summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
Diffstat (limited to 'user')
-rw-r--r--user/apr-util/APKBUILD64
-rw-r--r--user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch55
-rw-r--r--user/ffmpeg/APKBUILD104
-rw-r--r--user/freetype/0001-Enable-table-validation-modules.patch34
-rw-r--r--user/freetype/0002-Enable-subpixel-rendering.patch25
-rw-r--r--user/freetype/0003-Enable-infinality-subpixel-hinting.patch27
-rw-r--r--user/freetype/0004-Enable-long-PCF-family-names.patch25
-rw-r--r--user/freetype/40-memcpy-fix.patch14
-rw-r--r--user/freetype/APKBUILD59
-rw-r--r--user/freetype/freetype-profile.sh12
-rw-r--r--user/glib-networking/APKBUILD43
-rw-r--r--user/glib-networking/proxy-test.patch13
-rw-r--r--user/glib/0001-gquark-fix-initialization-with-c-constructors.patch47
-rw-r--r--user/glib/APKBUILD103
-rw-r--r--user/glib/broken-gio-tests.patch100
-rw-r--r--user/glib/fix-spawn.patch22
-rw-r--r--user/glib/glib.trigger16
-rw-r--r--user/glib/i386-fpu-test.patch13
-rw-r--r--user/glib/musl-no-locale.patch55
-rw-r--r--user/glib/ridiculous-strerror-nonconformance.patch11
-rw-r--r--user/glib/thread-test-fix.patch11
-rw-r--r--user/gnutls/APKBUILD74
-rw-r--r--user/gnutls/tests-date-compat.patch12
-rw-r--r--user/gpgme/APKBUILD59
-rw-r--r--user/gpgme/fix-bashism.patch10
-rw-r--r--user/graphviz/0001-clone-nameclash.patch87
-rw-r--r--user/graphviz/APKBUILD120
-rw-r--r--user/graphviz/graphviz.pre-deinstall5
-rw-r--r--user/graphviz/graphviz.trigger3
-rw-r--r--user/gsl/APKBUILD42
-rw-r--r--user/gsl/aarch64-test-failure.patch13
-rw-r--r--user/gsl/dont-disable-deprecated.patch24
-rw-r--r--user/hexchat/APKBUILD61
-rw-r--r--user/hexchat/libressl.patch105
-rw-r--r--user/hexchat/pixdata.patch56
-rw-r--r--user/i3lock/APKBUILD43
-rw-r--r--user/jasper/APKBUILD49
-rw-r--r--user/libbluray/APKBUILD36
-rw-r--r--user/libcanberra/APKBUILD95
-rw-r--r--user/libgit2/APKBUILD52
-rw-r--r--user/libgit2/build-both-static-dynamic.patch53
-rw-r--r--user/libgit2/libressl.patch12
-rw-r--r--user/libgit2/pkgconfig-do-not-quote-Libs.patch26
-rw-r--r--user/libnih/APKBUILD57
-rw-r--r--user/libnih/disable-broken-test.patch11
-rw-r--r--user/libnih/musl-enomem-message.patch489
-rw-r--r--user/libnih/musl-fix-signals.patch12
-rw-r--r--user/libnih/parse-test-fix.patch11
-rw-r--r--user/libnotify/APKBUILD34
-rw-r--r--user/libsndfile/APKBUILD61
-rw-r--r--user/libsndfile/CVE-2017-12562.patch88
-rw-r--r--user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch64
-rw-r--r--user/libsndfile/CVE-2017-8362.patch50
-rw-r--r--user/libsndfile/varargs-32bit.patch11
-rw-r--r--user/libssh2/APKBUILD41
-rw-r--r--user/libvpx/APKBUILD52
-rw-r--r--user/libvpx/libm-pc.patch11
-rw-r--r--user/lighttpd/APKBUILD116
-rw-r--r--user/lighttpd/char-signedness.patch46
-rw-r--r--user/lighttpd/lighttpd.conf261
-rw-r--r--user/lighttpd/lighttpd.confd12
-rw-r--r--user/lighttpd/lighttpd.initd75
-rw-r--r--user/lighttpd/lighttpd.logrotate15
-rw-r--r--user/lighttpd/lighttpd.pre-install8
l---------user/lighttpd/lighttpd.pre-upgrade1
-rw-r--r--user/lighttpd/mime-types.conf79
-rw-r--r--user/lighttpd/mod_cgi.conf33
-rw-r--r--user/lighttpd/mod_fastcgi.conf17
-rw-r--r--user/lighttpd/mod_fastcgi_fpm.conf16
-rw-r--r--user/lm_sensors/APKBUILD85
-rw-r--r--user/lm_sensors/fancontrol.initd33
-rw-r--r--user/lm_sensors/musl-fix-includes.patch62
-rw-r--r--user/lm_sensors/sensord.confd3
-rw-r--r--user/lm_sensors/sensord.initd33
-rw-r--r--user/lm_sensors/sensors-detect-alpine.patch47
-rw-r--r--user/lm_sensors/sensors.install12
-rw-r--r--user/ltrace/APKBUILD44
-rw-r--r--user/ltrace/aarch-part2.patch1982
-rw-r--r--user/ltrace/aarch64.patch2155
-rw-r--r--user/ltrace/add_ppc64le.patch54
-rw-r--r--user/ltrace/musl.patch153
-rw-r--r--user/mlt/APKBUILD43
-rw-r--r--user/mlt/mlt-6.8.0-locale-header.patch18
-rw-r--r--user/mutt/APKBUILD61
-rw-r--r--user/neon/APKBUILD41
-rw-r--r--user/openldap/APKBUILD212
-rw-r--r--user/openldap/CVE-2017-9287.patch28
-rw-r--r--user/openldap/configs.patch117
-rw-r--r--user/openldap/fix-manpages.patch75
-rw-r--r--user/openldap/libressl.patch65
-rw-r--r--user/openldap/openldap-2.4-ppolicy.patch13
-rw-r--r--user/openldap/openldap-2.4.11-libldap_r.patch11
-rw-r--r--user/openldap/openldap-mqtt-overlay.patch447
-rw-r--r--user/openldap/openldap.post-install11
-rw-r--r--user/openldap/openldap.post-upgrade31
-rw-r--r--user/openldap/openldap.pre-install7
-rw-r--r--user/openldap/slapd.confd12
-rw-r--r--user/openldap/slapd.initd34
-rw-r--r--user/orbit2/APKBUILD45
-rw-r--r--user/orbit2/glib-2.36.patch15
-rw-r--r--user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch108
-rw-r--r--user/polkit/APKBUILD80
-rw-r--r--user/polkit/CVE-2013-4288.patch123
-rw-r--r--user/polkit/CVE-2015-3218.patch115
-rw-r--r--user/polkit/CVE-2015-3255.patch67
-rw-r--r--user/polkit/CVE-2015-4625.patch1008
-rw-r--r--user/polkit/automake.patch19
-rw-r--r--user/polkit/disable-ck-test.patch15
-rw-r--r--user/polkit/fix-consolekit-db-stat.patch30
-rw-r--r--user/polkit/fix-parallel-make.patch40
-rw-r--r--user/polkit/fix-test-fgetpwent.patch20
-rw-r--r--user/py-dbus/APKBUILD44
-rw-r--r--user/qca/APKBUILD35
-rw-r--r--user/redis/APKBUILD87
-rw-r--r--user/redis/fix-ppc-atomics.patch13
-rw-r--r--user/redis/posix-runtest.patch33
-rw-r--r--user/redis/redis.confd9
-rwxr-xr-xuser/redis/redis.initd52
-rw-r--r--user/redis/redis.logrotate4
-rw-r--r--user/redis/redis.pre-install6
-rw-r--r--user/snappy/APKBUILD43
-rw-r--r--user/spice/APKBUILD43
-rw-r--r--user/upower/APKBUILD40
-rw-r--r--user/upower/daemon-fix-get_critical_action.patch28
-rw-r--r--user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch184
-rw-r--r--user/valgrind/APKBUILD76
-rw-r--r--user/valgrind/arm.patch11
-rw-r--r--user/valgrind/coregrind-elfv2.patch443
-rw-r--r--user/valgrind/uclibc.patch10
-rw-r--r--user/vlc/APKBUILD362
-rw-r--r--user/vlc/check-headless.patch13
-rw-r--r--user/vlc/disable-sub-autodetect-fuzzy-1-test.patch20
-rw-r--r--user/vlc/fribidi-update.patch83
-rw-r--r--user/vlc/omxil-rpi-codecs.patch15
-rw-r--r--user/vlc/tar-compat.patch11
-rw-r--r--user/vlc/test-s390x.patch13
-rw-r--r--user/vlc/vlc-daemon.pre-install15
-rw-r--r--user/vlc/vlc-libs.trigger5
-rw-r--r--user/vlc/vlc.confd15
-rwxr-xr-xuser/vlc/vlc.initd32
-rw-r--r--user/wayland/APKBUILD59
-rw-r--r--user/weechat/APKBUILD66
-rw-r--r--user/weechat/fix-python-linking.patch11
-rw-r--r--user/weechat/libintl-fix.patch12
-rw-r--r--user/wget/APKBUILD50
-rw-r--r--user/wpa_supplicant/APKBUILD104
-rw-r--r--user/wpa_supplicant/config550
-rw-r--r--user/wpa_supplicant/eloop.patch16
-rw-r--r--user/wpa_supplicant/libressl.patch49
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch174
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch250
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch184
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch79
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch64
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch132
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch43
-rw-r--r--user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch82
-rw-r--r--user/wpa_supplicant/wpa_cli.sh33
-rw-r--r--user/wpa_supplicant/wpa_supplicant.confd6
-rw-r--r--user/wpa_supplicant/wpa_supplicant.initd53
-rw-r--r--user/xf86-video-ati/APKBUILD36
161 files changed, 14933 insertions, 0 deletions
diff --git a/user/apr-util/APKBUILD b/user/apr-util/APKBUILD
new file mode 100644
index 000000000..415c3e9cd
--- /dev/null
+++ b/user/apr-util/APKBUILD
@@ -0,0 +1,64 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=apr-util
+pkgver=1.6.1
+pkgrel=0
+pkgdesc="The Apache Portable Runtime Utility Library"
+url="http://apr.apache.org/"
+arch="all"
+license="ASL 2.0"
+depends=
+subpackages="$pkgname-dev $pkgname-dbm_db $pkgname-dbd_pgsql
+ $pkgname-dbd_sqlite3 $pkgname-ldap"
+
+depends_dev="expat-dev apr-dev openldap-dev sqlite-dev postgresql-dev
+ db-dev openssl-dev"
+makedepends="$depends_dev bash chrpath openssl"
+source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2"
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --with-apr=/usr \
+ --with-ldap \
+ --with-pgsql \
+ --with-sqlite3 \
+ --with-berkeley-db \
+ --with-crypto \
+ --with-openssl \
+ --without-sqlite2 \
+ --without-gdbm
+ make
+}
+
+check() {
+ cd "$builddir"
+ # testxlate fails because UTF-7 is unsupported
+ make check || return 0
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ rm "$pkgdir"/usr/lib/*.exp
+ chrpath -d "$pkgdir"/usr/lib/*.so.*
+}
+
+_mv_mod() {
+ pkgdesc="The Apache Portable Runtime Utility Library - $2 driver"
+ depends=
+ local _moddir="usr/lib/apr-util-1"
+ mkdir -p "$subpkgdir"/$_moddir
+ mv "$pkgdir"/$_moddir/apr_$1*.so "$subpkgdir"/$_moddir/
+}
+
+dbm_db() { _mv_mod dbm_db "Berkley DB"; }
+dbd_pgsql() { _mv_mod dbd_pgsql "PostgreSQL"; }
+dbd_mysql() { _mv_mod dbd_mysql "MySQL"; }
+dbd_sqlite3() { _mv_mod dbd_sqlite "SQLite3"; }
+ldap() { _mv_mod ldap "LDAP"; }
+
+sha512sums="40eff8a37c0634f7fdddd6ca5e596b38de15fd10767a34c30bbe49c632816e8f3e1e230678034f578dd5816a94f246fb5dfdf48d644829af13bf28de3225205d apr-util-1.6.1.tar.bz2"
diff --git a/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch b/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
new file mode 100644
index 000000000..93e3ac995
--- /dev/null
+++ b/user/ffmpeg/0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
@@ -0,0 +1,55 @@
+From ab11be0becb90542f10d5713659b559842c53af2 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 29 Mar 2016 15:15:17 +0200
+Subject: [PATCH] libavutil: clean up unused FF_SYMVER macro
+
+There is nothing using it since commit d63443b9 (lavc: drop the
+av_fast_{re,m}alloc compatibility wrappers).
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ libavutil/internal.h | 28 ----------------------------
+ 1 file changed, 28 deletions(-)
+
+diff --git a/libavutil/internal.h b/libavutil/internal.h
+index 61784b5..69d63d5 100644
+--- a/libavutil/internal.h
++++ b/libavutil/internal.h
+@@ -177,34 +177,6 @@
+ #endif
+
+ /**
+- * Define a function with only the non-default version specified.
+- *
+- * On systems with ELF shared libraries, all symbols exported from
+- * FFmpeg libraries are tagged with the name and major version of the
+- * library to which they belong. If a function is moved from one
+- * library to another, a wrapper must be retained in the original
+- * location to preserve binary compatibility.
+- *
+- * Functions defined with this macro will never be used to resolve
+- * symbols by the build-time linker.
+- *
+- * @param type return type of function
+- * @param name name of function
+- * @param args argument list of function
+- * @param ver version tag to assign function
+- */
+-#if HAVE_SYMVER_ASM_LABEL
+-# define FF_SYMVER(type, name, args, ver) \
+- type ff_##name args __asm__ (EXTERN_PREFIX #name "@" ver); \
+- type ff_##name args
+-#elif HAVE_SYMVER_GNU_ASM
+-# define FF_SYMVER(type, name, args, ver) \
+- __asm__ (".symver ff_" #name "," EXTERN_PREFIX #name "@" ver); \
+- type ff_##name args; \
+- type ff_##name args
+-#endif
+-
+-/**
+ * Return NULL if a threading library has not been enabled.
+ * Used to disable threading functions in AVCodec definitions
+ * when not needed.
+--
+2.7.4
+
diff --git a/user/ffmpeg/APKBUILD b/user/ffmpeg/APKBUILD
new file mode 100644
index 000000000..a963e33f8
--- /dev/null
+++ b/user/ffmpeg/APKBUILD
@@ -0,0 +1,104 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Jakub Skrzypnik <j.skrzypnik@openmailbox.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ffmpeg
+pkgver=3.4
+pkgrel=1
+pkgdesc="Complete and free Internet live audio and video broadcasting solution for Linux/Unix"
+url="http://ffmpeg.org/"
+arch="all"
+license="GPL"
+options="!check textrels" # Test suite requires proper licensing headers on all files,
+ # which upstream does not provide.
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+makedepends="gnutls-dev lame-dev libvorbis-dev xvidcore-dev zlib-dev libvdpau-dev
+ imlib2-dev libtheora-dev coreutils bzip2-dev perl-dev libvpx-dev
+ pulseaudio-dev sdl2-dev libxfixes-dev libva-dev alsa-lib-dev rtmpdump-dev
+ v4l-utils-dev yasm opus-dev x265-dev xz-dev freetype-dev speex-dev
+ ladspa-dev libcdio-dev libcdio-paranoia-dev wavpack-dev libwebp-dev"
+source="http://ffmpeg.org/releases/ffmpeg-$pkgver.tar.xz
+ 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 3.3.4-r0:
+# - CVE-2017-14054
+# - CVE-2017-14055
+# - CVE-2017-14056
+# - CVE-2017-14057
+# - CVE-2017-14058
+# - CVE-2017-14059
+# - CVE-2017-14169
+# - CVE-2017-14170
+# - CVE-2017-14171
+# - CVE-2017-14222
+# - CVE-2017-14223
+# - CVE-2017-14225
+
+build() {
+ local _dbg="--disable-debug"
+ local _asm=""
+ [ -n "$DEBUG" ] && _dbg="--enable-debug"
+
+ case "$CARCH" in
+ x86 | arm*) _asm="--disable-asm" ;;
+ ppc64) _asm="--cpu=G5" ;;
+ esac
+
+ cd "$builddir"
+ ./configure \
+ --prefix=/usr \
+ --enable-avresample \
+ --enable-avfilter \
+ --enable-gnutls \
+ --enable-gpl \
+ --enable-libmp3lame \
+ --enable-librtmp \
+ --enable-libvorbis \
+ --enable-libvpx \
+ --enable-libxvid \
+ --enable-libx265 \
+ --enable-libtheora \
+ --enable-libv4l2 \
+ --enable-postproc \
+ --enable-pic \
+ --enable-pthreads \
+ --enable-shared \
+ --enable-libxcb \
+ --disable-stripping \
+ --disable-static \
+ --enable-vaapi \
+ --enable-vdpau \
+ --enable-libopus \
+ --enable-libcdio \
+ --enable-ladspa \
+ --enable-lzma \
+ --enable-libspeex \
+ --enable-libfreetype \
+ --enable-libwavpack \
+ --enable-libwebp \
+ --enable-libpulse \
+ $_asm $_dbg
+ make
+ ${CC:-gcc} -o tools/qt-faststart $CFLAGS tools/qt-faststart.c
+ make doc/ffmpeg.1 doc/ffplay.1 doc/ffserver.1
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install install-man
+ install -D -m755 tools/qt-faststart "$pkgdir/usr/bin/qt-faststart"
+# strip --strip-debug "$pkgdir"/usr/lib/*.a
+}
+
+libs() {
+ pkgdesc="Libraries for ffmpeg"
+ replaces="ffmpeg"
+ mkdir -p "$subpkgdir"/usr
+ mv "$pkgdir"/usr/lib "$subpkgdir"/usr
+}
+
+sha512sums="357445f0152848d43f8a22f1078825bc44adacff9194e12cc78e8b5edac8e826bbdf73dc8b37e0f2a3036125b76b6b9190153760c761e63ebd2452a39e39536f ffmpeg-3.4.tar.xz
+32652e18d4eb231a2e32ad1cacffdf33264aac9d459e0e2e6dd91484fced4e1ca5a62886057b1f0b4b1589c014bbe793d17c78adbaffec195f9a75733b5b18cb 0001-libavutil-clean-up-unused-FF_SYMVER-macro.patch"
diff --git a/user/freetype/0001-Enable-table-validation-modules.patch b/user/freetype/0001-Enable-table-validation-modules.patch
new file mode 100644
index 000000000..3e9451fa8
--- /dev/null
+++ b/user/freetype/0001-Enable-table-validation-modules.patch
@@ -0,0 +1,34 @@
+From c3680bf8d38cf759c1e33dcc2d2d51e0a4fea2f9 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 23 Jun 2015 08:40:29 +0200
+Subject: [PATCH 1/3] Enable table validation modules
+
+---
+ modules.cfg | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/modules.cfg b/modules.cfg
+index f30049c38cc45159..7b8e50fe1b34584a 100644
+--- a/modules.cfg
++++ b/modules.cfg
+@@ -120,7 +120,7 @@ AUX_MODULES += cache
+ # TrueType GX/AAT table validation. Needs ftgxval.c below.
+ #
+ # No FT_CONFIG_OPTION_PIC support.
+-# AUX_MODULES += gxvalid
++AUX_MODULES += gxvalid
+
+ # Support for streams compressed with gzip (files with suffix .gz).
+ #
+@@ -143,7 +143,7 @@ AUX_MODULES += bzip2
+ # OpenType table validation. Needs ftotval.c below.
+ #
+ # No FT_CONFIG_OPTION_PIC support.
+-# AUX_MODULES += otvalid
++AUX_MODULES += otvalid
+
+ # Auxiliary PostScript driver component to share common code.
+ #
+--
+2.9.3
+
diff --git a/user/freetype/0002-Enable-subpixel-rendering.patch b/user/freetype/0002-Enable-subpixel-rendering.patch
new file mode 100644
index 000000000..dfb57966e
--- /dev/null
+++ b/user/freetype/0002-Enable-subpixel-rendering.patch
@@ -0,0 +1,25 @@
+From 96f09f08417887b2618c177bccfb6da2906568d9 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Tue, 23 Jun 2015 08:43:07 +0200
+Subject: [PATCH 2/3] Enable subpixel rendering
+
+---
+ include/freetype/config/ftoption.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h
+index 90c123ef93e9ea04..67a361dd41e0b026 100644
+--- a/include/freetype/config/ftoption.h
++++ b/include/freetype/config/ftoption.h
+@@ -122,7 +122,7 @@ FT_BEGIN_HEADER
+ /* This is done to allow FreeType clients to run unmodified, forcing */
+ /* them to display normal gray-level anti-aliased glyphs. */
+ /* */
+-/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */
++#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING
+
+
+ /*************************************************************************/
+--
+2.9.3
+
diff --git a/user/freetype/0003-Enable-infinality-subpixel-hinting.patch b/user/freetype/0003-Enable-infinality-subpixel-hinting.patch
new file mode 100644
index 000000000..bbfa2a2cd
--- /dev/null
+++ b/user/freetype/0003-Enable-infinality-subpixel-hinting.patch
@@ -0,0 +1,27 @@
+From 220e96a9a8d7aff6ad0f0f1aa12c79cdb563331c Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Mon, 29 Aug 2016 08:43:10 +0200
+Subject: [PATCH 3/3] Enable infinality subpixel hinting
+
+---
+ include/freetype/config/ftoption.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h
+index 67a361dd41e0b026..c4812862518b66a6 100644
+--- a/include/freetype/config/ftoption.h
++++ b/include/freetype/config/ftoption.h
+@@ -675,8 +675,8 @@ FT_BEGIN_HEADER
+ /* [1] http://www.microsoft.com/typography/cleartype/truetypecleartype.aspx */
+ /* */
+ /* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING 1 */
+-#define TT_CONFIG_OPTION_SUBPIXEL_HINTING 2
+-/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING ( 1 | 2 ) */
++/* #define TT_CONFIG_OPTION_SUBPIXEL_HINTING 2 */
++#define TT_CONFIG_OPTION_SUBPIXEL_HINTING ( 1 | 2 )
+
+
+ /*************************************************************************/
+--
+2.9.3
+
diff --git a/user/freetype/0004-Enable-long-PCF-family-names.patch b/user/freetype/0004-Enable-long-PCF-family-names.patch
new file mode 100644
index 000000000..675423a7c
--- /dev/null
+++ b/user/freetype/0004-Enable-long-PCF-family-names.patch
@@ -0,0 +1,25 @@
+From 62da6a0f7f5cb77859a793863c386c452411e2a6 Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Sun, 14 May 2017 18:09:31 +0200
+Subject: [PATCH 4/4] Enable long PCF family names
+
+---
+ include/freetype/config/ftoption.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/include/freetype/config/ftoption.h b/include/freetype/config/ftoption.h
+index ebb44acdbbef9a47..0b39b417162707e4 100644
+--- a/include/freetype/config/ftoption.h
++++ b/include/freetype/config/ftoption.h
+@@ -865,7 +865,7 @@ FT_BEGIN_HEADER
+ /* If this option is activated, it can be controlled with the */
+ /* `no-long-family-names' property of the pcf driver module. */
+ /* */
+-/* #define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES */
++#define PCF_CONFIG_OPTION_LONG_FAMILY_NAMES
+
+
+ /*************************************************************************/
+--
+2.13.0
+
diff --git a/user/freetype/40-memcpy-fix.patch b/user/freetype/40-memcpy-fix.patch
new file mode 100644
index 000000000..89e61cd0b
--- /dev/null
+++ b/user/freetype/40-memcpy-fix.patch
@@ -0,0 +1,14 @@
+--- ./src/psaux/psobjs.c~ 2006-04-26 16:38:17.000000000 +0200
++++ ./src/psaux/psobjs.c 2006-09-10 15:01:13.000000000 +0200
+@@ -165,6 +165,11 @@
+ return PSaux_Err_Invalid_Argument;
+ }
+
++ if ( length < 0 ) {
++ FT_ERROR(( "ps_table_add: invalid length\n" ));
++ return PSaux_Err_Invalid_Argument;
++ }
++
+ /* grow the base block if needed */
+ if ( table->cursor + length > table->capacity )
+ {
diff --git a/user/freetype/APKBUILD b/user/freetype/APKBUILD
new file mode 100644
index 000000000..fbb4e0103
--- /dev/null
+++ b/user/freetype/APKBUILD
@@ -0,0 +1,59 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=freetype
+pkgver=2.8.1
+pkgrel=2
+pkgdesc="TrueType font rendering library"
+url="https://www.freetype.org/"
+arch="all"
+license="GPL"
+options="!check"
+depends=""
+depends_dev=""
+makedepends="$depends_dev zlib-dev libpng-dev bzip2-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://download.savannah.gnu.org/releases/freetype/freetype-$pkgver.tar.bz2
+ 40-memcpy-fix.patch
+ 0001-Enable-table-validation-modules.patch
+ 0003-Enable-infinality-subpixel-hinting.patch
+ 0004-Enable-long-PCF-family-names.patch
+
+ freetype-profile.sh
+ "
+
+# secfixes:
+# 2.7.1-r1:
+# - CVE-2017-8105
+# - CVE-2017-8287
+
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --disable-static \
+ --with-bzip2 \
+ --with-png
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+
+ install -Dm644 "$srcdir"/freetype-profile.sh \
+ "$pkgdir"/etc/profile.d/freetype.sh
+}
+
+sha512sums="ca59e47f0fceeeb9b8032be2671072604d0c79094675df24187829c05e99757d0a48a0f8062d4d688e056f783aa8f6090d732ad116562e94784fccf1339eb823 freetype-2.8.1.tar.bz2
+9981be8a3ea6f2cf856860b87a4e895e4610c9d5ea4beb611815e757e6080e060f6853ace02dd8ea55e5888cdf4bae5ad5eadd2d8a123754bb3c0bfe7ef41dea 40-memcpy-fix.patch
+41a84be2631b53072a76b78c582575aa48b650ee7b00017d018381002bc25df10cf33da4954c95ef50db39f1fa566678e3b4ae9bfee1dfd705423fb53e53e494 0001-Enable-table-validation-modules.patch
+7b52a3d67750d59b2c98e83dab4e0a0ab263142c2ca7bd5f8be5f8fe9cd1dc1f4debad44111c7886665329d8d2a3163756455618a6615df8f85d82bb0372d4dd 0003-Enable-infinality-subpixel-hinting.patch
+64c20fbcbf48372ea35fe2e0dae8fec4be8c601c899a4a71913060c6ea4082a2f41d69701da511e09fee126bf198d560986469e2356bd088d2dd5961f437df63 0004-Enable-long-PCF-family-names.patch
+7100cde5b2ca16bfbe968fce3e2eba5ba49e6ed53792d5db889c8d89e572d7d80da1338ccc9eeb9b243664ca2337467e9f73c1074bee0b34c417f6c7832ed390 freetype-profile.sh"
diff --git a/user/freetype/freetype-profile.sh b/user/freetype/freetype-profile.sh
new file mode 100644
index 000000000..a4cc6423b
--- /dev/null
+++ b/user/freetype/freetype-profile.sh
@@ -0,0 +1,12 @@
+# Subpixel hinting mode can be chosen by setting the right TrueType interpreter
+# version. The available settings are:
+#
+# truetype:interpreter-version=35 # Classic mode (default in 2.6)
+# truetype:interpreter-version=38 # Infinality mode
+# truetype:interpreter-version=40 # Minimal mode (default in 2.7)
+#
+# There are more properties that can be set, separated by whitespace. Please
+# refer to the FreeType documentation for details.
+
+# Uncomment and configure below
+export FREETYPE_PROPERTIES="truetype:interpreter-version=38"
diff --git a/user/glib-networking/APKBUILD b/user/glib-networking/APKBUILD
new file mode 100644
index 000000000..65ae109a0
--- /dev/null
+++ b/user/glib-networking/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=glib-networking
+pkgver=2.54.1
+_maj=${pkgver%%.*}
+_min=${pkgver#${_maj}.}
+_min=${_min%%.*}
+_ver=$_maj.$_min
+pkgrel=1
+pkgdesc="Networking support for GLib"
+url="http://www.gnome.org"
+arch="all"
+license="LGPL-2.1+"
+depends="ca-certificates"
+makedepends="glib-dev gnutls-dev libproxy-dev intltool libgcrypt-dev bash p11-kit-dev"
+install=
+subpackages="$pkgname-lang"
+source="http://download.gnome.org/sources/glib-networking/$_ver/glib-networking-$pkgver.tar.xz"
+
+build() {
+ cd "$builddir"
+ CONFIG_SHELL=/bin/bash ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --disable-more-warnings \
+ --with-libproxy \
+ --with-gnutls
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ rm -f "$pkgdir"/usr/lib/gio/modules/*.a
+}
+
+sha512sums="8356d835914e33df43f4f2bb6a915ddcd48dd0565e4d5bc1f1d692e9c3124ee4421b99f87f2586f74e9fed24ef7421159f3242fd1eb7bd74950bd25e860896ec glib-networking-2.54.1.tar.xz"
diff --git a/user/glib-networking/proxy-test.patch b/user/glib-networking/proxy-test.patch
new file mode 100644
index 000000000..2cab5d9f6
--- /dev/null
+++ b/user/glib-networking/proxy-test.patch
@@ -0,0 +1,13 @@
+--- ./Makefile.am.orig
++++ ./Makefile.am
+@@ -11,9 +11,9 @@
+
+ if HAVE_GNOME_PROXY
+ SUBDIRS += proxy/gnome
++SUBDIRS += proxy/tests
+ endif
+
+-SUBDIRS += proxy/tests
+
+ if HAVE_GNUTLS
+ SUBDIRS += tls/gnutls
diff --git a/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch b/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch
new file mode 100644
index 000000000..50a9a8c28
--- /dev/null
+++ b/user/glib/0001-gquark-fix-initialization-with-c-constructors.patch
@@ -0,0 +1,47 @@
+From e4216dee57f5156e192b2910f13eb855a104cb18 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Wed, 6 Jul 2016 12:38:40 +0200
+Subject: [PATCH] gquark: fix initialization with c++ constructors
+
+C++ constructors may want create new quarks, but we can not guarantee
+that the glib library ctor is executed first. Therefore we make sure
+that quarks are always initialized from g_quark_from_string and
+g_quark_from_static_string
+
+This fixes crashes in glibmm with musl which likely happens on AIX too.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=768215
+https://bugzilla.gnome.org/show_bug.cgi?id=756139#c14
+---
+ glib/gquark.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/glib/gquark.c b/glib/gquark.c
+index 9e51a92..17ecd7f 100644
+--- a/glib/gquark.c
++++ b/glib/gquark.c
+@@ -57,6 +57,11 @@ static gint quark_block_offset = 0;
+ void
+ g_quark_init (void)
+ {
++ /* we may be initialized from c++ constructor or the glib ctor, but we
++ cannot guarantee in what order. So we check if we have been initialized */
++ if (quark_ht != NULL)
++ return;
++
+ g_assert (quark_seq_id == 0);
+ quark_ht = g_hash_table_new (g_str_hash, g_str_equal);
+ quarks = g_new (gchar*, QUARK_BLOCK_SIZE);
+@@ -179,6 +184,9 @@ quark_from_string (const gchar *string,
+ {
+ GQuark quark = 0;
+
++ if (G_UNLIKELY (quark_ht == NULL))
++ g_quark_init();
++
+ quark = GPOINTER_TO_UINT (g_hash_table_lookup (quark_ht, string));
+
+ if (!quark)
+--
+2.9.0
+
diff --git a/user/glib/APKBUILD b/user/glib/APKBUILD
new file mode 100644
index 000000000..89a98754f
--- /dev/null
+++ b/user/glib/APKBUILD
@@ -0,0 +1,103 @@
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=glib
+pkgver=2.54.2
+pkgrel=1
+pkgdesc="Common C routines used by Gtk+ and other libs"
+url="https://developer.gnome.org/glib/"
+arch="all"
+license="GPL"
+depends=
+triggers="$pkgname.trigger=/usr/share/glib-2.0/schemas:/usr/lib/gio/modules"
+depends_dev="perl python3 attr-dev gettext-dev zlib-dev bzip2-dev libffi-dev
+ util-linux-dev"
+makedepends="$depends_dev pcre-dev xmlto"
+checkdepends="tzdata"
+options="!checkroot"
+source="https://download.gnome.org/sources/$pkgname/${pkgver%.*}/$pkgname-$pkgver.tar.xz
+ 0001-gquark-fix-initialization-with-c-constructors.patch
+ broken-gio-tests.patch
+ fix-spawn.patch
+ i386-fpu-test.patch
+ musl-no-locale.patch
+ ridiculous-strerror-nonconformance.patch
+ thread-test-fix.patch
+ "
+subpackages="$pkgname-dbg $pkgname-doc $pkgname-static $pkgname-dev $pkgname-lang $pkgname-bash-completion:bashcomp:noarch"
+builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+ cd "$builddir"
+ default_prepare
+
+ # workaround packaging issue. gtk-doc.make timestamp was newer than
+ # Makefile.am, which triggers automake re-run
+ touch -r docs/reference/glib/Makefile.am gtk-doc.make
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --mandir=/usr/share/man \
+ --disable-gtk-doc \
+ --disable-compile-warnings \
+ --disable-selinux \
+ --with-pcre=system \
+ --with-python=python3 \
+ --with-pic \
+ --enable-static
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ rm -rf "$pkgdir"/usr/lib/charset.alias
+}
+
+dev() {
+ default_dev
+ mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/share
+ find "$pkgdir"/usr/bin ! -name "glib-compile-schemas" -a \( \
+ -name "gdbus-codegen" -o \
+ -name "gobject-query" -o \
+ -name "gresource" -o \
+ -name "gtester*" -o \
+ -name "glib-*" \) \
+ -exec mv {} "$subpkgdir"/usr/bin \;
+ mv "$pkgdir"/usr/share/gdb "$pkgdir"/usr/share/glib-2.0 \
+ "$subpkgdir"/usr/share
+}
+
+static() {
+ pkgdesc="glib static libraries"
+ depends="gettext-static"
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/*.a "$subpkgdir"/usr/lib/
+}
+
+bashcomp() {
+ pkgdesc="Bash completion for $pkgname"
+ depends=
+ install_if="$pkgname=$pkgver-r$pkgrel bash-completion"
+ mkdir -p "$subpkgdir"/usr/share
+ mv "$pkgdir"/usr/share/bash-completion "$subpkgdir"/usr/share
+ [ "$(ls -A "$pkgdir"/usr/share)" ] || rmdir "$pkgdir"/usr/share
+}
+
+sha512sums="09ee6fa3a6f3f15af229bd789bef536e3570f36d1e4ce624a57e97c4040577f6baccd6ab5746257863ccf7173b558cfa753951d562a278f854e52604104ba7ee glib-2.54.2.tar.xz
+32e5aca9a315fb985fafa0b4355e4498c1f877fc1f0b58ad4ac261fb9fbced9f026c7756a5f2af7d61ce756b55c8cd02811bb08df397040e93510056f073756b 0001-gquark-fix-initialization-with-c-constructors.patch
+9bf99de4672765704759098c883cfc4d2747cf10d9d568ae97134806a089e4bebae57886bae45dcc53694e0190248abe6ae52cc38dc742cd754d352406ac0680 broken-gio-tests.patch
+0f0a98784aeed92f33cd9239d2f668bdc6c09b84ed020825ae88f6aacf6a922152dc3e1384c40d9f30f54c5ab78fe17e0ee5c42b268b297b595d2a6cde5b8998 fix-spawn.patch
+aa7444bbdf7b88798adc67c15cdb8b7459450c0b7357caea16b74462c5c9179ba80d4018b1e656e90a5e3be5b2e3c14e9b8c0ccbb2ee4d8c92dc8fa627518b84 i386-fpu-test.patch
+10d23961072e3d8c8bbe5ee9a6b6ad709734690485c7148f1f8a2081a3ecc06cc3e3ff02ea870e1b429cd8464df6ef6e9f266148010d889fd187f4e411f65bab musl-no-locale.patch
+56c10a0f64cbd8ce584d428f818e7e678fdeb40a32df792843208ddfa3135d362cc2077bc9fe3bfebe13ee6af0ecf6403a593ad727e0a92276074a17a9c7029c ridiculous-strerror-nonconformance.patch
+0cebf9cbf87a92c3160054eb30189a827847f5820a8b90f4842b4ad5ab5cc343ba06e5f55214864bd0f0d5a21e55ec5e7f35c66207e77b1496142b7ee0c75567 thread-test-fix.patch"
diff --git a/user/glib/broken-gio-tests.patch b/user/glib/broken-gio-tests.patch
new file mode 100644
index 000000000..d7006db87
--- /dev/null
+++ b/user/glib/broken-gio-tests.patch
@@ -0,0 +1,100 @@
+Requires update-desktop-database
+--- glib-2.52.1/gio/tests/appinfo.c.old 2016-10-22 00:17:49.000000000 -0500
++++ glib-2.52.1/gio/tests/appinfo.c 2017-08-20 23:23:32.581229536 -0500
+@@ -486,7 +486,7 @@
+ g_test_add_func ("/appinfo/launch-context", test_launch_context);
+ g_test_add_func ("/appinfo/launch-context-signals", test_launch_context_signals);
+ g_test_add_func ("/appinfo/tryexec", test_tryexec);
+- g_test_add_func ("/appinfo/associations", test_associations);
++ //g_test_add_func ("/appinfo/associations", test_associations);
+ g_test_add_func ("/appinfo/environment", test_environment);
+ g_test_add_func ("/appinfo/startup-wm-class", test_startup_wm_class);
+ g_test_add_func ("/appinfo/supported-types", test_supported_types);
+
+
+Requires shared-mime-info
+--- glib-2.53.7/gio/tests/contenttype.c.old 2017-07-13 18:03:39.000000000 -0500
++++ glib-2.53.7/gio/tests/contenttype.c 2017-09-05 21:41:46.312547646 -0500
+@@ -345,9 +345,9 @@
+
+ g_test_bug_base ("http://bugzilla.gnome.org/");
+
+- g_test_add_func ("/contenttype/guess", test_guess);
++ //g_test_add_func ("/contenttype/guess", test_guess);
+ g_test_add_func ("/contenttype/unknown", test_unknown);
+- g_test_add_func ("/contenttype/subtype", test_subtype);
++ /*g_test_add_func ("/contenttype/subtype", test_subtype);
+ g_test_add_func ("/contenttype/list", test_list);
+ g_test_add_func ("/contenttype/executable", test_executable);
+ g_test_add_func ("/contenttype/description", test_description);
+@@ -355,7 +355,7 @@
+ g_test_add_func ("/contenttype/symbolic-icon", test_symbolic_icon);
+ g_test_add_func ("/contenttype/tree", test_tree);
+ g_test_add_func ("/contenttype/test_type_is_a_special_case",
+- test_type_is_a_special_case);
++ test_type_is_a_special_case);*/
+
+ return g_test_run ();
+ }
+
+
+Requires working iconv
+--- glib-2.52.1/gio/tests/converter-stream.c.old 2016-10-22 00:18:11.000000000 -0500
++++ glib-2.52.1/gio/tests/converter-stream.c 2017-08-20 23:21:31.711358101 -0500
+@@ -1203,7 +1203,7 @@
+ };
+ CharsetTest charset_tests[] = {
+ { "/converter-input-stream/charset/utf8->latin1", "UTF-8", "\303\205rr Sant\303\251", "ISO-8859-1", "\305rr Sant\351", 0 },
+- { "/converter-input-stream/charset/latin1->utf8", "ISO-8859-1", "\305rr Sant\351", "UTF-8", "\303\205rr Sant\303\251", 0 },
++ //{ "/converter-input-stream/charset/latin1->utf8", "ISO-8859-1", "\305rr Sant\351", "UTF-8", "\303\205rr Sant\303\251", 0 },
+- { "/converter-input-stream/charset/fallbacks", "UTF-8", "Some characters just don't fit into latin1: πא", "ISO-8859-1", "Some characters just don't fit into latin1: \\CF\\80\\D7\\90", 4 },
++ //{ "/converter-input-stream/charset/fallbacks", "UTF-8", "Some characters just don't fit into latin1: πא", "ISO-8859-1", "Some characters just don't fit into latin1: \\CF\\80\\D7\\90", 4 },
+ };
+
+
+
+Requires dconf
+--- glib-2.52.1/gio/tests/gsettings.c.old 2017-08-20 23:26:31.284378974 -0500
++++ glib-2.52.1/gio/tests/gsettings.c 2017-08-20 23:26:46.637699607 -0500
+@@ -2603,6 +2603,8 @@
+ gchar *schema_text;
+ gchar *enums;
+ gint result;
++ printf("1..0\n");
++ return 0;
+
+ setlocale (LC_ALL, "");
+
+
+Requires update-desktop-database
+--- glib-2.52.1/gio/tests/desktop-app-info.c.old 2016-10-22 00:17:55.000000000 -0500
++++ glib-2.52.1/gio/tests/desktop-app-info.c 2017-08-20 23:38:16.840439686 -0500
+@@ -761,6 +761,8 @@
+ {
+ gint result;
+
++ printf("1..0\n");
++ return 0;
+ g_test_init (&argc, &argv, NULL);
+
+ basedir = g_get_current_dir ();
+
+
+--- glib-2.52.1/gio/tests/resources.c.old 2016-10-22 00:18:12.000000000 -0500
++++ glib-2.52.1/gio/tests/resources.c 2017-08-20 23:39:47.127025718 -0500
+@@ -426,6 +426,7 @@
+ g_assert_cmpstr (g_bytes_get_data (data, NULL), ==, "test1\n");
+ g_bytes_unref (data);
+
++#if 0 // dlclose is noop on musl
+ g_type_module_unuse (G_TYPE_MODULE (module));
+
+ found = g_resources_get_info ("/resourceplugin/test1.txt",
+@@ -434,6 +435,7 @@
+ g_assert (!found);
+ g_assert_error (error, G_RESOURCE_ERROR, G_RESOURCE_ERROR_NOT_FOUND);
+ g_clear_error (&error);
++#endif
+ }
+ }
+
diff --git a/user/glib/fix-spawn.patch b/user/glib/fix-spawn.patch
new file mode 100644
index 000000000..df352fdc3
--- /dev/null
+++ b/user/glib/fix-spawn.patch
@@ -0,0 +1,22 @@
+--- glib-2.52.1/glib/tests/spawn-singlethread.c.old 2016-10-22 00:21:35.000000000 -0500
++++ glib-2.52.1/glib/tests/spawn-singlethread.c 2017-08-20 22:31:52.548311424 -0500
+@@ -210,7 +210,7 @@
+ g_test_init (&argc, &argv, NULL);
+
+ dirname = g_path_get_dirname (argv[0]);
+- echo_prog_path = g_build_filename (dirname, "test-spawn-echo" EXEEXT, NULL);
++ echo_prog_path = g_build_filename (dirname, "../test-spawn-echo" EXEEXT, NULL);
+ if (!g_file_test (echo_prog_path, G_FILE_TEST_EXISTS))
+ {
+ g_free (echo_prog_path);
+--- glib-2.52.1/glib/tests/spawn-multithreaded.c.old 2016-10-22 00:21:44.000000000 -0500
++++ glib-2.52.1/glib/tests/spawn-multithreaded.c 2017-08-20 22:32:15.981614460 -0500
+@@ -222,7 +222,7 @@
+ g_test_init (&argc, &argv, NULL);
+
+ dirname = g_path_get_dirname (argv[0]);
+- echo_prog_path = g_build_filename (dirname, "test-spawn-echo" EXEEXT, NULL);
++ echo_prog_path = g_build_filename (dirname, "../test-spawn-echo" EXEEXT, NULL);
+ if (!g_file_test (echo_prog_path, G_FILE_TEST_EXISTS))
+ {
+ g_free (echo_prog_path);
diff --git a/user/glib/glib.trigger b/user/glib/glib.trigger
new file mode 100644
index 000000000..cf23eff7d
--- /dev/null
+++ b/user/glib/glib.trigger
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+for i in "$@"; do
+ if ! [ -e "$i" ]; then
+ continue
+ fi
+ case "$i" in
+ */modules)
+ /usr/bin/gio-querymodules "$i"
+ ;;
+ */schemas)
+ /usr/bin/glib-compile-schemas "$i"
+ ;;
+ esac
+done
+
diff --git a/user/glib/i386-fpu-test.patch b/user/glib/i386-fpu-test.patch
new file mode 100644
index 000000000..986c33164
--- /dev/null
+++ b/user/glib/i386-fpu-test.patch
@@ -0,0 +1,13 @@
+--- glib-2.54.2/glib/tests/timer.c.old 2016-10-22 00:21:30.000000000 -0500
++++ glib-2.54.2/glib/tests/timer.c 2018-03-03 18:39:40.424741042 -0600
+@@ -203,7 +203,10 @@
+ {
+ g_test_init (&argc, &argv, NULL);
+
++ /* This test fails on the i386 because of crappy FPU */
++#ifndef __i386__
+ g_test_add_func ("/timer/basic", test_timer_basic);
++#endif
+ g_test_add_func ("/timer/stop", test_timer_stop);
+ g_test_add_func ("/timer/continue", test_timer_continue);
+ g_test_add_func ("/timer/reset", test_timer_reset);
diff --git a/user/glib/musl-no-locale.patch b/user/glib/musl-no-locale.patch
new file mode 100644
index 000000000..4b36b0b2e
--- /dev/null
+++ b/user/glib/musl-no-locale.patch
@@ -0,0 +1,55 @@
+--- glib-2.52.1/glib/tests/option-context.c.old 2016-10-22 05:21:34.000000000 +0000
++++ glib-2.52.1/glib/tests/option-context.c 2017-08-20 23:14:46.364133517 +0000
+@@ -638,7 +638,7 @@
+
+ old_locale = g_strdup (setlocale (LC_NUMERIC, locale));
+ current_locale = setlocale (LC_NUMERIC, NULL);
+- if (strcmp (current_locale, locale) != 0)
++ //if (strcmp (current_locale, locale) != 0)
+ {
+ fprintf (stderr, "Cannot set locale to %s, skipping\n", locale);
+ goto cleanup;
+--- glib-2.52.1/glib/tests/gdatetime.c.old 2017-03-16 20:12:05.000000000 -0500
++++ glib-2.52.1/glib/tests/gdatetime.c 2017-08-20 22:20:37.805908983 -0500
+@@ -1068,7 +1068,7 @@
+
+ oldlocale = g_strdup (setlocale (LC_ALL, NULL));
+ setlocale (LC_ALL, "fa_IR.utf-8");
+- if (strstr (setlocale (LC_ALL, NULL), "fa_IR") != NULL)
++ if ((1 == 0) && strstr (setlocale (LC_ALL, NULL), "fa_IR") != NULL)
+ {
+ TEST_PRINTF_TIME (23, 0, 0, "%OH", "\333\262\333\263"); /* '23' */
+ TEST_PRINTF_TIME (23, 0, 0, "%OI", "\333\261\333\261"); /* '11' */
+--- glib-2.52.1/glib/tests/convert.c.old 2016-10-22 00:21:34.000000000 -0500
++++ glib-2.52.1/glib/tests/convert.c 2017-08-20 22:51:48.363430954 -0500
+@@ -707,7 +707,7 @@
+
+ g_test_add_func ("/conversion/no-conv", test_no_conv);
+ g_test_add_func ("/conversion/iconv-state", test_iconv_state);
+- g_test_add_func ("/conversion/illegal-sequence", test_one_half);
++ //g_test_add_func ("/conversion/illegal-sequence", test_one_half);
+- g_test_add_func ("/conversion/byte-order", test_byte_order);
++ //g_test_add_func ("/conversion/byte-order", test_byte_order);
+ g_test_add_func ("/conversion/unicode", test_unicode_conversions);
+ g_test_add_func ("/conversion/filename-utf8", test_filename_utf8);
+--- glib-2.54.2/glib/tests/collate.c.old 2017-03-08 21:37:21.000000000 -0600
++++ glib-2.54.2/glib/tests/collate.c 2018-03-01 01:07:56.957714447 -0600
+@@ -279,7 +279,7 @@
+
+ g_setenv ("LC_ALL", "en_US", TRUE);
+ locale = setlocale (LC_ALL, "");
+- if (locale == NULL || strcmp (locale, "en_US") != 0)
++ //if (locale == NULL || strcmp (locale, "en_US") != 0)
+ {
+ g_test_message ("No suitable locale, skipping tests");
+ missing_locale = TRUE;
+--- glib-2.54.2/tests/run-collate-tests.sh.old 2016-10-22 00:17:10.000000000 -0500
++++ glib-2.54.2/tests/run-collate-tests.sh 2018-03-01 01:22:01.107722429 -0600
+@@ -1,5 +1,7 @@
+ #! /bin/sh
+
++exit 77
++
+ fail ()
+ {
+ echo "Test failed: $*"
diff --git a/user/glib/ridiculous-strerror-nonconformance.patch b/user/glib/ridiculous-strerror-nonconformance.patch
new file mode 100644
index 000000000..3ffc0aafa
--- /dev/null
+++ b/user/glib/ridiculous-strerror-nonconformance.patch
@@ -0,0 +1,11 @@
+--- glib-2.52.1/glib/tests/strfuncs.c.old 2016-10-22 00:21:44.000000000 -0500
++++ glib-2.52.1/glib/tests/strfuncs.c 2017-08-20 22:48:18.233702952 -0500
+@@ -1335,7 +1335,7 @@
+ setlocale (LC_ALL, "C");
+
+ strs = g_hash_table_new (g_str_hash, g_str_equal);
+- for (i = 1; i < 200; i++)
++ for (i = 1; i < 40; i++)
+ {
+ str = g_strerror (i);
+ g_assert (str != NULL);
diff --git a/user/glib/thread-test-fix.patch b/user/glib/thread-test-fix.patch
new file mode 100644
index 000000000..bcfcfc441
--- /dev/null
+++ b/user/glib/thread-test-fix.patch
@@ -0,0 +1,11 @@
+--- glib-2.52.1/glib/tests/thread.c.old 2016-10-22 05:21:37.000000000 +0000
++++ glib-2.52.1/glib/tests/thread.c 2017-08-20 04:51:46.756496035 +0000
+@@ -174,7 +174,7 @@
+ static gpointer
+ thread6_func (gpointer data)
+ {
+-#ifdef HAVE_PTHREAD_SETNAME_NP_WITH_TID
++#if 0
+ char name[16];
+
+ pthread_getname_np (pthread_self(), name, 16);
diff --git a/user/gnutls/APKBUILD b/user/gnutls/APKBUILD
new file mode 100644
index 000000000..b64faaa64
--- /dev/null
+++ b/user/gnutls/APKBUILD
@@ -0,0 +1,74 @@
+# Contriburo: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gnutls
+pkgver=3.6.1
+pkgrel=0
+pkgdesc="A TLS protocol implementation"
+url="http://www.gnutls.org/"
+arch="all"
+license="GPL"
+checkdepends="diffutils"
+makedepends="nettle-dev zlib-dev libtasn1-dev p11-kit-dev libunistring-dev texinfo"
+subpackages="$pkgname-dbg $pkgname-doc $pkgname-dev $pkgname-utils $pkgname-c++:xx"
+_v=${pkgver%.*}
+case $pkgver in
+*.*.*.*) _v=${_v%.*};;
+esac
+source="https://www.gnupg.org/ftp/gcrypt/gnutls/v${_v}/$pkgname-$pkgver.tar.xz
+ tests-date-compat.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 3.5.13-r0:
+# - CVE-2017-7507
+
+build() {
+ cd "$builddir"
+ LIBS="-lgmp" ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --disable-openssl-compatibility \
+ --disable-rpath \
+ --disable-static \
+ --disable-guile \
+ --disable-valgrind-tests \
+ --without-included-libtasn1 \
+ --enable-cxx \
+ --enable-manpages \
+ --enable-tests \
+ --disable-full-test-suite \
+ --disable-sslv2-support \
+ --with-zlib \
+ --with-p11-kit
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make -j1 DESTDIR="$pkgdir" install
+}
+
+utils() {
+ pkgdesc="Command line tools for TLS protocol"
+ mkdir -p "$subpkgdir"/usr/
+ mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+}
+
+xx() {
+ pkgdesc="The C++ interface to GnuTLS"
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/lib*xx.so.* "$subpkgdir"/usr/lib/
+}
+
+sha512sums="1f2bd3203ea96844c531be700b44623b79f46743143edf97011aab07895ca18d62f1659c7fafc5e1c4b0686fde490836f00358bdd60d6ac0b842526db002da23 gnutls-3.6.1.tar.xz
+14b1be86a0180c914aaaada261ccf01914d48df9510b57572e4f32683d1dd984a907ecf2c848cc4773b1c139059de26383a2c617f509f8c75b985668a23fd28d tests-date-compat.patch"
diff --git a/user/gnutls/tests-date-compat.patch b/user/gnutls/tests-date-compat.patch
new file mode 100644
index 000000000..2717ab230
--- /dev/null
+++ b/user/gnutls/tests-date-compat.patch
@@ -0,0 +1,12 @@
+Busybox date does not support %N, this is GNU extension.
+--- a/tests/scripts/common.sh
++++ b/tests/scripts/common.sh
+@@ -59,7 +59,7 @@
+ }
+
+ # Find a port number not currently in use.
+-GETPORT='rc=0; myrandom=$(date +%N | sed s/^0*//)
++GETPORT='rc=0; myrandom=$(date +%s | sed s/^0*//)
+ while test $rc = 0;do
+ PORT="$(((($$<<15)|$myrandom) % 63001 + 2000))"
+ check_if_port_in_use $PORT;rc=$?
diff --git a/user/gpgme/APKBUILD b/user/gpgme/APKBUILD
new file mode 100644
index 000000000..10ffc83de
--- /dev/null
+++ b/user/gpgme/APKBUILD
@@ -0,0 +1,59 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gpgme
+pkgver=1.9.0
+pkgrel=2
+pkgdesc="GnuPG Made Easy"
+url="http://www.gnupg.org/related_software/gpgme/"
+arch="all"
+license="GPL"
+depends="gnupg"
+depends_dev="libgpg-error-dev libassuan-dev qt5-qtbase-dev"
+makedepends="$depends_dev doxygen"
+subpackages="$pkgname-dev $pkgname-doc gpgmepp qgpgme"
+source="ftp://ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2
+ fix-bashism.patch"
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+qgpgme() {
+ pkgdesc="$pkgdesc (Qt 5 library)"
+ mkdir -p "$subpkgdir"/usr/lib/
+ mv "$pkgdir"/usr/lib/libqgpgme.so* "$subpkgdir"/usr/lib/
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+gpgmepp() {
+ pkgdesc="C++ bindings for GPGME"
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libgpgmepp.so.* "$subpkgdir"/usr/lib/
+}
+
+
+sha512sums="2a33343e907d9d70cc57dc1ef4e1c01995e1030bb0db937f44435643d6abfbb1bd55d52ba241701fa702783ebf035c09941131604fd8a811474b8bee41afccc8 gpgme-1.9.0.tar.bz2
+6d83139277026d280fa08827623196c90c6158ecb9a39b58f58f3b4211d8d1e9694aa255eb71a08e40028776f6cc9df9b8f6a71d918065479504de14619a11bd fix-bashism.patch"
diff --git a/user/gpgme/fix-bashism.patch b/user/gpgme/fix-bashism.patch
new file mode 100644
index 000000000..19508c96e
--- /dev/null
+++ b/user/gpgme/fix-bashism.patch
@@ -0,0 +1,10 @@
+diff --git a/tests/gpg/pinentry b/tests/gpg/pinentry
+index 3b99726..b12caae 100755
+--- a/tests/gpg/pinentry
++++ b/tests/gpg/pinentry
+@@ -1,4 +1,4 @@
+-#! /bin/bash
++#! /bin/sh
+ # Dummy pinentry
+ #
+ # Copyright 2008 g10 Code GmbH
diff --git a/user/graphviz/0001-clone-nameclash.patch b/user/graphviz/0001-clone-nameclash.patch
new file mode 100644
index 000000000..6222238d8
--- /dev/null
+++ b/user/graphviz/0001-clone-nameclash.patch
@@ -0,0 +1,87 @@
+From cb8bbbd3a48fa1f41965617852d11e02eb20b1f0 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 26 Jul 2011 12:41:21 +0000
+Subject: [PATCH] clone nameclash
+
+---
+ lib/gvpr/actions.c | 6 +++---
+ lib/gvpr/actions.h | 2 +-
+ lib/gvpr/compile.c | 2 +-
+ lib/gvpr/gvpr.c | 4 ++--
+ 4 files changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/lib/gvpr/actions.c b/lib/gvpr/actions.c
+index 05bfcd1..b3b4a60 100644
+--- a/lib/gvpr/actions.c
++++ b/lib/gvpr/actions.c
+@@ -380,7 +380,7 @@ Agraph_t *cloneG(Agraph_t * g, char* name)
+ * graph. Otherwise, create a clone subgraph of g.
+ * Assume obj != NULL.
+ */
+-Agobj_t *clone(Agraph_t * g, Agobj_t * obj)
++Agobj_t *cloneO(Agraph_t * g, Agobj_t * obj)
+ {
+ Agobj_t *nobj = 0;
+ Agedge_t *e;
+@@ -415,8 +415,8 @@ Agobj_t *clone(Agraph_t * g, Agobj_t * obj)
+ case AGINEDGE:
+ case AGOUTEDGE:
+ e = (Agedge_t *) obj;
+- t = (Agnode_t *) clone(g, OBJ(agtail(e)));
+- h = (Agnode_t *) clone(g, OBJ(aghead(e)));
++ t = (Agnode_t *) cloneO(g, OBJ(agtail(e)));
++ h = (Agnode_t *) cloneO(g, OBJ(aghead(e)));
+ name = agnameof (AGMKOUT(e));
+ nobj = (Agobj_t *) openEdge(g, t, h, name);
+ if (nobj)
+diff --git a/lib/gvpr/actions.h b/lib/gvpr/actions.h
+index 5c62a3b..4223c52 100644
+--- a/lib/gvpr/actions.h
++++ b/lib/gvpr/actions.h
+@@ -22,7 +22,7 @@ extern "C" {
+ #include "expr.h"
+
+ extern void nodeInduce(Agraph_t * selected);
+- extern Agobj_t *clone(Agraph_t * g, Agobj_t * obj);
++ extern Agobj_t *cloneO(Agraph_t * g, Agobj_t * obj);
+ extern Agraph_t *cloneG(Agraph_t * g, char* name);
+ extern Agobj_t *copy(Agraph_t * g, Agobj_t * obj);
+ extern int copyAttr(Agobj_t * obj, Agobj_t * obj1);
+diff --git a/lib/gvpr/compile.c b/lib/gvpr/compile.c
+index c157572..0914210 100644
+--- a/lib/gvpr/compile.c
++++ b/lib/gvpr/compile.c
+@@ -1087,7 +1087,7 @@ getval(Expr_t * pgm, Exnode_t * node, Exid_t * sym, Exref_t * ref,
+ error(ERROR_WARNING, "NULL object passed to clone()");
+ v.integer = 0;
+ } else
+- v.integer = PTR2INT(clone(gp, objp));
++ v.integer = PTR2INT(cloneO(gp, objp));
+ break;
+ case F_cloneG:
+ gp = INT2PTR(Agraph_t *, args[0].integer);
+diff --git a/lib/gvpr/gvpr.c b/lib/gvpr/gvpr.c
+index 0d47d70..9a1bfd1 100644
+--- a/lib/gvpr/gvpr.c
++++ b/lib/gvpr/gvpr.c
+@@ -803,7 +803,7 @@ addOutputGraph (Gpr_t* state, gvpropts* uopts)
+ Agraph_t* g = state->outgraph;
+
+ if ((agroot(g) == state->curgraph) && !uopts->ingraphs)
+- g = (Agraph_t*)clone (0, (Agobj_t *)g);
++ g = (Agraph_t*)cloneO (0, (Agobj_t *)g);
+
+ uopts->n_outgraphs++;
+ uopts->outgraphs = oldof(uopts->outgraphs,Agraph_t*,uopts->n_outgraphs,0);
+@@ -988,7 +988,7 @@ int gvpr (int argc, char *argv[], gvpropts * uopts)
+
+ /* begin graph */
+ if (incoreGraphs && (opts->compflags & CLONE))
+- state->curgraph = (Agraph_t*)clone (0, (Agobj_t*)(state->curgraph));
++ state->curgraph = (Agraph_t*)cloneO (0, (Agobj_t*)(state->curgraph));
+ state->curobj = (Agobj_t *) state->curgraph;
+ state->tvroot = 0;
+ if (bp->begg_stmt)
+--
+1.7.6
+
diff --git a/user/graphviz/APKBUILD b/user/graphviz/APKBUILD
new file mode 100644
index 000000000..7f5b34c1f
--- /dev/null
+++ b/user/graphviz/APKBUILD
@@ -0,0 +1,120 @@
+# Contributor: Sören Tempel <soeren/alpine@soeren-tempel.net>
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=graphviz
+pkgver=2.40.1
+pkgrel=1
+pkgdesc="Graph Visualization Tools"
+url="http://www.graphviz.org/"
+arch="all"
+license="EPL"
+options="!check" # Requires unpackaged Criterion test framework
+depends=""
+depends_dev="zlib-dev libpng-dev libjpeg-turbo-dev expat-dev
+ fontconfig-dev libsm-dev libxext-dev cairo-dev pango-dev
+ librsvg-dev gmp-dev freetype-dev"
+makedepends="$depends_dev flex swig guile-dev m4 libtool
+ bison gtk+2.0-dev lua5.2-dev libltdl tcl"
+install="$pkgname.pre-deinstall"
+triggers="$pkgname.trigger=/usr/lib/graphviz"
+subpackages="$pkgname-dev $pkgname-doc lua-$pkgname:_lua
+ $pkgname-gtk $pkgname-graphs guile-$pkgname:guile"
+source="http://www.graphviz.org/pub/graphviz/stable/SOURCES/graphviz-$pkgver.tar.bz2
+ $pkgname.trigger
+ 0001-clone-nameclash.patch
+ "
+
+prepare() {
+ # Rename unpacked directory with hash in the name to something sane...
+ mv "$srcdir"/$pkgname-stable_release_$pkgver-* "$builddir"
+
+ default_prepare
+
+ cd "$builddir"
+ ./autogen.sh NOCONFIG
+}
+
+build() {
+ cd "$builddir"
+
+ LIBPOSTFIX=/ \
+ LUA=lua5.2 \
+ LUA_CFLAGS="$(pkg-config --cflags lua5.2)" \
+ LUA_LIBS="$(pkg-config --libs lua5.2)" \
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --without-included-ltdl \
+ --disable-ltdl-install \
+ --disable-silent-rules \
+ --enable-ltdl \
+ --with-x \
+ --disable-static \
+ --disable-dependency-tracking \
+ --enable-java=no \
+ --enable-lua=yes \
+ --enable-python34=yes \
+ --enable-tcl=no \
+ --without-mylibgd \
+ --with-ipsepcola \
+ --with-pangocairo \
+ --with-gdk-pixbuf \
+ --with-png \
+ --with-jpeg \
+ --with-rsvg
+
+ if [ "$CARCH" = "x86_64" ]; then
+ # the configure script thinks we have sincos. we dont.
+ sed -i -e '/HAVE_SINCOS/d' config.h
+ fi
+
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" \
+ pkgconfigdir=/usr/lib/pkgconfig \
+ install
+
+ mkdir -p "$pkgdir"/usr/share/doc
+ mv "$pkgdir"/usr/share/graphviz/doc \
+ "$pkgdir"/usr/share/doc/graphviz
+}
+
+guile() {
+ pkgdesc="Guile bindings for graphviz"
+ mkdir -p "$subpkgdir"/usr/lib/graphviz
+ mv "$pkgdir"/usr/lib/graphviz/guile* \
+ "$subpkgdir"/usr/lib/graphviz/
+}
+
+_lua() {
+ pkgdesc="Lua extension for graphviz"
+ mkdir -p "$subpkgdir"/usr/lib/graphviz \
+ "$subpkgdir"/usr/lib/lua
+ mv "$pkgdir"/usr/lib/graphviz/lua \
+ "$subpkgdir"/usr/lib/graphviz
+ mv "$pkgdir"/usr/lib/lua "$subpkgdir"/usr/lib/
+}
+
+gtk() {
+ pkgdesc="Gtk extension for graphviz"
+ mkdir -p "$subpkgdir"/usr/lib/graphviz
+ mv "$pkgdir"/usr/lib/graphviz/libgvplugin_g?k* \
+ "$pkgdir"/usr/lib/graphviz/libgvplugin_rsvg* \
+ "$subpkgdir"/usr/lib/graphviz
+}
+
+graphs() {
+ pkgdesc="Demo graphs for graphviz"
+ mkdir -p "$subpkgdir"/usr/share/graphviz
+ mv "$pkgdir"/usr/share/graphviz/graphs \
+ "$subpkgdir"/usr/share/graphviz/
+}
+
+sha512sums="4e819b3906f3b8e31245a021acd6fae4a1bc55df0a4df6b57a3578a62017e9db0b474a38f3f54682b9e9136d332f2374feee308af489e2848f8bc303ffab58ac graphviz-2.40.1.tar.bz2
+50947e6a11929f724759266f7716d52d10923eba6d59704ab39e4bdf18f8471d548c2b11ab051dd4b67cb82742aaf54d6358890d049d5b5982f3383b65f7ae8c graphviz.trigger
+aa4cbc341906a949a6bf78cadd96c437d6bcc90369941fe03519aa4447731ecbf6063a0dd0366d3e7aaadf22b69e4bcab3f8632a7da7a01f8e08a3be05c2bc5d 0001-clone-nameclash.patch"
diff --git a/user/graphviz/graphviz.pre-deinstall b/user/graphviz/graphviz.pre-deinstall
new file mode 100644
index 000000000..cfc43bf6a
--- /dev/null
+++ b/user/graphviz/graphviz.pre-deinstall
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+if [ -e /usr/lib/graphviz/config6 ]; then
+ rm /usr/lib/graphviz/config6
+fi
diff --git a/user/graphviz/graphviz.trigger b/user/graphviz/graphviz.trigger
new file mode 100644
index 000000000..99d447b9b
--- /dev/null
+++ b/user/graphviz/graphviz.trigger
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /usr/bin/dot -c
diff --git a/user/gsl/APKBUILD b/user/gsl/APKBUILD
new file mode 100644
index 000000000..2820f36d6
--- /dev/null
+++ b/user/gsl/APKBUILD
@@ -0,0 +1,42 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+pkgname=gsl
+pkgver=2.4
+pkgrel=2
+pkgdesc="The GNU Scientific Library (GSL) is a modern numerical library for C and C++ programmers"
+url="http://www.gnu.org/software/gsl/gsl.html"
+arch="all"
+license="GPL-3.0+"
+depends=
+makedepends=
+install=
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://ftp.gnu.org/gnu/gsl/gsl-$pkgver.tar.gz
+ dont-disable-deprecated.patch
+ aarch64-test-failure.patch"
+
+# dont-disable-deprecated.patch is workaround for:
+# https://github.com/SciRuby/rb-gsl/issues/40
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="12442b023dd959e8b22a9c486646b5cedec7fdba0daf2604cda365cf96d10d99aefdec2b42e59c536cc071da1525373454e5ed6f4b15293b305ca9b1dc6db130 gsl-2.4.tar.gz
+88d40e599a9e619d8968f9848a91c54492d99032734371ee23072c8dae9d9920da445c1f8a880baa613479facec4afca3d3dec1070c240e5dfd5a662a41c92e8 dont-disable-deprecated.patch
+68b685270a377341b3c3ce566ae6eff4ebfc27b75a73f3c7915c57446798bdcca7c1d9f0fa4ce8a50118b371bfe3e2947f9bf33590c86e85db8e807b3b0deae6 aarch64-test-failure.patch"
diff --git a/user/gsl/aarch64-test-failure.patch b/user/gsl/aarch64-test-failure.patch
new file mode 100644
index 000000000..0b6e80380
--- /dev/null
+++ b/user/gsl/aarch64-test-failure.patch
@@ -0,0 +1,13 @@
+https://lists.gnu.org/archive/html/help-gsl/2017-02/msg00002.html
+
+--- gsl-2.4/linalg/test_cholesky.c.old 2017-06-19 10:00:43.000000000 +0000
++++ gsl-2.4/linalg/test_cholesky.c 2018-05-30 07:37:04.835628069 +0000
+@@ -551,7 +551,7 @@
+ if (N <= 4)
+ {
+ create_hilbert_matrix2(m);
+- test_mcholesky_invert_eps(m, 256.0 * N * GSL_DBL_EPSILON, "mcholesky_invert unscaled hilbert");
++ test_mcholesky_invert_eps(m, 512.0 * N * GSL_DBL_EPSILON, "mcholesky_invert unscaled hilbert");
+ }
+
+ gsl_matrix_free(m);
diff --git a/user/gsl/dont-disable-deprecated.patch b/user/gsl/dont-disable-deprecated.patch
new file mode 100644
index 000000000..40a7c3bce
--- /dev/null
+++ b/user/gsl/dont-disable-deprecated.patch
@@ -0,0 +1,24 @@
+diff -urp gsl-2.2.1/configure.ac patched/configure.ac
+--- gsl-2.2.1/configure.ac 2016-08-31 15:54:07.000000000 +0100
++++ patched/configure.ac 2017-01-31 14:52:10.000000000 +0000
+@@ -575,10 +575,6 @@ AH_BOTTOM([#if defined(GSL_RANGE_CHECK_O
+ AH_BOTTOM([#define RETURN_IF_NULL(x) if (!x) { return ; }
+ ])
+
+-AH_VERBATIM([GSL_DISABLE_DEPRECATED],
+-[/* Disable deprecated functions and enums while building */
+-#define GSL_DISABLE_DEPRECATED 1])
+-
+ dnl
+ AC_CONFIG_FILES([ \
+ Makefile \
+--- gsl-2.2.1/config.h.in 2016-08-31 15:54:51.000000000 +0100
++++ patched/config.h.in 2017-01-31 16:01:17.000000000 +0000
+@@ -1,8 +1,5 @@
+ /* config.h.in. Generated from configure.ac by autoheader. */
+
+-/* Disable deprecated functions and enums while building */
+-#define GSL_DISABLE_DEPRECATED 1
+-
+ /* Define if you have inline with C99 behavior */
+ #undef HAVE_C99_INLINE
diff --git a/user/hexchat/APKBUILD b/user/hexchat/APKBUILD
new file mode 100644
index 000000000..5f43c168d
--- /dev/null
+++ b/user/hexchat/APKBUILD
@@ -0,0 +1,61 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=hexchat
+pkgver=2.12.4
+pkgrel=1
+pkgdesc="A popular and easy to use graphical IRC (chat) client"
+url="https://hexchat.github.io"
+arch="all"
+license="GPL2+"
+depends=""
+makedepends="gtk+2.0-dev openssl-dev dbus-glib-dev perl-dev libsexy-dev
+ libnotify-dev libproxy-dev bash libtool autoconf automake"
+install=""
+subpackages="$pkgname-doc $pkgname-lang $pkgname-perl:_perl"
+source="https://dl.hexchat.net/hexchat/hexchat-$pkgver-repack.tar.xz
+ pixdata.patch
+ "
+
+builddir="$srcdir"/hexchat-$pkgver
+prepare() {
+ cd "$builddir"
+ default_prepare
+ autoreconf -vif
+}
+
+build() {
+ cd "$builddir"
+ LUA=lua5.3 \
+ ./configure --prefix=/usr \
+ --sysconfdir=/etc \
+ --enable-openssl \
+ --enable-dbus \
+ --disable-textfe \
+ --enable-perl \
+ --disable-python \
+ --disable-lua
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ # not worth a -dev pkg
+ rm -r "$pkgdir"/usr/include
+}
+
+_perl() {
+ pkgdesc="Perl plugin for Hexchat"
+ depends="$pkgname=$pkgver-r$pkgrel"
+ install_if="$pkgname=$pkgver-r$pkgrel perl"
+ mkdir -p "$subpkgdir"/usr/lib/hexchat/plugins
+ mv "$pkgdir"/usr/lib/hexchat/plugins/perl.so \
+ "$subpkgdir"/usr/lib/hexchat/plugins
+}
+
+sha512sums="30d42f5b488abec3fa457254720a39f62619338a5a2c3fe2e5a255aafe1b19817451b01cd260eab90868df1ebf9f663c60b78b6db974ca3c777272327c0b8a25 hexchat-2.12.4-repack.tar.xz
+5cb7ac95e6d53d677d7ec82485636f2c36003ba7fa0c4d4d353095dc6207c51abdc7a2230d43616895fef8ce2c7c2096bec21ac47117d0adbc7416ff3d4ba2c3 pixdata.patch"
diff --git a/user/hexchat/libressl.patch b/user/hexchat/libressl.patch
new file mode 100644
index 000000000..d829dee39
--- /dev/null
+++ b/user/hexchat/libressl.patch
@@ -0,0 +1,105 @@
+From d583ca7d922e5ac6ff466df2e4411b1303a3a2a3 Mon Sep 17 00:00:00 2001
+From: Florian Stinglmayr <florian@n0la.org>
+Date: Tue, 13 Dec 2016 18:41:43 +0100
+Subject: [PATCH] Use AC_CHECK_FUNCS to find functions not in LibreSSL
+
+LibreSSL might not have all functions of OpenSSL 1.1.0 so use
+AC_CHECK_FUNCS to find them first before using them.
+
+Closes #1899
+Fixes #1898
+---
+ configure.ac | 2 ++
+ src/common/ssl.c | 4 ++--
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 34e6def..1f442c5 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -374,6 +374,8 @@ AS_IF([test "$openssl" != no], [
+ openssl=yes
+ COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS"
+ COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS"
++ dnl Test for various functions that are not available in LibreSSL
++ AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid])
+ ], [
+ unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h
+ AS_IF([test "$openssl" != yes], [
+diff --git a/src/common/ssl.c b/src/common/ssl.c
+index cb58ce2..76fea7b 100644
+--- a/src/common/ssl.c
++++ b/src/common/ssl.c
+@@ -176,7 +176,7 @@ _SSL_get_cert_info (struct cert_info *cert_info, SSL * ssl)
+ return 1;
+
+ alg = OBJ_obj2nid (algor->algorithm);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_X509_GET_SIGNATURE_NID
+ sign_alg = OBJ_obj2nid (peer_cert->sig_alg->algorithm);
+ #else
+ sign_alg = X509_get_signature_nid (peer_cert);
+@@ -306,7 +306,7 @@ _SSL_socket (SSL_CTX *ctx, int sd)
+
+ SSL_set_fd (ssl, sd);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_SSL_CTX_GET_SSL_METHOD
+ method = ctx->method;
+ #else
+ method = SSL_CTX_get_ssl_method (ctx);
+From aa7080f8fe63939d7ff4a0d0b1ec60f0c3eb31be Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <tingping@tingping.se>
+Date: Tue, 13 Dec 2016 17:29:26 -0500
+Subject: [PATCH] Fix building fishlim against libressl also
+
+Also part of #1898
+---
+ configure.ac | 2 +-
+ plugins/fishlim/dh1080.c | 6 +++---
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 1f442c5..10a1550 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -375,7 +375,7 @@ AS_IF([test "$openssl" != no], [
+ COMMON_LIBS="$COMMON_LIBS $OPENSSL_LIBS"
+ COMMON_CFLAGS="$COMMON_CFLAGS $OPENSSL_CFLAGS"
+ dnl Test for various functions that are not available in LibreSSL
+- AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid])
++ AC_CHECK_FUNCS([SSL_CTX_get_ssl_method X509_get_signature_nid DH_set0_pqg DH_get0_key DH_set0_key])
+ ], [
+ unset openssl_path ac_cv_lib_ssl_SSL_new ac_cv_header_openssl_ssl_h
+ AS_IF([test "$openssl" != yes], [
+diff --git a/plugins/fishlim/dh1080.c b/plugins/fishlim/dh1080.c
+index ff6e579..3611758 100644
+--- a/plugins/fishlim/dh1080.c
++++ b/plugins/fishlim/dh1080.c
+@@ -74,7 +74,7 @@ dh1080_init (void)
+
+ BN_set_word (g, 2);
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_DH_SET0_PQG
+ g_dh->p = p;
+ g_dh->g = g;
+ #else
+@@ -162,7 +162,7 @@ dh1080_generate_key (char **priv_key, char **pub_key)
+ return 0;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_DH_GET0_KEY
+ dh_pub_key = dh->pub_key;
+ dh_priv_key = dh->priv_key;
+ #else
+@@ -213,7 +213,7 @@ dh1080_compute_key (const char *priv_key, const char *pub_key, char **secret_key
+
+ priv_key_data = dh1080_decode_b64 (priv_key, &priv_key_len);
+ priv_key_num = BN_bin2bn(priv_key_data, priv_key_len, NULL);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#ifndef HAVE_DH_SET0_KEY
+ dh->priv_key = priv_key_num;
+ #else
+ DH_set0_key (dh, NULL, priv_key_num);
diff --git a/user/hexchat/pixdata.patch b/user/hexchat/pixdata.patch
new file mode 100644
index 000000000..4e720a848
--- /dev/null
+++ b/user/hexchat/pixdata.patch
@@ -0,0 +1,56 @@
+From 4c178782a779f013fafab476506f7d4dae372b8a Mon Sep 17 00:00:00 2001
+From: Patrick Griffis <tingping@tingping.se>
+Date: Sat, 17 Dec 2016 19:55:06 -0500
+Subject: [PATCH] Don't combine compression with pixdata option for icon
+ resources
+
+This made minimal difference and is not recommended by upstream.
+It also is affected by a regression in the latest gdk-pixbuf release.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=776105
+---
+ data/hexchat.gresource.xml | 28 ++++++++++++++--------------
+ 1 file changed, 14 insertions(+), 14 deletions(-)
+
+diff --git a/data/hexchat.gresource.xml b/data/hexchat.gresource.xml
+index c125da2..5845da5 100644
+--- a/data/hexchat.gresource.xml
++++ b/data/hexchat.gresource.xml
+@@ -1,23 +1,23 @@
+ <?xml version="1.0" encoding="UTF-8"?>
+ <gresources>
+ <gresource prefix="/icons">
+- <file alias="hexchat.png" preprocess="to-pixdata" compressed="true">icons/hexchat.png</file>
+- <file alias="book.png" preprocess="to-pixdata" compressed="true">icons/book.png</file>
++ <file alias="hexchat.png" preprocess="to-pixdata">icons/hexchat.png</file>
++ <file alias="book.png" preprocess="to-pixdata">icons/book.png</file>
+
+- <file alias="ulist_voice.png" preprocess="to-pixdata" compressed="true">icons/ulist_voice.png</file>
+- <file alias="ulist_halfop.png" preprocess="to-pixdata" compressed="true">icons/ulist_halfop.png</file>
+- <file alias="ulist_op.png" preprocess="to-pixdata" compressed="true">icons/ulist_op.png</file>
+- <file alias="ulist_owner.png" preprocess="to-pixdata" compressed="true">icons/ulist_owner.png</file>
+- <file alias="ulist_founder.png" preprocess="to-pixdata" compressed="true">icons/ulist_founder.png</file>
+- <file alias="ulist_netop.png" preprocess="to-pixdata" compressed="true">icons/ulist_netop.png</file>
++ <file alias="ulist_voice.png" preprocess="to-pixdata">icons/ulist_voice.png</file>
++ <file alias="ulist_halfop.png" preprocess="to-pixdata">icons/ulist_halfop.png</file>
++ <file alias="ulist_op.png" preprocess="to-pixdata">icons/ulist_op.png</file>
++ <file alias="ulist_owner.png" preprocess="to-pixdata">icons/ulist_owner.png</file>
++ <file alias="ulist_founder.png" preprocess="to-pixdata">icons/ulist_founder.png</file>
++ <file alias="ulist_netop.png" preprocess="to-pixdata">icons/ulist_netop.png</file>
+
+- <file alias="tray_fileoffer.png" preprocess="to-pixdata" compressed="true">icons/tray_fileoffer.png</file>
+- <file alias="tray_highlight.png" preprocess="to-pixdata" compressed="true">icons/tray_highlight.png</file>
+- <file alias="tray_message.png" preprocess="to-pixdata" compressed="true">icons/tray_message.png</file>
++ <file alias="tray_fileoffer.png" preprocess="to-pixdata">icons/tray_fileoffer.png</file>
++ <file alias="tray_highlight.png" preprocess="to-pixdata">icons/tray_highlight.png</file>
++ <file alias="tray_message.png" preprocess="to-pixdata">icons/tray_message.png</file>
+
+ <file alias="tree_channel.png" preprocess="to-pixdata">icons/tree_channel.png</file>
+- <file alias="tree_dialog.png" preprocess="to-pixdata" compressed="true">icons/tree_dialog.png</file>
+- <file alias="tree_server.png" preprocess="to-pixdata" compressed="true">icons/tree_server.png</file>
+- <file alias="tree_util.png" preprocess="to-pixdata" compressed="true">icons/tree_util.png</file>
++ <file alias="tree_dialog.png" preprocess="to-pixdata">icons/tree_dialog.png</file>
++ <file alias="tree_server.png" preprocess="to-pixdata">icons/tree_server.png</file>
++ <file alias="tree_util.png" preprocess="to-pixdata">icons/tree_util.png</file>
+ </gresource>
+ </gresources>
diff --git a/user/i3lock/APKBUILD b/user/i3lock/APKBUILD
new file mode 100644
index 000000000..c11e9bca8
--- /dev/null
+++ b/user/i3lock/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Johannes Matheis <jomat+alpinebuild@jmt.gr>
+# Maintainer: Johannes Matheis <jomat+alpinebuild@jmt.gr>
+pkgname=i3lock
+pkgver=2.10
+pkgrel=0
+pkgdesc="An improved screenlocker based upon XCB and PAM"
+url="https://i3wm.org/i3lock/"
+arch="all"
+license="MIT"
+depends="xkeyboard-config"
+makedepends="libev-dev cairo-dev linux-pam-dev libxkbcommon-dev
+ xcb-util-image-dev which"
+subpackages="$pkgname-doc"
+source="$url/$pkgname-$pkgver.tar.bz2"
+builddir="$srcdir/$pkgname-$pkgver"
+
+prepare() {
+ default_prepare
+
+ cd "$builddir"
+
+ # Fix ticket FS#31544, sed line taken from gentoo
+ sed -i -e 's:login:base-auth:g' i3lock.pam
+}
+
+build() {
+ cd "$builddir"
+ make
+}
+
+check() {
+ cd "$builddir"
+ ./i3lock -v
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ install -m755 -d "$pkgdir/usr/share/man/man1/"
+ install -m644 $pkgname.1 "$pkgdir/usr/share/man/man1/"
+}
+
+sha512sums="ea865b202668212b58d0b97d0263171847e1bd0c529e2fd3d26c15ef253861b9a8357ff2efaa6a4f342c4d0d1ab03bc00f95f4d4008760ec8e0767ac29195517 i3lock-2.10.tar.bz2"
diff --git a/user/jasper/APKBUILD b/user/jasper/APKBUILD
new file mode 100644
index 000000000..74504d503
--- /dev/null
+++ b/user/jasper/APKBUILD
@@ -0,0 +1,49 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=jasper
+pkgver=2.0.14
+pkgrel=0
+pkgdesc="A software-based implementation of the codec specified in the emerging JPEG-2000 Part-1 standard"
+url="http://www.ece.uvic.ca/~mdadams/jasper/"
+arch="all"
+license="custom:JasPer2.0"
+depends= #"libjpeg>=8 freeglut libxi libxmu mesa"
+makedepends="libjpeg-turbo-dev cmake"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libs"
+source="http://www.ece.uvic.ca/~frodo/jasper/software/jasper-$pkgver.tar.gz
+ "
+builddir="$srcdir"/$pkgname-$pkgver
+
+# secfixes:
+# 2.0.12-r1:
+# - CVE-2017-1000050
+
+build() {
+ mkdir "$builddir"/obj
+ cd "$builddir"/obj
+ # default of 16 causes stack overflow
+ export CFLAGS="${CFLAGS} -DJPC_QMFB_COLGRPSIZE=6"
+ cmake .. \
+ -DCMAKE_BUILD_TYPE=Release \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=/usr/lib
+
+ make
+}
+
+check() {
+ cd "$builddir"/obj
+ make test
+}
+
+package() {
+ cd "$builddir"/obj
+ make DESTDIR="$pkgdir" install
+}
+
+libs() {
+ pkgdesc="JPEG-2000 library"
+ install -d "$subpkgdir"/usr/
+ mv "$pkgdir"/usr/lib "$subpkgdir"/usr
+}
+
+sha512sums="9e5cffd2e899e37ba08890e2377ddfc3c2fb13d9fe00dea6b4612e4d241a6f4327de6835809b415c41ae4bf44208cf7871c1982ff5fc04ae6bc09fd376b0afc8 jasper-2.0.14.tar.gz"
diff --git a/user/libbluray/APKBUILD b/user/libbluray/APKBUILD
new file mode 100644
index 000000000..925ad2cfd
--- /dev/null
+++ b/user/libbluray/APKBUILD
@@ -0,0 +1,36 @@
+# Contributor: Timo Teräs <timo.teras@iki.fi>
+# Maintainer: Timo Teräs <timo.teras@iki.fi>
+pkgname=libbluray
+pkgver=1.0.0
+pkgrel=1
+pkgdesc="a library designed for Blu-Ray Discs playback"
+url="http://www.videolan.org/developers/libbluray.html"
+arch="all"
+license="LGPL"
+options="!check" # Test requires an actual BD-ROM to play
+makedepends="fontconfig-dev libxml2-dev"
+subpackages="$pkgname-dev"
+source="http://download.videolan.org/pub/videolan/libbluray/$pkgver/libbluray-$pkgver.tar.bz2"
+builddir="$srcdir"/libbluray-$pkgver
+
+build() {
+ cd "$builddir"
+
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var \
+ --disable-bdjava
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="fcf2193c3b76f3436bc88ce8853cac16f29c3bb6c66447109c14202a41ea938cb6814502a8f724fb1b31add6bd36b42d3aed3eb4a8010c123537e073bd7a0be1 libbluray-1.0.0.tar.bz2"
diff --git a/user/libcanberra/APKBUILD b/user/libcanberra/APKBUILD
new file mode 100644
index 000000000..31cae167b
--- /dev/null
+++ b/user/libcanberra/APKBUILD
@@ -0,0 +1,95 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: William Pitcock <nenolod@dereferenced.org>
+pkgname=libcanberra
+pkgver=0.30
+pkgrel=2
+pkgdesc="simple audio library for GTK applications"
+url="http://0pointer.de/lennart/projects/libcanberra/"
+license="LGPL"
+options="!check" # No test suite.
+depends=
+makedepends="gtk+-dev libogg-dev libvorbis-dev alsa-lib-dev libtool gtk+3.0-dev
+ pulseaudio-dev gstreamer-dev"
+install=
+subpackages="$pkgname-dev $pkgname-doc $pkgname-gtk2 $pkgname-gtk3
+ $pkgname-gstreamer $pkgname-pulse"
+source="http://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.xz"
+arch="all"
+
+depends_dev="$makedepends"
+
+builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+ cd "$builddir"
+ update_config_sub
+ default_prepare
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --disable-oss
+ make
+}
+
+package() {
+ cd "$builddir"
+ make -j1 DESTDIR="$pkgdir" install
+}
+
+gtk2() {
+ pkgdesc="Gtk+ 2.x Bindings for libcanberra"
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libcanberra-gtk.so.* \
+ "$subpkgdir"/usr/lib/
+ mv "$pkgdir"/usr/lib/gtk-2.0 \
+ "$subpkgdir"/usr/lib/
+}
+
+gtk3() {
+ pkgdesc="Gtk+ 3.x Bindings for libcanberra"
+ mkdir -p "$subpkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules \
+ "$subpkgdir"/usr/bin \
+ "$subpkgdir"/usr/share/gnome/autostart \
+ "$subpkgdir"/usr/share/gnome/shutdown \
+ "$subpkgdir"/usr/share/gdm/autostart/LoginWindow
+ mv "$pkgdir"/usr/lib/gtk-3.0 \
+ "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/libcanberra-gtk3.so.* \
+ "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/bin/canberra-gtk-play \
+ "$subpkgdir"/usr/bin/
+ mv "$pkgdir"/usr/share/gnome/autostart/libcanberra-login-sound.desktop \
+ "$subpkgdir"/usr/share/gnome/autostart
+ mv "$pkgdir"/usr/share/gnome/shutdown/libcanberra-logout-sound.sh \
+ "$subpkgdir"/usr/share/gnome/autostart/
+ mv "$pkgdir"/usr/share/gdm/autostart/LoginWindow/libcanberra-ready-sound.desktop \
+ "$subpkgdir"/usr/share/gdm/autostart/LoginWindow/
+ mv "$pkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules/canberra-gtk-module.desktop \
+ "$subpkgdir"/usr/lib/gnome-settings-daemon-3.0/gtk-modules/
+}
+
+gstreamer() {
+ pkgdesc="GStreamer backend for libcanberra"
+ install_if="$pkgname=$pkgver-$pkgrel gstreamer"
+ mkdir -p "$subpkgdir"/usr/lib/libcanberra-$pkgver
+ mv "$pkgdir"/usr/lib/libcanberra-$pkgver/libcanberra-gstreamer.so \
+ "$subpkgdir"/usr/lib/libcanberra-$pkgver/
+}
+
+pulse() {
+ pkgdesc="PulseAudio backend for libcanberra"
+ install_if="$pkgname=$pkgver-$pkgrel pulseaudio"
+ mkdir -p "$subpkgdir"/usr/lib/libcanberra-$pkgver
+ mv "$pkgdir"/usr/lib/libcanberra-$pkgver/libcanberra-pulse.so \
+ "$subpkgdir"/usr/lib/libcanberra-$pkgver/
+}
+
+sha512sums="f7543582122256826cd01d0f5673e1e58d979941a93906400182305463d6166855cb51f35c56d807a56dc20b7a64f7ce4391368d24990c1b70782a7d0b4429c2 libcanberra-0.30.tar.xz"
diff --git a/user/libgit2/APKBUILD b/user/libgit2/APKBUILD
new file mode 100644
index 000000000..e7e4bbfad
--- /dev/null
+++ b/user/libgit2/APKBUILD
@@ -0,0 +1,52 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Pierre-Gilas MILLON <pgmillon@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libgit2
+pkgver=0.26.0
+pkgrel=0
+pkgdesc="A linkable library for Git"
+url="https://libgit2.github.com/"
+arch="all"
+license="GPL-2.0"
+depends=""
+depends_dev="curl-dev libssh2-dev"
+makedepends="$depends_dev python3 cmake zlib-dev openssl-dev"
+subpackages="$pkgname-dev"
+source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
+ build-both-static-dynamic.patch
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 0.25.1-r0:
+# - CVE-2016-10128
+# - CVE-2016-10129
+# - CVE-2016-10130
+# 0.24.3-r0:
+# - CVE-2016-8568
+# - CVE-2016-8569
+
+build() {
+ cd "$builddir"
+ cmake \
+ -DCMAKE_BUILD_TYPE=RelWithDebugInfo \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=lib \
+ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \
+ -DCMAKE_C_FLAGS="$CFLAGS"
+ make
+}
+
+check() {
+ cd "$builddir"
+ CTEST_OUTPUT_ON_FAILURE=TRUE ctest
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="b6e51f2216c7c23f352572b780ea1325a25a517396709f036bb573295c2bd02aa505ba616846ac7e07863e99e640e7d47fefc5727478a257b283da99060ee47c libgit2-0.26.0.tar.gz
+39534d10f38f394446f93df810233464807fca3b0e903ee40067971ecbe1d78102bbe04283435032f757f970e6846ecf279eb727ab137c01e84427bd16913ee6 build-both-static-dynamic.patch"
diff --git a/user/libgit2/build-both-static-dynamic.patch b/user/libgit2/build-both-static-dynamic.patch
new file mode 100644
index 000000000..eeb179a1e
--- /dev/null
+++ b/user/libgit2/build-both-static-dynamic.patch
@@ -0,0 +1,53 @@
+From: Jakub Jirutka <jakub@jirutka.cz>
+Date: Mon, 11 Apr 2017 3:23:00 +0200
+Subject: [PATCH] Build both static and dynamic library
+
+This is very hack-ish, it makes option BUILD_SHARED_LIBS unusable.
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -28,7 +28,6 @@
+ # Build options
+ #
+ OPTION( SONAME "Set the (SO)VERSION of the target" ON )
+-OPTION( BUILD_SHARED_LIBS "Build Shared Library (OFF for Static)" ON )
+ OPTION( THREADSAFE "Build libgit2 as threadsafe" ON )
+ OPTION( BUILD_CLAR "Build Tests using the Clar suite" ON )
+ OPTION( BUILD_EXAMPLES "Build library usage example apps" OFF )
+@@ -44,6 +43,8 @@
+ OPTION( CURL "Use curl for HTTP if available" ON)
+ OPTION( DEBUG_POOL "Enable debug pool allocator" OFF )
+
++SET( BUILD_SHARED_LIBS ON )
++
+ IF(DEBUG_POOL)
+ ADD_DEFINITIONS(-DGIT_DEBUG_POOL)
+ ENDIF()
+@@ -602,7 +603,8 @@
+ ENDIF()
+
+ # Compile and link libgit2
+-ADD_LIBRARY(git2 ${SRC_H} ${SRC_GIT2} ${SRC_OS} ${SRC_ZLIB} ${SRC_HTTP} ${SRC_REGEX} ${SRC_SSH} ${SRC_SHA1} ${WIN_RC})
++ADD_LIBRARY(objlib OBJECT ${SRC_H} ${SRC_GIT2} ${SRC_OS} ${SRC_ZLIB} ${SRC_HTTP} ${SRC_REGEX} ${SRC_SSH} ${SRC_SHA1} ${WIN_RC})
++ADD_LIBRARY(git2 SHARED $<TARGET_OBJECTS:objlib>)
+ TARGET_LINK_LIBRARIES(git2 ${SECURITY_DIRS})
+ TARGET_LINK_LIBRARIES(git2 ${COREFOUNDATION_DIRS})
+ TARGET_LINK_LIBRARIES(git2 ${SSL_LIBRARIES})
+@@ -611,6 +613,9 @@
+ TARGET_LINK_LIBRARIES(git2 ${ICONV_LIBRARIES})
+ TARGET_OS_LIBRARIES(git2)
+
++ADD_LIBRARY(git2_static STATIC $<TARGET_OBJECTS:objlib>)
++SET_TARGET_PROPERTIES(git2_static PROPERTIES OUTPUT_NAME git2 CLEAN_DIRECT_OUTPUT 1)
++
+ # Workaround for Cmake bug #0011240 (see http://public.kitware.com/Bug/view.php?id=11240)
+ # Win64+MSVC+static libs = linker error
+ IF(MSVC AND GIT_ARCH_64 AND NOT BUILD_SHARED_LIBS)
+@@ -639,7 +644,7 @@
+ ENDIF ()
+
+ # Install
+-INSTALL(TARGETS git2
++INSTALL(TARGETS git2 git2_static
+ RUNTIME DESTINATION ${BIN_INSTALL_DIR}
+ LIBRARY DESTINATION ${LIB_INSTALL_DIR}
+ ARCHIVE DESTINATION ${LIB_INSTALL_DIR}
diff --git a/user/libgit2/libressl.patch b/user/libgit2/libressl.patch
new file mode 100644
index 000000000..967cdc498
--- /dev/null
+++ b/user/libgit2/libressl.patch
@@ -0,0 +1,12 @@
+diff -ru src.orig/libgit2-0.25.1/src/openssl_stream.h src/libgit2-0.25.1/src/openssl_stream.h
+--- libgit2-0.25.1/src/copenssl_stream.h.orig
++++ libgit2-0.25.1/src/openssl_stream.h
+@@ -27,7 +27,7 @@
+
+
+
+-# if OPENSSL_VERSION_NUMBER < 0x10100000L
++# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
+ {
diff --git a/user/libgit2/pkgconfig-do-not-quote-Libs.patch b/user/libgit2/pkgconfig-do-not-quote-Libs.patch
new file mode 100644
index 000000000..86133612e
--- /dev/null
+++ b/user/libgit2/pkgconfig-do-not-quote-Libs.patch
@@ -0,0 +1,26 @@
+From 452ba68cde25423d13ebb36f0a54559f07aa53a2 Mon Sep 17 00:00:00 2001
+From: Igor Gnatenko <ignatenko@redhat.com>
+Date: Tue, 7 Feb 2017 16:37:47 +0100
+Subject: [PATCH] pkgconfig: do not quote Libs
+
+It doesn't make sense at all.
+---
+ libgit2.pc.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libgit2.pc.in b/libgit2.pc.in
+index 329a560a7..880266a30 100644
+--- a/libgit2.pc.in
++++ b/libgit2.pc.in
+@@ -6,7 +6,7 @@ Name: libgit2
+ Description: The git library, take 2
+ Version: @LIBGIT2_VERSION_STRING@
+
+-Libs: -L"${libdir}" -lgit2
++Libs: -L${libdir} -lgit2
+ Libs.private: @LIBGIT2_PC_LIBS@
+ Requires.private: @LIBGIT2_PC_REQUIRES@
+
+--
+2.11.0
+
diff --git a/user/libnih/APKBUILD b/user/libnih/APKBUILD
new file mode 100644
index 000000000..f12895d65
--- /dev/null
+++ b/user/libnih/APKBUILD
@@ -0,0 +1,57 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: William Pitcock <nenolod@dereferenced.org>
+pkgname=libnih
+pkgver=1.0.3
+pkgrel=5
+pkgdesc="glib-like library for embedded use"
+url="http://launchpad.net/libnih"
+arch="all"
+license="LGPL"
+options="!checkroot"
+depends=
+depends_dev="dbus-dev expat-dev"
+makedepends="$depends_dev gettext-dev"
+checkdepends="dbus-x11 linux-headers"
+install=""
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://launchpad.net/libnih/${pkgver%.*}/${pkgver}/+download/${pkgname}-${pkgver}.tar.gz
+ musl-fix-signals.patch
+ disable-broken-test.patch
+ musl-enomem-message.patch
+ parse-test-fix.patch
+ "
+
+builddir="${srcdir}/${pkgname}-${pkgver}"
+prepare() {
+ cd "$builddir"
+ update_config_sub
+ default_prepare
+}
+
+build() {
+ cd "$builddir"
+ LIBS="-lintl" ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libdir=/lib \
+ --sysconfdir=/etc \
+ --localstatedir=/var
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="fce40d2445b28c27b8838631681ca3206a4f053b2dd4fc488fc9ef98bbd3d933e3d62b82cf346be2ef1677f6457f692cf5544cd915a6bb1e5c618f98ffa101b4 libnih-1.0.3.tar.gz
+77a979b3076c4e4229359f28c2e9d4fb66d799a66d60391ab6fd7e0dfe2a615b88330a979877b105293a95ed147546596eca174f52b75beca0457c49a017d040 musl-fix-signals.patch
+b5b77b1f18d7aa5d603a0d312b785c28200c38b7bbe5c384ee576c762bd9e3163682c29dd5410baf18c5c3734f0b719602caa1de096f1758d624d94b7753066a disable-broken-test.patch
+b800c99153ad66c9d7399bc7544a0237de0c7a4ddac129509f13eb1c31805fcac31c93bbf2945da557dfc900c9ec837ec0fded1c3f9887095dae52ff6fc046ec musl-enomem-message.patch
+3f24f648c27e9b5a6872859fe97b34055b0f43b11f0321508852b20b6dd94de5c8d24a6dbaab9d49e7004bf0c571c11ebf520d49630d8a89bceeb7783de7dcd2 parse-test-fix.patch"
diff --git a/user/libnih/disable-broken-test.patch b/user/libnih/disable-broken-test.patch
new file mode 100644
index 000000000..15027945a
--- /dev/null
+++ b/user/libnih/disable-broken-test.patch
@@ -0,0 +1,11 @@
+--- libnih-1.0.3/nih/tests/test_child.c.old 2010-09-20 18:17:01.000000000 -0500
++++ libnih-1.0.3/nih/tests/test_child.c 2017-09-27 20:22:23.576368549 -0500
+@@ -652,7 +652,7 @@
+ char *argv[])
+ {
+ test_add_watch ();
+- test_poll ();
++ // test_poll ();
+
+ return 0;
+ }
diff --git a/user/libnih/musl-enomem-message.patch b/user/libnih/musl-enomem-message.patch
new file mode 100644
index 000000000..2adeff852
--- /dev/null
+++ b/user/libnih/musl-enomem-message.patch
@@ -0,0 +1,489 @@
+--- libnih-1.0.3/nih-dbus-tool/tests/test_parse.c.old 2010-09-20 18:17:01.000000000 -0500
++++ libnih-1.0.3/nih-dbus-tool/tests/test_parse.c 2017-09-27 20:40:32.998734677 -0500
+@@ -1583,11 +1583,16 @@
+ Signal * signal;
+ Property * property;
+ Argument * argument;
++ char mem_error[280] = "test:foo:[0-9]*:[0-9]*: ";
+
+ TEST_FUNCTION ("parse_xml");
+ fp = tmpfile ();
+ output = tmpfile ();
+
++
++ strerror_r(ENOMEM, mem_error+24, 254);
++ mem_error[strlen(mem_error)] = '\n';
++
+ /* Check that a file containing a single node entity is parsed
+ * successfully, returning a Node structure with no information
+ * attached.
+@@ -1608,8 +1613,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -1645,8 +1649,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -1686,8 +1689,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -1743,8 +1745,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -1800,8 +1801,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -1857,8 +1857,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -1916,8 +1915,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -1973,8 +1971,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2047,8 +2044,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2121,8 +2117,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2195,8 +2190,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2271,8 +2265,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2345,8 +2338,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2419,8 +2411,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2493,8 +2484,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2567,8 +2557,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2641,8 +2630,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2729,8 +2717,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2817,8 +2804,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2904,8 +2890,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -2992,8 +2977,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3107,8 +3091,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3199,8 +3182,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3291,8 +3273,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3417,8 +3398,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3575,8 +3555,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3647,8 +3626,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3719,8 +3697,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3791,8 +3768,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3865,8 +3841,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -3937,8 +3912,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4023,8 +3997,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4108,8 +4081,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4194,8 +4166,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4306,8 +4277,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4426,8 +4396,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4579,8 +4548,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4652,8 +4620,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4725,8 +4692,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4800,8 +4766,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4875,8 +4840,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -4950,8 +4914,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -5027,8 +4990,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -5104,8 +5066,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -5233,8 +5194,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -5570,8 +5530,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
+@@ -5996,8 +5955,7 @@
+ if (test_alloc_failed) {
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_MATCH (output, ("test:foo:[0-9]*:[0-9]*: "
+- "Cannot allocate memory\n"));
++ TEST_FILE_MATCH (output, mem_error);
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
+ continue;
diff --git a/user/libnih/musl-fix-signals.patch b/user/libnih/musl-fix-signals.patch
new file mode 100644
index 000000000..97ef8196d
--- /dev/null
+++ b/user/libnih/musl-fix-signals.patch
@@ -0,0 +1,12 @@
+--- libnih-1.0.3.orig/nih/signal.c
++++ libnih-1.0.3/nih/signal.c
+@@ -87,7 +87,9 @@
+ { SIGSTKFLT, "STKFLT" },
+ #endif
+ { SIGCHLD, "CHLD" },
++#ifdef SIGCLD
+ { SIGCLD, "CLD" },
++#endif
+ { SIGCONT, "CONT" },
+ { SIGSTOP, "STOP" },
+ { SIGTSTP, "TSTP" },
diff --git a/user/libnih/parse-test-fix.patch b/user/libnih/parse-test-fix.patch
new file mode 100644
index 000000000..e993bf324
--- /dev/null
+++ b/user/libnih/parse-test-fix.patch
@@ -0,0 +1,11 @@
+--- libnih-1.0.3/nih-dbus-tool/tests/test_parse.c.old 2018-03-02 16:54:29.969068332 -0600
++++ libnih-1.0.3/nih-dbus-tool/tests/test_parse.c 2018-03-02 17:05:41.629074683 -0600
+@@ -7908,7 +7908,7 @@
+
+ TEST_EQ_P (node, NULL);
+
+- TEST_FILE_EQ (output, ("test:foo:2:0: "
++ TEST_FILE_EQ (output, ("test:foo:1:36: "
+ "Invalid object path in <node> name attribute\n"));
+ TEST_FILE_END (output);
+ TEST_FILE_RESET (output);
diff --git a/user/libnotify/APKBUILD b/user/libnotify/APKBUILD
new file mode 100644
index 000000000..a59730e1b
--- /dev/null
+++ b/user/libnotify/APKBUILD
@@ -0,0 +1,34 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libnotify
+pkgver=0.7.7
+pkgrel=1
+pkgdesc="Desktop notification library"
+url="http://library.gnome.org/devel/notification-spec/"
+arch="all"
+license="LGPL"
+options="!check" # Test suite requires running X11
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+depends_dev="dbus-dev"
+makedepends="$depends_dev gdk-pixbuf-dev glib-dev autoconf automake
+ gobject-introspection-dev"
+source="https://download.gnome.org/sources/${pkgname}/${pkgver%.*}/${pkgname}-${pkgver}.tar.xz"
+
+builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --disable-static \
+ --disable-tests
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+sha512sums="133874114407bf12267ef609f5941657181760bc7cf115c5973b1810cb72bf55072b621c143e32be1e7e8b49f244851925d14bc3f9f26457747b8a8695ee9954 libnotify-0.7.7.tar.xz"
diff --git a/user/libsndfile/APKBUILD b/user/libsndfile/APKBUILD
new file mode 100644
index 000000000..66abef4f7
--- /dev/null
+++ b/user/libsndfile/APKBUILD
@@ -0,0 +1,61 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libsndfile
+pkgver=1.0.28
+pkgrel=3
+pkgdesc="A C library for reading and writing files containing sampled sound"
+url="http://www.mega-nerd.com/libsndfile"
+arch="all"
+license="LGPL2+"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+depends_dev="flac-dev libvorbis-dev libogg-dev"
+makedepends="linux-headers alsa-lib-dev $depends_dev"
+source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz
+ CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
+ CVE-2017-8362.patch
+ CVE-2017-12562.patch
+ varargs-32bit.patch
+ "
+
+# secfixes:
+# 1.0.28-r2:
+# - CVE-2017-12562
+# 1.0.28-r0:
+# - CVE-2017-7585
+# - CVE-2017-7741
+# - CVE-2017-7742
+# 1.0.28-r1:
+# - CVE-2017-8361
+# - CVE-2017-8362
+# - CVE-2017-8363
+# - CVE-2017-8365
+
+builddir="$srcdir/$pkgname-$pkgver"
+build () {
+ cd "$builddir"
+ ac_cv_sys_largefile_CFLAGS="-D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" \
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --disable-sqlite \
+ --enable-largefile
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f libsndfile-1.0.28.tar.gz
+f98c40696fca3e7bca867df993de55bb4145c23428e65d1a669182eb2293046478ac727ae7f94bb77123ef0355c3c53be4f9d6a432665c90c74687d8d3afd9e3 CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
+dfd4b5f1c7471fc416eed5c6040580a020543f145de9103751adaad6ce1c5c6a22abc1cf0ffd381aed3072644cd5ee03ba3598265aa7d202d63167da251cb595 CVE-2017-8362.patch
+814139567d90fb07908014e858c341fe933e04dca69b88ad66078910888237bbeba94f85d9e1489883c424f35fca312eb98c21ae2b122d9289bb6418725cd02e CVE-2017-12562.patch
+2b83bacec23665cd31a596a1ce1fb543f935c7609dfff93a85822f81d66b3483cd547cd043eefb901d543276c270a17add70bf0db6348b5279220a7ecbd8b339 varargs-32bit.patch"
diff --git a/user/libsndfile/CVE-2017-12562.patch b/user/libsndfile/CVE-2017-12562.patch
new file mode 100644
index 000000000..f195e87e4
--- /dev/null
+++ b/user/libsndfile/CVE-2017-12562.patch
@@ -0,0 +1,88 @@
+From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
+Date: Wed, 14 Jun 2017 12:25:40 +0200
+Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
+ in binheader
+
+Fixes the following problems:
+ 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
+ 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
+ big switch statement by an amount (16 bytes) which is enough for all cases
+ where only a single value gets added. Cases 's', 'S', 'p' however
+ additionally write an arbitrary length block of data and again enlarge the
+ buffer to the required amount. However, the required space calculation does
+ not take into account the size of the length field which gets output before
+ the data.
+ 3. Buffer size requirement calculation in case 'S' does not account for the
+ padding byte ("size += (size & 1) ;" happens after the calculation which
+ uses "size").
+ 4. Case 'S' can overrun the header buffer by 1 byte when no padding is
+ involved
+ ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
+ the buffer is only guaranteed to have "size" space available).
+ 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
+ beyond the space which is guaranteed to be allocated in the header buffer.
+ 6. Case 's' can overrun the provided source string by 1 byte if padding is
+ involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
+ where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
+ plus optionally another 1 which is padding and not guaranteed to be
+ readable via the source string pointer).
+
+Closes: https://github.com/erikd/libsndfile/issues/292
+---
+ src/common.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/common.c b/src/common.c
+index 1a6204ca..6b2a2ee9 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ /* Write a C string (guaranteed to have a zero terminator). */
+ strptr = va_arg (argptr, char *) ;
+ size = strlen (strptr) + 1 ;
+- size += (size & 1) ;
+
+- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ return count ;
+
+ if (psf->rwf_endian == SF_ENDIAN_BIG)
+- header_put_be_int (psf, size) ;
++ header_put_be_int (psf, size + (size & 1)) ;
+ else
+- header_put_le_int (psf, size) ;
++ header_put_le_int (psf, size + (size & 1)) ;
+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
++ size += (size & 1) ;
+ psf->header.indx += size ;
+ psf->header.ptr [psf->header.indx - 1] = 0 ;
+ count += 4 + size ;
+@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ */
+ strptr = va_arg (argptr, char *) ;
+ size = strlen (strptr) ;
+- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ return count ;
+ if (psf->rwf_endian == SF_ENDIAN_BIG)
+ header_put_be_int (psf, size) ;
+ else
+ header_put_le_int (psf, size) ;
+- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
++ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
+ size += (size & 1) ;
+ psf->header.indx += size ;
+- psf->header.ptr [psf->header.indx] = 0 ;
+ count += 4 + size ;
+ break ;
+
+@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ size = (size & 1) ? size : size + 1 ;
+ size = (size > 254) ? 254 : size ;
+
+- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ return count ;
+
+ header_put_byte (psf, size) ;
diff --git a/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch b/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
new file mode 100644
index 000000000..1dc5b57f1
--- /dev/null
+++ b/user/libsndfile/CVE-2017-8361_CVE-2017-8363_CVE-2017-8365.patch
@@ -0,0 +1,64 @@
+From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Wed, 12 Apr 2017 19:45:30 +1000
+Subject: [PATCH] FLAC: Fix a buffer read overrun
+
+Buffer read overrun occurs when reading a FLAC file that switches
+from 2 channels to one channel mid-stream. Only option is to
+abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/230
+---
+ src/common.h | 1 +
+ src/flac.c | 13 +++++++++++++
+ src/sndfile.c | 1 +
+ 3 files changed, 15 insertions(+)
+
+diff --git a/src/common.h b/src/common.h
+index 0bd810c3..e2669b6a 100644
+--- a/src/common.h
++++ b/src/common.h
+@@ -725,6 +725,7 @@ enum
+ SFE_FLAC_INIT_DECODER,
+ SFE_FLAC_LOST_SYNC,
+ SFE_FLAC_BAD_SAMPLE_RATE,
++ SFE_FLAC_CHANNEL_COUNT_CHANGED,
+ SFE_FLAC_UNKOWN_ERROR,
+
+ SFE_WVE_NOT_WVE,
+diff --git a/src/flac.c b/src/flac.c
+index 84de0e26..986a7b8f 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+
+ switch (metadata->type)
+ { case FLAC__METADATA_TYPE_STREAMINFO :
++ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
++ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
++ "Nothing to be but to error out.\n" ,
++ psf->sf.channels, metadata->data.stream_info.channels) ;
++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++ return ;
++ } ;
++
++ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
++ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
++ "Carrying on as if nothing happened.",
++ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
++ } ;
+ psf->sf.channels = metadata->data.stream_info.channels ;
+ psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
+ psf->sf.frames = metadata->data.stream_info.total_samples ;
+diff --git a/src/sndfile.c b/src/sndfile.c
+index 41875610..e2a87be8 100644
+--- a/src/sndfile.c
++++ b/src/sndfile.c
+@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
+ { SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
+ { SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
+ { SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
++ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
+ { SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
+
+ { SFE_WVE_NOT_WVE , "Error : not a WVE file." },
diff --git a/user/libsndfile/CVE-2017-8362.patch b/user/libsndfile/CVE-2017-8362.patch
new file mode 100644
index 000000000..54fbfb44c
--- /dev/null
+++ b/user/libsndfile/CVE-2017-8362.patch
@@ -0,0 +1,50 @@
+From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Fri, 14 Apr 2017 15:19:16 +1000
+Subject: [PATCH] src/flac.c: Fix a buffer read overflow
+
+A file (generated by a fuzzer) which increased the number of channels
+from one frame to the next could cause a read beyond the end of the
+buffer provided by libFLAC. Only option is to abort the read.
+
+Closes: https://github.com/erikd/libsndfile/issues/231
+---
+ src/flac.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/src/flac.c b/src/flac.c
+index 5a4f8c21..e4f9aaa0 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ const int32_t* const *buffer = pflac->wbuffer ;
+ unsigned i = 0, j, offset, channels, len ;
+
++ if (psf->sf.channels != (int) frame->header.channels)
++ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
++ "Nothing to do but to error out.\n" ,
++ psf->sf.channels, frame->header.channels) ;
++ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
++ return 0 ;
++ } ;
++
+ /*
+ ** frame->header.blocksize is variable and we're using a constant blocksize
+ ** of FLAC__MAX_BLOCK_SIZE.
+@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ return 0 ;
+ } ;
+
+-
+ len = SF_MIN (pflac->len, frame->header.blocksize) ;
+
+ if (pflac->remain % channels != 0)
+@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
+ { case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+- "Nothing to be but to error out.\n" ,
++ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
diff --git a/user/libsndfile/varargs-32bit.patch b/user/libsndfile/varargs-32bit.patch
new file mode 100644
index 000000000..81f149add
--- /dev/null
+++ b/user/libsndfile/varargs-32bit.patch
@@ -0,0 +1,11 @@
+--- libsndfile-1.0.28/src/rf64.c.old 2017-04-02 02:43:22.000000000 -0500
++++ libsndfile-1.0.28/src/rf64.c 2018-03-04 22:35:31.072461118 -0600
+@@ -737,7 +737,7 @@
+
+ pad_size = psf->dataoffset - 16 - psf->header.indx ;
+ if (pad_size >= 0)
+- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
++ psf_binheader_writef (psf, "m4z", PAD_MARKER, (unsigned int) pad_size, make_size_t (pad_size)) ;
+
+ if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
+ psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
diff --git a/user/libssh2/APKBUILD b/user/libssh2/APKBUILD
new file mode 100644
index 000000000..1bfdfdef9
--- /dev/null
+++ b/user/libssh2/APKBUILD
@@ -0,0 +1,41 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libssh2
+pkgver=1.8.0
+pkgrel=1
+pkgdesc="library for accessing ssh1/ssh2 protocol servers"
+url="http://libssh2.org/"
+arch="all"
+license="BSD"
+makedepends_host="openssl-dev zlib-dev"
+options="!check"
+subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc"
+source="http://www.libssh2.org/download/libssh2-$pkgver.tar.gz"
+builddir="$srcdir"/libssh2-$pkgver
+
+prepare() {
+ cd "$builddir"
+ update_config_sub
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var \
+ --with-libssl-prefix="${CBUILDROOT}"/usr \
+ --disable-rpath
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="289aa45c4f99653bebf5f99565fe9c519abc204feb2084b47b7cc3badc8bf4ecdedd49ea6acdce8eb902b3c00995d5f92a3ca77b2508b92f04ae0e7de7287558 libssh2-1.8.0.tar.gz"
diff --git a/user/libvpx/APKBUILD b/user/libvpx/APKBUILD
new file mode 100644
index 000000000..27de30e06
--- /dev/null
+++ b/user/libvpx/APKBUILD
@@ -0,0 +1,52 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libvpx
+pkgver=1.6.1
+pkgrel=1
+pkgdesc="Library for the vp8 codec"
+url="http://www.webmproject.org/"
+arch="all"
+license="GPL"
+options="!check"
+depends=""
+makedepends="coreutils yasm bash perl which"
+subpackages="$pkgname-dev $pkgname-utils"
+source="https://storage.googleapis.com/downloads.webmproject.org/releases/webm/$pkgname-$pkgver.tar.bz2"
+
+builddir="$srcdir"/$pkgname-$pkgver
+build() {
+ cd "$builddir"
+ # build fix for arm
+ export CROSS=" "
+ bash ./configure \
+ --enable-pic \
+ --enable-libs \
+ --enable-runtime-cpu-detect \
+ --enable-vp8 \
+ --enable-vp9 \
+ --enable-shared \
+ --disable-install-srcs \
+ --enable-postproc
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DIST_DIR="$pkgdir"/usr install
+ chmod 644 "$pkgdir"/usr/include/vpx/*.h \
+ "$pkgdir"/usr/lib/pkgconfig/*
+ chown root:root -R "$pkgdir"
+ chmod 755 "$pkgdir"/usr/lib/*
+}
+
+utils() {
+ pkgdesc="VP8 utilities and tools"
+ install -d "$subpkgdir"/usr
+ mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+}
+
+sha512sums="1a4b009fe1737715c6563a79848126a5859394a5074b1e9cca9bc2e213df90890c15e708040d5f2c96c7c21e268f51e1352ac6911514bf891a4bf3eea154159d libvpx-1.6.1.tar.bz2"
diff --git a/user/libvpx/libm-pc.patch b/user/libvpx/libm-pc.patch
new file mode 100644
index 000000000..87f07a398
--- /dev/null
+++ b/user/libvpx/libm-pc.patch
@@ -0,0 +1,11 @@
+--- ./libs.mk.orig
++++ ./libs.mk
+@@ -241,7 +241,7 @@
+ $(qexec)echo 'Version: $(VERSION_MAJOR).$(VERSION_MINOR).$(VERSION_PATCH)' >> $@
+ $(qexec)echo 'Requires:' >> $@
+ $(qexec)echo 'Conflicts:' >> $@
+- $(qexec)echo 'Libs: -L$${libdir} -lvpx' >> $@
++ $(qexec)echo 'Libs: -L$${libdir} -lvpx -lm' >> $@
+ $(qexec)echo 'Cflags: -I$${includedir}' >> $@
+ INSTALL-LIBS-yes += $(LIBSUBDIR)/pkgconfig/vpx.pc
+ INSTALL_MAPS += $(LIBSUBDIR)/pkgconfig/%.pc %.pc
diff --git a/user/lighttpd/APKBUILD b/user/lighttpd/APKBUILD
new file mode 100644
index 000000000..356bce93e
--- /dev/null
+++ b/user/lighttpd/APKBUILD
@@ -0,0 +1,116 @@
+# Contributor: Valery Kartel <valery.kartel@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lighttpd
+pkgver=1.4.48
+pkgrel=0
+pkgdesc="A secure, fast, compliant and very flexible web-server"
+url="http://www.lighttpd.net/"
+arch="all"
+license="custom"
+install="$pkgname.pre-install $pkgname.pre-upgrade"
+pkgusers="lighttpd"
+pkggroups="lighttpd"
+makedepends="flex pcre-dev openssl-dev zlib-dev bzip2-dev lua5.2-dev
+ automake autoconf openldap-dev libxml2-dev sqlite-dev libev-dev
+ gamin-dev attr-dev"
+subpackages="$pkgname-doc $pkgname-dbg $pkgname-mod_auth $pkgname-openrc
+ $pkgname-mod_webdav"
+source="http://download.lighttpd.net/lighttpd/releases-1.4.x/$pkgname-$pkgver.tar.xz
+ $pkgname.initd
+ $pkgname.confd
+ $pkgname.logrotate
+ lighttpd.conf
+ mime-types.conf
+ mod_cgi.conf
+ mod_fastcgi.conf
+ mod_fastcgi_fpm.conf
+ char-signedness.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --disable-dependency-tracking \
+ --enable-lfs \
+ --libdir=/usr/lib/lighttpd \
+ --without-mysql \
+ --with-attr \
+ --without-kerberos5 \
+ --with-fam \
+ --with-webdav-props \
+ --with-webdav-locks \
+ --without-gdbm \
+ --with-bzip2 \
+ --with-ldap \
+ --with-openssl \
+ --with-libev \
+ --with-lua
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+
+ make DESTDIR="$pkgdir" install
+
+ # create dirs
+ install -d -m755 -o lighttpd -g lighttpd \
+ "$pkgdir"/var/log/lighttpd/
+ install -d -m755 \
+ "$pkgdir"/etc/lighttpd/ \
+ "$pkgdir"/var/www/localhost/htdocs
+
+ # lighttpd
+ install -D -m755 "$srcdir"/lighttpd.initd \
+ "$pkgdir"/etc/init.d/lighttpd
+ install -D -m644 "$srcdir"/lighttpd.confd \
+ "$pkgdir"/etc/conf.d/lighttpd
+ install -D -m644 "$srcdir"/lighttpd.logrotate \
+ "$pkgdir"/etc/logrotate.d/lighttpd
+
+ # config files
+ local i; for i in lighttpd.conf mime-types.conf mod_cgi.conf \
+ mod_fastcgi.conf mod_fastcgi_fpm.conf
+ do
+ install -m644 "$srcdir"/$i "$pkgdir"/etc/lighttpd/$i
+ done
+}
+
+_mv_mod() {
+ mkdir -p "$subpkgdir"/usr/lib/lighttpd
+ while [ $# -gt 0 ]; do
+ mv "$pkgdir"/usr/lib/lighttpd/$1.so \
+ "$subpkgdir"/usr/lib/lighttpd/
+ shift
+ done
+}
+
+mod_auth() {
+ pkgdesc="Authentication module for lighttpd"
+ _mv_mod mod_auth
+}
+
+mod_webdav() {
+ pkgdesc="WebDAV module for lighttpd"
+ _mv_mod mod_webdav
+}
+
+sha512sums="361dbf07b280aa7345f3026cce6d12d0aeaa3bb535b5a5b2a894a568395f46a9c7ce723dfd1948225117495f3e63ec207b72d5e4b680da7cd56419e23cf8bae4 lighttpd-1.4.48.tar.xz
+f2f3c5c7731550237fd75a8de66275f427eaf897cffff7ac7ef44178328ad8fad6c4ec6654759bfc665cbaf7991ddcdf0aaa916831c8b6aa440192d57b242038 lighttpd.initd
+9d2ab5deb7353ebf290e90936b511941df440859c78589d0bcf130ef69a5e9c79e4d318548b6b118df002083c46f7476230a28954b7a10a9dbd05040e02b1291 lighttpd.confd
+0536b4f21d2e8659f7831b45998c13d9f6051ae7ecde13be01f372f837d255bfc4e211de48a7686cc743d53aa9c08ab3f10ec19788896dcf8356b90053ca7a16 lighttpd.logrotate
+b0fd7500ea7f7f7f9fbf04bb66eb06050cfed57bdc1730900b4c559598176442e4504395f1d406e037e7cffeaa1451d40a6cad408570f7f7e1dd6cc26c968912 lighttpd.conf
+a3f2f5763885d7e4f510491b24164e34aaf62bb02daa12991575dc64335c12668355af5bb8d6ce191eb4e9cce95324b1f7c9ba61b323b4e7b50a1e03e021afcf mime-types.conf
+27cc638d8068dcf47bd9db44943d1db6c6f4e8e6abd6b42af7cea004b1c093440068541d98c68f8bea70b956713adaf8ed59a4b642dea826ee8620a05f8cfde5 mod_cgi.conf
+1d15b84c03fb648a0e67ab5c5411b85478b4454c44bc2959cc96d1700eeadd7ff429520a5f1550db6527267646622dccd3d47d3fd1258869fccaf5c22d4ad4b2 mod_fastcgi.conf
+f9efc4b70d825600f5356c30e57d0b6cac11c01739337f7192c09c2cfd96cb76c8328b11d818ea4c2addc1a6d253975b84700106ae75854d55d0df73e220bd2b mod_fastcgi_fpm.conf
+ce35c1d65d7b4fedd1fcfadd8a5e906d5efa8dcda318a4fa69958b708c2df329f708591f43b12adaaac4da6a2913d0cc8f9745e636e7f2016c1075bcd52c6bb2 char-signedness.patch"
diff --git a/user/lighttpd/char-signedness.patch b/user/lighttpd/char-signedness.patch
new file mode 100644
index 000000000..43f7f5faf
--- /dev/null
+++ b/user/lighttpd/char-signedness.patch
@@ -0,0 +1,46 @@
+
+Added by gstrauss 16 days ago
+
+ ID d4083effab0f9bf76528d5c47198b17e7471ed13
+ Parent 0c95ed37
+ Child 37f9b60d
+
+[core] fix base64 decode when char is unsigned (fixes #2848)
+
+thx, codehero
+
+x-ref:
+"buffer_append_base64_decode() broken on compilers where char is assumed unsigned"
+https://redmine.lighttpd.net/issues/2848
+
+diff --git a/src/base64.c b/src/base64.c
+index f39dbaa2..3034181a 100644
+--- a/src/base64.c
++++ b/src/base64.c
+@@ -11,7 +11,7 @@
+
+ /* BASE64_STANDARD: "A-Z a-z 0-9 + /" maps to 0-63, pad with "=" */
+ static const char base64_standard_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
+-static const char base64_standard_reverse_table[] = {
++static const signed char base64_standard_reverse_table[] = {
+ /* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
+ -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */
+ -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */
+@@ -25,7 +25,7 @@ static const char base64_standard_reverse_table[] = {
+
+ /* BASE64_URL: "A-Z a-z 0-9 - _" maps to 0-63, pad with "." */
+ static const char base64_url_table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_.";
+-static const char base64_url_reverse_table[] = {
++static const signed char base64_url_reverse_table[] = {
+ /* 0 1 2 3 4 5 6 7 8 9 A B C D E F */
+ -1, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x00 - 0x0F */
+ -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, /* 0x10 - 0x1F */
+@@ -42,7 +42,7 @@ unsigned char* buffer_append_base64_decode(buffer *out, const char* in, size_t i
+ size_t out_pos = 0; /* current output character (position) that is decoded. can contain partial result */
+ unsigned int group = 0; /* how many base64 digits in the current group were decoded already. each group has up to 4 digits */
+ size_t i;
+- const char *base64_reverse_table;
++ const signed char *base64_reverse_table;
+
+ switch (charset) {
+ case BASE64_STANDARD:
diff --git a/user/lighttpd/lighttpd.conf b/user/lighttpd/lighttpd.conf
new file mode 100644
index 000000000..cfec00065
--- /dev/null
+++ b/user/lighttpd/lighttpd.conf
@@ -0,0 +1,261 @@
+###################################
+# Default lighttpd.conf for Adélie
+###################################
+
+
+######## Variables ########
+var.basedir = "/var/www/localhost"
+var.logdir = "/var/log/lighttpd"
+var.statedir = "/var/lib/lighttpd"
+
+
+######## Modules ########
+# NOTE: the order of modules is important.
+server.modules = (
+# "mod_rewrite",
+# "mod_redirect",
+# "mod_alias",
+ "mod_access",
+# "mod_cml",
+# "mod_trigger_b4_dl",
+# "mod_auth",
+# "mod_status",
+ "mod_setenv",
+# "mod_proxy",
+# "mod_simple_vhost",
+# "mod_evhost",
+# "mod_userdir",
+ "mod_compress",
+# "mod_ssi",
+# "mod_usertrack",
+ "mod_expire",
+# "mod_secdownload",
+# "mod_rrdtool",
+# "mod_webdav",
+ "mod_accesslog"
+)
+
+
+######## Inclusions ########
+include "mime-types.conf"
+# uncomment for cgi support
+# include "mod_cgi.conf"
+# uncomment for php/fastcgi support
+# include "mod_fastcgi.conf"
+# uncomment for php/fastcgi fpm support
+# include "mod_fastcgi_fpm.conf"
+
+
+######## Global Settings ########
+server.username = "lighttpd"
+server.groupname = "lighttpd"
+
+server.document-root = var.basedir + "/htdocs"
+server.pid-file = "/run/lighttpd.pid"
+
+server.errorlog = var.logdir + "/error.log"
+# To log errors to syslog instead, use:
+# server.errorlog-use-syslog = "enable"
+
+server.indexfiles = ("index.html", "index.htm", "default.htm")
+
+# server.tag = "lighttpd"
+
+server.follow-symlink = "enable"
+
+server.event-handler = "linux-sysepoll"
+
+# To chroot to a directory:
+# server.chroot = "/"
+
+# Default bind port is 80. To change:
+# server.port = 81
+
+# Default bind address is global (0.0.0.0). To change:
+# server.bind = "grisu.home.kneschke.de"
+
+# error-handler for status 404
+# server.error-handler-404 = "/error-handler.html"
+
+# Format: <errorfile-prefix><status-code>.html
+# -> ..../status-404.html for 'File not found'
+# server.errorfile-prefix = var.basedir + "/error/status-"
+
+# FAM support for caching stat() calls
+server.stat-cache-engine = "fam"
+
+# which extensions should not be handled via static-file transfer
+# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
+static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
+
+
+######## mod_accesslog config ########
+accesslog.filename = var.logdir + "/access.log"
+
+
+######## mod_dirlisting config ########
+# Enable directory listings if no indexfile is present.
+#dir-listing.activate = "enable"
+
+# Don't list hidden files/directories (beginning with '.')
+#dir-listing.hide-dotfiles = "enable"
+#
+# Specify a path here for custom directory listing CSS:
+#dir-listing.external-css = "/path/to/dir-listing.css"
+#
+# Exclude files that match any regex in this list from directory listings:
+#dir-listing.exclude = ("^\.", "~$")
+
+
+######## mod_access config ########
+# See access.txt in lighttpd-doc package for more info.
+
+url.access-deny = ("~", ".inc")
+
+
+######## mod_userdir config ########
+# This will give all users with valid homedirs the chance to publish a
+# webpage from this server using traditional /~username/ paths.
+# See userdir.txt in lighttpd-doc package for more info.
+#
+#userdir.path = "public_html"
+#userdir.exclude-user = ("root")
+
+
+######## mod_ssi config ########
+# This allows you to use server-side includes.
+#ssi.extension = (".shtml")
+
+
+######## SSL config ########
+# See ssl.txt in lighttpd-doc package for more info.
+# The defaults here are NOT the server defaults. You need to uncomment
+# them to use them. They are HIGHLY recommended; by default, lighttpd
+# will serve older TLS protocols that may be vulnerable to attack.
+#
+#ssl.engine = "enable"
+#ssl.honor-cipher-order = "enable"
+#ssl.disable-client-renegotiation = "enable"
+# pemfile is cert+privkey, ca-file is the intermediate chain in one file
+#ssl.pemfile = "/path/to/signed_cert_plus_private_key.pem"
+#ssl.ca-file = "/path/to/intermediate_certificate.pem"
+# ECDH/ECDHE ciphers curve strength (see `openssl ecparam -list_curves`)
+#ssl.ec-curve = "secp384r1"
+# Environment flag for HTTPS enabled
+#setenv.add-environment = (
+# "HTTPS" => "on"
+#)
+# Modern configuration, tweak to your needs
+#ssl.use-sslv2 = "disable"
+#ssl.use-sslv3 = "disable"
+#ssl.cipher-list = "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+# HSTS(15768000 seconds = 6 months)
+#setenv.add-response-header = (
+# "Strict-Transport-Security" => "max-age=15768000;"
+#)
+
+
+######## mod_status config ########
+# This is generally handy and won't expose any sensitive info.
+#status.status-url = "/server-status"
+# This will expose some of your configuration to the world!
+#status.config-url = "/server-config"
+
+
+######## mod_compress config ########
+compress.cache-dir = var.statedir + "/cache/compress"
+compress.filetype = ("text/plain", "text/html")
+
+
+######## mod_proxy config ########
+# See proxy.txt in lighttpd-doc package for more info.
+# proxy.server = ( ".php" =>
+# ( "localhost" =>
+# (
+# "host" => "192.168.0.101",
+# "port" => 80
+# )
+# )
+# )
+# }}}
+
+
+######## mod_auth config ########
+# See authentication.txt in lighttpd-doc package for more info.
+#auth.backend = "plain"
+#auth.backend.plain.userfile = "lighttpd.user"
+#auth.backend.plain.groupfile = "lighttpd.group"
+
+#auth.backend.ldap.hostname = "localhost"
+#auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
+#auth.backend.ldap.filter = "(uid=$)"
+
+#auth.require = ( "/server-status" =>
+# (
+# "method" => "digest",
+# "realm" => "download archiv",
+# "require" => "user=jan"
+# ),
+# "/server-info" =>
+# (
+# "method" => "digest",
+# "realm" => "download archiv",
+# "require" => "valid-user"
+# )
+# )
+
+
+######## mod_rewrite config ########
+# Apache-style mod_rewrite for implementing URL rewriting.
+# See rewrite.txt in lighttpd-doc package for more info.
+#
+#url.rewrite = (
+# "^/$" => "/server-status"
+#)
+
+
+######## mod_redirect config ########
+# See redirect.txt in lighttpd-doc package for more info.
+#
+#url.redirect = (
+# "^/wishlist/(.+)" => "http://www.123.org/$1"
+#)
+
+
+######## mod_expire config ########
+# It is highly recommended you configure Expire: headers correctly to
+# conserve bandwidth, especially for users on slow links.
+#expire.url = (
+# "/buggy/" => "access 2 hours",
+# "/asdhas/" => "access plus 1 seconds 2 minutes"
+#)
+
+# {{{ mod_trigger_b4_dl
+# see trigger_b4_dl.txt
+#
+# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
+# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
+# trigger-before-download.trigger-url = "^/trigger/"
+# trigger-before-download.download-url = "^/download/"
+# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
+# trigger-before-download.trigger-timeout = 10
+# }}}
+
+
+######## mod_webdav config ########
+# lighttpd can act as a WebDAV server.
+# See webdav.txt in lighttpd-doc package for more info.
+#
+#$HTTP["url"] =~ "^/dav($|/)" {
+# webdav.activate = "enable"
+# webdav.is-readonly = "enable"
+#}
+
+
+######## Debugging options ########
+# debug.log-request-header = "enable"
+# debug.log-response-header = "enable"
+# debug.log-request-handling = "enable"
+# debug.log-file-not-found = "enable"
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/lighttpd.confd b/user/lighttpd/lighttpd.confd
new file mode 100644
index 000000000..da524afb4
--- /dev/null
+++ b/user/lighttpd/lighttpd.confd
@@ -0,0 +1,12 @@
+# /etc/conf.d/lighttpd
+
+# Location of a shell used by the 'include_shell' directive
+# in the lighttpd's configuration file
+#export SHELL="/bin/bash"
+
+# Location of the lighttpd configuration file
+LIGHTTPD_CONF="/etc/lighttpd/lighttpd.conf"
+
+# Location of the lighttpd pid file
+LIGHTTPD_PID="/run/lighttpd.pid"
+
diff --git a/user/lighttpd/lighttpd.initd b/user/lighttpd/lighttpd.initd
new file mode 100644
index 000000000..614cb2132
--- /dev/null
+++ b/user/lighttpd/lighttpd.initd
@@ -0,0 +1,75 @@
+#!/sbin/openrc-run
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd,v 1.21 2012/01/08 20:45:46 hwoarang Exp $
+
+extra_started_commands="reload graceful"
+required_files=$LIGHTTPD_CONF
+
+depend() {
+ need net
+ use mysql logger spawn-fcgi ldap slapd netmount dns
+ after firewall
+ after famd
+ after sshd
+}
+
+checkconfig() {
+ if [ ! -f "${LIGHTTPD_CONF}" ] ; then
+ ewarn "${LIGHTTPD_CONF} does not exist."
+ return 1
+ fi
+
+ if [ -z "${LIGHTTPD_PID}" ] ; then
+ ewarn "server.pid-file variable in ${LIGHTTPD_CONF}"
+ ewarn "is not set. Falling back to lighttpd.pid"
+ LIGHTTPD_PID="/run/lighttpd.pid"
+ fi
+ /usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null
+}
+
+start() {
+ checkconfig || return 1
+ checkpath -d -q -m 0750 -o lighttpd:lighttpd /run/lighttpd/
+
+ ebegin "Starting lighttpd"
+ start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \
+ --pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}"
+ eend $?
+}
+
+stop() {
+ local rv=0
+ ebegin "Stopping lighttpd"
+ start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}"
+ eend $?
+}
+
+reload() {
+ if ! service_started "${SVCNAME}" ; then
+ eerror "${SVCNAME} isn't running"
+ return 1
+ fi
+ checkconfig || return 1
+
+ ebegin "Re-opening lighttpd log files"
+ start-stop-daemon --quiet --pidfile "${LIGHTTPD_PID}" \
+ --signal HUP
+ eend $?
+}
+
+graceful() {
+ if ! service_started "${SVCNAME}" ; then
+ eerror "${SVCNAME} isn't running"
+ return 1
+ fi
+ checkconfig || return 1
+
+ ebegin "Gracefully stopping lighttpd"
+ start-stop-daemon --quiet --pidfile "${LIGHTTPD_PID}" \
+ --signal INT
+ if eend $? ; then
+ rm -f "${LIGHTTPD_PID}"
+ start
+ fi
+}
diff --git a/user/lighttpd/lighttpd.logrotate b/user/lighttpd/lighttpd.logrotate
new file mode 100644
index 000000000..8fbb20fb0
--- /dev/null
+++ b/user/lighttpd/lighttpd.logrotate
@@ -0,0 +1,15 @@
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.logrotate,v 1.2 2006/05/30 19:49:29 bangert Exp $
+# lighttpd logrotate script for Gentoo
+
+/var/log/lighttpd/*.log {
+ daily
+ missingok
+ copytruncate
+ rotate 7
+ compress
+ notifempty
+ sharedscripts
+ postrotate
+ /etc/init.d/lighttpd --quiet --ifstarted reload
+ endscript
+}
diff --git a/user/lighttpd/lighttpd.pre-install b/user/lighttpd/lighttpd.pre-install
new file mode 100644
index 000000000..81ccda1f9
--- /dev/null
+++ b/user/lighttpd/lighttpd.pre-install
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+addgroup -S -g 82 www-data 2>/dev/null
+addgroup -S lighttpd 2>/dev/null
+adduser -S -D -H -h /var/www/localhost/htdocs -s /sbin/nologin -G lighttpd -g lighttpd lighttpd 2>/dev/null
+addgroup lighttpd www-data 2>/dev/null
+
+exit 0
diff --git a/user/lighttpd/lighttpd.pre-upgrade b/user/lighttpd/lighttpd.pre-upgrade
new file mode 120000
index 000000000..18a7fef66
--- /dev/null
+++ b/user/lighttpd/lighttpd.pre-upgrade
@@ -0,0 +1 @@
+lighttpd.pre-install \ No newline at end of file
diff --git a/user/lighttpd/mime-types.conf b/user/lighttpd/mime-types.conf
new file mode 100644
index 000000000..f24d4d858
--- /dev/null
+++ b/user/lighttpd/mime-types.conf
@@ -0,0 +1,79 @@
+###############################################################################
+# Default mime-types.conf for Gentoo.
+# include'd from lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.4 2010/03/14 21:45:18 bangert Exp $
+###############################################################################
+
+# {{{ mime types
+mimetype.assign = (
+ ".svg" => "image/svg+xml",
+ ".svgz" => "image/svg+xml",
+ ".pdf" => "application/pdf",
+ ".sig" => "application/pgp-signature",
+ ".spl" => "application/futuresplash",
+ ".class" => "application/octet-stream",
+ ".ps" => "application/postscript",
+ ".torrent" => "application/x-bittorrent",
+ ".dvi" => "application/x-dvi",
+ ".gz" => "application/x-gzip",
+ ".pac" => "application/x-ns-proxy-autoconfig",
+ ".swf" => "application/x-shockwave-flash",
+ ".tar.gz" => "application/x-tgz",
+ ".tgz" => "application/x-tgz",
+ ".tar" => "application/x-tar",
+ ".zip" => "application/zip",
+ ".dmg" => "application/x-apple-diskimage",
+ ".mp3" => "audio/mpeg",
+ ".m3u" => "audio/x-mpegurl",
+ ".wma" => "audio/x-ms-wma",
+ ".wax" => "audio/x-ms-wax",
+ ".ogg" => "application/ogg",
+ ".wav" => "audio/x-wav",
+ ".gif" => "image/gif",
+ ".jpg" => "image/jpeg",
+ ".jpeg" => "image/jpeg",
+ ".png" => "image/png",
+ ".xbm" => "image/x-xbitmap",
+ ".xpm" => "image/x-xpixmap",
+ ".xwd" => "image/x-xwindowdump",
+ ".css" => "text/css",
+ ".html" => "text/html",
+ ".htm" => "text/html",
+ ".js" => "text/javascript",
+ ".asc" => "text/plain",
+ ".c" => "text/plain",
+ ".h" => "text/plain",
+ ".cc" => "text/plain",
+ ".cpp" => "text/plain",
+ ".hh" => "text/plain",
+ ".hpp" => "text/plain",
+ ".conf" => "text/plain",
+ ".log" => "text/plain",
+ ".text" => "text/plain",
+ ".txt" => "text/plain",
+ ".diff" => "text/plain",
+ ".patch" => "text/plain",
+ ".ebuild" => "text/plain",
+ ".eclass" => "text/plain",
+ ".rtf" => "application/rtf",
+ ".bmp" => "image/bmp",
+ ".tif" => "image/tiff",
+ ".tiff" => "image/tiff",
+ ".ico" => "image/x-icon",
+ ".dtd" => "text/xml",
+ ".xml" => "text/xml",
+ ".mpeg" => "video/mpeg",
+ ".mpg" => "video/mpeg",
+ ".mov" => "video/quicktime",
+ ".qt" => "video/quicktime",
+ ".avi" => "video/x-msvideo",
+ ".asf" => "video/x-ms-asf",
+ ".asx" => "video/x-ms-asf",
+ ".wmv" => "video/x-ms-wmv",
+ ".bz2" => "application/x-bzip",
+ ".tbz" => "application/x-bzip-compressed-tar",
+ ".tar.bz2" => "application/x-bzip-compressed-tar"
+ )
+# }}}
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/mod_cgi.conf b/user/lighttpd/mod_cgi.conf
new file mode 100644
index 000000000..1cb3770f9
--- /dev/null
+++ b/user/lighttpd/mod_cgi.conf
@@ -0,0 +1,33 @@
+###############################################################################
+# mod_cgi.conf
+# include'd by lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $
+###############################################################################
+
+#
+# see cgi.txt for more information on using mod_cgi
+#
+
+server.modules += ("mod_cgi")
+
+# NOTE: this requires mod_alias
+alias.url = (
+ "/cgi-bin/" => var.basedir + "/cgi-bin/"
+)
+
+#
+# Note that you'll also want to enable the
+# cgi-bin alias via mod_alias (above).
+#
+
+$HTTP["url"] =~ "^/cgi-bin/" {
+ # disable directory listings
+ dir-listing.activate = "disable"
+ # only allow cgi's in this directory
+ cgi.assign = (
+ ".pl" => "/usr/bin/perl",
+ ".cgi" => "/usr/bin/perl"
+ )
+}
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/mod_fastcgi.conf b/user/lighttpd/mod_fastcgi.conf
new file mode 100644
index 000000000..549b84c2e
--- /dev/null
+++ b/user/lighttpd/mod_fastcgi.conf
@@ -0,0 +1,17 @@
+###############################################################################
+# mod_fastcgi.conf
+# include'd by lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $
+###############################################################################
+
+server.modules += ("mod_fastcgi")
+fastcgi.server = ( ".php" =>
+ ( "localhost" =>
+ (
+ "socket" => "/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket",
+ "bin-path" => "/usr/bin/php-cgi"
+ )
+ )
+ )
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lighttpd/mod_fastcgi_fpm.conf b/user/lighttpd/mod_fastcgi_fpm.conf
new file mode 100644
index 000000000..926137a43
--- /dev/null
+++ b/user/lighttpd/mod_fastcgi_fpm.conf
@@ -0,0 +1,16 @@
+###############################################################################
+# mod_fastcgi_fpm.conf
+# include'd by lighttpd.conf.
+###############################################################################
+
+server.modules += ("mod_fastcgi")
+fastcgi.server = ( ".php" =>
+ ( "localhost" =>
+ (
+ "host" => "127.0.0.1",
+ "port" => "9000"
+ )
+ )
+ )
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/user/lm_sensors/APKBUILD b/user/lm_sensors/APKBUILD
new file mode 100644
index 000000000..694adb868
--- /dev/null
+++ b/user/lm_sensors/APKBUILD
@@ -0,0 +1,85 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lm_sensors
+pkgver=3.4.0
+pkgrel=5
+pkgdesc="Collection of user space tools for general SMBus access and hardware monitoring."
+url="http://www.lm-sensors.org/"
+arch="all"
+license="GPL"
+options="!check" # No test suite.
+depends="bash sysfsutils"
+makedepends="perl rrdtool-dev bison flex which"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-detect $pkgname-sensord
+ $pkgname-sensord-openrc:sensord_openrc"
+#install=sensors.install
+
+# 2015-11-11 (bpiotrowski): upstream website is down, Fedora mirrored the file
+#source="http://dl.lm-sensors.org/lm-sensors/releases/$pkgname-$pkgver.tar.bz2
+source="http://pkgs.fedoraproject.org/repo/pkgs/lm_sensors/lm_sensors-3.4.0.tar.bz2/c03675ae9d43d60322110c679416901a/lm_sensors-3.4.0.tar.bz2
+ sensors-detect-alpine.patch
+ musl-fix-includes.patch
+ fancontrol.initd
+ sensord.confd
+ sensord.initd
+ "
+
+prepare() {
+ cd "$builddir"
+ sed -i -e 's:^# \(PROG_EXTRA\):\1:' Makefile
+ # Respect LDFLAGS
+ sed -i -e 's/\$(LIBDIR)$/\$(LIBDIR) \$(LDFLAGS)/g' Makefile
+ sed -i -e 's/\$(LIBSHSONAME) -o/$(LIBSHSONAME) \$(LDFLAGS) -o/g' \
+ lib/Module.mk
+
+ # do not check for libiconv in ldconfig cache
+ sed -i -e 's/^LIBICONV.*/LIBICONV ?=/' prog/sensors/Module.mk
+
+ default_prepare
+}
+
+build() {
+ cd "$builddir"
+ export CFLAGS="$CFLAGS -fno-stack-protector"
+ make PREFIX=/usr user
+}
+
+package() {
+ cd "$builddir"
+ make PROG_EXTRA:=sensord user_install \
+ PREFIX=/usr \
+ MANDIR=/usr/share/man \
+ DESTDIR="$pkgdir"
+
+ cd "$srcdir"
+ install -Dm755 fancontrol.initd "$pkgdir"/etc/init.d/fancontrol
+}
+
+detect() {
+ depends="perl"
+ pkgdesc="Detection/migration scripts for lm_sensors"
+ mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin
+ cd "$pkgdir"
+ mv usr/bin/sensors-conf-convert "$subpkgdir"/usr/bin/
+ mv usr/sbin/sensors-detect "$subpkgdir"/usr/bin/
+}
+
+sensord() {
+ pkgdesc="sensord daemon"
+ cd "$builddir"
+ mkdir -p "$subpkgdir"/usr/sbin
+ mv "$pkgdir"/usr/sbin/sensord "$subpkgdir"/usr/sbin/sensord
+}
+
+sensord_openrc() {
+ pkgdesc="sensord daemon (OpenRC init scripts)"
+ install_if="sensord=$pkgver-r$pkgrel openrc"
+ install -Dm755 "$srcdir"/sensord.initd "$subpkgdir"/etc/init.d/sensord
+ install -Dm755 "$srcdir"/sensord.confd "$subpkgdir"/etc/conf.d/sensord
+}
+
+sha512sums="993064bd14b855c1ae8c057e89313df5b3d5efe441fb2e8c3e508f42bb15658564df2563fac8fabbdb0d650dfdbc694037736c748d45cb9d85dfb8fb5a3d1ea9 lm_sensors-3.4.0.tar.bz2
+794cf2aaa2a9e809c6b67f4c888a89064bba3e5b9333a9f0101a92372c25012e506fa48e86523f57cf30e5c2a808bc38058fd8640c870ea6b48faab44794cfbb sensors-detect-alpine.patch
+333751cb580c94f2d32ef5520d2f2acc0ef7e1cd4a6390ea75cae4c755fbdfcade1805c979ba3319905f1267bdc120a6746e6f70d89e0c72a8c2faefd34a9e79 musl-fix-includes.patch
+04756c3844033dc7897e1348181140a43f8470c1bb863f1524b21bbe6be2f13fbf17ac3a68270c96a70d8c148124fea569d1ef75619bbe383e15ec705ea18b21 fancontrol.initd
+a77d81ab7ded085ba19e4c637e93268f889ccb8ce9e008a210ae135cb6e2140be07e5d455cf7fcc1084fd57cfbfb3f2bb37207123aebe9566f78b5183806fd7d sensord.confd
+9a19874c158e82ab076ed5fb96a40d4bfb4957bfd5a2ce66aa207c06e577bc1b048336c0046a9f856f6d00dc10e68a0dc9726f6e726a8f7bfd50c4043ee1e26a sensord.initd"
diff --git a/user/lm_sensors/fancontrol.initd b/user/lm_sensors/fancontrol.initd
new file mode 100644
index 000000000..cb29a9ee9
--- /dev/null
+++ b/user/lm_sensors/fancontrol.initd
@@ -0,0 +1,33 @@
+#!/sbin/openrc-run
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/fancontrol-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $
+
+CONFIG=/etc/fancontrol
+PID=/var/run/fancontrol.pid
+
+depend() {
+ after lm_sensors
+}
+
+checkconfig() {
+ if [ ! -f ${CONFIG} ]; then
+ eerror "Configuration file ${CONFIG} not found"
+ return 1
+ fi
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting fancontrol"
+ start-stop-daemon --start --quiet --background --pidfile ${PID} \
+ --exec /usr/sbin/fancontrol -- ${CONFIG}
+ eend ${?}
+}
+
+stop() {
+ ebegin "Stopping fancontrol"
+ start-stop-daemon --stop --pidfile ${PID}
+ eend ${?}
+}
diff --git a/user/lm_sensors/musl-fix-includes.patch b/user/lm_sensors/musl-fix-includes.patch
new file mode 100644
index 000000000..501f2dd76
--- /dev/null
+++ b/user/lm_sensors/musl-fix-includes.patch
@@ -0,0 +1,62 @@
+--- lm_sensors-3.3.4.orig/prog/dump/isadump.c
++++ lm_sensors-3.3.4/prog/dump/isadump.c
+@@ -36,13 +36,7 @@
+ #include "util.h"
+ #include "superio.h"
+
+-
+-/* To keep glibc2 happy */
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+
+ #ifdef __powerpc__
+ unsigned long isa_io_base = 0; /* XXX for now */
+--- lm_sensors-3.3.4.orig/prog/dump/isaset.c
++++ lm_sensors-3.3.4/prog/dump/isaset.c
+@@ -32,13 +32,7 @@
+ #include <string.h>
+ #include "util.h"
+
+-
+-/* To keep glibc2 happy */
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+
+ #ifdef __powerpc__
+ unsigned long isa_io_base = 0; /* XXX for now */
+--- lm_sensors-3.3.4.orig/prog/dump/superio.c
++++ lm_sensors-3.3.4/prog/dump/superio.c
+@@ -20,12 +20,7 @@
+ */
+
+ #include <stdlib.h>
+-
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+
+ #include "superio.h"
+
+--- lm_sensors-3.3.4.orig/prog/dump/util.c
++++ lm_sensors-3.3.4/prog/dump/util.c
+@@ -11,12 +11,7 @@
+ #include <stdio.h>
+ #include "util.h"
+
+-/* To keep glibc2 happy */
+-#if defined(__GLIBC__) && __GLIBC__ == 2 && __GLIBC_MINOR__ >= 0
+ #include <sys/io.h>
+-#else
+-#include <asm/io.h>
+-#endif
+
+ /* Return 1 if we should continue, 0 if we should abort */
+ int user_ack(int def)
diff --git a/user/lm_sensors/sensord.confd b/user/lm_sensors/sensord.confd
new file mode 100644
index 000000000..d82841aeb
--- /dev/null
+++ b/user/lm_sensors/sensord.confd
@@ -0,0 +1,3 @@
+# Extra options to pass to the sensord daemon,
+# see sensord(8) for more information
+SENSORD_OPTIONS=""
diff --git a/user/lm_sensors/sensord.initd b/user/lm_sensors/sensord.initd
new file mode 100644
index 000000000..c100b1aa1
--- /dev/null
+++ b/user/lm_sensors/sensord.initd
@@ -0,0 +1,33 @@
+#!/sbin/openrc-run
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/sensord-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $
+
+CONFIG=/etc/sensors3.conf
+
+depend() {
+ need logger
+ use lm_sensors
+}
+
+checkconfig() {
+ if [ ! -f ${CONFIG} ]; then
+ eerror "Configuration file ${CONFIG} not found"
+ return 1
+ fi
+}
+
+start() {
+ checkconfig || return 1
+
+ ebegin "Starting sensord"
+ start-stop-daemon --start --exec /usr/sbin/sensord \
+ -- --config-file ${CONFIG} ${SENSORD_OPTIONS}
+ eend ${?}
+}
+
+stop() {
+ ebegin "Stopping sensord"
+ start-stop-daemon --stop --pidfile /var/run/sensord.pid
+ eend ${?}
+}
diff --git a/user/lm_sensors/sensors-detect-alpine.patch b/user/lm_sensors/sensors-detect-alpine.patch
new file mode 100644
index 000000000..319fcec06
--- /dev/null
+++ b/user/lm_sensors/sensors-detect-alpine.patch
@@ -0,0 +1,47 @@
+diff --git a/prog/detect/sensors-detect b/prog/detect/sensors-detect
+index 08721f0..6e83e97 100755
+--- a/prog/detect/sensors-detect
++++ b/prog/detect/sensors-detect
+@@ -7059,31 +7059,20 @@ sub write_config
+ }
+ }
+
+- my $have_sysconfig = -d '/etc/sysconfig';
+- printf "Do you want to \%s /etc/sysconfig/lm_sensors? (\%s): ",
+- (-e '/etc/sysconfig/lm_sensors' ? 'overwrite' : 'generate'),
+- ($have_sysconfig ? 'YES/no' : 'yes/NO');
++ my $config = '/etc/modules-load.d/lm_sensors.conf';
++ my $have_config = -f $config;
++ printf "Do you want to \%s \%s? (\%s): ",
++ (-e $config ? 'overwrite' : 'generate'),
++ $config,
++ ($have_config ? 'YES/no' : 'yes/NO');
+ $_ = read_answer();
+- if (($have_sysconfig and not m/^\s*n/i) or m/^\s*y/i) {
+- unless ($have_sysconfig) {
+- mkdir('/etc/sysconfig', 0777)
+- or die "Sorry, can't create /etc/sysconfig ($!)";
+- }
+- open(local *SYSCONFIG, ">/etc/sysconfig/lm_sensors")
+- or die "Sorry, can't create /etc/sysconfig/lm_sensors ($!)";
++ if (($have_config and not m/^\s*n/i) or m/^\s*y/i) {
++ open(local *SYSCONFIG, ">$config")
++ or die "Sorry, can't create $config ($!)";
+ print SYSCONFIG "# Generated by sensors-detect on " . scalar localtime() . "\n";
+- print SYSCONFIG <<'EOT';
+-# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
+-# be loaded/unloaded.
+-#
+-# The format of this file is a shell script that simply defines variables:
+-# HWMON_MODULES for hardware monitoring driver modules, and optionally
+-# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
+-
+-EOT
+- print SYSCONFIG "BUS_MODULES=\"", join(" ", @{$bus_modules}), "\"\n"
++ print SYSCONFIG join("\n", @{$bus_modules}), "\n"
+ if @{$bus_modules};
+- print SYSCONFIG "HWMON_MODULES=\"", join(" ", @{$hwmon_modules}), "\"\n";
++ print SYSCONFIG join("\n", @{$hwmon_modules}), "\n";
+ close(SYSCONFIG);
+
+ if (-x "/bin/systemctl" && -d "/lib/systemd/system" &&
diff --git a/user/lm_sensors/sensors.install b/user/lm_sensors/sensors.install
new file mode 100644
index 000000000..d593f8414
--- /dev/null
+++ b/user/lm_sensors/sensors.install
@@ -0,0 +1,12 @@
+post_install() {
+ echo ">>> to control the lm_sensors daemon type"
+ echo ">>> \"/etc/rc.d/sensors start|stop|restart\" "
+ echo ">>> --------------------------------------"
+ echo ">>> before you can use the fancontrol daemon"
+ echo ">>> first create a fancontrol config file, use \"pwmconfig\""
+ echo ">>> then type \"/etc/rc.d/fancontrol start|stop|restart\" "
+ echo ">>> --------------------------------------"
+ echo ">>> to decode memory SPD timings modprobe eeprom module"
+ echo ">>> and get this perl script from"
+ echo ">>> \"http://www.lm-sensors.org/browser/lm-sensors/trunk/prog/eeprom/decode-dimms.pl\""
+}
diff --git a/user/ltrace/APKBUILD b/user/ltrace/APKBUILD
new file mode 100644
index 000000000..bd07768bf
--- /dev/null
+++ b/user/ltrace/APKBUILD
@@ -0,0 +1,44 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ltrace
+pkgver=0.7.3
+pkgrel=2
+pkgdesc="Tracks runtime library calls in dynamically linked programs"
+url="http://ltrace.alioth.debian.org/"
+arch="all"
+options="!check" # Test suite has glibc stuff hardcoded.
+license="GPL-2.0+"
+makedepends="linux-headers libelf-dev autoconf automake"
+subpackages="$pkgname-doc"
+# you find latest release here, but need a login:
+# https://alioth.debian.org/frs/?group_id=30892
+source="https://dev.alpinelinux.org/archive/$pkgname/$pkgname-$pkgver.tar.bz2
+ musl.patch
+ aarch64.patch
+ add_ppc64le.patch"
+
+builddir="$srcdir/$pkgname-$pkgver"
+prepare() {
+ default_prepare
+ aclocal && autoconf && automake --add-missing --force
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --disable-werror
+ make
+}
+
+package() {
+ cd "$builddir"
+ make install INSTALL=install DESTDIR="$pkgdir"
+}
+
+sha512sums="a842b16dcb81da869afa0bddc755fdff0d57b35672505bf2c7164fd983b1938d28b126714128930994cc1230ced69d779456d0cfc16f4008c9b6d19f0852285d ltrace-0.7.3.tar.bz2
+c53e05471c52e161a7f7389994c6467e8f3671c5d8478546bc1897f067c62aeab848d728295f339a241a3fc186e180d47bcc2872a6335877c3813b1b62834698 musl.patch
+e6682f8c9e1e049286b6462bbab03cbdcf31c1770f649be997393cbd9b3b2ce8ada93766474e16bb604624ffe3e3d46d467bfbedecac2af31b904bb4e763d43a aarch64.patch
+987c6d18bdb559e8fe739f09cfb0b567dafcf79b2bd5db7ca32ebb205f3b1d74a8008576e4d73ea90873c1ab9bed17d96ddb7ad8752bf0a160ea0638c955eb1f add_ppc64le.patch"
diff --git a/user/ltrace/aarch-part2.patch b/user/ltrace/aarch-part2.patch
new file mode 100644
index 000000000..c40d0a797
--- /dev/null
+++ b/user/ltrace/aarch-part2.patch
@@ -0,0 +1,1982 @@
+From ae7249250ea650ec82bc545d4281b852020c7a6f Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Fri, 24 Jan 2014 00:50:06 +0100
+Subject: [PATCH 1/1] Implement aarch64 support
+
+- IFUNC support is not implemented, the rest works well. The only
+ other failure is in wide char functions, and that occurs on x86_64
+ as well.
+---
+ configure.ac | 3 +-
+ sysdeps/linux-gnu/Makefile.am | 4 +-
+ sysdeps/linux-gnu/aarch64/Makefile.am | 25 +
+ sysdeps/linux-gnu/aarch64/arch.h | 37 ++
+ sysdeps/linux-gnu/aarch64/fetch.c | 365 +++++++++++
+ sysdeps/linux-gnu/aarch64/plt.c | 38 ++
+ sysdeps/linux-gnu/aarch64/ptrace.h | 22 +
+ sysdeps/linux-gnu/aarch64/regs.c | 130 ++++
+ sysdeps/linux-gnu/aarch64/signalent.h | 52 ++
+ sysdeps/linux-gnu/aarch64/syscallent.h | 1100 ++++++++++++++++++++++++++++++++
+ sysdeps/linux-gnu/aarch64/trace.c | 83 +++
+ 11 files changed, 1857 insertions(+), 2 deletions(-)
+ create mode 100644 sysdeps/linux-gnu/aarch64/Makefile.am
+ create mode 100644 sysdeps/linux-gnu/aarch64/arch.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/fetch.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/plt.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/ptrace.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/regs.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/signalent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/syscallent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/trace.c
+
+diff --git a/configure.ac b/configure.ac
+index c6e6bf0..0e9a124 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1,6 +1,6 @@
+ # -*- Autoconf -*-
+ # This file is part of ltrace.
+-# Copyright (C) 2010,2013 Petr Machata, Red Hat Inc.
++# Copyright (C) 2010,2012,2013,2014 Petr Machata, Red Hat Inc.
+ # Copyright (C) 2010,2011 Joe Damato
+ # Copyright (C) 2010 Marc Kleine-Budde
+ # Copyright (C) 2010 Zachary T Welch
+@@ -399,6 +399,7 @@ AC_CONFIG_FILES([
+ Makefile
+ sysdeps/Makefile
+ sysdeps/linux-gnu/Makefile
++ sysdeps/linux-gnu/aarch64/Makefile
+ sysdeps/linux-gnu/alpha/Makefile
+ sysdeps/linux-gnu/arm/Makefile
+ sysdeps/linux-gnu/cris/Makefile
+diff --git a/sysdeps/linux-gnu/Makefile.am b/sysdeps/linux-gnu/Makefile.am
+index ecee577..ec26162 100644
+--- a/sysdeps/linux-gnu/Makefile.am
++++ b/sysdeps/linux-gnu/Makefile.am
+@@ -1,4 +1,5 @@
+ # This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
+ # Copyright (C) 2010,2012 Marc Kleine-Budde, Pengutronix
+ #
+ # This program is free software; you can redistribute it and/or
+@@ -16,7 +17,8 @@
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ # 02110-1301 USA
+
+-DIST_SUBDIRS = alpha arm cris ia64 m68k mips ppc s390 sparc x86
++DIST_SUBDIRS = aarch64 alpha arm cris ia64 m68k mips ppc s390 \
++ sparc x86
+
+ SUBDIRS = \
+ $(HOST_CPU)
+diff --git a/sysdeps/linux-gnu/aarch64/Makefile.am b/sysdeps/linux-gnu/aarch64/Makefile.am
+new file mode 100644
+index 0000000..0af4e6e
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/Makefile.am
+@@ -0,0 +1,25 @@
++# This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of the
++# License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++# 02110-1301 USA
++
++noinst_LTLIBRARIES = ../libcpu.la
++
++___libcpu_la_SOURCES = fetch.c plt.c regs.c trace.c
++
++noinst_HEADERS = arch.h ptrace.h signalent.h syscallent.h
++
++MAINTAINERCLEANFILES = Makefile.in
+diff --git a/sysdeps/linux-gnu/aarch64/arch.h b/sysdeps/linux-gnu/aarch64/arch.h
+new file mode 100644
+index 0000000..4137613
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/arch.h
+@@ -0,0 +1,37 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++#ifndef LTRACE_AARCH64_ARCH_H
++#define LTRACE_AARCH64_ARCH_H
++
++/* | 31 21 | 20 5 | 4 0 | *
++ * | 1 1 0 1 0 1 0 0 0 0 1 | imm16 | 0 0 0 0 0 | */
++#define BREAKPOINT_VALUE { 0xd4, 0x20, 0, 0 }
++#define BREAKPOINT_LENGTH 4
++#define DECR_PC_AFTER_BREAK 0
++
++#define LT_ELFCLASS ELFCLASS64
++#define LT_ELF_MACHINE EM_AARCH64
++
++#define ARCH_HAVE_FETCH_ARG
++#define ARCH_ENDIAN_BIG
++#define ARCH_HAVE_SIZEOF
++#define ARCH_HAVE_ALIGNOF
++
++#endif /* LTRACE_AARCH64_ARCH_H */
+diff --git a/sysdeps/linux-gnu/aarch64/fetch.c b/sysdeps/linux-gnu/aarch64/fetch.c
+new file mode 100644
+index 0000000..8779f03
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/fetch.c
+@@ -0,0 +1,365 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include "fetch.h"
++#include "proc.h"
++#include "type.h"
++#include "value.h"
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++int aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs);
++
++
++struct fetch_context
++{
++ struct user_pt_regs gregs;
++ struct user_fpsimd_state fpregs;
++ arch_addr_t nsaa;
++ unsigned ngrn;
++ unsigned nsrn;
++ arch_addr_t x8;
++};
++
++static int
++context_init(struct fetch_context *context, struct Process *proc)
++{
++ if (aarch64_read_gregs(proc, &context->gregs) < 0
++ || aarch64_read_fregs(proc, &context->fpregs) < 0)
++ return -1;
++
++ context->ngrn = 0;
++ context->nsrn = 0;
++ /* XXX double cast */
++ context->nsaa = (arch_addr_t) (uintptr_t) context->gregs.sp;
++ context->x8 = 0;
++
++ return 0;
++}
++
++struct fetch_context *
++arch_fetch_arg_clone(struct Process *proc, struct fetch_context *context)
++{
++ struct fetch_context *ret = malloc(sizeof(*ret));
++ if (ret == NULL)
++ return NULL;
++ return memcpy(ret, context, sizeof(*ret));
++}
++
++static void
++fetch_next_gpr(struct fetch_context *context, unsigned char *buf)
++{
++ uint64_t u = context->gregs.regs[context->ngrn++];
++ memcpy(buf, &u, 8);
++}
++
++static int
++fetch_gpr(struct fetch_context *context, struct value *value, size_t sz)
++{
++ if (sz < 8)
++ sz = 8;
++
++ unsigned char *buf = value_reserve(value, sz);
++ if (buf == NULL)
++ return -1;
++
++ size_t i;
++ for (i = 0; i < sz; i += 8)
++ fetch_next_gpr(context, buf + i);
++
++ return 0;
++}
++
++static void
++fetch_next_sse(struct fetch_context *context, unsigned char *buf, size_t sz)
++{
++ __int128 u = context->fpregs.vregs[context->nsrn++];
++ memcpy(buf, &u, sz);
++}
++
++static int
++fetch_sse(struct fetch_context *context, struct value *value, size_t sz)
++{
++ unsigned char *buf = value_reserve(value, sz);
++ if (buf == NULL)
++ return -1;
++
++ fetch_next_sse(context, buf, sz);
++ return 0;
++}
++
++static int
++fetch_hfa(struct fetch_context *context,
++ struct value *value, struct arg_type_info *hfa_t, size_t count)
++{
++ size_t sz = type_sizeof(value->inferior, hfa_t);
++ unsigned char *buf = value_reserve(value, sz * count);
++ if (buf == NULL)
++ return -1;
++
++ size_t i;
++ for (i = 0; i < count; ++i) {
++ fetch_next_sse(context, buf, sz);
++ buf += sz;
++ }
++ return 0;
++}
++
++static int
++fetch_stack(struct fetch_context *context, struct value *value,
++ size_t align, size_t sz)
++{
++ if (align < 8)
++ align = 8;
++ size_t amount = ((sz + align - 1) / align) * align;
++
++ /* XXX double casts */
++ uintptr_t sp = (uintptr_t) context->nsaa;
++ sp = ((sp + align - 1) / align) * align;
++
++ value_in_inferior(value, (arch_addr_t) sp);
++
++ sp += amount;
++ context->nsaa = (arch_addr_t) sp;
++
++ return 0;
++}
++
++enum convert_method {
++ CVT_ERR = -1,
++ CVT_NOP = 0,
++ CVT_BYREF,
++};
++
++enum fetch_method {
++ FETCH_NOP,
++ FETCH_STACK,
++ FETCH_GPR,
++ FETCH_SSE,
++ FETCH_HFA,
++};
++
++struct fetch_script {
++ enum convert_method c;
++ enum fetch_method f;
++ size_t sz;
++ struct arg_type_info *hfa_t;
++ size_t count;
++};
++
++static struct fetch_script
++pass_arg(struct fetch_context const *context,
++ struct Process *proc, struct arg_type_info *info)
++{
++ enum fetch_method cvt = CVT_NOP;
++
++ size_t sz = type_sizeof(proc, info);
++ if (sz == (size_t) -1)
++ return (struct fetch_script) { CVT_ERR, FETCH_NOP, sz };
++
++ switch (info->type) {
++ case ARGTYPE_VOID:
++ return (struct fetch_script) { cvt, FETCH_NOP, sz };
++
++ case ARGTYPE_STRUCT:
++ case ARGTYPE_ARRAY:;
++ size_t count;
++ struct arg_type_info *hfa_t = type_get_hfa_type(info, &count);
++ if (hfa_t != NULL && count <= 4) {
++ if (context->nsrn + count <= 8)
++ return (struct fetch_script)
++ { cvt, FETCH_HFA, sz, hfa_t, count };
++ return (struct fetch_script)
++ { cvt, FETCH_STACK, sz, hfa_t, count };
++ }
++
++ if (sz <= 16) {
++ size_t count = sz / 8;
++ if (context->ngrn + count <= 8)
++ return (struct fetch_script)
++ { cvt, FETCH_GPR, sz };
++ }
++
++ cvt = CVT_BYREF;
++ sz = 8;
++ /* Fall through. */
++
++ case ARGTYPE_POINTER:
++ case ARGTYPE_INT:
++ case ARGTYPE_UINT:
++ case ARGTYPE_LONG:
++ case ARGTYPE_ULONG:
++ case ARGTYPE_CHAR:
++ case ARGTYPE_SHORT:
++ case ARGTYPE_USHORT:
++ if (context->ngrn < 8 && sz <= 8)
++ return (struct fetch_script) { cvt, FETCH_GPR, sz };
++ /* We don't support types wider than 8 bytes as of
++ * now. */
++ assert(sz <= 8);
++
++ return (struct fetch_script) { cvt, FETCH_STACK, sz };
++
++ case ARGTYPE_FLOAT:
++ case ARGTYPE_DOUBLE:
++ if (context->nsrn < 8) {
++ /* ltrace doesn't support float128. */
++ assert(sz <= 8);
++ return (struct fetch_script) { cvt, FETCH_SSE, sz };
++ }
++
++ return (struct fetch_script) { cvt, FETCH_STACK, sz };
++ }
++
++ assert(! "Failed to allocate argument.");
++ abort();
++}
++
++static int
++convert_arg(struct value *value, struct fetch_script how)
++{
++ switch (how.c) {
++ case CVT_NOP:
++ return 0;
++ case CVT_BYREF:
++ return value_pass_by_reference(value);
++ case CVT_ERR:
++ return -1;
++ }
++
++ assert(! "Don't know how to convert argument.");
++ abort();
++}
++
++static int
++fetch_arg(struct fetch_context *context,
++ struct Process *proc, struct arg_type_info *info,
++ struct value *value, struct fetch_script how)
++{
++ if (convert_arg(value, how) < 0)
++ return -1;
++
++ switch (how.f) {
++ case FETCH_NOP:
++ return 0;
++
++ case FETCH_STACK:
++ if (how.hfa_t != NULL && how.count != 0 && how.count <= 8)
++ context->nsrn = 8;
++ return fetch_stack(context, value,
++ type_alignof(proc, info), how.sz);
++
++ case FETCH_GPR:
++ return fetch_gpr(context, value, how.sz);
++
++ case FETCH_SSE:
++ return fetch_sse(context, value, how.sz);
++
++ case FETCH_HFA:
++ return fetch_hfa(context, value, how.hfa_t, how.count);
++ }
++
++ assert(! "Don't know how to fetch argument.");
++ abort();
++}
++
++struct fetch_context *
++arch_fetch_arg_init(enum tof type, struct Process *proc,
++ struct arg_type_info *ret_info)
++{
++ struct fetch_context *context = malloc(sizeof *context);
++ if (context == NULL || context_init(context, proc) < 0) {
++ fail:
++ free(context);
++ return NULL;
++ }
++
++ /* There's a provision in ARMv8 parameter passing convention
++ * for returning types that, if passed as first argument to a
++ * function, would be passed on stack. For those types, x8
++ * contains an address where the return argument should be
++ * placed. The callee doesn't need to preserve the value of
++ * x8, so we need to fetch it now.
++ *
++ * To my knowledge, there are currently no types where this
++ * holds, but the code is here, utterly untested. */
++
++ struct fetch_script how = pass_arg(context, proc, ret_info);
++ if (how.c == CVT_ERR)
++ goto fail;
++ if (how.c == CVT_NOP && how.f == FETCH_STACK) {
++ /* XXX double cast. */
++ context->x8 = (arch_addr_t) (uintptr_t) context->gregs.regs[8];
++ /* See the comment above about the assert. */
++ assert(! "Unexpected: first argument passed on stack.");
++ abort();
++ }
++
++ return context;
++}
++
++int
++arch_fetch_arg_next(struct fetch_context *context, enum tof type,
++ struct Process *proc, struct arg_type_info *info,
++ struct value *value)
++{
++ return fetch_arg(context, proc, info, value,
++ pass_arg(context, proc, info));
++}
++
++int
++arch_fetch_retval(struct fetch_context *context, enum tof type,
++ struct Process *proc, struct arg_type_info *info,
++ struct value *value)
++{
++ if (context->x8 != 0) {
++ value_in_inferior(value, context->x8);
++ return 0;
++ }
++
++ if (context_init(context, proc) < 0)
++ return -1;
++
++ return fetch_arg(context, proc, info, value,
++ pass_arg(context, proc, info));
++}
++
++void
++arch_fetch_arg_done(struct fetch_context *context)
++{
++ if (context != NULL)
++ free(context);
++}
++
++size_t
++arch_type_sizeof(struct Process *proc, struct arg_type_info *arg)
++{
++ return (size_t) -2;
++}
++
++size_t
++arch_type_alignof(struct Process *proc, struct arg_type_info *arg)
++{
++ return (size_t) -2;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/plt.c b/sysdeps/linux-gnu/aarch64/plt.c
+new file mode 100644
+index 0000000..29dc4c9
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/plt.c
+@@ -0,0 +1,38 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <gelf.h>
++
++#include "backend.h"
++#include "proc.h"
++#include "library.h"
++#include "ltrace-elf.h"
++
++arch_addr_t
++sym2addr(struct Process *proc, struct library_symbol *sym)
++{
++ return sym->enter_addr;
++}
++
++GElf_Addr
++arch_plt_sym_val(struct ltelf *lte, size_t ndx, GElf_Rela *rela)
++{
++ return lte->plt_addr + 32 + ndx * 16;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/ptrace.h b/sysdeps/linux-gnu/aarch64/ptrace.h
+new file mode 100644
+index 0000000..283c314
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/ptrace.h
+@@ -0,0 +1,22 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
+diff --git a/sysdeps/linux-gnu/aarch64/regs.c b/sysdeps/linux-gnu/aarch64/regs.c
+new file mode 100644
+index 0000000..06eb72b
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/regs.c
+@@ -0,0 +1,131 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <linux/uio.h>
++#include <assert.h>
++#include <stdlib.h>
++#include <stdio.h>
++
++#include "backend.h"
++#include "proc.h"
++
++#define PC_OFF (32 * 4)
++
++int
++aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++ *regs = (struct user_pt_regs) {};
++ struct iovec iovec;
++ iovec.iov_base = regs;
++ iovec.iov_len = sizeof *regs;
++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++ ? -1 : 0;
++}
++
++int
++aarch64_write_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++ struct iovec iovec;
++ iovec.iov_base = regs;
++ iovec.iov_len = sizeof *regs;
++ return ptrace(PTRACE_SETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++ ? -1 : 0;
++}
++
++int
++aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs)
++{
++ *regs = (struct user_fpsimd_state) {};
++ struct iovec iovec;
++ iovec.iov_base = regs;
++ iovec.iov_len = sizeof *regs;
++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_FPREGSET, &iovec) < 0
++ ? -1 : 0;
++}
++
++arch_addr_t
++get_instruction_pointer(struct Process *proc)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_instruction_pointer: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return 0;
++ }
++
++ /*
++ char buf[128];
++ sprintf(buf, "cat /proc/%d/maps", proc->pid);
++ system(buf);
++ */
++
++ /* XXX double cast */
++ return (arch_addr_t) (uintptr_t) regs.pc;
++}
++
++void
++set_instruction_pointer(struct Process *proc, arch_addr_t addr)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_instruction_pointer: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return;
++ }
++
++ /* XXX double cast */
++ regs.pc = (uint64_t) (uintptr_t) addr;
++
++ if (aarch64_write_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_instruction_pointer: "
++ "Couldn't write registers of %d.\n", proc->pid);
++ return;
++ }
++}
++
++arch_addr_t
++get_stack_pointer(struct Process *proc)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_stack_pointer: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return 0;
++ }
++
++ /* XXX double cast */
++ return (arch_addr_t) (uintptr_t) regs.sp;
++}
++
++arch_addr_t
++get_return_addr(struct Process *proc, arch_addr_t stack_pointer)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_return_addr: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return 0;
++ }
++
++ /* XXX double cast */
++ return (arch_addr_t) (uintptr_t) regs.regs[30];
++}
+diff --git a/sysdeps/linux-gnu/aarch64/signalent.h b/sysdeps/linux-gnu/aarch64/signalent.h
+new file mode 100644
+index 0000000..bf56ebc
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/signalent.h
+@@ -0,0 +1,52 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2006 Ian Wienand
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++ "SIG_0", /* 0 */
++ "SIGHUP", /* 1 */
++ "SIGINT", /* 2 */
++ "SIGQUIT", /* 3 */
++ "SIGILL", /* 4 */
++ "SIGTRAP", /* 5 */
++ "SIGABRT", /* 6 */
++ "SIGBUS", /* 7 */
++ "SIGFPE", /* 8 */
++ "SIGKILL", /* 9 */
++ "SIGUSR1", /* 10 */
++ "SIGSEGV", /* 11 */
++ "SIGUSR2", /* 12 */
++ "SIGPIPE", /* 13 */
++ "SIGALRM", /* 14 */
++ "SIGTERM", /* 15 */
++ "SIGSTKFLT", /* 16 */
++ "SIGCHLD", /* 17 */
++ "SIGCONT", /* 18 */
++ "SIGSTOP", /* 19 */
++ "SIGTSTP", /* 20 */
++ "SIGTTIN", /* 21 */
++ "SIGTTOU", /* 22 */
++ "SIGURG", /* 23 */
++ "SIGXCPU", /* 24 */
++ "SIGXFSZ", /* 25 */
++ "SIGVTALRM", /* 26 */
++ "SIGPROF", /* 27 */
++ "SIGWINCH", /* 28 */
++ "SIGIO", /* 29 */
++ "SIGPWR", /* 30 */
++ "SIGSYS", /* 31 */
+diff --git a/sysdeps/linux-gnu/aarch64/syscallent.h b/sysdeps/linux-gnu/aarch64/syscallent.h
+new file mode 100644
+index 0000000..aca8191
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/syscallent.h
+@@ -0,0 +1,1100 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++ "io_setup", /* 0 */
++ "io_destroy", /* 1 */
++ "io_submit", /* 2 */
++ "io_cancel", /* 3 */
++ "io_getevents", /* 4 */
++ "setxattr", /* 5 */
++ "lsetxattr", /* 6 */
++ "fsetxattr", /* 7 */
++ "getxattr", /* 8 */
++ "lgetxattr", /* 9 */
++ "fgetxattr", /* 10 */
++ "listxattr", /* 11 */
++ "llistxattr", /* 12 */
++ "flistxattr", /* 13 */
++ "removexattr", /* 14 */
++ "lremovexattr", /* 15 */
++ "fremovexattr", /* 16 */
++ "getcwd", /* 17 */
++ "lookup_dcookie", /* 18 */
++ "eventfd2", /* 19 */
++ "epoll_create1", /* 20 */
++ "epoll_ctl", /* 21 */
++ "epoll_pwait", /* 22 */
++ "dup", /* 23 */
++ "dup3", /* 24 */
++ "fcntl", /* 25 */
++ "inotify_init1", /* 26 */
++ "inotify_add_watch", /* 27 */
++ "inotify_rm_watch", /* 28 */
++ "ioctl", /* 29 */
++ "ioprio_set", /* 30 */
++ "ioprio_get", /* 31 */
++ "flock", /* 32 */
++ "mknodat", /* 33 */
++ "mkdirat", /* 34 */
++ "unlinkat", /* 35 */
++ "symlinkat", /* 36 */
++ "linkat", /* 37 */
++ "renameat", /* 38 */
++ "umount2", /* 39 */
++ "mount", /* 40 */
++ "pivot_root", /* 41 */
++ "nfsservctl", /* 42 */
++ "statfs", /* 43 */
++ "fstatfs", /* 44 */
++ "truncate", /* 45 */
++ "ftruncate", /* 46 */
++ "fallocate", /* 47 */
++ "faccessat", /* 48 */
++ "chdir", /* 49 */
++ "fchdir", /* 50 */
++ "chroot", /* 51 */
++ "fchmod", /* 52 */
++ "fchmodat", /* 53 */
++ "fchownat", /* 54 */
++ "fchown", /* 55 */
++ "openat", /* 56 */
++ "close", /* 57 */
++ "vhangup", /* 58 */
++ "pipe2", /* 59 */
++ "quotactl", /* 60 */
++ "getdents64", /* 61 */
++ "lseek", /* 62 */
++ "read", /* 63 */
++ "write", /* 64 */
++ "readv", /* 65 */
++ "writev", /* 66 */
++ "pread64", /* 67 */
++ "pwrite64", /* 68 */
++ "preadv", /* 69 */
++ "pwritev", /* 70 */
++ "sendfile", /* 71 */
++ "pselect6", /* 72 */
++ "ppoll", /* 73 */
++ "signalfd4", /* 74 */
++ "vmsplice", /* 75 */
++ "splice", /* 76 */
++ "tee", /* 77 */
++ "readlinkat", /* 78 */
++ "fstatat", /* 79 */
++ "fstat", /* 80 */
++ "sync", /* 81 */
++ "fsync", /* 82 */
++ "fdatasync", /* 83 */
++ "sync_file_range", /* 84 */
++ "timerfd_create", /* 85 */
++ "timerfd_settime", /* 86 */
++ "timerfd_gettime", /* 87 */
++ "utimensat", /* 88 */
++ "acct", /* 89 */
++ "capget", /* 90 */
++ "capset", /* 91 */
++ "personality", /* 92 */
++ "exit", /* 93 */
++ "exit_group", /* 94 */
++ "waitid", /* 95 */
++ "set_tid_address", /* 96 */
++ "unshare", /* 97 */
++ "futex", /* 98 */
++ "set_robust_list", /* 99 */
++ "get_robust_list", /* 100 */
++ "nanosleep", /* 101 */
++ "getitimer", /* 102 */
++ "setitimer", /* 103 */
++ "kexec_load", /* 104 */
++ "init_module", /* 105 */
++ "delete_module", /* 106 */
++ "timer_create", /* 107 */
++ "timer_gettime", /* 108 */
++ "timer_getoverrun", /* 109 */
++ "timer_settime", /* 110 */
++ "timer_delete", /* 111 */
++ "clock_settime", /* 112 */
++ "clock_gettime", /* 113 */
++ "clock_getres", /* 114 */
++ "clock_nanosleep", /* 115 */
++ "syslog", /* 116 */
++ "ptrace", /* 117 */
++ "sched_setparam", /* 118 */
++ "sched_setscheduler", /* 119 */
++ "sched_getscheduler", /* 120 */
++ "sched_getparam", /* 121 */
++ "sched_setaffinity", /* 122 */
++ "sched_getaffinity", /* 123 */
++ "sched_yield", /* 124 */
++ "sched_get_priority_max", /* 125 */
++ "sched_get_priority_min", /* 126 */
++ "sched_rr_get_interval", /* 127 */
++ "restart_syscall", /* 128 */
++ "kill", /* 129 */
++ "tkill", /* 130 */
++ "tgkill", /* 131 */
++ "sigaltstack", /* 132 */
++ "rt_sigsuspend", /* 133 */
++ "rt_sigaction", /* 134 */
++ "rt_sigprocmask", /* 135 */
++ "rt_sigpending", /* 136 */
++ "rt_sigtimedwait", /* 137 */
++ "rt_sigqueueinfo", /* 138 */
++ "rt_sigreturn", /* 139 */
++ "setpriority", /* 140 */
++ "getpriority", /* 141 */
++ "reboot", /* 142 */
++ "setregid", /* 143 */
++ "setgid", /* 144 */
++ "setreuid", /* 145 */
++ "setuid", /* 146 */
++ "setresuid", /* 147 */
++ "getresuid", /* 148 */
++ "setresgid", /* 149 */
++ "getresgid", /* 150 */
++ "setfsuid", /* 151 */
++ "setfsgid", /* 152 */
++ "times", /* 153 */
++ "setpgid", /* 154 */
++ "getpgid", /* 155 */
++ "getsid", /* 156 */
++ "setsid", /* 157 */
++ "getgroups", /* 158 */
++ "setgroups", /* 159 */
++ "uname", /* 160 */
++ "sethostname", /* 161 */
++ "setdomainname", /* 162 */
++ "getrlimit", /* 163 */
++ "setrlimit", /* 164 */
++ "getrusage", /* 165 */
++ "umask", /* 166 */
++ "prctl", /* 167 */
++ "getcpu", /* 168 */
++ "gettimeofday", /* 169 */
++ "settimeofday", /* 170 */
++ "adjtimex", /* 171 */
++ "getpid", /* 172 */
++ "getppid", /* 173 */
++ "getuid", /* 174 */
++ "geteuid", /* 175 */
++ "getgid", /* 176 */
++ "getegid", /* 177 */
++ "gettid", /* 178 */
++ "sysinfo", /* 179 */
++ "mq_open", /* 180 */
++ "mq_unlink", /* 181 */
++ "mq_timedsend", /* 182 */
++ "mq_timedreceive", /* 183 */
++ "mq_notify", /* 184 */
++ "mq_getsetattr", /* 185 */
++ "msgget", /* 186 */
++ "msgctl", /* 187 */
++ "msgrcv", /* 188 */
++ "msgsnd", /* 189 */
++ "semget", /* 190 */
++ "semctl", /* 191 */
++ "semtimedop", /* 192 */
++ "semop", /* 193 */
++ "shmget", /* 194 */
++ "shmctl", /* 195 */
++ "shmat", /* 196 */
++ "shmdt", /* 197 */
++ "socket", /* 198 */
++ "socketpair", /* 199 */
++ "bind", /* 200 */
++ "listen", /* 201 */
++ "accept", /* 202 */
++ "connect", /* 203 */
++ "getsockname", /* 204 */
++ "getpeername", /* 205 */
++ "sendto", /* 206 */
++ "recvfrom", /* 207 */
++ "setsockopt", /* 208 */
++ "getsockopt", /* 209 */
++ "shutdown", /* 210 */
++ "sendmsg", /* 211 */
++ "recvmsg", /* 212 */
++ "readahead", /* 213 */
++ "brk", /* 214 */
++ "munmap", /* 215 */
++ "mremap", /* 216 */
++ "add_key", /* 217 */
++ "request_key", /* 218 */
++ "keyctl", /* 219 */
++ "clone", /* 220 */
++ "execve", /* 221 */
++ "mmap", /* 222 */
++ "fadvise64", /* 223 */
++ "swapon", /* 224 */
++ "swapoff", /* 225 */
++ "mprotect", /* 226 */
++ "msync", /* 227 */
++ "mlock", /* 228 */
++ "munlock", /* 229 */
++ "mlockall", /* 230 */
++ "munlockall", /* 231 */
++ "mincore", /* 232 */
++ "madvise", /* 233 */
++ "remap_file_pages", /* 234 */
++ "mbind", /* 235 */
++ "get_mempolicy", /* 236 */
++ "set_mempolicy", /* 237 */
++ "migrate_pages", /* 238 */
++ "move_pages", /* 239 */
++ "rt_tgsigqueueinfo", /* 240 */
++ "perf_event_open", /* 241 */
++ "accept4", /* 242 */
++ "recvmmsg", /* 243 */
++ "arch_specific_syscall", /* 244 */
++ "245", /* 245 */
++ "246", /* 246 */
++ "247", /* 247 */
++ "248", /* 248 */
++ "249", /* 249 */
++ "250", /* 250 */
++ "251", /* 251 */
++ "252", /* 252 */
++ "253", /* 253 */
++ "254", /* 254 */
++ "255", /* 255 */
++ "256", /* 256 */
++ "257", /* 257 */
++ "258", /* 258 */
++ "259", /* 259 */
++ "wait4", /* 260 */
++ "prlimit64", /* 261 */
++ "fanotify_init", /* 262 */
++ "fanotify_mark", /* 263 */
++ "name_to_handle_at", /* 264 */
++ "open_by_handle_at", /* 265 */
++ "clock_adjtime", /* 266 */
++ "syncfs", /* 267 */
++ "setns", /* 268 */
++ "sendmmsg", /* 269 */
++ "process_vm_readv", /* 270 */
++ "process_vm_writev", /* 271 */
++ "kcmp", /* 272 */
++ "finit_module", /* 273 */
++ "syscalls", /* 274 */
++ "275", /* 275 */
++ "276", /* 276 */
++ "277", /* 277 */
++ "278", /* 278 */
++ "279", /* 279 */
++ "280", /* 280 */
++ "281", /* 281 */
++ "282", /* 282 */
++ "283", /* 283 */
++ "284", /* 284 */
++ "285", /* 285 */
++ "286", /* 286 */
++ "287", /* 287 */
++ "288", /* 288 */
++ "289", /* 289 */
++ "290", /* 290 */
++ "291", /* 291 */
++ "292", /* 292 */
++ "293", /* 293 */
++ "294", /* 294 */
++ "295", /* 295 */
++ "296", /* 296 */
++ "297", /* 297 */
++ "298", /* 298 */
++ "299", /* 299 */
++ "300", /* 300 */
++ "301", /* 301 */
++ "302", /* 302 */
++ "303", /* 303 */
++ "304", /* 304 */
++ "305", /* 305 */
++ "306", /* 306 */
++ "307", /* 307 */
++ "308", /* 308 */
++ "309", /* 309 */
++ "310", /* 310 */
++ "311", /* 311 */
++ "312", /* 312 */
++ "313", /* 313 */
++ "314", /* 314 */
++ "315", /* 315 */
++ "316", /* 316 */
++ "317", /* 317 */
++ "318", /* 318 */
++ "319", /* 319 */
++ "320", /* 320 */
++ "321", /* 321 */
++ "322", /* 322 */
++ "323", /* 323 */
++ "324", /* 324 */
++ "325", /* 325 */
++ "326", /* 326 */
++ "327", /* 327 */
++ "328", /* 328 */
++ "329", /* 329 */
++ "330", /* 330 */
++ "331", /* 331 */
++ "332", /* 332 */
++ "333", /* 333 */
++ "334", /* 334 */
++ "335", /* 335 */
++ "336", /* 336 */
++ "337", /* 337 */
++ "338", /* 338 */
++ "339", /* 339 */
++ "340", /* 340 */
++ "341", /* 341 */
++ "342", /* 342 */
++ "343", /* 343 */
++ "344", /* 344 */
++ "345", /* 345 */
++ "346", /* 346 */
++ "347", /* 347 */
++ "348", /* 348 */
++ "349", /* 349 */
++ "350", /* 350 */
++ "351", /* 351 */
++ "352", /* 352 */
++ "353", /* 353 */
++ "354", /* 354 */
++ "355", /* 355 */
++ "356", /* 356 */
++ "357", /* 357 */
++ "358", /* 358 */
++ "359", /* 359 */
++ "360", /* 360 */
++ "361", /* 361 */
++ "362", /* 362 */
++ "363", /* 363 */
++ "364", /* 364 */
++ "365", /* 365 */
++ "366", /* 366 */
++ "367", /* 367 */
++ "368", /* 368 */
++ "369", /* 369 */
++ "370", /* 370 */
++ "371", /* 371 */
++ "372", /* 372 */
++ "373", /* 373 */
++ "374", /* 374 */
++ "375", /* 375 */
++ "376", /* 376 */
++ "377", /* 377 */
++ "378", /* 378 */
++ "379", /* 379 */
++ "380", /* 380 */
++ "381", /* 381 */
++ "382", /* 382 */
++ "383", /* 383 */
++ "384", /* 384 */
++ "385", /* 385 */
++ "386", /* 386 */
++ "387", /* 387 */
++ "388", /* 388 */
++ "389", /* 389 */
++ "390", /* 390 */
++ "391", /* 391 */
++ "392", /* 392 */
++ "393", /* 393 */
++ "394", /* 394 */
++ "395", /* 395 */
++ "396", /* 396 */
++ "397", /* 397 */
++ "398", /* 398 */
++ "399", /* 399 */
++ "400", /* 400 */
++ "401", /* 401 */
++ "402", /* 402 */
++ "403", /* 403 */
++ "404", /* 404 */
++ "405", /* 405 */
++ "406", /* 406 */
++ "407", /* 407 */
++ "408", /* 408 */
++ "409", /* 409 */
++ "410", /* 410 */
++ "411", /* 411 */
++ "412", /* 412 */
++ "413", /* 413 */
++ "414", /* 414 */
++ "415", /* 415 */
++ "416", /* 416 */
++ "417", /* 417 */
++ "418", /* 418 */
++ "419", /* 419 */
++ "420", /* 420 */
++ "421", /* 421 */
++ "422", /* 422 */
++ "423", /* 423 */
++ "424", /* 424 */
++ "425", /* 425 */
++ "426", /* 426 */
++ "427", /* 427 */
++ "428", /* 428 */
++ "429", /* 429 */
++ "430", /* 430 */
++ "431", /* 431 */
++ "432", /* 432 */
++ "433", /* 433 */
++ "434", /* 434 */
++ "435", /* 435 */
++ "436", /* 436 */
++ "437", /* 437 */
++ "438", /* 438 */
++ "439", /* 439 */
++ "440", /* 440 */
++ "441", /* 441 */
++ "442", /* 442 */
++ "443", /* 443 */
++ "444", /* 444 */
++ "445", /* 445 */
++ "446", /* 446 */
++ "447", /* 447 */
++ "448", /* 448 */
++ "449", /* 449 */
++ "450", /* 450 */
++ "451", /* 451 */
++ "452", /* 452 */
++ "453", /* 453 */
++ "454", /* 454 */
++ "455", /* 455 */
++ "456", /* 456 */
++ "457", /* 457 */
++ "458", /* 458 */
++ "459", /* 459 */
++ "460", /* 460 */
++ "461", /* 461 */
++ "462", /* 462 */
++ "463", /* 463 */
++ "464", /* 464 */
++ "465", /* 465 */
++ "466", /* 466 */
++ "467", /* 467 */
++ "468", /* 468 */
++ "469", /* 469 */
++ "470", /* 470 */
++ "471", /* 471 */
++ "472", /* 472 */
++ "473", /* 473 */
++ "474", /* 474 */
++ "475", /* 475 */
++ "476", /* 476 */
++ "477", /* 477 */
++ "478", /* 478 */
++ "479", /* 479 */
++ "480", /* 480 */
++ "481", /* 481 */
++ "482", /* 482 */
++ "483", /* 483 */
++ "484", /* 484 */
++ "485", /* 485 */
++ "486", /* 486 */
++ "487", /* 487 */
++ "488", /* 488 */
++ "489", /* 489 */
++ "490", /* 490 */
++ "491", /* 491 */
++ "492", /* 492 */
++ "493", /* 493 */
++ "494", /* 494 */
++ "495", /* 495 */
++ "496", /* 496 */
++ "497", /* 497 */
++ "498", /* 498 */
++ "499", /* 499 */
++ "500", /* 500 */
++ "501", /* 501 */
++ "502", /* 502 */
++ "503", /* 503 */
++ "504", /* 504 */
++ "505", /* 505 */
++ "506", /* 506 */
++ "507", /* 507 */
++ "508", /* 508 */
++ "509", /* 509 */
++ "510", /* 510 */
++ "511", /* 511 */
++ "512", /* 512 */
++ "513", /* 513 */
++ "514", /* 514 */
++ "515", /* 515 */
++ "516", /* 516 */
++ "517", /* 517 */
++ "518", /* 518 */
++ "519", /* 519 */
++ "520", /* 520 */
++ "521", /* 521 */
++ "522", /* 522 */
++ "523", /* 523 */
++ "524", /* 524 */
++ "525", /* 525 */
++ "526", /* 526 */
++ "527", /* 527 */
++ "528", /* 528 */
++ "529", /* 529 */
++ "530", /* 530 */
++ "531", /* 531 */
++ "532", /* 532 */
++ "533", /* 533 */
++ "534", /* 534 */
++ "535", /* 535 */
++ "536", /* 536 */
++ "537", /* 537 */
++ "538", /* 538 */
++ "539", /* 539 */
++ "540", /* 540 */
++ "541", /* 541 */
++ "542", /* 542 */
++ "543", /* 543 */
++ "544", /* 544 */
++ "545", /* 545 */
++ "546", /* 546 */
++ "547", /* 547 */
++ "548", /* 548 */
++ "549", /* 549 */
++ "550", /* 550 */
++ "551", /* 551 */
++ "552", /* 552 */
++ "553", /* 553 */
++ "554", /* 554 */
++ "555", /* 555 */
++ "556", /* 556 */
++ "557", /* 557 */
++ "558", /* 558 */
++ "559", /* 559 */
++ "560", /* 560 */
++ "561", /* 561 */
++ "562", /* 562 */
++ "563", /* 563 */
++ "564", /* 564 */
++ "565", /* 565 */
++ "566", /* 566 */
++ "567", /* 567 */
++ "568", /* 568 */
++ "569", /* 569 */
++ "570", /* 570 */
++ "571", /* 571 */
++ "572", /* 572 */
++ "573", /* 573 */
++ "574", /* 574 */
++ "575", /* 575 */
++ "576", /* 576 */
++ "577", /* 577 */
++ "578", /* 578 */
++ "579", /* 579 */
++ "580", /* 580 */
++ "581", /* 581 */
++ "582", /* 582 */
++ "583", /* 583 */
++ "584", /* 584 */
++ "585", /* 585 */
++ "586", /* 586 */
++ "587", /* 587 */
++ "588", /* 588 */
++ "589", /* 589 */
++ "590", /* 590 */
++ "591", /* 591 */
++ "592", /* 592 */
++ "593", /* 593 */
++ "594", /* 594 */
++ "595", /* 595 */
++ "596", /* 596 */
++ "597", /* 597 */
++ "598", /* 598 */
++ "599", /* 599 */
++ "600", /* 600 */
++ "601", /* 601 */
++ "602", /* 602 */
++ "603", /* 603 */
++ "604", /* 604 */
++ "605", /* 605 */
++ "606", /* 606 */
++ "607", /* 607 */
++ "608", /* 608 */
++ "609", /* 609 */
++ "610", /* 610 */
++ "611", /* 611 */
++ "612", /* 612 */
++ "613", /* 613 */
++ "614", /* 614 */
++ "615", /* 615 */
++ "616", /* 616 */
++ "617", /* 617 */
++ "618", /* 618 */
++ "619", /* 619 */
++ "620", /* 620 */
++ "621", /* 621 */
++ "622", /* 622 */
++ "623", /* 623 */
++ "624", /* 624 */
++ "625", /* 625 */
++ "626", /* 626 */
++ "627", /* 627 */
++ "628", /* 628 */
++ "629", /* 629 */
++ "630", /* 630 */
++ "631", /* 631 */
++ "632", /* 632 */
++ "633", /* 633 */
++ "634", /* 634 */
++ "635", /* 635 */
++ "636", /* 636 */
++ "637", /* 637 */
++ "638", /* 638 */
++ "639", /* 639 */
++ "640", /* 640 */
++ "641", /* 641 */
++ "642", /* 642 */
++ "643", /* 643 */
++ "644", /* 644 */
++ "645", /* 645 */
++ "646", /* 646 */
++ "647", /* 647 */
++ "648", /* 648 */
++ "649", /* 649 */
++ "650", /* 650 */
++ "651", /* 651 */
++ "652", /* 652 */
++ "653", /* 653 */
++ "654", /* 654 */
++ "655", /* 655 */
++ "656", /* 656 */
++ "657", /* 657 */
++ "658", /* 658 */
++ "659", /* 659 */
++ "660", /* 660 */
++ "661", /* 661 */
++ "662", /* 662 */
++ "663", /* 663 */
++ "664", /* 664 */
++ "665", /* 665 */
++ "666", /* 666 */
++ "667", /* 667 */
++ "668", /* 668 */
++ "669", /* 669 */
++ "670", /* 670 */
++ "671", /* 671 */
++ "672", /* 672 */
++ "673", /* 673 */
++ "674", /* 674 */
++ "675", /* 675 */
++ "676", /* 676 */
++ "677", /* 677 */
++ "678", /* 678 */
++ "679", /* 679 */
++ "680", /* 680 */
++ "681", /* 681 */
++ "682", /* 682 */
++ "683", /* 683 */
++ "684", /* 684 */
++ "685", /* 685 */
++ "686", /* 686 */
++ "687", /* 687 */
++ "688", /* 688 */
++ "689", /* 689 */
++ "690", /* 690 */
++ "691", /* 691 */
++ "692", /* 692 */
++ "693", /* 693 */
++ "694", /* 694 */
++ "695", /* 695 */
++ "696", /* 696 */
++ "697", /* 697 */
++ "698", /* 698 */
++ "699", /* 699 */
++ "700", /* 700 */
++ "701", /* 701 */
++ "702", /* 702 */
++ "703", /* 703 */
++ "704", /* 704 */
++ "705", /* 705 */
++ "706", /* 706 */
++ "707", /* 707 */
++ "708", /* 708 */
++ "709", /* 709 */
++ "710", /* 710 */
++ "711", /* 711 */
++ "712", /* 712 */
++ "713", /* 713 */
++ "714", /* 714 */
++ "715", /* 715 */
++ "716", /* 716 */
++ "717", /* 717 */
++ "718", /* 718 */
++ "719", /* 719 */
++ "720", /* 720 */
++ "721", /* 721 */
++ "722", /* 722 */
++ "723", /* 723 */
++ "724", /* 724 */
++ "725", /* 725 */
++ "726", /* 726 */
++ "727", /* 727 */
++ "728", /* 728 */
++ "729", /* 729 */
++ "730", /* 730 */
++ "731", /* 731 */
++ "732", /* 732 */
++ "733", /* 733 */
++ "734", /* 734 */
++ "735", /* 735 */
++ "736", /* 736 */
++ "737", /* 737 */
++ "738", /* 738 */
++ "739", /* 739 */
++ "740", /* 740 */
++ "741", /* 741 */
++ "742", /* 742 */
++ "743", /* 743 */
++ "744", /* 744 */
++ "745", /* 745 */
++ "746", /* 746 */
++ "747", /* 747 */
++ "748", /* 748 */
++ "749", /* 749 */
++ "750", /* 750 */
++ "751", /* 751 */
++ "752", /* 752 */
++ "753", /* 753 */
++ "754", /* 754 */
++ "755", /* 755 */
++ "756", /* 756 */
++ "757", /* 757 */
++ "758", /* 758 */
++ "759", /* 759 */
++ "760", /* 760 */
++ "761", /* 761 */
++ "762", /* 762 */
++ "763", /* 763 */
++ "764", /* 764 */
++ "765", /* 765 */
++ "766", /* 766 */
++ "767", /* 767 */
++ "768", /* 768 */
++ "769", /* 769 */
++ "770", /* 770 */
++ "771", /* 771 */
++ "772", /* 772 */
++ "773", /* 773 */
++ "774", /* 774 */
++ "775", /* 775 */
++ "776", /* 776 */
++ "777", /* 777 */
++ "778", /* 778 */
++ "779", /* 779 */
++ "780", /* 780 */
++ "781", /* 781 */
++ "782", /* 782 */
++ "783", /* 783 */
++ "784", /* 784 */
++ "785", /* 785 */
++ "786", /* 786 */
++ "787", /* 787 */
++ "788", /* 788 */
++ "789", /* 789 */
++ "790", /* 790 */
++ "791", /* 791 */
++ "792", /* 792 */
++ "793", /* 793 */
++ "794", /* 794 */
++ "795", /* 795 */
++ "796", /* 796 */
++ "797", /* 797 */
++ "798", /* 798 */
++ "799", /* 799 */
++ "800", /* 800 */
++ "801", /* 801 */
++ "802", /* 802 */
++ "803", /* 803 */
++ "804", /* 804 */
++ "805", /* 805 */
++ "806", /* 806 */
++ "807", /* 807 */
++ "808", /* 808 */
++ "809", /* 809 */
++ "810", /* 810 */
++ "811", /* 811 */
++ "812", /* 812 */
++ "813", /* 813 */
++ "814", /* 814 */
++ "815", /* 815 */
++ "816", /* 816 */
++ "817", /* 817 */
++ "818", /* 818 */
++ "819", /* 819 */
++ "820", /* 820 */
++ "821", /* 821 */
++ "822", /* 822 */
++ "823", /* 823 */
++ "824", /* 824 */
++ "825", /* 825 */
++ "826", /* 826 */
++ "827", /* 827 */
++ "828", /* 828 */
++ "829", /* 829 */
++ "830", /* 830 */
++ "831", /* 831 */
++ "832", /* 832 */
++ "833", /* 833 */
++ "834", /* 834 */
++ "835", /* 835 */
++ "836", /* 836 */
++ "837", /* 837 */
++ "838", /* 838 */
++ "839", /* 839 */
++ "840", /* 840 */
++ "841", /* 841 */
++ "842", /* 842 */
++ "843", /* 843 */
++ "844", /* 844 */
++ "845", /* 845 */
++ "846", /* 846 */
++ "847", /* 847 */
++ "848", /* 848 */
++ "849", /* 849 */
++ "850", /* 850 */
++ "851", /* 851 */
++ "852", /* 852 */
++ "853", /* 853 */
++ "854", /* 854 */
++ "855", /* 855 */
++ "856", /* 856 */
++ "857", /* 857 */
++ "858", /* 858 */
++ "859", /* 859 */
++ "860", /* 860 */
++ "861", /* 861 */
++ "862", /* 862 */
++ "863", /* 863 */
++ "864", /* 864 */
++ "865", /* 865 */
++ "866", /* 866 */
++ "867", /* 867 */
++ "868", /* 868 */
++ "869", /* 869 */
++ "870", /* 870 */
++ "871", /* 871 */
++ "872", /* 872 */
++ "873", /* 873 */
++ "874", /* 874 */
++ "875", /* 875 */
++ "876", /* 876 */
++ "877", /* 877 */
++ "878", /* 878 */
++ "879", /* 879 */
++ "880", /* 880 */
++ "881", /* 881 */
++ "882", /* 882 */
++ "883", /* 883 */
++ "884", /* 884 */
++ "885", /* 885 */
++ "886", /* 886 */
++ "887", /* 887 */
++ "888", /* 888 */
++ "889", /* 889 */
++ "890", /* 890 */
++ "891", /* 891 */
++ "892", /* 892 */
++ "893", /* 893 */
++ "894", /* 894 */
++ "895", /* 895 */
++ "896", /* 896 */
++ "897", /* 897 */
++ "898", /* 898 */
++ "899", /* 899 */
++ "900", /* 900 */
++ "901", /* 901 */
++ "902", /* 902 */
++ "903", /* 903 */
++ "904", /* 904 */
++ "905", /* 905 */
++ "906", /* 906 */
++ "907", /* 907 */
++ "908", /* 908 */
++ "909", /* 909 */
++ "910", /* 910 */
++ "911", /* 911 */
++ "912", /* 912 */
++ "913", /* 913 */
++ "914", /* 914 */
++ "915", /* 915 */
++ "916", /* 916 */
++ "917", /* 917 */
++ "918", /* 918 */
++ "919", /* 919 */
++ "920", /* 920 */
++ "921", /* 921 */
++ "922", /* 922 */
++ "923", /* 923 */
++ "924", /* 924 */
++ "925", /* 925 */
++ "926", /* 926 */
++ "927", /* 927 */
++ "928", /* 928 */
++ "929", /* 929 */
++ "930", /* 930 */
++ "931", /* 931 */
++ "932", /* 932 */
++ "933", /* 933 */
++ "934", /* 934 */
++ "935", /* 935 */
++ "936", /* 936 */
++ "937", /* 937 */
++ "938", /* 938 */
++ "939", /* 939 */
++ "940", /* 940 */
++ "941", /* 941 */
++ "942", /* 942 */
++ "943", /* 943 */
++ "944", /* 944 */
++ "945", /* 945 */
++ "946", /* 946 */
++ "947", /* 947 */
++ "948", /* 948 */
++ "949", /* 949 */
++ "950", /* 950 */
++ "951", /* 951 */
++ "952", /* 952 */
++ "953", /* 953 */
++ "954", /* 954 */
++ "955", /* 955 */
++ "956", /* 956 */
++ "957", /* 957 */
++ "958", /* 958 */
++ "959", /* 959 */
++ "960", /* 960 */
++ "961", /* 961 */
++ "962", /* 962 */
++ "963", /* 963 */
++ "964", /* 964 */
++ "965", /* 965 */
++ "966", /* 966 */
++ "967", /* 967 */
++ "968", /* 968 */
++ "969", /* 969 */
++ "970", /* 970 */
++ "971", /* 971 */
++ "972", /* 972 */
++ "973", /* 973 */
++ "974", /* 974 */
++ "975", /* 975 */
++ "976", /* 976 */
++ "977", /* 977 */
++ "978", /* 978 */
++ "979", /* 979 */
++ "980", /* 980 */
++ "981", /* 981 */
++ "982", /* 982 */
++ "983", /* 983 */
++ "984", /* 984 */
++ "985", /* 985 */
++ "986", /* 986 */
++ "987", /* 987 */
++ "988", /* 988 */
++ "989", /* 989 */
++ "990", /* 990 */
++ "991", /* 991 */
++ "992", /* 992 */
++ "993", /* 993 */
++ "994", /* 994 */
++ "995", /* 995 */
++ "996", /* 996 */
++ "997", /* 997 */
++ "998", /* 998 */
++ "999", /* 999 */
++ "1000", /* 1000 */
++ "1001", /* 1001 */
++ "1002", /* 1002 */
++ "1003", /* 1003 */
++ "1004", /* 1004 */
++ "1005", /* 1005 */
++ "1006", /* 1006 */
++ "1007", /* 1007 */
++ "1008", /* 1008 */
++ "1009", /* 1009 */
++ "1010", /* 1010 */
++ "1011", /* 1011 */
++ "1012", /* 1012 */
++ "1013", /* 1013 */
++ "1014", /* 1014 */
++ "1015", /* 1015 */
++ "1016", /* 1016 */
++ "1017", /* 1017 */
++ "1018", /* 1018 */
++ "1019", /* 1019 */
++ "1020", /* 1020 */
++ "1021", /* 1021 */
++ "1022", /* 1022 */
++ "1023", /* 1023 */
++ "open", /* 1024 */
++ "link", /* 1025 */
++ "unlink", /* 1026 */
++ "mknod", /* 1027 */
++ "chmod", /* 1028 */
++ "chown", /* 1029 */
++ "mkdir", /* 1030 */
++ "rmdir", /* 1031 */
++ "lchown", /* 1032 */
++ "access", /* 1033 */
++ "rename", /* 1034 */
++ "readlink", /* 1035 */
++ "symlink", /* 1036 */
++ "utimes", /* 1037 */
++ "stat", /* 1038 */
++ "lstat", /* 1039 */
++ "pipe", /* 1040 */
++ "dup2", /* 1041 */
++ "epoll_create", /* 1042 */
++ "inotify_init", /* 1043 */
++ "eventfd", /* 1044 */
++ "signalfd", /* 1045 */
++ "sendfile", /* 1046 */
++ "ftruncate", /* 1047 */
++ "truncate", /* 1048 */
++ "stat", /* 1049 */
++ "lstat", /* 1050 */
++ "fstat", /* 1051 */
++ "fcntl", /* 1052 */
++ "fadvise64", /* 1053 */
++ "newfstatat", /* 1054 */
++ "fstatfs", /* 1055 */
++ "statfs", /* 1056 */
++ "lseek", /* 1057 */
++ "mmap", /* 1058 */
++ "alarm", /* 1059 */
++ "getpgrp", /* 1060 */
++ "pause", /* 1061 */
++ "time", /* 1062 */
++ "utime", /* 1063 */
++ "creat", /* 1064 */
++ "getdents", /* 1065 */
++ "futimesat", /* 1066 */
++ "select", /* 1067 */
++ "poll", /* 1068 */
++ "epoll_wait", /* 1069 */
++ "ustat", /* 1070 */
++ "vfork", /* 1071 */
++ "oldwait4", /* 1072 */
++ "recv", /* 1073 */
++ "send", /* 1074 */
++ "bdflush", /* 1075 */
++ "umount", /* 1076 */
++ "uselib", /* 1077 */
++ "_sysctl", /* 1078 */
++ "fork", /* 1079 */
+diff --git a/sysdeps/linux-gnu/aarch64/trace.c b/sysdeps/linux-gnu/aarch64/trace.c
+new file mode 100644
+index 0000000..5544b51
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/trace.c
+@@ -0,0 +1,84 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++#include <asm/ptrace.h>
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++
++#include "backend.h"
++#include "proc.h"
++
++void
++get_arch_dep(struct Process *proc)
++{
++}
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++
++/* The syscall instruction is:
++ * | 31 21 | 20 5 | 4 0 |
++ * | 1 1 0 1 0 1 0 0 | 0 0 0 | imm16 | 0 0 0 0 1 | */
++#define SVC_MASK 0xffe0001f
++#define SVC_VALUE 0xd4000001
++
++int
++syscall_p(struct Process *proc, int status, int *sysnum)
++{
++ if (WIFSTOPPED(status)
++ && WSTOPSIG(status) == (SIGTRAP | proc->tracesysgood)) {
++
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "syscall_p: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return -1;
++ }
++
++ errno = 0;
++ unsigned long insn = (unsigned long) ptrace(PTRACE_PEEKTEXT,
++ proc->pid,
++ regs.pc - 4, 0);
++ if (insn == -1UL && errno != 0) {
++ fprintf(stderr, "syscall_p: "
++ "Couldn't peek into %d: %s\n", proc->pid,
++ strerror(errno));
++ return -1;
++ }
++
++ insn &= 0xffffffffUL;
++ if ((insn & SVC_MASK) == SVC_VALUE) {
++ *sysnum = regs.regs[8];
++
++ size_t d1 = proc->callstack_depth - 1;
++ if (proc->callstack_depth > 0
++ && proc->callstack[d1].is_syscall
++ && proc->callstack[d1].c_un.syscall == *sysnum)
++ return 2;
++
++ return 1;
++ }
++ }
++
++ return 0;
++}
+--
+1.9.1
+
diff --git a/user/ltrace/aarch64.patch b/user/ltrace/aarch64.patch
new file mode 100644
index 000000000..a89c3073a
--- /dev/null
+++ b/user/ltrace/aarch64.patch
@@ -0,0 +1,2155 @@
+From 982cbca34b2b49a158086ff5f43eb9bba89edead Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Wed, 6 Feb 2013 15:46:04 +0100
+Subject: [PATCH] Move get_hfa_type from IA64 backend to type.c, name it
+ type_get_hfa_type
+
+---
+ sysdeps/linux-gnu/ia64/fetch.c | 48 ++++++++----------------------------------
+ type.c | 36 +++++++++++++++++++++++++++++++
+ type.h | 11 +++++++++-
+ 3 files changed, 55 insertions(+), 40 deletions(-)
+
+diff --git a/sysdeps/linux-gnu/ia64/fetch.c b/sysdeps/linux-gnu/ia64/fetch.c
+index e90dbed..171c7a2 100644
+--- a/sysdeps/linux-gnu/ia64/fetch.c
++++ b/sysdeps/linux-gnu/ia64/fetch.c
+@@ -1,6 +1,6 @@
+ /*
+ * This file is part of ltrace.
+- * Copyright (C) 2012 Petr Machata, Red Hat Inc.
++ * Copyright (C) 2012,2013 Petr Machata, Red Hat Inc.
+ * Copyright (C) 2008,2009 Juan Cespedes
+ * Copyright (C) 2006 Steve Fink
+ * Copyright (C) 2006 Ian Wienand
+@@ -249,37 +249,6 @@ allocate_float(struct fetch_context *ctx, struct process *proc,
+ return 0;
+ }
+
+-static enum arg_type
+-get_hfa_type(struct arg_type_info *info, size_t *countp)
+-{
+- size_t n = type_aggregate_size(info);
+- if (n == (size_t)-1)
+- return ARGTYPE_VOID;
+-
+- enum arg_type type = ARGTYPE_VOID;
+- *countp = 0;
+-
+- while (n-- > 0) {
+- struct arg_type_info *emt = type_element(info, n);
+-
+- enum arg_type emt_type = emt->type;
+- size_t emt_count = 1;
+- if (emt_type == ARGTYPE_STRUCT || emt_type == ARGTYPE_ARRAY)
+- emt_type = get_hfa_type(emt, &emt_count);
+-
+- if (type == ARGTYPE_VOID) {
+- if (emt_type != ARGTYPE_FLOAT
+- && emt_type != ARGTYPE_DOUBLE)
+- return ARGTYPE_VOID;
+- type = emt_type;
+- }
+- if (emt_type != type)
+- return ARGTYPE_VOID;
+- *countp += emt_count;
+- }
+- return type;
+-}
+-
+ static int
+ allocate_hfa(struct fetch_context *ctx, struct process *proc,
+ struct arg_type_info *info, struct value *valuep,
+@@ -380,10 +349,11 @@ allocate_ret(struct fetch_context *ctx, struct process *proc,
+ * floating-point registers, beginning with f8. */
+ if (info->type == ARGTYPE_STRUCT || info->type == ARGTYPE_ARRAY) {
+ size_t hfa_size;
+- enum arg_type hfa_type = get_hfa_type(info, &hfa_size);
+- if (hfa_type != ARGTYPE_VOID && hfa_size <= 8)
++ struct arg_type_info *hfa_info
++ = type_get_hfa_type(info, &hfa_size);
++ if (hfa_info != NULL && hfa_size <= 8)
+ return allocate_hfa(ctx, proc, info, valuep,
+- hfa_type, hfa_size);
++ hfa_info->type, hfa_size);
+ }
+
+ /* Integers and pointers are passed in r8. 128-bit integers
+@@ -409,7 +379,7 @@ arch_fetch_arg_next(struct fetch_context *ctx, enum tof type,
+ struct arg_type_info *info, struct value *valuep)
+ {
+ switch (info->type) {
+- enum arg_type hfa_type;
++ struct arg_type_info *hfa_info;
+ size_t hfa_size;
+
+ case ARGTYPE_VOID:
+@@ -421,10 +391,10 @@ arch_fetch_arg_next(struct fetch_context *ctx, enum tof type,
+ return allocate_float(ctx, proc, info, valuep, 1);
+
+ case ARGTYPE_STRUCT:
+- hfa_type = get_hfa_type(info, &hfa_size);
+- if (hfa_type != ARGTYPE_VOID)
++ hfa_info = type_get_hfa_type(info, &hfa_size);
++ if (hfa_info != NULL)
+ return allocate_hfa(ctx, proc, info, valuep,
+- hfa_type, hfa_size);
++ hfa_info->type, hfa_size);
+ /* Fall through. */
+ case ARGTYPE_CHAR:
+ case ARGTYPE_SHORT:
+diff --git a/type.c b/type.c
+index 11b4ce1..d5bc98f 100644
+--- a/type.c
++++ b/type.c
+@@ -564,3 +564,39 @@ type_get_fp_equivalent(struct arg_type_info *info)
+ }
+ abort();
+ }
++
++struct arg_type_info *
++type_get_hfa_type(struct arg_type_info *info, size_t *countp)
++{
++ assert(info != NULL);
++ if (info->type != ARGTYPE_STRUCT
++ && info->type != ARGTYPE_ARRAY)
++ return NULL;
++
++ size_t n = type_aggregate_size(info);
++ if (n == (size_t)-1)
++ return NULL;
++
++ struct arg_type_info *ret = NULL;
++ *countp = 0;
++
++ while (n-- > 0) {
++ struct arg_type_info *emt = type_element(info, n);
++
++ size_t emt_count = 1;
++ if (emt->type == ARGTYPE_STRUCT || emt->type == ARGTYPE_ARRAY)
++ emt = type_get_hfa_type(emt, &emt_count);
++ if (emt == NULL)
++ return NULL;
++ if (ret == NULL) {
++ if (emt->type != ARGTYPE_FLOAT
++ && emt->type != ARGTYPE_DOUBLE)
++ return NULL;
++ ret = emt;
++ }
++ if (emt->type != ret->type)
++ return NULL;
++ *countp += emt_count;
++ }
++ return ret;
++}
+diff --git a/type.h b/type.h
+index b92c1af..3210677 100644
+--- a/type.h
++++ b/type.h
+@@ -1,6 +1,6 @@
+ /*
+ * This file is part of ltrace.
+- * Copyright (C) 2011,2012 Petr Machata, Red Hat Inc.
++ * Copyright (C) 2011,2012,2013 Petr Machata, Red Hat Inc.
+ * Copyright (C) 1997-2009 Juan Cespedes
+ *
+ * This program is free software; you can redistribute it and/or
+@@ -142,4 +142,13 @@ int type_is_signed(enum arg_type type);
+ * type. */
+ struct arg_type_info *type_get_fp_equivalent(struct arg_type_info *info);
+
++/* If INFO is homogeneous floating-point aggregate, return the
++ * corresponding floating point type, and set *COUNTP to number of
++ * fields of the structure. Otherwise return NULL. INFO is a HFA if
++ * it's an aggregate whose each field is either a HFA, or a
++ * floating-point type. */
++struct arg_type_info *type_get_hfa_type(struct arg_type_info *info,
++ size_t *countp);
++
++
+ #endif /* TYPE_H */
+--
+1.9.1
+
+From ae7249250ea650ec82bc545d4281b852020c7a6f Mon Sep 17 00:00:00 2001
+From: Petr Machata <pmachata@redhat.com>
+Date: Fri, 24 Jan 2014 00:50:06 +0100
+Subject: [PATCH 1/1] Implement aarch64 support
+
+- IFUNC support is not implemented, the rest works well. The only
+ other failure is in wide char functions, and that occurs on x86_64
+ as well.
+---
+ configure.ac | 3 +-
+ sysdeps/linux-gnu/Makefile.am | 4 +-
+ sysdeps/linux-gnu/aarch64/Makefile.am | 25 +
+ sysdeps/linux-gnu/aarch64/arch.h | 37 ++
+ sysdeps/linux-gnu/aarch64/fetch.c | 365 +++++++++++
+ sysdeps/linux-gnu/aarch64/plt.c | 38 ++
+ sysdeps/linux-gnu/aarch64/ptrace.h | 22 +
+ sysdeps/linux-gnu/aarch64/regs.c | 130 ++++
+ sysdeps/linux-gnu/aarch64/signalent.h | 52 ++
+ sysdeps/linux-gnu/aarch64/syscallent.h | 1100 ++++++++++++++++++++++++++++++++
+ sysdeps/linux-gnu/aarch64/trace.c | 83 +++
+ 11 files changed, 1857 insertions(+), 2 deletions(-)
+ create mode 100644 sysdeps/linux-gnu/aarch64/Makefile.am
+ create mode 100644 sysdeps/linux-gnu/aarch64/arch.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/fetch.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/plt.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/ptrace.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/regs.c
+ create mode 100644 sysdeps/linux-gnu/aarch64/signalent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/syscallent.h
+ create mode 100644 sysdeps/linux-gnu/aarch64/trace.c
+
+diff --git a/configure.ac b/configure.ac
+index c6e6bf0..0e9a124 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1,6 +1,6 @@
+ # -*- Autoconf -*-
+ # This file is part of ltrace.
+-# Copyright (C) 2010,2013 Petr Machata, Red Hat Inc.
++# Copyright (C) 2010,2012,2013,2014 Petr Machata, Red Hat Inc.
+ # Copyright (C) 2010,2011 Joe Damato
+ # Copyright (C) 2010 Marc Kleine-Budde
+ # Copyright (C) 2010 Zachary T Welch
+@@ -399,6 +399,7 @@ AC_CONFIG_FILES([
+ Makefile
+ sysdeps/Makefile
+ sysdeps/linux-gnu/Makefile
++ sysdeps/linux-gnu/aarch64/Makefile
+ sysdeps/linux-gnu/alpha/Makefile
+ sysdeps/linux-gnu/arm/Makefile
+ sysdeps/linux-gnu/cris/Makefile
+diff --git a/sysdeps/linux-gnu/Makefile.am b/sysdeps/linux-gnu/Makefile.am
+index ecee577..ec26162 100644
+--- a/sysdeps/linux-gnu/Makefile.am
++++ b/sysdeps/linux-gnu/Makefile.am
+@@ -1,4 +1,5 @@
+ # This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
+ # Copyright (C) 2010,2012 Marc Kleine-Budde, Pengutronix
+ #
+ # This program is free software; you can redistribute it and/or
+@@ -16,7 +17,8 @@
+ # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ # 02110-1301 USA
+
+-DIST_SUBDIRS = alpha arm cris ia64 m68k mips ppc s390 sparc x86
++DIST_SUBDIRS = aarch64 alpha arm cris ia64 m68k mips ppc s390 \
++ sparc x86
+
+ SUBDIRS = \
+ $(HOST_CPU)
+diff --git a/sysdeps/linux-gnu/aarch64/Makefile.am b/sysdeps/linux-gnu/aarch64/Makefile.am
+new file mode 100644
+index 0000000..0af4e6e
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/Makefile.am
+@@ -0,0 +1,25 @@
++# This file is part of ltrace.
++# Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++#
++# This program is free software; you can redistribute it and/or
++# modify it under the terms of the GNU General Public License as
++# published by the Free Software Foundation; either version 2 of the
++# License, or (at your option) any later version.
++#
++# This program is distributed in the hope that it will be useful, but
++# WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++# 02110-1301 USA
++
++noinst_LTLIBRARIES = ../libcpu.la
++
++___libcpu_la_SOURCES = fetch.c plt.c regs.c trace.c
++
++noinst_HEADERS = arch.h ptrace.h signalent.h syscallent.h
++
++MAINTAINERCLEANFILES = Makefile.in
+diff --git a/sysdeps/linux-gnu/aarch64/arch.h b/sysdeps/linux-gnu/aarch64/arch.h
+new file mode 100644
+index 0000000..4137613
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/arch.h
+@@ -0,0 +1,37 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++#ifndef LTRACE_AARCH64_ARCH_H
++#define LTRACE_AARCH64_ARCH_H
++
++/* | 31 21 | 20 5 | 4 0 | *
++ * | 1 1 0 1 0 1 0 0 0 0 1 | imm16 | 0 0 0 0 0 | */
++#define BREAKPOINT_VALUE { 0xd4, 0x20, 0, 0 }
++#define BREAKPOINT_LENGTH 4
++#define DECR_PC_AFTER_BREAK 0
++
++#define LT_ELFCLASS ELFCLASS64
++#define LT_ELF_MACHINE EM_AARCH64
++
++#define ARCH_HAVE_FETCH_ARG
++#define ARCH_ENDIAN_BIG
++#define ARCH_HAVE_SIZEOF
++#define ARCH_HAVE_ALIGNOF
++
++#endif /* LTRACE_AARCH64_ARCH_H */
+diff --git a/sysdeps/linux-gnu/aarch64/fetch.c b/sysdeps/linux-gnu/aarch64/fetch.c
+new file mode 100644
+index 0000000..8779f03
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/fetch.c
+@@ -0,0 +1,365 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <stdlib.h>
++#include <string.h>
++
++#include "fetch.h"
++#include "proc.h"
++#include "type.h"
++#include "value.h"
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++int aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs);
++
++
++struct fetch_context
++{
++ struct user_pt_regs gregs;
++ struct user_fpsimd_state fpregs;
++ arch_addr_t nsaa;
++ unsigned ngrn;
++ unsigned nsrn;
++ arch_addr_t x8;
++};
++
++static int
++context_init(struct fetch_context *context, struct Process *proc)
++{
++ if (aarch64_read_gregs(proc, &context->gregs) < 0
++ || aarch64_read_fregs(proc, &context->fpregs) < 0)
++ return -1;
++
++ context->ngrn = 0;
++ context->nsrn = 0;
++ /* XXX double cast */
++ context->nsaa = (arch_addr_t) (uintptr_t) context->gregs.sp;
++ context->x8 = 0;
++
++ return 0;
++}
++
++struct fetch_context *
++arch_fetch_arg_clone(struct Process *proc, struct fetch_context *context)
++{
++ struct fetch_context *ret = malloc(sizeof(*ret));
++ if (ret == NULL)
++ return NULL;
++ return memcpy(ret, context, sizeof(*ret));
++}
++
++static void
++fetch_next_gpr(struct fetch_context *context, unsigned char *buf)
++{
++ uint64_t u = context->gregs.regs[context->ngrn++];
++ memcpy(buf, &u, 8);
++}
++
++static int
++fetch_gpr(struct fetch_context *context, struct value *value, size_t sz)
++{
++ if (sz < 8)
++ sz = 8;
++
++ unsigned char *buf = value_reserve(value, sz);
++ if (buf == NULL)
++ return -1;
++
++ size_t i;
++ for (i = 0; i < sz; i += 8)
++ fetch_next_gpr(context, buf + i);
++
++ return 0;
++}
++
++static void
++fetch_next_sse(struct fetch_context *context, unsigned char *buf, size_t sz)
++{
++ __int128 u = context->fpregs.vregs[context->nsrn++];
++ memcpy(buf, &u, sz);
++}
++
++static int
++fetch_sse(struct fetch_context *context, struct value *value, size_t sz)
++{
++ unsigned char *buf = value_reserve(value, sz);
++ if (buf == NULL)
++ return -1;
++
++ fetch_next_sse(context, buf, sz);
++ return 0;
++}
++
++static int
++fetch_hfa(struct fetch_context *context,
++ struct value *value, struct arg_type_info *hfa_t, size_t count)
++{
++ size_t sz = type_sizeof(value->inferior, hfa_t);
++ unsigned char *buf = value_reserve(value, sz * count);
++ if (buf == NULL)
++ return -1;
++
++ size_t i;
++ for (i = 0; i < count; ++i) {
++ fetch_next_sse(context, buf, sz);
++ buf += sz;
++ }
++ return 0;
++}
++
++static int
++fetch_stack(struct fetch_context *context, struct value *value,
++ size_t align, size_t sz)
++{
++ if (align < 8)
++ align = 8;
++ size_t amount = ((sz + align - 1) / align) * align;
++
++ /* XXX double casts */
++ uintptr_t sp = (uintptr_t) context->nsaa;
++ sp = ((sp + align - 1) / align) * align;
++
++ value_in_inferior(value, (arch_addr_t) sp);
++
++ sp += amount;
++ context->nsaa = (arch_addr_t) sp;
++
++ return 0;
++}
++
++enum convert_method {
++ CVT_ERR = -1,
++ CVT_NOP = 0,
++ CVT_BYREF,
++};
++
++enum fetch_method {
++ FETCH_NOP,
++ FETCH_STACK,
++ FETCH_GPR,
++ FETCH_SSE,
++ FETCH_HFA,
++};
++
++struct fetch_script {
++ enum convert_method c;
++ enum fetch_method f;
++ size_t sz;
++ struct arg_type_info *hfa_t;
++ size_t count;
++};
++
++static struct fetch_script
++pass_arg(struct fetch_context const *context,
++ struct Process *proc, struct arg_type_info *info)
++{
++ enum fetch_method cvt = CVT_NOP;
++
++ size_t sz = type_sizeof(proc, info);
++ if (sz == (size_t) -1)
++ return (struct fetch_script) { CVT_ERR, FETCH_NOP, sz };
++
++ switch (info->type) {
++ case ARGTYPE_VOID:
++ return (struct fetch_script) { cvt, FETCH_NOP, sz };
++
++ case ARGTYPE_STRUCT:
++ case ARGTYPE_ARRAY:;
++ size_t count;
++ struct arg_type_info *hfa_t = type_get_hfa_type(info, &count);
++ if (hfa_t != NULL && count <= 4) {
++ if (context->nsrn + count <= 8)
++ return (struct fetch_script)
++ { cvt, FETCH_HFA, sz, hfa_t, count };
++ return (struct fetch_script)
++ { cvt, FETCH_STACK, sz, hfa_t, count };
++ }
++
++ if (sz <= 16) {
++ size_t count = sz / 8;
++ if (context->ngrn + count <= 8)
++ return (struct fetch_script)
++ { cvt, FETCH_GPR, sz };
++ }
++
++ cvt = CVT_BYREF;
++ sz = 8;
++ /* Fall through. */
++
++ case ARGTYPE_POINTER:
++ case ARGTYPE_INT:
++ case ARGTYPE_UINT:
++ case ARGTYPE_LONG:
++ case ARGTYPE_ULONG:
++ case ARGTYPE_CHAR:
++ case ARGTYPE_SHORT:
++ case ARGTYPE_USHORT:
++ if (context->ngrn < 8 && sz <= 8)
++ return (struct fetch_script) { cvt, FETCH_GPR, sz };
++ /* We don't support types wider than 8 bytes as of
++ * now. */
++ assert(sz <= 8);
++
++ return (struct fetch_script) { cvt, FETCH_STACK, sz };
++
++ case ARGTYPE_FLOAT:
++ case ARGTYPE_DOUBLE:
++ if (context->nsrn < 8) {
++ /* ltrace doesn't support float128. */
++ assert(sz <= 8);
++ return (struct fetch_script) { cvt, FETCH_SSE, sz };
++ }
++
++ return (struct fetch_script) { cvt, FETCH_STACK, sz };
++ }
++
++ assert(! "Failed to allocate argument.");
++ abort();
++}
++
++static int
++convert_arg(struct value *value, struct fetch_script how)
++{
++ switch (how.c) {
++ case CVT_NOP:
++ return 0;
++ case CVT_BYREF:
++ return value_pass_by_reference(value);
++ case CVT_ERR:
++ return -1;
++ }
++
++ assert(! "Don't know how to convert argument.");
++ abort();
++}
++
++static int
++fetch_arg(struct fetch_context *context,
++ struct Process *proc, struct arg_type_info *info,
++ struct value *value, struct fetch_script how)
++{
++ if (convert_arg(value, how) < 0)
++ return -1;
++
++ switch (how.f) {
++ case FETCH_NOP:
++ return 0;
++
++ case FETCH_STACK:
++ if (how.hfa_t != NULL && how.count != 0 && how.count <= 8)
++ context->nsrn = 8;
++ return fetch_stack(context, value,
++ type_alignof(proc, info), how.sz);
++
++ case FETCH_GPR:
++ return fetch_gpr(context, value, how.sz);
++
++ case FETCH_SSE:
++ return fetch_sse(context, value, how.sz);
++
++ case FETCH_HFA:
++ return fetch_hfa(context, value, how.hfa_t, how.count);
++ }
++
++ assert(! "Don't know how to fetch argument.");
++ abort();
++}
++
++struct fetch_context *
++arch_fetch_arg_init(enum tof type, struct Process *proc,
++ struct arg_type_info *ret_info)
++{
++ struct fetch_context *context = malloc(sizeof *context);
++ if (context == NULL || context_init(context, proc) < 0) {
++ fail:
++ free(context);
++ return NULL;
++ }
++
++ /* There's a provision in ARMv8 parameter passing convention
++ * for returning types that, if passed as first argument to a
++ * function, would be passed on stack. For those types, x8
++ * contains an address where the return argument should be
++ * placed. The callee doesn't need to preserve the value of
++ * x8, so we need to fetch it now.
++ *
++ * To my knowledge, there are currently no types where this
++ * holds, but the code is here, utterly untested. */
++
++ struct fetch_script how = pass_arg(context, proc, ret_info);
++ if (how.c == CVT_ERR)
++ goto fail;
++ if (how.c == CVT_NOP && how.f == FETCH_STACK) {
++ /* XXX double cast. */
++ context->x8 = (arch_addr_t) (uintptr_t) context->gregs.regs[8];
++ /* See the comment above about the assert. */
++ assert(! "Unexpected: first argument passed on stack.");
++ abort();
++ }
++
++ return context;
++}
++
++int
++arch_fetch_arg_next(struct fetch_context *context, enum tof type,
++ struct Process *proc, struct arg_type_info *info,
++ struct value *value)
++{
++ return fetch_arg(context, proc, info, value,
++ pass_arg(context, proc, info));
++}
++
++int
++arch_fetch_retval(struct fetch_context *context, enum tof type,
++ struct Process *proc, struct arg_type_info *info,
++ struct value *value)
++{
++ if (context->x8 != 0) {
++ value_in_inferior(value, context->x8);
++ return 0;
++ }
++
++ if (context_init(context, proc) < 0)
++ return -1;
++
++ return fetch_arg(context, proc, info, value,
++ pass_arg(context, proc, info));
++}
++
++void
++arch_fetch_arg_done(struct fetch_context *context)
++{
++ if (context != NULL)
++ free(context);
++}
++
++size_t
++arch_type_sizeof(struct Process *proc, struct arg_type_info *arg)
++{
++ return (size_t) -2;
++}
++
++size_t
++arch_type_alignof(struct Process *proc, struct arg_type_info *arg)
++{
++ return (size_t) -2;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/plt.c b/sysdeps/linux-gnu/aarch64/plt.c
+new file mode 100644
+index 0000000..29dc4c9
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/plt.c
+@@ -0,0 +1,38 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <gelf.h>
++
++#include "backend.h"
++#include "proc.h"
++#include "library.h"
++#include "ltrace-elf.h"
++
++arch_addr_t
++sym2addr(struct Process *proc, struct library_symbol *sym)
++{
++ return sym->enter_addr;
++}
++
++GElf_Addr
++arch_plt_sym_val(struct ltelf *lte, size_t ndx, GElf_Rela *rela)
++{
++ return lte->plt_addr + 32 + ndx * 16;
++}
+diff --git a/sysdeps/linux-gnu/aarch64/ptrace.h b/sysdeps/linux-gnu/aarch64/ptrace.h
+new file mode 100644
+index 0000000..283c314
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/ptrace.h
+@@ -0,0 +1,22 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
+diff --git a/sysdeps/linux-gnu/aarch64/regs.c b/sysdeps/linux-gnu/aarch64/regs.c
+new file mode 100644
+index 0000000..06eb72b
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/regs.c
+@@ -0,0 +1,131 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <asm/ptrace.h>
++#include <linux/uio.h>
++#include <assert.h>
++#include <stdlib.h>
++#include <stdio.h>
++
++#include "backend.h"
++#include "proc.h"
++
++#define PC_OFF (32 * 4)
++
++int
++aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++ *regs = (struct user_pt_regs) {};
++ struct iovec iovec;
++ iovec.iov_base = regs;
++ iovec.iov_len = sizeof *regs;
++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++ ? -1 : 0;
++}
++
++int
++aarch64_write_gregs(struct Process *proc, struct user_pt_regs *regs)
++{
++ struct iovec iovec;
++ iovec.iov_base = regs;
++ iovec.iov_len = sizeof *regs;
++ return ptrace(PTRACE_SETREGSET, proc->pid, NT_PRSTATUS, &iovec) < 0
++ ? -1 : 0;
++}
++
++int
++aarch64_read_fregs(struct Process *proc, struct user_fpsimd_state *regs)
++{
++ *regs = (struct user_fpsimd_state) {};
++ struct iovec iovec;
++ iovec.iov_base = regs;
++ iovec.iov_len = sizeof *regs;
++ return ptrace(PTRACE_GETREGSET, proc->pid, NT_FPREGSET, &iovec) < 0
++ ? -1 : 0;
++}
++
++arch_addr_t
++get_instruction_pointer(struct Process *proc)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_instruction_pointer: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return 0;
++ }
++
++ /*
++ char buf[128];
++ sprintf(buf, "cat /proc/%d/maps", proc->pid);
++ system(buf);
++ */
++
++ /* XXX double cast */
++ return (arch_addr_t) (uintptr_t) regs.pc;
++}
++
++void
++set_instruction_pointer(struct Process *proc, arch_addr_t addr)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_instruction_pointer: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return;
++ }
++
++ /* XXX double cast */
++ regs.pc = (uint64_t) (uintptr_t) addr;
++
++ if (aarch64_write_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_instruction_pointer: "
++ "Couldn't write registers of %d.\n", proc->pid);
++ return;
++ }
++}
++
++arch_addr_t
++get_stack_pointer(struct Process *proc)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_stack_pointer: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return 0;
++ }
++
++ /* XXX double cast */
++ return (arch_addr_t) (uintptr_t) regs.sp;
++}
++
++arch_addr_t
++get_return_addr(struct Process *proc, arch_addr_t stack_pointer)
++{
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "get_return_addr: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return 0;
++ }
++
++ /* XXX double cast */
++ return (arch_addr_t) (uintptr_t) regs.regs[30];
++}
+diff --git a/sysdeps/linux-gnu/aarch64/signalent.h b/sysdeps/linux-gnu/aarch64/signalent.h
+new file mode 100644
+index 0000000..bf56ebc
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/signalent.h
+@@ -0,0 +1,52 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2006 Ian Wienand
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++ "SIG_0", /* 0 */
++ "SIGHUP", /* 1 */
++ "SIGINT", /* 2 */
++ "SIGQUIT", /* 3 */
++ "SIGILL", /* 4 */
++ "SIGTRAP", /* 5 */
++ "SIGABRT", /* 6 */
++ "SIGBUS", /* 7 */
++ "SIGFPE", /* 8 */
++ "SIGKILL", /* 9 */
++ "SIGUSR1", /* 10 */
++ "SIGSEGV", /* 11 */
++ "SIGUSR2", /* 12 */
++ "SIGPIPE", /* 13 */
++ "SIGALRM", /* 14 */
++ "SIGTERM", /* 15 */
++ "SIGSTKFLT", /* 16 */
++ "SIGCHLD", /* 17 */
++ "SIGCONT", /* 18 */
++ "SIGSTOP", /* 19 */
++ "SIGTSTP", /* 20 */
++ "SIGTTIN", /* 21 */
++ "SIGTTOU", /* 22 */
++ "SIGURG", /* 23 */
++ "SIGXCPU", /* 24 */
++ "SIGXFSZ", /* 25 */
++ "SIGVTALRM", /* 26 */
++ "SIGPROF", /* 27 */
++ "SIGWINCH", /* 28 */
++ "SIGIO", /* 29 */
++ "SIGPWR", /* 30 */
++ "SIGSYS", /* 31 */
+diff --git a/sysdeps/linux-gnu/aarch64/syscallent.h b/sysdeps/linux-gnu/aarch64/syscallent.h
+new file mode 100644
+index 0000000..aca8191
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/syscallent.h
+@@ -0,0 +1,1100 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++ "io_setup", /* 0 */
++ "io_destroy", /* 1 */
++ "io_submit", /* 2 */
++ "io_cancel", /* 3 */
++ "io_getevents", /* 4 */
++ "setxattr", /* 5 */
++ "lsetxattr", /* 6 */
++ "fsetxattr", /* 7 */
++ "getxattr", /* 8 */
++ "lgetxattr", /* 9 */
++ "fgetxattr", /* 10 */
++ "listxattr", /* 11 */
++ "llistxattr", /* 12 */
++ "flistxattr", /* 13 */
++ "removexattr", /* 14 */
++ "lremovexattr", /* 15 */
++ "fremovexattr", /* 16 */
++ "getcwd", /* 17 */
++ "lookup_dcookie", /* 18 */
++ "eventfd2", /* 19 */
++ "epoll_create1", /* 20 */
++ "epoll_ctl", /* 21 */
++ "epoll_pwait", /* 22 */
++ "dup", /* 23 */
++ "dup3", /* 24 */
++ "fcntl", /* 25 */
++ "inotify_init1", /* 26 */
++ "inotify_add_watch", /* 27 */
++ "inotify_rm_watch", /* 28 */
++ "ioctl", /* 29 */
++ "ioprio_set", /* 30 */
++ "ioprio_get", /* 31 */
++ "flock", /* 32 */
++ "mknodat", /* 33 */
++ "mkdirat", /* 34 */
++ "unlinkat", /* 35 */
++ "symlinkat", /* 36 */
++ "linkat", /* 37 */
++ "renameat", /* 38 */
++ "umount2", /* 39 */
++ "mount", /* 40 */
++ "pivot_root", /* 41 */
++ "nfsservctl", /* 42 */
++ "statfs", /* 43 */
++ "fstatfs", /* 44 */
++ "truncate", /* 45 */
++ "ftruncate", /* 46 */
++ "fallocate", /* 47 */
++ "faccessat", /* 48 */
++ "chdir", /* 49 */
++ "fchdir", /* 50 */
++ "chroot", /* 51 */
++ "fchmod", /* 52 */
++ "fchmodat", /* 53 */
++ "fchownat", /* 54 */
++ "fchown", /* 55 */
++ "openat", /* 56 */
++ "close", /* 57 */
++ "vhangup", /* 58 */
++ "pipe2", /* 59 */
++ "quotactl", /* 60 */
++ "getdents64", /* 61 */
++ "lseek", /* 62 */
++ "read", /* 63 */
++ "write", /* 64 */
++ "readv", /* 65 */
++ "writev", /* 66 */
++ "pread64", /* 67 */
++ "pwrite64", /* 68 */
++ "preadv", /* 69 */
++ "pwritev", /* 70 */
++ "sendfile", /* 71 */
++ "pselect6", /* 72 */
++ "ppoll", /* 73 */
++ "signalfd4", /* 74 */
++ "vmsplice", /* 75 */
++ "splice", /* 76 */
++ "tee", /* 77 */
++ "readlinkat", /* 78 */
++ "fstatat", /* 79 */
++ "fstat", /* 80 */
++ "sync", /* 81 */
++ "fsync", /* 82 */
++ "fdatasync", /* 83 */
++ "sync_file_range", /* 84 */
++ "timerfd_create", /* 85 */
++ "timerfd_settime", /* 86 */
++ "timerfd_gettime", /* 87 */
++ "utimensat", /* 88 */
++ "acct", /* 89 */
++ "capget", /* 90 */
++ "capset", /* 91 */
++ "personality", /* 92 */
++ "exit", /* 93 */
++ "exit_group", /* 94 */
++ "waitid", /* 95 */
++ "set_tid_address", /* 96 */
++ "unshare", /* 97 */
++ "futex", /* 98 */
++ "set_robust_list", /* 99 */
++ "get_robust_list", /* 100 */
++ "nanosleep", /* 101 */
++ "getitimer", /* 102 */
++ "setitimer", /* 103 */
++ "kexec_load", /* 104 */
++ "init_module", /* 105 */
++ "delete_module", /* 106 */
++ "timer_create", /* 107 */
++ "timer_gettime", /* 108 */
++ "timer_getoverrun", /* 109 */
++ "timer_settime", /* 110 */
++ "timer_delete", /* 111 */
++ "clock_settime", /* 112 */
++ "clock_gettime", /* 113 */
++ "clock_getres", /* 114 */
++ "clock_nanosleep", /* 115 */
++ "syslog", /* 116 */
++ "ptrace", /* 117 */
++ "sched_setparam", /* 118 */
++ "sched_setscheduler", /* 119 */
++ "sched_getscheduler", /* 120 */
++ "sched_getparam", /* 121 */
++ "sched_setaffinity", /* 122 */
++ "sched_getaffinity", /* 123 */
++ "sched_yield", /* 124 */
++ "sched_get_priority_max", /* 125 */
++ "sched_get_priority_min", /* 126 */
++ "sched_rr_get_interval", /* 127 */
++ "restart_syscall", /* 128 */
++ "kill", /* 129 */
++ "tkill", /* 130 */
++ "tgkill", /* 131 */
++ "sigaltstack", /* 132 */
++ "rt_sigsuspend", /* 133 */
++ "rt_sigaction", /* 134 */
++ "rt_sigprocmask", /* 135 */
++ "rt_sigpending", /* 136 */
++ "rt_sigtimedwait", /* 137 */
++ "rt_sigqueueinfo", /* 138 */
++ "rt_sigreturn", /* 139 */
++ "setpriority", /* 140 */
++ "getpriority", /* 141 */
++ "reboot", /* 142 */
++ "setregid", /* 143 */
++ "setgid", /* 144 */
++ "setreuid", /* 145 */
++ "setuid", /* 146 */
++ "setresuid", /* 147 */
++ "getresuid", /* 148 */
++ "setresgid", /* 149 */
++ "getresgid", /* 150 */
++ "setfsuid", /* 151 */
++ "setfsgid", /* 152 */
++ "times", /* 153 */
++ "setpgid", /* 154 */
++ "getpgid", /* 155 */
++ "getsid", /* 156 */
++ "setsid", /* 157 */
++ "getgroups", /* 158 */
++ "setgroups", /* 159 */
++ "uname", /* 160 */
++ "sethostname", /* 161 */
++ "setdomainname", /* 162 */
++ "getrlimit", /* 163 */
++ "setrlimit", /* 164 */
++ "getrusage", /* 165 */
++ "umask", /* 166 */
++ "prctl", /* 167 */
++ "getcpu", /* 168 */
++ "gettimeofday", /* 169 */
++ "settimeofday", /* 170 */
++ "adjtimex", /* 171 */
++ "getpid", /* 172 */
++ "getppid", /* 173 */
++ "getuid", /* 174 */
++ "geteuid", /* 175 */
++ "getgid", /* 176 */
++ "getegid", /* 177 */
++ "gettid", /* 178 */
++ "sysinfo", /* 179 */
++ "mq_open", /* 180 */
++ "mq_unlink", /* 181 */
++ "mq_timedsend", /* 182 */
++ "mq_timedreceive", /* 183 */
++ "mq_notify", /* 184 */
++ "mq_getsetattr", /* 185 */
++ "msgget", /* 186 */
++ "msgctl", /* 187 */
++ "msgrcv", /* 188 */
++ "msgsnd", /* 189 */
++ "semget", /* 190 */
++ "semctl", /* 191 */
++ "semtimedop", /* 192 */
++ "semop", /* 193 */
++ "shmget", /* 194 */
++ "shmctl", /* 195 */
++ "shmat", /* 196 */
++ "shmdt", /* 197 */
++ "socket", /* 198 */
++ "socketpair", /* 199 */
++ "bind", /* 200 */
++ "listen", /* 201 */
++ "accept", /* 202 */
++ "connect", /* 203 */
++ "getsockname", /* 204 */
++ "getpeername", /* 205 */
++ "sendto", /* 206 */
++ "recvfrom", /* 207 */
++ "setsockopt", /* 208 */
++ "getsockopt", /* 209 */
++ "shutdown", /* 210 */
++ "sendmsg", /* 211 */
++ "recvmsg", /* 212 */
++ "readahead", /* 213 */
++ "brk", /* 214 */
++ "munmap", /* 215 */
++ "mremap", /* 216 */
++ "add_key", /* 217 */
++ "request_key", /* 218 */
++ "keyctl", /* 219 */
++ "clone", /* 220 */
++ "execve", /* 221 */
++ "mmap", /* 222 */
++ "fadvise64", /* 223 */
++ "swapon", /* 224 */
++ "swapoff", /* 225 */
++ "mprotect", /* 226 */
++ "msync", /* 227 */
++ "mlock", /* 228 */
++ "munlock", /* 229 */
++ "mlockall", /* 230 */
++ "munlockall", /* 231 */
++ "mincore", /* 232 */
++ "madvise", /* 233 */
++ "remap_file_pages", /* 234 */
++ "mbind", /* 235 */
++ "get_mempolicy", /* 236 */
++ "set_mempolicy", /* 237 */
++ "migrate_pages", /* 238 */
++ "move_pages", /* 239 */
++ "rt_tgsigqueueinfo", /* 240 */
++ "perf_event_open", /* 241 */
++ "accept4", /* 242 */
++ "recvmmsg", /* 243 */
++ "arch_specific_syscall", /* 244 */
++ "245", /* 245 */
++ "246", /* 246 */
++ "247", /* 247 */
++ "248", /* 248 */
++ "249", /* 249 */
++ "250", /* 250 */
++ "251", /* 251 */
++ "252", /* 252 */
++ "253", /* 253 */
++ "254", /* 254 */
++ "255", /* 255 */
++ "256", /* 256 */
++ "257", /* 257 */
++ "258", /* 258 */
++ "259", /* 259 */
++ "wait4", /* 260 */
++ "prlimit64", /* 261 */
++ "fanotify_init", /* 262 */
++ "fanotify_mark", /* 263 */
++ "name_to_handle_at", /* 264 */
++ "open_by_handle_at", /* 265 */
++ "clock_adjtime", /* 266 */
++ "syncfs", /* 267 */
++ "setns", /* 268 */
++ "sendmmsg", /* 269 */
++ "process_vm_readv", /* 270 */
++ "process_vm_writev", /* 271 */
++ "kcmp", /* 272 */
++ "finit_module", /* 273 */
++ "syscalls", /* 274 */
++ "275", /* 275 */
++ "276", /* 276 */
++ "277", /* 277 */
++ "278", /* 278 */
++ "279", /* 279 */
++ "280", /* 280 */
++ "281", /* 281 */
++ "282", /* 282 */
++ "283", /* 283 */
++ "284", /* 284 */
++ "285", /* 285 */
++ "286", /* 286 */
++ "287", /* 287 */
++ "288", /* 288 */
++ "289", /* 289 */
++ "290", /* 290 */
++ "291", /* 291 */
++ "292", /* 292 */
++ "293", /* 293 */
++ "294", /* 294 */
++ "295", /* 295 */
++ "296", /* 296 */
++ "297", /* 297 */
++ "298", /* 298 */
++ "299", /* 299 */
++ "300", /* 300 */
++ "301", /* 301 */
++ "302", /* 302 */
++ "303", /* 303 */
++ "304", /* 304 */
++ "305", /* 305 */
++ "306", /* 306 */
++ "307", /* 307 */
++ "308", /* 308 */
++ "309", /* 309 */
++ "310", /* 310 */
++ "311", /* 311 */
++ "312", /* 312 */
++ "313", /* 313 */
++ "314", /* 314 */
++ "315", /* 315 */
++ "316", /* 316 */
++ "317", /* 317 */
++ "318", /* 318 */
++ "319", /* 319 */
++ "320", /* 320 */
++ "321", /* 321 */
++ "322", /* 322 */
++ "323", /* 323 */
++ "324", /* 324 */
++ "325", /* 325 */
++ "326", /* 326 */
++ "327", /* 327 */
++ "328", /* 328 */
++ "329", /* 329 */
++ "330", /* 330 */
++ "331", /* 331 */
++ "332", /* 332 */
++ "333", /* 333 */
++ "334", /* 334 */
++ "335", /* 335 */
++ "336", /* 336 */
++ "337", /* 337 */
++ "338", /* 338 */
++ "339", /* 339 */
++ "340", /* 340 */
++ "341", /* 341 */
++ "342", /* 342 */
++ "343", /* 343 */
++ "344", /* 344 */
++ "345", /* 345 */
++ "346", /* 346 */
++ "347", /* 347 */
++ "348", /* 348 */
++ "349", /* 349 */
++ "350", /* 350 */
++ "351", /* 351 */
++ "352", /* 352 */
++ "353", /* 353 */
++ "354", /* 354 */
++ "355", /* 355 */
++ "356", /* 356 */
++ "357", /* 357 */
++ "358", /* 358 */
++ "359", /* 359 */
++ "360", /* 360 */
++ "361", /* 361 */
++ "362", /* 362 */
++ "363", /* 363 */
++ "364", /* 364 */
++ "365", /* 365 */
++ "366", /* 366 */
++ "367", /* 367 */
++ "368", /* 368 */
++ "369", /* 369 */
++ "370", /* 370 */
++ "371", /* 371 */
++ "372", /* 372 */
++ "373", /* 373 */
++ "374", /* 374 */
++ "375", /* 375 */
++ "376", /* 376 */
++ "377", /* 377 */
++ "378", /* 378 */
++ "379", /* 379 */
++ "380", /* 380 */
++ "381", /* 381 */
++ "382", /* 382 */
++ "383", /* 383 */
++ "384", /* 384 */
++ "385", /* 385 */
++ "386", /* 386 */
++ "387", /* 387 */
++ "388", /* 388 */
++ "389", /* 389 */
++ "390", /* 390 */
++ "391", /* 391 */
++ "392", /* 392 */
++ "393", /* 393 */
++ "394", /* 394 */
++ "395", /* 395 */
++ "396", /* 396 */
++ "397", /* 397 */
++ "398", /* 398 */
++ "399", /* 399 */
++ "400", /* 400 */
++ "401", /* 401 */
++ "402", /* 402 */
++ "403", /* 403 */
++ "404", /* 404 */
++ "405", /* 405 */
++ "406", /* 406 */
++ "407", /* 407 */
++ "408", /* 408 */
++ "409", /* 409 */
++ "410", /* 410 */
++ "411", /* 411 */
++ "412", /* 412 */
++ "413", /* 413 */
++ "414", /* 414 */
++ "415", /* 415 */
++ "416", /* 416 */
++ "417", /* 417 */
++ "418", /* 418 */
++ "419", /* 419 */
++ "420", /* 420 */
++ "421", /* 421 */
++ "422", /* 422 */
++ "423", /* 423 */
++ "424", /* 424 */
++ "425", /* 425 */
++ "426", /* 426 */
++ "427", /* 427 */
++ "428", /* 428 */
++ "429", /* 429 */
++ "430", /* 430 */
++ "431", /* 431 */
++ "432", /* 432 */
++ "433", /* 433 */
++ "434", /* 434 */
++ "435", /* 435 */
++ "436", /* 436 */
++ "437", /* 437 */
++ "438", /* 438 */
++ "439", /* 439 */
++ "440", /* 440 */
++ "441", /* 441 */
++ "442", /* 442 */
++ "443", /* 443 */
++ "444", /* 444 */
++ "445", /* 445 */
++ "446", /* 446 */
++ "447", /* 447 */
++ "448", /* 448 */
++ "449", /* 449 */
++ "450", /* 450 */
++ "451", /* 451 */
++ "452", /* 452 */
++ "453", /* 453 */
++ "454", /* 454 */
++ "455", /* 455 */
++ "456", /* 456 */
++ "457", /* 457 */
++ "458", /* 458 */
++ "459", /* 459 */
++ "460", /* 460 */
++ "461", /* 461 */
++ "462", /* 462 */
++ "463", /* 463 */
++ "464", /* 464 */
++ "465", /* 465 */
++ "466", /* 466 */
++ "467", /* 467 */
++ "468", /* 468 */
++ "469", /* 469 */
++ "470", /* 470 */
++ "471", /* 471 */
++ "472", /* 472 */
++ "473", /* 473 */
++ "474", /* 474 */
++ "475", /* 475 */
++ "476", /* 476 */
++ "477", /* 477 */
++ "478", /* 478 */
++ "479", /* 479 */
++ "480", /* 480 */
++ "481", /* 481 */
++ "482", /* 482 */
++ "483", /* 483 */
++ "484", /* 484 */
++ "485", /* 485 */
++ "486", /* 486 */
++ "487", /* 487 */
++ "488", /* 488 */
++ "489", /* 489 */
++ "490", /* 490 */
++ "491", /* 491 */
++ "492", /* 492 */
++ "493", /* 493 */
++ "494", /* 494 */
++ "495", /* 495 */
++ "496", /* 496 */
++ "497", /* 497 */
++ "498", /* 498 */
++ "499", /* 499 */
++ "500", /* 500 */
++ "501", /* 501 */
++ "502", /* 502 */
++ "503", /* 503 */
++ "504", /* 504 */
++ "505", /* 505 */
++ "506", /* 506 */
++ "507", /* 507 */
++ "508", /* 508 */
++ "509", /* 509 */
++ "510", /* 510 */
++ "511", /* 511 */
++ "512", /* 512 */
++ "513", /* 513 */
++ "514", /* 514 */
++ "515", /* 515 */
++ "516", /* 516 */
++ "517", /* 517 */
++ "518", /* 518 */
++ "519", /* 519 */
++ "520", /* 520 */
++ "521", /* 521 */
++ "522", /* 522 */
++ "523", /* 523 */
++ "524", /* 524 */
++ "525", /* 525 */
++ "526", /* 526 */
++ "527", /* 527 */
++ "528", /* 528 */
++ "529", /* 529 */
++ "530", /* 530 */
++ "531", /* 531 */
++ "532", /* 532 */
++ "533", /* 533 */
++ "534", /* 534 */
++ "535", /* 535 */
++ "536", /* 536 */
++ "537", /* 537 */
++ "538", /* 538 */
++ "539", /* 539 */
++ "540", /* 540 */
++ "541", /* 541 */
++ "542", /* 542 */
++ "543", /* 543 */
++ "544", /* 544 */
++ "545", /* 545 */
++ "546", /* 546 */
++ "547", /* 547 */
++ "548", /* 548 */
++ "549", /* 549 */
++ "550", /* 550 */
++ "551", /* 551 */
++ "552", /* 552 */
++ "553", /* 553 */
++ "554", /* 554 */
++ "555", /* 555 */
++ "556", /* 556 */
++ "557", /* 557 */
++ "558", /* 558 */
++ "559", /* 559 */
++ "560", /* 560 */
++ "561", /* 561 */
++ "562", /* 562 */
++ "563", /* 563 */
++ "564", /* 564 */
++ "565", /* 565 */
++ "566", /* 566 */
++ "567", /* 567 */
++ "568", /* 568 */
++ "569", /* 569 */
++ "570", /* 570 */
++ "571", /* 571 */
++ "572", /* 572 */
++ "573", /* 573 */
++ "574", /* 574 */
++ "575", /* 575 */
++ "576", /* 576 */
++ "577", /* 577 */
++ "578", /* 578 */
++ "579", /* 579 */
++ "580", /* 580 */
++ "581", /* 581 */
++ "582", /* 582 */
++ "583", /* 583 */
++ "584", /* 584 */
++ "585", /* 585 */
++ "586", /* 586 */
++ "587", /* 587 */
++ "588", /* 588 */
++ "589", /* 589 */
++ "590", /* 590 */
++ "591", /* 591 */
++ "592", /* 592 */
++ "593", /* 593 */
++ "594", /* 594 */
++ "595", /* 595 */
++ "596", /* 596 */
++ "597", /* 597 */
++ "598", /* 598 */
++ "599", /* 599 */
++ "600", /* 600 */
++ "601", /* 601 */
++ "602", /* 602 */
++ "603", /* 603 */
++ "604", /* 604 */
++ "605", /* 605 */
++ "606", /* 606 */
++ "607", /* 607 */
++ "608", /* 608 */
++ "609", /* 609 */
++ "610", /* 610 */
++ "611", /* 611 */
++ "612", /* 612 */
++ "613", /* 613 */
++ "614", /* 614 */
++ "615", /* 615 */
++ "616", /* 616 */
++ "617", /* 617 */
++ "618", /* 618 */
++ "619", /* 619 */
++ "620", /* 620 */
++ "621", /* 621 */
++ "622", /* 622 */
++ "623", /* 623 */
++ "624", /* 624 */
++ "625", /* 625 */
++ "626", /* 626 */
++ "627", /* 627 */
++ "628", /* 628 */
++ "629", /* 629 */
++ "630", /* 630 */
++ "631", /* 631 */
++ "632", /* 632 */
++ "633", /* 633 */
++ "634", /* 634 */
++ "635", /* 635 */
++ "636", /* 636 */
++ "637", /* 637 */
++ "638", /* 638 */
++ "639", /* 639 */
++ "640", /* 640 */
++ "641", /* 641 */
++ "642", /* 642 */
++ "643", /* 643 */
++ "644", /* 644 */
++ "645", /* 645 */
++ "646", /* 646 */
++ "647", /* 647 */
++ "648", /* 648 */
++ "649", /* 649 */
++ "650", /* 650 */
++ "651", /* 651 */
++ "652", /* 652 */
++ "653", /* 653 */
++ "654", /* 654 */
++ "655", /* 655 */
++ "656", /* 656 */
++ "657", /* 657 */
++ "658", /* 658 */
++ "659", /* 659 */
++ "660", /* 660 */
++ "661", /* 661 */
++ "662", /* 662 */
++ "663", /* 663 */
++ "664", /* 664 */
++ "665", /* 665 */
++ "666", /* 666 */
++ "667", /* 667 */
++ "668", /* 668 */
++ "669", /* 669 */
++ "670", /* 670 */
++ "671", /* 671 */
++ "672", /* 672 */
++ "673", /* 673 */
++ "674", /* 674 */
++ "675", /* 675 */
++ "676", /* 676 */
++ "677", /* 677 */
++ "678", /* 678 */
++ "679", /* 679 */
++ "680", /* 680 */
++ "681", /* 681 */
++ "682", /* 682 */
++ "683", /* 683 */
++ "684", /* 684 */
++ "685", /* 685 */
++ "686", /* 686 */
++ "687", /* 687 */
++ "688", /* 688 */
++ "689", /* 689 */
++ "690", /* 690 */
++ "691", /* 691 */
++ "692", /* 692 */
++ "693", /* 693 */
++ "694", /* 694 */
++ "695", /* 695 */
++ "696", /* 696 */
++ "697", /* 697 */
++ "698", /* 698 */
++ "699", /* 699 */
++ "700", /* 700 */
++ "701", /* 701 */
++ "702", /* 702 */
++ "703", /* 703 */
++ "704", /* 704 */
++ "705", /* 705 */
++ "706", /* 706 */
++ "707", /* 707 */
++ "708", /* 708 */
++ "709", /* 709 */
++ "710", /* 710 */
++ "711", /* 711 */
++ "712", /* 712 */
++ "713", /* 713 */
++ "714", /* 714 */
++ "715", /* 715 */
++ "716", /* 716 */
++ "717", /* 717 */
++ "718", /* 718 */
++ "719", /* 719 */
++ "720", /* 720 */
++ "721", /* 721 */
++ "722", /* 722 */
++ "723", /* 723 */
++ "724", /* 724 */
++ "725", /* 725 */
++ "726", /* 726 */
++ "727", /* 727 */
++ "728", /* 728 */
++ "729", /* 729 */
++ "730", /* 730 */
++ "731", /* 731 */
++ "732", /* 732 */
++ "733", /* 733 */
++ "734", /* 734 */
++ "735", /* 735 */
++ "736", /* 736 */
++ "737", /* 737 */
++ "738", /* 738 */
++ "739", /* 739 */
++ "740", /* 740 */
++ "741", /* 741 */
++ "742", /* 742 */
++ "743", /* 743 */
++ "744", /* 744 */
++ "745", /* 745 */
++ "746", /* 746 */
++ "747", /* 747 */
++ "748", /* 748 */
++ "749", /* 749 */
++ "750", /* 750 */
++ "751", /* 751 */
++ "752", /* 752 */
++ "753", /* 753 */
++ "754", /* 754 */
++ "755", /* 755 */
++ "756", /* 756 */
++ "757", /* 757 */
++ "758", /* 758 */
++ "759", /* 759 */
++ "760", /* 760 */
++ "761", /* 761 */
++ "762", /* 762 */
++ "763", /* 763 */
++ "764", /* 764 */
++ "765", /* 765 */
++ "766", /* 766 */
++ "767", /* 767 */
++ "768", /* 768 */
++ "769", /* 769 */
++ "770", /* 770 */
++ "771", /* 771 */
++ "772", /* 772 */
++ "773", /* 773 */
++ "774", /* 774 */
++ "775", /* 775 */
++ "776", /* 776 */
++ "777", /* 777 */
++ "778", /* 778 */
++ "779", /* 779 */
++ "780", /* 780 */
++ "781", /* 781 */
++ "782", /* 782 */
++ "783", /* 783 */
++ "784", /* 784 */
++ "785", /* 785 */
++ "786", /* 786 */
++ "787", /* 787 */
++ "788", /* 788 */
++ "789", /* 789 */
++ "790", /* 790 */
++ "791", /* 791 */
++ "792", /* 792 */
++ "793", /* 793 */
++ "794", /* 794 */
++ "795", /* 795 */
++ "796", /* 796 */
++ "797", /* 797 */
++ "798", /* 798 */
++ "799", /* 799 */
++ "800", /* 800 */
++ "801", /* 801 */
++ "802", /* 802 */
++ "803", /* 803 */
++ "804", /* 804 */
++ "805", /* 805 */
++ "806", /* 806 */
++ "807", /* 807 */
++ "808", /* 808 */
++ "809", /* 809 */
++ "810", /* 810 */
++ "811", /* 811 */
++ "812", /* 812 */
++ "813", /* 813 */
++ "814", /* 814 */
++ "815", /* 815 */
++ "816", /* 816 */
++ "817", /* 817 */
++ "818", /* 818 */
++ "819", /* 819 */
++ "820", /* 820 */
++ "821", /* 821 */
++ "822", /* 822 */
++ "823", /* 823 */
++ "824", /* 824 */
++ "825", /* 825 */
++ "826", /* 826 */
++ "827", /* 827 */
++ "828", /* 828 */
++ "829", /* 829 */
++ "830", /* 830 */
++ "831", /* 831 */
++ "832", /* 832 */
++ "833", /* 833 */
++ "834", /* 834 */
++ "835", /* 835 */
++ "836", /* 836 */
++ "837", /* 837 */
++ "838", /* 838 */
++ "839", /* 839 */
++ "840", /* 840 */
++ "841", /* 841 */
++ "842", /* 842 */
++ "843", /* 843 */
++ "844", /* 844 */
++ "845", /* 845 */
++ "846", /* 846 */
++ "847", /* 847 */
++ "848", /* 848 */
++ "849", /* 849 */
++ "850", /* 850 */
++ "851", /* 851 */
++ "852", /* 852 */
++ "853", /* 853 */
++ "854", /* 854 */
++ "855", /* 855 */
++ "856", /* 856 */
++ "857", /* 857 */
++ "858", /* 858 */
++ "859", /* 859 */
++ "860", /* 860 */
++ "861", /* 861 */
++ "862", /* 862 */
++ "863", /* 863 */
++ "864", /* 864 */
++ "865", /* 865 */
++ "866", /* 866 */
++ "867", /* 867 */
++ "868", /* 868 */
++ "869", /* 869 */
++ "870", /* 870 */
++ "871", /* 871 */
++ "872", /* 872 */
++ "873", /* 873 */
++ "874", /* 874 */
++ "875", /* 875 */
++ "876", /* 876 */
++ "877", /* 877 */
++ "878", /* 878 */
++ "879", /* 879 */
++ "880", /* 880 */
++ "881", /* 881 */
++ "882", /* 882 */
++ "883", /* 883 */
++ "884", /* 884 */
++ "885", /* 885 */
++ "886", /* 886 */
++ "887", /* 887 */
++ "888", /* 888 */
++ "889", /* 889 */
++ "890", /* 890 */
++ "891", /* 891 */
++ "892", /* 892 */
++ "893", /* 893 */
++ "894", /* 894 */
++ "895", /* 895 */
++ "896", /* 896 */
++ "897", /* 897 */
++ "898", /* 898 */
++ "899", /* 899 */
++ "900", /* 900 */
++ "901", /* 901 */
++ "902", /* 902 */
++ "903", /* 903 */
++ "904", /* 904 */
++ "905", /* 905 */
++ "906", /* 906 */
++ "907", /* 907 */
++ "908", /* 908 */
++ "909", /* 909 */
++ "910", /* 910 */
++ "911", /* 911 */
++ "912", /* 912 */
++ "913", /* 913 */
++ "914", /* 914 */
++ "915", /* 915 */
++ "916", /* 916 */
++ "917", /* 917 */
++ "918", /* 918 */
++ "919", /* 919 */
++ "920", /* 920 */
++ "921", /* 921 */
++ "922", /* 922 */
++ "923", /* 923 */
++ "924", /* 924 */
++ "925", /* 925 */
++ "926", /* 926 */
++ "927", /* 927 */
++ "928", /* 928 */
++ "929", /* 929 */
++ "930", /* 930 */
++ "931", /* 931 */
++ "932", /* 932 */
++ "933", /* 933 */
++ "934", /* 934 */
++ "935", /* 935 */
++ "936", /* 936 */
++ "937", /* 937 */
++ "938", /* 938 */
++ "939", /* 939 */
++ "940", /* 940 */
++ "941", /* 941 */
++ "942", /* 942 */
++ "943", /* 943 */
++ "944", /* 944 */
++ "945", /* 945 */
++ "946", /* 946 */
++ "947", /* 947 */
++ "948", /* 948 */
++ "949", /* 949 */
++ "950", /* 950 */
++ "951", /* 951 */
++ "952", /* 952 */
++ "953", /* 953 */
++ "954", /* 954 */
++ "955", /* 955 */
++ "956", /* 956 */
++ "957", /* 957 */
++ "958", /* 958 */
++ "959", /* 959 */
++ "960", /* 960 */
++ "961", /* 961 */
++ "962", /* 962 */
++ "963", /* 963 */
++ "964", /* 964 */
++ "965", /* 965 */
++ "966", /* 966 */
++ "967", /* 967 */
++ "968", /* 968 */
++ "969", /* 969 */
++ "970", /* 970 */
++ "971", /* 971 */
++ "972", /* 972 */
++ "973", /* 973 */
++ "974", /* 974 */
++ "975", /* 975 */
++ "976", /* 976 */
++ "977", /* 977 */
++ "978", /* 978 */
++ "979", /* 979 */
++ "980", /* 980 */
++ "981", /* 981 */
++ "982", /* 982 */
++ "983", /* 983 */
++ "984", /* 984 */
++ "985", /* 985 */
++ "986", /* 986 */
++ "987", /* 987 */
++ "988", /* 988 */
++ "989", /* 989 */
++ "990", /* 990 */
++ "991", /* 991 */
++ "992", /* 992 */
++ "993", /* 993 */
++ "994", /* 994 */
++ "995", /* 995 */
++ "996", /* 996 */
++ "997", /* 997 */
++ "998", /* 998 */
++ "999", /* 999 */
++ "1000", /* 1000 */
++ "1001", /* 1001 */
++ "1002", /* 1002 */
++ "1003", /* 1003 */
++ "1004", /* 1004 */
++ "1005", /* 1005 */
++ "1006", /* 1006 */
++ "1007", /* 1007 */
++ "1008", /* 1008 */
++ "1009", /* 1009 */
++ "1010", /* 1010 */
++ "1011", /* 1011 */
++ "1012", /* 1012 */
++ "1013", /* 1013 */
++ "1014", /* 1014 */
++ "1015", /* 1015 */
++ "1016", /* 1016 */
++ "1017", /* 1017 */
++ "1018", /* 1018 */
++ "1019", /* 1019 */
++ "1020", /* 1020 */
++ "1021", /* 1021 */
++ "1022", /* 1022 */
++ "1023", /* 1023 */
++ "open", /* 1024 */
++ "link", /* 1025 */
++ "unlink", /* 1026 */
++ "mknod", /* 1027 */
++ "chmod", /* 1028 */
++ "chown", /* 1029 */
++ "mkdir", /* 1030 */
++ "rmdir", /* 1031 */
++ "lchown", /* 1032 */
++ "access", /* 1033 */
++ "rename", /* 1034 */
++ "readlink", /* 1035 */
++ "symlink", /* 1036 */
++ "utimes", /* 1037 */
++ "stat", /* 1038 */
++ "lstat", /* 1039 */
++ "pipe", /* 1040 */
++ "dup2", /* 1041 */
++ "epoll_create", /* 1042 */
++ "inotify_init", /* 1043 */
++ "eventfd", /* 1044 */
++ "signalfd", /* 1045 */
++ "sendfile", /* 1046 */
++ "ftruncate", /* 1047 */
++ "truncate", /* 1048 */
++ "stat", /* 1049 */
++ "lstat", /* 1050 */
++ "fstat", /* 1051 */
++ "fcntl", /* 1052 */
++ "fadvise64", /* 1053 */
++ "newfstatat", /* 1054 */
++ "fstatfs", /* 1055 */
++ "statfs", /* 1056 */
++ "lseek", /* 1057 */
++ "mmap", /* 1058 */
++ "alarm", /* 1059 */
++ "getpgrp", /* 1060 */
++ "pause", /* 1061 */
++ "time", /* 1062 */
++ "utime", /* 1063 */
++ "creat", /* 1064 */
++ "getdents", /* 1065 */
++ "futimesat", /* 1066 */
++ "select", /* 1067 */
++ "poll", /* 1068 */
++ "epoll_wait", /* 1069 */
++ "ustat", /* 1070 */
++ "vfork", /* 1071 */
++ "oldwait4", /* 1072 */
++ "recv", /* 1073 */
++ "send", /* 1074 */
++ "bdflush", /* 1075 */
++ "umount", /* 1076 */
++ "uselib", /* 1077 */
++ "_sysctl", /* 1078 */
++ "fork", /* 1079 */
+diff --git a/sysdeps/linux-gnu/aarch64/trace.c b/sysdeps/linux-gnu/aarch64/trace.c
+new file mode 100644
+index 0000000..5544b51
+--- /dev/null
++++ b/sysdeps/linux-gnu/aarch64/trace.c
+@@ -0,0 +1,84 @@
++/*
++ * This file is part of ltrace.
++ * Copyright (C) 2014 Petr Machata, Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License as
++ * published by the Free Software Foundation; either version 2 of the
++ * License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful, but
++ * WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
++ * 02110-1301 USA
++ */
++
++#include <sys/ptrace.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++#include <asm/ptrace.h>
++#include <string.h>
++#include <stdio.h>
++#include <errno.h>
++
++#include "backend.h"
++#include "proc.h"
++
++void
++get_arch_dep(struct Process *proc)
++{
++}
++
++int aarch64_read_gregs(struct Process *proc, struct user_pt_regs *regs);
++
++/* The syscall instruction is:
++ * | 31 21 | 20 5 | 4 0 |
++ * | 1 1 0 1 0 1 0 0 | 0 0 0 | imm16 | 0 0 0 0 1 | */
++#define SVC_MASK 0xffe0001f
++#define SVC_VALUE 0xd4000001
++
++int
++syscall_p(struct Process *proc, int status, int *sysnum)
++{
++ if (WIFSTOPPED(status)
++ && WSTOPSIG(status) == (SIGTRAP | proc->tracesysgood)) {
++
++ struct user_pt_regs regs;
++ if (aarch64_read_gregs(proc, &regs) < 0) {
++ fprintf(stderr, "syscall_p: "
++ "Couldn't read registers of %d.\n", proc->pid);
++ return -1;
++ }
++
++ errno = 0;
++ unsigned long insn = (unsigned long) ptrace(PTRACE_PEEKTEXT,
++ proc->pid,
++ regs.pc - 4, 0);
++ if (insn == -1UL && errno != 0) {
++ fprintf(stderr, "syscall_p: "
++ "Couldn't peek into %d: %s\n", proc->pid,
++ strerror(errno));
++ return -1;
++ }
++
++ insn &= 0xffffffffUL;
++ if ((insn & SVC_MASK) == SVC_VALUE) {
++ *sysnum = regs.regs[8];
++
++ size_t d1 = proc->callstack_depth - 1;
++ if (proc->callstack_depth > 0
++ && proc->callstack[d1].is_syscall
++ && proc->callstack[d1].c_un.syscall == *sysnum)
++ return 2;
++
++ return 1;
++ }
++ }
++
++ return 0;
++}
+--
+1.9.1
+
diff --git a/user/ltrace/add_ppc64le.patch b/user/ltrace/add_ppc64le.patch
new file mode 100644
index 000000000..32efa8b52
--- /dev/null
+++ b/user/ltrace/add_ppc64le.patch
@@ -0,0 +1,54 @@
+--- ltrace-0.7.3.orig/configure.ac
++++ ltrace-0.7.3/configure.ac
+@@ -43,7 +43,7 @@
+ arm*|sa110) HOST_CPU="arm" ;;
+ cris*) HOST_CPU="cris" ;;
+ mips*) HOST_CPU="mips" ;;
+- powerpc|powerpc64) HOST_CPU="ppc" ;;
++ powerpc|powerpc64|powerpc64le) HOST_CPU="ppc" ;;
+ sun4u|sparc64) HOST_CPU="sparc" ;;
+ s390x) HOST_CPU="s390" ;;
+ i?86|x86_64) HOST_CPU="x86" ;;
+@@ -159,7 +159,7 @@
+ arm*|sa110) UNWIND_ARCH="arm" ;;
+ i?86) UNWIND_ARCH="x86" ;;
+ powerpc) UNWIND_ARCH="ppc32" ;;
+- powerpc64) UNWIND_ARCH="ppc64" ;;
++ powerpc64|powerpc64le) UNWIND_ARCH="ppc64" ;;
+ mips*) UNWIND_ARCH="mips" ;;
+ *) UNWIND_ARCH="${host_cpu}" ;;
+ esac
+--- ltrace-0.7.3.orig/sysdeps/linux-gnu/ppc/ptrace.h
++++ ltrace-0.7.3/sysdeps/linux-gnu/ppc/ptrace.h
+@@ -18,4 +18,5 @@
+ * 02110-1301 USA
+ */
+
++#include <asm/ptrace.h>
+ #include <sys/ptrace.h>
+--- ltrace-0.7.3.orig/sysdeps/linux-gnu/ppc/regs.c
++++ ltrace-0.7.3/sysdeps/linux-gnu/ppc/regs.c
+@@ -26,7 +26,9 @@
+ #include <sys/ptrace.h>
+ #include <asm/ptrace.h>
+ #include <errno.h>
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+
+ #include "proc.h"
+ #include "common.h"
+@@ -47,8 +49,11 @@
+ void
+ set_instruction_pointer(Process *proc, void *addr)
+ {
+- if (ptrace(PTRACE_POKEUSER, proc->pid, sizeof(long)*PT_NIP, addr) != 0)
+- error(0, errno, "set_instruction_pointer");
++ if (ptrace(PTRACE_POKEUSER, proc->pid, sizeof(long)*PT_NIP, addr) != 0){
++ strerror(0, errno, "set_instruction_pointer");
++ report_global_error("%s: set_instruction_pointer",
++ strerror(errno));
++ }
+ }
+
+ void *
diff --git a/user/ltrace/musl.patch b/user/ltrace/musl.patch
new file mode 100644
index 000000000..2dc909c95
--- /dev/null
+++ b/user/ltrace/musl.patch
@@ -0,0 +1,153 @@
+--- ./configure.ac.orig
++++ ./configure.ac
+@@ -34,6 +34,7 @@
+ case "${host_os}" in
+ linux-gnu*) HOST_OS="linux-gnu" ;;
+ linux-uclibc*) HOST_OS="linux-gnu" ;;
++ linux-musl*) HOST_OS="linux-gnu" ;;
+ *) AC_MSG_ERROR([unkown host-os ${host_os}]) ;;
+ esac
+ AC_SUBST(HOST_OS)
+@@ -234,6 +235,7 @@
+ sys/param.h \
+ sys/time.h \
+ unistd.h \
++ error.h \
+ ])
+
+ # Checks for typedefs, structures, and compiler characteristics.
+diff --git a/expr.c b/expr.c
+index 32860fd..374c549 100644
+--- a/expr.c
++++ b/expr.c
+@@ -19,9 +19,12 @@
+ */
+
+ #include <string.h>
++#include <stdio.h>
+ #include <assert.h>
+ #include <errno.h>
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+ #include <stdlib.h>
+
+ #include "expr.h"
+@@ -330,8 +333,11 @@ expr_self(void)
+ static struct expr_node *node = NULL;
+ if (node == NULL) {
+ node = malloc(sizeof(*node));
+- if (node == NULL)
+- error(1, errno, "malloc expr_self");
++ if (node == NULL) {
++ fprintf(stderr, "%s: malloc expr_self\n",
++ strerror(errno));
++ exit(1);
++ }
+ expr_init_self(node);
+ }
+ return node;
+diff --git a/glob.c b/glob.c
+index 075c867..06fec47 100644
+--- a/glob.c
++++ b/glob.c
+@@ -180,7 +180,7 @@ glob_to_regex(const char *glob, char **retp)
+ goto fail;
+ }
+ *retp = buf;
+- return REG_NOERROR;
++ return 0;
+ }
+
+ int
+@@ -188,7 +188,7 @@ globcomp(regex_t *preg, const char *glob, int cflags)
+ {
+ char *regex = NULL;
+ int status = glob_to_regex(glob, &regex);
+- if (status != REG_NOERROR)
++ if (status != 0)
+ return status;
+ assert(regex != NULL);
+ status = regcomp(preg, regex, cflags);
+diff --git a/options.c b/options.c
+index 1e19dc7..1dc5e1e 100644
+--- a/options.c
++++ b/options.c
+@@ -204,7 +204,7 @@ compile_libname(const char *expr, const char *a_lib, int lib_re_p,
+
+ regex_t lib_re;
+ int status = (lib_re_p ? regcomp : globcomp)(&lib_re, lib, 0);
+- if (status != REG_NOERROR) {
++ if (status != 0) {
+ char buf[100];
+ regerror(status, &lib_re, buf, sizeof buf);
+ fprintf(stderr, "Rule near '%s' will be ignored: %s.\n",
+diff --git a/read_config_file.c b/read_config_file.c
+index e247436..73528fe 100644
+--- a/read_config_file.c
++++ b/read_config_file.c
+@@ -27,7 +27,9 @@
+ #include <stdlib.h>
+ #include <ctype.h>
+ #include <errno.h>
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+ #include <assert.h>
+
+ #include "common.h"
+@@ -1258,8 +1260,12 @@ void
+ init_global_config(void)
+ {
+ struct arg_type_info *info = malloc(2 * sizeof(*info));
+- if (info == NULL)
+- error(1, errno, "malloc in init_global_config");
++ if (info == NULL) {
++ report_error(filename, line_no,
++ "%s: malloc in init_global_config",
++ strerror(errno));
++ exit(1);
++ }
+
+ memset(info, 0, 2 * sizeof(*info));
+ info[0].type = ARGTYPE_POINTER;
+diff --git a/zero.c b/zero.c
+index bc119ee..e685f59 100644
+--- a/zero.c
++++ b/zero.c
+@@ -18,8 +18,11 @@
+ * 02110-1301 USA
+ */
+
++#ifdef HAVE_ERROR_H
+ #include <error.h>
++#endif
+ #include <errno.h>
++#include <string.h>
+
+ #include "zero.h"
+ #include "common.h"
+@@ -96,8 +99,11 @@ expr_node_zero(void)
+ static struct expr_node *node = NULL;
+ if (node == NULL) {
+ node = malloc(sizeof(*node));
+- if (node == NULL)
+- error(1, errno, "malloc expr_node_zero");
++ if (node == NULL) {
++ report_global_error("%s: malloc expr_node_zero",
++ strerror(errno));
++ exit(1);
++ }
+ expr_init_cb1(node, &zero1_callback,
+ expr_self(), 0, (void *)-1);
+ }
+--- ./proc.h.orig
++++ ./proc.h
+@@ -26,6 +26,7 @@
+ #include "config.h"
+
+ #include <sys/time.h>
++#include <unistd.h>
+
+ #if defined(HAVE_LIBUNWIND)
+ # include <libunwind.h>
diff --git a/user/mlt/APKBUILD b/user/mlt/APKBUILD
new file mode 100644
index 000000000..0dc7d8041
--- /dev/null
+++ b/user/mlt/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer:
+pkgname=mlt
+pkgver=6.8.0
+pkgrel=0
+pkgdesc="MLT Multimedia Framework"
+url="https://www.mltframework.org/"
+arch="all !s390x" # depends on fftw which does not work on s390x
+options="!check" # No test suite.
+license="LGPL-2.1"
+makedepends="ffmpeg-dev libsamplerate-dev sox-dev gtk+2.0-dev sdl_image-dev
+ frei0r-plugins-dev libxml2-dev fftw-dev sdl2-dev sdl-dev libexif-dev
+ bsd-compat-headers qt5-qttools-dev qt5-qtsvg-dev"
+subpackages="$pkgname-dev"
+source="https://github.com/mltframework/mlt/releases/download/v$pkgver/mlt-$pkgver.tar.gz
+ mlt-6.8.0-locale-header.patch
+ "
+builddir="$srcdir/mlt-$pkgver"
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --localstatedir=/var \
+ --avformat-swscale \
+ --enable-motion-est \
+ --enable-gpl \
+ --enable-gpl3 \
+ --disable-rtaudio
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="5f88d82b0b1656875d19c7cd322181cf974e1cad36692854835ae313723dfd412e6ba4fbb6cca9d70756ca83b512b0f78e95df517cfa007c76f94b26a9901ec8 mlt-6.8.0.tar.gz
+c7c9fe70475ccf78c719c1ca6e1a7f2189e08abe04d556fe558dd787799bd7808d61326cfb2818eefe4a6868eed300b0c0d1480aa3df302b65b79a9a9aacc1b1 mlt-6.8.0-locale-header.patch"
diff --git a/user/mlt/mlt-6.8.0-locale-header.patch b/user/mlt/mlt-6.8.0-locale-header.patch
new file mode 100644
index 000000000..5b45b600a
--- /dev/null
+++ b/user/mlt/mlt-6.8.0-locale-header.patch
@@ -0,0 +1,18 @@
+Extremely incorrect logic here; fix it so that locale_t is defined properly.
+
+--- mlt-6.8.0/src/framework/mlt_property.h.old 2018-05-10 20:16:56.000000000 -0500
++++ mlt-6.8.0/src/framework/mlt_property.h 2018-06-07 05:22:57.345580154 -0500
+@@ -30,10 +30,10 @@
+ #include <sys/param.h>
+ #endif
+
+-#if (defined(__GLIBC__) && !defined(__APPLE__)) || HAVE_LOCALE_H
+-# include <locale.h>
+-#elif defined(__APPLE__) || (__FreeBSD_version >= 900506)
++#if defined(__APPLE__) || (__FreeBSD_version >= 900506)
+ # include <xlocale.h>
++#elif defined(__linux__) || HAVE_LOCALE_H
++# include <locale.h>
+ #else
+ typedef char* locale_t;
+ #endif
diff --git a/user/mutt/APKBUILD b/user/mutt/APKBUILD
new file mode 100644
index 000000000..2b3424421
--- /dev/null
+++ b/user/mutt/APKBUILD
@@ -0,0 +1,61 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Andrew Manison<amanison@anselsystems.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mutt
+pkgver=1.9.1
+pkgrel=0
+pkgdesc="a small but very powerful text-mode email client"
+url="http://www.mutt.org"
+arch="all"
+license="GPL"
+makedepends="cyrus-sasl-dev gdbm-dev gettext-dev gpgme-dev
+ libidn-dev ncurses-dev openssl-dev perl"
+options="suid !check"
+subpackages="$pkgname-doc $pkgname-lang"
+source="https://bitbucket.org/$pkgname/$pkgname/downloads/$pkgname-$pkgver.tar.gz"
+builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+ cd "$builddir"
+ ISPELL=/usr/bin/hunspell \
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --enable-imap \
+ --enable-pop \
+ --enable-smtp \
+ --enable-hcache \
+ --enable-gpgme \
+ --enable-sidebar \
+ --enable-smime \
+ --with-curses \
+ --with-mailpath=/var/spool/mail \
+ --with-docdir=/usr/share/doc/$pkgname \
+ --without-included-gettext \
+ --with-ssl \
+ --with-sasl
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+
+ rm "$pkgdir"/etc/*.dist \
+ "$pkgdir"/etc/mime.types \
+ "$pkgdir"/usr/bin/muttbug \
+ "$pkgdir"/usr/bin/flea
+
+ # Don't tamper with the global configuration file.
+ # Many options set in the global config cannot be
+ # overwritten in the users configuration file.
+ # Example: Resetting colors isn't possible.
+ install -Dm644 contrib/gpg.rc \
+ "$pkgdir"/etc/Muttrc.gpg.dist
+}
+
+sha512sums="1a6871eb8499c60ae18b03d56b81e64de1643c68f8fbe05bbe114085b20098be58175e5bd6d2515e8332a824cbed75640744a261d4f10654c56625f903224095 mutt-1.9.1.tar.gz"
diff --git a/user/neon/APKBUILD b/user/neon/APKBUILD
new file mode 100644
index 000000000..a0ddbd5d4
--- /dev/null
+++ b/user/neon/APKBUILD
@@ -0,0 +1,41 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=neon
+pkgver=0.30.2
+pkgrel=2
+pkgdesc="HTTP and WebDAV client library with a C interface"
+url="http://www.webdav.org/neon/"
+arch="all"
+license="GPL LGPL"
+makedepends="expat-dev openssl-dev zlib-dev"
+depends="ca-certificates"
+depends_dev="$makedepends"
+subpackages="$pkgname-dev $pkgname-doc"
+source="https://distfiles.adelielinux.org/source/$pkgname-$pkgver.tar.gz"
+
+build () {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --with-ssl \
+ --with-expat \
+ --without-gssapi \
+ --disable-nls \
+ --enable-shared \
+ --disable-static \
+ --enable-threadsafe-ssl=posix \
+ --with-ca-bundle=/etc/ssl/certs/ca-certificates.crt
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+sha512sums="634caf87522e0bd2695c6fba39cae2465e403f9fbd8007eb10e4e035c765d24cb8da932c67bfa35c34aa51b90c7bc7037ebebaa1ec43259366d5d07233efc631 neon-0.30.2.tar.gz"
diff --git a/user/openldap/APKBUILD b/user/openldap/APKBUILD
new file mode 100644
index 000000000..84cbc1471
--- /dev/null
+++ b/user/openldap/APKBUILD
@@ -0,0 +1,212 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+# Contributor: Jakub Jirutka <jakub@jirutka.cz>
+#
+# secfixes:
+# 2.4.46:
+# - CVE-2017-14159
+# - CVE-2017-17740
+# 2.4.44-r5:
+# - CVE-2017-9287
+#
+pkgname=openldap
+pkgver=2.4.46
+pkgrel=0
+pkgdesc="LDAP Server"
+url="http://www.openldap.org/"
+arch="all"
+options="!check" # Test suite takes > 2 hours to complete on each builder.
+license="custom"
+depends=""
+pkgusers="ldap"
+pkggroups="ldap"
+depends_dev="openssl-dev cyrus-sasl-dev util-linux-dev"
+makedepends="$depends_dev db-dev groff unixodbc-dev libtool
+ autoconf automake libtool"
+subpackages="$pkgname-dev $pkgname-doc libldap $pkgname-openrc
+ $pkgname-clients $pkgname-passwd-pbkdf2:passwd_pbkdf2
+ $pkgname-backend-all:_backend_all:noarch
+ $pkgname-overlay-all:_overlay_all:noarch"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
+source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz
+ openldap-2.4-ppolicy.patch
+ openldap-2.4.11-libldap_r.patch
+ fix-manpages.patch
+ configs.patch
+
+ slapd.initd
+ slapd.confd
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# SLAPD backends
+_backends=""
+for _name in bdb dnssrv hdb ldap mdb meta monitor null passwd \
+ relay shell sql sock
+do
+ subpackages="$subpackages $pkgname-back-$_name:_backend"
+ _backends="$_backends $pkgname-back-$_name"
+done
+
+# SLAPD overlays
+_overlays=""
+for _name in accesslog auditlog collect constraint dds deref dyngroup \
+ dynlist memberof ppolicy proxycache refint retcode rwm seqmod \
+ sssvlv syncprov translucent unique valsort
+do
+ subpackages="$subpackages $pkgname-overlay-$_name:_overlay"
+ _overlays="$_overlays $pkgname-overlay-$_name"
+done
+
+prepare() {
+ cd "$builddir"
+ update_config_sub
+
+ sed -i '/^STRIP/s,-s,,g' build/top.mk
+ libtoolize --force && aclocal && autoconf
+}
+
+build () {
+ cd "$builddir"
+
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --libexecdir=/usr/lib \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --localstatedir=/var/lib/openldap \
+ --enable-slapd \
+ --enable-crypt \
+ --enable-modules \
+ --enable-dynamic \
+ --enable-bdb=mod \
+ --enable-dnssrv=mod \
+ --enable-hdb=mod \
+ --enable-ldap=mod \
+ --enable-mdb=mod \
+ --enable-meta=mod \
+ --enable-monitor=mod \
+ --enable-null=mod \
+ --enable-passwd=mod \
+ --enable-relay=mod \
+ --enable-shell=mod \
+ --enable-sock=mod \
+ --enable-sql=mod \
+ --enable-overlays=mod \
+ --with-tls=openssl \
+ --with-cyrus-sasl
+ make
+
+ # Build passwd pbkdf2.
+ make prefix=/usr libexecdir=/usr/lib \
+ -C contrib/slapd-modules/passwd/pbkdf2
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+
+ make DESTDIR="$pkgdir" install
+
+ # Install passwd pbkdf2.
+ make DESTDIR="$pkgdir" prefix=/usr libexecdir=/usr/lib \
+ -C contrib/slapd-modules/passwd/pbkdf2 install
+
+ cd "$pkgdir"
+
+ rmdir var/lib/openldap/run
+
+ # Fix tools symlinks to slapd.
+ local path; for path in $(find usr/sbin/ -type l); do
+ ln -sf slapd $path
+ done
+
+ # Move executable from lib to sbin.
+ mv usr/lib/slapd usr/sbin/
+
+ # Move *.default configs to docs.
+ mkdir -p usr/share/doc/$pkgname
+ mv etc/openldap/*.default usr/share/doc/$pkgname/
+
+ chgrp ldap etc/openldap/slapd.*
+ chmod g+r etc/openldap/slapd.*
+
+ install -d -m 700 -o ldap -g ldap \
+ var/lib/openldap \
+ var/lib/openldap/openldap-data
+
+ install -D -m 755 "$srcdir"/slapd.initd etc/init.d/slapd
+ install -D -m 644 "$srcdir"/slapd.confd etc/conf.d/slapd
+}
+
+libldap() {
+ pkgdesc="OpenLDAP libraries"
+ depends=""
+ install=""
+
+ _submv "usr/lib/*.so*" etc/openldap/ldap.conf
+}
+
+clients() {
+ pkgdesc="LDAP client utilities"
+
+ _submv usr/bin
+}
+
+passwd_pbkdf2() {
+ pkgdesc="PBKDF2 OpenLDAP support"
+ depends="$pkgname"
+
+ _submv "usr/lib/openldap/pw-pbkdf2.*"
+}
+
+_backend_all() {
+ pkgdesc="Virtual package that installs all OpenLDAP backends"
+ depends="$_backends"
+
+ mkdir -p "$subpkgdir"
+}
+
+_overlay_all() {
+ pkgdesc="Virtual package that installs all OpenLDAP overlays"
+ depends="$_overlays"
+
+ mkdir -p "$subpkgdir"
+}
+
+_backend() {
+ backend_name="${subpkgname#openldap-back-}"
+ pkgdesc="OpenLDAP $backend_name backend"
+
+ _submv "usr/lib/openldap/back_$backend_name*"
+}
+
+_overlay() {
+ overlay_name="${subpkgname#openldap-overlay-}"
+ pkgdesc="OpenLDAP $backend_name overlay"
+
+ case "$overlay_name" in
+ proxycache) overlay_name=pcache;;
+ esac
+ _submv "usr/lib/openldap/$overlay_name*"
+}
+
+_submv() {
+ local path; for path in "$@"; do
+ mkdir -p "$subpkgdir"/${path%/*}
+ mv "$pkgdir"/$path "$subpkgdir"/${path%/*}/
+ done
+}
+
+sha512sums="eef39d43f04aa09c657a1422cefef060fe00368559ae40d0d97536c08ebeaaa1ab06207b3f121ba6afcde54abdc550027c3505e5217e5fd47ae6f8c001260186 openldap-2.4.46.tgz
+5d34d49eabe7cb66cf8284cc3bd9730fa23df4932df68549e242d250ee50d40c434ae074ebc720d5fbcd9d16587c9333c5598d30a5f1177caa61461ab7771f38 openldap-2.4-ppolicy.patch
+44d97efb25d4f39ab10cd5571db43f3bfa7c617a5bb087085ae16c0298aca899b55c8742a502121ba743a73e6d77cd2056bc96cee63d6d0862dabc8fb5574357 openldap-2.4.11-libldap_r.patch
+8c4244d316a05870dd1147b2ab7ddbcfd7626b5dce2f5a0e72f066dc635c2edb4f1ea3be88c6fec2d5ab016001be16bedef70f2ce0695c3cd96f69e1614ff177 fix-manpages.patch
+0d2e570ddcb7ace1221abad9fc1d3dd0d00d6948340df69879b449959a68feee6a0ad8e17ef9971b35986293e16fc9d8e88de81815fedd5ea6a952eb085406ca configs.patch
+0c3606e4dad1b32f1c4b62f2bc1990a4c9f7ccd10c7b50e623309ba9df98064e68fc42a7242450f32fb6e5fa2203609d3d069871b5ae994cd4b227a078c93532 slapd.initd
+64dc4c0aa0abe3d9f7d2aef25fe4c8e23c53df2421067947ac4d096c9e942b26356cb8577ebc41b52d88d0b0a03b2a3e435fe86242671f9b36555a5f82ee0e3a slapd.confd"
diff --git a/user/openldap/CVE-2017-9287.patch b/user/openldap/CVE-2017-9287.patch
new file mode 100644
index 000000000..1599c1331
--- /dev/null
+++ b/user/openldap/CVE-2017-9287.patch
@@ -0,0 +1,28 @@
+From 0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e Mon Sep 17 00:00:00 2001
+From: Ryan Tandy <ryan@nardis.ca>
+Date: Wed, 17 May 2017 20:07:39 -0700
+Subject: [PATCH] ITS#8655 fix double free on paged search with pagesize 0
+
+Fixes a double free when a search includes the Paged Results control
+with a page size of 0 and the search base matches the filter.
+---
+ servers/slapd/back-mdb/search.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/servers/slapd/back-mdb/search.c b/servers/slapd/back-mdb/search.c
+index 301d1a4..43442aa 100644
+--- a/servers/slapd/back-mdb/search.c
++++ b/servers/slapd/back-mdb/search.c
+@@ -1066,7 +1066,8 @@ notfound:
+ /* check size limit */
+ if ( get_pagedresults(op) > SLAP_CONTROL_IGNORED ) {
+ if ( rs->sr_nentries >= ((PagedResultsState *)op->o_pagedresults_state)->ps_size ) {
+- mdb_entry_return( op, e );
++ if (e != base)
++ mdb_entry_return( op, e );
+ e = NULL;
+ send_paged_response( op, rs, &lastid, tentries );
+ goto done;
+--
+1.7.10.4
+
diff --git a/user/openldap/configs.patch b/user/openldap/configs.patch
new file mode 100644
index 000000000..e7ec65c4b
--- /dev/null
+++ b/user/openldap/configs.patch
@@ -0,0 +1,117 @@
+--- a/servers/slapd/slapd.conf
++++ b/servers/slapd/slapd.conf
+@@ -2,7 +2,7 @@
+ # See slapd.conf(5) for details on configuration options.
+ # This file should NOT be world readable.
+ #
+-include %SYSCONFDIR%/schema/core.schema
++include /etc/openldap/schema/core.schema
+
+ # Define global ACLs to disable default read access.
+
+@@ -10,13 +10,16 @@
+ # service AND an understanding of referrals.
+ #referral ldap://root.openldap.org
+
+-pidfile %LOCALSTATEDIR%/run/slapd.pid
+-argsfile %LOCALSTATEDIR%/run/slapd.args
++# If you change this, adjust pidfile path also in runscript!
++pidfile /run/openldap/slapd.pid
++argsfile /run/openldap/slapd.args
+
+ # Load dynamic backend modules:
+-# modulepath %MODULEDIR%
+-# moduleload back_mdb.la
+-# moduleload back_ldap.la
++modulepath /usr/lib/openldap
++moduleload back_mdb.so
++# moduleload back_hdb.so
++# moduleload back_bbd.so
++# moduleload back_ldap.so
+
+ # Sample security restrictions
+ # Require integrity protection (prevent hijacking)
+@@ -53,13 +56,16 @@
+ maxsize 1073741824
+ suffix "dc=my-domain,dc=com"
+ rootdn "cn=Manager,dc=my-domain,dc=com"
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoid. See slappasswd(8) and slapd.conf(5) for details.
+ # Use of strong authentication encouraged.
+ rootpw secret
++
+ # The database directory MUST exist prior to running slapd AND
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-directory %LOCALSTATEDIR%/openldap-data
++directory /var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ index objectClass eq
+--- a/servers/slapd/slapd.ldif
++++ b/servers/slapd/slapd.ldif
+@@ -9,8 +9,9 @@
+ #
+ # Define global ACLs to disable default read access.
+ #
+-olcArgsFile: %LOCALSTATEDIR%/run/slapd.args
+-olcPidFile: %LOCALSTATEDIR%/run/slapd.pid
++# If you change this, set pidfile variable in /etc/conf.d/slapd!
++olcPidFile: /run/openldap/slapd.pid
++olcArgsFile: /run/openldap/slapd.args
+ #
+ # Do not enable referrals until AFTER you have a working directory
+ # service AND an understanding of referrals.
+@@ -26,22 +27,23 @@
+ #
+ # Load dynamic backend modules:
+ #
+-#dn: cn=module,cn=config
+-#objectClass: olcModuleList
+-#cn: module
+-#olcModulepath: %MODULEDIR%
+-#olcModuleload: back_bdb.la
+-#olcModuleload: back_hdb.la
+-#olcModuleload: back_ldap.la
+-#olcModuleload: back_passwd.la
+-#olcModuleload: back_shell.la
++dn: cn=module,cn=config
++objectClass: olcModuleList
++cn: module
++olcModulepath: /usr/lib/openldap
++#olcModuleload: back_bdb.so
++#olcModuleload: back_hdb.so
++#olcModuleload: back_ldap.so
++olcModuleload: back_mdb.so
++#olcModuleload: back_passwd.so
++#olcModuleload: back_shell.so
+
+
+ dn: cn=schema,cn=config
+ objectClass: olcSchemaConfig
+ cn: schema
+
+-include: file://%SYSCONFDIR%/schema/core.ldif
++include: file:///etc/openldap/schema/core.ldif
+
+ # Frontend settings
+ #
+@@ -83,13 +85,16 @@
+ olcDatabase: mdb
+ olcSuffix: dc=my-domain,dc=com
+ olcRootDN: cn=Manager,dc=my-domain,dc=com
++
+ # Cleartext passwords, especially for the rootdn, should
+ # be avoided. See slappasswd(8) and slapd-config(5) for details.
+ # Use of strong authentication encouraged.
+ olcRootPW: secret
++
+ # The database directory MUST exist prior to running slapd AND
+ # should only be accessible by the slapd and slap tools.
+ # Mode 700 recommended.
+-olcDbDirectory: %LOCALSTATEDIR%/openldap-data
++olcDbDirectory: /var/lib/openldap/openldap-data
++
+ # Indices to maintain
+ olcDbIndex: objectClass eq
diff --git a/user/openldap/fix-manpages.patch b/user/openldap/fix-manpages.patch
new file mode 100644
index 000000000..179569494
--- /dev/null
+++ b/user/openldap/fix-manpages.patch
@@ -0,0 +1,75 @@
+Various manual pages changes:
+* removes LIBEXECDIR from slapd.8
+* removes references to non-existing manpages (bz 624616)
+
+Patch-Source: https://src.fedoraproject.org/rpms/openldap/blob/f27/f/openldap-manpages.patch
+
+diff --git a/doc/man/man1/ldapmodify.1 b/doc/man/man1/ldapmodify.1
+index 3def6da..466c772 100644
+--- a/doc/man/man1/ldapmodify.1
++++ b/doc/man/man1/ldapmodify.1
+@@ -397,8 +397,7 @@ exit status and a diagnostic message being written to standard error.
+ .BR ldap_add_ext (3),
+ .BR ldap_delete_ext (3),
+ .BR ldap_modify_ext (3),
+-.BR ldap_modrdn_ext (3),
+-.BR ldif (5).
++.BR ldif (5)
+ .SH AUTHOR
+ The OpenLDAP Project <http://www.openldap.org/>
+ .SH ACKNOWLEDGEMENTS
+diff --git a/doc/man/man5/ldap.conf.5 b/doc/man/man5/ldap.conf.5
+index cfde143..63592cb 100644
+--- a/doc/man/man5/ldap.conf.5
++++ b/doc/man/man5/ldap.conf.5
+@@ -317,6 +317,7 @@ certificates in separate individual files. The
+ .B TLS_CACERT
+ is always used before
+ .B TLS_CACERTDIR.
++The specified directory must be managed with the LibreSSL c_rehash utility.
+ This parameter is ignored with GnuTLS.
+
+ When using Mozilla NSS, <path> may contain a Mozilla NSS cert/key
+diff --git a/doc/man/man8/slapd.8 b/doc/man/man8/slapd.8
+index b739f4d..e2a1a00 100644
+--- a/doc/man/man8/slapd.8
++++ b/doc/man/man8/slapd.8
+@@ -5,7 +5,7 @@
+ .SH NAME
+ slapd \- Stand-alone LDAP Daemon
+ .SH SYNOPSIS
+-.B LIBEXECDIR/slapd
++.B slapd
+ [\c
+ .BR \-4 | \-6 ]
+ [\c
+@@ -317,7 +317,7 @@ the LDAP databases defined in the default config file, just type:
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd
++ slapd
+ .ft
+ .fi
+ .LP
+@@ -328,7 +328,7 @@ on voluminous debugging which will be printed on standard error, type:
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd \-f /var/tmp/slapd.conf \-d 255
++ slapd -f /var/tmp/slapd.conf -d 255
+ .ft
+ .fi
+ .LP
+@@ -336,7 +336,7 @@ To test whether the configuration file is correct or not, type:
+ .LP
+ .nf
+ .ft tt
+- LIBEXECDIR/slapd \-Tt
++ slapd -Tt
+ .ft
+ .fi
+ .LP
+--
+1.8.1.4
+
diff --git a/user/openldap/libressl.patch b/user/openldap/libressl.patch
new file mode 100644
index 000000000..ac0106418
--- /dev/null
+++ b/user/openldap/libressl.patch
@@ -0,0 +1,65 @@
+--- a/libraries/libldap/tls_o.c.orig 2017-06-04 16:31:28 UTC
++++ b/libraries/libldap/tls_o.c
+@@ -47,7 +47,7 @@
+ #include <ssl.h>
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ #define ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+ #endif
+
+@@ -157,7 +157,7 @@ tlso_init( void )
+ (void) tlso_seed_PRNG( lo->ldo_tls_randfile );
+ #endif
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ SSL_load_error_strings();
+ SSL_library_init();
+ OpenSSL_add_all_digests();
+@@ -205,7 +205,7 @@ static void
+ tlso_ctx_ref( tls_ctx *ctx )
+ {
+ tlso_ctx *c = (tlso_ctx *)ctx;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define SSL_CTX_up_ref(ctx) CRYPTO_add( &(ctx->references), 1, CRYPTO_LOCK_SSL_CTX )
+ #endif
+ SSL_CTX_up_ref( c );
+@@ -464,7 +464,7 @@ tlso_session_my_dn( tls_session *sess, struct berval *
+ if (!x) return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -500,7 +500,7 @@ tlso_session_peer_dn( tls_session *sess, struct berval
+ return LDAP_INVALID_CREDENTIALS;
+
+ xn = X509_get_subject_name(x);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ der_dn->bv_len = i2d_X509_NAME( xn, NULL );
+ der_dn->bv_val = xn->bytes->data;
+ #else
+@@ -721,7 +721,7 @@ struct tls_data {
+ Sockbuf_IO_Desc *sbiod;
+ };
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
++#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(LIBRESSL_VERSION_NUMBER)
+ #define BIO_set_init(b, x) b->init = x
+ #define BIO_set_data(b, x) b->ptr = x
+ #define BIO_clear_flags(b, x) b->flags &= ~(x)
+@@ -822,7 +822,7 @@ tlso_bio_puts( BIO *b, const char *str )
+ return tlso_bio_write( b, str, strlen( str ) );
+ }
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
++#if OPENSSL_VERSION_NUMBER >= 0x10100000 && !defined(LIBRESSL_VERSION_NUMBER)
+ struct bio_method_st {
+ int type;
+ const char *name;
diff --git a/user/openldap/openldap-2.4-ppolicy.patch b/user/openldap/openldap-2.4-ppolicy.patch
new file mode 100644
index 000000000..c05790e3e
--- /dev/null
+++ b/user/openldap/openldap-2.4-ppolicy.patch
@@ -0,0 +1,13 @@
+diff -urN ./clients.orig/tools/common.c ./clients/tools/common.c
+--- ./clients.orig/tools/common.c 2007-09-01 01:13:50.000000000 +0200
++++ ./clients/tools/common.c 2008-01-13 21:50:06.000000000 +0100
+@@ -1262,8 +1262,8 @@
+ int nsctrls = 0;
+
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
++ LDAPControl c;
+ if ( ppolicy ) {
+- LDAPControl c;
+ c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ c.ldctl_value.bv_val = NULL;
+ c.ldctl_value.bv_len = 0;
diff --git a/user/openldap/openldap-2.4.11-libldap_r.patch b/user/openldap/openldap-2.4.11-libldap_r.patch
new file mode 100644
index 000000000..448249a3b
--- /dev/null
+++ b/user/openldap/openldap-2.4.11-libldap_r.patch
@@ -0,0 +1,11 @@
+diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
+--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in 2008-02-11 15:26:49.000000000 -0800
++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in 2008-10-14 02:10:18.402799262 -0700
+@@ -37,6 +37,7 @@
+ XLIBS = $(LIBRARY)
+ XXLIBS =
+ NT_LINK_LIBS = $(AC_LIBS)
++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
+
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+ XDEFS = $(MODULES_CPPFLAGS)
diff --git a/user/openldap/openldap-mqtt-overlay.patch b/user/openldap/openldap-mqtt-overlay.patch
new file mode 100644
index 000000000..795480f1e
--- /dev/null
+++ b/user/openldap/openldap-mqtt-overlay.patch
@@ -0,0 +1,447 @@
+diff --git a/contrib/slapd-modules/mqtt/Makefile b/contrib/slapd-modules/mqtt/Makefile
+new file mode 100644
+index 0000000..2cb4db7
+--- /dev/null
++++ b/contrib/slapd-modules/mqtt/Makefile
+@@ -0,0 +1,45 @@
++# $OpenLDAP$
++
++LDAP_SRC = ../../..
++LDAP_BUILD = ../../..
++LDAP_INC = -I$(LDAP_BUILD)/include -I$(LDAP_SRC)/include -I$(LDAP_SRC)/servers/slapd
++LDAP_LIB = $(LDAP_BUILD)/libraries/libldap_r/libldap_r.la \
++ $(LDAP_BUILD)/libraries/liblber/liblber.la
++
++LIBTOOL = $(LDAP_BUILD)/libtool
++CC = gcc
++OPT = -g -O2 -Wall
++DEFS =
++INCS = $(LDAP_INC)
++LIBS = $(LDAP_LIB) -lmosquitto
++
++PROGRAMS = mqtt.la
++LTVER = 0:0:0
++
++prefix=/usr/local
++exec_prefix=$(prefix)
++ldap_subdir=/openldap
++
++libdir=$(exec_prefix)/lib
++libexecdir=$(exec_prefix)/libexec
++moduledir = $(libdir)$(ldap_subdir)
++
++.SUFFIXES: .c .o .lo
++
++.c.lo:
++ $(LIBTOOL) --mode=compile $(CC) $(OPT) $(DEFS) $(INCS) -c $<
++
++all: $(PROGRAMS)
++
++mqtt.la: mqtt.lo
++ $(LIBTOOL) --mode=link $(CC) $(OPT) -version-info $(LTVER) \
++ -rpath $(moduledir) -module -o $@ $? $(LIBS)
++
++clean:
++ rm -rf *.o *.lo *.la .libs
++
++install: $(PROGRAMS)
++ mkdir -p $(DESTDIR)$(moduledir)
++ for p in $(PROGRAMS) ; do \
++ $(LIBTOOL) --mode=install cp $$p $(DESTDIR)$(moduledir) ; \
++ done
+diff --git a/contrib/slapd-modules/mqtt/mqtt.c b/contrib/slapd-modules/mqtt/mqtt.c
+new file mode 100644
+index 0000000..b3a0a31
+--- /dev/null
++++ b/contrib/slapd-modules/mqtt/mqtt.c
+@@ -0,0 +1,389 @@
++/* $OpenLDAP$ */
++/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
++ *
++ * Copyright 2014 Timo Teräs <timo.teras@iki.fi>.
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted only as authorized by the OpenLDAP
++ * Public License.
++ *
++ * A copy of this license is available in file LICENSE in the
++ * top-level directory of the distribution or, alternatively, at
++ * http://www.OpenLDAP.org/license.html.
++ */
++/* mqtt-overlay
++ *
++ * This is an OpenLDAP overlay that... */
++
++#include <mosquitto.h>
++#include <unistd.h>
++
++#include "portable.h"
++#include "slap.h"
++#include "config.h"
++
++typedef struct mqtt_notify_t {
++ struct mqtt_notify_t *next;
++ char *topic;
++ char *dn_group_str;
++ char *oc_group_str;
++ char *str_member;
++
++ struct berval ndn_group;
++ ObjectClass *oc_group;
++ AttributeDescription *ad_member;
++ int notify_pending;
++} mqtt_notify_t;
++
++typedef struct mqtt_t {
++ struct mosquitto *mq;
++ int port;
++ char *hostname, *username, *password;
++ mqtt_notify_t *notify_map;
++} mqtt_t;
++
++static ConfigDriver mqtt_config_notify;
++
++static ConfigTable mqttcfg[] = {
++ { "mqtt-hostname", "hostname", 2, 2, 0,
++ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, hostname),
++ "( OLcfgCtAt:5.1 NAME 'olcMqttHostname' "
++ "DESC 'Hostname of MQTT broker' "
++ "SYNTAX OMsDirectoryString SINGLE-VALUE )",
++ NULL, NULL },
++ { "mqtt-port", "port", 2, 2, 0,
++ ARG_INT|ARG_OFFSET, (void *)offsetof(mqtt_t, port),
++ "( OLcfgCtAt:5.2 NAME 'olcMqttPort' "
++ "DESC 'Port of MQTT broker' "
++ "SYNTAX OMsInteger SINGLE-VALUE )",
++ NULL, NULL },
++ { "mqtt-username", "username", 2, 2, 0,
++ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, username),
++ "( OLcfgCtAt:5.3 NAME 'olcMqttUsername' "
++ "DESC 'Username for MQTT broker' "
++ "SYNTAX OMsDirectoryString SINGLE-VALUE )",
++ NULL, NULL },
++ { "mqtt-password", "password", 2, 2, 0,
++ ARG_STRING|ARG_OFFSET, (void *)offsetof(mqtt_t, password),
++ "( OLcfgCtAt:5.4 NAME 'olcMqttPassword' "
++ "DESC 'Password for MQTT broker' "
++ "SYNTAX OMsDirectoryString SINGLE-VALUE )",
++ NULL, NULL },
++ { "mqtt-notify-password", "topic> <group-dn> <group-oc> <member-ad", 2, 5, 0,
++ ARG_MAGIC, mqtt_config_notify,
++ "( OLcfgCtAt:5.5 NAME 'olcMqttNotifyPassword' "
++ "DESC 'Notify password change on <topic>, optionally checking that the object is in the specified group.'"
++ "SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )",
++ NULL, NULL },
++ { NULL, NULL, 0, 0, 0, ARG_IGNORED }
++};
++
++static ConfigOCs mqttocs[] = {
++ { "( OLcfgCtOc:5.1 "
++ "NAME 'olcMqttConfig' "
++ "DESC 'MQTT configuration' "
++ "SUP olcOverlayConfig "
++ "MAY ( "
++ "olcMqttHostname "
++ "$ olcMqttPort"
++ "$ olcMqttUsername"
++ "$ olcMqttPassword"
++ "$ olcMqttNotifyPassword"
++ " ) )",
++ Cft_Overlay, mqttcfg },
++
++ { NULL, 0, NULL }
++};
++
++static int mqtt_init(BackendInfo *bi)
++{
++ return mosquitto_lib_init();
++}
++
++static int mqtt_destroy(BackendInfo *bi)
++{
++ return mosquitto_lib_cleanup();
++}
++
++static const char *ca_arg(ConfigArgs *c, int n)
++{
++ return (c->argc <= n) ? NULL : c->argv[n];
++}
++
++static void free_notify(mqtt_notify_t *n)
++{
++ ch_free(n->topic);
++ ch_free(n->oc_group_str);
++ ch_free(n->str_member);
++ ch_free(n->dn_group_str);
++ if (!BER_BVISNULL(&n->ndn_group))
++ ber_memfree(n->ndn_group.bv_val);
++ ch_free(n);
++}
++
++static void free_all_notifies(mqtt_t *mqtt)
++{
++ mqtt_notify_t *n, *next;
++
++ for (n = mqtt->notify_map; n; n = next) {
++ next = n->next;
++ free_notify(n);
++ }
++ mqtt->notify_map = NULL;
++}
++
++static int mqtt_config_notify(ConfigArgs *c)
++{
++ slap_overinst *on = (slap_overinst *)c->bi;
++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++ mqtt_notify_t *n, **pprev;
++ const char *text = NULL;
++ struct berval bv = BER_BVNULL, ndn = BER_BVNULL;
++ int rc, i;
++
++ switch (c->op) {
++ case SLAP_CONFIG_EMIT:
++ for (i = 0, n = mqtt->notify_map; n; n = n->next, i++) {
++ char *ptr = c->cr_msg, *end = &c->cr_msg[sizeof(c->cr_msg)-1];
++
++ ptr += snprintf(ptr, end-ptr, SLAP_X_ORDERED_FMT "%s", i, n->topic);
++ if (n->dn_group_str)
++ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->dn_group_str);
++ if (n->oc_group_str)
++ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->oc_group_str);
++ if (n->str_member)
++ ptr += snprintf(ptr, end-ptr, " \"%s\"", n->str_member);
++
++ bv.bv_val = c->cr_msg;
++ bv.bv_len = ptr - bv.bv_val;
++ value_add_one(&c->rvalue_vals, &bv);
++ }
++ return 0;
++ case LDAP_MOD_DELETE:
++ if (c->valx < 0) {
++ free_all_notifies(mqtt);
++ } else {
++ pprev = &mqtt->notify_map;
++ n = mqtt->notify_map;
++ for (i = 0; i < c->valx; i++) {
++ pprev = &n->next;
++ n = n->next;
++ }
++ *pprev = n->next;
++ free_notify(n);
++ }
++ return 0;
++ }
++
++ const char *groupdn = ca_arg(c, 2);
++ const char *oc_name = ca_arg(c, 3);
++ const char *ad_name = ca_arg(c, 4);
++ ObjectClass *oc = NULL;
++ AttributeDescription *ad = NULL;
++
++ if (groupdn) {
++ oc = oc_find(oc_name ?: SLAPD_GROUP_CLASS);
++ if (oc == NULL) {
++ Debug(LDAP_DEBUG_ANY, "mqtt_db_open: unable to find objectClass=\"%s\"\n",
++ oc_name, 0, 0);
++ return 1;
++ }
++
++ rc = slap_str2ad(ad_name ?: SLAPD_GROUP_ATTR, &ad, &text);
++ if (rc != LDAP_SUCCESS) {
++ Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: unable to find attribute=\"%s\": %s (%d)\n",
++ ad_name, text, rc);
++ return rc;
++ }
++
++ ber_str2bv(groupdn, 0, 0, &bv);
++ rc = dnNormalize(0, NULL, NULL, &bv, &ndn, NULL);
++ if (rc != LDAP_SUCCESS) {
++ Debug(LDAP_DEBUG_ANY, "mqtt_db_config_notify: DN normalization failed for \"%s\": %d\n",
++ groupdn, rc, 0);
++ return rc;
++ }
++ }
++
++ n = ch_calloc(1, sizeof(*n));
++ n->topic = ch_strdup(c->argv[1]);
++ n->dn_group_str = groupdn ? ch_strdup(groupdn) : NULL;
++ n->oc_group_str = oc_name ? ch_strdup(oc_name) : NULL;
++ n->str_member = ad_name ? ch_strdup(ad_name) : NULL;
++ n->ndn_group = ndn;
++ n->oc_group = oc;
++ n->ad_member = ad;
++
++ for (pprev = &mqtt->notify_map; *pprev; pprev = &(*pprev)->next);
++ *pprev = n;
++
++ return 0;
++}
++
++static void mqtt_send_notify(mqtt_t *mqtt, mqtt_notify_t *n)
++{
++ Debug(LDAP_DEBUG_TRACE, "mqtt_send_notify: pub on topic '%s'\n", n->topic, 0, 0);
++ n->notify_pending = mosquitto_publish(mqtt->mq, NULL, n->topic, 0, NULL, 1, true) == MOSQ_ERR_NO_CONN;
++}
++
++static void mqtt_on_connect(struct mosquitto *mq, void *obj, int rc)
++{
++ slap_overinst *on = (slap_overinst *) obj;
++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++ mqtt_notify_t *n;
++
++ Debug(LDAP_DEBUG_TRACE, "mqtt_on_connect: connected with status %d\n", rc, 0, 0);
++ if (rc != 0)
++ return;
++
++ for (n = mqtt->notify_map; n; n = n->next)
++ if (n->notify_pending)
++ mqtt_send_notify(mqtt, n);
++}
++
++static int mqtt_db_init(BackendDB *be, ConfigReply *cr)
++{
++ slap_overinst *on = (slap_overinst *) be->bd_info;
++
++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_init: initialize overlay\n", 0, 0, 0);
++ on->on_bi.bi_private = ch_calloc(1, sizeof(mqtt_t));
++
++ return 0;
++}
++
++static int mqtt_db_destroy(BackendDB *be, ConfigReply *cr)
++{
++ slap_overinst *on = (slap_overinst *) be->bd_info;
++ mqtt_t *mqtt = on->on_bi.bi_private;
++
++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_destroy: destroy overlay\n", 0, 0, 0);
++ free_all_notifies(mqtt);
++ ch_free(mqtt);
++
++ return 0;
++}
++
++static int mqtt_db_open(BackendDB *be, ConfigReply *cr)
++{
++ slap_overinst *on = (slap_overinst *) be->bd_info;
++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++ struct mosquitto *mq;
++ char id[256];
++ int n;
++
++ n = snprintf(id, sizeof(id), "openldap-mqtt/%d/", getpid());
++ gethostname(&id[n], sizeof(id) - n);
++
++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_open, id='%s'\n", id, 0, 0);
++ mqtt->mq = mq = mosquitto_new(id, true, on);
++ if (!mq) return 1;
++
++ if (mqtt->username && mqtt->password)
++ mosquitto_username_pw_set(mq, mqtt->username, mqtt->password);
++
++ mosquitto_connect_callback_set(mq, mqtt_on_connect);
++ mosquitto_connect_async(mq, mqtt->hostname ?: "127.0.0.1", mqtt->port ?: 1883, 60);
++ mosquitto_loop_start(mq);
++
++ return 0;
++}
++
++static int mqtt_db_close(BackendDB *be, ConfigReply *cr)
++{
++ slap_overinst *on = (slap_overinst *) be->bd_info;
++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++
++ Debug(LDAP_DEBUG_TRACE, "mqtt_db_close\n", 0, 0, 0);
++ mosquitto_disconnect(mqtt->mq);
++ mosquitto_loop_stop(mqtt->mq, false);
++ mosquitto_destroy(mqtt->mq);
++
++ free(mqtt->hostname); mqtt->hostname = NULL;
++ free(mqtt->username); mqtt->username = NULL;
++ free(mqtt->password); mqtt->password = NULL;
++
++ return 0;
++}
++
++static int mqtt_response(Operation *op, SlapReply *rs)
++{
++ slap_overinst *on = (slap_overinst *) op->o_bd->bd_info;
++ mqtt_t *mqtt = (mqtt_t *) on->on_bi.bi_private;
++ Attribute *a;
++ Modifications *m;
++ bool change = false;
++
++ switch (op->o_tag) {
++ case LDAP_REQ_ADD:
++ for (a = op->ora_e->e_attrs; a; a = a->a_next) {
++ if (a->a_desc == slap_schema.si_ad_userPassword) {
++ change = true;
++ break;
++ }
++ }
++ break;
++ case LDAP_REQ_MODIFY:
++ for (m = op->orm_modlist; m; m = m->sml_next) {
++ if (m->sml_desc == slap_schema.si_ad_userPassword) {
++ change = true;
++ break;
++ }
++ }
++ break;
++ case LDAP_REQ_EXTENDED:
++ if (ber_bvcmp(&slap_EXOP_MODIFY_PASSWD, &op->ore_reqoid) == 0)
++ change = true;
++ break;
++ }
++
++ if (change) {
++ mqtt_notify_t *n;
++ int r, cache;
++
++ for (n = mqtt->notify_map; n; n = n->next) {
++ if (n->oc_group) {
++ cache = op->o_do_not_cache;
++ op->o_do_not_cache = 1;
++ r = backend_group(op, NULL, &n->ndn_group, &op->o_req_ndn, n->oc_group, n->ad_member);
++ op->o_do_not_cache = cache;
++ } else {
++ r = 0;
++ }
++
++ Debug(LDAP_DEBUG_TRACE, "tested o_req_ndn='%s' in ndn_group='%s' r=%d\n",
++ op->o_req_ndn.bv_val, n->ndn_group.bv_val, r);
++
++ if (r == 0)
++ mqtt_send_notify(mqtt, n);
++ }
++ }
++
++ return SLAP_CB_CONTINUE;
++}
++
++static int mqtt_init_overlay()
++{
++ static slap_overinst ov;
++ int rc;
++
++ ov.on_bi.bi_type = "mqtt";
++ ov.on_bi.bi_init = mqtt_init;
++ ov.on_bi.bi_destroy = mqtt_destroy;
++ ov.on_bi.bi_db_init = mqtt_db_init;
++ ov.on_bi.bi_db_destroy = mqtt_db_destroy;
++ ov.on_bi.bi_db_open = mqtt_db_open;
++ ov.on_bi.bi_db_close = mqtt_db_close;
++ ov.on_bi.bi_cf_ocs = mqttocs;
++ ov.on_response = mqtt_response;
++
++ rc = config_register_schema(mqttcfg, mqttocs);
++ if (rc) return rc;
++
++ return overlay_register(&ov);
++}
++
++int init_module(int argc, char *argv[])
++{
++ return mqtt_init_overlay();
++}
+
diff --git a/user/openldap/openldap.post-install b/user/openldap/openldap.post-install
new file mode 100644
index 000000000..e90d25760
--- /dev/null
+++ b/user/openldap/openldap.post-install
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+cat >&2 <<-EOF
+*
+* To use LDAP server, you have to install some backend. Most users would need MDB
+* backend which you can install with: apk add openldap-back-mdb.
+*
+* If you use overlays, you have to install them separately too:
+* apk add openldap-overlay-<name>, or openldap-overlay-all to install them all.
+*
+EOF
diff --git a/user/openldap/openldap.post-upgrade b/user/openldap/openldap.post-upgrade
new file mode 100644
index 000000000..7be8906a9
--- /dev/null
+++ b/user/openldap/openldap.post-upgrade
@@ -0,0 +1,31 @@
+#!/bin/sh
+
+new_ver="$1"
+old_ver="$2"
+
+if [ "$(apk version -t "$old_ver" "2.4.45-r2")" = "<" ]; then
+ cat >&2 <<-EOF
+ *
+ * All SLAPD backends and overlays have been moved to subpackages.
+ * You can install specific backend or overlay with apk:
+ *
+ * apk add openldap-back-<name>
+ * apk add openldap-overlay-<name>
+ *
+ * Or you can install all of them using metapackages openldap-back-all
+ * and openldap-overlay-all.
+ EOF
+ if [ -e /var/lib/openldap/openldap-data/data.mdb ]; then
+ cat >&2 <<-EOF
+ *
+ * Found existing MDB database. You have to install MDB backend:
+ * apk add openldap-back-mdb
+ *
+ * and add "moduleload back_mdb.so" to /etc/openldap/slapd.conf,
+ * or "olcModuleload back_mdb.so" to slapd.ldif.
+ *
+ EOF
+ else
+ echo "*" >&2
+ fi
+fi
diff --git a/user/openldap/openldap.pre-install b/user/openldap/openldap.pre-install
new file mode 100644
index 000000000..eb6b10fa4
--- /dev/null
+++ b/user/openldap/openldap.pre-install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+addgroup -S ldap 2>/dev/null
+adduser -S -D -H -h /usr/lib/openldap -s /sbin/nologin -G ldap \
+ -g "OpenLdap User" ldap 2>/dev/null
+
+exit 0
diff --git a/user/openldap/slapd.confd b/user/openldap/slapd.confd
new file mode 100644
index 000000000..f69f92b4a
--- /dev/null
+++ b/user/openldap/slapd.confd
@@ -0,0 +1,12 @@
+# Configuration for /etc/init.d/slapd
+
+# Location of the configuration file.
+cfgfile="/etc/openldap/slapd.conf"
+
+# Location of the configuration directory (OpenLDAP 2.3+).
+#cfgdir=""
+
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+#command_args="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
diff --git a/user/openldap/slapd.initd b/user/openldap/slapd.initd
new file mode 100644
index 000000000..350cc0d50
--- /dev/null
+++ b/user/openldap/slapd.initd
@@ -0,0 +1,34 @@
+#!/sbin/openrc-run
+
+: ${pidfile:="/run/openldap/slapd.pid"}
+
+name="LDAP server"
+extra_commands="checkconfig"
+description_checkconfig="Check slapd.conf for errors"
+
+command="/usr/sbin/slapd"
+# OPTS is for backward compatibility
+cfg_opt="${cfgdir:+"-F $cfgdir"} ${cfgfile:+"-f $cfgfile"}"
+command_args="-u ldap -g ldap $cfg_opt ${command_args:-${OPTS:-}}"
+
+stopsig=2
+start_stop_daemon_args="
+ ${KRB5_KTNAME:+"--env KRB5_KTNAME=$KRB5_KTNAME"}"
+
+depend() {
+ need net
+ after firewall
+ before dbus hald avahi-daemon
+ provide ldap
+}
+
+start_pre() {
+ checkpath --directory --owner ldap:ldap "${pidfile%/*}"
+ /usr/sbin/slaptest -u -Q $cfg_opt || /usr/sbin/slaptest -u $cfg_opt
+}
+
+checkconfig() {
+ ebegin "Checking $name configuration..."
+ /usr/sbin/slaptest -u $cfg_opt
+ eend $?
+}
diff --git a/user/orbit2/APKBUILD b/user/orbit2/APKBUILD
new file mode 100644
index 000000000..5caf3dcbc
--- /dev/null
+++ b/user/orbit2/APKBUILD
@@ -0,0 +1,45 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=orbit2
+pkgver=2.14.19
+pkgrel=4
+pkgdesc="CORBA implementation for GNOME"
+url="http://projects.gnome.org/ORBit2"
+arch="all"
+license="LGPL"
+depends=
+makedepends="glib-dev libidl-dev"
+install=""
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://ftp.gnome.org/pub/GNOME/sources/ORBit2/${pkgver%.*}/ORBit2-${pkgver}.tar.bz2
+ glib-2.36.patch"
+
+builddir="${srcdir}/ORBit2-${pkgver}"
+prepare() {
+ cd "$builddir"
+ update_config_sub
+ default_prepare
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="313e125234e8d1195be277ad125af169f12ce312cb541a4641c5d57d3c905bbdc6a46672a86a012409cf4d7af58b5122f0e5db250730b65e8d95b2d5f4c4657e ORBit2-2.14.19.tar.bz2
+b90d8e200d16b735bece54454d1e2b1a7c1b75aaac83986263b5a9ac38c4235eed747408a07a266c0aaaeb9c7a75e7fda1ef1b2ed54300003da38ff2251fdcfa glib-2.36.patch"
diff --git a/user/orbit2/glib-2.36.patch b/user/orbit2/glib-2.36.patch
new file mode 100644
index 000000000..c94f920f7
--- /dev/null
+++ b/user/orbit2/glib-2.36.patch
@@ -0,0 +1,15 @@
+$NetBSD: patch-linc2_src_Makefile.in,v 1.1 2013/04/19 14:28:54 prlw1 Exp $
+
+Avoid compilation error caused by use of deprecated g_thread API
+
+--- ./linc2/src/Makefile.in.orig 2010-09-28 09:39:39.000000000 +0000
++++ ./linc2/src/Makefile.in
+@@ -244,7 +244,7 @@ noinst_LTLIBRARIES = liblinc.la
+ # -I$(top_srcdir)/include
+ INCLUDES = -I$(top_builddir)/linc2/include \
+ -I$(top_srcdir)/linc2/include $(LINC_CFLAGS) $(WARN_CFLAGS) \
+- -DG_DISABLE_DEPRECATED $(am__append_1)
++ $(am__append_1)
+ liblinc_la_SOURCES = \
+ linc.c \
+ linc-connection.c \
diff --git a/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch b/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
new file mode 100644
index 000000000..1498e831a
--- /dev/null
+++ b/user/polkit/0001-Bug-50145-make-netgroup-support-optional.patch
@@ -0,0 +1,108 @@
+From 2428beec9189bb93e6e1fdd5bdde35acf5279a03 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Sun, 20 May 2012 15:42:56 +0200
+Subject: [PATCH] Bug 50145 - make netgroup support optional
+
+https://bugs.freedesktop.org/show_bug.cgi?id=50145
+
+netgroups are not defined in POSIX and are not be available on
+all systems.
+
+We check for getnetgrent in configure script.
+
+Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
+---
+ configure.ac | 2 +-
+ src/polkitbackend/polkitbackendlocalauthority.c | 8 ++++++--
+ src/polkitbackend/polkitbackendlocalauthorizationstore.c | 3 ++-
+ 3 files changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index f325922..711aa7c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -141,7 +141,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
+ AC_SUBST(EXPAT_LIBS)
+
+-AC_CHECK_FUNCS(clearenv)
++AC_CHECK_FUNCS(clearenv getnetgrent)
+
+ if test "x$GCC" = "xyes"; then
+ LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkitbackend/polkitbackendlocalauthority.c b/src/polkitbackend/polkitbackendlocalauthority.c
+index b53eda3..f14e924 100644
+--- a/src/polkitbackend/polkitbackendlocalauthority.c
++++ b/src/polkitbackend/polkitbackendlocalauthority.c
+@@ -52,9 +52,10 @@
+
+ static GList *get_users_in_group (PolkitIdentity *group,
+ gboolean include_root);
+-
++#if defined HAVE_GETNETGRENT
+ static GList *get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root);
++#endif
+
+ static GList *get_groups_for_user (PolkitIdentity *user);
+
+@@ -511,10 +512,12 @@ polkit_backend_local_authority_get_admin_auth_identities (PolkitBackendInteracti
+ {
+ ret = g_list_concat (ret, get_users_in_group (identity, FALSE));
+ }
++#if defined HAVE_GETNETGRENT
+ else if (POLKIT_IS_UNIX_NETGROUP (identity))
+ {
+ ret = g_list_concat (ret, get_users_in_net_group (identity, FALSE));
+ }
++#endif
+ else
+ {
+ g_warning ("Unsupported identity %s", admin_identities[n]);
+@@ -690,6 +693,7 @@ get_users_in_group (PolkitIdentity *group,
+ return ret;
+ }
+
++#if defined HAVE_GETNETGRENT
+ static GList *
+ get_users_in_net_group (PolkitIdentity *group,
+ gboolean include_root)
+@@ -741,7 +745,7 @@ get_users_in_net_group (PolkitIdentity *group,
+ endnetgrent ();
+ return ret;
+ }
+-
++#endif
+
+ static GList *
+ get_groups_for_user (PolkitIdentity *user)
+diff --git a/src/polkitbackend/polkitbackendlocalauthorizationstore.c b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+index 2ddfe75..02553c4 100644
+--- a/src/polkitbackend/polkitbackendlocalauthorizationstore.c
++++ b/src/polkitbackend/polkitbackendlocalauthorizationstore.c
+@@ -725,6 +725,7 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
+ break;
+ }
+
++#if defined HAVE_GETNETGRENT
+ /* if no identity specs matched and identity is a user, match against netgroups */
+ if (ll == NULL && POLKIT_IS_UNIX_USER (identity))
+ {
+@@ -732,13 +733,13 @@ polkit_backend_local_authorization_store_lookup (PolkitBackendLocalAuthorization
+ const gchar *user_name = polkit_unix_user_get_name (user_identity);
+ if (!user_name)
+ continue;
+-
+ for (ll = authorization->netgroup_identities; ll != NULL; ll = ll->next)
+ {
+ if (innetgr ((const gchar *) ll->data, NULL, user_name, NULL))
+ break;
+ }
+ }
++#endif
+
+ if (ll == NULL)
+ continue;
+--
+1.7.10.2
+
diff --git a/user/polkit/APKBUILD b/user/polkit/APKBUILD
new file mode 100644
index 000000000..fdc37d634
--- /dev/null
+++ b/user/polkit/APKBUILD
@@ -0,0 +1,80 @@
+# Contributor: Carlo Landmeter
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=polkit
+pkgver=0.105
+pkgrel=8
+pkgdesc="Application development toolkit for controlling system-wide privileges"
+url="http://www.freedesktop.org/wiki/Software/polkit/"
+arch="all"
+license="LGPL"
+depends=
+options="suid"
+depends_dev="eggdbus-dev dbus-glib-dev linux-pam-dev"
+makedepends="$depends_dev expat-dev glib-dev gtk-doc gobject-introspection-dev
+ intltool autoconf automake libtool"
+install=
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+source="http://www.freedesktop.org/software/polkit/releases/polkit-$pkgver.tar.gz
+ 0001-Bug-50145-make-netgroup-support-optional.patch
+ CVE-2013-4288.patch
+ CVE-2015-3218.patch
+ CVE-2015-3255.patch
+ CVE-2015-4625.patch
+ automake.patch
+ fix-parallel-make.patch
+ fix-consolekit-db-stat.patch
+ fix-test-fgetpwent.patch
+ disable-ck-test.patch
+"
+
+prepare() {
+ cd "$builddir"
+ update_config_sub
+ default_prepare
+ libtoolize --force && aclocal && autoconf && automake --add-missing
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --libexecdir=/usr/lib/polkit-1 \
+ --localstatedir=/var \
+ --disable-static \
+ --enable-nls \
+ --enable-introspection \
+ --with-os-type=alpine \
+ --with-pam-include=base-auth \
+ --disable-gtk-doc \
+ --disable-gtk-doc-html \
+ --disable-gtk-doc-pdf
+
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="7c0f84b9639814b4690e42b570285ff2018a5ea4cfd7216d9abf44c84ece6592c530f2d6211511c1346963daf4f135e9fa79d1b2f592b454115950991b5e4bc3 polkit-0.105.tar.gz
+09ca9c14044c0a281e9069919efbb6d14918f23f58a282b5ce25c8a6640966396904373822869fe994c711f40c33d5c34cf3b77f85a59e239ba3d0c22a31ca8e 0001-Bug-50145-make-netgroup-support-optional.patch
+d6de3beb063243c11906f525ef2eb65aeca823c25b1f44dde4a16f4fc2c5ce587b129e0bfb25a4a4b88ac2bf5713c47e57700c139323d961c9f9b6ba4c03fffb CVE-2013-4288.patch
+625be61ca38267508bb360002c410414f7ca814487f4a51257906118731e208be0c90d21f45ac90fd9f64f2f5937fa1e312d6900179853fabbaaf5e75073c82c CVE-2015-3218.patch
+0b26b819da0b34f10ff8a768850560b3207a6e10a7141bd1aa4769c1cb2829eb110164974b99d993d4e3a62145ace0fc5375489f84d2b56fe08e3430e3232aa8 CVE-2015-3255.patch
+32ecc38db938fc1e3d14ffd9c492d12a42a91750e0eb1f66f8346d0cefd6e18fd0dffac8bffc65578cfb56c9598d3b336721477e8496de2619d6d69f1a6b309e CVE-2015-4625.patch
+25465a23332247d0873e24cb5f011a267413615526755a8295a6367d64fc5eb8c2aa3c9c1fdcfa183b39e3ece14f33b25f15a339d966a31f3feb861b3f17adbf automake.patch
+6b0d9262ba8b3c000acdcc8c86bd6fc043e5750a0155730638d4e3a92e63f43cb476d63b11856c041d60d8f38f7eb5ada0eb0eced9100bdac3bc2c7dd5108ddd fix-parallel-make.patch
+95493ef842b46ce9e724933a5d86083589075fb452435057b8f629643cac7c7eff67a24fd188087987e98057f0130757fad546d0c090767da3d71ebaf8485a24 fix-consolekit-db-stat.patch
+966825aded565432f4fda9e54113a773b514ebf7ee7faa83bcb8b97d218ae84a8707d6747bbc3cb8a828638d692fdef34c05038f150ad38e02a29f2c782aba5b fix-test-fgetpwent.patch
+f73ab05ab5fdc90d3961fdcf88fa57eee8c90af4960b20d7ac845d2395c4cc20873ddc72bfd00fd127471336807faa705d0845444a0218343e74063e8f190980 disable-ck-test.patch"
diff --git a/user/polkit/CVE-2013-4288.patch b/user/polkit/CVE-2013-4288.patch
new file mode 100644
index 000000000..0ca8131e8
--- /dev/null
+++ b/user/polkit/CVE-2013-4288.patch
@@ -0,0 +1,123 @@
+From a3fa3b86f0015e42a534526ed800bcde5b3f2a15 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Mon, 19 Aug 2013 12:16:11 -0400
+Subject: [PATCH] pkcheck: Support --process=pid,start-time,uid syntax too
+
+The uid is a new addition; this allows callers such as libvirt to
+close a race condition in reading the uid of the process talking to
+them. They can read it via getsockopt(SO_PEERCRED) or equivalent,
+rather than having pkcheck look at /proc later after the fact.
+
+Programs which invoke pkcheck but need to know beforehand (i.e. at
+compile time) whether or not it supports passing the uid can
+use:
+
+pkcheck_supports_uid=$($PKG_CONFIG --variable pkcheck_supports_uid polkit-gobject-1)
+test x$pkcheck_supports_uid = xyes
+
+Conflicts:
+ docs/man/pkcheck.xml
+ src/programs/pkcheck.c
+---
+ data/polkit-gobject-1.pc.in | 3 +++
+ docs/man/pkcheck.xml | 33 +++++++++++++++++++++------------
+ src/programs/pkcheck.c | 7 ++++++-
+ 3 files changed, 30 insertions(+), 13 deletions(-)
+
+diff --git a/data/polkit-gobject-1.pc.in b/data/polkit-gobject-1.pc.in
+index c39677d..5c4c620 100644
+--- a/data/polkit-gobject-1.pc.in
++++ b/data/polkit-gobject-1.pc.in
+@@ -11,3 +11,6 @@ Version: @VERSION@
+ Libs: -L${libdir} -lpolkit-gobject-1
+ Cflags: -I${includedir}/polkit-1
+ Requires: gio-2.0 >= 2.18 glib-2.0 >= 2.18
++# Programs using pkcheck can use this to determine
++# whether or not it can be passed a uid.
++pkcheck_supports_uid=true
+diff --git a/docs/man/pkcheck.xml b/docs/man/pkcheck.xml
+index 6b8a874..9f2faef 100644
+--- a/docs/man/pkcheck.xml
++++ b/docs/man/pkcheck.xml
+@@ -55,6 +55,9 @@
+ <arg choice="plain">
+ <replaceable>pid,pid-start-time</replaceable>
+ </arg>
++ <arg choice="plain">
++ <replaceable>pid,pid-start-time,uid</replaceable>
++ </arg>
+ </group>
+ </arg>
+ <arg choice="plain">
+@@ -90,7 +93,7 @@
+ <title>DESCRIPTION</title>
+ <para>
+ <command>pkcheck</command> is used to check whether a process, specified by
+- either <option>--process</option> or <option>--system-bus-name</option>,
++ either <option>--process</option> (see below) or <option>--system-bus-name</option>,
+ is authorized for <replaceable>action</replaceable>. The <option>--detail</option>
+ option can be used zero or more times to pass details about <replaceable>action</replaceable>.
+ If <option>--allow-user-interaction</option> is passed, <command>pkcheck</command> blocks
+@@ -160,17 +163,23 @@ KEY3=VALUE3
+ <refsect1 id="pkcheck-notes">
+ <title>NOTES</title>
+ <para>
+- Since process identifiers can be recycled, the caller should always use
+- <replaceable>pid,pid-start-time</replaceable> to specify the process
+- to check for authorization when using the <option>--process</option> option.
+- The value of <replaceable>pid-start-time</replaceable>
+- can be determined by consulting e.g. the
+- <citerefentry>
+- <refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum>
+- </citerefentry>
+- file system depending on the operating system. If only <replaceable>pid</replaceable>
+- is passed to the <option>--process</option> option, then <command>pkcheck</command>
+- will look up the start time itself but note that this may be racy.
++ Do not use either the bare <replaceable>pid</replaceable> or
++ <replaceable>pid,start-time</replaceable> syntax forms for
++ <option>--process</option>. There are race conditions in both.
++ New code should always use
++ <replaceable>pid,pid-start-time,uid</replaceable>. The value of
++ <replaceable>start-time</replaceable> can be determined by
++ consulting e.g. the
++ <citerefentry><refentrytitle>proc</refentrytitle><manvolnum>5</manvolnum></citerefentry>
++ file system depending on the operating system. If fewer than 3
++ arguments are passed, <command>pkcheck</command> will attempt to
++ look up them up internally, but note that this may be racy.
++ </para>
++ <para>
++ If your program is a daemon with e.g. a custom Unix domain
++ socket, you should determine the <replaceable>uid</replaceable>
++ parameter via operating system mechanisms such as
++ <literal>PEERCRED</literal>.
+ </para>
+ </refsect1>
+
+diff --git a/src/programs/pkcheck.c b/src/programs/pkcheck.c
+index 719a36c..057e926 100644
+--- a/src/programs/pkcheck.c
++++ b/src/programs/pkcheck.c
+@@ -372,6 +372,7 @@ main (int argc, char *argv[])
+ else if (g_strcmp0 (argv[n], "--process") == 0 || g_strcmp0 (argv[n], "-p") == 0)
+ {
+ gint pid;
++ guint uid;
+ guint64 pid_start_time;
+
+ n++;
+@@ -381,7 +382,11 @@ main (int argc, char *argv[])
+ goto out;
+ }
+
+- if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
++ if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT ",%u", &pid, &pid_start_time, &uid) == 3)
++ {
++ subject = polkit_unix_process_new_for_owner (pid, pid_start_time, uid);
++ }
++ else if (sscanf (argv[n], "%i,%" G_GUINT64_FORMAT, &pid, &pid_start_time) == 2)
+ {
+ subject = polkit_unix_process_new_full (pid, pid_start_time);
+ }
+--
+1.8.5.1
+
diff --git a/user/polkit/CVE-2015-3218.patch b/user/polkit/CVE-2015-3218.patch
new file mode 100644
index 000000000..977825102
--- /dev/null
+++ b/user/polkit/CVE-2015-3218.patch
@@ -0,0 +1,115 @@
+From 48e646918efb2bf0b3b505747655726d7869f31c Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Sat, 30 May 2015 09:06:23 -0400
+Subject: CVE-2015-3218: backend: Handle invalid object paths in
+ RegisterAuthenticationAgent
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Properly propagate the error, otherwise we dereference a `NULL`
+pointer. This is a local, authenticated DoS.
+
+`RegisterAuthenticationAgentWithOptions` and
+`UnregisterAuthentication` have been validated to not need changes for
+this.
+
+http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
+https://bugs.freedesktop.org/show_bug.cgi?id=90829
+
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Philip Withnall <philip@tecnocode.co.uk>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index f6ea0fc..587f954 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -1566,36 +1566,42 @@ authentication_agent_new (PolkitSubject *scope,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+- GVariant *registration_options)
++ GVariant *registration_options,
++ GError **error)
+ {
+ AuthenticationAgent *agent;
+- GError *error;
++ GDBusProxy *proxy;
+
+- agent = g_new0 (AuthenticationAgent, 1);
++ if (!g_variant_is_object_path (object_path))
++ {
++ g_set_error (error, POLKIT_ERROR, POLKIT_ERROR_FAILED,
++ "Invalid object path '%s'", object_path);
++ return NULL;
++ }
++
++ proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
++ G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
++ G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
++ NULL, /* GDBusInterfaceInfo* */
++ unique_system_bus_name,
++ object_path,
++ "org.freedesktop.PolicyKit1.AuthenticationAgent",
++ NULL, /* GCancellable* */
++ error);
++ if (proxy == NULL)
++ {
++ g_prefix_error (error, "Failed to construct proxy for agent: " );
++ return NULL;
++ }
+
++ agent = g_new0 (AuthenticationAgent, 1);
+ agent->ref_count = 1;
+ agent->scope = g_object_ref (scope);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+ agent->locale = g_strdup (locale);
+ agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+-
+- error = NULL;
+- agent->proxy = g_dbus_proxy_new_for_bus_sync (G_BUS_TYPE_SYSTEM,
+- G_DBUS_PROXY_FLAGS_DO_NOT_LOAD_PROPERTIES |
+- G_DBUS_PROXY_FLAGS_DO_NOT_CONNECT_SIGNALS,
+- NULL, /* GDBusInterfaceInfo* */
+- agent->unique_system_bus_name,
+- agent->object_path,
+- "org.freedesktop.PolicyKit1.AuthenticationAgent",
+- NULL, /* GCancellable* */
+- &error);
+- if (agent->proxy == NULL)
+- {
+- g_warning ("Error constructing proxy for agent: %s", error->message);
+- g_error_free (error);
+- /* TODO: Make authentication_agent_new() return NULL and set a GError */
+- }
++ agent->proxy = proxy;
+
+ return agent;
+ }
+@@ -2398,8 +2404,6 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ caller_cmdline = NULL;
+ agent = NULL;
+
+- /* TODO: validate that object path is well-formed */
+-
+ interactive_authority = POLKIT_BACKEND_INTERACTIVE_AUTHORITY (authority);
+ priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (interactive_authority);
+
+@@ -2486,7 +2490,10 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+- options);
++ options,
++ error);
++ if (!agent)
++ goto out;
+
+ g_hash_table_insert (priv->hash_scope_to_authentication_agent,
+ g_object_ref (subject),
+--
+cgit v0.10.2
+
diff --git a/user/polkit/CVE-2015-3255.patch b/user/polkit/CVE-2015-3255.patch
new file mode 100644
index 000000000..1bd7c6bcf
--- /dev/null
+++ b/user/polkit/CVE-2015-3255.patch
@@ -0,0 +1,67 @@
+From 9f5e0c731784003bd4d6fc75ab739ff8b2ea269f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Miloslav=20Trma=C4=8D?= <mitr@redhat.com>
+Date: Wed, 1 Apr 2015 05:22:37 +0200
+Subject: CVE-2015-3255 Fix GHashTable usage.
+
+Don't assume that the hash table with free both the key and the value
+at the same time, supply proper deallocation functions for the key
+and value separately.
+
+Then drop ParsedAction::action_id which is no longer used for anything.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=69501
+and
+https://bugs.freedesktop.org/show_bug.cgi?id=83590
+
+CVE: CVE-2015-3255
+
+diff --git a/src/polkitbackend/polkitbackendactionpool.c b/src/polkitbackend/polkitbackendactionpool.c
+index bc14381..3894fe9 100644
+--- a/src/polkitbackend/polkitbackendactionpool.c
++++ b/src/polkitbackend/polkitbackendactionpool.c
+@@ -40,7 +40,6 @@
+
+ typedef struct
+ {
+- gchar *action_id;
+ gchar *vendor_name;
+ gchar *vendor_url;
+ gchar *icon_name;
+@@ -62,7 +61,6 @@ typedef struct
+ static void
+ parsed_action_free (ParsedAction *action)
+ {
+- g_free (action->action_id);
+ g_free (action->vendor_name);
+ g_free (action->vendor_url);
+ g_free (action->icon_name);
+@@ -134,7 +132,7 @@ polkit_backend_action_pool_init (PolkitBackendActionPool *pool)
+
+ priv->parsed_actions = g_hash_table_new_full (g_str_hash,
+ g_str_equal,
+- NULL,
++ g_free,
+ (GDestroyNotify) parsed_action_free);
+
+ priv->parsed_files = g_hash_table_new_full (g_str_hash,
+@@ -988,7 +986,6 @@ _end (void *data, const char *el)
+ icon_name = pd->global_icon_name;
+
+ action = g_new0 (ParsedAction, 1);
+- action->action_id = g_strdup (pd->action_id);
+ action->vendor_name = g_strdup (vendor);
+ action->vendor_url = g_strdup (vendor_url);
+ action->icon_name = g_strdup (icon_name);
+@@ -1003,7 +1000,8 @@ _end (void *data, const char *el)
+ action->implicit_authorization_inactive = pd->implicit_authorization_inactive;
+ action->implicit_authorization_active = pd->implicit_authorization_active;
+
+- g_hash_table_insert (priv->parsed_actions, action->action_id, action);
++ g_hash_table_insert (priv->parsed_actions, g_strdup (pd->action_id),
++ action);
+
+ /* we steal these hash tables */
+ pd->annotations = NULL;
+--
+cgit v0.10.2
+
diff --git a/user/polkit/CVE-2015-4625.patch b/user/polkit/CVE-2015-4625.patch
new file mode 100644
index 000000000..4a43fb433
--- /dev/null
+++ b/user/polkit/CVE-2015-4625.patch
@@ -0,0 +1,1008 @@
+From ea544ffc18405237ccd95d28d7f45afef49aca17 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Thu, 4 Jun 2015 12:15:18 -0400
+Subject: CVE-2015-4625: Use unpredictable cookie values, keep them secret
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Tavis noted that it'd be possible with a 32 bit counter for someone to
+cause the cookie to wrap by creating Authentication requests in a
+loop.
+
+Something important to note here is that wrapping of signed integers
+is undefined behavior in C, so we definitely want to fix that. All
+counter integers used in this patch are unsigned.
+
+See the comment above `authentication_agent_generate_cookie` for
+details, but basically we're now using a cookie of the form:
+
+```
+ <agent serial> - <agent random id> - <session serial> - <session
+random id>
+```
+
+Which has multiple 64 bit counters, plus unpredictable random 128 bit
+integer ids (effectively UUIDs, but we're not calling them that
+because we don't need to be globally unique.
+
+We further ensure that the cookies are not visible to other processes
+by changing the setuid helper to accept them over standard input. This
+means that an attacker would have to guess both ids.
+
+In any case, the security hole here is better fixed with the other
+change to bind user id (uid) of the agent with cookie lookups, making
+cookie guessing worthless.
+
+Nevertheless, I think it's worth doing this change too, for defense in
+depth.
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90832
+CVE: CVE-2015-4625
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/src/polkitagent/polkitagenthelper-pam.c b/src/polkitagent/polkitagenthelper-pam.c
+index 937386e..19062aa 100644
+--- a/src/polkitagent/polkitagenthelper-pam.c
++++ b/src/polkitagent/polkitagenthelper-pam.c
+@@ -65,7 +65,7 @@ main (int argc, char *argv[])
+ {
+ int rc;
+ const char *user_to_auth;
+- const char *cookie;
++ char *cookie = NULL;
+ struct pam_conv pam_conversation;
+ pam_handle_t *pam_h;
+ const void *authed_user;
+@@ -97,7 +97,7 @@ main (int argc, char *argv[])
+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+- if (argc != 3)
++ if (!(argc == 2 || argc == 3))
+ {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -105,7 +105,10 @@ main (int argc, char *argv[])
+ }
+
+ user_to_auth = argv[1];
+- cookie = argv[2];
++
++ cookie = read_cookie (argc, argv);
++ if (!cookie)
++ goto error;
+
+ if (getuid () != 0)
+ {
+@@ -203,6 +206,8 @@ main (int argc, char *argv[])
+ goto error;
+ }
+
++ free (cookie);
++
+ #ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -212,6 +217,7 @@ main (int argc, char *argv[])
+ return 0;
+
+ error:
++ free (cookie);
+ if (pam_h != NULL)
+ pam_end (pam_h, rc);
+
+diff --git a/src/polkitagent/polkitagenthelper-shadow.c b/src/polkitagent/polkitagenthelper-shadow.c
+index a4f73ac..e877915 100644
+--- a/src/polkitagent/polkitagenthelper-shadow.c
++++ b/src/polkitagent/polkitagenthelper-shadow.c
+@@ -46,7 +46,7 @@ main (int argc, char *argv[])
+ {
+ struct spwd *shadow;
+ const char *user_to_auth;
+- const char *cookie;
++ char *cookie = NULL;
+ time_t now;
+
+ /* clear the entire environment to avoid attacks with
+@@ -67,7 +67,7 @@ main (int argc, char *argv[])
+ openlog ("polkit-agent-helper-1", LOG_CONS | LOG_PID, LOG_AUTHPRIV);
+
+ /* check for correct invocation */
+- if (argc != 3)
++ if (!(argc == 2 || argc == 3))
+ {
+ syslog (LOG_NOTICE, "inappropriate use of helper, wrong number of arguments [uid=%d]", getuid ());
+ fprintf (stderr, "polkit-agent-helper-1: wrong number of arguments. This incident has been logged.\n");
+@@ -86,7 +86,10 @@ main (int argc, char *argv[])
+ }
+
+ user_to_auth = argv[1];
+- cookie = argv[2];
++
++ cookie = read_cookie (argc, argv);
++ if (!cookie)
++ goto error;
+
+ #ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: user to auth is '%s'.\n", user_to_auth);
+@@ -153,6 +156,8 @@ main (int argc, char *argv[])
+ goto error;
+ }
+
++ free (cookie);
++
+ #ifdef PAH_DEBUG
+ fprintf (stderr, "polkit-agent-helper-1: successfully sent D-Bus message to PolicyKit daemon\n");
+ #endif /* PAH_DEBUG */
+@@ -162,6 +167,7 @@ main (int argc, char *argv[])
+ return 0;
+
+ error:
++ free (cookie);
+ fprintf (stdout, "FAILURE\n");
+ flush_and_wait ();
+ return 1;
+diff --git a/src/polkitagent/polkitagenthelperprivate.c b/src/polkitagent/polkitagenthelperprivate.c
+index cfa77fc..e23f9f5 100644
+--- a/src/polkitagent/polkitagenthelperprivate.c
++++ b/src/polkitagent/polkitagenthelperprivate.c
+@@ -23,6 +23,7 @@
+ #include "config.h"
+ #include "polkitagenthelperprivate.h"
+ #include <stdio.h>
++#include <string.h>
+ #include <stdlib.h>
+ #include <unistd.h>
+
+@@ -45,6 +46,38 @@ _polkit_clearenv (void)
+ #endif
+
+
++char *
++read_cookie (int argc, char **argv)
++{
++ /* As part of CVE-2015-4625, we started passing the cookie
++ * on standard input, to ensure it's not visible to other
++ * processes. However, to ensure that things continue
++ * to work if the setuid binary is upgraded while old
++ * agents are still running (this will be common with
++ * package managers), we support both modes.
++ */
++ if (argc == 3)
++ return strdup (argv[2]);
++ else
++ {
++ char *ret = NULL;
++ size_t n = 0;
++ ssize_t r = getline (&ret, &n, stdin);
++ if (r == -1)
++ {
++ if (!feof (stdin))
++ perror ("getline");
++ free (ret);
++ return NULL;
++ }
++ else
++ {
++ g_strchomp (ret);
++ return ret;
++ }
++ }
++}
++
+ gboolean
+ send_dbus_message (const char *cookie, const char *user)
+ {
+diff --git a/src/polkitagent/polkitagenthelperprivate.h b/src/polkitagent/polkitagenthelperprivate.h
+index aeca2c7..547fdcc 100644
+--- a/src/polkitagent/polkitagenthelperprivate.h
++++ b/src/polkitagent/polkitagenthelperprivate.h
+@@ -38,6 +38,8 @@
+
+ int _polkit_clearenv (void);
+
++char *read_cookie (int argc, char **argv);
++
+ gboolean send_dbus_message (const char *cookie, const char *user);
+
+ void flush_and_wait ();
+diff --git a/src/polkitagent/polkitagentsession.c b/src/polkitagent/polkitagentsession.c
+index f014773..8b93ad0 100644
+--- a/src/polkitagent/polkitagentsession.c
++++ b/src/polkitagent/polkitagentsession.c
+@@ -55,6 +55,7 @@
+ #include <stdio.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
++#include <gio/gunixoutputstream.h>
+ #include <pwd.h>
+
+ #include "polkitagentmarshal.h"
+@@ -88,7 +89,7 @@ struct _PolkitAgentSession
+ gchar *cookie;
+ PolkitIdentity *identity;
+
+- int child_stdin;
++ GOutputStream *child_stdin;
+ int child_stdout;
+ GPid child_pid;
+
+@@ -129,7 +130,6 @@ G_DEFINE_TYPE (PolkitAgentSession, polkit_agent_session, G_TYPE_OBJECT);
+ static void
+ polkit_agent_session_init (PolkitAgentSession *session)
+ {
+- session->child_stdin = -1;
+ session->child_stdout = -1;
+ }
+
+@@ -395,11 +395,7 @@ kill_helper (PolkitAgentSession *session)
+ session->child_stdout = -1;
+ }
+
+- if (session->child_stdin != -1)
+- {
+- g_warn_if_fail (close (session->child_stdin) == 0);
+- session->child_stdin = -1;
+- }
++ g_clear_object (&session->child_stdin);
+
+ session->helper_is_running = FALSE;
+
+@@ -545,9 +541,9 @@ polkit_agent_session_response (PolkitAgentSession *session,
+
+ add_newline = (response[response_len] != '\n');
+
+- write (session->child_stdin, response, response_len);
++ (void) g_output_stream_write_all (session->child_stdin, response, response_len, NULL, NULL, NULL);
+ if (add_newline)
+- write (session->child_stdin, newline, 1);
++ (void) g_output_stream_write_all (session->child_stdin, newline, 1, NULL, NULL, NULL);
+ }
+
+ /**
+@@ -567,8 +563,9 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ {
+ uid_t uid;
+ GError *error;
+- gchar *helper_argv[4];
++ gchar *helper_argv[3];
+ struct passwd *passwd;
++ int stdin_fd = -1;
+
+ g_return_if_fail (POLKIT_AGENT_IS_SESSION (session));
+
+@@ -600,10 +597,8 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+
+ helper_argv[0] = PACKAGE_PREFIX "/lib/polkit-1/polkit-agent-helper-1";
+ helper_argv[1] = passwd->pw_name;
+- helper_argv[2] = session->cookie;
+- helper_argv[3] = NULL;
++ helper_argv[2] = NULL;
+
+- session->child_stdin = -1;
+ session->child_stdout = -1;
+
+ error = NULL;
+@@ -615,7 +610,7 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ NULL,
+ NULL,
+ &session->child_pid,
+- &session->child_stdin,
++ &stdin_fd,
+ &session->child_stdout,
+ NULL,
+ &error))
+@@ -628,6 +623,13 @@ polkit_agent_session_initiate (PolkitAgentSession *session)
+ if (G_UNLIKELY (_show_debug ()))
+ g_print ("PolkitAgentSession: spawned helper with pid %d\n", (gint) session->child_pid);
+
++ session->child_stdin = (GOutputStream*)g_unix_output_stream_new (stdin_fd, TRUE);
++
++ /* Write the cookie on stdin so it can't be seen by other processes */
++ (void) g_output_stream_write_all (session->child_stdin, session->cookie, strlen (session->cookie),
++ NULL, NULL, NULL);
++ (void) g_output_stream_write_all (session->child_stdin, "\n", 1, NULL, NULL, NULL);
++
+ session->child_stdout_channel = g_io_channel_unix_new (session->child_stdout);
+ session->child_stdout_watch_source = g_io_create_watch (session->child_stdout_channel,
+ G_IO_IN | G_IO_ERR | G_IO_HUP);
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 3f339e9..15adc6a 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -214,6 +214,8 @@ typedef struct
+
+ GDBusConnection *system_bus_connection;
+ guint name_owner_changed_signal_id;
++
++ guint64 agent_serial;
+ } PolkitBackendInteractiveAuthorityPrivate;
+
+ /* ---------------------------------------------------------------------------------------------------- */
+@@ -439,11 +441,15 @@ struct AuthenticationAgent
+ volatile gint ref_count;
+
+ PolkitSubject *scope;
++ guint64 serial;
+
+ gchar *locale;
+ GVariant *registration_options;
+ gchar *object_path;
+ gchar *unique_system_bus_name;
++ GRand *cookie_pool;
++ gchar *cookie_prefix;
++ guint64 cookie_serial;
+
+ GDBusProxy *proxy;
+
+@@ -1427,9 +1433,54 @@ authentication_session_cancelled_cb (GCancellable *cancellable,
+ authentication_session_cancel (session);
+ }
+
++/* We're not calling this a UUID, but it's basically
++ * the same thing, just not formatted that way because:
++ *
++ * - I'm too lazy to do it
++ * - If we did, people might think it was actually
++ * generated from /dev/random, which we're not doing
++ * because this value doesn't actually need to be
++ * globally unique.
++ */
++static void
++append_rand_u128_str (GString *buf,
++ GRand *pool)
++{
++ g_string_append_printf (buf, "%08x%08x%08x%08x",
++ g_rand_int (pool),
++ g_rand_int (pool),
++ g_rand_int (pool),
++ g_rand_int (pool));
++}
++
++/* A value that should be unique to the (AuthenticationAgent, AuthenticationSession)
++ * pair, and not guessable by other agents.
++ *
++ * <agent serial> - <agent uuid> - <session serial> - <session uuid>
++ *
++ * See http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
++ *
++ */
++static gchar *
++authentication_agent_generate_cookie (AuthenticationAgent *agent)
++{
++ GString *buf = g_string_new ("");
++
++ g_string_append (buf, agent->cookie_prefix);
++
++ g_string_append_c (buf, '-');
++ agent->cookie_serial++;
++ g_string_append_printf (buf, "%" G_GUINT64_FORMAT,
++ agent->cookie_serial);
++ g_string_append_c (buf, '-');
++ append_rand_u128_str (buf, agent->cookie_pool);
++
++ return g_string_free (buf, FALSE);
++}
++
++
+ static AuthenticationSession *
+ authentication_session_new (AuthenticationAgent *agent,
+- const gchar *cookie,
+ PolkitSubject *subject,
+ PolkitIdentity *user_of_subject,
+ PolkitSubject *caller,
+@@ -1447,7 +1498,7 @@ authentication_session_new (AuthenticationAgent *agent,
+
+ session = g_new0 (AuthenticationSession, 1);
+ session->agent = authentication_agent_ref (agent);
+- session->cookie = g_strdup (cookie);
++ session->cookie = authentication_agent_generate_cookie (agent);
+ session->subject = g_object_ref (subject);
+ session->user_of_subject = g_object_ref (user_of_subject);
+ session->caller = g_object_ref (caller);
+@@ -1496,16 +1547,6 @@ authentication_session_free (AuthenticationSession *session)
+ g_free (session);
+ }
+
+-static gchar *
+-authentication_agent_new_cookie (AuthenticationAgent *agent)
+-{
+- static gint counter = 0;
+-
+- /* TODO: use a more random-looking cookie */
+-
+- return g_strdup_printf ("cookie%d", counter++);
+-}
+-
+ static PolkitSubject *
+ authentication_agent_get_scope (AuthenticationAgent *agent)
+ {
+@@ -1553,12 +1594,15 @@ authentication_agent_unref (AuthenticationAgent *agent)
+ g_free (agent->unique_system_bus_name);
+ if (agent->registration_options != NULL)
+ g_variant_unref (agent->registration_options);
++ g_rand_free (agent->cookie_pool);
++ g_free (agent->cookie_prefix);
+ g_free (agent);
+ }
+ }
+
+ static AuthenticationAgent *
+-authentication_agent_new (PolkitSubject *scope,
++authentication_agent_new (guint64 serial,
++ PolkitSubject *scope,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+@@ -1592,6 +1636,7 @@ authentication_agent_new (PolkitSubject *scope,
+
+ agent = g_new0 (AuthenticationAgent, 1);
+ agent->ref_count = 1;
++ agent->serial = serial;
+ agent->scope = g_object_ref (scope);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+@@ -1599,6 +1644,25 @@ authentication_agent_new (PolkitSubject *scope,
+ agent->registration_options = registration_options != NULL ? g_variant_ref (registration_options) : NULL;
+ agent->proxy = proxy;
+
++ {
++ GString *cookie_prefix = g_string_new ("");
++ GRand *agent_private_rand = g_rand_new ();
++
++ g_string_append_printf (cookie_prefix, "%" G_GUINT64_FORMAT "-", agent->serial);
++
++ /* Use a uniquely seeded PRNG to get a prefix cookie for this agent,
++ * whose sequence will not correlate with the per-authentication session
++ * cookies.
++ */
++ append_rand_u128_str (cookie_prefix, agent_private_rand);
++ g_rand_free (agent_private_rand);
++
++ agent->cookie_prefix = g_string_free (cookie_prefix, FALSE);
++
++ /* And a newly seeded pool for per-session cookies */
++ agent->cookie_pool = g_rand_new ();
++ }
++
+ return agent;
+ }
+
+@@ -2193,7 +2257,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ {
+ PolkitBackendInteractiveAuthorityPrivate *priv = POLKIT_BACKEND_INTERACTIVE_AUTHORITY_GET_PRIVATE (authority);
+ AuthenticationSession *session;
+- gchar *cookie;
+ GList *l;
+ GList *identities;
+ gchar *localized_message;
+@@ -2215,8 +2278,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ &localized_icon_name,
+ &localized_details);
+
+- cookie = authentication_agent_new_cookie (agent);
+-
+ identities = NULL;
+
+ /* select admin user if required by the implicit authorization */
+@@ -2279,7 +2340,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ user_identities = g_list_prepend (NULL, polkit_unix_user_new (0));
+
+ session = authentication_session_new (agent,
+- cookie,
+ subject,
+ user_of_subject,
+ caller,
+@@ -2335,7 +2395,6 @@ authentication_agent_initiate_challenge (AuthenticationAgent *agent,
+ g_list_free_full (user_identities, g_object_unref);
+ g_list_foreach (identities, (GFunc) g_object_unref, NULL);
+ g_list_free (identities);
+- g_free (cookie);
+
+ g_free (localized_message);
+ g_free (localized_icon_name);
+@@ -2482,7 +2541,9 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ goto out;
+ }
+
+- agent = authentication_agent_new (subject,
++ priv->agent_serial++;
++ agent = authentication_agent_new (priv->agent_serial,
++ subject,
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+--
+cgit v0.10.2
+
+From 493aa5dc1d278ab9097110c1262f5229bbaf1766 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@redhat.com>
+Date: Wed, 17 Jun 2015 13:07:02 -0400
+Subject: CVE-2015-4625: Bind use of cookies to specific uids
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
+
+The "cookie" value that Polkit hands out is global to all polkit
+users. And when `AuthenticationAgentResponse` is invoked, we
+previously only received the cookie and *target* identity, and
+attempted to find an agent from that.
+
+The problem is that the current cookie is just an integer
+counter, and if it overflowed, it would be possible for
+an successful authorization in one session to trigger a response
+in another session.
+
+The overflow and ability to guess the cookie were fixed by the
+previous patch.
+
+This patch is conceptually further hardening on top of that. Polkit
+currently treats uids as equivalent from a security domain
+perspective; there is no support for
+SELinux/AppArmor/etc. differentiation.
+
+We can retrieve the uid from `getuid()` in the setuid helper, which
+allows us to ensure the uid invoking `AuthenticationAgentResponse2`
+matches that of the agent.
+
+Then the authority only looks at authentication sessions matching the
+cookie that were created by a matching uid, thus removing the ability
+for different uids to interfere with each other entirely.
+
+Several fixes to this patch were contributed by:
+Miloslav Trmač <mitr@redhat.com>
+
+Bug: https://bugs.freedesktop.org/show_bug.cgi?id=90837
+CVE: CVE-2015-4625
+Reported-by: Tavis Ormandy <taviso@google.com>
+Reviewed-by: Miloslav Trmač <mitr@redhat.com>
+Signed-off-by: Colin Walters <walters@redhat.com>
+
+diff --git a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+index 3b519c2..5beef7d 100644
+--- a/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
++++ b/data/org.freedesktop.PolicyKit1.AuthenticationAgent.xml
+@@ -8,7 +8,19 @@
+ <annotation name="org.gtk.EggDBus.DocString" value="<para>This D-Bus interface is used for communication between the system-wide PolicyKit daemon and one or more authentication agents each running in a user session.</para><para>An authentication agent must implement this interface and register (passing the object path of the object implementing the interface) using the org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent() and org.freedesktop.PolicyKit1.Authority.UnregisterAuthenticationAgent() methods on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon.</para>"/>
+
+ <method name="BeginAuthentication">
+- <annotation name="org.gtk.EggDBus.DocString" value="<para>Called by the PolicyKit daemon when the authentication agent needs the user to authenticate as one of the identities in @identities for the action with the identifier @action_id.</para><para>Upon succesful authentication, the authentication agent must invoke the org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse() method on the #org.freedesktop.PolicyKit1.Authority interface of the PolicyKit daemon before returning.</para><para>If the user dismisses the authentication dialog, the authentication agent should return an error.</para>"/>
++ <annotation name="org.gtk.EggDBus.DocString" value="<para>Called
++ by the PolicyKit daemon when the authentication agent needs the
++ user to authenticate as one of the identities in @identities for
++ the action with the identifier @action_id.</para><para>This
++ authentication is normally achieved via the
++ polkit_agent_session_response() API, which invokes a private
++ setuid helper process to verify the authentication. When
++ successful, it calls the
++ org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2()
++ method on the #org.freedesktop.PolicyKit1.Authority interface of
++ the PolicyKit daemon before returning. If the user dismisses the
++ authentication dialog, the authentication agent should call
++ polkit_agent_session_cancel().</para>"/>
+
+ <arg name="action_id" direction="in" type="s">
+ <annotation name="org.gtk.EggDBus.DocString" value="The identifier for the action that the user is authentication for."/>
+diff --git a/data/org.freedesktop.PolicyKit1.Authority.xml b/data/org.freedesktop.PolicyKit1.Authority.xml
+index fbfb9cd..f9021ee 100644
+--- a/data/org.freedesktop.PolicyKit1.Authority.xml
++++ b/data/org.freedesktop.PolicyKit1.Authority.xml
+@@ -313,7 +313,29 @@
+ </method>
+
+ <method name="AuthenticationAgentResponse">
+- <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it."/>
++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit."/>
++
++ <arg name="cookie" direction="in" type="s">
++ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
++ </arg>
++
++ <arg name="identity" direction="in" type="(sa{sv})">
++ <annotation name="org.gtk.EggDBus.Type" value="Identity"/>
++ <annotation name="org.gtk.EggDBus.DocString" value="A #Identity struct describing what identity was authenticated."/>
++ </arg>
++ </method>
++
++ <method name="AuthenticationAgentResponse2">
++ <annotation name="org.gtk.EggDBus.DocString" value="Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit. Note this method was added in 0.114, and should be preferred over AuthenticationAgentResponse
++as it fixes a security issue."/>
++
++ <arg name="uid" direction="in" type="u">
++ <annotation name="org.gtk.EggDBus.DocString" value="The real uid of the agent. Normally set by the setuid helper program."/>
++ </arg>
+
+ <arg name="cookie" direction="in" type="s">
+ <annotation name="org.gtk.EggDBus.DocString" value="The cookie identifying the authentication request that was passed to the authentication agent."/>
+diff --git a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+index 6525e25..e66bf53 100644
+--- a/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
++++ b/docs/polkit/docbook-interface-org.freedesktop.PolicyKit1.Authority.xml
+@@ -42,6 +42,8 @@ Structure <link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuth
+ IN String object_path)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse</link> (IN String cookie,
+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
++<link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse2</link> (IN uint32 uid, IN String cookie,
++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.EnumerateTemporaryAuthorizations">EnumerateTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject,
+ OUT Array&lt;<link linkend="eggdbus-struct-TemporaryAuthorization">TemporaryAuthorization</link>&gt; temporary_authorizations)
+ <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RevokeTemporaryAuthorizations">RevokeTemporaryAuthorizations</link> (IN <link linkend="eggdbus-struct-Subject">Subject</link> subject)
+@@ -777,10 +779,52 @@ AuthenticationAgentResponse (IN String cookie,
+ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
+ </programlisting>
+ <para>
+-Method for authentication agents to invoke on successful authentication. This method will fail unless a sufficiently privileged caller invokes it.
++Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit. Deprecated in favor of AuthenticationAgentResponse2.
++ </para>
++<variablelist role="params">
++ <varlistentry>
++ <term><literal>IN String <parameter>cookie</parameter></literal>:</term>
++ <listitem>
++ <para>
++The cookie identifying the authentication request that was passed to the authentication agent.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term><literal>IN <link linkend="eggdbus-struct-Identity">Identity</link> <parameter>identity</parameter></literal>:</term>
++ <listitem>
++ <para>
++A <link linkend="eggdbus-struct-Identity">Identity</link> struct describing what identity was authenticated.
++ </para>
++ </listitem>
++ </varlistentry>
++</variablelist>
++ </refsect2>
++ <refsect2 role="function" id="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse2">
++ <title>AuthenticationAgentResponse2 ()</title>
++ <programlisting>
++AuthenticationAgentResponse2 (IN uint32 uid,
++ IN String cookie,
++ IN <link linkend="eggdbus-struct-Identity">Identity</link> identity)
++ </programlisting>
++ <para>
++Method for authentication agents to invoke on successful
++authentication, intended only for use by a privileged helper process
++internal to polkit. Note this method was introduced in 0.114 to fix a security issue.
+ </para>
+ <variablelist role="params">
+ <varlistentry>
++ <term><literal>IN uint32 <parameter>uid</parameter></literal>:</term>
++ <listitem>
++ <para>
++The user id of the agent; normally this is the owner of the parent pid
++of the process that invoked the internal setuid helper.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
+ <term><literal>IN String <parameter>cookie</parameter></literal>:</term>
+ <listitem>
+ <para>
+diff --git a/docs/polkit/overview.xml b/docs/polkit/overview.xml
+index 150a7bc..176d2ea 100644
+--- a/docs/polkit/overview.xml
++++ b/docs/polkit/overview.xml
+@@ -314,16 +314,18 @@
+ <para>
+ Authentication agents are provided by desktop environments. When
+ an user session starts, the agent registers with the polkit
+- Authority using
+- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
++ Authority using the <link
++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.RegisterAuthenticationAgent">RegisterAuthenticationAgent()</link>
+ method. When services are needed, the authority will invoke
+- methods on
+- the <link linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
++ methods on the <link
++ linkend="eggdbus-interface-org.freedesktop.PolicyKit1.AuthenticationAgent">org.freedesktop.PolicyKit1.AuthenticationAgent</link>
+ D-Bus interface. Once the user is authenticated, (a privileged
+- part of) the agent invokes
+- the <link linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
+- method. Note that the polkit Authority itself does not care
+- how the agent authenticates the user.
++ part of) the agent invokes the <link
++ linkend="eggdbus-method-org.freedesktop.PolicyKit1.Authority.AuthenticationAgentResponse">AuthenticationAgentResponse()</link>
++ method. This method should be treated as an internal
++ implementation detail, and callers should use the public shared
++ library API to invoke it, which currently uses a setuid helper
++ program.
+ </para>
+ <para>
+ The <link linkend="ref-authentication-agent-api">libpolkit-agent-1</link>
+diff --git a/src/polkit/polkitauthority.c b/src/polkit/polkitauthority.c
+index ab6d3cd..6bd684a 100644
+--- a/src/polkit/polkitauthority.c
++++ b/src/polkit/polkitauthority.c
+@@ -1492,6 +1492,14 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
+ gpointer user_data)
+ {
+ GVariant *identity_value;
++ /* Note that in reality, this API is only accessible to root, and
++ * only called from the setuid helper `polkit-agent-helper-1`.
++ *
++ * However, because this is currently public API, we avoid
++ * triggering warnings from ABI diff type programs by just grabbing
++ * the real uid of the caller here.
++ */
++ uid_t uid = getuid ();
+
+ g_return_if_fail (POLKIT_IS_AUTHORITY (authority));
+ g_return_if_fail (cookie != NULL);
+@@ -1501,8 +1509,9 @@ polkit_authority_authentication_agent_response (PolkitAuthority *authority,
+ identity_value = polkit_identity_to_gvariant (identity);
+ g_variant_ref_sink (identity_value);
+ g_dbus_proxy_call (authority->proxy,
+- "AuthenticationAgentResponse",
+- g_variant_new ("(s@(sa{sv}))",
++ "AuthenticationAgentResponse2",
++ g_variant_new ("(us@(sa{sv}))",
++ (guint32)uid,
+ cookie,
+ identity_value),
+ G_DBUS_CALL_FLAGS_NONE,
+diff --git a/src/polkitbackend/polkitbackendauthority.c b/src/polkitbackend/polkitbackendauthority.c
+index 601a974..03a4e84 100644
+--- a/src/polkitbackend/polkitbackendauthority.c
++++ b/src/polkitbackend/polkitbackendauthority.c
+@@ -355,6 +355,7 @@ polkit_backend_authority_unregister_authentication_agent (PolkitBackendAuthority
+ gboolean
+ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error)
+@@ -373,7 +374,7 @@ polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority
+ }
+ else
+ {
+- return klass->authentication_agent_response (authority, caller, cookie, identity, error);
++ return klass->authentication_agent_response (authority, caller, uid, cookie, identity, error);
+ }
+ }
+
+@@ -587,6 +588,11 @@ static const gchar *server_introspection_data =
+ " <arg type='s' name='cookie' direction='in'/>"
+ " <arg type='(sa{sv})' name='identity' direction='in'/>"
+ " </method>"
++ " <method name='AuthenticationAgentResponse2'>"
++ " <arg type='u' name='uid' direction='in'/>"
++ " <arg type='s' name='cookie' direction='in'/>"
++ " <arg type='(sa{sv})' name='identity' direction='in'/>"
++ " </method>"
+ " <method name='EnumerateTemporaryAuthorizations'>"
+ " <arg type='(sa{sv})' name='subject' direction='in'/>"
+ " <arg type='a(ss(sa{sv})tt)' name='temporary_authorizations' direction='out'/>"
+@@ -1035,6 +1041,57 @@ server_handle_authentication_agent_response (Server *server,
+ error = NULL;
+ if (!polkit_backend_authority_authentication_agent_response (server->authority,
+ caller,
++ (uid_t)-1,
++ cookie,
++ identity,
++ &error))
++ {
++ g_dbus_method_invocation_return_gerror (invocation, error);
++ g_error_free (error);
++ goto out;
++ }
++
++ g_dbus_method_invocation_return_value (invocation, g_variant_new ("()"));
++
++ out:
++ if (identity != NULL)
++ g_object_unref (identity);
++}
++
++static void
++server_handle_authentication_agent_response2 (Server *server,
++ GVariant *parameters,
++ PolkitSubject *caller,
++ GDBusMethodInvocation *invocation)
++{
++ const gchar *cookie;
++ GVariant *identity_gvariant;
++ PolkitIdentity *identity;
++ GError *error;
++ guint32 uid;
++
++ identity = NULL;
++
++ g_variant_get (parameters,
++ "(u&s@(sa{sv}))",
++ &uid,
++ &cookie,
++ &identity_gvariant);
++
++ error = NULL;
++ identity = polkit_identity_new_for_gvariant (identity_gvariant, &error);
++ if (identity == NULL)
++ {
++ g_prefix_error (&error, "Error getting identity: ");
++ g_dbus_method_invocation_return_gerror (invocation, error);
++ g_error_free (error);
++ goto out;
++ }
++
++ error = NULL;
++ if (!polkit_backend_authority_authentication_agent_response (server->authority,
++ caller,
++ (uid_t)uid,
+ cookie,
+ identity,
+ &error))
+@@ -1222,6 +1279,8 @@ server_handle_method_call (GDBusConnection *connection,
+ server_handle_unregister_authentication_agent (server, parameters, caller, invocation);
+ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse") == 0)
+ server_handle_authentication_agent_response (server, parameters, caller, invocation);
++ else if (g_strcmp0 (method_name, "AuthenticationAgentResponse2") == 0)
++ server_handle_authentication_agent_response2 (server, parameters, caller, invocation);
+ else if (g_strcmp0 (method_name, "EnumerateTemporaryAuthorizations") == 0)
+ server_handle_enumerate_temporary_authorizations (server, parameters, caller, invocation);
+ else if (g_strcmp0 (method_name, "RevokeTemporaryAuthorizations") == 0)
+diff --git a/src/polkitbackend/polkitbackendauthority.h b/src/polkitbackend/polkitbackendauthority.h
+index f9f7385..88df82e 100644
+--- a/src/polkitbackend/polkitbackendauthority.h
++++ b/src/polkitbackend/polkitbackendauthority.h
+@@ -147,6 +147,7 @@ struct _PolkitBackendAuthorityClass
+
+ gboolean (*authentication_agent_response) (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error);
+@@ -249,6 +250,7 @@ gboolean polkit_backend_authority_unregister_authentication_agent (PolkitBackend
+
+ gboolean polkit_backend_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error);
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 15adc6a..96725f7 100644
+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
+@@ -108,8 +108,9 @@ static AuthenticationAgent *get_authentication_agent_for_subject (PolkitBackendI
+ PolkitSubject *subject);
+
+
+-static AuthenticationSession *get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
+- const gchar *cookie);
++static AuthenticationSession *get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
++ uid_t uid,
++ const gchar *cookie);
+
+ static GList *get_authentication_sessions_initiated_by_system_bus_unique_name (PolkitBackendInteractiveAuthority *authority,
+ const gchar *system_bus_unique_name);
+@@ -169,6 +170,7 @@ static gboolean polkit_backend_interactive_authority_unregister_authentication_a
+
+ static gboolean polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error);
+@@ -440,6 +442,7 @@ struct AuthenticationAgent
+ {
+ volatile gint ref_count;
+
++ uid_t creator_uid;
+ PolkitSubject *scope;
+ guint64 serial;
+
+@@ -1603,6 +1606,7 @@ authentication_agent_unref (AuthenticationAgent *agent)
+ static AuthenticationAgent *
+ authentication_agent_new (guint64 serial,
+ PolkitSubject *scope,
++ PolkitIdentity *creator,
+ const gchar *unique_system_bus_name,
+ const gchar *locale,
+ const gchar *object_path,
+@@ -1611,6 +1615,10 @@ authentication_agent_new (guint64 serial,
+ {
+ AuthenticationAgent *agent;
+ GDBusProxy *proxy;
++ PolkitUnixUser *creator_user;
++
++ g_assert (POLKIT_IS_UNIX_USER (creator));
++ creator_user = POLKIT_UNIX_USER (creator);
+
+ if (!g_variant_is_object_path (object_path))
+ {
+@@ -1638,6 +1646,7 @@ authentication_agent_new (guint64 serial,
+ agent->ref_count = 1;
+ agent->serial = serial;
+ agent->scope = g_object_ref (scope);
++ agent->creator_uid = (uid_t)polkit_unix_user_get_uid (creator_user);
+ agent->object_path = g_strdup (object_path);
+ agent->unique_system_bus_name = g_strdup (unique_system_bus_name);
+ agent->locale = g_strdup (locale);
+@@ -1736,8 +1745,9 @@ get_authentication_agent_for_subject (PolkitBackendInteractiveAuthority *authori
+ }
+
+ static AuthenticationSession *
+-get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *authority,
+- const gchar *cookie)
++get_authentication_session_for_uid_and_cookie (PolkitBackendInteractiveAuthority *authority,
++ uid_t uid,
++ const gchar *cookie)
+ {
+ PolkitBackendInteractiveAuthorityPrivate *priv;
+ GHashTableIter hash_iter;
+@@ -1755,6 +1765,23 @@ get_authentication_session_for_cookie (PolkitBackendInteractiveAuthority *author
+ {
+ GList *l;
+
++ /* We need to ensure that if somehow we have duplicate cookies
++ * due to wrapping, that the cookie used is matched to the user
++ * who called AuthenticationAgentResponse2. See
++ * http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
++ *
++ * Except if the legacy AuthenticationAgentResponse is invoked,
++ * we don't know the uid and hence use -1. Continue to support
++ * the old behavior for backwards compatibility, although everyone
++ * who is using our own setuid helper will automatically be updated
++ * to the new API.
++ */
++ if (uid != (uid_t)-1)
++ {
++ if (agent->creator_uid != uid)
++ continue;
++ }
++
+ for (l = agent->active_sessions; l != NULL; l = l->next)
+ {
+ AuthenticationSession *session = l->data;
+@@ -2544,6 +2571,7 @@ polkit_backend_interactive_authority_register_authentication_agent (PolkitBacken
+ priv->agent_serial++;
+ agent = authentication_agent_new (priv->agent_serial,
+ subject,
++ user_of_caller,
+ polkit_system_bus_name_get_name (POLKIT_SYSTEM_BUS_NAME (caller)),
+ locale,
+ object_path,
+@@ -2757,6 +2785,7 @@ polkit_backend_interactive_authority_unregister_authentication_agent (PolkitBack
+ static gboolean
+ polkit_backend_interactive_authority_authentication_agent_response (PolkitBackendAuthority *authority,
+ PolkitSubject *caller,
++ uid_t uid,
+ const gchar *cookie,
+ PolkitIdentity *identity,
+ GError **error)
+@@ -2799,7 +2828,7 @@ polkit_backend_interactive_authority_authentication_agent_response (PolkitBacken
+ }
+
+ /* find the authentication session */
+- session = get_authentication_session_for_cookie (interactive_authority, cookie);
++ session = get_authentication_session_for_uid_and_cookie (interactive_authority, uid, cookie);
+ if (session == NULL)
+ {
+ g_set_error (error,
+--
+cgit v0.10.2
+
+--- ./configure.ac.orig
++++ ./configure.ac
+@@ -122,7 +122,7 @@
+ changequote([,])dnl
+ fi
+
+-PKG_CHECK_MODULES(GLIB, [gio-2.0 >= 2.28.0])
++PKG_CHECK_MODULES(GLIB, [gmodule-2.0 gio-unix-2.0 gio-2.0 >= 2.30.0])
+ AC_SUBST(GLIB_CFLAGS)
+ AC_SUBST(GLIB_LIBS)
+
diff --git a/user/polkit/automake.patch b/user/polkit/automake.patch
new file mode 100644
index 000000000..0f6825a26
--- /dev/null
+++ b/user/polkit/automake.patch
@@ -0,0 +1,19 @@
+--- ./configure.ac.orig 2012-12-31 21:39:08.969445979 +0000
++++ ./configure.ac 2012-12-31 21:39:30.136285425 +0000
+@@ -3,7 +3,7 @@
+ AC_PREREQ(2.59c)
+ AC_INIT(polkit, 0.105, http://lists.freedesktop.org/mailman/listinfo/polkit-devel)
+ AM_INIT_AUTOMAKE(polkit, 0.105)
+-AM_CONFIG_HEADER(config.h)
++AC_CONFIG_HEADER(config.h)
+ AM_MAINTAINER_MODE
+
+ m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+@@ -24,7 +24,6 @@
+
+ AC_ISC_POSIX
+ AC_PROG_CC
+-AM_PROG_CC_STDC
+ AC_HEADER_STDC
+ AM_PROG_LIBTOOL
+ AC_PROG_MAKE_SET
diff --git a/user/polkit/disable-ck-test.patch b/user/polkit/disable-ck-test.patch
new file mode 100644
index 000000000..e1987d40d
--- /dev/null
+++ b/user/polkit/disable-ck-test.patch
@@ -0,0 +1,15 @@
+This test requires ConsoleKit to be running.
+
+--- polkit-0.105/test/polkitbackend/Makefile.am.old 2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/polkitbackend/Makefile.am 2017-09-27 20:48:42.479959296 -0500
+@@ -36,8 +36,8 @@
+ TEST_PROGS += polkitbackendlocalauthorizationstoretest
+ polkitbackendlocalauthorizationstoretest_SOURCES = polkitbackendlocalauthorizationstoretest.c
+
+-TEST_PROGS += polkitbackendlocalauthoritytest
+-polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
++#TEST_PROGS += polkitbackendlocalauthoritytest
++#polkitbackendlocalauthoritytest_SOURCES = polkitbackendlocalauthoritytest.c
+
+ # ----------------------------------------------------------------------------------------------------
+
diff --git a/user/polkit/fix-consolekit-db-stat.patch b/user/polkit/fix-consolekit-db-stat.patch
new file mode 100644
index 000000000..3deceb639
--- /dev/null
+++ b/user/polkit/fix-consolekit-db-stat.patch
@@ -0,0 +1,30 @@
+--- polkit-0.105.orig/src/polkitbackend/polkitbackendsessionmonitor.c 2012-04-24 19:05:34.000000000 +0300
++++ polkit-0.105/src/polkitbackend/polkitbackendsessionmonitor.c 2015-08-17 14:50:51.428580856 +0300
+@@ -47,7 +47,7 @@ struct _PolkitBackendSessionMonitor
+
+ GKeyFile *database;
+ GFileMonitor *database_monitor;
+- time_t database_mtime;
++ struct timespec database_mtim;
+ };
+
+ struct _PolkitBackendSessionMonitorClass
+@@ -95,7 +95,7 @@ reload_database (PolkitBackendSessionMon
+ goto out;
+ }
+
+- monitor->database_mtime = statbuf.st_mtime;
++ monitor->database_mtim = statbuf.st_mtim;
+
+ monitor->database = g_key_file_new ();
+ if (!g_key_file_load_from_file (monitor->database,
+@@ -131,7 +131,8 @@ ensure_database (PolkitBackendSessionMon
+ strerror (errno));
+ goto out;
+ }
+- if (statbuf.st_mtime == monitor->database_mtime)
++ if (statbuf.st_mtim.tv_sec == monitor->database_mtim.tv_sec &&
++ statbuf.st_mtim.tv_nsec == monitor->database_mtim.tv_nsec)
+ {
+ ret = TRUE;
+ goto out;
diff --git a/user/polkit/fix-parallel-make.patch b/user/polkit/fix-parallel-make.patch
new file mode 100644
index 000000000..b693a34dd
--- /dev/null
+++ b/user/polkit/fix-parallel-make.patch
@@ -0,0 +1,40 @@
+From 7bd30764a5230684c7c979a08a83dfa6e327f719 Mon Sep 17 00:00:00 2001
+From: Ryan Lortie <desrt@velocity.(none)>
+Date: Tue, 13 Nov 2012 16:50:14 +0000
+Subject: build: Fix .gir generation for parallel make
+
+As per the intructions in the introspection Makefile, we should have a
+line declaring a dependency between the .gir and .la files.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=57077
+
+Signed-off-by: David Zeuthen <zeuthen@gmail.com>
+---
+diff --git a/src/polkit/Makefile.am b/src/polkit/Makefile.am
+index 39d6d84..d648d29 100644
+--- a/src/polkit/Makefile.am
++++ b/src/polkit/Makefile.am
+@@ -106,6 +106,8 @@ if HAVE_INTROSPECTION
+
+ INTROSPECTION_GIRS = Polkit-1.0.gir
+
++Polkit-1.0.gir: libpolkit-gobject-1.la
++
+ girdir = $(INTROSPECTION_GIRDIR)
+ gir_DATA = Polkit-1.0.gir
+
+diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
+index 1cfb73c..5b7d4c7 100644
+--- a/src/polkitagent/Makefile.am
++++ b/src/polkitagent/Makefile.am
+@@ -108,6 +108,8 @@ if HAVE_INTROSPECTION
+ girdir = $(INTROSPECTION_GIRDIR)
+ gir_DATA = PolkitAgent-1.0.gir
+
++PolkitAgent-1.0.gir: libpolkit-agent-1.la
++
+ typelibsdir = $(INTROSPECTION_TYPELIBDIR)
+ typelibs_DATA = PolkitAgent-1.0.typelib
+
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/user/polkit/fix-test-fgetpwent.patch b/user/polkit/fix-test-fgetpwent.patch
new file mode 100644
index 000000000..7bc6481cc
--- /dev/null
+++ b/user/polkit/fix-test-fgetpwent.patch
@@ -0,0 +1,20 @@
+--- polkit-0.105/test/mocklibc/src/pwd.c.old 2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/mocklibc/src/pwd.c 2017-09-27 19:40:57.883227673 -0500
+@@ -16,6 +16,7 @@
+ * Author: Nikki VonHollen <vonhollen@gmail.com>
+ */
+
++#define _GNU_SOURCE
+ #include <pwd.h>
+
+ #include <stdio.h>
+--- polkit-0.105/test/mocklibc/src/grp.c.old 2012-04-24 11:05:34.000000000 -0500
++++ polkit-0.105/test/mocklibc/src/grp.c 2017-09-27 19:44:57.759238450 -0500
+@@ -16,6 +16,7 @@
+ * Author: Nikki VonHollen <vonhollen@gmail.com>
+ */
+
++#define _GNU_SOURCE
+ #include <grp.h>
+
+ #include <stdio.h>
diff --git a/user/py-dbus/APKBUILD b/user/py-dbus/APKBUILD
new file mode 100644
index 000000000..87da11915
--- /dev/null
+++ b/user/py-dbus/APKBUILD
@@ -0,0 +1,44 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=py-dbus
+pkgver=1.2.0
+pkgrel=3
+pkgdesc="Python bindings for DBUS"
+url="http://www.freedesktop.org/wiki/Software/DBusBindings"
+arch="all"
+license="GPL LGPL"
+depends="python3"
+depends_dev="py-dbus"
+makedepends="dbus-glib-dev python3-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://dbus.freedesktop.org/releases/dbus-python/dbus-python-$pkgver.tar.gz"
+
+builddir="$srcdir"/dbus-python-$pkgver
+
+prepare() {
+ cd "$builddir"
+ update_config_sub
+ default_prepare
+}
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr
+ make
+}
+
+check() {
+ cd "$builddir"
+ make test
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+md5sums="b09cd2d1a057cc432ce944de3fc06bf7 dbus-python-1.2.0.tar.gz"
+sha256sums="e12c6c8b2bf3a9302f75166952cbe41d6b38c3441bbc6767dbd498942316c6df dbus-python-1.2.0.tar.gz"
+sha512sums="013b23e08fa1ed43f53a756587fefbc9770f7c51e93510e555acbd77230b7200693419bba9a69680d790bbaf123f4a195afa38b3eee1143da950fee0b5130bce dbus-python-1.2.0.tar.gz"
diff --git a/user/qca/APKBUILD b/user/qca/APKBUILD
new file mode 100644
index 000000000..669389ac7
--- /dev/null
+++ b/user/qca/APKBUILD
@@ -0,0 +1,35 @@
+# Contributor: William Pitcock <nenolod@dereferenced.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+pkgname=qca
+pkgver=2.1.3
+pkgrel=5
+pkgdesc="Qt cryptographic architecture"
+url="http://delta.affinix.com/qca/"
+arch="all"
+license="LGPL-2.1+"
+depends=
+depends_dev="qt5-qtbase-dev"
+makedepends="$depends_dev cmake cyrus-sasl-dev"
+install=""
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://download.kde.org/stable/qca/$pkgver/src/qca-${pkgver}.tar.xz"
+
+builddir="$srcdir"/qca-$pkgver
+
+build() {
+ cd "$builddir"
+ cmake -DCMAKE_INSTALL_PREFIX=/usr -DWITH_cyrus-sasl_PLUGIN=yes .
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+check() {
+ cd "$builddir"
+ make test
+}
+
+sha512sums="0aec277e0695da2e45298f0a9006213829fe4c449a79969e472947db54f45000ba6e22361b782465bdc03f269b7301d318c843f5a83db459a118e58a03f3116a qca-2.1.3.tar.xz"
diff --git a/user/redis/APKBUILD b/user/redis/APKBUILD
new file mode 100644
index 000000000..fc8ea8426
--- /dev/null
+++ b/user/redis/APKBUILD
@@ -0,0 +1,87 @@
+# Contributor: V.Krishn <vkrishn4@gmail.com>
+# Maintainer:
+pkgname=redis
+pkgver=4.0.2
+pkgrel=2
+pkgdesc="Advanced key-value store"
+url="http://redis.io/"
+arch="all"
+license="BSD"
+depends=""
+makedepends="linux-headers"
+checkdepends="tcl"
+splitpackages="$pkgname-openrc"
+install="redis.pre-install"
+pkgusers="redis"
+pkggroups="redis"
+source="http://download.redis.io/releases/$pkgname-$pkgver.tar.gz
+ fix-ppc-atomics.patch
+ posix-runtest.patch
+ redis.initd
+ redis.logrotate
+ redis.confd
+ "
+builddir="$srcdir/$pkgname-$pkgver"
+
+prepare() {
+ default_prepare
+
+ cd "$builddir"
+ sed -i -e 's|^daemonize .*|daemonize yes|' \
+ -e 's|^dir .*|dir /var/lib/redis/|' \
+ -e 's|^logfile .*|logfile /var/log/redis/redis\.log|' \
+ -e 's|^pidfile .*|pidfile /var/run/redis/redis\.pid|' \
+ -e 's|^loglevel .*|loglevel notice|' \
+ redis.conf
+
+ # disable broken tests
+ # see: https://github.com/antirez/redis/issues/2814
+ # https://github.com/antirez/redis/issues/3810
+
+ sed -i -e '/integration\/aof/d' \
+ -e '/integration\/logging/d' \
+ tests/test_helper.tcl
+}
+
+build() {
+ cd "$builddir"
+ make PREFIX=/usr \
+ INSTALL_BIN="$pkgdir"/usr/bin \
+ MALLOC=libc \
+ FINAL_LIBS="-latomic " \
+ all
+}
+
+check() {
+ cd "$builddir"
+ make test
+}
+
+package() {
+ cd "$builddir"
+ mkdir -p "$pkgdir"/usr/bin
+ install -d -o redis -g redis \
+ "$pkgdir"/var/lib/redis \
+ "$pkgdir"/var/log/redis \
+ "$pkgdir"/var/run/redis
+
+ install -D -m755 "$builddir/COPYING" \
+ "$pkgdir/usr/share/licenses/redis/COPYING"
+ install -D -m755 "$srcdir/redis.initd" "$pkgdir/etc/init.d/redis" \
+ && install -Dm644 "$srcdir/redis.logrotate" \
+ "$pkgdir/etc/logrotate.d/redis" \
+ && install -Dm644 "$srcdir/redis.confd" \
+ "$pkgdir/etc/conf.d/redis"
+ install -D -m644 "$builddir/redis.conf" "$pkgdir/etc/redis.conf"
+
+ make PREFIX=/usr \
+ INSTALL_BIN="$pkgdir/usr/bin" \
+ install
+}
+
+sha512sums="1458909c6fc16cff8ca5e6dddff23b988ee1e447f2d0bccf5941553b22bab6abb851732b3fe53dafb8a69d6c0939c3ce7e0686d51e03be720fb018c038d3b1b4 redis-4.0.2.tar.gz
+f768acea3e1868dbf0596085640c83e58d899860d7d647b0965fa858844c494d0a49b229fb417456d83f3e2690e5450950c31e0fa40529df85a9cde38d8981c4 fix-ppc-atomics.patch
+856ae98e9e8670801827c3bd793dc14ed2c62c37365f8d04b452d7e1ab97300a0bf18c59b52ea686c2689d53aeed8e29e2c55207d3d4fb1fd8fc7fc820f33157 posix-runtest.patch
+91b663f802aea9a473195940d3bf2ce3ca2af4e5b6e61a2d28ebbfe502ef2c764b574b7e87c49e60345d1a5d6b73d12920924c93b26be110c2ce824023347b6f redis.initd
+6d17d169b40a7e23a0a2894eff0f3e2fe8e4461b36f2a9d45468f0abd84ea1035d679b4c0a34029bce093147f9c7bb697e843c113c17769d38c934d4a78a5848 redis.logrotate
+d87aad6185300c99cc9b6a478c83bf62c450fb2c225592d74cc43a3adb93e19d8d2a42cc279907b385aa73a7b9c77b66828dbfb001009edc16a604abb2087e99 redis.confd"
diff --git a/user/redis/fix-ppc-atomics.patch b/user/redis/fix-ppc-atomics.patch
new file mode 100644
index 000000000..0263bb531
--- /dev/null
+++ b/user/redis/fix-ppc-atomics.patch
@@ -0,0 +1,13 @@
+--- redis-4.0.2/src/Makefile.old 2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/src/Makefile 2018-05-26 18:45:23.494413590 -0500
+@@ -109,6 +109,10 @@
+ # Include paths to dependencies
+ FINAL_CFLAGS+= -I../deps/hiredis -I../deps/linenoise -I../deps/lua/src
+
++ifeq ($(uname_M),ppc)
++ FINAL_LIBS+= -latomic
++endif
++
+ ifeq ($(MALLOC),tcmalloc)
+ FINAL_CFLAGS+= -DUSE_TCMALLOC
+ FINAL_LIBS+= -ltcmalloc
diff --git a/user/redis/posix-runtest.patch b/user/redis/posix-runtest.patch
new file mode 100644
index 000000000..84d76ad10
--- /dev/null
+++ b/user/redis/posix-runtest.patch
@@ -0,0 +1,33 @@
+--- redis-4.0.2/runtest.old 2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/runtest 2017-12-31 05:50:13.037119127 -0600
+@@ -3,7 +3,7 @@
+ TCLSH=""
+
+ for VERSION in $TCL_VERSIONS; do
+- TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
++ TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
+ done
+
+ if [ -z $TCLSH ]
+--- redis-4.0.2/runtest-cluster.old 2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/runtest-cluster 2017-12-31 05:50:20.517111722 -0600
+@@ -3,7 +3,7 @@
+ TCLSH=""
+
+ for VERSION in $TCL_VERSIONS; do
+- TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
++ TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
+ done
+
+ if [ -z $TCLSH ]
+--- redis-4.0.2/runtest-sentinel.old 2017-09-21 09:12:52.000000000 -0500
++++ redis-4.0.2/runtest-sentinel 2017-12-31 05:50:26.877105425 -0600
+@@ -3,7 +3,7 @@
+ TCLSH=""
+
+ for VERSION in $TCL_VERSIONS; do
+- TCL=`which tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
++ TCL=`command -v tclsh$VERSION 2>/dev/null` && TCLSH=$TCL
+ done
+
+ if [ -z $TCLSH ]
diff --git a/user/redis/redis.confd b/user/redis/redis.confd
new file mode 100644
index 000000000..a79f61ccd
--- /dev/null
+++ b/user/redis/redis.confd
@@ -0,0 +1,9 @@
+# Redis user.
+REDIS_USER="redis"
+
+# Redis group.
+REDIS_GROUP="redis"
+
+# Redis configuration file.
+REDIS_CONF="/etc/redis.conf"
+
diff --git a/user/redis/redis.initd b/user/redis/redis.initd
new file mode 100755
index 000000000..ce6aba7e3
--- /dev/null
+++ b/user/redis/redis.initd
@@ -0,0 +1,52 @@
+#!/sbin/openrc-run
+
+REDIS_CONF=${REDIS_CONF:-/etc/redis.conf}
+REDIS_USER=${REDIS_USER:-redis}
+REDIS_GROUP=${REDIS_GROUP:-redis}
+
+name="Redis server"
+command=/usr/bin/redis-server
+command_args=${REDIS_CONF}
+
+depend() {
+ use net localmount logger
+ after keepalived firewall
+}
+
+# get global pidfile, logfile, and dir from config file
+get_config() {
+ if [ ! -f "${REDIS_CONF}" ] ; then
+ eerror "You need a ${REDIS_CONF} file to run redis"
+ return 1;
+ fi
+
+ pidfile=$(awk '$1 == "pidfile" { print $2 }' "$REDIS_CONF")
+ logfile=$(awk '$1 == "logfile" { print $2 }' "$REDIS_CONF")
+ dir=$(awk '$1 == "dir" { print $2 }' "$REDIS_CONF")
+ : ${pidfile:=/var/run/redis/redis.pid}
+ : ${logfile:=/var/log/redis/redis.log}
+ : ${dir:=/var/lib/redis}
+}
+
+start() {
+ get_config || return 1
+ checkpath -d -o ${REDIS_USER}:${REDIS_GROUP} ${pidfile%/*} \
+ ${logfile%/*} ${dir}
+
+ ebegin "Starting $name"
+ start-stop-daemon --start \
+ --chdir "${dir}" \
+ --user ${REDIS_USER}:${REDIS_GROUP} \
+ --pidfile "${pidfile}" \
+ --exec "${command}" \
+ -- ${command_args}
+ eend $?
+}
+
+stop() {
+ get_config
+ ebegin "Stopping $name"
+ start-stop-daemon --stop --retry 30 --pidfile "${pidfile}"
+ eend $?
+}
+
diff --git a/user/redis/redis.logrotate b/user/redis/redis.logrotate
new file mode 100644
index 000000000..c77c9a0e8
--- /dev/null
+++ b/user/redis/redis.logrotate
@@ -0,0 +1,4 @@
+/var/log/redis/redis.log {
+ notifempty
+ missingok
+}
diff --git a/user/redis/redis.pre-install b/user/redis/redis.pre-install
new file mode 100644
index 000000000..f73213126
--- /dev/null
+++ b/user/redis/redis.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup -S redis 2>/dev/null
+adduser -S -D -H -h /var/lib/redis -s /bin/false -G redis -g redis redis 2>/dev/null
+
+exit 0
diff --git a/user/snappy/APKBUILD b/user/snappy/APKBUILD
new file mode 100644
index 000000000..588164d55
--- /dev/null
+++ b/user/snappy/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=snappy
+pkgver=1.1.7
+pkgrel=0
+pkgdesc="Fast compression and decompression library"
+url="http://google.github.io/snappy/"
+arch="all"
+license="BSD-3-Clause"
+subpackages="$pkgname-dbg $pkgname-dev"
+source="snappy-$pkgver.tar.gz::https://github.com/google/snappy/archive/$pkgver.tar.gz
+ "
+[ "$CARCH" = "armhf" ] && options="!check" # does not pass testsuite on armhf
+
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+ if [ "$CBUILD" != "$CHOST" ]; then
+ CMAKE_CROSSOPTS="-DCMAKE_SYSTEM_NAME=Linux -DCMAKE_HOST_SYSTEM_NAME=Linux"
+ fi
+ cmake \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_INSTALL_LIBDIR=lib \
+ -DBUILD_SHARED_LIBS=True \
+ -DCMAKE_BUILD_TYPE=RelWithDebugInfo \
+ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \
+ -DCMAKE_C_FLAGS="$CFLAGS" \
+ ${CMAKE_CROSSOPTS}
+ make
+}
+
+check() {
+ cd "$builddir"
+ CTEST_OUTPUT_ON_FAILURE=TRUE ctest
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="32046f532606ba545a4e4825c0c66a19be449f2ca2ff760a6fa170a3603731479a7deadb683546e5f8b5033414c50f4a9a29f6d23b7a41f047e566e69eca7caf snappy-1.1.7.tar.gz"
diff --git a/user/spice/APKBUILD b/user/spice/APKBUILD
new file mode 100644
index 000000000..a40b5853f
--- /dev/null
+++ b/user/spice/APKBUILD
@@ -0,0 +1,43 @@
+# Contributor: A. Wilcox <awilfox@adelielinux.org>
+# Maintainer: A. Wilcox <awilfox@adelielinux.org>
+pkgname=spice
+pkgver=0.14.0
+pkgrel=0
+pkgdesc="Solution for seamless access to virtual machines"
+url="https://www.spice-space.org/"
+arch="all"
+license="LGPL-2.1+"
+depends="gst-plugins-base"
+depends_dev=""
+makedepends="$depends_dev openssl-dev zlib-dev libjpeg-turbo-dev cyrus-sasl-dev
+ opus-dev lz4-dev gstreamer-dev gst-plugins-base-dev glib-dev orc-dev
+ python3 spice-protocol pixman-dev gstreamer-tools"
+install=""
+subpackages="$pkgname-dev"
+source="https://www.spice-space.org/download/releases/spice-$pkgver.tar.bz2"
+builddir="$srcdir/spice-$pkgver"
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --localstatedir=/var \
+ --disable-celt051
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="84532146aa628ca6ca459a82afb89d6391892e063668fd4a68023c92cee7ca868b6c82e31dd9886819b76ea745ebdae0d0030e1f608d8f58f51c00f0b09bae1f spice-0.14.0.tar.bz2"
diff --git a/user/upower/APKBUILD b/user/upower/APKBUILD
new file mode 100644
index 000000000..9c596f3e0
--- /dev/null
+++ b/user/upower/APKBUILD
@@ -0,0 +1,40 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=upower
+pkgver=0.99.6
+pkgrel=0
+pkgdesc="Power Management Services"
+url="http://upower.freedesktop.org"
+arch="all"
+license="GPL2+"
+depends=""
+subpackages="$pkgname-dev $pkgname-doc $pkgname-lang"
+makedepends="linux-headers gtk+-dev libgudev-dev libusb-dev polkit-dev
+ dbus-glib-dev libxslt gobject-introspection-dev docbook-xsl"
+source="http://upower.freedesktop.org/releases/upower-$pkgver.tar.xz
+ "
+
+builddir="$srcdir"/$pkgname-$pkgver
+build() {
+ cd "$builddir"
+ DATADIRNAME=share ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --libexecdir=/usr/lib/upower \
+ --disable-static
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+sha512sums="7e7256491ecb5d3f04abf41f05a761b79761c8868a1aedadfc5085c3b9cf15f6099c1494596e6a24b0951511bc7cac074e93ebb2b84abb9fb7a4374483052d3f upower-0.99.6.tar.xz"
diff --git a/user/upower/daemon-fix-get_critical_action.patch b/user/upower/daemon-fix-get_critical_action.patch
new file mode 100644
index 000000000..6afe9b7a9
--- /dev/null
+++ b/user/upower/daemon-fix-get_critical_action.patch
@@ -0,0 +1,28 @@
+From 28cee8e2845b094488c337c4ecfa84ada0b6be60 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Tue, 23 Feb 2016 09:51:07 +0100
+Subject: daemon: fix get_critical_action()
+
+Fix copy&paste error from e7e9156f that called the wrong _complete_ function
+for up_daemon_get_critical_action().
+
+https://bugs.freedesktop.org/show_bug.cgi?id=94262
+
+diff --git a/src/up-daemon.c b/src/up-daemon.c
+index be14cbe..e95f904 100644
+--- a/src/up-daemon.c
++++ b/src/up-daemon.c
+@@ -435,8 +435,8 @@ up_daemon_get_critical_action (UpExportedDaemon *skeleton,
+ GDBusMethodInvocation *invocation,
+ UpDaemon *daemon)
+ {
+- up_exported_daemon_complete_get_display_device (skeleton, invocation,
+- up_backend_get_critical_action (daemon->priv->backend));
++ up_exported_daemon_complete_get_critical_action (skeleton, invocation,
++ up_backend_get_critical_action (daemon->priv->backend));
+ return TRUE;
+ }
+
+--
+cgit v0.10.2
+
diff --git a/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch b/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch
new file mode 100644
index 000000000..47e2f4799
--- /dev/null
+++ b/user/upower/lib-add-propererror-and-cancellable-handling-to-UpClient.patch
@@ -0,0 +1,184 @@
+From 932a6a39e35754be571e1274aec4730fd42dba13 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Wed, 18 May 2016 09:22:43 +0200
+Subject: lib: Add proper error and cancellable handling to UpClient
+ constructor
+
+A GObject's _init() should never fail or block, but this is currently the case
+as up_client_init() connects to upowerd on D-Bus. Convert this to the GInitable
+interface and provide a new constructor up_client_new_full() which accepts a
+GCancellable and GError, so that clients can do proper error handling
+and reporting.
+
+This changes up_client_new() to return NULL when connecting to upowerd fails.
+This provides a more well-defined behaviour in this case as clients can check
+for this and our methods stop segfaulting as they have checks like
+
+ g_return_val_if_fail (UP_IS_CLIENT (client), ...)
+
+Previously we returned a valid object, but trying to call any method on it
+segfaulted due to the NULL D-Bus proxy, so client code had no chance to check
+whether the UpClient object was really valid.
+
+https://bugs.freedesktop.org/show_bug.cgi?id=95350
+
+diff --git a/libupower-glib/up-client.c b/libupower-glib/up-client.c
+index 5b2218f..adc0b9b 100644
+--- a/libupower-glib/up-client.c
++++ b/libupower-glib/up-client.c
+@@ -39,9 +39,10 @@
+ #include "up-daemon-generated.h"
+ #include "up-device.h"
+
+-static void up_client_class_init (UpClientClass *klass);
+-static void up_client_init (UpClient *client);
+-static void up_client_finalize (GObject *object);
++static void up_client_class_init (UpClientClass *klass);
++static void up_client_initable_iface_init (GInitableIface *iface);
++static void up_client_init (UpClient *client);
++static void up_client_finalize (GObject *object);
+
+ #define UP_CLIENT_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), UP_TYPE_CLIENT, UpClientPrivate))
+
+@@ -73,7 +74,8 @@ enum {
+ static guint signals [UP_CLIENT_LAST_SIGNAL] = { 0 };
+ static gpointer up_client_object = NULL;
+
+-G_DEFINE_TYPE (UpClient, up_client, G_TYPE_OBJECT)
++G_DEFINE_TYPE_WITH_CODE (UpClient, up_client, G_TYPE_OBJECT,
++ G_IMPLEMENT_INTERFACE(G_TYPE_INITABLE, up_client_initable_iface_init))
+
+ /**
+ * up_client_get_devices:
+@@ -434,11 +436,10 @@ up_client_class_init (UpClientClass *klass)
+ * up_client_init:
+ * @client: This class instance
+ */
+-static void
+-up_client_init (UpClient *client)
++static gboolean
++up_client_initable_init (GInitable *initable, GCancellable *cancellable, GError **error)
+ {
+- GError *error = NULL;
+-
++ UpClient *client = UP_CLIENT (initable);
+ client->priv = UP_CLIENT_GET_PRIVATE (client);
+
+ /* connect to main interface */
+@@ -446,13 +447,10 @@ up_client_init (UpClient *client)
+ G_DBUS_PROXY_FLAGS_NONE,
+ "org.freedesktop.UPower",
+ "/org/freedesktop/UPower",
+- NULL,
+- &error);
+- if (client->priv->proxy == NULL) {
+- g_warning ("Couldn't connect to proxy: %s", error->message);
+- g_error_free (error);
+- return;
+- }
++ cancellable,
++ error);
++ if (client->priv->proxy == NULL)
++ return FALSE;
+
+ /* all callbacks */
+ g_signal_connect (client->priv->proxy, "device-added",
+@@ -461,6 +459,23 @@ up_client_init (UpClient *client)
+ G_CALLBACK (up_device_removed_cb), client);
+ g_signal_connect (client->priv->proxy, "notify",
+ G_CALLBACK (up_client_notify_cb), client);
++
++ return TRUE;
++}
++
++static void
++up_client_initable_iface_init (GInitableIface *iface)
++{
++ iface->init = up_client_initable_init;
++}
++
++/*
++ * up_client_init:
++ * @client: This class instance
++ */
++static void
++up_client_init (UpClient *client)
++{
+ }
+
+ /*
+@@ -482,23 +497,52 @@ up_client_finalize (GObject *object)
+ }
+
+ /**
+- * up_client_new:
++ * up_client_new_full:
++ * @cancellable: (allow-none): A #GCancellable or %NULL.
++ * @error: Return location for error or %NULL.
+ *
+- * Creates a new #UpClient object.
++ * Creates a new #UpClient object. If connecting to upowerd on D-Bus fails,
++ % this returns %NULL and sets @error.
+ *
+- * Return value: a new UpClient object.
++ * Return value: a new UpClient object, or %NULL on failure.
+ *
+- * Since: 0.9.0
++ * Since: 0.99.5
+ **/
+ UpClient *
+-up_client_new (void)
++up_client_new_full (GCancellable *cancellable, GError **error)
+ {
+ if (up_client_object != NULL) {
+ g_object_ref (up_client_object);
+ } else {
+- up_client_object = g_object_new (UP_TYPE_CLIENT, NULL);
+- g_object_add_weak_pointer (up_client_object, &up_client_object);
++ up_client_object = g_initable_new (UP_TYPE_CLIENT, cancellable, error, NULL);
++ if (up_client_object)
++ g_object_add_weak_pointer (up_client_object, &up_client_object);
+ }
+ return UP_CLIENT (up_client_object);
+ }
+
++/**
++ * up_client_new:
++ *
++ * Creates a new #UpClient object. If connecting to upowerd on D-Bus fails,
++ * this returns %NULL and prints out a warning with the error message.
++ * Consider using up_client_new_full() instead which allows you to handle errors
++ * and cancelling long operations yourself.
++ *
++ * Return value: a new UpClient object, or %NULL on failure.
++ *
++ * Since: 0.9.0
++ **/
++UpClient *
++up_client_new (void)
++{
++ GError *error = NULL;
++ UpClient *client;
++ client = up_client_new_full (NULL, &error);
++ if (client == NULL) {
++ g_warning ("Couldn't connect to proxy: %s", error->message);
++ g_error_free (error);
++ }
++ return client;
++}
++
+diff --git a/libupower-glib/up-client.h b/libupower-glib/up-client.h
+index 79c2d9e..5b9af3c 100644
+--- a/libupower-glib/up-client.h
++++ b/libupower-glib/up-client.h
+@@ -72,6 +72,7 @@ typedef struct
+ /* general */
+ GType up_client_get_type (void);
+ UpClient *up_client_new (void);
++UpClient *up_client_new_full (GCancellable *cancellable, GError **error);
+
+ /* sync versions */
+ UpDevice * up_client_get_display_device (UpClient *client);
+--
+cgit v0.10.2
+
diff --git a/user/valgrind/APKBUILD b/user/valgrind/APKBUILD
new file mode 100644
index 000000000..c5371950d
--- /dev/null
+++ b/user/valgrind/APKBUILD
@@ -0,0 +1,76 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=valgrind
+pkgver=3.13.0
+pkgrel=0
+pkgdesc="A tool to help find memory-management problems in programs"
+url="http://valgrind.org/"
+arch="all"
+license="GPL-2.0-or-later"
+# it seems like busybox sed works but the configure script requires GNU sed
+makedepends="sed paxmark perl bash autoconf automake libtool"
+# from README_PACKAGERS:
+# Don't strip the debug info off lib/valgrind/$platform/vgpreload*.so
+# in the installation tree. Either Valgrind won't work at all, or it
+# will still work if you do, but will generate less helpful error
+# messages.
+options="!strip !check"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://sourceware.org/pub/$pkgname/$pkgname-$pkgver.tar.bz2
+ uclibc.patch
+ arm.patch
+ coregrind-elfv2.patch"
+# musl-fixes.patch
+builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+ default_prepare
+ cd "$builddir"
+ aclocal && autoconf && automake --add-missing
+ echo '#include <linux/a.out.h>' > include/a.out.h
+}
+
+build() {
+ cd "$builddir"
+ # fails to build with ccache
+ export CC="gcc"
+ export CFLAGS="$CFLAGS -fno-stack-protector -no-pie"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var \
+ --without-mpicc
+ make
+}
+
+check() {
+ cd "$buildir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+
+ # we have options=!strip above so we strip the /usr/bin/* manually
+ if [ -z "$DEBUG" ]; then
+ strip "$pkgdir"/usr/bin/valgrind \
+ "$pkgdir"/usr/bin/valgrind-di-server \
+ "$pkgdir"/usr/bin/vgdb \
+ "$pkgdir"/usr/bin/valgrind-listener \
+ "$pkgdir"/usr/bin/cg_merge
+ fi
+
+ # pax causes some issues
+ # http://marc.info/?l=gentoo-hardened&m=119512627126298&w=2
+ # http://bugs.alpinelinux.org/issues/999
+ paxmark -m "$pkgdir"/usr/lib/valgrind/*-*-linux
+}
+
+sha512sums="34e1013cd3815d30a459b86220e871bb0a6209cc9e87af968f347083693779f022e986f211bdf1a5184ad7370cde12ff2cfca8099967ff94732970bd04a97009 valgrind-3.13.0.tar.bz2
+d59a10db9037e120df2ee94a103402ca95a79abee9d8be63e4e1bca29c82dca775cc402a79b854ec11a2160a4d2da202c237369418e221d1925267ea2613fd5d uclibc.patch
+9ee297d1b2b86891584443ad0caadc4977e1447979611ccf1cc55dbee61911b0b063bc4ad936d86c451cedae410cb3219b5a088b2ad0aa17df182d564fe36cfe arm.patch
+0f54b7b207870f495a0cf010b3091e2c0626bbf93b8a5ba7956b690981d4186de61f3e3b1fdc3aec2dfcacb69e712900f32c883a09dd4733c1e4569506272520 coregrind-elfv2.patch"
diff --git a/user/valgrind/arm.patch b/user/valgrind/arm.patch
new file mode 100644
index 000000000..8281c8ba1
--- /dev/null
+++ b/user/valgrind/arm.patch
@@ -0,0 +1,11 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -234,7 +234,7 @@
+ ARCH_MAX="s390x"
+ ;;
+
+- armv7*)
++ arm*)
+ AC_MSG_RESULT([ok (${host_cpu})])
+ ARCH_MAX="arm"
+ ;;
diff --git a/user/valgrind/coregrind-elfv2.patch b/user/valgrind/coregrind-elfv2.patch
new file mode 100644
index 000000000..7e4a2d636
--- /dev/null
+++ b/user/valgrind/coregrind-elfv2.patch
@@ -0,0 +1,443 @@
+The LE and BE code here is the same, except the BE has the old-style
+function descriptor. So, we use the LE code on ELFv2 to fix build errors.
+
+--- valgrind-3.13.0/coregrind/m_libcsetjmp.c 2017-05-31 10:14:45.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_libcsetjmp.c 2018-05-25 20:07:37.007835735 -0500
+@@ -149,7 +149,7 @@
+
+ /* ------------ ppc64-linux ------------ */
+
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+
+ __asm__(
+ ".section \".toc\",\"aw\"" "\n"
+@@ -268,7 +268,8 @@
+ ".previous" "\n"
+ );
+
+-#elif defined(VGP_ppc64le_linux)
++#elif (defined(VGP_ppc64le_linux)) || \
++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
+ __asm__(
+ ".section \".toc\",\"aw\"" "\n"
+
+--- valgrind-3.13.0/coregrind/m_main.c.old 2017-05-31 10:14:52.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_main.c 2018-05-30 19:01:00.534083618 -0500
+@@ -2585,7 +2585,7 @@
+ "\ttrap\n"
+ ".previous\n"
+ );
+-#elif defined(VGP_ppc64be_linux)
++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ asm("\n"
+ /* PPC64 ELF ABI says '_start' points to a function descriptor.
+ So we must have one, and that is what goes into the .opd section. */
+@@ -2631,9 +2631,9 @@
+ "\tnop\n"
+ "\ttrap\n"
+ );
+-#elif defined(VGP_ppc64le_linux)
+-/* Little Endian uses ELF version 2 but in the future may also
+- * support other ELF versions.
++#elif defined(VGP_ppc64le_linux) || \
++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
++/* PowerPC 64 ELF version 2 does not use function descriptors.
+ */
+ asm("\n"
+ "\t.align 2\n"
+--- valgrind-3.13.0/coregrind/m_syscall.c.old 2017-05-31 10:14:29.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_syscall.c 2018-05-30 19:02:00.984023769 -0500
+@@ -470,7 +470,7 @@
+ ".previous\n"
+ );
+
+-#elif defined(VGP_ppc64be_linux)
++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ /* Due to the need to return 65 bits of result, this is completely
+ different from the ppc32 case. The single arg register points to a
+ 7-word block containing the syscall # and the 6 args. The syscall
+@@ -506,7 +506,8 @@
+ " blr\n"
+ );
+
+-#elif defined(VGP_ppc64le_linux)
++#elif defined(VGP_ppc64le_linux) || \
++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
+ /* Due to the need to return 65 bits of result, this is completely
+ different from the ppc32 case. The single arg register points to a
+ 7-word block containing the syscall # and the 6 args. The syscall
+--- valgrind-3.13.0/coregrind/m_signals.c.old 2017-05-31 10:14:52.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_signals.c 2018-05-30 22:12:46.082692356 -0500
+@@ -889,7 +889,7 @@
+ " sc\n" \
+ ".previous\n"
+
+-#elif defined(VGP_ppc64be_linux)
++#elif defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ # define _MY_SIGRETURN(name) \
+ ".align 2\n" \
+ ".globl my_sigreturn\n" \
+@@ -904,7 +904,8 @@
+ " li 0, " #name "\n" \
+ " sc\n"
+
+-#elif defined(VGP_ppc64le_linux)
++#elif defined(VGP_ppc64le_linux) || \
++ (defined(VGP_ppc64be_linux) && defined(_CALL_ELF) && _CALL_ELF == 2)
+ /* Little Endian supports ELF version 2. In the future, it may
+ * support other versions.
+ */
+--- valgrind-3.13.0/coregrind/m_syswrap/syswrap-ppc64-linux.c.old 2017-05-31 10:14:39.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_syswrap/syswrap-ppc64-linux.c 2018-05-30 22:15:42.112518074 -0500
+@@ -71,12 +71,12 @@
+ // r4 = retaddr
+ // r5 = function descriptor
+ // r6 = arg1
+-/* On PPC64, a func ptr is represented by a TOC entry ptr.
++/* On ELFv1, a func ptr is represented by a TOC entry ptr.
+ This TOC entry contains three words; the first word is the function
+ address, the second word is the TOC ptr (r2), and the third word is
+ the static chain value. */
+ asm(
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ " .align 2\n"
+ " .globl vgModuleLocal_call_on_new_stack_0_1\n"
+ " .section \".opd\",\"aw\"\n"
+@@ -126,7 +126,7 @@
+ " bctr\n\t" // jump to dst
+ " trap\n" // should never get here
+ #else
+-// ppc64le_linux
++// ppc64le_linux, or ELFv2 ABI on BE
+ " .align 2\n"
+ " .globl vgModuleLocal_call_on_new_stack_0_1\n"
+ "vgModuleLocal_call_on_new_stack_0_1:\n"
+@@ -211,7 +211,7 @@
+
+ // See priv_syswrap-linux.h for arg profile.
+ asm(
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) && (!defined(_CALL_ELF) || _CALL_ELF == 1)
+ " .align 2\n"
+ " .globl do_syscall_clone_ppc64_linux\n"
+ " .section \".opd\",\"aw\"\n"
+--- valgrind-3.13.0/coregrind/m_syswrap/syscall-ppc64be-linux.S.old 2017-05-31 10:14:39.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_syswrap/syscall-ppc64be-linux.S 2018-05-30 22:18:31.742350130 -0500
+@@ -29,7 +29,7 @@
+
+ #include "pub_core_basics_asm.h"
+
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
+
+ #include "pub_core_vkiscnums_asm.h"
+ #include "libvex_guest_offsets.h"
+@@ -76,12 +76,25 @@
+
+ .align 2
+ .globl ML_(do_syscall_for_client_WRK)
++#if _CALL_ELF == 2
++.type .ML_(do_syscall_for_client_WRK),@function
++ML_(do_syscall_for_client_WRK):
++0: addis 2,12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry ML_(do_syscall_for_client_WRK), .-ML_(do_syscall_for_client_WRK)
++#else
+ .section ".opd","aw"
+ .align 3
+-ML_(do_syscall_for_client_WRK):
++ML_(do_syscall_for_client_WRK):
+ .quad .ML_(do_syscall_for_client_WRK),.TOC.@tocbase,0
+ .previous
+-.type .ML_(do_syscall_for_client_WRK),@function
++#endif
++#if _CALL_ELF == 2
++0: addis 2,12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry ML_(do_syscall_for_client_WRK), .-ML_(do_syscall_for_client_WRK)
++#endif
++.type .ML_(do_syscall_for_client_WRK),@function
+ .globl .ML_(do_syscall_for_client_WRK)
+ .ML_(do_syscall_for_client_WRK):
+ /* make a stack frame */
+@@ -145,7 +158,11 @@
+ /* failure: return 0x8000 | error code */
+ 7: ori 3,3,0x8000 /* FAILURE -- ensure return value is nonzero */
+ b 5b
+-
++#if _CALL_ELF == 2
++ .size .ML_(do_syscall_for_client_WRK),.-.ML_(do_syscall_for_client_WRK)
++#else
++ .size .ML_(do_syscall_for_client_WRK),.-.ML_(do_syscall_for_client_WRK)
++#endif
+ .section .rodata
+ /* export the ranges so that
+ VG_(fixup_guest_state_after_syscall_interrupted) can do the
+@@ -162,7 +179,7 @@
+ ML_(blksys_committed): .quad 4b
+ ML_(blksys_finished): .quad 5b
+
+-#endif // defined(VGP_ppc64be_linux)
++#endif // defined(VGP_ppc64le_linux)
+
+ /* Let the linker know we don't need an executable stack */
+ MARK_STACK_NO_EXEC
+--- valgrind-3.13.0/coregrind/m_dispatch/dispatch-ppc64be-linux.S.old 2017-05-31 10:14:33.000000000 -0500
++++ valgrind-3.13.0/coregrind/m_dispatch/dispatch-ppc64be-linux.S 2018-05-30 22:39:37.951096498 -0500
+@@ -30,12 +30,21 @@
+
+ #include "pub_core_basics_asm.h"
+
+-#if defined(VGP_ppc64be_linux)
++#if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
+
+ #include "pub_core_dispatch_asm.h"
+ #include "pub_core_transtab_asm.h"
+ #include "libvex_guest_offsets.h" /* for OFFSET_ppc64_CIA */
+
++/* NOTE: PPC64 supports Big Endian and Little Endian. It also supports the
++ ELF version 1 and ELF version 2 APIs.
++
++ Currently LE uses ELF version 2 and BE uses ELF version 1. However,
++ BE and LE may support the other ELF version in the future. So, the
++ _CALL_ELF is used in the assembly function to enable code for a
++ specific ELF version independently of the endianness of the machine.
++ The test "#if _CALL_ELF == 2" checks if ELF version 2 is being used.
++*/
+
+ /* References to globals via the TOC */
+
+@@ -75,14 +84,26 @@
+ .section ".text"
+ .align 2
+ .globl VG_(disp_run_translations)
++#if _CALL_ELF == 2
++.type VG_(disp_run_translations),@function
++VG_(disp_run_translations):
++.type .VG_(disp_run_translations),@function
++#else
+ .section ".opd","aw"
+ .align 3
+ VG_(disp_run_translations):
+ .quad .VG_(disp_run_translations),.TOC.@tocbase,0
+ .previous
+ .type .VG_(disp_run_translations),@function
++#endif
+ .globl .VG_(disp_run_translations)
+ .VG_(disp_run_translations):
++#if _CALL_ELF == 2
++0: addis 2, 12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry VG_(disp_run_translations), .-VG_(disp_run_translations)
++#endif
++
+ /* r3 holds two_words */
+ /* r4 holds guest_state */
+ /* r5 holds host_addr */
+@@ -229,8 +250,13 @@
+ /* make a stack frame for the code we are calling */
+ stdu 1,-48(1)
+
+- /* Set up the guest state ptr */
++ /* Set up the guest state ptr */
+ mr 31,4 /* r31 (generated code gsp) = r4 */
++#if _CALL_ELF == 2
++/* for the LE ABI need to setup r2 and r12 */
++0: addis 2, 12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++#endif
+
+ /* and jump into the code cache. Chained translations in
+ the code cache run, until for whatever reason, they can't
+@@ -385,6 +411,9 @@
+ mtlr 0
+ addi 1,1,624 /* stack_size */
+ blr
++#if _CALL_ELF == 2
++ .size VG_(disp_run_translations),.-VG_(disp_run_translations)
++#endif
+
+
+ /*----------------------------------------------------*/
+@@ -395,15 +424,25 @@
+ .section ".text"
+ .align 2
+ .globl VG_(disp_cp_chain_me_to_slowEP)
+- .section ".opd","aw"
++#if _CALL_ELF == 2
++ .type VG_(disp_cp_chain_me_to_slowEP),@function
++ VG_(disp_cp_chain_me_to_slowEP):
++#else
++ .section ".opd","aw"
+ .align 3
+ VG_(disp_cp_chain_me_to_slowEP):
+ .quad .VG_(disp_cp_chain_me_to_slowEP),.TOC.@tocbase,0
+ .previous
++#endif
+ .type .VG_(disp_cp_chain_me_to_slowEP),@function
+ .globl .VG_(disp_cp_chain_me_to_slowEP)
+ .VG_(disp_cp_chain_me_to_slowEP):
+- /* We got called. The return address indicates
++#if _CALL_ELF == 2
++0: addis 2, 12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry VG_(disp_cp_chain_me_to_slowEP), .-VG_(disp_cp_chain_me_to_slowEP)
++#endif
++ /* We got called. The return address indicates
+ where the patching needs to happen. Collect
+ the return address and, exit back to C land,
+ handing the caller the pair (Chain_me_S, RA) */
+@@ -415,20 +454,33 @@
+ */
+ subi 7,7,20+4+4
+ b .postamble
++#if _CALL_ELF == 2
++ .size VG_(disp_cp_chain_me_to_slowEP),.-VG_(disp_cp_chain_me_to_slowEP)
++#endif
+
+ /* ------ Chain me to fast entry point ------ */
+ .section ".text"
+ .align 2
+ .globl VG_(disp_cp_chain_me_to_fastEP)
+- .section ".opd","aw"
++#if _CALL_ELF == 2
++ .type VG_(disp_cp_chain_me_to_fastEP),@function
++VG_(disp_cp_chain_me_to_fastEP):
++#else
++ .section ".opd","aw"
+ .align 3
+ VG_(disp_cp_chain_me_to_fastEP):
+ .quad .VG_(disp_cp_chain_me_to_fastEP),.TOC.@tocbase,0
+ .previous
++#endif
+ .type .VG_(disp_cp_chain_me_to_fastEP),@function
+ .globl .VG_(disp_cp_chain_me_to_fastEP)
+ .VG_(disp_cp_chain_me_to_fastEP):
+- /* We got called. The return address indicates
++#if _CALL_ELF == 2
++0: addis 2, 12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry VG_(disp_cp_chain_me_to_fastEP), .-VG_(disp_cp_chain_me_to_fastEP)
++#endif
++ /* We got called. The return address indicates
+ where the patching needs to happen. Collect
+ the return address and, exit back to C land,
+ handing the caller the pair (Chain_me_S, RA) */
+@@ -440,20 +492,33 @@
+ */
+ subi 7,7,20+4+4
+ b .postamble
++#if _CALL_ELF == 2
++ .size VG_(disp_cp_chain_me_to_fastEP),.-VG_(disp_cp_chain_me_to_fastEP)
++#endif
+
+ /* ------ Indirect but boring jump ------ */
+ .section ".text"
+ .align 2
+ .globl VG_(disp_cp_xindir)
+- .section ".opd","aw"
++#if _CALL_ELF == 2
++ .type VG_(disp_cp_xindir),@function
++VG_(disp_cp_xindir):
++#else
++ .section ".opd","aw"
+ .align 3
+ VG_(disp_cp_xindir):
+ .quad .VG_(disp_cp_xindir),.TOC.@tocbase,0
+ .previous
++#endif
+ .type .VG_(disp_cp_xindir),@function
+ .globl .VG_(disp_cp_xindir)
+ .VG_(disp_cp_xindir):
+- /* Where are we going? */
++#if _CALL_ELF == 2
++0: addis 2, 12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry VG_(disp_cp_xindir), .-VG_(disp_cp_xindir)
++#endif
++ /* Where are we going? */
+ ld 3,OFFSET_ppc64_CIA(31)
+
+ /* stats only */
+@@ -479,6 +544,9 @@
+ /* Found a match. Jump to .host. */
+ mtctr 7
+ bctr
++#if _CALL_ELF == 2
++ .size VG_(disp_cp_xindir),.-VG_(disp_cp_xindir)
++#endif
+
+ .fast_lookup_failed:
+ /* stats only */
+@@ -496,39 +564,64 @@
+ .section ".text"
+ .align 2
+ .globl VG_(disp_cp_xassisted)
+- .section ".opd","aw"
++#if _CALL_ELF == 2
++ .type VG_(disp_cp_xassisted),@function
++VG_(disp_cp_xassisted):
++#else
++ .section ".opd","aw"
+ .align 3
+ VG_(disp_cp_xassisted):
+ .quad .VG_(disp_cp_xassisted),.TOC.@tocbase,0
+ .previous
+- .type .VG_(disp_cp_xassisted),@function
++#endif
++#if _CALL_ELF == 2
++0: addis 2, 12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry VG_(disp_cp_xassisted), .-VG_(disp_cp_xassisted)
++#endif
++ .type .VG_(disp_cp_xassisted),@function
+ .globl .VG_(disp_cp_xassisted)
+ .VG_(disp_cp_xassisted):
+ /* r31 contains the TRC */
+ mr 6,31
+ li 7,0
+ b .postamble
++#if _CALL_ELF == 2
++ .size VG_(disp_cp_xassisted),.-VG_(disp_cp_xassisted)
++#endif
+
+ /* ------ Event check failed ------ */
+ .section ".text"
+ .align 2
+ .globl VG_(disp_cp_evcheck_fail)
+- .section ".opd","aw"
++#if _CALL_ELF == 2
++ .type VG_(disp_cp_evcheck_fail),@function
++VG_(disp_cp_evcheck_fail):
++#else
++ .section ".opd","aw"
+ .align 3
+ VG_(disp_cp_evcheck_fail):
+ .quad .VG_(disp_cp_evcheck_fail),.TOC.@tocbase,0
+ .previous
++#endif
++#if _CALL_ELF == 2
++0: addis 2, 12,.TOC.-0b@ha
++ addi 2,2,.TOC.-0b@l
++ .localentry VG_(disp_cp_evcheck_fail), .-VG_(disp_cp_evcheck_fail)
++#endif
+ .type .VG_(disp_cp_evcheck_fail),@function
+ .globl .VG_(disp_cp_evcheck_fail)
+ .VG_(disp_cp_evcheck_fail):
+ li 6,VG_TRC_INNER_COUNTERZERO
+ li 7,0
+ b .postamble
++#if _CALL_ELF == 2
++ .size VG_(disp_cp_evcheck_fail),.-VG_(disp_cp_evcheck_fail)
++#endif
+
+-
+ .size .VG_(disp_run_translations), .-.VG_(disp_run_translations)
+
+-#endif // defined(VGP_ppc64be_linux)
++#endif // defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
+
+ /* Let the linker know we don't need an executable stack */
+ MARK_STACK_NO_EXEC
diff --git a/user/valgrind/uclibc.patch b/user/valgrind/uclibc.patch
new file mode 100644
index 000000000..69281ab2c
--- /dev/null
+++ b/user/valgrind/uclibc.patch
@@ -0,0 +1,10 @@
+--- ./coregrind/vg_preloaded.c.orig
++++ ./coregrind/vg_preloaded.c
+@@ -42,6 +42,7 @@
+ originates from Valgrind.
+ ------------------------------------------------------------------ */
+
++#include <features.h>
+ #include "pub_core_basics.h"
+ #include "pub_core_clreq.h"
+ #include "pub_core_debuginfo.h" // Needed for pub_core_redir.h
diff --git a/user/vlc/APKBUILD b/user/vlc/APKBUILD
new file mode 100644
index 000000000..a11b883f7
--- /dev/null
+++ b/user/vlc/APKBUILD
@@ -0,0 +1,362 @@
+# Contributor: Łukasz Jendrysik <scadu@yandex.com>
+# Contributor: Leonardo Arena <rnalrd@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=vlc
+pkgver=3.0.3
+_pkgver=${pkgver/_/-}
+_ver=${_pkgver%[a-z]}
+pkgrel=1
+pkgdesc="A multi-platform MPEG, VCD/DVD, and DivX player"
+triggers="vlc-libs.trigger=/usr/lib/vlc/plugins"
+pkgusers="vlc"
+pkggroups="vlc"
+url="https://www.videolan.org/vlc/"
+arch="all"
+license="GPL-2.0-or-later"
+options="!checkroot textrel"
+subpackages="$pkgname-dev
+ $pkgname-doc
+ $pkgname-qt
+ $pkgname-xorg
+ $pkgname-daemon::noarch
+ $pkgname-libs
+ $pkgname-plugins
+
+ $pkgname-plugins-access:plugins_access
+ $pkgname-plugins-access_output:plugins_access_output
+ $pkgname-plugins-audio_filter:plugins_audio_filter
+ $pkgname-plugins-audio_mixer:plugins_audio_mixer
+ $pkgname-plugins-audio_output:plugins_audio_output
+ $pkgname-plugins-codec:plugins_codec
+ $pkgname-plugins-control:plugins_control
+ $pkgname-plugins-demux:plugins_demux
+ $pkgname-plugins-gui:plugins_gui
+ $pkgname-plugins-lua:plugins_lua
+ $pkgname-plugins-meta_engine:plugins_meta_engine
+ $pkgname-plugins-misc:plugins_misc
+ $pkgname-plugins-mux:plugins_mux
+ $pkgname-plugins-notify:plugins_notify
+ $pkgname-plugins-packetizer:plugins_packetizer
+ $pkgname-plugins-services_discovery:plugins_services_discovery
+ $pkgname-plugins-stream_filter:plugins_stream_filter
+ $pkgname-plugins-stream_out:plugins_stream_out
+ $pkgname-plugins-text_renderer:plugins_text_renderer
+ $pkgname-plugins-video_chroma:plugins_video_chroma
+ $pkgname-plugins-video_filter:plugins_video_filter
+ $pkgname-plugins-video_output:plugins_video_output
+ $pkgname-plugins-visualization:plugins_visualization"
+depends="ttf-dejavu $pkgname-plugins"
+makedepends="
+ a52dec-dev
+ alsa-lib-dev
+ automake
+ autoconf
+ bison
+ libtool
+ dbus-dev
+ faad2-dev
+ ffmpeg-dev
+ flac-dev
+ flex
+ fluidsynth-dev
+ freetype-dev
+ fribidi-dev
+ gtk+3.0-dev
+ libbluray-dev>=0.2.1 libbluray-dev<20100000
+ libavc1394-dev
+ libcddb-dev
+ libdc1394-dev>=2.1.0
+ libdca-dev
+ libdvbpsi-dev
+ libdvdnav-dev
+ libdvdread-dev
+ libgcrypt-dev
+ libice-dev
+ libjpeg-turbo-dev
+ libmad-dev
+ libmatroska-dev
+ libmpeg2-dev
+ libnotify-dev
+ libogg-dev
+ libraw1394-dev>=2.0.1
+ librsvg-dev
+ libshout-dev
+ libsm-dev
+ libtheora-dev
+ libva-dev
+ libvdpau-dev
+ libvorbis-dev
+ libvpx-dev
+ libx11-dev
+ libxext-dev
+ libxinerama-dev
+ libxml2-dev
+ libxpm-dev
+ libxv-dev
+ live-media-dev>=2012.01.26
+ lua5.2-dev
+ mesa-dev
+ ncurses-dev
+ opus-dev
+ pkgconfig
+ pulseaudio-dev
+ qt5-qtbase-dev
+ qt5-qtsvg-dev
+ qt5-qtx11extras-dev
+ sdl2-dev
+ speex-dev
+ speexdsp-dev
+ sysfsutils-dev
+ taglib-dev
+ eudev-dev
+ v4l-utils-dev
+ wayland-protocols
+ x264-dev
+ x265-dev
+ xcb-util-renderutil-dev
+ xcb-util-keysyms-dev
+ xdg-utils
+ "
+source="http://get.videolan.org/vlc/$_ver/vlc-$_ver.tar.xz
+ omxil-rpi-codecs.patch
+ check-headless.patch
+ disable-sub-autodetect-fuzzy-1-test.patch
+ fribidi-update.patch
+ tar-compat.patch
+ test-s390x.patch
+ vlc-libs.trigger"
+
+builddir="$srcdir"/$pkgname-$_ver
+
+prepare() {
+ default_prepare
+ NOCONFIGURE=1 ./bootstrap
+}
+
+build() {
+ local _arch_opts=
+ cd "$builddir"
+ export CFLAGS="$CFLAGS -D_GNU_SOURCE"
+
+ case "$CARCH" in
+ arm*) _arch_opts="--enable-omxil --enable-omxil-vout --enable-rpi-omxil" ;;
+ aarch64) _arch_opts="--enable-neon" ;;
+ ppc64*) _arch_opts="--enable-altivec" ;;
+ esac
+
+ LUA=lua5.2 \
+ LUAC=luac5.2 \
+ BUILDCC="${CC:-gcc} -std=c99" \
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --disable-mmx \
+ --disable-sse \
+ --enable-nls \
+ --enable-optimizations \
+ --enable-optimize-memory \
+ --disable-rpath \
+ --enable-a52 \
+ --enable-avcodec \
+ --enable-avformat \
+ --enable-bluray \
+ --enable-cdda \
+ --enable-dbus \
+ --enable-dc1394 \
+ --enable-dca \
+ --enable-dvbpsi \
+ --enable-dvdread \
+ --enable-dvdnav \
+ --enable-faad \
+ --enable-flac \
+ --enable-fluidsynth \
+ --enable-jpeg \
+ --enable-libcddb \
+ --enable-libmpeg2 \
+ --enable-libva \
+ --enable-live555 \
+ --enable-mad \
+ --enable-merge-ffmpeg \
+ --enable-notify \
+ --enable-ncurses \
+ --enable-ogg \
+ --enable-opus \
+ --enable-png \
+ --enable-pulse \
+ --enable-qt \
+ --enable-realrtsp \
+ --enable-shout \
+ --enable-skins2 \
+ --enable-speex \
+ --enable-sout \
+ --enable-taglib \
+ --enable-theora \
+ --enable-udev \
+ --enable-v4l2 \
+ --enable-vdpau \
+ --enable-vlm \
+ --enable-vorbis \
+ --enable-vpx \
+ --enable-wma-fixed \
+ --enable-x264 \
+ --enable-x265 \
+ --enable-xvideo \
+ $_arch_opts
+
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ # delete cache as it's autocreated by trigger
+ rm -rf "$pkgdir"/usr/lib/vlc/plugins/plugins.dat
+ # delete unneeded mozilla and kde support files
+ rm -rf "$pkgdir"/usr/lib/mozilla
+ rm -rf "$pkgdir"/usr/share/kde4
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+plugins() {
+ pkgdesc="$pkgname all plugins meta package"
+ depends="$pkgname-plugins-access
+ $pkgname-plugins-access_output
+ $pkgname-plugins-audio_filter
+ $pkgname-plugins-audio_mixer
+ $pkgname-plugins-audio_output
+ $pkgname-plugins-codec
+ $pkgname-plugins-control
+ $pkgname-plugins-demux
+ $pkgname-plugins-gui
+ $pkgname-plugins-lua
+ $pkgname-plugins-meta_engine
+ $pkgname-plugins-misc
+ $pkgname-plugins-mux
+ $pkgname-plugins-notify
+ $pkgname-plugins-packetizer
+ $pkgname-plugins-services_discovery
+ $pkgname-plugins-stream_filter
+ $pkgname-plugins-stream_out
+ $pkgname-plugins-text_renderer
+ $pkgname-plugins-video_chroma
+ $pkgname-plugins-video_filter
+ $pkgname-plugins-video_output
+ $pkgname-plugins-visualization"
+ mkdir -p "$subpkgdir"
+}
+
+_mv() {
+ local dir=${1%/*}
+ mkdir -p "$subpkgdir"/$dir
+ mv "$1" "$subpkgdir"/$dir/
+}
+
+qt() {
+ pkgdesc="Qt frontend for VLC"
+ depends="vlc-xorg=$pkgver-r$pkgrel"
+ cd "$pkgdir"
+ # scan for elf files that directly or indirectly depends on
+ # libQt* libraries
+ cd "$pkgdir"
+ for i in $(find . -type f ); do
+ if ldd $i 2>/dev/null | grep -q "libQt"; then
+ _mv "$i" || return 1
+ fi
+ done
+ mkdir -p "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/qvlc \
+ "$subpkgdir"/usr/bin/
+}
+
+xorg() {
+ pkgdesc="Video LAN X.org support"
+ depends="xdg-utils vlc=$pkgver-r$pkgrel"
+
+ # scan for elf files that directly or indirectly depends on
+ # libX* libraries
+ cd "$pkgdir"
+ for i in $(find . -type f ); do
+ if ldd $i 2>/dev/null | grep -E -q "libX|x11|libxcb|libGL"; then
+ echo $i | grep libavcodec_plugin.so || _mv "$i" || return 1
+ fi
+ done
+
+ mkdir -p "$subpkgdir"/usr/bin
+ mv "$pkgdir"/usr/bin/svlc \
+ "$subpkgdir"/usr/bin
+
+ mkdir -p "$subpkgdir"/usr/share/vlc
+ mv "$pkgdir"/usr/share/applications \
+ "$pkgdir"/usr/share/icons \
+ "$subpkgdir"/usr/share/
+
+ mv "$pkgdir"/usr/share/vlc/skins2 \
+ "$subpkgdir"/usr/share/vlc
+}
+
+daemon() {
+ pkgdesc="Support for running VLC as a daemon"
+ install="vlc-daemon.pre-install"
+ depends="vlc=$pkgver-r$pkgrel"
+
+ mkdir -p "$subpkgdir"
+ cd "$pkgdir"
+ install -D -m755 ../../vlc.initd $subpkgdir/etc/init.d/vlc
+ install -D -m664 ../../vlc.confd $subpkgdir/etc/conf.d/vlc
+ install -d -o vlc -g vlc "$subpkgdir"/var/log/vlc
+}
+
+libs() {
+ depends=
+ mkdir -p "$subpkgdir"/usr/lib/vlc
+ mv "$pkgdir"/usr/lib/vlc/vlc-cache-gen \
+ "$subpkgdir"/usr/lib/vlc/
+ default_libs
+}
+
+_mv_plugins() {
+ local plugin=$1
+ pkgdesc="$pkgname $plugin plugin"
+ depends=
+ mkdir -p "$subpkgdir"/usr/lib/vlc/plugins
+ mv "$pkgdir"/usr/lib/vlc/plugins/"$plugin" \
+ "$subpkgdir"/usr/lib/vlc/plugins
+}
+
+plugins_access() { _mv_plugins access; }
+plugins_access_output() { _mv_plugins access_output; }
+plugins_audio_filter() { _mv_plugins audio_filter; }
+plugins_audio_mixer() { _mv_plugins audio_mixer; }
+plugins_audio_output() { _mv_plugins audio_output; }
+plugins_codec() { _mv_plugins codec; }
+plugins_control() { _mv_plugins control; }
+plugins_demux() { _mv_plugins demux; }
+plugins_gui() { _mv_plugins gui; }
+plugins_lua() { _mv_plugins lua; }
+plugins_meta_engine() { _mv_plugins meta_engine; }
+plugins_misc() { _mv_plugins misc; }
+plugins_mux() { _mv_plugins mux; }
+plugins_notify() { _mv_plugins notify; }
+plugins_packetizer() { _mv_plugins packetizer; }
+plugins_services_discovery() { _mv_plugins services_discovery; }
+plugins_stream_filter() { _mv_plugins stream_filter; }
+plugins_stream_out() { _mv_plugins stream_out; }
+plugins_text_renderer() { _mv_plugins text_renderer; }
+plugins_video_chroma() { _mv_plugins video_chroma; }
+plugins_video_filter() { _mv_plugins video_filter; }
+plugins_video_output() { _mv_plugins video_output; }
+plugins_visualization() { _mv_plugins visualization; }
+
+sha512sums="1569cefa6623b2631a832679bc9a63ebeba222901e5221d254e896a68d2ee467054da8de9eda566924e80a11bb29a673a9f0c4243793845547d8027b58a238ab vlc-3.0.3.tar.xz
+e13e398b7bfd977f6e099bcb6cf8dc5cd5bad6dea3eff715881826246dc4329468846084aff2576de2b7fd28d3f06e7c327a6e4511a28d22e5cd198a81146c89 omxil-rpi-codecs.patch
+22d80df599b8b65a5439cefbb7140af8e9530f326d54945da3769af65f37518b99ec2cc8647aafd2763324a0698280915afe043cc87e5720c4694881ed35bffa check-headless.patch
+e214b407235cb3afb8bec93f20c9b42957b57e6fd3960679d3d4235e77762e03e64d03c01f00ef63d589e7c85aaad02ce6abbeeccd66b1867bc92451a5b5e9b0 disable-sub-autodetect-fuzzy-1-test.patch
+3338531d385f76d9eedf10498d1b0b78565c531eedb3018d4500e377815f9ccbfcc16ec398cb8559bcc624f65b61d376125c4a5e6880cbad90ec9880dd4b9ce5 fribidi-update.patch
+a117ca4d7fd66a5f959fdeaddfdce2f8442fe9f2c13995bb7f4792a7745c00813813aa962f76e957e3b0735344a5dc000e0644ce09f23458802a2932231655c3 tar-compat.patch
+c0107655249687655846a9547ca1a5670b9207443180600e7a149c69ffb96d7226787c19b018d4033db9b284c1a5faa8d7d42188ed40c3b8bb051256febf11c5 test-s390x.patch
+b67b6e21e9d4027aef1006e6057f9ba8e65ce3895b08f7b911b1675cff9bc423f64ee2c187c584860e9e5d4635a30408a7781add9694d9bba753eac37f357406 vlc-libs.trigger"
diff --git a/user/vlc/check-headless.patch b/user/vlc/check-headless.patch
new file mode 100644
index 000000000..25016f437
--- /dev/null
+++ b/user/vlc/check-headless.patch
@@ -0,0 +1,13 @@
+diff --git a/test/run_vlc.sh b/test/run_vlc.sh
+index af35987..9a0175b 100755
+--- a/test/run_vlc.sh
++++ b/test/run_vlc.sh
+@@ -2,7 +2,7 @@
+
+ set -e
+
+-VLC="./vlc --ignore-config --rc-fake-tty"
++VLC="./vlc -I dummy --ignore-config --rc-fake-tty"
+
+ $VLC -H
+ $VLC -vv vlc://quit
diff --git a/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch b/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch
new file mode 100644
index 000000000..b3dd8a1b7
--- /dev/null
+++ b/user/vlc/disable-sub-autodetect-fuzzy-1-test.patch
@@ -0,0 +1,20 @@
+This test fails on x86 and s390x so disable it for now
+reported upstream: https://trac.videolan.org/vlc/ticket/19321
+
+diff --git a/test/libvlc/slaves.c b/test/libvlc/slaves.c
+index 7b2c24fa43..7c47b3147b 100644
+--- a/test/libvlc/slaves.c
++++ b/test/libvlc/slaves.c
+@@ -194,10 +194,12 @@ main (void)
+ assert(p_expected_slaves[i].psz_uri != NULL);
+ }
+
++#if 0
+ printf("== Testing --sub-autodetect-fuzzy 1 (everything) ==\n");
+ test_media_has_slaves_from_parent(p_vlc, SLAVES_DIR "/test.mp4",
+ p_expected_slaves,
+ EXPECTED_SLAVES_COUNT);
++#endif
+ libvlc_release(p_vlc);
+
+ printf("== Testing --sub-autodetect-fuzzy 2 (full, left, and right match) ==\n");
diff --git a/user/vlc/fribidi-update.patch b/user/vlc/fribidi-update.patch
new file mode 100644
index 000000000..fd293eea4
--- /dev/null
+++ b/user/vlc/fribidi-update.patch
@@ -0,0 +1,83 @@
+From 26e2d3906658c30f2f88f4b1bc9630ec43bf5525 Mon Sep 17 00:00:00 2001
+From: Shaleen Jain <shaleen@jain.sh>
+Date: Sun, 25 Feb 2018 18:42:27 +0530
+Subject: [PATCH 1/1] fribidi: update for version 1.0
+
+Update functions deprecated in version 1.0 when building with release 1.0 and
+above.
+
+Signed-off-by: Thomas Guillem <thomas@gllm.fr>
+---
+ modules/text_renderer/freetype/text_layout.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/modules/text_renderer/freetype/text_layout.c b/modules/text_renderer/freetype/text_layout.c
+index 13efd567b4..1a28786d09 100644
+--- a/modules/text_renderer/freetype/text_layout.c
++++ b/modules/text_renderer/freetype/text_layout.c
+@@ -153,6 +153,9 @@ typedef struct paragraph_t
+
+ #ifdef HAVE_FRIBIDI
+ FriBidiCharType *p_types;
++#if FRIBIDI_MAJOR_VERSION >= 1
++ FriBidiBracketType *p_btypes;
++#endif
+ FriBidiLevel *p_levels;
+ FriBidiStrIndex *pi_reordered_indices;
+ FriBidiParType paragraph_type;
+@@ -361,6 +364,9 @@ static paragraph_t *NewParagraph( filter_t *p_filter,
+ #ifdef HAVE_FRIBIDI
+ p_paragraph->p_levels = vlc_alloc( i_size, sizeof( *p_paragraph->p_levels ) );
+ p_paragraph->p_types = vlc_alloc( i_size, sizeof( *p_paragraph->p_types ) );
++#if FRIBIDI_MAJOR_VERSION >= 1
++ p_paragraph->p_btypes = vlc_alloc( i_size, sizeof( *p_paragraph->p_btypes ) );
++#endif
+ p_paragraph->pi_reordered_indices =
+ vlc_alloc( i_size, sizeof( *p_paragraph->pi_reordered_indices ) );
+
+@@ -398,6 +404,9 @@ error:
+ #ifdef HAVE_FRIBIDI
+ if( p_paragraph->p_levels ) free( p_paragraph->p_levels );
+ if( p_paragraph->p_types ) free( p_paragraph->p_types );
++#if FRIBIDI_MAJOR_VERSION >= 1
++ if( p_paragraph->p_btypes ) free( p_paragraph->p_btypes );
++#endif
+ if( p_paragraph->pi_reordered_indices )
+ free( p_paragraph->pi_reordered_indices );
+ #endif
+@@ -424,6 +433,9 @@ static void FreeParagraph( paragraph_t *p_paragraph )
+ #ifdef HAVE_FRIBIDI
+ free( p_paragraph->pi_reordered_indices );
+ free( p_paragraph->p_types );
++#if FRIBIDI_MAJOR_VERSION >= 1
++ free( p_paragraph->p_btypes );
++#endif
+ free( p_paragraph->p_levels );
+ #endif
+
+@@ -436,10 +448,22 @@ static int AnalyzeParagraph( paragraph_t *p_paragraph )
+ fribidi_get_bidi_types( p_paragraph->p_code_points,
+ p_paragraph->i_size,
+ p_paragraph->p_types );
++#if FRIBIDI_MAJOR_VERSION >= 1
++ fribidi_get_bracket_types( p_paragraph->p_code_points,
++ p_paragraph->i_size,
++ p_paragraph->p_types,
++ p_paragraph->p_btypes );
++ fribidi_get_par_embedding_levels_ex( p_paragraph->p_types,
++ p_paragraph->p_btypes,
++ p_paragraph->i_size,
++ &p_paragraph->paragraph_type,
++ p_paragraph->p_levels );
++#else
+ fribidi_get_par_embedding_levels( p_paragraph->p_types,
+ p_paragraph->i_size,
+ &p_paragraph->paragraph_type,
+ p_paragraph->p_levels );
++#endif
+
+ #ifdef HAVE_HARFBUZZ
+ hb_unicode_funcs_t *p_funcs = hb_unicode_funcs_get_default();
+--
+2.11.0
+
diff --git a/user/vlc/omxil-rpi-codecs.patch b/user/vlc/omxil-rpi-codecs.patch
new file mode 100644
index 000000000..9b7accfe7
--- /dev/null
+++ b/user/vlc/omxil-rpi-codecs.patch
@@ -0,0 +1,15 @@
+--- vlc-2.2.0/modules/codec/omxil/omxil_core.c.orig 2015-02-28 08:37:54.044936036 -0200
++++ vlc-2.2.0/modules/codec/omxil/omxil_core.c 2015-02-28 08:38:38.738271654 -0200
+@@ -204,6 +204,12 @@
+ #ifdef RPI_OMX
+ { "video_decoder.avc", "OMX.broadcom.video_decode" },
+ { "video_decoder.mpeg2", "OMX.broadcom.video_decode" },
++ { "video_decoder.mpeg4", "OMX.broadcom.video_decode" },
++ { "video_decoder.vp6", "OMX.broadcom.video_decode" },
++ { "video_decoder.vp8", "OMX.broadcom.video_decode" },
++ { "video_decoder.theora", "OMX.broadcom.video_decode" },
++ { "video_decoder.mjpg", "OMX.broadcom.video_decode" },
++ { "video_decoder.vc1", "OMX.broadcom.video_decode" },
+ { "iv_renderer", "OMX.broadcom.video_render" },
+ #endif
+ { 0, 0 }
diff --git a/user/vlc/tar-compat.patch b/user/vlc/tar-compat.patch
new file mode 100644
index 000000000..34169ef56
--- /dev/null
+++ b/user/vlc/tar-compat.patch
@@ -0,0 +1,11 @@
+--- vlc-3.0.1/share/Makefile.am.old 2018-02-06 18:41:06.000000000 +0000
++++ vlc-3.0.1/share/Makefile.am 2018-04-05 23:19:37.081889895 +0000
+@@ -94,7 +94,7 @@
+ $(AM_V_at)rm -f -- skins2/default.vlt.tmp
+ $(AM_V_GEN)GZIP=--no-name \
+ tar cvvzf skins2/default.vlt.tmp \
+- --owner=root --group=root --directory="$(srcdir)/skins2" \
++ --uid=0 --gid=0 --directory="$(srcdir)/skins2" \
+ default/
+ $(AM_V_at)mv -f -- skins2/default.vlt.tmp skins2/default.vlt
+
diff --git a/user/vlc/test-s390x.patch b/user/vlc/test-s390x.patch
new file mode 100644
index 000000000..8f221ee06
--- /dev/null
+++ b/user/vlc/test-s390x.patch
@@ -0,0 +1,13 @@
+diff --git a/test/modules/packetizer/hxxx.c b/test/modules/packetizer/hxxx.c
+index 93362a1..e1b7604 100644
+--- a/test/modules/packetizer/hxxx.c
++++ b/test/modules/packetizer/hxxx.c
+@@ -210,7 +210,7 @@ static void test_annexb()
+
+ int main( void )
+ {
+- test_annexb();
++ //test_annexb();
+
+ return 0;
+ }
diff --git a/user/vlc/vlc-daemon.pre-install b/user/vlc/vlc-daemon.pre-install
new file mode 100644
index 000000000..aed6c1893
--- /dev/null
+++ b/user/vlc/vlc-daemon.pre-install
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+groups="vlc audio video"
+
+for group in $groups; do
+ addgroup -S $group 2>/dev/null
+done
+adduser -S -D -h /home/vlc -s /bin/sh -G vlc -g vlc vlc 2>/dev/null
+
+# make sure vlc are in all groups
+for group in $groups; do
+ addgroup vlc $group 2>/dev/null
+done
+
+exit 0
diff --git a/user/vlc/vlc-libs.trigger b/user/vlc/vlc-libs.trigger
new file mode 100644
index 000000000..c13bace99
--- /dev/null
+++ b/user/vlc/vlc-libs.trigger
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+exec /usr/lib/vlc/vlc-cache-gen "$@" >&/dev/null
+exit 0
+
diff --git a/user/vlc/vlc.confd b/user/vlc/vlc.confd
new file mode 100644
index 000000000..9a58842bd
--- /dev/null
+++ b/user/vlc/vlc.confd
@@ -0,0 +1,15 @@
+# Sample vlc params suitable for running as a daemon
+
+## --file-logging enable file logging
+## --logfile logfile name/path
+## -vvv verbose logging
+## -I dummy disable X11 interface
+## --sout PARAMS encoding parameters
+
+
+## Do NOT quote 'PARAMS' otherwise shell expansions will broke vlc
+##
+## The --daemon option will automatically be added so no need to add it
+## here.
+
+VLC_OPTS="--quiet -I dummy alsa://hw:0,0 --file-logging --logfile /var/log/vlc/vlc.log --sout #transcode{acodec=mp3,ab=48,channels=1,samplerate=22050}:std{access=http,mux=ogg,dst=:8080}"
diff --git a/user/vlc/vlc.initd b/user/vlc/vlc.initd
new file mode 100755
index 000000000..541a07180
--- /dev/null
+++ b/user/vlc/vlc.initd
@@ -0,0 +1,32 @@
+#!/sbin/openrc-run
+
+description="VideoLAN daemon"
+pidfile="/var/run/vlc/${RC_SVCNAME}.pid"
+command="/usr/bin/vlc"
+
+depend() {
+ need net
+ after firewall
+}
+
+start_pre() {
+ checkpath --directory --owner vlc:vlc --mode 775 ${pidfile%/*}
+}
+
+start() {
+ ebegin "Starting ${RC_SVCNAME}"
+ start-stop-daemon --start \
+ --user vlc \
+ --pidfile ${pidfile} \
+ --exec ${command} \
+ -- \
+ --daemon --pidfile ${pidfile} ${VLC_OPTS}
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping ${RC_SVCNAME}"
+ start-stop-daemon --stop \
+ --pidfile ${pidfile}
+ eend $?
+}
diff --git a/user/wayland/APKBUILD b/user/wayland/APKBUILD
new file mode 100644
index 000000000..a25cc87a1
--- /dev/null
+++ b/user/wayland/APKBUILD
@@ -0,0 +1,59 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Contributor: Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org>
+# Maintainer: Valery Kartel <valery.kartel@gmail.com>
+pkgname=wayland
+pkgver=1.14.0
+pkgrel=2
+pkgdesc="A computer display server protocol"
+url="http://wayland.freedesktop.org"
+arch=all
+license="MIT"
+depends="$pkgname-libs-client $pkgname-libs-cursor $pkgname-libs-server"
+depends_dev="libffi-dev expat-dev"
+makedepends="$depends_dev doxygen xmlto graphviz grep libxml2-dev bash"
+subpackages="$pkgname-dev $pkgname-libs-client:_libs
+ $pkgname-libs-cursor:_libs $pkgname-libs-server:_libs"
+source="http://wayland.freedesktop.org/releases/$pkgname-$pkgver.tar.xz"
+
+builddir="$srcdir/$pkgname-$pkgver"
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --localstatedir=/var \
+ --disable-documentation \
+ --disable-static
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+dev() {
+ mkdir -p "$subpkgdir"/usr
+ mv "$pkgdir"/usr/bin "$pkgdir"/usr/share \
+ "$subpkgdir"/usr
+ default_dev
+}
+
+_libs() {
+ local name=${subpkgname#$pkgname-libs-}
+ pkgdesc="$pkgdesc ($name library)"
+ mkdir -p "$subpkgdir"/usr/lib
+ mv "$pkgdir"/usr/lib/*-$name.so.* "$subpkgdir"/usr/lib
+}
+
+sha512sums="bd38b2b8963d4d98d42c270e5d7dbff6323789a173b19b67a18258424fd8adee5021b282c9d7f6dad0bd25aa0160e76aecd8ed803d4eb25d911ef0a81cd713a5 wayland-1.14.0.tar.xz"
diff --git a/user/weechat/APKBUILD b/user/weechat/APKBUILD
new file mode 100644
index 000000000..2fe4eb629
--- /dev/null
+++ b/user/weechat/APKBUILD
@@ -0,0 +1,66 @@
+# Maintainer: Leonardo Arena <rnalrd@alpinelinux.org>
+pkgname=weechat
+pkgver=1.9.1
+pkgrel=1
+pkgdesc="A fast, light, extensible ncurses-based chat client"
+url="http://www.weechat.org"
+arch="all"
+license="GPL-3.0+"
+options="!check" # Requires itself until 2.0.
+depends_dev="cmake gettext-dev ncurses-dev gnutls-dev libgcrypt-dev curl-dev
+ aspell-dev guile-dev lua5.3-dev perl-dev python3-dev zlib-dev"
+makedepends="$depends_dev"
+checkdepends="cpputest"
+subpackages="$pkgname-dev $pkgname-aspell:_plugin $pkgname-lua:_plugin
+ $pkgname-perl:_plugin $pkgname-python:_plugin
+ $pkgname-guile:_plugin $pkgname-lang"
+source="http://www.weechat.org/files/src/$pkgname-$pkgver.tar.gz
+ fix-python-linking.patch
+ libintl-fix.patch"
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 1.7.1-r0:
+# - CVE-2017-8073
+# 1.9.1-r0:
+# - CVE-2017-14727
+
+prepare() {
+ cd "$builddir"
+ default_prepare
+}
+
+build() {
+ cd "$builddir"
+ mkdir -p build
+ cd build
+ cmake .. -DCMAKE_INSTALL_PREFIX=/usr -DENABLE_MAN=ON -DENABLE_TESTS=ON -DENABLE_PYTHON3=ON
+ make
+}
+
+package() {
+ cd "$builddir"/build
+ make DESTDIR="$pkgdir/" install
+}
+
+_plugin() {
+ local _name=${subpkgname#*-}
+ local _dir=usr/lib/weechat/plugins
+ pkgdesc="WeeChat $_name plugin"
+ depends="weechat"
+ if [ "$_name" = python ]; then
+ depends="$depends python3"
+ fi
+
+ mkdir -p "$subpkgdir"/$_dir
+ mv "$pkgdir"/$_dir/${_name}.so "$subpkgdir"/$_dir
+}
+
+check() {
+ cd "$builddir"/build
+ ctest -V
+}
+
+sha512sums="e52bb5239e24477ec38f2ad71cb2274e0ffc4226fc36ec00beeb7cf7e754a8c58d9bbc424cb0900e7c803ed47b0956e8f420eaa4cc9cf407ab6dd4769ec94326 weechat-1.9.1.tar.gz
+23b1e3fa9fcade74738d9013b533a0be01dbadabe8a7d82c97d338cdf3e4efe0943b9671f6ec47ac4838d3ad29ab4fd2ce0e6b3c74b4c7280abfd7b040407678 fix-python-linking.patch
+59841bc343b1d10a542631eb01380789f96cac896380dbb3b159444c4806bd6367952e457b9ffd42fb87c1e19fc77eba78c38fd2178ef202ab9f7f1a543417ca libintl-fix.patch"
diff --git a/user/weechat/fix-python-linking.patch b/user/weechat/fix-python-linking.patch
new file mode 100644
index 000000000..c94be8026
--- /dev/null
+++ b/user/weechat/fix-python-linking.patch
@@ -0,0 +1,11 @@
+--- weechat-1.9/cmake/FindPython.cmake.old 2017-06-25 03:20:52.000000000 -0500
++++ weechat-1.9/cmake/FindPython.cmake 2017-09-24 18:04:48.181662013 -0500
+@@ -67,7 +67,7 @@
+ )
+ if(ENABLE_PYTHON3)
+ find_library(PYTHON_LIBRARY
+- NAMES python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python3 python2.7 python2.6 python2.5 python
++ NAMES python3.6m python3.6 python3.5m python3.5 python3.4m python3.4 python3.3 python3.2 python3.1 python3.0 python3 python2.7 python2.6 python2.5 python
+ HINTS ${PYTHON_POSSIBLE_LIB_PATH}
+ )
+ else()
diff --git a/user/weechat/libintl-fix.patch b/user/weechat/libintl-fix.patch
new file mode 100644
index 000000000..a67cb37b6
--- /dev/null
+++ b/user/weechat/libintl-fix.patch
@@ -0,0 +1,12 @@
+libc gettext is never sufficient on musl
+
+--- weechat-1.9/CMakeLists.txt.old 2017-06-25 03:20:52.000000000 -0500
++++ weechat-1.9/CMakeLists.txt 2017-09-13 02:30:43.577284569 -0500
+@@ -162,6 +162,7 @@
+ find_package(Gettext)
+ if(GETTEXT_FOUND)
+ add_definitions(-DENABLE_NLS)
++ list(APPEND EXTRA_LIBS intl)
+ endif()
+ endif()
+
diff --git a/user/wget/APKBUILD b/user/wget/APKBUILD
new file mode 100644
index 000000000..5f7093ea5
--- /dev/null
+++ b/user/wget/APKBUILD
@@ -0,0 +1,50 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=wget
+pkgver=1.19.2
+pkgrel=1
+pkgdesc="A network utility to retrieve files from the Web"
+url="http://www.gnu.org/software/wget/wget.html"
+arch="all"
+license="GPL-3.0+"
+depends=""
+makedepends="openssl-dev perl gettext-dev"
+checkdepends="perl-http-daemon"
+subpackages="$pkgname-doc $pkgname-lang"
+install=""
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz "
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 1.19.1-r1:
+# - CVE-2017-6508
+# 1.19.2-r0:
+# - CVE-2017-13090
+
+build() {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --sysconfdir=/etc \
+ --mandir=/usr/share/man \
+ --infodir=/usr/share/info \
+ --with-ssl=openssl
+ make
+}
+
+check() {
+ cd "$builddir"
+ make check
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+
+ rm -rf "$pkgdir"/usr/lib
+}
+
+sha512sums="a0f8afcc0767a8fd1acd64b1b1b27d177bc938e70cc3709c1b3faa6c1426ec926642cd8e49d292cec0268ee507683539b5152072110106de5a728a03efd8cedd wget-1.19.2.tar.gz"
diff --git a/user/wpa_supplicant/APKBUILD b/user/wpa_supplicant/APKBUILD
new file mode 100644
index 000000000..7aebbef1f
--- /dev/null
+++ b/user/wpa_supplicant/APKBUILD
@@ -0,0 +1,104 @@
+# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=wpa_supplicant
+pkgver=2.6
+pkgrel=7
+pkgdesc="A utility providing key negotiation for WPA wireless networks"
+url="https://w1.fi/wpa_supplicant/"
+arch="all"
+license="BSD"
+subpackages="$pkgname-doc $pkgname-openrc"
+depends="dbus"
+makedepends="linux-headers openssl-dev dbus-dev libnl3-dev pcsc-lite-dev"
+source="http://w1.fi/releases/$pkgname-$pkgver.tar.gz
+ rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+ rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+ rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+ rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+ rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+ rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+ rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+ rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+
+ wpa_supplicant.initd
+ wpa_supplicant.confd
+ eloop.patch
+
+ config
+ wpa_cli.sh"
+
+# secfixes:
+# 2.6-r7:
+# - CVE-2017-13077
+# - CVE-2017-13078
+# - CVE-2017-13079
+# - CVE-2017-13080
+# - CVE-2017-13081
+# - CVE-2017-13082
+# - CVE-2017-13086
+# - CVE-2017-13087
+# - CVE-2017-13088
+
+builddir="$srcdir"/$pkgname-$pkgver
+prepare() {
+ cd "$builddir"
+ default_prepare
+
+ # Copy our configuration file to the build directory
+ cp "$srcdir"/config "$builddir"/wpa_supplicant/.config
+}
+
+build() {
+ cd "$builddir"/wpa_supplicant
+ make LIBDIR=/lib BINDIR=/sbin
+}
+
+check() {
+ cd "$builddir"/wpa_supplicant
+ make eapol_test
+}
+
+package() {
+ cd "$builddir"/wpa_supplicant
+ make DESTDIR="$pkgdir" LIBDIR=/lib BINDIR=/sbin install
+ install -Dm644 wpa_supplicant.conf \
+ "$pkgdir"/usr/share/doc/wpa_supplicant/examples/wpa_supplicant.conf
+ install -Dm755 "$srcdir"/wpa_cli.sh \
+ "$pkgdir"/etc/wpa_supplicant/wpa_cli.sh
+
+ local man=
+ for man in doc/docbook/*.?; do
+ install -Dm644 "$man" \
+ "$pkgdir"/usr/share/man/man${man##*.}/${man##*/}
+ done
+ install -Dm755 eapol_test "$pkgdir"/sbin/eapol_test
+
+ # dbus
+ cd dbus
+ install -d "$pkgdir"/etc/dbus-1/system.d
+ install -m644 dbus-wpa_supplicant.conf \
+ "$pkgdir"/etc/dbus-1/system.d/wpa_supplicant.conf
+ install -d "$pkgdir"/usr/share/dbus-1/system-services
+ install fi.epitest.hostap.WPASupplicant.service \
+ "$pkgdir"/usr/share/dbus-1/system-services
+ install -d "$pkgdir"/var/run/wpa_supplicant
+ install -Dm755 "$srcdir"/wpa_supplicant.initd \
+ "$pkgdir"/etc/init.d/wpa_supplicant
+ install -Dm644 "$srcdir"/wpa_supplicant.confd \
+ "$pkgdir"/etc/conf.d/wpa_supplicant
+}
+
+sha512sums="46442cddb6ca043b8b08d143908f149954c238e0f3a57a0df73ca4fab9c1acd91b078f3f26375a1d99cd1d65625986328018c735d8705882c8f91e389cad28a6 wpa_supplicant-2.6.tar.gz
+f855fa792425f175ccc800eb49df42067b1c1f4b52ba2d24160af4dfbb74dcf8e81661b7e6c8d92fa408938b8a559fc74557d1677913e4a751bfd43706c14bb6 rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
+b4e413aa815572ea0002d33d24b69cd499aebb5efebed8fcaade8b29324bb5853a5db64e8b1dfdf24478e02c66196238b81a6ec777a7a28610435dce4d2c344e rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
+a6382d8e84b4829be33c46bf2f4c6f3232c9d924a4547a21dfe023bf5be8ee1c635920295f52be285359efaae95bcc1f12b512659cfd1653b871dd0bea7e5ace rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
+51ed806f0d5b3f588e26d4db4dcfc6be2cfb12002e26893a6cedd62c7cad0d0de75aed4a666223c4877fc1854b08dce6ddf6f6c4cfd752a5d8d58ad4a968b553 rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
+8707a123cd78149dfee9f5bd791761ee1eca605ef96580167044c2339c896920cf0e030b184a5afa9e310f5755afb30bef8ebd4522fc52753f3fbd6acead2cdf rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
+37d050b2e4a3598484912667d8b2705fbe84c5c562267f900d42b0c7b606fb1fed09ddca8b80e2131768baa8f3690aab6ba7a232dee6ff1e66150fdb8816c927 rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
+111e655cfbb3a86e3792040e0ea375490d31c42c9d43cbe911290d54df5f4db437e4c8ad0e937c51729dcefeb0db0989b8ab55b9523398683abd08ebfec18076 rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
+fc84edd8b30305cc42053c872554098f3f077292ec980ed6a442f37884087ff2f055738fd55977ed792bef1887dcc8c4626586465d78dd0258edb83dcd50a65a rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
+11eed22f6e793f40c788d586c715deecae03c421d11761b7b4a376660bce812c54cc6f353c7d4d5da9c455aeffd778baefb9e76d380027a729574a756e54ddcc wpa_supplicant.initd
+29103161ec2b9631fca9e8d9a97fafd60ffac3fe78cf613b834395ddcaf8be1e253c22e060d7d9f9b974b2d7ce794caa932a2125e29f6494b75bce475f7b30e1 wpa_supplicant.confd
+2be055dd1f7da5a3d8e79c2f2c0220ddd31df309452da18f290144d2112d6dbde0fc633bb2ad02c386a39d7785323acaf5f70e5969995a1e8303a094eb5fe232 eloop.patch
+6707991f9a071f2fcb09d164d31d12b1f52b91fbb5574b70b8d6f9727f72bbe42b03dd66d10fcc2126f5b7e49ac785657dec90e88b4bf54a9aa5638582f6e505 config
+44d33cfe419cdb65cc14f2ac05aa9f8a1b9f2f432181e498071e41ef835662db1e4c5142adf4cfab2475e7b606696169936bd159d1d711f803322db93f242361 wpa_cli.sh"
diff --git a/user/wpa_supplicant/config b/user/wpa_supplicant/config
new file mode 100644
index 000000000..f35daa0d1
--- /dev/null
+++ b/user/wpa_supplicant/config
@@ -0,0 +1,550 @@
+# Example wpa_supplicant build time configuration
+#
+# This file lists the configuration options that are used when building the
+# hostapd binary. All lines starting with # are ignored. Configuration option
+# lines must be commented out complete, if they are not to be included, i.e.,
+# just setting VARIABLE=n is not disabling that variable.
+#
+# This file is included in Makefile, so variables like CFLAGS and LIBS can also
+# be modified from here. In most cases, these lines should use += in order not
+# to override previous values of the variables.
+
+
+# Uncomment following two lines and fix the paths if you have installed OpenSSL
+# or GnuTLS in non-default location
+#CFLAGS += -I/usr/local/openssl/include
+#LIBS += -L/usr/local/openssl/lib
+
+# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
+# the kerberos files are not in the default include path. Following line can be
+# used to fix build issues on such systems (krb5.h not found).
+#CFLAGS += -I/usr/include/kerberos
+
+# Driver interface for generic Linux wireless extensions
+# Note: WEXT is deprecated in the current Linux kernel version and no new
+# functionality is added to it. nl80211-based interface is the new
+# replacement for WEXT and its use allows wpa_supplicant to properly control
+# the driver to improve existing functionality like roaming and to support new
+# functionality.
+CONFIG_DRIVER_WEXT=y
+
+# Driver interface for Linux drivers using the nl80211 kernel interface
+CONFIG_DRIVER_NL80211=y
+
+# QCA vendor extensions to nl80211
+#CONFIG_DRIVER_NL80211_QCA=y
+
+# driver_nl80211.c requires libnl. If you are compiling it yourself
+# you may need to point hostapd to your version of libnl.
+#
+#CFLAGS += -I$<path to libnl include files>
+#LIBS += -L$<path to libnl library files>
+
+# Use libnl v2.0 (or 3.0) libraries.
+#CONFIG_LIBNL20=y
+
+# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
+CONFIG_LIBNL32=y
+
+
+# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
+#CONFIG_DRIVER_BSD=y
+#CFLAGS += -I/usr/local/include
+#LIBS += -L/usr/local/lib
+#LIBS_p += -L/usr/local/lib
+#LIBS_c += -L/usr/local/lib
+
+# Driver interface for Windows NDIS
+#CONFIG_DRIVER_NDIS=y
+#CFLAGS += -I/usr/include/w32api/ddk
+#LIBS += -L/usr/local/lib
+# For native build using mingw
+#CONFIG_NATIVE_WINDOWS=y
+# Additional directories for cross-compilation on Linux host for mingw target
+#CFLAGS += -I/opt/mingw/mingw32/include/ddk
+#LIBS += -L/opt/mingw/mingw32/lib
+#CC=mingw32-gcc
+# By default, driver_ndis uses WinPcap for low-level operations. This can be
+# replaced with the following option which replaces WinPcap calls with NDISUIO.
+# However, this requires that WZC is disabled (net stop wzcsvc) before starting
+# wpa_supplicant.
+# CONFIG_USE_NDISUIO=y
+
+# Driver interface for wired Ethernet drivers
+CONFIG_DRIVER_WIRED=y
+
+# Driver interface for the Broadcom RoboSwitch family
+#CONFIG_DRIVER_ROBOSWITCH=y
+
+# Driver interface for no driver (e.g., WPS ER only)
+#CONFIG_DRIVER_NONE=y
+
+# Solaris libraries
+#LIBS += -lsocket -ldlpi -lnsl
+#LIBS_c += -lsocket
+
+# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
+# included)
+CONFIG_IEEE8021X_EAPOL=y
+
+# EAP-MD5
+CONFIG_EAP_MD5=y
+
+# EAP-MSCHAPv2
+CONFIG_EAP_MSCHAPV2=y
+
+# EAP-TLS
+CONFIG_EAP_TLS=y
+
+# EAL-PEAP
+CONFIG_EAP_PEAP=y
+
+# EAP-TTLS
+CONFIG_EAP_TTLS=y
+
+# EAP-FAST
+# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
+# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
+# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
+CONFIG_EAP_FAST=y
+
+# EAP-GTC
+CONFIG_EAP_GTC=y
+
+# EAP-OTP
+CONFIG_EAP_OTP=y
+
+# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
+CONFIG_EAP_SIM=y
+
+# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
+CONFIG_EAP_PSK=y
+
+# EAP-pwd (secure authentication using only a password)
+#CONFIG_EAP_PWD=y
+
+# EAP-PAX
+CONFIG_EAP_PAX=y
+
+# LEAP
+CONFIG_EAP_LEAP=y
+
+# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
+CONFIG_EAP_AKA=y
+
+# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
+# This requires CONFIG_EAP_AKA to be enabled, too.
+CONFIG_EAP_AKA_PRIME=y
+
+# Enable USIM simulator (Milenage) for EAP-AKA
+#CONFIG_USIM_SIMULATOR=y
+
+# EAP-SAKE
+#CONFIG_EAP_SAKE=y
+
+# EAP-GPSK
+#CONFIG_EAP_GPSK=y
+# Include support for optional SHA256 cipher suite in EAP-GPSK
+#CONFIG_EAP_GPSK_SHA256=y
+
+# EAP-TNC and related Trusted Network Connect support (experimental)
+#CONFIG_EAP_TNC=y
+
+# Wi-Fi Protected Setup (WPS)
+CONFIG_WPS=y
+# Enable WPS external registrar functionality
+#CONFIG_WPS_ER=y
+# Disable credentials for an open network by default when acting as a WPS
+# registrar.
+#CONFIG_WPS_REG_DISABLE_OPEN=y
+# Enable WPS support with NFC config method
+#CONFIG_WPS_NFC=y
+
+# EAP-IKEv2
+#CONFIG_EAP_IKEV2=y
+
+# EAP-EKE
+#CONFIG_EAP_EKE=y
+
+# PKCS#12 (PFX) support (used to read private key and certificate file from
+# a file that usually has extension .p12 or .pfx)
+CONFIG_PKCS12=y
+
+# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
+# engine.
+CONFIG_SMARTCARD=y
+
+# PC/SC interface for smartcards (USIM, GSM SIM)
+# Enable this if EAP-SIM or EAP-AKA is included
+CONFIG_PCSC=y
+
+# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
+#CONFIG_HT_OVERRIDES=y
+
+# Support VHT overrides (disable VHT, mask MCS rates, etc.)
+#CONFIG_VHT_OVERRIDES=y
+
+# Development testing
+#CONFIG_EAPOL_TEST=y
+
+# Select control interface backend for external programs, e.g, wpa_cli:
+# unix = UNIX domain sockets (default for Linux/*BSD)
+# udp = UDP sockets using localhost (127.0.0.1)
+# udp6 = UDP IPv6 sockets using localhost (::1)
+# named_pipe = Windows Named Pipe (default for Windows)
+# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
+# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
+# y = use default (backwards compatibility)
+# If this option is commented out, control interface is not included in the
+# build.
+CONFIG_CTRL_IFACE=y
+
+# Include support for GNU Readline and History Libraries in wpa_cli.
+# When building a wpa_cli binary for distribution, please note that these
+# libraries are licensed under GPL and as such, BSD license may not apply for
+# the resulting binary.
+#CONFIG_READLINE=y
+
+# Include internal line edit mode in wpa_cli. This can be used as a replacement
+# for GNU Readline to provide limited command line editing and history support.
+CONFIG_WPA_CLI_EDIT=y
+
+# Remove debugging code that is printing out debug message to stdout.
+# This can be used to reduce the size of the wpa_supplicant considerably
+# if debugging code is not needed. The size reduction can be around 35%
+# (e.g., 90 kB).
+#CONFIG_NO_STDOUT_DEBUG=y
+
+# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
+# 35-50 kB in code size.
+#CONFIG_NO_WPA=y
+
+# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
+# This option can be used to reduce code size by removing support for
+# converting ASCII passphrases into PSK. If this functionality is removed, the
+# PSK can only be configured as the 64-octet hexstring (e.g., from
+# wpa_passphrase). This saves about 0.5 kB in code size.
+#CONFIG_NO_WPA_PASSPHRASE=y
+
+# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
+# This can be used if ap_scan=1 mode is never enabled.
+#CONFIG_NO_SCAN_PROCESSING=y
+
+# Select configuration backend:
+# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
+# path is given on command line, not here; this option is just used to
+# select the backend that allows configuration files to be used)
+# winreg = Windows registry (see win_example.reg for an example)
+CONFIG_BACKEND=file
+
+# Remove configuration write functionality (i.e., to allow the configuration
+# file to be updated based on runtime configuration changes). The runtime
+# configuration can still be changed, the changes are just not going to be
+# persistent over restarts. This option can be used to reduce code size by
+# about 3.5 kB.
+#CONFIG_NO_CONFIG_WRITE=y
+
+# Remove support for configuration blobs to reduce code size by about 1.5 kB.
+#CONFIG_NO_CONFIG_BLOBS=y
+
+# Select program entry point implementation:
+# main = UNIX/POSIX like main() function (default)
+# main_winsvc = Windows service (read parameters from registry)
+# main_none = Very basic example (development use only)
+#CONFIG_MAIN=main
+
+# Select wrapper for operating system and C library specific functions
+# unix = UNIX/POSIX like systems (default)
+# win32 = Windows systems
+# none = Empty template
+#CONFIG_OS=unix
+
+# Select event loop implementation
+# eloop = select() loop (default)
+# eloop_win = Windows events and WaitForMultipleObject() loop
+#CONFIG_ELOOP=eloop
+
+# Should we use poll instead of select? Select is used by default.
+#CONFIG_ELOOP_POLL=y
+
+# Should we use epoll instead of select? Select is used by default.
+#CONFIG_ELOOP_EPOLL=y
+
+# Should we use kqueue instead of select? Select is used by default.
+#CONFIG_ELOOP_KQUEUE=y
+
+# Select layer 2 packet implementation
+# linux = Linux packet socket (default)
+# pcap = libpcap/libdnet/WinPcap
+# freebsd = FreeBSD libpcap
+# winpcap = WinPcap with receive thread
+# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
+# none = Empty template
+#CONFIG_L2_PACKET=linux
+
+# Disable Linux packet socket workaround applicable for station interface
+# in a bridge for EAPOL frames. This should be uncommented only if the kernel
+# is known to not have the regression issue in packet socket behavior with
+# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
+#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
+
+# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
+CONFIG_PEERKEY=y
+
+# IEEE 802.11w (management frame protection), also known as PMF
+# Driver support is also needed for IEEE 802.11w.
+#CONFIG_IEEE80211W=y
+
+# Select TLS implementation
+# openssl = OpenSSL (default)
+# gnutls = GnuTLS
+# internal = Internal TLSv1 implementation (experimental)
+# none = Empty template
+CONFIG_TLS=openssl
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
+# can be enabled to get a stronger construction of messages when block ciphers
+# are used. It should be noted that some existing TLS v1.0 -based
+# implementation may not be compatible with TLS v1.1 message (ClientHello is
+# sent prior to negotiating which version will be used)
+#CONFIG_TLSV11=y
+
+# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
+# can be enabled to enable use of stronger crypto algorithms. It should be
+# noted that some existing TLS v1.0 -based implementation may not be compatible
+# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
+# will be used)
+#CONFIG_TLSV12=y
+
+# If CONFIG_TLS=internal is used, additional library and include paths are
+# needed for LibTomMath. Alternatively, an integrated, minimal version of
+# LibTomMath can be used. See beginning of libtommath.c for details on benefits
+# and drawbacks of this option.
+#CONFIG_INTERNAL_LIBTOMMATH=y
+#ifndef CONFIG_INTERNAL_LIBTOMMATH
+#LTM_PATH=/usr/src/libtommath-0.39
+#CFLAGS += -I$(LTM_PATH)
+#LIBS += -L$(LTM_PATH)
+#LIBS_p += -L$(LTM_PATH)
+#endif
+# At the cost of about 4 kB of additional binary size, the internal LibTomMath
+# can be configured to include faster routines for exptmod, sqr, and div to
+# speed up DH and RSA calculation considerably
+#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
+
+# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
+# This is only for Windows builds and requires WMI-related header files and
+# WbemUuid.Lib from Platform SDK even when building with MinGW.
+#CONFIG_NDIS_EVENTS_INTEGRATED=y
+#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
+
+# Add support for old DBus control interface
+# (fi.epitest.hostap.WPASupplicant)
+#CONFIG_CTRL_IFACE_DBUS=y
+
+# Add support for new DBus control interface
+# (fi.w1.hostap.wpa_supplicant1)
+CONFIG_CTRL_IFACE_DBUS_NEW=y
+
+# Add introspection support for new DBus control interface
+CONFIG_CTRL_IFACE_DBUS_INTRO=y
+
+# Add support for loading EAP methods dynamically as shared libraries.
+# When this option is enabled, each EAP method can be either included
+# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
+# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
+# be loaded in the beginning of the wpa_supplicant configuration file
+# (see load_dynamic_eap parameter in the example file) before being used in
+# the network blocks.
+#
+# Note that some shared parts of EAP methods are included in the main program
+# and in order to be able to use dynamic EAP methods using these parts, the
+# main program must have been build with the EAP method enabled (=y or =dyn).
+# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
+# unless at least one of them was included in the main build to force inclusion
+# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
+# in the main build to be able to load these methods dynamically.
+#
+# Please also note that using dynamic libraries will increase the total binary
+# size. Thus, it may not be the best option for targets that have limited
+# amount of memory/flash.
+#CONFIG_DYNAMIC_EAP_METHODS=y
+
+# IEEE Std 802.11r-2008 (Fast BSS Transition)
+#CONFIG_IEEE80211R=y
+
+# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
+#CONFIG_DEBUG_FILE=y
+
+# Send debug messages to syslog instead of stdout
+#CONFIG_DEBUG_SYSLOG=y
+# Set syslog facility for debug messages
+#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
+
+# Add support for sending all debug messages (regardless of debug verbosity)
+# to the Linux kernel tracing facility. This helps debug the entire stack by
+# making it easy to record everything happening from the driver up into the
+# same file, e.g., using trace-cmd.
+#CONFIG_DEBUG_LINUX_TRACING=y
+
+# Add support for writing debug log to Android logcat instead of standard
+# output
+#CONFIG_ANDROID_LOG=y
+
+# Enable privilege separation (see README 'Privilege separation' for details)
+#CONFIG_PRIVSEP=y
+
+# Enable mitigation against certain attacks against TKIP by delaying Michael
+# MIC error reports by a random amount of time between 0 and 60 seconds
+CONFIG_DELAYED_MIC_ERROR_REPORT=y
+
+# Enable tracing code for developer debugging
+# This tracks use of memory allocations and other registrations and reports
+# incorrect use with a backtrace of call (or allocation) location.
+#CONFIG_WPA_TRACE=y
+# For BSD, uncomment these.
+#LIBS += -lexecinfo
+#LIBS_p += -lexecinfo
+#LIBS_c += -lexecinfo
+
+# Use libbfd to get more details for developer debugging
+# This enables use of libbfd to get more detailed symbols for the backtraces
+# generated by CONFIG_WPA_TRACE=y.
+#CONFIG_WPA_TRACE_BFD=y
+# For BSD, uncomment these.
+#LIBS += -lbfd -liberty -lz
+#LIBS_p += -lbfd -liberty -lz
+#LIBS_c += -lbfd -liberty -lz
+
+# wpa_supplicant depends on strong random number generation being available
+# from the operating system. os_get_random() function is used to fetch random
+# data when needed, e.g., for key generation. On Linux and BSD systems, this
+# works by reading /dev/urandom. It should be noted that the OS entropy pool
+# needs to be properly initialized before wpa_supplicant is started. This is
+# important especially on embedded devices that do not have a hardware random
+# number generator and may by default start up with minimal entropy available
+# for random number generation.
+#
+# As a safety net, wpa_supplicant is by default trying to internally collect
+# additional entropy for generating random data to mix in with the data fetched
+# from the OS. This by itself is not considered to be very strong, but it may
+# help in cases where the system pool is not initialized properly. However, it
+# is very strongly recommended that the system pool is initialized with enough
+# entropy either by using hardware assisted random number generator or by
+# storing state over device reboots.
+#
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
+# Linux/BSD, the board in question is known to have reliable source of random
+# data from /dev/urandom), the internal wpa_supplicant random pool can be
+# disabled. This will save some in binary size and CPU use. However, this
+# should only be considered for builds that are known to be used on devices
+# that meet the requirements described above.
+#CONFIG_NO_RANDOM_POOL=y
+
+# IEEE 802.11n (High Throughput) support (mainly for AP mode)
+#CONFIG_IEEE80211N=y
+
+# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
+# (depends on CONFIG_IEEE80211N)
+#CONFIG_IEEE80211AC=y
+
+# Wireless Network Management (IEEE Std 802.11v-2011)
+# Note: This is experimental and not complete implementation.
+#CONFIG_WNM=y
+
+# Interworking (IEEE 802.11u)
+# This can be used to enable functionality to improve interworking with
+# external networks (GAS/ANQP to learn more about the networks and network
+# selection based on available credentials).
+#CONFIG_INTERWORKING=y
+
+# Hotspot 2.0
+#CONFIG_HS20=y
+
+# Enable interface matching in wpa_supplicant
+#CONFIG_MATCH_IFACE=y
+
+# Disable roaming in wpa_supplicant
+#CONFIG_NO_ROAMING=y
+
+# AP mode operations with wpa_supplicant
+# This can be used for controlling AP mode operations with wpa_supplicant. It
+# should be noted that this is mainly aimed at simple cases like
+# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
+# external RADIUS server can be supported with hostapd.
+CONFIG_AP=y
+
+# P2P (Wi-Fi Direct)
+# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
+# more information on P2P operations.
+CONFIG_P2P=y
+
+# Enable TDLS support
+#CONFIG_TDLS=y
+
+# Wi-Fi Direct
+# This can be used to enable Wi-Fi Direct extensions for P2P using an external
+# program to control the additional information exchanges in the messages.
+#CONFIG_WIFI_DISPLAY=y
+
+# Autoscan
+# This can be used to enable automatic scan support in wpa_supplicant.
+# See wpa_supplicant.conf for more information on autoscan usage.
+#
+# Enabling directly a module will enable autoscan support.
+# For exponential module:
+#CONFIG_AUTOSCAN_EXPONENTIAL=y
+# For periodic module:
+#CONFIG_AUTOSCAN_PERIODIC=y
+
+# Password (and passphrase, etc.) backend for external storage
+# These optional mechanisms can be used to add support for storing passwords
+# and other secrets in external (to wpa_supplicant) location. This allows, for
+# example, operating system specific key storage to be used
+#
+# External password backend for testing purposes (developer use)
+#CONFIG_EXT_PASSWORD_TEST=y
+
+# Enable Fast Session Transfer (FST)
+#CONFIG_FST=y
+
+# Enable CLI commands for FST testing
+#CONFIG_FST_TEST=y
+
+# OS X builds. This is only for building eapol_test.
+#CONFIG_OSX=y
+
+# Automatic Channel Selection
+# This will allow wpa_supplicant to pick the channel automatically when channel
+# is set to "0".
+#
+# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
+# to "channel=0". This would enable us to eventually add other ACS algorithms in
+# similar way.
+#
+# Automatic selection is currently only done through initialization, later on
+# we hope to do background checks to keep us moving to more ideal channels as
+# time goes by. ACS is currently only supported through the nl80211 driver and
+# your driver must have survey dump capability that is filled by the driver
+# during scanning.
+#
+# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
+# a newly to create wpa_supplicant.conf variable acs_num_scans.
+#
+# Supported ACS drivers:
+# * ath9k
+# * ath5k
+# * ath10k
+#
+# For more details refer to:
+# http://wireless.kernel.org/en/users/Documentation/acs
+#CONFIG_ACS=y
+
+# Support Multi Band Operation
+#CONFIG_MBO=y
diff --git a/user/wpa_supplicant/eloop.patch b/user/wpa_supplicant/eloop.patch
new file mode 100644
index 000000000..bab2cee4e
--- /dev/null
+++ b/user/wpa_supplicant/eloop.patch
@@ -0,0 +1,16 @@
+$OpenBSD: patch-src_utils_eloop_c,v 1.5 2015/09/29 11:57:54 dcoppa Exp $
+
+don't try to access list members to free them unless already initialised
+
+--- a/src/utils/eloop.c.orig Sun Sep 27 21:02:05 2015
++++ b/src/utils/eloop.c Mon Sep 28 09:35:05 2015
+@@ -1064,6 +1064,9 @@ void eloop_destroy(void)
+ struct eloop_timeout *timeout, *prev;
+ struct os_reltime now;
+
++ if (eloop.timeout.prev == NULL)
++ return;
++
+ os_get_reltime(&now);
+ dl_list_for_each_safe(timeout, prev, &eloop.timeout,
+ struct eloop_timeout, list) {
diff --git a/user/wpa_supplicant/libressl.patch b/user/wpa_supplicant/libressl.patch
new file mode 100644
index 000000000..56146eab5
--- /dev/null
+++ b/user/wpa_supplicant/libressl.patch
@@ -0,0 +1,49 @@
+--- a/src/crypto/crypto_openssl.c.orig
++++ b/src/crypto/crypto_openssl.c
+@@ -611,7 +611,7 @@
+
+ void * dh5_init(struct wpabuf **priv, struct wpabuf **publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ DH *dh;
+ struct wpabuf *pubkey = NULL, *privkey = NULL;
+ size_t publen, privlen;
+@@ -712,7 +712,7 @@
+
+ void * dh5_init_fixed(const struct wpabuf *priv, const struct wpabuf *publ)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ DH *dh;
+
+ dh = DH_new();
+--- a/src/crypto/tls_openssl.c.orig
++++ b/src/crypto/tls_openssl.c
+@@ -919,7 +919,7 @@
+ }
+ #endif /* OPENSSL_FIPS */
+ #endif /* CONFIG_FIPS */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ SSL_load_error_strings();
+ SSL_library_init();
+ #ifndef OPENSSL_NO_SHA256
+@@ -1043,7 +1043,7 @@
+
+ tls_openssl_ref_count--;
+ if (tls_openssl_ref_count == 0) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #ifndef OPENSSL_NO_ENGINE
+ ENGINE_cleanup();
+ #endif /* OPENSSL_NO_ENGINE */
+@@ -2334,7 +2334,7 @@
+ return 0;
+
+ #ifdef PKCS12_FUNCS
+-#if OPENSSL_VERSION_NUMBER < 0x10002000L
++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
+ /*
+ * Clear previously set extra chain certificates, if any, from PKCS#12
+ * processing in tls_parse_pkcs12() to allow OpenSSL to build a new
diff --git a/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch b/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
new file mode 100644
index 000000000..727684865
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
@@ -0,0 +1,174 @@
+From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 14 Jul 2017 15:15:35 +0200
+Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
+
+Do not reinstall TK to the driver during Reassociation Response frame
+processing if the first attempt of setting the TK succeeded. This avoids
+issues related to clearing the TX/RX PN that could result in reusing
+same PN values for transmitted frames (e.g., due to CCM nonce reuse and
+also hitting replay protection on the receiver) and accepting replayed
+frames on RX side.
+
+This issue was introduced by the commit
+0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
+authenticator') which allowed wpa_ft_install_ptk() to be called multiple
+times with the same PTK. While the second configuration attempt is
+needed with some drivers, it must be done only if the first attempt
+failed.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/ap/ieee802_11.c | 16 +++++++++++++---
+ src/ap/wpa_auth.c | 11 +++++++++++
+ src/ap/wpa_auth.h | 3 ++-
+ src/ap/wpa_auth_ft.c | 10 ++++++++++
+ src/ap/wpa_auth_i.h | 1 +
+ 5 files changed, 37 insertions(+), 4 deletions(-)
+
+diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
+index 4e04169..333035f 100644
+--- a/src/ap/ieee802_11.c
++++ b/src/ap/ieee802_11.c
+@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ {
+ struct ieee80211_ht_capabilities ht_cap;
+ struct ieee80211_vht_capabilities vht_cap;
++ int set = 1;
+
+ /*
+ * Remove the STA entry to ensure the STA PS state gets cleared and
+@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ * FT-over-the-DS, where a station re-associates back to the same AP but
+ * skips the authentication flow, or if working with a driver that
+ * does not support full AP client state.
++ *
++ * Skip this if the STA has already completed FT reassociation and the
++ * TK has been configured since the TX/RX PN must not be reset to 0 for
++ * the same key.
+ */
+- if (!sta->added_unassoc)
++ if (!sta->added_unassoc &&
++ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
++ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
++ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
++ set = 0;
++ }
+
+ #ifdef CONFIG_IEEE80211N
+ if (sta->flags & WLAN_STA_HT)
+@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
+ sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
+ sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
+ sta->vht_opmode, sta->p2p_ie ? 1 : 0,
+- sta->added_unassoc)) {
++ set)) {
+ hostapd_logger(hapd, sta->addr,
+ HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
+ "Could not %s STA to kernel driver",
+- sta->added_unassoc ? "set" : "add");
++ set ? "set" : "add");
+
+ if (sta->added_unassoc) {
+ hostapd_drv_sta_remove(hapd, sta->addr);
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 3587086..707971d 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
+ #else /* CONFIG_IEEE80211R */
+ break;
+ #endif /* CONFIG_IEEE80211R */
++ case WPA_DRV_STA_REMOVED:
++ sm->tk_already_set = FALSE;
++ return 0;
+ }
+
+ #ifdef CONFIG_IEEE80211R
+@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
+ }
+
+
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
++{
++ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
++ return 0;
++ return sm->tk_already_set;
++}
++
++
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry)
+ {
+diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
+index 0de8d97..97461b0 100644
+--- a/src/ap/wpa_auth.h
++++ b/src/ap/wpa_auth.h
+@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
+ u8 *data, size_t data_len);
+ enum wpa_event {
+ WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
+- WPA_REAUTH_EAPOL, WPA_ASSOC_FT
++ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
+ };
+ void wpa_remove_ptk(struct wpa_state_machine *sm);
+ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
+@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
+ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
+ int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
+ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
++int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
+ int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
+ struct rsn_pmksa_cache_entry *entry);
+ struct rsn_pmksa_cache_entry *
+diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
+index 42242a5..e63b99a 100644
+--- a/src/ap/wpa_auth_ft.c
++++ b/src/ap/wpa_auth_ft.c
+@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+ return;
+ }
+
++ if (sm->tk_already_set) {
++ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
++ * PN in the driver */
++ wpa_printf(MSG_DEBUG,
++ "FT: Do not re-install same PTK to the driver");
++ return;
++ }
++
+ /* FIX: add STA entry to kernel/driver here? The set_key will fail
+ * most likely without this.. At the moment, STA entry is added only
+ * after association has been completed. This function will be called
+@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
+
+ /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
+ sm->pairwise_set = TRUE;
++ sm->tk_already_set = TRUE;
+ }
+
+
+@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
+
+ sm->pairwise = pairwise;
+ sm->PTK_valid = TRUE;
++ sm->tk_already_set = FALSE;
+ wpa_ft_install_ptk(sm);
+
+ buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
+index 72b7eb3..7fd8f05 100644
+--- a/src/ap/wpa_auth_i.h
++++ b/src/ap/wpa_auth_i.h
+@@ -65,6 +65,7 @@ struct wpa_state_machine {
+ struct wpa_ptk PTK;
+ Boolean PTK_valid;
+ Boolean pairwise_set;
++ Boolean tk_already_set;
+ int keycount;
+ Boolean Pair;
+ struct wpa_key_replay_counter {
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch b/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
new file mode 100644
index 000000000..1802d664a
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
@@ -0,0 +1,250 @@
+From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Wed, 12 Jul 2017 16:03:24 +0200
+Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
+
+Track the current GTK and IGTK that is in use and when receiving a
+(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
+not install the given key if it is already in use. This prevents an
+attacker from trying to trick the client into resetting or lowering the
+sequence counter associated to the group key.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 11 +++++
+ src/rsn_supp/wpa.c | 116 ++++++++++++++++++++++++++++++------------------
+ src/rsn_supp/wpa_i.h | 4 ++
+ 3 files changed, 87 insertions(+), 44 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index af1d0f0..d200285 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -217,6 +217,17 @@ struct wpa_ptk {
+ size_t tk_len;
+ };
+
++struct wpa_gtk {
++ u8 gtk[WPA_GTK_MAX_LEN];
++ size_t gtk_len;
++};
++
++#ifdef CONFIG_IEEE80211W
++struct wpa_igtk {
++ u8 igtk[WPA_IGTK_MAX_LEN];
++ size_t igtk_len;
++};
++#endif /* CONFIG_IEEE80211W */
+
+ /* WPA IE version 1
+ * 00-50-f2:1 (OUI:OUI type)
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 3c47879..95bd7be 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
++ /* Detect possible key reinstallation */
++ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
++ gd->keyidx, gd->tx, gd->gtk_len);
++ return 0;
++ }
++
+ wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
+@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++
+ return 0;
+ }
+
+@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ }
+
+
++#ifdef CONFIG_IEEE80211W
++static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
++ const struct wpa_igtk_kde *igtk)
++{
++ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
++ u16 keyidx = WPA_GET_LE16(igtk->keyid);
++
++ /* Detect possible key reinstallation */
++ if (sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
++ keyidx);
++ return 0;
++ }
++
++ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
++ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
++ keyidx, MAC2STR(igtk->pn));
++ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
++ if (keyidx > 4095) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Invalid IGTK KeyID %d", keyidx);
++ return -1;
++ }
++ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
++ broadcast_ether_addr,
++ keyidx, 0, igtk->pn, sizeof(igtk->pn),
++ igtk->igtk, len) < 0) {
++ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
++ "WPA: Failed to configure IGTK to the driver");
++ return -1;
++ }
++
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++
++ return 0;
++}
++#endif /* CONFIG_IEEE80211W */
++
++
+ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ struct wpa_eapol_ie_parse *ie)
+ {
+@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ if (ie->igtk) {
+ size_t len;
+ const struct wpa_igtk_kde *igtk;
+- u16 keyidx;
++
+ len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
+ return -1;
++
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- keyidx = WPA_GET_LE16(igtk->keyid);
+- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
+- "pn %02x%02x%02x%02x%02x%02x",
+- keyidx, MAC2STR(igtk->pn));
+- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
+- igtk->igtk, len);
+- if (keyidx > 4095) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Invalid IGTK KeyID %d", keyidx);
+- return -1;
+- }
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igtk->pn, sizeof(igtk->pn),
+- igtk->igtk, len) < 0) {
+- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
+- "WPA: Failed to configure IGTK to the driver");
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+ }
+
+ return 0;
+@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
+ */
+ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ {
+- int clear_ptk = 1;
++ int clear_keys = 1;
+
+ if (sm == NULL)
+ return;
+@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ /* Prepare for the next transition */
+ wpa_ft_prepare_auth_request(sm, NULL);
+
+- clear_ptk = 0;
++ clear_keys = 0;
+ }
+ #endif /* CONFIG_IEEE80211R */
+
+- if (clear_ptk) {
++ if (clear_keys) {
+ /*
+ * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
+ * this is not part of a Fast BSS Transition.
+@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ }
+
+ #ifdef CONFIG_TDLS
+@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(sm->pmk, 0, sizeof(sm->pmk));
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
++ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++#ifdef CONFIG_IEEE80211W
++ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++#endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+ os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
+@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ os_memset(&gd, 0, sizeof(gd));
+ #ifdef CONFIG_IEEE80211W
+ } else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
+- struct wpa_igtk_kde igd;
+- u16 keyidx;
+-
+- os_memset(&igd, 0, sizeof(igd));
+- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
+- os_memcpy(igd.keyid, buf + 2, 2);
+- os_memcpy(igd.pn, buf + 4, 6);
+-
+- keyidx = WPA_GET_LE16(igd.keyid);
+- os_memcpy(igd.igtk, buf + 10, keylen);
+-
+- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
+- igd.igtk, keylen);
+- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
+- broadcast_ether_addr,
+- keyidx, 0, igd.pn, sizeof(igd.pn),
+- igd.igtk, keylen) < 0) {
+- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
+- "WNM mode");
+- os_memset(&igd, 0, sizeof(igd));
++ const struct wpa_igtk_kde *igtk;
++
++ igtk = (const struct wpa_igtk_kde *) (buf + 2);
++ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
+ return -1;
+- }
+- os_memset(&igd, 0, sizeof(igd));
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+ wpa_printf(MSG_DEBUG, "Unknown element id");
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index f653ba6..afc9e37 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -31,6 +31,10 @@ struct wpa_sm {
+ u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
++ struct wpa_gtk gtk;
++#ifdef CONFIG_IEEE80211W
++ struct wpa_igtk igtk;
++#endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch b/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
new file mode 100644
index 000000000..e2937b851
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
@@ -0,0 +1,184 @@
+From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:12:24 +0300
+Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
+ Mode cases
+
+This extends the protection to track last configured GTK/IGTK value
+separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
+corner case where these two different mechanisms may get used when the
+GTK/IGTK has changed and tracking a single value is not sufficient to
+detect a possible key reconfiguration.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 53 +++++++++++++++++++++++++++++++++++++---------------
+ src/rsn_supp/wpa_i.h | 2 ++
+ 2 files changed, 40 insertions(+), 15 deletions(-)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 95bd7be..7a2c68d 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -709,14 +709,17 @@ struct wpa_gtk_data {
+
+ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ const struct wpa_gtk_data *gd,
+- const u8 *key_rsc)
++ const u8 *key_rsc, int wnm_sleep)
+ {
+ const u8 *_gtk = gd->gtk;
+ u8 gtk_buf[32];
+
+ /* Detect possible key reinstallation */
+- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
+- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
++ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
++ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
++ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
+ gd->keyidx, gd->tx, gd->gtk_len);
+@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
+ }
+ os_memset(gtk_buf, 0, sizeof(gtk_buf));
+
+- sm->gtk.gtk_len = gd->gtk_len;
+- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ if (wnm_sleep) {
++ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
++ sm->gtk_wnm_sleep.gtk_len);
++ } else {
++ sm->gtk.gtk_len = gd->gtk_len;
++ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
++ }
+
+ return 0;
+ }
+@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+ (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
+ gtk_len, gtk_len,
+ &gd.key_rsc_len, &gd.alg) ||
+- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
++ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "RSN: Failed to install GTK");
+ os_memset(&gd, 0, sizeof(gd));
+@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
+
+ #ifdef CONFIG_IEEE80211W
+ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+- const struct wpa_igtk_kde *igtk)
++ const struct wpa_igtk_kde *igtk,
++ int wnm_sleep)
+ {
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
+
+ /* Detect possible key reinstallation */
+- if (sm->igtk.igtk_len == len &&
+- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
++ if ((sm->igtk.igtk_len == len &&
++ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
++ (sm->igtk_wnm_sleep.igtk_len == len &&
++ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len) == 0)) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
+ keyidx);
+@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
+ return -1;
+ }
+
+- sm->igtk.igtk_len = len;
+- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ if (wnm_sleep) {
++ sm->igtk_wnm_sleep.igtk_len = len;
++ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
++ sm->igtk_wnm_sleep.igtk_len);
++ } else {
++ sm->igtk.igtk_len = len;
++ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
++ }
+
+ return 0;
+ }
+@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
+ return -1;
+
+ igtk = (const struct wpa_igtk_kde *) ie->igtk;
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
+ return -1;
+ }
+
+@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
+ if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
+ key_rsc = null_rsc;
+
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
+ goto failed;
+ os_memset(&gd, 0, sizeof(gd));
+@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
+ sm->tptk_set = 0;
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ }
+
+@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
+ os_memset(&sm->ptk, 0, sizeof(sm->ptk));
+ os_memset(&sm->tptk, 0, sizeof(sm->tptk));
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
++ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
+ #ifdef CONFIG_IEEE80211W
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
++ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
+ #endif /* CONFIG_IEEE80211W */
+ #ifdef CONFIG_IEEE80211R
+ os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
+@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+
+ wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
+ gd.gtk, gd.gtk_len);
+- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
++ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
+ os_memset(&gd, 0, sizeof(gd));
+ wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
+ "WNM mode");
+@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
+ const struct wpa_igtk_kde *igtk;
+
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
+- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
++ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
+ return -1;
+ #endif /* CONFIG_IEEE80211W */
+ } else {
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index afc9e37..9a54631 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -32,8 +32,10 @@ struct wpa_sm {
+ int rx_replay_counter_set;
+ u8 request_counter[WPA_REPLAY_COUNTER_LEN];
+ struct wpa_gtk gtk;
++ struct wpa_gtk gtk_wnm_sleep;
+ #ifdef CONFIG_IEEE80211W
+ struct wpa_igtk igtk;
++ struct wpa_igtk igtk_wnm_sleep;
+ #endif /* CONFIG_IEEE80211W */
+
+ struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch b/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
new file mode 100644
index 000000000..22ee21794
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
@@ -0,0 +1,79 @@
+From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
+From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+Date: Fri, 29 Sep 2017 04:22:51 +0200
+Subject: [PATCH 4/8] Prevent installation of an all-zero TK
+
+Properly track whether a PTK has already been installed to the driver
+and the TK part cleared from memory. This prevents an attacker from
+trying to trick the client into installing an all-zero TK.
+
+This fixes the earlier fix in commit
+ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
+driver in EAPOL-Key 3/4 retry case') which did not take into account
+possibility of an extra message 1/4 showing up between retries of
+message 3/4.
+
+Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
+---
+ src/common/wpa_common.h | 1 +
+ src/rsn_supp/wpa.c | 5 ++---
+ src/rsn_supp/wpa_i.h | 1 -
+ 3 files changed, 3 insertions(+), 4 deletions(-)
+
+diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
+index d200285..1021ccb 100644
+--- a/src/common/wpa_common.h
++++ b/src/common/wpa_common.h
+@@ -215,6 +215,7 @@ struct wpa_ptk {
+ size_t kck_len;
+ size_t kek_len;
+ size_t tk_len;
++ int installed; /* 1 if key has already been installed to driver */
+ };
+
+ struct wpa_gtk {
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 7a2c68d..0550a41 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
+ os_memset(buf, 0, sizeof(buf));
+ }
+ sm->tptk_set = 1;
+- sm->tk_to_set = 1;
+
+ kde = sm->assoc_wpa_ie;
+ kde_len = sm->assoc_wpa_ie_len;
+@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+ enum wpa_alg alg;
+ const u8 *key_rsc;
+
+- if (!sm->tk_to_set) {
++ if (sm->ptk.installed) {
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
+ "WPA: Do not re-install same PTK to the driver");
+ return 0;
+@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
+
+ /* TK is not needed anymore in supplicant */
+ os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
+- sm->tk_to_set = 0;
++ sm->ptk.installed = 1;
+
+ if (sm->wpa_ptk_rekey) {
+ eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 9a54631..41f371f 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -24,7 +24,6 @@ struct wpa_sm {
+ struct wpa_ptk ptk, tptk;
+ int ptk_set, tptk_set;
+ unsigned int msg_3_of_4_ok:1;
+- unsigned int tk_to_set:1;
+ u8 snonce[WPA_NONCE_LEN];
+ u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
+ int renew_snonce;
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch b/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
new file mode 100644
index 000000000..c19c4c710
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
@@ -0,0 +1,64 @@
+From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Sun, 1 Oct 2017 12:32:57 +0300
+Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
+
+The Authenticator state machine path for PTK rekeying ended up bypassing
+the AUTHENTICATION2 state where a new ANonce is generated when going
+directly to the PTKSTART state since there is no need to try to
+determine the PMK again in such a case. This is far from ideal since the
+new PTK would depend on a new nonce only from the supplicant.
+
+Fix this by generating a new ANonce when moving to the PTKSTART state
+for the purpose of starting new 4-way handshake to rekey PTK.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
+ 1 file changed, 21 insertions(+), 3 deletions(-)
+
+diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
+index 707971d..bf10cc1 100644
+--- a/src/ap/wpa_auth.c
++++ b/src/ap/wpa_auth.c
+@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
+ }
+
+
++static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
++{
++ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
++ wpa_printf(MSG_ERROR,
++ "WPA: Failed to get random data for ANonce");
++ sm->Disconnect = TRUE;
++ return -1;
++ }
++ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
++ WPA_NONCE_LEN);
++ sm->TimeoutCtr = 0;
++ return 0;
++}
++
++
+ SM_STATE(WPA_PTK, INITPMK)
+ {
+ u8 msk[2 * PMK_LEN];
+@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
+ SM_ENTER(WPA_PTK, AUTHENTICATION);
+ else if (sm->ReAuthenticationRequest)
+ SM_ENTER(WPA_PTK, AUTHENTICATION2);
+- else if (sm->PTKRequest)
+- SM_ENTER(WPA_PTK, PTKSTART);
+- else switch (sm->wpa_ptk_state) {
++ else if (sm->PTKRequest) {
++ if (wpa_auth_sm_ptk_update(sm) < 0)
++ SM_ENTER(WPA_PTK, DISCONNECTED);
++ else
++ SM_ENTER(WPA_PTK, PTKSTART);
++ } else switch (sm->wpa_ptk_state) {
+ case WPA_PTK_INITIALIZE:
+ break;
+ case WPA_PTK_DISCONNECT:
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch b/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
new file mode 100644
index 000000000..e1bd5a572
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
@@ -0,0 +1,132 @@
+From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:03:15 +0300
+Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
+
+Do not try to reconfigure the same TPK-TK to the driver after it has
+been successfully configured. This is an explicit check to avoid issues
+related to resetting the TX/RX packet number. There was already a check
+for this for TPK M2 (retries of that message are ignored completely), so
+that behavior does not get modified.
+
+For TPK M3, the TPK-TK could have been reconfigured, but that was
+followed by immediate teardown of the link due to an issue in updating
+the STA entry. Furthermore, for TDLS with any real security (i.e.,
+ignoring open/WEP), the TPK message exchange is protected on the AP path
+and simple replay attacks are not feasible.
+
+As an additional corner case, make sure the local nonce gets updated if
+the peer uses a very unlikely "random nonce" of all zeros.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 36 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
+index e424168..9eb9738 100644
+--- a/src/rsn_supp/tdls.c
++++ b/src/rsn_supp/tdls.c
+@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
+ u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
+ } tpk;
+ int tpk_set;
++ int tk_set; /* TPK-TK configured to the driver */
+ int tpk_success;
+ int tpk_in_progress;
+
+@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ u8 rsc[6];
+ enum wpa_alg alg;
+
++ if (peer->tk_set) {
++ /*
++ * This same TPK-TK has already been configured to the driver
++ * and this new configuration attempt (likely due to an
++ * unexpected retransmitted frame) would result in clearing
++ * the TX/RX sequence number which can break security, so must
++ * not allow that to happen.
++ */
++ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
++ " has already been configured to the driver - do not reconfigure",
++ MAC2STR(peer->addr));
++ return -1;
++ }
++
+ os_memset(rsc, 0, 6);
+
+ switch (peer->cipher) {
+@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ return -1;
+ }
+
++ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
++ MAC2STR(peer->addr));
+ if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
+ rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
+ wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
+ "driver");
+ return -1;
+ }
++ peer->tk_set = 1;
+ return 0;
+ }
+
+@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
+ peer->cipher = 0;
+ peer->qos_info = 0;
+ peer->wmm_capable = 0;
+- peer->tpk_set = peer->tpk_success = 0;
++ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
+ peer->chan_switch_enabled = 0;
+ os_memset(&peer->tpk, 0, sizeof(peer->tpk));
+ os_memset(peer->inonce, 0, WPA_NONCE_LEN);
+@@ -1159,6 +1177,7 @@ skip_rsnie:
+ wpa_tdls_peer_free(sm, peer);
+ return -1;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
+ peer->inonce, WPA_NONCE_LEN);
+ os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
+@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
+ }
+
+
++static int tdls_nonce_set(const u8 *nonce)
++{
++ int i;
++
++ for (i = 0; i < WPA_NONCE_LEN; i++) {
++ if (nonce[i])
++ return 1;
++ }
++
++ return 0;
++}
++
++
+ static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
+ const u8 *buf, size_t len)
+ {
+@@ -2004,7 +2036,8 @@ skip_rsn:
+ peer->rsnie_i_len = kde.rsn_ie_len;
+ peer->cipher = cipher;
+
+- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
++ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
++ !tdls_nonce_set(peer->inonce)) {
+ /*
+ * There is no point in updating the RNonce for every obtained
+ * TPK M1 frame (e.g., retransmission due to timeout) with the
+@@ -2020,6 +2053,7 @@ skip_rsn:
+ "TDLS: Failed to get random data for responder nonce");
+ goto error;
+ }
++ peer->tk_set = 0; /* A new nonce results in a new TK */
+ }
+
+ #if 0
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch b/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
new file mode 100644
index 000000000..85ea1d62b
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
@@ -0,0 +1,43 @@
+From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 11:25:02 +0300
+Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
+ request
+
+Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
+Mode Response if WNM-Sleep Mode has not been used') started ignoring the
+response when no WNM-Sleep Mode Request had been used during the
+association. This can be made tighter by clearing the used flag when
+successfully processing a response. This adds an additional layer of
+protection against unexpected retransmissions of the response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ wpa_supplicant/wnm_sta.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
+index 1b3409c..67a07ff 100644
+--- a/wpa_supplicant/wnm_sta.c
++++ b/wpa_supplicant/wnm_sta.c
+@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+
+ if (!wpa_s->wnmsleep_used) {
+ wpa_printf(MSG_DEBUG,
+- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
++ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
+ return;
+ }
+
+@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
+ return;
+ }
+
++ wpa_s->wnmsleep_used = 0;
++
+ if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
+ wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
+ wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch b/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
new file mode 100644
index 000000000..b9678f681
--- /dev/null
+++ b/user/wpa_supplicant/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
@@ -0,0 +1,82 @@
+From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <j@w1.fi>
+Date: Fri, 22 Sep 2017 12:06:37 +0300
+Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
+
+The driver is expected to not report a second association event without
+the station having explicitly request a new association. As such, this
+case should not be reachable. However, since reconfiguring the same
+pairwise or group keys to the driver could result in nonce reuse issues,
+be extra careful here and do an additional state check to avoid this
+even if the local driver ends up somehow accepting an unexpected
+Reassociation Response frame.
+
+Signed-off-by: Jouni Malinen <j@w1.fi>
+---
+ src/rsn_supp/wpa.c | 3 +++
+ src/rsn_supp/wpa_ft.c | 8 ++++++++
+ src/rsn_supp/wpa_i.h | 1 +
+ 3 files changed, 12 insertions(+)
+
+diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
+index 0550a41..2a53c6f 100644
+--- a/src/rsn_supp/wpa.c
++++ b/src/rsn_supp/wpa.c
+@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
+ #ifdef CONFIG_TDLS
+ wpa_tdls_disassoc(sm);
+ #endif /* CONFIG_TDLS */
++#ifdef CONFIG_IEEE80211R
++ sm->ft_reassoc_completed = 0;
++#endif /* CONFIG_IEEE80211R */
+
+ /* Keys are not needed in the WPA state machine anymore */
+ wpa_sm_drop_sa(sm);
+diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
+index 205793e..d45bb45 100644
+--- a/src/rsn_supp/wpa_ft.c
++++ b/src/rsn_supp/wpa_ft.c
+@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
+ u16 capab;
+
+ sm->ft_completed = 0;
++ sm->ft_reassoc_completed = 0;
+
+ buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
+ 2 + sm->r0kh_id_len + ric_ies_len + 100;
+@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ if (sm->ft_reassoc_completed) {
++ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
++ return 0;
++ }
++
+ if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
+ wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
+ return -1;
+@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
+ return -1;
+ }
+
++ sm->ft_reassoc_completed = 1;
++
+ if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
+ return -1;
+
+diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
+index 41f371f..56f88dc 100644
+--- a/src/rsn_supp/wpa_i.h
++++ b/src/rsn_supp/wpa_i.h
+@@ -128,6 +128,7 @@ struct wpa_sm {
+ size_t r0kh_id_len;
+ u8 r1kh_id[FT_R1KH_ID_LEN];
+ int ft_completed;
++ int ft_reassoc_completed;
+ int over_the_ds_in_progress;
+ u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
+ int set_ptk_after_assoc;
+--
+2.7.4
+
diff --git a/user/wpa_supplicant/wpa_cli.sh b/user/wpa_supplicant/wpa_cli.sh
new file mode 100644
index 000000000..0a5a6cc03
--- /dev/null
+++ b/user/wpa_supplicant/wpa_cli.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+# Distributed under the terms of the BSD License.
+# Copyright (c) 2015 Sören Tempel <soeren+alpine@soeren-tempel.net>
+
+IFUP="/sbin/ifup"
+IFDOWN="/sbin/ifdown"
+
+if [ -z "${1}" -o -z "${2}" ]; then
+ logger -t wpa_cli "this script should be called from wpa_cli(8)"
+ exit 1
+elif ! [ -x "${IFUP}" -a -x "${IFDOWN}" ]; then
+ logger -t wpa_cli "${IFUP} or ${IFDOWN} doesn't exist"
+ exit 1
+fi
+
+IFNAME="${1}"
+ACTION="${2}"
+
+EXEC=""
+case "${ACTION}" in
+ CONNECTED)
+ EXEC="${IFUP}"
+ ;;
+ DISCONNECTED)
+ EXEC="${IFDOWN}"
+ ;;
+ *)
+ logger -t wpa_cli "unknown action '${ACTION}'"
+ exit 1
+esac
+
+logger -t wpa_cli "interface ${IFNAME} ${ACTION}"
+${EXEC} "${IFNAME}" || logger -t wpa_cli "executing '${EXEC}' failed"
diff --git a/user/wpa_supplicant/wpa_supplicant.confd b/user/wpa_supplicant/wpa_supplicant.confd
new file mode 100644
index 000000000..104b9dc5d
--- /dev/null
+++ b/user/wpa_supplicant/wpa_supplicant.confd
@@ -0,0 +1,6 @@
+# conf.d file for wpa_supplicant
+#
+# Please check man 8 wpa_supplicant for more information about the options
+# wpa_supplicant accepts.
+#
+wpa_supplicant_args=""
diff --git a/user/wpa_supplicant/wpa_supplicant.initd b/user/wpa_supplicant/wpa_supplicant.initd
new file mode 100644
index 000000000..988b267d1
--- /dev/null
+++ b/user/wpa_supplicant/wpa_supplicant.initd
@@ -0,0 +1,53 @@
+#!/sbin/openrc-run
+# Copyright (c) 2009 Roy Marples <roy@marples.name>
+# All rights reserved. Released under the 2-clause BSD license.
+
+command=/sbin/wpa_supplicant
+: ${wpa_supplicant_conf:=/etc/wpa_supplicant/wpa_supplicant.conf}
+wpa_supplicant_if=${wpa_supplicant_if:+-i}$wpa_supplicant_if
+command_args="$wpa_supplicant_args -B -c$wpa_supplicant_conf $wpa_supplicant_if"
+name="WPA Supplicant Daemon"
+
+depend()
+{
+ need localmount
+ use logger dbus
+ after bootmisc modules
+ before dns dhcpcd net
+ keyword -shutdown
+}
+
+find_wireless()
+{
+ local iface=
+ for iface in /sys/class/net/*; do
+ if [ -e "$iface"/wireless -o -e "$iface"/phy80211 ]; then
+ echo "${iface##*/}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+append_wireless()
+{
+ local iface= i=
+
+ iface=$(find_wireless)
+ if [ -n "$iface" ]; then
+ for i in $iface; do
+ command_args="$command_args -i$i"
+ done
+ else
+ eerror "Could not find a wireless interface"
+ fi
+}
+
+start_pre()
+{
+ case " $command_args" in
+ *" -i"*) ;;
+ *) append_wireless;;
+ esac
+}
diff --git a/user/xf86-video-ati/APKBUILD b/user/xf86-video-ati/APKBUILD
new file mode 100644
index 000000000..b5d128d60
--- /dev/null
+++ b/user/xf86-video-ati/APKBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=xf86-video-ati
+pkgver=18.0.1
+pkgrel=0
+pkgdesc="ATI video driver"
+url="http://xorg.freedesktop.org/"
+arch="all"
+license="MIT"
+subpackages="$pkgname-doc"
+depends="mesa-dri-ati"
+makedepends="xorg-server-dev libxi-dev fontsproto randrproto util-macros
+ videoproto renderproto libdrm-dev xf86driproto glproto mesa-dev
+ xineramaproto eudev-dev pixman-dev"
+options="!check"
+source="http://www.x.org/releases/individual/driver/$pkgname-$pkgver.tar.bz2"
+builddir="$srcdir"/$pkgname-$pkgver
+
+build() {
+ cd "$builddir"
+ export LDFLAGS="$LDFLAGS -Wl,-z,lazy"
+
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --enable-glamor
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+ install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+
+sha512sums="b468a78503a596bbf71a1b91b231ce1fa32908f619ff2dfe249352d046696a3641f2a9ff065e32545fff77100134b4b237591215e78ef885b6509d6b16112d14 xf86-video-ati-18.0.1.tar.bz2"