, we started passing the cookie
++   * on standard input, to ensure it's not visible to other
++   * processes.  However, to ensure that things continue
++   * to work if the setuid binary is upgraded while old
++   * agents are still running (this will be common with
++   * package managers), we support both modes.
++   */
++  if (argc == 3)
++    return strdup (argv[2]);
++  else
++    {
++      char *ret = NULL;
++      size_t n = 0;
++      ssize_t r = getline (&ret, &n, stdin);
++      if (r == -1)
++        {
++          if (!feof (stdin))
++            perror ("getline");
++          free (ret);
++          return NULL;
++        }
++      else
++        {
++          g_strchomp (ret);
++          return ret;
++        }
++    }
++}
++
+ gboolean
+ send_dbus_message (const char *cookie, const char *user)
+ {
+diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h
+index aeca2c7..547fdcc 100644
+--- a/src/polkitagent/polkitagenthelperprivate.h
++++ b/src/polkitagent/polkitagenthelperprivate.h
+@@ -38,6 +38,8 @@
+ 
+ int _polkit_clearenv (void);
+ 
++char *read_cookie (int argc, char **argv);
++
+ gboolean send_dbus_message (const char *cookie, const char *user);
+ 
+ void flush_and_wait ();
+diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c
+index f014773..8b93ad0 100644
+--- a/src/polkitagent/polkitagentsession.c
++++ b/src/polkitagent/polkitagentsession.c
+@@ -55,6 +55,7 @@
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
++#include <gio/gunixoutputstream.h>
+ #include <pwd.h>
+ 
+ #include "polkitagentmarshal.h"
+@@ -88,7 +89,7 @@ struct _PolkitAgentSession
+   gchar *cookie;
+   PolkitIdentity *identity;
+ 
+-  int child_stdin;
++  GOutputStream *child_stdin;
+   int child_stdout;
+   GPid child_pid;
+ 
+@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT);
+ static void
+ polkit_agent_session_init (PolkitAgentSession *session)
+ {
+-  session->child_stdin = -1;
+   session->child_stdout = -1;
+ }
+ 
+@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session)
+       session->child_stdout = -1;
+     }
+ 
+-  if (session->child_stdin != -1)
+-    {
+-      g_warn_if_fail (close (session->child_stdin) == 0);
+-      session->child_stdin = -1;
+-    }
++  g_clear_object (&session->child_stdin);
+ 
+   session->helper_is_running = FALSE;
+ 
+@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session,
+ 
+   add_newline = (response[response_len] != '\n');
+ 
+-  write (session->child_stdin, response, response_len);
++  (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL);
+   if (add_newline)
+-    write (session->child_stdin, newline, 1);
++    (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL);
+ }
+ 
+ /**
+@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ {
+   uid_t uid;
+   GError *error;
+-  gchar *helper_argv[4];
++  gchar *helper_argv[3];
+   struct passwd *passwd;
++  int stdin_fd = -1;
+ 
+   g_return_if_fail (POLKIT_AGENT_IS_SESSION (session));
+ 
+@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ 
+   helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
+   helper_argv[1] = passwd->pw_name;
+-  helper_argv[2] = session->cookie;
+-  helper_argv[3] = NULL;
++  helper_argv[2] = NULL;
+ 
+-  session->child_stdin = -1;
+   session->child_stdout = -1;
+ 
+   error = NULL;
+@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+                                  NULL,
+                                  NULL,
+                                  &session->child_pid,
+-                                 &session->child_stdin,
++                                 &stdin_fd,
+                                  &session->child_stdout,
+                                  NULL,
+                                  &error))
+@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+   if (G_UNLIKELY (_show_debug ()))
+     g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid);
+ 
++  session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE);
++
++  /* Write the cookie on stdin so it can't be seen by other processes */
++  (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie),
++                                    NULL, NULL, NULL);
++  (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL);
++
+   session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout);
+   session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel,
+                                                           G_IO_IN | G_IO_ERR | G_IO_HUP);
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 3f339e9..15adc6a 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -214,6 +214,8 @@ typedef struct
+ 
+   GDBusConnection *system_bus_connection;
+   guint name_owner_changed_signal_id;
++
++  guint64 agent_serial;
+ } PolkitBackendInteractiveAuthorityPrivate;
+ 
+ /* ---------------------------------------------------------------------------------------------------- */
+@@ -439,11 +441,15 @@ struct AuthenticationAgent
+   volatile gint ref_count;
+ 
+   PolkitSubject *scope;
++  guint64 serial;
+ 
+   gchar *locale;
+   GVariant *registration_options;
+   gchar *object_path;
+   gchar *unique_system_bus_name;
++  GRand *cookie_pool;
++  gchar *cookie_prefix;
++  guint64  cookie_serial;
+ 
+   GDBusProxy *proxy;
+ 
+@@ -1427,9 +1433,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable,
+   authentication_session_cancel (session);
+ }
+ 
++/* We're not calling this a UUID, but it's basically
++ * the same thing, just not formatted that way because:
++ *
++ *  - I'm too lazy to do it
++ *  - If we did, people might think it was actually
++ *    generated from /dev/random, which we're not doing
++ *    because this value doesn't actually need to be
++ *    globally unique.
++ */
++static void
++append_rand_u128_str (GString *buf,
++                      GRand   *pool)
++{
++  g_string_append_printf (buf, "%08x%08x%08x%08x",
++                          g_rand_int (pool),
++                          g_rand_int (pool),
++                          g_rand_int (pool),
++                          g_rand_int (pool));
++}
++
++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession)
++ * pair, and not guessable by other agents.
++ *
++ * <agent serial> - <agent uuid> - <session serial> - <session uuid>
++ *
++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
++ *
++ */
++static gchar *
++authentication_agent_generate_cookie (AuthenticationAgent *agent)
++{
++  GString *buf = g_string_new ("");
++
++  g_string_append (buf, agent->cookie_prefix);
++  
++  g_string_append_c (buf, '-');
++  agent->cookie_serial++;
++  g_string_append_printf (buf, "%" G_GUINT64_FORMAT, 
++                          agent->cookie_serial);
++  g_string_append_c (buf, '-');
++  append_rand_u128_str (buf, agent->cookie_pool);
++
++  return g_string_free (buf, FALSE);
++}
++
++
+ static AuthenticationSession *
+ authentication_session_new (AuthenticationAgent         *agent,
+-                            const gchar                 *cookie,
+                             PolkitSubject               *subject,
+                             PolkitIdentity              *user_of_subject,
+                             PolkitSubject               *caller,
+@@ -1447,7 +1498,7 @@ authentication_session_new (AuthenticationAgent         *agent,
+ 
+   session = g_new0 (AuthenticationSession, 1);
+   session->agent = authentication_agent_ref (agent);
+-  session->cookie = g_strdup (cookie);
++  session->cookie = authentication_agent_generate_cookie (agent);
+   session->subject = g_object_ref (subject);
+   session->user_of_subject = g_object_ref (user_of_subject);
+   session->caller = g_object_ref (caller);
+@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session)
+   g_free (session);
+ }
+ 
+-static gchar *
+-authentication_agent_new_cookie (AuthenticationAgent *agent)
+-{
+-  static gint counter = 0;
+-
+-  /* TODO: use a more random-looking cookie */
+-
+-  return g_strdup_printf ("cookie%d", counter++);
+-}
+-
+ static PolkitSubject *
+ authentication_agent_get_scope (AuthenticationAgent *agent)
+ {
+@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent)
+       g_free (agent->unique_system_bus_name);
+       if (agent->registration_options != NULL)
+         g_variant_unref (agent->registration_options);
++      g_rand_free (agent->cookie_pool);
++      g_free (agent->cookie_prefix);
+       g_free (agent);
+     }
+ }
+ 
+ static AuthenticationAgent *
+-authentication_agent_new (PolkitSubject *scope,
++authentication_agent_new (guint64      serial,
++                          PolkitSubject *scope,
+                           const gchar *unique_system_bus_name,
+                           const gchar *locale,
+                           const gchar *object_path,
+@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope,
+ 
+   agent = g_new0 (AuthenticationAgent, 1);
+   agent->ref_count = 1;
++  agent->serial = serial;
+   agent->scope = g_object_ref (scope);
+   agent->object_path = g_strdup (object_path);
+   agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope,
+   agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+   agent->proxy = proxy;
+ 
++  {
++    GString *cookie_prefix = g_string_new ("");
++    GRand *agent_private_rand = g_rand_new ();
++
++    g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial);
++
++    /* Use a uniquely seeded PRNG to get a prefix cookie for this agent,
++     * whose sequence will not correlate with the per-authentication session
++     * cookies.
++     */
++    append_rand_u128_str (cookie_prefix, agent_private_rand);
++    g_rand_free (agent_private_rand);
++
++    agent->cookie_prefix = g_string_free (cookie_prefix, FALSE);
++    
++    /* And a newly seeded pool for per-session cookies */
++    agent->cookie_pool = g_rand_new ();
++  }
++
+   return agent;
+ }
+ 
+@@ -2193,7 +2257,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
+ {
+   PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
+   AuthenticationSession *session;
+-  gchar *cookie;
+   GList *l;
+   GList *identities;
+   gchar *localized_message;
+@@ -2215,8 +2278,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
+                                     &localized_icon_name,
+                                     &localized_details);
+ 
+-  cookie = authentication_agent_new_cookie (agent);
+-
+   identities = NULL;
+ 
+   /* select admin user if required by the implicit authorization */
+@@ -2279,7 +2340,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
+     user_identities = g_list_prepend (NULL, polkit_unix_user_new (0));
+ 
+   session = authentication_session_new (agent,
+-                                        cookie,
+                                         subject,
+                                         user_of_subject,
+                                         caller,
+@@ -2335,7 +2395,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent         *agent,
+   g_list_free_full (user_identities, g_object_unref);
+   g_list_foreach (identities, (GFunc) g_object_unref, NULL);
+   g_list_free (identities);
+-  g_free (cookie);
+ 
+   g_free (localized_message);
+   g_free (localized_icon_name);
+@@ -2482,7 +2541,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+       goto out;
+     }
+ 
+-  agent = authentication_agent_new (subject,
++  priv->agent_serial++;
++  agent = authentication_agent_new (priv->agent_serial,
++                                    subject,
+                                     polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+                                     locale,
+                                     object_path,
+-- 
+cgit v0.10.2
+
+From 493aa5dc1d278ab9097110c1262f5229bbaf1766 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Wed, 17 Jun 2015 13:07:02 -0400
+Subject: CVE-2015-4625: Bind use of cookies to specific uids
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
+
+The "cookie" value that Polkit hands out is global to all polkit
+users.  And when `AuthenticationAgentResponse` is invoked, we
+previously only received the cookie and *target* identity, and
+attempted to find an agent from that.
+
+The problem is that the current cookie is just an integer
+counter, and if it overflowed, it would be possible for
+an successful authorization in one session to trigger a response
+in another session.
+
+The overflow and ability to guess the cookie were fixed by the
+previous patch.
+
+This patch is conceptually further hardening on top of that.  Polkit
+currently treats uids as equivalent from a security domain
+perspective; there is no support for
+SELinux/AppArmor/etc. differentiation.
+
+We can retrieve the uid from `getuid()` in the setuid helper, which
+allows us to ensure the uid invoking `AuthenticationAgentResponse2`
+matches that of the agent.
+
+Then the authority only looks at authentication sessions matching the
+cookie that were created by a matching uid, thus removing the ability
+for different uids to interfere with each other entirely.
+
+Several fixes to this patch were contributed by:
+Miloslav Trmač <mitr@redhat.com>
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837
+CVE: CVE-2015-4625
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+index 3b519c2..5beef7d 100644
+--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+@@ -8,7 +8,19 @@
+     <annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/>
+ 
+     <method name="BeginAuthentication">
+-      <annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/>
++      <annotation name="org.gtk.EggDBus.DocString" value="<para>Called
++      by the PolicyKit daemon when the authentication agent needs the
++      user to authenticate as one of the identities in @identities for
++      the action with the identifier @action_id.</para><para>This
++      authentication is normally achieved via the
++      polkit_agent_session_response() API, which invokes a private
++      setuid helper process to verify the authentication.  When
++      successful, it calls the
++      org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2()
++      method on the #org.freedesktop.PolicyKit1.Authority interface of
++      the PolicyKit daemon before returning.  If the user dismisses the
++      authentication dialog, the authentication agent should call
++      polkit_agent_session_cancel().</para>"/>
+ 
+       <arg name="action_id" direction="in" type="s">
+         <annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/>
+diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
+index fbfb9cd..f9021ee 100644
+--- a/data/org.freedesktop.PolicyKit1.Authority.xml
++++ b/data/org.freedesktop.PolicyKit1.Authority.xml
+@@ -313,7 +313,29 @@
+     </method>
+ 
+     <method name="AuthenticationAgentResponse">
+-      <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/>
++      <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit."/>
++
++      <arg name="cookie" direction="in" type="s">
++        <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
++      </arg>
++
++      <arg name="identity" direction="in" type="(sa{sv})">
++        <annotation name="org.gtk.EggDBus.Type" value="Identity"/>
++        <annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/>
++      </arg>
++    </method>
++
++    <method name="AuthenticationAgentResponse2">
++      <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit.   Note this method was added in 0.114, and should be preferred over AuthenticationAgentResponse
++as it fixes a security issue."/>
++
++      <arg name="uid" direction="in" type="u">
++        <annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent.  Normally set by the setuid helper program."/>
++      </arg>
+ 
+       <arg name="cookie" direction="in" type="s">
+         <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
+diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+index 6525e25..e66bf53 100644
+--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+@@ -42,6 +42,8 @@ Structure    <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth
+                                   IN  String                         object_path)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link>      (IN  String                         cookie,
+                                   IN  <link linkend="eggdbus-struct-Identity">Identity</link>                       identity)
++<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse2</link>      (IN uint32 uid, IN  String                         cookie,
++                                  IN  <link linkend="eggdbus-struct-Identity">Identity</link>                       identity)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN  <link linkend="eggdbus-struct-Subject">Subject</link>                        subject,
+                                   OUT Array&lt;<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>&gt;  temporary_authorizations)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link>    (IN  <link linkend="eggdbus-struct-Subject">Subject</link>                        subject)
+@@ -777,10 +779,52 @@ AuthenticationAgentResponse (IN  String    cookie,
+                              IN  <link linkend="eggdbus-struct-Identity">Identity</link>  identity)
+     </programlisting>
+     <para>
+-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it.
++Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit.  Deprecated in favor of AuthenticationAgentResponse2.
++    </para>
++<variablelist role="params">
++  <varlistentry>
++    <term><literal>IN  String <parameter>cookie</parameter></literal>:</term>
++    <listitem>
++      <para>
++The cookie identifying the authentication request that was passed to the authentication agent.
++      </para>
++    </listitem>
++  </varlistentry>
++  <varlistentry>
++    <term><literal>IN  <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term>
++    <listitem>
++      <para>
++A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated.
++      </para>
++    </listitem>
++  </varlistentry>
++</variablelist>
++    </refsect2>
++    <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">
++      <title>AuthenticationAgentResponse2 ()</title>
++    <programlisting>
++AuthenticationAgentResponse2 (IN  uint32 uid,
++                              IN  String cookie,
++                              IN  <link linkend="eggdbus-struct-Identity">Identity</link>  identity)
++    </programlisting>
++    <para>
++Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit.  Note this method was introduced in 0.114 to fix a security issue.
+     </para>
+ <variablelist role="params">
+   <varlistentry>
++    <term><literal>IN  uint32 <parameter>uid</parameter></literal>:</term>
++    <listitem>
++      <para>
++The user id of the agent; normally this is the owner of the parent pid
++of the process that invoked the internal setuid helper.
++      </para>
++    </listitem>
++  </varlistentry>
++  <varlistentry>
+     <term><literal>IN  String <parameter>cookie</parameter></literal>:</term>
+     <listitem>
+       <para>
+diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml
+index 150a7bc..176d2ea 100644
+--- a/docs/polkit/overview.xml
++++ b/docs/polkit/overview.xml
+@@ -314,16 +314,18 @@
+     <para>
+       Authentication agents are provided by desktop environments. When
+       an user session starts, the agent registers with the polkit
+-      Authority using
+-      the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
++      Authority using the <link
++      linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
+       method. When services are needed, the authority will invoke
+-      methods on
+-      the <link linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
++      methods on the <link
++      linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
+       D-Bus interface. Once the user is authenticated, (a privileged
+-      part of) the agent invokes
+-      the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
+-      method.  Note that the polkit Authority itself does not care
+-      how the agent authenticates the user.
++      part of) the agent invokes the <link
++      linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
++      method.  This method should be treated as an internal
++      implementation detail, and callers should use the public shared
++      library API to invoke it, which currently uses a setuid helper
++      program.
+     </para>
+     <para>
+       The <link linkend="ref-authentication-agent-api">libpolkit-agent-1</link>
+diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
+index ab6d3cd..6bd684a 100644
+--- a/src/polkit/polkitauthority.c
++++ b/src/polkit/polkitauthority.c
+@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority      *authority,
+                                                 gpointer              user_data)
+ {
+   GVariant *identity_value;
++  /* Note that in reality, this API is only accessible to root, and
++   * only called from the setuid helper `polkit-agent-helper-1`.
++   *
++   * However, because this is currently public API, we avoid
++   * triggering warnings from ABI diff type programs by just grabbing
++   * the real uid of the caller here.
++   */
++  uid_t uid = getuid ();
+ 
+   g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
+   g_return_if_fail (cookie != NULL);
+@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority      *authority,
+   identity_value = polkit_identity_to_gvariant (identity);
+   g_variant_ref_sink (identity_value);
+   g_dbus_proxy_call (authority->proxy,
+-                     "AuthenticationAgentResponse",
+-                     g_variant_new ("(s@(sa{sv}))",
++                     "AuthenticationAgentResponse2",
++                     g_variant_new ("(us@(sa{sv}))",
++                                    (guint32)uid,
+                                     cookie,
+                                     identity_value),
+                      G_DBUS_CALL_FLAGS_NONE,
+diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
+index 601a974..03a4e84 100644
+--- a/src/polkitbackend/polkitbackendauthority.c
++++ b/src/polkitbackend/polkitbackendauthority.c
+@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority
+ gboolean
+ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority    *authority,
+                                                         PolkitSubject             *caller,
++                                                        uid_t                      uid,
+                                                         const gchar               *cookie,
+                                                         PolkitIdentity            *identity,
+                                                         GError                   **error)
+@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority
+     }
+   else
+     {
+-      return klass->authentication_agent_response (authority, caller, cookie, identity, error);
++      return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error);
+     }
+ }
+ 
+@@ -587,6 +588,11 @@ static const gchar *server_introspection_data =
+   "      <arg type='s' name='cookie' direction='in'/>"
+   "      <arg type='(sa{sv})' name='identity' direction='in'/>"
+   "    </method>"
++  "    <method name='AuthenticationAgentResponse2'>"
++  "      <arg type='u' name='uid' direction='in'/>"
++  "      <arg type='s' name='cookie' direction='in'/>"
++  "      <arg type='(sa{sv})' name='identity' direction='in'/>"
++  "    </method>"
+   "    <method name='EnumerateTemporaryAuthorizations'>"
+   "      <arg type='(sa{sv})' name='subject' direction='in'/>"
+   "      <arg type='a(ss(sa{sv})tt)' name='temporary_authorizations' direction='out'/>"
+@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server                 *server,
+   error = NULL;
+   if (!polkit_backend_authority_authentication_agent_response (server->authority,
+                                                                caller,
++                                                               (uid_t)-1,
++                                                               cookie,
++                                                               identity,
++                                                               &error))
++    {
++      g_dbus_method_invocation_return_gerror (invocation, error);
++      g_error_free (error);
++      goto out;
++    }
++
++  g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
++
++ out:
++  if (identity != NULL)
++    g_object_unref (identity);
++}
++
++static void
++server_handle_authentication_agent_response2 (Server                 *server,
++                                              GVariant               *parameters,
++                                              PolkitSubject          *caller,
++                                              GDBusMethodInvocation  *invocation)
++{
++  const gchar *cookie;
++  GVariant *identity_gvariant;
++  PolkitIdentity *identity;
++  GError *error;
++  guint32 uid;
++
++  identity = NULL;
++
++  g_variant_get (parameters,
++                 "(u&s@(sa{sv}))",
++                 &uid,
++                 &cookie,
++                 &identity_gvariant);
++
++  error = NULL;
++  identity = polkit_identity_new_for_gvariant (identity_gvariant, &error);
++  if (identity == NULL)
++    {
++      g_prefix_error (&error, "Error getting identity: ");
++      g_dbus_method_invocation_return_gerror (invocation, error);
++      g_error_free (error);
++      goto out;
++    }
++
++  error = NULL;
++  if (!polkit_backend_authority_authentication_agent_response (server->authority,
++                                                               caller,
++                                                               (uid_t)uid,
+                                                                cookie,
+                                                                identity,
+                                                                &error))
+@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection        *connection,
+     server_handle_unregister_authentication_agent (server, parameters, caller, invocation);
+   else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0)
+     server_handle_authentication_agent_response (server, parameters, caller, invocation);
++  else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0)
++    server_handle_authentication_agent_response2 (server, parameters, caller, invocation);
+   else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0)
+     server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation);
+   else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0)
+diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h
+index f9f7385..88df82e 100644
+--- a/src/polkitbackend/polkitbackendauthority.h
++++ b/src/polkitbackend/polkitbackendauthority.h
+@@ -147,6 +147,7 @@ struct _PolkitBackendAuthorityClass
+ 
+   gboolean (*authentication_agent_response) (PolkitBackendAuthority   *authority,
+                                              PolkitSubject            *caller,
++                                             uid_t                     uid,
+                                              const gchar              *cookie,
+                                              PolkitIdentity           *identity,
+                                              GError                  **error);
+@@ -249,6 +250,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend
+ 
+ gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority    *authority,
+                                                                  PolkitSubject             *caller,
++                                                                 uid_t                      uid,
+                                                                  const gchar               *cookie,
+                                                                  PolkitIdentity            *identity,
+                                                                  GError                   **error);
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 15adc6a..96725f7 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -108,8 +108,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI
+                                                                   PolkitSubject *subject);
+ 
+ 
+-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
+-                                                                     const gchar *cookie);
++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
++                                                                             uid_t                              uid,
++                                                                             const gchar                       *cookie);
+ 
+ static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority,
+                                                                                const gchar *system_bus_unique_name);
+@@ -169,6 +170,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a
+ 
+ static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority   *authority,
+                                                                               PolkitSubject            *caller,
++                                                                              uid_t                     uid,
+                                                                               const gchar              *cookie,
+                                                                               PolkitIdentity           *identity,
+                                                                               GError                  **error);
+@@ -440,6 +442,7 @@ struct AuthenticationAgent
+ {
+   volatile gint ref_count;
+ 
++  uid_t creator_uid;
+   PolkitSubject *scope;
+   guint64 serial;
+ 
+@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent)
+ static AuthenticationAgent *
+ authentication_agent_new (guint64      serial,
+                           PolkitSubject *scope,
++                          PolkitIdentity *creator,
+                           const gchar *unique_system_bus_name,
+                           const gchar *locale,
+                           const gchar *object_path,
+@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64      serial,
+ {
+   AuthenticationAgent *agent;
+   GDBusProxy *proxy;
++  PolkitUnixUser *creator_user;
++
++  g_assert (POLKIT_IS_UNIX_USER (creator));
++  creator_user = POLKIT_UNIX_USER (creator);
+ 
+   if (!g_variant_is_object_path (object_path))
+     {
+@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64      serial,
+   agent->ref_count = 1;
+   agent->serial = serial;
+   agent->scope = g_object_ref (scope);
++  agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user);
+   agent->object_path = g_strdup (object_path);
+   agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+   agent->locale = g_strdup (locale);
+@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori
+ }
+ 
+ static AuthenticationSession *
+-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
+-                                       const gchar *cookie)
++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
++                                               uid_t                              uid,
++                                               const gchar                       *cookie)
+ {
+   PolkitBackendInteractiveAuthorityPrivate *priv;
+   GHashTableIter hash_iter;
+@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author
+     {
+       GList *l;
+ 
++      /* We need to ensure that if somehow we have duplicate cookies
++       * due to wrapping, that the cookie used is matched to the user
++       * who called AuthenticationAgentResponse2.  See
++       * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
++       * 
++       * Except if the legacy AuthenticationAgentResponse is invoked,
++       * we don't know the uid and hence use -1.  Continue to support
++       * the old behavior for backwards compatibility, although everyone
++       * who is using our own setuid helper will automatically be updated
++       * to the new API.
++       */
++      if (uid != (uid_t)-1)
++        {
++          if (agent->creator_uid != uid)
++            continue;
++        }
++
+       for (l = agent->active_sessions; l != NULL; l = l->next)
+         {
+           AuthenticationSession *session = l->data;
+@@ -2544,6 +2571,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+   priv->agent_serial++;
+   agent = authentication_agent_new (priv->agent_serial,
+                                     subject,
++                                    user_of_caller,
+                                     polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+                                     locale,
+                                     object_path,
+@@ -2757,6 +2785,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
+ static gboolean
+ polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority   *authority,
+                                                               PolkitSubject            *caller,
++                                                              uid_t                     uid,
+                                                               const gchar              *cookie,
+                                                               PolkitIdentity           *identity,
+                                                               GError                  **error)
+@@ -2799,7 +2828,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken
+     }
+ 
+   /* find the authentication session */
+-  session = get_authentication_session_for_cookie (interactive_authority, cookie);
++  session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie);
+   if (session == NULL)
+     {
+       g_set_error (error,
+-- 
+cgit v0.10.2
+
+--- ./configure.ac.orig
++++ ./configure.ac
+@@ -122,7 +122,7 @@
+   changequote([,])dnl
+ fi
+ 
+-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0])
++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 gio-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+ 
diff --git a/user/polkit/automake.patch b/user/polkit/automake.patch
new file mode 100644
index 000000000..0f6825a26
--- /dev/null
+++ b/user/polkit/automake.patch
@@ -0,0 +1,19 @@
+--- ./configure.ac.orig	2012-12-31 21:39:08.969445979 +0000
++++ ./configure.ac	2012-12-31 21:39:30.136285425 +0000
+@@ -3,7 +3,7 @@
+ AC_PREREQ(2.59c)
+ AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel)
+ AM_INIT_AUTOMAKE(polkit, 0.105)
+-AM_CONFIG_HEADER(config.h)
++AC_CONFIG_HEADER(config.h)
+ AM_MAINTAINER_MODE
+ 
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+@@ -24,7 +24,6 @@
+ 
+ AC_ISC_POSIX
+ AC_PROG_CC
+-AM_PROG_CC_STDC
+ AC_HEADER_STDC
+ AM_PROG_LIBTOOL
+ AC_PROG_MAKE_SET
diff --git a/user/polkit/disable-ck-test.patch b/user/polkit/disable-ck-test.patch
new file mode 100644
index 000000000..e1987d40d
--- /dev/null
+++ b/user/polkit/disable-ck-test.patch
@@ -0,0 +1,15 @@
+This test requires ConsoleKit to be running.
+
+--- polkit-0.105/test/polkitbackend/Makefile.am.old	2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/polkitbackend/Makefile.am	2017-09-27 20:48:42.479959296 -0500
+@@ -36,8 +36,8 @@
+ TEST_PROGS += polkitbackendlocalauthorizationstoretest
+ polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c
+ 
+-TEST_PROGS += polkitbackendlocalauthoritytest
+-polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
++#TEST_PROGS += polkitbackendlocalauthoritytest
++#polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
+ 
+ # ----------------------------------------------------------------------------------------------------
+ 
diff --git a/user/polkit/fix-consolekit-db-stat.patch b/user/polkit/fix-consolekit-db-stat.patch
new file mode 100644
index 000000000..3deceb639
--- /dev/null
+++ b/user/polkit/fix-consolekit-db-stat.patch
@@ -0,0 +1,30 @@
+--- polkit-0.105.orig/src/polkitbackend/polkitbackendsessionmonitor.c	2012-04-24 19:05:34.000000000 +0300
++++ polkit-0.105/src/polkitbackend/polkitbackendsessionmonitor.c	2015-08-17 14:50:51.428580856 +0300
+@@ -47,7 +47,7 @@ struct _PolkitBackendSessionMonitor
+ 
+   GKeyFile *database;
+   GFileMonitor *database_monitor;
+-  time_t database_mtime;
++  struct timespec database_mtim;
+ };
+ 
+ struct _PolkitBackendSessionMonitorClass
+@@ -95,7 +95,7 @@ reload_database (PolkitBackendSessionMon
+       goto out;
+     }
+ 
+-  monitor->database_mtime = statbuf.st_mtime;
++  monitor->database_mtim = statbuf.st_mtim;
+ 
+   monitor->database = g_key_file_new ();
+   if (!g_key_file_load_from_file (monitor->database,
+@@ -131,7 +131,8 @@ ensure_database (PolkitBackendSessionMon
+                        strerror (errno));
+           goto out;
+         }
+-      if (statbuf.st_mtime == monitor->database_mtime)
++      if (statbuf.st_mtim.tv_sec  == monitor->database_mtim.tv_sec &&
++          statbuf.st_mtim.tv_nsec == monitor->database_mtim.tv_nsec)
+         {
+           ret = TRUE;
+           goto out;
diff --git a/user/polkit/fix-parallel-make.patch b/user/polkit/fix-parallel-make.patch
new file mode 100644
index 000000000..b693a34dd
--- /dev/null
+++ b/user/polkit/fix-parallel-make.patch
@@ -0,0 +1,40 @@
+From 7bd30764a5230684c7c979a08a83dfa6e327f719 Mon Sep 17 00:00:00 2001
+From: Ryan Lortie <desrt@velocity.(none)>
+Date: Tue, 13 Nov 2012 16:50:14 +0000
+Subject: build: Fix .gir generation for parallel make
+
+As per the intructions in the introspection Makefile, we should have a
+line declaring a dependency between the .gir and .la files.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=57077
+
+Signed-off-by: David Zeuthen <zeuthen@gmail.com>
+---
+diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
+index 39d6d84..d648d29 100644
+--- a/src/polkit/Makefile.am
++++ b/src/polkit/Makefile.am
+@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION
+ 
+ INTROSPECTION_GIRS = Polkit-1.0.gir
+ 
++Polkit-1.0.gir: libpolkit-gobject-1.la
++
+ girdir = $(INTROSPECTION_GIRDIR)
+ gir_DATA = Polkit-1.0.gir
+ 
+diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
+index 1cfb73c..5b7d4c7 100644
+--- a/src/polkitagent/Makefile.am
++++ b/src/polkitagent/Makefile.am
+@@ -108,6 +108,8 @@ if HAVE_INTROSPECTION
+ girdir = $(INTROSPECTION_GIRDIR)
+ gir_DATA = PolkitAgent-1.0.gir
+ 
++PolkitAgent-1.0.gir: libpolkit-agent-1.la
++
+ typelibsdir = $(INTROSPECTION_TYPELIBDIR)
+ typelibs_DATA = PolkitAgent-1.0.typelib
+ 
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/user/polkit/fix-test-fgetpwent.patch b/user/polkit/fix-test-fgetpwent.patch
new file mode 100644
index 000000000..7bc6481cc
--- /dev/null
+++ b/user/polkit/fix-test-fgetpwent.patch
@@ -0,0 +1,20 @@
+--- polkit-0.105/test/mocklibc/src/pwd.c.old	2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/mocklibc/src/pwd.c	2017-09-27 19:40:57.883227673 -0500
+@@ -16,6 +16,7 @@
+  * Author: Nikki VonHollen <vonhollen@gmail.com>
+  */
+ 
++#define _GNU_SOURCE
+ #include <pwd.h>
+ 
+ #include <stdio.h>
+--- polkit-0.105/test/mocklibc/src/grp.c.old	2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/mocklibc/src/grp.c	2017-09-27 19:44:57.759238450 -0500
+@@ -16,6 +16,7 @@
+  * Author: Nikki VonHollen <vonhollen@gmail.com>
+  */
+ 
++#define _GNU_SOURCE
+ #include <grp.h>
+ 
+ #include <stdio.h>
diff --git a/user/py-dbus/APKBUILD b/user/py-dbus/APKBUILD
new file mode 100644
index 000000000..87da11915
--- /dev/null
+++ b/user/py-dbus/APKBUILD
@@ -0,0 +1,44 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=py-dbus
+pkgver=1.2.0
+pkgrel=3
+pkgdesc="Python bindings for DBUS"
+url="http://www.freedesktop.org/wiki/Software/DBusBindings"
+arch="all"
+license="GPL LGPL"
+depends="python3"
+depends_dev="py-dbus"
+makedepends="dbus-glib-dev python3-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://dbus.freedesktop.org/releases/dbus-python/dbus-python-$pkgver.tar.gz"
+
+builddir="$srcdir"/dbus-python-$pkgver
+
+prepare() {
+	cd "$builddir"
+	update_config_sub
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr
+	make
+}
+
+check() {
+	cd "$builddir"
+	make test
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="b09cd2d1a057cc432ce944de3fc06bf7  dbus-python-1.2.0.tar.gz"
+sha256sums="e12c6c8b2bf3a9302f75166952cbe41d6b38c3441bbc6767dbd498942316c6df  dbus-python-1.2.0.tar.gz"
+sha512sums="013b23e08fa1ed43f53a756587fefbc9770f7c51e93510e555acbd77230b7200693419bba9a69680d790bbaf123f4a195afa38b3eee1143da950fee0b5130bce  dbus-python-1.2.0.tar.gz"
diff --git a/user/qca/APKBUILD b/user/qca/APKBUILD
new file mode 100644
index 000000000..669389ac7
--- /dev/null
+++ b/user/qca/APKBUILD
@@ -0,0 +1,35 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+pkgname=qca
+pkgver=2.1.3
+pkgrel=5
+pkgdesc="Qt cryptographic architecture"
+url="http://delta.affinix.com/qca/"
+arch="all"
+license="LGPL-2.1+"
+depends=
+depends_dev="qt5-qtbase-dev"
+makedepends="$depends_dev cmake cyrus-sasl-dev"
+install=""
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://download.kde.org/stable/qca/$pkgver/src/qca-${pkgver}.tar.xz"
+
+builddir="$srcdir"/qca-$pkgver
+
+build() {
+	cd "$builddir"
+	cmake -DCMAKE_INSTALL_PREFIX=/usr -DWITH_cyrus-sasl_PLUGIN=yes .
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+check() {
+	cd "$builddir"
+	make test
+}
+
+sha512sums="0aec277e0695da2e45298f0a9006213829fe4c449a79969e472947db54f45000ba6e22361b782465bdc03f269b7301d318c843f5a83db459a118e58a03f3116a  qca-2.1.3.tar.xz"
diff --git a/user/redis/APKBUILD b/user/redis/APKBUILD
new file mode 100644
index 000000000..fc8ea8426
--- /dev/null
+++ b/user/redis/APKBUILD
@@ -0,0 +1,87 @@
+# Contributor: V.Krishn <vkrishn4@gmail.com>
+# Maintainer:
+pkgname=redis
+pkgver=4.0.2
+pkgrel=2
+pkgdesc="Advanced key-value store"
+url="http://redis.io/"
+arch="all"
+license="BSD"
+depends=""
+makedepends="linux-headers"
+checkdepends="tcl"
+splitpackages="$pkgname-openrc"
+install="redis.pre-install"
+pkgusers="redis"
+pkggroups="redis"
+source="http://download.redis.io/releases/$pkgname-$pkgver.tar.gz
+	fix-ppc-atomics.patch
+	posix-runtest.patch
+	redis.initd
+	redis.logrotate
+	redis.confd
+	"
+builddir="$srcdir/$pkgname-$pkgver"
+
+prepare() {
+	default_prepare
+
+	cd "$builddir"
+	sed -i -e 's|^daemonize .*|daemonize yes|' \
+		-e 's|^dir .*|dir /var/lib/redis/|' \
+		-e 's|^logfile .*|logfile /var/log/redis/redis\.log|' \
+		-e 's|^pidfile .*|pidfile /var/run/redis/redis\.pid|' \
+		-e 's|^loglevel .*|loglevel notice|' \
+		redis.conf
+
+	# disable broken tests
+	# see: https://github.com/antirez/redis/issues/2814
+	#      https://github.com/antirez/redis/issues/3810
+
+	sed -i -e '/integration\/aof/d' \
+	       -e '/integration\/logging/d' \
+		tests/test_helper.tcl
+}
+
+build() {
+	cd "$builddir"
+	make PREFIX=/usr \
+		INSTALL_BIN="$pkgdir"/usr/bin \
+		MALLOC=libc \
+		FINAL_LIBS="-latomic " \
+		all
+}
+
+check() {
+	cd "$builddir"
+	make test
+}
+
+package() {
+	cd "$builddir"
+	mkdir -p "$pkgdir"/usr/bin
+	install -d -o redis -g redis \
+		"$pkgdir"/var/lib/redis \
+		"$pkgdir"/var/log/redis \
+		"$pkgdir"/var/run/redis
+
+	install -D -m755 "$builddir/COPYING" \
+		"$pkgdir/usr/share/licenses/redis/COPYING"
+        install -D -m755 "$srcdir/redis.initd" "$pkgdir/etc/init.d/redis" \
+		&& install -Dm644 "$srcdir/redis.logrotate" \
+			"$pkgdir/etc/logrotate.d/redis" \
+		&& install -Dm644 "$srcdir/redis.confd" \
+			"$pkgdir/etc/conf.d/redis"
+        install -D -m644 "$builddir/redis.conf" "$pkgdir/etc/redis.conf"
+
+	make PREFIX=/usr \
+		INSTALL_BIN="$pkgdir/usr/bin" \
+		install
+}
+
+sha512sums="1458909c6fc16cff8ca5e6dddff23b988ee1e447f2d0bccf5941553b22bab6abb851732b3fe53dafb8a69d6c0939c3ce7e0686d51e03be720fb018c038d3b1b4  redis-4.0.2.tar.gz
+f768acea3e1868dbf0596085640c83e58d899860d7d647b0965fa858844c494d0a49b229fb417456d83f3e2690e5450950c31e0fa40529df85a9cde38d8981c4  fix-ppc-atomics.patch
+856ae98e9e8670801827c3bd793dc14ed2c62c37365f8d04b452d7e1ab97300a0bf18c59b52ea686c2689d53aeed8e29e2c55207d3d4fb1fd8fc7fc820f33157  posix-runtest.patch
+91b663f802aea9a473195940d3bf2ce3ca2af4e5b6e61a2d28ebbfe502ef2c764b574b7e87c49e60345d1a5d6b73d12920924c93b26be110c2ce824023347b6f  redis.initd
+6d17d169b40a7e23a0a2894eff0f3e2fe8e4461b36f2a9d45468f0abd84ea1035d679b4c0a34029bce093147f9c7bb697e843c113c17769d38c934d4a78a5848  redis.logrotate
+d87aad6185300c99cc9b6a478c83bf62c450fb2c225592d74cc43a3adb93e19d8d2a42cc279907b385aa73a7b9c77b66828dbfb001009edc16a604abb2087e99  redis.confd"
diff --git a/user/redis/fix-ppc-atomics.patch b/user/redis/fix-ppc-atomics.patch
new file mode 100644
index 000000000..0263bb531
--- /dev/null
+++ b/user/redis/fix-ppc-atomics.patch
@@ -0,0 +1,13 @@
+--- redis-4.0.2/src/Makefile.old	2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/src/Makefile	2018-05-26 18:45:23.494413590 -0500
+@@ -109,6 +109,10 @@
+ # Include paths to dependencies
+ FINAL_CFLAGS+= -I../deps/hiredis -I../deps/linenoise -I../deps/lua/src
+ 
++ifeq ($(uname_M),ppc)
++	FINAL_LIBS+= -latomic
++endif
++
+ ifeq ($(MALLOC),tcmalloc)
+ 	FINAL_CFLAGS+= -DUSE_TCMALLOC
+ 	FINAL_LIBS+= -ltcmalloc
diff --git a/user/redis/posix-runtest.patch b/user/redis/posix-runtest.patch
new file mode 100644
index 000000000..84d76ad10
--- /dev/null
+++ b/user/redis/posix-runtest.patch
@@ -0,0 +1,33 @@
+--- redis-4.0.2/runtest.old	2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/runtest	2017-12-31 05:50:13.037119127 -0600
+@@ -3,7 +3,7 @@
+ TCLSH=""
+ 
+ for VERSION in $TCL_VERSIONS; do
+-	TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
++	TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
+ done
+ 
+ if [ -z $TCLSH ]
+--- redis-4.0.2/runtest-cluster.old	2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/runtest-cluster	2017-12-31 05:50:20.517111722 -0600
+@@ -3,7 +3,7 @@
+ TCLSH=""
+ 
+ for VERSION in $TCL_VERSIONS; do
+-	TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
++	TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
+ done
+ 
+ if [ -z $TCLSH ]
+--- redis-4.0.2/runtest-sentinel.old	2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/runtest-sentinel	2017-12-31 05:50:26.877105425 -0600
+@@ -3,7 +3,7 @@
+ TCLSH=""
+ 
+ for VERSION in $TCL_VERSIONS; do
+-	TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
++	TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
+ done
+ 
+ if [ -z $TCLSH ]
diff --git a/user/redis/redis.confd b/user/redis/redis.confd
new file mode 100644
index 000000000..a79f61ccd
--- /dev/null
+++ b/user/redis/redis.confd
@@ -0,0 +1,9 @@
+# Redis user.
+REDIS_USER="redis"
+
+# Redis group.
+REDIS_GROUP="redis"
+
+# Redis configuration file.
+REDIS_CONF="/etc/redis.conf"
+
diff --git a/user/redis/redis.initd b/user/redis/redis.initd
new file mode 100755
index 000000000..ce6aba7e3
--- /dev/null
+++ b/user/redis/redis.initd
@@ -0,0 +1,52 @@
+#!/sbin/openrc-run
+
+REDIS_CONF=${REDIS_CONF:-/etc/redis.conf}
+REDIS_USER=${REDIS_USER:-redis}
+REDIS_GROUP=${REDIS_GROUP:-redis}
+
+name="Redis server"
+command=/usr/bin/redis-server
+command_args=${REDIS_CONF}
+
+depend() {
+	use net localmount logger
+	after keepalived firewall
+}
+
+# get global pidfile, logfile, and dir from config file
+get_config() {
+	if [ ! -f "${REDIS_CONF}" ] ; then
+		eerror "You need a ${REDIS_CONF} file to run redis"
+		return 1;
+	fi
+	
+	pidfile=$(awk '$1 == "pidfile" { print $2 }' "$REDIS_CONF")
+	logfile=$(awk '$1 == "logfile" { print $2 }' "$REDIS_CONF")
+	dir=$(awk '$1 == "dir" { print $2 }' "$REDIS_CONF")
+	: ${pidfile:=/var/run/redis/redis.pid}
+	: ${logfile:=/var/log/redis/redis.log}
+	: ${dir:=/var/lib/redis}
+}
+
+start() {
+	get_config || return 1
+	checkpath -d -o ${REDIS_USER}:${REDIS_GROUP} ${pidfile%/*} \
+		${logfile%/*} ${dir}
+
+	ebegin "Starting $name"
+	start-stop-daemon --start \
+		--chdir "${dir}" \
+		--user ${REDIS_USER}:${REDIS_GROUP} \
+		--pidfile "${pidfile}" \
+		--exec "${command}" \
+		-- ${command_args}
+	eend $? 
+}
+
+stop() {
+	get_config
+	ebegin "Stopping $name"
+	start-stop-daemon --stop --retry 30 --pidfile "${pidfile}"
+	eend $?
+}
+
diff --git a/user/redis/redis.logrotate b/user/redis/redis.logrotate
new file mode 100644
index 000000000..c77c9a0e8
--- /dev/null
+++ b/user/redis/redis.logrotate
@@ -0,0 +1,4 @@
+/var/log/redis/redis.log {
+   notifempty
+   missingok
+}
diff --git a/user/redis/redis.pre-install b/user/redis/redis.pre-install
new file mode 100644
index 000000000..f73213126
--- /dev/null
+++ b/user/redis/redis.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S redis 2>/dev/null
+adduser -S -D -H -h /var/lib/redis -s /bin/false -G redis -g redis redis 2>/dev/null
+
+exit 0
diff --git a/user/snappy/APKBUILD b/user/snappy/APKBUILD
new file mode 100644
index 000000000..588164d55
--- /dev/null
+++ b/user/snappy/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=snappy
+pkgver=1.1.7
+pkgrel=0
+pkgdesc="Fast compression and decompression library"
+url="http://google.github.io/snappy/"
+arch="all"
+license="BSD-3-Clause"
+subpackages="$pkgname-dbg $pkgname-dev"
+source="snappy-$pkgver.tar.gz::https://github.com/google/snappy/archive/$pkgver.tar.gz
+	"
+[ "$CARCH" = "armhf" ] && options="!check"     # does not pass testsuite on armhf
+
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+	cd "$builddir"
+	if [ "$CBUILD" != "$CHOST" ]; then
+		CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux"
+	fi
+	cmake \
+		-DCMAKE_INSTALL_PREFIX=/usr \
+		-DCMAKE_INSTALL_LIBDIR=lib \
+		-DBUILD_SHARED_LIBS=True \
+		-DCMAKE_BUILD_TYPE=RelWithDebugInfo \
+		-DCMAKE_CXX_FLAGS="$CXXFLAGS" \
+		-DCMAKE_C_FLAGS="$CFLAGS" \
+		${CMAKE_CROSSOPTS}
+	make
+}
+
+check() {
+	cd "$builddir"
+	CTEST_OUTPUT_ON_FAILURE=TRUE ctest
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="32046f532606ba545a4e4825c0c66a19be449f2ca2ff760a6fa170a3603731479a7deadb683546e5f8b5033414c50f4a9a29f6d23b7a41f047e566e69eca7caf  snappy-1.1.7.tar.gz"
diff --git a/user/spice/APKBUILD b/user/spice/APKBUILD
new file mode 100644
index 000000000..a40b5853f
--- /dev/null
+++ b/user/spice/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: A. Wilcox <awilfox@adelielinux.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+pkgname=spice
+pkgver=0.14.0
+pkgrel=0
+pkgdesc="Solution for seamless access to virtual machines"
+url="https://www.spice-space.org/"
+arch="all"
+license="LGPL-2.1+"
+depends="gst-plugins-base"
+depends_dev=""
+makedepends="$depends_dev openssl-dev zlib-dev libjpeg-turbo-dev cyrus-sasl-dev
+	opus-dev lz4-dev gstreamer-dev gst-plugins-base-dev glib-dev orc-dev
+	python3 spice-protocol pixman-dev gstreamer-tools"
+install=""
+subpackages="$pkgname-dev"
+source="https://www.spice-space.org/download/releases/spice-$pkgver.tar.bz2"
+builddir="$srcdir/spice-$pkgver"
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var \
+		--disable-celt051
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f  spice-0.14.0.tar.bz2"
diff --git a/user/upower/APKBUILD b/user/upower/APKBUILD
new file mode 100644
index 000000000..9c596f3e0
--- /dev/null
+++ b/user/upower/APKBUILD
@@ -0,0 +1,40 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=upower
+pkgver=0.99.6
+pkgrel=0
+pkgdesc="Power Management Services"
+url="http://upower.freedesktop.org"
+arch="all"
+license="GPL2+"
+depends=""
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+makedepends="linux-headers gtk+-dev libgudev-dev libusb-dev polkit-dev
+	dbus-glib-dev libxslt gobject-introspection-dev docbook-xsl"
+source="http://upower.freedesktop.org/releases/upower-$pkgver.tar.xz
+	"
+
+builddir="$srcdir"/$pkgname-$pkgver
+build() {
+	cd "$builddir"
+	DATADIRNAME=share ./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--libexecdir=/usr/lib/upower \
+		--disable-static
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+sha512sums="7e7256491ecb5d3f04abf41f05a761b79761c8868a1aedadfc5085c3b9cf15f6099c1494596e6a24b0951511bc7cac074e93ebb2b84abb9fb7a4374483052d3f  upower-0.99.6.tar.xz"
diff --git a/user/upower/daemon-fix-get_critical_action.patch b/user/upower/daemon-fix-get_critical_action.patch
new file mode 100644
index 000000000..6afe9b7a9
--- /dev/null
+++ b/user/upower/daemon-fix-get_critical_action.patch
@@ -0,0 +1,28 @@
+From 28cee8e2845b094488c337c4ecfa84ada0b6be60 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Tue, 23 Feb 2016 09:51:07 +0100
+Subject: daemon: fix get_critical_action()
+
+Fix copy&paste error from e7e9156f that called the wrong _complete_ function
+for up_daemon_get_critical_action().
+
+https://bugs.freedesktop.org/show_bug.cgi?id=94262
+
+diff --git a/src/up-daemon.c b/src/up-daemon.c
+index be14cbe..e95f904 100644
+--- a/src/up-daemon.c
++++ b/src/up-daemon.c
+@@ -435,8 +435,8 @@ up_daemon_get_critical_action (UpExportedDaemon *skeleton,
+ 			       GDBusMethodInvocation *invocation,
+ 			       UpDaemon *daemon)
+ {
+-	up_exported_daemon_complete_get_display_device (skeleton, invocation,
+-							up_backend_get_critical_action (daemon->priv->backend));
++	up_exported_daemon_complete_get_critical_action (skeleton, invocation,
++							 up_backend_get_critical_action (daemon->priv->backend));
+ 	return TRUE;
+ }
+ 
+-- 
+cgit v0.10.2
+
diff --git a/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch b/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch
new file mode 100644
index 000000000..47e2f4799
--- /dev/null
+++ b/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch
@@ -0,0 +1,184 @@
+From 932a6a39e35754be571e1274aec4730fd42dba13 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Wed, 18 May 2016 09:22:43 +0200
+Subject: lib: Add proper error and cancellable handling to UpClient
+ constructor
+
+A GObject's _init() should never fail or block, but this is currently the case
+as up_client_init() connects to upowerd on D-Bus. Convert this to the GInitable
+interface and provide a new constructor up_client_new_full() which accepts a
+GCancellable and GError, so that clients can do proper error handling
+and reporting.
+
+This changes up_client_new() to return NULL when connecting to upowerd fails.
+This provides a more well-defined behaviour in this case as clients can check
+for this and our methods stop segfaulting as they have checks like
+
+   g_return_val_if_fail (UP_IS_CLIENT (client), ...)
+
+Previously we returned a valid object, but trying to call any method on it
+segfaulted due to the NULL D-Bus proxy, so client code had no chance to check
+whether the UpClient object was really valid.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=95350
+
+diff --git a/libupower-glib/up-client.c b/libupower-glib/up-client.c
+index 5b2218f..adc0b9b 100644
+--- a/libupower-glib/up-client.c
++++ b/libupower-glib/up-client.c
+@@ -39,9 +39,10 @@
+ #include "up-daemon-generated.h"
+ #include "up-device.h"
+ 
+-static void	up_client_class_init	(UpClientClass	*klass);
+-static void	up_client_init		(UpClient	*client);
+-static void	up_client_finalize	(GObject	*object);
++static void	up_client_class_init		(UpClientClass	*klass);
++static void	up_client_initable_iface_init	(GInitableIface *iface);
++static void	up_client_init			(UpClient	*client);
++static void	up_client_finalize		(GObject	*object);
+ 
+ #define UP_CLIENT_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), UP_TYPE_CLIENT, UpClientPrivate))
+ 
+@@ -73,7 +74,8 @@ enum {
+ static guint signals [UP_CLIENT_LAST_SIGNAL] = { 0 };
+ static gpointer up_client_object = NULL;
+ 
+-G_DEFINE_TYPE (UpClient, up_client, G_TYPE_OBJECT)
++G_DEFINE_TYPE_WITH_CODE (UpClient, up_client, G_TYPE_OBJECT,
++                         G_IMPLEMENT_INTERFACE(G_TYPE_INITABLE, up_client_initable_iface_init))
+ 
+ /**
+  * up_client_get_devices:
+@@ -434,11 +436,10 @@ up_client_class_init (UpClientClass *klass)
+  * up_client_init:
+  * @client: This class instance
+  */
+-static void
+-up_client_init (UpClient *client)
++static gboolean
++up_client_initable_init (GInitable *initable, GCancellable *cancellable, GError **error)
+ {
+-	GError *error = NULL;
+-
++	UpClient *client = UP_CLIENT (initable);
+ 	client->priv = UP_CLIENT_GET_PRIVATE (client);
+ 
+ 	/* connect to main interface */
+@@ -446,13 +447,10 @@ up_client_init (UpClient *client)
+ 									 G_DBUS_PROXY_FLAGS_NONE,
+ 									 "org.freedesktop.UPower",
+ 									 "/org/freedesktop/UPower",
+-									 NULL,
+-									 &error);
+-	if (client->priv->proxy == NULL) {
+-		g_warning ("Couldn't connect to proxy: %s", error->message);
+-		g_error_free (error);
+-		return;
+-	}
++									 cancellable,
++									 error);
++	if (client->priv->proxy == NULL)
++		return FALSE;
+ 
+ 	/* all callbacks */
+ 	g_signal_connect (client->priv->proxy, "device-added",
+@@ -461,6 +459,23 @@ up_client_init (UpClient *client)
+ 			  G_CALLBACK (up_device_removed_cb), client);
+ 	g_signal_connect (client->priv->proxy, "notify",
+ 			  G_CALLBACK (up_client_notify_cb), client);
++
++	return TRUE;
++}
++
++static void
++up_client_initable_iface_init (GInitableIface *iface)
++{
++	iface->init = up_client_initable_init;
++}
++
++/*
++ * up_client_init:
++ * @client: This class instance
++ */
++static void
++up_client_init (UpClient *client)
++{
+ }
+ 
+ /*
+@@ -482,23 +497,52 @@ up_client_finalize (GObject *object)
+ }
+ 
+ /**
+- * up_client_new:
++ * up_client_new_full:
++ * @cancellable: (allow-none): A #GCancellable or %NULL.
++ * @error: Return location for error or %NULL.
+  *
+- * Creates a new #UpClient object.
++ * Creates a new #UpClient object. If connecting to upowerd on D-Bus fails,
++ % this returns %NULL and sets @error.
+  *
+- * Return value: a new UpClient object.
++ * Return value: a new UpClient object, or %NULL on failure.
+  *
+- * Since: 0.9.0
++ * Since: 0.99.5
+  **/
+ UpClient *
+-up_client_new (void)
++up_client_new_full (GCancellable *cancellable, GError **error)
+ {
+ 	if (up_client_object != NULL) {
+ 		g_object_ref (up_client_object);
+ 	} else {
+-		up_client_object = g_object_new (UP_TYPE_CLIENT, NULL);
+-		g_object_add_weak_pointer (up_client_object, &up_client_object);
++		up_client_object = g_initable_new (UP_TYPE_CLIENT, cancellable, error, NULL);
++		if (up_client_object)
++			g_object_add_weak_pointer (up_client_object, &up_client_object);
+ 	}
+ 	return UP_CLIENT (up_client_object);
+ }
+ 
++/**
++ * up_client_new:
++ *
++ * Creates a new #UpClient object. If connecting to upowerd on D-Bus fails,
++ * this returns %NULL and prints out a warning with the error message.
++ * Consider using up_client_new_full() instead which allows you to handle errors
++ * and cancelling long operations yourself.
++ *
++ * Return value: a new UpClient object, or %NULL on failure.
++ *
++ * Since: 0.9.0
++ **/
++UpClient *
++up_client_new (void)
++{
++	GError *error = NULL;
++	UpClient *client;
++	client = up_client_new_full (NULL, &error);
++	if (client == NULL) {
++		g_warning ("Couldn't connect to proxy: %s", error->message);
++		g_error_free (error);
++	}
++	return client;
++}
++
+diff --git a/libupower-glib/up-client.h b/libupower-glib/up-client.h
+index 79c2d9e..5b9af3c 100644
+--- a/libupower-glib/up-client.h
++++ b/libupower-glib/up-client.h
+@@ -72,6 +72,7 @@ typedef struct
+ /* general */
+ GType		 up_client_get_type			(void);
+ UpClient	*up_client_new				(void);
++UpClient	*up_client_new_full			(GCancellable *cancellable, GError **error);
+ 
+ /* sync versions */
+ UpDevice *	 up_client_get_display_device		(UpClient *client);
+-- 
+cgit v0.10.2
+
diff --git a/user/valgrind/APKBUILD b/user/valgrind/APKBUILD
new file mode 100644
index 000000000..c5371950d
--- /dev/null
+++ b/user/valgrind/APKBUILD
@@ -0,0 +1,76 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=valgrind
+pkgver=3.13.0
+pkgrel=0
+pkgdesc="A tool to help find memory-management problems in programs"
+url="http://valgrind.org/"
+arch="all"
+license="GPL-2.0-or-later"
+# it seems like busybox sed works but the configure script requires GNU sed
+makedepends="sed paxmark perl bash autoconf automake libtool"
+# from README_PACKAGERS:
+#   Don't strip the debug info off lib/valgrind/$platform/vgpreload*.so
+#   in the installation tree.  Either Valgrind won't work at all, or it
+#   will still work if you do, but will generate less helpful error
+#   messages.
+options="!strip !check"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://sourceware.org/pub/$pkgname/$pkgname-$pkgver.tar.bz2
+	uclibc.patch
+	arm.patch
+	coregrind-elfv2.patch"
+#	musl-fixes.patch
+builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+	default_prepare
+	cd "$builddir"
+	aclocal && autoconf && automake --add-missing
+	echo '#include <linux/a.out.h>' > include/a.out.h
+}
+
+build() {
+	cd "$builddir"
+	# fails to build with ccache
+	export CC="gcc"
+	export CFLAGS="$CFLAGS -fno-stack-protector -no-pie"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+		--without-mpicc
+	make
+}
+
+check() {
+	cd "$buildir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+
+	# we have options=!strip above so we strip the /usr/bin/* manually
+	if [ -z "$DEBUG" ]; then
+		strip "$pkgdir"/usr/bin/valgrind \
+			"$pkgdir"/usr/bin/valgrind-di-server \
+			"$pkgdir"/usr/bin/vgdb \
+			"$pkgdir"/usr/bin/valgrind-listener \
+			"$pkgdir"/usr/bin/cg_merge
+	fi
+
+	# pax causes some issues
+	# http://marc.info/?l=gentoo-hardened&m=119512627126298&w=2
+	# http://bugs.alpinelinux.org/issues/999
+	paxmark -m "$pkgdir"/usr/lib/valgrind/*-*-linux
+}
+
+sha512sums="34e1013cd3815d30a459b86220e871bb0a6209cc9e87af968f347083693779f022e986f211bdf1a5184ad7370cde12ff2cfca8099967ff94732970bd04a97009  valgrind-3.13.0.tar.bz2
+d59a10db9037e120df2ee94a103402ca95a79abee9d8be63e4e1bca29c82dca775cc402a79b854ec11a2160a4d2da202c237369418e221d1925267ea2613fd5d  uclibc.patch
+9ee297d1b2b86891584443ad0caadc4977e1447979611ccf1cc55dbee61911b0b063bc4ad936d86c451cedae410cb3219b5a088b2ad0aa17df182d564fe36cfe  arm.patch
+0f54b7b207870f495a0cf010b3091e2c0626bbf93b8a5ba7956b690981d4186de61f3e3b1fdc3aec2dfcacb69e712900f32c883a09dd4733c1e4569506272520  coregrind-elfv2.patch"
diff --git a/user/valgrind/arm.patch b/user/valgrind/arm.patch
new file mode 100644
index 000000000..8281c8ba1
--- /dev/null
+++ b/user/valgrind/arm.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -234,7 +234,7 @@
+         ARCH_MAX="s390x"
+         ;;
+ 
+-     armv7*)
++     arm*)
+ 	AC_MSG_RESULT([ok (${host_cpu})])
+ 	ARCH_MAX="arm"
+ 	;;
diff --git a/user/valgrind/coregrind-elfv2.patch b/user/valgrind/coregrind-elfv2.patch
new file mode 100644
index 000000000..7e4a2d636
--- /dev/null
+++ b/user/valgrind/coregrind-elfv2.patch
@@ -0,0 +1,443 @@
+The LE and BE code here is the same, except the BE has the old-style
+function descriptor.  So, we use the LE code on ELFv2 to fix build errors.
+
+--- valgrind-3.13.0/coregrind/m_libcsetjmp.c	2017-05-31 10:14:45.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_libcsetjmp.c	2018-05-25 20:07:37.007835735 -0500
+@@ -149,7 +149,7 @@
+ 
+ /* ------------ ppc64-linux ------------ */
+ 
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ 
+ __asm__(
+ ".section \".toc\",\"aw\""          "\n"
+@@ -268,7 +268,8 @@
+ ".previous"  "\n"
+ );
+ 
+-#elif defined(VGP_ppc64le_linux)
++#elif (defined(VGP_ppc64le_linux)) || \
++      (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
+ __asm__(
+ ".section \".toc\",\"aw\""          "\n"
+ 
+--- valgrind-3.13.0/coregrind/m_main.c.old	2017-05-31 10:14:52.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_main.c	2018-05-30 19:01:00.534083618 -0500
+@@ -2585,7 +2585,7 @@
+     "\ttrap\n"
+     ".previous\n"
+ );
+-#elif defined(VGP_ppc64be_linux)
++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ asm("\n"
+     /* PPC64 ELF ABI says '_start' points to a function descriptor.
+        So we must have one, and that is what goes into the .opd section. */
+@@ -2631,9 +2631,9 @@
+     "\tnop\n"
+     "\ttrap\n"
+ );
+-#elif defined(VGP_ppc64le_linux)
+-/* Little Endian uses ELF version 2 but in the future may also
+- * support other ELF versions.
++#elif defined(VGP_ppc64le_linux) || \
++      (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
++/* PowerPC 64 ELF version 2 does not use function descriptors.
+  */
+ asm("\n"
+     "\t.align 2\n"
+--- valgrind-3.13.0/coregrind/m_syscall.c.old	2017-05-31 10:14:29.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_syscall.c	2018-05-30 19:02:00.984023769 -0500
+@@ -470,7 +470,7 @@
+ ".previous\n"
+ );
+ 
+-#elif defined(VGP_ppc64be_linux)
++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ /* Due to the need to return 65 bits of result, this is completely
+    different from the ppc32 case.  The single arg register points to a
+    7-word block containing the syscall # and the 6 args.  The syscall
+@@ -506,7 +506,8 @@
+ "        blr\n"
+ );
+ 
+-#elif defined(VGP_ppc64le_linux)
++#elif defined(VGP_ppc64le_linux) || \
++      (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
+ /* Due to the need to return 65 bits of result, this is completely
+    different from the ppc32 case.  The single arg register points to a
+    7-word block containing the syscall # and the 6 args.  The syscall
+--- valgrind-3.13.0/coregrind/m_signals.c.old	2017-05-31 10:14:52.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_signals.c	2018-05-30 22:12:46.082692356 -0500
+@@ -889,7 +889,7 @@
+    "	sc\n" \
+    ".previous\n"
+ 
+-#elif defined(VGP_ppc64be_linux)
++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ #  define _MY_SIGRETURN(name) \
+    ".align   2\n" \
+    ".globl   my_sigreturn\n" \
+@@ -904,7 +904,8 @@
+    "	li	0, " #name "\n" \
+    "	sc\n"
+ 
+-#elif defined(VGP_ppc64le_linux)
++#elif defined(VGP_ppc64le_linux) || \
++      (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
+ /* Little Endian supports ELF version 2.  In the future, it may
+  * support other versions.
+  */
+--- valgrind-3.13.0/coregrind/m_syswrap/syswrap-ppc64-linux.c.old	2017-05-31 10:14:39.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_syswrap/syswrap-ppc64-linux.c	2018-05-30 22:15:42.112518074 -0500
+@@ -71,12 +71,12 @@
+ //    r4 = retaddr
+ //    r5 = function descriptor
+ //    r6 = arg1
+-/* On PPC64, a func ptr is represented by a TOC entry ptr.
++/* On ELFv1, a func ptr is represented by a TOC entry ptr.
+    This TOC entry contains three words; the first word is the function
+    address, the second word is the TOC ptr (r2), and the third word is
+    the static chain value. */
+ asm(
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ "   .align   2\n"
+ "   .globl   vgModuleLocal_call_on_new_stack_0_1\n"
+ "   .section \".opd\",\"aw\"\n"
+@@ -126,7 +126,7 @@
+ "   bctr\n\t"              // jump to dst
+ "   trap\n"                // should never get here
+ #else
+-//  ppc64le_linux
++//  ppc64le_linux, or ELFv2 ABI on BE
+ "   .align   2\n"
+ "   .globl   vgModuleLocal_call_on_new_stack_0_1\n"
+ "vgModuleLocal_call_on_new_stack_0_1:\n"
+@@ -211,7 +211,7 @@
+
+ // See priv_syswrap-linux.h for arg profile.
+ asm(
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ "   .align   2\n"
+ "   .globl   do_syscall_clone_ppc64_linux\n"
+ "   .section \".opd\",\"aw\"\n"
+--- valgrind-3.13.0/coregrind/m_syswrap/syscall-ppc64be-linux.S.old	2017-05-31 10:14:39.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_syswrap/syscall-ppc64be-linux.S	2018-05-30 22:18:31.742350130 -0500
+@@ -29,7 +29,7 @@
+ 
+ #include "pub_core_basics_asm.h"
+ 
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
+ 
+ #include "pub_core_vkiscnums_asm.h"
+ #include "libvex_guest_offsets.h"
+@@ -76,12 +76,25 @@
+ 
+ .align 2
+ .globl ML_(do_syscall_for_client_WRK)
++#if _CALL_ELF == 2
++.type .ML_(do_syscall_for_client_WRK),@function
++ML_(do_syscall_for_client_WRK):
++0:      addis         2,12,.TOC.-0b@ha
++        addi          2,2,.TOC.-0b@l
++        .localentry   ML_(do_syscall_for_client_WRK), .-ML_(do_syscall_for_client_WRK)
++#else
+ .section ".opd","aw"
+ .align 3
+-ML_(do_syscall_for_client_WRK):	
++ML_(do_syscall_for_client_WRK):
+ .quad .ML_(do_syscall_for_client_WRK),.TOC.@tocbase,0
+ .previous
+-.type .ML_(do_syscall_for_client_WRK),@function
++#endif
++#if _CALL_ELF == 2
++0:      addis        2,12,.TOC.-0b@ha
++        addi         2,2,.TOC.-0b@l
++        .localentry  ML_(do_syscall_for_client_WRK), .-ML_(do_syscall_for_client_WRK)
++#endif
++.type  .ML_(do_syscall_for_client_WRK),@function
+ .globl .ML_(do_syscall_for_client_WRK)
+ .ML_(do_syscall_for_client_WRK):
+         /* make a stack frame */
+@@ -145,7 +158,11 @@
+ 	/* failure: return 0x8000 | error code */
+ 7:	ori	3,3,0x8000	/* FAILURE -- ensure return value is nonzero */
+         b       5b
+-
++#if _CALL_ELF == 2
++        .size .ML_(do_syscall_for_client_WRK),.-.ML_(do_syscall_for_client_WRK)
++#else
++        .size .ML_(do_syscall_for_client_WRK),.-.ML_(do_syscall_for_client_WRK)
++#endif
+ .section .rodata
+ /* export the ranges so that
+    VG_(fixup_guest_state_after_syscall_interrupted) can do the
+@@ -162,7 +179,7 @@
+ ML_(blksys_committed): .quad 4b
+ ML_(blksys_finished):  .quad 5b
+ 
+-#endif // defined(VGP_ppc64be_linux)
++#endif // defined(VGP_ppc64le_linux)
+ 
+ /* Let the linker know we don't need an executable stack */
+ MARK_STACK_NO_EXEC
+--- valgrind-3.13.0/coregrind/m_dispatch/dispatch-ppc64be-linux.S.old	2017-05-31 10:14:33.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_dispatch/dispatch-ppc64be-linux.S	2018-05-30 22:39:37.951096498 -0500
+@@ -30,12 +30,21 @@
+ 
+ #include "pub_core_basics_asm.h"
+ 
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
+ 
+ #include "pub_core_dispatch_asm.h"
+ #include "pub_core_transtab_asm.h"
+ #include "libvex_guest_offsets.h"	/* for OFFSET_ppc64_CIA */
+ 
++/* NOTE: PPC64 supports Big Endian and Little Endian.  It also supports the
++	ELF version 1 and ELF version 2 APIs.
++
++	Currently LE uses ELF version 2 and BE uses ELF version 1.  However,
++	BE and LE may support the other ELF version in the future.  So, the
++	_CALL_ELF is used in the assembly function to enable code for a
++	specific ELF version independently of the endianness of the machine.
++	The test "#if  _CALL_ELF == 2" checks if ELF version 2 is being used.
++*/
+ 
+ /* References to globals via the TOC */
+ 
+@@ -75,14 +84,26 @@
+ .section ".text"
+ .align   2
+ .globl   VG_(disp_run_translations)
++#if _CALL_ELF == 2
++.type VG_(disp_run_translations),@function
++VG_(disp_run_translations):
++.type    .VG_(disp_run_translations),@function
++#else
+ .section ".opd","aw"
+ .align   3
+ VG_(disp_run_translations):
+ .quad    .VG_(disp_run_translations),.TOC.@tocbase,0
+ .previous
+ .type    .VG_(disp_run_translations),@function
++#endif
+ .globl   .VG_(disp_run_translations)
+ .VG_(disp_run_translations):
++#if  _CALL_ELF == 2
++0:      addis 2, 12,.TOC.-0b@ha
++        addi  2,2,.TOC.-0b@l
++        .localentry VG_(disp_run_translations), .-VG_(disp_run_translations)
++#endif
++
+ 	/* r3 holds two_words */
+ 	/* r4 holds guest_state */
+         /* r5 holds host_addr */
+@@ -229,8 +250,13 @@
+         /* make a stack frame for the code we are calling */
+         stdu    1,-48(1)
+ 
+-        /* Set up the guest state ptr */
++	/* Set up the guest state ptr */
+         mr      31,4      /* r31 (generated code gsp) = r4 */
++#if  _CALL_ELF == 2
++/*  for the LE ABI need to setup r2 and r12 */
++0:      addis 2, 12,.TOC.-0b@ha
++        addi  2,2,.TOC.-0b@l
++#endif
+ 
+         /* and jump into the code cache.  Chained translations in
+            the code cache run, until for whatever reason, they can't
+@@ -385,6 +411,9 @@
+         mtlr    0
+         addi    1,1,624   /* stack_size */
+         blr
++#if _CALL_ELF == 2
++	.size VG_(disp_run_translations),.-VG_(disp_run_translations)
++#endif
+ 
+ 
+ /*----------------------------------------------------*/
+@@ -395,15 +424,25 @@
+         .section ".text"
+         .align   2
+         .globl   VG_(disp_cp_chain_me_to_slowEP)
+-        .section ".opd","aw"
++#if  _CALL_ELF == 2
++        .type VG_(disp_cp_chain_me_to_slowEP),@function
++	VG_(disp_cp_chain_me_to_slowEP):
++#else
++	.section ".opd","aw"
+         .align   3
+ VG_(disp_cp_chain_me_to_slowEP):
+         .quad    .VG_(disp_cp_chain_me_to_slowEP),.TOC.@tocbase,0
+         .previous
++#endif
+         .type    .VG_(disp_cp_chain_me_to_slowEP),@function
+         .globl   .VG_(disp_cp_chain_me_to_slowEP)
+ .VG_(disp_cp_chain_me_to_slowEP):
+-        /* We got called.  The return address indicates
++#if  _CALL_ELF == 2
++0:      addis 2, 12,.TOC.-0b@ha
++        addi  2,2,.TOC.-0b@l
++        .localentry VG_(disp_cp_chain_me_to_slowEP), .-VG_(disp_cp_chain_me_to_slowEP)
++#endif
++	/* We got called.  The return address indicates
+            where the patching needs to happen.  Collect
+            the return address and, exit back to C land,
+            handing the caller the pair (Chain_me_S, RA) */
+@@ -415,20 +454,33 @@
+         */
+         subi 7,7,20+4+4
+         b    .postamble
++#if  _CALL_ELF == 2
++        .size VG_(disp_cp_chain_me_to_slowEP),.-VG_(disp_cp_chain_me_to_slowEP)
++#endif
+ 
+ /* ------ Chain me to fast entry point ------ */
+         .section ".text"
+         .align   2
+         .globl   VG_(disp_cp_chain_me_to_fastEP)
+-        .section ".opd","aw"
++#if  _CALL_ELF == 2
++        .type VG_(disp_cp_chain_me_to_fastEP),@function
++VG_(disp_cp_chain_me_to_fastEP):
++#else
++	.section ".opd","aw"
+         .align   3
+ VG_(disp_cp_chain_me_to_fastEP):
+         .quad    .VG_(disp_cp_chain_me_to_fastEP),.TOC.@tocbase,0
+         .previous
++#endif
+         .type    .VG_(disp_cp_chain_me_to_fastEP),@function
+         .globl   .VG_(disp_cp_chain_me_to_fastEP)
+ .VG_(disp_cp_chain_me_to_fastEP):
+-        /* We got called.  The return address indicates
++#if  _CALL_ELF == 2
++0:      addis 2, 12,.TOC.-0b@ha
++        addi  2,2,.TOC.-0b@l
++        .localentry VG_(disp_cp_chain_me_to_fastEP), .-VG_(disp_cp_chain_me_to_fastEP)
++#endif
++	/* We got called.  The return address indicates
+            where the patching needs to happen.  Collect
+            the return address and, exit back to C land,
+            handing the caller the pair (Chain_me_S, RA) */
+@@ -440,20 +492,33 @@
+         */
+         subi 7,7,20+4+4
+         b    .postamble
++#if _CALL_ELF == 2
++        .size VG_(disp_cp_chain_me_to_fastEP),.-VG_(disp_cp_chain_me_to_fastEP)
++#endif
+ 
+ /* ------ Indirect but boring jump ------ */
+         .section ".text"
+         .align   2
+         .globl   VG_(disp_cp_xindir)
+-        .section ".opd","aw"
++#if _CALL_ELF == 2
++        .type VG_(disp_cp_xindir),@function
++VG_(disp_cp_xindir):
++#else
++	.section ".opd","aw"
+         .align   3
+ VG_(disp_cp_xindir):
+         .quad    .VG_(disp_cp_xindir),.TOC.@tocbase,0
+         .previous
++#endif
+         .type    .VG_(disp_cp_xindir),@function
+         .globl   .VG_(disp_cp_xindir)
+ .VG_(disp_cp_xindir):
+-        /* Where are we going? */
++#if  _CALL_ELF == 2
++0:      addis 2, 12,.TOC.-0b@ha
++        addi  2,2,.TOC.-0b@l
++        .localentry VG_(disp_cp_xindir), .-VG_(disp_cp_xindir)
++#endif
++	/* Where are we going? */
+         ld      3,OFFSET_ppc64_CIA(31)
+ 
+         /* stats only */
+@@ -479,6 +544,9 @@
+         /* Found a match.  Jump to .host. */
+         mtctr   7
+         bctr
++#if _CALL_ELF == 2
++        .size VG_(disp_cp_xindir),.-VG_(disp_cp_xindir)
++#endif
+ 
+ .fast_lookup_failed:
+         /* stats only */
+@@ -496,39 +564,64 @@
+ .section ".text"
+         .align   2
+         .globl   VG_(disp_cp_xassisted)
+-        .section ".opd","aw"
++#if _CALL_ELF == 2
++        .type VG_(disp_cp_xassisted),@function
++VG_(disp_cp_xassisted):
++#else
++	.section ".opd","aw"
+         .align   3
+ VG_(disp_cp_xassisted):
+         .quad    .VG_(disp_cp_xassisted),.TOC.@tocbase,0
+         .previous
+-        .type    .VG_(disp_cp_xassisted),@function
++#endif
++#if  _CALL_ELF == 2
++0:      addis 2, 12,.TOC.-0b@ha
++        addi  2,2,.TOC.-0b@l
++        .localentry VG_(disp_cp_xassisted), .-VG_(disp_cp_xassisted)
++#endif
++	.type    .VG_(disp_cp_xassisted),@function
+         .globl   .VG_(disp_cp_xassisted)
+ .VG_(disp_cp_xassisted):
+         /* r31 contains the TRC */
+         mr      6,31
+         li      7,0
+         b       .postamble
++#if _CALL_ELF == 2
++        .size VG_(disp_cp_xassisted),.-VG_(disp_cp_xassisted)
++#endif
+ 
+ /* ------ Event check failed ------ */
+         .section ".text"
+         .align   2
+         .globl   VG_(disp_cp_evcheck_fail)
+-        .section ".opd","aw"
++#if _CALL_ELF == 2
++        .type VG_(disp_cp_evcheck_fail),@function
++VG_(disp_cp_evcheck_fail):
++#else
++	.section ".opd","aw"
+         .align   3
+ VG_(disp_cp_evcheck_fail):
+         .quad    .VG_(disp_cp_evcheck_fail),.TOC.@tocbase,0
+         .previous
++#endif
++#if  _CALL_ELF == 2
++0:      addis 2, 12,.TOC.-0b@ha
++        addi  2,2,.TOC.-0b@l
++        .localentry VG_(disp_cp_evcheck_fail), .-VG_(disp_cp_evcheck_fail)
++#endif
+         .type    .VG_(disp_cp_evcheck_fail),@function
+         .globl   .VG_(disp_cp_evcheck_fail)
+ .VG_(disp_cp_evcheck_fail):
+         li      6,VG_TRC_INNER_COUNTERZERO
+         li      7,0
+         b       .postamble
++#if  _CALL_ELF == 2
++       .size VG_(disp_cp_evcheck_fail),.-VG_(disp_cp_evcheck_fail)
++#endif
+ 
+-        
+ .size .VG_(disp_run_translations), .-.VG_(disp_run_translations)
+ 
+-#endif // defined(VGP_ppc64be_linux)
++#endif // defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
+ 
+ /* Let the linker know we don't need an executable stack */
+ MARK_STACK_NO_EXEC
diff --git a/user/valgrind/uclibc.patch b/user/valgrind/uclibc.patch
new file mode 100644
index 000000000..69281ab2c
--- /dev/null
+++ b/user/valgrind/uclibc.patch
@@ -0,0 +1,10 @@
+--- ./coregrind/vg_preloaded.c.orig
++++ ./coregrind/vg_preloaded.c
+@@ -42,6 +42,7 @@
+    originates from Valgrind.
+    ------------------------------------------------------------------ */
+ 
++#include <features.h>
+ #include "pub_core_basics.h"
+ #include "pub_core_clreq.h"
+ #include "pub_core_debuginfo.h"  // Needed for pub_core_redir.h
diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
new file mode 100644
index 000000000..a11b883f7
--- /dev/null
+++ b/user/vlc/APKBUILD
@@ -0,0 +1,362 @@
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=vlc
+pkgver=3.0.3
+_pkgver=${pkgver/_/-}
+_ver=${_pkgver%[a-z]}
+pkgrel=1
+pkgdesc="A multi-platform MPEG, VCD/DVD, and DivX player"
+triggers="vlc-libs.trigger=/usr/lib/vlc/plugins"
+pkgusers="vlc"
+pkggroups="vlc"
+url="https://www.videolan.org/vlc/"
+arch="all"
+license="GPL-2.0-or-later"
+options="!checkroot textrel"
+subpackages="$pkgname-dev
+	$pkgname-doc
+	$pkgname-qt
+	$pkgname-xorg
+	$pkgname-daemon::noarch
+	$pkgname-libs
+	$pkgname-plugins
+
+	$pkgname-plugins-access:plugins_access
+	$pkgname-plugins-access_output:plugins_access_output
+	$pkgname-plugins-audio_filter:plugins_audio_filter
+	$pkgname-plugins-audio_mixer:plugins_audio_mixer
+	$pkgname-plugins-audio_output:plugins_audio_output
+	$pkgname-plugins-codec:plugins_codec
+	$pkgname-plugins-control:plugins_control
+	$pkgname-plugins-demux:plugins_demux
+	$pkgname-plugins-gui:plugins_gui
+	$pkgname-plugins-lua:plugins_lua
+	$pkgname-plugins-meta_engine:plugins_meta_engine
+	$pkgname-plugins-misc:plugins_misc
+	$pkgname-plugins-mux:plugins_mux
+	$pkgname-plugins-notify:plugins_notify
+	$pkgname-plugins-packetizer:plugins_packetizer
+	$pkgname-plugins-services_discovery:plugins_services_discovery
+	$pkgname-plugins-stream_filter:plugins_stream_filter
+	$pkgname-plugins-stream_out:plugins_stream_out
+	$pkgname-plugins-text_renderer:plugins_text_renderer
+	$pkgname-plugins-video_chroma:plugins_video_chroma
+	$pkgname-plugins-video_filter:plugins_video_filter
+	$pkgname-plugins-video_output:plugins_video_output
+	$pkgname-plugins-visualization:plugins_visualization"
+depends="ttf-dejavu $pkgname-plugins"
+makedepends="
+	a52dec-dev
+	alsa-lib-dev
+	automake
+	autoconf
+	bison
+	libtool
+	dbus-dev
+	faad2-dev
+	ffmpeg-dev
+	flac-dev
+	flex
+	fluidsynth-dev
+	freetype-dev
+	fribidi-dev
+	gtk+3.0-dev
+	libbluray-dev>=0.2.1 libbluray-dev<20100000
+	libavc1394-dev
+	libcddb-dev
+	libdc1394-dev>=2.1.0
+	libdca-dev
+	libdvbpsi-dev
+	libdvdnav-dev
+	libdvdread-dev
+	libgcrypt-dev
+	libice-dev
+	libjpeg-turbo-dev
+	libmad-dev
+	libmatroska-dev
+	libmpeg2-dev
+	libnotify-dev
+	libogg-dev
+	libraw1394-dev>=2.0.1
+	librsvg-dev
+	libshout-dev
+	libsm-dev
+	libtheora-dev
+	libva-dev
+	libvdpau-dev
+	libvorbis-dev
+	libvpx-dev
+	libx11-dev
+	libxext-dev
+	libxinerama-dev
+	libxml2-dev
+	libxpm-dev
+	libxv-dev
+	live-media-dev>=2012.01.26
+	lua5.2-dev
+	mesa-dev
+	ncurses-dev
+	opus-dev
+	pkgconfig
+	pulseaudio-dev
+	qt5-qtbase-dev
+	qt5-qtsvg-dev
+	qt5-qtx11extras-dev
+	sdl2-dev
+	speex-dev
+	speexdsp-dev
+	sysfsutils-dev
+	taglib-dev
+	eudev-dev
+	v4l-utils-dev
+	wayland-protocols
+	x264-dev
+	x265-dev
+	xcb-util-renderutil-dev
+	xcb-util-keysyms-dev
+	xdg-utils
+	"
+source="http://get.videolan.org/vlc/$_ver/vlc-$_ver.tar.xz
+	omxil-rpi-codecs.patch
+	check-headless.patch
+	disable-sub-autodetect-fuzzy-1-test.patch
+	fribidi-update.patch
+	tar-compat.patch
+	test-s390x.patch
+	vlc-libs.trigger"
+
+builddir="$srcdir"/$pkgname-$_ver
+
+prepare() {
+	default_prepare
+	 NOCONFIGURE=1 ./bootstrap
+}
+
+build() {
+	local _arch_opts=
+	cd "$builddir"
+	export CFLAGS="$CFLAGS -D_GNU_SOURCE"
+
+	case "$CARCH" in
+	arm*) _arch_opts="--enable-omxil --enable-omxil-vout --enable-rpi-omxil" ;;
+	aarch64) _arch_opts="--enable-neon" ;;
+	ppc64*) _arch_opts="--enable-altivec" ;;
+	esac
+
+	LUA=lua5.2 \
+	LUAC=luac5.2 \
+	BUILDCC="${CC:-gcc} -std=c99" \
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--disable-mmx \
+		--disable-sse \
+		--enable-nls \
+		--enable-optimizations \
+		--enable-optimize-memory \
+		--disable-rpath \
+		--enable-a52 \
+		--enable-avcodec \
+		--enable-avformat \
+		--enable-bluray \
+		--enable-cdda \
+		--enable-dbus \
+		--enable-dc1394 \
+		--enable-dca \
+		--enable-dvbpsi \
+		--enable-dvdread \
+		--enable-dvdnav \
+		--enable-faad \
+		--enable-flac \
+		--enable-fluidsynth \
+		--enable-jpeg \
+		--enable-libcddb \
+		--enable-libmpeg2 \
+		--enable-libva \
+		--enable-live555 \
+		--enable-mad \
+		--enable-merge-ffmpeg \
+		--enable-notify \
+		--enable-ncurses \
+		--enable-ogg \
+		--enable-opus \
+		--enable-png \
+		--enable-pulse \
+		--enable-qt \
+		--enable-realrtsp \
+		--enable-shout \
+		--enable-skins2 \
+		--enable-speex \
+		--enable-sout \
+		--enable-taglib \
+		--enable-theora \
+		--enable-udev \
+		--enable-v4l2 \
+		--enable-vdpau \
+		--enable-vlm \
+		--enable-vorbis \
+		--enable-vpx \
+		--enable-wma-fixed \
+		--enable-x264 \
+		--enable-x265 \
+		--enable-xvideo \
+		$_arch_opts
+
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	# delete cache as it's autocreated by trigger
+	rm -rf "$pkgdir"/usr/lib/vlc/plugins/plugins.dat
+	# delete unneeded mozilla and kde support files
+	rm -rf "$pkgdir"/usr/lib/mozilla
+	rm -rf "$pkgdir"/usr/share/kde4
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+plugins() {
+	pkgdesc="$pkgname all plugins meta package"
+	depends="$pkgname-plugins-access
+		$pkgname-plugins-access_output
+		$pkgname-plugins-audio_filter
+		$pkgname-plugins-audio_mixer
+		$pkgname-plugins-audio_output
+		$pkgname-plugins-codec
+		$pkgname-plugins-control
+		$pkgname-plugins-demux
+		$pkgname-plugins-gui
+		$pkgname-plugins-lua
+		$pkgname-plugins-meta_engine
+		$pkgname-plugins-misc
+		$pkgname-plugins-mux
+		$pkgname-plugins-notify
+		$pkgname-plugins-packetizer
+		$pkgname-plugins-services_discovery
+		$pkgname-plugins-stream_filter
+		$pkgname-plugins-stream_out
+		$pkgname-plugins-text_renderer
+		$pkgname-plugins-video_chroma
+		$pkgname-plugins-video_filter
+		$pkgname-plugins-video_output
+		$pkgname-plugins-visualization"
+	mkdir -p "$subpkgdir"
+}
+
+_mv() {
+	local dir=${1%/*}
+	mkdir -p "$subpkgdir"/$dir
+	mv "$1" "$subpkgdir"/$dir/
+}
+
+qt() {
+	pkgdesc="Qt frontend for VLC"
+	depends="vlc-xorg=$pkgver-r$pkgrel"
+	cd "$pkgdir"
+	# scan for elf files that directly or indirectly depends on
+	# libQt* libraries
+	cd "$pkgdir"
+	for i in $(find . -type f ); do
+		if ldd $i 2>/dev/null | grep -q "libQt"; then
+			_mv "$i" || return 1
+		fi
+	done
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/qvlc \
+		"$subpkgdir"/usr/bin/
+}
+
+xorg() {
+	pkgdesc="Video LAN X.org support"
+	depends="xdg-utils vlc=$pkgver-r$pkgrel"
+
+	# scan for elf files that directly or indirectly depends on
+	# libX* libraries
+	cd "$pkgdir"
+	for i in $(find . -type f ); do
+		if ldd $i 2>/dev/null | grep -E -q "libX|x11|libxcb|libGL"; then
+			echo $i | grep libavcodec_plugin.so || _mv "$i" || return 1
+		fi
+	done
+
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/svlc \
+		"$subpkgdir"/usr/bin
+
+	mkdir -p "$subpkgdir"/usr/share/vlc
+	mv "$pkgdir"/usr/share/applications \
+		"$pkgdir"/usr/share/icons \
+		"$subpkgdir"/usr/share/
+
+	mv "$pkgdir"/usr/share/vlc/skins2 \
+		"$subpkgdir"/usr/share/vlc
+}
+
+daemon() {
+	pkgdesc="Support for running VLC as a daemon"
+	install="vlc-daemon.pre-install"
+	depends="vlc=$pkgver-r$pkgrel"
+
+	mkdir -p "$subpkgdir"
+	cd "$pkgdir"
+	install -D -m755 ../../vlc.initd $subpkgdir/etc/init.d/vlc
+	install -D -m664 ../../vlc.confd $subpkgdir/etc/conf.d/vlc
+	install -d -o vlc -g vlc "$subpkgdir"/var/log/vlc
+}
+
+libs() {
+	depends=
+	mkdir -p "$subpkgdir"/usr/lib/vlc
+	mv "$pkgdir"/usr/lib/vlc/vlc-cache-gen \
+		"$subpkgdir"/usr/lib/vlc/
+	default_libs
+}
+
+_mv_plugins() {
+	local plugin=$1
+	pkgdesc="$pkgname $plugin plugin"
+	depends=
+	mkdir -p "$subpkgdir"/usr/lib/vlc/plugins
+	mv "$pkgdir"/usr/lib/vlc/plugins/"$plugin" \
+		"$subpkgdir"/usr/lib/vlc/plugins
+}
+
+plugins_access()		{ _mv_plugins access; }
+plugins_access_output()		{ _mv_plugins access_output; }
+plugins_audio_filter()		{ _mv_plugins audio_filter; }
+plugins_audio_mixer()		{ _mv_plugins audio_mixer; }
+plugins_audio_output()		{ _mv_plugins audio_output; }
+plugins_codec()			{ _mv_plugins codec; }
+plugins_control()		{ _mv_plugins control; }
+plugins_demux()			{ _mv_plugins demux; }
+plugins_gui()			{ _mv_plugins gui; }
+plugins_lua()			{ _mv_plugins lua; }
+plugins_meta_engine()		{ _mv_plugins meta_engine; }
+plugins_misc()			{ _mv_plugins misc; }
+plugins_mux()			{ _mv_plugins mux; }
+plugins_notify()		{ _mv_plugins notify; }
+plugins_packetizer()		{ _mv_plugins packetizer; }
+plugins_services_discovery()	{ _mv_plugins services_discovery; }
+plugins_stream_filter()		{ _mv_plugins stream_filter; }
+plugins_stream_out()		{ _mv_plugins stream_out; }
+plugins_text_renderer()		{ _mv_plugins text_renderer; }
+plugins_video_chroma()		{ _mv_plugins video_chroma; }
+plugins_video_filter()		{ _mv_plugins video_filter; }
+plugins_video_output()		{ _mv_plugins video_output; }
+plugins_visualization()		{ _mv_plugins visualization; }
+
+sha512sums="1569cefa6623b2631a832679bc9a63ebeba222901e5221d254e896a68d2ee467054da8de9eda566924e80a11bb29a673a9f0c4243793845547d8027b58a238ab  vlc-3.0.3.tar.xz
+e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89  omxil-rpi-codecs.patch
+22d80df599b8b65a5439cefbb7140af8e9530f326d54945da3769af65f37518b99ec2cc8647aafd2763324a0698280915afe043cc87e5720c4694881ed35bffa  check-headless.patch
+e214b407235cb3afb8bec93f20c9b42957b57e6fd3960679d3d4235e77762e03e64d03c01f00ef63d589e7c85aaad02ce6abbeeccd66b1867bc92451a5b5e9b0  disable-sub-autodetect-fuzzy-1-test.patch
+3338531d385f76d9eedf10498d1b0b78565c531eedb3018d4500e377815f9ccbfcc16ec398cb8559bcc624f65b61d376125c4a5e6880cbad90ec9880dd4b9ce5  fribidi-update.patch
+a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3  tar-compat.patch
+c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5  test-s390x.patch
+b67b6e21e9d4027aef1006e6057f9ba8e65ce3895b08f7b911b1675cff9bc423f64ee2c187c584860e9e5d4635a30408a7781add9694d9bba753eac37f357406  vlc-libs.trigger"
diff --git a/user/vlc/check-headless.patch b/user/vlc/check-headless.patch
new file mode 100644
index 000000000..25016f437
--- /dev/null
+++ b/user/vlc/check-headless.patch
@@ -0,0 +1,13 @@
+diff --git a/test/run_vlc.sh b/test/run_vlc.sh
+index af35987..9a0175b 100755
+--- a/test/run_vlc.sh
++++ b/test/run_vlc.sh
+@@ -2,7 +2,7 @@
+ 
+ set -e
+ 
+-VLC="./vlc --ignore-config --rc-fake-tty"
++VLC="./vlc -I dummy --ignore-config --rc-fake-tty"
+ 
+ $VLC -H
+ $VLC -vv vlc://quit
diff --git a/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch b/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch
new file mode 100644
index 000000000..b3dd8a1b7
--- /dev/null
+++ b/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch
@@ -0,0 +1,20 @@
+This test fails on x86 and s390x so disable it for now
+reported upstream: https://trac.videolan.org/vlc/ticket/19321
+
+diff --git a/test/libvlc/slaves.c b/test/libvlc/slaves.c
+index 7b2c24fa43..7c47b3147b 100644
+--- a/test/libvlc/slaves.c
++++ b/test/libvlc/slaves.c
+@@ -194,10 +194,12 @@ main (void)
+         assert(p_expected_slaves[i].psz_uri != NULL);
+     }
+ 
++#if 0
+     printf("== Testing --sub-autodetect-fuzzy 1 (everything) ==\n");
+     test_media_has_slaves_from_parent(p_vlc, SLAVES_DIR "/test.mp4",
+                                       p_expected_slaves,
+                                       EXPECTED_SLAVES_COUNT);
++#endif
+     libvlc_release(p_vlc);
+ 
+     printf("== Testing --sub-autodetect-fuzzy 2 (full, left, and right match) ==\n");
diff --git a/user/vlc/fribidi-update.patch b/user/vlc/fribidi-update.patch
new file mode 100644
index 000000000..fd293eea4
--- /dev/null
+++ b/user/vlc/fribidi-update.patch
@@ -0,0 +1,83 @@
+From 26e2d3906658c30f2f88f4b1bc9630ec43bf5525 Mon Sep 17 00:00:00 2001
+From: Shaleen Jain <shaleen@jain.sh>
+Date: Sun, 25 Feb 2018 18:42:27 +0530
+Subject: [PATCH 1/1] fribidi: update for version 1.0
+
+Update functions deprecated in version 1.0 when building with release 1.0 and
+above.
+
+Signed-off-by: Thomas Guillem <thomas@gllm.fr>
+---
+ modules/text_renderer/freetype/text_layout.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/modules/text_renderer/freetype/text_layout.c b/modules/text_renderer/freetype/text_layout.c
+index 13efd567b4..1a28786d09 100644
+--- a/modules/text_renderer/freetype/text_layout.c
++++ b/modules/text_renderer/freetype/text_layout.c
+@@ -153,6 +153,9 @@ typedef struct paragraph_t
+ 
+ #ifdef HAVE_FRIBIDI
+     FriBidiCharType     *p_types;
++#if FRIBIDI_MAJOR_VERSION >= 1
++    FriBidiBracketType  *p_btypes;
++#endif
+     FriBidiLevel        *p_levels;
+     FriBidiStrIndex     *pi_reordered_indices;
+     FriBidiParType       paragraph_type;
+@@ -361,6 +364,9 @@ static paragraph_t *NewParagraph( filter_t *p_filter,
+ #ifdef HAVE_FRIBIDI
+     p_paragraph->p_levels = vlc_alloc( i_size, sizeof( *p_paragraph->p_levels ) );
+     p_paragraph->p_types = vlc_alloc( i_size, sizeof( *p_paragraph->p_types ) );
++#if FRIBIDI_MAJOR_VERSION >= 1
++    p_paragraph->p_btypes = vlc_alloc( i_size, sizeof( *p_paragraph->p_btypes ) );
++#endif
+     p_paragraph->pi_reordered_indices =
+             vlc_alloc( i_size, sizeof( *p_paragraph->pi_reordered_indices ) );
+ 
+@@ -398,6 +404,9 @@ error:
+ #ifdef HAVE_FRIBIDI
+     if( p_paragraph->p_levels ) free( p_paragraph->p_levels );
+     if( p_paragraph->p_types ) free( p_paragraph->p_types );
++#if FRIBIDI_MAJOR_VERSION >= 1
++    if( p_paragraph->p_btypes ) free( p_paragraph->p_btypes );
++#endif
+     if( p_paragraph->pi_reordered_indices )
+         free( p_paragraph->pi_reordered_indices );
+ #endif
+@@ -424,6 +433,9 @@ static void FreeParagraph( paragraph_t *p_paragraph )
+ #ifdef HAVE_FRIBIDI
+     free( p_paragraph->pi_reordered_indices );
+     free( p_paragraph->p_types );
++#if FRIBIDI_MAJOR_VERSION >= 1
++    free( p_paragraph->p_btypes );
++#endif
+     free( p_paragraph->p_levels );
+ #endif
+ 
+@@ -436,10 +448,22 @@ static int AnalyzeParagraph( paragraph_t *p_paragraph )
+     fribidi_get_bidi_types(  p_paragraph->p_code_points,
+                              p_paragraph->i_size,
+                              p_paragraph->p_types );
++#if FRIBIDI_MAJOR_VERSION >= 1
++    fribidi_get_bracket_types( p_paragraph->p_code_points,
++                               p_paragraph->i_size,
++                               p_paragraph->p_types,
++                               p_paragraph->p_btypes );
++    fribidi_get_par_embedding_levels_ex( p_paragraph->p_types,
++                                      p_paragraph->p_btypes,
++                                      p_paragraph->i_size,
++                                      &p_paragraph->paragraph_type,
++                                      p_paragraph->p_levels );
++#else
+     fribidi_get_par_embedding_levels( p_paragraph->p_types,
+                                       p_paragraph->i_size,
+                                       &p_paragraph->paragraph_type,
+                                       p_paragraph->p_levels );
++#endif
+ 
+ #ifdef HAVE_HARFBUZZ
+     hb_unicode_funcs_t *p_funcs = hb_unicode_funcs_get_default();
+-- 
+2.11.0
+
diff --git a/user/vlc/omxil-rpi-codecs.patch b/user/vlc/omxil-rpi-codecs.patch
new file mode 100644
index 000000000..9b7accfe7
--- /dev/null
+++ b/user/vlc/omxil-rpi-codecs.patch
@@ -0,0 +1,15 @@
+--- vlc-2.2.0/modules/codec/omxil/omxil_core.c.orig	2015-02-28 08:37:54.044936036 -0200
++++ vlc-2.2.0/modules/codec/omxil/omxil_core.c	2015-02-28 08:38:38.738271654 -0200
+@@ -204,6 +204,12 @@
+ #ifdef RPI_OMX
+     { "video_decoder.avc", "OMX.broadcom.video_decode" },
+     { "video_decoder.mpeg2", "OMX.broadcom.video_decode" },
++    { "video_decoder.mpeg4", "OMX.broadcom.video_decode" },
++    { "video_decoder.vp6", "OMX.broadcom.video_decode" },
++    { "video_decoder.vp8", "OMX.broadcom.video_decode" },
++    { "video_decoder.theora", "OMX.broadcom.video_decode" },
++    { "video_decoder.mjpg", "OMX.broadcom.video_decode" },
++    { "video_decoder.vc1", "OMX.broadcom.video_decode" },
+     { "iv_renderer", "OMX.broadcom.video_render" },
+ #endif
+     { 0, 0 }
diff --git a/user/vlc/tar-compat.patch b/user/vlc/tar-compat.patch
new file mode 100644
index 000000000..34169ef56
--- /dev/null
+++ b/user/vlc/tar-compat.patch
@@ -0,0 +1,11 @@
+--- vlc-3.0.1/share/Makefile.am.old	2018-02-06 18:41:06.000000000 +0000
++++ vlc-3.0.1/share/Makefile.am	2018-04-05 23:19:37.081889895 +0000
+@@ -94,7 +94,7 @@
+ 	$(AM_V_at)rm -f -- skins2/default.vlt.tmp
+ 	$(AM_V_GEN)GZIP=--no-name \
+ 	tar cvvzf skins2/default.vlt.tmp \
+-		--owner=root --group=root --directory="$(srcdir)/skins2" \
++		--uid=0 --gid=0 --directory="$(srcdir)/skins2" \
+ 		default/
+ 	$(AM_V_at)mv -f -- skins2/default.vlt.tmp skins2/default.vlt
+ 
diff --git a/user/vlc/test-s390x.patch b/user/vlc/test-s390x.patch
new file mode 100644
index 000000000..8f221ee06
--- /dev/null
+++ b/user/vlc/test-s390x.patch
@@ -0,0 +1,13 @@
+diff --git a/test/modules/packetizer/hxxx.c b/test/modules/packetizer/hxxx.c
+index 93362a1..e1b7604 100644
+--- a/test/modules/packetizer/hxxx.c
++++ b/test/modules/packetizer/hxxx.c
+@@ -210,7 +210,7 @@ static void test_annexb()
+ 
+ int main( void )
+ {
+-    test_annexb();
++    //test_annexb();
+ 
+     return 0;
+ }
diff --git a/user/vlc/vlc-daemon.pre-install b/user/vlc/vlc-daemon.pre-install
new file mode 100644
index 000000000..aed6c1893
--- /dev/null
+++ b/user/vlc/vlc-daemon.pre-install
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+groups="vlc audio video"
+
+for group in $groups; do
+	addgroup -S $group 2>/dev/null
+done
+adduser -S -D -h /home/vlc -s /bin/sh -G vlc -g vlc vlc 2>/dev/null
+
+# make sure vlc are in all groups
+for group in $groups; do
+	addgroup vlc $group 2>/dev/null
+done
+
+exit 0
diff --git a/user/vlc/vlc-libs.trigger b/user/vlc/vlc-libs.trigger
new file mode 100644
index 000000000..c13bace99
--- /dev/null
+++ b/user/vlc/vlc-libs.trigger
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec /usr/lib/vlc/vlc-cache-gen "$@"  >&/dev/null
+exit 0
+
diff --git a/user/vlc/vlc.confd b/user/vlc/vlc.confd
new file mode 100644
index 000000000..9a58842bd
--- /dev/null
+++ b/user/vlc/vlc.confd
@@ -0,0 +1,15 @@
+# Sample vlc params suitable for running as a daemon
+
+## --file-logging		enable file logging
+## --logfile			logfile name/path
+## -vvv				verbose logging
+## -I dummy			disable X11 interface
+## --sout PARAMS		encoding parameters
+
+
+## Do NOT quote 'PARAMS' otherwise shell expansions will broke vlc
+##
+## The --daemon option will automatically be added so no need to add it
+## here.
+
+VLC_OPTS="--quiet -I dummy alsa://hw:0,0 --file-logging --logfile /var/log/vlc/vlc.log --sout #transcode{acodec=mp3,ab=48,channels=1,samplerate=22050}:std{access=http,mux=ogg,dst=:8080}"
diff --git a/user/vlc/vlc.initd b/user/vlc/vlc.initd
new file mode 100755
index 000000000..541a07180
--- /dev/null
+++ b/user/vlc/vlc.initd
@@ -0,0 +1,32 @@
+#!/sbin/openrc-run
+
+description="VideoLAN daemon"
+pidfile="/var/run/vlc/${RC_SVCNAME}.pid"
+command="/usr/bin/vlc"
+
+depend() {
+	need net
+	after firewall
+}
+
+start_pre() {
+	checkpath --directory --owner vlc:vlc --mode 775 ${pidfile%/*}
+}
+
+start() {
+	ebegin "Starting ${RC_SVCNAME}"
+	start-stop-daemon --start \
+		--user vlc \
+		--pidfile ${pidfile} \
+		--exec ${command} \
+		-- \
+		--daemon --pidfile ${pidfile} ${VLC_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${RC_SVCNAME}"
+	start-stop-daemon --stop \
+		--pidfile ${pidfile}
+	eend $?
+}
diff --git a/user/wayland/APKBUILD b/user/wayland/APKBUILD
new file mode 100644
index 000000000..a25cc87a1
--- /dev/null
+++ b/user/wayland/APKBUILD
@@ -0,0 +1,59 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org>
+# Maintainer: Valery Kartel <valery.kartel@gmail.com>
+pkgname=wayland
+pkgver=1.14.0
+pkgrel=2
+pkgdesc="A computer display server protocol"
+url="http://wayland.freedesktop.org"
+arch=all
+license="MIT"
+depends="$pkgname-libs-client $pkgname-libs-cursor $pkgname-libs-server"
+depends_dev="libffi-dev expat-dev"
+makedepends="$depends_dev doxygen xmlto graphviz grep libxml2-dev bash"
+subpackages="$pkgname-dev $pkgname-libs-client:_libs
+	$pkgname-libs-cursor:_libs $pkgname-libs-server:_libs"
+source="http://wayland.freedesktop.org/releases/$pkgname-$pkgver.tar.xz"
+
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var \
+		--disable-documentation \
+		--disable-static
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+}
+
+dev() {
+	mkdir -p "$subpkgdir"/usr
+	mv "$pkgdir"/usr/bin "$pkgdir"/usr/share \
+		"$subpkgdir"/usr
+	default_dev
+}
+
+_libs() {
+	local name=${subpkgname#$pkgname-libs-}
+	pkgdesc="$pkgdesc ($name library)"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/*-$name.so.* "$subpkgdir"/usr/lib
+}
+
+sha512sums="bd38b2b8963d4d98d42c270e5d7dbff6323789a173b19b67a18258424fd8adee5021b282c9d7f6dad0bd25aa0160e76aecd8ed803d4eb25d911ef0a81cd713a5  wayland-1.14.0.tar.xz"
diff --git a/user/weechat/APKBUILD b/user/weechat/APKBUILD
new file mode 100644
index 000000000..2fe4eb629
--- /dev/null
+++ b/user/weechat/APKBUILD
@@ -0,0 +1,66 @@
+# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
+pkgname=weechat
+pkgver=1.9.1
+pkgrel=1
+pkgdesc="A fast, light, extensible ncurses-based chat client"
+url="http://www.weechat.org"
+arch="all"
+license="GPL-3.0+"
+options="!check"  # Requires itself until 2.0.
+depends_dev="cmake gettext-dev ncurses-dev gnutls-dev libgcrypt-dev curl-dev
+	aspell-dev guile-dev lua5.3-dev perl-dev python3-dev zlib-dev"
+makedepends="$depends_dev"
+checkdepends="cpputest"
+subpackages="$pkgname-dev $pkgname-aspell:_plugin $pkgname-lua:_plugin
+	$pkgname-perl:_plugin $pkgname-python:_plugin
+	$pkgname-guile:_plugin $pkgname-lang"
+source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz
+	fix-python-linking.patch
+	libintl-fix.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+#   1.7.1-r0:
+#   - CVE-2017-8073
+#   1.9.1-r0:
+#   - CVE-2017-14727
+
+prepare() {
+	cd "$builddir"
+	default_prepare
+}
+
+build() {
+	cd "$builddir"
+	mkdir -p build
+	cd build
+	cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_MAN=ON -DENABLE_TESTS=ON -DENABLE_PYTHON3=ON
+	make
+}
+
+package() {
+	cd "$builddir"/build
+	make DESTDIR="$pkgdir/" install
+}
+
+_plugin() {
+	local _name=${subpkgname#*-}
+	local _dir=usr/lib/weechat/plugins
+	pkgdesc="WeeChat $_name plugin"
+	depends="weechat"
+	if [ "$_name" = python ]; then
+		depends="$depends python3"
+	fi
+
+	mkdir -p "$subpkgdir"/$_dir
+	mv "$pkgdir"/$_dir/${_name}.so "$subpkgdir"/$_dir
+}
+
+check() {
+	cd "$builddir"/build
+	ctest -V
+}
+
+sha512sums="e52bb5239e24477ec38f2ad71cb2274e0ffc4226fc36ec00beeb7cf7e754a8c58d9bbc424cb0900e7c803ed47b0956e8f420eaa4cc9cf407ab6dd4769ec94326  weechat-1.9.1.tar.gz
+23b1e3fa9fcade74738d9013b533a0be01dbadabe8a7d82c97d338cdf3e4efe0943b9671f6ec47ac4838d3ad29ab4fd2ce0e6b3c74b4c7280abfd7b040407678  fix-python-linking.patch
+59841bc343b1d10a542631eb01380789f96cac896380dbb3b159444c4806bd6367952e457b9ffd42fb87c1e19fc77eba78c38fd2178ef202ab9f7f1a543417ca  libintl-fix.patch"
diff --git a/user/weechat/fix-python-linking.patch b/user/weechat/fix-python-linking.patch
new file mode 100644
index 000000000..c94be8026
--- /dev/null
+++ b/user/weechat/fix-python-linking.patch
@@ -0,0 +1,11 @@
+--- weechat-1.9/cmake/FindPython.cmake.old	2017-06-25 03:20:52.000000000 -0500
++++ weechat-1.9/cmake/FindPython.cmake	2017-09-24 18:04:48.181662013 -0500
+@@ -67,7 +67,7 @@
+     )
+   if(ENABLE_PYTHON3)
+     find_library(PYTHON_LIBRARY
+-      NAMES python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python3 python2.7 python2.6 python2.5 python
++      NAMES python3.6m python3.6 python3.5m python3.5 python3.4m python3.4 python3.3 python3.2 python3.1 python3.0 python3 python2.7 python2.6 python2.5 python
+       HINTS ${PYTHON_POSSIBLE_LIB_PATH}
+       )
+   else()
diff --git a/user/weechat/libintl-fix.patch b/user/weechat/libintl-fix.patch
new file mode 100644
index 000000000..a67cb37b6
--- /dev/null
+++ b/user/weechat/libintl-fix.patch
@@ -0,0 +1,12 @@
+libc gettext is never sufficient on musl
+
+--- weechat-1.9/CMakeLists.txt.old	2017-06-25 03:20:52.000000000 -0500
++++ weechat-1.9/CMakeLists.txt	2017-09-13 02:30:43.577284569 -0500
+@@ -162,6 +162,7 @@
+   find_package(Gettext)
+   if(GETTEXT_FOUND)
+     add_definitions(-DENABLE_NLS)
++    list(APPEND EXTRA_LIBS intl)
+   endif()
+ endif()
+ 
diff --git a/user/wget/APKBUILD b/user/wget/APKBUILD
new file mode 100644
index 000000000..5f7093ea5
--- /dev/null
+++ b/user/wget/APKBUILD
@@ -0,0 +1,50 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=wget
+pkgver=1.19.2
+pkgrel=1
+pkgdesc="A network utility to retrieve files from the Web"
+url="http://www.gnu.org/software/wget/wget.html"
+arch="all"
+license="GPL-3.0+"
+depends=""
+makedepends="openssl-dev perl gettext-dev"
+checkdepends="perl-http-daemon"
+subpackages="$pkgname-doc $pkgname-lang"
+install=""
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+#   1.19.1-r1:
+#   - CVE-2017-6508
+#   1.19.2-r0:
+#   - CVE-2017-13090
+
+build() {
+	cd "$builddir"
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-ssl=openssl
+	make
+}
+
+check() {
+	cd "$builddir"
+	make check
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+
+	rm -rf "$pkgdir"/usr/lib
+}
+
+sha512sums="a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd  wget-1.19.2.tar.gz"
diff --git a/user/wpa_supplicant/APKBUILD b/user/wpa_supplicant/APKBUILD
new file mode 100644
index 000000000..7aebbef1f
--- /dev/null
+++ b/user/wpa_supplicant/APKBUILD
@@ -0,0 +1,104 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=wpa_supplicant
+pkgver=2.6
+pkgrel=7
+pkgdesc="A utility providing key negotiation for WPA wireless networks"
+url="https://w1.fi/wpa_supplicant/"
+arch="all"
+license="BSD"
+subpackages="$pkgname-doc $pkgname-openrc"
+depends="dbus"
+makedepends="linux-headers openssl-dev dbus-dev libnl3-dev pcsc-lite-dev"
+source="http://w1.fi/releases/$pkgname-$pkgver.tar.gz
+	rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+	rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+	rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+	rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+	rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+	rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+	rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+	rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+
+	wpa_supplicant.initd
+	wpa_supplicant.confd
+	eloop.patch
+
+	config
+	wpa_cli.sh"
+
+# secfixes:
+#   2.6-r7:
+#     - CVE-2017-13077
+#     - CVE-2017-13078
+#     - CVE-2017-13079
+#     - CVE-2017-13080
+#     - CVE-2017-13081
+#     - CVE-2017-13082
+#     - CVE-2017-13086
+#     - CVE-2017-13087
+#     - CVE-2017-13088
+
+builddir="$srcdir"/$pkgname-$pkgver
+prepare() {
+	cd "$builddir"
+	default_prepare
+
+	# Copy our configuration file to the build directory
+	cp "$srcdir"/config "$builddir"/wpa_supplicant/.config
+}
+
+build() {
+	cd "$builddir"/wpa_supplicant
+	make LIBDIR=/lib BINDIR=/sbin
+}
+
+check() {
+	cd "$builddir"/wpa_supplicant
+	make eapol_test
+}
+
+package() {
+	cd "$builddir"/wpa_supplicant
+	make DESTDIR="$pkgdir" LIBDIR=/lib BINDIR=/sbin install
+	install -Dm644 wpa_supplicant.conf \
+		"$pkgdir"/usr/share/doc/wpa_supplicant/examples/wpa_supplicant.conf
+	install -Dm755 "$srcdir"/wpa_cli.sh \
+		"$pkgdir"/etc/wpa_supplicant/wpa_cli.sh
+
+	local man=
+	for man in doc/docbook/*.?; do
+		install -Dm644 "$man" \
+			"$pkgdir"/usr/share/man/man${man##*.}/${man##*/}
+	done
+	install -Dm755 eapol_test "$pkgdir"/sbin/eapol_test
+
+	# dbus
+	cd dbus
+	install -d "$pkgdir"/etc/dbus-1/system.d
+	install -m644 dbus-wpa_supplicant.conf \
+		"$pkgdir"/etc/dbus-1/system.d/wpa_supplicant.conf
+	install -d "$pkgdir"/usr/share/dbus-1/system-services
+	install fi.epitest.hostap.WPASupplicant.service \
+		"$pkgdir"/usr/share/dbus-1/system-services
+	install -d "$pkgdir"/var/run/wpa_supplicant
+	install -Dm755 "$srcdir"/wpa_supplicant.initd \
+		"$pkgdir"/etc/init.d/wpa_supplicant
+	install -Dm644 "$srcdir"/wpa_supplicant.confd \
+		"$pkgdir"/etc/conf.d/wpa_supplicant
+}
+
+sha512sums="46442cddb6ca043b8b08d143908f149954c238e0f3a57a0df73ca4fab9c1acd91b078f3f26375a1d99cd1d65625986328018c735d8705882c8f91e389cad28a6  wpa_supplicant-2.6.tar.gz
+f855fa792425f175ccc800eb49df42067b1c1f4b52ba2d24160af4dfbb74dcf8e81661b7e6c8d92fa408938b8a559fc74557d1677913e4a751bfd43706c14bb6  rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+b4e413aa815572ea0002d33d24b69cd499aebb5efebed8fcaade8b29324bb5853a5db64e8b1dfdf24478e02c66196238b81a6ec777a7a28610435dce4d2c344e  rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+a6382d8e84b4829be33c46bf2f4c6f3232c9d924a4547a21dfe023bf5be8ee1c635920295f52be285359efaae95bcc1f12b512659cfd1653b871dd0bea7e5ace  rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+51ed806f0d5b3f588e26d4db4dcfc6be2cfb12002e26893a6cedd62c7cad0d0de75aed4a666223c4877fc1854b08dce6ddf6f6c4cfd752a5d8d58ad4a968b553  rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+8707a123cd78149dfee9f5bd791761ee1eca605ef96580167044c2339c896920cf0e030b184a5afa9e310f5755afb30bef8ebd4522fc52753f3fbd6acead2cdf  rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+37d050b2e4a3598484912667d8b2705fbe84c5c562267f900d42b0c7b606fb1fed09ddca8b80e2131768baa8f3690aab6ba7a232dee6ff1e66150fdb8816c927  rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+111e655cfbb3a86e3792040e0ea375490d31c42c9d43cbe911290d54df5f4db437e4c8ad0e937c51729dcefeb0db0989b8ab55b9523398683abd08ebfec18076  rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+fc84edd8b30305cc42053c872554098f3f077292ec980ed6a442f37884087ff2f055738fd55977ed792bef1887dcc8c4626586465d78dd0258edb83dcd50a65a  rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+11eed22f6e793f40c788d586c715deecae03c421d11761b7b4a376660bce812c54cc6f353c7d4d5da9c455aeffd778baefb9e76d380027a729574a756e54ddcc  wpa_supplicant.initd
+29103161ec2b9631fca9e8d9a97fafd60ffac3fe78cf613b834395ddcaf8be1e253c22e060d7d9f9b974b2d7ce794caa932a2125e29f6494b75bce475f7b30e1  wpa_supplicant.confd
+2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232  eloop.patch
+6707991f9a071f2fcb09d164d31d12b1f52b91fbb5574b70b8d6f9727f72bbe42b03dd66d10fcc2126f5b7e49ac785657dec90e88b4bf54a9aa5638582f6e505  config
+44d33cfe419cdb65cc14f2ac05aa9f8a1b9f2f432181e498071e41ef835662db1e4c5142adf4cfab2475e7b606696169936bd159d1d711f803322db93f242361  wpa_cli.sh"
diff --git a/user/wpa_supplicant/config b/user/wpa_supplicant/config
new file mode 100644
index 000000000..f35daa0d1
--- /dev/null
+++ b/user/wpa_supplicant/config
@@ -0,0 +1,550 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
+# included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+CONFIG_EAP_FAST=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+CONFIG_EAP_SIM=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+#CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+#CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+#	path is given on command line, not here; this option is just used to
+#	select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+#CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for old DBus control interface
+# (fi.epitest.hostap.WPASupplicant)
+#CONFIG_CTRL_IFACE_DBUS=y
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+#CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Direct
+# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
diff --git a/user/wpa_supplicant/eloop.patch b/user/wpa_supplicant/eloop.patch
new file mode 100644
index 000000000..bab2cee4e
--- /dev/null
+++ b/user/wpa_supplicant/eloop.patch
@@ -0,0 +1,16 @@
+$OpenBSD: patch-src_utils_eloop_c,v 1.5 2015/09/29 11:57:54 dcoppa Exp $
+
+don't try to access list members to free them unless already initialised
+
+--- a/src/utils/eloop.c.orig	Sun Sep 27 21:02:05 2015
++++ b/src/utils/eloop.c	Mon Sep 28 09:35:05 2015
+@@ -1064,6 +1064,9 @@ void eloop_destroy(void)
+ 	struct eloop_timeout *timeout, *prev;
+ 	struct os_reltime now;
+ 
++	if (eloop.timeout.prev == NULL)
++		return;
++
+ 	os_get_reltime(&now);
+ 	dl_list_for_each_safe(timeout, prev, &eloop.timeout,
+ 			      struct eloop_timeout, list) {
diff --git a/user/wpa_supplicant/libressl.patch b/user/wpa_supplicant/libressl.patch
new file mode 100644
index 000000000..56146eab5
--- /dev/null
+++ b/user/wpa_supplicant/libressl.patch
@@ -0,0 +1,49 @@
+--- a/src/crypto/crypto_openssl.c.orig
++++ b/src/crypto/crypto_openssl.c
+@@ -611,7 +611,7 @@
+ 
+ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	DH *dh;
+ 	struct wpabuf *pubkey = NULL, *privkey = NULL;
+ 	size_t publen, privlen;
+@@ -712,7 +712,7 @@
+ 
+ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	DH *dh;
+ 
+ 	dh = DH_new();
+--- a/src/crypto/tls_openssl.c.orig
++++ b/src/crypto/tls_openssl.c
+@@ -919,7 +919,7 @@
+ 		}
+ #endif /* OPENSSL_FIPS */
+ #endif /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 		SSL_load_error_strings();
+ 		SSL_library_init();
+ #ifndef OPENSSL_NO_SHA256
+@@ -1043,7 +1043,7 @@
+ 
+ 	tls_openssl_ref_count--;
+ 	if (tls_openssl_ref_count == 0) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_ENGINE
+ 		ENGINE_cleanup();
+ #endif /* OPENSSL_NO_ENGINE */
+@@ -2334,7 +2334,7 @@
+ 		return 0;
+ 
+ #ifdef PKCS12_FUNCS
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	/*
+ 	 * Clear previously set extra chain certificates, if any, from PKCS#12
+ 	 * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
diff --git a/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
new file mode 100644
index 000000000..727684865
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c  | 16 +++++++++++++---
+ src/ap/wpa_auth.c    | 11 +++++++++++
+ src/ap/wpa_auth.h    |  3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h  |  1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ 	struct ieee80211_ht_capabilities ht_cap;
+ 	struct ieee80211_vht_capabilities vht_cap;
++	int set = 1;
+ 
+ 	/*
+ 	 * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ 	 * FT-over-the-DS, where a station re-associates back to the same AP but
+ 	 * skips the authentication flow, or if working with a driver that
+ 	 * does not support full AP client state.
++	 *
++	 * Skip this if the STA has already completed FT reassociation and the
++	 * TK has been configured since the TX/RX PN must not be reset to 0 for
++	 * the same key.
+ 	 */
+-	if (!sta->added_unassoc)
++	if (!sta->added_unassoc &&
++	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ 		hostapd_drv_sta_remove(hapd, sta->addr);
++		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++		set = 0;
++	}
+ 
+ #ifdef CONFIG_IEEE80211N
+ 	if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+-			    sta->added_unassoc)) {
++			    set)) {
+ 		hostapd_logger(hapd, sta->addr,
+ 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ 			       "Could not %s STA to kernel driver",
+-			       sta->added_unassoc ? "set" : "add");
++			       set ? "set" : "add");
+ 
+ 		if (sta->added_unassoc) {
+ 			hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ 		break;
+ #endif /* CONFIG_IEEE80211R */
++	case WPA_DRV_STA_REMOVED:
++		sm->tk_already_set = FALSE;
++		return 0;
+ 	}
+ 
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+ 
+ 
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++		return 0;
++	return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ 			     struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ 		 u8 *data, size_t data_len);
+ enum wpa_event {
+ 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+-	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ 			     struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ 		return;
+ 	}
+ 
++	if (sm->tk_already_set) {
++		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
++		 * PN in the driver */
++		wpa_printf(MSG_DEBUG,
++			   "FT: Do not re-install same PTK to the driver");
++		return;
++	}
++
+ 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
+ 	 * most likely without this.. At the moment, STA entry is added only
+ 	 * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ 
+ 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ 	sm->pairwise_set = TRUE;
++	sm->tk_already_set = TRUE;
+ }
+ 
+ 
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+ 
+ 	sm->pairwise = pairwise;
+ 	sm->PTK_valid = TRUE;
++	sm->tk_already_set = FALSE;
+ 	wpa_ft_install_ptk(sm);
+ 
+ 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ 	struct wpa_ptk PTK;
+ 	Boolean PTK_valid;
+ 	Boolean pairwise_set;
++	Boolean tk_already_set;
+ 	int keycount;
+ 	Boolean Pair;
+ 	struct wpa_key_replay_counter {
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
new file mode 100644
index 000000000..1802d664a
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
@@ -0,0 +1,250 @@
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h |  11 +++++
+ src/rsn_supp/wpa.c      | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h    |   4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ 	size_t tk_len;
+ };
+ 
++struct wpa_gtk {
++	u8 gtk[WPA_GTK_MAX_LEN];
++	size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++	u8 igtk[WPA_IGTK_MAX_LEN];
++	size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+ 
+ /* WPA IE version 1
+  * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ 	const u8 *_gtk = gd->gtk;
+ 	u8 gtk_buf[32];
+ 
++	/* Detect possible key reinstallation */
++	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++			gd->keyidx, gd->tx, gd->gtk_len);
++		return 0;
++	}
++
+ 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ 	}
+ 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
+ 
++	sm->gtk.gtk_len = gd->gtk_len;
++	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ 	return 0;
+ }
+ 
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+ 
+ 
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++				       const struct wpa_igtk_kde *igtk)
++{
++	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++	u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++	/* Detect possible key reinstallation */
++	if (sm->igtk.igtk_len == len &&
++	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++			keyidx);
++		return  0;
++	}
++
++	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++		"WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++		keyidx, MAC2STR(igtk->pn));
++	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++	if (keyidx > 4095) {
++		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++			"WPA: Invalid IGTK KeyID %d", keyidx);
++		return -1;
++	}
++	if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++			   broadcast_ether_addr,
++			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
++			   igtk->igtk, len) < 0) {
++		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++			"WPA: Failed to configure IGTK to the driver");
++		return -1;
++	}
++
++	sm->igtk.igtk_len = len;
++	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++	return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ 			       struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ 	if (ie->igtk) {
+ 		size_t len;
+ 		const struct wpa_igtk_kde *igtk;
+-		u16 keyidx;
++
+ 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ 			return -1;
++
+ 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
+-		keyidx = WPA_GET_LE16(igtk->keyid);
+-		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+-			"pn %02x%02x%02x%02x%02x%02x",
+-			keyidx, MAC2STR(igtk->pn));
+-		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+-				igtk->igtk, len);
+-		if (keyidx > 4095) {
+-			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+-				"WPA: Invalid IGTK KeyID %d", keyidx);
+-			return -1;
+-		}
+-		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+-				   broadcast_ether_addr,
+-				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
+-				   igtk->igtk, len) < 0) {
+-			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+-				"WPA: Failed to configure IGTK to the driver");
++		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ 			return -1;
+-		}
+ 	}
+ 
+ 	return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+  */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+-	int clear_ptk = 1;
++	int clear_keys = 1;
+ 
+ 	if (sm == NULL)
+ 		return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ 		/* Prepare for the next transition */
+ 		wpa_ft_prepare_auth_request(sm, NULL);
+ 
+-		clear_ptk = 0;
++		clear_keys = 0;
+ 	}
+ #endif /* CONFIG_IEEE80211R */
+ 
+-	if (clear_ptk) {
++	if (clear_keys) {
+ 		/*
+ 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ 		 * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ 		sm->tptk_set = 0;
+ 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ 	}
+ 
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ 		os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+-		struct wpa_igtk_kde igd;
+-		u16 keyidx;
+-
+-		os_memset(&igd, 0, sizeof(igd));
+-		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+-		os_memcpy(igd.keyid, buf + 2, 2);
+-		os_memcpy(igd.pn, buf + 4, 6);
+-
+-		keyidx = WPA_GET_LE16(igd.keyid);
+-		os_memcpy(igd.igtk, buf + 10, keylen);
+-
+-		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+-				igd.igtk, keylen);
+-		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+-				   broadcast_ether_addr,
+-				   keyidx, 0, igd.pn, sizeof(igd.pn),
+-				   igd.igtk, keylen) < 0) {
+-			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+-				   "WNM mode");
+-			os_memset(&igd, 0, sizeof(igd));
++		const struct wpa_igtk_kde *igtk;
++
++		igtk = (const struct wpa_igtk_kde *) (buf + 2);
++		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ 			return -1;
+-		}
+-		os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ 	} else {
+ 		wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ 	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ 	int rx_replay_counter_set;
+ 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++	struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++	struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+ 
+ 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+ 
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
new file mode 100644
index 000000000..e2937b851
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
@@ -0,0 +1,184 @@
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c   | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h |  2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+ 
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ 				      const struct wpa_gtk_data *gd,
+-				      const u8 *key_rsc)
++				      const u8 *key_rsc, int wnm_sleep)
+ {
+ 	const u8 *_gtk = gd->gtk;
+ 	u8 gtk_buf[32];
+ 
+ 	/* Detect possible key reinstallation */
+-	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+-	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ 			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ 			gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ 	}
+ 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
+ 
+-	sm->gtk.gtk_len = gd->gtk_len;
+-	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++	if (wnm_sleep) {
++		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++			  sm->gtk_wnm_sleep.gtk_len);
++	} else {
++		sm->gtk.gtk_len = gd->gtk_len;
++		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++	}
+ 
+ 	return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ 					       gtk_len, gtk_len,
+ 					       &gd.key_rsc_len, &gd.alg) ||
+-	     wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++	     wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ 			"RSN: Failed to install GTK");
+ 		os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ 
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+-				       const struct wpa_igtk_kde *igtk)
++				       const struct wpa_igtk_kde *igtk,
++				       int wnm_sleep)
+ {
+ 	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ 	u16 keyidx = WPA_GET_LE16(igtk->keyid);
+ 
+ 	/* Detect possible key reinstallation */
+-	if (sm->igtk.igtk_len == len &&
+-	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++	if ((sm->igtk.igtk_len == len &&
++	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++	    (sm->igtk_wnm_sleep.igtk_len == len &&
++	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ 			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ 			keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ 		return -1;
+ 	}
+ 
+-	sm->igtk.igtk_len = len;
+-	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++	if (wnm_sleep) {
++		sm->igtk_wnm_sleep.igtk_len = len;
++		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++			  sm->igtk_wnm_sleep.igtk_len);
++	} else {
++		sm->igtk.igtk_len = len;
++		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++	}
+ 
+ 	return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ 			return -1;
+ 
+ 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
+-		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ 			return -1;
+ 	}
+ 
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ 		key_rsc = null_rsc;
+ 
+-	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ 		goto failed;
+ 	os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ 		sm->tptk_set = 0;
+ 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ 		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ 		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ 	}
+ 
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ 	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ 	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ 
+ 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ 				gd.gtk, gd.gtk_len);
+-		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ 			os_memset(&gd, 0, sizeof(gd));
+ 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ 				   "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ 		const struct wpa_igtk_kde *igtk;
+ 
+ 		igtk = (const struct wpa_igtk_kde *) (buf + 2);
+-		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ 			return -1;
+ #endif /* CONFIG_IEEE80211W */
+ 	} else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ 	int rx_replay_counter_set;
+ 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ 	struct wpa_gtk gtk;
++	struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ 	struct wpa_igtk igtk;
++	struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+ 
+ 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
new file mode 100644
index 000000000..22ee21794
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
@@ -0,0 +1,79 @@
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c      | 5 ++---
+ src/rsn_supp/wpa_i.h    | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ 	size_t kck_len;
+ 	size_t kek_len;
+ 	size_t tk_len;
++	int installed; /* 1 if key has already been installed to driver */
+ };
+ 
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ 		os_memset(buf, 0, sizeof(buf));
+ 	}
+ 	sm->tptk_set = 1;
+-	sm->tk_to_set = 1;
+ 
+ 	kde = sm->assoc_wpa_ie;
+ 	kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ 	enum wpa_alg alg;
+ 	const u8 *key_rsc;
+ 
+-	if (!sm->tk_to_set) {
++	if (sm->ptk.installed) {
+ 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ 			"WPA: Do not re-install same PTK to the driver");
+ 		return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ 
+ 	/* TK is not needed anymore in supplicant */
+ 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+-	sm->tk_to_set = 0;
++	sm->ptk.installed = 1;
+ 
+ 	if (sm->wpa_ptk_rekey) {
+ 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ 	struct wpa_ptk ptk, tptk;
+ 	int ptk_set, tptk_set;
+ 	unsigned int msg_3_of_4_ok:1;
+-	unsigned int tk_to_set:1;
+ 	u8 snonce[WPA_NONCE_LEN];
+ 	u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ 	int renew_snonce;
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
new file mode 100644
index 000000000..c19c4c710
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
@@ -0,0 +1,64 @@
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+ 
+ 
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++		wpa_printf(MSG_ERROR,
++			   "WPA: Failed to get random data for ANonce");
++		sm->Disconnect = TRUE;
++		return -1;
++	}
++	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++		    WPA_NONCE_LEN);
++	sm->TimeoutCtr = 0;
++	return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ 	u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ 		SM_ENTER(WPA_PTK, AUTHENTICATION);
+ 	else if (sm->ReAuthenticationRequest)
+ 		SM_ENTER(WPA_PTK, AUTHENTICATION2);
+-	else if (sm->PTKRequest)
+-		SM_ENTER(WPA_PTK, PTKSTART);
+-	else switch (sm->wpa_ptk_state) {
++	else if (sm->PTKRequest) {
++		if (wpa_auth_sm_ptk_update(sm) < 0)
++			SM_ENTER(WPA_PTK, DISCONNECTED);
++		else
++			SM_ENTER(WPA_PTK, PTKSTART);
++	} else switch (sm->wpa_ptk_state) {
+ 	case WPA_PTK_INITIALIZE:
+ 		break;
+ 	case WPA_PTK_DISCONNECT:
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
new file mode 100644
index 000000000..e1bd5a572
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
@@ -0,0 +1,132 @@
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ 		u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ 	} tpk;
+ 	int tpk_set;
++	int tk_set; /* TPK-TK configured to the driver */
+ 	int tpk_success;
+ 	int tpk_in_progress;
+ 
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ 	u8 rsc[6];
+ 	enum wpa_alg alg;
+ 
++	if (peer->tk_set) {
++		/*
++		 * This same TPK-TK has already been configured to the driver
++		 * and this new configuration attempt (likely due to an
++		 * unexpected retransmitted frame) would result in clearing
++		 * the TX/RX sequence number which can break security, so must
++		 * not allow that to happen.
++		 */
++		wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++			   " has already been configured to the driver - do not reconfigure",
++			   MAC2STR(peer->addr));
++		return -1;
++	}
++
+ 	os_memset(rsc, 0, 6);
+ 
+ 	switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ 		return -1;
+ 	}
+ 
++	wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++		   MAC2STR(peer->addr));
+ 	if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ 			   rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ 		wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ 			   "driver");
+ 		return -1;
+ 	}
++	peer->tk_set = 1;
+ 	return 0;
+ }
+ 
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ 	peer->cipher = 0;
+ 	peer->qos_info = 0;
+ 	peer->wmm_capable = 0;
+-	peer->tpk_set = peer->tpk_success = 0;
++	peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ 	peer->chan_switch_enabled = 0;
+ 	os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ 	os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ 		wpa_tdls_peer_free(sm, peer);
+ 		return -1;
+ 	}
++	peer->tk_set = 0; /* A new nonce results in a new TK */
+ 	wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ 		    peer->inonce, WPA_NONCE_LEN);
+ 	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+ 
+ 
++static int tdls_nonce_set(const u8 *nonce)
++{
++	int i;
++
++	for (i = 0; i < WPA_NONCE_LEN; i++) {
++		if (nonce[i])
++			return 1;
++	}
++
++	return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ 				   const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ 	peer->rsnie_i_len = kde.rsn_ie_len;
+ 	peer->cipher = cipher;
+ 
+-	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++	    !tdls_nonce_set(peer->inonce)) {
+ 		/*
+ 		 * There is no point in updating the RNonce for every obtained
+ 		 * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ 				"TDLS: Failed to get random data for responder nonce");
+ 			goto error;
+ 		}
++		peer->tk_set = 0; /* A new nonce results in a new TK */
+ 	}
+ 
+ #if 0
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
new file mode 100644
index 000000000..85ea1d62b
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
@@ -0,0 +1,43 @@
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ 
+ 	if (!wpa_s->wnmsleep_used) {
+ 		wpa_printf(MSG_DEBUG,
+-			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ 		return;
+ 	}
+ 
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ 		return;
+ 	}
+ 
++	wpa_s->wnmsleep_used = 0;
++
+ 	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ 	    wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ 		wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
new file mode 100644
index 000000000..b9678f681
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
@@ -0,0 +1,82 @@
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c    | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h  | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ 	wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++	sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+ 
+ 	/* Keys are not needed in the WPA state machine anymore */
+ 	wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ 	u16 capab;
+ 
+ 	sm->ft_completed = 0;
++	sm->ft_reassoc_completed = 0;
+ 
+ 	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 		2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ 		return -1;
+ 	}
+ 
++	if (sm->ft_reassoc_completed) {
++		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++		return 0;
++	}
++
+ 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ 		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ 		return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ 		return -1;
+ 	}
+ 
++	sm->ft_reassoc_completed = 1;
++
+ 	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ 		return -1;
+ 
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ 	size_t r0kh_id_len;
+ 	u8 r1kh_id[FT_R1KH_ID_LEN];
+ 	int ft_completed;
++	int ft_reassoc_completed;
+ 	int over_the_ds_in_progress;
+ 	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ 	int set_ptk_after_assoc;
+-- 
+2.7.4
+
diff --git a/user/wpa_supplicant/wpa_cli.sh b/user/wpa_supplicant/wpa_cli.sh
new file mode 100644
index 000000000..0a5a6cc03
--- /dev/null
+++ b/user/wpa_supplicant/wpa_cli.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Distributed under the terms of the BSD License.
+# Copyright (c) 2015 Sören Tempel <soeren+alpine@soeren-tempel.net>
+
+IFUP="/sbin/ifup"
+IFDOWN="/sbin/ifdown"
+
+if [ -z "${1}" -o -z "${2}" ]; then
+	logger -t wpa_cli "this script should be called from wpa_cli(8)"
+	exit 1
+elif ! [ -x "${IFUP}" -a -x "${IFDOWN}" ]; then
+	logger -t wpa_cli "${IFUP} or ${IFDOWN} doesn't exist"
+	exit 1
+fi
+
+IFNAME="${1}"
+ACTION="${2}"
+
+EXEC=""
+case "${ACTION}" in
+	CONNECTED)
+		EXEC="${IFUP}"
+		;;
+	DISCONNECTED)
+		EXEC="${IFDOWN}"
+		;;
+	*)
+		logger -t wpa_cli "unknown action '${ACTION}'"
+		exit 1
+esac
+
+logger -t wpa_cli "interface ${IFNAME} ${ACTION}"
+${EXEC} "${IFNAME}" || logger -t wpa_cli "executing '${EXEC}' failed"
diff --git a/user/wpa_supplicant/wpa_supplicant.confd b/user/wpa_supplicant/wpa_supplicant.confd
new file mode 100644
index 000000000..104b9dc5d
--- /dev/null
+++ b/user/wpa_supplicant/wpa_supplicant.confd
@@ -0,0 +1,6 @@
+# conf.d file for wpa_supplicant
+#
+# Please check man 8 wpa_supplicant for more information about the options
+# wpa_supplicant accepts.
+#
+wpa_supplicant_args=""
diff --git a/user/wpa_supplicant/wpa_supplicant.initd b/user/wpa_supplicant/wpa_supplicant.initd
new file mode 100644
index 000000000..988b267d1
--- /dev/null
+++ b/user/wpa_supplicant/wpa_supplicant.initd
@@ -0,0 +1,53 @@
+#!/sbin/openrc-run
+# Copyright (c) 2009 Roy Marples <roy@marples.name>
+# All rights reserved. Released under the 2-clause BSD license.
+
+command=/sbin/wpa_supplicant
+: ${wpa_supplicant_conf:=/etc/wpa_supplicant/wpa_supplicant.conf}
+wpa_supplicant_if=${wpa_supplicant_if:+-i}$wpa_supplicant_if
+command_args="$wpa_supplicant_args -B -c$wpa_supplicant_conf $wpa_supplicant_if"
+name="WPA Supplicant Daemon"
+
+depend()
+{
+	need localmount
+	use logger dbus
+	after bootmisc modules
+	before dns dhcpcd net
+	keyword -shutdown
+}
+
+find_wireless()
+{
+	local iface=
+	for iface in /sys/class/net/*; do
+		if [ -e "$iface"/wireless -o -e "$iface"/phy80211 ]; then
+			echo "${iface##*/}"
+			return 0
+		fi
+	done
+
+	return 1
+}
+
+append_wireless()
+{
+	local iface= i=
+
+	iface=$(find_wireless)
+	if [ -n "$iface" ]; then
+		for i in $iface; do
+			command_args="$command_args -i$i"
+		done
+	else
+		eerror "Could not find a wireless interface"
+	fi
+}
+
+start_pre()
+{
+	case " $command_args" in
+	*" -i"*) ;;
+	*) append_wireless;;
+	esac
+}
diff --git a/user/xf86-video-ati/APKBUILD b/user/xf86-video-ati/APKBUILD
new file mode 100644
index 000000000..b5d128d60
--- /dev/null
+++ b/user/xf86-video-ati/APKBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=xf86-video-ati
+pkgver=18.0.1
+pkgrel=0
+pkgdesc="ATI video driver"
+url="http://xorg.freedesktop.org/"
+arch="all"
+license="MIT"
+subpackages="$pkgname-doc"
+depends="mesa-dri-ati"
+makedepends="xorg-server-dev libxi-dev fontsproto randrproto util-macros
+	videoproto renderproto libdrm-dev xf86driproto glproto mesa-dev
+	xineramaproto eudev-dev pixman-dev"
+options="!check"
+source="http://www.x.org/releases/individual/driver/$pkgname-$pkgver.tar.bz2"
+builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+	cd "$builddir"
+	export LDFLAGS="$LDFLAGS -Wl,-z,lazy"
+
+	./configure \
+		--build=$CBUILD \
+		--host=$CHOST \
+		--prefix=/usr \
+		--enable-glamor
+	make
+}
+
+package() {
+	cd "$builddir"
+	make DESTDIR="$pkgdir" install
+	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+
+sha512sums="b468a78503a596bbf71a1b91b231ce1fa32908f619ff2dfe249352d046696a3641f2a9ff065e32545fff77100134b4b237591215e78ef885b6509d6b16112d14  xf86-video-ati-18.0.1.tar.bz2"