summaryrefslogtreecommitdiff
path: root/system
diff options
context:
space:
mode:
Diffstat (limited to 'system')
-rw-r--r--system/abuild/0001-abuild-add-env-option-to-require-tests.patch33
-rw-r--r--system/abuild/APKBUILD78
-rw-r--r--system/abuild/abuild.pre-install5
l---------system/abuild/abuild.pre-upgrade1
-rw-r--r--system/abuild/adelie-customisations.patch48
-rw-r--r--system/abuild/newapkbuild-cmake.patch35
-rw-r--r--system/abuild/posix-abuild.patch68
-rw-r--r--system/adelie-base/APKBUILD5
-rwxr-xr-xsystem/adelie-base/adduser2
-rw-r--r--system/bash/APKBUILD116
-rw-r--r--system/bash/bash-noinfo.patch11
-rw-r--r--system/bash/bash.post-upgrade3
-rw-r--r--system/bash/bash.pre-deinstall3
-rw-r--r--system/bash/bash44-sensible-defaults.patch25
-rw-r--r--system/bash/bashrc71
-rw-r--r--system/binutils/APKBUILD140
-rw-r--r--system/binutils/CVE-2017-7614.patch84
-rw-r--r--system/binutils/binutils-ld-fix-static-linking.patch46
-rw-r--r--system/binutils/disable-gnu-mbind.patch32
-rw-r--r--system/binutils/disable-ifunc-tests.patch12
-rw-r--r--system/binutils/disable-preinit-array-tests.patch29
-rw-r--r--system/binutils/gold-mips.patch39
-rw-r--r--system/binutils/hash-style-configure-flag.patch348
-rw-r--r--system/binutils/mips-illegal-memcpy.patch11
-rw-r--r--system/binutils/remove-no-static-plt-test.patch21
-rw-r--r--system/binutils/remove-pr19553c-test.patch14
-rw-r--r--system/binutils/remove-pr2404-tests.patch73
-rw-r--r--system/build-tools/APKBUILD4
-rw-r--r--system/clang/APKBUILD103
-rw-r--r--system/clang/clang-0001-Add-Alpine-Linux-distro.patch37
-rw-r--r--system/clang/clang-0002-Use-z-relro-on-Alpine-Linux.patch16
-rw-r--r--system/clang/clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch16
-rw-r--r--system/clang/clang-0004-Add-musl-targets.patch116
-rw-r--r--system/clang/clang-0005-Enable-PIE-by-default-for-alpine-linux.patch55
-rw-r--r--system/clang/clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch19
-rw-r--r--system/clang/clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch54
-rw-r--r--system/consolekit2/0001-busybox-reboot-and-poweroff-support.patch40
-rw-r--r--system/consolekit2/APKBUILD63
-rw-r--r--system/consolekit2/ac_disable_static.patch13
-rw-r--r--system/consolekit2/add-listseats.patch100
-rw-r--r--system/consolekit2/consolekit2.initd9
-rw-r--r--system/consolekit2/pam-foreground-compat.ck17
-rw-r--r--system/cups/APKBUILD135
-rw-r--r--system/cups/cups-no-export-ssllibs.patch12
-rw-r--r--system/cups/cups.logrotate8
-rw-r--r--system/cups/cups.pre-install8
-rw-r--r--system/cups/cupsd.initd44
-rw-r--r--system/cups/default-config-no-gssapi.patch26
-rw-r--r--system/dash/APKBUILD44
-rw-r--r--system/easy-kernel/APKBUILD50
-rw-r--r--system/easy-kernel/config-pmmx17
-rw-r--r--system/easy-kernel/config-ppc21
-rw-r--r--system/easy-kernel/config-ppc645
-rw-r--r--system/easy-kernel/config-x86_641550
-rw-r--r--system/gcc/001_all_default-ssp-strong.patch215
-rw-r--r--system/gcc/002_all_default-relro.patch33
-rw-r--r--system/gcc/003_all_default-fortify-source.patch40
-rw-r--r--system/gcc/005_all_default-as-needed.patch241
-rw-r--r--system/gcc/011_all_default-warn-format-security.patch43
-rw-r--r--system/gcc/012_all_default-warn-trampolines.patch25
-rw-r--r--system/gcc/020_all_msgfmt-libstdc++-link.patch39
-rw-r--r--system/gcc/050_all_libiberty-asprintf.patch18
-rw-r--r--system/gcc/051_all_libiberty-pic.patch10
-rw-r--r--system/gcc/053_all_libitm-no-fortify-source.patch27
-rw-r--r--system/gcc/067_all_gcc-poison-system-directories.patch194
-rw-r--r--system/gcc/090_all_pr55930-dependency-tracking.patch18
-rw-r--r--system/gcc/201-cilkrts.patch59
-rw-r--r--system/gcc/203-libgcc_s.patch56
-rw-r--r--system/gcc/204-linux_libc_has_function.patch25
-rw-r--r--system/gcc/205-nopie.patch75
-rw-r--r--system/gcc/207-static-pie.patch40
-rw-r--r--system/gcc/300-main-gcc-add-musl-s390x-dynamic-linker.patch32
-rw-r--r--system/gcc/310-build-gcj-s390x.patch28
-rw-r--r--system/gcc/320-libffi-gnulinux.patch13
-rw-r--r--system/gcc/APKBUILD644
-rw-r--r--system/gcc/ada-aarch64-multiarch.patch16
-rw-r--r--system/gcc/ada-fixes.patch35
-rw-r--r--system/gcc/ada-musl.patch137
-rw-r--r--system/gcc/ada-shared.patch30
-rw-r--r--system/gcc/add-classic_table-support.patch151
-rw-r--r--system/gcc/boehm-gc-musl.patch62
-rw-r--r--system/gcc/fix-cxxflags-passing.patch10
-rw-r--r--system/gcc/fix-gcj-iconv-musl.patch120
-rw-r--r--system/gcc/fix-gcj-musl.patch49
-rw-r--r--system/gcc/fix-gcj-stdgnu14-link.patch35
-rw-r--r--system/gcc/fix-rs6000-pie.patch59
-rw-r--r--system/gcc/gcc-4.8-build-args.patch41
-rw-r--r--system/gcc/gcc-4.9-musl-fortify.patch11
-rw-r--r--system/gcc/gcc-6.1-musl-libssp.patch20
-rw-r--r--system/gcc/gcc-pure64.patch89
-rw-r--r--system/gcc/libgcc-always-build-gcceh.a.patch39
-rw-r--r--system/libarchive/APKBUILD56
-rw-r--r--system/libarchive/CVE-2017-14166.patch36
-rw-r--r--system/libarchive/penis.patch11
-rw-r--r--system/llvm4/APKBUILD253
-rw-r--r--system/llvm4/cmake-fix-libLLVM-name.patch26
-rw-r--r--system/llvm4/disable-FileSystemTest.CreateDir-perms-assert.patch61
-rw-r--r--system/llvm4/fix-CheckAtomic.cmake.patch22
-rw-r--r--system/llvm4/llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch33
-rw-r--r--system/llvm4/llvm-fix-build-with-musl-libc.patch46
-rw-r--r--system/llvm4/silent-amdgpu-test-failing.patch40
-rw-r--r--system/mesa/APKBUILD252
-rw-r--r--system/mesa/disk_cache-stack-overflow.patch42
-rw-r--r--system/mesa/drmdeps.patch41
-rw-r--r--system/mesa/glx_ro_text_segm.patch28
-rw-r--r--system/mesa/musl-fix-includes.patch14
-rw-r--r--system/mesa/musl-fixes.patch22
-rw-r--r--system/mesa/python3-compat.patch106
-rw-r--r--system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch25
-rw-r--r--system/openrc/0002-force-root-be-rw-before-localmount.patch30
-rw-r--r--system/openrc/0003-sysctl-add-compatibility-for-busybox-sysctl.patch46
-rw-r--r--system/openrc/0004-hide-error-when-migrating-var-run-to-run.patch28
-rw-r--r--system/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch71
-rw-r--r--system/openrc/0006-mount-efivars-read-only.patch27
-rw-r--r--system/openrc/0007-make-consolefont-service-compatible-with-busyboxs-se.patch70
-rw-r--r--system/openrc/APKBUILD93
-rw-r--r--system/openrc/hostname.initd18
-rw-r--r--system/openrc/hwdrivers.initd32
-rw-r--r--system/openrc/keymaps.initd20
-rw-r--r--system/openrc/modloop.confd3
-rw-r--r--system/openrc/modloop.initd124
-rw-r--r--system/openrc/modules.initd29
-rw-r--r--system/openrc/openrc-configuration.patch20
-rw-r--r--system/openrc/openrc.logrotate4
-rw-r--r--system/openrc/openrc.post-install36
-rw-r--r--system/openrc/openrc.post-upgrade35
-rw-r--r--system/openrc/sysfsconf.initd66
-rw-r--r--system/openssh/APKBUILD181
-rw-r--r--system/openssh/bsd-compatible-realpath.patch62
-rw-r--r--system/openssh/fix-utmp.patch11
-rw-r--r--system/openssh/openssh-7.5p1-sandbox.patch23
-rw-r--r--system/openssh/openssh7.4-dynwindows.patch835
-rw-r--r--system/openssh/openssh7.4-peaktput.patch62
-rw-r--r--system/openssh/sftp-interactive.patch14
-rw-r--r--system/openssh/sshd.confd21
-rwxr-xr-xsystem/openssh/sshd.initd100
-rw-r--r--system/openssl/0002-busybox-basename.patch34
-rw-r--r--system/openssl/0003-use-termios.patch26
-rw-r--r--system/openssl/0004-fix-default-ca-path-for-apps.patch79
-rw-r--r--system/openssl/0005-fix-parallel-build.patch349
-rw-r--r--system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch68
-rw-r--r--system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch27
-rw-r--r--system/openssl/0009-no-rpath.patch11
-rw-r--r--system/openssl/0010-ssl-env-zlib.patch38
-rw-r--r--system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch88
-rw-r--r--system/openssl/1002-backport-changes-from-upstream-padlock-module.patch200
-rw-r--r--system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch782
-rw-r--r--system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch33
-rw-r--r--system/openssl/APKBUILD151
-rw-r--r--system/polkit/0001-Bug-50145-make-netgroup-support-optional.patch108
-rw-r--r--system/polkit/APKBUILD80
-rw-r--r--system/polkit/CVE-2013-4288.patch123
-rw-r--r--system/polkit/CVE-2015-3218.patch115
-rw-r--r--system/polkit/CVE-2015-3255.patch67
-rw-r--r--system/polkit/CVE-2015-4625.patch1008
-rw-r--r--system/polkit/automake.patch19
-rw-r--r--system/polkit/disable-ck-test.patch15
-rw-r--r--system/polkit/fix-consolekit-db-stat.patch30
-rw-r--r--system/polkit/fix-parallel-make.patch40
-rw-r--r--system/polkit/fix-test-fgetpwent.patch20
-rw-r--r--system/procps/APKBUILD73
-rw-r--r--system/procps/strtod.patch115
-rw-r--r--system/sudo/APKBUILD67
-rw-r--r--system/sudo/fix-cross-compile.patch15
-rw-r--r--system/sudo/libcrypt.patch11
-rw-r--r--system/sudo/musl-fix-headers.patch10
-rw-r--r--system/syslinux/APKBUILD60
-rw-r--r--system/syslinux/syslinux.post-upgrade61
-rw-r--r--system/syslinux/syslinux.trigger3
-rwxr-xr-xsystem/syslinux/update-extlinux252
-rw-r--r--system/syslinux/update-extlinux.conf75
-rw-r--r--system/vim/APKBUILD68
-rw-r--r--system/vim/vimrc18
-rw-r--r--system/wine/APKBUILD139
-rw-r--r--system/wine/no-pie.patch14
-rw-r--r--system/wine/nopie.patch10
-rw-r--r--system/wine/winhlp32-flex.patch9
177 files changed, 13952 insertions, 448 deletions
diff --git a/system/abuild/0001-abuild-add-env-option-to-require-tests.patch b/system/abuild/0001-abuild-add-env-option-to-require-tests.patch
new file mode 100644
index 000000000..49497421b
--- /dev/null
+++ b/system/abuild/0001-abuild-add-env-option-to-require-tests.patch
@@ -0,0 +1,33 @@
+From d85a92478fc8a95bdcb4bf84c30c20ca935abc08 Mon Sep 17 00:00:00 2001
+From: Carlo Landmeter <clandmeter@gmail.com>
+Date: Tue, 24 Oct 2017 14:48:52 +0200
+Subject: [PATCH] abuild: add env option to require tests
+
+This adds an env option REQUIRE_CHECK to require testsuites to
+be run. This does not clutter getopts so it can be safely removed
+afterwards when we enforce tests globally. This will allow our CI
+infrastructure to enforce testsuites where possible.
+---
+ abuild.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/abuild.in b/abuild.in
+index 41b465d..7e3c818 100644
+--- a/abuild.in
++++ b/abuild.in
+@@ -226,6 +226,12 @@ default_sanitycheck() {
+ check_secfixes_comment || return 1
+
+ makedepends_has 'g++' && ! options_has toolchain && warning "g++ should not be in makedepends"
++
++ if ! options_has "!check" && [ -n "$REQUIRE_CHECK" ]; then
++ (unset check; . "$APKBUILD"; type check >/dev/null 2>&1) || \
++ die "Testsuites (abuild check) are required or needs to be explicitly disabled!"
++ fi
++
+ return 0
+ }
+
+--
+2.14.2
+
diff --git a/system/abuild/APKBUILD b/system/abuild/APKBUILD
new file mode 100644
index 000000000..8dd1c12b6
--- /dev/null
+++ b/system/abuild/APKBUILD
@@ -0,0 +1,78 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=abuild
+pkgver=3.1.0
+_ver=${pkgver%_git*}
+pkgrel=2
+pkgdesc="Script to build Alpine Packages"
+url="http://git.alpinelinux.org/cgit/abuild/"
+arch="all"
+license="GPL-2.0"
+depends="fakeroot sudo pax-utils openssl apk-tools>=2.0.7-r1 libc-utils
+ attr libarchive-tools pkgconf patch lzip"
+if [ "$CBUILD" = "$CHOST" ]; then
+ depends="$depends curl"
+fi
+makedepends_build="pkgconfig"
+makedepends_host="openssl-dev zlib-dev"
+makedepends="$makedepends_host $makedepends_build"
+install="$pkgname.pre-install $pkgname.pre-upgrade"
+subpackages="apkbuild-cpan:cpan:noarch apkbuild-gem-resolver:gems:noarch
+ abuild-rootbld:_rootbld:noarch"
+options="suid !check"
+pkggroups="abuild"
+source="http://dev.alpinelinux.org/archive/abuild/abuild-$_ver.tar.xz
+ posix-abuild.patch
+ newapkbuild-cmake.patch
+ adelie-customisations.patch
+ 0001-abuild-add-env-option-to-require-tests.patch
+ "
+builddir="$srcdir/$pkgname-$_ver"
+
+prepare() {
+ default_prepare
+
+ cd "$builddir"
+ sed -i -e "/^CHOST=/s/=.*/=$CHOST/" abuild.conf
+}
+
+build() {
+ cd "$builddir"
+ make VERSION="$pkgver-r$pkgrel"
+}
+
+package() {
+ cd "$builddir"
+
+ make install VERSION="$pkgver-r$pkgrel" DESTDIR="$pkgdir"
+
+ install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf
+ install -d -m 775 -g abuild "$pkgdir"/var/cache/distfiles
+}
+
+cpan() {
+ pkgdesc="Script to generate perl APKBUILD from CPAN"
+ depends="perl perl-libwww perl-json perl-module-build-tiny"
+
+ mkdir -p "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/apkbuild-cpan "$subpkgdir"/usr/bin/
+}
+
+gems() {
+ pkgdesc="APKBUILD dependency resolver for RubyGems"
+ depends="ruby ruby-augeas"
+
+ mkdir -p "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/apkbuild-gem-resolver "$subpkgdir"/usr/bin/
+}
+
+_rootbld() {
+ pkgdesc="Build packages in chroot"
+ depends="abuild bubblewrap gettext git"
+ mkdir -p "$subpkgdir"
+}
+
+sha512sums="bb9093d67942e3a63e4e053692c0bca30940cae05955518206cd9f7029211a188b7f442456ae126e61cbdca224eddb31e967d5cf0637e16893163cc963871a52 abuild-3.1.0.tar.xz
+86194084e95cdb42d4b1bc3d4ff2b8144125aa4e7f74f8c97023c55f2304d27d8c377baf5075666c9b43323506357b962d83d4a30a3f41cde7b53542889adf2d posix-abuild.patch
+705c393b37c37a364473590190122a43a2962946290a873e6685cd4eb43c4874bfdf7489e7b655f870b332dee38edca5dcf2d3906461001875a55b9e6549b824 newapkbuild-cmake.patch
+e27f29b94fe55fe59ab9dc28986cd1755a41221ad6b4457c7c0b268e561f7c6946ea6fcb8b7ace897acfde2e4660ec7150ef43fb0c71c6c20dfd38aa1d062140 adelie-customisations.patch
+e02cc44c8ad9dd61c9b80684b8cf5b64477a6fd6221cde9efea2a7594c6e7ce01a51f8bd4b80d72f82f7caf93217979fb0b354c420983891fa93f34c4252a035 0001-abuild-add-env-option-to-require-tests.patch"
diff --git a/system/abuild/abuild.pre-install b/system/abuild/abuild.pre-install
new file mode 100644
index 000000000..fd3d39a36
--- /dev/null
+++ b/system/abuild/abuild.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+addgroup -S abuild 2>/dev/null
+
+exit 0
diff --git a/system/abuild/abuild.pre-upgrade b/system/abuild/abuild.pre-upgrade
new file mode 120000
index 000000000..99e4a2144
--- /dev/null
+++ b/system/abuild/abuild.pre-upgrade
@@ -0,0 +1 @@
+abuild.pre-install \ No newline at end of file
diff --git a/system/abuild/adelie-customisations.patch b/system/abuild/adelie-customisations.patch
new file mode 100644
index 000000000..db7280abc
--- /dev/null
+++ b/system/abuild/adelie-customisations.patch
@@ -0,0 +1,48 @@
+diff --git a/functions.sh.in b/functions.sh.in
+index 4f2c023..a4de25c 100644
+--- a/functions.sh.in
++++ b/functions.sh.in
+@@ -5,16 +5,20 @@ program=${0##*/}
+
+ arch_to_hostspec() {
+ case "$1" in
+- aarch64) echo "aarch64-alpine-linux-musl" ;;
+- armel) echo "armv5-alpine-linux-musleabi" ;;
+- armhf) echo "armv6-alpine-linux-muslgnueabihf" ;;
+- armv7) echo "armv7-alpine-linux-musleabihf" ;;
+- ppc) echo "powerpc-alpine-linux-musl" ;;
+- ppc64) echo "powerpc64-alpine-linux-musl" ;;
+- ppc64le) echo "powerpc64le-alpine-linux-musl" ;;
+- s390x) echo "s390x-alpine-linux-musl" ;;
+- x86) echo "i586-alpine-linux-musl" ;;
+- x86_64) echo "x86_64-alpine-linux-musl" ;;
++ aarch64) echo "aarch64-foxkit-linux-musl" ;;
++ armel) echo "armv5-foxkit-linux-musleabi" ;;
++ armhf) echo "armv6-foxkit-linux-muslgnueabihf" ;;
++ armv7) echo "armv7-foxkit-linux-musleabihf" ;;
++ i528) echo "pentium4-foxkit-linux-musl" ;;
++ mips) echo "mips-foxkit-linux-musl" ;;
++ mips32) echo "mips32el-foxkit-linux-musl" ;;
++ pmmx) echo "i586-foxkit-linux-musl" ;;
++ ppc) echo "powerpc-foxkit-linux-musl" ;;
++ ppc64) echo "powerpc64-foxkit-linux-musl" ;;
++ ppc64le) echo "powerpc64le-foxkit-linux-musl" ;;
++ s390x) echo "s390x-foxkit-linux-musl" ;;
++ x86) echo "i486-foxkit-linux-musl" ;;
++ x86_64) echo "x86_64-foxkit-linux-musl" ;;
+ *) echo "unknown" ;;
+ esac
+ }
+@@ -25,7 +29,11 @@ hostspec_to_arch() {
+ arm*-*-*-*eabi) echo "armel" ;;
+ armv6*-*-*-*eabihf) echo "armhf" ;;
+ armv7*-*-*-*eabihf) echo "armv7" ;;
+- i[0-9]86-*-*-*) echo "x86" ;;
++ i486-*-*-*) echo "x86" ;;
++ i586-*-*-*) echo "pmmx" ;;
++ mips32*-*-*-*) echo "mips32" ;;
++ mips*-*-*-*) echo "mips" ;;
++ pentium4-*-*-*) echo "i528" ;;
+ powerpc-*-*-*) echo "ppc" ;;
+ powerpc64-*-*-*) echo "ppc64" ;;
+ powerpc64le-*-*-*) echo "ppc64le" ;;
diff --git a/system/abuild/newapkbuild-cmake.patch b/system/abuild/newapkbuild-cmake.patch
new file mode 100644
index 000000000..e83ba753a
--- /dev/null
+++ b/system/abuild/newapkbuild-cmake.patch
@@ -0,0 +1,35 @@
+From 4e0fb906bb3c77f307763a9565295e7d23a3b5e7 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 11 Oct 2017 17:47:23 -0500
+Subject: [PATCH] newapkbuild: add default check to CMake and RelWithDebugInfo
+ type
+
+---
+ newapkbuild.in | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/newapkbuild.in b/newapkbuild.in
+index c11aa39..d1cf2b9 100644
+--- a/newapkbuild.in
++++ b/newapkbuild.in
+@@ -66,11 +66,16 @@ build_cmake() {
+ -DCMAKE_INSTALL_PREFIX=/usr \\
+ -DCMAKE_INSTALL_LIBDIR=lib \\
+ -DBUILD_SHARED_LIBS=True \\
+- -DCMAKE_BUILD_TYPE=Release \\
++ -DCMAKE_BUILD_TYPE=RelWithDebugInfo \\
+ -DCMAKE_CXX_FLAGS="\$CXXFLAGS" \\
+ -DCMAKE_C_FLAGS="\$CFLAGS" \\
+ \${CMAKE_CROSSOPTS}
+ make
++}
++
++check() {
++ cd "\$builddir"
++ CTEST_OUTPUT_ON_FAILURE=TRUE ctest
+ __EOF__
+ }
+
+--
+2.14.1
+
diff --git a/system/abuild/posix-abuild.patch b/system/abuild/posix-abuild.patch
new file mode 100644
index 000000000..ae95bec72
--- /dev/null
+++ b/system/abuild/posix-abuild.patch
@@ -0,0 +1,68 @@
+--- src/abuild.in 2017-09-19 07:02:57.000000000 -0500
++++ src/abuild.in 2017-09-23 22:34:32.534221312 -0500
+@@ -1,4 +1,4 @@
+-#!/bin/ash -e
++#!/bin/sh -e
+
+ # abuild - build apk packages (light version of makepkg)
+ # Copyright (c) 2008-2015 Natanael Copa <ncopa@alpinelinux.org>
+@@ -425,11 +425,11 @@
+ tar -C "$srcdir" --lzip -xf "$s" || return 1;;
+ *.tar.lzma)
+ msg "Unpacking $s..."
+- unlzma -c "$s" | tar -C "$srcdir" -x \
++ unlzma -c "$s" | tar -C "$srcdir" -f - -x \
+ || return 1;;
+ *.tar.xz)
+ msg "Unpacking $s..."
+- unxz -c "$s" | tar -C "$srcdir" -x || return 1;;
++ unxz -c "$s" | tar -C "$srcdir" -f - -x || return 1;;
+ *.zip)
+ msg "Unpacking $s..."
+ unzip -n -q "$s" -d "$srcdir" || return 1;;
+@@ -476,7 +476,7 @@
+ subpkgarch=${_splitarch#*:}
+ if [ "$subpkgarch" = "$_splitarch" -o -z "$subpkgarch" ]; then
+ case "$subpkgname" in
+- *-doc | *-lang | *-lang-*) subpkgarch="noarch" ;;
++ *-doc | *-lang | *-lang-* | *-openrc) subpkgarch="noarch" ;;
+ *) subpkgarch="$pkgarch" ;;
+ esac
+ fi
+@@ -1395,7 +1395,7 @@
+ touch .dummy
+ set -- .dummy
+ fi
+- tar --xattrs -f - -c "$@" | abuild-tar --hash | gzip -9 >"$dir"/data.tar.gz
++ tar --format pax --xattrs -f - -c "$@" | abuild-tar --hash | gzip -9 >"$dir"/data.tar.gz
+
+ msg "Create checksum..."
+ # append the hash for data.tar.gz
+@@ -1404,7 +1404,7 @@
+
+ # control.tar.gz
+ cd "$dir"
+- tar -f - -c $(cat "$dir"/.metafiles) | abuild-tar --cut \
++ tar --format pax -f - -c $(cat "$dir"/.metafiles) | abuild-tar --cut \
+ | gzip -9 > control.tar.gz
+ abuild-sign -q control.tar.gz || exit 1
+
+@@ -1483,9 +1483,7 @@
+
+ # predefined function check
+ default_check() {
+- warning "APKBUILD does not run any tests!"
+- msg2 "Alpine policy will soon require that packages have any relevant testsuites run during the build process."
+- msg2 "To fix, either define a check() function, or declare !check in \$options to indicate the package does not have a testsuite."
++ die "APKBUILD does not run any tests!"
+ }
+
+ check() {
+@@ -2337,6 +2335,7 @@
+ }
+
+ usage() {
++ echo "$program $program_version"
+ cat <<-EOF
+ usage: $program [options] [-P REPODEST] [-s SRCDEST] [-D DESCRIPTION] [cmd] ...
+ $program [-c] -n PKGNAME[-PKGVER]
diff --git a/system/adelie-base/APKBUILD b/system/adelie-base/APKBUILD
index 7598e83a4..cbd38f552 100644
--- a/system/adelie-base/APKBUILD
+++ b/system/adelie-base/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=adelie-base
pkgver=0.4.0
-pkgrel=0
+pkgrel=2
pkgdesc="The Adélie Linux Base System"
url="http://adelielinux.org/"
arch="noarch"
@@ -43,6 +43,7 @@ package() {
make install DESTDIR="$pkgdir"
install -m644 "$srcdir"/group "$pkgdir"/etc/group
install -m644 "$srcdir"/passwd "$pkgdir"/etc/passwd
+ install -m640 -g shadow "$builddir"/tree/etc/shadow "$pkgdir"/etc/shadow
# stupid inflatable stupid busybox
for i in adduser addgroup; do
@@ -83,4 +84,4 @@ sha512sums="557cc53610c3fed8d570f0c0048370eb633f87b72df52fac73b3f3b4327cf7619141
e6775b9e1c6421338aaceee375b3b74aa100fd444e369b280ce45c9167119b76bebc11737d7f929e50e20a553a35e0e25f7d0f71deb0483d3bccc08e319dcf98 group
9eede0c1cd56a9ffb5227cc9446cdb1bbe73d5f17cd5ee99cf29acca3160f3a96d79e1420311a140f9d9f32950b9823b33ad84dadf7b85921d4f1a945dd5a252 passwd
a5035c18efc50be5d0c8dd452619d781da09c9441ed53462c99693170d1ae2b4306a81846e42b616c5ef8cd5b6fbbf047f93ae5ee9613126581cf701b3a6ade7 addgroup
-9e53246d7674279b64962eb45060f07a752f86e9b3cee49b4b05be4dd13113b03c18e62381c92546fae9b05b3dc6100f29cea48c716b3219d973444f71e1fd5a adduser"
+f50be377c781b1eefb1804ac9d96b4ebc64f80abe0d12b288413687a000e79ca30c531bbced2c63f9e4df59b1d8a71d0eda09ee82782eaafea453f2f1c2f7b8f adduser"
diff --git a/system/adelie-base/adduser b/system/adelie-base/adduser
index ba9d90a61..5c458045d 100755
--- a/system/adelie-base/adduser
+++ b/system/adelie-base/adduser
@@ -68,7 +68,7 @@ if [ -n "$MYGROUPS" ]; then
fi
if [ -n "$HOMEDIR" ]; then
- CMDLINE="$CMDLINE -m -d \"$HOMEDIR\" -k \"$SKEL\""
+ CMDLINE="$CMDLINE -m -d $HOMEDIR -k $SKEL"
fi
if [ $SYSTEM -ne 0 ]; then
diff --git a/system/bash/APKBUILD b/system/bash/APKBUILD
new file mode 100644
index 000000000..c5a476b1a
--- /dev/null
+++ b/system/bash/APKBUILD
@@ -0,0 +1,116 @@
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: TBK <alpine@jjtc.eu>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bash
+pkgver=4.4.12
+_patchlevel=${pkgver##*.}
+_myver=${pkgver%.*}
+_patchbase=${_myver/./}
+pkgrel=2
+pkgdesc="The GNU Bourne Again shell"
+url="http://www.gnu.org/software/bash/bash.html"
+arch="all"
+license="GPL3+"
+makedepends_build="bison flex"
+makedepends_host="readline-dev ncurses-dev"
+depends=""
+options="!checkroot"
+install="$pkgname.post-upgrade $pkgname.pre-deinstall"
+subpackages="$pkgname-doc $pkgname-binsh:binsh:noarch"
+source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz
+ bash-noinfo.patch
+ bash44-sensible-defaults.patch
+ bashrc
+ "
+# generate url's to patches. note: no forks allowed!
+_i=1
+_pad="00"
+while [ $_i -le $_patchlevel ]; do
+ [ $_i -ge 10 ] && _pad="0"
+ [ $_i -ge 100 ] && _pad=
+ source="$source http://ftp.gnu.org/gnu/bash/bash-$_myver-patches/bash$_patchbase-$_pad$_i"
+ _i=$(( $_i + 1))
+done
+
+# secfixes:
+# 4.4.12-r1:
+# - CVE-2016-0634
+
+builddir="$srcdir"/$pkgname-$_myver
+
+prepare() {
+ cd "$builddir"
+
+ # NOTE: This section is for applying the vendor patches, which are required to fix
+ # security holes. `default_prepare` does *not* apply vendor patches in the format
+ # shipped with bash. We also need to make sure vendor patches are applied before
+ # our own.
+ # If you disagree, please request an experimental rebuild with bash as /bin/sh,
+ # before removing this section.
+ for p in $source; do
+ case $p in
+ */bash[0-9][0-9]-[0-9]*)
+ msg "$p (vendor)"
+ patch -p0 -i "$srcdir"/${p##*/} || return 1
+ ;;
+ esac
+ done
+
+ default_prepare
+ update_config_sub
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --bindir=/bin \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --with-curses \
+ --disable-nls \
+ --enable-readline \
+ --without-bash-malloc \
+ --with-installed-readline
+ # parallel build workarounds
+ make y.tab.c && make builtins/libbuiltins.a && make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd ${startdir}/src/${pkgname}-${_myver}
+ make DESTDIR=${pkgdir} install
+
+ rm -rf "$pkgdir"/usr/share/locale
+ install -D -m755 "$srcdir"/bashrc "$pkgdir"/etc/bash/bashrc
+}
+
+binsh() {
+ pkgdesc="Use bash as /bin/sh"
+ provides="/bin/sh"
+ mkdir -p "$subpkgdir"/bin
+ ln -s /bin/bash "$subpkgdir"/bin/sh
+}
+
+sha512sums="73de3b425faaac55e45456b0f6f6d8077b5dfa7bb76e0d1894a19361b4a2b6bd4fbbe182117ddbfe9b07b4d898fba03537c261badc9533dd3c0da891764c7f29 bash-4.4.tar.gz
+9d8845491d0fe335bdd8e9a2bd98bda54bfed2ae3c35b2196c6d5a38bdf96c4d97572ba7d6b19ab605ef4e8f001f64cf3312f87dedebb9e37a95ad2c44e33cdb bash-noinfo.patch
+388433e9ab25948747adfa7c2b98021799d5d396e8771d09b5b079054380af3f299f78abef144fe93908f6eff252658137c95ebba9418fe385f0cecbb5795f24 bash44-sensible-defaults.patch
+2b6e2e34328f091cbe0882833eab99c6fddbe19a5942382c4c1fbe5b1d20158cfcfcaaaea1f941b9a481be0507b7ea55e6048f79246657019713f0b201318e45 bashrc
+fa7a1b277eb3bad6ae7d2c7a2887cbf2c0eb75b7fee8ed03ec1e9d45879a2fb4b8c7cb16d6b029987493b01a461214bd9a24454a6837e7cfe180b1bc56f61caa bash44-001
+526f986057810f89080e283ff95b3a8fd24d37e4ad2f18c39f36d3a2d57956a6441d16220082157735e3c5ccf770d5016e761aa5f309129898e39277d576e6b5 bash44-002
+e61db89bdd1a7ae15013fe258046a343c9ea41e5a1c6d2c810947500a617fce7536b8d51194e14bb42499fe0de6d70cc9b2c81da0afdcb5a2278459f4f76d748 bash44-003
+7570cf15518f79230cfe91b3e58c795c16c7fb6ba6418d967355b36fb7982e7919a9eaaef9177fb605c7fb7d7efb8a8335e725c1bacffff69a098433f5adc9c7 bash44-004
+7546a6c90c8e8508567dde713722291477ca87c1116905b46432514a4fc632840a855b84f102591914cd4c44d5bf2eb7400866e26366fc94525fb401ea844a8f bash44-005
+5edcd76cf97bfe289f71924ba279ff48a1167eb3cc36f811cbcc23732746f5c821d1d39d4b137b7d99d57809a4b7270a54f4a41176fcfde0708bf92ddc68b77f bash44-006
+386c019debee414697abc648d9a77894e842bb0b7a2a71709e8b3398582f25065e68963405fa22fb77439c6b431ee94a2ecbb16734c2436af3dfb4d1b5f06fcf bash44-007
+d9a8924f1c9263deab89153bb688a87f211913ebd72c8077e607db6fdddc7e5af05042dd22a9a2df593e518ea74b54ca79d20afc796e47d871827a2556e233d0 bash44-008
+3b01c080cf4a54658679b36c282a69a9ac48b900b19ceb42dbaf084abd395d50e5ff14db90a7fdf0c9856dad150897dca561160686c931634765782447fc076e bash44-009
+54ff556b62fd88381e7a495db50957b016474973b3a566661c65b649a40960f2d3355221b3a71fb292128aad92a45d73d9816d63833bc416b4d15acdef391b98 bash44-010
+6b5b068b74978fc691749ccff5e094c768047f702430e97114f5bf342f078696f7d7616d0642d4061b062e9112dfe00a1c2309c65de4147e0e98fb52c593d844 bash44-011
+4661c4c132f2ea7c9a70368301041c482d5820d8389334a7e3ae44c36fc16c171b20db2f194b7663c84d6c3dcef81aa90f050a48e205218fc7bd3395d09c6a51 bash44-012"
diff --git a/system/bash/bash-noinfo.patch b/system/bash/bash-noinfo.patch
new file mode 100644
index 000000000..bf4f0956a
--- /dev/null
+++ b/system/bash/bash-noinfo.patch
@@ -0,0 +1,11 @@
+--- a/doc/Makefile.in
++++ b/doc/Makefile.in
+@@ -247,7 +247,7 @@
+ $(SHELL) $(SUPPORT_SRCDIR)/mkinstalldirs $(DESTDIR)$(htmldir) ; \
+ fi
+
+-install: info installdirs
++install: installdirs
+ -$(INSTALL_DATA) $(srcdir)/bash.1 $(DESTDIR)$(man1dir)/bash${man1ext}
+ -$(INSTALL_DATA) $(srcdir)/bashbug.1 $(DESTDIR)$(man1dir)/bashbug${man1ext}
+ -$(INSTALL_DATA) $(OTHER_DOCS) $(DESTDIR)$(docdir)
diff --git a/system/bash/bash.post-upgrade b/system/bash/bash.post-upgrade
new file mode 100644
index 000000000..92ea8d928
--- /dev/null
+++ b/system/bash/bash.post-upgrade
@@ -0,0 +1,3 @@
+#!/bin/sh
+add-shell '/bin/bash'
+exit 0
diff --git a/system/bash/bash.pre-deinstall b/system/bash/bash.pre-deinstall
new file mode 100644
index 000000000..d110afedd
--- /dev/null
+++ b/system/bash/bash.pre-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+remove-shell '/bin/bash'
+exit 0
diff --git a/system/bash/bash44-sensible-defaults.patch b/system/bash/bash44-sensible-defaults.patch
new file mode 100644
index 000000000..4d11afd2d
--- /dev/null
+++ b/system/bash/bash44-sensible-defaults.patch
@@ -0,0 +1,25 @@
+diff -Naur bash-4.4/config-top.h bash-4.4-adelieconf/config-top.h
+--- bash-4.4/config-top.h 2016-05-19 18:34:02.000000000 +0000
++++ bash-4.4-adelieconf/config-top.h 2018-02-06 01:07:33.736749439 +0000
+@@ -87,10 +87,10 @@
+ #define DEFAULT_BASHRC "~/.bashrc"
+
+ /* System-wide .bashrc file for interactive shells. */
+-/* #define SYS_BASHRC "/etc/bash.bashrc" */
++#define SYS_BASHRC "/etc/bash/bashrc"
+
+ /* System-wide .bash_logout for login shells. */
+-/* #define SYS_BASH_LOGOUT "/etc/bash.bash_logout" */
++#define SYS_BASH_LOGOUT "/etc/bash/bash_logout"
+
+ /* Define this to make non-interactive shells begun with argv[0][0] == '-'
+ run the startup files when not in posix mode. */
+@@ -100,7 +100,7 @@
+ sshd and source the .bashrc if so (like the rshd behavior). This checks
+ for the presence of SSH_CLIENT or SSH2_CLIENT in the initial environment,
+ which can be fooled under certain not-uncommon circumstances. */
+-/* #define SSH_SOURCE_BASHRC */
++#define SSH_SOURCE_BASHRC
+
+ /* Define if you want the case-capitalizing operators (~[~]) and the
+ `capcase' variable attribute (declare -c). */
diff --git a/system/bash/bashrc b/system/bash/bashrc
new file mode 100644
index 000000000..c4ae18bb9
--- /dev/null
+++ b/system/bash/bashrc
@@ -0,0 +1,71 @@
+# Welcome to Adélie Linux
+# /etc/bash/bashrc - run by bash on every startup
+
+# Prior to 1.0a3, we did a lot of heavy lifting here.
+# Massive cleanup for 1.0a3 makes things faster and more efficient.
+
+# No interactivity = no point
+if [[ $- != *i* ]]; then
+ return
+fi
+
+# Extra stat(3) call to invalidate hash cache. Better UX, but lots of waste.
+# shopt -s checkhash
+
+# Handle window resizing after a curses program quits
+shopt -s checkwinsize
+
+# Append instead of overwriting histfile.
+shopt -s histappend
+
+# Allow users to correct typos in history substs.
+shopt -s histreedit
+
+# Save commands as they were typed.
+shopt -s lithist
+
+# Don't show every command available if a user types \t on a bare line
+shopt -s no_empty_cmd_completion
+
+# Expand things like \n \r \t when using built-in echo(1).
+shopt -s xpg_echo
+
+
+do_colour() {
+ local colourise=false
+ LS_COLORS=
+ eval "$(dircolors -b)"
+ if [[ -n ${LS_COLORS:+set} ]]; then
+ colourise=true
+ else
+ unset LS_COLORS
+ fi
+
+ if ${colourise} ; then
+ if [[ ${EUID} == 0 ]] ; then
+ PS1='\[\e[01m\]\h\[\e[22m\] \[\e[01;36m\]\w\[\e[00m\] \[\e[01;31m\]\$\[\e[00m\] '
+ else
+ PS1='\u on \[\e[01m\]\h\[\e[22m\] \w \[\e[01;32m\$\[\e[00m\] '
+ fi
+
+ alias ls='ls --color=auto'
+ alias grep='grep --colour=auto'
+ alias egrep='egrep --colour=auto'
+ alias fgrep='fgrep --colour=auto'
+ else
+ if [[ ${EUID} == 0 ]] ; then
+ # show root@ when we don't have colors
+ PS1='! \u on \h \w \$ '
+ else
+ PS1='\u on \h \w \$ '
+ fi
+ fi
+}
+
+do_colour
+
+for sh in /etc/bash/bashrc.d/* ; do
+ [[ -r ${sh} ]] && source "${sh}"
+done
+
+unset do_colour
diff --git a/system/binutils/APKBUILD b/system/binutils/APKBUILD
new file mode 100644
index 000000000..5fa5c7d6e
--- /dev/null
+++ b/system/binutils/APKBUILD
@@ -0,0 +1,140 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=binutils
+pkgver=2.30
+pkgrel=0
+pkgdesc="Tools necessary to build programs"
+url="http://www.gnu.org/software/binutils/"
+depends=""
+makedepends_build="bison flex texinfo"
+makedepends_host="zlib-dev"
+makedepends="$makedepends_build $makedepends_host"
+checkdepends="dejagnu"
+arch="all"
+license="GPL2 GPL3+ LGPL2 BSD"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+[ "${CARCH}" != "mips" ] && subpackages="$subpackages $pkgname-gold"
+# non-PIC is unsupported by musl/ppc
+[ "${CARCH}" == "ppc" ] && options='!check'
+source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.xz
+ binutils-ld-fix-static-linking.patch
+ disable-gnu-mbind.patch
+ disable-ifunc-tests.patch
+ disable-preinit-array-tests.patch
+ mips-illegal-memcpy.patch
+ remove-no-static-plt-test.patch
+ remove-pr2404-tests.patch
+ remove-pr19553c-test.patch
+ gold-mips.patch
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+if [ "$CHOST" != "$CTARGET" ]; then
+ pkgname="$pkgname-$CTARGET_ARCH"
+ subpackages=""
+ options="!check"
+ sonameprefix="$pkgname:"
+fi
+
+# secfixes:
+# 2.28-r1:
+# - CVE-2017-7614
+
+build() {
+ local _sysroot=/
+ local _cross_configure="--enable-install-libiberty"
+ local _arch_configure=""
+
+ if [ "$CHOST" != "$CTARGET" ]; then
+ _sysroot="$CBUILDROOT"
+ _cross_configure="--disable-install-libiberty"
+ fi
+
+ if [ "$CTARGET_ARCH" = "x86_64" ]; then
+ _arch_configure="--enable-targets=x86_64-pep"
+ fi
+
+ case "$CTARGET_ARCH" in
+ mips*) _hash_style_configure="--enable-default-hash-style=sysv" ;;
+ *) _hash_style_configure="--enable-default-hash-style=gnu" ;;
+ esac
+
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --target=$CTARGET \
+ --with-build-sysroot="$CBUILDROOT" \
+ --with-sysroot=$_sysroot \
+ --prefix=/usr \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --disable-multilib \
+ --enable-shared \
+ --enable-ld=default \
+ --enable-64-bit-bfd \
+ --enable-plugins \
+ --enable-relro \
+ --enable-gold \
+ --enable-deterministic-archives \
+ $_cross_configure \
+ $_arch_configure \
+ $_hash_style_configure \
+ --disable-werror \
+ --disable-nls \
+ --with-system-zlib \
+ || return 1
+ make || return 1
+}
+
+package() {
+ cd "$builddir"
+ make install DESTDIR="$pkgdir" || return 1
+ if [ -d "$pkgdir"/usr/lib64 ]; then
+ mv "$pkgdir"/usr/lib64/* "$pkgdir"/usr/lib/
+ rmdir "$pkgdir"/usr/lib64
+ fi
+ if [ "$CHOST" != "$CTARGET" ]; then
+ # creating cross tools: remove any files that would conflict
+ # with the native tools, or other cross tools
+ rm -r "$pkgdir"/usr/share
+ rm -f "$pkgdir"/usr/lib/libiberty.a
+ fi
+}
+
+check() {
+ cd "$builddir"
+ # We can't run the gold test suite, because it cannot be used
+ # on a system with default PIE/PIC.
+ make -C binutils check
+ make -C gas check
+ make -C ld check
+}
+
+libs() {
+ pkgdesc="Runtime libraries from binutils - libbfd and libopcodes"
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/lib*.so "$subpkgdir"/usr/lib/ || return 1
+}
+
+gold() {
+ pkgdesc="GNU binutils - gold linker"
+
+ if [ -e "$pkgdir"/usr/bin/ld.gold ]; then
+ mkdir -p "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/ld.gold "$subpkgdir"/usr/bin
+ fi
+ mkdir -p "$subpkgdir"/usr/$CTARGET/bin
+ mv "$pkgdir"/usr/$CTARGET/bin/ld.gold "$subpkgdir"/usr/$CTARGET/bin/ld.gold
+}
+
+sha512sums="e747ea20d8d79fcd21b9d9f6695059caa7189d60f19256da398e34b789fea9a133c32b192e9693b5828d27683739b0198431bf8b3e39fb3b04884cf89d9aa839 binutils-2.30.tar.xz
+ecee33b0e435aa704af1c334e560f201638ff79e199aa11ed78a72f7c9b46f85fbb227af5748e735fd681d1965fcc42ac81b0c8824e540430ce0c706c81e8b49 binutils-ld-fix-static-linking.patch
+d378fdf1964f8f2bd0b1e62827ac5884bdf943aa435ec89c29fc84bb045d406b733fffaff8fdd8bd1cba8ddea7701c4cf6ccf3ed76a8a3df9c72b447737575a6 disable-gnu-mbind.patch
+ba2b5c8cdfa95db7a1f05da8a2c1ffc3bcb35300abf7061e52249d9b29037e3fdef1aed830686bca2df74b9f5d48684e9c8e2f49715455bf90dca6e3bfc077eb disable-ifunc-tests.patch
+3537752e63cef0b5ef136d003ff7e814ba66b12624d817430112d0f291a792e8960fa69a78036f526af835441b3ee483d6a53d55c7b3dd8ee96f0399682dbcbe disable-preinit-array-tests.patch
+06422157349abf02e79a5ef8bd9f51100e7e996aab65250d518e0cf0d7ac8ed922d3bf1603c4f5b4fd8fb179266b7b4c41db32dcb241d60a7f1c21d1df0c36dd mips-illegal-memcpy.patch
+b40f9a3841a7af8fc12e8a4044cd672df5614bfda8461b0ca45efa57a42c3bc8490e491ea490c6c05d319a52d69993c4fca33a0aeb044090e7b7f4e4e30c6517 remove-no-static-plt-test.patch
+32ab4215669c728648179c124632467573a3d4675e79f0f0d221c22eb2ec1ca5488b79910bd09142f90a1e0d0b81d99ca4846297f4f9561f158db63745facb66 remove-pr2404-tests.patch
+39ef9c76dd5db6b15f11ffa8061f7ca844fb79c3fb9879c3b1466eef332a28b833597c87003ab9f260b1b85023fae264659088aee27cad7e5aa77b2d58b9a3f6 remove-pr19553c-test.patch
+f55cf2e0bf82f97583a1abe10710e4013ecf7d64f1da2ef8659a44a06d0dd8beaf58dab98a183488ea137f03e32d62efc878d95f018f836f8cec870bc448556f gold-mips.patch"
diff --git a/system/binutils/CVE-2017-7614.patch b/system/binutils/CVE-2017-7614.patch
new file mode 100644
index 000000000..5f3b550f2
--- /dev/null
+++ b/system/binutils/CVE-2017-7614.patch
@@ -0,0 +1,84 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+
+ PR binutils/21342
+ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+ dereference.
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+---
+ bfd/elflink.c | 35 +++++++++++++++++++++--------------
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+
+diff --git a/bfd/elflink.c b/bfd/elflink.c
+index 776357f..9bf75c8 100644
+--- a/bfd/elflink.c
++++ b/bfd/elflink.c
+@@ -119,15 +119,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+ defined in shared libraries can't be overridden, because we
+ lose the link to the bfd which is via the symbol section. */
+ h->root.type = bfd_link_hash_new;
++ bh = &h->root;
+ }
++ else
++ bh = NULL;
+
+- bh = &h->root;
+ bed = get_elf_backend_data (abfd);
+ if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+ sec, 0, NULL, FALSE, bed->collect,
+ &bh))
+ return NULL;
+ h = (struct elf_link_hash_entry *) bh;
++ BFD_ASSERT (h != NULL);
+ h->def_regular = 1;
+ h->non_elf = 0;
+ h->root.linker_def = 1;
+@@ -12038,24 +12041,28 @@ bfd_elf_final_link (bfd *abfd, struct bfd_link_info *info)
+ {
+ /* Finish up and write out the symbol string table (.strtab)
+ section. */
+- Elf_Internal_Shdr *symstrtab_hdr;
++ Elf_Internal_Shdr *symstrtab_hdr = NULL;
+ file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+
+- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ if (elf_symtab_shndx_list (abfd))
+ {
+- symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+- symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+- amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+- symtab_shndx_hdr->sh_size = amt;
++ symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+
+- off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+- off, TRUE);
++ if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ {
++ symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
++ symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
++ amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
++ symtab_shndx_hdr->sh_size = amt;
+
+- if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+- || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+- return FALSE;
++ off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
++ off, TRUE);
++
++ if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
++ || (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
++ return FALSE;
++ }
+ }
+
+ symstrtab_hdr = &elf_tdata (abfd)->strtab_hdr;
+--
+2.9.3
+
diff --git a/system/binutils/binutils-ld-fix-static-linking.patch b/system/binutils/binutils-ld-fix-static-linking.patch
new file mode 100644
index 000000000..bc5d76265
--- /dev/null
+++ b/system/binutils/binutils-ld-fix-static-linking.patch
@@ -0,0 +1,46 @@
+This fixes static linking for our hardened toolchain
+diff --git a/ld/scripttempl/elf.sc b/ld/scripttempl/elf.sc
+index e8126cb..9532bfb 100644
+--- a/ld/scripttempl/elf.sc
++++ b/ld/scripttempl/elf.sc
+@@ -235,8 +235,8 @@ test "${LARGE_SECTIONS}" = "yes" && LARGE_SECTIONS="
+ if test "${ENABLE_INITFINI_ARRAY}" = "yes"; then
+ SORT_INIT_ARRAY="KEEP (*(SORT_BY_INIT_PRIORITY(.init_array.*) SORT_BY_INIT_PRIORITY(.ctors.*)))"
+ SORT_FINI_ARRAY="KEEP (*(SORT_BY_INIT_PRIORITY(.fini_array.*) SORT_BY_INIT_PRIORITY(.dtors.*)))"
+- CTORS_IN_INIT_ARRAY="EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .ctors"
+- DTORS_IN_FINI_ARRAY="EXCLUDE_FILE (*crtbegin.o *crtbegin?.o *crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .dtors"
++ CTORS_IN_INIT_ARRAY="EXCLUDE_FILE (*crtbegin*.o *crtend*.o $OTHER_EXCLUDE_FILES) .ctors"
++ DTORS_IN_FINI_ARRAY="EXCLUDE_FILE (*crtbegin*.o *crtend*.o $OTHER_EXCLUDE_FILES) .dtors"
+ else
+ SORT_INIT_ARRAY="KEEP (*(SORT(.init_array.*)))"
+ SORT_FINI_ARRAY="KEEP (*(SORT(.fini_array.*)))"
+@@ -270,15 +270,14 @@ CTOR=".ctors ${CONSTRUCTING-0} :
+ doesn't matter which directory crtbegin.o
+ is in. */
+
+- KEEP (*crtbegin.o(.ctors))
+- KEEP (*crtbegin?.o(.ctors))
++ KEEP (*crtbegin*.o(.ctors))
+
+ /* We don't want to include the .ctor section from
+ the crtend.o file until after the sorted ctors.
+ The .ctor section from the crtend file contains the
+ end of ctors marker and it must be last */
+
+- KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .ctors))
++ KEEP (*(EXCLUDE_FILE (*crtend*.o $OTHER_EXCLUDE_FILES) .ctors))
+ KEEP (*(SORT(.ctors.*)))
+ KEEP (*(.ctors))
+ ${CONSTRUCTING+${CTOR_END}}
+@@ -286,9 +285,8 @@ CTOR=".ctors ${CONSTRUCTING-0} :
+ DTOR=".dtors ${CONSTRUCTING-0} :
+ {
+ ${CONSTRUCTING+${DTOR_START}}
+- KEEP (*crtbegin.o(.dtors))
+- KEEP (*crtbegin?.o(.dtors))
+- KEEP (*(EXCLUDE_FILE (*crtend.o *crtend?.o $OTHER_EXCLUDE_FILES) .dtors))
++ KEEP (*crtbegin*.o(.dtors))
++ KEEP (*(EXCLUDE_FILE (*crtend*.o $OTHER_EXCLUDE_FILES) .dtors))
+ KEEP (*(SORT(.dtors.*)))
+ KEEP (*(.dtors))
+ ${CONSTRUCTING+${DTOR_END}}
diff --git a/system/binutils/disable-gnu-mbind.patch b/system/binutils/disable-gnu-mbind.patch
new file mode 100644
index 000000000..796e6d0fc
--- /dev/null
+++ b/system/binutils/disable-gnu-mbind.patch
@@ -0,0 +1,32 @@
+These tests do not work on PIE. Disable them.
+
+--- binutils-2.29/ld/testsuite/ld-elf/elf.exp.old 2017-08-19 22:39:31.236907813 +0000
++++ binutils-2.29/ld/testsuite/ld-elf/elf.exp 2017-08-20 00:12:04.735925829 +0000
+@@ -296,27 +296,6 @@
+ || [istarget *-*-nacl*]
+ || [istarget *-*-gnu*] } {
+ run_ld_link_exec_tests $array_tests_pie $xfails
+-
+- run_ld_link_exec_tests [list \
+- [list \
+- "Run mbind2a" \
+- "$NOPIE_LDFLAGS -Wl,-z,common-page-size=0x4000" \
+- "" \
+- { mbind2a.s mbind2b.c } \
+- "mbind2a" \
+- "pass.out" \
+- "-O2 -I../bfd" \
+- ] \
+- [list \
+- "Run mbind2b" \
+- "-static -Wl,-z,common-page-size=0x4000" \
+- "" \
+- { mbind2a.s mbind2b.c } \
+- "mbind2b" \
+- "pass.out" \
+- "-O2 -I../bfd" \
+- ] \
+- ]
+ }
+
+ # <http://www.gnu.org/software/hurd/open_issues/binutils.html#static>
diff --git a/system/binutils/disable-ifunc-tests.patch b/system/binutils/disable-ifunc-tests.patch
new file mode 100644
index 000000000..6fbc5c874
--- /dev/null
+++ b/system/binutils/disable-ifunc-tests.patch
@@ -0,0 +1,12 @@
+--- binutils-2.30/ld/testsuite/ld-ifunc/ifunc.exp.old 2018-01-13 07:31:16.000000000 -0600
++++ binutils-2.30/ld/testsuite/ld-ifunc/ifunc.exp 2018-02-27 14:46:07.596544780 -0600
+@@ -36,7 +36,8 @@
+ || (([istarget "*-*-linux*"]
+ || [istarget "*-*-gnu*"])
+ && ![istarget "*-*-*aout*"]
+- && ![istarget "*-*-*oldld*"]))) } {
++ && ![istarget "*-*-*oldld*"]
++ && ![istarget "*-*-*musl*"]))) } {
+ verbose "IFUNC tests not run - target does not support IFUNC"
+ return
+ }
diff --git a/system/binutils/disable-preinit-array-tests.patch b/system/binutils/disable-preinit-array-tests.patch
new file mode 100644
index 000000000..f3d36c1b3
--- /dev/null
+++ b/system/binutils/disable-preinit-array-tests.patch
@@ -0,0 +1,29 @@
+--- binutils-2.29/ld/testsuite/ld-elf/elf.exp.old 2017-07-04 08:43:21.000000000 +0000
++++ binutils-2.29/ld/testsuite/ld-elf/elf.exp 2017-08-19 04:46:32.214460537 +0000
+@@ -262,8 +262,6 @@
+ }
+
+ set array_tests {
+- {"preinit array" "" ""
+- {preinit.c} "preinit" "preinit.out"}
+ {"init array" "" ""
+ {init.c} "init" "init.out"}
+ {"fini array" "" ""
+@@ -272,8 +270,6 @@
+ {init-mixed.c} "init-mixed" "init-mixed.out" "-I."}
+ }
+ set array_tests_pie {
+- {"PIE preinit array" "-pie" ""
+- {preinit.c} "preinit" "preinit.out" "-fPIE"}
+ {"PIE init array" "-pie" ""
+ {init.c} "init" "init.out" "-fPIE"}
+ {"PIE fini array" "-pie" ""
+@@ -284,8 +280,6 @@
+ {pr14525.c} "pr14525" "pr14525.out" "-fPIE"}
+ }
+ set array_tests_static {
+- {"static preinit array" "-static" ""
+- {preinit.c} "preinit" "preinit.out"}
+ {"static init array" "-static" ""
+ {init.c} "init" "init.out"}
+ {"static fini array" "-static" ""
diff --git a/system/binutils/gold-mips.patch b/system/binutils/gold-mips.patch
new file mode 100644
index 000000000..291a2aae6
--- /dev/null
+++ b/system/binutils/gold-mips.patch
@@ -0,0 +1,39 @@
+# DP: Fix gold on mips64 targets.
+
+gold/
+
+2016-08-09 Aurelien Jarno <aurelien@aurel32.net>
+
+ * configure.tgt: Add mips64el*-*-*|mips64le*-*-* and mips64*-*-*.
+
+
+--- a/gold/configure.tgt
++++ b/gold/configure.tgt
+@@ -153,6 +153,13 @@ aarch64*-*)
+ targ_big_endian=false
+ targ_extra_big_endian=true
+ ;;
++mips*64*el*-*-*|mips*64*le*-*-*)
++ targ_obj=mips
++ targ_machine=EM_MIPS_RS3_LE
++ targ_size=64
++ targ_big_endian=false
++ targ_extra_big_endian=true
++ ;;
+ mips*el*-*-*|mips*le*-*-*)
+ targ_obj=mips
+ targ_machine=EM_MIPS_RS3_LE
+@@ -160,6 +167,13 @@ mips*el*-*-*|mips*le*-*-*)
+ targ_big_endian=false
+ targ_extra_big_endian=true
+ ;;
++mips*64*-*-*)
++ targ_obj=mips
++ targ_machine=EM_MIPS
++ targ_size=64
++ targ_big_endian=true
++ targ_extra_big_endian=false
++ ;;
+ mips*-*-*)
+ targ_obj=mips
+ targ_machine=EM_MIPS
diff --git a/system/binutils/hash-style-configure-flag.patch b/system/binutils/hash-style-configure-flag.patch
new file mode 100644
index 000000000..6d4db4bca
--- /dev/null
+++ b/system/binutils/hash-style-configure-flag.patch
@@ -0,0 +1,348 @@
+From 2760f24c4942853eac7b921e4b8843d57a602654 Mon Sep 17 00:00:00 2001
+From: Romain Geissler <romain.geissler@gmail.com>
+Date: Tue, 8 Aug 2017 07:25:39 +0930
+Subject: [PATCH] Add configure flag to enable gnu hash style by default.
+
+ld/
+ * configure.ac: Add --enable-default-hash-style option.
+ * ldmain.c (main): Set link_info.emit_hash to DEFAULT_EMIT_SYSV_HASH.
+ Set link_info.emit_gnu_hash to DEFAULT_EMIT_GNU_HASH.
+ * configure: Regenerate.
+ * config.in: Regenerate.
+
+gold/
+ * configure.ac: Add --enable-default-hash-style option.
+ * options.h (hash_style): Use DEFAULT_HASH_STYLE as default value.
+ * configure: Regenerate.
+ * config.in: Regenerate.
+---
+ gold/ChangeLog | 8 ++++++++
+ gold/config.in | 3 +++
+ gold/configure | 27 +++++++++++++++++++++++++++
+ gold/configure.ac | 20 ++++++++++++++++++++
+ gold/options.h | 2 +-
+ ld/ChangeLog | 9 +++++++++
+ ld/config.in | 6 ++++++
+ ld/configure | 42 ++++++++++++++++++++++++++++++++++++++----
+ ld/configure.ac | 34 ++++++++++++++++++++++++++++++++++
+ ld/ldmain.c | 3 ++-
+ 10 files changed, 148 insertions(+), 6 deletions(-)
+
+diff --git a/gold/ChangeLog b/gold/ChangeLog
+index d598386..93836dd 100644
+--- a/gold/ChangeLog
++++ b/gold/ChangeLog
+@@ -1,3 +1,11 @@
++2017-08-08 Romain Geissler <romain.geissler@gmail.com>
++ Alan Modra <amodra@gmail.com>
++
++ * configure.ac: Add --enable-default-hash-style option.
++ * options.h (hash_style): Use DEFAULT_HASH_STYLE as default value.
++ * configure: Regenerate.
++ * config.in: Regenerate.
++
+ 2017-02-22 Alan Modra <amodra@gmail.com>
+
+ * powerpc.cc (Target_powerpc::make_iplt_section): Check that
+diff --git a/gold/config.in b/gold/config.in
+index d9f7b76..5855fca 100644
+--- a/gold/config.in
++++ b/gold/config.in
+@@ -10,6 +10,9 @@
+ /* Define if building universal (internal helper macro) */
+ #undef AC_APPLE_UNIVERSAL_BUILD
+
++/* Set the default --hash-style value */
++#undef DEFAULT_HASH_STYLE
++
+ /* Define to 1 if you want to enable -z relro in ELF linker by default. */
+ #undef DEFAULT_LD_Z_RELRO
+
+diff --git a/gold/configure b/gold/configure
+index cb020be..90a706d 100755
+--- a/gold/configure
++++ b/gold/configure
+@@ -797,6 +797,7 @@ enable_threads
+ enable_plugins
+ enable_relro
+ enable_targets
++enable_default_hash_style
+ with_lib_path
+ enable_dependency_tracking
+ enable_nls
+@@ -1447,6 +1448,8 @@ Optional Features:
+ --enable-plugins linker plugins
+ --enable-relro enable -z relro in ELF linker by default
+ --enable-targets alternative target configurations
++ --enable-default-hash-style={sysv,gnu,both}
++ use this default hash style
+ --disable-dependency-tracking speeds up one-time build
+ --enable-dependency-tracking do not reject slow dependency extractors
+ --disable-nls do not use Native Language Support
+@@ -3410,6 +3413,30 @@ if test -n "$enable_targets"; then
+ done
+ fi
+
++# Decide which "--hash-style" to use by default
++# Provide a configure time option to override our default.
++# Check whether --enable-default-hash-style was given.
++if test "${enable_default_hash_style+set}" = set; then :
++ enableval=$enable_default_hash_style; case "${enable_default_hash_style}" in
++ sysv | gnu | both) ;;
++ *) as_fn_error "bad value ${enable_default_hash_style} for enable-default-hash-style option" "$LINENO" 5 ;;
++esac
++else
++ case "${target}" in
++ # Enable gnu hash only on GNU targets, but not mips
++ mips*-*-*) enable_default_hash_style=sysv ;;
++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;;
++ *) enable_default_hash_style=sysv ;;
++esac
++fi
++
++
++
++cat >>confdefs.h <<_ACEOF
++#define DEFAULT_HASH_STYLE "${enable_default_hash_style}"
++_ACEOF
++
++
+ # See which specific instantiations we need.
+ targetobjs=
+ all_targets=
+diff --git a/gold/configure.ac b/gold/configure.ac
+index cbe3380..d7fa1f8 100644
+--- a/gold/configure.ac
++++ b/gold/configure.ac
+@@ -161,6 +161,26 @@ if test -n "$enable_targets"; then
+ done
+ fi
+
++# Decide which "--hash-style" to use by default
++# Provide a configure time option to override our default.
++AC_ARG_ENABLE([default-hash-style],
++AS_HELP_STRING([--enable-default-hash-style={sysv,gnu,both}],
++ [use this default hash style]),
++[case "${enable_default_hash_style}" in
++ sysv | gnu | both) ;;
++ *) AC_MSG_ERROR([bad value ${enable_default_hash_style} for enable-default-hash-style option]) ;;
++esac],
++[case "${target}" in
++ # Enable gnu hash only on GNU targets, but not mips
++ mips*-*-*) enable_default_hash_style=sysv ;;
++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;;
++ *) enable_default_hash_style=sysv ;;
++esac])
++
++AC_DEFINE_UNQUOTED([DEFAULT_HASH_STYLE],
++ ["${enable_default_hash_style}"],
++ [Set the default --hash-style value])
++
+ # See which specific instantiations we need.
+ targetobjs=
+ all_targets=
+diff --git a/gold/options.h b/gold/options.h
+index a8b1d46..ce21a42 100644
+--- a/gold/options.h
++++ b/gold/options.h
+@@ -921,7 +921,7 @@ class General_options
+ N_("Min fraction of empty buckets in dynamic hash"),
+ N_("FRACTION"));
+
+- DEFINE_enum(hash_style, options::TWO_DASHES, '\0', "sysv",
++ DEFINE_enum(hash_style, options::TWO_DASHES, '\0', DEFAULT_HASH_STYLE,
+ N_("Dynamic hash style"), N_("[sysv,gnu,both]"),
+ {"sysv", "gnu", "both"});
+
+diff --git a/ld/ChangeLog b/ld/ChangeLog
+index ba7d1d4..cf91d55 100644
+--- a/ld/ChangeLog
++++ b/ld/ChangeLog
+@@ -1,3 +1,12 @@
++2017-08-08 Romain Geissler <romain.geissler@gmail.com>
++ Alan Modra <amodra@gmail.com>
++
++ * configure.ac: Add --enable-default-hash-style option.
++ * ldmain.c (main): Set link_info.emit_hash to DEFAULT_EMIT_SYSV_HASH.
++ Set link_info.emit_gnu_hash to DEFAULT_EMIT_GNU_HASH.
++ * configure: Regenerate.
++ * config.in: Regenerate.
++
+ 2017-03-02 Tristan Gingold <gingold@adacore.com>
+
+ * configure: Regenerate.
+diff --git a/ld/config.in b/ld/config.in
+index 2c6d698..b2318e1 100644
+--- a/ld/config.in
++++ b/ld/config.in
+@@ -7,6 +7,12 @@
+ #endif
+ #define __CONFIG_H__ 1
+
++/* Define to 1 if you want to emit gnu hash in the ELF linker by default. */
++#undef DEFAULT_EMIT_GNU_HASH
++
++/* Define to 1 if you want to emit sysv hash in the ELF linker by default. */
++#undef DEFAULT_EMIT_SYSV_HASH
++
+ /* Define if you want compressed debug sections by default. */
+ #undef DEFAULT_FLAG_COMPRESS_DEBUG
+
+diff --git a/ld/configure b/ld/configure
+index 36af969..40c67fd 100755
+--- a/ld/configure
++++ b/ld/configure
+@@ -793,6 +793,7 @@ enable_gold
+ enable_got
+ enable_compressed_debug_sections
+ enable_relro
++enable_default_hash_style
+ enable_werror
+ enable_build_warnings
+ enable_nls
+@@ -1452,6 +1453,8 @@ Optional Features:
+ --enable-compressed-debug-sections={all,ld,none}
+ compress debug sections by default]
+ --enable-relro enable -z relro in ELF linker by default
++ --enable-default-hash-style={sysv,gnu,both}
++ use this default hash style
+ --enable-werror treat compile warnings as errors
+ --enable-build-warnings enable build-time compiler warnings
+ --disable-nls do not use Native Language Support
+@@ -11724,7 +11727,7 @@ else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+-#line 11727 "configure"
++#line 11730 "configure"
+ #include "confdefs.h"
+
+ #if HAVE_DLFCN_H
+@@ -11830,7 +11833,7 @@ else
+ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+ lt_status=$lt_dlunknown
+ cat > conftest.$ac_ext <<_LT_EOF
+-#line 11833 "configure"
++#line 11836 "configure"
+ #include "confdefs.h"
+
+ #if HAVE_DLFCN_H
+@@ -15555,6 +15558,33 @@ if test "${enable_relro+set}" = set; then :
+ esac
+ fi
+
++# Decide which "--hash-style" to use by default
++# Provide a configure time option to override our default.
++# Check whether --enable-default-hash-style was given.
++if test "${enable_default_hash_style+set}" = set; then :
++ enableval=$enable_default_hash_style; case "${enable_default_hash_style}" in
++ sysv | gnu | both) ;;
++ *) as_fn_error "bad value ${enable_default_hash_style} for enable-default-hash-style option" "$LINENO" 5 ;;
++esac
++else
++ case "${target}" in
++ # Enable gnu hash only on GNU targets, but not mips
++ mips*-*-*) enable_default_hash_style=sysv ;;
++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;;
++ *) enable_default_hash_style=sysv ;;
++esac
++fi
++
++
++case "${enable_default_hash_style}" in
++ sysv | both) ac_default_emit_sysv_hash=1 ;;
++ *) ac_default_emit_sysv_hash=0 ;;
++esac
++
++case "${enable_default_hash_style}" in
++ gnu | both) ac_default_emit_gnu_hash=1 ;;
++ *) ac_default_emit_gnu_hash=0 ;;
++esac
+
+ # Set the 'development' global.
+ . $srcdir/../bfd/development.sh
+@@ -17212,9 +17242,13 @@ cat >>confdefs.h <<_ACEOF
+ #define DEFAULT_LD_Z_RELRO $ac_default_ld_z_relro
+ _ACEOF
+
++cat >>confdefs.h <<_ACEOF
++#define DEFAULT_EMIT_SYSV_HASH $ac_default_emit_sysv_hash
++_ACEOF
+
+-
+-
++cat >>confdefs.h <<_ACEOF
++#define DEFAULT_EMIT_GNU_HASH $ac_default_emit_gnu_hash
++_ACEOF
+
+
+
+diff --git a/ld/configure.ac b/ld/configure.ac
+index 36a9f50..1876ad7 100644
+--- a/ld/configure.ac
++++ b/ld/configure.ac
+@@ -166,6 +166,32 @@ AC_ARG_ENABLE(relro,
+ no) ac_default_ld_z_relro=0 ;;
+ esac])dnl
+
++# Decide which "--hash-style" to use by default
++# Provide a configure time option to override our default.
++AC_ARG_ENABLE([default-hash-style],
++AS_HELP_STRING([--enable-default-hash-style={sysv,gnu,both}],
++ [use this default hash style]),
++[case "${enable_default_hash_style}" in
++ sysv | gnu | both) ;;
++ *) AC_MSG_ERROR([bad value ${enable_default_hash_style} for enable-default-hash-style option]) ;;
++esac],
++[case "${target}" in
++ # Enable gnu hash only on GNU targets, but not mips
++ mips*-*-*) enable_default_hash_style=sysv ;;
++ *-*-gnu* | *-*-linux* | *-*-nacl*) enable_default_hash_style=both ;;
++ *) enable_default_hash_style=sysv ;;
++esac])
++
++case "${enable_default_hash_style}" in
++ sysv | both) ac_default_emit_sysv_hash=1 ;;
++ *) ac_default_emit_sysv_hash=0 ;;
++esac
++
++case "${enable_default_hash_style}" in
++ gnu | both) ac_default_emit_gnu_hash=1 ;;
++ *) ac_default_emit_gnu_hash=0 ;;
++esac
++
+ AM_BINUTILS_WARNINGS
+
+ AM_LC_MESSAGES
+@@ -394,6 +420,14 @@ AC_DEFINE_UNQUOTED(DEFAULT_LD_Z_RELRO,
+ $ac_default_ld_z_relro,
+ [Define to 1 if you want to enable -z relro in ELF linker by default.])
+
++AC_DEFINE_UNQUOTED([DEFAULT_EMIT_SYSV_HASH],
++ [$ac_default_emit_sysv_hash],
++ [Define to 1 if you want to emit sysv hash in the ELF linker by default.])
++
++AC_DEFINE_UNQUOTED([DEFAULT_EMIT_GNU_HASH],
++ [$ac_default_emit_gnu_hash],
++ [Define to 1 if you want to emit gnu hash in the ELF linker by default.])
++
+ AC_SUBST(elf_list_options)
+ AC_SUBST(elf_shlib_list_options)
+ AC_SUBST(elf_plt_unwind_list_options)
+diff --git a/ld/ldmain.c b/ld/ldmain.c
+index 1e48b1a..579d961 100644
+--- a/ld/ldmain.c
++++ b/ld/ldmain.c
+@@ -282,7 +282,8 @@ main (int argc, char **argv)
+ link_info.keep_memory = TRUE;
+ link_info.combreloc = TRUE;
+ link_info.strip_discarded = TRUE;
+- link_info.emit_hash = TRUE;
++ link_info.emit_hash = DEFAULT_EMIT_SYSV_HASH;
++ link_info.emit_gnu_hash = DEFAULT_EMIT_GNU_HASH;
+ link_info.callbacks = &link_callbacks;
+ link_info.input_bfds_tail = &link_info.input_bfds;
+ /* SVR4 linkers seem to set DT_INIT and DT_FINI based on magic _init
+--
+2.14.2
+
diff --git a/system/binutils/mips-illegal-memcpy.patch b/system/binutils/mips-illegal-memcpy.patch
new file mode 100644
index 000000000..d76af178a
--- /dev/null
+++ b/system/binutils/mips-illegal-memcpy.patch
@@ -0,0 +1,11 @@
+--- binutils-2.29/gas/config/tc-mips.c.old 2017-07-04 03:43:20.000000000 -0500
++++ binutils-2.29/gas/config/tc-mips.c 2017-08-25 17:21:51.449460074 -0500
+@@ -13956,7 +13956,7 @@
+ suffix = 0;
+ if (suffix)
+ {
+- memcpy (name + opend - 2, name + opend, length - opend + 1);
++ memmove (name + opend - 2, name + opend, length - opend + 1);
+ insn = (struct mips_opcode *) hash_find (hash, name);
+ if (insn)
+ {
diff --git a/system/binutils/remove-no-static-plt-test.patch b/system/binutils/remove-no-static-plt-test.patch
new file mode 100644
index 000000000..ab6bc02e6
--- /dev/null
+++ b/system/binutils/remove-no-static-plt-test.patch
@@ -0,0 +1,21 @@
+The compiler generates relative addresses instead of absolute, confusing the
+regex used. Disable this test since it would pass anyway.
+
+--- binutils-2.29/ld/testsuite/ld-x86-64/no-plt.exp.old 2017-07-04 08:43:21.000000000 +0000
++++ binutils-2.29/ld/testsuite/ld-x86-64/no-plt.exp 2017-08-19 18:13:48.566481023 +0000
+@@ -100,15 +100,6 @@
+ "no-plt-1c" \
+ ] \
+ [list \
+- "No PLT (static 1d)" \
+- "-static tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o \
+- tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o" \
+- "" \
+- {dummy.s} \
+- {{readelf -Wr no-plt-1d.rd} {objdump -dwrj.text no-plt-1d.dd}} \
+- "no-plt-1d" \
+- ] \
+- [list \
+ "No PLT (PIE 1e)" \
+ "-pie tmpdir/no-plt-check1.o tmpdir/no-plt-main1.o \
+ tmpdir/no-plt-func1.o tmpdir/no-plt-extern1.o" \
diff --git a/system/binutils/remove-pr19553c-test.patch b/system/binutils/remove-pr19553c-test.patch
new file mode 100644
index 000000000..7e5b76ab0
--- /dev/null
+++ b/system/binutils/remove-pr19553c-test.patch
@@ -0,0 +1,14 @@
+This test requires symbol versioning which the musl libc does not support.
+
+--- binutils-2.29/ld/testsuite/ld-elf/indirect.exp.old 2017-07-04 08:43:21.000000000 +0000
++++ binutils-2.29/ld/testsuite/ld-elf/indirect.exp 2017-08-19 05:00:13.086002872 +0000
+@@ -186,9 +186,6 @@
+ {"Run with libpr19553b.so"
+ "-Wl,--no-as-needed tmpdir/libpr19553b.so tmpdir/libpr19553d.so -Wl,-rpath-link,." ""
+ {pr19553a.c} "pr19553b" "pr19553b.out"}
+- {"Run with libpr19553c.so"
+- "-Wl,--no-as-needed tmpdir/libpr19553c.so tmpdir/libpr19553b.so tmpdir/libpr19553d.so" ""
+- {pr19553a.c} "pr19553c" "pr19553c.out"}
+ {"Run with libpr19553d.so"
+ "-Wl,--no-as-needed tmpdir/libpr19553d.so tmpdir/libpr19553b.so -Wl,-rpath-link,." ""
+ {pr19553a.c} "pr19553d" "pr19553d.out"}
diff --git a/system/binutils/remove-pr2404-tests.patch b/system/binutils/remove-pr2404-tests.patch
new file mode 100644
index 000000000..9efdf5242
--- /dev/null
+++ b/system/binutils/remove-pr2404-tests.patch
@@ -0,0 +1,73 @@
+These tests fail to link correctly on musl.
+
+--- binutils-2.29/ld/testsuite/ld-elf/shared.exp.old 2017-07-04 08:43:21.000000000 +0000
++++ binutils-2.29/ld/testsuite/ld-elf/shared.exp 2017-08-19 04:59:05.319481464 +0000
+@@ -375,15 +375,6 @@
+ {"Build needed3"
+ "tmpdir/needed3.o -Wl,--as-needed -Ltmpdir -lneeded3a -lneeded3b -lneeded1b" ""
+ {dummy.c} {} "needed3"}
+- {"Build libpr2404a.so"
+- "-shared" "-fPIC"
+- {pr2404a.c} {} "libpr2404a.so"}
+- {"Build libpr2404n.so"
+- "-shared -Wl,-z,now" "-fPIC"
+- {pr2404a.c} {} "libpr2404n.so"}
+- {"Build libpr2404b.a"
+- "" ""
+- {pr2404b.c} {} "libpr2404b.a"}
+ {"Build rdynamic-1"
+ "-Wl,--no-dynamic-linker,-export-dynamic,--gc-sections" "-ffunction-sections"
+ {rdynamic-1.c} {{readelf {-s} rdynamic-1.rd}} "rdynamic-1"}
+@@ -531,12 +522,6 @@
+ [list "Run relmain" \
+ "-Wl,--no-as-needed,-rpath=tmpdir -Ltmpdir -lrel" "" \
+ {relmain.c} "relmain" "relmain.out" ] \
+- [list "Run pr2404" \
+- "-Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404a.so" "" \
+- {dummy.c} "pr2404" "pr2404.out" ] \
+- [list "Run pr2404n" \
+- "-Wl,-z,now -Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404n.so" "" \
+- {dummy.c} "pr2404n" "pr2404.out" ] \
+ [list "Run pr18458" \
+ "-Wl,--no-as-needed,-z,now tmpdir/libpr18458a.so tmpdir/libpr18458b.so" "" \
+ {pr18458c.c} "pr18458" "pass.out" ] \
+@@ -675,14 +660,6 @@
+ || [istarget *-*-gnu*] } {
+ run_cc_link_tests [list \
+ [list \
+- "Build libpr2404b.a with PIE" \
+- "" \
+- "-fPIE" \
+- { pr2404b.c } \
+- {} \
+- "libpr2404b.a" \
+- ] \
+- [list \
+ "Build pr19579a.o" \
+ "" "-fPIE" \
+ {pr19579a.c} \
+@@ -717,24 +694,6 @@
+ "-fPIE" \
+ ] \
+ [list \
+- "Run pr2404 with PIE" \
+- "-pie -Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404a.so" \
+- "" \
+- { dummy.c } \
+- "pr2404pie" \
+- "pr2404.out" \
+- "-fPIE" \
+- ] \
+- [list \
+- "Run pr2404 with PIE (-z now)" \
+- "-pie -Wl,-z,now -Wl,--no-as-needed tmpdir/pr2404b.o tmpdir/libpr2404n.so" \
+- "" \
+- { dummy.c } \
+- "pr2404pien" \
+- "pr2404.out" \
+- "-fPIE" \
+- ] \
+- [list \
+ "Run pr18718" \
+ "" \
+ "" \
diff --git a/system/build-tools/APKBUILD b/system/build-tools/APKBUILD
index 2df7bf5a8..379f1a11b 100644
--- a/system/build-tools/APKBUILD
+++ b/system/build-tools/APKBUILD
@@ -3,7 +3,7 @@
pkgname=build-tools
pkgver=1.0
-pkgrel=3
+pkgrel=4
pkgdesc="Meta-package for user development utilities"
url="https://adelielinux.org/"
arch="noarch"
@@ -13,7 +13,7 @@ depends="bash
make
diffutils patch
fortify-headers linux-headers
- mawk bison flex sed
+ mawk sed
bzip2 gzip unzip xz
abuild"
[ "${CBUILD}" != "${CHOST}" ] || depends="$depends
diff --git a/system/clang/APKBUILD b/system/clang/APKBUILD
new file mode 100644
index 000000000..d23bb3675
--- /dev/null
+++ b/system/clang/APKBUILD
@@ -0,0 +1,103 @@
+# Contributor Travis Tilley <ttilley@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=clang
+# Note: Update together with llvm.
+pkgver=4.0.0
+pkgrel=0
+_llvmver=${pkgver%%.*}
+pkgdesc="A C language family front-end for LLVM"
+arch="all"
+url="http://llvm.org/"
+license="UOI-NCSA"
+makedepends="
+ cmake
+ isl-dev
+ libedit-dev
+ libxml2-dev
+ libxml2-utils
+ llvm-dev>=$_llvmver
+ llvm-static>=$_llvmver
+ llvm-test-utils>=$_llvmver
+ "
+depends_dev="$pkgname=$pkgver-r$pkgrel"
+subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-libs
+ $pkgname-analyzer::noarch"
+source="https://llvm.org/releases/$pkgver/cfe-$pkgver.src.tar.xz
+ clang-0001-Add-Alpine-Linux-distro.patch
+ clang-0002-Use-z-relro-on-Alpine-Linux.patch
+ clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch
+ clang-0004-Add-musl-targets.patch
+ clang-0005-Enable-PIE-by-default-for-alpine-linux.patch
+ clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch
+ clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch
+ "
+builddir="$srcdir/cfe-$pkgver.src"
+
+build() {
+ mkdir -p "$builddir"/build
+ cd "$builddir"/build
+
+ cmake .. -Wno-dev \
+ -DCMAKE_BUILD_TYPE=MinSizeRel \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_VERBOSE_MAKEFILE=OFF \
+ \
+ -DCLANG_VENDOR=${DISTRO_SHORT_NAME:-Alpine} \
+ -DCLANG_BUILD_EXAMPLES=OFF \
+ -DCLANG_INCLUDE_DOCS=ON \
+ -DCLANG_INCLUDE_TESTS=ON \
+ -DCLANG_PLUGIN_SUPPORT=ON \
+ -DLIBCLANG_BUILD_STATIC=ON \
+ -DLLVM_ENABLE_EH=ON \
+ -DLLVM_ENABLE_RTTI=ON
+
+ make clang-tblgen
+ make
+}
+
+check() {
+ cd "$builddir"/build
+
+ make check-clang
+}
+
+package() {
+ cd "$builddir"/build
+
+ make DESTDIR="$pkgdir" install
+ install -m 644 lib/libclang.a "$pkgdir"/usr/lib
+ mkdir -p "$pkgdir"/etc
+ cat >"$pkgdir"/etc/alpine-release <<-EOF
+Adélie Linux 1.0 (like Alpine 3.8)
+EOF
+}
+
+static() {
+ pkgdesc="Static libraries for clang"
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
+}
+
+analyzer() {
+ pkgdesc="Clang source code analysis framework"
+ depends="$pkgname=$pkgver-r$pkgrel perl python3"
+
+ cd "$pkgdir"
+
+ mkdir -p "$subpkgdir"/usr/bin \
+ "$subpkgdir"/usr/libexec \
+ "$subpkgdir"/usr/share/
+ mv usr/bin/scan-* "$subpkgdir"/usr/bin/
+ mv usr/libexec/*-analyzer "$subpkgdir"/usr/libexec/
+ mv usr/share/scan-* "$subpkgdir"/usr/share/
+}
+
+sha512sums="a0d9972ec337a5c105fcbe7abc4076ba1e580f28908a3318f43bbfe59143f446ed5b78dad210f624145d7e5a3d56c15bfead78826c068422b60120fa1cfa482a cfe-4.0.0.src.tar.xz
+4014984a187e4d0331d8315727d1b831e573843cd8d113df43424524cb348bc73ce3d12783351d9a14f9fd14111d75ce71d8f2a85d82b6437a61b11d85796cfb clang-0001-Add-Alpine-Linux-distro.patch
+53741890ec3805dd0d5a930ed526cb5bac5f75c459c6910c9461017719186383cf54638af4eea7a38eb7f9f423b18086bd5584b11f7e4babf6cd0edf8b4f4f48 clang-0002-Use-z-relro-on-Alpine-Linux.patch
+f06e351785d5755827459f17d3533415772ba84b4fbd4e49f418bafd20394e98d42b33a94aa34cff2a7b54c79cf06a6f5d382af5a55cba63a81116f0568d4b25 clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch
+2998ab2dfbc3d5629dd7e65e7e39dc0ab96f61e24733cb8d2d4faee50a89f0f159ad44d10182ed4c96f060180f4e22510881f4e9eb00ced01278bde99adf3389 clang-0004-Add-musl-targets.patch
+6215080a796fa1fc6f7634781ef77fc245037880dbf075a656823aae5f9f4911294dc6d61172db399b063adbe445c38b73cec12fc66dbe16bd9d84dc58035846 clang-0005-Enable-PIE-by-default-for-alpine-linux.patch
+d151a6ecca470abb1f4dbc06910155db0688322475655e28cdcb9c0b21930c8bcaf166e9df9fc9dca1be654cf497587961e461d91ee2871fdf454bbd33c5fffe clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch
+f8c46bb64202c9233595362eb54288c30fbd28309308cbcafe1802dc50ffd676c7a70e6cbdbfd73464f872b40a90acd2eb736dcc9622fd434dbd44a5b0005027 clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch"
diff --git a/system/clang/clang-0001-Add-Alpine-Linux-distro.patch b/system/clang/clang-0001-Add-Alpine-Linux-distro.patch
new file mode 100644
index 000000000..f69baf5b8
--- /dev/null
+++ b/system/clang/clang-0001-Add-Alpine-Linux-distro.patch
@@ -0,0 +1,37 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sun, 16 Apr 2017 16:49:00 +0100
+Subject: [PATCH] Add Alpine Linux distro
+
+--- a/include/clang/Driver/Distro.h
++++ b/include/clang/Driver/Distro.h
+@@ -26,6 +26,7 @@
+ // NB: Releases of a particular Linux distro should be kept together
+ // in this enum, because some tests are done by integer comparison against
+ // the first and last known member in the family, e.g. IsRedHat().
++ AlpineLinux,
+ ArchLinux,
+ DebianLenny,
+ DebianSqueeze,
+@@ -97,6 +98,10 @@
+ /// @name Convenience Predicates
+ /// @{
+
++ bool IsAlpineLinux() const {
++ return DistroVal == AlpineLinux;
++ }
++
+ bool IsRedhat() const {
+ return DistroVal == Fedora || (DistroVal >= RHEL5 && DistroVal <= RHEL7);
+ }
+--- a/lib/Driver/Distro.cpp
++++ b/lib/Driver/Distro.cpp
+@@ -128,6 +128,9 @@
+ if (VFS.exists("/etc/arch-release"))
+ return Distro::ArchLinux;
+
++ if (VFS.exists("/etc/alpine-release"))
++ return Distro::AlpineLinux;
++
+ return Distro::UnknownDistro;
+ }
diff --git a/system/clang/clang-0002-Use-z-relro-on-Alpine-Linux.patch b/system/clang/clang-0002-Use-z-relro-on-Alpine-Linux.patch
new file mode 100644
index 000000000..45fce6e13
--- /dev/null
+++ b/system/clang/clang-0002-Use-z-relro-on-Alpine-Linux.patch
@@ -0,0 +1,16 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sun, 16 Apr 2017 16:49:00 +0100
+Subject: [PATCH] Use "-z relro" on Alpine Linux
+
+--- a/lib/Driver/ToolChains.cpp
++++ b/lib/Driver/ToolChains.cpp
+@@ -4112,7 +4112,7 @@
+
+ Distro Distro(D.getVFS());
+
+- if (Distro.IsOpenSUSE() || Distro.IsUbuntu()) {
++ if (Distro.IsOpenSUSE() || Distro.IsUbuntu() || Distro.IsAlpineLinux()) {
+ ExtraOpts.push_back("-z");
+ ExtraOpts.push_back("relro");
+ }
diff --git a/system/clang/clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch b/system/clang/clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch
new file mode 100644
index 000000000..0b6632328
--- /dev/null
+++ b/system/clang/clang-0003-Use-hash-style-gnu-for-Alpine-Linux.patch
@@ -0,0 +1,16 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sun, 16 Apr 2017 16:49:00 +0100
+Subject: [PATCH] Use --hash-style=gnu for Alpine Linux
+
+--- a/lib/Driver/ToolChains.cpp
++++ b/lib/Driver/ToolChains.cpp
+@@ -4132,7 +4132,7 @@
+ // ABI requires a mapping between the GOT and the symbol table.
+ // Android loader does not support .gnu.hash.
+ if (!IsMips && !IsAndroid) {
+- if (Distro.IsRedhat() || Distro.IsOpenSUSE() ||
++ if (Distro.IsRedhat() || Distro.IsOpenSUSE() || Distro.IsAlpineLinux() ||
+ (Distro.IsUbuntu() && Distro >= Distro::UbuntuMaverick))
+ ExtraOpts.push_back("--hash-style=gnu");
+
diff --git a/system/clang/clang-0004-Add-musl-targets.patch b/system/clang/clang-0004-Add-musl-targets.patch
new file mode 100644
index 000000000..d77294980
--- /dev/null
+++ b/system/clang/clang-0004-Add-musl-targets.patch
@@ -0,0 +1,116 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sun, 16 Apr 2017 16:49:00 +0100
+Subject: [PATCH] Add musl targets
+
+--- a/lib/Driver/ToolChains.cpp
++++ b/lib/Driver/ToolChains.cpp
+@@ -1644,7 +1644,8 @@
+ case llvm::Triple::arm:
+ case llvm::Triple::thumb:
+ LibDirs.append(begin(ARMLibDirs), end(ARMLibDirs));
+- if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF) {
++ if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF ||
++ TargetTriple.getEnvironment() == llvm::Triple::MuslEABIHF) {
+ TripleAliases.append(begin(ARMHFTriples), end(ARMHFTriples));
+ } else {
+ TripleAliases.append(begin(ARMTriples), end(ARMTriples));
+@@ -1653,7 +1654,8 @@
+ case llvm::Triple::armeb:
+ case llvm::Triple::thumbeb:
+ LibDirs.append(begin(ARMebLibDirs), end(ARMebLibDirs));
+- if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF) {
++ if (TargetTriple.getEnvironment() == llvm::Triple::GNUEABIHF ||
++ TargetTriple.getEnvironment() == llvm::Triple::MuslEABIHF) {
+ TripleAliases.append(begin(ARMebHFTriples), end(ARMebHFTriples));
+ } else {
+ TripleAliases.append(begin(ARMebTriples), end(ARMebTriples));
+@@ -3956,7 +3958,8 @@
+ // regardless of what the actual target triple is.
+ case llvm::Triple::arm:
+ case llvm::Triple::thumb:
+- if (TargetEnvironment == llvm::Triple::GNUEABIHF) {
++ if (TargetEnvironment == llvm::Triple::GNUEABIHF ||
++ TargetEnvironment == llvm::Triple::MuslEABIHF) {
+ if (D.getVFS().exists(SysRoot + "/lib/arm-linux-gnueabihf"))
+ return "arm-linux-gnueabihf";
+ } else {
+@@ -3966,7 +3969,8 @@
+ break;
+ case llvm::Triple::armeb:
+ case llvm::Triple::thumbeb:
+- if (TargetEnvironment == llvm::Triple::GNUEABIHF) {
++ if (TargetEnvironment == llvm::Triple::GNUEABIHF ||
++ TargetEnvironment == llvm::Triple::MuslEABIHF) {
+ if (D.getVFS().exists(SysRoot + "/lib/armeb-linux-gnueabihf"))
+ return "armeb-linux-gnueabihf";
+ } else {
+@@ -4334,6 +4338,12 @@
+ ArchName = "armeb";
+ IsArm = true;
+ break;
++ case llvm::Triple::ppc:
++ ArchName = "powerpc";
++ break;
++ case llvm::Triple::x86:
++ ArchName = "i386";
++ break;
+ default:
+ ArchName = Triple.getArchName().str();
+ }
+@@ -4544,7 +4554,8 @@
+ break;
+ case llvm::Triple::arm:
+ case llvm::Triple::thumb:
+- if (getTriple().getEnvironment() == llvm::Triple::GNUEABIHF)
++ if (getTriple().getEnvironment() == llvm::Triple::GNUEABIHF ||
++ getTriple().getEnvironment() == llvm::Triple::MuslEABIHF)
+ MultiarchIncludeDirs = ARMHFMultiarchIncludeDirs;
+ else
+ MultiarchIncludeDirs = ARMMultiarchIncludeDirs;
+
+--- a/lib/Driver/Tools.cpp
++++ b/lib/Driver/Tools.cpp
+@@ -953,6 +953,7 @@
+ case llvm::Triple::FreeBSD:
+ switch (Triple.getEnvironment()) {
+ case llvm::Triple::GNUEABIHF:
++ case llvm::Triple::MuslEABIHF:
+ ABI = FloatABI::Hard;
+ break;
+ default:
+@@ -9198,6 +9200,8 @@
+ switch (getToolChain().getTriple().getEnvironment()) {
+ case llvm::Triple::GNUEABIHF:
+ case llvm::Triple::GNUEABI:
++ case llvm::Triple::MuslEABIHF:
++ case llvm::Triple::MuslEABI:
+ case llvm::Triple::EABI:
+ CmdArgs.push_back("-meabi=5");
+ break;
+@@ -9541,10 +9545,12 @@
+ switch (getToolChain().getTriple().getEnvironment()) {
+ case llvm::Triple::EABI:
+ case llvm::Triple::GNUEABI:
++ case llvm::Triple::MuslEABI:
+ CmdArgs.push_back("armelf_nbsd_eabi");
+ break;
+ case llvm::Triple::EABIHF:
+ case llvm::Triple::GNUEABIHF:
++ case llvm::Triple::MuslEABIHF:
+ CmdArgs.push_back("armelf_nbsd_eabihf");
+ break;
+ default:
+@@ -9559,10 +9565,12 @@
+ switch (getToolChain().getTriple().getEnvironment()) {
+ case llvm::Triple::EABI:
+ case llvm::Triple::GNUEABI:
++ case llvm::Triple::MuslEABI:
+ CmdArgs.push_back("armelfb_nbsd_eabi");
+ break;
+ case llvm::Triple::EABIHF:
+ case llvm::Triple::GNUEABIHF:
++ case llvm::Triple::MuslEABIHF:
+ CmdArgs.push_back("armelfb_nbsd_eabihf");
+ break;
+ default:
diff --git a/system/clang/clang-0005-Enable-PIE-by-default-for-alpine-linux.patch b/system/clang/clang-0005-Enable-PIE-by-default-for-alpine-linux.patch
new file mode 100644
index 000000000..7cd79addc
--- /dev/null
+++ b/system/clang/clang-0005-Enable-PIE-by-default-for-alpine-linux.patch
@@ -0,0 +1,55 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sun, 16 Apr 2017 16:49:00 +0100
+Subject: [PATCH] Enable PIE by default for Alpine Linux
+
+Alpine Linux uses PIE by default.
+
+--- a/lib/Driver/ToolChains.cpp
++++ b/lib/Driver/ToolChains.cpp
+@@ -4721,7 +4721,10 @@
+ }
+ }
+
+-bool Linux::isPIEDefault() const { return getSanitizerArgs().requiresPIE(); }
++bool Linux::isPIEDefault() const {
++ return getSanitizerArgs().requiresPIE() ||
++ Linux::getTriple().getVendorName().compare("alpine") == 0;
++}
+
+ SanitizerMask Linux::getSupportedSanitizers() const {
+ const bool IsX86 = getTriple().getArch() == llvm::Triple::x86;
+--- a/lib/Driver/Tools.cpp
++++ b/lib/Driver/Tools.cpp
+@@ -9258,7 +9258,9 @@
+ if (!D.SysRoot.empty())
+ CmdArgs.push_back(Args.MakeArgString("--sysroot=" + D.SysRoot));
+
+- if (IsPIE)
++ if (Args.hasArg(options::OPT_nopie))
++ CmdArgs.push_back("-nopie");
++ else if (IsPIE)
+ CmdArgs.push_back("-pie");
+
+ CmdArgs.push_back("--eh-frame-hdr");
+--- a/test/Driver/pic.c
++++ b/test/Driver/pic.c
+@@ -244,6 +244,18 @@
+ // RUN: %clang %s -target i386-pc-openbsd -nopie -### 2>&1 \
+ // RUN: | FileCheck %s --check-prefix=CHECK-NOPIE-LD
+ //
++// On Alpine Linux, we want similar PIE-by-default behavior
++// RUN: %clang -c %s -target x86_64-alpine-linux-musl -### 2>&1 \
++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2
++// RUN: %clang -c %s -target i686-alpine-linux-musl -### 2>&1 \
++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2
++// RUN: %clang -c %s -target armv6-alpine-linux-musleabihf -### 2>&1 \
++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2
++// RUN: %clang -c %s -target armv7-alpine-linux-musleabihf -### 2>&1 \
++// RUN: | FileCheck %s --check-prefix=CHECK-PIE2
++// RUN: %clang %s -target x86_64-alpine-linux-musl -nopie -### 2>&1 \
++// RUN: | FileCheck %s --check-prefix=CHECK-NOPIE-LD
++//
+ // On Android PIC is enabled by default
+ // RUN: %clang -c %s -target i686-linux-android -### 2>&1 \
+ // RUN: | FileCheck %s --check-prefix=CHECK-PIC2
diff --git a/system/clang/clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch b/system/clang/clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch
new file mode 100644
index 000000000..90de948f6
--- /dev/null
+++ b/system/clang/clang-0006-Link-with-z-now-by-default-for-Alpine-Linux.patch
@@ -0,0 +1,19 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sun, 16 Apr 2017 16:49:00 +0100
+Subject: [PATCH] Link with -z now by default for Alpine Linux
+
+--- a/lib/Driver/ToolChains.cpp
++++ b/lib/Driver/ToolChains.cpp
+@@ -4116,6 +4116,11 @@
+
+ Distro Distro(D.getVFS());
+
++ if (Distro.IsAlpineLinux()) {
++ ExtraOpts.push_back("-z");
++ ExtraOpts.push_back("now");
++ }
++
+ if (Distro.IsOpenSUSE() || Distro.IsUbuntu() || Distro.IsAlpineLinux()) {
+ ExtraOpts.push_back("-z");
+ ExtraOpts.push_back("relro");
diff --git a/system/clang/clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch b/system/clang/clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch
new file mode 100644
index 000000000..3487799b1
--- /dev/null
+++ b/system/clang/clang-0007-Enable-stack-protector-by-default-for-alpine-linux.patch
@@ -0,0 +1,54 @@
+From: Natanael Copa <ncopa@alpinelinux.org>
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Sun, 16 Apr 2017 16:49:00 +0100
+Subject: [PATCH] Enable stack protector by default for Alpine Linux
+
+--- a/lib/Driver/ToolChains.cpp
++++ b/lib/Driver/ToolChains.cpp
+@@ -4866,6 +4866,13 @@
+ CmdArgs.push_back("-lunwind");
+ }
+
++unsigned Linux::GetDefaultStackProtectorLevel(bool KernelOrKext) const {
++ StringRef VendorName = Linux::getTriple().getVendorName();
++ if (VendorName.compare("alpine") == 0)
++ return 2;
++ return 1;
++}
++
+ /// DragonFly - DragonFly tool chain which can call as(1) and ld(1) directly.
+
+ DragonFly::DragonFly(const Driver &D, const llvm::Triple &Triple,
+--- a/lib/Driver/ToolChains.h
++++ b/lib/Driver/ToolChains.h
+@@ -880,6 +880,7 @@
+ void AddIAMCUIncludeArgs(const llvm::opt::ArgList &DriverArgs,
+ llvm::opt::ArgStringList &CC1Args) const override;
+ bool isPIEDefault() const override;
++ unsigned GetDefaultStackProtectorLevel(bool KernelOrKext) const override;
+ SanitizerMask getSupportedSanitizers() const override;
+ void addProfileRTLibs(const llvm::opt::ArgList &Args,
+ llvm::opt::ArgStringList &CmdArgs) const override;
+--- a/test/Driver/stack-protector.c
++++ b/test/Driver/stack-protector.c
+@@ -24,6 +24,20 @@
+ // SSP-ALL: "-stack-protector" "3"
+ // SSP-ALL-NOT: "-stack-protector-buffer-size"
+
++// RUN: %clang -target x86_64-alpine-linux-musl -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE
++// ALPINE: "-stack-protector" "2"
++
++// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_SPS
++// ALPINE_SPS: "-stack-protector" "2"
++
++// RUN: %clang -target x86_64-alpine-linux-musl -fstack-protector-all -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_ALL
++// ALPINE_ALL: "-stack-protector" "3"
++// ALPINE_ALL-NOT: "-stack-protector-buffer-size"
++
++// RUN: %clang -target x86_64-alpine-linux-musl -fno-stack-protector -### %s 2>&1 | FileCheck %s -check-prefix=ALPINE_NOSSP
++// ALPINE_NOSSP-NOT: "-stack-protector"
++// ALPINE_NOSSP-NOT: "-stack-protector-buffer-size"
++
+ // RUN: %clang -target x86_64-scei-ps4 -### %s 2>&1 | FileCheck %s -check-prefix=SSP-PS4
+ // RUN: %clang -target x86_64-scei-ps4 -fstack-protector -### %s 2>&1 | FileCheck %s -check-prefix=SSP-PS4
+ // SSP-PS4: "-stack-protector" "2"
diff --git a/system/consolekit2/0001-busybox-reboot-and-poweroff-support.patch b/system/consolekit2/0001-busybox-reboot-and-poweroff-support.patch
new file mode 100644
index 000000000..2db9f032b
--- /dev/null
+++ b/system/consolekit2/0001-busybox-reboot-and-poweroff-support.patch
@@ -0,0 +1,40 @@
+From 5e557dd212657f7e75a0c4bd70d11ca06ccb3f84 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Mon, 4 Apr 2011 18:46:25 +0000
+Subject: [PATCH] busybox reboot and poweroff support
+
+---
+ tools/linux/ck-system-restart | 3 +++
+ tools/linux/ck-system-stop | 3 +++
+ 2 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/tools/linux/ck-system-restart b/tools/linux/ck-system-restart
+index 8e0664e..5cabb3d 100755
+--- a/tools/linux/ck-system-restart
++++ b/tools/linux/ck-system-restart
+@@ -7,6 +7,9 @@ if [ -x "/sbin/shutdown" ] ; then
+ elif [ -x "/usr/sbin/shutdown" ] ; then
+ /usr/sbin/shutdown -r now
+ exit $?
++elif [ -x "/sbin/reboot" ]; then
++ /sbin/reboot
++ exit $?
+ else
+ exit 1
+ fi
+diff --git a/tools/linux/ck-system-stop b/tools/linux/ck-system-stop
+index e26bca3..a0be3ac 100755
+--- a/tools/linux/ck-system-stop
++++ b/tools/linux/ck-system-stop
+@@ -7,6 +7,9 @@ if [ -x "/sbin/shutdown" ] ; then
+ elif [ -x "/usr/sbin/shutdown" ] ; then
+ /usr/sbin/shutdown -h now
+ exit $?
++elif [ -x "/sbin/poweroff" ] ; then
++ /sbin/poweroff
++ exit $?
+ else
+ exit 1
+ fi
+--
+1.7.4.2
diff --git a/system/consolekit2/APKBUILD b/system/consolekit2/APKBUILD
new file mode 100644
index 000000000..3273092ed
--- /dev/null
+++ b/system/consolekit2/APKBUILD
@@ -0,0 +1,63 @@
+# Contributor: Bart Ribbers <bribbers@disroot.org>
+# Maintainer: Bart Ribbers <bribbers@disroot.org>
+pkgbase=ConsoleKit2
+pkgname=consolekit2
+pkgver=1.2.0
+pkgrel=6
+pkgdesc="A framework for defining and tracking users, login sessions, and seats"
+provides="consolekit=$pkgver"
+replaces=consolekit
+arch=all
+url="https://consolekit2.github.io/ConsoleKit2"
+license=GPL2
+depends="polkit eudev"
+makedepends="git automake autoconf gettext-dev glib-dev zlib-dev libxslt-dev
+ polkit-dev eudev-dev libdrm-dev libnih-dev libtool linux-pam-dev
+ xorg-server-dev acl-dev xmlto docbook-xml libevdev-dev"
+checkdepends="libxml2-utils"
+source="$pkgname-$pkgver.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/${pkgver}.tar.gz
+ consolekit2.initd
+ ac_disable_static.patch
+ 0001-busybox-reboot-and-poweroff-support.patch
+ add-listseats.patch
+ pam-foreground-compat.ck"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang $pkgname-openrc"
+builddir="$srcdir"/$pkgbase-$pkgver
+
+prepare() {
+ default_prepare
+
+ cd "$builddir"
+
+ NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+ cd "$builddir"
+ XMLTO_FLAGS='--skip-validation' ./configure \
+ --prefix=/usr --sysconfdir=/etc --localstatedir=/var \
+ --disable-static --enable-pam-module --enable-udev-acl \
+ --enable-tests --enable-docbook-docs --enable-polkit
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ install -m 755 "$srcdir"/pam-foreground-compat.ck \
+ "$pkgdir"/usr/lib/ConsoleKit/run-session.d/
+ install -D -m755 "$srcdir"/consolekit2.initd \
+ "$pkgdir"/etc/init.d/consolekit
+}
+sha512sums="30f2ceec14044669f40676e9b17513874350e2b70f0a918be934f7e64309c8595dbec4ac0937044c98dda51eb97c99443dc9d1de33f08365d72da8600296ad78 consolekit2-1.2.0.tar.gz
+8c16c452707475bdd4a50d3ade367d52ad92a6560be48b4e21e5b5eadef6e56c39d3d03d3a64f9b45a59eca50179cf5aa9c11978904d5d101db7498fb9bc0339 consolekit2.initd
+0f628fd1589b1790ad9adcb2278de504b75cc6b4ec7284a1cbda44ebd34b9966014989f47f343cb936d8503acc4eeec43ddff07cb11f55388e47256b8420e2e8 ac_disable_static.patch
+ec0c88e640afac0561c84131d63fa8c9e2e29611b789ae5c163cd11465b22017602d88dc853866624f57bce2ee466ab63af075d083a9ba6e87327ad8d0a0769f 0001-busybox-reboot-and-poweroff-support.patch
+c2adfad3f7f6d5f880e0b7e7ed99f62bd7f2bd510492bba5634f0b2391bacd43cb3246a072400392c508d42acdba114cb920f5d498b0c4339d86cf19f691b6fa add-listseats.patch
+3b114fbbe74cfba0bfd4dad0eb1b85d08b4979a998980c1cbcd7f44b8a16b0ceca224680d4f4a1644cd24698f8817e5e8bdfcdc4ead87a122d0e323142f47910 pam-foreground-compat.ck"
diff --git a/system/consolekit2/ac_disable_static.patch b/system/consolekit2/ac_disable_static.patch
new file mode 100644
index 000000000..38d6f12ac
--- /dev/null
+++ b/system/consolekit2/ac_disable_static.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index 071a0d8..7469697 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -30,7 +30,6 @@ AC_SEARCH_LIBS([strerror],[cposix])
+ AC_PROG_CC
+ AM_PROG_CC_C_O
+ AC_HEADER_STDC
+-AC_DISABLE_STATIC
+-LT_INIT
++LT_INIT([disable-static])
+ AC_HEADER_STDC
+ AC_FUNC_FORK
diff --git a/system/consolekit2/add-listseats.patch b/system/consolekit2/add-listseats.patch
new file mode 100644
index 000000000..44bc034c8
--- /dev/null
+++ b/system/consolekit2/add-listseats.patch
@@ -0,0 +1,100 @@
+diff --git a/data/ConsoleKit.conf b/data/ConsoleKit.conf
+index 6c10476..216a0e9 100644
+--- a/data/ConsoleKit.conf
++++ b/data/ConsoleKit.conf
+@@ -80,6 +80,9 @@
+ send_member="CloseSession"/>
+ <allow send_destination="org.freedesktop.ConsoleKit"
+ send_interface="org.freedesktop.ConsoleKit.Manager"
++ send_member="ListSeats"/>
++ <allow send_destination="org.freedesktop.ConsoleKit"
++ send_interface="org.freedesktop.ConsoleKit.Manager"
+ send_member="GetSeats"/>
+ <allow send_destination="org.freedesktop.ConsoleKit"
+ send_interface="org.freedesktop.ConsoleKit.Manager"
+diff --git a/src/ck-manager.c b/src/ck-manager.c
+index 4722bdb..7d8b8b2 100644
+--- a/src/ck-manager.c
++++ b/src/ck-manager.c
+@@ -3841,6 +3841,44 @@ dbus_unlock_session (ConsoleKitManager *ckmanager,
+ }
+
+ static gboolean
++dbus_list_seats (ConsoleKitManager *ckmanager,
++ GDBusMethodInvocation *context)
++{
++ CkManager *manager;
++ GVariantBuilder seat_builder;
++ GVariant *seat;
++ GHashTableIter seat_iter;
++ const gchar *key;
++ CkSeat *value;
++
++ TRACE ();
++
++ manager = CK_MANAGER (ckmanager);
++
++ g_return_val_if_fail (CK_IS_MANAGER (manager), FALSE);
++
++ /* if we don't have seats, we need to return NULL */
++ if (g_hash_table_size (manager->priv->seats) == 0) {
++ throw_error (context, CK_MANAGER_ERROR_NO_SEATS, _("User has no seats"));
++ return TRUE;
++ }
++
++ g_variant_builder_init (&seat_builder, G_VARIANT_TYPE_ARRAY);
++
++ g_hash_table_iter_init (&seat_iter, manager->priv->seats);
++ while (g_hash_table_iter_next (&seat_iter, &key, &value)) {
++ seat = g_variant_new("(so)",
++ console_kit_seat_get_name( CONSOLE_KIT_SEAT(value) ),
++ key);
++
++ g_variant_builder_add_value (&seat_builder, seat);
++ }
++
++ console_kit_manager_complete_list_seats (ckmanager, context, g_variant_builder_end (&seat_builder));
++ return TRUE;
++}
++
++static gboolean
+ dbus_get_seats (ConsoleKitManager *ckmanager,
+ GDBusMethodInvocation *context)
+ {
+@@ -4134,6 +4172,7 @@ ck_manager_iface_init (ConsoleKitManagerIface *iface)
+ iface->handle_stop = dbus_stop;
+ iface->handle_suspend = dbus_suspend;
+ iface->handle_close_session = dbus_close_session;
++ iface->handle_list_seats = dbus_list_seats;
+ iface->handle_get_seats = dbus_get_seats;
+ iface->handle_get_sessions = dbus_get_sessions;
+ iface->handle_get_sessions_for_unix_user = dbus_get_sessions_for_unix_user;
+diff --git a/src/org.freedesktop.ConsoleKit.Manager.xml b/src/org.freedesktop.ConsoleKit.Manager.xml
+index a44880c..024a3e2 100644
+--- a/src/org.freedesktop.ConsoleKit.Manager.xml
++++ b/src/org.freedesktop.ConsoleKit.Manager.xml
+@@ -531,6 +531,24 @@
+ </doc:doc>
+ </method>
+
++ <method name="ListSeats">
++ <arg name="seats" direction="out" type="a(so)">
++ <doc:doc>
++ <doc:summary>an array of seat names and IDs</doc:summary>
++ </doc:doc>
++ </arg>
++ <doc:doc>
++ <doc:description>
++ <doc:para>Retrieves a list of all <doc:ref type="interface" to="Seat">Seats</doc:ref>
++ that are present on the system.</doc:para>
++ <doc:para>Like the logind method of the same name, this returns both the seat's name
++ (such as "seat0") and the D-Bus object path for the seat object that implements the
++ <doc:ref type="interface" to="Seat">Seat</doc:ref> interface.</doc:para>
++ </doc:description>
++ <doc:seealso><doc:ref type="method" to="Manager.GetSeats">GetSeats()</doc:ref></doc:seealso>
++ </doc:doc>
++ </method>
++
+ <method name="GetSeats">
+ <arg name="seats" direction="out" type="ao">
+ <doc:doc>
diff --git a/system/consolekit2/consolekit2.initd b/system/consolekit2/consolekit2.initd
new file mode 100644
index 000000000..697eea8f9
--- /dev/null
+++ b/system/consolekit2/consolekit2.initd
@@ -0,0 +1,9 @@
+#!/sbin/openrc-run
+
+description="Tracks sessions and seats"
+pidfile="/var/run/ConsoleKit/pid"
+command="/usr/sbin/console-kit-daemon"
+
+depend() {
+ need dbus
+}
diff --git a/system/consolekit2/pam-foreground-compat.ck b/system/consolekit2/pam-foreground-compat.ck
new file mode 100644
index 000000000..c9255503c
--- /dev/null
+++ b/system/consolekit2/pam-foreground-compat.ck
@@ -0,0 +1,17 @@
+#!/bin/sh
+TAGDIR=/var/run/console
+
+[ -n "$CK_SESSION_USER_UID" ] || exit 1
+[ "$CK_SESSION_IS_LOCAL" = "true" ] || exit 0
+
+TAGFILE="$TAGDIR/`getent passwd $CK_SESSION_USER_UID | cut -f 1 -d:`"
+
+if [ "$1" = "session_added" ]; then
+ mkdir -p "$TAGDIR"
+ echo "$CK_SESSION_ID" >> "$TAGFILE"
+fi
+
+if [ "$1" = "session_removed" ] && [ -e "$TAGFILE" ]; then
+ sed -i "\%^$CK_SESSION_ID\$%d" "$TAGFILE"
+ [ -s "$TAGFILE" ] || rm -f "$TAGFILE"
+fi
diff --git a/system/cups/APKBUILD b/system/cups/APKBUILD
new file mode 100644
index 000000000..ebe30a0c7
--- /dev/null
+++ b/system/cups/APKBUILD
@@ -0,0 +1,135 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=cups
+pkgver=2.2.5
+pkgrel=0
+pkgdesc="The CUPS Printing System"
+url="http://www.cups.org/"
+arch="all"
+license="GPL LGPL2+"
+# cupsUTF8ToCharset(CUPS_EUC_JP) of utfdemo.txt: FAIL (UTF-8 to EUC-JP on line 1)
+options="!check"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs ipptool $pkgname-client
+ $pkgname-lang $pkgname-openrc"
+depends_dev="openssl-dev zlib-dev"
+makedepends="$depends_dev libpaper-dev dbus-dev libjpeg-turbo-dev linux-headers
+ gnutls-dev"
+depends="cups-client poppler-utils openssl dbus"
+install="cups.pre-install"
+pkggroups="lp lpadmin"
+pkgusers="lp"
+source="https://github.com/apple/cups/releases/download/v$pkgver/cups-$pkgver-source.tar.gz
+ $pkgname.logrotate
+ cupsd.initd
+ cups-no-export-ssllibs.patch
+ default-config-no-gssapi.patch
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libdir=/usr/lib \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --with-logdir=/var/log/cups \
+ --with-docdir=/usr/share/cups \
+ --with-rundir=/run/cups \
+ --with-cupsd-file-perm=0755 \
+ --with-cups-user=lp \
+ --with-cups-group=lp \
+ --with-system-groups=lpadmin \
+ --with-domainsocket=/run/cups/cups.sock \
+ --without-rcdir \
+ --without-php \
+ --enable-pam \
+ --enable-raw-printing \
+ --enable-dbus \
+ --with-dbusdir=/etc/dbus-1 \
+ --enable-libpaper \
+ --enable-ssl=yes \
+ --enable-gnutls \
+ --disable-launchd \
+ --with-optim="$CFLAGS"
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+
+ make BUILDROOT="$pkgdir" install
+
+ cd "$pkgdir"
+
+ # These no longer works since CUPS >= 1.6 (http://www.cups.org/str.php?L4120).
+ rm -rf usr/share/cups/banners/* \
+ usr/share/cups/data/testprint
+
+ install -D -m 644 "$srcdir"/cups.logrotate etc/logrotate.d/cups
+ install -D -m 755 "$srcdir"/cupsd.initd etc/init.d/cupsd
+
+ if [ -e usr/share/applications/cups.desktop ] ; then
+ sed -i 's|^Exec=htmlview http://localhost:631/|Exec=xdg-open http://localhost:631/|g' \
+ usr/share/applications/cups.desktop
+ fi
+ find usr/share/cups/model -name "*.ppd" | xargs gzip -n9f
+}
+
+libs() {
+ pkgdesc="CUPS libraries"
+ depends=""
+ replaces="libcups"
+
+ cd "$pkgdir"
+ _mv usr/lib/*.so*
+ install -d "$pkgdir"/etc/cups
+}
+
+ipptool() {
+ pkgdesc="Perform internet printing protocol requests"
+ depends=""
+
+ cd "$pkgdir"
+ _mv usr/bin/ipptool \
+ usr/share/cups/ipptool
+}
+
+client() {
+ pkgdesc="CUPS command-line client programs"
+ depends=""
+
+ cd "$pkgdir"
+ _mv usr/bin \
+ usr/sbin/accept \
+ usr/sbin/cupsaccept \
+ usr/sbin/cupsaddsmb \
+ usr/sbin/cupsctl \
+ usr/sbin/cupsdisable \
+ usr/sbin/cupsenable \
+ usr/sbin/lpadmin \
+ usr/sbin/lpc \
+ usr/sbin/lpinfo \
+ usr/sbin/lpmove \
+ usr/sbin/reject
+}
+
+_mv() {
+ local i; for i in "$@"; do
+ mkdir -p "$subpkgdir"/${i%/*}
+ mv "$pkgdir"/$i "$subpkgdir"/${i%/*}/
+ done
+}
+
+sha512sums="5c824e74e2679de360ff1f95aa74013ca2d6a88d11d18041e7a5b51746c2a21bbc10da785791ea4e40d316167560982466789767018bd02676cf810ad0c3a5c9 cups-2.2.5-source.tar.gz
+cf64211da59e79285f99d437c02fdd7db462855fb2920ec9563ba47bd8a9e5cbd10555094940ceedeb41ac805c4f0ddb9147481470112a11a76220d0298aef79 cups.logrotate
+2c2683f755a220166b3a1653fdd1a6daa9718c8f0bbdff2e2d5e61d1133306260d63a83d3ff41619b5cf84c4913fae5822b79553e2822858f38fa3613f4c7082 cupsd.initd
+7a8cd9ac33b0dd4627c72df4275db8ccd7cf8e201bce3833719b42f532f526bb347b842e3ea1ef0d61855b5c6e1088b5d20b68942f2c2c0acf504d8d9728efd3 cups-no-export-ssllibs.patch
+98bb97f4af69ea286fc3d398b8e57c32440e6b2d49fb7f79b418a4fe7f13441f3a610f65d3433d10d971ade808233c0b29b4d66160623ccaae919179384be918 default-config-no-gssapi.patch"
diff --git a/system/cups/cups-no-export-ssllibs.patch b/system/cups/cups-no-export-ssllibs.patch
new file mode 100644
index 000000000..e227bd182
--- /dev/null
+++ b/system/cups/cups-no-export-ssllibs.patch
@@ -0,0 +1,12 @@
+diff -up cups-1.5b1/config-scripts/cups-ssl.m4.no-export-ssllibs cups-1.5b1/config-scripts/cups-ssl.m4
+--- cups-1.6.2/config-scripts/cups-ssl.m4.no-export-ssllibs 2011-05-11 02:52:08.000000000 +0200
++++ cups-1.6.2/config-scripts/cups-ssl.m4 2011-05-23 17:47:27.000000000 +0200
+@@ -180,7 +180,7 @@
+ AC_SUBST(SSLFLAGS)
+ AC_SUBST(SSLLIBS)
+
+-EXPORT_SSLLIBS="$SSLLIBS"
++EXPORT_SSLLIBS=""
+ AC_SUBST(EXPORT_SSLLIBS)
+
+ dnl
diff --git a/system/cups/cups.logrotate b/system/cups/cups.logrotate
new file mode 100644
index 000000000..a50b058a3
--- /dev/null
+++ b/system/cups/cups.logrotate
@@ -0,0 +1,8 @@
+/var/log/cups/*log {
+ missingok
+ notifempty
+ delaycompress
+ postrotate
+ /etc/init.d/cupsd --quiet --ifstarted reload
+ endscript
+}
diff --git a/system/cups/cups.pre-install b/system/cups/cups.pre-install
new file mode 100644
index 000000000..cdb75cac5
--- /dev/null
+++ b/system/cups/cups.pre-install
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+addgroup -S lpadmin 2>/dev/null
+addgroup -S lp 2>/dev/null
+adduser -S -G lp -g lp lp 2>/dev/null
+addgroup lp lp 2>/dev/null
+
+exit 0
diff --git a/system/cups/cupsd.initd b/system/cups/cupsd.initd
new file mode 100644
index 000000000..ff0998784
--- /dev/null
+++ b/system/cups/cupsd.initd
@@ -0,0 +1,44 @@
+#!/sbin/openrc-run
+
+name="CUPS"
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+description_checkconfig="Test the configuration file"
+description_reload="Reload"
+
+: ${cfgfile:="/etc/cups/cupsd.conf"}
+
+command="/usr/sbin/cupsd"
+command_args="-f -c $cfgfile"
+command_background="yes"
+
+pidfile="/run/cups/$RC_SVCNAME.pid"
+
+depend() {
+ use net
+ before nfs
+ need dbus
+ after logger
+}
+
+checkconfig() {
+ $command $command_args -t >/dev/null 2>&1 \
+ || $command $command_args -t
+}
+
+start_pre() {
+ checkconfig || return 1
+
+ checkpath -q -d -m 0775 -o root:lp /var/cache/cups
+ checkpath -q -d -m 0775 -o root:lp /var/cache/cups/rss
+ checkpath -q -d -m 0755 -o root:lp /run/cups
+ checkpath -q -d -m 0511 -o lp:lpadmin /run/cups/certs
+}
+
+reload() {
+ ebegin "Reloading $name"
+ start-stop-daemon --signal HUP --pidfile "$pidfile"
+ eend $?
+}
diff --git a/system/cups/default-config-no-gssapi.patch b/system/cups/default-config-no-gssapi.patch
new file mode 100644
index 000000000..b12c55ddf
--- /dev/null
+++ b/system/cups/default-config-no-gssapi.patch
@@ -0,0 +1,26 @@
+--- a/conf/cupsd.conf.in
++++ b/conf/cupsd.conf.in
+@@ -145,12 +145,12 @@
+
+ # Job-related operations must be done by the owner or an administrator...
+ <Limit Create-Job Print-Job Print-URI Validate-Job>
+- AuthType Negotiate
++ AuthType Default
+ Order deny,allow
+ </Limit>
+
+ <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+- AuthType Negotiate
++ AuthType Default
+ Require user @OWNER @SYSTEM
+ Order deny,allow
+ </Limit>
+@@ -171,7 +171,7 @@
+
+ # Only the owner or an administrator can cancel or authenticate a job...
+ <Limit Cancel-Job CUPS-Authenticate-Job>
+- AuthType Negotiate
++ AuthType Default
+ Require user @OWNER @CUPS_DEFAULT_PRINTOPERATOR_AUTH@
+ Order deny,allow
+ </Limit>
diff --git a/system/dash/APKBUILD b/system/dash/APKBUILD
new file mode 100644
index 000000000..f22c6c8eb
--- /dev/null
+++ b/system/dash/APKBUILD
@@ -0,0 +1,44 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dash
+pkgver=0.5.9.1
+pkgrel=1
+pkgdesc="Small and fast POSIX-compliant shell"
+url="http://gondor.apana.org.au/~herbert/dash/"
+arch="all"
+license="GPL-2.0+"
+subpackages="$pkgname-binsh::noarch $pkgname-doc"
+source="http://gondor.apana.org.au/~herbert/$pkgname/files/$pkgname-$pkgver.tar.gz"
+
+build() {
+ cd "$builddir"
+
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/ \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --localstatedir=/var
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+ ./src/dash -c 'echo ok'
+}
+
+package() {
+ cd "$builddir"
+
+ make DESTDIR="$pkgdir" install
+}
+
+binsh() {
+ pkgdesc="Use dash as /bin/sh"
+ provides="/bin/sh"
+ mkdir -p "$subpkgdir"/bin
+ ln -s dash "$subpkgdir"/bin/sh
+}
+
+sha512sums="d56a043b8fab4693d3f70cceb531c37174e7ded4acd5549e53048d7ce29125ff21d7e758f51a4a73e06250d051e246467039989275838c19a2579edea3f72b7d dash-0.5.9.1.tar.gz"
diff --git a/system/easy-kernel/APKBUILD b/system/easy-kernel/APKBUILD
index 75b891551..bfe1f5cbe 100644
--- a/system/easy-kernel/APKBUILD
+++ b/system/easy-kernel/APKBUILD
@@ -1,17 +1,20 @@
# Contributor: A. Wilcox <awilfox@adelielinux.org>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
-pkgname=easy-kernel
-pkgver=4.14.8
-pkgrel=2
+_pkgname=easy-kernel
+pkgver=4.14.19
+pkgrel=4
+pkgname=$_pkgname-$pkgver-mc$pkgrel
pkgdesc="The Linux kernel, packaged for your convenience"
url="https://kernel.org/"
arch="all"
-options="!check !dbg !strip"
+options="!check !dbg !strip !tracedeps"
license="GPL-2.0"
depends=""
-makedepends="lzop openssl-dev"
+makedepends="bc gzip lzop openssl-dev xz"
install=""
-subpackages="$pkgname-modules"
+provides="easy-kernel=$pkgver-r$pkgrel"
+subpackages="$_pkgname-modules-$pkgver-mc$pkgrel:modules
+ $_pkgname-src-$pkgver-mc$pkgrel:src"
source="https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
https://mirrormaster.adelielinux.org/source/linux-4.14-mc$pkgrel.patch.xz
config-ppc64
@@ -42,22 +45,43 @@ package() {
make INSTALL_PATH="$pkgdir"/boot \
INSTALL_MOD_PATH="$pkgdir" \
install modules_install
+
+ if [ -f "$pkgdir"/boot/vmlinuz ]; then
+ mv "$pkgdir"/boot/vmlinuz \
+ "$pkgdir"/boot/vmlinuz-$pkgver-mc$pkgrel-easy
+ fi
+ if [ -f "$pkgdir"/boot/vmlinux ]; then
+ mv "$pkgdir"/boot/vmlinux \
+ "$pkgdir"/boot/vmlinux-$pkgver-mc$pkgrel-easy
+ fi
+
+ install -D "$builddir"/include/config/kernel.release \
+ "$pkgdir"/usr/share/kernel/easy-$pkgver-mc$pkgrel/kernel.release
}
modules() {
pkgdesc="Modules / device drivers for easy-kernel"
+ provides="easy-kernel-modules=$pkgver-r$pkgrel"
+ autodeps=0 # modules should not depend on src just for symlink
mkdir -p "$subpkgdir"/lib
mv "$pkgdir"/lib/modules "$subpkgdir"/lib/
+ rm "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/build
+ rm "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/source
+ ln -s "../../../usr/src/linux-$pkgver-mc$pkgrel" \
+ "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/build
+ ln -s "../../../usr/src/linux-$pkgver-mc$pkgrel" \
+ "$subpkgdir"/lib/modules/$pkgver-mc$pkgrel-easy/source
}
src() {
- pkgdesc="Kernel source code used to build THIS kernel"
+ pkgdesc="Kernel source code used to build the kernel"
+ provides="easy-kernel-src=$pkgver-r$pkgrel"
mkdir -p "$subpkgdir"/usr/src
- mv "$srcdir"/linux-src "$subpkgdir"/usr/src/linux
+ mv "$srcdir"/linux-src "$subpkgdir"/usr/src/linux-$pkgver-mc$pkgrel
}
sha512sums="77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 linux-4.14.tar.xz
-ea893dbb34129691d766cd2a80319448a99d022474878147cc90da4bf7364f747e1d2a68bc5cd70e701bccb5f5ba48d628678cd4d95afbdb9b0c128137e1c437 linux-4.14-mc2.patch.xz
-15513dd39075d5b3b27adc193995ffef9d0bad2a5b128f04f8952b0b056a97e15a143f2f3b06de1c6eaa56e6034f28c528aa69786563e2bda6bf35e3182acfaa config-ppc64
-4580119dbbb8abb7cf3d433deee76264bc772f7710e75850483181f3d82e58a12e9045c663ae46a4f8633357790a8776d04826ae1f3954c556fa32ff9dade31f config-ppc
-4fdfbbd63b0f6dc1f9988c752d2bfaa51038d1d6f3f9bdf968809acce50c047ad5a82734ab8d37e57008ff43f483b5734cbefa85c564fda25eccdb867e5949b8 config-x86_64
-34baf5fb4a75bd9aa196313fa38ccf7d591b581d47a61be50b61e88ddaecf0f25992f1579e6fe73c73e1e6b11d7beabf05e6d778cc0de09b048252bedc271bc2 config-pmmx"
+e75d81ff5844106d780f81423fb45de47dfcfad52bd1870e590633ca0d8ca453c710543471b2fac862f1cfe39884b206afe8fb25688fb9acb7584e1cc315ba5b linux-4.14-mc4.patch.xz
+9308029118547be983e3e510ede93e8277c3343f3c6828dfd39c8029341fe099b7cc7338d7603d21a3a69a6c1dd749889ea65ea9f5a94a3fae3e59f76ef33a98 config-ppc64
+419dd30c2d2592293e7b6889a397784fed84a1f686c0d2d262177be98bcb022a9eab4f77c930866fbc8651fcec0a06a12fb796b85591b28f0b9852904347e44a config-ppc
+b89282bacff4d90337eaff02dc6f8122b91b54e8606c667ba3478036268e21477e0bbc98f68f8b5d1a750c8cf9ae82cf3c7be2344c1ddb9f108518cf17984690 config-x86_64
+77fe0ae34512cfe4487f4f03cff4b1ea413f1fb40cb9528af6e670c258b6a268d5741b229b4aeeef70e62602813b47e99f59b111acaf82334be3d860d27b5360 config-pmmx"
diff --git a/system/easy-kernel/config-pmmx b/system/easy-kernel/config-pmmx
index 317e04714..21f56d985 100644
--- a/system/easy-kernel/config-pmmx
+++ b/system/easy-kernel/config-pmmx
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.4-mc1 Kernel Configuration
+# Linux/x86 4.14.19-mc4 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -109,7 +109,6 @@ CONFIG_TICK_ONESHOT=y
CONFIG_NO_HZ_COMMON=y
# CONFIG_HZ_PERIODIC is not set
CONFIG_NO_HZ_IDLE=y
-# CONFIG_NO_HZ_FULL is not set
# CONFIG_NO_HZ is not set
CONFIG_HIGH_RES_TIMERS=y
@@ -117,7 +116,6 @@ CONFIG_HIGH_RES_TIMERS=y
# CPU/Task time and stats accounting
#
CONFIG_TICK_CPU_ACCOUNTING=y
-# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set
# CONFIG_IRQ_TIME_ACCOUNTING is not set
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
@@ -307,6 +305,7 @@ CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y
CONFIG_STRICT_KERNEL_RWX=y
CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y
CONFIG_STRICT_MODULE_RWX=y
+CONFIG_ARCH_HAS_REFCOUNT=y
CONFIG_REFCOUNT_FULL=y
#
@@ -417,6 +416,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
CONFIG_X86_MPPARSE=y
CONFIG_X86_BIGSMP=y
# CONFIG_GOLDFISH is not set
+CONFIG_RETPOLINE=y
# CONFIG_INTEL_RDT is not set
CONFIG_X86_EXTENDED_PLATFORM=y
# CONFIG_X86_GOLDFISH is not set
@@ -469,7 +469,6 @@ CONFIG_M586MMX=y
# CONFIG_MCYRIXIII is not set
# CONFIG_MVIAC3_2 is not set
# CONFIG_MVIAC7 is not set
-# CONFIG_MPSC is not set
# CONFIG_MATOM is not set
# CONFIG_MCORE2 is not set
# CONFIG_MNEHALEM is not set
@@ -480,7 +479,6 @@ CONFIG_M586MMX=y
# CONFIG_MHASWELL is not set
# CONFIG_MBROADWELL is not set
# CONFIG_MSKYLAKE is not set
-# CONFIG_GENERIC_CPU is not set
# CONFIG_MNATIVE is not set
CONFIG_X86_GENERIC=y
CONFIG_X86_INTERNODE_CACHE_SHIFT=6
@@ -628,9 +626,6 @@ CONFIG_HOTPLUG_CPU=y
# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set
# CONFIG_DEBUG_HOTPLUG_CPU0 is not set
# CONFIG_COMPAT_VDSO is not set
-# CONFIG_LEGACY_VSYSCALL_NATIVE is not set
-# CONFIG_LEGACY_VSYSCALL_EMULATE is not set
-# CONFIG_LEGACY_VSYSCALL_NONE is not set
# CONFIG_CMDLINE_BOOL is not set
CONFIG_MODIFY_LDT_SYSCALL=y
CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
@@ -871,7 +866,6 @@ CONFIG_TCIC=m
CONFIG_PCMCIA_PROBE=y
CONFIG_PCCARD_NONSTATIC=y
# CONFIG_RAPIDIO is not set
-CONFIG_X86_SYSFB=y
#
# Executable file formats / Emulations
@@ -1409,6 +1403,7 @@ CONFIG_DEV_COREDUMP=y
# CONFIG_SYS_HYPERVISOR is not set
# CONFIG_GENERIC_CPU_DEVICES is not set
CONFIG_GENERIC_CPU_AUTOPROBE=y
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
CONFIG_REGMAP_MMIO=y
@@ -5874,8 +5869,7 @@ CONFIG_IO_DELAY_0X80=y
CONFIG_DEFAULT_IO_DELAY_TYPE=0
# CONFIG_OPTIMIZE_INLINING is not set
# CONFIG_PUNIT_ATOM_DEBUG is not set
-CONFIG_FRAME_POINTER_UNWINDER=y
-# CONFIG_ORC_UNWINDER is not set
+CONFIG_UNWINDER_FRAME_POINTER=y
#
# Security options
@@ -5941,6 +5935,7 @@ CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
+CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
CONFIG_CRYPTO_RSA=y
# CONFIG_CRYPTO_DH is not set
diff --git a/system/easy-kernel/config-ppc b/system/easy-kernel/config-ppc
index ac3d41e82..371a4de1a 100644
--- a/system/easy-kernel/config-ppc
+++ b/system/easy-kernel/config-ppc
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/powerpc 4.14.8-mc2 Kernel Configuration
+# Linux/powerpc 4.14.12-mc3 Kernel Configuration
#
# CONFIG_PPC64 is not set
@@ -132,7 +132,10 @@ CONFIG_VIRT_CPU_ACCOUNTING=y
CONFIG_VIRT_CPU_ACCOUNTING_NATIVE=y
CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
-# CONFIG_TASKSTATS is not set
+CONFIG_TASKSTATS=y
+CONFIG_TASK_DELAY_ACCT=y
+CONFIG_TASK_XACCT=y
+CONFIG_TASK_IO_ACCOUNTING=y
#
# RCU Subsystem
@@ -151,13 +154,16 @@ CONFIG_LOG_BUF_SHIFT=14
CONFIG_LOG_CPU_MAX_BUF_SHIFT=12
CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13
CONFIG_CGROUPS=y
-# CONFIG_MEMCG is not set
+CONFIG_PAGE_COUNTER=y
+CONFIG_MEMCG=y
+# CONFIG_MEMCG_SWAP is not set
CONFIG_BLK_CGROUP=y
# CONFIG_DEBUG_BLK_CGROUP is not set
+CONFIG_CGROUP_WRITEBACK=y
CONFIG_CGROUP_SCHED=y
CONFIG_CGROUP_PIDS=y
-# CONFIG_CGROUP_RDMA is not set
-# CONFIG_CGROUP_FREEZER is not set
+CONFIG_CGROUP_RDMA=y
+CONFIG_CGROUP_FREEZER=y
CONFIG_CPUSETS=y
CONFIG_PROC_PID_CPUSET=y
CONFIG_CGROUP_DEVICE=y
@@ -227,6 +233,7 @@ CONFIG_HAVE_PERF_EVENTS=y
CONFIG_PERF_EVENTS=y
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLUB_DEBUG=y
+# CONFIG_SLUB_MEMCG_SYSFS_ON is not set
# CONFIG_COMPAT_BRK is not set
# CONFIG_SLAB is not set
CONFIG_SLUB=y
@@ -4214,7 +4221,9 @@ CONFIG_QUOTACTL=y
CONFIG_AUTOFS4_FS=m
CONFIG_FUSE_FS=m
# CONFIG_CUSE is not set
-# CONFIG_OVERLAY_FS is not set
+CONFIG_OVERLAY_FS=y
+# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set
+# CONFIG_OVERLAY_FS_INDEX is not set
#
# Caches
diff --git a/system/easy-kernel/config-ppc64 b/system/easy-kernel/config-ppc64
index d2a2dff3a..5b0319d98 100644
--- a/system/easy-kernel/config-ppc64
+++ b/system/easy-kernel/config-ppc64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/powerpc 4.14.4-mc1 Kernel Configuration
+# Linux/powerpc 4.14.12-mc3 Kernel Configuration
#
CONFIG_PPC64=y
@@ -3876,7 +3876,7 @@ CONFIG_HFSPLUS_FS=m
# CONFIG_BEFS_FS is not set
# CONFIG_BFS_FS is not set
# CONFIG_EFS_FS is not set
-CONFIG_CRAMFS=y
+CONFIG_CRAMFS=m
CONFIG_SQUASHFS=y
CONFIG_SQUASHFS_FILE_CACHE=y
# CONFIG_SQUASHFS_FILE_DIRECT is not set
@@ -4304,7 +4304,6 @@ CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
# CONFIG_HARDENED_USERCOPY is not set
# CONFIG_FORTIFY_SOURCE is not set
# CONFIG_STATIC_USERMODEHELPER is not set
-# CONFIG_DEFAULT_SECURITY_APPARMOR is not set
CONFIG_DEFAULT_SECURITY_DAC=y
CONFIG_DEFAULT_SECURITY=""
CONFIG_XOR_BLOCKS=m
diff --git a/system/easy-kernel/config-x86_64 b/system/easy-kernel/config-x86_64
index ced0bcf04..21205357f 100644
--- a/system/easy-kernel/config-x86_64
+++ b/system/easy-kernel/config-x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.14.8-mc2 Kernel Configuration
+# Linux/x86 4.14.19-mc4 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -126,7 +126,8 @@ CONFIG_BSD_PROCESS_ACCT=y
CONFIG_BSD_PROCESS_ACCT_V3=y
CONFIG_TASKSTATS=y
CONFIG_TASK_DELAY_ACCT=y
-# CONFIG_TASK_XACCT is not set
+CONFIG_TASK_XACCT=y
+CONFIG_TASK_IO_ACCOUNTING=y
#
# RCU Subsystem
@@ -163,6 +164,7 @@ CONFIG_CGROUP_FREEZER=y
# CONFIG_CPUSETS is not set
CONFIG_CGROUP_DEVICE=y
CONFIG_CGROUP_PERF=y
+# CONFIG_CGROUP_DEBUG is not set
CONFIG_SOCK_CGROUP_DATA=y
# CONFIG_CHECKPOINT_RESTORE is not set
CONFIG_NAMESPACES=y
@@ -189,7 +191,7 @@ CONFIG_HAVE_UID16=y
CONFIG_SYSCTL_EXCEPTION_TRACE=y
CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_BPF=y
-# CONFIG_EXPERT is not set
+CONFIG_EXPERT=y
CONFIG_UID16=y
CONFIG_MULTIUSER=y
CONFIG_SGETMASK_SYSCALL=y
@@ -197,6 +199,7 @@ CONFIG_SYSFS_SYSCALL=y
# CONFIG_SYSCTL_SYSCALL is not set
CONFIG_POSIX_TIMERS=y
CONFIG_KALLSYMS=y
+# CONFIG_KALLSYMS_ALL is not set
CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y
CONFIG_KALLSYMS_BASE_RELATIVE=y
CONFIG_PRINTK=y
@@ -226,12 +229,14 @@ CONFIG_HAVE_PERF_EVENTS=y
# Kernel Performance Events And Counters
#
CONFIG_PERF_EVENTS=y
+# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_VM_EVENT_COUNTERS=y
CONFIG_SLUB_DEBUG=y
# CONFIG_SLUB_MEMCG_SYSFS_ON is not set
-CONFIG_COMPAT_BRK=y
+# CONFIG_COMPAT_BRK is not set
# CONFIG_SLAB is not set
CONFIG_SLUB=y
+# CONFIG_SLOB is not set
# CONFIG_SLAB_MERGE_DEFAULT is not set
CONFIG_SLAB_FREELIST_RANDOM=y
CONFIG_SLAB_FREELIST_HARDENED=y
@@ -434,6 +439,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
# CONFIG_X86_X2APIC is not set
CONFIG_X86_MPPARSE=y
# CONFIG_GOLDFISH is not set
+CONFIG_RETPOLINE=y
# CONFIG_INTEL_RDT is not set
CONFIG_X86_EXTENDED_PLATFORM=y
# CONFIG_X86_VSMP is not set
@@ -446,6 +452,7 @@ CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y
CONFIG_SCHED_OMIT_FRAME_POINTER=y
CONFIG_HYPERVISOR_GUEST=y
CONFIG_PARAVIRT=y
+# CONFIG_PARAVIRT_DEBUG is not set
# CONFIG_PARAVIRT_SPINLOCKS is not set
CONFIG_XEN=y
CONFIG_XEN_PV=y
@@ -491,6 +498,7 @@ CONFIG_X86_CMPXCHG64=y
CONFIG_X86_CMOV=y
CONFIG_X86_MINIMUM_CPU_FAMILY=64
CONFIG_X86_DEBUGCTLMSR=y
+CONFIG_PROCESSOR_SELECT=y
CONFIG_CPU_SUP_INTEL=y
CONFIG_CPU_SUP_AMD=y
CONFIG_CPU_SUP_CENTAUR=y
@@ -502,6 +510,7 @@ CONFIG_CALGARY_IOMMU=y
CONFIG_CALGARY_IOMMU_ENABLED_BY_DEFAULT=y
CONFIG_SWIOTLB=y
CONFIG_IOMMU_HELPER=y
+# CONFIG_MAXSMP is not set
CONFIG_NR_CPUS=64
CONFIG_SCHED_SMT=y
CONFIG_SMT_NICE=y
@@ -534,7 +543,7 @@ CONFIG_X86_VSYSCALL_EMULATION=y
CONFIG_I8K=m
CONFIG_MICROCODE=y
CONFIG_MICROCODE_INTEL=y
-# CONFIG_MICROCODE_AMD is not set
+CONFIG_MICROCODE_AMD=y
CONFIG_MICROCODE_OLD_INTERFACE=y
# CONFIG_X86_MSR is not set
CONFIG_X86_CPUID=m
@@ -585,6 +594,7 @@ CONFIG_UKSM=y
CONFIG_DEFAULT_MMAP_MIN_ADDR=4096
CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y
CONFIG_MEMORY_FAILURE=y
+# CONFIG_HWPOISON_INJECT is not set
CONFIG_TRANSPARENT_HUGEPAGE=y
# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set
CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y
@@ -661,6 +671,7 @@ CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y
CONFIG_ARCH_HIBERNATION_HEADER=y
CONFIG_SUSPEND=y
CONFIG_SUSPEND_FREEZER=y
+# CONFIG_SUSPEND_SKIP_SYNC is not set
CONFIG_HIBERNATE_CALLBACKS=y
CONFIG_HIBERNATION=y
CONFIG_PM_STD_PARTITION=""
@@ -784,6 +795,7 @@ CONFIG_PCI_DIRECT=y
# CONFIG_PCI_MMCONFIG is not set
CONFIG_PCI_XEN=y
CONFIG_PCI_DOMAINS=y
+# CONFIG_PCI_CNB20LE_QUIRK is not set
CONFIG_PCIEPORTBUS=y
# CONFIG_HOTPLUG_PCI_PCIE is not set
CONFIG_PCIEAER=y
@@ -801,6 +813,7 @@ CONFIG_PCIE_PME=y
CONFIG_PCI_BUS_ADDR_T_64BIT=y
CONFIG_PCI_MSI=y
CONFIG_PCI_MSI_IRQ_DOMAIN=y
+# CONFIG_PCI_DEBUG is not set
# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set
CONFIG_PCI_STUB=m
CONFIG_XEN_PCIDEV_FRONTEND=m
@@ -837,6 +850,7 @@ CONFIG_VMD=m
# PCI switch controller drivers
#
# CONFIG_PCI_SW_SWITCHTEC is not set
+# CONFIG_ISA_BUS is not set
CONFIG_ISA_DMA_API=y
CONFIG_AMD_NB=y
CONFIG_PCCARD=m
@@ -857,7 +871,6 @@ CONFIG_PD6729=m
CONFIG_I82092=m
CONFIG_PCCARD_NONSTATIC=y
# CONFIG_RAPIDIO is not set
-CONFIG_X86_SYSFB=y
#
# Executable file formats / Emulations
@@ -886,28 +899,37 @@ CONFIG_NET_INGRESS=y
# Networking options
#
CONFIG_PACKET=y
-# CONFIG_PACKET_DIAG is not set
+CONFIG_PACKET_DIAG=m
CONFIG_UNIX=y
-# CONFIG_UNIX_DIAG is not set
-# CONFIG_TLS is not set
+CONFIG_UNIX_DIAG=m
+CONFIG_TLS=m
CONFIG_XFRM=y
CONFIG_XFRM_OFFLOAD=y
CONFIG_XFRM_ALGO=m
-# CONFIG_XFRM_USER is not set
+CONFIG_XFRM_USER=m
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
# CONFIG_XFRM_STATISTICS is not set
CONFIG_XFRM_IPCOMP=m
# CONFIG_NET_KEY is not set
CONFIG_INET=y
-# CONFIG_IP_MULTICAST is not set
-# CONFIG_IP_ADVANCED_ROUTER is not set
-# CONFIG_IP_PNP is not set
-# CONFIG_NET_IPIP is not set
+CONFIG_IP_MULTICAST=y
+CONFIG_IP_ADVANCED_ROUTER=y
+# CONFIG_IP_FIB_TRIE_STATS is not set
+# CONFIG_IP_MULTIPLE_TABLES is not set
+# CONFIG_IP_ROUTE_MULTIPATH is not set
+# CONFIG_IP_ROUTE_VERBOSE is not set
+CONFIG_IP_ROUTE_CLASSID=y
+CONFIG_IP_PNP=y
+CONFIG_IP_PNP_DHCP=y
+CONFIG_IP_PNP_BOOTP=y
+# CONFIG_IP_PNP_RARP is not set
+CONFIG_NET_IPIP=m
# CONFIG_NET_IPGRE_DEMUX is not set
CONFIG_NET_IP_TUNNEL=m
-# CONFIG_SYN_COOKIES is not set
-# CONFIG_NET_IPVTI is not set
+# CONFIG_IP_MROUTE is not set
+CONFIG_SYN_COOKIES=y
+CONFIG_NET_IPVTI=m
CONFIG_NET_UDP_TUNNEL=m
# CONFIG_NET_FOU is not set
# CONFIG_NET_FOU_IP_TUNNELS is not set
@@ -922,26 +944,26 @@ CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
-# CONFIG_INET_UDP_DIAG is not set
-# CONFIG_INET_RAW_DIAG is not set
+CONFIG_INET_UDP_DIAG=m
+CONFIG_INET_RAW_DIAG=m
# CONFIG_INET_DIAG_DESTROY is not set
CONFIG_TCP_CONG_ADVANCED=y
CONFIG_TCP_CONG_BIC=m
CONFIG_TCP_CONG_CUBIC=m
CONFIG_TCP_CONG_WESTWOOD=y
CONFIG_TCP_CONG_HTCP=m
-# CONFIG_TCP_CONG_HSTCP is not set
-# CONFIG_TCP_CONG_HYBLA is not set
+CONFIG_TCP_CONG_HSTCP=m
+CONFIG_TCP_CONG_HYBLA=m
CONFIG_TCP_CONG_VEGAS=m
-# CONFIG_TCP_CONG_NV is not set
-# CONFIG_TCP_CONG_SCALABLE is not set
-# CONFIG_TCP_CONG_LP is not set
+CONFIG_TCP_CONG_NV=m
+CONFIG_TCP_CONG_SCALABLE=m
+CONFIG_TCP_CONG_LP=m
CONFIG_TCP_CONG_VENO=m
-# CONFIG_TCP_CONG_YEAH is not set
-# CONFIG_TCP_CONG_ILLINOIS is not set
-# CONFIG_TCP_CONG_DCTCP is not set
-# CONFIG_TCP_CONG_CDG is not set
-# CONFIG_TCP_CONG_BBR is not set
+CONFIG_TCP_CONG_YEAH=m
+CONFIG_TCP_CONG_ILLINOIS=m
+CONFIG_TCP_CONG_DCTCP=m
+CONFIG_TCP_CONG_CDG=m
+CONFIG_TCP_CONG_BBR=m
CONFIG_DEFAULT_WESTWOOD=y
# CONFIG_DEFAULT_RENO is not set
CONFIG_DEFAULT_TCP_CONG="westwood"
@@ -987,11 +1009,12 @@ CONFIG_NETFILTER_NETLINK=m
CONFIG_NETFILTER_NETLINK_LOG=m
CONFIG_NF_CONNTRACK=m
CONFIG_NF_LOG_COMMON=m
-# CONFIG_NF_LOG_NETDEV is not set
+CONFIG_NF_LOG_NETDEV=m
CONFIG_NF_CONNTRACK_PROCFS=y
CONFIG_NF_CONNTRACK_FTP=m
CONFIG_NF_CONNTRACK_IRC=m
-# CONFIG_NF_CONNTRACK_NETBIOS_NS is not set
+CONFIG_NF_CONNTRACK_BROADCAST=m
+CONFIG_NF_CONNTRACK_NETBIOS_NS=m
CONFIG_NF_CONNTRACK_SIP=m
CONFIG_NF_CT_NETLINK=m
# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set
@@ -1002,7 +1025,7 @@ CONFIG_NF_NAT_FTP=m
CONFIG_NF_NAT_IRC=m
CONFIG_NF_NAT_SIP=m
# CONFIG_NF_NAT_TFTP is not set
-# CONFIG_NF_NAT_REDIRECT is not set
+CONFIG_NF_NAT_REDIRECT=m
CONFIG_NF_TABLES=m
CONFIG_NF_TABLES_INET=m
CONFIG_NF_TABLES_NETDEV=m
@@ -1026,9 +1049,12 @@ CONFIG_NFT_REJECT=m
CONFIG_NFT_REJECT_INET=m
CONFIG_NFT_COMPAT=m
CONFIG_NFT_HASH=m
+CONFIG_NFT_FIB=m
+CONFIG_NFT_FIB_INET=m
CONFIG_NF_DUP_NETDEV=m
CONFIG_NFT_DUP_NETDEV=m
CONFIG_NFT_FWD_NETDEV=m
+CONFIG_NFT_FIB_NETDEV=m
CONFIG_NETFILTER_XTABLES=m
#
@@ -1041,9 +1067,9 @@ CONFIG_NETFILTER_XT_MARK=m
#
CONFIG_NETFILTER_XT_TARGET_LOG=m
CONFIG_NETFILTER_XT_NAT=m
-# CONFIG_NETFILTER_XT_TARGET_NETMAP is not set
+CONFIG_NETFILTER_XT_TARGET_NETMAP=m
CONFIG_NETFILTER_XT_TARGET_NFLOG=m
-# CONFIG_NETFILTER_XT_TARGET_REDIRECT is not set
+CONFIG_NETFILTER_XT_TARGET_REDIRECT=m
CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
#
@@ -1053,30 +1079,88 @@ CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
CONFIG_NETFILTER_XT_MATCH_POLICY=m
CONFIG_NETFILTER_XT_MATCH_STATE=m
-# CONFIG_IP_SET is not set
-# CONFIG_IP_VS is not set
+CONFIG_IP_SET=m
+CONFIG_IP_SET_MAX=256
+CONFIG_IP_SET_BITMAP_IP=m
+CONFIG_IP_SET_BITMAP_IPMAC=m
+CONFIG_IP_SET_BITMAP_PORT=m
+CONFIG_IP_SET_HASH_IP=m
+CONFIG_IP_SET_HASH_IPMARK=m
+CONFIG_IP_SET_HASH_IPPORT=m
+CONFIG_IP_SET_HASH_IPPORTIP=m
+CONFIG_IP_SET_HASH_IPPORTNET=m
+CONFIG_IP_SET_HASH_IPMAC=m
+CONFIG_IP_SET_HASH_MAC=m
+CONFIG_IP_SET_HASH_NETPORTNET=m
+CONFIG_IP_SET_HASH_NET=m
+CONFIG_IP_SET_HASH_NETNET=m
+CONFIG_IP_SET_HASH_NETPORT=m
+CONFIG_IP_SET_HASH_NETIFACE=m
+CONFIG_IP_SET_LIST_SET=m
+CONFIG_IP_VS=m
+CONFIG_IP_VS_IPV6=y
+# CONFIG_IP_VS_DEBUG is not set
+CONFIG_IP_VS_TAB_BITS=12
+
+#
+# IPVS transport protocol load balancing support
+#
+CONFIG_IP_VS_PROTO_TCP=y
+CONFIG_IP_VS_PROTO_UDP=y
+CONFIG_IP_VS_PROTO_AH_ESP=y
+CONFIG_IP_VS_PROTO_ESP=y
+CONFIG_IP_VS_PROTO_AH=y
+CONFIG_IP_VS_PROTO_SCTP=y
+
+#
+# IPVS scheduler
+#
+CONFIG_IP_VS_RR=m
+CONFIG_IP_VS_WRR=m
+CONFIG_IP_VS_LC=m
+CONFIG_IP_VS_WLC=m
+CONFIG_IP_VS_FO=m
+CONFIG_IP_VS_OVF=m
+CONFIG_IP_VS_LBLC=m
+CONFIG_IP_VS_LBLCR=m
+CONFIG_IP_VS_DH=m
+CONFIG_IP_VS_SH=m
+CONFIG_IP_VS_SED=m
+CONFIG_IP_VS_NQ=m
+
+#
+# IPVS SH scheduler
+#
+CONFIG_IP_VS_SH_TAB_BITS=8
+
+#
+# IPVS application helper
+#
+CONFIG_IP_VS_FTP=m
+CONFIG_IP_VS_NFCT=y
+CONFIG_IP_VS_PE_SIP=m
#
# IP: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV4=m
CONFIG_NF_CONNTRACK_IPV4=m
-# CONFIG_NF_SOCKET_IPV4 is not set
+CONFIG_NF_SOCKET_IPV4=m
CONFIG_NF_TABLES_IPV4=m
-# CONFIG_NFT_CHAIN_ROUTE_IPV4 is not set
+CONFIG_NFT_CHAIN_ROUTE_IPV4=m
CONFIG_NFT_REJECT_IPV4=m
-# CONFIG_NFT_DUP_IPV4 is not set
-# CONFIG_NFT_FIB_IPV4 is not set
-# CONFIG_NF_TABLES_ARP is not set
-# CONFIG_NF_DUP_IPV4 is not set
+CONFIG_NFT_DUP_IPV4=m
+CONFIG_NFT_FIB_IPV4=m
+CONFIG_NF_TABLES_ARP=m
+CONFIG_NF_DUP_IPV4=m
CONFIG_NF_LOG_ARP=m
CONFIG_NF_LOG_IPV4=m
CONFIG_NF_REJECT_IPV4=m
CONFIG_NF_NAT_IPV4=m
-# CONFIG_NFT_CHAIN_NAT_IPV4 is not set
+CONFIG_NFT_CHAIN_NAT_IPV4=m
CONFIG_NF_NAT_MASQUERADE_IPV4=m
-# CONFIG_NFT_MASQ_IPV4 is not set
-# CONFIG_NFT_REDIR_IPV4 is not set
+CONFIG_NFT_MASQ_IPV4=m
+CONFIG_NFT_REDIR_IPV4=m
# CONFIG_NF_NAT_PPTP is not set
# CONFIG_NF_NAT_H323 is not set
CONFIG_IP_NF_IPTABLES=m
@@ -1085,20 +1169,20 @@ CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_MANGLE=m
-# CONFIG_IP_NF_RAW is not set
+CONFIG_IP_NF_RAW=m
#
# IPv6: Netfilter Configuration
#
CONFIG_NF_DEFRAG_IPV6=m
CONFIG_NF_CONNTRACK_IPV6=m
-# CONFIG_NF_SOCKET_IPV6 is not set
+CONFIG_NF_SOCKET_IPV6=m
CONFIG_NF_TABLES_IPV6=m
-# CONFIG_NFT_CHAIN_ROUTE_IPV6 is not set
+CONFIG_NFT_CHAIN_ROUTE_IPV6=m
CONFIG_NFT_REJECT_IPV6=m
-# CONFIG_NFT_DUP_IPV6 is not set
-# CONFIG_NFT_FIB_IPV6 is not set
-# CONFIG_NF_DUP_IPV6 is not set
+CONFIG_NFT_DUP_IPV6=m
+CONFIG_NFT_FIB_IPV6=m
+CONFIG_NF_DUP_IPV6=m
CONFIG_NF_REJECT_IPV6=m
CONFIG_NF_LOG_IPV6=m
CONFIG_IP6_NF_IPTABLES=m
@@ -1106,8 +1190,47 @@ CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
-# CONFIG_IP6_NF_RAW is not set
-# CONFIG_IP_DCCP is not set
+CONFIG_IP6_NF_RAW=m
+CONFIG_NF_TABLES_BRIDGE=m
+CONFIG_NFT_BRIDGE_META=m
+CONFIG_NFT_BRIDGE_REJECT=m
+CONFIG_NF_LOG_BRIDGE=m
+CONFIG_BRIDGE_NF_EBTABLES=m
+CONFIG_BRIDGE_EBT_BROUTE=m
+CONFIG_BRIDGE_EBT_T_FILTER=m
+CONFIG_BRIDGE_EBT_T_NAT=m
+CONFIG_BRIDGE_EBT_802_3=m
+CONFIG_BRIDGE_EBT_AMONG=m
+CONFIG_BRIDGE_EBT_ARP=m
+CONFIG_BRIDGE_EBT_IP=m
+CONFIG_BRIDGE_EBT_IP6=m
+CONFIG_BRIDGE_EBT_LIMIT=m
+CONFIG_BRIDGE_EBT_MARK=m
+CONFIG_BRIDGE_EBT_PKTTYPE=m
+CONFIG_BRIDGE_EBT_STP=m
+CONFIG_BRIDGE_EBT_VLAN=m
+CONFIG_BRIDGE_EBT_ARPREPLY=m
+CONFIG_BRIDGE_EBT_DNAT=m
+CONFIG_BRIDGE_EBT_MARK_T=m
+CONFIG_BRIDGE_EBT_REDIRECT=m
+CONFIG_BRIDGE_EBT_SNAT=m
+CONFIG_BRIDGE_EBT_LOG=m
+CONFIG_BRIDGE_EBT_NFLOG=m
+CONFIG_IP_DCCP=m
+CONFIG_INET_DCCP_DIAG=m
+
+#
+# DCCP CCIDs Configuration
+#
+# CONFIG_IP_DCCP_CCID2_DEBUG is not set
+CONFIG_IP_DCCP_CCID3=y
+# CONFIG_IP_DCCP_CCID3_DEBUG is not set
+CONFIG_IP_DCCP_TFRC_LIB=y
+
+#
+# DCCP Kernel Hacking
+#
+# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=m
# CONFIG_SCTP_DBG_OBJCNT is not set
CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
@@ -1116,100 +1239,180 @@ CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y
CONFIG_SCTP_COOKIE_HMAC_MD5=y
CONFIG_SCTP_COOKIE_HMAC_SHA1=y
CONFIG_INET_SCTP_DIAG=m
-# CONFIG_RDS is not set
-# CONFIG_TIPC is not set
-# CONFIG_ATM is not set
+CONFIG_RDS=m
+CONFIG_RDS_TCP=m
+# CONFIG_RDS_DEBUG is not set
+CONFIG_TIPC=m
+CONFIG_TIPC_MEDIA_UDP=y
+CONFIG_ATM=m
+CONFIG_ATM_CLIP=m
+# CONFIG_ATM_CLIP_NO_ICMP is not set
+CONFIG_ATM_LANE=m
+CONFIG_ATM_MPOA=m
+CONFIG_ATM_BR2684=m
+# CONFIG_ATM_BR2684_IPFILTER is not set
CONFIG_L2TP=m
-# CONFIG_L2TP_V3 is not set
-# CONFIG_BRIDGE is not set
+CONFIG_L2TP_V3=y
+CONFIG_L2TP_IP=m
+CONFIG_L2TP_ETH=m
+CONFIG_STP=m
+CONFIG_GARP=m
+CONFIG_MRP=m
+CONFIG_BRIDGE=m
+CONFIG_BRIDGE_IGMP_SNOOPING=y
+CONFIG_BRIDGE_VLAN_FILTERING=y
CONFIG_HAVE_NET_DSA=y
-# CONFIG_NET_DSA is not set
+CONFIG_NET_DSA=m
CONFIG_VLAN_8021Q=m
-# CONFIG_VLAN_8021Q_GVRP is not set
-# CONFIG_VLAN_8021Q_MVRP is not set
-# CONFIG_DECNET is not set
+CONFIG_VLAN_8021Q_GVRP=y
+CONFIG_VLAN_8021Q_MVRP=y
+CONFIG_DECNET=m
+CONFIG_DECNET_ROUTER=y
CONFIG_LLC=m
-# CONFIG_LLC2 is not set
-# CONFIG_IPX is not set
+CONFIG_LLC2=m
+CONFIG_IPX=m
+CONFIG_IPX_INTERN=y
CONFIG_ATALK=m
CONFIG_DEV_APPLETALK=m
CONFIG_IPDDP=m
-# CONFIG_IPDDP_ENCAP is not set
-# CONFIG_X25 is not set
-# CONFIG_LAPB is not set
-# CONFIG_PHONET is not set
-# CONFIG_6LOWPAN is not set
-# CONFIG_IEEE802154 is not set
+CONFIG_IPDDP_ENCAP=y
+CONFIG_X25=m
+CONFIG_LAPB=m
+CONFIG_PHONET=m
+CONFIG_6LOWPAN=m
+CONFIG_6LOWPAN_NHC=m
+CONFIG_6LOWPAN_NHC_DEST=m
+CONFIG_6LOWPAN_NHC_FRAGMENT=m
+CONFIG_6LOWPAN_NHC_HOP=m
+CONFIG_6LOWPAN_NHC_IPV6=m
+CONFIG_6LOWPAN_NHC_MOBILITY=m
+CONFIG_6LOWPAN_NHC_ROUTING=m
+CONFIG_6LOWPAN_NHC_UDP=m
+CONFIG_6LOWPAN_GHC_EXT_HDR_HOP=m
+CONFIG_6LOWPAN_GHC_UDP=m
+CONFIG_6LOWPAN_GHC_ICMPV6=m
+CONFIG_6LOWPAN_GHC_EXT_HDR_DEST=m
+CONFIG_6LOWPAN_GHC_EXT_HDR_FRAG=m
+CONFIG_6LOWPAN_GHC_EXT_HDR_ROUTE=m
+CONFIG_IEEE802154=m
+# CONFIG_IEEE802154_NL802154_EXPERIMENTAL is not set
+CONFIG_IEEE802154_SOCKET=m
+CONFIG_IEEE802154_6LOWPAN=m
+CONFIG_MAC802154=m
CONFIG_NET_SCHED=y
#
# Queueing/Scheduling
#
CONFIG_NET_SCH_CBQ=m
-# CONFIG_NET_SCH_HTB is not set
-# CONFIG_NET_SCH_HFSC is not set
-# CONFIG_NET_SCH_PRIO is not set
-# CONFIG_NET_SCH_MULTIQ is not set
-# CONFIG_NET_SCH_RED is not set
-# CONFIG_NET_SCH_SFB is not set
-# CONFIG_NET_SCH_SFQ is not set
-# CONFIG_NET_SCH_TEQL is not set
-# CONFIG_NET_SCH_TBF is not set
-# CONFIG_NET_SCH_GRED is not set
-# CONFIG_NET_SCH_DSMARK is not set
-# CONFIG_NET_SCH_NETEM is not set
-# CONFIG_NET_SCH_DRR is not set
-# CONFIG_NET_SCH_MQPRIO is not set
-# CONFIG_NET_SCH_CHOKE is not set
-# CONFIG_NET_SCH_QFQ is not set
-# CONFIG_NET_SCH_CODEL is not set
-# CONFIG_NET_SCH_FQ_CODEL is not set
-# CONFIG_NET_SCH_FQ is not set
-# CONFIG_NET_SCH_HHF is not set
-# CONFIG_NET_SCH_PIE is not set
-# CONFIG_NET_SCH_PLUG is not set
+CONFIG_NET_SCH_HTB=m
+CONFIG_NET_SCH_HFSC=m
+CONFIG_NET_SCH_ATM=m
+CONFIG_NET_SCH_PRIO=m
+CONFIG_NET_SCH_MULTIQ=m
+CONFIG_NET_SCH_RED=m
+CONFIG_NET_SCH_SFB=m
+CONFIG_NET_SCH_SFQ=m
+CONFIG_NET_SCH_TEQL=m
+CONFIG_NET_SCH_TBF=m
+CONFIG_NET_SCH_GRED=m
+CONFIG_NET_SCH_DSMARK=m
+CONFIG_NET_SCH_NETEM=m
+CONFIG_NET_SCH_DRR=m
+CONFIG_NET_SCH_MQPRIO=m
+CONFIG_NET_SCH_CHOKE=m
+CONFIG_NET_SCH_QFQ=m
+CONFIG_NET_SCH_CODEL=m
+CONFIG_NET_SCH_FQ_CODEL=m
+CONFIG_NET_SCH_FQ=m
+CONFIG_NET_SCH_HHF=m
+CONFIG_NET_SCH_PIE=m
+# CONFIG_NET_SCH_INGRESS is not set
+CONFIG_NET_SCH_PLUG=m
# CONFIG_NET_SCH_DEFAULT is not set
#
# Classification
#
CONFIG_NET_CLS=y
-# CONFIG_NET_CLS_BASIC is not set
-# CONFIG_NET_CLS_TCINDEX is not set
-# CONFIG_NET_CLS_ROUTE4 is not set
+CONFIG_NET_CLS_BASIC=m
+CONFIG_NET_CLS_TCINDEX=m
+CONFIG_NET_CLS_ROUTE4=m
CONFIG_NET_CLS_FW=m
-# CONFIG_NET_CLS_U32 is not set
-# CONFIG_NET_CLS_RSVP is not set
-# CONFIG_NET_CLS_RSVP6 is not set
-# CONFIG_NET_CLS_FLOW is not set
+CONFIG_NET_CLS_U32=m
+# CONFIG_CLS_U32_PERF is not set
+# CONFIG_CLS_U32_MARK is not set
+CONFIG_NET_CLS_RSVP=m
+CONFIG_NET_CLS_RSVP6=m
+CONFIG_NET_CLS_FLOW=m
CONFIG_NET_CLS_CGROUP=m
-# CONFIG_NET_CLS_BPF is not set
-# CONFIG_NET_CLS_FLOWER is not set
-# CONFIG_NET_CLS_MATCHALL is not set
-# CONFIG_NET_EMATCH is not set
-# CONFIG_NET_CLS_ACT is not set
-# CONFIG_NET_CLS_IND is not set
+CONFIG_NET_CLS_BPF=m
+CONFIG_NET_CLS_FLOWER=m
+CONFIG_NET_CLS_MATCHALL=m
+CONFIG_NET_EMATCH=y
+CONFIG_NET_EMATCH_STACK=32
+CONFIG_NET_EMATCH_CMP=m
+CONFIG_NET_EMATCH_NBYTE=m
+CONFIG_NET_EMATCH_U32=m
+CONFIG_NET_EMATCH_META=m
+CONFIG_NET_EMATCH_TEXT=m
+CONFIG_NET_EMATCH_CANID=m
+CONFIG_NET_EMATCH_IPSET=m
+CONFIG_NET_CLS_ACT=y
+CONFIG_NET_ACT_POLICE=m
+CONFIG_NET_ACT_GACT=m
+# CONFIG_GACT_PROB is not set
+CONFIG_NET_ACT_MIRRED=m
+CONFIG_NET_ACT_SAMPLE=m
+CONFIG_NET_ACT_IPT=m
+CONFIG_NET_ACT_NAT=m
+CONFIG_NET_ACT_PEDIT=m
+CONFIG_NET_ACT_SIMP=m
+CONFIG_NET_ACT_SKBEDIT=m
+CONFIG_NET_ACT_CSUM=m
+CONFIG_NET_ACT_VLAN=m
+CONFIG_NET_ACT_BPF=m
+CONFIG_NET_ACT_SKBMOD=m
+CONFIG_NET_ACT_IFE=m
+CONFIG_NET_ACT_TUNNEL_KEY=m
+CONFIG_NET_IFE_SKBMARK=m
+CONFIG_NET_IFE_SKBPRIO=m
+CONFIG_NET_IFE_SKBTCINDEX=m
+CONFIG_NET_CLS_IND=y
CONFIG_NET_SCH_FIFO=y
# CONFIG_DCB is not set
CONFIG_DNS_RESOLVER=m
-# CONFIG_BATMAN_ADV is not set
-# CONFIG_OPENVSWITCH is not set
-# CONFIG_VSOCKETS is not set
+CONFIG_BATMAN_ADV=m
+# CONFIG_BATMAN_ADV_BATMAN_V is not set
+CONFIG_BATMAN_ADV_BLA=y
+# CONFIG_BATMAN_ADV_DAT is not set
+# CONFIG_BATMAN_ADV_NC is not set
+# CONFIG_BATMAN_ADV_MCAST is not set
+CONFIG_OPENVSWITCH=m
+CONFIG_OPENVSWITCH_VXLAN=m
+CONFIG_OPENVSWITCH_GENEVE=m
+CONFIG_VSOCKETS=m
+# CONFIG_VMWARE_VMCI_VSOCKETS is not set
+CONFIG_VIRTIO_VSOCKETS=m
+CONFIG_VIRTIO_VSOCKETS_COMMON=m
+CONFIG_HYPERV_VSOCKETS=m
CONFIG_NETLINK_DIAG=m
-# CONFIG_MPLS is not set
+CONFIG_MPLS=y
+CONFIG_NET_MPLS_GSO=m
+CONFIG_MPLS_ROUTING=m
# CONFIG_NET_NSH is not set
-# CONFIG_HSR is not set
-# CONFIG_NET_SWITCHDEV is not set
+CONFIG_HSR=m
+CONFIG_NET_SWITCHDEV=y
# CONFIG_NET_L3_MASTER_DEV is not set
# CONFIG_NET_NCSI is not set
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
-# CONFIG_CGROUP_NET_PRIO is not set
+CONFIG_CGROUP_NET_PRIO=y
CONFIG_CGROUP_NET_CLASSID=y
CONFIG_NET_RX_BUSY_POLL=y
CONFIG_BQL=y
-# CONFIG_BPF_JIT is not set
+CONFIG_BPF_JIT=y
CONFIG_NET_FLOW_LIMIT=y
#
@@ -1234,7 +1437,7 @@ CONFIG_6PACK=m
CONFIG_BPQETHER=m
CONFIG_BAYCOM_SER_FDX=m
CONFIG_BAYCOM_SER_HDX=m
-# CONFIG_BAYCOM_PAR is not set
+CONFIG_BAYCOM_PAR=m
CONFIG_YAM=m
CONFIG_CAN=m
CONFIG_CAN_RAW=m
@@ -1249,8 +1452,8 @@ CONFIG_CAN_VXCAN=m
CONFIG_CAN_SLCAN=m
CONFIG_CAN_DEV=m
CONFIG_CAN_CALC_BITTIMING=y
-# CONFIG_CAN_LEDS is not set
-# CONFIG_CAN_GRCAN is not set
+CONFIG_CAN_LEDS=y
+CONFIG_CAN_GRCAN=m
CONFIG_CAN_C_CAN=m
CONFIG_CAN_C_CAN_PLATFORM=m
CONFIG_CAN_C_CAN_PCI=m
@@ -1273,6 +1476,12 @@ CONFIG_CAN_SOFTING=m
CONFIG_CAN_SOFTING_CS=m
#
+# CAN SPI interfaces
+#
+# CONFIG_CAN_HI311X is not set
+# CONFIG_CAN_MCP251X is not set
+
+#
# CAN USB interfaces
#
# CONFIG_CAN_EMS_USB is not set
@@ -1290,44 +1499,53 @@ CONFIG_BT_RFCOMM=m
CONFIG_BT_BNEP=m
# CONFIG_BT_BNEP_MC_FILTER is not set
# CONFIG_BT_BNEP_PROTO_FILTER is not set
+# CONFIG_BT_CMTP is not set
CONFIG_BT_HIDP=m
CONFIG_BT_HS=y
CONFIG_BT_LE=y
-# CONFIG_BT_LEDS is not set
+# CONFIG_BT_6LOWPAN is not set
+CONFIG_BT_LEDS=y
+# CONFIG_BT_SELFTEST is not set
#
# Bluetooth device drivers
#
CONFIG_BT_INTEL=m
+CONFIG_BT_BCM=m
+CONFIG_BT_RTL=m
CONFIG_BT_QCA=m
-# CONFIG_BT_HCIBTUSB is not set
-# CONFIG_BT_HCIBTSDIO is not set
+CONFIG_BT_HCIBTUSB=m
+CONFIG_BT_HCIBTUSB_BCM=y
+CONFIG_BT_HCIBTUSB_RTL=y
+CONFIG_BT_HCIBTSDIO=m
CONFIG_BT_HCIUART=m
CONFIG_BT_HCIUART_SERDEV=y
CONFIG_BT_HCIUART_H4=y
-# CONFIG_BT_HCIUART_NOKIA is not set
-# CONFIG_BT_HCIUART_BCSP is not set
-# CONFIG_BT_HCIUART_ATH3K is not set
-# CONFIG_BT_HCIUART_LL is not set
-# CONFIG_BT_HCIUART_3WIRE is not set
+CONFIG_BT_HCIUART_NOKIA=m
+CONFIG_BT_HCIUART_BCSP=y
+CONFIG_BT_HCIUART_ATH3K=y
+CONFIG_BT_HCIUART_LL=y
+CONFIG_BT_HCIUART_3WIRE=y
CONFIG_BT_HCIUART_INTEL=y
-# CONFIG_BT_HCIUART_BCM is not set
+CONFIG_BT_HCIUART_BCM=y
CONFIG_BT_HCIUART_QCA=y
CONFIG_BT_HCIUART_AG6XX=y
CONFIG_BT_HCIUART_MRVL=y
-# CONFIG_BT_HCIBCM203X is not set
-# CONFIG_BT_HCIBPA10X is not set
-# CONFIG_BT_HCIBFUSB is not set
+CONFIG_BT_HCIBCM203X=m
+CONFIG_BT_HCIBPA10X=m
+CONFIG_BT_HCIBFUSB=m
CONFIG_BT_HCIDTL1=m
CONFIG_BT_HCIBT3C=m
CONFIG_BT_HCIBLUECARD=m
CONFIG_BT_HCIBTUART=m
CONFIG_BT_HCIVHCI=m
CONFIG_BT_MRVL=m
-# CONFIG_BT_MRVL_SDIO is not set
+CONFIG_BT_MRVL_SDIO=m
+CONFIG_BT_ATH3K=m
# CONFIG_AF_RXRPC is not set
# CONFIG_AF_KCM is not set
# CONFIG_STREAM_PARSER is not set
+CONFIG_FIB_RULES=y
CONFIG_WIRELESS=y
CONFIG_WIRELESS_EXT=y
CONFIG_WEXT_CORE=y
@@ -1337,6 +1555,7 @@ CONFIG_WEXT_PRIV=y
CONFIG_CFG80211=m
# CONFIG_NL80211_TESTMODE is not set
# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set
+# CONFIG_CFG80211_CERTIFICATION_ONUS is not set
CONFIG_CFG80211_DEFAULT_PS=y
# CONFIG_CFG80211_INTERNAL_REGDB is not set
CONFIG_CFG80211_CRDA_SUPPORT=y
@@ -1359,19 +1578,63 @@ CONFIG_MAC80211_LEDS=y
# CONFIG_MAC80211_MESSAGE_TRACING is not set
# CONFIG_MAC80211_DEBUG_MENU is not set
CONFIG_MAC80211_STA_HASH_MAX_SIZE=0
-# CONFIG_WIMAX is not set
-# CONFIG_RFKILL is not set
-# CONFIG_NET_9P is not set
+CONFIG_WIMAX=m
+CONFIG_WIMAX_DEBUG_LEVEL=8
+CONFIG_RFKILL=m
+CONFIG_RFKILL_LEDS=y
+# CONFIG_RFKILL_INPUT is not set
+CONFIG_NET_9P=m
+CONFIG_NET_9P_VIRTIO=m
+CONFIG_NET_9P_XEN=m
+# CONFIG_NET_9P_DEBUG is not set
# CONFIG_CAIF is not set
-# CONFIG_CEPH_LIB is not set
-# CONFIG_NFC is not set
-# CONFIG_PSAMPLE is not set
-# CONFIG_NET_IFE is not set
+CONFIG_CEPH_LIB=m
+# CONFIG_CEPH_LIB_PRETTYDEBUG is not set
+# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set
+CONFIG_NFC=m
+CONFIG_NFC_DIGITAL=m
+CONFIG_NFC_NCI=m
+# CONFIG_NFC_NCI_SPI is not set
+CONFIG_NFC_NCI_UART=m
+CONFIG_NFC_HCI=m
+CONFIG_NFC_SHDLC=y
+
+#
+# Near Field Communication (NFC) devices
+#
+# CONFIG_NFC_MEI_PHY is not set
+# CONFIG_NFC_SIM is not set
+CONFIG_NFC_PORT100=m
+CONFIG_NFC_FDP=m
+CONFIG_NFC_FDP_I2C=m
+CONFIG_NFC_PN544=m
+CONFIG_NFC_PN544_I2C=m
+CONFIG_NFC_PN533=m
+CONFIG_NFC_PN533_USB=m
+CONFIG_NFC_PN533_I2C=m
+CONFIG_NFC_MICROREAD=m
+CONFIG_NFC_MICROREAD_I2C=m
+CONFIG_NFC_MRVL=m
+CONFIG_NFC_MRVL_USB=m
+CONFIG_NFC_MRVL_UART=m
+CONFIG_NFC_MRVL_I2C=m
+CONFIG_NFC_ST21NFCA=m
+CONFIG_NFC_ST21NFCA_I2C=m
+CONFIG_NFC_ST_NCI=m
+CONFIG_NFC_ST_NCI_I2C=m
+# CONFIG_NFC_ST_NCI_SPI is not set
+CONFIG_NFC_NXP_NCI=m
+CONFIG_NFC_NXP_NCI_I2C=m
+CONFIG_NFC_S3FWRN5=m
+CONFIG_NFC_S3FWRN5_I2C=m
+# CONFIG_NFC_ST95HF is not set
+CONFIG_PSAMPLE=m
+CONFIG_NET_IFE=m
# CONFIG_LWTUNNEL is not set
CONFIG_DST_CACHE=y
CONFIG_GRO_CELLS=y
-# CONFIG_NET_DEVLINK is not set
-CONFIG_MAY_USE_DEVLINK=y
+CONFIG_NET_DEVLINK=m
+CONFIG_MAY_USE_DEVLINK=m
CONFIG_HAVE_EBPF_JIT=y
#
@@ -1394,12 +1657,17 @@ CONFIG_EXTRA_FIRMWARE=""
CONFIG_WANT_DEV_COREDUMP=y
CONFIG_ALLOW_DEV_COREDUMP=y
CONFIG_DEV_COREDUMP=y
+# CONFIG_DEBUG_DRIVER is not set
+# CONFIG_DEBUG_DEVRES is not set
+# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set
CONFIG_SYS_HYPERVISOR=y
# CONFIG_GENERIC_CPU_DEVICES is not set
CONFIG_GENERIC_CPU_AUTOPROBE=y
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
CONFIG_REGMAP=y
CONFIG_REGMAP_I2C=m
+CONFIG_REGMAP_SPI=m
CONFIG_REGMAP_MMIO=y
CONFIG_DMA_SHARED_BUFFER=y
# CONFIG_DMA_FENCE_TRACE is not set
@@ -1488,38 +1756,43 @@ CONFIG_ATA_OVER_ETH=m
CONFIG_XEN_BLKDEV_FRONTEND=y
CONFIG_XEN_BLKDEV_BACKEND=y
CONFIG_VIRTIO_BLK=y
-CONFIG_VIRTIO_BLK_SCSI=y
+# CONFIG_VIRTIO_BLK_SCSI is not set
# CONFIG_BLK_DEV_RBD is not set
CONFIG_BLK_DEV_RSXX=m
CONFIG_NVME_CORE=y
CONFIG_BLK_DEV_NVME=y
CONFIG_NVME_FABRICS=y
CONFIG_NVME_FC=y
-# CONFIG_NVME_TARGET is not set
+CONFIG_NVME_TARGET=m
+# CONFIG_NVME_TARGET_LOOP is not set
+# CONFIG_NVME_TARGET_FC is not set
#
# Misc devices
#
-# CONFIG_SENSORS_LIS3LV02D is not set
+CONFIG_SENSORS_LIS3LV02D=m
# CONFIG_AD525X_DPOT is not set
# CONFIG_DUMMY_IRQ is not set
-# CONFIG_IBM_ASM is not set
+CONFIG_IBM_ASM=m
# CONFIG_PHANTOM is not set
# CONFIG_SGI_IOC4 is not set
CONFIG_TIFM_CORE=m
CONFIG_TIFM_7XX1=m
# CONFIG_ICS932S401 is not set
-# CONFIG_ENCLOSURE_SERVICES is not set
-# CONFIG_HP_ILO is not set
+CONFIG_ENCLOSURE_SERVICES=m
+CONFIG_HP_ILO=m
# CONFIG_APDS9802ALS is not set
-# CONFIG_ISL29003 is not set
-# CONFIG_ISL29020 is not set
-# CONFIG_SENSORS_TSL2550 is not set
+CONFIG_ISL29003=m
+CONFIG_ISL29020=m
+CONFIG_SENSORS_TSL2550=m
# CONFIG_SENSORS_BH1770 is not set
# CONFIG_SENSORS_APDS990X is not set
# CONFIG_HMC6352 is not set
# CONFIG_DS1682 is not set
+# CONFIG_TI_DAC7512 is not set
+CONFIG_VMWARE_BALLOON=m
# CONFIG_USB_SWITCH_FSA9480 is not set
+# CONFIG_LATTICE_ECP3_CONFIG is not set
# CONFIG_SRAM is not set
# CONFIG_PCI_ENDPOINT_TEST is not set
# CONFIG_C2PORT is not set
@@ -1527,11 +1800,13 @@ CONFIG_TIFM_7XX1=m
#
# EEPROM support
#
-# CONFIG_EEPROM_AT24 is not set
-# CONFIG_EEPROM_LEGACY is not set
+CONFIG_EEPROM_AT24=m
+# CONFIG_EEPROM_AT25 is not set
+CONFIG_EEPROM_LEGACY=m
# CONFIG_EEPROM_MAX6875 is not set
CONFIG_EEPROM_93CX6=y
-# CONFIG_EEPROM_IDT_89HPESX is not set
+# CONFIG_EEPROM_93XX46 is not set
+CONFIG_EEPROM_IDT_89HPESX=m
CONFIG_CB710_CORE=m
# CONFIG_CB710_DEBUG is not set
CONFIG_CB710_DEBUG_ASSUMPTIONS=y
@@ -1545,45 +1820,51 @@ CONFIG_CB710_DEBUG_ASSUMPTIONS=y
# Altera FPGA firmware download module
#
# CONFIG_ALTERA_STAPL is not set
-# CONFIG_INTEL_MEI is not set
-# CONFIG_INTEL_MEI_ME is not set
-# CONFIG_INTEL_MEI_TXE is not set
-# CONFIG_VMWARE_VMCI is not set
+CONFIG_INTEL_MEI=m
+CONFIG_INTEL_MEI_ME=m
+CONFIG_INTEL_MEI_TXE=m
+CONFIG_VMWARE_VMCI=m
#
# Intel MIC Bus Driver
#
-# CONFIG_INTEL_MIC_BUS is not set
+CONFIG_INTEL_MIC_BUS=m
#
# SCIF Bus Driver
#
-# CONFIG_SCIF_BUS is not set
+CONFIG_SCIF_BUS=m
#
# VOP Bus Driver
#
-# CONFIG_VOP_BUS is not set
+CONFIG_VOP_BUS=m
#
# Intel MIC Host Driver
#
+CONFIG_INTEL_MIC_HOST=m
#
# Intel MIC Card Driver
#
+CONFIG_INTEL_MIC_CARD=m
#
# SCIF Driver
#
+CONFIG_SCIF=m
#
# Intel MIC Coprocessor State Management (COSM) Drivers
#
+CONFIG_MIC_COSM=m
#
# VOP Driver
#
+CONFIG_VOP=m
+CONFIG_VHOST_RING=m
# CONFIG_GENWQE is not set
# CONFIG_ECHO is not set
# CONFIG_CXL_BASE is not set
@@ -1613,6 +1894,7 @@ CONFIG_BLK_DEV_SR=y
# CONFIG_BLK_DEV_SR_VENDOR is not set
CONFIG_CHR_DEV_SG=y
CONFIG_CHR_DEV_SCH=y
+# CONFIG_SCSI_ENCLOSURE is not set
# CONFIG_SCSI_CONSTANTS is not set
# CONFIG_SCSI_LOGGING is not set
# CONFIG_SCSI_SCAN_ASYNC is not set
@@ -1629,7 +1911,7 @@ CONFIG_SCSI_SAS_LIBSAS=y
CONFIG_SCSI_SAS_HOST_SMP=y
CONFIG_SCSI_SRP_ATTRS=y
CONFIG_SCSI_LOWLEVEL=y
-# CONFIG_ISCSI_TCP is not set
+CONFIG_ISCSI_TCP=m
CONFIG_ISCSI_BOOT_SYSFS=y
CONFIG_SCSI_CXGB3_ISCSI=m
CONFIG_SCSI_CXGB4_ISCSI=m
@@ -1709,7 +1991,7 @@ CONFIG_SCSI_SYM53C8XX_MMIO=y
CONFIG_SCSI_QLOGIC_1280=m
CONFIG_SCSI_QLA_FC=m
CONFIG_SCSI_QLA_ISCSI=m
-# CONFIG_QEDI is not set
+CONFIG_QEDI=m
CONFIG_SCSI_LPFC=m
CONFIG_SCSI_DC395x=m
CONFIG_SCSI_AM53C974=m
@@ -1762,6 +2044,7 @@ CONFIG_ATA_BMDMA=y
# SATA SFF controllers with BMDMA
#
CONFIG_ATA_PIIX=y
+# CONFIG_SATA_DWC is not set
CONFIG_SATA_MV=y
CONFIG_SATA_NV=y
CONFIG_SATA_PROMISE=y
@@ -1818,6 +2101,7 @@ CONFIG_PATA_MPIIX=m
CONFIG_PATA_NS87410=m
CONFIG_PATA_OPTI=m
CONFIG_PATA_PCMCIA=m
+# CONFIG_PATA_PLATFORM is not set
CONFIG_PATA_RZ1000=m
#
@@ -1836,7 +2120,9 @@ CONFIG_MD_RAID10=y
CONFIG_MD_RAID456=y
CONFIG_MD_MULTIPATH=y
# CONFIG_MD_FAULTY is not set
-# CONFIG_BCACHE is not set
+CONFIG_BCACHE=m
+# CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_CLOSURES_DEBUG is not set
CONFIG_BLK_DEV_DM_BUILTIN=y
CONFIG_BLK_DEV_DM=y
CONFIG_DM_MQ_DEFAULT=y
@@ -1885,6 +2171,7 @@ CONFIG_BONDING=m
# CONFIG_DUMMY is not set
# CONFIG_EQUALIZER is not set
# CONFIG_NET_FC is not set
+# CONFIG_IFB is not set
CONFIG_NET_TEAM=m
# CONFIG_NET_TEAM_MODE_BROADCAST is not set
# CONFIG_NET_TEAM_MODE_ROUNDROBIN is not set
@@ -1893,10 +2180,10 @@ CONFIG_NET_TEAM=m
# CONFIG_NET_TEAM_MODE_LOADBALANCE is not set
CONFIG_MACVLAN=m
CONFIG_MACVTAP=m
-# CONFIG_VXLAN is not set
-# CONFIG_GENEVE is not set
+CONFIG_VXLAN=m
+CONFIG_GENEVE=m
CONFIG_GTP=m
-# CONFIG_MACSEC is not set
+CONFIG_MACSEC=m
CONFIG_NETCONSOLE=m
# CONFIG_NETCONSOLE_DYNAMIC is not set
CONFIG_NETPOLL=y
@@ -1905,10 +2192,11 @@ CONFIG_TUN=m
CONFIG_TAP=m
# CONFIG_TUN_VNET_CROSS_LE is not set
# CONFIG_VETH is not set
-CONFIG_VIRTIO_NET=m
+CONFIG_VIRTIO_NET=y
# CONFIG_NLMON is not set
CONFIG_SUNGEM_PHY=m
# CONFIG_ARCNET is not set
+# CONFIG_ATM_DRIVERS is not set
#
# CAIF transport drivers
@@ -1917,6 +2205,16 @@ CONFIG_SUNGEM_PHY=m
#
# Distributed Switch Architecture drivers
#
+# CONFIG_B53 is not set
+# CONFIG_NET_DSA_BCM_SF2 is not set
+# CONFIG_NET_DSA_LOOP is not set
+# CONFIG_NET_DSA_MT7530 is not set
+# CONFIG_NET_DSA_MV88E6060 is not set
+# CONFIG_MICROCHIP_KSZ is not set
+# CONFIG_NET_DSA_MV88E6XXX is not set
+# CONFIG_NET_DSA_QCA8K is not set
+# CONFIG_NET_DSA_SMSC_LAN9303_I2C is not set
+# CONFIG_NET_DSA_SMSC_LAN9303_MDIO is not set
CONFIG_ETHERNET=y
CONFIG_MDIO=y
CONFIG_NET_VENDOR_3COM=y
@@ -2031,10 +2329,12 @@ CONFIG_E1000E=m
CONFIG_E1000E_HWTS=y
CONFIG_IGB=m
CONFIG_IGB_HWMON=y
+CONFIG_IGB_DCA=y
CONFIG_IGBVF=m
CONFIG_IXGB=m
CONFIG_IXGBE=m
CONFIG_IXGBE_HWMON=y
+CONFIG_IXGBE_DCA=y
CONFIG_IXGBEVF=m
CONFIG_I40E=m
CONFIG_I40EVF=m
@@ -2058,19 +2358,29 @@ CONFIG_MLXSW_CORE_HWMON=y
CONFIG_MLXSW_CORE_THERMAL=y
CONFIG_MLXSW_PCI=m
CONFIG_MLXSW_I2C=m
+CONFIG_MLXSW_SWITCHIB=m
+CONFIG_MLXSW_SWITCHX2=m
+CONFIG_MLXSW_SPECTRUM=m
CONFIG_MLXSW_MINIMAL=m
CONFIG_MLXFW=m
CONFIG_NET_VENDOR_MICREL=y
+# CONFIG_KS8842 is not set
+# CONFIG_KS8851 is not set
CONFIG_KS8851_MLL=m
CONFIG_KSZ884X_PCI=m
+CONFIG_NET_VENDOR_MICROCHIP=y
+# CONFIG_ENC28J60 is not set
+# CONFIG_ENCX24J600 is not set
CONFIG_NET_VENDOR_MYRI=y
CONFIG_MYRI10GE=m
+CONFIG_MYRI10GE_DCA=y
CONFIG_FEALNX=m
CONFIG_NET_VENDOR_NATSEMI=y
CONFIG_NATSEMI=m
CONFIG_NS83820=m
CONFIG_NET_VENDOR_NETRONOME=y
CONFIG_NFP=m
+CONFIG_NFP_APP_FLOWER=y
# CONFIG_NFP_DEBUG is not set
CONFIG_NET_VENDOR_8390=y
CONFIG_PCMCIA_AXNET=m
@@ -2091,9 +2401,12 @@ CONFIG_QLCNIC_HWMON=y
CONFIG_QLGE=m
CONFIG_NETXEN_NIC=m
CONFIG_QED=m
+CONFIG_QED_LL2=y
CONFIG_QED_SRIOV=y
CONFIG_QEDE=m
+CONFIG_QED_ISCSI=y
CONFIG_NET_VENDOR_QUALCOMM=y
+# CONFIG_QCA7000_SPI is not set
# CONFIG_QCA7000_UART is not set
CONFIG_QCOM_EMAC=m
CONFIG_RMNET=m
@@ -2110,6 +2423,7 @@ CONFIG_NET_VENDOR_RENESAS=y
CONFIG_NET_VENDOR_RDC=y
CONFIG_R6040=m
CONFIG_NET_VENDOR_ROCKER=y
+# CONFIG_ROCKER is not set
CONFIG_NET_VENDOR_SAMSUNG=y
CONFIG_SXGBE_ETH=m
CONFIG_NET_VENDOR_SEEQ=y
@@ -2156,6 +2470,7 @@ CONFIG_WIZNET_W5300=m
# CONFIG_WIZNET_BUS_DIRECT is not set
# CONFIG_WIZNET_BUS_INDIRECT is not set
CONFIG_WIZNET_BUS_ANY=y
+# CONFIG_WIZNET_W5100_SPI is not set
CONFIG_NET_VENDOR_XIRCOM=y
CONFIG_PCMCIA_XIRC2PS=m
CONFIG_NET_VENDOR_SYNOPSYS=y
@@ -2178,49 +2493,51 @@ CONFIG_MDIO_CAVIUM=m
CONFIG_MDIO_THUNDER=m
CONFIG_PHYLIB=m
CONFIG_SWPHY=y
-# CONFIG_LED_TRIGGER_PHY is not set
+CONFIG_LED_TRIGGER_PHY=y
#
# MII PHY device drivers
#
-# CONFIG_AMD_PHY is not set
-# CONFIG_AQUANTIA_PHY is not set
-# CONFIG_AT803X_PHY is not set
+CONFIG_AMD_PHY=m
+CONFIG_AQUANTIA_PHY=m
+CONFIG_AT803X_PHY=m
CONFIG_BCM7XXX_PHY=m
-# CONFIG_BCM87XX_PHY is not set
+CONFIG_BCM87XX_PHY=m
CONFIG_BCM_NET_PHYLIB=m
-# CONFIG_BROADCOM_PHY is not set
-# CONFIG_CICADA_PHY is not set
-# CONFIG_CORTINA_PHY is not set
-# CONFIG_DAVICOM_PHY is not set
-# CONFIG_DP83848_PHY is not set
-# CONFIG_DP83867_PHY is not set
+CONFIG_BROADCOM_PHY=m
+CONFIG_CICADA_PHY=m
+CONFIG_CORTINA_PHY=m
+CONFIG_DAVICOM_PHY=m
+CONFIG_DP83848_PHY=m
+CONFIG_DP83867_PHY=m
CONFIG_FIXED_PHY=m
-# CONFIG_ICPLUS_PHY is not set
-# CONFIG_INTEL_XWAY_PHY is not set
-# CONFIG_LSI_ET1011C_PHY is not set
-# CONFIG_LXT_PHY is not set
-# CONFIG_MARVELL_PHY is not set
-# CONFIG_MARVELL_10G_PHY is not set
-# CONFIG_MICREL_PHY is not set
+CONFIG_ICPLUS_PHY=m
+CONFIG_INTEL_XWAY_PHY=m
+CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LXT_PHY=m
+CONFIG_MARVELL_PHY=m
+CONFIG_MARVELL_10G_PHY=m
+CONFIG_MICREL_PHY=m
CONFIG_MICROCHIP_PHY=m
-# CONFIG_MICROSEMI_PHY is not set
-# CONFIG_NATIONAL_PHY is not set
-# CONFIG_QSEMI_PHY is not set
-# CONFIG_REALTEK_PHY is not set
-# CONFIG_ROCKCHIP_PHY is not set
+CONFIG_MICROSEMI_PHY=m
+CONFIG_NATIONAL_PHY=m
+CONFIG_QSEMI_PHY=m
+CONFIG_REALTEK_PHY=m
+CONFIG_ROCKCHIP_PHY=m
CONFIG_SMSC_PHY=m
-# CONFIG_STE10XP is not set
-# CONFIG_TERANETICS_PHY is not set
-# CONFIG_VITESSE_PHY is not set
-# CONFIG_XILINX_GMII2RGMII is not set
+CONFIG_STE10XP=m
+CONFIG_TERANETICS_PHY=m
+CONFIG_VITESSE_PHY=m
+CONFIG_XILINX_GMII2RGMII=m
+# CONFIG_MICREL_KS8995MA is not set
CONFIG_PLIP=m
CONFIG_PPP=m
CONFIG_PPP_BSDCOMP=m
CONFIG_PPP_DEFLATE=m
# CONFIG_PPP_FILTER is not set
CONFIG_PPP_MPPE=m
-# CONFIG_PPP_MULTILINK is not set
+CONFIG_PPP_MULTILINK=y
+# CONFIG_PPPOATM is not set
CONFIG_PPPOE=m
CONFIG_PPPOL2TP=m
CONFIG_PPP_ASYNC=m
@@ -2267,12 +2584,15 @@ CONFIG_USB_NET_ZAURUS=m
CONFIG_USB_NET_CX82310_ETH=m
CONFIG_USB_NET_KALMIA=m
CONFIG_USB_NET_QMI_WWAN=m
+# CONFIG_USB_HSO is not set
CONFIG_USB_NET_INT51X1=m
+# CONFIG_USB_CDC_PHONET is not set
CONFIG_USB_IPHETH=m
CONFIG_USB_SIERRA_NET=m
CONFIG_USB_VL600=m
CONFIG_USB_NET_CH9200=m
CONFIG_WLAN=y
+# CONFIG_WIRELESS_WDS is not set
CONFIG_WLAN_VENDOR_ADMTEK=y
CONFIG_ADM8211=m
CONFIG_ATH_COMMON=m
@@ -2289,6 +2609,7 @@ CONFIG_ATH9K_PCI=y
# CONFIG_ATH9K_AHB is not set
# CONFIG_ATH9K_DYNACK is not set
CONFIG_ATH9K_WOW=y
+CONFIG_ATH9K_RFKILL=y
# CONFIG_ATH9K_CHANNEL_CONTEXT is not set
CONFIG_ATH9K_PCOEM=y
CONFIG_ATH9K_HTC=m
@@ -2366,7 +2687,7 @@ CONFIG_IPW2100_MONITOR=y
# CONFIG_IPW2100_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
-# CONFIG_IPW2200_RADIOTAP is not set
+CONFIG_IPW2200_RADIOTAP=y
# CONFIG_IPW2200_PROMISCUOUS is not set
# CONFIG_IPW2200_QOS is not set
# CONFIG_IPW2200_DEBUG is not set
@@ -2386,6 +2707,7 @@ CONFIG_IWLDVM=m
CONFIG_IWLMVM=m
CONFIG_IWLWIFI_OPMODE_MODULAR=y
# CONFIG_IWLWIFI_BCAST_FILTERING is not set
+# CONFIG_IWLWIFI_PCIE_RTPM is not set
#
# Debugging Options
@@ -2409,6 +2731,7 @@ CONFIG_ORINOCO_USB=m
CONFIG_P54_COMMON=m
CONFIG_P54_USB=m
CONFIG_P54_PCI=m
+# CONFIG_P54_SPI is not set
CONFIG_P54_LEDS=y
CONFIG_PRISM54=m
CONFIG_WLAN_VENDOR_MARVELL=y
@@ -2416,13 +2739,14 @@ CONFIG_LIBERTAS=m
CONFIG_LIBERTAS_USB=m
CONFIG_LIBERTAS_CS=m
# CONFIG_LIBERTAS_SDIO is not set
+# CONFIG_LIBERTAS_SPI is not set
# CONFIG_LIBERTAS_DEBUG is not set
# CONFIG_LIBERTAS_MESH is not set
CONFIG_LIBERTAS_THINFIRM=m
# CONFIG_LIBERTAS_THINFIRM_DEBUG is not set
CONFIG_LIBERTAS_THINFIRM_USB=m
CONFIG_MWIFIEX=m
-# CONFIG_MWIFIEX_SDIO is not set
+CONFIG_MWIFIEX_SDIO=m
CONFIG_MWIFIEX_PCIE=m
CONFIG_MWIFIEX_USB=m
CONFIG_MWL8K=m
@@ -2480,14 +2804,18 @@ CONFIG_RSI_SDIO=m
CONFIG_RSI_USB=m
CONFIG_WLAN_VENDOR_ST=y
CONFIG_CW1200=m
-# CONFIG_CW1200_WLAN_SDIO is not set
+CONFIG_CW1200_WLAN_SDIO=m
+# CONFIG_CW1200_WLAN_SPI is not set
CONFIG_WLAN_VENDOR_TI=y
CONFIG_WL1251=m
-# CONFIG_WL1251_SDIO is not set
+# CONFIG_WL1251_SPI is not set
+CONFIG_WL1251_SDIO=m
CONFIG_WL12XX=m
CONFIG_WL18XX=m
CONFIG_WLCORE=m
-# CONFIG_WLCORE_SDIO is not set
+# CONFIG_WLCORE_SPI is not set
+CONFIG_WLCORE_SDIO=m
+CONFIG_WILINK_PLATFORM_DATA=y
CONFIG_WLAN_VENDOR_ZYDAS=y
CONFIG_USB_ZD1201=m
CONFIG_ZD1211RW=m
@@ -2501,15 +2829,80 @@ CONFIG_PCMCIA_WL3501=m
CONFIG_USB_NET_RNDIS_WLAN=m
#
-# Enable WiMAX (Networking options) to see the WiMAX drivers
+# WiMAX Wireless Broadband devices
#
+CONFIG_WIMAX_I2400M=m
+CONFIG_WIMAX_I2400M_USB=m
+CONFIG_WIMAX_I2400M_DEBUG_LEVEL=8
# CONFIG_WAN is not set
+CONFIG_IEEE802154_DRIVERS=m
+# CONFIG_IEEE802154_FAKELB is not set
+# CONFIG_IEEE802154_AT86RF230 is not set
+# CONFIG_IEEE802154_MRF24J40 is not set
+# CONFIG_IEEE802154_CC2520 is not set
+CONFIG_IEEE802154_ATUSB=m
+# CONFIG_IEEE802154_ADF7242 is not set
+# CONFIG_IEEE802154_CA8210 is not set
CONFIG_XEN_NETDEV_FRONTEND=y
CONFIG_XEN_NETDEV_BACKEND=m
CONFIG_VMXNET3=m
# CONFIG_FUJITSU_ES is not set
-# CONFIG_HYPERV_NET is not set
-# CONFIG_ISDN is not set
+CONFIG_HYPERV_NET=m
+CONFIG_ISDN=y
+CONFIG_ISDN_I4L=m
+CONFIG_ISDN_PPP=y
+# CONFIG_ISDN_PPP_VJ is not set
+CONFIG_ISDN_MPP=y
+# CONFIG_IPPP_FILTER is not set
+CONFIG_ISDN_PPP_BSDCOMP=m
+# CONFIG_ISDN_AUDIO is not set
+# CONFIG_ISDN_X25 is not set
+
+#
+# ISDN feature submodules
+#
+# CONFIG_ISDN_DIVERSION is not set
+
+#
+# ISDN4Linux hardware drivers
+#
+
+#
+# Passive cards
+#
+# CONFIG_ISDN_DRV_HISAX is not set
+CONFIG_ISDN_CAPI=m
+CONFIG_CAPI_TRACE=y
+CONFIG_ISDN_CAPI_CAPI20=m
+CONFIG_ISDN_CAPI_MIDDLEWARE=y
+CONFIG_ISDN_CAPI_CAPIDRV=m
+# CONFIG_ISDN_CAPI_CAPIDRV_VERBOSE is not set
+
+#
+# CAPI hardware drivers
+#
+# CONFIG_CAPI_AVM is not set
+# CONFIG_CAPI_EICON is not set
+# CONFIG_ISDN_DRV_GIGASET is not set
+# CONFIG_HYSDN is not set
+CONFIG_MISDN=m
+CONFIG_MISDN_DSP=m
+CONFIG_MISDN_L1OIP=m
+
+#
+# mISDN hardware drivers
+#
+CONFIG_MISDN_HFCPCI=m
+CONFIG_MISDN_HFCMULTI=m
+CONFIG_MISDN_HFCUSB=m
+CONFIG_MISDN_AVMFRITZ=m
+CONFIG_MISDN_SPEEDFAX=m
+CONFIG_MISDN_INFINEON=m
+CONFIG_MISDN_W6692=m
+CONFIG_MISDN_NETJET=m
+CONFIG_MISDN_IPAC=m
+CONFIG_MISDN_ISAR=m
+CONFIG_ISDN_HDLC=m
# CONFIG_NVM is not set
#
@@ -2519,7 +2912,7 @@ CONFIG_INPUT=y
CONFIG_INPUT_LEDS=m
CONFIG_INPUT_FF_MEMLESS=y
CONFIG_INPUT_POLLDEV=m
-# CONFIG_INPUT_SPARSEKMAP is not set
+CONFIG_INPUT_SPARSEKMAP=m
CONFIG_INPUT_MATRIXKMAP=m
#
@@ -2574,14 +2967,14 @@ CONFIG_MOUSE_PS2_TRACKPOINT=y
# CONFIG_MOUSE_PS2_SENTELIC is not set
# CONFIG_MOUSE_PS2_TOUCHKIT is not set
CONFIG_MOUSE_PS2_FOCALTECH=y
-# CONFIG_MOUSE_PS2_VMMOUSE is not set
+CONFIG_MOUSE_PS2_VMMOUSE=y
CONFIG_MOUSE_SERIAL=y
CONFIG_MOUSE_APPLETOUCH=m
CONFIG_MOUSE_BCM5974=m
CONFIG_MOUSE_CYAPA=m
CONFIG_MOUSE_ELAN_I2C=m
CONFIG_MOUSE_ELAN_I2C_I2C=y
-# CONFIG_MOUSE_ELAN_I2C_SMBUS is not set
+CONFIG_MOUSE_ELAN_I2C_SMBUS=y
CONFIG_MOUSE_VSXXXAA=m
CONFIG_MOUSE_SYNAPTICS_I2C=m
CONFIG_MOUSE_SYNAPTICS_USB=m
@@ -2616,6 +3009,7 @@ CONFIG_JOYSTICK_XPAD=m
CONFIG_JOYSTICK_XPAD_FF=y
CONFIG_JOYSTICK_XPAD_LEDS=y
CONFIG_JOYSTICK_WALKERA0701=m
+# CONFIG_JOYSTICK_PSXPAD_SPI is not set
CONFIG_INPUT_TABLET=y
CONFIG_TABLET_USB_ACECAD=m
CONFIG_TABLET_USB_AIPTEK=m
@@ -2626,16 +3020,21 @@ CONFIG_TABLET_USB_PEGASUS=m
CONFIG_TABLET_SERIAL_WACOM4=m
CONFIG_INPUT_TOUCHSCREEN=y
CONFIG_TOUCHSCREEN_PROPERTIES=y
+# CONFIG_TOUCHSCREEN_ADS7846 is not set
+# CONFIG_TOUCHSCREEN_AD7877 is not set
CONFIG_TOUCHSCREEN_AD7879=m
# CONFIG_TOUCHSCREEN_AD7879_I2C is not set
+# CONFIG_TOUCHSCREEN_AD7879_SPI is not set
CONFIG_TOUCHSCREEN_AR1021_I2C=m
CONFIG_TOUCHSCREEN_ATMEL_MXT=m
# CONFIG_TOUCHSCREEN_ATMEL_MXT_T37 is not set
CONFIG_TOUCHSCREEN_BU21013=m
CONFIG_TOUCHSCREEN_CYTTSP_CORE=m
# CONFIG_TOUCHSCREEN_CYTTSP_I2C is not set
+# CONFIG_TOUCHSCREEN_CYTTSP_SPI is not set
CONFIG_TOUCHSCREEN_CYTTSP4_CORE=m
# CONFIG_TOUCHSCREEN_CYTTSP4_I2C is not set
+# CONFIG_TOUCHSCREEN_CYTTSP4_SPI is not set
CONFIG_TOUCHSCREEN_DYNAPRO=m
CONFIG_TOUCHSCREEN_HAMPSHIRE=m
CONFIG_TOUCHSCREEN_EETI=m
@@ -2662,7 +3061,10 @@ CONFIG_TOUCHSCREEN_TOUCHRIGHT=m
CONFIG_TOUCHSCREEN_TOUCHWIN=m
CONFIG_TOUCHSCREEN_PIXCIR=m
CONFIG_TOUCHSCREEN_WDT87XX_I2C=m
-# CONFIG_TOUCHSCREEN_WM97XX is not set
+CONFIG_TOUCHSCREEN_WM97XX=m
+CONFIG_TOUCHSCREEN_WM9705=y
+CONFIG_TOUCHSCREEN_WM9712=y
+CONFIG_TOUCHSCREEN_WM9713=y
CONFIG_TOUCHSCREEN_USB_COMPOSITE=m
CONFIG_TOUCHSCREEN_USB_EGALAX=y
CONFIG_TOUCHSCREEN_USB_PANJIT=y
@@ -2686,11 +3088,12 @@ CONFIG_TOUCHSCREEN_TOUCHIT213=m
CONFIG_TOUCHSCREEN_TSC_SERIO=m
CONFIG_TOUCHSCREEN_TSC200X_CORE=m
CONFIG_TOUCHSCREEN_TSC2004=m
+# CONFIG_TOUCHSCREEN_TSC2005 is not set
CONFIG_TOUCHSCREEN_TSC2007=m
CONFIG_TOUCHSCREEN_SILEAD=m
CONFIG_TOUCHSCREEN_ST1232=m
CONFIG_TOUCHSCREEN_STMFTS=m
-# CONFIG_TOUCHSCREEN_SUR40 is not set
+CONFIG_TOUCHSCREEN_SUR40=m
CONFIG_TOUCHSCREEN_SX8654=m
CONFIG_TOUCHSCREEN_TPS6507X=m
CONFIG_TOUCHSCREEN_ZET6223=m
@@ -2698,6 +3101,7 @@ CONFIG_TOUCHSCREEN_ROHM_BU21023=m
CONFIG_INPUT_MISC=y
CONFIG_INPUT_AD714X=m
CONFIG_INPUT_AD714X_I2C=m
+CONFIG_INPUT_AD714X_SPI=m
CONFIG_INPUT_ATMEL_CAPTOUCH=m
CONFIG_INPUT_BMA150=m
CONFIG_INPUT_E3X0_BUTTON=m
@@ -2716,6 +3120,7 @@ CONFIG_INPUT_UINPUT=m
CONFIG_INPUT_PCF8574=m
CONFIG_INPUT_ADXL34X=m
CONFIG_INPUT_ADXL34X_I2C=m
+CONFIG_INPUT_ADXL34X_SPI=m
CONFIG_INPUT_IMS_PCU=m
CONFIG_INPUT_CMA3000=m
# CONFIG_INPUT_CMA3000_I2C is not set
@@ -2725,6 +3130,7 @@ CONFIG_INPUT_DRV2665_HAPTICS=m
CONFIG_INPUT_DRV2667_HAPTICS=m
CONFIG_RMI4_CORE=m
# CONFIG_RMI4_I2C is not set
+# CONFIG_RMI4_SPI is not set
# CONFIG_RMI4_SMB is not set
CONFIG_RMI4_F03=y
CONFIG_RMI4_F03_SERIO=m
@@ -2788,6 +3194,7 @@ CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y
CONFIG_SERIAL_8250_PNP=y
# CONFIG_SERIAL_8250_FINTEK is not set
# CONFIG_SERIAL_8250_CONSOLE is not set
+CONFIG_SERIAL_8250_DMA=y
CONFIG_SERIAL_8250_PCI=y
CONFIG_SERIAL_8250_EXAR=y
# CONFIG_SERIAL_8250_CS is not set
@@ -2805,6 +3212,8 @@ CONFIG_SERIAL_8250_MID=y
#
# Non-8250 serial port support
#
+# CONFIG_SERIAL_MAX3100 is not set
+# CONFIG_SERIAL_MAX310X is not set
CONFIG_SERIAL_UARTLITE=m
CONFIG_SERIAL_UARTLITE_NR_UARTS=1
CONFIG_SERIAL_CORE=y
@@ -2813,6 +3222,7 @@ CONFIG_SERIAL_SCCNXP=m
CONFIG_SERIAL_SC16IS7XX_CORE=m
CONFIG_SERIAL_SC16IS7XX=m
CONFIG_SERIAL_SC16IS7XX_I2C=y
+# CONFIG_SERIAL_SC16IS7XX_SPI is not set
CONFIG_SERIAL_ALTERA_JTAGUART=m
CONFIG_SERIAL_ALTERA_UART=m
CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4
@@ -2825,6 +3235,7 @@ CONFIG_SERIAL_RP2_NR_UARTS=32
CONFIG_SERIAL_FSL_LPUART=m
CONFIG_SERIAL_CONEXANT_DIGICOLOR=m
CONFIG_SERIAL_DEV_BUS=m
+# CONFIG_TTY_PRINTK is not set
CONFIG_PRINTER=m
# CONFIG_LP_CONSOLE is not set
CONFIG_PPDEV=m
@@ -2832,7 +3243,7 @@ CONFIG_HVC_DRIVER=y
CONFIG_HVC_IRQ=y
CONFIG_HVC_XEN=y
CONFIG_HVC_XEN_FRONTEND=y
-# CONFIG_VIRTIO_CONSOLE is not set
+CONFIG_VIRTIO_CONSOLE=m
CONFIG_IPMI_HANDLER=m
CONFIG_IPMI_DMI_DECODE=y
# CONFIG_IPMI_PANIC_EVENT is not set
@@ -2869,6 +3280,7 @@ CONFIG_HANGCHECK_TIMER=m
CONFIG_TCG_TPM=m
CONFIG_TCG_TIS_CORE=m
CONFIG_TCG_TIS=m
+# CONFIG_TCG_TIS_SPI is not set
CONFIG_TCG_TIS_I2C_ATMEL=m
CONFIG_TCG_TIS_I2C_INFINEON=m
CONFIG_TCG_TIS_I2C_NUVOTON=m
@@ -2880,6 +3292,7 @@ CONFIG_TCG_CRB=m
CONFIG_TCG_VTPM_PROXY=m
CONFIG_TCG_TIS_ST33ZP24=m
CONFIG_TCG_TIS_ST33ZP24_I2C=m
+# CONFIG_TCG_TIS_ST33ZP24_SPI is not set
# CONFIG_TELCLOCK is not set
CONFIG_DEVPORT=y
# CONFIG_XILLYBUS is not set
@@ -2904,6 +3317,7 @@ CONFIG_I2C_MUX=m
# CONFIG_I2C_DEMUX_PINCTRL is not set
# CONFIG_I2C_MUX_MLXCPLD is not set
CONFIG_I2C_HELPER_AUTO=y
+CONFIG_I2C_SMBUS=m
CONFIG_I2C_ALGOBIT=m
#
@@ -2913,26 +3327,28 @@ CONFIG_I2C_ALGOBIT=m
#
# PC SMBus host controller drivers
#
-# CONFIG_I2C_ALI1535 is not set
-# CONFIG_I2C_ALI1563 is not set
-# CONFIG_I2C_ALI15X3 is not set
-# CONFIG_I2C_AMD756 is not set
-# CONFIG_I2C_AMD8111 is not set
-# CONFIG_I2C_I801 is not set
-# CONFIG_I2C_ISCH is not set
-# CONFIG_I2C_ISMT is not set
-# CONFIG_I2C_PIIX4 is not set
-# CONFIG_I2C_NFORCE2 is not set
-# CONFIG_I2C_SIS5595 is not set
-# CONFIG_I2C_SIS630 is not set
-# CONFIG_I2C_SIS96X is not set
-# CONFIG_I2C_VIA is not set
-# CONFIG_I2C_VIAPRO is not set
+CONFIG_I2C_ALI1535=m
+CONFIG_I2C_ALI1563=m
+CONFIG_I2C_ALI15X3=m
+CONFIG_I2C_AMD756=m
+# CONFIG_I2C_AMD756_S4882 is not set
+CONFIG_I2C_AMD8111=m
+CONFIG_I2C_I801=m
+CONFIG_I2C_ISCH=m
+CONFIG_I2C_ISMT=m
+CONFIG_I2C_PIIX4=m
+CONFIG_I2C_NFORCE2=m
+# CONFIG_I2C_NFORCE2_S4985 is not set
+CONFIG_I2C_SIS5595=m
+CONFIG_I2C_SIS630=m
+CONFIG_I2C_SIS96X=m
+CONFIG_I2C_VIA=m
+CONFIG_I2C_VIAPRO=m
#
# ACPI drivers
#
-# CONFIG_I2C_SCMI is not set
+CONFIG_I2C_SCMI=m
#
# I2C system bus drivers (mostly embedded / system-on-chip)
@@ -2951,11 +3367,11 @@ CONFIG_I2C_ALGOBIT=m
# External I2C/SMBus adapter drivers
#
# CONFIG_I2C_DIOLAN_U2C is not set
-# CONFIG_I2C_PARPORT is not set
+CONFIG_I2C_PARPORT=m
# CONFIG_I2C_PARPORT_LIGHT is not set
# CONFIG_I2C_ROBOTFUZZ_OSIF is not set
# CONFIG_I2C_TAOS_EVM is not set
-# CONFIG_I2C_TINY_USB is not set
+CONFIG_I2C_TINY_USB=m
#
# Other I2C/SMBus bus drivers
@@ -2966,9 +3382,52 @@ CONFIG_I2C_ALGOBIT=m
# CONFIG_I2C_DEBUG_CORE is not set
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
-# CONFIG_SPI is not set
-# CONFIG_SPMI is not set
-# CONFIG_HSI is not set
+CONFIG_SPI=y
+# CONFIG_SPI_DEBUG is not set
+CONFIG_SPI_MASTER=y
+
+#
+# SPI Master Controller Drivers
+#
+CONFIG_SPI_ALTERA=m
+CONFIG_SPI_AXI_SPI_ENGINE=m
+CONFIG_SPI_BITBANG=m
+CONFIG_SPI_BUTTERFLY=m
+CONFIG_SPI_CADENCE=m
+CONFIG_SPI_DESIGNWARE=m
+CONFIG_SPI_DW_PCI=m
+# CONFIG_SPI_DW_MID_DMA is not set
+CONFIG_SPI_DW_MMIO=m
+# CONFIG_SPI_LM70_LLP is not set
+CONFIG_SPI_FSL_LIB=m
+CONFIG_SPI_FSL_SPI=m
+CONFIG_SPI_PXA2XX=m
+CONFIG_SPI_PXA2XX_PCI=m
+CONFIG_SPI_ROCKCHIP=m
+CONFIG_SPI_SC18IS602=m
+CONFIG_SPI_XCOMM=m
+CONFIG_SPI_XILINX=m
+CONFIG_SPI_ZYNQMP_GQSPI=m
+
+#
+# SPI Protocol Masters
+#
+# CONFIG_SPI_SPIDEV is not set
+# CONFIG_SPI_LOOPBACK_TEST is not set
+# CONFIG_SPI_TLE62X0 is not set
+# CONFIG_SPI_SLAVE is not set
+CONFIG_SPMI=m
+CONFIG_HSI=m
+CONFIG_HSI_BOARDINFO=y
+
+#
+# HSI controllers
+#
+
+#
+# HSI clients
+#
+CONFIG_HSI_CHAR=m
CONFIG_PPS=m
# CONFIG_PPS_DEBUG is not set
@@ -2976,9 +3435,9 @@ CONFIG_PPS=m
# PPS clients support
#
# CONFIG_PPS_CLIENT_KTIMER is not set
-# CONFIG_PPS_CLIENT_LDISC is not set
-# CONFIG_PPS_CLIENT_PARPORT is not set
-# CONFIG_PPS_CLIENT_GPIO is not set
+CONFIG_PPS_CLIENT_LDISC=m
+CONFIG_PPS_CLIENT_PARPORT=m
+CONFIG_PPS_CLIENT_GPIO=m
#
# PPS generators support
@@ -2998,6 +3457,7 @@ CONFIG_PINCTRL=y
#
# Pin controllers
#
+# CONFIG_DEBUG_PINCTRL is not set
# CONFIG_PINCTRL_MCP23S08 is not set
# CONFIG_PINCTRL_SINGLE is not set
# CONFIG_PINCTRL_CHERRYVIEW is not set
@@ -3010,7 +3470,12 @@ CONFIG_PINCTRL=y
# CONFIG_GPIOLIB is not set
# CONFIG_W1 is not set
# CONFIG_POWER_AVS is not set
-# CONFIG_POWER_RESET is not set
+CONFIG_POWER_RESET=y
+# CONFIG_POWER_RESET_RESTART is not set
+CONFIG_POWER_RESET_SYSCON=y
+CONFIG_POWER_RESET_SYSCON_POWEROFF=y
+CONFIG_REBOOT_MODE=m
+CONFIG_SYSCON_REBOOT_MODE=m
CONFIG_POWER_SUPPLY=y
# CONFIG_POWER_SUPPLY_DEBUG is not set
CONFIG_PDA_POWER=m
@@ -3038,6 +3503,7 @@ CONFIG_HWMON_VID=m
#
CONFIG_SENSORS_ABITUGURU=m
CONFIG_SENSORS_ABITUGURU3=m
+# CONFIG_SENSORS_AD7314 is not set
CONFIG_SENSORS_AD7414=m
CONFIG_SENSORS_AD7418=m
CONFIG_SENSORS_ADM1021=m
@@ -3047,6 +3513,7 @@ CONFIG_SENSORS_ADM1029=m
CONFIG_SENSORS_ADM1031=m
CONFIG_SENSORS_ADM9240=m
CONFIG_SENSORS_ADT7X10=m
+# CONFIG_SENSORS_ADT7310 is not set
CONFIG_SENSORS_ADT7410=m
CONFIG_SENSORS_ADT7411=m
CONFIG_SENSORS_ADT7462=m
@@ -3089,10 +3556,12 @@ CONFIG_SENSORS_LTC4222=m
CONFIG_SENSORS_LTC4245=m
CONFIG_SENSORS_LTC4260=m
CONFIG_SENSORS_LTC4261=m
+# CONFIG_SENSORS_MAX1111 is not set
CONFIG_SENSORS_MAX16065=m
CONFIG_SENSORS_MAX1619=m
CONFIG_SENSORS_MAX1668=m
CONFIG_SENSORS_MAX197=m
+# CONFIG_SENSORS_MAX31722 is not set
CONFIG_SENSORS_MAX6639=m
CONFIG_SENSORS_MAX6642=m
CONFIG_SENSORS_MAX6650=m
@@ -3100,7 +3569,9 @@ CONFIG_SENSORS_MAX6697=m
CONFIG_SENSORS_MAX31790=m
CONFIG_SENSORS_MCP3021=m
CONFIG_SENSORS_TC654=m
+# CONFIG_SENSORS_ADCXX is not set
CONFIG_SENSORS_LM63=m
+# CONFIG_SENSORS_LM70 is not set
CONFIG_SENSORS_LM73=m
CONFIG_SENSORS_LM75=m
CONFIG_SENSORS_LM77=m
@@ -3157,6 +3628,7 @@ CONFIG_SENSORS_SMM665=m
CONFIG_SENSORS_ADC128D818=m
CONFIG_SENSORS_ADS1015=m
CONFIG_SENSORS_ADS7828=m
+# CONFIG_SENSORS_ADS7871 is not set
CONFIG_SENSORS_AMC6821=m
CONFIG_SENSORS_INA209=m
CONFIG_SENSORS_INA2XX=m
@@ -3200,7 +3672,7 @@ CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y
# CONFIG_THERMAL_DEFAULT_GOV_POWER_ALLOCATOR is not set
# CONFIG_THERMAL_GOV_FAIR_SHARE is not set
CONFIG_THERMAL_GOV_STEP_WISE=y
-# CONFIG_THERMAL_GOV_BANG_BANG is not set
+CONFIG_THERMAL_GOV_BANG_BANG=y
CONFIG_THERMAL_GOV_USER_SPACE=y
# CONFIG_THERMAL_GOV_POWER_ALLOCATOR is not set
# CONFIG_CPU_THERMAL is not set
@@ -3208,7 +3680,7 @@ CONFIG_THERMAL_GOV_USER_SPACE=y
# CONFIG_DEVFREQ_THERMAL is not set
# CONFIG_THERMAL_EMULATION is not set
# CONFIG_QORIQ_THERMAL is not set
-# CONFIG_INTEL_POWERCLAMP is not set
+CONFIG_INTEL_POWERCLAMP=m
CONFIG_X86_PKG_TEMP_THERMAL=m
# CONFIG_INTEL_SOC_DTS_THERMAL is not set
@@ -3216,7 +3688,7 @@ CONFIG_X86_PKG_TEMP_THERMAL=m
# ACPI INT340X thermal drivers
#
# CONFIG_INT340X_THERMAL is not set
-# CONFIG_INTEL_PCH_THERMAL is not set
+CONFIG_INTEL_PCH_THERMAL=m
# CONFIG_WATCHDOG is not set
CONFIG_SSB_POSSIBLE=y
@@ -3233,6 +3705,7 @@ CONFIG_SSB_PCMCIAHOST_POSSIBLE=y
# CONFIG_SSB_PCMCIAHOST is not set
CONFIG_SSB_SDIOHOST_POSSIBLE=y
# CONFIG_SSB_SDIOHOST is not set
+# CONFIG_SSB_SILENT is not set
# CONFIG_SSB_DEBUG is not set
CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
CONFIG_SSB_DRIVER_PCICORE=y
@@ -3249,7 +3722,7 @@ CONFIG_BCMA_DRIVER_PCI=y
#
# Multifunction device drivers
#
-CONFIG_MFD_CORE=m
+CONFIG_MFD_CORE=y
# CONFIG_MFD_ACT8945A is not set
# CONFIG_MFD_ATMEL_FLEXCOM is not set
# CONFIG_MFD_ATMEL_HLCDC is not set
@@ -3257,18 +3730,22 @@ CONFIG_MFD_CORE=m
# CONFIG_MFD_BD9571MWV is not set
# CONFIG_MFD_AXP20X_I2C is not set
# CONFIG_MFD_CROS_EC is not set
+# CONFIG_MFD_DA9052_SPI is not set
# CONFIG_MFD_DA9062 is not set
# CONFIG_MFD_DA9063 is not set
# CONFIG_MFD_DA9150 is not set
# CONFIG_MFD_DLN2 is not set
+# CONFIG_MFD_MC13XXX_SPI is not set
# CONFIG_MFD_MC13XXX_I2C is not set
# CONFIG_MFD_HI6421_PMIC is not set
# CONFIG_HTC_PASIC3 is not set
-# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set
-# CONFIG_LPC_ICH is not set
-# CONFIG_LPC_SCH is not set
-# CONFIG_MFD_INTEL_LPSS_ACPI is not set
-# CONFIG_MFD_INTEL_LPSS_PCI is not set
+CONFIG_MFD_INTEL_QUARK_I2C_GPIO=m
+CONFIG_LPC_ICH=y
+CONFIG_LPC_SCH=m
+# CONFIG_INTEL_SOC_PMIC_BXTWC is not set
+CONFIG_MFD_INTEL_LPSS=m
+CONFIG_MFD_INTEL_LPSS_ACPI=m
+CONFIG_MFD_INTEL_LPSS_PCI=m
# CONFIG_MFD_JANZ_CMODIO is not set
# CONFIG_MFD_KEMPLD is not set
# CONFIG_MFD_88PM800 is not set
@@ -3279,6 +3756,8 @@ CONFIG_MFD_CORE=m
# CONFIG_MFD_MAX8907 is not set
# CONFIG_MFD_MT6397 is not set
# CONFIG_MFD_MENF21BMC is not set
+# CONFIG_EZX_PCAP is not set
+# CONFIG_MFD_CPCAP is not set
# CONFIG_MFD_VIPERBOARD is not set
# CONFIG_MFD_RETU is not set
# CONFIG_MFD_PCF50633 is not set
@@ -3292,6 +3771,7 @@ CONFIG_MFD_CORE=m
# CONFIG_MFD_SM501 is not set
# CONFIG_MFD_SKY81452 is not set
# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_STMPE is not set
CONFIG_MFD_SYSCON=y
# CONFIG_MFD_TI_AM335X_TSCADC is not set
# CONFIG_MFD_LP3943 is not set
@@ -3304,11 +3784,14 @@ CONFIG_MFD_SYSCON=y
# CONFIG_MFD_TI_LP87565 is not set
# CONFIG_MFD_TPS65218 is not set
# CONFIG_MFD_TPS65912_I2C is not set
+# CONFIG_MFD_TPS65912_SPI is not set
CONFIG_MFD_WL1273_CORE=m
# CONFIG_MFD_LM3533 is not set
# CONFIG_MFD_TMIO is not set
# CONFIG_MFD_VX855 is not set
# CONFIG_MFD_ARIZONA_I2C is not set
+# CONFIG_MFD_ARIZONA_SPI is not set
+# CONFIG_MFD_WM831X_SPI is not set
# CONFIG_MFD_WM8994 is not set
# CONFIG_REGULATOR is not set
CONFIG_CEC_CORE=m
@@ -3316,17 +3799,39 @@ CONFIG_CEC_NOTIFIER=y
CONFIG_RC_CORE=y
CONFIG_RC_MAP=y
CONFIG_RC_DECODERS=y
-# CONFIG_LIRC is not set
-CONFIG_IR_NEC_DECODER=y
-CONFIG_IR_RC5_DECODER=y
-CONFIG_IR_RC6_DECODER=y
-CONFIG_IR_JVC_DECODER=y
-CONFIG_IR_SONY_DECODER=y
-CONFIG_IR_SANYO_DECODER=y
-CONFIG_IR_SHARP_DECODER=y
-CONFIG_IR_MCE_KBD_DECODER=y
-CONFIG_IR_XMP_DECODER=y
-# CONFIG_RC_DEVICES is not set
+CONFIG_LIRC=m
+CONFIG_IR_LIRC_CODEC=m
+CONFIG_IR_NEC_DECODER=m
+CONFIG_IR_RC5_DECODER=m
+CONFIG_IR_RC6_DECODER=m
+CONFIG_IR_JVC_DECODER=m
+CONFIG_IR_SONY_DECODER=m
+CONFIG_IR_SANYO_DECODER=m
+CONFIG_IR_SHARP_DECODER=m
+CONFIG_IR_MCE_KBD_DECODER=m
+CONFIG_IR_XMP_DECODER=m
+CONFIG_RC_DEVICES=y
+CONFIG_RC_ATI_REMOTE=m
+CONFIG_IR_ENE=m
+CONFIG_IR_HIX5HD2=m
+CONFIG_IR_IMON=m
+CONFIG_IR_MCEUSB=m
+CONFIG_IR_ITE_CIR=m
+CONFIG_IR_FINTEK=m
+CONFIG_IR_NUVOTON=m
+CONFIG_IR_REDRAT3=m
+# CONFIG_IR_SPI is not set
+CONFIG_IR_STREAMZAP=m
+CONFIG_IR_WINBOND_CIR=m
+CONFIG_IR_IGORPLUGUSB=m
+CONFIG_IR_IGUANA=m
+CONFIG_IR_TTUSBIR=m
+CONFIG_RC_LOOPBACK=m
+CONFIG_IR_GPIO_CIR=m
+CONFIG_IR_GPIO_TX=m
+CONFIG_IR_SERIAL=m
+CONFIG_IR_SERIAL_TRANSMITTER=y
+CONFIG_IR_SIR=m
CONFIG_MEDIA_SUPPORT=m
#
@@ -3517,7 +4022,7 @@ CONFIG_DVB_AS102=m
#
CONFIG_VIDEO_EM28XX=m
CONFIG_VIDEO_EM28XX_V4L2=m
-# CONFIG_VIDEO_EM28XX_ALSA is not set
+CONFIG_VIDEO_EM28XX_ALSA=m
CONFIG_VIDEO_EM28XX_DVB=m
CONFIG_VIDEO_EM28XX_RC=m
@@ -3526,6 +4031,7 @@ CONFIG_VIDEO_EM28XX_RC=m
#
CONFIG_USB_AIRSPY=m
CONFIG_USB_HACKRF=m
+# CONFIG_USB_MSI2500 is not set
#
# USB HDMI CEC adapters
@@ -3537,6 +4043,7 @@ CONFIG_MEDIA_PCI_SUPPORT=y
#
# Media capture support
#
+# CONFIG_VIDEO_MEYE is not set
# CONFIG_VIDEO_SOLO6X10 is not set
CONFIG_VIDEO_TW5864=m
CONFIG_VIDEO_TW68=m
@@ -3609,6 +4116,7 @@ CONFIG_DVB_NGENE=m
CONFIG_DVB_DDBRIDGE=m
# CONFIG_DVB_DDBRIDGE_MSIENABLE is not set
CONFIG_DVB_SMIPCIE=m
+# CONFIG_DVB_NETUP_UNIDVB is not set
CONFIG_V4L_PLATFORM_DRIVERS=y
CONFIG_VIDEO_CAFE_CCIC=m
CONFIG_SOC_CAMERA=m
@@ -3970,6 +4478,7 @@ CONFIG_VGA_SWITCHEROO=y
CONFIG_DRM=m
CONFIG_DRM_MIPI_DSI=y
# CONFIG_DRM_DP_AUX_CHARDEV is not set
+# CONFIG_DRM_DEBUG_MM_SELFTEST is not set
CONFIG_DRM_KMS_HELPER=m
CONFIG_DRM_KMS_FB_HELPER=y
CONFIG_DRM_FBDEV_EMULATION=y
@@ -4007,6 +4516,17 @@ CONFIG_DRM_I915_CAPTURE_ERROR=y
CONFIG_DRM_I915_COMPRESS_ERROR=y
CONFIG_DRM_I915_USERPTR=y
# CONFIG_DRM_I915_GVT is not set
+
+#
+# drm/i915 Debugging
+#
+# CONFIG_DRM_I915_WERROR is not set
+# CONFIG_DRM_I915_DEBUG is not set
+# CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set
+# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set
+# CONFIG_DRM_I915_SELFTEST is not set
+# CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set
+# CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set
CONFIG_DRM_VGEM=m
CONFIG_DRM_VMWGFX=m
# CONFIG_DRM_VMWGFX_FBCON is not set
@@ -4020,7 +4540,7 @@ CONFIG_DRM_CIRRUS_QEMU=m
CONFIG_DRM_RCAR_DW_HDMI=m
CONFIG_DRM_QXL=m
CONFIG_DRM_BOCHS=m
-# CONFIG_DRM_VIRTIO_GPU is not set
+CONFIG_DRM_VIRTIO_GPU=m
CONFIG_DRM_PANEL=y
#
@@ -4030,11 +4550,14 @@ CONFIG_DRM_PANEL_LVDS=m
CONFIG_DRM_PANEL_SIMPLE=m
CONFIG_DRM_PANEL_INNOLUX_P079ZCA=m
CONFIG_DRM_PANEL_JDI_LT070ME05000=m
+# CONFIG_DRM_PANEL_SAMSUNG_LD9040 is not set
+# CONFIG_DRM_PANEL_LG_LG4573 is not set
CONFIG_DRM_PANEL_PANASONIC_VVX10F034N00=m
CONFIG_DRM_PANEL_SAMSUNG_S6E3HA2=m
CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0=m
CONFIG_DRM_PANEL_SHARP_LQ101R1SX01=m
CONFIG_DRM_PANEL_SHARP_LS043T1LE01=m
+# CONFIG_DRM_PANEL_SITRONIX_ST7789V is not set
CONFIG_DRM_BRIDGE=y
CONFIG_DRM_PANEL_BRIDGE=y
@@ -4061,6 +4584,9 @@ CONFIG_DRM_HISI_HIBMC=m
CONFIG_DRM_MXS=y
CONFIG_DRM_MXSFB=m
CONFIG_DRM_TINYDRM=m
+# CONFIG_TINYDRM_MI0283QT is not set
+# CONFIG_TINYDRM_REPAPER is not set
+# CONFIG_TINYDRM_ST7586 is not set
# CONFIG_DRM_LEGACY is not set
# CONFIG_DRM_LIB_RANDOM is not set
@@ -4117,6 +4643,7 @@ CONFIG_FB_RIVA_BACKLIGHT=y
CONFIG_FB_I740=m
CONFIG_FB_LE80578=m
CONFIG_FB_CARILLO_RANCH=m
+# CONFIG_FB_INTEL is not set
CONFIG_FB_MATROX=m
CONFIG_FB_MATROX_MILLENIUM=y
CONFIG_FB_MATROX_MYSTIQUE=y
@@ -4171,7 +4698,17 @@ CONFIG_FB_AUO_K1901=m
CONFIG_FB_SM712=m
CONFIG_BACKLIGHT_LCD_SUPPORT=y
CONFIG_LCD_CLASS_DEVICE=m
+# CONFIG_LCD_LTV350QV is not set
+# CONFIG_LCD_ILI922X is not set
+# CONFIG_LCD_ILI9320 is not set
+# CONFIG_LCD_TDO24M is not set
+# CONFIG_LCD_VGG2432A4 is not set
CONFIG_LCD_PLATFORM=m
+# CONFIG_LCD_S6E63M0 is not set
+# CONFIG_LCD_LD9040 is not set
+# CONFIG_LCD_AMS369FG06 is not set
+# CONFIG_LCD_LMS501KF03 is not set
+# CONFIG_LCD_HX8357 is not set
CONFIG_BACKLIGHT_CLASS_DEVICE=m
CONFIG_BACKLIGHT_GENERIC=m
CONFIG_BACKLIGHT_CARILLO_RANCH=m
@@ -4222,7 +4759,8 @@ CONFIG_SND_PCM_OSS=m
CONFIG_SND_PCM_OSS_PLUGINS=y
CONFIG_SND_PCM_TIMER=y
CONFIG_SND_HRTIMER=m
-# CONFIG_SND_DYNAMIC_MINORS is not set
+CONFIG_SND_DYNAMIC_MINORS=y
+CONFIG_SND_MAX_CARDS=64
CONFIG_SND_SUPPORT_OLD_API=y
CONFIG_SND_PROC_FS=y
CONFIG_SND_VERBOSE_PROCFS=y
@@ -4357,6 +4895,7 @@ CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0
CONFIG_SND_HDA_CORE=m
CONFIG_SND_HDA_I915=y
CONFIG_SND_HDA_PREALLOC_SIZE=64
+CONFIG_SND_SPI=y
CONFIG_SND_USB=y
CONFIG_SND_USB_AUDIO=m
CONFIG_SND_USB_UA101=m
@@ -4396,8 +4935,8 @@ CONFIG_AC97_BUS=m
# HID support
#
CONFIG_HID=y
-# CONFIG_HID_BATTERY_STRENGTH is not set
-# CONFIG_HIDRAW is not set
+CONFIG_HID_BATTERY_STRENGTH=y
+CONFIG_HIDRAW=y
CONFIG_UHID=m
CONFIG_HID_GENERIC=y
@@ -4444,6 +4983,7 @@ CONFIG_HID_LCPOWER=m
CONFIG_HID_LED=m
CONFIG_HID_LENOVO=m
CONFIG_HID_LOGITECH=y
+# CONFIG_HID_LOGITECH_DJ is not set
CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
@@ -4462,11 +5002,11 @@ CONFIG_PANTHERLORD_FF=y
CONFIG_HID_PENMOUNT=m
CONFIG_HID_PETALYNX=m
CONFIG_HID_PICOLCD=m
-CONFIG_HID_PICOLCD_FB=y
-CONFIG_HID_PICOLCD_BACKLIGHT=y
-CONFIG_HID_PICOLCD_LCD=y
-CONFIG_HID_PICOLCD_LEDS=y
-CONFIG_HID_PICOLCD_CIR=y
+# CONFIG_HID_PICOLCD_FB is not set
+# CONFIG_HID_PICOLCD_BACKLIGHT is not set
+# CONFIG_HID_PICOLCD_LCD is not set
+# CONFIG_HID_PICOLCD_LEDS is not set
+# CONFIG_HID_PICOLCD_CIR is not set
CONFIG_HID_PLANTRONICS=m
CONFIG_HID_PRIMAX=m
CONFIG_HID_RETRODE=m
@@ -4505,12 +5045,12 @@ CONFIG_HID_ALPS=m
#
CONFIG_USB_HID=y
# CONFIG_HID_PID is not set
-# CONFIG_USB_HIDDEV is not set
+CONFIG_USB_HIDDEV=y
#
# I2C HID support
#
-# CONFIG_I2C_HID is not set
+CONFIG_I2C_HID=m
#
# Intel ISH HID support
@@ -4522,7 +5062,7 @@ CONFIG_USB_COMMON=y
CONFIG_USB_ARCH_HAS_HCD=y
CONFIG_USB=y
CONFIG_USB_PCI=y
-# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set
+CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
#
# Miscellaneous USB options
@@ -4531,8 +5071,9 @@ CONFIG_USB_DEFAULT_PERSIST=y
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_OTG is not set
# CONFIG_USB_OTG_WHITELIST is not set
+# CONFIG_USB_OTG_BLACKLIST_HUB is not set
# CONFIG_USB_LEDS_TRIGGER_USBPORT is not set
-# CONFIG_USB_MON is not set
+CONFIG_USB_MON=y
# CONFIG_USB_WUSB_CBAF is not set
#
@@ -4551,11 +5092,12 @@ CONFIG_USB_OXU210HP_HCD=y
CONFIG_USB_ISP116X_HCD=y
CONFIG_USB_ISP1362_HCD=y
CONFIG_USB_FOTG210_HCD=y
+# CONFIG_USB_MAX3421_HCD is not set
CONFIG_USB_OHCI_HCD=y
CONFIG_USB_OHCI_HCD_PCI=y
# CONFIG_USB_OHCI_HCD_PLATFORM is not set
CONFIG_USB_UHCI_HCD=y
-# CONFIG_USB_U132_HCD is not set
+CONFIG_USB_U132_HCD=m
CONFIG_USB_SL811_HCD=y
# CONFIG_USB_SL811_HCD_ISO is not set
# CONFIG_USB_SL811_CS is not set
@@ -4570,7 +5112,7 @@ CONFIG_USB_R8A66597_HCD=y
CONFIG_USB_ACM=m
CONFIG_USB_PRINTER=m
CONFIG_USB_WDM=m
-# CONFIG_USB_TMC is not set
+CONFIG_USB_TMC=m
#
# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may
@@ -4603,9 +5145,11 @@ CONFIG_USB_UAS=y
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
CONFIG_USBIP_CORE=m
-# CONFIG_USBIP_VHCI_HCD is not set
-# CONFIG_USBIP_HOST is not set
-# CONFIG_USBIP_VUDC is not set
+CONFIG_USBIP_VHCI_HCD=m
+CONFIG_USBIP_VHCI_HC_PORTS=8
+CONFIG_USBIP_VHCI_NR_HCS=1
+CONFIG_USBIP_HOST=m
+CONFIG_USBIP_VUDC=m
# CONFIG_USBIP_DEBUG is not set
# CONFIG_USB_MUSB_HDRC is not set
# CONFIG_USB_DWC3 is not set
@@ -4705,6 +5249,7 @@ CONFIG_USB_HSIC_USB3503=m
CONFIG_USB_HSIC_USB4604=m
# CONFIG_USB_LINK_LAYER_TEST is not set
# CONFIG_USB_CHAOSKEY is not set
+# CONFIG_USB_ATM is not set
#
# USB Physical Layer drivers
@@ -4713,6 +5258,7 @@ CONFIG_USB_HSIC_USB4604=m
# CONFIG_NOP_USB_XCEIV is not set
# CONFIG_USB_ISP1301 is not set
CONFIG_USB_GADGET=m
+# CONFIG_USB_GADGET_DEBUG is not set
# CONFIG_USB_GADGET_DEBUG_FILES is not set
CONFIG_USB_GADGET_VBUS_DRAW=2
CONFIG_USB_GADGET_STORAGE_NUM_BUFFERS=2
@@ -4778,6 +5324,7 @@ CONFIG_MMC_SDHCI_CADENCE=m
CONFIG_MMC_SDHCI_F_SDH30=m
CONFIG_MMC_WBSD=m
CONFIG_MMC_TIFM_SD=m
+# CONFIG_MMC_SPI is not set
CONFIG_MMC_SDRICOH_CS=m
CONFIG_MMC_CB710=m
CONFIG_MMC_VIA_SDMMC=m
@@ -4787,7 +5334,22 @@ CONFIG_MMC_USDHI6ROL0=m
CONFIG_MMC_TOSHIBA_PCI=m
CONFIG_MMC_MTK=m
CONFIG_MMC_SDHCI_XENON=m
-# CONFIG_MEMSTICK is not set
+CONFIG_MEMSTICK=m
+# CONFIG_MEMSTICK_DEBUG is not set
+
+#
+# MemoryStick drivers
+#
+# CONFIG_MEMSTICK_UNSAFE_RESUME is not set
+CONFIG_MSPRO_BLOCK=m
+CONFIG_MS_BLOCK=m
+
+#
+# MemoryStick Host Controller Drivers
+#
+CONFIG_MEMSTICK_TIFM_MS=m
+CONFIG_MEMSTICK_JMICRON_38X=m
+CONFIG_MEMSTICK_R592=m
CONFIG_NEW_LEDS=y
CONFIG_LEDS_CLASS=m
# CONFIG_LEDS_CLASS_FLASH is not set
@@ -4810,6 +5372,7 @@ CONFIG_LEDS_CLASS=m
# CONFIG_LEDS_CLEVO_MAIL is not set
# CONFIG_LEDS_PCA955X is not set
# CONFIG_LEDS_PCA963X is not set
+# CONFIG_LEDS_DAC124S085 is not set
# CONFIG_LEDS_BD2802 is not set
# CONFIG_LEDS_INTEL_SS4200 is not set
# CONFIG_LEDS_TCA6507 is not set
@@ -4844,7 +5407,7 @@ CONFIG_LEDS_TRIGGERS=y
# CONFIG_LEDS_TRIGGER_TRANSIENT is not set
# CONFIG_LEDS_TRIGGER_CAMERA is not set
# CONFIG_LEDS_TRIGGER_PANIC is not set
-# CONFIG_ACCESSIBILITY is not set
+CONFIG_ACCESSIBILITY=y
# CONFIG_INFINIBAND is not set
CONFIG_EDAC_ATOMIC_SCRUB=y
CONFIG_EDAC_SUPPORT=y
@@ -4887,80 +5450,136 @@ CONFIG_RTC_INTF_DEV=y
#
# I2C RTC drivers
#
-# CONFIG_RTC_DRV_ABB5ZES3 is not set
-# CONFIG_RTC_DRV_ABX80X is not set
-# CONFIG_RTC_DRV_DS1307 is not set
-# CONFIG_RTC_DRV_DS1374 is not set
-# CONFIG_RTC_DRV_DS1672 is not set
-# CONFIG_RTC_DRV_HYM8563 is not set
-# CONFIG_RTC_DRV_MAX6900 is not set
-# CONFIG_RTC_DRV_RS5C372 is not set
-# CONFIG_RTC_DRV_ISL1208 is not set
-# CONFIG_RTC_DRV_ISL12022 is not set
-# CONFIG_RTC_DRV_X1205 is not set
-# CONFIG_RTC_DRV_PCF8523 is not set
-# CONFIG_RTC_DRV_PCF85063 is not set
-# CONFIG_RTC_DRV_PCF8563 is not set
-# CONFIG_RTC_DRV_PCF8583 is not set
-# CONFIG_RTC_DRV_M41T80 is not set
-# CONFIG_RTC_DRV_BQ32K is not set
-# CONFIG_RTC_DRV_S35390A is not set
-# CONFIG_RTC_DRV_FM3130 is not set
-# CONFIG_RTC_DRV_RX8010 is not set
-# CONFIG_RTC_DRV_RX8581 is not set
-# CONFIG_RTC_DRV_RX8025 is not set
-# CONFIG_RTC_DRV_EM3027 is not set
-# CONFIG_RTC_DRV_RV8803 is not set
+CONFIG_RTC_DRV_ABB5ZES3=m
+CONFIG_RTC_DRV_ABX80X=m
+CONFIG_RTC_DRV_DS1307=m
+CONFIG_RTC_DRV_DS1307_HWMON=y
+CONFIG_RTC_DRV_DS1307_CENTURY=y
+CONFIG_RTC_DRV_DS1374=m
+CONFIG_RTC_DRV_DS1374_WDT=y
+CONFIG_RTC_DRV_DS1672=m
+CONFIG_RTC_DRV_HYM8563=m
+CONFIG_RTC_DRV_MAX6900=m
+CONFIG_RTC_DRV_RS5C372=m
+CONFIG_RTC_DRV_ISL1208=m
+CONFIG_RTC_DRV_ISL12022=m
+CONFIG_RTC_DRV_X1205=m
+CONFIG_RTC_DRV_PCF8523=m
+CONFIG_RTC_DRV_PCF85063=m
+CONFIG_RTC_DRV_PCF8563=m
+CONFIG_RTC_DRV_PCF8583=m
+CONFIG_RTC_DRV_M41T80=m
+CONFIG_RTC_DRV_M41T80_WDT=y
+CONFIG_RTC_DRV_BQ32K=m
+CONFIG_RTC_DRV_S35390A=m
+CONFIG_RTC_DRV_FM3130=m
+CONFIG_RTC_DRV_RX8010=m
+CONFIG_RTC_DRV_RX8581=m
+CONFIG_RTC_DRV_RX8025=m
+CONFIG_RTC_DRV_EM3027=m
+CONFIG_RTC_DRV_RV8803=m
#
# SPI RTC drivers
#
+# CONFIG_RTC_DRV_M41T93 is not set
+# CONFIG_RTC_DRV_M41T94 is not set
+# CONFIG_RTC_DRV_DS1302 is not set
+# CONFIG_RTC_DRV_DS1305 is not set
+# CONFIG_RTC_DRV_DS1343 is not set
+# CONFIG_RTC_DRV_DS1347 is not set
+# CONFIG_RTC_DRV_DS1390 is not set
+# CONFIG_RTC_DRV_MAX6916 is not set
+# CONFIG_RTC_DRV_R9701 is not set
+# CONFIG_RTC_DRV_RX4581 is not set
+# CONFIG_RTC_DRV_RX6110 is not set
+# CONFIG_RTC_DRV_RS5C348 is not set
+# CONFIG_RTC_DRV_MAX6902 is not set
+# CONFIG_RTC_DRV_PCF2123 is not set
+# CONFIG_RTC_DRV_MCP795 is not set
CONFIG_RTC_I2C_AND_SPI=m
#
# SPI and I2C RTC drivers
#
-# CONFIG_RTC_DRV_DS3232 is not set
-# CONFIG_RTC_DRV_PCF2127 is not set
-# CONFIG_RTC_DRV_RV3029C2 is not set
+CONFIG_RTC_DRV_DS3232=m
+CONFIG_RTC_DRV_DS3232_HWMON=y
+CONFIG_RTC_DRV_PCF2127=m
+CONFIG_RTC_DRV_RV3029C2=m
+CONFIG_RTC_DRV_RV3029_HWMON=y
#
# Platform RTC drivers
#
CONFIG_RTC_DRV_CMOS=y
-# CONFIG_RTC_DRV_DS1286 is not set
-# CONFIG_RTC_DRV_DS1511 is not set
-# CONFIG_RTC_DRV_DS1553 is not set
-# CONFIG_RTC_DRV_DS1685_FAMILY is not set
-# CONFIG_RTC_DRV_DS1742 is not set
-# CONFIG_RTC_DRV_DS2404 is not set
-# CONFIG_RTC_DRV_STK17TA8 is not set
-# CONFIG_RTC_DRV_M48T86 is not set
-# CONFIG_RTC_DRV_M48T35 is not set
-# CONFIG_RTC_DRV_M48T59 is not set
-# CONFIG_RTC_DRV_MSM6242 is not set
-# CONFIG_RTC_DRV_BQ4802 is not set
-# CONFIG_RTC_DRV_RP5C01 is not set
-# CONFIG_RTC_DRV_V3020 is not set
-# CONFIG_RTC_DRV_ZYNQMP is not set
+CONFIG_RTC_DRV_DS1286=m
+CONFIG_RTC_DRV_DS1511=m
+CONFIG_RTC_DRV_DS1553=m
+CONFIG_RTC_DRV_DS1685_FAMILY=m
+CONFIG_RTC_DRV_DS1685=y
+# CONFIG_RTC_DRV_DS1689 is not set
+# CONFIG_RTC_DRV_DS17285 is not set
+# CONFIG_RTC_DRV_DS17485 is not set
+# CONFIG_RTC_DRV_DS17885 is not set
+# CONFIG_RTC_DS1685_PROC_REGS is not set
+# CONFIG_RTC_DS1685_SYSFS_REGS is not set
+CONFIG_RTC_DRV_DS1742=m
+CONFIG_RTC_DRV_DS2404=m
+CONFIG_RTC_DRV_STK17TA8=m
+CONFIG_RTC_DRV_M48T86=m
+CONFIG_RTC_DRV_M48T35=m
+CONFIG_RTC_DRV_M48T59=m
+CONFIG_RTC_DRV_MSM6242=m
+CONFIG_RTC_DRV_BQ4802=m
+CONFIG_RTC_DRV_RP5C01=m
+CONFIG_RTC_DRV_V3020=m
+CONFIG_RTC_DRV_ZYNQMP=m
#
# on-CPU RTC drivers
#
-# CONFIG_RTC_DRV_FTRTC010 is not set
-# CONFIG_RTC_DRV_SNVS is not set
-# CONFIG_RTC_DRV_R7301 is not set
+CONFIG_RTC_DRV_FTRTC010=m
+CONFIG_RTC_DRV_SNVS=m
+CONFIG_RTC_DRV_R7301=m
#
# HID Sensor RTC drivers
#
# CONFIG_RTC_DRV_HID_SENSOR_TIME is not set
-# CONFIG_DMADEVICES is not set
+CONFIG_DMADEVICES=y
+# CONFIG_DMADEVICES_DEBUG is not set
+
+#
+# DMA Devices
+#
+CONFIG_DMA_ENGINE=y
+CONFIG_DMA_VIRTUAL_CHANNELS=y
+CONFIG_DMA_ACPI=y
+CONFIG_DMA_OF=y
+# CONFIG_ALTERA_MSGDMA is not set
+# CONFIG_FSL_EDMA is not set
+CONFIG_INTEL_IDMA64=m
+CONFIG_INTEL_IOATDMA=m
+CONFIG_INTEL_MIC_X100_DMA=m
+# CONFIG_QCOM_HIDMA_MGMT is not set
+# CONFIG_QCOM_HIDMA is not set
+CONFIG_DW_DMAC_CORE=y
+# CONFIG_DW_DMAC is not set
+CONFIG_DW_DMAC_PCI=y
+CONFIG_HSU_DMA=y
+
+#
+# DMA Clients
+#
+# CONFIG_ASYNC_TX_DMA is not set
+# CONFIG_DMATEST is not set
+CONFIG_DMA_ENGINE_RAID=y
#
# DMABUF options
#
CONFIG_SYNC_FILE=y
+CONFIG_DCA=m
# CONFIG_AUXDISPLAY is not set
# CONFIG_PANEL is not set
CONFIG_UIO=y
@@ -5025,54 +5644,73 @@ CONFIG_XEN_SYMS=y
CONFIG_XEN_HAVE_VPMU=y
# CONFIG_STAGING is not set
CONFIG_X86_PLATFORM_DEVICES=y
-# CONFIG_ACER_WMI is not set
-# CONFIG_ACERHDF is not set
-# CONFIG_ALIENWARE_WMI is not set
-# CONFIG_ASUS_LAPTOP is not set
-# CONFIG_DELL_LAPTOP is not set
-# CONFIG_DELL_WMI is not set
-# CONFIG_DELL_WMI_AIO is not set
-# CONFIG_DELL_WMI_LED is not set
-# CONFIG_DELL_SMO8800 is not set
-# CONFIG_FUJITSU_LAPTOP is not set
-# CONFIG_FUJITSU_TABLET is not set
-# CONFIG_HP_ACCEL is not set
-# CONFIG_HP_WIRELESS is not set
-# CONFIG_HP_WMI is not set
-# CONFIG_PANASONIC_LAPTOP is not set
-# CONFIG_THINKPAD_ACPI is not set
-# CONFIG_SENSORS_HDAPS is not set
-# CONFIG_INTEL_MENLOW is not set
-# CONFIG_EEEPC_LAPTOP is not set
-# CONFIG_ASUS_WMI is not set
-# CONFIG_ASUS_WIRELESS is not set
+CONFIG_ACER_WMI=m
+CONFIG_ACERHDF=m
+CONFIG_ALIENWARE_WMI=m
+CONFIG_ASUS_LAPTOP=m
+CONFIG_DELL_SMBIOS=m
+CONFIG_DELL_LAPTOP=m
+CONFIG_DELL_WMI=m
+CONFIG_DELL_WMI_AIO=m
+CONFIG_DELL_WMI_LED=m
+CONFIG_DELL_SMO8800=m
+CONFIG_DELL_RBTN=m
+CONFIG_FUJITSU_LAPTOP=m
+CONFIG_FUJITSU_TABLET=m
+CONFIG_AMILO_RFKILL=m
+CONFIG_HP_ACCEL=m
+CONFIG_HP_WIRELESS=m
+CONFIG_HP_WMI=m
+CONFIG_MSI_LAPTOP=m
+CONFIG_PANASONIC_LAPTOP=m
+CONFIG_COMPAL_LAPTOP=m
+CONFIG_SONY_LAPTOP=m
+# CONFIG_SONYPI_COMPAT is not set
+CONFIG_IDEAPAD_LAPTOP=m
+CONFIG_SURFACE3_WMI=m
+CONFIG_THINKPAD_ACPI=m
+CONFIG_THINKPAD_ACPI_ALSA_SUPPORT=y
+# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set
+# CONFIG_THINKPAD_ACPI_DEBUG is not set
+# CONFIG_THINKPAD_ACPI_UNSAFE_LEDS is not set
+CONFIG_THINKPAD_ACPI_VIDEO=y
+CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y
+CONFIG_SENSORS_HDAPS=m
+CONFIG_INTEL_MENLOW=m
+CONFIG_EEEPC_LAPTOP=m
+CONFIG_ASUS_WMI=m
+CONFIG_ASUS_NB_WMI=m
+CONFIG_EEEPC_WMI=m
+CONFIG_ASUS_WIRELESS=m
CONFIG_ACPI_WMI=m
CONFIG_WMI_BMOF=m
-# CONFIG_MSI_WMI is not set
-# CONFIG_PEAQ_WMI is not set
-# CONFIG_TOPSTAR_LAPTOP is not set
-# CONFIG_TOSHIBA_BT_RFKILL is not set
-# CONFIG_TOSHIBA_HAPS is not set
-# CONFIG_TOSHIBA_WMI is not set
-# CONFIG_ACPI_CMPC is not set
-# CONFIG_INTEL_CHT_INT33FE is not set
-# CONFIG_INTEL_HID_EVENT is not set
-# CONFIG_INTEL_VBTN is not set
-# CONFIG_INTEL_IPS is not set
+CONFIG_MSI_WMI=m
+CONFIG_PEAQ_WMI=m
+CONFIG_TOPSTAR_LAPTOP=m
+CONFIG_TOSHIBA_BT_RFKILL=m
+CONFIG_TOSHIBA_HAPS=m
+CONFIG_TOSHIBA_WMI=m
+CONFIG_ACPI_CMPC=m
+CONFIG_INTEL_CHT_INT33FE=m
+CONFIG_INTEL_HID_EVENT=m
+CONFIG_INTEL_VBTN=m
+CONFIG_INTEL_IPS=m
# CONFIG_INTEL_PMC_CORE is not set
# CONFIG_IBM_RTL is not set
-# CONFIG_SAMSUNG_LAPTOP is not set
+CONFIG_SAMSUNG_LAPTOP=m
CONFIG_MXM_WMI=m
-# CONFIG_SAMSUNG_Q10 is not set
-# CONFIG_APPLE_GMUX is not set
-# CONFIG_INTEL_RST is not set
-# CONFIG_INTEL_SMARTCONNECT is not set
-# CONFIG_PVPANIC is not set
-# CONFIG_INTEL_PMC_IPC is not set
-# CONFIG_SURFACE_PRO3_BUTTON is not set
-# CONFIG_INTEL_PUNIT_IPC is not set
-# CONFIG_MLX_PLATFORM is not set
-# CONFIG_MLX_CPLD_PLATFORM is not set
+CONFIG_INTEL_OAKTRAIL=m
+CONFIG_SAMSUNG_Q10=m
+CONFIG_APPLE_GMUX=m
+CONFIG_INTEL_RST=m
+CONFIG_INTEL_SMARTCONNECT=m
+CONFIG_PVPANIC=m
+CONFIG_INTEL_PMC_IPC=m
+CONFIG_SURFACE_PRO3_BUTTON=m
+CONFIG_INTEL_PUNIT_IPC=m
+CONFIG_INTEL_TELEMETRY=m
+CONFIG_MLX_PLATFORM=m
+CONFIG_MLX_CPLD_PLATFORM=m
# CONFIG_INTEL_TURBO_MAX_3 is not set
CONFIG_PMC_ATOM=y
# CONFIG_CHROME_PLATFORMS is not set
@@ -5216,7 +5854,7 @@ CONFIG_GENERIC_PHY=y
# Performance monitor support
#
CONFIG_RAS=y
-# CONFIG_THUNDERBOLT is not set
+CONFIG_THUNDERBOLT=m
#
# Android
@@ -5246,7 +5884,7 @@ CONFIG_NVMEM=y
# CONFIG_EDD is not set
CONFIG_FIRMWARE_MEMMAP=y
# CONFIG_DELL_RBU is not set
-# CONFIG_DCDBAS is not set
+CONFIG_DCDBAS=m
CONFIG_DMIID=y
# CONFIG_DMI_SYSFS is not set
CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y
@@ -5280,10 +5918,14 @@ CONFIG_EFI_DEV_PATH_PARSER=y
#
CONFIG_DCACHE_WORD_ACCESS=y
CONFIG_FS_IOMAP=y
-# CONFIG_EXT2_FS is not set
-# CONFIG_EXT3_FS is not set
+CONFIG_EXT2_FS=y
+CONFIG_EXT2_FS_XATTR=y
+CONFIG_EXT2_FS_POSIX_ACL=y
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT3_FS=y
+CONFIG_EXT3_FS_POSIX_ACL=y
+CONFIG_EXT3_FS_SECURITY=y
CONFIG_EXT4_FS=y
-CONFIG_EXT4_USE_FOR_EXT2=y
CONFIG_EXT4_FS_POSIX_ACL=y
CONFIG_EXT4_FS_SECURITY=y
# CONFIG_EXT4_ENCRYPTION is not set
@@ -5337,7 +5979,8 @@ CONFIG_FS_ENCRYPTION=y
CONFIG_FSNOTIFY=y
CONFIG_DNOTIFY=y
CONFIG_INOTIFY_USER=y
-# CONFIG_FANOTIFY is not set
+CONFIG_FANOTIFY=y
+# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set
CONFIG_QUOTA=y
# CONFIG_QUOTA_NETLINK_INTERFACE is not set
CONFIG_PRINT_QUOTA_WARNING=y
@@ -5403,7 +6046,8 @@ CONFIG_MISC_FILESYSTEMS=y
# CONFIG_ORANGEFS_FS is not set
# CONFIG_ADFS_FS is not set
CONFIG_AFFS_FS=m
-# CONFIG_ECRYPT_FS is not set
+CONFIG_ECRYPT_FS=m
+# CONFIG_ECRYPT_FS_MESSAGING is not set
CONFIG_HFS_FS=m
CONFIG_HFSPLUS_FS=m
CONFIG_HFSPLUS_FS_POSIX_ACL=y
@@ -5480,7 +6124,8 @@ CONFIG_SUNRPC_GSS=m
CONFIG_SUNRPC_BACKCHANNEL=y
CONFIG_RPCSEC_GSS_KRB5=m
# CONFIG_SUNRPC_DEBUG is not set
-# CONFIG_CEPH_FS is not set
+CONFIG_CEPH_FS=m
+CONFIG_CEPH_FS_POSIX_ACL=y
CONFIG_CIFS=m
# CONFIG_CIFS_STATS is not set
# CONFIG_CIFS_WEAK_PW_HASH is not set
@@ -5494,6 +6139,7 @@ CONFIG_CIFS_DEBUG=y
# CONFIG_NCP_FS is not set
# CONFIG_CODA_FS is not set
# CONFIG_AFS_FS is not set
+# CONFIG_9P_FS is not set
CONFIG_NLS=y
CONFIG_NLS_DEFAULT="iso8859-1"
CONFIG_NLS_CODEPAGE_437=m
@@ -5558,68 +6204,116 @@ CONFIG_TRACE_IRQFLAGS_SUPPORT=y
# CONFIG_PRINTK_TIME is not set
CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7
CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4
+# CONFIG_BOOT_PRINTK_DELAY is not set
#
# Compile-time checks and compiler options
#
+# CONFIG_DEBUG_INFO is not set
CONFIG_ENABLE_WARN_DEPRECATED=y
CONFIG_ENABLE_MUST_CHECK=y
CONFIG_FRAME_WARN=2048
# CONFIG_STRIP_ASM_SYMS is not set
+# CONFIG_READABLE_ASM is not set
CONFIG_UNUSED_SYMBOLS=y
+# CONFIG_PAGE_OWNER is not set
# CONFIG_DEBUG_FS is not set
# CONFIG_HEADERS_CHECK is not set
# CONFIG_DEBUG_SECTION_MISMATCH is not set
CONFIG_SECTION_MISMATCH_WARN_ONLY=y
CONFIG_FRAME_POINTER=y
# CONFIG_STACK_VALIDATION is not set
+# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set
CONFIG_MAGIC_SYSRQ=y
CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0
CONFIG_MAGIC_SYSRQ_SERIAL=y
-# CONFIG_DEBUG_KERNEL is not set
+CONFIG_DEBUG_KERNEL=y
#
# Memory Debugging
#
# CONFIG_PAGE_EXTENSION is not set
+# CONFIG_DEBUG_PAGEALLOC is not set
# CONFIG_PAGE_POISONING is not set
# CONFIG_DEBUG_RODATA_TEST is not set
+# CONFIG_DEBUG_OBJECTS is not set
# CONFIG_SLUB_DEBUG_ON is not set
# CONFIG_SLUB_STATS is not set
CONFIG_HAVE_DEBUG_KMEMLEAK=y
+# CONFIG_DEBUG_KMEMLEAK is not set
+# CONFIG_DEBUG_STACK_USAGE is not set
+# CONFIG_DEBUG_VM is not set
CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
-CONFIG_DEBUG_MEMORY_INIT=y
+# CONFIG_DEBUG_VIRTUAL is not set
+# CONFIG_DEBUG_MEMORY_INIT is not set
+# CONFIG_DEBUG_PER_CPU_MAPS is not set
CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
+# CONFIG_DEBUG_STACKOVERFLOW is not set
CONFIG_HAVE_ARCH_KMEMCHECK=y
+# CONFIG_KMEMCHECK is not set
CONFIG_HAVE_ARCH_KASAN=y
# CONFIG_KASAN is not set
CONFIG_ARCH_HAS_KCOV=y
# CONFIG_KCOV is not set
+# CONFIG_DEBUG_SHIRQ is not set
#
# Debug Lockups and Hangs
#
+# CONFIG_SOFTLOCKUP_DETECTOR is not set
CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
+# CONFIG_HARDLOCKUP_DETECTOR is not set
+# CONFIG_DETECT_HUNG_TASK is not set
+# CONFIG_WQ_WATCHDOG is not set
# CONFIG_PANIC_ON_OOPS is not set
CONFIG_PANIC_ON_OOPS_VALUE=0
CONFIG_PANIC_TIMEOUT=0
+CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
+# CONFIG_SCHEDSTATS is not set
+# CONFIG_SCHED_STACK_END_CHECK is not set
# CONFIG_DEBUG_TIMEKEEPING is not set
#
# Lock Debugging (spinlocks, mutexes, etc...)
#
+# CONFIG_DEBUG_RT_MUTEXES is not set
+# CONFIG_DEBUG_SPINLOCK is not set
+# CONFIG_DEBUG_MUTEXES is not set
+# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set
+# CONFIG_DEBUG_LOCK_ALLOC is not set
+# CONFIG_PROVE_LOCKING is not set
+# CONFIG_LOCK_STAT is not set
+# CONFIG_DEBUG_ATOMIC_SLEEP is not set
+# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
+# CONFIG_LOCK_TORTURE_TEST is not set
# CONFIG_WW_MUTEX_SELFTEST is not set
-# CONFIG_STACKTRACE is not set
+CONFIG_STACKTRACE=y
# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set
+# CONFIG_DEBUG_KOBJECT is not set
CONFIG_DEBUG_BUGVERBOSE=y
+# CONFIG_DEBUG_LIST is not set
+# CONFIG_DEBUG_PI_LIST is not set
+# CONFIG_DEBUG_SG is not set
+# CONFIG_DEBUG_NOTIFIERS is not set
+# CONFIG_DEBUG_CREDENTIALS is not set
#
# RCU Debugging
#
# CONFIG_PROVE_RCU is not set
# CONFIG_TORTURE_TEST is not set
+# CONFIG_RCU_PERF_TEST is not set
+# CONFIG_RCU_TORTURE_TEST is not set
CONFIG_RCU_CPU_STALL_TIMEOUT=21
+# CONFIG_RCU_TRACE is not set
+# CONFIG_RCU_EQS_DEBUG is not set
+# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set
+# CONFIG_DEBUG_BLOCK_EXT_DEVT is not set
+# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set
+# CONFIG_NOTIFIER_ERROR_INJECTION is not set
+# CONFIG_FAULT_INJECTION is not set
+# CONFIG_LATENCYTOP is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_HAVE_FUNCTION_TRACER=y
CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
@@ -5642,6 +6336,10 @@ CONFIG_TRACING_SUPPORT=y
#
# CONFIG_TEST_LIST_SORT is not set
# CONFIG_TEST_SORT is not set
+# CONFIG_BACKTRACE_SELF_TEST is not set
+# CONFIG_RBTREE_TEST is not set
+# CONFIG_INTERVAL_TREE_TEST is not set
+# CONFIG_PERCPU_TEST is not set
# CONFIG_ATOMIC64_SELFTEST is not set
# CONFIG_ASYNC_RAID6_TEST is not set
# CONFIG_TEST_HEXDUMP is not set
@@ -5652,6 +6350,7 @@ CONFIG_TRACING_SUPPORT=y
# CONFIG_TEST_UUID is not set
# CONFIG_TEST_RHASHTABLE is not set
# CONFIG_TEST_HASH is not set
+# CONFIG_TEST_PARMAN is not set
# CONFIG_TEST_LKM is not set
# CONFIG_TEST_USER_COPY is not set
# CONFIG_TEST_BPF is not set
@@ -5664,20 +6363,24 @@ CONFIG_TRACING_SUPPORT=y
# CONFIG_BUG_ON_DATA_CORRUPTION is not set
# CONFIG_SAMPLES is not set
CONFIG_HAVE_ARCH_KGDB=y
+# CONFIG_KGDB is not set
CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set
# CONFIG_UBSAN is not set
CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
-# CONFIG_STRICT_DEVMEM is not set
+CONFIG_STRICT_DEVMEM=y
+# CONFIG_IO_STRICT_DEVMEM is not set
CONFIG_X86_VERBOSE_BOOTUP=y
CONFIG_EARLY_PRINTK=y
# CONFIG_EARLY_PRINTK_DBGP is not set
# CONFIG_EARLY_PRINTK_EFI is not set
# CONFIG_EARLY_PRINTK_USB_XDBC is not set
CONFIG_X86_PTDUMP_CORE=y
+# CONFIG_X86_PTDUMP is not set
# CONFIG_EFI_PGT_DUMP is not set
CONFIG_DEBUG_WX=y
CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
CONFIG_IO_DELAY_TYPE_0X80=0
@@ -5689,10 +6392,15 @@ CONFIG_IO_DELAY_0X80=y
# CONFIG_IO_DELAY_UDELAY is not set
# CONFIG_IO_DELAY_NONE is not set
CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_CPA_DEBUG is not set
# CONFIG_OPTIMIZE_INLINING is not set
+# CONFIG_DEBUG_ENTRY is not set
+# CONFIG_DEBUG_NMI_SELFTEST is not set
+CONFIG_X86_DEBUG_FPU=y
# CONFIG_PUNIT_ATOM_DEBUG is not set
-CONFIG_FRAME_POINTER_UNWINDER=y
-# CONFIG_ORC_UNWINDER is not set
+# CONFIG_UNWINDER_ORC is not set
+CONFIG_UNWINDER_FRAME_POINTER=y
+# CONFIG_UNWINDER_GUESS is not set
#
# Security options
@@ -5709,6 +6417,7 @@ CONFIG_SECURITY=y
# CONFIG_SECURITY_WRITABLE_HOOKS is not set
CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y
+CONFIG_PAGE_TABLE_ISOLATION=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
CONFIG_SECURITY_PATH=y
CONFIG_INTEL_TXT=y
@@ -5759,9 +6468,10 @@ CONFIG_CRYPTO_RNG_DEFAULT=y
CONFIG_CRYPTO_AKCIPHER2=y
CONFIG_CRYPTO_AKCIPHER=y
CONFIG_CRYPTO_KPP2=y
+CONFIG_CRYPTO_KPP=m
CONFIG_CRYPTO_ACOMP2=y
CONFIG_CRYPTO_RSA=y
-# CONFIG_CRYPTO_DH is not set
+CONFIG_CRYPTO_DH=m
CONFIG_CRYPTO_ECDH=m
CONFIG_CRYPTO_MANAGER=y
CONFIG_CRYPTO_MANAGER2=y
@@ -5772,10 +6482,13 @@ CONFIG_CRYPTO_NULL=y
CONFIG_CRYPTO_NULL2=y
# CONFIG_CRYPTO_PCRYPT is not set
CONFIG_CRYPTO_WORKQUEUE=y
-# CONFIG_CRYPTO_CRYPTD is not set
+CONFIG_CRYPTO_CRYPTD=y
# CONFIG_CRYPTO_MCRYPTD is not set
CONFIG_CRYPTO_AUTHENC=m
# CONFIG_CRYPTO_TEST is not set
+CONFIG_CRYPTO_ABLK_HELPER=m
+CONFIG_CRYPTO_SIMD=y
+CONFIG_CRYPTO_GLUE_HELPER_X86=y
CONFIG_CRYPTO_ENGINE=m
#
@@ -5794,7 +6507,7 @@ CONFIG_CRYPTO_CBC=y
CONFIG_CRYPTO_CTR=y
CONFIG_CRYPTO_CTS=y
CONFIG_CRYPTO_ECB=y
-# CONFIG_CRYPTO_LRW is not set
+CONFIG_CRYPTO_LRW=m
# CONFIG_CRYPTO_PCBC is not set
CONFIG_CRYPTO_XTS=y
# CONFIG_CRYPTO_KEYWRAP is not set
@@ -5811,7 +6524,7 @@ CONFIG_CRYPTO_HMAC=y
# Digest
#
CONFIG_CRYPTO_CRC32C=y
-# CONFIG_CRYPTO_CRC32C_INTEL is not set
+CONFIG_CRYPTO_CRC32C_INTEL=m
CONFIG_CRYPTO_CRC32=y
# CONFIG_CRYPTO_CRC32_PCLMUL is not set
CONFIG_CRYPTO_CRCT10DIF=y
@@ -5827,17 +6540,17 @@ CONFIG_CRYPTO_MICHAEL_MIC=m
# CONFIG_CRYPTO_RMD256 is not set
# CONFIG_CRYPTO_RMD320 is not set
CONFIG_CRYPTO_SHA1=y
-# CONFIG_CRYPTO_SHA1_SSSE3 is not set
-# CONFIG_CRYPTO_SHA256_SSSE3 is not set
-# CONFIG_CRYPTO_SHA512_SSSE3 is not set
+CONFIG_CRYPTO_SHA1_SSSE3=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
# CONFIG_CRYPTO_SHA1_MB is not set
# CONFIG_CRYPTO_SHA256_MB is not set
# CONFIG_CRYPTO_SHA512_MB is not set
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=y
-# CONFIG_CRYPTO_SHA3 is not set
-# CONFIG_CRYPTO_TGR192 is not set
-# CONFIG_CRYPTO_WP512 is not set
+CONFIG_CRYPTO_SHA3=m
+CONFIG_CRYPTO_TGR192=m
+CONFIG_CRYPTO_WP512=m
# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set
#
@@ -5845,12 +6558,13 @@ CONFIG_CRYPTO_SHA512=y
#
CONFIG_CRYPTO_AES=y
# CONFIG_CRYPTO_AES_TI is not set
-# CONFIG_CRYPTO_AES_X86_64 is not set
-# CONFIG_CRYPTO_AES_NI_INTEL is not set
+CONFIG_CRYPTO_AES_X86_64=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
# CONFIG_CRYPTO_ANUBIS is not set
CONFIG_CRYPTO_ARC4=m
-# CONFIG_CRYPTO_BLOWFISH is not set
-# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set
+CONFIG_CRYPTO_BLOWFISH=m
+CONFIG_CRYPTO_BLOWFISH_COMMON=y
+CONFIG_CRYPTO_BLOWFISH_X86_64=y
# CONFIG_CRYPTO_CAMELLIA is not set
# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set
# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set
@@ -5868,23 +6582,24 @@ CONFIG_CRYPTO_DES=m
# CONFIG_CRYPTO_CHACHA20 is not set
# CONFIG_CRYPTO_CHACHA20_X86_64 is not set
# CONFIG_CRYPTO_SEED is not set
-# CONFIG_CRYPTO_SERPENT is not set
-# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set
-# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set
-# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set
+CONFIG_CRYPTO_SERPENT=y
+CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
+CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
# CONFIG_CRYPTO_TEA is not set
-# CONFIG_CRYPTO_TWOFISH is not set
-# CONFIG_CRYPTO_TWOFISH_X86_64 is not set
-# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set
-# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set
+CONFIG_CRYPTO_TWOFISH=y
+CONFIG_CRYPTO_TWOFISH_COMMON=y
+CONFIG_CRYPTO_TWOFISH_X86_64=m
+CONFIG_CRYPTO_TWOFISH_X86_64_3WAY=m
+CONFIG_CRYPTO_TWOFISH_AVX_X86_64=m
#
# Compression
#
CONFIG_CRYPTO_DEFLATE=m
-# CONFIG_CRYPTO_LZO is not set
+CONFIG_CRYPTO_LZO=m
# CONFIG_CRYPTO_842 is not set
-# CONFIG_CRYPTO_LZ4 is not set
+CONFIG_CRYPTO_LZ4=m
# CONFIG_CRYPTO_LZ4HC is not set
#
@@ -5897,23 +6612,31 @@ CONFIG_CRYPTO_DRBG_HMAC=y
# CONFIG_CRYPTO_DRBG_CTR is not set
CONFIG_CRYPTO_DRBG=y
CONFIG_CRYPTO_JITTERENTROPY=y
-# CONFIG_CRYPTO_USER_API_HASH is not set
-# CONFIG_CRYPTO_USER_API_SKCIPHER is not set
+CONFIG_CRYPTO_USER_API=y
+CONFIG_CRYPTO_USER_API_HASH=y
+CONFIG_CRYPTO_USER_API_SKCIPHER=y
# CONFIG_CRYPTO_USER_API_RNG is not set
# CONFIG_CRYPTO_USER_API_AEAD is not set
CONFIG_CRYPTO_HASH_INFO=y
CONFIG_CRYPTO_HW=y
-# CONFIG_CRYPTO_DEV_PADLOCK is not set
+CONFIG_CRYPTO_DEV_PADLOCK=m
+CONFIG_CRYPTO_DEV_PADLOCK_AES=m
+CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
# CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is not set
-# CONFIG_CRYPTO_DEV_CCP is not set
-# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set
-# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set
-# CONFIG_CRYPTO_DEV_QAT_C62X is not set
-# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set
-# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set
-# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set
-# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set
-# CONFIG_CRYPTO_DEV_CHELSIO is not set
+CONFIG_CRYPTO_DEV_CCP=y
+CONFIG_CRYPTO_DEV_CCP_DD=m
+CONFIG_CRYPTO_DEV_SP_CCP=y
+CONFIG_CRYPTO_DEV_CCP_CRYPTO=m
+CONFIG_CRYPTO_DEV_QAT=m
+CONFIG_CRYPTO_DEV_QAT_DH895xCC=m
+CONFIG_CRYPTO_DEV_QAT_C3XXX=m
+CONFIG_CRYPTO_DEV_QAT_C62X=m
+CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
+CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
+CONFIG_CRYPTO_DEV_QAT_C62XVF=m
+CONFIG_CRYPTO_DEV_NITROX=m
+CONFIG_CRYPTO_DEV_NITROX_CNN55XX=m
+CONFIG_CRYPTO_DEV_CHELSIO=m
CONFIG_CRYPTO_DEV_VIRTIO=m
CONFIG_ASYMMETRIC_KEY_TYPE=y
CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
@@ -5949,6 +6672,7 @@ CONFIG_KVM=m
CONFIG_KVM_INTEL=m
CONFIG_KVM_AMD=m
CONFIG_VHOST_NET=m
+# CONFIG_VHOST_VSOCK is not set
CONFIG_VHOST=m
# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set
# CONFIG_BINARY_PRINTF is not set
@@ -5990,6 +6714,7 @@ CONFIG_ZLIB_INFLATE=y
CONFIG_ZLIB_DEFLATE=y
CONFIG_LZO_COMPRESS=y
CONFIG_LZO_DECOMPRESS=y
+CONFIG_LZ4_COMPRESS=m
CONFIG_LZ4_DECOMPRESS=y
CONFIG_ZSTD_COMPRESS=m
CONFIG_ZSTD_DECOMPRESS=m
@@ -6009,6 +6734,10 @@ CONFIG_DECOMPRESS_XZ=y
CONFIG_DECOMPRESS_LZO=y
CONFIG_DECOMPRESS_LZ4=y
CONFIG_GENERIC_ALLOCATOR=y
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=m
+CONFIG_TEXTSEARCH_BM=m
+CONFIG_TEXTSEARCH_FSM=m
CONFIG_BTREE=y
CONFIG_INTERVAL_TREE=y
CONFIG_RADIX_TREE_MULTIORDER=y
@@ -6042,4 +6771,5 @@ CONFIG_ARCH_HAS_SG_CHAIN=y
CONFIG_ARCH_HAS_PMEM_API=y
CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y
CONFIG_SBITMAP=y
+CONFIG_PARMAN=m
# CONFIG_STRING_SELFTEST is not set
diff --git a/system/gcc/001_all_default-ssp-strong.patch b/system/gcc/001_all_default-ssp-strong.patch
new file mode 100644
index 000000000..95949eb00
--- /dev/null
+++ b/system/gcc/001_all_default-ssp-strong.patch
@@ -0,0 +1,215 @@
+# DP: Turn on -fstack-protector by default for C, C++, ObjC, ObjC++.
+# DP: Build libgcc using -fno-stack-protector.
+
+---
+ gcc/Makefile.in | 2 ++
+ gcc/cp/lang-specs.h | 6 +++---
+ gcc/doc/invoke.texi | 4 ++++
+ gcc/gcc.c | 18 ++++++++++++++----
+ gcc/objc/lang-specs.h | 10 +++++-----
+ gcc/objcp/lang-specs.h | 8 ++++----
+ 6 files changed, 32 insertions(+), 16 deletions(-)
+
+Index: b/gcc/gcc.c
+===================================================================
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -858,6 +858,14 @@ proper position among the other output f
+ #define LINK_GCC_C_SEQUENCE_SPEC "%G %L %G"
+ #endif
+
++#ifndef SSP_DEFAULT_SPEC
++#ifdef TARGET_LIBC_PROVIDES_SSP
++#define SSP_DEFAULT_SPEC "%{!fno-stack-protector:%{!fstack-protector-all:%{!ffreestanding:%{!nostdlib:%{!fstack-protector:-fstack-protector-strong}}}}}"
++#else
++#define SSP_DEFAULT_SPEC ""
++#endif
++#endif
++
+ #ifndef LINK_SSP_SPEC
+ #ifdef TARGET_LIBC_PROVIDES_SSP
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+@@ -1057,6 +1065,7 @@ static const char *cc1_spec = CC1_SPEC;
+ static const char *cc1plus_spec = CC1PLUS_SPEC;
+ static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
+ static const char *link_ssp_spec = LINK_SSP_SPEC;
++static const char *ssp_default_spec = SSP_DEFAULT_SPEC;
+ static const char *asm_spec = ASM_SPEC;
+ static const char *asm_final_spec = ASM_FINAL_SPEC;
+ static const char *link_spec = LINK_SPEC;
+@@ -1112,7 +1121,7 @@ static const char *cpp_unique_options =
+ static const char *cpp_options =
+ "%(cpp_unique_options) %1 %{m*} %{std*&ansi&trigraphs} %{W*&pedantic*} %{w}\
+ %{f*} %{g*:%{!g0:%{g*} %{!fno-working-directory:-fworking-directory}}} %{O*}\
+- %{undef} %{save-temps*:-fpch-preprocess}";
++ %{undef} %{save-temps*:-fpch-preprocess} %(ssp_default)";
+
+ /* This contains cpp options which are not passed when the preprocessor
+ output will be used by another program. */
+@@ -1301,9 +1310,9 @@ static const struct compiler default_com
+ %{save-temps*|traditional-cpp|no-integrated-cpp:%(trad_capable_cpp) \
+ %(cpp_options) -o %{save-temps*:%b.i} %{!save-temps*:%g.i} \n\
+ cc1 -fpreprocessed %{save-temps*:%b.i} %{!save-temps*:%g.i} \
+- %(cc1_options)}\
++ %(cc1_options) %(ssp_default)}\
+ %{!save-temps*:%{!traditional-cpp:%{!no-integrated-cpp:\
+- cc1 %(cpp_unique_options) %(cc1_options)}}}\
++ cc1 %(cpp_unique_options) %(cc1_options) %(ssp_default)}}}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 1},
+ {"-",
+ "%{!E:%e-E or -x required when input is from standard input}\
+@@ -1328,7 +1337,7 @@ static const struct compiler default_com
+ %W{o*:--output-pch=%*}}%V}}}}}}}", 0, 0, 0},
+ {".i", "@cpp-output", 0, 0, 0},
+ {"@cpp-output",
+- "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
++ "%{!M:%{!MM:%{!E:cc1 -fpreprocessed %i %(cc1_options) %(ssp_default) %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {".s", "@assembler", 0, 0, 0},
+ {"@assembler",
+ "%{!M:%{!MM:%{!E:%{!S:as %(asm_debug) %(asm_options) %i %A }}}}", 0, 0, 0},
+@@ -1560,6 +1569,7 @@ static struct spec_list static_specs[] =
+ INIT_STATIC_SPEC ("cc1plus", &cc1plus_spec),
+ INIT_STATIC_SPEC ("link_gcc_c_sequence", &link_gcc_c_sequence_spec),
+ INIT_STATIC_SPEC ("link_ssp", &link_ssp_spec),
++ INIT_STATIC_SPEC ("ssp_default", &ssp_default_spec),
+ INIT_STATIC_SPEC ("endfile", &endfile_spec),
+ INIT_STATIC_SPEC ("link", &link_spec),
+ INIT_STATIC_SPEC ("lib", &lib_spec),
+Index: b/gcc/cp/lang-specs.h
+===================================================================
+--- a/gcc/cp/lang-specs.h
++++ b/gcc/cp/lang-specs.h
+@@ -46,7 +46,7 @@ along with GCC; see the file COPYING3.
+ %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
+ cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
+ %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+- %(cc1_options) %2\
++ %(cc1_options) %(ssp_default) %2\
+ %{!fsyntax-only:-o %g.s \
+ %{!fdump-ada-spec*:%{!o*:--output-pch=%i.gch}\
+ %W{o*:--output-pch=%*}}%V}}}}",
+@@ -58,11 +58,11 @@ along with GCC; see the file COPYING3.
+ %(cpp_options) %2 -o %{save-temps*:%b.ii} %{!save-temps*:%g.ii} \n}\
+ cc1plus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.ii} %{!save-temps*:%g.ii}}\
+ %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+- %(cc1_options) %2\
++ %(cc1_options) %(ssp_default) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}",
+ CPLUSPLUS_CPP_SPEC, 0, 0},
+ {".ii", "@c++-cpp-output", 0, 0, 0},
+ {"@c++-cpp-output",
+ "%{!M:%{!MM:%{!E:\
+- cc1plus -fpreprocessed %i %(cc1_options) %2\
++ cc1plus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+Index: b/gcc/params.def
+===================================================================
+--- a/gcc/params.def
++++ b/gcc/params.def
+@@ -673,7 +673,7 @@ DEFPARAM (PARAM_INTEGER_SHARE_LIMIT,
+ DEFPARAM (PARAM_SSP_BUFFER_SIZE,
+ "ssp-buffer-size",
+ "The lower bound for a buffer to be considered for stack smashing protection.",
+- 8, 1, 0)
++ 4, 1, 0)
+
+ DEFPARAM (PARAM_MIN_SIZE_FOR_STACK_SHARING,
+ "min-size-for-stack-sharing",
+Index: b/gcc/objc/lang-specs.h
+===================================================================
+--- a/gcc/objc/lang-specs.h
++++ b/gcc/objc/lang-specs.h
+@@ -29,9 +29,9 @@ along with GCC; see the file COPYING3.
+ %{traditional|traditional-cpp:\
+ %eGNU Objective C no longer supports traditional compilation}\
+ %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
+- cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}\
++ cc1obj -fpreprocessed %{save-temps*:%b.mi} %{!save-temps*:%g.mi} %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}\
+ %{!save-temps*:%{!no-integrated-cpp:\
+- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}}}\
++ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}}}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {"@objective-c-header",
+ "%{E|M|MM:cc1obj -E %{traditional|traditional-cpp:-traditional-cpp}\
+@@ -40,18 +40,18 @@ along with GCC; see the file COPYING3.
+ %{traditional|traditional-cpp:\
+ %eGNU Objective C no longer supports traditional compilation}\
+ %{save-temps*|no-integrated-cpp:cc1obj -E %(cpp_options) -o %{save-temps*:%b.mi} %{!save-temps*:%g.mi} \n\
+- cc1obj -fpreprocessed %b.mi %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++ cc1obj -fpreprocessed %b.mi %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
+ -o %g.s %{!o*:--output-pch=%i.gch}\
+ %W{o*:--output-pch=%*}%V}\
+ %{!save-temps*:%{!no-integrated-cpp:\
+- cc1obj %(cpp_unique_options) %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++ cc1obj %(cpp_unique_options) %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
+ -o %g.s %{!o*:--output-pch=%i.gch}\
+ %W{o*:--output-pch=%*}%V}}}}}", 0, 0, 0},
+ {".mi", "@objective-c-cpp-output", 0, 0, 0},
+ {"@objective-c-cpp-output",
+- "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++ "%{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {"@objc-cpp-output",
+ "%nobjc-cpp-output is deprecated; please use objective-c-cpp-output instead\n\
+- %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %{print-objc-runtime-info} %{gen-decls}\
++ %{!M:%{!MM:%{!E:cc1obj -fpreprocessed %i %(cc1_options) %(ssp_default) %{print-objc-runtime-info} %{gen-decls}\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+Index: b/gcc/objcp/lang-specs.h
+===================================================================
+--- a/gcc/objcp/lang-specs.h
++++ b/gcc/objcp/lang-specs.h
+@@ -36,7 +36,7 @@ along with GCC; see the file COPYING3.
+ %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
+ cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
+ %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+- %(cc1_options) %2\
++ %(cc1_options) %(ssp_default) %2\
+ -o %g.s %{!o*:--output-pch=%i.gch} %W{o*:--output-pch=%*}%V}}}",
+ CPLUSPLUS_CPP_SPEC, 0, 0},
+ {"@objective-c++",
+@@ -46,16 +46,16 @@ along with GCC; see the file COPYING3.
+ %(cpp_options) %2 -o %{save-temps*:%b.mii} %{!save-temps*:%g.mii} \n}\
+ cc1objplus %{save-temps*|no-integrated-cpp:-fpreprocessed %{save-temps*:%b.mii} %{!save-temps*:%g.mii}}\
+ %{!save-temps*:%{!no-integrated-cpp:%(cpp_unique_options)}}\
+- %(cc1_options) %2\
++ %(cc1_options) %(ssp_default) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}",
+ CPLUSPLUS_CPP_SPEC, 0, 0},
+ {".mii", "@objective-c++-cpp-output", 0, 0, 0},
+ {"@objective-c++-cpp-output",
+ "%{!M:%{!MM:%{!E:\
+- cc1objplus -fpreprocessed %i %(cc1_options) %2\
++ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+ {"@objc++-cpp-output",
+ "%nobjc++-cpp-output is deprecated; please use objective-c++-cpp-output instead\n\
+ %{!M:%{!MM:%{!E:\
+- cc1objplus -fpreprocessed %i %(cc1_options) %2\
++ cc1objplus -fpreprocessed %i %(cc1_options) %(ssp_default) %2\
+ %{!fsyntax-only:%(invoke_as)}}}}", 0, 0, 0},
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -9247,6 +9247,9 @@
+ The minimum size of variables taking part in stack slot sharing when not
+ optimizing. The default value is 32.
+
++The Alpine Linux default is "4", to increase
++the number of functions protected by the stack protector.
++
+ @item max-jump-thread-duplication-stmts
+ Maximum number of statements allowed in a block that needs to be
+ duplicated when threading jumps.
+@@ -10185,6 +10188,11 @@
+ Like @option{-fstack-protector} but includes additional functions to
+ be protected --- those that have local array definitions, or have
+ references to local frame addresses.
++
++NOTE: In Alpine Linux,
++@option{-fstack-protector-strong} is enabled by default for C,
++C++, ObjC, ObjC++, if none of @option{-fno-stack-protector},
++@option{-nostdlib}, nor @option{-ffreestanding} are found.
+
+ @item -fstack-protector-explicit
+ @opindex fstack-protector-explicit
diff --git a/system/gcc/002_all_default-relro.patch b/system/gcc/002_all_default-relro.patch
new file mode 100644
index 000000000..c461017dc
--- /dev/null
+++ b/system/gcc/002_all_default-relro.patch
@@ -0,0 +1,33 @@
+# Turn on -Wl,-z,relro,-z,now by default.
+
+---
+ gcc/doc/invoke.texi | 3 +++
+ gcc/gcc.c | 1 +
+ 2 files changed, 4 insertions(+), 0 deletions(-)
+
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -11424,6 +11424,9 @@ For example, @option{-Wl,-Map,output.map
+ linker. When using the GNU linker, you can also get the same effect with
+ @option{-Wl,-Map=output.map}.
+
++NOTE: In Alpine Linux, for LDFLAGS, the option
++@option{-Wl,-z,relro,now} is used. To disable, use @option{-Wl,-z,norelro}.
++
+ @item -u @var{symbol}
+ @opindex u
+ Pretend the symbol @var{symbol} is undefined, to force linking of
+Index: b/gcc/gcc.c
+===================================================================
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -890,6 +890,7 @@ proper position among the other output f
+ "%{flto|flto=*:%<fcompare-debug*} \
+ %{flto} %{fno-lto} %{flto=*} %l " LINK_PIE_SPEC \
+ "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
++ "-z relro -z now " \
+ "%X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} " VTABLE_VERIFICATION_SPEC " \
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) " SANITIZER_EARLY_SPEC " %o\
diff --git a/system/gcc/003_all_default-fortify-source.patch b/system/gcc/003_all_default-fortify-source.patch
new file mode 100644
index 000000000..6ca803343
--- /dev/null
+++ b/system/gcc/003_all_default-fortify-source.patch
@@ -0,0 +1,40 @@
+# DP: Turn on -D_FORTIFY_SOURCE=2 by default for C, C++, ObjC, ObjC++,
+# DP: if the optimization level is > 0
+
+---
+ gcc/doc/invoke.texi | 6 ++++++
+ gcc/c-family/c-cppbuiltin.c | 3 +
+ 2 files changed, 9 insertions(+), 0 deletions(-)
+
+Index: b/gcc/doc/invoke.texi
+===================================================================
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -7840,6 +7840,12 @@ also turns on the following optimization
+ Please note the warning under @option{-fgcse} about
+ invoking @option{-O2} on programs that use computed gotos.
+
++NOTE: In Alpine Linux, @option{-D_FORTIFY_SOURCE=2} is
++set by default, and is activated when @option{-O} is set to 2 or higher.
++This enables additional compile-time and run-time checks for several libc
++functions. To disable, specify either @option{-U_FORTIFY_SOURCE} or
++@option{-D_FORTIFY_SOURCE=0}.
++
+ @item -O3
+ @opindex O3
+ Optimize yet more. @option{-O3} turns on all optimizations specified
+Index: b/gcc/c-family/c-cppbuiltin.c
+===================================================================
+--- a/gcc/c-family/c-cppbuiltin.c
++++ b/gcc/c-family/c-cppbuiltin.c
+@@ -1176,6 +1176,10 @@ c_cpp_builtins (cpp_reader *pfile)
+ builtin_define_with_value ("__REGISTER_PREFIX__", REGISTER_PREFIX, 0);
+ builtin_define_with_value ("__USER_LABEL_PREFIX__", user_label_prefix, 0);
+
++ /* Fortify Source enabled by default for optimization levels > 0 */
++ if (optimize)
++ builtin_define_with_int_value ("_FORTIFY_SOURCE", 2);
++
+ /* Misc. */
+ if (flag_gnu89_inline)
+ cpp_define (pfile, "__GNUC_GNU_INLINE__");
diff --git a/system/gcc/005_all_default-as-needed.patch b/system/gcc/005_all_default-as-needed.patch
new file mode 100644
index 000000000..ee4f7962a
--- /dev/null
+++ b/system/gcc/005_all_default-as-needed.patch
@@ -0,0 +1,241 @@
+# DP: On linux targets pass --as-needed by default to the linker, but always
+# DP: link the sanitizer libraries with --no-as-needed.
+
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -568,8 +568,11 @@ proper position among the other output f
+ #ifdef LIBTSAN_EARLY_SPEC
+ #define LIBTSAN_SPEC STATIC_LIBTSAN_LIBS
+ #elif defined(HAVE_LD_STATIC_DYNAMIC)
+-#define LIBTSAN_SPEC "%{static-libtsan:" LD_STATIC_OPTION \
+- "} -ltsan %{static-libtsan:" LD_DYNAMIC_OPTION "}" \
++#define LIBTSAN_SPEC "%{static-libtsan:" LD_STATIC_OPTION "}" \
++ " %{!static-libtsan:%{!fuse-ld=gold:--push-state }--no-as-needed}" \
++ " -ltsan " \
++ " %{static-libtsan:" LD_DYNAMIC_OPTION "}" \
++ " %{!static-libtsan:%{fuse-ld=gold:--as-needed;:--pop-state}}" \
+ STATIC_LIBTSAN_LIBS
+ #else
+ #define LIBTSAN_SPEC "-ltsan" STATIC_LIBTSAN_LIBS
+--- a/gcc/config/gnu-user.h
++++ b/gcc/config/gnu-user.h
+@@ -124,13 +124,13 @@
+ #define LIBASAN_EARLY_SPEC "%{!shared:libasan_preinit%O%s} " \
+ "%{static-libasan:%{!shared:" \
+ LD_STATIC_OPTION " --whole-archive -lasan --no-whole-archive " \
+- LD_DYNAMIC_OPTION "}}%{!static-libasan:-lasan}"
++ LD_DYNAMIC_OPTION "}}%{!static-libasan:%{!fuse-ld=gold:--push-state} --no-as-needed -lasan %{fuse-ld=gold:--as-needed;:--pop-state}}"
+ #undef LIBTSAN_EARLY_SPEC
+ #define LIBTSAN_EARLY_SPEC "%{static-libtsan:%{!shared:" \
+ LD_STATIC_OPTION " --whole-archive -ltsan --no-whole-archive " \
+- LD_DYNAMIC_OPTION "}}%{!static-libtsan:-ltsan}"
++ LD_DYNAMIC_OPTION "}}%{!static-libtsan:%{!fuse-ld=gold:--push-state} --no-as-needed -ltsan %{fuse-ld=gold:--as-needed;:--pop-state}}"
+ #undef LIBLSAN_EARLY_SPEC
+ #define LIBLSAN_EARLY_SPEC "%{static-liblsan:%{!shared:" \
+ LD_STATIC_OPTION " --whole-archive -llsan --no-whole-archive " \
+- LD_DYNAMIC_OPTION "}}%{!static-liblsan:-llsan}"
++ LD_DYNAMIC_OPTION "}}%{!static-liblsan:%{!fuse-ld=gold:--push-state} --no-as-needed -llsan %{fuse-ld=gold:--as-needed;:--pop-state}}"
+ #endif
+Index: b/gcc/config/aarch64/aarch64-linux.h
+===================================================================
+--- a/gcc/config/aarch64/aarch64-linux.h
++++ b/gcc/config/aarch64/aarch64-linux.h
+@@ -36,5 +36,6 @@
+
+ #define LINUX_TARGET_LINK_SPEC "%{h*} \
++ --as-needed \
+ %{static:-Bstatic} \
+ %{shared:-shared} \
+ %{symbolic:-Bsymbolic} \
+Index: b/gcc/config/ia64/linux.h
+===================================================================
+--- a/gcc/config/ia64/linux.h
++++ b/gcc/config/ia64/linux.h
+@@ -58,7 +58,7 @@ do { \
+ #define GLIBC_DYNAMIC_LINKER "/lib/ld-linux-ia64.so.2"
+
+ #undef LINK_SPEC
+-#define LINK_SPEC "\
++#define LINK_SPEC " --as-needed \
+ %{shared:-shared} \
+ %{!shared: \
+ %{!static: \
+Index: b/gcc/config/sparc/linux.h
+===================================================================
+--- a/gcc/config/sparc/linux.h
++++ b/gcc/config/sparc/linux.h
+@@ -86,7 +86,7 @@ extern const char *host_detect_local_cpu
+ #define GLIBC_DYNAMIC_LINKER "/lib/ld-linux.so.2"
+
+ #undef LINK_SPEC
+-#define LINK_SPEC "-m elf32_sparc %{shared:-shared} \
++#define LINK_SPEC "-m elf32_sparc --as-needed %{shared:-shared} \
+ %{!mno-relax:%{!r:-relax}} \
+ %{!shared: \
+ %{!static: \
+Index: b/gcc/config/s390/linux.h
+===================================================================
+--- a/gcc/config/s390/linux.h
++++ b/gcc/config/s390/linux.h
+@@ -65,7 +65,7 @@ along with GCC; see the file COPYING3.
+
+ #undef LINK_SPEC
+ #define LINK_SPEC \
+- "%{m31:-m elf_s390}%{m64:-m elf64_s390} \
++ "%{m31:-m elf_s390}%{m64:-m elf64_s390} --as-needed \
+ %{shared:-shared} \
+ %{!shared: \
+ %{static:-static} \
+Index: b/gcc/config/rs6000/linux64.h
+===================================================================
+--- a/gcc/config/rs6000/linux64.h
++++ b/gcc/config/rs6000/linux64.h
+@@ -466,12 +466,12 @@ extern int dot_symbols;
+ " -m elf64ppc")
+ #endif
+
+-#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " %{!shared: %{!static: \
++#define LINK_OS_LINUX_SPEC32 LINK_OS_LINUX_EMUL32 " --as-needed %{!shared: %{!static: \
+ %{rdynamic:-export-dynamic} \
+ -dynamic-linker " GNU_USER_DYNAMIC_LINKER32 "}} \
+ %(link_os_extra_spec32)"
+
+-#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " %{!shared: %{!static: \
++#define LINK_OS_LINUX_SPEC64 LINK_OS_LINUX_EMUL64 " --as-needed %{!shared: %{!static: \
+ %{rdynamic:-export-dynamic} \
+ -dynamic-linker " GNU_USER_DYNAMIC_LINKER64 "}} \
+ %(link_os_extra_spec64)"
+Index: b/gcc/config/rs6000/sysv4.h
+===================================================================
+--- a/gcc/config/rs6000/sysv4.h
++++ b/gcc/config/rs6000/sysv4.h
+@@ -784,7 +784,7 @@ ENDIAN_SELECT(" -mbig", " -mlittle", DEF
+ CHOOSE_DYNAMIC_LINKER (GLIBC_DYNAMIC_LINKER, UCLIBC_DYNAMIC_LINKER, \
+ MUSL_DYNAMIC_LINKER)
+
+-#define LINK_OS_LINUX_SPEC "-m elf32ppclinux %{!shared: %{!static: \
++#define LINK_OS_LINUX_SPEC "-m elf32ppclinux --as-needed %{!shared: %{!static: \
+ %{rdynamic:-export-dynamic} \
+ -dynamic-linker " GNU_USER_DYNAMIC_LINKER "}}"
+
+Index: b/gcc/config/i386/gnu-user64.h
+===================================================================
+--- a/gcc/config/i386/gnu-user64.h
++++ b/gcc/config/i386/gnu-user64.h
+@@ -57,5 +57,6 @@ see the files COPYING3 and COPYING.RUNTI
+ %{" SPEC_32 ":-m " GNU_USER_LINK_EMULATION32 "} \
+ %{" SPEC_X32 ":-m " GNU_USER_LINK_EMULATIONX32 "} \
++ --as-needed \
+ %{shared:-shared} \
+ %{!shared: \
+ %{!static: \
+Index: b/gcc/config/i386/gnu-user.h
+===================================================================
+--- a/gcc/config/i386/gnu-user.h
++++ b/gcc/config/i386/gnu-user.h
+@@ -74,7 +74,7 @@ along with GCC; see the file COPYING3.
+ { "link_emulation", GNU_USER_LINK_EMULATION },\
+ { "dynamic_linker", GNU_USER_DYNAMIC_LINKER }
+
+-#define GNU_USER_TARGET_LINK_SPEC "-m %(link_emulation) %{shared:-shared} \
++#define GNU_USER_TARGET_LINK_SPEC "-m %(link_emulation) --as-needed %{shared:-shared} \
+ %{!shared: \
+ %{!static: \
+ %{rdynamic:-export-dynamic} \
+Index: b/gcc/config/alpha/linux-elf.h
+===================================================================
+--- a/gcc/config/alpha/linux-elf.h
++++ b/gcc/config/alpha/linux-elf.h
+@@ -37,7 +37,7 @@ along with GCC; see the file COPYING3.
+
+ #define ELF_DYNAMIC_LINKER GNU_USER_DYNAMIC_LINKER
+
+-#define LINK_SPEC "-m elf64alpha %{G*} %{relax:-relax} \
++#define LINK_SPEC "-m elf64alpha --as-needed %{G*} %{relax:-relax} \
+ %{O*:-O3} %{!O*:-O1} \
+ %{shared:-shared} \
+ %{!shared: \
+Index: b/gcc/config/arm/linux-elf.h
+===================================================================
+--- a/gcc/config/arm/linux-elf.h
++++ b/gcc/config/arm/linux-elf.h
+@@ -73,5 +73,6 @@
+ %{!shared:-dynamic-linker " GNU_USER_DYNAMIC_LINKER "}} \
+ -X \
++ --as-needed \
+ %{mbig-endian:-EB} %{mlittle-endian:-EL}" \
+ SUBTARGET_EXTRA_LINK_SPEC
+
+Index: b/gcc/config/mips/gnu-user.h
+===================================================================
+--- a/gcc/config/mips/gnu-user.h
++++ b/gcc/config/mips/gnu-user.h
+@@ -55,6 +55,7 @@ along with GCC; see the file COPYING3.
+ #undef GNU_USER_TARGET_LINK_SPEC
+ #define GNU_USER_TARGET_LINK_SPEC "\
+ %{G*} %{EB} %{EL} %{mips*} %{shared} \
++ -as-needed \
+ %{!shared: \
+ %{!static: \
+ %{rdynamic:-export-dynamic} \
+Index: b/libjava/Makefile.am
+===================================================================
+--- a/libjava/Makefile.am
++++ b/libjava/Makefile.am
+@@ -627,14 +631,14 @@
+ rm .libs/libgcj_bc.so; \
+ mv .libs/libgcj_bc.so.1.0.0 .libs/libgcj_bc.so; \
+ $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \
+- -o .libs/libgcj_bc.so.1.0.0 -lgcj || exit; \
++ -o .libs/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \
+ rm .libs/libgcj_bc.so.1; \
+ $(LN_S) libgcj_bc.so.1.0.0 .libs/libgcj_bc.so.1
+
+ ## This rule creates the libgcj_bc library that is actually installed.
+ install/libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_DEPENDENCIES) install/$(am__dirstamp)
+ $(libgcj_bc_la_LINK) $(am_libgcj_bc_la_rpath) $(libgcj_bc_la_LDFLAGS) \
+- $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS)
++ $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS) -Wl,--no-as-needed -lgcj
+
+ ## Note that property_files is defined in sources.am.
+ propertyo_files = $(patsubst classpath/resource/%,%,$(addsuffix .lo,$(property_files)))
+@@ -762,7 +766,7 @@
+ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \
+ mv $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \
+ $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \
+- -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -lgcj || exit; \
++ -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \
+ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \
+ $(LN_S) libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \
+ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.la;
+
+Index: b/libjava/Makefile.in
+===================================================================
+--- a/libjava/Makefile.in
++++ b/libjava/Makefile.in
+@@ -10644,13 +10648,13 @@
+ rm .libs/libgcj_bc.so; \
+ mv .libs/libgcj_bc.so.1.0.0 .libs/libgcj_bc.so; \
+ $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \
+- -o .libs/libgcj_bc.so.1.0.0 -lgcj || exit; \
++ -o .libs/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \
+ rm .libs/libgcj_bc.so.1; \
+ $(LN_S) libgcj_bc.so.1.0.0 .libs/libgcj_bc.so.1
+
+ install/libgcj_bc.la: $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_DEPENDENCIES) install/$(am__dirstamp)
+ $(libgcj_bc_la_LINK) $(am_libgcj_bc_la_rpath) $(libgcj_bc_la_LDFLAGS) \
+- $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS)
++ $(libgcj_bc_la_OBJECTS) $(libgcj_bc_la_LIBADD) $(LIBS) -Wl,--no-as-needed -lgcj
+
+ $(propertyo_files): %.lo: classpath/resource/%
+ $(mkinstalldirs) `dirname $@`; \
+@@ -12494,7 +12498,7 @@
+ @USE_LIBGCJ_BC_TRUE@ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \
+ @USE_LIBGCJ_BC_TRUE@ mv $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so; \
+ @USE_LIBGCJ_BC_TRUE@ $(libgcj_bc_dummy_LINK) -xc /dev/null -Wl,-soname,libgcj_bc.so.1 \
+-@USE_LIBGCJ_BC_TRUE@ -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -lgcj || exit; \
++@USE_LIBGCJ_BC_TRUE@ -o $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1.0.0 -Wl,--no-as-needed -lgcj || exit; \
+ @USE_LIBGCJ_BC_TRUE@ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \
+ @USE_LIBGCJ_BC_TRUE@ $(LN_S) libgcj_bc.so.1.0.0 $(DESTDIR)$(toolexeclibdir)/libgcj_bc.so.1; \
+ @USE_LIBGCJ_BC_TRUE@ rm $(DESTDIR)$(toolexeclibdir)/libgcj_bc.la;
+
diff --git a/system/gcc/011_all_default-warn-format-security.patch b/system/gcc/011_all_default-warn-format-security.patch
new file mode 100644
index 000000000..a58383a8e
--- /dev/null
+++ b/system/gcc/011_all_default-warn-format-security.patch
@@ -0,0 +1,43 @@
+Enable -Wformat and -Wformat-security by default.
+
+
+--- a/gcc/c-family/c.opt
++++ b/gcc/c-family/c.opt
+@@ -412,7 +412,7 @@ C ObjC C++ ObjC++ Var(warn_format_nonliteral) Warning LangEnabledBy(C ObjC C++ O
+ Warn about format strings that are not literals
+
+ Wformat-security
+-C ObjC C++ ObjC++ Var(warn_format_security) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0)
++C ObjC C++ ObjC++ Var(warn_format_security) Init(1) Warning LangEnabledBy(C ObjC C++ ObjC++,Wformat=, warn_format >= 2, 0)
+ Warn about possible security problems with format functions
+
+ Wformat-y2k
+@@ -424,7 +424,7 @@ C ObjC C++ ObjC++ Var(warn_format_zero_length) Warning LangEnabledBy(C ObjC C++
+ Warn about zero-length formats
+
+ Wformat=
+-C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall, 1, 0)
++C ObjC C++ ObjC++ Joined RejectNegative UInteger Var(warn_format) Init(1) Warning LangEnabledBy(C ObjC C++ ObjC++,Wall, 1, 0)
+ Warn about printf/scanf/strftime/strfmon format string anomalies
+
+ Wignored-qualifiers
+--- a/gcc/doc/gcc.info
++++ b/gcc/doc/gcc.info
+@@ -3451,6 +3451,8 @@ compiler warns that an unrecognized option is present.
+ '-Wno-format-contains-nul', '-Wno-format-extra-args', and
+ '-Wno-format-zero-length'. '-Wformat' is enabled by '-Wall'.
+
++ This option is enabled by default in Alpine Linux.
++
+ '-Wno-format-contains-nul'
+ If '-Wformat' is specified, do not warn about format strings
+ that contain NUL bytes.
+@@ -3496,6 +3498,8 @@ compiler warns that an unrecognized option is present.
+ future warnings may be added to '-Wformat-security' that are
+ not included in '-Wformat-nonliteral'.)
+
++ This option is enabled by default in Alpine Linux.
++
+ '-Wformat-y2k'
+ If '-Wformat' is specified, also warn about 'strftime' formats
+ that may yield only a two-digit year.
diff --git a/system/gcc/012_all_default-warn-trampolines.patch b/system/gcc/012_all_default-warn-trampolines.patch
new file mode 100644
index 000000000..9ab4378d4
--- /dev/null
+++ b/system/gcc/012_all_default-warn-trampolines.patch
@@ -0,0 +1,25 @@
+Enable -Wtrampolines by default.
+
+
+--- a/gcc/common.opt
++++ b/gcc/common.opt
+@@ -648,7 +648,7 @@ Common Var(warn_system_headers) Warning
+ Do not suppress warnings from system headers
+
+ Wtrampolines
+-Common Var(warn_trampolines) Warning
++Common Var(warn_trampolines) Init(1) Warning
+ Warn whenever a trampoline is generated
+
+ Wtype-limits
+--- a/gcc/doc/gcc.info
++++ b/gcc/doc/gcc.info
+@@ -4021,6 +4021,8 @@ compiler warns that an unrecognized option is present.
+ and thus requires the stack to be made executable in order for the
+ program to work properly.
+
++ This warning is enabled by default in Gentoo.
++
+ '-Wfloat-equal'
+ Warn if floating-point values are used in equality comparisons.
+
diff --git a/system/gcc/020_all_msgfmt-libstdc++-link.patch b/system/gcc/020_all_msgfmt-libstdc++-link.patch
new file mode 100644
index 000000000..a70ea50a0
--- /dev/null
+++ b/system/gcc/020_all_msgfmt-libstdc++-link.patch
@@ -0,0 +1,39 @@
+Ensure that msgfmt doesn't encounter problems during gcc bootstrapping.
+
+Solves error messages like the following:
+
+msgfmt: /var/tmp/portage/sys-devel/gcc-4.1.2/work/build/./gcc/libgcc_s.so.1: version `GCC_4.2.0' not found (required by /usr/lib/gcc/x86_64-pc-linux-gnu/4.5.3/libstdc++.so.6)
+
+The libgcc_s.so used during build doesn't satisfy the needs of the
+libstdc++.so that msgfmt is linked against. On the other hand, msgfmt
+is used as a stand-alone application here, and what library it uses
+behind the scenes is of no concern to the gcc build process.
+Therefore, simply invoking it "as usual", i.e. without any special
+library path, will make it work as expected here.
+
+2011-09-19 Martin von Gagern
+
+References:
+https://bugs.gentoo.org/372377
+https://bugs.gentoo.org/295480
+
+--- gcc-4.1.2.orig/libstdc++-v3/po/Makefile.am
++++ gcc-4.1.2/libstdc++-v3/po/Makefile.am
+@@ -39,6 +39,7 @@ MSGFMT = msgfmt
+ EXTRA_DIST = string_literals.cc POTFILES.in $(PACKAGE).pot $(LOCALE_IN)
+
+ .po.mo:
++ env --unset=LD_LIBRARY_PATH \
+ $(MSGFMT) -o $@ $<
+
+ all-local: all-local-$(USE_NLS)
+--- gcc-4.1.2.orig/libstdc++-v3/po/Makefile.in
++++ gcc-4.1.2/libstdc++-v3/po/Makefile.in
+@@ -419,6 +419,7 @@ uninstall-am: uninstall-info-am
+
+
+ .po.mo:
++ env --unset=LD_LIBRARY_PATH \
+ $(MSGFMT) -o $@ $<
+
+ all-local: all-local-$(USE_NLS)
diff --git a/system/gcc/050_all_libiberty-asprintf.patch b/system/gcc/050_all_libiberty-asprintf.patch
new file mode 100644
index 000000000..bee0c4c23
--- /dev/null
+++ b/system/gcc/050_all_libiberty-asprintf.patch
@@ -0,0 +1,18 @@
+2008-07-25 Magnus Granberg <zorry@ume.nu>
+
+ * include/libiberty.h (asprintf): Don't declare if defined as a macro
+
+--- a/include/libiberty.h
++++ b/include/libiberty.h
+@@ -609,8 +609,11 @@ extern int pwait (int, int *, int);
+ /* Like sprintf but provides a pointer to malloc'd storage, which must
+ be freed by the caller. */
+
++/* asprintf may be declared as a macro by glibc with __USE_FORTIFY_LEVEL. */
++#ifndef asprintf
+ extern int asprintf (char **, const char *, ...) ATTRIBUTE_PRINTF_2;
+ #endif
++#endif
+
+ #if !HAVE_DECL_VASPRINTF
+ /* Like vsprintf but provides a pointer to malloc'd storage, which
diff --git a/system/gcc/051_all_libiberty-pic.patch b/system/gcc/051_all_libiberty-pic.patch
new file mode 100644
index 000000000..b6160a730
--- /dev/null
+++ b/system/gcc/051_all_libiberty-pic.patch
@@ -0,0 +1,10 @@
+--- a/libiberty/Makefile.in
++++ b/libiberty/Makefile.in
+@@ -246,6 +246,7 @@ $(TARGETLIB): $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS)
+ $(AR) $(AR_FLAGS) $(TARGETLIB) \
+ $(REQUIRED_OFILES) $(EXTRA_OFILES) $(LIBOBJS); \
+ $(RANLIB) $(TARGETLIB); \
++ cp $(TARGETLIB) ../ ; \
+ cd ..; \
+ else true; fi
+
diff --git a/system/gcc/053_all_libitm-no-fortify-source.patch b/system/gcc/053_all_libitm-no-fortify-source.patch
new file mode 100644
index 000000000..5ab15afc3
--- /dev/null
+++ b/system/gcc/053_all_libitm-no-fortify-source.patch
@@ -0,0 +1,27 @@
+https://bugs.gentoo.org/508852
+https://gcc.gnu.org/PR61164
+
+2014-04-27 Magnus Granberg <zorry@gentoo.org>
+
+ #508852
+ * libitm/configure.tgt: Disable FORTIFY
+
+--- a/libitm/configure.tgt
++++ b/libitm/configure.tgt
+@@ -43,6 +43,16 @@ if test "$gcc_cv_have_tls" = yes ; then
+ esac
+ fi
+
++# FIXME: error: inlining failed in call to always_inline
++# ‘int vfprintf(FILE*, const char*, __va_list_tag*)’
++# : function body can be overwritten at link time
++# Disable Fortify in libitm for now. #508852
++case "${target}" in
++ *-*-linux*)
++ XCFLAGS="${XCFLAGS} -U_FORTIFY_SOURCE"
++ ;;
++esac
++
+ # Map the target cpu to an ARCH sub-directory. At the same time,
+ # work out any special compilation flags as necessary.
+ case "${target_cpu}" in
diff --git a/system/gcc/067_all_gcc-poison-system-directories.patch b/system/gcc/067_all_gcc-poison-system-directories.patch
new file mode 100644
index 000000000..103671617
--- /dev/null
+++ b/system/gcc/067_all_gcc-poison-system-directories.patch
@@ -0,0 +1,194 @@
+http://cgit.openembedded.org/openembedded-core/plain/meta/recipes-devtools/gcc/gcc-6.1/0010-gcc-poison-system-directories.patch
+
+From d76250323dad69212c958e4857a98d99ab51a39e Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 29 Mar 2013 08:59:00 +0400
+Subject: [PATCH 10/46] gcc: poison-system-directories
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Upstream-Status: Inappropriate [distribution: codesourcery]
+---
+ gcc/common.opt | 4 ++++
+ gcc/config.in | 6 ++++++
+ gcc/configure | 16 ++++++++++++++++
+ gcc/configure.ac | 10 ++++++++++
+ gcc/doc/invoke.texi | 9 +++++++++
+ gcc/gcc.c | 2 ++
+ gcc/incpath.c | 19 +++++++++++++++++++
+ 7 files changed, 66 insertions(+)
+
+diff --git a/gcc/common.opt b/gcc/common.opt
+index 67048db..733185c 100644
+--- a/gcc/common.opt
++++ b/gcc/common.opt
+@@ -659,6 +659,10 @@ Wreturn-local-addr
+ Common Var(warn_return_local_addr) Init(1) Warning
+ Warn about returning a pointer/reference to a local or temporary variable.
+
++Wpoison-system-directories
++Common Var(flag_poison_system_directories) Init(1) Warning
++Warn for -I and -L options using system directories if cross compiling
++
+ Wshadow
+ Common Var(warn_shadow) Warning
+ Warn when one local variable shadows another.
+diff --git a/gcc/config.in b/gcc/config.in
+index 115cb61..105b30f 100644
+--- a/gcc/config.in
++++ b/gcc/config.in
+@@ -187,6 +187,12 @@
+ #endif
+
+
++/* Define to warn for use of native system header directories */
++#ifndef USED_FOR_TARGET
++#undef ENABLE_POISON_SYSTEM_DIRECTORIES
++#endif
++
++
+ /* Define if you want all operations on RTL (the basic data structure of the
+ optimizer and back end) to be checked for dynamic type safety at runtime.
+ This is quite expensive. */
+diff --git a/gcc/configure b/gcc/configure
+index 1c6e340..8f83152 100755
+--- a/gcc/configure
++++ b/gcc/configure
+@@ -942,6 +942,7 @@ with_system_zlib
+ enable_maintainer_mode
+ enable_link_mutex
+ enable_version_specific_runtime_libs
++enable_poison_system_directories
+ enable_plugin
+ enable_host_shared
+ enable_libquadmath_support
+@@ -1681,6 +1682,8 @@ Optional Features:
+ --enable-version-specific-runtime-libs
+ specify that runtime libraries should be installed
+ in a compiler-specific directory
++ --enable-poison-system-directories
++ warn for use of native system header directories
+ --enable-plugin enable plugin support
+ --enable-host-shared build host code as shared libraries
+ --disable-libquadmath-support
+@@ -28908,6 +28911,19 @@ if test "${enable_version_specific_runtime_libs+set}" = set; then :
+ fi
+
+
++# Check whether --enable-poison-system-directories was given.
++if test "${enable_poison_system_directories+set}" = set; then :
++ enableval=$enable_poison_system_directories;
++else
++ enable_poison_system_directories=no
++fi
++
++if test "x${enable_poison_system_directories}" = "xyes"; then
++
++$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
++
++fi
++
+ # Substitute configuration variables
+
+
+diff --git a/gcc/configure.ac b/gcc/configure.ac
+index 6c1dcd9..0fccaef 100644
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -5861,6 +5861,16 @@ AC_ARG_ENABLE(version-specific-runtime-libs,
+ [specify that runtime libraries should be
+ installed in a compiler-specific directory])])
+
++AC_ARG_ENABLE([poison-system-directories],
++ AS_HELP_STRING([--enable-poison-system-directories],
++ [warn for use of native system header directories]),,
++ [enable_poison_system_directories=no])
++if test "x${enable_poison_system_directories}" = "xyes"; then
++ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
++ [1],
++ [Define to warn for use of native system header directories])
++fi
++
+ # Substitute configuration variables
+ AC_SUBST(subdirs)
+ AC_SUBST(srcdir)
+diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
+index 821f8fd..8bb49e7 100644
+--- a/gcc/doc/invoke.texi
++++ b/gcc/doc/invoke.texi
+@@ -284,6 +284,7 @@ Objective-C and Objective-C++ Dialects}.
+ -Wparentheses -Wno-pedantic-ms-format @gol
+ -Wplacement-new -Wplacement-new=@var{n} @gol
+ -Wpointer-arith -Wno-pointer-to-int-cast @gol
++-Wno-poison-system-directories @gol
+ -Wno-pragmas -Wredundant-decls -Wno-return-local-addr @gol
+ -Wreturn-type -Wsequence-point -Wshadow -Wno-shadow-ivar @gol
+ -Wshift-overflow -Wshift-overflow=@var{n} @gol
+@@ -4723,6 +4724,14 @@ made up of data only and thus requires no special treatment. But, for
+ most targets, it is made up of code and thus requires the stack to be
+ made executable in order for the program to work properly.
+
++@item -Wno-poison-system-directories
++@opindex Wno-poison-system-directories
++Do not warn for @option{-I} or @option{-L} options using system
++directories such as @file{/usr/include} when cross compiling. This
++option is intended for use in chroot environments when such
++directories contain the correct headers and libraries for the target
++system rather than the host.
++
+ @item -Wfloat-equal
+ @opindex Wfloat-equal
+ @opindex Wno-float-equal
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index 1af5920..4cfef7f 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -1017,6 +1017,8 @@ proper position among the other output files. */
+ "%{fuse-ld=*:-fuse-ld=%*} " LINK_COMPRESS_DEBUG_SPEC \
+ "%X %{o*} %{e*} %{N} %{n} %{r}\
+ %{s} %{t} %{u*} %{z} %{Z} %{!nostdlib:%{!nostartfiles:%S}} \
++ %{Wno-poison-system-directories:--no-poison-system-directories} \
++ %{Werror=poison-system-directories:--error-poison-system-directories} \
+ %{static:} %{L*} %(mfwrap) %(link_libgcc) " \
+ VTABLE_VERIFICATION_SPEC " " SANITIZER_EARLY_SPEC " %o " CHKP_SPEC " \
+ %{fopenacc|fopenmp|%:gt(%{ftree-parallelize-loops=*:%*} 1):\
+diff --git a/gcc/incpath.c b/gcc/incpath.c
+index ea40f4a..856da41 100644
+--- a/gcc/incpath.c
++++ b/gcc/incpath.c
+@@ -26,6 +26,7 @@
+ #include "intl.h"
+ #include "incpath.h"
+ #include "cppdefault.h"
++#include "diagnostic-core.h"
+
+ /* Microsoft Windows does not natively support inodes.
+ VMS has non-numeric inodes. */
+@@ -381,6 +382,24 @@ merge_include_chains (const char *sysroot, cpp_reader *pfile, int verbose)
+ }
+ fprintf (stderr, _("End of search list.\n"));
+ }
++
++#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
++ if (flag_poison_system_directories)
++ {
++ struct cpp_dir *p;
++
++ for (p = heads[QUOTE]; p; p = p->next)
++ {
++ if ((!strncmp (p->name, "/usr/include", 12))
++ || (!strncmp (p->name, "/usr/local/include", 18))
++ || (!strncmp (p->name, "/usr/X11R6/include", 18)))
++ warning (OPT_Wpoison_system_directories,
++ "include location \"%s\" is unsafe for "
++ "cross-compilation",
++ p->name);
++ }
++ }
++#endif
+ }
+
+ /* Use given -I paths for #include "..." but not #include <...>, and
+--
+2.8.2
+
diff --git a/system/gcc/090_all_pr55930-dependency-tracking.patch b/system/gcc/090_all_pr55930-dependency-tracking.patch
new file mode 100644
index 000000000..a8743e08c
--- /dev/null
+++ b/system/gcc/090_all_pr55930-dependency-tracking.patch
@@ -0,0 +1,18 @@
+libatomic build failure if configured with --disable-dependency-tracking
+load_n.c:115:1: fatal error: opening dependency file .deps/load_1_.lo.Ppo: No such file or directory
+
+https://bugs.gentoo.org/463463
+http://gcc.gnu.org/PR55930
+
+--- a/libatomic/Makefile.in
++++ b/libatomic/Makefile.in
+@@ -298,7 +298,8 @@ PAT_N = $(word 2,$(PAT_SPLIT))
+ PAT_S = $(word 3,$(PAT_SPLIT))
+ IFUNC_DEF = -DIFUNC_ALT=$(PAT_S)
+ IFUNC_OPT = $(word $(PAT_S),$(IFUNC_OPTIONS))
+-M_DEPS = -MT $@ -MD -MP -MF $(DEPDIR)/$(@F).Ppo
++@AMDEP_TRUE@M_DEPS = -MT $@ -MD -MP -MF $(DEPDIR)/$(@F).Ppo
++@AMDEP_FALSE@M_DEPS =
+ M_SIZE = -DN=$(PAT_N)
+ M_IFUNC = $(if $(PAT_S),$(IFUNC_DEF) $(IFUNC_OPT))
+ M_FILE = $(PAT_BASE)_n.c
diff --git a/system/gcc/201-cilkrts.patch b/system/gcc/201-cilkrts.patch
new file mode 100644
index 000000000..4aac10d6d
--- /dev/null
+++ b/system/gcc/201-cilkrts.patch
@@ -0,0 +1,59 @@
+From 594e3c1ab576daddeb86015efc8b1677020b1878 Mon Sep 17 00:00:00 2001
+From: Szabolcs Nagy <nsz@port70.net>
+Date: Sat, 24 Oct 2015 20:39:30 +0000
+Subject: [PATCH 1/6] cilkrts
+
+---
+ libcilkrts/runtime/os-unix.c | 22 +++++++---------------
+ 1 file changed, 7 insertions(+), 15 deletions(-)
+
+diff --git a/libcilkrts/runtime/os-unix.c b/libcilkrts/runtime/os-unix.c
+index cb582dd..e43d7d5 100644
+--- a/libcilkrts/runtime/os-unix.c
++++ b/libcilkrts/runtime/os-unix.c
+@@ -51,6 +51,7 @@
+ #if defined __linux__
+ # include <sys/sysinfo.h>
+ # include <sys/syscall.h>
++# include <sched.h>
+ #elif defined __APPLE__
+ # include <sys/sysctl.h>
+ // Uses sysconf(_SC_NPROCESSORS_ONLN) in verbose output
+@@ -400,28 +401,19 @@ COMMON_SYSDEP void __cilkrts_sleep(void)
+
+ COMMON_SYSDEP void __cilkrts_yield(void)
+ {
+-#if __APPLE__ || __FreeBSD__ || __VXWORKS__
+- // On MacOS, call sched_yield to yield quantum. I'm not sure why we
+- // don't do this on Linux also.
+- sched_yield();
+-#elif defined(__DragonFly__)
+- // On DragonFly BSD, call sched_yield to yield quantum.
+- sched_yield();
+-#elif defined(__MIC__)
++#if defined(__MIC__)
+ // On MIC, pthread_yield() really trashes things. Arch's measurements
+ // showed that calling _mm_delay_32() (or doing nothing) was a better
+ // option. Delaying 1024 clock cycles is a reasonable compromise between
+ // giving up the processor and latency starting up when work becomes
+ // available
+ _mm_delay_32(1024);
+-#elif defined(__ANDROID__) || (defined(__sun__) && defined(__svr4__))
+- // On Android and Solaris, call sched_yield to yield quantum. I'm not
+- // sure why we don't do this on Linux also.
+- sched_yield();
+-#else
+- // On Linux, call pthread_yield (which in turn will call sched_yield)
+- // to yield quantum.
++#elif defined(__sun__) && !defined(__svr4__)
++ // On old SunOS call pthread_yield to yield a quantum.
+ pthread_yield();
++#else
++ // On other platforms call sched_yield to yield a quantum.
++ sched_yield();
+ #endif
+ }
+
+--
+2.8.1
+
diff --git a/system/gcc/203-libgcc_s.patch b/system/gcc/203-libgcc_s.patch
new file mode 100644
index 000000000..c74351c71
--- /dev/null
+++ b/system/gcc/203-libgcc_s.patch
@@ -0,0 +1,56 @@
+From 9e3eab51e518018d9d99b3123598b1e2322a6af3 Mon Sep 17 00:00:00 2001
+From: Szabolcs Nagy <nsz@port70.net>
+Date: Sat, 24 Oct 2015 20:09:53 +0000
+Subject: [PATCH 3/6] libgcc_s
+
+---
+ gcc/config/i386/i386.c | 4 ++--
+ libgcc/config/i386/cpuinfo.c | 6 +++---
+ libgcc/config/i386/t-linux | 2 +-
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/gcc/config/i386/i386.c b/gcc/config/i386/i386.c
+index 3d044e8..82523e1 100644
+--- a/gcc/config/i386/i386.c
++++ b/gcc/config/i386/i386.c
+@@ -40269,10 +40269,10 @@ ix86_expand_builtin (tree exp, rtx target, rtx subtarget,
+ {
+ case IX86_BUILTIN_CPU_INIT:
+ {
+- /* Make it call __cpu_indicator_init in libgcc. */
++ /* Make it call __cpu_indicator_init_local in libgcc.a. */
+ tree call_expr, fndecl, type;
+ type = build_function_type_list (integer_type_node, NULL_TREE);
+- fndecl = build_fn_decl ("__cpu_indicator_init", type);
++ fndecl = build_fn_decl ("__cpu_indicator_init_local", type);
+ call_expr = build_call_expr (fndecl, 0);
+ return expand_expr (call_expr, target, mode, EXPAND_NORMAL);
+ }
+diff --git a/libgcc/config/i386/cpuinfo.c b/libgcc/config/i386/cpuinfo.c
+index 8c2248d..6c82f15 100644
+--- a/libgcc/config/i386/cpuinfo.c
++++ b/libgcc/config/i386/cpuinfo.c
+@@ -485,7 +485,7 @@ __cpu_indicator_init (void)
+ return 0;
+ }
+
+-#if defined SHARED && defined USE_ELF_SYMVER
+-__asm__ (".symver __cpu_indicator_init, __cpu_indicator_init@GCC_4.8.0");
+-__asm__ (".symver __cpu_model, __cpu_model@GCC_4.8.0");
++#ifndef SHARED
++int __cpu_indicator_init_local (void)
++ __attribute__ ((weak, alias ("__cpu_indicator_init")));
+ #endif
+diff --git a/libgcc/config/i386/t-linux b/libgcc/config/i386/t-linux
+index 11bb46e..4f47f7b 100644
+--- a/libgcc/config/i386/t-linux
++++ b/libgcc/config/i386/t-linux
+@@ -3,4 +3,4 @@
+ # t-slibgcc-elf-ver and t-linux
+ SHLIB_MAPFILES = libgcc-std.ver $(srcdir)/config/i386/libgcc-glibc.ver
+
+-HOST_LIBGCC2_CFLAGS += -mlong-double-80 -DUSE_ELF_SYMVER
++HOST_LIBGCC2_CFLAGS += -mlong-double-80
+--
+2.8.1
+
diff --git a/system/gcc/204-linux_libc_has_function.patch b/system/gcc/204-linux_libc_has_function.patch
new file mode 100644
index 000000000..2dcedc3a7
--- /dev/null
+++ b/system/gcc/204-linux_libc_has_function.patch
@@ -0,0 +1,25 @@
+From edec78452d693fb524daa9a6efd45c850b27b25c Mon Sep 17 00:00:00 2001
+From: Szabolcs Nagy <nsz@port70.net>
+Date: Fri, 6 Nov 2015 23:59:20 +0000
+Subject: [PATCH 4/6] linux_libc_has_function
+
+---
+ gcc/config/linux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gcc/config/linux.c b/gcc/config/linux.c
+index 250296b..16c3768 100644
+--- a/gcc/config/linux.c
++++ b/gcc/config/linux.c
+@@ -26,7 +26,7 @@ along with GCC; see the file COPYING3. If not see
+ bool
+ linux_libc_has_function (enum function_class fn_class)
+ {
+- if (OPTION_GLIBC)
++ if (OPTION_GLIBC || OPTION_MUSL)
+ return true;
+ if (OPTION_BIONIC)
+ if (fn_class == function_c94
+--
+2.8.1
+
diff --git a/system/gcc/205-nopie.patch b/system/gcc/205-nopie.patch
new file mode 100644
index 000000000..e3da94d10
--- /dev/null
+++ b/system/gcc/205-nopie.patch
@@ -0,0 +1,75 @@
+From b6015aca9c9cc83739fd0ed637a835119b2c4e34 Mon Sep 17 00:00:00 2001
+From: Szabolcs Nagy <nsz@port70.net>
+Date: Sat, 7 Nov 2015 02:08:05 +0000
+Subject: [PATCH 5/6] nopie
+
+---
+ gcc/configure | 27 +++++++++++++++++++++++++++
+ gcc/configure.ac | 13 +++++++++++++
+ 2 files changed, 40 insertions(+)
+
+diff --git a/gcc/configure b/gcc/configure
+index 1c6e340..7e8b5d6 100755
+--- a/gcc/configure
++++ b/gcc/configure
+@@ -29390,6 +29390,33 @@ fi
+ $as_echo "$gcc_cv_no_pie" >&6; }
+ if test "$gcc_cv_no_pie" = "yes"; then
+ NO_PIE_FLAG="-no-pie"
++else
++ # Check if -nopie works.
++ { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -nopie option" >&5
++$as_echo_n "checking for -nopie option... " >&6; }
++if test "${gcc_cv_nopie+set}" = set; then :
++ $as_echo_n "(cached) " >&6
++else
++ saved_LDFLAGS="$LDFLAGS"
++ LDFLAGS="$LDFLAGS -nopie"
++ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++int main(void) {return 0;}
++_ACEOF
++if ac_fn_cxx_try_link "$LINENO"; then :
++ gcc_cv_nopie=yes
++else
++ gcc_cv_nopie=no
++fi
++rm -f core conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++ LDFLAGS="$saved_LDFLAGS"
++fi
++{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gcc_cv_nopie" >&5
++$as_echo "$gcc_cv_nopie" >&6; }
++ if test "$gcc_cv_nopie" = "yes"; then
++ NO_PIE_FLAG="-nopie"
++ fi
+ fi
+
+
+diff --git a/gcc/configure.ac b/gcc/configure.ac
+index 6c1dcd9..0ca7647 100644
+--- a/gcc/configure.ac
++++ b/gcc/configure.ac
+@@ -6098,6 +6098,19 @@ AC_CACHE_CHECK([for -no-pie option],
+ LDFLAGS="$saved_LDFLAGS"])
+ if test "$gcc_cv_no_pie" = "yes"; then
+ NO_PIE_FLAG="-no-pie"
++else
++ # Check if -nopie works.
++ AC_CACHE_CHECK([for -nopie option],
++ [gcc_cv_nopie],
++ [saved_LDFLAGS="$LDFLAGS"
++ LDFLAGS="$LDFLAGS -nopie"
++ AC_LINK_IFELSE([int main(void) {return 0;}],
++ [gcc_cv_nopie=yes],
++ [gcc_cv_nopie=no])
++ LDFLAGS="$saved_LDFLAGS"])
++ if test "$gcc_cv_nopie" = "yes"; then
++ NO_PIE_FLAG="-nopie"
++ fi
+ fi
+ AC_SUBST([NO_PIE_FLAG])
+
+--
+2.8.1
+
diff --git a/system/gcc/207-static-pie.patch b/system/gcc/207-static-pie.patch
new file mode 100644
index 000000000..9355c584b
--- /dev/null
+++ b/system/gcc/207-static-pie.patch
@@ -0,0 +1,40 @@
+diff --git a/gcc/config/gnu-user.h b/gcc/config/gnu-user.h
+index b0bf40a..d4b56fe 100644
+--- a/gcc/config/gnu-user.h
++++ b/gcc/config/gnu-user.h
+@@ -51,10 +51,10 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
+ #if defined HAVE_LD_PIE
+ #define GNU_USER_TARGET_STARTFILE_SPEC \
+ "%{!shared: %{pg|p|profile:gcrt1.o%s;: \
+- %{" PIE_SPEC ":Scrt1.o%s} %{" NO_PIE_SPEC ":crt1.o%s}}} \
+- crti.o%s %{static:crtbeginT.o%s;: %{shared:crtbeginS.o%s} \
++ %{" PIE_SPEC ":%{static:rcrt1.o%s;:Scrt1.o%s}} %{" NO_PIE_SPEC ":crt1.o%s}}} \
++ crti.o%s %{shared:crtbeginS.o%s;: \
+ %{" PIE_SPEC ":crtbeginS.o%s} \
+- %{" NO_PIE_SPEC ":crtbegin.o%s}} \
++ %{" NO_PIE_SPEC ":%{static:crtbeginT.o%s;:crtbegin.o%s}}} \
+ %{fvtable-verify=none:%s; \
+ fvtable-verify=preinit:vtv_start_preinit.o%s; \
+ fvtable-verify=std:vtv_start.o%s} \
+diff --git a/gcc/gcc.c b/gcc/gcc.c
+index 0208d61..731564e 100644
+--- a/gcc/gcc.c
++++ b/gcc/gcc.c
+@@ -870,7 +870,7 @@ proper position among the other output files. */
+ #endif
+
+ #ifdef ENABLE_DEFAULT_PIE
+-#define NO_PIE_SPEC "no-pie|static"
++#define NO_PIE_SPEC "no-pie"
+ #define PIE_SPEC NO_PIE_SPEC "|r|shared:;"
+ #define NO_FPIE1_SPEC "fno-pie"
+ #define FPIE1_SPEC NO_FPIE1_SPEC ":;"
+@@ -916,7 +916,7 @@ proper position among the other output files. */
+ #ifndef LINK_PIE_SPEC
+ #ifdef HAVE_LD_PIE
+ #ifndef LD_PIE_SPEC
+-#define LD_PIE_SPEC "-pie"
++#define LD_PIE_SPEC "-pie %{static:--no-dynamic-linker -Bsymbolic}"
+ #endif
+ #else
+ #define LD_PIE_SPEC ""
diff --git a/system/gcc/300-main-gcc-add-musl-s390x-dynamic-linker.patch b/system/gcc/300-main-gcc-add-musl-s390x-dynamic-linker.patch
new file mode 100644
index 000000000..241957871
--- /dev/null
+++ b/system/gcc/300-main-gcc-add-musl-s390x-dynamic-linker.patch
@@ -0,0 +1,32 @@
+From be841c16dd544553c67faac79bd4cc3cd10a1dc0 Mon Sep 17 00:00:00 2001
+From: "Tuan M. Hoang" <tmhoang@flatglobe.org>
+Date: Mon, 21 Nov 2016 01:42:16 +0700
+Subject: [PATCH] main/gcc: add musl s390x dynamic linker
+
+---
+ gcc/config/s390/linux.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/gcc/config/s390/linux.h b/gcc/config/s390/linux.h
+index 1e3ed35..a244214 100644
+--- a/gcc/config/s390/linux.h
++++ b/gcc/config/s390/linux.h
+@@ -63,6 +63,15 @@ along with GCC; see the file COPYING3. If not see
+ #define GLIBC_DYNAMIC_LINKER32 "/lib/ld.so.1"
+ #define GLIBC_DYNAMIC_LINKER64 "/lib/ld64.so.1"
+
++#undef MUSL_DYNAMIC_LINKER
++#define MUSL_DYNAMIC_LINKER "/lib/ld-musl-s390x.so.1"
++#undef MUSL_DYNAMIC_LINKER32
++#define MUSL_DYNAMIC_LINKER32 "/lib/ld-musl-s390x.so.1"
++#undef MUSL_DYNAMIC_LINKER64
++#define MUSL_DYNAMIC_LINKER64 "/lib/ld-musl-s390x.so.1"
++#undef MUSL_DYNAMIC_LINKERX32
++#define MUSL_DYNAMIC_LINKERX32 "/lib/ld-musl-s390x.so.1"
++
+ #undef LINK_SPEC
+ #define LINK_SPEC \
+ "%{m31:-m elf_s390}%{m64:-m elf64_s390} --as-needed \
+--
+2.10.2
+
diff --git a/system/gcc/310-build-gcj-s390x.patch b/system/gcc/310-build-gcj-s390x.patch
new file mode 100644
index 000000000..1e522ee15
--- /dev/null
+++ b/system/gcc/310-build-gcj-s390x.patch
@@ -0,0 +1,28 @@
+From 697a7ba791fce2ffab2ed723d909a89684019e3d Mon Sep 17 00:00:00 2001
+From: "Tuan M. Hoang" <tmhoang@flatglobe.org>
+Date: Sun, 19 Feb 2017 17:03:33 +0000
+Subject: [PATCH] main/gcc : when building gcc-java on s390x, libgcj.so
+ complains about undefined reference to __data_start. Using
+ SEARCH_FOR_DATA_START instead solved it. Credit to Andrew Haley at RedHat.
+
+---
+ boehm-gc/include/private/gcconfig.h | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/boehm-gc/include/private/gcconfig.h b/boehm-gc/include/private/gcconfig.h
+index 4ca6a80..a15fff6 100644
+--- a/boehm-gc/include/private/gcconfig.h
++++ b/boehm-gc/include/private/gcconfig.h
+@@ -1837,8 +1837,7 @@
+ # define OS_TYPE "LINUX"
+ # define LINUX_STACKBOTTOM
+ # define DYNAMIC_LOADING
+- extern int __data_start[];
+-# define DATASTART ((ptr_t)(__data_start))
++# define SEARCH_FOR_DATA_START
+ extern int _end[];
+ # define DATAEND (_end)
+ # define CACHE_LINE_SIZE 256
+--
+2.11.1
+
diff --git a/system/gcc/320-libffi-gnulinux.patch b/system/gcc/320-libffi-gnulinux.patch
new file mode 100644
index 000000000..b3b4fc931
--- /dev/null
+++ b/system/gcc/320-libffi-gnulinux.patch
@@ -0,0 +1,13 @@
+diff --git a/libffi/closures.c.orig b/libffi/closures.c
+index 721ff00..22a699c 100644
+--- a/libffi/src/closures.c.orig
++++ b/libffi/src/closures.c
+@@ -34,7 +34,7 @@
+ #include <ffi_common.h>
+
+ #if !FFI_MMAP_EXEC_WRIT && !FFI_EXEC_TRAMPOLINE_TABLE
+-# if __gnu_linux__ && !defined(__ANDROID__)
++# if __linux__ && !defined(__ANDROID__)
+ /* This macro indicates it may be forbidden to map anonymous memory
+ with both write and execute permission. Code compiled when this
+ option is defined will attempt to map such pages once, but if it
diff --git a/system/gcc/APKBUILD b/system/gcc/APKBUILD
new file mode 100644
index 000000000..0ae8352ae
--- /dev/null
+++ b/system/gcc/APKBUILD
@@ -0,0 +1,644 @@
+# Maintainer: Adelie Platform Group <adelie-devel@lists.adelielinux.org>
+pkgname=gcc
+pkgver=6.4.0
+[ "$BOOTSTRAP" = "nolibc" ] && pkgname="gcc-pass2"
+[ "$CBUILD" != "$CHOST" ] && _cross="-$CARCH" || _cross=""
+[ "$CHOST" != "$CTARGET" ] && _target="-$CTARGET_ARCH" || _target=""
+
+pkgname="$pkgname$_target"
+pkgrel=7
+pkgdesc="The GNU Compiler Collection"
+url="http://gcc.gnu.org"
+arch="all"
+license="GPL LGPL"
+_gccrel=$pkgver-r$pkgrel
+depends="binutils$_target isl"
+makedepends_build="gcc$_cross g++$_cross paxmark bison flex texinfo zip gmp-dev mpfr-dev mpc1-dev zlib-dev"
+makedepends_host="linux-headers gmp-dev mpfr-dev mpc1-dev isl-dev zlib-dev !gettext-dev"
+subpackages=" "
+[ "$CHOST" = "$CTARGET" ] && subpackages="gcc-doc$_target"
+replaces="libstdc++ binutils"
+options="$options !check !dbg strip"
+
+: ${LANG_CXX:=true}
+: ${LANG_OBJC:=true}
+: ${LANG_JAVA:=true}
+: ${LANG_GO:=true}
+: ${LANG_FORTRAN:=true}
+: ${LANG_ADA:=true}
+
+LIBGOMP=true
+LIBGCC=true
+LIBATOMIC=true
+LIBITM=true
+
+if [ "$CHOST" != "$CTARGET" ]; then
+ if [ "$BOOTSTRAP" = nolibc ]; then
+ LANG_CXX=false
+ LANG_ADA=false
+ LIBGCC=false
+ _builddir="$srcdir/build-cross-pass2"
+ else
+ _builddir="$srcdir/build-cross-final"
+ fi
+ LANG_OBJC=false
+ LANG_JAVA=false
+ LANG_GO=false
+ LANG_FORTRAN=false
+ LIBGOMP=false
+ LIBATOMIC=false
+ LIBITM=false
+
+ # reset target flags (should be set in crosscreate abuild)
+ # fixup flags. seems gcc treats CPPFLAGS as global without
+ # _FOR_xxx variants. wrap it in CFLAGS and CXXFLAGS.
+ export CFLAGS="$CPPFLAGS $CFLAGS"
+ export CXXFLAGS="$CPPFLAGS $CXXFLAGS"
+ unset CPPFLAGS
+ export CFLAGS_FOR_TARGET=" "
+ export CXXFLAGS_FOR_TARGET=" "
+ export LDFLAGS_FOR_TARGET=" "
+
+ STRIP_FOR_TARGET="$CTARGET-strip"
+elif [ "$CBUILD" != "$CHOST" ]; then
+ # fixup flags. seems gcc treats CPPFLAGS as global without
+ # _FOR_xxx variants. wrap it in CFLAGS and CXXFLAGS.
+ export CFLAGS="$CPPFLAGS $CFLAGS"
+ export CXXFLAGS="$CPPFLAGS $CXXFLAGS"
+ unset CPPFLAGS
+
+ # reset flags and cc for build
+ export CC_FOR_BUILD="gcc"
+ export CXX_FOR_BUILD="g++"
+ export CFLAGS_FOR_BUILD=" "
+ export CXXFLAGS_FOR_BUILD=" "
+ export LDFLAGS_FOR_BUILD=" "
+ export CFLAGS_FOR_TARGET=" "
+ export CXXFLAGS_FOR_TARGET=" "
+ export LDFLAGS_FOR_TARGET=" "
+
+ # Languages that do not need bootstrapping
+ LANG_OBJC=false
+ LANG_JAVA=false
+ LANG_GO=false
+ LANG_FORTRAN=false
+
+ STRIP_FOR_TARGET=${CROSS_COMPILE}strip
+ _builddir="$srcdir/build-cross-native"
+else
+ STRIP_FOR_TARGET=${CROSS_COMPILE}strip
+ _builddir="$srcdir/build"
+fi
+
+# Go needs {set,make,swap}context, unimplemented in musl
+[ "$CTARGET_LIBC" = musl ] && LANG_GO=false
+
+# libitm has TEXTRELs in ARM build, so disable for now
+case "$CTARGET_ARCH" in
+arm*) LIBITM=false ;;
+esac
+
+# Fortran uses libquadmath if toolchain has __float128
+# currently on x86, x86_64 and ia64
+LIBQUADMATH=$LANG_FORTRAN
+case "$CTARGET_ARCH" in
+pmmx | x86 | x86_64) LIBQUADMATH=$LANG_FORTRAN ;;
+*) LIBQUADMATH=false ;;
+esac
+
+# libatomic is a dependency for openvswitch
+$LIBATOMIC && subpackages="$subpackages libatomic::$CTARGET_ARCH"
+$LIBGCC && subpackages="$subpackages libgcc::$CTARGET_ARCH"
+$LIBQUADMATH && subpackages="$subpackages libquadmath::$CTARGET_ARCH"
+if $LIBGOMP; then
+ depends="$depends libgomp=$_gccrel"
+ subpackages="$subpackages libgomp::$CTARGET_ARCH"
+fi
+
+_languages=c
+if $LANG_CXX; then
+ subpackages="$subpackages libstdc++:libcxx:$CTARGET_ARCH g++$_target:gpp"
+ _languages="$_languages,c++"
+fi
+if $LANG_OBJC; then
+ subpackages="$subpackages libobjc::$CTARGET_ARCH gcc-objc$_target:objc"
+ _languages="$_languages,objc"
+fi
+if $LANG_JAVA; then
+ subpackages="$subpackages libgcj::$CTARGET_ARCH gcc-java$_target:java"
+ _languages="$_languages,java"
+fi
+if $LANG_GO; then
+ subpackages="$subpackages libgo::$CTARGET_ARCH gcc-go$_target:go"
+ _languages="$_languages,go"
+fi
+if $LANG_FORTRAN; then
+ subpackages="$subpackages libgfortran::$CTARGET_ARCH gfortran$_target:gfortran"
+ _languages="$_languages,fortran"
+fi
+if $LANG_ADA; then
+ subpackages="$subpackages libgnat::$CTARGET_ARCH gcc-gnat$_target:gnat"
+ _languages="$_languages,ada"
+ makedepends_build="$makedepends_build gcc-gnat gcc-gnat$_cross"
+fi
+makedepends="$makedepends_build $makedepends_host"
+
+source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-${_pkgbase:-$pkgver}/gcc-${_pkgbase:-$pkgver}.tar.xz
+ ftp://sourceware.org/pub/java/ecj-4.9.jar
+
+ 001_all_default-ssp-strong.patch
+ 002_all_default-relro.patch
+ 003_all_default-fortify-source.patch
+ 005_all_default-as-needed.patch
+ 011_all_default-warn-format-security.patch
+ 012_all_default-warn-trampolines.patch
+ 020_all_msgfmt-libstdc++-link.patch
+ 050_all_libiberty-asprintf.patch
+ 051_all_libiberty-pic.patch
+ 053_all_libitm-no-fortify-source.patch
+ 067_all_gcc-poison-system-directories.patch
+ 090_all_pr55930-dependency-tracking.patch
+
+ 201-cilkrts.patch
+ 203-libgcc_s.patch
+ 204-linux_libc_has_function.patch
+ 205-nopie.patch
+ 207-static-pie.patch
+
+ libgcc-always-build-gcceh.a.patch
+ gcc-4.9-musl-fortify.patch
+ gcc-6.1-musl-libssp.patch
+ boehm-gc-musl.patch
+ gcc-pure64.patch
+ fix-gcj-stdgnu14-link.patch
+ fix-gcj-musl.patch
+ fix-gcj-iconv-musl.patch
+
+ gcc-4.8-build-args.patch
+ fix-cxxflags-passing.patch
+ ada-fixes.patch
+ ada-shared.patch
+ ada-musl.patch
+ ada-aarch64-multiarch.patch
+
+ 300-main-gcc-add-musl-s390x-dynamic-linker.patch
+ 310-build-gcj-s390x.patch
+ 320-libffi-gnulinux.patch
+
+ fix-rs6000-pie.patch
+ add-classic_table-support.patch
+ "
+
+# we build out-of-tree
+_gccdir="$srcdir"/gcc-${_pkgbase:-$pkgver}
+_gcclibdir=/usr/lib/gcc/${CTARGET}/$pkgver
+_gcclibexec=/usr/libexec/gcc/${CTARGET}/$pkgver
+
+prepare() {
+ cd "$_gccdir"
+
+ _err=
+ for i in $source; do
+ case "$i" in
+ *.patch)
+ msg "Applying $i"
+ patch -p1 -F3 -i "$srcdir"/$i || _err="$_err $i"
+ ;;
+ esac
+ done
+
+ if [ -n "$_err" ]; then
+ error "The following patches failed:"
+ for i in $_err; do
+ echo " $i"
+ done
+ return 1
+ fi
+
+ # see http://gcc.gnu.org/ml/java/2008-04/msg00027.html
+ mv "$srcdir"/ecj-*.jar ecj.jar
+
+ echo ${pkgver} > gcc/BASE-VER
+ echo "UNSUPPORTED=1" > libcilkrts/configure.tgt
+}
+
+build() {
+ local _arch_configure=
+ local _libc_configure=
+ local _cross_configure=
+ local _bootstrap_configure=
+ local _hash_style=gnu
+ local _symvers=
+
+ cd "$_gccdir"
+
+ case "$CTARGET" in
+ aarch64-*-*-*) _arch_configure="--with-arch=armv8-a --with-abi=lp64";;
+ armv5-*-*-*eabi) _arch_configure="--with-arch=armv5te --with-tune=arm926ej-s --with-float=soft --with-abi=aapcs-linux";;
+ armv6-*-*-*eabihf) _arch_configure="--with-arch=armv6zk --with-tune=arm1176jzf-s --with-fpu=vfp --with-float=hard --with-abi=aapcs-linux";;
+ armv7-*-*-*eabihf) _arch_configure="--with-arch=armv7-a --with-tune=generic-armv7-a --with-fpu=vfpv3-d16 --with-float=hard --with-abi=aapcs-linux --with-mode=thumb";;
+ mipsel-*-*-*) _arch_configure="--with-arch-32=mips2 --with-tune-32=mips32 --with-fp-32=32 --with-mips-plt --with-float=hard --with-abi=32";;
+ mips-*-*-*) _arch_configure="--with-arch=mips3 --with-mips-plt --with-abi=32"; _hash_style="sysv";;
+ mips32el-*-*-*) _arch_configure="--with-arch=mips32 --with-mips-plt --with-abi=32"; _hash_style="sysv";;
+ powerpc-*-*-*) _arch_configure="--enable-secureplt --enable-decimal-float=no";;
+ powerpc64*-*-*-*) _arch_configure="--with-abi=elfv2 --enable-secureplt --enable-decimal-float=no";;
+ powerpc64le*-*-*-*) _arch_configure="--with-abi=elfv2 --enable-secureplt --enable-decimal-float=no";;
+ i486-*-*-*) _arch_configure="--with-arch=i486 --with-tune=generic --enable-cld";;
+ i586-*-*-*) _arch_configure="--with-arch=i586 --with-tune=pentium2 --enable-cld --enable-mmx";;
+ pentium3-*-*-*) _arch_configure="--with-arch=pentium3 --with-tune=pentium-m";;
+ s390x-*-*-*) _arch_configure="--with-arch=z196 --with-tune=zEC12 --with-zarch --with-long-double-128 --enable-decimal-float";;
+ esac
+
+ case "$CTARGET_LIBC" in
+ musl)
+ # musl does not support mudflap, or libsanitizer
+ # libmpx uses secure_getenv and struct _libc_fpstate not present in musl
+ # alpine musl provides libssp_nonshared.a, so we don't need libssp either
+ _libc_configure="--disable-libssp --disable-libmpx --disable-libmudflap --disable-libsanitizer"
+ _symvers="--disable-symvers"
+ export libat_cv_have_ifunc=no
+ ;;
+ esac
+
+ [ "$CBUILD" != "$CHOST" ] && _cross_configure="--disable-bootstrap"
+ [ "$CHOST" != "$CTARGET" ] && _cross_configure="--disable-bootstrap --with-sysroot=$CBUILDROOT"
+
+ case "$BOOTSTRAP" in
+ nolibc) _bootstrap_configure="--with-newlib --disable-shared --enable-threads=no" ;;
+ *) _bootstrap_configure="--enable-shared --enable-threads --enable-tls" ;;
+ esac
+
+ $LIBGOMP || _bootstrap_configure="$_bootstrap_configure --disable-libgomp"
+ $LIBATOMIC || _bootstrap_configure="$_bootstrap_configure --disable-libatomic"
+ $LIBITM || _bootstrap_configure="$_bootstrap_configure --disable-libitm"
+ $LIBQUADMATH || _arch_configure="$_arch_configure --disable-libquadmath"
+
+ msg "Building the following:"
+ echo ""
+ echo " CBUILD=$CBUILD"
+ echo " CHOST=$CHOST"
+ echo " CTARGET=$CTARGET"
+ echo " CTARGET_ARCH=$CTARGET_ARCH"
+ echo " CTARGET_LIBC=$CTARGET_LIBC"
+ echo " languages=$_languages"
+ echo " arch_configure=$_arch_configure"
+ echo " libc_configure=$_libc_configure"
+ echo " cross_configure=$_cross_configure"
+ echo " bootstrap_configure=$_bootstrap_configure"
+ echo " hash_style=$_hash_style"
+ echo ""
+
+ mkdir -p "$_builddir"
+ cd "$_builddir"
+ "$_gccdir"/configure --prefix=/usr \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --build=${CBUILD} \
+ --host=${CHOST} \
+ --target=${CTARGET} \
+ --with-pkgversion="Adelie ${pkgver}" \
+ --with-bugurl="http://bts.adelielinux.org/" \
+ --enable-checking=release \
+ --disable-fixed-point \
+ --disable-libstdcxx-pch \
+ --disable-multilib \
+ --disable-nls \
+ --disable-werror \
+ $_symvers \
+ --enable-__cxa_atexit \
+ --enable-default-pie \
+ --enable-cloog-backend \
+ --enable-languages=$_languages \
+ $_arch_configure \
+ $_libc_configure \
+ $_cross_configure \
+ $_bootstrap_configure \
+ --with-system-zlib \
+ --with-linker-hash-style=$_hash_style
+ make
+}
+
+check() {
+ cd "$_builddir"
+ make check
+}
+
+package() {
+ cd "$_builddir"
+ make -j1 DESTDIR="${pkgdir}" install
+
+ ln -s gcc "$pkgdir"/usr/bin/cc
+
+ # we dont support gcj -static
+ # and saving 35MB is not bad.
+ find "$pkgdir" -name libgcj.a -o -name libgtkpeer.a \
+ -o -name libgjsmalsa.a -o -name libgcj-tools.a \
+ -o -name libjvm.a -o -name libgij.a -o -name libgcj_bc.a \
+ -o -name libjavamath.a \
+ | xargs rm -f
+
+ # strip debug info from some static libs
+ ${STRIP_FOR_TARGET} -g `find "$pkgdir" \( -name libgfortran.a -o -name libobjc.a -o -name libgomp.a \
+ -o -name libmudflap.a -o -name libmudflapth.a \
+ -o -name libgcc.a -o -name libgcov.a -o -name libquadmath.a \
+ -o -name libitm.a -o -name libgo.a -o -name libcaf\*.a \
+ -o -name libatomic.a -o -name libasan.a -o -name libtsan.a \) \
+ -a -type f`
+
+ if $LANG_JAVA; then
+ sed -i -e 's/lib: /&%{static:%eJava programs cannot be linked statically}/' \
+ "$pkgdir"/usr/lib/libgcj.spec
+ fi
+
+ if $LIBGOMP; then
+ mv "$pkgdir"/usr/lib/libgomp.spec "$pkgdir"/$_gcclibdir
+ fi
+ if $LIBITM; then
+ mv "$pkgdir"/usr/lib/libitm.spec "$pkgdir"/$_gcclibdir
+ fi
+
+ # remove ffi
+ rm -f "$pkgdir"/usr/lib/libffi* "$pkgdir"/usr/share/man/man3/ffi*
+ find "$pkgdir" -name 'ffi*.h' | xargs rm -f
+
+ local gdblib=${_target:+$CTARGET/}lib
+ for i in $(find "$pkgdir"/usr/$gdblib/ -type f -maxdepth 1 -name "*-gdb.py" ); do
+ mkdir -p "$pkgdir"/usr/share/gdb/python/auto-load/usr/$gdblib
+ mv "$i" "$pkgdir"/usr/share/gdb/python/auto-load/usr/$gdblib/
+ done
+
+ paxmark -pmrs "$pkgdir"/$_gcclibexec/cc1
+
+ # move ada runtime libs
+ if $LANG_ADA; then
+ for i in $(find "$pkgdir"/$_gcclibdir/adalib/ -type f -maxdepth 1 -name "libgna*.so"); do
+ mv "$i" "$pkgdir"/usr/lib/
+ ln -s ../../../../${i##*/} $i
+ done
+ fi
+
+ if [ "$CHOST" != "$CTARGET" ]; then
+ # cross-gcc: remove any files that would conflict with the
+ # native gcc package
+ rm -rf "$pkgdir"/usr/bin/cc "$pkgdir"/usr/include "$pkgdir"/usr/share
+ # libcc1 does not depend on target, don't ship it
+ rm -rf "$pkgdir"/usr/lib/libcc1.so*
+
+ # fixup gcc library symlinks to be linker scripts so
+ # linker finds the libs from relocated sysroot
+ for so in "$pkgdir"/usr/$CTARGET/lib/*.so; do
+ if [ -h "$so" ]; then
+ local _real=$(basename $(readlink "$so"))
+ rm -f "$so"
+ echo "GROUP ($_real)" > "$so"
+ fi
+ done
+ fi
+}
+
+libatomic() {
+ pkgdesc="GCC Atomic library"
+ depends=
+ replaces="gcc"
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libatomic.so.* "$subpkgdir"/usr/lib/
+}
+
+libcxx() {
+ pkgdesc="GNU C++ standard runtime library"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libstdc++.so.* "$subpkgdir"/usr/lib/
+}
+
+gpp() {
+ pkgdesc="GNU C++ standard library and compiler"
+ depends="libstdc++=$_gccrel gcc=$_gccrel libc-dev"
+ mkdir -p "$subpkgdir/$_gcclibexec" \
+ "$subpkgdir"/usr/bin \
+ "$subpkgdir"/usr/${_target:+$CTARGET/}include \
+ "$subpkgdir"/usr/${_target:+$CTARGET/}lib \
+
+ mv "$pkgdir/$_gcclibexec/cc1plus" "$subpkgdir/$_gcclibexec/"
+ paxmark -pmrs "$subpkgdir/$_gcclibexec/cc1plus"
+
+ mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/*++* "$subpkgdir"/usr/${_target:+$CTARGET/}lib/
+ mv "$pkgdir"/usr/${_target:+$CTARGET/}include/c++ "$subpkgdir"/usr/${_target:+$CTARGET/}include/
+ mv "$pkgdir"/usr/bin/*++ "$subpkgdir"/usr/bin/
+}
+
+libobjc() {
+ pkgdesc="GNU Objective-C runtime"
+ replaces="objc"
+ depends=
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libobjc.so.* "$subpkgdir"/usr/lib/
+}
+
+objc() {
+ pkgdesc="GNU Objective-C"
+ replaces="gcc"
+ depends="libc-dev gcc=$_gccrel libobjc=$_gccrel"
+
+ mkdir -p "$subpkgdir"/$_gcclibdir/include \
+ "$subpkgdir"/usr/lib
+ mv "$pkgdir"/$_gcclibdir/include/objc "$subpkgdir"/$_gcclibdir/include/
+ mv "$pkgdir"/usr/lib/libobjc.so "$pkgdir"/usr/lib/libobjc.a \
+ "$subpkgdir"/usr/lib/
+}
+
+libgcc() {
+ pkgdesc="GNU C compiler runtime libraries"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libgcc_s.so.* "$subpkgdir"/usr/lib/
+}
+
+libgomp() {
+ pkgdesc="GCC shared-memory parallel programming API library"
+ depends=
+ replaces="gcc"
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/${_target:+$CTARGET/}lib/libgomp.so.* "$subpkgdir"/usr/lib/
+}
+
+java() {
+ pkgdesc="Java support for GCC"
+ depends="zlib-dev gcc=$_gccrel libgcj=$_gccrel"
+
+ paxmark -pm "$pkgdir"/$_gcclibexec/ecj1
+ mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/lib "$subpkgdir"/$_gcclibdir/
+ cd "$pkgdir"/usr/bin
+ mv gcj gcj-dbtool gjavah gcjh jcf-dump "$subpkgdir"/usr/bin/
+ cd "$pkgdir"
+ for i in $(find usr/ -name ecj1 -o -name jc1 -o -name jvgenmain); do
+ mkdir -p "$subpkgdir"/${i%/*}
+ mv "$pkgdir"/$i "$subpkgdir"/$i
+ done
+ for i in "$pkgdir"/usr/lib/libgcj*.so; do
+ if [ -L "$i" ]; then
+ mv "$i" "$subpkgdir"/usr/lib/
+ fi
+ done
+ mv "$pkgdir"/usr/lib/libgij.so "$subpkgdir"/usr/lib/
+ mv "$pkgdir"/usr/lib/libgcj.spec "$subpkgdir"/$_gcclibdir/
+}
+
+libgcj() {
+ pkgdesc="Java runtime library for gcc"
+ # libgcj_bc.so moved from gcc-java to libgcj
+ replaces="gcc-java"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/bin
+ cd "$pkgdir"/usr/bin
+ paxmark -pmse "$pkgdir"/usr/bin/gij
+ mv aot-compile gappletviewer gc-analyze gij gjar gjarsigner gkeytool\
+ gnative2ascii gorbd grmic grmid grmiregistry gserialver \
+ gtnameserv jv-convert rebuild-gcj-db \
+ "$subpkgdir"/usr/bin/
+ cd "$pkgdir"
+ for i in $(find usr/lib -name jc1 -o -name jvgenmain); do
+ mkdir -p "$subpkgdir"/${i%/*}
+ mv "$pkgdir"/$i "$subpkgdir"/$i
+ done
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/gcj-* \
+ "$pkgdir"/usr/lib/libgcj_bc.so \
+ "$pkgdir"/usr/lib/libgcj*.so.* \
+ "$pkgdir"/usr/lib/libgij.so.* \
+ "$pkgdir"/usr/lib/logging.properties \
+ "$pkgdir"/usr/lib/security \
+ "$subpkgdir"/usr/lib/
+
+ mkdir -p "$subpkgdir"/usr/share/
+ mv "$pkgdir"/usr/share/java "$subpkgdir"/usr/share/
+}
+
+libgo() {
+ pkgdesc="Go runtime library for GCC"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libgo.so.* "$subpkgdir"/usr/lib/
+}
+
+go() {
+ pkgdesc="Go support for GCC"
+ depends="gcc=$_gccrel libgo=$_gccrel"
+
+ mkdir -p "$subpkgdir"/$_gcclibexec \
+ "$subpkgdir"/usr/lib \
+ "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/lib/go "$subpkgdir"/usr/lib/
+ mv "$pkgdir"/usr/bin/*gccgo "$subpkgdir"/usr/bin/
+ mv "$pkgdir"/$_gcclibexec/go1 "$subpkgdir"/$_gcclibexec/
+ mv "$pkgdir"/usr/lib/libgo.a \
+ "$pkgdir"/usr/lib/libgo.so \
+ "$pkgdir"/usr/lib/libgobegin.a \
+ "$subpkgdir"/usr/lib/
+}
+
+libgfortran() {
+ pkgdesc="Fortran runtime library for GCC"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libgfortran.so.* "$subpkgdir"/usr/lib/
+}
+
+libquadmath() {
+ replaces="gcc"
+ pkgdesc="128-bit math library for GCC"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libquadmath.so.* "$subpkgdir"/usr/lib/
+}
+
+gfortran() {
+ pkgdesc="GNU Fortran Compiler"
+ depends="gcc=$_gccrel libgfortran=$_gccrel"
+ $LIBQUADMATH && depends="$depends libquadmath=$_gccrel"
+ replaces="gcc"
+
+ mkdir -p "$subpkgdir"/$_gcclibexec \
+ "$subpkgdir"/$_gcclibdir \
+ "$subpkgdir"/usr/lib \
+ "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/*gfortran "$subpkgdir"/usr/bin/
+ mv "$pkgdir"/usr/lib/libgfortran.a \
+ "$pkgdir"/usr/lib/libgfortran.so \
+ "$subpkgdir"/usr/lib/
+ if $LIBQUADMATH; then
+ mv "$pkgdir"/usr/lib/libquadmath.a \
+ "$pkgdir"/usr/lib/libquadmath.so \
+ "$subpkgdir"/usr/lib/
+ fi
+ mv "$pkgdir"/$_gcclibexec/f951 "$subpkgdir"/$_gcclibexec
+ mv "$pkgdir"/usr/lib/libgfortran.spec "$subpkgdir"/$_gcclibdir
+}
+
+libgnat() {
+ pkgdesc="GNU Ada runtime shared libraries"
+ depends=
+
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libgna*.so "$subpkgdir"/usr/lib/
+}
+
+gnat() {
+ pkgdesc="Ada support for GCC"
+ depends="gcc=$_gccrel"
+ [ "$CHOST" = "$CTARGET" ] && depends="$depends libgnat=$_gccrel"
+
+ mkdir -p "$subpkgdir"/$_gcclibexec \
+ "$subpkgdir"/$_gcclibdir \
+ "$subpkgdir"/usr/bin
+ mv "$pkgdir"/$_gcclibexec/*gnat* "$subpkgdir"/$_gcclibexec/
+ mv "$pkgdir"/$_gcclibdir/*ada* "$subpkgdir"/$_gcclibdir/
+ mv "$pkgdir"/usr/bin/*gnat* "$subpkgdir"/usr/bin/
+}
+
+sha512sums="02c60e54527c7adf584798d5251f8a0b80c93d5deafce82501b2c28e6692e0bd783927bbfc4bc527a863c0cccc025150a34740a9e29badb02d4b48e56a8aba90 gcc-6.4.0.tar.xz
+28f8c6fdbcb19e950b1d0bafb3bcc7a8cba87bc673aa6027cece116599cdee80f0cf5e95a1440544890239f5c754e8a93ab46d9daedd937faef445d7ea33b226 ecj-4.9.jar
+a1335adc2fbee98e36c4437ff2587771b98ed4180726779020f65039498235626a411cdb0100dbd20cd19d12f0d94f9a21af179ff624676c28cead9d60598b5d 001_all_default-ssp-strong.patch
+e36e95b81489163abd6fe9d58f7867bdca43e61143afacbfb17f4698c0b16ec5fd0061d8fab7b2ae615540bebd721c2e2227f80401b4e7fc253da9da62e6b513 002_all_default-relro.patch
+f86466c62b8291fac46f9c250c7ad8fa5ab7b1cce2504442fd07ddc4543665b317ae28951f244e39aba29aeaf3fff252ec4f6a147aa16adb2b7aed747dd89188 003_all_default-fortify-source.patch
+51282fea54c7e616367bbeb2479ba13fec6f24eb47bd04e2071907b3b36273b2ff24676f46ef8d22f241c8ab4857307861eee076eab66797c3a50a8ecaa1809a 005_all_default-as-needed.patch
+3398386dd1e079d6545dd9799adc799c6b80e3984fac6899d0e1a7ee21b66d0c7e53cddf17a65d590c883db750f9f79aaedd857355a8b9f7fb9476c906237919 011_all_default-warn-format-security.patch
+9adb0d2b9b67dd957df6c609b8714c7c078efb52cd88770905c37c67827be8fc83d1125037b9c29d77db21ce78756aa2bb0bacdb0b98d869ac126da76a298e21 012_all_default-warn-trampolines.patch
+d35a3ac7e13a4446921a90e1ff3eec1079840c845f9d523c868e24ae21f94cf69ba041de5341ebef96432a6f57598e223381d4286e8fb8baaa25906707f29fbd 020_all_msgfmt-libstdc++-link.patch
+840070a3c423e6206aaa6e63e1d9a0fcd6efd53626cd1240a193f0b60aa5d84216acc4a2a4fa8bce74549b07e6a316b01d638f20cea13dc62473491a302fb3d6 050_all_libiberty-asprintf.patch
+0a0bc72b9366158f5d23fff1928e756fdd212433bac6ab1f00d632f241382820db8db5d475ddf11ea020eaf7e2e71b12fb9b1c3c870cf84adf6c2b16f15aabca 051_all_libiberty-pic.patch
+e7a2eb1b1870e199d6fd753d065781575656fa12baa264f96c5d179689d88c31b8a3f92a5dae96088c05e96aa2bda138364ad7dbcc79e1819a102f192cbb7bab 053_all_libitm-no-fortify-source.patch
+e87da18aa7ab92b02b06168658c63b42a6c73a08fad2a30f81ef6296100fdbe3c3a91548fd0cb24eaf591e862bb08e4b67249bc4b977b07da33523aee0c686bc 067_all_gcc-poison-system-directories.patch
+4a328d1e1a56c20166307edcfa322068915784d9c08025b7f81cf69714da48fc266b6d34f77b9135c2f10da830d9df408276a1b78d1fd218637c2823506593c2 090_all_pr55930-dependency-tracking.patch
+ef052d0c3c9642fcb5ed570069c5a49c8ef523c47ac8ce3f201a801766f72ae4ff7c3725a70ee66e52c0fb559621e35fe0cf5b88b901d71ceadd381f49653a08 201-cilkrts.patch
+808e206f5e107084156fba333d4e091dcbd62f5d7756142bc292d4b0a52619f8c2aaca3617defc2f5b6552ba0439aebd33f4141329d88eab6ddf2dd637d92c08 203-libgcc_s.patch
+fc0de05b36613b732a0222ea005c90653c6a40d6761b6894af2419272f4e74875f37e26af33a9b9940669ef89269c44c46d17ca5bcd54b5cd1176e5eaf2992c1 204-linux_libc_has_function.patch
+98473bcaa77903a223ca9b0d2087c0921b287a2816d308cc32c8fe009e6cbf5dd1ae7fba27794ab8d9c09e117fe534413d91a464d1218474fc123ce0adfdc2c1 205-nopie.patch
+3287d5b443bea8ec64132bcabe869c738ae98ea8f1a86df1c5d18c927f8816edbfcefeefc47792dbbb2bcacf50319af00e01b3735d34525913b64350770ad453 207-static-pie.patch
+d08d7ead2de0429e5c9055d5b029ec2be9a8c821d22cecaf9b51f633652c493333f98963d9267fa2fa63850c50ae5eefd5f59e5910ec10d20044dac082182a8b libgcc-always-build-gcceh.a.patch
+600fe5098dc54edaa9808fd5717af9dec058953f9ad37d49cfba1db4f7e9a7a8f02019342f75157fc575946fa693259422184de27b7ecc8386d9f3ecc0f7cc5d gcc-4.9-musl-fortify.patch
+dbe0ee917fc7668571722364ab7c806731e3a31e8bfa30b4941b28b16b877d2a32b4a3897ef533399a28f82d43cac9b28e92de0493f0e779046db56584e07fa4 gcc-6.1-musl-libssp.patch
+bda845a6aa1854d2c883910b115f79ccfa93dfc2b5eac69a3a236d83eb34cadc140731d616ffc24698c7abc8878dd15f231bcc5119f1860e575a120b311706c7 boehm-gc-musl.patch
+fa62556719449caec6b2b434355bfbcaa5ae55ffe017b3e1f827f66a2aae21b79c571ee7a4ce723ea69169bc3a6447e73650991a200cc372adf2f102677518d7 gcc-pure64.patch
+2253941f3d19b6d08801d3782f5f5ed56c3b73fbc9d3561a8f01c702963ac4fab91599c686076e7081eb6a80c37ccd33591ae978996d6eee1dc0ce0f1c50259a fix-gcj-stdgnu14-link.patch
+f89ddeb21bc8f97e6a850a6b70b4501a8f3e49a4bc8cc82897488decda5d98ad01cb7f6c8b392d452e9579924a523bc75da6e0648c1c976d42e40af48b10343b fix-gcj-musl.patch
+54d67cc008b735e47771314171930c5d8b8f5f5dc97fcf4214824c105c808f3e75d22d5a4fdf5068ed0457fa0d46c60cfb442e276259a4a5e9b8722a027d18e6 fix-gcj-iconv-musl.patch
+abe9aaf9aa956058d0386a4396a511d176a46bb3906b90e952383646cdc158cbeb0a5dc616a1ccb1ca7d49fd0b5e351532aa15a3b13362abbf1ca4266f54a687 gcc-4.8-build-args.patch
+35d6d59f0b7b968f282f56767c9e0823a7bdc5aa0d450aca50fbd802649a7ca608b47671244a3faa208a9b0d6832cabb5a22724157dc817b2c0ad63d09f93282 fix-cxxflags-passing.patch
+9016b257abd8fa981de44a49512e35db814d1cbb47c1a87cd31c12d4ae20b13e9e149fe41691a7ec3c95bbcfde8a79194a8d2eaf547ceade3a246fad67c47dd8 ada-fixes.patch
+3f5bc334d9f73d06f5f7c876738d02356acdd08958bea0e4d2095ebf15c2c2ec4e411abdae0297505ae9a1699ca01b17338e853184e84663203b192b0d35fc19 ada-shared.patch
+631d4bdef6d8bde34df7978bb53ec28c3c909cf1f87139e5f148138d0f09adc58b41ecf0148bbf50fb4bc916c411e9bf8a2b6c046c75c0e77d754d8c35bcd4d7 ada-musl.patch
+fa44c8158111627aa0e91c43e7cc3aa38642c2041c96532dd4f0932dae4d6f92ea2850b683abcf10e7e120299d42ea6b69adc00002a514c76be8e39e99fa052b ada-aarch64-multiarch.patch
+4b4a0ff306a8ef34ff6e3284fbfca869012164a47ba7cb099085c1dd03e6ca0cdd462f82710e08c9a02895adc7484e4c5eef17b5aa264cf5d978fe8ad78eea93 300-main-gcc-add-musl-s390x-dynamic-linker.patch
+385bc2fa50204f678964e5148c6170f572701dab920fbec8301f505bda34d182cde0adb7da042fee71719e12fb59f59181897f9b1bb4f4716ff59aad46ca1998 310-build-gcj-s390x.patch
+f4ef08454e28c8732db69115e4998ec153399e8d229dd27f923dbdcf57b68128a65640d026cc7f45b58ba8764ab1eb575d4eb6d6dfc550a87a183f8b94e76181 320-libffi-gnulinux.patch
+01c71cd5881fc07ea3b9b980697e89b3ca0fe98502958ceafc3fca18b2604c844e2f457feab711baf8e03f00a5383b0e38aac7eb954034e306f43d4a37f165ed fix-rs6000-pie.patch
+68483be0f4daa56bff9f1b4ddcbc9db9087bc0a459388c916dd36746ce20558e092116c3d2eac3daa4512978270901504a6ec6b2aa589e81864e6f236e5d9639 add-classic_table-support.patch"
diff --git a/system/gcc/ada-aarch64-multiarch.patch b/system/gcc/ada-aarch64-multiarch.patch
new file mode 100644
index 000000000..ac60b6f6a
--- /dev/null
+++ b/system/gcc/ada-aarch64-multiarch.patch
@@ -0,0 +1,16 @@
+--- gcc-6.4.0/gcc/ada/gcc-interface/Makefile.in.orig
++++ gcc-6.4.0/gcc/ada/gcc-interface/Makefile.in
+@@ -2042,13 +2042,8 @@
+ system.ads<system-linux-x86_64.ads
+ ## ^^ Note the above is a pretty-close placeholder.
+
+- ifneq (,$(or $(filter aarch64-linux-gnu, $(shell $(GCC_FOR_TARGET) $(GNATLIBCFLAGS) -print-multiarch)), $(filter ../lib64, $(shell $(GCC_FOR_TARGET) $(GNATLIBCFLAGS) -print-multi-os-directory))))
+ LIBGNAT_TARGET_PAIRS = \
+ $(LIBGNAT_TARGET_PAIRS_COMMON) $(LIBGNAT_TARGET_PAIRS_64)
+- else
+- LIBGNAT_TARGET_PAIRS = \
+- $(LIBGNAT_TARGET_PAIRS_COMMON) $(LIBGNAT_TARGET_PAIRS_32)
+- endif
+
+ TOOLS_TARGET_PAIRS = \
+ mlib-tgt-specific.adb<mlib-tgt-specific-linux.adb \
diff --git a/system/gcc/ada-fixes.patch b/system/gcc/ada-fixes.patch
new file mode 100644
index 000000000..ba4ea42b4
--- /dev/null
+++ b/system/gcc/ada-fixes.patch
@@ -0,0 +1,35 @@
+--- gcc-6.1.0.orig/gcc/ada/cal.c
++++ gcc-6.1.0/gcc/ada/cal.c
+@@ -49,6 +49,7 @@
+ #include <time.h>
+ #else
+ #include <sys/time.h>
++#include <time.h>
+ #endif
+
+ #ifdef __MINGW32__
+--- gcc-6.1.0.orig/gcc/ada/terminals.c
++++ gcc-6.1.0/gcc/ada/terminals.c
+@@ -1068,13 +1068,6 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+
+-/* On some system termio is either absent or including it will disable termios
+- (HP-UX) */
+-#if !defined (__hpux__) && !defined (BSD) && !defined (__APPLE__) \
+- && !defined (__rtems__)
+-# include <termio.h>
+-#endif
+-
+ #include <sys/ioctl.h>
+ #include <termios.h>
+ #include <fcntl.h>
+@@ -1169,7 +1162,7 @@
+ char *slave_name = NULL;
+
+ #ifdef USE_GETPT
+- master_fd = getpt ();
++ master_fd = posix_openpt (O_RDWR);
+ #elif defined (USE_OPENPTY)
+ status = openpty (&master_fd, &slave_fd, NULL, NULL, NULL);
+ #elif defined (USE_CLONE_DEVICE)
diff --git a/system/gcc/ada-musl.patch b/system/gcc/ada-musl.patch
new file mode 100644
index 000000000..464c3d57d
--- /dev/null
+++ b/system/gcc/ada-musl.patch
@@ -0,0 +1,137 @@
+diff -rup gcc-5.1.0/gcc.orig/ada/adaint.c gcc-5.1.0/gcc/ada/adaint.c
+--- gcc-5.1.0/gcc.orig/ada/adaint.c 2015-02-20 11:48:57.000000000 +0000
++++ gcc-5.1.0/gcc/ada/adaint.c 2015-06-02 10:47:51.672767476 +0000
+@@ -70,6 +70,11 @@
+ #include <sys/param.h>
+ #include <sys/pstat.h>
+ #endif
++
++#if defined (linux)
++#define _GNU_SOURCE 1
++#include <sched.h>
++#endif
+
+ #ifdef __PikeOS__
+ #define __BSD_VISIBLE 1
+@@ -3057,8 +3062,6 @@ __gnat_lwp_self (void)
+ return (void *) syscall (__NR_gettid);
+ }
+
+-#include <sched.h>
+-
+ /* glibc versions earlier than 2.7 do not define the routines to handle
+ dynamically allocated CPU sets. For these targets, we use the static
+ versions. */
+@@ -3067,7 +3070,7 @@ __gnat_lwp_self (void)
+
+ /* Dynamic cpu sets */
+
+-cpu_set_t *
++void *
+ __gnat_cpu_alloc (size_t count)
+ {
+ return CPU_ALLOC (count);
+@@ -3080,33 +3083,33 @@ __gnat_cpu_alloc_size (size_t count)
+ }
+
+ void
+-__gnat_cpu_free (cpu_set_t *set)
++__gnat_cpu_free (void *set)
+ {
+- CPU_FREE (set);
++ CPU_FREE ((cpu_set_t *) set);
+ }
+
+ void
+-__gnat_cpu_zero (size_t count, cpu_set_t *set)
++__gnat_cpu_zero (size_t count, void *set)
+ {
+- CPU_ZERO_S (count, set);
++ CPU_ZERO_S (count, (cpu_set_t *) set);
+ }
+
+ void
+-__gnat_cpu_set (int cpu, size_t count, cpu_set_t *set)
++__gnat_cpu_set (int cpu, size_t count, void *set)
+ {
+ /* Ada handles CPU numbers starting from 1, while C identifies the first
+ CPU by a 0, so we need to adjust. */
+- CPU_SET_S (cpu - 1, count, set);
++ CPU_SET_S (cpu - 1, count, (cpu_set_t *) set);
+ }
+
+ #else /* !CPU_ALLOC */
+
+ /* Static cpu sets */
+
+-cpu_set_t *
++void *
+ __gnat_cpu_alloc (size_t count ATTRIBUTE_UNUSED)
+ {
+- return (cpu_set_t *) xmalloc (sizeof (cpu_set_t));
++ return xmalloc (sizeof (cpu_set_t));
+ }
+
+ size_t
+@@ -3116,23 +3119,23 @@ __gnat_cpu_alloc_size (size_t count ATTR
+ }
+
+ void
+-__gnat_cpu_free (cpu_set_t *set)
++__gnat_cpu_free (void *set)
+ {
+ free (set);
+ }
+
+ void
+-__gnat_cpu_zero (size_t count ATTRIBUTE_UNUSED, cpu_set_t *set)
++__gnat_cpu_zero (size_t count ATTRIBUTE_UNUSED, void *set)
+ {
+- CPU_ZERO (set);
++ CPU_ZERO ((cpu_set_t *) set);
+ }
+
+ void
+-__gnat_cpu_set (int cpu, size_t count ATTRIBUTE_UNUSED, cpu_set_t *set)
++__gnat_cpu_set (int cpu, size_t count ATTRIBUTE_UNUSED, void *set)
+ {
+ /* Ada handles CPU numbers starting from 1, while C identifies the first
+ CPU by a 0, so we need to adjust. */
+- CPU_SET (cpu - 1, set);
++ CPU_SET (cpu - 1, (cpu_set_t *) set);
+ }
+ #endif /* !CPU_ALLOC */
+ #endif /* linux */
+diff -rup gcc-5.1.0/gcc.orig/ada/adaint.h gcc-5.1.0/gcc/ada/adaint.h
+--- gcc-5.1.0/gcc.orig/ada/adaint.h 2015-01-27 17:20:27.000000000 +0000
++++ gcc-5.1.0/gcc/ada/adaint.h 2015-06-02 10:47:23.188910894 +0000
+@@ -287,13 +287,11 @@ extern void *__gnat_lwp_self (voi
+
+ /* Routines for interface to required CPU set primitives */
+
+-#include <sched.h>
+-
+-extern cpu_set_t *__gnat_cpu_alloc (size_t);
++extern void * __gnat_cpu_alloc (size_t);
+ extern size_t __gnat_cpu_alloc_size (size_t);
+-extern void __gnat_cpu_free (cpu_set_t *);
+-extern void __gnat_cpu_zero (size_t, cpu_set_t *);
+-extern void __gnat_cpu_set (int, size_t, cpu_set_t *);
++extern void __gnat_cpu_free (void *);
++extern void __gnat_cpu_zero (size_t, void *);
++extern void __gnat_cpu_set (int, size_t, void *);
+ #endif
+
+ #if defined (_WIN32)
+diff -rup gcc-5.1.0/gcc.orig/ada/gcc-interface/Makefile.in gcc-5.1.0/gcc/ada/gcc-interface/Makefile.in
+--- gcc-5.1.0/gcc.orig/ada/gcc-interface/Makefile.in 2015-04-09 20:29:28.000000000 +0000
++++ gcc-5.1.0/gcc/ada/gcc-interface/Makefile.in 2015-06-02 10:47:23.188910894 +0000
+@@ -1910,7 +1910,7 @@ ifeq ($(strip $(filter-out powerpc% linu
+ endif
+
+ # ARM linux, GNU eabi
+-ifeq ($(strip $(filter-out arm% linux-gnueabi%,$(target_cpu) $(target_os))),)
++ifeq ($(strip $(filter-out arm% linux-gnueabi% linux-musleabi% linux-muslgnueabi%,$(target_cpu) $(target_os))),)
+ LIBGNAT_TARGET_PAIRS = \
+ a-intnam.ads<a-intnam-linux.ads \
+ s-inmaop.adb<s-inmaop-posix.adb \
diff --git a/system/gcc/ada-shared.patch b/system/gcc/ada-shared.patch
new file mode 100644
index 000000000..6f1c16aff
--- /dev/null
+++ b/system/gcc/ada-shared.patch
@@ -0,0 +1,30 @@
+Index: b/gcc/ada/link.c
+===================================================================
+--- a/gcc/ada/link.c
++++ b/gcc/ada/link.c
+@@ -105,9 +105,9 @@
+
+ #elif defined (__FreeBSD__)
+ const char *__gnat_object_file_option = "-Wl,@";
+-const char *__gnat_run_path_option = "-Wl,-rpath,";
+-char __gnat_shared_libgnat_default = STATIC;
+-char __gnat_shared_libgcc_default = STATIC;
++const char *__gnat_run_path_option = "";
++char __gnat_shared_libgnat_default = SHARED;
++char __gnat_shared_libgcc_default = SHARED;
+ int __gnat_link_max = 8192;
+ unsigned char __gnat_objlist_file_supported = 1;
+ const char *__gnat_object_library_extension = ".a";
+@@ -127,9 +127,9 @@
+
+ #elif defined (linux) || defined(__GLIBC__)
+ const char *__gnat_object_file_option = "-Wl,@";
+-const char *__gnat_run_path_option = "-Wl,-rpath,";
+-char __gnat_shared_libgnat_default = STATIC;
+-char __gnat_shared_libgcc_default = STATIC;
++const char *__gnat_run_path_option = "";
++char __gnat_shared_libgnat_default = SHARED;
++char __gnat_shared_libgcc_default = SHARED;
+ int __gnat_link_max = 8192;
+ unsigned char __gnat_objlist_file_supported = 1;
+ const char *__gnat_object_library_extension = ".a";
diff --git a/system/gcc/add-classic_table-support.patch b/system/gcc/add-classic_table-support.patch
new file mode 100644
index 000000000..0f5e0f8e3
--- /dev/null
+++ b/system/gcc/add-classic_table-support.patch
@@ -0,0 +1,151 @@
+--- gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_base.h.old 2016-01-04 08:30:50.652828000 -0600
++++ gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_base.h 2017-10-16 07:51:26.226276759 -0500
+@@ -40,19 +40,27 @@
+
+ // NB: Offsets into ctype<char>::_M_table force a particular size
+ // on the mask type. Because of this, we don't use an enum.
+- typedef unsigned int mask;
+- static const mask upper = 1 << 0;
+- static const mask lower = 1 << 1;
+- static const mask alpha = 1 << 2;
+- static const mask digit = 1 << 3;
+- static const mask xdigit = 1 << 4;
+- static const mask space = 1 << 5;
+- static const mask print = 1 << 6;
+- static const mask graph = (1 << 2) | (1 << 3) | (1 << 9); // alnum|punct
+- static const mask cntrl = 1 << 8;
+- static const mask punct = 1 << 9;
+- static const mask alnum = (1 << 2) | (1 << 3); // alpha|digit
+- static const mask blank = 1 << 10;
++ typedef unsigned short int mask;
++/* horrible ugly code from glibc */
++#ifndef _ISbit
++# if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
++# define _ISbit(i) (1 << (i))
++# else
++# define _ISbit(i) (i < 8 ? (1 << i << 8) : (1 << i >> 8))
++# endif
++#endif
++ static const mask upper = _ISbit(0);
++ static const mask lower = _ISbit(1);
++ static const mask alpha = _ISbit(2);
++ static const mask digit = _ISbit(3);
++ static const mask xdigit = _ISbit(4);
++ static const mask space = _ISbit(5);
++ static const mask print = _ISbit(6);
++ static const mask graph = _ISbit(7);
++ static const mask cntrl = _ISbit(9);
++ static const mask punct = _ISbit(10);
++ static const mask alnum = _ISbit(11);
++ static const mask blank = _ISbit(8);
+ };
+
+ _GLIBCXX_END_NAMESPACE_VERSION
+--- gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_configure_char.cc.old 2016-01-04 08:30:50.652828000 -0600
++++ gcc-6.4.0/libstdc++-v3/config/os/generic/ctype_configure_char.cc 2017-10-16 08:37:57.986260218 -0500
+@@ -40,7 +40,104 @@
+
+ const ctype_base::mask*
+ ctype<char>::classic_table() throw()
+- { return 0; }
++ {
++ static ctype_base::mask mask[256] = {
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl | print | space, cntrl, cntrl, cntrl, cntrl | print, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ print | space | blank,
++ print | punct | graph, print | punct | graph,
++ print | punct | graph, print | punct | graph,
++ print | punct | graph, print | punct | graph,
++ print | punct | graph, print | punct | graph,
++ print | punct | graph, print | punct | graph,
++ print | punct | graph, print | punct | graph,
++ print | punct | graph, print | punct | graph,
++ print | punct | graph,
++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit,
++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit,
++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit,
++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit,
++ print | graph | alnum | digit | xdigit, print | graph | alnum | digit | xdigit,
++ print | punct | graph, print | punct | graph,
++ print | graph, print | graph, print | graph,
++ print | punct | graph, print | graph,
++ print | graph | alnum | xdigit | alpha | upper,
++ print | graph | alnum | xdigit | alpha | upper,
++ print | graph | alnum | xdigit | alpha | upper,
++ print | graph | alnum | xdigit | alpha | upper,
++ print | graph | alnum | xdigit | alpha | upper,
++ print | graph | alnum | xdigit | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph | alnum | alpha | upper,
++ print | graph, print | graph, print | graph,
++ print | graph, print | graph, print | graph,
++ print | graph | alnum | xdigit | alpha | lower,
++ print | graph | alnum | xdigit | alpha | lower,
++ print | graph | alnum | xdigit | alpha | lower,
++ print | graph | alnum | xdigit | alpha | lower,
++ print | graph | alnum | xdigit | alpha | lower,
++ print | graph | alnum | xdigit | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph | alnum | alpha | lower,
++ print | graph, print | graph, print | graph, print | graph,
++ print,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl,
++ cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl, cntrl
++ };
++ return mask;
++ }
+
+ ctype<char>::ctype(__c_locale, const mask* __table, bool __del,
+ size_t __refs)
diff --git a/system/gcc/boehm-gc-musl.patch b/system/gcc/boehm-gc-musl.patch
new file mode 100644
index 000000000..2f106cba1
--- /dev/null
+++ b/system/gcc/boehm-gc-musl.patch
@@ -0,0 +1,62 @@
+--- gcc-4.8.1/boehm-gc/os_dep.c.orig 2013-09-17 07:46:00.969884340 +0000
++++ gcc-4.8.1/boehm-gc/os_dep.c 2013-09-17 06:53:53.629884946 +0000
+@@ -26,7 +26,7 @@
+ # define __KERNEL__
+ # include <asm/signal.h>
+ # undef __KERNEL__
+-# else
++# elif defined(__GLIBC__)
+ /* Kernels prior to 2.1.1 defined struct sigcontext_struct instead of */
+ /* struct sigcontext. libc6 (glibc2) uses "struct sigcontext" in */
+ /* prototypes, so we have to include the top-level sigcontext.h to */
+--- gcc-4.8.2/boehm-gc/dyn_load.c.orig 2014-02-17 14:13:09.519850231 +0200
++++ gcc-4.8.2/boehm-gc/dyn_load.c 2014-02-17 14:14:27.906093514 +0200
+@@ -459,9 +459,7 @@
+ /* For glibc 2.2.4+. Unfortunately, it doesn't work for older */
+ /* versions. Thanks to Jakub Jelinek for most of the code. */
+
+-# if (defined(LINUX) || defined (__GLIBC__)) /* Are others OK here, too? */ \
+- && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ > 2) \
+- || (__GLIBC__ == 2 && __GLIBC_MINOR__ == 2 && defined(DT_CONFIG)))
++# if (defined(LINUX) || defined (__GLIBC__))
+
+ /* We have the header files for a glibc that includes dl_iterate_phdr. */
+ /* It may still not be available in the library on the target system. */
+--- gcc-4.8.2/boehm-gc/include/private/gcconfig.h.orig 2014-02-17 14:14:36.026049422 +0200
++++ gcc-4.8.2/boehm-gc/include/private/gcconfig.h 2014-02-17 14:17:11.345207887 +0200
+@@ -684,7 +684,7 @@
+ # ifdef __ELF__
+ # define DYNAMIC_LOADING
+ # include <features.h>
+-# if defined(__GLIBC__)&& __GLIBC__>=2
++# if 1
+ # define SEARCH_FOR_DATA_START
+ # else /* !GLIBC2 */
+ extern char **__environ;
+@@ -1147,7 +1147,7 @@
+ # define DATASTART ((ptr_t)((((word) (_etext)) + 0xfff) & ~0xfff))
+ # endif
+ # include <features.h>
+-# if defined(__GLIBC__) && __GLIBC__ >= 2
++# if 1
+ # define SEARCH_FOR_DATA_START
+ # else
+ extern char **__environ;
+@@ -1367,7 +1367,7 @@
+ # define HBLKSIZE 4096
+ # endif
+ # define USE_GENERIC_PUSH_REGS
+-# if __GLIBC__ == 2 && __GLIBC_MINOR__ >= 2 || __GLIBC__ > 2
++# if 1
+ # define LINUX_STACKBOTTOM
+ # else
+ # define STACKBOTTOM 0x80000000
+@@ -1858,7 +1858,7 @@
+ # ifdef __ELF__
+ # define DYNAMIC_LOADING
+ # include <features.h>
+-# if defined(__GLIBC__) && __GLIBC__ >= 2
++# if 1
+ # define SEARCH_FOR_DATA_START
+ # else
+ extern char **__environ;
diff --git a/system/gcc/fix-cxxflags-passing.patch b/system/gcc/fix-cxxflags-passing.patch
new file mode 100644
index 000000000..8eb1de77d
--- /dev/null
+++ b/system/gcc/fix-cxxflags-passing.patch
@@ -0,0 +1,10 @@
+--- gcc-4.8.1/Makefile.in.orig
++++ gcc-4.8.1/Makefile.in
+@@ -169,6 +169,7 @@
+ # built for the build system to override those in BASE_FLAGS_TO_PASSS.
+ EXTRA_BUILD_FLAGS = \
+ CFLAGS="$(CFLAGS_FOR_BUILD)" \
++ CXXFLAGS="$(CXXFLAGS_FOR_BUILD)" \
+ LDFLAGS="$(LDFLAGS_FOR_BUILD)"
+
+ # This is the list of directories to built for the host system.
diff --git a/system/gcc/fix-gcj-iconv-musl.patch b/system/gcc/fix-gcj-iconv-musl.patch
new file mode 100644
index 000000000..b0015751e
--- /dev/null
+++ b/system/gcc/fix-gcj-iconv-musl.patch
@@ -0,0 +1,120 @@
+--- gcc-4.8.2/libjava/gnu/gcj/convert/natIconv.cc.orig 2014-02-18 18:46:14.897880526 +0200
++++ gcc-4.8.2/libjava/gnu/gcj/convert/natIconv.cc 2014-02-18 18:50:08.766613550 +0200
+@@ -24,6 +24,13 @@
+
+ #ifdef HAVE_ICONV
+ #include <iconv.h>
++#include <endian.h>
++
++#if __BYTE_ORDER == __BIG_ENDIAN
++#define UCS2_CHARSET "UCS-2BE"
++#else
++#define UCS2_CHARSET "UCS-2LE"
++#endif
+
+ template<typename T>
+ static inline size_t
+@@ -45,7 +52,7 @@
+ _Jv_GetStringUTFRegion (encoding, 0, encoding->length(), buffer);
+ buffer[len] = '\0';
+
+- iconv_t h = iconv_open ("UCS-2", buffer);
++ iconv_t h = iconv_open (UCS2_CHARSET, buffer);
+ if (h == (iconv_t) -1)
+ throw new ::java::io::UnsupportedEncodingException (encoding);
+
+@@ -99,18 +106,6 @@
+ throw new ::java::io::CharConversionException ();
+ }
+
+- if (iconv_byte_swap)
+- {
+- size_t max = (old_out - outavail) / sizeof (jchar);
+- for (size_t i = 0; i < max; ++i)
+- {
+- // Byte swap.
+- jchar c = (((out[outpos + i] & 0xff) << 8)
+- | ((out[outpos + i] >> 8) & 0xff));
+- outbuf[i] = c;
+- }
+- }
+-
+ inpos += old_in - inavail;
+ return (old_out - outavail) / sizeof (jchar);
+ #else /* HAVE_ICONV */
+@@ -145,7 +140,7 @@
+ _Jv_GetStringUTFRegion (encoding, 0, encoding->length(), buffer);
+ buffer[len] = '\0';
+
+- iconv_t h = iconv_open (buffer, "UCS-2");
++ iconv_t h = iconv_open (buffer, UCS2_CHARSET);
+ if (h == (iconv_t) -1)
+ throw new ::java::io::UnsupportedEncodingException (encoding);
+
+@@ -187,20 +182,6 @@
+ char *inbuf = (char *) &chars[inpos];
+ char *outbuf = (char *) &out[count];
+
+- if (iconv_byte_swap)
+- {
+- // Ugly performance penalty -- don't use losing systems!
+- temp_buffer = (jchar *) _Jv_Malloc (inlength * sizeof (jchar));
+- for (int i = 0; i < inlength; ++i)
+- {
+- // Byte swap.
+- jchar c = (((chars[inpos + i] & 0xff) << 8)
+- | ((chars[inpos + i] >> 8) & 0xff));
+- temp_buffer[i] = c;
+- }
+- inbuf = (char *) temp_buffer;
+- }
+-
+ size_t loop_old_in = old_in;
+ while (1)
+ {
+@@ -252,44 +233,7 @@
+ jboolean
+ gnu::gcj::convert::IOConverter::iconv_init (void)
+ {
+- // Some versions of iconv() always return their UCS-2 results in
+- // big-endian order, and they also require UCS-2 inputs to be in
+- // big-endian order. For instance, glibc 2.1.3 does this. If the
+- // UTF-8=>UCS-2 iconv converter has this feature, then we assume
+- // that all UCS-2 converters do. (This might not be the best
+- // heuristic, but is is all we've got.)
+- jboolean result = false;
+-#ifdef HAVE_ICONV
+- iconv_t handle = iconv_open ("UCS-2", "UTF-8");
+- if (handle != (iconv_t) -1)
+- {
+- jchar c;
+- unsigned char in[4];
+- char *inp, *outp;
+- size_t inc, outc, r;
+-
+- // This is the UTF-8 encoding of \ufeff. At least Tru64 UNIX libiconv
+- // needs the trailing NUL byte, otherwise iconv fails with EINVAL.
+- in[0] = 0xef;
+- in[1] = 0xbb;
+- in[2] = 0xbf;
+- in[3] = 0x00;
+-
+- inp = (char *) in;
+- inc = 4;
+- outp = (char *) &c;
+- outc = 2;
+-
+- r = iconv_adapter (iconv, handle, &inp, &inc, &outp, &outc);
+- // Conversion must be complete for us to use the result.
+- if (r != (size_t) -1 && inc == 0 && outc == 0)
+- result = (c != 0xfeff);
+-
+- // Release iconv handle.
+- iconv_close (handle);
+- }
+-#endif /* HAVE_ICONV */
+- return result;
++ return false;
+ }
+
+ void
diff --git a/system/gcc/fix-gcj-musl.patch b/system/gcc/fix-gcj-musl.patch
new file mode 100644
index 000000000..d26f510c0
--- /dev/null
+++ b/system/gcc/fix-gcj-musl.patch
@@ -0,0 +1,49 @@
+--- gcc-4.8.2/libjava/gnu/classpath/natSystemProperties.cc.orig 2014-02-18 10:55:08.617678779 +0200
++++ gcc-4.8.2/libjava/gnu/classpath/natSystemProperties.cc 2014-02-18 10:56:31.927227453 +0200
+@@ -289,7 +289,7 @@
+ // just default to `en_US'.
+ setlocale (LC_ALL, "");
+ char *locale = setlocale (LC_MESSAGES, "");
+- if (locale && strlen (locale) >= 2)
++ if (locale && strlen (locale) >= 2 && (locale[2] == '\0' || locale[2] == '_'))
+ {
+ char buf[3];
+ buf[2] = '\0';
+--- gcc-4.8.2/libjava/posix-threads.cc.orig 2014-02-18 13:22:01.789933726 +0200
++++ gcc-4.8.2/libjava/posix-threads.cc 2014-02-18 13:29:50.924058875 +0200
+@@ -657,6 +657,7 @@
+ struct sched_param param;
+ pthread_attr_t attr;
+ struct starter *info;
++ size_t ss;
+
+ if (data->flags & FLAG_START)
+ return;
+@@ -675,8 +676,25 @@
+ // Set stack size if -Xss option was given.
+ if (gcj::stack_size > 0)
+ {
+- int e = pthread_attr_setstacksize (&attr, gcj::stack_size);
++ ss = gcj::stack_size;
++ }
++ else
++ {
++ int e = pthread_attr_getstacksize (&attr, &ss);
++ if (e != 0)
++ JvFail (strerror (e));
++
++ // Request at least 1meg of stack
++ if (ss >= 1024 * 1024)
++ ss = 0;
++ else
++ ss = 1024 * 1024;
++ }
++
++ if (ss)
++ {
++ int e = pthread_attr_setstacksize (&attr, ss);
+ if (e != 0)
+ JvFail (strerror (e));
+ }
+
+ info = (struct starter *) _Jv_AllocBytes (sizeof (struct starter));
diff --git a/system/gcc/fix-gcj-stdgnu14-link.patch b/system/gcc/fix-gcj-stdgnu14-link.patch
new file mode 100644
index 000000000..2b2ce0fa5
--- /dev/null
+++ b/system/gcc/fix-gcj-stdgnu14-link.patch
@@ -0,0 +1,35 @@
+--- gcc-6.1.0/libjava/Makefile.am
++++ gcc-6.1.0/libjava/Makefile.am
+@@ -488,10 +488,14 @@
+ nat_files = $(nat_source_files:.cc=.lo)
+ xlib_nat_files = $(xlib_nat_source_files:.cc=.lo)
+
++libgcj_la_CPPFLAGS = \
++ $(AM_CPPFLAGS) \
++ $(LIBSTDCXX_RAW_CXX_CXXFLAGS)
++
+ # Include THREADLIBS here to ensure that the correct version of
+ # certain linuxthread functions get linked:
+ ## The mysterious backslash in the grep pattern is consumed by make.
+-libgcj_la_LDFLAGS = -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \
++libgcj_la_LDFLAGS = $(LIBSTDCXX_RAW_CXX_LDFLAGS) -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \
+ $(LIBLTDL) $(SYS_ZLIBS) $(LIBJAVA_LDFLAGS_NOUNDEF) \
+ -version-info `grep -v '^\#' $(srcdir)/libtool-version` \
+ $(LIBGCJ_LD_SYMBOLIC_FUNCTIONS) $(LIBGCJ_LD_EXPORT_ALL)
+--- gcc-6.1.0/libjava/Makefile.in
++++ gcc-6.1.0/libjava/Makefile.in
+@@ -1103,9 +1103,13 @@
+ nat_files = $(nat_source_files:.cc=.lo)
+ xlib_nat_files = $(xlib_nat_source_files:.cc=.lo)
+
++libgcj_la_CPPFLAGS = \
++ $(AM_CPPFLAGS) \
++ $(LIBSTDCXX_RAW_CXX_CXXFLAGS)
++
+ # Include THREADLIBS here to ensure that the correct version of
+ # certain linuxthread functions get linked:
+-libgcj_la_LDFLAGS = -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \
++libgcj_la_LDFLAGS = $(LIBSTDCXX_RAW_CXX_LDFLAGS) -rpath $(toolexeclibdir) $(THREADLDFLAGS) $(extra_ldflags) $(THREADLIBS) \
+ $(LIBLTDL) $(SYS_ZLIBS) $(LIBJAVA_LDFLAGS_NOUNDEF) \
+ -version-info `grep -v '^\#' $(srcdir)/libtool-version` \
+ $(LIBGCJ_LD_SYMBOLIC_FUNCTIONS) $(LIBGCJ_LD_EXPORT_ALL)
diff --git a/system/gcc/fix-rs6000-pie.patch b/system/gcc/fix-rs6000-pie.patch
new file mode 100644
index 000000000..1fbc31a56
--- /dev/null
+++ b/system/gcc/fix-rs6000-pie.patch
@@ -0,0 +1,59 @@
+--- gcc-6.3.0.orig/gcc/config/rs6000/sysv4.h
++++ gcc-6.3.0/gcc/config/rs6000/sysv4.h
+@@ -753,23 +753,42 @@
+ #endif
+
+ #ifdef HAVE_LD_PIE
+-#define STARTFILE_LINUX_SPEC "\
+-%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
+-%{mnewlib:ecrti.o%s;:crti.o%s} \
+-%{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \
+-" CRTOFFLOADBEGIN
++#define STARTFILE_LINUX_SPEC \
++ "%{!shared: %{pg|p|profile:gcrt1.o%s;: \
++ %{" PIE_SPEC ":%{static:rcrt1.o%s;:Scrt1.o%s}} %{" NO_PIE_SPEC ":crt1.o%s}}} \
++ crti.o%s %{shared:crtbeginS.o%s;: \
++ %{" PIE_SPEC ":crtbeginS.o%s} \
++ %{" NO_PIE_SPEC ":%{static:crtbeginT.o%s;:crtbegin.o%s}}} \
++ %{fvtable-verify=none:%s; \
++ fvtable-verify=preinit:vtv_start_preinit.o%s; \
++ fvtable-verify=std:vtv_start.o%s} \
++ " CRTOFFLOADBEGIN
+ #else
+-#define STARTFILE_LINUX_SPEC "\
+-%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \
+-%{mnewlib:ecrti.o%s;:crti.o%s} \
+-%{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \
+-" CRTOFFLOADBEGIN
++#define STARTFILE_LINUX_SPEC \
++ "%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \
++ crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s} \
++ %{fvtable-verify=none:%s; \
++ fvtable-verify=preinit:vtv_start_preinit.o%s; \
++ fvtable-verify=std:vtv_start.o%s} \
++ " CRTOFFLOADBEGIN
+ #endif
+
+-#define ENDFILE_LINUX_SPEC "\
+-%{shared|pie:crtendS.o%s;:crtend.o%s} \
+-%{mnewlib:ecrtn.o%s;:crtn.o%s} \
+-" CRTOFFLOADEND
++#ifdef HAVE_LD_PIE
++#define ENDFILE_LINUX_SPEC \
++ "%{fvtable-verify=none:%s; \
++ fvtable-verify=preinit:vtv_end_preinit.o%s; \
++ fvtable-verify=std:vtv_end.o%s} \
++ %{shared:crtendS.o%s;: %{" PIE_SPEC ":crtendS.o%s} \
++ %{" NO_PIE_SPEC ":crtend.o%s}} crtn.o%s \
++ " CRTOFFLOADEND
++#else
++#define ENDFILE_LINUX_SPEC \
++ "%{fvtable-verify=none:%s; \
++ fvtable-verify=preinit:vtv_end_preinit.o%s; \
++ fvtable-verify=std:vtv_end.o%s} \
++ %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s \
++ " CRTOFFLOADEND
++#endif
+
+ #define LINK_START_LINUX_SPEC ""
+
diff --git a/system/gcc/gcc-4.8-build-args.patch b/system/gcc/gcc-4.8-build-args.patch
new file mode 100644
index 000000000..c27e00961
--- /dev/null
+++ b/system/gcc/gcc-4.8-build-args.patch
@@ -0,0 +1,41 @@
+When cross compiling a target gcc, target flags may be used on the host
+
+Configure identifies a number of warning flags (WARN_CFLAGS and
+WARN_CXXFLAGS) from the $CC value. The cross compiler may be different
+from the host compiler and may not support the same set of flags. This
+leads to problems such as:
+
+cc1plus: error: unrecognized command line option "-Wno-narrowing"
+cc1plus: error: unrecognized command line option "-Wno-overlength-strings"
+
+Work around this problem by removing the warning flags from the
+BUILD_CXXFLAGS value, in a way similar to the BUILD_CFLAGS.
+
+Upstream-Status: Pending
+
+Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
+
+Index: gcc-4.8.0/gcc/configure
+===================================================================
+--- gcc-4.8.0.orig/gcc/configure
++++ gcc-4.8.0/gcc/configure
+@@ -11720,6 +10581,7 @@ STMP_FIXINC=stmp-fixinc
+ if test x$build != x$host || test "x$coverage_flags" != x
+ then
+ BUILD_CFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)'
++ BUILD_CXXFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)'
+ BUILD_LDFLAGS='$(LDFLAGS_FOR_BUILD)'
+ fi
+
+Index: gcc-4.8.0/gcc/configure.ac
+===================================================================
+--- gcc-4.8.0.orig/gcc/configure.ac
++++ gcc-4.8.0/gcc/configure.ac
+@@ -1901,6 +1901,7 @@ STMP_FIXINC=stmp-fixinc AC_SUBST(STMP_F
+ if test x$build != x$host || test "x$coverage_flags" != x
+ then
+ BUILD_CFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)'
++ BUILD_CXXFLAGS='$(INTERNAL_CFLAGS) $(T_CFLAGS) $(CFLAGS_FOR_BUILD)'
+ BUILD_LDFLAGS='$(LDFLAGS_FOR_BUILD)'
+ fi
+
diff --git a/system/gcc/gcc-4.9-musl-fortify.patch b/system/gcc/gcc-4.9-musl-fortify.patch
new file mode 100644
index 000000000..daae954c8
--- /dev/null
+++ b/system/gcc/gcc-4.9-musl-fortify.patch
@@ -0,0 +1,11 @@
+--- gcc-4.9.2/gcc/config/linux.h.orig 2015-03-09 13:27:13.289736710 +0000
++++ gcc-4.9.2/gcc/config/linux.h 2015-03-09 13:29:32.295625046 +0000
+@@ -146,6 +146,8 @@
+
+ #ifdef NATIVE_SYSTEM_HEADER_DIR
+ #define INCLUDE_DEFAULTS_MUSL_NATIVE \
++ { NATIVE_SYSTEM_HEADER_DIR "/fortify", 0, 0, 0, 1, 2 }, \
++ { NATIVE_SYSTEM_HEADER_DIR "/fortify", 0, 0, 0, 1, 0 }, \
+ { NATIVE_SYSTEM_HEADER_DIR, 0, 0, 0, 1, 2 }, \
+ { NATIVE_SYSTEM_HEADER_DIR, 0, 0, 0, 1, 0 },
+ #else
diff --git a/system/gcc/gcc-6.1-musl-libssp.patch b/system/gcc/gcc-6.1-musl-libssp.patch
new file mode 100644
index 000000000..fe5c61434
--- /dev/null
+++ b/system/gcc/gcc-6.1-musl-libssp.patch
@@ -0,0 +1,20 @@
+Author: Timo Teräs <timo.teras@iki.fi>
+
+Alpine musl package provides libssp_nonshared.a. We link to it unconditionally,
+as otherwise we get link failures if some objects are -fstack-protector built
+and final link happens with -fno-stack-protector. This seems to be the common
+case when bootstrapping gcc, the piepatches do not seem to fully fix the
+crosstoolchain and bootstrap sequence wrt. stack-protector flag usage.
+
+--- gcc-6.1.0/gcc/gcc.c.orig
++++ gcc-6.1.0/gcc/gcc.c
+@@ -870,8 +870,7 @@
+
+ #ifndef LINK_SSP_SPEC
+ #ifdef TARGET_LIBC_PROVIDES_SSP
+-#define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+- "|fstack-protector-strong|fstack-protector-explicit:}"
++#define LINK_SSP_SPEC "-lssp_nonshared"
+ #else
+ #define LINK_SSP_SPEC "%{fstack-protector|fstack-protector-all" \
+ "|fstack-protector-strong|fstack-protector-explicit" \
diff --git a/system/gcc/gcc-pure64.patch b/system/gcc/gcc-pure64.patch
new file mode 100644
index 000000000..2c350fe5a
--- /dev/null
+++ b/system/gcc/gcc-pure64.patch
@@ -0,0 +1,89 @@
+--- ./gcc/config/i386/t-linux64.orig 2013-01-14 16:32:37.000000000 +0000
++++ ./gcc/config/i386/t-linux64 2013-04-22 06:12:32.984439677 +0000
+@@ -34,6 +34,6 @@
+ comma=,
+ MULTILIB_OPTIONS = $(subst $(comma),/,$(TM_MULTILIB_CONFIG))
+ MULTILIB_DIRNAMES = $(patsubst m%, %, $(subst /, ,$(MULTILIB_OPTIONS)))
+-MULTILIB_OSDIRNAMES = m64=../lib64$(call if_multiarch,:x86_64-linux-gnu)
+-MULTILIB_OSDIRNAMES+= m32=$(if $(wildcard $(shell echo $(SYSTEM_HEADER_DIR))/../../usr/lib32),../lib32,../lib)$(call if_multiarch,:i386-linux-gnu)
++MULTILIB_OSDIRNAMES = m64=../lib
++MULTILIB_OSDIRNAMES+= m32=../lib32
+ MULTILIB_OSDIRNAMES+= mx32=../libx32$(call if_multiarch,:x86_64-linux-gnux32)
+--- ./gcc/config/aarch64/t-aarch64-linux.orig
++++ ./gcc/config/aarch64/t-aarch64-linux
+@@ -22,7 +22,7 @@
+ LIB1ASMFUNCS = _aarch64_sync_cache_range
+
+ AARCH_BE = $(if $(findstring TARGET_BIG_ENDIAN_DEFAULT=1, $(tm_defines)),_be)
+-MULTILIB_OSDIRNAMES = mabi.lp64=../lib64$(call if_multiarch,:aarch64$(AARCH_BE)-linux-gnu)
++MULTILIB_OSDIRNAMES = mabi.lp64=../lib
+ MULTIARCH_DIRNAME = $(call if_multiarch,aarch64$(AARCH_BE)-linux-gnu)
+
+ MULTILIB_OSDIRNAMES += mabi.ilp32=../libilp32
+--- ./gcc/config/s390/t-linux64.orig
++++ ./gcc/config/s390/t-linux64
+@@ -7,5 +7,5 @@
+ MULTILIB_OPTIONS = m64/m31
+ MULTILIB_DIRNAMES = 64 32
+-MULTILIB_OSDIRNAMES = ../lib64$(call if_multiarch,:s390x-linux-gnu)
+-MULTILIB_OSDIRNAMES += $(if $(wildcard $(shell echo $(SYSTEM_HEADER_DIR))/../../usr/lib32),../lib32,../lib)$(call if_multiarch,:s390-linux-gnu)
++MULTILIB_OSDIRNAMES = m64=../lib
++MULTILIB_OSDIRNAMES+= m32=../lib32
+
+--- ./gcc/config/rs6000/t-linux.orig
++++ ./gcc/config/rs6000/t-linux
+@@ -2,7 +2,8 @@
+ # or soft-float.
+ ifeq (,$(filter $(with_cpu),$(SOFT_FLOAT_CPUS))$(findstring soft,$(with_float)))
+ ifneq (,$(findstring powerpc64,$(target)))
+-MULTILIB_OSDIRNAMES := .=../lib64$(call if_multiarch,:powerpc64-linux-gnu)
++MULTILIB_OSDIRNAMES := m64=../lib
++MULTILIB_OSDIRNAMES += m32=../lib32
+ else
+ ifneq (,$(findstring spe,$(target)))
+ MULTIARCH_DIRNAME := powerpc-linux-gnuspe$(if $(findstring 8548,$(with_cpu)),,v1)
+@@ -14,7 +15,8 @@
+ MULTIARCH_DIRNAME := $(subst -linux,le-linux,$(MULTIARCH_DIRNAME))
+ endif
+ ifneq (,$(findstring powerpc64le,$(target)))
+-MULTILIB_OSDIRNAMES := $(subst -linux,le-linux,$(MULTILIB_OSDIRNAMES))
++MULTILIB_OSDIRNAMES := m64=../lib
++MULTILIB_OSDIRNAMES += m32=../lib32
+ endif
+ endif
+
+--- ./gcc/config/rs6000/t-linux64.orig
++++ ./gcc/config/rs6000/t-linux64
+@@ -28,8 +28,8 @@
+ MULTILIB_OPTIONS := m64/m32
+ MULTILIB_DIRNAMES := 64 32
+ MULTILIB_EXTRA_OPTS :=
+-MULTILIB_OSDIRNAMES := m64=../lib64$(call if_multiarch,:powerpc64-linux-gnu)
+-MULTILIB_OSDIRNAMES += m32=$(if $(wildcard $(shell echo $(SYSTEM_HEADER_DIR))/../../usr/lib32),../lib32,../lib)$(call if_multiarch,:powerpc-linux-gnu)
++MULTILIB_OSDIRNAMES := m64=../lib
++MULTILIB_OSDIRNAMES += m32=../lib32
+
+ rs6000-linux.o: $(srcdir)/config/rs6000/rs6000-linux.c
+ $(COMPILE) $<
+--- ./gcc/config/rs6000/t-linux64bele.orig
++++ ./gcc/config/rs6000/t-linux64bele
+@@ -2,6 +2,6 @@
+
+ MULTILIB_OPTIONS += mlittle
+ MULTILIB_DIRNAMES += le
+-MULTILIB_OSDIRNAMES += $(subst =,.mlittle=,$(subst lible32,lib32le,$(subst lible64,lib64le,$(subst lib,lible,$(subst -linux,le-linux,$(MULTILIB_OSDIRNAMES))))))
+-MULTILIB_OSDIRNAMES += $(subst $(if $(findstring 64,$(target)),m64,m32).,,$(filter $(if $(findstring 64,$(target)),m64,m32).mlittle%,$(MULTILIB_OSDIRNAMES)))
++MULTILIB_OSDIRNAMES = m64=../lib
++MULTILIB_OSDIRNAMES+= m32=../lib32
+ MULTILIB_MATCHES := ${MULTILIB_MATCHES_ENDIAN}
+--- ./gcc/config/rs6000/t-linux64lebe.orig
++++ ./gcc/config/rs6000/t-linux64lebe
+@@ -2,6 +2,6 @@
+
+ MULTILIB_OPTIONS += mbig
+ MULTILIB_DIRNAMES += be
+-MULTILIB_OSDIRNAMES += $(subst =,.mbig=,$(subst libbe32,lib32be,$(subst libbe64,lib64be,$(subst lib,libbe,$(subst le-linux,-linux,$(MULTILIB_OSDIRNAMES))))))
+-MULTILIB_OSDIRNAMES += $(subst $(if $(findstring 64,$(target)),m64,m32).,,$(filter $(if $(findstring 64,$(target)),m64,m32).mbig%,$(MULTILIB_OSDIRNAMES)))
++MULTILIB_OSDIRNAMES := m64=../lib
++MULTILIB_OSDIRNAMES += m32=../lib32
+ MULTILIB_MATCHES := ${MULTILIB_MATCHES_ENDIAN}
diff --git a/system/gcc/libgcc-always-build-gcceh.a.patch b/system/gcc/libgcc-always-build-gcceh.a.patch
new file mode 100644
index 000000000..74ae89730
--- /dev/null
+++ b/system/gcc/libgcc-always-build-gcceh.a.patch
@@ -0,0 +1,39 @@
+Highly inspired by:
+ http://landley.net/hg/aboriginal/file/7e0747a665ab/sources/patches/gcc-core-libgcceh.patch
+
+diff -durN gcc-4.6.0.orig/libgcc/Makefile.in gcc-4.6.0/libgcc/Makefile.in
+--- gcc-4.6.0.orig/libgcc/Makefile.in 2011-01-26 05:19:58.000000000 +0100
++++ gcc-4.6.0/libgcc/Makefile.in 2011-09-12 18:17:12.743718974 +0200
+@@ -772,8 +772,9 @@
+ libgcc_s$(SHLIB_EXT): libunwind$(SHLIB_EXT)
+ endif
+
++all: libgcc_eh.a
+ ifeq ($(enable_shared),yes)
+-all: libgcc_eh.a libgcc_s$(SHLIB_EXT)
++all: libgcc_s$(SHLIB_EXT)
+ ifneq ($(LIBUNWIND),)
+ all: libunwind$(SHLIB_EXT)
+ endif
+@@ -950,10 +951,6 @@
+ install-shared:
+ $(mkinstalldirs) $(DESTDIR)$(inst_libdir)
+
+- $(INSTALL_DATA) libgcc_eh.a $(DESTDIR)$(inst_libdir)/
+- chmod 644 $(DESTDIR)$(inst_libdir)/libgcc_eh.a
+- $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcc_eh.a
+-
+ $(subst @multilib_dir@,$(MULTIDIR),$(subst \
+ @shlib_base_name@,libgcc_s,$(subst \
+ @shlib_slibdir_qual@,$(MULTIOSSUBDIR),$(SHLIB_INSTALL))))
+@@ -968,6 +965,10 @@
+ chmod 644 $(DESTDIR)$(inst_libdir)/libgcov.a
+ $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcov.a
+
++ $(INSTALL_DATA) libgcc_eh.a $(DESTDIR)$(inst_libdir)/
++ chmod 644 $(DESTDIR)$(inst_libdir)/libgcc_eh.a
++ $(RANLIB) $(DESTDIR)$(inst_libdir)/libgcc_eh.a
++
+ parts="$(INSTALL_PARTS)"; \
+ for file in $$parts; do \
+ rm -f $(DESTDIR)$(inst_libdir)/$$file; \
diff --git a/system/libarchive/APKBUILD b/system/libarchive/APKBUILD
new file mode 100644
index 000000000..f7d4aa2c4
--- /dev/null
+++ b/system/libarchive/APKBUILD
@@ -0,0 +1,56 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libarchive
+pkgver=3.3.2
+pkgrel=2
+pkgdesc="library that can create and read several streaming archive formats"
+url="http://libarchive.org/"
+arch="all"
+license="BSD"
+makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev attr-dev"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
+source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
+ penis.patch
+ CVE-2017-14166.patch"
+options="!check" # needs EUC-JP and KOI8R support in iconv
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 3.3.2-r1:
+# - CVE-2017-14166
+
+build () {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --with-expat \
+ --without-xml2 \
+ --with-bz2lib \
+ --with-zlib \
+ --with-lzma \
+ --with-lz4 \
+ --enable-acl \
+ --enable-xattr \
+ ac_cv_header_linux_fiemap_h=no
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+tools() {
+ pkgdesc="libarchive tools - bsdtar and bsdcpio"
+
+ mkdir -p "$subpkgdir"/usr/
+ mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+ ln -s bsdtar "$subpkgdir"/usr/bin/tar
+ ln -s bsdcpio "$subpkgdir"/usr/bin/cpio
+}
+
+sha512sums="1e538cd7d492f54b11c16c56f12c1632ba14302a3737ec0db786272aec0c8020f1e27616a7654d57e26737e5ed9bfc9a62f1fdda61a95c39eb726aa7c2f673e4 libarchive-3.3.2.tar.gz
+3de98af0f97063999a6a06bb7a3d8cfa10b350237497eaf25a990178fe7ff74355445deb21ec9e883faad8ffc7f4e008cd9ac916be63c79b3f4ed2d5741e4336 penis.patch
+7cc9dbafd970c07fb4421b7a72a075cc0a000db77df4432222539c58625c93c45f01a144838b551980bc0c6dc5b4c3ab852eb1433006c3174581ba0897010dbe CVE-2017-14166.patch"
diff --git a/system/libarchive/CVE-2017-14166.patch b/system/libarchive/CVE-2017-14166.patch
new file mode 100644
index 000000000..b729ae41e
--- /dev/null
+++ b/system/libarchive/CVE-2017-14166.patch
@@ -0,0 +1,36 @@
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+---
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d..93eeacc5e 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ uint64_t l;
+ int digit;
+
++ if (char_cnt == 0)
++ return (0);
++
+ l = 0;
+ digit = *p - '0';
+ while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ int64_t l;
+ int digit;
+-
++
++ if (char_cnt == 0)
++ return (0);
++
+ l = 0;
+ while (char_cnt-- > 0) {
+ if (*p >= '0' && *p <= '7')
diff --git a/system/libarchive/penis.patch b/system/libarchive/penis.patch
new file mode 100644
index 000000000..c3745979e
--- /dev/null
+++ b/system/libarchive/penis.patch
@@ -0,0 +1,11 @@
+--- libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c.old 2017-02-25 17:37:08.000000000 +0000
++++ libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c 2017-07-04 01:31:03.297134418 +0000
+@@ -1865,7 +1865,7 @@
+ #endif
+ #endif /* defined(HAVE_LINUX_FIEMAP_H) */
+
+-#if defined(SEEK_HOLE) && defined(SEEK_DATA)
++#if defined(SEEK_HOLE) && defined(SEEK_DATA) && defined(__PENIS__)
+
+ /*
+ * SEEK_HOLE sparse interface (FreeBSD, Linux, Solaris)
diff --git a/system/llvm4/APKBUILD b/system/llvm4/APKBUILD
new file mode 100644
index 000000000..236fb1fc5
--- /dev/null
+++ b/system/llvm4/APKBUILD
@@ -0,0 +1,253 @@
+# Contributor: Travis Tilley <ttilley@gmail.com>
+# Contributor: Mitch Tishmack <mitch.tishmack@gmail.com>
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
+_pkgname=llvm
+pkgver=4.0.0
+_majorver=${pkgver%%.*}
+pkgname=$_pkgname$_majorver
+pkgrel=5
+pkgdesc="Low Level Virtual Machine compiler system, version $_majorver"
+arch="all"
+url="http://llvm.org/"
+license="UOI-NCSA"
+depends_dev="$pkgname=$pkgver-r$pkgrel"
+makedepends="binutils-dev chrpath cmake file libffi-dev paxmark python3 zlib-dev"
+subpackages="$pkgname-static $pkgname-libs $pkgname-dev $pkgname-test-utils:_test_utils"
+source="http://llvm.org/releases/$pkgver/llvm-$pkgver.src.tar.xz
+ llvm-fix-build-with-musl-libc.patch
+ llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch
+ cmake-fix-libLLVM-name.patch
+ disable-FileSystemTest.CreateDir-perms-assert.patch
+ silent-amdgpu-test-failing.patch
+ fix-CheckAtomic.cmake.patch
+ "
+builddir="$srcdir/$_pkgname-$pkgver.src"
+
+# ARM has few failures in test suite that we don't care about currently and
+# also it takes forever to run them on the builder.
+case "$CARCH" in
+ arm*) options="!check";;
+esac
+
+# Whether is this package the default (latest) LLVM version.
+_default_llvm="yes"
+
+if [ "$_default_llvm" = yes ]; then
+ provides="llvm=$pkgver-r$pkgrel"
+ replaces="llvm"
+fi
+
+# NOTE: It seems that there's no (sane) way how to change includedir, sharedir
+# etc. separately, just the CMAKE_INSTALL_PREFIX. Standard CMake variables and
+# even LLVM-specific variables, that are related to these paths, actually
+# don't work (in llvm 3.7).
+#
+# When building a software that depends on LLVM, utility llvm-config should be
+# used to discover where is LLVM installed. It provides options to print
+# path of bindir, includedir, and libdir separately, but in its source, all
+# these paths are actually hard-coded against INSTALL_PREFIX. We can patch it
+# and move paths manually, but I'm really not sure what it may break...
+#
+# Also note that we should *not* add version suffix to files in llvm bindir!
+# It breaks build system of some software that depends on LLVM, because they
+# don't expect these files to have a sufix.
+#
+# So, we install all the LLVM files into /usr/lib/llvm$_majorver.
+# BTW, Fedora and Debian do the same thing.
+#
+_prefix="usr/lib/llvm$_majorver"
+
+prepare() {
+ default_prepare
+ cd "$builddir"
+
+ # https://bugs.llvm.org//show_bug.cgi?id=31870
+ rm test/tools/llvm-symbolizer/print_context.c
+
+ mkdir -p "$builddir"/build
+}
+
+build() {
+ cd "$builddir"/build
+
+ # Auto-detect it by guessing either.
+ local ffi_include_dir="$(pkg-config --cflags-only-I libffi | sed 's|^-I||g')"
+
+ cmake -G "Unix Makefiles" -Wno-dev \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_INSTALL_PREFIX=/$_prefix \
+ -DCMAKE_VERBOSE_MAKEFILE=NO \
+ -DFFI_INCLUDE_DIR="$ffi_include_dir" \
+ -DLLVM_BINUTILS_INCDIR=/usr/include \
+ -DLLVM_BUILD_DOCS=OFF \
+ -DLLVM_BUILD_EXAMPLES=OFF \
+ -DLLVM_BUILD_EXTERNAL_COMPILER_RT=ON \
+ -DLLVM_BUILD_LLVM_DYLIB=ON \
+ -DLLVM_BUILD_TESTS=ON \
+ -DLLVM_DEFAULT_TARGET_TRIPLE="$CBUILD" \
+ -DLLVM_DYLIB_EXPORT_ALL=ON \
+ -DLLVM_ENABLE_ASSERTIONS=OFF \
+ -DLLVM_ENABLE_CXX1Y=ON \
+ -DLLVM_ENABLE_FFI=ON \
+ -DLLVM_ENABLE_LIBCXX=OFF \
+ -DLLVM_ENABLE_PIC=ON \
+ -DLLVM_ENABLE_RTTI=ON \
+ -DLLVM_ENABLE_SPHINX=OFF \
+ -DLLVM_ENABLE_TERMINFO=ON \
+ -DLLVM_ENABLE_ZLIB=ON \
+ -DLLVM_HOST_TRIPLE="$CHOST" \
+ -DLLVM_INCLUDE_EXAMPLES=OFF \
+ -DLLVM_LINK_LLVM_DYLIB=ON \
+ -DLLVM_TARGETS_TO_BUILD='X86;ARM;AArch64;PowerPC;SystemZ;AMDGPU;NVPTX;Mips;BPF' \
+ "$builddir"
+
+ make llvm-tblgen
+ make
+
+ paxmark m \
+ bin/llvm-rtdyld \
+ bin/lli \
+ bin/lli-child-target \
+ unittests/ExecutionEngine/MCJIT/MCJITTests \
+ unittests/ExecutionEngine/Orc/OrcJITTests \
+ unittests/Support/SupportTests
+
+ python3 ../utils/lit/setup.py build
+}
+
+check() {
+ cd "$builddir"/build
+
+ # FIXME: Few tests fail on s390x, ignore it for now. See build log
+ # https://gist.github.com/jirutka/6edc951ad5b8002cf1780546cf661edc
+ case "$CARCH" in
+ s390x) make check-llvm || true;;
+ *) make check-llvm;;
+ esac
+}
+
+package() {
+ cd "$builddir"/build
+
+ make DESTDIR="$pkgdir" install
+
+ cd "$pkgdir"/$_prefix
+
+ # Remove RPATHs.
+ file lib/*.so bin/* \
+ | awk -F: '$2~/ELF/{print $1}' \
+ | xargs -r chrpath -d
+
+ # Symlink files from /usr/lib/llvm*/bin to /usr/bin.
+ mkdir -p "$pkgdir"/usr/bin
+ local name newname path
+ for path in bin/*; do
+ name=${path##*/}
+ # Add version infix/suffix to the executable name.
+ case "$name" in
+ llvm-*) newname="llvm$_majorver-${name#llvm-}";;
+ *) newname="$name$_majorver";;
+ esac
+ # If this package provides=llvm (i.e. it's the default/latest
+ # llvm package), omit version infix/suffix.
+ if [ "$_default_llvm" = yes ]; then
+ newname=$name
+ fi
+ case "$name" in
+ FileCheck | obj2yaml | yaml2obj) continue;;
+ esac
+ ln -s ../lib/llvm$_majorver/bin/$name "$pkgdir"/usr/bin/$newname
+ done
+
+ # Move /usr/lib/$pkgname/include/ into /usr/include/$pkgname/
+ # and symlink it back.
+ _mv include/* "$pkgdir"/usr/include/$pkgname/
+ rmdir include
+ ln -s ../../include/$pkgname include
+
+ # Move /usr/lib/$pkgname/lib/cmake/llvm/ into /usr/lib/cmake/$pkgname/
+ # and symlink it back.
+ _mv lib/cmake/llvm/* "$pkgdir"/usr/lib/cmake/$pkgname/
+ rmdir lib/cmake/llvm
+ ln -s ../../../cmake/$pkgname lib/cmake/llvm
+}
+
+static() {
+ pkgdesc="LLVM $_majorver static libraries"
+ _common_subpkg
+
+ _mv "$pkgdir"/$_prefix/lib/*.a "$subpkgdir"/$_prefix/lib/
+}
+
+libs() {
+ pkgdesc="LLVM $_majorver runtime library"
+ local soname="libLLVM-$_majorver.0.so"
+ local soname2="libLLVM-$pkgver.so"
+ _common_subpkg
+
+ mkdir -p "$subpkgdir"
+ cd "$subpkgdir"
+
+ # libLLVM should be in /usr/lib. This is needed for binaries that are
+ # dynamically linked with libLLVM, so they can find it on default path.
+ _mv "$pkgdir"/$_prefix/lib/$soname usr/lib/
+ ln -s $soname usr/lib/$soname2
+
+ # And also symlink it back to the LLVM prefix.
+ mkdir -p $_prefix/lib
+ ln -s ../../$soname $_prefix/lib/$soname
+ ln -s ../../$soname $_prefix/lib/$soname2
+}
+
+dev() {
+ _common_subpkg
+ default_dev
+ cd "$subpkgdir"
+
+ _mv "$pkgdir"/$_prefix/lib $_prefix/
+ _mv "$pkgdir"/$_prefix/include $_prefix/
+
+ _mv "$pkgdir"/$_prefix/bin/llvm-config $_prefix/bin/
+}
+
+_test_utils() {
+ pkgdesc="LLVM $_majorver utilities for executing LLVM and Clang style test suites"
+ depends="python3"
+ _common_subpkg
+ replaces=""
+
+ local litver=$(python3 "$builddir"/utils/lit/setup.py --version 2>/dev/null \
+ | sed 's/\.dev.*$//')
+ test -n "$litver" || return 1
+ provides="$provides lit=$litver-r$pkgrel"
+
+ cd "$builddir"/build
+
+ install -D -m 755 bin/FileCheck "$subpkgdir"/$_prefix/bin/FileCheck
+ install -D -m 755 bin/not "$subpkgdir"/$_prefix/bin/not
+
+ python3 ../utils/lit/setup.py install --prefix=/usr --root="$subpkgdir"
+ ln -s ../../../bin/lit "$subpkgdir"/$_prefix/bin/lit
+}
+
+_common_subpkg() {
+ if [ "$_default_llvm" = yes ]; then
+ replaces="llvm${subpkgname#$pkgname}"
+ provides="$replaces=$pkgver-r$pkgrel"
+ fi
+}
+
+_mv() {
+ local dest; for dest; do true; done # get last argument
+ mkdir -p "$dest"
+ mv $@
+}
+
+sha512sums="cf681f0626ef6d568d951cdc3e143471a1d7715a0ba11e52aa273cf5d8d421e1357ef2645cc85879eaefcd577e99e74d07b01566825b3d0461171ef2cbfc7704 llvm-4.0.0.src.tar.xz
+f84cd65d7042e89826ba6e8d48c4c302bf4980da369d7f19a55f217e51c00ca8ed178d453df3a3cee76598a7cecb94aed0775a6d24fe73266f82749913fc3e71 llvm-fix-build-with-musl-libc.patch
+19bfb9282455d39d07dbb2b1293b03a45c57d522fbb9c5e58dac034200669628b97e7a90cd4ff5d52d9bb79acfccbef653d8a1140a7f0589ecd6f9b7c4ba0eb6 llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch
+6d1a716e5aa24e6b9a3acf4cc11e2504b1b01abf574074e9e5617b991de87d5e4e687eb18e85e73d5e632568afe2fc357771c4c96f9e136502071991496fb78c cmake-fix-libLLVM-name.patch
+49c47f125014b60d0ea7870f981a2c1708ad705793f89287ed846ee881a837a4dc0170bf467e03f2ef56177473128945287749ac80dc2d13cfabcf8b929ba58a disable-FileSystemTest.CreateDir-perms-assert.patch
+97f788110abbb9e6add2e3a3d3b606dc2817ab726b74ead71241fc5433ba42d5d58e23be91a3b2444eb687c4f56a7c879bf5453e96f9785ce3541301329dda9c silent-amdgpu-test-failing.patch
+3bcfeccc1f14567f99029a131b1289290226d48855857f2eb6a251e041981a8b8b2d7965099df16ebf0a406e48130679f97235ef3f3524577413bb51cf40e613 fix-CheckAtomic.cmake.patch"
diff --git a/system/llvm4/cmake-fix-libLLVM-name.patch b/system/llvm4/cmake-fix-libLLVM-name.patch
new file mode 100644
index 000000000..cb29fe2ef
--- /dev/null
+++ b/system/llvm4/cmake-fix-libLLVM-name.patch
@@ -0,0 +1,26 @@
+Include version in name of shared libs
+
+libLLVM.so -> libLLVM-$MAJOR.$MINOR.so
+
+Source: http://pkgs.fedoraproject.org/cgit/rpms/llvm3.9.git/tree/llvm-soversion.patch?id=3dac83eaa5b88f550ae50125b14b8f644e10617b
+--- a/cmake/modules/AddLLVM.cmake
++++ b/cmake/modules/AddLLVM.cmake
+@@ -450,6 +450,18 @@
+ PREFIX ""
+ )
+ endif()
++
++ # Set SOVERSION on shared libraries that lack explicit SONAME
++ # specifier, on *nix systems that are not Darwin.
++ if(UNIX AND NOT APPLE AND NOT ARG_SONAME)
++ set_target_properties(${name}
++ PROPERTIES
++ # Concatenate the version numbers since ldconfig expects exactly
++ # one component indicating the ABI version, while LLVM uses
++ # major+minor for that.
++ SOVERSION ${LLVM_VERSION_MAJOR}.${LLVM_VERSION_MINOR}
++ VERSION ${LLVM_VERSION_MAJOR}.${LLVM_VERSION_MINOR}.${LLVM_VERSION_PATCH}${LLVM_VERSION_SUFFIX})
++ endif()
+ endif()
+
+ if(ARG_MODULE OR ARG_SHARED)
diff --git a/system/llvm4/disable-FileSystemTest.CreateDir-perms-assert.patch b/system/llvm4/disable-FileSystemTest.CreateDir-perms-assert.patch
new file mode 100644
index 000000000..e73ce9b6f
--- /dev/null
+++ b/system/llvm4/disable-FileSystemTest.CreateDir-perms-assert.patch
@@ -0,0 +1,61 @@
+Do not assert permissions of file created in /tmp directory.
+
+This assertion fails, probably due to some specific setup of /tmp
+on build servers.
+
+ FAIL: LLVM-Unit :: Support/SupportTests/FileSystemTest.CreateDir (1293 of 17222)
+ ******************** TEST 'LLVM-Unit :: Support/SupportTests/FileSystemTest.CreateDir' FAILED ********************
+ Note: Google Test filter = FileSystemTest.CreateDir
+ [==========] Running 1 test from 1 test case.
+ [----------] Global test environment set-up.
+ [----------] 1 test from FileSystemTest
+ [ RUN ] FileSystemTest.CreateDir
+ /home/buildozer/aports/testing/llvm3.9/src/llvm-3.9.1.src/unittests/Support/Path.cpp:591: Failure
+ Value of: fs::perms::owner_read | fs::perms::owner_exe
+ Actual: 320
+ Expected: Status.permissions() & fs::perms::all_all
+ Which is: 448
+
+--- a/unittests/Support/Path.cpp
++++ b/unittests/Support/Path.cpp
+@@ -579,23 +579,23 @@
+ ASSERT_NO_ERROR(fs::remove(Twine(TestDirectory) + "foo"));
+
+ #ifdef LLVM_ON_UNIX
+- // Set a 0000 umask so that we can test our directory permissions.
+- mode_t OldUmask = ::umask(0000);
+-
+- fs::file_status Status;
+- ASSERT_NO_ERROR(
+- fs::create_directory(Twine(TestDirectory) + "baz500", false,
+- fs::perms::owner_read | fs::perms::owner_exe));
+- ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz500", Status));
+- ASSERT_EQ(Status.permissions() & fs::perms::all_all,
+- fs::perms::owner_read | fs::perms::owner_exe);
+- ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "baz777", false,
+- fs::perms::all_all));
+- ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz777", Status));
+- ASSERT_EQ(Status.permissions() & fs::perms::all_all, fs::perms::all_all);
+-
+- // Restore umask to be safe.
+- ::umask(OldUmask);
++// // Set a 0000 umask so that we can test our directory permissions.
++// mode_t OldUmask = ::umask(0000);
++//
++// fs::file_status Status;
++// ASSERT_NO_ERROR(
++// fs::create_directory(Twine(TestDirectory) + "baz500", false,
++// fs::perms::owner_read | fs::perms::owner_exe));
++// ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz500", Status));
++// ASSERT_EQ(Status.permissions() & fs::perms::all_all,
++// fs::perms::owner_read | fs::perms::owner_exe);
++// ASSERT_NO_ERROR(fs::create_directory(Twine(TestDirectory) + "baz777", false,
++// fs::perms::all_all));
++// ASSERT_NO_ERROR(fs::status(Twine(TestDirectory) + "baz777", Status));
++// ASSERT_EQ(Status.permissions() & fs::perms::all_all, fs::perms::all_all);
++//
++// // Restore umask to be safe.
++// ::umask(OldUmask);
+ #endif
+
+ #ifdef LLVM_ON_WIN32
diff --git a/system/llvm4/fix-CheckAtomic.cmake.patch b/system/llvm4/fix-CheckAtomic.cmake.patch
new file mode 100644
index 000000000..a5309de6c
--- /dev/null
+++ b/system/llvm4/fix-CheckAtomic.cmake.patch
@@ -0,0 +1,22 @@
+This cmake file uses command CHECK_LIBRARY_EXISTS that is defined in
+module CheckLibraryExists, but it does not include that module.
+
+This caused build error in lldb, but only on x86 (not x86_64)...
+
+ -- Performing Test HAVE_CXX_ATOMICS64_WITHOUT_LIB - Failed
+ CMake Error at /usr/lib/llvm4/lib/cmake/llvm/CheckAtomic.cmake:66 (check_library_exists):
+ Unknown CMake command "check_library_exists".
+ Call Stack (most recent call first):
+ cmake/modules/LLDBStandalone.cmake:90 (include)
+ CMakeLists.txt:3 (include)
+
+--- a/cmake/modules/CheckAtomic.cmake
++++ b/cmake/modules/CheckAtomic.cmake
+@@ -1,6 +1,7 @@
+ # atomic builtins are required for threading support.
+
+ INCLUDE(CheckCXXSourceCompiles)
++INCLUDE(CheckLibraryExists)
+
+ # Sometimes linking against libatomic is required for atomic ops, if
+ # the platform doesn't support lock-free atomics.
diff --git a/system/llvm4/llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch b/system/llvm4/llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch
new file mode 100644
index 000000000..d5d7f07b5
--- /dev/null
+++ b/system/llvm4/llvm-fix-DynamicLibrary-to-build-with-musl-libc.patch
@@ -0,0 +1,33 @@
+From d12ecb83d01dcb580dd94f4d57828f33d3eb4c35 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Thu, 18 Feb 2016 15:33:21 +0100
+Subject: [PATCH 3/3] Fix DynamicLibrary to build with musl libc
+
+stdin/out/err is part of the libc and not the kernel so we check for the
+specific libc that does the unexpected instead of linux.
+
+This is needed for making it build with musl libc.
+---
+ lib/Support/DynamicLibrary.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/Support/DynamicLibrary.cpp b/lib/Support/DynamicLibrary.cpp
+index 9a7aeb5..0c1c8f8 100644
+--- a/lib/Support/DynamicLibrary.cpp
++++ b/lib/Support/DynamicLibrary.cpp
+@@ -140,10 +140,10 @@ void* DynamicLibrary::SearchForAddressOfSymbol(const char *symbolName) {
+ #define EXPLICIT_SYMBOL(SYM) \
+ if (!strcmp(symbolName, #SYM)) return &SYM
+
+-// On linux we have a weird situation. The stderr/out/in symbols are both
++// On GNU libc we have a weird situation. The stderr/out/in symbols are both
+ // macros and global variables because of standards requirements. So, we
+ // boldly use the EXPLICIT_SYMBOL macro without checking for a #define first.
+-#if defined(__linux__) and !defined(__ANDROID__)
++#if defined(__GLIBC__)
+ {
+ EXPLICIT_SYMBOL(stderr);
+ EXPLICIT_SYMBOL(stdout);
+--
+2.7.3
+
diff --git a/system/llvm4/llvm-fix-build-with-musl-libc.patch b/system/llvm4/llvm-fix-build-with-musl-libc.patch
new file mode 100644
index 000000000..6ee91ea44
--- /dev/null
+++ b/system/llvm4/llvm-fix-build-with-musl-libc.patch
@@ -0,0 +1,46 @@
+From 5c571082fdaf61f6df19d9b7137dc26d71334058 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Thu, 18 Feb 2016 10:33:04 +0100
+Subject: [PATCH 2/3] Fix build with musl libc
+
+On musl libc the fopen64 and fopen are the same thing, but for
+compatibility they have a `#define fopen64 fopen`. Same applies for
+fseek64, fstat64, fstatvfs64, ftello64, lstat64, stat64 and tmpfile64.
+---
+ include/llvm/Analysis/TargetLibraryInfo.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/include/llvm/Analysis/TargetLibraryInfo.h b/include/llvm/Analysis/TargetLibraryInfo.h
+index 7becdf0..7f14427 100644
+--- a/include/llvm/Analysis/TargetLibraryInfo.h
++++ b/include/llvm/Analysis/TargetLibraryInfo.h
+@@ -18,6 +18,26 @@
+ #include "llvm/IR/Module.h"
+ #include "llvm/Pass.h"
+
++#undef fopen64
++#undef fseeko64
++#undef fstat64
++#undef fstatvfs64
++#undef ftello64
++#undef lstat64
++#undef stat64
++#undef tmpfile64
++#undef F_GETLK64
++#undef F_SETLK64
++#undef F_SETLKW64
++#undef flock64
++#undef open64
++#undef openat64
++#undef creat64
++#undef lockf64
++#undef posix_fadvise64
++#undef posix_fallocate64
++#undef off64_t
++
+ namespace llvm {
+ /// VecDesc - Describes a possible vectorization of a function.
+ /// Function 'VectorFnName' is equivalent to 'ScalarFnName' vectorized
+--
+2.7.3
+
diff --git a/system/llvm4/silent-amdgpu-test-failing.patch b/system/llvm4/silent-amdgpu-test-failing.patch
new file mode 100644
index 000000000..e20cee595
--- /dev/null
+++ b/system/llvm4/silent-amdgpu-test-failing.patch
@@ -0,0 +1,40 @@
+See https://bugs.llvm.org//show_bug.cgi?id=31610
+
+--- a/test/CodeGen/AMDGPU/invalid-opencl-version-metadata1.ll
++++ b/test/CodeGen/AMDGPU/invalid-opencl-version-metadata1.ll
+@@ -2,5 +2,6 @@
+ ; check llc does not crash for invalid opencl version metadata
+
+ ; CHECK: { amd.MDVersion: [ 2, 0 ] }
++; XFAIL: *
+
+ !opencl.ocl.version = !{}
+--- a/test/CodeGen/AMDGPU/invalid-opencl-version-metadata2.ll
++++ b/test/CodeGen/AMDGPU/invalid-opencl-version-metadata2.ll
+@@ -2,6 +2,7 @@
+ ; check llc does not crash for invalid opencl version metadata
+
+ ; CHECK: { amd.MDVersion: [ 2, 0 ] }
++; XFAIL: *
+
+ !opencl.ocl.version = !{!0}
+ !0 = !{}
+--- a/test/CodeGen/AMDGPU/invalid-opencl-version-metadata3.ll
++++ b/test/CodeGen/AMDGPU/invalid-opencl-version-metadata3.ll
+@@ -2,6 +2,7 @@
+ ; check llc does not crash for invalid opencl version metadata
+
+ ; CHECK: { amd.MDVersion: [ 2, 0 ] }
++; XFAIL: *
+
+ !opencl.ocl.version = !{!0}
+ !0 = !{i32 1}
+--- a/test/CodeGen/AMDGPU/runtime-metadata.ll
++++ b/test/CodeGen/AMDGPU/runtime-metadata.ll
+@@ -1,5 +1,6 @@
+ ; RUN: llc -mtriple=amdgcn--amdhsa -filetype=obj -o - < %s | llvm-readobj -amdgpu-runtime-metadata | FileCheck %s
+ ; RUN: llc -mtriple=amdgcn--amdhsa -filetype=obj -amdgpu-dump-rtmd -amdgpu-check-rtmd-parser %s -o - 2>&1 | FileCheck --check-prefix=CHECK --check-prefix=PARSER %s
++; XFAIL: *
+
+ %struct.A = type { i8, float }
+ %opencl.image1d_t = type opaque
diff --git a/system/mesa/APKBUILD b/system/mesa/APKBUILD
new file mode 100644
index 000000000..ceb22c20f
--- /dev/null
+++ b/system/mesa/APKBUILD
@@ -0,0 +1,252 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mesa
+pkgver=17.3.1
+pkgrel=1
+pkgdesc="Mesa DRI OpenGL library"
+url="http://www.mesa3d.org"
+arch="all"
+license="LGPL"
+depends=
+subpackages="$pkgname-dev
+ $pkgname-dri-ati:_dri
+ $pkgname-dri-nouveau:_dri
+ $pkgname-dri-freedreno:_dri
+ $pkgname-dri-swrast:_dri
+ $pkgname-dri-virtio:_dri
+ $pkgname-glapi $pkgname-egl $pkgname-gl $pkgname-gles
+ $pkgname-xatracker $pkgname-osmesa $pkgname-gbm
+ $pkgname-libwayland-egl:_wayland
+ "
+_llvmver=4
+depends_dev="libdrm-dev dri2proto libxext-dev libxdamage-dev libxcb-dev glproto
+ dri3proto presentproto libxshmfence-dev"
+makedepends="$depends_dev expat-dev xextproto libxt-dev makedepend py3-mako
+ flex bison llvm$_llvmver-dev eudev-dev libvdpau-dev python3 py-libxml2
+ libxvmc-dev gettext zlib-dev wayland-dev libelf-dev wayland-protocols
+ autoconf automake libtool libxxf86vm-dev libx11-dev libxfixes-dev"
+source="https://mesa.freedesktop.org/archive/mesa-$pkgver.tar.xz
+ glx_ro_text_segm.patch
+ musl-fixes.patch
+ musl-fix-includes.patch
+ disk_cache-stack-overflow.patch
+ drmdeps.patch
+ python3-compat.patch
+ "
+replaces="mesa-dricore"
+
+_dri_driverdir=/usr/lib/xorg/modules/dri
+_dri_drivers="r200,radeon,nouveau,swrast"
+_gallium_drivers="r300,r600,radeonsi,nouveau,freedreno,swrast,virgl"
+_vulkan_drivers="radeon"
+
+builddir="$srcdir/mesa-$pkgver"
+
+_arch_opts=
+
+case "$CARCH" in
+x86* | pmmx)
+ _dri_drivers="${_dri_drivers},i915,i965"
+ _gallium_drivers="${_gallium_drivers},svga"
+ _vulkan_drivers="${_vulkan_drivers},intel"
+ subpackages="$subpackages $pkgname-dri-intel:_dri $pkgname-dri-vmwgfx:_dri"
+ ;;
+arm*)
+ _gallium_drivers="${_gallium_drivers},vc4"
+ case "$CARCH" in
+ armhf) CFLAGS="$CFLAGS -mfpu=neon";;
+ esac
+ ;;
+esac
+
+prepare() {
+ cd "$builddir"
+ default_prepare
+ libtoolize --force \
+ && aclocal \
+ && automake --add-missing \
+ && autoreconf
+}
+
+build() {
+ cd "$builddir"
+
+ export CFLAGS="$CFLAGS -D_XOPEN_SOURCE=700"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --with-dri-driverdir=$_dri_driverdir \
+ --disable-asm \
+ --disable-xvmc \
+ --enable-glx-rts \
+ --with-gallium-drivers=${_gallium_drivers} \
+ --with-dri-drivers=${_dri_drivers} \
+ --with-vulkan-drivers=${_vulkan_drivers} \
+ --with-llvm-prefix=/usr/lib/llvm$_llvmver \
+ --enable-llvm-shared-libs \
+ --enable-llvm \
+ --with-platforms=x11,drm,wayland \
+ --enable-shared-glapi \
+ --enable-gbm \
+ --disable-glx-tls \
+ --disable-nine \
+ --enable-dri \
+ --enable-dri3 \
+ --enable-glx \
+ --enable-osmesa \
+ --enable-gles1 \
+ --enable-gles2 \
+ --enable-egl \
+ --enable-texture-float \
+ --enable-xa \
+ --enable-vdpau \
+ $_arch_opts
+
+ make
+}
+
+check() {
+ cd "$builddir"
+ # Compiler test requires LLVM 3.8 and Python 2
+ for i in gtest util mapi; do
+ make -C "src/$i" check
+ done
+}
+
+package() {
+ cd "$builddir"
+ make -j1 DESTDIR="$pkgdir" install
+}
+
+egl() {
+ replaces="mesa"
+ pkgdesc="Mesa libEGL runtime libraries"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libEGL.so* \
+ "$subpkgdir"/usr/lib/
+}
+
+gl() {
+ replaces="mesa"
+ pkgdesc="Mesa libGL runtime libraries"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libGL.so* \
+ "$subpkgdir"/usr/lib/
+}
+
+glapi() {
+ replaces="$pkgname-gles"
+ pkgdesc="Mesa shared glapi"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libglapi.so.* \
+ "$subpkgdir"/usr/lib/
+}
+
+gles() {
+ replaces="mesa"
+ pkgdesc="Mesa libGLESv2 runtime libraries"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libGLES*.so* \
+ "$subpkgdir"/usr/lib/
+}
+
+xatracker() {
+ pkgdesc="Mesa XA state tracker for vmware"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libxatracker*.so.* \
+ "$subpkgdir"/usr/lib/
+}
+
+osmesa() {
+ pkgdesc="Mesa offscreen rendering libraries"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libOSMesa.so.* \
+ "$subpkgdir"/usr/lib/
+}
+
+gbm() {
+ pkgdesc="Mesa gbm library"
+ replaces="mesa"
+ install -d "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libgbm.so.* \
+ "$subpkgdir"/usr/lib/
+}
+
+_mv_dri() {
+ install -d "$subpkgdir"/$_dri_driverdir
+
+ while [ $# -gt 0 ]; do
+ mv "$pkgdir"/$_dri_driverdir/${1}.so \
+ "$subpkgdir"/$_dri_driverdir/ || return 1
+ shift
+ done
+}
+
+_mv_vdpau() {
+ local i
+ install -d "$subpkgdir"/usr/lib/vdpau
+ for i in "$@"; do
+ mv "$pkgdir"/usr/lib/vdpau/libvdpau_$i.* \
+ "$subpkgdir"/usr/lib/vdpau/ || return 1
+ done
+}
+
+_mv_gpipe() {
+ return 0
+ # http://cgit.freedesktop.org/mesa/mesa/commit/?id=44ec468e8033553c26a112cebba41c343db00eb1
+ # https://code.google.com/p/chromium/issues/detail?id=412089
+# local i
+# install -d "$subpkgdir"/usr/lib/gallium-pipe
+# for i in "$@"; do
+# mv "$pkgdir"/usr/lib/gallium-pipe/pipe_$i.* \
+# "$subpkgdir"/usr/lib/gallium-pipe/ || return 1
+# done
+}
+
+_dri() {
+ local n=${subpkgname##*-dri-}
+ pkgdesc="Mesa DRI driver for $n"
+ case $n in
+ ati)
+ _mv_dri radeon_dri r200_dri r300_dri r600_dri radeonsi_dri \
+ && _mv_vdpau r300 r600 radeonsi \
+ && _mv_gpipe r300 r600
+ ;;
+ intel)
+ _mv_dri i915_dri i965_dri
+ ;;
+ nouveau)
+ _mv_dri nouveau_dri nouveau_vieux_dri \
+ && _mv_vdpau nouveau \
+ && _mv_gpipe nouveau
+ ;;
+ freedreno)
+ _mv_dri msm_dri kgsl_dri
+ ;;
+ swrast)
+ _mv_dri swrast_dri kms_swrast_dri && _mv_gpipe swrast
+ ;;
+ vmwgfx)
+ _mv_dri vmwgfx_dri && _mv_gpipe vmwgfx
+ ;;
+ virtio)
+ _mv_dri virtio_gpu_dri
+ ;;
+ esac
+}
+
+_wayland() {
+ pkgdesc="Mesa libwayland-egl library"
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libwayland-egl.so.* "$subpkgdir"/usr/lib/ \
+ || return 1
+}
+
+sha512sums="a2bd0123bf2df0db03197001a9e001b25f2609f3c6bf1bae66f3bc50c51d2558b5b77e232e81c1658c3a4dec88eda32a8b5a85c1fedc937a7441476228ef8238 mesa-17.3.1.tar.xz
+c3d4804ebc24c7216e4c9d4995fb92e116be7f478024b44808ee134a4c93bb51d1f66fe5fb6eca254f124c4abf6f81272b027824b3e2650a9607818bf793035a glx_ro_text_segm.patch
+edb9c221b093117f48fa298ae557f1d6ed9bbf32d7d262ad4ddb51d26ece94e3efac17670784606052b2ebe8d3dc2b221164f6b52f5282eb3318e6377932be04 musl-fixes.patch
+c7d91a660a033df91fac9c557039efc8669f0c26b2d35997d50753938b70d1af0bd110dcab3f8236eafab7d4be5dd7cd128a3e057e67e7e6a38a73fd6a7ef62e musl-fix-includes.patch
+f40ff04ac73c090c74d1955de6013c5aa41fb77f28b2b82d89cfc1880306a9ca1dde4581592db19f0a0ec6d85032f1ed5d953103ab0d075f9f0b7e459a028c45 disk_cache-stack-overflow.patch
+6800bc62aebfba22a2562c858c27391b47c5675020bd67f040da93ffe4d5d8ac828907a44c7cee6a4ebe63821b58c2515b4012f1f23473670b1de8670426a430 drmdeps.patch
+be91c579111e4ceadf094fcd55fff46ff12c360e2d89c98fac50fbd3bb2459dbd1209d562d27338b94b20bbeae5fca2dd881694bd0da55fca8cdfe253ae384f1 python3-compat.patch"
diff --git a/system/mesa/disk_cache-stack-overflow.patch b/system/mesa/disk_cache-stack-overflow.patch
new file mode 100644
index 000000000..3fad95259
--- /dev/null
+++ b/system/mesa/disk_cache-stack-overflow.patch
@@ -0,0 +1,42 @@
+The disk cache code tries to allocate a 256 Kbyte buffer on the stack.
+Since musl only gives 80 Kbyte of stack space per thread, this causes a trap.
+
+--- mesa-17.3.1/src/util/disk_cache.c.old 2017-12-21 11:31:22.000000000 -0600
++++ mesa-17.3.1/src/util/disk_cache.c 2017-12-29 01:17:15.625633901 -0600
+@@ -716,7 +716,7 @@
+ deflate_and_write_to_disk(const void *in_data, size_t in_data_size, int dest,
+ const char *filename)
+ {
+- unsigned char out[BUFSIZE];
++ unsigned char *out;
+
+ /* allocate deflate state */
+ z_stream strm;
+@@ -733,6 +733,11 @@
+ /* compress until end of in_data */
+ size_t compressed_size = 0;
+ int flush;
++
++ out = calloc(1, BUFSIZE);
++ if (out == NULL)
++ return 0;
++
+ do {
+ int remaining = in_data_size - BUFSIZE;
+ flush = remaining > 0 ? Z_NO_FLUSH : Z_FINISH;
+@@ -754,6 +759,7 @@
+ ssize_t written = write_all(dest, out, have);
+ if (written == -1) {
+ (void)deflateEnd(&strm);
++ free(out);
+ return 0;
+ }
+ } while (strm.avail_out == 0);
+@@ -768,6 +774,7 @@
+
+ /* clean up and return */
+ (void)deflateEnd(&strm);
++ free(out);
+ return compressed_size;
+ }
+
diff --git a/system/mesa/drmdeps.patch b/system/mesa/drmdeps.patch
new file mode 100644
index 000000000..edcb80643
--- /dev/null
+++ b/system/mesa/drmdeps.patch
@@ -0,0 +1,41 @@
+--- a/src/gallium/winsys/radeon/drm/Makefile.am 2017-08-10 11:45:20.737377457 -0400
++++ b/src/gallium/winsys/radeon/drm/Makefile.am 2017-08-10 11:50:23.414534307 -0400
+@@ -7,4 +7,6 @@
+
+ noinst_LTLIBRARIES = libradeonwinsys.la
+
++libradeonwinsys_la_LIBADD = -ldrm_radeon
++
+ libradeonwinsys_la_SOURCES = $(C_SOURCES)
+--- a/src/gallium/winsys/radeon/drm/Makefile.in 2017-08-10 11:45:25.577298181 -0400
++++ b/src/gallium/winsys/radeon/drm/Makefile.in 2017-08-10 11:57:11.151189074 -0400
+@@ -119,7 +119,7 @@
+ CONFIG_CLEAN_FILES =
+ CONFIG_CLEAN_VPATH_FILES =
+ LTLIBRARIES = $(noinst_LTLIBRARIES)
+-libradeonwinsys_la_LIBADD =
++libradeonwinsys_la_LIBADD = -ldrm_radeon
+ am__objects_1 = radeon_drm_bo.lo radeon_drm_cs.lo \
+ radeon_drm_surface.lo radeon_drm_winsys.lo
+ am_libradeonwinsys_la_OBJECTS = $(am__objects_1)
+--- a/src/gallium/winsys/amdgpu/drm/Makefile.am 2017-12-21 11:31:21.000000000 -0600
++++ b/src/gallium/winsys/amdgpu/drm/Makefile.am 2017-12-28 19:24:48.613693400 -0600
+@@ -11,6 +11,6 @@
+ noinst_LTLIBRARIES = libamdgpuwinsys.la
+
+ libamdgpuwinsys_la_LIBADD = \
+- $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la
++ $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la -ldrm_amdgpu
+
+ libamdgpuwinsys_la_SOURCES = $(C_SOURCES)
+--- a/src/gallium/winsys/amdgpu/drm/Makefile.in 2017-12-21 11:31:30.000000000 -0600
++++ b/src/gallium/winsys/amdgpu/drm/Makefile.in 2017-12-28 19:25:22.553597353 -0600
+@@ -572,7 +572,7 @@
+ AM_CXXFLAGS = $(AM_CFLAGS)
+ noinst_LTLIBRARIES = libamdgpuwinsys.la
+ libamdgpuwinsys_la_LIBADD = \
+- $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la
++ $(top_builddir)/src/amd/addrlib/libamdgpu_addrlib.la -ldrm_amdgpu
+
+ libamdgpuwinsys_la_SOURCES = $(C_SOURCES)
+ all: all-am
diff --git a/system/mesa/glx_ro_text_segm.patch b/system/mesa/glx_ro_text_segm.patch
new file mode 100644
index 000000000..8cad4876b
--- /dev/null
+++ b/system/mesa/glx_ro_text_segm.patch
@@ -0,0 +1,28 @@
+2011-02-09 Jeremy Huddleston <jeremyhu@freedesktop.org
+
+ #240956
+ * configure.ac add support to enable readonly test segment on x86
+
+--- ./configure.ac.orig 2008-11-17 23:19:38.000000000 +0100
++++ ./configure.ac 2008-11-17 23:20:17.000000000 +0100
+@@ -499,6 +499,20 @@
+ enable_xcb=no
+ fi
+
++
++dnl readonly text segment on x86 hardened platforms
++AC_ARG_ENABLE([glx_rts],
++ [AS_HELP_STRING([--enable-glx-rts],
++ [on x86, use a readonly text segment for libGL @<:@default=disabled@:>@])],
++ [enable_glx_rts="$enableval"],
++ [enable_glx_rts=no])
++if test "x$enable_glx_rts" = xyes; then
++ DEFINES="$DEFINES -DGLX_X86_READONLY_TEXT"
++else
++ enable_glx_rts=no
++fi
++
++
+ dnl
+ dnl libGL configuration per driver
+ dnl
diff --git a/system/mesa/musl-fix-includes.patch b/system/mesa/musl-fix-includes.patch
new file mode 100644
index 000000000..2f6cc1d13
--- /dev/null
+++ b/system/mesa/musl-fix-includes.patch
@@ -0,0 +1,14 @@
+diff --git a/src/util/rand_xor.c b/src/util/rand_xor.c
+index de05fa6..016703c 100644
+--- a/src/util/rand_xor.c
++++ b/src/util/rand_xor.c
+@@ -24,6 +24,9 @@
+
+ #if defined(__linux__)
+ #include <sys/file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <fcntl.h>
+ #include <unistd.h>
+ #else
+ #include <time.h>
diff --git a/system/mesa/musl-fixes.patch b/system/mesa/musl-fixes.patch
new file mode 100644
index 000000000..60140d445
--- /dev/null
+++ b/system/mesa/musl-fixes.patch
@@ -0,0 +1,22 @@
+--- ./src/gallium/winsys/svga/drm/vmw_screen.h.orig
++++ ./src/gallium/winsys/svga/drm/vmw_screen.h
+@@ -34,7 +34,7 @@
+ #ifndef VMW_SCREEN_H_
+ #define VMW_SCREEN_H_
+
+-
++#include <sys/stat.h>
+ #include "pipe/p_compiler.h"
+ #include "pipe/p_state.h"
+
+--- a/src/util/u_endian.h.orig 2016-11-04 12:16:00.480356454 +0100
++++ b/src/util/u_endian.h 2016-11-04 12:16:11.984347944 +0100
+@@ -27,7 +27,7 @@
+ #ifndef U_ENDIAN_H
+ #define U_ENDIAN_H
+
+-#if defined(__GLIBC__) || defined(ANDROID) || defined(__CYGWIN__)
++#if defined(__linux__) || defined(ANDROID) || defined(__CYGWIN__)
+ #include <endian.h>
+
+ #if __BYTE_ORDER == __LITTLE_ENDIAN
diff --git a/system/mesa/python3-compat.patch b/system/mesa/python3-compat.patch
new file mode 100644
index 000000000..8532f8c0c
--- /dev/null
+++ b/system/mesa/python3-compat.patch
@@ -0,0 +1,106 @@
+--- mesa-17.3.1/src/gallium/drivers/r600/egd_tables.py (original)
++++ mesa-17.3.1/src/gallium/drivers/r600/egd_tables.py (refactored)
+@@ -60,7 +60,7 @@
+ """
+ fragments = [
+ '"%s\\0" /* %s */' % (
+- te[0].encode('string_escape'),
++ te[0].encode('unicode-escape'),
+ ', '.join(str(idx) for idx in te[2])
+ )
+ for te in self.table
+@@ -217,10 +217,10 @@
+ strings = StringTable()
+ strings_offsets = IntTable("int")
+
+- print '/* This file is autogenerated by egd_tables.py from evergreend.h. Do not edit directly. */'
+- print
+- print CopyRight.strip()
+- print '''
++ print('/* This file is autogenerated by egd_tables.py from evergreend.h. Do not edit directly. */')
++ print()
++ print(CopyRight.strip())
++ print('''
+ #ifndef EG_TABLES_H
+ #define EG_TABLES_H
+
+@@ -242,20 +242,20 @@
+ unsigned name_offset;
+ unsigned op;
+ };
+-'''
+-
+- print 'static const struct eg_packet3 packet3_table[] = {'
++''')
++
++ print('static const struct eg_packet3 packet3_table[] = {')
+ for pkt in packets:
+- print '\t{%s, %s},' % (strings.add(pkt[5:]), pkt)
+- print '};'
+- print
+-
+- print 'static const struct eg_field egd_fields_table[] = {'
++ print('\t{%s, %s},' % (strings.add(pkt[5:]), pkt))
++ print('};')
++ print()
++
++ print('static const struct eg_field egd_fields_table[] = {')
+
+ fields_idx = 0
+ for reg in regs:
+ if len(reg.fields) and reg.own_fields:
+- print '\t/* %s */' % (fields_idx)
++ print('\t/* %s */' % (fields_idx))
+
+ reg.fields_idx = fields_idx
+
+@@ -266,34 +266,34 @@
+ while value[1] >= len(values_offsets):
+ values_offsets.append(-1)
+ values_offsets[value[1]] = strings.add(strip_prefix(value[0]))
+- print '\t{%s, %s(~0u), %s, %s},' % (
++ print('\t{%s, %s(~0u), %s, %s},' % (
+ strings.add(field.name), field.s_name,
+- len(values_offsets), strings_offsets.add(values_offsets))
++ len(values_offsets), strings_offsets.add(values_offsets)))
+ else:
+- print '\t{%s, %s(~0u)},' % (strings.add(field.name), field.s_name)
++ print('\t{%s, %s(~0u)},' % (strings.add(field.name), field.s_name))
+ fields_idx += 1
+
+- print '};'
+- print
+-
+- print 'static const struct eg_reg egd_reg_table[] = {'
++ print('};')
++ print()
++
++ print('static const struct eg_reg egd_reg_table[] = {')
+ for reg in regs:
+ if len(reg.fields):
+- print '\t{%s, %s, %s, %s},' % (strings.add(reg.name), reg.r_name,
+- len(reg.fields), reg.fields_idx if reg.own_fields else reg.fields_owner.fields_idx)
++ print('\t{%s, %s, %s, %s},' % (strings.add(reg.name), reg.r_name,
++ len(reg.fields), reg.fields_idx if reg.own_fields else reg.fields_owner.fields_idx))
+ else:
+- print '\t{%s, %s},' % (strings.add(reg.name), reg.r_name)
+- print '};'
+- print
++ print('\t{%s, %s},' % (strings.add(reg.name), reg.r_name))
++ print('};')
++ print()
+
+ strings.emit(sys.stdout, "egd_strings")
+
+- print
++ print()
+
+ strings_offsets.emit(sys.stdout, "egd_strings_offsets")
+
+- print
+- print '#endif'
++ print()
++ print('#endif')
+
+
+ def main():
diff --git a/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch b/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
new file mode 100644
index 000000000..f6996b3fc
--- /dev/null
+++ b/system/openrc/0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
@@ -0,0 +1,25 @@
+From 94742e085ac96d366401df883df96d35d0eafd5a Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 1 Feb 2017 04:04:52 +0000
+Subject: [PATCH 1/7] call /sbin/mkmntdirs in localmount OpenRC service
+
+---
+ init.d/localmount.in | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/init.d/localmount.in b/init.d/localmount.in
+index cae80c34..3dbb375b 100644
+--- a/init.d/localmount.in
++++ b/init.d/localmount.in
+@@ -21,6 +21,8 @@ depend()
+
+ start()
+ {
++ [ -x /sbin/mkmntdirs ] && mkmntdirs
++
+ # Mount local filesystems in /etc/fstab.
+ # The types variable must start with no, and must be a type
+ local critical= types="noproc" x= no_netdev= rc=
+--
+2.11.0
+
diff --git a/system/openrc/0002-force-root-be-rw-before-localmount.patch b/system/openrc/0002-force-root-be-rw-before-localmount.patch
new file mode 100644
index 000000000..1c9f12c1a
--- /dev/null
+++ b/system/openrc/0002-force-root-be-rw-before-localmount.patch
@@ -0,0 +1,30 @@
+From 228df9f1f21e08ec659d5fcf1f716393e563a3a5 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 1 Feb 2017 04:05:44 +0000
+Subject: [PATCH 2/7] force root be rw before localmount
+
+The service that pulls in root remount is mtab which we dont need/use.
+---
+ init.d/localmount.in | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/init.d/localmount.in b/init.d/localmount.in
+index 9c8da2d0..c349c951 100644
+--- a/init.d/localmount.in
++++ b/init.d/localmount.in
+@@ -13,9 +13,9 @@ description="Mounts disks and swap according to /etc/fstab."
+
+ depend()
+ {
+- need fsck
+- use lvm modules mtab root
+- after lvm modules root
++ need fsck root
++ use lvm modules mtab
++ after lvm modules
+ keyword -docker -jail -lxc -prefix -systemd-nspawn -vserver
+ }
+
+--
+2.11.1
+
diff --git a/system/openrc/0003-sysctl-add-compatibility-for-busybox-sysctl.patch b/system/openrc/0003-sysctl-add-compatibility-for-busybox-sysctl.patch
new file mode 100644
index 000000000..3803bcca8
--- /dev/null
+++ b/system/openrc/0003-sysctl-add-compatibility-for-busybox-sysctl.patch
@@ -0,0 +1,46 @@
+From ed120780512b6dd0bfabba0ea59d06d1099924b0 Mon Sep 17 00:00:00 2001
+From: William Pitcock <nenolod@dereferenced.org>
+Date: Wed, 1 Feb 2017 04:08:33 +0000
+Subject: [PATCH 3/7] sysctl: add compatibility for busybox sysctl
+
+---
+ init.d/sysctl.in | 21 +++++++++++++++++++--
+ 1 file changed, 19 insertions(+), 2 deletions(-)
+
+diff --git a/init.d/sysctl.in b/init.d/sysctl.in
+index cb756f3a..fc22364b 100644
+--- a/init.d/sysctl.in
++++ b/init.d/sysctl.in
+@@ -38,10 +38,27 @@ BSD_sysctl()
+
+ Linux_sysctl()
+ {
+- local quiet
++ local quiet retval=0
+ yesno $rc_verbose || quiet=-q
+
+- sysctl ${quiet} --system
++ set --
++ eindent
++ for i in /run/sysctl.d/*.conf \
++ /etc/sysctl.d/*.conf \
++ /usr/local/lib/sysctl.d/*.conf \
++ /usr/lib/sysctl.d/*.conf \
++ /lib/sysctl.d/*.conf \
++ /etc/sysctl.conf; do
++ if [ -e "$i" ]; then
++ vebegin "applying $conf"
++ sysctl ${quiet} -p "$i"
++ retval=$(( $retval + $? ))
++ veend $retval
++ fi
++ done
++ eoutdent
++
++ return $retval
+ }
+
+ start()
+--
+2.11.0
+
diff --git a/system/openrc/0004-hide-error-when-migrating-var-run-to-run.patch b/system/openrc/0004-hide-error-when-migrating-var-run-to-run.patch
new file mode 100644
index 000000000..801d3b236
--- /dev/null
+++ b/system/openrc/0004-hide-error-when-migrating-var-run-to-run.patch
@@ -0,0 +1,28 @@
+From 496b984f889531bf629d77a5fa2211f8cb0a1183 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 17 Aug 2016 17:18:21 +0200
+Subject: [PATCH 4/7] hide error when migrating /var/run to /run
+
+The script tries to copy non-existing files. We simply hide the error
+
+http://bugs.alpinelinux.org/issues/3160
+---
+ init.d/bootmisc.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in
+index efc1c572..6e473ade 100644
+--- a/init.d/bootmisc.in
++++ b/init.d/bootmisc.in
+@@ -112,7 +112,7 @@ migrate_to_run()
+ rm $src
+ elif [ ! -L $src -a -d $src ]; then
+ ebegin "Migrating $src to $dst"
+- cp -a $src/* $dst/
++ cp -a $src/* $dst/ 2>/dev/null
+ rm -rf $src
+ eend $?
+ fi
+--
+2.11.0
+
diff --git a/system/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch b/system/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
new file mode 100644
index 000000000..eb1ad1408
--- /dev/null
+++ b/system/openrc/0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
@@ -0,0 +1,71 @@
+From b62d7b9438af6dac50d52708777070f312e6650c Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 1 Feb 2017 04:17:14 +0000
+Subject: [PATCH 5/7] rc: pull in sysinit and boot as stacked levels when
+ needed
+
+We need start services from sysinit and boot runlevel, even if the new
+runlevel is empty.
+
+This fixes problem introduced with commit 7716bf31 (Fix stacked runlevel
+support), at which the start_services list are no longer used to start
+the services.
+
+This also make sure that all services in sysinit and boot runlevels are
+started before switching to next. This was not guaranteed when switching
+to a non-empty runlevel.
+
+Fixes issue #54.
+---
+ src/rc/rc.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/rc/rc.c b/src/rc/rc.c
+index 110591e4..13a7e0d4 100644
+--- a/src/rc/rc.c
++++ b/src/rc/rc.c
+@@ -738,6 +738,7 @@ int main(int argc, char **argv)
+ const char *bootlevel = NULL;
+ char *newlevel = NULL;
+ const char *systype = NULL;
++ RC_STRINGLIST *runlevel_chain;
+ RC_STRINGLIST *deporder = NULL;
+ RC_STRINGLIST *tmplist;
+ RC_STRING *service;
+@@ -993,6 +994,7 @@ int main(int argc, char **argv)
+ main_hotplugged_services = rc_services_in_state(RC_SERVICE_HOTPLUGGED);
+ main_start_services = rc_services_in_runlevel_stacked(newlevel ?
+ newlevel : runlevel);
++ runlevel_chain = rc_runlevel_stacks(newlevel ? newlevel : runlevel);
+ if (strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SHUTDOWN) != 0 &&
+ strcmp(newlevel ? newlevel : runlevel, RC_LEVEL_SYSINIT) != 0)
+ {
+@@ -1010,6 +1012,7 @@ int main(int argc, char **argv)
+ tmplist = rc_services_in_runlevel(bootlevel);
+ TAILQ_CONCAT(main_start_services, tmplist, entries);
+ free(tmplist);
++ rc_stringlist_add(runlevel_chain, bootlevel);
+ }
+ if (main_hotplugged_services) {
+ TAILQ_FOREACH(service, main_hotplugged_services,
+@@ -1018,6 +1021,7 @@ int main(int argc, char **argv)
+ service->value);
+ }
+ }
++ rc_stringlist_add(runlevel_chain, RC_LEVEL_SYSINIT);
+ }
+
+ parallel = rc_conf_yesno("rc_parallel");
+@@ -1074,9 +1078,6 @@ int main(int argc, char **argv)
+
+ /* If we have a list of services to start then... */
+ if (main_start_services) {
+- /* Get a list of the chained runlevels which compose the target runlevel */
+- RC_STRINGLIST *runlevel_chain = rc_runlevel_stacks(runlevel);
+-
+ /* Loop through them in reverse order. */
+ RC_STRING *rlevel;
+ TAILQ_FOREACH_REVERSE(rlevel, runlevel_chain, rc_stringlist, entries)
+--
+2.11.0
+
diff --git a/system/openrc/0006-mount-efivars-read-only.patch b/system/openrc/0006-mount-efivars-read-only.patch
new file mode 100644
index 000000000..ec2321dd2
--- /dev/null
+++ b/system/openrc/0006-mount-efivars-read-only.patch
@@ -0,0 +1,27 @@
+From 37feb4b716525f0c5c5469f21686ab4efcf06fab Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 1 Feb 2017 04:18:53 +0000
+Subject: [PATCH 6/7] mount efivars read-only
+
+unintentional writes to efivars may result in bricked hardware. mount it
+read-only to play safe.
+---
+ init.d/sysfs.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/init.d/sysfs.in b/init.d/sysfs.in
+index e493f584..bfd0d438 100644
+--- a/init.d/sysfs.in
++++ b/init.d/sysfs.in
+@@ -101,7 +101,7 @@ mount_misc()
+ if [ -d /sys/firmware/efi/efivars ] &&
+ ! mountinfo -q /sys/firmware/efi/efivars; then
+ ebegin "Mounting efivarfs filesystem"
+- mount -n -t efivarfs -o ${sysfs_opts} \
++ mount -n -t efivarfs -o ro,${sysfs_opts} \
+ efivarfs /sys/firmware/efi/efivars 2> /dev/null
+ eend 0
+ fi
+--
+2.11.1
+
diff --git a/system/openrc/0007-make-consolefont-service-compatible-with-busyboxs-se.patch b/system/openrc/0007-make-consolefont-service-compatible-with-busyboxs-se.patch
new file mode 100644
index 000000000..6c23e2ab0
--- /dev/null
+++ b/system/openrc/0007-make-consolefont-service-compatible-with-busyboxs-se.patch
@@ -0,0 +1,70 @@
+From 3d0d2b89745597ea973129eafa3f999cf19d761f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=B6ren=20Tempel?= <soeren+git@soeren-tempel.net>
+Date: Wed, 17 Aug 2016 17:52:58 +0200
+Subject: [PATCH 7/7] make consolefont service compatible with busyboxs setfont
+ applet
+
+Compared to kdbs setfont program it doesn't support -O and -m.
+---
+ conf.d/consolefont | 11 ++---------
+ init.d/consolefont.in | 7 ++-----
+ 2 files changed, 4 insertions(+), 14 deletions(-)
+
+diff --git a/conf.d/consolefont b/conf.d/consolefont
+index e01ae842..75544b2f 100644
+--- a/conf.d/consolefont
++++ b/conf.d/consolefont
+@@ -3,16 +3,9 @@
+ #
+ # consolefont specifies the default font that you'd like Linux to use on the
+ # console. You can find a good selection of fonts in /usr/share/consolefonts;
+-# you shouldn't specify the trailing ".psf.gz", just the font name below.
+-# To use the default console font, comment out the CONSOLEFONT setting below.
+-consolefont="default8x16"
++consolefont="default8x16.psf.gz"
+
+ # consoletranslation is the charset map file to use. Leave commented to use
+ # the default one. Have a look in /usr/share/consoletrans for a selection of
+ # map files you can use.
+-#consoletranslation="8859-1_to_uni"
+-
+-# unicodemap is the unicode map file to use. Leave commented to use the
+-# default one. Have a look in /usr/share/unimaps for a selection of map files
+-# you can use.
+-#unicodemap="iso01"
++#consoletranslation="8859-1_to_uni.trans"
+diff --git a/init.d/consolefont.in b/init.d/consolefont.in
+index 9fe95afa..173ed426 100644
+--- a/init.d/consolefont.in
++++ b/init.d/consolefont.in
+@@ -22,7 +22,6 @@ start()
+ {
+ ttyn=${rc_tty_number:-${RC_TTY_NUMBER:-12}}
+ consolefont=${consolefont:-${CONSOLEFONT}}
+- unicodemap=${unicodemap:-${UNICODEMAP}}
+ consoletranslation=${consoletranslation:-${CONSOLETRANSLATION}}
+
+ if [ -z "$consolefont" ]; then
+@@ -43,9 +42,6 @@ start()
+ if [ -n "$consoletranslation" ]; then
+ param="$param -m $consoletranslation"
+ fi
+- if [ -n "${unicodemap}" ]; then
+- param="$param -u $unicodemap"
+- fi
+
+ # Set the console font
+ ebegin "Setting console font [$consolefont]"
+@@ -63,7 +59,8 @@ start()
+ # Store the font so we can use it ASAP on boot
+ if [ $retval -eq 0 ] && checkpath -W "$RC_LIBEXECDIR"; then
+ mkdir -p "$RC_LIBEXECDIR"/console
+- setfont -O "$RC_LIBEXECDIR"/console/font
++ zcat "/usr/share/consolefonts/$consolefont" \
++ > "$RC_LIBEXECDIR"/console/font
+ fi
+
+ return $retval
+--
+2.11.0
+
diff --git a/system/openrc/APKBUILD b/system/openrc/APKBUILD
new file mode 100644
index 000000000..31e6adee6
--- /dev/null
+++ b/system/openrc/APKBUILD
@@ -0,0 +1,93 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openrc
+pkgver=0.24.1
+_ver=${pkgver/_git*/}
+pkgrel=6
+pkgdesc="OpenRC manages the services, startup and shutdown of a host"
+url="http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git"
+arch="all"
+license='BSD-2'
+depends="psmisc /sbin/init"
+makedepends="bsd-compat-headers"
+subpackages="$pkgname-doc $pkgname-dev"
+install="$pkgname.post-install $pkgname.post-upgrade"
+source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgver.tar.gz
+
+ 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
+ 0002-force-root-be-rw-before-localmount.patch
+ 0003-sysctl-add-compatibility-for-busybox-sysctl.patch
+ 0004-hide-error-when-migrating-var-run-to-run.patch
+ 0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
+ 0006-mount-efivars-read-only.patch
+ 0007-make-consolefont-service-compatible-with-busyboxs-se.patch
+
+ openrc-configuration.patch
+
+ openrc.logrotate
+ hostname.initd
+ hwdrivers.initd
+ keymaps.initd
+ modules.initd
+ modloop.initd
+ modloop.confd
+ sysfsconf.initd
+ "
+
+builddir="$srcdir/$pkgname-$_ver"
+prepare() {
+ default_prepare
+ sed -i -e '/^sed/d' "$builddir"/pkgconfig/Makefile
+}
+
+build() {
+ cd "$builddir"
+ export BRANDING="Adélie Linux"
+ make LIBEXECDIR=/lib/rc MKNET=no
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make LIBEXECDIR=/lib/rc DESTDIR="$pkgdir/" install
+
+ # we cannot have anything turned on by default
+ mkdir -p "$pkgdir"/usr/share/openrc || true
+ mv "$pkgdir"/etc/runlevels "$pkgdir"/usr/share/openrc/runlevels
+
+ # we override some of the scripts
+ for i in "$srcdir"/*.initd; do
+ j=${i##*/}
+ install -Dm755 $i "$pkgdir"/etc/init.d/${j%.initd}
+ done
+
+ # we override some of the conf.d files
+ for i in "$srcdir"/*.confd; do
+ j=${i##*/}
+ install -Dm644 $i "$pkgdir"/etc/conf.d/${j%.confd}
+ done
+
+ install -Dm644 "$srcdir/$pkgname.logrotate" "$pkgdir/etc/logrotate.d/$pkgname"
+ install -d "$pkgdir"/etc/local.d "$pkgdir"/run
+}
+
+sha512sums="8d2aec029cb675ae5d446fe4a2f9613fac2fc5ea74b091d93e62b1f7bd4f8e3a96893bafa39a301129dad4623cc30acdcfd9e383a74f98c69f29820adb6d9aa0 openrc-0.24.1.tar.gz
+71fce711adbcb411189a089f1d49567c50348e12c42b7a9c9b582dae5d18051f88ccf81c768337e87d6792d953e84d1e8b93d7978a1947d7d20ef3b1cd330875 0001-call-sbin-mkmntdirs-in-localmount-OpenRC-service.patch
+aedf77f9159fefb4bd5f30a29a33b6aedbc986c9a0f993aa928cc79fbe24aac76bd9e5974dcce52ee8736c22d7e90375930d4bb5c66af3519d8e46590df00fe1 0002-force-root-be-rw-before-localmount.patch
+9dea3fcdb90e3e8078a771beefeba3ca91b9966a1b8ee9ff96cf460e7dd21abbc4a46a501a960c3edf5a76c083c2cf60ccb06d9da7a4c6df2a50660745beb278 0003-sysctl-add-compatibility-for-busybox-sysctl.patch
+d54630d40a2d6b10a325cb012d4efcda997a60c008ca953ce5d60059d3f267308a59dabddf93a5fc0d301aa91967137d144effbe5f574394af768ce4ebc48738 0004-hide-error-when-migrating-var-run-to-run.patch
+39a35c54ec9112fe84c901ed155a711cec8e194af02d5483ee60b80743dab12391e6fdc7b3da2f86844dd4edcf53e681ff95bd4d6fa1101a89ce54dce2ddbb7c 0005-rc-pull-in-sysinit-and-boot-as-stacked-levels-when-n.patch
+7221dd2daccd8844f6f9481b7b5921abc2711c8abd1a4bb72f04db8fd8e734b817f5d0d571daea0e2e05d3bc687f75ee1d8025249996bdee0b3328e18d9da7d3 0006-mount-efivars-read-only.patch
+234c4f3cf39df3350dbea25c00b8d584794b28194f44c726767a6a16d91a26fee1b5d2dd16635f19803fc015b4e9d99c52b23128e6b815938b88365feba8cf59 0007-make-consolefont-service-compatible-with-busyboxs-se.patch
+2dde266f3176456724e4b0c40476e7061e31986b67744b4a53c71ba0d3896860b4569e3af2ea4777a9d8fe3b6282ff869666570f1daa86cdc410c0e09805c990 openrc-configuration.patch
+12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate
+99b542c0903ad6874b8c308b2e0660a4fe2ff9db962dfec65325cd12c368873a2ae800d5e6d42dc4deff775e1d5c0068869eb72581f7ab16e88d5738afe1d3dd hostname.initd
+c06eac7264f6cc6888563feeae5ca745aae538323077903de1b19102e4f16baa34c18b8c27af5dd5423e7670834e2261e9aa55f2b1ec8d8fdc2be105fe894d55 hwdrivers.initd
+584ecbbcecb284527d7616790b6e337ace610e4b3cedf2993eca294bfbef54674aeaee3078b6c17d746a0c48b5a64a813c3534136915947e6f62a6fa206cd3ca keymaps.initd
+b04058ec630e19de0bafefe06198dc1bff8c8d5d2c89e4660dd83dda8bb82a76cdb1d8661cce88e4a406aa6b4152e17efff52d3eb18ffaec0751d0b6cdbcc48a modules.initd
+92c0245ba4d7cc6828a9b68510fb541cf3b21b9b844a858336af60e84d1db62ddb4471aad0d82ef05d639335a81014f8350a71a746c2bcd90697daa6a8c03408 modloop.initd
+aa702a7da8e6c0e5d8738febaf6b4e4cb021b30ce5c1809b530abf2b36739079446b16fc054740da8d86ed099942cf5deed6597cedb64c058f3def587a8b4689 modloop.confd
+d76c75c58e6f4b0801edac4e081b725ef3d50a9a8c9bbb5692bf4d0f804af7d383bf71a73d5d03ed348a89741ef0b2427eb6a7cbf5a9b9ff60a240639fa6ec88 sysfsconf.initd"
diff --git a/system/openrc/hostname.initd b/system/openrc/hostname.initd
new file mode 100644
index 000000000..c1580db08
--- /dev/null
+++ b/system/openrc/hostname.initd
@@ -0,0 +1,18 @@
+#!/sbin/openrc-run
+
+description="Sets the hostname of the machine."
+
+depend() {
+ keyword -prefix -lxc
+}
+
+start() {
+ if [ -s /etc/hostname ] ; then
+ opts="-F /etc/hostname"
+ else
+ opts="localhost"
+ fi
+ ebegin "Setting hostname"
+ hostname $opts
+ eend $?
+}
diff --git a/system/openrc/hwdrivers.initd b/system/openrc/hwdrivers.initd
new file mode 100644
index 000000000..80184c971
--- /dev/null
+++ b/system/openrc/hwdrivers.initd
@@ -0,0 +1,32 @@
+#!/sbin/openrc-run
+
+depend() {
+ need sysfs dev
+ before checkfs fsck
+ after modloop
+ keyword -vserver -lxc
+}
+
+# Load hardware drivers
+start() {
+ # check for boot option "nocoldplug"
+ if get_bootparam noautodetect; then
+ ewarn "Autodetection of hardware disabled from boot cmdline"
+ return 0
+ fi
+
+ ebegin "Loading hardware drivers"
+ find /sys -name modalias -type f -print0 | xargs -0 sort -u \
+ | xargs modprobe -b -a 2> /dev/null
+ # we run it twice so we detect all devices
+ find /sys -name modalias -type f -print0 | xargs -0 sort -u \
+ | xargs modprobe -b -a 2> /dev/null
+
+ # check if framebuffer drivers got pulled in
+ if [ -e /dev/fb0 ] && ! [ -e /sys/module/fbcon ]; then
+ modprobe -b -q fbcon
+ fi
+
+ eend 0
+}
+
diff --git a/system/openrc/keymaps.initd b/system/openrc/keymaps.initd
new file mode 100644
index 000000000..24d1e8777
--- /dev/null
+++ b/system/openrc/keymaps.initd
@@ -0,0 +1,20 @@
+#!/sbin/openrc-run
+
+description="Applies a keymap for the consoles."
+
+depend()
+{
+ need localmount
+ keyword -openvz -prefix -uml -vserver -xenu -lxc
+}
+
+start() {
+ [ -z "$KEYMAP" ] && return
+ ebegin "Setting keymap"
+ zcat "$KEYMAP" | loadkmap
+ eend $?
+}
+
+stop() {
+ return
+}
diff --git a/system/openrc/modloop.confd b/system/openrc/modloop.confd
new file mode 100644
index 000000000..de4cbb62b
--- /dev/null
+++ b/system/openrc/modloop.confd
@@ -0,0 +1,3 @@
+# enable loadable module support when running from RAM
+# when unionfs support is available in the kernel
+unionfs_size="32M"
diff --git a/system/openrc/modloop.initd b/system/openrc/modloop.initd
new file mode 100644
index 000000000..9d664dd40
--- /dev/null
+++ b/system/openrc/modloop.initd
@@ -0,0 +1,124 @@
+#!/sbin/openrc-run
+
+# script that will mount image with modules
+
+depend() {
+ after dev-mount
+ before checkfs fsck hwdrivers modules hwclock dev sysfs
+ keyword -vserver -lxc
+}
+
+# read kernel options
+init_KOPT() {
+ for opt in $(cat /proc/cmdline 2>/dev/null); do
+ case "$opt" in
+ modloop=*)
+ eval "KOPT_${opt%%=*}='${opt#*=}'" ;;
+ esac
+ done
+}
+
+mountdirs() {
+ awk '$2 !~ /^\/(sys|proc|dev|run)/ && $2 != "/" {print $2}' /proc/mounts
+}
+
+find_modloop() {
+ local dir="$1"
+ local kver=$(uname -r)
+ local oifs="$IFS"
+ IFS=$'\n'
+ set -- $(blkid "$dir"/boot/* "$dir"/*)
+ IFS="$oifs"
+ for line; do
+ img=${line%%:*}
+ mount "$img" -o loop,ro /.modloop || continue
+ if [ -d /.modloop/modules/$kver ]; then
+ return 0
+ fi
+ umount /.modloop
+ done
+ return 1
+}
+
+find_backing_file() {
+ local dir="$1"
+ local dev=$(df -P "$dir" | tail -1 | awk '{print $1}')
+ cat /sys/block/${dev#/dev/}/loop/backing_file 2>/dev/null
+}
+
+start() {
+ local modloop= mount_opts= modloop_dldir="/lib"
+ init_KOPT
+
+ mkdir -p /.modloop /lib
+ case "$KOPT_modloop" in
+ http://*|https://*|ftp://*)
+ wget -P "$modloop_dldir" "$KOPT_modloop" \
+ && modloop=$modloop_dldir/$(basename $KOPT_modloop)
+ ;;
+ *)
+ for dir in $(mountdirs); do
+ if [ -f "$dir"/$KOPT_modloop ]; then
+ modloop="$dir/${KOPT_modloop##/}"
+ alpine_mnt="$dir"
+ break
+ fi
+ done
+ ;;
+ esac
+
+ ebegin "Mounting modloop $modloop"
+ if [ -n "$modloop" ]; then
+ mount -o loop,ro $modloop /.modloop
+ eend $? || return 1
+ else
+ for dir in $(mountdirs); do
+ if find_modloop "$dir"; then
+ alpine_mnt="$dir"
+ break
+ fi
+ done
+ if [ -d /.modloop/modules/$(uname -r) ]; then
+ eend 0
+ else
+ eend 1 || return 1
+ fi
+ fi
+
+ #use overlayfs if available and configured
+ if grep -q -w "overlay$" /proc/filesystems && [ -n "$unionfs_size" ]; then
+ ebegin "OverlayFS detected, mounting modloop rw"
+ mkdir -p /.modunisonfs /lib/modules
+ mount -t tmpfs -o size="$unionfs_size" tmpfs /.modunisonfs
+ mkdir -p /.modunisonfs/modules /.modunisonfs/work
+ mount -t overlay -o upperdir=/.modunisonfs/modules,lowerdir=/.modloop/modules,workdir=/.modunisonfs/work overlay /lib/modules
+ eend $? || return 1
+ else
+ rm -rf /lib/modules && ln -sf /.modloop/modules /lib/
+ fi
+
+ # copy firmware if there are any
+ if [ -d $alpine_mnt/firmware ]; then
+ ebegin "Copying firmware from $alpine_mnt/firmware"
+ cp -R -a $alpine_mnt/firmware /lib/
+ eend $?
+ elif [ -d /lib/modules/firmware ]; then
+ rmdir /lib/firmware 2>/dev/null \
+ && ln -s /lib/modules/firmware /lib/
+ fi
+ return 0
+}
+
+stop() {
+ local rc=0
+ if mountinfo --quiet /.modunisonfs/modules && mountinfo --quiet /lib/modules; then
+ umount /lib/modules
+ umount /.modunisonfs/modules
+ fi
+ if mountinfo --quiet /.modloop; then
+ ebegin "Unmounting /.modloop"
+ umount -d /.modloop
+ eend $? || return 1
+ fi
+}
+
diff --git a/system/openrc/modules.initd b/system/openrc/modules.initd
new file mode 100644
index 000000000..d90a3e687
--- /dev/null
+++ b/system/openrc/modules.initd
@@ -0,0 +1,29 @@
+#!/sbin/openrc-run
+
+description="Loads a user defined list of kernel modules."
+
+depend()
+{
+ before hwclock hwdrivers
+ keyword -openvz -prefix -vserver -lxc
+}
+
+start() {
+ ebegin "Loading modules"
+ for f in /etc/modules \
+ /etc/modules-load.d/*.conf \
+ /run/modules-load.d/*.conf \
+ /usr/lib/modules-load.d/*.conf \
+ /lib/modules-load.d/*.conf; do
+ if ! [ -f "$f" ]; then
+ continue
+ fi
+
+ sed -e 's/\#.*//g' -e '/^[[:space:]]*$/d' < "$f" \
+ | while read module args; do
+ modprobe -q $module $args
+ done
+ done
+ eend $?
+}
+
diff --git a/system/openrc/openrc-configuration.patch b/system/openrc/openrc-configuration.patch
new file mode 100644
index 000000000..ff2ce5f34
--- /dev/null
+++ b/system/openrc/openrc-configuration.patch
@@ -0,0 +1,20 @@
+--- openrc-0.24.1/etc/rc.conf.original 2017-03-14 19:58:26.000000000 -0500
++++ openrc-0.24.1/etc/rc.conf 2017-08-22 23:48:32.903169635 -0500
+@@ -48,7 +48,7 @@
+ # /var/log/rc.log
+ # NOTE: Linux systems require the devfs service to be started before
+ # logging can take place and as such cannot log the sysinit runlevel.
+-#rc_logger="NO"
++rc_logger="YES"
+
+ # Through rc_log_path you can specify a custom log file.
+ # The default value is: /var/log/rc.log
+@@ -89,7 +89,7 @@
+ # There variables are shared between many init scripts
+
+ # Set unicode to YES to turn on unicode support for keyboards and screens.
+-#unicode="NO"
++unicode="YES"
+
+ # This is how long fuser should wait for a remote server to respond. The
+ # default is 60 seconds, but it can be adjusted here.
diff --git a/system/openrc/openrc.logrotate b/system/openrc/openrc.logrotate
new file mode 100644
index 000000000..5e5e64b9b
--- /dev/null
+++ b/system/openrc/openrc.logrotate
@@ -0,0 +1,4 @@
+/var/log/rc.log {
+ missingok
+ notifempty
+}
diff --git a/system/openrc/openrc.post-install b/system/openrc/openrc.post-install
new file mode 100644
index 000000000..1057eed41
--- /dev/null
+++ b/system/openrc/openrc.post-install
@@ -0,0 +1,36 @@
+#!/bin/sh
+
+rc_update() {
+ local svc="$1"
+ local level="$2"
+ mkdir -p /etc/runlevels/$level
+ ln -sf /etc/init.d/$svc /etc/runlevels/$level
+}
+
+if [ ! -d etc/rcS.d ] && [ ! -d etc/rcL.d ]; then
+ exit 0
+fi
+
+for i in etc/rc[SL].d/*; do
+ [ -L "$i" ] || continue
+ oldsvc=${i##*/S[0-9][0-9]}
+ # some services are renamed
+ case "$oldsvc" in
+ modutils) svc=modules;;
+ procps) svc=sysctl;;
+ bootmisc.sh) svc=bootmisc;;
+ keymap) svc=keymaps;;
+ rc.local) svc=local;;
+ *) svc=$oldsvc;;
+ esac
+
+ # add the service to correct "runlevel"
+ case "$svc" in
+ hwclock|modules|sysctl|hostname|keymaps|syslog|bootmisc)
+ rc_update $svc boot;;
+ *) rc_update $svc default;;
+ esac
+
+ rm $i
+done
+
diff --git a/system/openrc/openrc.post-upgrade b/system/openrc/openrc.post-upgrade
new file mode 100644
index 000000000..8884202be
--- /dev/null
+++ b/system/openrc/openrc.post-upgrade
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+# in 0.8.0-r1 the state dir moved from /libexec/rc/init.d to /lib/rc/init.d
+# and with 0.10 it moved to /run/openrc
+
+mkdir -p /run/openrc
+for dir in /libexec /lib; do
+ [ -d $dir/rc/init.d ] || continue
+
+ for i in $dir/rc/init.d/* ; do
+ [ -e "$i" ] || continue
+ if [ -e /run/openrc/${i##*/} ]; then
+ rm -r $i
+ else
+ mv $i /run/openrc/
+ fi
+ done
+
+ rmdir $dir/rc/init.d $dir/rc /libexec 2>/dev/null
+done
+
+# create rc.local compat
+if [ -f /etc/rc.local ]; then
+ cat >/etc/local.d/rc.local-compat.start<<__EOF__
+#!/bin/sh
+
+# this is only here for compatibility reasons
+if [ -f /etc/rc.local ]; then
+ . /etc/rc.local
+fi
+__EOF__
+ chmod +x /etc/local.d/rc.local-compat.start
+fi
+
+exit 0
diff --git a/system/openrc/sysfsconf.initd b/system/openrc/sysfsconf.initd
new file mode 100644
index 000000000..433e51d63
--- /dev/null
+++ b/system/openrc/sysfsconf.initd
@@ -0,0 +1,66 @@
+#!/sbin/openrc-run
+
+description="Set sysfs variables from /etc/sysfs.conf and /etc/sysfs.d/*.conf"
+conffile=/etc/sysfs.conf
+confdir=/etc/sysfs.d
+
+depend() {
+ need sysfs
+}
+
+setval() {
+ local value="$1" attrib="$2"
+ # Some fields need a terminating newline, others
+ # need the terminating newline to be absent :-(
+ echo -n "$value" > "$attrib" 2>/dev/null \
+ || echo "$value" > "$attrib"
+}
+
+load_conffile() {
+ local file="$1"
+ while read line; do
+ local line=${line%%#*}
+ local cmd= attrib= value=
+ set -- $line
+ if [ $# -eq 0 ]; then
+ continue
+ fi
+ case "$1$3" in
+ mode=) cmd=chmod
+ attrib="$2"
+ value="$4"
+ ;;
+ owner=) cmd=chown
+ attrib="$2"
+ value="$4"
+ ;;
+ *) if [ "$2" = "=" ]; then
+ cmd=setval
+ attrib="$1"
+ value="$3"
+ fi
+ ;;
+ esac
+ if ! [ -e "/sys/$attrib" ]; then
+ eerror "$attrib: unknown attribute"
+ continue
+ fi
+ if [ -z "$attrib" ] || [ -z "$value" ]; then
+ eerror "syntax error in $file: '$line'"
+ continue
+ fi
+ $cmd "$value" "/sys/$attrib"
+ done < "$file"
+}
+
+start() {
+ [ -r "$conffile" -o -d "$confdir" ] || return 0
+ ebegin "Setting sysfs variables"
+ for file in $confdir/*.conf $conffile; do
+ [ -r "$file" ] || continue
+ load_conffile "$file" || return 1
+ done
+ eend 0
+
+}
+
diff --git a/system/openssh/APKBUILD b/system/openssh/APKBUILD
new file mode 100644
index 000000000..90a628d27
--- /dev/null
+++ b/system/openssh/APKBUILD
@@ -0,0 +1,181 @@
+# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openssh
+pkgver=7.5_p1
+_myver=${pkgver%_*}${pkgver#*_}
+pkgrel=5
+pkgdesc="Port of OpenBSD's free SSH release"
+url="http://www.openssh.org/portable.html"
+arch="all"
+license="as-is"
+options="suid !check"
+depends="openssh-client openssh-sftp-server openssh-server"
+makedepends_build="linux-pam-dev"
+makedepends_host="openssl-dev zlib-dev linux-headers linux-pam-dev"
+makedepends="$makedepends_build $makedepends_host"
+subpackages="$pkgname-doc
+ $pkgname-keygen
+ $pkgname-client
+ $pkgname-keysign
+ $pkgname-sftp-server:sftp
+ $pkgname-server-common:server_common:noarch
+ $pkgname-server
+ "
+
+source="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
+ openssh7.4-peaktput.patch
+ openssh7.4-dynwindows.patch
+ fix-utmp.patch
+ bsd-compatible-realpath.patch
+ sshd.initd
+ sshd.confd
+ sftp-interactive.patch
+ openssh-7.5p1-sandbox.patch
+ "
+# secfixes:
+# 7.4_p1:
+# - CVE-2016-10009
+# - CVE-2016-10010
+# - CVE-2016-10011
+# - CVE-2016-10012
+
+# HPN patches are from: http://hpnssh.sourceforge.net/
+
+builddir="$srcdir"/$pkgname-$_myver
+
+prepare() {
+ cd "$builddir"
+ default_prepare
+ for _flavour in $_pkgsupport; do
+ cp -R "$srcdir"/$pkgname-$_myver "$srcdir"/$pkgname-${_myver}-$_flavour
+ done
+}
+
+build() {
+ cd "$builddir"
+ export LD="$CC"
+ ./configure --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc/ssh \
+ --libexecdir=/usr/lib/ssh \
+ --mandir=/usr/share/man \
+ --with-pid-dir=/run \
+ --with-mantype=man \
+ --with-ldflags="${LDFLAGS}" \
+ --disable-lastlog \
+ --disable-strip \
+ --disable-wtmp \
+ --with-privsep-path=/var/empty \
+ --with-xauth=/usr/bin/xauth \
+ --with-privsep-user=sshd \
+ --with-md5-passwords \
+ --with-ssl-engine \
+ --with-pam
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ mkdir -p "$pkgdir"/var/empty
+ install -D -m755 "$srcdir"/sshd.initd \
+ "$pkgdir"/etc/init.d/sshd
+ install -D -m644 "$srcdir"/sshd.confd \
+ "$pkgdir"/etc/conf.d/sshd
+ install -Dm644 "$builddir"/contrib/ssh-copy-id.1 \
+ "$pkgdir"/usr/share/man/man1/ssh-copy-id.1
+}
+
+keygen() {
+ pkgdesc="ssh helper program for generating keys"
+ depends=
+ install -d "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/ssh-keygen \
+ "$subpkgdir"/usr/bin/
+}
+
+client() {
+ pkgdesc="OpenBSD's SSH client"
+ depends="openssh-keygen"
+ install -d "$subpkgdir"/usr/bin \
+ "$subpkgdir"/usr/lib/ssh \
+ "$subpkgdir"/etc/ssh \
+ "$subpkgdir"/var/empty
+
+ mv "$pkgdir"/usr/bin/* \
+ "$subpkgdir"/usr/bin/
+ mv "$pkgdir"/etc/ssh/ssh_config \
+ "$pkgdir"/etc/ssh/moduli \
+ "$subpkgdir"/etc/ssh/
+ install -Dm755 "$builddir"/contrib/findssl.sh \
+ "$subpkgdir"/usr/bin/findssl.sh
+ install -Dm755 "$builddir"/contrib/ssh-copy-id \
+ "$subpkgdir"/usr/bin/ssh-copy-id
+ install -Dm755 "$builddir"/ssh-pkcs11-helper \
+ "$subpkgdir"/usr/bin/ssh-pkcs11-helper
+}
+
+keysign() {
+ pkgdesc="ssh helper program for host-based authentication"
+ depends="openssh-client"
+ install -d "$subpkgdir"/usr/lib/ssh
+ mv "$pkgdir"/usr/lib/ssh/ssh-keysign \
+ "$subpkgdir"/usr/lib/ssh/
+}
+
+sftp() {
+ pkgdesc="ssh sftp server module"
+ depends=""
+ install -d "$subpkgdir"/usr/lib/ssh
+ mv "$pkgdir"/usr/lib/ssh/sftp-server \
+ "$subpkgdir"/usr/lib/ssh/
+}
+
+server_common() {
+ pkgdesc="OpenSSH server configuration files"
+ depends=""
+ for i in etc/ssh/sshd_config \
+ etc/init.d/sshd \
+ etc/conf.d/sshd; do
+
+ install -d "$subpkgdir"/${i%/*}
+ mv "$pkgdir"/$i \
+ "$subpkgdir"/${i%/*}/
+
+ done
+}
+
+server() {
+ pkgdesc="OpenSSH server"
+ depends="openssh-keygen openssh-server-common"
+ cd "$builddir"
+ install -d "$subpkgdir"/usr/sbin
+ mv "$pkgdir"/usr/sbin/sshd "$subpkgdir"/usr/sbin/
+}
+
+_server() {
+ cd "$builddir"
+ install -d "$subpkgdir"/usr/sbin
+ mv "$1"/sshd "$subpkgdir"/usr/sbin/
+}
+
+_pkg_flavour() {
+ pkgdesc="OpenSSH server with $_flavour support"
+ depends="openssh-keygen openssh-server-common"
+ for _flavour in $_pkgsupport; do
+ cd "${builddir}"-$_flavour
+ _server "${builddir}"-$_flavour
+ done
+}
+
+sha512sums="58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 openssh-7.5p1.tar.gz
+398096a89aa104abeff31aa043ac406a6348e0fdd4d313b7888ee0b931d38fd71fc21bceee46145e88f03bc27e00890e068442faee2d33f86cfbc04d58ffa4b6 openssh7.4-peaktput.patch
+b9d736eae9b43de91fa3eb277ba8abc6290a8436b0fb00ae3b0f1b2eabba9983e4d2a1e3c68f5514247d0a3f120037f0795fd88fbf302aabd2d1b54a325a04ee openssh7.4-dynwindows.patch
+f35fffcd26635249ce5d820e7b3e406e586f2d2d7f6a045f221e2f9fb53aebc1ab1dd1e603b3389462296ed77921a1d08456e7aaa3825cbed08f405b381a58e1 fix-utmp.patch
+f2b8daa537ea3f32754a4485492cc6eb3f40133ed46c0a5a29a89e4bcf8583d82d891d94bf2e5eb1c916fa68ec094abf4e6cd641e9737a6c05053808012b3a73 bsd-compatible-realpath.patch
+394a420a36880bb0dd37dfd8727cea91fd9de6534050169e21212a46513ef3aaafe2752c338699b3d4ccd14871b26cf01a152df8060cd37f86ce0665fd53c63f sshd.initd
+ce0abddbd2004891f88efd8522c4b37a4989290269fab339c0fa9aacc051f7fd3b20813e192e92e0e64315750041cb74012d4321260f4865ff69d7a935b259d4 sshd.confd
+c1d09c65dbc347f0904edc30f91aa9a24b0baee50309536182455b544f1e3f85a8cecfa959e32be8b101d8282ef06dde3febbbc3f315489339dcf04155c859a9 sftp-interactive.patch
+15c5478bcae56c019a2fbd82ec04808537fd4ba1f1ba4a0a88c0343c16c698c45dbfac59eebc3fcfd3c15b302ebec43e60ffa02442a6c77673b14818ad3f7b60 openssh-7.5p1-sandbox.patch"
diff --git a/system/openssh/bsd-compatible-realpath.patch b/system/openssh/bsd-compatible-realpath.patch
new file mode 100644
index 000000000..1cdb4f7c5
--- /dev/null
+++ b/system/openssh/bsd-compatible-realpath.patch
@@ -0,0 +1,62 @@
+fix issues with fortify-headers and the way openssh handles the needed
+BSD compatible realpath(3).
+
+unconditionally use the provided realpath() as otherwise cross-builds
+would try to use musl realpath() which is posix compliant and not
+working to openssh expectations.
+
+diff -ru openssh-7.2p2.orig/openbsd-compat/openbsd-compat.h openssh-7.2p2/openbsd-compat/openbsd-compat.h
+--- openssh-7.2p2.orig/openbsd-compat/openbsd-compat.h 2016-03-09 20:04:48.000000000 +0200
++++ openssh-7.2p2/openbsd-compat/openbsd-compat.h 2016-07-18 13:33:16.260357745 +0300
+@@ -68,17 +68,7 @@
+ void *reallocarray(void *, size_t, size_t);
+ #endif
+
+-#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
+-/*
+- * glibc's FORTIFY_SOURCE can redefine this and prevent us picking up the
+- * compat version.
+- */
+-# ifdef BROKEN_REALPATH
+-# define realpath(x, y) _ssh_compat_realpath(x, y)
+-# endif
+-
+-char *realpath(const char *path, char *resolved);
+-#endif
++char *ssh_realpath(const char *path, char *resolved);
+
+ #ifndef HAVE_RRESVPORT_AF
+ int rresvport_af(int *alport, sa_family_t af);
+diff -ru openssh-7.2p2.orig/openbsd-compat/realpath.c openssh-7.2p2/openbsd-compat/realpath.c
+--- openssh-7.2p2.orig/openbsd-compat/realpath.c 2016-03-09 20:04:48.000000000 +0200
++++ openssh-7.2p2/openbsd-compat/realpath.c 2016-07-18 13:33:45.420721690 +0300
+@@ -31,7 +31,7 @@
+
+ #include "includes.h"
+
+-#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
++#if 1
+
+ #include <sys/types.h>
+ #include <sys/param.h>
+@@ -58,7 +58,7 @@
+ * in which case the path which caused trouble is left in (resolved).
+ */
+ char *
+-realpath(const char *path, char *resolved)
++ssh_realpath(const char *path, char *resolved)
+ {
+ struct stat sb;
+ char *p, *q, *s;
+diff -ru openssh-7.2p2.orig/sftp-server.c openssh-7.2p2/sftp-server.c
+--- openssh-7.2p2.orig/sftp-server.c 2016-03-09 20:04:48.000000000 +0200
++++ openssh-7.2p2/sftp-server.c 2016-07-18 13:34:29.131267241 +0300
+@@ -1162,7 +1162,7 @@
+ }
+ debug3("request %u: realpath", id);
+ verbose("realpath \"%s\"", path);
+- if (realpath(path, resolvedname) == NULL) {
++ if (ssh_realpath(path, resolvedname) == NULL) {
+ send_status(id, errno_to_portable(errno));
+ } else {
+ Stat s;
diff --git a/system/openssh/fix-utmp.patch b/system/openssh/fix-utmp.patch
new file mode 100644
index 000000000..275e80590
--- /dev/null
+++ b/system/openssh/fix-utmp.patch
@@ -0,0 +1,11 @@
+--- openssh-6.8p1.orig/loginrec.c 2015-03-17 07:49:20.000000000 -0200
++++ openssh-6.8p1/loginrec.c 2015-03-19 10:45:45.780276841 -0200
+@@ -783,7 +783,7 @@
+ if (li->hostaddr.sa.sa_family == AF_INET)
+ utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
+ # endif
+-# ifdef HAVE_ADDR_V6_IN_UTMP
++# ifdef HAVE_ADDR_V6_IN_UTMPX
+ /* this is just a 128-bit IPv6 address */
+ if (li->hostaddr.sa.sa_family == AF_INET6) {
+ sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
diff --git a/system/openssh/openssh-7.5p1-sandbox.patch b/system/openssh/openssh-7.5p1-sandbox.patch
new file mode 100644
index 000000000..7d09632c8
--- /dev/null
+++ b/system/openssh/openssh-7.5p1-sandbox.patch
@@ -0,0 +1,23 @@
+diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
+index 3a1aedce72c2..a8d472a63ccb 100644
+--- a/sandbox-seccomp-filter.c
++++ b/sandbox-seccomp-filter.c
+@@ -50,6 +50,9 @@
+ #include <elf.h>
+
+ #include <asm/unistd.h>
++#ifdef __s390__
++#include <asm/zcrypt.h>
++#endif
+
+ #include <errno.h>
+ #include <signal.h>
+@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = {
+ * x86-64 syscall under some circumstances, e.g.
+ * https://bugs.debian.org/849923
+ */
+- SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT);
++ SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT),
+ #endif
+
+ /* Default deny */
diff --git a/system/openssh/openssh7.4-dynwindows.patch b/system/openssh/openssh7.4-dynwindows.patch
new file mode 100644
index 000000000..45c42159e
--- /dev/null
+++ b/system/openssh/openssh7.4-dynwindows.patch
@@ -0,0 +1,835 @@
+--- a/buffer.h
++++ b/buffer.h
+@@ -16,6 +16,9 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++/* move the following to a more appropriate place and name */
++#define BUFFER_MAX_LEN_HPN 0x4000000 /* 64MB */
++
+ /* Emulation wrappers for legacy OpenSSH buffer API atop sshbuf */
+
+ #ifndef BUFFER_H
+--- a/channels.c
++++ b/channels.c
+@@ -191,8 +191,14 @@
+ static int connect_next(struct channel_connect *);
+ static void channel_connect_ctx_free(struct channel_connect *);
+
++
++static int hpn_disabled = 0;
++static int hpn_buffer_size = 2 * 1024 * 1024;
++
+ /* -- channel core */
+
++
++
+ Channel *
+ channel_by_id(int id)
+ {
+@@ -356,6 +362,7 @@
+ c->local_window_max = window;
+ c->local_consumed = 0;
+ c->local_maxpacket = maxpack;
++ c->dynamic_window = 0;
+ c->remote_id = -1;
+ c->remote_name = xstrdup(remote_name);
+ c->remote_window = 0;
+@@ -904,11 +911,35 @@
+ FD_SET(c->sock, writeset);
+ }
+
++int channel_tcpwinsz () {
++ u_int32_t tcpwinsz = 0;
++ socklen_t optsz = sizeof(tcpwinsz);
++ int ret = -1;
++
++ /* if we aren't on a socket return 128KB*/
++ if(!packet_connection_is_on_socket())
++ return(128*1024);
++ ret = getsockopt(packet_get_connection_in(),
++ SOL_SOCKET, SO_RCVBUF, &tcpwinsz, &optsz);
++ /* return no more than 64MB */
++ if ((ret == 0) && tcpwinsz > BUFFER_MAX_LEN_HPN)
++ tcpwinsz = BUFFER_MAX_LEN_HPN;
++ debug2("tcpwinsz: %d for connection: %d", tcpwinsz,
++ packet_get_connection_in());
++ return(tcpwinsz);
++}
++
+ static void
+ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset)
+ {
+ u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
+
++ /* check buffer limits */
++ if ((!c->tcpwinsz) || (c->dynamic_window > 0))
++ c->tcpwinsz = channel_tcpwinsz();
++
++ limit = MIN(limit, 2 * c->tcpwinsz);
++
+ if (c->istate == CHAN_INPUT_OPEN &&
+ limit > 0 &&
+ buffer_len(&c->input) < limit &&
+@@ -1926,14 +1957,21 @@
+ c->local_maxpacket*3) ||
+ c->local_window < c->local_window_max/2) &&
+ c->local_consumed > 0) {
++ u_int addition = 0;
++ /* adjust max window size if we are in a dynamic environment */
++ if (c->dynamic_window && (c->tcpwinsz > c->local_window_max)) {
++ /* grow the window somewhat aggressively to maintain pressure */
++ addition = 1.5*(c->tcpwinsz - c->local_window_max);
++ c->local_window_max += addition;
++ }
+ packet_start(SSH2_MSG_CHANNEL_WINDOW_ADJUST);
+ packet_put_int(c->remote_id);
+- packet_put_int(c->local_consumed);
++ packet_put_int(c->local_consumed + addition);
+ packet_send();
+ debug2("channel %d: window %d sent adjust %d",
+ c->self, c->local_window,
+ c->local_consumed);
+- c->local_window += c->local_consumed;
++ c->local_window += c->local_consumed + addition;
+ c->local_consumed = 0;
+ }
+ return 1;
+@@ -3179,6 +3217,15 @@
+ return addr;
+ }
+
++
++void
++channel_set_hpn(int external_hpn_disabled, int external_hpn_buffer_size)
++{
++ hpn_disabled = external_hpn_disabled;
++ hpn_buffer_size = external_hpn_buffer_size;
++ debug("HPN Disabled: %d, HPN Buffer Size: %d", hpn_disabled, hpn_buffer_size);
++}
++
+ static int
+ channel_setup_fwd_listener_tcpip(int type, struct Forward *fwd,
+ int *allocated_listen_port, struct ForwardOptions *fwd_opts)
+@@ -3307,9 +3354,15 @@
+ }
+
+ /* Allocate a channel number for the socket. */
++ /* explicitly test for hpn disabled option. if true use smaller window size */
++ if (hpn_disabled)
+ c = channel_new("port listener", type, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
+ 0, "port listener", 1);
++ else
++ c = channel_new("port listener", type, sock, sock, -1,
++ hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
++ 0, "port listener", 1);
+ c->path = xstrdup(host);
+ c->host_port = fwd->connect_port;
+ c->listening_addr = addr == NULL ? NULL : xstrdup(addr);
+@@ -4313,10 +4366,17 @@
+ *chanids = xcalloc(num_socks + 1, sizeof(**chanids));
+ for (n = 0; n < num_socks; n++) {
+ sock = socks[n];
++ /* Is this really necassary? */
++ if (hpn_disabled)
+ nc = channel_new("x11 listener",
+ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+ 0, "X11 inet listener", 1);
++ else
++ nc = channel_new("x11 listener",
++ SSH_CHANNEL_X11_LISTENER, sock, sock, -1,
++ hpn_buffer_size, CHAN_X11_PACKET_DEFAULT,
++ 0, "X11 inet listener", 1);
+ nc->single_connection = single_connection;
+ (*chanids)[n] = nc->self;
+ }
+--- a/channels.h
++++ b/channels.h
+@@ -135,8 +135,10 @@
+ u_int local_window_max;
+ u_int local_consumed;
+ u_int local_maxpacket;
++ int dynamic_window;
+ int extended_usage;
+ int single_connection;
++ u_int tcpwinsz;
+
+ char *ctype; /* type */
+
+@@ -173,8 +175,10 @@
+ /* default window/packet sizes for tcp/x11-fwd-channel */
+ #define CHAN_SES_PACKET_DEFAULT (32*1024)
+ #define CHAN_SES_WINDOW_DEFAULT (64*CHAN_SES_PACKET_DEFAULT)
++
+ #define CHAN_TCP_PACKET_DEFAULT (32*1024)
+ #define CHAN_TCP_WINDOW_DEFAULT (64*CHAN_TCP_PACKET_DEFAULT)
++
+ #define CHAN_X11_PACKET_DEFAULT (16*1024)
+ #define CHAN_X11_WINDOW_DEFAULT (4*CHAN_X11_PACKET_DEFAULT)
+
+@@ -318,5 +322,8 @@
+ void chan_rcvd_ieof(Channel *);
+ void chan_write_failed(Channel *);
+ void chan_obuf_empty(Channel *);
++
++/* hpn handler */
++void channel_set_hpn(int, int);
+
+ #endif
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -1990,9 +1990,15 @@
+ sock = x11_connect_display();
+ if (sock < 0)
+ return NULL;
++ /* again is this really necessary for X11? */
++ if (options.hpn_disabled)
+ c = channel_new("x11",
+ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
++ else
++ c = channel_new("x11",
++ SSH_CHANNEL_X11_OPEN, sock, sock, -1,
++ options.hpn_buffer_size, CHAN_X11_PACKET_DEFAULT, 0, "x11", 1);
+ c->force_drain = 1;
+ return c;
+ }
+@@ -2015,10 +2021,16 @@
+ __func__, ssh_err(r));
+ return NULL;
+ }
++ if (options.hpn_disabled)
+ c = channel_new("authentication agent connection",
+ SSH_CHANNEL_OPEN, sock, sock, -1,
+- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
++ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
+ "authentication agent connection", 1);
++ else
++ c = channel_new("authentication agent connection",
++ SSH_CHANNEL_OPEN, sock, sock, -1,
++ options.hpn_buffer_size, options.hpn_buffer_size, 0,
++ "authentication agent connection", 1);
+ c->force_drain = 1;
+ return c;
+ }
+@@ -2045,9 +2057,17 @@
+ return -1;
+ }
+
++ if(options.hpn_disabled)
+ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
+- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
++ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
++ 0, "tun", 1);
++ else
++ c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
++ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT,
++ 0, "tun", 1);
+ c->datagram = 1;
++
++
+
+ #if defined(SSH_TUN_FILTER)
+ if (options.tun_open == SSH_TUNMODE_POINTOPOINT)
+--- a/compat.c
++++ b/compat.c
+@@ -40,7 +40,7 @@
+
+ int compat13 = 0;
+ int compat20 = 0;
+-int datafellows = 0;
++unsigned int datafellows = 0;
+
+ void
+ enable_compat20(void)
+@@ -63,7 +63,7 @@ compat_datafellows(const char *version)
+ int i;
+ static struct {
+ char *pat;
+- int bugs;
++ unsigned int bugs;
+ } check[] = {
+ { "OpenSSH-2.0*,"
+ "OpenSSH-2.1*,"
+@@ -210,6 +210,12 @@ compat_datafellows(const char *version)
+ debug("match: %s pat %s compat 0x%08x",
+ version, check[i].pat, check[i].bugs);
+ datafellows = check[i].bugs; /* XXX for now */
++ /* Check to see if the remote side is OpenSSH and not HPN */
++ if (strstr(version,"OpenSSH") != NULL &&
++ strstr(version,"hpn") == NULL) {
++ datafellows |= SSH_BUG_LARGEWINDOW;
++ debug("Remote is NON-HPN aware");
++ }
+ return check[i].bugs;
+ }
+ }
+diff --git a/compat.h b/compat.h
+index 2be290a..453c85e 100644
+--- a/compat.h
++++ b/compat.h
+@@ -62,6 +62,7 @@
+ #define SSH_BUG_CURVE25519PAD 0x10000000
+ #define SSH_BUG_HOSTKEYS 0x20000000
+ #define SSH_BUG_DHGEX_LARGE 0x40000000
++#define SSH_BUG_LARGEWINDOW 0x80000000
+
+ void enable_compat13(void);
+ void enable_compat20(void);
+@@ -73,5 +74,5 @@ char *compat_kex_proposal(char *);
+
+ extern int compat13;
+ extern int compat20;
+-extern int datafellows;
++extern unsigned int datafellows;
+ #endif
+--- a/readconf.c
++++ b/readconf.c
+@@ -154,6 +154,7 @@
+ oCompressionLevel, oTCPKeepAlive, oNumberOfPasswordPrompts,
+ oUsePrivilegedPort, oLogLevel, oCiphers, oProtocol, oMacs,
+ oPubkeyAuthentication,
++ oTcpRcvBufPoll, oTcpRcvBuf, oHPNDisabled, oHPNBufferSize,
+ oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
+ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
+ oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
+@@ -297,6 +298,11 @@
+ { "ignoreunknown", oIgnoreUnknown },
+ { "proxyjump", oProxyJump },
+
++ { "tcprcvbufpoll", oTcpRcvBufPoll },
++ { "tcprcvbuf", oTcpRcvBuf },
++ { "hpndisabled", oHPNDisabled },
++ { "hpnbuffersize", oHPNBufferSize },
++
+ { NULL, oBadOption }
+ };
+
+@@ -973,6 +979,18 @@
+ intptr = &options->check_host_ip;
+ goto parse_flag;
+
++ case oHPNDisabled:
++ intptr = &options->hpn_disabled;
++ goto parse_flag;
++
++ case oHPNBufferSize:
++ intptr = &options->hpn_buffer_size;
++ goto parse_int;
++
++ case oTcpRcvBufPoll:
++ intptr = &options->tcp_rcv_buf_poll;
++ goto parse_flag;
++
+ case oVerifyHostKeyDNS:
+ intptr = &options->verify_host_key_dns;
+ multistate_ptr = multistate_yesnoask;
+@@ -1165,6 +1183,10 @@
+ intptr = &options->connection_attempts;
+ goto parse_int;
+
++ case oTcpRcvBuf:
++ intptr = &options->tcp_rcv_buf;
++ goto parse_int;
++
+ case oCipher:
+ intptr = &options->cipher;
+ arg = strdelim(&s);
+@@ -1845,6 +1867,10 @@
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
+ options->request_tty = -1;
++ options->hpn_disabled = -1;
++ options->hpn_buffer_size = -1;
++ options->tcp_rcv_buf_poll = -1;
++ options->tcp_rcv_buf = -1;
+ options->proxy_use_fdpass = -1;
+ options->ignored_unknown = NULL;
+ options->num_canonical_domains = 0;
+@@ -2008,6 +2034,28 @@
+ options->server_alive_interval = 0;
+ if (options->server_alive_count_max == -1)
+ options->server_alive_count_max = 3;
++ if (options->hpn_disabled == -1)
++ options->hpn_disabled = 0;
++ if (options->hpn_buffer_size > -1)
++ {
++ /* if a user tries to set the size to 0 set it to 1KB */
++ if (options->hpn_buffer_size == 0)
++ options->hpn_buffer_size = 1;
++ /*limit the buffer to 64MB*/
++ if (options->hpn_buffer_size > 64*1024)
++ {
++ options->hpn_buffer_size = 64*1024*1024;
++ debug("User requested buffer larger than 64MB. Request reverted to 64MB");
++ }
++ else options->hpn_buffer_size *= 1024;
++ debug("hpn_buffer_size set to %d", options->hpn_buffer_size);
++ }
++ if (options->tcp_rcv_buf == 0)
++ options->tcp_rcv_buf = 1;
++ if (options->tcp_rcv_buf > -1)
++ options->tcp_rcv_buf *=1024;
++ if (options->tcp_rcv_buf_poll == -1)
++ options->tcp_rcv_buf_poll = 1;
+ if (options->control_master == -1)
+ options->control_master = 0;
+ if (options->control_persist == -1) {
+--- a/readconf.h
++++ b/readconf.h
+@@ -57,6 +57,10 @@ typedef struct {
+ int compression_level; /* Compression level 1 (fast) to 9
+ * (best). */
+ int tcp_keep_alive; /* Set SO_KEEPALIVE. */
++ int tcp_rcv_buf; /* user switch to set tcp recv buffer */
++ int tcp_rcv_buf_poll; /* Option to poll recv buf every window transfer */
++ int hpn_disabled; /* Switch to disable HPN buffer management */
++ int hpn_buffer_size; /* User definable size for HPN buffer window */
+ int ip_qos_interactive; /* IP ToS/DSCP/class for interactive */
+ int ip_qos_bulk; /* IP ToS/DSCP/class for bulk traffic */
+ LogLevel log_level; /* Level for logging. */
+--- a/scp.c
++++ b/scp.c
+@@ -763,7 +763,7 @@
+ off_t i, statbytes;
+ size_t amt, nr;
+ int fd = -1, haderr, indx;
+- char *last, *name, buf[2048], encname[PATH_MAX];
++ char *last, *name, buf[16384], encname[PATH_MAX];
+ int len;
+
+ for (indx = 0; indx < argc; ++indx) {
+@@ -931,7 +931,7 @@
+ off_t size, statbytes;
+ unsigned long long ull;
+ int setimes, targisdir, wrerrno = 0;
+- char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
++ char ch, *cp, *np, *targ, *why, *vect[1], buf[16384], visbuf[16384];
+ struct timeval tv[2];
+
+ #define atime tv[0]
+--- a/servconf.c
++++ b/servconf.c
+@@ -159,6 +159,9 @@
+ options->authorized_principals_file = NULL;
+ options->authorized_principals_command = NULL;
+ options->authorized_principals_command_user = NULL;
++ options->tcp_rcv_buf_poll = -1;
++ options->hpn_disabled = -1;
++ options->hpn_buffer_size = -1;
+ options->ip_qos_interactive = -1;
+ options->ip_qos_bulk = -1;
+ options->version_addendum = NULL;
+@@ -190,6 +193,7 @@
+ void
+ fill_default_server_options(ServerOptions *options)
+ {
++ int sock, socksize, socksizelen = sizeof(int);
+ int i;
+
+ /* Portable-specific options */
+@@ -319,6 +323,41 @@
+ }
+ if (options->permit_tun == -1)
+ options->permit_tun = SSH_TUNMODE_NO;
++ if (options->hpn_disabled == -1)
++ options->hpn_disabled = 0;
++
++ if (options->hpn_buffer_size == -1) {
++ /* option not explicitly set. Now we have to figure out */
++ /* what value to use */
++ if (options->hpn_disabled == 1) {
++ options->hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
++ } else {
++ /* get the current RCV size and set it to that */
++ /*create a socket but don't connect it */
++ /* we use that the get the rcv socket size */
++ sock = socket(AF_INET, SOCK_STREAM, 0);
++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++ &socksize, &socksizelen);
++ close(sock);
++ options->hpn_buffer_size = socksize;
++ debug ("HPN Buffer Size: %d", options->hpn_buffer_size);
++ }
++ } else {
++ /* we have to do this incase the user sets both values in a contradictory */
++ /* manner. hpn_disabled overrrides hpn_buffer_size*/
++ if (options->hpn_disabled <= 0) {
++ if (options->hpn_buffer_size == 0)
++ options->hpn_buffer_size = 1;
++ /* limit the maximum buffer to 64MB */
++ if (options->hpn_buffer_size > 64*1024) {
++ options->hpn_buffer_size = 64*1024*1024;
++ } else {
++ options->hpn_buffer_size *= 1024;
++ }
++ } else
++ options->hpn_buffer_size = CHAN_TCP_WINDOW_DEFAULT;
++ }
++
+ if (options->ip_qos_interactive == -1)
+ options->ip_qos_interactive = IPTOS_LOWDELAY;
+ if (options->ip_qos_bulk == -1)
+@@ -413,6 +452,7 @@
+ sHostCertificate,
+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sAuthorizedPrincipalsCommand, sAuthorizedPrincipalsCommandUser,
++ sTcpRcvBufPoll, sHPNDisabled, sHPNBufferSize,
+ sKexAlgorithms, sIPQoS, sVersionAddendum,
+ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
+ sAuthenticationMethods, sHostKeyAgent, sPermitUserRC,
+@@ -548,6 +588,9 @@
+ { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+ { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
++ { "hpndisabled", sHPNDisabled, SSHCFG_ALL },
++ { "hpnbuffersize", sHPNBufferSize, SSHCFG_ALL },
++ { "tcprcvbufpoll", sTcpRcvBufPoll, SSHCFG_ALL },
+ { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL },
+ { "ipqos", sIPQoS, SSHCFG_ALL },
+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+@@ -587,6 +630,7 @@
+
+ for (i = 0; keywords[i].name; i++)
+ if (strcasecmp(cp, keywords[i].name) == 0) {
++ debug ("Config token is %s", keywords[i].name);
+ *flags = keywords[i].flags;
+ return keywords[i].opcode;
+ }
+@@ -1148,6 +1192,19 @@
+ if (*activep && *intptr == -1)
+ *intptr = value;
+ break;
++
++
++ case sTcpRcvBufPoll:
++ intptr = &options->tcp_rcv_buf_poll;
++ goto parse_flag;
++
++ case sHPNDisabled:
++ intptr = &options->hpn_disabled;
++ goto parse_flag;
++
++ case sHPNBufferSize:
++ intptr = &options->hpn_buffer_size;
++ goto parse_int;
+
+ case sIgnoreUserKnownHosts:
+ intptr = &options->ignore_user_known_hosts;
+--- a/servconf.h
++++ b/servconf.h
+@@ -166,6 +166,9 @@
+ char *adm_forced_command;
+
+ int use_pam; /* Enable auth via PAM */
++ int tcp_rcv_buf_poll; /* poll tcp rcv window in autotuning kernels*/
++ int hpn_disabled; /* disable hpn functionality. false by default */
++ int hpn_buffer_size; /* set the hpn buffer size - default 3MB */
+
+ int permit_tun;
+
+--- a/serverloop.c
++++ b/serverloop.c
+@@ -526,8 +526,12 @@
+ sock = tun_open(tun, mode);
+ if (sock < 0)
+ goto done;
++ if (options.hpn_disabled)
+ c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
++ else
++ c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
++ options.hpn_buffer_size, CHAN_TCP_PACKET_DEFAULT, 0, "tun", 1);
+ c->datagram = 1;
+ #if defined(SSH_TUN_FILTER)
+ if (mode == SSH_TUNMODE_POINTOPOINT)
+@@ -563,6 +567,8 @@
+ c = channel_new("session", SSH_CHANNEL_LARVAL,
+ -1, -1, -1, /*window size*/0, CHAN_SES_PACKET_DEFAULT,
+ 0, "server-session", 1);
++ if ((options.tcp_rcv_buf_poll) && (!options.hpn_disabled))
++ c->dynamic_window = 1;
+ if (session_open(the_authctxt, c->self) != 1) {
+ debug("session open failed, free channel %d", c->self);
+ channel_free(c);
+--- a/session.c
++++ b/session.c
+@@ -220,6 +220,7 @@
+ goto authsock_err;
+
+ /* Allocate a channel for the authentication agent socket. */
++ /* this shouldn't matter if its hpn or not - cjr */
+ nc = channel_new("auth socket",
+ SSH_CHANNEL_AUTH_SOCKET, sock, sock, -1,
+ CHAN_X11_WINDOW_DEFAULT, CHAN_X11_PACKET_DEFAULT,
+@@ -2121,10 +2122,16 @@
+ */
+ if (s->chanid == -1)
+ fatal("no channel for session %d", s->self);
++ if (options.hpn_disabled)
+ channel_set_fds(s->chanid,
+ fdout, fdin, fderr,
+ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
+ 1, is_tty, CHAN_SES_WINDOW_DEFAULT);
++ else
++ channel_set_fds(s->chanid,
++ fdout, fdin, fderr,
++ ignore_fderr ? CHAN_EXTENDED_IGNORE : CHAN_EXTENDED_READ,
++ 1, is_tty, options.hpn_buffer_size);
+ }
+
+ /*
+--- a/sftp.1
++++ b/sftp.1
+@@ -266,7 +266,8 @@
+ Specify how many requests may be outstanding at any one time.
+ Increasing this may slightly improve file transfer speed
+ but will increase memory usage.
+-The default is 64 outstanding requests.
++The default is 256 outstanding requests providing for 8MB
++of outstanding data with a 32KB buffer.
+ .It Fl r
+ Recursively copy entire directories when uploading and downloading.
+ Note that
+--- a/sftp.c
++++ b/sftp.c
+@@ -72,7 +72,7 @@
+ #include "sftp-client.h"
+
+ #define DEFAULT_COPY_BUFLEN 32768 /* Size of buffer for up/download */
+-#define DEFAULT_NUM_REQUESTS 64 /* # concurrent outstanding requests */
++#define DEFAULT_NUM_REQUESTS 256 /* # concurrent outstanding requests */
+
+ /* File to read commands from */
+ FILE* infile;
+--- a/ssh.c
++++ b/ssh.c
+@@ -1910,6 +1910,9 @@
+ {
+ Channel *c;
+ int window, packetmax, in, out, err;
++ int sock;
++ int socksize;
++ int socksizelen = sizeof(int);
+
+ if (stdin_null_flag) {
+ in = open(_PATH_DEVNULL, O_RDONLY);
+@@ -1930,9 +1933,74 @@
+ if (!isatty(err))
+ set_nonblock(err);
+
+- window = CHAN_SES_WINDOW_DEFAULT;
++ /* we need to check to see if what they want to do about buffer */
++ /* sizes here. In a hpn to nonhpn connection we want to limit */
++ /* the window size to something reasonable in case the far side */
++ /* has the large window bug. In hpn to hpn connection we want to */
++ /* use the max window size but allow the user to override it */
++ /* lastly if they disabled hpn then use the ssh std window size */
++
++ /* so why don't we just do a getsockopt() here and set the */
++ /* ssh window to that? In the case of a autotuning receive */
++ /* window the window would get stuck at the initial buffer */
++ /* size generally less than 96k. Therefore we need to set the */
++ /* maximum ssh window size to the maximum hpn buffer size */
++ /* unless the user has specifically set the tcprcvbufpoll */
++ /* to no. In which case we *can* just set the window to the */
++ /* minimum of the hpn buffer size and tcp receive buffer size */
++
++ if (tty_flag)
++ options.hpn_buffer_size = CHAN_SES_WINDOW_DEFAULT;
++ else
++ options.hpn_buffer_size = 2*1024*1024;
++
++ if (datafellows & SSH_BUG_LARGEWINDOW)
++ {
++ debug("HPN to Non-HPN Connection");
++ }
++ else
++ {
++ if (options.tcp_rcv_buf_poll <= 0)
++ {
++ sock = socket(AF_INET, SOCK_STREAM, 0);
++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++ &socksize, &socksizelen);
++ close(sock);
++ debug("socksize %d", socksize);
++ options.hpn_buffer_size = socksize;
++ debug ("HPNBufferSize set to TCP RWIN: %d", options.hpn_buffer_size);
++ }
++ else
++ {
++ if (options.tcp_rcv_buf > 0)
++ {
++ /*create a socket but don't connect it */
++ /* we use that the get the rcv socket size */
++ sock = socket(AF_INET, SOCK_STREAM, 0);
++ /* if they are using the tcp_rcv_buf option */
++ /* attempt to set the buffer size to that */
++ if (options.tcp_rcv_buf)
++ setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (void *)&options.tcp_rcv_buf,
++ sizeof(options.tcp_rcv_buf));
++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF,
++ &socksize, &socksizelen);
++ close(sock);
++ debug("socksize %d", socksize);
++ options.hpn_buffer_size = socksize;
++ debug ("HPNBufferSize set to user TCPRcvBuf: %d", options.hpn_buffer_size);
++ }
++ }
++ }
++
++ debug("Final hpn_buffer_size = %d", options.hpn_buffer_size);
++
++ window = options.hpn_buffer_size;
++
++ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
++
+ packetmax = CHAN_SES_PACKET_DEFAULT;
+ if (tty_flag) {
++ window = 4*CHAN_SES_PACKET_DEFAULT;
+ window >>= 1;
+ packetmax >>= 1;
+ }
+@@ -1941,6 +2009,10 @@
+ window, packetmax, CHAN_EXTENDED_WRITE,
+ "client-session", /*nonblock*/0);
+
++ if ((options.tcp_rcv_buf_poll > 0) && (!options.hpn_disabled)) {
++ c->dynamic_window = 1;
++ debug ("Enabled Dynamic Window Scaling");
++ }
+ debug3("ssh_session2_open: channel_new: %d", c->self);
+
+ channel_send_open(c->self);
+--- a/sshconnect.c
++++ b/sshconnect.c
+@@ -267,6 +267,31 @@
+ }
+
+ /*
++ * Set TCP receive buffer if requested.
++ * Note: tuning needs to happen after the socket is
++ * created but before the connection happens
++ * so winscale is negotiated properly -cjr
++ */
++static void
++ssh_set_socket_recvbuf(int sock)
++{
++ void *buf = (void *)&options.tcp_rcv_buf;
++ int sz = sizeof(options.tcp_rcv_buf);
++ int socksize;
++ int socksizelen = sizeof(int);
++
++ debug("setsockopt Attempting to set SO_RCVBUF to %d", options.tcp_rcv_buf);
++ if (setsockopt(sock, SOL_SOCKET, SO_RCVBUF, buf, sz) >= 0) {
++ getsockopt(sock, SOL_SOCKET, SO_RCVBUF, &socksize, &socksizelen);
++ debug("setsockopt SO_RCVBUF: %.100s %d", strerror(errno), socksize);
++ }
++ else
++ error("Couldn't set socket receive buffer to %d: %.100s",
++ options.tcp_rcv_buf, strerror(errno));
++}
++
++
++/*
+ * Creates a (possibly privileged) socket for use as the ssh connection.
+ */
+ static int
+@@ -282,6 +307,9 @@
+ }
+ fcntl(sock, F_SETFD, FD_CLOEXEC);
+
++ if (options.tcp_rcv_buf > 0)
++ ssh_set_socket_recvbuf(sock);
++
+ /* Bind the socket to an alternative local IP address */
+ if (options.bind_address == NULL && !privileged)
+ return sock;
+@@ -526,10 +554,10 @@
+ /* Send our own protocol version identification. */
+ if (compat20) {
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n",
+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION);
++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE);
+ } else {
+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n",
+- PROTOCOL_MAJOR_1, minor1, SSH_VERSION);
++ PROTOCOL_MAJOR_1, minor1, SSH_RELEASE);
+ }
+ if (atomicio(vwrite, connection_out, client_version_string,
+ strlen(client_version_string)) != strlen(client_version_string))
+--- a/sshd.c
++++ b/sshd.c
+@@ -1020,6 +1020,8 @@
+ int ret, listen_sock, on = 1;
+ struct addrinfo *ai;
+ char ntop[NI_MAXHOST], strport[NI_MAXSERV];
++ int socksize;
++ int socksizelen = sizeof(int);
+
+ for (ai = options.listen_addrs; ai; ai = ai->ai_next) {
+ if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6)
+@@ -1060,6 +1062,11 @@
+
+ debug("Bind to port %s on %s.", strport, ntop);
+
++ getsockopt(listen_sock, SOL_SOCKET, SO_RCVBUF,
++ &socksize, &socksizelen);
++ debug("Server TCP RWIN socket size: %d", socksize);
++ debug("HPN Buffer Size: %d", options.hpn_buffer_size);
++
+ /* Bind the socket to the desired port. */
+ if (bind(listen_sock, ai->ai_addr, ai->ai_addrlen) < 0) {
+ error("Bind to port %s on %s failed: %.200s.",
+@@ -1977,6 +1984,9 @@
+ verbose("Connection from %s port %d on %s port %d",
+ remote_ip, remote_port, laddr, ssh_local_port(ssh));
+ free(laddr);
++
++ /* set the HPN options for the child */
++ channel_set_hpn(options.hpn_disabled, options.hpn_buffer_size);
+
+ /*
+ * We don't want to listen forever unless the other side
+--- a/sshd_config
++++ b/sshd_config
+@@ -99,7 +99,7 @@
+ #ClientAliveInterval 0
+ #ClientAliveCountMax 3
+ #UseDNS no
+-#PidFile /var/run/sshd.pid
++#PidFile /run/sshd.pid
+ #MaxStartups 10:30:100
+ #PermitTunnel no
+ #ChrootDirectory none
+@@ -109,7 +109,18 @@
+ #Banner none
+
+ # override default of no subsystems
+-Subsystem sftp /usr/libexec/sftp-server
++Subsystem sftp /usr/lib/ssh/sftp-server
++
++# the following are HPN related configuration options
++# tcp receive buffer polling. disable in non autotuning kernels
++#TcpRcvBufPoll yes
++
++# disable hpn performance boosts
++#HPNDisabled no
++
++# buffer size for hpn to non-hpn connections
++#HPNBufferSize 2048
++
+
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+--- a/version.h
++++ b/version.h
+@@ -3,4 +3,5 @@
+ #define SSH_VERSION "OpenSSH_7.4"
+
+ #define SSH_PORTABLE "p1"
+-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
++#define SSH_HPN "-hpn14v4"
++#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN
diff --git a/system/openssh/openssh7.4-peaktput.patch b/system/openssh/openssh7.4-peaktput.patch
new file mode 100644
index 000000000..6fc6140a6
--- /dev/null
+++ b/system/openssh/openssh7.4-peaktput.patch
@@ -0,0 +1,62 @@
+--- a/progressmeter.c
++++ b/progressmeter.c
+@@ -69,6 +69,8 @@
+ static off_t start_pos; /* initial position of transfer */
+ static off_t end_pos; /* ending position of transfer */
+ static off_t cur_pos; /* transfer position as of last refresh */
++static off_t last_pos;
++static off_t max_delta_pos = 0;
+ static volatile off_t *counter; /* progress counter */
+ static long stalled; /* how long we have been stalled */
+ static int bytes_per_second; /* current speed in bytes per second */
+@@ -128,12 +130,17 @@
+ int hours, minutes, seconds;
+ int i, len;
+ int file_len;
++ off_t delta_pos;
+
+ transferred = *counter - (cur_pos ? cur_pos : start_pos);
+ cur_pos = *counter;
+ now = monotime_double();
+ bytes_left = end_pos - cur_pos;
+
++ delta_pos = cur_pos - last_pos;
++ if (delta_pos > max_delta_pos)
++ max_delta_pos = delta_pos;
++
+ if (bytes_left > 0)
+ elapsed = now - last_update;
+ else {
+@@ -158,7 +165,7 @@
+
+ /* filename */
+ buf[0] = '\0';
+- file_len = win_size - 35;
++ file_len = win_size - 45;
+ if (file_len > 0) {
+ len = snprintf(buf, file_len + 1, "\r%s", file);
+ if (len < 0)
+@@ -188,6 +195,15 @@
+ (off_t)bytes_per_second);
+ strlcat(buf, "/s ", win_size);
+
++ /* instantaneous rate */
++ if (bytes_left > 0)
++ format_rate(buf + strlen(buf), win_size - strlen(buf),
++ delta_pos);
++ else
++ format_rate(buf + strlen(buf), win_size - strlen(buf),
++ max_delta_pos);
++ strlcat(buf, "/s ", win_size);
++
+ /* ETA */
+ if (!transferred)
+ stalled += elapsed;
+@@ -224,6 +240,7 @@
+
+ atomicio(vwrite, STDOUT_FILENO, buf, win_size - 1);
+ last_update = now;
++ last_pos = cur_pos;
+ }
+
+ /*ARGSUSED*/
diff --git a/system/openssh/sftp-interactive.patch b/system/openssh/sftp-interactive.patch
new file mode 100644
index 000000000..ab14f3a6b
--- /dev/null
+++ b/system/openssh/sftp-interactive.patch
@@ -0,0 +1,14 @@
+--- a/sftp.c 2014-10-24 10:32:15.793544472 +0500
++++ b/sftp.c 2014-10-24 10:35:22.329199875 +0500
+@@ -2076,8 +2076,10 @@
+ signal(SIGINT, SIG_IGN);
+
+ if (el == NULL) {
+- if (interactive)
++ if (interactive) {
+ printf("sftp> ");
++ fflush(stdout);
++ }
+ if (fgets(cmd, sizeof(cmd), infile) == NULL) {
+ if (interactive)
+ printf("\n");
diff --git a/system/openssh/sshd.confd b/system/openssh/sshd.confd
new file mode 100644
index 000000000..dbe01daf5
--- /dev/null
+++ b/system/openssh/sshd.confd
@@ -0,0 +1,21 @@
+# /etc/conf.d/sshd: config file for /etc/init.d/sshd
+
+# Where is your sshd_config file stored?
+
+SSHD_CONFDIR="/etc/ssh"
+
+
+# Any random options you want to pass to sshd.
+# See the sshd(8) manpage for more info.
+
+SSHD_OPTS=""
+
+
+# Pid file to use (needs to be absolute path).
+
+#SSHD_PIDFILE="/run/sshd.pid"
+
+
+# Path to the sshd binary (needs to be absolute path).
+
+#SSHD_BINARY="/usr/sbin/sshd"
diff --git a/system/openssh/sshd.initd b/system/openssh/sshd.initd
new file mode 100755
index 000000000..065519174
--- /dev/null
+++ b/system/openssh/sshd.initd
@@ -0,0 +1,100 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6.4,v 1.5 2015/05/04 02:56:25 vapier Exp $
+
+description="OpenBSD Secure Shell server"
+description_checkconfig="Verify configuration file"
+description_reload="Reload configuration"
+
+extra_commands="checkconfig"
+extra_started_commands="reload"
+
+: ${SSHD_CONFDIR:=/etc/ssh}
+: ${SSHD_CONFIG:=${SSHD_CONFDIR}/sshd_config}
+: ${SSHD_PIDFILE:=/run/${SVCNAME}.pid}
+: ${SSHD_BINARY:=/usr/sbin/sshd}
+
+depend() {
+ use logger dns
+ if [ "${rc_need+set}" = "set" ] ; then
+ : # Do nothing, the user has explicitly set rc_need
+ else
+ local x warn_addr
+ for x in $(awk '/^ListenAddress/{ print $2 }' "$SSHD_CONFIG" 2>/dev/null) ; do
+ case "${x}" in
+ 0.0.0.0|0.0.0.0:*) ;;
+ ::|\[::\]*) ;;
+ *) warn_addr="${warn_addr} ${x}" ;;
+ esac
+ done
+ if [ -n "${warn_addr}" ] ; then
+ need net
+ ewarn "You are binding an interface in ListenAddress statement in your sshd_config!"
+ ewarn "You must add rc_need=\"net.FOO\" to your /etc/conf.d/sshd"
+ ewarn "where FOO is the interface(s) providing the following address(es):"
+ ewarn "${warn_addr}"
+ fi
+ fi
+}
+
+checkconfig() {
+ if [ ! -d /var/empty ] ; then
+ mkdir -p /var/empty || return 1
+ fi
+
+ if [ ! -e "${SSHD_CONFIG}" ] ; then
+ eerror "You need an ${SSHD_CONFIG} file to run sshd"
+ eerror "There is a sample file in /usr/share/doc/openssh"
+ return 1
+ fi
+
+ if ! yesno "${SSHD_DISABLE_KEYGEN}"; then
+ ssh-keygen -A || return 1
+ fi
+
+ [ "${SSHD_PIDFILE}" != "/run/sshd.pid" ] \
+ && SSHD_OPTS="${SSHD_OPTS} -o PidFile=${SSHD_PIDFILE}"
+ [ "${SSHD_CONFIG}" != "/etc/ssh/sshd_config" ] \
+ && SSHD_OPTS="${SSHD_OPTS} -f ${SSHD_CONFIG}"
+
+ "${SSHD_BINARY}" -t ${SSHD_OPTS} || return 1
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting ${SVCNAME}"
+ start-stop-daemon --start --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" \
+ -- ${SSHD_OPTS}
+ eend $?
+}
+
+stop() {
+ if [ "${RC_CMD}" = "restart" ] ; then
+ checkconfig || return 1
+ fi
+
+ ebegin "Stopping ${SVCNAME}"
+ start-stop-daemon --stop --exec "${SSHD_BINARY}" \
+ --pidfile "${SSHD_PIDFILE}" --quiet
+ eend $?
+
+ if [ "$RC_RUNLEVEL" = "shutdown" ]; then
+ _sshd_pids=$(pgrep "${SSHD_BINARY##*/}")
+ if [ -n "$_sshd_pids" ]; then
+ ebegin "Shutting down ssh connections"
+ kill -TERM $_sshd_pids >/dev/null 2>&1
+ eend 0
+ fi
+ fi
+}
+
+reload() {
+ checkconfig || return 1
+ ebegin "Reloading ${SVCNAME}"
+ start-stop-daemon --signal HUP \
+ --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
+ eend $?
+}
diff --git a/system/openssl/0002-busybox-basename.patch b/system/openssl/0002-busybox-basename.patch
new file mode 100644
index 000000000..9bbc284f3
--- /dev/null
+++ b/system/openssl/0002-busybox-basename.patch
@@ -0,0 +1,34 @@
+From c276ddc394dd402327603959271eac63a2e1ec1c Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 08:40:00 +0200
+Subject: [PATCH] busybox basename
+
+---
+ Makefile.org | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.org b/Makefile.org
+index b7a3f96..035fa83 100644
+--- a/Makefile.org
++++ b/Makefile.org
+@@ -649,7 +649,7 @@ install_docs:
+ filecase=-i; \
+ esac; \
+ set -e; for i in doc/apps/*.pod; do \
+- fn=`basename $$i .pod`; \
++ fn=`basename $$i .pod || true`; \
+ sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+@@ -666,7 +666,7 @@ install_docs:
+ done); \
+ done; \
+ set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+- fn=`basename $$i .pod`; \
++ fn=`basename $$i .pod || true`; \
+ sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ (cd `$(PERL) util/dirname.pl $$i`; \
+--
+2.2.2
+
diff --git a/system/openssl/0003-use-termios.patch b/system/openssl/0003-use-termios.patch
new file mode 100644
index 000000000..3312d1856
--- /dev/null
+++ b/system/openssl/0003-use-termios.patch
@@ -0,0 +1,26 @@
+From 5caf1bdcdb56358c0ce38ef404fedbe323e66cb9 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 08:40:32 +0200
+Subject: [PATCH] use termios
+
+---
+ crypto/ui/ui_openssl.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c
+index 8bda83c..a89b5f2 100644
+--- a/crypto/ui/ui_openssl.c
++++ b/crypto/ui/ui_openssl.c
+@@ -224,6 +224,9 @@
+ # undef SGTTY
+ #endif
+
++#define TERMIOS
++#undef TERMIO
++
+ #ifdef TERMIOS
+ # include <termios.h>
+ # define TTY_STRUCT struct termios
+--
+2.2.2
+
diff --git a/system/openssl/0004-fix-default-ca-path-for-apps.patch b/system/openssl/0004-fix-default-ca-path-for-apps.patch
new file mode 100644
index 000000000..c2c53184a
--- /dev/null
+++ b/system/openssl/0004-fix-default-ca-path-for-apps.patch
@@ -0,0 +1,79 @@
+From 09e6425ad6927a825b077af85c50b2fb04773757 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 08:52:05 +0200
+Subject: [PATCH] fix default ca path for apps
+
+---
+ apps/s_server.c | 22 ++++++++++++++--------
+ apps/s_time.c | 13 ++++++-------
+ 3 files changed, 26 insertions(+), 22 deletions(-)
+
+diff --git a/apps/s_server.c b/apps/s_server.c
+index baa2455..2d5dc97 100644
+--- a/apps/s_server.c
++++ b/apps/s_server.c
+@@ -1770,12 +1770,14 @@ int MAIN(int argc, char *argv[])
+ }
+ #endif
+
+- if ((!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) ||
+- (!SSL_CTX_set_default_verify_paths(ctx))) {
+- /* BIO_printf(bio_err,"X509_load_verify_locations\n"); */
+- ERR_print_errors(bio_err);
+- /* goto end; */
++ if (CAfile == NULL && CApath == NULL) {
++ if (!SSL_CTX_set_default_verify_paths(ctx))
++ ERR_print_errors(bio_err);
++ } else {
++ if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath))
++ ERR_print_errors(bio_err);
+ }
++
+ if (vpm)
+ SSL_CTX_set1_param(ctx, vpm);
+
+@@ -1838,10 +1840,14 @@ int MAIN(int argc, char *argv[])
+ else
+ SSL_CTX_sess_set_cache_size(ctx2, 128);
+
+- if ((!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath)) ||
+- (!SSL_CTX_set_default_verify_paths(ctx2))) {
+- ERR_print_errors(bio_err);
++ if (CAfile == NULL && CApath == NULL) {
++ if (!SSL_CTX_set_default_verify_paths(ctx2))
++ ERR_print_errors(bio_err);
++ } else {
++ if (!SSL_CTX_load_verify_locations(ctx2, CAfile, CApath))
++ ERR_print_errors(bio_err);
+ }
++
+ if (vpm)
+ SSL_CTX_set1_param(ctx2, vpm);
+
+diff --git a/apps/s_time.c b/apps/s_time.c
+index 5846f3a..c8f371a 100644
+--- a/apps/s_time.c
++++ b/apps/s_time.c
+@@ -377,13 +377,12 @@ int MAIN(int argc, char **argv)
+
+ SSL_load_error_strings();
+
+- if ((!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath)) ||
+- (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
+- /*
+- * BIO_printf(bio_err,"error setting default verify locations\n");
+- */
+- ERR_print_errors(bio_err);
+- /* goto end; */
++ if (CAfile == NULL && CApath == NULL) {
++ if (!SSL_CTX_set_default_verify_paths(tm_ctx))
++ ERR_print_errors(bio_err);
++ } else {
++ if (!SSL_CTX_load_verify_locations(tm_ctx, CAfile, CApath))
++ ERR_print_errors(bio_err);
+ }
+
+ if (tm_cipher == NULL)
+--
+2.2.2
+
diff --git a/system/openssl/0005-fix-parallel-build.patch b/system/openssl/0005-fix-parallel-build.patch
new file mode 100644
index 000000000..70073fd19
--- /dev/null
+++ b/system/openssl/0005-fix-parallel-build.patch
@@ -0,0 +1,349 @@
+diff -ru openssl-1.0.2a.orig/Makefile.org openssl-1.0.2a/Makefile.org
+--- openssl-1.0.2d.orig/Makefile.org 2015-07-09 16:30:50.201986573 -0300
++++ openssl-1.0.2d/Makefile.org 2015-07-09 16:30:50.201986573 -0300
+@@ -278,17 +278,17 @@
+ build_libssl: build_ssl libssl.pc
+
+ build_crypto:
+- @dir=crypto; target=all; $(BUILD_ONE_CMD)
++ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+ build_ssl: build_crypto
+- @dir=ssl; target=all; $(BUILD_ONE_CMD)
++ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+ build_engines: build_crypto
+- @dir=engines; target=all; $(BUILD_ONE_CMD)
++ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+ build_apps: build_libs
+- @dir=apps; target=all; $(BUILD_ONE_CMD)
++ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+ build_tests: build_libs
+- @dir=test; target=all; $(BUILD_ONE_CMD)
++ +@dir=test; target=all; $(BUILD_ONE_CMD)
+ build_tools: build_libs
+- @dir=tools; target=all; $(BUILD_ONE_CMD)
++ +@dir=tools; target=all; $(BUILD_ONE_CMD)
+
+ all_testapps: build_libs build_testapps
+ build_testapps:
+@@ -536,9 +536,9 @@
+ dist_pem_h:
+ (cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
+
+-install: all install_docs install_sw
++install: install_docs install_sw
+
+-install_sw:
++install_dirs:
+ @$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
+@@ -547,12 +547,19 @@
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
+ $(INSTALL_PREFIX)$(OPENSSLDIR)/private
++ @$(PERL) $(TOP)/util/mkdir-p.pl \
++ $(INSTALL_PREFIX)$(MANDIR)/man1 \
++ $(INSTALL_PREFIX)$(MANDIR)/man3 \
++ $(INSTALL_PREFIX)$(MANDIR)/man5 \
++ $(INSTALL_PREFIX)$(MANDIR)/man7
++
++install_sw: install_dirs
+ @set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
++ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ @set -e; liblist="$(LIBS)"; for i in $$liblist ;\
+ do \
+ if [ -f "$$i" ]; then \
+@@ -636,12 +643,7 @@
+ done; \
+ done
+
+-install_docs:
+- @$(PERL) $(TOP)/util/mkdir-p.pl \
+- $(INSTALL_PREFIX)$(MANDIR)/man1 \
+- $(INSTALL_PREFIX)$(MANDIR)/man3 \
+- $(INSTALL_PREFIX)$(MANDIR)/man5 \
+- $(INSTALL_PREFIX)$(MANDIR)/man7
++install_docs: install_dirs
+ @pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
+ here="`pwd`"; \
+ filecase=; \
+diff -ru openssl-1.0.2a.orig/Makefile.shared openssl-1.0.2a/Makefile.shared
+--- openssl-1.0.2a.orig/Makefile.shared 2015-01-20 12:33:36.000000000 +0000
++++ openssl-1.0.2a/Makefile.shared 2015-03-19 14:53:31.246908039 +0000
+@@ -105,6 +105,7 @@
+ SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
+ LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
+ LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
++ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
+ LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
+ $${SHAREDCMD} $${SHAREDFLAGS} \
+ -o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
+@@ -122,6 +123,7 @@
+ done; \
+ fi; \
+ if [ -n "$$SHLIB_SOVER" ]; then \
++ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
+ ( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
+ ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
+ fi; \
+diff -ru openssl-1.0.2a.orig/crypto/Makefile openssl-1.0.2a/crypto/Makefile
+--- openssl-1.0.2a.orig/crypto/Makefile 2015-03-19 13:31:02.000000000 +0000
++++ openssl-1.0.2a/crypto/Makefile 2015-03-19 14:53:31.246908039 +0000
+@@ -85,11 +85,11 @@
+ @if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
+
+ subdirs:
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
+- @target=files; $(RECURSIVE_MAKE)
++ +@target=files; $(RECURSIVE_MAKE)
+
+ links:
+ @$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+@@ -100,7 +100,7 @@
+ # lib: $(LIB): are splitted to avoid end-less loop
+ lib: $(LIB)
+ @touch lib
+-$(LIB): $(LIBOBJ)
++$(LIB): $(LIBOBJ) | subdirs
+ $(AR) $(LIB) $(LIBOBJ)
+ test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+ $(RANLIB) $(LIB) || echo Never mind.
+@@ -111,7 +111,7 @@
+ fi
+
+ libs:
+- @target=lib; $(RECURSIVE_MAKE)
++ +@target=lib; $(RECURSIVE_MAKE)
+
+ install:
+ @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
+@@ -120,7 +120,7 @@
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ lint:
+ @target=lint; $(RECURSIVE_MAKE)
+diff -ru openssl-1.0.2a.orig/engines/Makefile openssl-1.0.2a/engines/Makefile
+--- openssl-1.0.2a.orig/engines/Makefile 2015-03-19 13:31:14.000000000 +0000
++++ openssl-1.0.2a/engines/Makefile 2015-03-19 14:53:31.246908039 +0000
+@@ -72,7 +72,7 @@
+
+ all: lib subdirs
+
+-lib: $(LIBOBJ)
++lib: $(LIBOBJ) | subdirs
+ @if [ -n "$(SHARED_LIBS)" ]; then \
+ set -e; \
+ for l in $(LIBNAMES); do \
+@@ -89,7 +89,7 @@
+
+ subdirs:
+ echo $(EDIRS)
+- @target=all; $(RECURSIVE_MAKE)
++ +@target=all; $(RECURSIVE_MAKE)
+
+ files:
+ $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+@@ -128,7 +128,7 @@
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
+ done; \
+ fi
+- @target=install; $(RECURSIVE_MAKE)
++ +@target=install; $(RECURSIVE_MAKE)
+
+ tags:
+ ctags $(SRC)
+diff -ru openssl-1.0.2a.orig/test/Makefile openssl-1.0.2a/test/Makefile
+--- openssl-1.0.2a.orig/test/Makefile 2015-03-19 13:31:16.000000000 +0000
++++ openssl-1.0.2a/test/Makefile 2015-03-19 14:55:44.146017128 +0000
+@@ -133,7 +133,7 @@
+ tags:
+ ctags $(SRC)
+
+-tests: exe apps $(TESTS)
++tests: exe $(TESTS)
+
+ apps:
+ @(cd ..; $(MAKE) DIRS=apps all)
+@@ -402,121 +402,121 @@
+ link_app.$${shlib_target}
+
+ $(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
+- @target=$(RSATEST); $(BUILD_CMD)
++ +@target=$(RSATEST); $(BUILD_CMD)
+
+ $(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
+- @target=$(BNTEST); $(BUILD_CMD)
++ +@target=$(BNTEST); $(BUILD_CMD)
+
+ $(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
+- @target=$(ECTEST); $(BUILD_CMD)
++ +@target=$(ECTEST); $(BUILD_CMD)
+
+ $(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
+- @target=$(EXPTEST); $(BUILD_CMD)
++ +@target=$(EXPTEST); $(BUILD_CMD)
+
+ $(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
+- @target=$(IDEATEST); $(BUILD_CMD)
++ +@target=$(IDEATEST); $(BUILD_CMD)
+
+ $(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
+- @target=$(MD2TEST); $(BUILD_CMD)
++ +@target=$(MD2TEST); $(BUILD_CMD)
+
+ $(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
+- @target=$(SHATEST); $(BUILD_CMD)
++ +@target=$(SHATEST); $(BUILD_CMD)
+
+ $(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
+- @target=$(SHA1TEST); $(BUILD_CMD)
++ +@target=$(SHA1TEST); $(BUILD_CMD)
+
+ $(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
+- @target=$(SHA256TEST); $(BUILD_CMD)
++ +@target=$(SHA256TEST); $(BUILD_CMD)
+
+ $(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
+- @target=$(SHA512TEST); $(BUILD_CMD)
++ +@target=$(SHA512TEST); $(BUILD_CMD)
+
+ $(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
+- @target=$(RMDTEST); $(BUILD_CMD)
++ +@target=$(RMDTEST); $(BUILD_CMD)
+
+ $(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
+- @target=$(MDC2TEST); $(BUILD_CMD)
++ +@target=$(MDC2TEST); $(BUILD_CMD)
+
+ $(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
+- @target=$(MD4TEST); $(BUILD_CMD)
++ +@target=$(MD4TEST); $(BUILD_CMD)
+
+ $(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
+- @target=$(MD5TEST); $(BUILD_CMD)
++ +@target=$(MD5TEST); $(BUILD_CMD)
+
+ $(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
+- @target=$(HMACTEST); $(BUILD_CMD)
++ +@target=$(HMACTEST); $(BUILD_CMD)
+
+ $(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
+- @target=$(WPTEST); $(BUILD_CMD)
++ +@target=$(WPTEST); $(BUILD_CMD)
+
+ $(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
+- @target=$(RC2TEST); $(BUILD_CMD)
++ +@target=$(RC2TEST); $(BUILD_CMD)
+
+ $(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
+- @target=$(BFTEST); $(BUILD_CMD)
++ +@target=$(BFTEST); $(BUILD_CMD)
+
+ $(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
+- @target=$(CASTTEST); $(BUILD_CMD)
++ +@target=$(CASTTEST); $(BUILD_CMD)
+
+ $(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
+- @target=$(RC4TEST); $(BUILD_CMD)
++ +@target=$(RC4TEST); $(BUILD_CMD)
+
+ $(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
+- @target=$(RC5TEST); $(BUILD_CMD)
++ +@target=$(RC5TEST); $(BUILD_CMD)
+
+ $(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
+- @target=$(DESTEST); $(BUILD_CMD)
++ +@target=$(DESTEST); $(BUILD_CMD)
+
+ $(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
+- @target=$(RANDTEST); $(BUILD_CMD)
++ +@target=$(RANDTEST); $(BUILD_CMD)
+
+ $(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
+- @target=$(DHTEST); $(BUILD_CMD)
++ +@target=$(DHTEST); $(BUILD_CMD)
+
+ $(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
+- @target=$(DSATEST); $(BUILD_CMD)
++ +@target=$(DSATEST); $(BUILD_CMD)
+
+ $(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
+- @target=$(METHTEST); $(BUILD_CMD)
++ +@target=$(METHTEST); $(BUILD_CMD)
+
+ $(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
++ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
+
+ $(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
+- @target=$(ENGINETEST); $(BUILD_CMD)
++ +@target=$(ENGINETEST); $(BUILD_CMD)
+
+ $(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
+- @target=$(EVPTEST); $(BUILD_CMD)
++ +@target=$(EVPTEST); $(BUILD_CMD)
+
+ $(EVPEXTRATEST)$(EXE_EXT): $(EVPEXTRATEST).o $(DLIBCRYPTO)
+- @target=$(EVPEXTRATEST); $(BUILD_CMD)
++ +@target=$(EVPEXTRATEST); $(BUILD_CMD)
+
+ $(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
+- @target=$(ECDSATEST); $(BUILD_CMD)
++ +@target=$(ECDSATEST); $(BUILD_CMD)
+
+ $(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
+- @target=$(ECDHTEST); $(BUILD_CMD)
++ +@target=$(ECDHTEST); $(BUILD_CMD)
+
+ $(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
+- @target=$(IGETEST); $(BUILD_CMD)
++ +@target=$(IGETEST); $(BUILD_CMD)
+
+ $(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
+- @target=$(JPAKETEST); $(BUILD_CMD)
++ +@target=$(JPAKETEST); $(BUILD_CMD)
+
+ $(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
+- @target=$(ASN1TEST); $(BUILD_CMD)
++ +@target=$(ASN1TEST); $(BUILD_CMD)
+
+ $(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
+- @target=$(SRPTEST); $(BUILD_CMD)
++ +@target=$(SRPTEST); $(BUILD_CMD)
+
+ $(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
+- @target=$(V3NAMETEST); $(BUILD_CMD)
++ +@target=$(V3NAMETEST); $(BUILD_CMD)
+
+ $(HEARTBEATTEST)$(EXE_EXT): $(HEARTBEATTEST).o $(DLIBCRYPTO)
+- @target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
++ +@target=$(HEARTBEATTEST); $(BUILD_CMD_STATIC)
+
+ $(CONSTTIMETEST)$(EXE_EXT): $(CONSTTIMETEST).o
+- @target=$(CONSTTIMETEST) $(BUILD_CMD)
++ +@target=$(CONSTTIMETEST) $(BUILD_CMD)
+
+ #$(AESTEST).o: $(AESTEST).c
+ # $(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+@@ -529,7 +529,7 @@
+ # fi
+
+ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
+- @target=dummytest; $(BUILD_CMD)
++ +@target=dummytest; $(BUILD_CMD)
+
+ # DO NOT DELETE THIS LINE -- make depend depends on it.
+
diff --git a/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch b/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
new file mode 100644
index 000000000..daa6df02f
--- /dev/null
+++ b/system/openssl/0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
@@ -0,0 +1,68 @@
+From 4785c095dbfb3630ddf6685f23e3a19c7c804cbc Mon Sep 17 00:00:00 2001
+From: William Pitcock <nenolod@dereferenced.org>
+Date: Thu, 5 Feb 2015 09:02:00 +0200
+Subject: [PATCH] add ircv3 tls-3.1 extension support to s_client
+
+---
+ apps/s_client.c | 24 ++++++++++++++++++++++--
+ 1 file changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/apps/s_client.c b/apps/s_client.c
+index 8aee02a..0a28b89 100644
+--- a/apps/s_client.c
++++ b/apps/s_client.c
+@@ -401,7 +401,7 @@ static void sc_usage(void)
+ BIO_printf(bio_err,
+ " 'prot' defines which one to assume. Currently,\n");
+ BIO_printf(bio_err,
+- " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
++ " only \"smtp\", \"pop3\", \"imap\", \"ftp\", \"xmpp\" and \"ircv3\"\n");
+ BIO_printf(bio_err, " are supported.\n");
+ #ifndef OPENSSL_NO_ENGINE
+ BIO_printf(bio_err,
+@@ -640,7 +640,8 @@ enum {
+ PROTO_POP3,
+ PROTO_IMAP,
+ PROTO_FTP,
+- PROTO_XMPP
++ PROTO_XMPP,
++ PROTO_IRCV3,
+ };
+
+ int MAIN(int, char **);
+@@ -1062,6 +1063,8 @@ int MAIN(int argc, char **argv)
+ starttls_proto = PROTO_FTP;
+ else if (strcmp(*argv, "xmpp") == 0)
+ starttls_proto = PROTO_XMPP;
++ else if (strcmp(*argv, "ircv3") == 0)
++ starttls_proto = PROTO_IRCV3;
+ else
+ goto bad;
+ }
+@@ -1646,6 +1649,23 @@ int MAIN(int argc, char **argv)
+ goto shut;
+ mbuf[0] = 0;
+ }
++ if (starttls_proto == PROTO_IRCV3) {
++ int seen = 0;
++ BIO_printf(sbio,"CAP REQ :tls\r\n");
++
++ while (!strstr(mbuf,"CAP")) {
++ seen = BIO_read(sbio,mbuf,BUFSIZZ);
++ mbuf[seen] = 0;
++ }
++ if (!strstr(mbuf,"ACK"))
++ goto shut;
++ BIO_printf(sbio,"CAP END\r\nSTARTTLS\r\n");
++ while (!strstr(sbuf, "670")) {
++ seen = BIO_read(sbio,sbuf,BUFSIZZ);
++ sbuf[seen] = 0;
++ }
++ mbuf[0] = 0;
++ }
+
+ for (;;) {
+ FD_ZERO(&readfds);
+--
+2.2.2
+
diff --git a/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch b/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
new file mode 100644
index 000000000..ff3d25eff
--- /dev/null
+++ b/system/openssl/0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
@@ -0,0 +1,27 @@
+From 7457e26d3a78c7cd923242d87d04febadddea086 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 10:06:31 +0200
+Subject: [PATCH] maintain abi compat with no-freelist and regular build
+
+---
+ ssl/ssl.h | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 2b0f662..636cb5d 100644
+--- a/ssl/ssl.h
++++ b/ssl/ssl.h
+@@ -1113,6 +1113,10 @@ struct ssl_ctx_st {
+ unsigned int freelist_max_len;
+ struct ssl3_buf_freelist_st *wbuf_freelist;
+ struct ssl3_buf_freelist_st *rbuf_freelist;
++# else
++ unsigned int freelist_dummy0;
++ void *freelist_dummy1;
++ void *freelist_dummy2;
+ # endif
+ # ifndef OPENSSL_NO_SRP
+ SRP_CTX srp_ctx; /* ctx for SRP authentication */
+--
+2.2.2
+
diff --git a/system/openssl/0009-no-rpath.patch b/system/openssl/0009-no-rpath.patch
new file mode 100644
index 000000000..56df75b79
--- /dev/null
+++ b/system/openssl/0009-no-rpath.patch
@@ -0,0 +1,11 @@
+--- a/Makefile.shared 2005-06-23 22:47:54.000000000 +0200
++++ b/Makefile.shared 2005-11-16 22:35:37.000000000 +0100
+@@ -153,7 +153,7 @@
+ NOALLSYMSFLAGS='-Wl,--no-whole-archive'; \
+ SHAREDFLAGS="$(CFLAGS) $(SHARED_LDFLAGS) -shared -Wl,-Bsymbolic -Wl,-soname=$$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX"
+
+-DO_GNU_APP=LDFLAGS="$(CFLAGS) -Wl,-rpath,$(LIBRPATH)"
++DO_GNU_APP=LDFLAGS="$(CFLAGS)"
+
+ #This is rather special. It's a special target with which one can link
+ #applications without bothering with any features that have anything to
diff --git a/system/openssl/0010-ssl-env-zlib.patch b/system/openssl/0010-ssl-env-zlib.patch
new file mode 100644
index 000000000..9eae15d72
--- /dev/null
+++ b/system/openssl/0010-ssl-env-zlib.patch
@@ -0,0 +1,38 @@
+diff -ru openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod
+--- openssl-1.0.2a.orig/doc/ssl/SSL_COMP_add_compression_method.pod 2015-01-15 16:43:14.000000000 -0200
++++ openssl-1.0.2a/doc/ssl/SSL_COMP_add_compression_method.pod 2015-03-27 15:18:47.280054883 -0200
+@@ -47,6 +47,13 @@
+ been standardized, the compression API will most likely be changed. Using
+ it in the current state is not recommended.
+
++It is also not recommended to use compression if data transfered contain
++untrusted parts that can be manipulated by an attacker as he could then
++get information about the encrypted data. See the CRIME attack. For
++that reason the default loading of the zlib compression method is
++disabled and enabled only if the environment variable B<OPENSSL_DEFAULT_ZLIB>
++is present during the library initialization.
++
+ =head1 RETURN VALUES
+
+ SSL_COMP_add_compression_method() may return the following values:
+diff -ru openssl-1.0.2a.orig/ssl/ssl_ciph.c openssl-1.0.2a/ssl/ssl_ciph.c
+--- openssl-1.0.2a.orig/ssl/ssl_ciph.c 2015-03-19 15:30:36.000000000 -0200
++++ openssl-1.0.2a/ssl/ssl_ciph.c 2015-03-27 15:23:05.960057092 -0200
+@@ -141,6 +141,8 @@
+ */
+
+ #include <stdio.h>
++#include <stdlib.h>
++#include <sys/auxv.h>
+ #include <openssl/objects.h>
+ #ifndef OPENSSL_NO_COMP
+ # include <openssl/comp.h>
+@@ -481,7 +483,7 @@
+
+ MemCheck_off();
+ ssl_comp_methods = sk_SSL_COMP_new(sk_comp_cmp);
+- if (ssl_comp_methods != NULL) {
++ if (ssl_comp_methods != NULL && getauxval(AT_SECURE) == 0 && getenv("OPENSSL_DEFAULT_ZLIB") != NULL) {
+ comp = (SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP));
+ if (comp != NULL) {
+ comp->method = COMP_zlib();
diff --git a/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch b/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
new file mode 100644
index 000000000..ef46faa84
--- /dev/null
+++ b/system/openssl/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
@@ -0,0 +1,88 @@
+From 83c96cbc76604daccbc31cea9411555aea96fd6d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 09:16:51 +0200
+Subject: [PATCH] crypto/hmac: support EVP_MD_CTX_FLAG_ONESHOT and set it
+ properly
+
+Some engines (namely VIA C7 Padlock) work only if EVP_MD_CTX_FLAG_ONESHOT
+is set before final update. This is because some crypto accelerators cannot
+perform non-finalizing transform of the digest.
+
+The usage of EVP_MD_CTX_FLAG_ONESHOT is used semantically slightly
+differently here. It is set before the final EVP_DigestUpdate call, not
+necessarily before EVP_DigestInit call. This will not cause any problems
+though.
+---
+ crypto/hmac/hmac.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/hmac/hmac.c b/crypto/hmac/hmac.c
+index 1fc9e2c..6f16578 100644
+--- a/crypto/hmac/hmac.c
++++ b/crypto/hmac/hmac.c
+@@ -109,7 +109,8 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ j = EVP_MD_block_size(md);
+ OPENSSL_assert(j <= (int)sizeof(ctx->key));
+ if (j < len) {
+- if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl))
++ EVP_MD_CTX_set_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT);
++ if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl))
+ goto err;
+ if (!EVP_DigestUpdate(&ctx->md_ctx, key, len))
+ goto err;
+@@ -129,6 +130,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ if (reset) {
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x36 ^ ctx->key[i];
++ EVP_MD_CTX_clear_flags(&ctx->i_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl))
+ goto err;
+ if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md)))
+@@ -136,6 +138,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+
+ for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+ pad[i] = 0x5c ^ ctx->key[i];
++ EVP_MD_CTX_clear_flags(&ctx->o_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl))
+ goto err;
+ if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md)))
+@@ -143,6 +146,7 @@ int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
+ }
+ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx))
+ goto err;
++ EVP_MD_CTX_clear_flags(&ctx->md_ctx, EVP_MD_CTX_FLAG_ONESHOT);
+ return 1;
+ err:
+ return 0;
+@@ -177,6 +181,7 @@ int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
+ goto err;
+ if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
+ goto err;
++ EVP_MD_CTX_set_flags(&ctx->md_ctx,EVP_MD_CTX_FLAG_ONESHOT);
+ if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i))
+ goto err;
+ if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len))
+@@ -233,8 +238,9 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+ if (md == NULL)
+ md = m;
+ HMAC_CTX_init(&c);
+- if (!HMAC_Init(&c, key, key_len, evp_md))
++ if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL))
+ goto err;
++ HMAC_CTX_set_flags(&c,EVP_MD_CTX_FLAG_ONESHOT);
+ if (!HMAC_Update(&c, d, n))
+ goto err;
+ if (!HMAC_Final(&c, md, md_len))
+@@ -247,7 +253,7 @@ unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
+
+ void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
+ {
+- EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+- EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
++ EVP_MD_CTX_set_flags(&ctx->i_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
++ EVP_MD_CTX_set_flags(&ctx->o_ctx, flags & ~EVP_MD_CTX_FLAG_ONESHOT);
+ EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+ }
+--
+2.2.2
+
diff --git a/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch b/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch
new file mode 100644
index 000000000..f63bbcd1c
--- /dev/null
+++ b/system/openssl/1002-backport-changes-from-upstream-padlock-module.patch
@@ -0,0 +1,200 @@
+From ba17588a940ee712c3ef6d458adb1087f0c84521 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 09:28:10 +0200
+Subject: [PATCH] backport changes from upstream padlock module.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Includes support for VIA Nano 64-bit mode.
+
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+---
+ engines/e_padlock.c | 142 +++++++++++++++++++++++++++++++++++++++++++++-------
+ 1 file changed, 125 insertions(+), 17 deletions(-)
+
+diff --git a/engines/e_padlock.c b/engines/e_padlock.c
+index 2898e4c..94406cb 100644
+--- a/engines/e_padlock.c
++++ b/engines/e_padlock.c
+@@ -101,7 +101,10 @@
+ */
+ # undef COMPILE_HW_PADLOCK
+ # if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
+-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
++# if (defined(__GNUC__) && __GNUC__>=2 && \
++ (defined(__i386__) || defined(__i386) || \
++ defined(__x86_64__) || defined(__x86_64)) \
++ ) || \
+ (defined(_MSC_VER) && defined(_M_IX86))
+ # define COMPILE_HW_PADLOCK
+ # endif
+@@ -303,6 +306,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
+ * =======================================================
+ */
+ # if defined(__GNUC__) && __GNUC__>=2
++# if defined(__i386__) || defined(__i386)
+ /*
+ * As for excessive "push %ebx"/"pop %ebx" found all over.
+ * When generating position-independent code GCC won't let
+@@ -379,22 +383,6 @@ static int padlock_available(void)
+ return padlock_use_ace + padlock_use_rng;
+ }
+
+-# ifndef OPENSSL_NO_AES
+-# ifndef AES_ASM
+-/* Our own htonl()/ntohl() */
+-static inline void padlock_bswapl(AES_KEY *ks)
+-{
+- size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
+- unsigned int *key = ks->rd_key;
+-
+- while (i--) {
+- asm volatile ("bswapl %0":"+r" (*key));
+- key++;
+- }
+-}
+-# endif
+-# endif
+-
+ /*
+ * Force key reload from memory to the CPU microcode. Loading EFLAGS from the
+ * stack clears EFLAGS[30] which does the trick.
+@@ -448,6 +436,110 @@ static inline void *name(size_t cnt, \
+ : "edx", "cc", "memory"); \
+ return iv; \
+ }
++#endif
++
++#elif defined(__x86_64__) || defined(__x86_64)
++
++/* Load supported features of the CPU to see if
++ the PadLock is available. */
++static int
++padlock_available(void)
++{
++ char vendor_string[16];
++ unsigned int eax, edx;
++
++ /* Are we running on the Centaur (VIA) CPU? */
++ eax = 0x00000000;
++ vendor_string[12] = 0;
++ asm volatile (
++ "cpuid\n"
++ "movl %%ebx,(%1)\n"
++ "movl %%edx,4(%1)\n"
++ "movl %%ecx,8(%1)\n"
++ : "+a"(eax) : "r"(vendor_string) : "rbx", "rcx", "rdx");
++ if (strcmp(vendor_string, "CentaurHauls") != 0)
++ return 0;
++
++ /* Check for Centaur Extended Feature Flags presence */
++ eax = 0xC0000000;
++ asm volatile ("cpuid"
++ : "+a"(eax) : : "rbx", "rcx", "rdx");
++ if (eax < 0xC0000001)
++ return 0;
++
++ /* Read the Centaur Extended Feature Flags */
++ eax = 0xC0000001;
++ asm volatile ("cpuid"
++ : "+a"(eax), "=d"(edx) : : "rbx", "rcx");
++
++ /* Fill up some flags */
++ padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
++ padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
++
++ return padlock_use_ace + padlock_use_rng;
++}
++
++/* Force key reload from memory to the CPU microcode.
++ Loading EFLAGS from the stack clears EFLAGS[30]
++ which does the trick. */
++static inline void
++padlock_reload_key(void)
++{
++ asm volatile ("pushfq; popfq");
++}
++
++#ifndef OPENSSL_NO_AES
++/*
++ * This is heuristic key context tracing. At first one
++ * believes that one should use atomic swap instructions,
++ * but it's not actually necessary. Point is that if
++ * padlock_saved_context was changed by another thread
++ * after we've read it and before we compare it with cdata,
++ * our key *shall* be reloaded upon thread context switch
++ * and we are therefore set in either case...
++ */
++static inline void
++padlock_verify_context(struct padlock_cipher_data *cdata)
++{
++ asm volatile (
++ "pushfq\n"
++" btl $30,(%%rsp)\n"
++" jnc 1f\n"
++" cmpq %2,%1\n"
++" je 1f\n"
++" popfq\n"
++" subq $8,%%rsp\n"
++"1: addq $8,%%rsp\n"
++" movq %2,%0"
++ :"+m"(padlock_saved_context)
++ : "r"(padlock_saved_context), "r"(cdata) : "cc");
++}
++
++/* Template for padlock_xcrypt_* modes */
++/* BIG FAT WARNING:
++ * The offsets used with 'leal' instructions
++ * describe items of the 'padlock_cipher_data'
++ * structure.
++ */
++#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt) \
++static inline void *name(size_t cnt, \
++ struct padlock_cipher_data *cdata, \
++ void *out, const void *inp) \
++{ void *iv; \
++ asm volatile ( "leaq 16(%0),%%rdx\n" \
++ " leaq 32(%0),%%rbx\n" \
++ rep_xcrypt "\n" \
++ : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
++ : "0"(cdata), "1"(cnt), "2"(out), "3"(inp) \
++ : "rbx", "rdx", "cc", "memory"); \
++ return iv; \
++}
++#endif
++
++#endif /* cpu */
++
++
++# ifndef OPENSSL_NO_AES
+
+ /* Generate all functions with appropriate opcodes */
+ /* rep xcryptecb */
+@@ -458,7 +550,23 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
+ /* rep xcryptofb */
+ PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
++
++# ifndef AES_ASM
++/* Our own htonl()/ntohl() */
++static inline void padlock_bswapl(AES_KEY *ks)
++{
++ size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
++ unsigned int *key = ks->rd_key;
++
++ while (i--) {
++ asm volatile ("bswapl %0":"+r" (*key));
++ key++;
++ }
++}
++# endif
++
+ # endif
++
+ /* The RNG call itself */
+ static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
+ {
+--
+2.2.2
+
diff --git a/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch b/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
new file mode 100644
index 000000000..5a2cdd633
--- /dev/null
+++ b/system/openssl/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
@@ -0,0 +1,782 @@
+From 728af0306505f1ff91364ac2175fb6bf5da90ec3 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 5 Feb 2015 09:41:12 +0200
+Subject: [PATCH] engines/e_padlock: implement sha1/sha224/sha256 acceleration
+
+Limited support for VIA C7 that works only when EVP_MD_CTX_FLAG_ONESHOT
+is used appropriately (as done by EVP_Digest, and my previous HMAC patch).
+
+Full support for VIA Nano including partial transformation and 64-bit mode.
+
+Benchmarks from VIA Nano 1.6GHz, done with including the previous HMAC and
+apps/speed patches done. From single run, error margin of about 100-200k.
+
+No padlock
+
+type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
+sha1 20057.60k 51514.05k 99721.39k 130167.81k 142811.14k
+sha256 7757.72k 16907.18k 28937.05k 35181.23k 37568.51k
+hmac(sha1) 8582.53k 27644.69k 70402.30k 114602.67k 140167.85k
+
+With the patch
+
+sha1 37713.77k 114562.71k 259637.33k 379907.41k 438818.13k
+sha256 34262.86k 103233.75k 232476.07k 338386.60k 389860.01k
+hmac(sha1) 8424.70k 31475.11k 104036.10k 245559.30k 406667.26k
+---
+ engines/e_padlock.c | 663 ++++++++++++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 614 insertions(+), 49 deletions(-)
+
+diff --git a/engines/e_padlock.c b/engines/e_padlock.c
+index 94406cb..5e99114 100644
+--- a/engines/e_padlock.c
++++ b/engines/e_padlock.c
+@@ -3,6 +3,9 @@
+ * Written by Michal Ludvig <michal@logix.cz>
+ * http://www.logix.cz/michal
+ *
++ * SHA support by Timo Teras <timo.teras@iki.fi>. Portions based on
++ * code originally written by Michal Ludvig.
++ *
+ * Big thanks to Andy Polyakov for a help with optimization,
+ * assembler fixes, port to MS Windows and a lot of other
+ * valuable work on this engine!
+@@ -63,7 +66,9 @@
+ */
+
+ #include <stdio.h>
++#include <stdint.h>
+ #include <string.h>
++#include <netinet/in.h>
+
+ #include <openssl/opensslconf.h>
+ #include <openssl/crypto.h>
+@@ -73,11 +78,32 @@
+ #ifndef OPENSSL_NO_AES
+ # include <openssl/aes.h>
+ #endif
++#ifndef OPENSSL_NO_SHA
++# include <openssl/sha.h>
++#endif
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+
+ #ifndef OPENSSL_NO_HW
+-# ifndef OPENSSL_NO_HW_PADLOCK
++# ifndef OPENSSL_NO_HW_PADLOCK
++
++/* PadLock RNG is disabled by default */
++# define PADLOCK_NO_RNG 1
++
++/* No ASM routines for SHA in MSC yet */
++# ifdef _MSC_VER
++# define OPENSSL_NO_SHA
++# endif
++
++/* 64-bit mode does not need software SHA1 as fallback, we can
++ * do all operations with padlock */
++# if defined(__x86_64__) || defined(__x86_64)
++# define PADLOCK_NEED_FALLBACK_SHA 0
++# else
++# define PADLOCK_NEED_FALLBACK_SHA 1
++# endif
++
++# define PADLOCK_MAX_FINALIZING_LENGTH 0x1FFFFFFE
+
+ /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+ # if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+@@ -151,60 +177,42 @@ void ENGINE_load_padlock(void)
+ static int padlock_available(void);
+ static int padlock_init(ENGINE *e);
+
++# ifndef PADLOCK_NO_RNG
+ /* RNG Stuff */
+ static RAND_METHOD padlock_rand;
+-
+-/* Cipher Stuff */
+-# ifndef OPENSSL_NO_AES
+-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+- const int **nids, int nid);
+ # endif
+
+ /* Engine names */
+ static const char *padlock_id = "padlock";
+ static char padlock_name[100];
+
++static int padlock_bind_helper(ENGINE *e);
++
+ /* Available features */
+-static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+-static int padlock_use_rng = 0; /* Random Number Generator */
++enum padlock_flags {
++ PADLOCK_RNG = 0x01,
++ PADLOCK_ACE = 0x02,
++ PADLOCK_ACE2 = 0x04,
++ PADLOCK_PHE = 0x08,
++ PADLOCK_PMM = 0x10,
++ PADLOCK_NANO = 0x20,
++};
++enum padlock_flags padlock_flags;
++
++#define PADLOCK_HAVE_RNG (padlock_flags & PADLOCK_RNG)
++#define PADLOCK_HAVE_ACE (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2))
++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE)
++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2)
++#define PADLOCK_HAVE_PHE (padlock_flags & PADLOCK_PHE)
++#define PADLOCK_HAVE_PMM (padlock_flags & PADLOCK_PMM)
++#define PADLOCK_HAVE_NANO (padlock_flags & PADLOCK_NANO)
++
+ # ifndef OPENSSL_NO_AES
+ static int padlock_aes_align_required = 1;
+ # endif
+
+ /* ===== Engine "management" functions ===== */
+
+-/* Prepare the ENGINE structure for registration */
+-static int padlock_bind_helper(ENGINE *e)
+-{
+- /* Check available features */
+- padlock_available();
+-
+-# if 1 /* disable RNG for now, see commentary in
+- * vicinity of RNG code */
+- padlock_use_rng = 0;
+-# endif
+-
+- /* Generate a nice engine name with available features */
+- BIO_snprintf(padlock_name, sizeof(padlock_name),
+- "VIA PadLock (%s, %s)",
+- padlock_use_rng ? "RNG" : "no-RNG",
+- padlock_use_ace ? "ACE" : "no-ACE");
+-
+- /* Register everything or return with an error */
+- if (!ENGINE_set_id(e, padlock_id) ||
+- !ENGINE_set_name(e, padlock_name) ||
+- !ENGINE_set_init_function(e, padlock_init) ||
+-# ifndef OPENSSL_NO_AES
+- (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
+-# endif
+- (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
+- return 0;
+- }
+-
+- /* Everything looks good */
+- return 1;
+-}
+-
+ # ifdef OPENSSL_NO_DYNAMIC_ENGINE
+
+ /* Constructor */
+@@ -229,7 +237,7 @@ static ENGINE *ENGINE_padlock(void)
+ /* Check availability of the engine */
+ static int padlock_init(ENGINE *e)
+ {
+- return (padlock_use_rng || padlock_use_ace);
++ return padlock_flags;
+ }
+
+ /*
+@@ -377,10 +385,20 @@ static int padlock_available(void)
+ "=d"(edx)::"ecx");
+
+ /* Fill up some flags */
+- padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
+- padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
+-
+- return padlock_use_ace + padlock_use_rng;
++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0);
++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0);
++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
++
++ /* Check for VIA Nano CPU */
++ eax = 0x00000001;
++ asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
++ : "+a"(eax) : : "ecx", "edx");
++ if ((eax | 0x000F) == 0x06FF)
++ padlock_flags |= PADLOCK_NANO;
++
++ return padlock_flags;
+ }
+
+ /*
+@@ -473,10 +491,14 @@ padlock_available(void)
+ : "+a"(eax), "=d"(edx) : : "rbx", "rcx");
+
+ /* Fill up some flags */
+- padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
+- padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
+-
+- return padlock_use_ace + padlock_use_rng;
++ padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0);
++ padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0);
++ padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
++ padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
++ padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
++ padlock_flags |= PADLOCK_NANO;
++
++ return padlock_flags;
+ }
+
+ /* Force key reload from memory to the CPU microcode.
+@@ -1293,6 +1315,496 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+
+ # endif /* OPENSSL_NO_AES */
+
++#ifndef OPENSSL_NO_SHA
++
++static inline void
++padlock_copy_bswap(void *dst, void *src, size_t count)
++{
++ uint32_t *udst = dst, *usrc = src;
++ int i = 0;
++
++ for (i = 0; i < count; i++)
++ udst[i] = htonl(usrc[i]);
++}
++
++static unsigned long padlock_sha_prepare_padding(
++ EVP_MD_CTX *ctx,
++ unsigned char *padding,
++ unsigned char *data, size_t data_len,
++ uint64_t total)
++{
++ unsigned int padding_len;
++
++ padding_len = data_len < 56 ? SHA_CBLOCK : 2 * SHA_CBLOCK;
++ if (data_len)
++ memcpy(padding, data, data_len);
++
++ memset(padding + data_len, 0, padding_len - data_len);
++ padding[data_len] = 0x80;
++ *(uint32_t *)(padding + padding_len - 8) = htonl(total >> 32);
++ *(uint32_t *)(padding + padding_len - 4) = htonl(total & 0xffffffff);
++
++ return data_len < 56 ? 1 : 2;
++}
++
++#define PADLOCK_SHA_ALIGN(dd) (uint32_t*)(((uintptr_t)(dd) + 15) & ~15)
++#define PADLOCK_SHA_HWCTX (128+16)
++
++static void
++padlock_sha1(void *hwctx, const void *buf, unsigned long total, unsigned long now)
++{
++ unsigned long pos = total - now;
++
++ asm volatile ("xsha1"
++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total)
++ : : "memory");
++}
++
++static void
++padlock_sha1_partial(void *hwctx, const void *buf, unsigned long blocks)
++{
++ asm volatile ("xsha1"
++ : "+S"(buf), "+D"(hwctx), "+c"(blocks)
++ : "a"(-1L) : "memory");
++}
++
++static int padlock_sha1_init(EVP_MD_CTX *ctx)
++{
++ return SHA1_Init(ctx->md_data);
++}
++
++#if PADLOCK_NEED_FALLBACK_SHA
++
++static int padlock_sha1_update_eden(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ const unsigned char *p = data;
++ unsigned long l = 0;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) {
++ if (c->num != 0) {
++ l = (len < SHA_CBLOCK - c->num) ? len : (SHA_CBLOCK - c->num);
++ if (!SHA1_Update(c, data, l))
++ return 0;
++ p += l;
++ if (c->num != 0) {
++ p = (unsigned char *) c->data;
++ len = c->num;
++ l = 0;
++ }
++ }
++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG));
++ padlock_sha1(aligned, p, total, len - l);
++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG));
++ c->num = -1;
++ return 1;
++ }
++
++ return SHA1_Update(c, data, len);
++}
++#endif
++
++static int padlock_sha1_update(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ unsigned char *p;
++ unsigned long n;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++ c->Nh = total >> 29;
++ c->Nl = (total << 3) & 0xffffffffUL;
++
++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG));
++
++ /* Check partial data */
++ n = c->num;
++ if (n) {
++ p = (unsigned char *) c->data;
++ if (len >= SHA_CBLOCK || len+n >= SHA_CBLOCK) {
++ memcpy(p+n, data, SHA_CBLOCK-n);
++ padlock_sha1_partial(aligned, p, 1);
++ n = SHA_CBLOCK - n;
++ data += n;
++ len -= n;
++ c->num = 0;
++ memset(p, 0, SHA_CBLOCK);
++ } else {
++ memcpy(p+n, data, len);
++ c->num += (unsigned int)len;
++ return 1;
++ }
++ }
++
++ /* Can we finalize straight away? */
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) {
++ padlock_sha1(aligned, data, total, len);
++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG));
++ c->num = -1;
++ return 1;
++ }
++
++ /* Use nonfinalizing update */
++ n = len / SHA_CBLOCK;
++ if (n != 0) {
++ padlock_sha1_partial(aligned, data, n);
++ data += n * SHA_CBLOCK;
++ len -= n * SHA_CBLOCK;
++ }
++ memcpy(&c->h0, aligned, 5 * sizeof(SHA_LONG));
++
++ /* Buffer remaining bytes */
++ if (len) {
++ memcpy(c->data, data, len);
++ c->num = len;
++ }
++
++ return 1;
++}
++
++static int padlock_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ uint64_t total;
++ SHA_CTX *c = ctx->md_data;
++
++ if (c->num == -1) {
++ padlock_copy_bswap(md, &c->h0, 5);
++ c->num = 0;
++ return 1;
++ }
++
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++#if PADLOCK_NEED_FALLBACK_SHA
++ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH))
++ return SHA1_Final(md, c);
++#endif
++
++ memcpy(aligned, &c->h0, 5 * sizeof(SHA_LONG));
++ if (total > PADLOCK_MAX_FINALIZING_LENGTH) {
++ unsigned char padding[2 * SHA_CBLOCK];
++ unsigned long n;
++
++ n = padlock_sha_prepare_padding(ctx, padding,
++ (unsigned char *) c->data, c->num, total << 3);
++ padlock_sha1_partial(aligned, padding, n);
++ } else {
++ padlock_sha1(aligned, c->data, total, c->num);
++ }
++ padlock_copy_bswap(md, aligned, 5);
++ c->num = 0;
++
++ return 1;
++}
++
++static EVP_MD padlock_sha1_md = {
++ NID_sha1,
++ NID_sha1WithRSAEncryption,
++ SHA_DIGEST_LENGTH,
++ EVP_MD_FLAG_PKEY_METHOD_SIGNATURE,
++ padlock_sha1_init,
++ padlock_sha1_update,
++ padlock_sha1_final,
++ NULL,
++ NULL,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA_CTX),
++};
++
++static EVP_MD padlock_dss1_md = {
++ NID_dsa,
++ NID_dsaWithSHA1,
++ SHA_DIGEST_LENGTH,
++ 0,
++ padlock_sha1_init,
++ padlock_sha1_update,
++ padlock_sha1_final,
++ NULL,
++ NULL,
++ EVP_PKEY_DSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA_CTX),
++};
++
++
++#if !defined(OPENSSL_NO_SHA256)
++
++static void
++padlock_sha256(void *hwctx, const void *buf, unsigned long total, unsigned long now)
++{
++ unsigned long pos = total - now;
++
++ asm volatile ("xsha256"
++ : "+S"(buf), "+D"(hwctx), "+a"(pos), "+c"(total)
++ : : "memory");
++}
++
++static void
++padlock_sha256_partial(void *hwctx, const void *buf, unsigned long blocks)
++{
++ asm volatile ("xsha256"
++ : "+S"(buf), "+D"(hwctx), "+c"(blocks)
++ : "a"(-1L) : "memory");
++}
++
++#if PADLOCK_NEED_FALLBACK_SHA
++
++static int padlock_sha256_update_eden(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA256_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ const unsigned char *p = data;
++ unsigned int l = 0;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) {
++ if (c->num != 0) {
++ l = (len < SHA256_CBLOCK - c->num) ? len : (SHA256_CBLOCK - c->num);
++ if (!SHA256_Update(c, data, l))
++ return 0;
++ p += l;
++ if (c->num != 0) {
++ p = (unsigned char *) c->data;
++ len = c->num;
++ l = 0;
++ }
++ }
++ memcpy(aligned, c->h, sizeof(c->h));
++ padlock_sha256(aligned, p, total, len - l);
++ memcpy(c->h, aligned, sizeof(c->h));
++ c->num = -1;
++ return 1;
++ }
++
++ return SHA256_Update(c, data, len);
++}
++
++#endif
++
++static int padlock_sha256_update(EVP_MD_CTX *ctx, const void *data,
++ size_t len)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ SHA256_CTX *c = ctx->md_data;
++ uint_fast64_t total;
++ unsigned char *p;
++ unsigned long n;
++
++ /* Calculate total length (Nl,Nh) is length in bits */
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++ total += len;
++ c->Nh = total >> 29;
++ c->Nl = (total << 3) & 0xffffffffUL;
++
++ memcpy(aligned, c->h, sizeof(c->h));
++
++ /* Check partial data */
++ n = c->num;
++ if (n) {
++ p = (unsigned char *) c->data;
++ if (len >= SHA256_CBLOCK || len+n >= SHA256_CBLOCK) {
++ memcpy(p+n, data, SHA256_CBLOCK-n);
++ padlock_sha256_partial(aligned, p, 1);
++ n = SHA256_CBLOCK - n;
++ data += n;
++ len -= n;
++ c->num = 0;
++ memset(p, 0, SHA256_CBLOCK);
++ } else {
++ memcpy(p+n, data, len);
++ c->num += (unsigned int)len;
++ return 1;
++ }
++ }
++
++ /* Can we finalize straight away? */
++ if ((ctx->flags & EVP_MD_CTX_FLAG_ONESHOT) &&
++ (total <= PADLOCK_MAX_FINALIZING_LENGTH)) {
++ padlock_sha256(aligned, data, total, len);
++ memcpy(c->h, aligned, sizeof(c->h));
++ c->num = -1;
++ return 1;
++ }
++
++ /* Use nonfinalizing update */
++ n = len / SHA256_CBLOCK;
++ if (n != 0) {
++ padlock_sha256_partial(aligned, data, n);
++ data += n * SHA256_CBLOCK;
++ len -= n * SHA256_CBLOCK;
++ }
++ memcpy(c->h, aligned, sizeof(c->h));
++
++ /* Buffer remaining bytes */
++ if (len) {
++ memcpy(c->data, data, len);
++ c->num = len;
++ }
++
++ return 1;
++}
++
++static int padlock_sha256_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++ unsigned char hwctx[PADLOCK_SHA_HWCTX];
++ uint32_t *aligned = PADLOCK_SHA_ALIGN(hwctx);
++ uint64_t total;
++ SHA256_CTX *c = ctx->md_data;
++
++ if (c->num == -1) {
++ padlock_copy_bswap(md, c->h, sizeof(c->h)/sizeof(c->h[0]));
++ c->num = 0;
++ return 1;
++ }
++
++ total = (((uint_fast64_t) c->Nh) << 29) + (c->Nl >> 3);
++#if PADLOCK_NEED_FALLBACK_SHA
++ if ((!PADLOCK_HAVE_NANO) && (total > PADLOCK_MAX_FINALIZING_LENGTH))
++ return SHA256_Final(md, c);
++#endif
++
++ memcpy(aligned, c->h, sizeof(c->h));
++ if (total > PADLOCK_MAX_FINALIZING_LENGTH) {
++ unsigned char padding[2 * SHA_CBLOCK];
++ unsigned long n;
++
++ n = padlock_sha_prepare_padding(ctx, padding,
++ (unsigned char *) c->data, c->num, total << 3);
++ padlock_sha256_partial(aligned, padding, n);
++ } else {
++ padlock_sha256(aligned, c->data, total, c->num);
++ }
++ padlock_copy_bswap(md, aligned, sizeof(c->h)/sizeof(c->h[0]));
++ c->num = 0;
++ return 1;
++}
++
++#if !defined(OPENSSL_NO_SHA224)
++
++static int padlock_sha224_init(EVP_MD_CTX *ctx)
++{
++ return SHA224_Init(ctx->md_data);
++}
++
++static EVP_MD padlock_sha224_md = {
++ NID_sha224,
++ NID_sha224WithRSAEncryption,
++ SHA224_DIGEST_LENGTH,
++ 0,
++ padlock_sha224_init,
++ padlock_sha256_update,
++ padlock_sha256_final,
++ NULL,
++ NULL,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA256_CTX),
++};
++#endif /* !OPENSSL_NO_SHA224 */
++
++static int padlock_sha256_init(EVP_MD_CTX *ctx)
++{
++ return SHA256_Init(ctx->md_data);
++}
++
++static EVP_MD padlock_sha256_md = {
++ NID_sha256,
++ NID_sha256WithRSAEncryption,
++ SHA256_DIGEST_LENGTH,
++ 0,
++ padlock_sha256_init,
++ padlock_sha256_update,
++ padlock_sha256_final,
++ NULL,
++ NULL,
++ EVP_PKEY_RSA_method,
++ SHA_CBLOCK,
++ sizeof(SHA256_CTX),
++};
++#endif /* !OPENSSL_NO_SHA256 */
++
++static int padlock_digest_nids[] = {
++#if !defined(OPENSSL_NO_SHA)
++ NID_sha1,
++ NID_dsa,
++#endif
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++ NID_sha224,
++#endif
++ NID_sha256,
++#endif
++};
++
++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]);
++
++static int
++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
++{
++ /* No specific digest => return a list of supported nids ... */
++ if (!digest) {
++ *nids = padlock_digest_nids;
++ return padlock_digest_nids_num;
++ }
++
++ /* ... or the requested "digest" otherwise */
++ switch (nid) {
++#if !defined(OPENSSL_NO_SHA)
++ case NID_sha1:
++ *digest = &padlock_sha1_md;
++ break;
++ case NID_dsa:
++ *digest = &padlock_dss1_md;
++ break;
++#endif
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++ case NID_sha224:
++ *digest = &padlock_sha224_md;
++ break;
++#endif /* OPENSSL_NO_SHA224 */
++ case NID_sha256:
++ *digest = &padlock_sha256_md;
++ break;
++#endif /* OPENSSL_NO_SHA256 */
++ default:
++ /* Sorry, we don't support this NID */
++ *digest = NULL;
++ return 0;
++ }
++
++ return 1;
++}
++
++#endif /* OPENSSL_NO_SHA */
++
++#ifndef PADLOCK_NO_RNG
++
+ /* ===== Random Number Generator ===== */
+ /*
+ * This code is not engaged. The reason is that it does not comply
+@@ -1356,6 +1868,59 @@ static RAND_METHOD padlock_rand = {
+ padlock_rand_bytes, /* pseudorand */
+ padlock_rand_status, /* rand status */
+ };
++#endif /* PADLOCK_NO_RNG */
++
++/* Prepare the ENGINE structure for registration */
++static int
++padlock_bind_helper(ENGINE *e)
++{
++ /* Check available features */
++ padlock_available();
++
++ /* Generate a nice engine name with available features */
++ BIO_snprintf(padlock_name, sizeof(padlock_name),
++ "VIA PadLock: %s%s%s%s%s%s",
++ padlock_flags ? "" : "not supported",
++ PADLOCK_HAVE_RNG ? "RNG " : "",
++ PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "",
++ PADLOCK_HAVE_PHE ? "PHE " : "",
++ PADLOCK_HAVE_PMM ? "PMM " : "",
++ PADLOCK_HAVE_NANO ? "NANO " : ""
++ );
++
++#if PADLOCK_NEED_FALLBACK_SHA && !defined(OPENSSL_NO_SHA)
++ if (!PADLOCK_HAVE_NANO) {
++ padlock_sha1_md.update = padlock_sha1_update_eden;
++ padlock_dss1_md.update = padlock_sha1_update_eden;
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++ padlock_sha224_md.update = padlock_sha256_update_eden;
++#endif
++ padlock_sha256_md.update = padlock_sha256_update_eden;
++#endif
++ }
++#endif
++
++ /* Register everything or return with an error */
++ if (!ENGINE_set_id(e, padlock_id) ||
++ !ENGINE_set_name(e, padlock_name) ||
++ !ENGINE_set_init_function(e, padlock_init)
++#ifndef OPENSSL_NO_AES
++ || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
++#endif
++#ifndef OPENSSL_NO_SHA
++ || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
++#endif
++#ifndef PADLOCK_NO_RNG
++ || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
++#endif
++ ) {
++ return 0;
++ }
++
++ /* Everything looks good */
++ return 1;
++}
+
+ # else /* !COMPILE_HW_PADLOCK */
+ # ifndef OPENSSL_NO_DYNAMIC_ENGINE
+--
+2.2.2
+
diff --git a/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch b/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch
new file mode 100644
index 000000000..66f37451e
--- /dev/null
+++ b/system/openssl/1004-crypto-engine-autoload-padlock-dynamic-engine.patch
@@ -0,0 +1,33 @@
+From a58658f191e83f4c6417d2cc879fa572f7978537 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Thu, 4 Feb 2016 16:28:15 +0100
+Subject: [PATCH] crypto/engine: autoload padlock dynamic engine
+
+---
+ crypto/engine/eng_all.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/crypto/engine/eng_all.c b/crypto/engine/eng_all.c
+index 48ad0d2..822aa23 100644
+--- a/crypto/engine/eng_all.c
++++ b/crypto/engine/eng_all.c
+@@ -120,6 +120,16 @@ void ENGINE_load_builtin_engines(void)
+ ENGINE_load_capi();
+ # endif
+ #endif
++#ifdef OPENSSL_NO_STATIC_ENGINE
++ {
++ ENGINE *e = ENGINE_by_id("padlock");
++ if (e != NULL) {
++ ENGINE_add(e);
++ ENGINE_free(e);
++ ERR_clear_error();
++ }
++ }
++#endif
+ ENGINE_register_all_complete();
+ }
+
+--
+2.7.0
+
diff --git a/system/openssl/APKBUILD b/system/openssl/APKBUILD
new file mode 100644
index 000000000..da5f61799
--- /dev/null
+++ b/system/openssl/APKBUILD
@@ -0,0 +1,151 @@
+# Maintainer: Timo Teras <timo.teras@iki.fi>
+pkgname=openssl
+pkgver=1.0.2n
+pkgrel=0
+pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
+url="http://openssl.org"
+depends=
+makedepends_build="perl"
+makedepends_host="zlib-dev"
+makedepends="$makedepends_host $makedepends_build"
+depends_dev="zlib-dev"
+checkdepends="perl"
+provides="libressl=9999"
+arch="all"
+license="openssl"
+
+subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc libcrypto1.0:libcrypto libssl1.0:libssl"
+
+source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
+ 0002-busybox-basename.patch
+ 0003-use-termios.patch
+ 0004-fix-default-ca-path-for-apps.patch
+ 0005-fix-parallel-build.patch
+ 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
+ 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
+ 0009-no-rpath.patch
+ 0010-ssl-env-zlib.patch
+ 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
+ 1002-backport-changes-from-upstream-padlock-module.patch
+ 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch
+ "
+
+# secfixes:
+# 1.0.2h-r0:
+# - CVE-2016-2107
+# - CVE-2016-2105
+# - CVE-2016-2106
+# - CVE-2016-2109
+# - CVE-2016-2176
+# 1.0.2h-r1:
+# - CVE-2016-2177
+# - CVE-2016-2178
+# 1.0.2h-r2:
+# - CVE-2016-2180
+# 1.0.2h-r3:
+# - CVE-2016-2179
+# - CVE-2016-2182
+# - CVE-2016-6302
+# - CVE-2016-6303
+# 1.0.2h-r4:
+# - CVE-2016-2181
+# 1.0.2i-r0:
+# - CVE-2016-2183
+# - CVE-2016-6304
+# - CVE-2016-6306
+# 1.0.2m-r0:
+# - CVE-2017-3735
+# - CVE-2017-3736
+# 1.0.2n-r0:
+# - CVE-2017-3737
+# - CVE-2017-3738
+
+builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+ local _target _optflags
+ cd "$builddir"
+
+ # openssl will prepend crosscompile always core CC et al
+ CC=${CC#${CROSS_COMPILE}}
+ CXX=${CXX#${CROSS_COMPILE}}
+ CPP=${CPP#${CROSS_COMPILE}}
+
+ # determine target OS for openssl
+ case "$CARCH" in
+ aarch64*) _target="linux-aarch64" ;;
+ arm*) _target="linux-armv4" ;;
+ ppc) _target="linux-ppc" ;;
+ ppc64) _target="linux-ppc64"; _optflags="no-asm" ;;
+ ppc64le) _target="linux-ppc64le" ;;
+ i528 | pmmx | x86) _target="linux-elf" ;;
+ x86_64) _target="linux-x86_64"; _optflags="enable-ec_nistp_64_gcc_128" ;;
+ s390x) _target="linux64-s390x";;
+ *) msg "Unable to determine architecture from (CARCH=$CARCH)" ; return 1 ;;
+ esac
+
+ # Configure assumes --options are for it, so can't use
+ # gcc's --sysroot fake this by overriding CC
+ [ -n "$CBUILDROOT" ] && CC="$CC --sysroot=${CBUILDROOT}"
+
+ perl ./Configure $_target --prefix=/usr \
+ --libdir=lib \
+ --openssldir=/etc/ssl \
+ shared zlib enable-montasm enable-md2 $_optflags \
+ -DOPENSSL_NO_BUF_FREELISTS \
+ $CPPFLAGS $CFLAGS $LDFLAGS -Wa,--noexecstack \
+ enable-ssl2
+
+ make && make build-shared
+}
+
+check() {
+ cd "$builddir"
+ make -j1 test
+}
+
+package() {
+ cd "$builddir"
+ make INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man MANSUFFIX=ssl install
+ # remove the script c_rehash
+ rm "$pkgdir"/usr/bin/c_rehash
+}
+
+libcrypto() {
+ pkgdesc="Crypto library from openssl"
+
+ mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
+ for i in "$pkgdir"/usr/lib/libcrypto*; do
+ mv $i "$subpkgdir"/lib/
+ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
+ done
+ mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/
+}
+
+libssl() {
+ pkgdesc="SSL shared libraries"
+
+ mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
+ for i in "$pkgdir"/usr/lib/libssl*; do
+ mv $i "$subpkgdir"/lib/
+ ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
+ done
+}
+
+dev() {
+ provides="libressl-dev=9999"
+ default_dev
+}
+
+sha512sums="144bf0d6aa27b4af01df0b7b734c39962649e1711554247d42e05e14d8945742b18745aefdba162e2dfc762b941fd7d3b2d5dc6a781ae4ba10a6f5a3cadb0687 openssl-1.0.2n.tar.gz
+2244f46cb18e6b98f075051dd2446c47f7590abccd108fbab707f168a20cad8d32220d704635973f09e3b2879f523be5160f1ffbc12ab3900f8a8891dc855c5c 0002-busybox-basename.patch
+58e42058a0c8086c49d681b1e226da39a8cf8cb88c51cf739dec2ff12e1bb5d7208ac5033264b186d58e9bdfe992fe9ddb95701d01caf1824396b2cefe30c0a4 0003-use-termios.patch
+c67472879a31b5dbdd313892df6d37e7c93e8c0237d406c30d50b1016c2618ead3c13277f5dc723ef1ceed092d36e3c15a9777daa844f59b9fa2b0a4f04fd9ae 0004-fix-default-ca-path-for-apps.patch
+5d4191482f8bbf62c75fe6bc2d9587388022c3310703c2a913788a983b1d1406e706cf3916a5792604f0b0f220a87432d3b82b442cea9915f2abb6fdd8478fcb 0005-fix-parallel-build.patch
+820d4ce1c222696fe3f1dd0d11815c06262ec230fdb174532fd507286667a0aefbf858ea5edac4245a54b950cd0556545ecd0c5cf494692a2ba131c667e7bcd5 0006-add-ircv3-tls-3.1-extension-support-to-s_client.patch
+17ad683bb91a3a3c5bcc456c8aed7f0b42414c6de06ebafa4753af93c42d9827c9978a43d4d53d741a45df7f7895c6f6163172af57cc7b391cfd15f45ce6c351 0008-maintain-abi-compat-with-no-freelist-and-regular-bui.patch
+5dbbc01985190ae1254350fb12565beb6abb916b6a7bb1f0f22d9762b1e575d124aaf9aa4cfe5f908e420978f691072d48c61a72660f09dfd6d9a2f83f862bc1 0009-no-rpath.patch
+5febe20948e3f12d981e378e1f4ea538711657aacb6865a1aa91339d4a04277e250f490a1f2abc2c6f290bdc2b1bffdba1d00983b4c09f7ea983eef8163f9420 0010-ssl-env-zlib.patch
+8c181760d7a149aa18d246d50f1c0438ffb63c98677b05306dfc00400ad0429b47d31e7c8d85126005c67f743d23e7a8a81174ffe98556f4caf9cf6b04d9ff17 1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch
+a3555440b5f544bfd6b9ad97557d8f4c1d673f6a35219f65056a72035d186be5f354717ddf9784899b602464d48657b090ade24379552d43af97609c0f48c389 1002-backport-changes-from-upstream-padlock-module.patch
+6353c7a94016c20db5d683dde37775f6780952ecdb1a5f39f878d04ba37f6ad79ae10fb6d65d181d912505a5d1e22463004cd855d548b364c00b120da2b0fdbc 1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch"
diff --git a/system/polkit/0001-Bug-50145-make-netgroup-support-optional.patch b/system/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
new file mode 100644
index 000000000..1498e831a
--- /dev/null
+++ b/system/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
@@ -0,0 +1,108 @@
+From 2428beec9189bb93e6e1fdd5bdde35acf5279a03 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Sun, 20 May 2012 15:42:56 +0200
+Subject: [PATCH] Bug 50145 - make netgroup support optional
+
+https://bugs.freedesktop.org/show_bug.cgi?id=50145
+
+netgroups are not defined in POSIX and are not be available on
+all systems.
+
+We check for getnetgrent in configure script.
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ configure.ac | 2 +-
+ src/polkitbackend/polkitbackendlocalauthority.c | 8 ++++++--
+ src/polkitbackend/polkitbackendlocalauthorizationstore.c | 3 ++-
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f325922..711aa7c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -141,7 +141,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv)
++AC_CHECK_FUNCS(clearenv getnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
+index b53eda3..f14e924 100644
+--- a/src/polkitbackend/polkitbackendlocalauthority.c
++++ b/src/polkitbackend/polkitbackendlocalauthority.c
+@@ -52,9 +52,10 @@
+
+ static GList *get_users_in_group (PolkitIdentity *group,
+ gboolean include_root);
+-
++#if defined HAVE_GETNETGRENT
+ static GList *get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root);
++#endif
+
+ static GList *get_groups_for_user (PolkitIdentity *user);
+
+@@ -511,10 +512,12 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti
+ {
+ ret = g_list_concat (ret, get_users_in_group (identity, FALSE));
+ }
++#if defined HAVE_GETNETGRENT
+ else if (POLKIT_IS_UNIX_NETGROUP (identity))
+ {
+ ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE));
+ }
++#endif
+ else
+ {
+ g_warning ("Unsupported identity %s", admin_identities[n]);
+@@ -690,6 +693,7 @@ get_users_in_group (PolkitIdentity *group,
+ return ret;
+ }
+
++#if defined HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root)
+@@ -741,7 +745,7 @@ get_users_in_net_group (PolkitIdentity *group,
+ endnetgrent ();
+ return ret;
+ }
+-
++#endif
+
+ static GList *
+ get_groups_for_user (PolkitIdentity *user)
+diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+index 2ddfe75..02553c4 100644
+--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
++++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+@@ -725,6 +725,7 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
+ break;
+ }
+
++#if defined HAVE_GETNETGRENT
+ /* if no identity specs matched and identity is a user, match against netgroups */
+ if (ll == NULL && POLKIT_IS_UNIX_USER (identity))
+ {
+@@ -732,13 +733,13 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
+ const gchar *user_name = polkit_unix_user_get_name (user_identity);
+ if (!user_name)
+ continue;
+-
+ for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next)
+ {
+ if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL))
+ break;
+ }
+ }
++#endif
+
+ if (ll == NULL)
+ continue;
+--
+1.7.10.2
+
diff --git a/system/polkit/APKBUILD b/system/polkit/APKBUILD
new file mode 100644
index 000000000..fdc37d634
--- /dev/null
+++ b/system/polkit/APKBUILD
@@ -0,0 +1,80 @@
+# Contributor: Carlo Landmeter
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=polkit
+pkgver=0.105
+pkgrel=8
+pkgdesc="Application development toolkit for controlling system-wide privileges"
+url="http://www.freedesktop.org/wiki/Software/polkit/"
+arch="all"
+license="LGPL"
+depends=
+options="suid"
+depends_dev="eggdbus-dev dbus-glib-dev linux-pam-dev"
+makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev
+ intltool autoconf automake libtool"
+install=
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
+ 0001-Bug-50145-make-netgroup-support-optional.patch
+ CVE-2013-4288.patch
+ CVE-2015-3218.patch
+ CVE-2015-3255.patch
+ CVE-2015-4625.patch
+ automake.patch
+ fix-parallel-make.patch
+ fix-consolekit-db-stat.patch
+ fix-test-fgetpwent.patch
+ disable-ck-test.patch
+"
+
+prepare() {
+ cd "$builddir"
+ update_config_sub
+ default_prepare
+ libtoolize --force && aclocal && autoconf && automake --add-missing
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --libexecdir=/usr/lib/polkit-1 \
+ --localstatedir=/var \
+ --disable-static \
+ --enable-nls \
+ --enable-introspection \
+ --with-os-type=alpine \
+ --with-pam-include=base-auth \
+ --disable-gtk-doc \
+ --disable-gtk-doc-html \
+ --disable-gtk-doc-pdf
+
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz
+09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch
+d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch
+625be61ca38267508bb360002c410414f7ca814487f4a51257906118731e208be0c90d21f45ac90fd9f64f2f5937fa1e312d6900179853fabbaaf5e75073c82c CVE-2015-3218.patch
+0b26b819da0b34f10ff8a768850560b3207a6e10a7141bd1aa4769c1cb2829eb110164974b99d993d4e3a62145ace0fc5375489f84d2b56fe08e3430e3232aa8 CVE-2015-3255.patch
+32ecc38db938fc1e3d14ffd9c492d12a42a91750e0eb1f66f8346d0cefd6e18fd0dffac8bffc65578cfb56c9598d3b336721477e8496de2619d6d69f1a6b309e CVE-2015-4625.patch
+25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch
+6b0d9262ba8b3c000acdcc8c86bd6fc043e5750a0155730638d4e3a92e63f43cb476d63b11856c041d60d8f38f7eb5ada0eb0eced9100bdac3bc2c7dd5108ddd fix-parallel-make.patch
+95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24 fix-consolekit-db-stat.patch
+966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch
+f73ab05ab5fdc90d3961fdcf88fa57eee8c90af4960b20d7ac845d2395c4cc20873ddc72bfd00fd127471336807faa705d0845444a0218343e74063e8f190980 disable-ck-test.patch"
diff --git a/system/polkit/CVE-2013-4288.patch b/system/polkit/CVE-2013-4288.patch
new file mode 100644
index 000000000..0ca8131e8
--- /dev/null
+++ b/system/polkit/CVE-2013-4288.patch
@@ -0,0 +1,123 @@
+From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Mon, 19 Aug 2013 12:16:11 -0400
+Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too
+
+The uid is a new addition; this allows callers such as libvirt to
+close a race condition in reading the uid of the process talking to
+them. They can read it via getsockopt(SO_PEERCRED) or equivalent,
+rather than having pkcheck look at /proc later after the fact.
+
+Programs which invoke pkcheck but need to know beforehand (i.e. at
+compile time) whether or not it supports passing the uid can
+use:
+
+pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+test x$pkcheck_supports_uid = xyes
+
+Conflicts:
+ docs/man/pkcheck.xml
+ src/programs/pkcheck.c
+---
+ data/polkit-gobject-1.pc.in | 3 +++
+ docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------
+ src/programs/pkcheck.c | 7 ++++++-
+ 3 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
+index c39677d..5c4c620 100644
+--- a/data/polkit-gobject-1.pc.in
++++ b/data/polkit-gobject-1.pc.in
+@@ -11,3 +11,6 @@ Version: @VERSION@
+ Libs: -L${libdir} -lpolkit-gobject-1
+ Cflags: -I${includedir}/polkit-1
+ Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
++# Programs using pkcheck can use this to determine
++# whether or not it can be passed a uid.
++pkcheck_supports_uid=true
+diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
+index 6b8a874..9f2faef 100644
+--- a/docs/man/pkcheck.xml
++++ b/docs/man/pkcheck.xml
+@@ -55,6 +55,9 @@
+ <arg choice="plain">
+ <replaceable>pid,pid-start-time</replaceable>
+ </arg>
++ <arg choice="plain">
++ <replaceable>pid,pid-start-time,uid</replaceable>
++ </arg>
+ </group>
+ </arg>
+ <arg choice="plain">
+@@ -90,7 +93,7 @@
+ <title>DESCRIPTION</title>
+ <para>
+ <command>pkcheck</command> is used to check whether a process, specified by
+- either <option>--process</option> or <option>--system-bus-name</option>,
++ either <option>--process</option> (see below) or <option>--system-bus-name</option>,
+ is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
+ option can be used zero or more times to pass details about <replaceable>action</replaceable>.
+ If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
+@@ -160,17 +163,23 @@ KEY3=VALUE3
+ <refsect1 id="pkcheck-notes">
+ <title>NOTES</title>
+ <para>
+- Since process identifiers can be recycled, the caller should always use
+- <replaceable>pid,pid-start-time</replaceable> to specify the process
+- to check for authorization when using the <option>--process</option> option.
+- The value of <replaceable>pid-start-time</replaceable>
+- can be determined by consulting e.g. the
+- <citerefentry>
+- <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum>
+- </citerefentry>
+- file system depending on the operating system. If only <replaceable>pid</replaceable>
+- is passed to the <option>--process</option> option, then <command>pkcheck</command>
+- will look up the start time itself but note that this may be racy.
++ Do not use either the bare <replaceable>pid</replaceable> or
++ <replaceable>pid,start-time</replaceable> syntax forms for
++ <option>--process</option>. There are race conditions in both.
++ New code should always use
++ <replaceable>pid,pid-start-time,uid</replaceable>. The value of
++ <replaceable>start-time</replaceable> can be determined by
++ consulting e.g. the
++ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
++ file system depending on the operating system. If fewer than 3
++ arguments are passed, <command>pkcheck</command> will attempt to
++ look up them up internally, but note that this may be racy.
++ </para>
++ <para>
++ If your program is a daemon with e.g. a custom Unix domain
++ socket, you should determine the <replaceable>uid</replaceable>
++ parameter via operating system mechanisms such as
++ <literal>PEERCRED</literal>.
+ </para>
+ </refsect1>
+
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 719a36c..057e926 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -372,6 +372,7 @@ main (int argc, char *argv[])
+ else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
+ {
+ gint pid;
++ guint uid;
+ guint64 pid_start_time;
+
+ n++;
+@@ -381,7 +382,11 @@ main (int argc, char *argv[])
+ goto out;
+ }
+
+- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
++ {
++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
++ }
++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+ {
+ subject = polkit_unix_process_new_full (pid, pid_start_time);
+ }
+--
+1.8.5.1
+
diff --git a/system/polkit/CVE-2015-3218.patch b/system/polkit/CVE-2015-3218.patch
new file mode 100644
index 000000000..977825102
--- /dev/null
+++ b/system/polkit/CVE-2015-3218.patch
@@ -0,0 +1,115 @@
+From 48e646918efb2bf0b3b505747655726d7869f31c Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Sat, 30 May 2015 09:06:23 -0400
+Subject: CVE-2015-3218: backend: Handle invalid object paths in
+ RegisterAuthenticationAgent
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Properly propagate the error, otherwise we dereference a `NULL`
+pointer. This is a local, authenticated DoS.
+
+`RegisterAuthenticationAgentWithOptions` and
+`UnregisterAuthentication` have been validated to not need changes for
+this.
+
+http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
+https://bugs.freedesktop.org/show_bug.cgi?id=90829
+
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Philip Withnall <philip@tecnocode.co.uk>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index f6ea0fc..587f954 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -1566,36 +1566,42 @@ authentication_agent_new (PolkitSubject *scope,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+- GVariant *registration_options)
++ GVariant *registration_options,
++ GError **error)
+ {
+ AuthenticationAgent *agent;
+- GError *error;
++ GDBusProxy *proxy;
+
+- agent = g_new0 (AuthenticationAgent, 1);
++ if (!g_variant_is_object_path (object_path))
++ {
++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
++ "Invalid object path '%s'", object_path);
++ return NULL;
++ }
++
++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
++ NULL, /* GDBusInterfaceInfo* */
++ unique_system_bus_name,
++ object_path,
++ "org.freedesktop.PolicyKit1.AuthenticationAgent",
++ NULL, /* GCancellable* */
++ error);
++ if (proxy == NULL)
++ {
++ g_prefix_error (error, "Failed to construct proxy for agent: " );
++ return NULL;
++ }
+
++ agent = g_new0 (AuthenticationAgent, 1);
+ agent->ref_count = 1;
+ agent->scope = g_object_ref (scope);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+ agent->locale = g_strdup (locale);
+ agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+-
+- error = NULL;
+- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
+- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
+- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
+- NULL, /* GDBusInterfaceInfo* */
+- agent->unique_system_bus_name,
+- agent->object_path,
+- "org.freedesktop.PolicyKit1.AuthenticationAgent",
+- NULL, /* GCancellable* */
+- &error);
+- if (agent->proxy == NULL)
+- {
+- g_warning ("Error constructing proxy for agent: %s", error->message);
+- g_error_free (error);
+- /* TODO: Make authentication_agent_new() return NULL and set a GError */
+- }
++ agent->proxy = proxy;
+
+ return agent;
+ }
+@@ -2398,8 +2404,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ caller_cmdline = NULL;
+ agent = NULL;
+
+- /* TODO: validate that object path is well-formed */
+-
+ interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
+ priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
+
+@@ -2486,7 +2490,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+- options);
++ options,
++ error);
++ if (!agent)
++ goto out;
+
+ g_hash_table_insert (priv->hash_scope_to_authentication_agent,
+ g_object_ref (subject),
+--
+cgit v0.10.2
+
diff --git a/system/polkit/CVE-2015-3255.patch b/system/polkit/CVE-2015-3255.patch
new file mode 100644
index 000000000..1bd7c6bcf
--- /dev/null
+++ b/system/polkit/CVE-2015-3255.patch
@@ -0,0 +1,67 @@
+From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
+Date: Wed, 1 Apr 2015 05:22:37 +0200
+Subject: CVE-2015-3255 Fix GHashTable usage.
+
+Don't assume that the hash table with free both the key and the value
+at the same time, supply proper deallocation functions for the key
+and value separately.
+
+Then drop ParsedAction::action_id which is no longer used for anything.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=69501
+and
+https://bugs.freedesktop.org/show_bug.cgi?id=83590
+
+CVE: CVE-2015-3255
+
+diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
+index bc14381..3894fe9 100644
+--- a/src/polkitbackend/polkitbackendactionpool.c
++++ b/src/polkitbackend/polkitbackendactionpool.c
+@@ -40,7 +40,6 @@
+
+ typedef struct
+ {
+- gchar *action_id;
+ gchar *vendor_name;
+ gchar *vendor_url;
+ gchar *icon_name;
+@@ -62,7 +61,6 @@ typedef struct
+ static void
+ parsed_action_free (ParsedAction *action)
+ {
+- g_free (action->action_id);
+ g_free (action->vendor_name);
+ g_free (action->vendor_url);
+ g_free (action->icon_name);
+@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool)
+
+ priv->parsed_actions = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+- NULL,
++ g_free,
+ (GDestroyNotify) parsed_action_free);
+
+ priv->parsed_files = g_hash_table_new_full (g_str_hash,
+@@ -988,7 +986,6 @@ _end (void *data, const char *el)
+ icon_name = pd->global_icon_name;
+
+ action = g_new0 (ParsedAction, 1);
+- action->action_id = g_strdup (pd->action_id);
+ action->vendor_name = g_strdup (vendor);
+ action->vendor_url = g_strdup (vendor_url);
+ action->icon_name = g_strdup (icon_name);
+@@ -1003,7 +1000,8 @@ _end (void *data, const char *el)
+ action->implicit_authorization_inactive = pd->implicit_authorization_inactive;
+ action->implicit_authorization_active = pd->implicit_authorization_active;
+
+- g_hash_table_insert (priv->parsed_actions, action->action_id, action);
++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id),
++ action);
+
+ /* we steal these hash tables */
+ pd->annotations = NULL;
+--
+cgit v0.10.2
+
diff --git a/system/polkit/CVE-2015-4625.patch b/system/polkit/CVE-2015-4625.patch
new file mode 100644
index 000000000..4a43fb433
--- /dev/null
+++ b/system/polkit/CVE-2015-4625.patch
@@ -0,0 +1,1008 @@
+From ea544ffc18405237ccd95d28d7f45afef49aca17 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Thu, 4 Jun 2015 12:15:18 -0400
+Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Tavis noted that it'd be possible with a 32 bit counter for someone to
+cause the cookie to wrap by creating Authentication requests in a
+loop.
+
+Something important to note here is that wrapping of signed integers
+is undefined behavior in C, so we definitely want to fix that. All
+counter integers used in this patch are unsigned.
+
+See the comment above `authentication_agent_generate_cookie` for
+details, but basically we're now using a cookie of the form:
+
+```
+ <agent serial> - <agent random id> - <session serial> - <session
+random id>
+```
+
+Which has multiple 64 bit counters, plus unpredictable random 128 bit
+integer ids (effectively UUIDs, but we're not calling them that
+because we don't need to be globally unique.
+
+We further ensure that the cookies are not visible to other processes
+by changing the setuid helper to accept them over standard input. This
+means that an attacker would have to guess both ids.
+
+In any case, the security hole here is better fixed with the other
+change to bind user id (uid) of the agent with cookie lookups, making
+cookie guessing worthless.
+
+Nevertheless, I think it's worth doing this change too, for defense in
+depth.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832
+CVE: CVE-2015-4625
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c
+index 937386e..19062aa 100644
+--- a/src/polkitagent/polkitagenthelper-pam.c
++++ b/src/polkitagent/polkitagenthelper-pam.c
+@@ -65,7 +65,7 @@ main (int argc, char *argv[])
+ {
+ int rc;
+ const char *user_to_auth;
+- const char *cookie;
++ char *cookie = NULL;
+ struct pam_conv pam_conversation;
+ pam_handle_t *pam_h;
+ const void *authed_user;
+@@ -97,7 +97,7 @@ main (int argc, char *argv[])
+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+- if (argc != 3)
++ if (!(argc == 2 || argc == 3))
+ {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -105,7 +105,10 @@ main (int argc, char *argv[])
+ }
+
+ user_to_auth = argv[1];
+- cookie = argv[2];
++
++ cookie = read_cookie (argc, argv);
++ if (!cookie)
++ goto error;
+
+ if (getuid () != 0)
+ {
+@@ -203,6 +206,8 @@ main (int argc, char *argv[])
+ goto error;
+ }
+
++ free (cookie);
++
+ #ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -212,6 +217,7 @@ main (int argc, char *argv[])
+ return 0;
+
+ error:
++ free (cookie);
+ if (pam_h != NULL)
+ pam_end (pam_h, rc);
+
+diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c
+index a4f73ac..e877915 100644
+--- a/src/polkitagent/polkitagenthelper-shadow.c
++++ b/src/polkitagent/polkitagenthelper-shadow.c
+@@ -46,7 +46,7 @@ main (int argc, char *argv[])
+ {
+ struct spwd *shadow;
+ const char *user_to_auth;
+- const char *cookie;
++ char *cookie = NULL;
+ time_t now;
+
+ /* clear the entire environment to avoid attacks with
+@@ -67,7 +67,7 @@ main (int argc, char *argv[])
+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+- if (argc != 3)
++ if (!(argc == 2 || argc == 3))
+ {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -86,7 +86,10 @@ main (int argc, char *argv[])
+ }
+
+ user_to_auth = argv[1];
+- cookie = argv[2];
++
++ cookie = read_cookie (argc, argv);
++ if (!cookie)
++ goto error;
+
+ #ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
+@@ -153,6 +156,8 @@ main (int argc, char *argv[])
+ goto error;
+ }
+
++ free (cookie);
++
+ #ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -162,6 +167,7 @@ main (int argc, char *argv[])
+ return 0;
+
+ error:
++ free (cookie);
+ fprintf (stdout, "FAILURE\n");
+ flush_and_wait ();
+ return 1;
+diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
+index cfa77fc..e23f9f5 100644
+--- a/src/polkitagent/polkitagenthelperprivate.c
++++ b/src/polkitagent/polkitagenthelperprivate.c
+@@ -23,6 +23,7 @@
+ #include "config.h"
+ #include "polkitagenthelperprivate.h"
+ #include <stdio.h>
++#include <string.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+
+@@ -45,6 +46,38 @@ _polkit_clearenv (void)
+ #endif
+
+
++char *
++read_cookie (int argc, char **argv)
++{
++ /* As part of CVE-2015-4625, we started passing the cookie
++ * on standard input, to ensure it's not visible to other
++ * processes. However, to ensure that things continue
++ * to work if the setuid binary is upgraded while old
++ * agents are still running (this will be common with
++ * package managers), we support both modes.
++ */
++ if (argc == 3)
++ return strdup (argv[2]);
++ else
++ {
++ char *ret = NULL;
++ size_t n = 0;
++ ssize_t r = getline (&ret, &n, stdin);
++ if (r == -1)
++ {
++ if (!feof (stdin))
++ perror ("getline");
++ free (ret);
++ return NULL;
++ }
++ else
++ {
++ g_strchomp (ret);
++ return ret;
++ }
++ }
++}
++
+ gboolean
+ send_dbus_message (const char *cookie, const char *user)
+ {
+diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h
+index aeca2c7..547fdcc 100644
+--- a/src/polkitagent/polkitagenthelperprivate.h
++++ b/src/polkitagent/polkitagenthelperprivate.h
+@@ -38,6 +38,8 @@
+
+ int _polkit_clearenv (void);
+
++char *read_cookie (int argc, char **argv);
++
+ gboolean send_dbus_message (const char *cookie, const char *user);
+
+ void flush_and_wait ();
+diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c
+index f014773..8b93ad0 100644
+--- a/src/polkitagent/polkitagentsession.c
++++ b/src/polkitagent/polkitagentsession.c
+@@ -55,6 +55,7 @@
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
++#include <gio/gunixoutputstream.h>
+ #include <pwd.h>
+
+ #include "polkitagentmarshal.h"
+@@ -88,7 +89,7 @@ struct _PolkitAgentSession
+ gchar *cookie;
+ PolkitIdentity *identity;
+
+- int child_stdin;
++ GOutputStream *child_stdin;
+ int child_stdout;
+ GPid child_pid;
+
+@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT);
+ static void
+ polkit_agent_session_init (PolkitAgentSession *session)
+ {
+- session->child_stdin = -1;
+ session->child_stdout = -1;
+ }
+
+@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session)
+ session->child_stdout = -1;
+ }
+
+- if (session->child_stdin != -1)
+- {
+- g_warn_if_fail (close (session->child_stdin) == 0);
+- session->child_stdin = -1;
+- }
++ g_clear_object (&session->child_stdin);
+
+ session->helper_is_running = FALSE;
+
+@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session,
+
+ add_newline = (response[response_len] != '\n');
+
+- write (session->child_stdin, response, response_len);
++ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL);
+ if (add_newline)
+- write (session->child_stdin, newline, 1);
++ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL);
+ }
+
+ /**
+@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ {
+ uid_t uid;
+ GError *error;
+- gchar *helper_argv[4];
++ gchar *helper_argv[3];
+ struct passwd *passwd;
++ int stdin_fd = -1;
+
+ g_return_if_fail (POLKIT_AGENT_IS_SESSION (session));
+
+@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+
+ helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
+ helper_argv[1] = passwd->pw_name;
+- helper_argv[2] = session->cookie;
+- helper_argv[3] = NULL;
++ helper_argv[2] = NULL;
+
+- session->child_stdin = -1;
+ session->child_stdout = -1;
+
+ error = NULL;
+@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ NULL,
+ NULL,
+ &session->child_pid,
+- &session->child_stdin,
++ &stdin_fd,
+ &session->child_stdout,
+ NULL,
+ &error))
+@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ if (G_UNLIKELY (_show_debug ()))
+ g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid);
+
++ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE);
++
++ /* Write the cookie on stdin so it can't be seen by other processes */
++ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie),
++ NULL, NULL, NULL);
++ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL);
++
+ session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout);
+ session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel,
+ G_IO_IN | G_IO_ERR | G_IO_HUP);
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 3f339e9..15adc6a 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -214,6 +214,8 @@ typedef struct
+
+ GDBusConnection *system_bus_connection;
+ guint name_owner_changed_signal_id;
++
++ guint64 agent_serial;
+ } PolkitBackendInteractiveAuthorityPrivate;
+
+ /* ---------------------------------------------------------------------------------------------------- */
+@@ -439,11 +441,15 @@ struct AuthenticationAgent
+ volatile gint ref_count;
+
+ PolkitSubject *scope;
++ guint64 serial;
+
+ gchar *locale;
+ GVariant *registration_options;
+ gchar *object_path;
+ gchar *unique_system_bus_name;
++ GRand *cookie_pool;
++ gchar *cookie_prefix;
++ guint64 cookie_serial;
+
+ GDBusProxy *proxy;
+
+@@ -1427,9 +1433,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable,
+ authentication_session_cancel (session);
+ }
+
++/* We're not calling this a UUID, but it's basically
++ * the same thing, just not formatted that way because:
++ *
++ * - I'm too lazy to do it
++ * - If we did, people might think it was actually
++ * generated from /dev/random, which we're not doing
++ * because this value doesn't actually need to be
++ * globally unique.
++ */
++static void
++append_rand_u128_str (GString *buf,
++ GRand *pool)
++{
++ g_string_append_printf (buf, "%08x%08x%08x%08x",
++ g_rand_int (pool),
++ g_rand_int (pool),
++ g_rand_int (pool),
++ g_rand_int (pool));
++}
++
++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession)
++ * pair, and not guessable by other agents.
++ *
++ * <agent serial> - <agent uuid> - <session serial> - <session uuid>
++ *
++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
++ *
++ */
++static gchar *
++authentication_agent_generate_cookie (AuthenticationAgent *agent)
++{
++ GString *buf = g_string_new ("");
++
++ g_string_append (buf, agent->cookie_prefix);
++
++ g_string_append_c (buf, '-');
++ agent->cookie_serial++;
++ g_string_append_printf (buf, "%" G_GUINT64_FORMAT,
++ agent->cookie_serial);
++ g_string_append_c (buf, '-');
++ append_rand_u128_str (buf, agent->cookie_pool);
++
++ return g_string_free (buf, FALSE);
++}
++
++
+ static AuthenticationSession *
+ authentication_session_new (AuthenticationAgent *agent,
+- const gchar *cookie,
+ PolkitSubject *subject,
+ PolkitIdentity *user_of_subject,
+ PolkitSubject *caller,
+@@ -1447,7 +1498,7 @@ authentication_session_new (AuthenticationAgent *agent,
+
+ session = g_new0 (AuthenticationSession, 1);
+ session->agent = authentication_agent_ref (agent);
+- session->cookie = g_strdup (cookie);
++ session->cookie = authentication_agent_generate_cookie (agent);
+ session->subject = g_object_ref (subject);
+ session->user_of_subject = g_object_ref (user_of_subject);
+ session->caller = g_object_ref (caller);
+@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session)
+ g_free (session);
+ }
+
+-static gchar *
+-authentication_agent_new_cookie (AuthenticationAgent *agent)
+-{
+- static gint counter = 0;
+-
+- /* TODO: use a more random-looking cookie */
+-
+- return g_strdup_printf ("cookie%d", counter++);
+-}
+-
+ static PolkitSubject *
+ authentication_agent_get_scope (AuthenticationAgent *agent)
+ {
+@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent)
+ g_free (agent->unique_system_bus_name);
+ if (agent->registration_options != NULL)
+ g_variant_unref (agent->registration_options);
++ g_rand_free (agent->cookie_pool);
++ g_free (agent->cookie_prefix);
+ g_free (agent);
+ }
+ }
+
+ static AuthenticationAgent *
+-authentication_agent_new (PolkitSubject *scope,
++authentication_agent_new (guint64 serial,
++ PolkitSubject *scope,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope,
+
+ agent = g_new0 (AuthenticationAgent, 1);
+ agent->ref_count = 1;
++ agent->serial = serial;
+ agent->scope = g_object_ref (scope);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope,
+ agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+ agent->proxy = proxy;
+
++ {
++ GString *cookie_prefix = g_string_new ("");
++ GRand *agent_private_rand = g_rand_new ();
++
++ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial);
++
++ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent,
++ * whose sequence will not correlate with the per-authentication session
++ * cookies.
++ */
++ append_rand_u128_str (cookie_prefix, agent_private_rand);
++ g_rand_free (agent_private_rand);
++
++ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE);
++
++ /* And a newly seeded pool for per-session cookies */
++ agent->cookie_pool = g_rand_new ();
++ }
++
+ return agent;
+ }
+
+@@ -2193,7 +2257,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ {
+ PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
+ AuthenticationSession *session;
+- gchar *cookie;
+ GList *l;
+ GList *identities;
+ gchar *localized_message;
+@@ -2215,8 +2278,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ &localized_icon_name,
+ &localized_details);
+
+- cookie = authentication_agent_new_cookie (agent);
+-
+ identities = NULL;
+
+ /* select admin user if required by the implicit authorization */
+@@ -2279,7 +2340,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ user_identities = g_list_prepend (NULL, polkit_unix_user_new (0));
+
+ session = authentication_session_new (agent,
+- cookie,
+ subject,
+ user_of_subject,
+ caller,
+@@ -2335,7 +2395,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ g_list_free_full (user_identities, g_object_unref);
+ g_list_foreach (identities, (GFunc) g_object_unref, NULL);
+ g_list_free (identities);
+- g_free (cookie);
+
+ g_free (localized_message);
+ g_free (localized_icon_name);
+@@ -2482,7 +2541,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ goto out;
+ }
+
+- agent = authentication_agent_new (subject,
++ priv->agent_serial++;
++ agent = authentication_agent_new (priv->agent_serial,
++ subject,
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+--
+cgit v0.10.2
+
+From 493aa5dc1d278ab9097110c1262f5229bbaf1766 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Wed, 17 Jun 2015 13:07:02 -0400
+Subject: CVE-2015-4625: Bind use of cookies to specific uids
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
+
+The "cookie" value that Polkit hands out is global to all polkit
+users. And when `AuthenticationAgentResponse` is invoked, we
+previously only received the cookie and *target* identity, and
+attempted to find an agent from that.
+
+The problem is that the current cookie is just an integer
+counter, and if it overflowed, it would be possible for
+an successful authorization in one session to trigger a response
+in another session.
+
+The overflow and ability to guess the cookie were fixed by the
+previous patch.
+
+This patch is conceptually further hardening on top of that. Polkit
+currently treats uids as equivalent from a security domain
+perspective; there is no support for
+SELinux/AppArmor/etc. differentiation.
+
+We can retrieve the uid from `getuid()` in the setuid helper, which
+allows us to ensure the uid invoking `AuthenticationAgentResponse2`
+matches that of the agent.
+
+Then the authority only looks at authentication sessions matching the
+cookie that were created by a matching uid, thus removing the ability
+for different uids to interfere with each other entirely.
+
+Several fixes to this patch were contributed by:
+Miloslav Trmač <mitr@redhat.com>
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837
+CVE: CVE-2015-4625
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+index 3b519c2..5beef7d 100644
+--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+@@ -8,7 +8,19 @@
+ <annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/>
+
+ <method name="BeginAuthentication">
+- <annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/>
++ <annotation name="org.gtk.EggDBus.DocString" value="<para>Called
++ by the PolicyKit daemon when the authentication agent needs the
++ user to authenticate as one of the identities in @identities for
++ the action with the identifier @action_id.</para><para>This
++ authentication is normally achieved via the
++ polkit_agent_session_response() API, which invokes a private
++ setuid helper process to verify the authentication. When
++ successful, it calls the
++ org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2()
++ method on the #org.freedesktop.PolicyKit1.Authority interface of
++ the PolicyKit daemon before returning. If the user dismisses the
++ authentication dialog, the authentication agent should call
++ polkit_agent_session_cancel().</para>"/>
+
+ <arg name="action_id" direction="in" type="s">
+ <annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/>
+diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
+index fbfb9cd..f9021ee 100644
+--- a/data/org.freedesktop.PolicyKit1.Authority.xml
++++ b/data/org.freedesktop.PolicyKit1.Authority.xml
+@@ -313,7 +313,29 @@
+ </method>
+
+ <method name="AuthenticationAgentResponse">
+- <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/>
++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit."/>
++
++ <arg name="cookie" direction="in" type="s">
++ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
++ </arg>
++
++ <arg name="identity" direction="in" type="(sa{sv})">
++ <annotation name="org.gtk.EggDBus.Type" value="Identity"/>
++ <annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/>
++ </arg>
++ </method>
++
++ <method name="AuthenticationAgentResponse2">
++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit. Note this method was added in 0.114, and should be preferred over AuthenticationAgentResponse
++as it fixes a security issue."/>
++
++ <arg name="uid" direction="in" type="u">
++ <annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent. Normally set by the setuid helper program."/>
++ </arg>
+
+ <arg name="cookie" direction="in" type="s">
+ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
+diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+index 6525e25..e66bf53 100644
+--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+@@ -42,6 +42,8 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth
+ IN String object_path)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link> (IN String cookie,
+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
++<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse2</link> (IN uint32 uid, IN String cookie,
++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject,
+ OUT Array&lt;<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>&gt; temporary_authorizations)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject)
+@@ -777,10 +779,52 @@ AuthenticationAgentResponse (IN String cookie,
+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
+ </programlisting>
+ <para>
+-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it.
++Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit. Deprecated in favor of AuthenticationAgentResponse2.
++ </para>
++<variablelist role="params">
++ <varlistentry>
++ <term><literal>IN String <parameter>cookie</parameter></literal>:</term>
++ <listitem>
++ <para>
++The cookie identifying the authentication request that was passed to the authentication agent.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal>IN <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term>
++ <listitem>
++ <para>
++A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated.
++ </para>
++ </listitem>
++ </varlistentry>
++</variablelist>
++ </refsect2>
++ <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">
++ <title>AuthenticationAgentResponse2 ()</title>
++ <programlisting>
++AuthenticationAgentResponse2 (IN uint32 uid,
++ IN String cookie,
++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
++ </programlisting>
++ <para>
++Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit. Note this method was introduced in 0.114 to fix a security issue.
+ </para>
+ <variablelist role="params">
+ <varlistentry>
++ <term><literal>IN uint32 <parameter>uid</parameter></literal>:</term>
++ <listitem>
++ <para>
++The user id of the agent; normally this is the owner of the parent pid
++of the process that invoked the internal setuid helper.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
+ <term><literal>IN String <parameter>cookie</parameter></literal>:</term>
+ <listitem>
+ <para>
+diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml
+index 150a7bc..176d2ea 100644
+--- a/docs/polkit/overview.xml
++++ b/docs/polkit/overview.xml
+@@ -314,16 +314,18 @@
+ <para>
+ Authentication agents are provided by desktop environments. When
+ an user session starts, the agent registers with the polkit
+- Authority using
+- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
++ Authority using the <link
++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
+ method. When services are needed, the authority will invoke
+- methods on
+- the <link linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
++ methods on the <link
++ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
+ D-Bus interface. Once the user is authenticated, (a privileged
+- part of) the agent invokes
+- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
+- method. Note that the polkit Authority itself does not care
+- how the agent authenticates the user.
++ part of) the agent invokes the <link
++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
++ method. This method should be treated as an internal
++ implementation detail, and callers should use the public shared
++ library API to invoke it, which currently uses a setuid helper
++ program.
+ </para>
+ <para>
+ The <link linkend="ref-authentication-agent-api">libpolkit-agent-1</link>
+diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
+index ab6d3cd..6bd684a 100644
+--- a/src/polkit/polkitauthority.c
++++ b/src/polkit/polkitauthority.c
+@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
+ gpointer user_data)
+ {
+ GVariant *identity_value;
++ /* Note that in reality, this API is only accessible to root, and
++ * only called from the setuid helper `polkit-agent-helper-1`.
++ *
++ * However, because this is currently public API, we avoid
++ * triggering warnings from ABI diff type programs by just grabbing
++ * the real uid of the caller here.
++ */
++ uid_t uid = getuid ();
+
+ g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
+ g_return_if_fail (cookie != NULL);
+@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
+ identity_value = polkit_identity_to_gvariant (identity);
+ g_variant_ref_sink (identity_value);
+ g_dbus_proxy_call (authority->proxy,
+- "AuthenticationAgentResponse",
+- g_variant_new ("(s@(sa{sv}))",
++ "AuthenticationAgentResponse2",
++ g_variant_new ("(us@(sa{sv}))",
++ (guint32)uid,
+ cookie,
+ identity_value),
+ G_DBUS_CALL_FLAGS_NONE,
+diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
+index 601a974..03a4e84 100644
+--- a/src/polkitbackend/polkitbackendauthority.c
++++ b/src/polkitbackend/polkitbackendauthority.c
+@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority
+ gboolean
+ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error)
+@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority
+ }
+ else
+ {
+- return klass->authentication_agent_response (authority, caller, cookie, identity, error);
++ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error);
+ }
+ }
+
+@@ -587,6 +588,11 @@ static const gchar *server_introspection_data =
+ " <arg type='s' name='cookie' direction='in'/>"
+ " <arg type='(sa{sv})' name='identity' direction='in'/>"
+ " </method>"
++ " <method name='AuthenticationAgentResponse2'>"
++ " <arg type='u' name='uid' direction='in'/>"
++ " <arg type='s' name='cookie' direction='in'/>"
++ " <arg type='(sa{sv})' name='identity' direction='in'/>"
++ " </method>"
+ " <method name='EnumerateTemporaryAuthorizations'>"
+ " <arg type='(sa{sv})' name='subject' direction='in'/>"
+ " <arg type='a(ss(sa{sv})tt)' name='temporary_authorizations' direction='out'/>"
+@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server,
+ error = NULL;
+ if (!polkit_backend_authority_authentication_agent_response (server->authority,
+ caller,
++ (uid_t)-1,
++ cookie,
++ identity,
++ &error))
++ {
++ g_dbus_method_invocation_return_gerror (invocation, error);
++ g_error_free (error);
++ goto out;
++ }
++
++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
++
++ out:
++ if (identity != NULL)
++ g_object_unref (identity);
++}
++
++static void
++server_handle_authentication_agent_response2 (Server *server,
++ GVariant *parameters,
++ PolkitSubject *caller,
++ GDBusMethodInvocation *invocation)
++{
++ const gchar *cookie;
++ GVariant *identity_gvariant;
++ PolkitIdentity *identity;
++ GError *error;
++ guint32 uid;
++
++ identity = NULL;
++
++ g_variant_get (parameters,
++ "(u&s@(sa{sv}))",
++ &uid,
++ &cookie,
++ &identity_gvariant);
++
++ error = NULL;
++ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error);
++ if (identity == NULL)
++ {
++ g_prefix_error (&error, "Error getting identity: ");
++ g_dbus_method_invocation_return_gerror (invocation, error);
++ g_error_free (error);
++ goto out;
++ }
++
++ error = NULL;
++ if (!polkit_backend_authority_authentication_agent_response (server->authority,
++ caller,
++ (uid_t)uid,
+ cookie,
+ identity,
+ &error))
+@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection,
+ server_handle_unregister_authentication_agent (server, parameters, caller, invocation);
+ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0)
+ server_handle_authentication_agent_response (server, parameters, caller, invocation);
++ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0)
++ server_handle_authentication_agent_response2 (server, parameters, caller, invocation);
+ else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0)
+ server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation);
+ else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0)
+diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h
+index f9f7385..88df82e 100644
+--- a/src/polkitbackend/polkitbackendauthority.h
++++ b/src/polkitbackend/polkitbackendauthority.h
+@@ -147,6 +147,7 @@ struct _PolkitBackendAuthorityClass
+
+ gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error);
+@@ -249,6 +250,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend
+
+ gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error);
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 15adc6a..96725f7 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -108,8 +108,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI
+ PolkitSubject *subject);
+
+
+-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
+- const gchar *cookie);
++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
++ uid_t uid,
++ const gchar *cookie);
+
+ static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority,
+ const gchar *system_bus_unique_name);
+@@ -169,6 +170,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a
+
+ static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error);
+@@ -440,6 +442,7 @@ struct AuthenticationAgent
+ {
+ volatile gint ref_count;
+
++ uid_t creator_uid;
+ PolkitSubject *scope;
+ guint64 serial;
+
+@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent)
+ static AuthenticationAgent *
+ authentication_agent_new (guint64 serial,
+ PolkitSubject *scope,
++ PolkitIdentity *creator,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial,
+ {
+ AuthenticationAgent *agent;
+ GDBusProxy *proxy;
++ PolkitUnixUser *creator_user;
++
++ g_assert (POLKIT_IS_UNIX_USER (creator));
++ creator_user = POLKIT_UNIX_USER (creator);
+
+ if (!g_variant_is_object_path (object_path))
+ {
+@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial,
+ agent->ref_count = 1;
+ agent->serial = serial;
+ agent->scope = g_object_ref (scope);
++ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+ agent->locale = g_strdup (locale);
+@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori
+ }
+
+ static AuthenticationSession *
+-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
+- const gchar *cookie)
++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
++ uid_t uid,
++ const gchar *cookie)
+ {
+ PolkitBackendInteractiveAuthorityPrivate *priv;
+ GHashTableIter hash_iter;
+@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author
+ {
+ GList *l;
+
++ /* We need to ensure that if somehow we have duplicate cookies
++ * due to wrapping, that the cookie used is matched to the user
++ * who called AuthenticationAgentResponse2. See
++ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
++ *
++ * Except if the legacy AuthenticationAgentResponse is invoked,
++ * we don't know the uid and hence use -1. Continue to support
++ * the old behavior for backwards compatibility, although everyone
++ * who is using our own setuid helper will automatically be updated
++ * to the new API.
++ */
++ if (uid != (uid_t)-1)
++ {
++ if (agent->creator_uid != uid)
++ continue;
++ }
++
+ for (l = agent->active_sessions; l != NULL; l = l->next)
+ {
+ AuthenticationSession *session = l->data;
+@@ -2544,6 +2571,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ priv->agent_serial++;
+ agent = authentication_agent_new (priv->agent_serial,
+ subject,
++ user_of_caller,
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+@@ -2757,6 +2785,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
+ static gboolean
+ polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error)
+@@ -2799,7 +2828,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken
+ }
+
+ /* find the authentication session */
+- session = get_authentication_session_for_cookie (interactive_authority, cookie);
++ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie);
+ if (session == NULL)
+ {
+ g_set_error (error,
+--
+cgit v0.10.2
+
+--- ./configure.ac.orig
++++ ./configure.ac
+@@ -122,7 +122,7 @@
+ changequote([,])dnl
+ fi
+
+-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0])
++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 gio-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
diff --git a/system/polkit/automake.patch b/system/polkit/automake.patch
new file mode 100644
index 000000000..0f6825a26
--- /dev/null
+++ b/system/polkit/automake.patch
@@ -0,0 +1,19 @@
+--- ./configure.ac.orig 2012-12-31 21:39:08.969445979 +0000
++++ ./configure.ac 2012-12-31 21:39:30.136285425 +0000
+@@ -3,7 +3,7 @@
+ AC_PREREQ(2.59c)
+ AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel)
+ AM_INIT_AUTOMAKE(polkit, 0.105)
+-AM_CONFIG_HEADER(config.h)
++AC_CONFIG_HEADER(config.h)
+ AM_MAINTAINER_MODE
+
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+@@ -24,7 +24,6 @@
+
+ AC_ISC_POSIX
+ AC_PROG_CC
+-AM_PROG_CC_STDC
+ AC_HEADER_STDC
+ AM_PROG_LIBTOOL
+ AC_PROG_MAKE_SET
diff --git a/system/polkit/disable-ck-test.patch b/system/polkit/disable-ck-test.patch
new file mode 100644
index 000000000..e1987d40d
--- /dev/null
+++ b/system/polkit/disable-ck-test.patch
@@ -0,0 +1,15 @@
+This test requires ConsoleKit to be running.
+
+--- polkit-0.105/test/polkitbackend/Makefile.am.old 2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/polkitbackend/Makefile.am 2017-09-27 20:48:42.479959296 -0500
+@@ -36,8 +36,8 @@
+ TEST_PROGS += polkitbackendlocalauthorizationstoretest
+ polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c
+
+-TEST_PROGS += polkitbackendlocalauthoritytest
+-polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
++#TEST_PROGS += polkitbackendlocalauthoritytest
++#polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
+
+ # ----------------------------------------------------------------------------------------------------
+
diff --git a/system/polkit/fix-consolekit-db-stat.patch b/system/polkit/fix-consolekit-db-stat.patch
new file mode 100644
index 000000000..3deceb639
--- /dev/null
+++ b/system/polkit/fix-consolekit-db-stat.patch
@@ -0,0 +1,30 @@
+--- polkit-0.105.orig/src/polkitbackend/polkitbackendsessionmonitor.c 2012-04-24 19:05:34.000000000 +0300
++++ polkit-0.105/src/polkitbackend/polkitbackendsessionmonitor.c 2015-08-17 14:50:51.428580856 +0300
+@@ -47,7 +47,7 @@ struct _PolkitBackendSessionMonitor
+
+ GKeyFile *database;
+ GFileMonitor *database_monitor;
+- time_t database_mtime;
++ struct timespec database_mtim;
+ };
+
+ struct _PolkitBackendSessionMonitorClass
+@@ -95,7 +95,7 @@ reload_database (PolkitBackendSessionMon
+ goto out;
+ }
+
+- monitor->database_mtime = statbuf.st_mtime;
++ monitor->database_mtim = statbuf.st_mtim;
+
+ monitor->database = g_key_file_new ();
+ if (!g_key_file_load_from_file (monitor->database,
+@@ -131,7 +131,8 @@ ensure_database (PolkitBackendSessionMon
+ strerror (errno));
+ goto out;
+ }
+- if (statbuf.st_mtime == monitor->database_mtime)
++ if (statbuf.st_mtim.tv_sec == monitor->database_mtim.tv_sec &&
++ statbuf.st_mtim.tv_nsec == monitor->database_mtim.tv_nsec)
+ {
+ ret = TRUE;
+ goto out;
diff --git a/system/polkit/fix-parallel-make.patch b/system/polkit/fix-parallel-make.patch
new file mode 100644
index 000000000..b693a34dd
--- /dev/null
+++ b/system/polkit/fix-parallel-make.patch
@@ -0,0 +1,40 @@
+From 7bd30764a5230684c7c979a08a83dfa6e327f719 Mon Sep 17 00:00:00 2001
+From: Ryan Lortie <desrt@velocity.(none)>
+Date: Tue, 13 Nov 2012 16:50:14 +0000
+Subject: build: Fix .gir generation for parallel make
+
+As per the intructions in the introspection Makefile, we should have a
+line declaring a dependency between the .gir and .la files.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=57077
+
+Signed-off-by: David Zeuthen <zeuthen@gmail.com>
+---
+diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
+index 39d6d84..d648d29 100644
+--- a/src/polkit/Makefile.am
++++ b/src/polkit/Makefile.am
+@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION
+
+ INTROSPECTION_GIRS = Polkit-1.0.gir
+
++Polkit-1.0.gir: libpolkit-gobject-1.la
++
+ girdir = $(INTROSPECTION_GIRDIR)
+ gir_DATA = Polkit-1.0.gir
+
+diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
+index 1cfb73c..5b7d4c7 100644
+--- a/src/polkitagent/Makefile.am
++++ b/src/polkitagent/Makefile.am
+@@ -108,6 +108,8 @@ if HAVE_INTROSPECTION
+ girdir = $(INTROSPECTION_GIRDIR)
+ gir_DATA = PolkitAgent-1.0.gir
+
++PolkitAgent-1.0.gir: libpolkit-agent-1.la
++
+ typelibsdir = $(INTROSPECTION_TYPELIBDIR)
+ typelibs_DATA = PolkitAgent-1.0.typelib
+
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/system/polkit/fix-test-fgetpwent.patch b/system/polkit/fix-test-fgetpwent.patch
new file mode 100644
index 000000000..7bc6481cc
--- /dev/null
+++ b/system/polkit/fix-test-fgetpwent.patch
@@ -0,0 +1,20 @@
+--- polkit-0.105/test/mocklibc/src/pwd.c.old 2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/mocklibc/src/pwd.c 2017-09-27 19:40:57.883227673 -0500
+@@ -16,6 +16,7 @@
+ * Author: Nikki VonHollen <vonhollen@gmail.com>
+ */
+
++#define _GNU_SOURCE
+ #include <pwd.h>
+
+ #include <stdio.h>
+--- polkit-0.105/test/mocklibc/src/grp.c.old 2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/mocklibc/src/grp.c 2017-09-27 19:44:57.759238450 -0500
+@@ -16,6 +16,7 @@
+ * Author: Nikki VonHollen <vonhollen@gmail.com>
+ */
+
++#define _GNU_SOURCE
+ #include <grp.h>
+
+ #include <stdio.h>
diff --git a/system/procps/APKBUILD b/system/procps/APKBUILD
new file mode 100644
index 000000000..9f52de53f
--- /dev/null
+++ b/system/procps/APKBUILD
@@ -0,0 +1,73 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=procps
+pkgver=3.3.12
+pkgrel=4
+pkgdesc="Utilities for monitoring your system and processes on your system"
+url="https://gitlab.com/procps-ng/procps"
+arch="all"
+license="GPL LGPL"
+makedepends="ncurses-dev gettext-dev autoconf automake libtool"
+checkdepends="dejagnu"
+subpackages="$pkgname-dev $pkgname-doc libproc"
+source="$pkgname-$pkgver.tar.gz::https://gitlab.com/procps-ng/$pkgname/repository/archive.tar.gz?ref=v$pkgver
+ strtod.patch"
+builddir="$srcdir/$pkgname-v$pkgver"
+
+prepare() {
+ # NOTE: Name of the tarball's top-level directory contains SHA1.
+ ln -fs $pkgname-v$pkgver-* "$builddir"
+
+ default_prepare
+
+ cd "$builddir"
+ ./autogen.sh
+}
+
+build() {
+ cd "$builddir"
+
+ export LIBS="$LIBS -lintl"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/ \
+ --bindir=/bin \
+ --sbindir=/sbin \
+ --libdir=/lib \
+ --mandir=/usr/share/man \
+ --sysconfdir=/etc \
+ --docdir=/usr/share/doc \
+ --disable-static \
+ --disable-rpath \
+ --with-ncurses
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+
+ make DESTDIR="$pkgdir" ldconfig=true install="install -D" \
+ install
+
+ # These binaries are identical.
+ ln -sf pgrep "$pkgdir"/bin/pkill
+
+ install -d "$pkgdir"/usr/lib
+ mv "$pkgdir"/include "$pkgdir"/usr/ \
+ && mv "$pkgdir"/lib/pkgconfig "$pkgdir"/usr/lib/
+}
+
+libproc() {
+ pkgdesc="Library for monitoring system and processes"
+
+ install -d "$subpkgdir"/
+ mv "$pkgdir"/lib "$subpkgdir"/
+}
+
+sha512sums="a4400b9e13f8e9ec1c527a0e9e2e5580b6d007cae0f961b2a82c2924e4922232cee7a8be77badb45d608383758476da0260460d8e0801a5e88ced7cc6b8c10cc procps-3.3.12.tar.gz
+93449c3b431a40d9fbfe8a5681cbd3696a984565b99d6105cf988ae571beda0c815104a3a13bf6d20289705e4063b0a61d2658c422293095e3eb78c29c41053b strtod.patch"
diff --git a/system/procps/strtod.patch b/system/procps/strtod.patch
new file mode 100644
index 000000000..9cc974b1b
--- /dev/null
+++ b/system/procps/strtod.patch
@@ -0,0 +1,115 @@
+From 4ed44ab58e27a9a09902b9c5b49df484842b6c9a Mon Sep 17 00:00:00 2001
+From: Dr. Werner Fink <werner@suse.de>
+Date: Wed, 13 Jul 2016 20:08:51 +1000
+Subject: [PATCH] misc: fix strtod_nol_err tests
+
+A better way of implementing the string to double
+conversion and a better way of testing it.
+
+Signed-off-by: Craig Small <csmall@enc.com.au>
+---
+ include/strutils.h | 2 +-
+ lib/strutils.c | 22 ++++++++++++----------
+ lib/test_strtod_nol.c | 7 ++++---
+ 4 files changed, 20 insertions(+), 18 deletions(-)
+
+diff --git a/include/strutils.h b/include/strutils.h
+index 85a6192..a5a15c9 100644
+--- a/include/strutils.h
++++ b/include/strutils.h
+@@ -7,6 +7,6 @@
+
+ extern long strtol_or_err(const char *str, const char *errmesg);
+ extern double strtod_or_err(const char *str, const char *errmesg);
+-double strtod_nol_or_err(char *str, const char *errmesg);
++extern double strtod_nol_or_err(char *str, const char *errmesg);
+
+ #endif
+diff --git a/lib/strutils.c b/lib/strutils.c
+index e5245db..e0632c4 100644
+--- a/lib/strutils.c
++++ b/lib/strutils.c
+@@ -20,6 +20,8 @@
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+ */
+
++#include <float.h>
++#include <math.h>
+ #include <stdlib.h>
+ #include <ctype.h>
+
+@@ -71,9 +73,9 @@ double strtod_or_err(const char *str, const char *errmesg)
+ */
+ double strtod_nol_or_err(char *str, const char *errmesg)
+ {
+- double num;
++ long double num;
+ const char *cp, *radix;
+- double mult;
++ long double mult;
+ int negative = 0;
+
+ if (str != NULL && *str != '\0') {
+@@ -95,29 +97,29 @@ double strtod_nol_or_err(char *str, const char *errmesg)
+ mult=0.1;
+ while(isdigit(*radix)) {
+ radix++;
+- mult *= 10;
++ mult *= 10.0;
+ }
+ while(isdigit(*cp)) {
+- num += (*cp - '0') * mult;
+- mult /= 10;
++ num += (long double)(*cp - '0') * mult;
++ mult /= 10.0;
+ cp++;
+ }
+ /* got the integers */
+ if (*cp == '\0')
+- return (negative?-num:num);
++ return (double)(negative?-num:num);
+ if (*cp != '.' && *cp != ',')
+ error(EXIT_FAILURE, EINVAL, "%s: '%s'", errmesg, str);
+
+ cp++;
+ mult = 0.1;
+ while(isdigit(*cp)) {
+- num += (*cp - '0') * mult;
+- mult /= 10;
++ num += (long double)(*cp - '0') * mult;
++ mult /= 10.0;
+ cp++;
+ }
+ if (*cp == '\0')
+- return (negative?-num:num);
++ return (double)(negative?-num:num);
+ }
+ error(EXIT_FAILURE, errno, "%s: '%s'", errmesg, str);
+- return 0;
++ return (double)0;
+ }
+diff --git a/lib/test_strtod_nol.c b/lib/test_strtod_nol.c
+index 0be798c..736768a 100644
+--- a/lib/test_strtod_nol.c
++++ b/lib/test_strtod_nol.c
+@@ -1,4 +1,5 @@
+-
++#include <float.h>
++#include <math.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include "strutils.h"
+@@ -33,8 +34,8 @@ int main(int argc, char *argv[])
+ double val;
+
+ for(i=0; tests[i].string != NULL; i++) {
+- if(strtod_nol_or_err(tests[i].string, "Cannot parse number") !=
+- tests[i].result) {
++ val = strtod_nol_or_err(tests[i].string, "Cannot parse number");
++ if(fabs(tests[i].result - val) > DBL_EPSILON) {
+ fprintf(stderr, "FAIL: strtod_nol_or_err(\"%s\") != %f\n",
+ tests[i].string, tests[i].result);
+ return EXIT_FAILURE;
+--
+libgit2 0.26.0
+
diff --git a/system/sudo/APKBUILD b/system/sudo/APKBUILD
new file mode 100644
index 000000000..8a9bc25c1
--- /dev/null
+++ b/system/sudo/APKBUILD
@@ -0,0 +1,67 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sudo
+pkgver=1.8.21_p2
+if [ "${pkgver%_*}" != "$pkgver" ]; then
+ _realver=${pkgver%_*}${pkgver#*_}
+else
+ _realver=$pkgver
+fi
+pkgrel=1
+pkgdesc="Give certain users the ability to run some commands as root"
+url="http://www.sudo.ws/sudo/"
+arch="all"
+license="custom ISC"
+makedepends_host="linux-pam-dev zlib-dev"
+makedepends_build="bash"
+makedepends="$makedepends_host $makedepends_build"
+depends=
+subpackages="$pkgname-doc $pkgname-dev"
+source="https://www.sudo.ws/dist/sudo-${_realver}.tar.gz
+ fix-cross-compile.patch
+ libcrypt.patch
+ musl-fix-headers.patch
+ "
+options="suid"
+
+# secfixes:
+# 1.8.20_p2-r0:
+# - CVE-2017-1000368
+
+builddir="$srcdir"/$pkgname-$_realver
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libexecdir=/usr/lib \
+ --mandir=/usr/share/man \
+ --disable-nls \
+ --enable-pie \
+ --with-env-editor \
+ --with-pam \
+ --without-skey \
+ --with-passprompt="[sudo] password for %p: "
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ # the sudo's mkinstalldir script miscreates the leading
+ # path components with bad permissions. fix this.
+ install -d -m0755 "$pkgdir"/var "$pkgdir"/var/db
+ make -j1 DESTDIR="$pkgdir" install
+ rm -rf "$pkgdir"/var/run
+}
+
+sha512sums="f04bbff54ad74ba73c078e15c75d2f41332d4912078ed66157ba7346b7fff914bd0747460cb4cd0c472af2d3b344fa72f5c62c95169df68a9cac74d7245c720c sudo-1.8.21p2.tar.gz
+f0f462f40502da2194310fe4a72ec1a16ba40f95a821ba9aa6aabaa423d28c4ab26b684afa7fb81c2407cf60de9327bdab01de51b878c5d4de49b0d62645f53c fix-cross-compile.patch
+5ad20254aa587ef615f794081ecd55344eada5cf8c1a1d7956cc3f73375554716c483eeb74081da9a8501afce92cfbaf2abe59d1067aac67ce6e4874eb5a23e1 libcrypt.patch
+113416fed7532c6092687c8bdd9913d04888d2f0a32e4333dd27a6b3d39145717ad5c3b3f05ba11bd6462612a9a013d446d254d50b2b651c33eeebe670f41ab5 musl-fix-headers.patch"
diff --git a/system/sudo/fix-cross-compile.patch b/system/sudo/fix-cross-compile.patch
new file mode 100644
index 000000000..d2fc97cca
--- /dev/null
+++ b/system/sudo/fix-cross-compile.patch
@@ -0,0 +1,15 @@
+--- ./lib/util/Makefile.in.orig
++++ ./lib/util/Makefile.in
+@@ -160,10 +160,10 @@
+ ./mksigname > $@
+
+ mksiglist: $(srcdir)/mksiglist.c $(srcdir)/mksiglist.h $(incdir)/sudo_compat.h $(top_builddir)/config.h
+- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@
++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksiglist.c -o $@
+
+ mksigname: $(srcdir)/mksigname.c $(srcdir)/mksigname.h $(incdir)/sudo_compat.h $(top_builddir)/config.h
+- $(CC) $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@
++ $${HOSTCC:-gcc} $(CPPFLAGS) $(CFLAGS) $(srcdir)/mksigname.c -o $@
+
+ $(srcdir)/mksiglist.h: $(srcdir)/siglist.in
+ @if [ -n "$(DEVEL)" ]; then \
diff --git a/system/sudo/libcrypt.patch b/system/sudo/libcrypt.patch
new file mode 100644
index 000000000..e83b69113
--- /dev/null
+++ b/system/sudo/libcrypt.patch
@@ -0,0 +1,11 @@
+--- ./plugins/sudoers/Makefile.in.orig
++++ ./plugins/sudoers/Makefile.in
+@@ -52,7 +52,7 @@
+ LT_LIBS = $(top_builddir)/lib/util/libsudo_util.la
+ LIBS = $(LT_LIBS) @LIBINTL@
+ NET_LIBS = @NET_LIBS@
+-SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@
++SUDOERS_LIBS = @SUDOERS_LIBS@ @AFS_LIBS@ @GETGROUPS_LIB@ $(LIBS) $(NET_LIBS) @ZLIB@ @LIBMD@ -lcrypt
+ REPLAY_LIBS = @REPLAY_LIBS@ @ZLIB@
+ VISUDO_LIBS = $(NET_LIBS) @LIBMD@
+ TESTSUDOERS_LIBS = $(NET_LIBS) @LIBMD@
diff --git a/system/sudo/musl-fix-headers.patch b/system/sudo/musl-fix-headers.patch
new file mode 100644
index 000000000..18a19b75d
--- /dev/null
+++ b/system/sudo/musl-fix-headers.patch
@@ -0,0 +1,10 @@
+--- ./include/sudo_compat.h.orig
++++ ./include/sudo_compat.h
+@@ -25,6 +25,7 @@
+ #include <stdio.h>
+ #include <stdarg.h>
+ #include <stddef.h> /* for rsize_t */
++#include <sys/types.h> /* for id_t */
+
+ /*
+ * Macros and functions that may be missing on some operating systems.
diff --git a/system/syslinux/APKBUILD b/system/syslinux/APKBUILD
new file mode 100644
index 000000000..25e7cb252
--- /dev/null
+++ b/system/syslinux/APKBUILD
@@ -0,0 +1,60 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=syslinux
+pkgver=6.04_pre1
+pkgrel=2
+_ver=${pkgver/_/-}
+pkgdesc="Boot loader for the Linux operating system"
+url="http://syslinux.org"
+arch="x86 x86_64"
+license="GPL"
+makedepends="linux-headers nasm perl util-linux-dev gnu-efi-dev"
+depends="mtools blkid mawk"
+triggers="syslinux.trigger=/boot"
+install="syslinux.post-upgrade"
+options="!check textrels" # does not ship tests in tarball
+ldpath="/usr/share/syslinux"
+
+source="https://www.kernel.org/pub/linux/utils/boot/syslinux/Testing/${pkgver%_pre*}/syslinux-$_ver.tar.xz
+ update-extlinux.conf
+ update-extlinux
+ "
+subpackages="$pkgname-doc $pkgname-dev"
+
+_loaderarch=
+case "$CARCH" in
+x86) _loaderarch=efi32;;
+x86_64) _loaderarch=efi64;;
+esac
+
+builddir="$srcdir"/$pkgname-$_ver
+prepare() {
+ cd "$builddir"
+ for i in $source; do
+ i=${i%%::*}
+ case "$i" in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
+}
+
+build() {
+ cd "$builddir"
+ unset LDFLAGS
+ make $_loaderarch installer || return 1
+}
+
+package() {
+ cd "$builddir"
+ make -j1 INSTALLROOT="$pkgdir" MANDIR=/usr/share/man \
+ bios $_loaderarch install || return 1
+
+ mkdir -p "$pkgdir"/etc/update-extlinux.d
+ cp "$srcdir"/update-extlinux.conf "$pkgdir"/etc/
+ sed "/^version=/s/=.*/=$pkgver-r$pkgrel/" "$srcdir"/update-extlinux \
+ > "$pkgdir"/sbin/update-extlinux
+ chmod 755 "$pkgdir"/sbin/update-extlinux
+}
+
+sha512sums="7927dd39be8e2dcf4138a6fea33def67d19d938379d694f15b48fdd2f5924c028b7a9e7bd71d0c7c6630c203e9e2a54296628e530632ad5e6f55b1ebefe8fc98 syslinux-6.04-pre1.tar.xz
+9071be450e543597f6f95b9a5811869c5351a71f4c42f7879b9f7ec1b13e2e4d455e9f2900e3897d5e5870bd87c934b7168328186c5f17631f2b09a524e10a1a update-extlinux.conf
+23fd69b5f42af063744289f64e60eddd0fa35db83d988b24635e6eb47b5c8fada8585c9aea60f398cfc1e5be8565230a81192d71df705368a90e0927f35fb60d update-extlinux"
diff --git a/system/syslinux/syslinux.post-upgrade b/system/syslinux/syslinux.post-upgrade
new file mode 100644
index 000000000..90388668d
--- /dev/null
+++ b/system/syslinux/syslinux.post-upgrade
@@ -0,0 +1,61 @@
+#!/bin/sh
+
+# find given append opt
+get_append_opt() {
+ awk -v search="$1" '
+ $1 == "append" || $1 == "APPEND" {
+ split($0, a);
+ for (i in a) {
+ if (index(a[i], search) == 1) {
+ print a[i];
+ }
+ }
+ }' /boot/extlinux.conf | sort | uniq
+}
+
+# print default kernel options
+get_default_opts() {
+ awk '
+ $1 == "append" || $1 == "APPEND" {
+ opts="";
+ space="";
+ split($0, a);
+ for (i in a) {
+ if (i != 1 \
+ && (index(a[i], "root=") != 1) \
+ && (index(a[i], "initrd=") != 1) \
+ && (index(a[i], "modules=") != 1)) {
+ opts = opts space a[i];
+ space = " ";
+ }
+ }
+ print opts;
+ }
+ ' /boot/extlinux.conf | sort | uniq
+}
+
+if ! [ -f /boot/extlinux.conf ]; then
+ exit 0
+fi
+
+# check if we already have a generated extlinux.conf
+if grep -q '^# Generated by update-extlinux' /boot/extlinux.conf; then
+ exit 0
+fi
+
+# try fish out the kernel opts from extlinuix.conf's append line
+root=$(get_append_opt 'root=' | head -n 1)
+modules=$(get_append_opt 'modules=' | head -n 1)
+opts=$(get_default_opts | head -n 1)
+
+# populate update-extlinux.conf with the info we know
+if [ -n "$root" ]; then
+ sed -i -e "/^root=/s|.*|$root|g" /etc/update-extlinux.conf
+fi
+if [ -n "$modules" ]; then
+ sed -i -e "/^modules=/s|.*|$modules|g" /etc/update-extlinux.conf
+fi
+if [ -n "$opts" ]; then
+ sed -i -e "/^default_kernel_opts=/s|.*|default_kernel_opts=\"$opts\"|g" /etc/update-extlinux.conf
+fi
+
diff --git a/system/syslinux/syslinux.trigger b/system/syslinux/syslinux.trigger
new file mode 100644
index 000000000..fe91f4379
--- /dev/null
+++ b/system/syslinux/syslinux.trigger
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+update-extlinux --warn-only
diff --git a/system/syslinux/update-extlinux b/system/syslinux/update-extlinux
new file mode 100755
index 000000000..b0d8d97f7
--- /dev/null
+++ b/system/syslinux/update-extlinux
@@ -0,0 +1,252 @@
+#!/bin/sh
+
+version=
+default=0
+timeout=5
+verbose=0
+
+conf=/boot/extlinux.conf
+myconf=/etc/update-extlinux.conf
+
+# read in extlinux settings
+if [ -f "$myconf" ]; then
+ . $myconf
+fi
+
+everbose() {
+ if [ "$verbose" = "0" ]; then
+ return
+ fi
+
+ echo $*
+}
+
+ewarn() {
+ echo "WARNING:" $@ >&2
+}
+
+eerror() {
+ echo "ERROR:" $@ >&2
+ return 1
+}
+
+usage() {
+ echo "usage: $0 [-v|--verbose] [--warn-only]"
+}
+
+while [ $# -gt 0 ]; do
+ opt="$1"
+ shift
+ case "$opt" in
+ -v|--verbose)
+ verbose=1
+ ;;
+ --warn-only)
+ warn_only=1
+ ;;
+ --)
+ break
+ ;;
+ -*)
+ usage
+ exit 1
+ ;;
+ esac
+done
+
+everbose "Updating extlinux configuration."
+
+if [ "x$root" = "x" ]; then
+ ewarn "Root device is not specified in $myconf."
+ blkid_export=$(blkid -o export /dev/root)
+ if [ -n "$blkid_export" ]; then
+ export $blkid_export
+ fi
+ if [ -z "$UUID" ]; then
+ # try parse /proc/mount for mounted /
+ dev=$(awk '$2 == "/" {dev=$1} END {print dev}' /proc/mounts)
+ if [ -n "$dev" ]; then
+ blkid_export=$(blkid -o export $dev)
+ if [ -n "$blkid_export" ]; then
+ export "$blkid_export"
+ fi
+ fi
+ fi
+ if [ -z "$UUID" ]; then
+ if [ -z "$dev" ]; then
+ if [ -n "$warn_only" ]; then
+ ewarn "Failed to detect root device. extlinux.conf is not updated"
+ exit 0
+ else
+ eerror "Failed to detect root device"
+ exit 1
+ fi
+ else
+ root=$dev
+ fi
+ else
+ root=UUID=$UUID
+ fi
+ everbose "Root device is: $root"
+fi
+
+rtimeout=$(( ${timeout} * 10 ))
+syslinux_menu=menu.c32
+menu_hidden=
+
+# vesa menu has been requested?
+if [ "$vesa_menu" = "1" ]; then
+ syslinux_menu=vesamenu.c32
+fi
+
+umask 0022
+rm -f $conf.new
+echo "# Generated by update-extlinux $version" > $conf.new
+if [ -n "$serial_port" ]; then
+ echo "SERIAL $serial_port ${serial_baud:-115200}" >> $conf.new
+fi
+echo "DEFAULT $syslinux_menu" >> $conf.new
+echo "PROMPT 0" >> $conf.new
+echo "MENU TITLE Addelie $(uname -s) Boot Menu" >> $conf.new
+if [ "$hidden" = "1" ]; then
+ echo "MENU HIDDEN" >> $conf.new
+fi
+echo "MENU AUTOBOOT Adelie will be booted automatically in # seconds." >> $conf.new
+echo "TIMEOUT $rtimeout" >> $conf.new
+
+lst=0
+if [ -f "/boot/xen.gz" ]; then
+ for kernel in $(find /boot -name "vmlinuz-*" -type f); do
+ tag=$(basename $kernel | cut -b9-)
+ everbose "Found Xen hypervisor: /boot/xen.gz, kernel: $kernel"
+
+ if [ -f "/boot/initramfs-$tag" ]; then
+ everbose "Found initramfs: /boot/initramfs-$tag"
+ initramfs="initramfs-$tag"
+ else
+ initramfs=
+ fi
+ label=xen-$(grep -w -l $tag /usr/share/kernel/*/kernel.release \
+ | cut -d/ -f5)
+ if [ "$label" = "xen-" ]; then
+ label=xen-$lst
+ fi
+
+ echo "LABEL $label" >> $conf.new
+ if [ "$label" = "$default" ]; then
+ echo " MENU DEFAULT" >> $conf.new
+ fi
+ echo " MENU LABEL Xen + Linux $tag" >> $conf.new
+ echo " COM32 mboot.c32" >> $conf.new
+ echo " APPEND xen.gz $xen_opts --- $(basename $kernel) root=$root modules=${modules}${TYPE:+,$TYPE} $default_kernel_opts --- $initramfs" >> $conf.new
+ echo "" >> $conf.new
+ lst=$(($lst + 1))
+ done
+fi
+
+for kernel in $(find /boot -name "vmlinuz*" -type f); do
+ case $kernel in
+ *vmlinuz) tag=vanilla;;
+ *vmlinuz-*) tag=$(basename $kernel | cut -b9-);;
+ *) continue;;
+ esac
+ everbose "Found kernel: $kernel"
+ label=$(grep -w -l $tag /usr/share/kernel/*/kernel.release | cut -d/ -f5)
+ if [ -z "$label" ]; then
+ if [ "$tag" = vanilla ]; then
+ label="vanilla"
+ else
+ label=$lst
+ fi
+ fi
+ echo "LABEL $label" >> $conf.new
+ if [ "$label" = "$default" ]; then
+ echo " MENU DEFAULT" >> $conf.new
+ fi
+ echo " MENU LABEL Linux $tag" >> $conf.new
+ echo " LINUX $(basename $kernel)" >> $conf.new
+ if [ -f "/boot/initramfs-$tag" ]; then
+ everbose "Found initramfs: /boot/initramfs-$tag"
+ echo " INITRD initramfs-$tag" >> $conf.new
+ fi
+ echo " APPEND root=$root modules=${modules}${TYPE:+,$TYPE} $default_kernel_opts" >> $conf.new
+ echo "" >> $conf.new
+ lst=$(($lst + 1))
+done
+
+if [ -n "$password" ]; then
+ echo "NOESCAPE 1" >> $conf.new
+ echo "MENU MASTER PASSWD $password" >> $conf.new
+ echo "" >> $conf.new
+ chmod o-r $conf.new
+fi
+
+everbose "$lst entries found."
+
+for entry in /etc/update-extlinux.d/*; do
+ [ -f "$entry" ] && { cat $entry; echo ""; } >> $conf.new
+done
+
+echo "MENU SEPARATOR" >> $conf.new
+echo "" >> $conf.new
+
+if [ -f "/boot/hdt.c32" ]; then
+ everbose "Found Hardware Detection Tool: /boot/hdt.c32"
+ echo "LABEL hdt" >> $conf.new
+ echo " MENU LABEL Hardware info" >> $conf.new
+ if [ -n "$password" ]; then
+ echo " MENU PASSWD" >> $conf.new
+ fi
+ echo " COM32 hdt.c32" >> $conf.new
+ if [ -f "/boot/memtest" ]; then
+ everbose "Found memtest86+: /boot/memtest"
+ echo " APPEND memtest=memtest" >> $conf.new
+ fi
+ echo "" >> $conf.new
+elif [ -f "/boot/memtest" ]; then
+ everbose "Found memtest86+: /boot/memtest"
+ echo "LABEL memtest" >> $conf.new
+ echo " MENU LABEL Memtest86+" >> $conf.new
+ echo " KERNEL memtest" >> $conf.new
+ echo "" >> $conf.new
+fi
+
+for i in reboot poweroff; do
+ [ -f "/boot/$i.c32" ] || continue
+ everbose "Found $i"
+ # make first char capital
+ cap=$( echo $i | awk '{sub(".", substr(toupper($0),1,1), $0); print}' )
+ echo "LABEL $i" >> $conf.new
+ echo " MENU LABEL $cap" >> $conf.new
+ echo " COM32 $i.c32" >> $conf.new
+ echo "" >> $conf.new
+done
+
+if cmp -s $conf.new $conf; then
+ everbose "Configuration unchanged."
+ rm $conf.new
+fi
+
+if [ "$overwrite" != "1" ]; then
+ exit 0
+elif [ -f "$conf.new" ]; then
+ # keep a backup just in case
+ if [ -f "$conf" ]; then
+ mv $conf $conf.old
+ fi
+
+ mv $conf.new $conf
+fi
+
+everbose "Installing libutil.c32 libcom32.c32 mboot.c32 menu.c32 vesamenu.c32 to /boot."
+cp /usr/share/syslinux/libutil.c32 \
+ /usr/share/syslinux/libcom32.c32 \
+ /usr/share/syslinux/mboot.c32 \
+ /usr/share/syslinux/menu.c32 \
+ /usr/share/syslinux/vesamenu.c32 \
+ /boot
+
+case "$(stat -f -c '%T' /boot)" in
+ext*) extlinux --update /boot || [ -n "$warn_only" ];;
+esac
+
diff --git a/system/syslinux/update-extlinux.conf b/system/syslinux/update-extlinux.conf
new file mode 100644
index 000000000..39598cb99
--- /dev/null
+++ b/system/syslinux/update-extlinux.conf
@@ -0,0 +1,75 @@
+# configuration for extlinux config builder
+
+# overwrite
+# Overwrite current /boot/extlinux.conf. If this is not '1' we will only
+# write to /boot/extlinux.conf.new
+overwrite=1
+
+# vesa_menu
+# use fancy vesa menu (vesamenu.c32) menus, won't work with serial
+vesa_menu=1
+
+# default_kernel_opts
+# default kernel options
+default_kernel_opts=ro
+
+# modules
+# modules which should be loaded before pivot_root
+modules=
+#sd-mod,usb-storage,ext3
+
+# root
+# root device - if not specified, will be guessed using
+# blkid -o export /dev/root
+root=
+
+# verbose
+# if set to non-zero, update-extlinux will be a lot more verbose.
+verbose=0
+
+# hidden
+# if set to non-zero, the boot menu will be hidden by default.
+hidden=0
+
+# timeout
+# number of seconds to wait before booting default
+timeout=5
+
+# default
+# default kernel to boot
+default=vanilla
+
+# serial_port
+# serial port number - if not specified, serial console will be disabled
+serial_port=
+
+# serial_baud
+# the baudrate for the serial port. Will use 115200 if unset
+serial_baud=115200
+
+# xen_opts
+# options to hand to xen hypervisor, useful ones are:
+# dom0_mem=256M (give domain-0 environment 256M ram)
+xen_opts=dom0_mem=256M
+
+# if you copy /usr/share/syslinux/reboot.c32 to /boot/, a menu entry
+# will be auto-generated for it
+
+# if you copy hdt.c32, libgpl.c32, and libmenu.c32 from /usr/share/syslinux/
+# to /boot/, a menu entry will be auto-generated for HDT
+
+# if you download and install /boot/memtest, then if HDT is present it
+# will use it, else a separate menu entry will be auto-generated for
+# memtest
+
+# optional password
+# you can generate a SHA512 password using: mkpasswd
+#
+# if you assign a password, you should make this file world-unreadable
+#
+# if a password is assigned, the menu entries can't be edited at boot
+# time, and HDT if present is password-protected
+#
+# you can also include "MENU PASSWD" in any custom entries you have in
+# /etc/update-extlinux.d/
+password=''
diff --git a/system/vim/APKBUILD b/system/vim/APKBUILD
new file mode 100644
index 000000000..df46d4b5d
--- /dev/null
+++ b/system/vim/APKBUILD
@@ -0,0 +1,68 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=vim
+pkgver=8.0.1240
+pkgrel=0
+pkgdesc="advanced text editor"
+url="http://www.vim.org"
+arch="all"
+license="custom"
+depends=""
+options="!check" # requires controlling TTY, and fails with musl locales
+makedepends="acl-dev ncurses-dev perl-dev python3-dev"
+subpackages="$pkgname-doc ${pkgname}diff::noarch"
+source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
+ vimrc
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 8.0.0329-r0:
+# - CVE-2017-5953
+# 8.0.0056-r0:
+# - CVE-2016-1248
+
+prepare() {
+ cd "$builddir"
+ # Read vimrc from /etc/vim
+ echo '#define SYS_VIMRC_FILE "/etc/vim/vimrc"' >> src/feature.h
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --enable-perlinterp \
+ --enable-python3interp=dynamic \
+ --without-x \
+ --enable-acl \
+ --enable-nls \
+ --enable-multibyte \
+ --enable-gui=no \
+ --with-compiledby="Adélie Linux"
+ make
+}
+
+package() {
+ cd "$builddir"
+ make -j1 DESTDIR="$pkgdir/" install
+
+ install -Dm644 runtime/doc/uganda.txt \
+ "$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+ install -Dm644 "$srcdir"/vimrc "$pkgdir"/etc/vim/vimrc
+}
+
+vimdiff() {
+ pkgdesc="view file diffs in vim"
+ depends="diffutils"
+
+ install -d "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/vimdiff "$subpkgdir"/usr/bin
+}
+
+sha512sums="12f213b9fa61294359e5376605d4d7cd4a329fcfd1b3bcdbf3c9e4c4baf6bf0cc013a7670a173d84e0ef6a210705ddba8fc39a8222744b3779d6493d92c99d29 vim-8.0.1240.tar.gz
+95d4ad2e86c4490814fa6047c9d2d57a8acffb6c286a81483faac44d0648874dc9669fee7d29ce98612f5ab8afe68480c29e4128a7aa7f99465dd8de298145c3 vimrc"
diff --git a/system/vim/vimrc b/system/vim/vimrc
new file mode 100644
index 000000000..4849a16d1
--- /dev/null
+++ b/system/vim/vimrc
@@ -0,0 +1,18 @@
+set nocompatible " Use Vim defaults (much better!)
+set bs=2 " Allow backspacing over everything in insert mode
+set ai " Always set auto-indenting on
+set history=50 " keep 50 lines of command history
+set ruler " Show the cursor position all the time
+
+set mouse= " Use Vim 7 default of no mouse movements by default
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" When doing tab completion, give the following files lower priority.
+set suffixes+=.info,.aux,.log,.dvi,.bbl,.out,.o,.lo
+
+set nomodeline
+syntax on
+color desert
+autocmd BufRead APKBUILD set filetype=sh
diff --git a/system/wine/APKBUILD b/system/wine/APKBUILD
new file mode 100644
index 000000000..b1aaad45b
--- /dev/null
+++ b/system/wine/APKBUILD
@@ -0,0 +1,139 @@
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Martell Malone <martell@marinelayer.io>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=wine
+pkgver=3.0
+_pkgver=${pkgver/_/-}
+pkgrel=0
+pkgdesc="A compatibility layer for running Windows programs"
+url="http://www.winehq.com"
+arch="pmmx x86 x86_64"
+license="LGPL-2.0-or-later"
+# As of 2.0.3 most of the tests fails
+options="!check"
+subpackages="$pkgname-libs $pkgname-dev $pkgname-doc"
+depends_dev="$pkgname perl"
+makedepends="fontconfig-dev openldap-dev libxslt-dev libxxf86dga-dev
+ libxcursor-dev libxrandr-dev libxdamage-dev mesa-dev flex-dev bison
+ libpng-dev libjpeg-turbo-dev freetype-dev ncurses-dev libressl-dev
+ libxcomposite-dev libxrender-dev libxinerama-dev zlib-dev
+ cups-dev alsa-lib-dev lcms-dev libxml2-dev paxmark dbus-dev libxi-dev
+ gnutls-dev tiff-dev v4l-utils-dev udisks2-dev autoconf automake
+ openal-soft-dev pulseaudio-dev sane-dev eudev-dev
+ "
+source="http://dl.winehq.org/$pkgname/source/${pkgver%.[1-9]}/$pkgname-$_pkgver.tar.xz
+ no-pie.patch
+ winhlp32-flex.patch
+ "
+builddir="$srcdir/$pkgname-$_pkgver"
+
+prepare() {
+ cd "$builddir"
+
+ default_prepare
+ aclocal && autoheader && autoreconf
+}
+
+build() {
+ cd "$builddir"
+
+ case "$CARCH" in
+ x86_64) _win64=--enable-win64;;
+ esac
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libdir=/usr/lib \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --with-cups \
+ --with-curses \
+ --with-dbus \
+ --with-fontconfig \
+ --with-freetype \
+ --with-jpeg \
+ --with-openal \
+ --with-opengl \
+ --with-png \
+ --with-pulse \
+ --with-sane \
+ --with-udev \
+ --with-va \
+ --with-x \
+ --with-xcomposite \
+ --with-xinerama \
+ --with-xslt \
+ $_win64
+ make
+}
+
+check() {
+ cd "$builddir"
+ make test
+}
+
+package() {
+ local file
+ cd "$builddir"
+ make -j1 DESTDIR="$pkgdir" install
+
+ case "$CARCH" in
+ x86_64) _wine="wine64";;
+ *) _wine="wine";;
+ esac
+
+ paxmark -psmre "$pkgdir"/usr/bin/$_wine-preloader \
+ "$pkgdir"/usr/bin/$_wine
+
+ install -Dm755 tools/wineapploader \
+ "$pkgdir"/usr/bin/wineapploader
+
+ for file in msiexec notepad regedit regsvr32 wineboot \
+ winecfg wineconsole winefile winemine winepath
+ do
+ rm "$pkgdir"/usr/bin/$file
+ ln -sf /usr/bin/wineapploader "$pkgdir"/usr/bin/$file
+ done
+}
+
+dev() {
+ local file
+ default_dev
+
+ install -d "$subpkgdir"/usr/bin
+ for file in widl wmc wrc winebuild winedump function_grep.pl \
+ winedbg winemaker winegcc winecpp wineg++
+ do
+ mv "$pkgdir"/usr/bin/$file "$subpkgdir"/usr/bin/
+ done
+
+ install -d "$subpkgdir"/usr/lib/wine
+ mv "$pkgdir"/usr/lib/wine/*.def "$subpkgdir"/usr/lib/wine/
+}
+
+doc() {
+ default_doc
+ rm -fr "$subpkgdir"/usr/share/man/*.UTF-8
+}
+
+libs() {
+ local file ext
+ default_libs
+
+ install -d "$subpkgdir"/usr/lib/wine/fakedlls
+ for ext in dll16 drv16 exe16 acm dll drv ds ocx sys tlb vxd; do
+ for file in $(find "$pkgdir/usr/lib/wine/fakedlls" -name "*.$ext"); do
+ mv "$pkgdir"/usr/lib/wine/fakedlls/${file##*/} \
+ "$subpkgdir"/usr/lib/wine/fakedlls/
+ mv "$pkgdir"/usr/lib/wine/${file##*/}.so \
+ "$subpkgdir"/usr/lib/wine/
+ done
+ done
+}
+
+sha512sums="a51f41b66f4805e09b223528eff6670e94b9c0c0c947be647507baf9d8d9afe7c3fdc88684c2c8d3573b4739d9a086ab929a744a8594d3c8f6ceb52070f43f0a wine-3.0.tar.xz
+d853875f7d659617bdfba364704abd75b760d12977f1f13acc73acb3c8fefec0549677fb79a4f8955e073d64078b3071d63d97262522e22b7832a66d3d820a9c no-pie.patch
+522a94a31fc459e80ea7dd05f7aee64f6ae666ec05236d06614acde118d5c60002e0f253ae75edb5f02164f22937ca89578504b690d1a5611bd60f703c8f0c00 winhlp32-flex.patch"
diff --git a/system/wine/no-pie.patch b/system/wine/no-pie.patch
new file mode 100644
index 000000000..5fb5d87b6
--- /dev/null
+++ b/system/wine/no-pie.patch
@@ -0,0 +1,14 @@
+diff --git a/loader/Makefile.in b/loader/Makefile.in
+index 8190037..437d4d9 100644
+--- a/loader/Makefile.in
++++ b/loader/Makefile.in
+@@ -26,7 +26,7 @@ wine64_DEPS = $(WINELOADER_DEPENDS)
+ wine64_LDFLAGS = $(LDEXECFLAGS) -lwine $(PTHREAD_LIBS)
+
+ wine_preloader_OBJS = preloader.o
+-wine_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000
++wine_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 -no-pie
+
+ wine64_preloader_OBJS = preloader.o
+-wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000
++wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 -no-pie
diff --git a/system/wine/nopie.patch b/system/wine/nopie.patch
new file mode 100644
index 000000000..54eb141be
--- /dev/null
+++ b/system/wine/nopie.patch
@@ -0,0 +1,10 @@
+diff --git a/loader/Makefile.in b/loader/Makefile.in
+index 8190037..b4f2902 100644
+--- a/loader/Makefile.in
++++ b/loader/Makefile.in
+@@ -29,4 +29,4 @@ wine_preloader_OBJS = preloader.o
+ wine_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000
+
+ wine64_preloader_OBJS = preloader.o
+-wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000
++wine64_preloader_LDFLAGS = -static -nostartfiles -nodefaultlibs -Wl,-Ttext=0x7c400000 -no-pie
diff --git a/system/wine/winhlp32-flex.patch b/system/wine/winhlp32-flex.patch
new file mode 100644
index 000000000..daeb790c2
--- /dev/null
+++ b/system/wine/winhlp32-flex.patch
@@ -0,0 +1,9 @@
+--- a/programs/winhlp32/Makefile.in
++++ b/programs/winhlp32/Makefile.in
+@@ -1,5 +1,5 @@
+ MODULE = winhlp32.exe
+-APPMODE = -mwindows
++APPMODE = -mwindows -lfl
+ IMPORTS = user32 gdi32
+ DELAYIMPORTS = shell32 comctl32 comdlg32
+