836 files changed, 110543 insertions, 0 deletions

diff --git a/main/abuild/APKBUILD b/main/abuild/APKBUILD
new file mode 100644
index 0000000000..ee03901af5
--- /dev/null
+++ b/main/abuild/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgdesc="Script to build Alpine Packages"
+pkgname=abuild
+pkgver=2.0_rc2
+pkgrel=0
+url=http://git.alpinelinux.org/cgit/abuild/
+source="http://git.alpinelinux.org/cgit/abuild/snapshot/abuild-$pkgver.tar.bz2
+	"
+depends="fakeroot file sudo pax-utils openssl apk-tools"
+makedepends="openssl-dev"
+license=GPL-2
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make install DESTDIR="$pkgdir"
+	install -m 644 abuild.conf "$pkgdir"/etc/abuild.conf
+}
+
+md5sums="d6d0de5791cd8bbb468b1da1dbac8138  abuild-2.0_rc2.tar.bz2"
diff --git a/main/acct/APKBUILD b/main/acct/APKBUILD
new file mode 100644
index 0000000000..29657feed9
--- /dev/null
+++ b/main/acct/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acct
+pkgver=6.3.2
+pkgrel=1
+pkgdesc="The GNU Accounting Utilities"
+url="http://www.gnu.org/software/acct/"
+license="GPL"
+depends=
+makedepends=
+install=
+subpackages="$pkgname-doc"
+source="http://ftp.gnu.org/gnu/acct/${pkgname}-${pkgver}.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	# seems like this makefile does not respect DESTDIR
+	./configure --prefix=/usr \
+		--mandir="$pkgdir"/usr/share/man \
+		--infodir="$pkgdir"/usr/share/info
+
+	make || return 1
+	make prefix="$pkgdir/usr" install
+}
+
+md5sums="da0055b254f7da8b8920db83ef1ebba1  acct-6.3.2.tar.gz"
diff --git a/main/acf-alpine-baselayout/APKBUILD b/main/acf-alpine-baselayout/APKBUILD
new file mode 100644
index 0000000000..1f29cfb0b1
--- /dev/null
+++ b/main/acf-alpine-baselayout/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-alpine-baselayout
+pkgver=0.5.1
+pkgrel=0
+pkgdesc="A web-based system administration interface for alpine-baselayout"
+url="http://git.alpinelinux.org/cgit/acf-alpine-baselayout"
+license="GPL-2"
+depends="acf-core json4lua lua luaposix"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="385620401b12c68e7bea1138505a1376  acf-alpine-baselayout-0.5.1.tar.bz2"
diff --git a/main/acf-alpine-conf/APKBUILD b/main/acf-alpine-conf/APKBUILD
new file mode 100644
index 0000000000..fdb808017c
--- /dev/null
+++ b/main/acf-alpine-conf/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-alpine-conf
+pkgver=0.3.14
+pkgrel=0
+pkgdesc="A web-based system administration interface for alpine-conf"
+url="http://git.alpinelinux.org/cgit/acf-alpine-conf"
+license="GPL-2"
+depends="acf-core lua luaposix"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="7f1f61e3188c0eadeba80b9436b26ebb  acf-alpine-conf-0.3.14.tar.bz2"
diff --git a/main/acf-apk-tools/APKBUILD b/main/acf-apk-tools/APKBUILD
new file mode 100644
index 0000000000..040645d312
--- /dev/null
+++ b/main/acf-apk-tools/APKBUILD
@@ -0,0 +1,16 @@
+# Contributor: Mika Havela <mika.havela@gmail.com>
+pkgname=acf-apk-tools
+pkgver=0.3.0
+pkgrel=0
+pkgdesc="ACF module for apk"
+url="http://git.alpinelinux.org/cgit/acf-apk-tools"
+license="GPL-2"
+depends="acf-core lua luaposix"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="ae4b99240a69c37f5ec60668518b4db0  acf-apk-tools-0.3.0.tar.bz2"
diff --git a/main/acf-asterisk/APKBUILD b/main/acf-asterisk/APKBUILD
new file mode 100644
index 0000000000..c7abd3b02f
--- /dev/null
+++ b/main/acf-asterisk/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-asterisk
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for asterisk"
+url="http://git.alpinelinux.org/cgit/acf-asterisk"
+license="GPL-2"
+depends="acf-core lua asterisk"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="50481ed7662a93f24610e2af92ca6cd5  acf-asterisk-0.2.0.tar.bz2"
diff --git a/main/acf-chrony/APKBUILD b/main/acf-chrony/APKBUILD
new file mode 100644
index 0000000000..9db7c4d000
--- /dev/null
+++ b/main/acf-chrony/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-chrony
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for chrony"
+url="http://git.alpinelinux.org/cgit/acf-chrony"
+license="GPL-2"
+depends="acf-core lua luaposix chrony"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="04a3b4f80eafc65b29cf93266049b804  acf-chrony-0.2.0.tar.bz2"
diff --git a/main/acf-clamav/APKBUILD b/main/acf-clamav/APKBUILD
new file mode 100644
index 0000000000..511844df49
--- /dev/null
+++ b/main/acf-clamav/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-clamav
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for clamav"
+url="http://git.alpinelinux.org/cgit/acf-clamav"
+license="GPL-2"
+depends="acf-core lua clamav"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="a3da6fc06f95a947819e308f8092e77b  acf-clamav-0.2.0.tar.bz2"
diff --git a/main/acf-clamsmtp/APKBUILD b/main/acf-clamsmtp/APKBUILD
new file mode 100644
index 0000000000..b72fc2e32b
--- /dev/null
+++ b/main/acf-clamsmtp/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-clamsmtp
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for clamsmtp"
+url="http://git.alpinelinux.org/cgit/acf-clamsmtp"
+license="GPL-2"
+depends="acf-core lua clamsmtp"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="139d06632bf900d58c9a145b13e39517  acf-clamsmtp-0.2.0.tar.bz2"
diff --git a/main/acf-core/APKBUILD b/main/acf-core/APKBUILD
new file mode 100644
index 0000000000..dd9f65bbc7
--- /dev/null
+++ b/main/acf-core/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-core
+pkgver=0.8.0
+pkgrel=0
+pkgdesc="A web-based system administration interface framework"
+url="http://git.alpinelinux.org/cgit/acf-core"
+license="GPL-2"
+depends="acf-skins haserl lua luaposix md5"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="a51c0f4a1931ebc0ca4d303b3330b484  acf-core-0.8.0.tar.bz2"
diff --git a/main/acf-dansguardian/APKBUILD b/main/acf-dansguardian/APKBUILD
new file mode 100644
index 0000000000..c5d5ef7dd5
--- /dev/null
+++ b/main/acf-dansguardian/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-dansguardian
+pkgver=0.3.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for dansguardian"
+url="http://git.alpinelinux.org/cgit/acf-dansguardian"
+license="GPL-2"
+depends="acf-core lua dansguardian"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="23740882f651776070bad5d4959f8035  acf-dansguardian-0.3.0.tar.bz2"
diff --git a/main/acf-dhcp/APKBUILD b/main/acf-dhcp/APKBUILD
new file mode 100644
index 0000000000..bc92419bb9
--- /dev/null
+++ b/main/acf-dhcp/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-dhcp
+pkgver=0.4.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for dhcp"
+url="http://git.alpinelinux.org/cgit/acf-dhcp"
+license="GPL-2"
+depends="acf-core lua dhcp"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="a30d069327655fd562e40fc118810eb7  acf-dhcp-0.4.0.tar.bz2"
diff --git a/main/acf-dnscache/APKBUILD b/main/acf-dnscache/APKBUILD
new file mode 100644
index 0000000000..979df43c19
--- /dev/null
+++ b/main/acf-dnscache/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-dnscache
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for dnscache"
+url="http://git.alpinelinux.org/cgit/acf-dnscache"
+license="GPL-2"
+depends="acf-core lua luaposix dnscache"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="58c991b5ccb59c51b20779fa0a7189fa  acf-dnscache-0.2.0.tar.bz2"
diff --git a/main/acf-dnsmasq/APKBUILD b/main/acf-dnsmasq/APKBUILD
new file mode 100644
index 0000000000..8f0b8397b3
--- /dev/null
+++ b/main/acf-dnsmasq/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-dnsmasq
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for dnsmasq"
+url="http://git.alpinelinux.org/cgit/acf-dnsmasq"
+license="GPL-2"
+depends="acf-core lua dnsmasq"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="320ac909465f25a49eb9e427e456a3e6  acf-dnsmasq-0.2.0.tar.bz2"
diff --git a/main/acf-dovecot/APKBUILD b/main/acf-dovecot/APKBUILD
new file mode 100644
index 0000000000..a95208ad6e
--- /dev/null
+++ b/main/acf-dovecot/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-dovecot
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for dovecot"
+url="http://git.alpinelinux.org/cgit/acf-dovecot"
+license="GPL-2"
+depends="acf-core lua dovecot"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="fc5ca553148b77550bbfa731acab62f5  acf-dovecot-0.2.0.tar.bz2"
diff --git a/main/acf-fetchmail/APKBUILD b/main/acf-fetchmail/APKBUILD
new file mode 100644
index 0000000000..c4638e342d
--- /dev/null
+++ b/main/acf-fetchmail/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-fetchmail
+pkgver=0.4.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for fetchmail"
+url="http://git.alpinelinux.org/cgit/acf-fetchmail"
+license="GPL-2"
+depends="acf-core lua fetchmail"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="71c9d1245d4fa700e452e7a728ab42a8  acf-fetchmail-0.4.0.tar.bz2"
diff --git a/main/acf-gnats/APKBUILD b/main/acf-gnats/APKBUILD
new file mode 100644
index 0000000000..0dc58acd83
--- /dev/null
+++ b/main/acf-gnats/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-gnats
+pkgver=0.3.5
+pkgrel=0
+pkgdesc="ACF module for gnats"
+url="http://git.alpinelinux.org/cgit/acf-gnats"
+license="GPL-2"
+depends="acf-core gnats lua"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="0cc0496301fd6a8287e767fa13363519  acf-gnats-0.3.5.tar.bz2"
diff --git a/main/acf-gross/APKBUILD b/main/acf-gross/APKBUILD
new file mode 100644
index 0000000000..4dcf979d18
--- /dev/null
+++ b/main/acf-gross/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-gross
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for gross"
+url="http://git.alpinelinux.org/cgit/acf-gross"
+license="GPL-2"
+depends="acf-core lua gross"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="11e4f72ffb2ed0ef2fceca1f1dc88251  acf-gross-0.2.0.tar.bz2"
diff --git a/main/acf-ipsec-tools/APKBUILD b/main/acf-ipsec-tools/APKBUILD
new file mode 100644
index 0000000000..2da2f90f29
--- /dev/null
+++ b/main/acf-ipsec-tools/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-ipsec-tools
+pkgver=0.4.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for ipsec-tools"
+url="http://git.alpinelinux.org/cgit/acf-ipsec-tools"
+license="GPL-2"
+depends="acf-core lua ipsec-tools"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="3c3dd54927f539245fb3907bf90b7a26  acf-ipsec-tools-0.4.0.tar.bz2"
diff --git a/main/acf-iptables/APKBUILD b/main/acf-iptables/APKBUILD
new file mode 100644
index 0000000000..12665845f8
--- /dev/null
+++ b/main/acf-iptables/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-iptables
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for iptables"
+url="http://git.alpinelinux.org/cgit/acf-iptables"
+license="GPL-2"
+depends="acf-core lua iptables"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="dcecc96699add7e9f4b58c866e6adcb0  acf-iptables-0.2.0.tar.bz2"
diff --git a/main/acf-mdadm/APKBUILD b/main/acf-mdadm/APKBUILD
new file mode 100644
index 0000000000..5069fa0c41
--- /dev/null
+++ b/main/acf-mdadm/APKBUILD
@@ -0,0 +1,22 @@
+# Contributor: Mika Havela <mika.havela@gmail.com>
+# Maintainer: Mika Havela <mika.havela@gmail.com>
+pkgname=acf-mdadm
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="ACF module for mdadm"
+url="http://git.alpinelinux.org/cgit/$pkgname"
+license="GPL-2"
+depends="acf-core lua mdadm"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="3a94b48e2f678bef0dc5aad6ef699ee2  acf-mdadm-0.2.0.tar.bz2"
diff --git a/main/acf-opennhrp/APKBUILD b/main/acf-opennhrp/APKBUILD
new file mode 100644
index 0000000000..4bc246496b
--- /dev/null
+++ b/main/acf-opennhrp/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-opennhrp
+pkgver=0.4.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for opennhrp"
+url="http://git.alpinelinux.org/cgit/acf-opennhrp"
+license="GPL-2"
+depends="acf-core lua luaposix opennhrp"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="3b86f9859871b6c788b3aee1e90ee9fc  acf-opennhrp-0.4.0.tar.bz2"
diff --git a/main/acf-openntpd/APKBUILD b/main/acf-openntpd/APKBUILD
new file mode 100644
index 0000000000..f33272d176
--- /dev/null
+++ b/main/acf-openntpd/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-openntpd
+pkgver=0.4.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for openntpd"
+url="http://git.alpinelinux.org/cgit/acf-openntpd"
+license="GPL-2"
+depends="acf-core lua openntpd"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="43cbfc627ddd51451917c2a99e587224  acf-openntpd-0.4.0.tar.bz2"
diff --git a/main/acf-openssh/APKBUILD b/main/acf-openssh/APKBUILD
new file mode 100644
index 0000000000..9228bacd75
--- /dev/null
+++ b/main/acf-openssh/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-openssh
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for openssh"
+url="http://git.alpinelinux.org/cgit/acf-openssh"
+license="GPL-2"
+depends="acf-core lua openssh"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="aa975654ce91969a978cc100dc046c63  acf-openssh-0.2.0.tar.bz2"
diff --git a/main/acf-openssl/APKBUILD b/main/acf-openssl/APKBUILD
new file mode 100644
index 0000000000..abaeeed12a
--- /dev/null
+++ b/main/acf-openssl/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-openssl
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for openssl"
+url="http://git.alpinelinux.org/cgit/acf-openssl"
+license="GPL-2"
+depends="acf-core lua openssl"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="468be0f280214d83084ff56c2fab202d  acf-openssl-0.2.0.tar.bz2"
diff --git a/main/acf-openvpn/APKBUILD b/main/acf-openvpn/APKBUILD
new file mode 100644
index 0000000000..34febc34c4
--- /dev/null
+++ b/main/acf-openvpn/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-openvpn
+pkgver=0.4.1
+pkgrel=0
+pkgdesc="A web-based system administration interface for openvpn"
+url="http://git.alpinelinux.org/cgit/acf-openvpn"
+license="GPL-2"
+depends="acf-core lua openvpn"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="4730a60d862b08c6e9de2a474acb35be  acf-openvpn-0.4.1.tar.bz2"
diff --git a/main/acf-pingu/APKBUILD b/main/acf-pingu/APKBUILD
new file mode 100644
index 0000000000..9efbf5b9a3
--- /dev/null
+++ b/main/acf-pingu/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-pingu
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for pingu"
+url="http://git.alpinelinux.org/cgit/acf-pingu"
+license="GPL-2"
+depends="acf-core lua pingu"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="db13e3b589995915a3f7cbc41ce02a4a  acf-pingu-0.2.0.tar.bz2"
diff --git a/main/acf-postfix/APKBUILD b/main/acf-postfix/APKBUILD
new file mode 100644
index 0000000000..b525015e0d
--- /dev/null
+++ b/main/acf-postfix/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-postfix
+pkgver=0.2.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for postfix"
+url="http://git.alpinelinux.org/cgit/acf-postfix"
+license="GPL-2"
+depends="acf-core lua postfix"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="7ac128ba01fcf58ed517cffad5caf8fe  acf-postfix-0.2.0.tar.bz2"
diff --git a/main/acf-postgresql/APKBUILD b/main/acf-postgresql/APKBUILD
new file mode 100644
index 0000000000..88e8d68c75
--- /dev/null
+++ b/main/acf-postgresql/APKBUILD
@@ -0,0 +1,22 @@
+# Contributor: Mika Havela <mika.havela@gmail.com>
+# Maintainer: Mika Havela <mika.havela@gmail.com>
+pkgname=acf-postgresql
+pkgver=0.3.0
+pkgrel=0
+pkgdesc="ACF module for postgresql"
+url="http://git.alpinelinux.org/cgit/$pkgname"
+license="GPL-2"
+depends="acf-core lua postgresql"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="e2d712f1522c9ce9bd8f4a2a5bbe3209  acf-postgresql-0.3.0.tar.bz2"
diff --git a/main/acf-ppp/APKBUILD b/main/acf-ppp/APKBUILD
new file mode 100644
index 0000000000..cca9f5e0e0
--- /dev/null
+++ b/main/acf-ppp/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-ppp
+pkgver=0.1.1
+pkgrel=0
+pkgdesc="A web-based system administration interface for ppp"
+url="http://git.alpinelinux.org/cgit/acf-ppp"
+license="GPL-2"
+depends="acf-core lua ppp"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="3865436480e610453dfdfc923beb4ec2  acf-ppp-0.1.1.tar.bz2"
diff --git a/main/acf-quagga/APKBUILD b/main/acf-quagga/APKBUILD
new file mode 100644
index 0000000000..01c71c8851
--- /dev/null
+++ b/main/acf-quagga/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-quagga
+pkgver=0.4.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for quagga"
+url="http://git.alpinelinux.org/cgit/acf-quagga"
+license="GPL-2"
+depends="acf-core lua quagga"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="ff46d473979a147abb3111e058f33993  acf-quagga-0.4.0.tar.bz2"
diff --git a/main/acf-samba/APKBUILD b/main/acf-samba/APKBUILD
new file mode 100644
index 0000000000..af07548594
--- /dev/null
+++ b/main/acf-samba/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-samba
+pkgver=0.2.1
+pkgrel=0
+pkgdesc="A web-based system administration interface for samba"
+url="http://git.alpinelinux.org/cgit/acf-samba"
+license="GPL-2"
+depends="acf-core lua samba"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="927edc6bb2204369b44ee8cd6dbc18a0  acf-samba-0.2.1.tar.bz2"
diff --git a/main/acf-shorewall/APKBUILD b/main/acf-shorewall/APKBUILD
new file mode 100644
index 0000000000..64bd03a81e
--- /dev/null
+++ b/main/acf-shorewall/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-shorewall
+pkgver=0.5.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for shorewall"
+url="http://git.alpinelinux.org/cgit/acf-shorewall"
+license="GPL-2"
+depends="acf-core lua shorewall"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="12d8bbc1242ee2e0206fa7369a60ca66  acf-shorewall-0.5.0.tar.bz2"
diff --git a/main/acf-skins/APKBUILD b/main/acf-skins/APKBUILD
new file mode 100644
index 0000000000..4e377d4b7f
--- /dev/null
+++ b/main/acf-skins/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-skins
+pkgver=0.1.6
+pkgrel=0
+pkgdesc="Skins for ACF"
+url="http://git.alpinelinux.org/cgit/acf-skins"
+license="GPL-2"
+depends=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="d93b59939b2d1e63ccbd0af0ad840d7a  acf-skins-0.1.6.tar.bz2"
diff --git a/main/acf-snort/APKBUILD b/main/acf-snort/APKBUILD
new file mode 100644
index 0000000000..abe972d44a
--- /dev/null
+++ b/main/acf-snort/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-snort
+pkgver=0.4.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for snort"
+url="http://git.alpinelinux.org/cgit/acf-snort"
+license="GPL-2"
+depends="acf-core lua snort"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="8d8114c3ec17a752a2a0b6ce3e37fdfd  acf-snort-0.4.0.tar.bz2"
diff --git a/main/acf-squid/APKBUILD b/main/acf-squid/APKBUILD
new file mode 100644
index 0000000000..9016b58045
--- /dev/null
+++ b/main/acf-squid/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-squid
+pkgver=0.5.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for squid"
+url="http://git.alpinelinux.org/cgit/acf-squid"
+license="GPL-2"
+depends="acf-core lua squid"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="0ea0596b90cfeb3abae5c7641d6f6cd4  acf-squid-0.5.0.tar.bz2"
diff --git a/main/acf-tcpproxy/APKBUILD b/main/acf-tcpproxy/APKBUILD
new file mode 100644
index 0000000000..c483088c62
--- /dev/null
+++ b/main/acf-tcpproxy/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=acf-tcpproxy
+pkgver=0.1.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for tcpproxy"
+url="http://git.alpinelinux.org/cgit/acf-tcpproxy"
+license="GPL-2"
+depends="acf-core lua tcpproxy"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="96e3448e51ced1782492bc714587eb78  acf-tcpproxy-0.1.0.tar.bz2"
diff --git a/main/acf-tinydns/APKBUILD b/main/acf-tinydns/APKBUILD
new file mode 100644
index 0000000000..75eeab0b1a
--- /dev/null
+++ b/main/acf-tinydns/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=acf-tinydns
+pkgver=0.3.0
+pkgrel=0
+pkgdesc="A web-based system administration interface for tinydns"
+url="http://git.alpinelinux.org/cgit/acf-tinydns"
+license="GPL-2"
+depends="acf-core lua tinydns"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make DESTDIR="$pkgdir" install
+}
+md5sums="0f24bd338b0918fcc2047c42e2d59522  acf-tinydns-0.3.0.tar.bz2"
diff --git a/main/acf-weblog/APKBUILD b/main/acf-weblog/APKBUILD
new file mode 100644
index 0000000000..15847a3f48
--- /dev/null
+++ b/main/acf-weblog/APKBUILD
@@ -0,0 +1,20 @@
+# Contributor: Ted Trask <ttrask01@yahoo.com>
+# Maintainer: Ted Trask <ttrask01@yahoo.com>
+pkgname=acf-weblog
+pkgver=0.2.0
+pkgrel=1
+pkgdesc="ACF for web proxy (squid and dansguardian) logfiles"
+url="http://git.alpinelinux.org/cgit/acf-weblog"
+license="GPL-2"
+depends="acf-core lua luasql-postgres wget postgresql-client"
+makedepends=""
+install=
+subpackages=""
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="c3981ef8eca4684480d3df9474fc338b  acf-weblog-0.2.0.tar.bz2"
diff --git a/main/alpine-base/APKBUILD b/main/alpine-base/APKBUILD
new file mode 100644
index 0000000000..b4eeefa3db
--- /dev/null
+++ b/main/alpine-base/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=alpine-base
+pkgver=2.0
+pkgrel=1
+pkgdesc="Meta package for minimal alpine base"
+url="http://alpinelinux.org"
+license="GPL"
+depends="alpine-baselayout alpine-conf apk-tools busybox busybox-initscripts
+	openrc"
+makedepends=
+install=
+subpackages=
+source="http://dev.alpinelinux.org/~ncopa/alpine/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub
+	"
+
+build() {
+	mkdir -p "$pkgdir"/etc/apk/keys
+	install -m644 "$srcdir"/*.pub "$pkgdir"/etc/apk/keys/
+}
+md5sums="75ee19ea2b03c12bc171647edc677f6f  alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub"
diff --git a/main/alpine-baselayout/0001-profile-change-default-path.patch b/main/alpine-baselayout/0001-profile-change-default-path.patch
new file mode 100644
index 0000000000..8f6945ce7b
--- /dev/null
+++ b/main/alpine-baselayout/0001-profile-change-default-path.patch
@@ -0,0 +1,22 @@
+From 963370a09dba86b661d4fec6f9152c219419f861 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 17 Jul 2009 12:35:21 +0000
+Subject: [PATCH] profile: change default path
+
+---
+ profile |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/profile b/profile
+index ef97cc8..a292008 100644
+--- a/profile
++++ b/profile
+@@ -1,4 +1,4 @@
+-export PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
++export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ export PAGER=less
+ export PS1='\h:\w\$ '
+ umask 022
+-- 
+1.6.3.3
+
diff --git a/main/alpine-baselayout/APKBUILD b/main/alpine-baselayout/APKBUILD
new file mode 100644
index 0000000000..ffa96bd446
--- /dev/null
+++ b/main/alpine-baselayout/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=alpine-baselayout
+pkgver=2.0_beta1
+pkgrel=1
+pkgdesc="Alpine base dir structure and init scripts"
+url=http://git.alpinelinux.org/cgit/alpine-baselayout
+depends=
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
+	0001-profile-change-default-path.patch
+	"
+license=GPL-2
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	patch -p1 < ../0001-profile-change-default-path.patch || return 1
+	make
+	make install PREFIX= DESTDIR="$pkgdir" || return 1
+}
+md5sums="6b25fc0c261e9182a68582c38249a3e8  alpine-baselayout-2.0_beta1.tar.bz2
+085c7e50bb57307fd9a24ee8c14e4749  0001-profile-change-default-path.patch"
diff --git a/main/alpine-conf/APKBUILD b/main/alpine-conf/APKBUILD
new file mode 100644
index 0000000000..08e641d02b
--- /dev/null
+++ b/main/alpine-conf/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=alpine-conf
+pkgver=2.0_beta3
+pkgrel=0
+pkgdesc="Alpine configuration management scripts"
+url=http://git.alpinelinux.org/cgit/$pkgname
+depends="openrc"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
+	"
+license="GPL-2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make || return 1
+	make install PREFIX= DESTDIR="$pkgdir"
+	for i in commit exclude include status update; do
+		ln -s lbu "$pkgdir"/sbin/lbu_$i
+	done
+}
+md5sums="7786d6d526e96a3fdf51b9284d063caa  alpine-conf-2.0_beta3.tar.bz2"
diff --git a/main/alpine-sdk/APKBUILD b/main/alpine-sdk/APKBUILD
new file mode 100644
index 0000000000..587f1785e6
--- /dev/null
+++ b/main/alpine-sdk/APKBUILD
@@ -0,0 +1,12 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=alpine-sdk
+pkgver=0.3
+url=http://dev.alpinelinux.org/cgit
+pkgdesc="Alpine Software Development Kit meta package"
+depends="abuild build-base git cramfs cdrkit acct mkinitfs mtools"
+license="GPL-2"
+
+build() {
+	# meta package
+	mkdir -p "$pkgdir"
+}
diff --git a/main/alsa-lib/APKBUILD b/main/alsa-lib/APKBUILD
new file mode 100644
index 0000000000..b844b54ff0
--- /dev/null
+++ b/main/alsa-lib/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=alsa-lib
+pkgver=1.0.20
+pkgrel=0
+pkgdesc="An alternative implementation of Linux sound support"
+url="http://www.alsa-project.org"
+license="GPL"
+depends="uclibc"
+subpackages="$pkgname-dev"
+source="ftp://ftp.alsa-project.org/pub/lib/$pkgname-$pkgver.tar.bz2
+	nocxx.patch"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$pkgver"
+	patch configure < ../nocxx.patch || return 1
+	./configure --prefix=/usr --disable-python
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+}
+md5sums="6e9080ba1faa5d3739d14dd76c62d8dc  alsa-lib-1.0.20.tar.bz2
+28513788ba4d556ccd538867dc6205ab  nocxx.patch"
diff --git a/main/alsa-lib/nocxx.patch b/main/alsa-lib/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/alsa-lib/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/amavisd-new/APKBUILD b/main/amavisd-new/APKBUILD
new file mode 100644
index 0000000000..c6c79173af
--- /dev/null
+++ b/main/amavisd-new/APKBUILD
@@ -0,0 +1,51 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=amavisd-new
+pkgver=2.6.3
+pkgrel=0
+pkgdesc="High-performance interface between mailer (MTA) and content checkers"
+url="http://www.ijs.si/software/amavisd"
+license="GPL-2"
+depends="uclibc sed file perl perl-archive-zip perl-convert-tnef
+perl-convert-uulib perl-mime-tools perl-mail-tools perl-net-server
+perl-io-stringy perl-unix-syslog perl-db perl-mail-dkim"
+makedepends=""
+install="$pkgname.post-install"
+subpackages=""
+source="http://www.ijs.si/software/amavisd/$pkgname-$pkgver.tar.gz
+$pkgname.post-install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	(
+	HOME=/var/amavis
+	QUARANTINE=$HOME/quarantine
+	USER=amavis
+	GROUP=amavis
+	DIRS="$HOME $HOME/tmp $HOME/var $HOME/db $HOME/home $QUARANTINE"
+	CONFIG=/etc/amavisd.conf
+
+	for dir in $DIRS
+	do
+		if [ ! -d "${pkgdir}$dir" ]; then
+			mkdir -p ${pkgdir}$dir
+		fi
+		chown -R amavis.amavis $HOME
+	done
+
+	install -m 755 -o root -D amavisd $pkgdir/usr/sbin/amavisd
+	install -m 755 -o root -D amavisd-nanny $pkgdir/usr/bin/amavisd-nanny
+	install -m 755 -o root -D amavisd-release $pkgdir/usr/bin/amavisd-release
+	sed -e "s:^.*\$MYHOME = .*$:\$MYHOME = '$HOME';:" \
+	 -e 's:^.*\$TEMPBASE = .*$:\$TEMPBASE = "\$MYHOME/tmp";:' \
+	 -e 's:^.*\$db_home  = .*$:\$db_home = "$MYHOME/db";:' \
+	 -e "s:^.*\$QUARANTINEDIR = .*$:\$QUARANTINEDIR = '$QUARANTINE';:" \
+	 -e "s:^.*\$daemon_user  = 'vscan';\(.*\)$:\$daemon_user  = 'amavis';\1:" \
+	 -e "s:^.*\$daemon_group = 'vscan';\(.*\)$:\$daemon_group  = 'amavis';\1:" < amavisd.conf > amavisd.conf.alpine
+	install -m 640 -o root -g amavis -D amavisd.conf.alpine ${pkgdir}${CONFIG}
+	install -m 755 -D ../../amavisd.init $pkgdir/etc/init.d/amavisd
+	)
+}
+
+md5sums="02b0bd38b40258841c60479603dc6842  amavisd-new-2.6.3.tar.gz
+4b5cb0c750ab11d9d211a4e389545d6d  amavisd-new.post-install"
diff --git a/main/amavisd-new/amavisd-new.post-install b/main/amavisd-new/amavisd-new.post-install
new file mode 100755
index 0000000000..56cad39f52
--- /dev/null
+++ b/main/amavisd-new/amavisd-new.post-install
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+HOME=/var/amavis
+QUARANTINE=$HOME/quarantine
+USER=amavis
+GROUP=amavis
+DIRS="$HOME $HOME/tmp $HOME/var $HOME/db $HOME/home $QUARANTINE"
+CONFIG=/etc/amavisd.conf
+
+addgroup $USER
+adduser -h $HOME -s /bin/false -G $GROUP -D $USER
+chown -R $USER:$GROUP $HOME
+chmod -R 750 $HOME
+chown root:$GROUP $CONFIG
diff --git a/main/amavisd-new/amavisd.init b/main/amavisd-new/amavisd.init
new file mode 100644
index 0000000000..23f92af3f3
--- /dev/null
+++ b/main/amavisd-new/amavisd.init
@@ -0,0 +1,23 @@
+#!/sbin/runscript
+
+PIDFILE="/var/amavis/amavisd.pid"
+
+depend() {
+	need net
+	use logger
+	use antivirus
+	before mta
+}
+
+start() {
+	ebegin "Starting amavisd-new"
+	start-stop-daemon --start --quiet --name amavisd --pidfile ${PIDFILE} \
+	 --exec /usr/sbin/amavisd
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping amavisd-new"
+	start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
+	eend $?
+}
diff --git a/main/apg/APKBUILD b/main/apg/APKBUILD
new file mode 100644
index 0000000000..98d41665a6
--- /dev/null
+++ b/main/apg/APKBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=apg
+pkgver=2.2.3
+pkgrel=0
+pkgdesc="Automated Password Generator."
+url="http://www.adel.nursat.kz/apg/index.shtml"
+license="custom"
+subpackages="$pkgname-doc"
+depends=
+makedepends=""
+source="http://www.adel.nursat.kz/apg/download/$pkgname-$pkgver.tar.gz"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	sed -i 's:^#\(CS_LIBS = -lnsl\)$:\1:' Makefile
+	make || return 1
+	for i in apg apgbfm; do
+		install -D -m755 $i "$pkgdir"/usr/bin/$i
+		install -D -m644 doc/man/$i.1 "$pkgdir"/usr/man/man1/$i.1
+	done
+	install -D -m 644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+md5sums="3b3fc4f11e90635519fe627c1137c9ac  apg-2.2.3.tar.gz"
diff --git a/main/apk-tools/APKBUILD b/main/apk-tools/APKBUILD
new file mode 100644
index 0000000000..2f8bd959cb
--- /dev/null
+++ b/main/apk-tools/APKBUILD
@@ -0,0 +1,30 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=apk-tools
+pkgver=2.0_pre15
+pkgrel=0
+pkgdesc="Alpine Package Keeper - package manager for alpine"
+depends=
+makedepends="zlib-dev openssl-dev pkgconfig"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
+	"
+
+
+url="http://git.alpinelinux.org/cgit/apk-tools/"
+license=GPL-2
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	sed -i -e 's:-Werror::' Make.rules
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	cd "$pkgdir/sbin"
+	ln -s apk apk_add
+	ln -s apk apk_audit
+	ln -s apk apk_del
+	ln -s apk apk_index
+	ln -s apk apk_info
+	ln -s apk apk_version
+}
+
+md5sums="58d42ef75bbc8bf3cb2d7fab0fa4e583  apk-tools-2.0_pre15.tar.bz2"
diff --git a/main/apr-util/APKBUILD b/main/apr-util/APKBUILD
new file mode 100644
index 0000000000..38ab8eadf3
--- /dev/null
+++ b/main/apr-util/APKBUILD
@@ -0,0 +1,32 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=apr-util
+pkgver=1.3.7
+pkgrel=0
+pkgdesc="The Apache Portable Runtime"
+url="http://apr.apache.org/"
+license="APACHE"
+depends=
+subpackages="$pkgname-dev"
+makedepends="apr-dev expat-dev e2fsprogs-dev"
+source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--with-apr=/usr \
+		--without-pgsql \
+		--without-mysql \
+		--without-sqlite2 \
+		--without-sqlite3 \
+		--without-berkeley-db \
+		--without-gdbm \
+		--without-ldap-lib
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	# we dont need this one
+	rm "$pkgdir"/usr/lib/*.exp
+}
+
+md5sums="2ed3ae6734290296faa193e1177d50e6  apr-util-1.3.7.tar.bz2"
diff --git a/main/apr/APKBUILD b/main/apr/APKBUILD
new file mode 100644
index 0000000000..bee01f8dca
--- /dev/null
+++ b/main/apr/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=apr
+pkgver=1.3.5
+pkgrel=0
+pkgdesc="The Apache Portable Runtime"
+url="http://apr.apache.org/"
+license="APACHE"
+depends=
+makedepends="e2fsprogs-dev"
+subpackages="$pkgname-dev"
+source="http://www.apache.org/dist/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--datadir=/usr/share \
+		--enable-nonportable-atomics \
+		--with-devrandom=/dev/urandom
+	make || return 1
+	make DESTDIR=${pkgdir} install
+}
+
+# basicly everything thats not a *.so* file belongs to the -dev package
+# we override the pre-defined func.
+dev() {
+	local i
+	depends="$pkgname"
+	mkdir -p "$subpkgdir"
+	mv "$pkgdir"/* "$subpkgdir"/
+	mkdir -p "$pkgdir"/usr/lib
+	mv "$subpkgdir"/usr/lib/*.so* "$pkgdir"/usr/lib/
+	return 0
+}
+
+md5sums="9ac9a00eaa190937fdbbde7b4f03ac1e  apr-1.3.5.tar.bz2"
diff --git a/main/arpwatch/APKBUILD b/main/arpwatch/APKBUILD
new file mode 100644
index 0000000000..ed18e59661
--- /dev/null
+++ b/main/arpwatch/APKBUILD
@@ -0,0 +1,36 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+# Maintainer: 
+pkgname=arpwatch
+pkgver=2.1a15
+pkgrel=0
+pkgdesc="Ethernet monitoring program"
+url="http://www-nrg.ee.lbl.gov/"
+license="GPL"
+depends="uclibc libpcap"
+makedepends="libpcap-dev"
+install=
+subpackages=""
+source="ftp://ftp.ee.lbl.gov/$pkgname.tar.gz
+	arpwatch.confd
+	arpwatch.initd"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make -j1 || return 1
+	#install command wouldn't create directory ? 
+	mkdir -p "$pkgdir"/usr/sbin/
+	make -j1 DESTDIR="$pkgdir" install
+	
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+
+}
+
+md5sums="cebfeb99c4a7c2a6cee2564770415fe7  arpwatch.tar.gz
+dc8300ce5f02d6be95899a2982397064  arpwatch.confd
+404226ad0d10ce9b46b76f058e572426  arpwatch.initd"
diff --git a/main/arpwatch/arpwatch.confd b/main/arpwatch/arpwatch.confd
new file mode 100644
index 0000000000..f44221aa36
--- /dev/null
+++ b/main/arpwatch/arpwatch.confd
@@ -0,0 +1,12 @@
+# Config file for /etc/init.d/arpwatch
+# see arpwatch.8 for more information
+
+#IFACES="eth0 eth1"
+IFACES="eth0"
+
+# Additional options to pass to arpwatch.
+OPTIONS="-N -p"
+
+# Comment this line if you wish arpwatch to run as root user (not recommended)
+ARPUSER="arpwatch"
+
diff --git a/main/arpwatch/arpwatch.initd b/main/arpwatch/arpwatch.initd
new file mode 100644
index 0000000000..e039e1db8a
--- /dev/null
+++ b/main/arpwatch/arpwatch.initd
@@ -0,0 +1,37 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-analyzer/arpwatch/files/arpwatch.initd,v 1.1 2007/06/02 22:37:16 jokey Exp $
+
+depend() {
+	need net
+}
+
+start() {
+	for IFACE in ${IFACES}
+	do
+		ebegin "Starting arpwatch on ${IFACE}"
+		DATAFILE=/var/lib/arpwatch/${IFACE}.dat
+		[ ! -f ${DATAFILE} ] && touch ${DATAFILE}
+
+		if [ -z ${ARPUSER} ]; then
+			start-stop-daemon --start --quiet --pidfile=/var/run/arpwatch.${IFACE}.pid --exec \
+			/usr/sbin/arpwatch -- -i ${IFACE} -f ${DATAFILE} -P /var/run/arpwatch.${IFACE}.pid ${OPTIONS}
+		else
+			chown ${ARPUSER} ${DATAFILE}
+			start-stop-daemon --start --quiet --pidfile=/var/run/arpwatch.${IFACE}.pid --exec \
+			/usr/sbin/arpwatch -- -i $IFACE -u ${ARPUSER} -f ${DATAFILE} -P /var/run/arpwatch.${IFACE}.pid ${OPTIONS}
+		fi
+		eend $?
+	done
+}
+
+stop() {
+	for IFACE in ${IFACES}
+	do
+		ebegin "Stopping arpwatch on ${IFACE}"
+		start-stop-daemon --stop --quiet --pidfile=/var/run/arpwatch.${IFACE}.pid --exec \
+		/usr/sbin/arpwatch
+		eend $?
+	done
+}
diff --git a/main/aspell/APKBUILD b/main/aspell/APKBUILD
new file mode 100644
index 0000000000..3a3cef36aa
--- /dev/null
+++ b/main/aspell/APKBUILD
@@ -0,0 +1,31 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=aspell
+pkgver=0.60.6
+_pkgmajorver=${pkgver%.*}
+pkgrel=0
+pkgdesc="A spell checker designed to eventually replace Ispell"
+url="http://aspell.net/"
+license="LGPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends="ncurses-dev uclibc++-dev perl"
+install=
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	libmath.patch"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	export CXX=${CXX_UC:-g++-uc}
+
+	./configure --prefix=/usr || return 1
+
+	# we want add -lm to linker flag for libaspell so wil build that
+	# separately. this is just an ugly workaround
+	make libaspell.la LDFLAGS="$LDFLAGS -lm" || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	ln -s $pkgname-${_pkgmajorver} "$pkgdir"/usr/lib/$pkgname || return 1
+}
+md5sums="bc80f0198773d5c05086522be67334eb  aspell-0.60.6.tar.gz
+715f4e138ab33b27201d90cbc98b4fb3  libmath.patch"
diff --git a/main/aspell/libmath.patch b/main/aspell/libmath.patch
new file mode 100644
index 0000000000..3fad33a5d2
--- /dev/null
+++ b/main/aspell/libmath.patch
@@ -0,0 +1,11 @@
+--- a/Makefile.orig	2009-05-21 08:22:51.000000000 +0000
++++ b/Makefile	2009-05-21 08:23:06.000000000 +0000
+@@ -568,7 +568,7 @@
+ 	lib/string_list-c.cpp lib/find_speller.cpp lib/speller-c.cpp \
+ 	lib/string_pair_enumeration-c.cpp lib/new_checker.cpp \
+ 	modules/filter/url.cpp $(am__append_3)
+-libaspell_la_LIBADD = $(LTLIBINTL) $(PTHREAD_LIB)
++libaspell_la_LIBADD = $(LTLIBINTL) $(PTHREAD_LIB) -lm
+ libaspell_la_LDFLAGS = -version-info 16:4:1 -no-undefined
+ #libaspell_la_LDFLAGS = -version-info 16:4:0 -no-undefined
+ libpspell_la_SOURCES = lib/dummy.cpp
diff --git a/main/asterisk/100-uclibc-daemon.patch b/main/asterisk/100-uclibc-daemon.patch
new file mode 100644
index 0000000000..4956791d4d
--- /dev/null
+++ b/main/asterisk/100-uclibc-daemon.patch
@@ -0,0 +1,44 @@
+diff -Nru asterisk-1.6.1-beta4.org/main/asterisk.c asterisk-1.6.1-beta4/main/asterisk.c
+--- asterisk-1.6.1-beta4.org/main/asterisk.c	2008-12-12 23:05:58.000000000 +0100
++++ asterisk-1.6.1-beta4/main/asterisk.c	2008-12-23 15:28:21.000000000 +0100
+@@ -3295,9 +3295,40 @@
+ #if HAVE_WORKING_FORK
+ 	if (ast_opt_always_fork || !ast_opt_no_fork) {
+ #ifndef HAVE_SBIN_LAUNCHD
++#ifndef __UCLIBC__
+ 		if (daemon(1, 0) < 0) {
+ 			ast_log(LOG_ERROR, "daemon() failed: %s\n", strerror(errno));
+ 		}
++#else
++		/*
++		 * workaround for uClibc-0.9.29 mipsel bug:
++		 * recursive mutexes do not work if uClibc daemon() function has been called,
++		 * if parent thread locks a mutex
++		 * the child thread cannot acquire a lock with the same name
++		 * (same code works if daemon() is not called)
++		 * but duplication of uClibc daemon.c code in here does work.
++		 */
++		int fd;
++		switch (fork()) {
++			case -1:
++				exit(1);
++			case 0:
++				break;
++			default:
++				_exit(0);
++		}
++		if (setsid() == -1)
++			exit(1);
++		if (fork())
++			_exit(0);
++		if ((fd = open("/dev/null", O_RDWR, 0)) != -1) {
++			dup2(fd, STDIN_FILENO);
++			dup2(fd, STDOUT_FILENO);
++			dup2(fd, STDERR_FILENO);
++			if (fd > 2)
++				close(fd);
++		}
++#endif
+ 		ast_mainpid = getpid();
+ 		/* Blindly re-write pid file since we are forking */
+ 		unlink(ast_config_AST_PID);
diff --git a/main/asterisk/101-caps-uclibc.patch b/main/asterisk/101-caps-uclibc.patch
new file mode 100644
index 0000000000..1acf87f34f
--- /dev/null
+++ b/main/asterisk/101-caps-uclibc.patch
@@ -0,0 +1,17 @@
+--- asterisk-1.6.0-beta7.1/configure.ac.orig	2008-04-04 07:31:06 +0000
++++ asterisk-1.6.0-beta7.1/configure.ac	2008-04-04 07:36:14 +0000
+@@ -522,9 +522,11 @@
+ 
+ AST_EXT_LIB_CHECK([CURSES], [curses], [initscr], [curses.h])
+ 
+-if test "x${host_os}" = "xlinux-gnu" ; then
+-  AST_EXT_LIB_CHECK([CAP], [cap], [cap_from_text], [sys/capability.h])
+-fi
++case "${host_os}" in
++    linux*)
++    AST_EXT_LIB_CHECK([CAP], [cap], [cap_from_text], [sys/capability.h])
++    ;;
++esac
+ 
+ # BSD might not have exp2, and/or log2
+ AST_EXT_LIB_CHECK([EXP2L], [m], [exp2l])
diff --git a/main/asterisk/102-gsm-pic.patch b/main/asterisk/102-gsm-pic.patch
new file mode 100644
index 0000000000..71370ec0b7
--- /dev/null
+++ b/main/asterisk/102-gsm-pic.patch
@@ -0,0 +1,54 @@
+---  a/codecs/gsm/Makefile.org	2008-03-29 11:33:09.000000000 +0100
++++  b/codecs/gsm/Makefile	2008-03-29 11:44:40.000000000 +0100
+@@ -37,23 +37,6 @@
+ ######### ppro's, etc, as well as the AMD K6 and K7.  The compile will
+ ######### probably require gcc. 
+ 
+-ifeq (, $(findstring $(OSARCH) , Darwin SunOS ))
+-ifeq (, $(findstring $(PROC) , x86_64 amd64 ultrasparc sparc64 arm armv5b armeb ppc powerpc ppc64 ia64 s390 bfin mipsel mips))
+-ifeq (, $(findstring $(shell uname -m) , ppc ppc64 alpha armv4l s390 ))
+-OPTIMIZE+=-march=$(PROC)
+-endif
+-endif
+-endif
+-
+-#The problem with sparc is the best stuff is in newer versions of gcc (post 3.0) only.
+-#This works for even old (2.96) versions of gcc and provides a small boost either way.
+-#A ultrasparc cpu is really v9 but the stock debian stable 3.0 gcc doesn't support it.
+-#So we go lowest common available by gcc and go a step down, still a step up from
+-#the default as we now have a better instruction set to work with. - Belgarath
+-ifeq ($(PROC),ultrasparc)
+-OPTIMIZE+=-mcpu=v8 -mtune=$(PROC) -O3 
+-endif
+-
+ PG =
+ #PG = -g -pg
+ ######### Profiling flags.  If you don't know what that means, leave it blank.
+@@ -208,12 +191,10 @@
+ # XXX Keep a space after each findstring argument
+ # XXX should merge with GSM_OBJECTS
+ ifeq ($(OSARCH),linux-gnu)
+-ifeq (,$(findstring $(shell uname -m) , x86_64 amd64 ppc ppc64 alpha armv4l sparc64 parisc s390 ))
+-ifeq (,$(findstring $(PROC) , arm armv5b armeb powerpc ia64 s390 bfin mipsel mips ))
++ifneq ($(K6OPT),)
+ GSM_SOURCES+= $(SRC)/k6opt.s
+ endif
+ endif
+-endif
+ 
+ TOAST_SOURCES = $(SRC)/toast.c 		\
+ 		$(SRC)/toast_lin.c	\
+@@ -260,12 +241,10 @@
+ 		$(SRC)/table.o
+ 
+ ifeq ($(OSARCH),linux-gnu)
+-ifeq (,$(findstring $(shell uname -m) , x86_64 amd64 ppc ppc64 alpha armv4l sparc64 parisc ))
+-ifeq (,$(findstring $(PROC) , arm armv5b armeb powerpc ia64 bfin mipsel mips ))
++ifneq ($(K6OPT),)
+ GSM_OBJECTS+= $(SRC)/k6opt.o
+ endif
+ endif
+-endif
+ 
+ TOAST_OBJECTS =	$(SRC)/toast.o 		\
+ 		$(SRC)/toast_lin.o	\
diff --git a/main/asterisk/103-rundir.patch b/main/asterisk/103-rundir.patch
new file mode 100644
index 0000000000..367dc7163f
--- /dev/null
+++ b/main/asterisk/103-rundir.patch
@@ -0,0 +1,11 @@
+--- asterisk-1.4.0/Makefile.orig	2006-12-24 03:07:19.000000000 +0000
++++ asterisk-1.4.0/Makefile	2006-12-24 03:07:57.000000000 +0000
+@@ -109,7 +109,7 @@
+   ASTSBINDIR=$(sbindir)
+   ASTSPOOLDIR=$(localstatedir)/spool/asterisk
+   ASTLOGDIR=$(localstatedir)/log/asterisk
+-  ASTVARRUNDIR=$(localstatedir)/run
++  ASTVARRUNDIR=$(localstatedir)/run/asterisk
+   ASTMANDIR=$(mandir)
+ ifeq ($(OSARCH),FreeBSD)
+   ASTVARLIBDIR=$(prefix)/share/asterisk
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD
new file mode 100644
index 0000000000..7e8bb1d182
--- /dev/null
+++ b/main/asterisk/APKBUILD
@@ -0,0 +1,96 @@
+# Contributor: Timo Teras <timo.teras@iki.fi>
+# Maintainer: Timo Teras <timo.teras@iki.fi>
+pkgname=asterisk
+pkgver=1.6.0.10
+pkgrel=1
+pkgdesc="Asterisk: A Module Open Source PBX System"
+url="http://www.asterisk.org/"
+license="GPL"
+depends=
+makedepends="autoconf automake libtool ncurses-dev popt-dev newt-dev zlib-dev
+	postgresql-dev unixodbc-dev dahdi-tools-dev libpri-dev tar
+	freetds-dev openssl-dev"
+install="$pkgname.pre-install $pkgname.post-install"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-pgsql $pkgname-odbc
+	$pkgname-tds"
+source="http://downloads.digium.com/pub/asterisk/releases/$pkgname-$pkgver.tar.gz
+	100-uclibc-daemon.patch
+	101-caps-uclibc.patch
+	102-gsm-pic.patch	
+	103-rundir.patch	
+	asterisk.pre-install
+	asterisk.post-install
+	asterisk.initd
+	asterisk.confd"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../[1-9]*.patch; do
+		msg "Apply $i"
+		patch -p1 < $i || return 1
+	done
+
+	sed -i -e 's/PBX_ICONV=1/PBX_ICONV=0/g' configure.ac
+
+	./bootstrap.sh
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--libdir=/usr/lib \
+		--localstatedir=/var \
+		--disable-xmldoc --with-gsm=internal \
+		--without-iconv --with-popt --with-z --with-newt \
+		--with-odbc --with-postgres --with-tds \
+		--with-dahdi --with-pri --with-tonezone \
+		--without-x11 \
+		|| return 1
+
+	# and figure out which modules to build
+	rm menuselect.makeopts
+	make menuselect.makeopts
+	make -j1 || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+	install -d "$pkgdir"/var/run/asterisk
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+
+_find_and_move() {
+	local pattern="$1"
+	cd "$pkgdir" || return 1
+	find -name "$pattern" -type f | while read f; do
+		local dest="$subpkgdir/${f%/*}"
+		mkdir -p "$dest"
+		mv "$f" "$dest"
+	done
+}
+
+pgsql() {
+	depends=
+	install=
+	_find_and_move '*_pgsql*'
+}
+
+odbc() {
+	depends=
+	install=
+	_find_and_move '*odbc*'
+}
+
+tds() {
+	depends=
+	install=
+	_find_and_move '*_tds*'
+}
+
+md5sums="c5e3ceaea876e602b1057d751278b497  asterisk-1.6.0.10.tar.gz
+b00c9d98ce2ad445501248a197c6e436  100-uclibc-daemon.patch
+929f740db7043b4553544ebcc7315c91  101-caps-uclibc.patch
+97b39fd9777a2521d4f9f095482b7ac2  102-gsm-pic.patch
+5008f51c737ec91f5047519bc9f25b85  103-rundir.patch
+b4a97cb1ec3cc3f71a10ce8c067ab430  asterisk.pre-install
+62ecffc90b6714b85f377d1fac73c58b  asterisk.post-install
+c618b7fdf4a9edf4cde6d8ccd1e32ee6  asterisk.initd
+ed31d7ba37bcf8b0346dcf8593c395f0  asterisk.confd"
diff --git a/main/asterisk/asterisk.confd b/main/asterisk/asterisk.confd
new file mode 100644
index 0000000000..fe9f138ab7
--- /dev/null
+++ b/main/asterisk/asterisk.confd
@@ -0,0 +1,91 @@
+#
+# Additional options for asterisk
+#
+# see "asterisk -h" for a list of options
+#
+ASTERISK_OPTS=""
+
+#
+# User and group to run asterisk as
+#
+# Value: double-colon separated list of user and group, or empty to run as root:
+#
+#
+# "asterisk:asterisk" to run as user "asterisk" and group "asterisk"
+#          "asterisk" to run as user "asterisk" and all groups that user "asterisk" is a member of
+#         ":asterisk" to run as user "root" and group "asterisk"
+#                  "" to run as user "root" and group "root"
+#
+ASTERISK_USER="asterisk"
+
+#
+# Nicelevel
+#
+# Set the priority of the asterisk process
+#
+# Value: (highest) -20..19 (lowest)
+#
+#ASTERISK_NICE="19"
+
+#
+# Wrapper script
+#
+# Value: yes or no/empty
+#
+ASTERISK_WRAPPER="no"
+
+############# Wrapper script settings #############
+
+#
+# Send crash notifications emails to this address
+# (needs a working mail service and /usr/sbin/sendmail to do so (e.g. ssmtp))
+#
+# Value: Email address or empty to disable
+#
+#ASTERISK_NOTIFY_EMAIL="root"
+
+#
+# Send asterisk's output to this terminal
+#
+# Value: Full path to device node or a number
+#
+#ASTERISK_TTY="/dev/tty9"
+
+#
+# Start an asterisk console on the terminal specified by ASTERISK_TTY
+#
+# Warning! Use only for debugging, this is a potential security issue!
+#
+# Value: yes or no/empty
+#
+ASTERISK_CONSOLE="no"
+
+#
+# Maximum size of core files. 
+#
+# Value: Size in bytes, unlimited for no limit or empty to disable.
+# 
+#ASTERISK_CORE_SIZE="unlimited"
+
+#
+# ASTERISK_CORE_DIR
+#
+# Value: Directory (will be created if non-existant), default is /tmp
+#
+ASTERISK_CORE_DIR="/var/lib/asterisk/coredump"
+
+#
+# Max number of filedescriptors
+#
+# Value: Number of descriptors
+#
+#ASTERISK_MAX_FD="1024"
+
+#
+# Kill these tasks after asterisk crashed (ASTERISK_WRAPPER=yes only!)
+#
+# Warning! This will kill _ALL_ tasks with the specified names!
+#
+# Value: Space separated list of names in double quotes (e.g. "mpg123 mad")
+#
+#ASTERISK_CLEANUP_ON_CRASH="mpg123 asterisk-mpg123 mad"
diff --git a/main/asterisk/asterisk.initd b/main/asterisk/asterisk.initd
new file mode 100644
index 0000000000..864a96b3cf
--- /dev/null
+++ b/main/asterisk/asterisk.initd
@@ -0,0 +1,250 @@
+#!/sbin/runscript
+
+opts="${opts} forcestop reload"
+
+depend() {
+	need net
+	use nscd dns zaptel mysql postgresql slapd capi
+}
+
+is_running() {
+	if [ -z "$(pidof asterisk)" ]; then
+		return 1
+	else
+		PID="$(cat /var/run/asterisk/asterisk.pid 2>/dev/null)"
+		for x in $(pidof asterisk); do
+			if [ "${x}" = "${PID}" ]; then
+				return 0
+			fi	
+		done
+	fi
+
+	return 1
+}
+
+asterisk_run_loop() {
+	local OPTS ARGS MSG NICE=""
+	local result=0 signal=0
+
+	# default options
+	OPTS="-f"  # don't fork / detach breaks wrapper script...
+
+	# filter (redundant) arguments
+	ARGS="$(echo "${@}" | sed -e "s:-c\|-f::g")"
+
+	# mangle yes/no options
+	ASTERISK_CONSOLE="$(echo ${ASTERISK_CONSOLE} | tr '[:lower:]' '[:upper:]')"
+
+	if [ -n "${ASTERISK_CORE_SIZE}" ] &&
+	   [ "${ASTERISK_CORE_SIZE}" != "0" ]; then
+		ulimit -c ${ASTERISK_CORE_SIZE}
+
+		if [ -n "${ASTERISK_CORE_DIR}" ] && \
+		   [ ! -d "${ASTERISK_CORE_DIR}" ]
+		then
+			mkdir -m750 -p "${ASTERISK_CORE_DIR}"
+
+			if [ -n "${ASTERISK_USER}" ]; then
+				chown -R "${ASTERISK_USER}" "${ASTERISK_CORE_DIR}"
+			fi
+		fi
+		ASTERISK_CORE_DIR="${ASTERISK_CORE_DIR:-/tmp}"
+
+		cd "${ASTERISK_CORE_DIR}"
+		echo "   Core dump size            : ${ASTERISK_CORE_SIZE}"
+		echo "   Core dump location        : ${ASTERISK_CORE_DIR}"
+	fi
+
+	if [ -n "${ASTERISK_MAX_FD}" ]; then
+		ulimit -n ${ASTERISK_MAX_FD}
+		echo "   Max open filedescriptors  : ${ASTERISK_MAX_FD}"
+	fi
+
+	if [ -n "${ASTERISK_NICE}" ]; then
+		echo "   Nice level                : ${ASTERISK_NICE}"
+		NICE="nice -n ${ASTERISK_NICE} --"
+	fi
+
+	if [ -n "${ASTERISK_NOTIFY_EMAIL}" ]; then
+		if [ -x /usr/sbin/sendmail ]; then
+			echo "   Email notifications go to : ${ASTERISK_NOTIFY_EMAIL}"
+		else
+			echo "   Notifications disabled, /usr/sbin/sendmail doesn't exist or is not executable!"
+			unset ASTERISK_NOTIFY_EMAIL
+		fi
+	fi
+
+	if [ -n "${ASTERISK_TTY}" ]; then
+		for x in ${ASTERISK_TTY} \
+			 /dev/tty${ASTERISK_TTY} \
+			 /dev/vc/${ASTERISK_TTY}
+		do
+			if [ -c "${x}" ]; then
+				TTY="${x}"
+			fi
+		done
+		[ -n "${TTY}" ] && \
+			echo "   Messages are sent to      : ${TTY}"
+	fi
+
+	if [ "${ASTERISK_CONSOLE}" = "YES" ] && [ -n "${TTY}" ]; then
+		echo "   Starting Asterisk console : ${ASTERISK_CONSOLE}"
+		OPTS="${OPTS} -c"
+	fi
+
+	OPTS="${OPTS} ${ARGS}"
+
+	while :; do
+
+		if [ -n "${TTY}" ]; then
+			/usr/bin/stty -F ${TTY} sane
+			${NICE} /usr/sbin/asterisk ${OPTS} >${TTY} 2>&1 <${TTY}
+			result=$?
+		else
+			${NICE} /usr/sbin/asterisk ${OPTS} &>/dev/null
+			result=$?
+		fi		
+
+		if [ $result -eq 0 ]; then
+			echo "Asterisk terminated normally"
+			break
+		else
+			if [ $result -gt 128 ]; then
+				signal=$((result -  128))
+				MSG="Asterisk terminated with Signal: $signal"
+
+				CORE_TARGET="core-$(date "+%Y%m%d-%h%M%s")"
+
+				local CORE_DUMPED=0
+				if [ -f "${ASTERISK_CORE_DIR}/core" ]; then
+					mv "${ASTERISK_CORE_DIR}/core" \
+					   "${ASTERISK_CORE_DIR}/${CORE_TARGET}"
+					CORE_DUMPED=1
+
+				elif [ -f "${ASTERISK_CORE_DIR}/core.${PID}" ]; then
+					mv "${ASTERISK_CORE_DIR}/core.${PID}" \
+					   "${ASTERISK_CORE_DIR}/${CORE_TARGET}"
+					CORE_DUMPED=1
+
+				fi
+
+				[ $CORE_DUMPED -eq 1 ] && \
+					MSG="${MSG}\n\rCore dumped: ${ASTERISK_CORE_DIR}/${CORE_TARGET}"
+			else
+				MSG="Asterisk terminated with return code: $result"
+			fi
+
+			# kill left-over tasks
+			for X in ${ASTERISK_CLEANUP_ON_CRASH}; do
+				kill -9 $(pidof ${X});
+			done
+		fi
+
+		[ -n "${TTY}" ] \
+			&& echo "${MSG}" >${TTY} \
+			|| echo "${MSG}"
+
+
+		if [ -n "${ASTERISK_NOTIFY_EMAIL}" ] && \
+		   [ -x /usr/sbin/sendmail ]; then
+			echo -e -n "Subject: Asterisk crashed\n\r${MSG}\n\r" |\
+				 /usr/sbin/sendmail "${ASTERISK_NOTIFY_EMAIL}"
+		fi
+		sleep 5
+		echo "Restarting Asterisk..."
+	done
+	return 0
+}
+
+start() {
+	local OPTS USER GROUP PID
+	local tmp x
+
+	if [ -n "${ASTERISK_NICE}" ]; then
+		if [ ${ASTERISK_NICE} -ge -20 ] && \
+		   [ ${ASTERISK_NICE} -le  19 ]; then 
+			OPTS="--nicelevel ${ASTERISK_NICE}"
+		else
+			eerror "Nice value must be between -20 and 19"
+			return 1
+		fi
+	fi
+
+	if [ -n "${ASTERISK_USER}" ]; then
+		USER=$(echo $ASTERISK_USER | sed 's/:.*//')
+		GROUP=$(echo $ASTERISK_USER | awk -F: '/.*:.*/ { print $2 }')
+		if [ -n "${USER}" ]; then
+			ASTERISK_OPTS="${ASTERISK_OPTS} -U ${USER}"
+		fi
+		if [ -n "${GROUP}" ]; then
+			ASTERISK_OPTS="${ASTERISK_OPTS} -G ${GROUP}"
+			GROUP=":${GROUP}"	# make it look nice...
+		fi
+		ebegin "Starting asterisk PBX (as ${USER}${GROUP})"
+	else
+		ebegin "Starting asterisk PBX (as root)"
+	fi
+
+	if [ "$(echo ${ASTERISK_WRAPPER} | tr '[:upper:]' '[:lower:]')" != "yes" ]; then
+		start-stop-daemon --start --exec /usr/sbin/asterisk \
+			${OPTS} -- ${ASTERISK_OPTS}
+		result=$?
+	else
+		asterisk_run_loop ${ASTERISK_OPTS} 2>/dev/null &
+		result=$?
+	fi
+
+	if [ $result -eq 0 ]; then
+		# 2 seconds should be enough for asterisk to start
+		sleep 2 
+		is_running
+		result=$?
+	fi
+
+	eend $result
+}
+
+forcestop() {
+	ebegin "Stopping asterisk PBX"
+	start-stop-daemon --stop --pidfile /var/run/asterisk/asterisk.pid
+	eend $?
+}
+
+stop() {
+	if ! is_running; then
+		eerror "Asterisk is not running!"
+		return 0
+	fi
+
+	ebegin "Stopping asterisk PBX now"
+	/usr/sbin/asterisk -r -x "core stop now" &>/dev/null
+	# Now we have to wait until asterisk has _really_ stopped.
+	sleep 1
+	if is_running; then
+		einfon "Waiting for asterisk to shutdown ."
+		local cnt=0
+		while is_running; do
+			cnt=`expr $cnt + 1`
+			if [ $cnt -gt 60 ] ; then
+				# Waited 120 seconds now. Fail.
+				echo
+				eend 1 "Failed."
+				return
+			fi
+			sleep 2
+			echo -n "."
+		done
+		echo
+	fi
+	eend 0
+}
+
+reload() {
+	if is_running; then
+		ebegin "Forcing asterisk to reload configuration"
+		/usr/sbin/asterisk -r -x "modules reload" &>/dev/null
+		eend $?
+	else
+		eerror "Asterisk is not running!"
+	fi
+}
diff --git a/main/asterisk/asterisk.post-install b/main/asterisk/asterisk.post-install
new file mode 100644
index 0000000000..fd51c7fa5d
--- /dev/null
+++ b/main/asterisk/asterisk.post-install
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+chown -R asterisk:asterisk /var/*/asterisk
+chown -R asterisk:asterisk /etc/asterisk
+chmod -R u=rwX,g=rX,o= /etc/asterisk
+
+# set IP ToS
+# iptables -A OUTPUT -t mangle -p udp -m udp --dport 5060 -j DSCP --set-dscp 0x28
+#iptables -A OUTPUT -t mangle -p udp -m udp --sport 10000:20000 -j DSCP --set-dscp 0x28
+# more info:  http://www.voip-info.org/wiki-Asterisk+non-root
+
diff --git a/main/asterisk/asterisk.pre-install b/main/asterisk/asterisk.pre-install
new file mode 100644
index 0000000000..f4724251f3
--- /dev/null
+++ b/main/asterisk/asterisk.pre-install
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+user=asterisk
+home=/var/lib/asterisk
+adduser -h $home -s /bin/false -D $user 2>/dev/null
+mkdir -p $home
+chown $user:$user $home
+exit 0
+
diff --git a/main/aumix/APKBUILD b/main/aumix/APKBUILD
new file mode 100644
index 0000000000..034613b725
--- /dev/null
+++ b/main/aumix/APKBUILD
@@ -0,0 +1,38 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=aumix
+pkgver=2.8
+pkgrel=0
+pkgdesc="A color text mode sound mixer"
+url="http://www.jpj.net/~trevor/aumix.html"
+license="GPL"
+depends="uclibc ncurses ncurses-terminfo"
+makedepends="ncurses-dev"
+source="http://jpj.net/~trevor/aumix/aumix-$pkgver.tar.bz2
+	aumix-2.8-mute.patch
+	aumix-2.8-nohome.patch
+	aumix-2.8-save_load.patch
+	aumix.initd
+	"
+
+build() { 
+	cd "$srcdir"/aumix-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--without-gtk1 \
+		--without-gtk \
+		--disable-nls
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/aumix
+}
+md5sums="dc3fc7209752207c23e7c94ab886b340  aumix-2.8.tar.bz2
+3611c0372870a0ad67630231fe576e32  aumix-2.8-mute.patch
+6c8d691beb495257d8309e58c127acd2  aumix-2.8-nohome.patch
+113377f0f69925467a5a5b633a78160c  aumix-2.8-save_load.patch
+affaa735ad9b65a540842994caba18fd  aumix.initd"
diff --git a/main/aumix/aumix-2.8-mute.patch b/main/aumix/aumix-2.8-mute.patch
new file mode 100644
index 0000000000..8a32fd5b9b
--- /dev/null
+++ b/main/aumix/aumix-2.8-mute.patch
@@ -0,0 +1,16 @@
+Fix mute script: save volume and then set it to 0 instead of saving it directly 
+to 0. Bug #122087.
+Index: aumix-2.8/src/mute
+===================================================================
+--- aumix-2.8.orig/src/mute
++++ aumix-2.8/src/mute
+@@ -8,7 +8,8 @@
+ volumes=$(aumix -vq |tr -d ,)
+ if [ $(echo $volumes | awk '{print $2}') -ne 0 -o \
+ 	$(echo $volumes | awk '{print $3}') -ne 0 ]; then
+-	aumix -S -v 0
++	aumix -S
++	aumix -v 0
+ else
+ 	aumix -L > /dev/null
+ fi
diff --git a/main/aumix/aumix-2.8-nohome.patch b/main/aumix/aumix-2.8-nohome.patch
new file mode 100644
index 0000000000..bf20f0372c
--- /dev/null
+++ b/main/aumix/aumix-2.8-nohome.patch
@@ -0,0 +1,12 @@
+diff -Naur aumix-2.8.orig/src/common.c aumix-2.8/src/common.c
+--- aumix-2.8.orig/src/common.c	2002-10-29 13:27:51.000000000 -0800
++++ aumix-2.8/src/common.c	2004-07-22 01:28:07.684999900 -0700
+@@ -591,7 +591,7 @@
+ 	char            filename[PATH_MAX];
+ 	if (save_filename == NULL) {
+ 		home = getenv("HOME");
+-		if ((strlen(home) + strlen(AUMIXRC) + 2) < PATH_MAX) {
++		if (home && (strlen(home) + strlen(AUMIXRC) + 2) < PATH_MAX) {
+ 			sprintf(filename, "%s/.%s", home, AUMIXRC);
+ 			setfile = CheckAndOpen(filename, mode);
+ 		}
diff --git a/main/aumix/aumix-2.8-save_load.patch b/main/aumix/aumix-2.8-save_load.patch
new file mode 100644
index 0000000000..498716b517
--- /dev/null
+++ b/main/aumix/aumix-2.8-save_load.patch
@@ -0,0 +1,45 @@
+--- a/src/common.c	2002-11-28 14:22:00.000000000 +0100
++++ b/src/common.c	2002-11-28 14:23:11.000000000 +0100
+@@ -116,6 +116,7 @@
+ int             main(int argc, char *argv[])
+ {
+ 	int             optn, ii;
++	int		save = 0, load = 0;
+ #ifdef HAVE_CURSES
+ 	int             setcolors = FALSE;
+ #endif				/* HAVE_CURSES */
+@@ -171,14 +172,10 @@
+ 				break;
+ #endif				/* HAVE_CURSES */
+ 			case 'S':	/* Save to file. */
+-				if (mixer_fd == -1)
+-					ErrorExitWarn(InitializeMixer(device_filename), 'e');
+-				ErrorExitWarn(SaveSettings(), 'e');
++				save = 1;
+ 				break;
+ 			case 'L':	/* Load from file. */
+-				if (mixer_fd == -1)
+-					ErrorExitWarn(InitializeMixer(device_filename), 'e');
+-				ErrorExitWarn(LoadSettings(), 'e');
++				load = 1;
+ 				break;
+ #if defined (HAVE_CURSES) || defined (HAVE_GTK) || defined (HAVE_GTK1)
+ 			case 'I':	/* User asked for interactive mode. */
+@@ -194,6 +191,17 @@
+ 			}
+ 		}
+ 	}
++	if (save | load) {
++		if (mixer_fd == -1)
++			ErrorExitWarn(InitializeMixer(device_filename), 'e');
++		if (save)
++			ErrorExitWarn(SaveSettings(), 'e');
++		else
++			ErrorExitWarn(LoadSettings(), 'e');
++		close(mixer_fd);
++		exit(EXIT_SUCCESS);
++	}
++	
+ #if defined (HAVE_CURSES) || defined (HAVE_GTK) || defined (HAVE_GTK1)
+ /* Be interactive if no options were given. */
+ 	if (!interactive && argc <= 1)
diff --git a/main/aumix/aumix.initd b/main/aumix/aumix.initd
new file mode 100644
index 0000000000..2c1741b3b9
--- /dev/null
+++ b/main/aumix/aumix.initd
@@ -0,0 +1,42 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-sound/aumix/files/aumix.rc6,v 1.12 2007/03/25 13:05:51 drac Exp $
+
+depend() {
+	use modules hotplug coldplug alsasound
+}
+
+checkconfig() {
+	if ! grep -q -E 'sound|OSS|sparcaudio' /proc/devices && [ ! -d /proc/asound ] ; then
+		eerror "Sound support has not been compiled into the kernel,"
+		eerror "or is disabled.  Please check that the correct modules"
+		eerror "is loaded."
+		return 1
+	fi
+	# /dev/mixer can be a symlink
+	if [ ! -e /dev/mixer ] ; then
+		eerror "/dev/mixer does not exist, please create it, or load the"
+		eerror "correct modules to enable your card's mixer"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	if [ -f /etc/aumixrc ] ; then
+		ebegin "Loading Mixer settings"
+		/usr/bin/aumix -f /etc/aumixrc -L >/dev/null 2>&1
+	else
+		ebegin "Setting Mixer settings"
+		/usr/bin/aumix -v75 -c75 -w75 >/dev/null 2>&1
+	fi
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+	ebegin "Saving Mixer settings"
+	/usr/bin/aumix -f /etc/aumixrc -S >/dev/null 2>&1
+	eend $?
+}
diff --git a/main/autoconf/APKBUILD b/main/autoconf/APKBUILD
new file mode 100644
index 0000000000..8de79f6ef3
--- /dev/null
+++ b/main/autoconf/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=autoconf
+pkgver=2.63
+pkgrel=1
+pkgdesc="A GNU tool for automatically configuring source code"
+license="GPL2 GPL3"
+url="http://www.gnu.org/software/autoconf"
+depends="m4 perl"
+source="ftp://ftp.gnu.org/pub/gnu/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	M4=/usr/bin/m4 ./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	rm -f "$pkgdir"/usr/share/info/dir
+	# conflict with bintuils
+	rm -f "$pkgdir"/usr/share/info/standards.info
+}
+
+md5sums='43d76649fb86cd21d64f68c48d5abdcf  autoconf-2.63.tar.gz'
diff --git a/main/automake/APKBUILD b/main/automake/APKBUILD
new file mode 100644
index 0000000000..356f68e3f5
--- /dev/null
+++ b/main/automake/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=automake
+pkgver=1.11
+pkgrel=0
+pkgdesc="A GNU tool for automatically creating Makefiles"
+arch=i486
+license=GPL
+url="http://www.gnu.org/software/automake"
+source=ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+depends="perl"
+makedepends="autoconf"
+subpackages="$pkgname-doc"
+
+build() {
+	cd $srcdir/$pkgname-$pkgver
+	./configure --prefix=/usr
+	make || return 1
+        make DESTDIR=$pkgdir install
+}
+
+md5sums="fab0bd2c3990a6679adaf9eeac0c6d2a  automake-1.11.tar.gz"
diff --git a/main/b43-fwcutter/APKBUILD b/main/b43-fwcutter/APKBUILD
new file mode 100644
index 0000000000..0a7f4cc6a4
--- /dev/null
+++ b/main/b43-fwcutter/APKBUILD
@@ -0,0 +1,24 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=b43-fwcutter
+pkgver=012
+pkgrel=0
+pkgdesc="Tool to extract firmware from Broadcom drivers"
+url="http://linuxwireless.org/en/users/Drivers/b43"
+license="GPL"
+depends=""
+makedepends=""
+install=
+subpackages="$pkgname-doc"
+source="http://bu3sch.de/b43/fwcutter/b43-fwcutter-012.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make || return 1
+	make PREFIX="$pkgdir"/usr install
+	mkdir -p "$pkgdir"/usr/share/
+	mv "$pkgdir"/usr/man "$pkgdir"/usr/share/
+}
+
+md5sums="69eadf67b459f313a8d6b37aaabef96c  b43-fwcutter-012.tar.bz2"
diff --git a/main/bash/APKBUILD b/main/bash/APKBUILD
new file mode 100644
index 0000000000..886c0c0669
--- /dev/null
+++ b/main/bash/APKBUILD
@@ -0,0 +1,100 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+pkgname=bash
+_myver=4.0
+_patchbase=40
+_patchlevel=024
+pkgver=${_myver}.${_patchlevel}
+pkgrel=0
+pkgdesc="The GNU Bourne Again shell"
+license='GPL'
+url="http://www.gnu.org/software/bash/bash.html"
+makedepends="readline-dev ncurses-dev bison flex"
+depends=
+source="http://ftp.gnu.org/gnu/bash/bash-${_myver}.tar.gz
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-001
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-002
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-003
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-004
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-005
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-006
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-007
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-008
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-009
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-010
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-011
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-012
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-013
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-014
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-015
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-016
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-017
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-018
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-019
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-020
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-021
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-022
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-023
+	http://ftp.gnu.org/gnu/bash/bash-4.0-patches/bash40-024
+	bash-noinfo.patch
+	"
+
+subpackages="$pkgname-doc"
+
+# run 'abuild _gensrc >> APKBUILD' to generate the patch list
+_gensrc() {
+	for _i in $(seq 1 $_patchlevel); do
+		# seq -w unsupported by busybox
+		_p=$(printf "%0.3i" $_i)
+		echo -e "\thttp://ftp.gnu.org/gnu/bash/bash-${_myver}-patches/bash${_patchbase}-$_p"
+	done
+}
+
+build() {
+	local p
+	cd ${startdir}/src/${pkgname}-${_myver}
+	for p in ../bash${_patchbase}-??? ../*.patch; do
+		msg "applying patch ${p##*/}"
+		patch -p0 -i $p || return 1
+	done
+
+	./configure --prefix=/usr \
+		--with-curses \
+		--disable-nls \
+		--enable-readline \
+		--without-bash-malloc \
+		--with-installed-readline \
+		--bindir=/bin \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make -j1 || return 1
+	make DESTDIR=${pkgdir} install
+
+	rm -rf "$pkgdir"/usr/share/locale
+}
+md5sums="a90a1b5a6db4838483f05438e05e8eb9  bash-4.0.tar.gz
+bc7f4762443939bd7dccb42370f0d932  bash40-001
+c2a4a4786a83ed4ec366c6a8924369a2  bash40-002
+22e8a824eddba21a8fce10d7984c2aba  bash40-003
+ed7cbced8c7c964323265522369a37a2  bash40-004
+8ed86b7d31423d71ecf3148251d63512  bash40-005
+5f447338cb98ff156cabf1fd9879d5f3  bash40-006
+96e946cb66a4ca186cba1da44f1ee163  bash40-007
+d3eb7b6f00d525e032478c33f51d46a8  bash40-008
+340601c997ce569532417a7ae92248b8  bash40-009
+0bd5ab96d514ffb1afbb8c7984b15146  bash40-010
+32cb20f339a20e1e9fb37a5d18f18fca  bash40-011
+33fd9e93d30a17988c19554ef26d56e0  bash40-012
+a266b42df5e9ed7e8818a8b00d50e00b  bash40-013
+86cac78f191a32cd1404f11264eb9b2a  bash40-014
+bb41963d030bc61a20e8185367b337c5  bash40-015
+f75455048a086528971252fd979b8755  bash40-016
+34b2cd57271a452f4a26b39d77ff908f  bash40-017
+99318eed8dcc05e10a14ae27043f175d  bash40-018
+af3b9aaeadc71a5007bec2b98c751cde  bash40-019
+eb7c7ddeb7e8451eb59228dca3329696  bash40-020
+585d701b978ceb63967dc020db3a2234  bash40-021
+7a70f2608f90f6ac0c2051e5f1c6c414  bash40-022
+7a23aa41630dd4fe8d30108a200e2d96  bash40-023
+82ba5fc9eb780eb57d8b7628a17b7d74  bash40-024
+80fec5f3d60a63756a4999c877e31a8e  bash-noinfo.patch"
diff --git a/main/bash/bash-noinfo.patch b/main/bash/bash-noinfo.patch
new file mode 100644
index 0000000000..dcb598a493
--- /dev/null
+++ b/main/bash/bash-noinfo.patch
@@ -0,0 +1,12 @@
+diff -Naur doc/Makefile.in.orig doc/Makefile.in
+--- doc/Makefile.in.orig	2004-07-27 05:57:48.000000000 -0700
++++ doc/Makefile.in	2005-02-11 22:44:49.000000000 -0800
+@@ -220,7 +220,7 @@
+ 		$(SHELL) $(SUPPORT_SRCDIR)/mkinstalldirs $(DESTDIR)$(htmldir) ; \
+ 	fi
+ 	
+-install: info installdirs bash.info
++install: installdirs
+ 	-$(INSTALL_DATA) $(srcdir)/bash.1 $(DESTDIR)$(man1dir)/bash${man1ext}
+ 	-$(INSTALL_DATA) $(srcdir)/bashbug.1 $(DESTDIR)$(man1dir)/bashbug${man1ext}
+ # uncomment the next line to install the builtins man page
diff --git a/main/bbsuid/APKBUILD b/main/bbsuid/APKBUILD
new file mode 100644
index 0000000000..45db1e43dc
--- /dev/null
+++ b/main/bbsuid/APKBUILD
@@ -0,0 +1,17 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bbsuid
+pkgver=0.3
+pkgrel=0
+pkgdesc="Busybox SUID root application wrapper"
+url="http://git.alpinelinux.org/cgit/bbsuid"
+license="GPL-2"
+depends="uclibc busybox"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make || return 1
+	make install DESTDIR="$pkgdir"
+}
+
+md5sums="80bbdf219d82c9478d2080211fcd8ed1  bbsuid-0.3.tar.bz2"
diff --git a/main/bc/APKBUILD b/main/bc/APKBUILD
new file mode 100644
index 0000000000..d5f1851f2d
--- /dev/null
+++ b/main/bc/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bc
+pkgver=1.06
+pkgrel=1
+pkgdesc="arbitrary precision numeric processing language (calculator)"
+url="http://www.gnu.org/software/bc/bc.html"
+license="GPL"
+depends=
+makedepends="flex readline-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://mirrors.kernel.org/gnu/bc/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="d44b5dddebd8a7a7309aea6c36fda117  bc-1.06.tar.gz"
diff --git a/main/beecrypt/APKBUILD b/main/beecrypt/APKBUILD
new file mode 100644
index 0000000000..b11cba439f
--- /dev/null
+++ b/main/beecrypt/APKBUILD
@@ -0,0 +1,39 @@
+#!/bin/sh
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=beecrypt
+pkgver=4.1.2
+pkgrel=1
+pkgdesc="general-purpose cryptography library"
+url="http://sourceforge.net/projects/beecrypt"
+license="LGPL"
+# TODO: figure out why we link libgcc_s.so.1 and do something about gcc dep
+depends="uclibc uclibc++ gcc"
+makedepends="uclibc++-dev libtool"
+
+subpackages="$pkgname-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	$pkgname-4.1.2-base64.patch
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	export CXX=g++-uc
+
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--disable-threads \
+		--enable-shared \
+		--without-java \
+		--without-python \
+		--with-cplusplus=no
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="820d26437843ab0a6a8a5151a73a657c  beecrypt-4.1.2.tar.gz
+01444edbffee71c2d8818fa66a3a8555  beecrypt-4.1.2-base64.patch"
diff --git a/main/beecrypt/beecrypt-4.1.2-base64.patch b/main/beecrypt/beecrypt-4.1.2-base64.patch
new file mode 100644
index 0000000000..c6c370bd07
--- /dev/null
+++ b/main/beecrypt/beecrypt-4.1.2-base64.patch
@@ -0,0 +1,11 @@
+Fix b64encode() for data starting with NUL from Miloslav Trmac <mitr@redhat.com>
+--- beecrypt-4.1.2/base64.c.b64	2005-04-26 21:46:27.000000000 +0200
++++ beecrypt-4.1.2/base64.c	2005-04-26 21:47:48.000000000 +0200
+@@ -253,7 +253,6 @@
+     unsigned c;
+
+     if (s == NULL)	return NULL;
+-    if (*s == '\0')	return calloc(1, sizeof(*t));
+
+     if (ns == 0) ns = strlen((const char*) s);
+     nt = ((ns + 2) / 3) * 4;
diff --git a/main/beep/APKBUILD b/main/beep/APKBUILD
new file mode 100644
index 0000000000..742998204e
--- /dev/null
+++ b/main/beep/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=beep
+pkgver=1.2.2
+pkgrel=0
+pkgdesc="A terminal bell"
+url="http://johnath.com/beep"
+license="GPL-2"
+depends="uclibc"
+makedepends=""
+#install=
+subpackages="$pkgname-doc"
+source="http://johnath.com/$pkgname/$pkgname-$pkgver.tar.gz
+        beep-1.2.2-nosuid.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	
+	patch beep.c < ../../beep-1.2.2-nosuid.patch
+
+	make || return 1
+
+	install -m755 -D "$srcdir/$pkgname-$pkgver/beep" "$pkgdir"/usr/bin/beep
+	install -m644 -D "$srcdir/$pkgname-$pkgver/beep.1.gz" "$pkgdir"/usr/share/man/man1/beep.1.gz
+}
+
+md5sums="d541419fd7e5642952d7b48cbb40c712  beep-1.2.2.tar.gz
+38e2fc3ea98ced50038799ca80fdd9ee  beep-1.2.2-nosuid.patch"
+
diff --git a/main/beep/beep-1.2.2-nosuid.patch b/main/beep/beep-1.2.2-nosuid.patch
new file mode 100644
index 0000000000..33e6affa9f
--- /dev/null
+++ b/main/beep/beep-1.2.2-nosuid.patch
@@ -0,0 +1,33 @@
+--- beep.c.orig	2005-07-23 13:37:01.000000000 -0400
++++ beep.c	2005-07-23 14:00:55.000000000 -0400
+@@ -218,22 +218,20 @@
+   int i; /* loop counter */
+ 
+   /* try to snag the console */
+-  if((console_fd = open("/dev/console", O_WRONLY)) == -1) {
+-    fprintf(stderr, "Could not open /dev/console for writing.\n");
+-    printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
+-    perror("open");
+-    exit(1);
+-  }
++  console_fd = open("/dev/console", O_WRONLY);
+   
+   /* Beep */
+   for (i = 0; i < parms.reps; i++) {                    /* start beep */
+-    if(ioctl(console_fd, KIOCSOUND, (int)(CLOCK_TICK_RATE/parms.freq)) < 0) {
+-      printf("\a");  /* Output the only beep we can, in an effort to fall back on usefulness */
+-      perror("ioctl");
++    if (console_fd >= 0) {
++      ioctl(console_fd, KIOCSOUND, (int)(CLOCK_TICK_RATE/parms.freq));
++    } else {
++      printf("\a");  /* Output the fall back for usefulness we don't have to be suid to work at all */
++      fflush(stdout);
+     }
+     /* Look ma, I'm not ansi C compatible! */
+     usleep(1000*parms.length);                          /* wait...    */
+-    ioctl(console_fd, KIOCSOUND, 0);                    /* stop beep  */
++    if (console_fd >= 0) 
++       ioctl(console_fd, KIOCSOUND, 0);                 /* stop beep  */
+     if(parms.end_delay || (i+1 < parms.reps))
+        usleep(1000*parms.delay);                        /* wait...    */
+   }                                                     /* repeat.    */
diff --git a/main/bind/APKBUILD b/main/bind/APKBUILD
new file mode 100644
index 0000000000..533bfa7177
--- /dev/null
+++ b/main/bind/APKBUILD
@@ -0,0 +1,95 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bind
+pkgver=9.6.0_p1
+pkgrel=1
+pkgdesc="BIND - Berkeley Internet Name Domain - Name Server and tools"
+url="http://www.isc.org"
+license="as-is"
+depends=uclibc
+makedepends="openssl-dev"
+install="$pkgname.pre-install $pkgname.post-install"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-libs $pkgname-tools"
+source="http://ftp.isc.org/isc/bind9/9.6.0-P1/bind-9.6.0-P1.tar.gz
+	bind.so_bsdcompat.patch
+	$pkgname.initd
+	$pkgname.confd
+	$pkgname.conf
+	$pkgname.127.zone
+	$pkgname.localhost.zone
+	$pkgname.named.ca
+	$install"
+
+build() {
+	cd "$srcdir/bind-9.6.0-P1"
+
+	### http://bugs.gentoo.org/show_bug.cgi?id=227333
+	export CFLAGS="$CFLAGS -D_GNU_SOURCE" 
+
+	# Adjusting PATHs in manpages
+	for i in bin/named/named.8 bin/check/named-checkconf.8 bin/rndc/rndc.8; do
+		sed -i \
+			-e 's:/etc/named.conf:/etc/bind/named.conf:g' \
+			-e 's:/etc/rndc.conf:/etc/bind/rndc.conf:g' \
+			-e 's:/etc/rndc.key:/etc/bind/rndc.key:g' \
+			"${i}" || return 1
+	done
+
+	patch -p0 -i "$srcdir"/bind.so_bsdcompat.patch || return 1
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/bind \
+		--localstatedir=/var \
+		--with-openssl=/usr \
+		--disable-linux-caps \
+		--without-libxml2 \
+		--disable-threads \
+		--enable-ipv6 \
+		--enable-shared \
+		--enable-static \
+		--with-libtool \
+		--with-randomdev=/dev/random \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	
+	depends="$depends $pkgname-libs"
+	
+	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/named || return 1
+	install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/named || return 1
+	install -Dm644 "$srcdir"/$pkgname.conf "$pkgdir"/etc/bind/named.conf || return 1
+	install -Dm644 "$srcdir"/$pkgname.named.ca "$pkgdir"/var/bind/named.ca || return 1
+	install -Dm644 "$srcdir"/$pkgname.127.zone "$pkgdir"/var/bind/pri/127.zone || return 1
+	install -Dm644 "$srcdir"/$pkgname.localhost.zone "$pkgdir"/var/bind/pri/localhost.zone || return 1
+	mkdir -p "$pkgdir"/var/bind/sec || return 1
+	cd "$pkgdir"/var/bind
+	ln -s named.ca root.cache || return 1
+}
+
+libs() {
+	install=""
+	mkdir -p "$subpkgdir"/usr
+	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
+}
+
+tools() {
+	install=""
+	depends="$pkgname-libs"
+	mkdir -p "$subpkgdir"/usr/bin
+	for i in dig host nslookup nsupdate; do
+		mv "$pkgdir"/usr/bin/${i} "$subpkgdir"/usr/bin/ || return 1
+	done
+}
+
+md5sums="886b7eae55cfdc8cd8d2ca74a2f99c6e  bind-9.6.0-P1.tar.gz
+f270a5b0a28ab6e818840c5c368ddbcc  bind.so_bsdcompat.patch
+3adc904c1c12f81839d9369f7241022b  bind.initd
+8b05a287976d66d51c18b73ee7523671  bind.confd
+be5fd752bdbd59385f2a559d603098d5  bind.conf
+a7455b009b7fccd74ac6f6eaa6902a00  bind.127.zone
+c3220168fabfb31a25e8c3a545545e34  bind.localhost.zone
+a94e29ac677846f3d4d618c50b7d34f1  bind.named.ca
+d3137e2de6f82acfc914d4916999cf2a  bind.pre-install
+695c957be18ec4f8ea46d0b1ff50b09b  bind.post-install"
diff --git a/main/bind/bind.127.zone b/main/bind/bind.127.zone
new file mode 100644
index 0000000000..2ad28de52c
--- /dev/null
+++ b/main/bind/bind.127.zone
@@ -0,0 +1,11 @@
+$ORIGIN 127.in-addr.arpa.
+$TTL 1W
+@			1D IN SOA	localhost. root.localhost. (
+					2002081601	; serial
+					3H		; refresh
+					15M		; retry
+					1W		; expiry
+					1D )		; minimum
+
+			1D IN NS	localhost.
+1			1D IN PTR	localhost.
diff --git a/main/bind/bind.conf b/main/bind/bind.conf
new file mode 100644
index 0000000000..d58c61bde0
--- /dev/null
+++ b/main/bind/bind.conf
@@ -0,0 +1,53 @@
+options {
+	directory "/var/bind";
+
+	// uncomment the following lines to turn on DNS forwarding,
+	// and change the forwarding ip address(es) :
+	//forward first;
+	//forwarders {
+	//	123.123.123.123;
+	//	123.123.123.123;
+	//};
+
+	listen-on-v6 { none; };
+        listen-on { 127.0.0.1; };
+
+	// to allow only specific hosts to use the DNS server:
+	//allow-query {
+	//	127.0.0.1;
+	//};
+
+	// if you have problems and are behind a firewall:
+	//query-source address * port 53;
+	pid-file "/var/run/named/named.pid";
+};
+
+// Briefly, a zone which has been declared delegation-only will be effectively
+// limited to containing NS RRs for subdomains, but no actual data beyond its
+// own apex (for example, its SOA RR and apex NS RRset). This can be used to
+// filter out "wildcard" or "synthesized" data from NAT boxes or from
+// authoritative name servers whose undelegated (in-zone) data is of no
+// interest.
+// See http://www.isc.org/products/BIND/delegation-only.html for more info
+
+//zone "COM" { type delegation-only; };
+//zone "NET" { type delegation-only; };
+
+zone "." IN {
+	type hint;
+	file "named.ca";
+};
+
+zone "localhost" IN {
+	type master;
+	file "pri/localhost.zone";
+	allow-update { none; };
+	notify no;
+};
+
+zone "127.in-addr.arpa" IN {
+	type master;
+	file "pri/127.zone";
+	allow-update { none; };
+	notify no;
+};
diff --git a/main/bind/bind.confd b/main/bind/bind.confd
new file mode 100644
index 0000000000..82d3763509
--- /dev/null
+++ b/main/bind/bind.confd
@@ -0,0 +1,14 @@
+# Set various named options here.
+OPTS=""
+
+# Set this to the number of processors you have.
+CPU="1"
+
+# User which named should run as
+USER="named"
+
+# Default pid file location
+PIDFILE="/var/run/named/named.pid"
+
+# Scheduling priority: 19 is the lowest and -20 is the highest.
+NICELEVEL="0"
diff --git a/main/bind/bind.initd b/main/bind/bind.initd
new file mode 100644
index 0000000000..6469ee79ac
--- /dev/null
+++ b/main/bind/bind.initd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+
+NAME=named
+DAEMON=/usr/sbin/$NAME
+
+depend() {
+	need net
+	use logger
+	provide dns
+}
+
+start() {
+	ebegin "Starting ${NAME}"
+	start-stop-daemon --start --quiet --background \
+		--exec ${DAEMON} --nicelevel ${NICELEVEL} \
+		-- -u ${USER} -n ${CPU} ${OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+	start-stop-daemon --stop --quiet --pidfile $PIDFILE
+	eend $?
+}
diff --git a/main/bind/bind.localhost.zone b/main/bind/bind.localhost.zone
new file mode 100644
index 0000000000..338d7050ca
--- /dev/null
+++ b/main/bind/bind.localhost.zone
@@ -0,0 +1,11 @@
+$TTL 1W
+@       IN      SOA     ns.localhost. root.localhost.  (
+                                      2002081601 ; Serial
+                                      28800      ; Refresh
+                                      14400      ; Retry
+                                      604800     ; Expire - 1 week
+                                      86400 )    ; Minimum
+@		IN      NS      ns
+ns		IN	A	127.0.0.1
+
+ns		IN	AAAA	::1
diff --git a/main/bind/bind.named.ca b/main/bind/bind.named.ca
new file mode 100644
index 0000000000..902a7047f9
--- /dev/null
+++ b/main/bind/bind.named.ca
@@ -0,0 +1,85 @@
+;       This file holds the information on root name servers needed to
+;       initialize cache of Internet domain name servers
+;       (e.g. reference this file in the "cache  .  <file>"
+;       configuration file of BIND domain name servers).
+;
+;       This file is made available by InterNIC 
+;       under anonymous FTP as
+;           file                /domain/named.root
+;           on server           FTP.INTERNIC.NET
+;       -OR-                    RS.INTERNIC.NET
+;
+;       last update:    Feb 04, 2008
+;       related version of root zone:   2008020400
+;
+; formerly NS.INTERNIC.NET
+;
+.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
+A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:BA3E::2:30
+;
+; formerly NS1.ISI.EDU
+;
+.                        3600000      NS    B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
+;
+; formerly C.PSI.NET
+;
+.                        3600000      NS    C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
+;
+; formerly TERP.UMD.EDU
+;
+.                        3600000      NS    D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
+;
+; formerly NS.NASA.GOV
+;
+.                        3600000      NS    E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
+;
+; formerly NS.ISC.ORG
+;
+.                        3600000      NS    F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
+F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
+;
+; formerly NS.NIC.DDN.MIL
+;
+.                        3600000      NS    G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
+;
+; formerly AOS.ARL.ARMY.MIL
+;
+.                        3600000      NS    H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
+H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::803f:235
+;
+; formerly NIC.NORDU.NET
+;
+.                        3600000      NS    I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
+;
+; operated by VeriSign, Inc.
+;
+.                        3600000      NS    J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
+J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:C27::2:30
+;
+; operated by RIPE NCC
+;
+.                        3600000      NS    K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129 
+K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
+;
+; operated by ICANN
+;
+.                        3600000      NS    L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
+;
+; operated by WIDE
+;
+.                        3600000      NS    M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
+M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
+; End of File
diff --git a/main/bind/bind.post-install b/main/bind/bind.post-install
new file mode 100644
index 0000000000..7e091c097c
--- /dev/null
+++ b/main/bind/bind.post-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+install -dD -o named -g named /var/run/named
+chown -R named:named /var/bind
+
diff --git a/main/bind/bind.pre-install b/main/bind/bind.pre-install
new file mode 100644
index 0000000000..c799634502
--- /dev/null
+++ b/main/bind/bind.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser -h /etc/bind -s /bin/false -D named 2>/dev/null
+exit 0
+
diff --git a/main/bind/bind.so_bsdcompat.patch b/main/bind/bind.so_bsdcompat.patch
new file mode 100644
index 0000000000..83120f77de
--- /dev/null
+++ b/main/bind/bind.so_bsdcompat.patch
@@ -0,0 +1,11 @@
+--- lib/isc/unix/socket.c.orig	2005-11-03 17:08:42.000000000 -0600
++++ lib/isc/unix/socket.c	2006-02-18 13:09:15.000000000 -0600
+@@ -245,6 +245,8 @@
+ 
+ #define SOCK_DEAD(s)			((s)->references == 0)
+ 
++#undef SO_BSDCOMPAT
++
+ static void
+ manager_log(isc_socketmgr_t *sockmgr,
+ 	    isc_logcategory_t *category, isc_logmodule_t *module, int level,
diff --git a/main/binutils/APKBUILD b/main/binutils/APKBUILD
new file mode 100644
index 0000000000..caed3abcdc
--- /dev/null
+++ b/main/binutils/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=binutils
+pkgver=2.19.51.0.9
+pkgdesc="Tools necessary to build programs"
+url=http://sources.redhat.com/binutils
+source=ftp://ftp.kernel.org/pub/linux/devel/binutils/$pkgname-$pkgver.tar.bz2
+depends=
+makedepends="bison flex texinfo zlib-dev"
+license="GPL"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--mandir /usr/share/man \
+		--build ${CHOST:-i486-alpine-linux-uclibc} \
+		--infodir /usr/share/info \
+		--enable-shared \
+		--enable-64-bit-bfd \
+		--disable-werror \
+		--disable-nls
+
+	make || return 1
+	make install DESTDIR="$pkgdir" 
+}
+md5sums="023a3d0f50a18fdebcd5b0a50c8e41ad  binutils-2.19.51.0.9.tar.bz2"
diff --git a/main/bison/APKBUILD b/main/bison/APKBUILD
new file mode 100644
index 0000000000..c0de867ead
--- /dev/null
+++ b/main/bison/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bison
+pkgver=2.4.1
+pkgrel=5
+pkgdesc="The GNU general-purpose parser generator"
+license="GPL"
+url="http://www.gnu.org/software/bison/bison.html"
+depends="uclibc m4"
+source="ftp://ftp.gnu.org/gnu/bison/${pkgname}-${pkgver}.tar.gz"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--datadir=/usr/share \
+		--infodir=/usr/share/info \
+		--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="c58aa1da418dc9704070872489e89bf5  bison-2.4.1.tar.gz"
diff --git a/main/bitlib/APKBUILD b/main/bitlib/APKBUILD
new file mode 100644
index 0000000000..91400afc90
--- /dev/null
+++ b/main/bitlib/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bitlib
+pkgver=25
+pkgrel=0
+pkgdesc="A lua library providing bitwise operations"
+url="http://luaforge.net/projects/bitlib"
+license="MIT/X11"
+depends="uclibc lua"
+makedepends="lua-dev"
+subpackages="$pkgname-dev"
+source=http://luaforge.net/frs/download.php/3065/bitlib-$pkgver.tar.gz
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="18f124c80c685f2269296a7172e600fe  bitlib-25.tar.gz"
diff --git a/main/bkeymaps/APKBUILD b/main/bkeymaps/APKBUILD
new file mode 100644
index 0000000000..416b9811cc
--- /dev/null
+++ b/main/bkeymaps/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bkeymaps
+pkgver=1.13
+pkgrel=0
+pkgdesc="Binary keymaps for busybox"
+url="http://dev.alpinelinux.org/alpine/bkeymaps"
+license="GPL"
+depends="busybox"
+source="http://dev.alpinelinux.org/alpine/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	make DESTDIR="$pkgdir" install
+}
+md5sums="a68058ab4a81cf9a8dcbaaa7a5df5b11  bkeymaps-1.13.tar.gz"
diff --git a/main/bridge-utils/APKBUILD b/main/bridge-utils/APKBUILD
new file mode 100644
index 0000000000..0caaed9bcf
--- /dev/null
+++ b/main/bridge-utils/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bridge-utils
+pkgver=1.4
+pkgrel=0
+pkgdesc="Tools for configuring the Linux kernel 802.1d Ethernet Bridge"
+url="http://bridge.sourceforge.net/"
+license="GPL-2"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="uclibc"
+makedepends="autoconf"
+source="http://download.sourceforge.net/bridge/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	autoconf
+	# src_compile
+	configure --prefix=/ \
+		--mandir=/usr/share/man \
+		--libdir=/usr/lib \
+		--includedir=/usr/include \
+		|| return 1
+	make || return 1
+	make install DESTDIR="$pkgdir" || return 1
+}
+md5sums="0182fcac3a2b307113bbec34e5f1c673  bridge-utils-1.4.tar.gz"
diff --git a/main/build-base/APKBUILD b/main/build-base/APKBUILD
new file mode 100644
index 0000000000..32c4e93b62
--- /dev/null
+++ b/main/build-base/APKBUILD
@@ -0,0 +1,12 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=build-base
+pkgver=0.2
+url=http://dev.alpinelinux.org/cgit
+pkgdesc="Meta package for build base"
+depends="binutils gcc make patch uclibc-dev g++"
+license=none
+
+build() {
+	# meta package
+	mkdir -p "$pkgdir"
+}
diff --git a/main/busybox-initscripts/APKBUILD b/main/busybox-initscripts/APKBUILD
new file mode 100644
index 0000000000..a1f74bbc70
--- /dev/null
+++ b/main/busybox-initscripts/APKBUILD
@@ -0,0 +1,54 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=busybox-initscripts
+pkgver=2.0
+pkgrel=3
+pkgdesc="Init scripts for busybox daemons"
+url="http://git.alpinelinux.org/cgit/aports/tree/core/busybox-initscripts"
+license="GPL-2"
+depends="busybox"
+makedepends=
+install=$pkgname.post-install
+subpackages=
+source="cron.initd dnsd.initd httpd.initd inetd.initd klogd.initd 
+	mdev-mount.initd mdev.initd rdate.initd syslog.initd watchdog.initd
+	cron.confd klogd.confd rdate.confd syslog.confd watchdog.confd
+	mdev.conf dvbdev ide_links usbdev usbdisk_link
+	$install"
+
+build() {
+	local i
+	cd "$srcdir"
+
+	mkdir -p "$pkgdir"/etc/conf.d "$pkgdir"/etc/init.d "$pkgdir"/lib/mdev
+	for i in *.initd; do
+		install -m755 "$srcdir"/$i "$pkgdir"/etc/init.d/${i%.*} || return 1
+	done
+	for i in *.confd; do
+		install -m644 "$srcdir"/$i "$pkgdir"/etc/conf.d/${i%.*} || return 1
+	done
+	install -m644 mdev.conf "$pkgdir"/etc
+	install -m755 dvbdev ide_links usbdev usbdisk_link "$pkgdir"/lib/mdev/
+}
+
+md5sums="131e46b2853439f436bc377a5473273f  cron.initd
+3af526f4de1a607f7932a15f7c8e8eb1  dnsd.initd
+f7daf05f9984aa398fdbd3fe02e82678  httpd.initd
+dad8e381142dfb42483de324aff4cf28  inetd.initd
+e22077bfe7b8b0fe7c06cfe208e68dca  klogd.initd
+12379687c0cfb5446e0cfc20bd6992bb  mdev-mount.initd
+ef3e93fe17964dd600364b1340654b5b  mdev.initd
+533288e7df1fdfc029b1048b8e6c770f  rdate.initd
+b5b23dd06cea120bd8d850b54bca0b59  syslog.initd
+254186e513ff9fb9ede6a2e92257b247  watchdog.initd
+8ddb8d040c9c7a32c63039a2c80ff496  cron.confd
+60bc14cc3163d76f41bcc93dc0f9984b  klogd.confd
+22adbf155ffc4595206ded6daad07812  rdate.confd
+77fb31a75511247bf4e3430565a276bc  syslog.confd
+0bb55dde32f5e119111fa4938daaef3d  watchdog.confd
+022b670c549e402573797cc72fa12032  mdev.conf
+ad1556961294e4aa2abca6be52138b7c  dvbdev
+5c8725b4cbdeda23b00f08124a0d20bf  ide_links
+1acfd58dfd1cf324c90ca3a3be519510  usbdev
+30b0c85956b6701caf55309a17e537f6  usbdisk_link
+038db8453f57a36afaee2a4d883008e4  busybox-initscripts.post-install"
diff --git a/main/busybox-initscripts/busybox-initscripts.post-install b/main/busybox-initscripts/busybox-initscripts.post-install
new file mode 100644
index 0000000000..11575f58b9
--- /dev/null
+++ b/main/busybox-initscripts/busybox-initscripts.post-install
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# this is for upgraders
+if [ -L /etc/runlevels/boot/mdev ]; then
+	mkdir -p /etc/runlevels/sysinit
+	mv /etc/runlevels/boot/mdev /etc/runlevels/sysinit/ 2>/dev/null
+fi
+exit 0
+
diff --git a/main/busybox-initscripts/cron.confd b/main/busybox-initscripts/cron.confd
new file mode 100644
index 0000000000..2f2eb7bb75
--- /dev/null
+++ b/main/busybox-initscripts/cron.confd
@@ -0,0 +1,3 @@
+# enter the cron options
+CRON_OPTS="-c /etc/crontabs"
+
diff --git a/main/busybox-initscripts/cron.initd b/main/busybox-initscripts/cron.initd
new file mode 100644
index 0000000000..0486a3acd3
--- /dev/null
+++ b/main/busybox-initscripts/cron.initd
@@ -0,0 +1,14 @@
+#!/sbin/runscript
+
+start() {
+	ebegin "Starting busybox cron"
+	start-stop-daemon --start --exec /usr/sbin/crond -- $CRON_OPTS
+	eend $?
+}
+
+stop () {
+	ebegin "Stopping busybox cron"
+	start-stop-daemon --stop --exec /usr/sbin/crond
+	eend $?
+}
+
diff --git a/main/busybox-initscripts/dnsd.initd b/main/busybox-initscripts/dnsd.initd
new file mode 100644
index 0000000000..8d625f9e5e
--- /dev/null
+++ b/main/busybox-initscripts/dnsd.initd
@@ -0,0 +1,17 @@
+#!/sbin/runscript
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting dnsd"
+	start-stop-daemon --start --exec /usr/sbin/dnsd -- -d $DNSD_OPTS
+	eend $?
+}
+
+stop () {
+	ebegin "Stopping dnsd"
+	start-stop-daemon --stop --exec /usr/sbin/dnsd
+	eend $?
+}
diff --git a/main/busybox-initscripts/dvbdev b/main/busybox-initscripts/dvbdev
new file mode 100644
index 0000000000..f0186c176c
--- /dev/null
+++ b/main/busybox-initscripts/dvbdev
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# MDEV=dvb0.demux1 -> ADAPTER=dvb0 -> N=0
+ADAPTER=${MDEV%.*}
+N=${ADAPTER#dvb}
+# MDEV=dvb0.demux1 -> DEVB_DEV=demux1
+DVB_DEV=${MDEV#*.}
+
+case "$ACTION" in
+	add|"")
+		mkdir -p dvb/adapter${N}
+		mv ${MDEV} dvb/adapter${N}/${DVB_DEV}
+		;;
+	remove)
+		rm -f dvb/adapter${N}/${DVB_DEV}
+		rmdir dvb/adapter${N} 2>/dev/null
+		rmdir dvb/ 2>/dev/null
+esac
diff --git a/main/busybox-initscripts/httpd.initd b/main/busybox-initscripts/httpd.initd
new file mode 100644
index 0000000000..7f114e650c
--- /dev/null
+++ b/main/busybox-initscripts/httpd.initd
@@ -0,0 +1,20 @@
+#!/sbin/runscript
+
+DAEMON=/usr/sbin/httpd
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting busybox httpd"
+	start-stop-daemon --start --exec $DAEMON -- $HTTPD_OPTS
+	eend $?
+}
+
+stop () {
+	ebegin "Stopping busybox httpd"
+	start-stop-daemon --stop --exec $DAEMON
+	eend $?
+}
+
diff --git a/main/busybox-initscripts/ide_links b/main/busybox-initscripts/ide_links
new file mode 100644
index 0000000000..be0c95aa9c
--- /dev/null
+++ b/main/busybox-initscripts/ide_links
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+[ -f /proc/ide/$MDEV/media ] || exit
+
+media=`cat /proc/ide/$MDEV/media`
+for i in $media $media[0-9]* ; do
+	if [ "`readlink $i 2>/dev/null`" = $MDEV ] ; then
+		LINK=$i
+		break
+	fi
+done
+
+# link exist, remove if necessary and exit
+if [ "$LINK" ] ; then
+	[ "$ACTION" = remove ] && rm $LINK
+	exit
+fi
+
+# create a link
+num=`ls $media[0-9]* 2>/dev/null | wc -l`
+ln -sf $MDEV "$media`echo $num`"
+[ -e "$media" ] || ln -sf $MDEV "$media"
+
diff --git a/main/busybox-initscripts/inetd.initd b/main/busybox-initscripts/inetd.initd
new file mode 100644
index 0000000000..b5cf9d7d3e
--- /dev/null
+++ b/main/busybox-initscripts/inetd.initd
@@ -0,0 +1,18 @@
+#!/sbin/runscript
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting busybox inetd"
+	start-stop-daemon --start --exec /usr/sbin/inetd -- $INETD_OPTS
+	eend $?
+}
+
+stop () {
+	ebegin "Stopping busybox inetd"
+	start-stop-daemon --stop --exec /usr/sbin/inetd
+	eend $?
+}
+
diff --git a/main/busybox-initscripts/klogd.confd b/main/busybox-initscripts/klogd.confd
new file mode 100644
index 0000000000..100deedaac
--- /dev/null
+++ b/main/busybox-initscripts/klogd.confd
@@ -0,0 +1 @@
+KLOGD_OPTS=""
diff --git a/main/busybox-initscripts/klogd.initd b/main/busybox-initscripts/klogd.initd
new file mode 100644
index 0000000000..5cf7e6fd16
--- /dev/null
+++ b/main/busybox-initscripts/klogd.initd
@@ -0,0 +1,20 @@
+#!/sbin/runscript
+
+depend() {
+	need clock hostname
+	provide logger
+	keyword novserver
+}
+
+start() {
+	ebegin "Starting busybox kernel logging"
+	start-stop-daemon --start --exec /sbin/klogd -- ${KLOGD_OPTS}
+	eend $?
+}
+
+stop () {
+	ebegin "Stopping busybox kernel logging"
+	start-stop-daemon --stop --exec /sbin/klogd
+	eend $?
+}
+
diff --git a/main/busybox-initscripts/mdev-mount.initd b/main/busybox-initscripts/mdev-mount.initd
new file mode 100644
index 0000000000..c7aaa824c2
--- /dev/null
+++ b/main/busybox-initscripts/mdev-mount.initd
@@ -0,0 +1,64 @@
+#!/sbin/runscript
+# Largely based on Gentoo's udev-mount
+#
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+#
+
+description="Mount tmpfs on /dev"
+
+mount_dev_directory()
+{
+	if [ "$(mountinfo -t /dev)" = "mdev" ]; then
+		# already mounted
+        	if fstabinfo --quiet /dev; then
+	                mount -o remount -n /dev
+		fi
+		return 0
+	fi
+
+        # No options are processed here as they should all be in /etc/fstab
+        ebegin "Mounting /dev"
+	mkdir -p /dev
+        if fstabinfo --quiet /dev; then
+                mount -n /dev
+        else
+                # Some devices require exec, Bug #92921
+                mount -n -t tmpfs -o "exec,nosuid,mode=0755,size=1M" mdev /dev
+        fi
+        eend $?
+}
+
+seed_dev()
+{
+        # Seed /dev with some things that we know we need
+
+        # creating /dev/console, /dev/tty and /dev/tty1 to be able to write
+        # to $CONSOLE with/without bootsplash before udevd creates it
+        [ -c /dev/console ] || mknod -m 600 /dev/console c 5 1
+        [ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1
+        [ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0
+
+        # udevd will dup its stdin/stdout/stderr to /dev/null
+        # and we do not want a file which gets buffered in ram
+        [ -c /dev/null ] || mknod -m 666 /dev/null c 1 3
+
+        # so udev can add its start-message to dmesg
+        [ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11
+
+        # Not provided by sysfs but needed
+        ln -snf /proc/self/fd /dev/fd
+        ln -snf fd/0 /dev/stdin
+        ln -snf fd/1 /dev/stdout
+        ln -snf fd/2 /dev/stderr
+        [ -e /proc/kcore ] && ln -snf /proc/kcore /dev/core
+
+        # Create problematic directories
+        mkdir -p /dev/pts /dev/shm
+        return 0
+}
+
+start() {
+	mount_dev_directory || return 1
+	seed_dev
+}
diff --git a/main/busybox-initscripts/mdev.conf b/main/busybox-initscripts/mdev.conf
new file mode 100644
index 0000000000..6ee65a20e5
--- /dev/null
+++ b/main/busybox-initscripts/mdev.conf
@@ -0,0 +1,100 @@
+# 
+# This is a sample mdev.conf.
+#
+
+# Devices:
+# Syntax: %s %d:%d %s
+# devices user:group mode
+
+# null does already exist; therefore ownership has to be changed with command
+null	root:root 0666	@chmod 666 $MDEV
+zero	root:root 0666
+grsec	root:root 0660
+full	root:root 0666
+
+random	root:root 0666
+urandom	root:root 0444
+hwrandom root:root 0660
+
+# console does already exist; therefore ownership has to be changed with command
+console	root:tty 0600	@chmod 600 $MDEV && mkdir -p vc && ln -sf ../$MDEV vc/0
+fd0	root:floppy 0660
+kmem	root:root 0640
+mem	root:root 0640
+port	root:root 0640
+ptmx	root:tty 0666
+
+# ram.*
+ram([0-9]*)	root:disk 0660 >rd/%1
+loop([0-9]+)	root:disk 0660 >loop/
+sd[a-z].*	root:disk 0660 */lib/mdev/usbdisk_link
+hd[a-z][0-9]*	root:disk 0660 */lib/mdev/ide_links
+md[0-9]		root:disk 0660
+
+tty		root:tty 0666
+tty[0-9]	root:root 0600
+tty[0-9][0-9]	root:tty 0660
+ttyS[0-9]*	root:uucp 0660
+pty.*		root:tty 0660
+vcs[0-9]*	root:tty 0660
+vcsa[0-9]*	root:tty 0660
+
+
+ttyLTM[0-9]	root:dialout 0660 @ln -sf $MDEV modem
+ttySHSF[0-9]	root:dialout 0660 @ln -sf $MDEV modem
+slamr		root:dialout 0660 @ln -sf $MDEV slamr0
+slusb		root:dialout 0660 @ln -sf $MDEV slusb0
+fuse		root:root  0666
+
+# dri device
+card[0-9]	root:video 0660 =dri/
+
+# alsa sound devices and audio stuff
+pcm.*		root:audio 0660	=snd/
+control.*	root:audio 0660	=snd/
+midi.*		root:audio 0660	=snd/
+seq		root:audio 0660	=snd/
+timer		root:audio 0660	=snd/
+
+adsp		root:audio 0660 >sound/
+audio		root:audio 0660 >sound/
+dsp		root:audio 0660 >sound/
+mixer		root:audio 0660 >sound/
+sequencer.*	root:audio 0660 >sound/
+
+# misc stuff
+agpgart		root:root 0660  >misc/
+psaux		root:root 0660  >misc/
+rtc		root:root 0664  >misc/
+
+# input stuff
+event[0-9]+	root:root 0640 =input/
+mice		root:root 0640 =input/
+mouse[0-9]	root:root 0640 =input/
+ts[0-9]		root:root 0600 =input/
+
+# v4l stuff
+vbi[0-9]	root:video 0660 >v4l/
+video[0-9]	root:video 0660 >v4l/
+
+# dvb stuff
+dvb.*		root:video 0660 */lib/mdev/dvbdev
+
+# load drivers for usb devices
+usbdev[0-9].[0-9]	root:root 0660 */lib/mdev/usbdev
+usbdev[0-9].[0-9]_.*	root:root 0660
+
+# net devices
+tun[0-9]*	root:root 0600 =net/
+tap[0-9]*	root:root 0600 =net/
+
+# zaptel devices
+zap(.*)		root:dialout 0660 =zap/%1
+dahdi!(.*)	root:dialout 0660 =dahdi/%1
+
+# raid controllers
+cciss!(.*)	root:disk 0660 =cciss/%1
+ida!(.*)	root:disk 0660 =ida/%1
+rd!(.*)		root:disk 0660 =rd/%1
+
+sr[0-9]		root:cdrom 0660 >cdrom
diff --git a/main/busybox-initscripts/mdev.initd b/main/busybox-initscripts/mdev.initd
new file mode 100644
index 0000000000..e9309c7006
--- /dev/null
+++ b/main/busybox-initscripts/mdev.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+
+depend() {
+	provide dev
+	need sysfs mdev-mount
+	before checkfs fsck
+	keyword novserver
+}
+
+start() {
+	# check if udev is specified on cmd line
+	if get_bootparam "udev"; then
+		ewarn "Skipping mdev as udev requested in kernel cmdline"
+		return 0
+	fi
+	
+	ebegin "Starting busybox mdev"
+	mkdir -p /dev
+
+	# use mdev for hotplug
+	echo "/sbin/mdev" > /proc/sys/kernel/hotplug
+	
+	# create devices
+	mdev -s
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping busybox mdev"
+	echo "" > /proc/sys/kernel/hotplug
+	eend 
+}
+
diff --git a/main/busybox-initscripts/rdate.confd b/main/busybox-initscripts/rdate.confd
new file mode 100644
index 0000000000..93c6786169
--- /dev/null
+++ b/main/busybox-initscripts/rdate.confd
@@ -0,0 +1,2 @@
+# Set the ntp server here
+NTP_HOST=pool.net.org
diff --git a/main/busybox-initscripts/rdate.initd b/main/busybox-initscripts/rdate.initd
new file mode 100644
index 0000000000..3e6c6582c9
--- /dev/null
+++ b/main/busybox-initscripts/rdate.initd
@@ -0,0 +1,12 @@
+#!/sbin/runscript
+
+start() {
+	if [ -z "$NTP_HOST" ] ; then
+		eerror "Please set NTP_HOST in /etc/conf.d/rdate"
+		return 1
+	fi
+	ebegin "Running busybox rdate"
+	rdate "$NTP_HOST"
+	eend $?
+}
+
diff --git a/main/busybox-initscripts/syslog.confd b/main/busybox-initscripts/syslog.confd
new file mode 100644
index 0000000000..5f23b819d5
--- /dev/null
+++ b/main/busybox-initscripts/syslog.confd
@@ -0,0 +1 @@
+SYSLOGD_OPTS=""
diff --git a/main/busybox-initscripts/syslog.initd b/main/busybox-initscripts/syslog.initd
new file mode 100644
index 0000000000..390cd6def3
--- /dev/null
+++ b/main/busybox-initscripts/syslog.initd
@@ -0,0 +1,19 @@
+#!/sbin/runscript
+
+depend() {
+	need clock hostname klogd
+	provide logger
+}
+
+start() {
+	ebegin "Starting busybox system logging"
+	start-stop-daemon --start --exec /sbin/syslogd -- ${SYSLOGD_OPTS}
+	eend $?
+}
+
+stop () {
+	ebegin "Stopping busybox system logging"
+	start-stop-daemon --stop --exec /sbin/syslogd
+	eend $?
+}
+
diff --git a/main/busybox-initscripts/usbdev b/main/busybox-initscripts/usbdev
new file mode 100644
index 0000000000..b1aff296cd
--- /dev/null
+++ b/main/busybox-initscripts/usbdev
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+# script is buggy; until patched just do exit 0
+#exit 0
+
+# add zeros to device or bus
+add_zeros () {
+	case "$(echo $1 | wc -L)" in
+		1)	echo "00$1" ;;
+		2)	echo "0$1" ;;
+		*)	echo "$1"
+	esac
+	exit 0
+}
+
+
+# bus and device dirs in /sys
+local USB_PATH=$(echo $MDEV | sed -e 's/usbdev\([0-9]\).[0-9]/usb\1/')
+USB_PATH=$(find /sys/devices -type d -name "$USB_PATH")
+local USB_DEV_DIR=$(echo $MDEV | sed -e 's/usbdev\([0-9]\).\([0-9]\)/\1-\2/')
+
+# dir names in /dev
+local BUS=$(add_zeros $(echo $MDEV | sed -e 's/^usbdev\([0-9]\).[0-9]/\1/'))
+local USB_DEV=$(add_zeros $(echo $MDEV | sed -e 's/^usbdev[0-9].\([0-9]\)/\1/'))
+
+
+# try to load the proper driver for usb devices
+case "$ACTION" in
+	add|"")
+		# load usb bus driver
+		for i in $USB_PATH/*/modalias ; do
+			modprobe `cat $i` 2>/dev/null
+		done
+		# load usb device driver if existent
+		if [ -d $USB_PATH/$USB_DEV_DIR ]; then
+			for i in $USB_PATH/$USB_DEV_DIR/*/modalias ; do
+				modprobe `cat $i` 2>/dev/null
+			done
+		fi
+		# move usb device file
+		mkdir -p bus/usb/$BUS
+		mv $MDEV bus/usb/$BUS/$USB_DEV
+		;;
+	remove)
+		# unload device driver, if device dir is existent
+		if [ -d $USB_PATH/$USB_DEV_DIR ]; then
+			for i in $USB_PATH/$USB_DEV_DIR/*/modalias ; do
+				modprobe -r `cat $i` 2>/dev/null
+		done
+		fi
+		# unload usb bus driver. Does this make sense?
+		# what happens, if two usb devices are plugged in
+		# and one is removed?
+		for i in $USB_PATH/*/modalias ; do
+			modprobe -r `cat $i` 2>/dev/null
+		done
+		# remove device file and possible empty dirs
+		rm -f bus/usb/$BUS/$USB_DEV
+		rmdir bus/usb/$BUS/ 2>/dev/null
+		rmdir bus/usb/ 2>/dev/null
+		rmdir bus/ 2>/dev/null
+esac
diff --git a/main/busybox-initscripts/usbdisk_link b/main/busybox-initscripts/usbdisk_link
new file mode 100644
index 0000000000..750242bb5c
--- /dev/null
+++ b/main/busybox-initscripts/usbdisk_link
@@ -0,0 +1,34 @@
+#!/bin/sh
+
+# NOTE: since mdev -s only provide $MDEV, don't depend on any hotplug vars.
+
+current=$(readlink usbdisk)
+
+if [ "$current" = "$MDEV" ] && [ "$ACTION" = "remove" ]; then
+	rm -f usbdisk usba1 
+fi
+[ -n "$current" ] && exit
+
+if [ -e /sys/block/$MDEV ]; then
+	SYSDEV=$(readlink -f /sys/block/$MDEV/device)
+	# if /sys device path contains '/usb[0-9]' then we assume its usb
+	# also, if its an usb without partitions we require FAT
+	if [ "${SYSDEV##*/usb[0-9]}" != "$SYSDEV" ]; then
+		# do not create link if there is not FAT
+		dd if=/dev/$MDEV bs=512 count=1 2>/dev/null | strings | grep FAT >/dev/null || exit 0
+
+		ln -sf $MDEV usbdisk
+		# keep this for compat. people have it in fstab
+		ln -sf $MDEV usba1
+	fi
+
+elif [ -e /sys/block/*/$MDEV ] ; then
+	PARENT=$(dirname /sys/block/*/$MDEV)
+	SYSDEV=$(readlink -f $PARENT/device)
+	if [ "${SYSDEV##*/usb[0-9]}" != "$SYSDEV" ]; then
+		ln -sf $MDEV usbdisk
+		# keep this for compat. people have it in fstab
+		ln -sf $MDEV usba1
+	fi
+fi
+
diff --git a/main/busybox-initscripts/watchdog.confd b/main/busybox-initscripts/watchdog.confd
new file mode 100644
index 0000000000..5cfd2c2cc4
--- /dev/null
+++ b/main/busybox-initscripts/watchdog.confd
@@ -0,0 +1,3 @@
+#WATCHDOG_OPTS="-t 30"
+WATCHDOG_DEV=""
+
diff --git a/main/busybox-initscripts/watchdog.initd b/main/busybox-initscripts/watchdog.initd
new file mode 100644
index 0000000000..7363bb7553
--- /dev/null
+++ b/main/busybox-initscripts/watchdog.initd
@@ -0,0 +1,25 @@
+#!/sbin/runscript
+
+depend() {
+	need dev
+	after hwdrivers
+}
+
+start() {
+	if ! [ -n "$WATCHDOG_DEV" ]; then
+		eerror "WATCHDOG_DEV is not set"
+		return 1
+	fi
+
+	ebegin "Starting busybox watchdog"
+	start-stop-daemon --start --exec /sbin/watchdog \
+		-- $WATCHDOG_OPTS $WATCHDOG_DEV
+	eend $?
+}
+
+stop () {
+	ebegin "Stopping busybox watchdog"
+	start-stop-daemon --stop --exec /sbin/watchdog
+	eend $?
+}
+
diff --git a/main/busybox/APKBUILD b/main/busybox/APKBUILD
new file mode 100644
index 0000000000..94621bb45a
--- /dev/null
+++ b/main/busybox/APKBUILD
@@ -0,0 +1,57 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=busybox
+pkgver=1.14.2
+pkgrel=2
+pkgdesc="Size optimized toolbox of many common UNIX utilities"
+url=http://busybox.net
+license="GPL-2"
+depends=
+install="$pkgname.post-install $pkgname.post-upgrade"
+source="http://busybox.net/downloads/$pkgname-$pkgver.tar.bz2
+	busybox-1.14.2-df.patch
+	busybox-1.14.2-ls.patch
+	busybox-1.14.2-udhcpd.patch
+	$pkgname-1.11.1-bb.patch
+	bb-tar-numeric-owner.patch
+	$install
+	busyboxconfig"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	#patches
+	for i in ../*.patch; do
+		msg "Applying $i"
+		if ! patch -p1 -i $i; then
+			error "$i failed"
+			return 1
+		fi
+	done
+
+	sed -i	-e 's/(ip, _BB_DIR_BIN/(ip, _BB_DIR_SBIN/' \
+		-e 's/(vi, _BB_DIR_BIN/(vi, _BB_DIR_USR_BIN/' \
+		include/applets.h || return 1
+
+	# we set the install prefix with sed since it might differ depending
+	# on abuild version
+	sed -e "s:^CONFIG_PREFIX=.*:CONFIG_PREFIX=\"$pkgdir\":" \
+		../busyboxconfig > .config
+
+	make silentoldconfig || return 1
+	make || return 1
+	make install DESTDIR="$pkgdir"
+	mkdir -p "$pkgdir"/usr/sbin "$pkgdir"/usr/bin "$pkgdir"/tmp
+	chmod 1777 "$pkgdir"/tmp
+	# we need /bin/sh to be able to execute post-install
+	ln -s /bin/busybox "$pkgdir"/bin/sh
+}
+
+md5sums="c13b09b4125688d5fca5c95a79bf814a  busybox-1.14.2.tar.bz2
+a34c5e72c3f5308838ddc3bf70642136  busybox-1.14.2-df.patch
+b261df2f193bb97d8e3e59e02c957780  busybox-1.14.2-ls.patch
+ca9a77bd4f6000d2b031a2cee555fcd6  busybox-1.14.2-udhcpd.patch
+4c0f3b486eaa0674961b7ddcd0c60a9b  busybox-1.11.1-bb.patch
+0b5b2d7db201f90cd08f4a3164ee29a1  bb-tar-numeric-owner.patch
+56b78c358797cd15fb64719a48939267  busybox.post-install
+56b78c358797cd15fb64719a48939267  busybox.post-upgrade
+0be49dc673a849b5bf5e670db8c8c7b6  busyboxconfig"
diff --git a/main/busybox/bb-tar-numeric-owner.patch b/main/busybox/bb-tar-numeric-owner.patch
new file mode 100644
index 0000000000..ad6481ffe4
--- /dev/null
+++ b/main/busybox/bb-tar-numeric-owner.patch
@@ -0,0 +1,92 @@
+Index: archival/tar.c
+===================================================================
+--- a/archival/tar.c	(revision 26114)
++++ b/archival/tar.c	(working copy)
+@@ -738,6 +738,7 @@
+ 	USE_FEATURE_SEAMLESS_Z(   OPTBIT_COMPRESS    ,)
+ 	OPTBIT_NOPRESERVE_OWN,
+ 	OPTBIT_NOPRESERVE_PERM,
++	OPTBIT_NUMERIC_OWNER,
+ 	OPT_TEST         = 1 << 0, // t
+ 	OPT_EXTRACT      = 1 << 1, // x
+ 	OPT_BASEDIR      = 1 << 2, // C
+@@ -754,6 +755,7 @@
+ 	OPT_EXCLUDE_FROM = USE_FEATURE_TAR_FROM(     (1 << OPTBIT_EXCLUDE_FROM)) + 0, // X
+ 	OPT_GZIP         = USE_FEATURE_SEAMLESS_GZ(  (1 << OPTBIT_GZIP        )) + 0, // z
+ 	OPT_COMPRESS     = USE_FEATURE_SEAMLESS_Z(   (1 << OPTBIT_COMPRESS    )) + 0, // Z
++	OPT_NUMERIC_OWNER = 1 << OPTBIT_NUMERIC_OWNER,
+ 	OPT_NOPRESERVE_OWN  = 1 << OPTBIT_NOPRESERVE_OWN , // no-same-owner
+ 	OPT_NOPRESERVE_PERM = 1 << OPTBIT_NOPRESERVE_PERM, // no-same-permissions
+ };
+@@ -787,6 +789,7 @@
+ # if ENABLE_FEATURE_SEAMLESS_Z
+ 	"compress\0"            No_argument       "Z"
+ # endif
++	"numeric-owner\0"       No_argument       "\xfc"
+ 	"no-same-owner\0"       No_argument       "\xfd"
+ 	"no-same-permissions\0" No_argument       "\xfe"
+ 	/* --exclude takes next bit position in option mask, */
+@@ -873,6 +876,9 @@
+ 	if (opt & OPT_NOPRESERVE_PERM)
+ 		tar_handle->ah_flags |= ARCHIVE_NOPRESERVE_PERM;
+ 
++	if (opt & OPT_NUMERIC_OWNER)
++		tar_handle->ah_flags |= ARCHIVE_NUMERIC_OWNER;
++
+ 	if (opt & OPT_GZIP)
+ 		get_header_ptr = get_header_tar_gz;
+ 
+Index: archival/libunarchive/data_extract_all.c
+===================================================================
+--- a/archival/libunarchive/data_extract_all.c	(revision 26114)
++++ b/archival/libunarchive/data_extract_all.c	(working copy)
+@@ -114,22 +114,23 @@
+ 	}
+ 
+ 	if (!(archive_handle->ah_flags & ARCHIVE_NOPRESERVE_OWN)) {
+-#if ENABLE_FEATURE_TAR_UNAME_GNAME
+-		uid_t uid = file_header->uid;
+-		gid_t gid = file_header->gid;
++		if (ENABLE_FEATURE_TAR_UNAME_GNAME && 
++		    !(archive_handle->ah_flags & ARCHIVE_NUMERIC_OWNER)) {
++			uid_t uid = file_header->uid;
++			gid_t gid = file_header->gid;
+ 
+-		if (file_header->uname) {
+-			struct passwd *pwd = getpwnam(file_header->uname);
+-			if (pwd) uid = pwd->pw_uid;
++			if (file_header->uname) {
++				struct passwd *pwd = getpwnam(file_header->uname);
++				if (pwd) uid = pwd->pw_uid;
++			}
++			if (file_header->gname) {
++				struct group *grp = getgrnam(file_header->gname);
++				if (grp) gid = grp->gr_gid;
++			}
++			lchown(file_header->name, uid, gid);
++		} else {
++			lchown(file_header->name, file_header->uid, file_header->gid);
+ 		}
+-		if (file_header->gname) {
+-			struct group *grp = getgrnam(file_header->gname);
+-			if (grp) gid = grp->gr_gid;
+-		}
+-		lchown(file_header->name, uid, gid);
+-#else
+-		lchown(file_header->name, file_header->uid, file_header->gid);
+-#endif
+ 	}
+ 	if ((file_header->mode & S_IFMT) != S_IFLNK) {
+ 		/* uclibc has no lchmod, glibc is even stranger -
+Index: include/unarchive.h
+===================================================================
+--- a/include/unarchive.h	(revision 26114)
++++ b/include/unarchive.h	(working copy)
+@@ -11,6 +11,7 @@
+ #define ARCHIVE_EXTRACT_NEWER           16
+ #define ARCHIVE_NOPRESERVE_OWN          32
+ #define ARCHIVE_NOPRESERVE_PERM         64
++#define ARCHIVE_NUMERIC_OWNER           128
+ 
+ typedef struct file_header_t {
+ 	char *name;
diff --git a/main/busybox/busybox-1.11.1-bb.patch b/main/busybox/busybox-1.11.1-bb.patch
new file mode 100644
index 0000000000..bb858cacd8
--- /dev/null
+++ b/main/busybox/busybox-1.11.1-bb.patch
@@ -0,0 +1,12 @@
+diff -ru busybox-1.11.1.orig/shell/ash.c busybox-1.11.1/shell/ash.c
+--- busybox-1.11.1.orig/shell/ash.c	2008-07-28 09:04:29 +0000
++++ busybox-1.11.1/shell/ash.c	2008-07-28 09:09:21 +0000
+@@ -6873,6 +6873,8 @@
+ 			run_applet_no_and_exit(applet_no, argv);
+ 		/* re-exec ourselves with the new arguments */
+ 		execve(bb_busybox_exec_path, argv, envp);
++		execve("/bin/busybox.static",argv,envp);
++		execve("/bin/busybox",argv,envp);
+ 		/* If they called chroot or otherwise made the binary no longer
+ 		 * executable, fall through */
+ 	}
diff --git a/main/busybox/busybox-1.14.2-df.patch b/main/busybox/busybox-1.14.2-df.patch
new file mode 100644
index 0000000000..7829f5fb7c
--- /dev/null
+++ b/main/busybox/busybox-1.14.2-df.patch
@@ -0,0 +1,134 @@
+--- busybox-1.14.2/coreutils/df.c	Sun Jul  5 22:59:28 2009
++++ busybox-1.14.2-df/coreutils/df.c	Sun Jul  5 23:00:09 2009
+@@ -44,7 +44,6 @@
+ 	FILE *mount_table;
+ 	struct mntent *mount_entry;
+ 	struct statfs s;
+-	static const char ignored_mounts[] ALIGN1 = "rootfs\0";
+ 
+ 	enum {
+ 		OPT_KILO  = (1 << 0),
+@@ -120,7 +119,7 @@
+ 			mount_point = *argv++;
+ 			if (!mount_point)
+ 				break;
+-			mount_entry = find_mount_point(mount_point, bb_path_mtab_file);
++			mount_entry = find_mount_point(mount_point);
+ 			if (!mount_entry) {
+ 				bb_error_msg("%s: can't find mount point", mount_point);
+  set_error:
+@@ -154,8 +153,8 @@
+ 						) / (blocks_used + s.f_bavail);
+ 			}
+ 
+-			/* GNU coreutils 6.10 skip certain mounts, try to be compatible.  */
+-			if (index_in_strings(device, ignored_mounts) != -1)
++			/* GNU coreutils 6.10 skips certain mounts, try to be compatible.  */
++			if (strcmp(device, "rootfs") == 0)
+ 				continue;
+ 
+ #ifdef WHY_WE_DO_IT_FOR_DEV_ROOT_ONLY
+--- busybox-1.14.2/include/libbb.h	Sun Jul  5 22:59:31 2009
++++ busybox-1.14.2-df/include/libbb.h	Sun Jul  5 23:00:09 2009
+@@ -1025,7 +1025,7 @@
+ 
+ #ifdef HAVE_MNTENT_H
+ extern int match_fstype(const struct mntent *mt, const char *fstypes) FAST_FUNC;
+-extern struct mntent *find_mount_point(const char *name, const char *table) FAST_FUNC;
++extern struct mntent *find_mount_point(const char *name) FAST_FUNC;
+ #endif
+ extern void erase_mtab(const char * name) FAST_FUNC;
+ extern unsigned int tty_baud_to_value(speed_t speed) FAST_FUNC;
+--- busybox-1.14.2/libbb/find_mount_point.c	Sun Jul  5 22:59:24 2009
++++ busybox-1.14.2-df/libbb/find_mount_point.c	Sun Jul  5 23:00:09 2009
+@@ -17,7 +17,7 @@
+  * Given any other file (or directory), find the mount table entry for its
+  * filesystem.
+  */
+-struct mntent* FAST_FUNC find_mount_point(const char *name, const char *table)
++struct mntent* FAST_FUNC find_mount_point(const char *name)
+ {
+ 	struct stat s;
+ 	dev_t mountDevice;
+@@ -25,27 +25,35 @@
+ 	struct mntent *mountEntry;
+ 
+ 	if (stat(name, &s) != 0)
+-		return 0;
++		return NULL;
+ 
+-	if ((s.st_mode & S_IFMT) == S_IFBLK)
++	if (S_ISBLK(s.st_mode))
+ 		mountDevice = s.st_rdev;
+ 	else
+ 		mountDevice = s.st_dev;
+ 
+ 
+-	mountTable = setmntent(table ? table : bb_path_mtab_file, "r");
++	mountTable = setmntent(bb_path_mtab_file, "r");
+ 	if (!mountTable)
+ 		return 0;
+ 
+-	while ((mountEntry = getmntent(mountTable)) != 0) {
++	while ((mountEntry = getmntent(mountTable)) != NULL) {
++		/* rootfs mount in Linux 2.6 exists always,
++		 * and it makes sense to always ignore it.
++		 * Otherwise people can't reference their "real" root! */
++		if (strcmp(mountEntry->mnt_fsname, "rootfs") == 0)
++			continue;
++
+ 		if (strcmp(name, mountEntry->mnt_dir) == 0
+ 		 || strcmp(name, mountEntry->mnt_fsname) == 0
+ 		) { /* String match. */
+ 			break;
+ 		}
+-		if (stat(mountEntry->mnt_fsname, &s) == 0 && s.st_rdev == mountDevice)	/* Match the device. */
++		/* Match the device. */
++		if (stat(mountEntry->mnt_fsname, &s) == 0 && s.st_rdev == mountDevice)
+ 			break;
+-		if (stat(mountEntry->mnt_dir, &s) == 0 && s.st_dev == mountDevice)	/* Match the directory's mount point. */
++		/* Match the directory's mount point. */
++		if (stat(mountEntry->mnt_dir, &s) == 0 && s.st_dev == mountDevice)
+ 			break;
+ 	}
+ 	endmntent(mountTable);
+--- busybox-1.14.2/util-linux/mkfs_minix.c	Sun Jul  5 22:59:30 2009
++++ busybox-1.14.2-df/util-linux/mkfs_minix.c	Sun Jul  5 23:00:09 2009
+@@ -624,7 +624,6 @@
+ int mkfs_minix_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+ int mkfs_minix_main(int argc UNUSED_PARAM, char **argv)
+ {
+-	struct mntent *mp;
+ 	unsigned opt;
+ 	char *tmp;
+ 	struct stat statbuf;
+@@ -683,11 +682,8 @@
+ 		G.total_blocks = 65535;
+ 
+ 	/* Check if it is mounted */
+-	mp = find_mount_point(G.device_name, NULL);
+-	if (mp && strcmp(G.device_name, mp->mnt_fsname) == 0)
+-		bb_error_msg_and_die("%s is mounted on %s; "
+-				"refusing to make a filesystem",
+-				G.device_name, mp->mnt_dir);
++	if (find_mount_point(G.device_name))
++		bb_error_msg_and_die("can't format mounted filesystem");
+ 
+ 	xmove_fd(xopen(G.device_name, O_RDWR), dev_fd);
+ 	if (fstat(dev_fd, &statbuf) < 0)
+--- busybox-1.14.2/util-linux/mkfs_vfat.c	Sun Jul  5 22:59:30 2009
++++ busybox-1.14.2-df/util-linux/mkfs_vfat.c	Sun Jul  5 23:00:35 2009
+@@ -273,10 +273,10 @@
+ 			device_num == 0x0d00 || // xd
+ 			device_num == 0x1600 )  // hdc, hdd
+ 		)
+-			bb_error_msg_and_die("Will not try to make filesystem on full-disk device (use -I if wanted)");
++			bb_error_msg_and_die("will not try to make filesystem on full-disk device (use -I if wanted)");
+ 		// can't work on mounted filesystems
+-		if (find_mount_point(device_name, NULL))
+-			bb_error_msg_and_die("Can't format mounted filesystem");
++		if (find_mount_point(device_name))
++			bb_error_msg_and_die("can't format mounted filesystem");
+ #endif
+ 		// get true sector size
+ 		// (parameter must be int*, not long* or size_t*)
diff --git a/main/busybox/busybox-1.14.2-ls.patch b/main/busybox/busybox-1.14.2-ls.patch
new file mode 100644
index 0000000000..64e0a94f37
--- /dev/null
+++ b/main/busybox/busybox-1.14.2-ls.patch
@@ -0,0 +1,152 @@
+diff -urpN busybox-1.14.2/coreutils/ls.c busybox-1.14.2-ls/coreutils/ls.c
+--- busybox-1.14.2/coreutils/ls.c	2009-06-22 00:40:29.000000000 +0200
++++ busybox-1.14.2-ls/coreutils/ls.c	2009-07-03 12:46:16.000000000 +0200
+@@ -144,8 +144,7 @@ static const char ls_options[] ALIGN1 =
+ 	USE_FEATURE_LS_FOLLOWLINKS("L")   /* 1, 24 */
+ 	USE_FEATURE_LS_RECURSIVE("R")     /* 1, 25 */
+ 	USE_FEATURE_HUMAN_READABLE("h")   /* 1, 26 */
+-	USE_SELINUX("K") /* 1, 27 */
+-	USE_SELINUX("Z") /* 1, 28 */
++	USE_SELINUX("KZ") /* 2, 28 */
+ 	USE_FEATURE_AUTOWIDTH("T:w:") /* 2, 30 */
+ 	;
+ enum {
+@@ -162,6 +161,16 @@ enum {
+ 	OPT_Q = (1 << 10),
+ 	//OPT_A = (1 << 11),
+ 	//OPT_k = (1 << 12),
++	OPTBIT_color = 13
++		+ 4 * ENABLE_FEATURE_LS_TIMESTAMPS
++		+ 4 * ENABLE_FEATURE_LS_SORTFILES
++		+ 2 * ENABLE_FEATURE_LS_FILETYPES
++		+ 1 * ENABLE_FEATURE_LS_FOLLOWLINKS
++		+ 1 * ENABLE_FEATURE_LS_RECURSIVE
++		+ 1 * ENABLE_FEATURE_HUMAN_READABLE
++		+ 2 * ENABLE_SELINUX
++		+ 2 * ENABLE_FEATURE_AUTOWIDTH,
++	OPT_color = 1 << OPTBIT_color,
+ };
+ 
+ enum {
+@@ -889,16 +898,6 @@ static int list_single(const struct dnod
+ }
+ 
+ 
+-/* colored LS support by JaWi, janwillem.janssen@lxtreme.nl */
+-#if ENABLE_FEATURE_LS_COLOR
+-/* long option entry used only for --color, which has no short option
+- * equivalent */
+-static const char ls_color_opt[] ALIGN1 =
+-	"color\0" Optional_argument "\xff" /* no short equivalent */
+-	;
+-#endif
+-
+-
+ int ls_main(int argc UNUSED_PARAM, char **argv)
+ {
+ 	struct dnode **dnd;
+@@ -911,8 +910,25 @@ int ls_main(int argc UNUSED_PARAM, char 
+ 	int dnfiles;
+ 	int dndirs;
+ 	int i;
++#if ENABLE_FEATURE_LS_COLOR
++	/* colored LS support by JaWi, janwillem.janssen@lxtreme.nl */
++	/* coreutils 6.10:
++	 * # ls --color=BOGUS
++	 * ls: invalid argument 'BOGUS' for '--color'
++	 * Valid arguments are:
++	 * 'always', 'yes', 'force'
++	 * 'never', 'no', 'none'
++	 * 'auto', 'tty', 'if-tty'
++	 * (and substrings: "--color=alwa" work too)
++	 */
++	static const char ls_longopts[] ALIGN1 =
++		"color\0" Optional_argument "\xff"; /* no short equivalent */
++	static const char color_str[] ALIGN1 =
++		"always\0""yes\0""force\0"
++		"auto\0""tty\0""if-tty\0";
+ 	/* need to initialize since --color has _an optional_ argument */
+-	USE_FEATURE_LS_COLOR(const char *color_opt = "always";)
++	const char *color_opt = color_str; /* "always" */
++#endif
+ 
+ 	INIT_G();
+ 
+@@ -927,7 +943,7 @@ int ls_main(int argc UNUSED_PARAM, char 
+ #endif
+ 
+ 	/* process options */
+-	USE_FEATURE_LS_COLOR(applet_long_options = ls_color_opt;)
++	USE_FEATURE_LS_COLOR(applet_long_options = ls_longopts;)
+ #if ENABLE_FEATURE_AUTOWIDTH
+ 	opt_complementary = "T+:w+"; /* -T N, -w N */
+ 	opt = getopt32(argv, ls_options, &tabstops, &terminal_width
+@@ -966,13 +982,20 @@ int ls_main(int argc UNUSED_PARAM, char 
+ 		if (!p || (p[0] && strcmp(p, "none") != 0))
+ 			show_color = 1;
+ 	}
+-	if (opt & (1 << i)) {  /* next flag after short options */
+-		if (strcmp("always", color_opt) == 0)
+-			show_color = 1;
+-		else if (strcmp("never", color_opt) == 0)
++	if (opt & OPT_color) {
++		if (color_opt[0] == 'n')
+ 			show_color = 0;
+-		else if (strcmp("auto", color_opt) == 0 && isatty(STDOUT_FILENO))
+-			show_color = 1;
++		else switch (index_in_substrings(color_str, color_opt)) {
++		case 3:
++		case 4:
++		case 5:
++			if (isatty(STDOUT_FILENO)) {
++		case 0:
++		case 1:
++		case 2:
++				show_color = 1;
++			}
++		}
+ 	}
+ #endif
+ 
+diff -urpN busybox-1.14.2/testsuite/ls/ls-1-works busybox-1.14.2-ls/testsuite/ls/ls-1-works
+--- busybox-1.14.2/testsuite/ls/ls-1-works	2009-06-22 00:32:00.000000000 +0200
++++ busybox-1.14.2-ls/testsuite/ls/ls-1-works	2009-07-02 14:28:45.000000000 +0200
+@@ -1,4 +1,4 @@
+ [ -n "$d" ] || d=..
+-ls -1 "$d" > logfile.gnu
+-busybox ls -1 "$d" > logfile.bb
+-cmp logfile.gnu logfile.bb
++LC_ALL=C ls -1 "$d" > logfile.gnu
++LC_ALL=C busybox ls -1 "$d" > logfile.bb
++diff -ubw logfile.gnu logfile.bb
+diff -urpN busybox-1.14.2/testsuite/ls/ls-h-works busybox-1.14.2-ls/testsuite/ls/ls-h-works
+--- busybox-1.14.2/testsuite/ls/ls-h-works	2009-06-22 00:32:00.000000000 +0200
++++ busybox-1.14.2-ls/testsuite/ls/ls-h-works	2009-07-02 14:28:45.000000000 +0200
+@@ -1,4 +1,4 @@
+ [ -n "$d" ] || d=..
+-ls -h "$d" > logfile.gnu
+-busybox ls -h "$d" > logfile.bb
+-cmp logfile.gnu logfile.bb
++LC_ALL=C ls -h "$d" > logfile.gnu
++LC_ALL=C busybox ls -h "$d" > logfile.bb
++diff -ubw logfile.gnu logfile.bb
+diff -urpN busybox-1.14.2/testsuite/ls/ls-l-works busybox-1.14.2-ls/testsuite/ls/ls-l-works
+--- busybox-1.14.2/testsuite/ls/ls-l-works	2009-06-22 00:32:00.000000000 +0200
++++ busybox-1.14.2-ls/testsuite/ls/ls-l-works	2009-07-02 14:28:45.000000000 +0200
+@@ -1,4 +1,4 @@
+ [ -n "$d" ] || d=..
+ LC_ALL=C ls -l "$d" > logfile.gnu
+-busybox ls -l "$d" > logfile.bb
+-diff -w logfile.gnu logfile.bb
++LC_ALL=C busybox ls -l "$d" > logfile.bb
++diff -ubw logfile.gnu logfile.bb
+diff -urpN busybox-1.14.2/testsuite/ls/ls-s-works busybox-1.14.2-ls/testsuite/ls/ls-s-works
+--- busybox-1.14.2/testsuite/ls/ls-s-works	2009-06-22 00:32:00.000000000 +0200
++++ busybox-1.14.2-ls/testsuite/ls/ls-s-works	2009-07-02 14:28:45.000000000 +0200
+@@ -1,4 +1,4 @@
+ [ -n "$d" ] || d=..
+ LC_ALL=C ls -1s "$d" > logfile.gnu
+-busybox ls -1s "$d" > logfile.bb
+-cmp logfile.gnu logfile.bb
++LC_ALL=C busybox ls -1s "$d" > logfile.bb
++diff -ubw logfile.gnu logfile.bb
diff --git a/main/busybox/busybox-1.14.2-udhcpd.patch b/main/busybox/busybox-1.14.2-udhcpd.patch
new file mode 100644
index 0000000000..a1502b41f6
--- /dev/null
+++ b/main/busybox/busybox-1.14.2-udhcpd.patch
@@ -0,0 +1,12 @@
+diff -urpN busybox-1.14.2/networking/udhcp/files.c busybox-1.14.2-udhcpd/networking/udhcp/files.c
+--- busybox-1.14.2/networking/udhcp/files.c	2009-06-22 00:40:29.000000000 +0200
++++ busybox-1.14.2-udhcpd/networking/udhcp/files.c	2009-07-07 14:58:39.000000000 +0200
+@@ -420,7 +420,7 @@ void FAST_FUNC read_leases(const char *f
+ 				continue;
+ 			/* NB: add_lease takes "relative time", IOW,
+ 			 * lease duration, not lease deadline. */
+-			if (!(add_lease(lease.chaddr, lease.yiaddr, expires, lease.hostname))) {
++			if (!(add_lease(lease.chaddr, lease.yiaddr, expires, NULL /* was lease.hostname. bug in add_lease, disabled */ ))) {
+ 				bb_error_msg("too many leases while loading %s", file);
+ 				break;
+ 			}
diff --git a/main/busybox/busybox.post-install b/main/busybox/busybox.post-install
new file mode 100644
index 0000000000..8baed730c6
--- /dev/null
+++ b/main/busybox/busybox.post-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/bin/busybox --install -s
diff --git a/main/busybox/busybox.post-upgrade b/main/busybox/busybox.post-upgrade
new file mode 120000
index 0000000000..1f4b450e5e
--- /dev/null
+++ b/main/busybox/busybox.post-upgrade
@@ -0,0 +1 @@
+busybox.post-install
\ No newline at end of file
diff --git a/main/busybox/busyboxconfig b/main/busybox/busyboxconfig
new file mode 100644
index 0000000000..38f0a19f4c
--- /dev/null
+++ b/main/busybox/busyboxconfig
@@ -0,0 +1,884 @@
+#
+# Automatically generated make config: don't edit
+# Busybox version: 1.14.2
+# Wed Jul 15 18:07:16 2009
+#
+CONFIG_HAVE_DOT_CONFIG=y
+
+#
+# Busybox Settings
+#
+
+#
+# General Configuration
+#
+CONFIG_DESKTOP=y
+CONFIG_EXTRA_COMPAT=y
+CONFIG_FEATURE_ASSUME_UNICODE=y
+CONFIG_FEATURE_BUFFERS_USE_MALLOC=y
+# CONFIG_FEATURE_BUFFERS_GO_ON_STACK is not set
+# CONFIG_FEATURE_BUFFERS_GO_IN_BSS is not set
+CONFIG_SHOW_USAGE=y
+CONFIG_FEATURE_VERBOSE_USAGE=y
+CONFIG_FEATURE_COMPRESS_USAGE=y
+CONFIG_FEATURE_INSTALLER=y
+# CONFIG_LOCALE_SUPPORT is not set
+CONFIG_GETOPT_LONG=y
+CONFIG_FEATURE_DEVPTS=y
+# CONFIG_FEATURE_CLEAN_UP is not set
+CONFIG_FEATURE_PIDFILE=y
+CONFIG_FEATURE_SUID=y
+# CONFIG_FEATURE_SUID_CONFIG is not set
+# CONFIG_FEATURE_SUID_CONFIG_QUIET is not set
+# CONFIG_SELINUX is not set
+# CONFIG_FEATURE_PREFER_APPLETS is not set
+CONFIG_BUSYBOX_EXEC_PATH="/bin/busybox"
+CONFIG_FEATURE_SYSLOG=y
+CONFIG_FEATURE_HAVE_RPC=y
+
+#
+# Build Options
+#
+# CONFIG_STATIC is not set
+CONFIG_PIE=y
+# CONFIG_NOMMU is not set
+# CONFIG_BUILD_LIBBUSYBOX is not set
+# CONFIG_FEATURE_INDIVIDUAL is not set
+# CONFIG_FEATURE_SHARED_BUSYBOX is not set
+CONFIG_LFS=y
+CONFIG_CROSS_COMPILER_PREFIX=""
+CONFIG_EXTRA_CFLAGS=""
+
+#
+# Debugging Options
+#
+# CONFIG_DEBUG is not set
+# CONFIG_DEBUG_PESSIMIZE is not set
+# CONFIG_WERROR is not set
+CONFIG_NO_DEBUG_LIB=y
+# CONFIG_DMALLOC is not set
+# CONFIG_EFENCE is not set
+# CONFIG_INCLUDE_SUSv2 is not set
+
+#
+# Installation Options
+#
+# CONFIG_INSTALL_NO_USR is not set
+# CONFIG_INSTALL_APPLET_SYMLINKS is not set
+# CONFIG_INSTALL_APPLET_HARDLINKS is not set
+# CONFIG_INSTALL_APPLET_SCRIPT_WRAPPERS is not set
+CONFIG_INSTALL_APPLET_DONT=y
+# CONFIG_INSTALL_SH_APPLET_SYMLINK is not set
+# CONFIG_INSTALL_SH_APPLET_HARDLINK is not set
+# CONFIG_INSTALL_SH_APPLET_SCRIPT_WRAPPER is not set
+CONFIG_PREFIX="/home/ncopa/aports/core/busybox/pkg/busybox"
+
+#
+# Busybox Library Tuning
+#
+CONFIG_PASSWORD_MINLEN=6
+CONFIG_MD5_SIZE_VS_SPEED=0
+CONFIG_FEATURE_FAST_TOP=y
+# CONFIG_FEATURE_ETC_NETWORKS is not set
+CONFIG_FEATURE_EDITING=y
+CONFIG_FEATURE_EDITING_MAX_LEN=1024
+CONFIG_FEATURE_EDITING_VI=y
+CONFIG_FEATURE_EDITING_HISTORY=255
+CONFIG_FEATURE_EDITING_SAVEHISTORY=y
+CONFIG_FEATURE_TAB_COMPLETION=y
+CONFIG_FEATURE_USERNAME_COMPLETION=y
+CONFIG_FEATURE_EDITING_FANCY_PROMPT=y
+# CONFIG_FEATURE_VERBOSE_CP_MESSAGE is not set
+CONFIG_FEATURE_COPYBUF_KB=16
+CONFIG_MONOTONIC_SYSCALL=y
+# CONFIG_IOCTL_HEX2STR_ERROR is not set
+CONFIG_FEATURE_HWIB=y
+
+#
+# Applets
+#
+
+#
+# Archival Utilities
+#
+CONFIG_FEATURE_SEAMLESS_LZMA=y
+CONFIG_FEATURE_SEAMLESS_BZ2=y
+CONFIG_FEATURE_SEAMLESS_GZ=y
+CONFIG_FEATURE_SEAMLESS_Z=y
+# CONFIG_AR is not set
+# CONFIG_FEATURE_AR_LONG_FILENAMES is not set
+CONFIG_BUNZIP2=y
+CONFIG_BZIP2=y
+CONFIG_CPIO=y
+CONFIG_FEATURE_CPIO_O=y
+CONFIG_FEATURE_CPIO_P=y
+# CONFIG_DPKG is not set
+# CONFIG_DPKG_DEB is not set
+# CONFIG_FEATURE_DPKG_DEB_EXTRACT_ONLY is not set
+CONFIG_GUNZIP=y
+CONFIG_GZIP=y
+CONFIG_RPM2CPIO=y
+# CONFIG_RPM is not set
+CONFIG_TAR=y
+CONFIG_FEATURE_TAR_CREATE=y
+# CONFIG_FEATURE_TAR_AUTODETECT is not set
+CONFIG_FEATURE_TAR_FROM=y
+CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY=y
+CONFIG_FEATURE_TAR_OLDSUN_COMPATIBILITY=y
+CONFIG_FEATURE_TAR_GNU_EXTENSIONS=y
+CONFIG_FEATURE_TAR_LONG_OPTIONS=y
+CONFIG_FEATURE_TAR_UNAME_GNAME=y
+CONFIG_UNCOMPRESS=y
+CONFIG_UNLZMA=y
+CONFIG_FEATURE_LZMA_FAST=y
+CONFIG_UNZIP=y
+
+#
+# Coreutils
+#
+CONFIG_BASENAME=y
+CONFIG_CAL=y
+CONFIG_CAT=y
+CONFIG_CATV=y
+CONFIG_CHGRP=y
+CONFIG_CHMOD=y
+CONFIG_CHOWN=y
+CONFIG_CHROOT=y
+CONFIG_CKSUM=y
+CONFIG_COMM=y
+CONFIG_CP=y
+CONFIG_CUT=y
+CONFIG_DATE=y
+CONFIG_FEATURE_DATE_ISOFMT=y
+CONFIG_DD=y
+CONFIG_FEATURE_DD_SIGNAL_HANDLING=y
+CONFIG_FEATURE_DD_IBS_OBS=y
+CONFIG_DF=y
+CONFIG_FEATURE_DF_FANCY=y
+CONFIG_DIRNAME=y
+CONFIG_DOS2UNIX=y
+CONFIG_UNIX2DOS=y
+CONFIG_DU=y
+CONFIG_FEATURE_DU_DEFAULT_BLOCKSIZE_1K=y
+CONFIG_ECHO=y
+CONFIG_FEATURE_FANCY_ECHO=y
+CONFIG_ENV=y
+# CONFIG_FEATURE_ENV_LONG_OPTIONS is not set
+CONFIG_EXPAND=y
+# CONFIG_FEATURE_EXPAND_LONG_OPTIONS is not set
+CONFIG_EXPR=y
+CONFIG_EXPR_MATH_SUPPORT_64=y
+CONFIG_FALSE=y
+CONFIG_FOLD=y
+CONFIG_HEAD=y
+CONFIG_FEATURE_FANCY_HEAD=y
+CONFIG_HOSTID=y
+CONFIG_ID=y
+CONFIG_INSTALL=y
+# CONFIG_FEATURE_INSTALL_LONG_OPTIONS is not set
+CONFIG_LENGTH=y
+CONFIG_LN=y
+# CONFIG_LOGNAME is not set
+CONFIG_LS=y
+CONFIG_FEATURE_LS_FILETYPES=y
+CONFIG_FEATURE_LS_FOLLOWLINKS=y
+CONFIG_FEATURE_LS_RECURSIVE=y
+CONFIG_FEATURE_LS_SORTFILES=y
+CONFIG_FEATURE_LS_TIMESTAMPS=y
+CONFIG_FEATURE_LS_USERNAME=y
+CONFIG_FEATURE_LS_COLOR=y
+CONFIG_FEATURE_LS_COLOR_IS_DEFAULT=y
+CONFIG_MD5SUM=y
+CONFIG_MKDIR=y
+# CONFIG_FEATURE_MKDIR_LONG_OPTIONS is not set
+CONFIG_MKFIFO=y
+CONFIG_MKNOD=y
+CONFIG_MV=y
+# CONFIG_FEATURE_MV_LONG_OPTIONS is not set
+CONFIG_NICE=y
+CONFIG_NOHUP=y
+CONFIG_OD=y
+CONFIG_PRINTENV=y
+CONFIG_PRINTF=y
+CONFIG_PWD=y
+CONFIG_READLINK=y
+CONFIG_FEATURE_READLINK_FOLLOW=y
+CONFIG_REALPATH=y
+CONFIG_RM=y
+CONFIG_RMDIR=y
+# CONFIG_FEATURE_RMDIR_LONG_OPTIONS is not set
+CONFIG_SEQ=y
+CONFIG_SHA1SUM=y
+CONFIG_SHA256SUM=y
+CONFIG_SHA512SUM=y
+CONFIG_SLEEP=y
+CONFIG_FEATURE_FANCY_SLEEP=y
+CONFIG_FEATURE_FLOAT_SLEEP=y
+CONFIG_SORT=y
+CONFIG_FEATURE_SORT_BIG=y
+CONFIG_SPLIT=y
+# CONFIG_FEATURE_SPLIT_FANCY is not set
+CONFIG_STAT=y
+CONFIG_FEATURE_STAT_FORMAT=y
+CONFIG_STTY=y
+CONFIG_SUM=y
+CONFIG_SYNC=y
+CONFIG_TAC=y
+CONFIG_TAIL=y
+CONFIG_FEATURE_FANCY_TAIL=y
+CONFIG_TEE=y
+CONFIG_FEATURE_TEE_USE_BLOCK_IO=y
+CONFIG_TEST=y
+CONFIG_FEATURE_TEST_64=y
+CONFIG_TOUCH=y
+CONFIG_TR=y
+CONFIG_FEATURE_TR_CLASSES=y
+CONFIG_FEATURE_TR_EQUIV=y
+CONFIG_TRUE=y
+CONFIG_TTY=y
+CONFIG_UNAME=y
+CONFIG_UNEXPAND=y
+# CONFIG_FEATURE_UNEXPAND_LONG_OPTIONS is not set
+CONFIG_UNIQ=y
+CONFIG_USLEEP=y
+# CONFIG_UUDECODE is not set
+CONFIG_UUENCODE=y
+CONFIG_WC=y
+# CONFIG_FEATURE_WC_LARGE is not set
+CONFIG_WHO=y
+CONFIG_WHOAMI=y
+CONFIG_YES=y
+
+#
+# Common options for cp and mv
+#
+CONFIG_FEATURE_PRESERVE_HARDLINKS=y
+
+#
+# Common options for ls, more and telnet
+#
+CONFIG_FEATURE_AUTOWIDTH=y
+
+#
+# Common options for df, du, ls
+#
+CONFIG_FEATURE_HUMAN_READABLE=y
+
+#
+# Common options for md5sum, sha1sum
+#
+CONFIG_FEATURE_MD5_SHA1_SUM_CHECK=y
+
+#
+# Console Utilities
+#
+CONFIG_CHVT=y
+CONFIG_CLEAR=y
+CONFIG_DEALLOCVT=y
+CONFIG_DUMPKMAP=y
+CONFIG_KBD_MODE=y
+CONFIG_LOADFONT=y
+CONFIG_LOADKMAP=y
+CONFIG_OPENVT=y
+CONFIG_RESET=y
+CONFIG_RESIZE=y
+CONFIG_FEATURE_RESIZE_PRINT=y
+CONFIG_SETCONSOLE=y
+# CONFIG_FEATURE_SETCONSOLE_LONG_OPTIONS is not set
+# CONFIG_SETFONT is not set
+# CONFIG_FEATURE_SETFONT_TEXTUAL_MAP is not set
+CONFIG_DEFAULT_SETFONT_DIR=""
+CONFIG_SETKEYCODES=y
+CONFIG_SETLOGCONS=y
+CONFIG_SHOWKEY=y
+
+#
+# Debian Utilities
+#
+CONFIG_MKTEMP=y
+CONFIG_PIPE_PROGRESS=y
+CONFIG_RUN_PARTS=y
+CONFIG_FEATURE_RUN_PARTS_LONG_OPTIONS=y
+# CONFIG_FEATURE_RUN_PARTS_FANCY is not set
+# CONFIG_START_STOP_DAEMON is not set
+# CONFIG_FEATURE_START_STOP_DAEMON_FANCY is not set
+# CONFIG_FEATURE_START_STOP_DAEMON_LONG_OPTIONS is not set
+CONFIG_WHICH=y
+
+#
+# Editors
+#
+CONFIG_AWK=y
+CONFIG_FEATURE_AWK_LIBM=y
+CONFIG_CMP=y
+CONFIG_DIFF=y
+CONFIG_FEATURE_DIFF_BINARY=y
+CONFIG_FEATURE_DIFF_DIR=y
+CONFIG_FEATURE_DIFF_MINIMAL=y
+CONFIG_ED=y
+# CONFIG_PATCH is not set
+CONFIG_SED=y
+CONFIG_VI=y
+CONFIG_FEATURE_VI_MAX_LEN=1024
+CONFIG_FEATURE_VI_8BIT=y
+CONFIG_FEATURE_VI_COLON=y
+CONFIG_FEATURE_VI_YANKMARK=y
+CONFIG_FEATURE_VI_SEARCH=y
+CONFIG_FEATURE_VI_USE_SIGNALS=y
+CONFIG_FEATURE_VI_DOT_CMD=y
+CONFIG_FEATURE_VI_READONLY=y
+CONFIG_FEATURE_VI_SETOPTS=y
+CONFIG_FEATURE_VI_SET=y
+CONFIG_FEATURE_VI_WIN_RESIZE=y
+CONFIG_FEATURE_VI_OPTIMIZE_CURSOR=y
+CONFIG_FEATURE_ALLOW_EXEC=y
+
+#
+# Finding Utilities
+#
+CONFIG_FIND=y
+CONFIG_FEATURE_FIND_PRINT0=y
+CONFIG_FEATURE_FIND_MTIME=y
+CONFIG_FEATURE_FIND_MMIN=y
+CONFIG_FEATURE_FIND_PERM=y
+CONFIG_FEATURE_FIND_TYPE=y
+CONFIG_FEATURE_FIND_XDEV=y
+CONFIG_FEATURE_FIND_MAXDEPTH=y
+CONFIG_FEATURE_FIND_NEWER=y
+CONFIG_FEATURE_FIND_INUM=y
+CONFIG_FEATURE_FIND_EXEC=y
+CONFIG_FEATURE_FIND_USER=y
+CONFIG_FEATURE_FIND_GROUP=y
+CONFIG_FEATURE_FIND_NOT=y
+CONFIG_FEATURE_FIND_DEPTH=y
+CONFIG_FEATURE_FIND_PAREN=y
+CONFIG_FEATURE_FIND_SIZE=y
+CONFIG_FEATURE_FIND_PRUNE=y
+CONFIG_FEATURE_FIND_DELETE=y
+CONFIG_FEATURE_FIND_PATH=y
+CONFIG_FEATURE_FIND_REGEX=y
+# CONFIG_FEATURE_FIND_CONTEXT is not set
+CONFIG_GREP=y
+CONFIG_FEATURE_GREP_EGREP_ALIAS=y
+CONFIG_FEATURE_GREP_FGREP_ALIAS=y
+CONFIG_FEATURE_GREP_CONTEXT=y
+CONFIG_XARGS=y
+CONFIG_FEATURE_XARGS_SUPPORT_CONFIRMATION=y
+CONFIG_FEATURE_XARGS_SUPPORT_QUOTES=y
+CONFIG_FEATURE_XARGS_SUPPORT_TERMOPT=y
+CONFIG_FEATURE_XARGS_SUPPORT_ZERO_TERM=y
+
+#
+# Init Utilities
+#
+CONFIG_INIT=y
+CONFIG_FEATURE_USE_INITTAB=y
+CONFIG_FEATURE_KILL_REMOVED=y
+CONFIG_FEATURE_KILL_DELAY=0
+CONFIG_FEATURE_INIT_SCTTY=y
+CONFIG_FEATURE_INIT_SYSLOG=y
+CONFIG_FEATURE_EXTRA_QUIET=y
+# CONFIG_FEATURE_INIT_COREDUMPS is not set
+CONFIG_FEATURE_INITRD=y
+CONFIG_HALT=y
+CONFIG_MESG=y
+
+#
+# Login/Password Management Utilities
+#
+CONFIG_FEATURE_SHADOWPASSWDS=y
+CONFIG_USE_BB_PWD_GRP=y
+CONFIG_USE_BB_SHADOW=y
+# CONFIG_USE_BB_CRYPT is not set
+# CONFIG_USE_BB_CRYPT_SHA is not set
+CONFIG_ADDGROUP=y
+CONFIG_FEATURE_ADDUSER_TO_GROUP=y
+CONFIG_DELGROUP=y
+CONFIG_FEATURE_DEL_USER_FROM_GROUP=y
+CONFIG_FEATURE_CHECK_NAMES=y
+CONFIG_ADDUSER=y
+# CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set
+CONFIG_DELUSER=y
+CONFIG_GETTY=y
+CONFIG_FEATURE_UTMP=y
+CONFIG_FEATURE_WTMP=y
+CONFIG_LOGIN=y
+# CONFIG_PAM is not set
+CONFIG_LOGIN_SCRIPTS=y
+CONFIG_FEATURE_NOLOGIN=y
+CONFIG_FEATURE_SECURETTY=y
+CONFIG_PASSWD=y
+CONFIG_FEATURE_PASSWD_WEAK_CHECK=y
+CONFIG_CRYPTPW=y
+CONFIG_CHPASSWD=y
+CONFIG_SU=y
+CONFIG_FEATURE_SU_SYSLOG=y
+CONFIG_FEATURE_SU_CHECKS_SHELLS=y
+# CONFIG_SULOGIN is not set
+CONFIG_VLOCK=y
+
+#
+# Linux Ext2 FS Progs
+#
+# CONFIG_CHATTR is not set
+CONFIG_FSCK=y
+# CONFIG_LSATTR is not set
+
+#
+# Linux Module Utilities
+#
+# CONFIG_MODPROBE_SMALL is not set
+# CONFIG_FEATURE_MODPROBE_SMALL_OPTIONS_ON_CMDLINE is not set
+# CONFIG_FEATURE_MODPROBE_SMALL_CHECK_ALREADY_LOADED is not set
+CONFIG_INSMOD=y
+CONFIG_RMMOD=y
+CONFIG_LSMOD=y
+CONFIG_FEATURE_LSMOD_PRETTY_2_6_OUTPUT=y
+CONFIG_MODPROBE=y
+CONFIG_FEATURE_MODPROBE_BLACKLIST=y
+CONFIG_DEPMOD=y
+
+#
+# Options common to multiple modutils
+#
+# CONFIG_FEATURE_2_4_MODULES is not set
+# CONFIG_FEATURE_INSMOD_VERSION_CHECKING is not set
+# CONFIG_FEATURE_INSMOD_KSYMOOPS_SYMBOLS is not set
+# CONFIG_FEATURE_INSMOD_LOADINKMEM is not set
+# CONFIG_FEATURE_INSMOD_LOAD_MAP is not set
+# CONFIG_FEATURE_INSMOD_LOAD_MAP_FULL is not set
+CONFIG_FEATURE_CHECK_TAINTED_MODULE=y
+CONFIG_FEATURE_MODUTILS_ALIAS=y
+CONFIG_FEATURE_MODUTILS_SYMBOLS=y
+CONFIG_DEFAULT_MODULES_DIR="/lib/modules"
+CONFIG_DEFAULT_DEPMOD_FILE="modules.dep"
+
+#
+# Linux System Utilities
+#
+CONFIG_ACPID=y
+CONFIG_FEATURE_ACPID_COMPAT=y
+CONFIG_BLKID=y
+CONFIG_DMESG=y
+CONFIG_FEATURE_DMESG_PRETTY=y
+CONFIG_FBSET=y
+CONFIG_FEATURE_FBSET_FANCY=y
+CONFIG_FEATURE_FBSET_READMODE=y
+CONFIG_FDFLUSH=y
+CONFIG_FDFORMAT=y
+CONFIG_FDISK=y
+CONFIG_FDISK_SUPPORT_LARGE_DISKS=y
+CONFIG_FEATURE_FDISK_WRITABLE=y
+CONFIG_FEATURE_AIX_LABEL=y
+CONFIG_FEATURE_SGI_LABEL=y
+CONFIG_FEATURE_SUN_LABEL=y
+CONFIG_FEATURE_OSF_LABEL=y
+CONFIG_FEATURE_FDISK_ADVANCED=y
+CONFIG_FINDFS=y
+# CONFIG_FREERAMDISK is not set
+# CONFIG_FSCK_MINIX is not set
+# CONFIG_MKFS_MINIX is not set
+# CONFIG_FEATURE_MINIX2 is not set
+CONFIG_MKFS_VFAT=y
+CONFIG_GETOPT=y
+CONFIG_HEXDUMP=y
+CONFIG_FEATURE_HEXDUMP_REVERSE=y
+CONFIG_HD=y
+CONFIG_HWCLOCK=y
+CONFIG_FEATURE_HWCLOCK_LONG_OPTIONS=y
+CONFIG_FEATURE_HWCLOCK_ADJTIME_FHS=y
+CONFIG_IPCRM=y
+CONFIG_IPCS=y
+CONFIG_LOSETUP=y
+CONFIG_MDEV=y
+CONFIG_FEATURE_MDEV_CONF=y
+CONFIG_FEATURE_MDEV_RENAME=y
+CONFIG_FEATURE_MDEV_RENAME_REGEXP=y
+CONFIG_FEATURE_MDEV_EXEC=y
+CONFIG_FEATURE_MDEV_LOAD_FIRMWARE=y
+CONFIG_MKSWAP=y
+# CONFIG_FEATURE_MKSWAP_V0 is not set
+CONFIG_MORE=y
+CONFIG_FEATURE_USE_TERMIOS=y
+CONFIG_VOLUMEID=y
+CONFIG_FEATURE_VOLUMEID_EXT=y
+CONFIG_FEATURE_VOLUMEID_REISERFS=y
+CONFIG_FEATURE_VOLUMEID_FAT=y
+# CONFIG_FEATURE_VOLUMEID_HFS is not set
+# CONFIG_FEATURE_VOLUMEID_JFS is not set
+CONFIG_FEATURE_VOLUMEID_XFS=y
+CONFIG_FEATURE_VOLUMEID_NTFS=y
+CONFIG_FEATURE_VOLUMEID_ISO9660=y
+CONFIG_FEATURE_VOLUMEID_UDF=y
+CONFIG_FEATURE_VOLUMEID_LUKS=y
+CONFIG_FEATURE_VOLUMEID_LINUXSWAP=y
+CONFIG_FEATURE_VOLUMEID_CRAMFS=y
+# CONFIG_FEATURE_VOLUMEID_ROMFS is not set
+# CONFIG_FEATURE_VOLUMEID_SYSV is not set
+CONFIG_FEATURE_VOLUMEID_OCFS2=y
+CONFIG_FEATURE_VOLUMEID_LINUXRAID=y
+CONFIG_MOUNT=y
+CONFIG_FEATURE_MOUNT_FAKE=y
+CONFIG_FEATURE_MOUNT_VERBOSE=y
+CONFIG_FEATURE_MOUNT_HELPERS=y
+CONFIG_FEATURE_MOUNT_LABEL=y
+CONFIG_FEATURE_MOUNT_NFS=y
+CONFIG_FEATURE_MOUNT_CIFS=y
+CONFIG_FEATURE_MOUNT_FLAGS=y
+CONFIG_FEATURE_MOUNT_FSTAB=y
+# CONFIG_PIVOT_ROOT is not set
+CONFIG_RDATE=y
+CONFIG_RDEV=y
+CONFIG_READPROFILE=y
+# CONFIG_RTCWAKE is not set
+# CONFIG_SCRIPT is not set
+CONFIG_SETARCH=y
+CONFIG_SWAPONOFF=y
+CONFIG_FEATURE_SWAPON_PRI=y
+CONFIG_SWITCH_ROOT=y
+CONFIG_UMOUNT=y
+CONFIG_FEATURE_UMOUNT_ALL=y
+
+#
+# Common options for mount/umount
+#
+CONFIG_FEATURE_MOUNT_LOOP=y
+# CONFIG_FEATURE_MTAB_SUPPORT is not set
+
+#
+# Miscellaneous Utilities
+#
+CONFIG_ADJTIMEX=y
+CONFIG_BBCONFIG=y
+# CONFIG_CHAT is not set
+# CONFIG_FEATURE_CHAT_NOFAIL is not set
+# CONFIG_FEATURE_CHAT_TTY_HIFI is not set
+# CONFIG_FEATURE_CHAT_IMPLICIT_CR is not set
+# CONFIG_FEATURE_CHAT_SWALLOW_OPTS is not set
+# CONFIG_FEATURE_CHAT_SEND_ESCAPES is not set
+# CONFIG_FEATURE_CHAT_VAR_ABORT_LEN is not set
+# CONFIG_FEATURE_CHAT_CLR_ABORT is not set
+# CONFIG_CHRT is not set
+CONFIG_CROND=y
+CONFIG_FEATURE_CROND_D=y
+CONFIG_FEATURE_CROND_CALL_SENDMAIL=y
+CONFIG_FEATURE_CROND_DIR="/var/spool/cron"
+CONFIG_CRONTAB=y
+CONFIG_DC=y
+CONFIG_FEATURE_DC_LIBM=y
+# CONFIG_DEVFSD is not set
+# CONFIG_DEVFSD_MODLOAD is not set
+# CONFIG_DEVFSD_FG_NP is not set
+# CONFIG_DEVFSD_VERBOSE is not set
+# CONFIG_FEATURE_DEVFS is not set
+# CONFIG_DEVMEM is not set
+CONFIG_EJECT=y
+CONFIG_FEATURE_EJECT_SCSI=y
+CONFIG_FBSPLASH=y
+# CONFIG_FLASH_ERASEALL is not set
+CONFIG_IONICE=y
+CONFIG_INOTIFYD=y
+CONFIG_LAST=y
+CONFIG_FEATURE_LAST_SMALL=y
+# CONFIG_FEATURE_LAST_FANCY is not set
+CONFIG_LESS=y
+CONFIG_FEATURE_LESS_MAXLINES=9999999
+CONFIG_FEATURE_LESS_BRACKETS=y
+CONFIG_FEATURE_LESS_FLAGS=y
+CONFIG_FEATURE_LESS_MARKS=y
+CONFIG_FEATURE_LESS_REGEXP=y
+CONFIG_FEATURE_LESS_WINCH=y
+CONFIG_FEATURE_LESS_DASHCMD=y
+CONFIG_FEATURE_LESS_LINENUMS=y
+# CONFIG_HDPARM is not set
+# CONFIG_FEATURE_HDPARM_GET_IDENTITY is not set
+# CONFIG_FEATURE_HDPARM_HDIO_SCAN_HWIF is not set
+# CONFIG_FEATURE_HDPARM_HDIO_UNREGISTER_HWIF is not set
+# CONFIG_FEATURE_HDPARM_HDIO_DRIVE_RESET is not set
+# CONFIG_FEATURE_HDPARM_HDIO_TRISTATE_HWIF is not set
+# CONFIG_FEATURE_HDPARM_HDIO_GETSET_DMA is not set
+# CONFIG_MAKEDEVS is not set
+# CONFIG_FEATURE_MAKEDEVS_LEAF is not set
+# CONFIG_FEATURE_MAKEDEVS_TABLE is not set
+# CONFIG_MAN is not set
+CONFIG_MICROCOM=y
+CONFIG_MOUNTPOINT=y
+CONFIG_MT=y
+CONFIG_RAIDAUTORUN=y
+CONFIG_READAHEAD=y
+CONFIG_RUNLEVEL=y
+CONFIG_RX=y
+CONFIG_SETSID=y
+CONFIG_STRINGS=y
+# CONFIG_TASKSET is not set
+# CONFIG_FEATURE_TASKSET_FANCY is not set
+CONFIG_TIME=y
+CONFIG_TIMEOUT=y
+CONFIG_TTYSIZE=y
+CONFIG_WATCHDOG=y
+
+#
+# Networking Utilities
+#
+CONFIG_FEATURE_IPV6=y
+CONFIG_FEATURE_PREFER_IPV4_ADDRESS=y
+CONFIG_VERBOSE_RESOLUTION_ERRORS=y
+CONFIG_ARP=y
+CONFIG_ARPING=y
+CONFIG_BRCTL=y
+CONFIG_FEATURE_BRCTL_FANCY=y
+CONFIG_FEATURE_BRCTL_SHOW=y
+CONFIG_DNSD=y
+CONFIG_ETHER_WAKE=y
+CONFIG_FAKEIDENTD=y
+CONFIG_FTPD=y
+CONFIG_FEATURE_FTP_WRITE=y
+CONFIG_FTPGET=y
+CONFIG_FTPPUT=y
+# CONFIG_FEATURE_FTPGETPUT_LONG_OPTIONS is not set
+CONFIG_HOSTNAME=y
+CONFIG_HTTPD=y
+CONFIG_FEATURE_HTTPD_RANGES=y
+CONFIG_FEATURE_HTTPD_USE_SENDFILE=y
+CONFIG_FEATURE_HTTPD_SETUID=y
+CONFIG_FEATURE_HTTPD_BASIC_AUTH=y
+CONFIG_FEATURE_HTTPD_AUTH_MD5=y
+CONFIG_FEATURE_HTTPD_CGI=y
+CONFIG_FEATURE_HTTPD_CONFIG_WITH_SCRIPT_INTERPR=y
+CONFIG_FEATURE_HTTPD_SET_REMOTE_PORT_TO_ENV=y
+CONFIG_FEATURE_HTTPD_ENCODE_URL_STR=y
+CONFIG_FEATURE_HTTPD_ERROR_PAGES=y
+CONFIG_FEATURE_HTTPD_PROXY=y
+CONFIG_IFCONFIG=y
+CONFIG_FEATURE_IFCONFIG_STATUS=y
+CONFIG_FEATURE_IFCONFIG_SLIP=y
+CONFIG_FEATURE_IFCONFIG_MEMSTART_IOADDR_IRQ=y
+CONFIG_FEATURE_IFCONFIG_HW=y
+CONFIG_FEATURE_IFCONFIG_BROADCAST_PLUS=y
+CONFIG_IFENSLAVE=y
+CONFIG_IFUPDOWN=y
+CONFIG_IFUPDOWN_IFSTATE_PATH="/var/run/ifstate"
+CONFIG_FEATURE_IFUPDOWN_IP=y
+CONFIG_FEATURE_IFUPDOWN_IP_BUILTIN=y
+# CONFIG_FEATURE_IFUPDOWN_IFCONFIG_BUILTIN is not set
+CONFIG_FEATURE_IFUPDOWN_IPV4=y
+CONFIG_FEATURE_IFUPDOWN_IPV6=y
+# CONFIG_FEATURE_IFUPDOWN_MAPPING is not set
+CONFIG_FEATURE_IFUPDOWN_EXTERNAL_DHCP=y
+CONFIG_INETD=y
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_ECHO is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DISCARD is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_TIME is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_DAYTIME is not set
+# CONFIG_FEATURE_INETD_SUPPORT_BUILTIN_CHARGEN is not set
+# CONFIG_FEATURE_INETD_RPC is not set
+CONFIG_IP=y
+CONFIG_FEATURE_IP_ADDRESS=y
+CONFIG_FEATURE_IP_LINK=y
+CONFIG_FEATURE_IP_ROUTE=y
+CONFIG_FEATURE_IP_TUNNEL=y
+CONFIG_FEATURE_IP_RULE=y
+CONFIG_FEATURE_IP_SHORT_FORMS=y
+CONFIG_FEATURE_IP_RARE_PROTOCOLS=y
+CONFIG_IPADDR=y
+CONFIG_IPLINK=y
+CONFIG_IPROUTE=y
+CONFIG_IPTUNNEL=y
+CONFIG_IPRULE=y
+CONFIG_IPCALC=y
+CONFIG_FEATURE_IPCALC_FANCY=y
+# CONFIG_FEATURE_IPCALC_LONG_OPTIONS is not set
+CONFIG_NAMEIF=y
+CONFIG_FEATURE_NAMEIF_EXTENDED=y
+CONFIG_NC=y
+CONFIG_NC_SERVER=y
+CONFIG_NC_EXTRA=y
+CONFIG_NETSTAT=y
+CONFIG_FEATURE_NETSTAT_WIDE=y
+CONFIG_FEATURE_NETSTAT_PRG=y
+CONFIG_NSLOOKUP=y
+CONFIG_PING=y
+CONFIG_PING6=y
+CONFIG_FEATURE_FANCY_PING=y
+CONFIG_PSCAN=y
+CONFIG_ROUTE=y
+CONFIG_SLATTACH=y
+CONFIG_TELNET=y
+CONFIG_FEATURE_TELNET_TTYPE=y
+CONFIG_FEATURE_TELNET_AUTOLOGIN=y
+# CONFIG_TELNETD is not set
+# CONFIG_FEATURE_TELNETD_STANDALONE is not set
+CONFIG_TFTP=y
+# CONFIG_TFTPD is not set
+CONFIG_FEATURE_TFTP_GET=y
+CONFIG_FEATURE_TFTP_PUT=y
+CONFIG_FEATURE_TFTP_BLOCKSIZE=y
+# CONFIG_TFTP_DEBUG is not set
+CONFIG_TRACEROUTE=y
+CONFIG_FEATURE_TRACEROUTE_VERBOSE=y
+CONFIG_FEATURE_TRACEROUTE_SOURCE_ROUTE=y
+CONFIG_FEATURE_TRACEROUTE_USE_ICMP=y
+CONFIG_APP_UDHCPD=y
+CONFIG_APP_DHCPRELAY=y
+CONFIG_APP_DUMPLEASES=y
+CONFIG_FEATURE_UDHCPD_WRITE_LEASES_EARLY=y
+CONFIG_DHCPD_LEASES_FILE="/var/lib/misc/udhcpd.leases"
+CONFIG_APP_UDHCPC=y
+CONFIG_FEATURE_UDHCPC_ARPING=y
+# CONFIG_FEATURE_UDHCP_PORT is not set
+# CONFIG_UDHCP_DEBUG is not set
+CONFIG_FEATURE_UDHCP_RFC3397=y
+CONFIG_UDHCPC_DEFAULT_SCRIPT="/usr/share/udhcpc/default.script"
+CONFIG_UDHCPC_SLACK_FOR_BUGGY_SERVERS=80
+CONFIG_IFUPDOWN_UDHCPC_CMD_OPTIONS="-R -n"
+CONFIG_VCONFIG=y
+CONFIG_WGET=y
+CONFIG_FEATURE_WGET_STATUSBAR=y
+CONFIG_FEATURE_WGET_AUTHENTICATION=y
+# CONFIG_FEATURE_WGET_LONG_OPTIONS is not set
+CONFIG_ZCIP=y
+# CONFIG_TCPSVD is not set
+CONFIG_TUNCTL=y
+CONFIG_FEATURE_TUNCTL_UG=y
+# CONFIG_UDPSVD is not set
+
+#
+# Print Utilities
+#
+# CONFIG_LPD is not set
+# CONFIG_LPR is not set
+# CONFIG_LPQ is not set
+
+#
+# Mail Utilities
+#
+# CONFIG_MAKEMIME is not set
+CONFIG_FEATURE_MIME_CHARSET="us-ascii"
+# CONFIG_POPMAILDIR is not set
+# CONFIG_FEATURE_POPMAILDIR_DELIVERY is not set
+CONFIG_REFORMIME=y
+CONFIG_FEATURE_REFORMIME_COMPAT=y
+CONFIG_SENDMAIL=y
+
+#
+# Process Utilities
+#
+CONFIG_FREE=y
+CONFIG_FUSER=y
+CONFIG_KILL=y
+CONFIG_KILLALL=y
+CONFIG_KILLALL5=y
+CONFIG_NMETER=y
+CONFIG_PGREP=y
+CONFIG_PIDOF=y
+CONFIG_FEATURE_PIDOF_SINGLE=y
+CONFIG_FEATURE_PIDOF_OMIT=y
+CONFIG_PKILL=y
+CONFIG_PS=y
+CONFIG_FEATURE_PS_WIDE=y
+CONFIG_FEATURE_PS_TIME=y
+# CONFIG_FEATURE_PS_UNUSUAL_SYSTEMS is not set
+CONFIG_RENICE=y
+CONFIG_BB_SYSCTL=y
+CONFIG_TOP=y
+CONFIG_FEATURE_TOP_CPU_USAGE_PERCENTAGE=y
+CONFIG_FEATURE_TOP_CPU_GLOBAL_PERCENTS=y
+CONFIG_FEATURE_TOP_SMP_CPU=y
+# CONFIG_FEATURE_TOP_DECIMALS is not set
+CONFIG_FEATURE_TOP_SMP_PROCESS=y
+CONFIG_FEATURE_TOPMEM=y
+CONFIG_UPTIME=y
+CONFIG_WATCH=y
+
+#
+# Runit Utilities
+#
+# CONFIG_RUNSV is not set
+# CONFIG_RUNSVDIR is not set
+# CONFIG_FEATURE_RUNSVDIR_LOG is not set
+# CONFIG_SV is not set
+CONFIG_SV_DEFAULT_SERVICE_DIR=""
+# CONFIG_SVLOGD is not set
+# CONFIG_CHPST is not set
+# CONFIG_SETUIDGID is not set
+# CONFIG_ENVUIDGID is not set
+# CONFIG_ENVDIR is not set
+# CONFIG_SOFTLIMIT is not set
+# CONFIG_CHCON is not set
+# CONFIG_FEATURE_CHCON_LONG_OPTIONS is not set
+# CONFIG_GETENFORCE is not set
+# CONFIG_GETSEBOOL is not set
+# CONFIG_LOAD_POLICY is not set
+# CONFIG_MATCHPATHCON is not set
+# CONFIG_RESTORECON is not set
+# CONFIG_RUNCON is not set
+# CONFIG_FEATURE_RUNCON_LONG_OPTIONS is not set
+# CONFIG_SELINUXENABLED is not set
+# CONFIG_SETENFORCE is not set
+# CONFIG_SETFILES is not set
+# CONFIG_FEATURE_SETFILES_CHECK_OPTION is not set
+# CONFIG_SETSEBOOL is not set
+# CONFIG_SESTATUS is not set
+
+#
+# Shells
+#
+CONFIG_FEATURE_SH_IS_ASH=y
+# CONFIG_FEATURE_SH_IS_HUSH is not set
+# CONFIG_FEATURE_SH_IS_MSH is not set
+# CONFIG_FEATURE_SH_IS_NONE is not set
+CONFIG_ASH=y
+
+#
+# Ash Shell Options
+#
+CONFIG_ASH_BASH_COMPAT=y
+CONFIG_ASH_JOB_CONTROL=y
+CONFIG_ASH_READ_NCHARS=y
+CONFIG_ASH_READ_TIMEOUT=y
+CONFIG_ASH_ALIAS=y
+CONFIG_ASH_GETOPTS=y
+CONFIG_ASH_BUILTIN_ECHO=y
+CONFIG_ASH_BUILTIN_PRINTF=y
+CONFIG_ASH_BUILTIN_TEST=y
+CONFIG_ASH_CMDCMD=y
+CONFIG_ASH_MAIL=y
+CONFIG_ASH_OPTIMIZE_FOR_SIZE=y
+CONFIG_ASH_RANDOM_SUPPORT=y
+CONFIG_ASH_EXPAND_PRMT=y
+# CONFIG_HUSH is not set
+# CONFIG_HUSH_HELP is not set
+# CONFIG_HUSH_INTERACTIVE is not set
+# CONFIG_HUSH_JOB is not set
+# CONFIG_HUSH_TICK is not set
+# CONFIG_HUSH_IF is not set
+# CONFIG_HUSH_LOOPS is not set
+# CONFIG_HUSH_CASE is not set
+# CONFIG_HUSH_FUNCTIONS is not set
+# CONFIG_HUSH_EXPORT_N is not set
+# CONFIG_LASH is not set
+# CONFIG_MSH is not set
+
+#
+# Bourne Shell Options
+#
+CONFIG_SH_MATH_SUPPORT=y
+# CONFIG_SH_MATH_SUPPORT_64 is not set
+CONFIG_FEATURE_SH_EXTRA_QUIET=y
+# CONFIG_FEATURE_SH_STANDALONE is not set
+# CONFIG_FEATURE_SH_NOFORK is not set
+# CONFIG_CTTYHACK is not set
+
+#
+# System Logging Utilities
+#
+CONFIG_SYSLOGD=y
+CONFIG_FEATURE_ROTATE_LOGFILE=y
+CONFIG_FEATURE_REMOTE_LOG=y
+CONFIG_FEATURE_SYSLOGD_DUP=y
+CONFIG_FEATURE_IPC_SYSLOG=y
+CONFIG_FEATURE_IPC_SYSLOG_BUFFER_SIZE=16
+CONFIG_LOGREAD=y
+CONFIG_FEATURE_LOGREAD_REDUCED_LOCKING=y
+CONFIG_KLOGD=y
+CONFIG_LOGGER=y
diff --git a/main/bzip2/APKBUILD b/main/bzip2/APKBUILD
new file mode 100644
index 0000000000..09721bb760
--- /dev/null
+++ b/main/bzip2/APKBUILD
@@ -0,0 +1,48 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=bzip2
+pkgver=1.0.5
+pkgrel=1
+pkgdesc="A high-quality data compression program"
+url="http://sources.redhat.com/bzip2"
+license="BZIP2"
+depends="uclibc"
+install="$pkgname.post-deinstall"
+source="http://www.bzip.org/$pkgver/$pkgname-$pkgver.tar.gz
+	$install
+	bzip2-1.0.4-POSIX-shell.patch
+	bzip2-1.0.4-makefile-CFLAGS.patch
+	bzip2-1.0.4-man-links.patch
+	bzip2-1.0.4-saneso.patch
+	"
+subpackages="$pkgname-dev $pkgname-doc"
+
+build () { 
+	local i
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying ${i##*/}"
+		patch -p1 < $i || return 1
+	done
+
+	# Fix man path
+	# Generate relative symlinks
+	sed -i \
+		-e 's:\$(PREFIX)/man:\$(PREFIX)/share/man:g' \
+		-e 's:ln -s -f $(PREFIX)/bin/:ln -s :' \
+		Makefile || return 1
+
+	# fixup broken version stuff
+	sed -i \
+		-e "s:1\.0\.4:$pkgver:" \
+		bzip2.1 bzip2.txt Makefile-libbz2_so manual.* || return 1
+
+	make -f Makefile-libbz2_so all || return 1
+	make all || return 1
+	make PREFIX="$pkgdir"/usr install || return 1
+}
+md5sums="3c15a0c8d1d3ee1c46a1634d00617b1a  bzip2-1.0.5.tar.gz
+b84506d253e04db3c5af9016fead45a3  bzip2.post-deinstall
+2e9bcfeb1614b55f5ba2d087ac65a3fe  bzip2-1.0.4-POSIX-shell.patch
+56b90131e3c2ae425b758de9c7be7682  bzip2-1.0.4-makefile-CFLAGS.patch
+fd13ef6bc55276c7e3adc346bde56cd1  bzip2-1.0.4-man-links.patch
+643983e8134723ebe53c858b1a3938ad  bzip2-1.0.4-saneso.patch"
diff --git a/main/bzip2/bzip2-1.0.4-POSIX-shell.patch b/main/bzip2/bzip2-1.0.4-POSIX-shell.patch
new file mode 100644
index 0000000000..74f8df000b
--- /dev/null
+++ b/main/bzip2/bzip2-1.0.4-POSIX-shell.patch
@@ -0,0 +1,21 @@
+bzgrep uses !/bin/sh but then uses the bashism ${var//} so replace those
+with calls to sed so POSIX shells work
+
+http://bugs.gentoo.org/193365
+
+--- a/bzgrep
++++ b/bzgrep
+@@ -63,10 +63,9 @@
+     bzip2 -cdfq "$i" | $grep $opt "$pat"
+     r=$?
+   else
+-    j=${i//\\/\\\\}
+-    j=${j//|/\\|}
+-    j=${j//&/\\&}
+-    j=`printf "%s" "$j" | tr '\n' ' '`
++    # the backslashes here are doubled up as we have to escape each one for the
++    # shell and then escape each one for the sed expression
++    j=`printf "%s" "${i}" | sed -e 's:\\\\:\\\\\\\\:g' -e 's:[|]:\\\\|:g' -e 's:[&]:\\\\&:g' | tr '\n' ' '`
+     bzip2 -cdfq "$i" | $grep $opt "$pat" | sed "s|^|${j}:|"
+     r=$?
+   fi
diff --git a/main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch b/main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch
new file mode 100644
index 0000000000..85a3c6af6c
--- /dev/null
+++ b/main/bzip2/bzip2-1.0.4-makefile-CFLAGS.patch
@@ -0,0 +1,25 @@
+--- a/Makefile
++++ b/Makefile
+@@ -18,10 +18,9 @@
+ CC=gcc
+ AR=ar
+ RANLIB=ranlib
+-LDFLAGS=
+ 
+ BIGFILES=-D_FILE_OFFSET_BITS=64
+-CFLAGS=-Wall -Winline -O2 -g $(BIGFILES)
++CFLAGS+=-Wall -Winline $(BIGFILES)
+ 
+ # Where you want it installed when you do 'make install'
+ PREFIX=/usr/local
+--- a/Makefile-libbz2_so
++++ b/Makefile-libbz2_so
+@@ -24,7 +24,7 @@
+ SHELL=/bin/sh
+ CC=gcc
+ BIGFILES=-D_FILE_OFFSET_BITS=64
+-CFLAGS=-fpic -fPIC -Wall -Winline -O2 -g $(BIGFILES)
++CFLAGS+=-fpic -fPIC -Wall -Winline $(BIGFILES)
+ 
+ OBJS= blocksort.o  \
+       huffman.o    \
diff --git a/main/bzip2/bzip2-1.0.4-man-links.patch b/main/bzip2/bzip2-1.0.4-man-links.patch
new file mode 100644
index 0000000000..2427d6a7fb
--- /dev/null
+++ b/main/bzip2/bzip2-1.0.4-man-links.patch
@@ -0,0 +1,12 @@
+http://bugs.gentoo.org/172986
+
+--- bzip2-1.0.4/Makefile
++++ bzip2-1.0.4/Makefile
+@@ -85,4 +85,7 @@
+ 	cp -f bzip2.1 $(PREFIX)/share/man/man1
+ 	chmod a+r $(PREFIX)/share/man/man1/bzip2.1
++	ln -s bzip2.1 $(PREFIX)/share/man/man1/bunzip2.1
++	ln -s bzip2.1 $(PREFIX)/share/man/man1/bzcat.1
++	ln -s bzip2.1 $(PREFIX)/share/man/man1/bzip2recover.1
+ 	cp -f bzlib.h $(PREFIX)/include
+ 	chmod a+r $(PREFIX)/include/bzlib.h
diff --git a/main/bzip2/bzip2-1.0.4-saneso.patch b/main/bzip2/bzip2-1.0.4-saneso.patch
new file mode 100644
index 0000000000..9a71342ca9
--- /dev/null
+++ b/main/bzip2/bzip2-1.0.4-saneso.patch
@@ -0,0 +1,13 @@
+--- a/Makefile-libbz2_so
++++ b/Makefile-libbz2_so
+@@ -35,8 +35,8 @@
+       bzlib.o
+ 
+ all: $(OBJS)
+-	$(CC) -shared -Wl,-soname -Wl,libbz2.so.1.0 -o libbz2.so.1.0.4 $(OBJS)
+-	$(CC) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4
++	$(CC) $(LDFLAGS) -shared -Wl,-soname -Wl,libbz2.so.1 -o libbz2.so.1.0.4 $(OBJS)
++	$(CC) $(LDFLAGS) $(CFLAGS) -o bzip2-shared bzip2.c libbz2.so.1.0.4
+ 	rm -f libbz2.so.1.0
+ 	ln -s libbz2.so.1.0.4 libbz2.so.1.0
+ 
diff --git a/main/bzip2/bzip2.post-deinstall b/main/bzip2/bzip2.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/bzip2/bzip2.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/c-ares/APKBUILD b/main/c-ares/APKBUILD
new file mode 100644
index 0000000000..889eab3591
--- /dev/null
+++ b/main/c-ares/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=c-ares
+pkgver=1.6.0
+pkgrel=1
+pkgdesc="An asynchronously DNS/names resolver library"
+url="http://c-ares.haxx.se/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://c-ares.haxx.se/${pkgname}-${pkgver}.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--enable-shared
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="4503b0db3dd79d3c1f58d87722dbab46  c-ares-1.6.0.tar.gz"
+
diff --git a/main/ca-certificates/APKBUILD b/main/ca-certificates/APKBUILD
new file mode 100644
index 0000000000..e39567de17
--- /dev/null
+++ b/main/ca-certificates/APKBUILD
@@ -0,0 +1,30 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ca-certificates
+pkgver=20090709
+pkgrel=0
+pkgdesc="Common CA certificates PEM files"
+url="http://packages.debian.org/sid/ca-certificates"
+license="MPL GPL"
+depends="run-parts openssl"
+install=ca-certificates.post-install
+source="http://ftp.no.debian.org/debian/pool/main/c/$pkgname/${pkgname}_${pkgver}_all.deb
+	$install
+	"
+
+build () {
+	cd "$srcdir"
+	ar x "$srcdir"/${pkgname}_${pkgver}_all.deb || return 1
+	tar -zxf ./data.tar.gz
+
+	mkdir -p "$pkgdir"
+	cp -Ra usr etc "$pkgdir"/
+	(
+	echo "# Automatically generated by ${pkgname}-${pkgver}-${pkgrel}"
+	echo "# $(date -u)"
+	echo "# Do not edit."
+	cd "$pkgdir"/usr/share/ca-certificates
+	find . -name '*.crt' | sort | cut -b3-
+	) > "$pkgdir"/etc/ca-certificates.conf
+}
+md5sums="72c284149d15b336a1758af819192d21  ca-certificates_20090709_all.deb
+83a92f371137ac9f046c94452bf17058  ca-certificates.post-install"
diff --git a/main/ca-certificates/ca-certificates.post-install b/main/ca-certificates/ca-certificates.post-install
new file mode 100644
index 0000000000..439cfca52e
--- /dev/null
+++ b/main/ca-certificates/ca-certificates.post-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+/usr/sbin/update-ca-certificates --fresh  &> /dev/null
+
+exit 0;
diff --git a/main/ccache/APKBUILD b/main/ccache/APKBUILD
new file mode 100644
index 0000000000..2143bdb728
--- /dev/null
+++ b/main/ccache/APKBUILD
@@ -0,0 +1,32 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ccache
+pkgver=2.4
+pkgrel=0
+pkgdesc="ccache is a compiler cache"
+url="http://ccache.samba.org/"
+license="GPL"
+subpackages="$pkgname-doc"
+depends="uclibc"
+makedepends=""
+source="http://samba.org/ftp/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr
+	make || return 1
+	install -Dm 755 ccache "$pkgdir"/usr/bin/ccache
+	install -Dm 644 ccache.1 "$pkgdir"/usr/share/man/man1/ccache.1
+	mkdir -p "$pkgdir"/usr/lib/ccache/bin
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/cc
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/gcc
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/g++
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/cpp
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/c++
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/${CHOST}-cc
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/${CHOST}-gcc
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/${CHOST}-g++
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/${CHOST}-cpp
+	ln -sf /usr/bin/ccache "$pkgdir"/usr/lib/ccache/bin/${CHOST}-c++
+}
+md5sums="73c1ed1e767c1752dd0f548ec1e66ce7  ccache-2.4.tar.gz"
diff --git a/main/cdrkit/APKBUILD b/main/cdrkit/APKBUILD
new file mode 100644
index 0000000000..a5ca8d7710
--- /dev/null
+++ b/main/cdrkit/APKBUILD
@@ -0,0 +1,31 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=cdrkit
+pkgver=1.1.9
+pkgrel=1
+pkgdesc="Suite of programs for CD/DVD recording, ISO image creation, and audio CD extraction"
+url="http://cdrkit.org/"
+license="GPL2"
+depends="libcap file bzip2 zlib"
+makedepends="cmake libcap-dev bzip2-dev zlib-dev"
+source="http://$pkgname.org/releases/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir/cdrkit-$pkgver"
+	make || return 1
+	make PREFIX="$pkgdir/usr" install || return 1
+	cd "$pkgdir/usr/bin"
+	ln -s wodim cdrecord || return 1
+	ln -s readom readcd || return 1
+	ln -s genisoimage mkisofs || return 1
+	ln -s genisoimage mkhybrid || return 1
+	ln -s icedax cdda2wav || return 1
+	cd "$pkgdir/usr/share/man/man1"
+	ln -s wodim.1 cdrecord.1 || return 1
+	ln -s readom.1 readcd.1 || return 1
+	ln -s genisoimage.1 mkisofs.1 || return 1
+	ln -s genisoimage.1 mkhybrid.1 || return 1
+	ln -s icedax.1 cdda2wav.1 || return 1
+}
+md5sums="cbc0647e5d85f0e8fb3a692ba1d42edd  cdrkit-1.1.9.tar.gz"
diff --git a/main/cgit/APKBUILD b/main/cgit/APKBUILD
new file mode 100644
index 0000000000..d7578539c8
--- /dev/null
+++ b/main/cgit/APKBUILD
@@ -0,0 +1,29 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=cgit
+pkgver=0.8.2.1
+pkgrel=1
+_gitver=1.6.2.4
+pkgdesc="a fast webinterface for git"
+url="http://hjemli.net/git/cgit"
+license=GPL-2
+makedepends="openssl-dev zlib-dev"
+depends="uclibc openssl zlib"
+source="
+	http://hjemli.net/git/cgit/snapshot/$pkgname-$pkgver.tar.gz
+	http://www.kernel.org/pub/software/scm/git/git-$_gitver.tar.bz2
+	"
+
+build() {
+	local makeopts="NO_ICONV=YesPlease NO_CURL=YesPlease"
+	cd "$srcdir/$pkgname-$pkgver"
+	rm -rf git
+	ln -s ../git-$_gitver git
+	make $makeopts || return 1
+	make $makeopts DESTDIR="$pkgdir" \
+		CGIT_SCRIPT_PATH=/usr/share/webapps/cgit \
+		install
+	ln -s cgit.cgi "$pkgdir"/usr/share/webapps/cgit/cgit
+}
+
+md5sums="12f5468a948be40c275445253e73d309  cgit-0.8.2.1.tar.gz
+c24d796879bb09e1cc5545bf3a3d7cf6  git-1.6.2.4.tar.bz2"
diff --git a/main/chrony/APKBUILD b/main/chrony/APKBUILD
new file mode 100644
index 0000000000..21f8924a66
--- /dev/null
+++ b/main/chrony/APKBUILD
@@ -0,0 +1,60 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=chrony
+pkgver=1.23
+pkgrel=2
+pkgdesc="NTP client and server programs"
+url="http://chrony.sunsite.dk/"
+license="GPL-2"
+depends=
+makedepends="texinfo"
+subpackages="$pkgname-doc"
+source="http://chrony.sunsite.dk/download/$pkgname-$pkgver.tar.gz
+	$pkgname-1.20-conf.c-gentoo.diff
+	$pkgname-1.20-chrony.conf.example-gentoo.diff
+	$pkgname-1.21-makefile.diff
+	$pkgname-1.23-sources.diff
+	$pkgname-1.23-reply-ip.diff
+	chronyd.confd
+	chronyd.initd
+	chrony.conf
+	"
+
+build() {
+	local i
+	cd "$srcdir/$pkgname-$pkgver"
+
+	for i in ../*.diff; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+	sed -i "s:/etc/chrony:/etc/chrony/chrony:g" \
+		chrony*.[158] faq.txt chrony.texi || die "sed failed"
+
+	./configure --prefix=/usr \
+		--infodir=/usr/share/info \
+		--mandir=/usr/share/man \
+		--disable-readline
+
+	make all docs || return 1
+	make DESTDIR="$pkgdir" install
+
+	mv "$pkgdir"/usr/doc "$pkgdir"/usr/share/
+	install -D -m644 examples/*.example "$pkgdir"/usr/share/doc/chrony/
+
+	install -m755 -D "$srcdir"/chronyd.initd "$pkgdir"/etc/init.d/chronyd
+	install -m644 -D "$srcdir"/chronyd.confd "$pkgdir"/etc/conf.d/chronyd
+	mkdir -p "$pkgdir"/var/lib/chrony \
+		"$pkgdir"/var/log/chrony \
+		"$pkgdir"/etc/chrony
+	touch "$pkgdir"/etc/chrony/chrony.drift
+	install -m644 "$srcdir"/chrony.conf "$pkgdir"/etc/chrony/chrony.conf
+}
+md5sums="ffce77695e55d8efda19ab0b78309c23  chrony-1.23.tar.gz
+bd6bd57363865d3ed0c3187d0c9f7151  chrony-1.20-conf.c-gentoo.diff
+b2a23e02f7af50bebdd5d18bccdedbf0  chrony-1.20-chrony.conf.example-gentoo.diff
+d47015a34b6b2f9eebca77ef939cec72  chrony-1.21-makefile.diff
+39cbce9f66638b67623e1ee6bb0f943f  chrony-1.23-sources.diff
+caa6589a1a1cd56f64957e312d1ef84c  chrony-1.23-reply-ip.diff
+d5c09be46226774d22c08c5a4c28093a  chronyd.confd
+dac8aa4913d7c323abfa1719ddd7e5e4  chronyd.initd
+46f42c52953d398ca44d6baa449618d7  chrony.conf"
diff --git a/main/chrony/chrony-1.20-chrony.conf.example-gentoo.diff b/main/chrony/chrony-1.20-chrony.conf.example-gentoo.diff
new file mode 100644
index 0000000000..498b241750
--- /dev/null
+++ b/main/chrony/chrony-1.20-chrony.conf.example-gentoo.diff
@@ -0,0 +1,46 @@
+--- a/examples/chrony.conf.example.orig	2003-06-16 11:59:01.000000000 -0400
++++ b/examples/chrony.conf.example	2003-06-16 12:00:13.000000000 -0400
+@@ -3,5 +3,5 @@
+ #
+ # This is an example chrony configuration file.  You should copy it to
+-# /etc/chrony.conf after uncommenting and editing the options that you
++# /etc/chrony/chrony.conf after uncommenting and editing the options that you
+ # want to enable.  I have not included the more obscure options.  Refer
+ # to the documentation for these.
+@@ -91,5 +91,5 @@
+ # generally want this, so it is uncommented.
+ 
+-driftfile /etc/chrony.drift
++driftfile /etc/chrony/chrony.drift
+ 
+ # If you want to use the program called chronyc to configure aspects of
+@@ -100,5 +100,5 @@
+ # assumed by default.
+ 
+-keyfile /etc/chrony.keys
++keyfile /etc/chrony/chrony.keys
+ 
+ # Tell chronyd which numbered key in the file is used as the password
+@@ -158,6 +158,6 @@
+ ! log measurements statistics tracking
+ 
+-If you have real time clock support enabled (see below), you might want
+-this line instead:
++# If you have real time clock support enabled (see below), you might want
++# this line instead:
+ 
+ ! log measurements statistics tracking rtc
+@@ -269,5 +269,5 @@
+ # kernel.  (Note, these options apply only to Linux.)
+ 
+-! rtcfile /etc/chrony.rtc
++! rtcfile /etc/chrony/chrony.rtc
+ 
+ # Your RTC can be set to keep Universal Coordinated Time (UTC) or local
+@@ -285,5 +285,5 @@
+ # using devfs), uncomment and edit the following line.
+ 
+-! rtcdevice /dev/misc/rtc
++rtcdevice /dev/misc/rtc
+ 
+ #######################################################################
diff --git a/main/chrony/chrony-1.20-conf.c-gentoo.diff b/main/chrony/chrony-1.20-conf.c-gentoo.diff
new file mode 100644
index 0000000000..4917d445be
--- /dev/null
+++ b/main/chrony/chrony-1.20-conf.c-gentoo.diff
@@ -0,0 +1,11 @@
+--- a/conf.c.orig	Sun May 12 14:07:31 2002
++++ b/conf.c	Sun May 12 14:07:52 2002
+@@ -45,7 +45,7 @@
+ 
+ /* ================================================== */
+ 
+-#define DEFAULT_CONF_FILE "/etc/chrony.conf"
++#define DEFAULT_CONF_FILE "/etc/chrony/chrony.conf"
+ 
+ /* ================================================== */
+ /* Forward prototypes */
diff --git a/main/chrony/chrony-1.21-makefile.diff b/main/chrony/chrony-1.21-makefile.diff
new file mode 100644
index 0000000000..2eec4e8428
--- /dev/null
+++ b/main/chrony/chrony-1.21-makefile.diff
@@ -0,0 +1,15 @@
+--- a/Makefile.in_old	2006-08-12 17:42:57.000000000 +0200
++++ b/Makefile.in	2006-08-12 17:44:35.000000000 +0200
+@@ -68,10 +68,10 @@
+ all : chronyd chronyc
+ 
+ chronyd : $(OBJS) $(EXTRA_OBJS)
+-	$(CC) $(OPTFLAGS) -o chronyd $(OBJS) $(EXTRA_OBJS) $(LIBS) $(EXTRA_LIBS)
++	$(CC) $(OPTFLAGS) $(LDFLAGS) -o chronyd $(OBJS) $(EXTRA_OBJS) $(LIBS) $(EXTRA_LIBS)
+ 
+ chronyc : $(CLI_OBJS)
+-	$(CC) $(OPTFLAGS) -o chronyc $(CLI_OBJS) @READLINE_LINK@ $(LIBS) $(EXTRA_CLI_LIBS)
++	$(CC) $(OPTFLAGS) $(LDFLAGS) -o chronyc $(CLI_OBJS) @READLINE_LINK@ $(LIBS) $(EXTRA_CLI_LIBS)
+ 
+ client.o : client.c
+ 	$(CC) $(CFLAGS) $(DEFS) @READLINE_COMPILE@ -c $<
diff --git a/main/chrony/chrony-1.23-reply-ip.diff b/main/chrony/chrony-1.23-reply-ip.diff
new file mode 100644
index 0000000000..f4e5d8eff4
--- /dev/null
+++ b/main/chrony/chrony-1.23-reply-ip.diff
@@ -0,0 +1,242 @@
+
+Currently, on multihomed host, when chrony is not bound to a specific
+IP address, a query is sent to an interface and the default source IP
+hint for the back route differs, the reply will have a source IP
+different than where the query was destinied to. This will cause
+problems because connection tracking firewalls will drop the replies
+and most likely the client program will get confused too.
+
+This patch uses the IP_PKTINFO mechanism to get the IP address where
+received packets where targetted to and use that IP address as source
+hint when sending a reply.
+---
+ addressing.h |    1 +
+ broadcast.c  |    1 +
+ cmdmon.c     |    3 ++
+ conf.c       |    1 +
+ ntp_io.c     |   92 +++++++++++++++++++++++++++++++++++++++++----------------
+ 5 files changed, 72 insertions(+), 26 deletions(-)
+
+diff --git a/addressing.h b/addressing.h
+index aa20ed9..05152f4 100644
+--- a/addressing.h
++++ b/addressing.h
+@@ -36,6 +36,7 @@
+ typedef struct {
+   unsigned long ip_addr;
+   unsigned short port;
++  unsigned long local_ip_addr;
+ } NTP_Remote_Address;
+ 
+ #if 0
+diff --git a/broadcast.c b/broadcast.c
+index be217e7..c979741 100644
+--- a/broadcast.c
++++ b/broadcast.c
+@@ -146,6 +146,7 @@ BRD_AddDestination(unsigned long addr, unsigned short port, int interval)
+ 
+   destinations[n_destinations].addr.ip_addr = addr;
+   destinations[n_destinations].addr.port = port;
++  destinations[n_destinations].addr.local_ip_addr = 0;
+   destinations[n_destinations].interval = interval;
+ 
+   SCH_AddTimeoutInClass((double) interval, 1.0,
+diff --git a/cmdmon.c b/cmdmon.c
+index 819977c..8affb0b 100644
+--- a/cmdmon.c
++++ b/cmdmon.c
+@@ -1097,6 +1097,7 @@ handle_add_server(CMD_Request *rx_message, CMD_Reply *tx_message)
+   
+   rem_addr.ip_addr = ntohl(rx_message->data.ntp_source.ip_addr);
+   rem_addr.port = (unsigned short)(ntohl(rx_message->data.ntp_source.port));
++  rem_addr.local_ip_addr = 0;
+   params.minpoll = ntohl(rx_message->data.ntp_source.minpoll);
+   params.maxpoll = ntohl(rx_message->data.ntp_source.maxpoll);
+   params.presend_minpoll = ntohl(rx_message->data.ntp_source.presend_minpoll);
+@@ -1133,6 +1134,7 @@ handle_add_peer(CMD_Request *rx_message, CMD_Reply *tx_message)
+   
+   rem_addr.ip_addr = ntohl(rx_message->data.ntp_source.ip_addr);
+   rem_addr.port = (unsigned short)(ntohl(rx_message->data.ntp_source.port));
++  rem_addr.local_ip_addr = 0;
+   params.minpoll = ntohl(rx_message->data.ntp_source.minpoll);
+   params.maxpoll = ntohl(rx_message->data.ntp_source.maxpoll);
+   params.presend_minpoll = ntohl(rx_message->data.ntp_source.presend_minpoll);
+@@ -1167,6 +1169,7 @@ handle_del_source(CMD_Request *rx_message, CMD_Reply *tx_message)
+   
+   rem_addr.ip_addr = ntohl(rx_message->data.del_source.ip_addr);
+   rem_addr.port = 0;
++  rem_addr.local_ip_addr = 0;
+   
+   status = NSR_RemoveSource(&rem_addr);
+   switch (status) {
+diff --git a/conf.c b/conf.c
+index e34927e..ddd13f1 100644
+--- a/conf.c
++++ b/conf.c
+@@ -949,6 +949,7 @@ CNF_AddSources(void) {
+   for (i=0; i<n_ntp_sources; i++) {
+     server.ip_addr = ntp_sources[i].ip_addr;
+     server.port = ntp_sources[i].port;
++    server.local_ip_addr = 0;
+ 
+     switch (ntp_sources[i].type) {
+       case SERVER:
+diff --git a/ntp_io.c b/ntp_io.c
+index afb6ad1..db89758 100644
+--- a/ntp_io.c
++++ b/ntp_io.c
+@@ -118,6 +118,12 @@ NIO_Initialise(void)
+     LOG(LOGS_ERR, LOGF_NtpIO, "Could not set broadcast socket options");
+     /* Don't quit - we might survive anyway */
+   }
++  /* We want the local IP info too */
++  if (setsockopt(sock_fd, IPPROTO_IP, IP_PKTINFO, (char *)&on_off, sizeof(on_off)) < 0) {
++    LOG(LOGS_ERR, LOGF_NtpIO, "Could not request packet info using socket option");
++    /* Don't quit - we might survive anyway */
++  }
++
+ 
+   /* Bind the port */
+   my_addr.sin_family = AF_INET;
+@@ -182,22 +188,30 @@ read_from_socket(void *anything)
+ 
+   int status;
+   ReceiveBuffer message;
+-  int message_length;
+   struct sockaddr_in where_from;
+-  socklen_t from_length;
+   unsigned int flags = 0;
+   struct timeval now;
+   NTP_Remote_Address remote_addr;
+   double local_clock_err;
++  char cmsgbuf[256];
++  struct cmsghdr *cmsg;
++  struct msghdr msg;
++  struct iovec iov;
+ 
+   assert(initialised);
+ 
+-  from_length = sizeof(where_from);
+-  message_length = sizeof(message);
++  iov.iov_base = message.arbitrary;
++  iov.iov_len = sizeof(message);
++  msg.msg_name = &where_from;
++  msg.msg_namelen = sizeof(where_from);
++  msg.msg_iov = &iov;
++  msg.msg_iovlen = 1;
++  msg.msg_control = (void *) cmsgbuf;
++  msg.msg_controllen = sizeof(cmsgbuf);
++  msg.msg_flags = 0;
+ 
+   LCL_ReadCookedTime(&now, &local_clock_err);
+-  status = recvfrom(sock_fd, (char *)&message, message_length, flags,
+-                    (struct sockaddr *)&where_from, &from_length);
++  status = recvmsg(sock_fd, &msg, flags);
+ 
+   /* Don't bother checking if read failed or why if it did.  More
+      likely than not, it will be connection refused, resulting from a
+@@ -209,6 +223,13 @@ read_from_socket(void *anything)
+   if (status > 0) {
+     remote_addr.ip_addr = ntohl(where_from.sin_addr.s_addr);
+     remote_addr.port = ntohs(where_from.sin_port);
++    remote_addr.local_ip_addr = 0;
++
++    for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
++      if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_PKTINFO)
++        remote_addr.local_ip_addr =
++          ntohl(((struct in_pktinfo *) CMSG_DATA(cmsg))->ipi_spec_dst.s_addr);
++    }
+ 
+     if (status == NTP_NORMAL_PACKET_SIZE) {
+ 
+@@ -229,21 +250,45 @@ read_from_socket(void *anything)
+ }
+ 
+ /* ================================================== */
+-/* Send an unauthenticated packet to a given address */
++/* Send a packet to given address */
+ 
+-void
+-NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
++static void
++NIO_SendPacket(NTP_Packet *packet, int packetlen, NTP_Remote_Address *remote_addr)
+ {
+   struct sockaddr_in remote;
++  struct msghdr msg;
++  struct iovec iov;
++  struct {
++    struct cmsghdr cm;
++    struct in_pktinfo ipi;
++  } cmsg;
+ 
+   assert(initialised);
+ 
+   remote.sin_family = AF_INET;
+   remote.sin_port = htons(remote_addr->port);
+   remote.sin_addr.s_addr = htonl(remote_addr->ip_addr);
++  iov.iov_base = (void *) packet;
++  iov.iov_len = packetlen;
++  msg.msg_name = &remote;
++  msg.msg_namelen = sizeof(remote);
++  msg.msg_iov = &iov;
++  msg.msg_iovlen = 1;
++  if (remote_addr->local_ip_addr) {
++    cmsg.cm.cmsg_len = sizeof(cmsg);
++    cmsg.cm.cmsg_level = IPPROTO_IP;
++    cmsg.cm.cmsg_type = IP_PKTINFO;
++    memset(&cmsg.ipi, 0, sizeof(cmsg.ipi));
++    cmsg.ipi.ipi_spec_dst.s_addr = htonl(remote_addr->local_ip_addr);
++    msg.msg_control = (void *) &cmsg;
++    msg.msg_controllen = sizeof(cmsg);
++  } else {
++    msg.msg_control = NULL;
++    msg.msg_controllen = 0;
++  }
++  msg.msg_flags = 0;
+ 
+-  if (sendto(sock_fd, (void *) packet, NTP_NORMAL_PACKET_SIZE, 0,
+-             (struct sockaddr *) &remote, sizeof(remote)) < 0) {
++  if (sendmsg(sock_fd, &msg, 0) < 0) {
+     LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to %s:%d : %s",
+         UTI_IPToDottedQuad(remote_addr->ip_addr), remote_addr->port, strerror(errno));
+   }
+@@ -252,26 +297,21 @@ NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
+ }
+ 
+ /* ================================================== */
+-/* Send an authenticated packet to a given address */
++/* Send an unauthenticated packet to a given address */
+ 
+ void
+-NIO_SendAuthenticatedPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
++NIO_SendNormalPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
+ {
+-  struct sockaddr_in remote;
+-
+-  assert(initialised);
+-
+-  remote.sin_family = AF_INET;
+-  remote.sin_port = htons(remote_addr->port);
+-  remote.sin_addr.s_addr = htonl(remote_addr->ip_addr);
++  NIO_SendPacket(packet, NTP_NORMAL_PACKET_SIZE, remote_addr);
++}
+ 
+-  if (sendto(sock_fd, (void *) packet, sizeof(NTP_Packet), 0,
+-             (struct sockaddr *) &remote, sizeof(remote)) < 0) {
+-    LOG(LOGS_WARN, LOGF_NtpIO, "Could not send to %s:%d : %s",
+-        UTI_IPToDottedQuad(remote_addr->ip_addr), remote_addr->port, strerror(errno));
+-  }
++/* ================================================== */
++/* Send an authenticated packet to a given address */
+ 
+-  return;
++void
++NIO_SendAuthenticatedPacket(NTP_Packet *packet, NTP_Remote_Address *remote_addr)
++{
++  NIO_SendPacket(packet, sizeof(NTP_Packet), remote_addr);
+ }
+ 
+ /* ================================================== */
+-- 
+1.5.6.3
+
diff --git a/main/chrony/chrony-1.23-sources.diff b/main/chrony/chrony-1.23-sources.diff
new file mode 100644
index 0000000000..5f39ca3321
--- /dev/null
+++ b/main/chrony/chrony-1.23-sources.diff
@@ -0,0 +1,56 @@
+commit 2f2446c7dc074b2d1728a5e3f7a600c10cea2425
+Author: Goswin Brederlow <brederlo@informatik.uni-tuebingen.de>
+Date:   Sat Mar 29 20:49:59 2008 +0000
+
+    Fix for chronyc "sources" command on 64 bit machines
+    
+    (Taken from
+      http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348412
+    )
+    
+    Attached is a patchlet to make the "sources" command of chrony output properly
+    signed numbers. The chronyd code (see e.g. ntp.h) properly uses int32_t and
+    friends to get the right number of bits per datatype while client.c just uses
+    short, int, long. But long will be 64 bit or 32 bit depending on the cpu.
+
+diff --git a/client.c b/client.c
+index b7e5bcb..85d6e84 100644
+--- a/client.c
++++ b/client.c
+@@ -45,6 +45,12 @@
+ #include <readline/history.h>
+ #endif
+ 
++#ifdef HAS_STDINT_H
++#include <stdint.h>
++#elif defined(HAS_INTTYPES_H)
++#include <inttypes.h>
++#endif
++
+ /* ================================================== */
+ 
+ static int sock_fd;
+@@ -1383,16 +1389,16 @@ process_cmd_sources(char *line)
+   int n_sources, i;
+   int verbose = 0;
+ 
+-  long orig_latest_meas, latest_meas, est_offset;
+-  unsigned long ip_addr;
+-  unsigned long latest_meas_err, est_offset_err;
+-  unsigned long latest_meas_ago;
+-  unsigned short poll, stratum;
+-  unsigned short state, mode;
++  int32_t orig_latest_meas, latest_meas, est_offset;
++  uint32_t ip_addr;
++  uint32_t latest_meas_err, est_offset_err;
++  uint32_t latest_meas_ago;
++  uint16_t poll, stratum;
++  uint16_t state, mode;
+   double resid_freq, resid_skew;
+   const char *dns_lookup;
+   char hostname_buf[32];
+-  unsigned short status;
++  uint16_t status;
+ 
+   /* Check whether to output verbose headers */
+   verbose = check_for_verbose_flag(line);
diff --git a/main/chrony/chrony.conf b/main/chrony/chrony.conf
new file mode 100644
index 0000000000..d99b1e01d4
--- /dev/null
+++ b/main/chrony/chrony.conf
@@ -0,0 +1,7 @@
+# default config
+
+server pool.ntp.org 
+initstepslew 10 pool.ntp.org
+commandkey 10
+keyfile /etc/chrony/chrony.keys
+driftfile /etc/chrony/chrony.drift
diff --git a/main/chrony/chronyd.confd b/main/chrony/chronyd.confd
new file mode 100644
index 0000000000..560825c2c8
--- /dev/null
+++ b/main/chrony/chronyd.confd
@@ -0,0 +1,18 @@
+# /etc/conf.d/chronyd
+
+CFGFILE="/etc/chrony/chrony.conf"
+
+# Configuration dependant options :
+#      -s - Set system time from RTC if rtcfile directive present
+#      -r - Reload sample histories if dumponexit directive present
+#
+# The combination of "-s -r" allows chronyd to perform long term averaging of
+# the gain or loss rate across system reboots and shutdowns.
+
+ARGS=""
+
+# devfs creates the device for RTC if it's compiled into kernel
+test -c /dev/rtc && {
+       grep -q '^rtcfile' "${CFGFILE}" && ARGS="${ARGS} -s"
+}
+grep -q '^dumponexit$' "${CFGFILE}" && ARGS="${ARGS} -r"
diff --git a/main/chrony/chronyd.initd b/main/chrony/chronyd.initd
new file mode 100644
index 0000000000..49d7526bb5
--- /dev/null
+++ b/main/chrony/chronyd.initd
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/chrony/files/chronyd.rc,v 1.8 2007/03/22 14:32:09 tove Exp $
+
+depend() {
+	need net
+	use dns
+}
+
+checkconfig() {
+	# Note that /etc/chrony/chrony.keys is *NOT* checked. This
+	# is because the user may have specified another key
+	# file, and we don't want to force the user to use that
+	# exact name for the key file.
+	if [ ! -f "${CFGFILE}" ] ; then
+		eerror "Please create ${CFGFILE} and the"
+		eerror "chrony key file (usually /etc/chrony/chrony.keys)"
+		eerror "by using the"
+		eerror ""
+		eerror "        chrony.conf.example"
+		eerror "        chrony.keys.example"
+		eerror ""
+		eerror "files (from the documentation directory)"
+		eerror "as templates."
+		return 1
+	else
+		# Actually, I tried it, and chrony seems to ignore the pidfile
+		# option. I'm going to leave it here anyway, since you never
+		# know if it might be handy
+		PIDFILE=`awk '/^ *pidfile/{print $2}' "${CFGFILE}"`
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return $?
+
+	[ -n "${PIDFILE}" ] || PIDFILE=/var/run/chronyd.pid
+
+	ebegin "Starting chronyd"
+	start-stop-daemon --start --quiet \
+		--exec /usr/sbin/chronyd \
+		--pidfile "${PIDFILE}" \
+		-- -f "${CFGFILE}" ${ARGS}
+	eend $? "Failed to start chronyd"
+}
+
+stop() {
+	checkconfig || return $?
+
+	[ -n "${PIDFILE}" ] || PIDFILE=/var/run/chronyd.pid
+
+	ebegin "Stopping chronyd"
+	start-stop-daemon --stop --quiet \
+		--pidfile "${PIDFILE}"
+	eend $? "Failed to stop chronyd"
+}
diff --git a/main/cksfv/APKBUILD b/main/cksfv/APKBUILD
new file mode 100644
index 0000000000..bf2049a167
--- /dev/null
+++ b/main/cksfv/APKBUILD
@@ -0,0 +1,22 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=cksfv
+pkgver=1.3.13
+pkgrel=0
+pkgdesc="Simple File Verification"
+url="http://zakalwe.fi/~shd/foss/cksfv"
+license="GPL"
+depends="uclibc"
+subpackages="$pkgname-doc"
+source="http://zakalwe.fi/~shd/foss/cksfv/files/${pkgname}-${pkgver}.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	
+	./configure --prefix=/usr
+	make || return 1
+	install -cD src/cksfv "$pkgdir"/usr/bin/cksfv
+	install -cD cksfv.1 "$pkgdir"/usr/share/man/man1/cksfv.1 
+}
+
+md5sums="a6d7e4f2dc267e670ebb48eb8b806993  cksfv-1.3.13.tar.bz2"
diff --git a/main/clamav/APKBUILD b/main/clamav/APKBUILD
new file mode 100644
index 0000000000..a4daebc2ff
--- /dev/null
+++ b/main/clamav/APKBUILD
@@ -0,0 +1,72 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=clamav
+pkgver=0.95.2
+pkgrel=0
+pkgdesc="An anti-virus toolkit for UNIX"
+url="http://www.clamav.net/"
+license="GPL"
+depends="logrotate"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.pre-upgrade"
+makedepends="ncurses-dev zlib-dev"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	clamd.initd
+	clamd.confd
+	freshclam.initd
+	freshclam.confd
+	clamav-0.95.1-nls.patch
+	clamav.logrotate
+	$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	patch -p0 -i "$srcdir/clamav-0.95.1-nls.patch" || return 1
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/clamav \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--without-iconv
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	# Change /etc/clamd.conf to be usable out of the box
+	sed -i -e "s:^\(Example\):\# \1:" \
+		-e "s:.*\(PidFile\) .*:\1 /var/run/clamav/clamd.pid:" \
+		-e "s:.*\(LocalSocket\) .*:\1 /var/run/clamav/clamd.sock:" \
+		-e "s:.*\(User\) .*:\1 clamav:" \
+		-e "s:^\#\(LogFile\) .*:\1 /var/log/clamav/clamd.log:" \
+		-e "s:^\#\(LogTime\).*:\1 yes:" \
+		-e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+		"$pkgdir"/etc/clamav/clamd.conf
+
+	# Do the same for /etc/freshclam.conf
+	sed -i -e "s:^\(Example\):\# \1:" \
+		-e "s:.*\(PidFile\) .*:\1 /var/run/clamav/freshclam.pid:" \
+		-e "s:.*\(DatabaseOwner\) .*:\1 clamav:" \
+		-e "s:^\#\(UpdateLogFile\) .*:\1 /var/log/clamav/freshclam.log:" \
+		-e "s:^\#\(NotifyClamd\).*:\1 /etc/clamav/clamd.conf:" \
+		-e "s:^\#\(ScriptedUpdates\).*:\1 yes:" \
+		-e "s:^\#\(AllowSupplementaryGroups\).*:\1 yes:" \
+		"$pkgdir"/etc/clamav/freshclam.conf
+
+	install -m755 -D "$srcdir"/clamd.initd "$pkgdir"/etc/init.d/clamd
+	install -m644 -D "$srcdir"/clamd.confd "$pkgdir"/etc/conf.d/clamd
+        install -m755 -D "$srcdir"/freshclam.initd "$pkgdir"/etc/init.d/freshclam
+	install -m644 -D "$srcdir"/freshclam.confd "$pkgdir"/etc/conf.d/freshclam
+	install -m644 -D "$srcdir"/clamav.logrotate "$pkgdir"/etc/logrotate.d/clamav
+	mkdir -p "$pkgdir"/var/run/clamav "$pkgdir"/var/log/clamav
+}
+
+md5sums="930362397d30e01ba81b5f24c1046d48  clamav-0.95.2.tar.gz
+adbbfa835f9dea213289719d983f1600  clamd.initd
+567bc32b657dd7031b9b7beaa946203a  clamd.confd
+f43b987a0c37e6576face04a830263ac  freshclam.initd
+e48466ddfb56f66c623b83e58777b778  freshclam.confd
+0d08fd29656bd4b018ecf8ce9706ac55  clamav-0.95.1-nls.patch
+dffa5af2e7a563fc00fcd52ec4c02347  clamav.logrotate
+275e05587e2da782781829a1862d57b1  clamav.pre-install
+ec4d600097a15e64dfb714e7739a1804  clamav.post-install
+c9e80578c6e82d6154bc91f18dfd23ea  clamav.pre-upgrade"
diff --git a/main/clamav/clamav-0.95.1-nls.patch b/main/clamav/clamav-0.95.1-nls.patch
new file mode 100644
index 0000000000..82ae88f576
--- /dev/null
+++ b/main/clamav/clamav-0.95.1-nls.patch
@@ -0,0 +1,11 @@
+--- shared/output.c-orig	2009-04-04 10:17:42 +0000
++++ shared/output.c	2009-04-04 10:18:30 +0000
+@@ -67,7 +67,7 @@
+ pthread_mutex_t logg_mutex = PTHREAD_MUTEX_INITIALIZER;
+ #endif
+ 
+-#ifdef  C_LINUX
++#if defined(C_LINUX) && defined(HAVE_LIBINTL_H)
+ #include <libintl.h>
+ #include <locale.h>
+
diff --git a/main/clamav/clamav.logrotate b/main/clamav/clamav.logrotate
new file mode 100644
index 0000000000..7574428413
--- /dev/null
+++ b/main/clamav/clamav.logrotate
@@ -0,0 +1,15 @@
+/var/log/clamav/clamd.log {
+	missingok
+	postrotate
+		/etc/init.d/clamd logfix
+		/bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true
+	endscript
+}
+
+/var/log/clamav/freshclam.log {
+	missingok
+	postrotate
+		/etc/init.d/freshclam logfix
+		/bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 2>/dev/null || true
+	endscript
+}
diff --git a/main/clamav/clamav.post-install b/main/clamav/clamav.post-install
new file mode 100644
index 0000000000..4930206101
--- /dev/null
+++ b/main/clamav/clamav.post-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+chown -R clamav:clamav /usr/share/clamav /var/run/clamav /var/log/clamav 
diff --git a/main/clamav/clamav.pre-install b/main/clamav/clamav.pre-install
new file mode 100644
index 0000000000..59ac60a44d
--- /dev/null
+++ b/main/clamav/clamav.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -H -s /bin/false -D clamav 2>/dev/null
+exit 0
diff --git a/main/clamav/clamav.pre-upgrade b/main/clamav/clamav.pre-upgrade
new file mode 100644
index 0000000000..9956f95d63
--- /dev/null
+++ b/main/clamav/clamav.pre-upgrade
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+# make sure we don't lose our config
+mkdir -p /etc/clamav
+if [ -f /etc/clamav.conf ]; then
+	mv /etc/clamav.conf /etc/clamav/
+	ln -s clamav/clamav.conf /etc/clamav.conf
+fi
+
+if [ -f /etc/freshclam.conf ]; then
+	mv /etc/freshclam.conf /etc/clamav/
+	ln -s clamav/freshclam.conf /etc/freshclam.conf
+fi
+
+exit 0
+
diff --git a/main/clamav/clamd.confd b/main/clamav/clamd.confd
new file mode 100644
index 0000000000..bc8072aead
--- /dev/null
+++ b/main/clamav/clamd.confd
@@ -0,0 +1,6 @@
+
+CLAMD_NICELEVEL=0
+
+# make sure we also start freshclam
+# comment out if you dont want start freshclam
+rc_need="freshclam"
diff --git a/main/clamav/clamd.initd b/main/clamav/clamd.initd
new file mode 100644
index 0000000000..d3b9155572
--- /dev/null
+++ b/main/clamav/clamd.initd
@@ -0,0 +1,56 @@
+#!/sbin/runscript
+
+opts="logfix reload"
+NAME=clamd
+CONF=/etc/clamav/clamd.conf
+
+depend() {
+	need net
+	provide antivirus
+}
+
+start() {
+	local clamd_socket=$(awk '$1 == "LocalSocket" { print $2 }' $CONF)
+
+	logfix
+
+	if [ -S "${clamd_socket:=/tmp/clamd}" ]; then
+		rm -f ${clamd_socket}
+	fi
+	ebegin "Starting ${NAME}"
+	start-stop-daemon --start --quiet \
+		--nicelevel ${CLAMD_NICELEVEL:-0} \
+		--exec /usr/sbin/clamd
+	eend $? "Failed to start ${NAME}"
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/clamd
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ${NAME}"
+	if ! service_started "${NAME}" ; then
+		eend 1 "${NAME} is not started"
+		return 1
+	fi
+	start-stop-daemon --stop --oknodo --signal HUP \
+		--exec /usr/sbin/clamd
+	eend $?
+}
+
+logfix() {
+	# fix clamd log permissions
+	# (might be clobbered by logrotate or something)
+	local logfile=`awk '$1 == "LogFile" { print $2 }' $CONF`
+	local clamav_user=`awk '$1 == "User" { print $2 }' $CONF`
+	if [ -n "${logfile}" ] && [ -n "${clamav_user}" ]; then
+		if [ ! -f "${logfile}" ]; then
+			touch ${logfile}
+		fi
+		chown ${clamav_user} ${logfile}
+		chmod 640 ${logfile}
+	fi
+}
diff --git a/main/clamav/freshclam.confd b/main/clamav/freshclam.confd
new file mode 100644
index 0000000000..17559037da
--- /dev/null
+++ b/main/clamav/freshclam.confd
@@ -0,0 +1,3 @@
+
+FRESHCLAM_NICELEVEL=0
+
diff --git a/main/clamav/freshclam.initd b/main/clamav/freshclam.initd
new file mode 100644
index 0000000000..7961c7f807
--- /dev/null
+++ b/main/clamav/freshclam.initd
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+
+opts="logfix reload"
+
+NAME=freshclam
+DAEMON=/usr/bin/$NAME
+CONF=/etc/clamav/freshclam.conf
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting freshclam"
+	start-stop-daemon --start --quiet \
+		--nicelevel ${FRESHCLAM_NICELEVEL:-0} \
+		--exec /usr/bin/freshclam -- -d
+	retcode=$?
+	if [ ${retcode} = 1 ]; then
+		eend 0
+		einfo "Virus databases are already up to date."
+	else
+		eend ${retcode} "Failed to start freshclam"
+	fi
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+	start-stop-daemon --stop --quiet --name ${NAME}
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ${NAME}"
+	if ! service_started "${NAME}" ; then
+		eend 1 "${NAME} is not started"
+		return 1
+	fi
+	start-stop-daemon --stop --oknodo --signal HUP \
+		--exec ${DAEMON} --name $NAME
+	eend $?
+}
+
+
+logfix() {
+	# fix freshclam log permissions
+	# (might be clobbered by logrotate or something)
+	logfile=$(awk '$1 == "UpdateLogFile" { print $2 }' $CONF)
+	local freshclam_user=$(awk '$1 == "DatabaseOwner" { print $2 }' $CONF)
+	if [ -n "${logfile}" -a -n "${clamav_user}" ]; then
+		if [ ! -f "${logfile}" ]; then
+			touch ${logfile}
+		fi	
+		chown ${freshclam_user} ${logfile}
+		chmod 640 ${logfile}
+	fi
+}
+
diff --git a/main/clamsmtp/0001-extra-clamsmtp-renamed-init.d-script-to-clamsmtpd.patch b/main/clamsmtp/0001-extra-clamsmtp-renamed-init.d-script-to-clamsmtpd.patch
new file mode 100644
index 0000000000..c0032bae07
--- /dev/null
+++ b/main/clamsmtp/0001-extra-clamsmtp-renamed-init.d-script-to-clamsmtpd.patch
@@ -0,0 +1,181 @@
+From 539dfdd4b0358fa78f26c38853c36fabc65c54cd Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 17 Jul 2009 08:48:42 +0000
+Subject: [PATCH] extra/clamsmtp: renamed init.d script to clamsmtpd
+
+partly fixes #64
+---
+ extra/clamsmtp/APKBUILD              |   18 +++++++++++-------
+ extra/clamsmtp/clamsmtp.confd        |    5 -----
+ extra/clamsmtp/clamsmtp.initd        |   22 ----------------------
+ extra/clamsmtp/clamsmtp.post-upgrade |   16 ++++++++++++++++
+ extra/clamsmtp/clamsmtp.pre-upgrade  |   12 ++++++++++++
+ extra/clamsmtp/clamsmtpd.confd       |    5 +++++
+ extra/clamsmtp/clamsmtpd.initd       |   22 ++++++++++++++++++++++
+ 7 files changed, 66 insertions(+), 34 deletions(-)
+ delete mode 100644 extra/clamsmtp/clamsmtp.confd
+ delete mode 100644 extra/clamsmtp/clamsmtp.initd
+ create mode 100644 extra/clamsmtp/clamsmtp.post-upgrade
+ create mode 100644 extra/clamsmtp/clamsmtp.pre-upgrade
+ create mode 100644 extra/clamsmtp/clamsmtpd.confd
+ create mode 100644 extra/clamsmtp/clamsmtpd.initd
+
+diff --git a/extra/clamsmtp/APKBUILD b/extra/clamsmtp/APKBUILD
+index 5402d09..0ad433a 100644
+--- a/extra/clamsmtp/APKBUILD
++++ b/extra/clamsmtp/APKBUILD
+@@ -2,16 +2,18 @@
+ # Maintainer: Carlo Landmeter <clandmeter at gmail>
+ pkgname=clamsmtp
+ pkgver=1.10
+-pkgrel=1
++pkgrel=2
+ pkgdesc="An SMTP Virus Filter"
+ url="http://memberwebs.com/stef/software/clamsmtp/"
+ license="as-is"
+-depends="uclibc"
+-makedepends=""
++depends=
++makedepends=
++install="$pkgname.pre-upgrade $pkgname.post-upgrade"
+ subpackages="$pkgname-doc"
+ source="http://memberwebs.com/stef/software/clamsmtp/${pkgname}-${pkgver}.tar.gz
+-clamsmtp.confd
+-clamsmtp.initd"
++	clamsmtpd.confd
++	clamsmtpd.initd
++	$install"
+ 
+ build() {
+ 	cd "$srcdir/$pkgname-$pkgver"
+@@ -30,5 +32,7 @@ build() {
+ }
+ 
+ md5sums="b068ba6e444859782bbdd88f290c1abf  clamsmtp-1.10.tar.gz
+-e84205681f64c07af9ec5b6a3dd8bc38  clamsmtp.confd
+-161baf2fb444b67d8a08fbfe4375a12c  clamsmtp.initd"
++e84205681f64c07af9ec5b6a3dd8bc38  clamsmtpd.confd
++161baf2fb444b67d8a08fbfe4375a12c  clamsmtpd.initd
++32e7b12f3a1f4669d080d8cfdb537e78  clamsmtp.pre-upgrade
++d9fbdc217d12cf1e85b0323f822b7e47  clamsmtp.post-upgrade"
+diff --git a/extra/clamsmtp/clamsmtp.confd b/extra/clamsmtp/clamsmtp.confd
+deleted file mode 100644
+index 8d08b68..0000000
+--- a/extra/clamsmtp/clamsmtp.confd
++++ /dev/null
+@@ -1,5 +0,0 @@
+-#
+-# Specify daemon $OPTS here.
+-#
+-
+-OPTS=""
+diff --git a/extra/clamsmtp/clamsmtp.initd b/extra/clamsmtp/clamsmtp.initd
+deleted file mode 100644
+index dbd817f..0000000
+--- a/extra/clamsmtp/clamsmtp.initd
++++ /dev/null
+@@ -1,22 +0,0 @@
+-#!/sbin/runscript
+-
+-NAME=clamsmtpd
+-DAEMON=/usr/sbin/$NAME
+-
+-depend() {
+-	need net
+-}
+-
+-start() {
+-	ebegin "Starting ${NAME}"
+-		start-stop-daemon --start --quiet \
+-			--exec ${DAEMON} -- ${OPTS}
+-	eend $?
+-}
+-
+-stop() {
+-	ebegin "Stopping ${NAME}"
+-		start-stop-daemon --stop --quiet \
+-			--exec ${DAEMON}
+-	eend $?
+-}
+diff --git a/extra/clamsmtp/clamsmtp.post-upgrade b/extra/clamsmtp/clamsmtp.post-upgrade
+new file mode 100644
+index 0000000..c418ff8
+--- /dev/null
++++ b/extra/clamsmtp/clamsmtp.post-upgrade
+@@ -0,0 +1,16 @@
++#!/bin/sh
++
++moved=
++for i in /etc/runlevels/*/clamsmtp; do
++	if [ -L $i ]; then
++		mv ${i} ${i}d
++		moved=1
++	fi
++done
++
++if [ -n "$moved" ]; then
++	echo " *"
++	echo " * NOTICE: /etc/init.d/clamsmtp is renamed to /etc/init.d/clamsmtpd"
++	echo " *"
++fi
++
+diff --git a/extra/clamsmtp/clamsmtp.pre-upgrade b/extra/clamsmtp/clamsmtp.pre-upgrade
+new file mode 100644
+index 0000000..12de39f
+--- /dev/null
++++ b/extra/clamsmtp/clamsmtp.pre-upgrade
+@@ -0,0 +1,12 @@
++#!/bin/sh
++
++old=/etc/conf.d/clamsmtp
++new=/etc/conf.d/clamsmtpd
++
++if [ -f "$old" ] && [ ! -f "$new" ]; then
++	mv "$old" "$new"
++	echo " *"
++	echo " * NOTICE: $old was renamed to $new"
++	echo " *"
++fi
++
+diff --git a/extra/clamsmtp/clamsmtpd.confd b/extra/clamsmtp/clamsmtpd.confd
+new file mode 100644
+index 0000000..8d08b68
+--- /dev/null
++++ b/extra/clamsmtp/clamsmtpd.confd
+@@ -0,0 +1,5 @@
++#
++# Specify daemon $OPTS here.
++#
++
++OPTS=""
+diff --git a/extra/clamsmtp/clamsmtpd.initd b/extra/clamsmtp/clamsmtpd.initd
+new file mode 100644
+index 0000000..dbd817f
+--- /dev/null
++++ b/extra/clamsmtp/clamsmtpd.initd
+@@ -0,0 +1,22 @@
++#!/sbin/runscript
++
++NAME=clamsmtpd
++DAEMON=/usr/sbin/$NAME
++
++depend() {
++	need net
++}
++
++start() {
++	ebegin "Starting ${NAME}"
++		start-stop-daemon --start --quiet \
++			--exec ${DAEMON} -- ${OPTS}
++	eend $?
++}
++
++stop() {
++	ebegin "Stopping ${NAME}"
++		start-stop-daemon --stop --quiet \
++			--exec ${DAEMON}
++	eend $?
++}
+-- 
+1.6.3.3
+
diff --git a/main/clamsmtp/APKBUILD b/main/clamsmtp/APKBUILD
new file mode 100644
index 0000000000..8244254923
--- /dev/null
+++ b/main/clamsmtp/APKBUILD
@@ -0,0 +1,38 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=clamsmtp
+pkgver=1.10
+pkgrel=3
+pkgdesc="An SMTP Virus Filter"
+url="http://memberwebs.com/stef/software/clamsmtp/"
+license="as-is"
+depends=
+makedepends=
+install="$pkgname.pre-upgrade $pkgname.post-upgrade"
+subpackages="$pkgname-doc"
+source="http://memberwebs.com/stef/software/clamsmtp/${pkgname}-${pkgver}.tar.gz
+	clamsmtpd.confd
+	clamsmtpd.initd
+	$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+
+	install -Dm644 doc/clamsmtpd.conf "$pkgdir"/etc/clamsmtpd.conf
+	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -Dm644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+
+md5sums="b068ba6e444859782bbdd88f290c1abf  clamsmtp-1.10.tar.gz
+e84205681f64c07af9ec5b6a3dd8bc38  clamsmtpd.confd
+161baf2fb444b67d8a08fbfe4375a12c  clamsmtpd.initd
+32e7b12f3a1f4669d080d8cfdb537e78  clamsmtp.pre-upgrade
+63c7360d9a0a75433bca461fe819bc49  clamsmtp.post-upgrade"
diff --git a/main/clamsmtp/clamsmtp.post-upgrade b/main/clamsmtp/clamsmtp.post-upgrade
new file mode 100644
index 0000000000..2dbccbb22a
--- /dev/null
+++ b/main/clamsmtp/clamsmtp.post-upgrade
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+moved=
+for i in /etc/runlevels/*/clamsmtp; do
+	if [ -L $i ]; then
+		rm $i
+		ln -s /etc/init.d/clamsmtpd ${i}d
+		moved=1
+	fi
+done
+
+if [ -n "$moved" ]; then
+	echo " *"
+	echo " * NOTICE: /etc/init.d/clamsmtp is renamed to /etc/init.d/clamsmtpd"
+	echo " *"
+fi
+
diff --git a/main/clamsmtp/clamsmtp.pre-upgrade b/main/clamsmtp/clamsmtp.pre-upgrade
new file mode 100644
index 0000000000..12de39f7b1
--- /dev/null
+++ b/main/clamsmtp/clamsmtp.pre-upgrade
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+old=/etc/conf.d/clamsmtp
+new=/etc/conf.d/clamsmtpd
+
+if [ -f "$old" ] && [ ! -f "$new" ]; then
+	mv "$old" "$new"
+	echo " *"
+	echo " * NOTICE: $old was renamed to $new"
+	echo " *"
+fi
+
diff --git a/main/clamsmtp/clamsmtpd.confd b/main/clamsmtp/clamsmtpd.confd
new file mode 100644
index 0000000000..8d08b6868c
--- /dev/null
+++ b/main/clamsmtp/clamsmtpd.confd
@@ -0,0 +1,5 @@
+#
+# Specify daemon $OPTS here.
+#
+
+OPTS=""
diff --git a/main/clamsmtp/clamsmtpd.initd b/main/clamsmtp/clamsmtpd.initd
new file mode 100644
index 0000000000..dbd817f370
--- /dev/null
+++ b/main/clamsmtp/clamsmtpd.initd
@@ -0,0 +1,22 @@
+#!/sbin/runscript
+
+NAME=clamsmtpd
+DAEMON=/usr/sbin/$NAME
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting ${NAME}"
+		start-stop-daemon --start --quiet \
+			--exec ${DAEMON} -- ${OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+		start-stop-daemon --stop --quiet \
+			--exec ${DAEMON}
+	eend $?
+}
diff --git a/main/cmake/APKBUILD b/main/cmake/APKBUILD
new file mode 100644
index 0000000000..71d74182e8
--- /dev/null
+++ b/main/cmake/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=cmake
+pkgver=2.6.4
+pkgrel=0
+pkgdesc="CMake is a cross-platform open-source make system"
+url="http://www.cmake.org"
+license="CMake"
+depends="uclibc libgcc g++ ncurses"
+makedepends="ncurses-dev"
+source="http://www.$pkgname.org/files/v2.6/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+
+parallel_opt() {
+	local i n
+	for i in $MAKEOPTS; do 
+		case "$i" in
+			-j*) n=${i#-j};;
+		esac;
+	done
+	[ -n "$n" ] && echo "--parallel $n"
+}
+
+build () 
+{ 
+	cd $startdir/src/$pkgname-$pkgver
+	./bootstrap --prefix=/usr \
+		--mandir=/share/man \
+		--docdir=/share/cmake-2.6/doc \
+		$(parallel_opt)
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="50f387d0436696c4a68b5512a72c9cde  cmake-2.6.4.tar.gz"
diff --git a/main/conntrack-tools/APKBUILD b/main/conntrack-tools/APKBUILD
new file mode 100644
index 0000000000..3bcc083032
--- /dev/null
+++ b/main/conntrack-tools/APKBUILD
@@ -0,0 +1,28 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=conntrack-tools
+pkgver=0.9.10
+pkgrel=0
+pkgdesc="Connection tracking userspace tools"
+url="http://conntrack-tools.netfilter.org"
+license="GPL-2"
+subpackages="$pkgname-doc"
+depends=
+makedepends="pkgconfig libnfnetlink-dev libnetfilter_conntrack-dev bison flex"
+source="http://www.netfilter.org/projects/conntrack-tools/files/$pkgname-$pkgver.tar.bz2
+	conntrackd.initd
+	conntrackd.confd
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+
+	install -Dm755 ../conntrackd.initd "$pkgdir"/etc/init.d/conntrackd
+	install -Dm644 ../conntrackd.confd "$pkgdir"/etc/conf.d/conntrackd
+	install -Dm644 doc/stats/conntrackd.conf "$pkgdir"/etc/conntrackd
+}
+md5sums="cd46ed2d5cd4797add0cd444a209c1e7  conntrack-tools-0.9.10.tar.bz2
+144831a8a79561ef184b84ba94f0837b  conntrackd.initd
+8ebf3838b69d20e6bb4a173844502039  conntrackd.confd"
diff --git a/main/conntrack-tools/conntrackd.confd b/main/conntrack-tools/conntrackd.confd
new file mode 100644
index 0000000000..7c937cbd9e
--- /dev/null
+++ b/main/conntrack-tools/conntrackd.confd
@@ -0,0 +1,15 @@
+# conntrackd config file
+# default: /etc/conntrackd/conntrackd.conf
+#CONNTRACKD_CFG=/etc/conntrackd/conntrackd.conf
+
+# conntrackd lockfile (must match the "LockFile" entry
+# from the "General" section in the config file)
+# default: /var/lock/conntrack.lock
+#CONNTRACKD_LOCK=/var/lock/conntrack.lock
+
+# extra options for conntrackd
+#CONNTRACKD_OPTS="" # you must NOT use -C here!
+
+# depend on a specific network interface
+#RC_NEED="net.eth1" # baselayout-1
+#rc_need="net.eth1" # baselayout-2/OpenRC
diff --git a/main/conntrack-tools/conntrackd.initd b/main/conntrack-tools/conntrackd.initd
new file mode 100644
index 0000000000..9394badca1
--- /dev/null
+++ b/main/conntrack-tools/conntrackd.initd
@@ -0,0 +1,99 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+CONNTRACKD_BIN="/usr/sbin/conntrackd"
+CONNTRACKD_CFG=${CONNTRACKD_CFG:-/etc/conntrackd/conntrackd.conf}
+CONNTRACKD_LOCK=${CONNTRACKD_LOCK:-/var/lock/conntrack.lock}
+
+depend() {
+	use logger
+	need net
+}
+
+checkconfig() {
+	# check for netfilter conntrack kernel support
+	local nf_ct_available=0
+	for k in net.netfilter.nf_conntrack_max \
+		net.ipv4.netfilter.ip_conntrack_max \
+		net.nf_conntrack_max; do
+		if sysctl -e -n ${k} &>/dev/null; then
+			nf_ct_available=1 # sysctl key found
+			break
+		fi
+	done
+	if [ ${nf_ct_available} -eq 0 ]; then
+		eerror
+		eerror "Your kernel is missing netfilter conntrack support!"
+		eerror "Make sure your kernel was compiled with netfilter conntrack support."
+		eerror
+		eerror "If it was compiled as a module you need to ensure the module is being"
+		eerror "loaded before starting conntrackd."
+		eerror "Either add an entry to /etc/modules.autoload/[...] (for baselayout-1)"
+		eerror "or /etc/conf.d/modules (for baselayout-2/OpenRC) or load the module"
+		eerror "by hand like this, depending on your kernel version:"
+		eerror
+		eerror "  modprobe nf_conntrack # (for newer kernels)"
+		eerror "  modprobe ip_conntrack # (for older kernels)"
+		eerror
+		return 1
+	fi
+	# check if netfilter conntrack TCP window tracking is disabled
+	local nf_ct_tcp_be_liberal=0
+	for k in net.netfilter.nf_conntrack_tcp_be_liberal \
+		net.ipv4.netfilter.ip_conntrack_tcp_be_liberal; do
+		nf_ct_tcp_be_liberal=$(sysctl -e -n ${k} 2>/dev/null)
+		if [ ${?} -ne 0 ]; then
+			continue # sysctl key not found
+		else
+			break # sysctl key found
+		fi
+	done
+	if [ ${nf_ct_tcp_be_liberal} -ne 1 ]; then
+		eerror
+		eerror "You need to disable TCP window tracking!"
+		eerror "Add the following line to your /etc/sysctl.conf:"
+		eerror
+		eerror "  ${k} = 1"
+		eerror
+		eerror "...and run this to activate the setting: sysctl -q -p"
+		eerror
+		return 1
+	fi
+	# check for config file
+	if [ ! -e "${CONNTRACKD_CFG}" ]; then
+		eerror
+		eerror "The conntrackd config file (${CONNTRACKD_CFG})"
+		eerror "is missing!"
+		eerror
+		return 1
+	fi
+	# check for leftover lockfile
+	if [ -f "${CONNTRACKD_LOCK}" ]; then
+		ewarn
+		ewarn "The conntrackd lockfile (${CONNTRACKD_LOCK})"
+		ewarn "exists although the service is not marked as started."
+		ewarn "Will remove the lockfile and start the service in 10s"
+		ewarn "if not interrupted..."
+		ewarn
+		sleep 10
+		if ! rm -f "${CONNTRACKD_LOCK}"; then
+			eerror "Failed to remove the conntrackd lockfile (${CONNTRACKD_LOCK})"
+			return 1
+		fi
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting conntrackd"
+	start-stop-daemon --start --exec "${CONNTRACKD_BIN}" \
+		-- -d -C "${CONNTRACKD_CFG}" ${CONNTRACKD_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping conntrackd"
+	start-stop-daemon --stop --exec "${CONNTRACKD_BIN}"
+	eend $?
+}
diff --git a/main/coreutils/APKBUILD b/main/coreutils/APKBUILD
new file mode 100644
index 0000000000..4f3a62cb35
--- /dev/null
+++ b/main/coreutils/APKBUILD
@@ -0,0 +1,31 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=coreutils
+pkgver=7.4
+pkgrel=0
+pkgdesc="The basic file, shell and text manipulation utilities"
+url="http://www.gnu.org/software/coreutils/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install="$pkgname.post-deinstall $pkgname.post-upgrade"
+subpackages="$pkgname-doc"
+source="http://ftp.gnu.org/gnu/coreutils/$pkgname-$pkgver.tar.gz
+	$install"
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-nls \
+		--without-gmp
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="c52f4f64dda9a245c38e74c09fdd86d2  coreutils-7.4.tar.gz
+b84506d253e04db3c5af9016fead45a3  coreutils.post-deinstall
+b84506d253e04db3c5af9016fead45a3  coreutils.post-upgrade"
diff --git a/main/coreutils/coreutils.post-deinstall b/main/coreutils/coreutils.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/coreutils/coreutils.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/coreutils/coreutils.post-upgrade b/main/coreutils/coreutils.post-upgrade
new file mode 120000
index 0000000000..3e2b3c2a22
--- /dev/null
+++ b/main/coreutils/coreutils.post-upgrade
@@ -0,0 +1 @@
+coreutils.post-deinstall
\ No newline at end of file
diff --git a/main/cpufreqd/APKBUILD b/main/cpufreqd/APKBUILD
new file mode 100644
index 0000000000..98d7f94cf3
--- /dev/null
+++ b/main/cpufreqd/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=cpufreqd
+pkgver=2.3.4
+pkgrel=1
+pkgdesc="A small daemon to adjust cpu speed (and indeed voltage)"
+url="http://sourceforge.net/projects/cpufreqd"
+license="GPL2"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="cpufrequtils sysfsutils uclibc"
+makedepends="cpufrequtils-dev sysfsutils-dev g++"
+install=
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2
+	cpufreqd.initd"
+
+build ()
+{
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--sysconfdir=/etc
+	make LIBS=-lpthread || return 1
+	make DESTDIR="$pkgdir" install
+	install -Dm 755 ../cpufreqd.initd "$pkgdir"/etc/init.d/cpufreqd \
+		|| return 1
+}
+md5sums="f4193f688305566a8422dd3989667668  cpufreqd-2.3.4.tar.bz2
+4c3298abc888ac4f688249ee542ce784  cpufreqd.initd"
diff --git a/main/cpufreqd/cpufreqd.initd b/main/cpufreqd/cpufreqd.initd
new file mode 100644
index 0000000000..fbacebad75
--- /dev/null
+++ b/main/cpufreqd/cpufreqd.initd
@@ -0,0 +1,43 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-power/cpufreqd/files/cpufreqd-init.d,v 1.1 2007/05/17 08:51:45 phreak Exp $
+
+CONFIGFILE=/etc/cpufreqd.conf
+
+depend() {
+	need localmount
+	use logger lm_sensors
+}
+
+checkconfig() {
+	if [ ! -f ${CONFIGFILE} ]; then
+		eerror "Configuration file ${CONFIGFILE} not found"
+		return 1
+	fi
+
+	if [ ! -e /proc/cpufreq ] ; then
+		for cpu in /sys/devices/system/cpu/cpu[0-9]* ; do
+                        # We need just one cpu supporting freq scaling.
+                        [ -e ${cpu}/cpufreq ] && return 0
+		done
+		eerror "cpufreqd requires the kernel to be configured with CONFIG_CPU_FREQ"
+		eerror "Make sure that the appropiate drivers for your CPU are available."
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting CPU Frequency Daemon"
+	start-stop-daemon --start --exec /usr/sbin/cpufreqd -- \
+		-f ${CONFIGFILE}
+	eend ${?}
+}
+
+stop() {
+	ebegin "Stopping CPU Frequency Daemon"
+	start-stop-daemon --stop --exec /usr/sbin/cpufreqd
+	eend ${?}
+}
diff --git a/main/cpufrequtils/APKBUILD b/main/cpufrequtils/APKBUILD
new file mode 100644
index 0000000000..50cb2d1b08
--- /dev/null
+++ b/main/cpufrequtils/APKBUILD
@@ -0,0 +1,42 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=cpufrequtils
+pkgver=005
+pkgrel=0
+pkgdesc="Userspace tools for the kernel cpufreq subsystem"
+url="http://www.kernel.org/pub/linux/utils/kernel/cpufreq/cpufrequtils.html"
+license="GPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="sysfsutils uclibc"
+makedepends="sysfsutils-dev uclibc libtool"
+source="http://www.kernel.org/pub/linux/utils/kernel/cpufreq/$pkgname-$pkgver.tar.bz2
+	cpufrequtils-005-build.patch
+	cpufrequtils-005-nls.patch
+	$pkgname.initd
+	$pkgname.confd"
+
+build ()
+{
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	# distcc and ccache makes libtool confused about the tag.
+	# we save 4k by disabling the 2.4 kernel support (PROC=false)
+	make -j1 LIBTOOL_OPT="--tag=CC --silent" \
+		NLS=false \
+		PROC=false \
+		|| return 1
+	make mandir=/usr/share/man \
+		NLS=false \
+		DESTDIR="$pkgdir" \
+		install || return 1
+	install -D -m755 ../$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -D -m644 ../$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+md5sums="73a41589fe74b73fc530f4179f2c6142  cpufrequtils-005.tar.bz2
+0b007dbd9fcb3acf55a8570f21b2f5d4  cpufrequtils-005-build.patch
+d88bee4d20c8b72d8edd50c2af5d4600  cpufrequtils-005-nls.patch
+b9b80ef2f1b6c5e7ce0476037a8bce6b  cpufrequtils.initd
+d47ff635eef03248c633486eaeec191d  cpufrequtils.confd"
diff --git a/main/cpufrequtils/cpufrequtils-005-build.patch b/main/cpufrequtils/cpufrequtils-005-build.patch
new file mode 100644
index 0000000000..7dbe57043a
--- /dev/null
+++ b/main/cpufrequtils/cpufrequtils-005-build.patch
@@ -0,0 +1,24 @@
+--- a/Makefile
++++ b/Makefile
+@@ -158,10 +158,10 @@ endif
+ 
+ # if DEBUG is enabled, then we do not strip or optimize
+ ifeq ($(strip $(DEBUG)),true)
+-	CFLAGDEF  += -O1 -g -DDEBUG
++	CFLAGDEF  += -DDEBUG
+ 	STRIPCMD = /bin/true -Since_we_are_debugging
+ else
+-	CFLAGDEF  += $(OPTIMIZATION) -fomit-frame-pointer
++	CFLAGDEF  += $(OPTIMIZATION)
+ 	STRIPCMD = $(STRIP) -s --remove-section=.note --remove-section=.comment
+ endif
+ 
+@@ -191,7 +191,7 @@ libcpufreq: libcpufreq.la
+ 
+ cpufreq-%: libcpufreq.la $(UTIL_OBJS)
+ 	$(QUIET) $(CC) $(CFLAGDEF) $(CFLAGS) -g -I. -I./lib/ -c -o utils/$@.o utils/$*.c
+-	$(QUIET) $(CC) $(CFLAGDEF) $(CFLAGS) -g -I./lib/ -L. -L./.libs/ -lcpufreq -o $@ utils/$@.o
++	$(QUIET) $(CC) $(CFLAGDEF) $(CFLAGS) -g $(LDFLAGS) -I./lib/ -L. -L./.libs/ -o $@ utils/$@.o -lcpufreq
+ 	$(QUIET) $(STRIPCMD) $@
+ 
+ utils: cpufreq-info cpufreq-set
diff --git a/main/cpufrequtils/cpufrequtils-005-nls.patch b/main/cpufrequtils/cpufrequtils-005-nls.patch
new file mode 100644
index 0000000000..7a0336fff4
--- /dev/null
+++ b/main/cpufrequtils/cpufrequtils-005-nls.patch
@@ -0,0 +1,73 @@
+make nls/gettext support optional
+
+patch by Jos van der Ende <seraph@xs4all.nl>
+
+http://bugs.gentoo.org/205576
+
+--- cpufrequtils-005/Makefile
++++ cpufrequtils-005/Makefile
+@@ -141,6 +141,7 @@
+ ifeq ($(strip $(NLS)),true)
+ 	INSTALL_NLS += install-gmo
+ 	COMPILE_NLS += update-gmo
++	CFLAGDEF += -DNLS
+ endif
+ 
+ 
+--- cpufrequtils-005/utils/info.c
++++ cpufrequtils-005/utils/info.c
+@@ -10,7 +10,6 @@
+ #include <errno.h>
+ #include <stdlib.h>
+ #include <string.h>
+-#include <libintl.h>
+ #include <locale.h>
+ 
+ #include <getopt.h>
+@@ -18,9 +17,18 @@
+ #include "cpufreq.h"
+ 
+ 
++#ifdef NLS
++#include <libintl.h>
+ #define _(String) gettext (String)
+ #define gettext_noop(String) String
+ #define N_(String) gettext_noop (String)
++#else
++#define gettext_noop(String) String
++#define _(String) gettext_noop (String)
++#define gettext(String) gettext_noop (String)
++#define N_(String) gettext_noop (String)
++#define textdomain(String)
++#endif
+ 
+ #define LINE_LEN 10
+ 
+--- cpufrequtils-005/utils/set.c
++++ cpufrequtils-005/utils/set.c
+@@ -12,16 +12,24 @@
+ #include <limits.h>
+ #include <string.h>
+ #include <ctype.h>
+-#include <libintl.h>
+ #include <locale.h>
+ 
+ #include <getopt.h>
+ 
+ #include "cpufreq.h"
+ 
++#ifdef NLS
++#include <libintl.h>
+ #define _(String) gettext (String)
+ #define gettext_noop(String) String
+ #define N_(String) gettext_noop (String)
++#else
++#define gettext_noop(String) String
++#define _(String) gettext_noop (String)
++#define gettext(String) gettext_noop (String)
++#define N_(String) gettext_noop (String)
++#define textdomain(String)
++#endif
+ 
+ #define NORM_FREQ_LEN 32
+ 
diff --git a/main/cpufrequtils/cpufrequtils.confd b/main/cpufrequtils/cpufrequtils.confd
new file mode 100644
index 0000000000..68f5b7594c
--- /dev/null
+++ b/main/cpufrequtils/cpufrequtils.confd
@@ -0,0 +1,7 @@
+# /etc/conf.d/cpufrequtils: config file for /etc/init.d/cpufrequtils
+
+# Options when starting cpufreq (given to the `cpufreq-set` program)
+START_OPTS="--governor ondemand"
+
+# Options when stopping cpufreq (given to the `cpufreq-set` program)
+STOP_OPTS="--governor performance"
diff --git a/main/cpufrequtils/cpufrequtils.initd b/main/cpufrequtils/cpufrequtils.initd
new file mode 100644
index 0000000000..9aadd94c10
--- /dev/null
+++ b/main/cpufrequtils/cpufrequtils.initd
@@ -0,0 +1,22 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-power/cpufrequtils/files/cpufrequtils-init.d-005,v 1.2 2008/10/21 21:20:59 vapier Exp $
+
+affect_change() {
+	local c ret=0
+	ebegin "Running cpufreq-set $*"
+	for c in $(cpufreq-info -o | awk '$1 == "CPU" { print $2 }') ; do
+		cpufreq-set -c ${c} $*
+		: $((ret+=$?))
+	done
+	eend ${ret}
+}
+
+start() {
+	affect_change ${START_OPTS}
+}
+
+stop() {
+	affect_change ${STOP_OPTS}
+}
diff --git a/main/cracklib-words/APKBUILD b/main/cracklib-words/APKBUILD
new file mode 100644
index 0000000000..b460439263
--- /dev/null
+++ b/main/cracklib-words/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: 
+pkgname=cracklib-words
+pkgver=20080507
+pkgrel=0
+pkgdesc="Large list of words for crack/craclib"
+url="http://sourceforge.net/projects/cracklib"
+license="public domain"
+depends=""
+makedepends=""
+install=
+subpackages=""
+source="http://downloads.sourceforge.net/cracklib/$pkgname-$pkgver.gz"
+
+build() {
+	cd "$srcdir"
+	gunzip "$pkgname-$pkgver".gz
+	install -m644 -D "$pkgname-$pkgver" "$pkgdir"/usr/share/dict/cracklib-words
+}
+
+md5sums="7fa6ba0cd50e7f9ccaf4707c810b14f1  cracklib-words-20080507.gz"
diff --git a/main/cracklib/APKBUILD b/main/cracklib/APKBUILD
new file mode 100644
index 0000000000..e03c6a7700
--- /dev/null
+++ b/main/cracklib/APKBUILD
@@ -0,0 +1,31 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Michael Mason <ms13sp@gmail.com>
+pkgname=cracklib
+pkgver=2.8.13
+pkgrel=0
+pkgdesc="A library used to enforce strong passwords"
+url="http://sourceforge.net/projects/cracklib"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages="$pkgname-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	"
+build() {
+
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--without-python \
+		--disable-nls \
+		--with-default-dict
+	make -j1 all || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+}
+
+md5sums="5beb4c6b3c31c83fc98c4c225b25cd94  cracklib-2.8.13.tar.gz"
diff --git a/main/cramfs/APKBUILD b/main/cramfs/APKBUILD
new file mode 100644
index 0000000000..e40e57c2cc
--- /dev/null
+++ b/main/cramfs/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <natanael.copa@gmail.com>
+pkgname=cramfs
+pkgver=1.1
+pkgrel=0
+pkgdesc="Linux filesystem designed to be simple, small, and to compress things well"
+arch=""
+url="http://sourceforge.net/projects/cramfs/"
+license='GPL'
+depends="uclibc zlib"
+makedepends="zlib-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make CFLAGS="$CFLAGS" || return 1
+	install -d "$pkgdir"/sbin
+	install mkcramfs cramfsck "$pkgdir"/sbin
+}
+
+md5sums="d3912b9f7bf745fbfea68f6a9b9de30f  cramfs-1.1.tar.gz"
diff --git a/main/ctags/APKBUILD b/main/ctags/APKBUILD
new file mode 100644
index 0000000000..0d45e287c3
--- /dev/null
+++ b/main/ctags/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+pkgname=ctags
+pkgver=5.7
+pkgrel=0
+pkgdesc="Generator of tags for all types of C/C++ languages"
+url="http://ctags.sourceforge.net/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages=""
+source="http://prdownloads.sourceforge.net/ctags/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	
+	install -m755 -D $pkgname "$pkgdir"/usr/bin/$pkgname
+}
+
+md5sums="643cab63b39c8a24377dc4c781547d40  ctags-5.7.tar.gz"
diff --git a/main/curl/APKBUILD b/main/curl/APKBUILD
new file mode 100644
index 0000000000..c54e9ce316
--- /dev/null
+++ b/main/curl/APKBUILD
@@ -0,0 +1,27 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=curl
+pkgver=7.19.5
+pkgrel=0
+pkgdesc="An URL retrival utility and library"
+url="http://curl.haxx.se"
+license="MIT"
+depends="zlib uclibc openssl"
+makedepends="zlib-dev openssl-dev"
+source="http://curl.haxx.se/download/$pkgname-$pkgver.tar.bz2"
+
+subpackages="$pkgname-doc $pkgname-dev"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--without-libidn \
+		--disable-ldap
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	# fix permissions for curl-config
+	chmod +x "$pkgdir"/usr/bin/curl-config
+}
+
+md5sums="426d161661dce70c8ea9ad8f553363a3  curl-7.19.5.tar.bz2"
diff --git a/main/cutter/APKBUILD b/main/cutter/APKBUILD
new file mode 100644
index 0000000000..be27d880c7
--- /dev/null
+++ b/main/cutter/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Michael Mason <ms13sp@gmail.com>
+pkgname=cutter
+pkgver=1.03
+pkgrel=1
+pkgdesc="A program that allows firewall administrators to abort TCP/IP connections."
+url="http://www.lowth.com/cutter"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages=""
+source="http://www.lowth.com/cutter/software/$pkgname-$pkgver.tgz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	#no make install and no configure script
+
+	make || return 1
+	
+	mkdir -p "$pkgdir"/usr/sbin/
+
+	install -m755 -D cutter "$pkgdir"/usr/sbin/cutter
+
+}
+
+md5sums="50093db9b64277643969ee75b83ebbd1  cutter-1.03.tgz"
diff --git a/main/cvs/APKBUILD b/main/cvs/APKBUILD
new file mode 100644
index 0000000000..bcfcea6f24
--- /dev/null
+++ b/main/cvs/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer:
+pkgname=cvs
+pkgver=1.11.23
+pkgrel=0
+pkgdesc="Concurrent Versions System"
+url="http://www.nongnu.org/cvs/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages="$pkgname-doc"
+source="http://ftp.gnu.org/non-gnu/cvs/source/stable/1.11.23/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="bf185eb51b5918330a04671c3f3cccde  cvs-1.11.23.tar.gz"
diff --git a/main/cyrus-sasl/APKBUILD b/main/cyrus-sasl/APKBUILD
new file mode 100644
index 0000000000..4e9075769a
--- /dev/null
+++ b/main/cyrus-sasl/APKBUILD
@@ -0,0 +1,55 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=cyrus-sasl
+pkgver=2.1.23
+pkgrel=0
+pkgdesc="Cyrus Simple Authentication Service Layer (SASL)"
+url="http://cyrusimap.web.cmu.edu/downloads.html#sasl"
+license="custom"
+subpackages="$pkgname-dev $pkgname-doc libsasl"
+depends="db openssl uclibc libsasl"
+makedepends="db-dev openssl-dev"
+#install=libsasl.install
+source="ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/$pkgname-$pkgver.tar.gz
+	saslauthd.initd
+	cyrus-sasl-2.1.19-checkpw.c.patch
+	db-4.7.patch"
+
+build ()
+{
+	cd "$srcdir"/cyrus-sasl-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p0 -i $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--disable-anon \
+		--disable-cram \
+		--disable-digest \
+		--disable-gssapi \
+		--enable-login \
+		--disable-otp \
+		--enable-plain \
+		--with-devrandom=/dev/urandom \
+		--mandir=/usr/share/man
+
+	make -j1 || return 1
+	make -j1 DESTDIR="$pkgdir" install || return 1
+	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+
+	install -Dm755 ../saslauthd.initd "$pkgdir"/etc/init.d/saslauthd
+}
+
+libsasl() {
+	depends="uclibc db"	
+	pkgdesc="Cyrus Simple Authentication and Security Layer (SASL) library"
+	mkdir -p "$subpkgdir"/usr
+	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
+}
+
+md5sums="2eb0e48106f0e9cd8001e654f267ecbc  cyrus-sasl-2.1.23.tar.gz
+9045c1b9c79a6ae0727b31e602d098ad  saslauthd.initd
+e27ddff076342e7a3041c4759817d04b  cyrus-sasl-2.1.19-checkpw.c.patch
+71a3b7454f4d7cc2966b347bdf03f2fc  db-4.7.patch"
diff --git a/main/cyrus-sasl/cyrus-sasl-2.1.19-checkpw.c.patch b/main/cyrus-sasl/cyrus-sasl-2.1.19-checkpw.c.patch
new file mode 100644
index 0000000000..f7bf44b794
--- /dev/null
+++ b/main/cyrus-sasl/cyrus-sasl-2.1.19-checkpw.c.patch
@@ -0,0 +1,170 @@
+diff -ur ../cyrus-sasl-2.1.19.orig/lib/Makefile.in ./lib/Makefile.in
+--- ../cyrus-sasl-2.1.19.orig/lib/Makefile.in	2004-07-02 21:40:15.000000000 +0200
++++ ./lib/Makefile.in	2004-09-07 13:21:22.746680576 +0200
+@@ -120,7 +120,7 @@
+ JAVA_TRUE = @JAVA_TRUE@
+ LDFLAGS = @LDFLAGS@
+ LIBOBJS = @LIBOBJS@
+-LIBS = @LIBS@
++LIBS = -lcrypt @LIBS@
+ LIBTOOL = @LIBTOOL@
+ LIB_CRYPT = @LIB_CRYPT@
+ LIB_DES = @LIB_DES@
+diff -ur ../cyrus-sasl-2.1.19.orig/lib/checkpw.c ./lib/checkpw.c
+--- ../cyrus-sasl-2.1.19.orig/lib/checkpw.c	2004-03-17 14:58:13.000000000 +0100
++++ ./lib/checkpw.c	2004-09-07 13:21:12.645916147 +0200
+@@ -94,6 +94,23 @@
+ # endif
+ #endif
+ 
++/******************************
++ * crypt(3) patch start       *
++ ******************************/
++char *crypt(const char *key, const char *salt);
++
++/* cleartext password formats */
++#define PASSWORD_FORMAT_CLEARTEXT 1
++#define PASSWORD_FORMAT_CRYPT 2
++#define PASSWORD_FORMAT_CRYPTTRAD 3
++#define PASSWORD_SALT_BUF_LEN 22
++
++/* weeds out crypt(3) password's salt */
++int _sasl_get_salt (char *dest, char *src, int format);
++
++/******************************
++ * crypt(3) patch stop        *
++ ******************************/
+ 
+ /* we store the following secret to check plaintext passwords:
+  *
+@@ -143,7 +160,51 @@
+ 				       "*cmusaslsecretPLAIN",
+ 				       NULL };
+     struct propval auxprop_values[3];
+-    
++
++	/******************************
++	 * crypt(3) patch start       *
++	 * for password format check  *
++	 ******************************/
++    sasl_getopt_t *getopt;
++    void *context;
++    const char *p = NULL;
++	/**
++	 * MD5: 12 char salt
++	 * BLOWFISH: 16 char salt
++	 */
++	char salt[PASSWORD_SALT_BUF_LEN];
++	int password_format;
++
++	/* get password format from auxprop configuration */
++	if (_sasl_getcallback(conn, SASL_CB_GETOPT, &getopt, &context) == SASL_OK) {
++		getopt(context, NULL, "password_format", &p, NULL);
++	}
++
++	/* set password format */
++	if (p) {
++		/*
++		memset(pass_format_str, '\0', PASSWORD_FORMAT_STR_LEN);
++		strncpy(pass_format_str, p, (PASSWORD_FORMAT_STR_LEN - 1));
++		*/
++		/* modern, modular crypt(3) */
++		if (strncmp(p, "crypt", 11) == 0)
++			password_format = PASSWORD_FORMAT_CRYPT;
++		/* traditional crypt(3) */
++		else if (strncmp(p, "crypt_trad", 11) == 0)
++			password_format = PASSWORD_FORMAT_CRYPTTRAD;
++		/* cleartext password */
++		else
++			password_format = PASSWORD_FORMAT_CLEARTEXT;
++	} else {
++		/* cleartext password */
++		password_format = PASSWORD_FORMAT_CLEARTEXT;
++	}
++
++	/******************************
++	 * crypt(3) patch stop        *
++	 * for password format check  *
++	 ******************************/
++
+     if (!conn || !userstr)
+ 	return SASL_BADPARAM;
+ 
+@@ -180,14 +241,31 @@
+ 	goto done;
+     }
+ 
+-    /* At the point this has been called, the username has been canonified
+-     * and we've done the auxprop lookup.  This should be easy. */
+-    if(auxprop_values[0].name
+-       && auxprop_values[0].values
+-       && auxprop_values[0].values[0]
+-       && !strcmp(auxprop_values[0].values[0], passwd)) {
+-	/* We have a plaintext version and it matched! */
+-	return SASL_OK;
++
++	/******************************
++	 * crypt(3) patch start       *
++	 ******************************/	
++
++	/* get salt */
++	_sasl_get_salt(salt, (char *) auxprop_values[0].values[0], password_format);
++	
++	/* crypt(3)-ed password? */
++	if (password_format != PASSWORD_FORMAT_CLEARTEXT) {
++		/* compare password */
++		if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(crypt(passwd, salt), auxprop_values[0].values[0]) == 0)
++			return SASL_OK;
++		else
++			ret = SASL_BADAUTH;
++	}
++	else if (password_format == PASSWORD_FORMAT_CLEARTEXT) {
++		/* compare passwords */
++		if (auxprop_values[0].name && auxprop_values[0].values && auxprop_values[0].values[0] && strcmp(auxprop_values[0].values[0], passwd) == 0)
++			return SASL_OK;
++		else
++			ret = SASL_BADAUTH;
++	/******************************
++	 * crypt(3) patch stop        *
++	 ******************************/
+     } else if(auxprop_values[1].name
+ 	      && auxprop_values[1].values
+ 	      && auxprop_values[1].values[0]) {
+@@ -975,3 +1053,37 @@
+ #endif     
+     { NULL, NULL }
+ };
++
++/* weeds out crypt(3) password's salt */
++int _sasl_get_salt (char *dest, char *src, int format) {
++	int num;	/* how many characters is salt long? */
++	switch (format) {
++		case PASSWORD_FORMAT_CRYPT:
++			/* md5 crypt */
++			if (src[1] == '1')
++				num = 12;
++			/* blowfish crypt */
++			else if (src[1] == '2')
++				num = (src[1] == '2' && src[2] == 'a') ? 17 : 16;
++			/* traditional crypt */
++			else
++				num = 2;
++			break;
++	
++		case PASSWORD_FORMAT_CRYPTTRAD:
++			num = 2;
++			break;
++
++		default:
++			return 1;
++	}
++
++	/* destroy destination */
++	memset(dest, '\0', (num + 1));
++
++	/* copy salt to destination */
++	strncpy(dest, src, num);
++
++	return 1;
++}
++
diff --git a/main/cyrus-sasl/db-4.7.patch b/main/cyrus-sasl/db-4.7.patch
new file mode 100644
index 0000000000..8937d7633d
--- /dev/null
+++ b/main/cyrus-sasl/db-4.7.patch
@@ -0,0 +1,20 @@
+--- configure	2006-05-18 21:30:13.000000000 +0200
++++ configure.new	2007-09-29 00:22:42.000000000 +0200
+@@ -5125,7 +5125,7 @@
+ 	fi
+
+ 	saved_LIBS=$LIBS
+-        for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
++        for dbname in db-4.7 db4.7 db47 db-4.54 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
+           do
+ 	    LIBS="$saved_LIBS -l$dbname"
+ 	    cat >conftest.$ac_ext <<_ACEOF
+@@ -5882,7 +5882,7 @@
+ 	fi
+
+ 	saved_LIBS=$LIBS
+-        for dbname in db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
++        for dbname in db-4.7 db4.7 db47 db-4.54 db4.5 db45 db-4.4 db4.4 db44 db-4.3 db4.3 db43 db-4.2 db4.2 db42 db-4.1 db4.1 db41 db-4.0 db4.0 db-4 db40 db4 db-3.3 db3.3 db33 db-3.2 db3.2 db32 db-3.1 db3.1 db31 db-3 db30 db3 db
+           do
+ 	    LIBS="$saved_LIBS -l$dbname"
+ 	    cat >conftest.$ac_ext <<_ACEOF
diff --git a/main/cyrus-sasl/saslauthd.initd b/main/cyrus-sasl/saslauthd.initd
new file mode 100644
index 0000000000..a5e9a44061
--- /dev/null
+++ b/main/cyrus-sasl/saslauthd.initd
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-libs/cyrus-sasl/files/saslauthd2.rc6,v 1.7 2007/04/07 13:03:55 chtekk Exp $
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting saslauthd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/saslauthd \
+		-- ${SASLAUTHD_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping saslauthd"
+	start-stop-daemon --stop --quiet --pidfile /var/lib/sasl2/saslauthd.pid
+	eend $?
+}
diff --git a/main/dahdi-linux-grsec/APKBUILD b/main/dahdi-linux-grsec/APKBUILD
new file mode 100644
index 0000000000..7db4ebc4e1
--- /dev/null
+++ b/main/dahdi-linux-grsec/APKBUILD
@@ -0,0 +1,57 @@
+# Contributor: Timo Teras <timo.teras@iki.fi>
+# Maintainer: Timo Teras <timo.teras@iki.fi>
+
+_flavor=grsec
+
+# source the kernel version
+if [ -f ../linux-${_flavor}/APKBUILD ]; then
+	. ../linux-${_flavor}/APKBUILD
+fi
+
+_abi_release=${pkgver:-2.6.29.5}-${_flavor}
+_realname=dahdi-linux
+
+pkgname=${_realname}-${_flavor}
+pkgver=2.2.0
+pkgrel=3
+pkgdesc="Digium Asterisk Hardware Device Interface drivers"
+url="http://www.asterisk.org"
+license="GPL"
+depends="dahdi-linux"
+# we need wget and tar because make install downloads firmware and uses fancy
+# options for tar and wget.
+makedepends="linux-${_flavor}-dev wget tar perl"
+install=
+subpackages=
+source="http://downloads.digium.com/pub/telephony/dahdi-linux/releases/${_realname}-$pkgver.tar.gz
+	dahdi-depmod.patch
+	dahdi-bri_dchan.patch
+	dahdi-zaphfc.patch
+	zaphfc-dahdi-flortz.diff
+	dahdi-linux-2.2.0-hfc-4s.patch
+	"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+	for i in ../*.patch ../*.diff; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1;
+	done
+
+	make KVERS="${_abi_release}" DYNFS="yes" MODULES_EXTRA="zaphfc" \
+		|| return 1
+	make KVERS="${_abi_release}" DYNFS="yes" MODULES_EXTRA="zaphfc" \
+		DESTDIR="$pkgdir" install
+}
+
+# since we sourced the APKBUILD above we got the dev() function there to
+# so we override it again.
+dev() {
+	default_dev
+}
+md5sums="a6b1a24a436e1c1fd08b99d27cfe3f38  dahdi-linux-2.2.0.tar.gz
+c78fb8d80f9efdffd950297c88ff9273  dahdi-depmod.patch
+4b41a82ff390ac64c08092c5a3eab6a8  dahdi-bri_dchan.patch
+a822c092f0548cd13f5e8d8cba053af6  dahdi-zaphfc.patch
+291c5c44c86ab02443a742415461ddca  zaphfc-dahdi-flortz.diff
+68dfe17a49cca15ae439fd83f4ccfbc5  dahdi-linux-2.2.0-hfc-4s.patch"
diff --git a/main/dahdi-linux-grsec/dahdi-bri_dchan.patch b/main/dahdi-linux-grsec/dahdi-bri_dchan.patch
new file mode 100644
index 0000000000..d7a3fe859b
--- /dev/null
+++ b/main/dahdi-linux-grsec/dahdi-bri_dchan.patch
@@ -0,0 +1,161 @@
+# Translate the D channels to a standard channel data.
+# The HFC chipset provides us the D channel as data, but
+# Zaptel expects it as a standard channel with 1000 samples
+# per second.
+
+--- a/include/dahdi/kernel.h
++++ b/include/dahdi/kernel.h
+@@ -132,6 +132,13 @@ struct dahdi_chan {
+ 	int do_ppp_error;
+ 	struct sk_buff_head ppp_rq;
+ #endif
++#ifdef CONFIG_DAHDI_BRI_DCHANS
++	int bytes2receive;
++	int maxbytes2transmit; /* size of the tx buffer in the card driver */
++	int bytes2transmit;
++	int eofrx;
++	int eoftx;
++#endif
+ 	spinlock_t lock;
+ 	char name[40];
+ 	/* Specified by DAHDI */
+@@ -462,6 +469,9 @@ enum {
+ 	DAHDI_FLAGBIT_LOOPED	= 18,	/*!< Loopback the receive data from the channel to the transmit */
+ 	DAHDI_FLAGBIT_MTP2	= 19,	/*!< Repeats last message in buffer and also discards repeating messages sent to us */
+ 	DAHDI_FLAGBIT_HDLC56	= 20,	/*!< Sets the given channel (if in HDLC mode) to use 56K HDLC instead of 64K  */
++#if defined(CONFIG_DAHDI_BRI_DCHANS)
++	DAHDI_FLAGBIT_BRIDCHAN   = 21,	/*!< hardhdlc-like handling of the D channel */
++#endif
+ };
+ 
+ /* map flagbits to flag masks */
+@@ -500,6 +510,7 @@ enum {
+ #define DAHDI_FLAG_LOOPED	DAHDI_FLAG(LOOPED)
+ #define DAHDI_FLAG_MTP2		DAHDI_FLAG(MTP2)
+ #define DAHDI_FLAG_HDLC56	DAHDI_FLAG(HDLC56)
++#define DAHDI_FLAG_BRIDCHAN	DAHDI_FLAG(BRIDCHAN)
+ 
+ struct dahdi_span {
+ 	spinlock_t lock;
+--- a/include/dahdi/dahdi_config.h
++++ b/include/dahdi/dahdi_config.h
+@@ -174,4 +174,10 @@
+  */
+ /* #define	OPTIMIZE_CHANMUTE */
+ 
++/*
++ * Uncomment the following for BRI D channels
++ *
++ */
++#define CONFIG_DAHDI_BRI_DCHANS
++
+ #endif
+--- a/drivers/dahdi/dahdi-base.c
++++ b/drivers/dahdi/dahdi-base.c
+@@ -5907,11 +5907,40 @@ static inline void __dahdi_getbuf_chunk(
+ 					*(txb++) = fasthdlc_tx_run_nocheck(&ms->txhdlc);
+ 				}
+ 				bytes -= left;
++#ifdef CONFIG_DAHDI_BRI_DCHANS
++			} else if (test_bit(DAHDI_FLAGBIT_BRIDCHAN, &ms->flags)) {
++			    /*
++			     * Let's get this right, we want to transmit complete frames only.
++			     * The card driver will do the dirty HDLC work for us.
++			     * txb (transmit buffer) is supposed to be big enough to store one frame
++			     * we will make this as big as the D fifo (1KB or 2KB)
++			     */
++
++			    /* there are 'left' bytes in the user buffer left to transmit */
++			    left = ms->writen[ms->outwritebuf] - ms->writeidx[ms->outwritebuf] - 2;
++			    if (left > ms->maxbytes2transmit) {
++				memcpy(txb, buf + ms->writeidx[ms->outwritebuf], ms->maxbytes2transmit);
++				ms->writeidx[ms->outwritebuf] += ms->maxbytes2transmit;
++				txb += ms->maxbytes2transmit;
++				ms->bytes2transmit = ms->maxbytes2transmit;
++				ms->eoftx = 0;
++			    } else {
++				memcpy(txb, buf + ms->writeidx[ms->outwritebuf], left);
++				ms->writeidx[ms->outwritebuf] += left + 2;
++				txb += left + 2;
++				ms->bytes2transmit = left;
++				ms->eoftx = 1;
++			    }
++			    bytes = 0;
++#endif
+ 			} else {
+ 				memcpy(txb, buf + ms->writeidx[ms->outwritebuf], left);
+ 				ms->writeidx[ms->outwritebuf]+=left;
+ 				txb += left;
+ 				bytes -= left;
++#if defined(CONFIG_DAHDI_BRI_DCHANS)	
++				ms->bytes2transmit=DAHDI_CHUNKSIZE;
++#endif
+ 			}
+ 			/* Check buffer status */
+ 			if (ms->writeidx[ms->outwritebuf] >= ms->writen[ms->outwritebuf]) {
+@@ -5968,6 +5997,17 @@ out in the later versions, and is put ba
+ 				/* Transmit a flag if this is an HDLC channel */
+ 				if (ms->flags & DAHDI_FLAG_HDLC)
+ 					fasthdlc_tx_frame_nocheck(&ms->txhdlc);
++#if defined(CONFIG_DAHDI_BRI_DCHANS)	
++				if (test_bit(DAHDI_FLAGBIT_BRIDCHAN, &ms->flags)) {
++			//	    if (ms->bytes2transmit > 0) {
++					// txb += 2;
++					// ms->bytes2transmit -= 2;
++					bytes=0;
++					ms->eoftx = 1;
++//					printk(KERN_CRIT "zaptel EOF(%d) bytes2transmit %d\n",ms->eoftx,ms->bytes2transmit);
++			//	    }
++				}
++#endif
+ #ifdef CONFIG_DAHDI_NET
+ 				if (ms->flags & DAHDI_FLAG_NETDEV)
+ 					netif_wake_queue(ztchan_to_dev(ms));
+@@ -6028,6 +6068,12 @@ out in the later versions, and is put ba
+ 				memset(txb, 0xFF, bytes);
+ 			}
+ 			bytes = 0;
++#if defined(CONFIG_DAHDI_BRI_DCHANS)	
++		} else if (test_bit(DAHDI_FLAGBIT_BRIDCHAN, &ms->flags)) {
++		    ms->bytes2transmit = 0;
++		    ms->eoftx = 0;
++		    bytes = 0;
++#endif
+ 		} else {
+ 			memset(txb, DAHDI_LIN2X(0, ms), bytes);	/* Lastly we use silence on telephony channels */
+ 			bytes = 0;
+@@ -6840,6 +6886,14 @@ static inline void __putbuf_chunk(struct
+ 	int res;
+ 	int left, x;
+ 
++#if defined(CONFIG_DAHDI_BRI_DCHANS)	
++	if (test_bit(DAHDI_FLAGBIT_BRIDCHAN, &ms->flags)) {
++	    bytes = ms->bytes2receive;
++	    if (bytes < 1) return;
++//	    printk(KERN_CRIT "bytes2receive %d\n",ms->bytes2receive);
++	}
++#endif
++
+ 	while(bytes) {
+ #if defined(CONFIG_DAHDI_NET)  || defined(CONFIG_DAHDI_PPP)
+ 		skb = NULL;
+@@ -6897,6 +6951,19 @@ static inline void __putbuf_chunk(struct
+ 						}
+ 					}
+ 				}
++#ifdef CONFIG_DAHDI_BRI_DCHANS
++			} else if (test_bit(DAHDI_FLAGBIT_BRIDCHAN, &ms->flags)) {
++			    memcpy(buf + ms->readidx[ms->inreadbuf], rxb, left);
++			    rxb += left;
++			    ms->readidx[ms->inreadbuf] += left;
++			    bytes -= left;
++			    if (ms->eofrx == 1) {
++				eof=1;
++			    }
++//			    printk(KERN_CRIT "receiving %d bytes\n",ms->bytes2receive);
++			    ms->bytes2receive = 0;
++			    ms->eofrx = 0;
++#endif
+ 			} else {
+ 				/* Not HDLC */
+ 				memcpy(buf + ms->readidx[ms->inreadbuf], rxb, left);
diff --git a/main/dahdi-linux-grsec/dahdi-depmod.patch b/main/dahdi-linux-grsec/dahdi-depmod.patch
new file mode 100644
index 0000000000..289aad403b
--- /dev/null
+++ b/main/dahdi-linux-grsec/dahdi-depmod.patch
@@ -0,0 +1,22 @@
+Index: dahdi-linux-2.0.0-rc4/Makefile
+===================================================================
+--- dahdi-linux-2.0.0-rc4.orig/Makefile	2008-09-09 14:07:23.000000000 +0300
++++ dahdi-linux-2.0.0-rc4/Makefile	2008-09-09 14:12:31.000000000 +0300
+@@ -190,7 +190,7 @@
+ 	build_tools/uninstall-modules dahdi $(KVERS)
+ endif
+ 	$(KMAKE) INSTALL_MOD_PATH=$(DESTDIR) INSTALL_MOD_DIR=dahdi modules_install
+-	[ `id -u` = 0 ] && /sbin/depmod -a $(KVERS) || :
++	[ -z "$(DESTDIR)" -a `id -u` = 0 ] && /sbin/depmod -a $(KVERS) || :
+ 
+ uninstall-modules:
+ ifdef DESTDIR
+@@ -203,7 +203,7 @@
+ 		rm -rf /lib/modules/$(KVERS)/dahdi; \
+ 		echo "done."; \
+ 	fi
+-	[ `id -u` = 0 ] && /sbin/depmod -a $(KVERS) || :
++	[ -z "$(DESTDIR)" -a `id -u` = 0 ] && /sbin/depmod -a $(KVERS) || :
+ endif
+ 
+ update:
diff --git a/main/dahdi-linux-grsec/dahdi-linux-2.2.0-hfc-4s.patch b/main/dahdi-linux-grsec/dahdi-linux-2.2.0-hfc-4s.patch
new file mode 100644
index 0000000000..67857e2f7d
--- /dev/null
+++ b/main/dahdi-linux-grsec/dahdi-linux-2.2.0-hfc-4s.patch
@@ -0,0 +1,553 @@
+--- a/drivers/dahdi/wcb4xxp/base.c	2009-06-24 13:17:03.000000000 +0000
++++ b/drivers/dahdi/wcb4xxp/base.c	2009-06-24 13:40:15.000000000 +0000
+@@ -75,7 +75,7 @@
+ #define DBG_SPANFILTER		((1 << bspan->port) & spanfilter)
+ 
+ static int debug = 0;
+-static int spanfilter = 15;
++static int spanfilter = 255; /* Bitmap .. 1, 2, 4, 8, 16, 32, 64, 128 for ports 1-8 */
+ #ifdef LOOPBACK_SUPPORTED
+ static int loopback = 0;
+ #endif
+@@ -114,9 +114,21 @@
+ struct devtype {
+ 	char *desc;
+ 	unsigned int flags;
++	int ports;      /* Number of ports the card has */
++	int has_ec;     /* Does the card have an Echo Canceller  */
++	enum cards_ids card_type;       /* Card type - Digium B410P, ... */
+ };
+ 
+-static struct devtype wcb4xxp = { "Wildcard B410P", 0 };
++static struct devtype wcb4xxp = { "Wildcard B410P", .ports = 4, .has_ec = 1, .card_type = B410P  };
++static struct devtype hfc2s =  { "HFC-2S Junghanns.NET duoBRI PCI", .ports = 2, .has_ec = 0, .card_type = DUOBRI };
++static struct devtype hfc4s =  { "HFC-4S Junghanns.NET quadBRI PCI", .ports = 4, .has_ec = 0, .card_type = QUADBRI };
++static struct devtype hfc8s =  { "HFC-4S Junghanns.NET octoBRI PCI", .ports = 8, .has_ec = 0, .card_type = OCTOBRI };
++static struct devtype hfc2s_OV ={ "OpenVox B200P", .ports = 2, .has_ec = 0, .card_type = B200P_OV };
++static struct devtype hfc4s_OV ={ "OpenVox B400P", .ports = 4, .has_ec = 0, .card_type = B400P_OV };
++static struct devtype hfc8s_OV ={ "OpenVox B800P", .ports = 8, .has_ec = 0, .card_type = B800P_OV }; 
++static struct devtype hfc2s_BN ={ "BeroNet BN2S0", .ports = 2, .has_ec = 0, .card_type = BN2S0 };
++static struct devtype hfc4s_BN ={ "BeroNet BN4S0", .ports = 4, .has_ec = 0, .card_type = BN4S0 };
++static struct devtype hfc8s_BN ={ "BeroNet BN8S0", .ports = 8, .has_ec = 0, .card_type = BN8S0 };
+ 
+ static int echocan_create(struct dahdi_chan *chan, struct dahdi_echocanparams *ecp,
+ 			   struct dahdi_echocanparam *p, struct dahdi_echocan_state **ec);
+@@ -403,7 +415,14 @@
+ 
+ 	mb();
+ 
+-	b4xxp_setreg8(b4, R_GPIO_SEL, 0xf0);	/* GPIO0..7 S/T, 8..15 GPIO */
++	if ((b4->card_type == OCTOBRI) || (b4->card_type == B800P_OV) || (b4->card_type == BN8S0))
++	    {
++	    b4xxp_setreg8(b4, R_GPIO_SEL, 0x00);	/* GPIO0..15 S/T - HFC-8S uses GPIO8-15 for S/T ports 5-8 */
++	    }
++	    else
++	    {
++	    b4xxp_setreg8(b4, R_GPIO_SEL, 0xf0);	/* GPIO0..7 S/T, 8..15 GPIO */
++	    }
+ 
+ 	mb();
+ 
+@@ -618,13 +637,16 @@
+ 	unsigned char b;
+ 	unsigned int i, j, mask;
+ 
++	if (! b4->has_ec)   /* Avoid Echo Cancelling for non hardware echo canceller cards */
++		return;
++
+ /* Setup GPIO */
+ 	for (i=0; i < NUM_EC; i++) {
+ 		b = ec_read(b4, i, 0x1a0);
+ 
+ 		dev_info(b4->dev, "VPM %d/%d init: chip ver %02x\n", i, NUM_EC - 1, b);
+ 
+-		for (j=0; j < 4; j++) {
++		for (j=0; j < b4->numspans; j++) {
+ 			ec_write(b4, i, 0x1a8 + j, 0x00);	/* GPIO out */
+ 			ec_write(b4, i, 0x1ac + j, 0x00);	/* GPIO dir */
+ 			ec_write(b4, i, 0x1b0 + j, 0x00);	/* GPIO sel */
+@@ -1008,7 +1030,15 @@
+ 	int fifo, hfc_chan;
+ 	unsigned long irq_flags;
+ 
+-	fifo = port + 8;
++	if ((b4->card_type == B800P_OV) || (b4->card_type == OCTOBRI) || (b4->card_type == BN8S0))
++	    {
++	    fifo = port + 16; /* In HFC-8S cards we can't use ports 8-11 for dchan FIFOs */
++	    }
++	    else
++	    {
++	    fifo = port + 8;
++	    }
++	    
+ 	hfc_chan = (port * 4) + 2;
+ 
+ /* record the host's FIFO # in the span fifo array */
+@@ -1210,7 +1240,7 @@
+ 	int i, j;
+ 	struct b4xxp_span *s;
+ 
+-	for (i=0; i < 4; i++) {
++	for (i=0; i < b4->numspans; i++) {
+ 		s = &b4->spans[i];
+ 
+ 		for (j=HFC_T1; j <= HFC_T3; j++) {
+@@ -1413,12 +1443,21 @@
+ 
+ 	gpio = b4xxp_getreg8(b4, R_GPI_IN3);
+ 
+-	for (i=0; i < 4; i++) {
++	for (i=0; i < b4->numspans; i++) {
+ 		s = &b4->spans[i];
+ 		s->parent = b4;
+ 		s->port = i;
+ 
+-		nt = ((gpio & (1 << (i + 4))) == 0);		/* GPIO=0 = NT mode */
++		/* The way the Digium B410P card reads the NT/TE mode 
++		 * jumper is the oposite of how other HFC-4S cards do: 
++		 * - In B410P: GPIO=0: NT
++		 * - In Junghanns: GPIO=0: TE
++		 */
++		if (b4->card_type == B410P)
++			nt = ((gpio & (1 << (i + 4))) == 0);
++		else
++			nt = ((gpio & (1 << (i + 4))) != 0);
++
+ 		s->te_mode = !nt;
+ 
+ 		dev_info(b4->dev, "Port %d: %s mode\n", i + 1, (nt ? "NT" : "TE"));
+@@ -1774,9 +1813,15 @@
+ 
+ /*
+  * set up the clock controller
+- * we have a 24.576MHz crystal, so the PCM clock is 2x the incoming clock.
++ * B410P has a 24.576MHz crystal, so the PCM clock is 2x the incoming clock.
++ * Other cards have a 49.152Mhz crystal, so the PCM clock equals incoming clock.
+  */
+-	b4xxp_setreg8(b4, R_BRG_PCM_CFG, 0x02);
++	
++	if (b4->card_type == B410P)
++	    b4xxp_setreg8(b4, R_BRG_PCM_CFG,0x02);
++	else
++	    b4xxp_setreg8(b4, R_BRG_PCM_CFG, V_PCM_CLK);
++	    
+ 	flush_pci();
+ 
+ 	udelay(100);				/* wait a bit for clock to settle */
+@@ -1807,7 +1852,7 @@
+ 
+ /*
+  * set up the flow controller.
+- * B channel map:
++ * B channel map: (4 ports cards with Hardware Echo Cancel present & active)
+  * FIFO 0 connects Port 1 B0 using HFC channel 16 and PCM timeslots 0/1.
+  * FIFO 1 connects Port 1 B1 using HFC channel 17 and PCM timeslots 4/5.
+  * FIFO 2 connects Port 2 B0 using HFC channel 20 and PCM timeslots 8/9.
+@@ -1822,14 +1867,35 @@
+  *
+  * D channels are handled by FIFOs 8-11.
+  * FIFO 8 connects Port 1 D using HFC channel 3
+- * FIFO 9 connects Port 1 D using HFC channel 7
+- * FIFO 10 connects Port 1 D using HFC channel 11
+- * FIFO 11 connects Port 1 D using HFC channel 15
++ * FIFO 9 connects Port 2 D using HFC channel 7
++ * FIFO 10 connects Port 3 D using HFC channel 11
++ * FIFO 11 connects Port 4 D using HFC channel 15
++ *
++ * D channel FIFOs are operated in HDLC mode and interrupt on end of frame.
++ * 
++ * B channel map: (8 ports cards without Hardware Echo Cancel)
++ * FIFO 0 connects Port 1 B0 using HFC channel 0
++ * FIFO 1 connects Port 1 B1 using HFC channel 1
++ * FIFO 2 connects Port 2 B0 using HFC channel 4
++ * FIFO 3 connects Port 2 B1 using HFC channel 5
++ * .........................
++ * FIFO 14 connects Port 8 B0 using HFC channel 28
++ * FIFO 15 connects Port 8 B1 using HFC channel 29
++ *
++ * All B channel FIFOs have their HDLC controller in transparent mode,
++ * and only the FIFO for B0 on each port has its interrupt operational.
+  *
++ * D channels are handled by FIFOs 16-23.
++ * FIFO 16 connects Port 1 D using HFC channel 3
++ * FIFO 17 connects Port 2 D using HFC channel 7
++ * FIFO 18 connects Port 3 D using HFC channel 11
++ * FIFO 19 connects Port 4 D using HFC channel 15
++ * ................
++ * FIFO 23 connects Port 8 D using HFC channel 31
+  * D channel FIFOs are operated in HDLC mode and interrupt on end of frame.
+  */
+ 	for (span=0; span < b4->numspans; span++) {
+-		if (vpmsupport) {
++		if ((vpmsupport) && (b4->has_ec)) {
+ 			hfc_assign_bchan_fifo_ec(b4, span, 0);
+ 			hfc_assign_bchan_fifo_ec(b4, span, 1);
+ 		} else {
+@@ -1854,6 +1920,145 @@
+ 	ec_write(b4, 0, 0x1a8 + 3, val);
+ }
+ 
++static void b4xxp_update_leds_hfc_8s(struct b4xxp *b4)
++{
++	unsigned long lled;
++	unsigned long leddw;
++	int i,j;
++	struct b4xxp_span *bspan;
++	lled = 0;
++	j=8;
++	
++	b4->blinktimer++;
++	for (i=0; i < 8; i++) {
++		bspan = &b4->spans[i];
++		j = j -1 ; /* Leds are in reverse order - Led 7 => Port 0 */
++		if (bspan->span.flags & DAHDI_FLAG_RUNNING) {
++			if (bspan->span.alarms) {
++			    lled |= 1 << j;  /* Led OFF in alarm state */
++			} else if (bspan->span.mainttimer || bspan->span.maintstat) {
++				if (b4->blinktimer >= 0x7f) /* Led Blinking in maint state */
++					{
++					lled |= 1 << j;
++					}
++					else
++					{
++					lled |= 0 << j;
++					}
++			} else {
++				
++				lled |= 0 << j; /* Led ON - No alarms */
++			}
++		} 
++		else  
++			lled |= 1 << j; /* Led OFF - Not running */
++	}
++		/* Write Leds...*/
++		leddw = lled << 24 | lled << 16 | lled << 8 | lled;
++		b4xxp_setreg8(b4, R_BRG_PCM_CFG, 0x21);
++		iowrite16(0x4000, b4->ioaddr + 4);
++		iowrite32(leddw, b4->ioaddr);
++		b4xxp_setreg8(b4, R_BRG_PCM_CFG, 0x20);
++	
++	if (b4->blinktimer == 0xff) {
++		b4->blinktimer = -1;
++	}
++}
++
++static void b4xxp_update_leds_hfc(struct b4xxp *b4)
++{
++	int i, leds;
++	int led[4];
++	struct b4xxp_span *bspan;
++	
++	b4->blinktimer++;
++	for (i=0; i < b4->numspans; i++) {
++		bspan = &b4->spans[i];
++
++		if (bspan->span.flags & DAHDI_FLAG_RUNNING) {
++			if (bspan->span.alarms) {
++				if (b4->blinktimer >= 0x7f) /* Red blinking -> Alarm */
++					{
++					led[i] = 2; 
++					}
++					else
++					{
++					led[i] = 0;
++					}
++			} else if (bspan->span.mainttimer || bspan->span.maintstat) {
++				if (b4->blinktimer >= 0x7f) /* Green blinking -> Maint status */
++					{
++					led[i] = 1;
++					}
++					else
++					{
++					led[i] = 0;
++					}
++			} else {
++				/* No Alarm - Green */
++				led[i] = 1;
++			}
++		} 
++		else
++			led[i] = 0; /* OFF - Not running */
++	}
++
++	/* Each card manage leds in a different way. So one section per card type */
++	 
++	if (b4->card_type == B400P_OV) {
++		leds = ((led[0] > 0) << 0) | ((led[1] > 0) << 1) | 
++			((led[2] > 0) << 2) | ((led[3] > 0) << 3) | 
++			((led[0] & 1) << 4) | ((led[1] & 1) << 5) |
++			((led[2] & 1) << 6) | ((led[3] & 1) << 7); /* Tested OK */
++		b4xxp_setreg8(b4, R_GPIO_EN1, leds & 0x0f); 
++		b4xxp_setreg8(b4, R_GPIO_OUT1, leds  >> 4); 
++	}
++
++	else if (b4->card_type  == QUADBRI) {
++		leds = ((led[0] > 0) << 0) | ((led[1] > 0) << 1) | 
++			((led[2] > 0) << 2) | ((led[3] > 0) << 3) | 
++			((led[0] & 1) << 4) | ((led[1] & 1) << 5) |
++			((led[2] & 1) << 6) | ((led[3] & 1) << 7); /* UNTESTED */
++		b4xxp_setreg8(b4, R_GPIO_EN1, leds & 0x0f); 
++		b4xxp_setreg8(b4, R_GPIO_OUT1, leds  >> 4); 
++	}
++		
++	else if (b4->card_type  == BN4S0) {
++		leds = ((led[0] > 0) << 0) | ((led[1] > 0) << 1) | 
++			((led[2] > 0) << 2) | ((led[3] > 0) << 3) | 
++			((led[0] & 1) << 4) | ((led[1] & 1) << 5) |
++			((led[2] & 1) << 6) | ((led[3] & 1) << 7); /* UNTESTED */
++		b4xxp_setreg8(b4, R_GPIO_EN1, leds & 0x0f); 
++		b4xxp_setreg8(b4, R_GPIO_OUT1, leds  >> 4); 
++	}
++		
++	else if (b4->card_type  == B200P_OV) {
++		leds = ((led[0] > 0) << 0) | ((led[1] > 0) << 1) | 
++			((led[0] & 1) << 4) | ((led[1] & 1) << 5);
++		b4xxp_setreg8(b4, R_GPIO_EN1, leds & 0x0f); 
++		b4xxp_setreg8(b4, R_GPIO_OUT1, leds  >> 4); /* Tested OK */
++	} 
++
++	else if (b4->card_type  == DUOBRI) {
++		leds = ((led[0] > 0) << 0) | ((led[1] > 0) << 1) | 
++			((led[0] & 1) << 4) | ((led[1] & 1) << 5);
++		b4xxp_setreg8(b4, R_GPIO_EN1, leds & 0x0f); 
++		b4xxp_setreg8(b4, R_GPIO_OUT1, leds  >> 4); /* UNTESTED */
++	} 
++
++	else if (b4->card_type  == BN2S0) {
++		leds = ((led[0] > 0) << 0) | ((led[1] > 0) << 1) | 
++			((led[0] & 1) << 4) | ((led[1] & 1) << 5);
++		b4xxp_setreg8(b4, R_GPIO_EN1, leds & 0x0f); 
++		b4xxp_setreg8(b4, R_GPIO_OUT1, leds  >> 4); /* UNTESTED */
++	} 
++
++	if (b4->blinktimer == 0xff) {
++		b4->blinktimer = -1;
++	}
++
++}
++
+ static void b4xxp_set_span_led(struct b4xxp *b4, int span, unsigned char val)
+ {
+ 	int shift, spanmask;
+@@ -1871,6 +2076,18 @@
+ 	int i;
+ 	struct b4xxp_span *bspan;
+ 
++	if (b4->numspans == 8) { 
++		/* Use the alternative function for non-Digium HFC-8S cards */
++	    	b4xxp_update_leds_hfc_8s(b4); 
++		return; 
++	} 
++
++	 if (b4->card_type != B410P) {
++		 /* Use the alternative function for non-Digium HFC-4S cards */
++		 b4xxp_update_leds_hfc(b4);
++		 return;
++	 }
++
+ 	b4->blinktimer++;
+ 	for (i=0; i < b4->numspans; i++) {
+ 		bspan = &b4->spans[i];
+@@ -2174,7 +2391,7 @@
+ 		bspan->span.close  = b4xxp_close;
+ 		bspan->span.ioctl = b4xxp_ioctl;
+ 		bspan->span.hdlc_hard_xmit = b4xxp_hdlc_hard_xmit;
+-		if (vpmsupport)
++		if (vpmsupport && b4->has_ec)
+ 			bspan->span.echocan_create = echocan_create;
+ 
+ /* HDLC stuff */
+@@ -2281,13 +2498,24 @@
+ static void b4xxp_bottom_half(unsigned long data)
+ {
+ 	struct b4xxp *b4 = (struct b4xxp *)data;
+-	int i, j, k, gotrxfifo, fifo;
++	int i, j, k, gotrxfifo, fifo, fifo_low, fifo_high;
+ 	unsigned char b, b2;
+ 
+ 	if (b4->shutdown)
+ 		return;
+ 
+ 	gotrxfifo = 0;
++	if ( b4->numspans == 8 )  /* HFC-4S d-chan fifos 8-11 *** HFC-8S d-chan fifos 16-23 */
++	    {
++	    fifo_low = 16;
++	    fifo_high = 23;
++	    }
++	    else
++	    {
++	    fifo_low = 8;
++	    fifo_high = 11;
++	    }
++
+ 
+ 	for (i=0; i < 8; i++) {
+ 		b = b2 = b4->fifo_irqstatus[i];
+@@ -2296,7 +2524,7 @@
+ 			fifo = i*4 + j;
+ 
+ 			if (b & V_IRQ_FIFOx_TX) {
+-				if (fifo >=8 && fifo <= 11) {		/* d-chan fifo */
++				if (fifo >= fifo_low && fifo <= fifo_high) {	/* d-chan fifos */
+ /*
+  * WOW I don't like this.
+  * It's bad enough that I have to send a fake frame to get an HDLC TX FIFO interrupt,
+@@ -2305,7 +2533,7 @@
+  * Yuck.  It works well, but yuck.
+  */
+ 					do {
+-						k = hdlc_tx_frame(&b4->spans[fifo - 8]);
++						k = hdlc_tx_frame(&b4->spans[fifo - fifo_low]);
+ 					}  while (k);
+ 				} else {
+ 					if (printk_ratelimit())
+@@ -2314,7 +2542,7 @@
+ 			}
+ 
+ 			if (b & V_IRQ_FIFOx_RX) {
+-				if (fifo >=8 && fifo <= 11) {
++				if (fifo >= fifo_low && fifo <= fifo_high) {	/* dchan fifos */
+ /*
+  * I have to loop here until hdlc_rx_frame says there are no more frames waiting.
+  * for whatever reason, the HFC will not generate another interrupt if there are
+@@ -2322,7 +2550,7 @@
+  * i.e. I get an int when F1 changes, not when F1 != F2.
+  */
+ 					do {
+-						k = hdlc_rx_frame(&b4->spans[fifo - 8]);
++						k = hdlc_rx_frame(&b4->spans[fifo - fifo_low]);
+ 					} while (k);
+ 				} else {
+ 					if (printk_ratelimit())
+@@ -2404,8 +2632,8 @@
+ 	sprintf(sBuf, "Card %d, PCI identifier %s, IRQ %d\n", b4->cardno + 1, b4->dev->bus_id, b4->irq);
+ 
+ 	strcat(sBuf,"Tx:\n");
+-	for (j=0; j<8; j++) {
+-		for (i=0; i<12; i++) {
++	for (j=0; j<(b4->numspans * 2) ; j++) {			/* B Channels */
++		for (i=0; i<(b4->numspans * 3) ; i++) {		/* All Channels */
+ 			chan = b4->spans[i/3].chans[i%3];
+ 			sprintf(str, "%02x ", chan->writechunk[j]);
+ 			strcat(sBuf, str);
+@@ -2415,8 +2643,8 @@
+ 	}
+ 
+ 	strcat(sBuf, "\nRx:\n");
+-	for (j=0; j < 8; j++) {
+-		for (i=0; i < 12; i++) {
++	for (j=0; j < (b4->numspans * 2); j++) {		/* B Channels */
++		for (i=0; i < (b4->numspans * 3); i++) { 	/* All Channels */
+ 			chan = b4->spans[i / 3].chans[i % 3];
+ 			sprintf(str, "%02x%c", chan->readchunk[j], (i == 11) ? '\n' : ' ');
+ 			strcat(sBuf, str);
+@@ -2424,7 +2652,7 @@
+ 	}
+ 
+ 	strcat(sBuf, "\nPort states:\n");
+-	for (i=0; i < 4; i++) {
++	for (i=0; i < b4->numspans; i++) {
+ 		int state;
+ 		char *x;
+ 		struct b4xxp_span *s = &b4->spans[i];
+@@ -2519,7 +2747,8 @@
+ /* card found, enabled and main struct allocated.  Fill it out. */
+ 	b4->magic = WCB4XXP_MAGIC;
+ 	b4->variety = dt->desc;
+-
++	b4->has_ec = dt->has_ec;
++	b4->card_type = dt->card_type;
+ 	b4->pdev = pdev;
+ 	b4->dev = &pdev->dev;
+ 	pci_set_drvdata(pdev, b4);
+@@ -2533,7 +2762,7 @@
+ 	spin_lock_init(&b4->fifolock);
+ 
+ 	x = b4xxp_getreg8(b4, R_CHIP_ID);
+-	if (x != 0xc0) {				/* wrong chip? */
++	if ((x != 0xc0) && ( x != 0x80)) {		/* wrong chip? */
+ 		dev_err(&pdev->dev, "Unknown/unsupported controller detected (R_CHIP_ID = 0x%02x)\n", x);
+ 		goto err_out_free_mem;
+ 	}
+@@ -2548,7 +2777,7 @@
+ */
+ 
+ /* TODO: determine whether this is a 2, 4 or 8 port card */
+-	b4->numspans = 4;
++	b4->numspans = dt->ports;
+ 	b4->syncspan = -1;		/* sync span is unknown */
+ 	if (b4->numspans > MAX_SPANS_PER_CARD) {
+ 		dev_err(b4->dev, "Driver does not know how to handle a %d span card!\n", b4->numspans);
+@@ -2696,7 +2925,17 @@
+ static struct pci_device_id b4xx_ids[] __devinitdata =
+ {
+ 	{ 0xd161, 0xb410, PCI_ANY_ID, PCI_ANY_ID, 0, 0, (unsigned long)&wcb4xxp },
+-	{ 0, }
++	{ 0x1397, 0x16b8, 0x1397, 0xe552, 0, 0, (unsigned long)&hfc8s },
++	{ 0x1397, 0x08b4, 0x1397, 0xb520, 0, 0, (unsigned long)&hfc4s },
++	{ 0x1397, 0x08b4, 0x1397, 0xb556, 0, 0, (unsigned long)&hfc2s },
++	{ 0x1397, 0x08b4, 0x1397, 0xe884, 0, 0, (unsigned long)&hfc2s_OV },
++	{ 0x1397, 0x08b4, 0x1397, 0xe888, 0, 0, (unsigned long)&hfc4s_OV },
++	{ 0x1397, 0x16b8, 0x1397, 0xe998, 0, 0, (unsigned long)&hfc8s_OV },
++	{ 0x1397, 0x08b4, 0x1397, 0xb566, 0, 0, (unsigned long)&hfc2s_BN },
++	{ 0x1397, 0x08b4, 0x1397, 0xb560, 0, 0, (unsigned long)&hfc4s_BN },
++	{ 0x1397, 0x16b8, 0x1397, 0xb562, 0, 0, (unsigned long)&hfc8s_BN },
++	{0, }
++
+ };
+ 
+ static struct pci_driver b4xx_driver = {
+@@ -2756,7 +2995,7 @@
+ MODULE_PARM_DESC(timer_3_ms, "TE: msec to wait for link activation, NT: unused.");
+ 
+ MODULE_AUTHOR("Digium Incorporated <support@digium.com>");
+-MODULE_DESCRIPTION("B410P quad-port BRI module driver.");
++MODULE_DESCRIPTION("B410P & Similars multi-port BRI module driver.");
+ MODULE_LICENSE("GPL");
+ 
+ MODULE_DEVICE_TABLE(pci, b4xx_ids);
+--- a/drivers/dahdi/wcb4xxp/wcb4xxp.h	2009-06-24 13:17:03.000000000 +0000
++++ b/drivers/dahdi/wcb4xxp/wcb4xxp.h	2009-06-24 13:18:07.000000000 +0000
+@@ -378,7 +378,7 @@
+ #define HFC_T3					2
+ 
+ #define WCB4XXP_MAGIC				0xb410c0de
+-#define MAX_SPANS_PER_CARD			4
++#define MAX_SPANS_PER_CARD			8
+ 
+ #define WCB4XXP_CHANNELS_PER_SPAN		3	/* 2 B-channels and 1 D-Channel for each BRI span */
+ #define WCB4XXP_HDLC_BUF_LEN			32	/* arbitrary, just the max # of byts we will send to DAHDI per call */
+@@ -415,6 +415,19 @@
+ 	struct dahdi_chan _chans[WCB4XXP_CHANNELS_PER_SPAN]; /* Backing memory */
+ };
+ 
++enum cards_ids {	/* Cards ==> Brand & Model 		*/
++	B410P = 0,	/* Digium B410P 			*/
++	B200P_OV,	/* OpenVox B200P 			*/
++	B400P_OV,	/* OpenVox B400P 			*/
++	B800P_OV,	/* OpenVox B800P 			*/
++	DUOBRI,		/* HFC-2S Junghanns.NET duoBRI PCI 	*/
++	QUADBRI,	/* HFC-4S Junghanns.NET quadBRI PCI	*/
++	OCTOBRI,	/* HFC-8S Junghanns.NET octoBRI PCI	*/
++	BN2S0,		/* BeroNet BN2S0			*/
++	BN4S0,		/* Beronet BN4S0			*/
++	BN8S0		/* BeroNet BN8S0			*/
++	};
++
+ /* This structure exists one per card */
+ struct b4xxp {
+ 	unsigned magic;				/* magic value to make sure we're looking at our struct */
+@@ -449,10 +462,12 @@
+ 	int globalconfig;			/* Whether global setup has been done */
+ 	int syncspan;				/* span that HFC uses for sync on this card */
+ 	int running;				/* interrupts are enabled */
+-
++	
+ 	struct b4xxp_span spans[MAX_SPANS_PER_CARD];	/* Individual spans */
+ 	int order;				/* Order */
+ 	int flags;				/* Device flags */
++	int has_ec;				/* Has ECHO Cancel */
++	enum cards_ids card_type;		/* Card Identifier (using ids_cards enum)*/
+ 	int master;				/* Are we master */
+ 	int ledreg;				/* copy of the LED Register */
+ 	unsigned int gpio;
diff --git a/main/dahdi-linux-grsec/dahdi-zaphfc.patch b/main/dahdi-linux-grsec/dahdi-zaphfc.patch
new file mode 100644
index 0000000000..b711c07ff9
--- /dev/null
+++ b/main/dahdi-linux-grsec/dahdi-zaphfc.patch
@@ -0,0 +1,1429 @@
+Index: dahdi-linux-2.1.0/drivers/dahdi/zaphfc.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ dahdi-linux-2.1.0/drivers/dahdi/zaphfc.c	2008-12-10 12:46:14.000000000 +0200
+@@ -0,0 +1,1129 @@
++/*
++ * zaphfc.c - Zaptel driver for HFC-S PCI A based ISDN BRI cards
++ *
++ * kernel module inspired by HFC PCI ISDN4Linux and Zaptel drivers
++ *
++ * Copyright (C) 2002, 2003, 2004, 2005 Junghanns.NET GmbH
++ *
++ * Klaus-Peter Junghanns <kpj@junghanns.net>
++ *
++ * This program is free software and may be modified and
++ * distributed under the terms of the GNU Public License.
++ *
++ */
++
++#include <linux/kernel.h>
++#include <linux/module.h>
++#ifdef RTAITIMING
++#include <asm/io.h>
++#include <rtai.h>
++#include <rtai_sched.h>
++#include <rtai_fifos.h>
++#endif
++#include <linux/pci.h>
++#include <linux/init.h>
++#include <linux/interrupt.h>
++#include <linux/delay.h>
++#include <dahdi/kernel.h>
++#include "zaphfc.h"
++
++#include <linux/moduleparam.h>
++
++#if CONFIG_PCI
++
++#define CLKDEL_TE	0x0f	/* CLKDEL in TE mode */
++#define CLKDEL_NT	0x6c	/* CLKDEL in NT mode */
++
++typedef struct {
++        int vendor_id;
++        int device_id;
++        char *vendor_name;
++        char *card_name;
++} PCI_ENTRY;
++
++static const PCI_ENTRY id_list[] =
++{
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_2BD0, "CCD/Billion/Asuscom", "2BD0"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B000, "Billion", "B000"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B006, "Billion", "B006"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B007, "Billion", "B007"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B008, "Billion", "B008"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B009, "Billion", "B009"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B00A, "Billion", "B00A"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B00B, "Billion", "B00B"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B00C, "Billion", "B00C"},
++        {PCI_VENDOR_ID_CCD, PCI_DEVICE_ID_CCD_B100, "Seyeon", "B100"},
++        {PCI_VENDOR_ID_ABOCOM, PCI_DEVICE_ID_ABOCOM_2BD1, "Abocom/Magitek", "2BD1"},
++        {PCI_VENDOR_ID_ASUSTEK, PCI_DEVICE_ID_ASUSTEK_0675, "Asuscom/Askey", "675"},
++        {PCI_VENDOR_ID_BERKOM, PCI_DEVICE_ID_BERKOM_T_CONCEPT, "German telekom", "T-Concept"},
++        {PCI_VENDOR_ID_BERKOM, PCI_DEVICE_ID_BERKOM_A1T, "German telekom", "A1T"},
++        {PCI_VENDOR_ID_ANIGMA, PCI_DEVICE_ID_ANIGMA_MC145575, "Motorola MC145575", "MC145575"},
++        {PCI_VENDOR_ID_ZOLTRIX, PCI_DEVICE_ID_ZOLTRIX_2BD0, "Zoltrix", "2BD0"},
++        {PCI_VENDOR_ID_DIGI, PCI_DEVICE_ID_DIGI_DF_M_IOM2_E,"Digi International", "Digi DataFire Micro V IOM2 (Europe)"},
++        {PCI_VENDOR_ID_DIGI, PCI_DEVICE_ID_DIGI_DF_M_E,"Digi International", "Digi DataFire Micro V (Europe)"},
++        {PCI_VENDOR_ID_DIGI, PCI_DEVICE_ID_DIGI_DF_M_IOM2_A,"Digi International", "Digi DataFire Micro V IOM2 (North America)"},
++        {PCI_VENDOR_ID_DIGI, PCI_DEVICE_ID_DIGI_DF_M_A,"Digi International", "Digi DataFire Micro V (North America)"},
++	{0x182d, 0x3069,"Sitecom","Isdn 128 PCI"},
++        {0, 0, NULL, NULL},
++};
++
++static struct hfc_card *hfc_dev_list = NULL;
++static int hfc_dev_count = 0;
++static int modes = 0; // all TE
++static int debug = 0;
++static struct pci_dev *multi_hfc = NULL;
++static spinlock_t registerlock = SPIN_LOCK_UNLOCKED;
++
++void hfc_shutdownCard(struct hfc_card *hfctmp) {
++    unsigned long flags;
++
++    if (hfctmp == NULL) {
++	return;
++    }
++
++    if (hfctmp->pci_io == NULL) {
++	return;
++    }
++    
++    spin_lock_irqsave(&hfctmp->lock,flags);
++
++    printk(KERN_INFO "zaphfc: shutting down card at %p.\n",hfctmp->pci_io);
++
++    /* Clear interrupt mask */
++    hfctmp->regs.int_m2 = 0;
++    hfc_outb(hfctmp, hfc_INT_M2, hfctmp->regs.int_m2);
++
++    /* Reset pending interrupts */
++    hfc_inb(hfctmp, hfc_INT_S1);
++
++    /* Wait for interrupts that might still be pending */
++    spin_unlock_irqrestore(&hfctmp->lock, flags);
++    set_current_state(TASK_UNINTERRUPTIBLE);
++    schedule_timeout((30 * HZ) / 1000);	// wait 30 ms
++    spin_lock_irqsave(&hfctmp->lock,flags);
++
++    /* Remove interrupt handler */
++    if (hfctmp->irq) {
++	free_irq(hfctmp->irq, hfctmp);
++    }
++
++    /* Soft-reset the card */
++    hfc_outb(hfctmp, hfc_CIRM, hfc_CIRM_RESET); // softreset on
++
++    spin_unlock_irqrestore(&hfctmp->lock, flags);
++    set_current_state(TASK_UNINTERRUPTIBLE);
++    schedule_timeout((30 * HZ) / 1000);	// wait 30 ms
++    spin_lock_irqsave(&hfctmp->lock,flags);
++
++    hfc_outb(hfctmp,hfc_CIRM,0);	// softreset off
++
++    pci_write_config_word(hfctmp->pcidev, PCI_COMMAND, 0);	// disable memio and bustmaster
++
++    if (hfctmp->fifomem != NULL) {
++        kfree(hfctmp->fifomem);
++    }
++    iounmap((void *) hfctmp->pci_io);
++    hfctmp->pci_io = NULL;
++    if (hfctmp->pcidev != NULL) {
++        pci_disable_device(hfctmp->pcidev);
++    }
++    spin_unlock_irqrestore(&hfctmp->lock,flags);
++    if (hfctmp->ztdev != NULL) {
++	dahdi_unregister(&hfctmp->ztdev->span);
++	kfree(hfctmp->ztdev);
++	printk(KERN_INFO "unregistered from DAHDI.\n");
++    }
++}
++
++void hfc_resetCard(struct hfc_card *hfctmp) {
++    unsigned long flags;
++
++    spin_lock_irqsave(&hfctmp->lock,flags);
++    pci_write_config_word(hfctmp->pcidev, PCI_COMMAND, PCI_COMMAND_MEMORY);	// enable memio
++    hfctmp->regs.int_m2 = 0;
++    hfc_outb(hfctmp, hfc_INT_M2, hfctmp->regs.int_m2);
++
++//    printk(KERN_INFO "zaphfc: resetting card.\n");
++    pci_set_master(hfctmp->pcidev);
++    hfc_outb(hfctmp, hfc_CIRM, hfc_CIRM_RESET);	// softreset on
++    spin_unlock_irqrestore(&hfctmp->lock, flags);
++
++    set_current_state(TASK_UNINTERRUPTIBLE);
++    schedule_timeout((30 * HZ) / 1000);	// wait 30 ms
++    hfc_outb(hfctmp, hfc_CIRM, 0);	// softreset off
++
++    set_current_state(TASK_UNINTERRUPTIBLE);
++    schedule_timeout((20 * HZ) / 1000);	// wait 20 ms
++    if (hfc_inb(hfctmp,hfc_STATUS) & hfc_STATUS_PCI_PROC) {
++	printk(KERN_WARNING "zaphfc: hfc busy.\n");
++    }
++
++//    hfctmp->regs.fifo_en = hfc_FIFOEN_D | hfc_FIFOEN_B1 | hfc_FIFOEN_B2;
++//    hfctmp->regs.fifo_en = hfc_FIFOEN_D;	/* only D fifos enabled */
++    hfctmp->regs.fifo_en = 0;	/* no fifos enabled */
++    hfc_outb(hfctmp, hfc_FIFO_EN, hfctmp->regs.fifo_en);
++
++    hfctmp->regs.trm = 2;
++    hfc_outb(hfctmp, hfc_TRM, hfctmp->regs.trm);
++
++    if (hfctmp->regs.nt_mode == 1) {
++	hfc_outb(hfctmp, hfc_CLKDEL, CLKDEL_NT); /* ST-Bit delay for NT-Mode */
++    } else {
++	hfc_outb(hfctmp, hfc_CLKDEL, CLKDEL_TE); /* ST-Bit delay for TE-Mode */
++    }
++    hfctmp->regs.sctrl_e = hfc_SCTRL_E_AUTO_AWAKE;
++    hfc_outb(hfctmp, hfc_SCTRL_E, hfctmp->regs.sctrl_e);	/* S/T Auto awake */
++    hfctmp->regs.bswapped = 0;	/* no exchange */
++
++    hfctmp->regs.ctmt = hfc_CTMT_TRANSB1 | hfc_CTMT_TRANSB2; // all bchans are transparent , no freaking hdlc
++    hfc_outb(hfctmp, hfc_CTMT, hfctmp->regs.ctmt);
++
++    hfctmp->regs.int_m1 = 0;
++    hfc_outb(hfctmp, hfc_INT_M1, hfctmp->regs.int_m1);
++
++#ifdef RTAITIMING
++    hfctmp->regs.int_m2 = 0;
++#else
++    hfctmp->regs.int_m2 = hfc_M2_PROC_TRANS;
++#endif
++    hfc_outb(hfctmp, hfc_INT_M2, hfctmp->regs.int_m2);
++
++    /* Clear already pending ints */
++    hfc_inb(hfctmp, hfc_INT_S1);
++
++    if (hfctmp->regs.nt_mode == 1) {
++	hfctmp->regs.sctrl = 3 | hfc_SCTRL_NONE_CAP | hfc_SCTRL_MODE_NT;	/* set tx_lo mode, error in datasheet ! */
++    } else {
++	hfctmp->regs.sctrl = 3 | hfc_SCTRL_NONE_CAP | hfc_SCTRL_MODE_TE;	/* set tx_lo mode, error in datasheet ! */
++    }
++
++    hfctmp->regs.mst_mode = hfc_MST_MODE_MASTER;	/* HFC Master Mode */
++    hfc_outb(hfctmp, hfc_MST_MODE, hfctmp->regs.mst_mode);
++
++    hfc_outb(hfctmp, hfc_SCTRL, hfctmp->regs.sctrl);
++    hfctmp->regs.sctrl_r = 3;
++    hfc_outb(hfctmp, hfc_SCTRL_R, hfctmp->regs.sctrl_r);
++
++    hfctmp->regs.connect = 0;
++    hfc_outb(hfctmp, hfc_CONNECT, hfctmp->regs.connect);
++
++    hfc_outb(hfctmp, hfc_CIRM, 0x80 | 0x40);	// bit order
++
++    /* Finally enable IRQ output */
++#ifndef RTAITIMING
++    hfctmp->regs.int_m2 |= hfc_M2_IRQ_ENABLE;
++    hfc_outb(hfctmp, hfc_INT_M2, hfctmp->regs.int_m2);
++#endif
++
++    /* clear pending ints */
++    hfc_inb(hfctmp, hfc_INT_S1); 
++    hfc_inb(hfctmp, hfc_INT_S2);
++}
++
++void hfc_registerCard(struct hfc_card *hfccard) {
++    spin_lock(&registerlock);
++    if (hfccard != NULL) {
++	hfccard->cardno = hfc_dev_count++;
++	hfccard->next = hfc_dev_list;
++	hfc_dev_list = hfccard;
++    }
++    spin_unlock(&registerlock);
++}
++
++static void hfc_btrans(struct hfc_card *hfctmp, char whichB) {
++    // we are called with irqs disabled from the irq handler
++    int count, maxlen, total;
++    unsigned char *f1, *f2;
++    unsigned short *z1, *z2, newz1;
++    int freebytes;
++
++    if (whichB == 1) {
++	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B1TX_F1);
++        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B1TX_F2);
++	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1TX_Z1 + (*f1 * 4));
++	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1TX_Z2 + (*f1 * 4));
++    } else {
++	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B2TX_F1);
++        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B2TX_F2);
++	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2TX_Z1 + (*f1 * 4));
++	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2TX_Z2 + (*f1 * 4));
++    }
++
++    freebytes = *z2 - *z1;
++    if (freebytes <= 0) {
++	freebytes += hfc_B_FIFO_SIZE;
++    }
++    count = DAHDI_CHUNKSIZE;
++
++    total = count;
++    if (freebytes < count) {
++	hfctmp->clicks++;
++	/* only spit out this warning once per second to not make things worse! */
++	if (hfctmp->clicks > 100) {
++	    printk(KERN_CRIT "zaphfc: bchan tx fifo full, dropping audio! (z1=%d, z2=%d)\n",*z1,*z2);
++	    hfctmp->clicks = 0;
++	}
++	return;
++    }
++    
++    maxlen = (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL) - *z1;
++    if (maxlen > count) {
++        maxlen = count;
++    }
++    newz1 = *z1 + total;
++    if (newz1 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { newz1 -= hfc_B_FIFO_SIZE; }
++
++	if (whichB == 1) {
++	    memcpy((char *)(hfctmp->fifos + hfc_FIFO_B1TX_ZOFF + *z1),hfctmp->ztdev->chans[0].writechunk, maxlen);
++	} else {
++	    memcpy((char *)(hfctmp->fifos + hfc_FIFO_B2TX_ZOFF + *z1),hfctmp->ztdev->chans[1].writechunk, maxlen);
++	}
++	
++	count -= maxlen;
++	if (count > 0) {
++	// Buffer wrap
++	    if (whichB == 1) {
++	        memcpy((char *)(hfctmp->fifos + hfc_FIFO_B1TX_ZOFF + hfc_B_SUB_VAL),hfctmp->ztdev->chans[0].writechunk+maxlen, count);
++	    } else {
++	        memcpy((char *)(hfctmp->fifos + hfc_FIFO_B2TX_ZOFF + hfc_B_SUB_VAL),hfctmp->ztdev->chans[1].writechunk+maxlen, count);
++	    }
++	}
++
++    *z1 = newz1;	/* send it now */
++
++//    if (count > 0) printk(KERN_CRIT "zaphfc: bchan tx fifo (f1=%d, f2=%d, z1=%d, z2=%d)\n",(*f1) & hfc_FMASK,(*f2) & hfc_FMASK, *z1, *z2);
++    return;    
++}
++
++static void hfc_brec(struct hfc_card *hfctmp, char whichB) {
++    // we are called with irqs disabled from the irq handler
++    int count, maxlen, drop;
++    volatile unsigned char *f1, *f2;
++    volatile unsigned short *z1, *z2, newz2;
++    int bytes = 0;
++
++    if (whichB == 1) {
++	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B1RX_F1);
++        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B1RX_F2);
++	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1RX_Z1 + (*f1 * 4));
++	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1RX_Z2 + (*f1 * 4));
++    } else {
++	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B2RX_F1);
++        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B2RX_F2);
++	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2RX_Z1 + (*f1 * 4));
++	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2RX_Z2 + (*f1 * 4));
++    }
++
++    bytes = *z1 - *z2;
++    if (bytes < 0) {
++	bytes += hfc_B_FIFO_SIZE;
++    }
++    count = DAHDI_CHUNKSIZE;
++    
++    if (bytes < DAHDI_CHUNKSIZE) {
++#ifndef RTAITIMING
++	printk(KERN_CRIT "zaphfc: bchan rx fifo not enough bytes to receive! (z1=%d, z2=%d, wanted %d got %d), probably a buffer overrun.\n",*z1,*z2,DAHDI_CHUNKSIZE,bytes);
++#endif
++	return;
++    }
++
++    /* allowing the buffering of hfc_BCHAN_BUFFER bytes of audio data works around irq jitter */
++    if (bytes > hfc_BCHAN_BUFFER + DAHDI_CHUNKSIZE) {
++	/* if the system is too slow to handle it, we will have to drop it all (except 1 DAHDI chunk) */
++	drop = bytes - DAHDI_CHUNKSIZE;
++	hfctmp->clicks++;
++	/* only spit out this warning once per second to not make things worse! */
++	if (hfctmp->clicks > 100) {
++	    printk(KERN_CRIT "zaphfc: dropped audio (z1=%d, z2=%d, wanted %d got %d, dropped %d).\n",*z1,*z2,count,bytes,drop);
++	    hfctmp->clicks = 0;
++	}
++	/* hm, we are processing the b chan data tooooo slowly... let's drop the lost audio */
++	newz2 = *z2 + drop;
++	if (newz2 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { 
++	    newz2 -= hfc_B_FIFO_SIZE; 
++	}
++	*z2 = newz2;
++    }
++
++    
++    maxlen = (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL) - *z2;
++    if (maxlen > count) {
++        maxlen = count;
++    }
++    if (whichB == 1) {
++        memcpy(hfctmp->ztdev->chans[0].readchunk,(char *)(hfctmp->fifos + hfc_FIFO_B1RX_ZOFF + *z2), maxlen);
++    } else {
++        memcpy(hfctmp->ztdev->chans[1].readchunk,(char *)(hfctmp->fifos + hfc_FIFO_B2RX_ZOFF + *z2), maxlen);
++    }
++    newz2 = *z2 + count;
++    if (newz2 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { 
++        newz2 -= hfc_B_FIFO_SIZE; 
++    }
++    *z2 = newz2;
++	
++    count -= maxlen;
++    if (count > 0) {
++    // Buffer wrap
++        if (whichB == 1) {
++	    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1RX_Z2 + (*f1 * 4));
++    	    memcpy(hfctmp->ztdev->chans[0].readchunk + maxlen,(char *)(hfctmp->fifos + hfc_FIFO_B1RX_ZOFF + hfc_B_SUB_VAL), count);
++	} else {
++	    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2RX_Z2 + (*f1 * 4));
++	    memcpy(hfctmp->ztdev->chans[1].readchunk + maxlen,(char *)(hfctmp->fifos + hfc_FIFO_B2RX_ZOFF + hfc_B_SUB_VAL), count);
++	}
++	newz2 = *z2 + count;
++	if (newz2 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { 
++	    newz2 -= hfc_B_FIFO_SIZE; 
++	}
++    }
++
++
++    if (whichB == 1) {
++	dahdi_ec_chunk(&hfctmp->ztdev->chans[0], hfctmp->ztdev->chans[0].readchunk, hfctmp->ztdev->chans[0].writechunk);
++    } else {
++	dahdi_ec_chunk(&hfctmp->ztdev->chans[1], hfctmp->ztdev->chans[1].readchunk, hfctmp->ztdev->chans[1].writechunk);
++    }
++    return;    
++}
++
++
++static void hfc_dtrans(struct hfc_card *hfctmp) {
++    // we are called with irqs disabled from the irq handler
++    int x;
++    int count, maxlen, total;
++    unsigned char *f1, *f2, newf1;
++    unsigned short *z1, *z2, newz1;
++    int frames, freebytes;
++
++    if (hfctmp->ztdev->chans[2].bytes2transmit == 0) {
++	return;
++    }
++
++    f1 = (char *)(hfctmp->fifos + hfc_FIFO_DTX_F1);
++    f2 = (char *)(hfctmp->fifos + hfc_FIFO_DTX_F2);
++    z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DTX_Z1 + (*f1 * 4));
++    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DTX_Z2 + (*f1 * 4));
++
++    frames = (*f1 - *f2) & hfc_FMASK;
++    if (frames < 0) {
++	frames += hfc_MAX_DFRAMES + 1;
++    }
++
++    if (frames >= hfc_MAX_DFRAMES) {
++	printk(KERN_CRIT "zaphfc: dchan tx fifo total number of frames exceeded!\n");
++	return;
++    }
++
++    freebytes = *z2 - *z1;
++    if (freebytes <= 0) {
++	freebytes += hfc_D_FIFO_SIZE;
++    }
++    count = hfctmp->ztdev->chans[2].bytes2transmit;
++
++    total = count;
++    if (freebytes < count) {
++	printk(KERN_CRIT "zaphfc: dchan tx fifo not enough free bytes! (z1=%d, z2=%d)\n",*z1,*z2);
++	return;
++    }
++    
++    newz1 = (*z1 + count) & hfc_ZMASK;
++    newf1 = ((*f1 + 1) & hfc_MAX_DFRAMES) | (hfc_MAX_DFRAMES + 1);	// next frame
++    
++    if (count > 0) {
++	if (debug) {
++    	    printk(KERN_CRIT "zaphfc: card %d TX [ ", hfctmp->cardno);
++	    for (x=0; x<count; x++) {
++		printk("%#2x ",hfctmp->dtransbuf[x]);
++	    }
++	    if (hfctmp->ztdev->chans[2].eoftx == 1) {
++		printk("] %d bytes\n", count);
++	    } else {
++		printk("..] %d bytes\n", count);
++	    }
++	}
++	maxlen = hfc_D_FIFO_SIZE - *z1;
++	if (maxlen > count) {
++	    maxlen = count;
++	}
++	memcpy((char *)(hfctmp->fifos + hfc_FIFO_DTX_ZOFF + *z1),hfctmp->ztdev->chans[2].writechunk, maxlen);
++	count -= maxlen;
++	if (count > 0) {
++	    memcpy((char *)(hfctmp->fifos + hfc_FIFO_DTX_ZOFF),(char *)(hfctmp->ztdev->chans[2].writechunk + maxlen), count);
++	}
++    }
++
++    *z1 = newz1;
++
++    if (hfctmp->ztdev->chans[2].eoftx == 1) {
++	*f1 = newf1;
++	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DTX_Z1 + (*f1 * 4));
++	*z1 = newz1;
++	hfctmp->ztdev->chans[2].eoftx = 0;
++    }
++//    printk(KERN_CRIT "zaphfc: dchan tx fifo (f1=%d, f2=%d, z1=%d, z2=%d)\n",(*f1) & hfc_FMASK,(*f2) & hfc_FMASK, *z1, *z2);
++    return;    
++}
++
++/* receive a complete hdlc frame, skip broken or short frames */
++static void hfc_drec(struct hfc_card *hfctmp) {
++    int count=0, maxlen=0, framelen=0;
++    unsigned char *f1, *f2, *crcstat;
++    unsigned short *z1, *z2, oldz2, newz2;
++
++    hfctmp->ztdev->chans[2].bytes2receive=0;
++    hfctmp->ztdev->chans[2].eofrx = 0;
++
++    /* put the received data into the DAHDI buffer
++       we'll call dahdi_receive() later when the timer fires. */
++    f1 = (char *)(hfctmp->fifos + hfc_FIFO_DRX_F1);
++    f2 = (char *)(hfctmp->fifos + hfc_FIFO_DRX_F2);
++
++    if (*f1 == *f2) return; /* nothing received, strange eh? */
++
++    z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z1 + (*f2 * 4));
++    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z2 + (*f2 * 4));
++    
++    /* calculate length of frame, including 2 bytes CRC and 1 byte STAT */
++    count = *z1 - *z2;
++    
++    if (count < 0) { 
++	count += hfc_D_FIFO_SIZE; /* ring buffer wrapped */
++    }
++    count++;
++    framelen = count;
++
++    crcstat = (char *)(hfctmp->fifos + hfc_FIFO_DRX_ZOFF + *z1);
++
++    if ((framelen < 4) || (*crcstat != 0x0)) {
++	/* the frame is too short for a valid HDLC frame or the CRC is borked */
++	printk(KERN_CRIT "zaphfc: empty HDLC frame or bad CRC received (framelen = %d, stat = %#x, card = %d).\n", framelen, *crcstat, hfctmp->cardno);
++	oldz2 = *z2;
++	*f2 = ((*f2 + 1) & hfc_MAX_DFRAMES) | (hfc_MAX_DFRAMES + 1);	/* NEXT!!! */
++        // recalculate z2, because Z2 is a function of F2 Z2(F2) and we INCed F2!!!
++	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z2 + (*f2 * 4));
++	*z2 = (oldz2 + framelen) & hfc_ZMASK;
++	hfctmp->drecinframe = 0;
++	hfctmp->regs.int_drec--;
++	/* skip short or broken frames */
++        hfctmp->ztdev->chans[2].bytes2receive = 0; 
++	return;
++    }
++
++    count -= 1;	/* strip STAT */
++    hfctmp->ztdev->chans[2].eofrx = 1;
++
++    if (count + *z2 <= hfc_D_FIFO_SIZE) {
++	maxlen = count;
++    } else {
++	maxlen = hfc_D_FIFO_SIZE - *z2;
++    }
++
++    /* copy first part */
++    memcpy(hfctmp->drecbuf, (char *)(hfctmp->fifos + hfc_FIFO_DRX_ZOFF + *z2), maxlen);
++    hfctmp->ztdev->chans[2].bytes2receive += maxlen; 
++    
++    count -= maxlen;
++    if (count > 0) {
++	/* ring buffer wrapped, copy rest from start of d fifo */
++	memcpy(hfctmp->drecbuf + maxlen, (char *)(hfctmp->fifos + hfc_FIFO_DRX_ZOFF), count);
++	hfctmp->ztdev->chans[2].bytes2receive += count; 
++    }
++
++    /* frame read */
++    oldz2 = *z2;
++    newz2 = (oldz2 + framelen) & hfc_ZMASK;
++    *f2 = ((*f2 + 1) & hfc_MAX_DFRAMES) | (hfc_MAX_DFRAMES + 1);	/* NEXT!!! */
++    /* recalculate z2, because Z2 is a function of F2 Z2(F2) and we INCed F2!!! */
++    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z2 + (*f2 * 4));
++    *z2 = newz2;
++    hfctmp->drecinframe = 0;
++    hfctmp->regs.int_drec--; 
++}
++
++#ifndef RTAITIMING
++DAHDI_IRQ_HANDLER(hfc_interrupt) {
++    struct hfc_card *hfctmp = dev_id;
++    unsigned long flags = 0;
++    unsigned char stat;
++#else
++static void hfc_service(struct hfc_card *hfctmp) {
++#endif
++    struct dahdi_hfc *zthfc;
++    unsigned char s1, s2, l1state;
++    int x;
++
++    if (!hfctmp) {
++#ifndef RTAITIMING
++		return IRQ_NONE;
++#else
++	/* rtai */
++	return;
++#endif
++    }
++
++    if (!hfctmp->pci_io) {
++	    printk(KERN_WARNING "%s: IO-mem disabled, cannot handle interrupt\n",
++		   __FUNCTION__);
++#ifndef RTAITIMING
++	    return IRQ_NONE;
++#else
++	/* rtai */
++	return;
++#endif
++    }
++    
++    /*	we assume a few things in this irq handler:
++	- the hfc-pci will only generate "timer" irqs (proc/non-proc)
++	- we need to use every 8th IRQ (to generate 1khz timing)
++	OR
++	- if we use rtai for timing the hfc-pci will not generate ANY irq,
++	  instead rtai will call this "fake" irq with a 1khz realtime timer. :)
++	- rtai will directly service the card, not like it used to by triggering
++	  the linux irq
++    */
++
++#ifndef RTAITIMING
++    spin_lock_irqsave(&hfctmp->lock, flags);
++    stat = hfc_inb(hfctmp, hfc_STATUS);
++
++    if ((stat & hfc_STATUS_ANYINT) == 0) {
++        // maybe we are sharing the irq
++	spin_unlock_irqrestore(&hfctmp->lock,flags);
++	return IRQ_NONE;
++    }
++#endif
++
++    s1 = hfc_inb(hfctmp, hfc_INT_S1);
++    s2 = hfc_inb(hfctmp, hfc_INT_S2); 
++    if (s1 != 0) {
++	if (s1 & hfc_INTS_TIMER) {
++	    // timer (bit 7)
++	    // printk(KERN_CRIT "timer %d %d %d.\n", stat, s1, s2);
++	}
++	if (s1 & hfc_INTS_L1STATE) {
++	    // state machine (bit 6)
++	    // printk(KERN_CRIT "zaphfc: layer 1 state machine interrupt\n");
++	    zthfc = hfctmp->ztdev;
++	    l1state = hfc_inb(hfctmp,hfc_STATES)  & hfc_STATES_STATE_MASK;
++	    if (hfctmp->regs.nt_mode == 1) {
++		if (debug) {
++	    	    printk(KERN_CRIT "zaphfc: card %d layer 1 state = G%d\n", hfctmp->cardno, l1state);
++		}
++		switch (l1state) {
++		    case 3:
++#ifdef RTAITIMING
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 ACTIVATED (G%d) [realtime]", hfctmp->cardno, l1state);
++#else
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 ACTIVATED (G%d)", hfctmp->cardno, l1state);
++#endif
++			break;
++		    default:
++#ifdef RTAITIMING
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 DEACTIVATED (G%d) [realtime]", hfctmp->cardno, l1state);
++#else
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 DEACTIVATED (G%d)", hfctmp->cardno, l1state);
++#endif
++		}
++		if (l1state == 2) {
++		    hfc_outb(hfctmp, hfc_STATES, hfc_STATES_ACTIVATE | hfc_STATES_DO_ACTION | hfc_STATES_NT_G2_G3);
++		} else if (l1state == 3) {
++		    // fix to G3 state (see specs)
++		    hfc_outb(hfctmp, hfc_STATES, hfc_STATES_LOAD_STATE | 3);
++		}
++	    } else {
++		if (debug) {
++	    	    printk(KERN_CRIT "zaphfc: card %d layer 1 state = F%d\n", hfctmp->cardno, l1state);
++		}
++		switch (l1state) {
++		    case 7:
++#ifdef RTAITIMING
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 ACTIVATED (F%d) [realtime]", hfctmp->cardno, l1state);
++#else
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 ACTIVATED (F%d)", hfctmp->cardno, l1state);
++#endif
++			break;
++		    default:
++#ifdef RTAITIMING
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 DEACTIVATED (F%d) [realtime]", hfctmp->cardno, l1state);
++#else
++			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 DEACTIVATED (F%d)", hfctmp->cardno, l1state);
++#endif
++		}
++		if (l1state == 3) {
++		    hfc_outb(hfctmp, hfc_STATES, hfc_STATES_DO_ACTION | hfc_STATES_ACTIVATE);
++		}
++	    }
++	    
++	}
++	if (s1 & hfc_INTS_DREC) {
++	    // D chan RX (bit 5)
++	    hfctmp->regs.int_drec++;
++	    // mr. zapata there is something for you!
++	//    printk(KERN_CRIT "d chan rx\n");		    
++	}
++	if (s1 & hfc_INTS_B2REC) {
++	    // B2 chan RX (bit 4)
++	}
++	if (s1 & hfc_INTS_B1REC) {
++	    // B1 chan RX (bit 3)
++	}
++	if (s1 & hfc_INTS_DTRANS) {
++	    // D chan TX (bit 2)
++//	    printk(KERN_CRIT "zaphfc: dchan frame transmitted.\n");
++	}
++	if (s1 & hfc_INTS_B2TRANS) {
++	    // B2 chan TX (bit 1)
++	}
++	if (s1 & hfc_INTS_B1TRANS) {
++	    // B1 chan TX (bit 0)
++	}
++    }
++#ifdef RTAITIMING
++    /* fake an irq */
++    s2 |= hfc_M2_PROC_TRANS;
++#endif
++    if (s2 != 0) {
++	if (s2 & hfc_M2_PMESEL) {
++	    // kaboom irq (bit 7)
++	    printk(KERN_CRIT "zaphfc: sync lost, pci performance too low. you might have some cpu throtteling enabled.\n");
++	}
++	if (s2 & hfc_M2_GCI_MON_REC) {
++	    // RxR monitor channel (bit 2)
++	}
++	if (s2 & hfc_M2_GCI_I_CHG) {
++	    // GCI I-change  (bit 1)
++	}
++	if (s2 & hfc_M2_PROC_TRANS) {
++	    // processing/non-processing transition  (bit 0)
++	    hfctmp->ticks++;
++#ifndef RTAITIMING
++	    if (hfctmp->ticks > 7) {
++		// welcome to DAHDI timing :)
++#endif
++	    	hfctmp->ticks = 0;
++
++		if (hfctmp->ztdev->span.flags & DAHDI_FLAG_RUNNING) {
++		    // clear dchan buffer
++		    hfctmp->ztdev->chans[2].bytes2transmit = 0;
++		    hfctmp->ztdev->chans[2].maxbytes2transmit = hfc_D_FIFO_SIZE;
++
++		    dahdi_transmit(&(hfctmp->ztdev->span));
++
++		    hfc_btrans(hfctmp,1);
++		    hfc_btrans(hfctmp,2);
++		    hfc_dtrans(hfctmp);
++		}
++
++		hfc_brec(hfctmp,1);
++		hfc_brec(hfctmp,2);
++		if (hfctmp->regs.int_drec > 0) {
++		    // dchan data to read
++		    hfc_drec(hfctmp);
++		    if (hfctmp->ztdev->chans[2].bytes2receive > 0) {
++			    if (debug) {
++    				printk(KERN_CRIT "zaphfc: card %d RX [ ", hfctmp->cardno);
++				if (hfctmp->ztdev->chans[2].eofrx) {
++				    /* dont output CRC == less user confusion */
++				    for (x=0; x < hfctmp->ztdev->chans[2].bytes2receive - 2; x++) {
++					printk("%#2x ", hfctmp->drecbuf[x]);
++				    }
++				    printk("] %d bytes\n", hfctmp->ztdev->chans[2].bytes2receive - 2);
++				} else {
++				    for (x=0; x < hfctmp->ztdev->chans[2].bytes2receive; x++) {
++					printk("%#2x ", hfctmp->drecbuf[x]);
++				    }
++				    printk("..] %d bytes\n", hfctmp->ztdev->chans[2].bytes2receive);
++				}
++			    }
++		    }
++		} else {
++			// hmm....ok, let DAHDI receive nothing
++		    hfctmp->ztdev->chans[2].bytes2receive = 0;
++		}
++		if (hfctmp->ztdev->span.flags & DAHDI_FLAG_RUNNING) {
++		    dahdi_receive(&(hfctmp->ztdev->span));
++		}
++		
++#ifndef RTAITIMING
++	    }
++#endif
++	}
++
++    }
++#ifndef RTAITIMING
++    spin_unlock_irqrestore(&hfctmp->lock,flags);
++	return IRQ_RETVAL(1);
++#endif
++}
++
++
++static int zthfc_open(struct dahdi_chan *chan) {
++    struct dahdi_hfc *zthfc = chan->pvt;
++    struct hfc_card *hfctmp = zthfc->card;
++    
++    if (!hfctmp) {
++    return 0;
++    }
++    try_module_get(THIS_MODULE);
++    return 0;
++}
++
++static int zthfc_close(struct dahdi_chan *chan) {
++    struct dahdi_hfc *zthfc = chan->pvt;
++    struct hfc_card *hfctmp = zthfc->card;
++
++    if (!hfctmp) {
++	return 0;
++    }
++
++    module_put(THIS_MODULE);
++    return 0;
++}
++
++static int zthfc_rbsbits(struct dahdi_chan *chan, int bits) {
++    return 0;
++}
++
++static int zthfc_ioctl(struct dahdi_chan *chan, unsigned int cmd, unsigned long data) {
++        switch(cmd) {
++        default:
++                return -ENOTTY;
++        }
++        return 0;
++}
++
++static int zthfc_startup(struct dahdi_span *span) {
++    struct dahdi_hfc *zthfc = span->pvt;
++    struct hfc_card *hfctmp = zthfc->card;
++    int alreadyrunning;
++    
++    if (hfctmp == NULL) {
++	printk(KERN_INFO "zaphfc: no card for span at startup!\n");
++    }
++    alreadyrunning = span->flags & DAHDI_FLAG_RUNNING;
++    
++    if (!alreadyrunning) {
++	span->chans[2]->flags &= ~DAHDI_FLAG_HDLC;
++	span->chans[2]->flags |= DAHDI_FLAG_BRIDCHAN;
++	
++	span->flags |= DAHDI_FLAG_RUNNING;
++
++	hfctmp->ticks = -2;
++	hfctmp->clicks = 0;
++	hfctmp->regs.fifo_en = hfc_FIFOEN_D | hfc_FIFOEN_B1 | hfc_FIFOEN_B2;
++        hfc_outb(hfctmp, hfc_FIFO_EN, hfctmp->regs.fifo_en);
++    } else {
++	return 0;
++    }
++
++    // drivers, start engines!
++    hfc_outb(hfctmp, hfc_STATES, hfc_STATES_DO_ACTION | hfc_STATES_ACTIVATE);
++    return 0;
++}
++
++static int zthfc_shutdown(struct dahdi_span *span) {
++    return 0;
++}
++
++static int zthfc_maint(struct dahdi_span *span, int cmd) {
++    return 0;
++}
++
++static int zthfc_chanconfig(struct dahdi_chan *chan, int sigtype) {
++//    printk(KERN_CRIT "chan_config sigtype=%d\n", sigtype);
++    return 0;
++}
++
++static int zthfc_spanconfig(struct dahdi_span *span, struct dahdi_lineconfig *lc) {
++    span->lineconfig = lc->lineconfig;
++    return 0;
++}
++
++static int zthfc_initialize(struct dahdi_hfc *zthfc) {
++    struct hfc_card *hfctmp = zthfc->card;
++    int i;
++
++    memset(&zthfc->span, 0x0, sizeof(struct dahdi_span)); // you never can tell...
++
++    sprintf(zthfc->span.name, "ZTHFC%d", hfc_dev_count + 1);
++    if (hfctmp->regs.nt_mode == 1) {
++#ifdef RTAITIMING
++	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] [realtime]", hfc_dev_count + 1);
++#else
++	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT]", hfc_dev_count + 1);
++#endif
++    } else {
++#ifdef RTAITIMING
++	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] [realtime]", hfc_dev_count + 1);
++#else
++	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE]", hfc_dev_count + 1);
++#endif
++    }
++
++    zthfc->span.spanconfig = zthfc_spanconfig;
++    zthfc->span.chanconfig = zthfc_chanconfig;
++    zthfc->span.startup = zthfc_startup;
++    zthfc->span.shutdown = zthfc_shutdown;
++    zthfc->span.maint = zthfc_maint;
++    zthfc->span.rbsbits = zthfc_rbsbits;
++    zthfc->span.open = zthfc_open;
++    zthfc->span.close = zthfc_close;
++    zthfc->span.ioctl = zthfc_ioctl;
++
++    zthfc->span.channels = 3;
++    zthfc->span.chans = zthfc->_chans;
++    for (i = 0; i < zthfc->span.channels; i++)
++	zthfc->_chans[i] = &zthfc->chans[i];
++
++    zthfc->span.deflaw = DAHDI_LAW_ALAW;
++    zthfc->span.linecompat = DAHDI_CONFIG_AMI | DAHDI_CONFIG_CCS; // <--- this is really BS
++    zthfc->span.offset = 0;
++    init_waitqueue_head(&zthfc->span.maintq);
++    zthfc->span.pvt = zthfc;
++
++    for (i = 0; i < zthfc->span.channels; i++) {
++	memset(&(zthfc->chans[i]), 0x0, sizeof(struct dahdi_chan));
++	sprintf(zthfc->chans[i].name, "ZTHFC%d/%d/%d", hfc_dev_count + 1,0,i + 1);
++	zthfc->chans[i].pvt = zthfc;
++	zthfc->chans[i].sigcap =  DAHDI_SIG_EM | DAHDI_SIG_CLEAR | DAHDI_SIG_FXSLS | DAHDI_SIG_FXSGS | DAHDI_SIG_FXSKS | DAHDI_SIG_FXOLS | DAHDI_SIG_FXOGS | DAHDI_SIG_FXOKS | DAHDI_SIG_CAS | DAHDI_SIG_SF;
++	zthfc->chans[i].chanpos = i + 1; 
++    }
++
++    if (dahdi_register(&zthfc->span,0)) {
++	printk(KERN_CRIT "unable to register DAHDI device!\n");
++	return -1;
++    }
++//    printk(KERN_CRIT "zaphfc: registered DAHDI device!\n");
++    return 0;
++}
++
++#ifdef RTAITIMING
++#define TICK_PERIOD  1000000
++#define TICK_PERIOD2 1000000000
++#define TASK_PRIORITY 1
++#define STACK_SIZE 10000
++
++static RT_TASK rt_task;
++static struct hfc_card *rtai_hfc_list[hfc_MAX_CARDS];
++static unsigned char rtai_hfc_counter = 0;
++
++static void rtai_register_hfc(struct hfc_card *hfctmp) {
++    rtai_hfc_list[rtai_hfc_counter++] = hfctmp;
++}
++
++static void rtai_loop(int t) {
++    int i=0;
++    for (;;) {
++	for (i=0; i < rtai_hfc_counter; i++) {
++	    if (rtai_hfc_list[i] != NULL)
++		hfc_service(rtai_hfc_list[i]);
++	}
++        rt_task_wait_period();
++    }
++}
++#endif
++
++int hfc_findCards(int pcivendor, int pcidevice, char *vendor_name, char *card_name) {
++    struct pci_dev *tmp;
++    struct hfc_card *hfctmp = NULL;
++    struct dahdi_hfc *zthfc = NULL;
++
++    tmp = pci_get_device(pcivendor, pcidevice, multi_hfc);
++    while (tmp != NULL) {
++	multi_hfc = tmp;	// skip this next time.
++
++	if (pci_enable_device(tmp)) {
++	    multi_hfc = NULL;
++	    return -1;
++	}
++	pci_set_master(tmp);
++
++	hfctmp = kmalloc(sizeof(struct hfc_card), GFP_KERNEL);
++	if (!hfctmp) {
++	    printk(KERN_WARNING "zaphfc: unable to kmalloc!\n");
++	    pci_disable_device(tmp);
++	    multi_hfc = NULL;
++	    return -ENOMEM;
++	}
++	memset(hfctmp, 0x0, sizeof(struct hfc_card));
++	spin_lock_init(&hfctmp->lock);
++	
++	hfctmp->pcidev = tmp;
++	hfctmp->pcibus = tmp->bus->number;
++	hfctmp->pcidevfn = tmp->devfn; 
++
++	if (!tmp->irq) {
++	    printk(KERN_WARNING "zaphfc: no irq!\n");
++	} else {
++	    hfctmp->irq = tmp->irq;
++	}
++
++	hfctmp->pci_io = (char *) tmp->resource[1].start;
++	if (!hfctmp->pci_io) {
++	    printk(KERN_WARNING "zaphfc: no iomem!\n");
++	    kfree(hfctmp);
++	    pci_disable_device(tmp);
++	    multi_hfc = NULL;
++	    return -1;
++	}
++	
++	hfctmp->fifomem = kmalloc(65536, GFP_KERNEL);
++	if (!hfctmp->fifomem) {
++	    printk(KERN_WARNING "zaphfc: unable to kmalloc fifomem!\n");
++	    kfree(hfctmp);
++	    pci_disable_device(tmp);
++	    multi_hfc = NULL;
++	    return -ENOMEM;
++	} else {
++	    memset(hfctmp->fifomem, 0x0, 65536);
++	    hfctmp->fifos = (void *)(((ulong) hfctmp->fifomem) & ~0x7FFF) + 0x8000;
++	    pci_write_config_dword(hfctmp->pcidev, 0x80, (u_int) virt_to_bus(hfctmp->fifos));
++	    hfctmp->pci_io = ioremap((ulong) hfctmp->pci_io, 256);
++	}
++
++#ifdef RTAITIMING
++	/* we need no stinking irq */
++	hfctmp->irq = 0;
++#else
++	if (request_irq(hfctmp->irq, &hfc_interrupt, DAHDI_IRQ_SHARED, "zaphfc", hfctmp)) {
++	    printk(KERN_WARNING "zaphfc: unable to register irq\n");
++	    kfree(hfctmp->fifomem);
++	    kfree(hfctmp);
++	    iounmap((void *) hfctmp->pci_io);
++	    pci_disable_device(tmp);
++	    multi_hfc = NULL;
++	    return -EIO;
++	}
++#endif
++
++#ifdef RTAITIMING
++	rtai_register_hfc(hfctmp);
++#endif
++	printk(KERN_INFO
++		       "zaphfc: %s %s configured at mem %lx fifo %lx(%#x) IRQ %d HZ %d\n",
++			vendor_name, card_name,
++		       (unsigned long) hfctmp->pci_io,
++		       (unsigned long) hfctmp->fifos,
++		       (u_int) virt_to_bus(hfctmp->fifos),
++		       hfctmp->irq, HZ); 
++	pci_write_config_word(hfctmp->pcidev, PCI_COMMAND, PCI_COMMAND_MEMORY);	// enable memio
++	hfctmp->regs.int_m1 = 0;	// no ints
++	hfctmp->regs.int_m2 = 0;	// not at all
++	hfc_outb(hfctmp,hfc_INT_M1,hfctmp->regs.int_m1);
++	hfc_outb(hfctmp,hfc_INT_M2,hfctmp->regs.int_m2);
++
++	if ((modes & (1 << hfc_dev_count)) != 0) {
++	    printk(KERN_INFO "zaphfc: Card %d configured for NT mode\n",hfc_dev_count);
++	    hfctmp->regs.nt_mode = 1;
++	} else {
++	    printk(KERN_INFO "zaphfc: Card %d configured for TE mode\n",hfc_dev_count);
++	    hfctmp->regs.nt_mode = 0;
++	}
++
++	zthfc = kmalloc(sizeof(struct dahdi_hfc),GFP_KERNEL);
++	if (!zthfc) {
++	    printk(KERN_CRIT "zaphfc: unable to kmalloc!\n");
++	    hfc_shutdownCard(hfctmp);
++	    kfree(hfctmp);
++	    multi_hfc = NULL;
++	    return -ENOMEM;
++	}
++	memset(zthfc, 0x0, sizeof(struct dahdi_hfc));
++
++	zthfc->card = hfctmp;
++	zthfc_initialize(zthfc);
++	hfctmp->ztdev = zthfc;
++
++	memset(hfctmp->drecbuf, 0x0, sizeof(hfctmp->drecbuf));
++	hfctmp->ztdev->chans[2].readchunk = hfctmp->drecbuf;
++
++	memset(hfctmp->dtransbuf, 0x0, sizeof(hfctmp->dtransbuf));
++	hfctmp->ztdev->chans[2].writechunk = hfctmp->dtransbuf;
++
++	memset(hfctmp->brecbuf[0], 0x0, sizeof(hfctmp->brecbuf[0]));
++	hfctmp->ztdev->chans[0].readchunk = hfctmp->brecbuf[0];
++	memset(hfctmp->btransbuf[0], 0x0, sizeof(hfctmp->btransbuf[0]));
++	hfctmp->ztdev->chans[0].writechunk = hfctmp->btransbuf[0];
++
++	memset(hfctmp->brecbuf[1], 0x0, sizeof(hfctmp->brecbuf[1]));
++	hfctmp->ztdev->chans[1].readchunk = hfctmp->brecbuf[1];
++	memset(hfctmp->btransbuf[1], 0x0, sizeof(hfctmp->btransbuf[1]));
++	hfctmp->ztdev->chans[1].writechunk = hfctmp->btransbuf[1];
++
++
++	hfc_registerCard(hfctmp);
++	hfc_resetCard(hfctmp);
++	tmp = pci_get_device(pcivendor, pcidevice, multi_hfc);
++    }
++    return 0;
++}
++
++
++
++int init_module(void) {
++    int i = 0;
++#ifdef RTAITIMING
++    RTIME tick_period;
++    for (i=0; i < hfc_MAX_CARDS; i++) {
++	rtai_hfc_list[i] = NULL;
++    }
++    rt_set_periodic_mode();
++#endif
++    i = 0;
++    while (id_list[i].vendor_id) {
++	multi_hfc = NULL;
++	hfc_findCards(id_list[i].vendor_id, id_list[i].device_id, id_list[i].vendor_name, id_list[i].card_name);
++	i++;
++    }
++#ifdef RTAITIMING
++    for (i=0; i < hfc_MAX_CARDS; i++) {
++        if (rtai_hfc_list[i]) {
++	    printk(KERN_INFO
++		       "zaphfc: configured %d at mem %#x fifo %#x(%#x) for realtime servicing\n",
++			rtai_hfc_list[i]->cardno,
++		       (u_int) rtai_hfc_list[i]->pci_io,
++		       (u_int) rtai_hfc_list[i]->fifos,
++		       (u_int) virt_to_bus(rtai_hfc_list[i]->fifos));
++
++	}
++    }
++    rt_task_init(&rt_task, rtai_loop, 1, STACK_SIZE, TASK_PRIORITY, 0, 0);
++    tick_period = start_rt_timer(nano2count(TICK_PERIOD));
++    rt_task_make_periodic(&rt_task, rt_get_time() + tick_period, tick_period);
++#endif
++    printk(KERN_INFO "zaphfc: %d hfc-pci card(s) in this box.\n", hfc_dev_count);
++    return 0;
++}
++
++void cleanup_module(void) {
++    struct hfc_card *tmpcard;
++#ifdef RTAITIMING
++    stop_rt_timer();
++    rt_task_delete(&rt_task);
++#endif
++    printk(KERN_INFO "zaphfc: stop\n");
++//    spin_lock(&registerlock);
++    while (hfc_dev_list != NULL) {
++	if (hfc_dev_list == NULL) break;
++	hfc_shutdownCard(hfc_dev_list);
++	tmpcard = hfc_dev_list;
++	hfc_dev_list = hfc_dev_list->next;
++	if (tmpcard != NULL) {
++	    kfree(tmpcard);
++	    tmpcard = NULL;
++	    printk(KERN_INFO "zaphfc: freed one card.\n");
++	}
++    }
++//    spin_unlock(&registerlock);
++}
++#endif
++
++
++module_param(modes, int, 0600);
++module_param(debug, int, 0600);
++
++MODULE_DESCRIPTION("HFC-S PCI A Zaptel Driver");
++MODULE_AUTHOR("Klaus-Peter Junghanns <kpj@junghanns.net>");
++#ifdef MODULE_LICENSE
++MODULE_LICENSE("GPL");
++#endif	
+Index: dahdi-linux-2.1.0/drivers/dahdi/zaphfc.h
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ dahdi-linux-2.1.0/drivers/dahdi/zaphfc.h	2008-12-10 12:46:14.000000000 +0200
+@@ -0,0 +1,290 @@
++/*
++ * zaphfc.h - Zaptel driver for HFC-S PCI A based ISDN BRI cards
++ *
++ * kernel module based on HFC PCI ISDN4Linux and Zaptel drivers
++ *
++ * Copyright (C) 2002, 2003, 2004, 2005 Junghanns.NET GmbH
++ *
++ * Klaus-Peter Junghanns <kpj@junghanns.net>
++ *
++ * This program is free software and may be modified and
++ * distributed under the terms of the GNU Public License.
++ *
++ */
++
++/* HFC register addresses - accessed using memory mapped I/O */
++/* For a list, see datasheet section 3.2.1 at page 21 */
++
++#define hfc_outb(a,b,c) (writeb((c),(a)->pci_io+(b)))
++#define hfc_inb(a,b) (readb((a)->pci_io+(b)))
++
++/* GCI/IOM bus monitor registers */
++
++#define hfc_C_I       0x08
++#define hfc_TRxR      0x0C
++#define hfc_MON1_D    0x28
++#define hfc_MON2_D    0x2C
++
++
++/* GCI/IOM bus timeslot registers */
++
++#define hfc_B1_SSL    0x80
++#define hfc_B2_SSL    0x84
++#define hfc_AUX1_SSL  0x88
++#define hfc_AUX2_SSL  0x8C
++#define hfc_B1_RSL    0x90
++#define hfc_B2_RSL    0x94
++#define hfc_AUX1_RSL  0x98
++#define hfc_AUX2_RSL  0x9C
++
++/* GCI/IOM bus data registers */
++
++#define hfc_B1_D      0xA0
++#define hfc_B2_D      0xA4
++#define hfc_AUX1_D    0xA8
++#define hfc_AUX2_D    0xAC
++
++/* GCI/IOM bus configuration registers */
++
++#define hfc_MST_EMOD  0xB4
++#define hfc_MST_MODE	 0xB8
++#define hfc_CONNECT 	 0xBC
++
++
++/* Interrupt and status registers */
++
++#define hfc_FIFO_EN   0x44
++#define hfc_TRM       0x48
++#define hfc_B_MODE    0x4C
++#define hfc_CHIP_ID   0x58
++#define hfc_CIRM  	 0x60
++#define hfc_CTMT	 0x64
++#define hfc_INT_M1  	 0x68
++#define hfc_INT_M2  	 0x6C
++#define hfc_INT_S1  	 0x78
++#define hfc_INT_S2  	 0x7C
++#define hfc_STATUS  	 0x70
++
++/* S/T section registers */
++
++#define hfc_STATES  	 0xC0
++#define hfc_SCTRL  	 0xC4
++#define hfc_SCTRL_E   0xC8
++#define hfc_SCTRL_R   0xCC
++#define hfc_SQ  	 0xD0
++#define hfc_CLKDEL  	 0xDC
++#define hfc_B1_REC    0xF0
++#define hfc_B1_SEND   0xF0
++#define hfc_B2_REC    0xF4
++#define hfc_B2_SEND   0xF4
++#define hfc_D_REC     0xF8
++#define hfc_D_SEND    0xF8
++#define hfc_E_REC     0xFC
++
++/* Bits and values in various HFC PCI registers */
++
++/* bits in status register (READ) */
++#define hfc_STATUS_PCI_PROC   0x02
++#define hfc_STATUS_NBUSY	  0x04 
++#define hfc_STATUS_TIMER_ELAP 0x10
++#define hfc_STATUS_STATINT	  0x20
++#define hfc_STATUS_FRAMEINT	  0x40
++#define hfc_STATUS_ANYINT	  0x80
++
++/* bits in CTMT (Write) */
++#define hfc_CTMT_CLTIMER    0x80
++#define hfc_CTMT_TIM3_125   0x04
++#define hfc_CTMT_TIM25      0x10
++#define hfc_CTMT_TIM50      0x14
++#define hfc_CTMT_TIM400     0x18
++#define hfc_CTMT_TIM800     0x1C
++#define hfc_CTMT_AUTO_TIMER 0x20
++#define hfc_CTMT_TRANSB2    0x02
++#define hfc_CTMT_TRANSB1    0x01
++
++/* bits in CIRM (Write) */
++#define hfc_CIRM_AUX_MSK    0x07
++#define hfc_CIRM_RESET  	  0x08
++#define hfc_CIRM_B1_REV     0x40
++#define hfc_CIRM_B2_REV     0x80
++
++/* bits in INT_M1 and INT_S1 */
++#define hfc_INTS_B1TRANS  0x01
++#define hfc_INTS_B2TRANS  0x02
++#define hfc_INTS_DTRANS   0x04
++#define hfc_INTS_B1REC    0x08
++#define hfc_INTS_B2REC    0x10
++#define hfc_INTS_DREC     0x20
++#define hfc_INTS_L1STATE  0x40
++#define hfc_INTS_TIMER    0x80
++
++/* bits in INT_M2 */
++#define hfc_M2_PROC_TRANS    0x01
++#define hfc_M2_GCI_I_CHG     0x02
++#define hfc_M2_GCI_MON_REC   0x04
++#define hfc_M2_IRQ_ENABLE    0x08
++#define hfc_M2_PMESEL        0x80
++
++/* bits in STATES */
++#define hfc_STATES_STATE_MASK     0x0F
++#define hfc_STATES_LOAD_STATE    0x10
++#define hfc_STATES_ACTIVATE	     0x20
++#define hfc_STATES_DO_ACTION     0x40
++#define hfc_STATES_NT_G2_G3      0x80
++
++/* bits in HFCD_MST_MODE */
++#define hfc_MST_MODE_MASTER	     0x01
++#define hfc_MST_MODE_SLAVE         0x00
++/* remaining bits are for codecs control */
++
++/* bits in HFCD_SCTRL */
++#define hfc_SCTRL_B1_ENA	     0x01
++#define hfc_SCTRL_B2_ENA	     0x02
++#define hfc_SCTRL_MODE_TE        0x00
++#define hfc_SCTRL_MODE_NT        0x04
++#define hfc_SCTRL_LOW_PRIO	     0x08
++#define hfc_SCTRL_SQ_ENA	     0x10
++#define hfc_SCTRL_TEST	     0x20
++#define hfc_SCTRL_NONE_CAP	     0x40
++#define hfc_SCTRL_PWR_DOWN	     0x80
++
++/* bits in SCTRL_E  */
++#define hfc_SCTRL_E_AUTO_AWAKE    0x01
++#define hfc_SCTRL_E_DBIT_1        0x04
++#define hfc_SCTRL_E_IGNORE_COL    0x08
++#define hfc_SCTRL_E_CHG_B1_B2     0x80
++
++/* bits in FIFO_EN register */
++#define hfc_FIFOEN_B1TX   0x01
++#define hfc_FIFOEN_B1RX   0x02
++#define hfc_FIFOEN_B2TX   0x04
++#define hfc_FIFOEN_B2RX   0x08
++#define hfc_FIFOEN_DTX    0x10
++#define hfc_FIFOEN_DRX    0x20
++
++#define hfc_FIFOEN_B1     (hfc_FIFOEN_B1TX|hfc_FIFOEN_B1RX)
++#define hfc_FIFOEN_B2     (hfc_FIFOEN_B2TX|hfc_FIFOEN_B2RX)
++#define hfc_FIFOEN_D      (hfc_FIFOEN_DTX|hfc_FIFOEN_DRX)
++
++/* bits in the CONNECT register */
++#define hfc_CONNECT_B1_shift	0
++#define hfc_CONNECT_B2_shift	3
++
++#define	hfc_CONNECT_HFC_from_ST		0x0
++#define hfc_CONNECT_HFC_from_GCI	0x1
++#define hfc_CONNECT_ST_from_HFC		0x0
++#define hfc_CONNECT_ST_from_GCI		0x2
++#define hfc_CONNECT_GCI_from_HFC	0x0
++#define	hfc_CONNECT_GCI_from_ST		0x4
++
++/* bits in the __SSL and __RSL registers */
++#define	hfc_SRSL_STIO	0x40
++#define hfc_SRSL_ENABLE	0x80
++#define hfc_SRCL_SLOT_MASK	0x1f
++
++/* FIFO memory definitions */
++
++#define hfc_FMASK	0x000f
++#define hfc_ZMASK	0x01ff
++#define hfc_ZMASKB	0x1fff
++
++#define hfc_D_FIFO_SIZE	0x0200
++#define hfc_B_SUB_VAL	0x0200
++#define hfc_B_FIFO_SIZE	0x1E00
++#define hfc_MAX_DFRAMES	0x000f
++
++#define hfc_FIFO_DTX_Z1	0x2080
++#define hfc_FIFO_DTX_Z2 0x2082
++#define hfc_FIFO_DTX_F1	0x20a0
++#define hfc_FIFO_DTX_F2	0x20a1
++#define hfc_FIFO_DTX	0x0000
++#define hfc_FIFO_DTX_ZOFF	0x000
++
++#define hfc_FIFO_DRX_Z1	0x6080
++#define hfc_FIFO_DRX_Z2 0x6082
++#define hfc_FIFO_DRX_F1	0x60a0
++#define hfc_FIFO_DRX_F2	0x60a1
++#define hfc_FIFO_DRX	0x4000
++#define hfc_FIFO_DRX_ZOFF	0x4000
++
++#define hfc_FIFO_B1TX_Z1	0x2000
++#define hfc_FIFO_B1TX_Z2 	0x2002
++#define hfc_FIFO_B1RX_Z1	0x6000
++#define hfc_FIFO_B1RX_Z2 	0x6002
++
++#define hfc_FIFO_B1TX_F1	0x2080
++#define hfc_FIFO_B1TX_F2	0x2081
++#define hfc_FIFO_B1RX_F1	0x6080
++#define hfc_FIFO_B1RX_F2	0x6081
++
++#define hfc_FIFO_B1RX_ZOFF	0x4000
++#define hfc_FIFO_B1TX_ZOFF	0x0000
++
++#define hfc_FIFO_B2TX_Z1	0x2100
++#define hfc_FIFO_B2TX_Z2 	0x2102
++#define hfc_FIFO_B2RX_Z1	0x6100
++#define hfc_FIFO_B2RX_Z2 	0x6102
++
++#define hfc_FIFO_B2TX_F1	0x2180
++#define hfc_FIFO_B2TX_F2	0x2181
++#define hfc_FIFO_B2RX_F1	0x6180
++#define hfc_FIFO_B2RX_F2	0x6181
++
++#define hfc_FIFO_B2RX_ZOFF	0x6000
++#define hfc_FIFO_B2TX_ZOFF	0x2000
++
++#define hfc_BTRANS_THRESHOLD 128
++#define hfc_BTRANS_THRESMASK 0x00
++
++/* Structures */
++
++typedef struct hfc_regs {
++    unsigned char fifo_en;
++    unsigned char ctmt;
++    unsigned char int_m1;
++    unsigned char int_m2;
++    unsigned char sctrl;
++    unsigned char sctrl_e;
++    unsigned char sctrl_r;
++    unsigned char connect;
++    unsigned char trm;
++    unsigned char mst_mode;
++    unsigned char bswapped;
++    unsigned char nt_mode;
++    unsigned char int_drec;
++} hfc_regs;
++
++typedef struct hfc_card {
++    spinlock_t lock;
++    unsigned int irq;
++    unsigned int iomem;
++    int ticks;		
++    int clicks;		
++    unsigned char *pci_io;
++    void *fifomem;		// start of the shared mem
++    volatile void *fifos;	// 32k aligned mem for the fifos
++    struct hfc_regs regs;
++    unsigned int pcibus;
++    unsigned int pcidevfn;
++    struct pci_dev *pcidev;
++    struct dahdi_hfc *ztdev;
++    int	drecinframe;
++    unsigned char drecbuf[hfc_D_FIFO_SIZE];
++    unsigned char dtransbuf[hfc_D_FIFO_SIZE];
++    unsigned char brecbuf[2][DAHDI_CHUNKSIZE];
++    unsigned char btransbuf[2][DAHDI_CHUNKSIZE];
++    unsigned char cardno;
++    struct hfc_card *next;
++} hfc_card;
++
++typedef struct dahdi_hfc {
++    unsigned int usecount;
++    struct dahdi_span span;
++    struct dahdi_chan chans[3];
++    struct dahdi_chan *_chans[3];
++    struct hfc_card *card;
++} dahdi_hfc;
++
++/* tune this */
++#define hfc_BCHAN_BUFFER	8
++#define hfc_MAX_CARDS		8
diff --git a/main/dahdi-linux-grsec/zaphfc-dahdi-flortz.diff b/main/dahdi-linux-grsec/zaphfc-dahdi-flortz.diff
new file mode 100644
index 0000000000..719accdc69
--- /dev/null
+++ b/main/dahdi-linux-grsec/zaphfc-dahdi-flortz.diff
@@ -0,0 +1,1232 @@
+Index: dahdi-linux-2.1.0.4/drivers/dahdi/zaphfc.h
+===================================================================
+--- dahdi-linux-2.1.0.4.orig/drivers/dahdi/zaphfc.h	2009-03-17 18:13:54.000000000 +0200
++++ dahdi-linux-2.1.0.4/drivers/dahdi/zaphfc.h	2009-03-17 18:14:44.000000000 +0200
+@@ -135,8 +135,12 @@
+ /* bits in HFCD_MST_MODE */
+ #define hfc_MST_MODE_MASTER	     0x01
+ #define hfc_MST_MODE_SLAVE         0x00
++#define hfc_MST_MODE_F0_LONG_DURATION         0x08
+ /* remaining bits are for codecs control */
+ 
++/* bits in HFCD_MST_EMOD */
++#define hfc_MST_EMOD_SLOW_CLOCK_ADJ	0x01
++
+ /* bits in HFCD_SCTRL */
+ #define hfc_SCTRL_B1_ENA	     0x01
+ #define hfc_SCTRL_B2_ENA	     0x02
+@@ -236,6 +240,9 @@
+ #define hfc_BTRANS_THRESHOLD 128
+ #define hfc_BTRANS_THRESMASK 0x00
+ 
++#define hfc_FIFO_MEM_SIZE_BYTES (32*1024)
++#define hfc_FIFO_MEM_SIZE_PAGES ((hfc_FIFO_MEM_SIZE_BYTES+PAGE_SIZE-1)/PAGE_SIZE)
++
+ /* Structures */
+ 
+ typedef struct hfc_regs {
+@@ -249,20 +256,67 @@
+     unsigned char connect;
+     unsigned char trm;
+     unsigned char mst_mode;
++    unsigned char mst_emod;
+     unsigned char bswapped;
+     unsigned char nt_mode;
+     unsigned char int_drec;
+ } hfc_regs;
+ 
++struct bch {
++    int fill_fifo,checkcnt,initialized;
++    struct {
++	u16 z2;
++	struct {
++	    volatile u16 *z1p;
++	    volatile u8 *fifo_base;
++	    int filled;
++	} c[2];
++	int diff;
++    } rx;
++    struct {
++	u16 z1;
++	struct {
++	    volatile u16 *z1p,*z2p;
++	    volatile u8 *fifo_base;
++	    int filled;
++	} c[2];
++	int diff;
++    } tx;
++};
++
++struct dch {
++    struct {
++	struct {
++	    volatile u8 *p;
++	} f1;
++	struct {
++	    u8 v;
++	    struct {
++		u16 v;
++	    } z2;
++	} f2;
++    } rx;
++    struct {
++	struct {
++	    u8 v;
++	    volatile u8 *p;
++	    struct {
++		u16 v;
++	    } z1;
++	} f1;
++	struct {
++	    volatile u8 *p;
++	} f2;
++    } tx;
++};
++
+ typedef struct hfc_card {
+     spinlock_t lock;
+     unsigned int irq;
+     unsigned int iomem;
+     int ticks;		
+-    int clicks;		
+     unsigned char *pci_io;
+-    void *fifomem;		// start of the shared mem
+-    volatile void *fifos;	// 32k aligned mem for the fifos
++    void *fifos;		// 32k aligned mem for the fifos
+     struct hfc_regs regs;
+     unsigned int pcibus;
+     unsigned int pcidevfn;
+@@ -274,6 +328,9 @@
+     unsigned char brecbuf[2][DAHDI_CHUNKSIZE];
+     unsigned char btransbuf[2][DAHDI_CHUNKSIZE];
+     unsigned char cardno;
++    int active;
++    struct bch bch;
++    struct dch dch;
+     struct hfc_card *next;
+ } hfc_card;
+ 
+@@ -285,6 +342,3 @@
+     struct hfc_card *card;
+ } dahdi_hfc;
+ 
+-/* tune this */
+-#define hfc_BCHAN_BUFFER	8
+-#define hfc_MAX_CARDS		8
+Index: dahdi-linux-2.1.0.4/drivers/dahdi/zaphfc.c
+===================================================================
+--- dahdi-linux-2.1.0.4.orig/drivers/dahdi/zaphfc.c	2009-03-17 18:52:47.000000000 +0200
++++ dahdi-linux-2.1.0.4/drivers/dahdi/zaphfc.c	2009-03-17 18:53:43.000000000 +0200
+@@ -7,19 +7,21 @@
+  *
+  * Klaus-Peter Junghanns <kpj@junghanns.net>
+  *
++ * Copyright (C) 2004, 2005, 2006  Florian Zumbiehl <florz@gmx.de>
++ *  - support for slave mode of the HFC-S chip which allows it to
++ *    sync its sample clock to an external source/another HFC chip
++ *  - support for "interrupt bundling" (let only one card generate
++ *    8 kHz timing interrupt no matter how many cards there are
++ *    in the system)
++ *  - interrupt loss tolerant b channel handling
++ *
+  * This program is free software and may be modified and
+- * distributed under the terms of the GNU Public License.
++ * distributed under the terms of the GNU General Public License.
+  *
+  */
+ 
+ #include <linux/kernel.h>
+ #include <linux/module.h>
+-#ifdef RTAITIMING
+-#include <asm/io.h>
+-#include <rtai.h>
+-#include <rtai_sched.h>
+-#include <rtai_fifos.h>
+-#endif
+ #include <linux/pci.h>
+ #include <linux/init.h>
+ #include <linux/interrupt.h>
+@@ -29,6 +31,8 @@
+ 
+ #include <linux/moduleparam.h>
+ 
++#define log2(n) ffz(~(n))
++
+ #if CONFIG_PCI
+ 
+ #define CLKDEL_TE	0x0f	/* CLKDEL in TE mode */
+@@ -70,42 +74,31 @@
+ static struct hfc_card *hfc_dev_list = NULL;
+ static int hfc_dev_count = 0;
+ static int modes = 0; // all TE
++static int sync_slave = 0; // all master
++static int timer_card = 0;
++static int jitterbuffer = 1;
+ static int debug = 0;
+ static struct pci_dev *multi_hfc = NULL;
+ static spinlock_t registerlock = SPIN_LOCK_UNLOCKED;
+ 
+-void hfc_shutdownCard(struct hfc_card *hfctmp) {
+-    unsigned long flags;
+-
+-    if (hfctmp == NULL) {
+-	return;
+-    }
+-
+-    if (hfctmp->pci_io == NULL) {
+-	return;
+-    }
+-    
+-    spin_lock_irqsave(&hfctmp->lock,flags);
+-
++void hfc_shutdownCard1(struct hfc_card *hfctmp) {
+     printk(KERN_INFO "zaphfc: shutting down card at %p.\n",hfctmp->pci_io);
+ 
+     /* Clear interrupt mask */
+     hfctmp->regs.int_m2 = 0;
+     hfc_outb(hfctmp, hfc_INT_M2, hfctmp->regs.int_m2);
+ 
+-    /* Reset pending interrupts */
+-    hfc_inb(hfctmp, hfc_INT_S1);
++    /* Remove interrupt handler */
++    free_irq(hfctmp->irq,hfctmp);
++}
++
++void hfc_shutdownCard2(struct hfc_card *hfctmp) {
++    unsigned long flags;
+ 
+-    /* Wait for interrupts that might still be pending */
+-    spin_unlock_irqrestore(&hfctmp->lock, flags);
+-    set_current_state(TASK_UNINTERRUPTIBLE);
+-    schedule_timeout((30 * HZ) / 1000);	// wait 30 ms
+     spin_lock_irqsave(&hfctmp->lock,flags);
+ 
+-    /* Remove interrupt handler */
+-    if (hfctmp->irq) {
+-	free_irq(hfctmp->irq, hfctmp);
+-    }
++    /* Reset pending interrupts */
++    hfc_inb(hfctmp, hfc_INT_S1);
+ 
+     /* Soft-reset the card */
+     hfc_outb(hfctmp, hfc_CIRM, hfc_CIRM_RESET); // softreset on
+@@ -119,8 +112,8 @@
+ 
+     pci_write_config_word(hfctmp->pcidev, PCI_COMMAND, 0);	// disable memio and bustmaster
+ 
+-    if (hfctmp->fifomem != NULL) {
+-        kfree(hfctmp->fifomem);
++    if (hfctmp->fifos != NULL) {
++	free_pages((unsigned long)hfctmp->fifos,log2(hfc_FIFO_MEM_SIZE_PAGES));
+     }
+     iounmap((void *) hfctmp->pci_io);
+     hfctmp->pci_io = NULL;
+@@ -130,11 +123,24 @@
+     spin_unlock_irqrestore(&hfctmp->lock,flags);
+     if (hfctmp->ztdev != NULL) {
+ 	dahdi_unregister(&hfctmp->ztdev->span);
+-	kfree(hfctmp->ztdev);
++	vfree(hfctmp->ztdev);
+ 	printk(KERN_INFO "unregistered from DAHDI.\n");
+     }
+ }
+ 
++void hfc_shutdownCard(struct hfc_card *hfctmp) {
++    if (hfctmp == NULL) {
++	return;
++    }
++
++    if (hfctmp->pci_io == NULL) {
++	return;
++    }
++
++    hfc_shutdownCard1(hfctmp);
++    hfc_shutdownCard2(hfctmp);
++}
++
+ void hfc_resetCard(struct hfc_card *hfctmp) {
+     unsigned long flags;
+ 
+@@ -178,14 +184,14 @@
+     hfctmp->regs.ctmt = hfc_CTMT_TRANSB1 | hfc_CTMT_TRANSB2; // all bchans are transparent , no freaking hdlc
+     hfc_outb(hfctmp, hfc_CTMT, hfctmp->regs.ctmt);
+ 
+-    hfctmp->regs.int_m1 = 0;
++    hfctmp->regs.int_m1=hfc_INTS_L1STATE;
++    if(hfctmp->cardno==timer_card){
++	hfctmp->regs.int_m2=hfc_M2_PROC_TRANS;
++    }else{
++	hfctmp->regs.int_m1|=hfc_INTS_DREC;
++	hfctmp->regs.int_m2=0;
++    }
+     hfc_outb(hfctmp, hfc_INT_M1, hfctmp->regs.int_m1);
+-
+-#ifdef RTAITIMING
+-    hfctmp->regs.int_m2 = 0;
+-#else
+-    hfctmp->regs.int_m2 = hfc_M2_PROC_TRANS;
+-#endif
+     hfc_outb(hfctmp, hfc_INT_M2, hfctmp->regs.int_m2);
+ 
+     /* Clear already pending ints */
+@@ -197,8 +203,8 @@
+ 	hfctmp->regs.sctrl = 3 | hfc_SCTRL_NONE_CAP | hfc_SCTRL_MODE_TE;	/* set tx_lo mode, error in datasheet ! */
+     }
+ 
+-    hfctmp->regs.mst_mode = hfc_MST_MODE_MASTER;	/* HFC Master Mode */
+     hfc_outb(hfctmp, hfc_MST_MODE, hfctmp->regs.mst_mode);
++    hfc_outb(hfctmp, hfc_MST_EMOD, hfctmp->regs.mst_emod);
+ 
+     hfc_outb(hfctmp, hfc_SCTRL, hfctmp->regs.sctrl);
+     hfctmp->regs.sctrl_r = 3;
+@@ -210,10 +216,8 @@
+     hfc_outb(hfctmp, hfc_CIRM, 0x80 | 0x40);	// bit order
+ 
+     /* Finally enable IRQ output */
+-#ifndef RTAITIMING
+     hfctmp->regs.int_m2 |= hfc_M2_IRQ_ENABLE;
+     hfc_outb(hfctmp, hfc_INT_M2, hfctmp->regs.int_m2);
+-#endif
+ 
+     /* clear pending ints */
+     hfc_inb(hfctmp, hfc_INT_S1); 
+@@ -230,368 +234,210 @@
+     spin_unlock(&registerlock);
+ }
+ 
+-static void hfc_btrans(struct hfc_card *hfctmp, char whichB) {
+-    // we are called with irqs disabled from the irq handler
+-    int count, maxlen, total;
+-    unsigned char *f1, *f2;
+-    unsigned short *z1, *z2, newz1;
+-    int freebytes;
+-
+-    if (whichB == 1) {
+-	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B1TX_F1);
+-        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B1TX_F2);
+-	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1TX_Z1 + (*f1 * 4));
+-	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1TX_Z2 + (*f1 * 4));
+-    } else {
+-	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B2TX_F1);
+-        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B2TX_F2);
+-	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2TX_Z1 + (*f1 * 4));
+-	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2TX_Z2 + (*f1 * 4));
+-    }
+-
+-    freebytes = *z2 - *z1;
+-    if (freebytes <= 0) {
+-	freebytes += hfc_B_FIFO_SIZE;
+-    }
+-    count = DAHDI_CHUNKSIZE;
+-
+-    total = count;
+-    if (freebytes < count) {
+-	hfctmp->clicks++;
+-	/* only spit out this warning once per second to not make things worse! */
+-	if (hfctmp->clicks > 100) {
+-	    printk(KERN_CRIT "zaphfc: bchan tx fifo full, dropping audio! (z1=%d, z2=%d)\n",*z1,*z2);
+-	    hfctmp->clicks = 0;
+-	}
+-	return;
+-    }
+-    
+-    maxlen = (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL) - *z1;
+-    if (maxlen > count) {
+-        maxlen = count;
+-    }
+-    newz1 = *z1 + total;
+-    if (newz1 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { newz1 -= hfc_B_FIFO_SIZE; }
++/*===========================================================================*/
+ 
+-	if (whichB == 1) {
+-	    memcpy((char *)(hfctmp->fifos + hfc_FIFO_B1TX_ZOFF + *z1),hfctmp->ztdev->chans[0].writechunk, maxlen);
+-	} else {
+-	    memcpy((char *)(hfctmp->fifos + hfc_FIFO_B2TX_ZOFF + *z1),hfctmp->ztdev->chans[1].writechunk, maxlen);
+-	}
+-	
+-	count -= maxlen;
+-	if (count > 0) {
+-	// Buffer wrap
+-	    if (whichB == 1) {
+-	        memcpy((char *)(hfctmp->fifos + hfc_FIFO_B1TX_ZOFF + hfc_B_SUB_VAL),hfctmp->ztdev->chans[0].writechunk+maxlen, count);
+-	    } else {
+-	        memcpy((char *)(hfctmp->fifos + hfc_FIFO_B2TX_ZOFF + hfc_B_SUB_VAL),hfctmp->ztdev->chans[1].writechunk+maxlen, count);
+-	    }
+-	}
++#if hfc_B_FIFO_SIZE%DAHDI_CHUNKSIZE
++#error hfc_B_FIFO_SIZE is not a multiple of DAHDI_CHUNKSIZE even though the code assumes this
++#endif
++
++static void hfc_dch_init(struct hfc_card *hfctmp){
++    struct dch *chtmp=&hfctmp->dch;
+ 
+-    *z1 = newz1;	/* send it now */
++    chtmp->rx.f1.p=(u8 *)(hfctmp->fifos+hfc_FIFO_DRX_F1);
++    chtmp->rx.f2.v=0x1f;
++    chtmp->rx.f2.z2.v=0x1ff;
+ 
+-//    if (count > 0) printk(KERN_CRIT "zaphfc: bchan tx fifo (f1=%d, f2=%d, z1=%d, z2=%d)\n",(*f1) & hfc_FMASK,(*f2) & hfc_FMASK, *z1, *z2);
+-    return;    
++    chtmp->tx.f1.p=(u8 *)(hfctmp->fifos+hfc_FIFO_DTX_F1);
++    chtmp->tx.f1.v=0x1f;
++    chtmp->tx.f1.z1.v=0x1ff;
++    chtmp->tx.f2.p=(u8 *)(hfctmp->fifos+hfc_FIFO_DTX_F2);
+ }
+ 
+-static void hfc_brec(struct hfc_card *hfctmp, char whichB) {
+-    // we are called with irqs disabled from the irq handler
+-    int count, maxlen, drop;
+-    volatile unsigned char *f1, *f2;
+-    volatile unsigned short *z1, *z2, newz2;
+-    int bytes = 0;
+-
+-    if (whichB == 1) {
+-	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B1RX_F1);
+-        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B1RX_F2);
+-	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1RX_Z1 + (*f1 * 4));
+-	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1RX_Z2 + (*f1 * 4));
+-    } else {
+-	f1 = (char *)(hfctmp->fifos + hfc_FIFO_B2RX_F1);
+-        f2 = (char *)(hfctmp->fifos + hfc_FIFO_B2RX_F2);
+-	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2RX_Z1 + (*f1 * 4));
+-	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2RX_Z2 + (*f1 * 4));
+-    }
++static void hfc_bch_init(struct hfc_card *hfctmp){
++    struct bch *chtmp=&hfctmp->bch;
+ 
+-    bytes = *z1 - *z2;
+-    if (bytes < 0) {
+-	bytes += hfc_B_FIFO_SIZE;
+-    }
+-    count = DAHDI_CHUNKSIZE;
+-    
+-    if (bytes < DAHDI_CHUNKSIZE) {
+-#ifndef RTAITIMING
+-	printk(KERN_CRIT "zaphfc: bchan rx fifo not enough bytes to receive! (z1=%d, z2=%d, wanted %d got %d), probably a buffer overrun.\n",*z1,*z2,DAHDI_CHUNKSIZE,bytes);
+-#endif
+-	return;
+-    }
++    chtmp->checkcnt=0;
++    chtmp->fill_fifo=0;
+ 
+-    /* allowing the buffering of hfc_BCHAN_BUFFER bytes of audio data works around irq jitter */
+-    if (bytes > hfc_BCHAN_BUFFER + DAHDI_CHUNKSIZE) {
+-	/* if the system is too slow to handle it, we will have to drop it all (except 1 DAHDI chunk) */
+-	drop = bytes - DAHDI_CHUNKSIZE;
+-	hfctmp->clicks++;
+-	/* only spit out this warning once per second to not make things worse! */
+-	if (hfctmp->clicks > 100) {
+-	    printk(KERN_CRIT "zaphfc: dropped audio (z1=%d, z2=%d, wanted %d got %d, dropped %d).\n",*z1,*z2,count,bytes,drop);
+-	    hfctmp->clicks = 0;
+-	}
+-	/* hm, we are processing the b chan data tooooo slowly... let's drop the lost audio */
+-	newz2 = *z2 + drop;
+-	if (newz2 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { 
+-	    newz2 -= hfc_B_FIFO_SIZE; 
+-	}
+-	*z2 = newz2;
+-    }
++    chtmp->rx.c[0].z1p=(unsigned short *)(hfctmp->fifos+hfc_FIFO_B1RX_Z1+0x1f*4);
++    chtmp->rx.c[0].fifo_base=(char *)(hfctmp->fifos+hfc_FIFO_B1RX_ZOFF);
++    chtmp->rx.c[1].z1p=(unsigned short *)(hfctmp->fifos+hfc_FIFO_B2RX_Z1+0x1f*4);
++    chtmp->rx.c[1].fifo_base=(char *)(hfctmp->fifos+hfc_FIFO_B2RX_ZOFF);
++    chtmp->rx.z2=hfc_B_SUB_VAL;
++    chtmp->rx.diff=0;
+ 
+-    
+-    maxlen = (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL) - *z2;
+-    if (maxlen > count) {
+-        maxlen = count;
+-    }
+-    if (whichB == 1) {
+-        memcpy(hfctmp->ztdev->chans[0].readchunk,(char *)(hfctmp->fifos + hfc_FIFO_B1RX_ZOFF + *z2), maxlen);
+-    } else {
+-        memcpy(hfctmp->ztdev->chans[1].readchunk,(char *)(hfctmp->fifos + hfc_FIFO_B2RX_ZOFF + *z2), maxlen);
+-    }
+-    newz2 = *z2 + count;
+-    if (newz2 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { 
+-        newz2 -= hfc_B_FIFO_SIZE; 
++    chtmp->tx.c[0].z1p=(unsigned short *)(hfctmp->fifos+hfc_FIFO_B1TX_Z1+0x1f*4);
++    chtmp->tx.c[0].z2p=(unsigned short *)(hfctmp->fifos+hfc_FIFO_B1TX_Z2+0x1f*4);
++    chtmp->tx.c[0].fifo_base=(char *)(hfctmp->fifos+hfc_FIFO_B1TX_ZOFF);
++    chtmp->tx.c[0].filled=0;
++    chtmp->tx.c[1].z1p=(unsigned short *)(hfctmp->fifos+hfc_FIFO_B2TX_Z1+0x1f*4);
++    chtmp->tx.c[1].z2p=(unsigned short *)(hfctmp->fifos+hfc_FIFO_B2TX_Z2+0x1f*4);
++    chtmp->tx.c[1].fifo_base=(char *)(hfctmp->fifos+hfc_FIFO_B2TX_ZOFF);
++    chtmp->tx.c[1].filled=0;
++    chtmp->tx.z1=hfc_B_SUB_VAL;
++    chtmp->tx.diff=0;
++
++    hfc_dch_init(hfctmp);
++
++    chtmp->initialized=0;
++}
++
++static int hfc_bch_check(struct hfc_card *hfctmp){
++    struct bch *chtmp=&hfctmp->bch;
++    int x,r;
++
++    for(x=0;x<2;x++){
++	chtmp->tx.c[x].filled=(chtmp->tx.z1-*chtmp->tx.c[x].z2p+hfc_B_FIFO_SIZE)%hfc_B_FIFO_SIZE;
++	chtmp->rx.c[x].filled=(*chtmp->rx.c[x].z1p-chtmp->rx.z2+hfc_B_FIFO_SIZE)%hfc_B_FIFO_SIZE;
+     }
+-    *z2 = newz2;
+-	
+-    count -= maxlen;
+-    if (count > 0) {
+-    // Buffer wrap
+-        if (whichB == 1) {
+-	    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B1RX_Z2 + (*f1 * 4));
+-    	    memcpy(hfctmp->ztdev->chans[0].readchunk + maxlen,(char *)(hfctmp->fifos + hfc_FIFO_B1RX_ZOFF + hfc_B_SUB_VAL), count);
+-	} else {
+-	    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_B2RX_Z2 + (*f1 * 4));
+-	    memcpy(hfctmp->ztdev->chans[1].readchunk + maxlen,(char *)(hfctmp->fifos + hfc_FIFO_B2RX_ZOFF + hfc_B_SUB_VAL), count);
+-	}
+-	newz2 = *z2 + count;
+-	if (newz2 >= (hfc_B_FIFO_SIZE + hfc_B_SUB_VAL)) { 
+-	    newz2 -= hfc_B_FIFO_SIZE; 
++    if(chtmp->fill_fifo){
++	chtmp->checkcnt++;
++	chtmp->checkcnt%=DAHDI_CHUNKSIZE;
++	r=!chtmp->checkcnt;
++    }else{
++	x=chtmp->tx.c[0].filled-chtmp->tx.c[1].filled;
++	if(abs(x-chtmp->tx.diff)>1){
++	    printk(KERN_CRIT "zaphfc[%d]: tx sync changed: %d, %d\n",hfctmp->cardno,chtmp->tx.c[0].filled,chtmp->tx.c[1].filled);
++	    chtmp->tx.diff=x;
+ 	}
++	r=chtmp->tx.c[0].filled<=DAHDI_CHUNKSIZE*jitterbuffer&&chtmp->tx.c[1].filled<=DAHDI_CHUNKSIZE*jitterbuffer;
+     }
++    return(r);
++}
+ 
++#define hfc_bch_inc_z(a,b) (a)=((a)-hfc_B_SUB_VAL+(b))%hfc_B_FIFO_SIZE+hfc_B_SUB_VAL
+ 
+-    if (whichB == 1) {
+-	dahdi_ec_chunk(&hfctmp->ztdev->chans[0], hfctmp->ztdev->chans[0].readchunk, hfctmp->ztdev->chans[0].writechunk);
+-    } else {
+-	dahdi_ec_chunk(&hfctmp->ztdev->chans[1], hfctmp->ztdev->chans[1].readchunk, hfctmp->ztdev->chans[1].writechunk);
++static void hfc_bch_tx(struct hfc_card *hfctmp){
++    struct bch *chtmp=&hfctmp->bch;
++    int x;
++
++    for(x=0;x<2;x++)
++	memcpy((void *)(chtmp->tx.c[x].fifo_base+chtmp->tx.z1),hfctmp->ztdev->chans[x].writechunk,DAHDI_CHUNKSIZE);
++    hfc_bch_inc_z(chtmp->tx.z1,DAHDI_CHUNKSIZE);
++    if(chtmp->fill_fifo){
++	chtmp->fill_fifo--;
++    }else if(chtmp->tx.c[0].filled<=1||chtmp->tx.c[1].filled<=1){
++	chtmp->fill_fifo=jitterbuffer;
++	if(chtmp->initialized)
++	    printk(KERN_CRIT "zaphfc[%d]: b channel buffer underrun: %d, %d\n",hfctmp->cardno,chtmp->tx.c[0].filled,chtmp->tx.c[1].filled);
+     }
+-    return;    
++    if(!chtmp->fill_fifo)
++	for(x=0;x<2;x++)*chtmp->tx.c[x].z1p=chtmp->tx.z1;
+ }
+ 
+-
+-static void hfc_dtrans(struct hfc_card *hfctmp) {
+-    // we are called with irqs disabled from the irq handler
++static void hfc_bch_rx(struct hfc_card *hfctmp){
++    struct bch *chtmp=&hfctmp->bch;
+     int x;
+-    int count, maxlen, total;
+-    unsigned char *f1, *f2, newf1;
+-    unsigned short *z1, *z2, newz1;
+-    int frames, freebytes;
+ 
+-    if (hfctmp->ztdev->chans[2].bytes2transmit == 0) {
+-	return;
++    x=chtmp->rx.c[0].filled-chtmp->rx.c[1].filled;
++    if(abs(x-chtmp->rx.diff)>1){
++	printk(KERN_CRIT "zaphfc[%d]: rx sync changed: %d, %d\n",hfctmp->cardno,chtmp->rx.c[0].filled,chtmp->rx.c[1].filled);
++	chtmp->rx.diff=x;
+     }
+-
+-    f1 = (char *)(hfctmp->fifos + hfc_FIFO_DTX_F1);
+-    f2 = (char *)(hfctmp->fifos + hfc_FIFO_DTX_F2);
+-    z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DTX_Z1 + (*f1 * 4));
+-    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DTX_Z2 + (*f1 * 4));
+-
+-    frames = (*f1 - *f2) & hfc_FMASK;
+-    if (frames < 0) {
+-	frames += hfc_MAX_DFRAMES + 1;
++    if(chtmp->rx.c[0].filled>=DAHDI_CHUNKSIZE&&chtmp->rx.c[1].filled>=DAHDI_CHUNKSIZE){
++	if((chtmp->rx.c[0].filled>=DAHDI_CHUNKSIZE*(jitterbuffer+2)&&chtmp->rx.c[1].filled>=DAHDI_CHUNKSIZE*(jitterbuffer+2))||!chtmp->initialized){
++	    if(chtmp->initialized)
++		printk(KERN_CRIT "zaphfc[%d]: b channel buffer overflow: %d, %d\n",hfctmp->cardno,chtmp->rx.c[0].filled,chtmp->rx.c[1].filled);
++	    hfc_bch_inc_z(chtmp->rx.z2,chtmp->rx.c[0].filled-chtmp->rx.c[0].filled%DAHDI_CHUNKSIZE-DAHDI_CHUNKSIZE);
++	    chtmp->initialized=1;
++	}
++	for(x=0;x<2;x++){
++	    memcpy(hfctmp->ztdev->chans[x].readchunk,(void *)(chtmp->rx.c[x].fifo_base+chtmp->rx.z2),DAHDI_CHUNKSIZE);
++	    dahdi_ec_chunk(&hfctmp->ztdev->chans[x],hfctmp->ztdev->chans[x].readchunk,hfctmp->ztdev->chans[x].writechunk);
++	}
++	hfc_bch_inc_z(chtmp->rx.z2,DAHDI_CHUNKSIZE);
+     }
++}
+ 
+-    if (frames >= hfc_MAX_DFRAMES) {
+-	printk(KERN_CRIT "zaphfc: dchan tx fifo total number of frames exceeded!\n");
+-	return;
+-    }
++/*===========================================================================*/
+ 
+-    freebytes = *z2 - *z1;
+-    if (freebytes <= 0) {
+-	freebytes += hfc_D_FIFO_SIZE;
+-    }
+-    count = hfctmp->ztdev->chans[2].bytes2transmit;
+-
+-    total = count;
+-    if (freebytes < count) {
+-	printk(KERN_CRIT "zaphfc: dchan tx fifo not enough free bytes! (z1=%d, z2=%d)\n",*z1,*z2);
+-	return;
+-    }
+-    
+-    newz1 = (*z1 + count) & hfc_ZMASK;
+-    newf1 = ((*f1 + 1) & hfc_MAX_DFRAMES) | (hfc_MAX_DFRAMES + 1);	// next frame
+-    
+-    if (count > 0) {
+-	if (debug) {
+-    	    printk(KERN_CRIT "zaphfc: card %d TX [ ", hfctmp->cardno);
+-	    for (x=0; x<count; x++) {
++static void hfc_dch_tx(struct hfc_card *hfctmp){
++    struct dch *chtmp=&hfctmp->dch;
++    u8 tx_f2_v;
++    u16 x;
++
++    if(hfctmp->ztdev->chans[2].bytes2transmit){
++	if(debug){
++	    printk(KERN_CRIT "zaphfc[%d]: card TX [ ",hfctmp->cardno);
++	    for(x=0;x<hfctmp->ztdev->chans[2].bytes2transmit;x++){
+ 		printk("%#2x ",hfctmp->dtransbuf[x]);
+ 	    }
+-	    if (hfctmp->ztdev->chans[2].eoftx == 1) {
+-		printk("] %d bytes\n", count);
+-	    } else {
+-		printk("..] %d bytes\n", count);
+-	    }
+-	}
+-	maxlen = hfc_D_FIFO_SIZE - *z1;
+-	if (maxlen > count) {
+-	    maxlen = count;
++	    printk("] %d bytes\n",hfctmp->ztdev->chans[2].bytes2transmit);
+ 	}
+-	memcpy((char *)(hfctmp->fifos + hfc_FIFO_DTX_ZOFF + *z1),hfctmp->ztdev->chans[2].writechunk, maxlen);
+-	count -= maxlen;
+-	if (count > 0) {
+-	    memcpy((char *)(hfctmp->fifos + hfc_FIFO_DTX_ZOFF),(char *)(hfctmp->ztdev->chans[2].writechunk + maxlen), count);
++	tx_f2_v=*chtmp->tx.f2.p;
++	if(!(tx_f2_v-chtmp->tx.f1.v+hfc_MAX_DFRAMES+1-1)&(hfc_MAX_DFRAMES+1-1)){
++	    printk(KERN_CRIT "zaphfc[%d]: dchan tx fifo total number of frames exceeded!\n",hfctmp->cardno);
++	}else{
++	    if(((*(volatile u16 *)(hfctmp->fifos+hfc_FIFO_DTX_Z2+tx_f2_v*4)-chtmp->tx.f1.z1.v+hfc_D_FIFO_SIZE-1)&(hfc_D_FIFO_SIZE-1))<hfctmp->ztdev->chans[2].bytes2transmit){
++		printk(KERN_CRIT "zaphfc[%d]: dchan tx fifo not enough space for frame!\n",hfctmp->cardno);
++	    }else{
++		chtmp->tx.f1.v=((chtmp->tx.f1.v+1)&hfc_MAX_DFRAMES)|(hfc_MAX_DFRAMES+1);
++		x=min(hfctmp->ztdev->chans[2].bytes2transmit,hfc_D_FIFO_SIZE-chtmp->tx.f1.z1.v);
++		memcpy(hfctmp->fifos+hfc_FIFO_DTX_ZOFF+chtmp->tx.f1.z1.v,hfctmp->ztdev->chans[2].writechunk,x);
++		memcpy(hfctmp->fifos+hfc_FIFO_DTX_ZOFF,hfctmp->ztdev->chans[2].writechunk+x,hfctmp->ztdev->chans[2].bytes2transmit-x);
++		*(volatile u16 *)(hfctmp->fifos+hfc_FIFO_DTX_Z2+chtmp->tx.f1.v*4)=chtmp->tx.f1.z1.v;
++		chtmp->tx.f1.z1.v=(chtmp->tx.f1.z1.v+hfctmp->ztdev->chans[2].bytes2transmit+hfc_D_FIFO_SIZE)&(hfc_D_FIFO_SIZE-1);
++		*(volatile u16 *)(hfctmp->fifos+hfc_FIFO_DTX_Z1+chtmp->tx.f1.v*4)=chtmp->tx.f1.z1.v;
++		*chtmp->tx.f1.p=chtmp->tx.f1.v;
++	    }
+ 	}
+     }
+-
+-    *z1 = newz1;
+-
+-    if (hfctmp->ztdev->chans[2].eoftx == 1) {
+-	*f1 = newf1;
+-	z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DTX_Z1 + (*f1 * 4));
+-	*z1 = newz1;
+-	hfctmp->ztdev->chans[2].eoftx = 0;
+-    }
+-//    printk(KERN_CRIT "zaphfc: dchan tx fifo (f1=%d, f2=%d, z1=%d, z2=%d)\n",(*f1) & hfc_FMASK,(*f2) & hfc_FMASK, *z1, *z2);
+-    return;    
+ }
+ 
+-/* receive a complete hdlc frame, skip broken or short frames */
+-static void hfc_drec(struct hfc_card *hfctmp) {
+-    int count=0, maxlen=0, framelen=0;
+-    unsigned char *f1, *f2, *crcstat;
+-    unsigned short *z1, *z2, oldz2, newz2;
++static void hfc_dch_rx(struct hfc_card *hfctmp){
++    struct dch *chtmp=&hfctmp->dch;
++    u16 size;
+ 
+     hfctmp->ztdev->chans[2].bytes2receive=0;
+-    hfctmp->ztdev->chans[2].eofrx = 0;
+-
+-    /* put the received data into the DAHDI buffer
+-       we'll call dahdi_receive() later when the timer fires. */
+-    f1 = (char *)(hfctmp->fifos + hfc_FIFO_DRX_F1);
+-    f2 = (char *)(hfctmp->fifos + hfc_FIFO_DRX_F2);
+-
+-    if (*f1 == *f2) return; /* nothing received, strange eh? */
+-
+-    z1 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z1 + (*f2 * 4));
+-    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z2 + (*f2 * 4));
+-    
+-    /* calculate length of frame, including 2 bytes CRC and 1 byte STAT */
+-    count = *z1 - *z2;
+-    
+-    if (count < 0) { 
+-	count += hfc_D_FIFO_SIZE; /* ring buffer wrapped */
+-    }
+-    count++;
+-    framelen = count;
+-
+-    crcstat = (char *)(hfctmp->fifos + hfc_FIFO_DRX_ZOFF + *z1);
+-
+-    if ((framelen < 4) || (*crcstat != 0x0)) {
+-	/* the frame is too short for a valid HDLC frame or the CRC is borked */
+-	printk(KERN_CRIT "zaphfc: empty HDLC frame or bad CRC received (framelen = %d, stat = %#x, card = %d).\n", framelen, *crcstat, hfctmp->cardno);
+-	oldz2 = *z2;
+-	*f2 = ((*f2 + 1) & hfc_MAX_DFRAMES) | (hfc_MAX_DFRAMES + 1);	/* NEXT!!! */
+-        // recalculate z2, because Z2 is a function of F2 Z2(F2) and we INCed F2!!!
+-	z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z2 + (*f2 * 4));
+-	*z2 = (oldz2 + framelen) & hfc_ZMASK;
+-	hfctmp->drecinframe = 0;
+-	hfctmp->regs.int_drec--;
+-	/* skip short or broken frames */
+-        hfctmp->ztdev->chans[2].bytes2receive = 0; 
+-	return;
+-    }
+-
+-    count -= 1;	/* strip STAT */
+-    hfctmp->ztdev->chans[2].eofrx = 1;
+-
+-    if (count + *z2 <= hfc_D_FIFO_SIZE) {
+-	maxlen = count;
+-    } else {
+-	maxlen = hfc_D_FIFO_SIZE - *z2;
++    hfctmp->ztdev->chans[2].eofrx=0;
++    if(*chtmp->rx.f1.p==chtmp->rx.f2.v){
++	hfctmp->regs.int_drec=0;
++    }else{
++	size=((*(volatile u16 *)(hfctmp->fifos+hfc_FIFO_DRX_Z1+chtmp->rx.f2.v*4)-chtmp->rx.f2.z2.v+hfc_D_FIFO_SIZE)&(hfc_D_FIFO_SIZE-1))+1;
++	if(size<4){
++	    printk(KERN_CRIT "zaphfc[%d]: empty HDLC frame received.\n",hfctmp->cardno);
++	}else{
++	    u16 x=min(size,(u16)(hfc_D_FIFO_SIZE-chtmp->rx.f2.z2.v));
++	    memcpy(hfctmp->drecbuf,hfctmp->fifos+hfc_FIFO_DRX_ZOFF+chtmp->rx.f2.z2.v,x);
++	    memcpy(hfctmp->drecbuf+x,hfctmp->fifos+hfc_FIFO_DRX_ZOFF,size-x);
++	    if(hfctmp->drecbuf[size-1]){
++		printk(KERN_CRIT "zaphfc[%d]: received d channel frame with bad CRC.\n",hfctmp->cardno);
++	    }else{
++		hfctmp->ztdev->chans[2].bytes2receive=size-1;
++		hfctmp->ztdev->chans[2].eofrx=1;
++	    }
++	}
++	chtmp->rx.f2.z2.v=(chtmp->rx.f2.z2.v+size)&(hfc_D_FIFO_SIZE-1);
++	chtmp->rx.f2.v=((chtmp->rx.f2.v+1)&hfc_MAX_DFRAMES)|(hfc_MAX_DFRAMES+1);
+     }
+-
+-    /* copy first part */
+-    memcpy(hfctmp->drecbuf, (char *)(hfctmp->fifos + hfc_FIFO_DRX_ZOFF + *z2), maxlen);
+-    hfctmp->ztdev->chans[2].bytes2receive += maxlen; 
+-    
+-    count -= maxlen;
+-    if (count > 0) {
+-	/* ring buffer wrapped, copy rest from start of d fifo */
+-	memcpy(hfctmp->drecbuf + maxlen, (char *)(hfctmp->fifos + hfc_FIFO_DRX_ZOFF), count);
+-	hfctmp->ztdev->chans[2].bytes2receive += count; 
+-    }
+-
+-    /* frame read */
+-    oldz2 = *z2;
+-    newz2 = (oldz2 + framelen) & hfc_ZMASK;
+-    *f2 = ((*f2 + 1) & hfc_MAX_DFRAMES) | (hfc_MAX_DFRAMES + 1);	/* NEXT!!! */
+-    /* recalculate z2, because Z2 is a function of F2 Z2(F2) and we INCed F2!!! */
+-    z2 = (unsigned short *)(hfctmp->fifos + hfc_FIFO_DRX_Z2 + (*f2 * 4));
+-    *z2 = newz2;
+-    hfctmp->drecinframe = 0;
+-    hfctmp->regs.int_drec--; 
+ }
+ 
+-#ifndef RTAITIMING
+ DAHDI_IRQ_HANDLER(hfc_interrupt) {
+     struct hfc_card *hfctmp = dev_id;
+-    unsigned long flags = 0;
+-    unsigned char stat;
+-#else
+-static void hfc_service(struct hfc_card *hfctmp) {
+-#endif
++    struct hfc_card *hfctmp2;
+     struct dahdi_hfc *zthfc;
+-    unsigned char s1, s2, l1state;
++    unsigned char stat, s1, s2, l1state;
++    unsigned long flags = 0;
++    unsigned long flags2 = 0;
+     int x;
+ 
+     if (!hfctmp) {
+-#ifndef RTAITIMING
+-		return IRQ_NONE;
+-#else
+-	/* rtai */
+-	return;
+-#endif
++	    return IRQ_NONE;
+     }
+ 
+     if (!hfctmp->pci_io) {
+ 	    printk(KERN_WARNING "%s: IO-mem disabled, cannot handle interrupt\n",
+ 		   __FUNCTION__);
+-#ifndef RTAITIMING
+ 	    return IRQ_NONE;
+-#else
+-	/* rtai */
+-	return;
+-#endif
+     }
+     
+-    /*	we assume a few things in this irq handler:
+-	- the hfc-pci will only generate "timer" irqs (proc/non-proc)
+-	- we need to use every 8th IRQ (to generate 1khz timing)
+-	OR
+-	- if we use rtai for timing the hfc-pci will not generate ANY irq,
+-	  instead rtai will call this "fake" irq with a 1khz realtime timer. :)
+-	- rtai will directly service the card, not like it used to by triggering
+-	  the linux irq
+-    */
+-
+-#ifndef RTAITIMING
+     spin_lock_irqsave(&hfctmp->lock, flags);
+     stat = hfc_inb(hfctmp, hfc_STATUS);
+-
+     if ((stat & hfc_STATUS_ANYINT) == 0) {
+         // maybe we are sharing the irq
+ 	spin_unlock_irqrestore(&hfctmp->lock,flags);
+ 	return IRQ_NONE;
+     }
+-#endif
+ 
+     s1 = hfc_inb(hfctmp, hfc_INT_S1);
+     s2 = hfc_inb(hfctmp, hfc_INT_S2); 
+@@ -611,18 +457,10 @@
+ 		}
+ 		switch (l1state) {
+ 		    case 3:
+-#ifdef RTAITIMING
+-			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 ACTIVATED (G%d) [realtime]", hfctmp->cardno, l1state);
+-#else
+ 			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 ACTIVATED (G%d)", hfctmp->cardno, l1state);
+-#endif
+ 			break;
+ 		    default:
+-#ifdef RTAITIMING
+-			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 DEACTIVATED (G%d) [realtime]", hfctmp->cardno, l1state);
+-#else
+ 			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] layer 1 DEACTIVATED (G%d)", hfctmp->cardno, l1state);
+-#endif
+ 		}
+ 		if (l1state == 2) {
+ 		    hfc_outb(hfctmp, hfc_STATES, hfc_STATES_ACTIVATE | hfc_STATES_DO_ACTION | hfc_STATES_NT_G2_G3);
+@@ -636,18 +474,10 @@
+ 		}
+ 		switch (l1state) {
+ 		    case 7:
+-#ifdef RTAITIMING
+-			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 ACTIVATED (F%d) [realtime]", hfctmp->cardno, l1state);
+-#else
+ 			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 ACTIVATED (F%d)", hfctmp->cardno, l1state);
+-#endif
+ 			break;
+ 		    default:
+-#ifdef RTAITIMING
+-			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 DEACTIVATED (F%d) [realtime]", hfctmp->cardno, l1state);
+-#else
+ 			sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] layer 1 DEACTIVATED (F%d)", hfctmp->cardno, l1state);
+-#endif
+ 		}
+ 		if (l1state == 3) {
+ 		    hfc_outb(hfctmp, hfc_STATES, hfc_STATES_DO_ACTION | hfc_STATES_ACTIVATE);
+@@ -657,7 +487,7 @@
+ 	}
+ 	if (s1 & hfc_INTS_DREC) {
+ 	    // D chan RX (bit 5)
+-	    hfctmp->regs.int_drec++;
++	    hfctmp->regs.int_drec = 1;
+ 	    // mr. zapata there is something for you!
+ 	//    printk(KERN_CRIT "d chan rx\n");		    
+ 	}
+@@ -678,14 +508,10 @@
+ 	    // B1 chan TX (bit 0)
+ 	}
+     }
+-#ifdef RTAITIMING
+-    /* fake an irq */
+-    s2 |= hfc_M2_PROC_TRANS;
+-#endif
+     if (s2 != 0) {
+ 	if (s2 & hfc_M2_PMESEL) {
+ 	    // kaboom irq (bit 7)
+-	    printk(KERN_CRIT "zaphfc: sync lost, pci performance too low. you might have some cpu throtteling enabled.\n");
++	    //printk(KERN_CRIT "zaphfc: sync lost, pci performance too low. you might have some cpu throtteling enabled.\n");
+ 	}
+ 	if (s2 & hfc_M2_GCI_MON_REC) {
+ 	    // RxR monitor channel (bit 2)
+@@ -693,32 +519,31 @@
+ 	if (s2 & hfc_M2_GCI_I_CHG) {
+ 	    // GCI I-change  (bit 1)
+ 	}
+-	if (s2 & hfc_M2_PROC_TRANS) {
++	if((s2&hfc_M2_PROC_TRANS)&&(hfctmp->cardno==timer_card)){
+ 	    // processing/non-processing transition  (bit 0)
+-	    hfctmp->ticks++;
+-#ifndef RTAITIMING
+-	    if (hfctmp->ticks > 7) {
+-		// welcome to DAHDI timing :)
+-#endif
+-	    	hfctmp->ticks = 0;
+-
+-		if (hfctmp->ztdev->span.flags & DAHDI_FLAG_RUNNING) {
++	hfctmp2=hfctmp;
++	hfctmp=hfc_dev_list;
++	while(hfctmp){
++	    if(hfctmp->active){
++	    if(hfctmp!=hfctmp2)spin_lock_irqsave(&hfctmp->lock, flags2);
++	    if(hfc_bch_check(hfctmp)){
++    if (hfctmp->ztdev->span.flags & DAHDI_FLAG_RUNNING) {
+ 		    // clear dchan buffer
++	//	    memset(hfctmp->drecbuf, 0x0, sizeof(hfctmp->drecbuf));
++
+ 		    hfctmp->ztdev->chans[2].bytes2transmit = 0;
+ 		    hfctmp->ztdev->chans[2].maxbytes2transmit = hfc_D_FIFO_SIZE;
+ 
+ 		    dahdi_transmit(&(hfctmp->ztdev->span));
+ 
+-		    hfc_btrans(hfctmp,1);
+-		    hfc_btrans(hfctmp,2);
+-		    hfc_dtrans(hfctmp);
++		    hfc_bch_tx(hfctmp);
++		    hfc_dch_tx(hfctmp);
+ 		}
+ 
+-		hfc_brec(hfctmp,1);
+-		hfc_brec(hfctmp,2);
+-		if (hfctmp->regs.int_drec > 0) {
++		hfc_bch_rx(hfctmp);
++		if (hfctmp->regs.int_drec) {
+ 		    // dchan data to read
+-		    hfc_drec(hfctmp);
++		    hfc_dch_rx(hfctmp);
+ 		    if (hfctmp->ztdev->chans[2].bytes2receive > 0) {
+ 			    if (debug) {
+     				printk(KERN_CRIT "zaphfc: card %d RX [ ", hfctmp->cardno);
+@@ -743,17 +568,16 @@
+ 		if (hfctmp->ztdev->span.flags & DAHDI_FLAG_RUNNING) {
+ 		    dahdi_receive(&(hfctmp->ztdev->span));
+ 		}
+-		
+-#ifndef RTAITIMING
+ 	    }
+-#endif
++	    if(hfctmp!=hfctmp2)spin_unlock_irqrestore(&hfctmp->lock,flags2);
++	    }
++	    hfctmp=hfctmp->next;
++	}
++	hfctmp=hfctmp2;
+ 	}
+-
+     }
+-#ifndef RTAITIMING
+     spin_unlock_irqrestore(&hfctmp->lock,flags);
+-	return IRQ_RETVAL(1);
+-#endif
++    return IRQ_RETVAL(1);
+ }
+ 
+ 
+@@ -802,22 +626,22 @@
+     }
+     alreadyrunning = span->flags & DAHDI_FLAG_RUNNING;
+     
+-    if (!alreadyrunning) {
+-	span->chans[2]->flags &= ~DAHDI_FLAG_HDLC;
+-	span->chans[2]->flags |= DAHDI_FLAG_BRIDCHAN;
+-	
+-	span->flags |= DAHDI_FLAG_RUNNING;
++    if (alreadyrunning) return 0;
+ 
+-	hfctmp->ticks = -2;
+-	hfctmp->clicks = 0;
+-	hfctmp->regs.fifo_en = hfc_FIFOEN_D | hfc_FIFOEN_B1 | hfc_FIFOEN_B2;
+-        hfc_outb(hfctmp, hfc_FIFO_EN, hfctmp->regs.fifo_en);
+-    } else {
+-	return 0;
+-    }
++    span->chans[2]->flags &= ~DAHDI_FLAG_HDLC;
++    span->chans[2]->flags |= DAHDI_FLAG_BRIDCHAN;
++
++    span->flags |= DAHDI_FLAG_RUNNING;
++
++    hfctmp->ticks = -2;
++    hfctmp->regs.fifo_en = hfc_FIFOEN_D | hfc_FIFOEN_B1 | hfc_FIFOEN_B2;
++    hfc_outb(hfctmp, hfc_FIFO_EN, hfctmp->regs.fifo_en);
++
++    hfc_bch_init(hfctmp);
+ 
+     // drivers, start engines!
+     hfc_outb(hfctmp, hfc_STATES, hfc_STATES_DO_ACTION | hfc_STATES_ACTIVATE);
++    hfctmp->active=1;
+     return 0;
+ }
+ 
+@@ -847,17 +671,9 @@
+ 
+     sprintf(zthfc->span.name, "ZTHFC%d", hfc_dev_count + 1);
+     if (hfctmp->regs.nt_mode == 1) {
+-#ifdef RTAITIMING
+-	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT] [realtime]", hfc_dev_count + 1);
+-#else
+ 	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [NT]", hfc_dev_count + 1);
+-#endif
+     } else {
+-#ifdef RTAITIMING
+-	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE] [realtime]", hfc_dev_count + 1);
+-#else
+ 	sprintf(zthfc->span.desc, "HFC-S PCI A ISDN card %d [TE]", hfc_dev_count + 1);
+-#endif
+     }
+ 
+     zthfc->span.spanconfig = zthfc_spanconfig;
+@@ -897,32 +713,6 @@
+     return 0;
+ }
+ 
+-#ifdef RTAITIMING
+-#define TICK_PERIOD  1000000
+-#define TICK_PERIOD2 1000000000
+-#define TASK_PRIORITY 1
+-#define STACK_SIZE 10000
+-
+-static RT_TASK rt_task;
+-static struct hfc_card *rtai_hfc_list[hfc_MAX_CARDS];
+-static unsigned char rtai_hfc_counter = 0;
+-
+-static void rtai_register_hfc(struct hfc_card *hfctmp) {
+-    rtai_hfc_list[rtai_hfc_counter++] = hfctmp;
+-}
+-
+-static void rtai_loop(int t) {
+-    int i=0;
+-    for (;;) {
+-	for (i=0; i < rtai_hfc_counter; i++) {
+-	    if (rtai_hfc_list[i] != NULL)
+-		hfc_service(rtai_hfc_list[i]);
+-	}
+-        rt_task_wait_period();
+-    }
+-}
+-#endif
+-
+ int hfc_findCards(int pcivendor, int pcidevice, char *vendor_name, char *card_name) {
+     struct pci_dev *tmp;
+     struct hfc_card *hfctmp = NULL;
+@@ -938,9 +728,9 @@
+ 	}
+ 	pci_set_master(tmp);
+ 
+-	hfctmp = kmalloc(sizeof(struct hfc_card), GFP_KERNEL);
++	hfctmp = vmalloc(sizeof(struct hfc_card));
+ 	if (!hfctmp) {
+-	    printk(KERN_WARNING "zaphfc: unable to kmalloc!\n");
++	    printk(KERN_WARNING "zaphfc: unable to vmalloc!\n");
+ 	    pci_disable_device(tmp);
+ 	    multi_hfc = NULL;
+ 	    return -ENOMEM;
+@@ -948,6 +738,7 @@
+ 	memset(hfctmp, 0x0, sizeof(struct hfc_card));
+ 	spin_lock_init(&hfctmp->lock);
+ 	
++	hfctmp->active=0;
+ 	hfctmp->pcidev = tmp;
+ 	hfctmp->pcibus = tmp->bus->number;
+ 	hfctmp->pcidevfn = tmp->devfn; 
+@@ -961,49 +752,39 @@
+ 	hfctmp->pci_io = (char *) tmp->resource[1].start;
+ 	if (!hfctmp->pci_io) {
+ 	    printk(KERN_WARNING "zaphfc: no iomem!\n");
+-	    kfree(hfctmp);
++	    vfree(hfctmp);
+ 	    pci_disable_device(tmp);
+ 	    multi_hfc = NULL;
+ 	    return -1;
+ 	}
+-	
+-	hfctmp->fifomem = kmalloc(65536, GFP_KERNEL);
+-	if (!hfctmp->fifomem) {
+-	    printk(KERN_WARNING "zaphfc: unable to kmalloc fifomem!\n");
+-	    kfree(hfctmp);
++
++	hfctmp->fifos=(void *)__get_free_pages(GFP_KERNEL,log2(hfc_FIFO_MEM_SIZE_PAGES));
++	if (!hfctmp->fifos) {
++	    printk(KERN_WARNING "zaphfc: unable to __get_free_pages fifomem!\n");
++	    vfree(hfctmp);
+ 	    pci_disable_device(tmp);
+ 	    multi_hfc = NULL;
+ 	    return -ENOMEM;
+ 	} else {
+-	    memset(hfctmp->fifomem, 0x0, 65536);
+-	    hfctmp->fifos = (void *)(((ulong) hfctmp->fifomem) & ~0x7FFF) + 0x8000;
+ 	    pci_write_config_dword(hfctmp->pcidev, 0x80, (u_int) virt_to_bus(hfctmp->fifos));
+ 	    hfctmp->pci_io = ioremap((ulong) hfctmp->pci_io, 256);
+ 	}
+ 
+-#ifdef RTAITIMING
+-	/* we need no stinking irq */
+-	hfctmp->irq = 0;
+-#else
+ 	if (request_irq(hfctmp->irq, &hfc_interrupt, DAHDI_IRQ_SHARED, "zaphfc", hfctmp)) {
+ 	    printk(KERN_WARNING "zaphfc: unable to register irq\n");
+-	    kfree(hfctmp->fifomem);
+-	    kfree(hfctmp);
++	    free_pages((unsigned long)hfctmp->fifos,log2(hfc_FIFO_MEM_SIZE_PAGES));
++	    vfree(hfctmp);
+ 	    iounmap((void *) hfctmp->pci_io);
+ 	    pci_disable_device(tmp);
+ 	    multi_hfc = NULL;
+ 	    return -EIO;
+ 	}
+-#endif
+ 
+-#ifdef RTAITIMING
+-	rtai_register_hfc(hfctmp);
+-#endif
+ 	printk(KERN_INFO
+-		       "zaphfc: %s %s configured at mem %lx fifo %lx(%#x) IRQ %d HZ %d\n",
++		       "zaphfc: %s %s configured at mem %#x fifo %#x(%#x) IRQ %d HZ %d\n",
+ 			vendor_name, card_name,
+-		       (unsigned long) hfctmp->pci_io,
+-		       (unsigned long) hfctmp->fifos,
++		       (u_int) hfctmp->pci_io,
++		       (u_int) hfctmp->fifos,
+ 		       (u_int) virt_to_bus(hfctmp->fifos),
+ 		       hfctmp->irq, HZ); 
+ 	pci_write_config_word(hfctmp->pcidev, PCI_COMMAND, PCI_COMMAND_MEMORY);	// enable memio
+@@ -1020,11 +801,21 @@
+ 	    hfctmp->regs.nt_mode = 0;
+ 	}
+ 
+-	zthfc = kmalloc(sizeof(struct dahdi_hfc),GFP_KERNEL);
++	if(sync_slave&(1<<hfc_dev_count)){
++	    printk(KERN_INFO "zaphfc: Card %d configured for slave mode\n",hfc_dev_count);
++	    hfctmp->regs.mst_mode=hfc_MST_MODE_SLAVE|hfc_MST_MODE_F0_LONG_DURATION;
++	    hfctmp->regs.mst_emod=hfc_MST_EMOD_SLOW_CLOCK_ADJ;
++	}else{
++	    printk(KERN_INFO "zaphfc: Card %d configured for master mode\n",hfc_dev_count);
++	    hfctmp->regs.mst_mode=hfc_MST_MODE_MASTER|hfc_MST_MODE_F0_LONG_DURATION;
++	    hfctmp->regs.mst_emod=0;
++	}
++
++	zthfc = vmalloc(sizeof(struct dahdi_hfc));
+ 	if (!zthfc) {
+-	    printk(KERN_CRIT "zaphfc: unable to kmalloc!\n");
++	    printk(KERN_CRIT "zaphfc: unable to vmalloc!\n");
+ 	    hfc_shutdownCard(hfctmp);
+-	    kfree(hfctmp);
++	    vfree(hfctmp);
+ 	    multi_hfc = NULL;
+ 	    return -ENOMEM;
+ 	}
+@@ -1050,7 +841,6 @@
+ 	memset(hfctmp->btransbuf[1], 0x0, sizeof(hfctmp->btransbuf[1]));
+ 	hfctmp->ztdev->chans[1].writechunk = hfctmp->btransbuf[1];
+ 
+-
+ 	hfc_registerCard(hfctmp);
+ 	hfc_resetCard(hfctmp);
+ 	tmp = pci_get_device(pcivendor, pcidevice, multi_hfc);
+@@ -1058,58 +848,42 @@
+     return 0;
+ }
+ 
+-
+-
+ int init_module(void) {
+     int i = 0;
+-#ifdef RTAITIMING
+-    RTIME tick_period;
+-    for (i=0; i < hfc_MAX_CARDS; i++) {
+-	rtai_hfc_list[i] = NULL;
++    if(jitterbuffer<1){
++	printk(KERN_INFO "zaphfc: invalid jitterbuffer size specified: %d - changing to minimum of 1\n",jitterbuffer);
++	jitterbuffer=1;
++    }else if(jitterbuffer>500){
++	printk(KERN_INFO "zaphfc: invalid jitterbuffer size specified: %d - changing to maximum of 500\n",jitterbuffer);
++	jitterbuffer=500;
+     }
+-    rt_set_periodic_mode();
+-#endif
+-    i = 0;
++    printk(KERN_INFO "zaphfc: jitterbuffer size: %d\n",jitterbuffer);
+     while (id_list[i].vendor_id) {
+ 	multi_hfc = NULL;
+ 	hfc_findCards(id_list[i].vendor_id, id_list[i].device_id, id_list[i].vendor_name, id_list[i].card_name);
+ 	i++;
+     }
+-#ifdef RTAITIMING
+-    for (i=0; i < hfc_MAX_CARDS; i++) {
+-        if (rtai_hfc_list[i]) {
+-	    printk(KERN_INFO
+-		       "zaphfc: configured %d at mem %#x fifo %#x(%#x) for realtime servicing\n",
+-			rtai_hfc_list[i]->cardno,
+-		       (u_int) rtai_hfc_list[i]->pci_io,
+-		       (u_int) rtai_hfc_list[i]->fifos,
+-		       (u_int) virt_to_bus(rtai_hfc_list[i]->fifos));
+-
+-	}
+-    }
+-    rt_task_init(&rt_task, rtai_loop, 1, STACK_SIZE, TASK_PRIORITY, 0, 0);
+-    tick_period = start_rt_timer(nano2count(TICK_PERIOD));
+-    rt_task_make_periodic(&rt_task, rt_get_time() + tick_period, tick_period);
+-#endif
+     printk(KERN_INFO "zaphfc: %d hfc-pci card(s) in this box.\n", hfc_dev_count);
+     return 0;
+ }
+ 
+ void cleanup_module(void) {
+     struct hfc_card *tmpcard;
+-#ifdef RTAITIMING
+-    stop_rt_timer();
+-    rt_task_delete(&rt_task);
+-#endif
++
+     printk(KERN_INFO "zaphfc: stop\n");
+ //    spin_lock(&registerlock);
++    tmpcard=hfc_dev_list;
++    while(tmpcard){
++	hfc_shutdownCard1(tmpcard);
++	tmpcard=tmpcard->next;
++    }
+     while (hfc_dev_list != NULL) {
+ 	if (hfc_dev_list == NULL) break;
+-	hfc_shutdownCard(hfc_dev_list);
++	hfc_shutdownCard2(hfc_dev_list);
+ 	tmpcard = hfc_dev_list;
+ 	hfc_dev_list = hfc_dev_list->next;
+ 	if (tmpcard != NULL) {
+-	    kfree(tmpcard);
++	    vfree(tmpcard);
+ 	    tmpcard = NULL;
+ 	    printk(KERN_INFO "zaphfc: freed one card.\n");
+ 	}
+@@ -1119,8 +893,11 @@
+ #endif
+ 
+ 
+-module_param(modes, int, 0600);
++module_param(modes, int, 0400);
+ module_param(debug, int, 0600);
++module_param(sync_slave, int, 0400);
++module_param(timer_card, int, 0400);
++module_param(jitterbuffer, int, 0400);
+ 
+ MODULE_DESCRIPTION("HFC-S PCI A Zaptel Driver");
+ MODULE_AUTHOR("Klaus-Peter Junghanns <kpj@junghanns.net>");
diff --git a/main/dahdi-linux/APKBUILD b/main/dahdi-linux/APKBUILD
new file mode 100644
index 0000000000..b0f6edf789
--- /dev/null
+++ b/main/dahdi-linux/APKBUILD
@@ -0,0 +1,35 @@
+# Contributor: Timo Teras <timo.teras@iki.fi>
+# Maintainer: Timo Teras <timo.teras@iki.fi>
+
+pkgname=dahdi-linux
+pkgver=2.2.0
+pkgrel=1
+pkgdesc="Firmware for Digium Asterisk Hardware Device Interface drivers"
+url="http://www.asterisk.org"
+license="GPL"
+depends=
+# we need wget and tar because make install downloads firmware and uses fancy
+# options for tar and wget.
+makedepends="wget tar"
+install=
+subpackages="$pkgname-dev"
+source="http://downloads.digium.com/pub/telephony/dahdi-linux/releases/$pkgname-$pkgver.tar.gz"
+
+# We onlin install the firwares in this package since those are common for all
+# kernel flavors. We also install the headers for the -dev package.
+#
+# The kernel drivers themselves are built from separate build recipe.
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch ../*.diff; do
+		[ -f "$i" ] || continue
+		msg "Applying $i"
+		patch -p1 < $i || return 1;
+	done
+
+	make DESTDIR="$pkgdir" HOTPLUG_FIRMWARE=yes \
+		install-include install-firmware 
+}
+
+md5sums="a6b1a24a436e1c1fd08b99d27cfe3f38  dahdi-linux-2.2.0.tar.gz"
diff --git a/main/dahdi-tools/APKBUILD b/main/dahdi-tools/APKBUILD
new file mode 100644
index 0000000000..9a1538fab6
--- /dev/null
+++ b/main/dahdi-tools/APKBUILD
@@ -0,0 +1,32 @@
+# Contributor: Timo Teras <timo.teras@iki.fi>
+# Maintainer: Timo Teras <timo.teras@iki.fi>
+pkgname=dahdi-tools
+pkgver=2.2.0
+pkgrel=0
+pkgdesc="Digium Asterisk Hardware Device Interface management utilities"
+url="http://www.asterisk.org"
+license="GPL"
+depends="dahdi-linux"
+depends_dev="dahdi-linux-dev newt-dev"
+makedepends="dahdi-linux-dev perl newt-dev"
+install=
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://downloads.digium.com/pub/telephony/dahdi-tools/releases/$pkgname-$pkgver.tar.gz
+	$pkgname.initd"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	sed -i -e 's/$(CC) $(LDFLAGS) -o $@ $^/$(CC) $^ $(LDFLAGS) -o $@/' Makefile
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/dahdi
+}
+
+md5sums="a018f452f3851a312ff51705ac44de37  dahdi-tools-2.2.0.tar.gz
+d9702271dba6ff250f4d9a252f4dbf4c  dahdi-tools.initd"
diff --git a/main/dahdi-tools/dahdi-tools.initd b/main/dahdi-tools/dahdi-tools.initd
new file mode 100644
index 0000000000..5e99122a5a
--- /dev/null
+++ b/main/dahdi-tools/dahdi-tools.initd
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+
+conf=/etc/dahdi/system.conf
+
+depend() {
+	before asterisk
+	after hwdrivers modules
+	keyword novserver
+}
+
+start() {
+	ebegin "Starting dahdi"
+	/usr/sbin/dahdi_cfg
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping dahdi"
+	/usr/sbin/dahdi_cfg -s
+	eend $?
+}
diff --git a/main/dansguardian/APKBUILD b/main/dansguardian/APKBUILD
new file mode 100644
index 0000000000..24c50a6333
--- /dev/null
+++ b/main/dansguardian/APKBUILD
@@ -0,0 +1,39 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dansguardian
+pkgver=2.10.0.3
+pkgrel=3
+pkgdesc="Web content filter"
+url="http://dansguardian.org"
+license="GPL"
+depends=
+makedepends="zlib-dev uclibc++-dev pcre-dev pkgconfig libiconv-dev"
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc"
+source="http://dansguardian.org/downloads/2/Stable/$pkgname-$pkgver.tar.gz
+	dansguardian.initd
+	$install
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	export CXX=g++-uc
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-proxyuser=dansguar \
+		--with-proxygroup=dansguar \
+		--with-logdir=/var/log/dansguardian \
+		--with-piddir=/var/run/ \
+		--enable-ntlm
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -D -m 755 ../dansguardian.initd "$pkgdir"/etc/init.d/dansguardian
+}
+
+md5sums="68c8e9a97a3b58d2467a19cb15db5599  dansguardian-2.10.0.3.tar.gz
+0c04f74cd5db9fc7a8e80b407ec34214  dansguardian.initd
+ab4e1104633aad0595a8b530fceb810a  dansguardian.pre-install"
diff --git a/main/dansguardian/dansguardian.initd b/main/dansguardian/dansguardian.initd
new file mode 100644
index 0000000000..e8f8e94cc3
--- /dev/null
+++ b/main/dansguardian/dansguardian.initd
@@ -0,0 +1,32 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/dansguardian/files/dansguardian.init,v 1.2 2005/12/08 22:15:11 mrness Exp $
+
+opts="{$opts} reload"
+
+depend() {
+	need net
+	use dns \
+		squid apache2 bfilter mman junkbuster oops polipo privoxy tinyproxy wwwoffled
+}
+
+start() {
+	ebegin "Starting DansGuardian"
+	start-stop-daemon --start --quiet --pidfile /var/run/dansguardian.pid \
+		--exec /usr/sbin/dansguardian
+eend 0
+}
+
+stop() {
+	ebegin "Stopping DansGuardian"
+	start-stop-daemon --stop --quiet --pidfile /var/run/dansguardian.pid
+eend 0
+}
+
+reload() {
+	ebegin "Reloading DansGuardian"
+	/usr/sbin/dansguardian -g
+eend 0
+}
+
diff --git a/main/dansguardian/dansguardian.pre-install b/main/dansguardian/dansguardian.pre-install
new file mode 100644
index 0000000000..2d06f3a6f6
--- /dev/null
+++ b/main/dansguardian/dansguardian.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser -h /var/log/dansguardian -s /bin/false -D dansguar 2>/dev/null
+exit 0
+
diff --git a/main/db/APKBUILD b/main/db/APKBUILD
new file mode 100644
index 0000000000..00940e41c6
--- /dev/null
+++ b/main/db/APKBUILD
@@ -0,0 +1,49 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=db
+pkgver=4.7.25.4
+_ver=${pkgver%.*}
+pkgrel=0
+pkgdesc="The Berkeley DB embedded database system 4.7"
+url="http://www.oracle.com/technology/software/products/berkeley-db/index.html"
+license="custom"
+depends=
+makedepends=
+subpackages="$pkgname-dev $pkgname-doc"
+# Patches were found here:
+# http://www.oracle.com/technology/products/berkeley-db/db/update/4.7.25/patch.4.7.25.html
+source="http://download-uk.oracle.com/berkeley-db/db-$_ver.tar.gz
+	patch.$_ver.1
+	patch.$_ver.2
+	patch.$_ver.3
+	patch.$_ver.4
+	"
+
+build () { 
+	cd "$srcdir"/db-$_ver
+	for i in ../patch.*; do
+		msg "Applying $i..."
+		patch -p0 < $i || return 1
+	done
+
+	cd build_unix
+	../dist/configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--enable-compat185 \
+		--enable-shared \
+		--disable-static \
+		--disable-cxx
+	make LIBSO_LIBS=-lpthread || return 1
+	make DESTDIR="$pkgdir" install
+
+	mkdir -p "$pkgdir"/usr/share/doc
+	mv "$pkgdir"/usr/docs "$pkgdir"/usr/share/doc/$pkgname
+
+	install -D -m644 "$srcdir"/db-$_ver/LICENSE \
+		"$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+}
+
+md5sums="ec2b87e833779681a0c3a814aa71359e  db-4.7.25.tar.gz
+5fdf101259e5164dea1c8c86214fde38  patch.4.7.25.1
+bd410a11c71fee52fddb6aa2d8d4f80c  patch.4.7.25.2
+6fcd69f64f5b34bfe8f0a63cc2e402c1  patch.4.7.25.3
+42c5d1a727e4a7f59b9dce12ff2f6b84  patch.4.7.25.4"
diff --git a/main/db/patch.4.7.25.1 b/main/db/patch.4.7.25.1
new file mode 100644
index 0000000000..3c7e23ce07
--- /dev/null
+++ b/main/db/patch.4.7.25.1
@@ -0,0 +1,75 @@
+*** sequence/sequence.c.orig	2008-05-05 13:25:09.000000000 -0700

+--- sequence/sequence.c	2008-08-15 09:58:46.000000000 -0700

+***************

+*** 187,193 ****

+  	if ((ret = __db_get_flags(dbp, &tflags)) != 0)

+  		goto err;

+  

+! 	if (DB_IS_READONLY(dbp)) {

+  		ret = __db_rdonly(dbp->env, "DB_SEQUENCE->open");

+  		goto err;

+  	}

+--- 187,197 ----

+  	if ((ret = __db_get_flags(dbp, &tflags)) != 0)

+  		goto err;

+  

+! 	/*

+! 	 * We can let replication clients open sequences, but must

+! 	 * check later that they do not update them.

+! 	 */

+! 	if (F_ISSET(dbp, DB_AM_RDONLY)) {

+  		ret = __db_rdonly(dbp->env, "DB_SEQUENCE->open");

+  		goto err;

+  	}

+***************

+*** 244,249 ****

+--- 248,258 ----

+  		if ((ret != DB_NOTFOUND && ret != DB_KEYEMPTY) ||

+  		    !LF_ISSET(DB_CREATE))

+  			goto err;

++ 		if (IS_REP_CLIENT(env) &&

++ 		    !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {

++ 			ret = __db_rdonly(env, "DB_SEQUENCE->open");

++ 			goto err;

++ 		}

+  		ret = 0;

+  

+  		rp = &seq->seq_record;

+***************

+*** 296,302 ****

+  	 */

+  	rp = seq->seq_data.data;

+  	if (rp->seq_version == DB_SEQUENCE_OLDVER) {

+! oldver:		rp->seq_version = DB_SEQUENCE_VERSION;

+  		if (!F_ISSET(env, ENV_LITTLEENDIAN)) {

+  			if (IS_DB_AUTO_COMMIT(dbp, txn)) {

+  				if ((ret =

+--- 305,316 ----

+  	 */

+  	rp = seq->seq_data.data;

+  	if (rp->seq_version == DB_SEQUENCE_OLDVER) {

+! oldver:		if (IS_REP_CLIENT(env) &&

+! 		    !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {

+! 			ret = __db_rdonly(env, "DB_SEQUENCE->open");

+! 			goto err;

+! 		}

+! 		rp->seq_version = DB_SEQUENCE_VERSION;

+  		if (!F_ISSET(env, ENV_LITTLEENDIAN)) {

+  			if (IS_DB_AUTO_COMMIT(dbp, txn)) {

+  				if ((ret =

+***************

+*** 707,712 ****

+--- 721,733 ----

+  

+  	MUTEX_LOCK(env, seq->mtx_seq);

+  

++ 	if (handle_check && IS_REP_CLIENT(env) &&

++ 	    !F_ISSET(dbp, DB_AM_NOT_DURABLE)) {

++ 		ret = __db_rdonly(env, "DB_SEQUENCE->get");

++ 		goto err;

++ 	}

++ 

++ 

+  	if (rp->seq_min + delta > rp->seq_max) {

+  		__db_errx(env, "Sequence overflow");

+  		ret = EINVAL;

diff --git a/main/db/patch.4.7.25.2 b/main/db/patch.4.7.25.2
new file mode 100644
index 0000000000..1f42dcec71
--- /dev/null
+++ b/main/db/patch.4.7.25.2
@@ -0,0 +1,71 @@
+Index: lock/lock.c

+===================================================================

+RCS file: /a/CVSROOT/db/lock/lock.c,v

+retrieving revision 12.61

+diff -c -r12.61 lock.c

+*** lock/lock.c	22 Jul 2008 12:08:53 -0000	12.61

+--- lock/lock.c	19 Aug 2008 17:28:24 -0000

+***************

+*** 1278,1287 ****

+  		SH_TAILQ_REMOVE(

+  		    &lt->obj_tab[obj_ndx], sh_obj, links, __db_lockobj);

+  		if (sh_obj->lockobj.size > sizeof(sh_obj->objdata)) {

+! 			LOCK_REGION_LOCK(env);

+  			__env_alloc_free(&lt->reginfo,

+  			    SH_DBT_PTR(&sh_obj->lockobj));

+! 			LOCK_REGION_UNLOCK(env);

+  		}

+  		SH_TAILQ_INSERT_HEAD(

+  		    &FREE_OBJS(lt, part_id), sh_obj, links, __db_lockobj);

+--- 1278,1289 ----

+  		SH_TAILQ_REMOVE(

+  		    &lt->obj_tab[obj_ndx], sh_obj, links, __db_lockobj);

+  		if (sh_obj->lockobj.size > sizeof(sh_obj->objdata)) {

+! 			if (region->part_t_size != 1)

+! 				LOCK_REGION_LOCK(env);

+  			__env_alloc_free(&lt->reginfo,

+  			    SH_DBT_PTR(&sh_obj->lockobj));

+! 			if (region->part_t_size != 1)

+! 				LOCK_REGION_UNLOCK(env);

+  		}

+  		SH_TAILQ_INSERT_HEAD(

+  		    &FREE_OBJS(lt, part_id), sh_obj, links, __db_lockobj);

+***************

+*** 1470,1484 ****

+  		if (obj->size <= sizeof(sh_obj->objdata))

+  			p = sh_obj->objdata;

+  		else {

+! 			LOCK_REGION_LOCK(env);

+  			if ((ret =

+  			    __env_alloc(&lt->reginfo, obj->size, &p)) != 0) {

+  				__db_errx(env,

+  				    "No space for lock object storage");

+! 				LOCK_REGION_UNLOCK(env);

+  				goto err;

+  			}

+! 			LOCK_REGION_UNLOCK(env);

+  		}

+  

+  		memcpy(p, obj->data, obj->size);

+--- 1472,1492 ----

+  		if (obj->size <= sizeof(sh_obj->objdata))

+  			p = sh_obj->objdata;

+  		else {

+! 			/*

+! 			 * If we have only one partition, the region is locked.

+! 			 */

+! 			if (region->part_t_size != 1)

+! 				LOCK_REGION_LOCK(env);

+  			if ((ret =

+  			    __env_alloc(&lt->reginfo, obj->size, &p)) != 0) {

+  				__db_errx(env,

+  				    "No space for lock object storage");

+! 				if (region->part_t_size != 1)

+! 					LOCK_REGION_UNLOCK(env);

+  				goto err;

+  			}

+! 			if (region->part_t_size != 1)

+! 				LOCK_REGION_UNLOCK(env);

+  		}

+  

+  		memcpy(p, obj->data, obj->size);

diff --git a/main/db/patch.4.7.25.3 b/main/db/patch.4.7.25.3
new file mode 100644
index 0000000000..b58a43074f
--- /dev/null
+++ b/main/db/patch.4.7.25.3
@@ -0,0 +1,314 @@
+*** lock/lock_deadlock.c	2008-03-11 00:31:33.000000000 +1100

+--- lock/lock_deadlock.c	2008-12-16 21:54:18.000000000 +1100

+***************

+*** 121,127 ****

+  	DB_LOCKTAB *lt;

+  	db_timespec now;

+  	locker_info *idmap;

+! 	u_int32_t *bitmap, *copymap, **deadp, **free_me, *tmpmap;

+  	u_int32_t i, cid, keeper, killid, limit, nalloc, nlockers;

+  	u_int32_t lock_max, txn_max;

+  	int ret, status;

+--- 121,127 ----

+  	DB_LOCKTAB *lt;

+  	db_timespec now;

+  	locker_info *idmap;

+! 	u_int32_t *bitmap, *copymap, **deadp, **deadlist, *tmpmap;

+  	u_int32_t i, cid, keeper, killid, limit, nalloc, nlockers;

+  	u_int32_t lock_max, txn_max;

+  	int ret, status;

+***************

+*** 133,139 ****

+  	if (IS_REP_CLIENT(env))

+  		atype = DB_LOCK_MINWRITE;

+  

+! 	free_me = NULL;

+  

+  	lt = env->lk_handle;

+  	if (rejectp != NULL)

+--- 133,140 ----

+  	if (IS_REP_CLIENT(env))

+  		atype = DB_LOCK_MINWRITE;

+  

+! 	copymap = tmpmap = NULL;

+! 	deadlist = NULL;

+  

+  	lt = env->lk_handle;

+  	if (rejectp != NULL)

+***************

+*** 179,189 ****

+  	memcpy(copymap, bitmap, nlockers * sizeof(u_int32_t) * nalloc);

+  

+  	if ((ret = __os_calloc(env, sizeof(u_int32_t), nalloc, &tmpmap)) != 0)

+! 		goto err1;

+  

+  	/* Find a deadlock. */

+  	if ((ret =

+! 	    __dd_find(env, bitmap, idmap, nlockers, nalloc, &deadp)) != 0)

+  		return (ret);

+  

+  	/*

+--- 180,190 ----

+  	memcpy(copymap, bitmap, nlockers * sizeof(u_int32_t) * nalloc);

+  

+  	if ((ret = __os_calloc(env, sizeof(u_int32_t), nalloc, &tmpmap)) != 0)

+! 		goto err;

+  

+  	/* Find a deadlock. */

+  	if ((ret =

+! 	    __dd_find(env, bitmap, idmap, nlockers, nalloc, &deadlist)) != 0)

+  		return (ret);

+  

+  	/*

+***************

+*** 204,211 ****

+  		txn_max = TXN_MAXIMUM;

+  

+  	killid = BAD_KILLID;

+! 	free_me = deadp;

+! 	for (; *deadp != NULL; deadp++) {

+  		if (rejectp != NULL)

+  			++*rejectp;

+  		killid = (u_int32_t)(*deadp - bitmap) / nalloc;

+--- 205,211 ----

+  		txn_max = TXN_MAXIMUM;

+  

+  	killid = BAD_KILLID;

+! 	for (deadp = deadlist; *deadp != NULL; deadp++) {

+  		if (rejectp != NULL)

+  			++*rejectp;

+  		killid = (u_int32_t)(*deadp - bitmap) / nalloc;

+***************

+*** 342,352 ****

+  			__db_msg(env,

+  			    "Aborting locker %lx", (u_long)idmap[killid].id);

+  	}

+! 	__os_free(env, tmpmap);

+! err1:	__os_free(env, copymap);

+! 

+! err:	if (free_me != NULL)

+! 		__os_free(env, free_me);

+  	__os_free(env, bitmap);

+  	__os_free(env, idmap);

+  

+--- 342,353 ----

+  			__db_msg(env,

+  			    "Aborting locker %lx", (u_long)idmap[killid].id);

+  	}

+! err:	if(copymap != NULL)

+! 		__os_free(env, copymap);

+! 	if (deadlist != NULL)

+! 		__os_free(env, deadlist);

+! 	if(tmpmap != NULL)

+! 		__os_free(env, tmpmap);

+  	__os_free(env, bitmap);

+  	__os_free(env, idmap);

+  

+***************

+*** 360,365 ****

+--- 361,377 ----

+  

+  #define	DD_INVALID_ID	((u_int32_t) -1)

+  

++ /*

++  * __dd_build --

++  *	Build the lock dependency bit maps.

++  * Notes on syncronization:  

++  *	LOCK_SYSTEM_LOCK is used to hold objects locked when we have

++  *		a single partition.

++  *	LOCK_LOCKERS is held while we are walking the lockers list and

++  *		to single thread the use of lockerp->dd_id.

++  *	LOCK_DD protects the DD list of objects.

++  */

++ 

+  static int

+  __dd_build(env, atype, bmp, nlockers, allocp, idmap, rejectp)

+  	ENV *env;

+***************

+*** 393,398 ****

+--- 405,411 ----

+  	 * In particular we do not build the conflict array and our caller

+  	 * needs to expect this.

+  	 */

++ 	LOCK_SYSTEM_LOCK(lt, region);

+  	if (atype == DB_LOCK_EXPIRE) {

+  skip:		LOCK_DD(env, region);

+  		op = SH_TAILQ_FIRST(&region->dd_objs, __db_lockobj);

+***************

+*** 430,446 ****

+  			OBJECT_UNLOCK(lt, region, indx);

+  		}

+  		UNLOCK_DD(env, region);

+  		goto done;

+  	}

+  

+  	/*

+! 	 * We'll check how many lockers there are, add a few more in for

+! 	 * good measure and then allocate all the structures.  Then we'll

+! 	 * verify that we have enough room when we go back in and get the

+! 	 * mutex the second time.

+  	 */

+! retry:	count = region->stat.st_nlockers;

+  	if (count == 0) {

+  		*nlockers = 0;

+  		return (0);

+  	}

+--- 443,460 ----

+  			OBJECT_UNLOCK(lt, region, indx);

+  		}

+  		UNLOCK_DD(env, region);

++ 		LOCK_SYSTEM_UNLOCK(lt, region);

+  		goto done;

+  	}

+  

+  	/*

+! 	 * Allocate after locking the region

+! 	 * to make sure the structures are large enough.

+  	 */

+! 	LOCK_LOCKERS(env, region);

+! 	count = region->stat.st_nlockers;

+  	if (count == 0) {

++ 		UNLOCK_LOCKERS(env, region);

+  		*nlockers = 0;

+  		return (0);

+  	}

+***************

+*** 448,497 ****

+  	if (FLD_ISSET(env->dbenv->verbose, DB_VERB_DEADLOCK))

+  		__db_msg(env, "%lu lockers", (u_long)count);

+  

+- 	count += 20;

+  	nentries = (u_int32_t)DB_ALIGN(count, 32) / 32;

+  

+! 	/*

+! 	 * Allocate enough space for a count by count bitmap matrix.

+! 	 *

+! 	 * XXX

+! 	 * We can probably save the malloc's between iterations just

+! 	 * reallocing if necessary because count grew by too much.

+! 	 */

+  	if ((ret = __os_calloc(env, (size_t)count,

+! 	    sizeof(u_int32_t) * nentries, &bitmap)) != 0)

+  		return (ret);

+  

+  	if ((ret = __os_calloc(env,

+  	    sizeof(u_int32_t), nentries, &tmpmap)) != 0) {

+  		__os_free(env, bitmap);

+  		return (ret);

+  	}

+  

+  	if ((ret = __os_calloc(env,

+  	    (size_t)count, sizeof(locker_info), &id_array)) != 0) {

+  		__os_free(env, bitmap);

+  		__os_free(env, tmpmap);

+  		return (ret);

+  	}

+  

+  	/*

+- 	 * Now go back in and actually fill in the matrix.

+- 	 */

+- 	if (region->stat.st_nlockers > count) {

+- 		__os_free(env, bitmap);

+- 		__os_free(env, tmpmap);

+- 		__os_free(env, id_array);

+- 		goto retry;

+- 	}

+- 

+- 	/*

+  	 * First we go through and assign each locker a deadlock detector id.

+  	 */

+  	id = 0;

+- 	LOCK_LOCKERS(env, region);

+  	SH_TAILQ_FOREACH(lip, &region->lockers, ulinks, __db_locker) {

+  		if (lip->master_locker == INVALID_ROFF) {

+  			lip->dd_id = id++;

+  			id_array[lip->dd_id].id = lip->id;

+  			switch (atype) {

+--- 462,498 ----

+  	if (FLD_ISSET(env->dbenv->verbose, DB_VERB_DEADLOCK))

+  		__db_msg(env, "%lu lockers", (u_long)count);

+  

+  	nentries = (u_int32_t)DB_ALIGN(count, 32) / 32;

+  

+! 	/* Allocate enough space for a count by count bitmap matrix. */

+  	if ((ret = __os_calloc(env, (size_t)count,

+! 	    sizeof(u_int32_t) * nentries, &bitmap)) != 0) {

+! 		UNLOCK_LOCKERS(env, region);

+  		return (ret);

++ 	}

+  

+  	if ((ret = __os_calloc(env,

+  	    sizeof(u_int32_t), nentries, &tmpmap)) != 0) {

++ 		UNLOCK_LOCKERS(env, region);

+  		__os_free(env, bitmap);

+  		return (ret);

+  	}

+  

+  	if ((ret = __os_calloc(env,

+  	    (size_t)count, sizeof(locker_info), &id_array)) != 0) {

++ 		UNLOCK_LOCKERS(env, region);

+  		__os_free(env, bitmap);

+  		__os_free(env, tmpmap);

+  		return (ret);

+  	}

+  

+  	/*

+  	 * First we go through and assign each locker a deadlock detector id.

+  	 */

+  	id = 0;

+  	SH_TAILQ_FOREACH(lip, &region->lockers, ulinks, __db_locker) {

+  		if (lip->master_locker == INVALID_ROFF) {

++ 			DB_ASSERT(env, id < count);

+  			lip->dd_id = id++;

+  			id_array[lip->dd_id].id = lip->id;

+  			switch (atype) {

+***************

+*** 510,516 ****

+  			lip->dd_id = DD_INVALID_ID;

+  

+  	}

+- 	UNLOCK_LOCKERS(env, region);

+  

+  	/*

+  	 * We only need consider objects that have waiters, so we use

+--- 511,516 ----

+***************

+*** 669,675 ****

+  	 * status after building the bit maps so that we will not detect

+  	 * a blocked transaction without noting that it is already aborting.

+  	 */

+- 	LOCK_LOCKERS(env, region);

+  	for (id = 0; id < count; id++) {

+  		if (!id_array[id].valid)

+  			continue;

+--- 669,674 ----

+***************

+*** 738,743 ****

+--- 737,743 ----

+  			id_array[id].in_abort = 1;

+  	}

+  	UNLOCK_LOCKERS(env, region);

++ 	LOCK_SYSTEM_UNLOCK(lt, region);

+  

+  	/*

+  	 * Now we can release everything except the bitmap matrix that we

+***************

+*** 839,844 ****

+--- 839,845 ----

+  	ret = 0;

+  

+  	/* We must lock so this locker cannot go away while we abort it. */

++ 	LOCK_SYSTEM_LOCK(lt, region);

+  	LOCK_LOCKERS(env, region);

+  

+  	/*

+***************

+*** 895,900 ****

+--- 896,902 ----

+  done:	OBJECT_UNLOCK(lt, region, info->last_ndx);

+  err:

+  out:	UNLOCK_LOCKERS(env, region);

++ 	LOCK_SYSTEM_UNLOCK(lt, region);

+  	return (ret);

+  }

+  

diff --git a/main/db/patch.4.7.25.4 b/main/db/patch.4.7.25.4
new file mode 100644
index 0000000000..7a55340023
--- /dev/null
+++ b/main/db/patch.4.7.25.4
@@ -0,0 +1,183 @@
+*** dbinc/repmgr.h.orig	2009-05-04 10:33:55.000000000 -0400
+--- dbinc/repmgr.h	2009-05-04 10:27:26.000000000 -0400
+***************
+*** 374,379 ****
+--- 374,380 ----
+  #define	SITE_FROM_EID(eid)	(&db_rep->sites[eid])
+  #define	EID_FROM_SITE(s)	((int)((s) - (&db_rep->sites[0])))
+  #define	IS_VALID_EID(e)		((e) >= 0)
++ #define	IS_KNOWN_REMOTE_SITE(e)	((e) >= 0 && ((u_int)(e)) < db_rep->site_cnt)
+  #define	SELF_EID		INT_MAX
+  
+  #define	IS_PEER_POLICY(p) ((p) == DB_REPMGR_ACKS_ALL_PEERS ||		\
+*** rep/rep_elect.c.orig	2009-05-04 10:35:50.000000000 -0400
+--- rep/rep_elect.c	2009-05-04 10:31:24.000000000 -0400
+***************
+*** 33,39 ****
+  static int __rep_fire_elected __P((ENV *, REP *, u_int32_t));
+  static void __rep_elect_master __P((ENV *, REP *));
+  static int __rep_tally __P((ENV *, REP *, int, u_int32_t *, u_int32_t, roff_t));
+! static int __rep_wait __P((ENV *, db_timeout_t *, int *, int, u_int32_t));
+  
+  /*
+   * __rep_elect --
+--- 33,39 ----
+  static int __rep_fire_elected __P((ENV *, REP *, u_int32_t));
+  static void __rep_elect_master __P((ENV *, REP *));
+  static int __rep_tally __P((ENV *, REP *, int, u_int32_t *, u_int32_t, roff_t));
+! static int __rep_wait __P((ENV *, db_timeout_t *, int, u_int32_t));
+  
+  /*
+   * __rep_elect --
+***************
+*** 55,61 ****
+  	ENV *env;
+  	LOG *lp;
+  	REP *rep;
+! 	int done, eid, elected, full_elect, locked, in_progress, need_req;
+  	int ret, send_vote, t_ret;
+  	u_int32_t ack, ctlflags, egen, nsites, orig_tally, priority, realpri;
+  	u_int32_t tiebreaker;
+--- 55,61 ----
+  	ENV *env;
+  	LOG *lp;
+  	REP *rep;
+! 	int done, elected, full_elect, locked, in_progress, need_req;
+  	int ret, send_vote, t_ret;
+  	u_int32_t ack, ctlflags, egen, nsites, orig_tally, priority, realpri;
+  	u_int32_t tiebreaker;
+***************
+*** 181,188 ****
+  			REP_SYSTEM_UNLOCK(env);
+  			(void)__rep_send_message(env, DB_EID_BROADCAST,
+  			    REP_MASTER_REQ, NULL, NULL, 0, 0);
+! 			ret = __rep_wait(env, &to, &eid,
+! 			    0, REP_F_EPHASE0);
+  			REP_SYSTEM_LOCK(env);
+  			F_CLR(rep, REP_F_EPHASE0);
+  			switch (ret) {
+--- 181,187 ----
+  			REP_SYSTEM_UNLOCK(env);
+  			(void)__rep_send_message(env, DB_EID_BROADCAST,
+  			    REP_MASTER_REQ, NULL, NULL, 0, 0);
+! 			ret = __rep_wait(env, &to, 0, REP_F_EPHASE0);
+  			REP_SYSTEM_LOCK(env);
+  			F_CLR(rep, REP_F_EPHASE0);
+  			switch (ret) {
+***************
+*** 286,296 ****
+  		REP_SYSTEM_LOCK(env);
+  		goto vote;
+  	}
+! 	ret = __rep_wait(env, &to, &eid, full_elect, REP_F_EPHASE1);
+  	switch (ret) {
+  		case 0:
+  			/* Check if election complete or phase complete. */
+! 			if (eid != DB_EID_INVALID && !IN_ELECTION(rep)) {
+  				RPRINT(env, DB_VERB_REP_ELECT,
+  				    (env, "Ended election phase 1"));
+  				goto edone;
+--- 285,295 ----
+  		REP_SYSTEM_LOCK(env);
+  		goto vote;
+  	}
+! 	ret = __rep_wait(env, &to, full_elect, REP_F_EPHASE1);
+  	switch (ret) {
+  		case 0:
+  			/* Check if election complete or phase complete. */
+! 			if (!IN_ELECTION(rep)) {
+  				RPRINT(env, DB_VERB_REP_ELECT,
+  				    (env, "Ended election phase 1"));
+  				goto edone;
+***************
+*** 398,412 ****
+  		REP_SYSTEM_LOCK(env);
+  		goto i_won;
+  	}
+! 	ret = __rep_wait(env, &to, &eid, full_elect, REP_F_EPHASE2);
+  	RPRINT(env, DB_VERB_REP_ELECT,
+  	    (env, "Ended election phase 2 %d", ret));
+  	switch (ret) {
+  		case 0:
+! 			if (eid != DB_EID_INVALID)
+! 				goto edone;
+! 			ret = DB_REP_UNAVAIL;
+! 			break;
+  		case DB_REP_EGENCHG:
+  			if (to > timeout)
+  				to = timeout;
+--- 397,408 ----
+  		REP_SYSTEM_LOCK(env);
+  		goto i_won;
+  	}
+! 	ret = __rep_wait(env, &to, full_elect, REP_F_EPHASE2);
+  	RPRINT(env, DB_VERB_REP_ELECT,
+  	    (env, "Ended election phase 2 %d", ret));
+  	switch (ret) {
+  		case 0:
+! 			goto edone;
+  		case DB_REP_EGENCHG:
+  			if (to > timeout)
+  				to = timeout;
+***************
+*** 1050,1062 ****
+  	ENV *env;
+  	REP *rep;
+  {
+- 	/*
+- 	 * We often come through here twice, sometimes even more.  We mustn't
+- 	 * let the redundant calls affect stats counting.  But rep_elect relies
+- 	 * on this first part for setting eidp.
+- 	 */
+- 	rep->master_id = rep->eid;
+- 
+  	if (F_ISSET(rep, REP_F_MASTERELECT | REP_F_MASTER)) {
+  		/* We've been through here already; avoid double counting. */
+  		return;
+--- 1046,1051 ----
+***************
+*** 1093,1102 ****
+  	(timeout > 5000000) ? 500000 : ((timeout >= 10) ? timeout / 10 : 1);
+  
+  static int
+! __rep_wait(env, timeoutp, eidp, full_elect, flags)
+  	ENV *env;
+  	db_timeout_t *timeoutp;
+! 	int *eidp, full_elect;
+  	u_int32_t flags;
+  {
+  	DB_REP *db_rep;
+--- 1082,1091 ----
+  	(timeout > 5000000) ? 500000 : ((timeout >= 10) ? timeout / 10 : 1);
+  
+  static int
+! __rep_wait(env, timeoutp, full_elect, flags)
+  	ENV *env;
+  	db_timeout_t *timeoutp;
+! 	int full_elect;
+  	u_int32_t flags;
+  {
+  	DB_REP *db_rep;
+***************
+*** 1174,1180 ****
+  			F_CLR(rep, REP_F_EGENUPDATE);
+  			ret = DB_REP_EGENCHG;
+  		} else if (phase_over) {
+- 			*eidp = rep->master_id;
+  			done = 1;
+  			ret = 0;
+  		}
+--- 1163,1168 ----
+*** repmgr/repmgr_net.c.orig	2009-05-04 10:34:46.000000000 -0400
+--- repmgr/repmgr_net.c	2009-05-04 10:27:26.000000000 -0400
+***************
+*** 100,105 ****
+--- 100,107 ----
+  		    control, rec, &nsites_sent, &npeers_sent)) != 0)
+  			goto out;
+  	} else {
++ 		DB_ASSERT(env, IS_KNOWN_REMOTE_SITE(eid));
++ 
+  		/*
+  		 * If this is a request that can be sent anywhere, then see if
+  		 * we can send it to our peer (to save load on the master), but
diff --git a/main/device-mapper/APKBUILD b/main/device-mapper/APKBUILD
new file mode 100644
index 0000000000..3384137567
--- /dev/null
+++ b/main/device-mapper/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=device-mapper
+pkgver=1.02.28
+pkgrel=0
+pkgdesc="Device mapper userspace library and tools."
+url="http://sourceware.org/dm/"
+license="GPL"
+depends="uclibc"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://sources.redhat.com/pub/dm/$pkgname.$pkgver.tgz"
+
+build() {
+	cd "$srcdir"/$pkgname.$pkgver
+
+	./configure --prefix=/usr \
+		--sbindir=/sbin \
+		--libdir=/lib \
+		--enable-dmeventd \
+		CLDFLAGS="$LDFLAGS" \
+		|| return 1
+
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+}
+md5sums="c9ae0776994a419f9e1ba842164bb626  device-mapper.1.02.28.tgz"
diff --git a/main/dhcp/APKBUILD b/main/dhcp/APKBUILD
new file mode 100644
index 0000000000..01bb25e91d
--- /dev/null
+++ b/main/dhcp/APKBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dhcp
+pkgver=4.1.0_p1
+_realver=4.1.0p1
+pkgrel=0
+pkgdesc="ISC Dynamic Host Configuration Protocol (DHCP)"
+url="https://www.isc.org/"
+license="GPL"
+depends=
+makedepends=
+install="dhcp.pre-upgrade dhcp.post-upgrade"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://ftp.isc.org/isc/dhcp/$pkgname-$_realver.tar.gz
+	$install
+	dhcpd.confd
+	dhcpd.initd"
+
+build() {
+	cd "$srcdir/$pkgname-$_realver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -m755 -D "$srcdir"/dhcpd.initd "$pkgdir"/etc/init.d/dhcpd
+	install -m644 -D "$srcdir"/dhcpd.confd "$pkgdir"/etc/conf.d/dhcpd
+}
+
+md5sums="325ff8338c5a21f89d5304ac13ffebdf  dhcp-4.1.0p1.tar.gz
+6cc49497f3c30ccd37fc7c032f7810c6  dhcp.pre-upgrade
+a7b81948ceab73dd10de275ebc00e7eb  dhcp.post-upgrade
+df32707f5bbe5363306420b5dc6e6b40  dhcpd.confd
+5df9a87539bedc98a1cbc7e38b290928  dhcpd.initd"
diff --git a/main/dhcp/dhcp.post-upgrade b/main/dhcp/dhcp.post-upgrade
new file mode 100644
index 0000000000..b16fea6b4a
--- /dev/null
+++ b/main/dhcp/dhcp.post-upgrade
@@ -0,0 +1,18 @@
+#!/bin/sh
+
+# we have renamed dhcp to dhcpd. Try cleanup for users
+
+moved=
+for i in /etc/runlevel/*/dhcp; do
+	if [ -L "$i" ]; then
+		mv ${i} ${i}d
+		moved=1
+	fi
+done
+
+if [ -n "$moved" ]; then
+	echo " *"
+	echo " * NOTICE: the /etc/init.d/dhcp script have been renamed to /etc/init.d/dhcpd"
+	echo " *"
+fi
+
diff --git a/main/dhcp/dhcp.pre-upgrade b/main/dhcp/dhcp.pre-upgrade
new file mode 100644
index 0000000000..090f654b9a
--- /dev/null
+++ b/main/dhcp/dhcp.pre-upgrade
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+# script renamed. Try save users settings if needed
+
+if [ -f /etc/conf.d/dhcp ] && [ ! -f /etc/conf.d/dhcpd ]; then
+	mv /etc/conf.d/dhcp /etc/conf.d/dhcpd
+fi
+
diff --git a/main/dhcp/dhcpd.confd b/main/dhcp/dhcpd.confd
new file mode 100644
index 0000000000..df09ec7082
--- /dev/null
+++ b/main/dhcp/dhcpd.confd
@@ -0,0 +1,30 @@
+# /etc/conf.d/dhcpd: config file for /etc/init.d/dhcpd
+
+# If you require more than one instance of dhcpd you can create symbolic
+# links to dhcpd service like so
+#   cd /etc/init.d
+#   ln -s dhcpd dhcpd.foo
+#   cd ../conf.d
+#   cp dhcpd dhcpd.foo
+# Now you can edit dhcpd.foo and specify a different configuration file.
+# You'll also need to specify a pidfile in that dhcpd.conf file.
+# See the pid-file-name option in the dhcpd.conf man page for details.
+
+# If you wish to run dhcpd in a chroot, uncomment the following line
+# DHCPD_CHROOT="/chroot/dhcp"
+
+# Then run emerge dhcp --config
+# All file paths below are relative to the chroot.
+# You can specify a different chroot directory but MAKE SURE it's empty.
+
+# Specify a configuration file - the default is /etc/dhcp/dhcpd.conf
+# DHCPD_CONF="/etc/dhcp/dhcpd.conf"
+
+# Configure which interface or interfaces to for dhcpd to listen on.
+# List all interfaces space separated. If this is not specified then
+# we listen on all interfaces.
+# DHCPD_IFACE=""
+
+# Insert any other dhcpd options - see the man page for a full list.
+# DHCPD_OPTS=""
+
diff --git a/main/dhcp/dhcpd.initd b/main/dhcp/dhcpd.initd
new file mode 100644
index 0000000000..cc9727fc7c
--- /dev/null
+++ b/main/dhcp/dhcpd.initd
@@ -0,0 +1,72 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-misc/dhcp/files/dhcpd.init,v 1.5 2007/04/02 12:34:01 uberlord Exp $
+
+DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf}
+
+depend() {
+	need net
+	use logger dns
+}
+
+get_var() {
+	sed -n 's/^[[:blank:]]\?'"$1"' "*\([^#";]\+\).*/\1/p' \
+		"${DHCPD_CHROOT}/${DHCPD_CONF}"
+}
+
+start() {
+	# Work out our cffile if it's on our DHCPD_OPTS
+	case " ${DHCPD_OPTS} " in
+		*" -cf "*) 
+			DHCPD_CONF=" ${DHCPD_OPTS} "
+			DHCPD_CONF="${DHCPD_CONF##* -cf }"
+			DHCPD_CONF="${DHCPD_CONF%% *}"
+			;;
+		*)	DHCPD_OPTS="${DHCPD_OPTS} -cf ${DHCPD_CONF}"
+			;;
+	esac
+
+	if [ ! -f "${DHCPD_CHROOT}/${DHCPD_CONF}" ] ; then
+		eerror "${DHCPD_CHROOT}/${DHCPD_CONF} does not exist"
+		return 1
+	fi
+
+	local leasefile="$(get_var lease-file-name)"
+	leasefile="${DHCPD_CHROOT}/${leasefile:-/var/lib/dhcp/dhcpd.leases}"
+	if [ ! -f "${leasefile}" ] ; then
+		ebegin "Creating ${leasefile}"
+		touch "${leasefile}"
+		chown dhcp:dhcp "${leasefile}"
+		eend $? || return 1
+	fi
+
+	# Setup LD_PRELOAD so name resolution works in our chroot.
+	if [ -n "${DHCPD_CHROOT}" ] ; then
+	    LD_PRELOAD="${LD_PRELOAD} /usr/lib/libresolv.so"
+	    export LD_PRELOAD="${LD_PRELOAD} /usr/lib/libnss_dns.so"
+	fi
+
+	local pidfile="$(get_var pid-file-name)"
+	pidfile="${pidfile:-/var/run/dhcp/dhcpd.pid}"
+
+	ebegin "Starting ${DHCPD_CHROOT:+chrooted }${SVCNAME}"
+	start-stop-daemon --start --exec /usr/sbin/dhcpd \
+		--pidfile "${DHCPD_CHROOT}/${pidfile}" \
+		-- ${DHCPD_OPTS} -q -pf "${pidfile}" \
+		-user dhcp -group dhcp \
+		${DHCPD_CHROOT:+-chroot} ${DHCPD_CHROOT} ${DHCPD_IFACE}
+	eend $? \
+	    && save_options chroot "${DHCPD_CHROOT}" \
+	    && save_options pidfile "${pidfile}"
+}
+
+stop() {
+	local chroot="$(get_options chroot)"
+
+	ebegin "Stopping ${chroot:+chrooted }${SVCNAME}"
+	start-stop-daemon --stop --exec /usr/sbin/dhcpd \
+	    --pidfile "${chroot}/$(get_options pidfile)"
+	eend $?
+}
+
diff --git a/main/dhcpcd/APKBUILD b/main/dhcpcd/APKBUILD
new file mode 100644
index 0000000000..110f2c4c0b
--- /dev/null
+++ b/main/dhcpcd/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dhcpcd
+pkgver=5.0.6
+pkgrel=0
+pkgdesc="RFC2131 compliant DHCP client"
+url="http://roy.marples.name/projects/dhcpcd/"
+license="BSD-2"
+depends=
+makedepends=""
+install=
+subpackages="$pkgname-doc"
+source="http://roy.marples.name/downloads/dhcpcd/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make LIBEXECDIR=/lib/dhcpcd \
+		DBDIR=/var/lib/dhcpcd
+	make LIBEXECDIR=/lib/dhcpcd \
+		DBDIR=/var/lib/dhcpcd \
+		DESTDIR="$pkgdir" \
+		install
+
+}
+
+md5sums="600716ddbfa2525a7ef7ae0968a8158a  dhcpcd-5.0.6.tar.bz2"
diff --git a/main/dialog/APKBUILD b/main/dialog/APKBUILD
new file mode 100644
index 0000000000..99619e31cf
--- /dev/null
+++ b/main/dialog/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dialog
+pkgver=1.1.20080819
+_ver=${pkgver%.*}-${pkgver##*.}
+pkgrel=0
+pkgdesc="A script-interpreter which provides a set of curses"
+url="http://invisible-island.net/dialog/dialog.html"
+license="GPL"
+depends="uclibc ncurses"
+makedepends="ncurses-dev"
+install=
+subpackages="$pkgname-doc"
+source="ftp://invisible-island.net/dialog/$pkgname.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$_ver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="3caebd641a9f337b980becb4444336c5  dialog.tar.gz"
diff --git a/main/diffutils/APKBUILD b/main/diffutils/APKBUILD
new file mode 100644
index 0000000000..5a9177130f
--- /dev/null
+++ b/main/diffutils/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=diffutils
+pkgver=2.8.1
+pkgrel=1
+pkgdesc="Show differences among files"
+subpackages="$pkgname-doc"
+url="http://www.gnu.org/software/diffutils/"
+license="GPL2"
+depends="uclibc"
+makedepends=""
+install="$pkgname.post-deinstall"
+source="http://ftp.gnu.org/pub/gnu/diffutils/diffutils-2.8.1.tar.gz
+$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make check || return 1
+	make install DESTDIR=$pkgdir
+}
+md5sums="71f9c5ae19b60608f6c7f162da86a428  diffutils-2.8.1.tar.gz
+e8da9a22c2389fe5e2846b8c0de45767  diffutils.post-deinstall"
diff --git a/main/diffutils/diffutils.post-deinstall b/main/diffutils/diffutils.post-deinstall
new file mode 100644
index 0000000000..c59247ad41
--- /dev/null
+++ b/main/diffutils/diffutils.post-deinstall
@@ -0,0 +1,2 @@
+#!/bin/sh
+busybox --install -s
diff --git a/main/dircproxy/1.0.5-CVE-2007-5226.patch b/main/dircproxy/1.0.5-CVE-2007-5226.patch
new file mode 100644
index 0000000000..1d9994228b
--- /dev/null
+++ b/main/dircproxy/1.0.5-CVE-2007-5226.patch
@@ -0,0 +1,12 @@
+diff -u dircproxy-1.0.5/src/irc_server.c dircproxy-1.0.5/src/irc_server.c
+--- dircproxy-1.0.5/src/irc_server.c
++++ dircproxy-1.0.5/src/irc_server.c
+@@ -1078,7 +1078,7 @@
+       
+         if (!strcmp(cmsg.cmd, "ACTION")) {
+           if (p->conn_class->log_events & IRC_LOG_ACTION)
+-            irclog_ctcp(p, msg.params[0], msg.src.orig, "%s", cmsg.orig);
++            irclog_ctcp(p, (msg.params != NULL ) ? msg.params[0]: "none", msg.src.orig, "%s", cmsg.orig);
+ 
+         } else if (!strcmp(cmsg.cmd, "DCC")
+                    && p->conn_class->dcc_proxy_incoming) {
diff --git a/main/dircproxy/1.1.0-less-lag-on-attach.patch b/main/dircproxy/1.1.0-less-lag-on-attach.patch
new file mode 100644
index 0000000000..2eb3998db1
--- /dev/null
+++ b/main/dircproxy/1.1.0-less-lag-on-attach.patch
@@ -0,0 +1,53 @@
+--- a/src/irc_client.c	2005-01-06 02:48:12.964637427 +0100
++++ b/src/irc_client.c.lessflood	2005-01-06 02:47:50.433376383 +0100
+@@ -1910,13 +1910,34 @@
+   /* Recall channel log files, and get channel topic and members from server */
+   if (p->channels) {
+     struct ircchannel *c;
++    unsigned int cnames_length = 0;
++    char *cnames = 0;
++
++    c = p->channels;
++    while (c) {
++      if (!c->inactive && !c->unjoined) {
++        cnames_length += strlen(c->name) + 1; // +1 to hold comma
++      }
++
++      c = c->next;
++    }
++
++    if(cnames_length)
++    {
++      cnames = (char *)malloc(cnames_length + 1);
++      memset(cnames, 0, cnames_length + 1);
++    }
+ 
+     c = p->channels;
+     while (c) {
+       if (!c->inactive && !c->unjoined) {
+         ircclient_send_selfcmd(p, "JOIN", ":%s", c->name);
+-        ircserver_send_command(p, "TOPIC", ":%s", c->name);
+-        ircserver_send_command(p, "NAMES", ":%s", c->name);
++        if(cnames_length) {
++          if(c == p->channels) // first channel in list
++            sprintf(cnames, "%s", c->name);
++          else
++            sprintf(cnames, "%s,%s", cnames, c->name);
++        }
+ 
+         if (p->conn_class->chan_log_enabled) {
+           irclog_autorecall(p, c->name);
+@@ -1926,6 +1948,13 @@
+ 
+       c = c->next;
+     }
++    
++    if(cnames_length)
++    {
++      ircserver_send_command(p, "TOPIC", ":%s", cnames);
++      ircserver_send_command(p, "NAMES", ":%s", cnames);
++      free(cnames);
++    }
+   }
+ 
+   /* Recall private log file */
diff --git a/main/dircproxy/APKBUILD b/main/dircproxy/APKBUILD
new file mode 100644
index 0000000000..becb8133ae
--- /dev/null
+++ b/main/dircproxy/APKBUILD
@@ -0,0 +1,40 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dircproxy
+pkgver=1.1.0
+pkgrel=0
+pkgdesc="IRC proxy server designed for people who use IRC from lots of different workstations or clients"
+url="http://code.google.com/p/dircproxy/"
+license="GPL"
+depends=""
+makedepends=""
+install=
+subpackages="$pkgname-doc"
+source="http://dircproxy.googlecode.com/files/$pkgname-$pkgver.tar.gz
+	1.0.5-CVE-2007-5226.patch
+	1.1.0-less-lag-on-attach.patch
+	dircproxy-gcc4.patch
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 -i $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	# install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	# install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+
+md5sums="066bd39d80f286ae5ce69a2adbbd01e4  dircproxy-1.1.0.tar.gz
+fdd98d0bad6ef36afba7fa2604c43520  1.0.5-CVE-2007-5226.patch
+a83ab2a3bce526ba0d8f8a05c88f9a47  1.1.0-less-lag-on-attach.patch
+3b70d62b2eb88013548871e634e33c43  dircproxy-gcc4.patch"
diff --git a/main/dircproxy/dircproxy-gcc4.patch b/main/dircproxy/dircproxy-gcc4.patch
new file mode 100644
index 0000000000..727d8db2b4
--- /dev/null
+++ b/main/dircproxy/dircproxy-gcc4.patch
@@ -0,0 +1,47 @@
+--- a/src/dcc_net.c   2001-12-21 21:15:55.000000000 +0100
++++ b/src/dcc_net.c 2004-12-14 15:40:45.976549384 +0100
+@@ -364,7 +364,8 @@
+       n = p->next;
+       _dccnet_free(p);
+ 
+-      p = (l ? l->next : proxies) = n;
++      if (l) l->next = n; else proxies = n;
++      p = n;
+     } else {
+       l = p;
+       p = p->next;
+diff -urN a/src/irc_server.c ./src/irc_server.c
+--- a/src/irc_server.c    2002-01-31 15:56:37.000000000 +0100
++++ b/src/irc_server.c  2004-12-14 15:39:49.163186328 +0100
+@@ -700,7 +700,8 @@
+               free(s);
+ 
+               /* Was in the squelch list, so remove it and stop looking */
+-              s = (l ? l->next : p->squelch_modes) = n;
++              if (l) l->next = n; else p->squelch_modes = n;
++              s = n;
+               squelch = 1;
+               break;
+             } else {
+@@ -741,7 +742,8 @@
+               free(s);
+ 
+               /* Was in the squelch list, so remove it and stop looking */
+-              s = (l ? l->next : p->squelch_modes) = n;
++              if (l) l->next = n; else p->squelch_modes = n;
++              s = n;
+               squelch = 1;
+               break;
+             } else {
+diff -urN ../tmp-orig/dircproxy-1.0.5/src/net.c ./src/net.c
+--- a/src/net.c   2002-01-01 18:55:23.000000000 +0100
++++ b/src/net.c 2004-12-14 15:41:43.499804520 +0100
+@@ -459,7 +459,7 @@
+     return 0;
+   }
+   
+-  l = &(buff == SB_IN ? s->in_buff_last : s->out_buff_last);
++  l = (buff == SB_IN) ? &s->in_buff_last : &s->out_buff_last;
+ 
+   /* Check whether we can just add to the existing buffer */
+   if ((mode == SM_RAW) && *l && ((*l)->mode == mode)) {
diff --git a/main/distcc/APKBUILD b/main/distcc/APKBUILD
new file mode 100644
index 0000000000..002885ea05
--- /dev/null
+++ b/main/distcc/APKBUILD
@@ -0,0 +1,46 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=distcc
+pkgver=3.1
+pkgrel=1
+pkgdesc="A distributed C, C++, Obj C compiler"
+url="http://distcc.org"
+license="GPL-2"
+depends="popt"
+makedepends="popt-dev"
+source="http://$pkgname.googlecode.com/files/$pkgname-$pkgver.tar.bz2
+	distcc-3.1-clone.patch
+	distcc-hardened.patch
+	distccd.initd distccd.confd"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "applying $i"
+		patch -p1 < $i || return 1
+	done
+	./configure --prefix=/usr \
+		--without-gtk \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -D -m644 ../distccd.confd "$pkgdir"/etc/conf.d/distccd
+	install -D -m755 ../distccd.initd "$pkgdir"/etc/init.d/distccd
+
+	local d="$pkgdir/usr/lib/$pkgname/bin"
+	mkdir -p "$d"
+	ln -sf /usr/bin/$pkgname "$d"/cc
+	ln -sf /usr/bin/$pkgname "$d"/gcc
+	ln -sf /usr/bin/$pkgname "$d"/g++
+	ln -sf /usr/bin/$pkgname "$d"/cpp
+}
+
+md5sums="a1a9d3853df7133669fffec2a9aab9f3  distcc-3.1.tar.bz2
+29fe296aa2985eea7af7402f421db187  distcc-3.1-clone.patch
+351ca958ff4869f8a2795d8ca6647de1  distcc-hardened.patch
+5cf566965873279fedc16934a2ba6cd0  distccd.initd
+e9e0ccc9f5813b9c3c88c8687b2ebc73  distccd.confd"
diff --git a/main/distcc/distcc-3.1-clone.patch b/main/distcc/distcc-3.1-clone.patch
new file mode 100644
index 0000000000..70e8f8351f
--- /dev/null
+++ b/main/distcc/distcc-3.1-clone.patch
@@ -0,0 +1,14 @@
+--- distcc-3.1.orig/lzo/minilzo.c	Mon Jan 12 09:05:53 2009
++++ distcc-3.1/lzo/minilzo.c	Mon Jan 12 10:27:02 2009
+@@ -1298,9 +1298,9 @@
+ #if defined(__LZO_CHECKER)
+     return 0;
+ #else
+-    const int clone[] = {1, 2, 0};
++    const int _clone[] = {1, 2, 0};
+     const int *q;
+-    q = clone;
++    q = _clone;
+     return (*q) ? 0 : 1;
+ #endif
+ }
diff --git a/main/distcc/distcc-hardened.patch b/main/distcc/distcc-hardened.patch
new file mode 100644
index 0000000000..69b3a65169
--- /dev/null
+++ b/main/distcc/distcc-hardened.patch
@@ -0,0 +1,24 @@
+From: Gordon Malm <gengor@gentoo.org>
+
+Make distcc client pass -D__KERNEL__ macro.  Hardened GCC uses this
+macro to determine if code intended to be run in-kernel is being compiled.
+If the code is kernel code, certain compile flags are not applied.
+
+When using distcc to build kernel code (modules, etc.) without this patch,
+the distccd host doesn't get passed -D__KERNEL__.  Consequently, gcc on
+the distccd host applies all kinds of flags that it shouldn't.
+
+--- distcc-2.18.3/src/strip.c
++++ distcc-2.18.3-hardened/src/strip.c
+@@ -73,7 +73,10 @@ int dcc_strip_local_args(char **from, ch
+     /* skip through argv, copying all arguments but skipping ones that
+      * ought to be omitted */
+     for (from_i = to_i = 0; from[from_i]; from_i++) {
+-        if (str_equal("-D", from[from_i])
++        if (str_equal("-D__KERNEL__", from[from_i])) {
++            to[to_i++] = from[from_i];
++        }
++        else if (str_equal("-D", from[from_i])
+             || str_equal("-I", from[from_i])
+             || str_equal("-U", from[from_i])
+             || str_equal("-L", from[from_i])
diff --git a/main/distcc/distccd.confd b/main/distcc/distccd.confd
new file mode 100644
index 0000000000..b4e72b6c15
--- /dev/null
+++ b/main/distcc/distccd.confd
@@ -0,0 +1,45 @@
+# /etc/conf.d/distccd: config file for /etc/init.d/distccd
+
+DISTCCD_OPTS=""
+
+# this is the distccd executable 
+DISTCCD_EXEC="/usr/bin/distccd"
+
+# this is where distccd will store its pid file
+DISTCCD_PIDFILE="/var/run/distccd/distccd.pid"
+
+# set this option to run distccd with extra parameters
+# Default port is 3632.  For most people the default is okay.
+DISTCCD_OPTS="${DISTCCD_OPTS} --port 3632"
+
+# Logging
+# You can change some logging options here:
+# --log-file FILE
+# --log-level LEVEL  [critical,error,warning, notice, info, debug]
+#
+# Leaving --log-file blank will log to syslog
+# example: --log-file /dev/null --log-level warning
+# example: --log-level critical
+
+DISTCCD_OPTS="${DISTCCD_OPTS} --log-level critical"
+
+# SECURITY NOTICE:
+# It is HIGHLY recomended that you use the --listen option
+# for increased security. You can specify an IP to permit connections 
+# from or a CIDR mask
+# --listen accepts only a single IP
+# --allow is now mandatory as of distcc-2.18.
+# example:  --allow 192.168.0.0/24
+# example:  --allow 192.168.0.5 --allow 192.168.0.150
+# example:  --listen 192.168.0.2
+DISTCCD_OPTS="${DISTCCD_OPTS} --allow 192.168.0.0/24"
+#DISTCCD_OPTS="${DISTCCD_OPTS} --listen 192.168.0.2"
+
+# set this for niceness
+# Default is 15
+DISTCCD_NICE="15"
+
+#ifdef AVAHI
+# Enable zeroconf support in distccd
+DISTCCD_AVAHI="no"
+#endif
diff --git a/main/distcc/distccd.initd b/main/distcc/distccd.initd
new file mode 100644
index 0000000000..c1490fae31
--- /dev/null
+++ b/main/distcc/distccd.initd
@@ -0,0 +1,38 @@
+#!/sbin/runscript
+# $Header: /var/cvsroot/gentoo-x86/sys-devel/distcc/files/2.18-r1/init,v 1.1 2008/01/04 03:53:15 betelgeuse Exp $
+
+depend() {
+	local avahi
+#ifdef AVAHI
+	[ ${DISTCCD_AVAHI} = yes ] && avahi="avahi-daemon"
+#endif
+	need net ${avahi}
+	use ypbind
+}
+
+start() {
+	[ -e "${DISTCCD_PIDFILE}" ] && rm -f ${DISTCCD_PIDFILE} &>/dev/null
+	
+	local args
+#ifdef AVAHI
+	[ ${DISTCCD_AVAHI} = yes ] && args="--zeroconf"
+#endif
+	
+	ebegin "Starting distccd"
+	chown distcc `dirname ${DISTCCD_PIDFILE}` >/dev/null 2>&1
+	TMPDIR="${TMPDIR}" \
+	/sbin/start-stop-daemon --start --quiet --exec ${DISTCCD_EXEC} \
+	--pidfile ${DISTCCD_PIDFILE} -- \
+	--pid-file ${DISTCCD_PIDFILE} -N ${DISTCCD_NICE} --user distcc \
+	${args} ${DISTCCD_OPTS}
+
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping distccd"
+	start-stop-daemon --stop --quiet --pidfile "${DISTCCD_PIDFILE}" \
+		&& rm -f "${DISTCCD_PIDFILE}"
+	eend $?
+}
+
diff --git a/main/djbdns/1.05-errno.patch b/main/djbdns/1.05-errno.patch
new file mode 100644
index 0000000000..58f2f4b6c9
--- /dev/null
+++ b/main/djbdns/1.05-errno.patch
@@ -0,0 +1,11 @@
+--- a/error.h	2001-02-11 15:11:45.000000000 -0600
++++ b/error.h	2003-02-26 02:10:21.000000000 -0600
+@@ -1,7 +1,7 @@
+ #ifndef ERROR_H
+ #define ERROR_H
+ 
+-extern int errno;
++#include <errno.h>
+ 
+ extern int error_intr;
+ extern int error_nomem;
diff --git a/main/djbdns/1.05-response.patch b/main/djbdns/1.05-response.patch
new file mode 100644
index 0000000000..eb6ae59049
--- /dev/null
+++ b/main/djbdns/1.05-response.patch
@@ -0,0 +1,11 @@
+--- a/response.c.orig     2009-02-24 21:04:06.000000000 -0800
++++ b/response.c  2009-02-24 21:04:25.000000000 -0800
+@@ -34,7 +34,7 @@
+         uint16_pack_big(buf,49152 + name_ptr[i]);
+         return response_addbytes(buf,2);
+       }
+-    if (dlen <= 128)
++    if ((dlen <= 128) && (response_len < 16384))
+       if (name_num < NAMES) {
+        byte_copy(name[name_num],dlen,d);
+        name_ptr[name_num] = response_len;
diff --git a/main/djbdns/APKBUILD b/main/djbdns/APKBUILD
new file mode 100644
index 0000000000..0596907a79
--- /dev/null
+++ b/main/djbdns/APKBUILD
@@ -0,0 +1,86 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=djbdns
+pkgver=1.05
+pkgrel=26
+pkgdesc="Excellent high-performance DNS services"
+url="http://cr.yp.to/djbdns.html"
+license="public-domain"
+depends=
+subpackages="tinydns dnscache"
+source="http://cr.yp.to/djbdns/$pkgname-$pkgver.tar.gz
+	headtail.patch
+	dnsroots.patch
+	dnstracesort.patch
+	$pkgver-errno.patch
+	$pkgver-response.patch
+	tinydns.pre-install
+	tinydns.initd
+	tinydns.confd
+	dnscache.pre-install
+	dnscache.initd
+	dnscache.confd
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	echo "${CC:-"gcc"} ${CFLAGS}" > conf-cc
+	echo "${CC:-"gcc"} ${LDFLAGS}" > conf-ld
+	echo "/usr" > conf-home
+	make -j1 || return 1
+
+	mkdir -p "$pkgdir"/etc/
+	cp dnsroots.global "$pkgdir"/etc/
+	mkdir -p "$pkgdir"/usr/bin
+	cp *-conf dnscache tinydns walldns rbldns pickdns axfrdns \
+		*-get *-data *-edit dnsip dnsipq dnsname dnstxt dnsmx \
+		dnsfilter random-ip dnsqr dnsq dnstrace dnstracesort \
+		"$pkgdir"/usr/bin/ 
+	mkdir -p "$pkgdir"/usr/share/doc/djbdns
+}
+
+tinydns() {
+	pkgdesc="A small and secure DNS server"
+	install=tinydns.pre-install
+	mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/etc/tinydns \
+		"$subpkgdir"/var/cache/tinydns
+	mv "$pkgdir"/usr/bin/tinydns* "$subpkgdir"/usr/bin
+	install -D -m755 "$srcdir"/tinydns.initd \
+		"$subpkgdir"/etc/init.d/tinydns
+	install -D -m644 "$srcdir"/tinydns.confd \
+		"$subpkgdir"/etc/conf.d/tinydns
+}
+
+dnscache() {
+	pkgdesc="A recursive resolver"
+	install=dnscache.pre-install
+	mkdir -p "$subpkgdir"/usr/bin \
+		"$subpkgdir"/etc/dnscache/ip \
+		"$subpkgdir"/etc/dnscache/servers
+
+	cp "$pkgdir"/etc/dnsroots.global "$subpkgdir"/etc/dnscache/servers/@
+	touch "$subpkgdir"/etc/dnscache/ip/127 || return 1
+
+	mv "$pkgdir"/usr/bin/dnscache* "$subpkgdir"/usr/bin
+	install -D -m755 "$srcdir"/dnscache.initd \
+		"$subpkgdir"/etc/init.d/dnscache
+	install -D -m644 "$srcdir"/dnscache.confd \
+		"$subpkgdir"/etc/conf.d/dnscache
+}
+	
+md5sums="3147c5cd56832aa3b41955c7a51cbeb2  djbdns-1.05.tar.gz
+0d2adaf9f1626043e8702b825cdccdd6  headtail.patch
+dfd675b2775efcbb604413a84db8bf1a  dnsroots.patch
+6fe7f473233f1c86b76261afd8345bf0  dnstracesort.patch
+c7be73fe2fb4ae02d5096fa2c1f55a68  1.05-errno.patch
+1292500c04baba3995d9753fe40fdc94  1.05-response.patch
+7695bf50559c09798ec852b578ac8698  tinydns.pre-install
+e8a84fc4ee5ff1525b4f74889422e93c  tinydns.initd
+7dcf6674c07d46c736b3c25d9c92384a  tinydns.confd
+e09c3a6ba6917e16f4736ab5c070dbe9  dnscache.pre-install
+e368a86ddc320937d663dd47684ba410  dnscache.initd
+e2938593277d7a87806e70e145a90c3f  dnscache.confd"
diff --git a/main/djbdns/dnscache.confd b/main/djbdns/dnscache.confd
new file mode 100644
index 0000000000..f456bf8db9
--- /dev/null
+++ b/main/djbdns/dnscache.confd
@@ -0,0 +1,23 @@
+# DNSCACHE configuration variables:
+
+# IPSEND - ip address to use for requests use 0.0.0.0 for default route
+IPSEND=0.0.0.0
+
+# CACHESIZE - Num bytes to use for the cache
+CACHESIZE=1000000
+
+# IP - IP addr to listen on
+IP=127.0.0.1
+
+#------------------------------------------------------------------------
+# The following are flags.  Setting them to ANY value
+# (even "false" or "off") will turn the feature on.
+#------------------------------------------------------------------------
+
+# HIDETTL - always return TTL as 0
+#HIDETTL=
+
+# FORWARDONLY - servers/@ are parent caches, not root servers
+#FORWARDONLY=
+
+
diff --git a/main/djbdns/dnscache.initd b/main/djbdns/dnscache.initd
new file mode 100755
index 0000000000..481022496e
--- /dev/null
+++ b/main/djbdns/dnscache.initd
@@ -0,0 +1,59 @@
+#!/sbin/runscript
+# control n instances of dnscache, without daemontools
+# written for alpine linux - NBA April 2007
+
+# -- Statrup variables 
+UID=$( grep dnscache /etc/passwd | cut -f3 -d: )
+GID=$( grep dnscache /etc/group | cut -f3 -d: )
+ROOT=/etc/dnscache
+DAEMON=/usr/bin/dnscache
+VARRUN=/var/run/dnscache
+
+
+#-----------------------------------------------------------------
+# Main program
+
+start() {
+	
+	ebegin "Starting dnscache"
+	if [ -z "$UID" ] || [ -z "$GID" ]; then
+		eend 1 "dnscache user or group missing"
+		return 1
+	fi
+	
+	# if its already running, just report it is
+	if [ -e ${VARRUN}.pid ] && [ -d /proc/$( cat ${VARRUN}.pid ) ]; then
+		eend 0
+		return 0
+	fi
+	
+	(
+		export UID GID ROOT
+		[ -n "$IPSEND" ] 	&& export IPSEND
+		[ -n "$IP" ] 		&& export IP
+		[ -n "$HIDETTL" ] 	&& export HIDETTL
+		[ -n "$IPSEND" ] 	&& export IPSEND
+		[ -n "$CACHESIZE" ] 	&& export CACHESIZE
+		[ -n "$FORWARDONLY" ] 	&& export FORWARDONLY
+
+		$DAEMON </dev/urandom >/dev/null 2>/dev/null &
+		pid=$!
+		sleep 1
+		# Check if its still running
+		if ! [ -d /proc/$pid ]; then
+			$DAEMON </dev/urandom
+			return 1
+		fi
+		echo $pid > ${VARRUN}.pid
+		eend $?
+		return 0
+	)
+}
+
+stop() {
+	ebegin "Stopping dnscache"
+	start-stop-daemon --stop -m --pidfile ${VARRUN}.pid --oknodo \
+		--exec $DAEMON && rm ${VARRUN}.pid
+	eend $?
+}
+
diff --git a/main/djbdns/dnscache.pre-install b/main/djbdns/dnscache.pre-install
new file mode 100644
index 0000000000..061b8f0280
--- /dev/null
+++ b/main/djbdns/dnscache.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser -h /etc/dnscache -g dnscache -s /bin/false -H -D dnscache 2>/dev/null
+exit 0
+
diff --git a/main/djbdns/dnsroots.patch b/main/djbdns/dnsroots.patch
new file mode 100644
index 0000000000..5db44ec8f4
--- /dev/null
+++ b/main/djbdns/dnsroots.patch
@@ -0,0 +1,18 @@
+--- djbdns-1.05.old/dnsroots.global.old	Fri May 31 19:42:37 2002
++++ djbdns-1.05/dnsroots.global	Thu Jan 29 21:41:56 2004
+@@ -1,5 +1,5 @@
+ 198.41.0.4
+-128.9.0.107
++192.228.79.201
+ 192.33.4.12
+ 128.8.10.90
+ 192.203.230.10
+@@ -7,7 +7,7 @@
+ 192.112.36.4
+ 128.63.2.53
+ 192.36.148.17
+-198.41.0.10
++192.58.128.30
+ 193.0.14.129
+ 198.32.64.12
+ 202.12.27.33
diff --git a/main/djbdns/dnstracesort.patch b/main/djbdns/dnstracesort.patch
new file mode 100644
index 0000000000..3bf56f5a1c
--- /dev/null
+++ b/main/djbdns/dnstracesort.patch
@@ -0,0 +1,11 @@
+--- djbdns-1.05/dnstracesort.sh.orig	2006-04-26 21:52:54.000000000 +0200
++++ djbdns-1.05/dnstracesort.sh	2006-04-26 21:53:02.000000000 +0200
+@@ -12,7 +12,7 @@
+     }
+     print
+   }
+-' | sort -t: +0 -2 +4 +3 -4 +2 -3 | uniq | awk -F: '
++' | sort -t: -k 1,3 -k 5 -k 4,5 -k 3,4 | uniq | awk -F: '
+   {
+     type = $1
+     q = $2
diff --git a/main/djbdns/headtail.patch b/main/djbdns/headtail.patch
new file mode 100644
index 0000000000..31854803ba
--- /dev/null
+++ b/main/djbdns/headtail.patch
@@ -0,0 +1,67 @@
+diff -Naur /tmp/djbdns-1.05/Makefile djbdns-1.05/Makefile
+--- a/Makefile	2003-11-16 20:33:41.000000000 +0100
++++ b/Makefile	2003-11-16 20:35:15.000000000 +0100
+@@ -31,7 +31,7 @@
+ 
+ auto_home.c: \
+ auto-str conf-home
+-	./auto-str auto_home `head -1 conf-home` > auto_home.c
++	./auto-str auto_home `head -n 1 conf-home` > auto_home.c
+ 
+ auto_home.o: \
+ compile auto_home.c
+@@ -205,14 +205,14 @@
+ choose: \
+ warn-auto.sh choose.sh conf-home
+ 	cat warn-auto.sh choose.sh \
+-	| sed s}HOME}"`head -1 conf-home`"}g \
++	| sed s}HOME}"`head -n 1 conf-home`"}g \
+ 	> choose
+ 	chmod 755 choose
+ 
+ compile: \
+ warn-auto.sh conf-cc
+ 	( cat warn-auto.sh; \
+-	echo exec "`head -1 conf-cc`" '-c $${1+"$$@"}' \
++	echo exec "`head -n 1 conf-cc`" '-c $${1+"$$@"}' \
+ 	) > compile
+ 	chmod 755 compile
+ 
+@@ -449,7 +449,7 @@
+ dnstracesort: \
+ warn-auto.sh dnstracesort.sh conf-home
+ 	cat warn-auto.sh dnstracesort.sh \
+-	| sed s}HOME}"`head -1 conf-home`"}g \
++	| sed s}HOME}"`head -n 1 conf-home`"}g \
+ 	> dnstracesort
+ 	chmod 755 dnstracesort
+ 
+@@ -570,7 +570,7 @@
+ warn-auto.sh conf-ld
+ 	( cat warn-auto.sh; \
+ 	echo 'main="$$1"; shift'; \
+-	echo exec "`head -1 conf-ld`" \
++	echo exec "`head -n 1 conf-ld`" \
+ 	'-o "$$main" "$$main".o $${1+"$$@"}' \
+ 	) > load
+ 	chmod 755 load
+@@ -758,7 +758,7 @@
+ rts: \
+ warn-auto.sh rts.sh conf-home
+ 	cat warn-auto.sh rts.sh \
+-	| sed s}HOME}"`head -1 conf-home`"}g \
++	| sed s}HOME}"`head -n 1 conf-home`"}g \
+ 	> rts
+ 	chmod 755 rts
+ 
+@@ -901,8 +901,8 @@
+ systype: \
+ find-systype.sh conf-cc conf-ld trycpp.c x86cpuid.c
+ 	( cat warn-auto.sh; \
+-	echo CC=\'`head -1 conf-cc`\'; \
+-	echo LD=\'`head -1 conf-ld`\'; \
++	echo CC=\'`head -n 1 conf-cc`\'; \
++	echo LD=\'`head -n 1 conf-ld`\'; \
+ 	cat find-systype.sh; \
+ 	) | sh > systype
+ 
diff --git a/main/djbdns/tinydns.confd b/main/djbdns/tinydns.confd
new file mode 100644
index 0000000000..840570a63c
--- /dev/null
+++ b/main/djbdns/tinydns.confd
@@ -0,0 +1,2 @@
+# IP is the ip address to listen on 
+IP=127.0.0.1
diff --git a/main/djbdns/tinydns.initd b/main/djbdns/tinydns.initd
new file mode 100755
index 0000000000..a68474c4ec
--- /dev/null
+++ b/main/djbdns/tinydns.initd
@@ -0,0 +1,87 @@
+#!/sbin/runscript
+# control an instance of tinydns, without daemontools
+# written for alpine linux - NBA April 2007
+
+opts="reload"
+
+# -- Statrup variables 
+DAEMON=/usr/bin/tinydns
+COMPILER=/usr/bin/tinydns-data
+
+IFACE="${SVCNAME#*.}"
+if [ -n "$IFACE" ] && [ "${SVCNAME}" != "tinydns" ]; then
+	ROOT=${ROOT:-/var/cache/tinydns.$IFACE}
+	VARRUN=${VARRUN:-/var/run/tinydns.$IFACE}
+	DATADIR=${DATADIR:-/etc/tinydns.$IFACE}
+else
+	ROOT=${ROOT:-/var/cache/tinydns}
+	VARRUN=${VARRUN:-/var/run/tinydns}
+	DATADIR=${DATADIR:-/etc/tinydns}
+fi
+
+
+#-----------------------------------------------------------------
+# Main program
+reload() {
+	local rc opwd="$opwd"
+	UID=$( grep tinydns /etc/passwd | cut -f3 -d: )
+	GID=$( grep tinydns /etc/group | cut -f3 -d: )
+
+	# Create the $ROOT directory if necessary
+	if [ ! -d "$ROOT" ]; then
+		mkdir -p "$ROOT"
+		chown $UID:$GID "$ROOT"
+	fi 
+	
+	# If a file named "data" exists in the $ROOT dir
+	# Then we just use it and ignore anything else
+	# If the "data" file does not exist, we attempt
+	# to build one out of the "zone files".  
+	ebegin "Generating tinydns cache"
+	rm -f "$ROOT/data"
+	if [ -e $DATADIR/data ]; then
+		ln -sf "$DATADIR/data" "$ROOT/data"
+	else
+		set -- $( find $DATADIR -type f )
+		if [ $# -eq 0 ]; then
+			eend 1 "Missing data or zone files in $DATADIR"
+			return 1
+		fi
+		cat "$@" > "$ROOT/data"
+	fi
+	cd "$ROOT" || return 1
+	[ -e data ] || rm -f data.cdb
+	$COMPILER 
+	rc=$?
+	cd "$opwd"
+	eend $rc
+	return $rc
+}
+
+start() {
+	# Always do a reload on start
+	reload || return 1
+
+	ebegin "Starting tinydns"
+	if [ -z "$UID" ] || [ -z "$GID" ]; then
+		eend 1 "tinydns user or group missing"
+		return 1
+	fi
+	
+	if [ -z "$IP" ]; then
+		eend 1 "IP is not specified in /etc/conf.d/$SVCNAME"
+		return 1
+	fi
+	
+	start-stop-daemon --start --env "UID=$UID" --env "GID=$GID" \
+		--env "ROOT=$ROOT" --env "IP=$IP" --pidfile ${VARRUN}.pid \
+		--background --make-pidfile --exec $DAEMON 
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping tinydns"
+	start-stop-daemon --stop --pidfile ${VARRUN}.pid --exec $DAEMON
+	eend $?
+}
+
diff --git a/main/djbdns/tinydns.pre-install b/main/djbdns/tinydns.pre-install
new file mode 100644
index 0000000000..11ea87abcb
--- /dev/null
+++ b/main/djbdns/tinydns.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser -h /etc/tinydns -g tinydns -s /bin/false -H -D tinydns 2>/dev/null
+exit 0
+
diff --git a/main/dnsmasq/APKBUILD b/main/dnsmasq/APKBUILD
new file mode 100644
index 0000000000..328d54dfde
--- /dev/null
+++ b/main/dnsmasq/APKBUILD
@@ -0,0 +1,37 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dnsmasq
+pkgver=2.49
+pkgrel=0
+pkgdesc="Small forwarding DNS server"
+url="http://www.thekelleys.org.uk/dnsmasq/"
+license="GPL-2"
+depends=
+subpackages="$pkgname-doc"
+source="http://www.thekelleys.org.uk/dnsmasq/$pkgname-$pkgver.tar.gz
+	$pkgname.initd
+	$pkgname.confd
+	"
+
+build() {
+	# src_unpack
+	cd "$srcdir/$pkgname-$pkgver"
+	sed -i -e 's/^AWK.*/AWK = awk/' Makefile
+	make PREFIX=/usr \
+		CFLAGS="$CFLAGS" \
+		DBUS_LIBS= \
+		DBUS_CFLAGS= \
+		DBUS_MINOR= \
+		all || return 1
+	make PREFIX=/usr \
+		DESTDIR="$pkgdir" \
+		DBUS_LIBS= \
+		DBUS_CFLAGS= \
+		DBUS_MINOR= \
+		install
+	install -D -m755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -D -m644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install dnsmasq.conf.example "$pkgdir"/etc/dnsmasq.conf
+}
+md5sums="7ccc861d8a733474f9c0a0a127006ee9  dnsmasq-2.49.tar.gz
+fbea3f4a794a6a00cc6fe79c6d44606a  dnsmasq.initd
+5990c2d2cb92209feacf8f3a5a7d0831  dnsmasq.confd"
diff --git a/main/dnsmasq/dnsmasq.confd b/main/dnsmasq/dnsmasq.confd
new file mode 100644
index 0000000000..47826dd508
--- /dev/null
+++ b/main/dnsmasq/dnsmasq.confd
@@ -0,0 +1,4 @@
+# /etc/conf.d/dnsmasq: config file for /etc/init.d/dnsmasq
+
+# See the dnsmasq(8) man page for possible options to put here.
+DNSMASQ_OPTS=""
diff --git a/main/dnsmasq/dnsmasq.initd b/main/dnsmasq/dnsmasq.initd
new file mode 100644
index 0000000000..44109e9829
--- /dev/null
+++ b/main/dnsmasq/dnsmasq.initd
@@ -0,0 +1,38 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-dns/dnsmasq/files/dnsmasq-init,v 1.13 2008/01/29 15:06:30 flameeyes Exp $
+
+opts="reload"
+
+depend() {
+	provide dns
+	need localmount net
+	after bootmisc
+}
+
+start() {
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --exec /usr/sbin/dnsmasq \
+	    --pidfile /var/run/dnsmasq.pid \
+	    -- -x /var/run/dnsmasq.pid ${DNSMASQ_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --exec /usr/sbin/dnsmasq \
+	    --pidfile /var/run/dnsmasq.pid
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	if ! service_started "${SVCNAME}" ; then
+	    eend 1 "${SVCNAME} is not started"
+	    return 1
+	fi
+	start-stop-daemon --stop --oknodo --signal HUP \
+	    --exec /usr/sbin/dnsmasq --pidfile /var/run/dnsmasq.pid
+	eend $?
+}
diff --git a/main/dosfstools/APKBUILD b/main/dosfstools/APKBUILD
new file mode 100644
index 0000000000..4864244772
--- /dev/null
+++ b/main/dosfstools/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dosfstools
+pkgver=3.0.2
+pkgrel=0
+pkgdesc="DOS filesystem utilities"
+url="http://www.daniel-baumann.ch/software/dosfstools/"
+license="GPL-2"
+depends="uclibc"
+makedepends=""
+subpackages="$pkgname-doc"
+source="http://www.daniel-baumann.ch/software/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build() { 
+	cd $srcdir/$pkgname-$pkgver
+	make || return 1
+	make PREFIX="$pkgdir" \
+		MANDIR="$pkgdir"/usr/share/man \
+		DOCDIR="$pkgdir"/usr/share/doc \
+		install
+}
+md5sums="399a5c48df43ba73f334099dbf4820d3  dosfstools-3.0.2.tar.bz2"
diff --git a/main/dovecot/APKBUILD b/main/dovecot/APKBUILD
new file mode 100644
index 0000000000..67d1c87078
--- /dev/null
+++ b/main/dovecot/APKBUILD
@@ -0,0 +1,35 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=dovecot
+pkgver=1.2.1
+pkgrel=0
+pkgdesc="IMAP and POP3 server"
+url="http://www.dovecot.org/"
+license="LGPL-2.1"
+depends=
+makedepends="libcap-dev zlib-dev openssl-dev bzip2-dev"
+install="dovecot.pre-install"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://www.dovecot.org/releases/1.2/$pkgname-$pkgver.tar.gz
+	dovecot.initd
+	$install
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/dovecot \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-ssl=openssl || return 1
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+}
+
+md5sums="c269cfe38fc40061e232dd28e5fe3721  dovecot-1.2.1.tar.gz
+573e14589a6f8424d55753a2794ab99a  dovecot.initd
+f0f8893411f5e482e14f40a81a177b19  dovecot.pre-install"
diff --git a/main/dovecot/dovecot.initd b/main/dovecot/dovecot.initd
new file mode 100644
index 0000000000..d9799c0dce
--- /dev/null
+++ b/main/dovecot/dovecot.initd
@@ -0,0 +1,57 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-mail/dovecot/files/dovecot.init-r2,v 1.1 2008/11/03 17:22:59 wschlich Exp $
+
+opts="reload"
+
+depend() {
+	need localmount net
+	after bootmisc ldap mysql ntp-client ntpd postgresql saslauthd slapd 
+	use logger
+}
+
+checkconfig() {
+	DOVECOT_INSTANCE=${SVCNAME##*.}
+	if [ -n "${DOVECOT_INSTANCE}" -a "${SVCNAME}" != "dovecot" ]; then
+		DOVECOT_CONF=/etc/dovecot/dovecot.${DOVECOT_INSTANCE}.conf
+	else
+		DOVECOT_CONF=/etc/dovecot/dovecot.conf
+	fi
+	if [ ! -e ${DOVECOT_CONF} ]; then
+		eerror "You will need an ${DOVECOT_CONF} first"
+		return 1
+	fi
+	DOVECOT_BASEDIR=$(/usr/sbin/dovecot -c ${DOVECOT_CONF} -a | sed -ne '/^base_dir/{s#^base_dir:[[:space:]]*\(.*[^/]\)/\?$#\1#;p}')
+	DOVECOT_BASEDIR=${DOVECOT_BASEDIR:-/var/run/dovecot}
+	DOVECOT_PIDFILE=${DOVECOT_BASEDIR}/master.pid
+	if [ ! -d "${DOVECOT_BASEDIR}" ]; then
+		ebegin "Creating missing base_dir ${DOVECOT_BASEDIR}"
+		install -d -o root -g root -m 0755 "${DOVECOT_BASEDIR}"
+		eend $?
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --exec /usr/sbin/dovecot \
+		--pidfile "${DOVECOT_PIDFILE}" -- -c "${DOVECOT_CONF}"
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --exec /usr/sbin/dovecot \
+		--pidfile "${DOVECOT_PIDFILE}"
+	eend $?
+}
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading ${SVCNAME} configs and restarting auth/login processes"
+	start-stop-daemon --stop --oknodo --exec /usr/sbin/dovecot \
+		--pidfile "${DOVECOT_PIDFILE}" --signal HUP
+	eend $?
+}
diff --git a/main/dovecot/dovecot.pre-install b/main/dovecot/dovecot.pre-install
new file mode 100644
index 0000000000..5acdcb5c8d
--- /dev/null
+++ b/main/dovecot/dovecot.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -H -h /dev/null -s /bin/false -D dovecot 2>/dev/null	
+exit 0
diff --git a/main/dropbear/APKBUILD b/main/dropbear/APKBUILD
new file mode 100644
index 0000000000..ca4af482cf
--- /dev/null
+++ b/main/dropbear/APKBUILD
@@ -0,0 +1,38 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+pkgname=dropbear
+pkgver=0.52
+pkgrel=1
+pkgdesc="small SSH 2 client/server designed for small memory environments"
+url="http://matt.ucc.asn.au/dropbear/dropbear.html"
+license='MIT'
+depends="zlib"
+makedepends="zlib-dev"
+source="http://matt.ucc.asn.au/dropbear/releases/${pkgname}-${pkgver}.tar.bz2
+dropbear.initd
+dropbear.confd"
+
+build() {
+        cd "$srcdir/$pkgname-$pkgver"
+
+        ./configure --prefix=/usr \
+        --disable-lastlog
+        progs="dbclient dropbearkey dropbearconvert scp"
+        make PROGRAMS="dropbear ${progs}" MULTI=1 || return 1
+        install -Dm755 "$srcdir/$pkgname-$pkgver"/dropbearmulti "$pkgdir"/usr/bin/dropbearmulti || return 1
+        cd "$pkgdir/usr/bin" || return 1
+        for i in ${progs}; do
+          msg "linking ${i##*/}"
+          ln -s dropbearmulti $i || return 1
+        done
+        msg "linking dropbear"
+        mkdir -p "$pkgdir"/usr/sbin || return 1
+        cd "$pkgdir/usr/sbin" || return 1
+        ln -s ../bin/dropbearmulti dropbear || return 1
+        install -D -m755 "$srcdir"/dropbear.initd "$pkgdir"/etc/init.d/dropbear || return 1
+        install -D -m644 "$srcdir"/dropbear.confd "$pkgdir"/etc/conf.d/dropbear || return 1
+}
+
+md5sums="a1fc7adf601bca53330a792a9c873439  dropbear-0.52.tar.bz2
+34fea1c967596ebcd6d10d38444f2b92  dropbear.initd
+af73c487e2be37d65d0e8bf80489357e  dropbear.confd"
+
diff --git a/main/dropbear/dropbear.confd b/main/dropbear/dropbear.confd
new file mode 100644
index 0000000000..555f275d99
--- /dev/null
+++ b/main/dropbear/dropbear.confd
@@ -0,0 +1,6 @@
+# /etc/conf.d/dropbear: config file for /etc/init.d/dropbear
+
+# see `dropbear -h` for more information
+# -w disables root logins
+# -p # changes the port number to listen on
+DROPBEAR_OPTS=""
diff --git a/main/dropbear/dropbear.initd b/main/dropbear/dropbear.initd
new file mode 100644
index 0000000000..afdee8c6d3
--- /dev/null
+++ b/main/dropbear/dropbear.initd
@@ -0,0 +1,36 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/dropbear/files/dropbear.init.d,v 1.2 2004/07/14 23:57:35 agriffis Exp $
+
+depend() {
+	use logger dns
+	need net
+}
+
+check_config() {
+	if [ ! -e /etc/dropbear/ ] ; then
+		mkdir /etc/dropbear/
+	fi
+	if [ ! -e /etc/dropbear/dropbear_dss_host_key ] ; then
+		einfo "Generating DSS-Hostkey..."
+		/usr/bin/dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
+	fi
+	if [ ! -e /etc/dropbear/dropbear_rsa_host_key ] ; then
+		einfo "Generating RSA-Hostkey..."
+		/usr/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+	fi
+}
+
+start() {
+	check_config || return 1
+	ebegin "Starting dropbear"
+	/usr/sbin/dropbear ${DROPBEAR_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping dropbear"
+	start-stop-daemon --stop --pidfile /var/run/dropbear.pid
+	eend $?
+}
diff --git a/main/dtach/APKBUILD b/main/dtach/APKBUILD
new file mode 100644
index 0000000000..120ef4eee7
--- /dev/null
+++ b/main/dtach/APKBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=dtach
+pkgver=0.8
+pkgrel=0
+pkgdesc="A program that emulates the detach feature of screen"
+url="http://dtach.sourceforge.net"
+license='GPL'
+depends="uclibc"
+makedepends=""
+source="http://surfnet.dl.sourceforge.net/sourceforge/dtach/dtach-0.8.tar.gz"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr
+	make || return 1
+	install -Dm755 "$srcdir"/dtach-0.8/dtach "$pkgdir"/usr/bin/dtach
+	install -Dm644 "$srcdir"/dtach-0.8/dtach.1 "$pkgdir"/usr/share/man/man1/dtach.1
+	install -Dm644 "$srcdir"/dtach-0.8/README "$pkgdir"/usr/share/doc/README
+}
+
+md5sums="ec5999f3b6bb67da19754fcb2e5221f3  dtach-0.8.tar.gz"
diff --git a/main/e2fsprogs/APKBUILD b/main/e2fsprogs/APKBUILD
new file mode 100644
index 0000000000..eedabbffa7
--- /dev/null
+++ b/main/e2fsprogs/APKBUILD
@@ -0,0 +1,43 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=e2fsprogs
+pkgver=1.41.8
+pkgrel=0
+pkgdesc="Standard Ext2/3/4 filesystem utilities"
+url="http://e2fsprogs.sourceforge.net"
+license="GPL LGPL MIT"
+depends=
+subpackages="$pkgname-dev $pkgname-doc libuuid libcom_err libblkid"
+source="http://downloads.sourceforge.net/sourceforge/e2fsprogs/e2fsprogs-$pkgver.tar.gz"
+
+build () { 
+	cd ${srcdir}/${pkgname}-${pkgver}
+	./configure \
+		--mandir=/usr/share/man \
+		--enable-elf-shlibs \
+		--disable-uuidd \
+		--disable-tls \
+		--disable-nls
+
+	make || return 1
+	make LDCONFIG=: DESTDIR=${pkgdir} install install-libs || return 1
+}
+
+libuuid() {
+	depends=
+	mkdir -p "$subpkgdir"/lib
+	mv "$pkgdir"/lib/libuuid* "$subpkgdir"/lib/
+}
+
+libcom_err() {
+	depends=
+	mkdir -p "$subpkgdir"/lib
+	mv "$pkgdir"/lib/libcom_err* "$subpkgdir"/lib/
+}
+
+libblkid() {
+	depends=
+	mkdir -p "$subpkgdir"/lib 
+	mv "$pkgdir"/lib/libblkid* "$subpkgdir"/lib/
+}
+
+md5sums="6708cc8e484809fc5cfb232882e48489  e2fsprogs-1.41.8.tar.gz"
diff --git a/main/eggdrop/APKBUILD b/main/eggdrop/APKBUILD
new file mode 100644
index 0000000000..59c21f2e07
--- /dev/null
+++ b/main/eggdrop/APKBUILD
@@ -0,0 +1,69 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+pkgname=eggdrop
+pkgver=1.6.19
+pkgrel=1
+pkgdesc="World's most popular Open Source IRC bot"
+url="http://www.eggheads.org/"
+license='GPL-2'
+depends="tcl"
+makedepends="tcl-dev !bind-libs"
+install="$pkgname.post-install"
+subpackages="$pkgname-logs2html $pkgname-gseen"
+source="ftp://ftp.eggheads.org/pub/eggdrop/GNU/1.6/${pkgname}${pkgver}.tar.bz2
+eggdrop-installer
+$install
+gseen.mod.patch
+logs2html.mod.patch"
+
+build() {
+	cd "$srcdir/${pkgname}${pkgver}"
+	
+	for i in "$srcdir"/*.patch; do
+		msg "Applying ${i}"
+		patch -p0 -i $i || return 1
+	done
+
+	./configure --prefix=/usr
+	make config || return 1
+	make || return 1
+	mkdir -p $pkgdir/opt/eggdrop
+	make -j1 DEST="$pkgdir/opt/eggdrop" install
+	install -Dm755 "$srcdir"/eggdrop-installer "$pkgdir"/usr/bin/eggdrop-installer || return 1
+}
+
+logs2html() {
+	install=""
+	cd "$srcdir/${pkgname}${pkgver}"
+
+	for dirs in language help; do
+		mkdir -p "$subpkgdir"/opt/eggdrop/${dirs}
+		mv "$pkgdir"/opt/eggdrop/${dirs}/logs2html.* "$subpkgdir"/opt/eggdrop/${dirs}/ || return 1
+	done
+
+	mkdir -p "$subpkgdir"/opt/eggdrop/modules/
+	mv "$pkgdir"/opt/eggdrop/modules/logs2html.so "$subpkgdir"/opt/eggdrop/modules/ || return 1
+	mkdir -p "$subpkgdir"/opt/eggdrop/log2html
+	
+	for files in logs2html.conf top100.tpl user.css readme.txt chan.list; do
+		cp src/mod/logs2html.mod/${files} "$subpkgdir"/opt/eggdrop/log2html/ || return 1
+	done
+}
+
+
+gseen() {
+	install=""
+	cd "$srcdir/${pkgname}${pkgver}"
+	mkdir -p "$subpkgdir"/opt/eggdrop/language
+	mv "$pkgdir"/opt/eggdrop/language/gseen.* "$subpkgdir"/opt/eggdrop/language/ || return 1
+	mkdir -p "$subpkgdir"/opt/eggdrop/modules/
+	mv "$pkgdir"/opt/eggdrop/modules/gseen.so "$subpkgdir"/opt/eggdrop/modules/ || return 1
+	mkdir -p "$subpkgdir"/opt/eggdrop/gseen
+	cp src/mod/gseen.mod/gseen.conf "$subpkgdir"/opt/eggdrop/gseen/ || return 1
+	cp src/mod/gseen.mod/README "$subpkgdir"/opt/eggdrop/gseen/ || return 1
+}
+
+md5sums="b706bbe4fdd05964e0ea0cd920f28539  eggdrop1.6.19.tar.bz2
+d5214dc16c07c55edff22f495c9c367b  eggdrop-installer
+48ac9f366630ca18281ab2c98a5091ba  eggdrop.post-install
+37b82f60413913758cd4161dbc2e7849  gseen.mod.patch
+490ffd522d5058413c96b8325d19b838  logs2html.mod.patch"
diff --git a/main/eggdrop/eggdrop-installer b/main/eggdrop/eggdrop-installer
new file mode 100644
index 0000000000..69faa00dca
--- /dev/null
+++ b/main/eggdrop/eggdrop-installer
@@ -0,0 +1,84 @@
+#!/bin/sh
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-irc/eggdrop/files/eggdrop-installer,v 1.10 2007/03/14 17:52:24 drac Exp $
+
+source /sbin/functions.sh || {
+	echo "${0}: Could not source /etc/init.d/functions.sh!"
+	exit 1
+}
+
+# Checks to see if user is trying to install eggdrop as root.
+root_check() {
+	if [ "${HOME}" = "/root" ] || [ "$(whoami)" = "root" ]
+	then
+		ewarn "You should not be installing eggdrop as root."
+		ewarn
+		ewarn "Installing eggdrop as root leaves your computer vulnerable"
+		ewarn "to attack from other irc clients. Please use the eggdrop-installer"
+		ewarn "script as the user who you wish to run eggdrop with"
+		exit 1
+	fi
+}
+
+# Usage information
+usage() {
+	cat <<USAGE_END
+Usage: eggdrop-installer <bot-name>
+Install eggdrop for a specific user, creating the directories and files
+needed for eggdrop to run securely and safely.
+USAGE_END
+	exit 1
+}
+
+# Install eggdrop
+install_eggdrop() {
+	einfo "Installing Eggdrop"
+	einfo
+
+	root_check
+
+	if [ -d "${bot_dir}" ]
+	then
+		einfo "Already found a bot home directory for ${bot_name}"
+		exit 1
+	fi
+
+	einfo "Creating directories for your eggdrop..."
+	for dir in logs filesys/incoming text tmp scripts var
+	do
+		mkdir -p "${bot_dir}/${dir}"
+	done
+
+	einfo "Creating symlinks to required files for your bot to run..."
+	for file in help language modules eggdrop
+	do
+		ln -s "/opt/eggdrop/${file}" "${bot_dir}/${file}"
+	done
+
+	einfo "Copying motd, banner, scripts and config file..."
+	cp /opt/eggdrop/text/* "${bot_dir}/text"
+	cp /opt/eggdrop/scripts/* "${bot_dir}/scripts"
+	cp /opt/eggdrop/eggdrop.conf "${bot_dir}/eggdrop.conf"
+
+	einfo "Finished..."
+	einfo
+	einfo "Please edit your ${bot_dir}/eggdrop.conf!"
+	einfo
+	einfo "The bot needs to be run from the ${bot_dir} directory."
+	einfo "Run 'cd ${bot_dir} && ./eggdrop -m eggdrop.conf'"
+	einfo "to create the user file and then remove the -m command line option"
+	einfo "to start your eggdrop bot."
+	einfo
+	einfo "If you need any help please refer to the man page, or"
+	einfo "eggdrop website at http://www.egghelp.org/"
+}
+
+if [ -z "${1}" ]
+then
+	usage
+else
+	bot_name="${1}"
+	bot_dir="${HOME}/.eggdrop/${bot_name}"
+	install_eggdrop
+fi
diff --git a/main/eggdrop/eggdrop.post-install b/main/eggdrop/eggdrop.post-install
new file mode 100644
index 0000000000..44b43cf34e
--- /dev/null
+++ b/main/eggdrop/eggdrop.post-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+echo "*"
+echo "* Please run /usr/bin/eggdrop-installer to install your eggdrop bot."
+echo "*"
+exit 0
+
diff --git a/main/eggdrop/gseen.mod.patch b/main/eggdrop/gseen.mod.patch
new file mode 100644
index 0000000000..e70aef8873
--- /dev/null
+++ b/main/eggdrop/gseen.mod.patch
@@ -0,0 +1,5123 @@
+diff -Nur src/mod/gseen.mod/Makefile src/mod/gseen.mod/Makefile
+--- src/mod/gseen.mod/Makefile	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/Makefile	2002-10-26 13:17:44.000000000 +0200
+@@ -0,0 +1,28 @@
++# Makefile for src/mod/gseen.mod/
++
++doofus:
++	@echo ""
++	@echo "Let's try this from the right directory..."
++	@echo ""
++	@cd ../../../; make
++
++clean:
++	@rm -f *.o *.$(MOD_EXT) *~
++
++static: ../gseen.o
++
++modules: ../../../gseen.$(MOD_EXT)
++
++../gseen.o: ../module.h ../modvals.h ../../eggdrop.h datahandling.c \
++ gseen.c sensors.c gseencmds.c gseencmds.c do_seen.c ai.c tclcmds.c \
++ misc.c seentree.c generic_binary_tree.c slang_gseen_commands.c \
++ slang.c slang_text.c slang_ids.c slang_chanlang.c seenlang.h \
++ slang_multitext.c gseen.h
++	$(CC) $(CFLAGS) $(CPPFLAGS) -DMAKING_MODS -c gseen.c
++	rm -f ../gseen.o
++	mv gseen.o ../
++
++../../../gseen.$(MOD_EXT): ../gseen.o
++	$(LD) -o ../../../gseen.$(MOD_EXT) ../gseen.o $(XLIBS)
++
++#safety hash
+diff -Nur src/mod/gseen.mod/README src/mod/gseen.mod/README
+--- src/mod/gseen.mod/README	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/README	2002-10-26 13:17:45.000000000 +0200
+@@ -0,0 +1,140 @@
++Description:
++------------
++
++gseen.mod is a seen module for eggdrop that tracks not only the users in the
++bot's userfile, but everyone who enters one of the bots channels.
++It does pretty much the same as the popular script bseen and has a few
++additional features like AI-seen and seen-notification.
++It's also way faster than any corresponding script because scripts are always
++much slower than modules. Especially scripts that deal with large amount of
++data often become incredible slow.
++
++Installation:
++-------------
++
++gseen.mod is written for eggdrop1.6, but it should also work with eggdrop 1.4.
++
++You need the eggdrop source to compile the module.
++
++The following instructions assume, ~/eggdrop1.6.2/ is the directory
++where you installed your eggdrop from. (of course, other source dirs
++will work as well)
++
++Put gseen.mod.1.1.0.tar.gz in ~/eggdrop1.6.2/src/mod/,
++and unpack it (tar xfz gseen.mod.1.1.0.tar.gz). Change directory
++back to ~/eggdrop1.6.2/.
++
++Now just do what you've done when you compiled your bot:
++"./configure"
++"make config" (you can skip this command on eggdrop 1.4)
++"make"
++"make install"
++
++Don't forget to copy the langfiles from eggdrop1.6.2/src/mod/gseen.mod/ to
++eggdrop/language.
++
++All settings can be found in ~/eggdrop1.6.2/src/mod/gseen.mod/gseen.conf
++Copy it to your eggdrop directory, edit it to fit your needs and put
++"source gseen.conf" at the end of your eggdrop config file. The last thing
++to do is to .rehash your bot.
++
++
++Public commands:
++----------------
++
++!seen <nick>
++  I think this command doesn't need an explanation. ^_^
++!seen <mask>
++  Searches the database for entries that match <mask>
++  for example "!seen *!user@dialin-*.isp.com"
++!seennick <nick>
++  !seen also checks if a user was online later with a
++  different nick. !seennick only seens for <nick>
++!seenstats
++  just a little report on how many nicks are tracked
++
++All commands are also accessible via /msg.
++("/msg <bot> seen <nick>", for example)
++
++
++AI seen:
++--------
++
++This module has a simple built in AI routine.
++A short example:
++
++<G`Quann> Argo: have you seen Fabian recently?
++<|Argo|> G`Quann, fabian (~fabian@dns.gifs.de) was last seen quitting
++from #eggdev 1 week 4 days 9 hours 40 minutes 56 seconds ago
++(20.02. 01:39) stating ".....zzzzZZZzzZZZzZZZZZZZZZZzzz..".
++
++Well, it's not a very intelligent AI, it's rather brute-force. So don't
++forget to use the ai-seen-ignore setting.
++I know that's not coded very elegant, but if you configure it correctly,
++the failure-rate is way lower than with other AI scripts...
++
++DCC commands:
++-------------
++
++.seen
++.seennick
++.seenstats
++  just the same as the public versions
++.purgeseens
++  deletes expired data (this also happens automatically once a day)
++  (m)
++
++Channel Settings:
++-----------------
++
++  +noseendata
++	don't log any seen data in this channel
++  +quietseens
++	send answers directly via notice to the person who asked and
++	don't bother the rest of the channel with the reply
++  +quietaiseens
++	same as +quietseens, but for AI seens
++  +nopubseens
++	ignore every seen-command in this channel
++
++TCL commands:
++-------------
++
++There are no special tcl commands, only the usual bind procs.
++
++The only one that should be mentioned is:
++
++*pubm:seen <nick> <uhost> <hand> <chan> <text>
++  triggers the AI seen
++  returns: 1 if a reply was sent, 0 otherwise
++
++So if you're using another AI script on your bot, you can modify it to
++use this proc and avoid doubled replies this way.
++
++Other:
++------
++
++There is absolutely NO WARRANTY on this module. I do my best to make it
++work properly, but if anything gets screwed up, I'm not responsible. Use
++this module at your own risk.
++
++Feedback:
++---------
++
++Feel free to send feedback and bugreports (I hope there won't be any<g>) to
++gseen.mod@visions-of-fantasy.de
++
++The newest gseen version can always be found at:
++http://www.visions-of-fantasy.de/gseen.mod/
++
++Thanks to:
++----------
++
++- Fabian for teaching me plenty of things
++- everyone who tested the many buggy development versions :)
++- the eggdev team for developing eggdrop
++
++Most of all, I would like to thank Bass for writing bseen.tcl because alot
++of the ideas for this module came from using that tcl script. It's still the
++most powerful seen script, so if you want something that's easier to use than
++a module, get a copy of bseen.tcl.
+diff -Nur src/mod/gseen.mod/UPDATES src/mod/gseen.mod/UPDATES
+--- src/mod/gseen.mod/UPDATES	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/UPDATES	2002-10-26 13:17:46.000000000 +0200
+@@ -0,0 +1,55 @@
++Changes in gseen.mod: (since v1.0.0)
++--------------------
++
++1.1.1
++- fixed "no newline" compilation warnings that appeared on some systems.
++- fixed uninitialized "li" variable in do_seen()
++- fixed lacking compatibility to eggdrop1.4 (confirmation anyone?)
++- new option: hide-secret-chans
++
++1.1.0	(15.6.2001)
++- added multilang support
++- removed static buffers
++- organized data in a binary search tree (much faster)
++- optimized a few other things
++- added settings:
++    - fuzzy-search
++    - max-matches
++    - wildcard-search
++
++1.0.8
++- quiet-seens wasn't working for !seennick
++- added quiet-ai-seens
++- renamed nopub to nopubseens and nolog to noseendata and
++  quietseen to quietseens
++
++1.0.7
++- added compatibility to !channels
++- fixed a bug relating strict-host 0 had some strange effects on
++  !seen requests for users with ~ in their ident
++
++1.0.6
++- fixed a very evil bug that allowed anyone to crash the bot, sorry
++
++1.0.5
++- quietseens wasn't working correctly
++- added support for egg1.5's udef chansets
++
++1.0.4
++- added GPL stuff
++- changed error msg that appears if no gseen file exists
++
++1.0.3
++- readme updates
++- fixed a grammatical error in do_seen
++
++1.0.2
++- bot wanted to free a NULL pointer sometimes
++
++1.0.1
++- !seen without parameter returned stupid results :)
++- fixed little typo in .purgeseens
++- "I found 1 matches..." -> "I found 1 match..."
++
++1.0.0
++- release :)
+diff -Nur src/mod/gseen.mod/addons/gseen.selectlang.1.0.0.tcl src/mod/gseen.mod/addons/gseen.selectlang.1.0.0.tcl
+--- src/mod/gseen.mod/addons/gseen.selectlang.1.0.0.tcl	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/addons/gseen.selectlang.1.0.0.tcl	2002-10-26 13:18:14.000000000 +0200
+@@ -0,0 +1,80 @@
++#####################################################################

++#

++# gseen.selectlang v1.0.0

++#

++# This is a simple script which selects a language based on the 

++# user's host.

++#

++# It only works for /msg commands.

++#

++# If the user is in a channel which has a language defined, gseen's

++# internal functions will override this selection and use the language

++# of the channel instead.

++#

++#####################################################################

++

++

++# Here you can define which language to use for which host.

++# The first part is the mask for the host, and the second part

++# is the language which should be used for this host.

++

++set tld-langs {

++  {"*.de"		"de"}

++  {"*.at"		"de"}

++  {"*.ch"		"de"}

++  {"*.t-dialin.net"	"de"}

++  {"*.t-ipconnect.net"	"de"}

++  {"*.pl"		"pl"}

++  {"*.jp"		"ja"}

++}

++

++#################################################

++

++

++proc selectlang:getlang {uhost} {

++  global tld-langs

++  

++  foreach tld ${tld-langs} {

++    if {[string match [lindex $tld 0] $uhost]} {

++      return [lindex $tld 1]

++    }

++  }

++  return ""

++}

++

++proc sl:rebind {oldtarget newtarget} {

++  foreach binding [binds msg] {

++    if {[lindex $binding 4] == $oldtarget} {

++      unbind [lindex $binding 0] [lindex $binding 1] [lindex $binding 2] [lindex $binding 4]

++      bind [lindex $binding 0] [lindex $binding 1] [lindex $binding 2] $newtarget

++    }

++  }

++}

++

++proc sl:msg:trigger {nick uhost hand rest target} {

++  global default-slang

++  

++  set lang [selectlang:getlang $uhost]

++  set old-slang ${default-slang}

++  if {$lang != ""} {

++    set default-slang $lang

++    putlog "using '$lang'..."

++  }

++  $target $nick $uhost $hand $rest

++  set default-slang ${old-slang}

++}

++

++sl:rebind *msg:seen sl:msg:seen

++proc sl:msg:seen {nick uhost hand rest} {

++  sl:msg:trigger $nick $uhost $hand $rest *msg:seen

++}

++

++sl:rebind *msg:seenstats sl:msg:seenstats

++proc sl:msg:seenstats {nick uhost hand rest} {

++  sl:msg:trigger $nick $uhost $hand $rest *msg:seenstats

++}

++

++sl:rebind *msg:seennick sl:msg:seennick

++proc sl:msg:seennick {nick uhost hand rest} {

++  sl:msg:trigger $nick $uhost $hand $rest *msg:seennick

++}
+\ No newline at end of file
+diff -Nur src/mod/gseen.mod/ai.c src/mod/gseen.mod/ai.c
+--- src/mod/gseen.mod/ai.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/ai.c	2002-10-26 13:17:47.000000000 +0200
+@@ -0,0 +1,151 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++static int quietaiseens(char *chan)
++{
++  char buf[121], *b;
++
++  Context;
++  strncpy(buf, quiet_ai_seen, 120);
++  buf[120] = 0;
++  b = buf;
++  while (b[0])
++    if (!strcasecmp(chan, newsplit(&b)))
++      return 1;
++#if EGG_IS_MIN_VER(10503)
++  if (ngetudef("quietaiseens", chan))
++    return 1;
++#endif
++  return 0;
++}
++
++static int tcl_pubmseen STDVAR
++{
++  char *nick, *uhost, *hand, *chan, *text;
++  char buf[1024];
++  char *words, *word;
++  seendat *l;
++  int i;
++
++  Context;
++  BADARGS(6, 6, " nick uhost hand chan text");
++  nick = argv[1];
++  uhost = argv[2];
++  hand = argv[3];
++  chan = argv[4];
++  text = argv[5];
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, slang_chanlang_get(chanlangs, chan));
++  glob_nick = nick;
++  for (i = 0; i < strlen(text); i++)
++    if (strchr("!?.,\"", text[i]))
++      text[i] = ' ';
++  strncpy(buf, ignore_words, 1023);
++  buf[1023] = 0;
++  words = buf;
++  while (words[0])
++    add_ignoredword(newsplit(&words));
++  strncpy(buf, text, 1023);
++  buf[1023] = 0;
++  words = buf;
++  while (words[0]) {
++    word = newsplit(&words);
++    if (word_is_ignored(word))
++      continue;
++    l = findseen(word);
++    if (l) {
++      if (quietaiseens(chan)) {
++	set_prefix(SLNOTPREFIX);
++        dprintf(DP_HELP, "NOTICE %s :%s%s\n", nick, reply_prefix,
++        	do_seen(word, nick, uhost, chan, 0));
++      } else {
++	set_prefix(SLPUBPREFIX);
++        dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", chan, reply_prefix,
++        	do_seen(word, nick, uhost, chan, 0));
++      }
++      add_seenreq(word, nick, uhost, chan, now);
++      free_ignoredwords();
++      Tcl_AppendResult(irp, "1", NULL);
++      return TCL_OK;
++    }
++  }
++  free_ignoredwords();
++  Tcl_AppendResult(irp, "0", NULL);
++  return TCL_OK;
++}
++
++static tcl_cmds mytcls[] =
++{
++  {"*pubm:seen", tcl_pubmseen},
++  {"*chjn:gseen", gseen_chjn},
++  {"*chpt:gseen", gseen_chpt},
++  {0, 0}
++};
++
++static void add_ignoredword(char *word)
++{
++  ignoredword *l, *nl;
++
++  l = ignoredwords;
++  while (l && l->next)
++    l = l->next;
++  nl = nmalloc(sizeof(ignoredword));
++  nl->word = nmalloc(strlen(word) + 1);
++  strcpy(nl->word, word);
++  nl->next = NULL;
++  if (ignoredwords)
++    l->next = nl;
++  else
++    ignoredwords = nl;
++}
++
++static void free_ignoredwords()
++{
++  ignoredword *l, *ll;
++
++  l = ignoredwords;
++  while (l) {
++    ll = l->next;
++    nfree(l->word);
++    nfree(l);
++    l = ll;
++  }
++  ignoredwords = NULL;
++}
++
++static int expmem_ignoredwords()
++{
++  ignoredword *l;
++  int size = 0;
++
++  for (l = ignoredwords; l; l = l->next) {
++    size += sizeof(ignoredword);
++    size += strlen(l->word) + 1;
++  }
++  return size;
++}
++
++static int word_is_ignored(char *word)
++{
++  ignoredword *l;
++
++  for (l = ignoredwords; l; l = l->next)
++    if (!strcasecmp(l->word, word))
++      return 1;
++  return 0;
++}
+diff -Nur src/mod/gseen.mod/datahandling.c src/mod/gseen.mod/datahandling.c
+--- src/mod/gseen.mod/datahandling.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/datahandling.c	2002-10-26 13:17:48.000000000 +0200
+@@ -0,0 +1,151 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++
++static void write_seens()
++{
++  seenreq *r;
++  seenreq_by *b;
++  FILE *f;
++  char s[125];
++
++  Context;
++  /* putlog(LOG_MISC, "*", "Saving seen data..."); */
++  if (!gseenfile[0])
++    return;
++  sprintf(s, "%s~new", gseenfile);
++  f = fopen(s, "w");
++  chmod(s, 0600);
++  if (f == NULL) {
++    putlog(LOG_MISC, "*", "ERROR writing gseen file.");
++    return;
++  }
++  fprintf(f, "# gseen data file v1.\n");
++  write_seen_tree_target = f;
++  btree_getall(&seentree, write_seen_tree);
++  for (r = requests; r; r = r->next)
++    for (b = r->by; b; b = b->next)
++      /* @ nick by host chan when */
++      fprintf(f, "@ %s %s %s %s %lu\n", r->nick, b->who, b->host, b->chan,
++              b->when);
++  fclose(f);
++  unlink(gseenfile);
++  movefile(s, gseenfile);
++  /* putlog(LOG_MISC, "*", "Done."); */
++  return;
++}
++
++static void read_seens()
++{
++  FILE *f;
++  char buf[512], *s, *type, *nick, *host, *chan, *msg, *by;
++  time_t when;
++  int spent, iType, i;
++
++  Context;
++  f = fopen(gseenfile, "r");
++  if (f == NULL) {
++    putlog(LOG_MISC, "*", "Can't open gseen file, creating new database...");
++    return;
++  }
++  while (!feof(f)) {
++    buf[0] = 0;
++    s = buf;
++    fgets(s, 511, f);
++    i = strlen(buf);
++    if (buf[i - 1] == '\n')
++      buf[i - 1] = 0;
++    if ((buf[0] == 0) || (buf[0] == '#'))
++      continue;
++    type = newsplit(&s);
++    if (!strcmp(type, "!")) {
++      nick = newsplit(&s);
++      host = newsplit(&s);
++      chan = newsplit(&s);
++      iType = atoi(newsplit(&s));
++      when = (time_t) atoi(newsplit(&s));
++      spent = atoi(newsplit(&s));
++      msg = s;
++      add_seen(iType, nick, host, chan, msg, when, spent);
++    } else if (!strcmp(type, "@")) {
++      nick = newsplit(&s);
++      by = newsplit(&s);
++      host = newsplit(&s);
++      chan = newsplit(&s);
++      when = (time_t) atoi(newsplit(&s));
++      add_seenreq(nick, by, host, chan, when);
++    }
++  }
++  fclose(f);
++  Context;
++  return;
++}
++
++static void purge_seens()
++{
++  seenreq *r, *rr;
++  seenreq_by *b, *bb;
++
++  Context;
++  if (!expire_seens)
++    return;
++  btree_getall_expanded(&seentree, purge_seen_tree);
++  debug0("purge done");
++  r = requests;
++  rr = NULL;
++  while (r) {
++    b = r->by;
++    bb = NULL;
++    while (b) {
++      if ((now - b->when) > (expire_seens * 86400)) {
++        debug2("request for %s from %s has expired.", r->nick, b->who);
++        nfree(b->who);
++        nfree(b->host);
++        nfree(b->chan);
++        if (bb) {
++          bb->next = b->next;
++          nfree(b);
++          b = bb->next;
++        } else {
++          r->by = b->next;
++          nfree(b);
++          b = r->by;
++        }
++      } else {
++        bb = b;
++        b = b->next;
++      }
++    }
++    if (!r->by) {
++      debug1("no further seen requests for %s, deleting", r->nick);
++      nfree(r->nick);
++      if (rr) {
++        rr->next = r->next;
++        nfree(r);
++        r = rr->next;
++      } else {
++        requests = r->next;
++        nfree(r);
++        r = requests;
++      }
++    } else {
++      rr = r;
++      r = r->next;
++    }
++  }
++}
+diff -Nur src/mod/gseen.mod/do_seen.c src/mod/gseen.mod/do_seen.c
+--- src/mod/gseen.mod/do_seen.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/do_seen.c	2002-10-26 13:17:50.000000000 +0200
+@@ -0,0 +1,840 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++/* do_seen(): Checks if someone matches the mask, and returns the reply
++ * mask : first paramater (e.g. "G`Quann", "G`Quann", "*!*@*.isp.de", ...)
++ * nick : nick of the one, who triggered the command
++ * uhost: user@host of nick
++ * chan : chan, where the command was triggered
++ * bns  :
++ *        1 : do a botnet-seen if no matches are found
++ *        0 : don't do a botnet-seen
++ *       -1 : return NULL instead of text, if no matches were found
++ *            (necessary for botnet seen)
++ */
++static char *do_seen(char *mask, char *nick, char *uhost, char *chan, int bns)
++{
++  char hostbuf[UHOSTLEN + 1], *host, *newhost, *tmp, *dur;
++  seendat *l;
++  gseenres *r;
++  int wild, nr;
++  char bnquery[256];
++  struct userrec *u;
++  struct laston_info *li;
++  struct chanset_t *ch;
++
++  Context;
++  start_seentime_calc();
++  if (seen_reply) {
++    nfree(seen_reply);
++    seen_reply = NULL;
++  }
++  l = NULL;
++  li = NULL;
++  host = hostbuf;
++  newhost = NULL;
++  mask = newsplit(&mask);
++  glob_query = mask;
++  while (mask[0] == ' ')
++    mask++;
++  if (!mask[0]) {
++    return SLNOPARAM;
++  }
++  if (strchr(mask, '?') || strchr(mask, '*')) {
++    // if wildcard-searches ares not allowed, then either return
++    // NULL (for botnet-seen), or a appropriate warning
++    if (!wildcard_search) {
++      if (bns == -1)
++        return NULL;
++      else
++        return SLNOWILDCARDS;
++    } else
++      wild = 1;
++  } else {
++    if (strlen(mask) > seen_nick_len) // don't process if requested nick is too long
++      return SLTOOLONGNICK;      // (e.g. stop stupid jokes)
++    if (!strcasecmp(mask, nick)) {
++      return SLMIRROR;
++    }
++    // check if the nick is on the current channel
++    if (onchan(mask, chan))
++      return SLONCHAN;
++    if ((glob_othernick = handonchan(mask, chan)))
++      return SLHANDONCHAN;
++    // check if it is on any other channel
++    if ((ch = onanychan(mask))) {
++#if EGG_IS_MIN_VER(10500)
++      if (!secretchan(ch->dname)) {
++	glob_otherchan = ch->dname;
++        return SLONOTHERCHAN;
++      }
++#else
++      if (!secretchan(ch->name)) {
++	glob_otherchan = ch->name;
++        return SLONOTHERCHAN;
++      }
++#endif
++    }
++    // check if the user who uses this handle is on the channel under
++    // a different nick
++    if ((ch = handonanychan(mask))) {
++#if EGG_IS_MIN_VER(10500)
++      if (!secretchan(ch->dname)) {
++        glob_otherchan = ch->dname;
++        return SLONOTHERCHAN;
++      }
++#else
++      if (!secretchan(ch->name)) {
++        glob_otherchan = ch->name;
++        return SLONOTHERCHAN;
++      }
++#endif
++    }
++    add_seenreq(mask, nick, uhost, chan, now);
++    wild = 0;
++    l = findseen(mask);
++    // if there's a result, and if we don't want to search for the same user
++    // under a different nick, just make a do_seennick on the result
++    if (l && !fuzzy_search) {
++      tmp = do_seennick(l);
++      end_seentime_calc();
++      return tmp;
++    }
++    if (!l) {
++      u = get_user_by_handle(userlist, mask);
++      if (u) {
++        li = get_user(&USERENTRY_LASTON, u);
++      }
++      if (!u || !li) {
++        if (bns == -1) {       // if bns is 0, then do_seen() was triggered by
++          end_seentime_calc(); // a botnet seen function, which needs a clear
++          return NULL;         // NULL to detect if there was a result or not
++        }
++        tmp = SLNOTSEEN;
++        if (bns && ((strlen(mask) + strlen(nick) + strlen(uhost)
++            + strlen(chan) + 20) < 255)) {
++          debug0("trying botnet seen");
++          if (bnsnick)
++            nfree(bnsnick);
++          if (bnschan)
++            nfree(bnschan);
++          bnsnick = nmalloc(strlen(nick) + 1);
++          strcpy(bnsnick, nick);
++          bnschan = nmalloc(strlen(chan) + 1);
++          strcpy(bnschan, chan);
++          sprintf(bnquery, "gseen_req %s %s %s %s", mask, nick, uhost, chan);
++          botnet_send_zapf_broad(-1, botnetnick, NULL, bnquery);
++        }
++      } else {
++        // we have a matching handle, no seen-entry, but a laston entry
++        // in the userbase, so let's just return that one.
++        dur = gseen_duration(now - li->laston);
++        glob_laston = dur;
++        tmp = SLPOORSEEN;
++        seen_reply = nmalloc(strlen(tmp) + 1);
++        strcpy(seen_reply, tmp);
++        end_seentime_calc();
++        return seen_reply;
++      }
++      end_seentime_calc();
++      return tmp;
++    }
++    // now prepare the host for fuzzy-search
++    if (strlen(l->host) < UHOSTLEN) {
++      maskstricthost(l->host, host);
++      host = strchr(host, '!') + 1; // strip nick from host for faster search
++    } else {
++      end_seentime_calc();
++      return "error, too long host";
++    }
++  }
++  if (l && (l->type == SEEN_CHPT)) {
++    tmp = do_seennick(l);
++    end_seentime_calc();
++    return tmp;
++  }
++  numresults = 0;
++  // wildmatch_seens uses a global var to store hosts in it
++  // (to prevent massive nmalloc/nfree-usage), so don't forget
++  // to initialize and free it
++  temp_wildmatch_host = my_malloc(1);
++  wildmatch_seens(host, mask, wild);
++  my_free(temp_wildmatch_host);
++  temp_wildmatch_host = NULL;
++  if (!results) {
++    end_seentime_calc();
++    if (bns == -1)
++      return NULL; // let the botnet seen function know, that seen failed
++    return SLNOMATCH;
++  }
++  if (numresults >= max_matches) {
++    end_seentime_calc();
++    free_seenresults();
++    return SLTOOMANYMATCHES;
++  }
++  sortresults();
++  if (strcasecmp(results->seen->nick, mask)) {
++    // if the user's latest nick is not the nick for which we were searching,
++    // say that there were multiple matches and display the latest one
++    if (numresults == 1)
++      tmp = SLONEMATCH;
++    else if (numresults <= 5)
++      tmp = SLLITTLEMATCHES;
++    else
++      tmp = SLMANYMATCHES;
++    seen_reply = nmalloc(strlen(tmp) + 1);
++    strcpy(seen_reply, tmp);
++    nr = 0;
++    for (r = results; (r && (nr < 5)); r = r->next) {
++      nr++;
++      if (nr > 1) {
++        seen_reply = nrealloc(seen_reply, 1 + strlen(seen_reply) + 1 + strlen(r->seen->nick) + 1);
++        strcat(seen_reply, ", ");
++      } else {
++	seen_reply = nrealloc(seen_reply, 1 + strlen(seen_reply) + strlen(r->seen->nick) + 1);
++        strcat(seen_reply, " ");
++      }
++      strcat(seen_reply, r->seen->nick);
++    }
++    tmp = do_seennick(results->seen);
++    seen_reply = nrealloc(seen_reply, 2 + strlen(seen_reply) + strlen(tmp) + 1);
++    sprintf(seen_reply, "%s. %s", seen_reply, tmp);
++  } else { // first result is the nick which we were searching for
++    // just return the info for this nick and don't care about other results
++    tmp = do_seennick(results->seen);
++    seen_reply = nmalloc(strlen(tmp) + 1);
++    strcpy(seen_reply, tmp);
++  }
++  free_seenresults();
++  end_seentime_calc();
++  return seen_reply;
++}
++
++/* do_seennick():
++ * takes a seen-dataset and produces the corresponding reply basically
++ * by referencing to the lang entry with the same number as the seen-type.
++ */
++static char *do_seennick(seendat *l)
++{
++//  char buf[256], *msg;
++  int stype;
++
++  Context;
++  if (!l) {
++    debug0("ERROR! Tryed to do a seennick on a NULL pointer!");
++    return "ERROR! seendat == NULL!!!";
++  }
++  glob_seendat = l;
++  // l->type is the basic language-entry-number
++  stype = l->type + 100;
++  // in some cases, we might need a special reply, so modify the
++  // number if neccessary
++  switch (l->type) {
++    case SEEN_JOIN:
++      if (!onchan(l->nick, l->chan))
++        stype += 20;
++      break;
++    case SEEN_PART:
++      /* nothing to do here */
++      break;
++    case SEEN_SIGN:
++      /* nothing again */
++      break;
++    case SEEN_NICK:
++      if (!onchan(l->msg, l->chan))
++        stype += 20;
++      break;
++    case SEEN_NCKF:
++      if (!onchan(l->nick, l->chan))
++        stype += 20;
++      break;
++    case SEEN_KICK:
++/*      msg = buf;
++      strncpy(buf, l->msg, 255);
++      msg[255] = 0;
++      sglobpunisher = newsplit(&msg);
++      sglobreason = msg; */
++      break;
++    case SEEN_SPLT:
++      /* nothing to do here */
++      break;
++    case SEEN_REJN:
++      if (!onchan(l->nick, l->chan))
++        stype += 20;
++      break;
++    case SEEN_CHJN:
++    case SEEN_CHPT:
++      if (!strcmp(l->chan, "0"))
++        stype += 20;
++      break;
++    default:
++      stype = 140;
++  }
++  return getslang(stype);
++}
++
++/* findseens():
++ * interface for webseen.mod
++ * find all results for a query and return a pointer to this list
++ * (basically the core of do_seen())
++ */
++static gseenres *findseens(char *mask, int *ret, int fuzzy)
++{
++  char hostbuf[UHOSTLEN + 1], *host, *newhost;
++  seendat *l;
++  int wild;
++
++  Context;
++  start_seentime_calc();
++  *ret = WS_OK;
++  l = NULL;
++  host = hostbuf;
++  newhost = NULL;
++  mask = newsplit(&mask);
++  while (mask[0] == ' ')
++    mask++;
++  if (!mask[0]) {
++    *ret = WS_NOPARAM;
++    return NULL;
++  }
++  if (strchr(mask, '?') || strchr(mask, '*')) {
++    // if wildcard-searches ares not allowed, then either return
++    // NULL (for botnet-seen), or a appropriate warning
++    if (!wildcard_search) {
++      *ret = WS_NOWILDCARDS;
++      return NULL;
++    }
++    wild = 1;
++  } else {
++    if (strlen(mask) > seen_nick_len) { // don't process if requested nick is too long
++      *ret = WS_TOOLONGNICK;       // (e.g. stop stupid jokes)
++      return NULL;
++    }
++    add_seenreq(mask, "www-user", "unknown_host", "webinterface", now);
++    wild = 0;
++    l = findseen(mask);
++    // if there's a result, and if we don't want to search for the same user
++    // under a different nick, just return this result
++    if (l && (!fuzzy_search || !fuzzy)) {
++      numresults = 1;
++      add_seenresult(l);
++      end_seentime_calc();
++      return results;
++    }
++    if (!l) {
++      // no matching user was found :(
++      *ret = WS_NORESULT;
++      end_seentime_calc();
++      return NULL;
++    }
++    // now prepare the host for fuzzy-search
++    if (strlen(l->host) < UHOSTLEN) {
++      maskstricthost(l->host, host);
++      host = strchr(host, '!') + 1; // strip nick from host for faster search
++    } else {
++      *ret = WS_TOOLONGHOST;
++      end_seentime_calc();
++      return NULL;
++    }
++  }
++  if (l && (l->type == SEEN_CHPT)) {
++    numresults = 1;
++    add_seenresult(l);
++    end_seentime_calc();
++    return results;
++  }
++  numresults = 0;
++  // wildmatch_seens uses a global var to store hosts in it
++  // (to prevent massive nmalloc/nfree-usage), so don't forget
++  // to initialize and free it
++  temp_wildmatch_host = my_malloc(1);
++  wildmatch_seens(host, mask, wild);
++  my_free(temp_wildmatch_host);
++  temp_wildmatch_host = NULL;
++  if (!results) {
++    // no match :(
++    *ret = WS_NORESULT;
++    end_seentime_calc();
++    return NULL;
++  }
++  if (numresults >= max_matches) {
++    free_seenresults();
++    *ret = WS_TOOMANYMATCHES;
++    end_seentime_calc();
++    return NULL;
++  }
++  sortresults();
++  *ret = 0;
++  end_seentime_calc();
++  return results;
++}
++
++
++char seenstats_reply[512];
++static char *do_seenstats()
++{
++  glob_totalnicks = count_seens();
++  glob_totalbytes = gseen_expmem();
++  sprintf(seenstats_reply, "%s", SLSEENSTATS);
++  return seenstats_reply;
++}
++
++// add an seen result (to the top of the list)
++static void add_seenresult(seendat *seen)
++{
++  gseenres *nl;
++
++  numresults++;
++  if (numresults > max_matches)
++    return;
++  nl = nmalloc(sizeof(gseenres));
++  nl->seen = seen;
++  nl->next = results;
++  results = nl;
++}
++
++static int expmem_seenresults()
++{
++  int bytes = 0;
++  gseenres *l;
++
++  for (l = results; l; l = l->next)
++    bytes += sizeof(gseenres);
++  return bytes;
++}
++
++static void free_seenresults()
++{
++  gseenres *l, *ll;
++
++  l = results;
++  while (l) {
++    ll = l->next;
++    nfree(l);
++    l = ll;
++  }
++  results = NULL;
++}
++
++static void sortresults()
++{
++  int again = 1;
++  gseenres *last, *p, *c, *n;
++  int a, b;
++
++  Context;
++  again = 1;
++  last = NULL;
++  while ((results != last) && (again)) {
++    p = NULL;
++    c = results;
++    n = c->next;
++    again = 0;
++    while (n != last) {
++      if (!c || !n)
++        a = b = 0;
++      else
++        a = c->seen->when;
++        b = n->seen->when;
++      if (a < b) {
++  again = 1;
++  c->next = n->next;
++  n->next = c;
++  if (p == NULL)
++    results = n;
++  else
++    p->next = n;
++      }
++      p = c;
++      c = n;
++      n = n->next;
++    }
++    last = c;
++  }
++  Context;
++  return;
++}
++
++static void sortrequests(seenreq *l)
++{
++  int again = 1;
++  seenreq_by *last, *p, *c, *n;
++  int a, b;
++
++  Context;
++  again = 1;
++  last = NULL;
++  while ((l->by != last) && (again)) {
++    p = NULL;
++    c = l->by;
++    n = c->next;
++    again = 0;
++    while (n != last) {
++      if (!c || !n)
++        a = b = 0;
++      else
++        a = c->when;
++        b = n->when;
++      if (a < b) {
++  again = 1;
++  c->next = n->next;
++  n->next = c;
++  if (p == NULL)
++    l->by = n;
++  else
++    p->next = n;
++      }
++      p = c;
++      c = n;
++      n = n->next;
++    }
++    last = c;
++  }
++  Context;
++  return;
++}
++
++/* stolen from tcl_duration in tclmisc.c */
++char gs_duration_temp[256];
++static char *gseen_duration(int seconds)
++{
++  char s[256];
++  time_t sec;
++
++  sec = seconds;
++  s[0] = 0;
++  if (sec < 1) {
++    snprintf(gs_duration_temp, sizeof(gs_duration_temp), "%s", SLSOMETIME);
++    return gs_duration_temp;
++  }
++  if (sec < 60) {
++    sprintf(gs_duration_temp, "%d %s", (int) (sec / 1),
++            ((int) (sec / 1) > 1) ? SLSECONDS : SLSECOND);
++    return gs_duration_temp;
++  }
++  if (sec >= 31536000) {
++    sprintf(s, "%d %s ", (int) (sec / 31536000),
++            ((int) (sec / 31536000) > 1) ? SLYEARS : SLYEAR);
++    sec -= (((int) (sec / 31536000)) * 31536000);
++  }
++  if (sec >= 604800) {
++    sprintf(&s[strlen(s)], "%d %s ", (int) (sec / 604800),
++            ((int) (sec / 604800) > 1) ? SLWEEKS : SLWEEK);
++    sec -= (((int) (sec / 604800)) * 604800);
++  }
++  if (sec >= 86400) {
++    sprintf(&s[strlen(s)], "%d %s ", (int) (sec / 86400),
++            ((int) (sec / 86400) > 1) ? SLDAYS : SLDAY);
++    sec -= (((int) (sec / 86400)) * 86400);
++  }
++  if (sec >= 3600) {
++    sprintf(&s[strlen(s)], "%d %s ", (int) (sec / 3600),
++            ((int) (sec / 3600) > 1) ? SLHOURS : SLHOUR);
++    sec -= (((int) (sec / 3600)) * 3600);
++  }
++  if (sec >= 60) {
++    sprintf(&s[strlen(s)], "%d %s ", (int) (sec / 60),
++            ((int) (sec / 60) > 1) ? SLMINUTES : SLMINUTE);
++    sec -= (((int) (sec / 60)) * 60);
++  }
++  strcpy(gs_duration_temp, s);
++  if (gs_duration_temp[strlen(gs_duration_temp) - 1] == ' ')
++    gs_duration_temp[strlen(gs_duration_temp) - 1] = 0;
++  return gs_duration_temp;
++}
++
++static int onchan(char *nick, char *chan)
++{
++  struct chanset_t *ch;
++  memberlist *m;
++
++  ch = findchan_by_dname(chan);
++  if (!ch)
++    return 0;
++  m = ismember(ch, nick);
++  if (!m)
++    return 0;
++  else if (chan_issplit(m))
++    return 0;
++  else
++    return 1;
++}
++
++/* handonchan():
++ * checks if the given user is on the channel and returns its nick
++ */
++static char *handonchan(char *hand, char *chan)
++{
++  struct chanset_t *ch;
++  memberlist *m;
++
++  ch = findchan_by_dname(chan);
++  if (!ch)
++    return 0;
++  if (ch->channel.members > 0) {
++    for (m = ch->channel.member; m; m = m->next) {
++      if (m->user) {
++        if (m->user->handle && !rfc_casecmp(m->user->handle, hand))
++          return m->nick;
++      }
++    }
++  }
++  return NULL;
++}
++
++/* onanychan():
++ * checks if the given nickname is on any of the bot's chans.
++ */
++static struct chanset_t *onanychan(char *nick)
++{
++  struct chanset_t *ch;
++  memberlist *m;
++
++  for (ch = chanset; ch; ch = ch->next) {
++    m = ismember(ch, nick);
++    if (m && !chan_issplit(m))
++      return ch;
++  }
++  return NULL;
++}
++
++/* handonanychan():
++ * checks if the given user is on any channel (no matter under which nick)
++ */
++static struct chanset_t *handonanychan(char *hand)
++{
++  struct chanset_t *ch;
++  memberlist *m;
++
++  for (ch = chanset; ch; ch = ch->next) {
++    if (ch->channel.members > 0) {
++      for (m = ch->channel.member; m; m = m->next) {
++        if (m->user) {
++          if (m->user->handle && !rfc_casecmp(m->user->handle, hand))
++            return ch;
++        }
++      }
++    }
++  }
++  return NULL;
++}
++
++static void add_seenreq(char *nick, char *from, char *host, char *chan,
++			time_t when)
++{
++  seenreq *l, *nl;
++  seenreq_by *b, *nb;
++  char buf[10] = "[secret]";
++
++  Context;
++  if (!tell_seens)
++    return;
++  if (strcmp(chan, "[partyline]") && secretchan(chan))
++    chan = buf;
++  for (l = requests; l; l = l->next) {
++    if (!strcasecmp(nick, l->nick)) {
++      for (b = l->by; b; b = b->next) {
++	if (!strcasecmp(from, b->who)) {
++	  nfree(b->chan);
++	  b->chan = nmalloc(strlen(chan) + 1);
++	  strcpy(b->chan, chan);
++	  b->when = when;
++	  return;
++	}
++      }
++      b = l->by;
++      while (b && b->next)
++        b = b->next;
++      nb = nmalloc(sizeof(seenreq_by));
++      nb->who = nmalloc(strlen(from) + 1);
++      strcpy(nb->who, from);
++      nb->host = nmalloc(strlen(host) + 1);
++      strcpy(nb->host, host);
++      nb->chan = nmalloc(strlen(chan) + 1);
++      strcpy(nb->chan, chan);
++      nb->when = when;
++      nb->next = NULL;
++      if (l->by)
++        b->next = nb;
++      else
++        l->by = nb;
++      return;
++    }
++  }
++  nb = nmalloc(sizeof(seenreq_by));
++  nb->who = nmalloc(strlen(from) + 1);
++  strcpy(nb->who, from);
++  nb->host = nmalloc(strlen(host) + 1);
++  strcpy(nb->host, host);
++  nb->chan = nmalloc(strlen(chan) + 1);
++  strcpy(nb->chan, chan);
++  nb->when = when;
++  nb->next = NULL;
++  l = requests;
++  while (l && l->next)
++    l = l->next;
++  nl = nmalloc(sizeof(seenreq));
++  nl->nick = nmalloc(strlen(nick) + 1);
++  strcpy(nl->nick, nick);
++  nl->by = nb;
++  nl->next = NULL;
++  if (requests)
++    l->next = nl;
++  else
++    requests = nl;
++}
++
++static int expmem_seenreq()
++{
++  seenreq *l;
++  seenreq_by *b;
++  int size;
++
++  size = 0;
++  for (l = requests; l; l = l->next) {
++    size += sizeof(seenreq);
++    size += strlen(l->nick) + 1;
++    for (b = l->by; b; b = b->next) {
++      size += sizeof(seenreq_by);
++      size += strlen(b->who) + 1;
++      size += strlen(b->host) + 1;
++      size += strlen(b->chan) + 1;
++    }
++  }
++  return size;
++}
++
++static int count_seenreq(seenreq_by *b)
++{
++  seenreq_by *l;
++  int nr;
++
++  nr = 0;
++  for (l = b; l; l = l->next)
++    nr++;
++  return nr;
++}
++
++static void free_seenreq()
++{
++  seenreq *l, *ll;
++  seenreq_by *b, *bb;
++
++  Context;
++  l = requests;
++  while (l) {
++    b = l->by;
++    while (b) {
++      bb = b->next;
++      nfree(b->who);
++      nfree(b->host);
++      nfree(b->chan);
++      nfree(b);
++      b = bb;
++    }
++    ll = l->next;
++    nfree(l->nick);
++    nfree(l);
++    l = ll;
++  }
++  requests = NULL;
++}
++
++static void report_seenreq(char *channel, char *nick)
++{
++  seenreq *l, *ll;
++  seenreq_by *b, *bb;
++  char *reply, *tmp;
++  int nr;
++
++  if (!tell_seens)
++    return;
++  ll = NULL;
++  l = requests;
++  reply = NULL;
++  while (l) {
++    if (!strcasecmp(l->nick, nick)) {
++      reset_global_vars();
++      glob_slang = slang_find(coreslangs, slang_chanlang_get(chanlangs, channel));
++      glob_nick = nick;
++      nr = count_seenreq(l->by);
++      if (nr == 1) {
++        glob_seenrequest = l;
++        dprintf(DP_HELP, "NOTICE %s :%s\n", l->nick, SLONELOOK);
++      } else {
++        sortrequests(l);
++        glob_seenrequest = l;
++        glob_seenrequests = nr;
++        tmp = SLMORELOOKS;
++        reply = nmalloc(strlen(tmp) + 1);
++	    strcpy(reply, tmp);
++	    nr = 0;
++        for (b = l->by; b; b = b->next) {
++          nr++;
++          reply = nrealloc(reply, strlen(reply) + ((nr == 1) ? 1 : 2) + strlen(b->who) + 1);
++          sprintf(reply, "%s%s%s", reply, (nr == 1) ? " " : ", ", b->who);
++	    }
++        tmp = SLLASTLOOK;
++        reply = nrealloc(reply, strlen(reply) + 2 + strlen(tmp) + 1);
++        sprintf(reply, "%s. %s", reply, tmp);
++	    dprintf(DP_HELP, "NOTICE %s :%s\n", l->nick, reply);
++        nfree(reply);
++      }
++      b = l->by;
++      while (b) {
++        bb = b->next;
++        nfree(b->who);
++        nfree(b->host);
++        nfree(b->chan);
++        nfree(b);
++        b = bb;
++      }
++      nfree(l->nick);
++      if (ll)
++        ll->next = l->next;
++      else
++        requests = l->next;
++      nfree(l);
++      if (ll)
++        l = ll->next;
++      else
++        l = requests;
++    } else {
++      ll = l;
++      l = l->next;
++    }
++  }
++}
++
++static void start_seentime_calc()
++{
++  struct timeval t;
++
++  gettimeofday(&t, NULL);
++  glob_presearch = (float) t.tv_sec + (((float) t.tv_usec) / 1000000);
++}
++
++static void end_seentime_calc()
++{
++  struct timeval t;
++
++  gettimeofday(&t, NULL);
++  glob_aftersearch = (float) t.tv_sec + (((float) t.tv_usec) / 1000000);
++  glob_total_searchtime += glob_aftersearch - glob_presearch;
++  glob_total_queries++;
++}
+diff -Nur src/mod/gseen.mod/generic_binary_tree.c src/mod/gseen.mod/generic_binary_tree.c
+--- src/mod/gseen.mod/generic_binary_tree.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/generic_binary_tree.c	2002-10-26 13:17:51.000000000 +0200
+@@ -0,0 +1,311 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++#define GENERIC_BINARY_TREE 1
++
++struct generic_binary_tree {
++  void *root;
++  int (*comparedata) (void *data1, void *data2);
++  int (*expmemdata) (void *data);
++  void (*freedata) (void *data);
++};
++
++struct generic_binary_tree_node {
++  void *data;
++  void *left;
++  void *right;
++};
++
++static void btree_add(struct generic_binary_tree *, void *);
++static int btree_expmem(struct generic_binary_tree *);
++static int btree_recursive_expmem(struct generic_binary_tree *, struct generic_binary_tree_node *);
++static void *btree_get(struct generic_binary_tree *, void *t);
++static void btree_freetree(struct generic_binary_tree *);
++static void btree_recursive_free(struct generic_binary_tree *,
++                                 struct generic_binary_tree_node *);
++static void btree_getall(struct generic_binary_tree *, void (*) (void *));
++static void btree_recursive_getall(struct generic_binary_tree_node *,
++                                   void (*) (void *));
++static void btree_getall_expanded(struct generic_binary_tree *tree, void (*) (void *));
++static void btree_recursive_getall_expanded(struct generic_binary_tree_node *,
++                                            void (*) (void *));
++static void btree_remove(struct generic_binary_tree *, void *);
++
++static void btree_add(struct generic_binary_tree *tree, void *data)
++{
++  struct generic_binary_tree_node *node, *lastnode;
++  int cmp, lastcmp;
++
++  Assert(tree);
++  Assert(data);
++  cmp = lastcmp = 0;
++  node = tree->root;
++  lastnode = NULL;
++  while (node) {
++    cmp = tree->comparedata(node->data, data);
++    if (!cmp) {
++      // item is identical -> free old data and insert new
++      tree->freedata(node->data);
++      node->data = data;
++      return;
++    }
++    lastnode = node;
++    lastcmp = cmp;
++    if (cmp < 0)
++      node = node->left;
++    else
++      node = node->right;
++  }
++  node = nmalloc(sizeof(struct generic_binary_tree_node));
++  node->left = NULL;
++  node->right = NULL;
++  node->data = data;
++  if (!lastnode)
++    tree->root = node;
++  else {
++    Assert(lastcmp);
++    if (lastcmp < 0) {
++      Assert(!lastnode->left);
++      lastnode->left = node;
++    } else {
++      Assert(!lastnode->right);
++      lastnode->right = node;
++    }
++  }
++}
++
++static int btree_expmem(struct generic_binary_tree *tree)
++{
++  int size = 0;
++
++  Assert(tree);
++  size += btree_recursive_expmem(tree, tree->root);
++  return size;
++}
++
++static int btree_recursive_expmem(struct generic_binary_tree *tree, struct generic_binary_tree_node *node)
++{
++  int size = 0;
++
++  if (!node)
++    return 0;
++  size += sizeof(struct generic_binary_tree_node);
++  size += tree->expmemdata(node->data);
++  size += btree_recursive_expmem(tree, node->left);
++  size += btree_recursive_expmem(tree, node->right);
++  return size;
++}
++
++static void *btree_get(struct generic_binary_tree *tree, void *what)
++{
++  struct generic_binary_tree_node *node;
++  int cmp;
++
++  node = tree->root;
++  while (node) {
++    cmp = tree->comparedata(node->data, what);
++    if (!cmp)
++      return node->data;
++    if (cmp < 0)
++      node = node->left;
++    else
++      node = node->right;
++  }
++  return NULL;
++}
++
++static void btree_freetree(struct generic_binary_tree *tree)
++{
++  btree_recursive_free(tree, tree->root);
++}
++
++static void btree_recursive_free(struct generic_binary_tree *tree,
++                                 struct generic_binary_tree_node *node)
++{
++  if (!node)
++    return;
++  btree_recursive_free(tree, node->left);
++  btree_recursive_free(tree, node->right);
++  tree->freedata(node->data);
++  nfree(node);
++}
++
++/* btree_getall():
++ * calls the specified function for each item in the tree.
++ * NOTE: getall() calls the proc _before_ it proceeds into recursion. This way,
++ *       one can savely store the tree into a file without mixing up its form.
++ *       But if you delete an item from the called prcedure, this function
++ *       WILL crash. Use btree_getall() expanded instead.
++ */
++static void btree_getall(struct generic_binary_tree *tree, void (*func) (void *))
++{
++  Assert(tree);
++  btree_recursive_getall(tree->root, func);
++}
++
++static void btree_recursive_getall(struct generic_binary_tree_node *node,
++                                   void (*func) (void *))
++{
++  if (!node)
++    return;
++  // first call the function, then proceed into recursion
++  // this way, the tree keeps in form if its saved to a file, for example
++  Assert(func);
++  func(node->data);
++
++  btree_recursive_getall(node->left, func);
++  btree_recursive_getall(node->right, func);
++}
++
++/* btree_getall_expanded():
++ * the same as btree_getall(), but calls the function after the greatest level of recursion
++ * has been reached. The node-pointers won't be accessed anymore when the first function
++ * gets called. You can savely use this to free items.
++ */
++static void btree_getall_expanded(struct generic_binary_tree *tree, void (*func) (void *))
++{
++  Assert(tree);
++  btree_recursive_getall_expanded(tree->root, func);
++}
++
++static void btree_recursive_getall_expanded(struct generic_binary_tree_node *node,
++                                            void (*func) (void *))
++{
++  if (!node)
++    return;
++  btree_recursive_getall_expanded(node->left, func);
++  btree_recursive_getall_expanded(node->right, func);
++
++  Assert(func);
++  func(node->data);
++}
++
++static void btree_remove(struct generic_binary_tree *tree, void *data)
++{
++  struct generic_binary_tree_node *node, *last, *largenode, *lastlarge;
++  int ret, lastret;
++
++  Assert(tree);
++  Assert(data);
++  last = NULL;
++  lastret = 0;
++  node = tree->root;
++  while (node) {
++    ret = tree->comparedata(node->data, data);
++    if (ret == 0)
++      break;
++    last = node;
++    lastret = ret;
++    if (ret < 0)
++      node = node->left;
++    else
++      node = node->right;
++  }
++  if (!node)  // oops, item not found
++    return;
++  if (!node->left && !node->right) {
++    // *freu* no sub-branches! We can easily delete this item.
++    if (last) {
++      if (lastret < 0)
++        last->left = NULL;
++      else
++        last->right = NULL;
++    } else
++      tree->root = NULL;
++  } else if (!node->left) {
++    // also pretty easy. Just connect the child to the parent.
++    if (last) {
++      if (lastret < 0)
++        last->left = node->right;
++      else
++        last->right = node->right;
++    } else
++      tree->root = node->right;
++  } else if (!node->right) {
++    // same as above, but mirrored
++    if (last) {
++      if (lastret < 0)
++        last->left = node->left;
++      else
++        last->right = node->left;
++    } else
++      tree->root = node->left;
++  } else {
++    // aaargh... two sub-trees! The world is not fair... *sigh*
++    debug0("argl... worst case, two subtrees. :( Let's pray...");
++    // now we take the largest item from the left subtree and replace the
++    // doomed node with it.
++    // since it is the largest val, the tree remains valid and doesn't
++    // get deformed too much.
++
++    // at first, we have to find this node and cut it from the tree
++    largenode = node->left;
++    lastlarge = NULL;
++    while (largenode && largenode->right) {
++      lastlarge = largenode;
++      largenode = largenode->right;
++    }
++
++    // only set largenode->left to node->left if largenode exists.
++    // otherwise node->left points to largenode, which would result
++    // in a nice short-circuit
++    // If it does not exist, just leave largenode->left as it is because we just
++    // move largenode one level up, so it can keep its left subtree.
++    if (lastlarge) {
++      lastlarge->right = largenode->left;
++      largenode->left = node->left;
++    }
++
++    // now connect node's subtrees to it
++    largenode->right = node->right;
++
++    // and finally replace node with largenode
++    if (last) {
++      if (lastret < 0)
++        last->left = largenode;
++      else
++        last->right = largenode;
++    } else
++      tree->root = largenode;
++  }
++  // finally kill the node... we shouldn't need it anymore
++  tree->freedata(node->data);
++  nfree(node);
++  node = NULL;
++}
++
++#ifdef BTREE_WITHOPTIMIZE
++static void btree_optimize(struct generic_binary_tree *tree,
++                           struct generic_binary_tree_node *node,
++                           struct generic_binary_tree_node *last,
++                           int limit)
++{
++/*  int leftdepth, rightdepth;
++
++  if (!node)
++    return;
++  btree_optimize(tree, node->left, node, last, limit);
++  btree_optimize(tree, node->right, node, last, limit);
++  leftdepth = btree_depth(node->left);
++  rightdepth = btree_depth(node->right);
++  if ((leftdepth - rightdepth) > limit) {
++
++  }
++*/
++}
++#endif
+diff -Nur src/mod/gseen.mod/global_vars.c src/mod/gseen.mod/global_vars.c
+--- src/mod/gseen.mod/global_vars.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/global_vars.c	2002-10-26 13:18:09.000000000 +0200
+@@ -0,0 +1,34 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++static char *glob_query, *glob_laston, *glob_otherchan, *glob_othernick;
++static char *glob_remotebot, *glob_nick;
++static struct slang_header *glob_slang;
++static seendat *glob_seendat;
++static seenreq *glob_seenrequest;
++static int glob_seenrequests, glob_totalnicks, glob_totalbytes;
++
++static void reset_global_vars()
++{
++  glob_query = glob_laston = glob_otherchan = glob_othernick = NULL;
++  glob_remotebot = glob_nick = NULL;
++  glob_seendat = NULL;
++  glob_slang = NULL;
++  glob_seenrequest = NULL;
++  glob_seenrequests = glob_totalnicks = glob_totalbytes = 0;
++}
+diff -Nur src/mod/gseen.mod/gseen.c src/mod/gseen.mod/gseen.c
+--- src/mod/gseen.mod/gseen.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/gseen.c	2002-10-26 14:24:48.000000000 +0200
+@@ -0,0 +1,328 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++#define MAKING_GSEEN
++#define MODULE_NAME "gseen"
++#define MODULE_VERSION "1.1.1 dev3"
++#define MODULE_NUMVERSION 10100
++#include "../module.h"
++#include "../irc.mod/irc.h"
++#include "../server.mod/server.h"
++#include "../channels.mod/channels.h"
++#include <stdlib.h>
++#include <sys/stat.h>
++#include <time.h> /* for time_t */
++
++#undef global
++static Function *global = NULL, *irc_funcs = NULL, *server_funcs = NULL, *channels_funcs = NULL;
++
++#ifndef EGG_IS_MIN_VER
++#define EGG_IS_MIN_VER(ver)             ((ver) <= 10400)
++#endif
++
++#ifndef EGG_IS_MAX_VER
++#define EGG_IS_MAX_VER(ver)		((ver) >= 10400)
++#endif
++
++#ifndef Context
++#define Context context
++#endif
++
++#ifndef findchan_by_dname
++#define findchan_by_dname findchan
++#endif
++
++#include "gseen.h"
++#include "seenlang.h"
++
++static struct slang_header *coreslangs = NULL;
++static gseenres *results = NULL;
++static seenreq *requests = NULL;
++static ignoredword *ignoredwords = NULL;
++static char *bnsnick = NULL;
++static char *bnschan = NULL;
++static char *seen_reply = NULL;
++static char *temp_wildmatch_host;
++static int numresults = 0;
++static double glob_presearch, glob_aftersearch;
++int numseens, glob_total_queries;
++double glob_total_searchtime;
++
++static char gseenfile[121] = "gseen.dat";
++static char no_pub[121];
++static char quiet_seen[121];
++static char quiet_ai_seen[121];
++static char no_log[121];
++static char ignore_words[1024];
++static char default_slang[21] = "eng";
++static int gseen_numversion = MODULE_NUMVERSION;
++static int save_seens = 60;
++static int save_seens_temp = 1;
++static int expire_seens = 60;
++static int maxseen_thr = 0;
++static int maxseen_time = 0;
++static int seenflood_thr = 0;
++static time_t seenflood_time = 0;
++static int use_handles = 0;
++static int tell_seens = 1;
++static int botnet_seen = 1;
++int fuzzy_search = 1;          // search for the same user under a differnt nick
++static int wildcard_search = 1;// allow wildcard seaching? ("*!*@*.isp.de")
++static int max_matches = 500;  // break if there are more than X matches
++static int hide_secret_chans = 1;	// #chan (+secret) => [secret]
++static int seen_nick_len = 32;
++
++#include "global_vars.c"
++#define SLANG_NOTYPES 1
++#define SLANG_NOFACTS 1
++#define SLANG_NOGETALL 1
++#define SLANG_NOVALIDATE 1
++#include "slang.c"
++#include "slang_gseen_commands.c"
++#include "generic_binary_tree.c"
++#include "seentree.c"
++#include "datahandling.c"
++#include "sensors.c"
++#include "do_seen.c"
++#include "gseencmds.c"
++#include "ai.c"
++#include "misc.c"
++#include "tclcmds.c"
++
++static int gseen_expmem()
++{
++  int size = 0;
++
++  size += seentree_expmem();
++  size += expmem_seenresults();
++  size += expmem_seenreq();
++  size += expmem_ignoredwords();
++  size += slang_expmem(coreslangs);
++  size += slang_glob_expmem();
++  size += slang_chanlang_expmem(chanlangs);
++  if (bnsnick)
++    size += strlen(bnsnick) + 1;
++  if (bnschan)
++    size += strlen(bnschan) + 1;
++  if (seen_reply) {
++    size += strlen(seen_reply) + 1;
++  }
++  return size;
++}
++
++static void free_gseen()
++{
++  seentree_free();
++  slang_free(coreslangs);
++  slang_chanlang_free(chanlangs);
++  if (seen_reply)
++    nfree(seen_reply);
++  return;
++}
++
++/* a report on the module status */
++static void gseen_report(int idx, int details)
++{
++  int size = 0;
++
++  Context;
++  if (details) {
++    size = gseen_expmem();
++    dprintf(idx, "    using %d bytes\n", size);
++  }
++}
++
++static void gseen_minutely ()
++{
++  if (save_seens_temp >= save_seens) {
++    write_seens();
++    save_seens_temp = 1;
++  } else
++    save_seens_temp++;
++}
++
++static void gseen_daily ()
++{
++  Context;
++  purge_seens();
++}
++
++static tcl_strings my_tcl_strings[] =
++{
++  {"gseenfile", gseenfile, 121, 0},
++  {"ai-seen-ignore", ignore_words, 1024, 0},
++  {"no-pub-seens", no_pub, 121, 0},
++  {"quiet-seens", quiet_seen, 121, 0},
++  {"quiet-ai-seens", quiet_ai_seen, 121, 0},
++  {"no-log", no_log, 121, 0},
++  {"no-seendata", no_log, 121, 0},
++  {"default-slang", default_slang, 20, 0},
++  {0, 0, 0, 0}
++};
++
++static tcl_ints my_tcl_ints[] =
++{
++  {"save-seens", &save_seens, 0},
++  {"expire-seens", &expire_seens, 0},
++  {"use-handles", &use_handles, 0},
++  {"tell-seens", &tell_seens, 0},
++  {"botnet-seens", &botnet_seen, 0},
++  {"max-matches", &max_matches, 0},
++  {"fuzzy-search", &fuzzy_search, 0},
++  {"wildcard-search", &wildcard_search, 0},
++  {"hide-secret-chans", &hide_secret_chans, 0},
++  {"seen-nick-len", &seen_nick_len, 0},
++  {0, 0, 0}
++};
++
++static tcl_coups my_tcl_coups[] =
++{
++  {"max-seens", &maxseen_thr, &maxseen_time},
++  {0, 0, 0},
++};
++
++static char *gseen_close()
++{
++  Context;
++  write_seens();
++  slang_glob_free();
++  free_gseen();
++  free_seenreq();
++  free_seenresults();
++  free_ignoredwords();
++  if (bnsnick)
++    nfree(bnsnick);
++  if (bnschan)
++    nfree(bnschan);
++  rem_tcl_strings(my_tcl_strings);
++  rem_tcl_ints(my_tcl_ints);
++  rem_tcl_coups(my_tcl_coups);
++  rem_tcl_commands(mytcls);
++  rem_tcl_commands(gseentcls);
++  rem_tcl_commands(seendebugtcls);
++  rem_tcl_commands(gseentcls);
++  rem_builtins(H_dcc, mydcc);
++  rem_builtins(H_join, seen_join);
++  rem_builtins(H_kick, seen_kick);
++  rem_builtins(H_nick, seen_nick);
++  rem_builtins(H_part, seen_part);
++  rem_builtins(H_sign, seen_sign);
++  rem_builtins(H_splt, seen_splt);
++  rem_builtins(H_rejn, seen_rejn);
++  rem_builtins(H_pub, seen_pub);
++  rem_builtins(H_msg, seen_msg);
++  rem_builtins(H_bot, seen_bot);
++  del_hook(HOOK_MINUTELY, (Function) gseen_minutely);
++  del_hook(HOOK_DAILY, (Function) gseen_daily);
++  module_undepend(MODULE_NAME);
++  return NULL;
++}
++
++char *gseen_start();
++
++static Function gseen_table[] =
++{
++  (Function) gseen_start,
++  (Function) gseen_close,
++  (Function) gseen_expmem,
++  (Function) gseen_report,
++  /* 4 - 7 */
++  (Function) findseens,
++  (Function) free_seenresults,
++  (Function) gseen_duration,
++  (Function) & glob_seendat,
++  (Function) & numresults,
++  (Function) & fuzzy_search,
++  (Function) & numseens,
++  (Function) & glob_total_queries,
++  (Function) & glob_total_searchtime,
++  (Function) & gseen_numversion,
++};
++
++char *gseen_start(Function * global_funcs)
++{
++  global = global_funcs;
++  Context;
++  module_register(MODULE_NAME, gseen_table, 1, 1);
++  if (!(irc_funcs = module_depend(MODULE_NAME, "irc", 1, 0)))
++    return "You need the irc module to use the gseen module.";
++  if (!(server_funcs = module_depend(MODULE_NAME, "server", 1, 0)))
++    return "You need the server module to use the gseen module.";
++  if (!(channels_funcs = module_depend(MODULE_NAME, "channels", 1, 0)))
++    return "You need the channels module to use the gseen module.";
++  if (!module_depend(MODULE_NAME, "eggdrop", 107, 0)) {
++    if (!module_depend(MODULE_NAME, "eggdrop", 106, 0)) {
++      if (!module_depend(MODULE_NAME, "eggdrop", 105, 0)) {
++        if (!module_depend(MODULE_NAME, "eggdrop", 104, 0)) {
++          module_undepend(MODULE_NAME);
++          return "This module requires eggdrop1.4.0 or later";
++        }
++      }
++    }
++  }
++  chanlangs = NULL;
++  coreslangs = NULL;
++  slang_glob_init();
++
++  results = NULL;
++  requests = NULL;
++  ignoredwords = NULL;
++  bnsnick = NULL;
++  bnschan = NULL;
++  seen_reply = NULL;
++
++  numresults = 0;
++  numseens = 0;
++  glob_total_queries = 0;
++  glob_total_searchtime = 0.0;
++  ignore_words[0] = 0;
++  no_pub[0] = 0;
++  quiet_seen[0] = 0;
++  no_log[0] = 0;
++  seentree_init();
++  add_tcl_strings(my_tcl_strings);
++  add_tcl_ints(my_tcl_ints);
++  add_tcl_coups(my_tcl_coups);
++  add_tcl_commands(mytcls);
++  add_tcl_commands(seendebugtcls);
++  add_tcl_commands(gseentcls);
++  add_builtins(H_dcc, mydcc);
++  add_builtins(H_join, seen_join);
++  add_builtins(H_kick, seen_kick);
++  add_builtins(H_nick, seen_nick);
++  add_builtins(H_part, seen_part);
++  add_builtins(H_sign, seen_sign);
++  add_builtins(H_sign, seen_sign);
++  add_builtins(H_splt, seen_splt);
++  add_builtins(H_rejn, seen_rejn);
++  add_builtins(H_pub, seen_pub);
++  add_builtins(H_msg, seen_msg);
++  add_builtins(H_bot, seen_bot);
++  read_seens();
++  add_hook(HOOK_MINUTELY, (Function) gseen_minutely);
++  add_hook(HOOK_DAILY, (Function) gseen_daily);
++#if EGG_IS_MIN_VER(10503)
++  initudef(1, "noseendata", 1);
++  initudef(1, "quietseens", 1);
++  initudef(1, "quietaiseens", 1);
++  initudef(1, "nopubseens", 1);
++#endif
++  glob_slang_cmd_list = slang_commands_list_add(glob_slang_cmd_list, slang_text_gseen_command_table);
++  putlog(LOG_MISC, "*", "gseen.mod v%s loaded.", MODULE_VERSION);
++  return NULL;
++}
+diff -Nur src/mod/gseen.mod/gseen.conf src/mod/gseen.mod/gseen.conf
+--- src/mod/gseen.mod/gseen.conf	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/gseen.conf	2002-10-26 13:17:54.000000000 +0200
+@@ -0,0 +1,147 @@
++
++######
++#####
++###   General Settings
++#####
++######
++
++# the file where the seen data will be backuped.
++# WARNING: set this _before_ the module is loaded.
++set gseenfile "gseen.dat"
++
++# now load the module
++loadmodule gseen
++
++# load the English language file
++loadseenslang "en" "English" language/gseen.en.lang
++
++# load the German language file
++loadseenslang "de" "Deutsch" language/gseen.de.lang
++
++# set the default language to english...
++set default-slang "en"
++
++# ... but let #xwp use the german langfile
++setchanseenlang #xwp "de"
++
++# the char that marks public commands (!seen, etc...)
++# "" is a valid option
++set cmdchar "!"
++
++# delete data sets that are older than x days
++set expire-seens 60
++
++# only answer x seen requests in y seconds to prevent flooding
++set max-seens 7:60
++
++# tell users if someone was !seen'ing for them
++set tell-seens 1
++
++# check if the user was online under a different nick
++set fuzzy-search 1
++
++# allow user to include wildcards in the search?
++set wildcard-search 1
++
++# break search if there are more than x matches
++set max-matches 250
++
++# forward a request to other bots, if a !seen returned no result?
++set botnet-seens 1
++
++# store channels, which are +secret on the bot as [secret]?
++set hide-secret-chans 1
++
++# backup the seen data every x minutes
++set save-seens 60
++
++######
++#####
++###   AI Settings
++#####
++######
++
++# this setting configures on which sentences your bot should
++# attempt to do an ai-seen. Each of them is a simple wildcard
++# mask. Set this to "" if you want to deactivate ai-seens or
++# create more precise masks if the bots reacts too often.
++set ai-seen-binds {
++  "${nick}*seen*"
++  "${botnet-nick}*seen*"
++  "${nick}*gesehen*"
++  "${botnet-nick}*gesehen*"
++}
++
++# this is just the same as above, but if triggered it will
++# not do an ai-seen, but display its seen-stats.
++set ai-seenstats-binds {
++  "${nick}*seenstats*"
++  "${botnet-nick}*seenstats*"
++}
++
++# when doing an AI seen, ignore the following words (otherwise
++# the bot might give weird answers like "<bot> nick, bot was last seen..." :)
++set ai-seen-ignore "$nick ${botnet-nick} seen"
++
++######
++#####
++###   special stuff (can be ignored in most cases)
++#####
++######
++
++# if the user is known by the bot, log their handle instead of the nick
++# (not recommended, might cause confusion by the users)
++set use-handles 0
++
++######
++#####
++###   outdated settings (only important for eggdropv1.4 users)
++#####
++######
++
++# channels where you do not want your bot to reply to public queries
++set no-pub-seens ""
++
++# channels where you want your bot to send replies via notice to the user and
++# not to the channel
++set quiet-seens ""
++
++# same as quiet-seens but for AI seen
++set quiet-ai-seens ""
++
++# channels where you do not want your bot to log seen data
++set no-seendata ""
++
++
++###############################################################################
++# end of configuration
++# just ignore everything below ^_^
++###############################################################################
++
++bind chjn - * *chjn:gseen
++bind chpt - * *chpt:gseen
++
++catch "unbind pub - !seen *pub:!seen"
++catch "unbind pub - !seennick *pub:!seennick"
++catch "unbind pub - !seenstats *pub:!seenstats"
++bind pub - ${cmdchar}seen *pub:!seen
++bind pub - ${cmdchar}seennick *pub:!seennick
++bind pub - ${cmdchar}seenstats *pub:!seenstats
++
++foreach bnd [binds pubm] {
++  if {([lindex $bnd 2] == "*pubm:seen") || ([lindex $bnd 2] == "*pub:!seenstats")} {
++    unbind [lindex $bnd 0] [lindex $bnd 1] [lindex $bnd 2] [lindex $bnd 4]
++  }
++}
++
++if {${ai-seen-binds} != ""} {
++  foreach mask ${ai-seen-binds} {
++    bind pubm -|- "% [subst $mask]" *pubm:seen
++  }
++}
++
++if {${ai-seenstats-binds} != ""} {
++  foreach mask ${ai-seenstats-binds} {
++    bind pubm -|- "% [subst $mask]" *pub:!seenstats
++  }
++}
+diff -Nur src/mod/gseen.mod/language/gseen.de.lang src/mod/gseen.mod/language/gseen.de.lang
+--- src/mod/gseen.mod/language/gseen.de.lang	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/language/gseen.de.lang	2002-10-26 13:18:12.000000000 +0200
+@@ -0,0 +1,131 @@
++#####################################################################
++#
++# Deutsche Sprachdatei für GSeen.Mod v1.1.0
++#
++# Der Text in dieser Datei kann nach belieben verändert werden. Du
++# kannst Tags hinzufügen oder entfernen, wie es Dir gefällt. Die Tags
++# müssen nicht in einer bestimmten Reihenfolge oder Anzahl vorkommen.
++#
++# Wenn Du mehr als eine Zeile pro ID angibst, dann wird bei der
++# Antwort per Zufall eine daraus ausgewählt. (das funktioniert nicht
++# bei den Zeiteinheiten)
++#
++# Falls Du denkst, daß hier noch ein paar wichtige Tags fehlen, dann
++# schick mir einfach eine email. Vielleicht füge ich sie dann in der
++# nächsten Version hinzu.
++#
++# Eine komplette Liste der Verfügbaren Tags befindet sich am Ende von
++# slang_gseen_commands.c (leider ohne Erklährungen)
++#
++#####################################################################
++
++#
++## Zeiteinheiten
++#
++# jeweils in Singular und Plural
++#
++D 0 Jahr
++D 1 Jahre
++D 2 Woche
++D 3 Wochen
++D 4 Tag
++D 5 Tage
++D 6 Stunde
++D 7 Stunden
++D 8 Minute
++D 9 Minuten
++D 10 Sekunde
++D 11 Sekunden
++# falls ein üngültiger Zeitwert angegeben war, dann wird dieser Text ausgegeben:
++D 12 einiger Zeit
++
++
++#
++## Präfixe
++#
++# Dieses Fragment wird jeweils vor eine Antwort gesetzt. Dadurch
++# ist beispielsweise bei öffentlichen Anfragen ersichtlich, für
++# wen die Antwort ist.
++# Achtung: Die Nummer muss auf jeden Fall definiert werden. Sie muss
++#	   zwar keinen Text beinhalten, aber wenn sie nicht vorhanden
++#	   ist, dann gibt es eine Fehlermeldung
++
++# für Antworten, die in den Channel geschrieben werden:
++10 <?nick/?>, 
++# für Antworten, die per NOTICE an den User geschickt werden:
++11
++# für Antworten auf Anfragen, die per "/msg <bot> seen" erfolgt sind:
++12
++# und für Antworten auf der Partyline:
++13
++
++#
++## Fehlermeldungen
++#
++54 weißt Du was ein Parameter ist? ^_^
++54 ich würde Dir ja gerne helfen, aber solange Du nicht sagst, nach wem Du suchst, kann ich nicht viel tun.
++54 meinst Du nicht, es wäre geschickter zu sagen, nach wem Du überhaupt suchst?
++54 42.
++55 sehe ich etwa wie ein Spiegel aus? ^_^
++55 Spieglein, Spieglein an der Wand...
++55 leidest Du etwa unter multiplen Persönlichkeiten? *eg*
++56 also wenn Du <?query/?> jetzt hier nicht sehen kannst, dann brauchst Du sicherlich eine neue Brille ^_^
++56 ich muss mir unbedingt mal die Tarnkappe von <?query/?> ausleihen. Scheint ja prima zu funktioneren.
++56 schau Dir bitte nochmal ganz genau an, wer grade alles im Channel ist.
++57 Tut mir leid, aber Wildcards ('?', oder '*') sind bei der Suche nicht erlaubt.
++58 Öhm... naja... etwas arg lang, dieser Nick... :)
++
++#
++## Kein Ergebnis
++#
++65 Ich kann mich nicht daran erinnern, <?query/?> gesehen zu haben...
++65 <?query/?>? Hmm... ich bin mir nicht sicher... vielleicht... eventuell... nein, kenne ich nicht.
++65 der Name sagt mir nichts. Hast Du Dich vielleicht vertippt?
++66 Ich hab' <?query/?> seit <?laston/?> nicht mehr gesehen.
++67 Sorry, aber zu deiner Anfrage passt nichts in meiner Datenbank :(
++68 Autschi, das gab viel zu viele Ergebnisse. Bitte formuliere deine Suche etwas genauer.
++
++73 <?query/?> ist grade unter dem Nick "<?othernick/?>" in diesem Channel zu finden.
++74 <?query/?> ist gerade in <?otherchan/?>.
++75 Deine Anfrage führte zu genau einem Ergebnis:
++76 Immerhin <?numresults/?> Treffer ergab deine Anfrage:
++77 Wow, auf deine Anfrage passen sogar <?numresults/?> Einträge in meiner Datenbank! Dies sind die 5 aktuellsten:
++
++#
++## falls ein anderer Bot etwas gefunden hat:
++#
++85 <?remotebot/?> sagt: 
++
++#
++## die eigentliche Information
++#
++101 Ich habe <?snick/?> (<?shost/?>) zuletzt <?schan/?> vor <?swhen/?> betreten sehen (<?stime/?>). <?snick/?> ist noch immer da.
++121 Ich habe <?snick/?> (<?shost/?>) zuletzt <?schan/?> vor <?swhen/?> betreten sehen (<?stime/?>), aber <?snick/?> verschwand mysteriöserweise.
++102 Ich habe <?snick/?> (<?shost/?>) zuletzt <?schan/?> vor <?swhen/?> nach <?spent/?> verchatteter Zeit verlassen sehen (<?stime/?>)
++103 Ich habe <?snick/?> (<?shost/?>) zuletzt in <?schan/?> gesehen, als er/sie vor <?swhen/?> (<?stime/?>) nach <?spent/?> das IRC verließ ("<?smsg/?>").
++104 Zuletzt habe ich <?snick/?> (<?shost/?>) vor <?swhen/?> in <?schan/?> gesehen, den Nick zu <?snick2/?> wechselnd. <?snick2/?> ist noch immer dort.
++124 <?snick/?> (<?shost/?>) was last seen changing his/her nick to <?snick2/?> on <?schan/?> <?swhen/?> ago (<?stime/?>), but <?snick2/?> mysteriously dematerialized.
++105 Zuletzt habe ich <?snick/?> (<?shost/?>) vor <?swhen/?> in <?schan/?> gesehen, den Nick von <?snick2/?> wechselnd. <?snick/?> ist noch immer dort.
++125 <?snick/?> (<?shost/?>) was last seen changing his/her nick from <?snick2/?> on <?schan/?> <?swhen/?> ago (<?stime/?>), but <?snick/?> mysteriously dematerialized.
++106 Zuletzt habe ich <?snick/?> (<?shost/?>) gesehen, als er vor <?swhen/?> (<?stime/?>) von <?punisher/?> aus <?schan/?> gejagt wurde. (<?kickreason/?>)
++107 <?snick/?> (<?shost/?>) habe ich zuletzt vor <?swhen/?> gesehen, als er/sie von <?schan/?> aus in einem Netsplit verschwand.
++108 <?snick/?> (<?shost/?>) habe ich zuletzt vor <?swhen/?> gesehen, als er/sie nach einem Netsplit in <?schan/?> zurück kam. <?snick/?> ist noch immer dort.
++128 <?snick/?> (<?shost/?>) habe ich zuletzt vor <?swhen/?> gesehen, als er/sie nach einem Netsplit in <?schan/?> zurück kam. Allerdings konnte <?snick/?> dem Gott der Netsplits nicht endgültig entkommen und ist wieder verschollen...
++109 <?snick/?> was last seen joining the botnet channel <?schan/?> on <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++129 <?snick/?> was last seen joining the partyline on <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++110 <?snick/?> was last seen leaving the botnet channel <?schan/?> from <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++130 <?snick/?> was last seen leaving the partyline from <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++140 <?snick/?> (<?shost/?>) was last seen on <?schan/?> <?swhen/?> ago (<?stime/?>).
++
++#
++## Seen-Mitteilungen
++#
++170 <?rnick/?> (<?rhost/?>) scheint vor <?rwhen/?> (<?rtime/?>) in <?rchan/?> auf der Suche nach Dir gewesen zu sein.
++171 <?requests/?> Leute haben sich nach Dir erkundigt:
++172 Der/die letzte war <?rnick/?> (<?rhost/?>) in <?rchan/?> vor <?rwhen/?> (<?rtime/?>).
++
++#
++## Statistiken
++#
++180 Momentan sind <?totalnicks/?> Nicks in meiner Datenbank. Gesamter Speicherverbrauch: <?totalbytes/?> Bytes
++180 In meiner Datenbank befinden sich <?totalnicks/?> Nicks und verbrauchen <?totalbytes/?> Bytes Speicher.
+diff -Nur src/mod/gseen.mod/language/gseen.en.lang src/mod/gseen.mod/language/gseen.en.lang
+--- src/mod/gseen.mod/language/gseen.en.lang	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/language/gseen.en.lang	2002-10-26 13:18:13.000000000 +0200
+@@ -0,0 +1,131 @@
++#####################################################################
++#
++# Default English langfile for GSeen.Mod v1.1.0
++#
++# Just edit the text below to fit your needs. You can add or remove
++# any tag just like you want, they do not need to appear in a special
++# order (or number).
++#
++# If you enter more than one line per ID, then a random one will be
++# chosen for each reply. (this does not work for the time strings)
++#
++# If you think you need more tags, just email me and maybe I'll add
++# them in the next release.
++#
++# A complete list of available Tags can be found at the end of the
++# file slang_gseen_commands.c (unfortunately, it does not contain any
++# descriptions for the tags)
++#
++#####################################################################
++
++#
++## time string
++#
++# each time string in singular and plural
++#
++D 0 year
++D 1 years
++D 2 week
++D 3 weeks
++D 4 day
++D 5 days
++D 6 hour
++D 7 hours
++D 8 minute
++D 9 minutes
++D 10 second
++D 11 seconds
++# if an invalid time value was supplied, output the following string
++D 12 some time
++
++#
++## Prefixes
++#
++# These are the prefixes of the replies. By default, there's only
++# a prefix for public requests (so you know for whom the answer is),
++# but you can also define prefixes for other requests.
++
++# for replies in the channel:
++10 <?nick/?>, 
++# for replies via notice:
++11
++# for replies via PRIVMSG
++12
++# for replies on the partyline
++13
++
++#
++## error messages
++#
++54 do you know what a parameter is?
++54 don't you think it would be more reasonable to say for whom you are searching?
++54 42.
++55 do I look like a mirror? ^_^
++55 mirror mirror on the wall...
++55 do you have a split personality? *eg*
++56 if you can't see <?query/?> here right now, you probably need new glasses. ^_^
++56 please look a bit closer at the memberlist of this channel.
++57 I'm sorry, but wildcards ('?' or '*') are not allowed in a search.
++58 Hum... don't you think this nick is a bit long? ^_^
++58 you know that the length of nicks is limited, don't you?
++
++#
++## no result
++#
++65 I don't remember seeing <?query/?>.
++65 <?query/?>? hmm... I'm trying to remember... maybe... I'm not sure... no. I don't remember <?query/?>.
++66 I haven't seen <?query/?> for <?laston/?>.
++67 I found no matches to your query.
++67 I'm sorry, but your search didn't return any results.
++68 Ouch, your search returned way too many matches. Please refine it.
++
++#
++## victim is online
++#
++73 <?query/?> is <?othernick/?>, who is on this channel right now.
++74 <?query/?> is on <?otherchan/?> right now.
++
++#
++## results found
++#
++75 I found one match to your query:
++76 I found <?numresults/?> matches to your query:
++77 I found <?numresults/?> matches to your query. These are the 5 most recent ones:
++
++#
++## results found by another bot in the botnet
++#
++85 <?remotebot/?> says: 
++
++#
++## the core info
++#
++101 <?snick/?> (<?shost/?>) was last seen joining <?schan/?> <?swhen/?> ago (<?stime/?>). <?snick/?> is still there.
++121 <?snick/?> (<?shost/?>) was last seen joining <?schan/?> <?swhen/?> ago (<?stime/?>), but <?snick/?> mysteriously dematerialized.
++102 <?snick/?> (<?shost/?>) was last seen parting <?schan/?> <?swhen/?> ago (<?stime/?>), after spending <?spent/?> there.
++103 <?snick/?> (<?shost/?>) was last seen quitting <?schan/?> <?swhen/?> ago (<?stime/?>) stating "<?smsg/?>" after spending <?spent/?> there.
++104 <?snick/?> (<?shost/?>) was last seen changing his/her nick to <?snick2/?> on <?schan/?> <?swhen/?> ago (<?stime/?>). <?snick2/?> is still there.
++124 <?snick/?> (<?shost/?>) was last seen changing his/her nick to <?snick2/?> on <?schan/?> <?swhen/?> ago (<?stime/?>), but <?snick2/?> mysteriously dematerialized.
++105 <?snick/?> (<?shost/?>) was last seen changing his/her nick from <?snick2/?> on <?schan/?> <?swhen/?> ago (<?stime/?>). <?snick/?> is still there.
++125 <?snick/?> (<?shost/?>) was last seen changing his/her nick from <?snick2/?> on <?schan/?> <?swhen/?> ago (<?stime/?>), but <?snick/?> mysteriously dematerialized.
++106 <?snick/?> (<?shost/?>) was last seen being kicked from <?schan/?> by <?punisher/?> (<?kickreason/?>) <?swhen/?> ago (<?stime/?>), after spending <?spent/?> there.
++107 <?snick/?> (<?shost/?>) was last seen splitting from <?schan/?> <?swhen/?> ago (<?stime/?>), after spending <?spent/?> there.
++108 <?snick/?> (<?shost/?>) was last seen rejoining <?schan/?> from a netsplit <?swhen/?> ago (<?stime/?>) <?snick/?> is still there.
++128 <?snick/?> (<?shost/?>) was last seen rejoining <?schan/?> from a netsplit <?swhen/?> ago (<?stime/?>), but the god of netsplits didn't let him escape, so he's not here now.
++109 <?snick/?> was last seen joining the botnet channel <?schan/?> on <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++129 <?snick/?> was last seen joining the partyline on <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++110 <?snick/?> was last seen leaving the botnet channel <?schan/?> from <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++130 <?snick/?> was last seen leaving the partyline from <?bnbot/?> <?swhen/?> ago (<?stime/?>).
++140 <?snick/?> (<?shost/?>) was last seen on <?schan/?> <?swhen/?> ago (<?stime/?>).
++
++#
++## seen notification
++#
++170 <?rnick/?> (<?rhost/?>) was looking for you on <?rchan/?> <?rwhen/?> ago (<?rtime/?>).
++171 There have been <?requests/?> users looking for you:
++172 The last one was <?rnick/?> (<?rhost/?>) on <?rchan/?> <?rwhen/?> ago (<?rtime/?>).
++
++#
++## seen stats
++#
++180 I'm currently tracking <?totalnicks/?> nicks using <?totalbytes/?> bytes.
+diff -Nur src/mod/gseen.mod/gseen.h src/mod/gseen.mod/gseen.h
+--- src/mod/gseen.mod/gseen.h	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/gseen.h	2002-10-26 13:17:55.000000000 +0200
+@@ -0,0 +1,157 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++/* #define USE_MEMDEBUG 1 */
++
++#define SEEN_JOIN 1
++#define SEEN_PART 2
++#define SEEN_SIGN 3
++#define SEEN_NICK 4
++#define SEEN_NCKF 5
++#define SEEN_KICK 6
++#define SEEN_SPLT 7
++#define SEEN_REJN 8
++#define SEEN_CHPT 9
++#define SEEN_CHJN 10
++
++typedef struct gseen_data {
++  int type;
++  char *nick;
++  char *host;
++  char *chan;
++  char *msg;
++  time_t when;
++  int spent;
++} seendat;
++
++typedef struct gseen_result {
++  struct gseen_result *next;
++  seendat *seen;
++} gseenres;
++
++typedef struct gseen_requests {
++  struct gseen_requests *next;
++  char *who;
++  char *host;
++  char *chan;
++  time_t when;
++} seenreq_by;
++
++typedef struct gseen_request {
++  struct gseen_request *next;
++  char *nick;
++  struct gseen_requests *by;
++} seenreq;
++
++typedef struct gseen_ignorewords {
++  struct gseen_ignorewords *next;
++  char *word;
++} ignoredword;
++
++#ifdef MAKING_GSEEN
++static int gseen_expmem();
++static void free_gseen();
++static int get_spent(char *, char *);
++static void write_seens();
++static void read_seens();
++static char *do_seen(char *, char *, char *, char *, int);
++static void add_seenresult(seendat *);
++static int expmem_seenresults();
++static void free_seenresults();
++static void sortresults();
++static char *do_seennick(seendat *);
++static int onchan(char *, char *);
++static char *handonchan(char *, char *);
++static struct chanset_t *onanychan(char *);
++static struct chanset_t *handonanychan(char *);
++static char *do_seenstats();
++static void add_seenreq(char *, char *, char *, char *, time_t);
++static int expmem_seenreq();
++static void free_seenreq();
++static void sortrequests(seenreq *);
++static void report_seenreq(char *, char *);
++static int count_seenreq(seenreq_by *b);
++static int expmem_ignoredwords();
++static void free_ignoredwords();
++static void add_ignoredword(char *word);
++static int word_is_ignored(char *word);
++static void purge_seens();
++static int seenflood();
++static int secretchan(char *);
++static int nopub(char *);
++static int quietseen(char *);
++static int quietaiseens(char *);
++static int nolog(char *);
++static void start_seentime_calc();
++static void end_seentime_calc();
++#endif
++
++
++#ifdef MAKING_GSEEN
++
++// tree stuff
++static void maskstricthost(const char *, char *);
++#endif
++
++// interface for webseen
++#define WS_OK 0
++#define WS_NORESULT 1
++#define WS_NOPARAM 2
++#define WS_NOWILDCARDS 3
++#define WS_TOOLONGNICK 4
++#define WS_TOOMANYMATCHES 5
++#define WS_TOOLONGHOST 6
++
++#ifndef MAKING_GSEEN
++#define findseens ((gseenres *(*)(char *, int *, int))gseen_funcs[4])
++#define free_seenresults ((void (*)())gseen_funcs[5])
++#define gseen_duration ((char *(*)(int))gseen_funcs[6])
++#define numresults (*(int *)(gseen_funcs[12]))
++#define fuzzy_search (*(int *)(gseen_funcs[13]))
++#define numseens (*(int *)(gseen_funcs[15]))
++#define glob_total_queries (*(int *)(gseen_funcs[16]))
++#define glob_total_searchtime (*(double *)(gseen_funcs[17]))
++#define gseen_numversion (*(int *)(gseen_funcs[19]))
++#else
++static gseenres *findseens(char *, int *, int);
++static char *gseen_duration(int);
++#endif
++
++#ifdef MAKING_GSEEN
++
++#ifdef malloc
++#undef malloc
++#endif
++#ifdef free
++#undef free
++#endif
++#ifdef realloc
++#undef realloc
++#endif
++
++#ifdef USE_MEMDEBUG
++#define my_malloc nmalloc
++#define my_free nfree
++#define my_realloc nrealloc
++#else
++#define my_malloc malloc
++#define my_free free
++#define my_realloc realloc
++#endif
++
++#endif
+diff -Nur src/mod/gseen.mod/gseencmds.c src/mod/gseen.mod/gseencmds.c
+--- src/mod/gseen.mod/gseencmds.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/gseencmds.c	2002-10-26 13:17:56.000000000 +0200
+@@ -0,0 +1,420 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++#define PREFIX_LENGTH 20
++
++static char reply_prefix[PREFIX_LENGTH + 1];
++#define set_prefix(x) strncpy(reply_prefix, x, PREFIX_LENGTH); \
++	reply_prefix[PREFIX_LENGTH] = 0;
++
++static int seenflood()
++{
++  if (!maxseen_thr || !maxseen_time)
++    return 0;
++  if ((now - seenflood_time) > maxseen_time) {
++    seenflood_time = now;
++    seenflood_thr = 0;
++  }
++  seenflood_thr++;
++  if (seenflood_thr > maxseen_thr)
++    return 1;
++  else
++    return 0;
++}
++
++static int nopub(char *chan)
++{
++  char buf[121], *b;
++
++  Context;
++  strncpy(buf, no_pub, 120);
++  buf[120] = 0;
++  b = buf;
++  while (b[0])
++    if (!strcasecmp(chan, newsplit(&b)))
++      return 1;
++#if EGG_IS_MIN_VER(10503)
++  if (ngetudef("nopubseens", chan))
++    return 1;
++#endif
++  return 0;
++}
++
++static int quietseen(char *chan)
++{
++  char buf[121], *b;
++
++  Context;
++  strncpy(buf, quiet_seen, 120);
++  buf[120] = 0;
++  b = buf;
++  while (b[0])
++    if (!strcasecmp(chan, newsplit(&b)))
++      return 1;
++#if EGG_IS_MIN_VER(10503)
++  if (ngetudef("quietseens", chan))
++    return 1;
++#endif
++  return 0;
++}
++
++static int cmd_seen(struct userrec *u, int idx, char *par)
++{
++  char *query;
++  
++  Context;
++  if (seenflood())
++    return 0;
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, default_slang);
++  glob_nick = dcc[idx].nick;
++  query = newsplit(&par);
++  glob_query = query;
++  set_prefix(SLDCCPREFIX);
++  putlog(LOG_CMDS, "*", "#%s# seen %s", dcc[idx].nick, par);
++  dprintf(idx, "%s%s\n", reply_prefix, do_seen(query, dcc[idx].nick,
++  	  dcc[idx].host, "[partyline]", botnet_seen));
++  return 0;
++}
++
++static int cmd_seenstats(struct userrec *u, int idx, char *par)
++{
++  Context;
++  if (seenflood())
++    return 0;
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, default_slang);
++  glob_nick = dcc[idx].nick;
++  set_prefix(SLDCCPREFIX);
++  putlog(LOG_CMDS, "*", "#%s# seenstats", dcc[idx].nick);
++  dprintf(idx, "%s%s\n", reply_prefix, do_seenstats());
++  return 0;
++}
++
++static int cmd_purgeseens(struct userrec *u, int idx, char *par)
++{
++  Context;
++  purge_seens();
++  putlog(LOG_CMDS, "*", "#%s# purgeseens", dcc[idx].nick);
++  return 0;
++}
++
++static int pub_seen(char *nick, char *host, char *hand,
++        char *channel, char *text)
++{
++  char *dest;
++#if EGG_IS_MIN_VER(10500)
++  struct chanset_t *chan;
++#endif
++
++  Context;
++  if (seenflood() || nopub(channel))
++    return 0;
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, slang_chanlang_get(chanlangs, channel));
++  glob_nick = nick;
++  putlog(LOG_CMDS, "*", "<<%s>> !%s! seen %s", nick, hand, text);
++  if (quietseen(channel)) {
++    set_prefix(SLNOTPREFIX);
++    dprintf(DP_HELP, "NOTICE %s :%s%s\n", nick, reply_prefix,
++           do_seen(newsplit(&text), nick, host, channel, botnet_seen));
++    return 0;
++  }
++#if EGG_IS_MIN_VER(10500)
++  chan = findchan_by_dname(channel);
++  if (chan)
++    dest = chan->name;
++  else
++    dest = channel;
++#else
++  dest = channel;
++#endif
++  set_prefix(SLPUBPREFIX);
++  dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", dest, reply_prefix,
++  	  do_seen(newsplit(&text), nick, host, channel, botnet_seen));
++  return 0;
++}
++
++static int pub_seenstats(char *nick, char *host, char *hand,
++        char *channel, char *text)
++{
++  char *dest;
++#if EGG_IS_MIN_VER(10500)
++  struct chanset_t *chan;
++#endif
++
++  Context;
++  if (seenflood())
++    return 0;
++  if (nopub(channel))
++    return 0;
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, slang_chanlang_get(chanlangs, channel));
++  glob_nick = nick;
++  putlog(LOG_CMDS, "*", "<<%s>> !%s! seenstats", nick, hand);
++  if (quietseen(channel)) {
++    set_prefix(SLNOTPREFIX);
++    dprintf(DP_HELP, "NOTICE %s :%s%s\n", nick, reply_prefix, do_seenstats());
++    return 0;
++  }
++#if EGG_IS_MIN_VER(10500)
++  chan = findchan_by_dname(channel);
++  if (chan)
++    dest = chan->name;
++  else
++    dest = channel;
++#else
++  dest = channel;
++#endif
++  set_prefix(SLPUBPREFIX);
++  dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", dest, reply_prefix, do_seenstats());
++  return 1;
++}
++
++static int msg_seen(char *nick, char *uhost, struct userrec *u, char *text)
++{
++  Context;
++  if (seenflood())
++    return 0;
++  reset_global_vars();
++  glob_slang = slang_getbynick(coreslangs, nick);
++  glob_nick = nick;
++  putlog(LOG_CMDS, "*", "(%s!%s) !%s! seen %s", nick, uhost, u ? u->handle : "*", text);
++  set_prefix(SLMSGPREFIX);
++  dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", nick, reply_prefix,
++  	  do_seen(newsplit(&text), nick, uhost, "[/msg]", botnet_seen));
++  return 1;
++}
++
++static int pub_seennick(char *nick, char *host, char *hand,
++        char *channel, char *text)
++{
++  seendat *l;
++  char *dest;
++#if EGG_IS_MIN_VER(10500)
++  struct chanset_t *chan;
++#endif
++
++  Context;
++  if (seenflood())
++    return 0;
++  if (nopub(channel))
++    return 0;
++  putlog(LOG_CMDS, "*", "<<%s>> !%s! seennick %s", nick, hand, text);
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, slang_chanlang_get(chanlangs, channel));
++  glob_nick = nick;
++#if EGG_IS_MIN_VER(10500)
++  chan = findchan_by_dname(channel);
++  if (chan)
++    dest = chan->name;
++  else
++    dest = channel;
++#else
++  dest = channel;
++#endif
++  text = newsplit(&text);
++  l = findseen(text);
++  if (!l) {
++    glob_query = text;
++    if (quietseen(channel)) {
++      set_prefix(SLNOTPREFIX);
++      dprintf(DP_HELP, "NOTICE %s :%s%s\n", nick, reply_prefix, SLNOTSEEN);
++    } else {
++      set_prefix(SLPUBPREFIX);
++      dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", dest, reply_prefix, SLNOTSEEN);
++    }
++    return 0;
++  }
++  if (quietseen(channel)) {
++    set_prefix(SLNOTPREFIX);
++    dprintf(DP_HELP, "NOTICE %s :%s%s\n", nick, reply_prefix, do_seennick(l));
++  } else {
++    set_prefix(SLPUBPREFIX);
++    dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", dest, reply_prefix, do_seennick(l));
++  }
++  return 0;
++}
++
++static int msg_seennick(char *nick, char *uhost, struct userrec *u, char *text)
++{
++  seendat *l;
++
++  Context;
++  if (seenflood())
++    return 0;
++  putlog(LOG_CMDS, "*", "(%s!%s) !%s! seennick %s", nick, uhost, u ? u->handle : "*", text);
++  reset_global_vars();
++  glob_slang = slang_getbynick(coreslangs, nick);
++  glob_nick = nick;
++  set_prefix(SLMSGPREFIX);
++  text = newsplit(&text);
++  l = findseen(text);
++  if (!l) {
++    glob_query = text;
++    dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", nick, reply_prefix, SLNOTSEEN);
++    return 0;
++  }
++  dprintf(DP_HELP, "PRIVMSG %s :%s%s\n", nick, reply_prefix, do_seennick(l));
++  return 0;
++}
++
++static int cmd_seennick(struct userrec *u, int idx, char *text)
++{
++  seendat *l;
++
++  Context;
++  if (seenflood())
++    return 0;
++  putlog(LOG_CMDS, "*", "#%s# seennick %s", dcc[idx].nick, text);
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, default_slang);
++  glob_nick = dcc[idx].nick;
++  set_prefix(SLMSGPREFIX);
++  text = newsplit(&text);
++  l = findseen(text);
++  if (!l) {
++    glob_query = text;
++    dprintf(idx, "%s%s\n", reply_prefix, SLNOTSEEN);
++    return 0;
++  }
++  dprintf(idx, "%s%s\n", reply_prefix, do_seennick(l));
++  return 0;
++}
++
++static int bot_gseen_req(char *bot, char *code, char *par)
++{
++  char *mask, *nick, *uhost, *chan, *reply;
++  char tosend[256];
++  int i;
++
++  Context;
++  if (seenflood())
++    return 0;
++  i = nextbot(bot);
++  if (i < 0) {
++    debug1("Couldn't answer botnet-seen-request from %s: no such bot", bot);
++    return 0;
++  }
++  mask = newsplit(&par);
++  nick = newsplit(&par);
++  uhost = newsplit(&par);
++  chan = newsplit(&par);
++  reset_global_vars();
++  glob_slang = slang_find(coreslangs, slang_chanlang_get(chanlangs, chan));
++  glob_nick = nick;
++  reply = do_seen(mask, nick, uhost, chan, -1);
++  if (!reply)
++    return 0;
++  if ((strlen(nick) + strlen(chan) + strlen(reply)) < 255) {
++    sprintf(tosend, "gseen_rep %s %s %s", nick, chan, reply);
++    botnet_send_zapf(i, botnetnick, bot, tosend);
++  }
++  return 0;
++}
++
++static int bot_gseen_rep(char *bot, char *code, char *par)
++{
++  char *nick, *chan, *reply;
++  int i;
++
++  Context;
++  if (seenflood())
++    return 0;
++  if (!bnsnick || !bnschan) {
++    if (bnsnick)
++      nfree(bnsnick);
++    if (bnschan)
++      nfree(bnschan);
++    bnsnick = bnschan = NULL;
++    return 0;
++  }
++  nick = newsplit(&par);
++  chan = newsplit(&par);
++  reset_global_vars();
++  glob_remotebot = bot;
++  glob_slang = slang_find(coreslangs, slang_chanlang_get(chanlangs, chan));
++  glob_nick = nick;
++  reply = par;
++  if (strcmp(nick, bnsnick) || strcmp(chan, bnschan))
++    return 0; /* unwanted reply */
++  if (findchan(chan)) {
++    if (nopub(chan)) {
++      nfree(bnsnick);
++      nfree(bnschan);
++      bnsnick = bnschan = NULL;
++      debug1("%s is nopub, bns-reply dropped", chan);
++      return 0;
++    }
++    if (quietseen(chan)) {
++      set_prefix(SLNOTPREFIX);
++      dprintf(DP_HELP, "NOTICE %s :%s%s%s\n", nick, reply_prefix, SLRBOTSAYS, reply);
++    } else {
++      set_prefix(SLPUBPREFIX);
++      dprintf(DP_HELP, "PRIVMSG %s :%s%s%s\n", chan, reply_prefix, SLRBOTSAYS, reply);
++    }
++  } else if (!strcmp(chan, "[/msg]")) {
++    set_prefix(SLMSGPREFIX);
++    dprintf(DP_HELP, "PRIVMSG %s :%s%s%s\n", nick, reply_prefix, SLRBOTSAYS, reply);
++  } else if (!strcmp(chan, "[partyline]")) {
++    for (i = 0; i < dcc_total; i++) {
++      if ((!strcasecmp(nick, dcc[i].nick)) &&
++         (dcc[i].type->flags & DCT_SIMUL)) {
++	set_prefix(SLDCCPREFIX);
++        dprintf(i, "%s%s%s\n", reply_prefix, SLRBOTSAYS, reply);
++        break;
++      }
++    }
++  } else
++    debug1("Couldn't send received bns answer, no such chan %s", chan);
++  nfree(bnsnick);
++  nfree(bnschan);
++  bnsnick = bnschan = NULL;
++  return 0;
++}
++
++static cmd_t mydcc[] =
++{
++  {"seen", "-|-", cmd_seen, NULL},
++  {"seenstats", "-|-", cmd_seenstats, NULL},
++  {"purgeseens", "m", cmd_purgeseens, NULL},
++  {"seennick", "-|-", cmd_seennick, NULL},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_pub[] =
++{
++  {"!seen", "", pub_seen, 0},
++  {"!seenstats", "", pub_seenstats, 0},
++  {"!seennick", "", pub_seennick, 0},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_msg[] =
++{
++  {"seen", "", msg_seen, 0},
++  {"seennick", "", msg_seennick, 0},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_bot[] =
++{
++  {"gseen_req", "", bot_gseen_req, 0},
++  {"gseen_rep", "", bot_gseen_rep, 0},
++  {0, 0, 0, 0}
++};
+diff -Nur src/mod/gseen.mod/misc.c src/mod/gseen.mod/misc.c
+--- src/mod/gseen.mod/misc.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/misc.c	2002-10-26 13:17:57.000000000 +0200
+@@ -0,0 +1,116 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++/* maskstricthost():
++ * basically the same as maskhost() from src/misc.c, but _never_ stripts
++ * "~+-^=" off the host
++ * maskhost() version: * $Id: misc.c,v 1.30 2000/10/27 19:27:32 fabian Exp $
++ */
++static void maskstricthost(const char *s, char *nw)
++{
++  register const char *p, *q, *e, *f;
++  int i;
++
++  *nw++ = '*';
++  *nw++ = '!';
++  p = (q = strchr(s, '!')) ? q + 1 : s;
++  /* Strip of any nick, if a username is found, use last 8 chars */
++  if ((q = strchr(p, '@'))) {
++    int fl = 0;
++
++    if ((q - p) > 9) {
++      nw[0] = '*';
++      p = q - 7;
++      i = 1;
++    } else
++      i = 0;
++    while (*p != '@') {
++      if (!fl && strchr("~+-^=", *p)) {
++//        if (strict_host)
++      nw[i] = '?';
++//    else
++//      i--;
++      } else
++    nw[i] = *p;
++      fl++;
++      p++;
++      i++;
++    }
++    nw[i++] = '@';
++    q++;
++  } else {
++    nw[0] = '*';
++    nw[1] = '@';
++    i = 2;
++    q = s;
++  }
++  nw += i;
++  e = NULL;
++  /* Now q points to the hostname, i point to where to put the mask */
++  if ((!(p = strchr(q, '.')) || !(e = strchr(p + 1, '.'))) && !strchr(q, ':'))
++    /* TLD or 2 part host */
++    strcpy(nw, q);
++  else {
++    if (e == NULL) {        /* IPv6 address?        */
++      const char *mask_str;
++
++      f = strrchr(q, ':');
++      if (strchr(f, '.')) { /* IPv4 wrapped in an IPv6? */
++    f = strrchr(f, '.');
++    mask_str = ".*";
++      } else            /* ... no, true IPv6.       */
++    mask_str = ":*";
++      strncpy(nw, q, f - q);
++      /* No need to nw[f-q] = 0 here, as the strcpy below will
++       * terminate the string for us.
++       */
++      nw += (f - q);
++      strcpy(nw, mask_str);
++    } else {
++      for (f = e; *f; f++);
++      f--;
++      if (*f >= '0' && *f <= '9') { /* Numeric IP address */
++    while (*f != '.')
++      f--;
++    strncpy(nw, q, f - q);
++    /* No need to nw[f-q] = 0 here, as the strcpy below will
++     * terminate the string for us.
++     */
++    nw += (f - q);
++    strcpy(nw, ".*");
++      } else {              /* Normal host >= 3 parts */
++    /*    a.b.c  -> *.b.c
++     *    a.b.c.d ->  *.b.c.d if tld is a country (2 chars)
++     *             OR   *.c.d if tld is com/edu/etc (3 chars)
++     *    a.b.c.d.e -> *.c.d.e   etc
++     */
++    const char *x = strchr(e + 1, '.');
++
++    if (!x)
++      x = p;
++    else if (strchr(x + 1, '.'))
++      x = e;
++    else if (strlen(x) == 3)
++      x = p;
++    else
++      x = e;
++    sprintf(nw, "*%s", x);
++      }
++    }
++  }
++}
+diff -Nur src/mod/gseen.mod/seenlang.h src/mod/gseen.mod/seenlang.h
+--- src/mod/gseen.mod/seenlang.h	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/seenlang.h	2002-10-26 13:17:58.000000000 +0200
+@@ -0,0 +1,61 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++#define SLPUBPREFIX	getslang(10)
++#define SLNOTPREFIX	getslang(11)
++#define SLMSGPREFIX	getslang(12)
++#define SLDCCPREFIX	getslang(13)
++
++#define SLNOPARAM       getslang(54)
++#define SLMIRROR        getslang(55)
++#define SLONCHAN        getslang(56)
++#define SLNOWILDCARDS   getslang(57)
++#define SLTOOLONGNICK   getslang(58)
++
++#define SLNOTSEEN       getslang(65)
++#define SLPOORSEEN      getslang(66)
++#define SLNOMATCH       getslang(67)
++#define SLTOOMANYMATCHES getslang(68)
++
++#define SLHANDONCHAN    getslang(73)
++#define SLONOTHERCHAN   getslang(74)
++#define SLONEMATCH      getslang(75)
++#define SLLITTLEMATCHES getslang(76)
++#define SLMANYMATCHES   getslang(77)
++
++#define SLRBOTSAYS      getslang(85)
++
++#define SLYEAR          getdur(0)
++#define SLYEARS         getdur(1)
++#define SLWEEK          getdur(2)
++#define SLWEEKS         getdur(3)
++#define SLDAY           getdur(4)
++#define SLDAYS          getdur(5)
++#define SLHOUR          getdur(6)
++#define SLHOURS         getdur(7)
++#define SLMINUTE        getdur(8)
++#define SLMINUTES       getdur(9)
++#define SLSECOND        getdur(10)
++#define SLSECONDS       getdur(11)
++#define SLSOMETIME      getdur(12)
++
++#define SLONELOOK       getslang(170)
++#define SLMORELOOKS     getslang(171)
++#define SLLASTLOOK      getslang(172)
++
++#define SLSEENSTATS     getslang(180)
+diff -Nur src/mod/gseen.mod/seentree.c src/mod/gseen.mod/seentree.c
+--- src/mod/gseen.mod/seentree.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/seentree.c	2002-10-26 13:18:10.000000000 +0200
+@@ -0,0 +1,213 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++static struct generic_binary_tree seentree;
++
++static void seentree_init();
++static int seentree_expmem();
++static void seentree_free();
++static int compareseens(void *, void *);
++static int expmemseen(void *);
++static void add_seen(int, char *, char *, char *, char *,
++                     time_t, int);
++static void freeseen(void *);
++static seendat *findseen(char *);
++static void wildmatch_seens(char *, char *, int);
++static void process_wildmatch_seens(void *);
++static void write_seen_tree(void *);
++static void purge_seen_tree(void *);
++static int count_seens();
++static void _count_seens(void *);
++
++
++static void seentree_init()
++{
++  seentree.root = NULL;
++  seentree.comparedata = compareseens;
++  seentree.expmemdata = expmemseen;
++  seentree.freedata = freeseen;
++}
++
++static int seentree_expmem()
++{
++  return btree_expmem(&seentree);
++}
++
++static void seentree_free()
++{
++  btree_freetree(&seentree);
++  seentree.root = NULL;
++}
++
++static int compareseens(void *first, void *second)
++{
++  return rfc_casecmp(((seendat *) first)->nick, ((seendat *) second)->nick);
++}
++
++// add another entry to the tree
++static void add_seen(int type, char *nick, char *host, char *chan, char *msg,
++                     time_t when, int spent)
++{
++  seendat *newseen;
++
++  newseen = nmalloc(sizeof(seendat));
++  newseen->type = type;
++  newseen->nick = nmalloc(strlen(nick) + 1);
++  strcpy(newseen->nick, nick);
++  newseen->host = nmalloc(strlen(host) + 1);
++  strcpy(newseen->host, host);
++  newseen->chan = nmalloc(strlen(chan) + 1);
++  strcpy(newseen->chan, chan);
++  newseen->msg = nmalloc(strlen(msg) + 1);
++  strcpy(newseen->msg, msg);
++  newseen->when = when;
++  newseen->spent = spent;
++  btree_add(&seentree, newseen);
++}
++
++static void freeseen(void *what)
++{
++  seendat *s = (seendat *) what;
++  
++  Assert(s);
++  Assert(s->nick);
++  Assert(s->host);
++  Assert(s->chan);
++  Assert(s->msg);
++
++  nfree(s->nick);
++  nfree(s->host);
++  nfree(s->chan);
++  nfree(s->msg);
++  nfree(s);
++}
++
++static int expmemseen(void *what)
++{
++  int size = 0;
++  seendat *d = (seendat *) what;
++  
++  size += sizeof(seendat);
++  size += strlen(d->nick) + 1;
++  size += strlen(d->host) + 1;
++  size += strlen(d->chan) + 1;
++  size += strlen(d->msg) + 1;
++  return size;
++}
++
++// finds a seen entry in the tree
++seendat findseen_temp;
++static seendat *findseen(char *nick)
++{
++  findseen_temp.nick = nick;
++  return btree_get(&seentree, &findseen_temp);
++}
++
++// function to find all nicks that match a host
++// (calls btree_getall() which calls a target function for each item)
++// host: user's hostmask (used if search query doesn't contain any wildcards)
++// mask: search mask
++// wild: defines if we want to use the mask, or host for the search
++static char *wildmatch_host, *wildmatch_mask;
++int wildmatch_wild;
++static void wildmatch_seens(char *host, char *mask, int wild)
++{
++  wildmatch_host = host;
++  wildmatch_mask = mask;
++  wildmatch_wild = wild;
++  btree_getall(&seentree, process_wildmatch_seens);
++}
++
++/* process_wildmatch_seens():
++ * gets called from the binary tree for each existing item.
++ */
++static void process_wildmatch_seens(void *data)
++{
++  seendat *s = (seendat *) data;
++  
++  if ((numresults > max_matches) && (max_matches > 0)) // Don't return too many
++    return;                                            // matches...
++  if (!wildmatch_wild) {
++    if (wild_match(wildmatch_host, s->host))
++      add_seenresult(s);
++  } else {
++    temp_wildmatch_host = my_realloc(temp_wildmatch_host, strlen(s->nick) + 1 + strlen(s->host) + 1);
++    strcpy(temp_wildmatch_host, s->nick);
++    strcat(temp_wildmatch_host, "!");
++    strcat(temp_wildmatch_host, s->host);
++    if (wild_match(wildmatch_mask, s->nick) || wild_match(wildmatch_mask, temp_wildmatch_host))
++      add_seenresult(s);
++  }
++}
++
++// write seendata in the datafile
++FILE *write_seen_tree_target;
++static void write_seen_tree(void *data)
++{
++  seendat *node = (seendat *) data;
++  
++  /* format: "! nick host chan type when spent msg" */
++  fprintf(write_seen_tree_target, "! %s %s %s %d %lu %d %s\n", node->nick,
++          node->host, node->chan, node->type, node->when, node->spent,
++          node->msg);
++}
++
++// recursive function to remove old data
++// QUESTION: What happens if one of the nodes get moved by killseen()?
++//           Possible bug/crash?
++//           I think it should not be a problem. When killseen() is called the
++//           first time, recursion already reached its end and no pointers
++//           are accessed anymore. But I'm not sure... maybe I'm wrong.
++static void purge_seen_tree(void *data)
++{
++  seendat *node = (seendat *) data;
++  
++  if ((now - node->when) > (expire_seens * 86400)) {
++    debug1("seen data for %s has expired.", node->nick);
++    btree_remove(&seentree, node);
++  }
++}
++
++// counts the number of nicks in the database
++static int count_seens_temp;
++static int count_seens()
++{
++  count_seens_temp = 0;
++  btree_getall(&seentree, _count_seens);
++  return count_seens_temp;
++}
++
++static void _count_seens(void *node)
++{
++  count_seens_temp++;
++}
++
++static int tcl_killseen STDVAR
++{
++  Context;
++  BADARGS(2, 2, " nick");
++  findseen_temp.nick = argv[1];
++  btree_remove(&seentree, &findseen_temp);
++  return TCL_OK;
++}
++
++static tcl_cmds seendebugtcls[] =
++{
++  {"killseen", tcl_killseen},
++  {0, 0}
++};
+diff -Nur src/mod/gseen.mod/sensors.c src/mod/gseen.mod/sensors.c
+--- src/mod/gseen.mod/sensors.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/sensors.c	2002-10-26 13:18:00.000000000 +0200
+@@ -0,0 +1,273 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++static int get_spent(char *nick, char *chan)
++{
++  struct chanset_t *ch = NULL;
++  memberlist *m = NULL;
++
++  int spent;
++  ch = findchan_by_dname(chan);
++  if (ch)
++    m = ismember(ch, nick);
++  if (m && m->joined)
++    spent = now - m->joined;
++  else
++    spent = -1;
++  return spent;
++}
++
++static int secretchan(char *chan)
++{
++  struct chanset_t *ch;
++
++  ch = findchan_by_dname(chan);
++  if (!ch)
++    return 0;
++  if (ch->status & CHAN_SECRET)
++    return 1;
++  return 0;
++}
++
++static int nolog(char *chan)
++{
++  char buf[121], *b;
++
++  Context;
++  strncpy(buf, no_log, 120);
++  buf[120] = 0;
++  b = buf;
++  while (b[0])
++    if (!strcasecmp(chan, newsplit(&b)))
++      return 1;
++#if EGG_IS_MIN_VER(10503)
++  if (ngetudef("noseendata", chan))
++    return 1;
++#endif
++  return 0;
++}
++
++static int gseen_join(char *nick, char *uhost, char *hand, char *chan)
++{
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  if (secretchan(chan))
++    chan = buf;
++  add_seen(SEEN_JOIN, nick, uhost, chan, "", now, get_spent(nick, chan));
++  report_seenreq(chan, nick);
++  if ((hand[0] == '*') && strcasecmp(nick, hand))
++    report_seenreq(chan, hand);
++  return 0;
++}
++
++static int gseen_kick(char *nick, char *uhost, char *hand, char *chan,
++		       char *victim, char *reason)
++{
++  struct chanset_t *ch = NULL;
++  memberlist *m = NULL;
++  char msg[1024], *s;
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  ch = findchan_by_dname(chan);
++  if (!ch) {
++    debug2("Unable to seen %s getting kicked from %s", victim, chan);
++    return 0;
++  }
++  if (secretchan(chan))
++    chan = buf;
++  s = msg;
++  s[0] = 0;
++  m = ismember(ch, victim);
++  if (!m) {
++    debug2("Unable to seen %s getting kicked from %s", victim, chan);
++    return 0;
++  }
++  if ((strlen(nick) + strlen(reason) + 2) < 1024)
++    sprintf(s, "%s %s", nick, reason);
++  add_seen(SEEN_KICK, victim, m->userhost, chan, s, now,
++  	   get_spent(victim, chan));
++  return 0;
++}
++
++static int gseen_nick(char *nick, char *uhost, char *hand, char *chan,
++		       char *newnick)
++{
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  if (secretchan(chan))
++    chan = buf;
++  add_seen(SEEN_NICK, nick, uhost, chan, newnick, now, get_spent(nick, chan));
++  if (!(use_handles && (hand[0] != '*')))
++    add_seen(SEEN_NCKF, newnick, uhost, chan, nick, now, get_spent(nick, chan));
++  report_seenreq(chan, newnick);
++  if ((hand[0] != '*') && strcasecmp(newnick, hand))
++    report_seenreq(chan, hand);
++  return 0;
++}
++
++#if EGG_IS_MIN_VER(10502)
++static int gseen_part(char *nick, char *uhost, char *hand, char *chan,
++		       char *reason)
++{
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  if (secretchan(chan))
++    chan = buf;
++  add_seen(SEEN_PART, nick, uhost, chan, reason, now, get_spent(nick, chan));
++  return 0;
++}
++#else
++static int gseen_part(char *nick, char *uhost, char *hand, char *chan)
++{
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  if (secretchan(chan))
++    chan = buf;
++  add_seen(SEEN_PART, nick, uhost, chan, "", now, get_spent(nick, chan));
++  return 0;
++}
++#endif
++
++static int gseen_sign(char *nick, char *uhost, char *hand, char *chan,
++		       char *reason)
++{
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  if (secretchan(chan))
++    chan = buf;
++  add_seen(SEEN_SIGN, nick, uhost, chan, reason, now, get_spent(nick, chan));
++  return 0;
++}
++
++static int gseen_splt(char *nick, char *uhost, char *hand, char *chan)
++{
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  if (secretchan(chan))
++    chan = buf;
++  add_seen(SEEN_SPLT, nick, uhost, chan, "", now, get_spent(nick, chan));
++  return 0;
++}
++
++static int gseen_rejn(char *nick, char *uhost, char *hand, char *chan)
++{
++  char buf[10] = "[secret]";
++
++  Context;
++  if (nolog(chan))
++    return 0;
++  if (use_handles && (hand[0] != '*'))
++    nick = hand;
++  if (secretchan(chan))
++    chan = buf;
++  add_seen(SEEN_REJN, nick, uhost, chan, "", now, get_spent(nick, chan));
++  return 0;
++}
++
++static int gseen_chjn STDVAR
++{
++  Context;
++  BADARGS(7, 7, " bot hand chan flag idx host");
++  add_seen(SEEN_CHJN, argv[2], argv[6], argv[3], argv[1], now, -1);
++  return 0;
++}
++
++static int gseen_chpt STDVAR
++{
++  Context;
++  BADARGS(5, 5, " bot hand idx chan");
++  add_seen(SEEN_CHPT, argv[2], "unknown", argv[4], argv[1], now, -1);
++  return 0;
++}
++
++static cmd_t seen_kick[] =
++{
++  {"*", "", (Function) gseen_kick, "gseen"},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_nick[] =
++{
++  {"*", "", (Function) gseen_nick, "gseen"},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_join[] =
++{
++  {"*", "", (Function) gseen_join, "gseen"},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_part[] =
++{
++  {"*", "", (Function) gseen_part, "gseen"},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_sign[] =
++{
++  {"*", "", (Function) gseen_sign, "gseen"},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_splt[] =
++{
++  {"*", "", (Function) gseen_splt, "gseen"},
++  {0, 0, 0, 0}
++};
++
++static cmd_t seen_rejn[] =
++{
++  {"*", "", (Function) gseen_rejn, "gseen"},
++  {0, 0, 0, 0}
++};
+diff -Nur src/mod/gseen.mod/slang.c src/mod/gseen.mod/slang.c
+--- src/mod/gseen.mod/slang.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/slang.c	2002-10-26 13:18:03.000000000 +0200
+@@ -0,0 +1,309 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++static struct slang_header *slang_find(struct slang_header *, char *);
++
++#include "slang_text.c"
++#include "slang_multitext.c"
++#include "slang_ids.c"
++#ifndef SLANG_NOTYPES
++#include "slang_types.c"
++#endif
++#include "slang_duration.c"
++#ifndef SLANG_NOFACTS
++#include "slang_facts_places.c"
++#include "slang_facts.c"
++#endif
++#include "slang_chanlang.c"
++
++
++struct slang_header {
++  struct slang_header *next;
++  char *lang;
++  char *desc;
++  struct slang_id *ids;
++#ifndef SLANG_NOTYPES
++  struct slang_type *types;
++#endif
++  struct slang_duration *durations;
++};
++
++static void slang_glob_init()
++{
++  glob_slang_cmd_list = NULL;
++}
++
++static int slang_glob_expmem()
++{
++  return slang_commands_list_expmem(glob_slang_cmd_list);
++}
++
++static void slang_glob_free()
++{
++  slang_commands_list_free(glob_slang_cmd_list);
++  glob_slang_cmd_list = NULL;
++}
++
++static struct slang_header *slang_create(struct slang_header *list, char *lang, char *desc)
++{
++  struct slang_header *nslang, *l;
++
++  Assert(lang);
++  debug2("Creating language '%s' starting by %d", lang, (int) list);
++  for (nslang = list; nslang; nslang = nslang->next)
++    if (!strcasecmp(nslang->lang, lang))
++      return list;
++  nslang = nmalloc(sizeof(struct slang_header));
++  nslang->next = NULL;
++  nslang->desc = NULL;
++  nslang->lang = nmalloc(strlen(lang) + 1);
++  strcpy(nslang->lang, lang);
++  nslang->desc = nmalloc(strlen(desc) + 1);
++  strcpy(nslang->desc, desc);
++  nslang->ids = NULL;
++#ifndef SLANG_NOTYPES
++  nslang->types = NULL;
++#endif
++  nslang->durations = NULL;
++  for (l = list; l && l->next; l = l->next);
++  if (l)
++    l->next = nslang;
++  else {
++    Assert(!list);
++    list = nslang;
++  }
++  return list;
++}
++
++static int slang_expmem(struct slang_header *what)
++{
++  int size = 0;
++
++  while (what) {
++    size += sizeof(struct slang_header);
++    size += strlen(what->lang) + 1;
++    size += strlen(what->desc) + 1;
++    size += slang_id_expmem(what->ids);
++#ifndef SLANG_NOTYPES
++    size += slang_type_expmem(what->types);
++#endif
++    size += slang_duration_expmem(what->durations);
++    what = what->next;
++  }
++  return size;
++}
++
++static void slang_free(struct slang_header *what)
++{
++  struct slang_header *next;
++
++  while (what) {
++    next = what->next;
++    slang_id_free(what->ids);
++#ifndef SLANG_NOTYPES
++    slang_type_free(what->types);
++#endif
++    slang_duration_free(what->durations);
++    nfree(what->lang);
++    nfree(what->desc);
++    nfree(what);
++    what = next;
++  }
++}
++
++static int slang_load(struct slang_header *slang, char *filename)
++{
++  FILE *f;
++  char *buffer, *s;
++  char *cmd, *sid, *strtol_ret;
++#ifndef SLANG_NOTYPES
++  char *type;
++#endif
++  int line, id;
++
++  Assert(slang);
++  putlog(LOG_MISC, "*", "Loading language \"%s\" from %s...", slang->lang, filename);
++  f = fopen(filename, "r");
++  if (!f) {
++    putlog(LOG_MISC, "*", "Couldn't open slangfile \"%s\"!", filename);
++    return 0;
++  }
++  buffer = nmalloc(2000);
++  line = 0;
++  while (!feof(f)) {
++    s = buffer;
++    if (fgets(s, 2000, f)) {
++      line++;
++      // at first, kill those stupid line feeds and carriage returns...
++      if (s[strlen(s) - 1] == '\n')
++        s[strlen(s) - 1] = 0;
++      if (s[strlen(s) - 1] == '\r')
++        s[strlen(s) - 1] = 0;
++      if (!s[0])
++        continue;
++      cmd = newsplit(&s);
++
++      if (!strcasecmp(cmd, "T")) {
++#ifndef SLANG_NOTYPES
++        type = newsplit(&s);
++        slang->types = slang_type_add(slang->types, type, s);
++#endif
++      } else if (!strcasecmp(cmd, "D")) {
++        sid = newsplit(&s);
++        id = strtol(sid, &strtol_ret, 10);
++        if (strtol_ret == sid) {
++          putlog(LOG_MISC, "*", "ERROR in slangfile \"%s\", line %d: %s is not a valid "
++                 "duration index!", filename, line, sid);
++          continue;
++        }
++        slang->durations = slang_duration_add(slang->durations, id, s);
++      } else {
++        id = strtol(cmd, &strtol_ret, 10);
++        if (strtol_ret == cmd)
++          continue;
++        slang->ids = slang_id_add(slang->ids, id, s);
++      }
++    }
++  }
++  fclose(f);
++  nfree(buffer);
++  return 1;
++}
++
++static struct slang_header *slang_find(struct slang_header *where, char *language)
++{
++  struct slang_header *slang = NULL;
++
++  // at first, search for the specified language
++  for (slang = where; slang; slang = slang->next)
++    if (!strcasecmp(slang->lang, language))
++      return slang;
++  // oops... language seems to be invalid. Let's find the default.
++  Assert(default_slang);
++  for (slang = where; slang; slang = slang->next)
++    if (!strcasecmp(slang->lang, default_slang))
++      return slang;
++  // default_slang wasn't found either? *sigh*
++  // Let's return the first known language then.
++  return where;
++}
++
++#ifndef SLANG_NOVALIDATE
++/* slang_valid():
++ * check if the given language is a valid one
++ */
++static int slang_valid(struct slang_header *where, char *language)
++{
++  struct slang_header *slang = NULL;
++
++  for (slang = where; slang; slang = slang->next)
++    if (!strcasecmp(slang->lang, language))
++      return 1;
++  return 0;
++}
++#endif
++
++static char getslang_error[12];
++static char *getslang(int id)
++{
++  char *text;
++
++  if (!glob_slang) {
++    putlog(LOG_MISC, "*", "WARNING! No language selected! (getslang())");
++    return "NOLANG";
++  }
++  text = slang_id_get(glob_slang->ids, id);
++  if (!text) {
++    snprintf(getslang_error, sizeof(getslang_error), "SLANG%d", id);
++    return getslang_error;
++  }
++  return text;
++}
++
++static char *getdur(int idx)
++{
++  char *text;
++
++  Assert((idx >= 0) && (idx < DURATIONS));
++  if (!glob_slang) {
++    putlog(LOG_MISC, "*", "WARNING! No language selected! (getdur())");
++    return "NOLANG";
++  }
++  text = slang_duration_get(glob_slang->durations, idx);
++  if (!text) {
++    snprintf(getslang_error, sizeof(getslang_error), "DUR%d", idx);
++    return getslang_error;
++  }
++  return text;
++}
++
++#ifndef SLANG_NOTYPES
++static char *getslangtype(char *type)
++{
++  char *stype;
++
++  if (!glob_slang) {
++    putlog(LOG_MISC, "*", "WARNING! No language selected! (getslangtype())");
++    return "NOLANG";
++  }
++  stype = slang_type_get(glob_slang->types, type);
++  if (stype)
++    return stype;
++  else
++    return type;
++}
++
++static int slangtypetoi(char *slangtype)
++{
++  char *type;
++
++  if (!glob_slang) {
++    putlog(LOG_MISC, "*", "WARNING! No language selected! (slangtypetoi())");
++    return T_ERROR;
++  }
++  type = slang_type_slang2type(glob_slang->types, slangtype);
++  if (type) {
++    debug1("type: %s", type);
++    return typetoi(type);
++  } else
++    return typetoi(slangtype);
++}
++#endif
++
++#ifndef SLANG_NOGETALL
++static char *getslang_first(int id)
++{
++  char *text;
++
++  if (!glob_slang) {
++    putlog(LOG_MISC, "*", "WARNING! No language selected! (getslang())");
++    return "NOLANG";
++  }
++  text = slang_id_get_first(glob_slang->ids, id);
++  if (!text) {
++    snprintf(getslang_error, sizeof(getslang_error), "SLANG%d", id);
++    return getslang_error;
++  }
++  return text;
++}
++
++static char *getslang_next()
++{
++  return slang_id_get_next();
++}
++#endif
+diff -Nur src/mod/gseen.mod/slang_chanlang.c src/mod/gseen.mod/slang_chanlang.c
+--- src/mod/gseen.mod/slang_chanlang.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/slang_chanlang.c	2002-10-26 13:18:02.000000000 +0200
+@@ -0,0 +1,113 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++struct slang_chanlang {
++  struct slang_chanlang *next;
++  char *chan;
++  char *lang;
++};
++
++static struct slang_chanlang *chanlangs = NULL;
++
++static struct slang_chanlang *slang_chanlang_add(struct slang_chanlang *, char *, char *);
++static int slang_chanlang_expmem(struct slang_chanlang *);
++static void slang_chanlang_free(struct slang_chanlang *);
++static char *slang_chanlang_get(struct slang_chanlang *, char *);
++
++static struct slang_chanlang *slang_chanlang_add(struct slang_chanlang *where, char *chan, char *lang)
++{
++  struct slang_chanlang *item;
++
++  for (item = where; item; item = item->next)
++    if (!rfc_casecmp(item->chan, chan))
++      break;
++  if (!item) {
++    item = nmalloc(sizeof(struct slang_chanlang));
++    item->chan = nmalloc(strlen(chan) + 1);
++    strcpy(item->chan, chan);
++    item->lang = nmalloc(strlen(lang) + 1);
++    strcpy(item->lang, lang);
++    item->next = where;
++    where = item;
++  } else {
++    Assert(item->lang);
++    item->lang = nrealloc(item->lang, strlen(lang) + 1);
++    strcpy(item->lang, lang);
++  }
++  return where;
++}
++
++static int slang_chanlang_expmem(struct slang_chanlang *what)
++{
++  int size = 0;
++
++  while (what) {
++    Assert(what);
++    Assert(what->chan);
++    Assert(what->lang);
++    size += sizeof(struct slang_chanlang);
++    size += strlen(what->chan) + 1;
++    size += strlen(what->lang) + 1;
++    what = what->next;
++  }
++  return size;
++}
++
++static void slang_chanlang_free(struct slang_chanlang *what)
++{
++  struct slang_chanlang *next;
++
++  while (what) {
++    Assert(what);
++    Assert(what->chan);
++    Assert(what->lang);
++    next = what->next;
++    nfree(what->chan);
++    nfree(what->lang);
++    nfree(what);
++    what = next;
++  }
++}
++
++static char *slang_chanlang_get(struct slang_chanlang *where, char *chan)
++{
++  while (where) {
++    if (!rfc_casecmp(where->chan, chan))
++      return where->lang;
++    where = where->next;
++  }
++  return default_slang;
++}
++
++/* slang_getbynick():
++ * tries to find an appropriate language for nick by searching
++ * him on a channel and using the language of this channel.
++ */
++static struct slang_header *slang_getbynick(struct slang_header *where, char *nick)
++{
++  struct chanset_t *chan;
++
++  for (chan = chanset; chan; chan = chan->next)
++    if (ismember(chan, nick))
++#if EGG_IS_MIN_VER(10500)
++      return slang_find(where, slang_chanlang_get(chanlangs, chan->dname));
++#else
++      return slang_find(where, slang_chanlang_get(chanlangs, chan->name));
++#endif
++  return slang_find(where, default_slang);
++}
+diff -Nur src/mod/gseen.mod/slang_duration.c src/mod/gseen.mod/slang_duration.c
+--- src/mod/gseen.mod/slang_duration.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/slang_duration.c	2002-10-26 13:18:01.000000000 +0200
+@@ -0,0 +1,82 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++#define DURATIONS 13
++
++struct slang_duration {
++  char *durs[DURATIONS];
++};
++
++static struct slang_duration *slang_duration_add(struct slang_duration *where, int idx, char *text)
++{
++  int i;
++
++  if ((idx < 0) || (idx >= DURATIONS)) {
++    putlog(LOG_MISC, "*", "Warning: Invalid duration index \"%d\".", idx);
++    return where;
++  }
++  debug2("Adding duration[%d]: %s", idx, text);
++  if (!where) {
++    where = nmalloc(sizeof(struct slang_duration));
++    for (i = 0; i < DURATIONS; i++)
++      where->durs[i] = NULL;
++  }
++  if (where->durs[idx])
++    nfree(where->durs[idx]);
++  where->durs[idx] = nmalloc(strlen(text) + 1);
++  strcpy(where->durs[idx], text);
++  return where;
++}
++
++static int slang_duration_expmem(struct slang_duration *what)
++{
++  int i, size = 0;
++
++  if (!what)
++    return 0;
++  size += sizeof(struct slang_duration);
++  for (i = 0; i < DURATIONS; i++)
++    if (what->durs[i])
++      size += strlen(what->durs[i]) + 1;
++  return size;
++}
++
++static void slang_duration_free(struct slang_duration *what)
++{
++  int i;
++
++  if (what) {
++    for (i = 0; i < DURATIONS; i++)
++      if (what->durs[i])
++        nfree(what->durs[i]);
++    nfree(what);
++  }
++}
++
++static char *slang_duration_get(struct slang_duration *where, int idx)
++{
++  if (!where) {
++    debug0("no where");
++    return NULL;
++  }
++  if ((idx < 0) || (idx >= DURATIONS)) {
++    debug1("invalid duration index: %d", idx);
++    return NULL;
++  }
++  return where->durs[idx];
++}
+diff -Nur src/mod/gseen.mod/slang_gseen_commands.c src/mod/gseen.mod/slang_gseen_commands.c
+--- src/mod/gseen.mod/slang_gseen_commands.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/slang_gseen_commands.c	2002-10-26 13:18:06.000000000 +0200
+@@ -0,0 +1,235 @@
++static void slang_send_botnick()
++{
++  strncat(slang_text_buf, botname, sizeof(slang_text_buf));
++}
++
++static void slang_send_query()
++{
++  if (glob_query)
++    strncat(slang_text_buf, glob_query, sizeof(slang_text_buf));
++}
++
++static void slang_send_laston()
++{
++  if (glob_laston)
++    strncat(slang_text_buf, glob_laston, sizeof(slang_text_buf));
++}
++
++static void slang_send_otherchan()
++{
++  if (glob_otherchan)
++    strncat(slang_text_buf, glob_otherchan, sizeof(slang_text_buf));
++}
++
++static void slang_send_othernick()
++{
++  if (glob_othernick)
++    strncat(slang_text_buf, glob_othernick, sizeof(slang_text_buf));
++}
++
++static void slang_send_remotebot()
++{
++  if (glob_remotebot)
++    strncat(slang_text_buf, glob_remotebot, sizeof(slang_text_buf));
++}
++
++static void slang_send_snick()
++{
++  if (glob_seendat)
++    strncat(slang_text_buf, glob_seendat->nick, sizeof(slang_text_buf));
++}
++
++static void slang_send_shost()
++{
++  if (glob_seendat)
++    strncat(slang_text_buf, glob_seendat->host, sizeof(slang_text_buf));
++}
++
++static void slang_send_schan()
++{
++  if (glob_seendat)
++    strncat(slang_text_buf, glob_seendat->chan, sizeof(slang_text_buf));
++}
++
++static void slang_send_swhen()
++{
++  char *dur;
++
++  if (glob_seendat) {
++    dur = gseen_duration(now - glob_seendat->when);
++    strncat(slang_text_buf, dur, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_stime()
++{
++  time_t tt;
++  char t[20];
++  
++  if (glob_seendat) {
++    tt = glob_seendat->when;
++    strftime(t, 19, "%d.%m. %H:%M", localtime(&tt));
++    strncat(slang_text_buf, t, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_spent()
++{
++  char *dur;
++
++  if (glob_seendat) {
++    dur = gseen_duration(glob_seendat->spent);
++    strncat(slang_text_buf, dur, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_smsg()
++{
++  if (glob_seendat)
++    strncat(slang_text_buf, glob_seendat->msg, sizeof(slang_text_buf));
++}
++
++static void slang_send_numresults()
++{
++  char buf[7];
++  
++  snprintf(buf, sizeof(buf), "%d", numresults);
++  strncat(slang_text_buf, buf, sizeof(slang_text_buf));
++}
++
++static void slang_send_punisher()
++{
++  char *reason;
++  int len;
++  
++  if (glob_seendat) {
++    reason = strchr(glob_seendat->msg, ' ');
++    if (!reason)
++      strncat(slang_text_buf, glob_seendat->msg, sizeof(slang_text_buf));
++    else {
++      len = (int) reason - (int) glob_seendat->msg;
++      strncat(slang_text_buf, glob_seendat->msg, (sizeof(slang_text_buf) < len) ? sizeof(slang_text_buf) : len);
++    }
++  }
++}
++
++static void slang_send_kickreason()
++{
++  char *reason;
++  
++  if (glob_seendat) {
++    reason = strchr(glob_seendat->msg, ' ');
++    if (reason)
++      strncat(slang_text_buf, reason, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_rnick()
++{
++  if (glob_seenrequest) {
++    Assert(glob_seenrequest->by);
++    Assert(glob_seenrequest->by->who);
++    strncat(slang_text_buf, glob_seenrequest->by->who, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_rchan()
++{
++  if (glob_seenrequest) {
++    Assert(glob_seenrequest->by);
++    Assert(glob_seenrequest->by->chan);
++    strncat(slang_text_buf, glob_seenrequest->by->chan, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_rhost()
++{
++  if (glob_seenrequest) {
++    Assert(glob_seenrequest->by);
++    Assert(glob_seenrequest->by->host);
++    strncat(slang_text_buf, glob_seenrequest->by->host, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_rtime()
++{
++  time_t tt;
++  char t[20];
++  
++  if (glob_seenrequest) {
++    Assert(glob_seenrequest->by);
++    tt = glob_seenrequest->by->when;
++    strftime(t, sizeof(t), "%d.%m. %H:%M", localtime(&tt));
++    strncat(slang_text_buf, t, sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_rwhen()
++{
++  if (glob_seenrequest) {
++    Assert(glob_seenrequest->by);
++    strncat(slang_text_buf, gseen_duration(now - glob_seenrequest->by->when), sizeof(slang_text_buf));
++  }
++}
++
++static void slang_send_requests()
++{
++  char buf[7];
++  
++  snprintf(buf, sizeof(buf), "%d", glob_seenrequests);
++  strncat(slang_text_buf, buf, sizeof(slang_text_buf));
++}
++
++static void slang_send_totalnicks()
++{
++  char buf[7];
++  
++  snprintf(buf, sizeof(buf), "%d", glob_totalnicks);
++  strncat(slang_text_buf, buf, sizeof(slang_text_buf));
++}
++
++static void slang_send_totalbytes()
++{
++  char buf[20];
++  
++  snprintf(buf, sizeof(buf), "%d", glob_totalbytes);
++  strncat(slang_text_buf, buf, sizeof(slang_text_buf));
++}
++
++static void slang_send_nick()
++{
++  if (glob_nick)
++    strncat(slang_text_buf, glob_nick, sizeof(slang_text_buf));
++}
++
++struct slang_text_commands slang_text_gseen_command_table[] =
++{
++  {"botnick", slang_send_botnick},
++  {"query", slang_send_query},
++  {"laston", slang_send_laston},
++  {"otherchan", slang_send_otherchan},
++  {"othernick", slang_send_othernick},
++  {"remotebot", slang_send_remotebot},
++  {"snick", slang_send_snick},
++  {"swhen", slang_send_swhen},
++  {"stime", slang_send_stime},
++  {"shost", slang_send_shost},
++  {"schan", slang_send_schan},
++  {"spent", slang_send_spent},
++  {"smsg", slang_send_smsg},
++  {"numresults", slang_send_numresults},
++  {"snick2", slang_send_smsg},
++  {"bnbot", slang_send_smsg},
++  {"punisher", slang_send_punisher},
++  {"kickreason", slang_send_kickreason},
++  {"rnick", slang_send_rnick},
++  {"rchan", slang_send_rchan},
++  {"rhost", slang_send_rhost},
++  {"rtime", slang_send_rtime},
++  {"rwhen", slang_send_rwhen},
++  {"requests", slang_send_requests},
++  {"totalnicks", slang_send_totalnicks},
++  {"totalbytes", slang_send_totalbytes},
++  {"nick", slang_send_nick},
++  {0, 0}
++};
+diff -Nur src/mod/gseen.mod/slang_ids.c src/mod/gseen.mod/slang_ids.c
+--- src/mod/gseen.mod/slang_ids.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/slang_ids.c	2002-10-26 13:18:04.000000000 +0200
+@@ -0,0 +1,104 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++struct slang_id {
++  struct slang_id *next;
++  int id;
++  struct slang_multitext *mtext;
++};
++
++static struct slang_id* slang_id_add(struct slang_id *, int, char *);
++static int slang_id_expmem(struct slang_id *);
++static void slang_id_free(struct slang_id *);
++static char *slang_id_get(struct slang_id *, int);
++
++static struct slang_id* slang_id_add(struct slang_id *where, int id, char *text)
++{
++  struct slang_id *newitem;
++
++  newitem = NULL;
++  if (where) {
++    for (newitem = where; newitem; newitem = newitem->next)
++      if (newitem->id == id)
++        break;
++  }
++  if (!newitem) {
++    newitem = nmalloc(sizeof(struct slang_id));
++    newitem->next = NULL;
++    newitem->id = id;
++    newitem->mtext = NULL;
++    if (where)
++      newitem->next = where;
++    else
++      newitem->next = NULL;
++    where = newitem;
++  }
++  newitem->mtext = slang_mtext_add(newitem->mtext, text);
++  return where;
++}
++
++static int slang_id_expmem(struct slang_id *what)
++{
++  int size = 0;
++
++  for (; what; what = what->next) {
++    size += sizeof(struct slang_id);
++    size += slang_multitext_expmem(what->mtext);
++  }
++  return size;
++}
++
++static void slang_id_free(struct slang_id *what)
++{
++  struct slang_id *next;
++
++  while (what) {
++    next = what->next;
++    slang_multitext_free(what->mtext);
++    nfree(what);
++    what = next;
++  }
++}
++
++static char *slang_id_get(struct slang_id *where, int i)
++{
++  while (where) {
++    if (where->id == i)
++      return slang_multitext_getrandomtext(where->mtext);
++    where = where->next;
++  }
++  return NULL;
++}
++
++#ifndef SLANG_NOGETALL
++static char *slang_id_get_first(struct slang_id *where, int id)
++{
++  while (where) {
++    if (where->id == id) {
++      return slang_multitext_get_first(where->mtext);
++    }
++    where = where->next;
++  }
++  return NULL;
++}
++
++static char *slang_id_get_next()
++{
++  return slang_multitext_get_next();
++}
++#endif
+diff -Nur src/mod/gseen.mod/slang_multitext.c src/mod/gseen.mod/slang_multitext.c
+--- src/mod/gseen.mod/slang_multitext.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/slang_multitext.c	2002-10-26 13:18:05.000000000 +0200
+@@ -0,0 +1,151 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++struct slang_mt_content {
++  struct slang_mt_content *next;
++  struct slang_text *text;
++};
++
++struct slang_multitext {
++  int nr;
++  struct slang_mt_content *contents;
++};
++
++static struct slang_multitext *slang_mtext_add(struct slang_multitext *, char *);
++static int slang_multitext_expmem(struct slang_multitext *);
++static void slang_multitext_free(struct slang_multitext *);
++static char *slang_multitext_getrandomtext(struct slang_multitext *);
++#ifndef SLANG_NOTYPES
++static struct slang_text *slang_multitext_find(struct slang_multitext *, char *);
++#endif
++#ifndef SLANG_NOGETALL
++static char *slang_multitext_get_first(struct slang_multitext *);
++static char *slang_multitext_get_next();
++#endif
++
++static struct slang_multitext *slang_mtext_add(struct slang_multitext *where, char *text)
++{
++  struct slang_mt_content *oc, *nc;
++
++  if (!where) {
++    where = nmalloc(sizeof(struct slang_multitext));
++    where->nr = 0;
++    where->contents = NULL;
++  }
++  nc = nmalloc(sizeof(struct slang_mt_content));
++  nc->next = NULL;
++  nc->text = slang_text_parse(text);
++  for (oc = where->contents; oc && oc->next; oc = oc->next);
++  if (oc) {
++    Assert(!oc->next);
++    oc->next = nc;
++  } else
++    where->contents = nc;
++  where->nr++;
++  return where;
++}
++
++static int slang_multitext_expmem(struct slang_multitext *what)
++{
++  struct slang_mt_content *content;
++  int size = 0;
++
++  if (!what) {
++    debug0("WARNING! slang_multitext_expmem() called with NULL pointer!");
++    return 0;
++  }
++  size += sizeof(struct slang_multitext);
++  for (content = what->contents; content; content = content->next) {
++    size += sizeof(struct slang_mt_content);
++    size += slang_text_expmem(content->text);
++  }
++  return size;
++}
++
++static void slang_multitext_free(struct slang_multitext *what)
++{
++  struct slang_mt_content *content, *next;
++
++  if (!what) {
++    debug0("WARNING! slang_multitext_free() called with NULL pointer!");
++    return;
++  }
++  content = what->contents;
++  while (content) {
++    next = content->next;
++    slang_text_free(content->text);
++    nfree(content);
++    content = next;
++  }
++  nfree(what);
++}
++
++static char *slang_multitext_getrandomtext(struct slang_multitext *where)
++{
++  struct slang_mt_content *content;
++  unsigned long x;
++
++  if (!where)
++    return NULL;
++  x = random() % where->nr;
++  for (content = where->contents; content; content = content->next)
++    if (!x)
++      return slang_text_get(content->text);
++    else
++      x--;
++  // we should never reach this part
++  debug0("warning: getrandomtext didn't find anything!");
++  return NULL;
++}
++
++#ifndef SLANG_NOTYPES
++static struct slang_text *slang_multitext_find(struct slang_multitext *where, char *what)
++{
++  struct slang_mt_content *content;
++
++  Assert(where);
++  for (content = where->contents; content; content = content->next) {
++    Assert(content->text);
++    if (!slang_text_strcasecmp(content->text, what))
++      return content->text;
++  }
++  return NULL;
++}
++#endif
++
++#ifndef SLANG_NOGETALL
++static struct slang_mt_content *glob_mtext_content;
++static char *slang_multitext_get_first(struct slang_multitext *where)
++{
++  Assert(where);
++  glob_mtext_content = where->contents;
++  if (glob_mtext_content)
++    return slang_text_get(glob_mtext_content->text);
++  else
++    return NULL;
++}
++
++static char *slang_multitext_get_next()
++{
++  glob_mtext_content = glob_mtext_content->next;
++  if (glob_mtext_content)
++    return slang_text_get(glob_mtext_content->text);
++  else
++    return NULL;
++}
++#endif
+diff -Nur src/mod/gseen.mod/slang_text.c src/mod/gseen.mod/slang_text.c
+--- src/mod/gseen.mod/slang_text.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/slang_text.c	2002-10-26 13:18:07.000000000 +0200
+@@ -0,0 +1,200 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++struct slang_text {
++  struct slang_text *next;
++  char *string;
++  void (*command) ();
++};
++
++struct slang_text_commands {
++  char *command;
++  void (*targetfunc) ();
++};
++
++struct slang_command_list {
++  struct slang_command_list *next;
++  struct slang_text_commands *commands;
++};
++
++static struct slang_text *slang_text_parse(char *);
++static struct slang_text *slang_text_create(struct slang_text *);
++static void slang_text_add_string(struct slang_text *, char *);
++static void slang_text_add_command(struct slang_text *, char *);
++static void slang_text_free(struct slang_text *);
++static int slang_text_expmem(struct slang_text *);
++static char *slang_text_get(struct slang_text *);
++#ifndef SLANG_NOTYPES
++static int slang_text_strcasecmp(struct slang_text *, char *);
++#endif
++
++static struct slang_text *slang_text_parse(char *text)
++{
++  char *cmdstart, *cmdend;
++  struct slang_text *firstitem, *item;
++
++  firstitem = slang_text_create(NULL);
++  item = firstitem;
++  while ((cmdstart = strstr(text, "<?"))) {
++    cmdstart[0] = 0;
++    slang_text_add_string(item, text);
++    item = slang_text_create(item);
++    text += 2;
++    cmdstart += 2;
++    cmdend = strstr(cmdstart, "/?>");
++    if (!cmdend) {
++      putlog(LOG_MISC, "*", "ERROR parsing slang text: unterminated command \"%s\"!", cmdstart);
++      break;
++    }
++    cmdend[0] = 0;
++    slang_text_add_command(item, cmdstart);
++    item = slang_text_create(item);
++    text = cmdend + 3;
++  }
++  slang_text_add_string(item, text);
++  return firstitem;
++}
++
++static struct slang_text *slang_text_create(struct slang_text *where)
++{
++  struct slang_text *newpart;
++
++  newpart = nmalloc(sizeof(struct slang_text));
++  newpart->next = NULL;
++  newpart->string = NULL;
++  newpart->command = NULL;
++  while (where && where->next)
++    where = where->next;
++  if (where)
++    where->next = newpart;
++  return newpart;
++}
++
++static void slang_text_add_string(struct slang_text *item, char *s)
++{
++  Assert(item);
++  Assert(!item->string);
++  item->string = nmalloc(strlen(s) + 1);
++  strcpy(item->string, s);
++}
++
++static void slang_text_free(struct slang_text *item)
++{
++  if (!item)
++    return;
++  slang_text_free(item->next);
++  if (item->string)
++    nfree(item->string);
++  nfree(item);
++}
++
++static int slang_text_expmem(struct slang_text *item)
++{
++  int size = 0;
++
++  while (item) {
++    size += sizeof(struct slang_text);
++    if (item->string)
++      size += strlen(item->string) + 1;
++    item = item->next;
++  }
++  return size;
++}
++
++#ifndef SLANG_NOTYPES
++static int slang_text_strcasecmp(struct slang_text *item, char *text)
++{
++  Assert(item);
++  debug2("s_t_sc: '%s', '%s'", text, item->string);
++  if (item->command || item->next)
++    return 1;
++  return strcasecmp(item->string, text);
++}
++#endif
++
++static char slang_text_buf[500];
++static char *slang_text_get(struct slang_text *item)
++{
++  slang_text_buf[0] = 0;
++  while (item) {
++    if (item->string)
++      strncat(slang_text_buf, item->string, sizeof(slang_text_buf));
++    else if (item->command)
++      item->command();
++    item = item->next;
++  }
++  return slang_text_buf;
++}
++
++/*****************************************************/
++
++
++static struct slang_command_list *glob_slang_cmd_list;
++
++static struct slang_command_list *slang_commands_list_add(struct slang_command_list *where, struct slang_text_commands *what)
++{
++  struct slang_command_list *newcommandlist;
++
++  newcommandlist = nmalloc(sizeof(struct slang_command_list));
++  newcommandlist->commands = what;
++  newcommandlist->next = where;
++  return newcommandlist;
++}
++
++static int slang_commands_list_expmem(struct slang_command_list *what)
++{
++  int size = 0;
++
++  while (what) {
++    size += sizeof(struct slang_command_list);
++    what = what->next;
++  }
++  return size;
++}
++
++static void slang_commands_list_free(struct slang_command_list *what)
++{
++  struct slang_command_list *next;
++
++  while (what) {
++    next = what->next;
++    nfree(what);
++    what = next;
++  }
++}
++
++static void slang_text_add_command(struct slang_text *item, char *s)
++{
++  struct slang_command_list *cmdlist;
++  char *cmd;
++  int i;
++
++  cmd = newsplit(&s);
++  i = 0;
++  for (cmdlist = glob_slang_cmd_list; cmdlist; cmdlist = cmdlist->next) {
++    for (i = 0; 1; i++) {
++      if (!cmdlist->commands[i].command)
++        break;
++      if (!strcasecmp(cmdlist->commands[i].command, cmd)) {
++        item->command = cmdlist->commands[i].targetfunc;
++        return;
++      }
++    }
++  }
++  putlog(LOG_MISC, "*", "ERROR! Unknown slang-command: '%s'", cmd);
++}
+diff -Nur src/mod/gseen.mod/tclcmds.c src/mod/gseen.mod/tclcmds.c
+--- src/mod/gseen.mod/tclcmds.c	1970-01-01 01:00:00.000000000 +0100
++++ src/mod/gseen.mod/tclcmds.c	2002-10-26 13:18:08.000000000 +0200
+@@ -0,0 +1,53 @@
++/*
++ * Copyright (C) 2000,2001  Florian Sander
++ *
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++static int tcl_setchanseenlang STDVAR
++{
++  Context;
++  BADARGS(3, 3, " channel language");
++  chanlangs = slang_chanlang_add(chanlangs, argv[1], argv[2]);
++  return TCL_OK;
++}
++
++static int tcl_loadseenslang STDVAR
++{
++//  int ret = 0;
++  char *shortname, *longname, *filename;
++  struct slang_header *slang;
++
++  Context;
++  BADARGS(4, 4, " language description langfile");
++  shortname = argv[1];
++  longname = argv[2];
++  filename = argv[3];
++  coreslangs = slang_create(coreslangs, shortname, longname);
++  slang = slang_find(coreslangs, shortname);
++  Assert(slang);
++  if (!slang_load(slang, filename)) {
++    Tcl_AppendResult(irp, "Couldn't open seenslang file!!!", NULL);
++    return TCL_ERROR;
++  }
++  return TCL_OK;
++}
++
++static tcl_cmds gseentcls[] =
++{
++  {"loadseenslang", tcl_loadseenslang},
++  {"setchanseenlang", tcl_setchanseenlang},
++  {0, 0}
++};
diff --git a/main/eggdrop/logs2html.mod.patch b/main/eggdrop/logs2html.mod.patch
new file mode 100644
index 0000000000..8ea2e94e62
--- /dev/null
+++ b/main/eggdrop/logs2html.mod.patch
@@ -0,0 +1,2404 @@
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/Makefile eggdrop1.6.19/src/mod/logs2html.mod/Makefile
+--- src/mod/logs2html.mod/Makefile	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/Makefile	2009-03-28 01:32:21.000000000 +0000
+@@ -0,0 +1,42 @@
++# Makefile for src/mod/logs2html.mod/
++
++srcdir = .
++
++
++doofus:
++	@echo ""
++	@echo "Let's try this from the right directory..."
++	@echo ""
++	@cd ../../../ && make
++
++static: ../logs2html.o
++
++modules: ../../../logs2html.$(MOD_EXT)
++
++../logs2html.o:
++	$(CC) $(CFLAGS) $(CPPFLAGS) -DMAKING_MODS -c $(srcdir)/logs2html.c
++	@rm -f ../logs2html.o
++	mv logs2html.o ../
++
++../../../logs2html.$(MOD_EXT): ../logs2html.o
++	$(LD) -o ../../../logs2html.$(MOD_EXT) ../logs2html.o
++	$(STRIP) ../../../logs2html.$(MOD_EXT)
++
++depend:
++	$(CC) $(CFLAGS) $(CPPFLAGS) -MM $(srcdir)/logs2html.c > .depend
++
++clean:
++	@rm -f .depend *.o *.$(MOD_EXT) *~
++distclean: clean
++
++#safety hash
++../logs2html.o: .././logs2html.mod/logs2html.c \
++ ../../../src/mod/module.h ../../../src/main.h ../../../src/lang.h \
++ ../../../src/eggdrop.h ../../../src/flags.h ../../../src/proto.h \
++ ../../../lush.h ../../../src/misc_file.h ../../../src/cmdt.h \
++ ../../../src/tclegg.h ../../../src/tclhash.h ../../../src/chan.h \
++ ../../../src/users.h ../../../src/compat/compat.h \
++ ../../../src/compat/inet_aton.h \
++ ../../../src/compat/snprintf.h ../../../src/compat/memset.h \
++ ../../../src/compat/memcpy.h ../../../src/compat/strcasecmp.h \
++ ../../../src/compat/strftime.h ../../../src/mod/modvals.h
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/chan.list eggdrop1.6.19/src/mod/logs2html.mod/chan.list
+--- src/mod/logs2html.mod/chan.list	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/chan.list	2009-03-28 01:43:40.000000000 +0000
+@@ -0,0 +1,22 @@
++# Add your channels here. The format is:
++#  addlogs2htmlchan channel output-path main-page-name main-page-title logs-page-prefix logs-page-title
++#   channel		- your channel which logs you want to convert
++#   output-path		- your ftp path, where converted files will be put
++#			  (don't forget to check settings to be sure bot have
++#			  permision write to the path you specify)
++#   main-page-name	- name of your mainpage (i.e. page with calendar) for
++#			  this channel
++#   main-page-title	- your mainpage title for this channel (will be shown
++#			  as the caption of the web page in your browser and as
++#			  the title of calendar)
++#   logs-page-prefix	- your logs page name (prefix) for this channel.
++#			  Resulting name'll  be 'logs-page-prefixYYmmdd'
++#   logs-page-title	- your logs page title for this channel (will be shown
++#			  as the caption of the web page in your browser)
++# Example:
++#  addlogs2htmlchan "#MyChan" "logs" "index" "Logs of MyChan" "mychan" "Log of MyChan"
++#
++# Note: expression "logs2html" MUST be one line (i.e. without linefeeds
++# and carrige returns) and every parameter in the expression MUST be enclosed
++# with ".
++
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/fileoperations.c eggdrop1.6.19/src/mod/logs2html.mod/fileoperations.c
+--- src/mod/logs2html.mod/fileoperations.c	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/fileoperations.c	2009-03-28 01:45:19.000000000 +0000
+@@ -0,0 +1,142 @@
++/*
++ * fileoperations.c -- part of logs2html.mod
++ *
++ * Written by Fedotov Alexander aka Gray_Angel aka Shmupsik <shurikvz@mail.ru>
++ *
++ * 2004-2005 year
++ */
++/*
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++#include <stdarg.h>
++
++/****************************************************************************/
++/*
++ * function FILE *openfile(char *newfilename, const char *mode, bool silent)
++ *
++ * Input:
++ *   newfilename	-	èìÿ ôàéëà, êîòîðûé íåîáõîäèìî ñîçäàòü
++ *   mode					-	ðåæèì îòêðûòèÿ ôàéëà
++ *
++ * Output:
++ *   óêàçàòåëü íà ôàéë
++ *
++ * Discription:
++ *   ôóíêöèÿ îñóùåñòâëÿåò ñîçäàíèå è îòêðûòèå ôàéëà â óêàçàííîì ðåæèìå
++ *   è âîçâðàùàåò óêàçàòåëü íà ñîçäàííûé ôàéë
++ */
++static FILE *openfile(char *newfilename, const char *mode, bool silent) {
++	FILE *file;
++	static char *filename = NULL;
++	
++	Context;
++
++	filename = (char *)nmalloc(sizeof(char) * (strlen(newfilename) + 1));
++
++	if (filename == NULL) {
++		putlog(LOG_MISC, "*", "logs2html: ERROR! Can't allocate enough space for filename.");
++		return NULL;
++	}
++
++	sprintf(filename, "%s", newfilename);
++	file = fopen(filename, mode);
++	if ((file == NULL) && (!silent)) {
++		putlog(LOG_MISC, "*", "logs2html: Warning! Can't open file \"%s\".", filename);
++	}
++
++	nfree(filename); filename = NULL;
++
++	return file;
++} /* openfile() */
++/****************************************************************************/
++
++
++/****************************************************************************/
++/*
++ * function void writefromexfile(FILE *dst_file, char *exfilename)
++ *
++ * Input:
++ *   
++ *   
++ *   
++ *
++ * Output:
++ *   
++ *
++ * Discription:
++ *   
++ *   
++ */
++static void writefromexfile(FILE *dst_file, char *exfilename) {
++	FILE *addfile;
++	char buffer[512];
++	size_t n;
++
++	if (strlen(exfilename) > 0) {
++		if ((addfile = openfile(exfilename, "r", false)) != NULL) {
++			while(!feof(addfile)) {
++				n = fread(buffer, sizeof(char), sizeof buffer, addfile);
++				fwrite(buffer, sizeof(char), n, dst_file);
++			}
++			fclose(addfile);
++		}
++	}
++
++	return;
++} /* writefromexfile() */
++/****************************************************************************/
++
++
++/****************************************************************************/
++/*
++ * function void str_write(FILE *file, char *fmt, ... )
++ *
++ * Input:
++ *   file -	ôàéë â êîòîðûé ïèøåì äàííûå
++ *   fmt -	ñòðîêà äëÿ çàïèñè ñî ñïåöèôèêàòîðàìè ôîðìàòà
++ *   ... -	äàííûå äëÿ çàïèñè â ñòðîêó
++ *
++ * Output:
++ *   íè÷åãî
++ *
++ * Discription:
++ *   ôóíêöèÿ îñóùåñòâëÿåò çàïèñü ïåðåäàííîé ñòðîêè â óêàçàííûé ôàéë,
++ *   ïðîèçâîäÿ ñîîòâåòñòâóþùåå åå ôîðìàòèðîâàíèå
++ */
++static void str_write(FILE *file, char *fstr, ... ) {
++	va_list ap;
++	int nchars;
++	int size = 256;
++	static char *buffer = NULL;
++
++	Context;
++	buffer = (char *)nmalloc(size);
++
++	va_start(ap, fstr);
++	while (true) {
++		nchars = egg_vsnprintf(buffer, size, fstr, ap);
++		if (nchars < size) break;
++		size *= 2;
++		buffer = (char *)nrealloc(buffer, size);
++	}
++	va_end(ap);
++	fwrite(buffer, sizeof(char), strlen(buffer), file);
++	nfree(buffer); buffer = NULL;
++
++	return;
++} /* str_write() */
++/****************************************************************************/
++
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/help/logs2html.help eggdrop1.6.19/src/mod/logs2html.mod/help/logs2html.help
+--- src/mod/logs2html.mod/help/logs2html.help	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/help/logs2html.help	2009-03-28 01:32:21.000000000 +0000
+@@ -0,0 +1,22 @@
++%{help=convertalllogs}%{+n}
++###  %bconvertalllogs%b
++   Reconverts all your logs.
++
++See also: makemainpage
++%{help=makemainpage}%{+n}
++###  %bmakemainpage%b
++   Redraws your mainpages.
++
++See also: convertalllogs
++%{help=logs2html module}%{+n}
++###  %blogs2html module%b
++   This module convert all existing log files of your eggdrop for giving
++   channels to their html representation.
++
++   The following commands are provided by the logs2html module:
++%{+n}
++     %bconvertalllogs       makemainpage%b
++%{help=all}%{+n}
++###  %blogs2html module%b commands
++%{+n}
++     %bconvertalllogs       makemainpage%b
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/language/logs2html.english.lang eggdrop1.6.19/src/mod/logs2html.mod/language/logs2html.english.lang
+--- src/mod/logs2html.mod/language/logs2html.english.lang	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/language/logs2html.english.lang	2009-03-28 01:32:53.000000000 +0000
+@@ -0,0 +1,38 @@
++# logs2html.english.lang
++# language messages for the logs2html module
++
++# Year
++0xe000,year
++
++# Back to mainpage link
++0xe001,Main page
++
++# Up link
++0xe002,up
++
++# Backward, forward link
++0xe003,back
++0xe004,next
++
++# Month names
++0xe005,January
++0xe006,February
++0xe007,March
++0xe008,April
++0xe009,May
++0xe010,June
++0xe011,July
++0xe012,August
++0xe013,September
++0xe014,October
++0xe015,November
++0xe016,December
++
++# Days of week names
++0xe017,Su
++0xe018,Mo
++0xe019,Tu
++0xe020,Wn
++0xe021,Th
++0xe022,Fr
++0xe023,St
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/language/logs2html.french.lang eggdrop1.6.19/src/mod/logs2html.mod/language/logs2html.french.lang
+--- src/mod/logs2html.mod/language/logs2html.french.lang	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/language/logs2html.french.lang	2009-03-28 01:32:53.000000000 +0000
+@@ -0,0 +1,38 @@
++# logs2html.french.lang
++# language messages for the logs2html module
++
++# Year
++0xe000,Année
++
++# Back to mainpage link
++0xe001,Page principale
++
++# Up link
++0xe002,haut
++
++# Backward, forward link
++0xe003,Précédente
++0xe004,Suivante
++
++# Month names
++0xe005,Janvier
++0xe006,Février
++0xe007,Mars
++0xe008,Avril
++0xe009,Mai
++0xe010,Juin
++0xe011,Juillet
++0xe012,Août
++0xe013,Septembre
++0xe014,Octobre
++0xe015,Novembre
++0xe016,Décembre
++
++# Days of week names
++0xe017,Di
++0xe018,Lu
++0xe019,Ma
++0xe020,Me
++0xe021,Je
++0xe022,Ve
++0xe023,Sa
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/language/logs2html.russian.lang eggdrop1.6.19/src/mod/logs2html.mod/language/logs2html.russian.lang
+--- src/mod/logs2html.mod/language/logs2html.russian.lang	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/language/logs2html.russian.lang	2009-03-28 01:32:21.000000000 +0000
+@@ -0,0 +1,38 @@
++# logs2html.ru.lang
++# language messages for the logs2html module
++
++# Year
++0xe000,ãîä
++
++# Back to mainpage link
++0xe001,Íà ãëàâíóþ ñòðàíèöó
++
++# Up link
++0xe002,íàâåðõ
++
++# Backward, forward link
++0xe003,ïðåäûäóùàÿ
++0xe004,ñëåäóþùàÿ
++
++# Month names
++0xe005,ßíâàðü
++0xe006,Ôåâðàëü
++0xe007,Ìàðò
++0xe008,Àïðåëü
++0xe009,Ìàé
++0xe010,Èþíü
++0xe011,Èþëü
++0xe012,Àâãóñò
++0xe013,Ñåíòÿáðü
++0xe014,Îêòÿáðü
++0xe015,Íîÿáðü
++0xe016,Äåêàáðü
++
++# Days of week names
++0xe017,Âñ
++0xe018,Ïí
++0xe019,Âò
++0xe020,Ñð
++0xe021,×ò
++0xe022,Ïò
++0xe023,Ñá
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/language.h eggdrop1.6.19/src/mod/logs2html.mod/language.h
+--- src/mod/logs2html.mod/language.h	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/language.h	2009-03-28 01:32:21.000000000 +0000
+@@ -0,0 +1,51 @@
++/*
++ * language.h -- part of logs2html.mod
++ *
++ * Written by Fedotov Alexander aka Gray_Angel aka Shmupsik <shurikvz@mail.ru>
++ *
++ * 2004-2005 year
++ */
++/*
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++
++#define LOGS2HTML_YEAR			get_language(0xe000)
++#define LOGS2HTML_MAINPAGE		get_language(0xe001)
++#define LOGS2HTML_UP			get_language(0xe002)
++#define LOGS2HTML_BACK			get_language(0xe003)
++#define LOGS2HTML_NEXT			get_language(0xe004)
++
++#define LOGS2HTML_JANUARY		get_language(0xe005)
++#define LOGS2HTML_FEBRIARY		get_language(0xe006)
++#define LOGS2HTML_MARCH			get_language(0xe007)
++#define LOGS2HTML_APRIL			get_language(0xe008)
++#define LOGS2HTML_MAY			get_language(0xe009)
++#define LOGS2HTML_JUNE			get_language(0xe010)
++#define LOGS2HTML_JULY			get_language(0xe011)
++#define LOGS2HTML_AUGUST		get_language(0xe012)
++#define LOGS2HTML_SEPTEMBER		get_language(0xe013)
++#define LOGS2HTML_OCTOBER		get_language(0xe014)
++#define LOGS2HTML_NOVEMBER		get_language(0xe015)
++#define LOGS2HTML_DECEMBER		get_language(0xe016)
++
++#define LOGS2HTML_SUNDAY		get_language(0xe017)
++#define LOGS2HTML_MONDAY		get_language(0xe018)
++#define LOGS2HTML_TUESDAY		get_language(0xe019)
++#define LOGS2HTML_WEDNESDAY		get_language(0xe020)
++#define LOGS2HTML_THURSDAY		get_language(0xe021)
++#define LOGS2HTML_FRIDAY		get_language(0xe022)
++#define LOGS2HTML_SATURDAY		get_language(0xe023)
++
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/logs2html.c eggdrop1.6.19/src/mod/logs2html.mod/logs2html.c
+--- src/mod/logs2html.mod/logs2html.c	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/logs2html.c	2009-03-28 01:32:53.000000000 +0000
+@@ -0,0 +1,1572 @@
++/*
++ * logs2html.c -- part of logs2html.mod
++ *
++ * Written by Fedotov Alexander aka Gray_Angel aka Shmupsik <shurikvz@mail.ru>
++ *
++ * 2004-2005 year
++ */
++/*
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++
++#define MODULE_NAME "logs2html"
++#define MAKING_LOGS2HTML
++#include "src/mod/module.h"
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <string.h>
++#include <time.h>
++#include <ctype.h>
++#include <sys/types.h> 
++#include <math.h> 
++#include "logs2html.h"
++#include "language.h"
++	
++#undef global
++
++#define MODULE_MAJOR 2
++#define MODULE_MINOR 3
++#define MODULE_SUBMINOR 4
++
++static Function *global = NULL;
++
++#include "fileoperations.c"
++
++
++static int shtime;
++static int keep_all_logs;
++static char logfile_suffix[21];
++static char configfile[121];
++static int lines_per_page;
++
++static int days_in_month[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
++
++static int month_cols_count = 3;
++static int month_rows_count = 4;
++
++static char mainpage_top_filename[257]		= "\0";
++static char mainpage_bottom_filename[257]	= "\0";
++static char logspage_top_filename[257]		= "\0";
++static char logspage_bottom_filename[257]	= "\0";
++static char chanlist_filename[257]		= "\0";
++static char userstyle_filename[257]		= "\0";
++static char encoding_string[31]			= "\0";
++
++static logs2htmlchan *logs2htmlchanlist = NULL;
++
++/* for language file */
++static char month_names[12][21];
++static char days_names[7][21];
++
++static void logs2html_hook_5minutely(void);
++static void logs2html_hook_daily(void);
++static void logs2html_hook_pre_rehash(void);
++static void logs2html_hook_rehash(void);
++
++
++/* Calculate the memory we keep allocated.
++ */
++static int logs2html_expmem()
++{
++	logs2htmlchan *p;
++	int size = 0;
++
++	Context;
++	p = logs2htmlchanlist;
++	while (p != NULL) {
++		size++;
++		p = p->next;
++	}
++
++	size *= sizeof(struct logs2html_data);
++
++	return size;
++}
++
++
++/****************************************************************************/
++/*
++ * function int convertalllogs(struct userrec *u, int idx, char *par)
++ *
++ * Input:
++ *   
++ *   
++ *
++ * Output:
++ *   
++ *
++ * Discription:
++ *   
++ */
++static int cmd_convertalllogs(struct userrec *u, int idx, char *par) {
++	int add_day;
++	logs2htmlchan *p;
++	int i, j, k;
++	struct tm tblock;
++	time_t t = time(NULL);
++	struct tm *st = localtime(&t);
++
++	tblock.tm_year	= st->tm_year;
++	tblock.tm_isdst	= st->tm_isdst;
++	tblock.tm_hour	= 0;
++	tblock.tm_min	= 0;
++	tblock.tm_sec	= 1;
++	/* Other fields not necessary here
++	tblock.tm_mday	= st->tm_mday;
++	tblock.tm_mon	= st->tm_mon;
++	tblock.tm_wday	= st->tm_wday;
++	tblock.tm_yday	= st->tm_yday;
++	*/
++
++	putlog(LOG_CMDS, "*", "#%s# start converting all log files.", dcc[idx].nick);
++	for (i = 0; i < 12; i++) {
++		add_day = ((i == 1) && isleap(tblock.tm_year)) ? 1 : 0;
++		for (j = 0; j < ((days_in_month[i]) + add_day); j++) {
++			tblock.tm_mon = i; tblock.tm_mday = j + 1;
++
++			tblock.tm_wday = (getdayofweek(tblock.tm_year + 1900, tblock.tm_mon + 1, tblock.tm_mday) + 1) % 7;
++			tblock.tm_yday = 0;
++			for (k = 0; k < tblock.tm_mon; k++) tblock.tm_yday += days_in_month[k];
++			tblock.tm_yday += tblock.tm_mday - 1;
++
++			p = logs2htmlchanlist;
++			while (p != NULL) {
++				convertfile(&tblock, p);
++				p = p->next;
++			}
++		}
++	}
++	putlog(LOG_CMDS, "*", "#%s# converting of all log files done.", dcc[idx].nick);
++
++	return 0;
++} /* convertalllogs() */
++/****************************************************************************/
++
++
++/****************************************************************************/
++/*
++ * function int cmd_makemainpage(struct userrec *u, int idx, char *par)
++ *
++ * Input:
++ *   
++ *   
++ *
++ * Output:
++ *   
++ *
++ * Discription:
++ *   
++ */
++static int cmd_makemainpage(struct userrec *u, int idx, char *par) {
++	logs2htmlchan *p;
++
++	putlog(LOG_CMDS, "*", "#%s# starting making mainpages.", dcc[idx].nick);
++	p = logs2htmlchanlist;
++	while (p != NULL) {
++		dprintf(idx, "Making mainpage for channel '%s'...\n", p->channame);
++		makemainpage(p);
++		p = p->next;
++	}
++	putlog(LOG_CMDS, "*", "#%s# making of mainpages done.", dcc[idx].nick);
++
++	return 0;
++} /* convertalllogs() */
++/****************************************************************************/
++
++ 
++/****************************************************************************/
++/*
++ * function bool isvalidlink(char *link)
++ *
++ * Input:
++ *   link - ñòðîêà óêàçûâàþùàÿ íà ññûëêó
++ *   
++ *
++ * Output:
++ *   
++ *
++ * Discription:
++ *   Ôóíêöèÿ ïðîâåðÿåò ÿâëÿþòñÿ ëè ïåðåäàííûå â ñòðîêå ñèìâîëû - ñèìâîëàìè
++ *   äîïóñòèìûìè â ññûëêàõ
++ */
++static patternkind whatisit(char *pattern) {
++	char alpha_common[]	= "qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM0123456789._-";
++	char alpha_http[]	= "=?&/:%";
++	char *p;
++
++	if (strstr(pattern, "..") != NULL) {
++		return ITS_NOTHING;
++	}
++
++	p = strchr(pattern, '@');
++	if (p) {
++		/* it's can't be www link */
++
++		/* well, i can't imagine e-mail shorter than i@m.ru */
++		/* let's check it */
++		*p = '\0';
++		if (strlen(pattern) < 1) {
++			*p = '@';
++			return ITS_NOTHING;
++		}
++		while (*pattern) {
++			if (strchr(alpha_common, *pattern) == NULL) {
++				*p = '@';
++				return ITS_NOTHING;
++			}
++			pattern++;
++		}
++		*p = '@';
++		p++;
++		if (strlen(p) < 4) {
++			return ITS_NOTHING;
++		}
++		while (*p) {
++			if (strchr(alpha_common, *p) == NULL) return ITS_NOTHING;
++			p++;
++		}
++
++		return ITS_EMAIL;
++	} else {
++		if ((strncmp(pattern, "http://", 7) != 0) && (strncmp(pattern, "ftp://", 6) != 0)) {
++			if (strncmp(pattern, "www.", 4) != 0) {
++				return ITS_NOTHING;
++			} else {
++				while (*pattern) {
++					if ((strchr(alpha_common, *pattern) == NULL) && (strchr(alpha_http, *pattern) == NULL)) return ITS_NOTHING;
++					pattern++;
++				}
++
++				return ITS_TRUNKLINK;
++			}
++		}
++
++		while (*pattern) {
++			if ((strchr(alpha_common, *pattern) == NULL) && (strchr(alpha_http, *pattern) == NULL)) return ITS_NOTHING;
++			pattern++;
++		}
++
++		return ITS_LINK;
++	}
++
++	return ITS_NOTHING;
++} /* whatisit() */
++/****************************************************************************/
++
++
++/* A report on the module status.
++ *
++ * details is either 0 or 1:
++ *    0 - `.status'
++ *    1 - `.status all'  or  `.module woobie'
++ */
++static void logs2html_report(int idx, int details)
++{
++  if (details) {
++    int size = logs2html_expmem();
++
++    dprintf(idx, "    Using %d byte%s of memory\n", size,
++            (size != 1) ? "s" : "");
++  }
++}
++
++static cmd_t mydcc[] = {
++  {"convertalllogs",	"n",	cmd_convertalllogs,	NULL},
++  {"makemainpage",	"n",	cmd_makemainpage,	NULL},
++  {NULL,		NULL,	NULL,			NULL}	/* Mark end. */
++};
++
++static tcl_strings my_tcl_strings[] = {
++  {"logfile-suffix",		logfile_suffix,			20,	STR_PROTECT},
++  {"config",			configfile,			121,	STR_PROTECT},
++  {"mainpage-top",		mainpage_top_filename,		256,	0},
++  {"mainpage-bottom",		mainpage_bottom_filename,	256,	0},
++  {"logspage-top",		logspage_top_filename,		256,	0},
++  {"logspage-bottom",		logspage_bottom_filename,	256,	0},
++  {"channels-list",		chanlist_filename,		256,	0},
++  {"user-style",		userstyle_filename,		256,	0},
++  {"insert-encoding-str",	encoding_string,		30,	0},  	  
++  {NULL,			NULL,				0,	0}	/* Mark end. */
++};
++
++static tcl_ints my_tcl_ints[] = {
++  {"col-count",		&month_cols_count,	0},
++  {"lines-per-page",	&lines_per_page,	0},
++  {"log-time",		&shtime,		1},
++  {"keep-all-logs",	&keep_all_logs,		1},
++  {NULL,		NULL,			0}	/* Mark end. */
++};
++
++static char *logs2html_close()
++{
++	logs2htmlchan *p, *q;
++
++	Context;
++	q = p = logs2htmlchanlist;
++	while (q != NULL) {
++		q = p->next;
++		nfree(p);
++		p = q;
++	}
++	logs2htmlchanlist = p = q = NULL;
++
++	del_lang_section(MODULE_NAME);
++	rem_help_reference(MODULE_NAME ".help");
++
++	del_hook(HOOK_DAILY, (Function)logs2html_hook_daily);
++	del_hook(HOOK_5MINUTELY, (Function)logs2html_hook_5minutely);
++	del_hook(HOOK_PRE_REHASH, (Function)logs2html_hook_pre_rehash);
++	del_hook(HOOK_REHASH, (Function)logs2html_hook_rehash);
++
++	rem_builtins(H_dcc, mydcc);
++	rem_tcl_ints(my_tcl_ints);
++	rem_tcl_strings(my_tcl_strings);
++
++	module_undepend(MODULE_NAME);
++	return NULL;
++}
++
++EXPORT_SCOPE char *logs2html_start();
++
++static Function logs2html_table[] = {
++  (Function) logs2html_start,
++  (Function) logs2html_close,
++  (Function) logs2html_expmem,
++  (Function) logs2html_report,
++};
++
++char *logs2html_start(Function *global_funcs)
++{
++	logs2htmlchan *ptr;
++
++	global = global_funcs;
++
++	Context;
++	/* Register the module. */
++	module_register(MODULE_NAME, logs2html_table, MODULE_MAJOR, MODULE_MINOR);
++
++	if (!module_depend(MODULE_NAME, "eggdrop", 106, 15)) {
++		module_undepend(MODULE_NAME);
++		return "This module requires Eggdrop 1.6.15 or later.";
++	}
++
++	add_tcl_ints(my_tcl_ints);
++
++	if (!keep_all_logs) {
++		rem_tcl_ints(my_tcl_ints);
++		module_undepend(MODULE_NAME);
++		return "This module requires \"keep-all-logs\" set to \"1\". Please check settings in your config file.";
++	}
++	logs2htmlchanlist = NULL; if (lines_per_page < 0) lines_per_page = 0;
++
++	add_tcl_strings(my_tcl_strings);
++
++	if (addchannels()) {
++		ptr = logs2htmlchanlist;
++		while (ptr != NULL) {
++			putlog(LOG_CMDS, "*", "logs2html: added channel %s, with path to logfiles \"%s\"...\n", ptr->channame, ptr->logfilename);
++			ptr = ptr->next;
++		}
++	} else {
++		rem_tcl_strings(my_tcl_strings);
++		rem_tcl_ints(my_tcl_ints);
++		module_undepend(MODULE_NAME);
++		return "No channels added. Please check settings in your eggdrop config file to be sure there is logfiles with mode set to \"p\".";
++	}
++
++	add_builtins(H_dcc, mydcc);
++	
++	add_hook(HOOK_5MINUTELY, (Function)logs2html_hook_5minutely);	//Äëÿ îáíîâëåíèÿ ëîãà çà òåêóùèé äåíü
++	add_hook(HOOK_DAILY, (Function)logs2html_hook_daily);			//Ïîñëåäíèå 5 ìèíóò çà ïðîøëûé äåíü
++	add_hook(HOOK_PRE_REHASH, (Function)logs2html_hook_pre_rehash);
++	add_hook(HOOK_REHASH, (Function)logs2html_hook_rehash);
++
++	add_lang_section(MODULE_NAME);	
++	add_help_reference(MODULE_NAME ".help");
++	
++	month_names[0][0] = month_names[1][0] = month_names[2][0] = month_names[3][0] =
++	month_names[4][0] = month_names[5][0] =	month_names[6][0] = month_names[7][0] =
++	month_names[8][0] = month_names[9][0] = month_names[10][0] = month_names[11][0] = 
++	days_names[0][0] = days_names[1][0] = days_names[2][0] = days_names[3][0] =
++	days_names[4][0] = days_names[5][0] = days_names[6][0] = '\0';
++
++	strncpyz(month_names[0], LOGS2HTML_JANUARY,	sizeof month_names[0]);
++	strncpyz(month_names[1], LOGS2HTML_FEBRIARY,	sizeof month_names[1]);
++	strncpyz(month_names[2], LOGS2HTML_MARCH,	sizeof month_names[2]);
++	strncpyz(month_names[3], LOGS2HTML_APRIL,	sizeof month_names[3]);
++	strncpyz(month_names[4], LOGS2HTML_MAY,		sizeof month_names[4]);
++	strncpyz(month_names[5], LOGS2HTML_JUNE,	sizeof month_names[5]);
++	strncpyz(month_names[6], LOGS2HTML_JULY,	sizeof month_names[6]);
++	strncpyz(month_names[7], LOGS2HTML_AUGUST,	sizeof month_names[7]);
++	strncpyz(month_names[8], LOGS2HTML_SEPTEMBER,	sizeof month_names[8]);
++	strncpyz(month_names[9], LOGS2HTML_OCTOBER,	sizeof month_names[9]);
++	strncpyz(month_names[10], LOGS2HTML_NOVEMBER,	sizeof month_names[10]);
++	strncpyz(month_names[11], LOGS2HTML_DECEMBER,	sizeof month_names[11]);
++	strncpyz(days_names[0],	LOGS2HTML_MONDAY,	sizeof days_names[0]); 
++	strncpyz(days_names[1],	LOGS2HTML_TUESDAY,	sizeof days_names[1]);
++	strncpyz(days_names[2],	LOGS2HTML_WEDNESDAY,	sizeof days_names[2]);
++	strncpyz(days_names[3],	LOGS2HTML_THURSDAY,	sizeof days_names[3]);
++	strncpyz(days_names[4],	LOGS2HTML_FRIDAY,	sizeof days_names[4]);
++	strncpyz(days_names[5],	LOGS2HTML_SATURDAY,	sizeof days_names[5]);
++	strncpyz(days_names[6],	LOGS2HTML_SUNDAY,	sizeof days_names[6]);
++
++	return NULL;
++}
++
++/*
++ * Code starts here
++ */
++
++/*
++ * getdayofweek()
++ * Input:
++ *  year	- ãîä
++ *  month	- ìåñÿö
++ *  day		- äåíü
++ *
++ * Output:
++ *  0 - Ïîíåäåëüíèê, 1 - Âòîðíèê, 2 - Ñðåäà è.ò.ä.
++ *
++ * Description:
++ *  Ôóíêöèÿ âû÷èñëÿåò íà êàêîé äåíü íåäåëè ïðèõîäèòñÿ ïåðåäàííàÿ äàòà
++ */
++static int getdayofweek(int year, int month, int day)
++{
++	long int d1, d2, d3;
++
++	long int tdays = year * 12 + month - 3;
++	month = tdays % 12;
++	year = (tdays - month) / 12;
++
++	d1 = ((146097 * (year - (year % 100)) / 100) - ((146097 * (year - (year % 100)) / 100) % 4)) / 4;
++	d2 = ((1461 * (year % 100)) - ((1461 * (year % 100)) % 4)) / 4;
++	d3 = ((153 * month + 2) - ((153 * month + 2) % 5)) / 5 + day + 1721119;
++
++	return (d1 + d2 + d3) % 7;
++} /* getdayofweek() */
++/****************************************************************************/
++
++
++/****************************************************************************/
++/*
++ * function static int addchannels() {
++ *
++ * Input:
++ *   
++ *   
++ *   
++ *
++ * Output:
++ *   
++ *
++ * Discription:
++ *   
++ *   
++ */
++static int addchannels() {
++	char buffer[512];
++	char *buf_ptr, *p;
++	logs2htmlchan *newchan, *ptr;
++	FILE *src_file;
++	int field_num;
++	int filelineread;
++	int channels_count = 0;
++
++
++	Context;
++	filelineread = 0;
++	if ((src_file = openfile(chanlist_filename, "r", true)) == NULL) return 0;
++	while (!feof(src_file)) {
++		buf_ptr = fgets(buffer, sizeof(buffer)-1, src_file);
++		if (buf_ptr == NULL) break;
++		filelineread++;
++
++		p = strrchr(buf_ptr, '\n');
++		if (p) *p = '\0';
++		p = strrchr(buf_ptr, '\r');
++		if (p) *p = '\0';
++		if (strlen(buf_ptr) == 0) continue;
++		while (isspace(*buf_ptr)) buf_ptr++;
++/*		while (egg_isspace(*buf_ptr)) buf_ptr++; */
++		if (strncmp(buf_ptr, "addlogs2htmlchan", 16) == 0) p = buf_ptr += 16; else continue;
++		while (*p++) if (isspace(*p)) *p = ' ';
++/*		while (*p++) if (egg_isspace(*p)) *p = ' '; */
++		if (!isspace(*buf_ptr)) continue;
++/*		if (!egg_isspace(*buf_ptr)) continue; */
++		/*
++		At that point we have string of params of command "addlogs2htmlchan"
++		pointed by buf_ptr, with leading ' ';
++		*/
++
++		newchan = (logs2htmlchan *)nmalloc(sizeof(logs2htmlchan) * 1);
++		if (newchan == NULL) {
++			nfree(newchan); newchan = NULL;
++			fclose(src_file);
++			putlog(LOG_MISC, "*", "Can't allocate enough space to add new channel!");
++			break;
++		}
++
++		newchan->next			= NULL;
++		newchan->logfilename[0]		= '\0';
++		newchan->channame[0]		= '\0';
++		newchan->outputpath[0]		= '\0';
++		newchan->mainpagename[0]	= '\0';
++		newchan->mainpagetitle[0]	= '\0';
++		newchan->logspagename[0]	= '\0';
++		newchan->logspagetitle[0]	= '\0';
++
++		field_num = 0;
++		while (*buf_ptr) {
++			while ((*buf_ptr) && (*buf_ptr == ' ')) buf_ptr++;
++			p = ++buf_ptr;
++			while ((*p) && (*p != '"')) p++;
++			*p = '\0';
++			switch (field_num) {
++				case 0: /* newchan->channame */
++					strncpyz(newchan->channame, buf_ptr, sizeof newchan->channame);
++					field_num = 1;
++					break;
++				case 1: /* newchan->outputpath */
++					strncpyz(newchan->outputpath, buf_ptr, sizeof newchan->outputpath);
++					field_num = 2;
++					break;
++				case 2: /* newchan->mainpagename */
++					strncpyz(newchan->mainpagename, buf_ptr, sizeof newchan->mainpagename);
++					field_num = 3;
++					break;
++				case 3: /* newchan->mainpagetitle */
++					strncpyz(newchan->mainpagetitle, buf_ptr, sizeof newchan->mainpagetitle);
++					field_num = 4;
++					break;
++				case 4: /* newchan->logspagename */
++					strncpyz(newchan->logspagename, buf_ptr, sizeof newchan->logspagename);
++					field_num = 5;
++					break;
++				case 5: /* newchan->logspagetitle */
++					strncpyz(newchan->logspagetitle, buf_ptr, sizeof newchan->logspagetitle);
++					field_num = 6;
++					break;
++			}
++			buf_ptr = ++p;
++		}
++
++
++		if (field_num != 6)	{
++			nfree(newchan); newchan = NULL;
++			putlog(LOG_MISC, "*", "Error in file %s. String %d. Invalid expression \"addlogs2htmlchan\".", chanlist_filename, filelineread);
++			continue;
++		}
++
++		ptr = logs2htmlchanlist;
++		if (ptr == NULL) {
++			logs2htmlchanlist = newchan;
++		} else {
++			while (ptr->next != NULL) {
++				ptr = ptr->next;
++			}
++			ptr->next = newchan;
++		}
++		newchan = NULL;
++
++	}
++	fclose(src_file);
++
++	if ((src_file = openfile(configfile, "r", true)) == NULL) return 0;
++	while (!feof(src_file)) {
++		buf_ptr = fgets(buffer, sizeof(buffer)-1, src_file);
++		if (buf_ptr == NULL) break;
++
++		p = strrchr(buf_ptr, '\n');
++		if (p) *p = '\0';
++		p = strrchr(buf_ptr, '\r');
++		if (p) *p = '\0';
++		if (strlen(buf_ptr) == 0) continue;
++		while (isspace(*buf_ptr)) buf_ptr++;
++/*		while (egg_isspace(*buf_ptr)) buf_ptr++; */
++		if (strncmp(buf_ptr, "logfile", 7) == 0) p = buf_ptr += 7; else continue;
++		while (*p++) if (isspace(*p)) *p = ' ';
++/*		while (*p++) if (egg_isspace(*p)) *p = ' '; */
++		if (!isspace(*buf_ptr)) continue;
++/*		if (!egg_isspace(*buf_ptr)) continue; */
++		/*
++		At that point we have string of params of command "logfile"
++		pointed by buf_ptr, with leading ' ';
++		*/
++
++		p = newsplit(&buf_ptr);
++		if (logmodes(p) & LOG_PUBLIC) {
++			p = newsplit(&buf_ptr);
++			/*
++			At that point we have channel of command "logfile" pointed by p,
++			and the rest of the string (path to file), pointed by buf_ptr and enclosed with "
++			*/
++			buf_ptr++; buf_ptr[strlen(buf_ptr)-1] = '\0';
++
++			ptr = logs2htmlchanlist;
++			while (ptr != NULL) {
++				if ((*p == '*') || (!rfc_casecmp(ptr->channame, p))) {
++					egg_snprintf(ptr->logfilename, sizeof ptr->logfilename, "%s", buf_ptr);
++				}
++				ptr = ptr->next;
++			}
++		}
++
++	
++	}
++	fclose(src_file);
++
++
++	while (logs2htmlchanlist != NULL) {
++		if (strlen(logs2htmlchanlist->logfilename) == 0) {
++			ptr = logs2htmlchanlist;
++			logs2htmlchanlist = logs2htmlchanlist->next;
++			nfree(ptr);
++		} else {
++			ptr = logs2htmlchanlist;
++			while (ptr->next != NULL) {
++				if (strlen(ptr->next->logfilename) == 0) {
++					newchan = ptr->next;
++					ptr->next = ptr->next->next;
++					nfree(newchan);
++				} else {
++					ptr = ptr->next;
++				}
++			}
++			break;
++		}
++	}
++
++	ptr = logs2htmlchanlist;
++	while (ptr != NULL) {
++		channels_count++;
++		ptr = ptr->next;
++	}
++
++	ptr = newchan = NULL;
++
++	return channels_count;
++} /* addchannels() */
++/****************************************************************************/
++
++
++/****************************************************************************/
++/*
++ * function int convertfile(int year, int month, int day, bool convertifexists)
++ *
++ * Input:
++ *   
++ *   
++ *
++ * Output:
++ *   
++ *
++ * Discription:
++ *   ïåðåâîäèò ôàéëû èç òåêñòîâîãî âèäà â ôîðìàò HTML
++ */
++static void convertfile(struct tm *t, logs2htmlchan *ch) {
++	char *buf_ptr, *p, *q, *r;
++	char buffer[LOGLINELEN], data[LOGLINELEN], ct[81], stamp[33];
++	char f_color[3], bg_color[3], text_style[6];
++	int mc_openteg_count = 0, pages_count = 0;
++	int i, j, k, lines_count, tsl;
++	char src_filename[257], dst_filename[257];
++	FILE *src_file, *dst_file;
++	bool bold_isopen, underline_isopen;
++	bool noneedtoclose, skipemail, linkfound;
++	char openspace[3]	= " ( ";
++	char closespace[3]	= " ),";
++	char *cuted_string = NULL;
++	int cuted_string_len, old_cuted_string_len, delta_cuted_string_len;
++	int r_offset, q_offset;
++	int *original_idx = NULL;
++	
++	Context;
++	/* Let first write our default CSS file */
++	egg_snprintf(dst_filename, sizeof dst_filename, "%s%sdefault.css", ch->outputpath, SEP);
++	if ((dst_file = openfile(dst_filename, "wb", false)) != NULL) {
++		str_write(dst_file, "BODY {\n");
++		str_write(dst_file, "font-family: serif;\n");
++		str_write(dst_file, "font-style: normal\n");
++		str_write(dst_file, "font-variant: normal;\n");
++		str_write(dst_file, "font-weight: normal;\n");
++		str_write(dst_file, "font-stretch: normal;\n");
++		str_write(dst_file, "font-size: 12pt;\n");
++		str_write(dst_file, "text-align: left;\n");
++		str_write(dst_file, "color: rgb(0,0,0);\n");
++		str_write(dst_file, "background-color: transparent;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "BODY.mainpage {\n");
++		str_write(dst_file, "background-color: whitesmoke;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "BODY.logspage {\n");
++		str_write(dst_file, "background-color: lightyellow;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "TD {\n");
++		str_write(dst_file, "width: %d%%;\n", (int)floor(100.0/((double)month_cols_count * 8)));
++		str_write(dst_file, "background-color: lavender;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "TD.space {\n");
++		str_write(dst_file, "width: auto;\n");
++		str_write(dst_file, "background-color: whitesmoke;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "TD.dayname {\n");
++		str_write(dst_file, "width: auto;\n");
++		str_write(dst_file, "font-weight: bold;\n");
++		str_write(dst_file, "text-align: right;\n");
++		str_write(dst_file, "background-color: lightskyblue;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "TD.weekend {\n");
++		str_write(dst_file, "width: auto;\n");
++		str_write(dst_file, "font-weight: bold;\n");
++		str_write(dst_file, "text-align: right;\n");
++		str_write(dst_file, "color: red;\n");
++		str_write(dst_file, "background-color: lightskyblue;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "TH {\n");
++		str_write(dst_file, "font-weight: bold;\n");
++		str_write(dst_file, "text-align: center;\n");
++		str_write(dst_file, "background-color: lavender;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "SPAN.time {\n");
++		str_write(dst_file, "color: silver;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "SPAN.nick {\n");
++		str_write(dst_file, "color: mediumblue;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "SPAN.else {\n");
++		str_write(dst_file, "color: green;\n");
++		str_write(dst_file, "font-style: italic;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "SPAN.action {\n");
++		str_write(dst_file, "color: violet;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "#footer {\n");
++		str_write(dst_file, "	font-size: 10px;\n");
++		str_write(dst_file, "	text-align: center;\n");
++		str_write(dst_file, "	border-top-width: 1px;\n");
++		str_write(dst_file, "	border-top-style: solid;\n");
++		str_write(dst_file, "	border-color: #CCCCCC;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "h1 {\n");
++		str_write(dst_file, "	text-align: center;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "#calendar {\n");
++		str_write(dst_file, "	margin-right: auto;\n");
++		str_write(dst_file, "	margin-left: auto;\n");
++		str_write(dst_file, "	width: 90%;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "#navtop {\n");
++		str_write(dst_file, "	text-align: center;\n");
++		str_write(dst_file, "	margin-top: 10px;\n");
++		str_write(dst_file, "	margin-bottom: 10px;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "#navbottom {\n");
++		str_write(dst_file, "	text-align: center;\n");
++		str_write(dst_file, "	margin-top: 10px;\n");
++		str_write(dst_file, "	margin-bottom: 5px;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "#totop {\n");
++		str_write(dst_file, "	text-align: center;\n");
++		str_write(dst_file, "	margin-top: 5px;\n");
++		str_write(dst_file, "	margin-bottom: 10px;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "#log {\n");
++		str_write(dst_file, "	margin-top: 10px;\n");
++		str_write(dst_file, "	margin-bottom: 10px;\n");
++		str_write(dst_file, "	padding-top: 10px;\n");
++		str_write(dst_file, "	padding-bottom: 10px;\n");
++		str_write(dst_file, "	border-width: thin;\n");
++		str_write(dst_file, "	border-top-style: solid;\n");
++		str_write(dst_file, "	border-bottom-style: solid;\n");
++		str_write(dst_file, "	border-color: #CCCCCC;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, ".mainpage #title {\n");
++		str_write(dst_file, "	font-size: 36px;\n");
++		str_write(dst_file, "	text-align: center;\n");
++		str_write(dst_file, "	margin-bottom: 20px;\n");
++		str_write(dst_file, "	border-width: thin;\n");
++		str_write(dst_file, "	border-color: #CCCCCC;\n");
++		str_write(dst_file, "	border-bottom-style: solid;\n");
++		str_write(dst_file, "}\n");
++		str_write(dst_file, "SPAN.c0000, SPAN.c0100, SPAN.c0200, SPAN.c0300, SPAN.c0400, SPAN.c0500, SPAN.c0600, SPAN.c0700, SPAN.c0800, SPAN.c0900, SPAN.c1000, SPAN.c1100, SPAN.c1200, SPAN.c1300, SPAN.c1400, SPAN.c1500 {background-color: white;}\n");
++		str_write(dst_file, "SPAN.c0001, SPAN.c0101, SPAN.c0201, SPAN.c0301, SPAN.c0401, SPAN.c0501, SPAN.c0601, SPAN.c0701, SPAN.c0801, SPAN.c0901, SPAN.c1001, SPAN.c1101, SPAN.c1201, SPAN.c1301, SPAN.c1401, SPAN.c1501 {background-color: black;}\n");
++		str_write(dst_file, "SPAN.c0002, SPAN.c0102, SPAN.c0202, SPAN.c0302, SPAN.c0402, SPAN.c0502, SPAN.c0602, SPAN.c0702, SPAN.c0802, SPAN.c0902, SPAN.c1002, SPAN.c1102, SPAN.c1202, SPAN.c1302, SPAN.c1402, SPAN.c1502 {background-color: navy;}\n");
++		str_write(dst_file, "SPAN.c0003, SPAN.c0103, SPAN.c0203, SPAN.c0303, SPAN.c0403, SPAN.c0503, SPAN.c0603, SPAN.c0703, SPAN.c0803, SPAN.c0903, SPAN.c1003, SPAN.c1103, SPAN.c1203, SPAN.c1303, SPAN.c1403, SPAN.c1503 {background-color: green;}\n");
++		str_write(dst_file, "SPAN.c0004, SPAN.c0104, SPAN.c0204, SPAN.c0304, SPAN.c0404, SPAN.c0504, SPAN.c0604, SPAN.c0704, SPAN.c0804, SPAN.c0904, SPAN.c1004, SPAN.c1104, SPAN.c1204, SPAN.c1304, SPAN.c1404, SPAN.c1504 {background-color: red;}\n");
++		str_write(dst_file, "SPAN.c0005, SPAN.c0105, SPAN.c0205, SPAN.c0305, SPAN.c0405, SPAN.c0505, SPAN.c0605, SPAN.c0705, SPAN.c0805, SPAN.c0905, SPAN.c1005, SPAN.c1105, SPAN.c1205, SPAN.c1305, SPAN.c1405, SPAN.c1505 {background-color: maroon;}\n");
++		str_write(dst_file, "SPAN.c0006, SPAN.c0106, SPAN.c0206, SPAN.c0306, SPAN.c0406, SPAN.c0506, SPAN.c0606, SPAN.c0706, SPAN.c0806, SPAN.c0906, SPAN.c1006, SPAN.c1106, SPAN.c1206, SPAN.c1306, SPAN.c1406, SPAN.c1506 {background-color: purple;}\n");
++		str_write(dst_file, "SPAN.c0007, SPAN.c0107, SPAN.c0207, SPAN.c0307, SPAN.c0407, SPAN.c0507, SPAN.c0607, SPAN.c0707, SPAN.c0807, SPAN.c0907, SPAN.c1007, SPAN.c1107, SPAN.c1207, SPAN.c1307, SPAN.c1407, SPAN.c1507 {background-color: orange;}\n");
++		str_write(dst_file, "SPAN.c0008, SPAN.c0108, SPAN.c0208, SPAN.c0308, SPAN.c0408, SPAN.c0508, SPAN.c0608, SPAN.c0708, SPAN.c0808, SPAN.c0908, SPAN.c1008, SPAN.c1108, SPAN.c1208, SPAN.c1308, SPAN.c1408, SPAN.c1508 {background-color: yellow;}\n");
++		str_write(dst_file, "SPAN.c0009, SPAN.c0109, SPAN.c0209, SPAN.c0309, SPAN.c0409, SPAN.c0509, SPAN.c0609, SPAN.c0709, SPAN.c0809, SPAN.c0909, SPAN.c1009, SPAN.c1109, SPAN.c1209, SPAN.c1309, SPAN.c1409, SPAN.c1509 {background-color: lime;}\n");
++		str_write(dst_file, "SPAN.c0010, SPAN.c0110, SPAN.c0210, SPAN.c0310, SPAN.c0410, SPAN.c0510, SPAN.c0610, SPAN.c0710, SPAN.c0810, SPAN.c0910, SPAN.c1010, SPAN.c1110, SPAN.c1210, SPAN.c1310, SPAN.c1410, SPAN.c1510 {background-color: teal;}\n");
++		str_write(dst_file, "SPAN.c0011, SPAN.c0111, SPAN.c0211, SPAN.c0311, SPAN.c0411, SPAN.c0511, SPAN.c0611, SPAN.c0711, SPAN.c0811, SPAN.c0911, SPAN.c1011, SPAN.c1111, SPAN.c1211, SPAN.c1311, SPAN.c1411, SPAN.c1511 {background-color: cyan;}\n");
++		str_write(dst_file, "SPAN.c0012, SPAN.c0112, SPAN.c0212, SPAN.c0312, SPAN.c0412, SPAN.c0512, SPAN.c0612, SPAN.c0712, SPAN.c0812, SPAN.c0912, SPAN.c1012, SPAN.c1112, SPAN.c1212, SPAN.c1312, SPAN.c1412, SPAN.c1512 {background-color: blue;}\n");
++		str_write(dst_file, "SPAN.c0013, SPAN.c0113, SPAN.c0213, SPAN.c0313, SPAN.c0413, SPAN.c0513, SPAN.c0613, SPAN.c0713, SPAN.c0813, SPAN.c0913, SPAN.c1013, SPAN.c1113, SPAN.c1213, SPAN.c1313, SPAN.c1413, SPAN.c1513 {background-color: magenta;}\n");
++		str_write(dst_file, "SPAN.c0014, SPAN.c0114, SPAN.c0214, SPAN.c0314, SPAN.c0414, SPAN.c0514, SPAN.c0614, SPAN.c0714, SPAN.c0814, SPAN.c0914, SPAN.c1014, SPAN.c1114, SPAN.c1214, SPAN.c1314, SPAN.c1414, SPAN.c1514 {background-color: silver;}\n");
++		str_write(dst_file, "SPAN.c0015, SPAN.c0115, SPAN.c0215, SPAN.c0315, SPAN.c0415, SPAN.c0515, SPAN.c0615, SPAN.c0715, SPAN.c0815, SPAN.c0915, SPAN.c1015, SPAN.c1114, SPAN.c1215, SPAN.c1315, SPAN.c1415, SPAN.c1515 {background-color: gray;}\n");
++		str_write(dst_file, "SPAN.c0000, SPAN.c0001, SPAN.c0002, SPAN.c0003, SPAN.c0004, SPAN.c0005, SPAN.c0006, SPAN.c0007, SPAN.c0008, SPAN.c0009, SPAN.c0010, SPAN.c0011, SPAN.c0012, SPAN.c0013, SPAN.c0014, SPAN.c0015 {color: white;}\n");
++		str_write(dst_file, "SPAN.c0100, SPAN.c0101, SPAN.c0102, SPAN.c0103, SPAN.c0104, SPAN.c0105, SPAN.c0106, SPAN.c0107, SPAN.c0108, SPAN.c0109, SPAN.c0110, SPAN.c0111, SPAN.c0112, SPAN.c0113, SPAN.c0114, SPAN.c0115 {color: black;}\n");
++		str_write(dst_file, "SPAN.c0200, SPAN.c0201, SPAN.c0202, SPAN.c0203, SPAN.c0204, SPAN.c0205, SPAN.c0206, SPAN.c0207, SPAN.c0208, SPAN.c0209, SPAN.c0210, SPAN.c0211, SPAN.c0212, SPAN.c0213, SPAN.c0214, SPAN.c0215 {color: navy;}\n");
++		str_write(dst_file, "SPAN.c0300, SPAN.c0301, SPAN.c0302, SPAN.c0303, SPAN.c0304, SPAN.c0305, SPAN.c0306, SPAN.c0307, SPAN.c0308, SPAN.c0309, SPAN.c0310, SPAN.c0311, SPAN.c0312, SPAN.c0313, SPAN.c0314, SPAN.c0315 {color: green;}\n");
++		str_write(dst_file, "SPAN.c0400, SPAN.c0401, SPAN.c0402, SPAN.c0403, SPAN.c0404, SPAN.c0405, SPAN.c0406, SPAN.c0407, SPAN.c0408, SPAN.c0409, SPAN.c0410, SPAN.c0411, SPAN.c0412, SPAN.c0413, SPAN.c0414, SPAN.c0415 {color: red;}\n");
++		str_write(dst_file, "SPAN.c0500, SPAN.c0501, SPAN.c0502, SPAN.c0503, SPAN.c0504, SPAN.c0505, SPAN.c0506, SPAN.c0507, SPAN.c0508, SPAN.c0509, SPAN.c0510, SPAN.c0511, SPAN.c0512, SPAN.c0513, SPAN.c0514, SPAN.c0515 {color: maroon;}\n");
++		str_write(dst_file, "SPAN.c0600, SPAN.c0601, SPAN.c0602, SPAN.c0603, SPAN.c0604, SPAN.c0605, SPAN.c0606, SPAN.c0607, SPAN.c0608, SPAN.c0609, SPAN.c0610, SPAN.c0611, SPAN.c0612, SPAN.c0613, SPAN.c0614, SPAN.c0615 {color: purple;}\n");
++		str_write(dst_file, "SPAN.c0700, SPAN.c0701, SPAN.c0702, SPAN.c0703, SPAN.c0704, SPAN.c0705, SPAN.c0706, SPAN.c0707, SPAN.c0708, SPAN.c0709, SPAN.c0710, SPAN.c0711, SPAN.c0712, SPAN.c0713, SPAN.c0714, SPAN.c0715 {color: orange;}\n");
++		str_write(dst_file, "SPAN.c0800, SPAN.c0801, SPAN.c0802, SPAN.c0803, SPAN.c0804, SPAN.c0805, SPAN.c0806, SPAN.c0807, SPAN.c0808, SPAN.c0809, SPAN.c0810, SPAN.c0811, SPAN.c0812, SPAN.c0813, SPAN.c0814, SPAN.c0815 {color: yellow;}\n");
++		str_write(dst_file, "SPAN.c0900, SPAN.c0901, SPAN.c0902, SPAN.c0903, SPAN.c0904, SPAN.c0905, SPAN.c0906, SPAN.c0907, SPAN.c0908, SPAN.c0909, SPAN.c0910, SPAN.c0911, SPAN.c0912, SPAN.c0913, SPAN.c0914, SPAN.c0915 {color: lime;}\n");
++		str_write(dst_file, "SPAN.c1000, SPAN.c1001, SPAN.c1002, SPAN.c1003, SPAN.c1004, SPAN.c1005, SPAN.c1006, SPAN.c1007, SPAN.c1008, SPAN.c1009, SPAN.c1010, SPAN.c1011, SPAN.c1012, SPAN.c1013, SPAN.c1014, SPAN.c1015 {color: teal;}\n");
++		str_write(dst_file, "SPAN.c1100, SPAN.c1101, SPAN.c1102, SPAN.c1103, SPAN.c1104, SPAN.c1105, SPAN.c1106, SPAN.c1107, SPAN.c1108, SPAN.c1109, SPAN.c1110, SPAN.c1111, SPAN.c1112, SPAN.c1113, SPAN.c1114, SPAN.c1115 {color: cyan;}\n");
++		str_write(dst_file, "SPAN.c1200, SPAN.c1201, SPAN.c1202, SPAN.c1203, SPAN.c1204, SPAN.c1205, SPAN.c1206, SPAN.c1207, SPAN.c1208, SPAN.c1209, SPAN.c1210, SPAN.c1211, SPAN.c1212, SPAN.c1213, SPAN.c1214, SPAN.c1215 {color: blue;}\n");
++		str_write(dst_file, "SPAN.c1300, SPAN.c1301, SPAN.c1302, SPAN.c1303, SPAN.c1304, SPAN.c1305, SPAN.c1306, SPAN.c1307, SPAN.c1308, SPAN.c1309, SPAN.c1310, SPAN.c1311, SPAN.c1312, SPAN.c1313, SPAN.c1314, SPAN.c1315 {color: magenta;}\n");
++		str_write(dst_file, "SPAN.c1400, SPAN.c1401, SPAN.c1402, SPAN.c1403, SPAN.c1404, SPAN.c1405, SPAN.c1406, SPAN.c1407, SPAN.c1408, SPAN.c1409, SPAN.c1410, SPAN.c1411, SPAN.c1412, SPAN.c1413, SPAN.c1414, SPAN.c1415 {color: silver;}\n");
++		str_write(dst_file, "SPAN.c1500, SPAN.c1501, SPAN.c1502, SPAN.c1503, SPAN.c1504, SPAN.c1505, SPAN.c1506, SPAN.c1507, SPAN.c1508, SPAN.c1509, SPAN.c1510, SPAN.c1511, SPAN.c1512, SPAN.c1513, SPAN.c1514, SPAN.c1515 {color: gray;}\n");
++		str_write(dst_file, "SPAN.f00 {color: white;}\n");
++		str_write(dst_file, "SPAN.f01 {color: black;}\n");
++		str_write(dst_file, "SPAN.f02 {color: navy;}\n");
++		str_write(dst_file, "SPAN.f03 {color: green;}\n");
++		str_write(dst_file, "SPAN.f04 {color: red;}\n");
++		str_write(dst_file, "SPAN.f05 {color: maroon;}\n");
++		str_write(dst_file, "SPAN.f06 {color: purple;}\n");
++		str_write(dst_file, "SPAN.f07 {color: orange;}\n");
++		str_write(dst_file, "SPAN.f08 {color: yellow;}\n");
++		str_write(dst_file, "SPAN.f09 {color: lime;}\n");
++		str_write(dst_file, "SPAN.f10 {color: teal;}\n");
++		str_write(dst_file, "SPAN.f11 {color: cyan;}\n");
++		str_write(dst_file, "SPAN.f12 {color: blue;}\n");
++		str_write(dst_file, "SPAN.f13 {color: magenta;}\n");
++		str_write(dst_file, "SPAN.f14 {color: silver;}\n");
++		str_write(dst_file, "SPAN.f15 {color: gray;}\n");
++		str_write(dst_file, "SPAN.b00 {background-color: white;}\n");
++		str_write(dst_file, "SPAN.b01 {background-color: black;}\n");
++		str_write(dst_file, "SPAN.b02 {background-color: navy;}\n");
++		str_write(dst_file, "SPAN.b03 {background-color: green;}\n");
++		str_write(dst_file, "SPAN.b04 {background-color: red;}\n");
++		str_write(dst_file, "SPAN.b05 {background-color: maroon;}\n");
++		str_write(dst_file, "SPAN.b06 {background-color: purple;}\n");
++		str_write(dst_file, "SPAN.b07 {background-color: orange;}\n");
++		str_write(dst_file, "SPAN.b08 {background-color: yellow;}\n");
++		str_write(dst_file, "SPAN.b09 {background-color: lime;}\n");
++		str_write(dst_file, "SPAN.b10 {background-color: teal;}\n");
++		str_write(dst_file, "SPAN.b11 {background-color: cyan;}\n");
++		str_write(dst_file, "SPAN.b12 {background-color: blue;}\n");
++		str_write(dst_file, "SPAN.b13 {background-color: magenta;}\n");
++		str_write(dst_file, "SPAN.b14 {background-color: silver;}\n");
++		str_write(dst_file, "SPAN.b15 {background-color: gray;}\n");
++		fclose(dst_file);
++	}
++	/* Now write user CSS file */
++	egg_snprintf(dst_filename, sizeof dst_filename, "%s%suser.css", ch->outputpath, SEP);
++	if ((dst_file = openfile(dst_filename, "wb", false)) != NULL) {
++		writefromexfile(dst_file, userstyle_filename);
++		fclose(dst_file);
++	}
++	
++	if (!logfile_suffix[0])
++		egg_strftime(ct, 12, ".%d%b%Y", t);
++	else
++		egg_strftime(ct, 80, logfile_suffix, t);
++	ct[80] = '\0';
++	
++	egg_snprintf(src_filename, sizeof src_filename, "%s%s", ch->logfilename, ct);
++	if ((src_file = openfile(src_filename, "r", true)) == NULL) return;
++
++	while(!feof(src_file)) {
++		lines_count = lines_per_page; pages_count++;
++
++		egg_snprintf(dst_filename, sizeof dst_filename, "%s%s%s%d%02d%02d_pg%d.html", ch->outputpath, SEP, ch->logspagename, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, pages_count);
++		if ((dst_file = openfile(dst_filename, "wb", false)) == NULL) {
++			fclose(src_file);
++			putlog(LOG_MISC, "*", "logs2html: Error occured on converting %d page of file \"%s\"!", pages_count, dst_filename);
++			return;
++		}
++
++		str_write(dst_file, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n");
++		str_write(dst_file, "<html>\n");
++		str_write(dst_file, "<head>\n");
++		if (strlen(encoding_string) > 0) {
++			str_write(dst_file, "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=%s\">\n", encoding_string);
++		}
++		str_write(dst_file, "<meta name=\"title\" content=\"%s\">\n", ch->logspagetitle);
++		str_write(dst_file, "<meta name=\"Description\" content=\"%s\">\n", ch->logspagetitle);
++		str_write(dst_file, "<meta name=\"Generator\" content=\"logs2html module for Eggdrop v.%d.%d.%d\">\n", MODULE_MAJOR, MODULE_MINOR, MODULE_SUBMINOR);
++		str_write(dst_file, "<meta name=\"Author\" content=\"Fedotov Alexander aka Gray_Angel\">\n");
++		str_write(dst_file, "<meta name=\"Keywords\" content=\"logs, logging, channel, irc, bot, eggdrop, windrop, module, logs2html\">\n");
++		str_write(dst_file, "<meta name=\"robots\" content= \"index,all\">\n");
++		str_write(dst_file, "<link rel=stylesheet type=\"text/css\" href=\"default.css\">\n");
++		if (strlen(userstyle_filename) > 0) str_write(dst_file, "<link rel=stylesheet type=\"text/css\" href=\"user.css\">\n");
++		str_write(dst_file, "<title>%s. %d/%d/%d</title>\n", ch->logspagetitle, t->tm_mday, t->tm_mon + 1, t->tm_year + 1900);
++		str_write(dst_file, "</head>\n");
++		str_write(dst_file, "<body class=\"logspage\">\n");
++
++		writefromexfile(dst_file, logspage_top_filename);
++
++		str_write(dst_file, "<a name=\"top\"></a>\n");
++		str_write(dst_file, "<div id=\"navtop\"><a href=\"%s.html\">%s</a></div>\n", ch->mainpagename, LOGS2HTML_MAINPAGE);
++		str_write(dst_file, "<div id=\"log\">\n");
++
++		while ((lines_count > 0) || (lines_per_page == 0)) {
++			lines_count--;
++
++			buf_ptr = fgets(buffer, sizeof buffer, src_file);
++			if (buf_ptr == NULL) break;
++
++			p = strrchr(buf_ptr, '\n');
++			if (p) *p = '\0';
++			p = strrchr(buf_ptr, '\r');
++			if (p) *p = '\0';
++			if (!buf_ptr[0]) continue;
++
++			/* if timestamp exist cut time from string */
++			data[0] = '\0';
++			if (shtime) {
++				egg_strftime(stamp, sizeof(stamp) - 1, LOG_TS, t); /* Print dummy time */
++				tsl = strlen(stamp);
++				strncat(data, buf_ptr, tsl);
++				buf_ptr += (++tsl);
++			}
++			if (strncmp(buf_ptr, "--- ", 4) == 0) {  /* we don't really need this string I think */
++				continue;
++			}
++			if (data && data[0]) {
++				str_write(dst_file, "<span class=\"time\">%s</span>", data);
++			}
++
++			data[0] = '\0'; noneedtoclose = false; skipemail = false;
++			if (strncmp(buf_ptr, "Action: ", 8) == 0) {  /* command: /me */
++				buf_ptr += 7;
++				str_write(dst_file, "<span class=\"action\"> ***");
++			} else { /* nick */
++				p = strstr(buf_ptr, "> ");
++				if ((strncmp(buf_ptr, "<", 1) == 0) && (p != NULL)) {
++					buf_ptr++;
++					strncat(data, buf_ptr, p - buf_ptr);
++					str_write(dst_file, "<span class=\"nick\"> &lt;%s&gt;</span>", data);
++					buf_ptr += (p - buf_ptr + 1);
++					noneedtoclose = true;
++				} else {
++					str_write(dst_file, "<span class=\"else\"> ");
++					skipemail = true;
++				}
++			}
++
++			cuted_string_len = strlen(buf_ptr) + 2;
++			original_idx = (int *)nmalloc(sizeof(int) * (cuted_string_len + 1));
++			for (i = 0; i < cuted_string_len; i++) original_idx[i] = i - 1; original_idx[cuted_string_len] = -1;
++
++			cuted_string = (char *)nmalloc(cuted_string_len + 1);
++			egg_memset(cuted_string, 0, cuted_string_len + 1);
++			snprintf(cuted_string, cuted_string_len + 1, " %s ", buf_ptr);
++			q = r = cuted_string + 1;
++			/*
++			 * Code copied from Eggdrop's src/dcc.c and then modified...
++			 * Copyright (C) 1997 Robey Pointer
++			 * Copyright (C) 1999, 2000, 2001, 2002, 2003 Eggheads Development Team
++			 */
++ 			while (*r) {
++				switch (*r) {
++					case 0xf:
++					case 3:							/* mIRC colors? */
++						if (isdigit(r[1])) {				/* Is the first char a number? */
++							r += 2;					/* Skip over the ^C and the first digit */
++							if (isdigit(*r)) r++;			/* Is this a double digit number? */
++							if (*r == ',') {			/* Do we have a background color next? */
++								if (isdigit(r[1])) r += 2;	/* Skip over the first background digit */
++								if (isdigit(*r)) r++;		/* Is it a double digit? */
++							}
++						} else {
++							r++;
++						}
++						continue;
++					case 2:			/* Bold text */
++					case 7:
++					case 0x16:		/* Reverse video */
++					case 0x1f:		/* Underlined text */
++					case 0x3c:		/* < */
++					case 0x3e:		/* > */
++						r++;
++						continue;
++					case 033:
++						r++;
++						if (*r == '[') {
++							r++;
++							while ((*r == ';') || isdigit(*r)) r++;
++							if (*r) r++;             /* also kill the following char */
++						}
++						continue;
++				}
++				original_idx[q - cuted_string] = r - cuted_string - 1;
++				*q++ = *r++;            /* Move on to the next char */
++			}
++			*q = '\0';
++			/*
++			 * Ends here...
++			 */
++
++			linkfound = false;
++			q = cuted_string;
++			while (*q) {
++				for (k = 0; k < MIN(sizeof openspace, sizeof closespace); k++) {
++					if (openspace[k] == *q) {
++						r = q + 1;
++						while (*r) {
++							if (closespace[k] == *r) {
++								*r = '\0';
++								p = q + 1;
++								switch (whatisit(p)) {
++									case ITS_NOTHING:
++										break;
++									case ITS_EMAIL:
++										if (!skipemail) { /* If class = "else", lets skip mail, because it ident@host */
++											egg_memset(data, 0, sizeof data);
++											sprintf(data, "<a href=\"mailto:%s\">", p);
++											linkfound = true;
++										}
++										break;
++									case ITS_LINK:
++										egg_memset(data, 0, sizeof data);
++										sprintf(data, "<a href=\"%s\">", p);
++										linkfound = true;
++										break;
++									case ITS_TRUNKLINK:
++										egg_memset(data, 0, sizeof data);
++										sprintf(data, "<a href=\"http://%s\">", p);
++										linkfound = true;
++										break;
++								}
++								*r = closespace[k];
++								if (linkfound) {
++									/* will after reallocation r & q pointers be aviable?
++									 * i.e. will cuted_string begin with the same adress?
++									 * to make them aviable let's count offset.
++									 */
++									r_offset = r - cuted_string; q_offset = q - cuted_string;
++									old_cuted_string_len = strlen(cuted_string); delta_cuted_string_len = strlen(data) + strlen(T_LINKC); 
++									cuted_string = (char *)nrealloc(cuted_string, old_cuted_string_len + delta_cuted_string_len + 1);
++									original_idx = (int *)nrealloc(original_idx, sizeof(int) * (old_cuted_string_len + delta_cuted_string_len + 1));
++									r = cuted_string + r_offset; q = cuted_string + q_offset;
++									for (i = old_cuted_string_len; i < (old_cuted_string_len + delta_cuted_string_len + 1); i++) {
++										original_idx[i] = -1; cuted_string[i] = '\0';
++									}
++									for (i = old_cuted_string_len - 1; i >= r_offset; i--) {
++										cuted_string[i + delta_cuted_string_len] = cuted_string[i];
++										original_idx[i + delta_cuted_string_len] = original_idx[i]; original_idx[i] = -1;
++									}
++									for (i = strlen(T_LINKC); i--; ) {
++										cuted_string[r_offset + delta_cuted_string_len - strlen(T_LINKC) + i] = T_LINKC[i];
++									}
++									for (i = r_offset - 1; i > q_offset; i--) {
++										cuted_string[i + delta_cuted_string_len - strlen(T_LINKC)] = cuted_string[i];
++										original_idx[i + delta_cuted_string_len - strlen(T_LINKC)] = original_idx[i]; original_idx[i] = -1;
++									}
++									for (i = 0; i < strlen(data); i++) {
++										cuted_string[q_offset + i + 1] = data[i];
++										original_idx[q_offset + i + 1] = -1;
++									}
++								}
++								if (linkfound) q = r - 1;
++								break;
++							}
++							r++;
++						}
++					}
++					if (linkfound) {
++						linkfound = false;
++						break;
++					}
++				}
++				q++;
++			}
++
++			cuted_string[strlen(cuted_string) - 1] = '\0';
++			egg_memset(data, 0, sizeof data);
++			bold_isopen = false; underline_isopen = false; 
++			p = cuted_string + 1; /* Don't need first char cause it = ' ' */
++			q = buf_ptr;
++			while (*p) {
++				if ((original_idx[p - cuted_string] == -1) || (original_idx[p - cuted_string] == (q - buf_ptr))) {
++					if ((strlen(data) + 1) > (sizeof data - 1)) {
++						str_write(dst_file, "%s", data); 
++						egg_memset(data, 0, sizeof data);
++					}
++					strncat(data, p, 1);
++					p++;
++					if (original_idx[p - cuted_string] != -1) q++;
++				} else {
++					/*
++ 					 * Code copied from Eggdrop's src/dcc.c and then modified...
++ 			 		 * Copyright (C) 1997 Robey Pointer
++ 			 		 * Copyright (C) 1999, 2000, 2001, 2002, 2003 Eggheads Development Team
++ 			 		 */
++					switch (*q) {
++						case 2:			/* Bold text */
++							if (bold_isopen) {
++								bold_isopen = false;
++								str_write(dst_file, "%s%s", data, T_BOLDC);
++								egg_memset(data, 0, sizeof data);
++							} else {
++								bold_isopen = true;
++								str_write(dst_file, "%s%s", data, T_BOLDO);
++								egg_memset(data, 0, sizeof data);
++							}
++							q++;
++							break;
++						case 3:			/* mIRC colors? */
++						case 0xf:		/* don't know, maybe broken client? but also mIRC colors */
++							egg_memset(f_color, 0, sizeof f_color); egg_memset(bg_color, 0, sizeof bg_color);
++							if (isdigit(q[1])) { /* Is the first char a number? */
++								f_color[0] = q[1];
++								if (isdigit(q[2])) {f_color[1] = q[2]; q++;}
++								q += 2;
++								if (*q == ',') {
++									if (isdigit(q[1])) { /* Is the first char a number? */
++										bg_color[0] = q[1];
++										if (isdigit(q[2])) {bg_color[1] = q[2]; q++;}
++										q += 2;
++									}
++								}
++								if (strlen(bg_color) > 0) {
++									/* If we have background color - let's close all previous "SPAN" */
++									for (mc_openteg_count++; --mc_openteg_count; ) {
++										if ((strlen(data) + strlen(T_SPANC)) > (sizeof data - 1)) {
++											str_write(dst_file, "%s", data); 
++											egg_memset(data, 0, sizeof data);
++										}
++										strncat(data, T_SPANC, strlen(T_SPANC));
++									}
++									str_write(dst_file, "%s", data);
++									egg_memset(data, 0, sizeof data);
++								}
++	
++								if ((strlen(f_color) > 0) && ((atoi(f_color) < 0) || (atoi(f_color) > 15)))	{
++									egg_memset(f_color, 0, sizeof f_color);
++								}
++								if ((strlen(bg_color) > 0) && ((atoi(bg_color) < 0) || (atoi(bg_color) > 15)))	{
++									egg_memset(bg_color, 0, sizeof bg_color);
++								}
++								if ((strlen(f_color) > 0) || (strlen(bg_color) > 0)) {
++									mc_openteg_count++;
++									text_style[0] = '\0';
++									if ((strlen(f_color) > 0) && (strlen(bg_color) > 0)) egg_snprintf(text_style, sizeof text_style, "c%02.2d%02.2d", atoi(f_color), atoi(bg_color));
++									if (strlen(bg_color) == 0) egg_snprintf(text_style, sizeof text_style, "f%02.2d", atoi(f_color));
++									if (strlen(f_color) == 0) egg_snprintf(text_style, sizeof text_style, "b%02.2d", atoi(bg_color));
++									str_write(dst_file, "%s<span class=\"%s\">", data, text_style);
++									egg_memset(data, 0, sizeof data);
++								}
++							} else {
++								/* It was "close-color" tag -> let's close all "SPAN" */
++								for (mc_openteg_count++; --mc_openteg_count; ) {
++									if ((strlen(data) + strlen(T_SPANC)) > (sizeof data - 1)) {
++										str_write(dst_file, "%s", data); 
++										egg_memset(data, 0, sizeof data);
++									}
++									strncat(data, T_SPANC, strlen(T_SPANC));
++								}
++								str_write(dst_file, "%s", data);
++								egg_memset(data, 0, sizeof data);
++								q++;
++							}
++							break;
++						case 7:			/* Bells */
++							q++;
++							break;
++						case 0x16:		/* Reverse video */
++							q++;
++							break;
++						case 0x1f:		/* Underlined text */
++							if (underline_isopen) {
++								underline_isopen = false;
++								str_write(dst_file, "%s%s", data, T_UNDERLINEC);
++								egg_memset(data, 0, sizeof data);
++							} else {
++								underline_isopen = true;
++								str_write(dst_file, "%s%s", data, T_UNDERLINEO);
++								egg_memset(data, 0, sizeof data);
++							}
++							q++;
++							break;
++						case 0x3c:		/* < */
++							str_write(dst_file, "%s%s", data, T_LT);
++							egg_memset(data, 0, sizeof data);
++							q++;
++							break;
++						case 0x3e:		/* > */
++							str_write(dst_file, "%s%s", data, T_GT);
++							egg_memset(data, 0, sizeof data);
++							q++;
++							break;
++						case 033:
++							q++;
++							if (*q == '[') {
++								q++;
++								while ((*q == ';') || isdigit(*q)) q++;
++								if (*q) q++;		/* also kill the following char */
++							}
++							break;
++						default:
++							/* I think we should never get here, but if so... */
++							strncat(data, q, 1);
++							q++; 
++							break;
++					}
++					/*
++					 * Ends here...
++					 */
++				}
++			}
++			str_write(dst_file, "%s", data); 
++			egg_memset(data, 0, sizeof data);
++			if (bold_isopen) str_write(dst_file, "%s", T_BOLDC);
++			if (underline_isopen) str_write(dst_file, "%s", T_UNDERLINEC);
++			for (mc_openteg_count++; --mc_openteg_count; ) {
++				if ((strlen(data) + strlen(T_SPANC)) > (sizeof data - 1)) {
++					str_write(dst_file, "%s", data); 
++					egg_memset(data, 0, sizeof data);
++				}
++				strncat(data, T_SPANC, strlen(T_SPANC));
++			}
++			str_write(dst_file, "%s", data); 
++			egg_memset(data, 0, sizeof data);
++
++			nfree(original_idx); original_idx = NULL;
++			nfree(cuted_string); cuted_string = NULL;
++
++			str_write(dst_file, "%s", data); data[0] = '\0';
++			str_write(dst_file, noneedtoclose ? "<br />\n":"</span><br />\n");
++		}
++		fclose(dst_file);
++	}
++	fclose(src_file);
++
++	for (i = 1; i <= pages_count; i++) {
++		egg_snprintf(dst_filename, sizeof dst_filename, "%s%s%s%d%02d%02d_pg%d.html", ch->outputpath, SEP, ch->logspagename, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, i);
++		if ((dst_file = openfile(dst_filename, "ab", false)) == NULL) {
++			putlog(LOG_MISC, "*", "logs2html: Error occured on converting %d page of file \"%s\"!", i, dst_filename);
++			return;
++		}
++		str_write(dst_file, "</div>\n");
++		if (pages_count > 1) {
++			str_write(dst_file, "<div id=\"navbottom\">");
++			if (i == 1)	{
++				str_write(dst_file, LOGS2HTML_BACK);
++			} else {
++				egg_snprintf(dst_filename, sizeof dst_filename, "%s%d%02d%02d_pg%d.html", ch->logspagename, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, i-1);
++				str_write(dst_file, "<span>&larr;</span>&nbsp;<a href=\"%s\">%s</a>", dst_filename, LOGS2HTML_BACK);
++			}
++			str_write(dst_file, "&nbsp;");
++			if (i == pages_count)	{
++				str_write(dst_file, LOGS2HTML_NEXT);
++			} else {
++				egg_snprintf(dst_filename, sizeof dst_filename, "%s%d%02d%02d_pg%d.html", ch->logspagename, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, i+1);
++				str_write(dst_file, "<a href=\"%s\">%s</a>&nbsp;<span>&rarr;</span>", dst_filename, LOGS2HTML_NEXT);
++			}
++			str_write(dst_file, "<br />");
++			for (j = 1; j <= pages_count; j++) {
++				egg_snprintf(dst_filename, sizeof dst_filename, "%s%d%02d%02d_pg%d.html", ch->logspagename, t->tm_year + 1900, t->tm_mon + 1, t->tm_mday, j);
++				if (j != i)	{
++					str_write(dst_file, "<span> <a href=\"%s\">%d</a> </span>", dst_filename, j);
++				} else {
++					str_write(dst_file, "<b>%d</b>", j);
++				}
++			}
++		str_write(dst_file, "</div>\n");
++		}
++
++		str_write(dst_file, "<div id=\"totop\"><a href=\"#top\">%s</a></div>\n", LOGS2HTML_UP);
++
++		writefromexfile(dst_file, logspage_bottom_filename);
++
++		str_write(dst_file, "<div id=\"footer\">\nGenerated by logs2html module for eggdrop v.%d.%d.%d<br />\n", MODULE_MAJOR, MODULE_MINOR, MODULE_SUBMINOR);
++		str_write(dst_file, "Find latest version at <a href=\"http://sourceforge.net/projects/logs2html\">http://sourceforge.net/projects/logs2html</a> or <a href=\"http://shmupsik.osetia.org\">http://shmupsik.osetia.org</a>\n</div>\n");
++
++		str_write(dst_file, "</body>\n");
++		str_write(dst_file, "</html>");
++
++		fclose(dst_file);
++	}
++
++	return;
++} /* convertfile() */
++/****************************************************************************/
++
++
++/****************************************************************************/
++/*
++ * function void makemainpage(logs2htmlchan *ch)
++ *
++ * Input:
++ *   íè÷åãî
++ *
++ * Output:
++ *   íè÷åãî
++ *
++ * Discription:
++ *   Ãåíåðàöèÿ îñíîâíîé ñòðàíèöû (êàëåíäàðÿ)
++ *    + âûçûâàåòñÿ ïðîöåäóðà äëÿ êîíâåðòèðîâàíèÿ ëîãîâ â ôîðìàò HTML
++ */
++static void makemainpage(logs2htmlchan *ch) {
++	int i, j, k, m, l;
++	int add_day;
++	FILE *file;
++	char filename[256];
++	bool endofyear;
++	struct tm tblock;
++	int delta_day = 0;
++	time_t t = time(NULL);
++	struct tm *st = localtime(&t);
++
++	tblock.tm_year	= st->tm_year;
++	tblock.tm_isdst	= st->tm_isdst;
++	tblock.tm_hour	= 0;
++	tblock.tm_min	= 0;
++	tblock.tm_sec	= 1;
++	/* Other fields not necessary here
++	tblock.tm_mday	= st->tm_mday;
++	tblock.tm_mon	= st->tm_mon;
++	tblock.tm_wday	= st->tm_wday;
++	tblock.tm_yday	= st->tm_yday;
++	*/
++
++	egg_snprintf(filename, sizeof filename, "%s%s%s.html", ch->outputpath, SEP, ch->mainpagename);
++	if ((file = openfile(filename, "wb", false)) == NULL) return;
++
++	str_write(file, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\">\n");
++	str_write(file, "<html>\n");
++	str_write(file, "<head>\n");
++	if (strlen(encoding_string) > 0) {
++		str_write(file, "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=%s\">\n", encoding_string);
++	}
++	str_write(file, "<meta name=\"title\" content=\"%s\">\n", ch->mainpagetitle);
++	str_write(file, "<meta name=\"Description\" content=\"%s\">\n", ch->mainpagetitle);
++	str_write(file, "<meta name=\"Generator\" content=\"logs2html module for Eggdrop v.%d.%d.%d\">\n", MODULE_MAJOR, MODULE_MINOR, MODULE_SUBMINOR);
++	str_write(file, "<meta name=\"Author\" content=\"Fedotov Alexander aka Gray_Angel\">\n");
++	str_write(file, "<meta name=\"Keywords\" content=\"logs, logging, channel, irc, bot, eggdrop, windrop, module, logs2html\">\n");
++	str_write(file, "<meta name=\"robots\" content= \"index,all\">\n");
++	str_write(file, "<link rel=stylesheet type=\"text/css\" href=\"default.css\">\n");
++	if (strlen(userstyle_filename) > 0) str_write(file, "<link rel=stylesheet type=\"text/css\" href=\"user.css\">\n");
++	str_write(file, "<title>%s %d %s</title>\n", ch->mainpagetitle, tblock.tm_year + 1900, LOGS2HTML_YEAR);
++	str_write(file, "</head>\n");
++	str_write(file, "<body class=\"mainpage\">\n");
++
++	writefromexfile(file, mainpage_top_filename);
++
++	str_write(file, "<div id=\"title\">%s<br />%d %s</div>\n", ch->mainpagetitle, tblock.tm_year + 1900, LOGS2HTML_YEAR);
++	str_write(file, "<div id=\"calendar\">\n");
++
++
++	/* Âû÷èñëÿåì ñêîëüêî ðÿäîâ ïîòðåáóåòñÿ äëÿ ðàçìåùåíèÿ 12 ìåñÿöåâ ïðè çàäàííîì ÷èñëå ñòîëáöîâ */
++	month_rows_count = (int)ceil(12.0 / (double)month_cols_count);
++
++	str_write(file, "<table width=\"100%%\" cellspacing=\"2\" cellpadding=\"1\" border=\"0\">\n");
++
++	/* öèêë ïî ðÿäàì ìåñÿöåâ */
++	for(i = 0; i < month_rows_count; i++) {
++
++		/* â êàæäîì ðÿäó: 1 ñòðîêà (íàçâàíèå ìåñÿöà) + 7 ñòðîê (äíè íåäåëè) */
++		for (j = 0; j < 8; j++) {
++			str_write(file, "<tr align=center>\n");
++
++			/* öèêë ïî ñòîëáöàì ìåñÿöåâ */
++			for (k = 0; k < month_cols_count; k++) {
++				tblock.tm_mon = i * month_cols_count + k;
++				endofyear = (tblock.tm_mon > 11 ) ? true : false;
++
++				if (j == 0) {
++					str_write(file, "<td class=\"space\"></td>");
++					str_write(file, "<th colspan=7>%s</th>\n", endofyear ? "&nbsp;": month_names[tblock.tm_mon]);
++					continue;
++				}
++
++				/* Åñëè ãîä âèñîêîñíûé, òî äîáàâëÿåì ê ôåâðàëþ 1 äåíü */
++				add_day = ((tblock.tm_mon == 1) && isleap(tblock.tm_year)) ? 1 : 0;
++
++				/* Äëÿ äàííîãî ìåñÿöà äàííîãî ãîäà âû÷èñëÿåì íà êàêîé äåíü íåäåëè ïðèõîäèòñÿ 1 ÷èñëî */
++				if (!endofyear) {
++					delta_day = getdayofweek(tblock.tm_year + 1900, tblock.tm_mon + 1, 1);
++				}
++
++				/* â êàæäîì ìåñÿöå: 2 ñòîëáöà (íàçâàíèå äíåé íåäåëè) + 6 ñòîëáöîâ (íåäåëè) */
++				for (m = 0; m < 7; m++) {
++					if (endofyear) {
++						str_write(file, "<td>&nbsp;</td>\n");
++						continue;
++					}
++					if (m == 0) {
++						str_write(file, "<td class=\"space\"></td>");
++						switch (j)
++						{
++						case 1:
++						case 2:
++						case 3:
++						case 4:
++						case 5:
++						case 6:
++							str_write(file, "<td class=\"dayname\">%s</td>\n", days_names[j-1]);
++							break;
++						case 7:
++							str_write(file, "<td class=\"weekend\">%s</td>\n", days_names[j-1]);
++							break;
++						default:
++							/* Uuups.. We should never get to this point.. and if it so, that mean's something wrong...:( */
++							str_write(file, "<td>&nbsp;</td>\n");
++						}
++						continue;
++					}
++					tblock.tm_mday = (m - 1) * 7 + j - delta_day;
++					if ((tblock.tm_mday >= 1) && (tblock.tm_mday <= (days_in_month[tblock.tm_mon] + add_day))) {
++						tblock.tm_wday = (getdayofweek(tblock.tm_year + 1900, tblock.tm_mon + 1, tblock.tm_mday) + 1) % 7;
++						tblock.tm_yday = 0;
++						for (l = 0; l < tblock.tm_mon; l++) tblock.tm_yday += days_in_month[l];
++						tblock.tm_yday += tblock.tm_mday - 1;
++
++						egg_snprintf(filename, sizeof filename, "%s%s%s%d%02d%02d_pg%d.html", ch->outputpath, SEP, ch->logspagename, tblock.tm_year + 1900, tblock.tm_mon + 1, tblock.tm_mday, 1);
++						if (!file_readable(filename)) convertfile(&tblock, ch);
++						if (file_readable(filename)) {
++							/* let write withount full path */
++							egg_snprintf(filename, sizeof filename, "%s%d%02d%02d_pg%d.html", ch->logspagename, tblock.tm_year + 1900, tblock.tm_mon + 1, tblock.tm_mday, 1);
++							str_write(file, "<td><a href=\"%s\">%d</A></td>\n", filename, tblock.tm_mday);
++						} else {
++							str_write(file, "<td>%d</td>\n", tblock.tm_mday);
++						}
++					} else {
++						str_write(file, "<td>&nbsp;</td>\n");
++					}
++				}
++			}
++			str_write(file, "</tr>\n");
++		}
++		str_write(file, "<tr><td class=\"space\" colspan=%d>&nbsp;</td></tr>\n", month_cols_count * 8);
++	}
++
++	str_write(file, "</table>\n");
++	str_write(file, "</div>\n");
++
++	writefromexfile(file, mainpage_bottom_filename);
++
++	str_write(file, "<div id=\"footer\">\nGenerated by logs2html module for eggdrop v.%d.%d.%d<br />\n", MODULE_MAJOR, MODULE_MINOR, MODULE_SUBMINOR);
++	str_write(file, "Find latest version at <a href=\"http://sourceforge.net/projects/logs2html\">http://sourceforge.net/projects/logs2html</a> or <a href=\"http://shmupsik.osetia.org\">http://shmupsik.osetia.org</a>\n</div>\n");
++
++	str_write(file, "</body>\n");
++	str_write(file, "</html>");
++
++	fclose(file);
++
++	return;
++} /* makemainpage() */
++/****************************************************************************/
++
++
++/****************************************************************************/
++static void logs2html_hook_5minutely(void)
++{
++	logs2htmlchan *p;
++	struct tm tblock;
++	time_t t = time(NULL);
++	struct tm *st = localtime(&t);
++
++	tblock.tm_year	= st->tm_year;
++	tblock.tm_isdst	= st->tm_isdst;
++	tblock.tm_mday	= st->tm_mday;
++	tblock.tm_mon	= st->tm_mon;
++	tblock.tm_wday	= st->tm_wday;
++	tblock.tm_yday	= st->tm_yday;
++	tblock.tm_hour	= 0;
++	tblock.tm_min	= 0;
++	tblock.tm_sec	= 1;
++
++	p = logs2htmlchanlist;
++	while (p != NULL) {
++		convertfile(&tblock, p);
++		makemainpage(p);
++		p = p->next;
++	}
++
++	return;
++}
++/****************************************************************************/
++
++/****************************************************************************/
++static void logs2html_hook_daily(void)
++{
++	logs2htmlchan *p;
++	struct tm tblock;
++	time_t t = time(NULL);
++	struct tm *st = localtime(&t);
++
++	tblock.tm_year	= st->tm_year;
++	tblock.tm_isdst	= st->tm_isdst;
++	tblock.tm_mday	= st->tm_mday;
++	tblock.tm_mon	= st->tm_mon;
++	tblock.tm_wday	= st->tm_wday;
++	tblock.tm_yday	= st->tm_yday;
++	tblock.tm_hour	= 0;
++	tblock.tm_min	= 0;
++	tblock.tm_sec	= 1;
++
++	if (!--tblock.tm_mday) {
++		if (!tblock.tm_mon) {
++			/* it's 1st January; lets go one day before */
++			tblock.tm_year--;
++			tblock.tm_mon = 11;
++			tblock.tm_mday = 31;
++			tblock.tm_yday = 364 + isleap(tblock.tm_year) ? 1 : 0;
++		} else {
++			tblock.tm_mon--;
++			tblock.tm_mday = days_in_month[tblock.tm_mon] + ((tblock.tm_mon == 1) && isleap(tblock.tm_year)) ? 1 : 0;
++			tblock.tm_yday--;
++		}
++	} else {
++		tblock.tm_yday--;
++	}
++	tblock.tm_wday	= (tblock.tm_wday + 6) % 7;
++
++	p = logs2htmlchanlist;
++	while (p != NULL) {
++		convertfile(&tblock, p);
++		makemainpage(p);
++		p = p->next;
++	}
++
++	return;
++}
++/****************************************************************************/
++
++
++/****************************************************************************/
++static void logs2html_hook_pre_rehash(void)
++{
++	logs2htmlchan *p, *q;
++
++	q = p = logs2htmlchanlist;
++	while (q != NULL) {
++		q = p->next;
++		nfree(p);
++		p = q;
++	}
++	logs2htmlchanlist = p = q = NULL;
++
++	return;
++}
++/****************************************************************************/
++
++/****************************************************************************/
++static void logs2html_hook_rehash(void)
++{
++	if (lines_per_page < 0) lines_per_page = 0;
++
++	return;
++}
++/****************************************************************************/
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/logs2html.conf eggdrop1.6.19/src/mod/logs2html.mod/logs2html.conf
+--- src/mod/logs2html.mod/logs2html.conf	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/logs2html.conf	2009-03-28 01:43:58.000000000 +0000
+@@ -0,0 +1,38 @@
++######
++#####
++###   General Settings
++#####
++######
++
++# number of rows the month'll put out
++set col-count 3
++
++# set how many lines there'll be on one page of converted logfile. If it
++# set to 0 then all converted log will dispalay as one page.
++set lines-per-page 200
++
++# Here specify file with "addlogs2html" expressions.
++set channels-list chan.list
++
++# Uncomment line if you want specify file with your color settings for
++# generated pages
++#set user-style user.css
++
++# This setting allows you to insert meta tag
++# <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=..."> in your
++# HTML files. You can comment next line, that will mean that this tag'll not
++# be insert in the resulting page.
++set insert-encoding-str "windows-1251"
++
++# Here you can specify path to files which content will be put to converted
++# logfile (or mainpage). Uncomment the line you need and put there
++# filename with path for example: set mainpage-top "top100.tpl"
++# Note: the content of specified file puts to the resulting file "as is",
++# without any transformation
++#set mainpage-top ""
++#set mainpage-bottom ""
++#set logspage-top ""
++#set logspage-bottom ""
++
++# now load the module
++loadmodule logs2html
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/logs2html.h eggdrop1.6.19/src/mod/logs2html.mod/logs2html.h
+--- src/mod/logs2html.mod/logs2html.h	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/logs2html.h	2009-03-28 01:46:28.000000000 +0000
+@@ -0,0 +1,76 @@
++/*
++ * logs2html.h -- part of logs2html.mod
++ *
++ * Written by Fedotov Alexander aka Gray_Angel aka Shmupsik <shurikvz@mail.ru>
++ *
++ * 2004-2005 year
++ */
++/*
++ * This program is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU General Public License
++ * as published by the Free Software Foundation; either version 2
++ * of the License, or (at your option) any later version.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License
++ * along with this program; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
++ */
++
++#include "src/lang.h"
++
++#define SEP "/"
++
++#undef false
++#undef true
++typedef enum {false = 0, true} bool;
++
++#ifdef MIN
++#  undef MIN
++#endif
++#define MIN(p,q) ((p < q) ? p : q)
++
++#ifndef isleap
++	/* Nonzero if YEAR is a leap year (every 4 years,
++	except every 100th isn't, and every 400th is). */
++#define isleap(year)	\
++	((year) % 4 == 0 && ((year) % 100 != 0 || (year) % 400 == 0))
++#endif
++
++#define T_LT "&lt;"
++#define T_GT "&gt;"
++#define T_BOLDO "<B>"
++#define T_BOLDC "</B>"
++#define T_UNDERLINEO "<U>"
++#define T_UNDERLINEC "</U>"
++#define T_SPANC "</SPAN>"
++#define T_LINKC "</A>"
++ 
++typedef struct logs2html_data {
++	struct logs2html_data *next;
++	char channame[81];		/* Èìÿ êàíàëà äëÿ êîòîðîãî êîíâåðòèðîâàòü ëîãè */
++	char logfilename[128];		/* Èìÿ (ïðåôèêñ) äàííîãî êàíàëà (âû÷èñëÿåòñÿ èç âûðàæåíèÿ logfile â êîíôèãå áîòà) */
++	char outputpath[128];		/* Êóäà âûâîäèòü êîíâåðòèðîâàííûå ëîãè */
++	char mainpagename[61];		/* Èìÿ ãëàâíîé ñòðàíèöû */
++	char mainpagetitle[256];	/* Çàãîëîâîê íà ãëàâíîé ñòðàíèöå */
++	char logspagename[61];		/* Èìÿ (ïðåôèêñ) ñòðàíèöû ïåðåêîíâåðòèðîâàííîãî ëîãôàéëà */
++	char logspagetitle[256];	/* Çàãîëîâîê ñòðàíèöû ëîãôàéëà */
++} logs2htmlchan;
++
++typedef enum {ITS_NOTHING, ITS_EMAIL, ITS_LINK, ITS_TRUNKLINK} patternkind;
++
++static int cmd_convertalllogs(struct userrec *u, int idx, char *par);
++static int cmd_makemainpage(struct userrec *u, int idx, char *par);
++static int getdayofweek(int year, int month, int day);
++static FILE *openfile(char *newfilename, const char *mode, bool silent);
++static void str_write(FILE *file, char *fstr, ... );
++static void makemainpage(logs2htmlchan *ch);
++static void convertfile(struct tm *t, logs2htmlchan *ch);
++static void writefromexfile(FILE *dst_file, char *exfilename);
++static int addchannels(void);
++static patternkind whatisit(char *pattern);
++
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/logs2html.mod.desc eggdrop1.6.19/src/mod/logs2html.mod/logs2html.mod.desc
+--- src/mod/logs2html.mod/logs2html.mod.desc	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/logs2html.mod.desc	2009-03-28 01:46:37.000000000 +0000
+@@ -0,0 +1 @@
++This module convert all existing log files (and those, that will be created after module installation) of your eggdrop for givving channel to their html representation to be show in the web. and also the calendar page with links to that converted files.
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/modinfo eggdrop1.6.19/src/mod/logs2html.mod/modinfo
+--- src/mod/logs2html.mod/modinfo	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/modinfo	2009-03-28 01:32:21.000000000 +0000
+@@ -0,0 +1,4 @@
++DESC:This module convert all existing log files (and those, that will be
++DESC:created after module installation) of your eggdrop for givving channel
++DESC:to their html representation to be show in the web. and also the
++DESC:calendar page with links to that converted files.
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/readme.txt eggdrop1.6.19/src/mod/logs2html.mod/readme.txt
+--- src/mod/logs2html.mod/readme.txt	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/readme.txt	2009-03-28 01:44:20.000000000 +0000
+@@ -0,0 +1,85 @@
++logs2html.mod v.2.3.4 by Alexander Fedotov aka Gray_Angel aka Shmupsik #ircnet.ru
++e-mail: shurikvz@mail.ru
++
++This module convert all existing log files (and those, that will be created after module installation) of your eggdrop for giving channels to their html representation to be show in the web. and also the calendar page with links to that converted files.
++
++*******************************************************************************
++To install this module:
++ - copy the contents of "language" directory to your eggdrops "language" directory
++ - copy the contents of "help" directory to your eggdrops "help" directory
++ - copy *.dll (for windows) or *.so (for unix/linux) module to your eggdrops "modules" directory (only if you have download an arhive file with precompiled modules)
++ - copy logs2html.conf, chan.list files to your eggdrop directory
++ - if you decide to use your own style for pages copy user.css file to your eggdrop directory
++ - (Of course don't forget to edit logs2html.conf, chan.list and user.css files)
++ - put "source logs2html.conf" into your eggdrop config file and restart your bot
++
++Module has 2 commands, which you can use from dcc chat:
++ - convertalllogs	- reconverts ALL your logs for current year (you'll need it for example if you decided to change style of your output logs even those which was created before your decision)
++ - makemainpage		- redraws mainpages
++*******************************************************************************
++
++
++
++*******************************************************************************
++You can see the example of output on http://www.osetia.org/logs
++You can try to find latest version on http://sourceforge.net/projects/logs2html or http://shmupsik.osetia.org
++*******************************************************************************
++
++
++
++*******************************************************************************
++So, if you want to make a donation (for some strange reason I probably will never understand...) to me,
++you can do it using WebMoney (http://www.webmoney.ru).
++And here (http://webmoney.ru/wminouttrans1.shtml) a list of sites where you can exchange your money if you are not using WebMoney system.. :)
++
++My cash number: WMID:215902813411
++ U838552550724
++ E023251651728
++ R735356625383
++*******************************************************************************
++
++
++
++*******************************************************************************
++Version history:
++15.10.05 - version 2.3.4
++  - added setting in config file, which allow to change value of meta tag <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=..."> in generated HTML files.
++
++
++04.10.05 - version 2.3.3
++  - fixed bug with broken e-mail (strings with broken e-mails were truncated)
++
++
++ 24.09.05 - version 2.3.2
++  - added support for <B> and <U> tags
++  - fixed bug with [%H:%M:%S] timestamp (I hope.. :-))
++
++
++ 26.07.05 - version 2.3.1
++  - bug fixed
++
++
++ 24.07.05 - version 2.3.0
++  - page style discriptions moved to CSS file
++  - no need for tcl now
++  - small bugs fixed
++
++
++ 25.04.05 - version 2.1.0
++  - added support for http links and e-mail.
++
++
++ 27.02.05 - version 2.0
++  - converting logs for multiply channels
++  - possibility to change colors of HTML pages
++  - now you can aim number of lines on the one generated HTML page
++
++
++ 16.12.04 - version 1.0
++  - initial realise
++*******************************************************************************
++
++
++
++P.S. Sorry for my bad english
++
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/top100.tpl eggdrop1.6.19/src/mod/logs2html.mod/top100.tpl
+--- src/mod/logs2html.mod/top100.tpl	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/top100.tpl	2009-03-28 01:43:24.000000000 +0000
+@@ -0,0 +1,50 @@
++
++<p align="center">
++<!--Rating@Mail.ru COUNTER--><script language="JavaScript"><!--
++d=document;a='';a+=';r='+escape(d.referrer)
++js=10//--></script><script language="JavaScript1.1"><!--
++a+=';j='+navigator.javaEnabled()
++js=11//--></script><script language="JavaScript1.2"><!--
++s=screen;a+=';s='+s.width+'*'+s.height
++a+=';d='+(s.colorDepth?s.colorDepth:s.pixelDepth)
++js=12//--></script><script language="JavaScript1.3"><!--
++js=13//--></script><script language="JavaScript"><!--
++d.write('<img src="http://top.list.ru/counter'+'?id=606627;js='+js+a+';rand='+Math.random()+'" height=1 width=1>')
++if(js>11)d.write('<'+'!-- ')//--></script><noscript><img
++src="http://top.list.ru/counter?js=na;id=606627"
++height=1 width=1 alt=""></noscript><script language="JavaScript"><!--
++if(js>11)d.write('--'+'>')//--></script><!--/COUNTER-->
++<!-- SpyLOG f:0210 -->
++<script language="javascript"><!--
++Mu="u5131.64.spylog.com";Md=document;Mnv=navigator;Mp=1;
++Mn=(Mnv.appName.substring(0,2)=="Mi")?0:1;Mrn=Math.random();
++Mt=(new Date()).getTimezoneOffset();
++Mz="p="+Mp+"&rn="+Mrn+"&tl=0&ls=0&ln=0&t="+Mt;
++My="";
++My+="<img src='http://"+Mu+"/cnt?cid=513164&"+Mz+"&r="+escape(Md.referrer)+"&pg="+escape(window.location.href)+"'border=0 width=1 height=1 alt='SpyLOG'>";
++Md.write(My);//--></script><noscript>
++<img src="http://u5131.64.spylog.com/cnt?cid=513164&p=1" alt='SpyLOG' border='0' width=1
++height=1 >
++</noscript>
++<!-- SpyLOG -->
++<!--begin of Top100 logo-->
++<a href="http://top100.rambler.ru/top100/">
++<img src="http://top100-images.rambler.ru/top100/banner-88x31-rambler-blue.gif" alt="Rambler's Top100" width=88 height=31 border=0></a>
++<!--end of Top100 logo -->
++<script language="javascript"><!--
++Mrn=Math.random();Mz="";
++My="<a href='http://u5131.64.spylog.com/cnt?cid=513164&f=3&rn="+Mrn+"' target='_blank'><img src='http://u5131.64.spylog.com/cnt?cid=513164&";
++My+="p=1&f=4&rn="+Mrn+Mz+"' border=0 width=88 height=31 alt='SpyLOG'></a>";Md.write(My);
++//--></script><noscript>
++<a href="http://u5131.64.spylog.com/cnt?cid=513164&f=3&p=1" target="_blank">
++<img src="http://u5131.64.spylog.com/cnt?cid=513164&p=1&f=4" alt='SpyLOG' border='0' width=88 height=31 ></a>
++</noscript>
++<!--Rating@Mail.ru LOGO--><a target=_top
++href="http://top.mail.ru/jump?from=606627"><img src="http://top.list.ru/counter?id=606627;t=231;l=1"
++border=0 height=31 width=88
++alt="Ðåéòèíã@Mail.ru"></a><!--/LOGO-->
++<!--begin of Rambler's Top100 code -->
++<a href="http://top100.rambler.ru/top100/">
++<img src="http://counter.rambler.ru/top100.cnt?503447" alt="" width=1 height=1 border=0></a>
++<!--end of Top100 code-->
++</p>
+diff -urpN eggdrop1.6.19-orig/src/mod/logs2html.mod/user.css eggdrop1.6.19/src/mod/logs2html.mod/user.css
+--- src/mod/logs2html.mod/user.css	1970-01-01 00:00:00.000000000 +0000
++++ src/mod/logs2html.mod/user.css	2009-03-28 01:32:53.000000000 +0000
+@@ -0,0 +1,121 @@
++BODY {
++font-family: serif;
++font-style: normal
++font-variant: normal;
++font-weight: normal;
++font-stretch: normal;
++font-size: 12pt;
++text-align: left;
++color: rgb(0,0,0);
++background-color: transparent;
++}
++BODY.mainpage {
++background-color: whitesmoke;
++}
++BODY.logspage {
++background-color: lightyellow;
++}
++TD {
++width: 4%;
++background-color: lavender;
++}
++TD.space {
++width: auto;
++background-color: whitesmoke;
++}
++TD.dayname {
++width: auto;
++font-weight: bold;
++text-align: right;
++background-color: lightskyblue;
++}
++TD.weekend {
++color: red;
++width: auto;
++font-weight: bold;
++text-align: right;
++width: auto;
++background-color: lightskyblue;
++}
++TH {
++font-weight: bold;
++text-align: center;
++background-color: lavender;
++}
++SPAN.time {
++color: silver;
++}
++SPAN.nick {
++color: mediumblue;
++}
++SPAN.else {
++color: green;
++font-style: italic;
++}
++SPAN.action {
++color: violet;
++}
++SPAN.c0000, SPAN.c0100, SPAN.c0200, SPAN.c0300, SPAN.c0400, SPAN.c0500, SPAN.c0600, SPAN.c0700, SPAN.c0800, SPAN.c0900, SPAN.c1000, SPAN.c1100, SPAN.c1200, SPAN.c1300, SPAN.c1400, SPAN.c1500 {background-color: white;}
++SPAN.c0001, SPAN.c0101, SPAN.c0201, SPAN.c0301, SPAN.c0401, SPAN.c0501, SPAN.c0601, SPAN.c0701, SPAN.c0801, SPAN.c0901, SPAN.c1001, SPAN.c1101, SPAN.c1201, SPAN.c1301, SPAN.c1401, SPAN.c1501 {background-color: black;}
++SPAN.c0002, SPAN.c0102, SPAN.c0202, SPAN.c0302, SPAN.c0402, SPAN.c0502, SPAN.c0602, SPAN.c0702, SPAN.c0802, SPAN.c0902, SPAN.c1002, SPAN.c1102, SPAN.c1202, SPAN.c1302, SPAN.c1402, SPAN.c1502 {background-color: navy;}
++SPAN.c0003, SPAN.c0103, SPAN.c0203, SPAN.c0303, SPAN.c0403, SPAN.c0503, SPAN.c0603, SPAN.c0703, SPAN.c0803, SPAN.c0903, SPAN.c1003, SPAN.c1103, SPAN.c1203, SPAN.c1303, SPAN.c1403, SPAN.c1503 {background-color: green;}
++SPAN.c0004, SPAN.c0104, SPAN.c0204, SPAN.c0304, SPAN.c0404, SPAN.c0504, SPAN.c0604, SPAN.c0704, SPAN.c0804, SPAN.c0904, SPAN.c1004, SPAN.c1104, SPAN.c1204, SPAN.c1304, SPAN.c1404, SPAN.c1504 {background-color: red;}
++SPAN.c0005, SPAN.c0105, SPAN.c0205, SPAN.c0305, SPAN.c0405, SPAN.c0505, SPAN.c0605, SPAN.c0705, SPAN.c0805, SPAN.c0905, SPAN.c1005, SPAN.c1105, SPAN.c1205, SPAN.c1305, SPAN.c1405, SPAN.c1505 {background-color: maroon;}
++SPAN.c0006, SPAN.c0106, SPAN.c0206, SPAN.c0306, SPAN.c0406, SPAN.c0506, SPAN.c0606, SPAN.c0706, SPAN.c0806, SPAN.c0906, SPAN.c1006, SPAN.c1106, SPAN.c1206, SPAN.c1306, SPAN.c1406, SPAN.c1506 {background-color: purple;}
++SPAN.c0007, SPAN.c0107, SPAN.c0207, SPAN.c0307, SPAN.c0407, SPAN.c0507, SPAN.c0607, SPAN.c0707, SPAN.c0807, SPAN.c0907, SPAN.c1007, SPAN.c1107, SPAN.c1207, SPAN.c1307, SPAN.c1407, SPAN.c1507 {background-color: orange;}
++SPAN.c0008, SPAN.c0108, SPAN.c0208, SPAN.c0308, SPAN.c0408, SPAN.c0508, SPAN.c0608, SPAN.c0708, SPAN.c0808, SPAN.c0908, SPAN.c1008, SPAN.c1108, SPAN.c1208, SPAN.c1308, SPAN.c1408, SPAN.c1508 {background-color: yellow;}
++SPAN.c0009, SPAN.c0109, SPAN.c0209, SPAN.c0309, SPAN.c0409, SPAN.c0509, SPAN.c0609, SPAN.c0709, SPAN.c0809, SPAN.c0909, SPAN.c1009, SPAN.c1109, SPAN.c1209, SPAN.c1309, SPAN.c1409, SPAN.c1509 {background-color: lime;}
++SPAN.c0010, SPAN.c0110, SPAN.c0210, SPAN.c0310, SPAN.c0410, SPAN.c0510, SPAN.c0610, SPAN.c0710, SPAN.c0810, SPAN.c0910, SPAN.c1010, SPAN.c1110, SPAN.c1210, SPAN.c1310, SPAN.c1410, SPAN.c1510 {background-color: teal;}
++SPAN.c0011, SPAN.c0111, SPAN.c0211, SPAN.c0311, SPAN.c0411, SPAN.c0511, SPAN.c0611, SPAN.c0711, SPAN.c0811, SPAN.c0911, SPAN.c1011, SPAN.c1111, SPAN.c1211, SPAN.c1311, SPAN.c1411, SPAN.c1511 {background-color: cyan;}
++SPAN.c0012, SPAN.c0112, SPAN.c0212, SPAN.c0312, SPAN.c0412, SPAN.c0512, SPAN.c0612, SPAN.c0712, SPAN.c0812, SPAN.c0912, SPAN.c1012, SPAN.c1112, SPAN.c1212, SPAN.c1312, SPAN.c1412, SPAN.c1512 {background-color: blue;}
++SPAN.c0013, SPAN.c0113, SPAN.c0213, SPAN.c0313, SPAN.c0413, SPAN.c0513, SPAN.c0613, SPAN.c0713, SPAN.c0813, SPAN.c0913, SPAN.c1013, SPAN.c1113, SPAN.c1213, SPAN.c1313, SPAN.c1413, SPAN.c1513 {background-color: magenta;}
++SPAN.c0014, SPAN.c0114, SPAN.c0214, SPAN.c0314, SPAN.c0414, SPAN.c0514, SPAN.c0614, SPAN.c0714, SPAN.c0814, SPAN.c0914, SPAN.c1014, SPAN.c1114, SPAN.c1214, SPAN.c1314, SPAN.c1414, SPAN.c1514 {background-color: silver;}
++SPAN.c0015, SPAN.c0115, SPAN.c0215, SPAN.c0315, SPAN.c0415, SPAN.c0515, SPAN.c0615, SPAN.c0715, SPAN.c0815, SPAN.c0915, SPAN.c1015, SPAN.c1114, SPAN.c1215, SPAN.c1315, SPAN.c1415, SPAN.c1515 {background-color: gray;}
++SPAN.c0000, SPAN.c0001, SPAN.c0002, SPAN.c0003, SPAN.c0004, SPAN.c0005, SPAN.c0006, SPAN.c0007, SPAN.c0008, SPAN.c0009, SPAN.c0010, SPAN.c0011, SPAN.c0012, SPAN.c0013, SPAN.c0014, SPAN.c0015 {color: white;}
++SPAN.c0100, SPAN.c0101, SPAN.c0102, SPAN.c0103, SPAN.c0104, SPAN.c0105, SPAN.c0106, SPAN.c0107, SPAN.c0108, SPAN.c0109, SPAN.c0110, SPAN.c0111, SPAN.c0112, SPAN.c0113, SPAN.c0114, SPAN.c0115 {color: black;}
++SPAN.c0200, SPAN.c0201, SPAN.c0202, SPAN.c0203, SPAN.c0204, SPAN.c0205, SPAN.c0206, SPAN.c0207, SPAN.c0208, SPAN.c0209, SPAN.c0210, SPAN.c0211, SPAN.c0212, SPAN.c0213, SPAN.c0214, SPAN.c0215 {color: navy;}
++SPAN.c0300, SPAN.c0301, SPAN.c0302, SPAN.c0303, SPAN.c0304, SPAN.c0305, SPAN.c0306, SPAN.c0307, SPAN.c0308, SPAN.c0309, SPAN.c0310, SPAN.c0311, SPAN.c0312, SPAN.c0313, SPAN.c0314, SPAN.c0315 {color: green;}
++SPAN.c0400, SPAN.c0401, SPAN.c0402, SPAN.c0403, SPAN.c0404, SPAN.c0405, SPAN.c0406, SPAN.c0407, SPAN.c0408, SPAN.c0409, SPAN.c0410, SPAN.c0411, SPAN.c0412, SPAN.c0413, SPAN.c0414, SPAN.c0415 {color: red;}
++SPAN.c0500, SPAN.c0501, SPAN.c0502, SPAN.c0503, SPAN.c0504, SPAN.c0505, SPAN.c0506, SPAN.c0507, SPAN.c0508, SPAN.c0509, SPAN.c0510, SPAN.c0511, SPAN.c0512, SPAN.c0513, SPAN.c0514, SPAN.c0515 {color: maroon;}
++SPAN.c0600, SPAN.c0601, SPAN.c0602, SPAN.c0603, SPAN.c0604, SPAN.c0605, SPAN.c0606, SPAN.c0607, SPAN.c0608, SPAN.c0609, SPAN.c0610, SPAN.c0611, SPAN.c0612, SPAN.c0613, SPAN.c0614, SPAN.c0615 {color: purple;}
++SPAN.c0700, SPAN.c0701, SPAN.c0702, SPAN.c0703, SPAN.c0704, SPAN.c0705, SPAN.c0706, SPAN.c0707, SPAN.c0708, SPAN.c0709, SPAN.c0710, SPAN.c0711, SPAN.c0712, SPAN.c0713, SPAN.c0714, SPAN.c0715 {color: orange;}
++SPAN.c0800, SPAN.c0801, SPAN.c0802, SPAN.c0803, SPAN.c0804, SPAN.c0805, SPAN.c0806, SPAN.c0807, SPAN.c0808, SPAN.c0809, SPAN.c0810, SPAN.c0811, SPAN.c0812, SPAN.c0813, SPAN.c0814, SPAN.c0815 {color: yellow;}
++SPAN.c0900, SPAN.c0901, SPAN.c0902, SPAN.c0903, SPAN.c0904, SPAN.c0905, SPAN.c0906, SPAN.c0907, SPAN.c0908, SPAN.c0909, SPAN.c0910, SPAN.c0911, SPAN.c0912, SPAN.c0913, SPAN.c0914, SPAN.c0915 {color: lime;}
++SPAN.c1000, SPAN.c1001, SPAN.c1002, SPAN.c1003, SPAN.c1004, SPAN.c1005, SPAN.c1006, SPAN.c1007, SPAN.c1008, SPAN.c1009, SPAN.c1010, SPAN.c1011, SPAN.c1012, SPAN.c1013, SPAN.c1014, SPAN.c1015 {color: teal;}
++SPAN.c1100, SPAN.c1101, SPAN.c1102, SPAN.c1103, SPAN.c1104, SPAN.c1105, SPAN.c1106, SPAN.c1107, SPAN.c1108, SPAN.c1109, SPAN.c1110, SPAN.c1111, SPAN.c1112, SPAN.c1113, SPAN.c1114, SPAN.c1115 {color: cyan;}
++SPAN.c1200, SPAN.c1201, SPAN.c1202, SPAN.c1203, SPAN.c1204, SPAN.c1205, SPAN.c1206, SPAN.c1207, SPAN.c1208, SPAN.c1209, SPAN.c1210, SPAN.c1211, SPAN.c1212, SPAN.c1213, SPAN.c1214, SPAN.c1215 {color: blue;}
++SPAN.c1300, SPAN.c1301, SPAN.c1302, SPAN.c1303, SPAN.c1304, SPAN.c1305, SPAN.c1306, SPAN.c1307, SPAN.c1308, SPAN.c1309, SPAN.c1310, SPAN.c1311, SPAN.c1312, SPAN.c1313, SPAN.c1314, SPAN.c1315 {color: magenta;}
++SPAN.c1400, SPAN.c1401, SPAN.c1402, SPAN.c1403, SPAN.c1404, SPAN.c1405, SPAN.c1406, SPAN.c1407, SPAN.c1408, SPAN.c1409, SPAN.c1410, SPAN.c1411, SPAN.c1412, SPAN.c1413, SPAN.c1414, SPAN.c1415 {color: silver;}
++SPAN.c1500, SPAN.c1501, SPAN.c1502, SPAN.c1503, SPAN.c1504, SPAN.c1505, SPAN.c1506, SPAN.c1507, SPAN.c1508, SPAN.c1509, SPAN.c1510, SPAN.c1511, SPAN.c1512, SPAN.c1513, SPAN.c1514, SPAN.c1515 {color: gray;}
++SPAN.f00 {color: white;}
++SPAN.f01 {color: black;}
++SPAN.f02 {color: navy;}
++SPAN.f03 {color: green;}
++SPAN.f04 {color: red;}
++SPAN.f05 {color: maroon;}
++SPAN.f06 {color: purple;}
++SPAN.f07 {color: orange;}
++SPAN.f08 {color: yellow;}
++SPAN.f09 {color: lime;}
++SPAN.f10 {color: teal;}
++SPAN.f11 {color: cyan;}
++SPAN.f12 {color: blue;}
++SPAN.f13 {color: magenta;}
++SPAN.f14 {color: silver;}
++SPAN.f15 {color: gray;}
++SPAN.b00 {background-color: white;}
++SPAN.b01 {background-color: black;}
++SPAN.b02 {background-color: navy;}
++SPAN.b03 {background-color: green;}
++SPAN.b04 {background-color: red;}
++SPAN.b05 {background-color: maroon;}
++SPAN.b06 {background-color: purple;}
++SPAN.b07 {background-color: orange;}
++SPAN.b08 {background-color: yellow;}
++SPAN.b09 {background-color: lime;}
++SPAN.b10 {background-color: teal;}
++SPAN.b11 {background-color: cyan;}
++SPAN.b12 {background-color: blue;}
++SPAN.b13 {background-color: magenta;}
++SPAN.b14 {background-color: silver;}
++SPAN.b15 {background-color: gray;}
diff --git a/main/email/APKBUILD b/main/email/APKBUILD
new file mode 100644
index 0000000000..a1301fe044
--- /dev/null
+++ b/main/email/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=email
+pkgver=3.1.2
+pkgrel=0
+pkgdesc="A command line SMTP client that's simple"
+url="http://www.cleancode.org/projects/email"
+license="GPL"
+depends="uclibc openssl"
+makedepends="openssl-dev"
+source="http://www.cleancode.org/downloads/email/email-3.1.2.tar.bz2"
+
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	
+	./configure \
+        --prefix=/usr \
+	--sysconfdir=/etc \
+	--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="468c32758a01d1def084b5a7aaf631ac  email-3.1.2.tar.bz2"
diff --git a/main/email/email-3.1.0-doc.patch b/main/email/email-3.1.0-doc.patch
new file mode 100644
index 0000000000..d7467844f0
--- /dev/null
+++ b/main/email/email-3.1.0-doc.patch
@@ -0,0 +1,10 @@
+--- email-3.1.0.orig/configure.in	Thu Jan  1 12:00:53 2009
++++ email-3.1.0/configure.in	Thu Jan  1 12:01:16 2009
+@@ -65,7 +65,6 @@
+     CFLAGS="$CFLAGS -DUSE_GNU_STRFTIME"
+ fi
+ 
+-AC_SUBST(docdir, ["\${prefix}/doc/email-${version}"])
+ AC_SUBST(ver, ["$version"])
+ 
+ CFLAGS="$CFLAGS -I$cwd -I$cwd/src -I$cwd/include -I../include -I$cwd/dlib/include"
diff --git a/main/email/email-3.1.0-ldflags.patch b/main/email/email-3.1.0-ldflags.patch
new file mode 100644
index 0000000000..d08896ee3a
--- /dev/null
+++ b/main/email/email-3.1.0-ldflags.patch
@@ -0,0 +1,11 @@
+--- email-3.1.0.orig/src/Makefile.in	Tue Dec 30 13:16:08 2008
++++ email-3.1.0/src/Makefile.in	Tue Dec 30 13:17:00 2008
+@@ -18,7 +18,7 @@
+ 	remotesmtp.o sig_file.o smtpcommands.o utils.o
+ 
+ all: $(FILES)
+-	$(CC) $(CFLAGS) -o email $(FILES) $(OTHER_FILES) $(LDFLAGS) $(LIBS) $(DLIB)
++	$(CC) $(CFLAGS) -o email $(FILES) $(OTHER_FILES) $(DLIB) $(LDFLAGS) $(LIBS)
+ 
+ clean:
+ 	rm -f *.o *.d email
diff --git a/main/espeak/APKBUILD b/main/espeak/APKBUILD
new file mode 100644
index 0000000000..bf005e00a5
--- /dev/null
+++ b/main/espeak/APKBUILD
@@ -0,0 +1,42 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=espeak
+pkgver=1.40.02
+pkgrel=0
+pkgdesc="Speech synthesizer for English and other languages"
+url="http://espeak.sourceforge.net/"
+license="GPL-3"
+subpackages="$pkgname-dev"
+depends="uclibc uclibc++"
+makedepends="uclibc++-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver-source.zip
+	$pkgname-$pkgver-uclibc++.patch"
+
+build() {
+	local s="$srcdir"/$pkgname-$pkgver-source
+	cd "$s"
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	export CXX=g++-uc
+
+	cd src
+	make CXXFLAGS="${CXXFLAGS}" AUDIO=none all || return 1
+
+	msg "Fixing byte order of phoneme data files"
+	cd "$s"/platforms/big_endian
+	make
+	./espeak-phoneme-data "$s"/espeak-data
+	cp -f phondata phonindex phontab "$s"/espeak-data
+
+	cd "$s"/src
+	make DESTDIR="$pkgdir" AUDIO=none install || return 1
+
+	cd "$s"
+	install -d "$pkgdir"/usr/share/espeak-data
+	cp -r dictsource "$pkgdir"/usr/share/espeak-data
+}
+
+md5sums="708954b44c526e8174df8b88a6382738  espeak-1.40.02-source.zip
+c13bb95088c5777b4d3e5ea10ca37517  espeak-1.40.02-uclibc++.patch"
diff --git a/main/espeak/espeak-1.40.02-uclibc++.patch b/main/espeak/espeak-1.40.02-uclibc++.patch
new file mode 100644
index 0000000000..6899220525
--- /dev/null
+++ b/main/espeak/espeak-1.40.02-uclibc++.patch
@@ -0,0 +1,21 @@
+--- espeak-1.40.02-source.orig/src/Makefile	2008-12-26 10:11:49 +0000
++++ espeak-1.40.02-source/src/Makefile	2008-12-26 10:27:48 +0000
+@@ -60,15 +60,15 @@
+ 
+ SRCS1=$(speak_SOURCES)
+ OBJS1=$(patsubst %.cpp,%.o,$(SRCS1))
+-LIBS1=-lstdc++ $(LIB_AUDIO) -lpthread $(EXTRA_LIBS)
++LIBS1=-lm $(LIB_AUDIO) -lpthread $(EXTRA_LIBS)
+ 
+ SRCS2=$(libespeak_SOURCES)
+ OBJS2=$(patsubst %.cpp,x_%.o,$(SRCS2))
+-LIBS2=-lstdc++ $(LIB_AUDIO) -lpthread
++LIBS2=-lm $(LIB_AUDIO) -lpthread
+ 
+ SRCS3 = espeak.cpp
+ OBJS3=$(patsubst %.cpp,%.o,$(SRCS3))
+-LIBS3=-lstdc++ -L . -lespeak
++LIBS3=-L . -lespeak -lpthread
+ 
+ CXXFLAGS=-O2
+ 
diff --git a/main/ethtool/APKBUILD b/main/ethtool/APKBUILD
new file mode 100644
index 0000000000..50c92d40ec
--- /dev/null
+++ b/main/ethtool/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ethtool
+pkgver=6
+pkgrel=0
+pkgdesc="gkernel ethtool"
+url="http://sourceforge.net/projects/gkernel/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+source="http://easynews.dl.sf.net/sourceforge/gkernel/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$pkgver" 
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="3b721ec27f17ebf320ba8c505cf66d9c  ethtool-6.tar.gz"
diff --git a/main/expat/APKBUILD b/main/expat/APKBUILD
new file mode 100644
index 0000000000..3f81d32565
--- /dev/null
+++ b/main/expat/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=expat
+pkgver=2.0.1
+pkgrel=0
+pkgdesc="An XML Parser library written in C"
+url="http://www.libexpat.org/"
+license='AS IS'
+depends="uclibc"
+makedepends=""
+source="http://surfnet.dl.sourceforge.net/sourceforge/expat/expat-2.0.1.tar.gz"
+subpackages="$pkgname-dev $pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+	--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+md5sums="ee8b492592568805593f81f8cdf2a04c  expat-2.0.1.tar.gz"
diff --git a/main/faac/APKBUILD b/main/faac/APKBUILD
new file mode 100644
index 0000000000..3e523a4d51
--- /dev/null
+++ b/main/faac/APKBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=faac
+pkgver=1.28
+pkgrel=0
+pkgdesc="FAAC is an AAC audio encoder."
+url="http://www.audiocoding.com/"
+license="GPL custom"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends="autoconf automake libtool uclibc++-dev"
+source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	export CXX="${UC_CXX:-g++-uc}"
+	./bootstrap
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -D -m644 "$srcdir"/$pkgname-$pkgver/libfaac/kiss_fft/COPYING \
+		"$pkgdir"/usr/share/licenses/faac/COPYING.kiss_fft
+}
+md5sums="80763728d392c7d789cde25614c878f6  faac-1.28.tar.gz"
diff --git a/main/faad2/APKBUILD b/main/faad2/APKBUILD
new file mode 100644
index 0000000000..e1453df902
--- /dev/null
+++ b/main/faad2/APKBUILD
@@ -0,0 +1,28 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=faad2
+pkgver=2.7
+pkgrel=0
+pkgdesc="ISO AAC audio decoder"
+url="http://www.audiocoding.com/"
+license="custom:GPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends="autoconf automake libtool"
+source="http://downloads.sourceforge.net/sourceforge/faac/$pkgname-$pkgver.tar.bz2"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	
+	# manfile has bad name
+	mv frontend/faad.man frontend/faad.1 && \
+		sed -i -e 's:faad\.man:faad.1:' frontend/Makefile.am \
+		|| return 1
+
+	sh bootstrap
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -m644 common/mp4ff/mp4ff_int_types.h "$pkgdir"/usr/include/mp4ff_int_types.h || return 1
+}
+md5sums="4c332fa23febc0e4648064685a3d4332  faad2-2.7.tar.bz2"
diff --git a/main/fakeroot/APKBUILD b/main/fakeroot/APKBUILD
new file mode 100644
index 0000000000..d9bfb67b87
--- /dev/null
+++ b/main/fakeroot/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=fakeroot
+pkgver=1.12.4
+pkgrel=0
+pkgdesc="Gives a fake root environment, useful for building packages as a non-privileged user"
+license='GPL'
+url="http://packages.debian.org/fakeroot"
+depends=
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://ftp.debian.org/debian/pool/main/f/$pkgname/${pkgname}_${pkgver}.tar.gz
+	busybox-compat.patch"
+
+build() {
+  cd $startdir/src/$pkgname-$pkgver
+  patch -p1 < ../busybox-compat.patch
+  CONFIG_SHELL=/bin/sh ./configure --prefix=/usr
+  make || return 1
+  make DESTDIR="$pkgdir" install
+}
+
+md5sums="aaefede2405a40c87438e7e833d69b70  fakeroot_1.12.4.tar.gz
+ea7b7e3065090d72804cdf4719dd5832  busybox-compat.patch"
diff --git a/main/fakeroot/busybox-compat.patch b/main/fakeroot/busybox-compat.patch
new file mode 100644
index 0000000000..1d07d0d31a
--- /dev/null
+++ b/main/fakeroot/busybox-compat.patch
@@ -0,0 +1,23 @@
+--- fakeroot-1.10.1.orig/scripts/fakeroot.in	Wed Nov  5 19:48:00 2008
++++ fakeroot-1.10.1/scripts/fakeroot.in	Wed Nov  5 19:49:12 2008
+@@ -28,7 +28,7 @@
+ 
+ libfound=no
+ 
+-GETOPTEST=`getopt --version`
++GETOPTEST=`getopt --version 2>/dev/null`
+ case $GETOPTEST in
+ getopt*) # GNU getopt
+     TEMP=`getopt -l lib: -l faked: -l unknown-is-real -l fd-base: -l version -l help -- +l:f:i:s:ub:vh "$@"`
+@@ -133,9 +133,9 @@
+ PID=`echo $KEY_PID|cut -d: -f2`
+ 
+ if [ "$WAITINTRAP" -eq 0 ]; then
+-  trap "kill -s @signal@ $PID" EXIT INT
++  trap "kill -@signal@ $PID" EXIT INT
+ else
+-  trap 'FAKEROOTKEY=$FAKEROOTKEY LD_LIBRARY_PATH="$PATHS"  LD_PRELOAD="$LIB" /bin/ls -l / >/dev/null 2>&1; while kill -s @signal@ $PID 2>/dev/null; do sleep 0.1; done' EXIT INT
++  trap 'FAKEROOTKEY=$FAKEROOTKEY LD_LIBRARY_PATH="$PATHS"  LD_PRELOAD="$LIB" /bin/ls -l / >/dev/null 2>&1; while kill -@signal@ $PID 2>/dev/null; do sleep 0.1; done' EXIT INT
+ fi
+ 
+ if test -z "$FAKEROOTKEY" || test -z "$PID"; then
diff --git a/main/fcgi/10-fcgi-2.4.0-Makefile.patch b/main/fcgi/10-fcgi-2.4.0-Makefile.patch
new file mode 100644
index 0000000000..dad4cd6e02
--- /dev/null
+++ b/main/fcgi/10-fcgi-2.4.0-Makefile.patch
@@ -0,0 +1,24 @@
+Index: fcgi-2.4.0/cgi-fcgi/Makefile.am
+===================================================================
+--- fcgi-2.4.0.orig/cgi-fcgi/Makefile.am
++++ fcgi-2.4.0/cgi-fcgi/Makefile.am
+@@ -11,5 +11,5 @@ INCLUDE_FILES   = $(INCLUDEDIR)/fastcgi.
+ LIBDIR      = ../libfcgi
+ LIBFCGI     = $(LIBDIR)/libfcgi.la
+ 
+-LDADD = $(LIBFCGI)
++LDADD = $(LIBFCGI) -lm
+ cgi_fcgi_SOURCES = $(INCLUDE_FILES) cgi-fcgi.c
+Index: fcgi-2.4.0/examples/Makefile.am
+===================================================================
+--- fcgi-2.4.0.orig/examples/Makefile.am
++++ fcgi-2.4.0/examples/Makefile.am
+@@ -21,7 +21,7 @@ INCLUDE_FILES   = $(INCLUDEDIR)/fastcgi.
+ LIBDIR      = ../libfcgi
+ LIBFCGI     = $(LIBDIR)/libfcgi.la
+ 
+-LDADD = $(LIBFCGI)
++LDADD = $(LIBFCGI) -lm
+ 
+ echo_SOURCES       = $(INCLUDE_FILES) echo.c
+ echo_x_SOURCES     = $(INCLUDE_FILES) echo-x.c
diff --git a/main/fcgi/20-fcgi-2.4.0-clientdata-pointer.patch b/main/fcgi/20-fcgi-2.4.0-clientdata-pointer.patch
new file mode 100644
index 0000000000..ba4793765d
--- /dev/null
+++ b/main/fcgi/20-fcgi-2.4.0-clientdata-pointer.patch
@@ -0,0 +1,96 @@
+Index: fcgi-2.4.0/cgi-fcgi/cgi-fcgi.c
+===================================================================
+--- fcgi-2.4.0.orig/cgi-fcgi/cgi-fcgi.c
++++ fcgi-2.4.0/cgi-fcgi/cgi-fcgi.c
+@@ -21,6 +21,7 @@ static const char rcsid[] = "$Id: cgi-fc
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <sys/types.h>
+ 
+ #include "fcgi_config.h"
+ 
+@@ -145,7 +146,7 @@ static FCGI_BeginRequestBody MakeBeginRe
+ 
+ 
+ static int bytesToRead;    /* number of bytes to read from Web Server */
+-static int appServerSock = -1;  /* Socket connected to FastCGI application,
++static size_t appServerSock = -1;  /* Socket connected to FastCGI application,
+                                  * used by AppServerReadHandler and
+                                  * AppServerWriteHandler. */
+ static Buffer fromAS;      /* Bytes read from the FCGI application server. */
+@@ -640,7 +641,7 @@ static int ParseArgs(int argc, char *arg
+ 			}
+ 			if((av[ac] = (char *)malloc(strlen(tp1)+1)) == NULL) {
+ 			    fprintf(stderr, "Cannot allocate %d bytes\n",
+-				    strlen(tp1)+1);
++				    (int)strlen(tp1)+1);
+ 			    exit(-1);
+ 			}
+ 			strcpy(av[ac++], tp1);
+Index: fcgi-2.4.0/examples/threaded.c
+===================================================================
+--- fcgi-2.4.0.orig/examples/threaded.c
++++ fcgi-2.4.0/examples/threaded.c
+@@ -24,7 +24,7 @@ static int counts[THREAD_COUNT];
+ 
+ static void *doit(void *a)
+ {
+-    int rc, i, thread_id = (int)a;
++    size_t rc, i, thread_id = (size_t)a;
+     pid_t pid = getpid();
+     FCGX_Request request;
+     char *server_name;
+@@ -53,7 +53,7 @@ static void *doit(void *a)
+             "<h1>FastCGI Hello! (multi-threaded C, fcgiapp library)</h1>"
+             "Thread %d, Process %ld<p>"
+             "Request counts for %d threads running on host <i>%s</i><p><code>",
+-            thread_id, pid, THREAD_COUNT, server_name ? server_name : "?");
++            (int)thread_id, pid, THREAD_COUNT, server_name ? server_name : "?");
+ 
+         sleep(2);
+ 
+@@ -71,7 +71,7 @@ static void *doit(void *a)
+ 
+ int main(void)
+ {
+-    int i;
++    size_t i;
+     pthread_t id[THREAD_COUNT];
+ 
+     FCGX_Init();
+Index: fcgi-2.4.0/include/fcgios.h
+===================================================================
+--- fcgi-2.4.0.orig/include/fcgios.h
++++ fcgi-2.4.0/include/fcgios.h
+@@ -93,7 +93,7 @@ extern "C" {
+ #   if defined(__STDC__) || defined(__cplusplus)
+     typedef void *ClientData;
+ #   else
+-    typedef int *ClientData;
++    typedef size_t *ClientData;
+ #   endif /* __STDC__ */
+ #define _CLIENTDATA
+ #endif
+Index: fcgi-2.4.0/libfcgi/os_unix.c
+===================================================================
+--- fcgi-2.4.0.orig/libfcgi/os_unix.c
++++ fcgi-2.4.0/libfcgi/os_unix.c
+@@ -1155,7 +1155,7 @@ int OS_Accept(int listen_sock, int fail_
+ 
+         for (;;) {
+             do {
+-#ifdef HAVE_SOCKLEN
++#ifdef HAVE_SYS_SOCKET_H
+                 socklen_t len = sizeof(sa);
+ #else
+                 int len = sizeof(sa);
+@@ -1255,7 +1255,7 @@ int OS_IsFcgi(int sock)
+         struct sockaddr_in in;
+         struct sockaddr_un un;
+     } sa;
+-#ifdef HAVE_SOCKLEN
++#ifdef HAVE_SYS_SOCKET_H
+     socklen_t len = sizeof(sa);
+ #else
+     int len = sizeof(sa);
diff --git a/main/fcgi/30-fcgi-2.4.0-html-updates.patch b/main/fcgi/30-fcgi-2.4.0-html-updates.patch
new file mode 100644
index 0000000000..ca10a6a603
--- /dev/null
+++ b/main/fcgi/30-fcgi-2.4.0-html-updates.patch
@@ -0,0 +1,65 @@
+Index: fcgi-2.4.0/doc/fcgi-devel-kit.htm
+===================================================================
+--- fcgi-2.4.0.orig/doc/fcgi-devel-kit.htm
++++ fcgi-2.4.0/doc/fcgi-devel-kit.htm
+@@ -19,7 +19,7 @@
+    </HEAD>
+    <BODY>
+       <P CLASS="c1">
+-         <IMG BORDER="0" SRC="../images/fcgi-hd.gif" ALT="[[FastCGI]]"><BR CLEAR="all">
++         <IMG BORDER="0" SRC="images/fcgi-hd.gif" ALT="[[FastCGI]]"><BR CLEAR="all">
+       </P>
+       <H3 CLASS="c2">
+          FastCGI Developer&#39;s Kit
+Index: fcgi-2.4.0/doc/fcgi-java.htm
+===================================================================
+--- fcgi-2.4.0.orig/doc/fcgi-java.htm
++++ fcgi-2.4.0/doc/fcgi-java.htm
+@@ -20,7 +20,7 @@
+    </HEAD>
+    <BODY>
+       <DIV CLASS="c1">
+-         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="../images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
++         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
+       </DIV>
+       <BR CLEAR="all">
+       <DIV CLASS="c1">
+Index: fcgi-2.4.0/doc/fcgi-perf.htm
+===================================================================
+--- fcgi-2.4.0.orig/doc/fcgi-perf.htm
++++ fcgi-2.4.0/doc/fcgi-perf.htm
+@@ -19,7 +19,7 @@
+    </HEAD>
+    <BODY>
+       <DIV CLASS="c1">
+-         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="../images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
++         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
+       </DIV>
+       <BR CLEAR="all">
+       <DIV CLASS="c1">
+Index: fcgi-2.4.0/doc/fcgi-perl.htm
+===================================================================
+--- fcgi-2.4.0.orig/doc/fcgi-perl.htm
++++ fcgi-2.4.0/doc/fcgi-perl.htm
+@@ -19,7 +19,7 @@
+    </HEAD>
+    <BODY>
+       <DIV CLASS="c1">
+-         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="../images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
++         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
+       </DIV>
+       <BR CLEAR="all">
+        
+Index: fcgi-2.4.0/doc/fcgi-tcl.htm
+===================================================================
+--- fcgi-2.4.0.orig/doc/fcgi-tcl.htm
++++ fcgi-2.4.0/doc/fcgi-tcl.htm
+@@ -19,7 +19,7 @@
+    </HEAD>
+    <BODY>
+       <DIV CLASS="c1">
+-         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="../images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
++         <A HREF="http://fastcgi.com"><IMG BORDER="0" SRC="images/fcgi-hd.gif" ALT="[[FastCGI]]"></A>
+       </DIV>
+       <BR CLEAR="all">
+       <DIV CLASS="c1">
diff --git a/main/fcgi/APKBUILD b/main/fcgi/APKBUILD
new file mode 100644
index 0000000000..fc208006cb
--- /dev/null
+++ b/main/fcgi/APKBUILD
@@ -0,0 +1,42 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=fcgi
+pkgver=2.4.0
+pkgrel=0
+pkgdesc="FAST CGI(fcgi) is a language independent, high performant extension to CGI"
+url="http://www.fastcgi.com"
+license="GPL"
+depends="uclibc"
+makedepends=""
+subpackages="$pkgname-dev"
+source="http://www.fastcgi.com/dist/${pkgname}-${pkgver}.tar.gz
+20-fcgi-2.4.0-clientdata-pointer.patch
+30-fcgi-2.4.0-html-updates.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+        for i in ../*.patch; do
+                msg "Applying $i"
+                patch -p1 < $i || return 1
+        done
+	
+	export LIBS="$LIBS -lm"
+
+	# seems like there is no way to disable c++ from configure script
+	# the row below helps us to build even if g++ is installed on system
+	export CXX=false
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--enable-shared
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="d15060a813b91383a9f3c66faf84867e  fcgi-2.4.0.tar.gz
+d2654525f06451c99b8cdd4cc00a963b  20-fcgi-2.4.0-clientdata-pointer.patch
+f26b536786f70b30a2d91c83d56e944c  30-fcgi-2.4.0-html-updates.patch"
diff --git a/main/fetchmail/APKBUILD b/main/fetchmail/APKBUILD
new file mode 100644
index 0000000000..092556638a
--- /dev/null
+++ b/main/fetchmail/APKBUILD
@@ -0,0 +1,44 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=fetchmail
+pkgver=6.3.9
+pkgrel=3
+pkgdesc="A remote-mail retrieval and forwarding utility"
+url="http://fetchmail.berlios.de/"
+license="GPL"
+depends=
+makedepends="openssl-dev python"
+install="fetchmail.pre-install fetchmail.post-install"
+subpackages="$pkgname-doc fetchmailconf"
+source="http://download.berlios.de/fetchmail/$pkgname-$pkgver.tar.bz2
+	$install
+	fetchmail.initd"
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-ssl \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -Dm755 "$srcdir"/fetchmail.initd "$pkgdir"/etc/init.d/fetchmail
+	install -d "$pkgdir"/var/lib/fetchmail "$pkgdir"/var/run/fetchmail
+}
+
+fetchmailconf() {
+	depends="python"
+	pkgdesc="A GUI for generating fetchmail configuration files"
+	install=
+	mkdir -p "$subpkgdir"/usr/bin
+	cd "$pkgdir" 
+	mv usr/bin/fetchmailconf "$subpkgdir"/usr/bin/
+	mv usr/lib "$subpkgdir"/usr/
+}
+
+md5sums="72c20ad2b9629f1a109668b05a84d823  fetchmail-6.3.9.tar.bz2
+5a2fc8e8b3115fe2b9bf23503fb8f0a4  fetchmail.pre-install
+4b451d102e92926b6b6c1774f4260310  fetchmail.post-install
+22e9ac1d8385db05da15e01fd5c831e4  fetchmail.initd"
diff --git a/main/fetchmail/fetchmail.initd b/main/fetchmail/fetchmail.initd
new file mode 100755
index 0000000000..a1ed1ec837
--- /dev/null
+++ b/main/fetchmail/fetchmail.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+
+pidfile=/var/run/fetchmail/fetchmail.pid
+
+depend() {
+	need net
+	use mta
+}
+
+checkconfig() {
+        if [ ! -f /etc/fetchmailrc ]; then
+                eerror "Configuration file /etc/fetchmailrc not found"
+                return 1
+        fi
+}
+
+start() {
+        checkconfig || return 1
+
+        ebegin "Starting fetchmail"
+        start-stop-daemon --start --quiet \
+		--chuid fetchmail --exec /usr/bin/fetchmail \
+		-- -d ${polling_period:-300} -f /etc/fetchmailrc \
+		--pidfile ${pidfile} -i /var/lib/fetchmail/.fetchids
+        eend ${?}
+}
+
+stop() {
+        ebegin "Stopping fetchmail"
+        start-stop-daemon --stop --quiet --pidfile ${pidfile}
+        eend ${?}
+}
+
diff --git a/main/fetchmail/fetchmail.post-install b/main/fetchmail/fetchmail.post-install
new file mode 100644
index 0000000000..b16bfcc3e4
--- /dev/null
+++ b/main/fetchmail/fetchmail.post-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+chown fetchmail:fetchmail /var/*/fetchmail
diff --git a/main/fetchmail/fetchmail.pre-install b/main/fetchmail/fetchmail.pre-install
new file mode 100644
index 0000000000..4a1b630e00
--- /dev/null
+++ b/main/fetchmail/fetchmail.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -H -h /var/lib/fetchmail -s /bin/false -D fetchmail 2>/dev/null
+exit 0
diff --git a/main/file/APKBUILD b/main/file/APKBUILD
new file mode 100644
index 0000000000..7754f6ced6
--- /dev/null
+++ b/main/file/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=file
+pkgver=5.03
+pkgrel=0
+pkgdesc="File type identification utility"
+url="http://www.darwinsys.com/file/"
+license="custom"
+depends="uclibc zlib"
+source="ftp://ftp.astron.com/pub/file/file-$pkgver.tar.gz
+	nocxx.patch"
+subpackages="$pkgname-dev $pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	patch configure < ../nocxx.patch || return 1
+	./configure --prefix=/usr --datadir=/usr/share/misc
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="d05f08a53e5c2f51f8ee6a4758c0cc53  file-5.03.tar.gz
+28513788ba4d556ccd538867dc6205ab  nocxx.patch"
diff --git a/main/file/nocxx.patch b/main/file/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/file/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/flac/APKBUILD b/main/flac/APKBUILD
new file mode 100644
index 0000000000..a5626e1c44
--- /dev/null
+++ b/main/flac/APKBUILD
@@ -0,0 +1,30 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=flac
+pkgver=1.2.1
+pkgrel=0
+pkgdesc="Free Lossless Audio Codec"
+url="http://flac.sourceforge.net/"
+license="custom:Xiph LGPL GPL FDL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="uclibc libogg"
+makedepends="libogg-dev"
+source="http://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz
+	"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver || return 1
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--enable-shared \
+		--enable-ogg \
+		--disable-sse \
+		--disable-rpath \
+		--disable-cpplibs \
+		--with-pic || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -Dm0644 COPYING.Xiph \
+		"$pkgdir"/usr/share/licenses/$pkgname/COPYING.Xiph
+}
+md5sums="153c8b15a54da428d1f0fadc756c22c7  flac-1.2.1.tar.gz"
diff --git a/main/flex/APKBUILD b/main/flex/APKBUILD
new file mode 100644
index 0000000000..d44643d776
--- /dev/null
+++ b/main/flex/APKBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Natanael Copa <ncop@alpinelinux.org>
+pkgname=flex
+pkgver=2.5.35
+pkgrel=2
+pkgdesc="A tool for generating text-scanning programs"
+url="http://flex.sourceforge.net"
+license=custom
+depends='m4'
+makedepends=m4
+source="http://downloads.sourceforge.net/sourceforge/flex/flex-$pkgver.tar.bz2"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make install DESTDIR="$pkgdir"
+}
+
+md5sums="10714e50cea54dc7a227e3eddcd44d57  flex-2.5.35.tar.bz2"
diff --git a/main/fping/APKBUILD b/main/fping/APKBUILD
new file mode 100644
index 0000000000..11b4f1819a
--- /dev/null
+++ b/main/fping/APKBUILD
@@ -0,0 +1,23 @@
+pkgname=fping
+pkgver=2.4_beta2
+_myver=2.4b2_to
+pkgrel=1
+pkgdesc="A utility to ping multiple hosts at once"
+url="http://www.fping.com/"
+license="fping"
+depends="uclibc"
+subpackages="$pkgname-doc"
+
+# what happened to upstream download? use gentoo distfiles meanwhile
+#source="http://www.$pkgname.com/download/$pkgname-${myver}.tar.gz"
+source=http://distfiles.gentoo.org/distfiles/fping-${_myver}.tar.gz
+
+
+build () { 
+	cd $startdir/src/$pkgname-${_myver}
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man
+	make || return 1
+	make install DESTDIR="$pkgdir"
+}
+md5sums="d5e8be59e307cef76bc479e1684df705  fping-2.4b2_to.tar.gz"
diff --git a/main/freetds/APKBUILD b/main/freetds/APKBUILD
new file mode 100644
index 0000000000..5e58429d9c
--- /dev/null
+++ b/main/freetds/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Michael Mason <ms13sp@gmail.com>
+pkgname=freetds
+pkgver=0.82
+pkgrel=1
+pkgdesc="Tabular Datastream Library"
+url="http://www.freetds.org/"
+license="GPL"
+depends=
+makedepends="unixodbc-dev readline-dev"
+install=
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://ibiblio.org/pub/Linux/ALPHA/freetds/stable/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="3df6b2e83fd420e90f1becbd1162990a  freetds-0.82.tar.gz"
diff --git a/main/freetype/10-bytecode.patch b/main/freetype/10-bytecode.patch
new file mode 100644
index 0000000000..dd901ad64b
--- /dev/null
+++ b/main/freetype/10-bytecode.patch
@@ -0,0 +1,29 @@
+--- include/freetype/config/ftoption.h.old	2006-05-12 02:05:49.000000000 +0800
++++ include/freetype/config/ftoption.h	2006-10-02 01:22:50.000000000 +0800
+@@ -436,7 +436,7 @@
+   /*   Do not #undef this macro here, since the build system might         */
+   /*   define it for certain configurations only.                          */
+   /*                                                                       */
+-/* #define TT_CONFIG_OPTION_BYTECODE_INTERPRETER */
++#define TT_CONFIG_OPTION_BYTECODE_INTERPRETER
+ 
+ 
+   /*************************************************************************/
+@@ -448,7 +448,7 @@
+   /* FT_PARAM_TAG_UNPATENTED_HINTING; or when the debug hook               */
+   /* FT_DEBUG_HOOK_UNPATENTED_HINTING is globally activated.               */
+   /*                                                                       */
+-#define TT_CONFIG_OPTION_UNPATENTED_HINTING
++#undef TT_CONFIG_OPTION_UNPATENTED_HINTING
+ 
+ 
+   /*************************************************************************/
+@@ -480,7 +480,7 @@
+   /*   http://partners.adobe.com/asn/developer/opentype/glyf.html          */
+   /*   http://fonts.apple.com/TTRefMan/RM06/Chap6glyf.html                 */
+   /*                                                                       */
+-#undef TT_CONFIG_OPTION_COMPONENT_OFFSET_SCALED
++#define TT_CONFIG_OPTION_COMPONENT_OFFSET_SCALED
+ 
+ 
+   /*************************************************************************/
diff --git a/main/freetype/20-enable-spr.patch b/main/freetype/20-enable-spr.patch
new file mode 100644
index 0000000000..217912aa1f
--- /dev/null
+++ b/main/freetype/20-enable-spr.patch
@@ -0,0 +1,11 @@
+--- include/freetype/config/ftoption.h.spf	2007-01-18 14:27:34.000000000 -0500
++++ include/freetype/config/ftoption.h	2007-01-18 14:27:48.000000000 -0500
+@@ -92,7 +92,7 @@
+   /* This is done to allow FreeType clients to run unmodified, forcing     */
+   /* them to display normal gray-level anti-aliased glyphs.                */
+   /*                                                                       */
+-/* #define FT_CONFIG_OPTION_SUBPIXEL_RENDERING */
++#define FT_CONFIG_OPTION_SUBPIXEL_RENDERING
+ 
+ 
+   /*************************************************************************/
diff --git a/main/freetype/30-enable-valid.patch b/main/freetype/30-enable-valid.patch
new file mode 100644
index 0000000000..b61a792219
--- /dev/null
+++ b/main/freetype/30-enable-valid.patch
@@ -0,0 +1,20 @@
+--- modules.cfg.orig	2006-07-07 21:01:09.000000000 -0400
++++ modules.cfg	2006-07-07 21:01:54.000000000 -0400
+@@ -110,7 +110,7 @@
+ AUX_MODULES += cache
+ 
+ # TrueType GX/AAT table validation.  Needs ftgxval.c below.
+-# AUX_MODULES += gxvalid
++AUX_MODULES += gxvalid
+ 
+ # Support for streams compressed with gzip (files with suffix .gz).
+ #
+@@ -124,7 +124,7 @@
+ 
+ # OpenType table validation.  Needs ftotval.c below.
+ #
+-# AUX_MODULES += otvalid
++AUX_MODULES += otvalid
+ 
+ # Auxiliary PostScript driver component to share common code.
+ #
diff --git a/main/freetype/40-memcpy-fix.patch b/main/freetype/40-memcpy-fix.patch
new file mode 100644
index 0000000000..95c1cd6430
--- /dev/null
+++ b/main/freetype/40-memcpy-fix.patch
@@ -0,0 +1,14 @@
+--- src/psaux/psobjs.c~	2006-04-26 16:38:17.000000000 +0200
++++ src/psaux/psobjs.c	2006-09-10 15:01:13.000000000 +0200
+@@ -165,6 +165,11 @@
+       return PSaux_Err_Invalid_Argument;
+     }
+ 
++    if ( length < 0 ) {
++      FT_ERROR(( "ps_table_add: invalid length\n" ));
++      return PSaux_Err_Invalid_Argument;
++    }
++
+     /* grow the base block if needed */
+     if ( table->cursor + length > table->capacity )
+     {
diff --git a/main/freetype/APKBUILD b/main/freetype/APKBUILD
new file mode 100644
index 0000000000..e7f2a87ffc
--- /dev/null
+++ b/main/freetype/APKBUILD
@@ -0,0 +1,41 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=freetype
+pkgver=2.3.8
+pkgrel=0
+pkgdesc="TrueType font rendering library"
+url="http://freetype.sourceforge.net"
+license="GPL"
+depends="zlib"
+makedepends="zlib-dev"
+subpackages="$pkgname-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+10-bytecode.patch
+20-enable-spr.patch
+30-enable-valid.patch
+40-memcpy-fix.patch
+"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+        for i in "$srcdir"/*.patch; do
+                msg "Applying ${i}"
+                patch -p0 -i $i || return 1
+        done
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-static
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+}
+
+md5sums="ebd7d255fd72b7f86c94501b80c50009  freetype-2.3.8.tar.gz
+9ff19e742968c29e3ba52b08d6bf0a50  10-bytecode.patch
+376b94c06b113a62a3437e4130bb3fc3  20-enable-spr.patch
+3f6c5739843dcbc110ee0f243c4f6bdb  30-enable-valid.patch
+bd2d808a0c00dcf9f1d1c0a9a8227ad9  40-memcpy-fix.patch"
diff --git a/main/gawk/APKBUILD b/main/gawk/APKBUILD
new file mode 100644
index 0000000000..5bcd518d23
--- /dev/null
+++ b/main/gawk/APKBUILD
@@ -0,0 +1,30 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gawk
+pkgver=3.1.6
+pkgrel=1
+pkgdesc="GNU awk pattern-matching language"
+url="http://www.gnu.org/software/gawk/gawk.html"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install="$pkgname.post-deinstall"
+subpackages="$pkgname-doc"
+source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="b237751aef53c9ead9644e376bc53386  gawk-3.1.6.tar.gz
+b84506d253e04db3c5af9016fead45a3  gawk.post-deinstall"
diff --git a/main/gawk/gawk.post-deinstall b/main/gawk/gawk.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/gawk/gawk.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/gcc/00_all_gcc-4.0-cvs-incompat.patch b/main/gcc/00_all_gcc-4.0-cvs-incompat.patch
new file mode 100644
index 0000000000..e5bc302e26
--- /dev/null
+++ b/main/gcc/00_all_gcc-4.0-cvs-incompat.patch
@@ -0,0 +1,11 @@
+--- gcc-4.0.old/gcc/gcc.c.mps	Sun Nov 14 21:10:35 2004
++++ gcc-4.0/gcc/gcc.c	Sun Nov 14 21:43:17 2004
+@@ -794,6 +794,8 @@
+ /* NB: This is shared amongst all front-ends.  */
+ static const char *cc1_options =
+ "%{pg:%{fomit-frame-pointer:%e-pg and -fomit-frame-pointer are incompatible}}\
++ %{shared:%{static|pie|fPIE|fpie|fno-PIC|fno-pic:%e-shared and -static|pie|fPIE|fpie|fno-PIC|fno-pic are incompatible}}\
++ %{pie:%{static|pg|p|profile:%e-pie and -static|pg|p|profile are incompatible}}\
+  %1 %{!Q:-quiet} -dumpbase %B %{d*} %{m*} %{a*}\
+  %{c|S:%{o*:-auxbase-strip %*}%{!o*:-auxbase %b}}%{!c:%{!S:-auxbase %b}}\
+  %{g*} %{O*} %{W*&pedantic*} %{w} %{std*&ansi}\
diff --git a/main/gcc/01_all_gcc-4.0.2-v9.0.0-start_endfile-boundschecking-no.patch b/main/gcc/01_all_gcc-4.0.2-v9.0.0-start_endfile-boundschecking-no.patch
new file mode 100644
index 0000000000..8871506195
--- /dev/null
+++ b/main/gcc/01_all_gcc-4.0.2-v9.0.0-start_endfile-boundschecking-no.patch
@@ -0,0 +1,10 @@
+--- gcc-4.0.2/gcc/gcc.c.nondef~	2006-01-09 00:09:50 +0100
++++ gcc-4.0.2/gcc/gcc.c	2006-01-09 00:15:31 +0100
+@@ -764,6 +764,6 @@
+ 
+ static const char *asm_debug;
+ static const char *cpp_spec = CPP_SPEC;
+-static const char *cc1_spec = CC1_SPEC;
++static const char *cc1_spec = CC1_SPEC CC1_HARDENED_SPEC;
+ static const char *cc1plus_spec = CC1PLUS_SPEC;
+ static const char *link_gcc_c_sequence_spec = LINK_GCC_C_SEQUENCE_SPEC;
diff --git a/main/gcc/01_all_gcc-4.3.1-crtbeginTS-stuff.patch b/main/gcc/01_all_gcc-4.3.1-crtbeginTS-stuff.patch
new file mode 100644
index 0000000000..8bc9a70567
--- /dev/null
+++ b/main/gcc/01_all_gcc-4.3.1-crtbeginTS-stuff.patch
@@ -0,0 +1,91 @@
+diff -Nru /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config.gcc /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config.gcc
+--- gcc-4.3.1/gcc/config.gcc	2008-06-11 04:13:33.000000000 +0200
++++ gcc-4.3.1/gcc/config.gcc	2008-06-11 04:41:39.000000000 +0200
+@@ -493,7 +493,7 @@
+   ;;
+ *-*-linux* | frv-*-*linux* | *-*-kfreebsd*-gnu | *-*-knetbsd*-gnu)
+   # Must come before *-*-gnu* (because of *-*-linux-gnu* systems).
+-  extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtend.o crtendS.o"
++  extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtbeginTS.o crtend.o crtendS.o"
+   extra_options="${extra_options} linux.opt"
+   gas=yes
+   gnu_ld=yes
+diff -Nru /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/Makefile.in /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/Makefile.in
+--- gcc-4.3.1/gcc/Makefile.in	2008-06-11 04:13:37.000000000 +0200
++++ gcc-4.3.1/gcc/Makefile.in	2008-06-11 04:42:27.000000000 +0200
+@@ -1665,36 +1665,43 @@
+ # constructors.
+ $(T)crtbegin.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \
+   gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H)
+-	$(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \
++	$(GCC_FOR_TARGET) -fno-PIE $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \
+ 	  -c $(srcdir)/crtstuff.c -DCRT_BEGIN \
+ 	  -o $(T)crtbegin$(objext)
+ 
+ $(T)crtend.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \
+   gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H)
+-	$(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \
++	$(GCC_FOR_TARGET) -fno-PIE $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \
+ 	  -c $(srcdir)/crtstuff.c -DCRT_END \
+ 	  -o $(T)crtend$(objext)
+ 
+ # These are versions of crtbegin and crtend for shared libraries.
+ $(T)crtbeginS.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \
+   gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H)
+-	$(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \
++	$(GCC_FOR_TARGET) -fno-PIE $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \
+ 	  -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFS_O \
+ 	  -o $(T)crtbeginS$(objext)
+ 
+ $(T)crtendS.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \
+   gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H)
+-	$(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \
++	$(GCC_FOR_TARGET) -fno-PIE $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \
+ 	  -c $(srcdir)/crtstuff.c -DCRT_END -DCRTSTUFFS_O \
+ 	  -o $(T)crtendS$(objext)
+ 
+ # This is a version of crtbegin for -static links.
+ $(T)crtbeginT.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \
+   gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H)
+-	$(GCC_FOR_TARGET) $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \
++	$(GCC_FOR_TARGET) -fno-PIE $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS) \
+ 	  -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O \
+ 	  -o $(T)crtbeginT$(objext)
+ 
++# This is a version of crtbegin for -static -fPIE links.
++$(T)crtbeginTS.o: crtstuff.c $(GCC_PASSES) $(TCONFIG_H) auto-host.h \
++  gbl-ctors.h stmp-int-hdrs tsystem.h coretypes.h $(TM_H)
++	$(GCC_FOR_TARGET) -fno-PIE $(CRTSTUFF_CFLAGS) $(CRTSTUFF_T_CFLAGS_S) \
++	  -c $(srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O -DCRTSTUFFS_O \
++	  -o $(T)crtbeginTS$(objext)
++
+ # Compile the start modules crt0.o and mcrt0.o that are linked with
+ # every program
+ $(T)crt0.o: s-crt0 ; @true
+diff -Nru /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/libgcc/config.host /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/libgcc/config.host
+--- gcc-4.3.1/libgcc/config.host	2008-01-25 21:49:04.000000000 +0100
++++ gcc-4.3.1/libgcc/config.host	2008-06-11 04:42:09.000000000 +0200
+@@ -164,7 +164,7 @@
+   ;;
+ *-*-linux* | frv-*-*linux* | *-*-kfreebsd*-gnu | *-*-knetbsd*-gnu)
+   # Must come before *-*-gnu* (because of *-*-linux-gnu* systems).
+-  extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtend.o crtendS.o"
++  extra_parts="crtbegin.o crtbeginS.o crtbeginT.o crtbeginTS.o crtend.o crtendS.o"
+   ;;
+ *-*-gnu*)
+   ;;
+diff -Nru /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/libgcc/Makefile.in /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/libgcc/Makefile.in
+--- gcc-4.3.1/libgcc/Makefile.in	2008-06-11 04:13:37.000000000 +0200
++++ gcc-4.3.1/libgcc/Makefile.in	2008-06-11 04:42:09.000000000 +0200
+@@ -783,6 +783,11 @@
+ crtbeginT.o: $(gcc_srcdir)/crtstuff.c
+ 	$(crt_compile) $(CRTSTUFF_T_CFLAGS) \
+ 	  -c $(gcc_srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O
++	  
++# This is a version of crtbegin for -static -fPIE links.
++crtbeginTS.o: $(gcc_srcdir)/crtstuff.c
++	$(crt_compile) $(CRTSTUFF_T_CFLAGS_S) \
++	  -c $(gcc_srcdir)/crtstuff.c -DCRT_BEGIN -DCRTSTUFFT_O	-DCRTSTUFFS_O  
+ endif
+ 
+ # Build extra startfiles in the libgcc directory.
diff --git a/main/gcc/02_all_gcc-4.3.1-v10.0.1-start_endfile.patch b/main/gcc/02_all_gcc-4.3.1-v10.0.1-start_endfile.patch
new file mode 100644
index 0000000000..75b3654c8e
--- /dev/null
+++ b/main/gcc/02_all_gcc-4.3.1-v10.0.1-start_endfile.patch
@@ -0,0 +1,384 @@
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/alpha/elf.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/alpha/elf.h
+--- gcc-4.3.1.orig/gcc/config/alpha/elf.h	2007-08-02 12:49:31.000000000 +0200
++++ gcc-4.3.1/gcc/config/alpha/elf.h	2008-06-10 05:50:16.000000000 +0200
+@@ -362,12 +362,12 @@
+ #undef	STARTFILE_SPEC
+ #ifdef HAVE_LD_PIE
+ #define STARTFILE_SPEC \
+-  "%{!shared: %{pg|p:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++  "%{!shared: %{pg|p:gcrt1.o%s} %{!pg:%{!p:%(crtfile_pie)}} }\
++   crti.o%s %{shared:crtbeginS.o%s} %{!shared:%(startfile_pie_t)}"
+ #else
+ #define STARTFILE_SPEC \
+   "%{!shared: %{pg|p:gcrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++   crti.o%s %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}"
+ #endif
+ 
+ /* Provide a ENDFILE_SPEC appropriate for ELF.  Here we tack on the
+@@ -376,9 +376,15 @@
+    `main', followed by a normal ELF "finalizer" file, `crtn.o'.  */
+ 
+ #undef	ENDFILE_SPEC
++#ifdef HAVE_LD_PIE
+ #define ENDFILE_SPEC \
+   "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
+-   %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
++   %{shared:crtendS.o%s} %{!shared:%(endfile_pie)} crtn.o%s"
++#else
++#define ENDFILE_SPEC \
++  "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
++   %{shared:crtendS.o%s;:crtend.o%s} crtn.o%s"
++#endif
+ 
+ /* We support #pragma.  */
+ #define HANDLE_SYSV_PRAGMA 1
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/i386/linux64.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/i386/linux64.h
+--- gcc-4.3.1.orig/gcc/config/i386/linux64.h	2007-08-02 12:49:31.000000000 +0200
++++ gcc-4.3.1/gcc/config/i386/linux64.h	2008-06-10 06:10:18.000000000 +0200
+@@ -76,12 +76,21 @@
+ 
+ /* Similar to standard Linux, but adding -ffast-math support.  */
+ #undef  ENDFILE_SPEC
++#ifdef HAVE_LD_PIE
+ #define ENDFILE_SPEC \
+   "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
+    %{mpc32:crtprec32.o%s} \
+    %{mpc64:crtprec64.o%s} \
+    %{mpc80:crtprec80.o%s} \
+    %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
++#else
++#define ENDFILE_SPEC \
++  "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
++   %{mpc32:crtprec32.o%s} \
++   %{mpc64:crtprec64.o%s} \
++   %{mpc80:crtprec80.o%s} \
++   %{shared:crtendS.o%s} %{!shared:%(endfile_pie)} crtn.o%s"
++#endif
+ 
+ #if TARGET_64BIT_DEFAULT
+ #define MULTILIB_DEFAULTS { "m64" }
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/i386/linux.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/i386/linux.h
+--- gcc-4.3.1/gcc/config/i386/linux.h	2007-11-28 02:04:27.000000000 +0100
++++ gcc-4.3.1/gcc/config/i386/linux.h	2008-06-10 06:11:35.000000000 +0200
+@@ -118,12 +118,21 @@
+ 
+ /* Similar to standard Linux, but adding -ffast-math support.  */
+ #undef  ENDFILE_SPEC
++#ifdef HAVE_LD_PIE
++#define ENDFILE_SPEC \
++  "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
++   %{mpc32:crtprec32.o%s} \
++   %{mpc64:crtprec64.o%s} \
++   %{mpc80:crtprec80.o%s} \
++   %{shared:crtendS.o%s} %{!shared:%(endfile_pie)} crtn.o%s"
++#else
+ #define ENDFILE_SPEC \
+   "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
+    %{mpc32:crtprec32.o%s} \
+    %{mpc64:crtprec64.o%s} \
+    %{mpc80:crtprec80.o%s} \
+    %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
++#endif
+ 
+ /* A C statement (sans semicolon) to output to the stdio stream
+    FILE the assembler definition of uninitialized global DECL named
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/ia64/linux.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/ia64/linux.h
+--- gcc-4.3.1/gcc/config/ia64/linux.h	2008-06-10 06:15:58.000000000 +0200
++++ gcc-4.3.1/gcc/config/ia64/linux.h	2008-06-10 05:50:16.000000000 +0200
+@@ -22,19 +22,25 @@
+ #undef STARTFILE_SPEC
+ #ifdef HAVE_LD_PIE
+ #define STARTFILE_SPEC \
+-  "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++  "%{!shared: %{pg|p|profile:gcrt1.o%s} %{!pg:%{!p:%{!profile:%(crtfile_pie)}}} }\
++   crti.o%s %{shared:crtbeginS.o%s} %{!shared:%(startfile_pie)}"
+ #else
+ #define STARTFILE_SPEC \
+   "%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++   crti.o%s %{shared:crtbeginS.o%s;:crtbegin.o%s}"
+ #endif
+ 
+ /* Similar to standard Linux, but adding -ffast-math support.  */
+ #undef  ENDFILE_SPEC
++#ifdef HAVE_LD_PIE
+ #define ENDFILE_SPEC \
+   "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
+-   %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
++   %{shared:crtendS.o%s} %{!shared:%(endfile_pie)} crtn.o%s"
++#else
++#define ENDFILE_SPEC \
++  "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
++   %{shared:crtendS.o%s;:crtend.o%s} crtn.o%s"
++#endif
+ 
+ /* Define this for shared library support because it isn't in the main
+    linux.h file.  */
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/linux.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/linux.h
+--- gcc-4.3.1/gcc/config/linux.h	2007-08-02 12:49:31.000000000 +0200
++++ gcc-4.3.1/gcc/config/linux.h	2008-06-10 05:50:16.000000000 +0200
+@@ -40,12 +40,12 @@
+ #undef	STARTFILE_SPEC
+ #if defined HAVE_LD_PIE
+ #define STARTFILE_SPEC \
+-  "%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++  "%{!shared: %{pg|p|profile:gcrt1.o%s} %{!pg:%{!p:%{!profile:%(crtfile_pie)}}} } \
++   crti.o%s %{shared:crtbeginS.o%s} %{!shared:%(startfile_pie_t)}"
+ #else
+ #define STARTFILE_SPEC \
+   "%{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++   crti.o%s %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}"
+ #endif
+ 
+ /* Provide a ENDFILE_SPEC appropriate for GNU/Linux.  Here we tack on
+@@ -55,8 +55,13 @@
+    GNU/Linux "finalizer" file, `crtn.o'.  */
+ 
+ #undef	ENDFILE_SPEC
++#ifdef HAVE_LD_PIE
+ #define ENDFILE_SPEC \
+-  "%{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
++  "%{shared:crtendS.o%s} %{!shared:%(endfile_pie)} crtn.o%s"
++#else
++#define ENDFILE_SPEC \
++  "%{shared:crtendS.o%s;:crtend.o%s} crtn.o%s"
++#endif
+ 
+ /* This is for -profile to use -lc_p instead of -lc.  */
+ #ifndef CC1_SPEC
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/rs6000/linux64.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/rs6000/linux64.h
+--- gcc-4.3.1/gcc/config/rs6000/linux64.h	2007-08-02 12:49:31.000000000 +0200
++++ gcc-4.3.1/gcc/config/rs6000/linux64.h	2008-06-10 05:50:16.000000000 +0200
+@@ -151,7 +151,7 @@
+ #endif
+ 
+ #define ASM_SPEC32 "-a32 %{n} %{T} %{Ym,*} %{Yd,*} \
+-%{mrelocatable} %{mrelocatable-lib} %{fpic:-K PIC} %{fPIC:-K PIC} \
++%{mrelocatable} %{mrelocatable-lib} %{fpic|fPIC|fpie|fPIE:-K PIC} %(asm_pie) \
+ %{memb} %{!memb: %{msdata: -memb} %{msdata=eabi: -memb}} \
+ %{!mlittle: %{!mlittle-endian: %{!mbig: %{!mbig-endian: \
+     %{mcall-freebsd: -mbig} \
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/rs6000/sysv4.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/rs6000/sysv4.h
+--- gcc-4.3.1/gcc/config/rs6000/sysv4.h	2007-08-08 21:33:24.000000000 +0200
++++ gcc-4.3.1/gcc/config/rs6000/sysv4.h	2008-06-10 05:50:16.000000000 +0200
+@@ -875,19 +875,25 @@
+ 
+ #ifdef HAVE_LD_PIE
+ #define	STARTFILE_LINUX_SPEC "\
+-%{!shared: %{pg|p|profile:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}} \
++%{!shared: %{pg|p|profile:gcrt1.o%s} %{!pg:%{!p:%{!profile:%(crtfile_pie)}}} } \
+ %{mnewlib:ecrti.o%s;:crti.o%s} \
+-%{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++%{shared:crtbeginS.o%s} %{!shared:%(startfile_pie_t)}"
+ #else
+ #define	STARTFILE_LINUX_SPEC "\
+ %{!shared: %{pg|p|profile:gcrt1.o%s;:crt1.o%s}} \
+ %{mnewlib:ecrti.o%s;:crti.o%s} \
+-%{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++%{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}"
+ #endif
+ 
++#ifdef HAVE_LD_PIE
+ #define	ENDFILE_LINUX_SPEC "\
+-%{shared|pie:crtendS.o%s;:crtend.o%s} \
++%{shared:crtendS.o%s} %{!shared:%(endfile_pie)} \
+ %{mnewlib:ecrtn.o%s;:crtn.o%s}"
++#else
++#define	ENDFILE_LINUX_SPEC "\
++%{shared:crtendS.o%s;:crtend.o%s} \
++%{mnewlib:ecrtn.o%s;:crtn.o%s}"
++#endif
+ 
+ #define LINK_START_LINUX_SPEC ""
+ 
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/sparc/linux64.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/sparc/linux64.h
+--- gcc-4.3.1/gcc/config/sparc/linux64.h	2007-10-19 06:29:38.000000000 +0200
++++ gcc-4.3.1/gcc/config/sparc/linux64.h	2008-06-10 05:50:16.000000000 +0200
+@@ -66,12 +66,12 @@
+ 
+ #ifdef HAVE_LD_PIE
+ #define STARTFILE_SPEC \
+-  "%{!shared:%{pg|p:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbeginS.o%s}"
++  "%{!shared: %{pg|p:gcrt1.o%s} %{!pg:%{!p:%(crtfile_pie)}} }\
++   crti.o%s %{shared:crtbeginS.o%s} %{!shared:%(startfile_pie_t)}"
+ #else
+ #define STARTFILE_SPEC \
+   "%{!shared:%{pg|p:gcrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbeginS.o%s}"
++   crti.o%s %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbeginS.o%s}"
+ #endif
+ 
+ /* Provide a ENDFILE_SPEC appropriate for GNU/Linux.  Here we tack on
+@@ -81,10 +81,15 @@
+    GNU/Linux "finalizer" file, `crtn.o'.  */
+ 
+ #undef  ENDFILE_SPEC
+-
++#ifdef HAVE_LD_PIE
++#define ENDFILE_SPEC \
++  "%{shared:crtendS.o%s} %{!shared:%(endfile_pie)} crtn.o%s\
++   %{ffast-math|funsafe-math-optimizations:crtfastmath.o%s}"
++#else
+ #define ENDFILE_SPEC \
+-  "%{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s\
++  "%{shared:crtendS.o%s;:crtend.o%s} crtn.o%s\
+    %{ffast-math|funsafe-math-optimizations:crtfastmath.o%s}"
++#endif
+ 
+ /* The GNU C++ standard library requires that these macros be defined.  */
+ #undef CPLUSPLUS_CPP_SPEC
+@@ -281,7 +286,7 @@
+ %{T} \
+ %{Ym,*} \
+ %{Wa,*:%*} \
+--s %{fpic|fPIC|fpie|fPIE:-K PIC} \
++-s %{fpic|fPIC|fpie|fPIE:-K PIC} %(asm_pie) \
+ %{mlittle-endian:-EL} \
+ %(asm_cpu) %(asm_arch) %(asm_relax)"
+ 
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/sparc/linux.h /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/config/sparc/linux.h
+--- gcc-4.3.1/gcc/config/sparc/linux.h	2007-08-02 12:49:31.000000000 +0200
++++ gcc-4.3.1/gcc/config/sparc/linux.h	2008-06-10 05:50:16.000000000 +0200
+@@ -45,14 +45,14 @@
+    object constructed before entering `main'.  */
+    
+ #undef  STARTFILE_SPEC
+-#if defined HAVE_LD_PIE
++#ifdef HAVE_LD_PIE
+ #define STARTFILE_SPEC \
+-  "%{!shared: %{pg|p:gcrt1.o%s;pie:Scrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++  "%{!shared: %{pg|p:gcrt1.o%s} %{!pg:%{!p:%(crtfile_pie)}} }\
++   crti.o%s %{shared:crtbeginS.o%s} %{!shared:%(startfile_pie_t)}"
+ #else
+ #define STARTFILE_SPEC \
+   "%{!shared: %{pg|p:gcrt1.o%s;:crt1.o%s}}\
+-   crti.o%s %{static:crtbeginT.o%s;shared|pie:crtbeginS.o%s;:crtbegin.o%s}"
++   crti.o%s %{static:crtbeginT.o%s;shared:crtbeginS.o%s;:crtbegin.o%s}"
+ #endif
+ 
+ /* Provide a ENDFILE_SPEC appropriate for GNU/Linux.  Here we tack on
+@@ -62,9 +62,15 @@
+    GNU/Linux "finalizer" file, `crtn.o'.  */
+ 
+ #undef  ENDFILE_SPEC
++#ifdef HAVE_LD_PIE
+ #define ENDFILE_SPEC \
+   "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
+-   %{shared|pie:crtendS.o%s;:crtend.o%s} crtn.o%s"
++   %{shared:crtendS.o%s} %{!shared:%(endfile_pie)} crtn.o%s"
++#else
++#define ENDFILE_SPEC \
++  "%{ffast-math|funsafe-math-optimizations:crtfastmath.o%s} \
++   %{shared:crtendS.o%s;:crtend.o%s} crtn.o%s"
++#endif
+ 
+ /* This is for -profile to use -lc_p instead of -lc.  */
+ #undef	CC1_SPEC
+@@ -146,7 +152,7 @@
+ #undef ASM_SPEC
+ #define ASM_SPEC \
+   "%{V} %{v:%{!V:-V}} %{!Qn:-Qy} %{n} %{T} %{Ym,*} %{Wa,*:%*} -s \
+-   %{fpic|fPIC|fpie|fPIE:-K PIC} %(asm_cpu) %(asm_relax)"
++   %{fpic|fPIC|fpie|fPIE:-K PIC} %(asm_pie) %(asm_cpu) %(asm_relax)"
+ 
+ /* Same as sparc.h */
+ #undef DBX_REGISTER_NUMBER
+diff -ruN /var/tmp/portage/sys-devel/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/gcc.c /root/hardened/gcc-4.3.1-r1/work/gcc-4.3.1/gcc/gcc.c
+--- gcc-4.3.1/gcc/gcc.c	2008-06-10 06:16:06.000000000 +0200
++++ gcc-4.3.1/gcc/gcc.c	2008-06-10 05:50:16.000000000 +0200
+@@ -704,11 +704,43 @@
+ #ifndef LINK_PIE_SPEC
+ #ifdef HAVE_LD_PIE
+ #define LINK_PIE_SPEC "%{pie:-pie} "
++#define CC1_PIE_SPEC "%{pie:-fPIE}"
++#define ASM_PIE_SPEC "%{pie:-K PIC}"
+ #else
+ #define LINK_PIE_SPEC "%{pie:} "
++#define CC1_PIE_SPEC ""
++#define ASM_PIE_SPEC ""
+ #endif
+ #endif
+ 
++#ifndef CC1_HARDENED_SPEC
++#define CC1_HARDENED_SPEC " %{!D__KERNEL__: %(cc1_pie) %(cc1_ssp) %(cc1_fortify) %(cc1_strict) }"
++#endif
++#ifndef CC1_SSP_SPEC
++#define CC1_SSP_SPEC ""
++#endif
++#ifndef CC1_SSP_ALL_SPEC
++#define CC1_SSP_ALL_SPEC ""
++#endif
++#ifndef CRTFILE_PIE_SPEC
++#define CRTFILE_PIE_SPEC "%{static:crt1.o%s;pie:Scrt1.o%s;:crt1.o%s}"
++#endif
++#ifndef STARTFILE_PIE_SPEC
++#define STARTFILE_PIE_SPEC "%{static:crtbegin.o%s;pie:crtbeginS.o%s;:crtbegin.o%s}"
++#endif
++#ifndef STARTFILE_PIE_T_SPEC
++#define STARTFILE_PIE_T_SPEC "%{static:crtbeginT.o%s;pie:crtbeginS.o%s;:crtbegin.o%s}"
++#endif
++#ifndef ENDFILE_PIE_SPEC
++#define ENDFILE_PIE_SPEC "%{pie:crtendS.o%s;:crtend.o%s}"
++#endif
++#ifndef LINK_RELRO_SPEC
++#define LINK_RELRO_SPEC "%{norelro:}"
++#endif
++#ifndef LINK_NOW_SPEC
++#define LINK_NOW_SPEC "%{nonow:}"
++#endif
++
+ /* -u* was put back because both BSD and SysV seem to support it.  */
+ /* %{static:} simply prevents an error message if the target machine
+    doesn't handle -static.  */
+@@ -718,7 +750,7 @@
+ #ifndef LINK_COMMAND_SPEC
+ #define LINK_COMMAND_SPEC "\
+ %{!fsyntax-only:%{!c:%{!M:%{!MM:%{!E:%{!S:\
+-    %(linker) %l " LINK_PIE_SPEC "%X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r}\
++    %(linker) %l %(link_pie) %(link_relro) %(link_now) %X %{o*} %{A} %{d} %{e*} %{m} %{N} %{n} %{r}\
+     %{s} %{t} %{u*} %{x} %{z} %{Z} %{!A:%{!nostdlib:%{!nostartfiles:%S}}}\
+     %{static:} %{L*} %(mfwrap) %(link_libgcc) %o\
+     %{fopenmp|ftree-parallelize-loops=*:%:include(libgomp.spec)%(link_gomp)} %(mflib)\
+@@ -772,6 +804,17 @@
+ static const char *sysroot_spec = SYSROOT_SPEC;
+ static const char *sysroot_suffix_spec = SYSROOT_SUFFIX_SPEC;
+ static const char *sysroot_hdrs_suffix_spec = SYSROOT_HEADERS_SUFFIX_SPEC;
++static const char *asm_pie_spec = ASM_PIE_SPEC;
++static const char *cc1_ssp_spec = CC1_SSP_SPEC;
++static const char *cc1_ssp_all_spec = CC1_SSP_ALL_SPEC;
++static const char *cc1_pie_spec = CC1_PIE_SPEC;
++static const char *crtfile_pie_spec = CRTFILE_PIE_SPEC;
++static const char *endfile_pie_spec = ENDFILE_PIE_SPEC;
++static const char *startfile_pie_spec = STARTFILE_PIE_SPEC;
++static const char *startfile_pie_t_spec = STARTFILE_PIE_T_SPEC;
++static const char *link_relro_spec = LINK_RELRO_SPEC;
++static const char *link_now_spec = LINK_NOW_SPEC;
++static const char *link_pie_spec = LINK_PIE_SPEC;
+ 
+ /* Standard options to cpp, cc1, and as, to reduce duplication in specs.
+    There should be no need to override these in target dependent files,
+@@ -1605,6 +1648,17 @@
+   INIT_STATIC_SPEC ("sysroot_spec",             &sysroot_spec),
+   INIT_STATIC_SPEC ("sysroot_suffix_spec",	&sysroot_suffix_spec),
+   INIT_STATIC_SPEC ("sysroot_hdrs_suffix_spec",	&sysroot_hdrs_suffix_spec),
++  INIT_STATIC_SPEC ("asm_pie",			&asm_pie_spec),
++  INIT_STATIC_SPEC ("cc1_ssp",			&cc1_ssp_spec),
++  INIT_STATIC_SPEC ("cc1_ssp_all",		&cc1_ssp_all_spec),
++  INIT_STATIC_SPEC ("cc1_pie",			&cc1_pie_spec),
++  INIT_STATIC_SPEC ("crtfile_pie",		&crtfile_pie_spec),
++  INIT_STATIC_SPEC ("endfile_pie",		&endfile_pie_spec),
++  INIT_STATIC_SPEC ("startfile_pie",		&startfile_pie_spec),
++  INIT_STATIC_SPEC ("startfile_pie_t",		&startfile_pie_t_spec),
++  INIT_STATIC_SPEC ("link_relro",		&link_relro_spec),
++  INIT_STATIC_SPEC ("link_now",			&link_now_spec),
++  INIT_STATIC_SPEC ("link_pie",			&link_pie_spec),
+ };
+ 
+ #ifdef EXTRA_SPECS		/* additional specs needed */
diff --git a/main/gcc/03_all_gcc-4.3.2-hardened-default.patch b/main/gcc/03_all_gcc-4.3.2-hardened-default.patch
new file mode 100644
index 0000000000..04da4ea11b
--- /dev/null
+++ b/main/gcc/03_all_gcc-4.3.2-hardened-default.patch
@@ -0,0 +1,53 @@
+This patch defines the hardened specs hard in the gcc.c file.
+--- gcc-4.3.2/gcc/gcc.c.orig2	Sun Nov 23 11:35:41 2008
++++ gcc-4.3.2/gcc/gcc.c	Sun Nov 23 11:51:58 2008
+@@ -703,9 +703,9 @@
+ 
+ #ifndef LINK_PIE_SPEC
+ #ifdef HAVE_LD_PIE
+-#define LINK_PIE_SPEC "%{pie:-pie} "
+-#define CC1_PIE_SPEC "%{pie:-fPIE}"
+-#define ASM_PIE_SPEC "%{pie:-K PIC}"
++#define LINK_PIE_SPEC "%{pie:-pie} %{!pie: %{!A: %{!fno-pie:%{!fno-PIE: %{!shared:%{!static:%{!r: %{!nopie:-pie} }}} }} } }%{pie:-pie} %{!pie: %{!A: %{!fno-pie:%{!fno-PIE: %{!shared:%{!static:%{!r: %{!nopie:-pie} }}} }} } } "
++#define CC1_PIE_SPEC "%{pie:-fPIE} %{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: %{!shared: %{!nopie:-fPIE} } }}}} }}}} }"
++#define ASM_PIE_SPEC "%{pie:-K PIC} %{!pie: %{!fpic:%{!fPIC:%{!fpie:%{!fPIE: %{!fno-pic:%{!fno-PIC:%{!fno-pie:%{!fno-PIE: %{!shared: %{!nopie:-K PIC} } }}}} }}}} }"
+ #else
+ #define LINK_PIE_SPEC "%{pie:} "
+ #define CC1_PIE_SPEC ""
+@@ -717,28 +717,28 @@
+ #define CC1_HARDENED_SPEC " %{!D__KERNEL__: %(cc1_pie) %(cc1_ssp) %(cc1_fortify) %(cc1_strict) }"
+ #endif
+ #ifndef CC1_SSP_SPEC
+-#define CC1_SSP_SPEC ""
++#define CC1_SSP_SPEC "%{!nostdlib:%{!nodefaultlibs: %{!fno-stack-protector:%{!fstack-protector:%{!fstack-protector-all:-fstack-protector %(cc1_ssp_all) }}} }}"
+ #endif
+ #ifndef CC1_SSP_ALL_SPEC
+-#define CC1_SSP_ALL_SPEC ""
++#define CC1_SSP_ALL_SPEC ""
+ #endif
+ #ifndef CRTFILE_PIE_SPEC
+-#define CRTFILE_PIE_SPEC "%{static:crt1.o%s;pie:Scrt1.o%s;:crt1.o%s}"
++#define CRTFILE_PIE_SPEC "%{fno-pie|fno-PIE|nopie:crt1.o%s;:Scrt1.o%s}"
+ #endif
+ #ifndef STARTFILE_PIE_SPEC
+-#define STARTFILE_PIE_SPEC "%{static:crtbegin.o%s;pie:crtbeginS.o%s;:crtbegin.o%s}"
++#define STARTFILE_PIE_SPEC "%{fno-pie|fno-PIE|nopie:crtbegin.o%s;:crtbeginS.o%s}"
+ #endif
+ #ifndef STARTFILE_PIE_T_SPEC
+-#define STARTFILE_PIE_T_SPEC "%{static:crtbeginT.o%s;pie:crtbeginS.o%s;:crtbegin.o%s}"
++#define STARTFILE_PIE_T_SPEC "%{static: %{fno-pie|fno-PIE|nopie:crtbeginT.o%s;:crtbeginTS.o%s} } %{!static: %{fno-pie|fno-PIE|nopie:crtbegin.o%s;:crtbeginS.o%s} }"
+ #endif
+ #ifndef ENDFILE_PIE_SPEC
+-#define ENDFILE_PIE_SPEC "%{pie:crtendS.o%s;:crtend.o%s}"
++#define ENDFILE_PIE_SPEC "%{fno-pie|fno-PIE|nopie:crtend.o%s;:crtendS.o%s}"
+ #endif
+ #ifndef LINK_RELRO_SPEC
+-#define LINK_RELRO_SPEC "%{norelro:}"
++#define LINK_RELRO_SPEC "%{!norelro:-z relro}"
+ #endif
+ #ifndef LINK_NOW_SPEC
+-#define LINK_NOW_SPEC "%{nonow:}"
++#define LINK_NOW_SPEC "%{!nonow:-z now}"
+ #endif
+ 
+ /* -u* was put back because both BSD and SysV seem to support it.  */
diff --git a/main/gcc/APKBUILD b/main/gcc/APKBUILD
new file mode 100644
index 0000000000..dbb656603a
--- /dev/null
+++ b/main/gcc/APKBUILD
@@ -0,0 +1,120 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gcc
+pkgver=4.3.3
+pkgrel=2
+pkgdesc="The GNU Compiler Collection"
+url="http://gcc.gnu.org"
+license="GPL LGPL"
+depends="gmp mpfr libgcc binutils"
+makedepends="bison flex gmp-dev mpfr-dev texinfo"
+subpackages="$pkgname-doc libstdc++:libcxx g++:gpp libgcc"
+source="ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-core-$pkgver.tar.bz2
+	ftp://gcc.gnu.org/pub/gcc/releases/gcc-$pkgver/gcc-g++-$pkgver.tar.bz2
+	00_all_gcc-4.0-cvs-incompat.patch
+	01_all_gcc-4.0.2-v9.0.0-start_endfile-boundschecking-no.patch
+	01_all_gcc-4.3.1-crtbeginTS-stuff.patch
+	02_all_gcc-4.3.1-v10.0.1-start_endfile.patch
+	03_all_gcc-4.3.2-hardened-default.patch
+	gcc4-stack-protector-uclibc-no_tls.patch
+	gcc-4.2.0-cc1-no-stack-protector.patch
+	pt_gnu_eh_frame.patch
+	gcc-spec-env.patch
+	"
+
+build () 
+{ 
+	cd ${srcdir}/gcc-${pkgver};
+	for i in ../*.patch; do
+		if ! patch -p1 -i $i; then
+			error "$i failed"	
+			return 1
+		fi
+	done
+
+	echo ${pkgver} > gcc/BASE-VER;
+
+	# Don't build crtbegin/end with ssp
+	sed -e 's|^CRTSTUFF_CFLAGS = |CRTSTUFF_CFLAGS = -fno-stack-protector |' \
+	 		-i gcc/Makefile.in || return 1
+	
+	# Don't build libgcc with SSP
+	sed -e 's|^LIBGCC2_CFLAGS = |LIBGCC2_CFLAGS = -fno-stack-protector -U_FORTIFY_SOURCE |' \
+		-i gcc/Makefile.in || return 1
+
+	# Use SSP from libc
+	msg "Enabling SSP from libc"
+	sed -e 's|^LIBGCC2_CFLAGS = |LIBGCC2_CFLAGS = -D_LIBC_PROVIDES_SSP_ |' \
+		-i gcc/Makefile.in || return 1
+
+	mkdir build
+	cd build
+	../configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--build=${CHOST:-i486-alpine-linux-uclibc} \
+		--disable-altivec \
+		--disable-checking \
+		--disable-fixed-point \
+		--disable-libssp \
+		--disable-libstdcxx-pch \
+		--disable-multilib \
+		--disable-nls \
+		--disable-werror \
+		--enable-__cxa_atexit \
+		--enable-cld \
+		--enable-languages=c,c++ \
+		--enable-shared \
+		--enable-target-optspace \
+		--disable-threads \
+		--with-arch=i486 \
+		--with-system-zlib 
+
+	make || return 1
+	make -j1 DESTDIR="${pkgdir}" install || return 1
+	ln -s gcc "$pkgdir"/usr/bin/cc
+
+	# binutils provides libiberty.a
+	rm -f "$pkgdir"/usr/lib/libiberty.a
+}
+
+libcxx() {
+	pkgdesc="GNU C++ standard runtime library"
+	depends="uclibc libgcc"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libstdc++.so* "$subpkgdir"/usr/lib/
+}
+
+gpp() {
+	pkgdesc="GNU C++ standard library and compiler"
+	depends="uclibc libstdc++"
+	local libexec=usr/libexec/gcc/${CHOST:-i486-alpine-linux-uclibc}/$pkgver
+	mkdir -p "$subpkgdir/$libexec" \
+		"$subpkgdir"/usr/bin \
+		"$subpkgdir"/usr/include \
+		"$subpkgdir"/usr/lib \
+
+	mv "$pkgdir/$libexec/cc1plus" "$subpkgdir/$libexec/"
+	mv "$pkgdir"/usr/lib/*++* "$subpkgdir"/usr/lib/
+	mv "$pkgdir"/usr/include/c++ "$subpkgdir"/usr/include/
+	mv "$pkgdir"/usr/bin/*++ "$subpkgdir"/usr/bin/
+}
+
+libgcc() {
+	pkgdesc="GNU C compiler runtime library"
+	depends="uclibc"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libgcc_s.so* "$subpkgdir"/usr/lib/
+}
+	
+
+md5sums="1739288c2c7b1472796b33d641dbdbbd  gcc-core-4.3.3.tar.bz2
+18428e313a9927d38b313e688c62219b  gcc-g++-4.3.3.tar.bz2
+f0c6c419318537505ec2717a139a091b  00_all_gcc-4.0-cvs-incompat.patch
+3cb2148075e818f09c34718725f335d9  01_all_gcc-4.0.2-v9.0.0-start_endfile-boundschecking-no.patch
+1c6294b95f13a59ed7cbf7be2dde7804  01_all_gcc-4.3.1-crtbeginTS-stuff.patch
+019522a38f2e25b6a820766402ff2ee4  02_all_gcc-4.3.1-v10.0.1-start_endfile.patch
+ed3f5a947fed432fbef1dc0e71977ae7  03_all_gcc-4.3.2-hardened-default.patch
+15e77082db0e1a131af98debd3016290  gcc4-stack-protector-uclibc-no_tls.patch
+cff2e73a8455bfa844dcdd9c229b0875  gcc-4.2.0-cc1-no-stack-protector.patch
+2db1e3482c5dd59dab70f701afa2ca80  pt_gnu_eh_frame.patch
+c4045bfa85d8be780affd465be9d8ca8  gcc-spec-env.patch"
diff --git a/main/gcc/gcc-4.2.0-cc1-no-stack-protector.patch b/main/gcc/gcc-4.2.0-cc1-no-stack-protector.patch
new file mode 100644
index 0000000000..cc80d1bc75
--- /dev/null
+++ b/main/gcc/gcc-4.2.0-cc1-no-stack-protector.patch
@@ -0,0 +1,11 @@
+--- a/gcc/Makefile.in.orig	2007-05-20 14:44:14.000000000 +0200
++++ b/gcc/Makefile.in	2007-05-20 14:44:27.000000000 +0200
+@@ -2641,7 +2641,7 @@
+    output.h $(INSN_ATTR_H) $(SYSTEM_H) toplev.h $(TARGET_H) libfuncs.h \
+    $(TARGET_DEF_H) $(FUNCTION_H) $(SCHED_INT_H) $(TM_P_H) $(EXPR_H) \
+    langhooks.h $(GGC_H) $(OPTABS_H) $(REAL_H) tm-constrs.h
+-	$(CC) -c $(ALL_CFLAGS) $(ALL_CPPFLAGS) \
++	$(CC) -c $(ALL_CFLAGS) -fno-stack-protector $(ALL_CPPFLAGS) \
+ 		$(out_file) $(OUTPUT_OPTION)
+ 
+ # Build auxiliary files that support ecoff format.
diff --git a/main/gcc/gcc-spec-env.patch b/main/gcc/gcc-spec-env.patch
new file mode 100644
index 0000000000..9d5e666a54
--- /dev/null
+++ b/main/gcc/gcc-spec-env.patch
@@ -0,0 +1,41 @@
+    Add support for external spec file via the GCC_SPECS env var.  This
+    allows us to easily control pie/ssp defaults with gcc-config profiles.
+
+    Original patch by Rob Holland.  Extended to support multiple
+    entries separated by ':' by Kevin F. Quinn
+
+--- gcc-4/gcc/gcc.c
++++ gcc-4/gcc/gcc.c
+@@ -6482,6 +6482,32 @@
+ 
+   /* Process any user specified specs in the order given on the command
+      line.  */
++#if !(defined (__MSDOS__) || defined (OS2) || defined (VMS) || defined (WIN32))
++  /* Add specs listed in GCC_SPECS.  Note; in the process of separating
++   * each spec listed, the string is overwritten at token boundaries
++   * (':') with '\0', an effect of strtok_r().
++   */
++  GET_ENVIRONMENT (specs_file, "GCC_SPECS");
++  if (specs_file && (strlen(specs_file) > 0))
++    {
++      char *spec, *saveptr;
++      for (spec=strtok_r(specs_file,":",&saveptr);
++           spec!=NULL;
++           spec=strtok_r(NULL,":",&saveptr))
++        {
++          struct user_specs *user = (struct user_specs *)
++            xmalloc (sizeof (struct user_specs));
++
++          user->next = (struct user_specs *) 0;
++          user->filename = spec;
++          if (user_specs_tail)
++            user_specs_tail->next = user;
++          else
++            user_specs_head = user;
++          user_specs_tail = user;
++        }
++    }
++#endif
+   for (uptr = user_specs_head; uptr; uptr = uptr->next)
+     {
+       char *filename = find_a_file (&startfile_prefixes, uptr->filename,
diff --git a/main/gcc/gcc4-stack-protector-uclibc-no_tls.patch b/main/gcc/gcc4-stack-protector-uclibc-no_tls.patch
new file mode 100644
index 0000000000..c9b54adbe1
--- /dev/null
+++ b/main/gcc/gcc4-stack-protector-uclibc-no_tls.patch
@@ -0,0 +1,84 @@
+diff -u gcc/config/i386/linux.h gcc/config/i386/linux.h
+--- a/gcc/config/i386/linux.h	2 Jul 2005 08:52:20 -0000	1.60
++++ b/gcc/config/i386/linux.h	2 Jul 2005 08:52:20 -0000	1.60
+@@ -186,7 +186,7 @@
+ /* This macro may be overridden in i386/k*bsd-gnu.h.  */
+ #define REG_NAME(reg) reg
+ 
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if defined TARGET_LIBC_PROVIDES_SSP && !defined __UCLIBC__
+ /* i386 glibc provides __stack_chk_guard in %gs:0x14.  */
+ #define TARGET_THREAD_SSP_OFFSET	0x14
+ #endif
+diff -u gcc/config/i386/linux64.h gcc/config/i386/linux64.h
+--- a/gcc/config/i386/linux64.h	2 Jul 2005 08:52:20 -0000	1.33
++++ b/gcc/config/i386/linux64.h	2 Jul 2005 08:52:20 -0000	1.33
+@@ -74,7 +74,7 @@
+ /* This macro may be overridden in i386/k*bsd-gnu.h.  */
+ #define REG_NAME(reg) reg
+ 
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if defined TARGET_LIBC_PROVIDES_SSP && !defined __UCLIBC__
+ /* i386 glibc provides __stack_chk_guard in %gs:0x14,
+    x86_64 glibc provides it in %fs:0x28.  */
+ #define TARGET_THREAD_SSP_OFFSET	(TARGET_64BIT ? 0x28 : 0x14)
+diff -u gcc/config/rs6000/linux.h gcc/config/rs6000/linux.h
+--- a/gcc/config/rs6000/linux.h	2 Jul 2005 08:52:11 -0000	1.53
++++ b/gcc/config/rs6000/linux.h	2 Jul 2005 08:52:11 -0000	1.53
+@@ -114,7 +114,7 @@
+ 
+ #define MD_UNWIND_SUPPORT "config/rs6000/linux-unwind.h"
+ 
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if defined TARGET_LIBC_PROVIDES_SSP && !defined __UCLIBC__
+ /* ppc32 glibc provides __stack_chk_guard in -0x7008(2).  */
+ #define TARGET_THREAD_SSP_OFFSET	-0x7008
+ #endif
+diff -u gcc/config/rs6000/linux64.h gcc/config/rs6000/linux64.h
+--- a/gcc/config/rs6000/linux64.h	2 Jul 2005 08:52:15 -0000	1.81
++++ b/gcc/config/rs6000/linux64.h	2 Jul 2005 08:52:15 -0000	1.81
+@@ -548,7 +548,7 @@
+ 
+ #define MD_UNWIND_SUPPORT "config/rs6000/linux-unwind.h"
+ 
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if defined TARGET_LIBC_PROVIDES_SSP && !defined __UCLIBC__
+ /* ppc32 glibc provides __stack_chk_guard in -0x7008(2),
+    ppc64 glibc provides it at -0x7010(13).  */
+ #define TARGET_THREAD_SSP_OFFSET	(TARGET_64BIT ? -0x7010 : -0x7008)
+diff -u gcc/config/s390/linux.h gcc/config/s390/linux.h
+--- a/gcc/config/s390/linux.h	2005-08-22 15:53:01.000000000 +0200	1.40
++++ b/gcc/config/s390/linux.h	2005-08-22 15:53:01.000000000 +0200	1.40
+@@ -94,7 +94,7 @@
+ 
+ #define MD_UNWIND_SUPPORT "config/s390/linux-unwind.h"
+ 
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if defined TARGET_LIBC_PROVIDES_SSP && !defined __UCLIBC__
+ /* s390 glibc provides __stack_chk_guard in 0x14(tp),
+    s390x glibc provides it at 0x28(tp).  */
+ #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? 0x28 : 0x14)
+diff -u gcc/config/sparc/linux.h gcc/config/sparc/linux.h
+--- a/gcc/config/sparc/linux.h	6 Jul 2005 07:48:57 -0000	1.72
++++ b/gcc/config/sparc/linux.h	6 Jul 2005 07:48:57 -0000	1.72
+@@ -230,7 +230,7 @@
+ #undef NEED_INDICATE_EXEC_STACK
+ #define NEED_INDICATE_EXEC_STACK 1
+ 
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if defined TARGET_LIBC_PROVIDES_SSP && !defined __UCLIBC__
+ /* sparc glibc provides __stack_chk_guard in [%g7 + 0x14].  */
+ #define TARGET_THREAD_SSP_OFFSET	0x14
+ #endif
+diff -u gcc/config/sparc/linux64.h gcc/config/sparc/linux64.h
+--- a/gcc/config/sparc/linux64.h	6 Jul 2005 07:48:57 -0000	1.95
++++ b/gcc/config/sparc/linux64.h	6 Jul 2005 07:48:57 -0000	1.95
+@@ -364,7 +364,7 @@
+ #undef NEED_INDICATE_EXEC_STACK
+ #define NEED_INDICATE_EXEC_STACK 1
+ 
+-#ifdef TARGET_LIBC_PROVIDES_SSP
++#if defined TARGET_LIBC_PROVIDES_SSP && !defined __UCLIBC__
+ /* sparc glibc provides __stack_chk_guard in [%g7 + 0x14],
+    sparc64 glibc provides it at [%g7 + 0x28].  */
+ #define TARGET_THREAD_SSP_OFFSET	(TARGET_ARCH64 ? 0x28 : 0x14)
diff --git a/main/gcc/pt_gnu_eh_frame.patch b/main/gcc/pt_gnu_eh_frame.patch
new file mode 100644
index 0000000000..3e029104aa
--- /dev/null
+++ b/main/gcc/pt_gnu_eh_frame.patch
@@ -0,0 +1,12 @@
+--- gcc-4.3.2/gcc/crtstuff.c.orig	Mon Nov 17 16:02:38 2008
++++ gcc-4.3.2/gcc/crtstuff.c	Mon Nov 17 16:02:52 2008
+@@ -94,8 +94,7 @@
+ #include <link.h>
+ /* uClibc pretends to be glibc 2.2 and DT_CONFIG is defined in its link.h.
+    But it doesn't use PT_GNU_EH_FRAME ELF segment currently.  */
+-# if !defined(__UCLIBC__) \
+-     && (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ > 2) \
++# if (__GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ > 2) \
+      || (__GLIBC__ == 2 && __GLIBC_MINOR__ == 2 && defined(DT_CONFIG)))
+ #  define USE_PT_GNU_EH_FRAME
+ # endif
diff --git a/main/gd/APKBUILD b/main/gd/APKBUILD
new file mode 100644
index 0000000000..75cd56cc48
--- /dev/null
+++ b/main/gd/APKBUILD
@@ -0,0 +1,32 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=gd
+pkgver=2.0.35
+pkgrel=2
+pkgdesc="Library for the dynamic creation of images by programmers"
+url="http://www.libgd.org/"
+license="custom"
+depends=
+makedepends="libpng-dev jpeg-dev freetype-dev zlib-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://www.libgd.org/releases/${pkgname}-${pkgver}.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	find -name configure | xargs touch
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-png \
+		--with-freetype \
+		--with-jpeg \
+		--without-xpm \
+		--without-fontconfig
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+
+md5sums="6c6c3dbb7bf079e0bb5fbbfd3bb8a71c  gd-2.0.35.tar.bz2"
diff --git a/main/gdb/50_all_gdb-pie-1.patch b/main/gdb/50_all_gdb-pie-1.patch
new file mode 100644
index 0000000000..a20771f689
--- /dev/null
+++ b/main/gdb/50_all_gdb-pie-1.patch
@@ -0,0 +1,1330 @@
+2007-11-02  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	Port to GDB-6.7.1.
+
+2007-11-02  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	Port to post-GDB-6.7.1 multi-PC breakpoints.
+
+2007-11-09  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	* solib-svr4.c (svr4_current_sos): Fix segfault on NULL EXEC_BFD.
+
+2008-02-24  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	Port to GDB-6.8pre.
+
+2008-02-27  Jan Kratochvil  <jan.kratochvil@redhat.com>
+
+	Port to gdb-6.7.50.20080227.
+
+Index: gdb/dwarf2read.c
+===================================================================
+--- a/gdb/dwarf2read.c	2008-02-27 08:57:20.000000000 +0100
++++ b/gdb/dwarf2read.c	2008-02-27 08:57:31.000000000 +0100
+@@ -1217,7 +1217,7 @@ dwarf2_build_psymtabs (struct objfile *o
+   else
+     dwarf2_per_objfile->loc_buffer = NULL;
+ 
+-  if (mainline
++  if ((mainline == 1)
+       || (objfile->global_psymbols.size == 0
+ 	  && objfile->static_psymbols.size == 0))
+     {
+Index: gdb/auxv.c
+===================================================================
+--- a/gdb/auxv.c	2008-01-16 17:27:37.000000000 +0100
++++ b/gdb/auxv.c	2008-02-27 08:57:31.000000000 +0100
+@@ -80,7 +80,7 @@ procfs_xfer_auxv (struct target_ops *ops
+    Return 1 if an entry was read into *TYPEP and *VALP.  */
+ int
+ target_auxv_parse (struct target_ops *ops, gdb_byte **readptr,
+-		   gdb_byte *endptr, CORE_ADDR *typep, CORE_ADDR *valp)
++		   gdb_byte *endptr, ULONGEST *typep, CORE_ADDR *valp)
+ {
+   const int sizeof_auxv_field = TYPE_LENGTH (builtin_type_void_data_ptr);
+   gdb_byte *ptr = *readptr;
+@@ -105,9 +105,10 @@ target_auxv_parse (struct target_ops *op
+    an error getting the information.  On success, return 1 after
+    storing the entry's value field in *VALP.  */
+ int
+-target_auxv_search (struct target_ops *ops, CORE_ADDR match, CORE_ADDR *valp)
++target_auxv_search (struct target_ops *ops, ULONGEST match, CORE_ADDR *valp)
+ {
+-  CORE_ADDR type, val;
++  CORE_ADDR val;
++  ULONGEST at_type;
+   gdb_byte *data;
+   LONGEST n = target_read_alloc (ops, TARGET_OBJECT_AUXV, NULL, &data);
+   gdb_byte *ptr = data;
+@@ -117,10 +118,10 @@ target_auxv_search (struct target_ops *o
+     return n;
+ 
+   while (1)
+-    switch (target_auxv_parse (ops, &ptr, data + n, &type, &val))
++    switch (target_auxv_parse (ops, &ptr, data + n, &at_type, &val))
+       {
+       case 1:			/* Here's an entry, check it.  */
+-	if (type == match)
++	if (at_type == match)
+ 	  {
+ 	    xfree (data);
+ 	    *valp = val;
+@@ -143,7 +144,8 @@ target_auxv_search (struct target_ops *o
+ int
+ fprint_target_auxv (struct ui_file *file, struct target_ops *ops)
+ {
+-  CORE_ADDR type, val;
++  CORE_ADDR val;
++  ULONGEST at_type;
+   gdb_byte *data;
+   LONGEST len = target_read_alloc (ops, TARGET_OBJECT_AUXV, NULL,
+ 				   &data);
+@@ -153,14 +155,14 @@ fprint_target_auxv (struct ui_file *file
+   if (len <= 0)
+     return len;
+ 
+-  while (target_auxv_parse (ops, &ptr, data + len, &type, &val) > 0)
++  while (target_auxv_parse (ops, &ptr, data + len, &at_type, &val) > 0)
+     {
+       extern int addressprint;
+       const char *name = "???";
+       const char *description = "";
+       enum { dec, hex, str } flavor = hex;
+ 
+-      switch (type)
++      switch (at_type)
+ 	{
+ #define TAG(tag, text, kind) \
+ 	case tag: name = #tag; description = text; flavor = kind; break
+@@ -213,7 +215,7 @@ fprint_target_auxv (struct ui_file *file
+ 	}
+ 
+       fprintf_filtered (file, "%-4s %-20s %-30s ",
+-			paddr_d (type), name, description);
++			paddr_d (at_type), name, description);
+       switch (flavor)
+ 	{
+ 	case dec:
+Index: gdb/auxv.h
+===================================================================
+--- a/gdb/auxv.h	2008-01-01 23:53:09.000000000 +0100
++++ b/gdb/auxv.h	2008-02-27 08:57:31.000000000 +0100
+@@ -35,14 +35,14 @@ struct target_ops;		/* Forward declarati
+    Return 1 if an entry was read into *TYPEP and *VALP.  */
+ extern int target_auxv_parse (struct target_ops *ops,
+ 			      gdb_byte **readptr, gdb_byte *endptr,
+-			      CORE_ADDR *typep, CORE_ADDR *valp);
++			      ULONGEST *typep, CORE_ADDR *valp);
+ 
+ /* Extract the auxiliary vector entry with a_type matching MATCH.
+    Return zero if no such entry was found, or -1 if there was
+    an error getting the information.  On success, return 1 after
+    storing the entry's value field in *VALP.  */
+ extern int target_auxv_search (struct target_ops *ops,
+-			       CORE_ADDR match, CORE_ADDR *valp);
++			       ULONGEST match, CORE_ADDR *valp);
+ 
+ /* Print the contents of the target's AUXV on the specified file. */
+ extern int fprint_target_auxv (struct ui_file *file, struct target_ops *ops);
+Index: gdb/breakpoint.h
+===================================================================
+--- a/gdb/breakpoint.h	2008-02-01 17:24:46.000000000 +0100
++++ b/gdb/breakpoint.h	2008-02-27 08:57:31.000000000 +0100
+@@ -144,6 +144,7 @@ enum enable_state
+ 			   automatically enabled and reset when the call 
+ 			   "lands" (either completes, or stops at another 
+ 			   eventpoint). */
++    bp_startup_disabled,
+     bp_permanent	/* There is a breakpoint instruction hard-wired into
+ 			   the target's code.  Don't try to write another
+ 			   breakpoint instruction on top of it, or restore
+@@ -823,6 +824,10 @@ extern void remove_thread_event_breakpoi
+ 
+ extern void disable_breakpoints_in_shlibs (void);
+ 
++extern void disable_breakpoints_at_startup (int silent);
++
++extern void re_enable_breakpoints_at_startup (void);
++
+ /* This function returns TRUE if ep is a catchpoint. */
+ extern int ep_is_catchpoint (struct breakpoint *);
+ 
+Index: gdb/symfile-mem.c
+===================================================================
+--- a/gdb/symfile-mem.c	2008-01-01 23:53:13.000000000 +0100
++++ b/gdb/symfile-mem.c	2008-02-27 08:57:31.000000000 +0100
+@@ -108,7 +108,7 @@ symbol_file_add_from_memory (struct bfd 
+       }
+ 
+   objf = symbol_file_add_from_bfd (nbfd, from_tty,
+-                                   sai, 0, OBJF_SHARED);
++                                   sai, 2, OBJF_SHARED);
+ 
+   /* This might change our ideas about frames already looked at.  */
+   reinit_frame_cache ();
+Index: gdb/infrun.c
+===================================================================
+--- a/gdb/infrun.c	2008-02-27 08:57:20.000000000 +0100
++++ b/gdb/infrun.c	2008-02-27 08:57:31.000000000 +0100
+@@ -2277,6 +2277,11 @@ process_event_stop_test:
+ #endif
+ 	  target_terminal_inferior ();
+ 
++	  /* For PIE executables, we dont really know where the
++	     breakpoints are going to be until we start up the
++	     inferior.  */
++          re_enable_breakpoints_at_startup ();
++
+ 	  /* If requested, stop when the dynamic linker notifies
+ 	     gdb of events.  This allows the user to get control
+ 	     and place breakpoints in initializer routines for
+Index: gdb/objfiles.c
+===================================================================
+--- a/gdb/objfiles.c	2008-01-01 23:53:12.000000000 +0100
++++ b/gdb/objfiles.c	2008-02-27 08:57:31.000000000 +0100
+@@ -49,6 +49,9 @@
+ #include "source.h"
+ #include "addrmap.h"
+ 
++#include "auxv.h"
++#include "elf/common.h"
++
+ /* Prototypes for local functions */
+ 
+ static void objfile_alloc_data (struct objfile *objfile);
+@@ -260,7 +263,19 @@ init_entry_point_info (struct objfile *o
+ CORE_ADDR
+ entry_point_address (void)
+ {
+-  return symfile_objfile ? symfile_objfile->ei.entry_point : 0;
++  int ret;
++  CORE_ADDR entry_addr;
++
++  /* Find the address of the entry point of the program from the
++     auxv vector.  */
++  ret = target_auxv_search (&current_target, AT_ENTRY, &entry_addr);
++  if (ret == 1)
++     return entry_addr;                                                                              
++  /*if (ret == 0 || ret == -1)*/
++  else
++    {
++      return symfile_objfile ? symfile_objfile->ei.entry_point : 0;
++    }
+ }
+ 
+ /* Create the terminating entry of OBJFILE's minimal symbol table.
+Index: gdb/solib-svr4.c
+===================================================================
+--- a/gdb/solib-svr4.c	2008-02-27 08:57:19.000000000 +0100
++++ b/gdb/solib-svr4.c	2008-02-27 08:59:06.000000000 +0100
+@@ -31,6 +31,8 @@
+ #include "gdbcore.h"
+ #include "target.h"
+ #include "inferior.h"
++#include "auxv.h"
++#include "command.h"
+ 
+ #include "gdb_assert.h"
+ 
+@@ -246,7 +248,9 @@ static char *debug_loader_name;
+ 
+ /* Local function prototypes */
+ 
++#if 0
+ static int match_main (char *);
++#endif
+ 
+ static CORE_ADDR bfd_lookup_symbol (bfd *, char *);
+ 
+@@ -349,10 +353,12 @@ scan_dyntag (int dyntag, bfd *abfd, CORE
+   int arch_size, step, sect_size;
+   long dyn_tag;
+   CORE_ADDR dyn_ptr, dyn_addr;
++  CORE_ADDR entry_addr;
+   gdb_byte *bufend, *bufstart, *buf;
+   Elf32_External_Dyn *x_dynp_32;
+   Elf64_External_Dyn *x_dynp_64;
+   struct bfd_section *sect;
++  int ret;
+ 
+   if (abfd == NULL)
+     return 0;
+@@ -360,19 +366,74 @@ scan_dyntag (int dyntag, bfd *abfd, CORE
+   if (arch_size == -1)
+    return 0;
+ 
++  /* The auxv vector based relocatable files reading is limited to the main
++     executable.  */
++  gdb_assert (abfd == exec_bfd || ptr == NULL);
++
++  if (ptr != NULL)
++    {
++      /* Find the address of the entry point of the program from the
++	 auxv vector.  */
++      ret = target_auxv_search (&current_target, AT_ENTRY, &entry_addr);
++
++      if (ret == 0 || ret == -1)
++	{
++	  /* No auxv info, maybe an older kernel. Fake our way through.  */
++	  entry_addr = bfd_get_start_address (exec_bfd); 
++
++	  if (debug_solib)
++	    fprintf_unfiltered (gdb_stdlog,
++				"elf_locate_base: program entry address not found. Using bfd's 0x%s for %s\n",
++				paddr_nz (entry_addr), exec_bfd->filename);
++	}
++      else
++	{
++	  if (debug_solib)
++	    fprintf_unfiltered (gdb_stdlog,
++				"elf_locate_base: found program entry address 0x%s for %s\n",
++				paddr_nz (entry_addr), exec_bfd->filename);
++	}
++    }
++
+   /* Find the start address of the .dynamic section.  */
+   sect = bfd_get_section_by_name (abfd, ".dynamic");
+   if (sect == NULL)
+-    return 0;
++    { 
++      if (debug_solib)
++	fprintf_unfiltered (gdb_stdlog,
++			    "elf_locate_base: .dynamic section not found in %s -- return now\n",
++			    exec_bfd->filename);
++      return 0;
++    }
++  else
++    { 
++      if (debug_solib)
++	fprintf_unfiltered (gdb_stdlog,
++			    "elf_locate_base: .dynamic section found in %s\n",
++			    exec_bfd->filename);
++    }
++
+   dyn_addr = bfd_section_vma (abfd, sect);
++  if (debug_solib)
++    fprintf_unfiltered (gdb_stdlog,
++			"elf_locate_base: .dynamic addr 0x%s\n",
++			paddr_nz (dyn_addr));
+ 
+   /* Read in .dynamic from the BFD.  We will get the actual value
+      from memory later.  */
+   sect_size = bfd_section_size (abfd, sect);
+   buf = bufstart = alloca (sect_size);
++  if (debug_solib) 
++    fprintf_unfiltered (gdb_stdlog, 
++                        "elf_locate_base: read in .dynamic section\n");
+   if (!bfd_get_section_contents (abfd, sect,
+ 				 buf, 0, sect_size))
+-    return 0;
++    { 
++      if (debug_solib)
++	fprintf_unfiltered (gdb_stdlog,
++			    "elf_locate_base: couldn't read .dynamic section -- return now\n");
++      return 0;
++    }
+ 
+   /* Iterate over BUF and scan for DYNTAG.  If found, set PTR and return.  */
+   step = (arch_size == 32) ? sizeof (Elf32_External_Dyn)
+@@ -405,9 +466,43 @@ scan_dyntag (int dyntag, bfd *abfd, CORE
+ 	     CORE_ADDR ptr_addr;
+ 
+ 	     ptr_addr = dyn_addr + (buf - bufstart) + arch_size / 8;
++	     if (ptr != NULL)
++	       {
++		 if (debug_solib)
++		   fprintf_unfiltered (gdb_stdlog,
++				       "elf_locate_base: unrelocated ptr addr 0x%s\n",
++				       paddr_nz (ptr_addr));
++		 ptr_addr += entry_addr - bfd_get_start_address (exec_bfd);
++		 if (debug_solib) 
++		   fprintf_unfiltered (gdb_stdlog, 
++				       "elf_locate_base: relocated ptr addr 0x%s"
++				       " (auxv entry 0x%s, bfd start address 0x%s)"
++				       " for %s\n",
++				       paddr_nz (ptr_addr), paddr_nz (entry_addr),
++				       paddr_nz (bfd_get_start_address (exec_bfd)),
++				       exec_bfd->filename);
++	       }
+ 	     if (target_read_memory (ptr_addr, ptr_buf, arch_size / 8) == 0)
+-	       dyn_ptr = extract_typed_address (ptr_buf,
+-						builtin_type_void_data_ptr);
++	       {
++		 dyn_ptr = extract_typed_address (ptr_buf,
++						  builtin_type_void_data_ptr);
++		 if (ptr != NULL)
++		   {
++		     if (debug_solib)
++		       fprintf_unfiltered (gdb_stdlog,
++					   "elf_locate_base: Tag entry has value 0x%s -- return now\n",
++					   paddr_nz (dyn_ptr));
++		   }
++	       }
++	     else
++	       {
++		 if (ptr != NULL)
++		   {
++		     if (debug_solib)
++		       fprintf_unfiltered (gdb_stdlog,
++					   "elf_locate_base: Couldn't read tag entry value -- return now\n");
++		   }
++	       }
+ 	     *ptr = dyn_ptr;
+ 	   }
+ 	 return 1;
+@@ -544,6 +639,10 @@ solib_svr4_r_map (void)
+ {
+   struct link_map_offsets *lmo = svr4_fetch_link_map_offsets ();
+ 
++  if (debug_solib)
++    fprintf_unfiltered (gdb_stdlog, 
++                        "solib_svr4_r_map: read at 0x%s\n",
++                        paddr_nz (debug_base + lmo->r_map_offset));
+   return read_memory_typed_address (debug_base + lmo->r_map_offset,
+ 				    builtin_type_void_data_ptr);
+ }
+@@ -713,6 +812,11 @@ svr4_current_sos (void)
+   struct so_list *head = 0;
+   struct so_list **link_ptr = &head;
+   CORE_ADDR ldsomap = 0;
++  const char *filename = exec_bfd ? exec_bfd->filename : "<none>";
++
++  if (debug_solib)
++    fprintf_unfiltered (gdb_stdlog, 
++                        "svr4_current_sos: exec_bfd %s\n", filename);
+ 
+   /* Always locate the debug struct, in case it has moved.  */
+   debug_base = 0;
+@@ -721,10 +825,19 @@ svr4_current_sos (void)
+   /* If we can't find the dynamic linker's base structure, this
+      must not be a dynamically linked executable.  Hmm.  */
+   if (! debug_base)
+-    return svr4_default_sos ();
++    {
++      if (debug_solib)
++	fprintf_unfiltered (gdb_stdlog, 
++			    "svr4_current_sos: no DT_DEBUG found in %s -- return now\n",
++			    filename);
++      return svr4_default_sos ();
++    }
+ 
+   /* Walk the inferior's link map list, and build our list of
+      `struct so_list' nodes.  */
++  if (debug_solib)
++    fprintf_unfiltered (gdb_stdlog, 
++			"svr4_current_sos: walk link map in %s\n", filename);
+   lm = solib_svr4_r_map ();
+ 
+   while (lm)
+@@ -740,23 +853,103 @@ svr4_current_sos (void)
+       new->lm_info->lm = xzalloc (lmo->link_map_size);
+       make_cleanup (xfree, new->lm_info->lm);
+ 
++      if (debug_solib)
++        fprintf_unfiltered (gdb_stdlog, 
++                            "svr4_current_sos: read lm at 0x%s\n", paddr_nz(lm));
+       read_memory (lm, new->lm_info->lm, lmo->link_map_size);
+ 
+       lm = LM_NEXT (new);
+ 
++      if (debug_solib)
++        fprintf_unfiltered (gdb_stdlog,
++                            "svr4_current_sos: is first link entry? %d\n",
++                            IGNORE_FIRST_LINK_MAP_ENTRY (new));
++
+       /* For SVR4 versions, the first entry in the link map is for the
+          inferior executable, so we must ignore it.  For some versions of
+          SVR4, it has no name.  For others (Solaris 2.3 for example), it
+          does have a name, so we can no longer use a missing name to
+          decide when to ignore it. */
+-      if (IGNORE_FIRST_LINK_MAP_ENTRY (new) && ldsomap == 0)
+-	free_so (new);
++      if (exec_bfd != NULL && IGNORE_FIRST_LINK_MAP_ENTRY (new) && ldsomap == 0)
++	{
++          /* It is the first link map entry, i.e. it is the main executable.  */
++
++	  if (bfd_get_start_address (exec_bfd) == entry_point_address ())
++	    {
++              /* Non-pie case, main executable has not been relocated.  */
++	      free_so (new);
++	    }
++	  else
++	    {
++              /* Pie case, main executable has been relocated.  */
++	      struct so_list *gdb_solib;
++
++	      if (debug_solib)
++		fprintf_unfiltered (gdb_stdlog,
++				    "svr4_current_sos: Processing first link map entry\n");
++	      strncpy (new->so_name, exec_bfd->filename,
++		       SO_NAME_MAX_PATH_SIZE - 1);
++	      new->so_name[SO_NAME_MAX_PATH_SIZE - 1] = '\0';
++	      strcpy (new->so_original_name, new->so_name);
++	      /*new->main = 1;*/
++	      new->main_relocated = 0;
++            
++	      if (debug_solib)
++		{ 
++		  fprintf_unfiltered (gdb_stdlog,
++				      "svr4_current_sos: Processing nameless DSO\n");
++		  fprintf_unfiltered (gdb_stdlog,
++				      "svr4_current_sos: adding name %s\n",
++				      new->so_name);
++		}
++
++	      for (gdb_solib = master_so_list ();
++                   gdb_solib;
++                   gdb_solib = gdb_solib->next)
++		{
++		  if (debug_solib)
++		    fprintf_unfiltered (gdb_stdlog,
++					"svr4_current_sos: compare gdb %s and new %s\n",
++					gdb_solib->so_name, new->so_name);
++		  if (strcmp (gdb_solib->so_name, new->so_name) == 0)
++		    if (gdb_solib->main_relocated)
++		      { 
++			if (debug_solib)
++			  fprintf_unfiltered (gdb_stdlog,
++					      "svr4_current_sos: found main relocated\n");
++			break;
++		      }
++		}
++
++	      if ((gdb_solib && !gdb_solib->main_relocated) || (!gdb_solib))
++		{
++		  add_to_target_sections (0 /*from_tty*/, &current_target, new);
++		  new->main = 1;
++		}
++
++	      /* We need this in the list of shared libs we return because
++		 solib_add_stub will loop through it and add the symbol file.  */
++	      new->next = 0;
++	      *link_ptr = new;
++	      link_ptr = &new->next; 
++	    }
++	} /* End of IGNORE_FIRST_LINK_MAP_ENTRY  */
+       else
+ 	{
++          /* This is not the first link map entry, i.e. is not the main
++             executable.  Note however that it could be the DSO supplied on
++             certain systems (i.e. Linux 2.6) containing information about
++             the vsyscall page.  We must ignore such entry. This entry is 
++             nameless (just like the one for the main executable, sigh).  */
++
+ 	  int errcode;
+ 	  char *buffer;
+ 
+ 	  /* Extract this shared object's name.  */
++	  if (debug_solib)
++	    fprintf_unfiltered (gdb_stdlog, 
++                                "svr4_current_sos: read LM_NAME\n");
++
+ 	  target_read_string (LM_NAME (new), &buffer,
+ 			      SO_NAME_MAX_PATH_SIZE - 1, &errcode);
+ 	  if (errcode != 0)
+@@ -764,23 +957,35 @@ svr4_current_sos (void)
+ 		     safe_strerror (errcode));
+ 	  else
+ 	    {
+-	      strncpy (new->so_name, buffer, SO_NAME_MAX_PATH_SIZE - 1);
+-	      new->so_name[SO_NAME_MAX_PATH_SIZE - 1] = '\0';
+-	      strcpy (new->so_original_name, new->so_name);
+-	    }
+-	  xfree (buffer);
+-
+-	  /* If this entry has no name, or its name matches the name
+-	     for the main executable, don't include it in the list.  */
+-	  if (! new->so_name[0]
+-	      || match_main (new->so_name))
+-	    free_so (new);
+-	  else
+-	    {
+-	      new->next = 0;
+-	      *link_ptr = new;
+-	      link_ptr = &new->next;
++	      if (debug_solib)
++		fprintf_unfiltered (gdb_stdlog, 
++				    "svr4_current_sos: LM_NAME is <%s>\n",
++				    buffer);
++	      /* The name could be empty, in which case it is the
++		 system supplied DSO.  */
++	      if (strcmp (buffer, "") == 0)
++		free_so (new);
++	      else
++		{
++		  strncpy (new->so_name, buffer, SO_NAME_MAX_PATH_SIZE - 1);
++		  new->so_name[SO_NAME_MAX_PATH_SIZE - 1] = '\0';
++		  strcpy (new->so_original_name, new->so_name);
++		  if (debug_solib)
++		    {
++		      fprintf_unfiltered (gdb_stdlog, 
++					  "svr4_current_sos: Processing DSO: %s\n",
++					  new->so_name);
++		      fprintf_unfiltered (gdb_stdlog,
++					  "svr4_current_sos: first link entry %d\n",
++					  IGNORE_FIRST_LINK_MAP_ENTRY (new));
++		    }
++
++		  new->next = 0;
++		  *link_ptr = new;
++		  link_ptr = &new->next;
++		}
+ 	    }
++          xfree (buffer);
+ 	}
+ 
+       /* On Solaris, the dynamic linker is not in the normal list of
+@@ -796,6 +1001,9 @@ svr4_current_sos (void)
+   if (head == NULL)
+     return svr4_default_sos ();
+ 
++  if (debug_solib)
++    fprintf_unfiltered (gdb_stdlog, "svr4_current_sos: ENDS %s\n", filename);
++
+   return head;
+ }
+ 
+@@ -875,7 +1083,7 @@ svr4_fetch_objfile_link_map (struct objf
+ /* On some systems, the only way to recognize the link map entry for
+    the main executable file is by looking at its name.  Return
+    non-zero iff SONAME matches one of the known main executable names.  */
+-
++#if 0
+ static int
+ match_main (char *soname)
+ {
+@@ -889,6 +1097,7 @@ match_main (char *soname)
+ 
+   return (0);
+ }
++#endif
+ 
+ /* Return 1 if PC lies in the dynamic symbol resolution code of the
+    SVR4 run time loader.  */
+@@ -1040,6 +1249,11 @@ enable_break (void)
+   /* Find the .interp section; if not found, warn the user and drop
+      into the old breakpoint at symbol code.  */
+   interp_sect = bfd_get_section_by_name (exec_bfd, ".interp");
++
++  if (debug_solib)
++     fprintf_unfiltered (gdb_stdlog,
++                         "enable_break: search for .interp in %s\n",
++                         exec_bfd->filename);
+   if (interp_sect)
+     {
+       unsigned int interp_sect_size;
+@@ -1074,6 +1288,9 @@ enable_break (void)
+       if (tmp_fd >= 0)
+ 	tmp_bfd = bfd_fopen (tmp_pathname, gnutarget, FOPEN_RB, tmp_fd);
+ 
++      if (debug_solib)
++         fprintf_unfiltered (gdb_stdlog,
++                            "enable_break: opening %s\n", tmp_pathname);
+       if (tmp_bfd == NULL)
+ 	goto bkpt_at_symbol;
+ 
+@@ -1180,6 +1397,9 @@ enable_break (void)
+       if (sym_addr != 0)
+ 	{
+ 	  create_solib_event_breakpoint (load_addr + sym_addr);
++          if (debug_solib)
++            fprintf_unfiltered (gdb_stdlog,
++                               "enable_break: solib bp set\n");
+ 	  return 1;
+ 	}
+ 
+@@ -1440,6 +1660,8 @@ svr4_solib_create_inferior_hook (void)
+   while (stop_signal != TARGET_SIGNAL_TRAP);
+   stop_soon = NO_STOP_QUIETLY;
+ #endif /* defined(_SCO_DS) */
++ 
++   disable_breakpoints_at_startup (1); 
+ }
+ 
+ static void
+@@ -1620,6 +1842,75 @@ svr4_lp64_fetch_link_map_offsets (void)
+ 
+   return lmp;
+ }
++void
++info_linkmap_command (char *cmd, int from_tty)
++{
++  CORE_ADDR lm;
++                                                                                
++  /* Make sure we've looked up the inferior's dynamic linker's base
++     structure.  */
++  if (! debug_base)
++    {
++      debug_base = locate_base ();
++                                                                                
++      /* If we can't find the dynamic linker's base structure, this
++         must not be a dynamically linked executable.  Hmm.  */
++      if (! debug_base)
++        {
++          if (debug_solib)
++            fprintf_unfiltered (gdb_stdlog,
++                                "svr4_print_linkmap: no DT_DEBUG found in %s -- return now\n",
++                                exec_bfd->filename);
++          return;
++        }
++    }
++                                                                                
++  /* Walk the inferior's link map list, and print the info.  */
++ 
++  lm = solib_svr4_r_map ();
++  while (lm)
++    {
++      int errcode;
++      char *buffer;
++      CORE_ADDR load_addr;
++
++      struct link_map_offsets *lmo = svr4_fetch_link_map_offsets ();
++      struct so_list *new
++        = (struct so_list *) xmalloc (sizeof (struct so_list));
++      struct cleanup *old_chain = make_cleanup (xfree, new);
++
++      memset (new, 0, sizeof (*new));
++
++      new->lm_info = xmalloc (sizeof (struct lm_info));
++      make_cleanup (xfree, new->lm_info);
++
++      new->lm_info->lm = xmalloc (lmo->link_map_size);
++      make_cleanup (xfree, new->lm_info->lm);
++      memset (new->lm_info->lm, 0, lmo->link_map_size);
++
++      if (debug_solib)
++        fprintf_unfiltered (gdb_stdlog,
++                            "svr4_print_linkmap: read lm at 0x%s\n", paddr_nz(lm));
++      read_memory (lm, new->lm_info->lm, lmo->link_map_size);
++
++      lm = LM_NEXT (new);
++
++      /* Load address.  */
++      load_addr = LM_ADDR_CHECK (new, NULL);
++      /* Shared object's name.  */
++      target_read_string (LM_NAME (new), &buffer,
++			  SO_NAME_MAX_PATH_SIZE - 1, &errcode);
++      make_cleanup (xfree, buffer);
++      if (errcode != 0)
++	{
++	  warning ("svr4_print_linkmap: Can't read pathname for load map: %s\n",
++		   safe_strerror (errcode));
++	}
++      fprintf_filtered (gdb_stdout, "%-8s %-30s\n", paddr(load_addr), buffer);
++      do_cleanups (old_chain);
++    }
++}                                                                                
++
+ 
+ 
+ struct target_so_ops svr4_so_ops;
+@@ -1678,4 +1969,7 @@ _initialize_svr4_solib (void)
+   svr4_so_ops.in_dynsym_resolve_code = svr4_in_dynsym_resolve_code;
+   svr4_so_ops.lookup_lib_global_symbol = elf_lookup_lib_symbol;
+   svr4_so_ops.same = svr4_same;
++
++  add_info ("linkmap", info_linkmap_command,
++	    "Display the inferior's linkmap.");
+ }
+Index: gdb/varobj.c
+===================================================================
+--- a/gdb/varobj.c	2008-02-04 08:49:04.000000000 +0100
++++ b/gdb/varobj.c	2008-02-27 08:57:31.000000000 +0100
+@@ -1078,6 +1078,62 @@ install_new_value (struct varobj *var, s
+   return changed;
+ }
+ 
++void
++varobj_refresh (void)
++{
++  struct varobj *var;
++  struct varobj_root *croot;
++  int mycount = rootcount;
++  char * name;
++
++  croot = rootlist;
++  while ((croot != NULL) && (mycount > 0))
++    {
++      var = croot->rootvar;
++
++      /* Get rid of the memory for the old expression.  This also
++         leaves var->root->exp == NULL, which is ok for the parsing
++         below.  */
++      free_current_contents (&var->root->exp);
++
++      value_free (var->value);
++      var->type = NULL;
++
++      name = xstrdup (var->name);
++
++      /* Reparse the expression.  Wrap the call to parse expression,
++         so we can return a sensible error. */
++      if (!gdb_parse_exp_1 (&name, var->root->valid_block, 0, &var->root->exp))
++        {
++          return;
++        }
++
++      /* We definitively need to catch errors here.
++         If evaluate_expression succeeds we got the value we wanted.
++         But if it fails, we still go on with a call to evaluate_type()  */
++      if (gdb_evaluate_expression (var->root->exp, &var->value))
++        {
++          /* no error */
++          release_value (var->value);
++          if (value_lazy (var->value))
++            gdb_value_fetch_lazy (var->value);
++        }
++      else
++        var->value = evaluate_type (var->root->exp);
++
++      var->type = value_type (var->value);
++
++      mycount--;
++      croot = croot->next;
++    }
++
++  if (mycount || (croot != NULL))
++    warning
++      ("varobj_refresh: assertion failed - wrong tally of root vars (%d:%d)",
++       rootcount, mycount);
++}
++
++
+ /* Update the values for a variable and its children.  This is a
+    two-pronged attack.  First, re-parse the value for the root's
+    expression to see if it's changed.  Then go all the way
+Index: gdb/solist.h
+===================================================================
+--- a/gdb/solist.h	2008-01-07 16:19:58.000000000 +0100
++++ b/gdb/solist.h	2008-02-27 08:57:31.000000000 +0100
+@@ -61,6 +61,8 @@ struct so_list
+     bfd *abfd;
+     char symbols_loaded;	/* flag: symbols read in yet? */
+     char from_tty;		/* flag: print msgs? */
++    char main;                  /* flag: is this the main executable? */
++    char main_relocated;        /* flag: has it been relocated yet? */
+     struct objfile *objfile;	/* objfile for loaded lib */
+     struct section_table *sections;
+     struct section_table *sections_end;
+@@ -127,9 +129,15 @@ void free_so (struct so_list *so);
+ /* Return address of first so_list entry in master shared object list.  */
+ struct so_list *master_so_list (void);
+ 
++/* Return address of first so_list entry in master shared object list.  */
++struct so_list *master_so_list (void);
++
+ /* Find solib binary file and open it.  */
+ extern int solib_open (char *in_pathname, char **found_pathname);
+ 
++/* Add the list of sections in so_list to the target to_sections.  */
++extern void add_to_target_sections (int, struct target_ops *, struct so_list *);
++
+ /* FIXME: gdbarch needs to control this variable */
+ extern struct target_so_ops *current_target_so_ops;
+ 
+@@ -140,4 +148,6 @@ struct symbol *solib_global_lookup (cons
+ 				    const domain_enum domain,
+ 				    struct symtab **symtab);
+ 
++/* Controls the printing of debugging output.  */
++extern int debug_solib;
+ #endif
+Index: gdb/varobj.h
+===================================================================
+--- a/gdb/varobj.h	2008-01-30 08:17:31.000000000 +0100
++++ b/gdb/varobj.h	2008-02-27 08:57:31.000000000 +0100
+@@ -122,4 +122,6 @@ extern void varobj_invalidate (void);
+ 
+ extern int varobj_editable_p (struct varobj *var);
+ 
++extern void varobj_refresh(void);
++
+ #endif /* VAROBJ_H */
+Index: gdb/symfile.c
+===================================================================
+--- a/gdb/symfile.c	2008-01-29 23:47:20.000000000 +0100
++++ b/gdb/symfile.c	2008-02-27 08:57:31.000000000 +0100
+@@ -47,6 +47,7 @@
+ #include "readline/readline.h"
+ #include "gdb_assert.h"
+ #include "block.h"
++#include "varobj.h"
+ #include "observer.h"
+ #include "exec.h"
+ #include "parser-defs.h"
+@@ -778,7 +779,7 @@ syms_from_objfile (struct objfile *objfi
+ 
+   /* Now either addrs or offsets is non-zero.  */
+ 
+-  if (mainline)
++  if (mainline == 1)
+     {
+       /* We will modify the main symbol table, make sure that all its users
+          will be cleaned up if an error occurs during symbol reading.  */
+@@ -806,7 +807,7 @@ syms_from_objfile (struct objfile *objfi
+ 
+      We no longer warn if the lowest section is not a text segment (as
+      happens for the PA64 port.  */
+-  if (!mainline && addrs && addrs->other[0].name)
++  if (/*!mainline &&*/ addrs && addrs->other[0].name)
+     {
+       asection *lower_sect;
+       asection *sect;
+@@ -975,17 +976,21 @@ new_symfile_objfile (struct objfile *obj
+   /* If this is the main symbol file we have to clean up all users of the
+      old main symbol file. Otherwise it is sufficient to fixup all the
+      breakpoints that may have been redefined by this symbol file.  */
+-  if (mainline)
++  if (mainline == 1)
+     {
+       /* OK, make it the "real" symbol file.  */
+       symfile_objfile = objfile;
+ 
+       clear_symtab_users ();
+     }
+-  else
++  else if (mainline == 0)
+     {
+       breakpoint_re_set ();
+     }
++  else
++    {
++      /* Don't reset breakpoints or it will screw up PIE.  */
++    }
+ 
+   /* We're done reading the symbol file; finish off complaints.  */
+   clear_complaints (&symfile_complaints, 0, verbo);
+@@ -1028,7 +1033,7 @@ symbol_file_add_with_addrs_or_offsets (b
+      interactively wiping out any existing symbols.  */
+ 
+   if ((have_full_symbols () || have_partial_symbols ())
+-      && mainline
++      && (mainline == 1)
+       && from_tty
+       && !query ("Load new symbol table from \"%s\"? ", name))
+     error (_("Not confirmed."));
+@@ -1212,6 +1217,10 @@ symbol_file_clear (int from_tty)
+ 		    symfile_objfile->name)
+ 	  : !query (_("Discard symbol table? "))))
+     error (_("Not confirmed."));
++#ifdef CLEAR_SOLIB
++      CLEAR_SOLIB ();
++#endif
++
+     free_all_objfiles ();
+ 
+     /* solib descriptors may have handles to objfiles.  Since their
+@@ -2466,6 +2475,8 @@ reread_symbols (void)
+ 	      /* Discard cleanups as symbol reading was successful.  */
+ 	      discard_cleanups (old_cleanups);
+ 
++	      init_entry_point_info (objfile);
++
+ 	      /* If the mtime has changed between the time we set new_modtime
+ 	         and now, we *want* this to be out of date, so don't call stat
+ 	         again now.  */
+@@ -2834,6 +2845,7 @@ clear_symtab_users (void)
+   breakpoint_re_set ();
+   set_default_breakpoint (0, 0, 0, 0);
+   clear_pc_function_cache ();
++  varobj_refresh ();
+   observer_notify_new_objfile (NULL);
+ 
+   /* Clear globals which might have pointed into a removed objfile.
+Index: gdb/breakpoint.c
+===================================================================
+--- a/gdb/breakpoint.c	2008-02-27 08:57:20.000000000 +0100
++++ b/gdb/breakpoint.c	2008-02-27 08:57:31.000000000 +0100
+@@ -923,7 +923,7 @@ update_watchpoint (struct breakpoint *b,
+       value_release_to_mark (mark);
+ 
+       /* Look at each value on the value chain.  */
+-      for (; v; v = next)
++      for (; v; v = value_next (v))
+ 	{
+ 	  /* If it's a memory location, and GDB actually needed
+ 	     its contents to evaluate the expression, then we
+@@ -3882,7 +3882,8 @@ describe_other_breakpoints (CORE_ADDR pc
+ 	      printf_filtered (" (thread %d)", b->thread);
+ 	    printf_filtered ("%s%s ",
+ 			     ((b->enable_state == bp_disabled || 
+-			       b->enable_state == bp_call_disabled) 
++			       b->enable_state == bp_call_disabled ||
++			       b->enable_state == bp_startup_disabled)
+ 			      ? " (disabled)"
+ 			      : b->enable_state == bp_permanent 
+ 			      ? " (permanent)"
+@@ -4534,6 +4535,62 @@ disable_breakpoints_in_unloaded_shlib (s
+   }
+ }
+ 
++void
++disable_breakpoints_at_startup (int silent)
++{
++  struct breakpoint *b;
++  int disabled_startup_breaks = 0;
++
++  if (bfd_get_start_address (exec_bfd) != entry_point_address ())
++    {
++      ALL_BREAKPOINTS (b)
++	{
++	  if (((b->type == bp_breakpoint) ||
++	       (b->type == bp_hardware_breakpoint)) &&
++	      b->enable_state == bp_enabled &&
++	      !b->loc->duplicate)
++	    {
++	      b->enable_state = bp_startup_disabled;
++	      if (!silent)
++		{
++		  if (!disabled_startup_breaks)
++		    {
++		      target_terminal_ours_for_output ();
++		      warning ("Temporarily disabling breakpoints:");
++		    }
++		  disabled_startup_breaks = 1;
++		  warning ("breakpoint #%d addr 0x%s", b->number, paddr_nz(b->loc->address));
++		}
++	    }
++	}
++    }
++}
++
++/* Try to reenable any breakpoints after startup.  */
++void
++re_enable_breakpoints_at_startup (void)
++{
++  struct breakpoint *b;
++
++  if (bfd_get_start_address (exec_bfd) != entry_point_address ())
++    {
++      ALL_BREAKPOINTS (b)
++	if (b->enable_state == bp_startup_disabled)
++	  {
++	    char buf[1];
++
++	    /* Do not reenable the breakpoint if the shared library
++	       is still not mapped in.  */
++	    if (target_read_memory (b->loc->address, buf, 1) == 0)
++	      {
++		/*printf ("enabling breakpoint at 0x%s\n", paddr_nz(b->loc->address));*/
++		b->enable_state = bp_enabled;
++	      }
++	  }
++    }
++}
++
++
+ static void
+ create_fork_vfork_event_catchpoint (int tempflag, char *cond_string,
+ 				    enum bptype bp_kind)
+Index: gdb/solib.c
+===================================================================
+--- a/gdb/solib.c	2008-01-07 16:19:58.000000000 +0100
++++ b/gdb/solib.c	2008-02-27 08:57:31.000000000 +0100
+@@ -79,6 +79,8 @@ set_solib_ops (struct gdbarch *gdbarch, 
+ 
+ /* external data declarations */
+ 
++int debug_solib;
++
+ /* FIXME: gdbarch needs to control this variable, or else every
+    configuration needs to call set_solib_ops.  */
+ struct target_so_ops *current_target_so_ops;
+@@ -102,6 +104,8 @@ The search path for loading non-absolute
+ 		    value);
+ }
+ 
++void add_to_target_sections (int, struct target_ops *, struct so_list *);
++
+ /*
+ 
+    GLOBAL FUNCTION
+@@ -391,7 +395,6 @@ free_so (struct so_list *so)
+   xfree (so);
+ }
+ 
+-
+ /* Return address of first so_list entry in master shared object list.  */
+ struct so_list *
+ master_so_list (void)
+@@ -399,7 +402,6 @@ master_so_list (void)
+   return so_list_head;
+ }
+ 
+-
+ /* A small stub to get us past the arg-passing pinhole of catch_errors.  */
+ 
+ static int
+@@ -411,15 +413,40 @@ symbol_add_stub (void *arg)
+   /* Have we already loaded this shared object?  */
+   ALL_OBJFILES (so->objfile)
+     {
+-      if (strcmp (so->objfile->name, so->so_name) == 0)
++      /* Found an already loaded shared library.  */
++      if (strcmp (so->objfile->name, so->so_name) == 0
++          && !so->main)
+ 	return 1;
++      /* Found an already loaded main executable.  This could happen in
++         two circumstances. 
++         First case: the main file has already been read in
++         as the first thing that gdb does at startup, and the file
++         hasn't been relocated properly yet. Therefor we need to read
++         it in with the proper section info.
++         Second case: it has been read in with the correct relocation,
++         and therefore we need to skip it.  */
++      if (strcmp (so->objfile->name, so->so_name) == 0 
++          && so->main
++          && so->main_relocated)
++        return 1;
+     }
+ 
+   sap = build_section_addr_info_from_section_table (so->sections,
+                                                     so->sections_end);
+ 
+-  so->objfile = symbol_file_add (so->so_name, so->from_tty,
+-				 sap, 0, OBJF_SHARED);
++  if (so->main)
++    {
++      if (debug_solib)
++        fprintf_unfiltered (gdb_stdlog,
++			    "symbol_add_stub: adding symbols for main\n");
++      so->objfile = symbol_file_add (so->so_name, /*so->from_tty*/ 0,
++   				     sap, 1, 0);
++      so->main_relocated = 1;
++    }
++  else
++    so->objfile = symbol_file_add (so->so_name, so->from_tty,
++				   sap, 0, OBJF_SHARED);
++
+   free_section_addr_info (sap);
+ 
+   return (1);
+@@ -545,6 +572,10 @@ update_solib_list (int from_tty, struct 
+ 	    }
+ 	  else
+ 	    {
++	      if (debug_solib)
++		fprintf_unfiltered (gdb_stdlog,
++				    "update_solib_list: compare gdb:%s and inferior:%s\n",
++				    gdb->so_original_name, i->so_original_name);
+ 	      if (! strcmp (gdb->so_original_name, i->so_original_name))
+ 		break;	      
+ 	    }
+@@ -599,28 +630,7 @@ update_solib_list (int from_tty, struct 
+       /* Fill in the rest of each of the `struct so_list' nodes.  */
+       for (i = inferior; i; i = i->next)
+ 	{
+-	  i->from_tty = from_tty;
+-
+-	  /* Fill in the rest of the `struct so_list' node.  */
+-	  catch_errors (solib_map_sections, i,
+-			"Error while mapping shared library sections:\n",
+-			RETURN_MASK_ALL);
+-
+-	  /* If requested, add the shared object's sections to the TARGET's
+-	     section table.  Do this immediately after mapping the object so
+-	     that later nodes in the list can query this object, as is needed
+-	     in solib-osf.c.  */
+-	  if (target)
+-	    {
+-	      int count = (i->sections_end - i->sections);
+-	      if (count > 0)
+-		{
+-		  int space = target_resize_to_sections (target, count);
+-		  memcpy (target->to_sections + space,
+-			  i->sections,
+-			  count * sizeof (i->sections[0]));
+-		}
+-	    }
++   	  add_to_target_sections (from_tty, target, i);
+ 
+ 	  /* Notify any observer that the shared object has been
+              loaded now that we've added it to GDB's tables.  */
+@@ -716,6 +726,41 @@ solib_add (char *pattern, int from_tty, 
+   }
+ }
+ 
++void
++add_to_target_sections (int from_tty, struct target_ops *target, struct so_list *solib)
++{
++  /* If this is set, then the sections have been already added to the
++     target list.  */
++  if (solib->main)
++    return;
++
++  solib->from_tty = from_tty;
++
++  /* Fill in the rest of the `struct so_list' node.  */
++  catch_errors (solib_map_sections, solib,
++		"Error while mapping shared library sections:\n",
++		RETURN_MASK_ALL);
++
++  /* If requested, add the shared object's sections to the TARGET's
++     section table.  Do this immediately after mapping the object so
++     that later nodes in the list can query this object, as is needed
++     in solib-osf.c.  */
++  if (target)
++    {
++      int count = (solib->sections_end - solib->sections);
++      if (count > 0)
++	{
++	  int space = target_resize_to_sections (target, count);
++          if (debug_solib)
++             fprintf_unfiltered (gdb_stdlog,
++                                 "add_to_target_sections: add %s to to_sections\n",
++                                 solib->so_original_name);
++	  memcpy (target->to_sections + space,
++		  solib->sections,
++		  count * sizeof (solib->sections[0]));
++	}
++    }
++}
+ 
+ /*
+ 
+@@ -1035,4 +1080,12 @@ This takes precedence over the environme
+ 				     reload_shared_libraries,
+ 				     show_solib_search_path,
+ 				     &setlist, &showlist);
++
++  add_setshow_boolean_cmd ("solib", no_class, &debug_solib,
++			   _("\
++Set debugging of GNU/Linux shlib module.\n"), _("\
++Show debugging status of GNU/Linux shlib module.\n"), _("\
++Enables printf debugging output of GNU/Linux shlib module.\n"),
++			   NULL, NULL,
++			   &setdebuglist, &showdebuglist);
+ }
+Index: gdb/elfread.c
+===================================================================
+--- a/gdb/elfread.c	2008-01-01 23:53:09.000000000 +0100
++++ b/gdb/elfread.c	2008-02-27 08:57:31.000000000 +0100
+@@ -644,7 +644,7 @@ elf_symfile_read (struct objfile *objfil
+   /* If we are reinitializing, or if we have never loaded syms yet,
+      set table to empty.  MAINLINE is cleared so that *_read_psymtab
+      functions do not all also re-initialize the psymbol table. */
+-  if (mainline)
++  if (mainline == 1)
+     {
+       init_psymbol_list (objfile, 0);
+       mainline = 0;
+Index: gdb/Makefile.in
+===================================================================
+--- a/gdb/Makefile.in	2008-02-27 08:57:20.000000000 +0100
++++ b/gdb/Makefile.in	2008-02-27 08:57:31.000000000 +0100
+@@ -1914,7 +1914,7 @@ amd64-tdep.o: amd64-tdep.c $(defs_h) $(a
+ 	$(dummy_frame_h) $(frame_h) $(frame_base_h) $(frame_unwind_h) \
+ 	$(inferior_h) $(gdbcmd_h) $(gdbcore_h) $(objfiles_h) $(regcache_h) \
+ 	$(regset_h) $(symfile_h) $(gdb_assert_h) $(amd64_tdep_h) \
+-	$(i387_tdep_h)
++	$(i387_tdep_h) $(exceptions_h)
+ annotate.o: annotate.c $(defs_h) $(annotate_h) $(value_h) $(target_h) \
+ 	$(gdbtypes_h) $(breakpoint_h)
+ arch-utils.o: arch-utils.c $(defs_h) $(arch_utils_h) $(buildsym_h) \
+Index: gdb/amd64-tdep.c
+===================================================================
+--- a/gdb/amd64-tdep.c	2008-02-27 08:57:19.000000000 +0100
++++ b/gdb/amd64-tdep.c	2008-02-27 08:57:31.000000000 +0100
+@@ -36,6 +36,7 @@
+ #include "symfile.h"
+ #include "dwarf2-frame.h"
+ #include "gdb_assert.h"
++#include "exceptions.h"
+ 
+ #include "amd64-tdep.h"
+ #include "i387-tdep.h"
+@@ -731,16 +732,28 @@ amd64_alloc_frame_cache (void)
+    Any function that doesn't start with this sequence will be assumed
+    to have no prologue and thus no valid frame pointer in %rbp.  */
+ 
+-static CORE_ADDR
+-amd64_analyze_prologue (CORE_ADDR pc, CORE_ADDR current_pc,
+-			struct amd64_frame_cache *cache)
++struct amd64_analyze_prologue_data
++  {
++    CORE_ADDR pc, current_pc;
++    struct amd64_frame_cache *cache;
++    CORE_ADDR retval;
++  };
++
++static int
++amd64_analyze_prologue_1 (void *data_pointer)
+ {
++  struct amd64_analyze_prologue_data *data = data_pointer;
++  CORE_ADDR pc = data->pc, current_pc = data->current_pc;
++  struct amd64_frame_cache *cache = data->cache;
+   static gdb_byte proto[3] = { 0x48, 0x89, 0xe5 }; /* movq %rsp, %rbp */
+   gdb_byte buf[3];
+   gdb_byte op;
+ 
+   if (current_pc <= pc)
+-    return current_pc;
++    {
++      data->retval = current_pc;
++      return 1;
++    }
+ 
+   op = read_memory_unsigned_integer (pc, 1);
+ 
+@@ -753,18 +766,57 @@ amd64_analyze_prologue (CORE_ADDR pc, CO
+ 
+       /* If that's all, return now.  */
+       if (current_pc <= pc + 1)
+-        return current_pc;
++        {
++	  data->retval = current_pc;
++	  return 1;
++        }
+ 
+       /* Check for `movq %rsp, %rbp'.  */
+       read_memory (pc + 1, buf, 3);
+       if (memcmp (buf, proto, 3) != 0)
+-	return pc + 1;
++	{
++	  data->retval = pc + 1;
++	  return 1;
++	}
+ 
+       /* OK, we actually have a frame.  */
+       cache->frameless_p = 0;
+-      return pc + 4;
++      data->retval = pc + 4;
++      return 1;
+     }
+ 
++  data->retval = pc;
++  return 1;
++}
++
++/* Catch memory read errors and return just PC in such case.
++   It occurs very early on enable_break->new_symfile_objfile->
++   ->breakpoint_re_set->decode_line_1->decode_variable_1->
++   ->find_function_start_sal  */
++
++static CORE_ADDR
++amd64_analyze_prologue (CORE_ADDR pc, CORE_ADDR current_pc,
++			struct amd64_frame_cache *cache)
++{
++  int status;
++  struct amd64_analyze_prologue_data data;
++  struct ui_file *saved_gdb_stderr;
++
++  /* Suppress error messages.  */
++  saved_gdb_stderr = gdb_stderr;
++  gdb_stderr = ui_file_new ();
++
++  data.pc = pc;
++  data.current_pc = current_pc;
++  data.cache = cache;
++  status = catch_errors (amd64_analyze_prologue_1, &data, "", RETURN_MASK_ALL);
++
++  /* Stop suppressing error messages.  */
++  ui_file_delete (gdb_stderr);
++  gdb_stderr = saved_gdb_stderr;
++
++  if (status)
++    return data.retval;
+   return pc;
+ }
+ 
diff --git a/main/gdb/50_all_gdb-pie-2.patch b/main/gdb/50_all_gdb-pie-2.patch
new file mode 100644
index 0000000000..946d055018
--- /dev/null
+++ b/main/gdb/50_all_gdb-pie-2.patch
@@ -0,0 +1,2122 @@
+Index: gdb-6.8/gdb/testsuite/configure
+===================================================================
+--- gdb-6.8.orig/gdb/testsuite/configure	2007-12-29 06:01:30.000000000 -0800
++++ gdb-6.8/gdb/testsuite/configure	2008-03-30 09:00:52.000000000 -0700
+@@ -3104,7 +3104,7 @@
+ 
+ 
+ 
+-                                                                                                                                                                                              ac_config_files="$ac_config_files Makefile gdb.ada/Makefile gdb.arch/Makefile gdb.asm/Makefile gdb.base/Makefile gdb.cp/Makefile gdb.disasm/Makefile gdb.dwarf2/Makefile gdb.fortran/Makefile gdb.server/Makefile gdb.java/Makefile gdb.mi/Makefile gdb.modula2/Makefile gdb.objc/Makefile gdb.opt/Makefile gdb.pascal/Makefile gdb.threads/Makefile gdb.trace/Makefile gdb.xml/Makefile"
++                                                                                                                                                                                              ac_config_files="$ac_config_files Makefile gdb.ada/Makefile gdb.arch/Makefile gdb.asm/Makefile gdb.base/Makefile gdb.cp/Makefile gdb.disasm/Makefile gdb.dwarf2/Makefile gdb.fortran/Makefile gdb.server/Makefile gdb.pie/Makefile gdb.java/Makefile gdb.mi/Makefile gdb.modula2/Makefile gdb.objc/Makefile gdb.opt/Makefile gdb.pascal/Makefile gdb.threads/Makefile gdb.trace/Makefile gdb.xml/Makefile"
+ cat >confcache <<\_ACEOF
+ # This file is a shell script that caches the results of configure
+ # tests run on this system so they can be shared between configure
+@@ -3665,6 +3665,7 @@
+   "gdb.dwarf2/Makefile" ) CONFIG_FILES="$CONFIG_FILES gdb.dwarf2/Makefile" ;;
+   "gdb.fortran/Makefile" ) CONFIG_FILES="$CONFIG_FILES gdb.fortran/Makefile" ;;
+   "gdb.server/Makefile" ) CONFIG_FILES="$CONFIG_FILES gdb.server/Makefile" ;;
++  "gdb.pie/Makefile" ) CONFIG_FILES="$CONFIG_FILES gdb.pie/Makefile" ;;
+   "gdb.java/Makefile" ) CONFIG_FILES="$CONFIG_FILES gdb.java/Makefile" ;;
+   "gdb.mi/Makefile" ) CONFIG_FILES="$CONFIG_FILES gdb.mi/Makefile" ;;
+   "gdb.modula2/Makefile" ) CONFIG_FILES="$CONFIG_FILES gdb.modula2/Makefile" ;;
+Index: gdb-6.8/gdb/testsuite/configure.ac
+===================================================================
+--- gdb-6.8.orig/gdb/testsuite/configure.ac	2007-10-25 13:30:26.000000000 -0700
++++ gdb-6.8/gdb/testsuite/configure.ac	2008-03-30 09:00:22.000000000 -0700
+@@ -114,7 +114,7 @@
+   gdb.ada/Makefile \
+   gdb.arch/Makefile gdb.asm/Makefile gdb.base/Makefile \
+   gdb.cp/Makefile gdb.disasm/Makefile gdb.dwarf2/Makefile \
+-  gdb.fortran/Makefile gdb.server/Makefile \
++  gdb.fortran/Makefile gdb.server/Makefile gdb.pie/Makefile \
+   gdb.java/Makefile gdb.mi/Makefile gdb.modula2/Makefile \
+   gdb.objc/Makefile gdb.opt/Makefile gdb.pascal/Makefile \
+   gdb.threads/Makefile gdb.trace/Makefile gdb.xml/Makefile])
+Index: gdb-6.8/gdb/testsuite/gdb.pie/Makefile.in
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/Makefile.in	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,19 @@
++VPATH = @srcdir@
++srcdir = @srcdir@
++
++EXECUTABLES =
++MISCELLANEOUS = arch.inc
++
++all info install-info dvi install uninstall installcheck check:
++	@echo "Nothing to be done for $@..."
++
++clean mostlyclean:
++	-rm -f *~ *.o a.out *.x *.ci *.tmp
++	-rm -f core core.coremaker coremaker.core corefile $(EXECUTABLES)
++	-rm -f $(MISCELLANEOUS)
++
++distclean maintainer-clean realclean: clean
++	-rm -f *~ core
++	-rm -f Makefile config.status config.log
++	-rm -f *-init.exp
++	-rm -fr *.log summary detail *.plog *.sum *.psum site.*
+Index: gdb-6.8/gdb/testsuite/gdb.pie/attach.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/attach.c	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,20 @@
++/* This program is intended to be started outside of gdb, and then
++   attached to by gdb.  Thus, it simply spins in a loop.  The loop
++   is exited when & if the variable 'should_exit' is non-zero.  (It
++   is initialized to zero in this program, so the loop will never
++   exit unless/until gdb sets the variable to non-zero.)
++   */
++#include <stdio.h>
++
++int  should_exit = 0;
++
++int main ()
++{
++  int  local_i = 0;
++
++  while (! should_exit)
++    {
++      local_i++;
++    }
++  return 0;
++}
+Index: gdb-6.8/gdb/testsuite/gdb.pie/attach.exp
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/attach.exp	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,432 @@
++#   Copyright 1997, 1999, 2002 Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++# 
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++# 
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
++
++# Please email any bugs, comments, and/or additions to this file to:
++# bug-gdb@prep.ai.mit.edu
++
++if $tracelevel then {
++	strace $tracelevel
++	}
++
++set prms_id 0
++set bug_id 0
++
++# On HP-UX 11.0, this test is causing a process running the program
++# "attach" to be left around spinning.  Until we figure out why, I am
++# commenting out the test to avoid polluting tiamat (our 11.0 nightly
++# test machine) with these processes. RT
++#
++# Setting the magic bit in the target app should work.  I added a
++# "kill", and also a test for the R3 register warning.  JB
++if { [istarget "hppa*-*-hpux*"] } {
++    return 0
++}
++
++# are we on a target board
++if [is_remote target] then {
++    return 0
++}
++
++set testfile "attach"
++set srcfile  ${testfile}.c
++set srcfile2 ${testfile}2.c
++set binfile  ${objdir}/${subdir}/${testfile}
++set binfile2 ${objdir}/${subdir}/${testfile}2
++set escapedbinfile  [string_to_regexp ${objdir}/${subdir}/${testfile}]
++set cleanupfile ${objdir}/${subdir}/${testfile}.awk
++
++#execute_anywhere "rm -f ${binfile} ${binfile2}"
++remote_exec build "rm -f ${binfile} ${binfile2}"
++# For debugging this test
++#
++#log_user 1
++
++# Clean out any old files from past runs.
++#
++remote_exec build "${cleanupfile}"
++
++# build the first test case
++#
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug "additional_flags= -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++# Build the in-system-call test
++
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile2}" "${binfile2}" executable {debug "additional_flags= -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++if [get_compiler_info ${binfile}] {
++    return -1
++}
++
++proc do_attach_tests {} {
++   global gdb_prompt
++   global binfile
++   global escapedbinfile
++   global srcfile
++   global testfile
++   global objdir
++   global subdir
++   global timeout
++
++   # Start the program running and then wait for a bit, to be sure
++   # that it can be attached to.
++   #
++   set testpid [eval exec $binfile &]
++   exec sleep 2
++
++   # Verify that we cannot attach to nonsense.
++   #
++   send_gdb "attach abc\n"
++   gdb_expect {
++      -re ".*Illegal process-id: abc.*$gdb_prompt $"\
++                      {pass "attach to nonsense is prohibited"}
++      -re "Attaching to.*, process .*couldn't open /proc file.*$gdb_prompt $"\
++                      {
++                        # Response expected from /proc-based systems.
++                        pass "attach to nonsense is prohibited" 
++                      }
++      -re "Attaching to.*$gdb_prompt $"\
++                      {fail "attach to nonsense is prohibited (bogus pid allowed)"}
++      -re "$gdb_prompt $" {fail "attach to nonsense is prohibited"}
++      timeout         {fail "(timeout) attach to nonsense is prohibited"}
++   }
++
++   # Verify that we cannot attach to what appears to be a valid
++   # process ID, but is a process that doesn't exist.  Traditionally,
++   # most systems didn't have a process with ID 0, so we take that as
++   # the default.  However, there are a few exceptions.
++   #
++   set boguspid 0
++   if { [istarget "*-*-*bsd*"] } {
++       # In FreeBSD 5.0, PID 0 is used for "swapper".  Use -1 instead
++       # (which should have the desired effect on any version of
++       # FreeBSD, and probably other *BSD's too).
++       set boguspid -1
++   }
++   send_gdb "attach $boguspid\n"
++   gdb_expect {
++       -re "Attaching to.*, process $boguspid.*No such process.*$gdb_prompt $"\
++	       {
++	   # Response expected on ptrace-based systems (i.e. HP-UX 10.20).
++	   pass "attach to nonexistent process is prohibited"
++       }
++       -re "Attaching to.*, process $boguspid failed.*Hint.*$gdb_prompt $"\
++	       {
++	   # Response expected on ttrace-based systems (i.e. HP-UX 11.0).
++	   pass "attach to nonexistent process is prohibited"
++       }
++       -re "Attaching to.*, process $boguspid.*denied.*$gdb_prompt $"\
++	       {pass "attach to nonexistent process is prohibited"}
++       -re "Attaching to.*, process $boguspid.*not permitted.*$gdb_prompt $"\
++	       {pass "attach to nonexistent process is prohibited"}
++       -re "Attaching to.*, process .*couldn't open /proc file.*$gdb_prompt $"\
++	       {
++	   # Response expected from /proc-based systems.
++	   pass "attach to nonexistent process is prohibited"
++       }
++       -re "$gdb_prompt $" {fail "attach to nonexistent process is prohibited"}
++       timeout {
++	   fail "(timeout) attach to nonexistent process is prohibited"
++       }
++   }
++
++   # Verify that we can attach to the process by first giving its
++   # executable name via the file command, and using attach with
++   # the process ID.
++   #
++   # (Actually, the test system appears to do this automatically
++   # for us.  So, we must also be prepared to be asked if we want
++   # to discard an existing set of symbols.)
++   #
++   send_gdb "file $binfile\n"
++   gdb_expect {
++      -re "Load new symbol table from.*y or n.*$" {
++         send_gdb "y\n"
++         gdb_expect {
++            -re "Reading symbols from $escapedbinfile\.\.\.*done.*$gdb_prompt $"\
++                            {pass "(re)set file, before attach1"}
++            -re "$gdb_prompt $" {fail "(re)set file, before attach1"}
++            timeout         {fail "(timeout) (re)set file, before attach1"}
++         }
++      }
++      -re "Reading symbols from $escapedbinfile\.\.\.*done.*$gdb_prompt $"\
++                      {pass "set file, before attach1"}
++      -re "$gdb_prompt $" {fail "set file, before attach1"}
++      timeout         {fail "(timeout) set file, before attach1"}
++   }
++
++   send_gdb "attach $testpid\n"
++   gdb_expect {
++      -re "Attaching to program.*`?$escapedbinfile'?, process $testpid.*main.*at .*$srcfile:.*$gdb_prompt $"\
++                      {pass "attach1, after setting file"}
++      -re "$gdb_prompt $" {fail "attach1, after setting file"}
++      timeout         {fail "(timeout) attach1, after setting file"}
++   }
++
++   # Verify that we can "see" the variable "should_exit" in the
++   # program, and that it is zero.
++   #
++   send_gdb "print should_exit\n"
++   gdb_expect {
++      -re ".* = 0.*$gdb_prompt $"\
++                      {pass "after attach1, print should_exit"}
++      -re "$gdb_prompt $" {fail "after attach1, print should_exit"}
++      timeout         {fail "(timeout) after attach1, print should_exit"}
++   }
++
++   # Detach the process.
++   #
++   send_gdb "detach\n"
++   gdb_expect {
++      -re "Detaching from program: .*$escapedbinfile.*$gdb_prompt $"\
++                      {pass "attach1 detach"}
++      -re "$gdb_prompt $" {fail "attach1 detach"}
++      timeout         {fail "(timeout) attach1 detach"}
++   }
++
++   # Wait a bit for gdb to finish detaching
++   #
++   exec sleep 5
++
++   # Purge the symbols from gdb's brain.  (We want to be certain
++   # the next attach, which won't be preceded by a "file" command,
++   # is really getting the executable file without our help.)
++   #
++   set old_timeout $timeout
++   set timeout 15 
++   send_gdb "file\n"
++   gdb_expect {
++      -re ".*gdb internal error.*$" { 
++          fail "Internal error, prob. Memory corruption" 
++      }
++      -re "No executable file now.*Discard symbol table.*y or n.*$" {
++         send_gdb "y\n"
++         gdb_expect {
++            -re "No symbol file now.*$gdb_prompt $"\
++                            {pass "attach1, purging symbols after detach"}
++            -re "$gdb_prompt $" {fail "attach1, purging symbols after detach"}
++            timeout         {fail "(timeout) attach1, purging symbols after detach"}
++         }
++      }
++      -re "$gdb_prompt $" {fail "attach1, purging file after detach"}
++      timeout         {
++          fail "(timeout) attach1, purging file after detach"
++      }
++   }
++   set timeout $old_timeout
++
++   # Verify that we can attach to the process just by giving the
++   # process ID.
++   #
++   send_gdb "attach $testpid\n"
++   gdb_expect {
++      -re "Attaching to process $testpid.*Reading symbols from $escapedbinfile.*main.*at .*$gdb_prompt $"\
++                      {pass "attach2"}
++      -re "$gdb_prompt $" {fail "attach2"}
++      timeout         {fail "(timeout) attach2"}
++   }
++
++   # Verify that we can modify the variable "should_exit" in the
++   # program.
++   #
++   send_gdb "set should_exit=1\n"
++   gdb_expect {
++      -re "$gdb_prompt $" {pass "after attach2, set should_exit"}
++      timeout         {fail "(timeout) after attach2, set should_exit"}
++   }
++
++   # Verify that the modification really happened.
++   #
++   send_gdb "tbreak 19\n"
++   gdb_expect {
++      -re "Breakpoint .*at.*$srcfile, line 19.*$gdb_prompt $"\
++                      {pass "after attach2, set tbreak postloop"}
++      -re "$gdb_prompt $" {fail "after attach2, set tbreak postloop"}
++      timeout         {fail "(timeout) after attach2, set tbreak postloop"}
++   }
++   send_gdb "continue\n"
++   gdb_expect {
++      -re "main.*at.*$srcfile:19.*$gdb_prompt $"\
++                      {pass "after attach2, reach tbreak postloop"}
++      -re "$gdb_prompt $" {fail "after attach2, reach tbreak postloop"}
++      timeout         {fail "(timeout) after attach2, reach tbreak postloop"}
++   }
++
++   # Allow the test process to exit, to cleanup after ourselves.
++   #
++   send_gdb "continue\n"
++   gdb_expect {
++      -re "Program exited normally.*$gdb_prompt $"\
++                      {pass "after attach2, exit"}
++      -re "$gdb_prompt $" {fail "after attach2, exit"}
++      timeout         {fail "(timeout) after attach2, exit"}
++   }
++
++   # Make sure we don't leave a process around to confuse
++   # the next test run (and prevent the compile by keeping
++   # the text file busy), in case the "set should_exit" didn't
++   # work.
++   #
++   remote_exec build "kill -9 ${testpid}"
++   # Start the program running and then wait for a bit, to be sure
++   # that it can be attached to.
++   #
++   set testpid [eval exec $binfile &]
++   exec sleep 2
++
++   # Verify that we can attach to the process, and find its a.out
++   # when we're cd'd to some directory that doesn't contain the
++   # a.out.  (We use the source path set by the "dir" command.)
++   #
++   send_gdb "dir ${objdir}/${subdir}\n"
++   gdb_expect {
++      -re ".*Source directories searched: .*$gdb_prompt $"\
++                      {pass "set source path"}
++      -re "$gdb_prompt $" {fail "set source path"}
++      timeout         {fail "(timeout) set source path"}
++   }
++
++   send_gdb "cd /tmp\n"
++   gdb_expect {
++      -re ".*Working directory /tmp.*$gdb_prompt $"\
++                      {pass "cd away from process' a.out"}
++      -re "$gdb_prompt $" {fail "cd away from process' a.out"}
++      timeout         {fail "(timeout) cd away from process' a.out"}
++   }
++
++   # Explicitly flush out any knowledge of the previous attachment.
++   send_gdb "symbol\n"
++   gdb_expect {
++      -re ".*Discard symbol table from.*y or n. $"\
++                      {send_gdb "y\n"
++                       gdb_expect {
++                          -re ".*No symbol file now.*$gdb_prompt $"\
++                                          {pass "before attach3, flush symbols"}
++                          -re "$gdb_prompt $" {fail "before attach3, flush symbols"}
++                          timeout         {fail "(timeout) before attach3, flush symbols"}
++                       }
++                      }
++      -re ".*No symbol file now.*$gdb_prompt $"\
++                      {pass "before attach3, flush symbols"}
++      -re "$gdb_prompt $" {fail "before attach3, flush symbols"}
++      timeout         {fail "(timeout) before attach3, flush symbols"}
++   }
++   send_gdb "exec\n"
++   gdb_expect {
++      -re ".*No executable file now.*$gdb_prompt $"\
++                      {pass "before attach3, flush exec"}
++      -re "$gdb_prompt $" {fail "before attach3, flush exec"}
++      timeout         {fail "(timeout) before attach3, flush exec"}
++   }
++
++   send_gdb "attach $testpid\n"
++   gdb_expect {
++      -re "Attaching to process $testpid.*Reading symbols from $escapedbinfile.*main.*at .*$gdb_prompt $"\
++                      {pass "attach when process' a.out not in cwd"}
++      -re "$gdb_prompt $" {fail "attach when process' a.out not in cwd"}
++      timeout         {fail "(timeout) attach when process' a.out not in cwd"}
++   }
++
++   send_gdb "kill\n"
++   gdb_expect {
++      -re ".*Kill the program being debugged.*y or n. $"\
++                      {send_gdb "y\n"
++                       gdb_expect {
++                          -re "$gdb_prompt $" {pass "after attach3, exit"}
++                          timeout {fail "(timeout) after attach3, exit"}
++                       }
++                      }
++      -re "$gdb_prompt $" {fail "after attach3, exit"}
++      timeout         {fail "(timeout) after attach3, exit"}
++   }
++
++   # Another "don't leave a process around"
++   remote_exec build "kill -9 ${testpid}"
++}
++
++proc do_call_attach_tests {} {
++   global gdb_prompt
++   global binfile2
++
++   # Start the program running and then wait for a bit, to be sure
++   # that it can be attached to.
++   #
++   set testpid [eval exec $binfile2 &]
++   exec sleep 2
++
++   # Attach
++   #
++   gdb_test "file $binfile2" ".*" "force switch to gdb64, if necessary"
++   send_gdb "attach $testpid\n"
++   gdb_expect {
++      -re ".*warning: reading register.*I.*O error.*$gdb_prompt $" {
++         fail "attach call, read register 3 error"
++     }
++     -re "Attaching to.*process $testpid.*libc.*$gdb_prompt $" {
++         pass "attach call"
++     }
++      -re "$gdb_prompt $" {fail "attach call"}
++      timeout         {fail "(timeout) attach call"}
++   }
++
++   # See if other registers are problems
++   #
++   send_gdb "i r r3\n"
++   gdb_expect {
++       -re ".*warning: reading register.*$gdb_prompt $" {
++           pass "CHFts23490: known bug"
++       }
++       -re ".*r3.*$gdb_prompt $" {
++           pass "Bug fixed, Yayyy!"
++       }
++       timeout { fail "timeout on info reg" }
++   }
++
++   # Get rid of the process
++   #
++   gdb_test "p should_exit = 1" ".*"
++   gdb_test "c" ".*Program exited normally.*"
++   
++   # Be paranoid
++   #
++    remote_exec build "kill -9 ${testpid}"
++
++}
++
++
++# Start with a fresh gdb
++#
++gdb_exit
++gdb_start
++gdb_reinitialize_dir $srcdir/$subdir
++gdb_load ${binfile}
++
++# This is a test of gdb's ability to attach to a running process.
++#
++do_attach_tests
++
++# Test attaching when the target is inside a system call
++#
++gdb_exit
++gdb_start
++
++gdb_reinitialize_dir $srcdir/$subdir
++do_call_attach_tests
++
++return 0
+Index: gdb-6.8/gdb/testsuite/gdb.pie/attach2.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/attach2.c	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,24 @@
++/* This program is intended to be started outside of gdb, and then
++   attached to by gdb.  Thus, it simply spins in a loop.  The loop
++   is exited when & if the variable 'should_exit' is non-zero.  (It
++   is initialized to zero in this program, so the loop will never
++   exit unless/until gdb sets the variable to non-zero.)
++   */
++#include <stdio.h>
++#include <stdlib.h>
++#include <unistd.h>
++
++int  should_exit = 0;
++
++int main ()
++{
++  int  local_i = 0;
++
++  sleep( 10 ); /* System call causes register fetch to fail */
++               /* This is a known HPUX "feature"            */
++  while (! should_exit)
++    {
++      local_i++;
++    }
++  return (0);
++}
+Index: gdb-6.8/gdb/testsuite/gdb.pie/break.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/break.c	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,146 @@
++/* This testcase is part of GDB, the GNU debugger.
++
++   Copyright 1992, 1993, 1994, 1995, 1999, 2002, 2003 Free Software
++   Foundation, Inc.
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 2 of the License, or
++   (at your option) any later version.
++
++   This program is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++   GNU General Public License for more details.
++ 
++   You should have received a copy of the GNU General Public License
++   along with this program; if not, write to the Free Software
++   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++
++   Please email any bugs, comments, and/or additions to this file to:
++   bug-gdb@prep.ai.mit.edu  */
++
++#ifdef vxworks
++
++#  include <stdio.h>
++
++/* VxWorks does not supply atoi.  */
++static int
++atoi (z)
++     char *z;
++{
++  int i = 0;
++
++  while (*z >= '0' && *z <= '9')
++    i = i * 10 + (*z++ - '0');
++  return i;
++}
++
++/* I don't know of any way to pass an array to VxWorks.  This function
++   can be called directly from gdb.  */
++
++vxmain (arg)
++char *arg;
++{
++  char *argv[2];
++
++  argv[0] = "";
++  argv[1] = arg;
++  main (2, argv, (char **) 0);
++}
++
++#else /* ! vxworks */
++#  include <stdio.h>
++#  include <stdlib.h>
++#endif /* ! vxworks */
++
++#ifdef PROTOTYPES
++extern int marker1 (void);
++extern int marker2 (int a);
++extern void marker3 (char *a, char *b);
++extern void marker4 (long d);
++#else
++extern int marker1 ();
++extern int marker2 ();
++extern void marker3 ();
++extern void marker4 ();
++#endif
++
++/*
++ *	This simple classical example of recursion is useful for
++ *	testing stack backtraces and such.
++ */
++
++#ifdef PROTOTYPES
++int factorial(int);
++
++int
++main (int argc, char **argv, char **envp)
++#else
++int
++main (argc, argv, envp)
++int argc;
++char *argv[], **envp;
++#endif
++{
++#ifdef usestubs
++    set_debug_traps();  /* set breakpoint 5 here */
++    breakpoint();
++#endif
++    if (argc == 12345) {  /* an unlikely value < 2^16, in case uninited */ /* set breakpoint 6 here */
++	fprintf (stderr, "usage:  factorial <number>\n");
++	return 1;
++    }
++    printf ("%d\n", factorial (atoi ("6")));  /* set breakpoint 1 here */
++    /* set breakpoint 12 here */
++    marker1 ();  /* set breakpoint 11 here */
++    marker2 (43); /* set breakpoint 20 here */
++    marker3 ("stack", "trace"); /* set breakpoint 21 here */
++    marker4 (177601976L);
++    argc = (argc == 12345); /* This is silly, but we can step off of it */ /* set breakpoint 2 here */
++    return argc;  /* set breakpoint 10 here */
++}
++
++#ifdef PROTOTYPES
++int factorial (int value)
++#else
++int factorial (value)
++int value;
++#endif
++{
++  if (value > 1) {  /* set breakpoint 7 here */
++	value *= factorial (value - 1);
++    }
++    return (value); /* set breakpoint 19 here */
++}
++
++#ifdef PROTOTYPES
++int multi_line_if_conditional (int a, int b, int c)
++#else
++int multi_line_if_conditional (a, b, c)
++  int a, b, c;
++#endif
++{
++  if (a    /* set breakpoint 3 here */
++      && b
++      && c)
++    return 0;
++  else
++    return 1;
++}
++
++#ifdef PROTOTYPES
++int multi_line_while_conditional (int a, int b, int c)
++#else
++int multi_line_while_conditional (a, b, c)
++  int a, b, c;
++#endif
++{
++  while (a /* set breakpoint 4 here */
++      && b
++      && c)
++    {
++      a--, b--, c--;
++    }
++  return 0;
++}
+Index: gdb-6.8/gdb/testsuite/gdb.pie/break.exp
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/break.exp	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,973 @@
++#   Copyright 1988, 1990, 1991, 1992, 1994, 1995, 1996, 1997, 1998, 1999,
++#   2000, 2002, 2003, 2004
++#   Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++# 
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++# 
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  
++
++# Please email any bugs, comments, and/or additions to this file to:
++# bug-gdb@prep.ai.mit.edu
++
++# This file was written by Rob Savoye. (rob@cygnus.com)
++
++# Test the same stuff but with PIE executables
++
++if $tracelevel then {
++    strace $tracelevel
++}
++
++
++#
++# test running programs
++#
++set prms_id 0
++set bug_id 0
++
++set testfile "break"
++set srcfile ${testfile}.c
++set srcfile1 ${testfile}1.c
++set binfile ${objdir}/${subdir}/${testfile}
++
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}0.o" object {debug "additional_flags=-w -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile1}" "${binfile}1.o" object {debug "additional_flags=-w -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++if  { [gdb_compile "${binfile}0.o ${binfile}1.o" "${binfile}" executable {debug "additional_flags=-w -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++if [get_compiler_info ${binfile}] {
++    return -1
++}
++
++gdb_exit
++gdb_start
++gdb_reinitialize_dir $srcdir/$subdir
++gdb_load ${binfile}
++
++if [target_info exists gdb_stub] {
++    gdb_step_for_stub;
++}
++#
++# test simple breakpoint setting commands
++#
++
++# Test deleting all breakpoints when there are none installed,
++# GDB should not prompt for confirmation.
++# Note that gdb-init.exp provides a "delete_breakpoints" proc
++# for general use elsewhere.
++
++send_gdb "delete breakpoints\n"
++gdb_expect {
++     -re "Delete all breakpoints.*$" {
++	    send_gdb "y\n"
++	    gdb_expect {
++		-re "$gdb_prompt $" {
++		    fail "Delete all breakpoints when none (unexpected prompt)"
++		}
++		timeout	{ fail "Delete all breakpoints when none (timeout after unexpected prompt)" }
++	    }
++	}
++     -re ".*$gdb_prompt $"       { pass "Delete all breakpoints when none" }
++    timeout	            { fail "Delete all breakpoints when none (timeout)" }
++}
++
++#
++# test break at function
++#
++gdb_test "break main" \
++    "Breakpoint.*at.* file .*$srcfile, line.*" \
++    "breakpoint function"
++
++#
++# test break at quoted function
++#
++gdb_test "break \"marker2\"" \
++    "Breakpoint.*at.* file .*$srcfile1, line.*" \
++    "breakpoint quoted function"
++
++#
++# test break at function in file
++#
++gdb_test "break $srcfile:factorial" \
++    "Breakpoint.*at.* file .*$srcfile, line.*" \
++    "breakpoint function in file"
++
++set bp_location1 [gdb_get_line_number "set breakpoint 1 here"]
++
++#
++# test break at line number
++#
++# Note that the default source file is the last one whose source text
++# was printed.  For native debugging, before we've executed the
++# program, this is the file containing main, but for remote debugging,
++# it's wherever the processor was stopped when we connected to the
++# board.  So, to be sure, we do a list command.
++#
++gdb_test "list main" \
++    ".*main \\(argc, argv, envp\\).*" \
++    "use `list' to establish default source file"
++gdb_test "break $bp_location1" \
++    "Breakpoint.*at.* file .*$srcfile, line $bp_location1\\." \
++    "breakpoint line number"
++
++#
++# test duplicate breakpoint
++#
++gdb_test "break $bp_location1" \
++    "Note: breakpoint \[0-9\]+ also set at pc.*Breakpoint \[0-9\]+ at.* file .*$srcfile, line $bp_location1\\." \
++    "breakpoint duplicate"
++
++set bp_location2 [gdb_get_line_number "set breakpoint 2 here"]
++
++#
++# test break at line number in file
++#
++gdb_test "break $srcfile:$bp_location2" \
++    "Breakpoint.*at.* file .*$srcfile, line $bp_location2\\." \
++    "breakpoint line number in file"
++
++set bp_location3 [gdb_get_line_number "set breakpoint 3 here"]
++set bp_location4 [gdb_get_line_number "set breakpoint 4 here"]
++
++#
++# Test putting a break at the start of a multi-line if conditional.
++# Verify the breakpoint was put at the start of the conditional.
++#
++gdb_test "break multi_line_if_conditional" \
++    "Breakpoint.*at.* file .*$srcfile, line $bp_location3\\." \
++    "breakpoint at start of multi line if conditional"
++
++gdb_test "break multi_line_while_conditional" \
++    "Breakpoint.*at.* file .*$srcfile, line $bp_location4\\." \
++    "breakpoint at start of multi line while conditional"
++
++set bp_location5 [gdb_get_line_number "set breakpoint 5 here"]
++set bp_location6 [gdb_get_line_number "set breakpoint 6 here"]
++
++#
++# check to see what breakpoints are set
++#
++if [target_info exists gdb_stub] {
++    set main_line $bp_location5
++} else {
++    set main_line $bp_location6
++}
++
++if {$hp_aCC_compiler} {
++    set proto "\\(int\\)"
++} else {
++    set proto ""
++}
++
++set bp_location7 [gdb_get_line_number "set breakpoint 7 here"]
++set bp_location8 [gdb_get_line_number "set breakpoint 8 here" $srcfile1]
++set bp_location9 [gdb_get_line_number "set breakpoint 9 here" $srcfile1]
++
++gdb_test "info break" \
++    "Num Type\[ \]+Disp Enb Address\[ \]+What.*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in main at .*$srcfile:$main_line.*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in marker2 at .*$srcfile1:($bp_location8|$bp_location9).*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in factorial$proto at .*$srcfile:$bp_location7.*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in main at .*$srcfile:$bp_location1.*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in main at .*$srcfile:$bp_location1.*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in main at .*$srcfile:$bp_location2.*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in multi_line_if_conditional at .*$srcfile:$bp_location3.*
++\[0-9\]+\[\t \]+breakpoint     keep y.* in multi_line_while_conditional at .*$srcfile:$bp_location4" \
++    "breakpoint info"
++
++# FIXME: The rest of this test doesn't work with anything that can't
++# handle arguments.
++# Huh? There doesn't *appear* to be anything that passes arguments
++# below.
++if [istarget "mips-idt-*"] then {
++    return
++}
++
++#
++# run until the breakpoint at main is hit. For non-stubs-using targets.
++#
++if ![target_info exists use_gdb_stub] {
++  if [istarget "*-*-vxworks*"] then {
++    send_gdb "run vxmain \"2\"\n"
++    set timeout 120
++    verbose "Timeout is now $timeout seconds" 2
++  } else {
++	send_gdb "run\n"
++  }
++  gdb_expect {
++    -re "The program .* has been started already.*y or n. $" {
++	send_gdb "y\n"
++	exp_continue
++    }
++    -re "Starting program.*Breakpoint \[0-9\]+,.*main .*argc.*argv.* at .*$srcfile:$bp_location6.*$bp_location6\[\t \]+if .argc.* \{.*$gdb_prompt $"\
++	                    { pass "run until function breakpoint" }
++    -re ".*$gdb_prompt $"       { fail "run until function breakpoint" }
++    timeout	            { fail "run until function breakpoint (timeout)" }
++  }
++} else {
++    if ![target_info exists gdb_stub] {
++	gdb_test continue ".*Continuing\\..*Breakpoint \[0-9\]+, main \\(argc=.*, argv=.*, envp=.*\\) at .*$srcfile:$bp_location6.*$bp_location6\[\t \]+if .argc.*\{.*" "stub continue"
++    }
++}
++
++#
++# run until the breakpoint at a line number
++#
++gdb_test continue "Continuing\\..*Breakpoint \[0-9\]+, main \\(argc=.*, argv=.*, envp=.*\\) at .*$srcfile:$bp_location1.*$bp_location1\[\t \]+printf.*factorial.*" \
++			"run until breakpoint set at a line number"
++
++#
++# Run until the breakpoint set in a function in a file
++#
++for {set i 6} {$i >= 1} {incr i -1} {
++	gdb_test continue "Continuing\\..*Breakpoint \[0-9\]+, factorial \\(value=$i\\) at .*$srcfile:$bp_location7.*$bp_location7\[\t \]+.*if .value > 1. \{.*" \
++			"run until file:function($i) breakpoint"
++}
++
++#
++# Run until the breakpoint set at a quoted function
++#
++gdb_test continue "Continuing\\..*Breakpoint \[0-9\]+, (0x\[0-9a-f\]+ in )?marker2 \\(a=43\\) at .*$srcfile1:($bp_location8|$bp_location9).*" \
++		"run until quoted breakpoint"
++#
++# run until the file:function breakpoint at a line number in a file
++#
++gdb_test continue "Continuing\\..*Breakpoint \[0-9\]+, main \\(argc=.*, argv=.*, envp=.*\\) at .*$srcfile:$bp_location2.*$bp_location2\[\t \]+argc = \\(argc == 12345\\);.*" \
++		"run until file:linenum breakpoint"
++
++# Test break at offset +1
++set bp_location10 [gdb_get_line_number "set breakpoint 10 here"]
++
++gdb_test "break +1" \
++    "Breakpoint.*at.* file .*$srcfile, line $bp_location10\\." \
++    "breakpoint offset +1"
++
++# Check to see if breakpoint is hit when stepped onto
++
++gdb_test "step" \
++    ".*Breakpoint \[0-9\]+, main \\(argc=.*, argv=.*, envp=.*\\) at .*$srcfile:$bp_location10.*$bp_location10\[\t \]+return argc;.*breakpoint 10 here.*" \
++    "step onto breakpoint"
++
++#
++# delete all breakpoints so we can start over, course this can be a test too
++#
++delete_breakpoints
++
++#
++# test temporary breakpoint at function
++#
++
++gdb_test "tbreak main" "Breakpoint.*at.* file .*$srcfile, line.*" "Temporary breakpoint function"
++
++#
++# test break at function in file
++#
++
++gdb_test "tbreak $srcfile:factorial" "Breakpoint.*at.* file .*$srcfile, line.*" \
++	"Temporary breakpoint function in file"
++
++#
++# test break at line number
++#
++send_gdb "tbreak $bp_location1\n"
++gdb_expect {
++    -re "Breakpoint.*at.* file .*$srcfile, line $bp_location1.*$gdb_prompt $" { pass "Temporary breakpoint line number #1" }
++	-re ".*$gdb_prompt $"   { pass "Temporary breakpoint line number #1" }
++	timeout	    { fail "breakpoint line number #1 (timeout)" }
++}
++
++gdb_test "tbreak $bp_location6" "Breakpoint.*at.* file .*$srcfile, line $bp_location6.*" "Temporary breakpoint line number #2"
++
++#
++# test break at line number in file
++#
++send_gdb "tbreak $srcfile:$bp_location2\n"
++gdb_expect {
++    -re "Breakpoint.*at.* file .*$srcfile, line $bp_location2.*$gdb_prompt $" { pass "Temporary breakpoint line number in file #1" }
++	-re ".*$gdb_prompt $"   { pass "Temporary breakpoint line number in file #1" }
++	timeout	    { fail "Temporary breakpoint line number in file #1 (timeout)" }
++}
++
++set bp_location11 [gdb_get_line_number "set breakpoint 11 here"]
++gdb_test  "tbreak $srcfile:$bp_location11" "Breakpoint.*at.* file .*$srcfile, line $bp_location11.*" "Temporary breakpoint line number in file #2"
++
++#
++# check to see what breakpoints are set (temporary this time)
++#
++gdb_test "info break" "Num Type.*Disp Enb Address.*What.*\[\r\n\]
++\[0-9\]+\[\t \]+breakpoint     del.*y.*in main at .*$srcfile:$main_line.*\[\r\n\]
++\[0-9\]+\[\t \]+breakpoint     del.*y.*in factorial$proto at .*$srcfile:$bp_location7.*\[\r\n\]
++\[0-9\]+\[\t \]+breakpoint     del.*y.*in main at .*$srcfile:$bp_location1.*\[\r\n\]
++\[0-9\]+\[\t \]+breakpoint     del.*y.*in main at .*$srcfile:$bp_location6.*\[\r\n\]
++\[0-9\]+\[\t \]+breakpoint     del.*y.*in main at .*$srcfile:$bp_location2.*\[\r\n\]
++\[0-9\]+\[\t \]+breakpoint     del.*y.*in main at .*$srcfile:$bp_location11.*" \
++    "Temporary breakpoint info"
++
++
++#***********
++
++# Verify that catchpoints for fork, vfork and exec don't trigger
++# inappropriately.  (There are no calls to those system functions
++# in this test program.)
++#
++if ![runto_main] then { fail "break tests suppressed" }
++
++send_gdb "catch\n"
++gdb_expect {
++  -re "Catch requires an event name.*$gdb_prompt $"\
++          {pass "catch requires an event name"}
++  -re "$gdb_prompt $"\
++          {fail "catch requires an event name"}
++  timeout {fail "(timeout) catch requires an event name"}
++}
++
++
++set name "set catch fork, never expected to trigger"
++send_gdb "catch fork\n"
++gdb_expect {
++  -re "Catchpoint \[0-9\]* .fork..*$gdb_prompt $"
++          {pass $name}
++  -re "Catch of fork not yet implemented.*$gdb_prompt $"
++	  {pass $name}
++  -re "$gdb_prompt $"
++          {fail $name}
++  timeout {fail "(timeout) $name"}
++}
++
++
++set name "set catch vfork, never expected to trigger"
++send_gdb "catch vfork\n"
++
++# If we are on HP-UX 10.20, we expect an error message to be
++# printed if we type "catch vfork" at the gdb gdb_prompt.  This is
++# because on HP-UX 10.20, we cannot catch vfork events.
++
++if [istarget "hppa*-hp-hpux10.20"] then {
++    gdb_expect {
++	-re "Catch of vfork events not supported on HP-UX 10.20..*$gdb_prompt $"
++		{pass $name}
++	-re "$gdb_prompt $"
++		{fail $name}
++	timeout {fail "(timeout) $name"}
++    }
++} else {
++    gdb_expect {
++	-re "Catchpoint \[0-9\]* .vfork..*$gdb_prompt $"
++		{pass $name}
++	-re "Catch of vfork not yet implemented.*$gdb_prompt $"
++		{pass $name}
++	-re "$gdb_prompt $"
++		{fail $name}
++	timeout {fail "(timeout) $name"}
++    }
++}
++
++set name "set catch exec, never expected to trigger"
++send_gdb "catch exec\n"
++gdb_expect {
++  -re "Catchpoint \[0-9\]* .exec..*$gdb_prompt $"
++          {pass $name}
++  -re "Catch of exec not yet implemented.*$gdb_prompt $"
++	  {pass $name}
++  -re "$gdb_prompt $" {fail $name}
++  timeout {fail "(timeout) $name"}
++}
++
++# Verify that GDB responds gracefully when asked to set a breakpoint
++# on a nonexistent source line.
++#
++send_gdb "break 999\n"
++gdb_expect {
++  -re "No line 999 in file .*$gdb_prompt $"\
++          {pass "break on non-existent source line"}
++  -re "$gdb_prompt $"\
++          {fail "break on non-existent source line"}
++  timeout {fail "(timeout) break on non-existent source line"}
++}
++
++# Run to the desired default location. If not positioned here, the
++# tests below don't work.
++#
++gdb_test "until $bp_location1" "main .* at .*:$bp_location1.*" "until bp_location1"
++
++
++# Verify that GDB allows one to just say "break", which is treated
++# as the "default" breakpoint.  Note that GDB gets cute when printing
++# the informational message about other breakpoints at the same
++# location.  We'll hit that bird with this stone too.
++#
++send_gdb "break\n"
++gdb_expect {
++  -re "Breakpoint \[0-9\]*.*$gdb_prompt $"\
++          {pass "break on default location, 1st time"}
++  -re "$gdb_prompt $"\
++          {fail "break on default location, 1st time"}
++  timeout {fail "(timeout) break on default location, 1st time"}
++}
++
++send_gdb "break\n"
++gdb_expect {
++  -re "Note: breakpoint \[0-9\]* also set at .*Breakpoint \[0-9\]*.*$gdb_prompt $"\
++          {pass "break on default location, 2nd time"}
++  -re "$gdb_prompt $"\
++          {fail "break on default location, 2nd time"}
++  timeout {fail "(timeout) break on default location, 2nd time"}
++}
++
++send_gdb "break\n"
++gdb_expect {
++  -re "Note: breakpoints \[0-9\]* and \[0-9\]* also set at .*Breakpoint \[0-9\]*.*$gdb_prompt $"\
++          {pass "break on default location, 3rd time"}
++  -re "$gdb_prompt $"\
++          {fail "break on default location, 3rd time"}
++  timeout {fail "(timeout) break on default location, 3rd time"}
++}
++
++send_gdb "break\n"
++gdb_expect {
++  -re "Note: breakpoints \[0-9\]*, \[0-9\]* and \[0-9\]* also set at .*Breakpoint \[0-9\]*.*$gdb_prompt $"\
++          {pass "break on default location, 4th time"}
++  -re "$gdb_prompt $"\
++          {fail "break on default location, 4th time"}
++  timeout {fail "(timeout) break on default location, 4th time"}
++}
++
++# Verify that a "silent" breakpoint can be set, and that GDB is indeed
++# "silent" about its triggering.
++#
++if ![runto_main] then { fail "break tests suppressed" }
++
++send_gdb "break $bp_location1\n"
++gdb_expect {
++  -re "Breakpoint (\[0-9\]*) at .*, line $bp_location1.*$gdb_prompt $"\
++          {pass "set to-be-silent break bp_location1"}
++  -re "$gdb_prompt $"\
++          {fail "set to-be-silent break bp_location1"}
++  timeout {fail "(timeout) set to-be-silent break bp_location1"}
++}
++
++send_gdb "commands $expect_out(1,string)\n"
++send_gdb "silent\n"
++send_gdb "end\n"
++gdb_expect {
++  -re ".*$gdb_prompt $"\
++          {pass "set silent break bp_location1"}
++  timeout {fail "(timeout) set silent break bp_location1"}
++}
++
++send_gdb "info break $expect_out(1,string)\n"
++gdb_expect {
++  -re "\[0-9\]*\[ \t\]*breakpoint.*:$bp_location1\r\n\[ \t\]*silent.*$gdb_prompt $"\
++          {pass "info silent break bp_location1"}
++  -re "$gdb_prompt $"\
++          {fail "info silent break bp_location1"}
++  timeout {fail "(timeout) info silent break bp_location1"}
++}
++send_gdb "continue\n"
++gdb_expect {
++  -re "Continuing.\r\n$gdb_prompt $"\
++          {pass "hit silent break bp_location1"}
++  -re "$gdb_prompt $"\
++          {fail "hit silent break bp_location1"}
++  timeout {fail "(timeout) hit silent break bp_location1"}
++}
++send_gdb "bt\n"
++gdb_expect {
++  -re "#0  main .* at .*:$bp_location1.*$gdb_prompt $"\
++          {pass "stopped for silent break bp_location1"}
++  -re "$gdb_prompt $"\
++          {fail "stopped for silent break bp_location1"}
++  timeout {fail "(timeout) stopped for silent break bp_location1"}
++}
++
++# Verify that GDB can at least parse a breakpoint with the
++# "thread" keyword.  (We won't attempt to test here that a
++# thread-specific breakpoint really triggers appropriately.
++# The gdb.threads subdirectory contains tests for that.)
++#
++set bp_location12 [gdb_get_line_number "set breakpoint 12 here"]
++send_gdb "break $bp_location12 thread 999\n"
++gdb_expect {
++  -re "Unknown thread 999.*$gdb_prompt $"\
++          {pass "thread-specific breakpoint on non-existent thread disallowed"}
++  -re "$gdb_prompt $"\
++          {fail "thread-specific breakpoint on non-existent thread disallowed"}
++  timeout {fail "(timeout) thread-specific breakpoint on non-existent thread disallowed"}
++}
++send_gdb "break $bp_location12 thread foo\n"
++gdb_expect {
++  -re "Junk after thread keyword..*$gdb_prompt $"\
++          {pass "thread-specific breakpoint on bogus thread ID disallowed"}
++  -re "$gdb_prompt $"\
++          {fail "thread-specific breakpoint on bogus thread ID disallowed"}
++  timeout {fail "(timeout) thread-specific breakpoint on bogus thread ID disallowed"}
++}
++
++# Verify that GDB responds gracefully to a breakpoint command with
++# trailing garbage.
++#
++send_gdb "break $bp_location12 foo\n"
++gdb_expect {
++  -re "Junk at end of arguments..*$gdb_prompt $"\
++          {pass "breakpoint with trailing garbage disallowed"}
++  -re "$gdb_prompt $"\
++          {fail "breakpoint with trailing garbage disallowed"}
++  timeout {fail "(timeout) breakpoint with trailing garbage disallowed"}
++}
++
++# Verify that GDB responds gracefully to a "clear" command that has
++# no matching breakpoint.  (First, get us off the current source line,
++# which we know has a breakpoint.)
++#
++send_gdb "next\n"
++gdb_expect {
++  -re ".*$gdb_prompt $"\
++          {pass "step over breakpoint"}
++  timeout {fail "(timeout) step over breakpoint"}
++}
++send_gdb "clear 81\n"
++gdb_expect {
++  -re "No breakpoint at 81..*$gdb_prompt $"\
++          {pass "clear line has no breakpoint disallowed"}
++  -re "$gdb_prompt $"\
++          {fail "clear line has no breakpoint disallowed"}
++  timeout {fail "(timeout) clear line has no breakpoint disallowed"}
++}
++send_gdb "clear\n"
++gdb_expect {
++  -re "No breakpoint at this line..*$gdb_prompt $"\
++          {pass "clear current line has no breakpoint disallowed"}
++  -re "$gdb_prompt $"\
++          {fail "clear current line has no breakpoint disallowed"}
++  timeout {fail "(timeout) clear current line has no breakpoint disallowed"}
++}
++
++# Verify that we can set and clear multiple breakpoints.
++#
++# We don't test that it deletes the correct breakpoints.  We do at
++# least test that it deletes more than one breakpoint.
++#
++gdb_test "break marker3" "Breakpoint.*at.*" "break marker3 #1"
++gdb_test "break marker3" "Breakpoint.*at.*" "break marker3 #2"
++gdb_test "clear marker3" {Deleted breakpoints [0-9]+ [0-9]+.*}
++
++# Verify that a breakpoint can be set via a convenience variable.
++#
++send_gdb "set \$foo=$bp_location11\n"
++gdb_expect {
++  -re "$gdb_prompt $"\
++          {pass "set convenience variable \$foo to bp_location11"}
++  timeout {fail "(timeout) set convenience variable \$foo to bp_location11"}
++}
++send_gdb "break \$foo\n"
++gdb_expect {
++  -re "Breakpoint (\[0-9\]*) at .*, line $bp_location11.*$gdb_prompt $"\
++          {pass "set breakpoint via convenience variable"}
++  -re "$gdb_prompt $"\
++          {fail "set breakpoint via convenience variable"}
++  timeout {fail "(timeout) set breakpoint via convenience variable"}
++}
++
++# Verify that GDB responds gracefully to an attempt to set a
++# breakpoint via a convenience variable whose type is not integer.
++#
++send_gdb "set \$foo=81.5\n"
++gdb_expect {
++  -re "$gdb_prompt $"\
++          {pass "set convenience variable \$foo to 81.5"}
++  timeout {fail "(timeout) set convenience variable \$foo to 81.5"}
++}
++send_gdb "break \$foo\n"
++gdb_expect {
++  -re "Convenience variables used in line specs must have integer values..*$gdb_prompt $"\
++          {pass "set breakpoint via non-integer convenience variable disallowed"}
++  -re "$gdb_prompt $"\
++          {fail "set breakpoint via non-integer convenience variable disallowed"}
++  timeout {fail "(timeout) set breakpoint via non-integer convenience variable disallowed"}
++}
++
++# Verify that we can set and trigger a breakpoint in a user-called function.
++#
++send_gdb "break marker2\n"
++gdb_expect {
++    -re "Breakpoint (\[0-9\]*) at .*, line ($bp_location8|$bp_location9).*$gdb_prompt $"\
++          {pass "set breakpoint on to-be-called function"}
++  -re "$gdb_prompt $"\
++          {fail "set breakpoint on to-be-called function"}
++  timeout {fail "(timeout) set breakpoint on to-be-called function"}
++}
++send_gdb "print marker2(99)\n"
++gdb_expect {
++  -re "The program being debugged stopped while in a function called from GDB.\r\nWhen the function .marker2$proto. is done executing, GDB will silently\r\nstop .instead of continuing to evaluate the expression containing\r\nthe function call...*$gdb_prompt $"\
++          {pass "hit breakpoint on called function"}
++  -re "$gdb_prompt $"\
++          {fail "hit breakpoint on called function"}
++  timeout {fail "(timeout) hit breakpoint on called function"}
++}
++
++# As long as we're stopped (breakpointed) in a called function,
++# verify that we can successfully backtrace & such from here.
++#
++# In this and the following test, the _sr4export check apparently is needed
++# for hppa*-*-hpux.
++#
++send_gdb "bt\n"
++gdb_expect {
++    -re "#0\[ \t\]*($hex in )?marker2.*:($bp_location8|$bp_location9)\r\n#1.*_sr4export.*$gdb_prompt $"\
++            {pass "backtrace while in called function"}
++    -re "#0\[ \t\]*($hex in )?marker2.*:($bp_location8|$bp_location9)\r\n#1.*function called from gdb.*$gdb_prompt $"\
++	    {pass "backtrace while in called function"}
++    -re "$gdb_prompt $"\
++            {fail "backtrace while in called function"}
++    timeout {fail "(timeout) backtrace while in called function"}
++}
++
++# Return from the called function.  For remote targets, it's important to do
++# this before runto_main, which otherwise may silently stop on the dummy
++# breakpoint inserted by GDB at the program's entry point.
++#
++send_gdb "finish\n"
++gdb_expect {
++    -re "Run till exit from .*marker2.* at .*($bp_location8|$bp_location9)\r\n.* in _sr4export.*$gdb_prompt $"\
++            {pass "finish from called function"}
++    -re "Run till exit from .*marker2.* at .*($bp_location8|$bp_location9)\r\n.*function called from gdb.*$gdb_prompt $"\
++            {pass "finish from called function"}
++    -re "Run till exit from .*marker2.* at .*($bp_location8|$bp_location9)\r\n.*Value returned.*$gdb_prompt $"\
++            {pass "finish from called function"}
++    -re "$gdb_prompt $"\
++            {fail "finish from called function"}
++    timeout {fail "(timeout) finish from called function"}
++}
++
++# Verify that GDB responds gracefully to a "finish" command with
++# arguments.
++#
++if ![runto_main] then { fail "break tests suppressed" }
++
++send_gdb "finish 123\n"
++gdb_expect {
++  -re "The \"finish\" command does not take any arguments.\r\n$gdb_prompt $"\
++          {pass "finish with arguments disallowed"}
++  -re "$gdb_prompt $"\
++          {fail "finish with arguments disallowed"}
++  timeout {fail "(timeout) finish with arguments disallowed"}
++}
++
++# Verify that GDB responds gracefully to a request to "finish" from
++# the outermost frame.  On a stub that never exits, this will just
++# run to the stubs routine, so we don't get this error...  Thus the 
++# second condition.
++#
++
++send_gdb "finish\n"
++gdb_expect {
++  -re "\"finish\" not meaningful in the outermost frame.\r\n$gdb_prompt $"\
++          {pass "finish from outermost frame disallowed"}
++  -re "Run till exit from.*\r\n$gdb_prompt $" {
++     pass "finish from outermost frame disallowed"
++  }
++  -re "$gdb_prompt $"\
++          {fail "finish from outermost frame disallowed"}
++  timeout {fail "(timeout) finish from outermost frame disallowed"}
++}
++
++# Verify that we can explicitly ask GDB to stop on all shared library
++# events, and that it does so.
++#
++if [istarget "hppa*-*-hpux*"] then {
++  if ![runto_main] then { fail "break tests suppressed" }
++
++  send_gdb "set stop-on-solib-events 1\n"
++  gdb_expect {
++    -re "$gdb_prompt $"\
++            {pass "set stop-on-solib-events"}
++    timeout {fail "(timeout) set stop-on-solib-events"}
++  }
++
++  send_gdb "run\n"
++  gdb_expect {
++    -re ".*Start it from the beginning.*y or n. $"\
++            {send_gdb "y\n"
++             gdb_expect {
++               -re ".*Stopped due to shared library event.*$gdb_prompt $"\
++                       {pass "triggered stop-on-solib-events"}
++               -re "$gdb_prompt $"\
++                       {fail "triggered stop-on-solib-events"}
++               timeout {fail "(timeout) triggered stop-on-solib-events"}
++             }
++            }
++    -re "$gdb_prompt $"\
++            {fail "rerun for stop-on-solib-events"}
++    timeout {fail "(timeout) rerun for stop-on-solib-events"}
++  }
++
++  send_gdb "set stop-on-solib-events 0\n"
++  gdb_expect {
++    -re "$gdb_prompt $"\
++            {pass "reset stop-on-solib-events"}
++    timeout {fail "(timeout) reset stop-on-solib-events"}
++  }
++}
++
++# Hardware breakpoints are unsupported on HP-UX.  Verify that GDB
++# gracefully responds to requests to create them.
++#
++if [istarget "hppa*-*-hpux*"] then {
++  if ![runto_main] then { fail "break tests suppressed" }
++
++  send_gdb "hbreak\n"
++  gdb_expect {
++    -re "No hardware breakpoint support in the target.*$gdb_prompt $"\
++            {pass "hw breaks disallowed"}
++    -re "$gdb_prompt $"\
++            {fail "hw breaks disallowed"}
++    timeout {fail "(timeout) hw breaks disallowed"}
++  }
++
++  send_gdb "thbreak\n"
++  gdb_expect {
++    -re "No hardware breakpoint support in the target.*$gdb_prompt $"\
++            {pass "temporary hw breaks disallowed"}
++    -re "$gdb_prompt $"\
++            {fail "temporary hw breaks disallowed"}
++    timeout {fail "(timeout) temporary hw breaks disallowed"}
++  }
++}
++
++#********
++
++
++#
++# Test "next" over recursive function call.
++#
++
++proc test_next_with_recursion {} { 
++    global gdb_prompt
++    global decimal
++    global binfile
++
++    if [target_info exists use_gdb_stub] {
++	# Reload the program.
++	delete_breakpoints
++	gdb_load ${binfile};
++    } else {
++	# FIXME: should be using runto
++	gdb_test "kill" "" "kill program" "Kill the program being debugged.*y or n. $" "y"
++
++	delete_breakpoints
++    }
++
++    gdb_test "break factorial" "Breakpoint $decimal at .*" "break at factorial"
++
++    # Run until we call factorial with 6
++
++    if [istarget "*-*-vxworks*"] then {
++	send_gdb "run vxmain \"6\"\n"
++    } else {
++	gdb_run_cmd
++    }
++    gdb_expect {
++	-re "Break.* factorial .value=6. .*$gdb_prompt $" {}
++	-re ".*$gdb_prompt $" {
++	    fail "run to factorial(6)";
++	    gdb_suppress_tests;
++	}
++	timeout { fail "run to factorial(6) (timeout)" ; gdb_suppress_tests }
++    }
++
++    # Continue until we call factorial recursively with 5.
++
++    if [gdb_test "continue" \
++	"Continuing.*Break.* factorial .value=5. .*" \
++	"continue to factorial(5)"] then { gdb_suppress_tests }
++
++    # Do a backtrace just to confirm how many levels deep we are.
++
++    if [gdb_test "backtrace" \
++	"#0\[ \t\]+ factorial .value=5..*" \
++	"backtrace from factorial(5)"] then { gdb_suppress_tests }
++
++    # Now a "next" should position us at the recursive call, which
++    # we will be performing with 4.
++
++    if [gdb_test "next" \
++	".* factorial .value - 1.;.*" \
++	"next to recursive call"] then { gdb_suppress_tests }
++
++    # Disable the breakpoint at the entry to factorial by deleting them all.
++    # The "next" should run until we return to the next line from this
++    # recursive call to factorial with 4.
++    # Buggy versions of gdb will stop instead at the innermost frame on
++    # the line where we are trying to "next" to.
++
++    delete_breakpoints
++
++    if [istarget "mips*tx39-*"] {
++	set timeout 60
++    }
++    # We used to set timeout here for all other targets as well.  This
++    # is almost certainly wrong.  The proper timeout depends on the
++    # target system in use, and how we communicate with it, so there
++    # is no single value appropriate for all targets.  The timeout
++    # should be established by the Dejagnu config file(s) for the
++    # board, and respected by the test suite.
++    #
++    # For example, if I'm running GDB over an SSH tunnel talking to a
++    # portmaster in California talking to an ancient 68k board running
++    # a crummy ROM monitor (a situation I can only wish were
++    # hypothetical), then I need a large timeout.  But that's not the
++    # kind of knowledge that belongs in this file.
++
++    gdb_test next "\[0-9\]*\[\t \]+return \\(value\\);.*" \
++	    "next over recursive call"
++
++    # OK, we should be back in the same stack frame we started from.
++    # Do a backtrace just to confirm.
++
++    set result [gdb_test "backtrace" \
++	    "#0\[ \t\]+ factorial .value=120.*\r\n#1\[ \t\]+ \[0-9a-fx\]+ in factorial .value=6..*" \
++	    "backtrace from factorial(5.1)"]
++    if { $result != 0 } { gdb_suppress_tests }
++
++    if [target_info exists gdb,noresults] { gdb_suppress_tests }
++  gdb_continue_to_end "recursive next test"
++   gdb_stop_suppressing_tests;
++}
++
++test_next_with_recursion
++
++
++#********
++
++# build a new file with optimization enabled so that we can try breakpoints
++# on targets with optimized prologues
++
++set binfileo2 ${objdir}/${subdir}/${testfile}o2
++
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}O0.o" object {debug "additional_flags=-w -O2 -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile1}" "${binfile}O1.o" object {debug "additional_flags=-w -O2 -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++if  { [gdb_compile "${binfile}O0.o ${binfile}O1.o" "${binfileo2}" executable {debug "additional_flags=-w -fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++if [get_compiler_info ${binfileo2}] {
++    return -1
++}
++
++gdb_exit
++gdb_start
++gdb_reinitialize_dir $srcdir/$subdir
++gdb_load ${binfileo2}
++
++if [target_info exists gdb_stub] {
++    gdb_step_for_stub;
++}
++
++#
++# test break at function
++#
++gdb_test "break main" \
++    "Breakpoint.*at.* file .*$srcfile, line.*" \
++    "breakpoint function, optimized file"
++
++#
++# test break at function
++#
++gdb_test "break marker4" \
++    "Breakpoint.*at.* file .*$srcfile1, line.*" \
++    "breakpoint small function, optimized file"
++
++#
++# run until the breakpoint at main is hit. For non-stubs-using targets.
++#
++if ![target_info exists use_gdb_stub] {
++  if [istarget "*-*-vxworks*"] then {
++    send_gdb "run vxmain \"2\"\n"
++    set timeout 120
++    verbose "Timeout is now $timeout seconds" 2
++  } else {
++	send_gdb "run\n"
++  }
++  gdb_expect {
++    -re "The program .* has been started already.*y or n. $" {
++	send_gdb "y\n"
++	exp_continue
++    }
++    -re "Starting program.*Breakpoint \[0-9\]+,.*main .*argc.*argv.* at .*$srcfile:$bp_location6.*$bp_location6\[\t \]+if .argc.* \{.*$gdb_prompt $"\
++	                    { pass "run until function breakpoint, optimized file" }
++    -re "Starting program.*Breakpoint \[0-9\]+,.*main .*argc.*argv.* at .*$gdb_prompt $"\
++	                    { pass "run until function breakpoint, optimized file (code motion)" }
++    -re ".*$gdb_prompt $"       { fail "run until function breakpoint, optimized file" }
++    timeout	            { fail "run until function breakpoint, optimized file (timeout)" }
++  }
++} else {
++    if ![target_info exists gdb_stub] {
++	gdb_test continue ".*Continuing\\..*Breakpoint \[0-9\]+, main \\(argc=.*, argv=.*, envp=.*\\) at .*$srcfile:$bp_location6.*$bp_location6\[\t \]+if .argc.*\{.*" "stub continue, optimized file"
++    }
++}
++
++#
++# run until the breakpoint at a small function
++#
++
++#
++# Add a second pass pattern.  The behavior differs here between stabs
++# and dwarf for one-line functions.  Stabs preserves two line symbols
++# (one before the prologue and one after) with the same line number, 
++# but dwarf regards these as duplicates and discards one of them.
++# Therefore the address after the prologue (where the breakpoint is)
++# has no exactly matching line symbol, and GDB reports the breakpoint
++# as if it were in the middle of a line rather than at the beginning.
++
++set bp_location13 [gdb_get_line_number "set breakpoint 13 here" $srcfile1]
++set bp_location14 [gdb_get_line_number "set breakpoint 14 here" $srcfile1]
++send_gdb "continue\n"
++gdb_expect {
++    -re "Breakpoint $decimal, marker4 \\(d=177601976\\) at .*$srcfile1:$bp_location13\[\r\n\]+$bp_location13\[\t \]+void marker4.*" {
++	pass "run until breakpoint set at small function, optimized file"
++    }
++    -re "Breakpoint $decimal, $hex in marker4 \\(d=177601976\\) at .*$srcfile1:$bp_location13\[\r\n\]+$bp_location13\[\t \]+void marker4.*" {
++	pass "run until breakpoint set at small function, optimized file"
++    }
++    -re "Breakpoint $decimal, marker4 \\(d=177601976\\) at .*$srcfile1:$bp_location14\[\r\n\]+$bp_location14\[\t \]+void marker4.*" {
++        # marker4() is defined at line 46 when compiled with -DPROTOTYPES
++	pass "run until breakpoint set at small function, optimized file (line bp_location14)"
++    }
++    -re ".*$gdb_prompt " {
++	fail "run until breakpoint set at small function, optimized file"
++    }
++    timeout {
++	fail "run until breakpoint set at small function, optimized file (timeout)"
++    }
++}
++
++
++# Reset the default arguments for VxWorks
++if [istarget "*-*-vxworks*"] {
++    set timeout 10
++    verbose "Timeout is now $timeout seconds" 2
++    send_gdb "set args main\n"
++    gdb_expect -re ".*$gdb_prompt $" {}
++}
+Index: gdb-6.8/gdb/testsuite/gdb.pie/break1.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/break1.c	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,44 @@
++/* This testcase is part of GDB, the GNU debugger.
++
++   Copyright 1992, 1993, 1994, 1995, 1999, 2002, 2003 Free Software
++   Foundation, Inc.
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 2 of the License, or
++   (at your option) any later version.
++
++   This program is distributed in the hope that it will be useful,
++   but WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++   GNU General Public License for more details.
++ 
++   You should have received a copy of the GNU General Public License
++   along with this program; if not, write to the Free Software
++   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
++
++   Please email any bugs, comments, and/or additions to this file to:
++   bug-gdb@prep.ai.mit.edu  */
++
++/* The code for this file was extracted from the gdb testsuite
++   testcase "break.c". */
++
++/* The following functions do nothing useful.  They are included
++   simply as places to try setting breakpoints at.  They are
++   explicitly "one-line functions" to verify that this case works
++   (some versions of gcc have or have had problems with this).
++  
++   These functions are in a separate source file to prevent an
++   optimizing compiler from inlining them and optimizing them away. */
++
++#ifdef PROTOTYPES
++int marker1 (void) { return (0); }	/* set breakpoint 15 here */
++int marker2 (int a) { return (1); }	/* set breakpoint 8 here */
++void marker3 (char *a, char *b) {}	/* set breakpoint 17 here */
++void marker4 (long d) {}		/* set breakpoint 14 here */
++#else
++int marker1 () { return (0); }		/* set breakpoint 16 here */
++int marker2 (a) int a; { return (1); }	/* set breakpoint 9 here */
++void marker3 (a, b) char *a, *b; {}	/* set breakpoint 18 here */
++void marker4 (d) long d; {}		/* set breakpoint 13 here */
++#endif
+Index: gdb-6.8/gdb/testsuite/gdb.pie/corefile.exp
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/corefile.exp	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,243 @@
++# Copyright 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000
++# Free Software Foundation, Inc.
++
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++# 
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++# 
++# You should have received a copy of the GNU General Public License
++# along with this program; if not, write to the Free Software
++# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  
++
++# Please email any bugs, comments, and/or additions to this file to:
++# bug-gdb@prep.ai.mit.edu
++
++# This file was written by Fred Fish. (fnf@cygnus.com)
++
++if $tracelevel then {
++	strace $tracelevel
++}
++
++set prms_id 0
++set bug_id 0
++
++# are we on a target board
++if ![isnative] then {
++    return
++}
++
++set testfile "coremaker"
++set srcfile ${testfile}.c
++set binfile ${objdir}/${subdir}/${testfile}
++if  { [gdb_compile "${srcdir}/${subdir}/${srcfile}" "${binfile}" executable {debug "additional_flags=-fpie -pie"}] != "" } {
++     gdb_suppress_entire_file "Testcase compile failed, so all tests in this file will automatically fail."
++}
++
++# Create and source the file that provides information about the compiler
++# used to compile the test case.
++if [get_compiler_info ${binfile}] {
++    return -1;
++}
++
++# Create a core file named "corefile" rather than just "core", to
++# avoid problems with sys admin types that like to regularly prune all
++# files named "core" from the system.
++#
++# Arbitrarily try setting the core size limit to "unlimited" since
++# this does not hurt on systems where the command does not work and
++# allows us to generate a core on systems where it does.
++#
++# Some systems append "core" to the name of the program; others append
++# the name of the program to "core"; still others (like Linux, as of
++# May 2003) create cores named "core.PID".  In the latter case, we
++# could have many core files lying around, and it may be difficult to
++# tell which one is ours, so let's run the program in a subdirectory.
++set found 0
++set coredir "${objdir}/${subdir}/coredir.[getpid]"
++file mkdir $coredir
++catch "system \"(cd ${coredir}; ulimit -c unlimited; ${binfile}; true) >/dev/null 2>&1\""
++#      remote_exec host "${binfile}"
++foreach i "${coredir}/core ${coredir}/core.coremaker.c ${binfile}.core" {
++    if [remote_file build exists $i] {
++	remote_exec build "mv $i ${objdir}/${subdir}/corefile"
++	set found 1
++    }
++}
++# Check for "core.PID".
++if { $found == 0 } {
++    set names [glob -nocomplain -directory $coredir core.*]
++    if {[llength $names] == 1} {
++        set corefile [file join $coredir [lindex $names 0]]
++        remote_exec build "mv $corefile ${objdir}/${subdir}/corefile"
++        set found 1
++    }
++}
++if { $found == 0 } {
++    # The braindamaged HPUX shell quits after the ulimit -c above
++    # without executing ${binfile}.  So we try again without the
++    # ulimit here if we didn't find a core file above.
++    # Oh, I should mention that any "braindamaged" non-Unix system has
++    # the same problem. I like the cd bit too, it's really neat'n stuff.
++    catch "system \"(cd ${objdir}/${subdir}; ${binfile}; true) >/dev/null 2>&1\""
++    foreach i "${objdir}/${subdir}/core ${objdir}/${subdir}/core.coremaker.c ${binfile}.core" {
++	if [remote_file build exists $i] {
++	    remote_exec build "mv $i ${objdir}/${subdir}/corefile"
++	    set found 1
++	}
++    }
++}
++
++# Try to clean up after ourselves. 
++remote_file build delete [file join $coredir coremmap.data]
++remote_exec build "rmdir $coredir"
++    
++if { $found == 0  } {
++    warning "can't generate a core file - core tests suppressed - check ulimit -c"
++    return 0
++}
++
++#
++# Test that we can simply startup with a "-core=corefile" command line arg
++# and recognize that the core file is a valid, usable core file.
++# To do this, we must shutdown the currently running gdb and restart
++# with the -core args.  We can't use gdb_start because it looks for
++# the first gdb prompt, and the message we are looking for occurs
++# before the first prompt.  Also, we can't include GDBFLAGS because
++# if it is empty, this confuses gdb with an empty argument that it
++# grumbles about (said grumbling currently being ignored in gdb_start).
++# **FIXME**
++#
++# Another problem is that on some systems (solaris for example), there
++# is apparently a limit on the length of a fully specified path to 
++# the coremaker executable, at about 80 chars.  For this case, consider
++# it a pass, but note that the program name is bad.
++
++gdb_exit
++if $verbose>1 then {
++    send_user "Spawning $GDB -nw $GDBFLAGS -core=$objdir/$subdir/corefile\n"
++}
++
++set oldtimeout $timeout
++set timeout [expr "$timeout + 60"]
++verbose "Timeout is now $timeout seconds" 2
++eval "spawn $GDB -nw $GDBFLAGS -core=$objdir/$subdir/corefile"
++expect {
++    -re "Couldn't find .* registers in core file.*$gdb_prompt $" {
++        fail "args: -core=corefile (couldn't find regs)"
++    }
++    -re "Core was generated by .*coremaker.*\r\n\#0  .*\(\).*\r\n$gdb_prompt $" {
++	pass "args: -core=corefile"
++    }
++    -re "Core was generated by .*\r\n\#0  .*\(\).*\r\n$gdb_prompt $" {
++	pass "args: -core=corefile (with bad program name)"
++    }
++    -re ".*registers from core file: File in wrong format.* $" {
++	fail "args: -core=corefile (could not read registers from core file)"
++    }
++    -re ".*$gdb_prompt $"	{ fail "args: -core=corefile" }
++    timeout 		{ fail "(timeout) starting with -core" }
++}
++
++
++#
++# Test that startup with both an executable file and -core argument.
++# See previous comments above, they are still applicable.
++#
++
++close;
++
++if $verbose>1 then {
++    send_user "Spawning $GDB -nw $GDBFLAGS $binfile -core=$objdir/$subdir/corefile\n"
++}
++
++
++eval "spawn $GDB -nw $GDBFLAGS $binfile -core=$objdir/$subdir/corefile";
++expect {
++    -re "Core was generated by .*coremaker.*\r\n\#0  .*\(\).*\r\n$gdb_prompt $" {
++	pass "args: execfile -core=corefile"
++    }
++    -re "Core was generated by .*\r\n\#0  .*\(\).*\r\n$gdb_prompt $"	 {
++	pass "args: execfile -core=corefile (with bad program name)"
++    }
++    -re ".*registers from core file: File in wrong format.* $" {
++	fail "args: execfile -core=corefile (could not read registers from core file)"
++    }
++    -re ".*$gdb_prompt $"	{ fail "args: execfile -core=corefile" }
++    timeout 		{ fail "(timeout) starting with -core" }
++}
++set timeout $oldtimeout
++verbose "Timeout is now $timeout seconds" 2
++
++close;
++
++# Now restart normally.
++
++gdb_start
++gdb_reinitialize_dir $srcdir/$subdir
++gdb_load ${binfile}
++
++# Test basic corefile recognition via core-file command.
++
++send_gdb "core-file $objdir/$subdir/corefile\n"
++gdb_expect {
++    -re ".* program is being debugged already.*y or n. $" {
++	# gdb_load may connect us to a gdbserver.
++	send_gdb "y\n"
++	exp_continue;
++    }
++    -re "Core was generated by .*coremaker.*\r\n\#0  .*\(\).*\r\n$gdb_prompt $" {
++	pass "core-file command"
++    }
++    -re "Core was generated by .*\r\n\#0  .*\(\).*\r\n$gdb_prompt $" {
++	pass "core-file command (with bad program name)"
++    }
++    -re ".*registers from core file: File in wrong format.* $" {
++	fail "core-file command (could not read registers from core file)"
++    }
++    -re ".*$gdb_prompt $"	{ fail "core-file command" }
++    timeout 		{ fail "(timeout) core-file command" }
++}
++
++# Test correct mapping of corefile sections by printing some variables.
++
++gdb_test "print coremaker_data" "\\\$$decimal = 202"
++gdb_test "print coremaker_bss" "\\\$$decimal = 10"
++gdb_test "print coremaker_ro" "\\\$$decimal = 201"
++
++gdb_test "print func2::coremaker_local" "\\\$$decimal = \\{0, 1, 2, 3, 4\\}"
++
++# Somehow we better test the ability to read the registers out of the core
++# file correctly.  I don't think the other tests do this.
++
++gdb_test "bt" "abort.*func2.*func1.*main.*" "backtrace in corefile.exp"
++gdb_test "up" "#\[0-9\]* *\[0-9xa-fH'\]* in .* \\(.*\\).*" "up in corefile.exp"
++
++# Test ability to read mmap'd data
++
++gdb_test "x/8bd buf1" ".*:.*0.*1.*2.*3.*4.*5.*6.*7" "accessing original mmap data in core file"
++setup_xfail "*-*-sunos*" "*-*-ultrix*" "*-*-aix*"
++set test "accessing mmapped data in core file"
++gdb_test_multiple "x/8bd buf2" "$test" {
++    -re ".*:.*0.*1.*2.*3.*4.*5.*6.*7.*$gdb_prompt $" {
++	pass "$test"
++    }
++    -re "0x\[f\]*:.*Cannot access memory at address 0x\[f\]*.*$gdb_prompt $" {
++	fail "$test (mapping failed at runtime)"
++    }
++    -re "0x.*:.*Cannot access memory at address 0x.*$gdb_prompt $" {
++	fail "$test (mapping address not found in core file)"
++    }
++}
++
++# test reinit_frame_cache
++
++gdb_load ${binfile}
++gdb_test "up" "#\[0-9\]* *\[0-9xa-fH'\]* in .* \\(\\).*" "up in corefile.exp (reinit)"
++
++gdb_test "core" "No core file now."
+Index: gdb-6.8/gdb/testsuite/gdb.pie/coremaker.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ gdb-6.8/gdb/testsuite/gdb.pie/coremaker.c	2008-03-30 08:59:12.000000000 -0700
+@@ -0,0 +1,142 @@
++/* Copyright 1992, 1993, 1994, 1995, 1996, 1999
++   Free Software Foundation, Inc.
++
++   This file is part of GDB.
++
++   This program is free software; you can redistribute it and/or modify
++   it under the terms of the GNU General Public License as published by
++   the Free Software Foundation; either version 2 of the License, or (at
++   your option) any later version.
++
++   This program is distributed in the hope that it will be useful, but
++   WITHOUT ANY WARRANTY; without even the implied warranty of
++   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++   General Public License for more details.
++
++   You should have received a copy of the GNU General Public License
++   along with this program; if not, write to the Free Software
++   Foundation, Inc., 59 Temple Place - Suite 330,
++   Boston, MA 02111-1307, USA.  */
++
++/* Simple little program that just generates a core dump from inside some
++   nested function calls. */
++
++#include <stdio.h>
++#include <sys/types.h>
++#include <fcntl.h>
++#include <sys/mman.h>
++#include <signal.h>
++#include <stdlib.h>
++#include <unistd.h>
++
++#ifndef __STDC__
++#define	const	/**/
++#endif
++
++#define MAPSIZE (8 * 1024)
++
++/* Don't make these automatic vars or we will have to walk back up the
++   stack to access them. */
++
++char *buf1;
++char *buf2;
++
++int coremaker_data = 1;	/* In Data section */
++int coremaker_bss;	/* In BSS section */
++
++const int coremaker_ro = 201;	/* In Read-Only Data section */
++
++/* Note that if the mapping fails for any reason, we set buf2
++   to -1 and the testsuite notices this and reports it as
++   a failure due to a mapping error.  This way we don't have
++   to test for specific errors when running the core maker. */
++
++void
++mmapdata ()
++{
++  int j, fd;
++
++  /* Allocate and initialize a buffer that will be used to write
++     the file that is later mapped in. */
++
++  buf1 = (char *) malloc (MAPSIZE);
++  for (j = 0; j < MAPSIZE; ++j)
++    {
++      buf1[j] = j;
++    }
++
++  /* Write the file to map in */
++
++  fd = open ("coremmap.data", O_CREAT | O_RDWR, 0666);
++  if (fd == -1)
++    {
++      perror ("coremmap.data open failed");
++      buf2 = (char *) -1;
++      return;
++    }
++  write (fd, buf1, MAPSIZE);
++
++  /* Now map the file into our address space as buf2 */
++
++  buf2 = (char *) mmap (0, MAPSIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
++  if (buf2 == (char *) -1)
++    {
++      perror ("mmap failed");
++      return;
++    }
++
++  /* Verify that the original data and the mapped data are identical.
++     If not, we'd rather fail now than when trying to access the mapped
++     data from the core file. */
++
++  for (j = 0; j < MAPSIZE; ++j)
++    {
++      if (buf1[j] != buf2[j])
++	{
++	  fprintf (stderr, "mapped data is incorrect");
++	  buf2 = (char *) -1;
++	  return;
++	}
++    }
++}
++
++void
++func2 ()
++{
++  int coremaker_local[5];
++  int i;
++
++#ifdef SA_FULLDUMP
++  /* Force a corefile that includes the data section for AIX.  */
++  {
++    struct sigaction sa;
++
++    sigaction (SIGABRT, (struct sigaction *)0, &sa);
++    sa.sa_flags |= SA_FULLDUMP;
++    sigaction (SIGABRT, &sa, (struct sigaction *)0);
++  }
++#endif
++
++  /* Make sure that coremaker_local doesn't get optimized away. */
++  for (i = 0; i < 5; i++)
++    coremaker_local[i] = i;
++  coremaker_bss = 0;
++  for (i = 0; i < 5; i++)
++    coremaker_bss += coremaker_local[i];
++  coremaker_data = coremaker_ro + 1;
++  abort ();
++}
++
++void
++func1 ()
++{
++  func2 ();
++}
++
++int main ()
++{
++  mmapdata ();
++  func1 ();
++  return 0;
++}
++
diff --git a/main/gdb/APKBUILD b/main/gdb/APKBUILD
new file mode 100644
index 0000000000..a851da3141
--- /dev/null
+++ b/main/gdb/APKBUILD
@@ -0,0 +1,41 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gdb
+pkgver=6.8
+pkgrel=3
+pkgdesc="The GNU Debugger"
+url="http://sources.redhat.com/gdb/"
+license="GPL3"
+depends=
+makedepends="ncurses-dev expat-dev"
+subpackages="$pkgname-doc"
+source="http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2
+	50_all_gdb-pie-1.patch
+	50_all_gdb-pie-2.patch
+	"
+# patches were found here:
+# http://distfiles.gentoo.org/distfiles/$pkgname-$pkgver-patches-1.3.tar.lzma
+
+build () { 
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--disable-nls \
+		--without-system-readline \
+		--disable-werror \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	rm -f "$pkgdir"/usr/share/info/dir
+	# those are provided by binutils	
+	rm -rf "$pkgdir"/usr/include
+	rm -rf "$pkgdir"/usr/lib
+}
+
+md5sums="c9da266b884fb8fa54df786dfaadbc7a  gdb-6.8.tar.bz2
+7d5bcb23ffbadb9ce6ac24f37003f619  50_all_gdb-pie-1.patch
+33992db76732d26c6d1a3703b52e2c94  50_all_gdb-pie-2.patch"
diff --git a/main/gdbm/10-gdbm-1.8.3-fix-install-ownership.patch b/main/gdbm/10-gdbm-1.8.3-fix-install-ownership.patch
new file mode 100644
index 0000000000..139ef99d7e
--- /dev/null
+++ b/main/gdbm/10-gdbm-1.8.3-fix-install-ownership.patch
@@ -0,0 +1,45 @@
+Install with proper ownership.
+
+http://bugs.gentoo.org/24178
+
+--- Makefile.in
++++ Makefile.in
+@@ -14,10 +14,6 @@
+ INSTALL_PROGRAM = @INSTALL_PROGRAM@
+ INSTALL_DATA = @INSTALL_DATA@
+ 
+-# File ownership and group
+-BINOWN = bin
+-BINGRP = bin
+-
+ MAKEINFO = makeinfo
+ TEXI2DVI = texi2dvi
+ 
+@@ -131,22 +127,17 @@
+ 		$(INSTALL_ROOT)$(includedir) $(INSTALL_ROOT)$(man3dir) \
+ 		$(INSTALL_ROOT)$(infodir)
+ 	$(LIBTOOL) $(INSTALL) -c libgdbm.la $(INSTALL_ROOT)$(libdir)/libgdbm.la
+-	$(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) gdbm.h \
+-		$(INSTALL_ROOT)$(includedir)/gdbm.h
+-	$(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.3 \
+-		$(INSTALL_ROOT)$(man3dir)/gdbm.3
+-	$(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/gdbm.info \
+-		$(INSTALL_ROOT)$(infodir)/gdbm.info
++	$(INSTALL_DATA) gdbm.h $(INSTALL_ROOT)$(includedir)/gdbm.h
++	$(INSTALL_DATA) $(srcdir)/gdbm.3 $(INSTALL_ROOT)$(man3dir)/gdbm.3
++	$(INSTALL_DATA) $(srcdir)/gdbm.info $(INSTALL_ROOT)$(infodir)/gdbm.info
+ 
+ install-compat:
+ 	$(srcdir)/mkinstalldirs $(INSTALL_ROOT)$(libdir) \
+ 		$(INSTALL_ROOT)$(includedir)
+ 	$(LIBTOOL) $(INSTALL) -c libgdbm_compat.la \
+ 		$(INSTALL_ROOT)$(libdir)/libgdbm_compat.la
+-	$(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/dbm.h \
+-		$(INSTALL_ROOT)$(includedir)/dbm.h
+-	$(INSTALL_DATA) -o $(BINOWN) -g $(BINGRP) $(srcdir)/ndbm.h \
+-		$(INSTALL_ROOT)$(includedir)/ndbm.h
++	$(INSTALL_DATA) $(srcdir)/dbm.h $(INSTALL_ROOT)$(includedir)/dbm.h
++	$(INSTALL_DATA) $(srcdir)/ndbm.h $(INSTALL_ROOT)$(includedir)/ndbm.h
+ 
+ #libgdbm.a: $(OBJS) gdbm.h
+ #	rm -f libgdbm.a
diff --git a/main/gdbm/20-gdbm-1.8.3-compat-linking.patch b/main/gdbm/20-gdbm-1.8.3-compat-linking.patch
new file mode 100644
index 0000000000..1337d08f5b
--- /dev/null
+++ b/main/gdbm/20-gdbm-1.8.3-compat-linking.patch
@@ -0,0 +1,19 @@
+Since libgdbm_compat uses libgdbm, make sure we link it in.
+
+http://bugs.gentoo.org/165263
+
+--- Makefile.in
++++ Makefile.in
+@@ -161,10 +161,10 @@
+ 	$(LIBTOOL) --mode=link $(CC) -o libgdbm.la -rpath $(libdir) \
+ 		-version-info $(SHLIB_VER) $(LOBJS)
+ 
+-libgdbm_compat.la: $(C_LOBJS) gdbm.h
++libgdbm_compat.la: $(C_LOBJS) gdbm.h libgdbm.la
+ 	rm -f libgdbm_compat.la
+ 	$(LIBTOOL) --mode=link $(CC) -o libgdbm_compat.la -rpath $(libdir) \
+-		-version-info $(SHLIB_VER) $(C_LOBJS)
++		-version-info $(SHLIB_VER) $(C_LOBJS) libgdbm.la
+ 
+ gdbm.h:	gdbm.proto gdbmerrno.h gdbm.proto2
+ 	rm -f gdbm.h
diff --git a/main/gdbm/30-gdbm-1.8.3-build.patch b/main/gdbm/30-gdbm-1.8.3-build.patch
new file mode 100644
index 0000000000..084f5a1d24
--- /dev/null
+++ b/main/gdbm/30-gdbm-1.8.3-build.patch
@@ -0,0 +1,21 @@
+Respect system LDFLAGS when generating gdbm libs
+
+http://bugs.gentoo.org/209730
+
+--- Makefile.in
++++ Makefile.in
+@@ -146,12 +146,12 @@
+ 
+ libgdbm.la: $(LOBJS) gdbm.h
+ 	rm -f libgdbm.la
+-	$(LIBTOOL) --mode=link $(CC) -o libgdbm.la -rpath $(libdir) \
++	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm.la -rpath $(libdir) \
+ 		-version-info $(SHLIB_VER) $(LOBJS)
+ 
+ libgdbm_compat.la: $(C_LOBJS) gdbm.h libgdbm.la
+ 	rm -f libgdbm_compat.la
+-	$(LIBTOOL) --mode=link $(CC) -o libgdbm_compat.la -rpath $(libdir) \
++	$(LIBTOOL) --mode=link $(CC) $(LDFLAGS) -o libgdbm_compat.la -rpath $(libdir) \
+ 		-version-info $(SHLIB_VER) $(C_LOBJS) libgdbm.la
+ 
+ gdbm.h:	gdbm.proto gdbmerrno.h gdbm.proto2
diff --git a/main/gdbm/APKBUILD b/main/gdbm/APKBUILD
new file mode 100644
index 0000000000..e20966b323
--- /dev/null
+++ b/main/gdbm/APKBUILD
@@ -0,0 +1,40 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=gdbm
+pkgver=1.8.3
+pkgrel=0
+pkgdesc="GNU dbm is a set of database routines that use extensible hashing"
+url="http://www.gnu.org/software/gdbm/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages="$pkgname-dev $pkgname-dev"
+source="ftp://ftp.nluug.nl/pub/gnu/gdbm/gdbm-1.8.3.tar.gz
+30-gdbm-1.8.3-build.patch
+20-gdbm-1.8.3-compat-linking.patch
+10-gdbm-1.8.3-fix-install-ownership.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p0 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--includedir=/usr/include/gdbm \
+		--disable-dependency-tracking \
+		--enable-fast-install
+	make || return 1
+	make INSTALL_ROOT="$pkgdir" install || return 1
+	make INSTALL_ROOT="$pkgdir" install-compat || return 1
+	mv "${pkgdir}"/usr/include/gdbm/gdbm.h "${pkgdir}"/usr/include/
+
+}
+
+md5sums="1d1b1d5c0245b1c00aff92da751e9aa1  gdbm-1.8.3.tar.gz
+5e76bc4f51640434e4279e940f6c73fb  30-gdbm-1.8.3-build.patch
+c8e2323a9e075d5c947cb7c7aeae5384  20-gdbm-1.8.3-compat-linking.patch
+4c7b88079898d7cb380e95c8ae99a9f9  10-gdbm-1.8.3-fix-install-ownership.patch"
diff --git a/main/gettext/APKBUILD b/main/gettext/APKBUILD
new file mode 100644
index 0000000000..430068e779
--- /dev/null
+++ b/main/gettext/APKBUILD
@@ -0,0 +1,40 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=gettext
+pkgver=0.17
+pkgrel=1
+pkgdesc="GNU locale utilities"
+url="http://www.gnu.org/software/gettext/gettext.html"
+license='GPL'
+depends=
+makedepends="libiconv-dev expat-dev ncurses-dev bash uclibc++-dev libxml2-dev"
+source="ftp://ftp.mirror.nl/pub/mirror/gnu/gettext/gettext-0.17.tar.gz
+	gettext-0.15-expat-no-dlopen.patch
+	gettext-0.17-gnuinfo.patch
+	gettext-0.17-open-args.patch
+	"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	export CXX=${CXX_UC:-g++-uc}
+
+	# http://bugs.gentoo.org/show_bug.cgi?id=81628
+	export CPPFLAGS="$CPPFLAGS -I/usr/include/libxml2"
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--disable-static
+	unset MAKEFLAGS
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+md5sums="58a2bc6d39c0ba57823034d55d65d606  gettext-0.17.tar.gz
+20dbf5cfc16f8726e7594fb49da5665c  gettext-0.15-expat-no-dlopen.patch
+51ba4ca1008c76564c25c632a4ee8b3e  gettext-0.17-gnuinfo.patch
+aa0b9cb60cd87298dbfc2662b98e8a0b  gettext-0.17-open-args.patch"
diff --git a/main/gettext/gettext-0.15-expat-no-dlopen.patch b/main/gettext/gettext-0.15-expat-no-dlopen.patch
new file mode 100644
index 0000000000..4630d1dd92
--- /dev/null
+++ b/main/gettext/gettext-0.15-expat-no-dlopen.patch
@@ -0,0 +1,36 @@
+Add support for expat-2 to xgettext by linking it at build time rather than
+at runtime using dlopen
+
+http://bugs.gentoo.org/146211
+
+--- gettext-0.15/gettext-tools/configure
++++ gettext-0.15/gettext-tools/configure
+@@ -44267,19 +44266,6 @@
+ 
+ 
+ 
+-case "$host_os" in
+-  linux*)
+-
+-cat >>confdefs.h <<\_ACEOF
+-#define DYNLOAD_LIBEXPAT 1
+-_ACEOF
+-
+-    LIBEXPAT="-ldl"
+-    LTLIBEXPAT="-ldl"
+-
+-
+-    ;;
+-  *)
+ 
+ 
+ 
+@@ -44786,8 +44772,6 @@
+ 
+ 
+ 
+-    ;;
+-esac
+ 
+  # If set to t, that means we are running in a shell under Emacs.
+  # If you have an Emacs named "t", then use the full path.
diff --git a/main/gettext/gettext-0.17-gnuinfo.patch b/main/gettext/gettext-0.17-gnuinfo.patch
new file mode 100644
index 0000000000..243916636f
--- /dev/null
+++ b/main/gettext/gettext-0.17-gnuinfo.patch
@@ -0,0 +1,16 @@
+Fix broken Info file produced by texinfo 4.11
+http://bugs.gentoo.org/249167
+
+--- gettext-0.17/gettext-tools/doc/gettext.info
++++ gettext-0.17/gettext-tools/doc/gettext.info
+@@ -1,7 +1,8 @@
++This is gettext.info, produced by makeinfo version 4.13 from
++gettext.texi.
++
+ INFO-DIR-SECTION GNU Gettext Utilities
+ START-INFO-DIR-ENTRY
+-This is gettext.info, produced by makeinfo version 4.11 from gettext.texi.
+-
+ * gettext: (gettext).                          GNU gettext utilities.
+ * autopoint: (gettext)autopoint Invocation.    Copy gettext infrastructure.
+ * envsubst: (gettext)envsubst Invocation.      Expand environment variables.
diff --git a/main/gettext/gettext-0.17-open-args.patch b/main/gettext/gettext-0.17-open-args.patch
new file mode 100644
index 0000000000..6291f00493
--- /dev/null
+++ b/main/gettext/gettext-0.17-open-args.patch
@@ -0,0 +1,25 @@
+2007-11-07  Jim Meyering  <meyering@redhat.com>
+            Bruno Haible  <bruno@clisp.org>
+
+	* write-catalog.c (msgdomain_list_print): Fix open() call.
+
+--- a/gettext-tools/src/write-catalog.c	7 Oct 2007 19:35:31 -0000	1.4
++++ b/gettext-tools/src/write-catalog.c	7 Nov 2007 11:43:15 -0000
+@@ -1,5 +1,5 @@
+ /* GNU gettext - internationalization aids
+-   Copyright (C) 1995-1998, 2000-2006 Free Software Foundation, Inc.
++   Copyright (C) 1995-1998, 2000-2007 Free Software Foundation, Inc.
+ 
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+@@ -220,7 +220,9 @@
+       /* Open the output file.  */
+       if (!to_stdout)
+ 	{
+-	  fd = open (filename, O_WRONLY | O_CREAT);
++	  fd = open (filename, O_WRONLY | O_CREAT | O_TRUNC,
++		     /* 0666 in portable POSIX notation: */
++		     S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
+ 	  if (fd < 0)
+ 	    {
+ 	      const char *errno_description = strerror (errno);
diff --git a/main/ghostscript/APKBUILD b/main/ghostscript/APKBUILD
new file mode 100644
index 0000000000..e387f850f3
--- /dev/null
+++ b/main/ghostscript/APKBUILD
@@ -0,0 +1,45 @@
+# Contributor: Cameron Banta <cbanta@gmail.com>
+# Maintainer: Cameron Banta <cbanta@gmail.com>
+pkgname=ghostscript
+pkgver=8.64
+pkgrel=0
+pkgdesc="An interpreter for the PostScript language and for PDF"
+url="http://ghostscript.com/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages="$pkgname-doc"
+source="http://ghostscript.com/releases/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-drivers=FILES \
+		--disable-cups --disable-gtk --disable-cairo \
+		--docdir=/usr/share/doc/"$pkgname"
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	# license and copying
+	install -m644 -D "$srcdir/$pkgname-$pkgver/LICENSE" \
+		"$pkgdir/usr/share/licenses/$pkgname/LICENSE"
+	install -m644 -D "$srcdir/$pkgname-$pkgver/doc/COPYING" \
+		"$pkgdir/usr/share/licenses/$pkgname/COPYING"
+	
+
+
+	# make the doc and examples more alpine like 
+	#	(the --docdir above doesn't seem to work so good)
+	mkdir -p "$pkgdir/usr/share/doc/$pkgname"
+	mv "$pkgdir/usr/share/$pkgname/$pkgver/doc" "$pkgdir/usr/share/doc/$pkgname"
+	mv "$pkgdir/usr/share/$pkgname/$pkgver/examples" "$pkgdir/usr/share/doc/$pkgname"
+	
+
+}
+
+md5sums="dd927ecf7e4db38b62be3dc17b1b04d2  ghostscript-8.64.tar.gz"
diff --git a/main/git/APKBUILD b/main/git/APKBUILD
new file mode 100644
index 0000000000..2f5d36dba8
--- /dev/null
+++ b/main/git/APKBUILD
@@ -0,0 +1,42 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=git
+pkgver=1.6.3.3
+pkgrel=0
+pkgdesc="GIT - the stupid content tracker"
+url="http://git.or.cz/"
+license="GPL2"
+depends=
+subpackages="$pkgname-doc $pkgname-perl"
+makedepends="zlib-dev openssl-dev curl-dev expat-dev perl-dev"
+source="http://kernel.org/pub/software/scm/git/git-$pkgver.tar.bz2
+	bb-tar.patch
+	"
+
+build () {
+	local makeopts="NO_ICONV=YesPlease
+			NO_NSEC=YesPlease
+			NO_TCLTK=YesPlease
+			NO_SVN_TESTS=YesPlease"
+
+	cd $srcdir/$pkgname-$pkgver
+	patch -p1 < ../bb-tar.patch || return 1
+
+	make prefix=/usr DESTDIR="$pkgdir" $makeopts || return 1
+	make prefix=/usr DESTDIR="$pkgdir" $makeopts install
+}
+
+perl() {
+	depends="perl git"
+	pkgdesc="Perl scripts for git"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/perl* "$subpkgdir"/usr/lib/
+	cd "$pkgdir"
+	find -type f | xargs file --mime-type | grep perl | cut -d: -f1| while read f; do
+		mkdir -p "$subpkgdir"/${f%/*}
+		mv "$f" "$subpkgdir"/${f%/*}
+	done
+}
+
+
+md5sums="91ae46ac01dadab1962beb064abd5b60  git-1.6.3.3.tar.bz2
+04e1bdf76a0bac568f8488daad07dce7  bb-tar.patch"
diff --git a/main/git/bb-tar.patch b/main/git/bb-tar.patch
new file mode 100644
index 0000000000..0f15de5d25
--- /dev/null
+++ b/main/git/bb-tar.patch
@@ -0,0 +1,8 @@
+--- git-1.6.0.4/templates/Makefile.orig	Mon Nov 10 17:10:51 2008
++++ git-1.6.0.4/templates/Makefile	Mon Nov 10 17:11:25 2008
+@@ -50,4 +50,4 @@
+ install: all
+ 	$(INSTALL) -d -m 755 '$(DESTDIR_SQ)$(template_instdir_SQ)'
+ 	(cd blt && $(TAR) cf - .) | \
+-	(cd '$(DESTDIR_SQ)$(template_instdir_SQ)' && umask 022 && $(TAR) xfo -)
++	(cd '$(DESTDIR_SQ)$(template_instdir_SQ)' && umask 022 && $(TAR) x)
diff --git a/main/glib/APKBUILD b/main/glib/APKBUILD
new file mode 100644
index 0000000000..e06678d989
--- /dev/null
+++ b/main/glib/APKBUILD
@@ -0,0 +1,33 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=glib
+pkgver=2.20.4
+pkgrel=2
+pkgdesc="Common C routines used by Gtk+ and other libs"
+url="http://www.gtk.org"
+license='GPL'
+depends=
+makedepends="gettext-dev libiconv-dev pkgconfig"
+source="http://ftp.gnome.org/pub/gnome/sources/glib/${pkgver%.*}/glib-$pkgver.tar.bz2"
+subpackages="$pkgname-doc $pkgname-dev"
+
+depends_dev="perl gettext-dev libiconv-dev pkgconfig"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	# busybox env does not handle the -w after perl. we remove it for now
+	sed -i -e '1,1s/ -w//' gobject/glib-mkenums.in
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+# move the stuff in /usr/bin to the glib-dev package
+dev() {
+	default_dev
+	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+}
+
+md5sums="346916673c0eab72191cf44b4afe535f  glib-2.20.4.tar.bz2"
diff --git a/main/gmp/APKBUILD b/main/gmp/APKBUILD
new file mode 100644
index 0000000000..82651e897d
--- /dev/null
+++ b/main/gmp/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gmp
+pkgver=4.3.1
+pkgrel=0
+pkgdesc="A free library for arbitrary precision arithmetic"
+url="http://gmplib.org/"
+license="LGPL3"
+makedepends="m4 texinfo"
+depends=
+subpackages="$pkgname-doc $pkgname-dev"
+source="ftp://ftp.gnu.org/gnu/gmp/gmp-$pkgver.tar.bz2
+	gmp-4.1.4-noexecstack.patch
+	"
+
+build ()
+{
+	cd "${srcdir}/${pkgname}-${pkgver}"
+	patch -p1 < ../gmp-4.1.4-noexecstack.patch || return 1 
+
+	ABI="32" ./configure --prefix=/usr \
+		--build=${CHOST} \
+		--infodir=/usr/share/info \
+		--mandir=/usr/share/man \
+		--localstatedir=/var/state/gmp \
+		--disable-mpfr \
+		--disable-mpbsd \
+		--disable-cxx  \
+		--with-pic \
+		|| return 1
+
+	make || return 1
+	make -j1 DESTDIR="${pkgdir}" install || return 1
+}
+md5sums="26cec15a90885042dd4a15c4003b08ae  gmp-4.3.1.tar.bz2
+13c34f00e77ded6673270cfea06c35c3  gmp-4.1.4-noexecstack.patch"
diff --git a/main/gmp/gmp-4.1.4-noexecstack.patch b/main/gmp/gmp-4.1.4-noexecstack.patch
new file mode 100644
index 0000000000..093bec1a5d
--- /dev/null
+++ b/main/gmp/gmp-4.1.4-noexecstack.patch
@@ -0,0 +1,20 @@
+fixed executable stack
+
+http://bugs.gentoo.org/115038
+
+--- gmp-4.1.4/configure
++++ gmp-4.1.4/configure
+@@ -21689,6 +21689,13 @@
+ fi
+ echo "')" >> $gmp_configm4
+ echo "define(\`__CONFIG_M4_INCLUDED__')" >> $gmp_configm4
++# Gentoo hack
++case $host_os in
++	*linux*)
++		echo '.section .note.GNU-stack,"",%progbits' >> $gmp_configm4
++		echo '.previous' >> $gmp_configm4
++		;;
++esac
+ 
+ # Create Makefiles
+ # FIXME: Upcoming version of autoconf/automake may not like broken lines.
diff --git a/main/gnats/APKBUILD b/main/gnats/APKBUILD
new file mode 100644
index 0000000000..535f46ee42
--- /dev/null
+++ b/main/gnats/APKBUILD
@@ -0,0 +1,32 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gnats
+pkgver=4.1.0
+pkgrel=2
+pkgdesc="The GNU Bug Tracking System"
+url="http://www.gnu.org/software/gnats/"
+license="GPL-2"
+depends="uclibc postfix"
+makedepends="texinfo"
+install="gnats.pre-install"
+source="http://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	$install"
+subpackages="$pkgname-doc"
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	# make install needs gnats user
+	sudo sh $srcdir/$install pre_install || return 1
+
+	AWK=awk ./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--sharedstatedir=/var/lib \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+	rm -f "$pkgdir"/gnats.el
+}
+
+md5sums="2add3df79336f2e193c8a9a513aefe22  gnats-4.1.0.tar.gz
+4ccae685ca8d5ed857c2a26f1e2fbc7c  gnats.pre-install"
diff --git a/main/gnats/gnats.pre-install b/main/gnats/gnats.pre-install
new file mode 100644
index 0000000000..0a2e5a589b
--- /dev/null
+++ b/main/gnats/gnats.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -h /var/lib/gnatsdb -D gnats 2>/dev/null
+exit 0
diff --git a/main/gnupg/APKBUILD b/main/gnupg/APKBUILD
new file mode 100644
index 0000000000..fa1387b7db
--- /dev/null
+++ b/main/gnupg/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gnupg
+pkgver=2.0.10
+pkgrel=0
+pkgdesc="GNU Privacy Guard 2 - a PGP replacement tool"
+url="http://www.gnupg.org/"
+license="GPL"
+depends="curl zlib libksba libgcrypt libgpg-error pth pinentry libiconv"
+makedepends="curl-dev libassuan libksba-dev libgcrypt-dev libgpg-error-dev 
+	pth-dev zlib-dev libiconv-dev"
+subpackages="$pkgname-doc"
+source="ftp://ftp.gnupg.org/gcrypt/gnupg/gnupg-$pkgver.tar.bz2"
+
+build () {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="1cb778dd555f87685a8fde2f7113725e  gnupg-2.0.10.tar.bz2"
diff --git a/main/gnutls/APKBUILD b/main/gnutls/APKBUILD
new file mode 100644
index 0000000000..f8dd61f2d5
--- /dev/null
+++ b/main/gnutls/APKBUILD
@@ -0,0 +1,28 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gnutls
+pkgver=2.8.1
+pkgrel=0
+pkgdesc="A library which provides a secure connection"
+url="http://www.gnu.org/software/gnutls/"
+license="GPL"
+depends=
+makedepends="libgcrypt-dev libgpg-error-dev zlib-dev"
+install=
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://ftp.gnu.org/pub/gnu/gnutls/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-nls
+	make -j1 || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+}
+
+md5sums="be209095e12cff0dd5e15c3cc08d2851  gnutls-2.8.1.tar.bz2"
diff --git a/main/gperf/APKBUILD b/main/gperf/APKBUILD
new file mode 100644
index 0000000000..cc97c06d5c
--- /dev/null
+++ b/main/gperf/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gperf
+pkgver=3.0.4
+pkgrel=0
+pkgdesc="Perfect hash function generator."
+url="http://www.gnu.org/software/gperf/"
+license="GPL"
+subpackages="$pkgname-doc"
+depends="uclibc libgcc uclibc++"
+makedepends="uclibc++-dev"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	export CXX=g++-uc
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="c1f1db32fb6598d6a93e6e88796a8632  gperf-3.0.4.tar.gz"
diff --git a/main/grep/APKBUILD b/main/grep/APKBUILD
new file mode 100644
index 0000000000..4bdc96472a
--- /dev/null
+++ b/main/grep/APKBUILD
@@ -0,0 +1,30 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+# Maintainer:
+pkgname=grep
+pkgver=2.5.4
+pkgrel=1
+pkgdesc="Searches input files for lines containing a match to a specified pattern"
+url="http://www.gnu.org/software/grep/grep.html"
+license="GPL"
+depends="uclibc pcre"
+makedepends="pcre-dev"
+install="$pkgname.post-deinstall"
+subpackages="$pkgname-doc"
+source="http://mirrors.kernel.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="92258031d98d4f12dfc6a6d24057e672  grep-2.5.4.tar.gz
+b84506d253e04db3c5af9016fead45a3  grep.post-deinstall"
diff --git a/main/grep/grep.post-deinstall b/main/grep/grep.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/grep/grep.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/groff/APKBUILD b/main/groff/APKBUILD
new file mode 100644
index 0000000000..6866c2db08
--- /dev/null
+++ b/main/groff/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=groff
+pkgver=1.20.1
+pkgrel=1
+pkgdesc="GNU troff text-formatting system"
+url="http://www.gnu.org/software/groff/groff.html"
+license="GPL"
+depends="uclibc uclibc++ libgcc"
+makedepends="perl texinfo uclibc++-dev"
+subpackages="$pkgname-doc"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build () {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	export CXX=g++-uc
+	./configure --prefix=/usr --without-x
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="48fa768dd6fdeb7968041dd5ae8e2b02  groff-1.20.1.tar.gz"
diff --git a/main/gross/APKBUILD b/main/gross/APKBUILD
new file mode 100644
index 0000000000..dd1104536c
--- /dev/null
+++ b/main/gross/APKBUILD
@@ -0,0 +1,57 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gross
+pkgver=1.0.1
+pkgrel=3
+pkgdesc="Greylisting of suspicious sources"
+url="http://code.google.com/p/gross/"
+license="BSD"
+depends=
+makedepends="c-ares-dev autoconf automake libtool sed"
+install="$pkgname.pre-install $pkgname.post-install $pkgname.pre-upgrade 
+	$pkgname.post-upgrade"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://gross.googlecode.com/files/$pkgname-$pkgver.tar.gz
+	grossd.initd
+	grossd.confd
+	gross-1.0.1-configure.ac.patch
+	gross-1.0.1-default-conf.patch
+	gross-1.0.1-user.patch
+	$install"
+
+build() {
+        cd "$srcdir/$pkgname-$pkgver"
+
+	for _i in ../*.patch; do
+		msg "Applying $_i..."
+		patch -p1 < $_i || return 1
+	done
+	msg "Running autotools..."
+	aclocal --force && autoconf && automake --add-missing \
+		&& libtoolize --force --copy || return 1
+
+	export lt_SED='/bin/sed'
+	export lt_cv_path_SED='/bin/sed'
+        ./configure --prefix=/usr \
+                --sysconfdir=/etc \
+                --mandir=/usr/share/man \
+                --infodir=/usr/share/info
+
+        make -j1 || return 1
+        make -j1 DESTDIR="$pkgdir" install
+
+        install -dD "$pkgdir"/var/run/gross
+        install -m755 -D "$srcdir"/grossd.initd "$pkgdir"/etc/init.d/grossd
+        install -m644 -D "$srcdir"/grossd.confd "$pkgdir"/etc/conf.d/grossd
+}
+
+md5sums="f8f81b36850dcda30cb81799b9cee3b6  gross-1.0.1.tar.gz
+b0d8635b64c4a90d72c49e868f4c4c32  grossd.initd
+5ca1c6e51c3243236e6564480b20279b  grossd.confd
+bb75b119ac96b8f99831ce6df810003f  gross-1.0.1-configure.ac.patch
+7c504b653c71dcf7b192bc487b3516fd  gross-1.0.1-default-conf.patch
+16e184d59d520db565388f010cc75e83  gross-1.0.1-user.patch
+8f6e45b98888dbb9971f7681bf431f6f  gross.pre-install
+4b55d1c5534167946cc11376d1b05c34  gross.post-install
+87e7d76dace9cedf61efc04cdb6a905c  gross.pre-upgrade
+9268f51b276ba00b0f50df322e34434e  gross.post-upgrade"
diff --git a/main/gross/gross-1.0.1-configure.ac.patch b/main/gross/gross-1.0.1-configure.ac.patch
new file mode 100644
index 0000000000..80f9ea7762
--- /dev/null
+++ b/main/gross/gross-1.0.1-configure.ac.patch
@@ -0,0 +1,20 @@
+--- a/configure.ac.orig	2008-05-29 16:18:56 +0000
++++ b/configure.ac	2008-05-30 09:10:48 +0000
+@@ -52,7 +52,7 @@
+ then
+     AC_DEFINE([USE_SEM_OPEN], [], [Use sem_open() instead of sem_init()])
+ else
+-    AC_SEARCH_LIBS(sem_init, [rt], ,
++    AC_SEARCH_LIBS(sem_init, [rt pthread], ,
+ 	AC_MSG_ERROR([Can't compile without semaphores.])
+     )
+ fi
+@@ -101,7 +101,7 @@
+ AC_MSG_CHECKING([whether to disable dnsbl checking])
+ AC_ARG_ENABLE(dnsbl,
+     AC_HELP_STRING([--disable-dnsbl], [Disable dnsbl checking]),
+-    [AC_MSG_RESULT([yes]) ; dnsbl="no"],
++    [AC_MSG_RESULT([yes]) ; dnsbl="$enableval"],
+     [AC_MSG_RESULT([no]) ; dnsbl="yes"]
+ )
+ 
diff --git a/main/gross/gross-1.0.1-default-conf.patch b/main/gross/gross-1.0.1-default-conf.patch
new file mode 100644
index 0000000000..39cd90709d
--- /dev/null
+++ b/main/gross/gross-1.0.1-default-conf.patch
@@ -0,0 +1,17 @@
+diff -ru gross-1.0.1.orig/doc/examples/grossd.conf gross-1.0.1/doc/examples/grossd.conf
+--- gross-1.0.1.orig/doc/examples/grossd.conf	2008-06-03 09:27:37 +0000
++++ gross-1.0.1/doc/examples/grossd.conf	2008-06-03 09:31:33 +0000
+@@ -71,11 +71,13 @@
+ # 'statefile' is the full path of the file that the server will use to
+ # store the state information. 
+ # statefile = /var/db/grossd.state
++statefile = /var/db/gross/state
+ 
+ # 'pidfile' is the full path of the file grossd writes its pid into.
+ # You can set parameter 'check', if you want to keep grossd
+ # from starting if pidfile already exists.
+ # pidfile = /var/run/grossd.pid;check
++pidfile = /var/run/gross/grossd.pid
+ 
+ # 'log_method' is used to list all the possible logging facilities.
+ # currently only syslog is implemented
diff --git a/main/gross/gross-1.0.1-user.patch b/main/gross/gross-1.0.1-user.patch
new file mode 100644
index 0000000000..a20279f003
--- /dev/null
+++ b/main/gross/gross-1.0.1-user.patch
@@ -0,0 +1,72 @@
+Index: src/gross.c
+===================================================================
+--- a/src/gross.c	(revision 491)
++++ b/src/gross.c	(working copy)
+@@ -553,7 +553,7 @@
+ void
+ usage(void)
+ {
+-	printf("Usage: grossd [-CDdhnPprV] [-f configfile]\n");
++	printf("Usage: grossd [-CDdhnPpruV] [-f configfile]\n");
+ 	printf("       -C	create statefile and exit\n");
+ 	printf("       -D	Enable debug logging (insane verbosity with -DD)\n");
+ 	printf("       -d	Run grossd as a foreground process\n");
+@@ -563,6 +563,7 @@
+ 	printf("       -p file  write the process id in a pidfile\n");
+ 	printf("       -P file  same as -p, but pid file must not exist\n");
+ 	printf("       -r	disable replication\n");
++	printf("       -u user  run gross as user\n");	
+ 	printf("       -V	version information\n");
+ 	exit(EXIT_USAGE);
+ }
+@@ -612,6 +613,7 @@
+ 	pool_limits_t limits;
+ 	sigset_t mask, oldmask;
+ 	struct passwd *pwd;
++	char *user = "nobody";
+ 
+ #ifdef DNSBL
+ 	dns_check_info_t *dns_check_info;
+@@ -623,7 +625,7 @@
+ 		daemon_shutdown(EXIT_FATAL, "Couldn't initialize context");
+ 
+ 	/* command line arguments */
+-	while ((c = getopt(argc, argv, ":drf:VCDnp:P:")) != -1) {
++	while ((c = getopt(argc, argv, ":drf:VCDnp:P:u:")) != -1) {
+ 		switch (c) {
+ 		case 'd':
+ 			ctx->config.flags |= FLG_NODAEMON;
+@@ -663,6 +665,9 @@
+ 			ctx->config.flags |= FLG_CHECK_PIDFILE;
+ 			ctx->config.flags |= FLG_CREATE_PIDFILE;
+ 			break;
++		case 'u':
++			user = optarg;
++			break;
+ 		case 'h':
+ 			usage();
+ 			break;
+@@ -675,16 +680,16 @@
+ 
+ 	/* grossd doesn't need to be running as root */
+ 	if (geteuid() == 0) {
+-		logstr(GLOG_DEBUG, "Running as root: setuid() to 'nobody'");
+-		pwd = getpwnam("nobody");
++		logstr(GLOG_DEBUG, "Running as root: setuid() to '%s'", user);
++		pwd = getpwnam(user);
+ 		if (NULL == pwd)
+-			daemon_shutdown(EXIT_FATAL, "Running as root: can't find user 'nobody'");
++			daemon_shutdown(EXIT_FATAL, "Running as root: can't find user '%s'", user);
+ 		if (setgid(pwd->pw_gid) != 0)
+-			daemon_shutdown(EXIT_FATAL, "Running as root: can't setgid(%d) to 'nobody': %s",
+-			    pwd->pw_gid, strerror(errno));
++			daemon_shutdown(EXIT_FATAL, "Running as root: can't setgid(%d) to '%s': %s",
++			    pwd->pw_gid, user, strerror(errno));
+ 		if (setuid(pwd->pw_uid) != 0)
+-			daemon_shutdown(EXIT_FATAL, "Running as root: can't setuid(%d) to 'nobody': %s",
+-			    pwd->pw_uid, strerror(errno));
++			daemon_shutdown(EXIT_FATAL, "Running as root: can't setuid(%d) to '%s': %s",
++			    pwd->pw_uid, user, strerror(errno));
+ 	}
+ 
+ 	config = default_config();
diff --git a/main/gross/gross.post-install b/main/gross/gross.post-install
new file mode 100644
index 0000000000..df06670a41
--- /dev/null
+++ b/main/gross/gross.post-install
@@ -0,0 +1,2 @@
+#!/bin/sh
+chown -R gross:gross /var/run/gross
diff --git a/main/gross/gross.post-upgrade b/main/gross/gross.post-upgrade
new file mode 100644
index 0000000000..ff1c806dcf
--- /dev/null
+++ b/main/gross/gross.post-upgrade
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+moved=
+for i in /etc/runlevels/*/gross; do
+	if [ -L $i ]; then
+		rm ${i} 
+		ln -s /etc/init.d/grossd ${i}d
+		moved=1
+	fi
+done
+
+if [ -n "$moved" ]; then
+	echo " *"
+	echo " * NOTICE: /etc/init.d/gross is renamed to /etc/init.d/grossd"
+	echo " *"
+fi
+
diff --git a/main/gross/gross.pre-install b/main/gross/gross.pre-install
new file mode 100644
index 0000000000..c3844d7a5e
--- /dev/null
+++ b/main/gross/gross.pre-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+adduser -H -s /bin/false -D gross 2>/dev/null
+exit 0
diff --git a/main/gross/gross.pre-upgrade b/main/gross/gross.pre-upgrade
new file mode 100644
index 0000000000..90361bcc65
--- /dev/null
+++ b/main/gross/gross.pre-upgrade
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+old=/etc/conf.d/gross
+new=/etc/conf.d/grossd
+
+if [ -f "$old" ] && [ ! -f "$new" ]; then
+	mv "$old" "$new"
+	echo " *"
+	echo " * NOTICE: $old was renamed to $new"
+	echo " *"
+fi
+
diff --git a/main/gross/grossd.confd b/main/gross/grossd.confd
new file mode 100644
index 0000000000..646e12f9d7
--- /dev/null
+++ b/main/gross/grossd.confd
@@ -0,0 +1,6 @@
+#
+# Specify daemon $OPTS here.
+#
+
+OPTS=""
+
diff --git a/main/gross/grossd.initd b/main/gross/grossd.initd
new file mode 100644
index 0000000000..3d1c43d708
--- /dev/null
+++ b/main/gross/grossd.initd
@@ -0,0 +1,35 @@
+#!/sbin/runscript
+
+NAME="grossd"
+DAEMON="/usr/sbin/$NAME"
+DAEMON_USER="gross"
+DAEMON_GROUP="gross"
+
+depend() {
+	need net
+}
+
+check_config() {
+	if [ ! -f /var/db/gross/state ] ; then
+		einfo "Generating Gross database..."
+		install -dD -o${DAEMON_USER} -g${DAEMON_GROUP} /var/db/gross
+		${DAEMON} -Cu ${DAEMON_USER} > /dev/null
+	fi
+}
+
+start() {
+	check_config || return 1
+	ebegin "Starting ${NAME}"
+	start-stop-daemon --start --quiet \
+		--exec ${DAEMON} -- \
+		-p /var/run/gross/grossd.pid \
+		-u ${DAEMON_USER} ${OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+	start-stop-daemon --stop --pidfile /var/run/gross/grossd.pid
+	eend $?
+}
+
diff --git a/main/gzip/APKBUILD b/main/gzip/APKBUILD
new file mode 100644
index 0000000000..eb06884d6d
--- /dev/null
+++ b/main/gzip/APKBUILD
@@ -0,0 +1,34 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=gzip
+pkgver=1.3.12
+pkgrel=2
+pkgdesc="A popular data compression program"
+subpackages="$pkgname-doc"
+url="http://www.gnu.org/software/gzip/"
+license="GPL2"
+depends=
+makedepends=
+install="$pkgname.post-deinstall"
+source="http://ftp.gnu.org/gnu/gzip/gzip-1.3.12.tar.gz
+	$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	# avoid text relocation
+	export DEFS="NO_ASM"
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--disable-nls \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR=$pkgdir install
+
+	mkdir -p "$pkgdir"/bin
+	mv "$pkgdir"/usr/bin/gzip "$pkgdir"/usr/bin/gunzip "$pkgdir"/bin/
+	ln -s /bin/gzip "$pkgdir"/usr/bin/gzip
+	ln -s /bin/gunzip "$pkgdir"/usr/bin/gunzip
+}
+md5sums="b5bac2d21840ae077e0217bc5e4845b1  gzip-1.3.12.tar.gz
+b84506d253e04db3c5af9016fead45a3  gzip.post-deinstall"
diff --git a/main/gzip/gzip.post-deinstall b/main/gzip/gzip.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/gzip/gzip.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/haserl/APKBUILD b/main/haserl/APKBUILD
new file mode 100644
index 0000000000..2c4e08e493
--- /dev/null
+++ b/main/haserl/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=haserl
+pkgver=0.9.25
+pkgrel=1
+pkgdesc="Html And Shell Embedded Report Language"
+url="http://haserl.sourceforge.net/"
+license="GPL-2"
+depends="lua uclibc"
+makedepends="lua-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr --with-lua || return 1
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+	chmod 4111 "$pkgdir"/usr/bin/haserl
+}
+
+md5sums="906c634a2af4ac3a4b656ef4e244c4cd  haserl-0.9.25.tar.gz"
diff --git a/main/heimdal/001_all_heimdal-no_libedit.patch b/main/heimdal/001_all_heimdal-no_libedit.patch
new file mode 100644
index 0000000000..a551bdce15
--- /dev/null
+++ b/main/heimdal/001_all_heimdal-no_libedit.patch
@@ -0,0 +1,10 @@
+--- cf/krb-readline.m4	2005-06-16 18:28:32.000000000 +0200
++++ cf/krb-readline.m4	2005-06-27 23:17:06.000000000 +0200
+@@ -6,7 +6,6 @@
+ dnl el_init
+ 
+ AC_DEFUN([KRB_READLINE],[
+-AC_FIND_FUNC_NO_LIBS(el_init, edit, [], [], [$LIB_tgetent])
+ if test "$ac_cv_func_el_init" = yes ; then
+ 	AC_CACHE_CHECK(for four argument el_init, ac_cv_func_el_init_four,[
+ 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>
diff --git a/main/heimdal/002_all_heimdal-fPIC.patch b/main/heimdal/002_all_heimdal-fPIC.patch
new file mode 100644
index 0000000000..c67dbae764
--- /dev/null
+++ b/main/heimdal/002_all_heimdal-fPIC.patch
@@ -0,0 +1,12 @@
+--- lib/editline/Makefile.am	2005-06-16 18:28:44.000000000 +0200
++++ lib/editline/Makefile.am	2005-06-27 23:21:02.000000000 +0200
+@@ -41,6 +41,9 @@
+ 
+ EXTRA_DIST = $(man_MANS)
+ 
++$(libeditline_la_OBJECTS): %.lo: %.c
++	$(LTCOMPILE) -fPIC -c -o $@ `test -f '$<' || echo '$(srcdir)/'`$<
++
+ snprintf.c:
+ 	$(LN_S) $(srcdir)/../roken/snprintf.c .
+ strdup.c:
diff --git a/main/heimdal/003_all_heimdal-rxapps.patch b/main/heimdal/003_all_heimdal-rxapps.patch
new file mode 100644
index 0000000000..40fc05f083
--- /dev/null
+++ b/main/heimdal/003_all_heimdal-rxapps.patch
@@ -0,0 +1,22 @@
+--- appl/kx/rxtelnet.in	2005-06-16 18:29:10.000000000 +0200
++++ appl/kx/rxtelnet.in	2005-06-27 23:21:34.000000000 +0200
+@@ -2,7 +2,7 @@
+ # $Id: rxtelnet.in,v 1.31 2004/03/07 17:22:06 lha Exp $
+ #
+ usage="Usage: $0 [-l username] [-k] [-fF] [-t args_to_telnet] [-x args_to_xterm] [-K args_to_kx] [-w term_emulator] [-b telnet_binary] [-n] [-v] [-h | --help] [--version] host [port]"
+-binary=telnet
++binary=ktelnet
+ term=
+ kx_args=-P
+ while true
+--- appl/kx/rxterm.in	2005-06-16 18:29:10.000000000 +0200
++++ appl/kx/rxterm.in	2005-06-27 23:21:55.000000000 +0200
+@@ -2,7 +2,7 @@
+ # $Id: rxterm.in,v 1.23 2002/03/18 17:37:34 joda Exp $
+ #
+ usage="Usage: $0 [-l username] [-k] [-f] [-r rsh_args] [-x xterm_args] [-K kx_args] [-w term_emulator] [-b rsh_binary][-v] [-h | --help] [--version] host"
+-binary=rsh
++binary=krsh
+ term=xterm
+ while true
+ do
diff --git a/main/heimdal/005_all_heimdal-suid_fix.patch b/main/heimdal/005_all_heimdal-suid_fix.patch
new file mode 100644
index 0000000000..35a9ed9f6b
--- /dev/null
+++ b/main/heimdal/005_all_heimdal-suid_fix.patch
@@ -0,0 +1,20 @@
+--- appl/su/Makefile.am	2005-06-16 18:27:46.000000000 +0200
++++ appl/su/Makefile.am	2005-06-27 23:25:21.000000000 +0200
+@@ -7,6 +7,7 @@
+ bin_PROGRAMS = su
+ bin_SUIDS = su
+ su_SOURCES = su.c supaths.h
++su_LDFLAGS = -Wl,-z,now
+ man_MANS = su.1
+ 
+ LDADD = $(LIB_kafs) \
+--- appl/otp/Makefile.am	2005-06-16 18:28:46.000000000 +0200
++++ appl/otp/Makefile.am	2005-06-27 23:25:40.000000000 +0200
+@@ -8,6 +8,7 @@
+ bin_SUIDS = otp
+ otp_SOURCES = otp.c otp_locl.h
+ otpprint_SOURCES = otpprint.c otp_locl.h
++otp_LDFLAGS = -Wl,-z,now
+ 
+ man_MANS = otp.1  otpprint.1
+ 
diff --git a/main/heimdal/013_all_heimdal-pthread-lib.patch b/main/heimdal/013_all_heimdal-pthread-lib.patch
new file mode 100644
index 0000000000..19f8794075
--- /dev/null
+++ b/main/heimdal/013_all_heimdal-pthread-lib.patch
@@ -0,0 +1,11 @@
+--- heimdal-0.7.1/cf/pthreads.m4.old	2005-09-09 12:12:28.000000000 +0000
++++ heimdal-0.7.1/cf/pthreads.m4	2005-09-17 22:23:23.000000000 +0000
+@@ -32,7 +32,7 @@
+ 	2.*)
+ 		native_pthread_support=yes
+ 		PTHREADS_CFLAGS=-pthread
+-		PTHREADS_LIBS=-pthread
++		PTHREADS_LIBS=-lpthread
+ 		;;
+ 	esac
+ 	;;
diff --git a/main/heimdal/014_all_heimdal-path.patch b/main/heimdal/014_all_heimdal-path.patch
new file mode 100644
index 0000000000..36a86f1f93
--- /dev/null
+++ b/main/heimdal/014_all_heimdal-path.patch
@@ -0,0 +1,50 @@
+--- appl/rcp/rcp.c.old	2006-05-03 13:31:59.398493625 +0200
++++ appl/rcp/rcp.c	2006-05-03 13:32:04.494485981 +0200
+@@ -34,7 +34,7 @@
+ #include "rcp_locl.h"
+ #include <getarg.h>
+ 
+-#define RSH_PROGRAM "rsh"
++#define RSH_PROGRAM "krsh"
+ 
+ struct  passwd *pwd;
+ uid_t	userid;
+--- appl/rcp/rcp_locl.h.old	2006-05-03 02:30:31.602025409 +0200
++++ appl/rcp/rcp_locl.h	2006-05-03 02:30:35.886018983 +0200
+@@ -64,4 +64,4 @@
+ #define	_PATH_CP	"/bin/cp"
+ #endif
+ #undef _PATH_RSH
+-#define	_PATH_RSH	BINDIR "/rsh"
++#define	_PATH_RSH	BINDIR "/krsh"
+--- appl/telnet/telnetd/telnetd.h.old	2006-05-03 02:23:14.582680939 +0200
++++ appl/telnet/telnetd/telnetd.h	2006-05-03 02:23:23.746667193 +0200
+@@ -192,7 +192,7 @@
+ #endif
+ 
+ #undef _PATH_LOGIN
+-#define _PATH_LOGIN	BINDIR "/login"
++#define _PATH_LOGIN	BINDIR "/klogin"
+ 
+ /* fallbacks */
+ 
+--- appl/login/shadow.c.old	2006-05-05 06:31:29.517138115 +0200
++++ appl/login/shadow.c	2006-05-05 06:32:26.433052741 +0200
+@@ -38,7 +38,7 @@
+ #ifdef HAVE_SHADOW_H
+ 
+ #ifndef _PATH_CHPASS
+-#define _PATH_CHPASS "/usr/bin/passwd"
++#define _PATH_CHPASS "/usr/bin/kpasswd"
+ #endif
+ 
+ static int
+@@ -52,7 +52,7 @@
+         printf("fork /bin/passwd");
+         exit(1);
+     case 0:
+-        execlp(_PATH_CHPASS, "passwd", who->pw_name, (char *) 0);
++        execlp(_PATH_CHPASS, "kpasswd", who->pw_name, (char *) 0);
+         exit(1);
+     default:
+         waitpid(pid, &status, 0);
diff --git a/main/heimdal/022_all_heimdal-as-needed.patch b/main/heimdal/022_all_heimdal-as-needed.patch
new file mode 100644
index 0000000000..69c791778a
--- /dev/null
+++ b/main/heimdal/022_all_heimdal-as-needed.patch
@@ -0,0 +1,22 @@
+--- lib/roken/Makefile.am.old	2007-11-05 19:42:53.000000000 +0100
++++ lib/roken/Makefile.am	2007-11-05 19:43:12.000000000 +0100
+@@ -107,7 +107,7 @@
+ 	ifaddrs.hin		\
+ 	vis.hin	
+ 
+-libroken_la_LIBADD = @LTLIBOBJS@
++libroken_la_LIBADD = @LTLIBOBJS@ $(LIB_crypt)
+ 
+ $(LTLIBOBJS) $(libroken_la_OBJECTS): roken.h $(XHEADERS)
+ 
+--- lib/editline/Makefile.am.old	2007-11-05 19:46:08.000000000 +0100
++++ lib/editline/Makefile.am	2007-11-05 20:06:54.000000000 +0100
+@@ -36,6 +36,8 @@
+ 	unix.h \
+ 	$(EXTRA_SOURCE)
+ 
++libeditline_la_LIBADD = $(LIB_tgetent)
++
+ EXTRA_SOURCE = $(ES) 
+ 
+ libel_compat_la_SOURCES = edit_compat.c edit_compat.h
diff --git a/main/heimdal/APKBUILD b/main/heimdal/APKBUILD
new file mode 100644
index 0000000000..a494e201a6
--- /dev/null
+++ b/main/heimdal/APKBUILD
@@ -0,0 +1,161 @@
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=heimdal
+pkgver=1.2.1
+pkgrel=3
+pkgdesc="An implementation of Kerberos 5"
+url="http://www.h5l.org/"
+license="BSD"
+depends=
+makedepends="gawk readline-dev e2fsprogs-dev sqlite-dev autoconf automake
+	libtool pkgconfig"
+install=
+subpackages="$pkgname-doc $pkgname-dev $pkgname-ftp $pkgname-telnet \
+$pkgname-su $pkgname-rsh $pkgname-rcp $pkgname-pagsh $pkgname-kf"
+source="http://www.h5l.org/dist/src/$pkgname-$pkgver.tar.gz
+001_all_heimdal-no_libedit.patch
+002_all_heimdal-fPIC.patch
+003_all_heimdal-rxapps.patch
+005_all_heimdal-suid_fix.patch
+013_all_heimdal-pthread-lib.patch
+014_all_heimdal-path.patch
+022_all_heimdal-as-needed.patch
+heimdal-system_sqlite.patch
+heimdal-r23235-kb5-libwind_la.patch
+heimdal-r23238-kb5_locl_h-wind_h.patch
+"
+
+# krb5.h needs com_err.h
+depends_dev="e2fsprogs-dev"
+
+build() {
+	[ -e /usr/lib/libasn1.so ] && echo "## remove old heimdal pkg first ##" && return 1
+
+	cd "$srcdir/$pkgname-$pkgver"
+	
+	patch -Np0 -i ../../001_all_heimdal-no_libedit.patch || return 1
+	patch -Np0 -i ../../002_all_heimdal-fPIC.patch || return 1
+	patch -Np0 -i ../../003_all_heimdal-rxapps.patch || return 1
+	patch -Np0 -i ../../005_all_heimdal-suid_fix.patch || return 1
+	patch -Np1 -i ../../013_all_heimdal-pthread-lib.patch || return 1
+	patch -Np0 -i ../../014_all_heimdal-path.patch || return 1
+	patch -Np0 -i ../../022_all_heimdal-as-needed.patch || return 1
+	patch -Np0 -i ../../heimdal-system_sqlite.patch || return 1
+	patch -Np2 -i ../../heimdal-r23235-kb5-libwind_la.patch || return 1
+	patch -Np2 -i ../../heimdal-r23238-kb5_locl_h-wind_h.patch || return 1
+
+	# name clash with ruserpass in netdb.h
+	sed -i -e 's/ruserpass/ruserpw/g' appl/ftp/ftp/*.[ch] || return 1
+
+	sed -i -e 's|var/heimdal|var/lib/heimdal|g' configure.in \
+	doc/setup.texi doc/heimdal.info kadmin/kadmind.8 kdc/kdc.8 \
+	lib/hdb/hdb.h lib/krb5/krb5.conf.5 lib/krb5/krb5.conf.cat5
+
+	sh ./autogen.sh || return 1
+
+	export LDFLAGS="${LDFLAGS} -Wl,--as-needed"
+
+	./configure --prefix=/usr \
+		--enable-shared=yes --without-x \
+		--disable-berkeley-db \
+		--disable-netinfo \
+		--with-readline-lib=/usr/lib \
+		--with-readline-include=/usr/include/readline \
+		--with-openssl=/usr
+
+	make || return 1
+	make DESTDIR="$pkgdir" exec_prefix=/usr sysconfdir=/etc \
+	mandir=/usr/share/man infodir=/usr/share/info datadir=/var/lib/heimdal \
+	localstatedir=/var/lib/heimdal libexecdir=/usr/sbin install
+
+	install -m644 -D krb5.conf ${pkgdir}/etc/krb5.conf || return 1
+	install -m755 -D ../../heimdal-kadmind.init ${pkgdir}/etc/init.d/heimdal-kadmind
+	install -m755 -D ../../heimdal-kdc.init ${pkgdir}/etc/init.d/heimdal-kdc
+	install -m755 -D ../../heimdal-kpasswdd.init ${pkgdir}/etc/init.d/heimdal-kpasswdd
+
+	# Remove editline, we use libreadline
+	rm ${pkgdir}/usr/lib/libeditline.* || return 1
+	rm ${pkgdir}/usr/include/editline.h || return 1
+	rm ${pkgdir}/usr/share/man/man3/editline.* || return 1
+
+	# Rename daemons and their manpages
+	for i in telnetd ftpd rshd; do
+		mv ${pkgdir}/usr/share/man/man8/${i}.8 ${pkgdir}/usr/share/man/man8/k${i}.8 || return 1
+		mv ${pkgdir}/usr/sbin/${i} ${pkgdir}/usr/sbin/k${i} || return 1
+	done
+
+	# Rename clients and their manpages
+	for i in rcp rsh telnet ftp su login; do
+		if [ -f ${pkgdir}/usr/share/man/man1/${i}.1 ]; then
+			mv ${pkgdir}/usr/share/man/man1/${i}.1 ${pkgdir}/usr/share/man/man1/k${i}.1 || return 1
+		fi
+		mv ${pkgdir}/usr/bin/${i} ${pkgdir}/usr/bin/k${i} || return 1
+	done
+	rm -rf ${pkgdir}/usr/share/man/cat{1,3,5,8}
+
+	# Remove conflicts 
+	rm ${pkgdir}/usr/share/man/man5/ftpusers.5*
+
+	# Compress info pages
+	for page in heimdal hx509; do
+		gzip -9 ${pkgdir}/usr/share/info/${page}.info
+	done
+
+	# Install the license
+	install -d ${pkgdir}/usr/share/licenses/${pkgname}
+	install -D -m644 ${srcdir}/${pkgname}-${pkgver}/LICENSE \
+	${pkgdir}/usr/share/licenses/${pkgname}/ || return 1
+}
+
+ftp() {
+	mkdir -p $subpkgdir/usr/bin/
+	mv $pkgdir/usr/bin/kftp $subpkgdir/usr/bin/kftp
+	mkdir -p $subpkgdir/usr/sbin/
+	mv $pkgdir/usr/sbin/kftpd $subpkgdir/usr/sbin/kftpd
+}
+
+telnet() {
+	mkdir -p $subpkgdir/usr/bin/
+	mv $pkgdir/usr/bin/ktelnet $subpkgdir/usr/bin/ktelnet
+	mkdir -p $subpkgdir/usr/sbin/
+	mv $pkgdir/usr/sbin/ktelnetd $subpkgdir/usr/sbin/ktelnetd
+}
+
+su() {
+	mkdir -p $subpkgdir/usr/bin/
+	mv $pkgdir/usr/bin/ksu $subpkgdir/usr/bin/ksu
+}
+
+rsh() {
+	mkdir -p $subpkgdir/usr/bin/
+	mv $pkgdir/usr/bin/krsh $subpkgdir/usr/bin/krsh
+	mkdir -p $subpkgdir/usr/sbin/
+	mv $pkgdir/usr/sbin/krshd $subpkgdir/usr/sbin/krshd
+}
+
+rcp() {
+        mkdir -p $subpkgdir/usr/bin/
+	mv $pkgdir/usr/bin/krcp $subpkgdir/usr/bin/krcp
+}
+
+pagsh() {
+        mkdir -p $subpkgdir/usr/bin/
+        mv $pkgdir/usr/bin/pagsh $subpkgdir/usr/bin/pagsh
+}
+
+kf() {
+        mkdir -p $subpkgdir/usr/bin/
+        mv $pkgdir/usr/bin/kf $subpkgdir/usr/bin/kf
+}
+
+md5sums="6e5028077e2a6b101a4a72801ba71b9e  heimdal-1.2.1.tar.gz
+98e28f11f906c967aac22d6184102c9e  001_all_heimdal-no_libedit.patch
+6d5571bdedba2e2423b90bccdbac2c0a  002_all_heimdal-fPIC.patch
+2feec3924ee5230b54175b4d4000c872  003_all_heimdal-rxapps.patch
+45aeb207f360f9f4e9e0fabc8bfeecbc  005_all_heimdal-suid_fix.patch
+1b8665b771c4eb6b56ea8582c96e56e3  013_all_heimdal-pthread-lib.patch
+8208ae8c0b6ff5ab4f64af1693e9e396  014_all_heimdal-path.patch
+d7649e078c87d2ca997080f0deb527c0  022_all_heimdal-as-needed.patch
+949a389ebe7652861b2e178a7e0f1ed9  heimdal-system_sqlite.patch
+072f6b2550693adb30117394b1dd354e  heimdal-r23235-kb5-libwind_la.patch
+7b4537b0e8bde95214211091e55eacf5  heimdal-r23238-kb5_locl_h-wind_h.patch"
diff --git a/main/heimdal/heimdal-kadmind.init b/main/heimdal/heimdal-kadmind.init
new file mode 100755
index 0000000000..b58ac994df
--- /dev/null
+++ b/main/heimdal/heimdal-kadmind.init
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kadmind,v 1.3 2004/09/13 22:44:54 solar Exp $
+
+depend() {
+	need net
+	use heimdal-kdc
+	after logger
+}
+
+start() {
+	ebegin "Starting heimdal kadmind"
+		/usr/sbin/kadmind  &
+		echo $! > /var/run/heimdal-kadmind.pid
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping heimdal kadmind"
+	start-stop-daemon --stop --quiet --exec \
+		/usr/sbin/kadmind
+	eend $?
+}
diff --git a/main/heimdal/heimdal-kdc.init b/main/heimdal/heimdal-kdc.init
new file mode 100755
index 0000000000..753a101c30
--- /dev/null
+++ b/main/heimdal/heimdal-kdc.init
@@ -0,0 +1,23 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kdc,v 1.2 2004/09/13 15:40:34 dragonheart Exp $
+
+depend() {
+	need net
+	after logger
+}
+
+start() {
+	ebegin "Starting heimdal kdc"
+	start-stop-daemon --start --quiet --exec \
+		/usr/sbin/kdc -- --detach
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping heimdal kdc"
+	start-stop-daemon --stop --quiet --exec \
+		/usr/sbin/kdc
+	eend $?
+}
diff --git a/main/heimdal/heimdal-kpasswdd.init b/main/heimdal/heimdal-kpasswdd.init
new file mode 100755
index 0000000000..517cb86210
--- /dev/null
+++ b/main/heimdal/heimdal-kpasswdd.init
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-crypt/heimdal/files/heimdal-kpasswdd,v 1.3 2004/09/13 22:44:54 solar Exp $
+
+depend() {
+	need net
+	use heimdal-kdc
+	after logger
+}
+
+start() {
+	ebegin "Starting heimdal kpasswdd"
+	start-stop-daemon --background --start --quiet --exec \
+		/usr/sbin/kpasswdd
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping heimdal kpasswdd"
+	start-stop-daemon --stop --quiet --exec \
+		/usr/sbin/kpasswdd
+	eend $?
+}
diff --git a/main/heimdal/heimdal-r23235-kb5-libwind_la.patch b/main/heimdal/heimdal-r23235-kb5-libwind_la.patch
new file mode 100644
index 0000000000..88c02e598c
--- /dev/null
+++ b/main/heimdal/heimdal-r23235-kb5-libwind_la.patch
@@ -0,0 +1,10 @@
+--- trunk/heimdal/lib/krb5/Makefile.am	2008-06-01 22:25:41 UTC (rev 23234)
++++ trunk/heimdal/lib/krb5/Makefile.am	2008-06-01 22:25:53 UTC (rev 23235)
+@@ -57,6 +57,7 @@
+ 	$(LIB_com_err) \
+ 	$(LIB_hcrypto) \
+ 	$(top_builddir)/lib/asn1/libasn1.la \
++	../wind/libwind.la \
+ 	$(LIBADD_roken) \
+ 	$(LIB_door_create) \
+ 	$(LIB_dlopen)
diff --git a/main/heimdal/heimdal-r23238-kb5_locl_h-wind_h.patch b/main/heimdal/heimdal-r23238-kb5_locl_h-wind_h.patch
new file mode 100644
index 0000000000..5390b2cf69
--- /dev/null
+++ b/main/heimdal/heimdal-r23238-kb5_locl_h-wind_h.patch
@@ -0,0 +1,11 @@
+--- trunk/heimdal/lib/krb5/krb5_locl.h	2008-06-01 22:26:24 UTC (rev 23237)
++++ trunk/heimdal/lib/krb5/krb5_locl.h	2008-06-01 22:26:43 UTC (rev 23238)
+@@ -131,6 +131,8 @@
+ #include <parse_time.h>
+ #include <base64.h>
+ 
++#include <wind.h>
++
+ #include "crypto-headers.h"
+
+
diff --git a/main/heimdal/heimdal-system_sqlite.patch b/main/heimdal/heimdal-system_sqlite.patch
new file mode 100644
index 0000000000..2f8254e4d6
--- /dev/null
+++ b/main/heimdal/heimdal-system_sqlite.patch
@@ -0,0 +1,56 @@
+diff -Naur tmp-old/configure.in tmp-new/configure.in
+--- configure.in	2008-06-08 08:06:38.000000000 +0000
++++ configure.in	2008-06-08 08:15:29.000000000 +0000
+@@ -104,6 +104,8 @@
+ 
+ KRB_PTHREADS
+ 
++PKG_CHECK_MODULES([sqlite], [sqlite3])
++
+ AC_ARG_ENABLE(dce, 
+ 	AS_HELP_STRING([--enable-dce],[if you want support for DCE/DFS PAG's]))
+ if test "$enable_dce" = yes; then
+diff -Naur tmp-old/lib/Makefile.am tmp-new/lib/Makefile.am
+--- lib/Makefile.am	2008-06-07 16:53:11.000000000 +0000
++++ lib/Makefile.am	2008-06-07 16:55:58.000000000 +0000
+@@ -18,6 +18,6 @@
+ dir_hcrypto = hcrypto
+ endif
+ 
+-SUBDIRS = roken vers editline $(dir_com_err) sl wind asn1 sqlite \
++SUBDIRS = roken vers editline $(dir_com_err) sl wind asn1 \
+ 	$(dir_hcrypto) hx509 krb5 ntlm kafs gssapi hdb kadm5 \
+ 	auth $(dir_45) $(dir_otp) $(dir_dce)
+diff -Naur tmp-old/lib/krb5/Makefile.am tmp-new/lib/krb5/Makefile.am
+--- lib/krb5/Makefile.am	2008-06-07 16:54:02.000000000 +0000
++++ lib/krb5/Makefile.am	2008-06-08 08:17:00.000000000 +0000
+@@ -2,7 +2,7 @@
+ 
+ include $(top_srcdir)/Makefile.am.common
+ 
+-AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err -I$(srcdir)/../com_err -I$(srcdir)/../sqlite
++AM_CPPFLAGS += $(INCLUDE_krb4) $(INCLUDE_hcrypto) -I../com_err -I$(srcdir)/../com_err $(sqlite_CFLAGS)
+ 
+ bin_PROGRAMS = verify_krb5_conf
+ 
+@@ -53,7 +53,7 @@
+ 
+ libkrb5_la_LIBADD = \
+ 	$(LIB_pkinit) \
+-	../sqlite/libsqlite.la \
++	$(sqlite_LIBS) \
+ 	$(LIB_com_err) \
+ 	$(LIB_hcrypto) \
+ 	$(top_builddir)/lib/asn1/libasn1.la \
+diff -Naur tmp-old/lib/krb5/scache.c tmp-new/lib/krb5/scache.c
+--- lib/krb5/scache.c	2008-06-07 16:54:30.000000000 +0000
++++ lib/krb5/scache.c	2008-06-07 17:01:43.000000000 +0000
+@@ -32,7 +32,7 @@
+  */
+ 
+ #include "krb5_locl.h"
+-#include "sqlite3.h"
++#include <sqlite3.h>
+ 
+ RCSID("$Id: heimdal-system_sqlite.patch,v 1.1 2008/06/11 07:27:47 mueli Exp $");
+ 
diff --git a/main/htop/APKBUILD b/main/htop/APKBUILD
new file mode 100644
index 0000000000..94f92a79ab
--- /dev/null
+++ b/main/htop/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer:Carlo Landmeter
+pkgname=htop
+pkgver=0.8.1
+pkgrel=1
+pkgdesc="An interactive process viewer for Linux"
+url="http://htop.sourceforge.net"
+license='GPL'
+depends='ncurses-terminfo'
+makedepends="ncurses-dev"
+source="http://surfnet.dl.sourceforge.net/sourceforge/htop/$pkgname-$pkgver.tar.gz"
+
+subpackages="$pkgname-doc"
+
+build() {
+	cd $startdir/src/$pkgname-$pkgver
+	./configure --prefix=/usr --mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums='f0b259ca29175656de48bf0fa0a2e619  htop-0.8.1.tar.gz'
diff --git a/main/hunspell/APKBUILD b/main/hunspell/APKBUILD
new file mode 100644
index 0000000000..6883855aee
--- /dev/null
+++ b/main/hunspell/APKBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=hunspell
+pkgver=1.2.8
+pkgrel=0
+pkgdesc="Spell checker and morphological analyzer library and program"
+url="http://hunspell.sourceforge.net/"
+license="GPL LGPL MPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="libgcc uclibc++"
+makedepends="uclibc++-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build ()
+{
+	cd "$srcdir/hunspell-$pkgver"
+	export CXX="${CXX_UC:-g++-uc}"
+
+	./configure --prefix=/usr --disable-static || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	rm -rf "$pkgdir"/usr/share/locale/locale.alias
+}
+md5sums="1177af54a09e320d2c24015f29c3a93e  hunspell-1.2.8.tar.gz"
diff --git a/main/hylafax/APKBUILD b/main/hylafax/APKBUILD
new file mode 100644
index 0000000000..42450d4678
--- /dev/null
+++ b/main/hylafax/APKBUILD
@@ -0,0 +1,82 @@
+# Contributor: Cameron Banta <cbanta@gmail.com>
+# Maintainer: Cameron Banta <cbanta@gmail.com>
+pkgname=hylafax
+pkgver=4.4.4
+pkgrel=0
+pkgdesc="Sends and receives faxes"
+url="http://www.hylafax.org/"
+license="custom"
+#depends on gcc for libgcc_s.so, it's scripts are hardcoded to bash
+depends="ghostscript bash"
+makedepends="zlib-dev tiff-dev uclibc++-dev"
+install="hylafax.post-install"
+subpackages="$pkgname-doc"
+source="ftp://ftp.hylafax.org/source/$pkgname-$pkgver.tar.gz
+	$install
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	
+	# Patch configure c++ problem
+	sed -i -e 's:"iostream.h":<iostream>\n using namespace std;:g' \
+		configure
+
+	# the configure script does not handle ccache or distcc
+	export CC=gcc
+	./configure --nointeractive --disable-pam \
+		--with-CXX=/usr/bin/g++-uc \
+		--with-DIR_BIN=/usr/bin \
+		--with-DIR_SBIN=/usr/sbin \
+		--with-DIR_LIB=/usr/lib \
+		--with-DIR_LIBEXEC=/usr/sbin \
+		--with-DIR_LIBDATA=/var/spool/"$pkgname"/lib \
+		--with-DIR_LOCKS=/var/lock \
+		--with-DIR_MAN=/usr/share/man \
+		--with-DIR_SPOOL=/var/spool/"$pkgname" \
+		--with-DIR_HTML=/usr/share/doc/"$pkgname"/html \
+		--with-PATH_IMPRIP="" \
+		--with-SYSVINIT=no \
+		--with-REGEX=yes \
+		--with-LIBTIFF="-ltiff -lz" \
+		--with-DSO=auto \
+		--with-PATH_EGETTY=/bin/false \
+		--with-PATH_VGETTY=/bin/false \
+		|| return 1
+	make -j1 || return 1
+
+	# this makefile has issues installing, it doesn't use the standard 
+	#   install - but the following seems to work
+	mkdir -p "${pkgdir}"/usr/bin "${pkgdir}"/usr/sbin 
+	mkdir -p "${pkgdir}"/usr/lib/"$pkgname" "${pkgdir}"/usr/share/man 
+	mkdir -p "${pkgdir}"/var/spool/"$pkgname"
+	mkdir -p "${pkgdir}"/var/spool/"$pkgname"/lib
+	touch "${pkgdir}"/var/spool/"$pkgname"/lib/pagesizes
+	chown uucp:uucp "${pkgdir}"/var/spool/"$pkgname"
+	chmod 0600 "${pkgdir}"/var/spool/"$pkgname"
+
+	make \
+		BIN="${pkgdir}/usr/bin" \
+		SBIN="${pkgdir}/usr/sbin" \
+		LIBDIR="${pkgdir}/usr/lib" \
+		LIB="${pkgdir}/usr/lib" \
+		LIBEXEC="${pkgdir}/usr/sbin" \
+		LIBDATA="${pkgdir}/var/spool/$pkgname"/lib \
+		MAN="${pkgdir}/usr/share/man" \
+		SPOOL="${pkgdir}/var/spool/$pkgname" \
+		HTMLDIR="${pkgdir}/usr/share/doc/$pkgname/html" \
+		install || return 1
+
+
+	install -m644 -D "$srcdir/$pkgname-$pkgver/COPYRIGHT" \
+		"$pkgdir"/usr/share/licenses/$pkgname/COPYRIGHT
+	install -m644 -D "$srcdir/$pkgname-$pkgver/README" \
+		"$pkgdir"/usr/share/doc/$pkgname/README
+	
+
+	# init.d script is created by faxsetup 
+	#   - which the user runs after install
+}
+
+md5sums="4beb3d438ca6c4f00f1d94f9643e6668  hylafax-4.4.4.tar.gz
+a3553e6fc4de30e80759abe5c663c85b  hylafax.post-install"
diff --git a/main/hylafax/hylafax.confd b/main/hylafax/hylafax.confd
new file mode 100644
index 0000000000..e82610fe0b
--- /dev/null
+++ b/main/hylafax/hylafax.confd
@@ -0,0 +1,29 @@
+# Spool directory for HylaFAX
+spooldir="/var/spool/hylafax"
+
+# Faxq program path
+faxq="/usr/sbin/faxq"
+
+# hfaxd program path
+hfaxd="/usr/sbin/hfaxd"
+
+# faxgetty program path
+faxgetty="/usr/sbin/faxgetty"
+
+# Port of the hfaxd daemon for new protocol
+faxport=hylafax
+
+# Address used by hfaxd as binding address.
+faxbind="127.0.0.1"
+
+# Port of the hfaxd daemon for SNPP protocol
+snppport=444
+
+# Port of the hfaxd daemon for old protocol
+oldprotoport=4557
+
+# newproto | oldproto | snpp | any
+mode="newproto"
+
+# Directory where the pidfiles of HylaFAX are saved.
+piddir="/var/run"
diff --git a/main/hylafax/hylafax.init b/main/hylafax/hylafax.init
new file mode 100644
index 0000000000..b368338a8c
--- /dev/null
+++ b/main/hylafax/hylafax.init
@@ -0,0 +1,176 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Author Geaaru
+# Distributed under the terms of the GNU General Public License v2
+
+opts="zap"
+
+depend() {
+	use lo
+}
+
+checkconfig() {
+	ebegin "Check hylafax server configuration..."
+
+	if [ x$spooldir == x ] ; then
+		eerror "No spooldir directory defined"
+		return 1
+	else
+		SPOOL=$spooldir
+		einfo "Use spool directory $SPOOL"
+	fi
+
+	if [ x$mode == x ] ; then
+		eerror "No mode defined"
+		return 1
+	fi
+
+	if [ ! -f $SPOOL/etc/setup.cache ] ; then
+		eerror "No $SPOOL/etc/setup.cache file founded. Use faxsetup command"
+		return 1
+	fi
+
+	if [[ x$hfaxd == x || ! -f $hfaxd ]] ; then
+		eerror "No hfaxd daemon founded"
+		return 1
+	fi
+
+	if [[ x$faxq == x || ! -f $faxq ]] ; then
+		eerror "No faxq program founded"
+		return 1
+	fi
+
+	if [[ x$faxgetty == x || ! -f $faxgetty ]] ; then
+		eerror "No faxgetty program founded"
+		return 1
+	fi
+
+	if [ x$faxbind == x ] ; then
+		eerror "No binding address supply"
+		return 1
+	fi
+
+	if [ x$piddir == x ] ; then
+		PIDDIR=$SPOOL
+	else
+		PIDDIR=$piddir
+	fi
+
+
+	hfaxd_args="-l $faxbind -q $SPOOL"
+
+	case $mode in
+		newproto)
+			if [[ x$faxport == x ]] ; then
+				eerror "No faxport defined"
+				return 1
+			fi
+			hfaxd_args="$hfaxd_args -i $faxport"
+			;;
+		oldproto)
+			if [[ x$oldprotoport == x ]] ; then
+				eerror "No oldprotoport defined"
+				return 1
+			fi
+			hfaxd_args="$hfaxd_args -o $oldprotoport"
+			;;
+		snpp)
+			if [[ x$snppport == x ]] ; then
+				eerror "No snppport defined"
+				return 1
+			fi
+			hfaxd_args="$hfaxd_args -s $snppport"
+			;;
+		any)
+			if [[ x$faxport == x || x$snppport == x || x$oldprotoport == x ]] ; then
+				eerror "No port data founded for old services"
+				return 1
+			fi
+			hfaxd_args="$hfaxd_args -i $faxport -s $snppport -o $oldprotoport"
+			;;
+		*)
+			eerror "Invalid mode"
+			return 1
+			;;
+
+	esac
+
+	faxq_args="-q $SPOOL"
+
+	# workaround for manage save of pidfile with start-stop-daemon
+	hfaxd_args="$hfaxd_args -d"
+	faxq_args="$faxq_args -D"
+		
+	return 0
+}
+
+start() {
+	local result
+
+	checkconfig || return 1
+
+	ebegin "Starting HylaFAX server daemons"
+
+	start_faxq
+	result=$?
+
+	if [ $result -ne 0 ]  ; then
+		eerror "Error on start $faxq daemon"
+		return 1
+	fi
+
+	start_hfaxd
+	result=$?
+
+	eend $result
+}
+
+start_hfaxd() {
+	local arguments="--start \
+			 --make-pidfile --pidfile $PIDDIR/hfaxd.pid"
+	
+	einfo "Starting $hfaxd with args $hfaxd_args"
+
+	start-stop-daemon -b ${arguments} --exec $hfaxd -- $hfaxd_args > /dev/null 2>&1
+
+	return $?;
+}
+
+start_faxq() {
+	local arguments="--start \
+			 --make-pidfile --pidfile $PIDDIR/faxq.pid"
+	einfo "Starting $faxq ... "
+
+	start-stop-daemon -b ${arguments} --exec $faxq -- $faxq_args > /dev/null 2>&1
+	
+	return $?
+}
+
+stop() {
+	checkconfig || return 1
+
+	ebegin "Stopping HylaFAX server daemons"
+	
+	start-stop-daemon --stop --quiet --pidfile $PIDDIR/hfaxd.pid
+	start-stop-daemon --stop --quiet --pidfile $PIDDIR/faxq.pid
+	eend $?
+}
+
+zap() {
+	checkconfig || return 1
+
+	ebegin "Zap HylaFAX server daemon files"
+
+	if [ -f $PIDFILE/hfaxd.pid ] ; then
+		rm -f $PIDFILE/hfaxd.pid
+	fi
+
+	if [ -f $PIDFILE/faxq.pid ] ; then
+		rm -f $PIDFILE/faxq.pid
+	fi
+}
+
+restart() {
+	stop
+	start
+}
diff --git a/main/hylafax/hylafax.post-install b/main/hylafax/hylafax.post-install
new file mode 100644
index 0000000000..839f96f543
--- /dev/null
+++ b/main/hylafax/hylafax.post-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+echo " *"
+echo " * Please run faxsetup to configure hylafax"
+echo " *"
diff --git a/main/hypermail/APKBUILD b/main/hypermail/APKBUILD
new file mode 100644
index 0000000000..6e4f412374
--- /dev/null
+++ b/main/hypermail/APKBUILD
@@ -0,0 +1,36 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=hypermail
+pkgver=2.2.0
+pkgrel=0
+pkgdesc="Mail Archiver"
+url="http://www.hypermail-project.org"
+license="GPL"
+depends="uclibc pcre lua"
+makedepends="pcre-dev bison"
+install=
+subpackages=""
+source="http://www.hypermail-project.org/$pkgname-$pkgver.tar.gz
+	mdir2mbox.lua"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-httpddir=/var/www \
+		--with-cgidir=/var/www/cgi-bin
+	make || return 1
+	#does not understand DESTDIR so going to install ourselves
+	#make DESTDIR="$pkgdir" install
+	
+	install -m755 -D archive/rdmsg "$pkgdir"/usr/bin/rdmsg
+	install -m755 -D archive/msg2archive "$pkgdir"/usr/bin/msgarchive
+	install -m755 -D src/hypermail "$pkgdir"/usr/bin/hypermail
+	install -m755 -D "$srcdir"/mdir2mbox.lua "$pkgdir"/usr/bin/mdir2mbox.lua
+
+}
+
+md5sums="a064e36780ee41409c8c973f9c69927f  hypermail-2.2.0.tar.gz
+079b00d4ea667a0efd6fd370b1a4d5d8  mdir2mbox.lua"
diff --git a/main/hypermail/mdir2mbox.lua b/main/hypermail/mdir2mbox.lua
new file mode 100644
index 0000000000..dd883e02db
--- /dev/null
+++ b/main/hypermail/mdir2mbox.lua
@@ -0,0 +1,96 @@
+#!/usr/bin/lua
+-- This script takes a mlmmj archive "maildir format" directory and
+-- writes out an mbox formatted file to stdout
+-- Copyright (c) 2009 N. Angelacos under the  GPL 2 License
+
+require "posix"
+
+-- command line parser, or exit 
+check_command_line = function () 
+	local source_dir = arg[1]
+	local source_time = arg[2]
+	
+	if (source_dir == nil ) then
+		io.stderr:write("mdir2mbox  source_dir [hours]\n" ..
+			"Writes an mbox formatted file to stdout from the files in source_dir\n" ..
+			"If [hours] is given, then only files newer then [hours] are processed\n")
+		os.exit(-1)
+	end
+
+	if (posix.stat(source_dir, "type") ~= "directory") then
+		io.stderr:write(source_dir .. " is not a directory\n")
+		os.exit(-1)
+	end
+
+	return source_dir, source_time
+end
+
+-- Get candidates 
+get_candidates = function (source, hours)
+	local all = posix.dir(source)
+	local candidates = {}
+	local timestamp = 0
+
+	if (hours) then
+		timestamp = os.time() - hours * 3600
+	end
+
+	for k,v in ipairs(all) do
+		local st = posix.stat(source .. "/" .. v)
+		if (st) and (st.type == "regular") and (st.mtime > timestamp) then
+			table.insert(candidates,source .. "/" .. v)
+		end
+	end
+	
+	return candidates
+end
+
+file_to_mbox = function (path)
+	local fh = io.open(path)
+	if (fh == nil) then 
+		return 
+	end
+	local headers = ""
+	local l = ""
+	-- get headers
+	repeat
+		headers = headers .. l
+		l = (fh:read("*l") or "" ) .. "\n"
+	until (#l == 1)
+
+	local from = string.match("\n" .. headers, "\nFrom: ([^\n]*)")
+	if from == nil then
+		from = string.match("\n" .. headers, "\nReply-To: ([^\n]*)")
+	end
+	if from == nil then
+		from = "<nobody@nowhere.com>"
+	end
+	from = string.match(from, "<([^>]*)>") or string.match(from, "([^ ]*)")
+
+
+	local date = string.match("\n" .. headers, "\nDate: ([^\n]*)")
+	if date == nil then
+		date = os.date ("%c", posix.stat(path, "mtime"))
+	end
+	local weekday,day,month,year,time,offset = string.match(date, "([^,]*), +(%d+) (%a+) (%d+) ([%d:]*) ([%d]*)")
+
+	print ("From " .. from .. " " .. string.format("%s %s %s %s %s", weekday, month, day, time, year, offset ))
+	print (headers)
+	
+	-- get rest of message
+	repeat
+		local foo  = fh:read("*l")
+		if foo then 
+			print(foo)
+		end
+	until (foo == nil)
+	
+fh:close()
+end
+
+candidates =  get_candidates(check_command_line ())
+
+for k,v in ipairs(candidates) do
+	file_to_mbox(v)
+end
+print ("")
diff --git a/main/iaxmodem/APKBUILD b/main/iaxmodem/APKBUILD
new file mode 100644
index 0000000000..f1f2b21c3a
--- /dev/null
+++ b/main/iaxmodem/APKBUILD
@@ -0,0 +1,54 @@
+# Contributor: Cameron Banta <cbanta@gmail.com>
+# Maintainer: Cameron Banta <cbanta@gmail.com>
+pkgname=iaxmodem
+pkgver=1.2.0
+pkgrel=1
+pkgdesc="Softmodem for hylafax that connects to VOIP gateway with IAX"
+url="http://iaxmodem.sourceforge.net/"
+license="GPL"
+depends="uclibc tiff"
+makedepends="tiff-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	nocxx.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	# purge usless C++ check
+	patch lib/libiax2/configure < ../nocxx.patch || return 1
+
+	./configure
+	make || return 1
+	install -m755 -s -D "$srcdir/$pkgname-$pkgver/iaxmodem" \
+		"$pkgdir/usr/sbin/iaxmodem"
+	mkdir -p "$pkgdir/etc/iaxmodem"
+	mkdir -p "$pkgdir/var/log/iaxmodem"
+
+	#library licenses
+	install -m644 -D "$srcdir/$pkgname-$pkgver/lib/libiax2/COPYING" \
+		"$pkgdir"/usr/share/licenses/$pkgname/libiax2.COPYING
+	install -m644 -D "$srcdir/$pkgname-$pkgver/lib/libiax2/COPYING.LIB" \
+		"$pkgdir"/usr/share/licenses/$pkgname/libiax2.COPYING.LIB
+	
+	install -m644 -D "$srcdir/$pkgname-$pkgver/lib/spandsp/COPYING" \
+		"$pkgdir"/usr/share/licenses/$pkgname/libspandsp.COPYING
+
+	#docs
+	install -m644 -D "$srcdir/$pkgname-$pkgver/README" \
+		"$pkgdir/usr/share/doc/$pkgname/README"
+	install -m644 -D "$srcdir/$pkgname-$pkgver/FAQ" \
+		"$pkgdir/usr/share/doc/$pkgname/FAQ"
+
+	install -m644 -D "$srcdir/$pkgname-$pkgver/iaxmodem-cfg.ttyIAX" \
+		"$pkgdir/usr/share/doc/$pkgname/iaxmodem-cfg.ttyIAX"
+	install -m644 -D "$srcdir/$pkgname-$pkgver/iaxmodem.init.debian" \
+		"$pkgdir/usr/share/doc/$pkgname/iaxmodem.init.debian"
+	install -m644 -D "$srcdir/$pkgname-$pkgver/config.ttyIAX" \
+		"$pkgdir/usr/share/doc/$pkgname/config.ttyIAX"
+
+}
+
+md5sums="f8b26cfeed188e5c1dcbc5ae5ef923b3  iaxmodem-1.2.0.tar.gz
+28513788ba4d556ccd538867dc6205ab  nocxx.patch"
diff --git a/main/iaxmodem/iaxmodem.confd b/main/iaxmodem/iaxmodem.confd
new file mode 100644
index 0000000000..082a920e0b
--- /dev/null
+++ b/main/iaxmodem/iaxmodem.confd
@@ -0,0 +1,7 @@
+# Configfile for /etc/init.d/iaxmodem
+
+# Set the priority of the iaxmodem process
+# Value: (highest) -20..19 (lowest)
+#
+#IAXMODEM_NICE="-5"
+
diff --git a/main/iaxmodem/iaxmodem.initd b/main/iaxmodem/iaxmodem.initd
new file mode 100644
index 0000000000..d6f2c947ac
--- /dev/null
+++ b/main/iaxmodem/iaxmodem.initd
@@ -0,0 +1,43 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-misc/iaxmodem/files/iaxmodem.initd,v 1.1 2008/10/14 23:53:39 sbriesen Exp $
+
+description="IAXmodem"
+description_reload="Reread configuration file and make the appropriate changes"
+extra_started_commands="reload"
+command="/usr/sbin/iaxmodem"
+pidfile="/var/run/iaxmodem.pid"
+name="iaxmodem"
+
+depend() {
+	use asterisk
+	need net
+}
+
+start() {
+	ebegin "Starting ${description}"
+	start-stop-daemon --start --quiet --pidfile "${pidfile}" \
+		--env TMPDIR="/tmp" --nice ${IAXMODEM_NICE:-0} --exec "${command}"
+	eend ${?}
+}
+
+stop() {
+	local childs=""
+	ebegin "Stopping ${description}"
+	# start-stop-daemon doesn't kill childs reliable, so we
+	# use a combination of pgrep + start-stop-daemon + kill
+	[ -s "${pidfile}" ] && childs=$(pgrep -P $(cat "${pidfile}"))
+	start-stop-daemon --stop --quiet --pidfile "${pidfile}" --retry TERM/10/KILL/5
+	if eend ${?}; then
+		# if there're still childs running, kill them!
+		[ -n "${childs}" ] && kill -KILL ${childs} 2>/dev/null
+		return 0 
+	fi
+}
+
+reload() {
+	ebegin "Reloading ${description} configuration"
+	start-stop-daemon --stop --signal HUP --pidfile "${pidfile}"
+	eend ${?}
+}
diff --git a/main/iaxmodem/nocxx.patch b/main/iaxmodem/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/iaxmodem/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/icu/APKBUILD b/main/icu/APKBUILD
new file mode 100644
index 0000000000..c2150b3ec8
--- /dev/null
+++ b/main/icu/APKBUILD
@@ -0,0 +1,27 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=icu
+pkgver=4.2.1
+_ver=4_2_1
+pkgrel=0
+pkgdesc="International Components for Unicode library"
+url="http://www.icu-project.org/"
+license="custom:icu"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=""
+makedepends="uclibc++-dev"
+source="http://download.icu-project.org/files/icu4c/${pkgver}/${pkgname}4c-$_ver-src.tgz"
+
+build () 
+{ 
+	cd "$srcdir"/icu/source
+	export CXX=g++-uc
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install || return 1
+	chmod +x "$pkgdir"/usr/bin/icu-config
+	install -Dm644 "$srcdir"/icu/license.html \
+		"$pkgdir"/usr/share/licenses/icu/license.html
+}
+md5sums="e3738abd0d3ce1870dc1fd1f22bba5b1  icu4c-4_2_1-src.tgz"
diff --git a/main/imagemagick/APKBUILD b/main/imagemagick/APKBUILD
new file mode 100644
index 0000000000..183b1e82cc
--- /dev/null
+++ b/main/imagemagick/APKBUILD
@@ -0,0 +1,35 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=imagemagick
+pkgver=6.5.3.10
+_pkgver=6.5.3-10
+pkgrel=0
+pkgdesc="A collection of tools and libraries for many image formats"
+url="http://www.imagemagick.org/"
+license="GPL"
+depends=
+makedepends="zlib-dev libpng-dev jpeg-dev freetype-dev perl-dev"
+subpackages="$pkgname-doc $pkgname-dev"
+source="ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-$_pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/ImageMagick-${_pkgver}"
+	
+	# fix doc dir, Gentoo bug 91911
+	sed -i -e \
+		's:DOCUMENTATION_PATH="${DATA_DIR}/doc/${DOCUMENTATION_RELATIVE_PATH}":DOCUMENTATION_PATH="/usr/share/doc/imagemagick":g' \
+		configure || die
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--without-threads \
+		--without-x \
+		--with-modules
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+}
+
+md5sums="d33621ea195792aeeec79900e7d1e395  ImageMagick-6.5.3-10.tar.gz"
diff --git a/main/installkernel/APKBUILD b/main/installkernel/APKBUILD
new file mode 100644
index 0000000000..76690b904a
--- /dev/null
+++ b/main/installkernel/APKBUILD
@@ -0,0 +1,17 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=installkernel
+pkgver=3.1.3
+pkgrel=0
+pkgdesc="Kernel install script from debianutils"
+url="http://packages.qa.debian.org/d/debianutils.html"
+license="BSD GPL-2 SMAIL"
+subpackages="$pkgname-doc"
+depends=""
+source="http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir"/debianutils-$pkgver
+	install -Dm755 installkernel "$pkgdir"/sbin/installkernel
+	install -Dm644 installkernel.8 "$pkgdir"/usr/share/man/man8/installkernel.8
+}
+md5sums="42c759ff41851313bb0b9c419598c04c  debianutils_3.1.3.tar.gz"
diff --git a/main/iproute2-qos/APKBUILD b/main/iproute2-qos/APKBUILD
new file mode 100644
index 0000000000..902ff0c1ae
--- /dev/null
+++ b/main/iproute2-qos/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Ilya Strelkin <iilluzion@gmail.com>
+# Maintainer: Ilya Strelkin <iilluzion@gmail.com>
+pkgname=iproute2-qos
+pkgver=0.1
+pkgrel=0
+pkgdesc="Scripts to set up quality of service with iproute2"
+url="http://git.alpinelinux.org/cgit/aports"
+license="GPL"
+depends="iproute2"
+makedepends=""
+source="qos.initd qos.confd setup-qos"
+
+build() {
+	install -m755 -D "$srcdir"/setup-qos "$pkgdir"/usr/sbin/setup-qos
+	install -m755 -D "$srcdir"/qos.initd "$pkgdir"/etc/init.d/qos
+	install -m644 -D "$srcdir"/qos.confd "$pkgdir"/etc/conf.d/qos
+}
+
+md5sums="024b3e5b6f6cca09a729ce265898a0c7  qos.initd
+d4cc8ff1e36312cbe816c1540c4f2d92  qos.confd
+785aff5d4284c47038a009797c576e34  setup-qos"
diff --git a/main/iproute2-qos/qos.confd b/main/iproute2-qos/qos.confd
new file mode 100644
index 0000000000..60d4093726
--- /dev/null
+++ b/main/iproute2-qos/qos.confd
@@ -0,0 +1,314 @@
+###########################################################################################################
+#
+# Traffic Control configuration
+#
+# Copyright (c) 2009 iilluzion
+#
+# Distributed under GPL-2
+#
+###########################################################################################################
+##### MAIN CONFIGURATION PARAMETERS
+####
+###	uplink and downlink rates should be set very precisely
+##	RATE_SUB_PERCENT should be set to allow the Router to control a queue
+#
+###########################################################################################################
+# Specify the upload speed of your internet connection (kbit, mbit).
+# 	Since ISPs tend to overestimate the speeds they offer, it would
+#	 probably be best if you measure this on a free line.
+#
+### UPLINK_RATE=128kbit
+### UPLINK_RATE=256kbit
+UPLINK_RATE=512kbit
+
+
+###########################################################################################################
+# Specify the download speed of your internet connection (kbit, mbit).
+#
+### DOWNLINK_RATE=256kbit
+### DOWNLINK_RATE=512kbit
+DOWNLINK_RATE=1024kbit
+
+
+###########################################################################################################
+# In order to prevent traffic queuing at the ISP side or in your modem,
+# we shape to a slightly lower rate. This way the bottleneck is the router,
+# not the ISP or modem, which allows us more direct control of shaping.
+#
+### RATE_SUB_PERCENT=20
+### RATE_SUB_PERCENT=15
+RATE_SUB_PERCENT=10
+
+
+###########################################################################################################
+# Specify the local network speed (kbit, mbit)
+#
+LAN_RATE=9mbit
+
+
+###########################################################################################################
+##### ADVANCED CONFIGURATION PARAMETERS
+####
+###
+##
+#
+###########################################################################################################
+# Helper Functions
+#
+# Convert rate to bites per second format (bits)
+bits()
+{
+	RATE=0
+	R_RATE=$1
+	R_NUMBER=`echo "$R_RATE" | sed -e "s/[^0-9]//g"`
+	R_UNIT=`echo "$R_RATE" | sed -e "s/[0-9]//g"`
+
+	if [ "$R_UNIT" == "" ]; then
+		R_UNIT="kbit"
+	fi
+
+	if [ "$R_UNIT" == "kbps" ]; then   R_RATE=$(($R_NUMBER * 1024 * 8))
+	elif [ "$R_UNIT" == "mbps" ]; then R_RATE=$(($R_NUMBER * 1024 * 1024 * 8))
+	elif [ "$R_UNIT" == "mbit" ]; then R_RATE=$(($R_NUMBER * 1024 * 1024))
+	elif [ "$R_UNIT" == "kbit" ]; then R_RATE=$(($R_NUMBER * 1024))
+	elif [ "$R_UNIT" == "bps" ]; then  R_RATE=$(($R_NUMBER * 8))
+	else
+		echo "Unknown unit '$R_UNIT' (mbps, mbit, kbit, bps)"
+	fi
+
+	echo "$R_RATE"
+}
+
+###########################################################################################################
+# Define supported Queuing Disciplines
+#
+QDISCS="prio|tbf|htb|hfsc|sfq|red|pfifo"
+
+
+###########################################################################################################
+# Traffic Control parameters will be calculated depending on link directions
+#
+DIRECTION=$1
+
+
+###########################################################################################################
+# Specify the network devices that are connected to the internet.
+# If you are a dialup or PPPoE user, you have to re-run the QoS script
+# every time you connect.
+#
+### WAN_DEVICES="ppp0"
+WAN_DEVICES="$(ip route show 0.0.0.0/0 | grep dev | sed 's/.*dev //' | awk '{print $1}')"
+	WAN_DEVICES="$WAN_DEVICES $(ip addr | grep gre | egrep -v "gre0" | awk '/^[0-9]/ { gsub(":", ""i, $2); print $2}' |  cut -f 1 -d'@')"
+
+
+###########################################################################################################
+# Specify the network devices which are connected with your local network segments.
+#
+### LAN_DEVICES="eth1"
+LAN_DEVICES=`awk -F: 'NR > 2 { print $1 }' /proc/net/dev | egrep -v "lo|gre0|$(echo $WAN_DEVICES | sed s/" "/"|"/g)"`
+
+
+###########################################################################################################
+# Calculaton of WAN up/down link rates
+#
+DIRECTION=${DIRECTION:-ALL}
+	if [ $DIRECTION = "ALL" ]; then
+		DEVICES="$WAN_DEVICES $LAN_DEVICES"
+	fi
+
+	if [ $DIRECTION = "UP" ]; then 
+		WAN_RATE=`bits $UPLINK_RATE`
+		DEVICES=$WAN_DEVICES
+	fi
+
+	if [ $DIRECTION = "DOWN" ]; then 
+		WAN_RATE=`bits $DOWNLINK_RATE`
+		DEVICES=$LAN_DEVICES
+	fi
+
+		WAN_SUB_RATE=$((WAN_RATE - (RATE_SUB_PERCENT * WAN_RATE / 100)))
+			INTERACTIVE_RATE=$((WAN_SUB_RATE / 5))
+			PRIVILEGED_RATE=$((WAN_SUB_RATE / 2))
+			BESTEFFORT_RATE=$((WAN_SUB_RATE / 3))
+
+		OUT_OF_WAN_RATE=`bits $LAN_RATE`
+			OUT_OF_WAN_RATE=$((OUT_OF_WAN_RATE - WAN_RATE))
+
+
+###########################################################################################################
+# Specify root Queuing Disciplines
+#
+# Recommendations:
+#	htb:    if link is not congested or you want to control busrts of traffic; recommended for downstream.
+#	hfsc:   if link is congested and you need to control guarantees of delay; recommended for upstream.
+#			dmax = 50-100 [ms] = 50000-100000 [microsec]
+#			umax = MIN (rate * (dmax / 1000), 1500) [b]
+#	prio:   if rate is variable and you want to be sure that interactive traffic has ultimate priority
+#	none:   if no egress shaping is desired 
+#		(in this case you may want to setup only ingress policing)
+#
+DOWNLINK_QDISC=htb
+### DOWNLINK_QDISC=hfsc  
+### DOWNLINK_QDISC=prio
+### DOWNLINK_QDISC=none
+#
+UPLINK_QDISC=hfsc
+### UPLINK_QDISC=htb
+### UPLINK_QDISC=prio
+### UPLINK_QDISC=none
+
+
+###########################################################################################################
+# Calculation of Queuing Discipline parameters
+#
+INTERACTIVE_PRIO_LATENCY=50000
+INTERACTIVE_PRIO_BURST=$((INTERACTIVE_RATE / 100 / 8))
+#
+INTERACTIVE_HFSC_DMAX=50000
+INTERACTIVE_HFSC_UMAX=$((INTERACTIVE_RATE * INTERACTIVE_HFSC_DMAX / 1000 / 1000))
+	[ $INTERACTIVE_HFSC_UMAX -gt 1500 ] && INTERACTIVE_HFSC_UMAX=1500
+#
+PRIVILEGED_HFSC_DMAX=100000
+PRIVILEGED_HFSC_UMAX=$((PRIVILEGED_RATE * PRIVILEGED_HFSC_DMAX / 1000 / 1000))
+	 [ $PRIVILEGED_HFSC_UMAX -gt 1500 ] && PRIVILEGED_HFSC_UMAX=1500
+
+
+###########################################################################################################
+# Specify INGRESS policing
+#
+# Recommendations:
+#	none:   if link is not congested 
+#	police: if link is constantly congested
+#
+### DOWNLINK_INGRESS=police
+DOWNLINK_INGRESS=none
+### UPLINK_INGRESS=police
+UPLINK_INGRESS=none
+
+
+###########################################################################################################
+# Calculation of policing bursts
+#	burst = rate / 17 (taken basing on experemental results)
+#
+POLICE_BURST_SCALE=17 
+	INTERACTIVE_POLICE_BURST=$((INTERACTIVE_RATE / POLICE_BURST_SCALE))
+	PRIVILEGED_POLICE_BURST=$((PRIVILEGED_RATE / POLICE_BURST_SCALE))
+	BESTEFFORT_POLICE_BURST=$((BESTEFFORT_RATE / POLICE_BURST_SCALE))
+
+
+###########################################################################################################
+# Specify leaf Queuing Disciplines
+# Recommendations:
+#	"pfifo limit 5":	Interactive, Priviledged (real-time streams, IPSEC)
+#	"sfq perturb 10":	Best-Effort (TCP sessions or best-effort class traffic)
+#	"red <parameters>":		Best-Effort (hightly congested links or high-speed Internet [> 10Mbit/sec])
+#					Random Early Detect (RED) parameters calculation:
+#  						min         = maximum delay * rate (dalay ~ 200ms = 0.2sec) [b]
+# 						max         = 3 * min [b]
+#						avpkt       = 1000 (MTU 1500)
+#						limit       = 8 * max [b]
+#						burst       = (min + min + max)/(3 * avpkt) [b]
+#						probability = 0.02
+INTERACTIVE_LEAF_QDISC="pfifo limit 5"
+PRIVILEGED_LEAF_QDISC="pfifo limit 5"
+### BESTEFFORT_LEAF_QDISC="sfq perturb 10"
+#
+RED_DELAY=200
+RED_MIN=$((RED_DELAY * BESTEFFORT_RATE / 1000 / 8)) # devided on 8 since rate given in bit/s so we get bytes
+RED_MAX=$((3 * RED_MIN))
+RED_AVPKT=1000
+RED_PROB=0.02
+RED_BURST=$(((RED_MIN + RED_MIN + RED_MAX) / (3 * RED_AVPKT)))
+RED_LIMIT=$((8 * RED_MAX))
+#
+	BESTEFFORT_LEAF_QDISC="red min $RED_MIN max $RED_MAX burst $RED_BURST limit $RED_LIMIT probability $RED_PROB avpkt $RED_AVPKT"
+#
+LAN_LEAF_QDISC="sfq perturb 10"
+
+
+###########################################################################################################
+# Specify filter rules (see tc, tc-filters man page). 
+#	You may have multiple <CLASS-NAME>_FILTER_<n> items.
+# 	Maximum 100 filter items are allowed for each class
+#
+# Interactive Class Traffic Filters
+#
+# UDP
+#
+INTERACTIVE_FILTER_1="protocol ip prio 100 u32 match ip protocol 0x11 0xff"
+#
+# ICMP
+#
+INTERACTIVE_FILTER_2="protocol ip prio 100 u32 match ip protocol 0x1 0xff"
+#
+# ACK with payload < 64 bytes (32-bit version)
+#
+INTERACTIVE_FILTER_3="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff at 33"
+#
+# ACK with payload < 64 bytes
+#
+INTERACTIVE_FILTER_4="protocol ip prio 100 u32 match ip protocol 6 0xff match u8 0x10 0xff at nexthdr+13 match u16 0x0000 0xffc0 at 2"
+#
+# TOS: 0x10, 0x18, 0xb8(ef)
+#
+INTERACTIVE_FILTER_5="protocol ip prio 100 u32 match ip tos 0x10 0xff"
+INTERACTIVE_FILTER_6="protocol ip prio 100 u32 match ip tos 0x18 0xff"
+INTERACTIVE_FILTER_7="protocol ip prio 100 u32 match ip tos 0xb8 0xff"
+
+
+###########################################################################################################
+# Priviledged Class Traffic Filters
+#
+# SSH
+#
+PRIVILEGED_FILTER_1="protocol ip prio 100 u32 match ip dport 22 0xffff"
+PRIVILEGED_FILTER_2="protocol ip prio 100 u32 match ip sport 22 0xffff"
+#
+# Remote Desktop
+#
+PRIVILEGED_FILTER_3="protocol ip prio 100 u32 match ip dport 3389 0xffff"
+PRIVILEGED_FILTER_4="protocol ip prio 100 u32 match ip sport 3389 0xffff"
+#
+# ESP
+#
+PRIVILEGED_FILTER_5="protocol ip prio 100 u32 match ip protocol 0x32 0xff"
+#
+# AH
+#
+PRIVILEGED_FILTER_6="protocol ip prio 100 u32 match ip protocol 0x33 0xff"
+#
+# TOS: 0x88(af41)
+#
+PRIVILEGED_FILTER_7="protocol ip prio 100 u32 match ip tos 0x88 0xff"
+#
+# IPSEC-NAT
+#
+PRIVILEGED_FILTER_8="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip dport 4500 0xffff"
+PRIVILEGED_FILTER_9="protocol ip prio 90 u32 match ip protocol 0x11 0xff match ip sport 4500 0xffff"
+
+
+###########################################################################################################
+# Best-Effort Class Traffic Filters
+#	By default ALL unclassified traffic is being assined to Best-Effort class
+#	You may specify additional filters here
+#
+# Examples: Any traffic from/to 192.168.1.0/24 network will be unconditionally classified as best-effort
+#
+### BESTEFFORT_FILTER_1="protocol ip prio 3 u32 match ip src 192.168.1.0/24"
+### BESTEFFORT_FILTER_2="protocol ip prio 4 u32 match ip dst 192.168.1.0/24"
+#
+
+###########################################################################################################
+# LAN Class Traffic Filters
+#
+# Traffic Originated from router
+#
+# Example:
+###LAN_FILTER_1="protocol ip prio 10 u32 match ip src 192.168.1.10"
+
+#
+##
+###
+####
+##### END OF GENERIC ALPINE SETUP
+###########################################################################################################
diff --git a/main/iproute2-qos/qos.initd b/main/iproute2-qos/qos.initd
new file mode 100644
index 0000000000..b543748691
--- /dev/null
+++ b/main/iproute2-qos/qos.initd
@@ -0,0 +1,293 @@
+#!/sbin/runscript
+#
+###########################################################################################################
+# Traffic Control startup script
+#
+# Copyright (c) 2009 iilluzion
+#
+# Distributed under GPL-2
+###########################################################################################################
+
+PROGRAM=qos
+CONFIG=/etc/conf.d/qos
+DEBUG=0 #1
+
+opts="compile"
+
+depend() 
+{
+	need net
+}
+
+checkconfig() {
+	if [ ! -e $CONFIG ] ; then
+		eerror "You need to create $CONFIG first."
+	return 1
+	fi
+}
+
+usage()
+{
+	echo "usage: $PROGRAM [status|compile|start|stop|restart]"
+	echo "   status:  View statistics"
+	echo "   compile: Generate traffic control commands"
+	echo "   start:   Start traffic control"
+	echo "   stop:    Stop traffic control"
+	echo "   restart: Restart traffic control"
+}
+
+configure()
+{
+	source $CONFIG $1
+}
+
+reset()
+{
+	for DEV in $DEVICES; do
+		tc qdisc show dev $DEV | grep -v "pfifo_fast" | egrep -q "$QDISCS" && $ECHO tc qdisc del dev $DEV root
+		tc qdisc show dev $DEV | grep -v "pfifo_fast" | grep  -q ingress && $ECHO tc qdisc del dev $DEV ingress
+	done
+}
+
+set_leaf_qdisc()
+{
+	DEV=$1
+	PARENT_CLASSID=$2
+		PARENT_CLASSID=${PARENT_CLASSID:-1}
+
+	if [ ! "$QDISC_CMD" = "prio" ]; then 
+		$ECHO tc qdisc add dev $DEV parent $PARENT_CLASSID:40 handle 40 $INTERACTIVE_LEAF_QDISC
+	fi
+
+	$ECHO tc qdisc add dev $DEV parent $PARENT_CLASSID:50 handle 50 $PRIVILEGED_LEAF_QDISC
+	$ECHO tc qdisc add dev $DEV parent $PARENT_CLASSID:60 handle 60 $BESTEFFORT_LEAF_QDISC
+
+	if [ $DIRECTION = "DOWN" ]; then 
+		$ECHO tc qdisc add dev $DEV parent $PARENT_CLASSID:70 handle 70 $LAN_LEAF_QDISC
+	fi
+
+	$ECHO
+}
+
+set_filters()
+{
+	CLASS_TYPES="INTERACTIVE PRIVILEGED BESTEFFORT"
+		if [ $DIRECTION = "DOWN" ]; then
+			CLASS_TYPES=$CLASS_TYPES" LAN"
+		fi 
+
+		PRIVILEGED_FILTER_FLOWID=50
+		BESTEFFORT_FILTER_FLOWID=60
+		LAN_FILTER_FLOWID=70
+
+	for DEV in $DEVICES; do
+		for CLASS_TYPE in $CLASS_TYPES; do
+			if [ "$QDISC_CMD" = "prio" -a "$CLASS_TYPE" = "INTERACTIVE" ]; then
+				PARENT_CLASSID=1
+				INTERACTIVE_FILTER_FLOWID=1
+			else
+				PARENT_CLASSID=$1
+					PARENT_CLASSID=${PARENT_CLASSID:-1}
+				INTERACTIVE_FILTER_FLOWID=40
+			fi
+
+			for FILTER_NUM in `seq 1 100`; do
+				eval FILTER="\$$CLASS_TYPE"_FILTER_$FILTER_NUM
+					[ -z "$FILTER" ] && break
+				eval FILTER_FLOWID="\$$CLASS_TYPE"_FILTER_FLOWID
+					$ECHO tc filter add dev $DEV parent $PARENT_CLASSID:0 $FILTER flowid $PARENT_CLASSID:$FILTER_FLOWID
+			done
+		done
+
+		$ECHO
+	done
+}
+
+set_htb()
+{
+	for DEV in $DEVICES; do
+		$ECHO tc qdisc add dev $DEV root handle 1 htb default 60
+			$ECHO tc class add dev $DEV parent 1: classid 1:2 htb rate $LAN_RATE
+				$ECHO tc class add dev $DEV parent 1:2 classid 1:30 htb rate $WAN_SUB_RATE
+					$ECHO tc class add dev $DEV parent 1:30 classid 1:40 htb rate $INTERACTIVE_RATE prio 1
+					$ECHO tc class add dev $DEV parent 1:30 classid 1:50 htb rate $PRIVILEGED_RATE ceil $WAN_SUB_RATE prio 3
+		    			$ECHO tc class add dev $DEV parent 1:30 classid 1:60 htb rate $BESTEFFORT_RATE ceil $WAN_SUB_RATE prio 6
+
+				if [ $DIRECTION = "DOWN" ]; then 
+					$ECHO tc class add dev $DEV parent 1:2 classid 1:70 htb rate $OUT_OF_WAN_RATE prio 7
+				fi
+	
+		set_leaf_qdisc $DEV
+
+		$ECHO
+	done
+
+	set_filters
+}
+
+set_hfsc()
+{
+	for DEV in $DEVICES; do
+		$ECHO tc qdisc add dev $DEV root handle 1 hfsc default 60
+ 			$ECHO tc class add dev $DEV parent 1: classid 1:2 hfsc sc rate $LAN_RATE ul rate $LAN_RATE
+				$ECHO tc class add dev $DEV parent 1:2 classid 1:30 hfsc sc rate $WAN_SUB_RATE ul rate $WAN_SUB_RATE
+					$ECHO tc class add dev $DEV parent 1:30 classid 1:40 hfsc sc umax $INTERACTIVE_HFSC_UMAX dmax $INTERACTIVE_HFSC_DMAX rate $INTERACTIVE_RATE ul rate $INTERACTIVE_RATE
+					$ECHO tc class add dev $DEV parent 1:30 classid 1:50 hfsc sc umax $PRIVILEGED_HFSC_UMAX dmax $PRIVILEGED_HFSC_DMAX rate $PRIVILEGED_RATE ul rate $WAN_SUB_RATE
+					$ECHO tc class add dev $DEV parent 1:30 classid 1:60 hfsc sc rate $BESTEFFORT_RATE ul rate $WAN_SUB_RATE
+
+				if [ $DIRECTION = "DOWN" ]; then
+					$ECHO tc class add dev $DEV parent 1:2 classid 1:70 hfsc sc rate $OUT_OF_WAN_RATE ul rate $OUT_OF_WAN_RATE
+				fi
+
+		set_leaf_qdisc $DEV
+
+		$ECHO
+	done
+
+	set_filters
+}
+
+set_prio()
+{
+	PARENT_CLASSID=10
+	for DEV in $DEVICES; do
+		$ECHO tc qdisc add dev $DEV root handle 1 prio bands 2 priomap 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 # by default unclassified traffic goes to flowid 1:2
+			$ECHO tc qdisc add dev $DEV parent 1:1 handle 40: tbf rate $INTERACTIVE_RATE burst $INTERACTIVE_PRIO_BURST latency $INTERACTIVE_PRIO_LATENCY
+			$ECHO tc qdisc add dev $DEV parent 1:2 handle $PARENT_CLASSID: htb default 60
+				$ECHO tc class add dev $DEV parent $PARENT_CLASSID: classid $PARENT_CLASSID:30 htb rate $WAN_SUB_RATE
+					$ECHO tc class add dev $DEV parent $PARENT_CLASSID:30 classid $PARENT_CLASSID:50 htb rate $PRIVILEGED_RATE ceil $WAN_SUB_RATE prio 3
+					$ECHO tc class add dev $DEV parent $PARENT_CLASSID:30 classid $PARENT_CLASSID:60 htb rate $BESTEFFORT_RATE ceil $WAN_SUB_RATE prio 6
+
+				if [ $DIRECTION = "DOWN" ]; then
+					$ECHO tc class add dev $DEV parent 10:1 classid $PARENT_CLASSID:70 htb rate $OUT_OF_WAN_RATE prio 7
+					fi
+
+		set_leaf_qdisc $DEV $PARENT_CLASSID
+
+		$ECHO
+	done
+
+	set_filters $PARENT_CLASSID
+}
+
+set_police()
+{
+	CLASS_TYPES="INTERACTIVE PRIVILEGED"
+		INTERACTIVE_POLICE_FLOWID=1
+		PRIVILEGED_POLICE_FLOWID=2
+
+	for DEV in $DEVICES; do
+		$ECHO tc qdisc add dev $DEV handle ffff: ingress
+
+		for CLASS_TYPE in $CLASS_TYPES; do
+			for FILTER_NUM in `seq 1 100`; do
+				eval FILTER="\$$CLASS_TYPE"_FILTER_$FILTER_NUM
+					[ -z "$FILTER" ] && break
+				eval FILTER_FLOWID="\$$CLASS_TYPE"_POLICE_FLOWID
+				eval FILTER_RATE="\$$CLASS_TYPE"_RATE
+				eval FILTER_BURST="\$$CLASS_TYPE"_POLICE_BURST
+					$ECHO tc filter add dev $DEV parent ffff: $FILTER police rate $FILTER_RATE burst $FILTER_BURST continue flowid $FILTER_FLOWID:
+			done
+		done
+
+		$ECHO tc filter add dev $DEV parent ffff: protocol ip prio 999 u32 match ip src 0.0.0.0/0 police rate $BESTEFFORT_RATE burst $BESTEFFORT_POLICE_BURST drop flowid :3
+ 
+		$ECHO
+	done
+}
+
+get_stats()
+{
+	for DEV in $WAN_DEVICES $LAN_DEVICES; do
+		echo $DEV Statistics
+		echo
+		echo "   Classes:"
+		echo "--------------------------"
+			$ECHO tc -s class show dev $DEV
+
+		echo
+		echo "   Leaf Queuing Disciplines:"
+		echo "--------------------------"
+			$ECHO tc -s qdisc show dev $DEV
+
+		echo
+		echo "   EGRESS Filters:"
+		echo "--------------------------"
+			$ECHO tc -s filter show dev $DEV
+			$ECHO tc -s filter show dev $DEV parent 10: # if PRIO qdisc is applied
+		
+		echo
+		echo "   INGRESS Policing Filters:"
+		echo "--------------------------"
+			$ECHO tc -s filter show dev $DEV parent ffff:
+
+ 		echo
+		echo
+ 	done
+}
+
+compile()
+{
+	DEBUG=1
+	
+	start
+}
+
+start()
+{
+	checkconfig || return 1
+
+	if [ $DEBUG -gt 0 ]; then 
+		ECHO="echo"
+	else
+		ebegin "Starting QoS"
+	fi
+
+	for LINK_DIRECTION in UP DOWN; do
+		configure $LINK_DIRECTION
+			reset
+
+			eval QDISC_CMD="\$$LINK_DIRECTION"LINK_QDISC
+				if [ ! "$QDISC_CMD" = "none" ]; then
+					set_$QDISC_CMD
+				fi
+
+			eval INGRESS_CMD="\$$LINK_DIRECTION"LINK_INGRESS
+				if [ ! "$INGRESS_CMD" = "none" ]; then
+ 					set_$INGRESS_CMD
+				fi
+	done
+
+	if [ $DEBUG -eq 0 ]; then
+	 	eend $?
+	fi
+}
+
+stop()
+{
+	checkconfig || return 1
+
+	if [ $DEBUG -gt 0 ]; then
+		ECHO="echo"
+	else
+		ebegin "Stopping QoS"
+	fi
+
+	configure ALL
+	reset
+
+	if [ $DEBUG -eq 0 ]; then
+		eend $?
+	fi
+}
+
+restart()
+{
+	stop
+	start
+}
+
+status()
+{
+	get_stats
+}
diff --git a/main/iproute2-qos/setup-qos b/main/iproute2-qos/setup-qos
new file mode 100644
index 0000000000..5d5c601268
--- /dev/null
+++ b/main/iproute2-qos/setup-qos
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+PREFIX=
+. "$PREFIX/lib/libalpine.sh"
+
+conf="$ROOT/etc/conf.d/qos"
+
+cfgval() {
+	awk -F= "/^$1/ {print \$2}" $conf 2>/dev/null
+}
+
+setcfg() {
+	local key=$1
+	local value=$2
+	sed -i "s/^\\(\\#\\)*$key=.*/$key=$value/" "$conf"
+	if ! grep "^$key=" "$conf" >/dev/null ; then
+		echo "$key=$value" >> "$conf"
+	fi
+}
+
+apk_add iproute2
+
+if [ -f "$conf" ] ; then
+	_UPLINK_RATE=$(cfgval UPLINK_RATE)
+	_DOWNLINK_RATE=$(cfgval DOWNLINK_RATE)
+	_RATE_SUB_PERCENT=$(cfgval RATE_SUB_PERCENT)
+else
+	echo "Configuration file '$conf' not found"
+	exit 1
+fi
+
+echo "**********************************************************************"
+echo "Since ISPs tend to overestimate the speeds they offer, it would probably be best"
+echo " if you measure this on a free line to set values very precisely."
+echo "**********************************************************************"
+echo
+echon "Specify the upload speed of your internet connection (mbps, mbit, kbit, kbps, bps): [$_UPLINK_RATE] "
+	default_read _UPLINK_RATE $_UPLINK_RATE
+echo
+echon "Specify the download speed of your internet connection (mbps, mbit, kbit, kbps, bps): [$_DOWNLINK_RATE] "
+	default_read _DOWNLINK_RATE $_DOWNLINK_RATE
+echo
+echo "**********************************************************************"
+echo "In order to prevent traffic queuing at the ISP side or in your modem,"
+echo " you should set a slightly lower rate than real one."
+echo "This way the bottleneck is the router,"
+echo " not the ISP or modem, which allows to control the queue."
+echo "**********************************************************************"
+echo
+echon "Specify amount of percents: [$_RATE_SUB_PERCENT] "
+	default_read _RATE_SUB_PERCENT $_RATE_SUB_PERCENT
+
+echon "Start QoS? (y/n) [y] "
+	default_read startqos "y"
+		case "$startqos" in
+			[Yy]*) /etc/init.d/qos start;;
+		esac
+
+echon "Make QoS to be started on boot? (y/n) [y] "
+	default_read bootstartqos "y"
+		case "$bootstartqos" in
+			[Yy]*) rc_add qos;;
+		esac
+
+setcfg UPLINK_RATE $_UPLINK_RATE
+setcfg DOWNLINK_RATE $_DOWNLINK_RATE
+setcfg RATE_SUB_PERCENT $_RATE_SUB_PERCENT
diff --git a/main/iproute2/APKBUILD b/main/iproute2/APKBUILD
new file mode 100644
index 0000000000..821d304ef1
--- /dev/null
+++ b/main/iproute2/APKBUILD
@@ -0,0 +1,29 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=iproute2
+pkgver=2.6.29.1
+_realver=2.6.29-1
+pkgrel=0
+pkgdesc="IP Routing Utilities"
+url="http://www.linux-foundation.org/en/Net:Iproute2"
+license="GPL2"
+depends=
+install="$pkgname.post-install $pkgname.post-deinstall"
+makedepends="bison flex bash"
+subpackages="$pkgname-doc"
+source="http://devresources.linux-foundation.org/dev/iproute2/download/$pkgname-$_realver.tar.bz2
+	$install"
+
+build() {
+	cd "$srcdir"/$pkgname-$_realver
+
+	sed -i '/^TARGETS=/s: arpd : :' misc/Makefile
+	sed -i 's:/usr/local:/usr:' tc/m_ipt.c include/iptables.h || return 1
+	sed -i 's:=/share:=/usr/share:' Makefile || return 1
+
+	./configure || return 1
+	make CCOPTS="-D_GNU_SOURCE $CFLAGS" LIBDIR=/lib || return 1
+	make -j1 DESTDIR="$pkgdir" install
+}
+md5sums="c1bc258a6c345905e79935ac7a3cc582  iproute2-2.6.29-1.tar.bz2
+da1571ff1c0241c5c7f333a48d908927  iproute2.post-install
+ed8271a16ef48a769c50c3b529411018  iproute2.post-deinstall"
diff --git a/main/iproute2/iproute2.post-deinstall b/main/iproute2/iproute2.post-deinstall
new file mode 100644
index 0000000000..dd117e5d80
--- /dev/null
+++ b/main/iproute2/iproute2.post-deinstall
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+busybox --install -s
+
diff --git a/main/iproute2/iproute2.post-install b/main/iproute2/iproute2.post-install
new file mode 100644
index 0000000000..36d567ea21
--- /dev/null
+++ b/main/iproute2/iproute2.post-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+if [ "$(readlink /bin/ip)" = "/bin/busybox" ]; then
+	rm -f /bin/ip
+fi
+exit 0
diff --git a/main/ipsec-tools/00-verify-cert-leak.patch b/main/ipsec-tools/00-verify-cert-leak.patch
new file mode 100644
index 0000000000..9e67813359
--- /dev/null
+++ b/main/ipsec-tools/00-verify-cert-leak.patch
@@ -0,0 +1,11 @@
+--- a/src/racoon/crypto_openssl.c	20 Apr 2009 13:22:41 -0000	1.18
++++ b/src/racoon/crypto_openssl.c	29 Apr 2009 10:48:51 -0000
+@@ -510,7 +510,7 @@
+ 	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
+ #endif
+ 	error = X509_verify_cert(csc);
+-	X509_STORE_CTX_cleanup(csc);
++	X509_STORE_CTX_free(csc);
+ 
+ 	/*
+ 	 * if x509_verify_cert() is successful then the value of error is
diff --git a/main/ipsec-tools/20-natoa-fix.patch b/main/ipsec-tools/20-natoa-fix.patch
new file mode 100644
index 0000000000..91d7224e2a
--- /dev/null
+++ b/main/ipsec-tools/20-natoa-fix.patch
@@ -0,0 +1,33 @@
+Fix nat-oa parsing when rekeying.
+
+From: Timo Teras <timo.teras@iki.fi>
+
+
+---
+
+ src/racoon/handler.c |   11 +++++++++++
+ 1 files changed, 11 insertions(+), 0 deletions(-)
+
+
+diff --git a/src/racoon/handler.c b/src/racoon/handler.c
+index 6f91beb..960b5b3 100644
+--- a/src/racoon/handler.c
++++ b/src/racoon/handler.c
+@@ -736,6 +736,17 @@ initph2(iph2)
+ 		oakley_delivm(iph2->ivm);
+ 		iph2->ivm = NULL;
+ 	}
++
++#ifdef ENABLE_NATT
++	if (iph2->natoa_src) {
++		racoon_free(iph2->natoa_src);
++		iph2->natoa_src = NULL;
++	}
++	if (iph2->natoa_dst) {
++		racoon_free(iph2->natoa_dst);
++		iph2->natoa_dst = NULL;
++	}
++#endif
+ }
+ 
+ /*
diff --git a/main/ipsec-tools/30-natt-ports-cleanup.patch b/main/ipsec-tools/30-natt-ports-cleanup.patch
new file mode 100644
index 0000000000..19360347da
--- /dev/null
+++ b/main/ipsec-tools/30-natt-ports-cleanup.patch
@@ -0,0 +1,393 @@
+From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the
+
+From: Timo Teras <timo.teras@iki.fi>
+
+NAT-T port information.
+---
+
+ src/libipsec/libpfkey.h |   12 ++++++++
+ src/libipsec/pfkey.c    |   49 +++++++++++++++++++++++++++++++++
+ src/racoon/isakmp.c     |   11 +++++++
+ src/racoon/isakmp_inf.c |   37 +++++++++++++------------
+ src/racoon/pfkey.c      |   69 +++++++++++++++++++++++++++++++++--------------
+ src/racoon/pfkey.h      |    1 +
+ 6 files changed, 140 insertions(+), 39 deletions(-)
+
+
+diff --git a/src/libipsec/libpfkey.h b/src/libipsec/libpfkey.h
+index 8a503dd..c9b228b 100644
+--- a/src/libipsec/libpfkey.h
++++ b/src/libipsec/libpfkey.h
+@@ -117,6 +117,10 @@ u_int pfkey_set_softrate __P((u_int, u_int));
+ u_int pfkey_get_softrate __P((u_int));
+ int pfkey_send_getspi __P((int, u_int, u_int, struct sockaddr *,
+ 	struct sockaddr *, u_int32_t, u_int32_t, u_int32_t, u_int32_t));
++int pfkey_send_getspi_nat __P((int, u_int, u_int,
++	struct sockaddr *, struct sockaddr *, u_int8_t, u_int16_t, u_int16_t,
++	u_int32_t, u_int32_t, u_int32_t, u_int32_t));
++
+ int pfkey_send_update2 __P((struct pfkey_send_sa_args *));
+ int pfkey_send_add2 __P((struct pfkey_send_sa_args *)); 
+ int pfkey_send_delete __P((int, u_int, u_int,
+@@ -155,6 +159,14 @@ int pfkey_send_migrate __P((int, struct sockaddr *, struct sockaddr *,
+         caddr_t, int, u_int32_t));
+ #endif
+ 
++/* XXX should be somewhere else !!!
++ */
++#ifdef SADB_X_NAT_T_NEW_MAPPING
++#define PFKEY_ADDR_X_PORT(ext) (ntohs(((struct sadb_x_nat_t_port *)ext)->sadb_x_nat_t_port_port))
++#define PFKEY_ADDR_X_NATTYPE(ext) ( ext != NULL && ((struct sadb_x_nat_t_type *)ext)->sadb_x_nat_t_type_type )
++#endif
++
++
+ int pfkey_open __P((void));
+ void pfkey_close __P((int));
+ int pfkey_set_buffer_size __P((int, int));
+diff --git a/src/libipsec/pfkey.c b/src/libipsec/pfkey.c
+index 0a944c2..b39ffca 100644
+--- a/src/libipsec/pfkey.c
++++ b/src/libipsec/pfkey.c
+@@ -380,10 +380,12 @@ pfkey_get_softrate(type)
+  *	-1	: error occured, and set errno.
+  */
+ int
+-pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
++pfkey_send_getspi_nat(so, satype, mode, src, dst, natt_type, sport, dport, min, max, reqid, seq)
+ 	int so;
+ 	u_int satype, mode;
+ 	struct sockaddr *src, *dst;
++	u_int8_t natt_type;
++	u_int16_t sport, dport;
+ 	u_int32_t min, max, reqid, seq;
+ {
+ 	struct sadb_msg *newmsg;
+@@ -431,6 +433,14 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
+ 		len += sizeof(struct sadb_spirange);
+ 	}
+ 
++#ifdef SADB_X_EXT_NAT_T_TYPE
++	if(natt_type||sport||dport){
++		len += sizeof(struct sadb_x_nat_t_type);
++		len += sizeof(struct sadb_x_nat_t_port);
++		len += sizeof(struct sadb_x_nat_t_port);
++	}
++#endif
++
+ 	if ((newmsg = CALLOC((size_t)len, struct sadb_msg *)) == NULL) {
+ 		__ipsec_set_strerror(strerror(errno));
+ 		return -1;
+@@ -466,6 +476,32 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
+ 		return -1;
+ 	}
+ 
++#ifdef SADB_X_EXT_NAT_T_TYPE
++	/* Add nat-t messages */
++	if (natt_type) {
++		p = pfkey_set_natt_type(p, ep, SADB_X_EXT_NAT_T_TYPE, 
++					natt_type);
++		if (!p) {
++			free(newmsg);
++			return -1;
++		}
++
++		p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_SPORT,
++					sport);
++		if (!p) {
++			free(newmsg);
++			return -1;
++		}
++
++		p = pfkey_set_natt_port(p, ep, SADB_X_EXT_NAT_T_DPORT,
++					dport);
++		if (!p) {
++			free(newmsg);
++			return -1;
++		}
++	}
++#endif
++
+ 	/* proccessing spi range */
+ 	if (need_spirange) {
+ 		struct sadb_spirange spirange;
+@@ -501,6 +537,17 @@ pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
+ 	return len;
+ }
+ 
++int
++pfkey_send_getspi(so, satype, mode, src, dst, min, max, reqid, seq)
++	int so;
++	u_int satype, mode;
++	struct sockaddr *src, *dst;
++	u_int32_t min, max, reqid, seq;
++{
++	return pfkey_send_getspi_nat(so, satype, mode, src, dst, 0, 0, 0,
++		min, max, reqid, seq);
++}
++
+ /*
+  * sending SADB_UPDATE message to the kernel.
+  * The length of key material is a_keylen + e_keylen.
+diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
+index c8670f6..fe51653 100644
+--- a/src/racoon/isakmp.c
++++ b/src/racoon/isakmp.c
+@@ -3324,6 +3324,17 @@ purge_remote(iph1)
+ 		src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 		dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
++#ifdef SADB_X_NAT_T_NEW_MAPPING
++		if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
++			/* NAT-T is enabled for this SADB entry; copy
++			 * the ports from NAT-T extensions */
++			if(mhp[SADB_X_EXT_NAT_T_SPORT] != NULL)
++				set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
++			if(mhp[SADB_X_EXT_NAT_T_DPORT] != NULL)
++				set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
++		}
++#endif
++
+ 		if (sa->sadb_sa_state != SADB_SASTATE_LARVAL &&
+ 		    sa->sadb_sa_state != SADB_SASTATE_MATURE &&
+ 		    sa->sadb_sa_state != SADB_SASTATE_DYING) {
+diff --git a/src/racoon/isakmp_inf.c b/src/racoon/isakmp_inf.c
+index 1ada07f..a712825 100644
+--- a/src/racoon/isakmp_inf.c
++++ b/src/racoon/isakmp_inf.c
+@@ -1128,8 +1128,7 @@ purge_ipsec_spi(dst0, proto, spi, n)
+ 	size_t i;
+ 	caddr_t mhp[SADB_EXT_MAX + 1];
+ #ifdef ENABLE_NATT
+-	struct sadb_x_nat_t_type *natt_type;
+-	struct sadb_x_nat_t_port *natt_port;
++	int natt_port_forced;
+ #endif
+ 
+ 	plog(LLV_DEBUG2, LOCATION, NULL,
+@@ -1184,22 +1183,25 @@ purge_ipsec_spi(dst0, proto, spi, n)
+ 			continue;
+ 		}
+ #ifdef ENABLE_NATT
+-		natt_type = (void *)mhp[SADB_X_EXT_NAT_T_TYPE];
+-		if (natt_type && natt_type->sadb_x_nat_t_type_type) {
++		if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
+ 			/* NAT-T is enabled for this SADB entry; copy
+ 			 * the ports from NAT-T extensions */
+-			natt_port = (void *)mhp[SADB_X_EXT_NAT_T_SPORT];
+-			if (extract_port(src) == 0 && natt_port != NULL)
+-				set_port(src, ntohs(natt_port->sadb_x_nat_t_port_port));
+-
+-			natt_port = (void *)mhp[SADB_X_EXT_NAT_T_DPORT];
+-			if (extract_port(dst) == 0 && natt_port != NULL)
+-				set_port(dst, ntohs(natt_port->sadb_x_nat_t_port_port));
+-		}else{
+-			/* Force default UDP ports, so CMPSADDR will match SAs with NO encapsulation
+-			 */
++			if (extract_port(src) == 0 &&
++			    mhp[SADB_X_EXT_NAT_T_SPORT] != NULL) {
++				set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
++			}
++
++			if (extract_port(dst) == 0 &&
++			    mhp[SADB_X_EXT_NAT_T_DPORT] != NULL) {
++				set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
++			}
++			natt_port_forced = 0;
++		} else {
++			/* Force default UDP ports, so
++			 * CMPSADDR will match SAs with NO encapsulation */
+ 			set_port(src, PORT_ISAKMP);
+ 			set_port(dst, PORT_ISAKMP);
++			natt_port_forced = 1;
+ 		}
+ #endif
+ 		plog(LLV_DEBUG2, LOCATION, NULL, "src: %s\n", saddr2str(src));
+@@ -1215,10 +1217,9 @@ purge_ipsec_spi(dst0, proto, spi, n)
+ 		}
+ 
+ #ifdef ENABLE_NATT
+-		if (natt_type == NULL ||
+-			! natt_type->sadb_x_nat_t_type_type) {
+-			/* Set back port to 0 if it was forced to default UDP port
+-			 */
++		if (natt_port_forced) {
++			/* Set back port to 0 if it was forced
++			 * to default UDP port */
+ 			set_port(src, 0);
+ 			set_port(dst, 0);
+ 		}
+diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c
+index 610cc09..c210c5e 100644
+--- a/src/racoon/pfkey.c
++++ b/src/racoon/pfkey.c
+@@ -769,6 +769,28 @@ keylen_ealg(enctype, encklen)
+ 	return res;
+ }
+ 
++void
++pk_fixup_sa_addresses(mhp)
++	caddr_t *mhp;
++{
++	struct sockaddr *src, *dst;
++	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
++	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
++#ifdef ENABLE_NATT
++	if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
++		/* NAT-T is enabled for this SADB entry; copy
++		 * the ports from NAT-T extensions */
++		if(mhp[SADB_X_EXT_NAT_T_SPORT] != NULL)
++			set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
++		if(mhp[SADB_X_EXT_NAT_T_DPORT] != NULL)
++			set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
++	}
++#else
++	set_port(src, 0);
++	set_port(dst, 0);
++#endif
++}
++
+ int
+ pfkey_convertfromipsecdoi(proto_id, t_id, hashtype,
+ 		e_type, e_keylen, a_type, a_keylen, flags)
+@@ -866,6 +888,8 @@ pk_sendgetspi(iph2)
+ 	struct saprop *pp;
+ 	struct saproto *pr;
+ 	u_int32_t minspi, maxspi;
++	u_int8_t natt_type = 0;
++	u_int16_t sport = 0, dport = 0;
+ 
+ 	if (iph2->side == INITIATOR)
+ 		pp = iph2->proposal;
+@@ -919,19 +943,27 @@ pk_sendgetspi(iph2)
+ 		}
+ 
+ #ifdef ENABLE_NATT
+-		if (! pr->udp_encap) {
+-			/* Remove port information, that SA doesn't use it */
+-			set_port(iph2->src, 0);
+-			set_port(iph2->dst, 0);
++		if (pr->udp_encap) {
++			natt_type = iph2->ph1->natt_options->encaps_type;
++			sport=extract_port(src);
++			dport=extract_port(dst);
+ 		}
+ #endif
++		/* Always remove port information, it will be sent in
++		 * SADB_X_EXT_NAT_T_[S|D]PORT if needed */
++		set_port(src, 0);
++		set_port(dst, 0);
++
+ 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_getspi\n");
+-		if (pfkey_send_getspi(
++		if (pfkey_send_getspi_nat(
+ 				lcconf->sock_pfkey,
+ 				satype,
+ 				mode,
+ 				dst,			/* src of SA */
+ 				src,			/* dst of SA */
++				natt_type,
++				dport,
++				sport,
+ 				minspi, maxspi,
+ 				pr->reqid_in, iph2->seq) < 0) {
+ 			plog(LLV_ERROR, LOCATION, NULL,
+@@ -1157,13 +1189,13 @@ pk_sendupdate(iph2)
+ #ifdef SADB_X_EXT_NAT_T_FRAG
+ 			sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
+ #endif
+-		} else {
+-			/* Remove port information, that SA doesn't use it */
+-			set_port(sa_args.src, 0);
+-			set_port(sa_args.dst, 0);
+ 		}
+-
+ #endif
++		/* Always remove port information, it will be sent in
++		 * SADB_X_EXT_NAT_T_[S|D]PORT if needed */
++		set_port(sa_args.src, 0);
++		set_port(sa_args.dst, 0);
++
+ 		/* more info to fill in */
+ 		sa_args.spi = pr->spi;
+ 		sa_args.reqid = pr->reqid_in;
+@@ -1236,6 +1268,7 @@ pk_recvupdate(mhp)
+ 		return -1;
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
++	pk_fixup_sa_addresses(mhp);
+ 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
+@@ -1328,7 +1361,6 @@ pk_recvupdate(mhp)
+ 	/* Force the update of ph2's ports, as there is at least one
+ 	 * situation where they'll mismatch with ph1's values
+ 	 */
+-
+ #ifdef ENABLE_NATT
+ 	set_port(iph2->src, extract_port(iph2->ph1->local));
+ 	set_port(iph2->dst, extract_port(iph2->ph1->remote));
+@@ -1456,17 +1488,12 @@ pk_sendadd(iph2)
+ #ifdef SADB_X_EXT_NAT_T_FRAG
+ 			sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
+ #endif
+-		} else {
+-			/* Remove port information, that SA doesn't use it */
+-			set_port(sa_args.src, 0);
+-			set_port(sa_args.dst, 0);
+ 		}
+-
+-#else
+-		/* Remove port information, it is not used without NAT-T */
++#endif
++		/* Always remove port information, it will be sent in
++		 * SADB_X_EXT_NAT_T_[S|D]PORT if needed */
+ 		set_port(sa_args.src, 0);
+ 		set_port(sa_args.dst, 0);
+-#endif
+ 
+ 		/* more info to fill in */
+ 		sa_args.spi = pr->spi_p;
+@@ -1596,6 +1623,7 @@ pk_recvexpire(mhp)
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
+ 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
++	pk_fixup_sa_addresses(mhp);
+ 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
+@@ -1721,6 +1749,7 @@ pk_recvacquire(mhp)
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
+ 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
++	pk_fixup_sa_addresses(mhp);
+ 	sp_src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 	sp_dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
+@@ -1971,6 +2000,7 @@ pk_recvdelete(mhp)
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
+ 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
++	pk_fixup_sa_addresses(mhp);
+ 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
+@@ -2709,7 +2739,6 @@ pk_recvspddump(mhp)
+ 		return -1;
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
+-
+ 	saddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_SRC];
+ 	daddr = (struct sadb_address *)mhp[SADB_EXT_ADDRESS_DST];
+ 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
+diff --git a/src/racoon/pfkey.h b/src/racoon/pfkey.h
+index a3acd1c..f1b037d 100644
+--- a/src/racoon/pfkey.h
++++ b/src/racoon/pfkey.h
+@@ -52,6 +52,7 @@ extern struct pfkey_st *pfkey_getpst __P((caddr_t *, int, int));
+ extern int pk_checkalg __P((int, int, int));
+ 
+ struct ph2handle;
++extern void pk_fixup_sa_addresses __P((caddr_t *mhp));
+ extern int pk_sendgetspi __P((struct ph2handle *));
+ extern int pk_sendupdate __P((struct ph2handle *));
+ extern int pk_sendadd __P((struct ph2handle *));
diff --git a/main/ipsec-tools/40-cmpsaddr-cleanup.patch b/main/ipsec-tools/40-cmpsaddr-cleanup.patch
new file mode 100644
index 0000000000..c5e3e4b330
--- /dev/null
+++ b/main/ipsec-tools/40-cmpsaddr-cleanup.patch
@@ -0,0 +1,1403 @@
+Get rid of CMPSADDR hack in port comparisons. Trac #295.
+
+From: Timo Teras <timo.teras@iki.fi>
+
+
+---
+
+ src/racoon/admin.c        |   37 ++++---
+ src/racoon/grabmyaddr.c   |   22 ++--
+ src/racoon/handler.c      |   41 +++-----
+ src/racoon/handler.h      |    7 -
+ src/racoon/isakmp.c       |   90 ++++-------------
+ src/racoon/isakmp_cfg.c   |    9 --
+ src/racoon/isakmp_inf.c   |  111 ++++-----------------
+ src/racoon/isakmp_quick.c |   29 +++---
+ src/racoon/nattraversal.c |    8 +-
+ src/racoon/pfkey.c        |   52 +++-------
+ src/racoon/policy.c       |   22 ++--
+ src/racoon/remoteconf.c   |   30 +-----
+ src/racoon/remoteconf.h   |    3 -
+ src/racoon/sockmisc.c     |  234 +++------------------------------------------
+ src/racoon/sockmisc.h     |   15 +--
+ src/racoon/throttle.c     |    2 
+ 16 files changed, 170 insertions(+), 542 deletions(-)
+
+
+diff --git a/src/racoon/admin.c b/src/racoon/admin.c
+index 576e191..b67e545 100644
+--- a/src/racoon/admin.c
++++ b/src/racoon/admin.c
+@@ -167,6 +167,14 @@ end:
+ 	return error;
+ }
+ 
++static int admin_ph1_delete_sa(struct ph1handle *iph1, void *arg)
++{
++	if (iph1->status >= PHASE1ST_ESTABLISHED)
++		isakmp_info_send_d1(iph1);
++	purge_remote(iph1);
++	return 0;
++}
++
+ /*
+  * main child's process.
+  */
+@@ -257,7 +265,7 @@ admin_process(so2, combuf)
+ 			break;
+ 		}
+ 
+-		iph1 = getph1byaddrwop(src, dst);
++		iph1 = getph1byaddr(src, dst, 0);
+ 		if (iph1 == NULL) {
+ 			l_ac_errno = ENOENT;
+ 			break;
+@@ -292,30 +300,25 @@ admin_process(so2, combuf)
+ 
+ 	case ADMIN_DELETE_SA: {
+ 		struct ph1handle *iph1;
+-		struct sockaddr *dst;
+-		struct sockaddr *src;
++		struct ph1selector sel;
+ 		char *loc, *rem;
+ 
+-		src = (struct sockaddr *)
++		memset(&sel, 0, sizeof(sel));
++		sel.local = (struct sockaddr *)
+ 			&((struct admin_com_indexes *)
+ 			    ((caddr_t)com + sizeof(*com)))->src;
+-		dst = (struct sockaddr *)
++		sel.remote = (struct sockaddr *)
+ 			&((struct admin_com_indexes *)
+ 			    ((caddr_t)com + sizeof(*com)))->dst;
+ 
+-		loc = racoon_strdup(saddrwop2str(src));
+-		rem = racoon_strdup(saddrwop2str(dst));
++		loc = racoon_strdup(saddr2str(sel.local));
++		rem = racoon_strdup(saddr2str(sel.remote));
+ 		STRDUP_FATAL(loc);
+ 		STRDUP_FATAL(rem);
+ 
+-		if ((iph1 = getph1byaddrwop(src, dst)) == NULL) {
+-			plog(LLV_ERROR, LOCATION, NULL, 
+-			    "phase 1 for %s -> %s not found\n", loc, rem);
+-		} else {
+-			if (iph1->status >= PHASE1ST_ESTABLISHED)
+-				isakmp_info_send_d1(iph1);
+-			purge_remote(iph1);
+-		}
++		plog(LLV_INFO, LOCATION, NULL,
++		     "admin delete-sa %s %s\n", loc, rem);
++		enumph1(&sel, admin_ph1_delete_sa, NULL);
+ 
+ 		racoon_free(loc);
+ 		racoon_free(rem);
+@@ -360,7 +363,7 @@ admin_process(so2, combuf)
+ 		plog(LLV_INFO, LOCATION, NULL, 
+ 		    "Flushing all SAs for peer %s\n", rem);
+ 
+-		while ((iph1 = getph1bydstaddrwop(dst)) != NULL) {
++		while ((iph1 = getph1bydstaddr(dst)) != NULL) {
+ 			loc = racoon_strdup(saddrwop2str(iph1->local));
+ 			STRDUP_FATAL(loc);
+ 
+@@ -429,7 +432,7 @@ admin_process(so2, combuf)
+ 			l_ac_errno = -1;
+ 
+ 			/* connected already? */
+-			ph1 = getph1byaddrwop(src, dst);
++			ph1 = getph1byaddr(src, dst, 0);
+ 			if (ph1 != NULL) {
+ 				event_list = &ph1->evt_listeners;
+ 				if (ph1->status == PHASE1ST_ESTABLISHED)
+diff --git a/src/racoon/grabmyaddr.c b/src/racoon/grabmyaddr.c
+index f866dd5..cb1b638 100644
+--- a/src/racoon/grabmyaddr.c
++++ b/src/racoon/grabmyaddr.c
+@@ -100,7 +100,7 @@ myaddr_configured(addr)
+ 		return TRUE;
+ 
+ 	LIST_FOREACH(cfg, &configured, chain) {
+-		if (cmpsaddrstrict(addr, (struct sockaddr *) &cfg->addr) == 0)
++		if (cmpsaddr(addr, (struct sockaddr *) &cfg->addr) == 0)
+ 			return TRUE;
+ 	}
+ 
+@@ -116,7 +116,7 @@ myaddr_open(addr, udp_encap)
+ 
+ 	/* Already open? */
+ 	LIST_FOREACH(my, &opened, chain) {
+-		if (cmpsaddrstrict(addr, (struct sockaddr *) &my->addr) == 0)
++		if (cmpsaddr(addr, (struct sockaddr *) &my->addr) == 0)
+ 			return TRUE;
+ 	}
+ 
+@@ -156,7 +156,7 @@ myaddr_open_all_configured(addr)
+ 
+ 	LIST_FOREACH(cfg, &configured, chain) {
+ 		if (addr != NULL &&
+-		    cmpsaddrwop(addr, (struct sockaddr *) &cfg->addr) != 0)
++		    cmpsaddr(addr, (struct sockaddr *) &cfg->addr) != 0)
+ 			continue;
+ 		if (!myaddr_open((struct sockaddr *) &cfg->addr, cfg->udp_encap))
+ 			return FALSE;
+@@ -187,8 +187,8 @@ myaddr_close_all_open(addr)
+ 	for (my = LIST_FIRST(&opened); my; my = next) {
+ 		next = LIST_NEXT(my, chain);
+ 
+-		if (!cmpsaddrwop((struct sockaddr *) &addr,
+-				 (struct sockaddr *) &my->addr))
++		if (!cmpsaddr((struct sockaddr *) &addr,
++			      (struct sockaddr *) &my->addr))
+ 			myaddr_delete(my);
+ 	}
+ }
+@@ -261,7 +261,7 @@ myaddr_getfd(addr)
+ 	struct myaddr *my;
+ 
+ 	LIST_FOREACH(my, &opened, chain) {
+-		if (cmpsaddrstrict((struct sockaddr *) &my->addr, addr) == 0)
++		if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0)
+ 			return my->fd;
+ 	}
+ 
+@@ -273,19 +273,13 @@ myaddr_getsport(addr)
+ 	struct sockaddr *addr;
+ {
+ 	struct myaddr *my;
+-	int bestmatch_port = -1;
+ 
+ 	LIST_FOREACH(my, &opened, chain) {
+-		if (cmpsaddrstrict((struct sockaddr *) &my->addr, addr) == 0)
++		if (cmpsaddr((struct sockaddr *) &my->addr, addr) == 0)
+ 			return extract_port((struct sockaddr *) &my->addr);
+-		if (cmpsaddrwop((struct sockaddr *) &my->addr, addr) != 0)
+-			continue;
+-		if (bestmatch_port == -1 ||
+-		    extract_port((struct sockaddr *) &my->addr) == PORT_ISAKMP)
+-			bestmatch_port = extract_port((struct sockaddr *) &my->addr);
+ 	}
+ 
+-	return bestmatch_port;
++	return PORT_ISAKMP;
+ }
+ 
+ void
+diff --git a/src/racoon/handler.c b/src/racoon/handler.c
+index 960b5b3..b33986f 100644
+--- a/src/racoon/handler.c
++++ b/src/racoon/handler.c
+@@ -120,11 +120,11 @@ enumph1(sel, enum_func, enum_arg)
+ 	LIST_FOREACH(p, &ph1tree, chain) {
+ 		if (sel != NULL) {
+ 			if (sel->local != NULL &&
+-			    CMPSADDR(sel->local, p->local) != 0)
++			    cmpsaddr(sel->local, p->local) != 0)
+ 				continue;
+ 
+ 			if (sel->remote != NULL &&
+-			    CMPSADDR(sel->remote, p->remote) != 0)
++			    cmpsaddr(sel->remote, p->remote) != 0)
+ 				continue;
+ 		}
+ 
+@@ -201,17 +201,12 @@ getph1(rmconf, local, remote, flags)
+ 			     "status %d, skipping\n", p->status);
+ 			continue;
+ 		}
+-		if (flags & GETPH1_F_WITHOUT_PORTS) {
+-			if (local != NULL && cmpsaddrwop(local, p->local) != 0)
+-				continue;
+-			if (remote != NULL && cmpsaddrwop(remote, p->remote) != 0)
+-				continue;
+-		} else {
+-			if (local != NULL && CMPSADDR(local, p->local) != 0)
+-				continue;
+-			if (remote != NULL && CMPSADDR(remote, p->remote) != 0)
+-				continue;
+-		}
++
++		if (local != NULL && cmpsaddr(local, p->local) != 0)
++			continue;
++
++		if (remote != NULL && cmpsaddr(remote, p->remote) != 0)
++			continue;
+ 
+ 		plog(LLV_DEBUG2, LOCATION, NULL, "matched\n");
+ 		return p;
+@@ -287,8 +282,8 @@ void migrate_dying_ph12(iph1)
+ 		if (p->status < PHASE1ST_DYING)
+ 			continue;
+ 
+-		if (CMPSADDR(iph1->local, p->local) == 0
+-		 && CMPSADDR(iph1->remote, p->remote) == 0)
++		if (cmpsaddr(iph1->local, p->local) == 0
++		 && cmpsaddr(iph1->remote, p->remote) == 0)
+ 			migrate_ph12(p, iph1);
+ 	}
+ }
+@@ -518,11 +513,11 @@ enumph2(sel, enum_func, enum_arg)
+ 				continue;
+ 
+ 			if (sel->src != NULL &&
+-			    CMPSADDR(sel->src, p->src) != 0)
++			    cmpsaddr(sel->src, p->src) != 0)
+ 				continue;
+ 
+ 			if (sel->dst != NULL &&
+-			    CMPSADDR(sel->dst, p->dst) != 0)
++			    cmpsaddr(sel->dst, p->dst) != 0)
+ 				continue;
+ 		}
+ 
+@@ -586,8 +581,8 @@ getph2byid(src, dst, spid)
+ 
+ 	LIST_FOREACH(p, &ph2tree, chain) {
+ 		if (spid == p->spid &&
+-		    cmpsaddrwild(src, p->src) == 0 &&
+-		    cmpsaddrwild(dst, p->dst) == 0){
++		    cmpsaddr(src, p->src) == 0 &&
++		    cmpsaddr(dst, p->dst) == 0){
+ 			/* Sanity check to detect zombie handlers
+ 			 * XXX Sould be done "somewhere" more interesting,
+ 			 * because we have lots of getph2byxxxx(), but this one
+@@ -614,8 +609,8 @@ getph2bysaddr(src, dst)
+ 	struct ph2handle *p;
+ 
+ 	LIST_FOREACH(p, &ph2tree, chain) {
+-		if (cmpsaddrstrict(src, p->src) == 0 &&
+-		    cmpsaddrstrict(dst, p->dst) == 0)
++		if (cmpsaddr(src, p->src) == 0 &&
++		    cmpsaddr(dst, p->dst) == 0)
+ 			return p;
+ 	}
+ 
+@@ -918,7 +913,7 @@ getcontacted(remote)
+ 	struct contacted *p;
+ 
+ 	LIST_FOREACH(p, &ctdtree, chain) {
+-		if (cmpsaddrstrict(remote, p->remote) == 0)
++		if (cmpsaddr(remote, p->remote) == 0)
+ 			return p;
+ 	}
+ 
+@@ -997,7 +992,7 @@ check_recvdpkt(remote, local, rbuf)
+ 	/*
+ 	 * the packet was processed before, but the remote address mismatches.
+ 	 */
+-	if (cmpsaddrstrict(remote, r->remote) != 0)
++	if (cmpsaddr(remote, r->remote) != 0)
+ 		return 2;
+ 
+ 	/*
+diff --git a/src/racoon/handler.h b/src/racoon/handler.h
+index c31753d..8f19c88 100644
+--- a/src/racoon/handler.h
++++ b/src/racoon/handler.h
+@@ -467,7 +467,6 @@ extern int enumph1 __P((struct ph1selector *ph1sel,
+ 			void *enum_arg));
+ 
+ #define GETPH1_F_ESTABLISHED		0x0001
+-#define GETPH1_F_WITHOUT_PORTS		0x0002
+ 
+ extern struct ph1handle *getph1 __P((struct remoteconf *rmconf,
+ 				     struct sockaddr *local,
+@@ -476,10 +475,8 @@ extern struct ph1handle *getph1 __P((struct remoteconf *rmconf,
+ 
+ #define getph1byaddr(local, remote, est) \
+ 	getph1(NULL, local, remote, est ? GETPH1_F_ESTABLISHED : 0)
+-#define getph1byaddrwop(local, remote) \
+-	getph1(NULL, local, remote, GETPH1_F_WITHOUT_PORTS)
+-#define getph1bydstaddrwop(remote) \
+-	getph1(NULL, NULL, remote, GETPH1_F_WITHOUT_PORTS)
++#define getph1bydstaddr(remote) \
++	getph1(NULL, NULL, remote, 0)
+ 
+ #ifdef ENABLE_HYBRID
+ struct ph1handle *getph1bylogin __P((char *));
+diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
+index fe51653..0de16d1 100644
+--- a/src/racoon/isakmp.c
++++ b/src/racoon/isakmp.c
+@@ -475,8 +475,8 @@ isakmp_main(msg, remote, local)
+ 		/* Floating ports for NAT-T */
+ 		if (NATT_AVAILABLE(iph1) &&
+ 		    ! (iph1->natt_flags & NAT_PORTS_CHANGED) &&
+-		    ((cmpsaddrstrict(iph1->remote, remote) != 0) ||
+-		    (cmpsaddrstrict(iph1->local, local) != 0)))
++		    ((cmpsaddr(iph1->remote, remote) != 0) ||
++		     (cmpsaddr(iph1->local, local) != 0)))
+ 		{
+ 			/* prevent memory leak */
+ 			racoon_free(iph1->remote);
+@@ -517,7 +517,7 @@ isakmp_main(msg, remote, local)
+ #endif
+ 
+ 		/* must be same addresses in one stream of a phase at least. */
+-		if (cmpsaddrstrict(iph1->remote, remote) != 0) {
++		if (cmpsaddr(iph1->remote, remote) != 0) {
+ 			char *saddr_db, *saddr_act;
+ 
+ 			saddr_db = racoon_strdup(saddr2str(iph1->remote));
+@@ -643,7 +643,7 @@ isakmp_main(msg, remote, local)
+ 					"exchange received.\n");
+ 				return -1;
+ 			}
+-			if (cmpsaddrstrict(iph1->remote, remote) != 0) {
++			if (cmpsaddr(iph1->remote, remote) != 0) {
+ 				plog(LLV_WARNING, LOCATION, remote,
+ 					"remote address mismatched. "
+ 					"db=%s\n",
+@@ -1275,6 +1275,12 @@ isakmp_ph2begin_i(iph1, iph2)
+ 	}
+ #endif
+ 
++	/* fixup ph2 ports for this ph1 */
++	if (extract_port(iph2->src) == 0)
++		set_port(iph2->src, extract_port(iph1->local));
++	if (extract_port(iph2->dst) == 0)
++		set_port(iph2->dst, extract_port(iph1->remote));
++
+ 	/* found ISAKMP-SA. */
+ 	plog(LLV_DEBUG, LOCATION, NULL, "===\n");
+ 	plog(LLV_DEBUG, LOCATION, NULL, "begin QUICK mode.\n");
+@@ -1353,15 +1359,6 @@ isakmp_ph2begin_r(iph1, msg)
+ 		delph2(iph2);
+ 		return -1;
+ 	}
+-#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT))
+-	if (set_port(iph2->dst, 0) == NULL ||
+-	    set_port(iph2->src, 0) == NULL) {
+-		plog(LLV_ERROR, LOCATION, NULL,
+-		     "invalid family: %d\n", iph2->dst->sa_family);
+-		delph2(iph2);
+-		return -1;
+-	}
+-#endif
+ 
+ 	/* add new entry to isakmp status table */
+ 	insph2(iph2);
+@@ -2186,23 +2183,12 @@ isakmp_post_acquire(iph2)
+ 		return 0;
+ 	}
+ 
+-	/* 
+-	 * Search isakmp status table by address and port 
+-	 * If NAT-T is in use, consider null ports as a 
+-	 * wildcard and use IKE ports instead.
++	/*
++	 * XXX Searching by IP addresses + ports might fail on
++	 * some cases, we should use the ISAKMP identity to search
++	 * matching ISAKMP.
+ 	 */
+-#ifdef ENABLE_NATT
+-	if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
+-		if ((iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL) {
+-			set_port(iph2->src, extract_port(iph1->local));
+-			set_port(iph2->dst, extract_port(iph1->remote));
+-		}
+-	} else {
+-		iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+-	}
+-#else
+ 	iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+-#endif
+ 
+ 	/* no ISAKMP-SA found. */
+ 	if (iph1 == NULL) {
+@@ -2380,26 +2366,8 @@ isakmp_chkph1there(iph2)
+ 		return;
+ 	}
+ 
+-	/* 
+-	 * Search isakmp status table by address and port 
+-	 * If NAT-T is in use, consider null ports as a 
+-	 * wildcard and use IKE ports instead.
+-	 */
+-#ifdef ENABLE_NATT
+-	if (!extract_port(iph2->src) && !extract_port(iph2->dst)) {
+-		plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: extract_port.\n");
+-		if( (iph1 = getph1byaddrwop(iph2->src, iph2->dst)) != NULL){
+-			plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found a ph1 wop.\n");
+-		}
+-	} else {
+-		plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: searching byaddr.\n");
+-		iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+-		if(iph1 != NULL)
+-			plog(LLV_DEBUG2, LOCATION, NULL, "CHKPH1THERE: found byaddr.\n");
+-	}
+-#else
++	/* Search isakmp status table by address and port */
+ 	iph1 = getph1byaddr(iph2->src, iph2->dst, 0);
+-#endif
+ 
+ 	/* XXX Even if ph1 as responder is there, should we not start
+ 	 * phase 2 negotiation ? */
+@@ -3321,20 +3289,10 @@ purge_remote(iph1)
+ 			msg = next;
+ 			continue;
+ 		}
++		pk_fixup_sa_addresses(mhp);
+ 		src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 		dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
+-#ifdef SADB_X_NAT_T_NEW_MAPPING
+-		if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
+-			/* NAT-T is enabled for this SADB entry; copy
+-			 * the ports from NAT-T extensions */
+-			if(mhp[SADB_X_EXT_NAT_T_SPORT] != NULL)
+-				set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
+-			if(mhp[SADB_X_EXT_NAT_T_DPORT] != NULL)
+-				set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
+-		}
+-#endif
+-
+ 		if (sa->sadb_sa_state != SADB_SASTATE_LARVAL &&
+ 		    sa->sadb_sa_state != SADB_SASTATE_MATURE &&
+ 		    sa->sadb_sa_state != SADB_SASTATE_DYING) {
+@@ -3346,22 +3304,14 @@ purge_remote(iph1)
+ 		 * check in/outbound SAs.
+ 		 * Select only SAs where src == local and dst == remote (outgoing)
+ 		 * or src == remote and dst == local (incoming).
+-		 * XXX we sometime have src/dst ports set to 0 and want to match
+-		 * iph1->local/remote with ports set to 500. This is a bug, see trac:2
+ 		 */
+-#ifdef ENABLE_NATT
+-		if ((cmpsaddrmagic(iph1->local, src) || cmpsaddrmagic(iph1->remote, dst)) &&
+-			(cmpsaddrmagic(iph1->local, dst) || cmpsaddrmagic(iph1->remote, src))) {
+-			msg = next;
+-			continue;
+-		}
+-#else
+-		if ((CMPSADDR(iph1->local, src) || CMPSADDR(iph1->remote, dst)) &&
+-			(CMPSADDR(iph1->local, dst) || CMPSADDR(iph1->remote, src))) {
++		if ((cmpsaddr(iph1->local, src) ||
++		     cmpsaddr(iph1->remote, dst)) &&
++		    (cmpsaddr(iph1->local, dst) ||
++		     cmpsaddr(iph1->remote, src))) {
+ 			msg = next;
+ 			continue;
+ 		}
+-#endif
+ 
+ 		proto_id = pfkey2ipsecdoi_proto(msg->sadb_msg_satype);
+ 		iph2 = getph2bysaidx(src, dst, proto_id, sa->sadb_sa_spi);
+diff --git a/src/racoon/isakmp_cfg.c b/src/racoon/isakmp_cfg.c
+index 62916f8..df763f8 100644
+--- a/src/racoon/isakmp_cfg.c
++++ b/src/racoon/isakmp_cfg.c
+@@ -1151,15 +1151,6 @@ isakmp_cfg_send(iph1, payload, np, flags, new_exchange)
+ 		goto end;
+ 	}
+ 
+-#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT))
+-	if (set_port(iph2->dst, 0) == NULL ||
+-	    set_port(iph2->src, 0) == NULL) {
+-		plog(LLV_ERROR, LOCATION, NULL,
+-		     "invalid family: %d\n", iph1->remote->sa_family);
+-		delph2(iph2);
+-		goto end;
+-	}
+-#endif
+ 	iph2->side = INITIATOR;
+ 	iph2->status = PHASE2ST_START;
+ 
+diff --git a/src/racoon/isakmp_inf.c b/src/racoon/isakmp_inf.c
+index a712825..6fa3498 100644
+--- a/src/racoon/isakmp_inf.c
++++ b/src/racoon/isakmp_inf.c
+@@ -903,15 +903,6 @@ isakmp_info_send_common(iph1, payload, np, flags)
+ 		delph2(iph2);
+ 		goto end;
+ 	}
+-#if (!defined(ENABLE_NATT)) || (defined(BROKEN_NATT))
+-	if (set_port(iph2->dst, 0) == NULL ||
+-	    set_port(iph2->src, 0) == NULL) {
+-		plog(LLV_ERROR, LOCATION, NULL,
+-		     "invalid family: %d\n", iph1->remote->sa_family);
+-		delph2(iph2);
+-		goto end;
+-	}
+-#endif
+ 	iph2->side = INITIATOR;
+ 	iph2->status = PHASE2ST_START;
+ 	iph2->msgid = isakmp_newmsgid2(iph1);
+@@ -1127,9 +1118,6 @@ purge_ipsec_spi(dst0, proto, spi, n)
+ 	u_int64_t created;
+ 	size_t i;
+ 	caddr_t mhp[SADB_EXT_MAX + 1];
+-#ifdef ENABLE_NATT
+-	int natt_port_forced;
+-#endif
+ 
+ 	plog(LLV_DEBUG2, LOCATION, NULL,
+ 		 "purge_ipsec_spi:\n");
+@@ -1169,6 +1157,7 @@ purge_ipsec_spi(dst0, proto, spi, n)
+ 			msg = next;
+ 			continue;
+ 		}
++		pk_fixup_sa_addresses(mhp);
+ 		src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 		dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 		lt = (struct sadb_lifetime*)mhp[SADB_EXT_LIFETIME_HARD];
+@@ -1182,28 +1171,7 @@ purge_ipsec_spi(dst0, proto, spi, n)
+ 			msg = next;
+ 			continue;
+ 		}
+-#ifdef ENABLE_NATT
+-		if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
+-			/* NAT-T is enabled for this SADB entry; copy
+-			 * the ports from NAT-T extensions */
+-			if (extract_port(src) == 0 &&
+-			    mhp[SADB_X_EXT_NAT_T_SPORT] != NULL) {
+-				set_port(src, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_SPORT]));
+-			}
+ 
+-			if (extract_port(dst) == 0 &&
+-			    mhp[SADB_X_EXT_NAT_T_DPORT] != NULL) {
+-				set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
+-			}
+-			natt_port_forced = 0;
+-		} else {
+-			/* Force default UDP ports, so
+-			 * CMPSADDR will match SAs with NO encapsulation */
+-			set_port(src, PORT_ISAKMP);
+-			set_port(dst, PORT_ISAKMP);
+-			natt_port_forced = 1;
+-		}
+-#endif
+ 		plog(LLV_DEBUG2, LOCATION, NULL, "src: %s\n", saddr2str(src));
+ 		plog(LLV_DEBUG2, LOCATION, NULL, "dst: %s\n", saddr2str(dst));
+ 
+@@ -1211,19 +1179,11 @@ purge_ipsec_spi(dst0, proto, spi, n)
+ 
+ 		/* don't delete inbound SAs at the moment */
+ 		/* XXX should we remove SAs with opposite direction as well? */
+-		if (CMPSADDR(dst0, dst)) {
++		if (cmpsaddr(dst0, dst)) {
+ 			msg = next;
+ 			continue;
+ 		}
+ 
+-#ifdef ENABLE_NATT
+-		if (natt_port_forced) {
+-			/* Set back port to 0 if it was forced
+-			 * to default UDP port */
+-			set_port(src, 0);
+-			set_port(dst, 0);
+-		}
+-#endif
+ 		for (i = 0; i < n; i++) {
+ 			plog(LLV_DEBUG, LOCATION, NULL,
+ 				"check spi(packet)=%u spi(db)=%u.\n",
+@@ -1354,37 +1314,33 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
+ 	msg = (struct sadb_msg *)buf->v;
+ 	end = (struct sadb_msg *)(buf->v + buf->l);
+ 
+-	while (msg < end) {
++	for (; msg < end; msg = next) {
+ 		if ((msg->sadb_msg_len << 3) < sizeof(*msg))
+ 			break;
++
+ 		next = (struct sadb_msg *)((caddr_t)msg + (msg->sadb_msg_len << 3));
+-		if (msg->sadb_msg_type != SADB_DUMP) {
+-			msg = next;
++		if (msg->sadb_msg_type != SADB_DUMP)
+ 			continue;
+-		}
+ 
+ 		if (pfkey_align(msg, mhp) || pfkey_check(mhp)) {
+ 			plog(LLV_ERROR, LOCATION, NULL,
+ 				"pfkey_check (%s)\n", ipsec_strerror());
+-			msg = next;
+ 			continue;
+ 		}
+ 
+ 		if (mhp[SADB_EXT_SA] == NULL
+ 		 || mhp[SADB_EXT_ADDRESS_SRC] == NULL
+-		 || mhp[SADB_EXT_ADDRESS_DST] == NULL) {
+-			msg = next;
++		 || mhp[SADB_EXT_ADDRESS_DST] == NULL)
+ 			continue;
+-		}
++
+ 		sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
++		pk_fixup_sa_addresses(mhp);
+ 		src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 		dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
+ 		if (sa->sadb_sa_state != SADB_SASTATE_MATURE
+-		 && sa->sadb_sa_state != SADB_SASTATE_DYING) {
+-			msg = next;
++		 && sa->sadb_sa_state != SADB_SASTATE_DYING)
+ 			continue;
+-		}
+ 
+ 		/*
+ 		 * RFC2407 4.6.3.3 INITIAL-CONTACT is the message that
+@@ -1394,39 +1350,18 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
+ 		 * racoon only deletes SA which is matched both the
+ 		 * source address and the destination accress.
+ 		 */
+-#ifdef ENABLE_NATT
+-		/* 
+-		 * XXX RFC 3947 says that whe MUST NOT use IP+port to find old SAs
+-		 * from this peer !
+-		 */
+-		if(iph1->natt_flags & NAT_DETECTED){
+-			if (CMPSADDR(iph1->local, src) == 0 &&
+-				CMPSADDR(iph1->remote, dst) == 0)
+-				;
+-			else if (CMPSADDR(iph1->remote, src) == 0 &&
+-					 CMPSADDR(iph1->local, dst) == 0)
+-				;
+-			else {
+-				msg = next;
+-				continue;
+-			}
+-		} else
+-#endif
+-		/* If there is no NAT-T, we don't have to check addr + port...
+-		 * XXX what about a configuration with a remote peers which is not
+-		 * NATed, but which NATs some other peers ?
+-		 * Here, the INITIAl-CONTACT would also flush all those NATed peers !!
+-		 */
+-		if (cmpsaddrwop(iph1->local, src) == 0 &&
+-		    cmpsaddrwop(iph1->remote, dst) == 0)
+-			;
+-		else if (cmpsaddrwop(iph1->remote, src) == 0 &&
+-		    cmpsaddrwop(iph1->local, dst) == 0)
+-			;
+-		else {
+-			msg = next;
++
++		/*
++		 * Check that the IP and port match. But this is not optimal,
++		 * since NAT-T can make the peer have multiple different
++		 * ports. Correct thing to do is delete all entries with
++                 * same identity. -TT
++                 */
++		if ((cmpsaddr(iph1->local, src) != 0 ||
++		     cmpsaddr(iph1->remote, dst) != 0) &&
++		    (cmpsaddr(iph1->local, dst) != 0 ||
++		     cmpsaddr(iph1->remote, src) != 0))
+ 			continue;
+-		}
+ 
+ 		/*
+ 		 * Make sure this is an SATYPE that we manage.
+@@ -1438,10 +1373,8 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
+ 			    msg->sadb_msg_satype)
+ 				break;
+ 		}
+-		if (i == pfkey_nsatypes) {
+-			msg = next;
++		if (i == pfkey_nsatypes)
+ 			continue;
+-		}
+ 
+ 		plog(LLV_INFO, LOCATION, NULL,
+ 			"purging spi=%u.\n", ntohl(sa->sadb_sa_spi));
+@@ -1461,8 +1394,6 @@ isakmp_info_recv_initialcontact(iph1, protectedph2)
+ 			remph2(iph2);
+ 			delph2(iph2);
+ 		}
+-
+-		msg = next;
+ 	}
+ 
+ 	vfree(buf);
+diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
+index 804c1bf..46c84c1 100644
+--- a/src/racoon/isakmp_quick.c
++++ b/src/racoon/isakmp_quick.c
+@@ -610,17 +610,19 @@ quick_i2recv(iph2, msg0)
+ 			error = ISAKMP_NTYPE_ATTRIBUTES_NOT_SUPPORTED;
+ 			goto end;
+ 		}
++#ifdef ENABLE_NATT
++		set_port(iph2->natoa_src,
++			 extract_port((struct sockaddr *) &proposed_addr));
++#endif
+ 
+-		if (cmpsaddrstrict((struct sockaddr *) &proposed_addr,
+-				   (struct sockaddr *) &got_addr) == 0) {
++		if (cmpsaddr((struct sockaddr *) &proposed_addr,
++			     (struct sockaddr *) &got_addr) == 0) {
+ 			plog(LLV_DEBUG, LOCATION, NULL,
+ 				"IDci matches proposal.\n");
+ #ifdef ENABLE_NATT
+ 		} else if (iph2->natoa_src != NULL
+-			&& cmpsaddrwop(iph2->natoa_src,
+-				       (struct sockaddr *) &got_addr) == 0
+-			&& extract_port((struct sockaddr *) &proposed_addr) ==
+-			   extract_port((struct sockaddr *) &got_addr)) {
++			&& cmpsaddr(iph2->natoa_src,
++				    (struct sockaddr *) &got_addr) == 0) {
+ 			plog(LLV_DEBUG, LOCATION, NULL,
+ 				"IDci matches NAT-OAi.\n");
+ #endif
+@@ -656,16 +658,19 @@ quick_i2recv(iph2, msg0)
+ 			goto end;
+ 		}
+ 
+-		if (cmpsaddrstrict((struct sockaddr *) &proposed_addr,
+-				   (struct sockaddr *) &got_addr) == 0) {
++#ifdef ENABLE_NATT
++		set_port(iph2->natoa_dst,
++			 extract_port((struct sockaddr *) &proposed_addr));
++#endif
++
++		if (cmpsaddr((struct sockaddr *) &proposed_addr,
++			     (struct sockaddr *) &got_addr) == 0) {
+ 			plog(LLV_DEBUG, LOCATION, NULL,
+ 				"IDcr matches proposal.\n");
+ #ifdef ENABLE_NATT
+ 		} else if (iph2->natoa_dst != NULL
+-			&& cmpsaddrwop(iph2->natoa_dst,
+-				       (struct sockaddr *) &got_addr) == 0
+-			&& extract_port((struct sockaddr *) &proposed_addr) ==
+-			   extract_port((struct sockaddr *) &got_addr)) {
++			&& cmpsaddr(iph2->natoa_dst,
++				    (struct sockaddr *) &got_addr) == 0) {
+ 			plog(LLV_DEBUG, LOCATION, NULL,
+ 				"IDcr matches NAT-OAr.\n");
+ #endif
+diff --git a/src/racoon/nattraversal.c b/src/racoon/nattraversal.c
+index f23341a..92095de 100644
+--- a/src/racoon/nattraversal.c
++++ b/src/racoon/nattraversal.c
+@@ -379,8 +379,8 @@ natt_keepalive_add (struct sockaddr *src, struct sockaddr *dst)
+   struct natt_ka_addrs *ka = NULL, *new_addr;
+   
+   TAILQ_FOREACH (ka, &ka_tree, chain) {
+-    if (cmpsaddrstrict(ka->src, src) == 0 && 
+-	cmpsaddrstrict(ka->dst, dst) == 0) {
++    if (cmpsaddr(ka->src, src) == 0 &&
++	cmpsaddr(ka->dst, dst) == 0) {
+       ka->in_use++;
+       plog (LLV_INFO, LOCATION, NULL, "KA found: %s (in_use=%u)\n",
+ 	    saddr2str_fromto("%s->%s", src, dst), ka->in_use);
+@@ -443,8 +443,8 @@ natt_keepalive_remove (struct sockaddr *src, struct sockaddr *dst)
+     plog (LLV_DEBUG, LOCATION, NULL, "KA tree dump: %s (in_use=%u)\n",
+ 	  saddr2str_fromto("%s->%s", src, dst), ka->in_use);
+ 
+-    if (cmpsaddrstrict(ka->src, src) == 0 && 
+-	cmpsaddrstrict(ka->dst, dst) == 0 &&
++    if (cmpsaddr(ka->src, src) == 0 &&
++	cmpsaddr(ka->dst, dst) == 0 &&
+ 	-- ka->in_use <= 0) {
+ 
+       plog (LLV_DEBUG, LOCATION, NULL, "KA removing this one...\n");
+diff --git a/src/racoon/pfkey.c b/src/racoon/pfkey.c
+index c210c5e..3778ef2 100644
+--- a/src/racoon/pfkey.c
++++ b/src/racoon/pfkey.c
+@@ -774,8 +774,12 @@ pk_fixup_sa_addresses(mhp)
+ 	caddr_t *mhp;
+ {
+ 	struct sockaddr *src, *dst;
++
+ 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
++	set_port(src, PORT_ISAKMP);
++	set_port(dst, PORT_ISAKMP);
++
+ #ifdef ENABLE_NATT
+ 	if (PFKEY_ADDR_X_NATTYPE(mhp[SADB_X_EXT_NAT_T_TYPE])) {
+ 		/* NAT-T is enabled for this SADB entry; copy
+@@ -785,9 +789,6 @@ pk_fixup_sa_addresses(mhp)
+ 		if(mhp[SADB_X_EXT_NAT_T_DPORT] != NULL)
+ 			set_port(dst, PFKEY_ADDR_X_PORT(mhp[SADB_X_EXT_NAT_T_DPORT]));
+ 	}
+-#else
+-	set_port(src, 0);
+-	set_port(dst, 0);
+ #endif
+ }
+ 
+@@ -949,10 +950,6 @@ pk_sendgetspi(iph2)
+ 			dport=extract_port(dst);
+ 		}
+ #endif
+-		/* Always remove port information, it will be sent in
+-		 * SADB_X_EXT_NAT_T_[S|D]PORT if needed */
+-		set_port(src, 0);
+-		set_port(dst, 0);
+ 
+ 		plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_getspi\n");
+ 		if (pfkey_send_getspi_nat(
+@@ -1009,6 +1006,7 @@ pk_recvgetspi(mhp)
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
+ 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
++	pk_fixup_sa_addresses(mhp);
+ 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]); /* note SA dir */
+ 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
+@@ -1183,18 +1181,14 @@ pk_sendupdate(iph2)
+ #ifdef ENABLE_NATT
+ 		if (pr->udp_encap) {
+ 			sa_args.l_natt_type = iph2->ph1->natt_options->encaps_type;
+-			sa_args.l_natt_sport = extract_port (iph2->ph1->remote);
+-			sa_args.l_natt_dport = extract_port (iph2->ph1->local);
++			sa_args.l_natt_sport = extract_port(iph2->ph1->remote);
++			sa_args.l_natt_dport = extract_port(iph2->ph1->local);
+ 			sa_args.l_natt_oa = iph2->natoa_src;
+ #ifdef SADB_X_EXT_NAT_T_FRAG
+ 			sa_args.l_natt_frag = iph2->ph1->rmconf->esp_frag;
+ #endif
+ 		}
+ #endif
+-		/* Always remove port information, it will be sent in
+-		 * SADB_X_EXT_NAT_T_[S|D]PORT if needed */
+-		set_port(sa_args.src, 0);
+-		set_port(sa_args.dst, 0);
+ 
+ 		/* more info to fill in */
+ 		sa_args.spi = pr->spi;
+@@ -1358,14 +1352,6 @@ pk_recvupdate(mhp)
+ 	/* turn off schedule */
+ 	sched_cancel(&iph2->scr);
+ 
+-	/* Force the update of ph2's ports, as there is at least one
+-	 * situation where they'll mismatch with ph1's values
+-	 */
+-#ifdef ENABLE_NATT
+-	set_port(iph2->src, extract_port(iph2->ph1->local));
+-	set_port(iph2->dst, extract_port(iph2->ph1->remote));
+-#endif
+-
+ 	/*
+ 	 * since we are going to reuse the phase2 handler, we need to
+ 	 * remain it and refresh all the references between ph1 and ph2 to use.
+@@ -1418,7 +1404,7 @@ pk_sendadd(iph2)
+ 		racoon_free(sa_args.src);
+ 		racoon_free(sa_args.dst);
+ 		return -1;
+- 	}
++	}
+ 
+ 	for (pr = iph2->approval->head; pr != NULL; pr = pr->next) {
+ 		/* validity check */
+@@ -1490,11 +1476,6 @@ pk_sendadd(iph2)
+ #endif
+ 		}
+ #endif
+-		/* Always remove port information, it will be sent in
+-		 * SADB_X_EXT_NAT_T_[S|D]PORT if needed */
+-		set_port(sa_args.src, 0);
+-		set_port(sa_args.dst, 0);
+-
+ 		/* more info to fill in */
+ 		sa_args.spi = pr->spi_p;
+ 		sa_args.reqid = pr->reqid_out;
+@@ -1559,6 +1540,7 @@ pk_recvadd(mhp)
+ 		return -1;
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
++	pk_fixup_sa_addresses(mhp);
+ 	src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 	dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 	sa = (struct sadb_sa *)mhp[SADB_EXT_SA];
+@@ -1749,7 +1731,9 @@ pk_recvacquire(mhp)
+ 	}
+ 	msg = (struct sadb_msg *)mhp[0];
+ 	xpl = (struct sadb_x_policy *)mhp[SADB_X_EXT_POLICY];
+-	pk_fixup_sa_addresses(mhp);
++	/* acquire does not have nat-t ports; so do not bother setting
++	 * the default port 500; just use the port zero for wildcard
++	 * matching the get a valid natted destination */
+ 	sp_src = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_SRC]);
+ 	sp_dst = PFKEY_ADDR_SADDR(mhp[SADB_EXT_ADDRESS_DST]);
+ 
+@@ -2884,8 +2868,8 @@ migrate_ph1_ike_addresses(iph1, arg)
+ 	u_int16_t port;
+ 
+ 	/* Already up-to-date? */
+-	if (cmpsaddrwop(iph1->local, ma->local) == 0 &&
+-	    cmpsaddrwop(iph1->remote, ma->remote) == 0)
++	if (cmpsaddr(iph1->local, ma->local) == 0 &&
++	    cmpsaddr(iph1->remote, ma->remote) == 0)
+ 		return 0;
+ 
+ 	if (iph1->status < PHASE1ST_ESTABLISHED) {
+@@ -2985,8 +2969,8 @@ migrate_ph2_ike_addresses(iph2, arg)
+ 		migrate_ph1_ike_addresses(iph2->ph1, arg);
+ 
+ 	/* Already up-to-date? */
+-	if (CMPSADDR(iph2->src, ma->local) == 0 &&
+-	    CMPSADDR(iph2->dst, ma->remote) == 0)
++	if (cmpsaddr(iph2->src, ma->local) == 0 &&
++	    cmpsaddr(iph2->dst, ma->remote) == 0)
+ 		return 0;
+ 
+ 	/* save src/dst as sa_src/sa_dst before rewriting */
+@@ -3206,8 +3190,8 @@ migrate_ph2_one_isr(spid, isr_cur, xisr_old, xisr_new)
+ 		     "changing address families (%d to %d) for endpoints.\n",
+ 		     osaddr->sa_family, nsaddr->sa_family);
+ 
+-	if (CMPSADDR(osaddr, (struct sockaddr *)&saidx->src) ||
+-	    CMPSADDR(odaddr, (struct sockaddr *)&saidx->dst)) {
++	if (cmpsaddr(osaddr, (struct sockaddr *) &saidx->src) ||
++	    cmpsaddr(odaddr, (struct sockaddr *) &saidx->dst)) {
+ 		plog(LLV_DEBUG, LOCATION, NULL, "SADB_X_MIGRATE: "
+ 		     "mismatch of addresses in saidx and xisr.\n");
+ 		return -1;
+diff --git a/src/racoon/policy.c b/src/racoon/policy.c
+index 850fa6b..058753f 100644
+--- a/src/racoon/policy.c
++++ b/src/racoon/policy.c
+@@ -141,16 +141,18 @@ getsp_r(spidx, iph2)
+ 		saddr2str(iph2->src));
+ 	plog(LLV_DEBUG, LOCATION, NULL, "src2: %s\n",
+ 		saddr2str((struct sockaddr *)&spidx->src));
+-	if (cmpsaddrwop(iph2->src, (struct sockaddr *)&spidx->src)
+-	 || spidx->prefs != prefixlen)
++
++	if (cmpsaddr(iph2->src, (struct sockaddr *) &spidx->src) ||
++	    spidx->prefs != prefixlen)
+ 		return NULL;
+ 
+ 	plog(LLV_DEBUG, LOCATION, NULL, "dst1: %s\n",
+ 		saddr2str(iph2->dst));
+ 	plog(LLV_DEBUG, LOCATION, NULL, "dst2: %s\n",
+ 		saddr2str((struct sockaddr *)&spidx->dst));
+-	if (cmpsaddrwop(iph2->dst, (struct sockaddr *)&spidx->dst)
+-	 || spidx->prefd != prefixlen)
++
++	if (cmpsaddr(iph2->dst, (struct sockaddr *) &spidx->dst) ||
++	    spidx->prefd != prefixlen)
+ 		return NULL;
+ 
+ 	plog(LLV_DEBUG, LOCATION, NULL, "looks to be transport mode\n");
+@@ -198,11 +200,11 @@ cmpspidxstrict(a, b)
+ 	 || a->ul_proto != b->ul_proto)
+ 		return 1;
+ 
+-	if (cmpsaddrstrict((struct sockaddr *)&a->src,
+-			   (struct sockaddr *)&b->src))
++	if (cmpsaddr((struct sockaddr *) &a->src,
++		     (struct sockaddr *) &b->src))
+ 		return 1;
+-	if (cmpsaddrstrict((struct sockaddr *)&a->dst,
+-			   (struct sockaddr *)&b->dst))
++	if (cmpsaddr((struct sockaddr *) &a->dst,
++		     (struct sockaddr *) &b->dst))
+ 		return 1;
+ 
+ #ifdef HAVE_SECCTX
+@@ -259,7 +261,7 @@ cmpspidxwild(a, b)
+ 		a, b->prefs, saddr2str((struct sockaddr *)&sa1));
+ 	plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n",
+ 		b, b->prefs, saddr2str((struct sockaddr *)&sa2));
+-	if (cmpsaddrwild((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
++	if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
+ 		return 1;
+ 
+ #ifndef __linux__
+@@ -277,7 +279,7 @@ cmpspidxwild(a, b)
+ 		a, b->prefd, saddr2str((struct sockaddr *)&sa1));
+ 	plog(LLV_DEBUG, LOCATION, NULL, "%p masked with /%d: %s\n",
+ 		b, b->prefd, saddr2str((struct sockaddr *)&sa2));
+-	if (cmpsaddrwild((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
++	if (cmpsaddr((struct sockaddr *)&sa1, (struct sockaddr *)&sa2))
+ 		return 1;
+ 
+ #ifdef HAVE_SECCTX
+diff --git a/src/racoon/remoteconf.c b/src/racoon/remoteconf.c
+index 73d80bc..88c622c 100644
+--- a/src/racoon/remoteconf.c
++++ b/src/racoon/remoteconf.c
+@@ -200,15 +200,9 @@ rmconf_match_type(rmsel, rmconf)
+ 	/* Check address */
+ 	if (rmsel->remote != NULL) {
+ 		if (rmconf->remote->sa_family != AF_UNSPEC) {
+-			if (rmsel->flags & GETRMCONF_F_NO_PORTS) {
+-				if (cmpsaddrwop(rmsel->remote,
+-						rmconf->remote) != 0)
+-					return 0;
+-			} else {
+-				if (cmpsaddrstrict(rmsel->remote,
+-						   rmconf->remote) != 0)
+-					return 0;
+-			}
++			if (cmpsaddr(rmsel->remote, rmconf->remote) != 0)
++				return 0;
++
+ 			/* Address matched */
+ 			ret = 2;
+ 		}
+@@ -262,7 +256,7 @@ void rmconf_selector_from_ph1(rmsel, iph1)
+ 	struct ph1handle *iph1;
+ {
+ 	memset(rmsel, 0, sizeof(*rmsel));
+-	rmsel->flags = GETRMCONF_F_NO_PORTS;
++	rmsel->flags = 0;
+ 	rmsel->remote = iph1->remote;
+ 	rmsel->etype = iph1->etype;
+ 	rmsel->approval = iph1->approval;
+@@ -357,22 +351,8 @@ getrmconf(remote, flags)
+ 	int n = 0;
+ 
+ 	memset(&ctx, 0, sizeof(ctx));
+-	ctx.sel.flags = flags | GETRMCONF_F_NO_PORTS;
++	ctx.sel.flags = flags;
+ 	ctx.sel.remote = remote;
+-#ifndef ENABLE_NATT
+-	/* 
+-	 * We never have ports set in our remote configurations, but when
+-	 * NAT-T is enabled, the kernel can have policies with ports and
+-	 * send us an acquire message for a destination that has a port set.
+-	 * If we do this port check here, we don't find the remote config.
+-	 *
+-	 * In an ideal world, we would be able to have remote conf with
+-	 * port, and the port could be a wildcard. That test could be used.
+-	 */
+-	if (remote->sa_family != AF_UNSPEC &&
+-	    extract_port(remote) != IPSEC_PORT_ANY)
+-		ctx.sel.flags &= ~GETRMCONF_F_NO_PORTS;
+-#endif /* ENABLE_NATT */
+ 
+ 	if (enumrmconf(&ctx.sel, rmconf_find, &ctx) != 0) {
+ 		plog(LLV_ERROR, LOCATION, remote,
+diff --git a/src/racoon/remoteconf.h b/src/racoon/remoteconf.h
+index 38faf03..b2e9e4a 100644
+--- a/src/racoon/remoteconf.h
++++ b/src/racoon/remoteconf.h
+@@ -189,8 +189,7 @@ extern int enumrmconf __P((struct rmconfselector *rmsel,
+ 			   void *enum_arg));
+ 
+ #define GETRMCONF_F_NO_ANONYMOUS	0x0001
+-#define GETRMCONF_F_NO_PORTS		0x0002
+-#define GETRMCONF_F_NO_PASSIVE		0x0004
++#define GETRMCONF_F_NO_PASSIVE		0x0002
+ 
+ #define RMCONF_ERR_MULTIPLE		((struct remoteconf *) -1)
+ 
+diff --git a/src/racoon/sockmisc.c b/src/racoon/sockmisc.c
+index 5c1f9c7..2bc2177 100644
+--- a/src/racoon/sockmisc.c
++++ b/src/racoon/sockmisc.c
+@@ -80,87 +77,28 @@
+ const int niflags = 0;
+ 
+ /*
+- * compare two sockaddr without port number.
+- * OUT:	0: equal.
+- *	1: not equal.
+- */
+-int
+-cmpsaddrwop(addr1, addr2)
+-	const struct sockaddr *addr1;
+-	const struct sockaddr *addr2;
+-{
+-	caddr_t sa1, sa2;
+-
+-	if (addr1 == 0 && addr2 == 0)
+-		return 0;
+-	if (addr1 == 0 || addr2 == 0)
+-		return 1;
+-
+-#ifdef __linux__
+-	if (addr1->sa_family != addr2->sa_family)
+-		return 1;
+-#else
+-	if (addr1->sa_len != addr2->sa_len
+-	 || addr1->sa_family != addr2->sa_family)
+-		return 1;
+-
+-#endif /* __linux__ */
+-
+-	switch (addr1->sa_family) {
+-	case AF_UNSPEC:
+-		break;
+-	case AF_INET:
+-		sa1 = (caddr_t)&((struct sockaddr_in *)addr1)->sin_addr;
+-		sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
+-		if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
+-			return 1;
+-		break;
+-#ifdef INET6
+-	case AF_INET6:
+-		sa1 = (caddr_t)&((struct sockaddr_in6 *)addr1)->sin6_addr;
+-		sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
+-		if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
+-			return 1;
+-		if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
+-		    ((struct sockaddr_in6 *)addr2)->sin6_scope_id)
+-			return 1;
+-		break;
+-#endif
+-	default:
+-		return 1;
+-	}
+-
+-	return 0;
+-}
+-
+-/*
+  * compare two sockaddr with port, taking care wildcard.
+  * addr1 is a subject address, addr2 is in a database entry.
+  * OUT:	0: equal.
+  *	1: not equal.
+  */
+ int
+-cmpsaddrwild(addr1, addr2)
++cmpsaddr(addr1, addr2)
+ 	const struct sockaddr *addr1;
+ 	const struct sockaddr *addr2;
+ {
+ 	caddr_t sa1, sa2;
+ 	u_short port1, port2;
+ 
+-	if (addr1 == 0 && addr2 == 0)
+-		return 0;
+-	if (addr1 == 0 || addr2 == 0)
+-		return 1;
++	if (addr1 == NULL && addr2 == NULL)
++		return CMPSADDR_MATCH;
+ 
+-#ifdef __linux__
+-	if (addr1->sa_family != addr2->sa_family)
+-		return 1;
+-#else
+-	if (addr1->sa_len != addr2->sa_len
+-	 || addr1->sa_family != addr2->sa_family)
+-		return 1;
++	if (addr1 == NULL || addr2 == NULL)
++		return CMPSADDR_MISMATCH;
+ 
+-#endif /* __linux__ */
++	if (addr1->sa_family != addr2->sa_family ||
++	    sysdep_sa_len(addr1) != sysdep_sa_len(addr2))
++		return CMPSADDR_MISMATCH;
+ 
+ 	switch (addr1->sa_family) {
+ 	case AF_UNSPEC:
+@@ -170,12 +108,8 @@ cmpsaddrwild(addr1, addr2)
+ 		sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
+ 		port1 = ((struct sockaddr_in *)addr1)->sin_port;
+ 		port2 = ((struct sockaddr_in *)addr2)->sin_port;
+-		if (!(port1 == IPSEC_PORT_ANY ||
+-		      port2 == IPSEC_PORT_ANY ||
+-		      port1 == port2))
+-			return 1;
+ 		if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
+-			return 1;
++			return CMPSADDR_MISMATCH;
+ 		break;
+ #ifdef INET6
+ 	case AF_INET6:
+@@ -183,155 +117,23 @@ cmpsaddrwild(addr1, addr2)
+ 		sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
+ 		port1 = ((struct sockaddr_in6 *)addr1)->sin6_port;
+ 		port2 = ((struct sockaddr_in6 *)addr2)->sin6_port;
+-		if (!(port1 == IPSEC_PORT_ANY ||
+-		      port2 == IPSEC_PORT_ANY ||
+-		      port1 == port2))
+-			return 1;
+ 		if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
+-			return 1;
++			return CMPSADDR_MISMATCH;
+ 		if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
+ 		    ((struct sockaddr_in6 *)addr2)->sin6_scope_id)
+-			return 1;
++			return CMPSADDR_MISMATCH;
+ 		break;
+ #endif
+ 	default:
+-		return 1;
++		return CMPSADDR_MISMATCH;
+ 	}
+ 
+-	return 0;
+-}
+-
+-/*
+- * compare two sockaddr with port, taking care specific situation:
+- * one addr has 0 as port, and the other has 500 (network order), return equal
+- * OUT:	0: equal.
+- *	1: not equal.
+- */
+-int
+-cmpsaddrmagic(addr1, addr2)
+-	const struct sockaddr *addr1;
+-	const struct sockaddr *addr2;
+-{
+-	caddr_t sa1, sa2;
+-	u_short port1, port2;
+-
+-	if (addr1 == 0 && addr2 == 0)
+-		return 0;
+-	if (addr1 == 0 || addr2 == 0)
+-		return 1;
+-
+-#ifdef __linux__
+-	if (addr1->sa_family != addr2->sa_family)
+-		return 1;
+-#else
+-	if (addr1->sa_len != addr2->sa_len
+-	 || addr1->sa_family != addr2->sa_family)
+-		return 1;
++	if (port1 == port2 ||
++	    port1 == IPSEC_PORT_ANY ||
++	    port2 == IPSEC_PORT_ANY)
++		return CMPSADDR_MATCH;
+ 
+-#endif /* __linux__ */
+-
+-	switch (addr1->sa_family) {
+-	case AF_UNSPEC:
+-		break;
+-	case AF_INET:
+-		sa1 = (caddr_t)&((struct sockaddr_in *)addr1)->sin_addr;
+-		sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
+-		port1 = ((struct sockaddr_in *)addr1)->sin_port;
+-		port2 = ((struct sockaddr_in *)addr2)->sin_port;
+-		plog(LLV_DEBUG, LOCATION, NULL, "cmpsaddr_magic: port1 == %d, port2 == %d\n", port1, port2);
+-		if (!((port1 == IPSEC_PORT_ANY && port2 == ntohs(PORT_ISAKMP)) ||
+-			  (port2 == IPSEC_PORT_ANY && port1 == ntohs(PORT_ISAKMP)) ||
+-		      (port1 == port2))){			
+-			plog(LLV_DEBUG, LOCATION, NULL, "cmpsaddr_magic: ports mismatch\n");
+-			return 1;
+-		}
+-		plog(LLV_DEBUG, LOCATION, NULL, "cmpsaddr_magic: ports matched\n");
+-		if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
+-			return 1;
+-		break;
+-#ifdef INET6
+-	case AF_INET6:
+-		sa1 = (caddr_t)&((struct sockaddr_in6 *)addr1)->sin6_addr;
+-		sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
+-		port1 = ((struct sockaddr_in6 *)addr1)->sin6_port;
+-		port2 = ((struct sockaddr_in6 *)addr2)->sin6_port;
+-		if (!((port1 == IPSEC_PORT_ANY && port2 == PORT_ISAKMP) ||
+-			  (port2 == IPSEC_PORT_ANY && port1 == PORT_ISAKMP) ||
+-		      (port1 == port2)))
+-			return 1;
+-		if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
+-			return 1;
+-		if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
+-		    ((struct sockaddr_in6 *)addr2)->sin6_scope_id)
+-			return 1;
+-		break;
+-#endif
+-	default:
+-		return 1;
+-	}
+-
+-	return 0;
+-}
+-
+-/*
+- * compare two sockaddr with strict match on port.
+- * OUT:	0: equal.
+- *	1: not equal.
+- */
+-int
+-cmpsaddrstrict(addr1, addr2)
+-	const struct sockaddr *addr1;
+-	const struct sockaddr *addr2;
+-{
+-	caddr_t sa1, sa2;
+-	u_short port1, port2;
+-
+-	if (addr1 == 0 && addr2 == 0)
+-		return 0;
+-	if (addr1 == 0 || addr2 == 0)
+-		return 1;
+-
+-#ifdef __linux__
+-	if (addr1->sa_family != addr2->sa_family)
+-		return 1;
+-#else
+-	if (addr1->sa_len != addr2->sa_len
+-	 || addr1->sa_family != addr2->sa_family)
+-		return 1;
+-
+-#endif /* __linux__ */
+-
+-	switch (addr1->sa_family) {
+-	case AF_INET:
+-		sa1 = (caddr_t)&((struct sockaddr_in *)addr1)->sin_addr;
+-		sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
+-		port1 = ((struct sockaddr_in *)addr1)->sin_port;
+-		port2 = ((struct sockaddr_in *)addr2)->sin_port;
+-		if (port1 != port2)
+-			return 1;
+-		if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
+-			return 1;
+-		break;
+-#ifdef INET6
+-	case AF_INET6:
+-		sa1 = (caddr_t)&((struct sockaddr_in6 *)addr1)->sin6_addr;
+-		sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
+-		port1 = ((struct sockaddr_in6 *)addr1)->sin6_port;
+-		port2 = ((struct sockaddr_in6 *)addr2)->sin6_port;
+-		if (port1 != port2)
+-			return 1;
+-		if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
+-			return 1;
+-		if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
+-		    ((struct sockaddr_in6 *)addr2)->sin6_scope_id)
+-			return 1;
+-		break;
+-#endif
+-	default:
+-		return 1;
+-	}
+-
+-	return 0;
++	return CMPSADDR_WOP_MATCH;
+ }
+ 
+ /* get local address against the destination. */
+@@ -1129,7 +931,7 @@ naddr_score(const struct netaddr *naddr, const struct sockaddr *saddr)
+ 		free(a2);
+ 		free(a3);
+ 	}
+-	if (cmpsaddrwop(&sa, &naddr->sa.sa) == 0)
++	if (cmpsaddr(&sa, &naddr->sa.sa) == 0)
+ 		return naddr->prefix + port_score;
+ 
+ 	return -1;
+diff --git a/src/racoon/sockmisc.h b/src/racoon/sockmisc.h
+index fcc286f..0a58f44 100644
+--- a/src/racoon/sockmisc.h
++++ b/src/racoon/sockmisc.h
+@@ -54,16 +54,11 @@ struct netaddr {
+ 
+ extern const int niflags;
+ 
+-extern int cmpsaddrwop __P((const struct sockaddr *, const struct sockaddr *));
+-extern int cmpsaddrwild __P((const struct sockaddr *, const struct sockaddr *));
+-extern int cmpsaddrstrict __P((const struct sockaddr *, const struct sockaddr *));
+-extern int cmpsaddrmagic __P((const struct sockaddr *, const struct sockaddr *));
+-
+-#ifdef ENABLE_NATT 
+-#define CMPSADDR(saddr1, saddr2) cmpsaddrstrict((saddr1), (saddr2))
+-#else 
+-#define CMPSADDR(saddr1, saddr2) cmpsaddrwop((saddr1), (saddr2))
+-#endif
++#define CMPSADDR_MATCH		0
++#define CMPSADDR_WOP_MATCH	1
++#define CMPSADDR_MISMATCH	2
++
++extern int cmpsaddr __P((const struct sockaddr *, const struct sockaddr *));
+ 
+ extern struct sockaddr *getlocaladdr __P((struct sockaddr *));
+ 
+diff --git a/src/racoon/throttle.c b/src/racoon/throttle.c
+index 5ab62c3..64b566b 100644
+--- a/src/racoon/throttle.c
++++ b/src/racoon/throttle.c
+@@ -104,7 +104,7 @@ restart:
+ 			goto restart;
+ 		}
+ 
+-		if (cmpsaddrwop(addr, (struct sockaddr *)&te->host) == 0) {
++		if (cmpsaddr(addr, (struct sockaddr *) &te->host) == 0) {
+ 			found = 1;
+ 			break;
+ 		}
diff --git a/main/ipsec-tools/50-reverse-connect.patch b/main/ipsec-tools/50-reverse-connect.patch
new file mode 100644
index 0000000000..c49eae347f
--- /dev/null
+++ b/main/ipsec-tools/50-reverse-connect.patch
@@ -0,0 +1,207 @@
+When new ISAKMP is required, allow incoming reverse connection to take
+
+From: Timo Teras <timo.teras@iki.fi>
+
+over pending phase1:s. Useful when the other party is firewalled or NATted.
+---
+
+ src/racoon/admin.c   |   12 ++++++++++++
+ src/racoon/evt.c     |   13 +++++++++++++
+ src/racoon/evt.h     |    3 +++
+ src/racoon/handler.c |   28 +++++++++++++++++++++-------
+ src/racoon/isakmp.c  |   39 ++++++++++++++++++++++++++++++++++-----
+ 5 files changed, 83 insertions(+), 12 deletions(-)
+
+
+diff --git a/src/racoon/admin.c b/src/racoon/admin.c
+index b67e545..710c9bf 100644
+--- a/src/racoon/admin.c
++++ b/src/racoon/admin.c
+@@ -414,11 +414,23 @@ admin_process(so2, combuf)
+ 		struct sockaddr *dst;
+ 		struct sockaddr *src;
+ 		char *name = NULL;
++		char *loc, *rem;
+ 
+ 		ndx = (struct admin_com_indexes *) ((caddr_t)com + sizeof(*com));
+ 		src = (struct sockaddr *) &ndx->src;
+ 		dst = (struct sockaddr *) &ndx->dst;
+ 
++		loc = racoon_strdup(saddr2str(src));
++		rem = racoon_strdup(saddr2str(dst));
++		STRDUP_FATAL(loc);
++		STRDUP_FATAL(rem);
++
++		plog(LLV_INFO, LOCATION, NULL,
++			"admin establish-sa %x %s %s\n",
++			com->ac_proto, loc, rem);
++		racoon_free(loc);
++		racoon_free(rem);
++
+ 		if (com->ac_cmd == ADMIN_ESTABLISH_SA &&
+ 		    com->ac_len > sizeof(*com) + sizeof(*ndx))
+ 			name = (char *) ((caddr_t) ndx + sizeof(*ndx));
+diff --git a/src/racoon/evt.c b/src/racoon/evt.c
+index 4ce1334..000c1f8 100644
+--- a/src/racoon/evt.c
++++ b/src/racoon/evt.c
+@@ -396,4 +396,17 @@ evt_list_cleanup(list)
+ 		evt_unsubscribe(LIST_FIRST(list));
+ }
+ 
++void
++evt_list_move(from, to)
++	struct evt_listener_list *from, *to;
++{
++	struct evt_listener *l;
++
++	while (!LIST_EMPTY(from)) {
++		l = LIST_FIRST(from);
++		LIST_REMOVE(l, ll_chain);
++		LIST_INSERT_HEAD(to, l, ll_chain);
++	}
++}
++
+ #endif /* ENABLE_ADMINPORT */
+diff --git a/src/racoon/evt.h b/src/racoon/evt.h
+index 0ce65bd..ba7fb57 100644
+--- a/src/racoon/evt.h
++++ b/src/racoon/evt.h
+@@ -124,6 +124,8 @@ void evt_phase2 __P((const struct ph2handle *ph2, int type, vchar_t *optdata));
+ vchar_t *evt_dump __P((void));
+ 
+ int  evt_subscribe __P((struct evt_listener_list *list, int fd));
++void evt_list_move __P((struct evt_listener_list *from,
++			struct evt_listener_list *to));
+ void evt_list_init __P((struct evt_listener_list *list));
+ void evt_list_cleanup __P((struct evt_listener_list *list));
+ 
+@@ -136,6 +138,7 @@ void evt_list_cleanup __P((struct evt_listener_list *list));
+ #define evt_phase2(ph2, type, optdata) ;
+ 
+ #define evt_subscribe(eventlist, fd) ;
++#deifne evt_list_move(from, to) ;
+ #define evt_list_init(eventlist) ;
+ #define evt_list_cleanup(eventlist) ;
+ #define evt_get_fdmask(nfds, fdset) nfds
+diff --git a/src/racoon/handler.c b/src/racoon/handler.c
+index b33986f..9fd3817 100644
+--- a/src/racoon/handler.c
++++ b/src/racoon/handler.c
+@@ -269,26 +269,40 @@ migrate_ph12(old_iph1, new_iph1)
+ }
+ 
+ /*
+- * the iph1 is new, migrate all phase2s that belong to a dying or dead ph1
++ * the iph1 is new, migrate all phase2s that belong to a dying or dead ph1.
+  */
+ void migrate_dying_ph12(iph1)
+ 	struct ph1handle *iph1;
+ {
+-	struct ph1handle *p;
++	struct ph1handle *p, *next;
+ 
+-	LIST_FOREACH(p, &ph1tree, chain) {
++	for (p = LIST_FIRST(&ph1tree); p; p = next) {
++		next = LIST_NEXT(p, chain);
+ 		if (p == iph1)
+ 			continue;
+-		if (p->status < PHASE1ST_DYING)
++
++		/* Same remote? */
++		if (cmpsaddr(iph1->local, p->local) > CMPSADDR_WOP_MATCH ||
++		    cmpsaddr(iph1->remote, p->remote) > CMPSADDR_WOP_MATCH ||
++		    iph1->rmconf != p->rmconf)
+ 			continue;
+ 
+-		if (cmpsaddr(iph1->local, p->local) == 0
+-		 && cmpsaddr(iph1->remote, p->remote) == 0)
++		/* migrate phase2:s from expiring entries */
++		if (p->status >= PHASE1ST_DYING)
+ 			migrate_ph12(p, iph1);
++
++		/* and allow reverse connections to release
++		 * pending connections that do not work due
++		 * to firewall or nat */
++		if (iph1->side == RESPONDER && p->side == INITIATOR &&
++		    p->status < PHASE1ST_MSG3RECEIVED) {
++			evt_list_move(&p->evt_listeners, &iph1->evt_listeners);
++			remph1(p);
++			delph1(p);
++		}
+ 	}
+ }
+ 
+-
+ /*
+  * dump isakmp-sa
+  */
+diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
+index 0de16d1..2dfda2f 100644
+--- a/src/racoon/isakmp.c
++++ b/src/racoon/isakmp.c
+@@ -2138,13 +2138,33 @@ isakmp_ph2delete(iph2)
+ 
+ 	remph2(iph2);
+ 	delph2(iph2);
+-
+-	return;
+ }
+ 
+ /* %%%
+  * Interface between PF_KEYv2 and ISAKMP
+  */
++
++static void
++isakmp_chkph2there(p)
++	struct sched *p;
++{
++	struct ph2handle *iph2 = container_of(p, struct ph2handle, sce);
++	struct ph2handle *tmp;
++
++	/* Check if a similar phase2 appared meanwhile */
++	remph2(iph2);
++	tmp = getph2byid(iph2->src, iph2->dst, iph2->spid);
++	if (tmp == NULL) {
++		/* Nope, lets start this then */
++		insph2(iph2);
++		isakmp_chkph1there(iph2);
++	} else {
++		/* Yes, delete this initiation attempt as redundant */
++		evt_phase2(iph2, EVT_PHASE2_UP, NULL);
++		delph2(iph2);
++	}
++}
++
+ /*
+  * receive ACQUIRE from kernel, and begin either phase1 or phase2.
+  * if phase1 has been finished, begin phase2.
+@@ -2220,8 +2240,14 @@ isakmp_post_acquire(iph2)
+ 		/*NOTREACHED*/
+ 	}
+ 
+-	/* found established ISAKMP-SA */
+-	/* i.e. iph1->status == PHASE1ST_ESTABLISHED */
++	/* found established ISAKMP-SA, if this is a RESPONDER ISAKMP-SA
++	 * add a small delay; this will make sure the initiator gets
++	 * an first attempt at rekeying, and usually avoids duplicate ph2:s */
++	if (iph1->side == RESPONDER) {
++		iph2->retry_checkph1 = 1;
++		sched_schedule(&iph2->sce, 1, isakmp_chkph2there);
++		return 0;
++	}
+ 
+ 	/* found ISAKMP-SA. */
+ 	plog(LLV_DEBUG, LOCATION, NULL, "begin QUICK mode.\n");
+@@ -2388,7 +2414,10 @@ isakmp_chkph1there(iph2)
+ 		plog(LLV_DEBUG2, LOCATION, NULL, "dst: %s\n", saddr2str(iph2->dst));
+ 
+ 		/* begin quick mode */
+-		(void)isakmp_ph2begin_i(iph1, iph2);
++		if (isakmp_ph2begin_i(iph1, iph2)) {
++			remph2(iph2);
++			delph2(iph2);
++		}
+ 		return;
+ 	}
+ 
diff --git a/main/ipsec-tools/60-debug-quick.patch b/main/ipsec-tools/60-debug-quick.patch
new file mode 100644
index 0000000000..a5c3346ee9
--- /dev/null
+++ b/main/ipsec-tools/60-debug-quick.patch
@@ -0,0 +1,211 @@
+debugging prints for quick mode errors
+
+From: Timo Teras <timo.teras@iki.fi>
+
+
+---
+
+ src/racoon/isakmp.c       |   21 ++++++++++++++-------
+ src/racoon/isakmp_quick.c |   46 ++++++++++++++++++++++++++++++++++++++-------
+ 2 files changed, 53 insertions(+), 14 deletions(-)
+
+
+diff --git a/src/racoon/isakmp.c b/src/racoon/isakmp.c
+index 2dfda2f..87ce598 100644
+--- a/src/racoon/isakmp.c
++++ b/src/racoon/isakmp.c
+@@ -817,7 +817,8 @@ ph1_main(iph1, msg)
+ 
+ 		if (iph1->side == RESPONDER && iph1->status == PHASE1ST_START) {
+ 			plog(LLV_ERROR, LOCATION, iph1->remote,
+-				"failed to pre-process packet.\n");
++				"failed to pre-process ph1 packet (side: %d, status %d).\n",
++				iph1->side, iph1->status);
+ 			return -1;
+ 		} else {
+ 			/* ignore the error and keep phase 1 handler */
+@@ -845,7 +846,8 @@ ph1_main(iph1, msg)
+ 			[iph1->side]
+ 			[iph1->status])(iph1, msg) != 0) {
+ 		plog(LLV_ERROR, LOCATION, iph1->remote,
+-			"failed to process packet.\n");
++			"failed to process ph1 packet (side: %d, status: %d).\n",
++			iph1->side, iph1->status);
+ 		return -1;
+ 	}
+ 
+@@ -997,7 +999,8 @@ quick_main(iph2, msg)
+ 			    [iph2->status])(iph2, msg);
+ 	if (error != 0) {
+ 		plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+-			"failed to pre-process packet.\n");
++			"failed to pre-process ph2 packet (side: %d, status %d).\n",
++			iph2->side, iph2->status);
+ 		if (error == ISAKMP_INTERNAL_ERROR)
+ 			return 0;
+ 		isakmp_info_send_n1(iph2->ph1, error, NULL);
+@@ -1025,7 +1028,8 @@ quick_main(iph2, msg)
+ 			[iph2->side]
+ 			[iph2->status])(iph2, msg) != 0) {
+ 		plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+-			"failed to process packet.\n");
++			"failed to process ph2 packet (side: %d, status: %d).\n",
++			iph2->side, iph2->status);
+ 		return -1;
+ 	}
+ 
+@@ -1233,7 +1237,8 @@ isakmp_ph1begin_r(msg, remote, local, etype)
+ 			[iph1->side]
+ 			[iph1->status])(iph1, msg) < 0) {
+ 		plog(LLV_ERROR, LOCATION, remote,
+-			"failed to process packet.\n");
++			"failed to process ph1 packet (side: %d, status: %d).\n",
++			iph1->side, iph1->status);
+ 		remph1(iph1);
+ 		delph1(iph1);
+ 		return -1;
+@@ -1386,7 +1391,8 @@ isakmp_ph2begin_r(iph1, msg)
+ 	                   [iph2->status])(iph2, msg);
+ 	if (error != 0) {
+ 		plog(LLV_ERROR, LOCATION, iph1->remote,
+-			"failed to pre-process packet.\n");
++			"failed to pre-process ph2 packet (side: %d, status: %d).\n",
++			iph2->side, iph2->status);
+ 		if (error != ISAKMP_INTERNAL_ERROR)
+ 			isakmp_info_send_n1(iph2->ph1, error, NULL);
+ 		/*
+@@ -1404,7 +1410,8 @@ isakmp_ph2begin_r(iph1, msg)
+ 			[iph2->side]
+ 			[iph2->status])(iph2, msg) < 0) {
+ 		plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
+-			"failed to process packet.\n");
++			"failed to process ph2 packet (side: %d, status: %d).\n",
++			iph2->side, iph2->status);
+ 		/* don't release handler */
+ 		return -1;
+ 	}
+diff --git a/src/racoon/isakmp_quick.c b/src/racoon/isakmp_quick.c
+index 46c84c1..2657407 100644
+--- a/src/racoon/isakmp_quick.c
++++ b/src/racoon/isakmp_quick.c
+@@ -495,18 +495,27 @@ quick_i2recv(iph2, msg0)
+ 					"isn't supported.\n");
+ 				break;
+ 			}
+-			if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0)
++			if (isakmp_p2ph(&iph2->sa_ret, pa->ptr) < 0) {
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"duplicate ISAKMP_NPTYPE_SA.\n");
+ 				goto end;
++			}
+ 			break;
+ 
+ 		case ISAKMP_NPTYPE_NONCE:
+-			if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
++			if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"duplicate ISAKMP_NPTYPE_NONCE.\n");
+ 				goto end;
++			}
+ 			break;
+ 
+ 		case ISAKMP_NPTYPE_KE:
+-			if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
++			if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"duplicate ISAKMP_NPTYPE_KE.\n");
+ 				goto end;
++			}
+ 			break;
+ 
+ 		case ISAKMP_NPTYPE_ID:
+@@ -517,6 +526,8 @@ quick_i2recv(iph2, msg0)
+ 				if (isakmp_p2ph(&idcr, pa->ptr) < 0)
+ 					goto end;
+ 			} else {
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"too many ISAKMP_NPTYPE_ID payloads.\n");
+ 				goto end;
+ 			}
+ 			break;
+@@ -557,6 +568,8 @@ quick_i2recv(iph2, msg0)
+ 				iph2->natoa_dst = daddr;
+ 			else {
+ 				racoon_free(daddr);
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"too many ISAKMP_NPTYPE_NATOA payloads.\n");
+ 				goto end;
+ 			}
+ 		    }
+@@ -718,6 +731,8 @@ quick_i2recv(iph2, msg0)
+ 
+ 	/* validity check SA payload sent from responder */
+ 	if (ipsecdoi_checkph2proposal(iph2) < 0) {
++		plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++			"proposal check failed.\n");
+ 		error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
+ 		goto end;
+ 	}
+@@ -1077,8 +1092,11 @@ quick_r1recv(iph2, msg0)
+ 	}
+ 	/* decrypt packet */
+ 	msg = oakley_do_decrypt(iph2->ph1, msg0, iph2->ivm->iv, iph2->ivm->ive);
+-	if (msg == NULL)
++	if (msg == NULL) {
++		plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++			"Packet decryption failed.\n");
+ 		goto end;
++	}
+ 
+ 	/* create buffer for using to validate HASH(1) */
+ 	/*
+@@ -1162,18 +1180,27 @@ quick_r1recv(iph2, msg0)
+ 					"Multi SAs isn't supported.\n");
+ 				goto end;
+ 			}
+-			if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0)
++			if (isakmp_p2ph(&iph2->sa, pa->ptr) < 0) {
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"duplicate ISAKMP_NPTYPE_SA.\n");
+ 				goto end;
++			}
+ 			break;
+ 
+ 		case ISAKMP_NPTYPE_NONCE:
+-			if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0)
++			if (isakmp_p2ph(&iph2->nonce_p, pa->ptr) < 0) {
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"duplicate ISAKMP_NPTYPE_NONCE.\n");
+ 				goto end;
++			}
+ 			break;
+ 
+ 		case ISAKMP_NPTYPE_KE:
+-			if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0)
++			if (isakmp_p2ph(&iph2->dhpub_p, pa->ptr) < 0) {
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"duplicate ISAKMP_NPTYPE_KE.\n");
+ 				goto end;
++			}
+ 			break;
+ 
+ 		case ISAKMP_NPTYPE_ID:
+@@ -1241,6 +1268,9 @@ quick_r1recv(iph2, msg0)
+ 				iph2->natoa_src = daddr;
+ 			else {
+ 				racoon_free(daddr);
++				plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++					"received too many NAT-OA payloads.\n");
++				error = ISAKMP_NTYPE_PAYLOAD_MALFORMED;
+ 				goto end;
+ 			}
+ 		    }
+@@ -1333,6 +1363,8 @@ quick_r1recv(iph2, msg0)
+ 	case 0:
+ 		/* select single proposal or reject it. */
+ 		if (ipsecdoi_selectph2proposal(iph2) < 0) {
++			plog(LLV_ERROR, LOCATION, iph2->ph1->remote,
++				"no proposal chosen.\n");
+ 			error = ISAKMP_NTYPE_NO_PROPOSAL_CHOSEN;
+ 			goto end;
+ 		}
diff --git a/main/ipsec-tools/APKBUILD b/main/ipsec-tools/APKBUILD
new file mode 100644
index 0000000000..b947b9b695
--- /dev/null
+++ b/main/ipsec-tools/APKBUILD
@@ -0,0 +1,59 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ipsec-tools
+pkgver=0.8_alpha20090422
+_myver=0.8-alpha20090422
+pkgrel=0
+pkgdesc="User-space IPsec tools for various IPsec implementations"
+url="http://ipsec-tools.sourceforge.net/"
+license="BSD"
+depends="openssl uclibc"
+makedepends="openssl-dev bison flex"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$_myver.tar.gz
+	racoon.initd
+	racoon.confd
+	00-verify-cert-leak.patch
+	20-natoa-fix.patch
+	30-natt-ports-cleanup.patch
+	40-cmpsaddr-cleanup.patch
+	50-reverse-connect.patch
+	60-debug-quick.patch
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$_myver"
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 -i $i || return 1
+	done
+	sed -i 's:-Werror::g' configure
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--localstatedir=/var/lib \
+		--with-kernel-headers=/usr/include \
+		--disable-security-context \
+		--enable-adminport \
+		--enable-dpd \
+		--enable-frag \
+		--enable-hybrid \
+		--enable-ipv6 \
+		--enable-natt
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	
+	install -D -m755 ../racoon.initd "$pkgdir"/etc/init.d/racoon
+	install -D -m644 ../racoon.confd "$pkgdir"/etc/conf.d/racoon
+}
+
+md5sums="8327401b5d1aa91e9c554d2cc536f823  ipsec-tools-0.8-alpha20090422.tar.gz
+16d66458442750e6401fa459e93172b7  racoon.initd
+788e3de82c1c6532dab0dc0c19c1bf40  racoon.confd
+e0abf570c29519e8e36406dfc3bbe3c8  00-verify-cert-leak.patch
+2adb8796c75f62811b08c8370c75312c  20-natoa-fix.patch
+17b3f05426537afa1e94947c39b10163  30-natt-ports-cleanup.patch
+5fcaf5a01340132d4bfe55997bc5c60b  40-cmpsaddr-cleanup.patch
+91eb6da2726c4ed83df990f6908a7553  50-reverse-connect.patch
+baa13d7f0f48955c792f7fcd42a8587a  60-debug-quick.patch"
diff --git a/main/ipsec-tools/racoon.confd b/main/ipsec-tools/racoon.confd
new file mode 100644
index 0000000000..66f8ed7674
--- /dev/null
+++ b/main/ipsec-tools/racoon.confd
@@ -0,0 +1,19 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/ipsec-tools/files/racoon.conf.d,v 1.3 2004/07/14 23:29:57 agriffis Exp $
+
+# Config file for /etc/init.d/racoon
+
+# See the manual pages for racoon or run `racoon --help`
+# for valid command-line options
+
+RACOON_OPTS="-4"
+
+RACOON_CONF="/etc/racoon/racoon.conf"
+RACOON_PSK_FILE="/etc/racoon/psk.txt"
+SETKEY_CONF="/etc/ipsec.conf"
+
+# Comment or remove the following if you don't want the policy tables
+# to be flushed when racoon is stopped.
+
+RACOON_RESET_TABLES="true"
diff --git a/main/ipsec-tools/racoon.initd b/main/ipsec-tools/racoon.initd
new file mode 100644
index 0000000000..16fdec7e3a
--- /dev/null
+++ b/main/ipsec-tools/racoon.initd
@@ -0,0 +1,58 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	before netmount
+	use net
+}
+
+checkconfig() {
+	if [ ! -e ${SETKEY_CONF} ] ; then
+		eerror "You need to configure setkey before starting racoon."
+		return 1
+	fi
+	if [ ! -e ${RACOON_CONF} ] ; then
+		eerror "You need a configuration file to start racoon."
+		return 1
+	fi
+	if [ ! -z ${RACOON_PSK_FILE} ] ; then
+		if [ ! -f ${RACOON_PSK_FILE} ] ; then
+			eerror "PSK file not found as specified."
+			eerror "Set RACOON_PSK_FILE in /etc/conf.d/racoon."
+			return 1
+		fi
+		case "`ls -Lldn ${RACOON_PSK_FILE}`" in
+			-r--------*)
+				;;
+			*)
+				eerror "Your defined PSK file should be mode 400 for security!"
+				return 1
+				;;
+		esac
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	einfo "Loading ipsec policies from ${SETKEY_CONF}."
+	/usr/sbin/setkey -f ${SETKEY_CONF}
+	if [ $? -eq 1 ] ; then
+		eerror "Error while loading ipsec policies"
+	fi
+	ebegin "Starting racoon"
+	start-stop-daemon -S -x /usr/sbin/racoon -- -f ${RACOON_CONF} ${RACOON_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping racoon"
+	start-stop-daemon -K -p /var/run/racoon.pid
+	eend $?
+	if [ -n "${RACOON_RESET_TABLES}" ]; then
+		ebegin "Flushing policy entries"
+		/usr/sbin/setkey -F
+		/usr/sbin/setkey -FP
+		eend $?
+	fi
+}
diff --git a/main/iptables/APKBUILD b/main/iptables/APKBUILD
new file mode 100644
index 0000000000..806f7a3f08
--- /dev/null
+++ b/main/iptables/APKBUILD
@@ -0,0 +1,66 @@
+#!/bin/sh
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+pkgname=iptables
+pkgver=1.4.4
+pkgrel=0
+pkgdesc="Linux kernel firewall, NAT and packet mangling tools"
+url="http://www.iptables.org/"
+license=GPL-2
+source="http://iptables.org/projects/iptables/files/$pkgname-$pkgver.tar.bz2
+	iptables-1.4.2-include-in.patch
+	iptables.initd
+	iptables.confd
+	"
+
+makedepends="linux-headers"
+subpackages="ip6tables $pkgname-doc $pkgname-dev"
+
+build() {
+	local i
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 -i $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--sbindir=/sbin \
+		--without-kernel \
+	        --enable-devel \
+		--enable-libipq \
+		--enable-shared 
+	make || return 1
+	make -j1 install DESTDIR="$pkgdir"
+
+	mkdir -p "$pkgdir"/usr/include/libiptc \
+		"$pkgdir"/usr/lib \
+		"$pkgdir"/var/lib/iptables \
+		"$pkgdir"/etc/init.d \
+		"$pkgdir"/etc/conf.d
+	install -m644 include/iptables.h include/ip6tables.h \
+		"$pkgdir"/usr/include/
+	install include/libiptc/*.h "$pkgdir"/usr/include/libiptc/
+	install -m644 libiptc/libiptc.a "$pkgdir"/usr/lib
+	install -m755 "$startdir"/iptables.initd "$pkgdir"/etc/init.d/iptables
+	install -m644 "$startdir"/iptables.confd "$pkgdir"/etc/conf.d/iptables
+}
+
+ip6tables() {
+	mkdir -p "$subpkgdir"/sbin \
+		"$subpkgdir"/etc/init.d/ \
+		"$subpkgdir"/var/lib/ip6tables \
+		"$subpkgdir"/usr/libexec/xtables
+
+	mv "$pkgdir"/sbin/ip6* "$subpkgdir"/sbin/
+	mv "$pkgdir"/usr/libexec/xtables/libip6* \
+		"$subpkgdir"/usr/libexec/xtables/
+	install -m755 "$startdir"/iptables.initd \
+		"$subpkgdir"/etc/init.d/ip6tables
+}
+
+md5sums="08cd9196881657ea0615d926334cb7e9  iptables-1.4.4.tar.bz2
+ec3e80a1b0ea3e13e4e60824b7ebd1b9  iptables-1.4.2-include-in.patch
+2202ac150a5dfe32a8363b0ad565ee1d  iptables.initd
+956ebf5ab69e5a1e1d3983541eab643b  iptables.confd"
diff --git a/main/iptables/iptables-1.4.2-include-in.patch b/main/iptables/iptables-1.4.2-include-in.patch
new file mode 100644
index 0000000000..138fa564ca
--- /dev/null
+++ b/main/iptables/iptables-1.4.2-include-in.patch
@@ -0,0 +1,12 @@
+pull in in.h as it sets up some proto defines that iptables relies on
+
+--- a/include/xtables.h.in
++++ b/include/xtables.h.in
+@@ -5,6 +5,7 @@
+ #include <sys/types.h>
+ #include <stdbool.h>
+ #include <net/if.h>
++#include <netinet/in.h>
+ #include <linux/types.h>
+ #include <linux/netfilter/x_tables.h>
+ 
diff --git a/main/iptables/iptables.confd b/main/iptables/iptables.confd
new file mode 100644
index 0000000000..91287debdb
--- /dev/null
+++ b/main/iptables/iptables.confd
@@ -0,0 +1,11 @@
+# /etc/conf.d/iptables
+
+# Location in which iptables initscript will save set rules on 
+# service shutdown
+IPTABLES_SAVE="/var/lib/iptables/rules-save"
+
+# Options to pass to iptables-save and iptables-restore 
+SAVE_RESTORE_OPTIONS="-c"
+
+# Save state on stopping iptables
+SAVE_ON_STOP="yes"
diff --git a/main/iptables/iptables.initd b/main/iptables/iptables.initd
new file mode 100755
index 0000000000..e63d8ea9e2
--- /dev/null
+++ b/main/iptables/iptables.initd
@@ -0,0 +1,114 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/iptables/files/iptables-1.3.2.init,v 1.6 2007/03/12 21:49:04 vapier Exp $
+
+opts="save reload panic"
+
+iptables_name=${SVCNAME}
+if [ "${iptables_name}" != "iptables" -a "${iptables_name}" != "ip6tables" ] ; then
+	iptables_name="iptables"
+fi
+
+iptables_bin="/sbin/${iptables_name}"
+case ${iptables_name} in
+	iptables)  iptables_proc="/proc/net/ip_tables_names"
+	           iptables_save=${IPTABLES_SAVE};;
+	ip6tables) iptables_proc="/proc/net/ip6_tables_names"
+	           iptables_save=${IP6TABLES_SAVE};;
+esac
+
+depend() {
+	before net
+	use logger
+}
+
+set_table_policy() {
+	local chains table=$1 policy=$2
+	case ${table} in
+		nat)    chains="PREROUTING POSTROUTING OUTPUT";;
+		mangle) chains="PREROUTING INPUT FORWARD OUTPUT POSTROUTING";;
+		filter) chains="INPUT FORWARD OUTPUT";;
+		*)      chains="";;
+	esac
+	local chain
+	for chain in ${chains} ; do
+		${iptables_bin} -t ${table} -P ${chain} ${policy}
+	done
+}
+
+checkkernel() {
+	if [ ! -e ${iptables_proc} ] ; then
+		eerror "Your kernel lacks ${iptables_name} support, please load"
+		eerror "appropriate modules and try again."
+		return 1
+	fi
+	return 0
+}
+checkconfig() {
+	if [ ! -f ${iptables_save} ] ; then
+		eerror "Not starting ${iptables_name}.  First create some rules then run:"
+		eerror "/etc/init.d/${iptables_name} save"
+		return 1
+	fi
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Loading ${iptables_name} state and starting firewall"
+	${iptables_bin}-restore ${SAVE_RESTORE_OPTIONS} < "${iptables_save}"
+	eend $?
+}
+
+stop() {
+	if [ "${SAVE_ON_STOP}" = "yes" ] ; then
+		save || return 1
+	fi
+	checkkernel || return 1
+	ebegin "Stopping firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		set_table_policy $a ACCEPT
+
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+}
+
+reload() {
+	checkkernel || return 1
+	ebegin "Flushing firewall"
+	local a
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+	done
+	eend $?
+
+	start
+}
+
+save() {
+	ebegin "Saving ${iptables_name} state"
+	touch "${iptables_save}"
+	chmod 0600 "${iptables_save}"
+	${iptables_bin}-save ${SAVE_RESTORE_OPTIONS} > "${iptables_save}"
+	eend $?
+}
+
+panic() {
+	checkkernel || return 1
+	service_started ${iptables_name} && svc_stop
+
+	local a
+	ebegin "Dropping all packets"
+	for a in $(cat ${iptables_proc}) ; do
+		${iptables_bin} -F -t $a
+		${iptables_bin} -X -t $a
+
+		set_table_policy $a DROP
+	done
+	eend $?
+}
diff --git a/main/iptraf/APKBUILD b/main/iptraf/APKBUILD
new file mode 100644
index 0000000000..4d1149d1c7
--- /dev/null
+++ b/main/iptraf/APKBUILD
@@ -0,0 +1,37 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=iptraf
+pkgver=3.0.0
+pkgrel=0
+pkgdesc="IP Network Monitoring Software"
+url="http://iptraf.seoul.org"
+license="GPL"
+depends=
+makedepends="ncurses-dev"
+install=
+subpackages="$pkgname-doc"
+source="ftp://iptraf.seul.org/pub/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver/src"
+
+	sed -i -e s:/var/local/iptraf:/var/lib/iptraf: \
+		-e s:/usr/local/bin:/usr/sbin: dirs.h
+        make CFLAGS="$CFLAGS" DEBUG="" TARGET="/usr/sbin" \
+		WORKDIR="/var/lib/iptraf" || return 1
+
+	for sbin in iptraf rvnamed; do
+		install -D -m755 $sbin "$pkgdir"/usr/sbin/$sbin
+	done
+
+        cd ../Documentation
+	for man in *.8; do
+		install -D -m644 $man "$pkgdir"/usr/share/man/man8/$man
+	done
+	
+	for dir in lib log run; do
+		mkdir -p "$pkgdir"/var/$dir/iptraf
+	done
+}
+
+md5sums="377371c28ee3c21a76f7024920649ea8  iptraf-3.0.0.tar.gz"
diff --git a/main/iputils/APKBUILD b/main/iputils/APKBUILD
new file mode 100644
index 0000000000..02face483a
--- /dev/null
+++ b/main/iputils/APKBUILD
@@ -0,0 +1,28 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=iputils
+pkgver=20071127
+pkgrel=1
+pkgdesc="IP Configuration Utilities (and Ping)"
+url="http://www.linuxfoundation.org/en/Net:Iputils"
+license="GPL"
+install=$pkgname.post-install
+depends="uclibc"
+source="http://www.skbuff.net/$pkgname/$pkgname-s$pkgver.tar.bz2
+	$pkgname-20070202-no-open-max.patch
+	$install"
+
+build ()
+{
+	cd "$srcdir"/$pkgname-s$pkgver
+	patch -Np1 -i ../iputils-20070202-no-open-max.patch || return 1
+	make KERNEL_INCLUDE=/usr/include || return 1
+	for i in arping clockdiff rarpd rdisc tftpd tracepath tracepath6; do
+		install -D -m755 $i "$pkgdir"/usr/sbin/$i
+	done
+	for i in ping ping6 traceroute6; do
+		install -D -m4755 $i "$pkgdir"/bin/$i
+	done
+}
+md5sums="12245e9927d60ff5cf4a99d265bcb7d3  iputils-s20071127.tar.bz2
+a2cbc0174dd883f68297aa7f3e7c4f5c  iputils-20070202-no-open-max.patch
+b84506d253e04db3c5af9016fead45a3  iputils.post-install"
diff --git a/main/iputils/iputils-20070202-no-open-max.patch b/main/iputils/iputils-20070202-no-open-max.patch
new file mode 100644
index 0000000000..5013ba4fdc
--- /dev/null
+++ b/main/iputils/iputils-20070202-no-open-max.patch
@@ -0,0 +1,16 @@
+the OPEN_MAX define has been removed in newer kernel headers so use the
+proper method of getting the value dynamically
+
+http://bugs.gentoo.org/195861
+
+--- a/rdisc.c
++++ b/rdisc.c
+@@ -247,7 +247,7 @@ void do_fork(void)
+ 	if ((pid=fork()) != 0)
+ 		exit(0);
+ 
+-	for (t = 0; t < OPEN_MAX; t++)
++	for (t = 0; t < sysconf(_SC_OPEN_MAX); t++)
+ 		if (t != s)
+ 			close(t);
+ 
diff --git a/main/iputils/iputils.post-install b/main/iputils/iputils.post-install
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/iputils/iputils.post-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/irssi/APKBUILD b/main/irssi/APKBUILD
new file mode 100644
index 0000000000..bdb3c16c92
--- /dev/null
+++ b/main/irssi/APKBUILD
@@ -0,0 +1,34 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=irssi
+pkgver=0.8.13
+#_pkgver=0.8.13-rc1
+pkgrel=0
+pkgdesc="A modular textUI IRC client with IPv6 support"
+url="http://irssi.org/"
+license='GPL'
+depends="glib ncurses ncurses-terminfo openssl"
+makedepends="glib-dev openssl-dev ncurses-dev perl-dev pkgconfig g++"
+source="http://irssi.org/files/irssi-${pkgver}.tar.bz2"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-perl"
+
+build() {
+	cd "$srcdir/$pkgname-${pkgver}"
+
+	./configure --prefix=/usr \
+	--sysconfdir=/etc \
+	--mandir=/usr/share/man \
+	--with-perl=module
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+perl() {
+	depends="$pkgname perl"
+	mkdir -p "$subpkgdir"/usr/share/irssi
+	mv "$pkgdir"/usr/share/irssi/scripts "$subpkgdir"/usr/share/irssi/
+	mkdir -p "$subpkgdir"/usr/lib/irssi
+	mv "$pkgdir"/usr/lib/irssi/modules "$subpkgdir"/usr/lib/irssi/
+	mv "$pkgdir"/usr/lib/perl5 "$subpkgdir"/usr/lib/
+}
+
+md5sums="0d6fc2203832b514eff014fffd574664  irssi-0.8.13.tar.bz2"
diff --git a/main/iscsitarget-grsec/APKBUILD b/main/iscsitarget-grsec/APKBUILD
new file mode 100644
index 0000000000..a555918a8c
--- /dev/null
+++ b/main/iscsitarget-grsec/APKBUILD
@@ -0,0 +1,44 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+_flavor=grsec
+_realname=iscsitarget
+# source the kernel version
+if [ -f ../linux-$_flavor/APKBUILD ]; then
+	. ../linux-$_flavor/APKBUILD
+fi
+_abi_release=$pkgver-${_flavor}
+
+# get pkgver from iscsitarget
+if [ -f ../iscsitarget/APKBUILD ]; then
+	. ../iscsitarget/APKBUILD
+fi
+pkgname=${_realname}-${_flavor}
+pkgver=${pkgver:-0.4.17}
+pkgrel=3
+pkgdesc="$_flavor kernel modules for iscsitarget"
+url="http://iscsitarget.sourceforge.net/"
+license="GPL-2"
+depends=
+install=
+makedepends="linux-${_flavor}-dev"
+subpackages=
+source="http://downloads.sourceforge.net/$_realname/$_realname-$pkgver.tar.gz
+	iscsitarget-0.4.17+linux-2.6.28.patch
+	iscsitarget-0.4.17+linux-2.6.29.patch
+	"
+
+build() {
+	cd "$srcdir"/$_realname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+
+	unset ARCH
+	local ksrc=/usr/src/linux-headers-${_abi_release}
+	make KSRC="$ksrc" kernel || return 1
+	make KSRC="$ksrc" DISTDIR="$pkgdir" install-kernel || return 1
+}
+md5sums="e79b437695fc50e7d054631855a16b1b  iscsitarget-0.4.17.tar.gz
+f58dde50f72b04b7737b33e517e56208  iscsitarget-0.4.17+linux-2.6.28.patch
+a7be10bb04c9014807e39db75c9cd468  iscsitarget-0.4.17+linux-2.6.29.patch"
diff --git a/main/iscsitarget-grsec/iscsitarget-0.4.17+linux-2.6.28.patch b/main/iscsitarget-grsec/iscsitarget-0.4.17+linux-2.6.28.patch
new file mode 100644
index 0000000000..ec35cd526f
--- /dev/null
+++ b/main/iscsitarget-grsec/iscsitarget-0.4.17+linux-2.6.28.patch
@@ -0,0 +1,78 @@
+From c5e70fc826aad5efb786c47d294e3c0c76246d63 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Diego=20E.=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@gmail.com>
+Date: Sat, 3 Jan 2009 00:09:43 +0100
+Subject: [PATCH] Fix building with Linux kernel 2.6.28 and later.
+
+With changeset 30c40d2c01f68c7eb1a41ab3552bdaf5dbf300d4 of the Linux
+kernel, the functions open_bdev_excl and close_bdev_excl were replaced with
+functionally-equivalent open_bdev_exclusive and close_bdev_exclusive.
+
+The new interface uses fmode_t instead of integer flags to carry on the
+opening mode for a block device, thus require some minor changes in the
+calls.
+---
+ kernel/block-io.c |   21 +++++++++++++++++++++
+ 1 files changed, 21 insertions(+), 0 deletions(-)
+
+diff --git a/kernel/block-io.c b/kernel/block-io.c
+index e4a25f7..2c5f6f6 100644
+--- a/kernel/block-io.c
++++ b/kernel/block-io.c
+@@ -18,6 +18,14 @@
+ #include "iscsi_dbg.h"
+ #include "iotype.h"
+ 
++#include <linux/version.h>
++
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28)
++# define HAVE_OPEN_BDEV_EXCLUSIVE 1
++#else
++# define HAVE_OPEN_BDEV_EXCLUSIVE 0
++#endif
++
+ struct blockio_data {
+ 	char *path;
+ 	struct block_device *bdev;
+@@ -154,14 +160,22 @@ blockio_open_path(struct iet_volume *volume, const char *path)
+ {
+ 	struct blockio_data *bio_data = volume->private;
+ 	struct block_device *bdev;
++#if HAVE_OPEN_BDEV_EXCLUSIVE
++	fmode_t mode = FMODE_READ | ( LUReadonly(volume) ? 0 : FMODE_WRITE );
++#else
+ 	int flags = LUReadonly(volume) ? MS_RDONLY : 0;
++#endif
+ 	int err = 0;
+ 
+ 	bio_data->path = kstrdup(path, GFP_KERNEL);
+ 	if (!bio_data->path)
+ 		return -ENOMEM;
+ 
++#if HAVE_OPEN_BDEV_EXCLUSIVE
++	bdev = open_bdev_exclusive(path, mode, THIS_MODULE);
++#else
+ 	bdev = open_bdev_excl(path, flags, THIS_MODULE);
++#endif
+ 	if (IS_ERR(bdev)) {
+ 		err = PTR_ERR(bdev);
+ 		eprintk("Can't open device %s, error %d\n", path, err);
+@@ -323,9 +337,16 @@ static void
+ blockio_detach(struct iet_volume *volume)
+ {
+ 	struct blockio_data *bio_data = volume->private;
++#if HAVE_OPEN_BDEV_EXCLUSIVE
++	fmode_t mode = FMODE_READ | ( LUReadonly(volume) ? 0 : FMODE_WRITE );
++#endif
+ 
+ 	if (bio_data->bdev)
++#if HAVE_OPEN_BDEV_EXCLUSIVE
++		close_bdev_exclusive(bio_data->bdev, mode);
++#else
+ 		close_bdev_excl(bio_data->bdev);
++#endif
+ 	kfree(bio_data->path);
+ 
+ 	kfree(volume->private);
+-- 
+1.6.0.6
+
diff --git a/main/iscsitarget-grsec/iscsitarget-0.4.17+linux-2.6.29.patch b/main/iscsitarget-grsec/iscsitarget-0.4.17+linux-2.6.29.patch
new file mode 100644
index 0000000000..092fdc3fd9
--- /dev/null
+++ b/main/iscsitarget-grsec/iscsitarget-0.4.17+linux-2.6.29.patch
@@ -0,0 +1,40 @@
+From 81373580a641732a7e4610c3d39af0c68007b892 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Diego=20Elio=20'Flameeyes'=20Petten=C3=B2?= <flameeyes@gmail.com>
+Date: Wed, 25 Mar 2009 16:14:46 +0100
+Subject: [PATCH 2/2] Fix building with Linux kernel 2.6.29 and later.
+
+When building for Linux 2.6.29 or later, instead of using the NIP6
+macro (that has been removed) use the new %p6 format specifier.
+---
+ kernel/conn.c |    6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/kernel/conn.c b/kernel/conn.c
+index f96e2b6..ab561f9 100644
+--- a/kernel/conn.c
++++ b/kernel/conn.c
+@@ -6,6 +6,7 @@
+ 
+ #include <linux/file.h>
+ #include <linux/ip.h>
++#include <linux/version.h>
+ #include <net/tcp.h>
+ 
+ #include "iscsi.h"
+@@ -47,8 +48,13 @@ void conn_info_show(struct seq_file *seq, struct iscsi_session *session)
+ 			break;
+ 		case AF_INET6:
+ 			snprintf(buf, sizeof(buf),
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 29)
++				 "[%p6]",
++				 &(inet6_sk(sk)->daddr));
++#else
+ 				 "[%04x:%04x:%04x:%04x:%04x:%04x:%04x:%04x]",
+ 				 NIP6(inet6_sk(sk)->daddr));
++#endif
+ 			break;
+ 		default:
+ 			break;
+-- 
+1.6.2
+
diff --git a/main/iscsitarget/APKBUILD b/main/iscsitarget/APKBUILD
new file mode 100644
index 0000000000..3bdf98ee06
--- /dev/null
+++ b/main/iscsitarget/APKBUILD
@@ -0,0 +1,40 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+pkgname=iscsitarget
+pkgver=0.4.17
+pkgrel=2
+pkgdesc="Open Source iSCSI target with professional features - userspace utils"
+url="http://iscsitarget.sourceforge.net/"
+license="GPL-2"
+depends=
+makedepends="openssl-dev"
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	$pkgname-0.4.15-isns-set-scn-flag.patch
+	$pkgname-0.4.17-build.patch
+	ietd.initd
+	ietd.confd
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+	
+	make usr || return 1
+	make DISTDIR="$pkgdir" install-usr install-doc
+
+	for i in etc/ietd.conf etc/initiators.*; do
+		install -Dm640 $i "$pkgdir"/$i || return 1
+	done
+	install -Dm755 ../ietd.initd "$pkgdir"/etc/init.d/ietd
+	install -Dm755 ../ietd.confd "$pkgdir"/etc/conf.d/ietd
+}
+
+md5sums="e79b437695fc50e7d054631855a16b1b  iscsitarget-0.4.17.tar.gz
+22512c5cf4cb62127730ce53d74ff28f  iscsitarget-0.4.15-isns-set-scn-flag.patch
+c9a9b839b3afcdecd1601511ee48a171  iscsitarget-0.4.17-build.patch
+641513492f58a6cb13247d0028a50906  ietd.initd
+06ba479d3533d557b8582abe6f182410  ietd.confd"
diff --git a/main/iscsitarget/ietd.confd b/main/iscsitarget/ietd.confd
new file mode 100644
index 0000000000..3621326b1a
--- /dev/null
+++ b/main/iscsitarget/ietd.confd
@@ -0,0 +1,30 @@
+# Copyright 1999-2006 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/sys-block/iscsitarget/files/ietd-conf.d,v 1.1 2006/02/20 08:33:40 robbat2 Exp $
+
+# Address and port to listen on for connections.
+#ADDRESS="" # set this to non-empty to listen somewhere specific
+PORT=3260
+
+# Address of your SNS server
+# if available
+#ISNS=""
+
+# User and group to run as
+# You must ensure that the UID/GID have access to the files/devices you
+# have provided in your configuration.
+USER="root"
+GROUP="root"
+
+# Debug level - see ietd(8) for the levels
+#DEBUGLEVEL=
+
+# This setting disables the memory configuration warnings.
+# Upstream takes the general policy of forcing all of the memory settings that
+# they want, but that doesn't mesh with users that have it set higher.
+# Gentoo by default ignores the settings that are higher, but issues warnings
+# on those that are lower.
+# Uncomment the next line to disable those warnings.
+#DISABLE_MEMORY_WARNINGS=1
+
+# vim: filetype=gentoo-conf-d tw=72:
diff --git a/main/iscsitarget/ietd.initd b/main/iscsitarget/ietd.initd
new file mode 100644
index 0000000000..6ea9a4b51e
--- /dev/null
+++ b/main/iscsitarget/ietd.initd
@@ -0,0 +1,106 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/sys-block/iscsitarget/files/ietd-init.d-2,v 1.1 2008/07/18 16:03:38 flameeyes Exp $
+
+MEM_SIZE=1048576
+DAEMON=/usr/sbin/ietd
+CONFIG_FILE=/etc/ietd.conf
+PID_FILE=/var/run/iscsi_trgt.pid
+NAME="iSCSI Enterprise Target"
+
+ARGS=""
+[ -n "$USER" ] && ARGS="${ARGS} --uid=${USER}"
+[ -n "$GROUP" ] && ARGS="${ARGS} --gid=${GROUP}"
+[ -n "$ISNS" ] && ARGS="${ARGS} --isns=${ISNS}"
+[ -n "$PORT" ] && ARGS="${ARGS} --port=${PORT}"
+[ -n "$ADDRESS" ] && ARGS="${ARGS} --address=${ADDRESS}"
+[ -n "$DEBUGLEVEL" ] && ARGS="${ARGS} --debug=${DEBUGLEVEL}"
+
+depend() {
+	use net
+	after modules
+}
+checkconfig() {
+	if [ ! -f $CONFIG_FILE ]; then
+		eerror "Config file $CONFIG_FILE does not exist!"
+		return 1
+	fi
+	if [ -z "$DISABLE_MEMORY_WARNINGS" ]; then
+		check_memsize
+	fi
+}
+
+check_memsize() {
+	local wr md sysctl_key v k
+	for wr in r w; do
+		for md in max default; do
+			sysctl_key="net.core.${wr}mem_${md}"
+			v="$(sysctl -n ${sysctl_key})"
+			if [ "${v}" -lt "${MEM_SIZE}" ]; then
+				ewarn "$sysctl_key ($v) is lower than recommended ${MEM_SIZE}"
+			fi
+		done
+	done
+	for wr in "" r w; do
+		sysctl_key="net.ipv4.tcp_${wr}mem"
+		set -- $(sysctl -n ${sysctl_key})
+		for k in min default max ; do
+			if [ "${1}" -lt "${MEM_SIZE}" ]; then
+				ewarn "$sysctl_key:$k (${1}) is lower than recommended ${MEM_SIZE}"
+			fi
+			shift
+		done
+	done
+}
+
+do_modules() {
+	msg="$1"
+	shift
+	modules="$1"
+	shift
+	opts="$@"
+	for m in ${modules}; do
+		ebegin "${msg} - ${m}"
+		modprobe ${opts} $m
+		ret=$?
+		eend $ret
+		[ $ret -ne 0 ] && return $ret
+	done
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	do_modules 'Loading iSCSI-Target modules' 'iscsi_trgt'
+	ebegin "Starting ${NAME}"
+	start-stop-daemon --start --exec $DAEMON --quiet -- ${ARGS}
+	eend $?
+}
+
+stop() {
+	ebegin "Removing ${NAME} devices"
+	# ugly, but ietadm does not allways provides correct exit values
+	RETURN="$(ietadm --op delete 2>&1)"
+	RETVAL=$?
+	if [ $RETVAL -eq 0 ] && [ "$RETURN" != "something wrong" ] ; then
+		eend 0
+	else
+		eend 1
+		eerror "ietadm failed - $RETURN"
+		return 1
+	fi
+
+	ebegin "Stopping ${NAME}"
+	start-stop-daemon --stop --quiet --exec $DAEMON --pidfile $PID_FILE
+	ret=$?
+	eend $ret
+	[ $ret -ne 0 ] && return 1
+
+	# ugly, but pid file is not removed by ietd
+	rm -f $PID_FILE
+	do_modules 'Removing iSCSI-Target modules' 'iscsi_trgt' '-r'
+	return $?
+}
+
+# vim: tw=72:
diff --git a/main/iscsitarget/iscsitarget-0.4.15-isns-set-scn-flag.patch b/main/iscsitarget/iscsitarget-0.4.15-isns-set-scn-flag.patch
new file mode 100644
index 0000000000..4db90793d7
--- /dev/null
+++ b/main/iscsitarget/iscsitarget-0.4.15-isns-set-scn-flag.patch
@@ -0,0 +1,20 @@
+http://bugs.gentoo.org/180619
+
+--- a/usr/isns.c
++++ b/usr/isns.c
+@@ -215,13 +215,13 @@
+ 
+ #if __BYTE_ORDER == __LITTLE_ENDIAN
+ #define set_scn_flag(x)						\
+-{								\
++({								\
+ 	x = (x & 0x55555555) << 1 | (x & 0xaaaaaaaa) >> 1;	\
+ 	x = (x & 0x33333333) << 2 | (x & 0xcccccccc) >> 2;	\
+ 	x = (x & 0x0f0f0f0f) << 4 | (x & 0xf0f0f0f0) >> 4;	\
+ 	x = (x & 0x00ff00ff) << 8 | (x & 0xff00ff00) >> 8;	\
+ 	x = (x & 0x0000ffff) << 16 | (x & 0xffff0000) >> 16;	\
+-}
++})
+ #else
+ #define set_scn_flag(x) (x)
+ #endif
diff --git a/main/iscsitarget/iscsitarget-0.4.17-build.patch b/main/iscsitarget/iscsitarget-0.4.17-build.patch
new file mode 100644
index 0000000000..ee676a9608
--- /dev/null
+++ b/main/iscsitarget/iscsitarget-0.4.17-build.patch
@@ -0,0 +1,23 @@
+--- a/usr/Makefile
++++ b/usr/Makefile
+@@ -1,16 +1,15 @@
+-CFLAGS += -O2 -fno-inline -Wall -Wstrict-prototypes -g -I../include
++CFLAGS ?= -O2 -fno-inline -g
+ CFLAGS += -D_GNU_SOURCE # required for glibc >= 2.8
++WARNFLAGS = -Wall -Wstrict-prototypes
++CFLAGS += $(WARNFLAGS) -I../include
+ PROGRAMS = ietd ietadm
+-LIBS = -lcrypto
++LDLIBS = -lcrypto
+ 
+ all: $(PROGRAMS)
+ 
+ ietd: ietd.o iscsid.o conn.o session.o target.o message.o ctldev.o log.o chap.o event.o param.o plain.o isns.o
+ 
+-	$(CC) $^ -o $@ $(LIBS)
+-
+ ietadm: ietadm.o param.o
+-	$(CC) $^ -o $@
+ 
+ clean:
+ 	rm -f *.o $(PROGRAMS)
diff --git a/main/jpeg/APKBUILD b/main/jpeg/APKBUILD
new file mode 100644
index 0000000000..c795091a4d
--- /dev/null
+++ b/main/jpeg/APKBUILD
@@ -0,0 +1,35 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=jpeg
+pkgver=7
+pkgrel=0
+pkgdesc="JPEG image tools"
+url="http://www.ijg.org/"
+license="AS-IS"
+depends=
+makedepends=
+install=
+subpackages="$pkgname-doc $pkgname-dev libjpeg"
+source="http://www.ijg.org/files/jpegsrc.v${pkgver}.tar.gz"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--enable-shared 
+	make || return 1
+	make -j1 install DESTDIR="$pkgdir"
+	install -Dm644 jpegint.h "$pkgdir"/usr/include/jpegint.h
+}
+
+libjpeg() {
+	pkgdesc="JPEG image library"
+	install -d "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libjpeg* "$subpkgdir"/usr/lib/
+}
+
+
+md5sums="382ef33b339c299b56baf1296cda9785  jpegsrc.v7.tar.gz"
diff --git a/main/json4lua/APKBUILD b/main/json4lua/APKBUILD
new file mode 100644
index 0000000000..bceb0ca836
--- /dev/null
+++ b/main/json4lua/APKBUILD
@@ -0,0 +1,15 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=json4lua
+pkgver=0.9.20
+pkgrel=0
+pkgdesc="JSON encoding / decoding module for Lua"
+url="http://json.luaforge.net/"
+license="GPL-2"
+depends="lua"
+source="http://luaforge.net/frs/download.php/1375/JSON4Lua-$pkgver.zip"
+
+build() {
+	install -D "$srcdir"/json/json.lua "$pkgdir"/usr/share/lua/5.1/json.lua
+}
+
+md5sums="0a2071a24d7752f52d5cc9cac8800743  JSON4Lua-0.9.20.zip"
diff --git a/main/ksymoops/APKBUILD b/main/ksymoops/APKBUILD
new file mode 100644
index 0000000000..d8cc04fdf7
--- /dev/null
+++ b/main/ksymoops/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ksymoops
+pkgver=2.4.11
+pkgrel=0
+pkgdesc="A Linux kernel Oops file troubleshooting tool"
+url="ftp://ftp.kernel.org/pub/linux/utils/kernel/ksymoops/v2.4"
+license="GPL-2"
+depends="uclibc"
+makedepends="!gettext !libiconv"
+source="ftp://ftp.kernel.org/pub/linux/utils/kernel/$pkgname/v2.4/$pkgname-$pkgver.tar.bz2
+	$pkgname-2.4.11-build.patch
+	"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$pkgver"
+	patch -p1 < ../$pkgname-2.4.11-build.patch || return 1
+	make || return 1
+	make install \
+		INSTALL_PREFIX="$pkgdir"/usr \
+		INSTALL_MANDIR="$pkgdir"/usr/share/man
+}
+md5sums="4a8249e182a5dbc75e566d162e9f3314  ksymoops-2.4.11.tar.bz2
+bad82d31c7d15431fc022be237791d59  ksymoops-2.4.11-build.patch"
diff --git a/main/ksymoops/ksymoops-2.4.11-build.patch b/main/ksymoops/ksymoops-2.4.11-build.patch
new file mode 100644
index 0000000000..e563840c6c
--- /dev/null
+++ b/main/ksymoops/ksymoops-2.4.11-build.patch
@@ -0,0 +1,12 @@
+--- a/Makefile.orig	2006-11-16 17:39:45.000000000 -0500
++++ b/Makefile	2006-11-16 17:39:55.000000000 -0500
+@@ -96,9 +96,6 @@
+ 	INSTALL_MANDIR := $(INSTALL_PREFIX)/man
+ endif
+ 
+-STATIC := -Wl,-Bstatic
+-DYNAMIC := -Wl,-Bdynamic
+-
+ OBJECTS := io.o ksyms.o ksymoops.o map.o misc.o object.o oops.o re.o symbol.o
+ 
+ all: $(PROGS)
diff --git a/main/less/APKBUILD b/main/less/APKBUILD
new file mode 100644
index 0000000000..0567914a5e
--- /dev/null
+++ b/main/less/APKBUILD
@@ -0,0 +1,28 @@
+# Contributor: Cameron Banta <cbanta@gmail.com>
+# Maintainer: Cameron Banta <cbanta@gmail.com>
+pkgname=less
+pkgver=429
+pkgrel=0
+pkgdesc="File pager"
+url="http://www.greenwoodsoftware.com/less/"
+license="GPL"
+depends="uclibc ncurses"
+makedepends="ncurses-dev"
+install="$pkgname.post-deinstall"
+subpackages="$pkgname-doc"
+source="http://www.greenwoodsoftware.com/$pkgname/$pkgname-$pkgver.tar.gz
+	$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="206f2f13b9b0a35e45df660fcb6af31d  less-429.tar.gz
+b84506d253e04db3c5af9016fead45a3  less.post-deinstall"
diff --git a/main/less/less.post-deinstall b/main/less/less.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/less/less.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/lftp/APKBUILD b/main/lftp/APKBUILD
new file mode 100644
index 0000000000..239573c121
--- /dev/null
+++ b/main/lftp/APKBUILD
@@ -0,0 +1,31 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=lftp
+pkgver=3.7.14
+pkgrel=1
+pkgdesc="LFTP is sophisticated ftp/http client"
+url="http://lftp.yar.ru/"
+license="GPL"
+depends=
+makedepends="openssl-dev uclibc++-dev readline-dev ncurses-dev gettext-dev"
+subpackages="$pkgname-doc"
+source="http://ftp.yars.free.net/pub/source/lftp/lftp-${pkgver}.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	export CXX=g++-uc
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/lftp \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-modules \
+		--disable-nls \
+		--with-openssl
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+}
+
+md5sums="723d372833d6a94c15cc78cc98565517  lftp-3.7.14.tar.bz2"
diff --git a/main/lha/APKBUILD b/main/lha/APKBUILD
new file mode 100644
index 0000000000..705e51e077
--- /dev/null
+++ b/main/lha/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=lha
+pkgver=1.14i
+pkgrel=0
+pkgdesc="Compression and archive utility for LH-7 format archives"
+url="http://www.infor.kanazawa-it.ac.jp/~ishii/lhaunix/"
+license="custom"
+subpackages="$pkgname-doc"
+depends="uclibc"
+makedepends=""
+install=
+source="http://osdn.dl.sourceforge.jp/lha/22231/$pkgname-$pkgver-ac20050924p1.tar.gz"
+
+build ()
+{
+	cd $srcdir/$pkgname-$pkgver-ac20050924p1
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make "DESTDIR=$pkgdir" install
+	#install -D -m755 $srcdir/lha $pkgdir/usr/bin/lha
+}
+
+md5sums="9f52430410928ba4390a73a41a36d56f  lha-1.14i-ac20050924p1.tar.gz"
diff --git a/main/libao/APKBUILD b/main/libao/APKBUILD
new file mode 100644
index 0000000000..a82ba46587
--- /dev/null
+++ b/main/libao/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libao
+pkgver=0.8.8
+pkgrel=1
+pkgdesc="Cross-platform audio output library and plugins"
+url="http://www.xiph.org/ao"
+license="GPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="uclibc alsa-lib"
+makedepends="alsa-lib-dev"
+source="http://downloads.xiph.org/releases/ao/$pkgname-$pkgver.tar.gz"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--enable-alsa09 \
+		--disable-esd \
+		--disable-arts
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="b92cba3cbcf1ee9bc221118a85d23dcd  libao-0.8.8.tar.gz"
diff --git a/main/libart-lgpl/APKBUILD b/main/libart-lgpl/APKBUILD
new file mode 100644
index 0000000000..3ac38769a0
--- /dev/null
+++ b/main/libart-lgpl/APKBUILD
@@ -0,0 +1,19 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libart-lgpl
+pkgver=2.3.20
+pkgrel=0
+pkgdesc="A library for high-performance 2D graphics"
+url="http://www.levien.com/libart/"
+license="LGPL"
+depends="uclibc"
+subpackages="$pkgname-dev"
+source="http://ftp.gnome.org/pub/GNOME/sources/libart_lgpl/2.3/libart_lgpl-$pkgver.tar.bz2
+	"
+
+build() {
+	cd "$srcdir"/libart_lgpl-$pkgver
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+md5sums="d0ce67f2ebcef1e51a83136c69242a73  libart_lgpl-2.3.20.tar.bz2"
diff --git a/main/libassuan/APKBUILD b/main/libassuan/APKBUILD
new file mode 100644
index 0000000000..2b2498c49e
--- /dev/null
+++ b/main/libassuan/APKBUILD
@@ -0,0 +1,18 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libassuan
+pkgver=1.0.5
+pkgrel=0
+pkgdesc="Libassuan is the IPC library used by some GnuPG related software"
+url="ftp://ftp.gnupg.org/gcrypt/libgcrypt"
+license="GPL"
+makedepends="pth-dev"
+subpackages="$pkgname-doc"
+source="ftp://ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="c2db0974fcce4401f48f3fa41c4edc5a  libassuan-1.0.5.tar.bz2"
diff --git a/main/libcap/APKBUILD b/main/libcap/APKBUILD
new file mode 100644
index 0000000000..731729c03a
--- /dev/null
+++ b/main/libcap/APKBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libcap
+pkgver=2.16
+pkgrel=1
+pkgdesc="POSIX 1003.1e capabilities"
+license="GPL"
+url="http://www.friedhoff.org/posixfilecaps.html"
+depends=
+makedepends="perl"
+source="http://www.kernel.org/pub/linux/libs/security/linux-privs/libcap2/$pkgname-$pkgver.tar.gz
+	include-order.patch
+	"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build ()
+{
+	cd "$srcdir/$pkgname-$pkgver"
+	patch -p1 < ../include-order.patch || return 1
+
+	make lib=/lib prefix=/usr LIBATTR=no DESTDIR="$pkgdir" install
+}
+md5sums="9e075fda242c4070ba76407064c13302  libcap-2.16.tar.gz
+db5c78e0ab579bb6723fff5ebb2fd530  include-order.patch"
diff --git a/main/libcap/include-order.patch b/main/libcap/include-order.patch
new file mode 100644
index 0000000000..88c5fcc6c8
--- /dev/null
+++ b/main/libcap/include-order.patch
@@ -0,0 +1,16 @@
+diff -ur a/progs/capsh.c b/progs/capsh.c
+--- a/progs/capsh.c	2009-07-24 07:14:03.000000000 +0000
++++ b/progs/capsh.c	2009-07-24 07:14:19.000000000 +0000
+@@ -12,11 +12,11 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <stdlib.h>
++#include <sys/wait.h>
+ #include <sys/prctl.h>
+ #include <sys/capability.h>
+ #include <unistd.h>
+ #include <errno.h>
+-#include <sys/wait.h>
+ 
+ /* prctl based API for altering character of current process */
+ #define PR_GET_KEEPCAPS    7
diff --git a/main/libconfig/APKBUILD b/main/libconfig/APKBUILD
new file mode 100644
index 0000000000..13185722c9
--- /dev/null
+++ b/main/libconfig/APKBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libconfig
+pkgver=1.3.2
+pkgrel=0
+pkgdesc="a simple library for manipulating structured configuration files"
+url="http://www.hyperrealm.com/libconfig/"
+license='LGPL'
+depends="uclibc"
+makedepends="g++"
+source="http://www.hyperrealm.com/$pkgname/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--disable-cxx
+	make || return 1
+	make -j1 DESTDIR="$pkgdir/" install
+}
+
+md5sums="094a82afd382aa2305c6cc3c06025c2d  libconfig-1.3.2.tar.gz"
diff --git a/main/libexif/APKBUILD b/main/libexif/APKBUILD
new file mode 100644
index 0000000000..c9f244b09d
--- /dev/null
+++ b/main/libexif/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libexif
+pkgver=0.6.17
+pkgrel=0
+pkgdesc="A library to parse an EXIF file and read the data from those tags"
+url="http://sourceforge.net/projects/libexif"
+license="LGPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends=
+source="http://downloads.sf.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+md5sums="f7cf4e623a48c9a3b13f7f95f0a41015  libexif-0.6.17.tar.bz2"
diff --git a/main/libgcrypt/APKBUILD b/main/libgcrypt/APKBUILD
new file mode 100644
index 0000000000..efe95c1abf
--- /dev/null
+++ b/main/libgcrypt/APKBUILD
@@ -0,0 +1,27 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libgcrypt
+pkgver=1.4.4
+pkgrel=1
+pkgdesc="general purpose crypto library based on the code used in GnuPG"
+url="http://www.gnupg.org"
+license="LGPL"
+depends=
+makedepends="libgpg-error-dev texinfo"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+depends_dev="libgpg-error-dev"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	./configure --build=${CHOST:-i486-alpine-linux-uclibc} \
+		--prefix=/usr \
+		--enable-padlock-support \
+		--disable-static
+
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install || return 1
+	rm -f ${pkgdir}/usr/share/info/dir
+}
+md5sums="34105aa927e23c217741966496b97e67  libgcrypt-1.4.4.tar.bz2"
diff --git a/main/libgcrypt/nocxx.patch b/main/libgcrypt/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/libgcrypt/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/libgpg-error/APKBUILD b/main/libgpg-error/APKBUILD
new file mode 100644
index 0000000000..24cac43606
--- /dev/null
+++ b/main/libgpg-error/APKBUILD
@@ -0,0 +1,32 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libgpg-error
+pkgver=1.7
+pkgrel=0
+pkgdesc="Support library for libgcrypt"
+url="http://www.gnupg.org"
+license="LGPL"
+depends="uclibc"
+subpackages="$pkgname-dev $pkgname-lisp"
+source="ftp://ftp.franken.de/pub/crypt/mirror/ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2
+	nocxx.patch
+	"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+	msg "Punting useless check for cpp..."
+	patch configure < ../nocxx.patch || return 1
+
+	./configure --prefix=/usr \
+		--disable-nls
+
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+}
+
+lisp() {
+	mkdir -p "$subpkgdir"/usr/
+	mv "$pkgdir"/usr/share "$subpkgdir"/usr/share/
+}
+
+md5sums="62c0d09d1e76c5b6da8fff92314c4665  libgpg-error-1.7.tar.bz2
+28513788ba4d556ccd538867dc6205ab  nocxx.patch"
diff --git a/main/libgpg-error/nocxx.patch b/main/libgpg-error/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/libgpg-error/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/libiconv/APKBUILD b/main/libiconv/APKBUILD
new file mode 100644
index 0000000000..6cd441ca6e
--- /dev/null
+++ b/main/libiconv/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=libiconv
+pkgver=1.12
+pkgrel=0
+pkgdesc="GNU charset conversion library for libc which doesn't implement it"
+url="http://www.gnu.org/software/libiconv"
+license='LGPL'
+depends="uclibc"
+source="http://ftp.gnu.org/pub/gnu/libiconv/libiconv-1.12.tar.gz"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+	--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+md5sums="c2be282595751535a618ae0edeb8f648  libiconv-1.12.tar.gz"
diff --git a/main/libid3tag/APKBUILD b/main/libid3tag/APKBUILD
new file mode 100644
index 0000000000..9410e353c6
--- /dev/null
+++ b/main/libid3tag/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=libid3tag
+pkgver=0.15.1b
+pkgrel=0
+pkgdesc="id3 tagger for mp3"
+url="http://www.underbit.com/products/mad/"
+license="GPL"
+depends="zlib"
+makedepends="uclibc++-dev zlib-dev"
+install=
+subpackages="$pkgname-dev"
+source="ftp://ftp.mars.org/pub/mpeg/libid3tag-0.15.1b.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="e5808ad997ba32c498803822078748c3  libid3tag-0.15.1b.tar.gz"
diff --git a/main/libidn/APKBUILD b/main/libidn/APKBUILD
new file mode 100644
index 0000000000..afcb59c788
--- /dev/null
+++ b/main/libidn/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libidn
+pkgver=1.15
+pkgrel=0
+pkgdesc="An encode and decode library for internationalized domain names"
+url="http://www.gnu.org/software/libidn/"
+license="GPL"
+depends=
+makedepends=""
+install=
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://ftp.gnu.org/gnu/libidn/$pkgname-$pkgver.tar.gz"
+	
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="482a25b7b223e52f967fafd284a1a992  libidn-1.15.tar.gz"
diff --git a/main/libksba/APKBUILD b/main/libksba/APKBUILD
new file mode 100644
index 0000000000..ae100b6210
--- /dev/null
+++ b/main/libksba/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libksba
+pkgver=1.0.3
+pkgrel=0
+pkgdesc="Libksba is a CMS and X.509 access library"
+url="ftp://ftp.gnupg.org/gcrypt/alpha/libksba"
+license="GPL"
+depends=
+makedepends="libgpg-error-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="91682491186d4ed43fff351aab2f5aad  libksba-1.0.3.tar.bz2"
diff --git a/main/libmcrypt/APKBUILD b/main/libmcrypt/APKBUILD
new file mode 100644
index 0000000000..905d880f6f
--- /dev/null
+++ b/main/libmcrypt/APKBUILD
@@ -0,0 +1,24 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=libmcrypt
+pkgver=2.5.8
+pkgrel=0
+pkgdesc="A library which provides a uniform interface to several symmetric encryption algorithms"
+url="http://mcrypt.sourceforge.net/"
+license="GPL"
+depends="uclibc"
+makedepends="libtool uclibc++-dev"
+install=
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://downloads.sourceforge.net/mcrypt/${pkgname}-${pkgver}.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man 
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="c4f491dd411a09e9de3b8702ea6f73eb  libmcrypt-2.5.8.tar.bz2"
diff --git a/main/libnet/APKBUILD b/main/libnet/APKBUILD
new file mode 100644
index 0000000000..e756acc0ec
--- /dev/null
+++ b/main/libnet/APKBUILD
@@ -0,0 +1,36 @@
+# Contributor: Mika Havela <mika.havela@gmail.com>
+# Maintainer: Your Name <youremail@domain.com>
+pkgname=libnet
+pkgver=1.1.2.1
+pkgrel=0
+pkgdesc="A generic networking API that provides access to several protocols."
+url="http://www.packetfactory.net/libnet/"
+license="BSD"
+depends="uclibc"
+makedepends="autoconf automake libtool"
+subpackages="$pkgname-dev"
+source="http://www.packetfactory.net/libnet/dist/$pkgname-$pkgver.tar.gz
+	libnet-1.1.2.1-autotools.patch
+	libnet-1.1.2.1-fix-chksum.patch
+	"
+
+build() {
+	local i
+	cd "$srcdir/$pkgname"
+	for i in ../*.patch; do
+		msg "Applyting $i"
+		patch -p1 < $i || return 1
+	done
+
+	aclocal 
+	libtoolize --force || return 1
+	autoconf && automake || return 1
+
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="be845c41170d72c7db524f3411b50256  libnet-1.1.2.1.tar.gz
+7e928170600bea8ed4a0d079b83c80ac  libnet-1.1.2.1-autotools.patch
+668189bf87cda8daeaf250146bd88331  libnet-1.1.2.1-fix-chksum.patch"
diff --git a/main/libnet/libnet-1.1.2.1-autotools.patch b/main/libnet/libnet-1.1.2.1-autotools.patch
new file mode 100644
index 0000000000..0f4c65094d
--- /dev/null
+++ b/main/libnet/libnet-1.1.2.1-autotools.patch
@@ -0,0 +1,79 @@
+Patch ripped from Debian.  Add support for building a shared 
+libnet library (for PIC loving).  Also fixes typo for installing 
+the libnet-config script.
+
+http://bugs.gentoo.org/show_bug.cgi?id=82926
+
+--- libnet-1.1.2.1.orig/src/Makefile.am
++++ libnet-1.1.2.1/src/Makefile.am
+@@ -8,9 +8,9 @@
+ 
+ include $(top_srcdir)/Makefile.am.common
+ 
+-lib_LIBRARIES = libnet.a
++lib_LTLIBRARIES = libnet.la
+ 
+-libnet_a_SOURCES = libnet_asn1.c \
++libnet_la_SOURCES = libnet_asn1.c \
+ 			libnet_build_802.1q.c \
+ 			libnet_build_802.1x.c \
+ 			libnet_build_802.2.c \
+@@ -57,15 +57,20 @@
+ 			libnet_version.c \
+ 			libnet_write.c
+ 
+-EXTRA_libnet_a_SOURCES = libnet_link_bpf.c \
+-			libnet_link_dlpi.c \
+-			libnet_link_linux.c \
+-			libnet_link_nit.c \
+- 			libnet_link_none.c \
+-			libnet_link_pf.c \
+-			libnet_link_snit.c \
+-			libnet_link_snoop.c \
+-			libnet_link_win32.c
+-
+-libnet_a_LIBADD = @LIBOBJS@
++libnet_la_LIBADD = @LTLIBOBJS@
+ 
++#   Here are a set of rules to help you update your library version
++# information:
++# 
++#   1. If the library source code has changed at all since the last
++#      update, then increment REVISION (`C:R:A' becomes `C:r+1:A').
++# 
++#   2. If any interfaces have been added, removed, or changed since the
++#      last update, increment CURRENT, and set REVISION to 0.
++# 
++#   3. If any interfaces have been added since the last public release,
++#      then increment AGE.
++# 
++#   4. If any interfaces have been removed since the last public release,
++#      then set AGE to 0.
++libnet_la_LDFLAGS = -version-info 4:0:3 # CURRENT[:REVISION[:AGE]]
+--- libnet-1.1.2.1.orig/configure.in
++++ libnet-1.1.2.1/configure.in
+@@ -21,7 +21,7 @@
+ dnl
+ AC_PROG_CC
+ AC_PROG_INSTALL
+-AC_PROG_RANLIB
++AC_PROG_LIBTOOL
+ 
+ AC_CHECK_HEADERS(sys/sockio.h)
+ 
+--- libnet-1.1.2.1.orig/Makefile.am
++++ libnet-1.1.2.1/Makefile.am
+@@ -12,4 +12,4 @@
+ 
+ EXTRA_DIST = Makefile.am.common
+ 
+-bin_scripts = libnet-config
++bin_SCRIPTS = libnet-config
+--- libnet-1.1.2.1.orig/sample/Makefile.am
++++ libnet-1.1.2.1/sample/Makefile.am
+@@ -60,4 +60,4 @@
+ ip_link_SOURCES		= ip_link.c
+ sebek_SOURCES           = sebek.c
+ 
+-LDADD = $(top_srcdir)/src/libnet.a
++LDADD = $(top_srcdir)/src/libnet.la
diff --git a/main/libnet/libnet-1.1.2.1-fix-chksum.patch b/main/libnet/libnet-1.1.2.1-fix-chksum.patch
new file mode 100644
index 0000000000..e6f9bbc6dd
--- /dev/null
+++ b/main/libnet/libnet-1.1.2.1-fix-chksum.patch
@@ -0,0 +1,27 @@
+Fix a bug in chksum calculation for odd sized UDP packets.
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=284729
+
+--- libnet-1.1.2.1/src/libnet_checksum.c
++++ libnet-1.1.2.1/src/libnet_checksum.c
+@@ -42,8 +42,10 @@
+ libnet_in_cksum(u_int16_t *addr, int len)
+ {
+     int sum;
++    u_int16_t last_byte;
+ 
+     sum = 0;
++    last_byte = 0;
+ 
+     while (len > 1)
+     {
+@@ -52,7 +54,8 @@
+     }
+     if (len == 1)
+     {
+-        sum += *(u_int16_t *)addr;
++        *(u_int8_t*)&last_byte = *(u_int8_t*)addr;
++        sum += last_byte;
+     }
+ 
+     return (sum);
diff --git a/main/libnetfilter_conntrack/APKBUILD b/main/libnetfilter_conntrack/APKBUILD
new file mode 100644
index 0000000000..7f3aee35a9
--- /dev/null
+++ b/main/libnetfilter_conntrack/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libnetfilter_conntrack
+pkgver=0.0.99
+pkgrel=0
+pkgdesc="programming interface (API) to the in-kernel connection tracking state table"
+url="http://www.netfilter.org/projects/libnetfilter_conntrack/"
+license="GPL-2"
+depends="uclibc libnfnetlink"
+makedepends="pkgconfig libnfnetlink-dev"
+subpackages="$pkgname-dev"
+source="http://www.netfilter.org/projects/$pkgname/files/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="960c3d347d7f4e3fe7437aa198f36e6e  libnetfilter_conntrack-0.0.99.tar.bz2"
diff --git a/main/libnfnetlink/APKBUILD b/main/libnfnetlink/APKBUILD
new file mode 100644
index 0000000000..63519aec0c
--- /dev/null
+++ b/main/libnfnetlink/APKBUILD
@@ -0,0 +1,24 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libnfnetlink
+pkgver=0.0.41
+pkgrel=0
+pkgdesc="low-level library for netfilter related kernel/userspace communication"
+url="http://www.netfilter.org/projects/libnfnetlink/"
+license="GPL-2"
+depends="uclibc"
+makedepends=""
+subpackages="$pkgname-dev"
+source="http://www.netfilter.org/projects/libnfnetlink/files/libnfnetlink-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="5d844ea1f557bad0364d5b85cd10c796  libnfnetlink-0.0.41.tar.bz2"
diff --git a/main/libogg/APKBUILD b/main/libogg/APKBUILD
new file mode 100644
index 0000000000..8cfbf96871
--- /dev/null
+++ b/main/libogg/APKBUILD
@@ -0,0 +1,25 @@
+# Contributor: Mika Havela <mika.havela@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+pkgname=libogg
+pkgver=1.1.3
+pkgrel=0
+pkgdesc="Ogg bitstream and framing library"
+url="http://xiph.org/ogg/"
+license="as-is"
+depends=
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://downloads.xiph.org/releases/ogg/$pkgname-$pkgver.tar.gz
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+
+md5sums="eaf7dc6ebbff30975de7527a80831585  libogg-1.1.3.tar.gz"
diff --git a/main/libogg/nocxx.patch b/main/libogg/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/libogg/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/libpcap/APKBUILD b/main/libpcap/APKBUILD
new file mode 100644
index 0000000000..ebe0996161
--- /dev/null
+++ b/main/libpcap/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libpcap
+pkgver=1.0.0
+pkgrel=1
+pkgdesc="A system-independent interface for user-level packet capture"
+url="http://www.tcpdump.org/"
+license="BSD"
+depends="uclibc"
+makedepends="bison flex"
+source="http://www.tcpdump.org/release/$pkgname-$pkgver.tar.gz
+	$pkgname-1.0.0-LDFLAGS.patch
+	$pkgname-any.patch"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build () 
+{ 
+	cd ${startdir}/src/${pkgname}-${pkgver}
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 -i $i || return 1
+	done
+
+	./configure --prefix=/usr --enable-ipv6
+
+	make all shared || return 1
+	mkdir -p "$pkgdir/usr/bin"
+	make -j1 DESTDIR="$pkgdir" install install-shared
+
+#	mkdir -p ${startdir}/pkg/usr/include/net
+#	cd ${startdir}/pkg/usr/include/net
+#	ln -s ../pcap-bpf.h bpf.h
+}
+md5sums="9ad1358c5dec48456405eac197a46d3d  libpcap-1.0.0.tar.gz
+2bf7e986980c6e5d99758ba55b48d706  libpcap-1.0.0-LDFLAGS.patch
+1e6b01c4f283b497e81e137c3f35e744  libpcap-any.patch"
diff --git a/main/libpcap/libpcap-1.0.0-LDFLAGS.patch b/main/libpcap/libpcap-1.0.0-LDFLAGS.patch
new file mode 100644
index 0000000000..b2fe8d6fc1
--- /dev/null
+++ b/main/libpcap/libpcap-1.0.0-LDFLAGS.patch
@@ -0,0 +1,13 @@
+=== modified file 'Makefile.in'
+--- a/Makefile.in	2008-11-04 18:53:20 +0000
++++ b/Makefile.in	2008-11-04 18:53:49 +0000
+@@ -328,7 +328,7 @@
+ #
+ libpcap.so: $(OBJ)
+ 	@rm -f $@
+-	$(CC) -shared -Wl,-soname,$@.1 -o $@.`cat $(srcdir)/VERSION` $(OBJ) $(DAGLIBS)
++	$(CC) -shared $(LDFLAGS) -Wl,-soname,$@.1 -o $@.`cat $(srcdir)/VERSION` $(OBJ) $(DAGLIBS)
+ 
+ #
+ # The following rule succeeds, but the result is untested.
+
diff --git a/main/libpcap/libpcap-any.patch b/main/libpcap/libpcap-any.patch
new file mode 100644
index 0000000000..7754513b88
--- /dev/null
+++ b/main/libpcap/libpcap-any.patch
@@ -0,0 +1,157 @@
+commit 8fa17a5a554aaeb85d3ec4118b45a31f1efd6808
+Author: guy <guy>
+Date:   Wed Nov 19 08:20:39 2008 +0000
+
+    Fix the handling of the "any" device, including making it reject
+    attempts to open it in monitor mode.
+
+diff --git a/pcap-linux.c b/pcap-linux.c
+index 2a92d30..b18c4d2 100644
+--- a/pcap-linux.c
++++ b/pcap-linux.c
+@@ -297,6 +297,12 @@ pcap_create(const char *device, char *ebuf)
+ {
+ 	pcap_t *handle;
+ 
++	/*
++	 * A null device name is equivalent to the "any" device.
++	 */
++	if (device == NULL)
++		device = "any";
++
+ #ifdef HAVE_DAG_API
+ 	if (strstr(device, "dag")) {
+ 		return dag_create(device, ebuf);
+@@ -338,10 +344,9 @@ pcap_can_set_rfmon_linux(pcap_t *p)
+ 	struct iwreq ireq;
+ #endif
+ 
+-	if (p->opt.source == NULL) {
++	if (strcmp(p->opt.source, "any") == 0) {
+ 		/*
+-		 * This is equivalent to the "any" device, and we don't
+-		 * support monitor mode on it.
++		 * Monitor mode makes no sense on the "any" device.
+ 		 */
+ 		return 0;
+ 	}
+@@ -518,12 +523,11 @@ pcap_activate_linux(pcap_t *handle)
+ 	handle->stats_op = pcap_stats_linux;
+ 
+ 	/*
+-	 * NULL and "any" are special devices which give us the hint to
+-	 * monitor all devices.
++	 * The "any" device is a special device which causes us not
++	 * to bind to a particular device and thus to look at all
++	 * devices.
+ 	 */
+-	if (!device || strcmp(device, "any") == 0) {
+-		device			= NULL;
+-		handle->md.device	= strdup("any");
++	if (strcmp(device, "any") == 0) {
+ 		if (handle->opt.promisc) {
+ 			handle->opt.promisc = 0;
+ 			/* Just a warning. */
+@@ -531,10 +535,9 @@ pcap_activate_linux(pcap_t *handle)
+ 			    "Promiscuous mode not supported on the \"any\" device");
+ 			status = PCAP_WARNING_PROMISC_NOTSUP;
+ 		}
++	}
+ 
+-	} else
+-		handle->md.device	= strdup(device);
+-
++	handle->md.device	= strdup(device);
+ 	if (handle->md.device == NULL) {
+ 		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "strdup: %s",
+ 			 pcap_strerror(errno) );
+@@ -1657,19 +1660,21 @@ static int
+ activate_new(pcap_t *handle)
+ {
+ #ifdef HAVE_PF_PACKET_SOCKETS
++	const char		*device = handle->opt.source;
++	int			is_any_device = (strcmp(device, "any") == 0);
+ 	int			sock_fd = -1, arptype, val;
+ 	int			err = 0;
+ 	struct packet_mreq	mr;
+-	const char* device = handle->opt.source;
+ 
+ 	/*
+-	 * Open a socket with protocol family packet. If a device is
+-	 * given we try to open it in raw mode otherwise we use
+-	 * the cooked interface.
++	 * Open a socket with protocol family packet. If the
++	 * "any" device was specified, we open a SOCK_DGRAM
++	 * socket for the cooked interface, otherwise we first
++	 * try a SOCK_RAW socket for the raw interface.
+ 	 */
+-	sock_fd = device ?
+-		socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL))
+-	      : socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL));
++	sock_fd = is_any_device ?
++		socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_ALL)) :
++		socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL));
+ 
+ 	if (sock_fd == -1) {
+ 		snprintf(handle->errbuf, PCAP_ERRBUF_SIZE, "socket: %s",
+@@ -1704,7 +1709,7 @@ activate_new(pcap_t *handle)
+ 	 * to cooked mode if we have an unknown interface type
+ 	 * or a type we know doesn't work well in raw mode.
+ 	 */
+-	if (device) {
++	if (!is_any_device) {
+ 		/* Assume for now we don't need cooked mode. */
+ 		handle->md.cooked = 0;
+ 
+@@ -1819,15 +1824,23 @@ activate_new(pcap_t *handle)
+ 		}
+ 	} else {
+ 		/*
+-		 * This is cooked mode.
++		 * The "any" device.
++		 */
++		if (handle->opt.rfmon) {
++			/*
++			 * It doesn't support monitor mode.
++			 */
++			return PCAP_ERROR_RFMON_NOTSUP;
++		}
++
++		/*
++		 * It uses cooked mode.
+ 		 */
+ 		handle->md.cooked = 1;
+ 		handle->linktype = DLT_LINUX_SLL;
+ 
+ 		/*
+ 		 * We're not bound to a device.
+-		 * XXX - true?  Or true only if we're using
+-		 * the "any" device?
+ 		 * For now, we're using this as an indication
+ 		 * that we can't transmit; stop doing that only
+ 		 * if we figure out how to transmit in cooked
+@@ -1852,10 +1865,13 @@ activate_new(pcap_t *handle)
+ 
+ 	/*
+ 	 * Hmm, how can we set promiscuous mode on all interfaces?
+-	 * I am not sure if that is possible at all.
++	 * I am not sure if that is possible at all.  For now, we
++	 * silently ignore attempts to turn promiscuous mode on
++	 * for the "any" device (so you don't have to explicitly
++	 * disable it in programs such as tcpdump).
+ 	 */
+ 
+-	if (device && handle->opt.promisc) {
++	if (!is_any_device && handle->opt.promisc) {
+ 		memset(&mr, 0, sizeof(mr));
+ 		mr.mr_ifindex = handle->md.ifindex;
+ 		mr.mr_type    = PACKET_MR_PROMISC;
+@@ -3118,7 +3134,7 @@ activate_old(pcap_t *handle)
+ 
+ 	/* Bind to the given device */
+ 
+-	if (!device) {
++	if (strcmp(device, "any") == 0) {
+ 		strncpy(handle->errbuf, "pcap_activate: The \"any\" device isn't supported on 2.0[.x]-kernel systems",
+ 			PCAP_ERRBUF_SIZE);
+ 		return PCAP_ERROR;
diff --git a/main/libpng/APKBUILD b/main/libpng/APKBUILD
new file mode 100644
index 0000000000..3d97159ebc
--- /dev/null
+++ b/main/libpng/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=libpng
+pkgver=1.2.37
+pkgrel=0
+pkgdesc="Portable Network Graphics library"
+url="http://www.libpng.org/"
+license="GPL"
+depends=
+makedepends="zlib-dev"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+
+depends_dev="zlib-dev"
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -Dm644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE || return 1
+}
+
+md5sums="7480dbbf9f6c3297faf6fe52ec9b91ab  libpng-1.2.37.tar.gz"
diff --git a/main/libpri/APKBUILD b/main/libpri/APKBUILD
new file mode 100644
index 0000000000..d4d90a8103
--- /dev/null
+++ b/main/libpri/APKBUILD
@@ -0,0 +1,33 @@
+# Contributor: Timo Teras <timo.teras@iki.fi>
+# Maintainer: Timo Teras <timo.teras@iki.fi>
+pkgname=libpri
+pkgver=1.4.9
+pkgrel=1
+pkgdesc="Primary Rate ISDN (PRI) library"
+url="http://www.asterisk.orig"
+license="GPL"
+depends=""
+makedepends=""
+install=
+subpackages="$pkgname-dev"
+source="http://downloads.digium.com/pub/telephony/libpri/releases/$pkgname-$pkgver.tar.gz
+	libpri-cflags.patch
+	libpri-1.4.9-i14292.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1;
+	done
+
+	make LDCONFIG="echo" || return 1
+	make LDCONFIG="echo" INSTALL_PREFIX="$pkgdir" install
+
+	# install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	# install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+
+md5sums="97332edeaa2de0320d85fda88afb96f9  libpri-1.4.9.tar.gz
+8df2ca48ce7db4f1a8604b0904bc9394  libpri-cflags.patch
+240e4057980c88f2c2576c5c25744c70  libpri-1.4.9-i14292.patch"
diff --git a/main/libpri/libpri-1.4.9-i14292.patch b/main/libpri/libpri-1.4.9-i14292.patch
new file mode 100644
index 0000000000..27ed1b8d43
--- /dev/null
+++ b/main/libpri/libpri-1.4.9-i14292.patch
@@ -0,0 +1,5668 @@
+Index: .version
+===================================================================
+--- a/.version	(.../tags/1.4.9)	(revision 700)
++++ b/.version	(.../team/group/issue14292)	(revision 700)
+@@ -1 +1 @@
+-1.4.9
++1.4.9-issue14292
+Index: pri_facility.c
+===================================================================
+--- a/pri_facility.c	(.../tags/1.4.9)	(revision 700)
++++ b/pri_facility.c	(.../team/group/issue14292)	(revision 700)
+@@ -171,7 +171,7 @@
+ 
+ struct addressingdataelements_presentednumberunscreened {
+ 	char partyaddress[21];
+-	char partysubaddress[21];
++	char notused[21];
+ 	int  npi;       /* Numbering Plan Indicator */
+ 	int  ton;       /* Type Of Number */
+ 	int  pres;      /* Presentation */
+@@ -179,6 +179,15 @@
+ 
+ struct addressingdataelements_presentednumberscreened {
+ 	char partyaddress[21];
++	char notused[21];
++	int  npi;       /* Numbering Plan Indicator */
++	int  ton;       /* Type Of Number */
++	int  pres;      /* Presentation */
++	int  scrind;    /* Screening Indicator */
++};
++
++struct addressingdataelements_presentedaddressscreened {
++	char partyaddress[21];
+ 	char partysubaddress[21];
+ 	int  npi;       /* Numbering Plan Indicator */
+ 	int  ton;       /* Type Of Number */
+@@ -186,6 +195,35 @@
+ 	int  scrind;    /* Screening Indicator */
+ };
+ 
++struct addressingdataelements_addressscreened {
++	char partyaddress[21];
++	char partysubaddress[21];
++	int  npi;       /* Numbering Plan Indicator */
++	int  ton;       /* Type Of Number */
++	int  notused;
++	int  scrind;    /* Screening Indicator */
++};
++
++struct addressingdataelements_partysubaddress {
++	char notused[21];
++	char partysubaddress[21];
++};
++
++struct nameelements_name {
++	char name[51];
++	int  characterset;
++	int  namepres;
++};
++
++struct nameelements_nameset {
++	char name[51];
++	int  characterset;
++};
++
++struct nameelements_namedata {
++	char name[51];
++};
++
+ #define PRI_CHECKOVERFLOW(size) \
+ 		if (msgptr - message + (size) >= sizeof(message)) { \
+ 			*msgptr = '\0'; \
+@@ -225,6 +263,92 @@
+ }
+ #undef PRI_CHECKOVERFLOW
+ 
++static const char *namepres_to_str(int namepres)
++{
++	return (namepres == 0) ? "Restricted" : "Allowed";
++}
++
++static const char *characterset_to_str(int characterset)
++{
++	switch (characterset) {
++	case CHARACTER_SET_UNKNOWN:
++		return "Unknown";
++	case CHARACTER_SET_ISO8859_1:
++		return "ISO8859-1";
++	case CHARACTER_SET_ISO8859_2:
++		return "ISO8859-2";
++	case CHARACTER_SET_ISO8859_3:
++		return "ISO8859-3";
++	case CHARACTER_SET_ISO8859_4:
++		return "ISO8859-4";
++	case CHARACTER_SET_ISO8859_5:
++		return "ISO8859-5";
++	case CHARACTER_SET_ISO8859_7:
++		return "ISO8859-7";
++	default:
++		return "illegal value";
++	}
++}
++
++static const char *diversionreason_to_str(struct pri *pri, int diversionreason)
++{
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		switch (diversionreason) {
++		case QSIG_DIVERT_REASON_UNKNOWN:
++			return "Unknown";
++		case QSIG_DIVERT_REASON_CFU:
++			return "Call Forwarding Unconditional";
++		case QSIG_DIVERT_REASON_CFB:
++			return "Call Forwarding Busy";
++		case QSIG_DIVERT_REASON_CFNR:
++			return "Call Forwarding No Reply";
++		default:
++			return "invalid value";
++		}
++	} else {
++		switch(diversionreason) {
++		case Q952_DIVERT_REASON_UNKNOWN:
++			return "Unknown";
++		case Q952_DIVERT_REASON_CFU:
++			return "Call Forwarding Unconditional";
++		case Q952_DIVERT_REASON_CFB:
++			return "Call Forwarding Busy";
++		case Q952_DIVERT_REASON_CFNR:
++			return "Call Forwarding No Reply";
++		case Q952_DIVERT_REASON_CD:
++			return "Call Deflection";
++		case Q952_DIVERT_REASON_IMMEDIATE:
++			return "Call Deflection Immediate";
++		default:
++			return "invalid value";
++		}
++	}
++}
++
++static const char *callstatus_to_str(int callstatus)
++{
++	switch (callstatus) {
++	case 0:
++		return "answered";
++	case 1:
++		return "alerting";
++	default:
++		return "illegal value";
++	}
++}
++
++static const char *enddesignation_to_str(int enddesignation)
++{
++	switch (enddesignation) {
++	case 0:
++		return "primaryEnd";
++	case 1:
++		return "secondaryEnd";
++	default:
++		return "illegal value";
++	}
++}
++
+ int redirectingreason_from_q931(struct pri *pri, int redirectingreason)
+ {
+ 	switch(pri->switchtype) {
+@@ -350,8 +474,25 @@
+ 	}
+ }
+ 
+-int asn1_name_decode(void * data, int len, char *namebuf, int buflen)
++static int presentation_to_subscription(struct pri *pri, int presentation)
+ {
++	/* derive subscription value from presentation value */
++
++	switch (presentation & PRES_RESTRICTION) {
++	case PRES_ALLOWED:
++		return QSIG_NOTIFICATION_WITH_DIVERTED_TO_NR;
++	case PRES_RESTRICTED:
++		return QSIG_NOTIFICATION_WITHOUT_DIVERTED_TO_NR;
++	case PRES_UNAVAILABLE:			/* Number not available due to interworking */
++		return QSIG_NOTIFICATION_WITHOUT_DIVERTED_TO_NR;	/* ?? QSIG_NO_NOTIFICATION */
++	default:
++		pri_message(pri, "!! Unknown Q.SIG presentationIndicator 0x%02x\n", presentation);
++		return QSIG_NOTIFICATION_WITHOUT_DIVERTED_TO_NR;
++	}
++}
++
++int asn1_name_decode(void *data, int len, char *namebuf, int buflen)
++{
+ 	struct rose_component *comp = (struct rose_component*)data;
+ 	int datalen = 0, res = 0;
+ 
+@@ -361,11 +502,13 @@
+ 	} else
+ 		datalen = res = comp->len;
+ 
+-	if (datalen > buflen) {
++	if (datalen > buflen - 1) {
+ 		/* Truncate */
+ 		datalen = buflen;
+ 	}
+ 	memcpy(namebuf, comp->data, datalen);
++	namebuf[datalen] = '\0';
++
+ 	return res + 2;
+ }
+ 
+@@ -407,42 +550,230 @@
+ 	return res;
+ }
+ 
+-static int rose_number_digits_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
++static int rose_namedata_decode(struct pri *pri, unsigned char *data, int len, int implicit, struct nameelements_namedata *value)
+ {
+ 	int i = 0;
+ 	struct rose_component *comp = NULL;
+ 	unsigned char *vdata = data;
+-	int datalen = 0;
+-	int res = 0;
++	int res;
+ 
+ 	do {
++		/* NameData */
++		if (!implicit) {
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_OCTETSTRING, "Don't know what to do if NameData is of type 0x%x\n");
++
++			data = comp->data;
++			if (comp->len == ASN1_LEN_INDEF) {
++				len = strlen((char *)comp->data);
++				res = len + 2 + 2;
++			} else {
++				len = comp->len;
++				res = len + 2;
++			}
++		} else
++			res = len;
++
++		if (len > sizeof(value->name)-1) {
++			pri_message(pri, "!! Oversized NameData component (%d)\n", len);
++			return -1;
++		}
++
++		memcpy(value->name, data, len);
++		value->name[len] = '\0';
++
++		return res;
++	}
++	while(0);
++
++	return -1;
++}
++
++static int rose_namedata_encode(struct pri *pri, unsigned char *dst, int implicit, char *name)
++{
++	int size = 0;
++	struct rose_component *comp;
++	int namesize;
++
++	namesize = strlen(name);
++	if (namesize > 50 ) {
++		pri_message(pri, "!! Encoding of oversized NameData component failed (%d)\n", namesize);
++		return -1;
++	} else if (namesize == 0){
++		pri_message(pri, "!! Encoding of undersized NameData component failed (%d)\n", namesize);
++		return -1;
++	}
++
++	if (!implicit) {
++		/* constructor component  (0x04,len) */
++		comp = (struct rose_component *)dst;
++		comp->type = ASN1_OCTETSTRING;
++		comp->len = 2 + namesize;
++		size += 2;
++		dst += 2;
++	}
++
++	memcpy(dst, name, namesize);
++	size += namesize;
++
++	return size;
++}
++
++static int rose_nameset_decode(struct pri *pri, unsigned char *data, int len, int implicit, struct nameelements_nameset *value)
++{
++	int size;
++	int i = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++ 	int characterset;
++
++	value->characterset = CHARACTER_SET_ISO8859_1;
++
++	do {
++		/* NameSet */
++		if (!implicit) {
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_SEQUENCE, "Don't know what to do if NameSet is of type 0x%x\n");
++			SUB_COMPONENT(comp, i);
++		}
++
++		/* nameData NameData */
+ 		GET_COMPONENT(comp, i, vdata, len);
+-		CHECK_COMPONENT(comp, ASN1_NUMERICSTRING, "Don't know what to do with PublicPartyNumber ROSE component type 0x%x\n");
+-		if(comp->len > 20 && comp->len != ASN1_LEN_INDEF) {
+-			pri_message(pri, "!! Oversized NumberDigits component (%d)\n", comp->len);
++		size = rose_namedata_decode(pri, (u_int8_t *)comp, len, 0, (struct nameelements_namedata *)value);
++		if (size < 0)
+ 			return -1;
++		i += size;
++
++		if (i < len) {
++			/* characterSet CharacterSet OPTIONAL */
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_INTEGER, "Don't know what to do if CharacterSet is of type 0x%x\n");
++			ASN1_GET_INTEGER(comp, characterset);
++			NEXT_COMPONENT(comp, i);
++			if (pri->debug & PRI_DEBUG_APDU)
++				pri_message(pri, "     NameSet: Received characterSet=%s(%d)\n", characterset_to_str(characterset), characterset);
++			value->characterset = characterset;
+ 		}
+-		if (comp->len == ASN1_LEN_INDEF) {
+-			datalen = strlen((char *)comp->data);
+-			res = datalen + 2;
+-		} else
+-			res = datalen = comp->len;
+-			
+-		memcpy(value->partyaddress, comp->data, datalen);
+-		value->partyaddress[datalen] = '\0';
+ 
+-		return res + 2;
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     NameSet: '%s', characterSet=%s(%d) i=%d len=%d\n", value->name, characterset_to_str(value->characterset), value->characterset, i, len);
++
++		return i;
+ 	}
+ 	while(0);
+ 	
+ 	return -1;
+ }
+ 
+-static int rose_public_party_number_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
++static int rose_name_decode(struct pri *pri, unsigned char *data, int len, struct nameelements_name *value)
+ {
+ 	int i = 0;
++	int size = 0;
+ 	struct rose_component *comp = NULL;
+ 	unsigned char *vdata = data;
++
++	value->name[0] = '\0';
++	value->characterset = CHARACTER_SET_UNKNOWN;
++	value->namepres = -1;
++
++	do {
++		GET_COMPONENT(comp, i, vdata, len);
++
++		switch(comp->type) {
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):			/* [0] namePresentationAllowedSimple */
++			size = rose_namedata_decode(pri, comp->data, comp->len, 1, (struct nameelements_namedata *)value);
++			if (size < 0)
++				return -1;
++			i += (size + 2);
++			value->characterset = CHARACTER_SET_ISO8859_1;
++			value->namepres = 1;
++			break;
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):	/* [1] namePresentationAllowedExtended */
++			size = rose_nameset_decode(pri, comp->data, comp->len, 1, (struct nameelements_nameset *)value);
++			if (size < 0)
++				return -1;
++			i += (size + 2);
++			value->namepres = 1;
++			break;
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2):			/* [2] namePresentationRestrictedSimple */
++			size = rose_namedata_decode(pri, comp->data, comp->len, 1, (struct nameelements_namedata *)value);
++			if (size < 0)
++				return -1;
++			i += (size + 2);
++			value->characterset = CHARACTER_SET_ISO8859_1;
++			value->namepres = 0;
++			break;
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):	/* [3] namePresentationRestrictedExtended */
++			size = rose_nameset_decode(pri, comp->data, comp->len, 1, (struct nameelements_nameset *)value);
++			if (size < 0)
++				return -1;
++			i += (size + 2);
++			value->namepres = 0;
++			break;
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_4):			/* [4] nameNotAvailable */
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_7):			/* [7] namePresentationRestrictedNull */
++			i += (comp->len + 2);
++			value->name[0] = '\0';
++			value->characterset = CHARACTER_SET_UNKNOWN;
++			value->namepres = 0;
++			break;
++		default:
++			pri_message(pri, "!! Unknown Name component received 0x%x\n", comp->type);
++			return -1;
++		}
++
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     Name: '%s' i=%d len=%d\n", value->name, i, len);
++		return i;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_number_digits_decode(struct pri *pri, unsigned char *data, int len, int implicit, struct addressingdataelements_presentednumberunscreened *value)
++{
++	int i = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++	int res = 0;
++
++	do {
++		if (!implicit) {
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_NUMERICSTRING, "Don't know what to do with NumberDigits ROSE component type 0x%x\n");
++
++			data = comp->data;
++			if (comp->len == ASN1_LEN_INDEF) {
++				len = strlen((char *)comp->data);
++				res = len + 2 + 2;
++			} else {
++				len = comp->len;
++				res = len + 2;
++			}
++		} else
++			res = len;
++
++		if (len > sizeof(value->partyaddress)-1) {
++			pri_message(pri, "!! Oversized NumberDigits component (%d)\n", len);
++			return -1;
++		}
++
++		memcpy(value->partyaddress, data, len);
++		value->partyaddress[len] = '\0';
++
++		return res;
++	}
++	while(0);
++
++	return -1;
++}
++
++static int rose_public_party_number_decode(struct pri *pri, unsigned char *data, int len, int implicit, struct addressingdataelements_presentednumberunscreened *value)
++{
++	int i = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
+ 	int ton;
+ 	int res = 0;
+ 
+@@ -450,13 +781,19 @@
+ 		return -1;
+ 
+ 	do {
++		if (!implicit) {
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_SEQUENCE, "Don't know what to do if PublicPartyNumber is of type 0x%x\n");
++			SUB_COMPONENT(comp, i);
++		}
++
+ 		GET_COMPONENT(comp, i, vdata, len);
+ 		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Don't know what to do with PublicPartyNumber ROSE component type 0x%x\n");
+ 		ASN1_GET_INTEGER(comp, ton);
+ 		NEXT_COMPONENT(comp, i);
+ 		ton = typeofnumber_for_q931(pri, ton);
+ 
+-		res = rose_number_digits_decode(pri, call, &vdata[i], len-i, value);
++		res = rose_number_digits_decode(pri, &vdata[i], len-i, 0, value);
+ 		if (res < 0)
+ 			return -1;
+ 		value->ton = ton;
+@@ -467,8 +804,48 @@
+ 	return -1;
+ }
+ 
+-static int rose_private_party_number_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
++static int rose_public_party_number_encode(struct pri *pri, unsigned char *dst, int implicit, unsigned char ton, char *num)
+ {
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	int numsize;
++
++	numsize = strlen(num);
++	if (numsize > 20 ) {
++		pri_message(pri, "!! Encoding of oversized PublicPartyNumber component failed (%d)\n", numsize);
++		return -1;
++	}
++
++	if (!implicit) {
++		/* constructor component  (0x30,len) */
++		ASN1_ADD_SIMPLE(comp, (ASN1_CONSTRUCTOR | ASN1_SEQUENCE), dst, i);
++		ASN1_PUSH(compstk, compsp, comp);
++	} else
++		comp = (struct rose_component *)dst;
++
++	/* publicTypeOfNumber   (0x0a,0x01,ton)*/
++	ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, dst, i, ton);
++
++	/* publicNumberDigits */
++
++	/* tag component NumericString  (0x12,len) */
++	ASN1_ADD_SIMPLE(comp, ASN1_NUMERICSTRING, dst, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* NumericString */
++	memcpy(comp->data, num, numsize);
++	i += numsize;
++
++	ASN1_FIXUP(compstk, compsp, dst, i);
++
++	if (!implicit)
++		ASN1_FIXUP(compstk, compsp, dst, i);
++
++	return i;
++}
++
++static int rose_private_party_number_decode(struct pri *pri, unsigned char *data, int len, int implicit, struct addressingdataelements_presentednumberunscreened *value)
++{
+ 	int i = 0;
+ 	struct rose_component *comp = NULL;
+ 	unsigned char *vdata = data;
+@@ -476,18 +853,24 @@
+ 	int res = 0;
+ 
+ 	if (len < 2)
+-	return -1;
++		return -1;
+ 
+ 	do {
++		if (!implicit) {
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_SEQUENCE, "Don't know what to do if PrivatePartyNumber is of type 0x%x\n");
++			SUB_COMPONENT(comp, i);
++		}
++
+ 		GET_COMPONENT(comp, i, vdata, len);
+ 		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Don't know what to do with PrivatePartyNumber ROSE component type 0x%x\n");
+ 		ASN1_GET_INTEGER(comp, ton);
+ 		NEXT_COMPONENT(comp, i);
+ 		ton = typeofnumber_for_q931(pri, ton);
+ 
+-		res = rose_number_digits_decode(pri, call, &vdata[i], len-i, value);
++		res = rose_number_digits_decode(pri, &vdata[i], len-i, 0, value);
+ 		if (res < 0)
+-		  return -1;
++			return -1;
+ 		value->ton = ton;
+ 
+ 		return res + 3;
+@@ -496,7 +879,7 @@
+ 	return -1;
+ }
+ 
+-static int rose_address_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
++static int rose_address_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
+ {
+ 	int i = 0;
+ 	struct rose_component *comp = NULL;
+@@ -506,65 +889,59 @@
+ 	do {
+ 		GET_COMPONENT(comp, i, vdata, len);
+ 
++		/* PartyNumber */
+ 		switch(comp->type) {
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):	/* [0] unknownPartyNumber */
+-			res = rose_number_digits_decode(pri, call, comp->data, comp->len, value);
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):	/* [0] unknownPartyNumber, IMPLICIT NumberDigits */
++			res = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
+ 			if (res < 0)
+ 				return -1;
+ 			value->npi = PRI_NPI_UNKNOWN;
+ 			value->ton = PRI_TON_UNKNOWN;
+ 			break;
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):	/* [0] unknownPartyNumber */
+-			res = asn1_copy_string(value->partyaddress, sizeof(value->partyaddress), comp);
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):	/* [1] publicPartyNumber, IMPLICIT PublicPartyNumber */
++			res = rose_public_party_number_decode(pri, comp->data, comp->len, 1, value);
+ 			if (res < 0)
+ 				return -1;
+-			value->npi = PRI_NPI_UNKNOWN;
+-			value->ton = PRI_TON_UNKNOWN;
++			value->npi = PRI_NPI_E163_E164;
+ 			break;
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):	/* [1] publicPartyNumber */
+-			res = rose_public_party_number_decode(pri, call, comp->data, comp->len, value);
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_3):	/* [3] dataPartyNumber, IMPLICIT NumberDigits */
++			res = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
+ 			if (res < 0)
+ 				return -1;
+-			value->npi = PRI_NPI_E163_E164;
+-			break;
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_2):	/* [2] nsapEncodedNumber */
+-			pri_message(pri, "!! NsapEncodedNumber isn't handled\n");
+-			return -1;
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):	/* [3] dataPartyNumber */
+-			if(rose_number_digits_decode(pri, call, comp->data, comp->len, value))
+-				return -1;
+ 			value->npi = PRI_NPI_X121 /* ??? */;
+ 			value->ton = PRI_TON_UNKNOWN /* ??? */;
+ 			pri_message(pri, "!! dataPartyNumber isn't handled\n");
+ 			return -1;
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_4):	/* [4] telexPartyNumber */
+-			res = rose_number_digits_decode(pri, call, comp->data, comp->len, value);
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_4):	/* [4] telexPartyNumber, IMPLICIT NumberDigits */
++			res = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
+ 			if (res < 0)
+ 				return -1;
+ 			value->npi = PRI_NPI_F69 /* ??? */;
+ 			value->ton = PRI_TON_UNKNOWN /* ??? */;
+ 			pri_message(pri, "!! telexPartyNumber isn't handled\n");
+ 			return -1;
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_5):	/* [5] priavePartyNumber */
+-			res = rose_private_party_number_decode(pri, call, comp->data, comp->len, value);
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_5):	/* [5] privatePartyNumber, IMPLICIT PrivatePartyNumber */
++			res = rose_private_party_number_decode(pri, comp->data, comp->len, 1, value);
+ 			if (res < 0)
+-			return -1;
++				return -1;
+ 			value->npi = PRI_NPI_PRIVATE;
+ 			break;
+-		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_8):	/* [8] nationalStandardPartyNumber */
+-			res = rose_number_digits_decode(pri, call, comp->data, comp->len, value);
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_8):	/* [8] nationalStandardPartyNumber, IMPLICIT NumberDigits */
++			res = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
+ 			if (res < 0)
+ 				return -1;
+ 			value->npi = PRI_NPI_NATIONAL;
+ 			value->ton = PRI_TON_NATIONAL;
+ 			break;
+ 		default:
+-			pri_message(pri, "!! Unknown Party number component received 0x%X\n", comp->type);
++			pri_message(pri, "!! Unknown PartyNumber component received 0x%X\n", comp->type);
+ 			return -1;
+ 		}
+ 		ASN1_FIXUP_LEN(comp, res);
+ 		NEXT_COMPONENT(comp, i);
+-		if(i < len)
++
++		/* PartySubaddress OPTIONAL */
++		if (i < len)
+ 			pri_message(pri, "!! not all information is handled from Address component\n");
+ 		return res + 2;
+ 	}
+@@ -573,14 +950,176 @@
+ 	return -1;
+ }
+ 
+-static int rose_presented_number_unscreened_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
++static int rose_party_number_encode(struct pri *pri, unsigned char *dst, unsigned char ton, char *num)
+ {
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	int numsize, size;
++
++	numsize = strlen(num);
++	if (numsize > 20 ) {
++		pri_message(pri, "!! Encoding of oversized PartyNumber component failed (%d)\n", numsize);
++		return -1;
++	}
++
++#if 0
++	/* tag component unknownPartyNumber  (0x80,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), dst, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* unknownPartyNumber, implicid NumberDigits */
++	memcpy(comp->data, num, numsize);
++	i += numsize;
++
++	ASN1_FIXUP(compstk, compsp, dst, i);
++#endif
++
++	/* tag component publicPartyNumber  (0xa1,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1), dst, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* publicPartyNumber, implicid PublicPartyNumber */
++	size = rose_public_party_number_encode(pri, comp->data, 1, ton, num);
++	if (size < 0)
++		return -1;
++	i += size;
++
++	ASN1_FIXUP(compstk, compsp, dst, i);
++
++	return i;
++}
++
++static int rose_party_number_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
++{
+ 	int i = 0;
+ 	int size = 0;
+ 	struct rose_component *comp = NULL;
+ 	unsigned char *vdata = data;
+ 
++	do {
++		GET_COMPONENT(comp, i, vdata, len);
++
++		switch(comp->type) {
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):   /* [0] IMPLICIT NumberDigits -- default: unknownPartyNumber */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PartyNumber: UnknownPartyNumber len=%d\n", len);
++				size = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
++				if (size < 0)
++					return -1;
++				value->npi = PRI_NPI_UNKNOWN;
++				value->ton = PRI_TON_UNKNOWN;
++				break;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):   /* [1] IMPLICIT PublicPartyNumber */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PartyNumber: PublicPartyNumber len=%d\n", len);
++				size = rose_public_party_number_decode(pri, comp->data, comp->len, 1, value);
++				if (size < 0)
++					return -1;
++				value->npi = PRI_NPI_E163_E164;
++				break;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_3):   /* [3] IMPLICIT NumberDigits -- not used: dataPartyNumber */
++				pri_message(pri, "!! PartyNumber: dataPartyNumber is reserved!\n");
++				size = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
++				if (size < 0)
++					return -1;
++				value->npi = PRI_NPI_X121 /* ??? */;
++				value->ton = PRI_TON_UNKNOWN /* ??? */;
++				break;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_4):   /* [4] IMPLICIT NumberDigits -- not used: telexPartyNumber */
++				pri_message(pri, "!! PartyNumber: telexPartyNumber is reserved!\n");
++				size = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
++				if (size < 0)
++					return -1;
++				value->npi = PRI_NPI_F69 /* ??? */;
++				value->ton = PRI_TON_UNKNOWN /* ??? */;
++				break;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_5):   /* [5] IMPLICIT PrivatePartyNumber */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PartyNumber: PrivatePartyNumber len=%d\n", len);
++				size = rose_private_party_number_decode(pri, comp->data, comp->len, 1, value);
++				if (size < 0)
++					return -1;
++ 				value->npi = PRI_NPI_PRIVATE;
++				break;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_8):   /* [8] IMPLICIT NumberDigits -- not used: nationalStandatdPartyNumber */
++				pri_message(pri, "!! PartyNumber: nationalStandardPartyNumber is reserved!\n");
++				size = rose_number_digits_decode(pri, comp->data, comp->len, 1, value);
++				if (size < 0)
++					return -1;
++				value->npi = PRI_NPI_NATIONAL;
++				value->ton = PRI_TON_NATIONAL;
++				break;
++
++			default:
++				pri_message(pri, "Invalid PartyNumber component 0x%X\n", comp->type);
++				return -1;
++		}
++		ASN1_FIXUP_LEN(comp, size);
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     PartyNumber: '%s' size=%d len=%d\n", value->partyaddress, size, len);
++		return size;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_presented_number_unscreened_encode(struct pri *pri, unsigned char *dst, unsigned char presentation, unsigned char ton, char *num)
++{
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	int numsize, size;
++
++	numsize = strlen(num);
++	if (numsize > 20 ) {
++		pri_message(pri, "!! Encoding of oversized PresentedNumberUnscreened component failed (%d)\n", numsize);
++		return -1;
++	}
++
++	switch (presentation & PRES_RESTRICTION) {
++		case PRES_ALLOWED:
++			/* tag component [0] presentationAllowedAddress (0xa0,len) */
++			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0), dst, i);
++			ASN1_PUSH(compstk, compsp, comp);
++
++			/* PartyNumber */
++			size = rose_party_number_encode(pri, comp->data, ton, num);
++			if (size < 0)
++				return -1;
++			i += size;
++			ASN1_FIXUP(compstk, compsp, dst, i);
++			break;
++		case PRES_RESTRICTED:
++			/* tag component [1] presentationRestricted (0x81,len) */
++			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1), dst, i);
++			break;
++		case PRES_UNAVAILABLE:
++			/* tag component [2] numberNotAvailableDueToInterworking (0x82,len) */
++			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), dst, i);
++			/* ASN1_FIXUP(compstk, compsp, dst, i); */
++			break;
++		default:
++			pri_message(pri, "!! Undefined presentation value for PresentedNumberUnscreened: 0x%x\n", presentation);
++			return -1;
++	}
++
++	return i;
++}
++
++static int rose_presented_number_unscreened_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
++{
++	int i = 0;
++	int size = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++
+ 	/* Fill in default values */
++	value->partyaddress[0] = '\0';
+ 	value->ton = PRI_TON_UNKNOWN;
+ 	value->npi = PRI_NPI_E163_E164;
+ 	value->pres = -1;	/* Data is not available */
+@@ -591,7 +1130,7 @@
+ 		switch(comp->type) {
+ 		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):		/* [0] presentationAllowedNumber */
+ 			value->pres = PRES_ALLOWED_USER_NUMBER_NOT_SCREENED;
+-			size = rose_address_decode(pri, call, comp->data, comp->len, value);
++			size = rose_address_decode(pri, comp->data, comp->len, value);
+ 			ASN1_FIXUP_LEN(comp, size);
+ 			return size + 2;
+ 		case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1):		/* [1] IMPLICIT presentationRestricted */
+@@ -610,7 +1149,7 @@
+ 			return 2;
+ 		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):		/* [3] presentationRestrictedNumber */
+ 			value->pres = PRES_PROHIB_USER_NUMBER_NOT_SCREENED;
+-			size = rose_address_decode(pri, call, comp->data, comp->len, value) + 2;
++			size = rose_address_decode(pri, comp->data, comp->len, value) + 2;
+ 			ASN1_FIXUP_LEN(comp, size);
+ 			return size + 2;
+ 		default:
+@@ -623,17 +1162,482 @@
+ 	return -1;
+ }
+ 
++static int rose_number_screened_encode(struct pri *pri, unsigned char *dst, int implicit, unsigned char ton, unsigned char screenind, char *num)
++{
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	int numsize, size;
++
++	numsize = strlen(num);
++	if (numsize > 20 ) {
++		pri_message(pri, "!! Encoding of oversized NumberScreened component failed (%d)\n", numsize);
++		return -1;
++	}
++
++	if (!implicit) {
++		/* constructor component  (0x30,len) */
++		ASN1_ADD_SIMPLE(comp, (ASN1_CONSTRUCTOR | ASN1_SEQUENCE), dst, i);
++		ASN1_PUSH(compstk, compsp, comp);
++	} else
++		comp = (struct rose_component *)dst;
++
++	/* PartyNumber */
++	size = rose_party_number_encode(pri, (u_int8_t *)comp, ton, num);
++	if (size < 0)
++		return -1;
++	i += size;
++
++	/* ScreeningIndicator  (0x0a,0x01,screenind) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, dst, i, screenind);
++
++	if (!implicit)
++		ASN1_FIXUP(compstk, compsp, dst, i);
++
++	return i;
++}
++
++static int rose_number_screened_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_presentednumberscreened *value)
++{
++	int i = 0;
++	int size = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++
++	int scrind = -1;
++
++	do {
++		/* Party Number */
++		GET_COMPONENT(comp, i, vdata, len);
++		size = rose_party_number_decode(pri, (u_int8_t *)comp, comp->len + 2, (struct addressingdataelements_presentednumberunscreened*) value);
++		if (size < 0)
++			return -1;
++		comp->len = size;
++		NEXT_COMPONENT(comp, i);
++
++		/* Screening Indicator */
++		GET_COMPONENT(comp, i, vdata, len);
++		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Don't know what to do with NumberScreened ROSE component type 0x%x\n");
++		ASN1_GET_INTEGER(comp, scrind);
++		// Todo: scrind = screeningindicator_for_q931(pri, scrind);
++		NEXT_COMPONENT(comp, i);
++
++		value->scrind = scrind;
++
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     NumberScreened: '%s' ScreeningIndicator=%d  i=%d  len=%d\n", value->partyaddress, scrind, i, len);
++
++		return i-2;  // We do not have a sequence header here.
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_presented_number_screened_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_presentednumberscreened *value)
++{
++	int i = 0;
++	int size = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++
++	/* Fill in default values */
++	value->partyaddress[0] = '\0';
++	value->ton = PRI_TON_UNKNOWN;
++	value->npi = PRI_NPI_UNKNOWN;
++	value->pres = -1; /* Data is not available */
++	value->scrind = 0;
++
++	do {
++		GET_COMPONENT(comp, i, vdata, len);
++
++		switch(comp->type) {
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):   /* [0] IMPLICIT presentationAllowedNumber */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedNumberScreened: presentationAllowedNumber comp->len=%d\n", comp->len);
++				value->pres = PRES_ALLOWED_USER_NUMBER_PASSED_SCREEN;
++				size = rose_number_screened_decode(pri, comp->data, comp->len, value);
++				if (size < 0)
++					return -1;
++				ASN1_FIXUP_LEN(comp, size);
++				return size + 2;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1):    /* [1] IMPLICIT presentationRestricted */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedNumberScreened: presentationRestricted comp->len=%d\n", comp->len);
++				if (comp->len != 0) { /* must be NULL */
++					pri_error(pri, "!! Invalid PresentationRestricted component received (len != 0)\n");
++					return -1;
++				}
++				value->pres = PRES_PROHIB_USER_NUMBER_PASSED_SCREEN;
++				return 2;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2):    /* [2] IMPLICIT numberNotAvailableDueToInterworking */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedNumberScreened: NumberNotAvailableDueToInterworking comp->len=%d\n", comp->len);
++				if (comp->len != 0) { /* must be NULL */
++					pri_error(pri, "!! Invalid NumberNotAvailableDueToInterworking component received (len != 0)\n");
++					return -1;
++				}
++				value->pres = PRES_NUMBER_NOT_AVAILABLE;
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedNumberScreened: numberNotAvailableDueToInterworking Type=0x%X  i=%d len=%d size=%d\n", comp->type, i, len);
++				return 2;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):    /* [3] IMPLICIT presentationRestrictedNumber */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedNumberScreened: presentationRestrictedNumber comp->len=%d\n", comp->len);
++				value->pres = PRES_PROHIB_USER_NUMBER_PASSED_SCREEN;
++				size = rose_number_screened_decode(pri, comp->data, comp->len, value);
++				if (size < 0)
++					return -1;
++				ASN1_FIXUP_LEN(comp, size);
++				return size + 2;
++
++			default:
++				pri_message(pri, "Invalid PresentedNumberScreened component 0x%X\n", comp->type);
++		}
++		return -1;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_partysubaddress_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_partysubaddress *value)
++{
++	int i = 0;
++	int size = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++
++	int odd_count_indicator = -1;
++	value->partysubaddress[0] = '\0';
++
++	do {
++		GET_COMPONENT(comp, i, vdata, len);
++
++		switch(comp->type) {
++		case (ASN1_CONSTRUCTOR | ASN1_SEQUENCE):    /* UserSpecifiedSubaddress */
++			/* SubaddressInformation */
++			SUB_COMPONENT(comp, i);
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_OCTETSTRING, "Don't know what to do if SubaddressInformation is of type 0x%x\n");
++			size = asn1_name_decode(comp->data, comp->len, value->partysubaddress, sizeof(value->partysubaddress));
++			if (size < 0)
++				return -1;
++			i += size;
++
++			/* oddCountIndicator BOOLEAN OPTIONAL */
++			if (i < len) {
++				GET_COMPONENT(comp, i, vdata, len);
++				CHECK_COMPONENT(comp, ASN1_BOOLEAN, "Don't know what to do if SubaddressInformation is of type 0x%x\n");
++
++				ASN1_GET_INTEGER(comp, odd_count_indicator);
++				NEXT_COMPONENT(comp, i);
++			}
++		case (ASN1_OCTETSTRING):    /* NSAPSubaddress */
++			size = asn1_name_decode((u_int8_t *)comp, comp->len + 2, value->partysubaddress, sizeof(value->partysubaddress));
++			if (size < 0)
++				return -1;
++			i += size;
++			break;
++		default:
++			pri_message(pri, "Invalid PartySubaddress component 0x%X\n", comp->type);
++			return -1;
++		}
++
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     PartySubaddress: '%s', oddCountIndicator=%d, i=%d len=%d\n", value->partysubaddress, odd_count_indicator, i, len);
++
++		return i;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_address_screened_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_addressscreened *value)
++{
++	int i = 0;
++	int size = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++
++	int scrind;
++	value->partysubaddress[0] = '\0';
++
++	/* SEQUENCE AddressScreened */
++	do {
++		/* PartyNumber */
++		GET_COMPONENT(comp, i, vdata, len);
++		size = rose_party_number_decode(pri, (u_int8_t *)comp, comp->len + 2, (struct addressingdataelements_presentednumberunscreened *)value);
++		if (size < 0)
++			return -1;
++		comp->len = size;
++		NEXT_COMPONENT(comp, i);
++
++		/* ScreeningIndicator */
++		GET_COMPONENT(comp, i, vdata, len);
++		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Don't know what to do with AddressScreened ROSE component type 0x%x\n");
++		ASN1_GET_INTEGER(comp, scrind);
++		NEXT_COMPONENT(comp, i);
++
++		if (i < len) {
++			/* PartySubaddress OPTIONAL */
++			GET_COMPONENT(comp, i, vdata, len);
++			size = rose_partysubaddress_decode(pri, (u_int8_t *)comp, comp->len + 2, (struct addressingdataelements_partysubaddress *)value);
++			if (size < 0)
++				return -1;
++			i += size;
++		}
++
++		value->scrind = scrind;
++
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     AddressScreened: '%s' ScreeningIndicator=%d  i=%d  len=%d\n", value->partyaddress, scrind, i, len);
++
++		return i-2;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_presented_address_screened_decode(struct pri *pri, unsigned char *data, int len, struct addressingdataelements_presentedaddressscreened *value)
++{
++	int i = 0;
++	int size = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = data;
++
++	/* Fill in default values */
++	value->partyaddress[0] = '\0';
++	value->partysubaddress[0] = '\0';
++	value->npi = PRI_NPI_UNKNOWN;
++	value->ton = PRI_TON_UNKNOWN;
++	value->pres = -1; /* Data is not available */
++	value->scrind = 0;
++
++	do {
++		GET_COMPONENT(comp, i, vdata, len);
++
++		switch(comp->type) {
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):   /* [0] IMPLICIT presentationAllowedAddress */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedAddressScreened: presentationAllowedAddress comp->len=%d\n", comp->len);
++				value->pres = PRES_ALLOWED_USER_NUMBER_PASSED_SCREEN;
++				size = rose_address_screened_decode(pri, comp->data, comp->len, (struct addressingdataelements_addressscreened *)value);
++				if (size < 0)
++					return -1;
++				ASN1_FIXUP_LEN(comp, size);
++				return size + 2;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1):    /* [1] IMPLICIT presentationRestricted */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedAddressScreened: presentationRestricted comp->len=%d\n", comp->len);
++				if (comp->len != 0) { /* must be NULL */
++					pri_error(pri, "!! Invalid PresentationRestricted component received (len != 0)\n");
++					return -1;
++				}
++				value->pres = PRES_PROHIB_USER_NUMBER_PASSED_SCREEN;
++				return 2;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2):    /* [2] IMPLICIT numberNotAvailableDueToInterworking */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedAddressScreened: NumberNotAvailableDueToInterworking comp->len=%d\n", comp->len);
++				if (comp->len != 0) { /* must be NULL */
++					pri_error(pri, "!! Invalid NumberNotAvailableDueToInterworking component received (len != 0)\n");
++					return -1;
++				}
++				value->pres = PRES_NUMBER_NOT_AVAILABLE;
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedAddressScreened: numberNotAvailableDueToInterworking Type=0x%X  i=%d len=%d size=%d\n", comp->type, i, len);
++				return 2;
++
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):    /* [3] IMPLICIT presentationRestrictedAddress */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     PresentedAddressScreened: presentationRestrictedAddress comp->len=%d\n", comp->len);
++				value->pres = PRES_PROHIB_USER_NUMBER_PASSED_SCREEN;
++				size = rose_address_screened_decode(pri, comp->data, comp->len, (struct addressingdataelements_addressscreened *)value);
++				if (size < 0)
++					return -1;
++				ASN1_FIXUP_LEN(comp, size);
++				return size + 2;
++
++			default:
++				pri_message(pri, "Invalid PresentedAddressScreened component 0x%X\n", comp->type);
++		}
++		return -1;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_diverting_leg_information1_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
++{
++	int i = 0;
++	struct addressingdataelements_presentednumberunscreened nominatednr;
++	int diversion_reason;
++	int subscription_option;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = sequence->data;
++	int size = 0;
++	memset(&nominatednr, 0, sizeof(nominatednr));
++
++	/* Data checks */
++	if (sequence->type != (ASN1_CONSTRUCTOR | ASN1_SEQUENCE)) { /* Constructed Sequence */
++		pri_message(pri, "Invalid DivertingLegInformation1Type argument\n");
++		return -1;
++	}
++
++	if (sequence->len == ASN1_LEN_INDEF) {
++		len -= 4;   /* For the 2 extra characters at the end
++		               and two characters of header */
++	} else
++		len -= 2;
++
++	do {
++		/* diversionReason DiversionReason */
++		GET_COMPONENT(comp, i, vdata, len);
++		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Invalid diversionReason type 0x%X of ROSE divertingLegInformation1 component received\n");
++		ASN1_GET_INTEGER(comp, diversion_reason);
++		NEXT_COMPONENT(comp, i);
++
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "    Received diversionReason: %s(%d)\n", diversionreason_to_str(pri, diversion_reason), diversion_reason);
++
++		diversion_reason = redirectingreason_for_q931(pri, diversion_reason);
++
++		/* subscriptionOption SubscriptionOption */
++		GET_COMPONENT(comp, i, vdata, len);
++		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Invalid subscriptionOption type 0x%X of ROSE divertingLegInformation1 component received\n");
++		ASN1_GET_INTEGER(comp, subscription_option);
++		NEXT_COMPONENT(comp, i);
++
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "    Received subscriptionOption: %d\n", subscription_option);
++
++		/* nominatedNr PartyNumber */
++		GET_COMPONENT(comp, i, vdata, len);
++		size = rose_party_number_decode(pri, (u_int8_t *)comp, comp->len + 2, &nominatednr);
++		if (size < 0)
++			return -1;
++
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "    Received nominatedNr '%s'\n", nominatednr.partyaddress);
++			pri_message(pri, "      ton = %d, npi = %d\n\n", nominatednr.ton, nominatednr.npi);
++		}
++
++		call->divleginfo1activeflag = 1;
++		if (subscription_option == QSIG_NOTIFICATION_WITH_DIVERTED_TO_NR) {
++			libpri_copy_string(call->divertedtonum, nominatednr.partyaddress, sizeof(call->divertedtonum));
++		} else {
++			call->divertedtonum[0] = '\0';
++		}
++		call->divertedtopres = (subscription_option == QSIG_NOTIFICATION_WITH_DIVERTED_TO_NR) ? PRES_ALLOWED_USER_NUMBER_NOT_SCREENED : PRES_PROHIB_USER_NUMBER_NOT_SCREENED;
++		call->divertedtoplan = ((nominatednr.ton & 0x07) << 4) | (nominatednr.npi & 0x0f);
++		call->divertedtoreason = diversion_reason;
++		call->divertedtocount++;
++
++		return 0;
++	}
++	while (0);
++
++	return -1;
++}
++
++int rose_diverting_leg_information1_encode(struct pri *pri, q931_call *call)
++{
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	unsigned char buffer[256];
++	int size;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Encode divertingLegInformation1\n");
++
++	/* Protocol Profile = 0x1f (Networking Extensions)  (0x9f) */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Network Facility Extension */
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		/* tag component NetworkFacilityExtension (0xaa, len ) */
++		ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* sourceEntity  (0x80,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* endPINX(0) */
++
++		/* destinationEntity  (0x82,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* endPINX(0) */
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++	}
++
++	/* Network Protocol Profile */
++	/*  - not included - */
++
++	/* Interpretation APDU  (0x8b,0x01,0x00) */
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);	/* discardAnyUnrecognisedInvokePdu(0) */
++
++	/* Service APDU(s): */
++
++	/* ROSE InvokePDU  (0xa1,len) */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* ROSE InvokeID  (0x02,0x01,invokeid) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));
++
++	/* ROSE operationId  (0x02,0x01,0x14)*/
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, ROSE_DIVERTING_LEG_INFORMATION1);
++
++	/* constructor component  (0x30,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONSTRUCTOR | ASN1_SEQUENCE), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* diversionReason  (0x0a,0x01,diversionreason) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, redirectingreason_from_q931(pri, call->divertedtoreason));
++
++	/* subscriptionOption  (0x0a,0x01,subscriptionoption) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, presentation_to_subscription(pri, call->divertedtopres));
++
++	/* nominatedNr */
++
++	/* tag component publicPartyNumber  (0xa1,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* publicPartyNumber, implicid PublicPartyNumber */
++	size = rose_public_party_number_encode(pri, &buffer[i], 1, (call->divertedtoplan & 0x70) >> 4, call->divertedtonum);
++	if (size < 0)
++		return -1;
++	i += size;
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	if (pri_call_apdu_queue(call, Q931_FACILITY, buffer, i, NULL, NULL))
++		return -1;
++
++	return 0;
++}
++
+ static int rose_diverting_leg_information2_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
+ {
+ 	int i = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = sequence->data;
++	int size = 0;
++
+ 	int diversion_counter;
+ 	int diversion_reason;
+-	char origcalledname[50] = "", redirectingname[50] = "";
++	int original_diversion_reason = QSIG_DIVERT_REASON_UNKNOWN;
++	struct nameelements_name redirectingname = { "", CHARACTER_SET_UNKNOWN, 0 };
++	struct nameelements_name origcalledname = { "", CHARACTER_SET_UNKNOWN, 0 };;
+ 	struct addressingdataelements_presentednumberunscreened divertingnr;
+- 	struct addressingdataelements_presentednumberunscreened originalcallednr;
+-	struct rose_component *comp = NULL;
+-	unsigned char *vdata = sequence->data;
+-	int res = 0;
++	struct addressingdataelements_presentednumberunscreened originalcallednr;
+ 	memset(&divertingnr, 0, sizeof(divertingnr));
+ 	memset(&originalcallednr, 0, sizeof(originalcallednr));
+ 
+@@ -644,249 +1648,429 @@
+ 	}
+ 
+ 	if (sequence->len == ASN1_LEN_INDEF) {
+-		len -= 4; /* For the 2 extra characters at the end
+-                           * and two characters of header */
++		len -= 4;   /* For the 2 extra characters at the end
++		               and two characters of header */
+ 	} else
+ 		len -= 2;
+ 
+ 	do {
+-		/* diversionCounter stuff */
++		/* diversionCounter */
+ 		GET_COMPONENT(comp, i, vdata, len);
+-		CHECK_COMPONENT(comp, ASN1_INTEGER, "Don't know what to do it diversionCounter is of type 0x%x\n");
++		CHECK_COMPONENT(comp, ASN1_INTEGER, "Don't know what to do if diversionCounter is of type 0x%x\n");
+ 		ASN1_GET_INTEGER(comp, diversion_counter);
+ 		NEXT_COMPONENT(comp, i);
+ 
+-		/* diversionReason stuff */
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "    Received diversionCounter: %d\n",  diversion_counter);
++
++		/* diversionReason DiversionReason */
+ 		GET_COMPONENT(comp, i, vdata, len);
+ 		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Invalid diversionReason type 0x%X of ROSE divertingLegInformation2 component received\n");
+ 		ASN1_GET_INTEGER(comp, diversion_reason);
+ 		NEXT_COMPONENT(comp, i);
+ 
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "    Received diversionReason: %s(%d)\n", diversionreason_to_str(pri, diversion_reason), diversion_reason);
++
+ 		diversion_reason = redirectingreason_for_q931(pri, diversion_reason);
+-	
+-		if(pri->debug & PRI_DEBUG_APDU)
+-			pri_message(pri, "    Redirection reason: %d, total diversions: %d\n", diversion_reason, diversion_counter);
+-		pri_message(NULL, "Length of message is %d\n", len);
+ 
+-		for(; i < len; NEXT_COMPONENT(comp, i)) {
++		/* Type SEQUENCE specifies an ordered list of component types.           *
++		 * We decode all components but for simplicity we don't check the order. */
++		while (i < len) {
+ 			GET_COMPONENT(comp, i, vdata, len);
++
+ 			switch(comp->type) {
+ 			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):
+-				call->origredirectingreason = redirectingreason_for_q931(pri, comp->data[0]);
++				/* originalDiversionReason */
++				ASN1_GET_INTEGER(comp, original_diversion_reason);
++				NEXT_COMPONENT(comp,i);
+ 				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "    Received reason for original redirection %d\n", call->origredirectingreason);
++					pri_message(pri, "    Received originalDiversionReason: %s(%d)\n", diversionreason_to_str(pri, original_diversion_reason), original_diversion_reason);
++				original_diversion_reason = redirectingreason_for_q931(pri, original_diversion_reason);
+ 				break;
+ 			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):
+-				res = rose_presented_number_unscreened_decode(pri, call, comp->data, comp->len, &divertingnr);
+-				/* TODO: Fix indefinite length form hacks */
+-				ASN1_FIXUP_LEN(comp, res);
+-				comp->len = res;
+-				if (res < 0)
++				/* divertingNr */
++				size = rose_presented_number_unscreened_decode(pri, comp->data, comp->len, &divertingnr);
++				if (size < 0)
+ 					return -1;
++				ASN1_FIXUP_LEN(comp, size);
++				comp->len = size;
++				NEXT_COMPONENT(comp,i);
+ 				if (pri->debug & PRI_DEBUG_APDU) {
+ 					pri_message(pri, "    Received divertingNr '%s'\n", divertingnr.partyaddress);
+ 					pri_message(pri, "      ton = %d, pres = %d, npi = %d\n", divertingnr.ton, divertingnr.pres, divertingnr.npi);
+ 				}
+ 				break;
+ 			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_2):
+-				res = rose_presented_number_unscreened_decode(pri, call, comp->data, comp->len, &originalcallednr);
+-				if (res < 0)
++				/* originalCalledNr */
++				size = rose_presented_number_unscreened_decode(pri, comp->data, comp->len, &originalcallednr);
++				if (size < 0)
+ 					return -1;
+-				ASN1_FIXUP_LEN(comp, res);
+-				comp->len = res;
++				ASN1_FIXUP_LEN(comp, size);
++				comp->len = size;
++				NEXT_COMPONENT(comp,i);
+ 				if (pri->debug & PRI_DEBUG_APDU) {
+-					pri_message(pri, "    Received originalcallednr '%s'\n", originalcallednr.partyaddress);
++					pri_message(pri, "    Received originalCalledNr '%s'\n", originalcallednr.partyaddress);
+ 					pri_message(pri, "      ton = %d, pres = %d, npi = %d\n", originalcallednr.ton, originalcallednr.pres, originalcallednr.npi);
+ 				}
+ 				break;
+ 			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):
+-				res = asn1_name_decode(comp->data, comp->len, redirectingname, sizeof(redirectingname));
+-				if (res < 0)
++				/* redirectingName */
++				size = rose_name_decode(pri, comp->data, comp->len, &redirectingname);
++				if (size < 0)
+ 					return -1;
+-				ASN1_FIXUP_LEN(comp, res);
+-				comp->len = res;
++				i += (size + 2);
+ 				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "    Received RedirectingName '%s'\n", redirectingname);
++					pri_message(pri, "     Received RedirectingName '%s', namepres %s(%d), characterset %s(%d)\n",
++						        redirectingname.name, namepres_to_str(redirectingname.namepres), redirectingname.namepres,
++						        characterset_to_str(redirectingname.characterset), redirectingname.characterset);
+ 				break;
+ 			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_4):
+-				res = asn1_name_decode(comp->data, comp->len, origcalledname, sizeof(origcalledname));
+-				if (res < 0)
++				/* originalCalledName */
++				size = rose_name_decode(pri, comp->data, comp->len, &origcalledname);
++				if (size < 0)
+ 					return -1;
+-				ASN1_FIXUP_LEN(comp, res);
+-				comp->len = res;
++				i += (size + 2);
+ 				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "    Received Originally Called Name '%s'\n", origcalledname);
++					pri_message(pri, "     Received OriginalCalledName '%s', namepres %s(%d), characterset %s(%d)\n",
++						        origcalledname.name, namepres_to_str(origcalledname.namepres), origcalledname.namepres,
++						        characterset_to_str(origcalledname.characterset), origcalledname.characterset);
+ 				break;
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_5):
+-				pri_message(pri, "!! Ignoring DivertingLegInformation2 component 0x%X\n", comp->type);
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_5):	/* [5] IMPLICIT Extension */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_6):	/* [6] IMPLICIT SEQUENCE OF Extension */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "!!     Ignoring DivertingLegInformation2 component 0x%X\n", comp->type);
++				NEXT_COMPONENT(comp, i);
+ 				break;
+ 			default:
+-				if (comp->type == 0 && comp->len == 0) {
+-					break; /* Found termination characters */
+-				}
+-				pri_message(pri, "!! Invalid DivertingLegInformation2 component received 0x%X\n", comp->type);
++				pri_message(pri, "!!     Invalid DivertingLegInformation2 component received 0x%X\n", comp->type);
+ 				return -1;
+ 			}
+ 		}
+ 
+ 		if (divertingnr.pres >= 0) {
+-			call->redirectingplan = divertingnr.npi;
++			call->redirectingplan = ((divertingnr.ton & 0x07) << 4) | (divertingnr.npi & 0x0f);
+ 			call->redirectingpres = divertingnr.pres;
+ 			call->redirectingreason = diversion_reason;
+ 			libpri_copy_string(call->redirectingnum, divertingnr.partyaddress, sizeof(call->redirectingnum));
+-			pri_message(pri, "    Received redirectingnum '%s' (%d)\n", call->redirectingnum, (int)call->redirectingnum[0]);
+ 		}
+ 		if (originalcallednr.pres >= 0) {
+-			call->origcalledplan = originalcallednr.npi;
++			call->origcalledplan = ((originalcallednr.ton & 0x07) << 4) | (originalcallednr.npi & 0x0f);
+ 			call->origcalledpres = originalcallednr.pres;
+ 			libpri_copy_string(call->origcallednum, originalcallednr.partyaddress, sizeof(call->origcallednum));
+-			pri_message(pri, "    Received origcallednum '%s' (%d)\n", call->origcallednum, (int)call->origcallednum[0]);
+ 		}
+-		libpri_copy_string(call->redirectingname, redirectingname, sizeof(call->redirectingname));
+-		libpri_copy_string(call->origcalledname, origcalledname, sizeof(call->origcalledname));
++
++		if (redirectingname.namepres != 0) {
++			libpri_copy_string(call->redirectingname, redirectingname.name, sizeof(call->redirectingname));
++		} else {
++			call->redirectingname[0] = '\0';
++		}
++
++		if (origcalledname.namepres != 0) {
++			libpri_copy_string(call->origcalledname, origcalledname.name, sizeof(call->origcalledname));
++		} else {
++			call->origcalledname[0] = '\0';
++		}
++
++		call->origredirectingreason = original_diversion_reason;
++		call->redirectingcount = diversion_counter;
++
+ 		return 0;
+ 	}
+ 	while (0);
+ 
+ 	return -1;
+ }
+-				
++
+ static int rose_diverting_leg_information2_encode(struct pri *pri, q931_call *call)
+ {
+-	int i = 0, j, compsp = 0;
++	int i = 0, compsp = 0;
+ 	struct rose_component *comp, *compstk[10];
+ 	unsigned char buffer[256];
+-	int len = 253;
+-	
+-#if 0	/* This is not required by specifications */
+-	if (!strlen(call->callername)) {
+-		return -1;
++	int size;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Encode divertingLegInformation2\n");
++
++	/* Protocol Profile = 0x1f (Networking Extensions)  (0x9f) */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Network Facility Extension */
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		/* tag component NetworkFacilityExtension (0xaa, len ) */
++		ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* sourceEntity  (0x80,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* endPINX(0) */
++
++		/* destinationEntity  (0x82,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* endPINX(0) */
++		ASN1_FIXUP(compstk, compsp, buffer, i);
+ 	}
+-#endif
+ 
+-	buffer[i] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
+-	i++;
+-	/* Interpretation component */
+-	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0x00 /* Discard unrecognized invokes */);
+-	
++	/* Network Protocol Profile */
++	/*  - not included - */
++
++	/* Interpretation APDU  (0x8b,0x01,0x00) */
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);	/* discardAnyUnrecognisedInvokePdu(0) */
++
++	/* Service APDU(s): */
++
++	/* ROSE InvokePDU  (0xa1,len) */
+ 	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);
+-	
+ 	ASN1_PUSH(compstk, compsp, comp);
+-	/* Invoke component contents */
+-	/*	Invoke ID */
++
++	/* ROSE InvokeID  (0x02,0x01,invokeid) */
+ 	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));
+-	/*	Operation Tag */
+-	
+-	/* ROSE operationId component */
++
++	/* ROSE operationId  (0x02,0x01,0x15)*/
+ 	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, ROSE_DIVERTING_LEG_INFORMATION2);
+ 
+-	/* ROSE ARGUMENT component */
++	/* constructor component  (0x30,len) */
+ 	ASN1_ADD_SIMPLE(comp, (ASN1_CONSTRUCTOR | ASN1_SEQUENCE), buffer, i);
+ 	ASN1_PUSH(compstk, compsp, comp);
+-	/* ROSE DivertingLegInformation2.diversionCounter component */
+-	/* Always is 1 because other isn't available in the current design */
++
++	/* diversionCounter always is 1 because other isn't available in the current design */
++	/* diversionCounter  (0x02,0x01,0x01) */
+ 	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, 1);
+-	
+-	/* ROSE DivertingLegInformation2.diversionReason component */
++
++	/* diversionReason  (0x0a,0x01,redirectingreason) */
+ 	ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, redirectingreason_from_q931(pri, call->redirectingreason));
+-		
+-	/* ROSE DivertingLegInformation2.divertingNr component */
++
++	/* originalDiversionReason */
++	/*  - not included - */
++
++	/* divertingNr */
++
++	/* tag component divertingNr  (0xa1,len) */
+ 	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1), buffer, i);
+-	
+ 	ASN1_PUSH(compstk, compsp, comp);
+-		/* Redirecting information always not screened */
+-	
+-	switch(call->redirectingpres) {
+-		case PRES_ALLOWED_USER_NUMBER_NOT_SCREENED:
+-		case PRES_ALLOWED_USER_NUMBER_PASSED_SCREEN:
+-			if (call->redirectingnum && strlen(call->redirectingnum)) {
+-				ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0), buffer, i);
+-				ASN1_PUSH(compstk, compsp, comp);
+-					/* NPI of redirected number is not supported in the current design */
+-				ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1), buffer, i);
+-				ASN1_PUSH(compstk, compsp, comp);
+-					ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, typeofnumber_from_q931(pri, call->redirectingplan >> 4));
+-					j = asn1_string_encode(ASN1_NUMERICSTRING, &buffer[i], len - i, 20, call->redirectingnum, strlen(call->redirectingnum));
+-				if (j < 0)
+-					return -1;
+-					
+-				i += j;
+-				ASN1_FIXUP(compstk, compsp, buffer, i);
+-				ASN1_FIXUP(compstk, compsp, buffer, i);
+-				break;
+-			}
+-			/* fall through */
+-		case PRES_PROHIB_USER_NUMBER_PASSED_SCREEN:
+-		case PRES_PROHIB_USER_NUMBER_NOT_SCREENED:
+-			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1), buffer, i);
+-			break;
+-		/* Don't know how to handle this */
+-		case PRES_ALLOWED_NETWORK_NUMBER:
+-		case PRES_PROHIB_NETWORK_NUMBER:
+-		case PRES_ALLOWED_USER_NUMBER_FAILED_SCREEN:
+-		case PRES_PROHIB_USER_NUMBER_FAILED_SCREEN:
+-			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1), buffer, i);
+-			break;
+-		default:
+-			pri_message(pri, "!! Undefined presentation value for redirecting number: %d\n", call->redirectingpres);
+-		case PRES_NUMBER_NOT_AVAILABLE:
+-			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i);
+-			break;
+-	}
++
++	size = rose_presented_number_unscreened_encode(pri, &buffer[i], call->redirectingpres, typeofnumber_from_q931(pri, (call->redirectingplan & 0x70) >> 4), call->redirectingnum);
++	if (size < 0)
++		return -1;
++	i += size;
+ 	ASN1_FIXUP(compstk, compsp, buffer, i);
+ 
+-	/* ROSE DivertingLegInformation2.originalCalledNr component */
+-	/* This information isn't supported by current design - duplicate divertingNr */
++	/* originalCalledNr */
++	/*  - not included - */
++
++#if 0
++	/* The originalCalledNr is unknown here. Its the same as divertingNr if the call *
++	 * is diverted only once but we don't know if its diverted one ore more times.   */
++
++	/* originalCalledNr */
++
++	/* tag component originalCalledNr  (0xa2,len) */
+ 	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_2), buffer, i);
+ 	ASN1_PUSH(compstk, compsp, comp);
+-		/* Redirecting information always not screened */
+-	switch(call->redirectingpres) {
+-		case PRES_ALLOWED_USER_NUMBER_NOT_SCREENED:
+-		case PRES_ALLOWED_USER_NUMBER_PASSED_SCREEN:
+-			if (call->redirectingnum && strlen(call->redirectingnum)) {
+-				ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0), buffer, i);
+-				ASN1_PUSH(compstk, compsp, comp);
+-				ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1), buffer, i);
+-				ASN1_PUSH(compstk, compsp, comp);
+-				ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, typeofnumber_from_q931(pri, call->redirectingplan >> 4));
+-	
+-				j = asn1_string_encode(ASN1_NUMERICSTRING, &buffer[i], len - i, 20, call->redirectingnum, strlen(call->redirectingnum));
+-				if (j < 0)
++
++	size = rose_presented_number_unscreened_encode(pri, &buffer[i], call->redirectingpres, typeofnumber_from_q931(pri, (call->redirectingplan & 0x70) >> 4), call->redirectingnum);
++	if (size < 0)
++		return -1;
++	i += size;
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++#endif
++
++	/* redirectingName */
++	if (call->redirectingname[0]) {
++		/* tag component redirectingName  (0xa3,len) */
++		ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3), buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* tag component namePresentationAllowedSimple  (0x80,len) */
++		ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* namePresentationAllowedSimple, implicid NameData */
++		size = rose_namedata_encode(pri, &buffer[i], 1, call->redirectingname);
++		if (size < 0)
++			return -1;
++		i += size;
++
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++	}
++
++	/* originalCalledName */
++	/*  - not included - */
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	if (pri_call_apdu_queue(call, Q931_SETUP, buffer, i, NULL, NULL))
++		return -1;
++
++	return 0;
++}
++
++static int rose_diverting_leg_information3_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
++{
++	int i = 0;
++	struct nameelements_name redirectionname = { "", CHARACTER_SET_UNKNOWN, 0 };
++	int presentation_allowed_indicator;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = sequence->data;
++	int size = 0;
++
++	/* Data checks */
++	if (sequence->type != (ASN1_CONSTRUCTOR | ASN1_SEQUENCE)) { /* Constructed Sequence */
++		pri_message(pri, "Invalid DivertingLegInformation3Type argument\n");
++		return -1;
++	}
++
++	if (sequence->len == ASN1_LEN_INDEF) {
++		len -= 4;   /* For the 2 extra characters at the end
++		               and two characters of header */
++	} else
++		len -= 2;
++
++	do {
++		/* presentationAllowedIndicator */
++		GET_COMPONENT(comp, i, vdata, len);
++		CHECK_COMPONENT(comp, ASN1_BOOLEAN, "Don't know what to do if presentationAllowedIndicator is of type 0x%x\n");
++		ASN1_GET_INTEGER(comp, presentation_allowed_indicator);
++		NEXT_COMPONENT(comp, i);
++
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "    Received presentationAllowedIndicator: %d\n", presentation_allowed_indicator);
++
++		/* Type SEQUENCE specifies an ordered list of component types.           *
++		 * We decode all components but for simplicity we don't check the order. */
++		while (i < len) {
++			GET_COMPONENT(comp, i, vdata, len);
++
++			switch(comp->type) {
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):
++				/* redirectionName */
++				size = rose_name_decode(pri, comp->data, comp->len, &redirectionname);
++				if (size < 0)
+ 					return -1;
+-				
+-				i += j;
+-				ASN1_FIXUP(compstk, compsp, buffer, i);
+-				ASN1_FIXUP(compstk, compsp, buffer, i);
++				i += (size + 2);
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     Received RedirectionName '%s', namepres %s(%d), characterset %s(%d)\n",
++					            redirectionname.name, namepres_to_str(redirectionname.namepres), redirectionname.namepres,
++					            characterset_to_str(redirectionname.characterset), redirectionname.characterset);
+ 				break;
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):	/* [1] IMPLICIT Extension */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_2):	/* [2] IMPLICIT SEQUENCE OF Extension */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "!!     Ignoring DivertingLegInformation3 component 0x%X\n", comp->type);
++				NEXT_COMPONENT(comp, i);
++				break;
++			default:
++				pri_message(pri, "!! Invalid DivertingLegInformation3 component received 0x%X\n", comp->type);
++				return -1;
+ 			}
+-				/* fall through */
+-		case PRES_PROHIB_USER_NUMBER_PASSED_SCREEN:
+-		case PRES_PROHIB_USER_NUMBER_NOT_SCREENED:
+-			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1), buffer, i);
+-			break;
+-		/* Don't know how to handle this */
+-		case PRES_ALLOWED_NETWORK_NUMBER:
+-		case PRES_PROHIB_NETWORK_NUMBER:
+-		case PRES_ALLOWED_USER_NUMBER_FAILED_SCREEN:
+-		case PRES_PROHIB_USER_NUMBER_FAILED_SCREEN:
+-			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1), buffer, i);
+-			break;
+-		default:
+-			pri_message(pri, "!! Undefined presentation value for redirecting number: %d\n", call->redirectingpres);
+-		case PRES_NUMBER_NOT_AVAILABLE:
+-			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i);
+-			break;
++		}
++
++		call->divleginfo3activeflag = 1;
++		if ((redirectionname.namepres != 0) && (presentation_allowed_indicator != 0)) {
++			libpri_copy_string(call->divertedtoname, redirectionname.name, sizeof(call->divertedtoname));
++		} else {
++			call->divertedtoname[0] = '\0';
++		}
++
++		return 0;
+ 	}
+-	ASN1_FIXUP(compstk, compsp, buffer, i);
+-		
+-	/* Fix length of stacked components */
+-	while(compsp > 0) {
++	while (0);
++
++	return -1;
++}
++
++int rose_diverting_leg_information3_encode(struct pri *pri, q931_call *call, int messagetype)
++{
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	unsigned char buffer[256];
++	int size;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Encode divertingLegInformation3\n");
++
++	/* Protocol Profile = 0x1f (Networking Extensions)  (0x9f) */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Network Facility Extension */
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		/* tag component NetworkFacilityExtension (0xaa, len ) */
++		ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* sourceEntity  (0x80,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* endPINX(0) */
++
++		/* destinationEntity  (0x82,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* endPINX(0) */
+ 		ASN1_FIXUP(compstk, compsp, buffer, i);
+ 	}
+-	
+-	if (pri_call_apdu_queue(call, Q931_SETUP, buffer, i, NULL, NULL))
++
++	/* Network Protocol Profile */
++	/*  - not included - */
++
++	/* Interpretation APDU  (0x8b,0x01,0x00) */
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);	/* discardAnyUnrecognisedInvokePdu(0) */
++
++	/* Service APDU(s): */
++
++	/* ROSE InvokePDU  (0xa1,len) */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* ROSE InvokeID  (0x02,0x01,invokeid) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));
++
++	/* ROSE operationId  (0x02,0x01,0x16)*/
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, ROSE_DIVERTING_LEG_INFORMATION3);
++
++	/* constructor component  (0x30,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONSTRUCTOR | ASN1_SEQUENCE), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* 'connectedpres' also indicates if name presentation is allowed */
++	if (((call->divertedtopres & 0x60) >> 5) == 0) {
++		/* presentation allowed */
++
++		/* presentationAllowedIndicator  (0x01,0x01,0xff) */
++		ASN1_ADD_BYTECOMP(comp, ASN1_BOOLEAN, buffer, i, 0xff);			/* true(255) */
++
++		/* redirectionName */
++
++		/* tag component redirectionName  (0xa0,len) */
++		ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0), buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		if (call->divertedtoname[0]) {
++			/* tag component namePresentationAllowedSimple  (0x80,len) */
++			ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i);
++			ASN1_PUSH(compstk, compsp, comp);
++
++			/* namePresentationAllowedSimple, implicid NameData */
++			size = rose_namedata_encode(pri, &buffer[i], 1, call->divertedtoname);
++			if (size < 0)
++				return -1;
++			i += size;
++
++			ASN1_FIXUP(compstk, compsp, buffer, i);
++		}
++
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++	} else {
++		/* presentation restricted */
++
++		/* presentationAllowedIndicator  (0x01,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, ASN1_BOOLEAN, buffer, i, 0);			/* false(0) */
++
++		/* - don't include redirectionName, component is optional - */
++	}
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	if (pri_call_apdu_queue(call, messagetype, buffer, i, NULL, NULL))
+ 		return -1;
+-		
++
+ 	return 0;
+ }
+ 
+@@ -1644,7 +2828,7 @@
+ 		switch (comp1->type) {
+ 			/* TODO: charged number is untested - please report! */
+ 			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0): /* chargedNumber (0xA0) */
+-				if(rose_presented_number_unscreened_decode(pri, call, comp1->data, comp1->len, &chargednr) != 0)
++				if(rose_presented_number_unscreened_decode(pri, comp1->data, comp1->len, &chargednr) != 0)
+ 					return -1;
+ 				pri_message(pri, "!! not handled: Received ChargedNr '%s' \n", chargednr.partyaddress);
+ 				pri_message(pri, "  ton = %d, pres = %d, npi = %d\n", chargednr.ton, chargednr.pres, chargednr.npi);
+@@ -1740,302 +2924,407 @@
+ }
+ /* End AOC */
+ 
+-static int rose_calling_name_decode(struct pri *pri, q931_call *call, struct rose_component *choice, int len)
++/* ===== Call Transfer Supplementary Service (ECMA-178) ===== */
++
++static int rose_call_transfer_complete_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
+ {
+ 	int i = 0;
+ 	struct rose_component *comp = NULL;
+-	unsigned char *vdata = choice->data;
+-	int characterSet = 1;
+-	switch (choice->type) {
+-		case ROSE_NAME_PRESENTATION_ALLOWED_SIMPLE:
+-			memcpy(call->callername, choice->data, choice->len);
+-			call->callername[choice->len] = 0;
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "    Received simple calling name '%s'\n", call->callername);
+-			return 0;
++	unsigned char *vdata = sequence->data;
++	int size = 0;
+ 
+-		case ROSE_NAME_PRESENTATION_ALLOWED_EXTENDED:
+-			do {
+-				GET_COMPONENT(comp, i, vdata, len);
+-				CHECK_COMPONENT(comp, ASN1_OCTETSTRING, "Don't know what to do if nameData is of type 0x%x\n");
+-				memcpy(call->callername, comp->data, comp->len);
+-				call->callername[comp->len] = 0;
+-				NEXT_COMPONENT(comp, i);
++	struct addressingdataelements_presentednumberscreened redirection_number;
++	struct nameelements_name redirectionname = { "", CHARACTER_SET_UNKNOWN, 0 };
++	char basiccallinfoelements[257] = "";
++	int call_status = 0;	/* answered(0) */
++	int end_designation;
+ 
+-				GET_COMPONENT(comp, i, vdata, len);
+-				CHECK_COMPONENT(comp, ASN1_INTEGER, "Don't know what to do if CharacterSet is of type 0x%x\n");
+-				ASN1_GET_INTEGER(comp, characterSet);
+-			}
+-			while (0);
+-
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "    Received extended calling name '%s', characterset %d\n", call->callername, characterSet);
+-			return 0;
+-		case ROSE_NAME_PRESENTATION_RESTRICTED_SIMPLE:
+-		case ROSE_NAME_PRESENTATION_RESTRICTED_EXTENDED:
+-		case ROSE_NAME_PRESENTATION_RESTRICTED_NULL:
+-		case ROSE_NAME_NOT_AVAIL:
+-		default:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "Do not handle argument of type 0x%X\n", choice->type);
+-			return -1;
++	/* Data checks */
++	if (sequence->type != (ASN1_CONSTRUCTOR | ASN1_SEQUENCE)) { /* Constructed Sequence */
++		pri_message(pri, "Invalid callTransferComplete argument. (Not a sequence)\n");
++		return -1;
+ 	}
+-}
+-/* ===== Call Transfer Supplementary Service (ECMA-178) ===== */
+ 
+-static int rose_party_number_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberunscreened *value)
+-{
+-	int i = 0;
+-	int size = 0;
+-	struct rose_component *comp = NULL;
+-	unsigned char *vdata = data;
++	if (sequence->len == ASN1_LEN_INDEF) {
++		len -= 4;   /* For the 2 extra characters at the end
++		               and two characters of header */
++	} else
++		len -= 2;
+ 
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "     CT-Complete: len=%d\n", len);
+ 
++	/* CTCompleteArg SEQUENCE */
+ 	do {
++		/* endDesignation EndDesignation */
+ 		GET_COMPONENT(comp, i, vdata, len);
++		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Invalid endDesignation type 0x%X of ROSE callTransferComplete component received\n");
++		ASN1_GET_INTEGER(comp, end_designation);
++		NEXT_COMPONENT(comp, i);
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     CT-Complete: Received endDesignation=%s(%d)\n", enddesignation_to_str(end_designation), end_designation);
+ 
+-		switch(comp->type) {
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):   /* [0] IMPLICIT NumberDigits -- default: unknownPartyNumber */
+-				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PartyNumber: UnknownPartyNumber len=%d\n", len);
+-				size = rose_number_digits_decode(pri, call, comp->data, comp->len, value);
+-				if (size < 0)
+-					return -1;
+-				value->npi = PRI_NPI_UNKNOWN;
+-				value->ton = PRI_TON_UNKNOWN;
+-				break;
++		/* redirectionNumber PresentedNumberScreened */
++		GET_COMPONENT(comp, i, vdata, len);
++		size = rose_presented_number_screened_decode(pri, (u_int8_t *)comp, comp->len + 2, &redirection_number);
++		if (size < 0)
++			return -1;
++		comp->len = size;
++		NEXT_COMPONENT(comp, i);
++		if (pri->debug & PRI_DEBUG_APDU)
++			pri_message(pri, "     CT-Complete: Received redirectionNumber=%s\n", redirection_number.partyaddress);
+ 
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):   /* [1] IMPLICIT PublicPartyNumber */
+-				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PartyNumber: PublicPartyNumber len=%d\n", len);
+-				size = rose_public_party_number_decode(pri, call, comp->data, comp->len, value);
+-				if (size < 0)
+-					return -1;
+-				value->npi = PRI_NPI_E163_E164;
+-				break;
++		/* Type SEQUENCE specifies an ordered list of component types.           *
++		 * We decode all components but for simplicity we don't check the order. */
++		while (i < len) {
++			GET_COMPONENT(comp, i, vdata, len);
+ 
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):   /* [3] IMPLICIT NumberDigits -- not used: dataPartyNumber */
+-				pri_message(pri, "!! PartyNumber: dataPartyNumber is reserved!\n");
+-				size = rose_number_digits_decode(pri, call, comp->data, comp->len, value);
++			switch(comp->type) {
++ 			case (ASN1_APPLICATION):
++				/* basicCallInfoElements PSS1InformationElement OPTIONAL */
++				size = asn1_name_decode((u_int8_t *)comp, comp->len + 2, basiccallinfoelements, sizeof(basiccallinfoelements));
+ 				if (size < 0)
+ 					return -1;
+-				value->npi = PRI_NPI_X121 /* ??? */;
+-				value->ton = PRI_TON_UNKNOWN /* ??? */;
++				i += size;
++				if (pri->debug & PRI_DEBUG_APDU) {
++					int j;
++					pri_message(pri, "     CT-Complete: Received basicCallInfoElements\n");
++					pri_message(pri, "                  ");
++					for (j = 0; basiccallinfoelements[j] != '\0'; j++)
++						pri_message(pri, "%02x ", (u_int8_t)basiccallinfoelements[j]);
++					pri_message(pri, "\n");
++				}
+ 				break;
+-
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_4):   /* [4] IMPLICIT NumberDigits -- not used: telexPartyNumber */
+-				pri_message(pri, "!! PartyNumber: telexPartyNumber is reserved!\n");
+-				size = rose_number_digits_decode(pri, call, comp->data, comp->len, value);
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):                      /* [0] namePresentationAllowedSimple */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):   /* [1] namePresentationAllowedExtended */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2):                      /* [2] namePresentationRestrictedSimple */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):   /* [3] namePresentationRestrictedExtended */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_4):                      /* [4] nameNotAvailable */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_7):                      /* [7] namePresentationRestrictedNull */
++				/* redirectionName Name OPTIONAL */
++				size = rose_name_decode(pri, (u_int8_t *)comp, comp->len + 2, &redirectionname);
+ 				if (size < 0)
+ 					return -1;
+-				value->npi = PRI_NPI_F69 /* ??? */;
+-				value->ton = PRI_TON_UNKNOWN /* ??? */;
++				i += size;
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     CT-Complete: Received RedirectionName '%s', namepres %s(%d), characterset %s(%d)\n",
++						    redirectionname.name, namepres_to_str(redirectionname.namepres), redirectionname.namepres,
++						    characterset_to_str(redirectionname.characterset), redirectionname.characterset);
+ 				break;
+-
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_5):   /* [5] IMPLICIT PrivatePartyNumber */
++			case (ASN1_ENUMERATED):
++				/* callStatus CallStatus DEFAULT answered */
++				ASN1_GET_INTEGER(comp, call_status);
++				NEXT_COMPONENT(comp,i);
+ 				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PartyNumber: PrivatePartyNumber len=%d\n", len);
+-				size = rose_private_party_number_decode(pri, call, comp->data, comp->len, value);
+-				if (size < 0)
+-					return -1;
+- 				value->npi = PRI_NPI_PRIVATE;
++					pri_message(pri, "     CT-Complete: Received callStatus=%s(%d)\n", callstatus_to_str(call_status), call_status);
+ 				break;
+-
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_8):   /* [8] IMPLICIT NumberDigits -- not used: nationalStandatdPartyNumber */
+-				pri_message(pri, "!! PartyNumber: nationalStandardPartyNumber is reserved!\n");
+-				size = rose_number_digits_decode(pri, call, comp->data, comp->len, value);
+-				if (size < 0)
+-					return -1;
+-				value->npi = PRI_NPI_NATIONAL;
+-				value->ton = PRI_TON_NATIONAL;
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_9):	/* [9] IMPLICIT Extension */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_10):	/* [10] IMPLICIT SEQUENCE OF Extension */
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "!!     CT-Complete: Ignoring CallTransferComplete component 0x%X\n", comp->type);
++				NEXT_COMPONENT(comp, i);
+ 				break;
+-
+ 			default:
+-				pri_message(pri, "Invalid PartyNumber component 0x%X\n", comp->type);
++				pri_message(pri, "!!     CT-Complete: Invalid CallTransferComplete component received 0x%X\n", comp->type);
+ 				return -1;
++			}
+ 		}
+-		ASN1_FIXUP_LEN(comp, size);
++
+ 		if (pri->debug & PRI_DEBUG_APDU)
+-			pri_message(pri, "     PartyNumber: '%s' size=%d len=%d\n", value->partyaddress, size, len);
+-		return size;
++			pri_message(pri, "     CT-Complete: callStatus=%s(%d)\n", callstatus_to_str(call_status), call_status);
++
++		call->ctcompleteflag = 1;
++		if ((redirection_number.pres & PRES_RESTRICTION) == PRES_ALLOWED) {
++			libpri_copy_string(call->ctcompletenum, redirection_number.partyaddress, sizeof(call->ctcompletenum));
++		} else {
++			call->ctcompletenum[0] = '\0';
++		}
++		call->ctcompletepres = redirection_number.pres;
++		call->ctcompleteplan = ((redirection_number.ton & 0x07) << 4) | (redirection_number.npi & 0x0f);
++		call->ctcompletecallstatus = call_status;
++
++		if (redirectionname.namepres != 0) {
++			libpri_copy_string(call->ctcompletename, redirectionname.name, sizeof(call->ctcompletename));
++		} else {
++			call->ctcompletename[0] = '\0';
++		}
++
++		return 0;
+ 	}
+ 	while (0);
+ 
+ 	return -1;
+ }
+ 
+-
+-static int rose_number_screened_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberscreened *value)
++static int rose_call_transfer_complete_encode(struct pri *pri, q931_call *call, int call_status)
+ {
+-	int i = 0;
+-	int size = 0;
+-	struct rose_component *comp = NULL;
+-	unsigned char *vdata = data;
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	unsigned char buffer[256];
++	int size;
+ 
+-	int scrind = -1;
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Encode CallTransferComplete\n");
+ 
+-	do {
+-		/* Party Number */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		size = rose_party_number_decode(pri, call, (u_int8_t *)comp, comp->len + 2, (struct addressingdataelements_presentednumberunscreened*) value);
++	/* Protocol Profile = 0x1f (Networking Extensions)  (0x9f) */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Network Facility Extension */
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		/* tag component NetworkFacilityExtension (0xaa, len ) */
++		ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* sourceEntity  (0x80,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* endPINX(0) */
++
++		/* destinationEntity  (0x82,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* endPINX(0) */
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++	}
++
++	/* Network Protocol Profile */
++	/*  - not included - */
++
++	/* Interpretation APDU  (0x8b,0x01,0x00) */
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);	/* discardAnyUnrecognisedInvokePdu(0) */
++
++	/* Service APDU(s): */
++
++	/* ROSE InvokePDU  (0xa1,len) */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* ROSE InvokeID  (0x02,0x01,invokeid) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));
++
++	/* ROSE operationId  (0x02,0x01,0x0c)*/
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, ROSE_CALL_TRANSFER_COMPLETE);
++
++
++	/* CTCompleteArg */
++
++	/* constructor component  (0x30,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONSTRUCTOR | ASN1_SEQUENCE), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++
++	/* endDesignation  (0x0a,0x01,0x00) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, 0);		/* primaryEnd(0) */
++
++
++	/* redirectionNumber PresentedNumberScreened */
++
++	/* tag component presentationAllowedAddress  (0xa0,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* presentationAllowedAddress, implicit NumberScreened */
++	size = rose_number_screened_encode(pri, &buffer[i], 1, typeofnumber_from_q931(pri, (call->connectedplan & 0x70) >> 4), call->connectedpres & 0x03, call->connectednum);
++	if (size < 0)
++		return -1;
++	i += size;
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	/* basicCallInfoElements */
++	/*  - not included -  */
++
++#if 0
++	/* basicCallInfoElements  (0x40,0x00) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_APPLICATION| ASN1_TAG_0), buffer, i);
++#endif
++
++	/* redirectionName */
++	if (call->connectedname[0]) {
++		/* tag component namePresentationAllowedSimple  (0x80,len) */
++		ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* namePresentationAllowedSimple, implicid NameData */
++		size = rose_namedata_encode(pri, &buffer[i], 1, call->connectedname);
+ 		if (size < 0)
+ 			return -1;
+-		comp->len = size;
+-		NEXT_COMPONENT(comp, i);
++		i += size;
+ 
+-		/* Screening Indicator */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Don't know what to do with NumberScreened ROSE component type 0x%x\n");
+-		ASN1_GET_INTEGER(comp, scrind);
+-		// Todo: scrind = screeningindicator_for_q931(pri, scrind);
+-		NEXT_COMPONENT(comp, i);
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++	}
+ 
+-		value->scrind = scrind;
++	if (call_status) {
++		/* callStatus  (0x0a,0x01,0x01) */
++		ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, 1);		/* alerting(1) */
++	} else {
++		/* callStatus */
++		/*  - not included, default: answered(0) -  */
++#if 0
++		/* callStatus  (0x0a,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, ASN1_ENUMERATED, buffer, i, 0);		/* answered(0) */
++#endif
++	}
+ 
+-		if (pri->debug & PRI_DEBUG_APDU)
+-			pri_message(pri, "     NumberScreened: '%s' ScreeningIndicator=%d  i=%d  len=%d\n", value->partyaddress, scrind, i, len);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
+ 
+-		return i-2;  // We do not have a sequence header here.
+-	}
+-	while (0);
++	if (pri_call_apdu_queue(call, Q931_FACILITY, buffer, i, NULL, NULL))
++		return -1;
+ 
+-	return -1;
++	return 0;
+ }
+ 
+-
+-static int rose_presented_number_screened_decode(struct pri *pri, q931_call *call, unsigned char *data, int len, struct addressingdataelements_presentednumberscreened *value)
++static int rose_call_transfer_active_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
+ {
+ 	int i = 0;
++	struct rose_component *comp = NULL;
++	unsigned char *vdata = sequence->data;
+ 	int size = 0;
+-	struct rose_component *comp = NULL;
+-	unsigned char *vdata = data;
+ 
+-	/* Fill in default values */
+-	value->ton = PRI_TON_UNKNOWN;
+-	value->npi = PRI_NPI_UNKNOWN;
+-	value->pres = -1; /* Data is not available */
++	struct addressingdataelements_presentedaddressscreened connectedaddress;
++	struct nameelements_name connectedname = { "", CHARACTER_SET_UNKNOWN, 0 };
++	char basiccallinfoelements[257] = "";
+ 
++	/* Data checks */
++	if (sequence->type != (ASN1_CONSTRUCTOR | ASN1_SEQUENCE)) { /* Constructed Sequence */
++		pri_message(pri, "Invalid callTransferActive argument. (Not a sequence)\n");
++		return -1;
++	}
++
++	if (sequence->len == ASN1_LEN_INDEF) {
++		len -= 4;   /* For the 2 extra characters at the end
++		               and two characters of header */
++	} else
++		len -= 2;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "     CT-Active: len=%d\n", len);
++
++	/* CTActiveArg SEQUENCE */
+ 	do {
++		/* connectedAddress PresentedAddressScreened */
+ 		GET_COMPONENT(comp, i, vdata, len);
++		size = rose_presented_address_screened_decode(pri, (u_int8_t *)comp, comp->len + 2, &connectedaddress);
++		if (size < 0)
++			return -1;
++		comp->len = size;
++		NEXT_COMPONENT(comp, i);
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "     CT-Active: Received connectedAddress=%s\n", connectedaddress.partyaddress);
++		}
+ 
+-		switch(comp->type) {
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):   /* [0] IMPLICIT presentationAllowedNumber */
+-				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PresentedNumberScreened: presentationAllowedNumber comp->len=%d\n", comp->len);
+-				value->pres = PRES_ALLOWED_USER_NUMBER_PASSED_SCREEN;
+-				size = rose_number_screened_decode(pri, call, comp->data, comp->len, value);
++		/* Type SEQUENCE specifies an ordered list of component types.           *
++		 * We decode all components but for simplicity we don't check the order. */
++		while (i < len) {
++			GET_COMPONENT(comp, i, vdata, len);
++
++			switch(comp->type) {
++ 			case (ASN1_APPLICATION):
++				/* basiccallinfoelements PSS1InformationElement OPTIONAL */
++				size = asn1_name_decode((u_int8_t *)comp, comp->len + 2, basiccallinfoelements, sizeof(basiccallinfoelements));
+ 				if (size < 0)
+ 					return -1;
+-				ASN1_FIXUP_LEN(comp, size);
+-				return size + 2;
+-
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1):    /* [1] IMPLICIT presentationRestricted */
+-				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PresentedNumberScreened: presentationRestricted comp->len=%d\n", comp->len);
+-				if (comp->len != 0) { /* must be NULL */
+-					pri_error(pri, "!! Invalid PresentationRestricted component received (len != 0)\n");
+-					return -1;
++				i += size;
++				if (pri->debug & PRI_DEBUG_APDU) {
++					int j;
++					pri_message(pri, "     CT-Active: Received basicCallInfoElements\n");
++					pri_message(pri, "                ");
++					for (j = 0; basiccallinfoelements[j] != '\0'; j++)
++						pri_message(pri, "%02x ", (u_int8_t)basiccallinfoelements[j]);
++					pri_message(pri, "\n");
+ 				}
+-				value->pres = PRES_PROHIB_USER_NUMBER_PASSED_SCREEN;
+-				return 2;
+-
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2):    /* [2] IMPLICIT numberNotAvailableDueToInterworking */
+-				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PresentedNumberScreened: NumberNotAvailableDueToInterworking comp->len=%d\n", comp->len);
+-				if (comp->len != 0) { /* must be NULL */
+-					pri_error(pri, "!! Invalid NumberNotAvailableDueToInterworking component received (len != 0)\n");
++				break;
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):                      /* [0] namePresentationAllowedSimple */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1):   /* [1] namePresentationAllowedExtended */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2):                      /* [2] namePresentationRestrictedSimple */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):   /* [3] namePresentationRestrictedExtended */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_4):                      /* [4] nameNotAvailable */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_7):                      /* [7] namePresentationRestrictedNull */
++				/* connectedName Name OPTIONAL */
++				size = rose_name_decode(pri, (u_int8_t *)comp, comp->len + 2, &connectedname);
++				if (size < 0)
+ 					return -1;
+-				}
+-				value->pres = PRES_NUMBER_NOT_AVAILABLE;
++				i += size;
+ 				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PresentedNumberScreened: numberNotAvailableDueToInterworking Type=0x%X  i=%d len=%d size=%d\n", comp->type, i, len);
+-				return 2;
+-
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_3):    /* [3] IMPLICIT presentationRestrictedNumber */
++					pri_message(pri, "     CT-Active: Received ConnectedName '%s', namepres %s(%d), characterset %s(%d)\n",
++						    connectedname.name, namepres_to_str(connectedname.namepres), connectedname.namepres,
++						    characterset_to_str(connectedname.characterset), connectedname.characterset);
++				break;
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_9):   /* [9] IMPLICIT Extension */
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_10):  /* [10] IMPLICIT SEQUENCE OF Extension */
+ 				if (pri->debug & PRI_DEBUG_APDU)
+-					pri_message(pri, "     PresentedNumberScreened: presentationRestrictedNumber comp->len=%d\n", comp->len);
+-				value->pres = PRES_PROHIB_USER_NUMBER_PASSED_SCREEN;
+-				size = rose_number_screened_decode(pri, call, comp->data, comp->len, value);
+-				if (size < 0)
+-					return -1;
+-				ASN1_FIXUP_LEN(comp, size);
+-				return size + 2;
++					pri_message(pri, "!!     CT-Active: Ignoring CallTransferActive component 0x%X\n", comp->type);
++				NEXT_COMPONENT(comp, i);
++				break;
++ 			default:
++ 				pri_message(pri, "!!     CT-Active: Invalid CallTransferActive component received 0x%X\n", comp->type);
++ 				return -1;
++ 			}
++		}
+ 
+-			default:
+-				pri_message(pri, "Invalid PresentedNumberScreened component 0x%X\n", comp->type);
++		call->ctactiveflag = 1;
++		if ((connectedaddress.pres & PRES_RESTRICTION) == PRES_ALLOWED) {
++			libpri_copy_string(call->ctactivenum, connectedaddress.partyaddress, sizeof(call->ctactivenum));
++		} else {
++			call->ctactivenum[0] = '\0';
+ 		}
+-		return -1;
++		call->ctactivepres = connectedaddress.pres;
++		call->ctactiveplan = ((connectedaddress.ton & 0x07) << 4) | (connectedaddress.npi & 0x0f);
++
++		if (connectedname.namepres != 0) {
++			libpri_copy_string(call->ctactivename, connectedname.name, sizeof(call->ctactivename));
++		} else {
++			call->ctactivename[0] = '\0';
++		}
++
++		return 0;
+ 	}
+ 	while (0);
+ 
+ 	return -1;
+ }
+ 
+-
+-static int rose_call_transfer_complete_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
++#if 0
++static int rose_call_transfer_update_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
+ {
+ 	int i = 0;
+ 	struct rose_component *comp = NULL;
+ 	unsigned char *vdata = sequence->data;
+ 	int res = 0;
+ 
+-	int end_designation = 0;
+ 	struct addressingdataelements_presentednumberscreened redirection_number;
+-	char redirection_name[50] = "";
+-	int call_status = 0;
+ 	redirection_number.partyaddress[0] = 0;
+-	redirection_number.partysubaddress[0] = 0;
++	char redirection_name[51] = "";
+ 	call->callername[0] = 0;
+ 	call->callernum[0] = 0;
+ 
+-
+ 	/* Data checks */
+ 	if (sequence->type != (ASN1_CONSTRUCTOR | ASN1_SEQUENCE)) { /* Constructed Sequence */
+-		pri_message(pri, "Invalid callTransferComplete argument. (Not a sequence)\n");
++		pri_message(pri, "Invalid callTransferUpdate argument. (Not a sequence)\n");
+ 		return -1;
+ 	}
+ 
+ 	if (sequence->len == ASN1_LEN_INDEF) {
+-		len -= 4; /* For the 2 extra characters at the end
+-					   * and two characters of header */
++		len -= 4;   /* For the 2 extra characters at the end
++		               and two characters of header */
+ 	} else
+ 		len -= 2;
+ 
+ 	if (pri->debug & PRI_DEBUG_APDU)
+-		pri_message(pri, "     CT-Complete: len=%d\n", len);
++		pri_message(pri, "     CT-Update: len=%d\n", len);
+ 
+ 	do {
+-		/* End Designation */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Invalid endDesignation type 0x%X of ROSE callTransferComplete component received\n");
+-		ASN1_GET_INTEGER(comp, end_designation);
+-		NEXT_COMPONENT(comp, i);
+-		if (pri->debug & PRI_DEBUG_APDU)
+-			pri_message(pri, "     CT-Complete: Received endDesignation=%d\n", end_designation);
+-
+-
+ 		/* Redirection Number */
+ 		GET_COMPONENT(comp, i, vdata, len);
+-		res = rose_presented_number_screened_decode(pri, call, (u_int8_t *)comp, comp->len + 2, &redirection_number);
++		res = rose_presented_number_screened_decode(pri, (u_int8_t *)comp, comp->len + 2, &redirection_number);
+ 		if (res < 0)
+ 			return -1;
+ 		comp->len = res;
+ 		if (res > 2) {
+ 			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "     CT-Complete: Received redirectionNumber=%s\n", redirection_number.partyaddress);
++				pri_message(pri, "     CT-Update: Received redirectionNumber=%s\n", redirection_number.partyaddress);
+ 			strncpy(call->callernum, redirection_number.partyaddress, 20);
+ 			call->callernum[20] = 0;
+ 		}
+ 		NEXT_COMPONENT(comp, i);
+ 
+-
+-#if 0 /* This one is optional. How do we check if it is there? */
+-		/* Basic Call Info Elements */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		NEXT_COMPONENT(comp, i);
+-#endif
+-
+-
+ 		/* Redirection Name */
+ 		GET_COMPONENT(comp, i, vdata, len);
+ 		res = asn1_name_decode((u_int8_t *)comp, comp->len + 2, redirection_name, sizeof(redirection_name));
+@@ -2047,16 +3336,14 @@
+ 		comp->len = res;
+ 		NEXT_COMPONENT(comp, i);
+ 		if (pri->debug & PRI_DEBUG_APDU)
+-			pri_message(pri, "     CT-Complete: Received redirectionName '%s'\n", redirection_name);
++			pri_message(pri, "     CT-Update: Received redirectionName '%s'\n", redirection_name);
+ 
+ 
+-		/* Call Status */
++#if 0 /* This one is optional. How do we check if it is there? */
++		/* Basic Call Info Elements */
+ 		GET_COMPONENT(comp, i, vdata, len);
+-		CHECK_COMPONENT(comp, ASN1_ENUMERATED, "Invalid callStatus type 0x%X of ROSE callTransferComplete component received\n");
+-		ASN1_GET_INTEGER(comp, call_status);
+ 		NEXT_COMPONENT(comp, i);
+-		if (pri->debug & PRI_DEBUG_APDU)
+-			pri_message(pri, "     CT-Complete: Received callStatus=%d\n", call_status);
++#endif
+ 
+ 
+ 		/* Argument Extension */
+@@ -2078,8 +3365,8 @@
+ 				comp->len = res;
+ 
+ 			default:
+-			pri_message(pri, "     CT-Complete: !! Unknown argumentExtension received 0x%X\n", comp->type);
+-			return -1;
++				pri_message(pri, "     CT-Update: !! Unknown argumentExtension received 0x%X\n", comp->type);
++				return -1;
+ 		}
+ #else
+ 		GET_COMPONENT(comp, i, vdata, len);
+@@ -2088,7 +3375,7 @@
+ #endif
+ 
+ 		if(i < len)
+-			pri_message(pri, "     CT-Complete: !! not all information is handled !! i=%d / len=%d\n", i, len);
++			pri_message(pri, "     CT-Update: !! not all information is handled !! i=%d / len=%d\n", i, len);
+ 
+ 		return 0;
+ 	}
+@@ -2096,26 +3383,422 @@
+ 
+ 	return -1;
+ }
++#endif
+ 
++/* ===== End Call Transfer Supplementary Service (ECMA-178) ===== */
+ 
+-static int rose_call_transfer_update_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
++
++
++static int rose_calling_name_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
+ {
++	struct nameelements_name callingname;
++	int res;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Handle callingName\n");
++
++	res = rose_name_decode(pri, (u_int8_t *)sequence, sequence->len + 2, &callingname);
++	if (res < 0)
++		return -1;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "     Received CallingName '%s', namepres: %s(%d), characterset %s(%d)\n",
++		            callingname.name, namepres_to_str(callingname.namepres), callingname.namepres,
++		            characterset_to_str(callingname.characterset), callingname.characterset);
++
++	if (callingname.namepres >= 0) {
++		libpri_copy_string(call->callername, callingname.name, sizeof(call->callername));
++	}
++
++	return 0;
++}
++
++static int rose_called_name_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
++{
++	struct nameelements_name calledname;
++	int res;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Handle calledName\n");
++
++	res = rose_name_decode(pri, (u_int8_t *)sequence, sequence->len + 2, &calledname);
++	if (res < 0)
++		return -1;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "     Received CalledName '%s', namepres %s(%d), characterset %s(%d)\n",
++		            calledname.name, namepres_to_str(calledname.namepres), calledname.namepres,
++		            characterset_to_str(calledname.characterset), calledname.characterset);
++
++	if (calledname.namepres != 0) {
++		libpri_copy_string(call->calledname, calledname.name, sizeof(call->calledname));
++	} else {
++		call->calledname[0] = '\0';
++	}
++
++	return 0;
++}
++
++int rose_called_name_encode(struct pri *pri, q931_call *call, int messagetype)
++{
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	unsigned char buffer[256];
++	int size;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Encode calledName\n");
++
++	/* Protocol Profile = 0x1f (Networking Extensions)  (0x9f) */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Network Facility Extension */
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		/* tag component NetworkFacilityExtension (0xaa, len ) */
++		ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* sourceEntity  (0x80,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* endPINX(0) */
++
++		/* destinationEntity  (0x82,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* endPINX(0) */
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++	}
++
++	/* Network Protocol Profile */
++	/*  - not included - */
++
++	/* Interpretation APDU  (0x8b,0x01,0x00) */
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);	/* discardAnyUnrecognisedInvokePdu(0) */
++
++	/* Service APDU(s): */
++
++	/* ROSE InvokePDU  (0xa1,len) */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* ROSE InvokeID  (0x02,0x01,invokeid) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));
++
++	/* ROSE operationId  (0x02,0x01,0x02)*/
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, SS_CNOP_CALLEDNAME);
++
++	/* tag component namePresentationAllowedSimple  (0x80,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* namePresentationAllowedSimple, implicid NameData */
++	size = rose_namedata_encode(pri, &buffer[i], 1, call->connectedname);
++	if (size < 0)
++		return -1;
++	i += size;
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	if (pri_call_apdu_queue(call, messagetype, buffer, i, NULL, NULL))
++		return -1;
++
++	return 0;
++}
++
++static int rose_connected_name_decode(struct pri *pri, q931_call *call, struct rose_component *sequence, int len)
++{
++	struct nameelements_name connectedname;
++	int res;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Handle connectedName\n");
++
++	res = rose_name_decode(pri, (u_int8_t *)sequence, sequence->len + 2, &connectedname);
++	if (res < 0)
++		return -1;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "     Received ConnectedName '%s', namepres %s(%d), characterset %s(%d)\n",
++		            connectedname.name, namepres_to_str(connectedname.namepres), connectedname.namepres,
++		            characterset_to_str(connectedname.characterset), connectedname.characterset);
++
++	if (connectedname.namepres != 0) {
++		libpri_copy_string(call->connectedname, connectedname.name, sizeof(call->connectedname));
++	} else {
++		call->connectedname[0] = '\0';
++	}
++
++	return 0;
++}
++
++int rose_connected_name_encode(struct pri *pri, q931_call *call, int messagetype)
++{
++	int i = 0, compsp = 0;
++	struct rose_component *comp, *compstk[10];
++	unsigned char buffer[256];
++	int size;
++
++	if (pri->debug & PRI_DEBUG_APDU)
++		pri_message(pri, "    Encode connectedName\n");
++
++	/* Protocol Profile = 0x1f (Networking Extensions)  (0x9f) */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Network Facility Extension */
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		/* tag component NetworkFacilityExtension (0xaa, len ) */
++		ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i);
++		ASN1_PUSH(compstk, compsp, comp);
++
++		/* sourceEntity  (0x80,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* endPINX(0) */
++
++		/* destinationEntity  (0x82,0x01,0x00) */
++		ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* endPINX(0) */
++		ASN1_FIXUP(compstk, compsp, buffer, i);
++	}
++
++	/* Network Protocol Profile */
++	/*  - not included - */
++
++	/* Interpretation APDU  (0x8b,0x01,0x00) */
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);	/* discardAnyUnrecognisedInvokePdu(0) */
++
++	/* Service APDU(s): */
++
++	/* ROSE InvokePDU  (0xa1,len) */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* ROSE InvokeID  (0x02,0x01,invokeid) */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));
++
++	/* ROSE operationId  (0x02,0x01,0x02)*/
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, SS_CNOP_CONNECTEDNAME);
++
++	/* tag component namePresentationAllowedSimple  (0x80,len) */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* namePresentationAllowedSimple, implicid NameData */
++	size = rose_namedata_encode(pri, &buffer[i], 1, call->connectedname);
++	if (size < 0)
++		return -1;
++	i += size;
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	if (pri_call_apdu_queue(call, messagetype, buffer, i, NULL, NULL))
++		return -1;
++
++	return 0;
++}
++
++/* ===== Begin Call Completion Supplementary Service (ETS 300 366/ECMA 186) ===== */
++/* operationId e.g. QSIG_CCBSRINGOUT, QSIG_CC_CANCEL */
++int add_qsigCcInv_facility_ie (struct pri *pri, q931_call *c, int messagetype)
++{
+ 	int i = 0;
++	unsigned char buffer[256];
++	struct rose_component *comp = NULL, *compstk[10];
++	int compsp = 0;
++	u_int8_t operationId = c->ccoperation;
++
++	/* 1 Byte 	   0x80 | 0x1F = 9F	 Protocol Profile */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Interpretation component */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i); /* 2. Byte NEtwork Facility Extension 0xAA = ASN1_CONTEXT_SPECIFIC(0x80) | (ASN1_CONSTRUCTOR 0x20)  0x0A (Tag laut Standard) */
++	ASN1_PUSH(compstk, compsp, comp);
++	ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* (0x80, 0x01(len), 0x00) endPTNX */
++	ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* (0x82, 0x01(len), 0x00) endPTNX */
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);   /* 0x8B, 0x01(len), 0x00 discard */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);			 /* 0xA1, 0xXX (len of Invoke Sequenz) invoke APDU */
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* Invoke ID */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));   /* 0x02 0x01 0xXX */
++
++	/* Operation ID: QSIG_CCBSRINGOUT, QSIG_CC_CANCEL */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, operationId); /* 0x02 0x01 0x1f/0x1c */
++
++	/* CcExtension */
++	ASN1_ADD_SIMPLE(comp, ASN1_NULL, buffer, i); /* 0x05 0x00 */
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	if (pri_call_apdu_queue(c, messagetype, buffer, i, NULL, NULL))
++		return -1;
++	
++	return 0;
++}
++
++static int rose_cc_ringout_inv_decode(struct pri *pri, struct qsig_cc_extension *cc_extension, struct rose_component *choice, int len) {
++	int i = 0;
++	cc_extension->cc_extension_tag = 0;
++
++	do {
++		switch(choice->type) {
++		case (ASN1_NULL):   /* none NULL */
++			cc_extension->cc_extension_tag = ASN1_NULL;
++			return 0;
++
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_14):   /* single [14] IMPLICIT Extension */
++			cc_extension->cc_extension_tag = ASN1_TAG_14;
++			return 0;
++
++
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_15):   /* multiple [15] IMPLICIT SEQUENCE OF Extension */
++			cc_extension->cc_extension_tag = ASN1_TAG_15;
++			return 0;
++
++		default:
++			if (choice->type == 0 && choice->len == 0) {
++				return 0;
++			}
++			pri_message(pri, "!! Invalid ss-cc-optional-Arg component received 0x%X\n", choice->type);
++			return -1;
++		}
++
++		if (i < len)
++			pri_message(pri, "     ss-cc-extension: !! not all information is handled !! i=%d / len=%d\n", i, len);
++
++		return 0;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_cc_optional_arg_decode(struct pri *pri, q931_call *call, struct qsig_cc_optional_arg *cc_optional_arg , struct rose_component *choice, int len) {
++	int i = 0;
++	int res = 0;
+ 	struct rose_component *comp = NULL;
++	unsigned char *vdata = choice->data;
++	struct addressingdataelements_presentednumberunscreened numberA;
++	struct addressingdataelements_presentednumberunscreened numberB;
++
++	cc_optional_arg->cc_extension.cc_extension_tag = 0;
++	cc_optional_arg->number_A[0] = '\0';
++	cc_optional_arg->number_B[0] = '\0';
++
++	do {
++		switch(choice->type) {
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_0):   /* fullArg [0] IMPLICIT SEQUENCE */
++			if (pri->debug & PRI_DEBUG_APDU)
++				pri_message(pri, "     ss-cc-optional-Arg: len=%d\n", len);
++
++			numberA.partyaddress[0] = '\0';
++
++			/* numberA */
++			GET_COMPONENT(comp, i, vdata, len);
++			res += rose_party_number_decode(pri, (u_int8_t *)comp, comp->len + 2, &numberA);
++			if (res < 0)
++				return -1;
++			comp->len = res;
++			if (res > 2) {
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     ss-cc-optional-Arg: Received numberA=%s\n", numberA.partyaddress);
++				strncpy(cc_optional_arg->number_A, numberA.partyaddress, 20);
++				cc_optional_arg->number_A[20] = '\0';
++			}
++			NEXT_COMPONENT(comp, i);
++
++			numberB.partyaddress[0] = '\0';
++
++			/* numberB */
++			GET_COMPONENT(comp, i, vdata, len);
++			res = rose_party_number_decode(pri, (u_int8_t *)comp, comp->len + 2, &numberB);
++			if (res < 0)
++				return -1;
++			comp->len = res;
++			if (res > 2) {
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     ss-cc-optional-Arg: Received numberB=%s\n", numberB.partyaddress);
++				strncpy(cc_optional_arg->number_B, numberB.partyaddress, 20);
++				cc_optional_arg->number_B[20] = '\0';
++			}
++			NEXT_COMPONENT(comp, i);
++
++			/* service */ /* PSS1InformationElement */
++			GET_COMPONENT(comp, i, vdata, len);
++			NEXT_COMPONENT(comp, i);
++
++			/* optional */
++			for (; i < len; NEXT_COMPONENT(comp, i)) {
++				GET_COMPONENT(comp, i, vdata, len);
++				switch(comp->type) {
++				case (ASN1_NULL):   /*  */
++					cc_optional_arg->cc_extension.cc_extension_tag = ASN1_NULL;
++					NEXT_COMPONENT(comp, i);
++					break;
++				case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_14):   /*  */
++					NEXT_COMPONENT(comp, i);
++					break;
++				case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_15):   /*  */
++					NEXT_COMPONENT(comp, i);
++					break;
++				default:
++					if (comp->type == 0 && comp->len == 0) {
++						return 0;
++						break; /* Found termination characters */
++					}
++					pri_message(pri, "!! Invalid ss-cc-optional-Arg component received 0x%X\n", comp->type);
++					return -1;
++				}
++			}
++
++			if (i < len)
++				pri_message(pri, "     ss-cc-optional-Arg: !! not all information is handled !! i=%d / len=%d\n", i, len);
++
++			return 0;
++
++		/* extArg CcExtension */
++		case (ASN1_NULL):   /* none NULL */
++			cc_optional_arg->cc_extension.cc_extension_tag = ASN1_NULL;
++			return 0;
++
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_14):   /* single [14] IMPLICIT Extension */
++			cc_optional_arg->cc_extension.cc_extension_tag = ASN1_TAG_14;
++			return 0;
++
++
++		case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_15):   /* multiple [15] IMPLICIT SEQUENCE OF Extension */
++			cc_optional_arg->cc_extension.cc_extension_tag = ASN1_TAG_15;
++			return 0;
++
++		default:
++			if (choice->type == 0 && choice->len == 0) {
++				return 0;
++			}
++			pri_message(pri, "!! Invalid ss-cc-optional-Arg component received 0x%X\n", choice->type);
++			return -1;
++		}
++
++		if (i < len)
++			pri_message(pri, "     ss-cc-optional-Arg: !! not all information is handled !! i=%d / len=%d\n", i, len);
++
++		return 0;
++	}
++	while (0);
++
++	return -1;
++}
++
++static int rose_cc_request_result_decode(struct pri *pri, struct qsig_cc_request_res *cc_request_res , struct rose_component *sequence, int len)
++{
++	int i = 0;
++	struct rose_component *comp = NULL;
+ 	unsigned char *vdata = sequence->data;
+-	int res = 0;
+ 
+-	struct addressingdataelements_presentednumberscreened redirection_number;
+-	redirection_number.partyaddress[0] = 0;
+-	redirection_number.partysubaddress[0] = 0;
+-	char redirection_name[50] = "";
+-	call->callername[0] = 0;
+-	call->callernum[0] = 0;
++	cc_request_res->no_path_reservation           = 0;  /* Default FALSE */
++	cc_request_res->retain_service                = 0;  /* Default FALSE */
++	cc_request_res->cc_extension.cc_extension_tag = 0;
+ 
+-
+ 	/* Data checks */
+ 	if (sequence->type != (ASN1_CONSTRUCTOR | ASN1_SEQUENCE)) { /* Constructed Sequence */
+-		pri_message(pri, "Invalid callTransferComplete argument. (Not a sequence)\n");
++		pri_message(pri, "Invalid cc request result argument. (Not a sequence)\n");
+ 		return -1;
+ 	}
+ 
+@@ -2126,75 +3809,55 @@
+ 		len -= 2;
+ 
+ 	if (pri->debug & PRI_DEBUG_APDU)
+-		pri_message(pri, "     CT-Complete: len=%d\n", len);
++		pri_message(pri, "     CC-request-Return-Result: len=%d\n", len);
+ 
+ 	do {
+-		/* Redirection Number */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		res = rose_presented_number_screened_decode(pri, call, (u_int8_t *)comp, comp->len + 2, &redirection_number);
+-		if (res < 0)
+-			return -1;
+-		comp->len = res;
+-		if (res > 2) {
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "     CT-Complete: Received redirectionNumber=%s\n", redirection_number.partyaddress);
+-			strncpy(call->callernum, redirection_number.partyaddress, 20);
+-			call->callernum[20] = 0;
+-		}
+-		NEXT_COMPONENT(comp, i);
++		/* defaults and optional */
++		for (; i < len; NEXT_COMPONENT(comp, i)) {
++			GET_COMPONENT(comp, i, vdata, len);
++			switch(comp->type) {
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0):
++				/* no-path-reservation */
++				ASN1_GET_INTEGER(comp, cc_request_res->no_path_reservation);
++				NEXT_COMPONENT(comp, i);
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     cc request result: Received noPathReservation=%d\n", cc_request_res->no_path_reservation);
++				break;
+ 
+-		/* Redirection Name */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		res = asn1_name_decode((u_int8_t *)comp, comp->len + 2, redirection_name, sizeof(redirection_name));
+-		if (res < 0)
+-			return -1;
+-		memcpy(call->callername, comp->data, comp->len);
+-		call->callername[comp->len] = 0;
+-		ASN1_FIXUP_LEN(comp, res);
+-		comp->len = res;
+-		NEXT_COMPONENT(comp, i);
+-		if (pri->debug & PRI_DEBUG_APDU)
+-			pri_message(pri, "     CT-Complete: Received redirectionName '%s'\n", redirection_name);
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_1):
++				/* retain_service */
++				ASN1_GET_INTEGER(comp, cc_request_res->retain_service);
++				NEXT_COMPONENT(comp, i);
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "     cc request result: Received retainService=%d\n", cc_request_res->retain_service);
++				break;
+ 
++			case (ASN1_NULL):   /*  */
++				cc_request_res->cc_extension.cc_extension_tag = ASN1_NULL;
++				NEXT_COMPONENT(comp, i);
++				break;
+ 
+-#if 0 /* This one is optional. How do we check if it is there? */
+-		/* Basic Call Info Elements */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		NEXT_COMPONENT(comp, i);
+-#endif
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_14):
++				cc_request_res->cc_extension.cc_extension_tag = ASN1_TAG_14;
++				NEXT_COMPONENT(comp, i);
++				break;
+ 
++			case (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_15):
++				cc_request_res->cc_extension.cc_extension_tag = ASN1_TAG_15;
++				NEXT_COMPONENT(comp, i);
++				break;
+ 
+-		/* Argument Extension */
+-#if 0 /* Not supported */
+-		GET_COMPONENT(comp, i, vdata, len);
+-		switch (comp->type) {
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_9):   /* [9] IMPLICIT Extension */
+-				res = rose_extension_decode(pri, call, comp->data, comp->len, &redirection_number);
+-				if (res < 0)
+-					return -1;
+-				ASN1_FIXUP_LEN(comp, res);
+-				comp->len = res;
+-
+-			case (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_10):    /* [10] IMPLICIT SEQUENCE OF Extension */
+-				res = rose_sequence_of_extension_decode(pri, call, comp->data, comp->len, &redirection_number);
+-				if (res < 0)
+-					return -1;
+-				ASN1_FIXUP_LEN(comp, res);
+-				comp->len = res;
+-
+ 			default:
+-				pri_message(pri, "     CT-Complete: !! Unknown argumentExtension received 0x%X\n", comp->type);
++				if (comp->type == 0 && comp->len == 0) {
++					break; /* Found termination characters */
++				}
++				pri_message(pri, "!! Invalid ss-cc-optional-Arg component received 0x%X\n", comp->type);
+ 				return -1;
++			}
+ 		}
+-#else
+-		GET_COMPONENT(comp, i, vdata, len);
+-		ASN1_FIXUP_LEN(comp, res);
+-		NEXT_COMPONENT(comp, i);
+-#endif
+ 
+-		if(i < len)
+-			pri_message(pri, "     CT-Complete: !! not all information is handled !! i=%d / len=%d\n", i, len);
+-
++		if (i < len)
++			pri_message(pri, "     ss-cc-optional-Arg: !! not all information is handled !! i=%d / len=%d\n", i, len);
+ 		return 0;
+ 	}
+ 	while (0);
+@@ -2202,11 +3865,18 @@
+ 	return -1;
+ }
+ 
++static int rose_ccbs_request_result_decode(struct pri *pri, struct qsig_cc_request_res *cc_request_res , struct rose_component *sequence, int len)
++{
++	return rose_cc_request_result_decode(pri, cc_request_res , sequence, len);
++}
+ 
+-/* ===== End Call Transfer Supplementary Service (ECMA-178) ===== */
++static int rose_ccnr_request_result_decode(struct pri *pri, struct qsig_cc_request_res *cc_request_res , struct rose_component *sequence, int len)
++{
++	return rose_cc_request_result_decode(pri, cc_request_res , sequence, len);
++}
++/* ===== End Call Completion Supplementary Service (ETS 300 366/ECMA 186) ===== */
+ 
+ 
+-
+ int rose_reject_decode(struct pri *pri, q931_call *call, q931_ie *ie, unsigned char *data, int len)
+ {
+ 	int i = 0;
+@@ -2267,7 +3937,7 @@
+ 
+ 			return 0;
+ 		} else {
+-			pri_message(pri, "Unable to handle return result on switchtype %d!\n", pri->switchtype);
++			pri_message(pri, "Unable to handle reject on switchtype %d!\n", pri->switchtype);
+ 			return -1;
+ 		}
+ 
+@@ -2275,6 +3945,20 @@
+ 	
+ 	return -1;
+ }
++
++
++static struct subcommand *get_ptr_subcommand(struct subcommands *sub)
++{
++	if (sub->counter_subcmd < MAX_SUBCOMMANDS) {
++		int count = sub->counter_subcmd;
++		sub->counter_subcmd++;
++		return &sub->subcmd[count];
++	}
++
++	return NULL;
++}
++
++
+ int rose_return_error_decode(struct pri *pri, q931_call *call, q931_ie *ie, unsigned char *data, int len)
+ {
+ 	int i = 0;
+@@ -2283,6 +3967,7 @@
+ 	unsigned char *vdata = data;
+ 	struct rose_component *comp = NULL;
+ 	char *invokeidstr, *errorstr;
++	struct subcommand *c_subcmd;
+ 	
+ 	do {
+ 		/* Invoke ID stuff */
+@@ -2329,9 +4014,39 @@
+ 			pri_error(pri, "\tERROR: %s\n", errorstr);
+ 
+ 			return 0;
++		} else if (pri->switchtype == PRI_SWITCH_QSIG) {
++			switch (errorvalue) {
++			case 1008:
++				errorstr = "Unspecified";
++				break;
++			case 1012:
++				errorstr = "Remote user busy again";
++				break;
++			case 1013:
++				errorstr = "Failure to match";
++				break;
++			default:
++				errorstr = "Unknown";
++			}
++
++			c_subcmd = get_ptr_subcommand(&call->subcmds);
++			if (!c_subcmd) {
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE RETURN ERROR %i - more than %d facilities !\n", errorvalue, MAX_SUBCOMMANDS);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			}
++
++			if (pri->debug & PRI_DEBUG_APDU)
++			{
++				pri_message(pri, "ROSE RETURN RESULT %i:   %s\n", errorvalue, errorstr);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++			}
++			c_subcmd->cmd = CMD_CC_ERROR;
++			c_subcmd->cc_error.error_value = errorvalue;
++			return 0;
+ 		} else {
+-			pri_message(pri, "Unable to handle return result on switchtype %d!\n", pri->switchtype);
+-			return -1;
++			pri_message(pri, "Unable to handle return error on switchtype %d!\n", pri->switchtype);
+ 		}
+ 
+ 	} while(0);
+@@ -2346,6 +4061,8 @@
+ 	int invokeidvalue = -1;
+ 	unsigned char *vdata = data;
+ 	struct rose_component *comp = NULL;
++	int res;
++	struct subcommand *c_subcmd;
+ 	
+ 	do {
+ 		/* Invoke ID stuff */
+@@ -2392,11 +4109,90 @@
+ 				return -1;
+ 			}
+ 		} else if (pri->switchtype == PRI_SWITCH_QSIG) {
+-			switch (invokeidvalue) {
+-			case 0x13:
+-				if (pri->debug & PRI_DEBUG_APDU) pri_message(pri, "Successfully completed QSIG CF callRerouting!\n");
++			int operation_tag;
++
++			/* sequence is optional */
++			if (i >= len) 
+ 				return 0;
++
++			/* Data checks, sequence is optional */
++			GET_COMPONENT(comp, i, vdata, len);
++			if (comp->type != (ASN1_CONSTRUCTOR | ASN1_SEQUENCE)) { /* Constructed Sequence */
++				pri_message(pri, "No arguments on cc-return result\n");
++				return 0;
+ 			}
++
++			if (comp->len == ASN1_LEN_INDEF) {
++				len -= 2; /* For the 2 extra characters at the end*/
++			}
++
++			/* Traverse the contents of this sequence */
++			SUB_COMPONENT(comp, i);
++
++			/* Operation Tag */
++			GET_COMPONENT(comp, i, vdata, len);
++			CHECK_COMPONENT(comp, ASN1_INTEGER, "Don't know what to do if second ROSE component is of type 0x%x\n");
++			ASN1_GET_INTEGER(comp, operation_tag);
++			NEXT_COMPONENT(comp, i);
++
++			/* No argument - return with error */
++			if (i >= len) 
++				return -1;
++
++			/* Arguement Tag */
++			GET_COMPONENT(comp, i, vdata, len);
++			if (!comp->type)
++				return -1;
++
++			if (pri->debug & PRI_DEBUG_APDU)
++				pri_message(pri, "  [ Handling operation %d ]\n", operation_tag);
++			switch (operation_tag) {
++			case QSIG_CF_CALLREROUTING:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "Successfully completed QSIG CF callRerouting!\n");
++				return 0;
++
++			case QSIG_CC_CCBSREQUEST:
++				c_subcmd = get_ptr_subcommand(&call->subcmds);
++				if (!c_subcmd) {
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "ROSE %i:  return_result CcCcbsRequest - more than %d facilities !\n", operation_tag, MAX_SUBCOMMANDS);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++					return -1;
++				}
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CcCcbsRequest\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				c_subcmd->cmd = CMD_CC_CCBSREQUEST_RR;
++				res = rose_ccbs_request_result_decode(pri, &c_subcmd->cc_ccbs_rr.cc_request_res, comp, len-i);
++				return res;
++
++			case QSIG_CC_CCNRREQUEST:
++				c_subcmd = get_ptr_subcommand(&call->subcmds);
++				if (!c_subcmd) {
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "ROSE %i:  return_result CcCcnrRequest - more than %d facilities !\n", operation_tag, MAX_SUBCOMMANDS);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++					return -1;
++				}
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CcCcnrRequest\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				c_subcmd->cmd = CMD_CC_CCNRREQUEST_RR;
++				res = rose_ccnr_request_result_decode(pri, &c_subcmd->cc_ccnr_rr.cc_request_res, comp, len-i);
++				return res;
++
++			default:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "!! Unable to handle ROSE operation %d", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
++			}
+ 		} else {
+ 			pri_message(pri, "Unable to handle return result on switchtype %d!\n", pri->switchtype);
+ 			return -1;
+@@ -2414,6 +4210,7 @@
+ 	int operation_tag;
+ 	unsigned char *vdata = data;
+ 	struct rose_component *comp = NULL, *invokeid = NULL, *operationid = NULL;
++	struct subcommand *c_subcmd;
+ 	
+ 	do {
+ 		/* Invoke ID stuff */
+@@ -2444,126 +4241,294 @@
+ 
+ 		if (pri->debug & PRI_DEBUG_APDU)
+ 			pri_message(pri, "  [ Handling operation %d ]\n", operation_tag);
+-		switch (operation_tag) {
+-		case SS_CNID_CALLINGNAME:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "  Handle Name display operation\n");
+- 			return rose_calling_name_decode(pri, call, comp, len-i);
+-		case ROSE_CALL_TRANSFER_IDENTIFY:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "ROSE %i:   CallTransferIdentify - not handled!\n", operation_tag);
+-			dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			return -1;
+-		case ROSE_CALL_TRANSFER_ABANDON:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "ROSE %i:   CallTransferAbandon - not handled!\n", operation_tag);
+-			dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			return -1;
+-		case ROSE_CALL_TRANSFER_INITIATE:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "ROSE %i:   CallTransferInitiate - not handled!\n", operation_tag);
+-			dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			return -1;
+-		case ROSE_CALL_TRANSFER_SETUP:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "ROSE %i:   CallTransferSetup - not handled!\n", operation_tag);
+-			dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			return -1;
+-		case ROSE_CALL_TRANSFER_ACTIVE:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "ROSE %i:   CallTransferActive - not handled!\n", operation_tag);
+-			dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			return -1;
+-		case ROSE_CALL_TRANSFER_COMPLETE:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-			{
+-				pri_message(pri, "ROSE %i:   Handle CallTransferComplete\n", operation_tag);
++
++		if (pri->switchtype == PRI_SWITCH_QSIG) {
++
++			switch (operation_tag) {
++			case SS_CNID_CALLINGNAME:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i:   Handle CallingName\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return rose_calling_name_decode(pri, call, comp, len-i);
++			case SS_CNOP_CALLEDNAME:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i:   Handle CalledName\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return rose_called_name_decode(pri, call, comp, len-i);
++			case SS_CNOP_CONNECTEDNAME:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i:   Handle ConnectedName\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return rose_connected_name_decode(pri, call, comp, len-i);
++			case ROSE_CALL_TRANSFER_IDENTIFY:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferIdentify - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			}
+-			return rose_call_transfer_complete_decode(pri, call, comp, len-i);
+-		case ROSE_CALL_TRANSFER_UPDATE:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-			{
+-				pri_message(pri, "ROSE %i:    Handle CallTransferUpdate\n", operation_tag);
++				return -1;
++			case ROSE_CALL_TRANSFER_ABANDON:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferAbandon - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			}
+-			return rose_call_transfer_update_decode(pri, call, comp, len-i);
+-		case ROSE_SUBADDRESS_TRANSFER:
+-			if (pri->debug & PRI_DEBUG_APDU)
+-				pri_message(pri, "ROSE %i:   SubaddressTransfer - not handled!\n", operation_tag);
+-			dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			return -1;
+-		case ROSE_DIVERTING_LEG_INFORMATION2:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+- 				pri_message(pri, "ROSE %i:   Handle CallingName\n", operation_tag);
+- 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-  			}
+-			return rose_diverting_leg_information2_decode(pri, call, comp, len-i);
+-		case ROSE_AOC_NO_CHARGING_INFO_AVAILABLE:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "ROSE %i: AOC No Charging Info Available - not handled!", operation_tag);
+-				dump_apdu (pri, comp->data, comp->len);
+-			}
+-			return -1;
+-		case ROSE_AOC_CHARGING_REQUEST:
+-			return aoc_aoce_charging_request_decode(pri, call, (u_int8_t *)comp, comp->len + 2);
+-		case ROSE_AOC_AOCS_CURRENCY:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "ROSE %i: AOC-S Currency - not handled!", operation_tag);
++				return -1;
++			case ROSE_CALL_TRANSFER_INITIATE:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferInitiate - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			}
+-			return -1;
+-		case ROSE_AOC_AOCS_SPECIAL_ARR:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "ROSE %i: AOC-S Special Array - not handled!", operation_tag);
++				return -1;
++			case ROSE_CALL_TRANSFER_SETUP:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferSetup - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			}
+-			return -1;
+-		case ROSE_AOC_AOCD_CURRENCY:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "ROSE %i: AOC-D Currency - not handled!", operation_tag);
++				return -1;
++			case ROSE_CALL_TRANSFER_ACTIVE:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   Handle CallTransferActive\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			}
+-			return -1;
+-		case ROSE_AOC_AOCD_CHARGING_UNIT:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "ROSE %i: AOC-D Charging Unit - not handled!", operation_tag);
++				return rose_call_transfer_active_decode(pri, call, comp, len-i);
++			case ROSE_CALL_TRANSFER_COMPLETE:
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CallTransferComplete\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return rose_call_transfer_complete_decode(pri, call, comp, len-i);
++			case ROSE_CALL_TRANSFER_UPDATE:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferUpdate - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			}
+-			return -1;
+-		case ROSE_AOC_AOCE_CURRENCY:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "ROSE %i: AOC-E Currency - not handled!", operation_tag);
++				return -1;
++			case ROSE_SUBADDRESS_TRANSFER:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   SubaddressTransfer - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
+-			}
+-			return -1;
+-		case ROSE_AOC_AOCE_CHARGING_UNIT:
+-			return aoc_aoce_charging_unit_decode(pri, call, (u_int8_t *)comp, comp->len + 2);
+-			if (0) { /* the following function is currently not used - just to make the compiler happy */
+-				aoc_aoce_charging_unit_encode(pri, call, call->aoc_units); /* use this function to forward the aoc-e on a bridged channel */ 
++				return -1;
++			case ROSE_DIVERTING_LEG_INFORMATION1:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "  Handle DivertingLegInformation1\n");
++				return rose_diverting_leg_information1_decode(pri, call, comp, len-i);
++			case ROSE_DIVERTING_LEG_INFORMATION2:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "  Handle DivertingLegInformation2\n");
++				return rose_diverting_leg_information2_decode(pri, call, comp, len-i);
++			case ROSE_DIVERTING_LEG_INFORMATION3:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "  Handle DivertingLegInformation3\n");
++				return rose_diverting_leg_information3_decode(pri, call, comp, len-i);
++			case SS_ANFPR_PATHREPLACEMENT:
++				/* Clear Queue */
++				res = pri_call_apdu_queue_cleanup(call->bridged_call);
++				if (res) {
++					pri_message(pri, "Could not Clear queue ADPU\n");
++					return -1;
++				}
++				anfpr_pathreplacement_respond(pri, call, ie);
++				break;
++			case QSIG_CC_CCBSREQUEST:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:  invoke CcbsRequest - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case QSIG_CC_CCNRREQUEST:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:  invoke CcnrRequest - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case QSIG_CC_CANCEL:
++				c_subcmd = get_ptr_subcommand(&call->subcmds);
++				if (!c_subcmd) {
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "ROSE %i:  invoke CcCancel - more than %d facilities !\n", operation_tag, MAX_SUBCOMMANDS);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++					return -1;
++				}
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CcCancel\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				c_subcmd->cmd = CMD_CC_CANCEL_INV;
++				res = rose_cc_optional_arg_decode(pri, call, &c_subcmd->cc_cancel_inv.cc_optional_arg, comp, len-i);
++				return res;
++			case QSIG_CC_EXECPOSIBLE:
++				c_subcmd = get_ptr_subcommand(&call->subcmds);
++				if (!c_subcmd) {
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "ROSE %i:  invoke CcExecposible - more than %d facilities !\n", operation_tag, MAX_SUBCOMMANDS);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++					return -1;
++				}
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CcExecposible\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				c_subcmd->cmd = CMD_CC_EXECPOSIBLE_INV;
++				res = rose_cc_optional_arg_decode(pri, call, &c_subcmd->cc_execposible_inv.cc_optional_arg, comp, len-i);
++				return res;
++			case QSIG_CC_PATHRESERVE:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:  invoke CcPathreserve - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case QSIG_CC_RINGOUT:
++				c_subcmd = get_ptr_subcommand(&call->subcmds);
++				if (!c_subcmd) {
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "ROSE %i:  invoke CcRingout - more than %d facilities !\n", operation_tag, MAX_SUBCOMMANDS);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++					return -1;
++				}
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CcRingout\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				c_subcmd->cmd = CMD_CC_RINGOUT_INV;
++				res = rose_cc_ringout_inv_decode(pri, &c_subcmd->cc_ringout_inv.cc_extension, comp, len-i);
++				return res;
++			case QSIG_CC_SUSPEND:
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CcSuspend\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
+ 				return 0;
+-			}
+-		case ROSE_AOC_IDENTIFICATION_OF_CHARGE:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "ROSE %i: AOC Identification Of Charge - not handled!", operation_tag);
++			case QSIG_CC_RESUME:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:  invoke CcResume - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			default:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "!! Unable to handle ROSE operation %d", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
+ 			}
+-			return -1;
+-                case SS_ANFPR_PATHREPLACEMENT:
+-			/* Clear Queue */
+-			res = pri_call_apdu_queue_cleanup(call->bridged_call);
+-			if (res) {
+-			        pri_message(pri, "Could not Clear queue ADPU\n");
+-			        return -1;
+-			}
+-			anfpr_pathreplacement_respond(pri, call, ie);
+-                        break;
+-		default:
+-			if (pri->debug & PRI_DEBUG_APDU) {
+-				pri_message(pri, "!! Unable to handle ROSE operation %d", operation_tag);
++		} else { /* pri->switchtype == PRI_SWITCH_QSIG */
++
++			switch (operation_tag) {
++			case SS_CNID_CALLINGNAME:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i:   Handle CallingName\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return rose_calling_name_decode(pri, call, comp, len-i);
++			case ROSE_CALL_TRANSFER_IDENTIFY:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferIdentify - not handled!\n", operation_tag);
+ 				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case ROSE_CALL_TRANSFER_ABANDON:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferAbandon - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case ROSE_CALL_TRANSFER_INITIATE:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferInitiate - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case ROSE_CALL_TRANSFER_SETUP:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferSetup - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case ROSE_CALL_TRANSFER_ACTIVE:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   Handle CallTransferActive\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return rose_call_transfer_active_decode(pri, call, comp, len-i);
++			case ROSE_CALL_TRANSFER_COMPLETE:
++				if (pri->debug & PRI_DEBUG_APDU)
++				{
++					pri_message(pri, "ROSE %i:   Handle CallTransferComplete\n", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return rose_call_transfer_complete_decode(pri, call, comp, len-i);
++			case ROSE_CALL_TRANSFER_UPDATE:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   CallTransferUpdate - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case ROSE_SUBADDRESS_TRANSFER:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "ROSE %i:   SubaddressTransfer - not handled!\n", operation_tag);
++				dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				return -1;
++			case ROSE_DIVERTING_LEG_INFORMATION2:
++				if (pri->debug & PRI_DEBUG_APDU)
++					pri_message(pri, "  Handle DivertingLegInformation2\n");
++				return rose_diverting_leg_information2_decode(pri, call, comp, len-i);
++			case ROSE_AOC_NO_CHARGING_INFO_AVAILABLE:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i: AOC No Charging Info Available - not handled!", operation_tag);
++					dump_apdu (pri, comp->data, comp->len);
++				}
++				return -1;
++			case ROSE_AOC_CHARGING_REQUEST:
++				return aoc_aoce_charging_request_decode(pri, call, (u_int8_t *)comp, comp->len + 2);
++			case ROSE_AOC_AOCS_CURRENCY:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i: AOC-S Currency - not handled!", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
++			case ROSE_AOC_AOCS_SPECIAL_ARR:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i: AOC-S Special Array - not handled!", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
++			case ROSE_AOC_AOCD_CURRENCY:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i: AOC-D Currency - not handled!", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
++			case ROSE_AOC_AOCD_CHARGING_UNIT:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i: AOC-D Charging Unit - not handled!", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
++			case ROSE_AOC_AOCE_CURRENCY:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i: AOC-E Currency - not handled!", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
++			case ROSE_AOC_AOCE_CHARGING_UNIT:
++				return aoc_aoce_charging_unit_decode(pri, call, (u_int8_t *)comp, comp->len + 2);
++				if (0) { /* the following function is currently not used - just to make the compiler happy */
++					aoc_aoce_charging_unit_encode(pri, call, call->aoc_units); /* use this function to forward the aoc-e on a bridged channel */
++					return 0;
++				}
++			case ROSE_AOC_IDENTIFICATION_OF_CHARGE:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "ROSE %i: AOC Identification Of Charge - not handled!", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
++			case SS_ANFPR_PATHREPLACEMENT:
++				/* Clear Queue */
++				res = pri_call_apdu_queue_cleanup(call->bridged_call);
++				if (res) {
++					pri_message(pri, "Could not Clear queue ADPU\n");
++					return -1;
++				}
++				anfpr_pathreplacement_respond(pri, call, ie);
++				break;
++			default:
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "!! Unable to handle ROSE operation %d", operation_tag);
++					dump_apdu (pri, (u_int8_t *)comp, comp->len + 2);
++				}
++				return -1;
+ 			}
+-			return -1;
+ 		}
+ 	} while(0);
+ 	
+@@ -2619,15 +4584,119 @@
+ 	return 0;
+ }
+ 
++/* ===== Begin Call Completion Supplementary Service (ETS 300 366/ECMA 186) ===== */
++/* operationId e.g. QSIG_CC_CCBS_REQUEST and QSIG_CC_CCNR_REQUEST */
++static int add_qsigCcRequestArg_facility_ie (struct pri *pri, q931_call *c)
++{
++	int size = 0;
++	int i = 0;
++	unsigned char buffer[256];
++	struct rose_component *comp = NULL, *compstk[10];
++	int compsp = 0;
++	u_int8_t operationId = c->ccoperation;
++	char *numberA = c->callernum;
++	char *numberB = c->callednum;
++ 
++	/* 1 Byte 	   0x80 | 0x1F = 9F	 Protocol Profile (0x93 wäre altes QSIG oder DDS1) */
++	buffer[i++] = (ASN1_CONTEXT_SPECIFIC | Q932_PROTOCOL_EXTENSIONS);
++
++	/* Interpretation component */
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_NFE, buffer, i); /* 2. Byte NEtwork Facility Extension 0xAA = ASN1_CONTEXT_SPECIFIC(0x80) | (ASN1_CONSTRUCTOR 0x20)  0x0A (Tag laut Standard) */
++	ASN1_PUSH(compstk, compsp, comp);
++
++	ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_0), buffer, i, 0);	/* (0x80, 0x01(len), 0x00) endPTNX */
++	ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_2), buffer, i, 0);	/* (0x82, 0x01(len), 0x00) endPTNX */
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++#if 0
++	ASN1_ADD_BYTECOMP(comp, COMP_TYPE_INTERPRETATION, buffer, i, 0);   /* 0x8B, 0x01(len), 0x00 discard */
++#endif
++	ASN1_ADD_SIMPLE(comp, COMP_TYPE_INVOKE, buffer, i);			 /* 0xA1, 0xXX (len of Invoke Sequenz) invoke APDU */
++	ASN1_PUSH(compstk, compsp, comp);
++
++	/* Invoke ID */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, get_invokeid(pri));   /* InvokeID 0x02 0x01 0xXX */
++
++	/*CcbsRequest ::= 40 or CcnrRequest ::= 27 */
++	/* Operation ID: CCBS/CCNR */
++	ASN1_ADD_BYTECOMP(comp, ASN1_INTEGER, buffer, i, operationId); /* 0x02 0x01 0x28/0x1b */
++
++	/* ccbs/ccnr request argument */
++	/* PresentedNumberUnscreened */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONSTRUCTOR | ASN1_SEQUENCE), buffer, i); /*0x30 0xXX (len)*/
++	ASN1_PUSH(compstk, compsp, comp);
++	/* (0xA0, 0x01(len)) presentationAlloweAddress  [0] PartyNumber */
++	/* (0xA1, 0xXX (len) publicPartyNumber [1] IMPLICIT PublicPartyNumber */
++	/* (0x0A, 0x01, 0x00 ) type of public party number = subscriber number */
++	/* (0x12, 0xXX (len), 0xXX .. 0xXX) numeric string */
++	size = rose_presented_number_unscreened_encode(pri, &buffer[i], PRES_ALLOWED, Q932_TON_UNKNOWN, numberA);
++	if (size < 0)
++		return -1;
++	i += size;
++
++	/* (0xA1, 0xXX (len) [1] IMPLICIT PublicPartyNumber */
++	ASN1_ADD_SIMPLE(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTOR | ASN1_TAG_1), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++	/* (0x0A, 0x01, 0x00 ) type of public party number = subscriber number */
++	/* (0x12, 0xXX (len), 0xXX .. 0xXX) numeric string */
++	size = rose_public_party_number_encode(pri, comp->data, 1, Q932_TON_UNKNOWN, numberB);
++	if (size < 0)
++		return -1;
++	i += size;
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	/* (0x40, 0xXX (len), 0xXX .. 0xXX) pSS1InfoElement */
++	ASN1_ADD_SIMPLE(comp, (ASN1_APPLICATION | ASN1_TAG_0 ), buffer, i);
++	ASN1_PUSH(compstk, compsp, comp);
++	buffer[i++] = (0x04);	/*  add Bearer Capability IE */
++	buffer[i++] = (0x03);	/* len*/
++	buffer[i++] = (0x80);	/* ETSI Standard, Speech */
++	buffer[i++] = (0x90);	/* circuit mode, 64kbit/s */
++	buffer[i++] = (0xa3);	/* level1 protocol, a-law */
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++#if 0
++	/* can-retain-service [12] IMPLICIT BOOLEAN DEFAULT FALSE,*/
++	ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_12), buffer, i, 0);   /* 0x1C, 0x01(len), 0x00 false */
++#endif
++	/* retain-sig-connection [13] IMPLICIT BOOLEAN OPTIONAL, --TRUE: sign. connection to be retained */	 
++	ASN1_ADD_BYTECOMP(comp, (ASN1_CONTEXT_SPECIFIC | ASN1_TAG_13), buffer, i, 1);   /* 0x1D, 0x01(len), 0x01 true */
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	ASN1_FIXUP(compstk, compsp, buffer, i);
++
++	if (pri_call_apdu_queue(c, Q931_SETUP, buffer, i, NULL, NULL))
++		return -1;
++	
++	return 0;
++}
++/* ===== End Call Completion Supplementary Service (ETS 300 366/ECMA 186) ===== */
++
+ int pri_call_add_standard_apdus(struct pri *pri, q931_call *call)
+ {
+ 	if (!pri->sendfacility)
+ 		return 0;
+ 
+ 	if (pri->switchtype == PRI_SWITCH_QSIG) { /* For Q.SIG it does network and cpe operations */
+-		if (call->redirectingnum[0]) 
++		if (call->redirectingnum[0])
+ 			rose_diverting_leg_information2_encode(pri, call);
+ 		add_callername_facility_ies(pri, call, 1);
++		if (call->ccoperation) {
++			switch(call->ccoperation) {
++			case 0:
++				break;
++			case QSIG_CC_CCBSREQUEST:
++			case QSIG_CC_CCNRREQUEST:
++				add_qsigCcRequestArg_facility_ie(pri, call);
++				break;
++			case QSIG_CC_RINGOUT:
++				add_qsigCcInv_facility_ie(pri, call, Q931_SETUP);
++				break;
++			default:
++				break;
++			}
++		}
+ 		return 0;
+ 	}
+ 
+@@ -2665,3 +4734,26 @@
+ 	return 0;
+ }
+ 
++int qsig_initiate_diverting_leg_information1(struct pri *pri, q931_call *call)
++{
++	rose_diverting_leg_information1_encode(pri, call);
++
++	if (q931_facility(pri, call)) {
++		pri_message(pri, "Could not schedule facility message for divertingLegInfo1\n");
++		return -1;
++	}
++
++	return 0;
++}
++
++int qsig_initiate_call_transfer_complete(struct pri *pri, q931_call *call, int call_status)
++{
++	rose_call_transfer_complete_encode(pri, call, call_status);
++
++	if (q931_facility(pri, call)) {
++		pri_message(pri, "Could not schedule facility message for callTransferComplete\n");
++		return -1;
++	}
++
++	return 0;
++}
+Index: pri_timers.h
+===================================================================
+--- a/pri_timers.h	(.../tags/1.4.9)	(revision 700)
++++ b/pri_timers.h	(.../team/group/issue14292)	(revision 700)
+@@ -62,6 +62,7 @@
+ 				-1,		/* T322 */ \
+ 				2500,	/* TM20 - Q.921 Appendix IV */ \
+ 				3,		/* NM20 - Q.921 Appendix IV */ \
++				45*60*1000	/* CC-Timer2 45 min */\
+ 			}
+ 
+ /* XXX Only our default timers are setup now XXX */
+Index: pri_facility.h
+===================================================================
+--- a/pri_facility.h	(.../tags/1.4.9)	(revision 700)
++++ b/pri_facility.h	(.../team/group/issue14292)	(revision 700)
+@@ -38,14 +38,6 @@
+ #define Q932_PROTOCOL_GAT			0x16
+ #define Q932_PROTOCOL_EXTENSIONS	0x1F
+ 
+-/* Argument values */
+-#define ROSE_NAME_PRESENTATION_ALLOWED_SIMPLE	0x80
+-#define ROSE_NAME_PRESENTATION_RESTRICTED_NULL	0x87
+-#define ROSE_NAME_PRESENTATION_ALLOWED_EXTENDED    0xA1
+-#define ROSE_NAME_PRESENTATION_RESTRICTED_SIMPLE   0xA2
+-#define ROSE_NAME_PRESENTATION_RESTRICTED_EXTENDED 0xA3
+-#define ROSE_NAME_NOT_AVAIL			0x84
+-
+ /* Component types */
+ #define COMP_TYPE_INTERPRETATION			0x8B
+ #define COMP_TYPE_NETWORK_PROTOCOL_PROFILE	0x92
+@@ -65,10 +57,11 @@
+ #define ROSE_CALL_TRANSFER_COMPLETE			12
+ #define ROSE_CALL_TRANSFER_UPDATE			13
+ #define ROSE_SUBADDRESS_TRANSFER 			14
++#define QSIG_CF_CALLREROUTING 				19
+ /* Q.952 ROSE operations (Diverting) */
+-#define ROSE_DIVERTING_LEG_INFORMATION1		18
+-#define ROSE_DIVERTING_LEG_INFORMATION2		0x15
+-#define ROSE_DIVERTING_LEG_INFORMATION3		19
++#define ROSE_DIVERTING_LEG_INFORMATION1			20
++#define ROSE_DIVERTING_LEG_INFORMATION2			21
++#define ROSE_DIVERTING_LEG_INFORMATION3			22
+ /* Q.956 ROSE operations (Advice Of Charge) */
+ #define ROSE_AOC_NO_CHARGING_INFO_AVAILABLE	26
+ #define ROSE_AOC_CHARGING_REQUEST			30
+@@ -81,12 +74,27 @@
+ #define ROSE_AOC_IDENTIFICATION_OF_CHARGE	37
+ /* Q.SIG operations */
+ #define SS_CNID_CALLINGNAME					0
++#define SS_CNOP_CALLEDNAME			 		1
++#define SS_CNOP_CONNECTEDNAME					2
+ #define SS_ANFPR_PATHREPLACEMENT                                4
+-#define SS_DIVERTING_LEG_INFORMATION2		21
+ #define SS_MWI_ACTIVATE						80
+ #define SS_MWI_DEACTIVATE					81
+ #define SS_MWI_INTERROGATE					82
+ 
++/* ECMA 186 */
++#define QSIG_CC_CCNRREQUEST		PRI_CC_CCNRREQUEST /* 27 */
++#define QSIG_CC_CANCEL				PRI_CC_CANCEL      /* 28 */
++#define QSIG_CC_EXECPOSIBLE		29
++#define QSIG_CC_PATHRESERVE		30
++#define QSIG_CC_RINGOUT				31
++#define QSIG_CC_SUSPEND				32
++#define QSIG_CC_RESUME				33
++#define QSIG_CC_CCBSREQUEST		PRI_CC_CCBSREQUEST /* 40 */
++
++#define QSIG_CC_UNSPECIFIED				1008
++#define QSIG_CC_REMOTE_USER_BUSY_AGAIN	1012
++#define QSIG_CC_FAILURE_TO_MATCH			1013
++
+ /* ROSE definitions and data structures */
+ #define INVOKE_IDENTIFIER			0x02
+ #define INVOKE_LINKED_IDENTIFIER	0x80
+@@ -128,6 +136,12 @@
+ #define ASN1_TAG_7				0x07
+ #define ASN1_TAG_8				0x08
+ #define ASN1_TAG_9				0x09
++#define ASN1_TAG_10				0x0a
++#define ASN1_TAG_11				0x0b
++#define ASN1_TAG_12				0x0c
++#define ASN1_TAG_13				0x0d
++#define ASN1_TAG_14				0x0e
++#define ASN1_TAG_15				0x0f
+ 
+ /* ASN.1 Identifier Octet - Primitive/Constructor Bit */
+ #define ASN1_PC_MASK			0x20
+@@ -169,6 +183,20 @@
+ #define Q932_TON_SUBSCRIBER				0x04
+ #define Q932_TON_ABBREVIATED			0x06
+ 
++/* Q.SIG Character Sets. Listed in ISO/IEC 8859 */
++#define CHARACTER_SET_UNKNOWN			0x00
++#define CHARACTER_SET_ISO8859_1			0x01
++#define CHARACTER_SET_ISO8859_2			0x03
++#define CHARACTER_SET_ISO8859_3			0x04
++#define CHARACTER_SET_ISO8859_4			0x05
++#define CHARACTER_SET_ISO8859_5			0x06
++#define CHARACTER_SET_ISO8859_7			0x07
++
++/* Q.SIG Subscription Option. Listed in ECMA-174 */
++#define QSIG_NO_NOTIFICATION						0x00
++#define QSIG_NOTIFICATION_WITHOUT_DIVERTED_TO_NR	0x01
++#define QSIG_NOTIFICATION_WITH_DIVERTED_TO_NR		0x02
++
+ /* RLT related Operations */
+ #define RLT_SERVICE_ID		0x3e
+ #define RLT_OPERATION_IND	0x01
+@@ -314,6 +342,18 @@
+ /* starts a QSIG Path Replacement */
+ int anfpr_initiate_transfer(struct pri *pri, q931_call *c1, q931_call *c2);
+ 
++int qsig_initiate_diverting_leg_information1(struct pri *pri, q931_call *call);
++
++int qsig_initiate_call_transfer_complete(struct pri *pri, q931_call *call, int call_status);
++
++int rose_diverting_leg_information1_encode(struct pri *pri, q931_call *call);
++
++int rose_diverting_leg_information3_encode(struct pri *pri, q931_call *call, int messagetype);
++
++int rose_connected_name_encode(struct pri *pri, q931_call *call, int messagetype);
++
++int rose_called_name_encode(struct pri *pri, q931_call *call, int messagetype);
++
+ /* Use this function to queue a facility-IE born APDU onto a call
+  * call is the call to use, messagetype is any one of the Q931 messages,
+  * apdu is the apdu data, apdu_len is the length of the apdu data  */
+@@ -325,6 +365,8 @@
+ /* Adds the "standard" APDUs to a call */
+ int pri_call_add_standard_apdus(struct pri *pri, q931_call *call);
+ 
++int add_qsigCcInv_facility_ie (struct pri *pri, q931_call *c, int messagetype);
++
+ int asn1_dump(struct pri *pri, void *comp, int len);
+ 
+ #endif /* _PRI_FACILITY_H */
+Index: libpri.h
+===================================================================
+--- a/libpri.h	(.../tags/1.4.9)	(revision 700)
++++ b/libpri.h	(.../team/group/issue14292)	(revision 700)
+@@ -81,6 +81,7 @@
+ #define PRI_EVENT_NOTIFY		16	/* Notification received */
+ #define PRI_EVENT_PROGRESS		17	/* When we get CALL_PROCEEDING or PROGRESS */
+ #define PRI_EVENT_KEYPAD_DIGIT		18	/* When we receive during ACTIVE state */
++#define PRI_EVENT_FACILITY		19	/* Facility received */
+ 
+ /* Simple states */
+ #define PRI_STATE_DOWN		0
+@@ -135,16 +136,45 @@
+ #define PRI_UNKNOWN					0x0
+ 
+ /* Presentation */
+-#define PRES_ALLOWED_USER_NUMBER_NOT_SCREENED	0x00
+-#define PRES_ALLOWED_USER_NUMBER_PASSED_SCREEN	0x01
+-#define PRES_ALLOWED_USER_NUMBER_FAILED_SCREEN	0x02
+-#define PRES_ALLOWED_NETWORK_NUMBER				0x03
+-#define PRES_PROHIB_USER_NUMBER_NOT_SCREENED	0x20
+-#define PRES_PROHIB_USER_NUMBER_PASSED_SCREEN	0x21
+-#define PRES_PROHIB_USER_NUMBER_FAILED_SCREEN	0x22
+-#define PRES_PROHIB_NETWORK_NUMBER				0x23
+-#define PRES_NUMBER_NOT_AVAILABLE				0x43
++#define PRES_NUMBER_TYPE					0x03
++#define PRES_USER_NUMBER_UNSCREENED			0x00
++#define PRES_USER_NUMBER_PASSED_SCREEN		0x01
++#define PRES_USER_NUMBER_FAILED_SCREEN		0x02
++#define PRES_NETWORK_NUMBER					0x03
+ 
++#define PRES_RESTRICTION					0x60
++#define PRES_ALLOWED						0x00
++#define PRES_RESTRICTED						0x20
++#define PRES_UNAVAILABLE					0x40
++#define PRES_RESERVED						0x60
++
++#define PRES_ALLOWED_USER_NUMBER_NOT_SCREENED \
++	(PRES_ALLOWED | PRES_USER_NUMBER_UNSCREENED)
++
++#define PRES_ALLOWED_USER_NUMBER_PASSED_SCREEN \
++	(PRES_ALLOWED | PRES_USER_NUMBER_PASSED_SCREEN)
++
++#define PRES_ALLOWED_USER_NUMBER_FAILED_SCREEN \
++	(PRES_ALLOWED | PRES_USER_NUMBER_FAILED_SCREEN)
++
++#define PRES_ALLOWED_NETWORK_NUMBER	\
++	(PRES_ALLOWED | PRES_NETWORK_NUMBER)
++
++#define PRES_PROHIB_USER_NUMBER_NOT_SCREENED \
++	(PRES_RESTRICTED | PRES_USER_NUMBER_UNSCREENED)
++
++#define PRES_PROHIB_USER_NUMBER_PASSED_SCREEN \
++	(PRES_RESTRICTED | PRES_USER_NUMBER_PASSED_SCREEN)
++
++#define PRES_PROHIB_USER_NUMBER_FAILED_SCREEN \
++	(PRES_RESTRICTED | PRES_USER_NUMBER_FAILED_SCREEN)
++
++#define PRES_PROHIB_NETWORK_NUMBER \
++	(PRES_RESTRICTED | PRES_NETWORK_NUMBER)
++
++#define PRES_NUMBER_NOT_AVAILABLE \
++	(PRES_UNAVAILABLE | PRES_NETWORK_NUMBER)
++
+ /* Causes for disconnection */
+ #define PRI_CAUSE_UNALLOCATED					1
+ #define PRI_CAUSE_NO_ROUTE_TRANSIT_NET			2	/* !Q.SIG */
+@@ -303,8 +333,141 @@
+ #define PRI_NSF_ATT_MULTIQUEST         0xF0
+ #define PRI_NSF_CALL_REDIRECTION_SERVICE       0xF7
+ 
++/* ECMA 186 */
++#define PRI_CC_CCNRREQUEST		27
++#define PRI_CC_CANCEL			28
++#define PRI_CC_CCBSREQUEST		40
++
+ typedef struct q931_call q931_call;
+ 
++/* Connected line update source code */
++enum PRI_CONNECTED_LINE_UPDATE_SOURCE {
++	PRI_CONNECTED_LINE_UPDATE_SOURCE_UNKNOWN,   /* Update for unknown reason (May be interpreted to mean from answer) */
++	PRI_CONNECTED_LINE_UPDATE_SOURCE_ANSWER,    /* Update from normal call answering */
++	PRI_CONNECTED_LINE_UPDATE_SOURCE_TRANSFER,   /* Update from call transfer(active) (Party has already answered) */
++	PRI_CONNECTED_LINE_UPDATE_SOURCE_TRANSFER_ALERTING   /* Update from call transfer(alerting) (Party has not answered yet) */
++};
++
++/* Information needed to identify an endpoint in a call. */
++struct pri_party_id {
++	char number[256];			/* Subscriber phone number */
++	char name[256];				/* Subscriber name */
++	int number_type;			/* Q.931 encoded "type of number" and "numbering plan identification" */
++	int number_presentation;	/* Q.931 encoded "presentation indicator" and "screening indicator" */
++};
++
++/* Connected Line/Party information */
++struct pri_party_connected_line {
++	struct pri_party_id id;		/* Connected party ID */
++	int source;					/* Information about the source of an update .
++	 							 * enum PRI_CONNECTED_LINE_UPDATE_SOURCE values
++	 							 * for Normal-Answer, Call-transfer */
++};
++
++/* Redirecting Line information.
++ * RDNIS (Redirecting Directory Number Information Service)
++ * Where a call diversion or transfer was invoked. */
++struct pri_party_redirecting {
++	struct pri_party_id from;	/* Who is redirecting the call (Sent to the party the call is redirected toward) */
++	struct pri_party_id to;		/* Call is redirecting to a new party (Sent to the caller) */
++	int count;					/* Number of times the call was redirected */
++	int reason;					/* Redirection reasons */
++};
++
++/* Structures for qsig_cc_facilities */
++struct qsig_cc_extension {
++	int	cc_extension_tag;
++	char extension[256];
++};
++
++struct qsig_cc_optional_arg {
++	char number_A[256];
++	char number_B[256];
++	int	service;
++	struct qsig_cc_extension cc_extension;
++};
++
++struct qsig_cc_request_res {
++	int	no_path_reservation;
++	int	retain_service;
++	struct qsig_cc_extension cc_extension;
++};
++
++/* Command derived from Facility */
++#define CMD_REDIRECTING         1
++#define CMD_CONNECTEDLINE       2
++#define CMD_CC_CCBSREQUEST_RR   3
++#define CMD_CC_CCNRREQUEST_RR   4
++#define CMD_CC_CANCEL_INV       5
++#define CMD_CC_EXECPOSIBLE_INV  6
++#define CMD_CC_RINGOUT_INV      7
++#define CMD_CC_SUSPEND_INV      8
++#define CMD_CC_ERROR            9
++
++#define CCERROR_UNSPECIFIED		1008
++#define CCERROR_REMOTE_USER_BUSY_AGAIN	1012
++#define CCERROR_FAILURE_TO_MATCH	1013
++
++struct cmd_connectedline {
++	struct pri_party_connected_line connected;
++};
++
++struct cmd_redirecting {
++	struct pri_party_redirecting redirecting;
++};
++
++struct cmd_cc_ccbs_rr {
++	struct qsig_cc_request_res	cc_request_res;
++};
++
++struct cmd_cc_ccnr_rr {
++	struct qsig_cc_request_res	cc_request_res;
++};
++
++struct cmd_cc_cancel_inv {
++	struct qsig_cc_optional_arg	cc_optional_arg;
++};
++
++struct cmd_cc_execposible_inv {
++	struct qsig_cc_optional_arg	cc_optional_arg;
++};
++
++struct cmd_cc_suspend_inv {
++	struct qsig_cc_extension	cc_extension;
++};
++
++struct cmd_cc_ringout_inv {
++	struct qsig_cc_extension	cc_extension;
++};
++
++struct cmd_cc_error {
++	int	error_value;
++};
++
++struct subcommand {
++	int cmd;
++	union {
++		struct cmd_connectedline      connectedline;
++		struct cmd_redirecting        redirecting;
++		struct cmd_cc_ccbs_rr         cc_ccbs_rr;
++		struct cmd_cc_ccnr_rr         cc_ccnr_rr;
++		struct cmd_cc_cancel_inv      cc_cancel_inv;
++		struct cmd_cc_execposible_inv cc_execposible_inv;
++		struct cmd_cc_suspend_inv     cc_suspend_inv;
++		struct cmd_cc_ringout_inv     cc_ringout_inv;
++		struct cmd_cc_error           cc_error;
++	};
++};
++
++/* Max number of subcommands per event message */
++#define MAX_SUBCOMMANDS	4
++
++struct subcommands {
++	int counter_subcmd;
++	struct subcommand subcmd[MAX_SUBCOMMANDS];
++};
++
++
+ typedef struct pri_event_generic {
+ 	/* Events with no additional information fall in this category */
+ 	int e;
+@@ -328,6 +491,11 @@
+ 	int progressmask;
+ 	q931_call *call;
+ 	char useruserinfo[260];		/* User->User info */
++	char calledname[256];
++	char callednum[256];
++	int calledpres;
++	int calledplan;
++	struct subcommands subcmds;
+ } pri_event_ringing;
+ 
+ typedef struct pri_event_answer {
+@@ -338,6 +506,12 @@
+ 	int progressmask;
+ 	q931_call *call;
+ 	char useruserinfo[260];		/* User->User info */
++	char connectednum[256];
++	char connectedname[256];
++	int connectedpres;
++	int connectedplan;
++	int source;
++	struct subcommands subcmds;
+ } pri_event_answer;
+ 
+ typedef struct pri_event_facname {
+@@ -351,6 +525,14 @@
+ 	int callingplan;			/* Dialing plan of Calling entity */
+ } pri_event_facname;
+ 
++struct pri_event_facility {
++	int e;
++	int channel;
++	int cref;
++	q931_call *call;
++	struct subcommands subcmds;
++};
++
+ #define PRI_CALLINGPLANANI
+ #define PRI_CALLINGPLANRDNIS
+ typedef struct pri_event_ring {
+@@ -383,6 +565,9 @@
+ 	char origcallednum[256];
+ 	int callingplanorigcalled;		/* Dialing plan of Originally Called Number */
+ 	int origredirectingreason;
++	int redirectingpres;
++	int redirectingcount;
++	struct subcommands subcmds;
+ } pri_event_ring;
+ 
+ typedef struct pri_event_hangup {
+@@ -393,6 +578,7 @@
+ 	q931_call *call;			/* Opaque call pointer */
+ 	long aoc_units;				/* Advise of Charge number of charged units */
+ 	char useruserinfo[260];		/* User->User info */
++	struct subcommands subcmds;
+ } pri_event_hangup;	
+ 
+ typedef struct pri_event_restart_ack {
+@@ -445,6 +631,7 @@
+ 	pri_event_setup_ack   setup_ack;	/* SETUP_ACKNOWLEDGE structure */
+ 	pri_event_notify notify;		/* Notification */
+ 	pri_event_keypad_digit digit;			/* Digits that come during a call */
++	struct pri_event_facility facility;
+ } pri_event;
+ 
+ struct pri;
+@@ -531,6 +718,12 @@
+    Set non-isdn to non-zero if you are not connecting to ISDN equipment */
+ int pri_answer(struct pri *pri, q931_call *call, int channel, int nonisdn);
+ 
++/* Give connected line information to a call */
++int pri_connected_line_update(struct pri *pri, q931_call *call, struct pri_party_connected_line *connected);
++
++/* Give redirection information to a call */
++int pri_redirecting_update(struct pri *pri, q931_call *call, struct pri_party_redirecting *redirecting);
++
+ /* Set CRV reference for GR-303 calls */
+ 
+ 
+@@ -558,7 +751,12 @@
+ 
+ /* Create a new call */
+ q931_call *pri_new_call(struct pri *pri);
++q931_call *pri_new_nochannel_call(struct pri *pri, int *cr);
+ 
++q931_call *pri_find_call(struct pri *pri, int cr);
++
++void pri_call_set_cc_operation(q931_call *call, int cc_operation);
++
+ /* Retrieve CRV reference for GR-303 calls.  Returns >0 on success. */
+ int pri_get_crv(struct pri *pri, q931_call *call, int *callmode);
+ 
+@@ -584,6 +782,11 @@
+ int pri_sr_set_called(struct pri_sr *sr, char *called, int calledplan, int complete);
+ int pri_sr_set_caller(struct pri_sr *sr, char *caller, char *callername, int callerplan, int callerpres);
+ int pri_sr_set_redirecting(struct pri_sr *sr, char *num, int plan, int pres, int reason);
++void pri_sr_set_redirecting_name(struct pri_sr *sr, char *name);
++
++int pri_sr_set_ccringout(struct pri_sr *sr, int ccringout);
++int pri_sr_set_ccbsnr(struct pri_sr *sr, int ccbsnr);
++
+ #define PRI_USER_USER_TX
+ /* Set the user user field.  Warning!  don't send binary data accross this field */
+ void pri_sr_set_useruser(struct pri_sr *sr, const char *userchars);
+@@ -595,7 +798,10 @@
+ /* Set a call has a call indpendent signalling connection (i.e. no bchan) */
+ int pri_sr_set_connection_call_independent(struct pri_sr *req);
+ 
+-/* Send an MWI indication to a remote location.  If activate is non zero, activates, if zero, decativates */
++/* Set a no channel call (i.e. QSIG-CCBS/CCNR) */
++int pri_sr_set_no_channel_call(struct pri_sr *req);
++
++/* Send an MWI indication to a remote location.  If activate is non zero, activates, if zero, deactivates */
+ int pri_mwi_activate(struct pri *pri, q931_call *c, char *caller, int callerplan, char *callername, int callerpres, char *called, int calledplan);
+ 
+ /* Send an MWI deactivate request to a remote location */
+@@ -698,6 +904,7 @@
+ #define PRI_TIMER_TM20	28	/* maximum time avaiting XID response */
+ #define PRI_TIMER_NM20	29	/* number of XID retransmits */
+ 
++#define PRI_TIMER_CCBST2	30	/* maximum time on completion of CC Call */
+ /* Get PRI version */
+ const char *pri_get_version(void);
+ 
+Index: pri.c
+===================================================================
+--- a/pri.c	(.../tags/1.4.9)	(revision 700)
++++ b/pri.c	(.../team/group/issue14292)	(revision 700)
+@@ -166,6 +166,8 @@
+ 		return PRI_TIMER_T321;
+ 	else if (!strcasecmp(timer, "T322"))
+ 		return PRI_TIMER_T322;
++	else if (!strcasecmp(timer, "CCT2"))
++		return PRI_TIMER_CCBST2;
+ 	else
+ 		return -1;
+ }
+@@ -348,6 +350,8 @@
+ 		return "Restart ACK";
+ 	case PRI_EVENT_FACNAME:
+ 		return "FacName";
++	case PRI_EVENT_FACILITY:
++		return "Facility";
+ 	case PRI_EVENT_INFO_RECEIVED:
+ 		return "Info Received";
+ 	case PRI_EVENT_PROCEEDING:
+@@ -551,6 +555,131 @@
+ 	return q931_connect(pri, call, channel, nonisdn);
+ }
+ 
++int pri_connected_line_update(struct pri *pri, q931_call *call, struct pri_party_connected_line *connected)
++{
++	if (!pri || !call)
++		return -1;
++
++	libpri_copy_string(call->connectednum, connected->id.number, sizeof(call->connectednum));
++	libpri_copy_string(call->connectedname, connected->id.name, sizeof(call->connectedname));
++	call->connectedplan = connected->id.number_type;
++	call->connectedpres = connected->id.number_presentation;
++
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		switch (call->ourcallstate) {
++		case Q931_CALL_STATE_ACTIVE:
++			/* immediately send callTransferComplete APDU, callStatus=answered(0) */
++			qsig_initiate_call_transfer_complete(pri, call, 0);
++			break;
++		case Q931_CALL_STATE_OVERLAP_RECEIVING:
++		case Q931_CALL_STATE_INCOMING_CALL_PROCEEDING:
++			/* queue updates for next ALERTING */
++			if (call->connectedname[0]) {
++				/* queue connectedName to be send with next Q931_ALERTING */
++				rose_called_name_encode(pri, call, Q931_ALERTING);
++			}
++
++			if (call->divertedstate != DIVERTEDSTATE_NONE) {
++				libpri_copy_string(call->divertedtonum, connected->id.number, sizeof(call->divertedtonum));
++				libpri_copy_string(call->divertedtoname, connected->id.name, sizeof(call->divertedtoname));
++				call->divertedtoplan = connected->id.number_type;
++				call->divertedtopres = connected->id.number_presentation;
++
++				if ((call->divertedstate == DIVERTEDSTATE_DIVERTED) && call->divertedtonum[0]) {
++					/* immediately send divertingLegInformation1 APDU  */
++					qsig_initiate_diverting_leg_information1(pri, call);
++					call->divertedstate = DIVERTEDSTATE_DIVLEGINFO1SEND;
++				}
++				if ((call->divertedstate == DIVERTEDSTATE_DIVLEGINFO1SEND) && call->divertedtoname[0]) {
++					/* queue divertingLegInformation3 to be send with next Q931_ALERTING */
++					rose_diverting_leg_information3_encode(pri, call, Q931_ALERTING);
++					call->divertedstate = DIVERTEDSTATE_DIVLEGINFO3SEND;
++				}
++			}
++			break;
++		case Q931_CALL_STATE_CALL_RECEIVED:
++			/* queue updates for next CONNECT */
++			if (call->connectedname[0] && ((call->divertedstate == DIVERTEDSTATE_NONE) || (call->divertedstate == DIVERTEDSTATE_DIVLEGINFO3SEND))) {
++				/* queue connectedName to be send with next Q931_CONNECT */
++				rose_connected_name_encode(pri, call, Q931_CONNECT);
++			}
++
++			if (call->divertedstate != DIVERTEDSTATE_NONE) {
++				libpri_copy_string(call->divertedtonum, connected->id.number, sizeof(call->divertedtonum));
++				libpri_copy_string(call->divertedtoname, connected->id.name, sizeof(call->divertedtoname));
++				call->divertedtoplan = connected->id.number_type;
++				call->divertedtopres = connected->id.number_presentation;
++
++				if ((call->divertedstate == DIVERTEDSTATE_DIVERTED) && call->divertedtonum[0]) {
++					/* queue divertingLegInformation1 to be send with next Q931_FACILITY */
++					rose_diverting_leg_information1_encode(pri, call);
++					call->divertedstate = DIVERTEDSTATE_DIVLEGINFO1SEND;
++
++					if (call->divertedtoname[0]) {
++						/* queue divertingLegInformation3 to be send with next Q931_FACILITY */
++						rose_diverting_leg_information3_encode(pri, call, Q931_FACILITY);
++						call->divertedstate = DIVERTEDSTATE_DIVLEGINFO3SEND;
++					}
++
++					/* immediately send Q931_FACILITY */
++					if (q931_facility(pri, call)) {
++						pri_message(pri, "Could not schedule facility message for divertingLegInfo1+3\n");
++					}
++				}
++				if ((call->divertedstate == DIVERTEDSTATE_DIVLEGINFO1SEND) && call->divertedtoname[0]) {
++					/* queue divertingLegInformation3 to be send with next Q931_CONNECT */
++					rose_diverting_leg_information3_encode(pri, call, Q931_CONNECT);
++					call->divertedstate = DIVERTEDSTATE_DIVLEGINFO3SEND;
++				}
++			}
++			break;
++		}
++	}
++
++	return 0;
++}
++
++int pri_redirecting_update(struct pri *pri, q931_call *call, struct pri_party_redirecting *redirecting)
++{
++	if (!pri || !call)
++		return -1;
++
++	libpri_copy_string(call->divertedtonum, redirecting->to.number, sizeof(call->divertedtonum));
++	libpri_copy_string(call->divertedtoname, redirecting->to.name, sizeof(call->divertedtoname));
++	call->divertedtoplan = redirecting->to.number_type;
++	call->divertedtopres = redirecting->to.number_presentation;
++	call->divertedtoreason = redirecting->reason;
++
++	if (pri->switchtype == PRI_SWITCH_QSIG) {
++		switch (call->ourcallstate) {
++		case Q931_CALL_STATE_ACTIVE:
++			/* immediately send callTransferComplete APDU, callStatus=alerting(1) */
++			qsig_initiate_call_transfer_complete(pri, call, 1);
++			break;
++		case Q931_CALL_STATE_OVERLAP_RECEIVING:
++		case Q931_CALL_STATE_INCOMING_CALL_PROCEEDING:
++			call->divertedstate = DIVERTEDSTATE_DIVERTED;
++
++			if (call->divertedtonum[0]) {
++				/* immediately send divertingLegInformation1 APDU */
++				qsig_initiate_diverting_leg_information1(pri, call);
++				call->divertedstate = DIVERTEDSTATE_DIVLEGINFO1SEND;
++			}
++			if ((call->divertedstate == DIVERTEDSTATE_DIVLEGINFO1SEND) && call->divertedtoname[0]) {
++				/* queue divertingLegInformation3 to be send with next Q931_ALERTING */
++				rose_diverting_leg_information3_encode(pri, call, Q931_ALERTING);
++				call->divertedstate = DIVERTEDSTATE_DIVLEGINFO3SEND;
++			}
++			break;
++		default:
++			pri_message(pri, "Redirecting update in state %d\n", call->ourcallstate);
++			break;
++		}
++	}
++
++	return 0;
++}
++
+ #if 0
+ /* deprecated routines, use pri_hangup */
+ int pri_release(struct pri *pri, q931_call *call, int cause)
+@@ -637,6 +766,17 @@
+ 	return q931_new_call(pri);
+ }
+ 
++q931_call *pri_new_nochannel_call(struct pri *pri, int *cr)
++{
++	q931_call *call;
++	if (!pri)
++		return NULL;
++	call = q931_new_call(pri);
++	if (cr)
++		*cr = call->cr;
++	return call;
++}
++
+ void pri_dump_event(struct pri *pri, pri_event *e)
+ {
+ 	if (!pri || !e)
+@@ -679,6 +819,15 @@
+ 	return 0;
+ }
+ 
++int pri_sr_set_no_channel_call(struct pri_sr *req)
++{
++	if (!req)
++		return -1;
++
++	req->nochannelsignalling = 1;
++	return 0;
++}
++
+ /* Don't call any other pri functions on this */
+ int pri_mwi_activate(struct pri *pri, q931_call *c, char *caller, int callerplan, char *callername, int callerpres, char *called,
+ 					int calledplan)
+@@ -829,6 +978,10 @@
+ 	struct q921_frame *f;
+ 	int q921outstanding = 0;
+ #endif
++	q931_call *cur, *prev;
++	struct pri *master;
++	int counter = 0;
++
+ 	if (!pri)
+ 		return NULL;
+ 
+@@ -862,10 +1015,57 @@
+ 	len += sprintf(buf + len, "T309 Timer: %d\n", pri->timers[PRI_TIMER_T309]);
+ 	len += sprintf(buf + len, "T313 Timer: %d\n", pri->timers[PRI_TIMER_T313]);
+ 	len += sprintf(buf + len, "N200 Counter: %d\n", pri->timers[PRI_TIMER_N200]);
++	len += sprintf(buf + len, "CCT2 Timer: %d\n", pri->timers[PRI_TIMER_CCBST2]);
++	/* Find the master  - He has the call pool */
++	if (pri->master)
++		master = pri->master;
++	else
++		master = pri;
+ 
++	cur = *master->callpool;
++	prev = NULL;
++	while(cur) {
++		if (cur->cctimer2) {
++			struct timeval tv;
++			int time_ms_to_go, time_to_go_min, time_to_go_sec;
++			gettimeofday(&tv, NULL);
++			time_ms_to_go = (pri->pri_sched[cur->cctimer2].when.tv_sec - tv.tv_sec)*1000;
++			time_to_go_min = time_ms_to_go/1000/60;
++			time_to_go_sec = (time_ms_to_go-(time_to_go_min*60*1000))/1000;
++
++			len += sprintf(buf + len, "%d. Active Q.931 Call: %p cr=%d: (%dmin %dsec)\n",
++				++counter, cur, cur->cr,
++				time_to_go_min, time_to_go_sec);
++		} else {
++			len += sprintf(buf + len, "%d. Active Q.931 Call: %p cr=%d\n", ++counter, cur, cur->cr);
++		}
++		cur = cur->next;
++	}
++
+ 	return strdup(buf);
+ }
+ 
++q931_call *pri_find_call(struct pri *pri, int cr)
++{
++	q931_call *cur;
++	struct pri *master;
++
++	/* Find the master  - He has the call pool */
++	if (pri->master)
++		master = pri->master;
++	else
++		master = pri;
++	
++	cur = *master->callpool;
++	while(cur) {
++		if (cur->cr == cr)
++			return cur;
++		cur = cur->next;
++	}
++
++	return NULL;
++}
++
+ int pri_get_crv(struct pri *pri, q931_call *call, int *callmode)
+ {
+ 	return q931_call_getcrv(pri, call, callmode);
+@@ -936,3 +1136,25 @@
+ 	sr->redirectingreason = reason;
+ 	return 0;
+ }
++
++void pri_sr_set_redirecting_name(struct pri_sr *sr, char *name)
++{
++	sr->redirectingname = name;
++}
++
++int pri_sr_set_ccringout(struct pri_sr *sr, int ccringout)
++{
++	sr->ccringout = ccringout;
++	return 0;
++}
++
++int pri_sr_set_ccbsnr(struct pri_sr *sr, int ccbsnr)
++{
++	sr->ccbsnr = ccbsnr;
++	return 0;
++}
++
++void pri_call_set_cc_operation(q931_call *call, int cc_operation)
++{
++	call->ccoperation = cc_operation;
++}
+Index: pri_internal.h
+===================================================================
+--- a/pri_internal.h	(.../tags/1.4.9)	(revision 700)
++++ b/pri_internal.h	(.../team/group/issue14292)	(revision 700)
+@@ -36,6 +36,12 @@
+ #define DBGHEAD __FILE__ ":%d %s: "
+ #define DBGINFO __LINE__,__PRETTY_FUNCTION__
+ 
++/* divertedstate */
++#define DIVERTEDSTATE_NONE				0
++#define DIVERTEDSTATE_DIVERTED			1
++#define DIVERTEDSTATE_DIVLEGINFO1SEND	2
++#define DIVERTEDSTATE_DIVLEGINFO3SEND	3
++
+ struct pri_sched {
+ 	struct timeval when;
+ 	void (*callback)(void *data);
+@@ -47,7 +53,7 @@
+ enum q931_mode;
+ 
+ /* No more than 128 scheduled events */
+-#define MAX_SCHED 128
++#define MAX_SCHED 128+256 /* 256 ccT2 timer events*/
+ 
+ #define MAX_TIMERS 32
+ 
+@@ -142,13 +148,17 @@
+ 	int calledplan;
+ 	int userl1;
+ 	int numcomplete;
++	char *redirectingname;
+ 	char *redirectingnum;
+ 	int redirectingplan;
+ 	int redirectingpres;
+ 	int redirectingreason;
+ 	int justsignalling;
++	int nochannelsignalling;
++	int ccbsnr;
+ 	const char *useruserinfo;
+ 	int transferable;
++	int ccringout;
+ };
+ 
+ /* Internal switch types */
+@@ -202,6 +212,7 @@
+ 	
+ 	int sentchannel;
+ 	int justsignalling;		/* for a signalling-only connection */
++	int nochannelsignalling;
+ 
+ 	int progcode;			/* Progress coding */
+ 	int progloc;			/* Progress Location */	
+@@ -225,12 +236,19 @@
+ 	char callernum[256];
+ 	char callername[256];
+ 
++	int ccoperation;		/* QSIG_CCBSREQUEST/QSIG_CCNRREQUEST */
++	int ccrequestresult;
++	int cctimer2;			/* Timer for QSIG-timer2 */
++	/* QSIG cc infos (receive) */
++	struct subcommands subcmds;
++
+ 	char keypad_digits[64];		/* Buffer for digits that come in KEYPAD_FACILITY */
+ 
+ 	int ani2;               /* ANI II */
+ 	
+ 	int calledplan;
+ 	int nonisdn;
++	char calledname[256];
+ 	char callednum[256];	/* Called Number */
+ 	int complete;			/* no more digits coming */
+ 	int newcall;			/* if the received message has a new call reference value */
+@@ -241,6 +259,7 @@
+ 	int redirectingplan;
+ 	int redirectingpres;
+ 	int redirectingreason;	      
++	int redirectingcount;
+ 	char redirectingnum[256];	/* Number of redirecting party */
+ 	char redirectingname[256];	/* Name of redirecting party */
+ 
+@@ -251,6 +270,39 @@
+ 	char origcalledname[256];	/* Original name of person being called */
+ 	char origcallednum[256];	/* Orignal number of person being called */
+ 
++	int connectedplan;
++	int connectedpres;
++	char connectednum[256];
++	char connectedname[256];
++
++	/* divertingLegInformation1 */
++	int divleginfo1activeflag;
++	int divertedtoplan;
++	int divertedtopres;
++	int divertedtoreason;
++	char divertedtonum[256];
++	int divertedtocount;
++
++	/* divertingLegInformation3 */
++	int divleginfo3activeflag;
++	char divertedtoname[256];
++	int divertedstate;
++
++	/* callTransferComplete */
++	int ctcompleteflag;
++	int ctcompletepres;
++	int ctcompleteplan;
++	char ctcompletenum[256];
++	char ctcompletename[256];
++	int ctcompletecallstatus;
++
++	/* callTransferActive */
++	int ctactiveflag;
++	int ctactivepres;
++	int ctactiveplan;
++	char ctactivenum[256];
++	char ctactivename[256];
++
+ 	int useruserprotocoldisc;
+ 	char useruserinfo[256];
+ 	char callingsubaddr[256];	/* Calling parties sub address */
+Index: q921.c
+===================================================================
+--- a/q921.c	(.../tags/1.4.9)	(revision 700)
++++ b/q921.c	(.../team/group/issue14292)	(revision 700)
+@@ -268,12 +268,31 @@
+ 	pri->t203_timer = pri_schedule_event(pri, pri->timers[PRI_TIMER_T203], t203_expire, pri);
+ }
+ 
++static void q921_send_queued_iframes(struct pri *pri)
++{
++	struct q921_frame *f;
++
++	f = pri->txqueue;
++	while(f && (pri->windowlen < pri->window)) {
++		if (!f->transmitted) {
++			/* Send it now... */
++			if (pri->debug & PRI_DEBUG_Q921_DUMP)
++				pri_message(pri, "-- Finally transmitting %d, since window opened up (%d)\n", f->h.n_s, pri->windowlen);
++			f->transmitted++;
++			pri->windowlen++;
++			f->h.n_r = pri->v_r;
++			f->h.p_f = 0;
++			q921_transmit(pri, (q921_h *)(&f->h), f->len);
++		}
++		f = f->next;
++	}
++}
++
+ static pri_event *q921_ack_rx(struct pri *pri, int ack, int send_untransmitted_frames)
+ {
+ 	int x;
+ 	int cnt=0;
+ 	pri_event *ev;
+-	struct q921_frame *f;
+ 	/* Make sure the ACK was within our window */
+ 	for (x=pri->v_a; (x != pri->v_s) && (x != ack); Q921_INC(x));
+ 	if (x != ack) {
+@@ -309,20 +328,7 @@
+ 		if (!pri->busy && send_untransmitted_frames) {
+ 			pri->retrans = 0;
+ 			/* Search for something to send */
+-			f = pri->txqueue;
+-			while(f && (pri->windowlen < pri->window)) {
+-				if (!f->transmitted) {
+-					/* Send it now... */
+-					if (pri->debug & PRI_DEBUG_Q921_DUMP)
+-						pri_message(pri, "-- Finally transmitting %d, since window opened up (%d)\n", f->h.n_s, pri->windowlen);
+-					f->transmitted++;
+-					pri->windowlen++;
+-					f->h.n_r = pri->v_r;
+-					f->h.p_f = 0;
+-					q921_transmit(pri, (q921_h *)(&f->h), f->len);
+-				}
+-				f = f->next;
+-			}
++			q921_send_queued_iframes(pri);
+ 		}
+ 		if (pri->debug & PRI_DEBUG_Q921_DUMP)
+ 			pri_message(pri, "-- Waiting for acknowledge, restarting T200 counter\n");		
+@@ -515,7 +521,7 @@
+ 			pri->txqueue = f;
+ 		/* Immediately transmit unless we're in a recovery state, or the window
+ 		   size is too big */
+-		if (!pri->retrans && !pri->busy) {
++		if ((pri->q921_state == Q921_LINK_CONNECTION_ESTABLISHED) && (!pri->retrans && !pri->busy)) {
+ 			if (pri->windowlen < pri->window) {
+ 				pri->windowlen++;
+ 				q921_transmit(pri, (q921_h *)(&f->h), f->len);
+@@ -532,9 +538,14 @@
+ 			pri_schedule_del(pri, pri->t203_timer);
+ 			pri->t203_timer = 0;
+ 		}
+-		if (pri->debug & PRI_DEBUG_Q921_DUMP)
+-			pri_message(pri, "Starting T_200 timer\n");
+-		reschedule_t200(pri);		
++
++		/* Check this so that we don't try to send frames while multi frame mode is down */
++		if (pri->q921_state == Q921_LINK_CONNECTION_ESTABLISHED) {
++			if (pri->debug & PRI_DEBUG_Q921_DUMP)
++				pri_message(pri, "Starting T_200 timer\n");
++
++			reschedule_t200(pri);		
++		}
+ 	} else {
+ 		pri_error(pri, "!! Out of memory for Q.921 transmit\n");
+ 		return -1;
+@@ -776,9 +787,6 @@
+ 
+ static pri_event *q921_dchannel_up(struct pri *pri)
+ {
+-	/* Reset counters, etc */
+-	q921_reset(pri);
+-	
+ 	/* Stop any SABME retransmissions */
+ 	if (pri->sabme_timer) {
+ 		pri_schedule_del(pri, pri->sabme_timer);
+@@ -799,6 +807,8 @@
+ 	/* Notify Layer 3 */
+ 	q931_dl_indication(pri, PRI_EVENT_DCHAN_UP);
+ 
++	q921_send_queued_iframes(pri);
++
+ 	/* Report event that D-Channel is now up */
+ 	pri->ev.gen.e = PRI_EVENT_DCHAN_UP;
+ 	return &pri->ev;
+Index: q931.c
+===================================================================
+--- a/q931.c	(.../tags/1.4.9)	(revision 700)
++++ b/q931.c	(.../team/group/issue14292)	(revision 700)
+@@ -362,6 +362,11 @@
+ 	/* We are ready to transmit single IE only */
+ 	if (order > 1)
+ 		return 0;
++
++	if (call->nochannelsignalling) {
++		ie->data[pos++] = 0xac;
++		return pos + 2;
++	}
+ 	
+ 	if (call->justsignalling) {
+ 		ie->data[pos++] = 0xac; /* Read the standards docs to figure this out
+@@ -804,7 +809,13 @@
+ 		ie->data[1] = 0x90;
+ 		return 4;
+ 	}
+-	
++
++	if (call->nochannelsignalling) {
++		ie->data[0] = 0xa8;
++		ie->data[1] = 0x80;
++		return 4;
++	}
++
+ 	if (call->justsignalling) {
+ 		ie->data[0] = 0xa8;
+ 		ie->data[1] = 0x80;
+@@ -992,12 +1003,45 @@
+ 				prefix, ie->data[2] >> 7, redirection_reason2str(ie->data[2] & 0x7f), ie->data[2] & 0x7f);
+ 			break;
+ 		}
+-	}
+-	while(!(ie->data[i++]& 0x80));
++	} while(!(ie->data[i++]& 0x80));
+ 	q931_get_number(cnum, sizeof(cnum), ie->data + i, ie->len - i);
+ 	pri_message(pri, "  '%s' ]\n", cnum);
+ }
+ 
++static FUNC_RECV(receive_connected_number)
++{
++	int i = 0;
++
++	/* To follow Q.931 (4.5.1), we must search for start of octet 4 by
++	   walking through all bytes until one with ext bit (8) set to 1 */
++	do {
++		switch(i) {
++		case 0:
++			call->connectedplan = ie->data[i] & 0x7f;
++			break;
++		case 1:
++			call->connectedpres = ie->data[i] & 0x7f;
++			break;
++		}
++	} while(!(ie->data[i++] & 0x80));
++	q931_get_number((unsigned char *) call->connectednum, sizeof(call->connectednum), ie->data + i, ie->len - i);
++
++	return 0;
++}
++
++static FUNC_SEND(transmit_connected_number)
++{
++	int datalen = strlen(call->connectednum);
++	if (datalen > 0) {
++		ie->data[0] = call->connectedplan;
++		ie->data[1] = 0x80 | call->connectedpres;
++		memcpy(ie->data + 2, call->connectednum, strlen(call->connectednum));
++		return datalen + 4;
++	}
++
++	return 0;
++}
++
+ static FUNC_DUMP(dump_connected_number)
+ {
+ 	unsigned char cnum[256];
+@@ -1015,8 +1059,7 @@
+ 				prefix, ie->data[1] >> 7, pri_pres2str(ie->data[1] & 0x7f), ie->data[1] & 0x7f);
+ 			break;
+ 		}
+-	}
+-	while(!(ie->data[i++]& 0x80));
++	} while(!(ie->data[i++]& 0x80));
+ 	q931_get_number(cnum, sizeof(cnum), ie->data + i, ie->len - i);
+ 	pri_message(pri, "  '%s' ]\n", cnum);
+ }
+@@ -1040,8 +1083,7 @@
+ 			call->redirectingreason = ie->data[i] & 0x0f;
+ 			break;
+ 		}
+-	}
+-	while(!(ie->data[i++] & 0x80));
++	} while(!(ie->data[i++] & 0x80));
+ 	q931_get_number((unsigned char *) call->redirectingnum, sizeof(call->redirectingnum), ie->data + i, ie->len - i);
+ 	return 0;
+ }
+@@ -2183,7 +2225,7 @@
+ 	{ 1, Q931_IE_CALL_STATUS, "Call Status" },
+ 	{ 1, Q931_IE_CHANGE_STATUS, "Change Status" },
+ 	{ 1, Q931_IE_CONNECTED_ADDR, "Connected Number", dump_connected_number },
+-	{ 1, Q931_IE_CONNECTED_NUM, "Connected Number", dump_connected_number },
++	{ 1, Q931_IE_CONNECTED_NUM, "Connected Number", dump_connected_number, receive_connected_number, transmit_connected_number },
+ 	{ 1, Q931_IE_ORIGINAL_CALLED_NUMBER, "Original Called Number", dump_redirecting_number, receive_redirecting_number, transmit_redirecting_number },
+ 	{ 1, Q931_IE_USER_USER_FACILITY, "User-User Facility" },
+ 	{ 1, Q931_IE_UPDATE, "Update" },
+@@ -2478,8 +2520,7 @@
+ 						maxlen -= res;
+ 						iet = (q931_ie *)((char *)iet + res);
+ 					}
+-				}
+-				while (res > 0 && order < ies_count);
++				} while (res > 0 && order < ies_count);
+ 				if (have_shift && total_res) {
+ 					if (Q931_IE_CODESET(ies[x].ie))
+ 						*codeset = Q931_IE_CODESET(ies[x].ie);
+@@ -2820,9 +2861,9 @@
+ 	return send_message(pri, c, Q931_CALL_PROCEEDING, call_proceeding_ies);
+ }
+ #ifndef ALERTING_NO_PROGRESS
+-static int alerting_ies[] = { Q931_PROGRESS_INDICATOR, Q931_IE_USER_USER,  -1 };
++static int alerting_ies[] = { Q931_PROGRESS_INDICATOR, Q931_IE_USER_USER, Q931_IE_FACILITY, -1 };
+ #else
+-static int alerting_ies[] = { -1 };
++static int alerting_ies[] = { Q931_IE_FACILITY, -1 };
+ #endif
+ 
+ int q931_alerting(struct pri *pri, q931_call *c, int channel, int info)
+@@ -2841,7 +2882,7 @@
+ 	return send_message(pri, c, Q931_ALERTING, alerting_ies);
+ }
+ 
+-static int connect_ies[] = {  Q931_CHANNEL_IDENT, Q931_PROGRESS_INDICATOR, -1 };
++static int connect_ies[] = {  Q931_CHANNEL_IDENT, Q931_PROGRESS_INDICATOR, Q931_IE_CONNECTED_NUM, Q931_IE_FACILITY, -1 };
+  
+ int q931_setup_ack(struct pri *pri, q931_call *c, int channel, int nonisdn)
+ {
+@@ -2923,6 +2964,18 @@
+ 	q931_release(pri, c, PRI_CAUSE_NORMAL_CLEARING);
+ }
+ 
++static void pri_cctimer2_timeout(void *data)
++{
++	int cause = 16;
++	struct q931_call *c = data;
++	struct pri *pri = c->pri;
++	if (pri->debug & PRI_DEBUG_Q931_STATE)
++		pri_message(pri, "Timed out no-channel call\n");
++	c->ccoperation = QSIG_CC_CANCEL;
++	/* normal clear cause */
++	q931_hangup(pri, c, cause);
++}
++
+ int q931_connect(struct pri *pri, q931_call *c, int channel, int nonisdn)
+ {
+ 	if (channel) { 
+@@ -2954,7 +3007,7 @@
+ 	return send_message(pri, c, Q931_CONNECT, connect_ies);
+ }
+ 
+-static int release_ies[] = { Q931_CAUSE, Q931_IE_USER_USER, -1 };
++static int release_ies[] = { Q931_CAUSE, Q931_IE_USER_USER, Q931_IE_FACILITY, -1 };
+ 
+ int q931_release(struct pri *pri, q931_call *c, int cause)
+ {
+@@ -3002,7 +3055,7 @@
+ 	return send_message(pri, c, Q931_RESTART, restart_ies);
+ }
+ 
+-static int disconnect_ies[] = { Q931_CAUSE, Q931_IE_USER_USER, -1 };
++static int disconnect_ies[] = { Q931_CAUSE, Q931_IE_USER_USER, Q931_IE_FACILITY, -1 };
+ 
+ int q931_disconnect(struct pri *pri, q931_call *c, int cause)
+ {
+@@ -3030,6 +3083,8 @@
+ 
+ static int cis_setup_ies[] = { Q931_BEARER_CAPABILITY, Q931_CHANNEL_IDENT, Q931_IE_FACILITY, Q931_CALLED_PARTY_NUMBER, -1 };
+ 
++static int nochannel_setup_ies[] = { Q931_BEARER_CAPABILITY, Q931_CHANNEL_IDENT, Q931_IE_FACILITY, Q931_CALLING_PARTY_NUMBER, Q931_CALLED_PARTY_NUMBER, Q931_SENDING_COMPLETE, -1 };
++
+ int q931_setup(struct pri *pri, q931_call *c, struct pri_sr *req)
+ {
+ 	int res;
+@@ -3055,6 +3110,7 @@
+ 	c->nonisdn = req->nonisdn;
+ 	c->newcall = 0;
+ 	c->justsignalling = req->justsignalling;		
++	c->nochannelsignalling = req->nochannelsignalling;		
+ 	c->complete = req->numcomplete; 
+ 	if (req->exclusive) 
+ 		c->chanflags = FLAG_EXCLUSIVE;
+@@ -3082,6 +3138,10 @@
+ 	}
+ 	if (req->redirectingnum) {
+ 		libpri_copy_string(c->redirectingnum, req->redirectingnum, sizeof(c->redirectingnum));
++		if (req->redirectingname)
++			libpri_copy_string(c->redirectingname, req->redirectingname, sizeof(c->redirectingname));
++		else
++			c->redirectingname[0] = '\0';
+ 		c->redirectingplan = req->redirectingplan;
+ 		if ((pri->switchtype == PRI_SWITCH_DMS100) ||
+ 		    (pri->switchtype == PRI_SWITCH_ATT4ESS)) {
+@@ -3092,6 +3152,7 @@
+ 		c->redirectingpres = req->redirectingpres;
+ 		c->redirectingreason = req->redirectingreason;
+ 	} else {
++		c->redirectingname[0] = '\0';
+ 		c->redirectingnum[0] = '\0';
+ 		c->redirectingplan = PRI_UNKNOWN;
+ 		c->redirectingpres = PRES_NUMBER_NOT_AVAILABLE;
+@@ -3113,12 +3174,19 @@
+ 	else
+ 		c->progressmask = 0;
+ 
++	if (req->ccringout)
++		c->ccoperation = QSIG_CC_RINGOUT;
++	if (req->ccbsnr)
++		c->ccoperation = req->ccbsnr;
++
+ 	pri_call_add_standard_apdus(pri, c);
+ 
+ 	if (pri->subchannel && !pri->bri)
+ 		res = send_message(pri, c, Q931_SETUP, gr303_setup_ies);
+ 	else if (c->justsignalling)
+ 		res = send_message(pri, c, Q931_SETUP, cis_setup_ies);
++	else if (c->nochannelsignalling)
++		res = send_message(pri, c, Q931_SETUP, nochannel_setup_ies);
+ 	else
+ 		res = send_message(pri, c, Q931_SETUP, setup_ies);
+ 	if (!res) {
+@@ -3132,7 +3200,7 @@
+ 	
+ }
+ 
+-static int release_complete_ies[] = { Q931_IE_USER_USER, -1 };
++static int release_complete_ies[] = { Q931_IE_USER_USER, Q931_IE_FACILITY, -1 };
+ 
+ static int q931_release_complete(struct pri *pri, q931_call *c, int cause)
+ {
+@@ -3187,6 +3255,18 @@
+ 		/* We'll send RELEASE with these causes */
+ 		disconnect = 0;
+ 	}
++	if (c->nochannelsignalling) {
++		if (c->ccoperation == QSIG_CC_CANCEL) {
++			add_qsigCcInv_facility_ie(pri, c, Q931_RELEASE);
++		}
++		if (c->cctimer2) {
++			pri_schedule_del(pri, c->cctimer2);
++			c->cctimer2 = 0;
++			pri_message(pri, "NEW_HANGUP DEBUG: stop CC-Timer2\n");
++		}
++		disconnect = 0;
++	}
++
+ 	/* All other causes we send with DISCONNECT */
+ 	switch(c->ourcallstate) {
+ 	case Q931_CALL_STATE_NULL:
+@@ -3227,6 +3307,10 @@
+ 		break;
+ 	case Q931_CALL_STATE_ACTIVE:
+ 		/* received CONNECT */
++		if (c->nochannelsignalling) {
++			q931_release(pri,c,cause);
++			break;
++		}
+ 		q931_disconnect(pri,c,cause);
+ 		break;
+ 	case Q931_CALL_STATE_DISCONNECT_REQUEST:
+@@ -3260,6 +3344,132 @@
+ 	return 0;
+ }
+ 
++static void clr_subcommands(struct subcommands *sub)
++{
++	sub->counter_subcmd = 0;
++}
++
++static struct subcommand *get_ptr_subcommand(struct subcommands *sub)
++{
++	if (sub->counter_subcmd < MAX_SUBCOMMANDS) {
++		int count = sub->counter_subcmd;
++		sub->counter_subcmd++;
++		return &sub->subcmd[count];
++	}
++
++	return NULL;
++}
++
++static struct subcommand *get_ptr_q931_subcommand_by_index(struct subcommands *sub, int index)
++{
++	if (index < MAX_SUBCOMMANDS) {
++		sub->counter_subcmd--;
++		return &sub->subcmd[index];
++	}
++
++	return NULL;
++}
++
++static int q931_facilities2eventfacilities(struct pri *pri, q931_call *c, struct subcommands *subcmds)
++{
++	int facilitypos;
++	int facility_number;
++	struct subcommand *c_subcmd;
++	struct subcommand *e_subcmd;
++
++	if (c->subcmds.counter_subcmd) {
++		facility_number = c->subcmds.counter_subcmd;
++
++		for (facilitypos = 0; facilitypos < facility_number; facilitypos++) {
++			c->subcmds.counter_subcmd--;
++			c_subcmd = get_ptr_q931_subcommand_by_index(&c->subcmds, facilitypos);
++			e_subcmd = get_ptr_subcommand(subcmds);
++			if (c_subcmd && e_subcmd) {
++				switch (c_subcmd->cmd) {
++				case CMD_CC_CCBSREQUEST_RR:
++					e_subcmd->cmd = c_subcmd->cmd;
++					memcpy(&c_subcmd->cc_ccbs_rr, &e_subcmd->cc_ccbs_rr, sizeof(c_subcmd->cc_ccbs_rr));
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "facility(QSIG_CC_CCBSREQUEST) (%d/%d)\n",
++										e_subcmd->cc_ccbs_rr.cc_request_res.no_path_reservation,
++										e_subcmd->cc_ccbs_rr.cc_request_res.retain_service);
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "counter_subcmd(%d)\n", subcmds->counter_subcmd);
++					c->ccrequestresult = 1;
++					break;
++				case CMD_CC_CCNRREQUEST_RR:
++					e_subcmd->cmd = c_subcmd->cmd;
++					memcpy(&c_subcmd->cc_ccnr_rr, &e_subcmd->cc_ccnr_rr, sizeof(c_subcmd->cc_ccnr_rr));
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "facility(QSIG_CC_CCNRREQUEST) (%d/%d)\n",
++										e_subcmd->cc_ccnr_rr.cc_request_res.no_path_reservation,
++										e_subcmd->cc_ccnr_rr.cc_request_res.retain_service);
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "counter_subcmd(%d)\n", subcmds->counter_subcmd);
++					c->ccrequestresult = 1;
++					break;
++				case CMD_CC_CANCEL_INV:
++					e_subcmd->cmd = c_subcmd->cmd;
++					memcpy(&c_subcmd->cc_cancel_inv, &e_subcmd->cc_cancel_inv, sizeof(c_subcmd->cc_cancel_inv));
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "facility(QSIG_CC_CANCEL) (%s/%s)\n",
++										e_subcmd->cc_cancel_inv.cc_optional_arg.number_A,
++										e_subcmd->cc_cancel_inv.cc_optional_arg.number_B);
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "counter_subcmd(%d)\n", subcmds->counter_subcmd);
++					break;
++				case CMD_CC_EXECPOSIBLE_INV:
++					e_subcmd->cmd = c_subcmd->cmd;
++					memcpy(&c_subcmd->cc_execposible_inv, &e_subcmd->cc_execposible_inv, sizeof(c_subcmd->cc_execposible_inv));
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "facility(QSIG_CC_EXECPOSIBLE) (%s/%s)\n",
++										e_subcmd->cc_execposible_inv.cc_optional_arg.number_A,
++										e_subcmd->cc_execposible_inv.cc_optional_arg.number_B);
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "counter_subcmd(%d)\n", subcmds->counter_subcmd);
++					break;
++				case CMD_CC_RINGOUT_INV:
++					e_subcmd->cmd = c_subcmd->cmd;
++					memcpy(&c_subcmd->cc_ringout_inv, &e_subcmd->cc_ringout_inv, sizeof(c_subcmd->cc_ringout_inv));
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "facility(QSIG_CC_RINGOUT) (%d)\n",
++										e_subcmd->cc_ringout_inv.cc_extension.cc_extension_tag);
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "counter_subcmd(%d)\n", subcmds->counter_subcmd);
++					break;
++				case CMD_CC_SUSPEND_INV:
++					e_subcmd->cmd = c_subcmd->cmd;
++					memcpy(&c_subcmd->cc_suspend_inv, &e_subcmd->cc_suspend_inv, sizeof(c_subcmd->cc_suspend_inv));
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "facility(QSIG_CC_SUSPEND) (%d)\n",
++										e_subcmd->cc_suspend_inv.cc_extension.cc_extension_tag);
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "counter_subcmd(%d)\n", subcmds->counter_subcmd);
++					break;
++				case CMD_CC_ERROR:
++					e_subcmd->cmd = c_subcmd->cmd;
++					memcpy(&c_subcmd->cc_error, &e_subcmd->cc_error, sizeof(c_subcmd->cc_error));
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "facility(QSIG_CC_ERROR) (%d)\n",
++										e_subcmd->cc_error.error_value);
++					if (pri->debug & PRI_DEBUG_APDU)
++						pri_message(pri, "counter_subcmd(%d)\n", subcmds->counter_subcmd);
++					break;
++				default:
++					pri_error(pri, "Don't know how to handle Facility subcmd %d\n", c_subcmd->cmd);
++					break;
++				}
++			}
++		}
++#if 0
++	} else {
++		pri_message(pri, "No facilities specified\n");
++#endif
++	}
++	return 0;
++}
++
++
+ int q931_receive(struct pri *pri, q931_h *h, int len)
+ {
+ 	q931_mh *mh;
+@@ -3312,6 +3522,7 @@
+ 		break;
+ 	case Q931_FACILITY:
+ 		c->callername[0] = '\0';
++		c->subcmds.counter_subcmd = 0;
+ 		break;
+ 	case Q931_SETUP:
+ 		if (pri->debug & PRI_DEBUG_Q931_STATE)
+@@ -3339,6 +3550,7 @@
+ 		c->redirectingplan = -1;
+ 		c->redirectingpres = -1;
+ 		c->redirectingreason = -1;
++		c->redirectingcount = 0;
+ 		c->origcalledplan = -1;
+ 		c->origcalledpres = -1;
+ 		c->origredirectingreason = -1;
+@@ -3346,6 +3558,29 @@
+ 		c->origcallednum[0] = '\0';
+ 		c->redirectingname[0] = '\0';
+ 		c->origcalledname[0] = '\0';
++		c->connectedplan = -1;
++		c->connectedpres = -1;
++		c->connectednum[0] = '\0';
++		c->connectedname[0] = '\0';
++		c->divleginfo1activeflag = 0;
++		c->divertedtocount = 0;
++		c->divertedtoplan = -1;
++		c->divertedtopres = -1;
++		c->divertedtoreason = -1;
++		c->divertedtonum[0] = '\0';
++		c->divleginfo3activeflag = 0;
++		c->divertedtoname[0] = '\0';
++		c->divertedstate = DIVERTEDSTATE_NONE;
++		c->ctcompleteflag = 0;
++		c->ctcompleteplan = -1;
++		c->ctcompletepres = -1;
++		c->ctcompletenum[0] = '\0';
++		c->ctcompletename[0] = '\0';
++		c->ctactiveflag = 0;
++		c->ctactiveplan = -1;
++		c->ctactivepres = -1;
++		c->ctactivenum[0] = '\0';
++		c->ctactivename[0] = '\0';
+ 		c->useruserprotocoldisc = -1; 
+ 		c->useruserinfo[0] = '\0';
+ 		c->complete = 0;
+@@ -3353,7 +3588,9 @@
+ 		c->aoc_units = -1;
+ 		/* Fall through */
+ 	case Q931_CONNECT:
++		c->ccrequestresult = 0;
+ 	case Q931_ALERTING:
++		c->subcmds.counter_subcmd = 0;
+ 	case Q931_PROGRESS:
+ 		c->useruserinfo[0] = '\0';
+ 		c->cause = -1;
+@@ -3369,6 +3606,7 @@
+ 		break;
+ 	case Q931_RELEASE:
+ 	case Q931_DISCONNECT:
++		c->subcmds.counter_subcmd = 0;
+ 		c->cause = -1;
+ 		c->causecode = -1;
+ 		c->causeloc = -1;
+@@ -3383,6 +3621,7 @@
+ 			pri_schedule_del(pri, c->retranstimer);
+ 		c->retranstimer = 0;
+ 		c->useruserinfo[0] = '\0';
++		c->subcmds.counter_subcmd = 0;
+ 		/* Fall through */
+ 	case Q931_STATUS:
+ 		c->cause = -1;
+@@ -3539,6 +3778,9 @@
+ 		if (!c->newcall) {
+ 			break;
+ 		}
++
++		clr_subcommands(&pri->ev.ring.subcmds);
++
+ 		if (c->progressmask & PRI_PROG_CALLER_NOT_ISDN)
+ 			c->nonisdn = 1;
+ 		c->newcall = 0;
+@@ -3570,7 +3812,9 @@
+ 		libpri_copy_string(pri->ev.ring.redirectingname, c->redirectingname, sizeof(pri->ev.ring.redirectingname));
+ 		libpri_copy_string(pri->ev.ring.useruserinfo, c->useruserinfo, sizeof(pri->ev.ring.useruserinfo));
+ 		c->useruserinfo[0] = '\0';
++		pri->ev.ring.redirectingpres = c->redirectingpres;
+ 		pri->ev.ring.redirectingreason = c->redirectingreason;
++		pri->ev.ring.redirectingcount = c->redirectingcount;
+ 		pri->ev.ring.origredirectingreason = c->origredirectingreason;
+ 		pri->ev.ring.flexible = ! (c->chanflags & FLAG_EXCLUSIVE);
+ 		pri->ev.ring.cref = c->cr;
+@@ -3578,15 +3822,21 @@
+ 		pri->ev.ring.layer1 = c->userl1;
+ 		pri->ev.ring.complete = c->complete; 
+ 		pri->ev.ring.ctype = c->transcapability;
+-		pri->ev.ring.redirectingreason = c->redirectingreason;
+ 		pri->ev.ring.progress = c->progress;
+ 		pri->ev.ring.progressmask = c->progressmask;
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "Sending ring event (%d) nochannelsignalling (%d) facility_number (%d)\n",
++									pri->ev.ring.cref, c->nochannelsignalling, pri->ev.ring.subcmds.counter_subcmd);
++		}
++		q931_facilities2eventfacilities(pri, c, &pri->ev.ring.subcmds);
+ 		return Q931_RES_HAVEEVENT;
+ 	case Q931_ALERTING:
+ 		if (c->newcall) {
+ 			q931_release_complete(pri,c,PRI_CAUSE_INVALID_CALL_REFERENCE);
+ 			break;
+ 		}
++		clr_subcommands(&pri->ev.ringing.subcmds);
++
+ 		UPDATE_OURCALLSTATE(pri, c, Q931_CALL_STATE_CALL_DELIVERED);
+ 		c->peercallstate = Q931_CALL_STATE_CALL_RECEIVED;
+ 		pri->ev.e = PRI_EVENT_RINGING;
+@@ -3595,8 +3845,26 @@
+ 		pri->ev.ringing.call = c;
+ 		pri->ev.ringing.progress = c->progress;
+ 		pri->ev.ringing.progressmask = c->progressmask;
++
++		if (c->divleginfo3activeflag) {
++			c->divleginfo3activeflag = 0;
++			libpri_copy_string(pri->ev.ringing.calledname, c->divertedtoname, sizeof(pri->ev.ringing.calledname));
++			libpri_copy_string(pri->ev.ringing.callednum, (c->divertedtonum[0]) ? c->divertedtonum : c->callednum, sizeof(pri->ev.ringing.callednum));
++			pri->ev.ringing.calledpres = c->divertedtopres;
++			pri->ev.ringing.calledplan = c->divertedtoplan;
++		} else {
++			libpri_copy_string(pri->ev.ringing.calledname, c->calledname, sizeof(pri->ev.ringing.calledname));
++			libpri_copy_string(pri->ev.ringing.callednum, (c->divertedtonum[0]) ? c->divertedtonum : c->callednum, sizeof(pri->ev.ringing.callednum));
++			pri->ev.ringing.calledpres = PRES_ALLOWED_USER_NUMBER_NOT_SCREENED;
++			pri->ev.ringing.calledplan = c->calledplan;
++		}
+ 		libpri_copy_string(pri->ev.ringing.useruserinfo, c->useruserinfo, sizeof(pri->ev.ringing.useruserinfo));
+ 		c->useruserinfo[0] = '\0';
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "Sending ringing event (%d) nochannelsignalling (%d) facility_number (%d)\n",
++									pri->ev.ringing.cref, c->nochannelsignalling, pri->ev.ringing.subcmds.counter_subcmd);
++		}
++		q931_facilities2eventfacilities(pri, c, &pri->ev.ringing.subcmds);
+ 
+ 		cur = c->apdus;
+ 		while (cur) {
+@@ -3617,6 +3885,8 @@
+ 			q931_status(pri, c, PRI_CAUSE_WRONG_MESSAGE);
+ 			break;
+ 		}
++		clr_subcommands(&pri->ev.answer.subcmds);
++
+ 		UPDATE_OURCALLSTATE(pri, c, Q931_CALL_STATE_ACTIVE);
+ 		c->peercallstate = Q931_CALL_STATE_CONNECT_REQUEST;
+ 		pri->ev.e = PRI_EVENT_ANSWER;
+@@ -3625,31 +3895,166 @@
+ 		pri->ev.answer.call = c;
+ 		pri->ev.answer.progress = c->progress;
+ 		pri->ev.answer.progressmask = c->progressmask;
++		libpri_copy_string(pri->ev.answer.connectednum, c->connectednum, sizeof(pri->ev.answer.connectednum));
++		libpri_copy_string(pri->ev.answer.connectedname, c->connectedname, sizeof(pri->ev.answer.connectedname));
++		pri->ev.answer.connectedpres = c->connectedpres;
++		pri->ev.answer.connectedplan = c->connectedplan;
++		pri->ev.answer.source = PRI_CONNECTED_LINE_UPDATE_SOURCE_ANSWER;
+ 		libpri_copy_string(pri->ev.answer.useruserinfo, c->useruserinfo, sizeof(pri->ev.answer.useruserinfo));
+ 		c->useruserinfo[0] = '\0';
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "Sending answer event (%d) nochannelsignalling (%d) facility_number (%d)\n",
++									pri->ev.answer.cref, c->nochannelsignalling, pri->ev.answer.subcmds.counter_subcmd);
++		}
++		q931_facilities2eventfacilities(pri, c, &pri->ev.answer.subcmds);
+ 		q931_connect_acknowledge(pri, c);
++		if (c->nochannelsignalling) {
++			if (c->ccrequestresult) {
++				pri_message(pri, "Q931_CONNECT: start CC-Timer2\n");
++				c->cctimer2 = pri_schedule_event(pri, pri->timers[PRI_TIMER_CCBST2], pri_cctimer2_timeout, c);
++			}
++			return Q931_RES_HAVEEVENT;
++		}
+ 		if (c->justsignalling) {  /* Make sure WE release when we initiatie a signalling only connection */
+ 			q931_release(pri, c, PRI_CAUSE_NORMAL_CLEARING);
+ 			break;
+ 		} else
+ 			return Q931_RES_HAVEEVENT;
+ 	case Q931_FACILITY:
+-		if (c->newcall) {
+-			q931_release_complete(pri,c,PRI_CAUSE_INVALID_CALL_REFERENCE);
+-			break;
++		{
++			int haveevent = 0;
++			clr_subcommands(&pri->ev.facility.subcmds);
++
++			if (c->newcall) {
++				q931_release_complete(pri,c,PRI_CAUSE_INVALID_CALL_REFERENCE);
++				break;
++			}
++			if (c->subcmds.counter_subcmd) {
++				pri->ev.e = PRI_EVENT_FACILITY;
++				pri->ev.facility.channel = c->channelno | (c->ds1no << 8) | (c->ds1explicit << 16);
++				pri->ev.facility.cref = c->cr;
++				pri->ev.facility.call = c;
++
++				if (pri->debug & PRI_DEBUG_APDU) {
++					pri_message(pri, "Sending facility event (%d) nochannelsignalling (%d) facility_number (%d)\n",
++											pri->ev.facility.cref, c->nochannelsignalling, pri->ev.facility.subcmds.counter_subcmd);
++				}
++				q931_facilities2eventfacilities(pri, c, &pri->ev.facility.subcmds);
++				haveevent = 1;
++			}
++			if (c->ctcompleteflag) {
++				c->ctcompleteflag = 0;
++
++				if (c->ctcompletecallstatus == 0) {
++					/* answered(0) */
++					struct subcommand *subcmd;
++
++					pri_message(pri, "Got CT-Complete, callStatus = answered(0)\n");
++					pri->ev.e = PRI_EVENT_FACILITY;
++					pri->ev.facility.channel = c->channelno | (c->ds1no << 8) | (c->ds1explicit << 16);
++					pri->ev.facility.call = c;
++
++					subcmd = get_ptr_subcommand(&pri->ev.facility.subcmds);
++					if (subcmd) {
++						struct cmd_connectedline *cmdcl = &subcmd->connectedline;
++
++						subcmd->cmd = CMD_CONNECTEDLINE;
++						libpri_copy_string(cmdcl->connected.id.number, c->ctcompletenum, sizeof(cmdcl->connected.id.number));
++						libpri_copy_string(cmdcl->connected.id.name, c->ctcompletename, sizeof(cmdcl->connected.id.name));
++						cmdcl->connected.id.number_type = c->ctcompleteplan;
++						cmdcl->connected.id.number_presentation = c->ctcompletepres;
++						cmdcl->connected.source = PRI_CONNECTED_LINE_UPDATE_SOURCE_TRANSFER;
++						haveevent = 1;
++						pri_message(pri, "CT-Complete, sending facility/CMD_CONNECTEDLINE (%s/%s)\n", cmdcl->connected.id.name, cmdcl->connected.id.number);
++					}
++				} else if (c->ctcompletecallstatus == 1) {
++					/* alerting(1) */
++					struct subcommand *subcmd;
++
++					pri_message(pri, "Got CT-Complete, callStatus = alerting(1)\n");
++					pri->ev.e = PRI_EVENT_FACILITY;
++					pri->ev.facility.channel = c->channelno | (c->ds1no << 8) | (c->ds1explicit << 16);
++					pri->ev.facility.call = c;
++
++					subcmd = get_ptr_subcommand(&pri->ev.facility.subcmds);
++					if (subcmd) {
++						struct cmd_redirecting *cmdr = &subcmd->redirecting;
++
++						subcmd->cmd = CMD_REDIRECTING;
++						libpri_copy_string(cmdr->redirecting.from.number, c->connectednum, sizeof(cmdr->redirecting.from.number));
++						libpri_copy_string(cmdr->redirecting.from.name, c->connectedname, sizeof(cmdr->redirecting.from.name));
++						cmdr->redirecting.from.number_type = c->connectedplan;
++						cmdr->redirecting.from.number_presentation = c->connectedpres;
++						libpri_copy_string(cmdr->redirecting.to.number, c->ctcompletenum, sizeof(cmdr->redirecting.to.number));
++						libpri_copy_string(cmdr->redirecting.to.name, c->ctcompletename, sizeof(cmdr->redirecting.to.name));
++						cmdr->redirecting.to.number_type = c->ctcompleteplan;
++						cmdr->redirecting.to.number_presentation = c->ctcompletepres;
++						cmdr->redirecting.count = 0;
++						cmdr->redirecting.reason = PRI_REDIR_UNKNOWN;
++						haveevent = 1;
++						pri_message(pri, "CT-Complete, sending facility/CMD_REDIRECTING (%s/%s)\n", cmdr->redirecting.to.name, cmdr->redirecting.to.number);
++					}
++				} else {
++					pri_message(pri, "illegal value for callStatus=%d\n", c->ctcompletecallstatus);
++				}
++			} else if (c->ctactiveflag) {
++				struct subcommand *subcmd;
++
++				c->ctactiveflag = 0;
++
++				pri_message(pri, "Got CT-Active\n");
++				pri->ev.e = PRI_EVENT_FACILITY;
++				pri->ev.facility.channel = c->channelno | (c->ds1no << 8) | (c->ds1explicit << 16);
++				pri->ev.facility.call = c;
++
++				subcmd = get_ptr_subcommand(&pri->ev.facility.subcmds);
++				if (subcmd) {
++					struct cmd_connectedline *cmdcl = &subcmd->connectedline;
++
++					subcmd->cmd = CMD_CONNECTEDLINE;
++					libpri_copy_string(cmdcl->connected.id.number, c->ctcompletenum, sizeof(cmdcl->connected.id.number));
++					libpri_copy_string(cmdcl->connected.id.name, c->ctcompletename, sizeof(cmdcl->connected.id.name));
++					cmdcl->connected.id.number_type = c->ctcompleteplan;
++					cmdcl->connected.id.number_presentation = c->ctcompletepres;
++					cmdcl->connected.source = PRI_CONNECTED_LINE_UPDATE_SOURCE_TRANSFER;
++					haveevent = 1;
++					pri_message(pri, "CT-Active, sending facility CMD_CONNECTEDLINE (%s/%s)\n", cmdcl->connected.id.name, cmdcl->connected.id.number);
++				}
++			}
++			else if (c->divleginfo1activeflag) {
++				struct subcommand *subcmd;
++
++				c->divleginfo1activeflag = 0;
++
++				pri_message(pri, "Got DivertingLegInformation1\n");
++				pri->ev.e = PRI_EVENT_FACILITY;
++				pri->ev.facility.channel = c->channelno | (c->ds1no << 8) | (c->ds1explicit << 16);
++				pri->ev.facility.call = c;
++
++				subcmd = get_ptr_subcommand(&pri->ev.facility.subcmds);
++				if (subcmd) {
++					struct cmd_redirecting *cmdr = &subcmd->redirecting;
++
++					subcmd->cmd = CMD_REDIRECTING;
++					libpri_copy_string(cmdr->redirecting.from.number, c->callednum, sizeof(cmdr->redirecting.from.number));
++					cmdr->redirecting.from.name[0] = '\0';
++					cmdr->redirecting.from.number_type = c->calledplan;
++					cmdr->redirecting.from.number_presentation = PRES_ALLOWED_USER_NUMBER_NOT_SCREENED;
++					libpri_copy_string(cmdr->redirecting.to.number, c->divertedtonum, sizeof(cmdr->redirecting.to.number));
++					cmdr->redirecting.to.name[0] = '\0';
++					cmdr->redirecting.to.number_type = c->divertedtoplan;
++					cmdr->redirecting.to.number_presentation = c->divertedtopres;
++					cmdr->redirecting.count = c->divertedtocount;
++					cmdr->redirecting.reason = c->divertedtoreason;
++					haveevent = 1;
++					pri_message(pri, "DivertingLegInformation1, sending facility/CMD_REDIRECTING (%s/%s)\n", cmdr->redirecting.to.name, cmdr->redirecting.to.number);
++				}
++			}
++
++			if (haveevent)
++				return Q931_RES_HAVEEVENT;
+ 		}
+-		pri->ev.e = PRI_EVENT_FACNAME;
+-		libpri_copy_string(pri->ev.facname.callingname, c->callername, sizeof(pri->ev.facname.callingname));
+-		libpri_copy_string(pri->ev.facname.callingnum, c->callernum, sizeof(pri->ev.facname.callingnum));
+-		pri->ev.facname.channel = c->channelno | (c->ds1no << 8) | (c->ds1explicit << 16);
+-		pri->ev.facname.callingpres = c->callerpres;
+-		pri->ev.facname.callingplan = c->callerplan;
+-		pri->ev.facname.cref = c->cr;
+-		pri->ev.facname.call = c;
+-#if 0
+-		pri_message(pri, "Sending facility event (%s/%s)\n", pri->ev.facname.callingname, pri->ev.facname.callingnum);
+-#endif
+-		return Q931_RES_HAVEEVENT;
++		break;
+ 	case Q931_PROGRESS:
+ 		if (missingmand) {
+ 			q931_status(pri, c, PRI_CAUSE_MANDATORY_IE_MISSING);
+@@ -3757,6 +4162,8 @@
+ 		}
+ 		break;
+ 	case Q931_RELEASE_COMPLETE:
++		clr_subcommands(&pri->ev.hangup.subcmds);
++
+ 		UPDATE_OURCALLSTATE(pri, c, Q931_CALL_STATE_NULL);
+ 		c->peercallstate = Q931_CALL_STATE_NULL;
+ 		pri->ev.hangup.channel = c->channelno | (c->ds1no << 8) | (c->ds1explicit << 16);
+@@ -3766,6 +4173,11 @@
+ 		pri->ev.hangup.aoc_units = c->aoc_units;
+ 		libpri_copy_string(pri->ev.hangup.useruserinfo, c->useruserinfo, sizeof(pri->ev.hangup.useruserinfo));
+ 		c->useruserinfo[0] = '\0';
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "Sending hangup event (%d) nochannelsignalling (%d) facility_number (%d)\n",
++									pri->ev.hangup.cref, c->nochannelsignalling, pri->ev.hangup.subcmds.counter_subcmd);
++		}
++		q931_facilities2eventfacilities(pri, c, &pri->ev.hangup.subcmds);
+ 		/* Free resources */
+ 		if (c->alive) {
+ 			pri->ev.e = PRI_EVENT_HANGUP;
+@@ -3783,6 +4195,8 @@
+ 			q931_hangup(pri,c,c->cause);
+ 		break;
+ 	case Q931_RELEASE:
++		clr_subcommands(&pri->ev.hangup.subcmds);
++
+ 		if (missingmand) {
+ 			/* Force cause to be mandatory IE missing */
+ 			c->cause = PRI_CAUSE_MANDATORY_IE_MISSING;
+@@ -3801,6 +4215,11 @@
+ 		pri->ev.hangup.aoc_units = c->aoc_units;
+ 		libpri_copy_string(pri->ev.hangup.useruserinfo, c->useruserinfo, sizeof(pri->ev.hangup.useruserinfo));
+ 		c->useruserinfo[0] = '\0';
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "Sending hangup event (%d) nochannelsignalling (%d) facility_number (%d)\n",
++									pri->ev.hangup.cref, c->nochannelsignalling, pri->ev.hangup.subcmds.counter_subcmd);
++		}
++		q931_facilities2eventfacilities(pri, c, &pri->ev.hangup.subcmds);
+ 		/* Don't send release complete if they send us release 
+ 		   while we sent it, assume a NULL state */
+ 		if (c->newcall)
+@@ -3809,6 +4228,8 @@
+ 			return Q931_RES_HAVEEVENT;
+ 		break;
+ 	case Q931_DISCONNECT:
++		clr_subcommands(&pri->ev.hangup.subcmds);
++
+ 		if (missingmand) {
+ 			/* Still let user call release */
+ 			c->cause = PRI_CAUSE_MANDATORY_IE_MISSING;
+@@ -3835,6 +4256,11 @@
+ 		pri->ev.hangup.aoc_units = c->aoc_units;
+ 		libpri_copy_string(pri->ev.hangup.useruserinfo, c->useruserinfo, sizeof(pri->ev.hangup.useruserinfo));
+ 		c->useruserinfo[0] = '\0';
++		if (pri->debug & PRI_DEBUG_APDU) {
++			pri_message(pri, "Sending hangup event (%d) nochannelsignalling (%d) facility_number (%d)\n",
++									pri->ev.hangup.cref, c->nochannelsignalling, pri->ev.hangup.subcmds.counter_subcmd);
++		}
++		q931_facilities2eventfacilities(pri, c, &pri->ev.hangup.subcmds);
+ 		if (c->alive)
+ 			return Q931_RES_HAVEEVENT;
+ 		else
+
+Property changes on: .
+___________________________________________________________________
+Added: automerge
+   + *
+Added: automerge-propname
+   + issue14292-integrated
+Added: svnmerge-integrated
+   + /branches/1.4:1-688
+Added: automerge-email
+   + rmudgett@digium.com
+Added: issue14292-integrated
+   + /team/group/issue14068:1-699
+
diff --git a/main/libpri/libpri-cflags.patch b/main/libpri/libpri-cflags.patch
new file mode 100644
index 0000000000..7bf31c7ac1
--- /dev/null
+++ b/main/libpri/libpri-cflags.patch
@@ -0,0 +1,21 @@
+Index: Makefile
+===================================================================
+--- a/Makefile	(revision 650)
++++ b/Makefile	(working copy)
+@@ -43,7 +43,7 @@
+ DYNAMIC_LIBRARY:=libpri.so.$(SONAME)
+ STATIC_OBJS=copy_string.o pri.o q921.o prisched.o q931.o pri_facility.o version.o
+ DYNAMIC_OBJS=copy_string.lo pri.lo q921.lo prisched.lo q931.lo pri_facility.lo version.lo
+-CFLAGS=-Wall -Werror -Wstrict-prototypes -Wmissing-prototypes -g -fPIC $(ALERTING) $(LIBPRI_COUNTERS)
++CFLAGS+=-Wall -Werror -Wstrict-prototypes -Wmissing-prototypes -g -fPIC $(ALERTING) $(LIBPRI_COUNTERS)
+ INSTALL_PREFIX=$(DESTDIR)
+ INSTALL_BASE=/usr
+ libdir?=$(INSTALL_BASE)/lib
+@@ -102,7 +102,6 @@
+ ifneq (${OSARCH},SunOS)
+ 	install -m 644 libpri.h $(INSTALL_PREFIX)$(INSTALL_BASE)/include
+ 	install -m 755 $(DYNAMIC_LIBRARY) $(INSTALL_PREFIX)$(libdir)
+-	if [ -x /usr/sbin/sestatus ] && ( /usr/sbin/sestatus | grep "SELinux status:" | grep -q "enabled"); then /sbin/restorecon -v $(INSTALL_PREFIX)$(libdir)/$(DYNAMIC_LIBRARY); fi
+ 	( cd $(INSTALL_PREFIX)$(libdir) ; ln -sf libpri.so.$(SONAME) libpri.so)
+ 	install -m 644 $(STATIC_LIBRARY) $(INSTALL_PREFIX)$(libdir)
+ 	if test $$(id -u) = 0; then $(LDCONFIG) $(LDCONFIG_FLAGS) $(INSTALL_PREFIX)$(libdir); fi
diff --git a/main/libsamplerate/APKBUILD b/main/libsamplerate/APKBUILD
new file mode 100644
index 0000000000..786d6c1e9a
--- /dev/null
+++ b/main/libsamplerate/APKBUILD
@@ -0,0 +1,18 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libsamplerate
+pkgver=0.1.7
+pkgrel=0
+pkgdesc="Secret Rabbit Code - aka Sample Rate Converter for audio"
+url="http://www.mega-nerd.com/SRC/index.html"
+subpackages="$pkgname-dev"
+license="GPL"
+depends="uclibc"
+source="http://www.mega-nerd.com/SRC/$pkgname-$pkgver.tar.gz"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+md5sums="ad093e60ec44f0a60de8e29983ddbc0f  libsamplerate-0.1.7.tar.gz"
diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
new file mode 100644
index 0000000000..471c45a657
--- /dev/null
+++ b/main/libsndfile/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libsndfile
+pkgver=1.0.20
+pkgrel=0
+pkgdesc="A C library for reading and writing files containing sampled sound"
+url="http://www.mega-nerd.com/libsndfile"
+license="LGPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="alsa-lib flac uclibc"
+makedepends="alsa-lib-dev flac-dev uclibc++-dev"
+source="http://www.mega-nerd.com/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+	export CXX="g++-uc"
+	./configure --prefix=/usr \
+		--disable-sqlite \
+		|| return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+md5sums="e0553e12c7a467af44693e95e2eac668  libsndfile-1.0.20.tar.gz"
diff --git a/main/libtasn1/APKBUILD b/main/libtasn1/APKBUILD
new file mode 100644
index 0000000000..27f71e8056
--- /dev/null
+++ b/main/libtasn1/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libtasn1
+pkgver=2.2
+pkgrel=0
+pkgdesc="The ASN.1 library used in GNUTLS"
+url="http://www.gnu.org/software/gnutls/"
+license="GPL3 LGPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends="texinfo"
+install=
+source="ftp://ftp.gnu.org/gnu/gnutls/$pkgname-$pkgver.tar.gz"
+
+build() { 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+md5sums="14cc361500d2e768a8a6ec538ce3fecb  libtasn1-2.2.tar.gz"
diff --git a/main/libtheora/APKBUILD b/main/libtheora/APKBUILD
new file mode 100644
index 0000000000..e3b3999a3d
--- /dev/null
+++ b/main/libtheora/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libtheora
+pkgver=1.0
+pkgrel=1
+pkgdesc="An open video codec developed by the Xiph.org"
+url="http://www.xiph.org"
+license="custom"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends="libvorbis-dev libogg-dev"
+source="http://downloads.xiph.org/releases/theora/$pkgname-$pkgver.tar.bz2"
+
+depends_dev="libogg-dev"
+build ()
+{
+	cd "$srcdir"/libtheora-$pkgver
+	./configure --prefix=/usr \
+		--enable-shared \
+		--disable-static || return 1
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -m755 -d ""$pkgdir"/usr/share/licenses/$pkgname"
+	install -m644 LICENSE COPYING "$pkgdir"/usr/share/licenses/$pkgname/
+}
+md5sums="c963937053f45a7878954bed37ceb182  libtheora-1.0.tar.bz2"
diff --git a/main/libtool/APKBUILD b/main/libtool/APKBUILD
new file mode 100644
index 0000000000..3d2ab55f01
--- /dev/null
+++ b/main/libtool/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: judd <jvinet@zeroflux.org>
+pkgname=libtool
+pkgver=2.2.6a
+_myver=2.2.6
+pkgrel=4
+pkgdesc="A generic library support script"
+license='GPL'
+url="http://www.gnu.org/software/libtool"
+source="ftp://ftp.gnu.org/pub/gnu/libtool/${pkgname}-${pkgver}.tar.gz"
+depends="uclibc libltdl bash"
+subpackages="libltdl $pkgname-doc"
+
+build() {
+	cd "$srcdir"/$pkgname-$_myver
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+libltdl() {
+	depends="uclibc"
+	mkdir -p "$subpkgdir/usr/lib"
+	mv "$pkgdir/usr/lib/libltdl.so"* "$subpkgdir/usr/lib/"
+}
+
+md5sums="8ca1ea241cd27ff9832e045fe9afe4fd  libtool-2.2.6a.tar.gz"
diff --git a/main/libusb-compat/APKBUILD b/main/libusb-compat/APKBUILD
new file mode 100644
index 0000000000..23e16cfa57
--- /dev/null
+++ b/main/libusb-compat/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libusb-compat
+pkgver=0.1.0
+pkgrel=0
+pkgdesc="Compatility for older libusb"
+url="http://libusb.sourceforge.net/"
+license="LGPL"
+subpackages="$pkgname-dev"
+depends="uclibc libusb"
+makedepends="libusb-dev"
+source="http://downloads.sourceforge.net/libusb/$pkgname-$pkgver.tar.bz2"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr --disable-build-docs
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="652e1d9e6c6912fd924a5ad204f6d48b  libusb-compat-0.1.0.tar.bz2"
diff --git a/main/libusb/APKBUILD b/main/libusb/APKBUILD
new file mode 100644
index 0000000000..7234ad31df
--- /dev/null
+++ b/main/libusb/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libusb
+pkgver=1.0.1
+pkgrel=0
+pkgdesc="Library to enable user space application programs to communicate with USB devices"
+url="http://libusb.sourceforge.net/"
+license="LGPL"
+subpackages="$pkgname-dev"
+depends="uclibc"
+makedepends=""
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr --disable-build-docs
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="8fb0e066678a0d294894b5b2969cb4b3  libusb-1.0.1.tar.bz2"
diff --git a/main/libvorbis/APKBUILD b/main/libvorbis/APKBUILD
new file mode 100644
index 0000000000..c4c0713435
--- /dev/null
+++ b/main/libvorbis/APKBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libvorbis
+pkgver=1.2.0
+pkgrel=0
+pkgdesc="Vorbis codec library"
+url="http://www.xiph.org/ogg/vorbis/"
+license="custom"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="libogg uclibc"
+makedepends="libogg-dev g++"
+#source="http://people.xiph.org/~giles/2008/$pkgname-$pkgver.tar.gz"
+source="http://downloads.xiph.org/releases/vorbis/libvorbis-1.2.0.tar.gz"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--disable-static || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+md5sums="478646358c49f34aedcce58948793619  libvorbis-1.2.0.tar.gz"
diff --git a/main/libxml2/APKBUILD b/main/libxml2/APKBUILD
new file mode 100644
index 0000000000..a135ade72c
--- /dev/null
+++ b/main/libxml2/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=libxml2
+pkgver=2.7.3
+pkgrel=0
+pkgdesc="XML parsing library, version 2"
+url="http://www.xmlsoft.org/"
+license="MIT"
+depends="zlib"
+makedepends="zlib-dev"
+subpackages="$pkgname-doc $pkgname-dev"
+source="ftp://ftp.xmlsoft.org/${pkgname}/${pkgname}-${pkgver}.tar.gz
+	nocxx.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	patch configure < ../nocxx.patch
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info 
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+	install -Dm644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+
+md5sums="8f4fda3969237c2a33bdb1583b5d06b2  libxml2-2.7.3.tar.gz
+28513788ba4d556ccd538867dc6205ab  nocxx.patch"
diff --git a/main/libxml2/nocxx.patch b/main/libxml2/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/libxml2/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/libxslt/APKBUILD b/main/libxslt/APKBUILD
new file mode 100644
index 0000000000..8f6ce29380
--- /dev/null
+++ b/main/libxslt/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libxslt
+pkgver=1.1.24
+pkgrel=0
+pkgdesc="XML stylesheet transformation library"
+url="http://xmlsoft.org/XSLT/"
+license="custom"
+depends="libxml2 libgcrypt libgpg-error"
+makedepends="libxml2-dev libgcrypt-dev libgpg-error-dev python"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://xmlsoft.org/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+md5sums="e83ec5d27fc4c10c6f612879bea9a153  libxslt-1.1.24.tar.gz"
diff --git a/main/lighttpd/APKBUILD b/main/lighttpd/APKBUILD
new file mode 100644
index 0000000000..0abe6dea70
--- /dev/null
+++ b/main/lighttpd/APKBUILD
@@ -0,0 +1,81 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lighttpd
+pkgver=1.4.23
+pkgrel=0
+pkgdesc="a secure, fast, compliant and very flexible web-server"
+url="http://www.lighttpd.net/"
+license="custom"
+install="$pkgname.pre-install $pkgname.post-install"
+depends=
+makedepends="flex pcre-dev openssl-dev zlib-dev bzip2-dev lua-dev pkgconfig"
+source="http://www.$pkgname.net/download/$pkgname-$pkgver.tar.bz2
+	$pkgname.initd
+	$pkgname.confd
+	$install
+	$pkgname.logrotate
+	spawn-fcgi.confd
+	spawn-fcgi.initd
+	lighttpd.conf
+	mime-types.conf
+	mod_cgi.conf
+	mod_fastcgi.conf
+	"
+subpackages="$pkgname-dev $pkgname-doc"
+
+build() { 
+	local i
+	cd $srcdir/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--enable-lfs \
+		--libdir=/usr/lib/lighttpd \
+		--without-mysql \
+		--without-ldap \
+		--without-attr \
+		--without-kerberos5 \
+		--without-fam \
+		--without-webdav-props \
+		--without-webdav-locks \
+		--without-gdbm \
+		--without-memcache \
+		--with-bzip2 \
+		--with-openssl \
+		--with-lua || return 1
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+
+	# create dirs
+	install -d -m755 "$pkgdir"/var/run/lighttpd/ \
+		"$pkgdir"/var/log/lighttpd/ \
+		"$pkgdir"/etc/lighttpd/ \
+		"$pkgdir"/var/www/localhost/htdocs
+
+	# lighttpd
+	install -D -m755 "$srcdir"/lighttpd.initd "$pkgdir"/etc/init.d/lighttpd
+	install -D -m644 "$srcdir"/lighttpd.confd "$pkgdir"/etc/conf.d/lighttpd
+	install -D -m644 "$srcdir"/lighttpd.logrotate \
+		"$pkgdir"/etc/logrotate.d/lighttpd
+	
+	# spawn-fcgi
+	install -D -m755 "$srcdir"/spawn-fcgi.initd \
+		"$pkgdir"/etc/init.d/spawn-fcgi
+	install -D -m644 "$srcdir"/spawn-fcgi.confd \
+		"$pkgdir"/etc/conf.d/spawn-fcgi
+
+	# config files
+	for i in lighttpd.conf mime-types.conf mod_cgi.conf mod_fastcgi.conf; do
+		install -m644 "$srcdir"/$i "$pkgdir"/etc/lighttpd/$i
+	done
+}
+md5sums="0ab6bb7b17bf0f515ce7dce68e5e215a  lighttpd-1.4.23.tar.bz2
+6910842e8ba496e8aa984ab30a46eb72  lighttpd.initd
+0dede109282bfe685bdec6b35f0e4b6b  lighttpd.confd
+e250fe505d07733e920348bea0909c29  lighttpd.pre-install
+6e0e81296d854887e11bc4f8d6f998d7  lighttpd.post-install
+ad091c9157134890499f26d170352c9f  lighttpd.logrotate
+1d925aed297ec4541fb230dd19e11bc1  spawn-fcgi.confd
+78bc6ceac57ecaa47abf4d5df857fe57  spawn-fcgi.initd
+df5b2360ea380d988bf16905ab214286  lighttpd.conf
+fef397e7bcf1b741dea211a555e1803c  mime-types.conf
+9c1407e95f62ed22da66c4ef5f69c3b5  mod_cgi.conf
+f3363e39832f1b6678468b482d121afb  mod_fastcgi.conf"
diff --git a/main/lighttpd/lighttpd.conf b/main/lighttpd/lighttpd.conf
new file mode 100644
index 0000000000..778a4062b6
--- /dev/null
+++ b/main/lighttpd/lighttpd.conf
@@ -0,0 +1,321 @@
+###############################################################################
+# Default lighttpd.conf for Gentoo.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.3 2005/09/01 14:22:35 ka0ttic Exp $
+###############################################################################
+
+# {{{ variables
+var.basedir  = "/var/www/localhost"
+var.logdir   = "/var/log/lighttpd"
+var.statedir = "/var/lib/lighttpd"
+# }}}
+
+# {{{ modules
+# At the very least, mod_access and mod_accesslog should be enabled.
+# All other modules should only be loaded if necessary.
+# NOTE: the order of modules is important.
+server.modules = (
+#    "mod_rewrite",
+#    "mod_redirect",
+#    "mod_alias",
+    "mod_access",
+#    "mod_cml",
+#    "mod_trigger_b4_dl",
+#    "mod_auth",
+#    "mod_status",
+#    "mod_setenv",
+#    "mod_proxy",
+#    "mod_simple_vhost",
+#    "mod_evhost",
+#    "mod_userdir",
+#    "mod_compress",
+#    "mod_ssi",
+#    "mod_usertrack",
+#    "mod_expire",
+#    "mod_secdownload",
+#    "mod_rrdtool",
+#    "mod_webdav",
+    "mod_accesslog"
+)
+# }}}
+
+# {{{ includes
+include "mime-types.conf"
+# uncomment for cgi support
+#   include "mod_cgi.conf"
+# uncomment for php/fastcgi support
+#   include "mod_fastcgi.conf"
+# }}}
+
+# {{{ server settings
+server.username      = "lighttpd"
+server.groupname     = "lighttpd"
+
+server.document-root = var.basedir + "/htdocs"
+server.pid-file      = "/var/run/lighttpd.pid"
+
+server.errorlog      = var.logdir  + "/error.log"
+# log errors to syslog instead
+#   server.errorlog-use-syslog = "enable"
+
+server.indexfiles    = ("index.php", "index.html",
+						"index.htm", "default.htm")
+
+# server.tag           = "lighttpd"
+
+server.follow-symlink = "enable"
+
+# event handler (defaults to "poll")
+# see performance.txt
+# 
+# for >= linux-2.4
+#   server.event-handler = "linux-rtsig"
+# for >= linux-2.6
+#   server.event-handler = "linux-sysepoll"
+# for FreeBSD
+#   server.event-handler = "freebsd-kqueue"
+
+# chroot to directory (defaults to no chroot)
+# server.chroot      = "/"
+
+# bind to port (defaults to 80)
+# server.port          = 81
+
+# bind to name (defaults to all interfaces)
+# server.bind          = "grisu.home.kneschke.de"
+
+# error-handler for status 404
+# server.error-handler-404 = "/error-handler.html"
+# server.error-handler-404 = "/error-handler.php"
+
+# Format: <errorfile-prefix><status-code>.html
+# -> ..../status-404.html for 'File not found'
+# server.errorfile-prefix    = var.basedir + "/error/status-"
+
+# FAM support for caching stat() calls
+# requires that lighttpd be built with USE=fam
+#   server.stat-cache-engine = "fam"
+# }}}
+
+# {{{ mod_staticfile
+
+# which extensions should not be handled via static-file transfer
+# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
+static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
+# }}}
+
+# {{{ mod_accesslog
+accesslog.filename   = var.logdir + "/access.log"
+# }}}
+
+# {{{ mod_dirlisting
+# enable directory listings
+#   dir-listing.activate      = "enable"
+#
+# don't list hidden files/directories
+#   dir-listing.hide-dotfiles = "enable"
+#
+# use a different css for directory listings
+#   dir-listing.external-css  = "/path/to/dir-listing.css"
+#
+# list of regular expressions.  files that match any of the
+# specified regular expressions will be excluded from directory
+# listings.
+#   dir-listing.exclude = ("^\.", "~$")
+# }}}
+
+# {{{ mod_access
+# see access.txt
+
+url.access-deny = ("~", ".inc")
+# }}}
+
+# {{{ mod_userdir
+# see userdir.txt
+#
+# userdir.path = "public_html"
+# userdir.exclude-user = ("root")
+# }}}
+
+# {{{ mod_ssi
+# see ssi.txt
+#
+# ssi.extension = (".shtml")
+# }}}
+
+# {{{ mod_ssl
+# see ssl.txt
+#
+# ssl.engine    = "enable"
+# ssl.pemfile   = "server.pem"
+# }}}
+
+# {{{ mod_status
+# see status.txt
+#
+# status.status-url  = "/server-status"
+# status.config-url  = "/server-config"
+# }}}
+
+# {{{ mod_simple_vhost
+# see simple-vhost.txt
+#
+#  If you want name-based virtual hosting add the next three settings and load
+#  mod_simple_vhost
+#
+# document-root =
+#   virtual-server-root + virtual-server-default-host + virtual-server-docroot
+# or
+#   virtual-server-root + http-host + virtual-server-docroot
+#
+# simple-vhost.server-root   = "/home/weigon/wwwroot/servers/"
+# simple-vhost.default-host  = "grisu.home.kneschke.de"
+# simple-vhost.document-root = "/pages/"
+# }}}
+
+# {{{ mod_compress
+# see compress.txt
+#
+# compress.cache-dir   = var.statedir + "/cache/compress"
+# compress.filetype    = ("text/plain", "text/html")
+# }}}
+
+# {{{ mod_proxy
+# see proxy.txt
+#
+# proxy.server               = ( ".php" =>
+#                               ( "localhost" =>
+#                                 (
+#                                   "host" => "192.168.0.101",
+#                                   "port" => 80
+#                                 )
+#                               )
+#                             )
+# }}}
+
+# {{{ mod_auth
+# see authentication.txt
+#
+# auth.backend               = "plain"
+# auth.backend.plain.userfile = "lighttpd.user"
+# auth.backend.plain.groupfile = "lighttpd.group"
+
+# auth.backend.ldap.hostname = "localhost"
+# auth.backend.ldap.base-dn  = "dc=my-domain,dc=com"
+# auth.backend.ldap.filter   = "(uid=$)"
+
+# auth.require               = ( "/server-status" =>
+#                               (
+#                                 "method"  => "digest",
+#                                 "realm"   => "download archiv",
+#                                 "require" => "user=jan"
+#                               ),
+#                               "/server-info" =>
+#                               (
+#                                 "method"  => "digest",
+#                                 "realm"   => "download archiv",
+#                                 "require" => "valid-user"
+#                               )
+#                             )
+# }}}
+
+# {{{ mod_rewrite
+# see rewrite.txt
+#
+# url.rewrite = (
+#	"^/$"		=>		"/server-status"
+# )
+# }}}
+
+# {{{ mod_redirect
+# see redirect.txt
+#
+# url.redirect = (
+#	"^/wishlist/(.+)"		=>		"http://www.123.org/$1"
+# )
+# }}}
+
+# {{{ mod_evhost
+# define a pattern for the host url finding
+# %% => % sign
+# %0 => domain name + tld
+# %1 => tld
+# %2 => domain name without tld
+# %3 => subdomain 1 name
+# %4 => subdomain 2 name
+#
+# evhost.path-pattern        = "/home/storage/dev/www/%3/htdocs/"
+# }}}
+
+# {{{ mod_expire
+# expire.url = (
+#	"/buggy/"		=>		"access 2 hours",
+#	"/asdhas/"		=>		"access plus 1 seconds 2 minutes"
+# )
+# }}}
+
+# {{{ mod_rrdtool
+# see rrdtool.txt
+#
+# rrdtool.binary  = "/usr/bin/rrdtool"
+# rrdtool.db-name = var.statedir + "/lighttpd.rrd"
+# }}}
+
+# {{{ mod_setenv
+# see setenv.txt
+#
+# setenv.add-request-header  = ( "TRAV_ENV" => "mysql://user@host/db" )
+# setenv.add-response-header = ( "X-Secret-Message" => "42" )
+# }}}
+
+# {{{ mod_trigger_b4_dl
+# see trigger_b4_dl.txt
+#
+# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
+# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
+# trigger-before-download.trigger-url = "^/trigger/"
+# trigger-before-download.download-url = "^/download/"
+# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
+# trigger-before-download.trigger-timeout = 10
+# }}}
+
+# {{{ mod_cml
+# see cml.txt
+#
+# don't forget to add index.cml to server.indexfiles
+# cml.extension               = ".cml"
+# cml.memcache-hosts          = ( "127.0.0.1:11211" )
+# }}} 
+
+# {{{ mod_webdav
+# see webdav.txt
+#
+# $HTTP["url"] =~ "^/dav($|/)" {
+#     webdav.activate = "enable"
+#     webdav.is-readonly = "enable"
+# }
+# }}}
+
+# {{{ extra rules
+#
+# set Content-Encoding and reset Content-Type for browsers that
+# support decompressing on-thy-fly (requires mod_setenv)
+# $HTTP["url"] =~ "\.gz$" {
+#     setenv.add-response-header = ("Content-Encoding" => "x-gzip")
+#     mimetype.assign = (".gz" => "text/plain")
+# }
+
+# $HTTP["url"] =~ "\.bz2$" {
+#     setenv.add-response-header = ("Content-Encoding" => "x-bzip2")
+#     mimetype.assign = (".bz2" => "text/plain")
+# }
+#
+# }}}
+
+# {{{ debug
+# debug.log-request-header   = "enable"
+# debug.log-response-header  = "enable"
+# debug.log-request-handling = "enable"
+# debug.log-file-not-found   = "enable"
+# }}}
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/main/lighttpd/lighttpd.confd b/main/lighttpd/lighttpd.confd
new file mode 100644
index 0000000000..70d4170555
--- /dev/null
+++ b/main/lighttpd/lighttpd.confd
@@ -0,0 +1,12 @@
+# /etc/conf.d/lighttpd
+
+# Location of a shell used by the 'include_shell' directive
+# in the lighttpd's configuration file
+#export SHELL="/bin/bash"
+
+# Location of the lighttpd configuration file
+LIGHTTPD_CONF="/etc/lighttpd/lighttpd.conf"
+
+# Location of the lighttpd pid file
+LIGHTTPD_PID="/var/run/lighttpd.pid"
+
diff --git a/main/lighttpd/lighttpd.initd b/main/lighttpd/lighttpd.initd
new file mode 100644
index 0000000000..80aaacc5e5
--- /dev/null
+++ b/main/lighttpd/lighttpd.initd
@@ -0,0 +1,67 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.initd-1.4.13-r3,v 1.2 2007/10/12 20:54:46 swegener Exp $
+
+opts="reload graceful"
+
+depend() {
+	need net
+	use mysql logger spawn-fcgi ldap slapd
+	after famd
+	after sshd
+}
+
+checkconfig() {
+	if [ ! -f "${LIGHTTPD_CONF}" ] ; then
+		ewarn "${LIGHTTPD_CONF} does not exist."
+		return 1
+	fi
+
+	/usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting lighttpd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/lighttpd \
+		--pidfile "${LIGHTTPD_PID}" -- -f "${LIGHTTPD_CONF}"
+	eend $?
+}
+
+stop() {
+	local rv=0
+	ebegin "Stopping lighttpd"
+	start-stop-daemon --stop --quiet --pidfile "${LIGHTTPD_PID}"
+	eend $?
+}
+
+reload() {
+	if ! service_started "${SVCNAME}" ; then
+		eerror "${SVCNAME} isn't running"
+		return 1
+	fi
+	checkconfig || return 1
+
+	ebegin "Re-opening lighttpd log files"
+	start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \
+		--signal HUP
+	eend $?
+}
+
+graceful() {
+	if ! service_started "${SVCNAME}" ; then
+		eerror "${SVCNAME} isn't running"
+		return 1
+	fi
+	checkconfig || return 1
+
+	ebegin "Gracefully stopping lighttpd"
+	start-stop-daemon --stop --oknodo --quiet --pidfile "${LIGHTTPD_PID}" \
+		--signal INT
+	if eend $? ; then
+		rm -f "${LIGHTTPD_PID}"
+		start
+	fi
+}
diff --git a/main/lighttpd/lighttpd.logrotate b/main/lighttpd/lighttpd.logrotate
new file mode 100644
index 0000000000..76f0ef3ff5
--- /dev/null
+++ b/main/lighttpd/lighttpd.logrotate
@@ -0,0 +1,17 @@
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/lighttpd.logrotate,v 1.2 2006/05/30 19:49:29 bangert Exp $
+# lighttpd logrotate script for Gentoo
+
+/var/log/lighttpd/*.log {
+        daily
+        missingok
+		copytruncate
+        rotate 7
+        compress
+        notifempty
+        sharedscripts
+        postrotate
+           if [ -f /var/run/lighttpd.pid ]; then \
+                /etc/init.d/lighttpd reload > /dev/null 2>&1 || true ; \
+           fi;
+        endscript
+}
diff --git a/main/lighttpd/lighttpd.post-install b/main/lighttpd/lighttpd.post-install
new file mode 100644
index 0000000000..5b116a6375
--- /dev/null
+++ b/main/lighttpd/lighttpd.post-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+chown lighttpd:lighttpd /var/*/lighttpd
+exit 0
diff --git a/main/lighttpd/lighttpd.pre-install b/main/lighttpd/lighttpd.pre-install
new file mode 100644
index 0000000000..4682680d6b
--- /dev/null
+++ b/main/lighttpd/lighttpd.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -H -h /var/www/localhost/htdocs -s /bin/false -D lighttpd 2>/dev/null
+exit 0
diff --git a/main/lighttpd/mime-types.conf b/main/lighttpd/mime-types.conf
new file mode 100644
index 0000000000..3c36577739
--- /dev/null
+++ b/main/lighttpd/mime-types.conf
@@ -0,0 +1,76 @@
+###############################################################################
+# Default mime-types.conf for Gentoo.
+# include'd from lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mime-types.conf,v 1.2 2005/08/27 12:36:13 ka0ttic Exp $
+###############################################################################
+
+# {{{ mime types
+mimetype.assign             = (
+  ".pdf"          =>      "application/pdf",
+  ".sig"          =>      "application/pgp-signature",
+  ".spl"          =>      "application/futuresplash",
+  ".class"        =>      "application/octet-stream",
+  ".ps"           =>      "application/postscript",
+  ".torrent"      =>      "application/x-bittorrent",
+  ".dvi"          =>      "application/x-dvi",
+  ".gz"           =>      "application/x-gzip",
+  ".pac"          =>      "application/x-ns-proxy-autoconfig",
+  ".swf"          =>      "application/x-shockwave-flash",
+  ".tar.gz"       =>      "application/x-tgz",
+  ".tgz"          =>      "application/x-tgz",
+  ".tar"          =>      "application/x-tar",
+  ".zip"          =>      "application/zip",
+  ".mp3"          =>      "audio/mpeg",
+  ".m3u"          =>      "audio/x-mpegurl",
+  ".wma"          =>      "audio/x-ms-wma",
+  ".wax"          =>      "audio/x-ms-wax",
+  ".ogg"          =>      "application/ogg",
+  ".wav"          =>      "audio/x-wav",
+  ".gif"          =>      "image/gif",
+  ".jpg"          =>      "image/jpeg",
+  ".jpeg"         =>      "image/jpeg",
+  ".png"          =>      "image/png",
+  ".xbm"          =>      "image/x-xbitmap",
+  ".xpm"          =>      "image/x-xpixmap",
+  ".xwd"          =>      "image/x-xwindowdump",
+  ".css"          =>      "text/css",
+  ".html"         =>      "text/html",
+  ".htm"          =>      "text/html",
+  ".js"           =>      "text/javascript",
+  ".asc"          =>      "text/plain",
+  ".c"            =>      "text/plain",
+  ".h"            =>      "text/plain",
+  ".cc"           =>      "text/plain",
+  ".cpp"          =>      "text/plain",
+  ".hh"           =>      "text/plain",
+  ".hpp"          =>      "text/plain",
+  ".conf"         =>      "text/plain",
+  ".log"          =>      "text/plain",
+  ".text"         =>      "text/plain",
+  ".txt"          =>      "text/plain",
+  ".diff"         =>      "text/plain",
+  ".patch"        =>      "text/plain",
+  ".ebuild"       =>      "text/plain",
+  ".eclass"       =>      "text/plain",
+  ".rtf"          =>      "application/rtf",
+  ".bmp"          =>      "image/bmp",
+  ".tif"          =>      "image/tiff",
+  ".tiff"         =>      "image/tiff",
+  ".ico"          =>      "image/x-icon",
+  ".dtd"          =>      "text/xml",
+  ".xml"          =>      "text/xml",
+  ".mpeg"         =>      "video/mpeg",
+  ".mpg"          =>      "video/mpeg",
+  ".mov"          =>      "video/quicktime",
+  ".qt"           =>      "video/quicktime",
+  ".avi"          =>      "video/x-msvideo",
+  ".asf"          =>      "video/x-ms-asf",
+  ".asx"          =>      "video/x-ms-asf",
+  ".wmv"          =>      "video/x-ms-wmv",
+  ".bz2"          =>      "application/x-bzip",
+  ".tbz"          =>      "application/x-bzip-compressed-tar",
+  ".tar.bz2"      =>      "application/x-bzip-compressed-tar"
+ )
+# }}}
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/main/lighttpd/mod_cgi.conf b/main/lighttpd/mod_cgi.conf
new file mode 100644
index 0000000000..1cb3770f9b
--- /dev/null
+++ b/main/lighttpd/mod_cgi.conf
@@ -0,0 +1,33 @@
+###############################################################################
+# mod_cgi.conf
+# include'd by lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_cgi.conf,v 1.1 2005/08/27 12:36:13 ka0ttic Exp $
+###############################################################################
+
+#
+# see cgi.txt for more information on using mod_cgi
+#
+
+server.modules += ("mod_cgi")
+
+# NOTE: this requires mod_alias
+alias.url = (
+     "/cgi-bin/"	    =>	    var.basedir + "/cgi-bin/"
+)
+
+#
+# Note that you'll also want to enable the
+# cgi-bin alias via mod_alias (above).
+#
+
+$HTTP["url"] =~ "^/cgi-bin/" {
+    # disable directory listings
+    dir-listing.activate = "disable"
+    # only allow cgi's in this directory
+    cgi.assign = (
+		".pl"	=>	"/usr/bin/perl",
+		".cgi"	=>	"/usr/bin/perl"
+	)
+}
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/main/lighttpd/mod_fastcgi.conf b/main/lighttpd/mod_fastcgi.conf
new file mode 100644
index 0000000000..ca1369af79
--- /dev/null
+++ b/main/lighttpd/mod_fastcgi.conf
@@ -0,0 +1,17 @@
+###############################################################################
+# mod_fastcgi.conf
+# include'd by lighttpd.conf.
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/mod_fastcgi.conf-1.4.13-r2,v 1.1 2007/04/01 23:22:00 robbat2 Exp $
+###############################################################################
+
+server.modules += ("mod_fastcgi")
+fastcgi.server = ( ".php" =>
+		            ( "localhost" =>
+			            (
+				            "socket"		=>		"/var/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket",
+				            "bin-path"	=>		"/usr/bin/php-cgi"
+			            )
+		            )
+	            )
+
+# vim: set ft=conf foldmethod=marker et :
diff --git a/main/lighttpd/spawn-fcgi.confd b/main/lighttpd/spawn-fcgi.confd
new file mode 100644
index 0000000000..2a88806ae0
--- /dev/null
+++ b/main/lighttpd/spawn-fcgi.confd
@@ -0,0 +1,35 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/spawn-fcgi.confd,v 1.1 2005/02/14 11:39:01 ka0ttic Exp $
+
+# Configuration file for the FCGI-Part of /etc/init.d/lighttpd
+
+## Set this to "yes" to enable SPAWNFCGI
+ENABLE_SPAWNFCGI="yes"
+
+## ABSOLUTE path to the spawn-fcgi binary
+SPAWNFCGI="/usr/bin/spawn-fcgi"
+
+## ABSOLUTE path to the PHP binary
+FCGIPROGRAM="/usr/bin/php-cgi"
+
+## bind to tcp-port on localhost
+FCGIPORT="1026"
+
+## number of PHP childs to spawn
+PHP_FCGI_CHILDREN=5
+
+## number of request server by a single php-process until is will be restarted
+PHP_FCGI_MAX_REQUESTS=1000
+
+## IP adresses where PHP should access server connections from
+FCGI_WEB_SERVER_ADDRS="127.0.0.1"
+
+# allowed environment variables sperated by spaces
+ALLOWED_ENV="PATH USER"
+# do NOT change line below
+ALLOWED_ENV="$ALLOWED_ENV PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS"
+
+## if this script is run as root switch to the following user
+USERID=lighttpd
+GROUPID=lighttpd
diff --git a/main/lighttpd/spawn-fcgi.initd b/main/lighttpd/spawn-fcgi.initd
new file mode 100644
index 0000000000..63daa75081
--- /dev/null
+++ b/main/lighttpd/spawn-fcgi.initd
@@ -0,0 +1,51 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/spawn-fcgi.initd,v 1.2 2007/04/02 12:46:08 uberlord Exp $
+
+SPAWNFCGI_PID="/var/run/spawn-fcgi.pid"
+
+depend() {
+        need net
+}
+
+start() {
+        local my_end
+
+        ebegin "Starting spawn-fcgi"
+        export PHP_FCGI_MAX_REQUESTS FCGI_WEB_SERVER_ADDRS
+
+        EX="${SPAWNFCGI} -p ${FCGIPORT} -f ${FCGIPROGRAM} -u ${USERID} \
+                -g ${GROUPID} -C ${PHP_FCGI_CHILDREN}"
+
+        # copy the allowed environment variables
+        unset E
+        for i in ${ALLOWED_ENV}; do
+                E="${E} ${i}=${!i}"
+        done
+
+        # clean environment and set up a new one
+        env - ${E} ${EX} 2>${SPAWNFCGI_PID}
+        my_end=$?
+        if [ "$my_end" != "0" ]; then
+                [ -f ${SPAWNFCGI_PID} ] && rm -f ${SPAWNFCGI_PID}
+                eend $my_end
+        fi
+
+        #extract parent-process-id and write it back to the file
+        FCGI_PPID=`cat ${SPAWNFCGI_PID} | cut -d':' -f4`
+        echo ${FCGI_PPID} > ${SPAWNFCGI_PID}
+        eend 0
+}
+
+stop() {
+        ebegin "Stopping spawn-fcgi"
+        if ! kill `cat ${SPAWNFCGI_PID}` ; then
+	    eend $?
+	    return 1
+	fi
+        if [ -w ${SPAWNFCGI_PID} ]; then
+                rm ${SPAWNFCGI_PID}
+        fi
+        eend 0
+}
diff --git a/main/links/APKBUILD b/main/links/APKBUILD
new file mode 100644
index 0000000000..2d11cf9dba
--- /dev/null
+++ b/main/links/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=links
+pkgver=2.2
+pkgrel=0
+pkgdesc="A text WWW browser, similar to Lynx"
+url="http://atrey.karlin.mff.cuni.cz/~clock/twibright/links/"
+license="GPL"
+subpackages="$pkgname-doc"
+# the bzip2 lib is linked static so we dont need in depends
+depends="zlib openssl"
+makedepends="pkgconfig zlib-dev openssl-dev bzip2-dev"
+source="http://$pkgname.twibright.com/download/$pkgname-$pkgver.tar.bz2"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--enable-javascript \
+		--disable-graphics \
+		--without-x \
+		--disable-nls || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+md5sums="bf5b20529a2a811701c5af52b28ebdd4  links-2.2.tar.bz2"
diff --git a/main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch b/main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch
new file mode 100644
index 0000000000..fd0cfeb2a2
--- /dev/null
+++ b/main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch
@@ -0,0 +1,207 @@
+From: Timo Teras <timo.teras@iki.fi>
+Date: Tue, 20 Jan 2009 01:22:12 +0000 (-0800)
+Subject: gre: strict physical device binding
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=749c10f931923451a4c59b4435d182aa9ae27a4f;hp=57a574993d94671b495cdbe8aeb78b745abfe14f
+
+gre: strict physical device binding
+
+Check the device on receive path and allow otherwise identical devices
+as long as the physical device differs.
+
+This is useful for NBMA tunnels, where you want to use different gre IP
+for each public IP available via different physical devices.
+
+Signed-off-by: Timo Teras <timo.teras@iki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+
+diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
+index 0101521..4a43739 100644
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -164,67 +164,113 @@ static DEFINE_RWLOCK(ipgre_lock);
+ 
+ /* Given src, dst and key, find appropriate for input tunnel. */
+ 
+-static struct ip_tunnel * ipgre_tunnel_lookup(struct net *net,
++static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
+ 					      __be32 remote, __be32 local,
+ 					      __be32 key, __be16 gre_proto)
+ {
++	struct net *net = dev_net(dev);
++	int link = dev->ifindex;
+ 	unsigned h0 = HASH(remote);
+ 	unsigned h1 = HASH(key);
+-	struct ip_tunnel *t;
+-	struct ip_tunnel *t2 = NULL;
++	struct ip_tunnel *t, *sel[4] = { NULL, NULL, NULL, NULL };
+ 	struct ipgre_net *ign = net_generic(net, ipgre_net_id);
+ 	int dev_type = (gre_proto == htons(ETH_P_TEB)) ?
+ 		       ARPHRD_ETHER : ARPHRD_IPGRE;
++	int idx;
+ 
+ 	for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) {
+-		if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
+-			if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
+-				if (t->dev->type == dev_type)
+-					return t;
+-				if (t->dev->type == ARPHRD_IPGRE && !t2)
+-					t2 = t;
+-			}
+-		}
++		if (local != t->parms.iph.saddr ||
++		    remote != t->parms.iph.daddr ||
++		    key != t->parms.i_key ||
++		    !(t->dev->flags & IFF_UP))
++			continue;
++
++		if (t->dev->type != ARPHRD_IPGRE &&
++		    t->dev->type != dev_type)
++			continue;
++
++		idx = 0;
++		if (t->parms.link != link)
++			idx |= 1;
++		if (t->dev->type != dev_type)
++			idx |= 2;
++		if (idx == 0)
++			return t;
++		if (sel[idx] == NULL)
++			sel[idx] = t;
+ 	}
+ 
+ 	for (t = ign->tunnels_r[h0^h1]; t; t = t->next) {
+-		if (remote == t->parms.iph.daddr) {
+-			if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
+-				if (t->dev->type == dev_type)
+-					return t;
+-				if (t->dev->type == ARPHRD_IPGRE && !t2)
+-					t2 = t;
+-			}
+-		}
++		if (remote != t->parms.iph.daddr ||
++		    key != t->parms.i_key ||
++		    !(t->dev->flags & IFF_UP))
++			continue;
++
++		if (t->dev->type != ARPHRD_IPGRE &&
++		    t->dev->type != dev_type)
++			continue;
++
++		idx = 0;
++		if (t->parms.link != link)
++			idx |= 1;
++		if (t->dev->type != dev_type)
++			idx |= 2;
++		if (idx == 0)
++			return t;
++		if (sel[idx] == NULL)
++			sel[idx] = t;
+ 	}
+ 
+ 	for (t = ign->tunnels_l[h1]; t; t = t->next) {
+-		if (local == t->parms.iph.saddr ||
+-		     (local == t->parms.iph.daddr &&
+-		      ipv4_is_multicast(local))) {
+-			if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
+-				if (t->dev->type == dev_type)
+-					return t;
+-				if (t->dev->type == ARPHRD_IPGRE && !t2)
+-					t2 = t;
+-			}
+-		}
++		if ((local != t->parms.iph.saddr &&
++		     (local != t->parms.iph.daddr ||
++		      !ipv4_is_multicast(local))) ||
++		    key != t->parms.i_key ||
++		    !(t->dev->flags & IFF_UP))
++			continue;
++
++		if (t->dev->type != ARPHRD_IPGRE &&
++		    t->dev->type != dev_type)
++			continue;
++
++		idx = 0;
++		if (t->parms.link != link)
++			idx |= 1;
++		if (t->dev->type != dev_type)
++			idx |= 2;
++		if (idx == 0)
++			return t;
++		if (sel[idx] == NULL)
++			sel[idx] = t;
+ 	}
+ 
+ 	for (t = ign->tunnels_wc[h1]; t; t = t->next) {
+-		if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
+-			if (t->dev->type == dev_type)
+-				return t;
+-			if (t->dev->type == ARPHRD_IPGRE && !t2)
+-				t2 = t;
+-		}
++		if (t->parms.i_key != key ||
++		    !(t->dev->flags & IFF_UP))
++			continue;
++
++		if (t->dev->type != ARPHRD_IPGRE &&
++		    t->dev->type != dev_type)
++			continue;
++
++		idx = 0;
++		if (t->parms.link != link)
++			idx |= 1;
++		if (t->dev->type != dev_type)
++			idx |= 2;
++		if (idx == 0)
++			return t;
++		if (sel[idx] == NULL)
++			sel[idx] = t;
+ 	}
+ 
+-	if (t2)
+-		return t2;
++	for (idx = 1; idx < ARRAY_SIZE(sel); idx++)
++		if (sel[idx] != NULL)
++			return sel[idx];
+ 
+-	if (ign->fb_tunnel_dev->flags&IFF_UP)
++	if (ign->fb_tunnel_dev->flags & IFF_UP)
+ 		return netdev_priv(ign->fb_tunnel_dev);
++
+ 	return NULL;
+ }
+ 
+@@ -284,6 +330,7 @@ static struct ip_tunnel *ipgre_tunnel_find(struct net *net,
+ 	__be32 remote = parms->iph.daddr;
+ 	__be32 local = parms->iph.saddr;
+ 	__be32 key = parms->i_key;
++	int link = parms->link;
+ 	struct ip_tunnel *t, **tp;
+ 	struct ipgre_net *ign = net_generic(net, ipgre_net_id);
+ 
+@@ -291,6 +338,7 @@ static struct ip_tunnel *ipgre_tunnel_find(struct net *net,
+ 		if (local == t->parms.iph.saddr &&
+ 		    remote == t->parms.iph.daddr &&
+ 		    key == t->parms.i_key &&
++		    link == t->parms.link &&
+ 		    type == t->dev->type)
+ 			break;
+ 
+@@ -421,7 +469,7 @@ static void ipgre_err(struct sk_buff *skb, u32 info)
+ 	}
+ 
+ 	read_lock(&ipgre_lock);
+-	t = ipgre_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr,
++	t = ipgre_tunnel_lookup(skb->dev, iph->daddr, iph->saddr,
+ 				flags & GRE_KEY ?
+ 				*(((__be32 *)p) + (grehlen / 4) - 1) : 0,
+ 				p[1]);
+@@ -518,7 +566,7 @@ static int ipgre_rcv(struct sk_buff *skb)
+ 	gre_proto = *(__be16 *)(h + 2);
+ 
+ 	read_lock(&ipgre_lock);
+-	if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev),
++	if ((tunnel = ipgre_tunnel_lookup(skb->dev,
+ 					  iph->saddr, iph->daddr, key,
+ 					  gre_proto))) {
+ 		struct net_device_stats *stats = &tunnel->dev->stats;
diff --git a/main/linux-grsec/0002-linux-2.6.28.5-ipgre-optimize-hash-lookup.patch b/main/linux-grsec/0002-linux-2.6.28.5-ipgre-optimize-hash-lookup.patch
new file mode 100644
index 0000000000..fbfef33b9b
--- /dev/null
+++ b/main/linux-grsec/0002-linux-2.6.28.5-ipgre-optimize-hash-lookup.patch
@@ -0,0 +1,140 @@
+From: Timo Teras <timo.teras@iki.fi>
+Date: Tue, 27 Jan 2009 04:56:10 +0000 (-0800)
+Subject: gre: optimize hash lookup
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=afcf12422ec8236dc8b9238fef7a475876eea8da;hp=3eacdf58c2c0b9507afedfc19108e98b992c31e4
+
+gre: optimize hash lookup
+
+Instead of keeping candidate tunnel device from all categories,
+keep only one candidate with best score. This optimizes stack
+usage and speeds up exit code.
+
+Signed-off-by: Timo Teras <timo.teras@iki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+
+diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
+index 4a43739..07a188a 100644
+--- a/net/ipv4/ip_gre.c
++++ b/net/ipv4/ip_gre.c
+@@ -172,11 +172,11 @@ static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
+ 	int link = dev->ifindex;
+ 	unsigned h0 = HASH(remote);
+ 	unsigned h1 = HASH(key);
+-	struct ip_tunnel *t, *sel[4] = { NULL, NULL, NULL, NULL };
++	struct ip_tunnel *t, *cand = NULL;
+ 	struct ipgre_net *ign = net_generic(net, ipgre_net_id);
+ 	int dev_type = (gre_proto == htons(ETH_P_TEB)) ?
+ 		       ARPHRD_ETHER : ARPHRD_IPGRE;
+-	int idx;
++	int score, cand_score = 4;
+ 
+ 	for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) {
+ 		if (local != t->parms.iph.saddr ||
+@@ -189,15 +189,18 @@ static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
+ 		    t->dev->type != dev_type)
+ 			continue;
+ 
+-		idx = 0;
++		score = 0;
+ 		if (t->parms.link != link)
+-			idx |= 1;
++			score |= 1;
+ 		if (t->dev->type != dev_type)
+-			idx |= 2;
+-		if (idx == 0)
++			score |= 2;
++		if (score == 0)
+ 			return t;
+-		if (sel[idx] == NULL)
+-			sel[idx] = t;
++
++		if (score < cand_score) {
++			cand = t;
++			cand_score = score;
++		}
+ 	}
+ 
+ 	for (t = ign->tunnels_r[h0^h1]; t; t = t->next) {
+@@ -210,15 +213,18 @@ static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
+ 		    t->dev->type != dev_type)
+ 			continue;
+ 
+-		idx = 0;
++		score = 0;
+ 		if (t->parms.link != link)
+-			idx |= 1;
++			score |= 1;
+ 		if (t->dev->type != dev_type)
+-			idx |= 2;
+-		if (idx == 0)
++			score |= 2;
++		if (score == 0)
+ 			return t;
+-		if (sel[idx] == NULL)
+-			sel[idx] = t;
++
++		if (score < cand_score) {
++			cand = t;
++			cand_score = score;
++		}
+ 	}
+ 
+ 	for (t = ign->tunnels_l[h1]; t; t = t->next) {
+@@ -233,15 +239,18 @@ static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
+ 		    t->dev->type != dev_type)
+ 			continue;
+ 
+-		idx = 0;
++		score = 0;
+ 		if (t->parms.link != link)
+-			idx |= 1;
++			score |= 1;
+ 		if (t->dev->type != dev_type)
+-			idx |= 2;
+-		if (idx == 0)
++			score |= 2;
++		if (score == 0)
+ 			return t;
+-		if (sel[idx] == NULL)
+-			sel[idx] = t;
++
++		if (score < cand_score) {
++			cand = t;
++			cand_score = score;
++		}
+ 	}
+ 
+ 	for (t = ign->tunnels_wc[h1]; t; t = t->next) {
+@@ -253,20 +262,22 @@ static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
+ 		    t->dev->type != dev_type)
+ 			continue;
+ 
+-		idx = 0;
++		score = 0;
+ 		if (t->parms.link != link)
+-			idx |= 1;
++			score |= 1;
+ 		if (t->dev->type != dev_type)
+-			idx |= 2;
+-		if (idx == 0)
++			score |= 2;
++		if (score == 0)
+ 			return t;
+-		if (sel[idx] == NULL)
+-			sel[idx] = t;
++
++		if (score < cand_score) {
++			cand = t;
++			cand_score = score;
++		}
+ 	}
+ 
+-	for (idx = 1; idx < ARRAY_SIZE(sel); idx++)
+-		if (sel[idx] != NULL)
+-			return sel[idx];
++	if (cand != NULL)
++		return cand;
+ 
+ 	if (ign->fb_tunnel_dev->flags & IFF_UP)
+ 		return netdev_priv(ign->fb_tunnel_dev);
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
new file mode 100644
index 0000000000..20fa9284bd
--- /dev/null
+++ b/main/linux-grsec/APKBUILD
@@ -0,0 +1,123 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+
+_flavor=grsec
+pkgname=linux-${_flavor}
+pkgver=2.6.29.6
+_kernver=2.6.29
+pkgrel=2
+pkgdesc="Linux kernel with grsecurity"
+url=http://grsecurity.net
+depends="mkinitfs"
+makedepends="perl installkernel"
+_config=${config:-kernelconfig}
+install="$pkgname.post-install $pkgname.post-upgrade"
+source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
+	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
+	grsecurity-2.1.14-2.6.29.6-200907231934.patch
+	0001-linux-2.6.28.5-ipgre-strict-binding.patch
+	0002-linux-2.6.28.5-ipgre-optimize-hash-lookup.patch
+	net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
+	$_config
+	$install
+	"
+subpackages="$pkgname-dev"
+license="GPL-2"
+
+_abi_release=${pkgver}-${_flavor}
+
+_prepare() {
+	cd "$srcdir"/linux-$_kernver
+	if [ "$_kernver" != "$pkgver" ]; then
+		bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 || return 1
+	fi
+
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 -N < $i || return 1
+	done
+
+	mkdir -p "$srcdir"/build
+	cp "$srcdir"/$_config "$srcdir"/build/.config
+	make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="$CC" \
+		silentoldconfig
+}
+
+# this is so we can do: 'abuild menuconfig' to reconfigure kernel
+menuconfig() {
+	_prepare
+	cd "$srcdir"/build
+	make menuconfig
+	cp .config "$startdir"/$_config
+}
+
+build() {
+	_prepare || return 1
+	cd "$srcdir"/build
+	make CC="$CC" || return 1
+
+	mkdir -p "$pkgdir"/boot "$pkgdir"/lib/modules
+	make modules_install install \
+		INSTALL_MOD_PATH="$pkgdir" \
+		INSTALL_PATH="$pkgdir"/boot
+
+	ln -s vmlinuz-${_abi_release} "${pkgdir}"/boot/$_flavor
+
+	rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
+		"$pkgdir"/lib/modules/${_abi_release}/source
+}
+
+dev() {
+	# copy the only the parts that we really need for build 3rd party
+	# kernel modules and install those as /usr/src/linux-headers,
+	# simlar to what ubuntu does
+	#
+	# this way you dont need to install the 300-400 kernel sources to 
+	# build a tiny kernel module
+	#
+	pkgdesc="Headers and script for third party modules for grsec kernel"
+	local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
+
+	# first we import config, run prepare to set up for building 
+	# external modules, and create the scripts
+	mkdir -p "$dir"
+	cp "$srcdir"/kernelconfig "$dir"/.config
+	make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="$CC" \
+		silentoldconfig prepare scripts
+
+	# remove the stuff that poits to real sources. we want 3rd party
+	# modules to believe this is the soruces
+	rm "$dir"/Makefile "$dir"/source
+
+	# copy the needed stuff from real sources
+	#
+	# this is taken from ubuntu kernel build script
+	# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
+	cd "$srcdir"/linux-$_kernver
+	find . -path './include/*' -prune -o -path './scripts/*' -prune \
+		-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
+		-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
+		-o -name '*.lds' \) | cpio -pdm "$dir"
+	cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
+	cp -a drivers/media/video/*.h "$dir"/drivers/media/video
+	cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
+	cp -a scripts include "$dir"
+	find $(find arch -name include -type d -print) -type f \
+		| cpio -pdm "$dir"
+
+	install -Dm644 "$srcdir"/build/Module.symvers \
+		"$dir"/Module.symvers
+
+	mkdir -p "$subpkgdir"/lib/modules/${_abi_release}
+	ln -sf /usr/src/linux-headers-${_abi_release} \
+		"$subpkgdir"/lib/modules/${_abi_release}/build
+}
+
+md5sums="64921b5ff5cdadbccfcd3820f03be7d8  linux-2.6.29.tar.bz2
+0317760b52c9ac7a11de997da19a366e  patch-2.6.29.6.bz2
+bc067ccfe86517c4e4568b76b4a50e06  grsecurity-2.1.14-2.6.29.6-200907231934.patch
+7673b4521283ad41434a18ca18b16ad8  0001-linux-2.6.28.5-ipgre-strict-binding.patch
+8f405c738b150c532c46eaad5390cca2  0002-linux-2.6.28.5-ipgre-optimize-hash-lookup.patch
+ca05fd252783b82e01610e775cf56498  net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
+c9443dcc46eb70267b4cfe6a6694f637  kernelconfig
+2834240b15805b248ef2a973b1ad4416  linux-grsec.post-install
+2834240b15805b248ef2a973b1ad4416  linux-grsec.post-upgrade"
diff --git a/main/linux-grsec/grsecurity-2.1.14-2.6.29.6-200907231934.patch b/main/linux-grsec/grsecurity-2.1.14-2.6.29.6-200907231934.patch
new file mode 100644
index 0000000000..eb8c335b73
--- /dev/null
+++ b/main/linux-grsec/grsecurity-2.1.14-2.6.29.6-200907231934.patch
@@ -0,0 +1,45490 @@
+diff -urNp linux-2.6.29.6/arch/alpha/include/asm/atomic.h linux-2.6.29.6/arch/alpha/include/asm/atomic.h
+--- linux-2.6.29.6/arch/alpha/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/alpha/include/asm/atomic.h	2009-07-23 17:34:32.032153687 -0400
+@@ -246,6 +246,9 @@ static __inline__ int atomic64_add_unles
+ #define atomic64_dec_and_test(v) (atomic64_sub_return(1, (v)) == 0)
+ 
+ #define atomic_inc(v) atomic_add(1,(v))
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
+ #define atomic64_inc(v) atomic64_add(1,(v))
+ 
+ #define atomic_dec(v) atomic_sub(1,(v))
+diff -urNp linux-2.6.29.6/arch/alpha/include/asm/elf.h linux-2.6.29.6/arch/alpha/include/asm/elf.h
+--- linux-2.6.29.6/arch/alpha/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/alpha/include/asm/elf.h	2009-07-23 17:34:32.032809072 -0400
+@@ -91,6 +91,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+ 
+ #define ELF_ET_DYN_BASE		(TASK_UNMAPPED_BASE + 0x1000000)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(current->personality & ADDR_LIMIT_32BIT ? 0x10000 : 0x120000000UL)
++
++#define PAX_DELTA_MMAP_LEN	(current->personality & ADDR_LIMIT_32BIT ? 14 : 28)
++#define PAX_DELTA_STACK_LEN	(current->personality & ADDR_LIMIT_32BIT ? 14 : 19)
++#endif
++
+ /* $0 is set by ld.so to a pointer to a function which might be 
+    registered using atexit.  This provides a mean for the dynamic
+    linker to call DT_FINI functions for shared libraries that have
+diff -urNp linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/alpha/include/asm/kmap_types.h	2009-07-23 17:34:32.032809072 -0400
+@@ -24,7 +24,8 @@ D(9)	KM_IRQ0,
+ D(10)	KM_IRQ1,
+ D(11)	KM_SOFTIRQ0,
+ D(12)	KM_SOFTIRQ1,
+-D(13)	KM_TYPE_NR
++D(13)  KM_CLEARPAGE,
++D(14)  KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/arch/alpha/include/asm/pgtable.h linux-2.6.29.6/arch/alpha/include/asm/pgtable.h
+--- linux-2.6.29.6/arch/alpha/include/asm/pgtable.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/alpha/include/asm/pgtable.h	2009-07-23 17:34:32.032809072 -0400
+@@ -101,6 +101,17 @@ struct vm_area_struct;
+ #define PAGE_SHARED	__pgprot(_PAGE_VALID | __ACCESS_BITS)
+ #define PAGE_COPY	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
+ #define PAGE_READONLY	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOE)
++# define PAGE_COPY_NOEXEC	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
++# define PAGE_READONLY_NOEXEC	__pgprot(_PAGE_VALID | __ACCESS_BITS | _PAGE_FOW | _PAGE_FOE)
++#else
++# define PAGE_SHARED_NOEXEC	PAGE_SHARED
++# define PAGE_COPY_NOEXEC	PAGE_COPY
++# define PAGE_READONLY_NOEXEC	PAGE_READONLY
++#endif
++
+ #define PAGE_KERNEL	__pgprot(_PAGE_VALID | _PAGE_ASM | _PAGE_KRE | _PAGE_KWE)
+ 
+ #define _PAGE_NORMAL(x) __pgprot(_PAGE_VALID | __ACCESS_BITS | (x))
+diff -urNp linux-2.6.29.6/arch/alpha/kernel/module.c linux-2.6.29.6/arch/alpha/kernel/module.c
+--- linux-2.6.29.6/arch/alpha/kernel/module.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/alpha/kernel/module.c	2009-07-23 17:34:32.032809072 -0400
+@@ -182,7 +182,7 @@ apply_relocate_add(Elf64_Shdr *sechdrs, 
+ 
+ 	/* The small sections were sorted to the end of the segment.
+ 	   The following should definitely cover them.  */
+-	gp = (u64)me->module_core + me->core_size - 0x8000;
++	gp = (u64)me->module_core_rw + me->core_size_rw - 0x8000;
+ 	got = sechdrs[me->arch.gotsecindex].sh_addr;
+ 
+ 	for (i = 0; i < n; i++) {
+diff -urNp linux-2.6.29.6/arch/alpha/kernel/osf_sys.c linux-2.6.29.6/arch/alpha/kernel/osf_sys.c
+--- linux-2.6.29.6/arch/alpha/kernel/osf_sys.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/alpha/kernel/osf_sys.c	2009-07-23 17:34:32.032809072 -0400
+@@ -1217,6 +1217,10 @@ arch_get_unmapped_area(struct file *filp
+ 	   merely specific addresses, but regions of memory -- perhaps
+ 	   this feature should be incorporated into all ports?  */
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	if (addr) {
+ 		addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit);
+ 		if (addr != (unsigned long) -ENOMEM)
+@@ -1224,8 +1228,8 @@ arch_get_unmapped_area(struct file *filp
+ 	}
+ 
+ 	/* Next, try allocating at TASK_UNMAPPED_BASE.  */
+-	addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE),
+-					 len, limit);
++	addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit);
++
+ 	if (addr != (unsigned long) -ENOMEM)
+ 		return addr;
+ 
+diff -urNp linux-2.6.29.6/arch/alpha/mm/fault.c linux-2.6.29.6/arch/alpha/mm/fault.c
+--- linux-2.6.29.6/arch/alpha/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/alpha/mm/fault.c	2009-07-23 17:34:32.033902767 -0400
+@@ -54,6 +54,124 @@ __load_new_mm_context(struct mm_struct *
+ 	__reload_thread(pcb);
+ }
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++/*
++ * PaX: decide what to do with offenders (regs->pc = fault address)
++ *
++ * returns 1 when task should be killed
++ *         2 when patched PLT trampoline was detected
++ *         3 when unpatched PLT trampoline was detected
++ */
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++
++#ifdef CONFIG_PAX_EMUPLT
++	int err;
++
++	do { /* PaX: patched PLT emulation #1 */
++		unsigned int ldah, ldq, jmp;
++
++		err = get_user(ldah, (unsigned int *)regs->pc);
++		err |= get_user(ldq, (unsigned int *)(regs->pc+4));
++		err |= get_user(jmp, (unsigned int *)(regs->pc+8));
++
++		if (err)
++			break;
++
++		if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
++		    (ldq & 0xFFFF0000U) == 0xA77B0000U &&
++		    jmp == 0x6BFB0000U)
++		{
++			unsigned long r27, addr;
++			unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
++			unsigned long addrl = ldq | 0xFFFFFFFFFFFF0000UL;
++
++			addr = regs->r27 + ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
++			err = get_user(r27, (unsigned long *)addr);
++			if (err)
++				break;
++
++			regs->r27 = r27;
++			regs->pc = r27;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: patched PLT emulation #2 */
++		unsigned int ldah, lda, br;
++
++		err = get_user(ldah, (unsigned int *)regs->pc);
++		err |= get_user(lda, (unsigned int *)(regs->pc+4));
++		err |= get_user(br, (unsigned int *)(regs->pc+8));
++
++		if (err)
++			break;
++
++		if ((ldah & 0xFFFF0000U) == 0x277B0000U &&
++		    (lda & 0xFFFF0000U) == 0xA77B0000U &&
++		    (br & 0xFFE00000U) == 0xC3E00000U)
++		{
++			unsigned long addr = br | 0xFFFFFFFFFFE00000UL;
++			unsigned long addrh = (ldah | 0xFFFFFFFFFFFF0000UL) << 16;
++			unsigned long addrl = lda | 0xFFFFFFFFFFFF0000UL;
++
++			regs->r27 += ((addrh ^ 0x80000000UL) + 0x80000000UL) + ((addrl ^ 0x8000UL) + 0x8000UL);
++			regs->pc += 12 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: unpatched PLT emulation */
++		unsigned int br;
++
++		err = get_user(br, (unsigned int *)regs->pc);
++
++		if (!err && (br & 0xFFE00000U) == 0xC3800000U) {
++			unsigned int br2, ldq, nop, jmp;
++			unsigned long addr = br | 0xFFFFFFFFFFE00000UL, resolver;
++
++			addr = regs->pc + 4 + (((addr ^ 0x00100000UL) + 0x00100000UL) << 2);
++			err = get_user(br2, (unsigned int *)addr);
++			err |= get_user(ldq, (unsigned int *)(addr+4));
++			err |= get_user(nop, (unsigned int *)(addr+8));
++			err |= get_user(jmp, (unsigned int *)(addr+12));
++			err |= get_user(resolver, (unsigned long *)(addr+16));
++
++			if (err)
++				break;
++
++			if (br2 == 0xC3600000U &&
++			    ldq == 0xA77B000CU &&
++			    nop == 0x47FF041FU &&
++			    jmp == 0x6B7B0000U)
++			{
++				regs->r28 = regs->pc+4;
++				regs->r27 = addr+16;
++				regs->pc = resolver;
++				return 3;
++			}
++		}
++	} while (0);
++#endif
++
++	return 1;
++}
++
++void pax_report_insns(void *pc, void *sp)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 5; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%08x ", c);
++	}
++	printk("\n");
++}
++#endif
+ 
+ /*
+  * This routine handles page faults.  It determines the address,
+@@ -131,8 +249,29 @@ do_page_fault(unsigned long address, uns
+  good_area:
+ 	si_code = SEGV_ACCERR;
+ 	if (cause < 0) {
+-		if (!(vma->vm_flags & VM_EXEC))
++		if (!(vma->vm_flags & VM_EXEC)) {
++
++#ifdef CONFIG_PAX_PAGEEXEC
++			if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->pc)
++				goto bad_area;
++
++			up_read(&mm->mmap_sem);
++			switch (pax_handle_fetch_fault(regs)) {
++
++#ifdef CONFIG_PAX_EMUPLT
++			case 2:
++			case 3:
++				return;
++#endif
++
++			}
++			pax_report_fault(regs, (void *)regs->pc, (void *)rdusp());
++			do_group_exit(SIGKILL);
++#else
+ 			goto bad_area;
++#endif
++
++		}
+ 	} else if (!cause) {
+ 		/* Allow reads even for write-only mappings */
+ 		if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
+diff -urNp linux-2.6.29.6/arch/arm/include/asm/atomic.h linux-2.6.29.6/arch/arm/include/asm/atomic.h
+--- linux-2.6.29.6/arch/arm/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/arm/include/asm/atomic.h	2009-07-23 17:34:32.033902767 -0400
+@@ -191,6 +191,9 @@ static inline int atomic_add_unless(atom
+ #define atomic_inc(v)		(void) atomic_add_return(1, v)
+ #define atomic_sub(i, v)	(void) atomic_sub_return(i, v)
+ #define atomic_dec(v)		(void) atomic_sub_return(1, v)
++#define atomic_inc_unchecked(v)		(void) atomic_inc(v)
++#define atomic_add_unchecked(i, v)	(void) atomic_add(i, v)
++#define atomic_sub_unchecked(i, v)	(void) atomic_sub(i, v)
+ 
+ #define atomic_inc_and_test(v)	(atomic_add_return(1, v) == 0)
+ #define atomic_dec_and_test(v)	(atomic_sub_return(1, v) == 0)
+diff -urNp linux-2.6.29.6/arch/arm/include/asm/elf.h linux-2.6.29.6/arch/arm/include/asm/elf.h
+--- linux-2.6.29.6/arch/arm/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/arm/include/asm/elf.h	2009-07-23 17:34:32.033902767 -0400
+@@ -100,7 +100,14 @@ extern int arm_elf_read_implies_exec(con
+    the loader.  We need to make sure that it is out of the way of the program
+    that it will "exec", and that there is sufficient room for the brk.  */
+ 
+-#define ELF_ET_DYN_BASE	(2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE		(TASK_SIZE / 3 * 2)
++
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	0x00008000UL
++
++#define PAX_DELTA_MMAP_LEN	((current->personality == PER_LINUX_32BIT) ? 16 : 10)
++#define PAX_DELTA_STACK_LEN	((current->personality == PER_LINUX_32BIT) ? 16 : 10)
++#endif
+ 
+ /* When the program starts, a1 contains a pointer to a function to be 
+    registered with atexit, as per the SVR4 ABI.  A value of 0 means we 
+diff -urNp linux-2.6.29.6/arch/arm/include/asm/kmap_types.h linux-2.6.29.6/arch/arm/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/arm/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/arm/include/asm/kmap_types.h	2009-07-23 17:34:32.033902767 -0400
+@@ -18,6 +18,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/arm/include/asm/uaccess.h linux-2.6.29.6/arch/arm/include/asm/uaccess.h
+--- linux-2.6.29.6/arch/arm/include/asm/uaccess.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/arm/include/asm/uaccess.h	2009-07-23 17:34:32.033902767 -0400
+@@ -400,7 +400,7 @@ static inline unsigned long __must_check
+ {
+ 	if (access_ok(VERIFY_READ, from, n))
+ 		n = __copy_from_user(to, from, n);
+-	else /* security hole - plug it */
++	else if ((long)n > 0) /* security hole - plug it -- good idea! */
+ 		memset(to, 0, n);
+ 	return n;
+ }
+diff -urNp linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c
+--- linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/arm/mach-ns9xxx/clock.c	2009-07-23 18:40:27.482433806 -0400
+@@ -195,7 +195,7 @@ static int clk_debugfs_open(struct inode
+ 	return single_open(file, clk_debugfs_show, NULL);
+ }
+ 
+-static struct file_operations clk_debugfs_operations = {
++static const struct file_operations clk_debugfs_operations = {
+ 	.open = clk_debugfs_open,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+diff -urNp linux-2.6.29.6/arch/arm/mm/mmap.c linux-2.6.29.6/arch/arm/mm/mmap.c
+--- linux-2.6.29.6/arch/arm/mm/mmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/arm/mm/mmap.c	2009-07-23 17:34:32.033902767 -0400
+@@ -62,6 +62,10 @@ arch_get_unmapped_area(struct file *filp
+ 	if (len > TASK_SIZE)
+ 		return -ENOMEM;
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	if (addr) {
+ 		if (do_align)
+ 			addr = COLOUR_ALIGN(addr, pgoff);
+@@ -74,10 +78,10 @@ arch_get_unmapped_area(struct file *filp
+ 			return addr;
+ 	}
+ 	if (len > mm->cached_hole_size) {
+-	        start_addr = addr = mm->free_area_cache;
++		start_addr = addr = mm->free_area_cache;
+ 	} else {
+-	        start_addr = addr = TASK_UNMAPPED_BASE;
+-	        mm->cached_hole_size = 0;
++		start_addr = addr = mm->mmap_base;
++		mm->cached_hole_size = 0;
+ 	}
+ 
+ full_search:
+@@ -93,8 +97,8 @@ full_search:
+ 			 * Start a new search - just in case we missed
+ 			 * some holes.
+ 			 */
+-			if (start_addr != TASK_UNMAPPED_BASE) {
+-				start_addr = addr = TASK_UNMAPPED_BASE;
++			if (start_addr != mm->mmap_base) {
++				start_addr = addr = mm->mmap_base;
+ 				mm->cached_hole_size = 0;
+ 				goto full_search;
+ 			}
+diff -urNp linux-2.6.29.6/arch/avr32/include/asm/atomic.h linux-2.6.29.6/arch/avr32/include/asm/atomic.h
+--- linux-2.6.29.6/arch/avr32/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/avr32/include/asm/atomic.h	2009-07-23 17:34:32.034839933 -0400
+@@ -176,9 +176,12 @@ static inline int atomic_sub_if_positive
+ #define atomic_cmpxchg(v, o, n)	(cmpxchg(&((v)->counter), (o), (n)))
+ 
+ #define atomic_sub(i, v)	(void)atomic_sub_return(i, v)
++#define atomic_sub_unchecked(i, v)	atomic_sub((i), (v))
+ #define atomic_add(i, v)	(void)atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v)	atomic_add((i), (v))
+ #define atomic_dec(v)		atomic_sub(1, (v))
+ #define atomic_inc(v)		atomic_add(1, (v))
++#define atomic_inc_unchecked(v)	atomic_inc(v)
+ 
+ #define atomic_dec_return(v)	atomic_sub_return(1, v)
+ #define atomic_inc_return(v)	atomic_add_return(1, v)
+diff -urNp linux-2.6.29.6/arch/avr32/include/asm/elf.h linux-2.6.29.6/arch/avr32/include/asm/elf.h
+--- linux-2.6.29.6/arch/avr32/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/avr32/include/asm/elf.h	2009-07-23 17:34:32.034839933 -0400
+@@ -85,8 +85,14 @@ typedef struct user_fpu_struct elf_fpreg
+    the loader.  We need to make sure that it is out of the way of the program
+    that it will "exec", and that there is sufficient room for the brk.  */
+ 
+-#define ELF_ET_DYN_BASE         (2 * TASK_SIZE / 3)
++#define ELF_ET_DYN_BASE		(TASK_SIZE / 3 * 2)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	0x00001000UL
++
++#define PAX_DELTA_MMAP_LEN	15
++#define PAX_DELTA_STACK_LEN	15
++#endif
+ 
+ /* This yields a mask that user programs can use to figure out what
+    instruction set this CPU supports.  This could be done in user space,
+diff -urNp linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/avr32/include/asm/kmap_types.h	2009-07-23 17:34:32.034839933 -0400
+@@ -22,7 +22,8 @@ D(10)	KM_IRQ0,
+ D(11)	KM_IRQ1,
+ D(12)	KM_SOFTIRQ0,
+ D(13)	KM_SOFTIRQ1,
+-D(14)	KM_TYPE_NR
++D(14)	KM_CLEARPAGE,
++D(15)	KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/arch/avr32/mm/fault.c linux-2.6.29.6/arch/avr32/mm/fault.c
+--- linux-2.6.29.6/arch/avr32/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/avr32/mm/fault.c	2009-07-23 17:34:32.035832174 -0400
+@@ -41,6 +41,23 @@ static inline int notify_page_fault(stru
+ 
+ int exception_trace = 1;
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++void pax_report_insns(void *pc, void *sp)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 20; i++) {
++		unsigned char c;
++		if (get_user(c, (unsigned char *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%02x ", c);
++	}
++	printk("\n");
++}
++#endif
++
+ /*
+  * This routine handles page faults. It determines the address and the
+  * problem, and then passes it off to one of the appropriate routines.
+@@ -157,6 +174,16 @@ bad_area:
+ 	up_read(&mm->mmap_sem);
+ 
+ 	if (user_mode(regs)) {
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if (mm->pax_flags & MF_PAX_PAGEEXEC) {
++			if (ecr == ECR_PROTECTION_X || ecr == ECR_TLB_MISS_X) {
++				pax_report_fault(regs, (void *)regs->pc, (void *)regs->sp);
++				do_group_exit(SIGKILL);
++			}
++		}
++#endif
++
+ 		if (exception_trace && printk_ratelimit())
+ 			printk("%s%s[%d]: segfault at %08lx pc %08lx "
+ 			       "sp %08lx ecr %lu\n",
+diff -urNp linux-2.6.29.6/arch/blackfin/include/asm/atomic.h linux-2.6.29.6/arch/blackfin/include/asm/atomic.h
+--- linux-2.6.29.6/arch/blackfin/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/blackfin/include/asm/atomic.h	2009-07-23 17:34:32.036919850 -0400
+@@ -178,6 +178,9 @@ static inline void atomic_set_mask(unsig
+ 
+ #endif /* !CONFIG_SMP */
+ 
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
++#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
++#define atomic_inc_unchecked(v) atomic_inc((v))
+ #define atomic_add_negative(a, v)	(atomic_add_return((a), (v)) < 0)
+ #define atomic_dec_return(v) atomic_sub_return(1,(v))
+ #define atomic_inc_return(v) atomic_add_return(1,(v))
+diff -urNp linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/blackfin/include/asm/kmap_types.h	2009-07-23 17:34:32.036919850 -0400
+@@ -15,6 +15,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c
+--- linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/blackfin/mach-bf561/coreb.c	2009-07-23 18:40:27.483411300 -0400
+@@ -292,7 +292,7 @@ static int coreb_ioctl(struct inode *ino
+ 	return retval;
+ }
+ 
+-static struct file_operations coreb_fops = {
++static const struct file_operations coreb_fops = {
+ 	.owner = THIS_MODULE,
+ 	.llseek = coreb_lseek,
+ 	.read = coreb_read,
+diff -urNp linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c
+--- linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/cris/arch-v10/drivers/sync_serial.c	2009-07-23 18:40:27.483411300 -0400
+@@ -244,7 +244,7 @@ static unsigned sync_serial_prescale_sha
+ 
+ #define NUMBER_OF_PORTS 2
+ 
+-static struct file_operations sync_serial_fops = {
++static const struct file_operations sync_serial_fops = {
+ 	.owner   = THIS_MODULE,
+ 	.write   = sync_serial_write,
+ 	.read    = sync_serial_read,
+diff -urNp linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c
+--- linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/cris/arch-v32/drivers/mach-fs/gpio.c	2009-07-23 18:40:27.484276735 -0400
+@@ -855,7 +855,7 @@ gpio_leds_ioctl(unsigned int cmd, unsign
+ 	return 0;
+ }
+ 
+-struct file_operations gpio_fops = {
++struct struct file_operations gpio_fops = {
+ 	.owner       = THIS_MODULE,
+ 	.poll        = gpio_poll,
+ 	.ioctl       = gpio_ioctl,
+diff -urNp linux-2.6.29.6/arch/cris/include/asm/atomic.h linux-2.6.29.6/arch/cris/include/asm/atomic.h
+--- linux-2.6.29.6/arch/cris/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/cris/include/asm/atomic.h	2009-07-23 17:34:32.036919850 -0400
+@@ -152,6 +152,10 @@ static inline int atomic_add_unless(atom
+ }
+ #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
+ 
++#define atomic_inc_unchecked(v) atomic_inc((v))
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ /* Atomic operations are already serializing */
+ #define smp_mb__before_atomic_dec()    barrier()
+ #define smp_mb__after_atomic_dec()     barrier()
+diff -urNp linux-2.6.29.6/arch/cris/include/asm/kmap_types.h linux-2.6.29.6/arch/cris/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/cris/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/cris/include/asm/kmap_types.h	2009-07-23 17:34:32.036919850 -0400
+@@ -19,6 +19,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/h8300/include/asm/atomic.h linux-2.6.29.6/arch/h8300/include/asm/atomic.h
+--- linux-2.6.29.6/arch/h8300/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/h8300/include/asm/atomic.h	2009-07-23 17:34:32.036919850 -0400
+@@ -26,6 +26,7 @@ static __inline__ int atomic_add_return(
+ }
+ 
+ #define atomic_add(i, v) atomic_add_return(i, v)
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
+ #define atomic_add_negative(a, v)	(atomic_add_return((a), (v)) < 0)
+ 
+ static __inline__ int atomic_sub_return(int i, atomic_t *v)
+@@ -38,6 +39,7 @@ static __inline__ int atomic_sub_return(
+ }
+ 
+ #define atomic_sub(i, v) atomic_sub_return(i, v)
++#define atomic_subUnchecked(i, v) atomic_sub(i, v)
+ #define atomic_sub_and_test(i,v) (atomic_sub_return(i, v) == 0)
+ 
+ static __inline__ int atomic_inc_return(atomic_t *v)
+@@ -51,6 +53,7 @@ static __inline__ int atomic_inc_return(
+ }
+ 
+ #define atomic_inc(v) atomic_inc_return(v)
++#define atomic_inc_unchecked(v) atomic_inc(v)
+ 
+ /*
+  * atomic_inc_and_test - increment and test
+diff -urNp linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/h8300/include/asm/kmap_types.h	2009-07-23 17:34:32.036919850 -0400
+@@ -15,6 +15,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c
+--- linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/ia32/binfmt_elf32.c	2009-07-23 18:40:27.465457938 -0400
+@@ -45,6 +45,13 @@ randomize_stack_top(unsigned long stack_
+ 
+ #define elf_read_implies_exec(ex, have_pt_gnu_stack)	(!(have_pt_gnu_stack))
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
++
++#define PAX_DELTA_MMAP_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#endif
++
+ /* Ugly but avoids duplication */
+ #include "../../../fs/binfmt_elf.c"
+ 
+@@ -69,11 +76,11 @@ ia32_install_gate_page (struct vm_area_s
+ }
+ 
+ 
+-static struct vm_operations_struct ia32_shared_page_vm_ops = {
++static const struct vm_operations_struct ia32_shared_page_vm_ops = {
+ 	.fault = ia32_install_shared_page
+ };
+ 
+-static struct vm_operations_struct ia32_gate_page_vm_ops = {
++static const struct vm_operations_struct ia32_gate_page_vm_ops = {
+ 	.fault = ia32_install_gate_page
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/ia64/ia32/ia32priv.h linux-2.6.29.6/arch/ia64/ia32/ia32priv.h
+--- linux-2.6.29.6/arch/ia64/ia32/ia32priv.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/ia32/ia32priv.h	2009-07-23 17:34:32.037851190 -0400
+@@ -296,7 +296,14 @@ typedef struct compat_siginfo {
+ #define ELF_DATA	ELFDATA2LSB
+ #define ELF_ARCH	EM_386
+ 
+-#define IA32_STACK_TOP		IA32_PAGE_OFFSET
++#ifdef CONFIG_PAX_RANDUSTACK
++#define __IA32_DELTA_STACK	(current->mm->delta_stack)
++#else
++#define __IA32_DELTA_STACK	0UL
++#endif
++
++#define IA32_STACK_TOP		(IA32_PAGE_OFFSET - __IA32_DELTA_STACK)
++
+ #define IA32_GATE_OFFSET	IA32_PAGE_OFFSET
+ #define IA32_GATE_END		IA32_PAGE_OFFSET + PAGE_SIZE
+ 
+diff -urNp linux-2.6.29.6/arch/ia64/include/asm/atomic.h linux-2.6.29.6/arch/ia64/include/asm/atomic.h
+--- linux-2.6.29.6/arch/ia64/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/include/asm/atomic.h	2009-07-23 17:34:32.037851190 -0400
+@@ -201,8 +201,11 @@ atomic64_add_negative (__s64 i, atomic64
+ #define atomic64_inc_and_test(v)	(atomic64_add_return(1, (v)) == 0)
+ 
+ #define atomic_add(i,v)			atomic_add_return((i), (v))
++#define atomic_add_unchecked(i,v)	atomic_add((i), (v))
+ #define atomic_sub(i,v)			atomic_sub_return((i), (v))
++#define atomic_sub_unchecked(i,v)	atomic_sub((i), (v))
+ #define atomic_inc(v)			atomic_add(1, (v))
++#define atomic_inc_unchecked(v)		atomic_inc(v)
+ #define atomic_dec(v)			atomic_sub(1, (v))
+ 
+ #define atomic64_add(i,v)		atomic64_add_return((i), (v))
+diff -urNp linux-2.6.29.6/arch/ia64/include/asm/elf.h linux-2.6.29.6/arch/ia64/include/asm/elf.h
+--- linux-2.6.29.6/arch/ia64/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/include/asm/elf.h	2009-07-23 17:34:32.037851190 -0400
+@@ -43,6 +43,13 @@
+  */
+ #define ELF_ET_DYN_BASE		(TASK_UNMAPPED_BASE + 0x800000000UL)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(current->personality == PER_LINUX32 ? 0x08048000UL : 0x4000000000000000UL)
++
++#define PAX_DELTA_MMAP_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#define PAX_DELTA_STACK_LEN	(current->personality == PER_LINUX32 ? 16 : 3*PAGE_SHIFT - 13)
++#endif
++
+ #define PT_IA_64_UNWIND		0x70000001
+ 
+ /* IA-64 relocations: */
+diff -urNp linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/include/asm/kmap_types.h	2009-07-23 17:34:32.037851190 -0400
+@@ -22,7 +22,8 @@ D(9)	KM_IRQ0,
+ D(10)	KM_IRQ1,
+ D(11)	KM_SOFTIRQ0,
+ D(12)	KM_SOFTIRQ1,
+-D(13)	KM_TYPE_NR
++D(13)	KM_CLEARPAGE,
++D(14)	KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/arch/ia64/include/asm/pgtable.h linux-2.6.29.6/arch/ia64/include/asm/pgtable.h
+--- linux-2.6.29.6/arch/ia64/include/asm/pgtable.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/include/asm/pgtable.h	2009-07-23 17:34:32.037851190 -0400
+@@ -143,6 +143,17 @@
+ #define PAGE_READONLY	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
+ #define PAGE_COPY_EXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RX)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_RW)
++# define PAGE_READONLY_NOEXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
++# define PAGE_COPY_NOEXEC	__pgprot(__ACCESS_BITS | _PAGE_PL_3 | _PAGE_AR_R)
++#else
++# define PAGE_SHARED_NOEXEC	PAGE_SHARED
++# define PAGE_READONLY_NOEXEC	PAGE_READONLY
++# define PAGE_COPY_NOEXEC	PAGE_COPY
++#endif
++
+ #define PAGE_GATE	__pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_X_RX)
+ #define PAGE_KERNEL	__pgprot(__DIRTY_BITS  | _PAGE_PL_0 | _PAGE_AR_RWX)
+ #define PAGE_KERNELRX	__pgprot(__ACCESS_BITS | _PAGE_PL_0 | _PAGE_AR_RX)
+diff -urNp linux-2.6.29.6/arch/ia64/include/asm/uaccess.h linux-2.6.29.6/arch/ia64/include/asm/uaccess.h
+--- linux-2.6.29.6/arch/ia64/include/asm/uaccess.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/include/asm/uaccess.h	2009-07-23 17:34:32.038733548 -0400
+@@ -257,7 +257,7 @@ __copy_from_user (void *to, const void _
+ 	const void *__cu_from = (from);							\
+ 	long __cu_len = (n);								\
+ 											\
+-	if (__access_ok(__cu_to, __cu_len, get_fs()))					\
++	if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs()))	\
+ 		__cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len);	\
+ 	__cu_len;									\
+ })
+@@ -269,7 +269,7 @@ __copy_from_user (void *to, const void _
+ 	long __cu_len = (n);								\
+ 											\
+ 	__chk_user_ptr(__cu_from);							\
+-	if (__access_ok(__cu_from, __cu_len, get_fs()))					\
++	if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs()))	\
+ 		__cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len);	\
+ 	__cu_len;									\
+ })
+diff -urNp linux-2.6.29.6/arch/ia64/kernel/module.c linux-2.6.29.6/arch/ia64/kernel/module.c
+--- linux-2.6.29.6/arch/ia64/kernel/module.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/kernel/module.c	2009-07-23 17:34:32.038733548 -0400
+@@ -312,8 +312,7 @@ module_alloc (unsigned long size)
+ void
+ module_free (struct module *mod, void *module_region)
+ {
+-	if (mod && mod->arch.init_unw_table &&
+-	    module_region == mod->module_init) {
++	if (mod && mod->arch.init_unw_table && module_region == mod->module_init_rx) {
+ 		unw_remove_unwind_table(mod->arch.init_unw_table);
+ 		mod->arch.init_unw_table = NULL;
+ 	}
+@@ -491,15 +490,39 @@ module_frob_arch_sections (Elf_Ehdr *ehd
+ }
+ 
+ static inline int
++in_init_rx (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_init_rx < mod->init_size_rx;
++}
++
++static inline int
++in_init_rw (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_init_rw < mod->init_size_rw;
++}
++
++static inline int
+ in_init (const struct module *mod, uint64_t addr)
+ {
+-	return addr - (uint64_t) mod->module_init < mod->init_size;
++	return in_init_rx(mod, addr) || in_init_rw(mod, addr);
++}
++
++static inline int
++in_core_rx (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_core_rx < mod->core_size_rx;
++}
++
++static inline int
++in_core_rw (const struct module *mod, uint64_t addr)
++{
++	return addr - (uint64_t) mod->module_core_rw < mod->core_size_rw;
+ }
+ 
+ static inline int
+ in_core (const struct module *mod, uint64_t addr)
+ {
+-	return addr - (uint64_t) mod->module_core < mod->core_size;
++	return in_core_rx(mod, addr) || in_core_rw(mod, addr);
+ }
+ 
+ static inline int
+@@ -683,7 +706,14 @@ do_reloc (struct module *mod, uint8_t r_
+ 		break;
+ 
+ 	      case RV_BDREL:
+-		val -= (uint64_t) (in_init(mod, val) ? mod->module_init : mod->module_core);
++		if (in_init_rx(mod, val))
++			val -= (uint64_t) mod->module_init_rx;
++		else if (in_init_rw(mod, val))
++			val -= (uint64_t) mod->module_init_rw;
++		else if (in_core_rx(mod, val))
++			val -= (uint64_t) mod->module_core_rx;
++		else if (in_core_rw(mod, val))
++			val -= (uint64_t) mod->module_core_rw;
+ 		break;
+ 
+ 	      case RV_LTV:
+@@ -817,15 +847,15 @@ apply_relocate_add (Elf64_Shdr *sechdrs,
+ 		 *     addresses have been selected...
+ 		 */
+ 		uint64_t gp;
+-		if (mod->core_size > MAX_LTOFF)
++		if (mod->core_size_rx + mod->core_size_rw > MAX_LTOFF)
+ 			/*
+ 			 * This takes advantage of fact that SHF_ARCH_SMALL gets allocated
+ 			 * at the end of the module.
+ 			 */
+-			gp = mod->core_size - MAX_LTOFF / 2;
++			gp = mod->core_size_rx + mod->core_size_rw - MAX_LTOFF / 2;
+ 		else
+-			gp = mod->core_size / 2;
+-		gp = (uint64_t) mod->module_core + ((gp + 7) & -8);
++			gp = (mod->core_size_rx + mod->core_size_rw) / 2;
++		gp = (uint64_t) mod->module_core_rx + ((gp + 7) & -8);
+ 		mod->arch.gp = gp;
+ 		DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
+ 	}
+diff -urNp linux-2.6.29.6/arch/ia64/kernel/perfmon.c linux-2.6.29.6/arch/ia64/kernel/perfmon.c
+--- linux-2.6.29.6/arch/ia64/kernel/perfmon.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/kernel/perfmon.c	2009-07-23 18:40:27.485493611 -0400
+@@ -2196,7 +2196,7 @@ pfmfs_delete_dentry(struct dentry *dentr
+ 	return 1;
+ }
+ 
+-static struct dentry_operations pfmfs_dentry_operations = {
++static const struct dentry_operations pfmfs_dentry_operations = {
+ 	.d_delete = pfmfs_delete_dentry,
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c
+--- linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/kernel/sys_ia64.c	2009-07-23 17:34:32.038733548 -0400
+@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *fil
+ 	if (REGION_NUMBER(addr) == RGN_HPAGE)
+ 		addr = 0;
+ #endif
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (mm->pax_flags & MF_PAX_RANDMMAP)
++		addr = mm->free_area_cache;
++	else
++#endif
++
+ 	if (!addr)
+ 		addr = mm->free_area_cache;
+ 
+@@ -61,9 +68,9 @@ arch_get_unmapped_area (struct file *fil
+ 	for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
+ 		/* At this point:  (!vma || addr < vma->vm_end). */
+ 		if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) {
+-			if (start_addr != TASK_UNMAPPED_BASE) {
++			if (start_addr != mm->mmap_base) {
+ 				/* Start a new search --- just in case we missed some holes.  */
+-				addr = TASK_UNMAPPED_BASE;
++				addr = mm->mmap_base;
+ 				goto full_search;
+ 			}
+ 			return -ENOMEM;
+diff -urNp linux-2.6.29.6/arch/ia64/mm/fault.c linux-2.6.29.6/arch/ia64/mm/fault.c
+--- linux-2.6.29.6/arch/ia64/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/mm/fault.c	2009-07-23 17:34:32.038733548 -0400
+@@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned 
+ 	return pte_present(pte);
+ }
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++void pax_report_insns(void *pc, void *sp)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 8; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%08x ", c);
++	}
++	printk("\n");
++}
++#endif
++
+ void __kprobes
+ ia64_do_page_fault (unsigned long address, unsigned long isr, struct pt_regs *regs)
+ {
+@@ -145,9 +162,23 @@ ia64_do_page_fault (unsigned long addres
+ 	mask = (  (((isr >> IA64_ISR_X_BIT) & 1UL) << VM_EXEC_BIT)
+ 		| (((isr >> IA64_ISR_W_BIT) & 1UL) << VM_WRITE_BIT));
+ 
+-	if ((vma->vm_flags & mask) != mask)
++	if ((vma->vm_flags & mask) != mask) {
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if (!(vma->vm_flags & VM_EXEC) && (mask & VM_EXEC)) {
++			if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || address != regs->cr_iip)
++				goto bad_area;
++
++			up_read(&mm->mmap_sem);
++			pax_report_fault(regs, (void *)regs->cr_iip, (void *)regs->r12);
++			do_group_exit(SIGKILL);
++		}
++#endif
++
+ 		goto bad_area;
+ 
++	}
++
+   survive:
+ 	/*
+ 	 * If for any reason at all we couldn't handle the fault, make
+diff -urNp linux-2.6.29.6/arch/ia64/mm/init.c linux-2.6.29.6/arch/ia64/mm/init.c
+--- linux-2.6.29.6/arch/ia64/mm/init.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/ia64/mm/init.c	2009-07-23 17:34:32.038733548 -0400
+@@ -121,6 +121,19 @@ ia64_init_addr_space (void)
+ 		vma->vm_start = current->thread.rbs_bot & PAGE_MASK;
+ 		vma->vm_end = vma->vm_start + PAGE_SIZE;
+ 		vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT;
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if (current->mm->pax_flags & MF_PAX_PAGEEXEC) {
++			vma->vm_flags &= ~VM_EXEC;
++
++#ifdef CONFIG_PAX_MPROTECT
++			if (current->mm->pax_flags & MF_PAX_MPROTECT)
++				vma->vm_flags &= ~VM_MAYEXEC;
++#endif
++
++		}
++#endif
++
+ 		vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
+ 		down_write(&current->mm->mmap_sem);
+ 		if (insert_vm_struct(current->mm, vma)) {
+diff -urNp linux-2.6.29.6/arch/m32r/lib/usercopy.c linux-2.6.29.6/arch/m32r/lib/usercopy.c
+--- linux-2.6.29.6/arch/m32r/lib/usercopy.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/m32r/lib/usercopy.c	2009-07-23 17:34:32.039725062 -0400
+@@ -26,7 +26,7 @@ __generic_copy_from_user(void *to, const
+ 	prefetchw(to);
+ 	if (access_ok(VERIFY_READ, from, n))
+ 		__copy_user_zeroing(to,from,n);
+-	else
++	else if ((long)n > 0)
+ 		memset(to, 0, n);
+ 	return n;
+ }
+diff -urNp linux-2.6.29.6/arch/m68k/include/asm/atomic_mm.h linux-2.6.29.6/arch/m68k/include/asm/atomic_mm.h
+--- linux-2.6.29.6/arch/m68k/include/asm/atomic_mm.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/m68k/include/asm/atomic_mm.h	2009-07-23 17:34:32.039725062 -0400
+@@ -186,6 +186,10 @@ static __inline__ int atomic_add_unless(
+ 
+ #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
+ 
++#define atomic_inc_unchecked(v) atomic_inc((v))
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ /* Atomic operations are already serializing */
+ #define smp_mb__before_atomic_dec()	barrier()
+ #define smp_mb__after_atomic_dec()	barrier()
+diff -urNp linux-2.6.29.6/arch/m68k/include/asm/atomic_no.h linux-2.6.29.6/arch/m68k/include/asm/atomic_no.h
+--- linux-2.6.29.6/arch/m68k/include/asm/atomic_no.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/m68k/include/asm/atomic_no.h	2009-07-23 17:34:32.039725062 -0400
+@@ -151,5 +151,9 @@ static __inline__ int atomic_add_unless(
+ #define atomic_dec_return(v) atomic_sub_return(1,(v))
+ #define atomic_inc_return(v) atomic_add_return(1,(v))
+ 
++#define atomic_inc_unchecked(v) atomic_inc((v))
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ #include <asm-generic/atomic.h>
+ #endif /* __ARCH_M68KNOMMU_ATOMIC __ */
+diff -urNp linux-2.6.29.6/arch/m68k/include/asm/kmap_types_mm.h linux-2.6.29.6/arch/m68k/include/asm/kmap_types_mm.h
+--- linux-2.6.29.6/arch/m68k/include/asm/kmap_types_mm.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/m68k/include/asm/kmap_types_mm.h	2009-07-23 17:34:32.039725062 -0400
+@@ -15,6 +15,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/m68k/include/asm/kmap_types_no.h linux-2.6.29.6/arch/m68k/include/asm/kmap_types_no.h
+--- linux-2.6.29.6/arch/m68k/include/asm/kmap_types_no.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/m68k/include/asm/kmap_types_no.h	2009-07-23 17:34:32.039725062 -0400
+@@ -15,6 +15,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/mips/include/asm/atomic.h linux-2.6.29.6/arch/mips/include/asm/atomic.h
+--- linux-2.6.29.6/arch/mips/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/include/asm/atomic.h	2009-07-23 17:34:32.039725062 -0400
+@@ -381,6 +381,9 @@ static __inline__ int atomic_add_unless(
+  * Atomically increments @v by 1.
+  */
+ #define atomic_inc(v) atomic_add(1, (v))
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
++#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
+ 
+ /*
+  * atomic_dec - decrement and test
+diff -urNp linux-2.6.29.6/arch/mips/include/asm/elf.h linux-2.6.29.6/arch/mips/include/asm/elf.h
+--- linux-2.6.29.6/arch/mips/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/include/asm/elf.h	2009-07-23 17:34:32.039725062 -0400
+@@ -364,4 +364,11 @@ extern int dump_task_fpu(struct task_str
+ #define ELF_ET_DYN_BASE         (TASK_SIZE / 3 * 2)
+ #endif
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN	(test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN	(test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #endif /* _ASM_ELF_H */
+diff -urNp linux-2.6.29.6/arch/mips/include/asm/kmap_types.h linux-2.6.29.6/arch/mips/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/mips/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/include/asm/kmap_types.h	2009-07-23 17:34:32.040769533 -0400
+@@ -22,7 +22,8 @@ D(9)	KM_IRQ0,
+ D(10)	KM_IRQ1,
+ D(11)	KM_SOFTIRQ0,
+ D(12)	KM_SOFTIRQ1,
+-D(13)	KM_TYPE_NR
++D(13)	KM_CLEARPAGE,
++D(14)	KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/arch/mips/include/asm/page.h linux-2.6.29.6/arch/mips/include/asm/page.h
+--- linux-2.6.29.6/arch/mips/include/asm/page.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/include/asm/page.h	2009-07-23 17:34:32.040769533 -0400
+@@ -82,7 +82,7 @@ extern void copy_user_highpage(struct pa
+   #ifdef CONFIG_CPU_MIPS32
+     typedef struct { unsigned long pte_low, pte_high; } pte_t;
+     #define pte_val(x)    ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
+-    #define __pte(x)      ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; })
++    #define __pte(x)      ({ pte_t __pte = {(x), (x) >> 32}; __pte; })
+   #else
+      typedef struct { unsigned long long pte; } pte_t;
+      #define pte_val(x)	((x).pte)
+diff -urNp linux-2.6.29.6/arch/mips/include/asm/system.h linux-2.6.29.6/arch/mips/include/asm/system.h
+--- linux-2.6.29.6/arch/mips/include/asm/system.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/include/asm/system.h	2009-07-23 17:34:32.040769533 -0400
+@@ -217,6 +217,6 @@ extern void per_cpu_trap_init(void);
+  */
+ #define __ARCH_WANT_UNLOCKED_CTXSW
+ 
+-extern unsigned long arch_align_stack(unsigned long sp);
++#define arch_align_stack(x) ((x) & ALMASK)
+ 
+ #endif /* _ASM_SYSTEM_H */
+diff -urNp linux-2.6.29.6/arch/mips/kernel/binfmt_elfn32.c linux-2.6.29.6/arch/mips/kernel/binfmt_elfn32.c
+--- linux-2.6.29.6/arch/mips/kernel/binfmt_elfn32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/kernel/binfmt_elfn32.c	2009-07-23 17:34:32.040769533 -0400
+@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+ #undef ELF_ET_DYN_BASE
+ #define ELF_ET_DYN_BASE         (TASK32_SIZE / 3 * 2)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN	(test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN	(test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #include <asm/processor.h>
+ #include <linux/module.h>
+ #include <linux/elfcore.h>
+diff -urNp linux-2.6.29.6/arch/mips/kernel/binfmt_elfo32.c linux-2.6.29.6/arch/mips/kernel/binfmt_elfo32.c
+--- linux-2.6.29.6/arch/mips/kernel/binfmt_elfo32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/kernel/binfmt_elfo32.c	2009-07-23 17:34:32.040769533 -0400
+@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_N
+ #undef ELF_ET_DYN_BASE
+ #define ELF_ET_DYN_BASE         (TASK32_SIZE / 3 * 2)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(test_thread_flag(TIF_32BIT_ADDR) ? 0x00400000UL : 0x00400000UL)
++
++#define PAX_DELTA_MMAP_LEN	(test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#define PAX_DELTA_STACK_LEN	(test_thread_flag(TIF_32BIT_ADDR) ? 27-PAGE_SHIFT : 36-PAGE_SHIFT)
++#endif
++
+ #include <asm/processor.h>
+ #include <linux/module.h>
+ #include <linux/elfcore.h>
+diff -urNp linux-2.6.29.6/arch/mips/kernel/process.c linux-2.6.29.6/arch/mips/kernel/process.c
+--- linux-2.6.29.6/arch/mips/kernel/process.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/kernel/process.c	2009-07-23 17:34:32.040769533 -0400
+@@ -457,15 +457,3 @@ unsigned long get_wchan(struct task_stru
+ out:
+ 	return pc;
+ }
+-
+-/*
+- * Don't forget that the stack pointer must be aligned on a 8 bytes
+- * boundary for 32-bits ABI and 16 bytes for 64-bits ABI.
+- */
+-unsigned long arch_align_stack(unsigned long sp)
+-{
+-	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
+-		sp -= get_random_int() & ~PAGE_MASK;
+-
+-	return sp & ALMASK;
+-}
+diff -urNp linux-2.6.29.6/arch/mips/kernel/syscall.c linux-2.6.29.6/arch/mips/kernel/syscall.c
+--- linux-2.6.29.6/arch/mips/kernel/syscall.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/kernel/syscall.c	2009-07-23 17:34:32.040769533 -0400
+@@ -99,6 +99,11 @@ unsigned long arch_get_unmapped_area(str
+ 	do_color_align = 0;
+ 	if (filp || (flags & MAP_SHARED))
+ 		do_color_align = 1;
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(current->mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	if (addr) {
+ 		if (do_color_align)
+ 			addr = COLOUR_ALIGN(addr, pgoff);
+@@ -109,7 +114,7 @@ unsigned long arch_get_unmapped_area(str
+ 		    (!vmm || addr + len <= vmm->vm_start))
+ 			return addr;
+ 	}
+-	addr = TASK_UNMAPPED_BASE;
++	addr = current->mm->mmap_base;
+ 	if (do_color_align)
+ 		addr = COLOUR_ALIGN(addr, pgoff);
+ 	else
+diff -urNp linux-2.6.29.6/arch/mips/mm/fault.c linux-2.6.29.6/arch/mips/mm/fault.c
+--- linux-2.6.29.6/arch/mips/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mips/mm/fault.c	2009-07-23 17:34:32.041802959 -0400
+@@ -26,6 +26,23 @@
+ #include <asm/ptrace.h>
+ #include <asm/highmem.h>		/* For VMALLOC_END */
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++void pax_report_insns(void *pc)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 5; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%08x ", c);
++	}
++	printk("\n");
++}
++#endif
++
+ /*
+  * This routine handles page faults.  It determines the address,
+  * and the problem, and then passes it off to one of the appropriate
+diff -urNp linux-2.6.29.6/arch/mn10300/kernel/setup.c linux-2.6.29.6/arch/mn10300/kernel/setup.c
+--- linux-2.6.29.6/arch/mn10300/kernel/setup.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/mn10300/kernel/setup.c	2009-07-23 18:40:27.492312305 -0400
+@@ -289,7 +289,7 @@ static void c_stop(struct seq_file *m, v
+ {
+ }
+ 
+-struct seq_operations cpuinfo_op = {
++const struct seq_operations cpuinfo_op = {
+ 	.start	= c_start,
+ 	.next	= c_next,
+ 	.stop	= c_stop,
+diff -urNp linux-2.6.29.6/arch/parisc/include/asm/atomic.h linux-2.6.29.6/arch/parisc/include/asm/atomic.h
+--- linux-2.6.29.6/arch/parisc/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/include/asm/atomic.h	2009-07-23 17:34:32.041802959 -0400
+@@ -223,8 +223,11 @@ static __inline__ int atomic_add_unless(
+ #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
+ 
+ #define atomic_add(i,v)	((void)(__atomic_add_return( ((int)i),(v))))
++#define atomic_add_unchecked(i,v)	atomic_add((i), (v))
+ #define atomic_sub(i,v)	((void)(__atomic_add_return(-((int)i),(v))))
++#define atomic_sub_unchecked(i,v)	atomic_sub((i), (v))
+ #define atomic_inc(v)	((void)(__atomic_add_return(   1,(v))))
++#define atomic_inc_unchecked(v)	atomic_inc(v)
+ #define atomic_dec(v)	((void)(__atomic_add_return(  -1,(v))))
+ 
+ #define atomic_add_return(i,v)	(__atomic_add_return( ((int)i),(v)))
+diff -urNp linux-2.6.29.6/arch/parisc/include/asm/elf.h linux-2.6.29.6/arch/parisc/include/asm/elf.h
+--- linux-2.6.29.6/arch/parisc/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/include/asm/elf.h	2009-07-23 17:34:32.041802959 -0400
+@@ -333,6 +333,13 @@ struct pt_regs;	/* forward declaration..
+ 
+ #define ELF_ET_DYN_BASE         (TASK_UNMAPPED_BASE + 0x01000000)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	0x10000UL
++
++#define PAX_DELTA_MMAP_LEN	16
++#define PAX_DELTA_STACK_LEN	16
++#endif
++
+ /* This yields a mask that user programs can use to figure out what
+    instruction set this CPU supports.  This could be done in user space,
+    but it's not easy, and we've already done it here.  */
+diff -urNp linux-2.6.29.6/arch/parisc/include/asm/kmap_types.h linux-2.6.29.6/arch/parisc/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/parisc/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/include/asm/kmap_types.h	2009-07-23 17:34:32.041802959 -0400
+@@ -22,7 +22,8 @@ D(9)	KM_IRQ0,
+ D(10)	KM_IRQ1,
+ D(11)	KM_SOFTIRQ0,
+ D(12)	KM_SOFTIRQ1,
+-D(13)	KM_TYPE_NR
++D(13)	KM_CLEARPAGE,
++D(14)	KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/arch/parisc/include/asm/pgtable.h linux-2.6.29.6/arch/parisc/include/asm/pgtable.h
+--- linux-2.6.29.6/arch/parisc/include/asm/pgtable.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/include/asm/pgtable.h	2009-07-23 17:34:32.041802959 -0400
+@@ -202,6 +202,17 @@
+ #define PAGE_EXECREAD   __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED)
+ #define PAGE_COPY       PAGE_EXECREAD
+ #define PAGE_RWX        __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++# define PAGE_SHARED_NOEXEC	__pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_ACCESSED)
++# define PAGE_COPY_NOEXEC	__pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
++# define PAGE_READONLY_NOEXEC	__pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_ACCESSED)
++#else
++# define PAGE_SHARED_NOEXEC	PAGE_SHARED
++# define PAGE_COPY_NOEXEC	PAGE_COPY
++# define PAGE_READONLY_NOEXEC	PAGE_READONLY
++#endif
++
+ #define PAGE_KERNEL	__pgprot(_PAGE_KERNEL)
+ #define PAGE_KERNEL_RO	__pgprot(_PAGE_KERNEL & ~_PAGE_WRITE)
+ #define PAGE_KERNEL_UNC	__pgprot(_PAGE_KERNEL | _PAGE_NO_CACHE)
+diff -urNp linux-2.6.29.6/arch/parisc/kernel/module.c linux-2.6.29.6/arch/parisc/kernel/module.c
+--- linux-2.6.29.6/arch/parisc/kernel/module.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/kernel/module.c	2009-07-23 17:34:32.041802959 -0400
+@@ -93,16 +93,38 @@
+ 
+ /* three functions to determine where in the module core
+  * or init pieces the location is */
++static inline int in_init_rx(struct module *me, void *loc)
++{
++	return (loc >= me->module_init_rx &&
++		loc < (me->module_init_rx + me->init_size_rx));
++}
++
++static inline int in_init_rw(struct module *me, void *loc)
++{
++	return (loc >= me->module_init_rw &&
++		loc < (me->module_init_rw + me->init_size_rw));
++}
++
+ static inline int in_init(struct module *me, void *loc)
+ {
+-	return (loc >= me->module_init &&
+-		loc <= (me->module_init + me->init_size));
++	return in_init_rx(me, loc) || in_init_rw(me, loc);
++}
++
++static inline int in_core_rx(struct module *me, void *loc)
++{
++	return (loc >= me->module_core_rx &&
++		loc < (me->module_core_rx + me->core_size_rx));
++}
++
++static inline int in_core_rw(struct module *me, void *loc)
++{
++	return (loc >= me->module_core_rw &&
++		loc < (me->module_core_rw + me->core_size_rw));
+ }
+ 
+ static inline int in_core(struct module *me, void *loc)
+ {
+-	return (loc >= me->module_core &&
+-		loc <= (me->module_core + me->core_size));
++	return in_core_rx(me, loc) || in_core_rw(me, loc);
+ }
+ 
+ static inline int in_local(struct module *me, void *loc)
+@@ -340,13 +362,13 @@ int module_frob_arch_sections(CONST Elf_
+ 	}
+ 
+ 	/* align things a bit */
+-	me->core_size = ALIGN(me->core_size, 16);
+-	me->arch.got_offset = me->core_size;
+-	me->core_size += gots * sizeof(struct got_entry);
+-
+-	me->core_size = ALIGN(me->core_size, 16);
+-	me->arch.fdesc_offset = me->core_size;
+-	me->core_size += fdescs * sizeof(Elf_Fdesc);
++	me->core_size_rw = ALIGN(me->core_size_rw, 16);
++	me->arch.got_offset = me->core_size_rw;
++	me->core_size_rw += gots * sizeof(struct got_entry);
++
++	me->core_size_rw = ALIGN(me->core_size_rw, 16);
++	me->arch.fdesc_offset = me->core_size_rw;
++	me->core_size_rw += fdescs * sizeof(Elf_Fdesc);
+ 
+ 	me->arch.got_max = gots;
+ 	me->arch.fdesc_max = fdescs;
+@@ -364,7 +386,7 @@ static Elf64_Word get_got(struct module 
+ 
+ 	BUG_ON(value == 0);
+ 
+-	got = me->module_core + me->arch.got_offset;
++	got = me->module_core_rw + me->arch.got_offset;
+ 	for (i = 0; got[i].addr; i++)
+ 		if (got[i].addr == value)
+ 			goto out;
+@@ -382,7 +404,7 @@ static Elf64_Word get_got(struct module 
+ #ifdef CONFIG_64BIT
+ static Elf_Addr get_fdesc(struct module *me, unsigned long value)
+ {
+-	Elf_Fdesc *fdesc = me->module_core + me->arch.fdesc_offset;
++	Elf_Fdesc *fdesc = me->module_core_rw + me->arch.fdesc_offset;
+ 
+ 	if (!value) {
+ 		printk(KERN_ERR "%s: zero OPD requested!\n", me->name);
+@@ -400,7 +422,7 @@ static Elf_Addr get_fdesc(struct module 
+ 
+ 	/* Create new one */
+ 	fdesc->addr = value;
+-	fdesc->gp = (Elf_Addr)me->module_core + me->arch.got_offset;
++	fdesc->gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
+ 	return (Elf_Addr)fdesc;
+ }
+ #endif /* CONFIG_64BIT */
+@@ -816,7 +838,7 @@ register_unwind_table(struct module *me,
+ 
+ 	table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr;
+ 	end = table + sechdrs[me->arch.unwind_section].sh_size;
+-	gp = (Elf_Addr)me->module_core + me->arch.got_offset;
++	gp = (Elf_Addr)me->module_core_rw + me->arch.got_offset;
+ 
+ 	DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
+ 	       me->arch.unwind_section, table, end, gp);
+diff -urNp linux-2.6.29.6/arch/parisc/kernel/sys_parisc.c linux-2.6.29.6/arch/parisc/kernel/sys_parisc.c
+--- linux-2.6.29.6/arch/parisc/kernel/sys_parisc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/kernel/sys_parisc.c	2009-07-23 17:34:32.042928337 -0400
+@@ -98,7 +98,7 @@ unsigned long arch_get_unmapped_area(str
+ 	if (flags & MAP_FIXED)
+ 		return addr;
+ 	if (!addr)
+-		addr = TASK_UNMAPPED_BASE;
++		addr = current->mm->mmap_base;
+ 
+ 	if (filp) {
+ 		addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
+diff -urNp linux-2.6.29.6/arch/parisc/kernel/traps.c linux-2.6.29.6/arch/parisc/kernel/traps.c
+--- linux-2.6.29.6/arch/parisc/kernel/traps.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/kernel/traps.c	2009-07-23 17:34:32.042928337 -0400
+@@ -731,9 +731,7 @@ void handle_interruption(int code, struc
+ 
+ 			down_read(&current->mm->mmap_sem);
+ 			vma = find_vma(current->mm,regs->iaoq[0]);
+-			if (vma && (regs->iaoq[0] >= vma->vm_start)
+-				&& (vma->vm_flags & VM_EXEC)) {
+-
++			if (vma && (regs->iaoq[0] >= vma->vm_start)) {
+ 				fault_address = regs->iaoq[0];
+ 				fault_space = regs->iasq[0];
+ 
+diff -urNp linux-2.6.29.6/arch/parisc/mm/fault.c linux-2.6.29.6/arch/parisc/mm/fault.c
+--- linux-2.6.29.6/arch/parisc/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/parisc/mm/fault.c	2009-07-23 17:34:32.042928337 -0400
+@@ -16,6 +16,7 @@
+ #include <linux/sched.h>
+ #include <linux/interrupt.h>
+ #include <linux/module.h>
++#include <linux/unistd.h>
+ 
+ #include <asm/uaccess.h>
+ #include <asm/traps.h>
+@@ -53,7 +54,7 @@ DEFINE_PER_CPU(struct exception_data, ex
+ static unsigned long
+ parisc_acctyp(unsigned long code, unsigned int inst)
+ {
+-	if (code == 6 || code == 16)
++	if (code == 6 || code == 7 || code == 16)
+ 	    return VM_EXEC;
+ 
+ 	switch (inst & 0xf0000000) {
+@@ -139,6 +140,116 @@ parisc_acctyp(unsigned long code, unsign
+ 			}
+ #endif
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++/*
++ * PaX: decide what to do with offenders (instruction_pointer(regs) = fault address)
++ *
++ * returns 1 when task should be killed
++ *         2 when rt_sigreturn trampoline was detected
++ *         3 when unpatched PLT trampoline was detected
++ */
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++
++#ifdef CONFIG_PAX_EMUPLT
++	int err;
++
++	do { /* PaX: unpatched PLT emulation */
++		unsigned int bl, depwi;
++
++		err = get_user(bl, (unsigned int *)instruction_pointer(regs));
++		err |= get_user(depwi, (unsigned int *)(instruction_pointer(regs)+4));
++
++		if (err)
++			break;
++
++		if (bl == 0xEA9F1FDDU && depwi == 0xD6801C1EU) {
++			unsigned int ldw, bv, ldw2, addr = instruction_pointer(regs)-12;
++
++			err = get_user(ldw, (unsigned int *)addr);
++			err |= get_user(bv, (unsigned int *)(addr+4));
++			err |= get_user(ldw2, (unsigned int *)(addr+8));
++
++			if (err)
++				break;
++
++			if (ldw == 0x0E801096U &&
++			    bv == 0xEAC0C000U &&
++			    ldw2 == 0x0E881095U)
++			{
++				unsigned int resolver, map;
++
++				err = get_user(resolver, (unsigned int *)(instruction_pointer(regs)+8));
++				err |= get_user(map, (unsigned int *)(instruction_pointer(regs)+12));
++				if (err)
++					break;
++
++				regs->gr[20] = instruction_pointer(regs)+8;
++				regs->gr[21] = map;
++				regs->gr[22] = resolver;
++				regs->iaoq[0] = resolver | 3UL;
++				regs->iaoq[1] = regs->iaoq[0] + 4;
++				return 3;
++			}
++		}
++	} while (0);
++#endif
++
++#ifdef CONFIG_PAX_EMUTRAMP
++
++#ifndef CONFIG_PAX_EMUSIGRT
++	if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
++		return 1;
++#endif
++
++	do { /* PaX: rt_sigreturn emulation */
++		unsigned int ldi1, ldi2, bel, nop;
++
++		err = get_user(ldi1, (unsigned int *)instruction_pointer(regs));
++		err |= get_user(ldi2, (unsigned int *)(instruction_pointer(regs)+4));
++		err |= get_user(bel, (unsigned int *)(instruction_pointer(regs)+8));
++		err |= get_user(nop, (unsigned int *)(instruction_pointer(regs)+12));
++
++		if (err)
++			break;
++
++		if ((ldi1 == 0x34190000U || ldi1 == 0x34190002U) &&
++		    ldi2 == 0x3414015AU &&
++		    bel == 0xE4008200U &&
++		    nop == 0x08000240U)
++		{
++			regs->gr[25] = (ldi1 & 2) >> 1;
++			regs->gr[20] = __NR_rt_sigreturn;
++			regs->gr[31] = regs->iaoq[1] + 16;
++			regs->sr[0] = regs->iasq[1];
++			regs->iaoq[0] = 0x100UL;
++			regs->iaoq[1] = regs->iaoq[0] + 4;
++			regs->iasq[0] = regs->sr[2];
++			regs->iasq[1] = regs->sr[2];
++			return 2;
++		}
++	} while (0);
++#endif
++
++	return 1;
++}
++
++void pax_report_insns(void *pc, void *sp)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 5; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%08x ", c);
++	}
++	printk("\n");
++}
++#endif
++
+ int fixup_exception(struct pt_regs *regs)
+ {
+ 	const struct exception_table_entry *fix;
+@@ -193,8 +304,33 @@ good_area:
+ 
+ 	acc_type = parisc_acctyp(code,regs->iir);
+ 
+-	if ((vma->vm_flags & acc_type) != acc_type)
++	if ((vma->vm_flags & acc_type) != acc_type) {
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if ((mm->pax_flags & MF_PAX_PAGEEXEC) && (acc_type & VM_EXEC) &&
++		    (address & ~3UL) == instruction_pointer(regs))
++		{
++			up_read(&mm->mmap_sem);
++			switch (pax_handle_fetch_fault(regs)) {
++
++#ifdef CONFIG_PAX_EMUPLT
++			case 3:
++				return;
++#endif
++
++#ifdef CONFIG_PAX_EMUTRAMP
++			case 2:
++				return;
++#endif
++
++			}
++			pax_report_fault(regs, (void *)instruction_pointer(regs), (void *)regs->gr[30]);
++			do_group_exit(SIGKILL);
++		}
++#endif
++
+ 		goto bad_area;
++	}
+ 
+ 	/*
+ 	 * If for any reason at all we couldn't handle the fault, make
+diff -urNp linux-2.6.29.6/arch/powerpc/include/asm/atomic.h linux-2.6.29.6/arch/powerpc/include/asm/atomic.h
+--- linux-2.6.29.6/arch/powerpc/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/include/asm/atomic.h	2009-07-23 17:34:32.042928337 -0400
+@@ -244,6 +244,10 @@ static __inline__ int atomic_dec_if_posi
+ 	return t;
+ }
+ 
++#define atomic_inc_unchecked(v) atomic_inc((v))
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ #define smp_mb__before_atomic_dec()     smp_mb()
+ #define smp_mb__after_atomic_dec()      smp_mb()
+ #define smp_mb__before_atomic_inc()     smp_mb()
+diff -urNp linux-2.6.29.6/arch/powerpc/include/asm/elf.h linux-2.6.29.6/arch/powerpc/include/asm/elf.h
+--- linux-2.6.29.6/arch/powerpc/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/include/asm/elf.h	2009-07-23 17:34:32.043871989 -0400
+@@ -180,6 +180,18 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[E
+ 
+ #define ELF_ET_DYN_BASE         (0x20000000)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(0x10000000UL)
++
++#ifdef __powerpc64__
++#define PAX_DELTA_MMAP_LEN	(test_thread_flag(TIF_32BIT) ? 16 : 28)
++#define PAX_DELTA_STACK_LEN	(test_thread_flag(TIF_32BIT) ? 16 : 28)
++#else
++#define PAX_DELTA_MMAP_LEN	15
++#define PAX_DELTA_STACK_LEN	15
++#endif
++#endif
++
+ /*
+  * Our registers are always unsigned longs, whether we're a 32 bit
+  * process or 64 bit, on either a 64 bit or 32 bit kernel.
+diff -urNp linux-2.6.29.6/arch/powerpc/include/asm/kmap_types.h linux-2.6.29.6/arch/powerpc/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/powerpc/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/include/asm/kmap_types.h	2009-07-23 17:34:32.043871989 -0400
+@@ -26,6 +26,7 @@ enum km_type {
+ 	KM_SOFTIRQ1,
+ 	KM_PPC_SYNC_PAGE,
+ 	KM_PPC_SYNC_ICACHE,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/powerpc/include/asm/page_64.h linux-2.6.29.6/arch/powerpc/include/asm/page_64.h
+--- linux-2.6.29.6/arch/powerpc/include/asm/page_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/include/asm/page_64.h	2009-07-23 17:34:32.043871989 -0400
+@@ -170,15 +170,18 @@ do {						\
+  * stack by default, so in the absense of a PT_GNU_STACK program header
+  * we turn execute permission off.
+  */
+-#define VM_STACK_DEFAULT_FLAGS32	(VM_READ | VM_WRITE | VM_EXEC | \
+-					 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
++#define VM_STACK_DEFAULT_FLAGS32 \
++	(((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
++	 VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+ 
+ #define VM_STACK_DEFAULT_FLAGS64	(VM_READ | VM_WRITE | \
+ 					 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+ 
++#ifndef CONFIG_PAX_PAGEEXEC
+ #define VM_STACK_DEFAULT_FLAGS \
+ 	(test_thread_flag(TIF_32BIT) ? \
+ 	 VM_STACK_DEFAULT_FLAGS32 : VM_STACK_DEFAULT_FLAGS64)
++#endif
+ 
+ #include <asm-generic/page.h>
+ 
+diff -urNp linux-2.6.29.6/arch/powerpc/include/asm/page.h linux-2.6.29.6/arch/powerpc/include/asm/page.h
+--- linux-2.6.29.6/arch/powerpc/include/asm/page.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/include/asm/page.h	2009-07-23 17:34:32.043871989 -0400
+@@ -114,8 +114,9 @@ extern phys_addr_t kernstart_addr;
+  * and needs to be executable.  This means the whole heap ends
+  * up being executable.
+  */
+-#define VM_DATA_DEFAULT_FLAGS32	(VM_READ | VM_WRITE | VM_EXEC | \
+-				 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
++#define VM_DATA_DEFAULT_FLAGS32 \
++	(((current->personality & READ_IMPLIES_EXEC) ? VM_EXEC : 0) | \
++	 VM_READ | VM_WRITE | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+ 
+ #define VM_DATA_DEFAULT_FLAGS64	(VM_READ | VM_WRITE | \
+ 				 VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)
+diff -urNp linux-2.6.29.6/arch/powerpc/include/asm/uaccess.h linux-2.6.29.6/arch/powerpc/include/asm/uaccess.h
+--- linux-2.6.29.6/arch/powerpc/include/asm/uaccess.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/include/asm/uaccess.h	2009-07-23 17:34:32.043871989 -0400
+@@ -334,6 +334,9 @@ static inline unsigned long copy_from_us
+ {
+ 	unsigned long over;
+ 
++	if (((long)n < 0) || (n > INT_MAX))
++		return n;
++
+ 	if (access_ok(VERIFY_READ, from, n))
+ 		return __copy_tofrom_user((__force void __user *)to, from, n);
+ 	if ((unsigned long)from < TASK_SIZE) {
+@@ -349,6 +352,9 @@ static inline unsigned long copy_to_user
+ {
+ 	unsigned long over;
+ 
++	if (((long)n < 0) || (n > INT_MAX))
++		return n;
++
+ 	if (access_ok(VERIFY_WRITE, to, n))
+ 		return __copy_tofrom_user(to, (__force void __user *)from, n);
+ 	if ((unsigned long)to < TASK_SIZE) {
+diff -urNp linux-2.6.29.6/arch/powerpc/kernel/module_32.c linux-2.6.29.6/arch/powerpc/kernel/module_32.c
+--- linux-2.6.29.6/arch/powerpc/kernel/module_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/kernel/module_32.c	2009-07-23 17:34:32.043871989 -0400
+@@ -162,7 +162,7 @@ int module_frob_arch_sections(Elf32_Ehdr
+ 			me->arch.core_plt_section = i;
+ 	}
+ 	if (!me->arch.core_plt_section || !me->arch.init_plt_section) {
+-		printk("Module doesn't contain .plt or .init.plt sections.\n");
++		printk("Module %s doesn't contain .plt or .init.plt sections.\n", me->name);
+ 		return -ENOEXEC;
+ 	}
+ 
+@@ -203,11 +203,16 @@ static uint32_t do_plt_call(void *locati
+ 
+ 	DEBUGP("Doing plt for call to 0x%x at 0x%x\n", val, (unsigned int)location);
+ 	/* Init, or core PLT? */
+-	if (location >= mod->module_core
+-	    && location < mod->module_core + mod->core_size)
++	if ((location >= mod->module_core_rx && location < mod->module_core_rx + mod->core_size_rx) ||
++	    (location >= mod->module_core_rw && location < mod->module_core_rw + mod->core_size_rw))
+ 		entry = (void *)sechdrs[mod->arch.core_plt_section].sh_addr;
+-	else
++	else if ((location >= mod->module_init_rx && location < mod->module_init_rx + mod->init_size_rx) ||
++		 (location >= mod->module_init_rw && location < mod->module_init_rw + mod->init_size_rw))
+ 		entry = (void *)sechdrs[mod->arch.init_plt_section].sh_addr;
++	else {
++		printk(KERN_ERR "%s: invalid R_PPC_REL24 entry found\n", mod->name);
++		return ~0UL;
++	}
+ 
+ 	/* Find this entry, or if that fails, the next avail. entry */
+ 	while (entry->jump[0]) {
+diff -urNp linux-2.6.29.6/arch/powerpc/kernel/setup-common.c linux-2.6.29.6/arch/powerpc/kernel/setup-common.c
+--- linux-2.6.29.6/arch/powerpc/kernel/setup-common.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/kernel/setup-common.c	2009-07-23 18:40:27.492312305 -0400
+@@ -327,7 +327,7 @@ static void c_stop(struct seq_file *m, v
+ {
+ }
+ 
+-struct seq_operations cpuinfo_op = {
++const struct seq_operations cpuinfo_op = {
+ 	.start =c_start,
+ 	.next =	c_next,
+ 	.stop =	c_stop,
+diff -urNp linux-2.6.29.6/arch/powerpc/kernel/signal_32.c linux-2.6.29.6/arch/powerpc/kernel/signal_32.c
+--- linux-2.6.29.6/arch/powerpc/kernel/signal_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/kernel/signal_32.c	2009-07-23 17:34:32.044827554 -0400
+@@ -857,7 +857,7 @@ int handle_rt_signal32(unsigned long sig
+ 	/* Save user registers on the stack */
+ 	frame = &rt_sf->uc.uc_mcontext;
+ 	addr = frame;
+-	if (vdso32_rt_sigtramp && current->mm->context.vdso_base) {
++	if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
+ 		if (save_user_regs(regs, frame, 0, 1))
+ 			goto badframe;
+ 		regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp;
+diff -urNp linux-2.6.29.6/arch/powerpc/kernel/signal_64.c linux-2.6.29.6/arch/powerpc/kernel/signal_64.c
+--- linux-2.6.29.6/arch/powerpc/kernel/signal_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/kernel/signal_64.c	2009-07-23 17:34:32.044827554 -0400
+@@ -429,7 +429,7 @@ int handle_rt_signal64(int signr, struct
+ 	current->thread.fpscr.val = 0;
+ 
+ 	/* Set up to return from userspace. */
+-	if (vdso64_rt_sigtramp && current->mm->context.vdso_base) {
++	if (vdso64_rt_sigtramp && current->mm->context.vdso_base != ~0UL) {
+ 		regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp;
+ 	} else {
+ 		err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
+diff -urNp linux-2.6.29.6/arch/powerpc/kernel/vdso.c linux-2.6.29.6/arch/powerpc/kernel/vdso.c
+--- linux-2.6.29.6/arch/powerpc/kernel/vdso.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/kernel/vdso.c	2009-07-23 17:34:32.044827554 -0400
+@@ -211,7 +211,7 @@ int arch_setup_additional_pages(struct l
+ 	vdso_base = VDSO32_MBASE;
+ #endif
+ 
+-	current->mm->context.vdso_base = 0;
++	current->mm->context.vdso_base = ~0UL;
+ 
+ 	/* vDSO has a problem and was disabled, just don't "enable" it for the
+ 	 * process
+@@ -228,7 +228,7 @@ int arch_setup_additional_pages(struct l
+ 	 */
+ 	down_write(&mm->mmap_sem);
+ 	vdso_base = get_unmapped_area(NULL, vdso_base,
+-				      vdso_pages << PAGE_SHIFT, 0, 0);
++				      vdso_pages << PAGE_SHIFT, 0, MAP_PRIVATE | MAP_EXECUTABLE);
+ 	if (IS_ERR_VALUE(vdso_base)) {
+ 		rc = vdso_base;
+ 		goto fail_mmapsem;
+diff -urNp linux-2.6.29.6/arch/powerpc/kvm/timing.c linux-2.6.29.6/arch/powerpc/kvm/timing.c
+--- linux-2.6.29.6/arch/powerpc/kvm/timing.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/kvm/timing.c	2009-07-23 18:40:27.493263868 -0400
+@@ -201,7 +201,7 @@ static int kvmppc_exit_timing_open(struc
+ 	return single_open(file, kvmppc_exit_timing_show, inode->i_private);
+ }
+ 
+-static struct file_operations kvmppc_exit_timing_fops = {
++static const struct file_operations kvmppc_exit_timing_fops = {
+ 	.owner   = THIS_MODULE,
+ 	.open    = kvmppc_exit_timing_open,
+ 	.read    = seq_read,
+diff -urNp linux-2.6.29.6/arch/powerpc/lib/usercopy_64.c linux-2.6.29.6/arch/powerpc/lib/usercopy_64.c
+--- linux-2.6.29.6/arch/powerpc/lib/usercopy_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/lib/usercopy_64.c	2009-07-23 17:34:32.044827554 -0400
+@@ -11,6 +11,9 @@
+ 
+ unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
+ {
++	if (unlikely(((long)n < 0) || (n > INT_MAX)))
++		return n;
++
+ 	if (likely(access_ok(VERIFY_READ, from, n)))
+ 		n = __copy_from_user(to, from, n);
+ 	else
+@@ -20,6 +23,9 @@ unsigned long copy_from_user(void *to, c
+ 
+ unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
+ {
++	if (unlikely(((long)n < 0) || (n > INT_MAX)))
++		return n;
++
+ 	if (likely(access_ok(VERIFY_WRITE, to, n)))
+ 		n = __copy_to_user(to, from, n);
+ 	return n;
+diff -urNp linux-2.6.29.6/arch/powerpc/mm/fault.c linux-2.6.29.6/arch/powerpc/mm/fault.c
+--- linux-2.6.29.6/arch/powerpc/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/mm/fault.c	2009-07-23 18:40:27.465457938 -0400
+@@ -29,6 +29,10 @@
+ #include <linux/module.h>
+ #include <linux/kprobes.h>
+ #include <linux/kdebug.h>
++#include <linux/slab.h>
++#include <linux/pagemap.h>
++#include <linux/compiler.h>
++#include <linux/unistd.h>
+ 
+ #include <asm/firmware.h>
+ #include <asm/page.h>
+@@ -63,6 +67,363 @@ static inline int notify_page_fault(stru
+ }
+ #endif
+ 
++#ifdef CONFIG_PAX_EMUSIGRT
++void pax_syscall_close(struct vm_area_struct *vma)
++{
++	vma->vm_mm->call_syscall = 0UL;
++}
++
++static int pax_syscall_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
++{
++	unsigned int *kaddr;
++
++	vmf->page = alloc_page(GFP_HIGHUSER);
++	if (!vmf->page)
++		return VM_FAULT_OOM;
++
++	kaddr = kmap(vmf->page);
++	memset(kaddr, 0, PAGE_SIZE);
++	kaddr[0] = 0x44000002U; /* sc */
++	__flush_dcache_icache(kaddr);
++	kunmap(vmf->page);
++	return VM_FAULT_MAJOR;
++}
++
++static const struct vm_operations_struct pax_vm_ops = {
++	.close = pax_syscall_close,
++	.fault = pax_syscall_fault
++};
++
++static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
++{
++	int ret;
++
++	vma->vm_mm = current->mm;
++	vma->vm_start = addr;
++	vma->vm_end = addr + PAGE_SIZE;
++	vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
++	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
++	vma->vm_ops = &pax_vm_ops;
++
++	ret = insert_vm_struct(current->mm, vma);
++	if (ret)
++		return ret;
++
++	++current->mm->total_vm;
++	return 0;
++}
++#endif
++
++#ifdef CONFIG_PAX_PAGEEXEC
++/*
++ * PaX: decide what to do with offenders (regs->nip = fault address)
++ *
++ * returns 1 when task should be killed
++ *         2 when patched GOT trampoline was detected
++ *         3 when patched PLT trampoline was detected
++ *         4 when unpatched PLT trampoline was detected
++ *         5 when sigreturn trampoline was detected
++ *         6 when rt_sigreturn trampoline was detected
++ */
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++
++#if defined(CONFIG_PAX_EMUPLT) || defined(CONFIG_PAX_EMUSIGRT)
++	int err;
++#endif
++
++#ifdef CONFIG_PAX_EMUPLT
++	do { /* PaX: patched GOT emulation */
++		unsigned int blrl;
++
++		err = get_user(blrl, (unsigned int *)regs->nip);
++
++		if (!err && blrl == 0x4E800021U) {
++			unsigned long temp = regs->nip;
++
++			regs->nip = regs->link & 0xFFFFFFFCUL;
++			regs->link = temp + 4UL;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: patched PLT emulation #1 */
++		unsigned int b;
++
++		err = get_user(b, (unsigned int *)regs->nip);
++
++		if (!err && (b & 0xFC000003U) == 0x48000000U) {
++			regs->nip += (((b | 0xFC000000UL) ^ 0x02000000UL) + 0x02000000UL);
++			return 3;
++		}
++	} while (0);
++
++	do { /* PaX: unpatched PLT emulation #1 */
++		unsigned int li, b;
++
++		err = get_user(li, (unsigned int *)regs->nip);
++		err |= get_user(b, (unsigned int *)(regs->nip+4));
++
++		if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) {
++			unsigned int rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr;
++			unsigned long addr = b | 0xFC000000UL;
++
++			addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL);
++			err = get_user(rlwinm, (unsigned int *)addr);
++			err |= get_user(add, (unsigned int *)(addr+4));
++			err |= get_user(li2, (unsigned int *)(addr+8));
++			err |= get_user(addis2, (unsigned int *)(addr+12));
++			err |= get_user(mtctr, (unsigned int *)(addr+16));
++			err |= get_user(li3, (unsigned int *)(addr+20));
++			err |= get_user(addis3, (unsigned int *)(addr+24));
++			err |= get_user(bctr, (unsigned int *)(addr+28));
++
++			if (err)
++				break;
++
++			if (rlwinm == 0x556C083CU &&
++			    add == 0x7D6C5A14U &&
++			    (li2 & 0xFFFF0000U) == 0x39800000U &&
++			    (addis2 & 0xFFFF0000U) == 0x3D8C0000U &&
++			    mtctr == 0x7D8903A6U &&
++			    (li3 & 0xFFFF0000U) == 0x39800000U &&
++			    (addis3 & 0xFFFF0000U) == 0x3D8C0000U &&
++			    bctr == 0x4E800420U)
++			{
++				regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++				regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++				regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16;
++				regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++				regs->ctr += (addis2 & 0xFFFFU) << 16;
++				regs->nip = regs->ctr;
++				return 4;
++			}
++		}
++	} while (0);
++
++#if 0
++	do { /* PaX: unpatched PLT emulation #2 */
++		unsigned int lis, lwzu, b, bctr;
++
++		err = get_user(lis, (unsigned int *)regs->nip);
++		err |= get_user(lwzu, (unsigned int *)(regs->nip+4));
++		err |= get_user(b, (unsigned int *)(regs->nip+8));
++		err |= get_user(bctr, (unsigned int *)(regs->nip+12));
++
++		if (err)
++			break;
++
++		if ((lis & 0xFFFF0000U) == 0x39600000U &&
++		    (lwzu & 0xU) == 0xU &&
++		    (b & 0xFC000003U) == 0x48000000U &&
++		    bctr == 0x4E800420U)
++		{
++			unsigned int addis, addi, rlwinm, add, li2, addis2, mtctr, li3, addis3, bctr;
++			unsigned long addr = b | 0xFC000000UL;
++
++			addr = regs->nip + 12 + ((addr ^ 0x02000000UL) + 0x02000000UL);
++			err = get_user(addis, (unsigned int *)addr);
++			err |= get_user(addi, (unsigned int *)(addr+4));
++			err |= get_user(rlwinm, (unsigned int *)(addr+8));
++			err |= get_user(add, (unsigned int *)(addr+12));
++			err |= get_user(li2, (unsigned int *)(addr+16));
++			err |= get_user(addis2, (unsigned int *)(addr+20));
++			err |= get_user(mtctr, (unsigned int *)(addr+24));
++			err |= get_user(li3, (unsigned int *)(addr+28));
++			err |= get_user(addis3, (unsigned int *)(addr+32));
++			err |= get_user(bctr, (unsigned int *)(addr+36));
++
++			if (err)
++				break;
++
++			if ((addis & 0xFFFF0000U) == 0x3D6B0000U &&
++			    (addi & 0xFFFF0000U) == 0x396B0000U &&
++			    rlwinm == 0x556C083CU &&
++			    add == 0x7D6C5A14U &&
++			    (li2 & 0xFFFF0000U) == 0x39800000U &&
++			    (addis2 & 0xFFFF0000U) == 0x3D8C0000U &&
++			    mtctr == 0x7D8903A6U &&
++			    (li3 & 0xFFFF0000U) == 0x39800000U &&
++			    (addis3 & 0xFFFF0000U) == 0x3D8C0000U &&
++			    bctr == 0x4E800420U)
++			{
++				regs->gpr[PT_R11] = 3 * (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++				regs->gpr[PT_R12] = (((li3 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++				regs->gpr[PT_R12] += (addis3 & 0xFFFFU) << 16;
++				regs->ctr = (((li2 | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++				regs->ctr += (addis2 & 0xFFFFU) << 16;
++				regs->nip = regs->ctr;
++				return 4;
++			}
++		}
++	} while (0);
++#endif
++
++	do { /* PaX: unpatched PLT emulation #3 */
++		unsigned int li, b;
++
++		err = get_user(li, (unsigned int *)regs->nip);
++		err |= get_user(b, (unsigned int *)(regs->nip+4));
++
++		if (!err && (li & 0xFFFF0000U) == 0x39600000U && (b & 0xFC000003U) == 0x48000000U) {
++			unsigned int addis, lwz, mtctr, bctr;
++			unsigned long addr = b | 0xFC000000UL;
++
++			addr = regs->nip + 4 + ((addr ^ 0x02000000UL) + 0x02000000UL);
++			err = get_user(addis, (unsigned int *)addr);
++			err |= get_user(lwz, (unsigned int *)(addr+4));
++			err |= get_user(mtctr, (unsigned int *)(addr+8));
++			err |= get_user(bctr, (unsigned int *)(addr+12));
++
++			if (err)
++				break;
++
++			if ((addis & 0xFFFF0000U) == 0x3D6B0000U &&
++			    (lwz & 0xFFFF0000U) == 0x816B0000U &&
++			    mtctr == 0x7D6903A6U &&
++			    bctr == 0x4E800420U)
++			{
++				unsigned int r11;
++
++				addr = (addis << 16) + (((li | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++				addr += (((lwz | 0xFFFF0000UL) ^ 0x00008000UL) + 0x00008000UL);
++
++				err = get_user(r11, (unsigned int *)addr);
++				if (err)
++					break;
++
++				regs->gpr[PT_R11] = r11;
++				regs->ctr = r11;
++				regs->nip = r11;
++				return 4;
++			}
++		}
++	} while (0);
++#endif
++
++#ifdef CONFIG_PAX_EMUSIGRT
++	do { /* PaX: sigreturn emulation */
++		unsigned int li, sc;
++
++		err = get_user(li, (unsigned int *)regs->nip);
++		err |= get_user(sc, (unsigned int *)(regs->nip+4));
++
++		if (!err && li == 0x38000000U + __NR_sigreturn && sc == 0x44000002U) {
++			struct vm_area_struct *vma;
++			unsigned long call_syscall;
++
++			down_read(&current->mm->mmap_sem);
++			call_syscall = current->mm->call_syscall;
++			up_read(&current->mm->mmap_sem);
++			if (likely(call_syscall))
++				goto emulate;
++
++			vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++
++			down_write(&current->mm->mmap_sem);
++			if (current->mm->call_syscall) {
++				call_syscall = current->mm->call_syscall;
++				up_write(&current->mm->mmap_sem);
++				if (vma)
++					kmem_cache_free(vm_area_cachep, vma);
++				goto emulate;
++			}
++
++			call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
++			if (!vma || (call_syscall & ~PAGE_MASK)) {
++				up_write(&current->mm->mmap_sem);
++				if (vma)
++					kmem_cache_free(vm_area_cachep, vma);
++				return 1;
++			}
++
++			if (pax_insert_vma(vma, call_syscall)) {
++				up_write(&current->mm->mmap_sem);
++				kmem_cache_free(vm_area_cachep, vma);
++				return 1;
++			}
++
++			current->mm->call_syscall = call_syscall;
++			up_write(&current->mm->mmap_sem);
++
++emulate:
++			regs->gpr[PT_R0] = __NR_sigreturn;
++			regs->nip = call_syscall;
++			return 5;
++		}
++	} while (0);
++
++	do { /* PaX: rt_sigreturn emulation */
++		unsigned int li, sc;
++
++		err = get_user(li, (unsigned int *)regs->nip);
++		err |= get_user(sc, (unsigned int *)(regs->nip+4));
++
++		if (!err && li == 0x38000000U + __NR_rt_sigreturn && sc == 0x44000002U) {
++			struct vm_area_struct *vma;
++			unsigned int call_syscall;
++
++			down_read(&current->mm->mmap_sem);
++			call_syscall = current->mm->call_syscall;
++			up_read(&current->mm->mmap_sem);
++			if (likely(call_syscall))
++				goto rt_emulate;
++
++			vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++
++			down_write(&current->mm->mmap_sem);
++			if (current->mm->call_syscall) {
++				call_syscall = current->mm->call_syscall;
++				up_write(&current->mm->mmap_sem);
++				if (vma)
++					kmem_cache_free(vm_area_cachep, vma);
++				goto rt_emulate;
++			}
++
++			call_syscall = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
++			if (!vma || (call_syscall & ~PAGE_MASK)) {
++				up_write(&current->mm->mmap_sem);
++				if (vma)
++					kmem_cache_free(vm_area_cachep, vma);
++				return 1;
++			}
++
++			if (pax_insert_vma(vma, call_syscall)) {
++				up_write(&current->mm->mmap_sem);
++				kmem_cache_free(vm_area_cachep, vma);
++				return 1;
++			}
++
++			current->mm->call_syscall = call_syscall;
++			up_write(&current->mm->mmap_sem);
++
++rt_emulate:
++			regs->gpr[PT_R0] = __NR_rt_sigreturn;
++			regs->nip = call_syscall;
++			return 6;
++		}
++	} while (0);
++#endif
++
++	return 1;
++}
++
++void pax_report_insns(void *pc, void *sp)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 5; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%08x ", c);
++	}
++	printk("\n");
++}
++#endif
++
+ /*
+  * Check whether the instruction at regs->nip is a store using
+  * an update addressing form which will update r1.
+@@ -133,7 +494,7 @@ int __kprobes do_page_fault(struct pt_re
+ 	 * indicate errors in DSISR but can validly be set in SRR1.
+ 	 */
+ 	if (trap == 0x400)
+-		error_code &= 0x48200000;
++		error_code &= 0x58200000;
+ 	else
+ 		is_write = error_code & DSISR_ISSTORE;
+ #else
+@@ -339,6 +700,37 @@ bad_area:
+ bad_area_nosemaphore:
+ 	/* User mode accesses cause a SIGSEGV */
+ 	if (user_mode(regs)) {
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if (mm->pax_flags & MF_PAX_PAGEEXEC) {
++#ifdef CONFIG_PPC64
++			if (is_exec && (error_code & DSISR_PROTFAULT)) {
++#else
++			if (is_exec && regs->nip == address) {
++#endif
++				switch (pax_handle_fetch_fault(regs)) {
++
++#ifdef CONFIG_PAX_EMUPLT
++				case 2:
++				case 3:
++				case 4:
++					return 0;
++#endif
++
++#ifdef CONFIG_PAX_EMUSIGRT
++				case 5:
++				case 6:
++					return 0;
++#endif
++
++				}
++
++				pax_report_fault(regs, (void *)regs->nip, (void *)regs->gpr[PT_R1]);
++				do_group_exit(SIGKILL);
++			}
++		}
++#endif
++
+ 		_exception(SIGSEGV, regs, code, address);
+ 		return 0;
+ 	}
+diff -urNp linux-2.6.29.6/arch/powerpc/mm/mmap.c linux-2.6.29.6/arch/powerpc/mm/mmap.c
+--- linux-2.6.29.6/arch/powerpc/mm/mmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/mm/mmap.c	2009-07-23 17:34:32.045826057 -0400
+@@ -75,10 +75,22 @@ void arch_pick_mmap_layout(struct mm_str
+ 	 */
+ 	if (mmap_is_legacy()) {
+ 		mm->mmap_base = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++		if (mm->pax_flags & MF_PAX_RANDMMAP)
++			mm->mmap_base += mm->delta_mmap;
++#endif
++
+ 		mm->get_unmapped_area = arch_get_unmapped_area;
+ 		mm->unmap_area = arch_unmap_area;
+ 	} else {
+ 		mm->mmap_base = mmap_base();
++
++#ifdef CONFIG_PAX_RANDMMAP
++		if (mm->pax_flags & MF_PAX_RANDMMAP)
++			mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
++#endif
++
+ 		mm->get_unmapped_area = arch_get_unmapped_area_topdown;
+ 		mm->unmap_area = arch_unmap_area_topdown;
+ 	}
+diff -urNp linux-2.6.29.6/arch/powerpc/platforms/cell/spufs/file.c linux-2.6.29.6/arch/powerpc/platforms/cell/spufs/file.c
+--- linux-2.6.29.6/arch/powerpc/platforms/cell/spufs/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/platforms/cell/spufs/file.c	2009-07-23 18:40:27.494291214 -0400
+@@ -147,7 +147,7 @@ static int __fops ## _open(struct inode 
+ 	__simple_attr_check_format(__fmt, 0ull);			\
+ 	return spufs_attr_open(inode, file, __get, __set, __fmt);	\
+ }									\
+-static struct file_operations __fops = {				\
++static const struct file_operations __fops = {				\
+ 	.owner	 = THIS_MODULE,						\
+ 	.open	 = __fops ## _open,					\
+ 	.release = spufs_attr_release,					\
+@@ -309,7 +309,7 @@ static int spufs_mem_mmap_access(struct 
+ 	return len;
+ }
+ 
+-static struct vm_operations_struct spufs_mem_mmap_vmops = {
++static const struct vm_operations_struct spufs_mem_mmap_vmops = {
+ 	.fault = spufs_mem_mmap_fault,
+ 	.access = spufs_mem_mmap_access,
+ };
+@@ -436,7 +436,7 @@ static int spufs_cntl_mmap_fault(struct 
+ 	return spufs_ps_fault(vma, vmf, 0x4000, SPUFS_CNTL_MAP_SIZE);
+ }
+ 
+-static struct vm_operations_struct spufs_cntl_mmap_vmops = {
++static const struct vm_operations_struct spufs_cntl_mmap_vmops = {
+ 	.fault = spufs_cntl_mmap_fault,
+ };
+ 
+@@ -1141,7 +1141,7 @@ spufs_signal1_mmap_fault(struct vm_area_
+ #endif
+ }
+ 
+-static struct vm_operations_struct spufs_signal1_mmap_vmops = {
++static const struct vm_operations_struct spufs_signal1_mmap_vmops = {
+ 	.fault = spufs_signal1_mmap_fault,
+ };
+ 
+@@ -1277,7 +1277,7 @@ spufs_signal2_mmap_fault(struct vm_area_
+ #endif
+ }
+ 
+-static struct vm_operations_struct spufs_signal2_mmap_vmops = {
++static const struct vm_operations_struct spufs_signal2_mmap_vmops = {
+ 	.fault = spufs_signal2_mmap_fault,
+ };
+ 
+@@ -1395,7 +1395,7 @@ spufs_mss_mmap_fault(struct vm_area_stru
+ 	return spufs_ps_fault(vma, vmf, 0x0000, SPUFS_MSS_MAP_SIZE);
+ }
+ 
+-static struct vm_operations_struct spufs_mss_mmap_vmops = {
++static const struct vm_operations_struct spufs_mss_mmap_vmops = {
+ 	.fault = spufs_mss_mmap_fault,
+ };
+ 
+@@ -1456,7 +1456,7 @@ spufs_psmap_mmap_fault(struct vm_area_st
+ 	return spufs_ps_fault(vma, vmf, 0x0000, SPUFS_PS_MAP_SIZE);
+ }
+ 
+-static struct vm_operations_struct spufs_psmap_mmap_vmops = {
++static const struct vm_operations_struct spufs_psmap_mmap_vmops = {
+ 	.fault = spufs_psmap_mmap_fault,
+ };
+ 
+@@ -1515,7 +1515,7 @@ spufs_mfc_mmap_fault(struct vm_area_stru
+ 	return spufs_ps_fault(vma, vmf, 0x3000, SPUFS_MFC_MAP_SIZE);
+ }
+ 
+-static struct vm_operations_struct spufs_mfc_mmap_vmops = {
++static const struct vm_operations_struct spufs_mfc_mmap_vmops = {
+ 	.fault = spufs_mfc_mmap_fault,
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/powerpc/platforms/pseries/hvCall_inst.c linux-2.6.29.6/arch/powerpc/platforms/pseries/hvCall_inst.c
+--- linux-2.6.29.6/arch/powerpc/platforms/pseries/hvCall_inst.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/powerpc/platforms/pseries/hvCall_inst.c	2009-07-23 18:40:27.495305970 -0400
+@@ -71,7 +71,7 @@ static int hc_show(struct seq_file *m, v
+ 	return 0;
+ }
+ 
+-static struct seq_operations hcall_inst_seq_ops = {
++static const struct seq_operations hcall_inst_seq_ops = {
+         .start = hc_start,
+         .next  = hc_next,
+         .stop  = hc_stop,
+diff -urNp linux-2.6.29.6/arch/s390/hypfs/inode.c linux-2.6.29.6/arch/s390/hypfs/inode.c
+--- linux-2.6.29.6/arch/s390/hypfs/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/s390/hypfs/inode.c	2009-07-23 18:40:27.495305970 -0400
+@@ -41,7 +41,7 @@ struct hypfs_sb_info {
+ 
+ static const struct file_operations hypfs_file_ops;
+ static struct file_system_type hypfs_type;
+-static struct super_operations hypfs_s_ops;
++static const struct super_operations hypfs_s_ops;
+ 
+ /* start of list of all dentries, which have to be deleted on update */
+ static struct dentry *hypfs_last_dentry;
+@@ -476,7 +476,7 @@ static struct file_system_type hypfs_typ
+ 	.kill_sb	= hypfs_kill_super
+ };
+ 
+-static struct super_operations hypfs_s_ops = {
++static const struct super_operations hypfs_s_ops = {
+ 	.statfs		= simple_statfs,
+ 	.drop_inode	= hypfs_drop_inode,
+ 	.show_options	= hypfs_show_options,
+diff -urNp linux-2.6.29.6/arch/s390/include/asm/atomic.h linux-2.6.29.6/arch/s390/include/asm/atomic.h
+--- linux-2.6.29.6/arch/s390/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/s390/include/asm/atomic.h	2009-07-23 17:34:32.045826057 -0400
+@@ -82,8 +82,10 @@ static __inline__ int atomic_add_return(
+ 	return __CS_LOOP(v, i, "ar");
+ }
+ #define atomic_add(_i, _v)		atomic_add_return(_i, _v)
++#define atomic_add_unchecked(_i, _v)	atomic_add((_i), (_v))
+ #define atomic_add_negative(_i, _v)	(atomic_add_return(_i, _v) < 0)
+ #define atomic_inc(_v)			atomic_add_return(1, _v)
++#define atomic_inc_unchecked(_v)	atomic_inc(_v)
+ #define atomic_inc_return(_v)		atomic_add_return(1, _v)
+ #define atomic_inc_and_test(_v)		(atomic_add_return(1, _v) == 0)
+ 
+@@ -92,6 +94,7 @@ static __inline__ int atomic_sub_return(
+ 	return __CS_LOOP(v, i, "sr");
+ }
+ #define atomic_sub(_i, _v)		atomic_sub_return(_i, _v)
++#define atomic_sub_unchecked(_i, _v)	atomic_sub((_i), (_v))
+ #define atomic_sub_and_test(_i, _v)	(atomic_sub_return(_i, _v) == 0)
+ #define atomic_dec(_v)			atomic_sub_return(1, _v)
+ #define atomic_dec_return(_v)		atomic_sub_return(1, _v)
+diff -urNp linux-2.6.29.6/arch/s390/include/asm/kmap_types.h linux-2.6.29.6/arch/s390/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/s390/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/s390/include/asm/kmap_types.h	2009-07-23 17:34:32.045826057 -0400
+@@ -16,6 +16,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,	
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/s390/include/asm/uaccess.h linux-2.6.29.6/arch/s390/include/asm/uaccess.h
+--- linux-2.6.29.6/arch/s390/include/asm/uaccess.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/s390/include/asm/uaccess.h	2009-07-23 17:34:32.045826057 -0400
+@@ -285,7 +285,7 @@ copy_from_user(void *to, const void __us
+ 	might_sleep();
+ 	if (access_ok(VERIFY_READ, from, n))
+ 		n = __copy_from_user(to, from, n);
+-	else
++	else if ((long)n > 0)
+ 		memset(to, 0, n);
+ 	return n;
+ }
+diff -urNp linux-2.6.29.6/arch/s390/kernel/module.c linux-2.6.29.6/arch/s390/kernel/module.c
+--- linux-2.6.29.6/arch/s390/kernel/module.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/s390/kernel/module.c	2009-07-23 17:34:32.045826057 -0400
+@@ -166,11 +166,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr,
+ 
+ 	/* Increase core size by size of got & plt and set start
+ 	   offsets for got and plt. */
+-	me->core_size = ALIGN(me->core_size, 4);
+-	me->arch.got_offset = me->core_size;
+-	me->core_size += me->arch.got_size;
+-	me->arch.plt_offset = me->core_size;
+-	me->core_size += me->arch.plt_size;
++	me->core_size_rw = ALIGN(me->core_size_rw, 4);
++	me->arch.got_offset = me->core_size_rw;
++	me->core_size_rw += me->arch.got_size;
++	me->arch.plt_offset = me->core_size_rx;
++	me->core_size_rx += me->arch.plt_size;
+ 	return 0;
+ }
+ 
+@@ -256,7 +256,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
+ 		if (info->got_initialized == 0) {
+ 			Elf_Addr *gotent;
+ 
+-			gotent = me->module_core + me->arch.got_offset +
++			gotent = me->module_core_rw + me->arch.got_offset +
+ 				info->got_offset;
+ 			*gotent = val;
+ 			info->got_initialized = 1;
+@@ -280,7 +280,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
+ 		else if (r_type == R_390_GOTENT ||
+ 			 r_type == R_390_GOTPLTENT)
+ 			*(unsigned int *) loc =
+-				(val + (Elf_Addr) me->module_core - loc) >> 1;
++				(val + (Elf_Addr) me->module_core_rw - loc) >> 1;
+ 		else if (r_type == R_390_GOT64 ||
+ 			 r_type == R_390_GOTPLT64)
+ 			*(unsigned long *) loc = val;
+@@ -294,7 +294,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
+ 	case R_390_PLTOFF64:	/* 16 bit offset from GOT to PLT. */
+ 		if (info->plt_initialized == 0) {
+ 			unsigned int *ip;
+-			ip = me->module_core + me->arch.plt_offset +
++			ip = me->module_core_rx + me->arch.plt_offset +
+ 				info->plt_offset;
+ #ifndef CONFIG_64BIT
+ 			ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */
+@@ -316,7 +316,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
+ 			val = me->arch.plt_offset - me->arch.got_offset +
+ 				info->plt_offset + rela->r_addend;
+ 		else
+-			val =  (Elf_Addr) me->module_core +
++			val =  (Elf_Addr) me->module_core_rx +
+ 				me->arch.plt_offset + info->plt_offset + 
+ 				rela->r_addend - loc;
+ 		if (r_type == R_390_PLT16DBL)
+@@ -336,7 +336,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
+ 	case R_390_GOTOFF32:	/* 32 bit offset to GOT.  */
+ 	case R_390_GOTOFF64:	/* 64 bit offset to GOT. */
+ 		val = val + rela->r_addend -
+-			((Elf_Addr) me->module_core + me->arch.got_offset);
++			((Elf_Addr) me->module_core_rw + me->arch.got_offset);
+ 		if (r_type == R_390_GOTOFF16)
+ 			*(unsigned short *) loc = val;
+ 		else if (r_type == R_390_GOTOFF32)
+@@ -346,7 +346,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base
+ 		break;
+ 	case R_390_GOTPC:	/* 32 bit PC relative offset to GOT. */
+ 	case R_390_GOTPCDBL:	/* 32 bit PC rel. off. to GOT shifted by 1. */
+-		val = (Elf_Addr) me->module_core + me->arch.got_offset +
++		val = (Elf_Addr) me->module_core_rw + me->arch.got_offset +
+ 			rela->r_addend - loc;
+ 		if (r_type == R_390_GOTPC)
+ 			*(unsigned int *) loc = val;
+diff -urNp linux-2.6.29.6/arch/sh/include/asm/atomic.h linux-2.6.29.6/arch/sh/include/asm/atomic.h
+--- linux-2.6.29.6/arch/sh/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sh/include/asm/atomic.h	2009-07-23 17:34:32.047807130 -0400
+@@ -43,6 +43,9 @@
+ #define atomic_dec_and_test(v) (atomic_sub_return(1, (v)) == 0)
+ 
+ #define atomic_inc(v) atomic_add(1,(v))
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
+ #define atomic_dec(v) atomic_sub(1,(v))
+ 
+ #ifndef CONFIG_GUSA_RB
+diff -urNp linux-2.6.29.6/arch/sh/include/asm/kmap_types.h linux-2.6.29.6/arch/sh/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/sh/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sh/include/asm/kmap_types.h	2009-07-23 17:34:32.047807130 -0400
+@@ -24,7 +24,8 @@ D(9)	KM_IRQ0,
+ D(10)	KM_IRQ1,
+ D(11)	KM_SOFTIRQ0,
+ D(12)	KM_SOFTIRQ1,
+-D(13)	KM_TYPE_NR
++D(13)	KM_CLEARPAGE,
++D(14)	KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/atomic_32.h linux-2.6.29.6/arch/sparc/include/asm/atomic_32.h
+--- linux-2.6.29.6/arch/sparc/include/asm/atomic_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/atomic_32.h	2009-07-23 17:34:32.047807130 -0400
+@@ -26,8 +26,11 @@ extern void atomic_set(atomic_t *, int);
+ #define atomic_read(v)          ((v)->counter)
+ 
+ #define atomic_add(i, v)	((void)__atomic_add_return( (int)(i), (v)))
++#define atomic_add_unchecked(i, v)	atomic_add((i), (v))
+ #define atomic_sub(i, v)	((void)__atomic_add_return(-(int)(i), (v)))
++#define atomic_sub_unchecked(i, v)	atomic_sub((i), (v))
+ #define atomic_inc(v)		((void)__atomic_add_return(        1, (v)))
++#define atomic_inc_unchecked(v)	atomic_inc(v)
+ #define atomic_dec(v)		((void)__atomic_add_return(       -1, (v)))
+ 
+ #define atomic_add_return(i, v)	(__atomic_add_return( (int)(i), (v)))
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/atomic_64.h linux-2.6.29.6/arch/sparc/include/asm/atomic_64.h
+--- linux-2.6.29.6/arch/sparc/include/asm/atomic_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/atomic_64.h	2009-07-23 17:34:32.047807130 -0400
+@@ -20,8 +20,10 @@
+ #define atomic64_set(v, i)	(((v)->counter) = i)
+ 
+ extern void atomic_add(int, atomic_t *);
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
+ extern void atomic64_add(int, atomic64_t *);
+ extern void atomic_sub(int, atomic_t *);
++#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
+ extern void atomic64_sub(int, atomic64_t *);
+ 
+ extern int atomic_add_ret(int, atomic_t *);
+@@ -59,6 +61,7 @@ extern int atomic64_sub_ret(int, atomic6
+ #define atomic64_dec_and_test(v) (atomic64_sub_ret(1, v) == 0)
+ 
+ #define atomic_inc(v) atomic_add(1, v)
++#define atomic_inc_unchecked(v) atomic_inc(v)
+ #define atomic64_inc(v) atomic64_add(1, v)
+ 
+ #define atomic_dec(v) atomic_sub(1, v)
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/elf_32.h linux-2.6.29.6/arch/sparc/include/asm/elf_32.h
+--- linux-2.6.29.6/arch/sparc/include/asm/elf_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/elf_32.h	2009-07-23 17:34:32.047807130 -0400
+@@ -116,6 +116,13 @@ typedef struct {
+ 
+ #define ELF_ET_DYN_BASE         (TASK_UNMAPPED_BASE)
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	0x10000UL
++
++#define PAX_DELTA_MMAP_LEN	16
++#define PAX_DELTA_STACK_LEN	16
++#endif
++
+ /* This yields a mask that user programs can use to figure out what
+    instruction set this cpu supports.  This can NOT be done in userspace
+    on Sparc.  */
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/elf_64.h linux-2.6.29.6/arch/sparc/include/asm/elf_64.h
+--- linux-2.6.29.6/arch/sparc/include/asm/elf_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/elf_64.h	2009-07-23 17:34:32.047807130 -0400
+@@ -163,6 +163,12 @@ typedef struct {
+ #define ELF_ET_DYN_BASE		0x0000010000000000UL
+ #define COMPAT_ELF_ET_DYN_BASE	0x0000000070000000UL
+ 
++#ifdef CONFIG_PAX_ASLR
++#define PAX_ELF_ET_DYN_BASE	(test_thread_flag(TIF_32BIT) ? 0x10000UL : 0x100000UL)
++
++#define PAX_DELTA_MMAP_LEN	(test_thread_flag(TIF_32BIT) ? 14 : 28 )
++#define PAX_DELTA_STACK_LEN	(test_thread_flag(TIF_32BIT) ? 15 : 29 )
++#endif
+ 
+ /* This yields a mask that user programs can use to figure out what
+    instruction set this cpu supports.  */
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/kmap_types.h linux-2.6.29.6/arch/sparc/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/sparc/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/kmap_types.h	2009-07-23 17:34:32.048766932 -0400
+@@ -19,6 +19,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/pgtable_32.h linux-2.6.29.6/arch/sparc/include/asm/pgtable_32.h
+--- linux-2.6.29.6/arch/sparc/include/asm/pgtable_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/pgtable_32.h	2009-07-23 17:34:32.048766932 -0400
+@@ -43,6 +43,13 @@ BTFIXUPDEF_SIMM13(user_ptrs_per_pgd)
+ BTFIXUPDEF_INT(page_none)
+ BTFIXUPDEF_INT(page_copy)
+ BTFIXUPDEF_INT(page_readonly)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++BTFIXUPDEF_INT(page_shared_noexec)
++BTFIXUPDEF_INT(page_copy_noexec)
++BTFIXUPDEF_INT(page_readonly_noexec)
++#endif
++
+ BTFIXUPDEF_INT(page_kernel)
+ 
+ #define PMD_SHIFT		SUN4C_PMD_SHIFT
+@@ -64,6 +71,16 @@ extern pgprot_t PAGE_SHARED;
+ #define PAGE_COPY      __pgprot(BTFIXUP_INT(page_copy))
+ #define PAGE_READONLY  __pgprot(BTFIXUP_INT(page_readonly))
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++extern pgprot_t PAGE_SHARED_NOEXEC;
++# define PAGE_COPY_NOEXEC	__pgprot(BTFIXUP_INT(page_copy_noexec))
++# define PAGE_READONLY_NOEXEC	__pgprot(BTFIXUP_INT(page_readonly_noexec))
++#else
++# define PAGE_SHARED_NOEXEC	PAGE_SHARED
++# define PAGE_COPY_NOEXEC	PAGE_COPY
++# define PAGE_READONLY_NOEXEC	PAGE_READONLY
++#endif
++
+ extern unsigned long page_kernel;
+ 
+ #ifdef MODULE
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/pgtsrmmu.h linux-2.6.29.6/arch/sparc/include/asm/pgtsrmmu.h
+--- linux-2.6.29.6/arch/sparc/include/asm/pgtsrmmu.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/pgtsrmmu.h	2009-07-23 17:34:32.048766932 -0400
+@@ -115,6 +115,13 @@
+ 				    SRMMU_EXEC | SRMMU_REF)
+ #define SRMMU_PAGE_RDONLY  __pgprot(SRMMU_VALID | SRMMU_CACHE | \
+ 				    SRMMU_EXEC | SRMMU_REF)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++#define SRMMU_PAGE_SHARED_NOEXEC	__pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_WRITE | SRMMU_REF)
++#define SRMMU_PAGE_COPY_NOEXEC	__pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
++#define SRMMU_PAGE_RDONLY_NOEXEC	__pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_REF)
++#endif
++
+ #define SRMMU_PAGE_KERNEL  __pgprot(SRMMU_VALID | SRMMU_CACHE | SRMMU_PRIV | \
+ 				    SRMMU_DIRTY | SRMMU_REF)
+ 
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/uaccess_32.h linux-2.6.29.6/arch/sparc/include/asm/uaccess_32.h
+--- linux-2.6.29.6/arch/sparc/include/asm/uaccess_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/uaccess_32.h	2009-07-23 17:34:32.048766932 -0400
+@@ -246,7 +246,7 @@ extern unsigned long __copy_user(void __
+ 
+ static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n)
+ {
+-	if (n && __access_ok((unsigned long) to, n))
++	if (((int)n > 0) && __access_ok((unsigned long) to, n))
+ 		return __copy_user(to, (__force void __user *) from, n);
+ 	else
+ 		return n;
+@@ -259,7 +259,7 @@ static inline unsigned long __copy_to_us
+ 
+ static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n)
+ {
+-	if (n && __access_ok((unsigned long) from, n))
++	if (((int)n > 0) && __access_ok((unsigned long) from, n))
+ 		return __copy_user((__force void __user *) to, from, n);
+ 	else
+ 		return n;
+diff -urNp linux-2.6.29.6/arch/sparc/include/asm/uaccess_64.h linux-2.6.29.6/arch/sparc/include/asm/uaccess_64.h
+--- linux-2.6.29.6/arch/sparc/include/asm/uaccess_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/include/asm/uaccess_64.h	2009-07-23 17:34:32.048766932 -0400
+@@ -212,7 +212,12 @@ extern unsigned long copy_from_user_fixu
+ static inline unsigned long __must_check
+ copy_from_user(void *to, const void __user *from, unsigned long size)
+ {
+-	unsigned long ret = ___copy_from_user(to, from, size);
++	unsigned long ret;
++
++	if (unlikely(((long)size > INT_MAX) || ((long)size < 0)))
++		return size;
++
++	ret  = ___copy_from_user(to, from, size);
+ 
+ 	if (unlikely(ret))
+ 		ret = copy_from_user_fixup(to, from, size);
+@@ -228,7 +233,12 @@ extern unsigned long copy_to_user_fixup(
+ static inline unsigned long __must_check
+ copy_to_user(void __user *to, const void *from, unsigned long size)
+ {
+-	unsigned long ret = ___copy_to_user(to, from, size);
++	unsigned long ret;
++
++	if (unlikely(((long)size > INT_MAX) || ((long)size < 0)))
++		return size;
++
++	ret  = ___copy_to_user(to, from, size);
+ 
+ 	if (unlikely(ret))
+ 		ret = copy_to_user_fixup(to, from, size);
+diff -urNp linux-2.6.29.6/arch/sparc/kernel/Makefile linux-2.6.29.6/arch/sparc/kernel/Makefile
+--- linux-2.6.29.6/arch/sparc/kernel/Makefile	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/kernel/Makefile	2009-07-23 17:34:32.049741165 -0400
+@@ -3,7 +3,7 @@
+ #
+ 
+ asflags-y := -ansi
+-ccflags-y := -Werror
++#ccflags-y := -Werror
+ 
+ extra-y     := head_$(BITS).o
+ extra-y     += init_task.o
+diff -urNp linux-2.6.29.6/arch/sparc/kernel/sys_sparc_32.c linux-2.6.29.6/arch/sparc/kernel/sys_sparc_32.c
+--- linux-2.6.29.6/arch/sparc/kernel/sys_sparc_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/kernel/sys_sparc_32.c	2009-07-23 17:34:32.049741165 -0400
+@@ -56,7 +56,7 @@ unsigned long arch_get_unmapped_area(str
+ 	if (ARCH_SUN4C && len > 0x20000000)
+ 		return -ENOMEM;
+ 	if (!addr)
+-		addr = TASK_UNMAPPED_BASE;
++		addr = current->mm->mmap_base;
+ 
+ 	if (flags & MAP_SHARED)
+ 		addr = COLOUR_ALIGN(addr);
+diff -urNp linux-2.6.29.6/arch/sparc/kernel/sys_sparc_64.c linux-2.6.29.6/arch/sparc/kernel/sys_sparc_64.c
+--- linux-2.6.29.6/arch/sparc/kernel/sys_sparc_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/kernel/sys_sparc_64.c	2009-07-23 17:34:32.049741165 -0400
+@@ -125,7 +125,7 @@ unsigned long arch_get_unmapped_area(str
+ 		/* We do not accept a shared mapping if it would violate
+ 		 * cache aliasing constraints.
+ 		 */
+-		if ((flags & MAP_SHARED) &&
++		if ((filp || (flags & MAP_SHARED)) &&
+ 		    ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
+ 			return -EINVAL;
+ 		return addr;
+@@ -140,6 +140,10 @@ unsigned long arch_get_unmapped_area(str
+ 	if (filp || (flags & MAP_SHARED))
+ 		do_color_align = 1;
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	if (addr) {
+ 		if (do_color_align)
+ 			addr = COLOUR_ALIGN(addr, pgoff);
+@@ -153,9 +157,9 @@ unsigned long arch_get_unmapped_area(str
+ 	}
+ 
+ 	if (len > mm->cached_hole_size) {
+-	        start_addr = addr = mm->free_area_cache;
++		start_addr = addr = mm->free_area_cache;
+ 	} else {
+-	        start_addr = addr = TASK_UNMAPPED_BASE;
+++		start_addr = addr = mm->mmap_base;
+ 	        mm->cached_hole_size = 0;
+ 	}
+ 
+@@ -175,8 +179,8 @@ full_search:
+ 			vma = find_vma(mm, VA_EXCLUDE_END);
+ 		}
+ 		if (unlikely(task_size < addr)) {
+-			if (start_addr != TASK_UNMAPPED_BASE) {
+-				start_addr = addr = TASK_UNMAPPED_BASE;
++			if (start_addr != mm->mmap_base) {
++				start_addr = addr = mm->mmap_base;
+ 				mm->cached_hole_size = 0;
+ 				goto full_search;
+ 			}
+@@ -216,7 +220,7 @@ arch_get_unmapped_area_topdown(struct fi
+ 		/* We do not accept a shared mapping if it would violate
+ 		 * cache aliasing constraints.
+ 		 */
+-		if ((flags & MAP_SHARED) &&
++		if ((filp || (flags & MAP_SHARED)) &&
+ 		    ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1)))
+ 			return -EINVAL;
+ 		return addr;
+@@ -380,6 +384,12 @@ void arch_pick_mmap_layout(struct mm_str
+ 	    current->signal->rlim[RLIMIT_STACK].rlim_cur == RLIM_INFINITY ||
+ 	    sysctl_legacy_va_layout) {
+ 		mm->mmap_base = TASK_UNMAPPED_BASE + random_factor;
++
++#ifdef CONFIG_PAX_RANDMMAP
++		if (mm->pax_flags & MF_PAX_RANDMMAP)
++			mm->mmap_base += mm->delta_mmap;
++#endif
++
+ 		mm->get_unmapped_area = arch_get_unmapped_area;
+ 		mm->unmap_area = arch_unmap_area;
+ 	} else {
+@@ -394,6 +404,12 @@ void arch_pick_mmap_layout(struct mm_str
+ 			gap = (task_size / 6 * 5);
+ 
+ 		mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor);
++
++#ifdef CONFIG_PAX_RANDMMAP
++		if (mm->pax_flags & MF_PAX_RANDMMAP)
++			mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
++#endif
++
+ 		mm->get_unmapped_area = arch_get_unmapped_area_topdown;
+ 		mm->unmap_area = arch_unmap_area_topdown;
+ 	}
+diff -urNp linux-2.6.29.6/arch/sparc/Makefile linux-2.6.29.6/arch/sparc/Makefile
+--- linux-2.6.29.6/arch/sparc/Makefile	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/Makefile	2009-07-23 17:34:32.049741165 -0400
+@@ -81,7 +81,7 @@ drivers-$(CONFIG_OPROFILE)	+= arch/sparc
+ # Export what is needed by arch/sparc/boot/Makefile
+ export VMLINUX_INIT VMLINUX_MAIN
+ VMLINUX_INIT := $(head-y) $(init-y)
+-VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++VMLINUX_MAIN := $(core-y) kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y)
+ VMLINUX_MAIN += $(drivers-y) $(net-y)
+ 
+diff -urNp linux-2.6.29.6/arch/sparc/mm/fault_32.c linux-2.6.29.6/arch/sparc/mm/fault_32.c
+--- linux-2.6.29.6/arch/sparc/mm/fault_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/mm/fault_32.c	2009-07-23 18:40:27.465457938 -0400
+@@ -21,6 +21,9 @@
+ #include <linux/interrupt.h>
+ #include <linux/module.h>
+ #include <linux/kdebug.h>
++#include <linux/slab.h>
++#include <linux/pagemap.h>
++#include <linux/compiler.h>
+ 
+ #include <asm/system.h>
+ #include <asm/page.h>
+@@ -167,6 +170,249 @@ static unsigned long compute_si_addr(str
+ 	return safe_compute_effective_address(regs, insn);
+ }
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++void pax_emuplt_close(struct vm_area_struct *vma)
++{
++	vma->vm_mm->call_dl_resolve = 0UL;
++}
++
++static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
++{
++	unsigned int *kaddr;
++
++	vmf->page = alloc_page(GFP_HIGHUSER);
++	if (!vmf->page)
++		return VM_FAULT_OOM;
++
++	kaddr = kmap(vmf->page);
++	memset(kaddr, 0, PAGE_SIZE);
++	kaddr[0] = 0x9DE3BFA8U; /* save */
++	flush_dcache_page(vmf->page);
++	kunmap(vmf->page);
++	return VM_FAULT_MAJOR;
++}
++
++static const struct vm_operations_struct pax_vm_ops = {
++	.close = pax_emuplt_close,
++	.fault = pax_emuplt_fault
++};
++
++static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
++{
++	int ret;
++
++	vma->vm_mm = current->mm;
++	vma->vm_start = addr;
++	vma->vm_end = addr + PAGE_SIZE;
++	vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
++	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
++	vma->vm_ops = &pax_vm_ops;
++
++	ret = insert_vm_struct(current->mm, vma);
++	if (ret)
++		return ret;
++
++	++current->mm->total_vm;
++	return 0;
++}
++
++/*
++ * PaX: decide what to do with offenders (regs->pc = fault address)
++ *
++ * returns 1 when task should be killed
++ *         2 when patched PLT trampoline was detected
++ *         3 when unpatched PLT trampoline was detected
++ */
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++
++#ifdef CONFIG_PAX_EMUPLT
++	int err;
++
++	do { /* PaX: patched PLT emulation #1 */
++		unsigned int sethi1, sethi2, jmpl;
++
++		err = get_user(sethi1, (unsigned int *)regs->pc);
++		err |= get_user(sethi2, (unsigned int *)(regs->pc+4));
++		err |= get_user(jmpl, (unsigned int *)(regs->pc+8));
++
++		if (err)
++			break;
++
++		if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
++		    (sethi2 & 0xFFC00000U) == 0x03000000U &&
++		    (jmpl & 0xFFFFE000U) == 0x81C06000U)
++		{
++			unsigned int addr;
++
++			regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
++			addr = regs->u_regs[UREG_G1];
++			addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
++			regs->pc = addr;
++			regs->npc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	{ /* PaX: patched PLT emulation #2 */
++		unsigned int ba;
++
++		err = get_user(ba, (unsigned int *)regs->pc);
++
++		if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
++			unsigned int addr;
++
++			addr = regs->pc + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
++			regs->pc = addr;
++			regs->npc = addr+4;
++			return 2;
++		}
++	}
++
++	do { /* PaX: patched PLT emulation #3 */
++		unsigned int sethi, jmpl, nop;
++
++		err = get_user(sethi, (unsigned int *)regs->pc);
++		err |= get_user(jmpl, (unsigned int *)(regs->pc+4));
++		err |= get_user(nop, (unsigned int *)(regs->pc+8));
++
++		if (err)
++			break;
++
++		if ((sethi & 0xFFC00000U) == 0x03000000U &&
++		    (jmpl & 0xFFFFE000U) == 0x81C06000U &&
++		    nop == 0x01000000U)
++		{
++			unsigned int addr;
++
++			addr = (sethi & 0x003FFFFFU) << 10;
++			regs->u_regs[UREG_G1] = addr;
++			addr += (((jmpl | 0xFFFFE000U) ^ 0x00001000U) + 0x00001000U);
++			regs->pc = addr;
++			regs->npc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: unpatched PLT emulation step 1 */
++		unsigned int sethi, ba, nop;
++
++		err = get_user(sethi, (unsigned int *)regs->pc);
++		err |= get_user(ba, (unsigned int *)(regs->pc+4));
++		err |= get_user(nop, (unsigned int *)(regs->pc+8));
++
++		if (err)
++			break;
++
++		if ((sethi & 0xFFC00000U) == 0x03000000U &&
++		    ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
++		    nop == 0x01000000U)
++		{
++			unsigned int addr, save, call;
++
++			if ((ba & 0xFFC00000U) == 0x30800000U)
++				addr = regs->pc + 4 + ((((ba | 0xFFC00000U) ^ 0x00200000U) + 0x00200000U) << 2);
++			else
++				addr = regs->pc + 4 + ((((ba | 0xFFF80000U) ^ 0x00040000U) + 0x00040000U) << 2);
++
++			err = get_user(save, (unsigned int *)addr);
++			err |= get_user(call, (unsigned int *)(addr+4));
++			err |= get_user(nop, (unsigned int *)(addr+8));
++			if (err)
++				break;
++
++			if (save == 0x9DE3BFA8U &&
++			    (call & 0xC0000000U) == 0x40000000U &&
++			    nop == 0x01000000U)
++			{
++				struct vm_area_struct *vma;
++				unsigned long call_dl_resolve;
++
++				down_read(&current->mm->mmap_sem);
++				call_dl_resolve = current->mm->call_dl_resolve;
++				up_read(&current->mm->mmap_sem);
++				if (likely(call_dl_resolve))
++					goto emulate;
++
++				vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++
++				down_write(&current->mm->mmap_sem);
++				if (current->mm->call_dl_resolve) {
++					call_dl_resolve = current->mm->call_dl_resolve;
++					up_write(&current->mm->mmap_sem);
++					if (vma)
++						kmem_cache_free(vm_area_cachep, vma);
++					goto emulate;
++				}
++
++				call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
++				if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
++					up_write(&current->mm->mmap_sem);
++					if (vma)
++						kmem_cache_free(vm_area_cachep, vma);
++					return 1;
++				}
++
++				if (pax_insert_vma(vma, call_dl_resolve)) {
++					up_write(&current->mm->mmap_sem);
++					kmem_cache_free(vm_area_cachep, vma);
++					return 1;
++				}
++
++				current->mm->call_dl_resolve = call_dl_resolve;
++				up_write(&current->mm->mmap_sem);
++
++emulate:
++				regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
++				regs->pc = call_dl_resolve;
++				regs->npc = addr+4;
++				return 3;
++			}
++		}
++	} while (0);
++
++	do { /* PaX: unpatched PLT emulation step 2 */
++		unsigned int save, call, nop;
++
++		err = get_user(save, (unsigned int *)(regs->pc-4));
++		err |= get_user(call, (unsigned int *)regs->pc);
++		err |= get_user(nop, (unsigned int *)(regs->pc+4));
++		if (err)
++			break;
++
++		if (save == 0x9DE3BFA8U &&
++		    (call & 0xC0000000U) == 0x40000000U &&
++		    nop == 0x01000000U)
++		{
++			unsigned int dl_resolve = regs->pc + ((((call | 0xC0000000U) ^ 0x20000000U) + 0x20000000U) << 2);
++
++			regs->u_regs[UREG_RETPC] = regs->pc;
++			regs->pc = dl_resolve;
++			regs->npc = dl_resolve+4;
++			return 3;
++		}
++	} while (0);
++#endif
++
++	return 1;
++}
++
++void pax_report_insns(void *pc, void *sp)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 5; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%08x ", c);
++	}
++	printk("\n");
++}
++#endif
++
+ asmlinkage void do_sparc_fault(struct pt_regs *regs, int text_fault, int write,
+ 			       unsigned long address)
+ {
+@@ -231,6 +477,24 @@ good_area:
+ 		if(!(vma->vm_flags & VM_WRITE))
+ 			goto bad_area;
+ 	} else {
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if ((mm->pax_flags & MF_PAX_PAGEEXEC) && text_fault && !(vma->vm_flags & VM_EXEC)) {
++			up_read(&mm->mmap_sem);
++			switch (pax_handle_fetch_fault(regs)) {
++
++#ifdef CONFIG_PAX_EMUPLT
++			case 2:
++			case 3:
++				return;
++#endif
++
++			}
++			pax_report_fault(regs, (void *)regs->pc, (void *)regs->u_regs[UREG_FP]);
++			do_group_exit(SIGKILL);
++		}
++#endif
++
+ 		/* Allow reads even for write-only mappings */
+ 		if(!(vma->vm_flags & (VM_READ | VM_EXEC)))
+ 			goto bad_area;
+diff -urNp linux-2.6.29.6/arch/sparc/mm/fault_64.c linux-2.6.29.6/arch/sparc/mm/fault_64.c
+--- linux-2.6.29.6/arch/sparc/mm/fault_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/mm/fault_64.c	2009-07-23 18:40:27.466429820 -0400
+@@ -20,6 +20,9 @@
+ #include <linux/kprobes.h>
+ #include <linux/kdebug.h>
+ #include <linux/percpu.h>
++#include <linux/slab.h>
++#include <linux/pagemap.h>
++#include <linux/compiler.h>
+ 
+ #include <asm/page.h>
+ #include <asm/pgtable.h>
+@@ -249,6 +252,367 @@ static void noinline bogus_32bit_fault_a
+ 	show_regs(regs);
+ }
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++#ifdef CONFIG_PAX_EMUPLT
++static void pax_emuplt_close(struct vm_area_struct *vma)
++{
++	vma->vm_mm->call_dl_resolve = 0UL;
++}
++
++static int pax_emuplt_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
++{
++	unsigned int *kaddr;
++
++	vmf->page = alloc_page(GFP_HIGHUSER);
++	if (!vmf->page)
++		return VM_FAULT_OOM;
++
++	kaddr = kmap(vmf->page);
++	memset(kaddr, 0, PAGE_SIZE);
++	kaddr[0] = 0x9DE3BFA8U; /* save */
++	flush_dcache_page(vmf->page);
++	kunmap(vmf->page);
++	return VM_FAULT_MAJOR;
++}
++
++static const struct vm_operations_struct pax_vm_ops = {
++	.close = pax_emuplt_close,
++	.fault = pax_emuplt_fault
++};
++
++static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr)
++{
++	int ret;
++
++	vma->vm_mm = current->mm;
++	vma->vm_start = addr;
++	vma->vm_end = addr + PAGE_SIZE;
++	vma->vm_flags = VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYEXEC;
++	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
++	vma->vm_ops = &pax_vm_ops;
++
++	ret = insert_vm_struct(current->mm, vma);
++	if (ret)
++		return ret;
++
++	++current->mm->total_vm;
++	return 0;
++}
++#endif
++
++/*
++ * PaX: decide what to do with offenders (regs->tpc = fault address)
++ *
++ * returns 1 when task should be killed
++ *         2 when patched PLT trampoline was detected
++ *         3 when unpatched PLT trampoline was detected
++ */
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++
++#ifdef CONFIG_PAX_EMUPLT
++	int err;
++
++	do { /* PaX: patched PLT emulation #1 */
++		unsigned int sethi1, sethi2, jmpl;
++
++		err = get_user(sethi1, (unsigned int *)regs->tpc);
++		err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
++		err |= get_user(jmpl, (unsigned int *)(regs->tpc+8));
++
++		if (err)
++			break;
++
++		if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
++		    (sethi2 & 0xFFC00000U) == 0x03000000U &&
++		    (jmpl & 0xFFFFE000U) == 0x81C06000U)
++		{
++			unsigned long addr;
++
++			regs->u_regs[UREG_G1] = (sethi2 & 0x003FFFFFU) << 10;
++			addr = regs->u_regs[UREG_G1];
++			addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
++			regs->tpc = addr;
++			regs->tnpc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	{ /* PaX: patched PLT emulation #2 */
++		unsigned int ba;
++
++		err = get_user(ba, (unsigned int *)regs->tpc);
++
++		if (!err && (ba & 0xFFC00000U) == 0x30800000U) {
++			unsigned long addr;
++
++			addr = regs->tpc + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
++			regs->tpc = addr;
++			regs->tnpc = addr+4;
++			return 2;
++		}
++	}
++
++	do { /* PaX: patched PLT emulation #3 */
++		unsigned int sethi, jmpl, nop;
++
++		err = get_user(sethi, (unsigned int *)regs->tpc);
++		err |= get_user(jmpl, (unsigned int *)(regs->tpc+4));
++		err |= get_user(nop, (unsigned int *)(regs->tpc+8));
++
++		if (err)
++			break;
++
++		if ((sethi & 0xFFC00000U) == 0x03000000U &&
++		    (jmpl & 0xFFFFE000U) == 0x81C06000U &&
++		    nop == 0x01000000U)
++		{
++			unsigned long addr;
++
++			addr = (sethi & 0x003FFFFFU) << 10;
++			regs->u_regs[UREG_G1] = addr;
++			addr += (((jmpl | 0xFFFFFFFFFFFFE000UL) ^ 0x00001000UL) + 0x00001000UL);
++			regs->tpc = addr;
++			regs->tnpc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: patched PLT emulation #4 */
++		unsigned int mov1, call, mov2;
++
++		err = get_user(mov1, (unsigned int *)regs->tpc);
++		err |= get_user(call, (unsigned int *)(regs->tpc+4));
++		err |= get_user(mov2, (unsigned int *)(regs->tpc+8));
++
++		if (err)
++			break;
++
++		if (mov1 == 0x8210000FU &&
++		    (call & 0xC0000000U) == 0x40000000U &&
++		    mov2 == 0x9E100001U)
++		{
++			unsigned long addr;
++
++			regs->u_regs[UREG_G1] = regs->u_regs[UREG_RETPC];
++			addr = regs->tpc + 4 + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
++			regs->tpc = addr;
++			regs->tnpc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: patched PLT emulation #5 */
++		unsigned int sethi1, sethi2, or1, or2, sllx, jmpl, nop;
++
++		err = get_user(sethi1, (unsigned int *)regs->tpc);
++		err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
++		err |= get_user(or1, (unsigned int *)(regs->tpc+8));
++		err |= get_user(or2, (unsigned int *)(regs->tpc+12));
++		err |= get_user(sllx, (unsigned int *)(regs->tpc+16));
++		err |= get_user(jmpl, (unsigned int *)(regs->tpc+20));
++		err |= get_user(nop, (unsigned int *)(regs->tpc+24));
++
++		if (err)
++			break;
++
++		if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
++		    (sethi2 & 0xFFC00000U) == 0x0B000000U &&
++		    (or1 & 0xFFFFE000U) == 0x82106000U &&
++		    (or2 & 0xFFFFE000U) == 0x8A116000U &&
++		    sllx == 0x83287020 &&
++		    jmpl == 0x81C04005U &&
++		    nop == 0x01000000U)
++		{
++			unsigned long addr;
++
++			regs->u_regs[UREG_G1] = ((sethi1 & 0x003FFFFFU) << 10) | (or1 & 0x000003FFU);
++			regs->u_regs[UREG_G1] <<= 32;
++			regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or2 & 0x000003FFU);
++			addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
++			regs->tpc = addr;
++			regs->tnpc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: patched PLT emulation #6 */
++		unsigned int sethi1, sethi2, sllx, or,  jmpl, nop;
++
++		err = get_user(sethi1, (unsigned int *)regs->tpc);
++		err |= get_user(sethi2, (unsigned int *)(regs->tpc+4));
++		err |= get_user(sllx, (unsigned int *)(regs->tpc+8));
++		err |= get_user(or, (unsigned int *)(regs->tpc+12));
++		err |= get_user(jmpl, (unsigned int *)(regs->tpc+16));
++		err |= get_user(nop, (unsigned int *)(regs->tpc+20));
++
++		if (err)
++			break;
++
++		if ((sethi1 & 0xFFC00000U) == 0x03000000U &&
++		    (sethi2 & 0xFFC00000U) == 0x0B000000U &&
++		    sllx == 0x83287020 &&
++		    (or & 0xFFFFE000U) == 0x8A116000U &&
++		    jmpl == 0x81C04005U &&
++		    nop == 0x01000000U)
++		{
++			unsigned long addr;
++
++			regs->u_regs[UREG_G1] = (sethi1 & 0x003FFFFFU) << 10;
++			regs->u_regs[UREG_G1] <<= 32;
++			regs->u_regs[UREG_G5] = ((sethi2 & 0x003FFFFFU) << 10) | (or & 0x3FFU);
++			addr = regs->u_regs[UREG_G1] + regs->u_regs[UREG_G5];
++			regs->tpc = addr;
++			regs->tnpc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: patched PLT emulation #7 */
++		unsigned int sethi, ba, nop;
++
++		err = get_user(sethi, (unsigned int *)regs->tpc);
++		err |= get_user(ba, (unsigned int *)(regs->tpc+4));
++		err |= get_user(nop, (unsigned int *)(regs->tpc+8));
++
++		if (err)
++			break;
++
++		if ((sethi & 0xFFC00000U) == 0x03000000U &&
++		    (ba & 0xFFF00000U) == 0x30600000U &&
++		    nop == 0x01000000U)
++		{
++			unsigned long addr;
++
++			addr = (sethi & 0x003FFFFFU) << 10;
++			regs->u_regs[UREG_G1] = addr;
++			addr = regs->tpc + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
++			regs->tpc = addr;
++			regs->tnpc = addr+4;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: unpatched PLT emulation step 1 */
++		unsigned int sethi, ba, nop;
++
++		err = get_user(sethi, (unsigned int *)regs->tpc);
++		err |= get_user(ba, (unsigned int *)(regs->tpc+4));
++		err |= get_user(nop, (unsigned int *)(regs->tpc+8));
++
++		if (err)
++			break;
++
++		if ((sethi & 0xFFC00000U) == 0x03000000U &&
++		    ((ba & 0xFFC00000U) == 0x30800000U || (ba & 0xFFF80000U) == 0x30680000U) &&
++		    nop == 0x01000000U)
++		{
++			unsigned long addr;
++			unsigned int save, call;
++
++			if ((ba & 0xFFC00000U) == 0x30800000U)
++				addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFC00000UL) ^ 0x00200000UL) + 0x00200000UL) << 2);
++			else
++				addr = regs->tpc + 4 + ((((ba | 0xFFFFFFFFFFF80000UL) ^ 0x00040000UL) + 0x00040000UL) << 2);
++
++			err = get_user(save, (unsigned int *)addr);
++			err |= get_user(call, (unsigned int *)(addr+4));
++			err |= get_user(nop, (unsigned int *)(addr+8));
++			if (err)
++				break;
++
++			if (save == 0x9DE3BFA8U &&
++			    (call & 0xC0000000U) == 0x40000000U &&
++			    nop == 0x01000000U)
++			{
++				struct vm_area_struct *vma;
++				unsigned long call_dl_resolve;
++
++				down_read(&current->mm->mmap_sem);
++				call_dl_resolve = current->mm->call_dl_resolve;
++				up_read(&current->mm->mmap_sem);
++				if (likely(call_dl_resolve))
++					goto emulate;
++
++				vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++
++				down_write(&current->mm->mmap_sem);
++				if (current->mm->call_dl_resolve) {
++					call_dl_resolve = current->mm->call_dl_resolve;
++					up_write(&current->mm->mmap_sem);
++					if (vma)
++						kmem_cache_free(vm_area_cachep, vma);
++					goto emulate;
++				}
++
++				call_dl_resolve = get_unmapped_area(NULL, 0UL, PAGE_SIZE, 0UL, MAP_PRIVATE);
++				if (!vma || (call_dl_resolve & ~PAGE_MASK)) {
++					up_write(&current->mm->mmap_sem);
++					if (vma)
++						kmem_cache_free(vm_area_cachep, vma);
++					return 1;
++				}
++
++				if (pax_insert_vma(vma, call_dl_resolve)) {
++					up_write(&current->mm->mmap_sem);
++					kmem_cache_free(vm_area_cachep, vma);
++					return 1;
++				}
++
++				current->mm->call_dl_resolve = call_dl_resolve;
++				up_write(&current->mm->mmap_sem);
++
++emulate:
++				regs->u_regs[UREG_G1] = (sethi & 0x003FFFFFU) << 10;
++				regs->tpc = call_dl_resolve;
++				regs->tnpc = addr+4;
++				return 3;
++			}
++		}
++	} while (0);
++
++	do { /* PaX: unpatched PLT emulation step 2 */
++		unsigned int save, call, nop;
++
++		err = get_user(save, (unsigned int *)(regs->tpc-4));
++		err |= get_user(call, (unsigned int *)regs->tpc);
++		err |= get_user(nop, (unsigned int *)(regs->tpc+4));
++		if (err)
++			break;
++
++		if (save == 0x9DE3BFA8U &&
++		    (call & 0xC0000000U) == 0x40000000U &&
++		    nop == 0x01000000U)
++		{
++			unsigned long dl_resolve = regs->tpc + ((((call | 0xFFFFFFFFC0000000UL) ^ 0x20000000UL) + 0x20000000UL) << 2);
++
++			regs->u_regs[UREG_RETPC] = regs->tpc;
++			regs->tpc = dl_resolve;
++			regs->tnpc = dl_resolve+4;
++			return 3;
++		}
++	} while (0);
++#endif
++
++	return 1;
++}
++
++void pax_report_insns(void *pc, void *sp)
++{
++	unsigned long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 5; i++) {
++		unsigned int c;
++		if (get_user(c, (unsigned int *)pc+i))
++			printk(KERN_CONT "???????? ");
++		else
++			printk(KERN_CONT "%08x ", c);
++	}
++	printk("\n");
++}
++#endif
++
+ asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs)
+ {
+ 	struct mm_struct *mm = current->mm;
+@@ -315,6 +679,29 @@ asmlinkage void __kprobes do_sparc64_fau
+ 	if (!vma)
+ 		goto bad_area;
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++	/* PaX: detect ITLB misses on non-exec pages */
++	if ((mm->pax_flags & MF_PAX_PAGEEXEC) && vma->vm_start <= address &&
++	    !(vma->vm_flags & VM_EXEC) && (fault_code & FAULT_CODE_ITLB))
++	{
++		if (address != regs->tpc)
++			goto good_area;
++
++		up_read(&mm->mmap_sem);
++		switch (pax_handle_fetch_fault(regs)) {
++
++#ifdef CONFIG_PAX_EMUPLT
++		case 2:
++		case 3:
++			return;
++#endif
++
++		}
++		pax_report_fault(regs, (void *)regs->tpc, (void *)(regs->u_regs[UREG_FP] + STACK_BIAS));
++		do_group_exit(SIGKILL);
++	}
++#endif
++
+ 	/* Pure DTLB misses do not tell us whether the fault causing
+ 	 * load/store/atomic was a write or not, it only says that there
+ 	 * was no match.  So in such a case we (carefully) read the
+diff -urNp linux-2.6.29.6/arch/sparc/mm/init_32.c linux-2.6.29.6/arch/sparc/mm/init_32.c
+--- linux-2.6.29.6/arch/sparc/mm/init_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/mm/init_32.c	2009-07-23 17:34:32.050703291 -0400
+@@ -316,6 +316,9 @@ extern void device_scan(void);
+ pgprot_t PAGE_SHARED __read_mostly;
+ EXPORT_SYMBOL(PAGE_SHARED);
+ 
++pgprot_t PAGE_SHARED_NOEXEC __read_mostly;
++EXPORT_SYMBOL(PAGE_SHARED_NOEXEC);
++
+ void __init paging_init(void)
+ {
+ 	switch(sparc_cpu_model) {
+@@ -341,17 +344,17 @@ void __init paging_init(void)
+ 
+ 	/* Initialize the protection map with non-constant, MMU dependent values. */
+ 	protection_map[0] = PAGE_NONE;
+-	protection_map[1] = PAGE_READONLY;
+-	protection_map[2] = PAGE_COPY;
+-	protection_map[3] = PAGE_COPY;
++	protection_map[1] = PAGE_READONLY_NOEXEC;
++	protection_map[2] = PAGE_COPY_NOEXEC;
++	protection_map[3] = PAGE_COPY_NOEXEC;
+ 	protection_map[4] = PAGE_READONLY;
+ 	protection_map[5] = PAGE_READONLY;
+ 	protection_map[6] = PAGE_COPY;
+ 	protection_map[7] = PAGE_COPY;
+ 	protection_map[8] = PAGE_NONE;
+-	protection_map[9] = PAGE_READONLY;
+-	protection_map[10] = PAGE_SHARED;
+-	protection_map[11] = PAGE_SHARED;
++	protection_map[9] = PAGE_READONLY_NOEXEC;
++	protection_map[10] = PAGE_SHARED_NOEXEC;
++	protection_map[11] = PAGE_SHARED_NOEXEC;
+ 	protection_map[12] = PAGE_READONLY;
+ 	protection_map[13] = PAGE_READONLY;
+ 	protection_map[14] = PAGE_SHARED;
+diff -urNp linux-2.6.29.6/arch/sparc/mm/Makefile linux-2.6.29.6/arch/sparc/mm/Makefile
+--- linux-2.6.29.6/arch/sparc/mm/Makefile	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/mm/Makefile	2009-07-23 17:34:32.050703291 -0400
+@@ -2,7 +2,7 @@
+ #
+ 
+ asflags-y := -ansi
+-ccflags-y := -Werror
++#ccflags-y := -Werror
+ 
+ obj-$(CONFIG_SPARC64)   += ultra.o tlb.o tsb.o
+ obj-y                   += fault_$(BITS).o
+diff -urNp linux-2.6.29.6/arch/sparc/mm/srmmu.c linux-2.6.29.6/arch/sparc/mm/srmmu.c
+--- linux-2.6.29.6/arch/sparc/mm/srmmu.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/sparc/mm/srmmu.c	2009-07-23 17:34:32.051762759 -0400
+@@ -2148,6 +2148,13 @@ void __init ld_mmu_srmmu(void)
+ 	PAGE_SHARED = pgprot_val(SRMMU_PAGE_SHARED);
+ 	BTFIXUPSET_INT(page_copy, pgprot_val(SRMMU_PAGE_COPY));
+ 	BTFIXUPSET_INT(page_readonly, pgprot_val(SRMMU_PAGE_RDONLY));
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	PAGE_SHARED_NOEXEC = pgprot_val(SRMMU_PAGE_SHARED_NOEXEC);
++	BTFIXUPSET_INT(page_copy_noexec, pgprot_val(SRMMU_PAGE_COPY_NOEXEC));
++	BTFIXUPSET_INT(page_readonly_noexec, pgprot_val(SRMMU_PAGE_RDONLY_NOEXEC));
++#endif
++
+ 	BTFIXUPSET_INT(page_kernel, pgprot_val(SRMMU_PAGE_KERNEL));
+ 	page_kernel = pgprot_val(SRMMU_PAGE_KERNEL);
+ 
+diff -urNp linux-2.6.29.6/arch/um/include/asm/kmap_types.h linux-2.6.29.6/arch/um/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/um/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/um/include/asm/kmap_types.h	2009-07-23 17:34:32.051762759 -0400
+@@ -23,6 +23,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/arch/um/include/asm/page.h linux-2.6.29.6/arch/um/include/asm/page.h
+--- linux-2.6.29.6/arch/um/include/asm/page.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/um/include/asm/page.h	2009-07-23 17:34:32.051762759 -0400
+@@ -14,6 +14,9 @@
+ #define PAGE_SIZE	(_AC(1, UL) << PAGE_SHIFT)
+ #define PAGE_MASK	(~(PAGE_SIZE-1))
+ 
++#define ktla_ktva(addr)			(addr)
++#define ktva_ktla(addr)			(addr)
++
+ #ifndef __ASSEMBLY__
+ 
+ struct page;
+diff -urNp linux-2.6.29.6/arch/um/sys-i386/syscalls.c linux-2.6.29.6/arch/um/sys-i386/syscalls.c
+--- linux-2.6.29.6/arch/um/sys-i386/syscalls.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/um/sys-i386/syscalls.c	2009-07-23 17:34:32.051762759 -0400
+@@ -11,6 +11,21 @@
+ #include "asm/uaccess.h"
+ #include "asm/unistd.h"
+ 
++int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
++{
++	unsigned long pax_task_size = TASK_SIZE;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
++
++	if (len > pax_task_size || addr > pax_task_size - len)
++		return -EINVAL;
++
++	return 0;
++}
++
+ /*
+  * Perform the select(nd, in, out, ex, tv) and mmap() system
+  * calls. Linux/i386 didn't use to be able to handle more than
+diff -urNp linux-2.6.29.6/arch/x86/boot/bitops.h linux-2.6.29.6/arch/x86/boot/bitops.h
+--- linux-2.6.29.6/arch/x86/boot/bitops.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/bitops.h	2009-07-23 17:34:32.052702854 -0400
+@@ -26,7 +26,7 @@ static inline int variable_test_bit(int 
+ 	u8 v;
+ 	const u32 *p = (const u32 *)addr;
+ 
+-	asm("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
++	asm volatile("btl %2,%1; setc %0" : "=qm" (v) : "m" (*p), "Ir" (nr));
+ 	return v;
+ }
+ 
+@@ -37,7 +37,7 @@ static inline int variable_test_bit(int 
+ 
+ static inline void set_bit(int nr, void *addr)
+ {
+-	asm("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
++	asm volatile("btsl %1,%0" : "+m" (*(u32 *)addr) : "Ir" (nr));
+ }
+ 
+ #endif /* BOOT_BITOPS_H */
+diff -urNp linux-2.6.29.6/arch/x86/boot/boot.h linux-2.6.29.6/arch/x86/boot/boot.h
+--- linux-2.6.29.6/arch/x86/boot/boot.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/boot.h	2009-07-23 17:34:32.052702854 -0400
+@@ -80,7 +80,7 @@ static inline void io_delay(void)
+ static inline u16 ds(void)
+ {
+ 	u16 seg;
+-	asm("movw %%ds,%0" : "=rm" (seg));
++	asm volatile("movw %%ds,%0" : "=rm" (seg));
+ 	return seg;
+ }
+ 
+@@ -176,7 +176,7 @@ static inline void wrgs32(u32 v, addr_t 
+ static inline int memcmp(const void *s1, const void *s2, size_t len)
+ {
+ 	u8 diff;
+-	asm("repe; cmpsb; setnz %0"
++	asm volatile("repe; cmpsb; setnz %0"
+ 	    : "=qm" (diff), "+D" (s1), "+S" (s2), "+c" (len));
+ 	return diff;
+ }
+diff -urNp linux-2.6.29.6/arch/x86/boot/compressed/head_32.S linux-2.6.29.6/arch/x86/boot/compressed/head_32.S
+--- linux-2.6.29.6/arch/x86/boot/compressed/head_32.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/compressed/head_32.S	2009-07-23 17:34:32.052702854 -0400
+@@ -70,7 +70,7 @@ startup_32:
+ 	addl    $(CONFIG_PHYSICAL_ALIGN - 1), %ebx
+ 	andl    $(~(CONFIG_PHYSICAL_ALIGN - 1)), %ebx
+ #else
+-	movl $LOAD_PHYSICAL_ADDR, %ebx
++	movl $____LOAD_PHYSICAL_ADDR, %ebx
+ #endif
+ 
+ 	/* Replace the compressed data size with the uncompressed size */
+@@ -80,8 +80,8 @@ startup_32:
+ 	/* Add 8 bytes for every 32K input block */
+ 	shrl $12, %eax
+ 	addl %eax, %ebx
+-	/* Add 32K + 18 bytes of extra slack */
+-	addl $(32768 + 18), %ebx
++	/* Add 64K of extra slack */
++	addl $65536, %ebx
+ 	/* Align on a 4K boundary */
+ 	addl $4095, %ebx
+ 	andl $~4095, %ebx
+@@ -105,7 +105,7 @@ startup_32:
+ 	addl    $(CONFIG_PHYSICAL_ALIGN - 1), %ebp
+ 	andl    $(~(CONFIG_PHYSICAL_ALIGN - 1)), %ebp
+ #else
+-	movl	$LOAD_PHYSICAL_ADDR, %ebp
++	movl	$____LOAD_PHYSICAL_ADDR, %ebp
+ #endif
+ 
+ /*
+@@ -160,16 +160,15 @@ relocated:
+  * and where it was actually loaded.
+  */
+ 	movl %ebp, %ebx
+-	subl $LOAD_PHYSICAL_ADDR, %ebx
++	subl $____LOAD_PHYSICAL_ADDR, %ebx
+ 	jz   2f		/* Nothing to be done if loaded at compiled addr. */
+ /*
+  * Process relocations.
+  */
+ 
+ 1:	subl $4, %edi
+-	movl 0(%edi), %ecx
+-	testl %ecx, %ecx
+-	jz 2f
++	movl (%edi), %ecx
++	jecxz 2f
+ 	addl %ebx, -__PAGE_OFFSET(%ebx, %ecx)
+ 	jmp 1b
+ 2:
+diff -urNp linux-2.6.29.6/arch/x86/boot/compressed/misc.c linux-2.6.29.6/arch/x86/boot/compressed/misc.c
+--- linux-2.6.29.6/arch/x86/boot/compressed/misc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/compressed/misc.c	2009-07-23 17:34:32.052702854 -0400
+@@ -373,7 +373,7 @@ static void parse_elf(void *output)
+ 		case PT_LOAD:
+ #ifdef CONFIG_RELOCATABLE
+ 			dest = output;
+-			dest += (phdr->p_paddr - LOAD_PHYSICAL_ADDR);
++			dest += (phdr->p_paddr - ____LOAD_PHYSICAL_ADDR);
+ #else
+ 			dest = (void *)(phdr->p_paddr);
+ #endif
+@@ -425,7 +425,7 @@ asmlinkage void decompress_kernel(void *
+ 	if (heap > ((-__PAGE_OFFSET-(512<<20)-1) & 0x7fffffff))
+ 		error("Destination address too large");
+ #ifndef CONFIG_RELOCATABLE
+-	if ((u32)output != LOAD_PHYSICAL_ADDR)
++	if ((u32)output != ____LOAD_PHYSICAL_ADDR)
+ 		error("Wrong destination address");
+ #endif
+ #endif
+diff -urNp linux-2.6.29.6/arch/x86/boot/compressed/relocs.c linux-2.6.29.6/arch/x86/boot/compressed/relocs.c
+--- linux-2.6.29.6/arch/x86/boot/compressed/relocs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/compressed/relocs.c	2009-07-23 17:34:32.052702854 -0400
+@@ -10,8 +10,11 @@
+ #define USE_BSD
+ #include <endian.h>
+ 
++#include "../../../../include/linux/autoconf.h"
++
+ #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+ static Elf32_Ehdr ehdr;
++static Elf32_Phdr *phdr;
+ static unsigned long reloc_count, reloc_idx;
+ static unsigned long *relocs;
+ 
+@@ -245,6 +248,36 @@ static void read_ehdr(FILE *fp)
+ 	}
+ }
+ 
++static void read_phdrs(FILE *fp)
++{
++	int i;
++
++	phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr));
++	if (!phdr) {
++		die("Unable to allocate %d program headers\n",
++		    ehdr.e_phnum);
++	}
++	if (fseek(fp, ehdr.e_phoff, SEEK_SET) < 0) {
++		die("Seek to %d failed: %s\n",
++			ehdr.e_phoff, strerror(errno));
++	}
++	if (fread(phdr, sizeof(*phdr), ehdr.e_phnum, fp) != ehdr.e_phnum) {
++		die("Cannot read ELF program headers: %s\n",
++			strerror(errno));
++	}
++	for(i = 0; i < ehdr.e_phnum; i++) {
++		phdr[i].p_type      = elf32_to_cpu(phdr[i].p_type);
++		phdr[i].p_offset    = elf32_to_cpu(phdr[i].p_offset);
++		phdr[i].p_vaddr     = elf32_to_cpu(phdr[i].p_vaddr);
++		phdr[i].p_paddr     = elf32_to_cpu(phdr[i].p_paddr);
++		phdr[i].p_filesz    = elf32_to_cpu(phdr[i].p_filesz);
++		phdr[i].p_memsz     = elf32_to_cpu(phdr[i].p_memsz);
++		phdr[i].p_flags     = elf32_to_cpu(phdr[i].p_flags);
++		phdr[i].p_align     = elf32_to_cpu(phdr[i].p_align);
++	}
++
++}
++
+ static void read_shdrs(FILE *fp)
+ {
+ 	int i;
+@@ -341,6 +374,8 @@ static void read_symtabs(FILE *fp)
+ static void read_relocs(FILE *fp)
+ {
+ 	int i,j;
++	uint32_t base;
++
+ 	for (i = 0; i < ehdr.e_shnum; i++) {
+ 		struct section *sec = &secs[i];
+ 		if (sec->shdr.sh_type != SHT_REL) {
+@@ -360,9 +395,18 @@ static void read_relocs(FILE *fp)
+ 			die("Cannot read symbol table: %s\n",
+ 				strerror(errno));
+ 		}
++		base = 0;
++		for (j = 0; j < ehdr.e_phnum; j++) {
++			if (phdr[j].p_type != PT_LOAD )
++				continue;
++			if (secs[sec->shdr.sh_info].shdr.sh_offset < phdr[j].p_offset || secs[sec->shdr.sh_info].shdr.sh_offset >= phdr[j].p_offset + phdr[j].p_filesz)
++				continue;
++			base = CONFIG_PAGE_OFFSET + phdr[j].p_paddr - phdr[j].p_vaddr;
++			break;
++		}
+ 		for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) {
+ 			Elf32_Rel *rel = &sec->reltab[j];
+-			rel->r_offset = elf32_to_cpu(rel->r_offset);
++			rel->r_offset = elf32_to_cpu(rel->r_offset) + base;
+ 			rel->r_info   = elf32_to_cpu(rel->r_info);
+ 		}
+ 	}
+@@ -504,6 +548,23 @@ static void walk_relocs(void (*visit)(El
+ 			if (sym->st_shndx == SHN_ABS) {
+ 				continue;
+ 			}
++			/* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
++			if (!strcmp(sec_name(sym->st_shndx), ".data.percpu") && strncmp(sym_name(sym_strtab, sym), "__per_cpu_", 10))
++				continue;
++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
++			/* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
++			if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
++				continue;
++			if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
++				continue;
++			if (!strcmp(sec_name(sym->st_shndx), ".text.head")) {
++				if (strcmp(sym_name(sym_strtab, sym), "__init_end") &&
++				    strcmp(sym_name(sym_strtab, sym), "KERNEL_TEXT_OFFSET"))
++					continue;
++			}
++			if (!strcmp(sec_name(sym->st_shndx), ".text"))
++				continue;
++#endif
+ 			if (r_type == R_386_PC32) {
+ 				/* PC relative relocations don't need to be adjusted */
+ 			}
+@@ -631,6 +692,7 @@ int main(int argc, char **argv)
+ 			fname, strerror(errno));
+ 	}
+ 	read_ehdr(fp);
++	read_phdrs(fp);
+ 	read_shdrs(fp);
+ 	read_strtabs(fp);
+ 	read_symtabs(fp);
+diff -urNp linux-2.6.29.6/arch/x86/boot/cpucheck.c linux-2.6.29.6/arch/x86/boot/cpucheck.c
+--- linux-2.6.29.6/arch/x86/boot/cpucheck.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/cpucheck.c	2009-07-23 17:34:32.052702854 -0400
+@@ -74,7 +74,7 @@ static int has_fpu(void)
+ 	u16 fcw = -1, fsw = -1;
+ 	u32 cr0;
+ 
+-	asm("movl %%cr0,%0" : "=r" (cr0));
++	asm volatile("movl %%cr0,%0" : "=r" (cr0));
+ 	if (cr0 & (X86_CR0_EM|X86_CR0_TS)) {
+ 		cr0 &= ~(X86_CR0_EM|X86_CR0_TS);
+ 		asm volatile("movl %0,%%cr0" : : "r" (cr0));
+@@ -90,7 +90,7 @@ static int has_eflag(u32 mask)
+ {
+ 	u32 f0, f1;
+ 
+-	asm("pushfl ; "
++	asm volatile("pushfl ; "
+ 	    "pushfl ; "
+ 	    "popl %0 ; "
+ 	    "movl %0,%1 ; "
+@@ -115,7 +115,7 @@ static void get_flags(void)
+ 		set_bit(X86_FEATURE_FPU, cpu.flags);
+ 
+ 	if (has_eflag(X86_EFLAGS_ID)) {
+-		asm("cpuid"
++		asm volatile("cpuid"
+ 		    : "=a" (max_intel_level),
+ 		      "=b" (cpu_vendor[0]),
+ 		      "=d" (cpu_vendor[1]),
+@@ -124,7 +124,7 @@ static void get_flags(void)
+ 
+ 		if (max_intel_level >= 0x00000001 &&
+ 		    max_intel_level <= 0x0000ffff) {
+-			asm("cpuid"
++			asm volatile("cpuid"
+ 			    : "=a" (tfms),
+ 			      "=c" (cpu.flags[4]),
+ 			      "=d" (cpu.flags[0])
+@@ -136,7 +136,7 @@ static void get_flags(void)
+ 				cpu.model += ((tfms >> 16) & 0xf) << 4;
+ 		}
+ 
+-		asm("cpuid"
++		asm volatile("cpuid"
+ 		    : "=a" (max_amd_level)
+ 		    : "a" (0x80000000)
+ 		    : "ebx", "ecx", "edx");
+@@ -144,7 +144,7 @@ static void get_flags(void)
+ 		if (max_amd_level >= 0x80000001 &&
+ 		    max_amd_level <= 0x8000ffff) {
+ 			u32 eax = 0x80000001;
+-			asm("cpuid"
++			asm volatile("cpuid"
+ 			    : "+a" (eax),
+ 			      "=c" (cpu.flags[6]),
+ 			      "=d" (cpu.flags[1])
+@@ -203,9 +203,9 @@ int check_cpu(int *cpu_level_ptr, int *r
+ 		u32 ecx = MSR_K7_HWCR;
+ 		u32 eax, edx;
+ 
+-		asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
++		asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
+ 		eax &= ~(1 << 15);
+-		asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
++		asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
+ 
+ 		get_flags();	/* Make sure it really did something */
+ 		err = check_flags();
+@@ -218,9 +218,9 @@ int check_cpu(int *cpu_level_ptr, int *r
+ 		u32 ecx = MSR_VIA_FCR;
+ 		u32 eax, edx;
+ 
+-		asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
++		asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
+ 		eax |= (1<<1)|(1<<7);
+-		asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
++		asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
+ 
+ 		set_bit(X86_FEATURE_CX8, cpu.flags);
+ 		err = check_flags();
+@@ -231,12 +231,12 @@ int check_cpu(int *cpu_level_ptr, int *r
+ 		u32 eax, edx;
+ 		u32 level = 1;
+ 
+-		asm("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
+-		asm("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
+-		asm("cpuid"
++		asm volatile("rdmsr" : "=a" (eax), "=d" (edx) : "c" (ecx));
++		asm volatile("wrmsr" : : "a" (~0), "d" (edx), "c" (ecx));
++		asm volatile("cpuid"
+ 		    : "+a" (level), "=d" (cpu.flags[0])
+ 		    : : "ecx", "ebx");
+-		asm("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
++		asm volatile("wrmsr" : : "a" (eax), "d" (edx), "c" (ecx));
+ 
+ 		err = check_flags();
+ 	}
+diff -urNp linux-2.6.29.6/arch/x86/boot/edd.c linux-2.6.29.6/arch/x86/boot/edd.c
+--- linux-2.6.29.6/arch/x86/boot/edd.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/edd.c	2009-07-23 17:34:32.053815554 -0400
+@@ -81,7 +81,7 @@ static int get_edd_info(u8 devno, struct
+ 	ax = 0x4100;
+ 	bx = EDDMAGIC1;
+ 	dx = devno;
+-	asm("pushfl; stc; int $0x13; setc %%al; popfl"
++	asm volatile("pushfl; stc; int $0x13; setc %%al; popfl"
+ 	    : "+a" (ax), "+b" (bx), "=c" (cx), "+d" (dx)
+ 	    : : "esi", "edi");
+ 
+@@ -100,7 +100,7 @@ static int get_edd_info(u8 devno, struct
+ 	ei->params.length = sizeof(ei->params);
+ 	ax = 0x4800;
+ 	dx = devno;
+-	asm("pushfl; int $0x13; popfl"
++	asm volatile("pushfl; int $0x13; popfl"
+ 	    : "+a" (ax), "+d" (dx), "=m" (ei->params)
+ 	    : "S" (&ei->params)
+ 	    : "ebx", "ecx", "edi");
+@@ -111,7 +111,7 @@ static int get_edd_info(u8 devno, struct
+ 	ax = 0x0800;
+ 	dx = devno;
+ 	di = 0;
+-	asm("pushw %%es; "
++	asm volatile("pushw %%es; "
+ 	    "movw %%di,%%es; "
+ 	    "pushfl; stc; int $0x13; setc %%al; popfl; "
+ 	    "popw %%es"
+diff -urNp linux-2.6.29.6/arch/x86/boot/main.c linux-2.6.29.6/arch/x86/boot/main.c
+--- linux-2.6.29.6/arch/x86/boot/main.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/main.c	2009-07-23 17:34:32.053815554 -0400
+@@ -78,7 +78,7 @@ static void query_ist(void)
+ 	if (cpu.level < 6)
+ 		return;
+ 
+-	asm("int $0x15"
++	asm volatile("int $0x15"
+ 	    : "=a" (boot_params.ist_info.signature),
+ 	      "=b" (boot_params.ist_info.command),
+ 	      "=c" (boot_params.ist_info.event),
+diff -urNp linux-2.6.29.6/arch/x86/boot/mca.c linux-2.6.29.6/arch/x86/boot/mca.c
+--- linux-2.6.29.6/arch/x86/boot/mca.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/mca.c	2009-07-23 17:34:32.053815554 -0400
+@@ -19,7 +19,7 @@ int query_mca(void)
+ 	u8 err;
+ 	u16 es, bx, len;
+ 
+-	asm("pushw %%es ; "
++	asm volatile("pushw %%es ; "
+ 	    "int $0x15 ; "
+ 	    "setc %0 ; "
+ 	    "movw %%es, %1 ; "
+diff -urNp linux-2.6.29.6/arch/x86/boot/memory.c linux-2.6.29.6/arch/x86/boot/memory.c
+--- linux-2.6.29.6/arch/x86/boot/memory.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/memory.c	2009-07-23 17:34:32.053815554 -0400
+@@ -30,7 +30,7 @@ static int detect_memory_e820(void)
+ 		/* Important: %edx and %esi are clobbered by some BIOSes,
+ 		   so they must be either used for the error output
+ 		   or explicitly marked clobbered. */
+-		asm("int $0x15; setc %0"
++		asm volatile("int $0x15; setc %0"
+ 		    : "=d" (err), "+b" (next), "=a" (id), "+c" (size),
+ 		      "=m" (*desc)
+ 		    : "D" (desc), "d" (SMAP), "a" (0xe820)
+@@ -66,7 +66,7 @@ static int detect_memory_e801(void)
+ 
+ 	bx = cx = dx = 0;
+ 	ax = 0xe801;
+-	asm("stc; int $0x15; setc %0"
++	asm volatile("stc; int $0x15; setc %0"
+ 	    : "=m" (err), "+a" (ax), "+b" (bx), "+c" (cx), "+d" (dx));
+ 
+ 	if (err)
+@@ -96,7 +96,7 @@ static int detect_memory_88(void)
+ 	u8 err;
+ 
+ 	ax = 0x8800;
+-	asm("stc; int $0x15; setc %0" : "=bcdm" (err), "+a" (ax));
++	asm volatile("stc; int $0x15; setc %0" : "=bcdm" (err), "+a" (ax));
+ 
+ 	boot_params.screen_info.ext_mem_k = ax;
+ 
+diff -urNp linux-2.6.29.6/arch/x86/boot/video.c linux-2.6.29.6/arch/x86/boot/video.c
+--- linux-2.6.29.6/arch/x86/boot/video.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/video.c	2009-07-23 17:34:32.053815554 -0400
+@@ -23,7 +23,7 @@ static void store_cursor_position(void)
+ 
+ 	ax = 0x0300;
+ 	bx = 0;
+-	asm(INT10
++	asm volatile(INT10
+ 	    : "=d" (curpos), "+a" (ax), "+b" (bx)
+ 	    : : "ecx", "esi", "edi");
+ 
+@@ -38,7 +38,7 @@ static void store_video_mode(void)
+ 	/* N.B.: the saving of the video page here is a bit silly,
+ 	   since we pretty much assume page 0 everywhere. */
+ 	ax = 0x0f00;
+-	asm(INT10
++	asm volatile(INT10
+ 	    : "+a" (ax), "=b" (page)
+ 	    : : "ecx", "edx", "esi", "edi");
+ 
+diff -urNp linux-2.6.29.6/arch/x86/boot/video-vesa.c linux-2.6.29.6/arch/x86/boot/video-vesa.c
+--- linux-2.6.29.6/arch/x86/boot/video-vesa.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/video-vesa.c	2009-07-23 17:34:32.053815554 -0400
+@@ -41,7 +41,7 @@ static int vesa_probe(void)
+ 
+ 	ax = 0x4f00;
+ 	di = (size_t)&vginfo;
+-	asm(INT10
++	asm volatile(INT10
+ 	    : "+a" (ax), "+D" (di), "=m" (vginfo)
+ 	    : : "ebx", "ecx", "edx", "esi");
+ 
+@@ -68,7 +68,7 @@ static int vesa_probe(void)
+ 		ax = 0x4f01;
+ 		cx = mode;
+ 		di = (size_t)&vminfo;
+-		asm(INT10
++		asm volatile(INT10
+ 		    : "+a" (ax), "+c" (cx), "+D" (di), "=m" (vminfo)
+ 		    : : "ebx", "edx", "esi");
+ 
+@@ -120,7 +120,7 @@ static int vesa_set_mode(struct mode_inf
+ 	ax = 0x4f01;
+ 	cx = vesa_mode;
+ 	di = (size_t)&vminfo;
+-	asm(INT10
++	asm volatile(INT10
+ 	    : "+a" (ax), "+c" (cx), "+D" (di), "=m" (vminfo)
+ 	    : : "ebx", "edx", "esi");
+ 
+@@ -202,19 +202,20 @@ static void vesa_dac_set_8bits(void)
+ /* Save the VESA protected mode info */
+ static void vesa_store_pm_info(void)
+ {
+-	u16 ax, bx, di, es;
++	u16 ax, bx, cx, di, es;
+ 
+ 	ax = 0x4f0a;
+-	bx = di = 0;
+-	asm("pushw %%es; "INT10"; movw %%es,%0; popw %%es"
+-	    : "=d" (es), "+a" (ax), "+b" (bx), "+D" (di)
+-	    : : "ecx", "esi");
++	bx = cx = di = 0;
++	asm volatile("pushw %%es; "INT10"; movw %%es,%0; popw %%es"
++	    : "=d" (es), "+a" (ax), "+b" (bx), "+c" (cx), "+D" (di)
++	    : : "esi");
+ 
+ 	if (ax != 0x004f)
+ 		return;
+ 
+ 	boot_params.screen_info.vesapm_seg = es;
+ 	boot_params.screen_info.vesapm_off = di;
++	boot_params.screen_info.vesapm_size = cx;
+ }
+ 
+ /*
+@@ -268,7 +269,7 @@ void vesa_store_edid(void)
+ 	/* Note: The VBE DDC spec is different from the main VESA spec;
+ 	   we genuinely have to assume all registers are destroyed here. */
+ 
+-	asm("pushw %%es; movw %2,%%es; "INT10"; popw %%es"
++	asm volatile("pushw %%es; movw %2,%%es; "INT10"; popw %%es"
+ 	    : "+a" (ax), "+b" (bx), "+c" (cx), "+D" (di)
+ 	    : : "esi", "edx");
+ 
+@@ -283,7 +284,7 @@ void vesa_store_edid(void)
+ 	cx = 0;			/* Controller 0 */
+ 	dx = 0;			/* EDID block number */
+ 	di =(size_t) &boot_params.edid_info; /* (ES:)Pointer to block */
+-	asm(INT10
++	asm volatile(INT10
+ 	    : "+a" (ax), "+b" (bx), "+d" (dx), "=m" (boot_params.edid_info),
+ 	      "+c" (cx), "+D" (di)
+ 	    : : "esi");
+diff -urNp linux-2.6.29.6/arch/x86/boot/video-vga.c linux-2.6.29.6/arch/x86/boot/video-vga.c
+--- linux-2.6.29.6/arch/x86/boot/video-vga.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/video-vga.c	2009-07-23 17:34:32.054707168 -0400
+@@ -225,7 +225,7 @@ static int vga_probe(void)
+ 	};
+ 	u8 vga_flag;
+ 
+-	asm(INT10
++	asm volatile(INT10
+ 	    : "=b" (ega_bx)
+ 	    : "a" (0x1200), "b" (0x10) /* Check EGA/VGA */
+ 	    : "ecx", "edx", "esi", "edi");
+@@ -237,7 +237,7 @@ static int vga_probe(void)
+ 	/* If we have MDA/CGA/HGC then BL will be unchanged at 0x10 */
+ 	if ((u8)ega_bx != 0x10) {
+ 		/* EGA/VGA */
+-		asm(INT10
++		asm volatile(INT10
+ 		    : "=a" (vga_flag)
+ 		    : "a" (0x1a00)
+ 		    : "ebx", "ecx", "edx", "esi", "edi");
+diff -urNp linux-2.6.29.6/arch/x86/boot/voyager.c linux-2.6.29.6/arch/x86/boot/voyager.c
+--- linux-2.6.29.6/arch/x86/boot/voyager.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/boot/voyager.c	2009-07-23 17:34:32.054707168 -0400
+@@ -23,7 +23,7 @@ int query_voyager(void)
+ 
+ 	data_ptr[0] = 0xff;	/* Flag on config not found(?) */
+ 
+-	asm("pushw %%es ; "
++	asm volatile("pushw %%es ; "
+ 	    "int $0x15 ; "
+ 	    "setc %0 ; "
+ 	    "movw %%es, %1 ; "
+diff -urNp linux-2.6.29.6/arch/x86/ia32/ia32_signal.c linux-2.6.29.6/arch/x86/ia32/ia32_signal.c
+--- linux-2.6.29.6/arch/x86/ia32/ia32_signal.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/ia32/ia32_signal.c	2009-07-23 17:34:32.054707168 -0400
+@@ -387,7 +387,7 @@ static void __user *get_sigframe(struct 
+ 	sp -= frame_size;
+ 	/* Align the stack pointer according to the i386 ABI,
+ 	 * i.e. so that on function entry ((sp + 4) & 15) == 0. */
+-	sp = ((sp + 4) & -16ul) - 4;
++	sp = ((sp - 12) & -16ul) - 4;
+ 	return (void __user *) sp;
+ }
+ 
+@@ -464,7 +464,7 @@ int ia32_setup_frame(int sig, struct k_s
+ 
+ #if DEBUG_SIG
+ 	printk(KERN_DEBUG "SIG deliver (%s:%d): sp=%p pc=%lx ra=%u\n",
+-	       current->comm, current->pid, frame, regs->ip, frame->pretcode);
++	       current->comm, task_pid_nr(current), frame, regs->ip, frame->pretcode);
+ #endif
+ 
+ 	return 0;
+@@ -488,7 +488,7 @@ int ia32_setup_rt_frame(int sig, struct 
+ 		0xb8,
+ 		__NR_ia32_rt_sigreturn,
+ 		0x80cd,
+-		0,
++		0
+ 	};
+ 
+ 	frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate);
+@@ -551,7 +551,7 @@ int ia32_setup_rt_frame(int sig, struct 
+ 
+ #if DEBUG_SIG
+ 	printk(KERN_DEBUG "SIG deliver (%s:%d): sp=%p pc=%lx ra=%u\n",
+-	       current->comm, current->pid, frame, regs->ip, frame->pretcode);
++	       current->comm, task_pid_nr(current), frame, regs->ip, frame->pretcode);
+ #endif
+ 
+ 	return 0;
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/alternative.h linux-2.6.29.6/arch/x86/include/asm/alternative.h
+--- linux-2.6.29.6/arch/x86/include/asm/alternative.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/alternative.h	2009-07-23 17:34:32.054707168 -0400
+@@ -96,7 +96,7 @@ const unsigned char *const *find_nop_tab
+ 		      "	 .byte 662b-661b\n"	/* sourcelen */		\
+ 		      "	 .byte 664f-663f\n"	/* replacementlen */	\
+ 		      ".previous\n"					\
+-		      ".section .altinstr_replacement,\"ax\"\n"		\
++		      ".section .altinstr_replacement,\"a\"\n"		\
+ 		      "663:\n\t" newinstr "\n664:\n"  /* replacement */	\
+ 		      ".previous" :: "i" (feature) : "memory")
+ 
+@@ -120,7 +120,7 @@ const unsigned char *const *find_nop_tab
+ 		      "	 .byte 662b-661b\n"	/* sourcelen */		\
+ 		      "	 .byte 664f-663f\n"	/* replacementlen */	\
+ 		      ".previous\n"					\
+-		      ".section .altinstr_replacement,\"ax\"\n"		\
++		      ".section .altinstr_replacement,\"a\"\n"		\
+ 		      "663:\n\t" newinstr "\n664:\n"  /* replacement */	\
+ 		      ".previous" :: "i" (feature), ##input)
+ 
+@@ -135,7 +135,7 @@ const unsigned char *const *find_nop_tab
+ 		      "	 .byte 662b-661b\n"	/* sourcelen */		\
+ 		      "	 .byte 664f-663f\n"	/* replacementlen */	\
+ 		      ".previous\n"					\
+-		      ".section .altinstr_replacement,\"ax\"\n"		\
++		      ".section .altinstr_replacement,\"a\"\n"		\
+ 		      "663:\n\t" newinstr "\n664:\n"  /* replacement */ \
+ 		      ".previous" : output : [feat] "i" (feature), ##input)
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/atomic_32.h linux-2.6.29.6/arch/x86/include/asm/atomic_32.h
+--- linux-2.6.29.6/arch/x86/include/asm/atomic_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/atomic_32.h	2009-07-23 17:34:32.054707168 -0400
+@@ -39,7 +39,29 @@
+  */
+ static inline void atomic_add(int i, atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "addl %1,%0"
++	asm volatile(LOCK_PREFIX "addl %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "subl %1,%0\n"
++		     "into\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     : "+m" (v->counter)
++		     : "ir" (i));
++}
++
++/**
++ * atomic_add_unchecked - add integer to atomic variable
++ * @i: integer value to add
++ * @v: pointer of type atomic_t
++ *
++ * Atomically adds @i to @v.
++ */
++static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
++{
++	asm volatile(LOCK_PREFIX "addl %1,%0\n"
+ 		     : "+m" (v->counter)
+ 		     : "ir" (i));
+ }
+@@ -53,7 +75,29 @@ static inline void atomic_add(int i, ato
+  */
+ static inline void atomic_sub(int i, atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "subl %1,%0"
++	asm volatile(LOCK_PREFIX "subl %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "addl %1,%0\n"
++		     "into\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     : "+m" (v->counter)
++		     : "ir" (i));
++}
++
++/**
++ * atomic_sub_unchecked - subtract integer from atomic variable
++ * @i: integer value to subtract
++ * @v: pointer of type atomic_t
++ *
++ * Atomically subtracts @i from @v.
++ */
++static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
++{
++	asm volatile(LOCK_PREFIX "subl %1,%0\n"
+ 		     : "+m" (v->counter)
+ 		     : "ir" (i));
+ }
+@@ -71,7 +115,16 @@ static inline int atomic_sub_and_test(in
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
++	asm volatile(LOCK_PREFIX "subl %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "addl %2,%0\n"
++		     "into\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     "sete %1\n"
+ 		     : "+m" (v->counter), "=qm" (c)
+ 		     : "ir" (i) : "memory");
+ 	return c;
+@@ -85,7 +138,30 @@ static inline int atomic_sub_and_test(in
+  */
+ static inline void atomic_inc(atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "incl %0"
++	asm volatile(LOCK_PREFIX "incl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "into\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "decl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     : "+m" (v->counter));
++}
++
++/**
++ * atomic_inc_unchecked - increment atomic variable
++ * @v: pointer of type atomic_t
++ *
++ * Atomically increments @v by 1.
++ */
++static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
++{
++	asm volatile(LOCK_PREFIX "incl %0\n"
+ 		     : "+m" (v->counter));
+ }
+ 
+@@ -97,7 +173,18 @@ static inline void atomic_inc(atomic_t *
+  */
+ static inline void atomic_dec(atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "decl %0"
++	asm volatile(LOCK_PREFIX "decl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "into\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "incl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+m" (v->counter));
+ }
+ 
+@@ -113,7 +200,19 @@ static inline int atomic_dec_and_test(at
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "decl %0; sete %1"
++	asm volatile(LOCK_PREFIX "decl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "into\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "incl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "+m" (v->counter), "=qm" (c)
+ 		     : : "memory");
+ 	return c != 0;
+@@ -131,7 +230,19 @@ static inline int atomic_inc_and_test(at
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "incl %0; sete %1"
++	asm volatile(LOCK_PREFIX "incl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "into\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "decl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "+m" (v->counter), "=qm" (c)
+ 		     : : "memory");
+ 	return c != 0;
+@@ -150,7 +261,16 @@ static inline int atomic_add_negative(in
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
++	asm volatile(LOCK_PREFIX "addl %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "subl %2,%0\n"
++		     "into\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     "sets %1\n"
+ 		     : "+m" (v->counter), "=qm" (c)
+ 		     : "ir" (i) : "memory");
+ 	return c;
+@@ -173,7 +293,15 @@ static inline int atomic_add_return(int 
+ #endif
+ 	/* Modern 486+ processor */
+ 	__i = i;
+-	asm volatile(LOCK_PREFIX "xaddl %0, %1"
++	asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "movl %0, %1\n"
++		     "into\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
+ 		     : "+r" (i), "+m" (v->counter)
+ 		     : : "memory");
+ 	return i + __i;
+@@ -214,17 +342,28 @@ static inline int atomic_sub_return(int 
+  */
+ static inline int atomic_add_unless(atomic_t *v, int a, int u)
+ {
+-	int c, old;
++	int c, old, new;
+ 	c = atomic_read(v);
+ 	for (;;) {
+-		if (unlikely(c == (u)))
++		if (unlikely(c == u))
+ 			break;
+-		old = atomic_cmpxchg((v), c, c + (a));
++
++		asm volatile("addl %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++			     "into\n0:\n"
++			     _ASM_EXTABLE(0b, 0b)
++#endif
++
++			     : "=r" (new)
++			     : "0" (c), "ir" (a));
++
++		old = atomic_cmpxchg(v, c, new);
+ 		if (likely(old == c))
+ 			break;
+ 		c = old;
+ 	}
+-	return c != (u);
++	return c != u;
+ }
+ 
+ #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/atomic_64.h linux-2.6.29.6/arch/x86/include/asm/atomic_64.h
+--- linux-2.6.29.6/arch/x86/include/asm/atomic_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/atomic_64.h	2009-07-23 17:34:32.054707168 -0400
+@@ -38,7 +38,29 @@
+  */
+ static inline void atomic_add(int i, atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "addl %1,%0"
++	asm volatile(LOCK_PREFIX "addl %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "subl %1,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     : "=m" (v->counter)
++		     : "ir" (i), "m" (v->counter));
++}
++
++/**
++ * atomic_add_unchecked - add integer to atomic variable
++ * @i: integer value to add
++ * @v: pointer of type atomic_t
++ *
++ * Atomically adds @i to @v.
++ */
++static inline void atomic_add_unchecked(int i, atomic_unchecked_t *v)
++{
++	asm volatile(LOCK_PREFIX "addl %1,%0\n"
+ 		     : "=m" (v->counter)
+ 		     : "ir" (i), "m" (v->counter));
+ }
+@@ -52,7 +74,29 @@ static inline void atomic_add(int i, ato
+  */
+ static inline void atomic_sub(int i, atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "subl %1,%0"
++	asm volatile(LOCK_PREFIX "subl %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "addl %1,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     : "=m" (v->counter)
++		     : "ir" (i), "m" (v->counter));
++}
++
++/**
++ * atomic_sub_unchecked - subtract the atomic variable
++ * @i: integer value to subtract
++ * @v: pointer of type atomic_t
++ *
++ * Atomically subtracts @i from @v.
++ */
++static inline void atomic_sub_unchecked(int i, atomic_unchecked_t *v)
++{
++	asm volatile(LOCK_PREFIX "subl %1,%0\n"
+ 		     : "=m" (v->counter)
+ 		     : "ir" (i), "m" (v->counter));
+ }
+@@ -70,7 +114,16 @@ static inline int atomic_sub_and_test(in
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "subl %2,%0; sete %1"
++	asm volatile(LOCK_PREFIX "subl %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "addl %2,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     "sete %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "ir" (i), "m" (v->counter) : "memory");
+ 	return c;
+@@ -84,7 +137,32 @@ static inline int atomic_sub_and_test(in
+  */
+ static inline void atomic_inc(atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "incl %0"
++	asm volatile(LOCK_PREFIX "incl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "decl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     : "=m" (v->counter)
++		     : "m" (v->counter));
++}
++
++/**
++ * atomic_inc_unchecked - increment atomic variable
++ * @v: pointer of type atomic_t
++ *
++ * Atomically increments @v by 1.
++ */
++static inline void atomic_inc_unchecked(atomic_unchecked_t *v)
++{
++	asm volatile(LOCK_PREFIX "incl %0\n"
+ 		     : "=m" (v->counter)
+ 		     : "m" (v->counter));
+ }
+@@ -97,7 +175,19 @@ static inline void atomic_inc(atomic_t *
+  */
+ static inline void atomic_dec(atomic_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "decl %0"
++	asm volatile(LOCK_PREFIX "decl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "incl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "=m" (v->counter)
+ 		     : "m" (v->counter));
+ }
+@@ -114,7 +204,20 @@ static inline int atomic_dec_and_test(at
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "decl %0; sete %1"
++	asm volatile(LOCK_PREFIX "decl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "incl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "m" (v->counter) : "memory");
+ 	return c != 0;
+@@ -132,7 +235,20 @@ static inline int atomic_inc_and_test(at
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "incl %0; sete %1"
++	asm volatile(LOCK_PREFIX "incl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "decl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "m" (v->counter) : "memory");
+ 	return c != 0;
+@@ -151,7 +267,16 @@ static inline int atomic_add_negative(in
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "addl %2,%0; sets %1"
++	asm volatile(LOCK_PREFIX "addl %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "subl %2,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     "sets %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "ir" (i), "m" (v->counter) : "memory");
+ 	return c;
+@@ -167,7 +292,15 @@ static inline int atomic_add_negative(in
+ static inline int atomic_add_return(int i, atomic_t *v)
+ {
+ 	int __i = i;
+-	asm volatile(LOCK_PREFIX "xaddl %0, %1"
++	asm volatile(LOCK_PREFIX "xaddl %0, %1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "movl %0, %1\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
+ 		     : "+r" (i), "+m" (v->counter)
+ 		     : : "memory");
+ 	return i + __i;
+@@ -212,7 +345,15 @@ static inline int atomic_sub_return(int 
+  */
+ static inline void atomic64_add(long i, atomic64_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "addq %1,%0"
++	asm volatile(LOCK_PREFIX "addq %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "subq %1,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
+ 		     : "=m" (v->counter)
+ 		     : "er" (i), "m" (v->counter));
+ }
+@@ -226,7 +367,15 @@ static inline void atomic64_add(long i, 
+  */
+ static inline void atomic64_sub(long i, atomic64_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "subq %1,%0"
++	asm volatile(LOCK_PREFIX "subq %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "addq %1,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
+ 		     : "=m" (v->counter)
+ 		     : "er" (i), "m" (v->counter));
+ }
+@@ -244,7 +393,16 @@ static inline int atomic64_sub_and_test(
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "subq %2,%0; sete %1"
++	asm volatile(LOCK_PREFIX "subq %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "addq %2,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     "sete %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "er" (i), "m" (v->counter) : "memory");
+ 	return c;
+@@ -258,7 +416,19 @@ static inline int atomic64_sub_and_test(
+  */
+ static inline void atomic64_inc(atomic64_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "incq %0"
++	asm volatile(LOCK_PREFIX "incq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "decq %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "=m" (v->counter)
+ 		     : "m" (v->counter));
+ }
+@@ -271,7 +441,19 @@ static inline void atomic64_inc(atomic64
+  */
+ static inline void atomic64_dec(atomic64_t *v)
+ {
+-	asm volatile(LOCK_PREFIX "decq %0"
++	asm volatile(LOCK_PREFIX "decq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "incq %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "=m" (v->counter)
+ 		     : "m" (v->counter));
+ }
+@@ -288,7 +470,20 @@ static inline int atomic64_dec_and_test(
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "decq %0; sete %1"
++	asm volatile(LOCK_PREFIX "decq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "incq %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "m" (v->counter) : "memory");
+ 	return c != 0;
+@@ -306,7 +501,20 @@ static inline int atomic64_inc_and_test(
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "incq %0; sete %1"
++	asm volatile(LOCK_PREFIX "incq %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1: \n"
++		     LOCK_PREFIX "decq %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "m" (v->counter) : "memory");
+ 	return c != 0;
+@@ -325,7 +533,16 @@ static inline int atomic64_add_negative(
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(LOCK_PREFIX "addq %2,%0; sets %1"
++	asm volatile(LOCK_PREFIX "addq %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     LOCK_PREFIX "subq %2,%0\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
++		     "sets %1\n"
+ 		     : "=m" (v->counter), "=qm" (c)
+ 		     : "er" (i), "m" (v->counter) : "memory");
+ 	return c;
+@@ -341,7 +558,15 @@ static inline int atomic64_add_negative(
+ static inline long atomic64_add_return(long i, atomic64_t *v)
+ {
+ 	long __i = i;
+-	asm volatile(LOCK_PREFIX "xaddq %0, %1;"
++	asm volatile(LOCK_PREFIX "xaddq %0, %1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++		     "jno 0f\n"
++		     "movq %0, %1\n"
++		     "int $4\n0:\n"
++		     _ASM_EXTABLE(0b, 0b)
++#endif
++
+ 		     : "+r" (i), "+m" (v->counter)
+ 		     : : "memory");
+ 	return i + __i;
+@@ -372,17 +597,29 @@ static inline long atomic64_sub_return(l
+  */
+ static inline int atomic_add_unless(atomic_t *v, int a, int u)
+ {
+-	int c, old;
++	int c, old, new;
+ 	c = atomic_read(v);
+ 	for (;;) {
+-		if (unlikely(c == (u)))
++		if (unlikely(c == u))
+ 			break;
+-		old = atomic_cmpxchg((v), c, c + (a));
++
++		asm volatile("addl %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++			     "jno 0f\n"
++			     "int $4\n0:\n"
++			     _ASM_EXTABLE(0b, 0b)
++#endif
++
++			     : "=r" (new)
++			     : "0" (c), "ir" (a));
++
++		old = atomic_cmpxchg(v, c, new);
+ 		if (likely(old == c))
+ 			break;
+ 		c = old;
+ 	}
+-	return c != (u);
++	return c != u;
+ }
+ 
+ #define atomic_inc_not_zero(v) atomic_add_unless((v), 1, 0)
+@@ -398,17 +635,29 @@ static inline int atomic_add_unless(atom
+  */
+ static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
+ {
+-	long c, old;
++	long c, old, new;
+ 	c = atomic64_read(v);
+ 	for (;;) {
+-		if (unlikely(c == (u)))
++		if (unlikely(c == u))
+ 			break;
+-		old = atomic64_cmpxchg((v), c, c + (a));
++
++		asm volatile("addq %2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++			     "jno 0f\n"
++			     "int $4\n0:\n"
++			     _ASM_EXTABLE(0b, 0b)
++#endif
++
++			     : "=r" (new)
++			     : "0" (c), "er" (a));
++
++		old = atomic64_cmpxchg((v), c, new);
+ 		if (likely(old == c))
+ 			break;
+ 		c = old;
+ 	}
+-	return c != (u);
++	return c != u;
+ }
+ 
+ /**
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/boot.h linux-2.6.29.6/arch/x86/include/asm/boot.h
+--- linux-2.6.29.6/arch/x86/include/asm/boot.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/boot.h	2009-07-23 17:34:32.055953640 -0400
+@@ -11,10 +11,15 @@
+ #define ASK_VGA		0xfffd		/* ask for it at bootup */
+ 
+ /* Physical address where kernel should be loaded. */
+-#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
++#define ____LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \
+ 				+ (CONFIG_PHYSICAL_ALIGN - 1)) \
+ 				& ~(CONFIG_PHYSICAL_ALIGN - 1))
+ 
++#ifndef __ASSEMBLY__
++extern unsigned char __LOAD_PHYSICAL_ADDR[];
++#define LOAD_PHYSICAL_ADDR ((unsigned long)__LOAD_PHYSICAL_ADDR)
++#endif
++
+ #ifdef CONFIG_X86_64
+ #define BOOT_HEAP_SIZE	0x7000
+ #define BOOT_STACK_SIZE	0x4000
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/cache.h linux-2.6.29.6/arch/x86/include/asm/cache.h
+--- linux-2.6.29.6/arch/x86/include/asm/cache.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/cache.h	2009-07-23 17:34:32.055953640 -0400
+@@ -6,6 +6,7 @@
+ #define L1_CACHE_BYTES	(1 << L1_CACHE_SHIFT)
+ 
+ #define __read_mostly __attribute__((__section__(".data.read_mostly")))
++#define __read_only __attribute__((__section__(".data.read_only")))
+ 
+ #ifdef CONFIG_X86_VSMP
+ /* vSMP Internode cacheline shift */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/checksum_32.h linux-2.6.29.6/arch/x86/include/asm/checksum_32.h
+--- linux-2.6.29.6/arch/x86/include/asm/checksum_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/checksum_32.h	2009-07-23 17:34:32.055953640 -0400
+@@ -31,6 +31,14 @@ asmlinkage __wsum csum_partial_copy_gene
+ 					    int len, __wsum sum,
+ 					    int *src_err_ptr, int *dst_err_ptr);
+ 
++asmlinkage __wsum csum_partial_copy_generic_to_user(const void *src, void *dst,
++						  int len, __wsum sum,
++						  int *src_err_ptr, int *dst_err_ptr);
++
++asmlinkage __wsum csum_partial_copy_generic_from_user(const void *src, void *dst,
++						  int len, __wsum sum,
++						  int *src_err_ptr, int *dst_err_ptr);
++
+ /*
+  *	Note: when you get a NULL pointer exception here this means someone
+  *	passed in an incorrect kernel address to one of these functions.
+@@ -50,7 +58,7 @@ static inline __wsum csum_partial_copy_f
+ 						 int *err_ptr)
+ {
+ 	might_sleep();
+-	return csum_partial_copy_generic((__force void *)src, dst,
++	return csum_partial_copy_generic_from_user((__force void *)src, dst,
+ 					 len, sum, err_ptr, NULL);
+ }
+ 
+@@ -177,7 +185,7 @@ static inline __wsum csum_and_copy_to_us
+ {
+ 	might_sleep();
+ 	if (access_ok(VERIFY_WRITE, dst, len))
+-		return csum_partial_copy_generic(src, (__force void *)dst,
++		return csum_partial_copy_generic_to_user(src, (__force void *)dst,
+ 						 len, sum, NULL, err_ptr);
+ 
+ 	if (len)
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/desc.h linux-2.6.29.6/arch/x86/include/asm/desc.h
+--- linux-2.6.29.6/arch/x86/include/asm/desc.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/desc.h	2009-07-23 17:34:32.055953640 -0400
+@@ -16,6 +16,7 @@ static inline void fill_ldt(struct desc_
+ 	desc->base1 = (info->base_addr & 0x00ff0000) >> 16;
+ 	desc->type = (info->read_exec_only ^ 1) << 1;
+ 	desc->type |= info->contents << 2;
++	desc->type |= info->seg_not_present ^ 1;
+ 	desc->s = 1;
+ 	desc->dpl = 0x3;
+ 	desc->p = info->seg_not_present ^ 1;
+@@ -32,16 +33,12 @@ static inline void fill_ldt(struct desc_
+ }
+ 
+ extern struct desc_ptr idt_descr;
+-extern gate_desc idt_table[];
+-
+-struct gdt_page {
+-	struct desc_struct gdt[GDT_ENTRIES];
+-} __attribute__((aligned(PAGE_SIZE)));
+-DECLARE_PER_CPU(struct gdt_page, gdt_page);
++extern gate_desc idt_table[256];
+ 
++extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)];
+ static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu)
+ {
+-	return per_cpu(gdt_page, cpu).gdt;
++	return cpu_gdt_table[cpu];
+ }
+ 
+ #ifdef CONFIG_X86_64
+@@ -115,19 +112,48 @@ static inline void paravirt_free_ldt(str
+ static inline void native_write_idt_entry(gate_desc *idt, int entry,
+ 					  const gate_desc *gate)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	memcpy(&idt[entry], gate, sizeof(*gate));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ static inline void native_write_ldt_entry(struct desc_struct *ldt, int entry,
+ 					  const void *desc)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	memcpy(&ldt[entry], desc, 8);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ static inline void native_write_gdt_entry(struct desc_struct *gdt, int entry,
+ 					  const void *desc, int type)
+ {
+ 	unsigned int size;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	switch (type) {
+ 	case DESC_TSS:
+ 		size = sizeof(tss_desc);
+@@ -139,7 +165,17 @@ static inline void native_write_gdt_entr
+ 		size = sizeof(struct desc_struct);
+ 		break;
+ 	}
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	memcpy(&gdt[entry], desc, size);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ static inline void pack_descriptor(struct desc_struct *desc, unsigned long base,
+@@ -211,7 +247,19 @@ static inline void native_set_ldt(const 
+ 
+ static inline void native_load_tr_desc(void)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	asm volatile("ltr %w0"::"q" (GDT_ENTRY_TSS*8));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ static inline void native_load_gdt(const struct desc_ptr *dtr)
+@@ -246,8 +294,19 @@ static inline void native_load_tls(struc
+ 	unsigned int i;
+ 	struct desc_struct *gdt = get_cpu_gdt_table(cpu);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	for (i = 0; i < GDT_ENTRY_TLS_ENTRIES; i++)
+ 		gdt[GDT_ENTRY_TLS_MIN + i] = t->tls_array[i];
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ #define _LDT_empty(info)				\
+@@ -379,6 +438,18 @@ static inline void set_system_intr_gate_
+ 	_set_gate(n, GATE_INTERRUPT, addr, 0x3, ist, __KERNEL_CS);
+ }
+ 
++#ifdef CONFIG_X86_32
++static inline void set_user_cs(unsigned long base, unsigned long limit, int cpu)
++{
++	struct desc_struct d;
++
++	if (likely(limit))
++		limit = (limit - 1UL) >> PAGE_SHIFT;
++	pack_descriptor(&d, base, limit, 0xFB, 0xC);
++	write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_CS, &d, DESCTYPE_S);
++}
++#endif
++
+ #else
+ /*
+  * GET_DESC_BASE reads the descriptor base of the specified segment.
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/e820.h linux-2.6.29.6/arch/x86/include/asm/e820.h
+--- linux-2.6.29.6/arch/x86/include/asm/e820.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/e820.h	2009-07-23 17:34:32.055953640 -0400
+@@ -135,7 +135,7 @@ extern char *memory_setup(void);
+ #define ISA_END_ADDRESS		0x100000
+ #define is_ISA_range(s, e) ((s) >= ISA_START_ADDRESS && (e) < ISA_END_ADDRESS)
+ 
+-#define BIOS_BEGIN		0x000a0000
++#define BIOS_BEGIN		0x000c0000
+ #define BIOS_END		0x00100000
+ 
+ #ifdef __KERNEL__
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/elf.h linux-2.6.29.6/arch/x86/include/asm/elf.h
+--- linux-2.6.29.6/arch/x86/include/asm/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/elf.h	2009-07-23 17:34:32.056803140 -0400
+@@ -252,7 +252,25 @@ extern int force_personality32;
+    the loader.  We need to make sure that it is out of the way of the program
+    that it will "exec", and that there is sufficient room for the brk.  */
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++#define ELF_ET_DYN_BASE		((current->mm->pax_flags & MF_PAX_SEGMEXEC) ? SEGMEXEC_TASK_SIZE/3*2 : TASK_SIZE/3*2)
++#else
+ #define ELF_ET_DYN_BASE		(TASK_SIZE / 3 * 2)
++#endif
++
++#ifdef CONFIG_PAX_ASLR
++#ifdef CONFIG_X86_32
++#define PAX_ELF_ET_DYN_BASE	0x10000000UL
++
++#define PAX_DELTA_MMAP_LEN	(current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
++#define PAX_DELTA_STACK_LEN	(current->mm->pax_flags & MF_PAX_SEGMEXEC ? 15 : 16)
++#else
++#define PAX_ELF_ET_DYN_BASE	0x400000UL
++
++#define PAX_DELTA_MMAP_LEN	((test_thread_flag(TIF_IA32)) ? 16 : 32)
++#define PAX_DELTA_STACK_LEN	((test_thread_flag(TIF_IA32)) ? 16 : 32)
++#endif
++#endif
+ 
+ /* This yields a mask that user programs can use to figure out what
+    instruction set this CPU supports.  This could be done in user space,
+@@ -304,8 +322,7 @@ do {									\
+ #define ARCH_DLINFO							\
+ do {									\
+ 	if (vdso_enabled)						\
+-		NEW_AUX_ENT(AT_SYSINFO_EHDR,				\
+-			    (unsigned long)current->mm->context.vdso);	\
++		NEW_AUX_ENT(AT_SYSINFO_EHDR, current->mm->context.vdso);\
+ } while (0)
+ 
+ #define AT_SYSINFO		32
+@@ -316,7 +333,7 @@ do {									\
+ 
+ #endif /* !CONFIG_X86_32 */
+ 
+-#define VDSO_CURRENT_BASE	((unsigned long)current->mm->context.vdso)
++#define VDSO_CURRENT_BASE	(current->mm->context.vdso)
+ 
+ #define VDSO_ENTRY							\
+ 	((unsigned long)VDSO32_SYMBOL(VDSO_CURRENT_BASE, vsyscall))
+@@ -330,7 +347,4 @@ extern int arch_setup_additional_pages(s
+ extern int syscall32_setup_pages(struct linux_binprm *, int exstack);
+ #define compat_arch_setup_additional_pages	syscall32_setup_pages
+ 
+-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
+-#define arch_randomize_brk arch_randomize_brk
+-
+ #endif /* _ASM_X86_ELF_H */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/futex.h linux-2.6.29.6/arch/x86/include/asm/futex.h
+--- linux-2.6.29.6/arch/x86/include/asm/futex.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/futex.h	2009-07-23 17:34:32.056803140 -0400
+@@ -11,6 +11,40 @@
+ #include <asm/processor.h>
+ #include <asm/system.h>
+ 
++#ifdef CONFIG_X86_32
++#define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg)	\
++	asm volatile(						\
++		     "movw\t%w6, %%ds\n"			\
++		     "1:\t" insn "\n"				\
++		     "2:\tpushl\t%%ss\n"			\
++		     "\tpopl\t%%ds\n"				\
++		     "\t.section .fixup,\"ax\"\n"		\
++		     "3:\tmov\t%3, %1\n"			\
++		     "\tjmp\t2b\n"				\
++		     "\t.previous\n"				\
++		     _ASM_EXTABLE(1b, 3b)			\
++		     : "=r" (oldval), "=r" (ret), "+m" (*uaddr)	\
++		     : "i" (-EFAULT), "0" (oparg), "1" (0), "r" (__USER_DS))
++
++#define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg)	\
++	asm volatile("movw\t%w7, %%es\n"			\
++		     "1:\tmovl\t%%es:%2, %0\n"			\
++		     "\tmovl\t%0, %3\n"				\
++		     "\t" insn "\n"				\
++		     "2:\t" LOCK_PREFIX "cmpxchgl %3, %%es:%2\n"\
++		     "\tjnz\t1b\n"				\
++		     "3:\tpushl\t%%ss\n"			\
++		     "\tpopl\t%%es\n"				\
++		     "\t.section .fixup,\"ax\"\n"		\
++		     "4:\tmov\t%5, %1\n"			\
++		     "\tjmp\t3b\n"				\
++		     "\t.previous\n"				\
++		     _ASM_EXTABLE(1b, 4b)			\
++		     _ASM_EXTABLE(2b, 4b)			\
++		     : "=&a" (oldval), "=&r" (ret),		\
++		       "+m" (*uaddr), "=&r" (tem)		\
++		     : "r" (oparg), "i" (-EFAULT), "1" (0), "r" (__USER_DS))
++#else
+ #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg)	\
+ 	asm volatile("1:\t" insn "\n"				\
+ 		     "2:\t.section .fixup,\"ax\"\n"		\
+@@ -36,8 +70,9 @@
+ 		     : "=&a" (oldval), "=&r" (ret),		\
+ 		       "+m" (*uaddr), "=&r" (tem)		\
+ 		     : "r" (oparg), "i" (-EFAULT), "1" (0))
++#endif
+ 
+-static inline int futex_atomic_op_inuser(int encoded_op, int __user *uaddr)
++static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
+ {
+ 	int op = (encoded_op >> 28) & 7;
+ 	int cmp = (encoded_op >> 24) & 15;
+@@ -61,11 +96,20 @@ static inline int futex_atomic_op_inuser
+ 
+ 	switch (op) {
+ 	case FUTEX_OP_SET:
++#ifdef CONFIG_X86_32
++		__futex_atomic_op1("xchgl %0, %%ds:%2", ret, oldval, uaddr, oparg);
++#else
+ 		__futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
++#endif
+ 		break;
+ 	case FUTEX_OP_ADD:
++#ifdef CONFIG_X86_32
++		__futex_atomic_op1(LOCK_PREFIX "xaddl %0, %%ds:%2", ret, oldval,
++				   uaddr, oparg);
++#else
+ 		__futex_atomic_op1(LOCK_PREFIX "xaddl %0, %2", ret, oldval,
+ 				   uaddr, oparg);
++#endif
+ 		break;
+ 	case FUTEX_OP_OR:
+ 		__futex_atomic_op2("orl %4, %3", ret, oldval, uaddr, oparg);
+@@ -109,7 +153,7 @@ static inline int futex_atomic_op_inuser
+ 	return ret;
+ }
+ 
+-static inline int futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval,
++static inline int futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval,
+ 						int newval)
+ {
+ 
+@@ -122,14 +166,27 @@ static inline int futex_atomic_cmpxchg_i
+ 	if (!access_ok(VERIFY_WRITE, uaddr, sizeof(int)))
+ 		return -EFAULT;
+ 
+-	asm volatile("1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
++	asm volatile(
++#ifdef CONFIG_X86_32
++		     "\tmovw %w5, %%ds\n"
++		     "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
++		     "2:\tpushl   %%ss\n"
++		     "\tpopl    %%ds\n"
++		     "\t.section .fixup, \"ax\"\n"
++#else
++		     "1:\t" LOCK_PREFIX "cmpxchgl %3, %1\n"
+ 		     "2:\t.section .fixup, \"ax\"\n"
++#endif
+ 		     "3:\tmov     %2, %0\n"
+ 		     "\tjmp     2b\n"
+ 		     "\t.previous\n"
+ 		     _ASM_EXTABLE(1b, 3b)
+ 		     : "=a" (oldval), "+m" (*uaddr)
++#ifdef CONFIG_X86_32
++		     : "i" (-EFAULT), "r" (newval), "0" (oldval), "r" (__USER_DS)
++#else
+ 		     : "i" (-EFAULT), "r" (newval), "0" (oldval)
++#endif
+ 		     : "memory"
+ 	);
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/i387.h linux-2.6.29.6/arch/x86/include/asm/i387.h
+--- linux-2.6.29.6/arch/x86/include/asm/i387.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/i387.h	2009-07-23 17:34:32.056803140 -0400
+@@ -203,13 +203,8 @@ static inline void restore_fpu(struct ta
+ }
+ 
+ /* We need a safe address that is cheap to find and that is already
+-   in L1 during context switch. The best choices are unfortunately
+-   different for UP and SMP */
+-#ifdef CONFIG_SMP
+-#define safe_address (__per_cpu_offset[0])
+-#else
+-#define safe_address (kstat_cpu(0).cpustat.user)
+-#endif
++   in L1 during context switch. */
++#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0)
+ 
+ /*
+  * These must be called with preempt disabled
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/io_64.h linux-2.6.29.6/arch/x86/include/asm/io_64.h
+--- linux-2.6.29.6/arch/x86/include/asm/io_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/io_64.h	2009-07-23 17:34:32.056803140 -0400
+@@ -158,6 +158,17 @@ static inline void *phys_to_virt(unsigne
+ }
+ #endif
+ 
++#define ARCH_HAS_VALID_PHYS_ADDR_RANGE
++static inline int valid_phys_addr_range (unsigned long addr, size_t count)
++{
++	return ((addr + count + PAGE_SIZE - 1) >> PAGE_SHIFT) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
++}
++
++static inline int valid_mmap_phys_addr_range (unsigned long pfn, size_t count)
++{
++	return (pfn + (count >> PAGE_SHIFT)) < (1 << (boot_cpu_data.x86_phys_bits - PAGE_SHIFT)) ? 1 : 0;
++}
++
+ /*
+  * Change "struct page" to physical address.
+  */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/irqflags.h linux-2.6.29.6/arch/x86/include/asm/irqflags.h
+--- linux-2.6.29.6/arch/x86/include/asm/irqflags.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/irqflags.h	2009-07-23 17:34:32.056803140 -0400
+@@ -141,6 +141,8 @@ static inline unsigned long __raw_local_
+ #define INTERRUPT_RETURN		iret
+ #define ENABLE_INTERRUPTS_SYSEXIT	sti; sysexit
+ #define GET_CR0_INTO_EAX		movl %cr0, %eax
++#define GET_CR0_INTO_EDX		movl %cr0, %edx
++#define SET_CR0_FROM_EDX		movl %edx, %cr0
+ #endif
+ 
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/kmap_types.h linux-2.6.29.6/arch/x86/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/x86/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/kmap_types.h	2009-07-23 17:34:32.056803140 -0400
+@@ -21,7 +21,8 @@ D(9)	KM_IRQ0,
+ D(10)	KM_IRQ1,
+ D(11)	KM_SOFTIRQ0,
+ D(12)	KM_SOFTIRQ1,
+-D(13)	KM_TYPE_NR
++D(13)	KM_CLEARPAGE,
++D(14)	KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/kvm_host.h linux-2.6.29.6/arch/x86/include/asm/kvm_host.h
+--- linux-2.6.29.6/arch/x86/include/asm/kvm_host.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/kvm_host.h	2009-07-23 17:34:32.057848214 -0400
+@@ -494,7 +494,7 @@ struct kvm_x86_ops {
+ 	int (*get_mt_mask_shift)(void);
+ };
+ 
+-extern struct kvm_x86_ops *kvm_x86_ops;
++extern const struct kvm_x86_ops *kvm_x86_ops;
+ 
+ int kvm_mmu_module_init(void);
+ void kvm_mmu_module_exit(void);
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/linkage.h linux-2.6.29.6/arch/x86/include/asm/linkage.h
+--- linux-2.6.29.6/arch/x86/include/asm/linkage.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/linkage.h	2009-07-23 17:34:32.057848214 -0400
+@@ -7,6 +7,11 @@
+ #ifdef CONFIG_X86_64
+ #define __ALIGN .p2align 4,,15
+ #define __ALIGN_STR ".p2align 4,,15"
++#else
++#ifdef CONFIG_X86_ALIGNMENT_16
++#define __ALIGN .align 16,0x90
++#define __ALIGN_STR ".align 16,0x90"
++#endif
+ #endif
+ 
+ #ifdef CONFIG_X86_32
+@@ -52,11 +57,6 @@
+ 
+ #endif
+ 
+-#ifdef CONFIG_X86_ALIGNMENT_16
+-#define __ALIGN .align 16,0x90
+-#define __ALIGN_STR ".align 16,0x90"
+-#endif
+-
+ /*
+  * to check ENTRY_X86/END_X86 and
+  * KPROBE_ENTRY_X86/KPROBE_END_X86
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/local.h linux-2.6.29.6/arch/x86/include/asm/local.h
+--- linux-2.6.29.6/arch/x86/include/asm/local.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/local.h	2009-07-23 17:34:32.057848214 -0400
+@@ -18,26 +18,90 @@ typedef struct {
+ 
+ static inline void local_inc(local_t *l)
+ {
+-	asm volatile(_ASM_INC "%0"
++	asm volatile(_ASM_INC "%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_DEC "%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+m" (l->a.counter));
+ }
+ 
+ static inline void local_dec(local_t *l)
+ {
+-	asm volatile(_ASM_DEC "%0"
++	asm volatile(_ASM_DEC "%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_INC "%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+m" (l->a.counter));
+ }
+ 
+ static inline void local_add(long i, local_t *l)
+ {
+-	asm volatile(_ASM_ADD "%1,%0"
++	asm volatile(_ASM_ADD "%1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_SUB "%1,%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+m" (l->a.counter)
+ 		     : "ir" (i));
+ }
+ 
+ static inline void local_sub(long i, local_t *l)
+ {
+-	asm volatile(_ASM_SUB "%1,%0"
++	asm volatile(_ASM_SUB "%1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_ADD "%1,%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+m" (l->a.counter)
+ 		     : "ir" (i));
+ }
+@@ -55,7 +119,24 @@ static inline int local_sub_and_test(lon
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(_ASM_SUB "%2,%0; sete %1"
++	asm volatile(_ASM_SUB "%2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_ADD "%2,%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "+m" (l->a.counter), "=qm" (c)
+ 		     : "ir" (i) : "memory");
+ 	return c;
+@@ -73,7 +154,24 @@ static inline int local_dec_and_test(loc
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(_ASM_DEC "%0; sete %1"
++	asm volatile(_ASM_DEC "%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_INC "%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "+m" (l->a.counter), "=qm" (c)
+ 		     : : "memory");
+ 	return c != 0;
+@@ -91,7 +189,24 @@ static inline int local_inc_and_test(loc
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(_ASM_INC "%0; sete %1"
++	asm volatile(_ASM_INC "%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_DEC "%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sete %1\n"
+ 		     : "+m" (l->a.counter), "=qm" (c)
+ 		     : : "memory");
+ 	return c != 0;
+@@ -110,7 +225,24 @@ static inline int local_add_negative(lon
+ {
+ 	unsigned char c;
+ 
+-	asm volatile(_ASM_ADD "%2,%0; sets %1"
++	asm volatile(_ASM_ADD "%2,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_SUB "%2,%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "sets %1\n"
+ 		     : "+m" (l->a.counter), "=qm" (c)
+ 		     : "ir" (i) : "memory");
+ 	return c;
+@@ -133,7 +265,23 @@ static inline long local_add_return(long
+ #endif
+ 	/* Modern 486+ processor */
+ 	__i = i;
+-	asm volatile(_ASM_XADD "%0, %1;"
++	asm volatile(_ASM_XADD "%0, %1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     _ASM_MOV "%0,%1\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+r" (i), "+m" (l->a.counter)
+ 		     : : "memory");
+ 	return i + __i;
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/mach-default/apm.h linux-2.6.29.6/arch/x86/include/asm/mach-default/apm.h
+--- linux-2.6.29.6/arch/x86/include/asm/mach-default/apm.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/mach-default/apm.h	2009-07-23 17:34:32.057848214 -0400
+@@ -34,7 +34,7 @@ static inline void apm_bios_call_asm(u32
+ 	__asm__ __volatile__(APM_DO_ZERO_SEGS
+ 		"pushl %%edi\n\t"
+ 		"pushl %%ebp\n\t"
+-		"lcall *%%cs:apm_bios_entry\n\t"
++		"lcall *%%ss:apm_bios_entry\n\t"
+ 		"setc %%al\n\t"
+ 		"popl %%ebp\n\t"
+ 		"popl %%edi\n\t"
+@@ -58,7 +58,7 @@ static inline u8 apm_bios_call_simple_as
+ 	__asm__ __volatile__(APM_DO_ZERO_SEGS
+ 		"pushl %%edi\n\t"
+ 		"pushl %%ebp\n\t"
+-		"lcall *%%cs:apm_bios_entry\n\t"
++		"lcall *%%ss:apm_bios_entry\n\t"
+ 		"setc %%bl\n\t"
+ 		"popl %%ebp\n\t"
+ 		"popl %%edi\n\t"
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/mman.h linux-2.6.29.6/arch/x86/include/asm/mman.h
+--- linux-2.6.29.6/arch/x86/include/asm/mman.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/mman.h	2009-07-23 17:34:32.058713430 -0400
+@@ -17,4 +17,14 @@
+ #define MCL_CURRENT	1		/* lock all current mappings */
+ #define MCL_FUTURE	2		/* lock all future mappings */
+ 
++#ifdef __KERNEL__
++#ifndef __ASSEMBLY__
++#ifdef CONFIG_X86_32
++#define arch_mmap_check	i386_mmap_check
++int i386_mmap_check(unsigned long addr, unsigned long len,
++		unsigned long flags);
++#endif
++#endif
++#endif
++
+ #endif /* _ASM_X86_MMAN_H */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/mmu_context_32.h linux-2.6.29.6/arch/x86/include/asm/mmu_context_32.h
+--- linux-2.6.29.6/arch/x86/include/asm/mmu_context_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/mmu_context_32.h	2009-07-23 17:34:32.058713430 -0400
+@@ -14,11 +14,15 @@ static inline void switch_mm(struct mm_s
+ 			     struct task_struct *tsk)
+ {
+ 	int cpu = smp_processor_id();
++#ifdef CONFIG_SMP
++	int tlbstate = TLBSTATE_OK;
++#endif
+ 
+ 	if (likely(prev != next)) {
+ 		/* stop flush ipis for the previous mm */
+ 		cpu_clear(cpu, prev->cpu_vm_mask);
+ #ifdef CONFIG_SMP
++		tlbstate = x86_read_percpu(cpu_tlbstate.state);
+ 		x86_write_percpu(cpu_tlbstate.state, TLBSTATE_OK);
+ 		x86_write_percpu(cpu_tlbstate.active_mm, next);
+ #endif
+@@ -32,6 +36,26 @@ static inline void switch_mm(struct mm_s
+ 		 */
+ 		if (unlikely(prev->context.ldt != next->context.ldt))
+ 			load_LDT_nolock(&next->context);
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
++		if (!nx_enabled) {
++			smp_mb__before_clear_bit();
++			cpu_clear(cpu, prev->context.cpu_user_cs_mask);
++			smp_mb__after_clear_bit();
++			cpu_set(cpu, next->context.cpu_user_cs_mask);
++		}
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++		if (unlikely(prev->context.user_cs_base != next->context.user_cs_base ||
++			     prev->context.user_cs_limit != next->context.user_cs_limit
++#ifdef CONFIG_SMP
++			     || tlbstate != TLBSTATE_OK
++#endif
++			    ))
++			set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
++#endif
++
+ 	}
+ #ifdef CONFIG_SMP
+ 	else {
+@@ -44,6 +68,19 @@ static inline void switch_mm(struct mm_s
+ 			 */
+ 			load_cr3(next->pgd);
+ 			load_LDT_nolock(&next->context);
++
++#ifdef CONFIG_PAX_PAGEEXEC
++			if (!nx_enabled)
++				cpu_set(cpu, next->context.cpu_user_cs_mask);
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++#ifdef CONFIG_PAX_PAGEEXEC
++			if (!((next->pax_flags & MF_PAX_PAGEEXEC) && nx_enabled))
++#endif
++				set_user_cs(next->context.user_cs_base, next->context.user_cs_limit, cpu);
++#endif
++
+ 		}
+ 	}
+ #endif
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/mmu.h linux-2.6.29.6/arch/x86/include/asm/mmu.h
+--- linux-2.6.29.6/arch/x86/include/asm/mmu.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/mmu.h	2009-07-23 17:34:32.058713430 -0400
+@@ -9,10 +9,23 @@
+  * we put the segment information here.
+  */
+ typedef struct {
+-	void *ldt;
++	struct desc_struct *ldt;
+ 	int size;
+ 	struct mutex lock;
+-	void *vdso;
++	unsigned long vdso;
++
++#ifdef CONFIG_X86_32
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++	unsigned long user_cs_base;
++	unsigned long user_cs_limit;
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
++	cpumask_t cpu_user_cs_mask;
++#endif
++
++#endif
++#endif
++
+ } mm_context_t;
+ 
+ #ifdef CONFIG_SMP
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/module.h linux-2.6.29.6/arch/x86/include/asm/module.h
+--- linux-2.6.29.6/arch/x86/include/asm/module.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/module.h	2009-07-23 17:34:32.058713430 -0400
+@@ -74,7 +74,12 @@ struct mod_arch_specific {};
+ # else
+ #  define MODULE_STACKSIZE ""
+ # endif
+-# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE
++# ifdef CONFIG_GRKERNSEC
++#  define MODULE_GRSEC "GRSECURITY "
++# else
++#  define MODULE_GRSEC ""
++# endif
++# define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_STACKSIZE MODULE_GRSEC
+ #endif
+ 
+ #endif /* _ASM_X86_MODULE_H */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/page_32.h linux-2.6.29.6/arch/x86/include/asm/page_32.h
+--- linux-2.6.29.6/arch/x86/include/asm/page_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/page_32.h	2009-07-23 17:34:32.058713430 -0400
+@@ -13,6 +13,23 @@
+  */
+ #define __PAGE_OFFSET		_AC(CONFIG_PAGE_OFFSET, UL)
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++#ifndef __ASSEMBLY__
++extern unsigned char MODULES_VADDR[];
++extern unsigned char MODULES_END[];
++extern unsigned char KERNEL_TEXT_OFFSET[];
++#define ktla_ktva(addr)		(addr + (unsigned long)KERNEL_TEXT_OFFSET)
++#define ktva_ktla(addr)		(addr - (unsigned long)KERNEL_TEXT_OFFSET)
++#endif
++#else
++#define ktla_ktva(addr)		(addr)
++#define ktva_ktla(addr)		(addr)
++#endif
++
++#ifdef CONFIG_PAX_PAGEEXEC
++#define CONFIG_ARCH_TRACK_EXEC_LIMIT 1
++#endif
++
+ #ifdef CONFIG_4KSTACKS
+ #define THREAD_ORDER	0
+ #else
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/page_64.h linux-2.6.29.6/arch/x86/include/asm/page_64.h
+--- linux-2.6.29.6/arch/x86/include/asm/page_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/page_64.h	2009-07-23 17:34:32.058713430 -0400
+@@ -49,6 +49,9 @@
+ #define __START_KERNEL		(__START_KERNEL_map + __PHYSICAL_START)
+ #define __START_KERNEL_map	_AC(0xffffffff80000000, UL)
+ 
++#define ktla_ktva(addr)		(addr)
++#define ktva_ktla(addr)		(addr)
++
+ /* See Documentation/x86_64/mm.txt for a description of the memory map. */
+ #define __PHYSICAL_MASK_SHIFT	46
+ #define __VIRTUAL_MASK_SHIFT	48
+@@ -101,5 +104,6 @@ extern void init_extra_mapping_wb(unsign
+ #define pfn_valid(pfn)          ((pfn) < max_pfn)
+ #endif
+ 
++#define nx_enabled (1)
+ 
+ #endif /* _ASM_X86_PAGE_64_H */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/paravirt.h linux-2.6.29.6/arch/x86/include/asm/paravirt.h
+--- linux-2.6.29.6/arch/x86/include/asm/paravirt.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/paravirt.h	2009-07-23 17:34:32.058713430 -0400
+@@ -1558,7 +1558,7 @@ static inline unsigned long __raw_local_
+ #define PV_RESTORE_REGS popl %edx; popl %ecx; popl %edi; popl %eax
+ #define PARA_PATCH(struct, off)        ((PARAVIRT_PATCH_##struct + (off)) / 4)
+ #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
+-#define PARA_INDIRECT(addr)	*%cs:addr
++#define PARA_INDIRECT(addr)	*%ss:addr
+ #endif
+ 
+ #define INTERRUPT_RETURN						\
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/pda.h linux-2.6.29.6/arch/x86/include/asm/pda.h
+--- linux-2.6.29.6/arch/x86/include/asm/pda.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/pda.h	2009-07-23 17:34:32.059930875 -0400
+@@ -16,11 +16,9 @@ struct x8664_pda {
+ 	unsigned long oldrsp;		/* 24 user rsp for system call */
+ 	int irqcount;			/* 32 Irq nesting counter. Starts -1 */
+ 	unsigned int cpunumber;		/* 36 Logical CPU number */
+-#ifdef CONFIG_CC_STACKPROTECTOR
+ 	unsigned long stack_canary;	/* 40 stack canary value */
+ 					/* gcc-ABI: this canary MUST be at
+ 					   offset 40!!! */
+-#endif
+ 	char *irqstackptr;
+ 	short nodenumber;		/* number of current node (32k max) */
+ 	short in_bootmem;		/* pda lives in bootmem */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/percpu.h linux-2.6.29.6/arch/x86/include/asm/percpu.h
+--- linux-2.6.29.6/arch/x86/include/asm/percpu.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/percpu.h	2009-07-23 17:34:32.059930875 -0400
+@@ -93,6 +93,12 @@ DECLARE_PER_CPU(struct x8664_pda, pda);
+ 
+ #define __my_cpu_offset x86_read_percpu(this_cpu_off)
+ 
++#include <asm-generic/sections.h>
++#include <linux/threads.h>
++#define __per_cpu_offset __per_cpu_offset
++extern unsigned long __per_cpu_offset[NR_CPUS];
++#define per_cpu_offset(x) (__per_cpu_offset[x] + (unsigned long)__per_cpu_start)
++
+ /* fs segment starts at (positive) offset == __per_cpu_offset[cpu] */
+ #define __percpu_seg "%%fs:"
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/pgalloc.h linux-2.6.29.6/arch/x86/include/asm/pgalloc.h
+--- linux-2.6.29.6/arch/x86/include/asm/pgalloc.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/pgalloc.h	2009-07-23 17:34:32.059930875 -0400
+@@ -52,7 +52,7 @@ static inline void pmd_populate_kernel(s
+ 				       pmd_t *pmd, pte_t *pte)
+ {
+ 	paravirt_alloc_pte(mm, __pa(pte) >> PAGE_SHIFT);
+-	set_pmd(pmd, __pmd(__pa(pte) | _PAGE_TABLE));
++	set_pmd(pmd, __pmd(__pa(pte) | _KERNPG_TABLE));
+ }
+ 
+ static inline void pmd_populate(struct mm_struct *mm, pmd_t *pmd,
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/pgtable-2level.h linux-2.6.29.6/arch/x86/include/asm/pgtable-2level.h
+--- linux-2.6.29.6/arch/x86/include/asm/pgtable-2level.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/pgtable-2level.h	2009-07-23 17:34:32.059930875 -0400
+@@ -18,7 +18,19 @@ static inline void native_set_pte(pte_t 
+ 
+ static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	*pmdp = pmd;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ static inline void native_set_pte_atomic(pte_t *ptep, pte_t pte)
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/pgtable_32.h linux-2.6.29.6/arch/x86/include/asm/pgtable_32.h
+--- linux-2.6.29.6/arch/x86/include/asm/pgtable_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/pgtable_32.h	2009-07-23 17:34:37.457730203 -0400
+@@ -25,8 +25,6 @@
+ struct mm_struct;
+ struct vm_area_struct;
+ 
+-extern pgd_t swapper_pg_dir[1024];
+-
+ static inline void pgtable_cache_init(void) { }
+ static inline void check_pgt_cache(void) { }
+ void paging_init(void);
+@@ -46,6 +44,12 @@ extern void set_pmd_pfn(unsigned long, u
+ # include <asm/pgtable-2level-defs.h>
+ #endif
+ 
++extern pgd_t swapper_pg_dir[PTRS_PER_PGD];
++#ifdef CONFIG_X86_PAE
++extern pmd_t swapper_pm_dir[PTRS_PER_PGD][PTRS_PER_PMD];
++#endif
++extern pte_t swapper_pg_fixmap[PTRS_PER_PMD];
++
+ #define PGDIR_SIZE	(1UL << PGDIR_SHIFT)
+ #define PGDIR_MASK	(~(PGDIR_SIZE - 1))
+ 
+@@ -83,7 +87,7 @@ extern void set_pmd_pfn(unsigned long, u
+ #undef TEST_ACCESS_OK
+ 
+ /* The boot page tables (all created as a single array) */
+-extern unsigned long pg0[];
++extern pte_t pg0[];
+ 
+ #define pte_present(x)	((x).pte_low & (_PAGE_PRESENT | _PAGE_PROTNONE))
+ 
+@@ -166,6 +170,9 @@ do {						\
+ 
+ #endif /* !__ASSEMBLY__ */
+ 
++#define HAVE_ARCH_UNMAPPED_AREA
++#define HAVE_ARCH_UNMAPPED_AREA_TOPDOWN
++
+ /*
+  * kern_addr_valid() is (1) for FLATMEM and (0) for
+  * SPARSEMEM and DISCONTIGMEM
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/pgtable-3level.h linux-2.6.29.6/arch/x86/include/asm/pgtable-3level.h
+--- linux-2.6.29.6/arch/x86/include/asm/pgtable-3level.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/pgtable-3level.h	2009-07-23 17:34:32.060764502 -0400
+@@ -70,12 +70,36 @@ static inline void native_set_pte_atomic
+ 
+ static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	set_64bit((unsigned long long *)(pmdp), native_pmd_val(pmd));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ static inline void native_set_pud(pud_t *pudp, pud_t pud)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	set_64bit((unsigned long long *)(pudp), native_pud_val(pud));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ /*
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/pgtable_64.h linux-2.6.29.6/arch/x86/include/asm/pgtable_64.h
+--- linux-2.6.29.6/arch/x86/include/asm/pgtable_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/pgtable_64.h	2009-07-23 17:34:32.060764502 -0400
+@@ -15,9 +15,12 @@
+ 
+ extern pud_t level3_kernel_pgt[512];
+ extern pud_t level3_ident_pgt[512];
++extern pud_t level3_vmalloc_pgt[512];
++extern pud_t level3_vmemmap_pgt[512];
+ extern pmd_t level2_kernel_pgt[512];
+ extern pmd_t level2_fixmap_pgt[512];
+-extern pmd_t level2_ident_pgt[512];
++extern pmd_t level2_ident_pgt[512*4];
++extern pte_t level1_fixmap_pgt[512];
+ extern pgd_t init_level4_pgt[];
+ 
+ #define swapper_pg_dir init_level4_pgt
+@@ -106,7 +109,19 @@ static inline pte_t native_ptep_get_and_
+ 
+ static inline void native_set_pmd(pmd_t *pmdp, pmd_t pmd)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	*pmdp = pmd;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ static inline void native_pmd_clear(pmd_t *pmd)
+@@ -158,17 +173,17 @@ static inline void native_pgd_clear(pgd_
+ 
+ static inline int pgd_bad(pgd_t pgd)
+ {
+-	return (pgd_val(pgd) & ~(PTE_PFN_MASK | _PAGE_USER)) != _KERNPG_TABLE;
++	return (pgd_val(pgd) & ~(PTE_PFN_MASK | _PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
+ }
+ 
+ static inline int pud_bad(pud_t pud)
+ {
+-	return (pud_val(pud) & ~(PTE_PFN_MASK | _PAGE_USER)) != _KERNPG_TABLE;
++	return (pud_val(pud) & ~(PTE_PFN_MASK | _PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
+ }
+ 
+ static inline int pmd_bad(pmd_t pmd)
+ {
+-	return (pmd_val(pmd) & ~(PTE_PFN_MASK | _PAGE_USER)) != _KERNPG_TABLE;
++	return (pmd_val(pmd) & ~(PTE_PFN_MASK | _PAGE_USER | _PAGE_NX)) != _KERNPG_TABLE;
+ }
+ 
+ #define pte_none(x)	(!pte_val((x)))
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/pgtable.h linux-2.6.29.6/arch/x86/include/asm/pgtable.h
+--- linux-2.6.29.6/arch/x86/include/asm/pgtable.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/pgtable.h	2009-07-23 17:35:05.043783588 -0400
+@@ -13,12 +13,11 @@
+ #define _PAGE_BIT_PSE		7	/* 4 MB (or 2MB) page */
+ #define _PAGE_BIT_PAT		7	/* on 4KB pages */
+ #define _PAGE_BIT_GLOBAL	8	/* Global TLB entry PPro+ */
+-#define _PAGE_BIT_UNUSED1	9	/* available for programmer */
++#define _PAGE_BIT_SPECIAL	9	/* special mappings, no associated struct page */
+ #define _PAGE_BIT_IOMAP		10	/* flag used to indicate IO mapping */
+ #define _PAGE_BIT_UNUSED3	11
+ #define _PAGE_BIT_PAT_LARGE	12	/* On 2MB or 1GB pages */
+-#define _PAGE_BIT_SPECIAL	_PAGE_BIT_UNUSED1
+-#define _PAGE_BIT_CPA_TEST	_PAGE_BIT_UNUSED1
++#define _PAGE_BIT_CPA_TEST	_PAGE_BIT_SPECIAL
+ #define _PAGE_BIT_NX           63       /* No execute: only valid after cpuid check */
+ 
+ /* If _PAGE_BIT_PRESENT is clear, we use these: */
+@@ -36,7 +35,6 @@
+ #define _PAGE_DIRTY	(_AT(pteval_t, 1) << _PAGE_BIT_DIRTY)
+ #define _PAGE_PSE	(_AT(pteval_t, 1) << _PAGE_BIT_PSE)
+ #define _PAGE_GLOBAL	(_AT(pteval_t, 1) << _PAGE_BIT_GLOBAL)
+-#define _PAGE_UNUSED1	(_AT(pteval_t, 1) << _PAGE_BIT_UNUSED1)
+ #define _PAGE_IOMAP	(_AT(pteval_t, 1) << _PAGE_BIT_IOMAP)
+ #define _PAGE_UNUSED3	(_AT(pteval_t, 1) << _PAGE_BIT_UNUSED3)
+ #define _PAGE_PAT	(_AT(pteval_t, 1) << _PAGE_BIT_PAT)
+@@ -48,7 +46,7 @@
+ #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE)
+ #define _PAGE_NX	(_AT(pteval_t, 1) << _PAGE_BIT_NX)
+ #else
+-#define _PAGE_NX	(_AT(pteval_t, 0))
++#define _PAGE_NX	(_AT(pteval_t, 1) << _PAGE_BIT_UNUSED3)
+ #endif
+ 
+ #define _PAGE_FILE	(_AT(pteval_t, 1) << _PAGE_BIT_FILE)
+@@ -85,6 +83,9 @@
+ #define PAGE_READONLY_EXEC	__pgprot(_PAGE_PRESENT | _PAGE_USER |	\
+ 					 _PAGE_ACCESSED)
+ 
++#define PAGE_READONLY_NOEXEC PAGE_READONLY
++#define PAGE_SHARED_NOEXEC PAGE_SHARED
++
+ #define __PAGE_KERNEL_EXEC						\
+ 	(_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL)
+ #define __PAGE_KERNEL		(__PAGE_KERNEL_EXEC | _PAGE_NX)
+@@ -95,8 +96,8 @@
+ #define __PAGE_KERNEL_WC		(__PAGE_KERNEL | _PAGE_CACHE_WC)
+ #define __PAGE_KERNEL_NOCACHE		(__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT)
+ #define __PAGE_KERNEL_UC_MINUS		(__PAGE_KERNEL | _PAGE_PCD)
+-#define __PAGE_KERNEL_VSYSCALL		(__PAGE_KERNEL_RX | _PAGE_USER)
+-#define __PAGE_KERNEL_VSYSCALL_NOCACHE	(__PAGE_KERNEL_VSYSCALL | _PAGE_PCD | _PAGE_PWT)
++#define __PAGE_KERNEL_VSYSCALL		(__PAGE_KERNEL_RO | _PAGE_USER)
++#define __PAGE_KERNEL_VSYSCALL_NOCACHE	(__PAGE_KERNEL_RO | _PAGE_PCD | _PAGE_PWT | _PAGE_USER)
+ #define __PAGE_KERNEL_LARGE		(__PAGE_KERNEL | _PAGE_PSE)
+ #define __PAGE_KERNEL_LARGE_NOCACHE	(__PAGE_KERNEL | _PAGE_CACHE_UC | _PAGE_PSE)
+ #define __PAGE_KERNEL_LARGE_EXEC	(__PAGE_KERNEL_EXEC | _PAGE_PSE)
+@@ -155,8 +156,8 @@
+  * bits are combined, this will alow user to access the high address mapped
+  * VDSO in the presence of CONFIG_COMPAT_VDSO
+  */
+-#define PTE_IDENT_ATTR	 0x003		/* PRESENT+RW */
+-#define PDE_IDENT_ATTR	 0x067		/* PRESENT+RW+USER+DIRTY+ACCESSED */
++#define PTE_IDENT_ATTR	 0x063		/* PRESENT+RW+DIRTY+ACCESSED */
++#define PDE_IDENT_ATTR	 0x063		/* PRESENT+RW+DIRTY+ACCESSED */
+ #define PGD_IDENT_ATTR	 0x001		/* PRESENT (no other attributes) */
+ #endif
+ 
+@@ -183,10 +184,17 @@ extern unsigned long empty_zero_page[PAG
+ extern spinlock_t pgd_lock;
+ extern struct list_head pgd_list;
+ 
++extern pteval_t __supported_pte_mask;
++
+ /*
+  * The following only work if pte_present() is true.
+  * Undefined behaviour if not..
+  */
++static inline int pte_user(pte_t pte)
++{
++	return pte_val(pte) & _PAGE_USER;
++}
++
+ static inline int pte_dirty(pte_t pte)
+ {
+ 	return pte_flags(pte) & _PAGE_DIRTY;
+@@ -255,9 +263,29 @@ static inline pte_t pte_wrprotect(pte_t 
+ 	return __pte(pte_val(pte) & ~_PAGE_RW);
+ }
+ 
++static inline pte_t pte_mkread(pte_t pte)
++{
++	return __pte(pte_val(pte) | _PAGE_USER);
++}
++
+ static inline pte_t pte_mkexec(pte_t pte)
+ {
+-	return __pte(pte_val(pte) & ~_PAGE_NX);
++#ifdef CONFIG_X86_PAE
++	if (__supported_pte_mask & _PAGE_NX)
++		return __pte(pte_val(pte) & ~(pteval_t)_PAGE_NX);
++	else
++#endif
++		return __pte(pte_val(pte) | _PAGE_USER);
++}
++
++static inline pte_t pte_exprotect(pte_t pte)
++{
++#ifdef CONFIG_X86_PAE
++	if (__supported_pte_mask & _PAGE_NX)
++		return __pte(pte_val(pte) | _PAGE_NX);
++	else
++#endif
++		return __pte(pte_val(pte) & ~_PAGE_USER);
+ }
+ 
+ static inline pte_t pte_mkdirty(pte_t pte)
+@@ -300,8 +328,6 @@ static inline pte_t pte_mkspecial(pte_t 
+ 	return __pte(pte_val(pte) | _PAGE_SPECIAL);
+ }
+ 
+-extern pteval_t __supported_pte_mask;
+-
+ /*
+  * Mask out unsupported bits in a present pgprot.  Non-present pgprots
+  * can use those bits for other purposes, so leave them be.
+@@ -601,7 +627,19 @@ static inline void ptep_set_wrprotect(st
+  */
+ static inline void clone_pgd_range(pgd_t *dst, pgd_t *src, int count)
+ {
+-       memcpy(dst, src, count * sizeof(pgd_t));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
++	memcpy(dst, src, count * sizeof(pgd_t));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/processor.h linux-2.6.29.6/arch/x86/include/asm/processor.h
+--- linux-2.6.29.6/arch/x86/include/asm/processor.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/processor.h	2009-07-23 17:34:32.060764502 -0400
+@@ -275,7 +275,7 @@ struct tss_struct {
+ 
+ } ____cacheline_aligned;
+ 
+-DECLARE_PER_CPU(struct tss_struct, init_tss);
++extern struct tss_struct init_tss[NR_CPUS];
+ 
+ /*
+  * Save the original ist values for checking stack pointers during debugging
+@@ -839,11 +839,20 @@ static inline void spin_lock_prefetch(co
+  * User space process size: 3GB (default).
+  */
+ #define TASK_SIZE		PAGE_OFFSET
++
++#ifdef CONFIG_PAX_SEGMEXEC
++#define SEGMEXEC_TASK_SIZE	(TASK_SIZE / 2)
++#endif
++
++#ifdef CONFIG_PAX_SEGMEXEC
++#define STACK_TOP		((current->mm->pax_flags & MF_PAX_SEGMEXEC)?SEGMEXEC_TASK_SIZE:TASK_SIZE)
++#else
+ #define STACK_TOP		TASK_SIZE
+-#define STACK_TOP_MAX		STACK_TOP
++#endif
++#define STACK_TOP_MAX		TASK_SIZE
+ 
+ #define INIT_THREAD  {							  \
+-	.sp0			= sizeof(init_stack) + (long)&init_stack, \
++	.sp0			= sizeof(init_stack) + (long)&init_stack - 8, \
+ 	.vm86_info		= NULL,					  \
+ 	.sysenter_cs		= __KERNEL_CS,				  \
+ 	.io_bitmap_ptr		= NULL,					  \
+@@ -858,7 +867,7 @@ static inline void spin_lock_prefetch(co
+  */
+ #define INIT_TSS  {							  \
+ 	.x86_tss = {							  \
+-		.sp0		= sizeof(init_stack) + (long)&init_stack, \
++		.sp0		= sizeof(init_stack) + (long)&init_stack - 8, \
+ 		.ss0		= __KERNEL_DS,				  \
+ 		.ss1		= __KERNEL_CS,				  \
+ 		.io_bitmap_base	= INVALID_IO_BITMAP_OFFSET,		  \
+@@ -869,11 +878,7 @@ static inline void spin_lock_prefetch(co
+ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+ 
+ #define THREAD_SIZE_LONGS      (THREAD_SIZE/sizeof(unsigned long))
+-#define KSTK_TOP(info)                                                 \
+-({                                                                     \
+-       unsigned long *__ptr = (unsigned long *)(info);                 \
+-       (unsigned long)(&__ptr[THREAD_SIZE_LONGS]);                     \
+-})
++#define KSTK_TOP(info)         ((info)->task.thread.sp0)
+ 
+ /*
+  * The below -8 is to reserve 8 bytes on top of the ring0 stack.
+@@ -888,7 +893,7 @@ extern unsigned long thread_saved_pc(str
+ #define task_pt_regs(task)                                             \
+ ({                                                                     \
+        struct pt_regs *__regs__;                                       \
+-       __regs__ = (struct pt_regs *)(KSTK_TOP(task_stack_page(task))-8); \
++       __regs__ = (struct pt_regs *)((task)->thread.sp0);              \
+        __regs__ - 1;                                                   \
+ })
+ 
+@@ -904,7 +909,7 @@ extern unsigned long thread_saved_pc(str
+  * space during mmap's.
+  */
+ #define IA32_PAGE_OFFSET	((current->personality & ADDR_LIMIT_3GB) ? \
+-					0xc0000000 : 0xFFFFe000)
++					0xc0000000 : 0xFFFFf000)
+ 
+ #define TASK_SIZE		(test_thread_flag(TIF_IA32) ? \
+ 					IA32_PAGE_OFFSET : TASK_SIZE64)
+@@ -941,6 +946,10 @@ extern void start_thread(struct pt_regs 
+  */
+ #define TASK_UNMAPPED_BASE	(PAGE_ALIGN(TASK_SIZE / 3))
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++#define SEGMEXEC_TASK_UNMAPPED_BASE	(PAGE_ALIGN(SEGMEXEC_TASK_SIZE / 3))
++#endif
++
+ #define KSTK_EIP(task)		(task_pt_regs(task)->ip)
+ 
+ /* Get/set a process' ability to use the timestamp counter instruction */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/ptrace.h linux-2.6.29.6/arch/x86/include/asm/ptrace.h
+--- linux-2.6.29.6/arch/x86/include/asm/ptrace.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/ptrace.h	2009-07-23 17:34:32.060764502 -0400
+@@ -151,28 +151,29 @@ static inline unsigned long regs_return_
+ }
+ 
+ /*
+- * user_mode_vm(regs) determines whether a register set came from user mode.
++ * user_mode(regs) determines whether a register set came from user mode.
+  * This is true if V8086 mode was enabled OR if the register set was from
+  * protected mode with RPL-3 CS value.  This tricky test checks that with
+  * one comparison.  Many places in the kernel can bypass this full check
+- * if they have already ruled out V8086 mode, so user_mode(regs) can be used.
++ * if they have already ruled out V8086 mode, so user_mode_novm(regs) can
++ * be used.
+  */
+-static inline int user_mode(struct pt_regs *regs)
++static inline int user_mode_novm(struct pt_regs *regs)
+ {
+ #ifdef CONFIG_X86_32
+ 	return (regs->cs & SEGMENT_RPL_MASK) == USER_RPL;
+ #else
+-	return !!(regs->cs & 3);
++	return !!(regs->cs & SEGMENT_RPL_MASK);
+ #endif
+ }
+ 
+-static inline int user_mode_vm(struct pt_regs *regs)
++static inline int user_mode(struct pt_regs *regs)
+ {
+ #ifdef CONFIG_X86_32
+ 	return ((regs->cs & SEGMENT_RPL_MASK) | (regs->flags & X86_VM_MASK)) >=
+ 		USER_RPL;
+ #else
+-	return user_mode(regs);
++	return user_mode_novm(regs);
+ #endif
+ }
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/reboot.h linux-2.6.29.6/arch/x86/include/asm/reboot.h
+--- linux-2.6.29.6/arch/x86/include/asm/reboot.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/reboot.h	2009-07-23 17:34:32.060764502 -0400
+@@ -18,7 +18,7 @@ extern struct machine_ops machine_ops;
+ 
+ void native_machine_crash_shutdown(struct pt_regs *regs);
+ void native_machine_shutdown(void);
+-void machine_real_restart(const unsigned char *code, int length);
++void machine_real_restart(const unsigned char *code, unsigned int length);
+ 
+ typedef void (*nmi_shootdown_cb)(int, struct die_args*);
+ void nmi_shootdown_cpus(nmi_shootdown_cb callback);
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/rwsem.h linux-2.6.29.6/arch/x86/include/asm/rwsem.h
+--- linux-2.6.29.6/arch/x86/include/asm/rwsem.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/rwsem.h	2009-07-23 17:34:32.061944075 -0400
+@@ -106,10 +106,26 @@ static inline void __down_read(struct rw
+ {
+ 	asm volatile("# beginning down_read\n\t"
+ 		     LOCK_PREFIX "  incl      (%%eax)\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "decl (%%eax)\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     /* adds 0x00000001, returns the old value */
+-		     "  jns        1f\n"
++		     "  jns        2f\n"
+ 		     "  call call_rwsem_down_read_failed\n"
+-		     "1:\n\t"
++		     "2:\n\t"
+ 		     "# ending down_read\n\t"
+ 		     : "+m" (sem->count)
+ 		     : "a" (sem)
+@@ -124,13 +140,29 @@ static inline int __down_read_trylock(st
+ 	__s32 result, tmp;
+ 	asm volatile("# beginning __down_read_trylock\n\t"
+ 		     "  movl      %0,%1\n\t"
+-		     "1:\n\t"
++		     "2:\n\t"
+ 		     "  movl	     %1,%2\n\t"
+ 		     "  addl      %3,%2\n\t"
+-		     "  jle	     2f\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     "subl %3,%2\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "  jle	     3f\n\t"
+ 		     LOCK_PREFIX "  cmpxchgl  %2,%0\n\t"
+-		     "  jnz	     1b\n\t"
+-		     "2:\n\t"
++		     "  jnz	     2b\n\t"
++		     "3:\n\t"
+ 		     "# ending __down_read_trylock\n\t"
+ 		     : "+m" (sem->count), "=&a" (result), "=&r" (tmp)
+ 		     : "i" (RWSEM_ACTIVE_READ_BIAS)
+@@ -148,12 +180,28 @@ static inline void __down_write_nested(s
+ 	tmp = RWSEM_ACTIVE_WRITE_BIAS;
+ 	asm volatile("# beginning down_write\n\t"
+ 		     LOCK_PREFIX "  xadd      %%edx,(%%eax)\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     "movl %%edx,(%%eax)\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     /* subtract 0x0000ffff, returns the old value */
+ 		     "  testl     %%edx,%%edx\n\t"
+ 		     /* was the count 0 before? */
+-		     "  jz        1f\n"
++		     "  jz        2f\n"
+ 		     "  call call_rwsem_down_write_failed\n"
+-		     "1:\n"
++		     "2:\n"
+ 		     "# ending down_write"
+ 		     : "+m" (sem->count), "=d" (tmp)
+ 		     : "a" (sem), "1" (tmp)
+@@ -186,10 +234,26 @@ static inline void __up_read(struct rw_s
+ 	__s32 tmp = -RWSEM_ACTIVE_READ_BIAS;
+ 	asm volatile("# beginning __up_read\n\t"
+ 		     LOCK_PREFIX "  xadd      %%edx,(%%eax)\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     "movl %%edx,(%%eax)\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     /* subtracts 1, returns the old value */
+-		     "  jns        1f\n\t"
++		     "  jns        2f\n\t"
+ 		     "  call call_rwsem_wake\n"
+-		     "1:\n"
++		     "2:\n"
+ 		     "# ending __up_read\n"
+ 		     : "+m" (sem->count), "=d" (tmp)
+ 		     : "a" (sem), "1" (tmp)
+@@ -204,11 +268,27 @@ static inline void __up_write(struct rw_
+ 	asm volatile("# beginning __up_write\n\t"
+ 		     "  movl      %2,%%edx\n\t"
+ 		     LOCK_PREFIX "  xaddl     %%edx,(%%eax)\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     "movl %%edx,(%%eax)\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     /* tries to transition
+ 			0xffff0001 -> 0x00000000 */
+-		     "  jz       1f\n"
++		     "  jz       2f\n"
+ 		     "  call call_rwsem_wake\n"
+-		     "1:\n\t"
++		     "2:\n\t"
+ 		     "# ending __up_write\n"
+ 		     : "+m" (sem->count)
+ 		     : "a" (sem), "i" (-RWSEM_ACTIVE_WRITE_BIAS)
+@@ -222,10 +302,26 @@ static inline void __downgrade_write(str
+ {
+ 	asm volatile("# beginning __downgrade_write\n\t"
+ 		     LOCK_PREFIX "  addl      %2,(%%eax)\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "subl %2,(%%eax)\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     /* transitions 0xZZZZ0001 -> 0xYYYY0001 */
+-		     "  jns       1f\n\t"
++		     "  jns       2f\n\t"
+ 		     "  call call_rwsem_downgrade_wake\n"
+-		     "1:\n\t"
++		     "2:\n\t"
+ 		     "# ending __downgrade_write\n"
+ 		     : "+m" (sem->count)
+ 		     : "a" (sem), "i" (-RWSEM_WAITING_BIAS)
+@@ -237,7 +333,23 @@ static inline void __downgrade_write(str
+  */
+ static inline void rwsem_atomic_add(int delta, struct rw_semaphore *sem)
+ {
+-	asm volatile(LOCK_PREFIX "addl %1,%0"
++	asm volatile(LOCK_PREFIX "addl %1,%0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "subl %1,%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+m" (sem->count)
+ 		     : "ir" (delta));
+ }
+@@ -249,7 +361,23 @@ static inline int rwsem_atomic_update(in
+ {
+ 	int tmp = delta;
+ 
+-	asm volatile(LOCK_PREFIX "xadd %0,%1"
++	asm volatile(LOCK_PREFIX "xadd %0,%1\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     "movl %0,%1\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+r" (tmp), "+m" (sem->count)
+ 		     : : "memory");
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/segment.h linux-2.6.29.6/arch/x86/include/asm/segment.h
+--- linux-2.6.29.6/arch/x86/include/asm/segment.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/segment.h	2009-07-23 17:34:32.061944075 -0400
+@@ -88,13 +88,19 @@
+ #define GDT_ENTRY_ESPFIX_SS		(GDT_ENTRY_KERNEL_BASE + 14)
+ #define __ESPFIX_SS (GDT_ENTRY_ESPFIX_SS * 8)
+ 
+-#define GDT_ENTRY_PERCPU			(GDT_ENTRY_KERNEL_BASE + 15)
++#define GDT_ENTRY_PERCPU		(GDT_ENTRY_KERNEL_BASE + 15)
+ #ifdef CONFIG_SMP
+ #define __KERNEL_PERCPU (GDT_ENTRY_PERCPU * 8)
+ #else
+ #define __KERNEL_PERCPU 0
+ #endif
+ 
++#define GDT_ENTRY_PCIBIOS_CS		(GDT_ENTRY_KERNEL_BASE + 16)
++#define __PCIBIOS_CS (GDT_ENTRY_PCIBIOS_CS * 8)
++
++#define GDT_ENTRY_PCIBIOS_DS		(GDT_ENTRY_KERNEL_BASE + 17)
++#define __PCIBIOS_DS (GDT_ENTRY_PCIBIOS_DS * 8)
++
+ #define GDT_ENTRY_DOUBLEFAULT_TSS	31
+ 
+ /*
+@@ -132,7 +138,7 @@
+  */
+ 
+ /* Matches PNP_CS32 and PNP_CS16 (they must be consecutive) */
+-#define SEGMENT_IS_PNP_CODE(x)   (((x) & 0xf4) == GDT_ENTRY_PNPBIOS_BASE * 8)
++#define SEGMENT_IS_PNP_CODE(x)   (((x) & 0xFFFCU) == PNP_CS32 || ((x) & 0xFFFCU) == PNP_CS16)
+ 
+ 
+ #else
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/spinlock.h linux-2.6.29.6/arch/x86/include/asm/spinlock.h
+--- linux-2.6.29.6/arch/x86/include/asm/spinlock.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/spinlock.h	2009-07-23 17:34:32.061944075 -0400
+@@ -311,18 +311,50 @@ static inline int __raw_write_can_lock(r
+ static inline void __raw_read_lock(raw_rwlock_t *rw)
+ {
+ 	asm volatile(LOCK_PREFIX " subl $1,(%0)\n\t"
+-		     "jns 1f\n"
+-		     "call __read_lock_failed\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
+ 		     "1:\n"
++		     LOCK_PREFIX " addl $1,(%0)\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "jns 2f\n"
++		     "call __read_lock_failed\n\t"
++		     "2:\n"
+ 		     ::LOCK_PTR_REG (rw) : "memory");
+ }
+ 
+ static inline void __raw_write_lock(raw_rwlock_t *rw)
+ {
+ 	asm volatile(LOCK_PREFIX " subl %1,(%0)\n\t"
+-		     "jz 1f\n"
+-		     "call __write_lock_failed\n\t"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
+ 		     "1:\n"
++		     LOCK_PREFIX " addl %1,(%0)\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     "jz 2f\n"
++		     "call __write_lock_failed\n\t"
++		     "2:\n"
+ 		     ::LOCK_PTR_REG (rw), "i" (RW_LOCK_BIAS) : "memory");
+ }
+ 
+@@ -349,12 +381,45 @@ static inline int __raw_write_trylock(ra
+ 
+ static inline void __raw_read_unlock(raw_rwlock_t *rw)
+ {
+-	asm volatile(LOCK_PREFIX "incl %0" :"+m" (rw->lock) : : "memory");
++	asm volatile(LOCK_PREFIX "incl %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "decl %0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
++		     :"+m" (rw->lock) : : "memory");
+ }
+ 
+ static inline void __raw_write_unlock(raw_rwlock_t *rw)
+ {
+-	asm volatile(LOCK_PREFIX "addl %1, %0"
++	asm volatile(LOCK_PREFIX "addl %1, %0\n"
++
++#ifdef CONFIG_PAX_REFCOUNT
++#ifdef CONFIG_X86_32
++		     "into\n0:\n"
++#else
++		     "jno 0f\n"
++		     "int $4\n0:\n"
++#endif
++		     ".pushsection .fixup,\"ax\"\n"
++		     "1:\n"
++		     LOCK_PREFIX "subl %1,%0\n"
++		     "jmp 0b\n"
++		     ".popsection\n"
++		     _ASM_EXTABLE(0b, 1b)
++#endif
++
+ 		     : "+m" (rw->lock) : "i" (RW_LOCK_BIAS) : "memory");
+ }
+ 
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/system.h linux-2.6.29.6/arch/x86/include/asm/system.h
+--- linux-2.6.29.6/arch/x86/include/asm/system.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/system.h	2009-07-23 17:34:37.457730203 -0400
+@@ -95,6 +95,8 @@ do {									\
+ 	     ".globl thread_return\n"					  \
+ 	     "thread_return:\n\t"					  \
+ 	     "movq %%gs:%P[pda_pcurrent],%%rsi\n\t"			  \
++	     "movq %P[task_canary](%%rsi),%%r8\n\t"			  \
++	     "movq %%r8,%%gs:%P[pda_canary]\n\t"			  \
+ 	     "movq %P[thread_info](%%rsi),%%r8\n\t"			  \
+ 	     LOCK_PREFIX "btr  %[tif_fork],%P[ti_flags](%%r8)\n\t"	  \
+ 	     "movq %%rax,%%rdi\n\t" 					  \
+@@ -106,7 +108,9 @@ do {									\
+ 	       [ti_flags] "i" (offsetof(struct thread_info, flags)),	  \
+ 	       [tif_fork] "i" (TIF_FORK),			  	  \
+ 	       [thread_info] "i" (offsetof(struct task_struct, stack)),   \
+-	       [pda_pcurrent] "i" (offsetof(struct x8664_pda, pcurrent))  \
++	       [task_canary] "i" (offsetof(struct task_struct, stack_canary)), \
++	       [pda_pcurrent] "i" (offsetof(struct x8664_pda, pcurrent)), \
++	       [pda_canary] "i" (offsetof(struct x8664_pda, stack_canary))\
+ 	     : "memory", "cc" __EXTRA_CLOBBER)
+ #endif
+ 
+@@ -169,7 +173,7 @@ static inline unsigned long get_limit(un
+ {
+ 	unsigned long __limit;
+ 	asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
+-	return __limit + 1;
++	return __limit;
+ }
+ 
+ static inline void native_clts(void)
+@@ -295,6 +299,23 @@ static inline void native_wbinvd(void)
+ 
+ #define stts() write_cr0(read_cr0() | X86_CR0_TS)
+ 
++#define pax_open_kernel(cr0)		\
++do {					\
++	typecheck(unsigned long, cr0);	\
++	preempt_disable();		\
++	barrier();			\
++	cr0 = read_cr0();		\
++	write_cr0(cr0 & ~X86_CR0_WP);	\
++} while (0)
++
++#define pax_close_kernel(cr0)		\
++do {					\
++	typecheck(unsigned long, cr0);	\
++	write_cr0(cr0);			\
++	barrier();			\
++	preempt_enable_no_resched();	\
++} while (0)
++
+ #endif /* __KERNEL__ */
+ 
+ static inline void clflush(volatile void *__p)
+@@ -309,7 +330,7 @@ void enable_hlt(void);
+ 
+ void cpu_idle_wait(void);
+ 
+-extern unsigned long arch_align_stack(unsigned long sp);
++#define arch_align_stack(x) ((x) & ~0xfUL)
+ extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
+ 
+ void default_idle(void);
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/uaccess_32.h linux-2.6.29.6/arch/x86/include/asm/uaccess_32.h
+--- linux-2.6.29.6/arch/x86/include/asm/uaccess_32.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/uaccess_32.h	2009-07-23 17:34:32.062941291 -0400
+@@ -62,6 +62,8 @@ __copy_to_user_inatomic(void __user *to,
+ 			return ret;
+ 		}
+ 	}
++	if (!__builtin_constant_p(n))
++		check_object_size(from, n, true);
+ 	return __copy_to_user_ll(to, from, n);
+ }
+ 
+@@ -153,6 +155,8 @@ __copy_from_user(void *to, const void __
+ 			return ret;
+ 		}
+ 	}
++	if (!__builtin_constant_p(n))
++		check_object_size(to, n, false);
+ 	return __copy_from_user_ll(to, from, n);
+ }
+ 
+@@ -185,11 +189,56 @@ __copy_from_user_inatomic_nocache(void *
+        return __copy_from_user_ll_nocache_nozero(to, from, n);
+ }
+ 
+-unsigned long __must_check copy_to_user(void __user *to,
+-					const void *from, unsigned long n);
+-unsigned long __must_check copy_from_user(void *to,
+-					  const void __user *from,
+-					  unsigned long n);
++/**
++ * copy_to_user: - Copy a block of data into user space.
++ * @to:   Destination address, in user space.
++ * @from: Source address, in kernel space.
++ * @n:    Number of bytes to copy.
++ *
++ * Context: User context only.  This function may sleep.
++ *
++ * Copy data from kernel space to user space.
++ *
++ * Returns number of bytes that could not be copied.
++ * On success, this will be zero.
++ */
++static __always_inline unsigned long __must_check
++copy_to_user(void __user *to, const void *from, unsigned long n)
++{
++	if (access_ok(VERIFY_WRITE, to, n))
++		n = __copy_to_user(to, from, n);
++	return n;
++}
++
++/**
++ * copy_from_user: - Copy a block of data from user space.
++ * @to:   Destination address, in kernel space.
++ * @from: Source address, in user space.
++ * @n:    Number of bytes to copy.
++ *
++ * Context: User context only.  This function may sleep.
++ *
++ * Copy data from user space to kernel space.
++ *
++ * Returns number of bytes that could not be copied.
++ * On success, this will be zero.
++ *
++ * If some data could not be copied, this function will pad the copied
++ * data to the requested size using zero bytes.
++ */
++static __always_inline unsigned long __must_check
++copy_from_user(void *to, const void __user *from, unsigned long n)
++{
++	if (access_ok(VERIFY_READ, from, n))
++		n = __copy_from_user(to, from, n);
++	else if ((long)n > 0) {
++		if (!__builtin_constant_p(n))
++			check_object_size(to, n, false);
++		memset(to, 0, n);
++	}
++	return n;
++}
++
+ long __must_check strncpy_from_user(char *dst, const char __user *src,
+ 				    long count);
+ long __must_check __strncpy_from_user(char *dst,
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/uaccess_64.h linux-2.6.29.6/arch/x86/include/asm/uaccess_64.h
+--- linux-2.6.29.6/arch/x86/include/asm/uaccess_64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/uaccess_64.h	2009-07-23 17:34:32.062941291 -0400
+@@ -10,6 +10,8 @@
+ #include <linux/lockdep.h>
+ #include <asm/page.h>
+ 
++#define set_fs(x)	(current_thread_info()->addr_limit = (x))
++
+ /*
+  * Copy To/From Userspace
+  */
+@@ -19,20 +21,18 @@ __must_check unsigned long
+ copy_user_generic(void *to, const void *from, unsigned len);
+ 
+ __must_check unsigned long
+-copy_to_user(void __user *to, const void *from, unsigned len);
+-__must_check unsigned long
+-copy_from_user(void *to, const void __user *from, unsigned len);
+-__must_check unsigned long
+ copy_in_user(void __user *to, const void __user *from, unsigned len);
+ 
+ static __always_inline __must_check
+-int __copy_from_user(void *dst, const void __user *src, unsigned size)
++unsigned long __copy_from_user(void *dst, const void __user *src, unsigned size)
+ {
+-	int ret = 0;
++	unsigned ret = 0;
+ 
+ 	might_fault();
+-	if (!__builtin_constant_p(size))
++	if (!__builtin_constant_p(size)) {
++		check_object_size(dst, size, false);
+ 		return copy_user_generic(dst, (__force void *)src, size);
++	}
+ 	switch (size) {
+ 	case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src,
+ 			      ret, "b", "b", "=q", 1);
+@@ -70,13 +70,15 @@ int __copy_from_user(void *dst, const vo
+ }
+ 
+ static __always_inline __must_check
+-int __copy_to_user(void __user *dst, const void *src, unsigned size)
++unsigned long __copy_to_user(void __user *dst, const void *src, unsigned size)
+ {
+-	int ret = 0;
++	unsigned ret = 0;
+ 
+ 	might_fault();
+-	if (!__builtin_constant_p(size))
++	if (!__builtin_constant_p(size)) {
++		check_object_size(src, size, true);
+ 		return copy_user_generic((__force void *)dst, src, size);
++	}
+ 	switch (size) {
+ 	case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst,
+ 			      ret, "b", "b", "iq", 1);
+@@ -114,9 +116,30 @@ int __copy_to_user(void __user *dst, con
+ }
+ 
+ static __always_inline __must_check
+-int __copy_in_user(void __user *dst, const void __user *src, unsigned size)
++unsigned long copy_to_user(void __user *to, const void *from, unsigned len)
++{
++	if (access_ok(VERIFY_WRITE, to, len))
++		len = __copy_to_user(to, from, len);
++	return len;
++}
++
++static __always_inline __must_check
++unsigned long copy_from_user(void *to, const void __user *from, unsigned len)
++{
++	if (access_ok(VERIFY_READ, from, len))
++		len = __copy_from_user(to, from, len);
++	else if ((int)len > 0) {
++		if (!__builtin_constant_p(len))
++			check_object_size(to, len, false);
++		memset(to, 0, len);
++	}
++	return len;
++}
++
++static __always_inline __must_check
++unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned size)
+ {
+-	int ret = 0;
++	unsigned ret = 0;
+ 
+ 	might_fault();
+ 	if (!__builtin_constant_p(size))
+@@ -179,30 +202,30 @@ __must_check unsigned long __clear_user(
+ __must_check long __copy_from_user_inatomic(void *dst, const void __user *src,
+ 					    unsigned size);
+ 
+-static __must_check __always_inline int
++static __must_check __always_inline unsigned long
+ __copy_to_user_inatomic(void __user *dst, const void *src, unsigned size)
+ {
+ 	return copy_user_generic((__force void *)dst, src, size);
+ }
+ 
+-extern long __copy_user_nocache(void *dst, const void __user *src,
++extern unsigned long __copy_user_nocache(void *dst, const void __user *src,
+ 				unsigned size, int zerorest);
+ 
+-static inline int __copy_from_user_nocache(void *dst, const void __user *src,
++static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src,
+ 					   unsigned size)
+ {
+ 	might_sleep();
+ 	return __copy_user_nocache(dst, src, size, 1);
+ }
+ 
+-static inline int __copy_from_user_inatomic_nocache(void *dst,
++static inline unsigned long __copy_from_user_inatomic_nocache(void *dst,
+ 						    const void __user *src,
+ 						    unsigned size)
+ {
+ 	return __copy_user_nocache(dst, src, size, 0);
+ }
+ 
+-unsigned long
++extern unsigned long
+ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest);
+ 
+ #endif /* _ASM_X86_UACCESS_64_H */
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/uaccess.h linux-2.6.29.6/arch/x86/include/asm/uaccess.h
+--- linux-2.6.29.6/arch/x86/include/asm/uaccess.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/uaccess.h	2009-07-23 17:34:32.062941291 -0400
+@@ -8,8 +8,10 @@
+ #include <linux/thread_info.h>
+ #include <linux/prefetch.h>
+ #include <linux/string.h>
++#include <linux/slab.h>
+ #include <asm/asm.h>
+ #include <asm/page.h>
++#include <asm/segment.h>
+ 
+ #define VERIFY_READ 0
+ #define VERIFY_WRITE 1
+@@ -29,7 +31,12 @@
+ 
+ #define get_ds()	(KERNEL_DS)
+ #define get_fs()	(current_thread_info()->addr_limit)
++#ifdef CONFIG_X86_32
++void __set_fs(mm_segment_t x, int cpu);
++void set_fs(mm_segment_t x);
++#else
+ #define set_fs(x)	(current_thread_info()->addr_limit = (x))
++#endif
+ 
+ #define segment_eq(a, b)	((a).seg == (b).seg)
+ 
+@@ -187,9 +194,12 @@ extern int __get_user_bad(void);
+ 
+ #ifdef CONFIG_X86_32
+ #define __put_user_u64(x, addr, err)					\
+-	asm volatile("1:	movl %%eax,0(%2)\n"			\
+-		     "2:	movl %%edx,4(%2)\n"			\
++	asm volatile("		movw %w5,%%ds\n"			\
++		     "1:	movl %%eax,%%ds:0(%2)\n"		\
++		     "2:	movl %%edx,%%ds:4(%2)\n"		\
+ 		     "3:\n"						\
++		     "		pushl %%ss\n"				\
++		     "		popl %%ds\n"				\
+ 		     ".section .fixup,\"ax\"\n"				\
+ 		     "4:	movl %3,%0\n"				\
+ 		     "	jmp 3b\n"					\
+@@ -197,7 +207,8 @@ extern int __get_user_bad(void);
+ 		     _ASM_EXTABLE(1b, 4b)				\
+ 		     _ASM_EXTABLE(2b, 4b)				\
+ 		     : "=r" (err)					\
+-		     : "A" (x), "r" (addr), "i" (-EFAULT), "0" (err))
++		     : "A" (x), "r" (addr), "i" (-EFAULT), "0" (err),	\
++		       "r"(__USER_DS))
+ 
+ #define __put_user_x8(x, ptr, __ret_pu)				\
+ 	asm volatile("call __put_user_8" : "=a" (__ret_pu)	\
+@@ -338,6 +349,22 @@ do {									\
+ 	}								\
+ } while (0)
+ 
++#ifdef CONFIG_X86_32
++#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret)	\
++	asm volatile("		movw %w5,%%ds\n"			\
++		     "1:	mov"itype" %%ds:%2,%"rtype"1\n"		\
++		     "2:\n"						\
++		     "		pushl %%ss\n"				\
++		     "		popl %%ds\n"				\
++		     ".section .fixup,\"ax\"\n"				\
++		     "3:	movl %3,%0\n"				\
++		     "	xor"itype" %"rtype"1,%"rtype"1\n"		\
++		     "	jmp 2b\n"					\
++		     ".previous\n"					\
++		     _ASM_EXTABLE(1b, 3b)				\
++		     : "=r" (err), ltype (x)				\
++		     : "m" (__m(addr)), "i" (errret), "0" (err), "r"(__USER_DS))
++#else
+ #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret)	\
+ 	asm volatile("1:	mov"itype" %2,%"rtype"1\n"		\
+ 		     "2:\n"						\
+@@ -349,6 +376,7 @@ do {									\
+ 		     _ASM_EXTABLE(1b, 3b)				\
+ 		     : "=r" (err), ltype(x)				\
+ 		     : "m" (__m(addr)), "i" (errret), "0" (err))
++#endif
+ 
+ #define __put_user_nocheck(x, ptr, size)			\
+ ({								\
+@@ -375,6 +403,22 @@ struct __large_struct { unsigned long bu
+  * we do not write to any memory gcc knows about, so there are no
+  * aliasing issues.
+  */
++#ifdef CONFIG_X86_32
++#define __put_user_asm(x, addr, err, itype, rtype, ltype, errret)	\
++	asm volatile("		movw %w5,%%ds\n"			\
++		     "1:	mov"itype" %"rtype"1,%%ds:%2\n"		\
++		     "2:\n"						\
++		     "		pushl %%ss\n"				\
++		     "		popl %%ds\n"				\
++		     ".section .fixup,\"ax\"\n"				\
++		     "3:	movl %3,%0\n"				\
++		     "	jmp 2b\n"					\
++		     ".previous\n"					\
++		     _ASM_EXTABLE(1b, 3b)				\
++		     : "=r"(err)					\
++		     : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err),\
++		       "r"(__USER_DS))
++#else
+ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret)	\
+ 	asm volatile("1:	mov"itype" %"rtype"1,%2\n"		\
+ 		     "2:\n"						\
+@@ -385,6 +429,7 @@ struct __large_struct { unsigned long bu
+ 		     _ASM_EXTABLE(1b, 3b)				\
+ 		     : "=r"(err)					\
+ 		     : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
++#endif
+ /**
+  * __get_user: - Get a simple variable from user space, with less checking.
+  * @x:   Variable to store result.
+@@ -445,6 +490,7 @@ extern struct movsl_mask {
+ 
+ #define ARCH_HAS_NOCACHE_UACCESS 1
+ 
++#define ARCH_HAS_SORT_EXTABLE
+ #ifdef CONFIG_X86_32
+ # include "uaccess_32.h"
+ #else
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/vgtod.h linux-2.6.29.6/arch/x86/include/asm/vgtod.h
+--- linux-2.6.29.6/arch/x86/include/asm/vgtod.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/vgtod.h	2009-07-23 17:34:32.062941291 -0400
+@@ -14,6 +14,7 @@ struct vsyscall_gtod_data {
+ 	int		sysctl_enabled;
+ 	struct timezone sys_tz;
+ 	struct { /* extract of a clocksource struct */
++		char	name[8];
+ 		cycle_t (*vread)(void);
+ 		cycle_t	cycle_last;
+ 		cycle_t	mask;
+diff -urNp linux-2.6.29.6/arch/x86/include/asm/vsyscall.h linux-2.6.29.6/arch/x86/include/asm/vsyscall.h
+--- linux-2.6.29.6/arch/x86/include/asm/vsyscall.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/include/asm/vsyscall.h	2009-07-23 17:34:32.062941291 -0400
+@@ -15,9 +15,10 @@ enum vsyscall_num {
+ 
+ #ifdef __KERNEL__
+ #include <linux/seqlock.h>
++#include <linux/getcpu.h>
++#include <linux/time.h>
+ 
+ #define __section_vgetcpu_mode __attribute__ ((unused, __section__ (".vgetcpu_mode"), aligned(16)))
+-#define __section_jiffies __attribute__ ((unused, __section__ (".jiffies"), aligned(16)))
+ 
+ /* Definitions for CONFIG_GENERIC_TIME definitions */
+ #define __section_vsyscall_gtod_data __attribute__ \
+@@ -31,7 +32,6 @@ enum vsyscall_num {
+ #define VGETCPU_LSL	2
+ 
+ extern int __vgetcpu_mode;
+-extern volatile unsigned long __jiffies;
+ 
+ /* kernel space (writeable) */
+ extern int vgetcpu_mode;
+@@ -39,6 +39,9 @@ extern struct timezone sys_tz;
+ 
+ extern void map_vsyscall(void);
+ 
++extern int vgettimeofday(struct timeval * tv, struct timezone * tz);
++extern time_t vtime(time_t *t);
++extern long vgetcpu(unsigned *cpu, unsigned *node, struct getcpu_cache *tcache);
+ #endif /* __KERNEL__ */
+ 
+ #endif /* _ASM_X86_VSYSCALL_H */
+diff -urNp linux-2.6.29.6/arch/x86/Kconfig linux-2.6.29.6/arch/x86/Kconfig
+--- linux-2.6.29.6/arch/x86/Kconfig	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/Kconfig	2009-07-23 17:34:32.063803736 -0400
+@@ -993,7 +993,7 @@ config PAGE_OFFSET
+ 	hex
+ 	default 0xB0000000 if VMSPLIT_3G_OPT
+ 	default 0x80000000 if VMSPLIT_2G
+-	default 0x78000000 if VMSPLIT_2G_OPT
++	default 0x70000000 if VMSPLIT_2G_OPT
+ 	default 0x40000000 if VMSPLIT_1G
+ 	default 0xC0000000
+ 	depends on X86_32
+@@ -1408,8 +1408,7 @@ config KEXEC_JUMP
+ config PHYSICAL_START
+ 	hex "Physical address where the kernel is loaded" if (EMBEDDED || CRASH_DUMP)
+ 	default "0x1000000" if X86_NUMAQ
+-	default "0x200000" if X86_64
+-	default "0x100000"
++	default "0x200000"
+ 	help
+ 	  This gives the physical address where the kernel is loaded.
+ 
+@@ -1501,9 +1500,9 @@ config HOTPLUG_CPU
+ 	  Say N if you want to disable CPU hotplug.
+ 
+ config COMPAT_VDSO
+-	def_bool y
++	def_bool n
+ 	prompt "Compat VDSO support"
+-	depends on X86_32 || IA32_EMULATION
++	depends on (X86_32 || IA32_EMULATION) && !PAX_NOEXEC
+ 	help
+ 	  Map the 32-bit VDSO to the predictable old-style address too.
+ 	---help---
+diff -urNp linux-2.6.29.6/arch/x86/Kconfig.cpu linux-2.6.29.6/arch/x86/Kconfig.cpu
+--- linux-2.6.29.6/arch/x86/Kconfig.cpu	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/Kconfig.cpu	2009-07-23 17:34:32.063803736 -0400
+@@ -333,7 +333,7 @@ config X86_PPRO_FENCE
+ 
+ config X86_F00F_BUG
+ 	def_bool y
+-	depends on M586MMX || M586TSC || M586 || M486 || M386
++	depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC
+ 
+ config X86_WP_WORKS_OK
+ 	def_bool y
+@@ -353,7 +353,7 @@ config X86_POPAD_OK
+ 
+ config X86_ALIGNMENT_16
+ 	def_bool y
+-	depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK6 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
++	depends on MWINCHIP3D || MWINCHIPC6 || MCYRIXIII || X86_ELAN || MK8 || MK7 || MK6 || MCORE2 || MPENTIUM4 || MPENTIUMIII || MPENTIUMII || M686 || M586MMX || M586TSC || M586 || M486 || MVIAC3_2 || MGEODEGX1
+ 
+ config X86_INTEL_USERCOPY
+ 	def_bool y
+@@ -399,7 +399,7 @@ config X86_CMPXCHG64
+ # generates cmov.
+ config X86_CMOV
+ 	def_bool y
+-	depends on (MK8 || MK7 || MCORE2 || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64)
++	depends on (MK8 || MK7 || MCORE2 || MPSC || MPENTIUM4 || MPENTIUMM || MPENTIUMIII || MPENTIUMII || M686 || MVIAC3_2 || MVIAC7 || MCRUSOE || MEFFICEON || X86_64)
+ 
+ config X86_MINIMUM_CPU_FAMILY
+ 	int
+diff -urNp linux-2.6.29.6/arch/x86/Kconfig.debug linux-2.6.29.6/arch/x86/Kconfig.debug
+--- linux-2.6.29.6/arch/x86/Kconfig.debug	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/Kconfig.debug	2009-07-23 17:34:32.063803736 -0400
+@@ -107,7 +107,7 @@ config X86_PTDUMP
+ config DEBUG_RODATA
+ 	bool "Write protect kernel read-only data structures"
+ 	default y
+-	depends on DEBUG_KERNEL
++	depends on DEBUG_KERNEL && BROKEN
+ 	help
+ 	  Mark the kernel read-only data as write-protected in the pagetables,
+ 	  in order to catch accidental (and incorrect) writes to such const
+diff -urNp linux-2.6.29.6/arch/x86/kernel/acpi/boot.c linux-2.6.29.6/arch/x86/kernel/acpi/boot.c
+--- linux-2.6.29.6/arch/x86/kernel/acpi/boot.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/acpi/boot.c	2009-07-23 17:34:32.064889971 -0400
+@@ -1705,7 +1705,7 @@ static struct dmi_system_id __initdata a
+ 		     DMI_MATCH(DMI_PRODUCT_NAME, "HP Compaq 6715b"),
+ 		     },
+ 	 },
+-	{}
++	{ NULL, NULL, {{0, {0}}}, NULL}
+ };
+ 
+ /*
+diff -urNp linux-2.6.29.6/arch/x86/kernel/acpi/realmode/wakeup.S linux-2.6.29.6/arch/x86/kernel/acpi/realmode/wakeup.S
+--- linux-2.6.29.6/arch/x86/kernel/acpi/realmode/wakeup.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/acpi/realmode/wakeup.S	2009-07-23 17:34:32.064889971 -0400
+@@ -104,7 +104,7 @@ _start:
+ 	movl	%eax, %ecx
+ 	orl	%edx, %ecx
+ 	jz	1f
+-	movl	$0xc0000080, %ecx
++	mov	$MSR_EFER, %ecx
+ 	wrmsr
+ 1:
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/acpi/sleep.c linux-2.6.29.6/arch/x86/kernel/acpi/sleep.c
+--- linux-2.6.29.6/arch/x86/kernel/acpi/sleep.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/acpi/sleep.c	2009-07-23 17:34:32.064889971 -0400
+@@ -11,11 +11,12 @@
+ #include <linux/cpumask.h>
+ #include <asm/segment.h>
+ #include <asm/desc.h>
++#include <asm/e820.h>
+ 
+ #include "realmode/wakeup.h"
+ #include "sleep.h"
+ 
+-unsigned long acpi_wakeup_address;
++unsigned long acpi_wakeup_address = 0x2000;
+ unsigned long acpi_realmode_flags;
+ 
+ /* address in low memory of the wakeup routine. */
+@@ -37,6 +38,10 @@ int acpi_save_state_mem(void)
+ {
+ 	struct wakeup_header *header;
+ 
++#if defined(CONFIG_64BIT) && defined(CONFIG_SMP) && defined(CONFIG_PAX_KERNEXEC)
++	unsigned long cr0;
++#endif
++
+ 	if (!acpi_realmode) {
+ 		printk(KERN_ERR "Could not allocate memory during boot, "
+ 		       "S3 disabled\n");
+@@ -99,8 +104,18 @@ int acpi_save_state_mem(void)
+ 	header->trampoline_segment = setup_trampoline() >> 4;
+ #ifdef CONFIG_SMP
+ 	stack_start.sp = temp_stack + sizeof(temp_stack);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	early_gdt_descr.address =
+ 			(unsigned long)get_cpu_gdt_table(smp_processor_id());
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ #endif
+ 	initial_code = (unsigned long)wakeup_long64;
+ 	saved_magic = 0x123456789abcdef0;
+@@ -133,14 +148,8 @@ void __init acpi_reserve_bootmem(void)
+ 		return;
+ 	}
+ 
+-	acpi_realmode = (unsigned long)alloc_bootmem_low(WAKEUP_SIZE);
+-
+-	if (!acpi_realmode) {
+-		printk(KERN_ERR "ACPI: Cannot allocate lowmem, S3 disabled.\n");
+-		return;
+-	}
+-
+-	acpi_wakeup_address = virt_to_phys((void *)acpi_realmode);
++	reserve_early(acpi_wakeup_address, acpi_wakeup_address + WAKEUP_SIZE, "ACPI Wakeup Code");
++	acpi_realmode = (unsigned long)__va(acpi_wakeup_address);;
+ }
+ 
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/acpi/wakeup_32.S linux-2.6.29.6/arch/x86/kernel/acpi/wakeup_32.S
+--- linux-2.6.29.6/arch/x86/kernel/acpi/wakeup_32.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/acpi/wakeup_32.S	2009-07-23 17:34:32.064889971 -0400
+@@ -30,13 +30,11 @@ wakeup_pmode_return:
+ 	# and restore the stack ... but you need gdt for this to work
+ 	movl	saved_context_esp, %esp
+ 
+-	movl	%cs:saved_magic, %eax
+-	cmpl	$0x12345678, %eax
++	cmpl	$0x12345678, saved_magic
+ 	jne	bogus_magic
+ 
+ 	# jump to place where we left off
+-	movl	saved_eip, %eax
+-	jmp	*%eax
++	jmp	*(saved_eip)
+ 
+ bogus_magic:
+ 	jmp	bogus_magic
+diff -urNp linux-2.6.29.6/arch/x86/kernel/alternative.c linux-2.6.29.6/arch/x86/kernel/alternative.c
+--- linux-2.6.29.6/arch/x86/kernel/alternative.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/alternative.c	2009-07-23 17:34:32.064889971 -0400
+@@ -393,7 +393,7 @@ void apply_paravirt(struct paravirt_patc
+ 
+ 		BUG_ON(p->len > MAX_PATCH_LEN);
+ 		/* prep the buffer with the original instructions */
+-		memcpy(insnbuf, p->instr, p->len);
++		memcpy(insnbuf, ktla_ktva(p->instr), p->len);
+ 		used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf,
+ 					 (unsigned long)p->instr, p->len);
+ 
+@@ -473,11 +473,26 @@ void __init alternative_instructions(voi
+  * instructions. And on the local CPU you need to be protected again NMI or MCE
+  * handlers seeing an inconsistent instruction while you patch.
+  */
+-void *text_poke_early(void *addr, const void *opcode, size_t len)
++void *__kprobes text_poke_early(void *addr, const void *opcode, size_t len)
+ {
+ 	unsigned long flags;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	local_irq_save(flags);
+-	memcpy(addr, opcode, len);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	memcpy(ktla_ktva(addr), opcode, len);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	local_irq_restore(flags);
+ 	sync_core();
+ 	/* Could also do a CLFLUSH here to speed up CPU recovery; but
+@@ -498,33 +513,27 @@ void *text_poke_early(void *addr, const 
+  */
+ void *__kprobes text_poke(void *addr, const void *opcode, size_t len)
+ {
+-	unsigned long flags;
+-	char *vaddr;
+-	int nr_pages = 2;
++	unsigned char *vaddr = ktla_ktva(addr);
+ 	struct page *pages[2];
+-	int i;
++	size_t i;
++
++	if (!core_kernel_text((unsigned long)addr)
+ 
+-	if (!core_kernel_text((unsigned long)addr)) {
+-		pages[0] = vmalloc_to_page(addr);
+-		pages[1] = vmalloc_to_page(addr + PAGE_SIZE);
++#if defined(CONFIG_X86_32) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++	    && (vaddr < MODULES_VADDR || MODULES_END < vaddr)
++#endif
++
++	   ) {
++		pages[0] = vmalloc_to_page(vaddr);
++		pages[1] = vmalloc_to_page(vaddr + PAGE_SIZE);
+ 	} else {
+-		pages[0] = virt_to_page(addr);
++		pages[0] = virt_to_page(vaddr);
+ 		WARN_ON(!PageReserved(pages[0]));
+-		pages[1] = virt_to_page(addr + PAGE_SIZE);
++		pages[1] = virt_to_page(vaddr + PAGE_SIZE);
+ 	}
+ 	BUG_ON(!pages[0]);
+-	if (!pages[1])
+-		nr_pages = 1;
+-	vaddr = vmap(pages, nr_pages, VM_MAP, PAGE_KERNEL);
+-	BUG_ON(!vaddr);
+-	local_irq_save(flags);
+-	memcpy(&vaddr[(unsigned long)addr & ~PAGE_MASK], opcode, len);
+-	local_irq_restore(flags);
+-	vunmap(vaddr);
+-	sync_core();
+-	/* Could also do a CLFLUSH here to speed up CPU recovery; but
+-	   that causes hangs on some VIA CPUs. */
++	text_poke_early(addr, opcode, len);
+ 	for (i = 0; i < len; i++)
+-		BUG_ON(((char *)addr)[i] != ((char *)opcode)[i]);
++		BUG_ON((vaddr)[i] != ((unsigned char *)opcode)[i]);
+ 	return addr;
+ }
+diff -urNp linux-2.6.29.6/arch/x86/kernel/apm_32.c linux-2.6.29.6/arch/x86/kernel/apm_32.c
+--- linux-2.6.29.6/arch/x86/kernel/apm_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/apm_32.c	2009-07-23 17:34:32.065870632 -0400
+@@ -403,7 +403,7 @@ static DECLARE_WAIT_QUEUE_HEAD(apm_waitq
+ static DECLARE_WAIT_QUEUE_HEAD(apm_suspend_waitqueue);
+ static struct apm_user *user_list;
+ static DEFINE_SPINLOCK(user_list_lock);
+-static const struct desc_struct	bad_bios_desc = { { { 0, 0x00409200 } } };
++static const struct desc_struct	bad_bios_desc = { { { 0, 0x00409300 } } };
+ 
+ static const char driver_version[] = "1.16ac";	/* no spaces */
+ 
+@@ -598,19 +598,42 @@ static u8 apm_bios_call(u32 func, u32 eb
+ 	struct desc_struct	save_desc_40;
+ 	struct desc_struct	*gdt;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long		cr0;
++#endif
++
+ 	cpus = apm_save_cpus();
+ 
+ 	cpu = get_cpu();
+ 	gdt = get_cpu_gdt_table(cpu);
+ 	save_desc_40 = gdt[0x40 / 8];
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	gdt[0x40 / 8] = bad_bios_desc;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	apm_irq_save(flags);
+ 	APM_DO_SAVE_SEGS;
+ 	apm_bios_call_asm(func, ebx_in, ecx_in, eax, ebx, ecx, edx, esi);
+ 	APM_DO_RESTORE_SEGS;
+ 	apm_irq_restore(flags);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	gdt[0x40 / 8] = save_desc_40;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	put_cpu();
+ 	apm_restore_cpus(cpus);
+ 
+@@ -641,19 +664,42 @@ static u8 apm_bios_call_simple(u32 func,
+ 	struct desc_struct	save_desc_40;
+ 	struct desc_struct	*gdt;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long		cr0;
++#endif
++
+ 	cpus = apm_save_cpus();
+ 
+ 	cpu = get_cpu();
+ 	gdt = get_cpu_gdt_table(cpu);
+ 	save_desc_40 = gdt[0x40 / 8];
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	gdt[0x40 / 8] = bad_bios_desc;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	apm_irq_save(flags);
+ 	APM_DO_SAVE_SEGS;
+ 	error = apm_bios_call_simple_asm(func, ebx_in, ecx_in, eax);
+ 	APM_DO_RESTORE_SEGS;
+ 	apm_irq_restore(flags);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	gdt[0x40 / 8] = save_desc_40;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	put_cpu();
+ 	apm_restore_cpus(cpus);
+ 	return error;
+@@ -925,7 +971,7 @@ recalc:
+ 
+ static void apm_power_off(void)
+ {
+-	unsigned char po_bios_call[] = {
++	const unsigned char po_bios_call[] = {
+ 		0xb8, 0x00, 0x10,	/* movw  $0x1000,ax  */
+ 		0x8e, 0xd0,		/* movw  ax,ss       */
+ 		0xbc, 0x00, 0xf0,	/* movw  $0xf000,sp  */
+@@ -1876,7 +1922,10 @@ static const struct file_operations apm_
+ static struct miscdevice apm_device = {
+ 	APM_MINOR_DEV,
+ 	"apm_bios",
+-	&apm_bios_fops
++	&apm_bios_fops,
++	{NULL, NULL},
++	NULL,
++	NULL
+ };
+ 
+ 
+@@ -2197,7 +2246,7 @@ static struct dmi_system_id __initdata a
+ 		{	DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
+ 	},
+ 
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
+ };
+ 
+ /*
+@@ -2215,6 +2264,10 @@ static int __init apm_init(void)
+ 	struct desc_struct *gdt;
+ 	int err;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	dmi_check_system(apm_dmi_table);
+ 
+ 	if (apm_info.bios.version == 0 || paravirt_enabled() || machine_is_olpc()) {
+@@ -2288,9 +2341,18 @@ static int __init apm_init(void)
+ 	 * This is for buggy BIOS's that refer to (real mode) segment 0x40
+ 	 * even though they are called in protected mode.
+ 	 */
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	set_base(bad_bios_desc, __va((unsigned long)0x40 << 4));
+ 	_set_limit((char *)&bad_bios_desc, 4095 - (0x40 << 4));
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	/*
+ 	 * Set up the long jump entry point to the APM BIOS, which is called
+ 	 * from inline assembly.
+@@ -2309,6 +2371,11 @@ static int __init apm_init(void)
+ 	 * code to that CPU.
+ 	 */
+ 	gdt = get_cpu_gdt_table(0);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	set_base(gdt[APM_CS >> 3],
+ 		 __va((unsigned long)apm_info.bios.cseg << 4));
+ 	set_base(gdt[APM_CS_16 >> 3],
+@@ -2316,6 +2383,10 @@ static int __init apm_init(void)
+ 	set_base(gdt[APM_DS >> 3],
+ 		 __va((unsigned long)apm_info.bios.dseg << 4));
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	proc_create("apm", 0, NULL, &apm_file_ops);
+ 
+ 	kapmd_task = kthread_create(apm, NULL, "kapmd");
+diff -urNp linux-2.6.29.6/arch/x86/kernel/asm-offsets_32.c linux-2.6.29.6/arch/x86/kernel/asm-offsets_32.c
+--- linux-2.6.29.6/arch/x86/kernel/asm-offsets_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/asm-offsets_32.c	2009-07-23 17:34:32.065870632 -0400
+@@ -100,6 +100,7 @@ void foo(void)
+ 	DEFINE(PTRS_PER_PTE, PTRS_PER_PTE);
+ 	DEFINE(PTRS_PER_PMD, PTRS_PER_PMD);
+ 	DEFINE(PTRS_PER_PGD, PTRS_PER_PGD);
++	DEFINE(PERCPU_MODULE_RESERVE, PERCPU_MODULE_RESERVE);
+ 
+ 	OFFSET(crypto_tfm_ctx_offset, crypto_tfm, __crt_ctx);
+ 
+@@ -113,6 +114,7 @@ void foo(void)
+ 	OFFSET(PV_CPU_iret, pv_cpu_ops, iret);
+ 	OFFSET(PV_CPU_irq_enable_sysexit, pv_cpu_ops, irq_enable_sysexit);
+ 	OFFSET(PV_CPU_read_cr0, pv_cpu_ops, read_cr0);
++	OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
+ #endif
+ 
+ #ifdef CONFIG_XEN
+diff -urNp linux-2.6.29.6/arch/x86/kernel/asm-offsets_64.c linux-2.6.29.6/arch/x86/kernel/asm-offsets_64.c
+--- linux-2.6.29.6/arch/x86/kernel/asm-offsets_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/asm-offsets_64.c	2009-07-23 17:34:32.065870632 -0400
+@@ -124,6 +124,7 @@ int main(void)
+ 	ENTRY(cr8);
+ 	BLANK();
+ #undef ENTRY
++	DEFINE(TSS_size, sizeof(struct tss_struct));
+ 	DEFINE(TSS_ist, offsetof(struct tss_struct, x86_tss.ist));
+ 	BLANK();
+ 	DEFINE(crypto_tfm_ctx_offset, offsetof(struct crypto_tfm, __crt_ctx));
+diff -urNp linux-2.6.29.6/arch/x86/kernel/cpu/common.c linux-2.6.29.6/arch/x86/kernel/cpu/common.c
+--- linux-2.6.29.6/arch/x86/kernel/cpu/common.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/cpu/common.c	2009-07-23 17:34:32.066840916 -0400
+@@ -2,7 +2,6 @@
+ #include <linux/kernel.h>
+ #include <linux/sched.h>
+ #include <linux/string.h>
+-#include <linux/bootmem.h>
+ #include <linux/bitops.h>
+ #include <linux/module.h>
+ #include <linux/kgdb.h>
+@@ -62,59 +61,6 @@ cpumask_t cpu_sibling_setup_map;
+ 
+ static struct cpu_dev *this_cpu __cpuinitdata;
+ 
+-#ifdef CONFIG_X86_64
+-/* We need valid kernel segments for data and code in long mode too
+- * IRET will check the segment types  kkeil 2000/10/28
+- * Also sysret mandates a special GDT layout
+- */
+-/* The TLS descriptors are currently at a different place compared to i386.
+-   Hopefully nobody expects them at a fixed place (Wine?) */
+-DEFINE_PER_CPU(struct gdt_page, gdt_page) = { .gdt = {
+-	[GDT_ENTRY_KERNEL32_CS] = { { { 0x0000ffff, 0x00cf9b00 } } },
+-	[GDT_ENTRY_KERNEL_CS] = { { { 0x0000ffff, 0x00af9b00 } } },
+-	[GDT_ENTRY_KERNEL_DS] = { { { 0x0000ffff, 0x00cf9300 } } },
+-	[GDT_ENTRY_DEFAULT_USER32_CS] = { { { 0x0000ffff, 0x00cffb00 } } },
+-	[GDT_ENTRY_DEFAULT_USER_DS] = { { { 0x0000ffff, 0x00cff300 } } },
+-	[GDT_ENTRY_DEFAULT_USER_CS] = { { { 0x0000ffff, 0x00affb00 } } },
+-} };
+-#else
+-DEFINE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page) = { .gdt = {
+-	[GDT_ENTRY_KERNEL_CS] = { { { 0x0000ffff, 0x00cf9a00 } } },
+-	[GDT_ENTRY_KERNEL_DS] = { { { 0x0000ffff, 0x00cf9200 } } },
+-	[GDT_ENTRY_DEFAULT_USER_CS] = { { { 0x0000ffff, 0x00cffa00 } } },
+-	[GDT_ENTRY_DEFAULT_USER_DS] = { { { 0x0000ffff, 0x00cff200 } } },
+-	/*
+-	 * Segments used for calling PnP BIOS have byte granularity.
+-	 * They code segments and data segments have fixed 64k limits,
+-	 * the transfer segment sizes are set at run time.
+-	 */
+-	/* 32-bit code */
+-	[GDT_ENTRY_PNPBIOS_CS32] = { { { 0x0000ffff, 0x00409a00 } } },
+-	/* 16-bit code */
+-	[GDT_ENTRY_PNPBIOS_CS16] = { { { 0x0000ffff, 0x00009a00 } } },
+-	/* 16-bit data */
+-	[GDT_ENTRY_PNPBIOS_DS] = { { { 0x0000ffff, 0x00009200 } } },
+-	/* 16-bit data */
+-	[GDT_ENTRY_PNPBIOS_TS1] = { { { 0x00000000, 0x00009200 } } },
+-	/* 16-bit data */
+-	[GDT_ENTRY_PNPBIOS_TS2] = { { { 0x00000000, 0x00009200 } } },
+-	/*
+-	 * The APM segments have byte granularity and their bases
+-	 * are set at run time.  All have 64k limits.
+-	 */
+-	/* 32-bit code */
+-	[GDT_ENTRY_APMBIOS_BASE] = { { { 0x0000ffff, 0x00409a00 } } },
+-	/* 16-bit code */
+-	[GDT_ENTRY_APMBIOS_BASE+1] = { { { 0x0000ffff, 0x00009a00 } } },
+-	/* data */
+-	[GDT_ENTRY_APMBIOS_BASE+2] = { { { 0x0000ffff, 0x00409200 } } },
+-
+-	[GDT_ENTRY_ESPFIX_SS] = { { { 0x00000000, 0x00c09200 } } },
+-	[GDT_ENTRY_PERCPU] = { { { 0x00000000, 0x00000000 } } },
+-} };
+-#endif
+-EXPORT_PER_CPU_SYMBOL_GPL(gdt_page);
+-
+ #ifdef CONFIG_X86_32
+ static int cachesize_override __cpuinitdata = -1;
+ static int disable_x86_serial_nr __cpuinitdata = 1;
+@@ -248,7 +194,7 @@ void switch_to_new_gdt(void)
+ {
+ 	struct desc_ptr gdt_descr;
+ 
+-	gdt_descr.address = (long)get_cpu_gdt_table(smp_processor_id());
++	gdt_descr.address = (unsigned long)get_cpu_gdt_table(smp_processor_id());
+ 	gdt_descr.size = GDT_SIZE - 1;
+ 	load_gdt(&gdt_descr);
+ #ifdef CONFIG_X86_32
+@@ -708,6 +654,10 @@ static void __cpuinit identify_cpu(struc
+ 	 * we do "generic changes."
+ 	 */
+ 
++#if defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++	setup_clear_cpu_cap(X86_FEATURE_SEP);
++#endif
++
+ 	/* If the model name is still unset, do table lookup. */
+ 	if (!c->x86_model_id[0]) {
+ 		char *p;
+@@ -880,7 +830,7 @@ __setup("clearcpuid=", setup_disablecpui
+ struct x8664_pda **_cpu_pda __read_mostly;
+ EXPORT_SYMBOL(_cpu_pda);
+ 
+-struct desc_ptr idt_descr = { 256 * 16 - 1, (unsigned long) idt_table };
++struct desc_ptr idt_descr __read_only = { 256 * 16 - 1, (unsigned long) idt_table };
+ 
+ static char boot_cpu_stack[IRQSTACKSIZE] __page_aligned_bss;
+ 
+@@ -979,7 +929,7 @@ struct pt_regs * __cpuinit idle_regs(str
+ void __cpuinit cpu_init(void)
+ {
+ 	int cpu = stack_smp_processor_id();
+-	struct tss_struct *t = &per_cpu(init_tss, cpu);
++	struct tss_struct *t = init_tss + cpu;
+ 	struct orig_ist *orig_ist = &per_cpu(orig_ist, cpu);
+ 	unsigned long v;
+ 	char *estacks = NULL;
+@@ -1100,7 +1050,7 @@ void __cpuinit cpu_init(void)
+ {
+ 	int cpu = smp_processor_id();
+ 	struct task_struct *curr = current;
+-	struct tss_struct *t = &per_cpu(init_tss, cpu);
++	struct tss_struct *t = init_tss + cpu;
+ 	struct thread_struct *thread = &curr->thread;
+ 
+ 	if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) {
+diff -urNp linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c
+--- linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/acpi-cpufreq.c	2009-07-23 17:34:32.066840916 -0400
+@@ -581,7 +581,7 @@ static const struct dmi_system_id sw_any
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "X6DLP"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ #endif
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c
+--- linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/cpu/cpufreq/speedstep-centrino.c	2009-07-23 17:34:32.066840916 -0400
+@@ -225,7 +225,7 @@ static struct cpu_model models[] =
+ 	{ &cpu_ids[CPU_MP4HT_D0], NULL, 0, NULL },
+ 	{ &cpu_ids[CPU_MP4HT_E0], NULL, 0, NULL },
+ 
+-	{ NULL, }
++	{ NULL, NULL, 0, NULL}
+ };
+ #undef _BANIAS
+ #undef BANIAS
+diff -urNp linux-2.6.29.6/arch/x86/kernel/cpu/intel.c linux-2.6.29.6/arch/x86/kernel/cpu/intel.c
+--- linux-2.6.29.6/arch/x86/kernel/cpu/intel.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/cpu/intel.c	2009-07-23 17:34:32.068000886 -0400
+@@ -94,7 +94,7 @@ static void __cpuinit trap_init_f00f_bug
+ 	 * Update the IDT descriptor and reload the IDT so that
+ 	 * it uses the read-only mapped virtual address.
+ 	 */
+-	idt_descr.address = fix_to_virt(FIX_F00F_IDT);
++	idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT);
+ 	load_idt(&idt_descr);
+ }
+ #endif
+diff -urNp linux-2.6.29.6/arch/x86/kernel/cpu/mcheck/mce_64.c linux-2.6.29.6/arch/x86/kernel/cpu/mcheck/mce_64.c
+--- linux-2.6.29.6/arch/x86/kernel/cpu/mcheck/mce_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/cpu/mcheck/mce_64.c	2009-07-23 17:34:32.068000886 -0400
+@@ -678,6 +678,7 @@ static struct miscdevice mce_log_device 
+ 	MISC_MCELOG_MINOR,
+ 	"mcelog",
+ 	&mce_chrdev_ops,
++	{NULL, NULL}, NULL, NULL
+ };
+ 
+ static unsigned long old_cr4 __initdata;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/cpu/mtrr/generic.c linux-2.6.29.6/arch/x86/kernel/cpu/mtrr/generic.c
+--- linux-2.6.29.6/arch/x86/kernel/cpu/mtrr/generic.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/cpu/mtrr/generic.c	2009-07-23 17:34:32.068000886 -0400
+@@ -23,14 +23,14 @@ static struct fixed_range_block fixed_ra
+ 	{ MTRRfix64K_00000_MSR, 1 }, /* one  64k MTRR  */
+ 	{ MTRRfix16K_80000_MSR, 2 }, /* two  16k MTRRs */
+ 	{ MTRRfix4K_C0000_MSR,  8 }, /* eight 4k MTRRs */
+-	{}
++	{ 0, 0 }
+ };
+ 
+ static unsigned long smp_changes_mask;
+ static int mtrr_state_set;
+ u64 mtrr_tom2;
+ 
+-struct mtrr_state_type mtrr_state = {};
++struct mtrr_state_type mtrr_state;
+ EXPORT_SYMBOL_GPL(mtrr_state);
+ 
+ static int __initdata mtrr_show;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/crash.c linux-2.6.29.6/arch/x86/kernel/crash.c
+--- linux-2.6.29.6/arch/x86/kernel/crash.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/crash.c	2009-07-23 17:34:32.068000886 -0400
+@@ -43,7 +43,7 @@ static void kdump_nmi_callback(int cpu, 
+ 	regs = args->regs;
+ 
+ #ifdef CONFIG_X86_32
+-	if (!user_mode_vm(regs)) {
++	if (!user_mode(regs)) {
+ 		crash_fixup_ss_esp(&fixed_regs, regs);
+ 		regs = &fixed_regs;
+ 	}
+diff -urNp linux-2.6.29.6/arch/x86/kernel/doublefault_32.c linux-2.6.29.6/arch/x86/kernel/doublefault_32.c
+--- linux-2.6.29.6/arch/x86/kernel/doublefault_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/doublefault_32.c	2009-07-23 17:34:32.068803825 -0400
+@@ -11,7 +11,7 @@
+ 
+ #define DOUBLEFAULT_STACKSIZE (1024)
+ static unsigned long doublefault_stack[DOUBLEFAULT_STACKSIZE];
+-#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE)
++#define STACK_START (unsigned long)(doublefault_stack+DOUBLEFAULT_STACKSIZE-2)
+ 
+ #define ptr_ok(x) ((x) > PAGE_OFFSET && (x) < PAGE_OFFSET + MAXMEM)
+ 
+@@ -21,7 +21,7 @@ static void doublefault_fn(void)
+ 	unsigned long gdt, tss;
+ 
+ 	store_gdt(&gdt_desc);
+-	gdt = gdt_desc.address;
++	gdt = (unsigned long)gdt_desc.address;
+ 
+ 	printk(KERN_EMERG "PANIC: double fault, gdt at %08lx [%d bytes]\n", gdt, gdt_desc.size);
+ 
+@@ -60,10 +60,10 @@ struct tss_struct doublefault_tss __cach
+ 		/* 0x2 bit is always set */
+ 		.flags		= X86_EFLAGS_SF | 0x2,
+ 		.sp		= STACK_START,
+-		.es		= __USER_DS,
++		.es		= __KERNEL_DS,
+ 		.cs		= __KERNEL_CS,
+ 		.ss		= __KERNEL_DS,
+-		.ds		= __USER_DS,
++		.ds		= __KERNEL_DS,
+ 		.fs		= __KERNEL_PERCPU,
+ 
+ 		.__cr3		= __pa_nodebug(swapper_pg_dir),
+diff -urNp linux-2.6.29.6/arch/x86/kernel/dumpstack_32.c linux-2.6.29.6/arch/x86/kernel/dumpstack_32.c
+--- linux-2.6.29.6/arch/x86/kernel/dumpstack_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/dumpstack_32.c	2009-07-23 17:34:32.068803825 -0400
+@@ -107,11 +107,12 @@ void show_registers(struct pt_regs *regs
+ 	 * When in-kernel, we also print out the stack and code at the
+ 	 * time of the fault..
+ 	 */
+-	if (!user_mode_vm(regs)) {
++	if (!user_mode(regs)) {
+ 		unsigned int code_prologue = code_bytes * 43 / 64;
+ 		unsigned int code_len = code_bytes;
+ 		unsigned char c;
+ 		u8 *ip;
++		unsigned long cs_base = get_desc_base(&get_cpu_gdt_table(smp_processor_id())[(0xffff & regs->cs) >> 3]);
+ 
+ 		printk(KERN_EMERG "Stack:\n");
+ 		show_stack_log_lvl(NULL, regs, &regs->sp,
+@@ -119,10 +120,10 @@ void show_registers(struct pt_regs *regs
+ 
+ 		printk(KERN_EMERG "Code: ");
+ 
+-		ip = (u8 *)regs->ip - code_prologue;
++		ip = (u8 *)regs->ip - code_prologue + cs_base;
+ 		if (ip < (u8 *)PAGE_OFFSET || probe_kernel_address(ip, c)) {
+ 			/* try starting at IP */
+-			ip = (u8 *)regs->ip;
++			ip = (u8 *)regs->ip + cs_base;
+ 			code_len = code_len - code_prologue + 1;
+ 		}
+ 		for (i = 0; i < code_len; i++, ip++) {
+@@ -131,7 +132,7 @@ void show_registers(struct pt_regs *regs
+ 				printk(" Bad EIP value.");
+ 				break;
+ 			}
+-			if (ip == (u8 *)regs->ip)
++			if (ip == (u8 *)regs->ip + cs_base)
+ 				printk("<%02x> ", c);
+ 			else
+ 				printk("%02x ", c);
+@@ -144,6 +145,7 @@ int is_valid_bugaddr(unsigned long ip)
+ {
+ 	unsigned short ud2;
+ 
++	ip = ktla_ktva(ip);
+ 	if (ip < PAGE_OFFSET)
+ 		return 0;
+ 	if (probe_kernel_address((unsigned short *)ip, ud2))
+diff -urNp linux-2.6.29.6/arch/x86/kernel/dumpstack.c linux-2.6.29.6/arch/x86/kernel/dumpstack.c
+--- linux-2.6.29.6/arch/x86/kernel/dumpstack.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/dumpstack.c	2009-07-23 17:34:32.068803825 -0400
+@@ -178,7 +178,7 @@ void dump_stack(void)
+ #endif
+ 
+ 	printk("Pid: %d, comm: %.20s %s %s %.*s\n",
+-		current->pid, current->comm, print_tainted(),
++		task_pid_nr(current), current->comm, print_tainted(),
+ 		init_utsname()->release,
+ 		(int)strcspn(init_utsname()->version, " "),
+ 		init_utsname()->version);
+@@ -288,7 +288,7 @@ void die(const char *str, struct pt_regs
+ 	unsigned long flags = oops_begin();
+ 	int sig = SIGSEGV;
+ 
+-	if (!user_mode_vm(regs))
++	if (!user_mode(regs))
+ 		report_bug(regs->ip, regs);
+ 
+ 	if (__die(str, regs, err))
+diff -urNp linux-2.6.29.6/arch/x86/kernel/e820.c linux-2.6.29.6/arch/x86/kernel/e820.c
+--- linux-2.6.29.6/arch/x86/kernel/e820.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/e820.c	2009-07-23 17:34:32.068803825 -0400
+@@ -698,7 +698,10 @@ struct early_res {
+ };
+ static struct early_res early_res[MAX_EARLY_RES] __initdata = {
+ 	{ 0, PAGE_SIZE, "BIOS data page" },	/* BIOS data page */
+-	{}
++#ifdef CONFIG_VM86
++	{ PAGE_SIZE, ISA_START_ADDRESS, "V86 mode memory", 1 },
++#endif
++	{ 0, 0, {0}, 0 }
+ };
+ 
+ static int __init find_overlapped_early(u64 start, u64 end)
+diff -urNp linux-2.6.29.6/arch/x86/kernel/efi_32.c linux-2.6.29.6/arch/x86/kernel/efi_32.c
+--- linux-2.6.29.6/arch/x86/kernel/efi_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/efi_32.c	2009-07-23 17:34:32.068803825 -0400
+@@ -38,70 +38,38 @@
+  */
+ 
+ static unsigned long efi_rt_eflags;
+-static pgd_t efi_bak_pg_dir_pointer[2];
++static pgd_t __initdata efi_bak_pg_dir_pointer[KERNEL_PGD_PTRS];
+ 
+-void efi_call_phys_prelog(void)
++void __init efi_call_phys_prelog(void)
+ {
+-	unsigned long cr4;
+-	unsigned long temp;
+ 	struct desc_ptr gdt_descr;
+ 
+ 	local_irq_save(efi_rt_eflags);
+ 
+-	/*
+-	 * If I don't have PAE, I should just duplicate two entries in page
+-	 * directory. If I have PAE, I just need to duplicate one entry in
+-	 * page directory.
+-	 */
+-	cr4 = read_cr4_safe();
+ 
+-	if (cr4 & X86_CR4_PAE) {
+-		efi_bak_pg_dir_pointer[0].pgd =
+-		    swapper_pg_dir[pgd_index(0)].pgd;
+-		swapper_pg_dir[0].pgd =
+-		    swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
+-	} else {
+-		efi_bak_pg_dir_pointer[0].pgd =
+-		    swapper_pg_dir[pgd_index(0)].pgd;
+-		efi_bak_pg_dir_pointer[1].pgd =
+-		    swapper_pg_dir[pgd_index(0x400000)].pgd;
+-		swapper_pg_dir[pgd_index(0)].pgd =
+-		    swapper_pg_dir[pgd_index(PAGE_OFFSET)].pgd;
+-		temp = PAGE_OFFSET + 0x400000;
+-		swapper_pg_dir[pgd_index(0x400000)].pgd =
+-		    swapper_pg_dir[pgd_index(temp)].pgd;
+-	}
++	clone_pgd_range(efi_bak_pg_dir_pointer, swapper_pg_dir, KERNEL_PGD_PTRS);
++	clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
++			min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
+ 
+ 	/*
+ 	 * After the lock is released, the original page table is restored.
+ 	 */
+ 	__flush_tlb_all();
+ 
+-	gdt_descr.address = __pa(get_cpu_gdt_table(0));
++	gdt_descr.address = (struct desc_struct *)__pa(get_cpu_gdt_table(0));
+ 	gdt_descr.size = GDT_SIZE - 1;
+ 	load_gdt(&gdt_descr);
+ }
+ 
+-void efi_call_phys_epilog(void)
++void __init efi_call_phys_epilog(void)
+ {
+-	unsigned long cr4;
+ 	struct desc_ptr gdt_descr;
+ 
+-	gdt_descr.address = (unsigned long)get_cpu_gdt_table(0);
++	gdt_descr.address = get_cpu_gdt_table(0);
+ 	gdt_descr.size = GDT_SIZE - 1;
+ 	load_gdt(&gdt_descr);
+ 
+-	cr4 = read_cr4_safe();
+-
+-	if (cr4 & X86_CR4_PAE) {
+-		swapper_pg_dir[pgd_index(0)].pgd =
+-		    efi_bak_pg_dir_pointer[0].pgd;
+-	} else {
+-		swapper_pg_dir[pgd_index(0)].pgd =
+-		    efi_bak_pg_dir_pointer[0].pgd;
+-		swapper_pg_dir[pgd_index(0x400000)].pgd =
+-		    efi_bak_pg_dir_pointer[1].pgd;
+-	}
++	clone_pgd_range(swapper_pg_dir, efi_bak_pg_dir_pointer, KERNEL_PGD_PTRS);
+ 
+ 	/*
+ 	 * After the lock is released, the original page table is restored.
+diff -urNp linux-2.6.29.6/arch/x86/kernel/efi_stub_32.S linux-2.6.29.6/arch/x86/kernel/efi_stub_32.S
+--- linux-2.6.29.6/arch/x86/kernel/efi_stub_32.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/efi_stub_32.S	2009-07-23 17:34:32.068803825 -0400
+@@ -6,6 +6,7 @@
+  */
+ 
+ #include <linux/linkage.h>
++#include <linux/init.h>
+ #include <asm/page.h>
+ 
+ /*
+@@ -20,7 +21,7 @@
+  * service functions will comply with gcc calling convention, too.
+  */
+ 
+-.text
++__INIT
+ ENTRY(efi_call_phys)
+ 	/*
+ 	 * 0. The function can only be called in Linux kernel. So CS has been
+@@ -36,9 +37,7 @@ ENTRY(efi_call_phys)
+ 	 * The mapping of lower virtual memory has been created in prelog and
+ 	 * epilog.
+ 	 */
+-	movl	$1f, %edx
+-	subl	$__PAGE_OFFSET, %edx
+-	jmp	*%edx
++	jmp	1f-__PAGE_OFFSET
+ 1:
+ 
+ 	/*
+@@ -47,14 +46,8 @@ ENTRY(efi_call_phys)
+ 	 * parameter 2, ..., param n. To make things easy, we save the return
+ 	 * address of efi_call_phys in a global variable.
+ 	 */
+-	popl	%edx
+-	movl	%edx, saved_return_addr
+-	/* get the function pointer into ECX*/
+-	popl	%ecx
+-	movl	%ecx, efi_rt_function_ptr
+-	movl	$2f, %edx
+-	subl	$__PAGE_OFFSET, %edx
+-	pushl	%edx
++	popl	(saved_return_addr)
++	popl	(efi_rt_function_ptr)
+ 
+ 	/*
+ 	 * 3. Clear PG bit in %CR0.
+@@ -73,9 +66,8 @@ ENTRY(efi_call_phys)
+ 	/*
+ 	 * 5. Call the physical function.
+ 	 */
+-	jmp	*%ecx
++	call	*(efi_rt_function_ptr-__PAGE_OFFSET)
+ 
+-2:
+ 	/*
+ 	 * 6. After EFI runtime service returns, control will return to
+ 	 * following instruction. We'd better readjust stack pointer first.
+@@ -88,34 +80,27 @@ ENTRY(efi_call_phys)
+ 	movl	%cr0, %edx
+ 	orl	$0x80000000, %edx
+ 	movl	%edx, %cr0
+-	jmp	1f
+-1:
++
+ 	/*
+ 	 * 8. Now restore the virtual mode from flat mode by
+ 	 * adding EIP with PAGE_OFFSET.
+ 	 */
+-	movl	$1f, %edx
+-	jmp	*%edx
++	jmp	1f+__PAGE_OFFSET
+ 1:
+ 
+ 	/*
+ 	 * 9. Balance the stack. And because EAX contain the return value,
+ 	 * we'd better not clobber it.
+ 	 */
+-	leal	efi_rt_function_ptr, %edx
+-	movl	(%edx), %ecx
+-	pushl	%ecx
++	pushl	(efi_rt_function_ptr)
+ 
+ 	/*
+-	 * 10. Push the saved return address onto the stack and return.
++	 * 10. Return to the saved return address.
+ 	 */
+-	leal	saved_return_addr, %edx
+-	movl	(%edx), %ecx
+-	pushl	%ecx
+-	ret
++	jmpl	*(saved_return_addr)
+ .previous
+ 
+-.data
++__INITDATA
+ saved_return_addr:
+ 	.long 0
+ efi_rt_function_ptr:
+diff -urNp linux-2.6.29.6/arch/x86/kernel/entry_32.S linux-2.6.29.6/arch/x86/kernel/entry_32.S
+--- linux-2.6.29.6/arch/x86/kernel/entry_32.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/entry_32.S	2009-07-23 17:34:32.069868390 -0400
+@@ -101,7 +101,7 @@
+ #define resume_userspace_sig	resume_userspace
+ #endif
+ 
+-#define SAVE_ALL \
++#define __SAVE_ALL(_DS) \
+ 	cld; \
+ 	pushl %fs; \
+ 	CFI_ADJUST_CFA_OFFSET 4;\
+@@ -133,12 +133,26 @@
+ 	pushl %ebx; \
+ 	CFI_ADJUST_CFA_OFFSET 4;\
+ 	CFI_REL_OFFSET ebx, 0;\
+-	movl $(__USER_DS), %edx; \
++	movl $(_DS), %edx; \
+ 	movl %edx, %ds; \
+ 	movl %edx, %es; \
+ 	movl $(__KERNEL_PERCPU), %edx; \
+ 	movl %edx, %fs
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++#define SAVE_ALL \
++	__SAVE_ALL(__KERNEL_DS); \
++	GET_CR0_INTO_EDX; \
++	movl %edx, %esi; \
++	orl $X86_CR0_WP, %edx; \
++	xorl %edx, %esi; \
++	SET_CR0_FROM_EDX
++#elif defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
++#define SAVE_ALL __SAVE_ALL(__KERNEL_DS)
++#else
++#define SAVE_ALL __SAVE_ALL(__USER_DS)
++#endif
++
+ #define RESTORE_INT_REGS \
+ 	popl %ebx;	\
+ 	CFI_ADJUST_CFA_OFFSET -4;\
+@@ -229,6 +243,11 @@ ENTRY(ret_from_fork)
+ 	CFI_ADJUST_CFA_OFFSET 4
+ 	popfl
+ 	CFI_ADJUST_CFA_OFFSET -4
++
++#ifdef CONFIG_PAX_KERNEXEC
++	xorl %esi, %esi
++#endif
++
+ 	jmp syscall_exit
+ 	CFI_ENDPROC
+ END(ret_from_fork)
+@@ -252,7 +271,17 @@ check_userspace:
+ 	movb PT_CS(%esp), %al
+ 	andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax
+ 	cmpl $USER_RPL, %eax
++
++#ifdef CONFIG_PAX_KERNEXEC
++	jae resume_userspace
++	
++	GET_CR0_INTO_EDX
++	xorl %esi, %edx
++	SET_CR0_FROM_EDX
++	jmp resume_kernel
++#else
+ 	jb resume_kernel		# not returning to v8086 or userspace
++#endif
+ 
+ ENTRY(resume_userspace)
+ 	LOCKDEP_SYS_EXIT
+@@ -314,10 +343,9 @@ sysenter_past_esp:
+ 	/*CFI_REL_OFFSET cs, 0*/
+ 	/*
+ 	 * Push current_thread_info()->sysenter_return to the stack.
+-	 * A tiny bit of offset fixup is necessary - 4*4 means the 4 words
+-	 * pushed above; +8 corresponds to copy_thread's esp0 setting.
+ 	 */
+-	pushl (TI_sysenter_return-THREAD_SIZE+8+4*4)(%esp)
++	GET_THREAD_INFO(%ebp)
++	pushl TI_sysenter_return(%ebp)
+ 	CFI_ADJUST_CFA_OFFSET 4
+ 	CFI_REL_OFFSET eip, 0
+ 
+@@ -330,9 +358,19 @@ sysenter_past_esp:
+  * Load the potential sixth argument from user stack.
+  * Careful about security.
+  */
++	movl PT_OLDESP(%esp),%ebp
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	mov PT_OLDSS(%esp),%ds
++1:	movl %ds:(%ebp),%ebp
++	push %ss
++	pop %ds
++#else
+ 	cmpl $__PAGE_OFFSET-3,%ebp
+ 	jae syscall_fault
+ 1:	movl (%ebp),%ebp
++#endif
++
+ 	movl %ebp,PT_EBP(%esp)
+ .section __ex_table,"a"
+ 	.align 4
+@@ -356,12 +394,23 @@ sysenter_do_call:
+ 	testw $_TIF_ALLWORK_MASK, %cx
+ 	jne sysexit_audit
+ sysenter_exit:
++
++#ifdef CONFIG_PAX_RANDKSTACK
++	pushl %eax
++	CFI_ADJUST_CFA_OFFSET 4
++	call pax_randomize_kstack
++	popl %eax
++	CFI_ADJUST_CFA_OFFSET -4
++#endif
++
+ /* if something modifies registers it must also disable sysexit */
+ 	movl PT_EIP(%esp), %edx
+ 	movl PT_OLDESP(%esp), %ecx
+ 	xorl %ebp,%ebp
+ 	TRACE_IRQS_ON
+ 1:	mov  PT_FS(%esp), %fs
++2:	mov  PT_DS(%esp), %ds
++3:	mov  PT_ES(%esp), %es
+ 	ENABLE_INTERRUPTS_SYSEXIT
+ 
+ #ifdef CONFIG_AUDITSYSCALL
+@@ -404,11 +453,17 @@ sysexit_audit:
+ 
+ 	CFI_ENDPROC
+ .pushsection .fixup,"ax"
+-2:	movl $0,PT_FS(%esp)
++4:	movl $0,PT_FS(%esp)
++	jmp 1b
++5:	movl $0,PT_DS(%esp)
++	jmp 1b
++6:	movl $0,PT_ES(%esp)
+ 	jmp 1b
+ .section __ex_table,"a"
+ 	.align 4
+-	.long 1b,2b
++	.long 1b,4b
++	.long 2b,5b
++	.long 3b,6b
+ .popsection
+ ENDPROC(ia32_sysenter_target)
+ 
+@@ -438,6 +493,10 @@ syscall_exit:
+ 	testw $_TIF_ALLWORK_MASK, %cx	# current->work
+ 	jne syscall_exit_work
+ 
++#ifdef CONFIG_PAX_RANDKSTACK
++	call pax_randomize_kstack
++#endif
++
+ restore_all:
+ 	movl PT_EFLAGS(%esp), %eax	# mix EFLAGS, SS and CS
+ 	# Warning: PT_OLDSS(%esp) contains the wrong/random values if we
+@@ -531,25 +590,19 @@ work_resched:
+ 
+ work_notifysig:				# deal with pending signals and
+ 					# notify-resume requests
++	movl %esp, %eax
+ #ifdef CONFIG_VM86
+ 	testl $X86_EFLAGS_VM, PT_EFLAGS(%esp)
+-	movl %esp, %eax
+-	jne work_notifysig_v86		# returning to kernel-space or
++	jz 1f				# returning to kernel-space or
+ 					# vm86-space
+-	xorl %edx, %edx
+-	call do_notify_resume
+-	jmp resume_userspace_sig
+ 
+-	ALIGN
+-work_notifysig_v86:
+ 	pushl %ecx			# save ti_flags for do_notify_resume
+ 	CFI_ADJUST_CFA_OFFSET 4
+ 	call save_v86_state		# %eax contains pt_regs pointer
+ 	popl %ecx
+ 	CFI_ADJUST_CFA_OFFSET -4
+ 	movl %eax, %esp
+-#else
+-	movl %esp, %eax
++1:
+ #endif
+ 	xorl %edx, %edx
+ 	call do_notify_resume
+@@ -584,6 +637,10 @@ END(syscall_exit_work)
+ 
+ 	RING0_INT_FRAME			# can't unwind into user space anyway
+ syscall_fault:
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	push %ss
++	pop %ds
++#endif
+ 	GET_THREAD_INFO(%ebp)
+ 	movl $-EFAULT,PT_EAX(%esp)
+ 	jmp resume_userspace
+@@ -595,17 +652,24 @@ syscall_badsys:
+ END(syscall_badsys)
+ 	CFI_ENDPROC
+ 
+-#define FIXUP_ESPFIX_STACK \
+-	/* since we are on a wrong stack, we cant make it a C code :( */ \
+-	PER_CPU(gdt_page, %ebx); \
+-	GET_DESC_BASE(GDT_ENTRY_ESPFIX_SS, %ebx, %eax, %ax, %al, %ah); \
+-	addl %esp, %eax; \
+-	pushl $__KERNEL_DS; \
+-	CFI_ADJUST_CFA_OFFSET 4; \
+-	pushl %eax; \
+-	CFI_ADJUST_CFA_OFFSET 4; \
+-	lss (%esp), %esp; \
++.macro FIXUP_ESPFIX_STACK
++	/* since we are on a wrong stack, we cant make it a C code :( */
++#ifdef CONFIG_SMP
++	movl PER_CPU_VAR(cpu_number), %ebx;
++	shll $PAGE_SHIFT_asm, %ebx;
++	addl $cpu_gdt_table, %ebx;
++#else
++	movl $cpu_gdt_table, %ebx;
++#endif
++	GET_DESC_BASE(GDT_ENTRY_ESPFIX_SS, %ebx, %eax, %ax, %al, %ah);
++	addl %esp, %eax;
++	pushl $__KERNEL_DS;
++	CFI_ADJUST_CFA_OFFSET 4;
++	pushl %eax;
++	CFI_ADJUST_CFA_OFFSET 4;
++	lss (%esp), %esp;
+ 	CFI_ADJUST_CFA_OFFSET -8;
++.endm
+ #define UNWIND_ESPFIX_STACK \
+ 	movl %ss, %eax; \
+ 	/* see if on espfix stack */ \
+@@ -1052,7 +1116,6 @@ return_to_handler:
+ 	ret
+ #endif
+ 
+-.section .rodata,"a"
+ #include "syscall_table_32.S"
+ 
+ syscall_table_size=(.-sys_call_table)
+@@ -1106,12 +1169,21 @@ error_code:
+ 	popl %ecx
+ 	CFI_ADJUST_CFA_OFFSET -4
+ 	/*CFI_REGISTER es, ecx*/
++
++#ifdef CONFIG_PAX_KERNEXEC
++	GET_CR0_INTO_EDX
++	movl %edx, %esi
++	orl $X86_CR0_WP, %edx
++	xorl %edx, %esi
++	SET_CR0_FROM_EDX
++#endif
++
+ 	movl PT_FS(%esp), %edi		# get the function address
+ 	movl PT_ORIG_EAX(%esp), %edx	# get the error code
+ 	movl $-1, PT_ORIG_EAX(%esp)	# no syscall to restart
+ 	mov  %ecx, PT_FS(%esp)
+ 	/*CFI_REL_OFFSET fs, ES*/
+-	movl $(__USER_DS), %ecx
++	movl $(__KERNEL_DS), %ecx
+ 	movl %ecx, %ds
+ 	movl %ecx, %es
+ 	TRACE_IRQS_OFF
+@@ -1206,6 +1278,13 @@ nmi_stack_correct:
+ 	xorl %edx,%edx		# zero error code
+ 	movl %esp,%eax		# pt_regs pointer
+ 	call do_nmi
++
++#ifdef CONFIG_PAX_KERNEXEC
++	GET_CR0_INTO_EDX
++	xorl %esi, %edx
++	SET_CR0_FROM_EDX
++#endif
++
+ 	jmp restore_nocheck_notrace
+ 	CFI_ENDPROC
+ 
+@@ -1246,6 +1325,13 @@ nmi_espfix_stack:
+ 	FIXUP_ESPFIX_STACK		# %eax == %esp
+ 	xorl %edx,%edx			# zero error code
+ 	call do_nmi
++
++#ifdef CONFIG_PAX_KERNEXEC
++	GET_CR0_INTO_EDX
++	xorl %esi, %edx
++	SET_CR0_FROM_EDX
++#endif
++
+ 	RESTORE_REGS
+ 	lss 12+4(%esp), %esp		# back to espfix stack
+ 	CFI_ADJUST_CFA_OFFSET -24
+diff -urNp linux-2.6.29.6/arch/x86/kernel/entry_64.S linux-2.6.29.6/arch/x86/kernel/entry_64.S
+--- linux-2.6.29.6/arch/x86/kernel/entry_64.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/entry_64.S	2009-07-23 17:34:32.069868390 -0400
+@@ -1073,10 +1073,11 @@ ENTRY(\sym)
+ 	TRACE_IRQS_OFF
+ 	movq %rsp,%rdi		/* pt_regs pointer */
+ 	xorl %esi,%esi		/* no error code */
+-	movq %gs:pda_data_offset, %rbp
+-	subq $EXCEPTION_STKSZ, per_cpu__init_tss + TSS_ist + (\ist - 1) * 8(%rbp)
++	imul $TSS_size, %gs:pda_cpunumber, %ebp
++	lea init_tss(%rbp), %rbp
++	subq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
+ 	call \do_sym
+-	addq $EXCEPTION_STKSZ, per_cpu__init_tss + TSS_ist + (\ist - 1) * 8(%rbp)
++	addq $EXCEPTION_STKSZ, TSS_ist + (\ist - 1) * 8(%rbp)
+ 	jmp paranoid_exit	/* %ebx: no swapgs flag */
+ 	CFI_ENDPROC
+ END(\sym)
+diff -urNp linux-2.6.29.6/arch/x86/kernel/ftrace.c linux-2.6.29.6/arch/x86/kernel/ftrace.c
+--- linux-2.6.29.6/arch/x86/kernel/ftrace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/ftrace.c	2009-07-23 17:34:32.070744144 -0400
+@@ -250,9 +250,9 @@ int ftrace_update_ftrace_func(ftrace_fun
+ 	unsigned char old[MCOUNT_INSN_SIZE], *new;
+ 	int ret;
+ 
+-	memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE);
++	memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE);
+ 	new = ftrace_call_replace(ip, (unsigned long)func);
+-	ret = ftrace_modify_code(ip, old, new);
++	ret = ftrace_modify_code(ktla_ktva(ip), old, new);
+ 
+ 	return ret;
+ }
+diff -urNp linux-2.6.29.6/arch/x86/kernel/head32.c linux-2.6.29.6/arch/x86/kernel/head32.c
+--- linux-2.6.29.6/arch/x86/kernel/head32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/head32.c	2009-07-23 17:34:32.070744144 -0400
+@@ -13,12 +13,13 @@
+ #include <asm/e820.h>
+ #include <asm/bios_ebda.h>
+ #include <asm/trampoline.h>
++#include <asm/boot.h>
+ 
+ void __init i386_start_kernel(void)
+ {
+ 	reserve_trampoline_memory();
+ 
+-	reserve_early(__pa_symbol(&_text), __pa_symbol(&_end), "TEXT DATA BSS");
++	reserve_early(LOAD_PHYSICAL_ADDR, __pa_symbol(&_end), "TEXT DATA BSS");
+ 
+ #ifdef CONFIG_BLK_DEV_INITRD
+ 	/* Reserve INITRD */
+diff -urNp linux-2.6.29.6/arch/x86/kernel/head_32.S linux-2.6.29.6/arch/x86/kernel/head_32.S
+--- linux-2.6.29.6/arch/x86/kernel/head_32.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/head_32.S	2009-07-23 17:34:37.457730203 -0400
+@@ -19,6 +19,7 @@
+ #include <asm/asm-offsets.h>
+ #include <asm/setup.h>
+ #include <asm/processor-flags.h>
++#include <asm/msr-index.h>
+ 
+ /* Physical address */
+ #define pa(X) ((X) - __PAGE_OFFSET)
+@@ -64,17 +65,22 @@ LOW_PAGES = 1<<(32-PAGE_SHIFT_asm)
+ LOW_PAGES = LOW_PAGES + 0x1000000
+ #endif
+ 
+-#if PTRS_PER_PMD > 1
+-PAGE_TABLE_SIZE = (LOW_PAGES / PTRS_PER_PMD) + PTRS_PER_PGD
+-#else
+-PAGE_TABLE_SIZE = (LOW_PAGES / PTRS_PER_PGD)
+-#endif
++PAGE_TABLE_SIZE = (LOW_PAGES / PTRS_PER_PTE)
+ BOOTBITMAP_SIZE = LOW_PAGES / 8
+ ALLOCATOR_SLOP = 4
+ 
+ INIT_MAP_BEYOND_END = BOOTBITMAP_SIZE + (PAGE_TABLE_SIZE + ALLOCATOR_SLOP)*PAGE_SIZE_asm
+ 
+ /*
++ * Real beginning of normal "text" segment
++ */
++ENTRY(stext)
++ENTRY(_stext)
++
++.section .text.startup,"ax",@progbits
++	ljmp $(__BOOT_CS),$phys_startup_32
++
++/*
+  * 32-bit kernel entrypoint; only used by the boot CPU.  On entry,
+  * %esi points to the real-mode code as a 32-bit pointer.
+  * CS and DS must be 4 GB flat segments, but we don't depend on
+@@ -82,6 +88,12 @@ INIT_MAP_BEYOND_END = BOOTBITMAP_SIZE + 
+  * can.
+  */
+ .section .text.head,"ax",@progbits
++
++#ifdef CONFIG_PAX_KERNEXEC
++/* PaX: fill first page in .text with int3 to catch NULL derefs in kernel mode */
++.fill 4096,1,0xcc
++#endif
++
+ ENTRY(startup_32)
+ 	/* test KEEP_SEGMENTS flag to see if the bootloader is asking
+ 		us to not reload segments */
+@@ -99,6 +111,56 @@ ENTRY(startup_32)
+ 	movl %eax,%gs
+ 2:
+ 
++	movl $pa(cpu_gdt_table),%edi
++	movl $__per_cpu_start,%eax
++	movw %ax,__KERNEL_PERCPU + 2(%edi)
++	rorl $16,%eax
++	movb %al,__KERNEL_PERCPU + 4(%edi)
++	movb %ah,__KERNEL_PERCPU + 7(%edi)
++	movl $__per_cpu_end + PERCPU_MODULE_RESERVE - 1,%eax
++	subl $__per_cpu_start,%eax
++	movw %ax,__KERNEL_PERCPU + 0(%edi)
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	/* check for VMware */
++	movl $0x564d5868,%eax
++	xorl %ebx,%ebx
++	movl $0xa,%ecx
++	movl $0x5658,%edx
++	in (%dx),%eax
++	cmpl $0x564d5868,%ebx
++	jz 2f
++
++	movl $NR_CPUS,%ecx
++	movl $pa(cpu_gdt_table),%edi
++1:
++	movl $((((__PAGE_OFFSET-1) & 0xf0000000) >> 12) | 0x00c09700),GDT_ENTRY_KERNEL_DS * 8 + 4(%edi)
++	addl $PAGE_SIZE_asm,%edi
++	loop 1b
++2:
++#endif
++
++#ifdef CONFIG_PAX_KERNEXEC
++	movl $pa(boot_gdt),%edi
++	movl $KERNEL_TEXT_OFFSET,%eax
++	movw %ax,__BOOT_CS + 2(%edi)
++	rorl $16,%eax
++	movb %al,__BOOT_CS + 4(%edi)
++	movb %ah,__BOOT_CS + 7(%edi)
++	rorl $16,%eax
++
++	movl $NR_CPUS,%ecx
++	movl $pa(cpu_gdt_table),%edi
++1:
++	movw %ax,__KERNEL_CS + 2(%edi)
++	rorl $16,%eax
++	movb %al,__KERNEL_CS + 4(%edi)
++	movb %ah,__KERNEL_CS + 7(%edi)
++	rorl $16,%eax
++	addl $PAGE_SIZE_asm,%edi
++	loop 1b
++#endif
++
+ /*
+  * Clear BSS first so that there are no surprises...
+  */
+@@ -142,9 +204,7 @@ ENTRY(startup_32)
+ 	cmpl $num_subarch_entries, %eax
+ 	jae bad_subarch
+ 
+-	movl pa(subarch_entries)(,%eax,4), %eax
+-	subl $__PAGE_OFFSET, %eax
+-	jmp *%eax
++	jmp *pa(subarch_entries)(,%eax,4)
+ 
+ bad_subarch:
+ WEAK(lguest_entry)
+@@ -156,9 +216,9 @@ WEAK(xen_entry)
+ 	__INITDATA
+ 
+ subarch_entries:
+-	.long default_entry		/* normal x86/PC */
+-	.long lguest_entry		/* lguest hypervisor */
+-	.long xen_entry			/* Xen hypervisor */
++	.long pa(default_entry)		/* normal x86/PC */
++	.long pa(lguest_entry)		/* lguest hypervisor */
++	.long pa(xen_entry)		/* Xen hypervisor */
+ num_subarch_entries = (. - subarch_entries) / 4
+ .previous
+ #endif /* CONFIG_PARAVIRT */
+@@ -220,8 +280,11 @@ default_entry:
+ 	movl %eax, pa(max_pfn_mapped)
+ 
+ 	/* Do early initialization of the fixmap area */
+-	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
+-	movl %eax,pa(swapper_pg_pmd+0x1000*KPMDS-8)
++#ifdef CONFIG_COMPAT_VDSO
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_pmd+0x1000*KPMDS-8)
++#else
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_pmd+0x1000*KPMDS-8)
++#endif
+ #else	/* Not PAE */
+ 
+ page_pde_offset = (__PAGE_OFFSET >> 20);
+@@ -253,8 +316,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20);
+ 	movl %eax, pa(max_pfn_mapped)
+ 
+ 	/* Do early initialization of the fixmap area */
+-	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,%eax
+-	movl %eax,pa(swapper_pg_dir+0xffc)
++#ifdef CONFIG_COMPAT_VDSO
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR+_PAGE_USER,pa(swapper_pg_dir+0xffc)
++#else
++	movl $pa(swapper_pg_fixmap)+PDE_IDENT_ATTR,pa(swapper_pg_dir+0xffc)
++#endif
+ #endif
+ 	jmp 3f
+ /*
+@@ -318,13 +384,16 @@ ENTRY(startup_32_smp)
+ 	jnc 6f
+ 
+ 	/* Setup EFER (Extended Feature Enable Register) */
+-	movl $0xc0000080, %ecx
++	movl $MSR_EFER, %ecx
+ 	rdmsr
+ 
+ 	btsl $11, %eax
+ 	/* Make changes effective */
+ 	wrmsr
+ 
++	btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4)
++	movl $1,pa(nx_enabled)
++
+ 6:
+ 
+ /*
+@@ -350,9 +419,7 @@ ENTRY(startup_32_smp)
+ 
+ #ifdef CONFIG_SMP
+ 	cmpb $0, ready
+-	jz  1f				/* Initial CPU cleans BSS */
+-	jmp checkCPUtype
+-1:
++	jnz checkCPUtype		/* Initial CPU cleans BSS */
+ #endif /* CONFIG_SMP */
+ 
+ /*
+@@ -429,12 +496,12 @@ is386:	movl $2,%ecx		# set MP
+ 	ljmp $(__KERNEL_CS),$1f
+ 1:	movl $(__KERNEL_DS),%eax	# reload all the segment registers
+ 	movl %eax,%ss			# after changing gdt.
+-	movl %eax,%fs			# gets reset once there's real percpu
+-
+-	movl $(__USER_DS),%eax		# DS/ES contains default USER segment
+ 	movl %eax,%ds
+ 	movl %eax,%es
+ 
++	movl $(__KERNEL_PERCPU), %eax
++	movl %eax,%fs			# set this cpu's percpu
++
+ 	xorl %eax,%eax			# Clear GS and LDT
+ 	movl %eax,%gs
+ 	lldt %ax
+@@ -444,12 +511,6 @@ is386:	movl $2,%ecx		# set MP
+ #ifdef CONFIG_SMP
+ 	movb ready, %cl
+ 	movb $1, ready
+-	cmpb $0,%cl		# the first CPU calls start_kernel
+-	je   1f
+-	movl $(__KERNEL_PERCPU), %eax
+-	movl %eax,%fs		# set this cpu's percpu
+-	movl (stack_start), %esp
+-1:
+ #endif /* CONFIG_SMP */
+ 	jmp *(initial_code)
+ 
+@@ -535,15 +596,15 @@ early_page_fault:
+ 	jmp early_fault
+ 
+ early_fault:
+-	cld
+ #ifdef CONFIG_PRINTK
++	cmpl $2,%ss:early_recursion_flag
++	je hlt_loop
++	incl %ss:early_recursion_flag
++	cld
+ 	pusha
+ 	movl $(__KERNEL_DS),%eax
+ 	movl %eax,%ds
+ 	movl %eax,%es
+-	cmpl $2,early_recursion_flag
+-	je hlt_loop
+-	incl early_recursion_flag
+ 	movl %cr2,%eax
+ 	pushl %eax
+ 	pushl %edx		/* trapno */
+@@ -553,8 +614,8 @@ early_fault:
+ #else
+ 	call printk
+ #endif
+-#endif
+ 	call dump_stack
++#endif
+ hlt_loop:
+ 	hlt
+ 	jmp hlt_loop
+@@ -562,8 +623,11 @@ hlt_loop:
+ /* This is the default interrupt "handler" :-) */
+ 	ALIGN
+ ignore_int:
+-	cld
+ #ifdef CONFIG_PRINTK
++	cmpl $2,%ss:early_recursion_flag
++	je hlt_loop
++	incl %ss:early_recursion_flag
++	cld
+ 	pushl %eax
+ 	pushl %ecx
+ 	pushl %edx
+@@ -572,9 +636,6 @@ ignore_int:
+ 	movl $(__KERNEL_DS),%eax
+ 	movl %eax,%ds
+ 	movl %eax,%es
+-	cmpl $2,early_recursion_flag
+-	je hlt_loop
+-	incl early_recursion_flag
+ 	pushl 16(%esp)
+ 	pushl 24(%esp)
+ 	pushl 32(%esp)
+@@ -599,36 +660,42 @@ ignore_int:
+ ENTRY(initial_code)
+ 	.long i386_start_kernel
+ 
+-.section .text
+-/*
+- * Real beginning of normal "text" segment
+- */
+-ENTRY(stext)
+-ENTRY(_stext)
+-
+ /*
+  * BSS section
+  */
+-.section ".bss.page_aligned","wa"
+-	.align PAGE_SIZE_asm
+ #ifdef CONFIG_X86_PAE
++.section .swapper_pg_pmd,"a",@progbits
+ swapper_pg_pmd:
+ 	.fill 1024*KPMDS,4,0
+ #else
++.section .swapper_pg_dir,"a",@progbits
+ ENTRY(swapper_pg_dir)
+ 	.fill 1024,4,0
+ #endif
+-swapper_pg_fixmap:
++
++ENTRY(swapper_pg_fixmap)
+ 	.fill 1024,4,0
++
++.section .empty_zero_page,"a",@progbits
+ ENTRY(empty_zero_page)
+ 	.fill 4096,1,0
++
++/*
++ * The IDT has to be page-aligned to simplify the Pentium
++ * F0 0F bug workaround.. We have a special link segment
++ * for this.
++ */
++.section .idt,"a",@progbits
++ENTRY(idt_table)
++	.fill 256,8,0
++
+ /*
+  * This starts the data section.
+  */
++.data
++
+ #ifdef CONFIG_X86_PAE
+-.section ".data.page_aligned","wa"
+-	/* Page-aligned for the benefit of paravirt? */
+-	.align PAGE_SIZE_asm
++.section .swapper_pg_dir,"a",@progbits
+ ENTRY(swapper_pg_dir)
+ 	.long	pa(swapper_pg_pmd+PGD_IDENT_ATTR),0	/* low identity map */
+ # if KPMDS == 3
+@@ -651,11 +718,12 @@ ENTRY(swapper_pg_dir)
+ 
+ .data
+ ENTRY(stack_start)
+-	.long init_thread_union+THREAD_SIZE
++	.long init_thread_union+THREAD_SIZE-8
+ 	.long __BOOT_DS
+ 
+ ready:	.byte 0
+ 
++.section .rodata,"a",@progbits
+ early_recursion_flag:
+ 	.long 0
+ 
+@@ -691,7 +759,7 @@ fault_msg:
+ 	.word 0				# 32 bit align gdt_desc.address
+ boot_gdt_descr:
+ 	.word __BOOT_DS+7
+-	.long boot_gdt - __PAGE_OFFSET
++	.long pa(boot_gdt)
+ 
+ 	.word 0				# 32-bit align idt_desc.address
+ idt_descr:
+@@ -702,7 +770,7 @@ idt_descr:
+ 	.word 0				# 32 bit align gdt_desc.address
+ ENTRY(early_gdt_descr)
+ 	.word GDT_ENTRIES*8-1
+-	.long per_cpu__gdt_page		/* Overwritten for secondary CPUs */
++	.long cpu_gdt_table		/* Overwritten for secondary CPUs */
+ 
+ /*
+  * The boot_gdt must mirror the equivalent in setup.S and is
+@@ -711,5 +779,59 @@ ENTRY(early_gdt_descr)
+ 	.align L1_CACHE_BYTES
+ ENTRY(boot_gdt)
+ 	.fill GDT_ENTRY_BOOT_CS,8,0
+-	.quad 0x00cf9a000000ffff	/* kernel 4GB code at 0x00000000 */
+-	.quad 0x00cf92000000ffff	/* kernel 4GB data at 0x00000000 */
++	.quad 0x00cf9b000000ffff	/* kernel 4GB code at 0x00000000 */
++	.quad 0x00cf93000000ffff	/* kernel 4GB data at 0x00000000 */
++
++	.align PAGE_SIZE_asm
++ENTRY(cpu_gdt_table)
++	.rept NR_CPUS
++	.quad 0x0000000000000000	/* NULL descriptor */
++	.quad 0x0000000000000000	/* 0x0b reserved */
++	.quad 0x0000000000000000	/* 0x13 reserved */
++	.quad 0x0000000000000000	/* 0x1b reserved */
++	.quad 0x0000000000000000	/* 0x20 unused */
++	.quad 0x0000000000000000	/* 0x28 unused */
++	.quad 0x0000000000000000	/* 0x33 TLS entry 1 */
++	.quad 0x0000000000000000	/* 0x3b TLS entry 2 */
++	.quad 0x0000000000000000	/* 0x43 TLS entry 3 */
++	.quad 0x0000000000000000	/* 0x4b reserved */
++	.quad 0x0000000000000000	/* 0x53 reserved */
++	.quad 0x0000000000000000	/* 0x5b reserved */
++
++	.quad 0x00cf9b000000ffff	/* 0x60 kernel 4GB code at 0x00000000 */
++	.quad 0x00cf93000000ffff	/* 0x68 kernel 4GB data at 0x00000000 */
++	.quad 0x00cffb000000ffff	/* 0x73 user 4GB code at 0x00000000 */
++	.quad 0x00cff3000000ffff	/* 0x7b user 4GB data at 0x00000000 */
++
++	.quad 0x0000000000000000	/* 0x80 TSS descriptor */
++	.quad 0x0000000000000000	/* 0x88 LDT descriptor */
++
++	/*
++	 * Segments used for calling PnP BIOS have byte granularity.
++	 * The code segments and data segments have fixed 64k limits,
++	 * the transfer segment sizes are set at run time.
++	 */
++	.quad 0x00409b000000ffff	/* 0x90 32-bit code */
++	.quad 0x00009b000000ffff	/* 0x98 16-bit code */
++	.quad 0x000093000000ffff	/* 0xa0 16-bit data */
++	.quad 0x0000930000000000	/* 0xa8 16-bit data */
++	.quad 0x0000930000000000	/* 0xb0 16-bit data */
++
++	/*
++	 * The APM segments have byte granularity and their bases
++	 * are set at run time.  All have 64k limits.
++	 */
++	.quad 0x00409b000000ffff	/* 0xb8 APM CS    code */
++	.quad 0x00009b000000ffff	/* 0xc0 APM CS 16 code (16 bit) */
++	.quad 0x004093000000ffff	/* 0xc8 APM DS    data */
++
++	.quad 0x00c0930000000000	/* 0xd0 - ESPFIX SS */
++	.quad 0x0040930000000000	/* 0xd8 - PERCPU */
++	.quad 0x0000000000000000	/* 0xe0 - PCIBIOS_CS */
++	.quad 0x0000000000000000	/* 0xe8 - PCIBIOS_DS */
++	.quad 0x0000000000000000	/* 0xf0 - unused */
++	.quad 0x0000000000000000	/* 0xf8 - GDT entry 31: double-fault TSS */
++
++	/* Be sure this is zeroed to avoid false validations in Xen */
++	.fill PAGE_SIZE_asm - GDT_SIZE,1,0
++	.endr
+diff -urNp linux-2.6.29.6/arch/x86/kernel/head64.c linux-2.6.29.6/arch/x86/kernel/head64.c
+--- linux-2.6.29.6/arch/x86/kernel/head64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/head64.c	2009-07-23 17:34:32.070744144 -0400
+@@ -94,6 +94,8 @@ void __init x86_64_start_kernel(char * r
+ 	/* clear bss before set_intr_gate with early_idt_handler */
+ 	clear_bss();
+ 
++	x86_64_init_pda();
++
+ 	/* Make NULL pointers segfault */
+ 	zap_identity_mappings();
+ 
+@@ -112,8 +114,6 @@ void __init x86_64_start_kernel(char * r
+ 	if (console_loglevel == 10)
+ 		early_printk("Kernel alive\n");
+ 
+-	x86_64_init_pda();
+-
+ 	x86_64_start_reservations(real_mode_data);
+ }
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/head_64.S linux-2.6.29.6/arch/x86/kernel/head_64.S
+--- linux-2.6.29.6/arch/x86/kernel/head_64.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/head_64.S	2009-07-23 17:34:32.071712262 -0400
+@@ -38,6 +38,10 @@ L4_PAGE_OFFSET = pgd_index(__PAGE_OFFSET
+ L3_PAGE_OFFSET = pud_index(__PAGE_OFFSET)
+ L4_START_KERNEL = pgd_index(__START_KERNEL_map)
+ L3_START_KERNEL = pud_index(__START_KERNEL_map)
++L4_VMALLOC_START = pgd_index(VMALLOC_START)
++L3_VMALLOC_START = pud_index(VMALLOC_START)
++L4_VMEMMAP_START = pgd_index(VMEMMAP_START)
++L3_VMEMMAP_START = pud_index(VMEMMAP_START)
+ 
+ 	.text
+ 	.section .text.head
+@@ -85,35 +89,22 @@ startup_64:
+ 	 */
+ 	addq	%rbp, init_level4_pgt + 0(%rip)
+ 	addq	%rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip)
++	addq	%rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip)
++	addq	%rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip)
+ 	addq	%rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip)
+ 
+ 	addq	%rbp, level3_ident_pgt + 0(%rip)
++	addq	%rbp, level3_ident_pgt + 8(%rip)
++	addq	%rbp, level3_ident_pgt + 16(%rip)
++	addq	%rbp, level3_ident_pgt + 24(%rip)
+ 
+-	addq	%rbp, level3_kernel_pgt + (510*8)(%rip)
+-	addq	%rbp, level3_kernel_pgt + (511*8)(%rip)
++	addq	%rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
+ 
+-	addq	%rbp, level2_fixmap_pgt + (506*8)(%rip)
++	addq	%rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
++	addq	%rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip)
+ 
+-	/* Add an Identity mapping if I am above 1G */
+-	leaq	_text(%rip), %rdi
+-	andq	$PMD_PAGE_MASK, %rdi
+-
+-	movq	%rdi, %rax
+-	shrq	$PUD_SHIFT, %rax
+-	andq	$(PTRS_PER_PUD - 1), %rax
+-	jz	ident_complete
+-
+-	leaq	(level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx
+-	leaq	level3_ident_pgt(%rip), %rbx
+-	movq	%rdx, 0(%rbx, %rax, 8)
+-
+-	movq	%rdi, %rax
+-	shrq	$PMD_SHIFT, %rax
+-	andq	$(PTRS_PER_PMD - 1), %rax
+-	leaq	__PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx
+-	leaq	level2_spare_pgt(%rip), %rbx
+-	movq	%rdx, 0(%rbx, %rax, 8)
+-ident_complete:
++	addq	%rbp, level2_fixmap_pgt + (506*8)(%rip)
++	addq	%rbp, level2_fixmap_pgt + (507*8)(%rip)
+ 
+ 	/*
+ 	 * Fixup the kernel text+data virtual addresses. Note that
+@@ -187,6 +178,10 @@ ENTRY(secondary_startup_64)
+ 	btl	$20,%edi		/* No Execute supported? */
+ 	jnc     1f
+ 	btsl	$_EFER_NX, %eax
++	leaq	init_level4_pgt(%rip), %rdi
++	btsq	$_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi)
++	btsq	$_PAGE_BIT_NX, 8*L4_VMALLOC_START(%rdi)
++	btsq	$_PAGE_BIT_NX, 8*L4_VMEMMAP_START(%rdi)
+ 1:	wrmsr				/* Make changes effective */
+ 
+ 	/* Setup cr0 */
+@@ -257,16 +252,16 @@ ENTRY(secondary_startup_64)
+ 	.align	8
+ 	ENTRY(initial_code)
+ 	.quad	x86_64_start_kernel
+-	__FINITDATA
+ 
+ 	ENTRY(stack_start)
+ 	.quad  init_thread_union+THREAD_SIZE-8
+ 	.word  0
++	__FINITDATA
+ 
+ bad_address:
+ 	jmp bad_address
+ 
+-	.section ".init.text","ax"
++	__INIT
+ #ifdef CONFIG_EARLY_PRINTK
+ 	.globl early_idt_handlers
+ early_idt_handlers:
+@@ -311,18 +306,23 @@ ENTRY(early_idt_handler)
+ #endif /* EARLY_PRINTK */
+ 1:	hlt
+ 	jmp 1b
++	.previous
+ 
+ #ifdef CONFIG_EARLY_PRINTK
++	__INITDATA
+ early_recursion_flag:
+ 	.long 0
++	.previous
+ 
++	.section .rodata,"a",@progbits
+ early_idt_msg:
+ 	.asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n"
+ early_idt_ripmsg:
+ 	.asciz "RIP %s\n"
+-#endif /* CONFIG_EARLY_PRINTK */
+ 	.previous
++#endif /* CONFIG_EARLY_PRINTK */
+ 
++	.section .rodata,"a",@progbits
+ .balign PAGE_SIZE
+ 
+ #define NEXT_PAGE(name) \
+@@ -347,13 +347,27 @@ NEXT_PAGE(init_level4_pgt)
+ 	.quad	level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ 	.org	init_level4_pgt + L4_PAGE_OFFSET*8, 0
+ 	.quad	level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
++	.org	init_level4_pgt + L4_VMALLOC_START*8, 0
++	.quad	level3_vmalloc_pgt - __START_KERNEL_map + _KERNPG_TABLE
++	.org	init_level4_pgt + L4_VMEMMAP_START*8, 0
++	.quad	level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ 	.org	init_level4_pgt + L4_START_KERNEL*8, 0
+ 	/* (2^48-(2*1024*1024*1024))/(2^39) = 511 */
+ 	.quad	level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE
+ 
+ NEXT_PAGE(level3_ident_pgt)
+ 	.quad	level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
+-	.fill	511,8,0
++	.quad	level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
++	.quad	level2_ident_pgt + 2*PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
++	.quad	level2_ident_pgt + 3*PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE
++	.fill	508,8,0
++
++NEXT_PAGE(level3_vmalloc_pgt)
++	.fill	512,8,0
++
++NEXT_PAGE(level3_vmemmap_pgt)
++	.fill	L3_VMEMMAP_START,8,0
++	.quad	level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ 
+ NEXT_PAGE(level3_kernel_pgt)
+ 	.fill	L3_START_KERNEL,8,0
+@@ -361,20 +375,27 @@ NEXT_PAGE(level3_kernel_pgt)
+ 	.quad	level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE
+ 	.quad	level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
+ 
++NEXT_PAGE(level2_vmemmap_pgt)
++	.fill	512,8,0
++
+ NEXT_PAGE(level2_fixmap_pgt)
+ 	.fill	506,8,0
+ 	.quad	level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE
+-	/* 8MB reserved for vsyscalls + a 2MB hole = 4 + 1 entries */
+-	.fill	5,8,0
++	.quad	level1_vsyscall_pgt - __START_KERNEL_map + _PAGE_TABLE
++	/* 6MB reserved for vsyscalls + a 2MB hole = 3 + 1 entries */
++	.fill	4,8,0
+ 
+ NEXT_PAGE(level1_fixmap_pgt)
+ 	.fill	512,8,0
+ 
+-NEXT_PAGE(level2_ident_pgt)
+-	/* Since I easily can, map the first 1G.
++NEXT_PAGE(level1_vsyscall_pgt)
++	.fill	512,8,0
++
++	/* Since I easily can, map the first 4G.
+ 	 * Don't set NX because code runs from these pages.
+ 	 */
+-	PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD)
++NEXT_PAGE(level2_ident_pgt)
++	PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 4*PTRS_PER_PMD)
+ 
+ NEXT_PAGE(level2_kernel_pgt)
+ 	/*
+@@ -387,32 +408,48 @@ NEXT_PAGE(level2_kernel_pgt)
+ 	 *  If you want to increase this then increase MODULES_VADDR
+ 	 *  too.)
+ 	 */
+-	PMDS(0, __PAGE_KERNEL_LARGE_EXEC,
+-		KERNEL_IMAGE_SIZE/PMD_SIZE)
+-
+-NEXT_PAGE(level2_spare_pgt)
+-	.fill   512, 8, 0
++	PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE)
+ 
+ #undef PMDS
+ #undef NEXT_PAGE
+ 
+-	.data
++	.align PAGE_SIZE
++ENTRY(cpu_gdt_table)
++	.rept NR_CPUS
++	.quad	0x0000000000000000	/* NULL descriptor */
++	.quad	0x00cf9b000000ffff	/* __KERNEL32_CS */
++	.quad	0x00af9b000000ffff	/* __KERNEL_CS */
++	.quad	0x00cf93000000ffff	/* __KERNEL_DS */
++	.quad	0x00cffb000000ffff	/* __USER32_CS */
++	.quad	0x00cff3000000ffff	/* __USER_DS, __USER32_DS  */
++	.quad	0x00affb000000ffff	/* __USER_CS */
++	.quad	0x0			/* unused */
++	.quad	0,0			/* TSS */
++	.quad	0,0			/* LDT */
++	.quad	0,0,0			/* three TLS descriptors */
++	.quad	0x0000f40000000000	/* node/CPU stored in limit */
++	/* asm/segment.h:GDT_ENTRIES must match this */
++
++	/* zero the remaining page */
++	.fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0
++	.endr
++
+ 	.align 16
+ 	.globl early_gdt_descr
+ early_gdt_descr:
+ 	.word	GDT_ENTRIES*8-1
+-	.quad   per_cpu__gdt_page
++	.quad	cpu_gdt_table
+ 
+ ENTRY(phys_base)
+ 	/* This must match the first entry in level2_kernel_pgt */
+ 	.quad   0x0000000000000000
+ 
+ #include "../../x86/xen/xen-head.S"
+-	
+-	.section .bss, "aw", @nobits
++
++	.section .rodata,"a",@progbits
+ 	.align L1_CACHE_BYTES
+ ENTRY(idt_table)
+-	.skip 256 * 16
++	.fill 512,8,0
+ 
+ 	.section .bss.page_aligned, "aw", @nobits
+ 	.align PAGE_SIZE
+diff -urNp linux-2.6.29.6/arch/x86/kernel/i386_ksyms_32.c linux-2.6.29.6/arch/x86/kernel/i386_ksyms_32.c
+--- linux-2.6.29.6/arch/x86/kernel/i386_ksyms_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/i386_ksyms_32.c	2009-07-23 17:34:32.071712262 -0400
+@@ -10,8 +10,12 @@
+ EXPORT_SYMBOL(mcount);
+ #endif
+ 
++EXPORT_SYMBOL_GPL(cpu_gdt_table);
++
+ /* Networking helper routines. */
+ EXPORT_SYMBOL(csum_partial_copy_generic);
++EXPORT_SYMBOL(csum_partial_copy_generic_to_user);
++EXPORT_SYMBOL(csum_partial_copy_generic_from_user);
+ 
+ EXPORT_SYMBOL(__get_user_1);
+ EXPORT_SYMBOL(__get_user_2);
+@@ -26,3 +30,7 @@ EXPORT_SYMBOL(strstr);
+ 
+ EXPORT_SYMBOL(csum_partial);
+ EXPORT_SYMBOL(empty_zero_page);
++
++#ifdef CONFIG_PAX_KERNEXEC
++EXPORT_SYMBOL(KERNEL_TEXT_OFFSET);
++#endif
+diff -urNp linux-2.6.29.6/arch/x86/kernel/init_task.c linux-2.6.29.6/arch/x86/kernel/init_task.c
+--- linux-2.6.29.6/arch/x86/kernel/init_task.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/init_task.c	2009-07-23 17:34:32.071712262 -0400
+@@ -40,5 +40,5 @@ EXPORT_SYMBOL(init_task);
+  * section. Since TSS's are completely CPU-local, we want them
+  * on exact cacheline boundaries, to eliminate cacheline ping-pong.
+  */
+-DEFINE_PER_CPU_SHARED_ALIGNED(struct tss_struct, init_tss) = INIT_TSS;
+-
++struct tss_struct init_tss[NR_CPUS] ____cacheline_internodealigned_in_smp = { [0 ... NR_CPUS-1] = INIT_TSS };
++EXPORT_SYMBOL(init_tss);
+diff -urNp linux-2.6.29.6/arch/x86/kernel/ioport.c linux-2.6.29.6/arch/x86/kernel/ioport.c
+--- linux-2.6.29.6/arch/x86/kernel/ioport.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/ioport.c	2009-07-23 17:34:32.071712262 -0400
+@@ -6,6 +6,7 @@
+ #include <linux/sched.h>
+ #include <linux/kernel.h>
+ #include <linux/capability.h>
++#include <linux/security.h>
+ #include <linux/errno.h>
+ #include <linux/types.h>
+ #include <linux/ioport.h>
+@@ -41,6 +42,12 @@ asmlinkage long sys_ioperm(unsigned long
+ 
+ 	if ((from + num <= from) || (from + num > IO_BITMAP_BITS))
+ 		return -EINVAL;
++#ifdef CONFIG_GRKERNSEC_IO
++	if (turn_on) {
++		gr_handle_ioperm();
++		return -EPERM;
++	}
++#endif
+ 	if (turn_on && !capable(CAP_SYS_RAWIO))
+ 		return -EPERM;
+ 
+@@ -67,7 +74,7 @@ asmlinkage long sys_ioperm(unsigned long
+ 	 * because the ->io_bitmap_max value must match the bitmap
+ 	 * contents:
+ 	 */
+-	tss = &per_cpu(init_tss, get_cpu());
++	tss = init_tss + get_cpu();
+ 
+ 	set_bitmap(t->io_bitmap_ptr, from, num, !turn_on);
+ 
+@@ -122,8 +129,13 @@ static int do_iopl(unsigned int level, s
+ 		return -EINVAL;
+ 	/* Trying to gain more privileges? */
+ 	if (level > old) {
++#ifdef CONFIG_GRKERNSEC_IO
++		gr_handle_iopl();
++		return -EPERM;
++#else
+ 		if (!capable(CAP_SYS_RAWIO))
+ 			return -EPERM;
++#endif
+ 	}
+ 	regs->flags = (regs->flags & ~X86_EFLAGS_IOPL) | (level << 12);
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/irq_32.c linux-2.6.29.6/arch/x86/kernel/irq_32.c
+--- linux-2.6.29.6/arch/x86/kernel/irq_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/irq_32.c	2009-07-23 17:34:32.071712262 -0400
+@@ -93,7 +93,7 @@ execute_on_irq_stack(int overflow, struc
+ 		return 0;
+ 
+ 	/* build the stack frame on the IRQ stack */
+-	isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
++	isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
+ 	irqctx->tinfo.task = curctx->tinfo.task;
+ 	irqctx->tinfo.previous_esp = current_stack_pointer;
+ 
+@@ -174,7 +174,7 @@ asmlinkage void do_softirq(void)
+ 		irqctx->tinfo.previous_esp = current_stack_pointer;
+ 
+ 		/* build the stack frame on the softirq stack */
+-		isp = (u32 *) ((char *)irqctx + sizeof(*irqctx));
++		isp = (u32 *) ((char *)irqctx + sizeof(*irqctx) - 8);
+ 
+ 		call_on_stack(__do_softirq, isp);
+ 		/*
+diff -urNp linux-2.6.29.6/arch/x86/kernel/kprobes.c linux-2.6.29.6/arch/x86/kernel/kprobes.c
+--- linux-2.6.29.6/arch/x86/kernel/kprobes.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/kprobes.c	2009-07-23 17:34:32.072711199 -0400
+@@ -166,9 +166,24 @@ static void __kprobes set_jmp_op(void *f
+ 		char op;
+ 		s32 raddr;
+ 	} __attribute__((packed)) * jop;
+-	jop = (struct __arch_jmp_op *)from;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
++	jop = (struct __arch_jmp_op *)(ktla_ktva(from));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	jop->raddr = (s32)((long)(to) - ((long)(from) + 5));
+ 	jop->op = RELATIVEJUMP_INSTRUCTION;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+ 
+ /*
+@@ -345,16 +360,29 @@ static void __kprobes fix_riprel(struct 
+ 
+ static void __kprobes arch_copy_kprobe(struct kprobe *p)
+ {
+-	memcpy(p->ainsn.insn, p->addr, MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	memcpy(p->ainsn.insn, ktla_ktva(p->addr), MAX_INSN_SIZE * sizeof(kprobe_opcode_t));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
+ 
+ 	fix_riprel(p);
+ 
+-	if (can_boost(p->addr))
++	if (can_boost(ktla_ktva(p->addr)))
+ 		p->ainsn.boostable = 0;
+ 	else
+ 		p->ainsn.boostable = -1;
+ 
+-	p->opcode = *p->addr;
++	p->opcode = *(ktla_ktva(p->addr));
+ }
+ 
+ int __kprobes arch_prepare_kprobe(struct kprobe *p)
+@@ -432,7 +460,7 @@ static void __kprobes prepare_singlestep
+ 	if (p->opcode == BREAKPOINT_INSTRUCTION)
+ 		regs->ip = (unsigned long)p->addr;
+ 	else
+-		regs->ip = (unsigned long)p->ainsn.insn;
++		regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
+ }
+ 
+ void __kprobes arch_prepare_kretprobe(struct kretprobe_instance *ri,
+@@ -453,7 +481,7 @@ static void __kprobes setup_singlestep(s
+ 	if (p->ainsn.boostable == 1 && !p->post_handler) {
+ 		/* Boost up -- we can execute copied instructions directly */
+ 		reset_current_kprobe();
+-		regs->ip = (unsigned long)p->ainsn.insn;
++		regs->ip = ktva_ktla((unsigned long)p->ainsn.insn);
+ 		preempt_enable_no_resched();
+ 		return;
+ 	}
+@@ -523,7 +551,7 @@ static int __kprobes kprobe_handler(stru
+ 	struct kprobe_ctlblk *kcb;
+ 
+ 	addr = (kprobe_opcode_t *)(regs->ip - sizeof(kprobe_opcode_t));
+-	if (*addr != BREAKPOINT_INSTRUCTION) {
++	if (*(kprobe_opcode_t *)ktla_ktva((unsigned long)addr) != BREAKPOINT_INSTRUCTION) {
+ 		/*
+ 		 * The breakpoint instruction was removed right
+ 		 * after we hit it.  Another cpu has removed
+@@ -774,7 +802,7 @@ static void __kprobes resume_execution(s
+ 		struct pt_regs *regs, struct kprobe_ctlblk *kcb)
+ {
+ 	unsigned long *tos = stack_addr(regs);
+-	unsigned long copy_ip = (unsigned long)p->ainsn.insn;
++	unsigned long copy_ip = ktva_ktla((unsigned long)p->ainsn.insn);
+ 	unsigned long orig_ip = (unsigned long)p->addr;
+ 	kprobe_opcode_t *insn = p->ainsn.insn;
+ 
+@@ -957,7 +985,7 @@ int __kprobes kprobe_exceptions_notify(s
+ 	struct die_args *args = data;
+ 	int ret = NOTIFY_DONE;
+ 
+-	if (args->regs && user_mode_vm(args->regs))
++	if (args->regs && user_mode(args->regs))
+ 		return ret;
+ 
+ 	switch (val) {
+diff -urNp linux-2.6.29.6/arch/x86/kernel/ldt.c linux-2.6.29.6/arch/x86/kernel/ldt.c
+--- linux-2.6.29.6/arch/x86/kernel/ldt.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/ldt.c	2009-07-23 17:34:32.072711199 -0400
+@@ -66,13 +66,13 @@ static int alloc_ldt(mm_context_t *pc, i
+ 	if (reload) {
+ #ifdef CONFIG_SMP
+ 		preempt_disable();
+-		load_LDT(pc);
++		load_LDT_nolock(pc);
+ 		if (!cpus_equal(current->mm->cpu_vm_mask,
+ 				cpumask_of_cpu(smp_processor_id())))
+ 			smp_call_function(flush_ldt, current->mm, 1);
+ 		preempt_enable();
+ #else
+-		load_LDT(pc);
++		load_LDT_nolock(pc);
+ #endif
+ 	}
+ 	if (oldsize) {
+@@ -94,7 +94,7 @@ static inline int copy_ldt(mm_context_t 
+ 		return err;
+ 
+ 	for (i = 0; i < old->size; i++)
+-		write_ldt_entry(new->ldt, i, old->ldt + i * LDT_ENTRY_SIZE);
++		write_ldt_entry(new->ldt, i, old->ldt + i);
+ 	return 0;
+ }
+ 
+@@ -115,6 +115,24 @@ int init_new_context(struct task_struct 
+ 		retval = copy_ldt(&mm->context, &old_mm->context);
+ 		mutex_unlock(&old_mm->context.lock);
+ 	}
++
++	if (tsk == current) {
++		mm->context.vdso = ~0UL;
++
++#ifdef CONFIG_X86_32
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++		mm->context.user_cs_base = 0UL;
++		mm->context.user_cs_limit = ~0UL;
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_SMP)
++		cpus_clear(mm->context.cpu_user_cs_mask);
++#endif
++
++#endif
++#endif
++
++	}
++
+ 	return retval;
+ }
+ 
+@@ -229,6 +247,13 @@ static int write_ldt(void __user *ptr, u
+ 		}
+ 	}
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (ldt_info.contents & MODIFY_LDT_CONTENTS_CODE)) {
++		error = -EINVAL;
++		goto out_unlock;
++	}
++#endif
++
+ 	fill_ldt(&ldt, &ldt_info);
+ 	if (oldmode)
+ 		ldt.avl = 0;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/machine_kexec_32.c linux-2.6.29.6/arch/x86/kernel/machine_kexec_32.c
+--- linux-2.6.29.6/arch/x86/kernel/machine_kexec_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/machine_kexec_32.c	2009-07-23 17:34:32.072711199 -0400
+@@ -26,7 +26,7 @@
+ #include <asm/system.h>
+ #include <asm/cacheflush.h>
+ 
+-static void set_idt(void *newidt, __u16 limit)
++static void set_idt(struct desc_struct *newidt, __u16 limit)
+ {
+ 	struct desc_ptr curidt;
+ 
+@@ -38,7 +38,7 @@ static void set_idt(void *newidt, __u16 
+ }
+ 
+ 
+-static void set_gdt(void *newgdt, __u16 limit)
++static void set_gdt(struct desc_struct *newgdt, __u16 limit)
+ {
+ 	struct desc_ptr curgdt;
+ 
+@@ -216,7 +216,7 @@ void machine_kexec(struct kimage *image)
+ 	}
+ 
+ 	control_page = page_address(image->control_code_page);
+-	memcpy(control_page, relocate_kernel, KEXEC_CONTROL_CODE_MAX_SIZE);
++	memcpy(control_page, (void *)ktla_ktva((unsigned long)relocate_kernel), KEXEC_CONTROL_CODE_MAX_SIZE);
+ 
+ 	relocate_kernel_ptr = control_page;
+ 	page_list[PA_CONTROL_PAGE] = __pa(control_page);
+diff -urNp linux-2.6.29.6/arch/x86/kernel/module_32.c linux-2.6.29.6/arch/x86/kernel/module_32.c
+--- linux-2.6.29.6/arch/x86/kernel/module_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/module_32.c	2009-07-23 17:34:32.072711199 -0400
+@@ -23,6 +23,9 @@
+ #include <linux/kernel.h>
+ #include <linux/bug.h>
+ 
++#include <asm/desc.h>
++#include <asm/pgtable.h>
++
+ #if 0
+ #define DEBUGP printk
+ #else
+@@ -33,9 +36,31 @@ void *module_alloc(unsigned long size)
+ {
+ 	if (size == 0)
+ 		return NULL;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	return __vmalloc(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL);
++#else
+ 	return vmalloc_exec(size);
++#endif
++
+ }
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++void *module_alloc_exec(unsigned long size)
++{
++	struct vm_struct *area;
++
++	if (size == 0)
++		return NULL;
++
++	area = __get_vm_area(size, VM_ALLOC, (unsigned long)&MODULES_VADDR, (unsigned long)&MODULES_END);
++	if (area)
++		return area->addr;
++
++	return NULL;
++}
++EXPORT_SYMBOL(module_alloc_exec);
++#endif
+ 
+ /* Free memory returned from module_alloc */
+ void module_free(struct module *mod, void *module_region)
+@@ -45,6 +70,45 @@ void module_free(struct module *mod, voi
+            table entries. */
+ }
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++void module_free_exec(struct module *mod, void *module_region)
++{
++	struct vm_struct **p, *tmp;
++
++	if (!module_region)
++		return;
++
++	if ((PAGE_SIZE-1) & (unsigned long)module_region) {
++		printk(KERN_ERR "Trying to module_free_exec() bad address (%p)\n", module_region);
++		WARN_ON(1);
++		return;
++	}
++
++	write_lock(&vmlist_lock);
++	for (p = &vmlist; (tmp = *p) != NULL; p = &tmp->next)
++		 if (tmp->addr == module_region)
++			break;
++
++	if (tmp) {
++		unsigned long cr0;
++
++		pax_open_kernel(cr0);
++		memset(tmp->addr, 0xCC, tmp->size);
++		pax_close_kernel(cr0);
++
++		*p = tmp->next;
++		kfree(tmp);
++	}
++	write_unlock(&vmlist_lock);
++
++	if (!tmp) {
++		printk(KERN_ERR "Trying to module_free_exec() nonexistent vm area (%p)\n",
++				module_region);
++		WARN_ON(1);
++	}
++}
++#endif
++
+ /* We don't need anything special. */
+ int module_frob_arch_sections(Elf_Ehdr *hdr,
+ 			      Elf_Shdr *sechdrs,
+@@ -63,14 +127,20 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+ 	unsigned int i;
+ 	Elf32_Rel *rel = (void *)sechdrs[relsec].sh_addr;
+ 	Elf32_Sym *sym;
+-	uint32_t *location;
++	uint32_t *plocation, location;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
+ 
+ 	DEBUGP("Applying relocate section %u to %u\n", relsec,
+ 	       sechdrs[relsec].sh_info);
+ 	for (i = 0; i < sechdrs[relsec].sh_size / sizeof(*rel); i++) {
+ 		/* This is where to make the change */
+-		location = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr
+-			+ rel[i].r_offset;
++		plocation = (void *)sechdrs[sechdrs[relsec].sh_info].sh_addr + rel[i].r_offset;
++		location = (uint32_t)plocation;
++		if (sechdrs[sechdrs[relsec].sh_info].sh_flags & SHF_EXECINSTR)
++			plocation = ktla_ktva((void *)plocation);
+ 		/* This is the symbol it is referring to.  Note that all
+ 		   undefined symbols have been resolved.  */
+ 		sym = (Elf32_Sym *)sechdrs[symindex].sh_addr
+@@ -78,12 +148,32 @@ int apply_relocate(Elf32_Shdr *sechdrs,
+ 
+ 		switch (ELF32_R_TYPE(rel[i].r_info)) {
+ 		case R_386_32:
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			/* We add the value into the location given */
+-			*location += sym->st_value;
++			*plocation += sym->st_value;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			break;
+ 		case R_386_PC32:
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			/* Add the value, subtract its postition */
+-			*location += sym->st_value - (uint32_t)location;
++			*plocation += sym->st_value - location;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			break;
+ 		default:
+ 			printk(KERN_ERR "module %s: Unknown relocation: %u\n",
+diff -urNp linux-2.6.29.6/arch/x86/kernel/module_64.c linux-2.6.29.6/arch/x86/kernel/module_64.c
+--- linux-2.6.29.6/arch/x86/kernel/module_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/module_64.c	2009-07-23 17:34:32.072711199 -0400
+@@ -40,7 +40,7 @@ void module_free(struct module *mod, voi
+            table entries. */
+ }
+ 
+-void *module_alloc(unsigned long size)
++static void *__module_alloc(unsigned long size, pgprot_t prot)
+ {
+ 	struct vm_struct *area;
+ 
+@@ -54,8 +54,31 @@ void *module_alloc(unsigned long size)
+ 	if (!area)
+ 		return NULL;
+ 
+-	return __vmalloc_area(area, GFP_KERNEL, PAGE_KERNEL_EXEC);
++	return __vmalloc_area(area, GFP_KERNEL | __GFP_ZERO, prot);
++}
++
++#ifdef CONFIG_PAX_KERNEXEC
++void *module_alloc(unsigned long size)
++{
++	return __module_alloc(size, PAGE_KERNEL);
++}
++
++void module_free_exec(struct module *mod, void *module_region)
++{
++	module_free(mod, module_region);
++}
++
++void *module_alloc_exec(unsigned long size)
++{
++	return __module_alloc(size, PAGE_KERNEL_RX);
+ }
++#else
++void *module_alloc(unsigned long size)
++{
++	return __module_alloc(size, PAGE_KERNEL_EXEC);
++}
++#endif
++
+ #endif
+ 
+ /* We don't need anything special. */
+@@ -77,7 +100,11 @@ int apply_relocate_add(Elf64_Shdr *sechd
+ 	Elf64_Rela *rel = (void *)sechdrs[relsec].sh_addr;
+ 	Elf64_Sym *sym;
+ 	void *loc;
+-	u64 val; 
++	u64 val;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
+ 
+ 	DEBUGP("Applying relocate section %u to %u\n", relsec,
+ 	       sechdrs[relsec].sh_info);
+@@ -101,21 +128,61 @@ int apply_relocate_add(Elf64_Shdr *sechd
+ 		case R_X86_64_NONE:
+ 			break;
+ 		case R_X86_64_64:
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			*(u64 *)loc = val;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			break;
+ 		case R_X86_64_32:
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			*(u32 *)loc = val;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			if (val != *(u32 *)loc)
+ 				goto overflow;
+ 			break;
+ 		case R_X86_64_32S:
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			*(s32 *)loc = val;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			if ((s64)val != *(s32 *)loc)
+ 				goto overflow;
+ 			break;
+ 		case R_X86_64_PC32: 
+ 			val -= (u64)loc;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			*(u32 *)loc = val;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ #if 0
+ 			if ((s64)val != *(s32 *)loc)
+ 				goto overflow; 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/paravirt.c linux-2.6.29.6/arch/x86/kernel/paravirt.c
+--- linux-2.6.29.6/arch/x86/kernel/paravirt.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/paravirt.c	2009-07-23 17:34:32.073727851 -0400
+@@ -44,7 +44,7 @@ void _paravirt_nop(void)
+ {
+ }
+ 
+-static void __init default_banner(void)
++static void default_banner(void)
+ {
+ 	printk(KERN_INFO "Booting paravirtualized kernel on %s\n",
+ 	       pv_info.name);
+@@ -164,7 +164,7 @@ unsigned paravirt_patch_insns(void *insn
+ 	if (insn_len > len || start == NULL)
+ 		insn_len = len;
+ 	else
+-		memcpy(insnbuf, start, insn_len);
++		memcpy(insnbuf, ktla_ktva(start), insn_len);
+ 
+ 	return insn_len;
+ }
+@@ -294,21 +294,21 @@ void arch_flush_lazy_cpu_mode(void)
+ 	preempt_enable();
+ }
+ 
+-struct pv_info pv_info = {
++struct pv_info pv_info __read_only = {
+ 	.name = "bare hardware",
+ 	.paravirt_enabled = 0,
+ 	.kernel_rpl = 0,
+ 	.shared_kernel_pmd = 1,	/* Only used when CONFIG_X86_PAE is set */
+ };
+ 
+-struct pv_init_ops pv_init_ops = {
++struct pv_init_ops pv_init_ops __read_only = {
+ 	.patch = native_patch,
+ 	.banner = default_banner,
+ 	.arch_setup = paravirt_nop,
+ 	.memory_setup = machine_specific_memory_setup,
+ };
+ 
+-struct pv_time_ops pv_time_ops = {
++struct pv_time_ops pv_time_ops __read_only = {
+ 	.time_init = hpet_time_init,
+ 	.get_wallclock = native_get_wallclock,
+ 	.set_wallclock = native_set_wallclock,
+@@ -316,7 +316,7 @@ struct pv_time_ops pv_time_ops = {
+ 	.get_tsc_khz = native_calibrate_tsc,
+ };
+ 
+-struct pv_irq_ops pv_irq_ops = {
++struct pv_irq_ops pv_irq_ops __read_only = {
+ 	.init_IRQ = native_init_IRQ,
+ 	.save_fl = native_save_fl,
+ 	.restore_fl = native_restore_fl,
+@@ -329,7 +329,7 @@ struct pv_irq_ops pv_irq_ops = {
+ #endif
+ };
+ 
+-struct pv_cpu_ops pv_cpu_ops = {
++struct pv_cpu_ops pv_cpu_ops __read_only = {
+ 	.cpuid = native_cpuid,
+ 	.get_debugreg = native_get_debugreg,
+ 	.set_debugreg = native_set_debugreg,
+@@ -391,7 +391,7 @@ struct pv_cpu_ops pv_cpu_ops = {
+ 	},
+ };
+ 
+-struct pv_apic_ops pv_apic_ops = {
++struct pv_apic_ops pv_apic_ops __read_only = {
+ #ifdef CONFIG_X86_LOCAL_APIC
+ 	.setup_boot_clock = setup_boot_APIC_clock,
+ 	.setup_secondary_clock = setup_secondary_APIC_clock,
+@@ -399,7 +399,7 @@ struct pv_apic_ops pv_apic_ops = {
+ #endif
+ };
+ 
+-struct pv_mmu_ops pv_mmu_ops = {
++struct pv_mmu_ops pv_mmu_ops __read_only = {
+ #ifndef CONFIG_X86_64
+ 	.pagetable_setup_start = native_pagetable_setup_start,
+ 	.pagetable_setup_done = native_pagetable_setup_done,
+diff -urNp linux-2.6.29.6/arch/x86/kernel/paravirt-spinlocks.c linux-2.6.29.6/arch/x86/kernel/paravirt-spinlocks.c
+--- linux-2.6.29.6/arch/x86/kernel/paravirt-spinlocks.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/paravirt-spinlocks.c	2009-07-23 17:34:32.073727851 -0400
+@@ -13,7 +13,7 @@ default_spin_lock_flags(raw_spinlock_t *
+ 	__raw_spin_lock(lock);
+ }
+ 
+-struct pv_lock_ops pv_lock_ops = {
++struct pv_lock_ops pv_lock_ops __read_only = {
+ #ifdef CONFIG_SMP
+ 	.spin_is_locked = __ticket_spin_is_locked,
+ 	.spin_is_contended = __ticket_spin_is_contended,
+diff -urNp linux-2.6.29.6/arch/x86/kernel/process_32.c linux-2.6.29.6/arch/x86/kernel/process_32.c
+--- linux-2.6.29.6/arch/x86/kernel/process_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/process_32.c	2009-07-23 17:34:32.073727851 -0400
+@@ -66,8 +66,10 @@ asmlinkage void ret_from_fork(void) __as
+ DEFINE_PER_CPU(struct task_struct *, current_task) = &init_task;
+ EXPORT_PER_CPU_SYMBOL(current_task);
+ 
++#ifdef CONFIG_SMP
+ DEFINE_PER_CPU(int, cpu_number);
+ EXPORT_PER_CPU_SYMBOL(cpu_number);
++#endif
+ 
+ /*
+  * Return saved PC of a blocked thread.
+@@ -75,6 +77,7 @@ EXPORT_PER_CPU_SYMBOL(cpu_number);
+ unsigned long thread_saved_pc(struct task_struct *tsk)
+ {
+ 	return ((unsigned long *)tsk->thread.sp)[3];
++//XXX	return tsk->thread.eip;
+ }
+ 
+ #ifndef CONFIG_SMP
+@@ -129,7 +132,7 @@ void __show_regs(struct pt_regs *regs, i
+ 	unsigned short ss, gs;
+ 	const char *board;
+ 
+-	if (user_mode_vm(regs)) {
++	if (user_mode(regs)) {
+ 		sp = regs->sp;
+ 		ss = regs->ss & 0xffff;
+ 		savesegment(gs, gs);
+@@ -210,8 +213,8 @@ int kernel_thread(int (*fn)(void *), voi
+ 	regs.bx = (unsigned long) fn;
+ 	regs.dx = (unsigned long) arg;
+ 
+-	regs.ds = __USER_DS;
+-	regs.es = __USER_DS;
++	regs.ds = __KERNEL_DS;
++	regs.es = __KERNEL_DS;
+ 	regs.fs = __KERNEL_PERCPU;
+ 	regs.orig_ax = -1;
+ 	regs.ip = (unsigned long) kernel_thread_helper;
+@@ -233,7 +236,7 @@ void exit_thread(void)
+ 		struct task_struct *tsk = current;
+ 		struct thread_struct *t = &tsk->thread;
+ 		int cpu = get_cpu();
+-		struct tss_struct *tss = &per_cpu(init_tss, cpu);
++		struct tss_struct *tss = init_tss + cpu;
+ 
+ 		kfree(t->io_bitmap_ptr);
+ 		t->io_bitmap_ptr = NULL;
+@@ -256,6 +259,7 @@ void flush_thread(void)
+ {
+ 	struct task_struct *tsk = current;
+ 
++	loadsegment(gs, 0);
+ 	tsk->thread.debugreg0 = 0;
+ 	tsk->thread.debugreg1 = 0;
+ 	tsk->thread.debugreg2 = 0;
+@@ -295,7 +299,7 @@ int copy_thread(int nr, unsigned long cl
+ 	struct task_struct *tsk;
+ 	int err;
+ 
+-	childregs = task_pt_regs(p);
++	childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8;
+ 	*childregs = *regs;
+ 	childregs->ax = 0;
+ 	childregs->sp = sp;
+@@ -324,6 +328,7 @@ int copy_thread(int nr, unsigned long cl
+ 	 * Set a new TLS for the child thread?
+ 	 */
+ 	if (clone_flags & CLONE_SETTLS)
++//XXX needs set_fs()?
+ 		err = do_set_thread_area(p, -1,
+ 			(struct user_desc __user *)childregs->si, 0);
+ 
+@@ -514,7 +519,7 @@ __switch_to(struct task_struct *prev_p, 
+ 	struct thread_struct *prev = &prev_p->thread,
+ 				 *next = &next_p->thread;
+ 	int cpu = smp_processor_id();
+-	struct tss_struct *tss = &per_cpu(init_tss, cpu);
++	struct tss_struct *tss = init_tss + cpu;
+ 
+ 	/* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
+ 
+@@ -542,6 +547,11 @@ __switch_to(struct task_struct *prev_p, 
+ 	 */
+ 	savesegment(gs, prev->gs);
+ 
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++	if (!segment_eq(task_thread_info(prev_p)->addr_limit, task_thread_info(next_p)->addr_limit))
++		__set_fs(task_thread_info(next_p)->addr_limit, cpu);
++#endif
++
+ 	/*
+ 	 * Load the per-thread Thread-Local Storage descriptor.
+ 	 */
+@@ -680,15 +690,27 @@ unsigned long get_wchan(struct task_stru
+ 	return 0;
+ }
+ 
+-unsigned long arch_align_stack(unsigned long sp)
++#ifdef CONFIG_PAX_RANDKSTACK
++asmlinkage void pax_randomize_kstack(void)
+ {
+-	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
+-		sp -= get_random_int() % 8192;
+-	return sp & ~0xf;
+-}
++	struct thread_struct *thread = &current->thread;
++	unsigned long time;
+ 
+-unsigned long arch_randomize_brk(struct mm_struct *mm)
+-{
+-	unsigned long range_end = mm->brk + 0x02000000;
+-	return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
++	if (!randomize_va_space)
++		return;
++
++	rdtscl(time);
++
++	/* P4 seems to return a 0 LSB, ignore it */
++#ifdef CONFIG_MPENTIUM4
++	time &= 0x1EUL;
++	time <<= 2;
++#else
++	time &= 0xFUL;
++	time <<= 3;
++#endif
++
++	thread->sp0 ^= time;
++	load_sp0(init_tss + smp_processor_id(), thread);
+ }
++#endif
+diff -urNp linux-2.6.29.6/arch/x86/kernel/process_64.c linux-2.6.29.6/arch/x86/kernel/process_64.c
+--- linux-2.6.29.6/arch/x86/kernel/process_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/process_64.c	2009-07-23 17:34:32.073727851 -0400
+@@ -91,7 +91,7 @@ static void __exit_idle(void)
+ void exit_idle(void)
+ {
+ 	/* idle loop has pid 0 */
+-	if (current->pid)
++	if (task_pid_nr(current))
+ 		return;
+ 	__exit_idle();
+ }
+@@ -112,6 +112,8 @@ static inline void play_dead(void)
+ void cpu_idle(void)
+ {
+ 	current_thread_info()->status |= TS_POLLING;
++	current->stack_canary = pax_get_random_long();
++	write_pda(stack_canary, current->stack_canary);
+ 	/* endless idle loop with no priority at all */
+ 	while (1) {
+ 		tick_nohz_stop_sched_tick(1);
+@@ -160,7 +162,7 @@ void __show_regs(struct pt_regs *regs, i
+ 	if (!board)
+ 		board = "";
+ 	printk(KERN_INFO "Pid: %d, comm: %.20s %s %s %.*s %s\n",
+-		current->pid, current->comm, print_tainted(),
++		task_pid_nr(current), current->comm, print_tainted(),
+ 		init_utsname()->release,
+ 		(int)strcspn(init_utsname()->version, " "),
+ 		init_utsname()->version, board);
+@@ -230,7 +232,7 @@ void exit_thread(void)
+ 	struct thread_struct *t = &me->thread;
+ 
+ 	if (me->thread.io_bitmap_ptr) {
+-		struct tss_struct *tss = &per_cpu(init_tss, get_cpu());
++		struct tss_struct *tss = init_tss + get_cpu();
+ 
+ 		kfree(t->io_bitmap_ptr);
+ 		t->io_bitmap_ptr = NULL;
+@@ -537,7 +539,7 @@ __switch_to(struct task_struct *prev_p, 
+ 	struct thread_struct *prev = &prev_p->thread;
+ 	struct thread_struct *next = &next_p->thread;
+ 	int cpu = smp_processor_id();
+-	struct tss_struct *tss = &per_cpu(init_tss, cpu);
++	struct tss_struct *tss = init_tss + cpu;
+ 	unsigned fsindex, gsindex;
+ 
+ 	/* we're going to use this soon, after a few expensive things */
+@@ -626,7 +628,6 @@ __switch_to(struct task_struct *prev_p, 
+ 		  (unsigned long)task_stack_page(next_p) +
+ 		  THREAD_SIZE - PDA_STACKOFFSET);
+ #ifdef CONFIG_CC_STACKPROTECTOR
+-	write_pda(stack_canary, next_p->stack_canary);
+ 	/*
+ 	 * Build time only check to make sure the stack_canary is at
+ 	 * offset 40 in the pda; this is a gcc ABI requirement
+@@ -725,12 +726,11 @@ unsigned long get_wchan(struct task_stru
+ 	if (!p || p == current || p->state == TASK_RUNNING)
+ 		return 0;
+ 	stack = (unsigned long)task_stack_page(p);
+-	if (p->thread.sp < stack || p->thread.sp >= stack+THREAD_SIZE)
++	if (p->thread.sp < stack || p->thread.sp > stack+THREAD_SIZE-8-sizeof(u64))
+ 		return 0;
+ 	fp = *(u64 *)(p->thread.sp);
+ 	do {
+-		if (fp < (unsigned long)stack ||
+-		    fp >= (unsigned long)stack+THREAD_SIZE)
++		if (fp < stack || fp > stack+THREAD_SIZE-8-sizeof(u64))
+ 			return 0;
+ 		ip = *(u64 *)(fp+8);
+ 		if (!in_sched_functions(ip))
+@@ -839,16 +839,3 @@ long sys_arch_prctl(int code, unsigned l
+ {
+ 	return do_arch_prctl(current, code, addr);
+ }
+-
+-unsigned long arch_align_stack(unsigned long sp)
+-{
+-	if (!(current->personality & ADDR_NO_RANDOMIZE) && randomize_va_space)
+-		sp -= get_random_int() % 8192;
+-	return sp & ~0xf;
+-}
+-
+-unsigned long arch_randomize_brk(struct mm_struct *mm)
+-{
+-	unsigned long range_end = mm->brk + 0x02000000;
+-	return randomize_range(mm->brk, range_end, 0) ? : mm->brk;
+-}
+diff -urNp linux-2.6.29.6/arch/x86/kernel/ptrace.c linux-2.6.29.6/arch/x86/kernel/ptrace.c
+--- linux-2.6.29.6/arch/x86/kernel/ptrace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/ptrace.c	2009-07-23 17:34:32.073727851 -0400
+@@ -1377,7 +1377,7 @@ void send_sigtrap(struct task_struct *ts
+ 	info.si_code = si_code;
+ 
+ 	/* User-mode ip? */
+-	info.si_addr = user_mode_vm(regs) ? (void __user *) regs->ip : NULL;
++	info.si_addr = user_mode(regs) ? (void __user *) regs->ip : NULL;
+ 
+ 	/* Send us the fake SIGTRAP */
+ 	force_sig_info(SIGTRAP, &info, tsk);
+diff -urNp linux-2.6.29.6/arch/x86/kernel/reboot.c linux-2.6.29.6/arch/x86/kernel/reboot.c
+--- linux-2.6.29.6/arch/x86/kernel/reboot.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/reboot.c	2009-07-23 17:34:32.073727851 -0400
+@@ -32,7 +32,7 @@ void (*pm_power_off)(void);
+ EXPORT_SYMBOL(pm_power_off);
+ 
+ static const struct desc_ptr no_idt = {};
+-static int reboot_mode;
++static unsigned short reboot_mode;
+ enum reboot_type reboot_type = BOOT_KBD;
+ int reboot_force;
+ 
+@@ -234,7 +234,7 @@ static struct dmi_system_id __initdata r
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "Dell XPS710"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {{0, {0}}}, NULL}
+ };
+ 
+ static int __init reboot_init(void)
+@@ -250,12 +250,12 @@ core_initcall(reboot_init);
+    controller to pulse the CPU reset line, which is more thorough, but
+    doesn't work with at least one type of 486 motherboard.  It is easy
+    to stop this code working; hence the copious comments. */
+-static const unsigned long long
+-real_mode_gdt_entries [3] =
++static struct desc_struct
++real_mode_gdt_entries [3] __read_only =
+ {
+-	0x0000000000000000ULL,	/* Null descriptor */
+-	0x00009b000000ffffULL,	/* 16-bit real-mode 64k code at 0x00000000 */
+-	0x000093000100ffffULL	/* 16-bit real-mode 64k data at 0x00000100 */
++	{{{0x00000000, 0x00000000}}},	/* Null descriptor */
++	{{{0x0000ffff, 0x00009b00}}},	/* 16-bit real-mode 64k code at 0x00000000 */
++	{{{0x0100ffff, 0x00009300}}}	/* 16-bit real-mode 64k data at 0x00000100 */
+ };
+ 
+ static const struct desc_ptr
+@@ -304,7 +304,7 @@ static const unsigned char jump_to_bios 
+  * specified by the code and length parameters.
+  * We assume that length will aways be less that 100!
+  */
+-void machine_real_restart(const unsigned char *code, int length)
++void machine_real_restart(const unsigned char *code, unsigned int length)
+ {
+ 	local_irq_disable();
+ 
+@@ -324,8 +324,8 @@ void machine_real_restart(const unsigned
+ 	/* Remap the kernel at virtual address zero, as well as offset zero
+ 	   from the kernel segment.  This assumes the kernel segment starts at
+ 	   virtual address PAGE_OFFSET. */
+-	memcpy(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
+-		sizeof(swapper_pg_dir [0]) * KERNEL_PGD_PTRS);
++	clone_pgd_range(swapper_pg_dir, swapper_pg_dir + KERNEL_PGD_BOUNDARY,
++			min_t(unsigned long, KERNEL_PGD_PTRS, KERNEL_PGD_BOUNDARY));
+ 
+ 	/*
+ 	 * Use `swapper_pg_dir' as our page directory.
+@@ -337,16 +337,15 @@ void machine_real_restart(const unsigned
+ 	   boot)".  This seems like a fairly standard thing that gets set by
+ 	   REBOOT.COM programs, and the previous reset routine did this
+ 	   too. */
+-	*((unsigned short *)0x472) = reboot_mode;
++	*(unsigned short *)(__va(0x472)) = reboot_mode;
+ 
+ 	/* For the switch to real mode, copy some code to low memory.  It has
+ 	   to be in the first 64k because it is running in 16-bit mode, and it
+ 	   has to have the same physical and virtual address, because it turns
+ 	   off paging.  Copy it near the end of the first page, out of the way
+ 	   of BIOS variables. */
+-	memcpy((void *)(0x1000 - sizeof(real_mode_switch) - 100),
+-		real_mode_switch, sizeof (real_mode_switch));
+-	memcpy((void *)(0x1000 - 100), code, length);
++	memcpy(__va(0x1000 - sizeof (real_mode_switch) - 100), real_mode_switch, sizeof (real_mode_switch));
++	memcpy(__va(0x1000 - 100), code, length);
+ 
+ 	/* Set up the IDT for real mode. */
+ 	load_idt(&real_mode_idt);
+diff -urNp linux-2.6.29.6/arch/x86/kernel/setup.c linux-2.6.29.6/arch/x86/kernel/setup.c
+--- linux-2.6.29.6/arch/x86/kernel/setup.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/setup.c	2009-07-23 17:34:32.075127987 -0400
+@@ -703,8 +703,8 @@ void __init setup_arch(char **cmdline_p)
+ 
+ 	if (!boot_params.hdr.root_flags)
+ 		root_mountflags &= ~MS_RDONLY;
+-	init_mm.start_code = (unsigned long) _text;
+-	init_mm.end_code = (unsigned long) _etext;
++	init_mm.start_code = ktla_ktva((unsigned long) _text);
++	init_mm.end_code = ktla_ktva((unsigned long) _etext);
+ 	init_mm.end_data = (unsigned long) _edata;
+ #ifdef CONFIG_X86_32
+ 	init_mm.brk = init_pg_tables_end + PAGE_OFFSET;
+@@ -712,9 +712,9 @@ void __init setup_arch(char **cmdline_p)
+ 	init_mm.brk = (unsigned long) &_end;
+ #endif
+ 
+-	code_resource.start = virt_to_phys(_text);
+-	code_resource.end = virt_to_phys(_etext)-1;
+-	data_resource.start = virt_to_phys(_etext);
++	code_resource.start = virt_to_phys(ktla_ktva(_text));
++	code_resource.end = virt_to_phys(ktla_ktva(_etext))-1;
++	data_resource.start = virt_to_phys(_data);
+ 	data_resource.end = virt_to_phys(_edata)-1;
+ 	bss_resource.start = virt_to_phys(&__bss_start);
+ 	bss_resource.end = virt_to_phys(&__bss_stop)-1;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/setup_percpu.c linux-2.6.29.6/arch/x86/kernel/setup_percpu.c
+--- linux-2.6.29.6/arch/x86/kernel/setup_percpu.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/setup_percpu.c	2009-07-23 17:34:32.075127987 -0400
+@@ -197,7 +197,11 @@ void __init setup_per_cpu_areas(void)
+ 				cpu, node, __pa(ptr));
+ 		}
+ #endif
++#ifdef CONFIG_X86_32
++		__per_cpu_offset[cpu] = ptr - __per_cpu_start;
++#else
+ 		per_cpu_offset(cpu) = ptr - __per_cpu_start;
++#endif
+ 		memcpy(ptr, __per_cpu_start, __per_cpu_end - __per_cpu_start);
+ 	}
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/signal.c linux-2.6.29.6/arch/x86/kernel/signal.c
+--- linux-2.6.29.6/arch/x86/kernel/signal.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/signal.c	2009-07-23 17:34:32.075127987 -0400
+@@ -255,7 +255,7 @@ get_sigframe(struct k_sigaction *ka, str
+ 	 * Align the stack pointer according to the i386 ABI,
+ 	 * i.e. so that on function entry ((sp + 4) & 15) == 0.
+ 	 */
+-	sp = ((sp + 4) & -16ul) - 4;
++	sp = ((sp - 12) & -16ul) - 4;
+ 
+ 	return (void __user *) sp;
+ }
+@@ -287,9 +287,9 @@ __setup_frame(int sig, struct k_sigactio
+ 	}
+ 
+ 	if (current->mm->context.vdso)
+-		restorer = VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
++		restorer = (void __user *)VDSO32_SYMBOL(current->mm->context.vdso, sigreturn);
+ 	else
+-		restorer = &frame->retcode;
++		restorer = (void __user *)&frame->retcode;
+ 	if (ka->sa.sa_flags & SA_RESTORER)
+ 		restorer = ka->sa.sa_restorer;
+ 
+@@ -360,7 +360,7 @@ static int __setup_rt_frame(int sig, str
+ 		return -EFAULT;
+ 
+ 	/* Set up to return from userspace.  */
+-	restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
++	restorer = (void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
+ 	if (ka->sa.sa_flags & SA_RESTORER)
+ 		restorer = ka->sa.sa_restorer;
+ 	err |= __put_user(restorer, &frame->pretcode);
+@@ -811,7 +811,7 @@ static void do_signal(struct pt_regs *re
+ 	 * X86_32: vm86 regs switched out by assembly code before reaching
+ 	 * here, so testing against kernel CS suffices.
+ 	 */
+-	if (!user_mode(regs))
++	if (!user_mode_novm(regs))
+ 		return;
+ 
+ 	if (current_thread_info()->status & TS_RESTORE_SIGMASK)
+diff -urNp linux-2.6.29.6/arch/x86/kernel/smpboot.c linux-2.6.29.6/arch/x86/kernel/smpboot.c
+--- linux-2.6.29.6/arch/x86/kernel/smpboot.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/smpboot.c	2009-07-23 17:34:32.076107253 -0400
+@@ -806,6 +806,11 @@ static int __cpuinit do_boot_cpu(int api
+ 		.cpu = cpu,
+ 		.done = COMPLETION_INITIALIZER_ONSTACK(c_idle.done),
+ 	};
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	INIT_WORK(&c_idle.work, do_fork_idle);
+ 
+ #ifdef CONFIG_X86_64
+@@ -856,7 +861,17 @@ do_rest:
+ 	cpu_pda(cpu)->pcurrent = c_idle.idle;
+ 	clear_tsk_thread_flag(c_idle.idle, TIF_FORK);
+ #endif
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	initial_code = (unsigned long)start_secondary;
+ 	stack_start.sp = (void *) c_idle.idle->thread.sp;
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/smpcommon.c linux-2.6.29.6/arch/x86/kernel/smpcommon.c
+--- linux-2.6.29.6/arch/x86/kernel/smpcommon.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/smpcommon.c	2009-07-23 17:34:32.076107253 -0400
+@@ -3,9 +3,10 @@
+  */
+ #include <linux/module.h>
+ #include <asm/smp.h>
++#include <asm/sections.h>
+ 
+ #ifdef CONFIG_X86_32
+-DEFINE_PER_CPU(unsigned long, this_cpu_off);
++DEFINE_PER_CPU(unsigned long, this_cpu_off) = (unsigned long)__per_cpu_start;
+ EXPORT_PER_CPU_SYMBOL(this_cpu_off);
+ 
+ /*
+@@ -15,16 +16,19 @@ EXPORT_PER_CPU_SYMBOL(this_cpu_off);
+  */
+ __cpuinit void init_gdt(int cpu)
+ {
+-	struct desc_struct gdt;
++	struct desc_struct d, *gdt = get_cpu_gdt_table(cpu);
++	unsigned long base, limit;
+ 
+-	pack_descriptor(&gdt, __per_cpu_offset[cpu], 0xFFFFF,
+-			0x2 | DESCTYPE_S, 0x8);
+-	gdt.s = 1;
++	base = per_cpu_offset(cpu);
++	limit = PERCPU_ENOUGH_ROOM - 1;
++	if (limit < 64*1024)
++		pack_descriptor(&d, base, limit, 0x80 | DESCTYPE_S | 0x3, 0x4);
++	else
++		pack_descriptor(&d, base, limit >> PAGE_SHIFT, 0x80 | DESCTYPE_S | 0x3, 0xC);
+ 
+-	write_gdt_entry(get_cpu_gdt_table(cpu),
+-			GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S);
++	write_gdt_entry(gdt, GDT_ENTRY_PERCPU, &d, DESCTYPE_S);
+ 
+-	per_cpu(this_cpu_off, cpu) = __per_cpu_offset[cpu];
++	per_cpu(this_cpu_off, cpu) = base;
+ 	per_cpu(cpu_number, cpu) = cpu;
+ }
+ #endif
+diff -urNp linux-2.6.29.6/arch/x86/kernel/step.c linux-2.6.29.6/arch/x86/kernel/step.c
+--- linux-2.6.29.6/arch/x86/kernel/step.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/step.c	2009-07-23 17:34:32.076107253 -0400
+@@ -23,22 +23,20 @@ unsigned long convert_ip_to_linear(struc
+ 	 * and APM bios ones we just ignore here.
+ 	 */
+ 	if ((seg & SEGMENT_TI_MASK) == SEGMENT_LDT) {
+-		u32 *desc;
++		struct desc_struct *desc;
+ 		unsigned long base;
+ 
+-		seg &= ~7UL;
++		seg >>= 3;
+ 
+ 		mutex_lock(&child->mm->context.lock);
+-		if (unlikely((seg >> 3) >= child->mm->context.size))
+-			addr = -1L; /* bogus selector, access would fault */
++		if (unlikely(seg >= child->mm->context.size))
++			addr = -EINVAL;
+ 		else {
+-			desc = child->mm->context.ldt + seg;
+-			base = ((desc[0] >> 16) |
+-				((desc[1] & 0xff) << 16) |
+-				(desc[1] & 0xff000000));
++			desc = &child->mm->context.ldt[seg];
++			base = (desc->a >> 16) | ((desc->b & 0xff) << 16) | (desc->b & 0xff000000);
+ 
+ 			/* 16-bit code segment? */
+-			if (!((desc[1] >> 22) & 1))
++			if (!((desc->b >> 22) & 1))
+ 				addr &= 0xffff;
+ 			addr += base;
+ 		}
+@@ -54,6 +52,9 @@ static int is_setting_trap_flag(struct t
+ 	unsigned char opcode[15];
+ 	unsigned long addr = convert_ip_to_linear(child, regs);
+ 
++	if (addr == -EINVAL)
++		return 0;
++
+ 	copied = access_process_vm(child, addr, opcode, sizeof(opcode), 0);
+ 	for (i = 0; i < copied; i++) {
+ 		switch (opcode[i]) {
+@@ -75,7 +76,7 @@ static int is_setting_trap_flag(struct t
+ 
+ #ifdef CONFIG_X86_64
+ 		case 0x40 ... 0x4f:
+-			if (regs->cs != __USER_CS)
++			if ((regs->cs & 0xffff) != __USER_CS)
+ 				/* 32-bit mode: register increment */
+ 				return 0;
+ 			/* 64-bit mode: REX prefix */
+diff -urNp linux-2.6.29.6/arch/x86/kernel/syscall_table_32.S linux-2.6.29.6/arch/x86/kernel/syscall_table_32.S
+--- linux-2.6.29.6/arch/x86/kernel/syscall_table_32.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/syscall_table_32.S	2009-07-23 17:34:32.076778086 -0400
+@@ -1,3 +1,4 @@
++.section .rodata,"a",@progbits
+ ENTRY(sys_call_table)
+ 	.long sys_restart_syscall	/* 0 - old "setup()" system call, used for restarting */
+ 	.long sys_exit
+diff -urNp linux-2.6.29.6/arch/x86/kernel/sys_i386_32.c linux-2.6.29.6/arch/x86/kernel/sys_i386_32.c
+--- linux-2.6.29.6/arch/x86/kernel/sys_i386_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/sys_i386_32.c	2009-07-23 17:34:32.076778086 -0400
+@@ -24,6 +24,21 @@
+ 
+ #include <asm/syscalls.h>
+ 
++int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags)
++{
++	unsigned long pax_task_size = TASK_SIZE;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
++
++	if (len > pax_task_size || addr > pax_task_size - len)
++		return -EINVAL;
++
++	return 0;
++}
++
+ asmlinkage long sys_mmap2(unsigned long addr, unsigned long len,
+ 			  unsigned long prot, unsigned long flags,
+ 			  unsigned long fd, unsigned long pgoff)
+@@ -83,6 +98,205 @@ out:
+ 	return err;
+ }
+ 
++unsigned long
++arch_get_unmapped_area(struct file *filp, unsigned long addr,
++		unsigned long len, unsigned long pgoff, unsigned long flags)
++{
++	struct mm_struct *mm = current->mm;
++	struct vm_area_struct *vma;
++	unsigned long start_addr, pax_task_size = TASK_SIZE;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
++
++	if (len > pax_task_size)
++		return -ENOMEM;
++
++	if (flags & MAP_FIXED)
++		return addr;
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
++	if (addr) {
++		addr = PAGE_ALIGN(addr);
++		vma = find_vma(mm, addr);
++		if (pax_task_size - len >= addr &&
++		    (!vma || addr + len <= vma->vm_start))
++			return addr;
++	}
++	if (len > mm->cached_hole_size) {
++		start_addr = addr = mm->free_area_cache;
++	} else {
++		start_addr = addr = mm->mmap_base;
++		mm->cached_hole_size = 0;
++	}
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE) && start_addr >= mm->mmap_base) {
++		start_addr = 0x00110000UL;
++
++#ifdef CONFIG_PAX_RANDMMAP
++		if (mm->pax_flags & MF_PAX_RANDMMAP)
++			start_addr += mm->delta_mmap & 0x03FFF000UL;
++#endif
++
++		if (mm->start_brk <= start_addr && start_addr < mm->mmap_base)
++			start_addr = addr = mm->mmap_base;
++		else
++			addr = start_addr;
++	}
++#endif
++
++full_search:
++	for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
++		/* At this point:  (!vma || addr < vma->vm_end). */
++		if (pax_task_size - len < addr) {
++			/*
++			 * Start a new search - just in case we missed
++			 * some holes.
++			 */
++			if (start_addr != mm->mmap_base) {
++				start_addr = addr = mm->mmap_base;
++				mm->cached_hole_size = 0;
++				goto full_search;
++			}
++			return -ENOMEM;
++		}
++		if (!vma || addr + len <= vma->vm_start) {
++			/*
++			 * Remember the place where we stopped the search:
++			 */
++			mm->free_area_cache = addr + len;
++			return addr;
++		}
++		if (addr + mm->cached_hole_size < vma->vm_start)
++			mm->cached_hole_size = vma->vm_start - addr;
++		addr = vma->vm_end;
++		if (mm->start_brk <= addr && addr < mm->mmap_base) {
++			start_addr = addr = mm->mmap_base;
++			mm->cached_hole_size = 0;
++			goto full_search;
++		}
++	}
++}
++
++unsigned long
++arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
++			  const unsigned long len, const unsigned long pgoff,
++			  const unsigned long flags)
++{
++	struct vm_area_struct *vma;
++	struct mm_struct *mm = current->mm;
++	unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
++
++	/* requested length too big for entire address space */
++	if (len > pax_task_size)
++		return -ENOMEM;
++
++	if (flags & MAP_FIXED)
++		return addr;
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	if (!nx_enabled && (mm->pax_flags & MF_PAX_PAGEEXEC) && (flags & MAP_EXECUTABLE))
++		goto bottomup;
++#endif
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
++	/* requesting a specific address */
++	if (addr) {
++		addr = PAGE_ALIGN(addr);
++		vma = find_vma(mm, addr);
++		if (pax_task_size - len >= addr &&
++				(!vma || addr + len <= vma->vm_start))
++			return addr;
++	}
++
++	/* check if free_area_cache is useful for us */
++	if (len <= mm->cached_hole_size) {
++		mm->cached_hole_size = 0;
++		mm->free_area_cache = mm->mmap_base;
++	}
++
++	/* either no address requested or can't fit in requested address hole */
++	addr = mm->free_area_cache;
++
++	/* make sure it can fit in the remaining address space */
++	if (addr > len) {
++		vma = find_vma(mm, addr-len);
++		if (!vma || addr <= vma->vm_start)
++			/* remember the address as a hint for next time */
++			return (mm->free_area_cache = addr-len);
++	}
++
++	if (mm->mmap_base < len)
++		goto bottomup;
++
++	addr = mm->mmap_base-len;
++
++	do {
++		/*
++		 * Lookup failure means no vma is above this address,
++		 * else if new region fits below vma->vm_start,
++		 * return with success:
++		 */
++		vma = find_vma(mm, addr);
++		if (!vma || addr+len <= vma->vm_start)
++			/* remember the address as a hint for next time */
++			return (mm->free_area_cache = addr);
++
++		/* remember the largest hole we saw so far */
++		if (addr + mm->cached_hole_size < vma->vm_start)
++			mm->cached_hole_size = vma->vm_start - addr;
++
++		/* try just below the current vma->vm_start */
++		addr = vma->vm_start-len;
++	} while (len < vma->vm_start);
++
++bottomup:
++	/*
++	 * A failed mmap() very likely causes application failure,
++	 * so fall back to the bottom-up function here. This scenario
++	 * can happen with large stack limits and large mmap()
++	 * allocations.
++	 */
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC)
++		mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
++	else
++#endif
++
++	mm->mmap_base = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (mm->pax_flags & MF_PAX_RANDMMAP)
++		mm->mmap_base += mm->delta_mmap;
++#endif
++
++	mm->free_area_cache = mm->mmap_base;
++	mm->cached_hole_size = ~0UL;
++	addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
++	/*
++	 * Restore the topdown base:
++	 */
++	mm->mmap_base = base;
++	mm->free_area_cache = base;
++	mm->cached_hole_size = ~0UL;
++
++	return addr;
++}
+ 
+ struct sel_arg_struct {
+ 	unsigned long n;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/sys_x86_64.c linux-2.6.29.6/arch/x86/kernel/sys_x86_64.c
+--- linux-2.6.29.6/arch/x86/kernel/sys_x86_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/sys_x86_64.c	2009-07-23 17:34:32.076778086 -0400
+@@ -47,8 +47,8 @@ out:
+ 	return error;
+ }
+ 
+-static void find_start_end(unsigned long flags, unsigned long *begin,
+-			   unsigned long *end)
++static void find_start_end(struct mm_struct *mm, unsigned long flags,
++			   unsigned long *begin, unsigned long *end)
+ {
+ 	if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT)) {
+ 		unsigned long new_begin;
+@@ -67,7 +67,7 @@ static void find_start_end(unsigned long
+ 				*begin = new_begin;
+ 		}
+ 	} else {
+-		*begin = TASK_UNMAPPED_BASE;
++		*begin = mm->mmap_base;
+ 		*end = TASK_SIZE;
+ 	}
+ }
+@@ -84,11 +84,15 @@ arch_get_unmapped_area(struct file *filp
+ 	if (flags & MAP_FIXED)
+ 		return addr;
+ 
+-	find_start_end(flags, &begin, &end);
++	find_start_end(mm, flags, &begin, &end);
+ 
+ 	if (len > end)
+ 		return -ENOMEM;
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	if (addr) {
+ 		addr = PAGE_ALIGN(addr);
+ 		vma = find_vma(mm, addr);
+@@ -143,7 +147,7 @@ arch_get_unmapped_area_topdown(struct fi
+ {
+ 	struct vm_area_struct *vma;
+ 	struct mm_struct *mm = current->mm;
+-	unsigned long addr = addr0;
++	unsigned long base = mm->mmap_base, addr = addr0;
+ 
+ 	/* requested length too big for entire address space */
+ 	if (len > TASK_SIZE)
+@@ -156,6 +160,10 @@ arch_get_unmapped_area_topdown(struct fi
+ 	if (!test_thread_flag(TIF_IA32) && (flags & MAP_32BIT))
+ 		goto bottomup;
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	/* requesting a specific address */
+ 	if (addr) {
+ 		addr = PAGE_ALIGN(addr);
+@@ -213,13 +221,21 @@ bottomup:
+ 	 * can happen with large stack limits and large mmap()
+ 	 * allocations.
+ 	 */
++	mm->mmap_base = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (mm->pax_flags & MF_PAX_RANDMMAP)
++		mm->mmap_base += mm->delta_mmap;
++#endif
++
++	mm->free_area_cache = mm->mmap_base;
+ 	mm->cached_hole_size = ~0UL;
+-	mm->free_area_cache = TASK_UNMAPPED_BASE;
+ 	addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
+ 	/*
+ 	 * Restore the topdown base:
+ 	 */
+-	mm->free_area_cache = mm->mmap_base;
++	mm->mmap_base = base;
++	mm->free_area_cache = base;
+ 	mm->cached_hole_size = ~0UL;
+ 
+ 	return addr;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/time_32.c linux-2.6.29.6/arch/x86/kernel/time_32.c
+--- linux-2.6.29.6/arch/x86/kernel/time_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/time_32.c	2009-07-23 17:34:32.076778086 -0400
+@@ -47,22 +47,32 @@ unsigned long profile_pc(struct pt_regs 
+ 	unsigned long pc = instruction_pointer(regs);
+ 
+ #ifdef CONFIG_SMP
+-	if (!user_mode_vm(regs) && in_lock_functions(pc)) {
++	if (!user_mode(regs) && in_lock_functions(pc)) {
+ #ifdef CONFIG_FRAME_POINTER
+-		return *(unsigned long *)(regs->bp + sizeof(long));
++		return ktla_ktva(*(unsigned long *)(regs->bp + sizeof(long)));
+ #else
+ 		unsigned long *sp = (unsigned long *)&regs->sp;
+ 
+ 		/* Return address is either directly at stack pointer
+ 		   or above a saved flags. Eflags has bits 22-31 zero,
+ 		   kernel addresses don't. */
++
++#ifdef CONFIG_PAX_KERNEXEC
++		return ktla_ktva(sp[0]);
++#else
+ 		if (sp[0] >> 22)
+ 			return sp[0];
+ 		if (sp[1] >> 22)
+ 			return sp[1];
+ #endif
++
++#endif
+ 	}
+ #endif
++
++	if (!user_mode(regs))
++		pc = ktla_ktva(pc);
++
+ 	return pc;
+ }
+ EXPORT_SYMBOL(profile_pc);
+diff -urNp linux-2.6.29.6/arch/x86/kernel/time_64.c linux-2.6.29.6/arch/x86/kernel/time_64.c
+--- linux-2.6.29.6/arch/x86/kernel/time_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/time_64.c	2009-07-23 17:34:32.076778086 -0400
+@@ -25,8 +25,6 @@
+ #include <asm/time.h>
+ #include <asm/timer.h>
+ 
+-volatile unsigned long __jiffies __section_jiffies = INITIAL_JIFFIES;
+-
+ unsigned long profile_pc(struct pt_regs *regs)
+ {
+ 	unsigned long pc = instruction_pointer(regs);
+@@ -34,7 +32,7 @@ unsigned long profile_pc(struct pt_regs 
+ 	/* Assume the lock function has either no stack frame or a copy
+ 	   of flags from PUSHF
+ 	   Eflags always has bits 22 and up cleared unlike kernel addresses. */
+-	if (!user_mode_vm(regs) && in_lock_functions(pc)) {
++	if (!user_mode(regs) && in_lock_functions(pc)) {
+ #ifdef CONFIG_FRAME_POINTER
+ 		return *(unsigned long *)(regs->bp + sizeof(long));
+ #else
+diff -urNp linux-2.6.29.6/arch/x86/kernel/tlb_32.c linux-2.6.29.6/arch/x86/kernel/tlb_32.c
+--- linux-2.6.29.6/arch/x86/kernel/tlb_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/tlb_32.c	2009-07-23 17:34:32.076778086 -0400
+@@ -5,7 +5,7 @@
+ #include <asm/tlbflush.h>
+ 
+ DEFINE_PER_CPU(struct tlb_state, cpu_tlbstate)
+-			____cacheline_aligned = { &init_mm, 0, };
++			____cacheline_aligned = { &init_mm, 0, {0} };
+ 
+ /* must come after the send_IPI functions above for inlining */
+ #include <mach_ipi.h>
+diff -urNp linux-2.6.29.6/arch/x86/kernel/tls.c linux-2.6.29.6/arch/x86/kernel/tls.c
+--- linux-2.6.29.6/arch/x86/kernel/tls.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/tls.c	2009-07-23 17:34:32.077892704 -0400
+@@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struc
+ 	if (idx < GDT_ENTRY_TLS_MIN || idx > GDT_ENTRY_TLS_MAX)
+ 		return -EINVAL;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((p->mm->pax_flags & MF_PAX_SEGMEXEC) && (info.contents & MODIFY_LDT_CONTENTS_CODE))
++		return -EINVAL;
++#endif
++
+ 	set_tls_desc(p, idx, &info, 1);
+ 
+ 	return 0;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/traps.c linux-2.6.29.6/arch/x86/kernel/traps.c
+--- linux-2.6.29.6/arch/x86/kernel/traps.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/traps.c	2009-07-23 17:34:32.077892704 -0400
+@@ -71,14 +71,6 @@ asmlinkage int system_call(void);
+ 
+ /* Do we ignore FPU interrupts ? */
+ char ignore_fpu_irq;
+-
+-/*
+- * The IDT has to be page-aligned to simplify the Pentium
+- * F0 0F bug workaround.. We have a special link segment
+- * for this.
+- */
+-gate_desc idt_table[256]
+-	__attribute__((__section__(".data.idt"))) = { { { { 0, 0 } } }, };
+ #endif
+ 
+ DECLARE_BITMAP(used_vectors, NR_VECTORS);
+@@ -116,7 +108,7 @@ static inline void preempt_conditional_c
+ static inline void
+ die_if_kernel(const char *str, struct pt_regs *regs, long err)
+ {
+-	if (!user_mode_vm(regs))
++	if (!user_mode(regs))
+ 		die(str, regs, err);
+ }
+ 
+@@ -133,7 +125,7 @@ static int lazy_iobitmap_copy(void)
+ 	int cpu;
+ 
+ 	cpu = get_cpu();
+-	tss = &per_cpu(init_tss, cpu);
++	tss = init_tss + cpu;
+ 	thread = &current->thread;
+ 
+ 	if (tss->x86_tss.io_bitmap_base == INVALID_IO_BITMAP_OFFSET_LAZY &&
+@@ -169,7 +161,7 @@ do_trap(int trapnr, int signr, char *str
+ 	struct task_struct *tsk = current;
+ 
+ #ifdef CONFIG_X86_32
+-	if (regs->flags & X86_VM_MASK) {
++	if (v8086_mode(regs)) {
+ 		/*
+ 		 * traps 0, 1, 3, 4, and 5 should be forwarded to vm86.
+ 		 * On nmi (interrupt 2), do_trap should not be called.
+@@ -180,7 +172,7 @@ do_trap(int trapnr, int signr, char *str
+ 	}
+ #endif
+ 
+-	if (!user_mode(regs))
++	if (!user_mode_novm(regs))
+ 		goto kernel_trap;
+ 
+ #ifdef CONFIG_X86_32
+@@ -203,7 +195,7 @@ trap_signal:
+ 	    printk_ratelimit()) {
+ 		printk(KERN_INFO
+ 		       "%s[%d] trap %s ip:%lx sp:%lx error:%lx",
+-		       tsk->comm, tsk->pid, str,
++		       tsk->comm, task_pid_nr(tsk), str,
+ 		       regs->ip, regs->sp, error_code);
+ 		print_vma_addr(" in ", regs->ip);
+ 		printk("\n");
+@@ -222,6 +214,12 @@ kernel_trap:
+ 		tsk->thread.trap_no = trapnr;
+ 		die(str, regs, error_code);
+ 	}
++
++#ifdef CONFIG_PAX_REFCOUNT
++	if (trapnr == 4)
++		pax_report_refcount_overflow(regs);
++#endif
++
+ 	return;
+ 
+ #ifdef CONFIG_X86_32
+@@ -315,14 +313,30 @@ do_general_protection(struct pt_regs *re
+ 		return;
+ 	}
+ 
+-	if (regs->flags & X86_VM_MASK)
++	if (v8086_mode(regs))
+ 		goto gp_in_vm86;
+ #endif
+ 
+ 	tsk = current;
+-	if (!user_mode(regs))
++	if (!user_mode_novm(regs))
+ 		goto gp_in_kernel;
+ 
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
++	if (!nx_enabled && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) {
++		struct mm_struct *mm = tsk->mm;
++		unsigned long limit;
++
++		down_write(&mm->mmap_sem);
++		limit = mm->context.user_cs_limit;
++		if (limit < TASK_SIZE) {
++			track_exec_limit(mm, limit, TASK_SIZE, VM_EXEC);
++			up_write(&mm->mmap_sem);
++			return;
++		}
++		up_write(&mm->mmap_sem);
++	}
++#endif
++
+ 	tsk->thread.error_code = error_code;
+ 	tsk->thread.trap_no = 13;
+ 
+@@ -355,6 +369,13 @@ gp_in_kernel:
+ 	if (notify_die(DIE_GPF, "general protection fault", regs,
+ 				error_code, 13, SIGSEGV) == NOTIFY_STOP)
+ 		return;
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++	if ((regs->cs & 0xFFFF) == __KERNEL_CS)
++		die("PAX: suspicious general protection fault", regs, error_code);
++	else
++#endif
++
+ 	die("general protection fault", regs, error_code);
+ }
+ 
+@@ -601,7 +622,7 @@ dotraplinkage void __kprobes do_debug(st
+ 	}
+ 
+ #ifdef CONFIG_X86_32
+-	if (regs->flags & X86_VM_MASK)
++	if (v8086_mode(regs))
+ 		goto debug_vm86;
+ #endif
+ 
+@@ -613,7 +634,7 @@ dotraplinkage void __kprobes do_debug(st
+ 	 * kernel space (but re-enable TF when returning to user mode).
+ 	 */
+ 	if (condition & DR_STEP) {
+-		if (!user_mode(regs))
++		if (!user_mode_novm(regs))
+ 			goto clear_TF_reenable;
+ 	}
+ 
+@@ -800,7 +821,7 @@ do_simd_coprocessor_error(struct pt_regs
+ 	 * Handle strange cache flush from user space exception
+ 	 * in all other cases.  This is undocumented behaviour.
+ 	 */
+-	if (regs->flags & X86_VM_MASK) {
++	if (v8086_mode(regs)) {
+ 		handle_vm86_fault((struct kernel_vm86_regs *)regs, error_code);
+ 		return;
+ 	}
+@@ -829,19 +850,14 @@ do_spurious_interrupt_bug(struct pt_regs
+ #ifdef CONFIG_X86_32
+ unsigned long patch_espfix_desc(unsigned long uesp, unsigned long kesp)
+ {
+-	struct desc_struct *gdt = get_cpu_gdt_table(smp_processor_id());
+ 	unsigned long base = (kesp - uesp) & -THREAD_SIZE;
+ 	unsigned long new_kesp = kesp - base;
+ 	unsigned long lim_pages = (new_kesp | (THREAD_SIZE - 1)) >> PAGE_SHIFT;
+-	__u64 desc = *(__u64 *)&gdt[GDT_ENTRY_ESPFIX_SS];
++	struct desc_struct ss;
+ 
+ 	/* Set up base for espfix segment */
+-	desc &= 0x00f0ff0000000000ULL;
+-	desc |=	((((__u64)base) << 16) & 0x000000ffffff0000ULL) |
+-		((((__u64)base) << 32) & 0xff00000000000000ULL) |
+-		((((__u64)lim_pages) << 32) & 0x000f000000000000ULL) |
+-		(lim_pages & 0xffff);
+-	*(__u64 *)&gdt[GDT_ENTRY_ESPFIX_SS] = desc;
++	pack_descriptor(&ss, base, lim_pages, 0x93, 0xC);
++	write_gdt_entry(get_cpu_gdt_table(smp_processor_id()), GDT_ENTRY_ESPFIX_SS, &ss, DESCTYPE_S);
+ 
+ 	return new_kesp;
+ }
+diff -urNp linux-2.6.29.6/arch/x86/kernel/tsc.c linux-2.6.29.6/arch/x86/kernel/tsc.c
+--- linux-2.6.29.6/arch/x86/kernel/tsc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/tsc.c	2009-07-23 17:34:32.077892704 -0400
+@@ -765,7 +765,7 @@ static struct dmi_system_id __initdata b
+ 			DMI_MATCH(DMI_BOARD_NAME, "2635FA0"),
+ 		},
+ 	},
+-	{}
++	{ NULL, NULL, {{0, {0}}}, NULL}
+ };
+ 
+ static void __init check_system_tsc_reliable(void)
+diff -urNp linux-2.6.29.6/arch/x86/kernel/vm86_32.c linux-2.6.29.6/arch/x86/kernel/vm86_32.c
+--- linux-2.6.29.6/arch/x86/kernel/vm86_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/vm86_32.c	2009-07-23 17:34:32.078863323 -0400
+@@ -148,7 +148,7 @@ struct pt_regs *save_v86_state(struct ke
+ 		do_exit(SIGSEGV);
+ 	}
+ 
+-	tss = &per_cpu(init_tss, get_cpu());
++	tss = init_tss + get_cpu();
+ 	current->thread.sp0 = current->thread.saved_sp0;
+ 	current->thread.sysenter_cs = __KERNEL_CS;
+ 	load_sp0(tss, &current->thread);
+@@ -325,7 +325,7 @@ static void do_sys_vm86(struct kernel_vm
+ 	tsk->thread.saved_fs = info->regs32->fs;
+ 	savesegment(gs, tsk->thread.saved_gs);
+ 
+-	tss = &per_cpu(init_tss, get_cpu());
++	tss = init_tss + get_cpu();
+ 	tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
+ 	if (cpu_has_sep)
+ 		tsk->thread.sysenter_cs = 0;
+diff -urNp linux-2.6.29.6/arch/x86/kernel/vmi_32.c linux-2.6.29.6/arch/x86/kernel/vmi_32.c
+--- linux-2.6.29.6/arch/x86/kernel/vmi_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/vmi_32.c	2009-07-23 17:34:32.078863323 -0400
+@@ -102,18 +102,43 @@ static unsigned patch_internal(int call,
+ {
+ 	u64 reloc;
+ 	struct vmi_relocation_info *const rel = (struct vmi_relocation_info *)&reloc;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	reloc = call_vrom_long_func(vmi_rom, get_reloc,	call);
+ 	switch(rel->type) {
+ 		case VMI_RELOCATION_CALL_REL:
+ 			BUG_ON(len < 5);
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			*(char *)insnbuf = MNEM_CALL;
+ 			patch_offset(insnbuf, ip, (unsigned long)rel->eip);
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			return 5;
+ 
+ 		case VMI_RELOCATION_JUMP_REL:
+ 			BUG_ON(len < 5);
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			*(char *)insnbuf = MNEM_JMP;
+ 			patch_offset(insnbuf, ip, (unsigned long)rel->eip);
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			return 5;
+ 
+ 		case VMI_RELOCATION_NOP:
+@@ -409,13 +434,13 @@ static void vmi_set_pud(pud_t *pudp, pud
+ 
+ static void vmi_pte_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep)
+ {
+-	const pte_t pte = { .pte = 0 };
++	const pte_t pte = __pte(0ULL);
+ 	vmi_ops.set_pte(pte, ptep, vmi_flags_addr(mm, addr, VMI_PAGE_PT, 0));
+ }
+ 
+ static void vmi_pmd_clear(pmd_t *pmd)
+ {
+-	const pte_t pte = { .pte = 0 };
++	const pte_t pte = __pte(0ULL);
+ 	vmi_ops.set_pte(pte, (pte_t *)pmd, VMI_PAGE_PD);
+ }
+ #endif
+@@ -443,8 +468,8 @@ vmi_startup_ipi_hook(int phys_apicid, un
+ 	ap.ss = __KERNEL_DS;
+ 	ap.esp = (unsigned long) start_esp;
+ 
+-	ap.ds = __USER_DS;
+-	ap.es = __USER_DS;
++	ap.ds = __KERNEL_DS;
++	ap.es = __KERNEL_DS;
+ 	ap.fs = __KERNEL_PERCPU;
+ 	ap.gs = 0;
+ 
+@@ -639,12 +664,20 @@ static inline int __init activate_vmi(vo
+ 	u64 reloc;
+ 	const struct vmi_relocation_info *rel = (struct vmi_relocation_info *)&reloc;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	if (call_vrom_func(vmi_rom, vmi_init) != 0) {
+ 		printk(KERN_ERR "VMI ROM failed to initialize!");
+ 		return 0;
+ 	}
+ 	savesegment(cs, kernel_cs);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	pv_info.paravirt_enabled = 1;
+ 	pv_info.kernel_rpl = kernel_cs & SEGMENT_RPL_MASK;
+ 	pv_info.name = "vmi";
+@@ -835,6 +868,10 @@ static inline int __init activate_vmi(vo
+ 
+ 	para_fill(pv_irq_ops.safe_halt, Halt);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	/*
+ 	 * Alternative instruction rewriting doesn't happen soon enough
+ 	 * to convert VMI_IRET to a call instead of a jump; so we have
+diff -urNp linux-2.6.29.6/arch/x86/kernel/vmlinux_32.lds.S linux-2.6.29.6/arch/x86/kernel/vmlinux_32.lds.S
+--- linux-2.6.29.6/arch/x86/kernel/vmlinux_32.lds.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/vmlinux_32.lds.S	2009-07-23 17:34:32.078863323 -0400
+@@ -15,6 +15,20 @@
+ #include <asm/page.h>
+ #include <asm/cache.h>
+ #include <asm/boot.h>
++#include <asm/segment.h>
++
++#ifdef CONFIG_X86_PAE
++#define PMD_SHIFT 21
++#else
++#define PMD_SHIFT 22
++#endif
++#define PMD_SIZE (1 << PMD_SHIFT)
++
++#ifdef CONFIG_PAX_KERNEXEC
++#define __KERNEL_TEXT_OFFSET	(__PAGE_OFFSET + (((____LOAD_PHYSICAL_ADDR + 2*(PMD_SIZE - 1)) - 1) & ~(PMD_SIZE - 1)))
++#else
++#define __KERNEL_TEXT_OFFSET	0
++#endif
+ 
+ OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
+ OUTPUT_ARCH(i386)
+@@ -22,82 +36,23 @@ ENTRY(phys_startup_32)
+ jiffies = jiffies_64;
+ 
+ PHDRS {
+-	text PT_LOAD FLAGS(5);	/* R_E */
+-	data PT_LOAD FLAGS(7);	/* RWE */
+-	note PT_NOTE FLAGS(0);	/* ___ */
++	initdata PT_LOAD FLAGS(6);	/* RW_ */
++	percpu   PT_LOAD FLAGS(6);	/* RW_ */
++	inittext PT_LOAD FLAGS(5);	/* R_E */
++	text     PT_LOAD FLAGS(5);	/* R_E */
++	rodata   PT_LOAD FLAGS(4);	/* R__ */
++	data     PT_LOAD FLAGS(6);	/* RW_ */
++	note     PT_NOTE FLAGS(0);	/* ___ */
+ }
+ SECTIONS
+ {
+-  . = LOAD_OFFSET + LOAD_PHYSICAL_ADDR;
+-  phys_startup_32 = startup_32 - LOAD_OFFSET;
+-
+-  .text.head : AT(ADDR(.text.head) - LOAD_OFFSET) {
+-  	_text = .;			/* Text and read-only data */
+-	*(.text.head)
+-  } :text = 0x9090
+-
+-  /* read-only */
+-  .text : AT(ADDR(.text) - LOAD_OFFSET) {
+-	. = ALIGN(PAGE_SIZE); /* not really needed, already page aligned */
+-	*(.text.page_aligned)
+-	TEXT_TEXT
+-	SCHED_TEXT
+-	LOCK_TEXT
+-	KPROBES_TEXT
+-	IRQENTRY_TEXT
+-	*(.fixup)
+-	*(.gnu.warning)
+-  	_etext = .;			/* End of text section */
+-  } :text = 0x9090
+-
+-  NOTES :text :note
++  . = LOAD_OFFSET + ____LOAD_PHYSICAL_ADDR;
+ 
+-  . = ALIGN(16);		/* Exception table */
+-  __ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) {
+-  	__start___ex_table = .;
+-	 *(__ex_table)
+-  	__stop___ex_table = .;
+-  } :text = 0x9090
+-
+-  RODATA
+-
+-  /* writeable */
+-  . = ALIGN(PAGE_SIZE);
+-  .data : AT(ADDR(.data) - LOAD_OFFSET) {	/* Data */
+-	DATA_DATA
+-	CONSTRUCTORS
+-	} :data
+-
+-  . = ALIGN(PAGE_SIZE);
+-  .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) {
+-  	__nosave_begin = .;
+-	*(.data.nosave)
+-  	. = ALIGN(PAGE_SIZE);
+-  	__nosave_end = .;
+-  }
+-
+-  . = ALIGN(PAGE_SIZE);
+-  .data.page_aligned : AT(ADDR(.data.page_aligned) - LOAD_OFFSET) {
+-	*(.data.page_aligned)
+-	*(.data.idt)
+-  }
+-
+-  . = ALIGN(32);
+-  .data.cacheline_aligned : AT(ADDR(.data.cacheline_aligned) - LOAD_OFFSET) {
+-	*(.data.cacheline_aligned)
+-  }
+-
+-  /* rarely changed data like cpu maps */
+-  . = ALIGN(32);
+-  .data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) {
+-	*(.data.read_mostly)
+-	_edata = .;		/* End of data section */
+-  }
+-
+-  . = ALIGN(THREAD_SIZE);	/* init_task */
+-  .data.init_task : AT(ADDR(.data.init_task) - LOAD_OFFSET) {
+-	*(.data.init_task)
+-  }
++  .text.startup : AT(ADDR(.text.startup) - LOAD_OFFSET) {
++	__LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET;
++	phys_startup_32 = startup_32 - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
++	*(.text.startup)
++  } :initdata
+ 
+   /* might get freed after init */
+   . = ALIGN(PAGE_SIZE);
+@@ -115,14 +70,8 @@ SECTIONS
+   . = ALIGN(PAGE_SIZE);
+ 
+   /* will be freed after init */
+-  . = ALIGN(PAGE_SIZE);		/* Init code and data */
+-  .init.text : AT(ADDR(.init.text) - LOAD_OFFSET) {
+-  	__init_begin = .;
+-	_sinittext = .;
+-	INIT_TEXT
+-	_einittext = .;
+-  }
+   .init.data : AT(ADDR(.init.data) - LOAD_OFFSET) {
++	__init_begin = .;
+ 	INIT_DATA
+   }
+   . = ALIGN(16);
+@@ -162,11 +111,6 @@ SECTIONS
+ 	*(.parainstructions)
+   	__parainstructions_end = .;
+   }
+-  /* .exit.text is discard at runtime, not link time, to deal with references
+-     from .altinstructions and .eh_frame */
+-  .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET) {
+-	EXIT_TEXT
+-  }
+   .exit.data : AT(ADDR(.exit.data) - LOAD_OFFSET) {
+ 	EXIT_DATA
+   }
+@@ -179,18 +123,139 @@ SECTIONS
+   }
+ #endif
+   . = ALIGN(PAGE_SIZE);
+-  .data.percpu  : AT(ADDR(.data.percpu) - LOAD_OFFSET) {
+-	__per_cpu_start = .;
+-	*(.data.percpu.page_aligned)
++  per_cpu_start = .;
++  .data.percpu (0) : AT(ADDR(.data.percpu) - LOAD_OFFSET + per_cpu_start) {
++	__per_cpu_start = . + per_cpu_start;
++	LONG(0)
+ 	*(.data.percpu)
+ 	*(.data.percpu.shared_aligned)
+-	__per_cpu_end = .;
+-  }
++	. = ALIGN(PAGE_SIZE);
++	*(.data.percpu.page_aligned)
++	__per_cpu_end = . + per_cpu_start;
++  } :percpu
++  . += per_cpu_start;
+   . = ALIGN(PAGE_SIZE);
+   /* freed after init ends here */
+ 
++  . = ALIGN(PAGE_SIZE);		/* Init code and data */
++  .init.text (. - __KERNEL_TEXT_OFFSET) : AT(ADDR(.init.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
++	_sinittext = .;
++	INIT_TEXT
++	_einittext = .;
++  } :inittext
++
++  /* .exit.text is discard at runtime, not link time, to deal with references
++     from .altinstructions and .eh_frame */
++  .exit.text : AT(ADDR(.exit.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
++	EXIT_TEXT
++  }
++
++  .filler : AT(ADDR(.filler) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
++	BYTE(0)
++	. = ALIGN(2*PMD_SIZE) - 1;
++  }
++
++  /* freed after init ends here */
++
++  .text.head : AT(ADDR(.text.head) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
++	__init_end = . + __KERNEL_TEXT_OFFSET;
++	KERNEL_TEXT_OFFSET = . + __KERNEL_TEXT_OFFSET;
++	_text = .;			/* Text and read-only data */
++	*(.text.head)
++  } :text = 0x9090
++
++  /* read-only */
++  .text : AT(ADDR(.text) - LOAD_OFFSET + __KERNEL_TEXT_OFFSET) {
++	. = ALIGN(PAGE_SIZE); /* not really needed, already page aligned */
++	*(.text.page_aligned)
++	TEXT_TEXT
++	SCHED_TEXT
++	LOCK_TEXT
++	KPROBES_TEXT
++	IRQENTRY_TEXT
++	*(.fixup)
++	*(.gnu.warning)
++  	_etext = .;			/* End of text section */
++  } :text = 0x9090
++
++  . += __KERNEL_TEXT_OFFSET;
++
++  . = ALIGN(4096);
++  NOTES :rodata :note
++
++  . = ALIGN(16);		/* Exception table */
++  __ex_table : AT(ADDR(__ex_table) - LOAD_OFFSET) {
++  	__start___ex_table = .;
++	 *(__ex_table)
++  	__stop___ex_table = .;
++  } :rodata
++
++  RO_DATA(PAGE_SIZE)
++
++  . = ALIGN(PAGE_SIZE);
++  .rodata.page_aligned : AT(ADDR(.rodata.page_aligned) - LOAD_OFFSET) {
++	*(.idt)
++	. = ALIGN(PAGE_SIZE);
++	*(.empty_zero_page)
++	*(.swapper_pg_pmd)
++	*(.swapper_pg_dir)
++
++#if defined(CONFIG_PAX_KERNEXEC) && !defined(CONFIG_MODULES)
++	. = ALIGN(PMD_SIZE);
++#endif
++
++	}
++
++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
++  . = ALIGN(PAGE_SIZE);
++  .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
++	MODULES_VADDR = .;
++	BYTE(0)
++	. += (6 * 1024 * 1024);
++	. = ALIGN(PMD_SIZE);
++	MODULES_END = . - 1;
++  }
++#endif
++
++  /* writeable */
++  . = ALIGN(PAGE_SIZE);
++  .data : AT(ADDR(.data) - LOAD_OFFSET) {	/* Data */
++	_data = .;
++	DATA_DATA
++	CONSTRUCTORS
++	} :data
++
++  . = ALIGN(PAGE_SIZE);
++  .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) {
++  	__nosave_begin = .;
++	*(.data.nosave)
++  	. = ALIGN(PAGE_SIZE);
++  	__nosave_end = .;
++  }
++
++  . = ALIGN(PAGE_SIZE);
++  .data.page_aligned : AT(ADDR(.data.page_aligned) - LOAD_OFFSET) {
++	*(.data.page_aligned)
++  }
++
++  . = ALIGN(32);
++  .data.cacheline_aligned : AT(ADDR(.data.cacheline_aligned) - LOAD_OFFSET) {
++	*(.data.cacheline_aligned)
++  }
++
++  /* rarely changed data like cpu maps */
++  . = ALIGN(32);
++  .data.read_mostly : AT(ADDR(.data.read_mostly) - LOAD_OFFSET) {
++	*(.data.read_mostly)
++	_edata = .;		/* End of data section */
++  }
++
++  . = ALIGN(THREAD_SIZE);	/* init_task */
++  .data.init_task : AT(ADDR(.data.init_task) - LOAD_OFFSET) {
++	*(.data.init_task)
++  }
++
+   .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
+-	__init_end = .;
+ 	__bss_start = .;		/* BSS */
+ 	*(.bss.page_aligned)
+ 	*(.bss)
+diff -urNp linux-2.6.29.6/arch/x86/kernel/vmlinux_64.lds.S linux-2.6.29.6/arch/x86/kernel/vmlinux_64.lds.S
+--- linux-2.6.29.6/arch/x86/kernel/vmlinux_64.lds.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/vmlinux_64.lds.S	2009-07-23 17:34:37.458887026 -0400
+@@ -12,12 +12,12 @@
+ OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64")
+ OUTPUT_ARCH(i386:x86-64)
+ ENTRY(phys_startup_64)
+-jiffies_64 = jiffies;
++jiffies = jiffies_64;
+ _proxy_pda = 1;
+ PHDRS {
+ 	text PT_LOAD FLAGS(5);	/* R_E */
+-	data PT_LOAD FLAGS(7);	/* RWE */
+-	user PT_LOAD FLAGS(7);	/* RWE */
++	data PT_LOAD FLAGS(6);	/* RW_ */
++	user PT_LOAD FLAGS(5);	/* R_E */
+ 	data.init PT_LOAD FLAGS(7);	/* RWE */
+ 	note PT_NOTE FLAGS(0);	/* ___ */
+ }
+@@ -50,17 +50,20 @@ SECTIONS
+   	__stop___ex_table = .;
+   } :text = 0x9090
+ 
+-  RODATA
++  RO_DATA(PAGE_SIZE)
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++  . = ALIGN(2*1024*1024);	/* Align data segment to PMD size boundary */
++#else
+   . = ALIGN(PAGE_SIZE);		/* Align data segment to page size boundary */
++#endif
+ 				/* Data */
++  _data = .;
+   .data : AT(ADDR(.data) - LOAD_OFFSET) {
+ 	DATA_DATA
+ 	CONSTRUCTORS
+ 	} :data
+ 
+-  _edata = .;			/* End of data section */
+-
+   . = ALIGN(PAGE_SIZE);
+   . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+   .data.cacheline_aligned : AT(ADDR(.data.cacheline_aligned) - LOAD_OFFSET) {
+@@ -71,9 +74,25 @@ SECTIONS
+   	*(.data.read_mostly)
+   }
+ 
++  . = ALIGN(THREAD_SIZE);	/* init_task */
++  .data.init_task : AT(ADDR(.data.init_task) - LOAD_OFFSET) {
++	*(.data.init_task)
++  }:data
++
++  . = ALIGN(PAGE_SIZE);
++  .data.page_aligned : AT(ADDR(.data.page_aligned) - LOAD_OFFSET) {
++	*(.data.page_aligned)
++  }
++
++  . = ALIGN(PAGE_SIZE);
++  __nosave_begin = .;
++  .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) { *(.data.nosave) }
++  . = ALIGN(PAGE_SIZE);
++  __nosave_end = .;
++
+ #define VSYSCALL_ADDR (-10*1024*1024)
+-#define VSYSCALL_PHYS_ADDR ((LOADADDR(.data.read_mostly) + SIZEOF(.data.read_mostly) + 4095) & ~(4095))
+-#define VSYSCALL_VIRT_ADDR ((ADDR(.data.read_mostly) + SIZEOF(.data.read_mostly) + 4095) & ~(4095))
++#define VSYSCALL_PHYS_ADDR ((LOADADDR(.data_nosave) + SIZEOF(.data_nosave) + 4095) & ~(4095))
++#define VSYSCALL_VIRT_ADDR ((ADDR(.data_nosave) + SIZEOF(.data_nosave) + 4095) & ~(4095))
+ 
+ #define VLOAD_OFFSET (VSYSCALL_ADDR - VSYSCALL_PHYS_ADDR)
+ #define VLOAD(x) (ADDR(x) - VLOAD_OFFSET)
+@@ -104,10 +123,6 @@ SECTIONS
+   .vgetcpu_mode : AT(VLOAD(.vgetcpu_mode)) { *(.vgetcpu_mode) }
+   vgetcpu_mode = VVIRT(.vgetcpu_mode);
+ 
+-  . = ALIGN(CONFIG_X86_L1_CACHE_BYTES);
+-  .jiffies : AT(VLOAD(.jiffies)) { *(.jiffies) }
+-  jiffies = VVIRT(.jiffies);
+-
+   .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3))
+ 		{ *(.vsyscall_3) }
+ 
+@@ -121,15 +136,7 @@ SECTIONS
+ #undef VVIRT_OFFSET
+ #undef VVIRT
+ 
+-  . = ALIGN(THREAD_SIZE);	/* init_task */
+-  .data.init_task : AT(ADDR(.data.init_task) - LOAD_OFFSET) {
+-	*(.data.init_task)
+-  }:data.init
+-
+-  . = ALIGN(PAGE_SIZE);
+-  .data.page_aligned : AT(ADDR(.data.page_aligned) - LOAD_OFFSET) {
+-	*(.data.page_aligned)
+-  }
++  _edata = .;			/* End of data section */
+ 
+   /* might get freed after init */
+   . = ALIGN(PAGE_SIZE);
+@@ -137,7 +144,7 @@ SECTIONS
+   __smp_locks = .;
+   .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
+ 	*(.smp_locks)
+-  }
++  }:data.init
+   __smp_locks_end = .;
+   . = ALIGN(PAGE_SIZE);
+   __smp_alt_end = .;
+@@ -213,16 +220,11 @@ SECTIONS
+   . = ALIGN(PAGE_SIZE);
+   __init_end = .;
+ 
+-  . = ALIGN(PAGE_SIZE);
+-  __nosave_begin = .;
+-  .data_nosave : AT(ADDR(.data_nosave) - LOAD_OFFSET) { *(.data.nosave) }
+-  . = ALIGN(PAGE_SIZE);
+-  __nosave_end = .;
+-
+   __bss_start = .;		/* BSS */
+   .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
+ 	*(.bss.page_aligned)
+ 	*(.bss)
++	. = ALIGN(2*1024*1024);
+ 	}
+   __bss_stop = .;
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/vsyscall_64.c linux-2.6.29.6/arch/x86/kernel/vsyscall_64.c
+--- linux-2.6.29.6/arch/x86/kernel/vsyscall_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/vsyscall_64.c	2009-07-23 17:34:32.080014276 -0400
+@@ -79,6 +79,7 @@ void update_vsyscall(struct timespec *wa
+ 
+ 	write_seqlock_irqsave(&vsyscall_gtod_data.lock, flags);
+ 	/* copy vsyscall data */
++	strlcpy(vsyscall_gtod_data.clock.name, clock->name, sizeof vsyscall_gtod_data.clock.name);
+ 	vsyscall_gtod_data.clock.vread = clock->vread;
+ 	vsyscall_gtod_data.clock.cycle_last = clock->cycle_last;
+ 	vsyscall_gtod_data.clock.mask = clock->mask;
+@@ -209,7 +210,7 @@ vgetcpu(unsigned *cpu, unsigned *node, s
+ 	   We do this here because otherwise user space would do it on
+ 	   its own in a likely inferior way (no access to jiffies).
+ 	   If you don't like it pass NULL. */
+-	if (tcache && tcache->blob[0] == (j = __jiffies)) {
++	if (tcache && tcache->blob[0] == (j = jiffies)) {
+ 		p = tcache->blob[1];
+ 	} else if (__vgetcpu_mode == VGETCPU_RDTSCP) {
+ 		/* Load per CPU data from RDTSCP */
+@@ -248,13 +249,13 @@ static ctl_table kernel_table2[] = {
+ 	  .data = &vsyscall_gtod_data.sysctl_enabled, .maxlen = sizeof(int),
+ 	  .mode = 0644,
+ 	  .proc_handler = vsyscall_sysctl_change },
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static ctl_table kernel_root_table2[] = {
+ 	{ .ctl_name = CTL_KERN, .procname = "kernel", .mode = 0555,
+ 	  .child = kernel_table2 },
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ #endif
+ 
+diff -urNp linux-2.6.29.6/arch/x86/kernel/x8664_ksyms_64.c linux-2.6.29.6/arch/x86/kernel/x8664_ksyms_64.c
+--- linux-2.6.29.6/arch/x86/kernel/x8664_ksyms_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kernel/x8664_ksyms_64.c	2009-07-23 17:34:32.080014276 -0400
+@@ -30,8 +30,6 @@ EXPORT_SYMBOL(__put_user_8);
+ 
+ EXPORT_SYMBOL(copy_user_generic);
+ EXPORT_SYMBOL(__copy_user_nocache);
+-EXPORT_SYMBOL(copy_from_user);
+-EXPORT_SYMBOL(copy_to_user);
+ EXPORT_SYMBOL(__copy_from_user_inatomic);
+ 
+ EXPORT_SYMBOL(copy_page);
+diff -urNp linux-2.6.29.6/arch/x86/kvm/svm.c linux-2.6.29.6/arch/x86/kvm/svm.c
+--- linux-2.6.29.6/arch/x86/kvm/svm.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kvm/svm.c	2009-07-23 17:34:32.080014276 -0400
+@@ -1525,7 +1525,19 @@ static void reload_tss(struct kvm_vcpu *
+ 	int cpu = raw_smp_processor_id();
+ 
+ 	struct svm_cpu_data *svm_data = per_cpu(svm_data, cpu);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	svm_data->tss_desc->type = 9; /* available 32/64-bit TSS */
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	load_TR_desc();
+ }
+ 
+@@ -1936,7 +1948,7 @@ static int svm_get_mt_mask_shift(void)
+ 	return 0;
+ }
+ 
+-static struct kvm_x86_ops svm_x86_ops = {
++static const struct kvm_x86_ops svm_x86_ops = {
+ 	.cpu_has_kvm_support = has_svm,
+ 	.disabled_by_bios = is_disabled,
+ 	.hardware_setup = svm_hardware_setup,
+diff -urNp linux-2.6.29.6/arch/x86/kvm/vmx.c linux-2.6.29.6/arch/x86/kvm/vmx.c
+--- linux-2.6.29.6/arch/x86/kvm/vmx.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kvm/vmx.c	2009-07-23 17:34:32.080863524 -0400
+@@ -497,9 +497,23 @@ static void reload_tss(void)
+ 	struct descriptor_table gdt;
+ 	struct desc_struct *descs;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	kvm_get_gdt(&gdt);
+ 	descs = (void *)gdt.base;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	descs[GDT_ENTRY_TSS].type = 9; /* available TSS */
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	load_TR_desc();
+ }
+ 
+@@ -2182,7 +2196,7 @@ static int vmx_vcpu_setup(struct vcpu_vm
+ 	vmcs_writel(HOST_IDTR_BASE, dt.base);   /* 22.2.4 */
+ 
+ 	asm("mov $.Lkvm_vmx_return, %0" : "=r"(kvm_vmx_return));
+-	vmcs_writel(HOST_RIP, kvm_vmx_return); /* 22.2.5 */
++	vmcs_writel(HOST_RIP, ktla_ktva(kvm_vmx_return)); /* 22.2.5 */
+ 	vmcs_write32(VM_EXIT_MSR_STORE_COUNT, 0);
+ 	vmcs_write32(VM_EXIT_MSR_LOAD_COUNT, 0);
+ 	vmcs_write32(VM_ENTRY_MSR_LOAD_COUNT, 0);
+@@ -3379,6 +3393,12 @@ static void vmx_vcpu_run(struct kvm_vcpu
+ 		"jmp .Lkvm_vmx_return \n\t"
+ 		".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
+ 		".Lkvm_vmx_return: "
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++		"ljmp %[cs],$.Lkvm_vmx_return2\n\t"
++		".Lkvm_vmx_return2: "
++#endif
++
+ 		/* Save guest registers, load host registers, keep flags */
+ 		"xchg %0,     (%%"R"sp) \n\t"
+ 		"mov %%"R"ax, %c[rax](%0) \n\t"
+@@ -3425,6 +3445,11 @@ static void vmx_vcpu_run(struct kvm_vcpu
+ 		[r15]"i"(offsetof(struct vcpu_vmx, vcpu.arch.regs[VCPU_REGS_R15])),
+ #endif
+ 		[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2))
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++		,[cs]"i"(__KERNEL_CS)
++#endif
++
+ 	      : "cc", "memory"
+ 		, R"bx", R"di", R"si"
+ #ifdef CONFIG_X86_64
+@@ -3441,7 +3466,7 @@ static void vmx_vcpu_run(struct kvm_vcpu
+ 
+ 	vmx_update_window_states(vcpu);
+ 
+-	asm("mov %0, %%ds; mov %0, %%es" : : "r"(__USER_DS));
++	asm("mov %0, %%ds; mov %0, %%es" : : "r"(__KERNEL_DS));
+ 	vmx->launched = 1;
+ 
+ 	intr_info = vmcs_read32(VM_EXIT_INTR_INFO);
+@@ -3570,7 +3595,7 @@ static int vmx_get_mt_mask_shift(void)
+ 	return VMX_EPT_MT_EPTE_SHIFT;
+ }
+ 
+-static struct kvm_x86_ops vmx_x86_ops = {
++static const struct kvm_x86_ops vmx_x86_ops = {
+ 	.cpu_has_kvm_support = cpu_has_kvm_support,
+ 	.disabled_by_bios = vmx_disabled_by_bios,
+ 	.hardware_setup = hardware_setup,
+diff -urNp linux-2.6.29.6/arch/x86/kvm/x86.c linux-2.6.29.6/arch/x86/kvm/x86.c
+--- linux-2.6.29.6/arch/x86/kvm/x86.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/kvm/x86.c	2009-07-23 17:34:32.081957601 -0400
+@@ -70,44 +70,44 @@ static u64 __read_mostly efer_reserved_b
+ static int kvm_dev_ioctl_get_supported_cpuid(struct kvm_cpuid2 *cpuid,
+ 				    struct kvm_cpuid_entry2 __user *entries);
+ 
+-struct kvm_x86_ops *kvm_x86_ops;
++const struct kvm_x86_ops *kvm_x86_ops;
+ EXPORT_SYMBOL_GPL(kvm_x86_ops);
+ 
+ struct kvm_stats_debugfs_item debugfs_entries[] = {
+-	{ "pf_fixed", VCPU_STAT(pf_fixed) },
+-	{ "pf_guest", VCPU_STAT(pf_guest) },
+-	{ "tlb_flush", VCPU_STAT(tlb_flush) },
+-	{ "invlpg", VCPU_STAT(invlpg) },
+-	{ "exits", VCPU_STAT(exits) },
+-	{ "io_exits", VCPU_STAT(io_exits) },
+-	{ "mmio_exits", VCPU_STAT(mmio_exits) },
+-	{ "signal_exits", VCPU_STAT(signal_exits) },
+-	{ "irq_window", VCPU_STAT(irq_window_exits) },
+-	{ "nmi_window", VCPU_STAT(nmi_window_exits) },
+-	{ "halt_exits", VCPU_STAT(halt_exits) },
+-	{ "halt_wakeup", VCPU_STAT(halt_wakeup) },
+-	{ "hypercalls", VCPU_STAT(hypercalls) },
+-	{ "request_irq", VCPU_STAT(request_irq_exits) },
+-	{ "request_nmi", VCPU_STAT(request_nmi_exits) },
+-	{ "irq_exits", VCPU_STAT(irq_exits) },
+-	{ "host_state_reload", VCPU_STAT(host_state_reload) },
+-	{ "efer_reload", VCPU_STAT(efer_reload) },
+-	{ "fpu_reload", VCPU_STAT(fpu_reload) },
+-	{ "insn_emulation", VCPU_STAT(insn_emulation) },
+-	{ "insn_emulation_fail", VCPU_STAT(insn_emulation_fail) },
+-	{ "irq_injections", VCPU_STAT(irq_injections) },
+-	{ "nmi_injections", VCPU_STAT(nmi_injections) },
+-	{ "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped) },
+-	{ "mmu_pte_write", VM_STAT(mmu_pte_write) },
+-	{ "mmu_pte_updated", VM_STAT(mmu_pte_updated) },
+-	{ "mmu_pde_zapped", VM_STAT(mmu_pde_zapped) },
+-	{ "mmu_flooded", VM_STAT(mmu_flooded) },
+-	{ "mmu_recycled", VM_STAT(mmu_recycled) },
+-	{ "mmu_cache_miss", VM_STAT(mmu_cache_miss) },
+-	{ "mmu_unsync", VM_STAT(mmu_unsync) },
+-	{ "mmu_unsync_global", VM_STAT(mmu_unsync_global) },
+-	{ "remote_tlb_flush", VM_STAT(remote_tlb_flush) },
+-	{ "largepages", VM_STAT(lpages) },
++	{ "pf_fixed", VCPU_STAT(pf_fixed), NULL },
++	{ "pf_guest", VCPU_STAT(pf_guest), NULL },
++	{ "tlb_flush", VCPU_STAT(tlb_flush), NULL },
++	{ "invlpg", VCPU_STAT(invlpg), NULL },
++	{ "exits", VCPU_STAT(exits), NULL },
++	{ "io_exits", VCPU_STAT(io_exits), NULL },
++	{ "mmio_exits", VCPU_STAT(mmio_exits), NULL },
++	{ "signal_exits", VCPU_STAT(signal_exits), NULL },
++	{ "irq_window", VCPU_STAT(irq_window_exits), NULL },
++	{ "nmi_window", VCPU_STAT(nmi_window_exits), NULL },
++	{ "halt_exits", VCPU_STAT(halt_exits), NULL },
++	{ "halt_wakeup", VCPU_STAT(halt_wakeup), NULL },
++	{ "hypercalls", VCPU_STAT(hypercalls), NULL },
++	{ "request_irq", VCPU_STAT(request_irq_exits), NULL },
++	{ "request_nmi", VCPU_STAT(request_nmi_exits), NULL },
++	{ "irq_exits", VCPU_STAT(irq_exits), NULL },
++	{ "host_state_reload", VCPU_STAT(host_state_reload), NULL },
++	{ "efer_reload", VCPU_STAT(efer_reload), NULL },
++	{ "fpu_reload", VCPU_STAT(fpu_reload), NULL },
++	{ "insn_emulation", VCPU_STAT(insn_emulation), NULL },
++	{ "insn_emulation_fail", VCPU_STAT(insn_emulation_fail), NULL },
++	{ "irq_injections", VCPU_STAT(irq_injections), NULL },
++	{ "nmi_injections", VCPU_STAT(nmi_injections), NULL },
++	{ "mmu_shadow_zapped", VM_STAT(mmu_shadow_zapped), NULL },
++	{ "mmu_pte_write", VM_STAT(mmu_pte_write), NULL },
++	{ "mmu_pte_updated", VM_STAT(mmu_pte_updated), NULL },
++	{ "mmu_pde_zapped", VM_STAT(mmu_pde_zapped), NULL },
++	{ "mmu_flooded", VM_STAT(mmu_flooded), NULL },
++	{ "mmu_recycled", VM_STAT(mmu_recycled), NULL },
++	{ "mmu_cache_miss", VM_STAT(mmu_cache_miss), NULL },
++	{ "mmu_unsync", VM_STAT(mmu_unsync), NULL },
++	{ "mmu_unsync_global", VM_STAT(mmu_unsync_global), NULL },
++	{ "remote_tlb_flush", VM_STAT(remote_tlb_flush), NULL },
++	{ "largepages", VM_STAT(lpages), NULL },
+ 	{ NULL }
+ };
+ 
+@@ -1372,7 +1372,7 @@ static int kvm_vcpu_ioctl_set_lapic(stru
+ static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
+ 				    struct kvm_interrupt *irq)
+ {
+-	if (irq->irq < 0 || irq->irq >= 256)
++	if (irq->irq >= 256)
+ 		return -EINVAL;
+ 	if (irqchip_in_kernel(vcpu->kvm))
+ 		return -ENXIO;
+@@ -2591,10 +2591,10 @@ int kvm_emulate_pio_string(struct kvm_vc
+ }
+ EXPORT_SYMBOL_GPL(kvm_emulate_pio_string);
+ 
+-int kvm_arch_init(void *opaque)
++int kvm_arch_init(const void *opaque)
+ {
+ 	int r;
+-	struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque;
++	const struct kvm_x86_ops *ops = (const struct kvm_x86_ops *)opaque;
+ 
+ 	if (kvm_x86_ops) {
+ 		printk(KERN_ERR "kvm: already loaded the other module\n");
+diff -urNp linux-2.6.29.6/arch/x86/lib/checksum_32.S linux-2.6.29.6/arch/x86/lib/checksum_32.S
+--- linux-2.6.29.6/arch/x86/lib/checksum_32.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/checksum_32.S	2009-07-23 17:34:32.081957601 -0400
+@@ -28,7 +28,8 @@
+ #include <linux/linkage.h>
+ #include <asm/dwarf2.h>
+ #include <asm/errno.h>
+-				
++#include <asm/segment.h>
++
+ /*
+  * computes a partial checksum, e.g. for TCP/UDP fragments
+  */
+@@ -304,9 +305,22 @@ unsigned int csum_partial_copy_generic (
+ 
+ #define ARGBASE 16		
+ #define FP		12
+-		
+-ENTRY(csum_partial_copy_generic)
++
++ENTRY(csum_partial_copy_generic_to_user)
+ 	CFI_STARTPROC
++	pushl $(__USER_DS)
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %es
++	CFI_ADJUST_CFA_OFFSET -4
++	jmp csum_partial_copy_generic
++
++ENTRY(csum_partial_copy_generic_from_user)
++	pushl $(__USER_DS)
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %ds
++	CFI_ADJUST_CFA_OFFSET -4
++
++ENTRY(csum_partial_copy_generic)
+ 	subl  $4,%esp	
+ 	CFI_ADJUST_CFA_OFFSET 4
+ 	pushl %edi
+@@ -331,7 +345,7 @@ ENTRY(csum_partial_copy_generic)
+ 	jmp 4f
+ SRC(1:	movw (%esi), %bx	)
+ 	addl $2, %esi
+-DST(	movw %bx, (%edi)	)
++DST(	movw %bx, %es:(%edi)	)
+ 	addl $2, %edi
+ 	addw %bx, %ax	
+ 	adcl $0, %eax
+@@ -343,30 +357,30 @@ DST(	movw %bx, (%edi)	)
+ SRC(1:	movl (%esi), %ebx	)
+ SRC(	movl 4(%esi), %edx	)
+ 	adcl %ebx, %eax
+-DST(	movl %ebx, (%edi)	)
++DST(	movl %ebx, %es:(%edi)	)
+ 	adcl %edx, %eax
+-DST(	movl %edx, 4(%edi)	)
++DST(	movl %edx, %es:4(%edi)	)
+ 
+ SRC(	movl 8(%esi), %ebx	)
+ SRC(	movl 12(%esi), %edx	)
+ 	adcl %ebx, %eax
+-DST(	movl %ebx, 8(%edi)	)
++DST(	movl %ebx, %es:8(%edi)	)
+ 	adcl %edx, %eax
+-DST(	movl %edx, 12(%edi)	)
++DST(	movl %edx, %es:12(%edi)	)
+ 
+ SRC(	movl 16(%esi), %ebx 	)
+ SRC(	movl 20(%esi), %edx	)
+ 	adcl %ebx, %eax
+-DST(	movl %ebx, 16(%edi)	)
++DST(	movl %ebx, %es:16(%edi)	)
+ 	adcl %edx, %eax
+-DST(	movl %edx, 20(%edi)	)
++DST(	movl %edx, %es:20(%edi)	)
+ 
+ SRC(	movl 24(%esi), %ebx	)
+ SRC(	movl 28(%esi), %edx	)
+ 	adcl %ebx, %eax
+-DST(	movl %ebx, 24(%edi)	)
++DST(	movl %ebx, %es:24(%edi)	)
+ 	adcl %edx, %eax
+-DST(	movl %edx, 28(%edi)	)
++DST(	movl %edx, %es:28(%edi)	)
+ 
+ 	lea 32(%esi), %esi
+ 	lea 32(%edi), %edi
+@@ -380,7 +394,7 @@ DST(	movl %edx, 28(%edi)	)
+ 	shrl $2, %edx			# This clears CF
+ SRC(3:	movl (%esi), %ebx	)
+ 	adcl %ebx, %eax
+-DST(	movl %ebx, (%edi)	)
++DST(	movl %ebx, %es:(%edi)	)
+ 	lea 4(%esi), %esi
+ 	lea 4(%edi), %edi
+ 	dec %edx
+@@ -392,12 +406,12 @@ DST(	movl %ebx, (%edi)	)
+ 	jb 5f
+ SRC(	movw (%esi), %cx	)
+ 	leal 2(%esi), %esi
+-DST(	movw %cx, (%edi)	)
++DST(	movw %cx, %es:(%edi)	)
+ 	leal 2(%edi), %edi
+ 	je 6f
+ 	shll $16,%ecx
+ SRC(5:	movb (%esi), %cl	)
+-DST(	movb %cl, (%edi)	)
++DST(	movb %cl, %es:(%edi)	)
+ 6:	addl %ecx, %eax
+ 	adcl $0, %eax
+ 7:
+@@ -408,7 +422,7 @@ DST(	movb %cl, (%edi)	)
+ 
+ 6001:
+ 	movl ARGBASE+20(%esp), %ebx	# src_err_ptr
+-	movl $-EFAULT, (%ebx)
++	movl $-EFAULT, %ss:(%ebx)
+ 
+ 	# zero the complete destination - computing the rest
+ 	# is too much work 
+@@ -421,11 +435,19 @@ DST(	movb %cl, (%edi)	)
+ 
+ 6002:
+ 	movl ARGBASE+24(%esp), %ebx	# dst_err_ptr
+-	movl $-EFAULT,(%ebx)
++	movl $-EFAULT,%ss:(%ebx)
+ 	jmp 5000b
+ 
+ .previous
+ 
++	pushl %ss
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %ds
++	CFI_ADJUST_CFA_OFFSET -4
++	pushl %ss
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %es
++	CFI_ADJUST_CFA_OFFSET -4
+ 	popl %ebx
+ 	CFI_ADJUST_CFA_OFFSET -4
+ 	CFI_RESTORE ebx
+@@ -439,26 +461,41 @@ DST(	movb %cl, (%edi)	)
+ 	CFI_ADJUST_CFA_OFFSET -4
+ 	ret	
+ 	CFI_ENDPROC
+-ENDPROC(csum_partial_copy_generic)
++ENDPROC(csum_partial_copy_generic_to_user)
+ 
+ #else
+ 
+ /* Version for PentiumII/PPro */
+ 
+ #define ROUND1(x) \
++	nop; nop; nop;				\
+ 	SRC(movl x(%esi), %ebx	)	;	\
+ 	addl %ebx, %eax			;	\
+-	DST(movl %ebx, x(%edi)	)	; 
++	DST(movl %ebx, %es:x(%edi))	;
+ 
+ #define ROUND(x) \
++	nop; nop; nop;				\
+ 	SRC(movl x(%esi), %ebx	)	;	\
+ 	adcl %ebx, %eax			;	\
+-	DST(movl %ebx, x(%edi)	)	;
++	DST(movl %ebx, %es:x(%edi))	;
+ 
+ #define ARGBASE 12
+-		
+-ENTRY(csum_partial_copy_generic)
++
++ENTRY(csum_partial_copy_generic_to_user)
+ 	CFI_STARTPROC
++	pushl $(__USER_DS)
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %es
++	CFI_ADJUST_CFA_OFFSET -4
++	jmp csum_partial_copy_generic
++
++ENTRY(csum_partial_copy_generic_from_user)
++	pushl $(__USER_DS)
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %ds
++	CFI_ADJUST_CFA_OFFSET -4
++
++ENTRY(csum_partial_copy_generic)
+ 	pushl %ebx
+ 	CFI_ADJUST_CFA_OFFSET 4
+ 	CFI_REL_OFFSET ebx, 0
+@@ -482,7 +519,7 @@ ENTRY(csum_partial_copy_generic)
+ 	subl %ebx, %edi  
+ 	lea  -1(%esi),%edx
+ 	andl $-32,%edx
+-	lea 3f(%ebx,%ebx), %ebx
++	lea 3f(%ebx,%ebx,2), %ebx
+ 	testl %esi, %esi 
+ 	jmp *%ebx
+ 1:	addl $64,%esi
+@@ -503,19 +540,19 @@ ENTRY(csum_partial_copy_generic)
+ 	jb 5f
+ SRC(	movw (%esi), %dx         )
+ 	leal 2(%esi), %esi
+-DST(	movw %dx, (%edi)         )
++DST(	movw %dx, %es:(%edi)     )
+ 	leal 2(%edi), %edi
+ 	je 6f
+ 	shll $16,%edx
+ 5:
+ SRC(	movb (%esi), %dl         )
+-DST(	movb %dl, (%edi)         )
++DST(	movb %dl, %es:(%edi)     )
+ 6:	addl %edx, %eax
+ 	adcl $0, %eax
+ 7:
+ .section .fixup, "ax"
+ 6001:	movl	ARGBASE+20(%esp), %ebx	# src_err_ptr	
+-	movl $-EFAULT, (%ebx)
++	movl $-EFAULT, %ss:(%ebx)
+ 	# zero the complete destination (computing the rest is too much work)
+ 	movl ARGBASE+8(%esp),%edi	# dst
+ 	movl ARGBASE+12(%esp),%ecx	# len
+@@ -523,10 +560,18 @@ DST(	movb %dl, (%edi)         )
+ 	rep; stosb
+ 	jmp 7b
+ 6002:	movl ARGBASE+24(%esp), %ebx	# dst_err_ptr
+-	movl $-EFAULT, (%ebx)
++	movl $-EFAULT, %ss:(%ebx)
+ 	jmp  7b			
+ .previous				
+ 
++	pushl %ss
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %ds
++	CFI_ADJUST_CFA_OFFSET -4
++	pushl %ss
++	CFI_ADJUST_CFA_OFFSET 4
++	popl %es
++	CFI_ADJUST_CFA_OFFSET -4
+ 	popl %esi
+ 	CFI_ADJUST_CFA_OFFSET -4
+ 	CFI_RESTORE esi
+@@ -538,7 +583,7 @@ DST(	movb %dl, (%edi)         )
+ 	CFI_RESTORE ebx
+ 	ret
+ 	CFI_ENDPROC
+-ENDPROC(csum_partial_copy_generic)
++ENDPROC(csum_partial_copy_generic_to_user)
+ 				
+ #undef ROUND
+ #undef ROUND1		
+diff -urNp linux-2.6.29.6/arch/x86/lib/clear_page_64.S linux-2.6.29.6/arch/x86/lib/clear_page_64.S
+--- linux-2.6.29.6/arch/x86/lib/clear_page_64.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/clear_page_64.S	2009-07-23 17:34:32.081957601 -0400
+@@ -44,7 +44,7 @@ ENDPROC(clear_page)
+ 
+ #include <asm/cpufeature.h>
+ 
+-	.section .altinstr_replacement,"ax"
++	.section .altinstr_replacement,"a"
+ 1:	.byte 0xeb					/* jmp <disp8> */
+ 	.byte (clear_page_c - clear_page) - (2f - 1b)	/* offset */
+ 2:
+diff -urNp linux-2.6.29.6/arch/x86/lib/copy_page_64.S linux-2.6.29.6/arch/x86/lib/copy_page_64.S
+--- linux-2.6.29.6/arch/x86/lib/copy_page_64.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/copy_page_64.S	2009-07-23 17:34:32.081957601 -0400
+@@ -104,7 +104,7 @@ ENDPROC(copy_page)
+ 
+ #include <asm/cpufeature.h>
+ 
+-	.section .altinstr_replacement,"ax"
++	.section .altinstr_replacement,"a"
+ 1:	.byte 0xeb					/* jmp <disp8> */
+ 	.byte (copy_page_c - copy_page) - (2f - 1b)	/* offset */
+ 2:
+diff -urNp linux-2.6.29.6/arch/x86/lib/copy_user_64.S linux-2.6.29.6/arch/x86/lib/copy_user_64.S
+--- linux-2.6.29.6/arch/x86/lib/copy_user_64.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/copy_user_64.S	2009-07-23 17:34:32.082759353 -0400
+@@ -21,7 +21,7 @@
+ 	.byte 0xe9	/* 32bit jump */
+ 	.long \orig-1f	/* by default jump to orig */
+ 1:
+-	.section .altinstr_replacement,"ax"
++	.section .altinstr_replacement,"a"
+ 2:	.byte 0xe9			/* near jump with 32bit immediate */
+ 	.long \alt-1b /* offset */   /* or alternatively to alt */
+ 	.previous
+@@ -64,31 +64,6 @@
+ #endif
+ 	.endm
+ 
+-/* Standard copy_to_user with segment limit checking */
+-ENTRY(copy_to_user)
+-	CFI_STARTPROC
+-	GET_THREAD_INFO(%rax)
+-	movq %rdi,%rcx
+-	addq %rdx,%rcx
+-	jc bad_to_user
+-	cmpq TI_addr_limit(%rax),%rcx
+-	jae bad_to_user
+-	ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
+-	CFI_ENDPROC
+-
+-/* Standard copy_from_user with segment limit checking */
+-ENTRY(copy_from_user)
+-	CFI_STARTPROC
+-	GET_THREAD_INFO(%rax)
+-	movq %rsi,%rcx
+-	addq %rdx,%rcx
+-	jc bad_from_user
+-	cmpq TI_addr_limit(%rax),%rcx
+-	jae bad_from_user
+-	ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
+-	CFI_ENDPROC
+-ENDPROC(copy_from_user)
+-
+ ENTRY(copy_user_generic)
+ 	CFI_STARTPROC
+ 	ALTERNATIVE_JUMP X86_FEATURE_REP_GOOD,copy_user_generic_unrolled,copy_user_generic_string
+@@ -106,6 +81,8 @@ ENDPROC(__copy_from_user_inatomic)
+ ENTRY(bad_from_user)
+ bad_from_user:
+ 	CFI_STARTPROC
++	testl %edx,%edx
++	js bad_to_user
+ 	movl %edx,%ecx
+ 	xorl %eax,%eax
+ 	rep
+diff -urNp linux-2.6.29.6/arch/x86/lib/getuser.S linux-2.6.29.6/arch/x86/lib/getuser.S
+--- linux-2.6.29.6/arch/x86/lib/getuser.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/getuser.S	2009-07-23 17:34:32.082759353 -0400
+@@ -33,6 +33,7 @@
+ #include <asm/asm-offsets.h>
+ #include <asm/thread_info.h>
+ #include <asm/asm.h>
++#include <asm/segment.h>
+ 
+ 	.text
+ ENTRY(__get_user_1)
+@@ -40,7 +41,19 @@ ENTRY(__get_user_1)
+ 	GET_THREAD_INFO(%_ASM_DX)
+ 	cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
+ 	jae bad_get_user
++
++#ifdef CONFIG_X86_32
++	pushl $(__USER_DS)
++	popl %ds
++#endif
++
+ 1:	movzb (%_ASM_AX),%edx
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	pop %ds
++#endif
++
+ 	xor %eax,%eax
+ 	ret
+ 	CFI_ENDPROC
+@@ -53,7 +66,19 @@ ENTRY(__get_user_2)
+ 	GET_THREAD_INFO(%_ASM_DX)
+ 	cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
+ 	jae bad_get_user
++
++#ifdef CONFIG_X86_32
++	pushl $(__USER_DS)
++	popl %ds
++#endif
++
+ 2:	movzwl -1(%_ASM_AX),%edx
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	pop %ds
++#endif
++
+ 	xor %eax,%eax
+ 	ret
+ 	CFI_ENDPROC
+@@ -66,7 +91,19 @@ ENTRY(__get_user_4)
+ 	GET_THREAD_INFO(%_ASM_DX)
+ 	cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
+ 	jae bad_get_user
++
++#ifdef CONFIG_X86_32
++	pushl $(__USER_DS)
++	popl %ds
++#endif
++
+ 3:	mov -3(%_ASM_AX),%edx
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	pop %ds
++#endif
++
+ 	xor %eax,%eax
+ 	ret
+ 	CFI_ENDPROC
+@@ -89,6 +126,12 @@ ENDPROC(__get_user_8)
+ 
+ bad_get_user:
+ 	CFI_STARTPROC
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	pop %ds
++#endif
++
+ 	xor %edx,%edx
+ 	mov $(-EFAULT),%_ASM_AX
+ 	ret
+diff -urNp linux-2.6.29.6/arch/x86/lib/memcpy_64.S linux-2.6.29.6/arch/x86/lib/memcpy_64.S
+--- linux-2.6.29.6/arch/x86/lib/memcpy_64.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/memcpy_64.S	2009-07-23 17:34:32.082759353 -0400
+@@ -114,7 +114,7 @@ ENDPROC(__memcpy)
+ 	/* Some CPUs run faster using the string copy instructions.
+ 	   It is also a lot simpler. Use this when possible */
+ 
+-	.section .altinstr_replacement,"ax"
++	.section .altinstr_replacement,"a"
+ 1:	.byte 0xeb				/* jmp <disp8> */
+ 	.byte (memcpy_c - memcpy) - (2f - 1b)	/* offset */
+ 2:
+diff -urNp linux-2.6.29.6/arch/x86/lib/memset_64.S linux-2.6.29.6/arch/x86/lib/memset_64.S
+--- linux-2.6.29.6/arch/x86/lib/memset_64.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/memset_64.S	2009-07-23 17:34:32.082759353 -0400
+@@ -118,7 +118,7 @@ ENDPROC(__memset)
+ 
+ #include <asm/cpufeature.h>
+ 
+-	.section .altinstr_replacement,"ax"
++	.section .altinstr_replacement,"a"
+ 1:	.byte 0xeb				/* jmp <disp8> */
+ 	.byte (memset_c - memset) - (2f - 1b)	/* offset */
+ 2:
+diff -urNp linux-2.6.29.6/arch/x86/lib/mmx_32.c linux-2.6.29.6/arch/x86/lib/mmx_32.c
+--- linux-2.6.29.6/arch/x86/lib/mmx_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/mmx_32.c	2009-07-23 17:34:32.083767334 -0400
+@@ -29,6 +29,7 @@ void *_mmx_memcpy(void *to, const void *
+ {
+ 	void *p;
+ 	int i;
++	unsigned long cr0;
+ 
+ 	if (unlikely(in_interrupt()))
+ 		return __memcpy(to, from, len);
+@@ -39,44 +40,72 @@ void *_mmx_memcpy(void *to, const void *
+ 	kernel_fpu_begin();
+ 
+ 	__asm__ __volatile__ (
+-		"1: prefetch (%0)\n"		/* This set is 28 bytes */
+-		"   prefetch 64(%0)\n"
+-		"   prefetch 128(%0)\n"
+-		"   prefetch 192(%0)\n"
+-		"   prefetch 256(%0)\n"
++		"1: prefetch (%1)\n"		/* This set is 28 bytes */
++		"   prefetch 64(%1)\n"
++		"   prefetch 128(%1)\n"
++		"   prefetch 192(%1)\n"
++		"   prefetch 256(%1)\n"
+ 		"2:  \n"
+ 		".section .fixup, \"ax\"\n"
+-		"3: movw $0x1AEB, 1b\n"	/* jmp on 26 bytes */
++		"3:  \n"
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %%cr0, %0\n"
++		"   movl %0, %%eax\n"
++		"   andl $0xFFFEFFFF, %%eax\n"
++		"   movl %%eax, %%cr0\n"
++#endif
++
++		"   movw $0x1AEB, 1b\n"	/* jmp on 26 bytes */
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %0, %%cr0\n"
++#endif
++
+ 		"   jmp 2b\n"
+ 		".previous\n"
+ 			_ASM_EXTABLE(1b, 3b)
+-			: : "r" (from));
++			: "=&r" (cr0) : "r" (from) : "ax");
+ 
+ 	for ( ; i > 5; i--) {
+ 		__asm__ __volatile__ (
+-		"1:  prefetch 320(%0)\n"
+-		"2:  movq (%0), %%mm0\n"
+-		"  movq 8(%0), %%mm1\n"
+-		"  movq 16(%0), %%mm2\n"
+-		"  movq 24(%0), %%mm3\n"
+-		"  movq %%mm0, (%1)\n"
+-		"  movq %%mm1, 8(%1)\n"
+-		"  movq %%mm2, 16(%1)\n"
+-		"  movq %%mm3, 24(%1)\n"
+-		"  movq 32(%0), %%mm0\n"
+-		"  movq 40(%0), %%mm1\n"
+-		"  movq 48(%0), %%mm2\n"
+-		"  movq 56(%0), %%mm3\n"
+-		"  movq %%mm0, 32(%1)\n"
+-		"  movq %%mm1, 40(%1)\n"
+-		"  movq %%mm2, 48(%1)\n"
+-		"  movq %%mm3, 56(%1)\n"
++		"1:  prefetch 320(%1)\n"
++		"2:  movq (%1), %%mm0\n"
++		"  movq 8(%1), %%mm1\n"
++		"  movq 16(%1), %%mm2\n"
++		"  movq 24(%1), %%mm3\n"
++		"  movq %%mm0, (%2)\n"
++		"  movq %%mm1, 8(%2)\n"
++		"  movq %%mm2, 16(%2)\n"
++		"  movq %%mm3, 24(%2)\n"
++		"  movq 32(%1), %%mm0\n"
++		"  movq 40(%1), %%mm1\n"
++		"  movq 48(%1), %%mm2\n"
++		"  movq 56(%1), %%mm3\n"
++		"  movq %%mm0, 32(%2)\n"
++		"  movq %%mm1, 40(%2)\n"
++		"  movq %%mm2, 48(%2)\n"
++		"  movq %%mm3, 56(%2)\n"
+ 		".section .fixup, \"ax\"\n"
+-		"3: movw $0x05EB, 1b\n"	/* jmp on 5 bytes */
++		"3:\n"
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %%cr0, %0\n"
++		"   movl %0, %%eax\n"
++		"   andl $0xFFFEFFFF, %%eax\n"
++		"   movl %%eax, %%cr0\n"
++#endif
++
++		"   movw $0x05EB, 1b\n"	/* jmp on 5 bytes */
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %0, %%cr0\n"
++#endif
++
+ 		"   jmp 2b\n"
+ 		".previous\n"
+ 			_ASM_EXTABLE(1b, 3b)
+-			: : "r" (from), "r" (to) : "memory");
++			: "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
+ 
+ 		from += 64;
+ 		to += 64;
+@@ -158,6 +187,7 @@ static void fast_clear_page(void *page)
+ static void fast_copy_page(void *to, void *from)
+ {
+ 	int i;
++	unsigned long cr0;
+ 
+ 	kernel_fpu_begin();
+ 
+@@ -166,42 +196,70 @@ static void fast_copy_page(void *to, voi
+ 	 * but that is for later. -AV
+ 	 */
+ 	__asm__ __volatile__(
+-		"1: prefetch (%0)\n"
+-		"   prefetch 64(%0)\n"
+-		"   prefetch 128(%0)\n"
+-		"   prefetch 192(%0)\n"
+-		"   prefetch 256(%0)\n"
++		"1: prefetch (%1)\n"
++		"   prefetch 64(%1)\n"
++		"   prefetch 128(%1)\n"
++		"   prefetch 192(%1)\n"
++		"   prefetch 256(%1)\n"
+ 		"2:  \n"
+ 		".section .fixup, \"ax\"\n"
+-		"3: movw $0x1AEB, 1b\n"	/* jmp on 26 bytes */
++		"3:  \n"
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %%cr0, %0\n"
++		"   movl %0, %%eax\n"
++		"   andl $0xFFFEFFFF, %%eax\n"
++		"   movl %%eax, %%cr0\n"
++#endif
++
++		"   movw $0x1AEB, 1b\n"	/* jmp on 26 bytes */
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %0, %%cr0\n"
++#endif
++
+ 		"   jmp 2b\n"
+ 		".previous\n"
+-			_ASM_EXTABLE(1b, 3b) : : "r" (from));
++			_ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
+ 
+ 	for (i = 0; i < (4096-320)/64; i++) {
+ 		__asm__ __volatile__ (
+-		"1: prefetch 320(%0)\n"
+-		"2: movq (%0), %%mm0\n"
+-		"   movntq %%mm0, (%1)\n"
+-		"   movq 8(%0), %%mm1\n"
+-		"   movntq %%mm1, 8(%1)\n"
+-		"   movq 16(%0), %%mm2\n"
+-		"   movntq %%mm2, 16(%1)\n"
+-		"   movq 24(%0), %%mm3\n"
+-		"   movntq %%mm3, 24(%1)\n"
+-		"   movq 32(%0), %%mm4\n"
+-		"   movntq %%mm4, 32(%1)\n"
+-		"   movq 40(%0), %%mm5\n"
+-		"   movntq %%mm5, 40(%1)\n"
+-		"   movq 48(%0), %%mm6\n"
+-		"   movntq %%mm6, 48(%1)\n"
+-		"   movq 56(%0), %%mm7\n"
+-		"   movntq %%mm7, 56(%1)\n"
++		"1: prefetch 320(%1)\n"
++		"2: movq (%1), %%mm0\n"
++		"   movntq %%mm0, (%2)\n"
++		"   movq 8(%1), %%mm1\n"
++		"   movntq %%mm1, 8(%2)\n"
++		"   movq 16(%1), %%mm2\n"
++		"   movntq %%mm2, 16(%2)\n"
++		"   movq 24(%1), %%mm3\n"
++		"   movntq %%mm3, 24(%2)\n"
++		"   movq 32(%1), %%mm4\n"
++		"   movntq %%mm4, 32(%2)\n"
++		"   movq 40(%1), %%mm5\n"
++		"   movntq %%mm5, 40(%2)\n"
++		"   movq 48(%1), %%mm6\n"
++		"   movntq %%mm6, 48(%2)\n"
++		"   movq 56(%1), %%mm7\n"
++		"   movntq %%mm7, 56(%2)\n"
+ 		".section .fixup, \"ax\"\n"
+-		"3: movw $0x05EB, 1b\n"	/* jmp on 5 bytes */
++		"3:\n"
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %%cr0, %0\n"
++		"   movl %0, %%eax\n"
++		"   andl $0xFFFEFFFF, %%eax\n"
++		"   movl %%eax, %%cr0\n"
++#endif
++
++		"   movw $0x05EB, 1b\n"	/* jmp on 5 bytes */
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %0, %%cr0\n"
++#endif
++
+ 		"   jmp 2b\n"
+ 		".previous\n"
+-		_ASM_EXTABLE(1b, 3b) : : "r" (from), "r" (to) : "memory");
++		_ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
+ 
+ 		from += 64;
+ 		to += 64;
+@@ -280,47 +338,76 @@ static void fast_clear_page(void *page)
+ static void fast_copy_page(void *to, void *from)
+ {
+ 	int i;
++	unsigned long cr0;
+ 
+ 	kernel_fpu_begin();
+ 
+ 	__asm__ __volatile__ (
+-		"1: prefetch (%0)\n"
+-		"   prefetch 64(%0)\n"
+-		"   prefetch 128(%0)\n"
+-		"   prefetch 192(%0)\n"
+-		"   prefetch 256(%0)\n"
++		"1: prefetch (%1)\n"
++		"   prefetch 64(%1)\n"
++		"   prefetch 128(%1)\n"
++		"   prefetch 192(%1)\n"
++		"   prefetch 256(%1)\n"
+ 		"2:  \n"
+ 		".section .fixup, \"ax\"\n"
+-		"3: movw $0x1AEB, 1b\n"	/* jmp on 26 bytes */
++		"3:  \n"
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %%cr0, %0\n"
++		"   movl %0, %%eax\n"
++		"   andl $0xFFFEFFFF, %%eax\n"
++		"   movl %%eax, %%cr0\n"
++#endif
++
++		"   movw $0x1AEB, 1b\n"	/* jmp on 26 bytes */
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %0, %%cr0\n"
++#endif
++
+ 		"   jmp 2b\n"
+ 		".previous\n"
+-			_ASM_EXTABLE(1b, 3b) : : "r" (from));
++			_ASM_EXTABLE(1b, 3b) : "=&r" (cr0) : "r" (from) : "ax");
+ 
+ 	for (i = 0; i < 4096/64; i++) {
+ 		__asm__ __volatile__ (
+-		"1: prefetch 320(%0)\n"
+-		"2: movq (%0), %%mm0\n"
+-		"   movq 8(%0), %%mm1\n"
+-		"   movq 16(%0), %%mm2\n"
+-		"   movq 24(%0), %%mm3\n"
+-		"   movq %%mm0, (%1)\n"
+-		"   movq %%mm1, 8(%1)\n"
+-		"   movq %%mm2, 16(%1)\n"
+-		"   movq %%mm3, 24(%1)\n"
+-		"   movq 32(%0), %%mm0\n"
+-		"   movq 40(%0), %%mm1\n"
+-		"   movq 48(%0), %%mm2\n"
+-		"   movq 56(%0), %%mm3\n"
+-		"   movq %%mm0, 32(%1)\n"
+-		"   movq %%mm1, 40(%1)\n"
+-		"   movq %%mm2, 48(%1)\n"
+-		"   movq %%mm3, 56(%1)\n"
++		"1: prefetch 320(%1)\n"
++		"2: movq (%1), %%mm0\n"
++		"   movq 8(%1), %%mm1\n"
++		"   movq 16(%1), %%mm2\n"
++		"   movq 24(%1), %%mm3\n"
++		"   movq %%mm0, (%2)\n"
++		"   movq %%mm1, 8(%2)\n"
++		"   movq %%mm2, 16(%2)\n"
++		"   movq %%mm3, 24(%2)\n"
++		"   movq 32(%1), %%mm0\n"
++		"   movq 40(%1), %%mm1\n"
++		"   movq 48(%1), %%mm2\n"
++		"   movq 56(%1), %%mm3\n"
++		"   movq %%mm0, 32(%2)\n"
++		"   movq %%mm1, 40(%2)\n"
++		"   movq %%mm2, 48(%2)\n"
++		"   movq %%mm3, 56(%2)\n"
+ 		".section .fixup, \"ax\"\n"
+-		"3: movw $0x05EB, 1b\n"	/* jmp on 5 bytes */
++		"3:\n"
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %%cr0, %0\n"
++		"   movl %0, %%eax\n"
++		"   andl $0xFFFEFFFF, %%eax\n"
++		"   movl %%eax, %%cr0\n"
++#endif
++
++		"   movw $0x05EB, 1b\n"	/* jmp on 5 bytes */
++
++#ifdef CONFIG_PAX_KERNEXEC
++		"   movl %0, %%cr0\n"
++#endif
++
+ 		"   jmp 2b\n"
+ 		".previous\n"
+ 			_ASM_EXTABLE(1b, 3b)
+-			: : "r" (from), "r" (to) : "memory");
++			: "=&r" (cr0) : "r" (from), "r" (to) : "memory", "ax");
+ 
+ 		from += 64;
+ 		to += 64;
+diff -urNp linux-2.6.29.6/arch/x86/lib/putuser.S linux-2.6.29.6/arch/x86/lib/putuser.S
+--- linux-2.6.29.6/arch/x86/lib/putuser.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/putuser.S	2009-07-23 17:34:32.083767334 -0400
+@@ -15,6 +15,7 @@
+ #include <asm/thread_info.h>
+ #include <asm/errno.h>
+ #include <asm/asm.h>
++#include <asm/segment.h>
+ 
+ 
+ /*
+@@ -39,7 +40,19 @@ ENTRY(__put_user_1)
+ 	ENTER
+ 	cmp TI_addr_limit(%_ASM_BX),%_ASM_CX
+ 	jae bad_put_user
++
++#ifdef CONFIG_X86_32
++	pushl $(__USER_DS)
++	popl %ds
++#endif
++
+ 1:	movb %al,(%_ASM_CX)
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	popl %ds
++#endif
++
+ 	xor %eax,%eax
+ 	EXIT
+ ENDPROC(__put_user_1)
+@@ -50,7 +63,19 @@ ENTRY(__put_user_2)
+ 	sub $1,%_ASM_BX
+ 	cmp %_ASM_BX,%_ASM_CX
+ 	jae bad_put_user
++
++#ifdef CONFIG_X86_32
++	pushl $(__USER_DS)
++	popl %ds
++#endif
++
+ 2:	movw %ax,(%_ASM_CX)
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	popl %ds
++#endif
++
+ 	xor %eax,%eax
+ 	EXIT
+ ENDPROC(__put_user_2)
+@@ -61,7 +86,19 @@ ENTRY(__put_user_4)
+ 	sub $3,%_ASM_BX
+ 	cmp %_ASM_BX,%_ASM_CX
+ 	jae bad_put_user
++
++#ifdef CONFIG_X86_32
++	pushl $(__USER_DS)
++	popl %ds
++#endif
++
+ 3:	movl %eax,(%_ASM_CX)
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	popl %ds
++#endif
++
+ 	xor %eax,%eax
+ 	EXIT
+ ENDPROC(__put_user_4)
+@@ -72,16 +109,34 @@ ENTRY(__put_user_8)
+ 	sub $7,%_ASM_BX
+ 	cmp %_ASM_BX,%_ASM_CX
+ 	jae bad_put_user
++
++#ifdef CONFIG_X86_32
++	pushl $(__USER_DS)
++	popl %ds
++#endif
++
+ 4:	mov %_ASM_AX,(%_ASM_CX)
+ #ifdef CONFIG_X86_32
+ 5:	movl %edx,4(%_ASM_CX)
+ #endif
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	popl %ds
++#endif
++
+ 	xor %eax,%eax
+ 	EXIT
+ ENDPROC(__put_user_8)
+ 
+ bad_put_user:
+ 	CFI_STARTPROC
++
++#ifdef CONFIG_X86_32
++	pushl %ss
++	popl %ds
++#endif
++
+ 	movl $-EFAULT,%eax
+ 	EXIT
+ END(bad_put_user)
+diff -urNp linux-2.6.29.6/arch/x86/lib/usercopy_32.c linux-2.6.29.6/arch/x86/lib/usercopy_32.c
+--- linux-2.6.29.6/arch/x86/lib/usercopy_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/lib/usercopy_32.c	2009-07-23 17:34:32.084899980 -0400
+@@ -36,31 +36,38 @@ static inline int __movsl_is_ok(unsigned
+  * Copy a null terminated string from userspace.
+  */
+ 
+-#define __do_strncpy_from_user(dst, src, count, res)			   \
+-do {									   \
+-	int __d0, __d1, __d2;						   \
+-	might_fault();							   \
+-	__asm__ __volatile__(						   \
+-		"	testl %1,%1\n"					   \
+-		"	jz 2f\n"					   \
+-		"0:	lodsb\n"					   \
+-		"	stosb\n"					   \
+-		"	testb %%al,%%al\n"				   \
+-		"	jz 1f\n"					   \
+-		"	decl %1\n"					   \
+-		"	jnz 0b\n"					   \
+-		"1:	subl %1,%0\n"					   \
+-		"2:\n"							   \
+-		".section .fixup,\"ax\"\n"				   \
+-		"3:	movl %5,%0\n"					   \
+-		"	jmp 2b\n"					   \
+-		".previous\n"						   \
+-		_ASM_EXTABLE(0b,3b)					   \
+-		: "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1),	   \
+-		  "=&D" (__d2)						   \
+-		: "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst) \
+-		: "memory");						   \
+-} while (0)
++static long __do_strncpy_from_user(char *dst, const char __user *src, long count)
++{
++	int __d0, __d1, __d2;
++	long res = -EFAULT;
++
++	might_fault();
++	__asm__ __volatile__(
++		"	movw %w10,%%ds\n"
++		"	testl %1,%1\n"
++		"	jz 2f\n"
++		"0:	lodsb\n"
++		"	stosb\n"
++		"	testb %%al,%%al\n"
++		"	jz 1f\n"
++		"	decl %1\n"
++		"	jnz 0b\n"
++		"1:	subl %1,%0\n"
++		"2:\n"
++		"	pushl %%ss\n"
++		"	popl %%ds\n"
++		".section .fixup,\"ax\"\n"
++		"3:	movl %5,%0\n"
++		"	jmp 2b\n"
++		".previous\n"
++		_ASM_EXTABLE(0b,3b)
++		: "=&d"(res), "=&c"(count), "=&a" (__d0), "=&S" (__d1),
++		  "=&D" (__d2)
++		: "i"(-EFAULT), "0"(count), "1"(count), "3"(src), "4"(dst),
++		  "r"(__USER_DS)
++		: "memory");
++	return res;
++}
+ 
+ /**
+  * __strncpy_from_user: - Copy a NUL terminated string from userspace, with less checking.
+@@ -85,9 +92,7 @@ do {									   \
+ long
+ __strncpy_from_user(char *dst, const char __user *src, long count)
+ {
+-	long res;
+-	__do_strncpy_from_user(dst, src, count, res);
+-	return res;
++	return __do_strncpy_from_user(dst, src, count);
+ }
+ EXPORT_SYMBOL(__strncpy_from_user);
+ 
+@@ -114,7 +119,7 @@ strncpy_from_user(char *dst, const char 
+ {
+ 	long res = -EFAULT;
+ 	if (access_ok(VERIFY_READ, src, 1))
+-		__do_strncpy_from_user(dst, src, count, res);
++		res = __do_strncpy_from_user(dst, src, count);
+ 	return res;
+ }
+ EXPORT_SYMBOL(strncpy_from_user);
+@@ -123,24 +128,30 @@ EXPORT_SYMBOL(strncpy_from_user);
+  * Zero Userspace
+  */
+ 
+-#define __do_clear_user(addr,size)					\
+-do {									\
+-	int __d0;							\
+-	might_fault();							\
+-	__asm__ __volatile__(						\
+-		"0:	rep; stosl\n"					\
+-		"	movl %2,%0\n"					\
+-		"1:	rep; stosb\n"					\
+-		"2:\n"							\
+-		".section .fixup,\"ax\"\n"				\
+-		"3:	lea 0(%2,%0,4),%0\n"				\
+-		"	jmp 2b\n"					\
+-		".previous\n"						\
+-		_ASM_EXTABLE(0b,3b)					\
+-		_ASM_EXTABLE(1b,2b)					\
+-		: "=&c"(size), "=&D" (__d0)				\
+-		: "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0));	\
+-} while (0)
++static unsigned long __do_clear_user(void __user *addr, unsigned long size)
++{
++	int __d0;
++
++	might_fault();
++	__asm__ __volatile__(
++		"	movw %w6,%%es\n"
++		"0:	rep; stosl\n"
++		"	movl %2,%0\n"
++		"1:	rep; stosb\n"
++		"2:\n"
++		"	pushl %%ss\n"
++		"	popl %%es\n"
++		".section .fixup,\"ax\"\n"
++		"3:	lea 0(%2,%0,4),%0\n"
++		"	jmp 2b\n"
++		".previous\n"
++		_ASM_EXTABLE(0b,3b)
++		_ASM_EXTABLE(1b,2b)
++		: "=&c"(size), "=&D" (__d0)
++		: "r"(size & 3), "0"(size / 4), "1"(addr), "a"(0),
++		  "r"(__USER_DS));
++	return size;
++}
+ 
+ /**
+  * clear_user: - Zero a block of memory in user space.
+@@ -157,7 +168,7 @@ clear_user(void __user *to, unsigned lon
+ {
+ 	might_fault();
+ 	if (access_ok(VERIFY_WRITE, to, n))
+-		__do_clear_user(to, n);
++		n = __do_clear_user(to, n);
+ 	return n;
+ }
+ EXPORT_SYMBOL(clear_user);
+@@ -176,8 +187,7 @@ EXPORT_SYMBOL(clear_user);
+ unsigned long
+ __clear_user(void __user *to, unsigned long n)
+ {
+-	__do_clear_user(to, n);
+-	return n;
++	return __do_clear_user(to, n);
+ }
+ EXPORT_SYMBOL(__clear_user);
+ 
+@@ -200,14 +210,17 @@ long strnlen_user(const char __user *s, 
+ 	might_fault();
+ 
+ 	__asm__ __volatile__(
++		"	movw %w8,%%es\n"
+ 		"	testl %0, %0\n"
+ 		"	jz 3f\n"
+-		"	andl %0,%%ecx\n"
++		"	movl %0,%%ecx\n"
+ 		"0:	repne; scasb\n"
+ 		"	setne %%al\n"
+ 		"	subl %%ecx,%0\n"
+ 		"	addl %0,%%eax\n"
+ 		"1:\n"
++		"	pushl %%ss\n"
++		"	popl %%es\n"
+ 		".section .fixup,\"ax\"\n"
+ 		"2:	xorl %%eax,%%eax\n"
+ 		"	jmp 1b\n"
+@@ -219,7 +232,7 @@ long strnlen_user(const char __user *s, 
+ 		"	.long 0b,2b\n"
+ 		".previous"
+ 		:"=&r" (n), "=&D" (s), "=&a" (res), "=&c" (tmp)
+-		:"0" (n), "1" (s), "2" (0), "3" (mask)
++		:"0" (n), "1" (s), "2" (0), "3" (mask), "r" (__USER_DS)
+ 		:"cc");
+ 	return res & mask;
+ }
+@@ -227,10 +240,121 @@ EXPORT_SYMBOL(strnlen_user);
+ 
+ #ifdef CONFIG_X86_INTEL_USERCOPY
+ static unsigned long
+-__copy_user_intel(void __user *to, const void *from, unsigned long size)
++__generic_copy_to_user_intel(void __user *to, const void *from, unsigned long size)
++{
++	int d0, d1;
++	__asm__ __volatile__(
++		       "       movw %w6, %%es\n"
++		       "       .align 2,0x90\n"
++		       "1:     movl 32(%4), %%eax\n"
++		       "       cmpl $67, %0\n"
++		       "       jbe 3f\n"
++		       "2:     movl 64(%4), %%eax\n"
++		       "       .align 2,0x90\n"
++		       "3:     movl 0(%4), %%eax\n"
++		       "4:     movl 4(%4), %%edx\n"
++		       "5:     movl %%eax, %%es:0(%3)\n"
++		       "6:     movl %%edx, %%es:4(%3)\n"
++		       "7:     movl 8(%4), %%eax\n"
++		       "8:     movl 12(%4),%%edx\n"
++		       "9:     movl %%eax, %%es:8(%3)\n"
++		       "10:    movl %%edx, %%es:12(%3)\n"
++		       "11:    movl 16(%4), %%eax\n"
++		       "12:    movl 20(%4), %%edx\n"
++		       "13:    movl %%eax, %%es:16(%3)\n"
++		       "14:    movl %%edx, %%es:20(%3)\n"
++		       "15:    movl 24(%4), %%eax\n"
++		       "16:    movl 28(%4), %%edx\n"
++		       "17:    movl %%eax, %%es:24(%3)\n"
++		       "18:    movl %%edx, %%es:28(%3)\n"
++		       "19:    movl 32(%4), %%eax\n"
++		       "20:    movl 36(%4), %%edx\n"
++		       "21:    movl %%eax, %%es:32(%3)\n"
++		       "22:    movl %%edx, %%es:36(%3)\n"
++		       "23:    movl 40(%4), %%eax\n"
++		       "24:    movl 44(%4), %%edx\n"
++		       "25:    movl %%eax, %%es:40(%3)\n"
++		       "26:    movl %%edx, %%es:44(%3)\n"
++		       "27:    movl 48(%4), %%eax\n"
++		       "28:    movl 52(%4), %%edx\n"
++		       "29:    movl %%eax, %%es:48(%3)\n"
++		       "30:    movl %%edx, %%es:52(%3)\n"
++		       "31:    movl 56(%4), %%eax\n"
++		       "32:    movl 60(%4), %%edx\n"
++		       "33:    movl %%eax, %%es:56(%3)\n"
++		       "34:    movl %%edx, %%es:60(%3)\n"
++		       "       addl $-64, %0\n"
++		       "       addl $64, %4\n"
++		       "       addl $64, %3\n"
++		       "       cmpl $63, %0\n"
++		       "       ja  1b\n"
++		       "35:    movl  %0, %%eax\n"
++		       "       shrl  $2, %0\n"
++		       "       andl  $3, %%eax\n"
++		       "       cld\n"
++		       "99:    rep; movsl\n"
++		       "36:    movl %%eax, %0\n"
++		       "37:    rep; movsb\n"
++		       "100:\n"
++		       "       pushl %%ss\n"
++		       "       popl %%es\n"
++		       ".section .fixup,\"ax\"\n"
++		       "101:   lea 0(%%eax,%0,4),%0\n"
++		       "       jmp 100b\n"
++		       ".previous\n"
++		       ".section __ex_table,\"a\"\n"
++		       "       .align 4\n"
++		       "       .long 1b,100b\n"
++		       "       .long 2b,100b\n"
++		       "       .long 3b,100b\n"
++		       "       .long 4b,100b\n"
++		       "       .long 5b,100b\n"
++		       "       .long 6b,100b\n"
++		       "       .long 7b,100b\n"
++		       "       .long 8b,100b\n"
++		       "       .long 9b,100b\n"
++		       "       .long 10b,100b\n"
++		       "       .long 11b,100b\n"
++		       "       .long 12b,100b\n"
++		       "       .long 13b,100b\n"
++		       "       .long 14b,100b\n"
++		       "       .long 15b,100b\n"
++		       "       .long 16b,100b\n"
++		       "       .long 17b,100b\n"
++		       "       .long 18b,100b\n"
++		       "       .long 19b,100b\n"
++		       "       .long 20b,100b\n"
++		       "       .long 21b,100b\n"
++		       "       .long 22b,100b\n"
++		       "       .long 23b,100b\n"
++		       "       .long 24b,100b\n"
++		       "       .long 25b,100b\n"
++		       "       .long 26b,100b\n"
++		       "       .long 27b,100b\n"
++		       "       .long 28b,100b\n"
++		       "       .long 29b,100b\n"
++		       "       .long 30b,100b\n"
++		       "       .long 31b,100b\n"
++		       "       .long 32b,100b\n"
++		       "       .long 33b,100b\n"
++		       "       .long 34b,100b\n"
++		       "       .long 35b,100b\n"
++		       "       .long 36b,100b\n"
++		       "       .long 37b,100b\n"
++		       "       .long 99b,101b\n"
++		       ".previous"
++		       : "=&c"(size), "=&D" (d0), "=&S" (d1)
++		       :  "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
++		       : "eax", "edx", "memory");
++	return size;
++}
++
++static unsigned long
++__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size)
+ {
+ 	int d0, d1;
+ 	__asm__ __volatile__(
++		       "       movw %w6, %%ds\n"
+ 		       "       .align 2,0x90\n"
+ 		       "1:     movl 32(%4), %%eax\n"
+ 		       "       cmpl $67, %0\n"
+@@ -239,36 +363,36 @@ __copy_user_intel(void __user *to, const
+ 		       "       .align 2,0x90\n"
+ 		       "3:     movl 0(%4), %%eax\n"
+ 		       "4:     movl 4(%4), %%edx\n"
+-		       "5:     movl %%eax, 0(%3)\n"
+-		       "6:     movl %%edx, 4(%3)\n"
++		       "5:     movl %%eax, %%es:0(%3)\n"
++		       "6:     movl %%edx, %%es:4(%3)\n"
+ 		       "7:     movl 8(%4), %%eax\n"
+ 		       "8:     movl 12(%4),%%edx\n"
+-		       "9:     movl %%eax, 8(%3)\n"
+-		       "10:    movl %%edx, 12(%3)\n"
++		       "9:     movl %%eax, %%es:8(%3)\n"
++		       "10:    movl %%edx, %%es:12(%3)\n"
+ 		       "11:    movl 16(%4), %%eax\n"
+ 		       "12:    movl 20(%4), %%edx\n"
+-		       "13:    movl %%eax, 16(%3)\n"
+-		       "14:    movl %%edx, 20(%3)\n"
++		       "13:    movl %%eax, %%es:16(%3)\n"
++		       "14:    movl %%edx, %%es:20(%3)\n"
+ 		       "15:    movl 24(%4), %%eax\n"
+ 		       "16:    movl 28(%4), %%edx\n"
+-		       "17:    movl %%eax, 24(%3)\n"
+-		       "18:    movl %%edx, 28(%3)\n"
++		       "17:    movl %%eax, %%es:24(%3)\n"
++		       "18:    movl %%edx, %%es:28(%3)\n"
+ 		       "19:    movl 32(%4), %%eax\n"
+ 		       "20:    movl 36(%4), %%edx\n"
+-		       "21:    movl %%eax, 32(%3)\n"
+-		       "22:    movl %%edx, 36(%3)\n"
++		       "21:    movl %%eax, %%es:32(%3)\n"
++		       "22:    movl %%edx, %%es:36(%3)\n"
+ 		       "23:    movl 40(%4), %%eax\n"
+ 		       "24:    movl 44(%4), %%edx\n"
+-		       "25:    movl %%eax, 40(%3)\n"
+-		       "26:    movl %%edx, 44(%3)\n"
++		       "25:    movl %%eax, %%es:40(%3)\n"
++		       "26:    movl %%edx, %%es:44(%3)\n"
+ 		       "27:    movl 48(%4), %%eax\n"
+ 		       "28:    movl 52(%4), %%edx\n"
+-		       "29:    movl %%eax, 48(%3)\n"
+-		       "30:    movl %%edx, 52(%3)\n"
++		       "29:    movl %%eax, %%es:48(%3)\n"
++		       "30:    movl %%edx, %%es:52(%3)\n"
+ 		       "31:    movl 56(%4), %%eax\n"
+ 		       "32:    movl 60(%4), %%edx\n"
+-		       "33:    movl %%eax, 56(%3)\n"
+-		       "34:    movl %%edx, 60(%3)\n"
++		       "33:    movl %%eax, %%es:56(%3)\n"
++		       "34:    movl %%edx, %%es:60(%3)\n"
+ 		       "       addl $-64, %0\n"
+ 		       "       addl $64, %4\n"
+ 		       "       addl $64, %3\n"
+@@ -282,6 +406,8 @@ __copy_user_intel(void __user *to, const
+ 		       "36:    movl %%eax, %0\n"
+ 		       "37:    rep; movsb\n"
+ 		       "100:\n"
++		       "       pushl %%ss\n"
++		       "       popl %%ds\n"
+ 		       ".section .fixup,\"ax\"\n"
+ 		       "101:   lea 0(%%eax,%0,4),%0\n"
+ 		       "       jmp 100b\n"
+@@ -328,7 +454,7 @@ __copy_user_intel(void __user *to, const
+ 		       "       .long 99b,101b\n"
+ 		       ".previous"
+ 		       : "=&c"(size), "=&D" (d0), "=&S" (d1)
+-		       :  "1"(to), "2"(from), "0"(size)
++		       :  "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
+ 		       : "eax", "edx", "memory");
+ 	return size;
+ }
+@@ -338,6 +464,7 @@ __copy_user_zeroing_intel(void *to, cons
+ {
+ 	int d0, d1;
+ 	__asm__ __volatile__(
++		       "        movw %w6, %%ds\n"
+ 		       "        .align 2,0x90\n"
+ 		       "0:      movl 32(%4), %%eax\n"
+ 		       "        cmpl $67, %0\n"
+@@ -346,36 +473,36 @@ __copy_user_zeroing_intel(void *to, cons
+ 		       "        .align 2,0x90\n"
+ 		       "2:      movl 0(%4), %%eax\n"
+ 		       "21:     movl 4(%4), %%edx\n"
+-		       "        movl %%eax, 0(%3)\n"
+-		       "        movl %%edx, 4(%3)\n"
++		       "        movl %%eax, %%es:0(%3)\n"
++		       "        movl %%edx, %%es:4(%3)\n"
+ 		       "3:      movl 8(%4), %%eax\n"
+ 		       "31:     movl 12(%4),%%edx\n"
+-		       "        movl %%eax, 8(%3)\n"
+-		       "        movl %%edx, 12(%3)\n"
++		       "        movl %%eax, %%es:8(%3)\n"
++		       "        movl %%edx, %%es:12(%3)\n"
+ 		       "4:      movl 16(%4), %%eax\n"
+ 		       "41:     movl 20(%4), %%edx\n"
+-		       "        movl %%eax, 16(%3)\n"
+-		       "        movl %%edx, 20(%3)\n"
++		       "        movl %%eax, %%es:16(%3)\n"
++		       "        movl %%edx, %%es:20(%3)\n"
+ 		       "10:     movl 24(%4), %%eax\n"
+ 		       "51:     movl 28(%4), %%edx\n"
+-		       "        movl %%eax, 24(%3)\n"
+-		       "        movl %%edx, 28(%3)\n"
++		       "        movl %%eax, %%es:24(%3)\n"
++		       "        movl %%edx, %%es:28(%3)\n"
+ 		       "11:     movl 32(%4), %%eax\n"
+ 		       "61:     movl 36(%4), %%edx\n"
+-		       "        movl %%eax, 32(%3)\n"
+-		       "        movl %%edx, 36(%3)\n"
++		       "        movl %%eax, %%es:32(%3)\n"
++		       "        movl %%edx, %%es:36(%3)\n"
+ 		       "12:     movl 40(%4), %%eax\n"
+ 		       "71:     movl 44(%4), %%edx\n"
+-		       "        movl %%eax, 40(%3)\n"
+-		       "        movl %%edx, 44(%3)\n"
++		       "        movl %%eax, %%es:40(%3)\n"
++		       "        movl %%edx, %%es:44(%3)\n"
+ 		       "13:     movl 48(%4), %%eax\n"
+ 		       "81:     movl 52(%4), %%edx\n"
+-		       "        movl %%eax, 48(%3)\n"
+-		       "        movl %%edx, 52(%3)\n"
++		       "        movl %%eax, %%es:48(%3)\n"
++		       "        movl %%edx, %%es:52(%3)\n"
+ 		       "14:     movl 56(%4), %%eax\n"
+ 		       "91:     movl 60(%4), %%edx\n"
+-		       "        movl %%eax, 56(%3)\n"
+-		       "        movl %%edx, 60(%3)\n"
++		       "        movl %%eax, %%es:56(%3)\n"
++		       "        movl %%edx, %%es:60(%3)\n"
+ 		       "        addl $-64, %0\n"
+ 		       "        addl $64, %4\n"
+ 		       "        addl $64, %3\n"
+@@ -389,6 +516,8 @@ __copy_user_zeroing_intel(void *to, cons
+ 		       "        movl %%eax,%0\n"
+ 		       "7:      rep; movsb\n"
+ 		       "8:\n"
++		       "        pushl %%ss\n"
++		       "        popl %%ds\n"
+ 		       ".section .fixup,\"ax\"\n"
+ 		       "9:      lea 0(%%eax,%0,4),%0\n"
+ 		       "16:     pushl %0\n"
+@@ -423,7 +552,7 @@ __copy_user_zeroing_intel(void *to, cons
+ 		       "        .long 7b,16b\n"
+ 		       ".previous"
+ 		       : "=&c"(size), "=&D" (d0), "=&S" (d1)
+-		       :  "1"(to), "2"(from), "0"(size)
++		       :  "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
+ 		       : "eax", "edx", "memory");
+ 	return size;
+ }
+@@ -439,6 +568,7 @@ static unsigned long __copy_user_zeroing
+ 	int d0, d1;
+ 
+ 	__asm__ __volatile__(
++	       "        movw %w6, %%ds\n"
+ 	       "        .align 2,0x90\n"
+ 	       "0:      movl 32(%4), %%eax\n"
+ 	       "        cmpl $67, %0\n"
+@@ -447,36 +577,36 @@ static unsigned long __copy_user_zeroing
+ 	       "        .align 2,0x90\n"
+ 	       "2:      movl 0(%4), %%eax\n"
+ 	       "21:     movl 4(%4), %%edx\n"
+-	       "        movnti %%eax, 0(%3)\n"
+-	       "        movnti %%edx, 4(%3)\n"
++	       "        movnti %%eax, %%es:0(%3)\n"
++	       "        movnti %%edx, %%es:4(%3)\n"
+ 	       "3:      movl 8(%4), %%eax\n"
+ 	       "31:     movl 12(%4),%%edx\n"
+-	       "        movnti %%eax, 8(%3)\n"
+-	       "        movnti %%edx, 12(%3)\n"
++	       "        movnti %%eax, %%es:8(%3)\n"
++	       "        movnti %%edx, %%es:12(%3)\n"
+ 	       "4:      movl 16(%4), %%eax\n"
+ 	       "41:     movl 20(%4), %%edx\n"
+-	       "        movnti %%eax, 16(%3)\n"
+-	       "        movnti %%edx, 20(%3)\n"
++	       "        movnti %%eax, %%es:16(%3)\n"
++	       "        movnti %%edx, %%es:20(%3)\n"
+ 	       "10:     movl 24(%4), %%eax\n"
+ 	       "51:     movl 28(%4), %%edx\n"
+-	       "        movnti %%eax, 24(%3)\n"
+-	       "        movnti %%edx, 28(%3)\n"
++	       "        movnti %%eax, %%es:24(%3)\n"
++	       "        movnti %%edx, %%es:28(%3)\n"
+ 	       "11:     movl 32(%4), %%eax\n"
+ 	       "61:     movl 36(%4), %%edx\n"
+-	       "        movnti %%eax, 32(%3)\n"
+-	       "        movnti %%edx, 36(%3)\n"
++	       "        movnti %%eax, %%es:32(%3)\n"
++	       "        movnti %%edx, %%es:36(%3)\n"
+ 	       "12:     movl 40(%4), %%eax\n"
+ 	       "71:     movl 44(%4), %%edx\n"
+-	       "        movnti %%eax, 40(%3)\n"
+-	       "        movnti %%edx, 44(%3)\n"
++	       "        movnti %%eax, %%es:40(%3)\n"
++	       "        movnti %%edx, %%es:44(%3)\n"
+ 	       "13:     movl 48(%4), %%eax\n"
+ 	       "81:     movl 52(%4), %%edx\n"
+-	       "        movnti %%eax, 48(%3)\n"
+-	       "        movnti %%edx, 52(%3)\n"
++	       "        movnti %%eax, %%es:48(%3)\n"
++	       "        movnti %%edx, %%es:52(%3)\n"
+ 	       "14:     movl 56(%4), %%eax\n"
+ 	       "91:     movl 60(%4), %%edx\n"
+-	       "        movnti %%eax, 56(%3)\n"
+-	       "        movnti %%edx, 60(%3)\n"
++	       "        movnti %%eax, %%es:56(%3)\n"
++	       "        movnti %%edx, %%es:60(%3)\n"
+ 	       "        addl $-64, %0\n"
+ 	       "        addl $64, %4\n"
+ 	       "        addl $64, %3\n"
+@@ -491,6 +621,8 @@ static unsigned long __copy_user_zeroing
+ 	       "        movl %%eax,%0\n"
+ 	       "7:      rep; movsb\n"
+ 	       "8:\n"
++	       "        pushl %%ss\n"
++	       "        popl %%ds\n"
+ 	       ".section .fixup,\"ax\"\n"
+ 	       "9:      lea 0(%%eax,%0,4),%0\n"
+ 	       "16:     pushl %0\n"
+@@ -525,7 +657,7 @@ static unsigned long __copy_user_zeroing
+ 	       "        .long 7b,16b\n"
+ 	       ".previous"
+ 	       : "=&c"(size), "=&D" (d0), "=&S" (d1)
+-	       :  "1"(to), "2"(from), "0"(size)
++	       :  "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
+ 	       : "eax", "edx", "memory");
+ 	return size;
+ }
+@@ -536,6 +668,7 @@ static unsigned long __copy_user_intel_n
+ 	int d0, d1;
+ 
+ 	__asm__ __volatile__(
++	       "        movw %w6, %%ds\n"
+ 	       "        .align 2,0x90\n"
+ 	       "0:      movl 32(%4), %%eax\n"
+ 	       "        cmpl $67, %0\n"
+@@ -544,36 +677,36 @@ static unsigned long __copy_user_intel_n
+ 	       "        .align 2,0x90\n"
+ 	       "2:      movl 0(%4), %%eax\n"
+ 	       "21:     movl 4(%4), %%edx\n"
+-	       "        movnti %%eax, 0(%3)\n"
+-	       "        movnti %%edx, 4(%3)\n"
++	       "        movnti %%eax, %%es:0(%3)\n"
++	       "        movnti %%edx, %%es:4(%3)\n"
+ 	       "3:      movl 8(%4), %%eax\n"
+ 	       "31:     movl 12(%4),%%edx\n"
+-	       "        movnti %%eax, 8(%3)\n"
+-	       "        movnti %%edx, 12(%3)\n"
++	       "        movnti %%eax, %%es:8(%3)\n"
++	       "        movnti %%edx, %%es:12(%3)\n"
+ 	       "4:      movl 16(%4), %%eax\n"
+ 	       "41:     movl 20(%4), %%edx\n"
+-	       "        movnti %%eax, 16(%3)\n"
+-	       "        movnti %%edx, 20(%3)\n"
++	       "        movnti %%eax, %%es:16(%3)\n"
++	       "        movnti %%edx, %%es:20(%3)\n"
+ 	       "10:     movl 24(%4), %%eax\n"
+ 	       "51:     movl 28(%4), %%edx\n"
+-	       "        movnti %%eax, 24(%3)\n"
+-	       "        movnti %%edx, 28(%3)\n"
++	       "        movnti %%eax, %%es:24(%3)\n"
++	       "        movnti %%edx, %%es:28(%3)\n"
+ 	       "11:     movl 32(%4), %%eax\n"
+ 	       "61:     movl 36(%4), %%edx\n"
+-	       "        movnti %%eax, 32(%3)\n"
+-	       "        movnti %%edx, 36(%3)\n"
++	       "        movnti %%eax, %%es:32(%3)\n"
++	       "        movnti %%edx, %%es:36(%3)\n"
+ 	       "12:     movl 40(%4), %%eax\n"
+ 	       "71:     movl 44(%4), %%edx\n"
+-	       "        movnti %%eax, 40(%3)\n"
+-	       "        movnti %%edx, 44(%3)\n"
++	       "        movnti %%eax, %%es:40(%3)\n"
++	       "        movnti %%edx, %%es:44(%3)\n"
+ 	       "13:     movl 48(%4), %%eax\n"
+ 	       "81:     movl 52(%4), %%edx\n"
+-	       "        movnti %%eax, 48(%3)\n"
+-	       "        movnti %%edx, 52(%3)\n"
++	       "        movnti %%eax, %%es:48(%3)\n"
++	       "        movnti %%edx, %%es:52(%3)\n"
+ 	       "14:     movl 56(%4), %%eax\n"
+ 	       "91:     movl 60(%4), %%edx\n"
+-	       "        movnti %%eax, 56(%3)\n"
+-	       "        movnti %%edx, 60(%3)\n"
++	       "        movnti %%eax, %%es:56(%3)\n"
++	       "        movnti %%edx, %%es:60(%3)\n"
+ 	       "        addl $-64, %0\n"
+ 	       "        addl $64, %4\n"
+ 	       "        addl $64, %3\n"
+@@ -588,6 +721,8 @@ static unsigned long __copy_user_intel_n
+ 	       "        movl %%eax,%0\n"
+ 	       "7:      rep; movsb\n"
+ 	       "8:\n"
++	       "        pushl %%ss\n"
++	       "        popl %%ds\n"
+ 	       ".section .fixup,\"ax\"\n"
+ 	       "9:      lea 0(%%eax,%0,4),%0\n"
+ 	       "16:     jmp 8b\n"
+@@ -616,7 +751,7 @@ static unsigned long __copy_user_intel_n
+ 	       "        .long 7b,16b\n"
+ 	       ".previous"
+ 	       : "=&c"(size), "=&D" (d0), "=&S" (d1)
+-	       :  "1"(to), "2"(from), "0"(size)
++	       :  "1"(to), "2"(from), "0"(size), "r"(__USER_DS)
+ 	       : "eax", "edx", "memory");
+ 	return size;
+ }
+@@ -629,90 +764,146 @@ static unsigned long __copy_user_intel_n
+  */
+ unsigned long __copy_user_zeroing_intel(void *to, const void __user *from,
+ 					unsigned long size);
+-unsigned long __copy_user_intel(void __user *to, const void *from,
++unsigned long __generic_copy_to_user_intel(void __user *to, const void *from,
++					unsigned long size);
++unsigned long __generic_copy_from_user_intel(void *to, const void __user *from,
+ 					unsigned long size);
+ unsigned long __copy_user_zeroing_intel_nocache(void *to,
+ 				const void __user *from, unsigned long size);
+ #endif /* CONFIG_X86_INTEL_USERCOPY */
+ 
+ /* Generic arbitrary sized copy.  */
+-#define __copy_user(to, from, size)					\
+-do {									\
+-	int __d0, __d1, __d2;						\
+-	__asm__ __volatile__(						\
+-		"	cmp  $7,%0\n"					\
+-		"	jbe  1f\n"					\
+-		"	movl %1,%0\n"					\
+-		"	negl %0\n"					\
+-		"	andl $7,%0\n"					\
+-		"	subl %0,%3\n"					\
+-		"4:	rep; movsb\n"					\
+-		"	movl %3,%0\n"					\
+-		"	shrl $2,%0\n"					\
+-		"	andl $3,%3\n"					\
+-		"	.align 2,0x90\n"				\
+-		"0:	rep; movsl\n"					\
+-		"	movl %3,%0\n"					\
+-		"1:	rep; movsb\n"					\
+-		"2:\n"							\
+-		".section .fixup,\"ax\"\n"				\
+-		"5:	addl %3,%0\n"					\
+-		"	jmp 2b\n"					\
+-		"3:	lea 0(%3,%0,4),%0\n"				\
+-		"	jmp 2b\n"					\
+-		".previous\n"						\
+-		".section __ex_table,\"a\"\n"				\
+-		"	.align 4\n"					\
+-		"	.long 4b,5b\n"					\
+-		"	.long 0b,3b\n"					\
+-		"	.long 1b,2b\n"					\
+-		".previous"						\
+-		: "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)	\
+-		: "3"(size), "0"(size), "1"(to), "2"(from)		\
+-		: "memory");						\
+-} while (0)
+-
+-#define __copy_user_zeroing(to, from, size)				\
+-do {									\
+-	int __d0, __d1, __d2;						\
+-	__asm__ __volatile__(						\
+-		"	cmp  $7,%0\n"					\
+-		"	jbe  1f\n"					\
+-		"	movl %1,%0\n"					\
+-		"	negl %0\n"					\
+-		"	andl $7,%0\n"					\
+-		"	subl %0,%3\n"					\
+-		"4:	rep; movsb\n"					\
+-		"	movl %3,%0\n"					\
+-		"	shrl $2,%0\n"					\
+-		"	andl $3,%3\n"					\
+-		"	.align 2,0x90\n"				\
+-		"0:	rep; movsl\n"					\
+-		"	movl %3,%0\n"					\
+-		"1:	rep; movsb\n"					\
+-		"2:\n"							\
+-		".section .fixup,\"ax\"\n"				\
+-		"5:	addl %3,%0\n"					\
+-		"	jmp 6f\n"					\
+-		"3:	lea 0(%3,%0,4),%0\n"				\
+-		"6:	pushl %0\n"					\
+-		"	pushl %%eax\n"					\
+-		"	xorl %%eax,%%eax\n"				\
+-		"	rep; stosb\n"					\
+-		"	popl %%eax\n"					\
+-		"	popl %0\n"					\
+-		"	jmp 2b\n"					\
+-		".previous\n"						\
+-		".section __ex_table,\"a\"\n"				\
+-		"	.align 4\n"					\
+-		"	.long 4b,5b\n"					\
+-		"	.long 0b,3b\n"					\
+-		"	.long 1b,6b\n"					\
+-		".previous"						\
+-		: "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)	\
+-		: "3"(size), "0"(size), "1"(to), "2"(from)		\
+-		: "memory");						\
+-} while (0)
++static unsigned long
++__generic_copy_to_user(void __user *to, const void *from, unsigned long size)
++{
++	int __d0, __d1, __d2;
++
++	__asm__ __volatile__(
++		"	movw %w8,%%es\n"
++		"	cmp  $7,%0\n"
++		"	jbe  1f\n"
++		"	movl %1,%0\n"
++		"	negl %0\n"
++		"	andl $7,%0\n"
++		"	subl %0,%3\n"
++		"4:	rep; movsb\n"
++		"	movl %3,%0\n"
++		"	shrl $2,%0\n"
++		"	andl $3,%3\n"
++		"	.align 2,0x90\n"
++		"0:	rep; movsl\n"
++		"	movl %3,%0\n"
++		"1:	rep; movsb\n"
++		"2:\n"
++		"	pushl %%ss\n"
++		"	popl %%es\n"
++		".section .fixup,\"ax\"\n"
++		"5:	addl %3,%0\n"
++		"	jmp 2b\n"
++		"3:	lea 0(%3,%0,4),%0\n"
++		"	jmp 2b\n"
++		".previous\n"
++		".section __ex_table,\"a\"\n"
++		"	.align 4\n"
++		"	.long 4b,5b\n"
++		"	.long 0b,3b\n"
++		"	.long 1b,2b\n"
++		".previous"
++		: "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
++		: "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
++		: "memory");
++	return size;
++}
++
++static unsigned long
++__generic_copy_from_user(void *to, const void __user *from, unsigned long size)
++{
++	int __d0, __d1, __d2;
++
++	__asm__ __volatile__(
++		"	movw %w8,%%ds\n"
++		"	cmp  $7,%0\n"
++		"	jbe  1f\n"
++		"	movl %1,%0\n"
++		"	negl %0\n"
++		"	andl $7,%0\n"
++		"	subl %0,%3\n"
++		"4:	rep; movsb\n"
++		"	movl %3,%0\n"
++		"	shrl $2,%0\n"
++		"	andl $3,%3\n"
++		"	.align 2,0x90\n"
++		"0:	rep; movsl\n"
++		"	movl %3,%0\n"
++		"1:	rep; movsb\n"
++		"2:\n"
++		"	pushl %%ss\n"
++		"	popl %%ds\n"
++		".section .fixup,\"ax\"\n"
++		"5:	addl %3,%0\n"
++		"	jmp 2b\n"
++		"3:	lea 0(%3,%0,4),%0\n"
++		"	jmp 2b\n"
++		".previous\n"
++		".section __ex_table,\"a\"\n"
++		"	.align 4\n"
++		"	.long 4b,5b\n"
++		"	.long 0b,3b\n"
++		"	.long 1b,2b\n"
++		".previous"
++		: "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
++		: "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
++		: "memory");
++	return size;
++}
++
++static unsigned long
++__copy_user_zeroing(void *to, const void __user *from, unsigned long size)
++{
++	int __d0, __d1, __d2;
++
++	__asm__ __volatile__(
++		"	movw %w8,%%ds\n"
++		"	cmp  $7,%0\n"
++		"	jbe  1f\n"
++		"	movl %1,%0\n"
++		"	negl %0\n"
++		"	andl $7,%0\n"
++		"	subl %0,%3\n"
++		"4:	rep; movsb\n"
++		"	movl %3,%0\n"
++		"	shrl $2,%0\n"
++		"	andl $3,%3\n"
++		"	.align 2,0x90\n"
++		"0:	rep; movsl\n"
++		"	movl %3,%0\n"
++		"1:	rep; movsb\n"
++		"2:\n"
++		"	pushl %%ss\n"
++		"	popl %%ds\n"
++		".section .fixup,\"ax\"\n"
++		"5:	addl %3,%0\n"
++		"	jmp 6f\n"
++		"3:	lea 0(%3,%0,4),%0\n"
++		"6:	pushl %0\n"
++		"	pushl %%eax\n"
++		"	xorl %%eax,%%eax\n"
++		"	rep; stosb\n"
++		"	popl %%eax\n"
++		"	popl %0\n"
++		"	jmp 2b\n"
++		".previous\n"
++		".section __ex_table,\"a\"\n"
++		"	.align 4\n"
++		"	.long 4b,5b\n"
++		"	.long 0b,3b\n"
++		"	.long 1b,6b\n"
++		".previous"
++		: "=&c"(size), "=&D" (__d0), "=&S" (__d1), "=r"(__d2)
++		: "3"(size), "0"(size), "1"(to), "2"(from), "r"(__USER_DS)
++		: "memory");
++	return size;
++}
+ 
+ unsigned long __copy_to_user_ll(void __user *to, const void *from,
+ 				unsigned long n)
+@@ -775,9 +966,9 @@ survive:
+ 	}
+ #endif
+ 	if (movsl_is_ok(to, from, n))
+-		__copy_user(to, from, n);
++		n = __generic_copy_to_user(to, from, n);
+ 	else
+-		n = __copy_user_intel(to, from, n);
++		n = __generic_copy_to_user_intel(to, from, n);
+ 	return n;
+ }
+ EXPORT_SYMBOL(__copy_to_user_ll);
+@@ -786,7 +977,7 @@ unsigned long __copy_from_user_ll(void *
+ 					unsigned long n)
+ {
+ 	if (movsl_is_ok(to, from, n))
+-		__copy_user_zeroing(to, from, n);
++		n = __copy_user_zeroing(to, from, n);
+ 	else
+ 		n = __copy_user_zeroing_intel(to, from, n);
+ 	return n;
+@@ -797,10 +988,9 @@ unsigned long __copy_from_user_ll_nozero
+ 					 unsigned long n)
+ {
+ 	if (movsl_is_ok(to, from, n))
+-		__copy_user(to, from, n);
++		n = __generic_copy_from_user(to, from, n);
+ 	else
+-		n = __copy_user_intel((void __user *)to,
+-				      (const void *)from, n);
++		n = __generic_copy_from_user_intel(to, from, n);
+ 	return n;
+ }
+ EXPORT_SYMBOL(__copy_from_user_ll_nozero);
+@@ -812,9 +1002,9 @@ unsigned long __copy_from_user_ll_nocach
+ 	if (n > 64 && cpu_has_xmm2)
+ 		n = __copy_user_zeroing_intel_nocache(to, from, n);
+ 	else
+-		__copy_user_zeroing(to, from, n);
++		n = __copy_user_zeroing(to, from, n);
+ #else
+-	__copy_user_zeroing(to, from, n);
++	n = __copy_user_zeroing(to, from, n);
+ #endif
+ 	return n;
+ }
+@@ -827,59 +1017,37 @@ unsigned long __copy_from_user_ll_nocach
+ 	if (n > 64 && cpu_has_xmm2)
+ 		n = __copy_user_intel_nocache(to, from, n);
+ 	else
+-		__copy_user(to, from, n);
++		n = __generic_copy_from_user(to, from, n);
+ #else
+-	__copy_user(to, from, n);
++	n = __generic_copy_from_user(to, from, n);
+ #endif
+ 	return n;
+ }
+ EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero);
+ 
+-/**
+- * copy_to_user: - Copy a block of data into user space.
+- * @to:   Destination address, in user space.
+- * @from: Source address, in kernel space.
+- * @n:    Number of bytes to copy.
+- *
+- * Context: User context only.  This function may sleep.
+- *
+- * Copy data from kernel space to user space.
+- *
+- * Returns number of bytes that could not be copied.
+- * On success, this will be zero.
+- */
+-unsigned long
+-copy_to_user(void __user *to, const void *from, unsigned long n)
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++void __set_fs(mm_segment_t x, int cpu)
+ {
+-	if (access_ok(VERIFY_WRITE, to, n))
+-		n = __copy_to_user(to, from, n);
+-	return n;
++	unsigned long limit = x.seg;
++	struct desc_struct d;
++
++	current_thread_info()->addr_limit = x;
++	if (likely(limit))
++		limit = (limit - 1UL) >> PAGE_SHIFT;
++	pack_descriptor(&d, 0UL, limit, 0xF3, 0xC);
++	write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_DEFAULT_USER_DS, &d, DESCTYPE_S);
+ }
+-EXPORT_SYMBOL(copy_to_user);
+ 
+-/**
+- * copy_from_user: - Copy a block of data from user space.
+- * @to:   Destination address, in kernel space.
+- * @from: Source address, in user space.
+- * @n:    Number of bytes to copy.
+- *
+- * Context: User context only.  This function may sleep.
+- *
+- * Copy data from user space to kernel space.
+- *
+- * Returns number of bytes that could not be copied.
+- * On success, this will be zero.
+- *
+- * If some data could not be copied, this function will pad the copied
+- * data to the requested size using zero bytes.
+- */
+-unsigned long
+-copy_from_user(void *to, const void __user *from, unsigned long n)
++void set_fs(mm_segment_t x)
+ {
+-	if (access_ok(VERIFY_READ, from, n))
+-		n = __copy_from_user(to, from, n);
+-	else
+-		memset(to, 0, n);
+-	return n;
++	__set_fs(x, get_cpu());
++	put_cpu_no_resched();
+ }
+-EXPORT_SYMBOL(copy_from_user);
++#else
++void set_fs(mm_segment_t x)
++{
++	current_thread_info()->addr_limit = x;
++}
++#endif
++
++EXPORT_SYMBOL(set_fs);
+diff -urNp linux-2.6.29.6/arch/x86/mach-voyager/voyager_basic.c linux-2.6.29.6/arch/x86/mach-voyager/voyager_basic.c
+--- linux-2.6.29.6/arch/x86/mach-voyager/voyager_basic.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mach-voyager/voyager_basic.c	2009-07-23 17:34:32.084899980 -0400
+@@ -123,7 +123,7 @@ int __init voyager_memory_detect(int reg
+ 	__u8 cmos[4];
+ 	ClickMap_t *map;
+ 	unsigned long map_addr;
+-	unsigned long old;
++	pte_t old;
+ 
+ 	if (region >= CLICK_ENTRIES) {
+ 		printk("Voyager: Illegal ClickMap region %d\n", region);
+@@ -138,7 +138,7 @@ int __init voyager_memory_detect(int reg
+ 
+ 	/* steal page 0 for this */
+ 	old = pg0[0];
+-	pg0[0] = ((map_addr & PAGE_MASK) | _PAGE_RW | _PAGE_PRESENT);
++	pg0[0] = __pte((map_addr & PAGE_MASK) | _PAGE_RW | _PAGE_PRESENT);
+ 	local_flush_tlb();
+ 	/* now clear everything out but page 0 */
+ 	map = (ClickMap_t *) (map_addr & (~PAGE_MASK));
+diff -urNp linux-2.6.29.6/arch/x86/mach-voyager/voyager_smp.c linux-2.6.29.6/arch/x86/mach-voyager/voyager_smp.c
+--- linux-2.6.29.6/arch/x86/mach-voyager/voyager_smp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mach-voyager/voyager_smp.c	2009-07-23 17:34:32.084899980 -0400
+@@ -511,6 +511,10 @@ static void __init do_boot_cpu(__u8 cpu)
+ 	__u32 *hijack_vector;
+ 	__u32 start_phys_address = setup_trampoline();
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	/* There's a clever trick to this: The linux trampoline is
+ 	 * compiled to begin at absolute location zero, so make the
+ 	 * address zero but have the data segment selector compensate
+@@ -530,7 +534,17 @@ static void __init do_boot_cpu(__u8 cpu)
+ 
+ 	init_gdt(cpu);
+ 	per_cpu(current_task, cpu) = idle;
+-	early_gdt_descr.address = (unsigned long)get_cpu_gdt_table(cpu);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	early_gdt_descr.address = get_cpu_gdt_table(cpu);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	irq_ctx_init(cpu);
+ 
+ 	/* Note: Don't modify initial ss override */
+@@ -1144,7 +1158,7 @@ void smp_local_timer_interrupt(void)
+ 			    per_cpu(prof_counter, cpu);
+ 		}
+ 
+-		update_process_times(user_mode_vm(get_irq_regs()));
++		update_process_times(user_mode(get_irq_regs()));
+ 	}
+ 
+ 	if (((1 << cpu) & voyager_extended_vic_processors) == 0)
+diff -urNp linux-2.6.29.6/arch/x86/Makefile linux-2.6.29.6/arch/x86/Makefile
+--- linux-2.6.29.6/arch/x86/Makefile	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/Makefile	2009-07-23 17:34:32.084899980 -0400
+@@ -232,3 +232,12 @@ endef
+ CLEAN_FILES += arch/x86/boot/fdimage \
+ 	       arch/x86/boot/image.iso \
+ 	       arch/x86/boot/mtools.conf
++
++define OLD_LD
++
++*** ${VERSION}.${PATCHLEVEL} PaX kernels no longer build correctly with old versions of binutils.
++*** Please upgrade your binutils to 2.18 or newer
++endef
++
++archprepare:
++	$(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
+diff -urNp linux-2.6.29.6/arch/x86/mm/extable.c linux-2.6.29.6/arch/x86/mm/extable.c
+--- linux-2.6.29.6/arch/x86/mm/extable.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/extable.c	2009-07-23 17:34:32.085744993 -0400
+@@ -1,14 +1,62 @@
+ #include <linux/module.h>
+ #include <linux/spinlock.h>
++#include <linux/sort.h>
+ #include <asm/uaccess.h>
+ 
++/*
++ * The exception table needs to be sorted so that the binary
++ * search that we use to find entries in it works properly.
++ * This is used both for the kernel exception table and for
++ * the exception tables of modules that get loaded.
++ */
++static int cmp_ex(const void *a, const void *b)
++{
++	const struct exception_table_entry *x = a, *y = b;
++
++	/* avoid overflow */
++	if (x->insn > y->insn)
++		return 1;
++	if (x->insn < y->insn)
++		return -1;
++	return 0;
++}
++
++static void swap_ex(void *a, void *b, int size)
++{
++	struct exception_table_entry t, *x = a, *y = b;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
++	t = *x;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	*x = *y;
++	*y = t;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
++}
++
++void sort_extable(struct exception_table_entry *start,
++		  struct exception_table_entry *finish)
++{
++	sort(start, finish - start, sizeof(struct exception_table_entry),
++	     cmp_ex, swap_ex);
++}
+ 
+ int fixup_exception(struct pt_regs *regs)
+ {
+ 	const struct exception_table_entry *fixup;
+ 
+ #ifdef CONFIG_PNPBIOS
+-	if (unlikely(SEGMENT_IS_PNP_CODE(regs->cs))) {
++	if (unlikely(!v8086_mode(regs) && SEGMENT_IS_PNP_CODE(regs->cs))) {
+ 		extern u32 pnp_bios_fault_eip, pnp_bios_fault_esp;
+ 		extern u32 pnp_bios_is_utter_crap;
+ 		pnp_bios_is_utter_crap = 1;
+diff -urNp linux-2.6.29.6/arch/x86/mm/fault.c linux-2.6.29.6/arch/x86/mm/fault.c
+--- linux-2.6.29.6/arch/x86/mm/fault.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/fault.c	2009-07-23 17:34:32.085744993 -0400
+@@ -26,6 +26,8 @@
+ #include <linux/kprobes.h>
+ #include <linux/uaccess.h>
+ #include <linux/kdebug.h>
++#include <linux/unistd.h>
++#include <linux/compiler.h>
+ 
+ #include <asm/system.h>
+ #include <asm/desc.h>
+@@ -67,7 +69,7 @@ static inline int notify_page_fault(stru
+ 	int ret = 0;
+ 
+ 	/* kprobe_running() needs smp_processor_id() */
+-	if (!user_mode_vm(regs)) {
++	if (!user_mode(regs)) {
+ 		preempt_disable();
+ 		if (kprobe_running() && kprobe_fault_handler(regs, 14))
+ 			ret = 1;
+@@ -265,6 +267,30 @@ bad:
+ #endif
+ }
+ 
++#ifdef CONFIG_PAX_EMUTRAMP
++static int pax_handle_fetch_fault(struct pt_regs *regs);
++#endif
++
++#ifdef CONFIG_PAX_PAGEEXEC
++static inline pmd_t * pax_get_pmd(struct mm_struct *mm, unsigned long address)
++{
++	pgd_t *pgd;
++	pud_t *pud;
++	pmd_t *pmd;
++
++	pgd = pgd_offset(mm, address);
++	if (!pgd_present(*pgd))
++		return NULL;
++	pud = pud_offset(pgd, address);
++	if (!pud_present(*pud))
++		return NULL;
++	pmd = pmd_offset(pud, address);
++	if (!pmd_present(*pmd))
++		return NULL;
++	return pmd;
++}
++#endif
++
+ #ifdef CONFIG_X86_32
+ static inline pmd_t *vmalloc_sync_one(pgd_t *pgd, unsigned long address)
+ {
+@@ -351,7 +377,7 @@ static int is_errata93(struct pt_regs *r
+ static int is_errata100(struct pt_regs *regs, unsigned long address)
+ {
+ #ifdef CONFIG_X86_64
+-	if ((regs->cs == __USER32_CS || (regs->cs & (1<<2))) &&
++	if ((regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT)) &&
+ 	    (address >> 32))
+ 		return 1;
+ #endif
+@@ -386,14 +412,31 @@ static void show_fault_oops(struct pt_re
+ #endif
+ 
+ #ifdef CONFIG_X86_PAE
+-	if (error_code & PF_INSTR) {
++	if (nx_enabled && (error_code & PF_INSTR)) {
+ 		unsigned int level;
+ 		pte_t *pte = lookup_address(address, &level);
+ 
+ 		if (pte && pte_present(*pte) && !pte_exec(*pte))
+ 			printk(KERN_CRIT "kernel tried to execute "
+ 				"NX-protected page - exploit attempt? "
+-				"(uid: %d)\n", current_uid());
++				"(uid: %d, task: %s, pid: %d)\n",
++				current_uid(), current->comm, task_pid_nr(current));
++	}
++#endif
++
++#ifdef CONFIG_PAX_KERNEXEC
++#ifdef CONFIG_MODULES
++	if (init_mm.start_code <= address && address < (unsigned long)MODULES_END)
++#else
++	if (init_mm.start_code <= address && address < init_mm.end_code)
++#endif
++	{
++		if (current->signal->curr_ip)
++			printk(KERN_ERR "PAX: From %u.%u.%u.%u: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++					 NIPQUAD(current->signal->curr_ip), current->comm, task_pid_nr(current), current_uid(), current_euid());
++		else
++			printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n",
++					 current->comm, task_pid_nr(current), current_uid(), current_euid());
+ 	}
+ #endif
+ 
+@@ -586,7 +629,6 @@ void __kprobes do_page_fault(struct pt_r
+ 	struct task_struct *tsk;
+ 	struct mm_struct *mm;
+ 	struct vm_area_struct *vma;
+-	unsigned long address;
+ 	int write, si_code;
+ 	int fault;
+ #ifdef CONFIG_X86_64
+@@ -594,13 +636,20 @@ void __kprobes do_page_fault(struct pt_r
+ 	int sig;
+ #endif
+ 
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
++	pte_t *pte;
++	pmd_t *pmd;
++	spinlock_t *ptl;
++	unsigned char pte_mask;
++#endif
++
++	/* get the address */
++	const unsigned long address = read_cr2();
++
+ 	tsk = current;
+ 	mm = tsk->mm;
+ 	prefetchw(&mm->mmap_sem);
+ 
+-	/* get the address */
+-	address = read_cr2();
+-
+ 	si_code = SEGV_MAPERR;
+ 
+ 	if (unlikely(kmmio_fault(regs, address)))
+@@ -653,7 +702,7 @@ void __kprobes do_page_fault(struct pt_r
+ 	 * User-mode registers count as a user access even for any
+ 	 * potential system fault or CPU buglet.
+ 	 */
+-	if (user_mode_vm(regs)) {
++	if (user_mode(regs)) {
+ 		local_irq_enable();
+ 		error_code |= PF_USER;
+ 	} else if (regs->flags & X86_EFLAGS_IF)
+@@ -669,7 +718,7 @@ void __kprobes do_page_fault(struct pt_r
+ 	 * atomic region then we must not take the fault.
+ 	 */
+ 	if (unlikely(in_atomic() || !mm))
+-		goto bad_area_nosemaphore;
++		goto bad_area_nopax;
+ 
+ 	/*
+ 	 * When running in the kernel we expect faults to occur only to
+@@ -690,10 +739,104 @@ void __kprobes do_page_fault(struct pt_r
+ 	if (!down_read_trylock(&mm->mmap_sem)) {
+ 		if ((error_code & PF_USER) == 0 &&
+ 		    !search_exception_tables(regs->ip))
+-			goto bad_area_nosemaphore;
++			goto bad_area_nopax;
+ 		down_read(&mm->mmap_sem);
+ 	}
+ 
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC)
++	if (nx_enabled || (error_code & (PF_PROT|PF_USER)) != (PF_PROT|PF_USER) || v8086_mode(regs) ||
++	    !(mm->pax_flags & MF_PAX_PAGEEXEC))
++		goto not_pax_fault;
++
++	/* PaX: it's our fault, let's handle it if we can */
++
++	/* PaX: take a look at read faults before acquiring any locks */
++	if (unlikely(!(error_code & PF_WRITE) && (regs->ip == address))) {
++		/* instruction fetch attempt from a protected page in user mode */
++		up_read(&mm->mmap_sem);
++
++#ifdef CONFIG_PAX_EMUTRAMP
++		switch (pax_handle_fetch_fault(regs)) {
++		case 2:
++			return;
++		}
++#endif
++
++		pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
++		do_group_exit(SIGKILL);
++	}
++
++	pmd = pax_get_pmd(mm, address);
++	if (unlikely(!pmd))
++		goto not_pax_fault;
++
++	pte = pte_offset_map_lock(mm, pmd, address, &ptl);
++	if (unlikely(!(pte_val(*pte) & _PAGE_PRESENT) || pte_user(*pte))) {
++		pte_unmap_unlock(pte, ptl);
++		goto not_pax_fault;
++	}
++
++	if (unlikely((error_code & PF_WRITE) && !pte_write(*pte))) {
++		/* write attempt to a protected page in user mode */
++		pte_unmap_unlock(pte, ptl);
++		goto not_pax_fault;
++	}
++
++#ifdef CONFIG_SMP
++	if (likely(address > get_limit(regs->cs) && cpu_isset(smp_processor_id(), mm->context.cpu_user_cs_mask)))
++#else
++	if (likely(address > get_limit(regs->cs)))
++#endif
++	{
++		set_pte(pte, pte_mkread(*pte));
++		__flush_tlb_one(address);
++		pte_unmap_unlock(pte, ptl);
++		up_read(&mm->mmap_sem);
++		return;
++	}
++
++	pte_mask = _PAGE_ACCESSED | _PAGE_USER | ((error_code & PF_WRITE) << (_PAGE_BIT_DIRTY-1));
++
++	/*
++	 * PaX: fill DTLB with user rights and retry
++	 */
++	__asm__ __volatile__ (
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++		"movw %w4,%%es\n"
++#endif
++		"orb %2,(%1)\n"
++#if defined(CONFIG_M586) || defined(CONFIG_M586TSC)
++/*
++ * PaX: let this uncommented 'invlpg' remind us on the behaviour of Intel's
++ * (and AMD's) TLBs. namely, they do not cache PTEs that would raise *any*
++ * page fault when examined during a TLB load attempt. this is true not only
++ * for PTEs holding a non-present entry but also present entries that will
++ * raise a page fault (such as those set up by PaX, or the copy-on-write
++ * mechanism). in effect it means that we do *not* need to flush the TLBs
++ * for our target pages since their PTEs are simply not in the TLBs at all.
++
++ * the best thing in omitting it is that we gain around 15-20% speed in the
++ * fast path of the page fault handler and can get rid of tracing since we
++ * can no longer flush unintended entries.
++ */
++		"invlpg (%0)\n"
++#endif
++		"testb $0,%%es:(%0)\n"
++		"xorb %3,(%1)\n"
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++		"pushl %%ss\n"
++		"popl %%es\n"
++#endif
++		:
++		: "r" (address), "r" (pte), "q" (pte_mask), "i" (_PAGE_USER), "r" (__USER_DS)
++		: "memory", "cc");
++	pte_unmap_unlock(pte, ptl);
++	up_read(&mm->mmap_sem);
++	return;
++
++not_pax_fault:
++#endif
++
+ 	vma = find_vma(mm, address);
+ 	if (!vma)
+ 		goto bad_area;
+@@ -701,16 +844,20 @@ void __kprobes do_page_fault(struct pt_r
+ 		goto good_area;
+ 	if (!(vma->vm_flags & VM_GROWSDOWN))
+ 		goto bad_area;
+-	if (error_code & PF_USER) {
+-		/*
+-		 * Accessing the stack below %sp is always a bug.
+-		 * The large cushion allows instructions like enter
+-		 * and pusha to work.  ("enter $65535,$31" pushes
+-		 * 32 pointers and then decrements %sp by 65535.)
+-		 */
+-		if (address + 65536 + 32 * sizeof(unsigned long) < regs->sp)
+-			goto bad_area;
+-	}
++	/*
++	 * Accessing the stack below %sp is always a bug.
++	 * The large cushion allows instructions like enter
++	 * and pusha to work.  ("enter $65535,$31" pushes
++	 * 32 pointers and then decrements %sp by 65535.)
++	 */
++	if (address + 65536 + 32 * sizeof(unsigned long) < task_pt_regs(tsk)->sp)
++		goto bad_area;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end - SEGMEXEC_TASK_SIZE - 1 < address - SEGMEXEC_TASK_SIZE - 1)
++		goto bad_area;
++#endif
++
+ 	if (expand_stack(vma, address))
+ 		goto bad_area;
+ /*
+@@ -720,6 +867,8 @@ void __kprobes do_page_fault(struct pt_r
+ good_area:
+ 	si_code = SEGV_ACCERR;
+ 	write = 0;
++	if (nx_enabled && (error_code & PF_INSTR) && !(vma->vm_flags & VM_EXEC))
++		goto bad_area;
+ 	switch (error_code & (PF_PROT|PF_WRITE)) {
+ 	default:	/* 3: write, present */
+ 		/* fall through */
+@@ -774,6 +923,69 @@ bad_area:
+ 	up_read(&mm->mmap_sem);
+ 
+ bad_area_nosemaphore:
++
++#ifdef CONFIG_X86_64
++	if (mm && (error_code & PF_INSTR)) {
++		if (regs->ip == (unsigned long)vgettimeofday) {
++			regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_gettimeofday);
++			return;
++		} else if (regs->ip == (unsigned long)vtime) {
++			regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, fallback_time);
++			return;
++		} else if (regs->ip == (unsigned long)vgetcpu) {
++			regs->ip = (unsigned long)VDSO64_SYMBOL(mm->context.vdso, getcpu);
++			return;
++		}
++	}
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++	if (mm && (error_code & PF_USER)) {
++		unsigned long ip = regs->ip;
++
++		if (v8086_mode(regs))
++			ip = ((regs->cs & 0xffff) << 4) + (regs->ip & 0xffff);
++
++		/*
++		 * It's possible to have interrupts off here.
++		 */
++		local_irq_enable();
++
++#ifdef CONFIG_PAX_PAGEEXEC
++		if ((mm->pax_flags & MF_PAX_PAGEEXEC) &&
++		    ((nx_enabled && (error_code & PF_INSTR)) || (!(error_code & (PF_PROT | PF_WRITE)) && regs->ip == address))) {
++
++#ifdef CONFIG_PAX_EMUTRAMP
++			switch (pax_handle_fetch_fault(regs)) {
++			case 2:
++				return;
++			}
++#endif
++
++			pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
++			do_group_exit(SIGKILL);
++		}
++#endif
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if ((mm->pax_flags & MF_PAX_SEGMEXEC) && !(error_code & (PF_PROT | PF_WRITE)) && (regs->ip + SEGMEXEC_TASK_SIZE == address)) {
++
++#ifdef CONFIG_PAX_EMUTRAMP
++			switch (pax_handle_fetch_fault(regs)) {
++			case 2:
++				return;
++			}
++#endif
++
++			pax_report_fault(regs, (void *)regs->ip, (void *)regs->sp);
++			do_group_exit(SIGKILL);
++		}
++#endif
++
++	}
++#endif
++
++bad_area_nopax:
+ 	/* User mode accesses just cause a SIGSEGV */
+ 	if (error_code & PF_USER) {
+ 		/*
+@@ -852,7 +1064,7 @@ no_context:
+ #ifdef CONFIG_X86_32
+ 	die("Oops", regs, error_code);
+ 	bust_spinlocks(0);
+-	do_exit(SIGKILL);
++	do_group_exit(SIGKILL);
+ #else
+ 	sig = SIGKILL;
+ 	if (__die("Oops", regs, error_code))
+@@ -935,3 +1147,174 @@ void vmalloc_sync_all(void)
+ 	}
+ #endif
+ }
++
++#ifdef CONFIG_PAX_EMUTRAMP
++static int pax_handle_fetch_fault_32(struct pt_regs *regs)
++{
++	int err;
++
++	do { /* PaX: gcc trampoline emulation #1 */
++		unsigned char mov1, mov2;
++		unsigned short jmp;
++		unsigned int addr1, addr2;
++
++#ifdef CONFIG_X86_64
++		if ((regs->ip + 11) >> 32)
++			break;
++#endif
++
++		err = get_user(mov1, (unsigned char __user *)regs->ip);
++		err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
++		err |= get_user(mov2, (unsigned char __user *)(regs->ip + 5));
++		err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
++		err |= get_user(jmp, (unsigned short __user *)(regs->ip + 10));
++
++		if (err)
++			break;
++
++		if (mov1 == 0xB9 && mov2 == 0xB8 && jmp == 0xE0FF) {
++			regs->cx = addr1;
++			regs->ax = addr2;
++			regs->ip = addr2;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: gcc trampoline emulation #2 */
++		unsigned char mov, jmp;
++		unsigned int addr1, addr2;
++
++#ifdef CONFIG_X86_64
++		if ((regs->ip + 9) >> 32)
++			break;
++#endif
++
++		err = get_user(mov, (unsigned char __user *)regs->ip);
++		err |= get_user(addr1, (unsigned int __user *)(regs->ip + 1));
++		err |= get_user(jmp, (unsigned char __user *)(regs->ip + 5));
++		err |= get_user(addr2, (unsigned int __user *)(regs->ip + 6));
++
++		if (err)
++			break;
++
++		if (mov == 0xB9 && jmp == 0xE9) {
++			regs->cx = addr1;
++			regs->ip = (unsigned int)(regs->ip + addr2 + 10);
++			return 2;
++		}
++	} while (0);
++
++	return 1; /* PaX in action */
++}
++
++#ifdef CONFIG_X86_64
++static int pax_handle_fetch_fault_64(struct pt_regs *regs)
++{
++	int err;
++
++	do { /* PaX: gcc trampoline emulation #1 */
++		unsigned short mov1, mov2, jmp1;
++		unsigned char jmp2;
++		unsigned int addr1;
++		unsigned long addr2;
++
++		err = get_user(mov1, (unsigned short __user *)regs->ip);
++		err |= get_user(addr1, (unsigned int __user *)(regs->ip + 2));
++		err |= get_user(mov2, (unsigned short __user *)(regs->ip + 6));
++		err |= get_user(addr2, (unsigned long __user *)(regs->ip + 8));
++		err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 16));
++		err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 18));
++
++		if (err)
++			break;
++
++		if (mov1 == 0xBB41 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
++			regs->r11 = addr1;
++			regs->r10 = addr2;
++			regs->ip = addr1;
++			return 2;
++		}
++	} while (0);
++
++	do { /* PaX: gcc trampoline emulation #2 */
++		unsigned short mov1, mov2, jmp1;
++		unsigned char jmp2;
++		unsigned long addr1, addr2;
++
++		err = get_user(mov1, (unsigned short __user *)regs->ip);
++		err |= get_user(addr1, (unsigned long __user *)(regs->ip + 2));
++		err |= get_user(mov2, (unsigned short __user *)(regs->ip + 10));
++		err |= get_user(addr2, (unsigned long __user *)(regs->ip + 12));
++		err |= get_user(jmp1, (unsigned short __user *)(regs->ip + 20));
++		err |= get_user(jmp2, (unsigned char __user *)(regs->ip + 22));
++
++		if (err)
++			break;
++
++		if (mov1 == 0xBB49 && mov2 == 0xBA49 && jmp1 == 0xFF49 && jmp2 == 0xE3) {
++			regs->r11 = addr1;
++			regs->r10 = addr2;
++			regs->ip = addr1;
++			return 2;
++		}
++	} while (0);
++
++	return 1; /* PaX in action */
++}
++#endif
++
++/*
++ * PaX: decide what to do with offenders (regs->ip = fault address)
++ *
++ * returns 1 when task should be killed
++ *         2 when gcc trampoline was detected
++ */
++static int pax_handle_fetch_fault(struct pt_regs *regs)
++{
++	if (v8086_mode(regs))
++		return 1;
++
++	if (!(current->mm->pax_flags & MF_PAX_EMUTRAMP))
++		return 1;
++
++#ifdef CONFIG_X86_32
++	return pax_handle_fetch_fault_32(regs);
++#else
++	if (regs->cs == __USER32_CS || (regs->cs & SEGMENT_LDT))
++		return pax_handle_fetch_fault_32(regs);
++	else
++		return pax_handle_fetch_fault_64(regs);
++#endif
++}
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++void pax_report_insns(void *pc, void *sp)
++{
++	long i;
++
++	printk(KERN_ERR "PAX: bytes at PC: ");
++	for (i = 0; i < 20; i++) {
++		unsigned char c;
++		if (get_user(c, (unsigned char __user *)pc+i))
++			printk(KERN_CONT "?? ");
++		else
++			printk(KERN_CONT "%02x ", c);
++	}
++	printk("\n");
++
++	printk(KERN_ERR "PAX: bytes at SP-%lu: ", (unsigned long)sizeof(long));
++	for (i = -1; i < 80 / sizeof(long); i++) {
++		unsigned long c;
++		if (get_user(c, (unsigned long __user *)sp+i))
++#ifdef CONFIG_X86_32
++			printk(KERN_CONT "???????? ");
++#else
++			printk(KERN_CONT "???????????????? ");
++#endif
++		else
++			printk(KERN_CONT "%0*lx ", 2 * (int)sizeof(long), c);
++	}
++	printk("\n");
++}
++#endif
+diff -urNp linux-2.6.29.6/arch/x86/mm/highmem_32.c linux-2.6.29.6/arch/x86/mm/highmem_32.c
+--- linux-2.6.29.6/arch/x86/mm/highmem_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/highmem_32.c	2009-07-23 17:34:32.085744993 -0400
+@@ -74,6 +74,10 @@ void *kmap_atomic_prot(struct page *page
+ 	enum fixed_addresses idx;
+ 	unsigned long vaddr;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	/* even !CONFIG_PREEMPT needs this, for in_atomic in do_page_fault */
+ 	pagefault_disable();
+ 
+@@ -85,7 +89,17 @@ void *kmap_atomic_prot(struct page *page
+ 	idx = type + KM_TYPE_NR*smp_processor_id();
+ 	vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
+ 	BUG_ON(!pte_none(*(kmap_pte-idx)));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	set_pte(kmap_pte-idx, mk_pte(page, prot));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	arch_flush_lazy_mmu_mode();
+ 
+ 	return (void *)vaddr;
+@@ -101,15 +115,29 @@ void kunmap_atomic(void *kvaddr, enum km
+ 	unsigned long vaddr = (unsigned long) kvaddr & PAGE_MASK;
+ 	enum fixed_addresses idx = type + KM_TYPE_NR*smp_processor_id();
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	/*
+ 	 * Force other mappings to Oops if they'll try to access this pte
+ 	 * without first remap it.  Keeping stale mappings around is a bad idea
+ 	 * also, in case the page changes cacheability attributes or becomes
+ 	 * a protected page in a hypervisor.
+ 	 */
+-	if (vaddr == __fix_to_virt(FIX_KMAP_BEGIN+idx))
++	if (vaddr == __fix_to_virt(FIX_KMAP_BEGIN+idx)) {
++
++#ifdef CONFIG_PAX_KERNEXEC
++		pax_open_kernel(cr0);
++#endif
++
+ 		kpte_clear_flush(kmap_pte-idx, vaddr);
+-	else {
++
++#ifdef CONFIG_PAX_KERNEXEC
++		pax_close_kernel(cr0);
++#endif
++
++	} else {
+ #ifdef CONFIG_DEBUG_HIGHMEM
+ 		BUG_ON(vaddr < PAGE_OFFSET);
+ 		BUG_ON(vaddr >= (unsigned long)high_memory);
+@@ -128,11 +156,25 @@ void *kmap_atomic_pfn(unsigned long pfn,
+ 	enum fixed_addresses idx;
+ 	unsigned long vaddr;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	pagefault_disable();
+ 
+ 	idx = type + KM_TYPE_NR*smp_processor_id();
+ 	vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	set_pte(kmap_pte-idx, pfn_pte(pfn, kmap_prot));
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	arch_flush_lazy_mmu_mode();
+ 
+ 	return (void*) vaddr;
+diff -urNp linux-2.6.29.6/arch/x86/mm/hugetlbpage.c linux-2.6.29.6/arch/x86/mm/hugetlbpage.c
+--- linux-2.6.29.6/arch/x86/mm/hugetlbpage.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/hugetlbpage.c	2009-07-23 17:34:32.085744993 -0400
+@@ -267,13 +267,18 @@ static unsigned long hugetlb_get_unmappe
+ 	struct hstate *h = hstate_file(file);
+ 	struct mm_struct *mm = current->mm;
+ 	struct vm_area_struct *vma;
+-	unsigned long start_addr;
++	unsigned long start_addr, pax_task_size = TASK_SIZE;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
+ 
+ 	if (len > mm->cached_hole_size) {
+-	        start_addr = mm->free_area_cache;
++		start_addr = mm->free_area_cache;
+ 	} else {
+-	        start_addr = TASK_UNMAPPED_BASE;
+-	        mm->cached_hole_size = 0;
++		start_addr = mm->mmap_base;
++		mm->cached_hole_size = 0;
+ 	}
+ 
+ full_search:
+@@ -281,13 +286,13 @@ full_search:
+ 
+ 	for (vma = find_vma(mm, addr); ; vma = vma->vm_next) {
+ 		/* At this point:  (!vma || addr < vma->vm_end). */
+-		if (TASK_SIZE - len < addr) {
++		if (pax_task_size - len < addr) {
+ 			/*
+ 			 * Start a new search - just in case we missed
+ 			 * some holes.
+ 			 */
+-			if (start_addr != TASK_UNMAPPED_BASE) {
+-				start_addr = TASK_UNMAPPED_BASE;
++			if (start_addr != mm->mmap_base) {
++				start_addr = mm->mmap_base;
+ 				mm->cached_hole_size = 0;
+ 				goto full_search;
+ 			}
+@@ -310,9 +315,8 @@ static unsigned long hugetlb_get_unmappe
+ 	struct hstate *h = hstate_file(file);
+ 	struct mm_struct *mm = current->mm;
+ 	struct vm_area_struct *vma, *prev_vma;
+-	unsigned long base = mm->mmap_base, addr = addr0;
++	unsigned long base = mm->mmap_base, addr;
+ 	unsigned long largest_hole = mm->cached_hole_size;
+-	int first_time = 1;
+ 
+ 	/* don't allow allocations above current base */
+ 	if (mm->free_area_cache > base)
+@@ -322,7 +326,7 @@ static unsigned long hugetlb_get_unmappe
+ 	        largest_hole = 0;
+ 		mm->free_area_cache  = base;
+ 	}
+-try_again:
++
+ 	/* make sure it can fit in the remaining address space */
+ 	if (mm->free_area_cache < len)
+ 		goto fail;
+@@ -364,22 +368,26 @@ try_again:
+ 
+ fail:
+ 	/*
+-	 * if hint left us with no space for the requested
+-	 * mapping then try again:
+-	 */
+-	if (first_time) {
+-		mm->free_area_cache = base;
+-		largest_hole = 0;
+-		first_time = 0;
+-		goto try_again;
+-	}
+-	/*
+ 	 * A failed mmap() very likely causes application failure,
+ 	 * so fall back to the bottom-up function here. This scenario
+ 	 * can happen with large stack limits and large mmap()
+ 	 * allocations.
+ 	 */
+-	mm->free_area_cache = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC)
++		mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE;
++	else
++#endif
++
++	mm->mmap_base = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (mm->pax_flags & MF_PAX_RANDMMAP)
++		mm->mmap_base += mm->delta_mmap;
++#endif
++
++	mm->free_area_cache = mm->mmap_base;
+ 	mm->cached_hole_size = ~0UL;
+ 	addr = hugetlb_get_unmapped_area_bottomup(file, addr0,
+ 			len, pgoff, flags);
+@@ -387,6 +395,7 @@ fail:
+ 	/*
+ 	 * Restore the topdown base:
+ 	 */
++	mm->mmap_base = base;
+ 	mm->free_area_cache = base;
+ 	mm->cached_hole_size = ~0UL;
+ 
+@@ -400,10 +409,17 @@ hugetlb_get_unmapped_area(struct file *f
+ 	struct hstate *h = hstate_file(file);
+ 	struct mm_struct *mm = current->mm;
+ 	struct vm_area_struct *vma;
++	unsigned long pax_task_size = TASK_SIZE;
+ 
+ 	if (len & ~huge_page_mask(h))
+ 		return -EINVAL;
+-	if (len > TASK_SIZE)
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
++
++	if (len > pax_task_size)
+ 		return -ENOMEM;
+ 
+ 	if (flags & MAP_FIXED) {
+@@ -415,7 +431,7 @@ hugetlb_get_unmapped_area(struct file *f
+ 	if (addr) {
+ 		addr = ALIGN(addr, huge_page_size(h));
+ 		vma = find_vma(mm, addr);
+-		if (TASK_SIZE - len >= addr &&
++		if (pax_task_size - len >= addr &&
+ 		    (!vma || addr + len <= vma->vm_start))
+ 			return addr;
+ 	}
+diff -urNp linux-2.6.29.6/arch/x86/mm/init_32.c linux-2.6.29.6/arch/x86/mm/init_32.c
+--- linux-2.6.29.6/arch/x86/mm/init_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/init_32.c	2009-07-23 17:34:32.086818444 -0400
+@@ -50,6 +50,7 @@
+ #include <asm/setup.h>
+ #include <asm/cacheflush.h>
+ #include <asm/smp.h>
++#include <asm/desc.h>
+ 
+ unsigned int __VMALLOC_RESERVE = 128 << 20;
+ 
+@@ -82,36 +83,6 @@ static __init void *alloc_low_page(void)
+ }
+ 
+ /*
+- * Creates a middle page table and puts a pointer to it in the
+- * given global directory entry. This only returns the gd entry
+- * in non-PAE compilation mode, since the middle layer is folded.
+- */
+-static pmd_t * __init one_md_table_init(pgd_t *pgd)
+-{
+-	pud_t *pud;
+-	pmd_t *pmd_table;
+-
+-#ifdef CONFIG_X86_PAE
+-	if (!(pgd_val(*pgd) & _PAGE_PRESENT)) {
+-		if (after_init_bootmem)
+-			pmd_table = (pmd_t *)alloc_bootmem_low_pages(PAGE_SIZE);
+-		else
+-			pmd_table = (pmd_t *)alloc_low_page();
+-		paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT);
+-		set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT));
+-		pud = pud_offset(pgd, 0);
+-		BUG_ON(pmd_table != pmd_offset(pud, 0));
+-
+-		return pmd_table;
+-	}
+-#endif
+-	pud = pud_offset(pgd, 0);
+-	pmd_table = pmd_offset(pud, 0);
+-
+-	return pmd_table;
+-}
+-
+-/*
+  * Create a page table and place a pointer to it in a middle page
+  * directory entry:
+  */
+@@ -131,7 +102,11 @@ static pte_t * __init one_page_table_ini
+ 			page_table = (pte_t *)alloc_low_page();
+ 
+ 		paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT);
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++		set_pmd(pmd, __pmd(__pa(page_table) | _KERNPG_TABLE));
++#else
+ 		set_pmd(pmd, __pmd(__pa(page_table) | _PAGE_TABLE));
++#endif
+ 		BUG_ON(page_table != pte_offset_kernel(pmd, 0));
+ 	}
+ 
+@@ -194,6 +169,7 @@ page_table_range_init(unsigned long star
+ 	int pgd_idx, pmd_idx;
+ 	unsigned long vaddr;
+ 	pgd_t *pgd;
++	pud_t *pud;
+ 	pmd_t *pmd;
+ 	pte_t *pte = NULL;
+ 
+@@ -203,8 +179,13 @@ page_table_range_init(unsigned long star
+ 	pgd = pgd_base + pgd_idx;
+ 
+ 	for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) {
+-		pmd = one_md_table_init(pgd);
+-		pmd = pmd + pmd_index(vaddr);
++		pud = pud_offset(pgd, vaddr);
++		pmd = pmd_offset(pud, vaddr);
++
++#ifdef CONFIG_X86_PAE
++		paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
++#endif
++
+ 		for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end);
+ 							pmd++, pmd_idx++) {
+ 			pte = page_table_kmap_check(one_page_table_init(pmd),
+@@ -216,11 +197,23 @@ page_table_range_init(unsigned long star
+ 	}
+ }
+ 
+-static inline int is_kernel_text(unsigned long addr)
++static inline int is_kernel_text(unsigned long start, unsigned long end)
+ {
+-	if (addr >= PAGE_OFFSET && addr <= (unsigned long)__init_end)
+-		return 1;
+-	return 0;
++	unsigned long etext;
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++	etext = ktva_ktla((unsigned long)&MODULES_END);
++#else
++	etext = (unsigned long)&_etext;
++#endif
++
++	if ((start > ktla_ktva(etext) ||
++	     end <= ktla_ktva((unsigned long)_stext)) &&
++	    (start > ktla_ktva((unsigned long)_einittext) ||
++	     end <= ktla_ktva((unsigned long)_sinittext)) &&
++	    (start > (unsigned long)__va(0xfffff) || end <= (unsigned long)__va(0xc0000)))
++		return 0;
++	return 1;
+ }
+ 
+ /*
+@@ -233,9 +226,10 @@ static void __init kernel_physical_mappi
+ 						unsigned long end_pfn,
+ 						int use_pse)
+ {
+-	int pgd_idx, pmd_idx, pte_ofs;
++	unsigned int pgd_idx, pmd_idx, pte_ofs;
+ 	unsigned long pfn;
+ 	pgd_t *pgd;
++	pud_t *pud;
+ 	pmd_t *pmd;
+ 	pte_t *pte;
+ 	unsigned pages_2m, pages_4k;
+@@ -265,8 +259,13 @@ repeat:
+ 	pfn = start_pfn;
+ 	pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
+ 	pgd = pgd_base + pgd_idx;
+-	for (; pgd_idx < PTRS_PER_PGD; pgd++, pgd_idx++) {
+-		pmd = one_md_table_init(pgd);
++	for (; pgd_idx < PTRS_PER_PGD && pfn < max_low_pfn; pgd++, pgd_idx++) {
++		pud = pud_offset(pgd, 0);
++		pmd = pmd_offset(pud, 0);
++
++#ifdef CONFIG_X86_PAE
++		paravirt_alloc_pmd(&init_mm, __pa(pmd) >> PAGE_SHIFT);
++#endif
+ 
+ 		if (pfn >= end_pfn)
+ 			continue;
+@@ -278,14 +277,13 @@ repeat:
+ #endif
+ 		for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn;
+ 		     pmd++, pmd_idx++) {
+-			unsigned int addr = pfn * PAGE_SIZE + PAGE_OFFSET;
++			unsigned long address = pfn * PAGE_SIZE + PAGE_OFFSET;
+ 
+ 			/*
+ 			 * Map with big pages if possible, otherwise
+ 			 * create normal page tables:
+ 			 */
+ 			if (use_pse) {
+-				unsigned int addr2;
+ 				pgprot_t prot = PAGE_KERNEL_LARGE;
+ 				/*
+ 				 * first pass will use the same initial
+@@ -295,11 +293,7 @@ repeat:
+ 					__pgprot(PTE_IDENT_ATTR |
+ 						 _PAGE_PSE);
+ 
+-				addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE +
+-					PAGE_OFFSET + PAGE_SIZE-1;
+-
+-				if (is_kernel_text(addr) ||
+-				    is_kernel_text(addr2))
++				if (is_kernel_text(address, address + PMD_SIZE))
+ 					prot = PAGE_KERNEL_LARGE_EXEC;
+ 
+ 				pages_2m++;
+@@ -316,7 +310,7 @@ repeat:
+ 			pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET);
+ 			pte += pte_ofs;
+ 			for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn;
+-			     pte++, pfn++, pte_ofs++, addr += PAGE_SIZE) {
++			     pte++, pfn++, pte_ofs++, address += PAGE_SIZE) {
+ 				pgprot_t prot = PAGE_KERNEL;
+ 				/*
+ 				 * first pass will use the same initial
+@@ -324,7 +318,7 @@ repeat:
+ 				 */
+ 				pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR);
+ 
+-				if (is_kernel_text(addr))
++				if (is_kernel_text(address, address + PAGE_SIZE))
+ 					prot = PAGE_KERNEL_EXEC;
+ 
+ 				pages_4k++;
+@@ -369,7 +363,13 @@ repeat:
+  */
+ int devmem_is_allowed(unsigned long pagenr)
+ {
+-	if (pagenr <= 256)
++	if (!pagenr)
++		return 1;
++#ifdef CONFIG_VM86
++	if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT))
++		return 1;
++#endif
++	if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
+ 		return 1;
+ 	if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
+ 		return 0;
+@@ -508,7 +508,7 @@ void __init native_pagetable_setup_start
+ 
+ 		pud = pud_offset(pgd, va);
+ 		pmd = pmd_offset(pud, va);
+-		if (!pmd_present(*pmd))
++		if (!pmd_present(*pmd) || pmd_huge(*pmd))
+ 			break;
+ 
+ 		pte = pte_offset_kernel(pmd, va);
+@@ -559,9 +559,7 @@ static void __init early_ioremap_page_ta
+ 
+ static void __init pagetable_init(void)
+ {
+-	pgd_t *pgd_base = swapper_pg_dir;
+-
+-	permanent_kmaps_init(pgd_base);
++	permanent_kmaps_init(swapper_pg_dir);
+ }
+ 
+ #ifdef CONFIG_ACPI_SLEEP
+@@ -569,12 +567,12 @@ static void __init pagetable_init(void)
+  * ACPI suspend needs this for resume, because things like the intel-agp
+  * driver might have split up a kernel 4MB mapping.
+  */
+-char swsusp_pg_dir[PAGE_SIZE]
++pgd_t swsusp_pg_dir[PTRS_PER_PGD]
+ 	__attribute__ ((aligned(PAGE_SIZE)));
+ 
+ static inline void save_pg_dir(void)
+ {
+-	memcpy(swsusp_pg_dir, swapper_pg_dir, PAGE_SIZE);
++	clone_pgd_range(swsusp_pg_dir, swapper_pg_dir, PTRS_PER_PGD);
+ }
+ #else /* !CONFIG_ACPI_SLEEP */
+ static inline void save_pg_dir(void)
+@@ -604,13 +602,11 @@ void zap_low_mappings(void)
+ 
+ int nx_enabled;
+ 
+-pteval_t __supported_pte_mask __read_mostly = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
++pteval_t __supported_pte_mask __read_only = ~(_PAGE_NX | _PAGE_GLOBAL | _PAGE_IOMAP);
+ EXPORT_SYMBOL_GPL(__supported_pte_mask);
+ 
+ #ifdef CONFIG_X86_PAE
+ 
+-static int disable_nx __initdata;
+-
+ /*
+  * noexec = on|off
+  *
+@@ -619,40 +615,33 @@ static int disable_nx __initdata;
+  * on      Enable
+  * off     Disable
+  */
++#if !defined(CONFIG_PAX_PAGEEXEC)
+ static int __init noexec_setup(char *str)
+ {
+ 	if (!str || !strcmp(str, "on")) {
+-		if (cpu_has_nx) {
+-			__supported_pte_mask |= _PAGE_NX;
+-			disable_nx = 0;
+-		}
++		if (cpu_has_nx)
++			nx_enabled = 1;
+ 	} else {
+-		if (!strcmp(str, "off")) {
+-			disable_nx = 1;
+-			__supported_pte_mask &= ~_PAGE_NX;
+-		} else {
++		if (!strcmp(str, "off"))
++			nx_enabled = 0;
++		else
+ 			return -EINVAL;
+-		}
+ 	}
+ 
+ 	return 0;
+ }
+ early_param("noexec", noexec_setup);
++#endif
+ 
+ static void __init set_nx(void)
+ {
+-	unsigned int v[4], l, h;
++	if (!nx_enabled && cpu_has_nx) {
++		unsigned l, h;
+ 
+-	if (cpu_has_pae && (cpuid_eax(0x80000000) > 0x80000001)) {
+-		cpuid(0x80000001, &v[0], &v[1], &v[2], &v[3]);
+-
+-		if ((v[3] & (1 << 20)) && !disable_nx) {
+-			rdmsr(MSR_EFER, l, h);
+-			l |= EFER_NX;
+-			wrmsr(MSR_EFER, l, h);
+-			nx_enabled = 1;
+-			__supported_pte_mask |= _PAGE_NX;
+-		}
++		__supported_pte_mask &= ~_PAGE_NX;
++		rdmsr(MSR_EFER, l, h);
++		l &= ~EFER_NX;
++		wrmsr(MSR_EFER, l, h);
+ 	}
+ }
+ #endif
+@@ -1035,7 +1024,7 @@ void __init mem_init(void)
+ 	set_highmem_pages_init();
+ 
+ 	codesize =  (unsigned long) &_etext - (unsigned long) &_text;
+-	datasize =  (unsigned long) &_edata - (unsigned long) &_etext;
++	datasize =  (unsigned long) &_edata - (unsigned long) &_data;
+ 	initsize =  (unsigned long) &__init_end - (unsigned long) &__init_begin;
+ 
+ 	kclist_add(&kcore_mem, __va(0), max_low_pfn << PAGE_SHIFT);
+@@ -1081,10 +1070,10 @@ void __init mem_init(void)
+ 		((unsigned long)&__init_end -
+ 		 (unsigned long)&__init_begin) >> 10,
+ 
+-		(unsigned long)&_etext, (unsigned long)&_edata,
+-		((unsigned long)&_edata - (unsigned long)&_etext) >> 10,
++		(unsigned long)&_data, (unsigned long)&_edata,
++		((unsigned long)&_edata - (unsigned long)&_data) >> 10,
+ 
+-		(unsigned long)&_text, (unsigned long)&_etext,
++		ktla_ktva((unsigned long)&_text), ktla_ktva((unsigned long)&_etext),
+ 		((unsigned long)&_etext - (unsigned long)&_text) >> 10);
+ 
+ 	/*
+@@ -1227,6 +1216,46 @@ void free_init_pages(char *what, unsigne
+ 
+ void free_initmem(void)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	/* PaX: limit KERNEL_CS to actual size */
++	unsigned long addr, limit;
++	struct desc_struct d;
++	int cpu;
++	pgd_t *pgd;
++	pud_t *pud;
++	pmd_t *pmd;
++
++#ifdef CONFIG_MODULES
++	limit = ktva_ktla((unsigned long)&MODULES_END);
++#else
++	limit = (unsigned long)&_etext;
++#endif
++	limit = (limit - 1UL) >> PAGE_SHIFT;
++
++	for (cpu = 0; cpu < NR_CPUS; cpu++) {
++		pack_descriptor(&d, get_desc_base(&get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_CS]), limit, 0x9B, 0xC);
++		write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_KERNEL_CS, &d, DESCTYPE_S);
++	}
++
++	/* PaX: make KERNEL_CS read-only */
++	for (addr = ktla_ktva((unsigned long)&_text); addr < (unsigned long)&_data; addr += PMD_SIZE) {
++		pgd = pgd_offset_k(addr);
++		pud = pud_offset(pgd, addr);
++		pmd = pmd_offset(pud, addr);
++		set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++	}
++#ifdef CONFIG_X86_PAE
++	for (addr = (unsigned long)&__init_begin; addr < (unsigned long)&__init_end; addr += PMD_SIZE) {
++		pgd = pgd_offset_k(addr);
++		pud = pud_offset(pgd, addr);
++		pmd = pmd_offset(pud, addr);
++		set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
++	}
++#endif
++	flush_tlb_all();
++#endif
++
+ 	free_init_pages("unused kernel memory",
+ 			(unsigned long)(&__init_begin),
+ 			(unsigned long)(&__init_end));
+diff -urNp linux-2.6.29.6/arch/x86/mm/init_64.c linux-2.6.29.6/arch/x86/mm/init_64.c
+--- linux-2.6.29.6/arch/x86/mm/init_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/init_64.c	2009-07-23 17:34:32.086818444 -0400
+@@ -175,6 +175,10 @@ set_pte_vaddr_pud(pud_t *pud_page, unsig
+ 	pmd_t *pmd;
+ 	pte_t *pte;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	pud = pud_page + pud_index(vaddr);
+ 	if (pud_none(*pud)) {
+ 		pmd = (pmd_t *) spp_getpage();
+@@ -196,8 +200,17 @@ set_pte_vaddr_pud(pud_t *pud_page, unsig
+ 	}
+ 
+ 	pte = pte_offset_kernel(pmd, vaddr);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	set_pte(pte, new_pte);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	/*
+ 	 * It's enough to flush this one mapping.
+ 	 * (PGE mappings get flushed as well)
+@@ -238,14 +251,12 @@ static void __init __init_extra_mapping(
+ 		pgd = pgd_offset_k((unsigned long)__va(phys));
+ 		if (pgd_none(*pgd)) {
+ 			pud = (pud_t *) spp_getpage();
+-			set_pgd(pgd, __pgd(__pa(pud) | _KERNPG_TABLE |
+-						_PAGE_USER));
++			set_pgd(pgd, __pgd(__pa(pud) | _PAGE_TABLE));
+ 		}
+ 		pud = pud_offset(pgd, (unsigned long)__va(phys));
+ 		if (pud_none(*pud)) {
+ 			pmd = (pmd_t *) spp_getpage();
+-			set_pud(pud, __pud(__pa(pmd) | _KERNPG_TABLE |
+-						_PAGE_USER));
++			set_pud(pud, __pud(__pa(pmd) | _PAGE_TABLE));
+ 		}
+ 		pmd = pmd_offset(pud, phys);
+ 		BUG_ON(!pmd_none(*pmd));
+@@ -888,7 +899,9 @@ EXPORT_SYMBOL_GPL(memory_add_physaddr_to
+  */
+ int devmem_is_allowed(unsigned long pagenr)
+ {
+-	if (pagenr <= 256)
++	if (!pagenr)
++		return 1;
++	if ((ISA_START_ADDRESS >> PAGE_SHIFT) <= pagenr && pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
+ 		return 1;
+ 	if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
+ 		return 0;
+@@ -979,6 +992,39 @@ void free_init_pages(char *what, unsigne
+ 
+ void free_initmem(void)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long addr, end;
++	pgd_t *pgd;
++	pud_t *pud;
++	pmd_t *pmd;
++
++	/* PaX: make kernel code/rodata read-only, rest non-executable */
++	for (addr = __START_KERNEL_map; addr < __START_KERNEL_map + KERNEL_IMAGE_SIZE; addr += PMD_SIZE) {
++		pgd = pgd_offset_k(addr);
++		pud = pud_offset(pgd, addr);
++		pmd = pmd_offset(pud, addr);
++		if ((unsigned long)_text <= addr && addr < (unsigned long)_data)
++			set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++		else
++			set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
++	}
++
++	addr = (unsigned long)__va(__pa(__START_KERNEL_map));
++	end = addr + KERNEL_IMAGE_SIZE;
++	for (; addr < end; addr += PMD_SIZE) {
++		pgd = pgd_offset_k(addr);
++		pud = pud_offset(pgd, addr);
++		pmd = pmd_offset(pud, addr);
++		if ((unsigned long)__va(__pa(_text)) <= addr && addr < (unsigned long)__va(__pa(_data)))
++			set_pmd(pmd, __pmd(pmd_val(*pmd) & ~_PAGE_RW));
++		else
++			set_pmd(pmd, __pmd(pmd_val(*pmd) | (_PAGE_NX & __supported_pte_mask)));
++	}
++
++	flush_tlb_all();
++#endif
++
+ 	free_init_pages("unused kernel memory",
+ 			(unsigned long)(&__init_begin),
+ 			(unsigned long)(&__init_end));
+@@ -1116,8 +1162,8 @@ int kern_addr_valid(unsigned long addr)
+ static struct vm_area_struct gate_vma = {
+ 	.vm_start	= VSYSCALL_START,
+ 	.vm_end		= VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
+-	.vm_page_prot	= PAGE_READONLY_EXEC,
+-	.vm_flags	= VM_READ | VM_EXEC
++	.vm_page_prot	= PAGE_READONLY,
++	.vm_flags	= VM_READ
+ };
+ 
+ struct vm_area_struct *get_gate_vma(struct task_struct *tsk)
+@@ -1151,7 +1197,7 @@ int in_gate_area_no_task(unsigned long a
+ 
+ const char *arch_vma_name(struct vm_area_struct *vma)
+ {
+-	if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
++	if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
+ 		return "[vdso]";
+ 	if (vma == &gate_vma)
+ 		return "[vsyscall]";
+diff -urNp linux-2.6.29.6/arch/x86/mm/iomap_32.c linux-2.6.29.6/arch/x86/mm/iomap_32.c
+--- linux-2.6.29.6/arch/x86/mm/iomap_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/iomap_32.c	2009-07-23 17:34:32.086818444 -0400
+@@ -24,7 +24,7 @@ int is_io_mapping_possible(resource_size
+ {
+ #ifndef CONFIG_X86_PAE
+ 	/* There is no way to map greater than 1 << 32 address without PAE */
+-	if (base + size > 0x100000000ULL)
++	if ((u64)base + size > 0x100000000ULL)
+ 		return 0;
+ #endif
+ 	return 1;
+diff -urNp linux-2.6.29.6/arch/x86/mm/ioremap.c linux-2.6.29.6/arch/x86/mm/ioremap.c
+--- linux-2.6.29.6/arch/x86/mm/ioremap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/ioremap.c	2009-07-23 17:34:37.458887026 -0400
+@@ -114,8 +114,8 @@ int page_is_ram(unsigned long pagenr)
+ 	 * Second special case: Some BIOSen report the PC BIOS
+ 	 * area (640->1Mb) as ram even though it is not.
+ 	 */
+-	if (pagenr >= (BIOS_BEGIN >> PAGE_SHIFT) &&
+-		    pagenr < (BIOS_END >> PAGE_SHIFT))
++	if (pagenr >= (ISA_START_ADDRESS >> PAGE_SHIFT) &&
++		    pagenr < (ISA_END_ADDRESS >> PAGE_SHIFT))
+ 		return 0;
+ 
+ 	for (i = 0; i < e820.nr_map; i++) {
+@@ -210,10 +210,7 @@ static void __iomem *__ioremap_caller(re
+ 	/*
+ 	 * Don't allow anybody to remap normal RAM that we're using..
+ 	 */
+-	for (pfn = phys_addr >> PAGE_SHIFT;
+-				(pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK);
+-				pfn++) {
+-
++	for (pfn = phys_addr >> PAGE_SHIFT; ((resource_size_t)pfn << PAGE_SHIFT) < (last_addr & PAGE_MASK); pfn++) {
+ 		int is_ram = page_is_ram(pfn);
+ 
+ 		if (is_ram && pfn_valid(pfn) && !PageReserved(pfn_to_page(pfn)))
+@@ -275,6 +272,8 @@ static void __iomem *__ioremap_caller(re
+ 		break;
+ 	}
+ 
++	prot = canon_pgprot(prot);
++
+ 	/*
+ 	 * Ok, go for it..
+ 	 */
+@@ -490,7 +489,6 @@ static int __init early_ioremap_debug_se
+ early_param("early_ioremap_debug", early_ioremap_debug_setup);
+ 
+ static __initdata int after_paging_init;
+-static pte_t bm_pte[PAGE_SIZE/sizeof(pte_t)] __page_aligned_bss;
+ 
+ static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
+ {
+@@ -505,7 +503,11 @@ static inline pmd_t * __init early_iorem
+ 
+ static inline pte_t * __init early_ioremap_pte(unsigned long addr)
+ {
+-	return &bm_pte[pte_index(addr)];
++#ifdef CONFIG_X86_32
++	return &swapper_pg_fixmap[pte_index(addr)];
++#else
++	return &level1_fixmap_pgt[pte_index(addr)];
++#endif
+ }
+ 
+ void __init early_ioremap_init(void)
+@@ -516,8 +518,6 @@ void __init early_ioremap_init(void)
+ 		printk(KERN_INFO "early_ioremap_init()\n");
+ 
+ 	pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
+-	memset(bm_pte, 0, sizeof(bm_pte));
+-	pmd_populate_kernel(&init_mm, pmd, bm_pte);
+ 
+ 	/*
+ 	 * The boot-ioremap range spans multiple pmds, for which
+diff -urNp linux-2.6.29.6/arch/x86/mm/mmap.c linux-2.6.29.6/arch/x86/mm/mmap.c
+--- linux-2.6.29.6/arch/x86/mm/mmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/mmap.c	2009-07-23 17:34:32.087725848 -0400
+@@ -36,7 +36,7 @@
+  * Leave an at least ~128 MB hole.
+  */
+ #define MIN_GAP (128*1024*1024)
+-#define MAX_GAP (TASK_SIZE/6*5)
++#define MAX_GAP (pax_task_size/6*5)
+ 
+ /*
+  * True on X86_32 or when emulating IA32 on X86_64
+@@ -81,27 +81,40 @@ static unsigned long mmap_rnd(void)
+ 	return rnd << PAGE_SHIFT;
+ }
+ 
+-static unsigned long mmap_base(void)
++static unsigned long mmap_base(struct mm_struct *mm)
+ {
+ 	unsigned long gap = current->signal->rlim[RLIMIT_STACK].rlim_cur;
++	unsigned long pax_task_size = TASK_SIZE;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
+ 
+ 	if (gap < MIN_GAP)
+ 		gap = MIN_GAP;
+ 	else if (gap > MAX_GAP)
+ 		gap = MAX_GAP;
+ 
+-	return PAGE_ALIGN(TASK_SIZE - gap - mmap_rnd());
++	return PAGE_ALIGN(pax_task_size - gap - mmap_rnd());
+ }
+ 
+ /*
+  * Bottom-up (legacy) layout on X86_32 did not support randomization, X86_64
+  * does, but not when emulating X86_32
+  */
+-static unsigned long mmap_legacy_base(void)
++static unsigned long mmap_legacy_base(struct mm_struct *mm)
+ {
+-	if (mmap_is_ia32())
++	if (mmap_is_ia32()) {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if (mm->pax_flags & MF_PAX_SEGMEXEC)
++			return SEGMEXEC_TASK_UNMAPPED_BASE;
++		else
++#endif
++
+ 		return TASK_UNMAPPED_BASE;
+-	else
++	} else
+ 		return TASK_UNMAPPED_BASE + mmap_rnd();
+ }
+ 
+@@ -112,11 +125,23 @@ static unsigned long mmap_legacy_base(vo
+ void arch_pick_mmap_layout(struct mm_struct *mm)
+ {
+ 	if (mmap_is_legacy()) {
+-		mm->mmap_base = mmap_legacy_base();
++		mm->mmap_base = mmap_legacy_base(mm);
++
++#ifdef CONFIG_PAX_RANDMMAP
++		if (mm->pax_flags & MF_PAX_RANDMMAP)
++			mm->mmap_base += mm->delta_mmap;
++#endif
++
+ 		mm->get_unmapped_area = arch_get_unmapped_area;
+ 		mm->unmap_area = arch_unmap_area;
+ 	} else {
+-		mm->mmap_base = mmap_base();
++		mm->mmap_base = mmap_base(mm);
++
++#ifdef CONFIG_PAX_RANDMMAP
++		if (mm->pax_flags & MF_PAX_RANDMMAP)
++			mm->mmap_base -= mm->delta_mmap + mm->delta_stack;
++#endif
++
+ 		mm->get_unmapped_area = arch_get_unmapped_area_topdown;
+ 		mm->unmap_area = arch_unmap_area_topdown;
+ 	}
+diff -urNp linux-2.6.29.6/arch/x86/mm/numa_32.c linux-2.6.29.6/arch/x86/mm/numa_32.c
+--- linux-2.6.29.6/arch/x86/mm/numa_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/numa_32.c	2009-07-23 17:34:32.087725848 -0400
+@@ -98,7 +98,6 @@ unsigned long node_memmap_size_bytes(int
+ }
+ #endif
+ 
+-extern unsigned long find_max_low_pfn(void);
+ extern unsigned long highend_pfn, highstart_pfn;
+ 
+ #define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE)
+diff -urNp linux-2.6.29.6/arch/x86/mm/pageattr.c linux-2.6.29.6/arch/x86/mm/pageattr.c
+--- linux-2.6.29.6/arch/x86/mm/pageattr.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/pageattr.c	2009-07-23 17:34:32.087725848 -0400
+@@ -20,6 +20,7 @@
+ #include <asm/pgalloc.h>
+ #include <asm/proto.h>
+ #include <asm/pat.h>
++#include <asm/desc.h>
+ 
+ /*
+  * The current flushing context - we pass it instead of 5 arguments:
+@@ -259,9 +260,10 @@ static inline pgprot_t static_protection
+ 	 * Does not cover __inittext since that is gone later on. On
+ 	 * 64bit we do not enforce !NX on the low mapping
+ 	 */
+-	if (within(address, (unsigned long)_text, (unsigned long)_etext))
++	if (within(address, ktla_ktva((unsigned long)_text), ktla_ktva((unsigned long)_etext)))
+ 		pgprot_val(forbidden) |= _PAGE_NX;
+ 
++#ifdef CONFIG_DEBUG_RODATA
+ 	/*
+ 	 * The .rodata section needs to be read-only. Using the pfn
+ 	 * catches all aliases.
+@@ -269,6 +271,7 @@ static inline pgprot_t static_protection
+ 	if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT,
+ 		   __pa((unsigned long)__end_rodata) >> PAGE_SHIFT))
+ 		pgprot_val(forbidden) |= _PAGE_RW;
++#endif
+ 
+ 	prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden));
+ 
+@@ -321,8 +324,20 @@ EXPORT_SYMBOL_GPL(lookup_address);
+  */
+ static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte)
+ {
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
+ 	/* change init_mm */
+ 	set_pte_atomic(kpte, pte);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ #ifdef CONFIG_X86_32
+ 	if (!SHARED_KERNEL_PMD) {
+ 		struct page *page;
+diff -urNp linux-2.6.29.6/arch/x86/mm/pageattr-test.c linux-2.6.29.6/arch/x86/mm/pageattr-test.c
+--- linux-2.6.29.6/arch/x86/mm/pageattr-test.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/pageattr-test.c	2009-07-23 17:34:32.088730317 -0400
+@@ -36,7 +36,7 @@ enum {
+ 
+ static int pte_testbit(pte_t pte)
+ {
+-	return pte_flags(pte) & _PAGE_UNUSED1;
++	return pte_flags(pte) & _PAGE_CPA_TEST;
+ }
+ 
+ struct split_state {
+diff -urNp linux-2.6.29.6/arch/x86/mm/pat.c linux-2.6.29.6/arch/x86/mm/pat.c
+--- linux-2.6.29.6/arch/x86/mm/pat.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/pat.c	2009-07-23 18:40:27.466429820 -0400
+@@ -204,7 +204,7 @@ chk_conflict(struct memtype *new, struct
+ 
+  conflict:
+ 	printk(KERN_INFO "%s:%d conflicting memory types "
+-	       "%Lx-%Lx %s<->%s\n", current->comm, current->pid, new->start,
++	       "%Lx-%Lx %s<->%s\n", current->comm, task_pid_nr(current), new->start,
+ 	       new->end, cattr_name(new->type), cattr_name(entry->type));
+ 	return -EBUSY;
+ }
+@@ -488,7 +488,7 @@ int free_memtype(u64 start, u64 end)
+ 
+ 	if (err) {
+ 		printk(KERN_INFO "%s:%d freeing invalid memtype %Lx-%Lx\n",
+-			current->comm, current->pid, start, end);
++			current->comm, task_pid_nr(current), start, end);
+ 	}
+ 
+ 	dprintk("free_memtype request 0x%Lx-0x%Lx\n", start, end);
+@@ -590,7 +590,7 @@ int phys_mem_access_prot_allowed(struct 
+ 		free_memtype(offset, offset + size);
+ 		printk(KERN_INFO
+ 		"%s:%d /dev/mem ioremap_change_attr failed %s for %Lx-%Lx\n",
+-			current->comm, current->pid,
++			current->comm, task_pid_nr(current),
+ 			cattr_name(flags),
+ 			offset, (unsigned long long)(offset + size));
+ 		return 0;
+@@ -611,7 +611,7 @@ void map_devmem(unsigned long pfn, unsig
+ 	if (flags != want_flags) {
+ 		printk(KERN_INFO
+ 		"%s:%d /dev/mem expected mapping type %s for %Lx-%Lx, got %s\n",
+-			current->comm, current->pid,
++			current->comm, task_pid_nr(current),
+ 			cattr_name(want_flags),
+ 			addr, (unsigned long long)(addr + size),
+ 			cattr_name(flags));
+@@ -656,7 +656,7 @@ static int reserve_pfn_range(u64 paddr, 
+ 			free_memtype(paddr, paddr + size);
+ 			printk(KERN_ERR "%s:%d map pfn expected mapping type %s"
+ 				" for %Lx-%Lx, got %s\n",
+-				current->comm, current->pid,
++				current->comm, task_pid_nr(current),
+ 				cattr_name(want_flags),
+ 				(unsigned long long)paddr,
+ 				(unsigned long long)(paddr + size),
+@@ -685,7 +685,7 @@ static int reserve_pfn_range(u64 paddr, 
+ 		printk(KERN_ERR
+ 			"%s:%d reserve_pfn_range ioremap_change_attr failed %s "
+ 			"for %Lx-%Lx\n",
+-			current->comm, current->pid,
++			current->comm, task_pid_nr(current),
+ 			cattr_name(flags),
+ 			(unsigned long long)paddr,
+ 			(unsigned long long)(paddr + size));
+@@ -870,7 +870,7 @@ static int memtype_seq_show(struct seq_f
+ 	return 0;
+ }
+ 
+-static struct seq_operations memtype_seq_ops = {
++static const struct seq_operations memtype_seq_ops = {
+ 	.start = memtype_seq_start,
+ 	.next  = memtype_seq_next,
+ 	.stop  = memtype_seq_stop,
+diff -urNp linux-2.6.29.6/arch/x86/mm/pgtable_32.c linux-2.6.29.6/arch/x86/mm/pgtable_32.c
+--- linux-2.6.29.6/arch/x86/mm/pgtable_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/mm/pgtable_32.c	2009-07-23 17:34:32.088730317 -0400
+@@ -31,6 +31,10 @@ void set_pte_vaddr(unsigned long vaddr, 
+ 	pmd_t *pmd;
+ 	pte_t *pte;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	pgd = swapper_pg_dir + pgd_index(vaddr);
+ 	if (pgd_none(*pgd)) {
+ 		BUG();
+@@ -47,11 +51,20 @@ void set_pte_vaddr(unsigned long vaddr, 
+ 		return;
+ 	}
+ 	pte = pte_offset_kernel(pmd, vaddr);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	if (pte_val(pteval))
+ 		set_pte_present(&init_mm, vaddr, pte, pteval);
+ 	else
+ 		pte_clear(&init_mm, vaddr, pte);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	/*
+ 	 * It's enough to flush this one mapping.
+ 	 * (PGE mappings get flushed as well)
+diff -urNp linux-2.6.29.6/arch/x86/oprofile/backtrace.c linux-2.6.29.6/arch/x86/oprofile/backtrace.c
+--- linux-2.6.29.6/arch/x86/oprofile/backtrace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/oprofile/backtrace.c	2009-07-23 17:34:32.088730317 -0400
+@@ -37,7 +37,7 @@ static void backtrace_address(void *data
+ 	unsigned int *depth = data;
+ 
+ 	if ((*depth)--)
+-		oprofile_add_trace(addr);
++		oprofile_add_trace(ktla_ktva(addr));
+ }
+ 
+ static struct stacktrace_ops backtrace_ops = {
+@@ -78,7 +78,7 @@ x86_backtrace(struct pt_regs * const reg
+ 	struct frame_head *head = (struct frame_head *)frame_pointer(regs);
+ 	unsigned long stack = kernel_trap_sp(regs);
+ 
+-	if (!user_mode_vm(regs)) {
++	if (!user_mode(regs)) {
+ 		if (depth)
+ 			dump_trace(NULL, regs, (unsigned long *)stack, 0,
+ 				   &backtrace_ops, &depth);
+diff -urNp linux-2.6.29.6/arch/x86/oprofile/op_model_p4.c linux-2.6.29.6/arch/x86/oprofile/op_model_p4.c
+--- linux-2.6.29.6/arch/x86/oprofile/op_model_p4.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/oprofile/op_model_p4.c	2009-07-23 17:34:32.089719706 -0400
+@@ -48,7 +48,7 @@ static inline void setup_num_counters(vo
+ #endif
+ }
+ 
+-static int inline addr_increment(void)
++static inline int addr_increment(void)
+ {
+ #ifdef CONFIG_SMP
+ 	return smp_num_siblings == 2 ? 2 : 1;
+diff -urNp linux-2.6.29.6/arch/x86/pci/common.c linux-2.6.29.6/arch/x86/pci/common.c
+--- linux-2.6.29.6/arch/x86/pci/common.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/pci/common.c	2009-07-23 17:34:32.089719706 -0400
+@@ -367,7 +367,7 @@ static struct dmi_system_id __devinitdat
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "ProLiant DL585 G2"),
+ 		},
+ 	},
+-	{}
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
+ };
+ 
+ void __init dmi_check_pciprobe(void)
+diff -urNp linux-2.6.29.6/arch/x86/pci/fixup.c linux-2.6.29.6/arch/x86/pci/fixup.c
+--- linux-2.6.29.6/arch/x86/pci/fixup.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/pci/fixup.c	2009-07-23 17:34:32.089719706 -0400
+@@ -364,7 +364,7 @@ static struct dmi_system_id __devinitdat
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "MS-6702E"),
+ 		},
+ 	},
+-	{}
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ 
+ /*
+@@ -435,7 +435,7 @@ static struct dmi_system_id __devinitdat
+ 			DMI_MATCH(DMI_PRODUCT_VERSION, "PSA40U"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ 
+ static void __devinit pci_pre_fixup_toshiba_ohci1394(struct pci_dev *dev)
+diff -urNp linux-2.6.29.6/arch/x86/pci/i386.c linux-2.6.29.6/arch/x86/pci/i386.c
+--- linux-2.6.29.6/arch/x86/pci/i386.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/pci/i386.c	2009-07-23 18:40:27.495305970 -0400
+@@ -273,7 +273,7 @@ static void pci_track_mmap_page_range(st
+ 	reserve_memtype(addr, addr + vma->vm_end - vma->vm_start, flags, NULL);
+ }
+ 
+-static struct vm_operations_struct pci_mmap_ops = {
++static const struct vm_operations_struct pci_mmap_ops = {
+ 	.open  = pci_track_mmap_page_range,
+ 	.close = pci_unmap_page_range,
+ 	.access = generic_access_phys,
+diff -urNp linux-2.6.29.6/arch/x86/pci/irq.c linux-2.6.29.6/arch/x86/pci/irq.c
+--- linux-2.6.29.6/arch/x86/pci/irq.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/pci/irq.c	2009-07-23 17:34:32.089719706 -0400
+@@ -543,7 +543,7 @@ static __init int intel_router_probe(str
+ 	static struct pci_device_id __initdata pirq_440gx[] = {
+ 		{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_0) },
+ 		{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82443GX_2) },
+-		{ },
++		{ PCI_DEVICE(0, 0) }
+ 	};
+ 
+ 	/* 440GX has a proprietary PIRQ router -- don't use it */
+@@ -1145,7 +1145,7 @@ static struct dmi_system_id __initdata p
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 360"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ 
+ int __init pcibios_irq_init(void)
+diff -urNp linux-2.6.29.6/arch/x86/pci/pcbios.c linux-2.6.29.6/arch/x86/pci/pcbios.c
+--- linux-2.6.29.6/arch/x86/pci/pcbios.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/pci/pcbios.c	2009-07-23 17:34:32.090717052 -0400
+@@ -56,50 +56,120 @@ union bios32 {
+ static struct {
+ 	unsigned long address;
+ 	unsigned short segment;
+-} bios32_indirect = { 0, __KERNEL_CS };
++} bios32_indirect __read_only = { 0, __PCIBIOS_CS };
+ 
+ /*
+  * Returns the entry point for the given service, NULL on error
+  */
+ 
+-static unsigned long bios32_service(unsigned long service)
++static unsigned long __devinit bios32_service(unsigned long service)
+ {
+ 	unsigned char return_code;	/* %al */
+ 	unsigned long address;		/* %ebx */
+ 	unsigned long length;		/* %ecx */
+ 	unsigned long entry;		/* %edx */
+ 	unsigned long flags;
++	struct desc_struct d, *gdt;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
+ 
+ 	local_irq_save(flags);
+-	__asm__("lcall *(%%edi); cld"
++
++	gdt = get_cpu_gdt_table(smp_processor_id());
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x9B, 0xC);
++	write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
++	pack_descriptor(&d, 0UL, 0xFFFFFUL, 0x93, 0xC);
++	write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
++	__asm__("movw %w7, %%ds; lcall *(%%edi); push %%ss; pop %%ds; cld"
+ 		: "=a" (return_code),
+ 		  "=b" (address),
+ 		  "=c" (length),
+ 		  "=d" (entry)
+ 		: "0" (service),
+ 		  "1" (0),
+-		  "D" (&bios32_indirect));
++		  "D" (&bios32_indirect),
++		  "r"(__PCIBIOS_DS)
++		: "memory");
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	gdt[GDT_ENTRY_PCIBIOS_CS].a = 0;
++	gdt[GDT_ENTRY_PCIBIOS_CS].b = 0;
++	gdt[GDT_ENTRY_PCIBIOS_DS].a = 0;
++	gdt[GDT_ENTRY_PCIBIOS_DS].b = 0;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	local_irq_restore(flags);
+ 
+ 	switch (return_code) {
+-		case 0:
+-			return address + entry;
+-		case 0x80:	/* Not present */
+-			printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
+-			return 0;
+-		default: /* Shouldn't happen */
+-			printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
+-				service, return_code);
++	case 0: {
++		int cpu;
++		unsigned char flags;
++
++		printk(KERN_INFO "bios32_service: base:%08lx length:%08lx entry:%08lx\n", address, length, entry);
++		if (address >= 0xFFFF0 || length > 0x100000 - address || length <= entry) {
++			printk(KERN_WARNING "bios32_service: not valid\n");
+ 			return 0;
++		}
++		address = address + PAGE_OFFSET;
++		length += 16UL; /* some BIOSs underreport this... */
++		flags = 4;
++		if (length >= 64*1024*1024) {
++			length >>= PAGE_SHIFT;
++			flags |= 8;
++		}
++
++#ifdef CONFIG_PAX_KERNEXEC
++		pax_open_kernel(cr0);
++#endif
++
++		for (cpu = 0; cpu < NR_CPUS; cpu++) {
++			gdt = get_cpu_gdt_table(cpu);
++			pack_descriptor(&d, address, length, 0x9b, flags);
++			write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_CS, &d, DESCTYPE_S);
++			pack_descriptor(&d, address, length, 0x93, flags);
++			write_gdt_entry(gdt, GDT_ENTRY_PCIBIOS_DS, &d, DESCTYPE_S);
++		}
++
++#ifdef CONFIG_PAX_KERNEXEC
++		pax_close_kernel(cr0);
++#endif
++
++		return entry;
++	}
++	case 0x80:	/* Not present */
++		printk(KERN_WARNING "bios32_service(0x%lx): not present\n", service);
++		return 0;
++	default: /* Shouldn't happen */
++		printk(KERN_WARNING "bios32_service(0x%lx): returned 0x%x -- BIOS bug!\n",
++			service, return_code);
++		return 0;
+ 	}
+ }
+ 
+ static struct {
+ 	unsigned long address;
+ 	unsigned short segment;
+-} pci_indirect = { 0, __KERNEL_CS };
++} pci_indirect __read_only = { 0, __PCIBIOS_CS };
+ 
+-static int pci_bios_present;
++static int pci_bios_present __read_only;
+ 
+ static int __devinit check_pcibios(void)
+ {
+@@ -108,11 +178,13 @@ static int __devinit check_pcibios(void)
+ 	unsigned long flags, pcibios_entry;
+ 
+ 	if ((pcibios_entry = bios32_service(PCI_SERVICE))) {
+-		pci_indirect.address = pcibios_entry + PAGE_OFFSET;
++		pci_indirect.address = pcibios_entry;
+ 
+ 		local_irq_save(flags);
+-		__asm__(
+-			"lcall *(%%edi); cld\n\t"
++		__asm__("movw %w6, %%ds\n\t"
++			"lcall *%%ss:(%%edi); cld\n\t"
++			"push %%ss\n\t"
++			"pop %%ds\n\t"
+ 			"jc 1f\n\t"
+ 			"xor %%ah, %%ah\n"
+ 			"1:"
+@@ -121,7 +193,8 @@ static int __devinit check_pcibios(void)
+ 			  "=b" (ebx),
+ 			  "=c" (ecx)
+ 			: "1" (PCIBIOS_PCI_BIOS_PRESENT),
+-			  "D" (&pci_indirect)
++			  "D" (&pci_indirect),
++			  "r" (__PCIBIOS_DS)
+ 			: "memory");
+ 		local_irq_restore(flags);
+ 
+@@ -165,7 +238,10 @@ static int pci_bios_read(unsigned int se
+ 
+ 	switch (len) {
+ 	case 1:
+-		__asm__("lcall *(%%esi); cld\n\t"
++		__asm__("movw %w6, %%ds\n\t"
++			"lcall *%%ss:(%%esi); cld\n\t"
++			"push %%ss\n\t"
++			"pop %%ds\n\t"
+ 			"jc 1f\n\t"
+ 			"xor %%ah, %%ah\n"
+ 			"1:"
+@@ -174,7 +250,8 @@ static int pci_bios_read(unsigned int se
+ 			: "1" (PCIBIOS_READ_CONFIG_BYTE),
+ 			  "b" (bx),
+ 			  "D" ((long)reg),
+-			  "S" (&pci_indirect));
++			  "S" (&pci_indirect),
++			  "r" (__PCIBIOS_DS));
+ 		/*
+ 		 * Zero-extend the result beyond 8 bits, do not trust the
+ 		 * BIOS having done it:
+@@ -182,7 +259,10 @@ static int pci_bios_read(unsigned int se
+ 		*value &= 0xff;
+ 		break;
+ 	case 2:
+-		__asm__("lcall *(%%esi); cld\n\t"
++		__asm__("movw %w6, %%ds\n\t"
++			"lcall *%%ss:(%%esi); cld\n\t"
++			"push %%ss\n\t"
++			"pop %%ds\n\t"
+ 			"jc 1f\n\t"
+ 			"xor %%ah, %%ah\n"
+ 			"1:"
+@@ -191,7 +271,8 @@ static int pci_bios_read(unsigned int se
+ 			: "1" (PCIBIOS_READ_CONFIG_WORD),
+ 			  "b" (bx),
+ 			  "D" ((long)reg),
+-			  "S" (&pci_indirect));
++			  "S" (&pci_indirect),
++			  "r" (__PCIBIOS_DS));
+ 		/*
+ 		 * Zero-extend the result beyond 16 bits, do not trust the
+ 		 * BIOS having done it:
+@@ -199,7 +280,10 @@ static int pci_bios_read(unsigned int se
+ 		*value &= 0xffff;
+ 		break;
+ 	case 4:
+-		__asm__("lcall *(%%esi); cld\n\t"
++		__asm__("movw %w6, %%ds\n\t"
++			"lcall *%%ss:(%%esi); cld\n\t"
++			"push %%ss\n\t"
++			"pop %%ds\n\t"
+ 			"jc 1f\n\t"
+ 			"xor %%ah, %%ah\n"
+ 			"1:"
+@@ -208,7 +292,8 @@ static int pci_bios_read(unsigned int se
+ 			: "1" (PCIBIOS_READ_CONFIG_DWORD),
+ 			  "b" (bx),
+ 			  "D" ((long)reg),
+-			  "S" (&pci_indirect));
++			  "S" (&pci_indirect),
++			  "r" (__PCIBIOS_DS));
+ 		break;
+ 	}
+ 
+@@ -231,7 +316,10 @@ static int pci_bios_write(unsigned int s
+ 
+ 	switch (len) {
+ 	case 1:
+-		__asm__("lcall *(%%esi); cld\n\t"
++		__asm__("movw %w6, %%ds\n\t"
++			"lcall *%%ss:(%%esi); cld\n\t"
++			"push %%ss\n\t"
++			"pop %%ds\n\t"
+ 			"jc 1f\n\t"
+ 			"xor %%ah, %%ah\n"
+ 			"1:"
+@@ -240,10 +328,14 @@ static int pci_bios_write(unsigned int s
+ 			  "c" (value),
+ 			  "b" (bx),
+ 			  "D" ((long)reg),
+-			  "S" (&pci_indirect));
++			  "S" (&pci_indirect),
++			  "r" (__PCIBIOS_DS));
+ 		break;
+ 	case 2:
+-		__asm__("lcall *(%%esi); cld\n\t"
++		__asm__("movw %w6, %%ds\n\t"
++			"lcall *%%ss:(%%esi); cld\n\t"
++			"push %%ss\n\t"
++			"pop %%ds\n\t"
+ 			"jc 1f\n\t"
+ 			"xor %%ah, %%ah\n"
+ 			"1:"
+@@ -252,10 +344,14 @@ static int pci_bios_write(unsigned int s
+ 			  "c" (value),
+ 			  "b" (bx),
+ 			  "D" ((long)reg),
+-			  "S" (&pci_indirect));
++			  "S" (&pci_indirect),
++			  "r" (__PCIBIOS_DS));
+ 		break;
+ 	case 4:
+-		__asm__("lcall *(%%esi); cld\n\t"
++		__asm__("movw %w6, %%ds\n\t"
++			"lcall *%%ss:(%%esi); cld\n\t"
++			"push %%ss\n\t"
++			"pop %%ds\n\t"
+ 			"jc 1f\n\t"
+ 			"xor %%ah, %%ah\n"
+ 			"1:"
+@@ -264,7 +360,8 @@ static int pci_bios_write(unsigned int s
+ 			  "c" (value),
+ 			  "b" (bx),
+ 			  "D" ((long)reg),
+-			  "S" (&pci_indirect));
++			  "S" (&pci_indirect),
++			  "r" (__PCIBIOS_DS));
+ 		break;
+ 	}
+ 
+@@ -368,10 +465,13 @@ struct irq_routing_table * pcibios_get_i
+ 
+ 	DBG("PCI: Fetching IRQ routing table... ");
+ 	__asm__("push %%es\n\t"
++		"movw %w8, %%ds\n\t"
+ 		"push %%ds\n\t"
+ 		"pop  %%es\n\t"
+-		"lcall *(%%esi); cld\n\t"
++		"lcall *%%ss:(%%esi); cld\n\t"
+ 		"pop %%es\n\t"
++		"push %%ss\n\t"
++		"pop %%ds\n"
+ 		"jc 1f\n\t"
+ 		"xor %%ah, %%ah\n"
+ 		"1:"
+@@ -382,7 +482,8 @@ struct irq_routing_table * pcibios_get_i
+ 		  "1" (0),
+ 		  "D" ((long) &opt),
+ 		  "S" (&pci_indirect),
+-		  "m" (opt)
++		  "m" (opt),
++		  "r" (__PCIBIOS_DS)
+ 		: "memory");
+ 	DBG("OK  ret=%d, size=%d, map=%x\n", ret, opt.size, map);
+ 	if (ret & 0xff00)
+@@ -406,7 +507,10 @@ int pcibios_set_irq_routing(struct pci_d
+ {
+ 	int ret;
+ 
+-	__asm__("lcall *(%%esi); cld\n\t"
++	__asm__("movw %w5, %%ds\n\t"
++		"lcall *%%ss:(%%esi); cld\n\t"
++		"push %%ss\n\t"
++		"pop %%ds\n"
+ 		"jc 1f\n\t"
+ 		"xor %%ah, %%ah\n"
+ 		"1:"
+@@ -414,7 +518,8 @@ int pcibios_set_irq_routing(struct pci_d
+ 		: "0" (PCIBIOS_SET_PCI_HW_INT),
+ 		  "b" ((dev->bus->number << 8) | dev->devfn),
+ 		  "c" ((irq << 8) | (pin + 10)),
+-		  "S" (&pci_indirect));
++		  "S" (&pci_indirect),
++		  "r" (__PCIBIOS_DS));
+ 	return !(ret & 0xff00);
+ }
+ EXPORT_SYMBOL(pcibios_set_irq_routing);
+diff -urNp linux-2.6.29.6/arch/x86/power/cpu_32.c linux-2.6.29.6/arch/x86/power/cpu_32.c
+--- linux-2.6.29.6/arch/x86/power/cpu_32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/power/cpu_32.c	2009-07-23 17:34:32.090717052 -0400
+@@ -67,7 +67,7 @@ static void do_fpu_end(void)
+ static void fix_processor_context(void)
+ {
+ 	int cpu = smp_processor_id();
+-	struct tss_struct *t = &per_cpu(init_tss, cpu);
++	struct tss_struct *t = init_tss + cpu;
+ 
+ 	set_tss_desc(cpu, t);	/*
+ 				 * This just modifies memory; should not be
+diff -urNp linux-2.6.29.6/arch/x86/power/cpu_64.c linux-2.6.29.6/arch/x86/power/cpu_64.c
+--- linux-2.6.29.6/arch/x86/power/cpu_64.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/power/cpu_64.c	2009-07-23 17:34:32.090717052 -0400
+@@ -143,7 +143,11 @@ void restore_processor_state(void)
+ static void fix_processor_context(void)
+ {
+ 	int cpu = smp_processor_id();
+-	struct tss_struct *t = &per_cpu(init_tss, cpu);
++	struct tss_struct *t = init_tss + cpu;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
+ 
+ 	/*
+ 	 * This just modifies memory; should not be necessary. But... This
+@@ -152,8 +156,16 @@ static void fix_processor_context(void)
+ 	 */
+ 	set_tss_desc(cpu, t);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	syscall_init();                         /* This sets MSR_*STAR and related */
+ 	load_TR_desc();				/* This does ltr */
+ 	load_LDT(&current->active_mm->context);	/* This does lldt */
+diff -urNp linux-2.6.29.6/arch/x86/vdso/Makefile linux-2.6.29.6/arch/x86/vdso/Makefile
+--- linux-2.6.29.6/arch/x86/vdso/Makefile	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/vdso/Makefile	2009-07-23 17:34:32.090717052 -0400
+@@ -122,7 +122,7 @@ quiet_cmd_vdso = VDSO    $@
+ 		       $(VDSO_LDFLAGS) $(VDSO_LDFLAGS_$(filter %.lds,$(^F))) \
+ 		       -Wl,-T,$(filter %.lds,$^) $(filter %.o,$^)
+ 
+-VDSO_LDFLAGS = -fPIC -shared $(call ld-option, -Wl$(comma)--hash-style=sysv)
++VDSO_LDFLAGS = -fPIC -shared --no-undefined $(call ld-option, -Wl$(comma)--hash-style=sysv)
+ 
+ #
+ # Install the unstripped copy of vdso*.so listed in $(vdso-install-y).
+diff -urNp linux-2.6.29.6/arch/x86/vdso/vclock_gettime.c linux-2.6.29.6/arch/x86/vdso/vclock_gettime.c
+--- linux-2.6.29.6/arch/x86/vdso/vclock_gettime.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/vdso/vclock_gettime.c	2009-07-23 17:34:32.091740281 -0400
+@@ -26,20 +26,43 @@
+ 
+ #define gtod vdso_vsyscall_gtod_data
+ 
++notrace noinline long __vdso_fallback_time(long *t)
++{
++	long secs;
++	asm volatile("syscall"
++		: "=a" (secs)
++		: "0" (__NR_time),"D" (t) : "r11", "cx", "memory");
++	return secs;
++}
++
+ notrace static long vdso_fallback_gettime(long clock, struct timespec *ts)
+ {
+ 	long ret;
+ 	asm("syscall" : "=a" (ret) :
+-	    "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "memory");
++	    "0" (__NR_clock_gettime),"D" (clock), "S" (ts) : "r11", "cx", "memory");
+ 	return ret;
+ }
+ 
++notrace static inline cycle_t __vdso_vread_hpet(void)
++{
++	return readl((const void __iomem *)fix_to_virt(VSYSCALL_HPET) + 0xf0);
++}
++
++notrace static inline cycle_t __vdso_vread_tsc(void)
++{
++	cycle_t ret = (cycle_t)vget_cycles();
++
++	return ret >= gtod->clock.cycle_last ? ret : gtod->clock.cycle_last;
++}
++
+ notrace static inline long vgetns(void)
+ {
+ 	long v;
+-	cycles_t (*vread)(void);
+-	vread = gtod->clock.vread;
+-	v = (vread() - gtod->clock.cycle_last) & gtod->clock.mask;
++	if (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3])
++		v = __vdso_vread_tsc();
++	else
++		v = __vdso_vread_hpet();
++	v = (v - gtod->clock.cycle_last) & gtod->clock.mask;
+ 	return (v * gtod->clock.mult) >> gtod->clock.shift;
+ }
+ 
+@@ -88,7 +111,9 @@ notrace static noinline int do_monotonic
+ 
+ notrace int __vdso_clock_gettime(clockid_t clock, struct timespec *ts)
+ {
+-	if (likely(gtod->sysctl_enabled && gtod->clock.vread))
++	if (likely(gtod->sysctl_enabled &&
++		   ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
++		    (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
+ 		switch (clock) {
+ 		case CLOCK_REALTIME:
+ 			return do_realtime(ts);
+@@ -100,10 +125,20 @@ notrace int __vdso_clock_gettime(clockid
+ int clock_gettime(clockid_t, struct timespec *)
+ 	__attribute__((weak, alias("__vdso_clock_gettime")));
+ 
+-notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
++notrace noinline int __vdso_fallback_gettimeofday(struct timeval *tv, struct timezone *tz)
+ {
+ 	long ret;
+-	if (likely(gtod->sysctl_enabled && gtod->clock.vread)) {
++	asm("syscall" : "=a" (ret) :
++	    "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "r11", "cx", "memory");
++	return ret;
++}
++
++notrace int __vdso_gettimeofday(struct timeval *tv, struct timezone *tz)
++{
++	if (likely(gtod->sysctl_enabled &&
++		   ((gtod->clock.name[0] == 'h' && gtod->clock.name[1] == 'p' && gtod->clock.name[2] == 'e' && gtod->clock.name[3] == 't' && !gtod->clock.name[4]) ||
++		    (gtod->clock.name[0] == 't' && gtod->clock.name[1] == 's' && gtod->clock.name[2] == 'c' && !gtod->clock.name[3]))))
++	{
+ 		BUILD_BUG_ON(offsetof(struct timeval, tv_usec) !=
+ 			     offsetof(struct timespec, tv_nsec) ||
+ 			     sizeof(*tv) != sizeof(struct timespec));
+@@ -116,9 +151,7 @@ notrace int __vdso_gettimeofday(struct t
+ 		}
+ 		return 0;
+ 	}
+-	asm("syscall" : "=a" (ret) :
+-	    "0" (__NR_gettimeofday), "D" (tv), "S" (tz) : "memory");
+-	return ret;
++	return __vdso_fallback_gettimeofday(tv, tz);
+ }
+ int gettimeofday(struct timeval *, struct timezone *)
+ 	__attribute__((weak, alias("__vdso_gettimeofday")));
+diff -urNp linux-2.6.29.6/arch/x86/vdso/vdso32-setup.c linux-2.6.29.6/arch/x86/vdso/vdso32-setup.c
+--- linux-2.6.29.6/arch/x86/vdso/vdso32-setup.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/vdso/vdso32-setup.c	2009-07-23 17:34:32.091740281 -0400
+@@ -226,7 +226,7 @@ static inline void map_compat_vdso(int m
+ void enable_sep_cpu(void)
+ {
+ 	int cpu = get_cpu();
+-	struct tss_struct *tss = &per_cpu(init_tss, cpu);
++	struct tss_struct *tss = init_tss + cpu;
+ 
+ 	if (!boot_cpu_has(X86_FEATURE_SEP)) {
+ 		put_cpu();
+@@ -249,7 +249,7 @@ static int __init gate_vma_init(void)
+ 	gate_vma.vm_start = FIXADDR_USER_START;
+ 	gate_vma.vm_end = FIXADDR_USER_END;
+ 	gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
+-	gate_vma.vm_page_prot = __P101;
++	gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
+ 	/*
+ 	 * Make sure the vDSO gets into every core dump.
+ 	 * Dumping its contents makes post-mortem fully interpretable later
+@@ -331,7 +331,7 @@ int arch_setup_additional_pages(struct l
+ 	if (compat)
+ 		addr = VDSO_HIGH_BASE;
+ 	else {
+-		addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
++		addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, MAP_EXECUTABLE);
+ 		if (IS_ERR_VALUE(addr)) {
+ 			ret = addr;
+ 			goto up_fail;
+@@ -358,7 +358,7 @@ int arch_setup_additional_pages(struct l
+ 			goto up_fail;
+ 	}
+ 
+-	current->mm->context.vdso = (void *)addr;
++	current->mm->context.vdso = addr;
+ 	current_thread_info()->sysenter_return =
+ 		VDSO32_SYMBOL(addr, SYSENTER_RETURN);
+ 
+@@ -384,7 +384,7 @@ static ctl_table abi_table2[] = {
+ 		.mode		= 0644,
+ 		.proc_handler	= proc_dointvec
+ 	},
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static ctl_table abi_root_table2[] = {
+@@ -394,7 +394,7 @@ static ctl_table abi_root_table2[] = {
+ 		.mode = 0555,
+ 		.child = abi_table2
+ 	},
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static __init int ia32_binfmt_init(void)
+@@ -409,8 +409,14 @@ __initcall(ia32_binfmt_init);
+ 
+ const char *arch_vma_name(struct vm_area_struct *vma)
+ {
+-	if (vma->vm_mm && vma->vm_start == (long)vma->vm_mm->context.vdso)
++	if (vma->vm_mm && vma->vm_start == vma->vm_mm->context.vdso)
+ 		return "[vdso]";
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (vma->vm_mm && vma->vm_mirror && vma->vm_mirror->vm_start == vma->vm_mm->context.vdso)
++		return "[vdso]";
++#endif
++
+ 	return NULL;
+ }
+ 
+@@ -419,7 +425,7 @@ struct vm_area_struct *get_gate_vma(stru
+ 	struct mm_struct *mm = tsk->mm;
+ 
+ 	/* Check to see if this task was created in compat vdso mode */
+-	if (mm && mm->context.vdso == (void *)VDSO_HIGH_BASE)
++	if (mm && mm->context.vdso == VDSO_HIGH_BASE)
+ 		return &gate_vma;
+ 	return NULL;
+ }
+diff -urNp linux-2.6.29.6/arch/x86/vdso/vdso.lds.S linux-2.6.29.6/arch/x86/vdso/vdso.lds.S
+--- linux-2.6.29.6/arch/x86/vdso/vdso.lds.S	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/vdso/vdso.lds.S	2009-07-23 17:34:32.091740281 -0400
+@@ -35,3 +35,9 @@ VDSO64_PRELINK = VDSO_PRELINK;
+ #define VEXTERN(x)	VDSO64_ ## x = vdso_ ## x;
+ #include "vextern.h"
+ #undef	VEXTERN
++
++#define VEXTERN(x)	VDSO64_ ## x = __vdso_ ## x;
++VEXTERN(fallback_gettimeofday)
++VEXTERN(fallback_time)
++VEXTERN(getcpu)
++#undef	VEXTERN
+diff -urNp linux-2.6.29.6/arch/x86/vdso/vextern.h linux-2.6.29.6/arch/x86/vdso/vextern.h
+--- linux-2.6.29.6/arch/x86/vdso/vextern.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/vdso/vextern.h	2009-07-23 17:34:32.091740281 -0400
+@@ -11,6 +11,5 @@
+    put into vextern.h and be referenced as a pointer with vdso prefix.
+    The main kernel later fills in the values.   */
+ 
+-VEXTERN(jiffies)
+ VEXTERN(vgetcpu_mode)
+ VEXTERN(vsyscall_gtod_data)
+diff -urNp linux-2.6.29.6/arch/x86/vdso/vma.c linux-2.6.29.6/arch/x86/vdso/vma.c
+--- linux-2.6.29.6/arch/x86/vdso/vma.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/vdso/vma.c	2009-07-23 17:34:37.458887026 -0400
+@@ -8,6 +8,7 @@
+ #include <linux/sched.h>
+ #include <linux/init.h>
+ #include <linux/random.h>
++#include <linux/elf.h>
+ #include <asm/vsyscall.h>
+ #include <asm/vgtod.h>
+ #include <asm/proto.h>
+@@ -56,7 +57,7 @@ static int __init init_vdso_vars(void)
+ 	if (!vbase)
+ 		goto oom;
+ 
+-	if (memcmp(vbase, "\177ELF", 4)) {
++	if (memcmp(vbase, ELFMAG, SELFMAG)) {
+ 		printk("VDSO: I'm broken; not ELF\n");
+ 		vdso_enabled = 0;
+ 	}
+@@ -65,6 +66,7 @@ static int __init init_vdso_vars(void)
+ 	*(typeof(__ ## x) **) var_ref(VDSO64_SYMBOL(vbase, x), #x) = &__ ## x;
+ #include "vextern.h"
+ #undef VEXTERN
++	vunmap(vbase);
+ 	return 0;
+ 
+  oom:
+@@ -123,15 +125,8 @@ int arch_setup_additional_pages(struct l
+ 	if (ret)
+ 		goto up_fail;
+ 
+-	current->mm->context.vdso = (void *)addr;
++	current->mm->context.vdso = addr;
+ up_fail:
+ 	up_write(&mm->mmap_sem);
+ 	return ret;
+ }
+-
+-static __init int vdso_setup(char *s)
+-{
+-	vdso_enabled = simple_strtoul(s, NULL, 0);
+-	return 0;
+-}
+-__setup("vdso=", vdso_setup);
+diff -urNp linux-2.6.29.6/arch/x86/xen/debugfs.c linux-2.6.29.6/arch/x86/xen/debugfs.c
+--- linux-2.6.29.6/arch/x86/xen/debugfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/xen/debugfs.c	2009-07-23 18:40:27.496274044 -0400
+@@ -100,7 +100,7 @@ static int xen_array_release(struct inod
+ 	return 0;
+ }
+ 
+-static struct file_operations u32_array_fops = {
++static const struct file_operations u32_array_fops = {
+ 	.owner	= THIS_MODULE,
+ 	.open	= u32_array_open,
+ 	.release= xen_array_release,
+diff -urNp linux-2.6.29.6/arch/x86/xen/enlighten.c linux-2.6.29.6/arch/x86/xen/enlighten.c
+--- linux-2.6.29.6/arch/x86/xen/enlighten.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/xen/enlighten.c	2009-07-23 17:34:32.092715999 -0400
+@@ -319,7 +319,7 @@ static void xen_set_ldt(const void *addr
+ static void xen_load_gdt(const struct desc_ptr *dtr)
+ {
+ 	unsigned long *frames;
+-	unsigned long va = dtr->address;
++	unsigned long va = (unsigned long)dtr->address;
+ 	unsigned int size = dtr->size + 1;
+ 	unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE;
+ 	int f;
+@@ -334,7 +334,7 @@ static void xen_load_gdt(const struct de
+ 	mcs = xen_mc_entry(sizeof(*frames) * pages);
+ 	frames = mcs.args;
+ 
+-	for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
++	for (f = 0; va < (unsigned long)dtr->address + size; va += PAGE_SIZE, f++) {
+ 		frames[f] = virt_to_mfn(va);
+ 		make_lowmem_page_readonly((void *)va);
+ 	}
+@@ -442,7 +442,7 @@ static void xen_write_idt_entry(gate_des
+ 
+ 	preempt_disable();
+ 
+-	start = __get_cpu_var(idt_desc).address;
++	start = (unsigned long)__get_cpu_var(idt_desc).address;
+ 	end = start + __get_cpu_var(idt_desc).size + 1;
+ 
+ 	xen_mc_flush();
+@@ -1528,6 +1528,8 @@ static __init pgd_t *xen_setup_kernel_pa
+ 	convert_pfn_mfn(init_level4_pgt);
+ 	convert_pfn_mfn(level3_ident_pgt);
+ 	convert_pfn_mfn(level3_kernel_pgt);
++	convert_pfn_mfn(level3_vmalloc_pgt);
++	convert_pfn_mfn(level3_vmemmap_pgt);
+ 
+ 	l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd);
+ 	l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud);
+@@ -1546,9 +1548,12 @@ static __init pgd_t *xen_setup_kernel_pa
+ 	set_page_prot(init_level4_pgt, PAGE_KERNEL_RO);
+ 	set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO);
+ 	set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO);
++	set_page_prot(level3_vmalloc_pgt, PAGE_KERNEL_RO);
++	set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO);
+ 	set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO);
+ 	set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
+ 	set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
++	set_page_prot(level1_fixmap_pgt, PAGE_KERNEL_RO);
+ 
+ 	/* Pin down new L4 */
+ 	pin_pagetable_pfn(MMUEXT_PIN_L4_TABLE,
+diff -urNp linux-2.6.29.6/arch/x86/xen/smp.c linux-2.6.29.6/arch/x86/xen/smp.c
+--- linux-2.6.29.6/arch/x86/xen/smp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/x86/xen/smp.c	2009-07-23 17:34:32.092715999 -0400
+@@ -171,11 +171,6 @@ static void __init xen_smp_prepare_boot_
+ {
+ 	BUG_ON(smp_processor_id() != 0);
+ 	native_smp_prepare_boot_cpu();
+-
+-	/* We've switched to the "real" per-cpu gdt, so make sure the
+-	   old memory can be recycled */
+-	make_lowmem_page_readwrite(&per_cpu_var(gdt_page));
+-
+ 	xen_setup_vcpu_info_placement();
+ }
+ 
+@@ -234,8 +229,8 @@ cpu_initialize_context(unsigned int cpu,
+ 	gdt = get_cpu_gdt_table(cpu);
+ 
+ 	ctxt->flags = VGCF_IN_KERNEL;
+-	ctxt->user_regs.ds = __USER_DS;
+-	ctxt->user_regs.es = __USER_DS;
++	ctxt->user_regs.ds = __KERNEL_DS;
++	ctxt->user_regs.es = __KERNEL_DS;
+ 	ctxt->user_regs.ss = __KERNEL_DS;
+ #ifdef CONFIG_X86_32
+ 	ctxt->user_regs.fs = __KERNEL_PERCPU;
+diff -urNp linux-2.6.29.6/arch/xtensa/include/asm/atomic.h linux-2.6.29.6/arch/xtensa/include/asm/atomic.h
+--- linux-2.6.29.6/arch/xtensa/include/asm/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/xtensa/include/asm/atomic.h	2009-07-23 17:34:32.092715999 -0400
+@@ -165,6 +165,9 @@ static inline int atomic_sub_return(int 
+  * Atomically increments @v by 1.
+  */
+ #define atomic_inc(v) atomic_add(1,(v))
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i, v) atomic_add((i), (v))
++#define atomic_sub_unchecked(i, v) atomic_sub((i), (v))
+ 
+ /**
+  * atomic_inc - increment atomic variable
+diff -urNp linux-2.6.29.6/arch/xtensa/include/asm/kmap_types.h linux-2.6.29.6/arch/xtensa/include/asm/kmap_types.h
+--- linux-2.6.29.6/arch/xtensa/include/asm/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/arch/xtensa/include/asm/kmap_types.h	2009-07-23 17:34:32.092715999 -0400
+@@ -25,6 +25,7 @@ enum km_type {
+   KM_IRQ1,
+   KM_SOFTIRQ0,
+   KM_SOFTIRQ1,
++  KM_CLEARPAGE,
+   KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/crypto/lrw.c linux-2.6.29.6/crypto/lrw.c
+--- linux-2.6.29.6/crypto/lrw.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/crypto/lrw.c	2009-07-23 17:34:32.092715999 -0400
+@@ -60,7 +60,7 @@ static int setkey(struct crypto_tfm *par
+ 	struct priv *ctx = crypto_tfm_ctx(parent);
+ 	struct crypto_cipher *child = ctx->child;
+ 	int err, i;
+-	be128 tmp = { 0 };
++	be128 tmp = { 0, 0 };
+ 	int bsize = crypto_cipher_blocksize(child);
+ 
+ 	crypto_cipher_clear_flags(child, CRYPTO_TFM_REQ_MASK);
+diff -urNp linux-2.6.29.6/Documentation/dontdiff linux-2.6.29.6/Documentation/dontdiff
+--- linux-2.6.29.6/Documentation/dontdiff	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/Documentation/dontdiff	2009-07-23 17:34:32.093837355 -0400
+@@ -3,6 +3,7 @@
+ *.bin
+ *.cpio
+ *.csp
++*.dbg
+ *.dsp
+ *.dvi
+ *.elf
+@@ -49,6 +50,10 @@
+ 53c700_d.h
+ CVS
+ ChangeSet
++GPATH
++GRTAGS
++GSYMS
++GTAGS
+ Image
+ Kerntypes
+ Module.markers
+@@ -62,7 +67,6 @@ aic7*reg_print.c*
+ aic7*seq.h*
+ aicasm
+ aicdb.h*
+-asm
+ asm-offsets.h
+ asm_offsets.h
+ autoconf.h*
+@@ -77,6 +81,7 @@ btfixupprep
+ build
+ bvmlinux
+ bzImage*
++capflags.c
+ classlist.h*
+ comp*.log
+ compile.h*
+@@ -104,6 +109,7 @@ gen_crc32table
+ gen_init_cpio
+ genksyms
+ *_gray256.c
++hash
+ ihex2fw
+ ikconfig.h*
+ initramfs_data.cpio
+@@ -165,6 +171,7 @@ setup
+ setup.bin
+ setup.elf
+ sImage
++slabinfo
+ sm_tbl*
+ split-include
+ syscalltab.h
+@@ -188,12 +195,15 @@ version.h*
+ vmlinux
+ vmlinux-*
+ vmlinux.aout
++vmlinux.bin.all
+ vmlinux.lds
++vmlinux.relocs
+ vsyscall.lds
+ vsyscall_32.lds
+ wanxlfw.inc
+ uImage
+ unifdef
++utsrelease.h
+ wakeup.bin
+ wakeup.elf
+ wakeup.lds
+diff -urNp linux-2.6.29.6/drivers/acpi/blacklist.c linux-2.6.29.6/drivers/acpi/blacklist.c
+--- linux-2.6.29.6/drivers/acpi/blacklist.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/blacklist.c	2009-07-23 17:34:32.093837355 -0400
+@@ -71,7 +71,7 @@ static struct acpi_blacklist_item acpi_b
+ 	{"IBM   ", "TP600E  ", 0x00000105, ACPI_SIG_DSDT, less_than_or_equal,
+ 	 "Incorrect _ADR", 1},
+ 
+-	{""}
++	{"", "", 0, 0, 0, all_versions, 0}
+ };
+ 
+ #if	CONFIG_ACPI_BLACKLIST_YEAR
+diff -urNp linux-2.6.29.6/drivers/acpi/ec.c linux-2.6.29.6/drivers/acpi/ec.c
+--- linux-2.6.29.6/drivers/acpi/ec.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/ec.c	2009-07-23 18:40:27.516638001 -0400
+@@ -672,7 +672,7 @@ static int acpi_ec_info_open_fs(struct i
+ 	return single_open(file, acpi_ec_read_info, PDE(inode)->data);
+ }
+ 
+-static struct file_operations acpi_ec_info_ops = {
++static const struct file_operations acpi_ec_info_ops = {
+ 	.open = acpi_ec_info_open_fs,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+diff -urNp linux-2.6.29.6/drivers/acpi/osl.c linux-2.6.29.6/drivers/acpi/osl.c
+--- linux-2.6.29.6/drivers/acpi/osl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/osl.c	2009-07-23 17:34:32.093837355 -0400
+@@ -483,6 +483,8 @@ acpi_os_read_memory(acpi_physical_addres
+ 	void __iomem *virt_addr;
+ 
+ 	virt_addr = ioremap(phys_addr, width);
++	if (!virt_addr)
++		return AE_NO_MEMORY;
+ 	if (!value)
+ 		value = &dummy;
+ 
+@@ -511,6 +513,8 @@ acpi_os_write_memory(acpi_physical_addre
+ 	void __iomem *virt_addr;
+ 
+ 	virt_addr = ioremap(phys_addr, width);
++	if (!virt_addr)
++		return AE_NO_MEMORY;
+ 
+ 	switch (width) {
+ 	case 8:
+diff -urNp linux-2.6.29.6/drivers/acpi/processor_core.c linux-2.6.29.6/drivers/acpi/processor_core.c
+--- linux-2.6.29.6/drivers/acpi/processor_core.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/processor_core.c	2009-07-23 17:34:32.093837355 -0400
+@@ -678,7 +678,7 @@ static int __cpuinit acpi_processor_star
+ 		return 0;
+ 	}
+ 
+-	BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0));
++	BUG_ON(pr->id >= nr_cpu_ids);
+ 
+ 	/*
+ 	 * Buggy BIOS check
+diff -urNp linux-2.6.29.6/drivers/acpi/processor_idle.c linux-2.6.29.6/drivers/acpi/processor_idle.c
+--- linux-2.6.29.6/drivers/acpi/processor_idle.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/processor_idle.c	2009-07-23 17:34:32.094936160 -0400
+@@ -156,7 +156,7 @@ static struct dmi_system_id __cpuinitdat
+ 	  DMI_MATCH(DMI_BIOS_VENDOR,"Phoenix Technologies LTD"),
+ 	  DMI_MATCH(DMI_BIOS_VERSION,"SHE845M0.86C.0013.D.0302131307")},
+ 	 (void *)2},
+-	{},
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL},
+ };
+ 
+ static inline u32 ticks_elapsed(u32 t1, u32 t2)
+diff -urNp linux-2.6.29.6/drivers/acpi/processor_thermal.c linux-2.6.29.6/drivers/acpi/processor_thermal.c
+--- linux-2.6.29.6/drivers/acpi/processor_thermal.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/processor_thermal.c	2009-07-23 18:40:27.533990873 -0400
+@@ -507,7 +507,7 @@ static ssize_t acpi_processor_write_limi
+ 	return count;
+ }
+ 
+-struct file_operations acpi_processor_limit_fops = {
++const struct file_operations acpi_processor_limit_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_processor_limit_open_fs,
+ 	.read = seq_read,
+diff -urNp linux-2.6.29.6/drivers/acpi/processor_throttling.c linux-2.6.29.6/drivers/acpi/processor_throttling.c
+--- linux-2.6.29.6/drivers/acpi/processor_throttling.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/processor_throttling.c	2009-07-23 18:40:27.545437588 -0400
+@@ -1291,7 +1291,7 @@ static ssize_t acpi_processor_write_thro
+ 	return count;
+ }
+ 
+-struct file_operations acpi_processor_throttling_fops = {
++const struct file_operations acpi_processor_throttling_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_processor_throttling_open_fs,
+ 	.read = seq_read,
+diff -urNp linux-2.6.29.6/drivers/acpi/sbs.c linux-2.6.29.6/drivers/acpi/sbs.c
+--- linux-2.6.29.6/drivers/acpi/sbs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/sbs.c	2009-07-23 18:40:27.556300663 -0400
+@@ -479,9 +479,9 @@ static int
+ acpi_sbs_add_fs(struct proc_dir_entry **dir,
+ 		struct proc_dir_entry *parent_dir,
+ 		char *dir_name,
+-		struct file_operations *info_fops,
+-		struct file_operations *state_fops,
+-		struct file_operations *alarm_fops, void *data)
++		const struct file_operations *info_fops,
++		const struct file_operations *state_fops,
++		const struct file_operations *alarm_fops, void *data)
+ {
+ 	if (!*dir) {
+ 		*dir = proc_mkdir(dir_name, parent_dir);
+@@ -677,7 +677,7 @@ static int acpi_battery_alarm_open_fs(st
+ 	return single_open(file, acpi_battery_read_alarm, PDE(inode)->data);
+ }
+ 
+-static struct file_operations acpi_battery_info_fops = {
++static const struct file_operations acpi_battery_info_fops = {
+ 	.open = acpi_battery_info_open_fs,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+@@ -685,7 +685,7 @@ static struct file_operations acpi_batte
+ 	.owner = THIS_MODULE,
+ };
+ 
+-static struct file_operations acpi_battery_state_fops = {
++static const struct file_operations acpi_battery_state_fops = {
+ 	.open = acpi_battery_state_open_fs,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+@@ -693,7 +693,7 @@ static struct file_operations acpi_batte
+ 	.owner = THIS_MODULE,
+ };
+ 
+-static struct file_operations acpi_battery_alarm_fops = {
++static const struct file_operations acpi_battery_alarm_fops = {
+ 	.open = acpi_battery_alarm_open_fs,
+ 	.read = seq_read,
+ 	.write = acpi_battery_write_alarm,
+@@ -725,7 +725,7 @@ static int acpi_ac_state_open_fs(struct 
+ 	return single_open(file, acpi_ac_read_state, PDE(inode)->data);
+ }
+ 
+-static struct file_operations acpi_ac_state_fops = {
++static const struct file_operations acpi_ac_state_fops = {
+ 	.open = acpi_ac_state_open_fs,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+diff -urNp linux-2.6.29.6/drivers/acpi/video.c linux-2.6.29.6/drivers/acpi/video.c
+--- linux-2.6.29.6/drivers/acpi/video.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/acpi/video.c	2009-07-23 18:40:27.557273014 -0400
+@@ -189,7 +189,7 @@ struct acpi_video_device {
+ 
+ /* bus */
+ static int acpi_video_bus_info_open_fs(struct inode *inode, struct file *file);
+-static struct file_operations acpi_video_bus_info_fops = {
++static const struct file_operations acpi_video_bus_info_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_bus_info_open_fs,
+ 	.read = seq_read,
+@@ -198,7 +198,7 @@ static struct file_operations acpi_video
+ };
+ 
+ static int acpi_video_bus_ROM_open_fs(struct inode *inode, struct file *file);
+-static struct file_operations acpi_video_bus_ROM_fops = {
++static const struct file_operations acpi_video_bus_ROM_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_bus_ROM_open_fs,
+ 	.read = seq_read,
+@@ -208,7 +208,7 @@ static struct file_operations acpi_video
+ 
+ static int acpi_video_bus_POST_info_open_fs(struct inode *inode,
+ 					    struct file *file);
+-static struct file_operations acpi_video_bus_POST_info_fops = {
++static const struct file_operations acpi_video_bus_POST_info_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_bus_POST_info_open_fs,
+ 	.read = seq_read,
+@@ -217,19 +217,29 @@ static struct file_operations acpi_video
+ };
+ 
+ static int acpi_video_bus_POST_open_fs(struct inode *inode, struct file *file);
+-static struct file_operations acpi_video_bus_POST_fops = {
++static ssize_t
++acpi_video_bus_write_POST(struct file *file,
++			  const char __user * buffer,
++			  size_t count, loff_t * data);
++static const struct file_operations acpi_video_bus_POST_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_bus_POST_open_fs,
+ 	.read = seq_read,
++	.write = acpi_video_bus_write_POST,
+ 	.llseek = seq_lseek,
+ 	.release = single_release,
+ };
+ 
+ static int acpi_video_bus_DOS_open_fs(struct inode *inode, struct file *file);
+-static struct file_operations acpi_video_bus_DOS_fops = {
++static ssize_t
++acpi_video_bus_write_DOS(struct file *file,
++			 const char __user * buffer,
++			 size_t count, loff_t * data);
++static const struct file_operations acpi_video_bus_DOS_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_bus_DOS_open_fs,
+ 	.read = seq_read,
++	.write = acpi_video_bus_write_DOS,
+ 	.llseek = seq_lseek,
+ 	.release = single_release,
+ };
+@@ -237,7 +247,7 @@ static struct file_operations acpi_video
+ /* device */
+ static int acpi_video_device_info_open_fs(struct inode *inode,
+ 					  struct file *file);
+-static struct file_operations acpi_video_device_info_fops = {
++static const struct file_operations acpi_video_device_info_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_device_info_open_fs,
+ 	.read = seq_read,
+@@ -247,27 +257,37 @@ static struct file_operations acpi_video
+ 
+ static int acpi_video_device_state_open_fs(struct inode *inode,
+ 					   struct file *file);
+-static struct file_operations acpi_video_device_state_fops = {
++static ssize_t
++acpi_video_device_write_state(struct file *file,
++			      const char __user * buffer,
++			      size_t count, loff_t * data);
++static const struct file_operations acpi_video_device_state_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_device_state_open_fs,
+ 	.read = seq_read,
++	.write = acpi_video_device_write_state,
+ 	.llseek = seq_lseek,
+ 	.release = single_release,
+ };
+ 
+ static int acpi_video_device_brightness_open_fs(struct inode *inode,
+ 						struct file *file);
+-static struct file_operations acpi_video_device_brightness_fops = {
++static ssize_t
++acpi_video_device_write_brightness(struct file *file,
++				   const char __user * buffer,
++				   size_t count, loff_t * data);
++static const struct file_operations acpi_video_device_brightness_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_device_brightness_open_fs,
+ 	.read = seq_read,
++	.write = acpi_video_device_write_brightness,
+ 	.llseek = seq_lseek,
+ 	.release = single_release,
+ };
+ 
+ static int acpi_video_device_EDID_open_fs(struct inode *inode,
+ 					  struct file *file);
+-static struct file_operations acpi_video_device_EDID_fops = {
++static const struct file_operations acpi_video_device_EDID_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = acpi_video_device_EDID_open_fs,
+ 	.read = seq_read,
+@@ -1133,8 +1153,6 @@ static int acpi_video_device_add_fs(stru
+ 	if (!entry)
+ 		goto err_remove_dir;
+ 
+-	/* 'state' [R/W] */
+-	acpi_video_device_state_fops.write = acpi_video_device_write_state;
+ 	entry = proc_create_data("state", S_IFREG | S_IRUGO | S_IWUSR,
+ 				 device_dir,
+ 				 &acpi_video_device_state_fops,
+@@ -1142,9 +1160,6 @@ static int acpi_video_device_add_fs(stru
+ 	if (!entry)
+ 		goto err_remove_info;
+ 
+-	/* 'brightness' [R/W] */
+-	acpi_video_device_brightness_fops.write =
+-		acpi_video_device_write_brightness;
+ 	entry = proc_create_data("brightness", S_IFREG | S_IRUGO | S_IWUSR,
+ 				 device_dir,
+ 				 &acpi_video_device_brightness_fops,
+@@ -1426,8 +1441,6 @@ static int acpi_video_bus_add_fs(struct 
+ 	if (!entry)
+ 		goto err_remove_rom;
+ 
+-	/* 'POST' [R/W] */
+-	acpi_video_bus_POST_fops.write = acpi_video_bus_write_POST;
+ 	entry = proc_create_data("POST", S_IFREG | S_IRUGO | S_IWUSR,
+ 				 device_dir,
+ 				 &acpi_video_bus_POST_fops,
+@@ -1435,8 +1448,6 @@ static int acpi_video_bus_add_fs(struct 
+ 	if (!entry)
+ 		goto err_remove_post_info;
+ 
+-	/* 'DOS' [R/W] */
+-	acpi_video_bus_DOS_fops.write = acpi_video_bus_write_DOS;
+ 	entry = proc_create_data("DOS", S_IFREG | S_IRUGO | S_IWUSR,
+ 				 device_dir,
+ 				 &acpi_video_bus_DOS_fops,
+diff -urNp linux-2.6.29.6/drivers/ata/ahci.c linux-2.6.29.6/drivers/ata/ahci.c
+--- linux-2.6.29.6/drivers/ata/ahci.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ata/ahci.c	2009-07-23 17:34:32.094936160 -0400
+@@ -611,7 +611,7 @@ static const struct pci_device_id ahci_p
+ 	{ PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID,
+ 	  PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci },
+ 
+-	{ }	/* terminate list */
++	{ 0, 0, 0, 0, 0, 0, 0 }	/* terminate list */
+ };
+ 
+ 
+diff -urNp linux-2.6.29.6/drivers/ata/ata_piix.c linux-2.6.29.6/drivers/ata/ata_piix.c
+--- linux-2.6.29.6/drivers/ata/ata_piix.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ata/ata_piix.c	2009-07-23 17:34:32.095849165 -0400
+@@ -291,7 +291,7 @@ static const struct pci_device_id piix_p
+ 	{ 0x8086, 0x3b2d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata },
+ 	/* SATA Controller IDE (PCH) */
+ 	{ 0x8086, 0x3b2e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata },
+-	{ }	/* terminate list */
++	{ 0, 0, 0, 0, 0, 0, 0 }	/* terminate list */
+ };
+ 
+ static struct pci_driver piix_pci_driver = {
+@@ -595,7 +595,7 @@ static const struct ich_laptop ich_lapto
+ 	{ 0x266F, 0x1025, 0x0066 },	/* ICH6 on ACER Aspire 1694WLMi */
+ 	{ 0x2653, 0x1043, 0x82D8 },	/* ICH6M on Asus Eee 701 */
+ 	/* end marker */
+-	{ 0, }
++	{ 0, 0, 0 }
+ };
+ 
+ /**
+@@ -1054,7 +1054,7 @@ static int piix_broken_suspend(void)
+ 			},
+ 		},
+ 
+-		{ }	/* terminate list */
++		{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }	/* terminate list */
+ 	};
+ 	static const char *oemstrs[] = {
+ 		"Tecra M3,",
+diff -urNp linux-2.6.29.6/drivers/ata/libata-core.c linux-2.6.29.6/drivers/ata/libata-core.c
+--- linux-2.6.29.6/drivers/ata/libata-core.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ata/libata-core.c	2009-07-23 17:34:32.096707424 -0400
+@@ -889,7 +889,7 @@ static const struct ata_xfer_ent {
+ 	{ ATA_SHIFT_PIO, ATA_NR_PIO_MODES, XFER_PIO_0 },
+ 	{ ATA_SHIFT_MWDMA, ATA_NR_MWDMA_MODES, XFER_MW_DMA_0 },
+ 	{ ATA_SHIFT_UDMA, ATA_NR_UDMA_MODES, XFER_UDMA_0 },
+-	{ -1, },
++	{ -1, 0, 0 }
+ };
+ 
+ /**
+@@ -3105,7 +3105,7 @@ static const struct ata_timing ata_timin
+ 	{ XFER_UDMA_5,     0,   0,   0,   0,   0,   0, 0,    0,  20 },
+ 	{ XFER_UDMA_6,     0,   0,   0,   0,   0,   0, 0,    0,  15 },
+ 
+-	{ 0xFF }
++	{ 0xFF, 0, 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ #define ENOUGH(v, unit)		(((v)-1)/(unit)+1)
+@@ -4267,7 +4267,7 @@ static const struct ata_blacklist_entry 
+ 	{ "WD My Book",			NULL,	ATA_HORKAGE_1_5_GBPS, },
+ 
+ 	/* End Marker */
+-	{ }
++	{ NULL, NULL, 0 }
+ };
+ 
+ static int strn_pattern_cmp(const char *patt, const char *name, int wildchar)
+diff -urNp linux-2.6.29.6/drivers/atm/adummy.c linux-2.6.29.6/drivers/atm/adummy.c
+--- linux-2.6.29.6/drivers/atm/adummy.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/adummy.c	2009-07-23 17:34:32.096707424 -0400
+@@ -77,7 +77,7 @@ adummy_send(struct atm_vcc *vcc, struct 
+ 		vcc->pop(vcc, skb);
+ 	else
+ 		dev_kfree_skb_any(skb);
+-	atomic_inc(&vcc->stats->tx);
++	atomic_inc_unchecked(&vcc->stats->tx);
+ 
+ 	return 0;
+ }
+diff -urNp linux-2.6.29.6/drivers/atm/ambassador.c linux-2.6.29.6/drivers/atm/ambassador.c
+--- linux-2.6.29.6/drivers/atm/ambassador.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/ambassador.c	2009-07-23 17:34:32.096707424 -0400
+@@ -453,7 +453,7 @@ static void tx_complete (amb_dev * dev, 
+   PRINTD (DBG_FLOW|DBG_TX, "tx_complete %p %p", dev, tx);
+   
+   // VC layer stats
+-  atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
++  atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
+   
+   // free the descriptor
+   kfree (tx_descr);
+@@ -494,7 +494,7 @@ static void rx_complete (amb_dev * dev, 
+ 	  dump_skb ("<<<", vc, skb);
+ 	  
+ 	  // VC layer stats
+-	  atomic_inc(&atm_vcc->stats->rx);
++	  atomic_inc_unchecked(&atm_vcc->stats->rx);
+ 	  __net_timestamp(skb);
+ 	  // end of our responsability
+ 	  atm_vcc->push (atm_vcc, skb);
+@@ -509,7 +509,7 @@ static void rx_complete (amb_dev * dev, 
+       } else {
+       	PRINTK (KERN_INFO, "dropped over-size frame");
+ 	// should we count this?
+-	atomic_inc(&atm_vcc->stats->rx_drop);
++	atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
+       }
+       
+     } else {
+@@ -1349,7 +1349,7 @@ static int amb_send (struct atm_vcc * at
+   }
+   
+   if (check_area (skb->data, skb->len)) {
+-    atomic_inc(&atm_vcc->stats->tx_err);
++    atomic_inc_unchecked(&atm_vcc->stats->tx_err);
+     return -ENOMEM; // ?
+   }
+   
+diff -urNp linux-2.6.29.6/drivers/atm/atmtcp.c linux-2.6.29.6/drivers/atm/atmtcp.c
+--- linux-2.6.29.6/drivers/atm/atmtcp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/atmtcp.c	2009-07-23 17:34:32.097932924 -0400
+@@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc 
+ 		if (vcc->pop) vcc->pop(vcc,skb);
+ 		else dev_kfree_skb(skb);
+ 		if (dev_data) return 0;
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		return -ENOLINK;
+ 	}
+ 	size = skb->len+sizeof(struct atmtcp_hdr);
+@@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc 
+ 	if (!new_skb) {
+ 		if (vcc->pop) vcc->pop(vcc,skb);
+ 		else dev_kfree_skb(skb);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		return -ENOBUFS;
+ 	}
+ 	hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr));
+@@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc 
+ 	if (vcc->pop) vcc->pop(vcc,skb);
+ 	else dev_kfree_skb(skb);
+ 	out_vcc->push(out_vcc,new_skb);
+-	atomic_inc(&vcc->stats->tx);
+-	atomic_inc(&out_vcc->stats->rx);
++	atomic_inc_unchecked(&vcc->stats->tx);
++	atomic_inc_unchecked(&out_vcc->stats->rx);
+ 	return 0;
+ }
+ 
+@@ -300,7 +300,7 @@ static int atmtcp_c_send(struct atm_vcc 
+ 	out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci));
+ 	read_unlock(&vcc_sklist_lock);
+ 	if (!out_vcc) {
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		goto done;
+ 	}
+ 	skb_pull(skb,sizeof(struct atmtcp_hdr));
+@@ -312,8 +312,8 @@ static int atmtcp_c_send(struct atm_vcc 
+ 	__net_timestamp(new_skb);
+ 	skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len);
+ 	out_vcc->push(out_vcc,new_skb);
+-	atomic_inc(&vcc->stats->tx);
+-	atomic_inc(&out_vcc->stats->rx);
++	atomic_inc_unchecked(&vcc->stats->tx);
++	atomic_inc_unchecked(&out_vcc->stats->rx);
+ done:
+ 	if (vcc->pop) vcc->pop(vcc,skb);
+ 	else dev_kfree_skb(skb);
+diff -urNp linux-2.6.29.6/drivers/atm/eni.c linux-2.6.29.6/drivers/atm/eni.c
+--- linux-2.6.29.6/drivers/atm/eni.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/eni.c	2009-07-23 17:34:32.097932924 -0400
+@@ -525,7 +525,7 @@ static int rx_aal0(struct atm_vcc *vcc)
+ 		DPRINTK(DEV_LABEL "(itf %d): trashing empty cell\n",
+ 		    vcc->dev->number);
+ 		length = 0;
+-		atomic_inc(&vcc->stats->rx_err);
++		atomic_inc_unchecked(&vcc->stats->rx_err);
+ 	}
+ 	else {
+ 		length = ATM_CELL_SIZE-1; /* no HEC */
+@@ -580,7 +580,7 @@ static int rx_aal5(struct atm_vcc *vcc)
+ 			    size);
+ 		}
+ 		eff = length = 0;
+-		atomic_inc(&vcc->stats->rx_err);
++		atomic_inc_unchecked(&vcc->stats->rx_err);
+ 	}
+ 	else {
+ 		size = (descr & MID_RED_COUNT)*(ATM_CELL_PAYLOAD >> 2);
+@@ -597,7 +597,7 @@ static int rx_aal5(struct atm_vcc *vcc)
+ 			    "(VCI=%d,length=%ld,size=%ld (descr 0x%lx))\n",
+ 			    vcc->dev->number,vcc->vci,length,size << 2,descr);
+ 			length = eff = 0;
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 		}
+ 	}
+ 	skb = eff ? atm_alloc_charge(vcc,eff << 2,GFP_ATOMIC) : NULL;
+@@ -770,7 +770,7 @@ rx_dequeued++;
+ 			vcc->push(vcc,skb);
+ 			pushed++;
+ 		}
+-		atomic_inc(&vcc->stats->rx);
++		atomic_inc_unchecked(&vcc->stats->rx);
+ 	}
+ 	wake_up(&eni_dev->rx_wait);
+ }
+@@ -1227,7 +1227,7 @@ static void dequeue_tx(struct atm_dev *d
+ 		    PCI_DMA_TODEVICE);
+ 		if (vcc->pop) vcc->pop(vcc,skb);
+ 		else dev_kfree_skb_irq(skb);
+-		atomic_inc(&vcc->stats->tx);
++		atomic_inc_unchecked(&vcc->stats->tx);
+ 		wake_up(&eni_dev->tx_wait);
+ dma_complete++;
+ 	}
+diff -urNp linux-2.6.29.6/drivers/atm/firestream.c linux-2.6.29.6/drivers/atm/firestream.c
+--- linux-2.6.29.6/drivers/atm/firestream.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/firestream.c	2009-07-23 17:34:32.098993493 -0400
+@@ -748,7 +748,7 @@ static void process_txdone_queue (struct
+ 				}
+ 			}
+ 
+-			atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
++			atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
+ 
+ 			fs_dprintk (FS_DEBUG_TXMEM, "i");
+ 			fs_dprintk (FS_DEBUG_ALLOC, "Free t-skb: %p\n", skb);
+@@ -815,7 +815,7 @@ static void process_incoming (struct fs_
+ #endif
+ 				skb_put (skb, qe->p1 & 0xffff); 
+ 				ATM_SKB(skb)->vcc = atm_vcc;
+-				atomic_inc(&atm_vcc->stats->rx);
++				atomic_inc_unchecked(&atm_vcc->stats->rx);
+ 				__net_timestamp(skb);
+ 				fs_dprintk (FS_DEBUG_ALLOC, "Free rec-skb: %p (pushed)\n", skb);
+ 				atm_vcc->push (atm_vcc, skb);
+@@ -836,12 +836,12 @@ static void process_incoming (struct fs_
+ 				kfree (pe);
+ 			}
+ 			if (atm_vcc)
+-				atomic_inc(&atm_vcc->stats->rx_drop);
++				atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
+ 			break;
+ 		case 0x1f: /*  Reassembly abort: no buffers. */
+ 			/* Silently increment error counter. */
+ 			if (atm_vcc)
+-				atomic_inc(&atm_vcc->stats->rx_drop);
++				atomic_inc_unchecked(&atm_vcc->stats->rx_drop);
+ 			break;
+ 		default: /* Hmm. Haven't written the code to handle the others yet... -- REW */
+ 			printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n", 
+diff -urNp linux-2.6.29.6/drivers/atm/fore200e.c linux-2.6.29.6/drivers/atm/fore200e.c
+--- linux-2.6.29.6/drivers/atm/fore200e.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/fore200e.c	2009-07-23 17:34:32.099818881 -0400
+@@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200
+ #endif
+ 		/* check error condition */
+ 		if (*entry->status & STATUS_ERROR)
+-		    atomic_inc(&vcc->stats->tx_err);
++		    atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		else
+-		    atomic_inc(&vcc->stats->tx);
++		    atomic_inc_unchecked(&vcc->stats->tx);
+ 	    }
+ 	}
+ 
+@@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore2
+     if (skb == NULL) {
+ 	DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len);
+ 
+-	atomic_inc(&vcc->stats->rx_drop);
++	atomic_inc_unchecked(&vcc->stats->rx_drop);
+ 	return -ENOMEM;
+     } 
+ 
+@@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore2
+ 
+ 	dev_kfree_skb_any(skb);
+ 
+-	atomic_inc(&vcc->stats->rx_drop);
++	atomic_inc_unchecked(&vcc->stats->rx_drop);
+ 	return -ENOMEM;
+     }
+ 
+     ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
+ 
+     vcc->push(vcc, skb);
+-    atomic_inc(&vcc->stats->rx);
++    atomic_inc_unchecked(&vcc->stats->rx);
+ 
+     ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0);
+ 
+@@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200
+ 		DPRINTK(2, "damaged PDU on %d.%d.%d\n",
+ 			fore200e->atm_dev->number,
+ 			entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci);
+-		atomic_inc(&vcc->stats->rx_err);
++		atomic_inc_unchecked(&vcc->stats->rx_err);
+ 	    }
+ 	}
+ 
+@@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struc
+ 		goto retry_here;
+ 	    }
+ 
+-	    atomic_inc(&vcc->stats->tx_err);
++	    atomic_inc_unchecked(&vcc->stats->tx_err);
+ 
+ 	    fore200e->tx_sat++;
+ 	    DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
+diff -urNp linux-2.6.29.6/drivers/atm/he.c linux-2.6.29.6/drivers/atm/he.c
+--- linux-2.6.29.6/drivers/atm/he.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/he.c	2009-07-23 18:42:59.306868260 -0400
+@@ -1728,7 +1728,7 @@ he_service_rbrq(struct he_dev *he_dev, i
+ 
+ 		if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) {
+ 			hprintk("HBUF_ERR!  (cid 0x%x)\n", cid);
+-				atomic_inc(&vcc->stats->rx_drop);
++				atomic_inc_unchecked(&vcc->stats->rx_drop);
+ 			goto return_host_buffers;
+ 		}
+ 
+@@ -1761,7 +1761,7 @@ he_service_rbrq(struct he_dev *he_dev, i
+ 				RBRQ_LEN_ERR(he_dev->rbrq_head)
+ 							? "LEN_ERR" : "",
+ 							vcc->vpi, vcc->vci);
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			goto return_host_buffers;
+ 		}
+ 
+@@ -1820,7 +1820,7 @@ he_service_rbrq(struct he_dev *he_dev, i
+ 		vcc->push(vcc, skb);
+ 		spin_lock(&he_dev->global_lock);
+ 
+-		atomic_inc(&vcc->stats->rx);
++		atomic_inc_unchecked(&vcc->stats->rx);
+ 
+ return_host_buffers:
+ 		++pdus_assembled;
+@@ -2165,7 +2165,7 @@ __enqueue_tpd(struct he_dev *he_dev, str
+ 					tpd->vcc->pop(tpd->vcc, tpd->skb);
+ 				else
+ 					dev_kfree_skb_any(tpd->skb);
+-				atomic_inc(&tpd->vcc->stats->tx_err);
++				atomic_inc_unchecked(&tpd->vcc->stats->tx_err);
+ 			}
+ 			pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status));
+ 			return;
+@@ -2577,7 +2577,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
+ 			vcc->pop(vcc, skb);
+ 		else
+ 			dev_kfree_skb_any(skb);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		return -EINVAL;
+ 	}
+ 
+@@ -2588,7 +2588,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
+ 			vcc->pop(vcc, skb);
+ 		else
+ 			dev_kfree_skb_any(skb);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		return -EINVAL;
+ 	}
+ #endif
+@@ -2600,7 +2600,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
+ 			vcc->pop(vcc, skb);
+ 		else
+ 			dev_kfree_skb_any(skb);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		spin_unlock_irqrestore(&he_dev->global_lock, flags);
+ 		return -ENOMEM;
+ 	}
+@@ -2642,7 +2642,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
+ 					vcc->pop(vcc, skb);
+ 				else
+ 					dev_kfree_skb_any(skb);
+-				atomic_inc(&vcc->stats->tx_err);
++				atomic_inc_unchecked(&vcc->stats->tx_err);
+ 				spin_unlock_irqrestore(&he_dev->global_lock, flags);
+ 				return -ENOMEM;
+ 			}
+@@ -2673,7 +2673,7 @@ he_send(struct atm_vcc *vcc, struct sk_b
+ 	__enqueue_tpd(he_dev, tpd, cid);
+ 	spin_unlock_irqrestore(&he_dev->global_lock, flags);
+ 
+-	atomic_inc(&vcc->stats->tx);
++	atomic_inc_unchecked(&vcc->stats->tx);
+ 
+ 	return 0;
+ }
+diff -urNp linux-2.6.29.6/drivers/atm/horizon.c linux-2.6.29.6/drivers/atm/horizon.c
+--- linux-2.6.29.6/drivers/atm/horizon.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/horizon.c	2009-07-23 17:34:32.100806142 -0400
+@@ -1033,7 +1033,7 @@ static void rx_schedule (hrz_dev * dev, 
+ 	{
+ 	  struct atm_vcc * vcc = ATM_SKB(skb)->vcc;
+ 	  // VC layer stats
+-	  atomic_inc(&vcc->stats->rx);
++	  atomic_inc_unchecked(&vcc->stats->rx);
+ 	  __net_timestamp(skb);
+ 	  // end of our responsability
+ 	  vcc->push (vcc, skb);
+@@ -1185,7 +1185,7 @@ static void tx_schedule (hrz_dev * const
+ 	dev->tx_iovec = NULL;
+ 	
+ 	// VC layer stats
+-	atomic_inc(&ATM_SKB(skb)->vcc->stats->tx);
++	atomic_inc_unchecked(&ATM_SKB(skb)->vcc->stats->tx);
+ 	
+ 	// free the skb
+ 	hrz_kfree_skb (skb);
+diff -urNp linux-2.6.29.6/drivers/atm/idt77252.c linux-2.6.29.6/drivers/atm/idt77252.c
+--- linux-2.6.29.6/drivers/atm/idt77252.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/idt77252.c	2009-07-23 17:34:32.101982733 -0400
+@@ -810,7 +810,7 @@ drain_scq(struct idt77252_dev *card, str
+ 		else
+ 			dev_kfree_skb(skb);
+ 
+-		atomic_inc(&vcc->stats->tx);
++		atomic_inc_unchecked(&vcc->stats->tx);
+ 	}
+ 
+ 	atomic_dec(&scq->used);
+@@ -1073,13 +1073,13 @@ dequeue_rx(struct idt77252_dev *card, st
+ 			if ((sb = dev_alloc_skb(64)) == NULL) {
+ 				printk("%s: Can't allocate buffers for aal0.\n",
+ 				       card->name);
+-				atomic_add(i, &vcc->stats->rx_drop);
++				atomic_add_unchecked(i, &vcc->stats->rx_drop);
+ 				break;
+ 			}
+ 			if (!atm_charge(vcc, sb->truesize)) {
+ 				RXPRINTK("%s: atm_charge() dropped aal0 packets.\n",
+ 					 card->name);
+-				atomic_add(i - 1, &vcc->stats->rx_drop);
++				atomic_add_unchecked(i - 1, &vcc->stats->rx_drop);
+ 				dev_kfree_skb(sb);
+ 				break;
+ 			}
+@@ -1096,7 +1096,7 @@ dequeue_rx(struct idt77252_dev *card, st
+ 			ATM_SKB(sb)->vcc = vcc;
+ 			__net_timestamp(sb);
+ 			vcc->push(vcc, sb);
+-			atomic_inc(&vcc->stats->rx);
++			atomic_inc_unchecked(&vcc->stats->rx);
+ 
+ 			cell += ATM_CELL_PAYLOAD;
+ 		}
+@@ -1133,13 +1133,13 @@ dequeue_rx(struct idt77252_dev *card, st
+ 			         "(CDC: %08x)\n",
+ 			         card->name, len, rpp->len, readl(SAR_REG_CDC));
+ 			recycle_rx_pool_skb(card, rpp);
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			return;
+ 		}
+ 		if (stat & SAR_RSQE_CRC) {
+ 			RXPRINTK("%s: AAL5 CRC error.\n", card->name);
+ 			recycle_rx_pool_skb(card, rpp);
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			return;
+ 		}
+ 		if (skb_queue_len(&rpp->queue) > 1) {
+@@ -1150,7 +1150,7 @@ dequeue_rx(struct idt77252_dev *card, st
+ 				RXPRINTK("%s: Can't alloc RX skb.\n",
+ 					 card->name);
+ 				recycle_rx_pool_skb(card, rpp);
+-				atomic_inc(&vcc->stats->rx_err);
++				atomic_inc_unchecked(&vcc->stats->rx_err);
+ 				return;
+ 			}
+ 			if (!atm_charge(vcc, skb->truesize)) {
+@@ -1169,7 +1169,7 @@ dequeue_rx(struct idt77252_dev *card, st
+ 			__net_timestamp(skb);
+ 
+ 			vcc->push(vcc, skb);
+-			atomic_inc(&vcc->stats->rx);
++			atomic_inc_unchecked(&vcc->stats->rx);
+ 
+ 			return;
+ 		}
+@@ -1191,7 +1191,7 @@ dequeue_rx(struct idt77252_dev *card, st
+ 		__net_timestamp(skb);
+ 
+ 		vcc->push(vcc, skb);
+-		atomic_inc(&vcc->stats->rx);
++		atomic_inc_unchecked(&vcc->stats->rx);
+ 
+ 		if (skb->truesize > SAR_FB_SIZE_3)
+ 			add_rx_skb(card, 3, SAR_FB_SIZE_3, 1);
+@@ -1303,14 +1303,14 @@ idt77252_rx_raw(struct idt77252_dev *car
+ 		if (vcc->qos.aal != ATM_AAL0) {
+ 			RPRINTK("%s: raw cell for non AAL0 vc %u.%u\n",
+ 				card->name, vpi, vci);
+-			atomic_inc(&vcc->stats->rx_drop);
++			atomic_inc_unchecked(&vcc->stats->rx_drop);
+ 			goto drop;
+ 		}
+ 	
+ 		if ((sb = dev_alloc_skb(64)) == NULL) {
+ 			printk("%s: Can't allocate buffers for AAL0.\n",
+ 			       card->name);
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			goto drop;
+ 		}
+ 
+@@ -1329,7 +1329,7 @@ idt77252_rx_raw(struct idt77252_dev *car
+ 		ATM_SKB(sb)->vcc = vcc;
+ 		__net_timestamp(sb);
+ 		vcc->push(vcc, sb);
+-		atomic_inc(&vcc->stats->rx);
++		atomic_inc_unchecked(&vcc->stats->rx);
+ 
+ drop:
+ 		skb_pull(queue, 64);
+@@ -1954,13 +1954,13 @@ idt77252_send_skb(struct atm_vcc *vcc, s
+ 
+ 	if (vc == NULL) {
+ 		printk("%s: NULL connection in send().\n", card->name);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		dev_kfree_skb(skb);
+ 		return -EINVAL;
+ 	}
+ 	if (!test_bit(VCF_TX, &vc->flags)) {
+ 		printk("%s: Trying to transmit on a non-tx VC.\n", card->name);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		dev_kfree_skb(skb);
+ 		return -EINVAL;
+ 	}
+@@ -1972,14 +1972,14 @@ idt77252_send_skb(struct atm_vcc *vcc, s
+ 		break;
+ 	default:
+ 		printk("%s: Unsupported AAL: %d\n", card->name, vcc->qos.aal);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		dev_kfree_skb(skb);
+ 		return -EINVAL;
+ 	}
+ 
+ 	if (skb_shinfo(skb)->nr_frags != 0) {
+ 		printk("%s: No scatter-gather yet.\n", card->name);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		dev_kfree_skb(skb);
+ 		return -EINVAL;
+ 	}
+@@ -1987,7 +1987,7 @@ idt77252_send_skb(struct atm_vcc *vcc, s
+ 
+ 	err = queue_skb(card, vc, skb, oam);
+ 	if (err) {
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		dev_kfree_skb(skb);
+ 		return err;
+ 	}
+@@ -2010,7 +2010,7 @@ idt77252_send_oam(struct atm_vcc *vcc, v
+ 	skb = dev_alloc_skb(64);
+ 	if (!skb) {
+ 		printk("%s: Out of memory in send_oam().\n", card->name);
+-		atomic_inc(&vcc->stats->tx_err);
++		atomic_inc_unchecked(&vcc->stats->tx_err);
+ 		return -ENOMEM;
+ 	}
+ 	atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc);
+diff -urNp linux-2.6.29.6/drivers/atm/iphase.c linux-2.6.29.6/drivers/atm/iphase.c
+--- linux-2.6.29.6/drivers/atm/iphase.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/iphase.c	2009-07-23 17:34:32.102777929 -0400
+@@ -1125,7 +1125,7 @@ static int rx_pkt(struct atm_dev *dev)  
+ 	status = (u_short) (buf_desc_ptr->desc_mode);  
+ 	if (status & (RX_CER | RX_PTE | RX_OFL))  
+ 	{  
+-                atomic_inc(&vcc->stats->rx_err);
++                atomic_inc_unchecked(&vcc->stats->rx_err);
+ 		IF_ERR(printk("IA: bad packet, dropping it");)  
+                 if (status & RX_CER) { 
+                     IF_ERR(printk(" cause: packet CRC error\n");)
+@@ -1148,7 +1148,7 @@ static int rx_pkt(struct atm_dev *dev)  
+ 	len = dma_addr - buf_addr;  
+         if (len > iadev->rx_buf_sz) {
+            printk("Over %d bytes sdu received, dropped!!!\n", iadev->rx_buf_sz);
+-           atomic_inc(&vcc->stats->rx_err);
++           atomic_inc_unchecked(&vcc->stats->rx_err);
+ 	   goto out_free_desc;
+         }
+ 		  
+@@ -1298,7 +1298,7 @@ static void rx_dle_intr(struct atm_dev *
+           ia_vcc = INPH_IA_VCC(vcc);
+           if (ia_vcc == NULL)
+           {
+-             atomic_inc(&vcc->stats->rx_err);
++             atomic_inc_unchecked(&vcc->stats->rx_err);
+              dev_kfree_skb_any(skb);
+              atm_return(vcc, atm_guess_pdu2truesize(len));
+              goto INCR_DLE;
+@@ -1310,7 +1310,7 @@ static void rx_dle_intr(struct atm_dev *
+           if ((length > iadev->rx_buf_sz) || (length > 
+                               (skb->len - sizeof(struct cpcs_trailer))))
+           {
+-             atomic_inc(&vcc->stats->rx_err);
++             atomic_inc_unchecked(&vcc->stats->rx_err);
+              IF_ERR(printk("rx_dle_intr: Bad  AAL5 trailer %d (skb len %d)", 
+                                                             length, skb->len);)
+              dev_kfree_skb_any(skb);
+@@ -1326,7 +1326,7 @@ static void rx_dle_intr(struct atm_dev *
+ 
+ 	  IF_RX(printk("rx_dle_intr: skb push");)  
+ 	  vcc->push(vcc,skb);  
+-	  atomic_inc(&vcc->stats->rx);
++	  atomic_inc_unchecked(&vcc->stats->rx);
+           iadev->rx_pkt_cnt++;
+       }  
+ INCR_DLE:
+@@ -2921,7 +2921,7 @@ static int ia_pkt_tx (struct atm_vcc *vc
+ 	if ((desc == 0) || (desc > iadev->num_tx_desc))  
+ 	{  
+ 		IF_ERR(printk(DEV_LABEL "invalid desc for send: %d\n", desc);) 
+-                atomic_inc(&vcc->stats->tx);
++                atomic_inc_unchecked(&vcc->stats->tx);
+ 		if (vcc->pop)   
+ 		    vcc->pop(vcc, skb);   
+ 		else  
+@@ -3026,7 +3026,7 @@ static int ia_pkt_tx (struct atm_vcc *vc
+         ATM_DESC(skb) = vcc->vci;
+         skb_queue_tail(&iadev->tx_dma_q, skb);
+ 
+-        atomic_inc(&vcc->stats->tx);
++        atomic_inc_unchecked(&vcc->stats->tx);
+         iadev->tx_pkt_cnt++;
+ 	/* Increment transaction counter */  
+ 	writel(2, iadev->dma+IPHASE5575_TX_COUNTER);  
+diff -urNp linux-2.6.29.6/drivers/atm/lanai.c linux-2.6.29.6/drivers/atm/lanai.c
+--- linux-2.6.29.6/drivers/atm/lanai.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/lanai.c	2009-07-23 17:34:32.103950524 -0400
+@@ -1305,7 +1305,7 @@ static void lanai_send_one_aal5(struct l
+ 	vcc_tx_add_aal5_trailer(lvcc, skb->len, 0, 0);
+ 	lanai_endtx(lanai, lvcc);
+ 	lanai_free_skb(lvcc->tx.atmvcc, skb);
+-	atomic_inc(&lvcc->tx.atmvcc->stats->tx);
++	atomic_inc_unchecked(&lvcc->tx.atmvcc->stats->tx);
+ }
+ 
+ /* Try to fill the buffer - don't call unless there is backlog */
+@@ -1428,7 +1428,7 @@ static void vcc_rx_aal5(struct lanai_vcc
+ 	ATM_SKB(skb)->vcc = lvcc->rx.atmvcc;
+ 	__net_timestamp(skb);
+ 	lvcc->rx.atmvcc->push(lvcc->rx.atmvcc, skb);
+-	atomic_inc(&lvcc->rx.atmvcc->stats->rx);
++	atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx);
+     out:
+ 	lvcc->rx.buf.ptr = end;
+ 	cardvcc_write(lvcc, endptr, vcc_rxreadptr);
+@@ -1670,7 +1670,7 @@ static int handle_service(struct lanai_d
+ 		DPRINTK("(itf %d) got RX service entry 0x%X for non-AAL5 "
+ 		    "vcc %d\n", lanai->number, (unsigned int) s, vci);
+ 		lanai->stats.service_rxnotaal5++;
+-		atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
++		atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
+ 		return 0;
+ 	}
+ 	if (likely(!(s & (SERVICE_TRASH | SERVICE_STREAM | SERVICE_CRCERR)))) {
+@@ -1682,7 +1682,7 @@ static int handle_service(struct lanai_d
+ 		int bytes;
+ 		read_unlock(&vcc_sklist_lock);
+ 		DPRINTK("got trashed rx pdu on vci %d\n", vci);
+-		atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
++		atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
+ 		lvcc->stats.x.aal5.service_trash++;
+ 		bytes = (SERVICE_GET_END(s) * 16) -
+ 		    (((unsigned long) lvcc->rx.buf.ptr) -
+@@ -1694,7 +1694,7 @@ static int handle_service(struct lanai_d
+ 	}
+ 	if (s & SERVICE_STREAM) {
+ 		read_unlock(&vcc_sklist_lock);
+-		atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
++		atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
+ 		lvcc->stats.x.aal5.service_stream++;
+ 		printk(KERN_ERR DEV_LABEL "(itf %d): Got AAL5 stream "
+ 		    "PDU on VCI %d!\n", lanai->number, vci);
+@@ -1702,7 +1702,7 @@ static int handle_service(struct lanai_d
+ 		return 0;
+ 	}
+ 	DPRINTK("got rx crc error on vci %d\n", vci);
+-	atomic_inc(&lvcc->rx.atmvcc->stats->rx_err);
++	atomic_inc_unchecked(&lvcc->rx.atmvcc->stats->rx_err);
+ 	lvcc->stats.x.aal5.service_rxcrc++;
+ 	lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4];
+ 	cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr);
+diff -urNp linux-2.6.29.6/drivers/atm/nicstar.c linux-2.6.29.6/drivers/atm/nicstar.c
+--- linux-2.6.29.6/drivers/atm/nicstar.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/nicstar.c	2009-07-23 17:34:32.104830194 -0400
+@@ -1723,7 +1723,7 @@ static int ns_send(struct atm_vcc *vcc, 
+    if ((vc = (vc_map *) vcc->dev_data) == NULL)
+    {
+       printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n", card->index);
+-      atomic_inc(&vcc->stats->tx_err);
++      atomic_inc_unchecked(&vcc->stats->tx_err);
+       dev_kfree_skb_any(skb);
+       return -EINVAL;
+    }
+@@ -1731,7 +1731,7 @@ static int ns_send(struct atm_vcc *vcc, 
+    if (!vc->tx)
+    {
+       printk("nicstar%d: Trying to transmit on a non-tx VC.\n", card->index);
+-      atomic_inc(&vcc->stats->tx_err);
++      atomic_inc_unchecked(&vcc->stats->tx_err);
+       dev_kfree_skb_any(skb);
+       return -EINVAL;
+    }
+@@ -1739,7 +1739,7 @@ static int ns_send(struct atm_vcc *vcc, 
+    if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0)
+    {
+       printk("nicstar%d: Only AAL0 and AAL5 are supported.\n", card->index);
+-      atomic_inc(&vcc->stats->tx_err);
++      atomic_inc_unchecked(&vcc->stats->tx_err);
+       dev_kfree_skb_any(skb);
+       return -EINVAL;
+    }
+@@ -1747,7 +1747,7 @@ static int ns_send(struct atm_vcc *vcc, 
+    if (skb_shinfo(skb)->nr_frags != 0)
+    {
+       printk("nicstar%d: No scatter-gather yet.\n", card->index);
+-      atomic_inc(&vcc->stats->tx_err);
++      atomic_inc_unchecked(&vcc->stats->tx_err);
+       dev_kfree_skb_any(skb);
+       return -EINVAL;
+    }
+@@ -1792,11 +1792,11 @@ static int ns_send(struct atm_vcc *vcc, 
+ 
+    if (push_scqe(card, vc, scq, &scqe, skb) != 0)
+    {
+-      atomic_inc(&vcc->stats->tx_err);
++      atomic_inc_unchecked(&vcc->stats->tx_err);
+       dev_kfree_skb_any(skb);
+       return -EIO;
+    }
+-   atomic_inc(&vcc->stats->tx);
++   atomic_inc_unchecked(&vcc->stats->tx);
+ 
+    return 0;
+ }
+@@ -2111,14 +2111,14 @@ static void dequeue_rx(ns_dev *card, ns_
+          {
+             printk("nicstar%d: Can't allocate buffers for aal0.\n",
+                    card->index);
+-            atomic_add(i,&vcc->stats->rx_drop);
++            atomic_add_unchecked(i,&vcc->stats->rx_drop);
+             break;
+          }
+          if (!atm_charge(vcc, sb->truesize))
+          {
+             RXPRINTK("nicstar%d: atm_charge() dropped aal0 packets.\n",
+                      card->index);
+-            atomic_add(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
++            atomic_add_unchecked(i-1,&vcc->stats->rx_drop); /* already increased by 1 */
+             dev_kfree_skb_any(sb);
+             break;
+          }
+@@ -2133,7 +2133,7 @@ static void dequeue_rx(ns_dev *card, ns_
+          ATM_SKB(sb)->vcc = vcc;
+ 	 __net_timestamp(sb);
+          vcc->push(vcc, sb);
+-         atomic_inc(&vcc->stats->rx);
++         atomic_inc_unchecked(&vcc->stats->rx);
+          cell += ATM_CELL_PAYLOAD;
+       }
+ 
+@@ -2152,7 +2152,7 @@ static void dequeue_rx(ns_dev *card, ns_
+ 	 if (iovb == NULL)
+ 	 {
+ 	    printk("nicstar%d: Out of iovec buffers.\n", card->index);
+-            atomic_inc(&vcc->stats->rx_drop);
++            atomic_inc_unchecked(&vcc->stats->rx_drop);
+             recycle_rx_buf(card, skb);
+             return;
+ 	 }
+@@ -2182,7 +2182,7 @@ static void dequeue_rx(ns_dev *card, ns_
+    else if (NS_SKB(iovb)->iovcnt >= NS_MAX_IOVECS)
+    {
+       printk("nicstar%d: received too big AAL5 SDU.\n", card->index);
+-      atomic_inc(&vcc->stats->rx_err);
++      atomic_inc_unchecked(&vcc->stats->rx_err);
+       recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, NS_MAX_IOVECS);
+       NS_SKB(iovb)->iovcnt = 0;
+       iovb->len = 0;
+@@ -2202,7 +2202,7 @@ static void dequeue_rx(ns_dev *card, ns_
+          printk("nicstar%d: Expected a small buffer, and this is not one.\n",
+ 	        card->index);
+          which_list(card, skb);
+-         atomic_inc(&vcc->stats->rx_err);
++         atomic_inc_unchecked(&vcc->stats->rx_err);
+          recycle_rx_buf(card, skb);
+          vc->rx_iov = NULL;
+          recycle_iov_buf(card, iovb);
+@@ -2216,7 +2216,7 @@ static void dequeue_rx(ns_dev *card, ns_
+          printk("nicstar%d: Expected a large buffer, and this is not one.\n",
+ 	        card->index);
+          which_list(card, skb);
+-         atomic_inc(&vcc->stats->rx_err);
++         atomic_inc_unchecked(&vcc->stats->rx_err);
+          recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
+ 	                       NS_SKB(iovb)->iovcnt);
+          vc->rx_iov = NULL;
+@@ -2240,7 +2240,7 @@ static void dequeue_rx(ns_dev *card, ns_
+             printk(" - PDU size mismatch.\n");
+          else
+             printk(".\n");
+-         atomic_inc(&vcc->stats->rx_err);
++         atomic_inc_unchecked(&vcc->stats->rx_err);
+          recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
+ 	   NS_SKB(iovb)->iovcnt);
+ 	 vc->rx_iov = NULL;
+@@ -2256,7 +2256,7 @@ static void dequeue_rx(ns_dev *card, ns_
+          if (!atm_charge(vcc, skb->truesize))
+          {
+             push_rxbufs(card, skb);
+-            atomic_inc(&vcc->stats->rx_drop);
++            atomic_inc_unchecked(&vcc->stats->rx_drop);
+          }
+          else
+ 	 {
+@@ -2268,7 +2268,7 @@ static void dequeue_rx(ns_dev *card, ns_
+             ATM_SKB(skb)->vcc = vcc;
+ 	    __net_timestamp(skb);
+             vcc->push(vcc, skb);
+-            atomic_inc(&vcc->stats->rx);
++            atomic_inc_unchecked(&vcc->stats->rx);
+          }
+       }
+       else if (NS_SKB(iovb)->iovcnt == 2)	/* One small plus one large buffer */
+@@ -2283,7 +2283,7 @@ static void dequeue_rx(ns_dev *card, ns_
+             if (!atm_charge(vcc, sb->truesize))
+             {
+                push_rxbufs(card, sb);
+-               atomic_inc(&vcc->stats->rx_drop);
++               atomic_inc_unchecked(&vcc->stats->rx_drop);
+             }
+             else
+ 	    {
+@@ -2295,7 +2295,7 @@ static void dequeue_rx(ns_dev *card, ns_
+                ATM_SKB(sb)->vcc = vcc;
+ 	       __net_timestamp(sb);
+                vcc->push(vcc, sb);
+-               atomic_inc(&vcc->stats->rx);
++               atomic_inc_unchecked(&vcc->stats->rx);
+             }
+ 
+             push_rxbufs(card, skb);
+@@ -2306,7 +2306,7 @@ static void dequeue_rx(ns_dev *card, ns_
+             if (!atm_charge(vcc, skb->truesize))
+             {
+                push_rxbufs(card, skb);
+-               atomic_inc(&vcc->stats->rx_drop);
++               atomic_inc_unchecked(&vcc->stats->rx_drop);
+             }
+             else
+             {
+@@ -2320,7 +2320,7 @@ static void dequeue_rx(ns_dev *card, ns_
+                ATM_SKB(skb)->vcc = vcc;
+ 	       __net_timestamp(skb);
+                vcc->push(vcc, skb);
+-               atomic_inc(&vcc->stats->rx);
++               atomic_inc_unchecked(&vcc->stats->rx);
+             }
+ 
+             push_rxbufs(card, sb);
+@@ -2342,7 +2342,7 @@ static void dequeue_rx(ns_dev *card, ns_
+             if (hb == NULL)
+             {
+                printk("nicstar%d: Out of huge buffers.\n", card->index);
+-               atomic_inc(&vcc->stats->rx_drop);
++               atomic_inc_unchecked(&vcc->stats->rx_drop);
+                recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data,
+ 	                             NS_SKB(iovb)->iovcnt);
+                vc->rx_iov = NULL;
+@@ -2393,7 +2393,7 @@ static void dequeue_rx(ns_dev *card, ns_
+             }
+ 	    else
+ 	       dev_kfree_skb_any(hb);
+-	    atomic_inc(&vcc->stats->rx_drop);
++	    atomic_inc_unchecked(&vcc->stats->rx_drop);
+          }
+          else
+ 	 {
+@@ -2427,7 +2427,7 @@ static void dequeue_rx(ns_dev *card, ns_
+ #endif /* NS_USE_DESTRUCTORS */
+ 	    __net_timestamp(hb);
+             vcc->push(vcc, hb);
+-            atomic_inc(&vcc->stats->rx);
++            atomic_inc_unchecked(&vcc->stats->rx);
+          }
+       }
+ 
+diff -urNp linux-2.6.29.6/drivers/atm/solos-pci.c linux-2.6.29.6/drivers/atm/solos-pci.c
+--- linux-2.6.29.6/drivers/atm/solos-pci.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/solos-pci.c	2009-07-23 17:34:32.104830194 -0400
+@@ -261,7 +261,7 @@ void solos_bh(unsigned long card_arg)
+ 				}
+ 				atm_charge(vcc, skb->truesize);
+ 				vcc->push(vcc, skb);
+-				atomic_inc(&vcc->stats->rx);
++				atomic_inc_unchecked(&vcc->stats->rx);
+ 				break;
+ 
+ 			case PKT_COMMAND:
+@@ -487,7 +487,7 @@ static int fpga_tx(struct solos_card *ca
+ 			vcc = *(void **)skb->cb;
+ 
+ 			if (vcc) {
+-				atomic_inc(&vcc->stats->tx);
++				atomic_inc_unchecked(&vcc->stats->tx);
+ 				solos_pop(vcc, skb);
+ 			} else
+ 				dev_kfree_skb_irq(skb);
+@@ -517,9 +517,9 @@ static int psend(struct atm_vcc *vcc, st
+ 			memcpy(skb2->data, skb->data, skb->len);
+ 			skb_put(skb2, skb->len);
+ 			vcc->push(vcc, skb2);
+-			atomic_inc(&vcc->stats->rx);
++			atomic_inc_unchecked(&vcc->stats->rx);
+ 		}
+-		atomic_inc(&vcc->stats->tx);
++		atomic_inc_unchecked(&vcc->stats->tx);
+ 		solos_pop(vcc, skb);
+ 		return 0;
+ 	}
+diff -urNp linux-2.6.29.6/drivers/atm/suni.c linux-2.6.29.6/drivers/atm/suni.c
+--- linux-2.6.29.6/drivers/atm/suni.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/suni.c	2009-07-23 17:34:32.104830194 -0400
+@@ -49,7 +49,7 @@ static DEFINE_SPINLOCK(sunis_lock);
+ 
+ 
+ #define ADD_LIMITED(s,v) \
+-    atomic_add((v),&stats->s); \
++    atomic_add_unchecked((v),&stats->s); \
+     if (atomic_read(&stats->s) < 0) atomic_set(&stats->s,INT_MAX);
+ 
+ 
+diff -urNp linux-2.6.29.6/drivers/atm/uPD98402.c linux-2.6.29.6/drivers/atm/uPD98402.c
+--- linux-2.6.29.6/drivers/atm/uPD98402.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/uPD98402.c	2009-07-23 17:34:32.105906562 -0400
+@@ -41,7 +41,7 @@ static int fetch_stats(struct atm_dev *d
+ 	struct sonet_stats tmp;
+  	int error = 0;
+ 
+-	atomic_add(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
++	atomic_add_unchecked(GET(HECCT),&PRIV(dev)->sonet_stats.uncorr_hcs);
+ 	sonet_copy_stats(&PRIV(dev)->sonet_stats,&tmp);
+ 	if (arg) error = copy_to_user(arg,&tmp,sizeof(tmp));
+ 	if (zero && !error) {
+@@ -160,7 +160,7 @@ static int uPD98402_ioctl(struct atm_dev
+ 
+ 
+ #define ADD_LIMITED(s,v) \
+-    { atomic_add(GET(v),&PRIV(dev)->sonet_stats.s); \
++    { atomic_add_unchecked(GET(v),&PRIV(dev)->sonet_stats.s); \
+     if (atomic_read(&PRIV(dev)->sonet_stats.s) < 0) \
+ 	atomic_set(&PRIV(dev)->sonet_stats.s,INT_MAX); }
+ 
+@@ -193,7 +193,7 @@ static void uPD98402_int(struct atm_dev 
+ 		if (reason & uPD98402_INT_PFM) stat_event(dev);
+ 		if (reason & uPD98402_INT_PCO) {
+ 			(void) GET(PCOCR); /* clear interrupt cause */
+-			atomic_add(GET(HECCT),
++			atomic_add_unchecked(GET(HECCT),
+ 			    &PRIV(dev)->sonet_stats.uncorr_hcs);
+ 		}
+ 		if ((reason & uPD98402_INT_RFO) && 
+diff -urNp linux-2.6.29.6/drivers/atm/zatm.c linux-2.6.29.6/drivers/atm/zatm.c
+--- linux-2.6.29.6/drivers/atm/zatm.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/atm/zatm.c	2009-07-23 17:34:32.105906562 -0400
+@@ -458,7 +458,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
+ 		}
+ 		if (!size) {
+ 			dev_kfree_skb_irq(skb);
+-			if (vcc) atomic_inc(&vcc->stats->rx_err);
++			if (vcc) atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			continue;
+ 		}
+ 		if (!atm_charge(vcc,skb->truesize)) {
+@@ -468,7 +468,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy
+ 		skb->len = size;
+ 		ATM_SKB(skb)->vcc = vcc;
+ 		vcc->push(vcc,skb);
+-		atomic_inc(&vcc->stats->rx);
++		atomic_inc_unchecked(&vcc->stats->rx);
+ 	}
+ 	zout(pos & 0xffff,MTA(mbx));
+ #if 0 /* probably a stupid idea */
+@@ -732,7 +732,7 @@ if (*ZATM_PRV_DSC(skb) != (uPD98401_TXPD
+ 			skb_queue_head(&zatm_vcc->backlog,skb);
+ 			break;
+ 		}
+-	atomic_inc(&vcc->stats->tx);
++	atomic_inc_unchecked(&vcc->stats->tx);
+ 	wake_up(&zatm_vcc->tx_wait);
+ }
+ 
+diff -urNp linux-2.6.29.6/drivers/block/cciss.c linux-2.6.29.6/drivers/block/cciss.c
+--- linux-2.6.29.6/drivers/block/cciss.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/block/cciss.c	2009-07-23 18:40:27.585424777 -0400
+@@ -348,7 +348,7 @@ static void cciss_seq_stop(struct seq_fi
+ 	h->busy_configuring = 0;
+ }
+ 
+-static struct seq_operations cciss_seq_ops = {
++static const struct seq_operations cciss_seq_ops = {
+ 	.start = cciss_seq_start,
+ 	.show  = cciss_seq_show,
+ 	.next  = cciss_seq_next,
+@@ -411,7 +411,7 @@ out:
+ 	return err;
+ }
+ 
+-static struct file_operations cciss_proc_fops = {
++static const struct file_operations cciss_proc_fops = {
+ 	.owner	 = THIS_MODULE,
+ 	.open    = cciss_seq_open,
+ 	.read    = seq_read,
+diff -urNp linux-2.6.29.6/drivers/char/agp/alpha-agp.c linux-2.6.29.6/drivers/char/agp/alpha-agp.c
+--- linux-2.6.29.6/drivers/char/agp/alpha-agp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/agp/alpha-agp.c	2009-07-23 18:40:27.599275730 -0400
+@@ -40,7 +40,7 @@ static struct aper_size_info_fixed alpha
+ 	{ 0, 0, 0 }, /* filled in by alpha_core_agp_setup */
+ };
+ 
+-struct vm_operations_struct alpha_core_agp_vm_ops = {
++const struct vm_operations_struct alpha_core_agp_vm_ops = {
+ 	.fault = alpha_core_agp_vm_fault,
+ };
+ 
+diff -urNp linux-2.6.29.6/drivers/char/agp/frontend.c linux-2.6.29.6/drivers/char/agp/frontend.c
+--- linux-2.6.29.6/drivers/char/agp/frontend.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/agp/frontend.c	2009-07-23 17:34:32.106888179 -0400
+@@ -824,7 +824,7 @@ static int agpioc_reserve_wrap(struct ag
+ 	if (copy_from_user(&reserve, arg, sizeof(struct agp_region)))
+ 		return -EFAULT;
+ 
+-	if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment))
++	if ((unsigned) reserve.seg_count >= ~0U/sizeof(struct agp_segment_priv))
+ 		return -EFAULT;
+ 
+ 	client = agp_find_client_by_pid(reserve.pid);
+diff -urNp linux-2.6.29.6/drivers/char/agp/intel-agp.c linux-2.6.29.6/drivers/char/agp/intel-agp.c
+--- linux-2.6.29.6/drivers/char/agp/intel-agp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/agp/intel-agp.c	2009-07-23 17:34:32.106888179 -0400
+@@ -2369,7 +2369,7 @@ static struct pci_device_id agp_intel_pc
+ 	ID(PCI_DEVICE_ID_INTEL_Q45_HB),
+ 	ID(PCI_DEVICE_ID_INTEL_G45_HB),
+ 	ID(PCI_DEVICE_ID_INTEL_G41_HB),
+-	{ }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, agp_intel_pci_table);
+diff -urNp linux-2.6.29.6/drivers/char/apm-emulation.c linux-2.6.29.6/drivers/char/apm-emulation.c
+--- linux-2.6.29.6/drivers/char/apm-emulation.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/apm-emulation.c	2009-07-23 18:40:27.609518419 -0400
+@@ -393,7 +393,7 @@ static int apm_open(struct inode * inode
+ 	return as ? 0 : -ENOMEM;
+ }
+ 
+-static struct file_operations apm_bios_fops = {
++static const struct file_operations apm_bios_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.read		= apm_read,
+ 	.poll		= apm_poll,
+diff -urNp linux-2.6.29.6/drivers/char/bfin-otp.c linux-2.6.29.6/drivers/char/bfin-otp.c
+--- linux-2.6.29.6/drivers/char/bfin-otp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/bfin-otp.c	2009-07-23 18:40:27.623278888 -0400
+@@ -133,7 +133,7 @@ static ssize_t bfin_otp_write(struct fil
+ # define bfin_otp_write NULL
+ #endif
+ 
+-static struct file_operations bfin_otp_fops = {
++static const struct file_operations bfin_otp_fops = {
+ 	.owner    = THIS_MODULE,
+ 	.read     = bfin_otp_read,
+ 	.write    = bfin_otp_write,
+diff -urNp linux-2.6.29.6/drivers/char/hpet.c linux-2.6.29.6/drivers/char/hpet.c
+--- linux-2.6.29.6/drivers/char/hpet.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/hpet.c	2009-07-23 17:34:32.107872457 -0400
+@@ -975,7 +975,7 @@ static struct acpi_driver hpet_acpi_driv
+ 		},
+ };
+ 
+-static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops };
++static struct miscdevice hpet_misc = { HPET_MINOR, "hpet", &hpet_fops, {NULL, NULL}, NULL, NULL };
+ 
+ static int __init hpet_init(void)
+ {
+diff -urNp linux-2.6.29.6/drivers/char/ipmi/ipmi_msghandler.c linux-2.6.29.6/drivers/char/ipmi/ipmi_msghandler.c
+--- linux-2.6.29.6/drivers/char/ipmi/ipmi_msghandler.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/ipmi/ipmi_msghandler.c	2009-07-23 17:34:32.108842847 -0400
+@@ -408,7 +408,7 @@ struct ipmi_smi {
+ 	struct proc_dir_entry *proc_dir;
+ 	char                  proc_dir_name[10];
+ 
+-	atomic_t stats[IPMI_NUM_STATS];
++	atomic_unchecked_t stats[IPMI_NUM_STATS];
+ 
+ 	/*
+ 	 * run_to_completion duplicate of smb_info, smi_info
+@@ -441,7 +441,7 @@ static DEFINE_MUTEX(smi_watchers_mutex);
+ 
+ 
+ #define ipmi_inc_stat(intf, stat) \
+-	atomic_inc(&(intf)->stats[IPMI_STAT_ ## stat])
++	atomic_inc_unchecked(&(intf)->stats[IPMI_STAT_ ## stat])
+ #define ipmi_get_stat(intf, stat) \
+ 	((unsigned int) atomic_read(&(intf)->stats[IPMI_STAT_ ## stat]))
+ 
+diff -urNp linux-2.6.29.6/drivers/char/ipmi/ipmi_si_intf.c linux-2.6.29.6/drivers/char/ipmi/ipmi_si_intf.c
+--- linux-2.6.29.6/drivers/char/ipmi/ipmi_si_intf.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/ipmi/ipmi_si_intf.c	2009-07-23 17:34:37.458887026 -0400
+@@ -280,7 +280,7 @@ struct smi_info {
+ 	unsigned char slave_addr;
+ 
+ 	/* Counters and things for the proc filesystem. */
+-	atomic_t stats[SI_NUM_STATS];
++	atomic_unchecked_t stats[SI_NUM_STATS];
+ 
+ 	struct task_struct *thread;
+ 
+@@ -288,7 +288,7 @@ struct smi_info {
+ };
+ 
+ #define smi_inc_stat(smi, stat) \
+-	atomic_inc(&(smi)->stats[SI_STAT_ ## stat])
++	atomic_inc_unchecked(&(smi)->stats[SI_STAT_ ## stat])
+ #define smi_get_stat(smi, stat) \
+ 	((unsigned int) atomic_read(&(smi)->stats[SI_STAT_ ## stat]))
+ 
+diff -urNp linux-2.6.29.6/drivers/char/keyboard.c linux-2.6.29.6/drivers/char/keyboard.c
+--- linux-2.6.29.6/drivers/char/keyboard.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/keyboard.c	2009-07-23 17:34:32.110802772 -0400
+@@ -635,6 +635,16 @@ static void k_spec(struct vc_data *vc, u
+ 	     kbd->kbdmode == VC_MEDIUMRAW) &&
+ 	     value != KVAL(K_SAK))
+ 		return;		/* SAK is allowed even in raw mode */
++
++#if defined(CONFIG_GRKERNSEC_PROC) || defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
++	{
++		void *func = fn_handler[value];
++		if (func == fn_show_state || func == fn_show_ptregs ||
++		    func == fn_show_mem)
++			return;
++	}
++#endif
++
+ 	fn_handler[value](vc);
+ }
+ 
+@@ -1388,7 +1398,7 @@ static const struct input_device_id kbd_
+                 .evbit = { BIT_MASK(EV_SND) },
+         },
+ 
+-	{ },    /* Terminating entry */
++	{ 0 },    /* Terminating entry */
+ };
+ 
+ MODULE_DEVICE_TABLE(input, kbd_ids);
+diff -urNp linux-2.6.29.6/drivers/char/mem.c linux-2.6.29.6/drivers/char/mem.c
+--- linux-2.6.29.6/drivers/char/mem.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/mem.c	2009-07-23 19:28:45.822497906 -0400
+@@ -18,6 +18,7 @@
+ #include <linux/raw.h>
+ #include <linux/tty.h>
+ #include <linux/capability.h>
++#include <linux/security.h>
+ #include <linux/ptrace.h>
+ #include <linux/device.h>
+ #include <linux/highmem.h>
+@@ -35,6 +36,10 @@
+ # include <linux/efi.h>
+ #endif
+ 
++#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
++extern struct file_operations grsec_fops;
++#endif
++
+ /*
+  * Architectures vary in how they handle caching for addresses
+  * outside of main memory.
+@@ -192,6 +197,11 @@ static ssize_t write_mem(struct file * f
+ 	if (!valid_phys_addr_range(p, count))
+ 		return -EFAULT;
+ 
++#ifdef CONFIG_GRKERNSEC_KMEM
++	gr_handle_mem_write();
++	return -EPERM;
++#endif
++
+ 	written = 0;
+ 
+ #ifdef __ARCH_HAS_NO_PAGE_ZERO_MAPPED
+@@ -325,7 +335,7 @@ static void mmap_mem_close(struct vm_are
+ 			vma->vm_page_prot);
+ }
+ 
+-static struct vm_operations_struct mmap_mem_ops = {
++static const struct vm_operations_struct mmap_mem_ops = {
+ 	.open  = mmap_mem_open,
+ 	.close = mmap_mem_close,
+ #ifdef CONFIG_HAVE_IOREMAP_PROT
+@@ -350,6 +360,11 @@ static int mmap_mem(struct file * file, 
+ 						&vma->vm_page_prot))
+ 		return -EINVAL;
+ 
++#ifdef CONFIG_GRKERNSEC_KMEM
++	if (gr_handle_mem_mmap(vma->vm_pgoff << PAGE_SHIFT, vma))
++		return -EPERM;
++#endif
++
+ 	vma->vm_page_prot = phys_mem_access_prot(file, vma->vm_pgoff,
+ 						 size,
+ 						 vma->vm_page_prot);
+@@ -585,6 +600,11 @@ static ssize_t write_kmem(struct file * 
+ 	ssize_t written;
+ 	char * kbuf; /* k-addr because vwrite() takes vmlist_lock rwlock */
+ 
++#ifdef CONFIG_GRKERNSEC_KMEM
++	gr_handle_kmem_write();
++	return -EPERM;
++#endif
++
+ 	if (p < (unsigned long) high_memory) {
+ 
+ 		wrote = count;
+@@ -788,6 +808,16 @@ static loff_t memory_lseek(struct file *
+ 
+ static int open_port(struct inode * inode, struct file * filp)
+ {
++#ifdef CONFIG_GRKERNSEC_KMEM
++	gr_handle_open_port();
++	return -EPERM;
++#endif
++
++	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
++}
++
++static int open_mem(struct inode * inode, struct file * filp)
++{
+ 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
+ }
+ 
+@@ -795,7 +825,6 @@ static int open_port(struct inode * inod
+ #define full_lseek      null_lseek
+ #define write_zero	write_null
+ #define read_full       read_zero
+-#define open_mem	open_port
+ #define open_kmem	open_mem
+ #define open_oldmem	open_mem
+ 
+@@ -935,6 +964,11 @@ static int memory_open(struct inode * in
+ 			filp->f_op = &oldmem_fops;
+ 			break;
+ #endif
++#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
++		case 13:
++			filp->f_op = &grsec_fops;
++			break;
++#endif
+ 		default:
+ 			unlock_kernel();
+ 			return -ENXIO;
+@@ -971,6 +1005,9 @@ static const struct {
+ #ifdef CONFIG_CRASH_DUMP
+ 	{12,"oldmem",    S_IRUSR | S_IWUSR | S_IRGRP, &oldmem_fops},
+ #endif
++#if defined(CONFIG_GRKERNSEC) && !defined(CONFIG_GRKERNSEC_NO_RBAC)
++	{13,"grsec",	S_IRUSR | S_IWUGO,	    &grsec_fops},
++#endif
+ };
+ 
+ static struct class *mem_class;
+diff -urNp linux-2.6.29.6/drivers/char/misc.c linux-2.6.29.6/drivers/char/misc.c
+--- linux-2.6.29.6/drivers/char/misc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/misc.c	2009-07-23 18:40:27.623278888 -0400
+@@ -91,7 +91,7 @@ static int misc_seq_show(struct seq_file
+ }
+ 
+ 
+-static struct seq_operations misc_seq_ops = {
++static const struct seq_operations misc_seq_ops = {
+ 	.start = misc_seq_start,
+ 	.next  = misc_seq_next,
+ 	.stop  = misc_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/char/mspec.c linux-2.6.29.6/drivers/char/mspec.c
+--- linux-2.6.29.6/drivers/char/mspec.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/mspec.c	2009-07-23 18:40:27.630131161 -0400
+@@ -239,7 +239,7 @@ mspec_fault(struct vm_area_struct *vma, 
+ 	return VM_FAULT_NOPAGE;
+ }
+ 
+-static struct vm_operations_struct mspec_vm_ops = {
++static const struct vm_operations_struct mspec_vm_ops = {
+ 	.open = mspec_open,
+ 	.close = mspec_close,
+ 	.fault = mspec_fault,
+diff -urNp linux-2.6.29.6/drivers/char/nvram.c linux-2.6.29.6/drivers/char/nvram.c
+--- linux-2.6.29.6/drivers/char/nvram.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/nvram.c	2009-07-23 17:34:32.110802772 -0400
+@@ -429,7 +429,10 @@ static const struct file_operations nvra
+ static struct miscdevice nvram_dev = {
+ 	NVRAM_MINOR,
+ 	"nvram",
+-	&nvram_fops
++	&nvram_fops,
++	{NULL, NULL},
++	NULL,
++	NULL
+ };
+ 
+ static int __init nvram_init(void)
+diff -urNp linux-2.6.29.6/drivers/char/random.c linux-2.6.29.6/drivers/char/random.c
+--- linux-2.6.29.6/drivers/char/random.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/random.c	2009-07-23 17:34:32.111778535 -0400
+@@ -249,8 +249,13 @@
+ /*
+  * Configuration information
+  */
++#ifdef CONFIG_GRKERNSEC_RANDNET
++#define INPUT_POOL_WORDS 512
++#define OUTPUT_POOL_WORDS 128
++#else
+ #define INPUT_POOL_WORDS 128
+ #define OUTPUT_POOL_WORDS 32
++#endif
+ #define SEC_XFER_SIZE 512
+ 
+ /*
+@@ -287,10 +292,17 @@ static struct poolinfo {
+ 	int poolwords;
+ 	int tap1, tap2, tap3, tap4, tap5;
+ } poolinfo_table[] = {
++#ifdef CONFIG_GRKERNSEC_RANDNET
++	/* x^512 + x^411 + x^308 + x^208 +x^104 + x + 1 -- 225 */
++	{ 512,	411,	308,	208,	104,	1 },
++	/* x^128 + x^103 + x^76 + x^51 + x^25 + x + 1 -- 105 */
++	{ 128,	103,	76,	51,	25,	1 },
++#else
+ 	/* x^128 + x^103 + x^76 + x^51 +x^25 + x + 1 -- 105 */
+ 	{ 128,	103,	76,	51,	25,	1 },
+ 	/* x^32 + x^26 + x^20 + x^14 + x^7 + x + 1 -- 15 */
+ 	{ 32,	26,	20,	14,	7,	1 },
++#endif
+ #if 0
+ 	/* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1  -- 115 */
+ 	{ 2048,	1638,	1231,	819,	411,	1 },
+@@ -1200,7 +1212,7 @@ EXPORT_SYMBOL(generate_random_uuid);
+ #include <linux/sysctl.h>
+ 
+ static int min_read_thresh = 8, min_write_thresh;
+-static int max_read_thresh = INPUT_POOL_WORDS * 32;
++static int max_read_thresh = OUTPUT_POOL_WORDS * 32;
+ static int max_write_thresh = INPUT_POOL_WORDS * 32;
+ static char sysctl_bootid[16];
+ 
+diff -urNp linux-2.6.29.6/drivers/char/tpm/tpm_bios.c linux-2.6.29.6/drivers/char/tpm/tpm_bios.c
+--- linux-2.6.29.6/drivers/char/tpm/tpm_bios.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/tpm/tpm_bios.c	2009-07-23 18:40:27.636145642 -0400
+@@ -343,14 +343,14 @@ static int tpm_ascii_bios_measurements_s
+ 	return 0;
+ }
+ 
+-static struct seq_operations tpm_ascii_b_measurments_seqops = {
++static const struct seq_operations tpm_ascii_b_measurments_seqops = {
+ 	.start = tpm_bios_measurements_start,
+ 	.next = tpm_bios_measurements_next,
+ 	.stop = tpm_bios_measurements_stop,
+ 	.show = tpm_ascii_bios_measurements_show,
+ };
+ 
+-static struct seq_operations tpm_binary_b_measurments_seqops = {
++static const struct seq_operations tpm_binary_b_measurments_seqops = {
+ 	.start = tpm_bios_measurements_start,
+ 	.next = tpm_bios_measurements_next,
+ 	.stop = tpm_bios_measurements_stop,
+diff -urNp linux-2.6.29.6/drivers/char/tty_ldisc.c linux-2.6.29.6/drivers/char/tty_ldisc.c
+--- linux-2.6.29.6/drivers/char/tty_ldisc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/tty_ldisc.c	2009-07-23 17:34:32.112769665 -0400
+@@ -74,7 +74,7 @@ int tty_register_ldisc(int disc, struct 
+ 	spin_lock_irqsave(&tty_ldisc_lock, flags);
+ 	tty_ldiscs[disc] = new_ldisc;
+ 	new_ldisc->num = disc;
+-	new_ldisc->refcount = 0;
++	atomic_set(&new_ldisc->refcount, 0);
+ 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+ 
+ 	return ret;
+@@ -102,7 +102,7 @@ int tty_unregister_ldisc(int disc)
+ 		return -EINVAL;
+ 
+ 	spin_lock_irqsave(&tty_ldisc_lock, flags);
+-	if (tty_ldiscs[disc]->refcount)
++	if (atomic_read(&tty_ldiscs[disc]->refcount))
+ 		ret = -EBUSY;
+ 	else
+ 		tty_ldiscs[disc] = NULL;
+@@ -139,7 +139,7 @@ static int tty_ldisc_try_get(int disc, s
+ 			err = -EAGAIN;
+ 		else {
+ 			/* lock it */
+-			ldops->refcount++;
++			atomic_inc(&ldops->refcount);
+ 			ld->ops = ldops;
+ 			err = 0;
+ 		}
+@@ -196,8 +196,8 @@ static void tty_ldisc_put(struct tty_ldi
+ 
+ 	spin_lock_irqsave(&tty_ldisc_lock, flags);
+ 	ld = tty_ldiscs[disc];
+-	BUG_ON(ld->refcount == 0);
+-	ld->refcount--;
++	BUG_ON(atomic_read(&ld->refcount) == 0);
++	atomic_dec(&ld->refcount);
+ 	module_put(ld->owner);
+ 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+ }
+@@ -264,7 +264,7 @@ const struct file_operations tty_ldiscs_
+ 
+ static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
+ {
+-	ld->refcount = 0;
++	atomic_set(&ld->refcount, 0);
+ 	tty->ldisc = *ld;
+ }
+ 
+@@ -289,7 +289,7 @@ static int tty_ldisc_try(struct tty_stru
+ 	spin_lock_irqsave(&tty_ldisc_lock, flags);
+ 	ld = &tty->ldisc;
+ 	if (test_bit(TTY_LDISC, &tty->flags)) {
+-		ld->refcount++;
++		atomic_inc(&ld->refcount);
+ 		ret = 1;
+ 	}
+ 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+@@ -316,7 +316,7 @@ struct tty_ldisc *tty_ldisc_ref_wait(str
+ {
+ 	/* wait_event is a macro */
+ 	wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
+-	WARN_ON(tty->ldisc.refcount == 0);
++	WARN_ON(atomic_read(&tty->ldisc.refcount) == 0);
+ 	return &tty->ldisc;
+ }
+ 
+@@ -359,11 +359,9 @@ void tty_ldisc_deref(struct tty_ldisc *l
+ 	BUG_ON(ld == NULL);
+ 
+ 	spin_lock_irqsave(&tty_ldisc_lock, flags);
+-	if (ld->refcount == 0)
++	if (!atomic_add_unless(&ld->refcount, -1, 0))
+ 		printk(KERN_ERR "tty_ldisc_deref: no references.\n");
+-	else
+-		ld->refcount--;
+-	if (ld->refcount == 0)
++	if (atomic_read(&ld->refcount) == 0)
+ 		wake_up(&tty_ldisc_wait);
+ 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+ }
+@@ -507,8 +505,8 @@ restart:
+ 		clear_bit(TTY_LDISC, &o_tty->flags);
+ 
+ 	spin_lock_irqsave(&tty_ldisc_lock, flags);
+-	if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
+-		if (tty->ldisc.refcount) {
++	if (atomic_read(&tty->ldisc.refcount) || (o_tty && atomic_read(&o_tty->ldisc.refcount))) {
++		if (atomic_read(&tty->ldisc.refcount)) {
+ 			/* Free the new ldisc we grabbed. Must drop the lock
+ 			   first. */
+ 			spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+@@ -520,14 +518,14 @@ restart:
+ 			 * and retries if we made tty_ldisc_wait() smarter.
+ 			 * That is up for discussion.
+ 			 */
+-			if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
++			if (wait_event_interruptible(tty_ldisc_wait, atomic_read(&tty->ldisc.refcount) == 0) < 0)
+ 				return -ERESTARTSYS;
+ 			goto restart;
+ 		}
+-		if (o_tty && o_tty->ldisc.refcount) {
++		if (o_tty && atomic_read(&o_tty->ldisc.refcount)) {
+ 			spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+ 			tty_ldisc_put(o_tty->ldisc.ops);
+-			if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
++			if (wait_event_interruptible(tty_ldisc_wait, atomic_read(&o_tty->ldisc.refcount) == 0) < 0)
+ 				return -ERESTARTSYS;
+ 			goto restart;
+ 		}
+@@ -670,9 +668,9 @@ void tty_ldisc_release(struct tty_struct
+ 	 * side is zero.
+ 	 */
+ 	spin_lock_irqsave(&tty_ldisc_lock, flags);
+-	while (tty->ldisc.refcount) {
++	while (atomic_read(&tty->ldisc.refcount)) {
+ 		spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+-		wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
++		wait_event(tty_ldisc_wait, atomic_read(&tty->ldisc.refcount) == 0);
+ 		spin_lock_irqsave(&tty_ldisc_lock, flags);
+ 	}
+ 	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
+diff -urNp linux-2.6.29.6/drivers/char/vt_ioctl.c linux-2.6.29.6/drivers/char/vt_ioctl.c
+--- linux-2.6.29.6/drivers/char/vt_ioctl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/vt_ioctl.c	2009-07-23 17:34:32.112769665 -0400
+@@ -96,6 +96,12 @@ do_kdsk_ioctl(int cmd, struct kbentry __
+ 	case KDSKBENT:
+ 		if (!perm)
+ 			return -EPERM;
++
++#ifdef CONFIG_GRKERNSEC
++		if (!capable(CAP_SYS_TTY_CONFIG))
++			return -EPERM;
++#endif
++
+ 		if (!i && v == K_NOSUCHMAP) {
+ 			/* deallocate map */
+ 			key_map = key_maps[s];
+@@ -236,6 +242,13 @@ do_kdgkb_ioctl(int cmd, struct kbsentry 
+ 			goto reterr;
+ 		}
+ 
++#ifdef CONFIG_GRKERNSEC
++		if (!capable(CAP_SYS_TTY_CONFIG)) {
++			ret = -EPERM;
++			goto reterr;
++		}
++#endif
++
+ 		q = func_table[i];
+ 		first_free = funcbufptr + (funcbufsize - funcbufleft);
+ 		for (j = i+1; j < MAX_NR_FUNC && !func_table[j]; j++) 
+diff -urNp linux-2.6.29.6/drivers/char/xilinx_hwicap/xilinx_hwicap.c linux-2.6.29.6/drivers/char/xilinx_hwicap/xilinx_hwicap.c
+--- linux-2.6.29.6/drivers/char/xilinx_hwicap/xilinx_hwicap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/char/xilinx_hwicap/xilinx_hwicap.c	2009-07-23 18:40:27.636398793 -0400
+@@ -559,7 +559,7 @@ static int hwicap_release(struct inode *
+ 	return status;
+ }
+ 
+-static struct file_operations hwicap_fops = {
++static const struct file_operations hwicap_fops = {
+ 	.owner = THIS_MODULE,
+ 	.write = hwicap_write,
+ 	.read = hwicap_read,
+diff -urNp linux-2.6.29.6/drivers/edac/edac_core.h linux-2.6.29.6/drivers/edac/edac_core.h
+--- linux-2.6.29.6/drivers/edac/edac_core.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/edac/edac_core.h	2009-07-23 17:34:32.113723476 -0400
+@@ -85,11 +85,11 @@ extern int edac_debug_level;
+ 
+ #else				/* !CONFIG_EDAC_DEBUG */
+ 
+-#define debugf0( ... )
+-#define debugf1( ... )
+-#define debugf2( ... )
+-#define debugf3( ... )
+-#define debugf4( ... )
++#define debugf0( ... ) do {} while (0)
++#define debugf1( ... ) do {} while (0)
++#define debugf2( ... ) do {} while (0)
++#define debugf3( ... ) do {} while (0)
++#define debugf4( ... ) do {} while (0)
+ 
+ #endif				/* !CONFIG_EDAC_DEBUG */
+ 
+diff -urNp linux-2.6.29.6/drivers/firmware/dmi_scan.c linux-2.6.29.6/drivers/firmware/dmi_scan.c
+--- linux-2.6.29.6/drivers/firmware/dmi_scan.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/firmware/dmi_scan.c	2009-07-23 17:34:32.113723476 -0400
+@@ -389,11 +389,6 @@ void __init dmi_scan_machine(void)
+ 		}
+ 	}
+ 	else {
+-		/*
+-		 * no iounmap() for that ioremap(); it would be a no-op, but
+-		 * it's so early in setup that sucker gets confused into doing
+-		 * what it shouldn't if we actually call it.
+-		 */
+ 		p = dmi_ioremap(0xF0000, 0x10000);
+ 		if (p == NULL)
+ 			goto error;
+diff -urNp linux-2.6.29.6/drivers/gpio/gpiolib.c linux-2.6.29.6/drivers/gpio/gpiolib.c
+--- linux-2.6.29.6/drivers/gpio/gpiolib.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/gpio/gpiolib.c	2009-07-23 18:40:27.648309826 -0400
+@@ -1235,7 +1235,7 @@ static int gpiolib_open(struct inode *in
+ 	return single_open(file, gpiolib_show, NULL);
+ }
+ 
+-static struct file_operations gpiolib_operations = {
++static const struct file_operations gpiolib_operations = {
+ 	.open		= gpiolib_open,
+ 	.read		= seq_read,
+ 	.llseek		= seq_lseek,
+diff -urNp linux-2.6.29.6/drivers/gpu/drm/drm_drv.c linux-2.6.29.6/drivers/gpu/drm/drm_drv.c
+--- linux-2.6.29.6/drivers/gpu/drm/drm_drv.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/gpu/drm/drm_drv.c	2009-07-23 17:34:32.113723476 -0400
+@@ -461,7 +461,7 @@ int drm_ioctl(struct inode *inode, struc
+ 	char *kdata = NULL;
+ 
+ 	atomic_inc(&dev->ioctl_count);
+-	atomic_inc(&dev->counts[_DRM_STAT_IOCTLS]);
++	atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]);
+ 	++file_priv->ioctl_count;
+ 
+ 	DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
+diff -urNp linux-2.6.29.6/drivers/gpu/drm/drm_fops.c linux-2.6.29.6/drivers/gpu/drm/drm_fops.c
+--- linux-2.6.29.6/drivers/gpu/drm/drm_fops.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/gpu/drm/drm_fops.c	2009-07-23 17:34:32.113723476 -0400
+@@ -130,9 +130,9 @@ int drm_open(struct inode *inode, struct
+ 
+ 	retcode = drm_open_helper(inode, filp, dev);
+ 	if (!retcode) {
+-		atomic_inc(&dev->counts[_DRM_STAT_OPENS]);
++		atomic_inc_unchecked(&dev->counts[_DRM_STAT_OPENS]);
+ 		spin_lock(&dev->count_lock);
+-		if (!dev->open_count++) {
++		if (atomic_inc_return(&dev->open_count) == 1) {
+ 			spin_unlock(&dev->count_lock);
+ 			retcode = drm_setup(dev);
+ 			goto out;
+@@ -436,7 +436,7 @@ int drm_release(struct inode *inode, str
+ 
+ 	lock_kernel();
+ 
+-	DRM_DEBUG("open_count = %d\n", dev->open_count);
++	DRM_DEBUG("open_count = %d\n", atomic_read(&dev->open_count));
+ 
+ 	if (dev->driver->preclose)
+ 		dev->driver->preclose(dev, file_priv);
+@@ -448,7 +448,7 @@ int drm_release(struct inode *inode, str
+ 	DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n",
+ 		  task_pid_nr(current),
+ 		  (long)old_encode_dev(file_priv->minor->device),
+-		  dev->open_count);
++		  atomic_read(&dev->open_count));
+ 
+ 	/* if the master has gone away we can't do anything with the lock */
+ 	if (file_priv->minor->master)
+@@ -525,9 +525,9 @@ int drm_release(struct inode *inode, str
+ 	 * End inline drm_release
+ 	 */
+ 
+-	atomic_inc(&dev->counts[_DRM_STAT_CLOSES]);
++	atomic_inc_unchecked(&dev->counts[_DRM_STAT_CLOSES]);
+ 	spin_lock(&dev->count_lock);
+-	if (!--dev->open_count) {
++	if (atomic_dec_and_test(&dev->open_count)) {
+ 		if (atomic_read(&dev->ioctl_count)) {
+ 			DRM_ERROR("Device busy: %d\n",
+ 				  atomic_read(&dev->ioctl_count));
+diff -urNp linux-2.6.29.6/drivers/gpu/drm/drm_lock.c linux-2.6.29.6/drivers/gpu/drm/drm_lock.c
+--- linux-2.6.29.6/drivers/gpu/drm/drm_lock.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/gpu/drm/drm_lock.c	2009-07-23 17:34:32.114929924 -0400
+@@ -87,7 +87,7 @@ int drm_lock(struct drm_device *dev, voi
+ 		if (drm_lock_take(&master->lock, lock->context)) {
+ 			master->lock.file_priv = file_priv;
+ 			master->lock.lock_time = jiffies;
+-			atomic_inc(&dev->counts[_DRM_STAT_LOCKS]);
++			atomic_inc_unchecked(&dev->counts[_DRM_STAT_LOCKS]);
+ 			break;	/* Got lock */
+ 		}
+ 
+@@ -165,7 +165,7 @@ int drm_unlock(struct drm_device *dev, v
+ 		return -EINVAL;
+ 	}
+ 
+-	atomic_inc(&dev->counts[_DRM_STAT_UNLOCKS]);
++	atomic_inc_unchecked(&dev->counts[_DRM_STAT_UNLOCKS]);
+ 
+ 	/* kernel_context_switch isn't used by any of the x86 drm
+ 	 * modules but is required by the Sparc driver.
+diff -urNp linux-2.6.29.6/drivers/gpu/drm/drm_vm.c linux-2.6.29.6/drivers/gpu/drm/drm_vm.c
+--- linux-2.6.29.6/drivers/gpu/drm/drm_vm.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/gpu/drm/drm_vm.c	2009-07-23 18:40:27.661305427 -0400
+@@ -367,28 +367,28 @@ static int drm_vm_sg_fault(struct vm_are
+ }
+ 
+ /** AGP virtual memory operations */
+-static struct vm_operations_struct drm_vm_ops = {
++static const struct vm_operations_struct drm_vm_ops = {
+ 	.fault = drm_vm_fault,
+ 	.open = drm_vm_open,
+ 	.close = drm_vm_close,
+ };
+ 
+ /** Shared virtual memory operations */
+-static struct vm_operations_struct drm_vm_shm_ops = {
++static const struct vm_operations_struct drm_vm_shm_ops = {
+ 	.fault = drm_vm_shm_fault,
+ 	.open = drm_vm_open,
+ 	.close = drm_vm_shm_close,
+ };
+ 
+ /** DMA virtual memory operations */
+-static struct vm_operations_struct drm_vm_dma_ops = {
++static const struct vm_operations_struct drm_vm_dma_ops = {
+ 	.fault = drm_vm_dma_fault,
+ 	.open = drm_vm_open,
+ 	.close = drm_vm_close,
+ };
+ 
+ /** Scatter-gather virtual memory operations */
+-static struct vm_operations_struct drm_vm_sg_ops = {
++static const struct vm_operations_struct drm_vm_sg_ops = {
+ 	.fault = drm_vm_sg_fault,
+ 	.open = drm_vm_open,
+ 	.close = drm_vm_close,
+diff -urNp linux-2.6.29.6/drivers/gpu/drm/i810/i810_dma.c linux-2.6.29.6/drivers/gpu/drm/i810/i810_dma.c
+--- linux-2.6.29.6/drivers/gpu/drm/i810/i810_dma.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/gpu/drm/i810/i810_dma.c	2009-07-23 17:34:32.114929924 -0400
+@@ -954,8 +954,8 @@ static int i810_dma_vertex(struct drm_de
+ 				 dma->buflist[vertex->idx],
+ 				 vertex->discard, vertex->used);
+ 
+-	atomic_add(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
+-	atomic_inc(&dev->counts[_DRM_STAT_DMA]);
++	atomic_add_unchecked(vertex->used, &dev->counts[_DRM_STAT_SECONDARY]);
++	atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
+ 	sarea_priv->last_enqueue = dev_priv->counter - 1;
+ 	sarea_priv->last_dispatch = (int)hw_status[5];
+ 
+@@ -1117,8 +1117,8 @@ static int i810_dma_mc(struct drm_device
+ 	i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used,
+ 			     mc->last_render);
+ 
+-	atomic_add(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
+-	atomic_inc(&dev->counts[_DRM_STAT_DMA]);
++	atomic_add_unchecked(mc->used, &dev->counts[_DRM_STAT_SECONDARY]);
++	atomic_inc_unchecked(&dev->counts[_DRM_STAT_DMA]);
+ 	sarea_priv->last_enqueue = dev_priv->counter - 1;
+ 	sarea_priv->last_dispatch = (int)hw_status[5];
+ 
+diff -urNp linux-2.6.29.6/drivers/gpu/drm/i915/i915_drv.c linux-2.6.29.6/drivers/gpu/drm/i915/i915_drv.c
+--- linux-2.6.29.6/drivers/gpu/drm/i915/i915_drv.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/gpu/drm/i915/i915_drv.c	2009-07-23 18:40:27.674490572 -0400
+@@ -117,7 +117,7 @@ static int i915_resume(struct drm_device
+ 	return ret;
+ }
+ 
+-static struct vm_operations_struct i915_gem_vm_ops = {
++static const struct vm_operations_struct i915_gem_vm_ops = {
+ 	.fault = i915_gem_fault,
+ 	.open = drm_gem_vm_open,
+ 	.close = drm_gem_vm_close,
+diff -urNp linux-2.6.29.6/drivers/hwmon/fschmd.c linux-2.6.29.6/drivers/hwmon/fschmd.c
+--- linux-2.6.29.6/drivers/hwmon/fschmd.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/hwmon/fschmd.c	2009-07-23 18:40:27.674490572 -0400
+@@ -840,7 +840,7 @@ static int watchdog_ioctl(struct inode *
+ 	return ret;
+ }
+ 
+-static struct file_operations watchdog_fops = {
++static const struct file_operations watchdog_fops = {
+ 	.owner = THIS_MODULE,
+ 	.llseek = no_llseek,
+ 	.open = watchdog_open,
+diff -urNp linux-2.6.29.6/drivers/hwmon/fscpos.c linux-2.6.29.6/drivers/hwmon/fscpos.c
+--- linux-2.6.29.6/drivers/hwmon/fscpos.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/hwmon/fscpos.c	2009-07-23 17:34:32.115850370 -0400
+@@ -240,7 +240,6 @@ static ssize_t set_pwm(struct i2c_client
+ 	unsigned long v = simple_strtoul(buf, NULL, 10);
+ 
+ 	/* Range: 0..255 */
+-	if (v < 0) v = 0;
+ 	if (v > 255) v = 255;
+ 
+ 	mutex_lock(&data->update_lock);
+diff -urNp linux-2.6.29.6/drivers/hwmon/k8temp.c linux-2.6.29.6/drivers/hwmon/k8temp.c
+--- linux-2.6.29.6/drivers/hwmon/k8temp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/hwmon/k8temp.c	2009-07-23 17:34:32.115850370 -0400
+@@ -138,7 +138,7 @@ static DEVICE_ATTR(name, S_IRUGO, show_n
+ 
+ static struct pci_device_id k8temp_ids[] = {
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_AMD, PCI_DEVICE_ID_AMD_K8_NB_MISC) },
+-	{ 0 },
++	{ 0, 0, 0, 0, 0, 0, 0 },
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, k8temp_ids);
+diff -urNp linux-2.6.29.6/drivers/hwmon/sis5595.c linux-2.6.29.6/drivers/hwmon/sis5595.c
+--- linux-2.6.29.6/drivers/hwmon/sis5595.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/hwmon/sis5595.c	2009-07-23 17:34:32.115850370 -0400
+@@ -699,7 +699,7 @@ static struct sis5595_data *sis5595_upda
+ 
+ static struct pci_device_id sis5595_pci_ids[] = {
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, sis5595_pci_ids);
+diff -urNp linux-2.6.29.6/drivers/hwmon/via686a.c linux-2.6.29.6/drivers/hwmon/via686a.c
+--- linux-2.6.29.6/drivers/hwmon/via686a.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/hwmon/via686a.c	2009-07-23 17:34:32.116869808 -0400
+@@ -769,7 +769,7 @@ static struct via686a_data *via686a_upda
+ 
+ static struct pci_device_id via686a_pci_ids[] = {
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_82C686_4) },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, via686a_pci_ids);
+diff -urNp linux-2.6.29.6/drivers/hwmon/vt8231.c linux-2.6.29.6/drivers/hwmon/vt8231.c
+--- linux-2.6.29.6/drivers/hwmon/vt8231.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/hwmon/vt8231.c	2009-07-23 17:34:32.116869808 -0400
+@@ -699,7 +699,7 @@ static struct platform_driver vt8231_dri
+ 
+ static struct pci_device_id vt8231_pci_ids[] = {
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_VIA, PCI_DEVICE_ID_VIA_8231_4) },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, vt8231_pci_ids);
+diff -urNp linux-2.6.29.6/drivers/hwmon/w83791d.c linux-2.6.29.6/drivers/hwmon/w83791d.c
+--- linux-2.6.29.6/drivers/hwmon/w83791d.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/hwmon/w83791d.c	2009-07-23 17:34:32.117858467 -0400
+@@ -330,8 +330,8 @@ static int w83791d_detect(struct i2c_cli
+ 			  struct i2c_board_info *info);
+ static int w83791d_remove(struct i2c_client *client);
+ 
+-static int w83791d_read(struct i2c_client *client, u8 register);
+-static int w83791d_write(struct i2c_client *client, u8 register, u8 value);
++static int w83791d_read(struct i2c_client *client, u8 reg);
++static int w83791d_write(struct i2c_client *client, u8 reg, u8 value);
+ static struct w83791d_data *w83791d_update_device(struct device *dev);
+ 
+ #ifdef DEBUG
+diff -urNp linux-2.6.29.6/drivers/i2c/busses/i2c-i801.c linux-2.6.29.6/drivers/i2c/busses/i2c-i801.c
+--- linux-2.6.29.6/drivers/i2c/busses/i2c-i801.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/i2c/busses/i2c-i801.c	2009-07-23 17:34:32.117858467 -0400
+@@ -577,7 +577,7 @@ static struct pci_device_id i801_ids[] =
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_4) },
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_ICH10_5) },
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_PCH_SMBUS) },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE (pci, i801_ids);
+diff -urNp linux-2.6.29.6/drivers/i2c/busses/i2c-piix4.c linux-2.6.29.6/drivers/i2c/busses/i2c-piix4.c
+--- linux-2.6.29.6/drivers/i2c/busses/i2c-piix4.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/i2c/busses/i2c-piix4.c	2009-07-23 17:34:32.118755337 -0400
+@@ -123,7 +123,7 @@ static struct dmi_system_id __devinitdat
+ 		.ident = "IBM",
+ 		.matches = { DMI_MATCH(DMI_SYS_VENDOR, "IBM"), },
+ 	},
+-	{ },
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, NULL)}, NULL },
+ };
+ 
+ static int __devinit piix4_setup(struct pci_dev *PIIX4_dev,
+@@ -423,7 +423,7 @@ static struct pci_device_id piix4_ids[] 
+ 		     PCI_DEVICE_ID_SERVERWORKS_CSB6) },
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_SERVERWORKS,
+ 		     PCI_DEVICE_ID_SERVERWORKS_HT1000SB) },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE (pci, piix4_ids);
+diff -urNp linux-2.6.29.6/drivers/i2c/busses/i2c-sis630.c linux-2.6.29.6/drivers/i2c/busses/i2c-sis630.c
+--- linux-2.6.29.6/drivers/i2c/busses/i2c-sis630.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/i2c/busses/i2c-sis630.c	2009-07-23 17:34:32.118755337 -0400
+@@ -471,7 +471,7 @@ static struct i2c_adapter sis630_adapter
+ static struct pci_device_id sis630_ids[] __devinitdata = {
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_503) },
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_LPC) },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE (pci, sis630_ids);
+diff -urNp linux-2.6.29.6/drivers/i2c/busses/i2c-sis96x.c linux-2.6.29.6/drivers/i2c/busses/i2c-sis96x.c
+--- linux-2.6.29.6/drivers/i2c/busses/i2c-sis96x.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/i2c/busses/i2c-sis96x.c	2009-07-23 17:34:32.118755337 -0400
+@@ -247,7 +247,7 @@ static struct i2c_adapter sis96x_adapter
+ 
+ static struct pci_device_id sis96x_ids[] = {
+ 	{ PCI_DEVICE(PCI_VENDOR_ID_SI, PCI_DEVICE_ID_SI_SMBUS) },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE (pci, sis96x_ids);
+diff -urNp linux-2.6.29.6/drivers/ieee1394/dma.c linux-2.6.29.6/drivers/ieee1394/dma.c
+--- linux-2.6.29.6/drivers/ieee1394/dma.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/dma.c	2009-07-23 18:40:27.685680148 -0400
+@@ -247,7 +247,7 @@ static int dma_region_pagefault(struct v
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct dma_region_vm_ops = {
++static const struct vm_operations_struct dma_region_vm_ops = {
+ 	.fault = dma_region_pagefault,
+ };
+ 
+diff -urNp linux-2.6.29.6/drivers/ieee1394/dv1394.c linux-2.6.29.6/drivers/ieee1394/dv1394.c
+--- linux-2.6.29.6/drivers/ieee1394/dv1394.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/dv1394.c	2009-07-23 17:34:32.119753604 -0400
+@@ -739,7 +739,7 @@ static void frame_prepare(struct video_c
+ 	based upon DIF section and sequence
+ */
+ 
+-static void inline
++static inline void
+ frame_put_packet (struct frame *f, struct packet *p)
+ {
+ 	int section_type = p->data[0] >> 5;           /* section type is in bits 5 - 7 */
+@@ -2181,7 +2181,7 @@ static struct ieee1394_device_id dv1394_
+ 		.specifier_id	= AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
+ 		.version	= AVC_SW_VERSION_ENTRY & 0xffffff
+ 	},
+-	{ }
++	{ 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(ieee1394, dv1394_id_table);
+diff -urNp linux-2.6.29.6/drivers/ieee1394/eth1394.c linux-2.6.29.6/drivers/ieee1394/eth1394.c
+--- linux-2.6.29.6/drivers/ieee1394/eth1394.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/eth1394.c	2009-07-23 17:34:32.119753604 -0400
+@@ -445,7 +445,7 @@ static struct ieee1394_device_id eth1394
+ 		.specifier_id =	ETHER1394_GASP_SPECIFIER_ID,
+ 		.version = ETHER1394_GASP_VERSION,
+ 	},
+-	{}
++	{ 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(ieee1394, eth1394_id_table);
+diff -urNp linux-2.6.29.6/drivers/ieee1394/hosts.c linux-2.6.29.6/drivers/ieee1394/hosts.c
+--- linux-2.6.29.6/drivers/ieee1394/hosts.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/hosts.c	2009-07-23 17:34:32.120767858 -0400
+@@ -78,6 +78,7 @@ static int dummy_isoctl(struct hpsb_iso 
+ }
+ 
+ static struct hpsb_host_driver dummy_driver = {
++	.name =		   "dummy",
+ 	.transmit_packet = dummy_transmit_packet,
+ 	.devctl =	   dummy_devctl,
+ 	.isoctl =	   dummy_isoctl
+diff -urNp linux-2.6.29.6/drivers/ieee1394/ohci1394.c linux-2.6.29.6/drivers/ieee1394/ohci1394.c
+--- linux-2.6.29.6/drivers/ieee1394/ohci1394.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/ohci1394.c	2009-07-23 17:34:32.120767858 -0400
+@@ -147,9 +147,9 @@ printk(level "%s: " fmt "\n" , OHCI1394_
+ printk(level "%s: fw-host%d: " fmt "\n" , OHCI1394_DRIVER_NAME, ohci->host->id , ## args)
+ 
+ /* Module Parameters */
+-static int phys_dma = 1;
++static int phys_dma;
+ module_param(phys_dma, int, 0444);
+-MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 1).");
++MODULE_PARM_DESC(phys_dma, "Enable physical DMA (default = 0).");
+ 
+ static void dma_trm_tasklet(unsigned long data);
+ static void dma_trm_reset(struct dma_trm_ctx *d);
+@@ -3449,7 +3449,7 @@ static struct pci_device_id ohci1394_pci
+ 		.subvendor =	PCI_ANY_ID,
+ 		.subdevice =	PCI_ANY_ID,
+ 	},
+-	{ 0, },
++	{ 0, 0, 0, 0, 0, 0, 0 },
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, ohci1394_pci_tbl);
+diff -urNp linux-2.6.29.6/drivers/ieee1394/raw1394.c linux-2.6.29.6/drivers/ieee1394/raw1394.c
+--- linux-2.6.29.6/drivers/ieee1394/raw1394.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/raw1394.c	2009-07-23 17:34:32.121756795 -0400
+@@ -2995,7 +2995,7 @@ static struct ieee1394_device_id raw1394
+ 	 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
+ 	 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
+ 	 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
+-	{}
++	{ 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
+diff -urNp linux-2.6.29.6/drivers/ieee1394/sbp2.c linux-2.6.29.6/drivers/ieee1394/sbp2.c
+--- linux-2.6.29.6/drivers/ieee1394/sbp2.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/sbp2.c	2009-07-23 17:34:32.122774195 -0400
+@@ -290,7 +290,7 @@ static struct ieee1394_device_id sbp2_id
+ 	 .match_flags	= IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
+ 	 .specifier_id	= SBP2_UNIT_SPEC_ID_ENTRY & 0xffffff,
+ 	 .version	= SBP2_SW_VERSION_ENTRY & 0xffffff},
+-	{}
++	{ 0, 0, 0, 0, 0, 0 }
+ };
+ MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);
+ 
+@@ -2112,7 +2112,7 @@ MODULE_DESCRIPTION("IEEE-1394 SBP-2 prot
+ MODULE_SUPPORTED_DEVICE(SBP2_DEVICE_NAME);
+ MODULE_LICENSE("GPL");
+ 
+-static int sbp2_module_init(void)
++static int __init sbp2_module_init(void)
+ {
+ 	int ret;
+ 
+diff -urNp linux-2.6.29.6/drivers/ieee1394/video1394.c linux-2.6.29.6/drivers/ieee1394/video1394.c
+--- linux-2.6.29.6/drivers/ieee1394/video1394.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/ieee1394/video1394.c	2009-07-23 17:34:32.123823981 -0400
+@@ -1310,7 +1310,7 @@ static struct ieee1394_device_id video13
+                 .specifier_id   = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
+                 .version        = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff
+         },
+-	{ }
++	{ 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(ieee1394, video1394_id_table);
+diff -urNp linux-2.6.29.6/drivers/infiniband/hw/ehca/ehca_uverbs.c linux-2.6.29.6/drivers/infiniband/hw/ehca/ehca_uverbs.c
+--- linux-2.6.29.6/drivers/infiniband/hw/ehca/ehca_uverbs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/infiniband/hw/ehca/ehca_uverbs.c	2009-07-23 18:40:27.691179918 -0400
+@@ -95,7 +95,7 @@ static void ehca_mm_close(struct vm_area
+ 		     vma->vm_start, vma->vm_end, *count);
+ }
+ 
+-static struct vm_operations_struct vm_ops = {
++static const struct vm_operations_struct vm_ops = {
+ 	.open =	ehca_mm_open,
+ 	.close = ehca_mm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_file_ops.c linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_file_ops.c
+--- linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_file_ops.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_file_ops.c	2009-07-23 18:40:27.711522279 -0400
+@@ -1151,7 +1151,7 @@ static int ipath_file_vma_fault(struct v
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct ipath_file_vm_ops = {
++static const struct vm_operations_struct ipath_file_vm_ops = {
+ 	.fault = ipath_file_vma_fault,
+ };
+ 
+diff -urNp linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_mmap.c linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_mmap.c
+--- linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_mmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/infiniband/hw/ipath/ipath_mmap.c	2009-07-23 18:40:27.724998803 -0400
+@@ -74,7 +74,7 @@ static void ipath_vma_close(struct vm_ar
+ 	kref_put(&ip->ref, ipath_release_mmap_info);
+ }
+ 
+-static struct vm_operations_struct ipath_vm_ops = {
++static const struct vm_operations_struct ipath_vm_ops = {
+ 	.open =     ipath_vma_open,
+ 	.close =    ipath_vma_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/input/keyboard/atkbd.c linux-2.6.29.6/drivers/input/keyboard/atkbd.c
+--- linux-2.6.29.6/drivers/input/keyboard/atkbd.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/input/keyboard/atkbd.c	2009-07-23 17:34:32.123823981 -0400
+@@ -1166,7 +1166,7 @@ static struct serio_device_id atkbd_seri
+ 		.id	= SERIO_ANY,
+ 		.extra	= SERIO_ANY,
+ 	},
+-	{ 0 }
++	{ 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(serio, atkbd_serio_ids);
+diff -urNp linux-2.6.29.6/drivers/input/mouse/lifebook.c linux-2.6.29.6/drivers/input/mouse/lifebook.c
+--- linux-2.6.29.6/drivers/input/mouse/lifebook.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/input/mouse/lifebook.c	2009-07-23 17:34:32.124774542 -0400
+@@ -110,7 +110,7 @@ static const struct dmi_system_id lifebo
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "LifeBook B142"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL}
+ };
+ 
+ static psmouse_ret_t lifebook_process_byte(struct psmouse *psmouse)
+diff -urNp linux-2.6.29.6/drivers/input/mouse/psmouse-base.c linux-2.6.29.6/drivers/input/mouse/psmouse-base.c
+--- linux-2.6.29.6/drivers/input/mouse/psmouse-base.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/input/mouse/psmouse-base.c	2009-07-23 17:34:32.124774542 -0400
+@@ -1378,7 +1378,7 @@ static struct serio_device_id psmouse_se
+ 		.id	= SERIO_ANY,
+ 		.extra	= SERIO_ANY,
+ 	},
+-	{ 0 }
++	{ 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(serio, psmouse_serio_ids);
+diff -urNp linux-2.6.29.6/drivers/input/mouse/synaptics.c linux-2.6.29.6/drivers/input/mouse/synaptics.c
+--- linux-2.6.29.6/drivers/input/mouse/synaptics.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/input/mouse/synaptics.c	2009-07-23 17:34:32.124774542 -0400
+@@ -412,7 +412,7 @@ static void synaptics_process_packet(str
+ 				break;
+ 			case 2:
+ 				if (SYN_MODEL_PEN(priv->model_id))
+-					;   /* Nothing, treat a pen as a single finger */
++					break;   /* Nothing, treat a pen as a single finger */
+ 				break;
+ 			case 4 ... 15:
+ 				if (SYN_CAP_PALMDETECT(priv->capabilities))
+@@ -625,7 +625,7 @@ static const struct dmi_system_id toshib
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "PORTEGE M300"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ #endif
+ 
+diff -urNp linux-2.6.29.6/drivers/input/mousedev.c linux-2.6.29.6/drivers/input/mousedev.c
+--- linux-2.6.29.6/drivers/input/mousedev.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/input/mousedev.c	2009-07-23 17:34:32.125938815 -0400
+@@ -1062,7 +1062,7 @@ static struct input_handler mousedev_han
+ 
+ #ifdef CONFIG_INPUT_MOUSEDEV_PSAUX
+ static struct miscdevice psaux_mouse = {
+-	PSMOUSE_MINOR, "psaux", &mousedev_fops
++	PSMOUSE_MINOR, "psaux", &mousedev_fops, {NULL, NULL}, NULL, NULL
+ };
+ static int psaux_registered;
+ #endif
+diff -urNp linux-2.6.29.6/drivers/input/serio/i8042-x86ia64io.h linux-2.6.29.6/drivers/input/serio/i8042-x86ia64io.h
+--- linux-2.6.29.6/drivers/input/serio/i8042-x86ia64io.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/input/serio/i8042-x86ia64io.h	2009-07-23 17:34:32.125938815 -0400
+@@ -151,7 +151,7 @@ static struct dmi_system_id __initdata i
+ 			DMI_MATCH(DMI_PRODUCT_VERSION, "01"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ 
+ /*
+@@ -366,7 +366,7 @@ static struct dmi_system_id __initdata i
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "Vostro1510"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ 
+ #ifdef CONFIG_PNP
+@@ -378,7 +378,7 @@ static struct dmi_system_id __initdata i
+ 			DMI_MATCH(DMI_BOARD_VENDOR, "Intel Corporation"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ #endif
+ 
+@@ -445,7 +445,7 @@ static struct dmi_system_id __initdata i
+ 			DMI_MATCH(DMI_PRODUCT_NAME, "TravelMate 4280"),
+ 		},
+ 	},
+-	{ }
++	{ NULL, NULL, {DMI_MATCH(DMI_NONE, {0})}, NULL }
+ };
+ 
+ #endif /* CONFIG_X86 */
+diff -urNp linux-2.6.29.6/drivers/input/serio/serio_raw.c linux-2.6.29.6/drivers/input/serio/serio_raw.c
+--- linux-2.6.29.6/drivers/input/serio/serio_raw.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/input/serio/serio_raw.c	2009-07-23 17:34:32.126724952 -0400
+@@ -378,7 +378,7 @@ static struct serio_device_id serio_raw_
+ 		.id	= SERIO_ANY,
+ 		.extra	= SERIO_ANY,
+ 	},
+-	{ 0 }
++	{ 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(serio, serio_raw_serio_ids);
+diff -urNp linux-2.6.29.6/drivers/isdn/capi/kcapi_proc.c linux-2.6.29.6/drivers/isdn/capi/kcapi_proc.c
+--- linux-2.6.29.6/drivers/isdn/capi/kcapi_proc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/isdn/capi/kcapi_proc.c	2009-07-23 18:40:27.725292323 -0400
+@@ -89,14 +89,14 @@ static int contrstats_show(struct seq_fi
+ 	return 0;
+ }
+ 
+-static struct seq_operations seq_controller_ops = {
++static const struct seq_operations seq_controller_ops = {
+ 	.start	= controller_start,
+ 	.next	= controller_next,
+ 	.stop	= controller_stop,
+ 	.show	= controller_show,
+ };
+ 
+-static struct seq_operations seq_contrstats_ops = {
++static const struct seq_operations seq_contrstats_ops = {
+ 	.start	= controller_start,
+ 	.next	= controller_next,
+ 	.stop	= controller_stop,
+@@ -194,14 +194,14 @@ applstats_show(struct seq_file *seq, voi
+ 	return 0;
+ }
+ 
+-static struct seq_operations seq_applications_ops = {
++static const struct seq_operations seq_applications_ops = {
+ 	.start	= applications_start,
+ 	.next	= applications_next,
+ 	.stop	= applications_stop,
+ 	.show	= applications_show,
+ };
+ 
+-static struct seq_operations seq_applstats_ops = {
++static const struct seq_operations seq_applstats_ops = {
+ 	.start	= applications_start,
+ 	.next	= applications_next,
+ 	.stop	= applications_stop,
+@@ -262,7 +262,7 @@ static int capi_driver_show(struct seq_f
+ 	return 0;
+ }
+ 
+-static struct seq_operations seq_capi_driver_ops = {
++static const struct seq_operations seq_capi_driver_ops = {
+ 	.start	= capi_driver_start,
+ 	.next	= capi_driver_next,
+ 	.stop	= capi_driver_stop,
+diff -urNp linux-2.6.29.6/drivers/isdn/mISDN/timerdev.c linux-2.6.29.6/drivers/isdn/mISDN/timerdev.c
+--- linux-2.6.29.6/drivers/isdn/mISDN/timerdev.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/isdn/mISDN/timerdev.c	2009-07-23 18:40:27.725292323 -0400
+@@ -260,7 +260,7 @@ mISDN_ioctl(struct inode *inode, struct 
+ 	return ret;
+ }
+ 
+-static struct file_operations mISDN_fops = {
++static const struct file_operations mISDN_fops = {
+ 	.read		= mISDN_read,
+ 	.poll		= mISDN_poll,
+ 	.ioctl		= mISDN_ioctl,
+diff -urNp linux-2.6.29.6/drivers/lguest/core.c linux-2.6.29.6/drivers/lguest/core.c
+--- linux-2.6.29.6/drivers/lguest/core.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/lguest/core.c	2009-07-23 17:34:32.126724952 -0400
+@@ -80,9 +80,17 @@ static __init int map_switcher(void)
+ 	 * (SWITCHER_ADDR).  We might not get it in theory, but in practice
+ 	 * it's worked so far.  The end address needs +1 because __get_vm_area
+ 	 * allocates an extra guard page, so we need space for that. */
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++	switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
++				     VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR
++				     + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
++#else
+ 	switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
+ 				     VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR
+ 				     + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
++#endif
++
+ 	if (!switcher_vma) {
+ 		err = -ENOMEM;
+ 		printk("lguest: could not map switcher pages high\n");
+diff -urNp linux-2.6.29.6/drivers/lguest/lguest_user.c linux-2.6.29.6/drivers/lguest/lguest_user.c
+--- linux-2.6.29.6/drivers/lguest/lguest_user.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/lguest/lguest_user.c	2009-07-23 18:40:27.725292323 -0400
+@@ -329,7 +329,7 @@ static int close(struct inode *inode, st
+  * We begin our understanding with the Host kernel interface which the Launcher
+  * uses: reading and writing a character device called /dev/lguest.  All the
+  * work happens in the read(), write() and close() routines: */
+-static struct file_operations lguest_fops = {
++static const struct file_operations lguest_fops = {
+ 	.owner	 = THIS_MODULE,
+ 	.release = close,
+ 	.write	 = write,
+diff -urNp linux-2.6.29.6/drivers/md/bitmap.c linux-2.6.29.6/drivers/md/bitmap.c
+--- linux-2.6.29.6/drivers/md/bitmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/md/bitmap.c	2009-07-23 17:34:32.126724952 -0400
+@@ -57,7 +57,7 @@
+ #  if DEBUG > 0
+ #    define PRINTK(x...) printk(KERN_DEBUG x)
+ #  else
+-#    define PRINTK(x...)
++#    define PRINTK(x...) do {} while (0)
+ #  endif
+ #endif
+ 
+diff -urNp linux-2.6.29.6/drivers/md/md.c linux-2.6.29.6/drivers/md/md.c
+--- linux-2.6.29.6/drivers/md/md.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/md/md.c	2009-07-23 18:40:27.467400762 -0400
+@@ -5637,7 +5637,7 @@ static int md_seq_show(struct seq_file *
+ 				chunk_kb ? "KB" : "B");
+ 			if (bitmap->file) {
+ 				seq_printf(seq, ", file: ");
+-				seq_path(seq, &bitmap->file->f_path, " \t\n");
++				seq_path(seq, &bitmap->file->f_path, " \t\n\\");
+ 			}
+ 
+ 			seq_printf(seq, "\n");
+@@ -5651,7 +5651,7 @@ static int md_seq_show(struct seq_file *
+ 	return 0;
+ }
+ 
+-static struct seq_operations md_seq_ops = {
++static const struct seq_operations md_seq_ops = {
+ 	.start  = md_seq_start,
+ 	.next   = md_seq_next,
+ 	.stop   = md_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/media/video/cafe_ccic.c linux-2.6.29.6/drivers/media/video/cafe_ccic.c
+--- linux-2.6.29.6/drivers/media/video/cafe_ccic.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/cafe_ccic.c	2009-07-23 18:40:27.758392151 -0400
+@@ -1428,7 +1428,7 @@ static void cafe_v4l_vm_close(struct vm_
+ 	mutex_unlock(&sbuf->cam->s_mutex);
+ }
+ 
+-static struct vm_operations_struct cafe_v4l_vm_ops = {
++static const struct vm_operations_struct cafe_v4l_vm_ops = {
+ 	.open = cafe_v4l_vm_open,
+ 	.close = cafe_v4l_vm_close
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/et61x251/et61x251_core.c linux-2.6.29.6/drivers/media/video/et61x251/et61x251_core.c
+--- linux-2.6.29.6/drivers/media/video/et61x251/et61x251_core.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/et61x251/et61x251_core.c	2009-07-23 18:40:27.771668760 -0400
+@@ -1494,7 +1494,7 @@ static void et61x251_vm_close(struct vm_
+ }
+ 
+ 
+-static struct vm_operations_struct et61x251_vm_ops = {
++static const struct vm_operations_struct et61x251_vm_ops = {
+ 	.open = et61x251_vm_open,
+ 	.close = et61x251_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/gspca/gspca.c linux-2.6.29.6/drivers/media/video/gspca/gspca.c
+--- linux-2.6.29.6/drivers/media/video/gspca/gspca.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/gspca/gspca.c	2009-07-23 18:40:27.778527732 -0400
+@@ -98,7 +98,7 @@ static void gspca_vm_close(struct vm_are
+ 		frame->v4l2_buf.flags &= ~V4L2_BUF_FLAG_MAPPED;
+ }
+ 
+-static struct vm_operations_struct gspca_vm_ops = {
++static const struct vm_operations_struct gspca_vm_ops = {
+ 	.open		= gspca_vm_open,
+ 	.close		= gspca_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/meye.c linux-2.6.29.6/drivers/media/video/meye.c
+--- linux-2.6.29.6/drivers/media/video/meye.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/meye.c	2009-07-23 18:40:27.788416673 -0400
+@@ -1628,7 +1628,7 @@ static void meye_vm_close(struct vm_area
+ 	meye.vma_use_count[idx]--;
+ }
+ 
+-static struct vm_operations_struct meye_vm_ops = {
++static const struct vm_operations_struct meye_vm_ops = {
+ 	.open		= meye_vm_open,
+ 	.close		= meye_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/sn9c102/sn9c102_core.c linux-2.6.29.6/drivers/media/video/sn9c102/sn9c102_core.c
+--- linux-2.6.29.6/drivers/media/video/sn9c102/sn9c102_core.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/sn9c102/sn9c102_core.c	2009-07-23 18:40:27.796800559 -0400
+@@ -2075,7 +2075,7 @@ static void sn9c102_vm_close(struct vm_a
+ }
+ 
+ 
+-static struct vm_operations_struct sn9c102_vm_ops = {
++static const struct vm_operations_struct sn9c102_vm_ops = {
+ 	.open = sn9c102_vm_open,
+ 	.close = sn9c102_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/stk-webcam.c linux-2.6.29.6/drivers/media/video/stk-webcam.c
+--- linux-2.6.29.6/drivers/media/video/stk-webcam.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/stk-webcam.c	2009-07-23 18:40:27.803525619 -0400
+@@ -789,7 +789,7 @@ static void stk_v4l_vm_close(struct vm_a
+ 	if (sbuf->mapcount == 0)
+ 		sbuf->v4lbuf.flags &= ~V4L2_BUF_FLAG_MAPPED;
+ }
+-static struct vm_operations_struct stk_v4l_vm_ops = {
++static const struct vm_operations_struct stk_v4l_vm_ops = {
+ 	.open = stk_v4l_vm_open,
+ 	.close = stk_v4l_vm_close
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/uvc/uvc_v4l2.c linux-2.6.29.6/drivers/media/video/uvc/uvc_v4l2.c
+--- linux-2.6.29.6/drivers/media/video/uvc/uvc_v4l2.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/uvc/uvc_v4l2.c	2009-07-23 18:40:27.817489179 -0400
+@@ -1030,7 +1030,7 @@ static void uvc_vm_close(struct vm_area_
+ 	buffer->vma_use_count--;
+ }
+ 
+-static struct vm_operations_struct uvc_vm_ops = {
++static const struct vm_operations_struct uvc_vm_ops = {
+ 	.open		= uvc_vm_open,
+ 	.close		= uvc_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/videobuf-dma-contig.c linux-2.6.29.6/drivers/media/video/videobuf-dma-contig.c
+--- linux-2.6.29.6/drivers/media/video/videobuf-dma-contig.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/videobuf-dma-contig.c	2009-07-23 18:40:27.828475979 -0400
+@@ -103,7 +103,7 @@ static void videobuf_vm_close(struct vm_
+ 	}
+ }
+ 
+-static struct vm_operations_struct videobuf_vm_ops = {
++static const struct vm_operations_struct videobuf_vm_ops = {
+ 	.open     = videobuf_vm_open,
+ 	.close    = videobuf_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/vino.c linux-2.6.29.6/drivers/media/video/vino.c
+--- linux-2.6.29.6/drivers/media/video/vino.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/vino.c	2009-07-23 18:40:27.838748348 -0400
+@@ -4088,7 +4088,7 @@ static void vino_vm_close(struct vm_area
+ 	dprintk("vino_vm_close(): count = %d\n", fb->map_count);
+ }
+ 
+-static struct vm_operations_struct vino_vm_ops = {
++static const struct vm_operations_struct vino_vm_ops = {
+ 	.open	= vino_vm_open,
+ 	.close	= vino_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/zc0301/zc0301_core.c linux-2.6.29.6/drivers/media/video/zc0301/zc0301_core.c
+--- linux-2.6.29.6/drivers/media/video/zc0301/zc0301_core.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/zc0301/zc0301_core.c	2009-07-23 18:40:27.845358958 -0400
+@@ -933,7 +933,7 @@ static void zc0301_vm_close(struct vm_ar
+ }
+ 
+ 
+-static struct vm_operations_struct zc0301_vm_ops = {
++static const struct vm_operations_struct zc0301_vm_ops = {
+ 	.open = zc0301_vm_open,
+ 	.close = zc0301_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/media/video/zoran/zoran_driver.c linux-2.6.29.6/drivers/media/video/zoran/zoran_driver.c
+--- linux-2.6.29.6/drivers/media/video/zoran/zoran_driver.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/media/video/zoran/zoran_driver.c	2009-07-23 18:40:27.858649863 -0400
+@@ -4359,7 +4359,7 @@ zoran_vm_close (struct vm_area_struct *v
+ 	}
+ }
+ 
+-static struct vm_operations_struct zoran_vm_ops = {
++static const struct vm_operations_struct zoran_vm_ops = {
+ 	.open = zoran_vm_open,
+ 	.close = zoran_vm_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/misc/ibmasm/ibmasmfs.c linux-2.6.29.6/drivers/misc/ibmasm/ibmasmfs.c
+--- linux-2.6.29.6/drivers/misc/ibmasm/ibmasmfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/misc/ibmasm/ibmasmfs.c	2009-07-23 18:40:27.864885246 -0400
+@@ -97,7 +97,7 @@ static int ibmasmfs_get_super(struct fil
+ 	return get_sb_single(fst, flags, data, ibmasmfs_fill_super, mnt);
+ }
+ 
+-static struct super_operations ibmasmfs_s_ops = {
++static const struct super_operations ibmasmfs_s_ops = {
+ 	.statfs		= simple_statfs,
+ 	.drop_inode	= generic_delete_inode,
+ };
+diff -urNp linux-2.6.29.6/drivers/misc/phantom.c linux-2.6.29.6/drivers/misc/phantom.c
+--- linux-2.6.29.6/drivers/misc/phantom.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/misc/phantom.c	2009-07-23 18:40:27.874264006 -0400
+@@ -271,7 +271,7 @@ static unsigned int phantom_poll(struct 
+ 	return mask;
+ }
+ 
+-static struct file_operations phantom_file_ops = {
++static const struct file_operations phantom_file_ops = {
+ 	.open = phantom_open,
+ 	.release = phantom_release,
+ 	.unlocked_ioctl = phantom_ioctl,
+diff -urNp linux-2.6.29.6/drivers/misc/sgi-gru/grufile.c linux-2.6.29.6/drivers/misc/sgi-gru/grufile.c
+--- linux-2.6.29.6/drivers/misc/sgi-gru/grufile.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/misc/sgi-gru/grufile.c	2009-07-23 18:40:27.879624060 -0400
+@@ -63,7 +63,7 @@ struct gru_stats_s gru_stats;
+ /* Guaranteed user available resources on each node */
+ static int max_user_cbrs, max_user_dsr_bytes;
+ 
+-static struct file_operations gru_fops;
++static const struct file_operations gru_fops;
+ static struct miscdevice gru_miscdev;
+ 
+ 
+@@ -464,7 +464,7 @@ static void __exit gru_exit(void)
+ 	gru_proc_exit();
+ }
+ 
+-static struct file_operations gru_fops = {
++static const struct file_operations gru_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.unlocked_ioctl	= gru_file_unlocked_ioctl,
+ 	.mmap		= gru_file_mmap,
+@@ -476,7 +476,7 @@ static struct miscdevice gru_miscdev = {
+ 	.fops		= &gru_fops,
+ };
+ 
+-struct vm_operations_struct gru_vm_ops = {
++struct const vm_operations_struct gru_vm_ops = {
+ 	.close		= gru_vma_close,
+ 	.fault		= gru_fault,
+ };
+diff -urNp linux-2.6.29.6/drivers/mtd/devices/doc2000.c linux-2.6.29.6/drivers/mtd/devices/doc2000.c
+--- linux-2.6.29.6/drivers/mtd/devices/doc2000.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/mtd/devices/doc2000.c	2009-07-23 17:34:32.128864545 -0400
+@@ -777,7 +777,7 @@ static int doc_write(struct mtd_info *mt
+ 
+ 		/* The ECC will not be calculated correctly if less than 512 is written */
+ /* DBB-
+-		if (len != 0x200 && eccbuf)
++		if (len != 0x200)
+ 			printk(KERN_WARNING
+ 			       "ECC needs a full sector write (adr: %lx size %lx)\n",
+ 			       (long) to, (long) len);
+diff -urNp linux-2.6.29.6/drivers/mtd/devices/doc2001.c linux-2.6.29.6/drivers/mtd/devices/doc2001.c
+--- linux-2.6.29.6/drivers/mtd/devices/doc2001.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/mtd/devices/doc2001.c	2009-07-23 17:34:32.128864545 -0400
+@@ -396,6 +396,8 @@ static int doc_read (struct mtd_info *mt
+ 	/* Don't allow read past end of device */
+ 	if (from >= this->totlen)
+ 		return -EINVAL;
++	if (!len)
++		return -EINVAL;
+ 
+ 	/* Don't allow a single read to cross a 512-byte block boundary */
+ 	if (from + len > ((from | 0x1ff) + 1))
+diff -urNp linux-2.6.29.6/drivers/mtd/ubi/build.c linux-2.6.29.6/drivers/mtd/ubi/build.c
+--- linux-2.6.29.6/drivers/mtd/ubi/build.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/mtd/ubi/build.c	2009-07-23 17:34:32.128864545 -0400
+@@ -1112,7 +1112,7 @@ static int __init bytes_str_to_int(const
+ 	unsigned long result;
+ 
+ 	result = simple_strtoul(str, &endp, 0);
+-	if (str == endp || result < 0) {
++	if (str == endp) {
+ 		printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n",
+ 		       str);
+ 		return -EINVAL;
+diff -urNp linux-2.6.29.6/drivers/net/bonding/bond_main.c linux-2.6.29.6/drivers/net/bonding/bond_main.c
+--- linux-2.6.29.6/drivers/net/bonding/bond_main.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/bonding/bond_main.c	2009-07-23 18:40:27.880597977 -0400
+@@ -3368,7 +3368,7 @@ static int bond_info_seq_show(struct seq
+ 	return 0;
+ }
+ 
+-static struct seq_operations bond_info_seq_ops = {
++static const struct seq_operations bond_info_seq_ops = {
+ 	.start = bond_info_seq_start,
+ 	.next  = bond_info_seq_next,
+ 	.stop  = bond_info_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/net/hamradio/bpqether.c linux-2.6.29.6/drivers/net/hamradio/bpqether.c
+--- linux-2.6.29.6/drivers/net/hamradio/bpqether.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/hamradio/bpqether.c	2009-07-23 18:40:27.886801730 -0400
+@@ -454,7 +454,7 @@ static int bpq_seq_show(struct seq_file 
+ 	return 0;
+ }
+ 
+-static struct seq_operations bpq_seqops = {
++static const struct seq_operations bpq_seqops = {
+ 	.start = bpq_seq_start,
+ 	.next = bpq_seq_next,
+ 	.stop = bpq_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/net/hamradio/scc.c linux-2.6.29.6/drivers/net/hamradio/scc.c
+--- linux-2.6.29.6/drivers/net/hamradio/scc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/hamradio/scc.c	2009-07-23 18:40:27.887355447 -0400
+@@ -2073,7 +2073,7 @@ static int scc_net_seq_show(struct seq_f
+         return 0;
+ }
+ 
+-static struct seq_operations scc_net_seq_ops = {
++static const struct seq_operations scc_net_seq_ops = {
+ 	.start  = scc_net_seq_start,
+ 	.next   = scc_net_seq_next,
+ 	.stop   = scc_net_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/net/hamradio/yam.c linux-2.6.29.6/drivers/net/hamradio/yam.c
+--- linux-2.6.29.6/drivers/net/hamradio/yam.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/hamradio/yam.c	2009-07-23 18:40:27.889386996 -0400
+@@ -787,7 +787,7 @@ static int yam_seq_show(struct seq_file 
+ 	return 0;
+ }
+ 
+-static struct seq_operations yam_seqops = {
++static const struct seq_operations yam_seqops = {
+ 	.start = yam_seq_start,
+ 	.next = yam_seq_next,
+ 	.stop = yam_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/net/irda/vlsi_ir.c linux-2.6.29.6/drivers/net/irda/vlsi_ir.c
+--- linux-2.6.29.6/drivers/net/irda/vlsi_ir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/irda/vlsi_ir.c	2009-07-23 17:34:32.129778413 -0400
+@@ -906,13 +906,12 @@ static int vlsi_hard_start_xmit(struct s
+ 			/* no race - tx-ring already empty */
+ 			vlsi_set_baud(idev, iobase);
+ 			netif_wake_queue(ndev);
+-		}
+-		else
+-			;
++		} else {
+ 			/* keep the speed change pending like it would
+ 			 * for any len>0 packet. tx completion interrupt
+ 			 * will apply it when the tx ring becomes empty.
+ 			 */
++		}
+ 		spin_unlock_irqrestore(&idev->lock, flags);
+ 		dev_kfree_skb_any(skb);
+ 		return 0;
+diff -urNp linux-2.6.29.6/drivers/net/pcnet32.c linux-2.6.29.6/drivers/net/pcnet32.c
+--- linux-2.6.29.6/drivers/net/pcnet32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/pcnet32.c	2009-07-23 17:34:32.129778413 -0400
+@@ -78,7 +78,7 @@ static int cards_found;
+ /*
+  * VLB I/O addresses
+  */
+-static unsigned int pcnet32_portlist[] __initdata =
++static unsigned int pcnet32_portlist[] __devinitdata =
+     { 0x300, 0x320, 0x340, 0x360, 0 };
+ 
+ static int pcnet32_debug = 0;
+diff -urNp linux-2.6.29.6/drivers/net/pppoe.c linux-2.6.29.6/drivers/net/pppoe.c
+--- linux-2.6.29.6/drivers/net/pppoe.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/pppoe.c	2009-07-23 18:40:27.897571007 -0400
+@@ -1030,7 +1030,7 @@ static void pppoe_seq_stop(struct seq_fi
+ 	read_unlock_bh(&pppoe_hash_lock);
+ }
+ 
+-static struct seq_operations pppoe_seq_ops = {
++static const struct seq_operations pppoe_seq_ops = {
+ 	.start		= pppoe_seq_start,
+ 	.next		= pppoe_seq_next,
+ 	.stop		= pppoe_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/net/pppol2tp.c linux-2.6.29.6/drivers/net/pppol2tp.c
+--- linux-2.6.29.6/drivers/net/pppol2tp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/pppol2tp.c	2009-07-23 18:40:27.913336405 -0400
+@@ -2517,7 +2517,7 @@ out:
+ 	return 0;
+ }
+ 
+-static struct seq_operations pppol2tp_seq_ops = {
++static const struct seq_operations pppol2tp_seq_ops = {
+ 	.start		= pppol2tp_seq_start,
+ 	.next		= pppol2tp_seq_next,
+ 	.stop		= pppol2tp_seq_stop,
+@@ -2565,7 +2565,7 @@ static int pppol2tp_proc_release(struct 
+ 	return seq_release(inode, file);
+ }
+ 
+-static struct file_operations pppol2tp_proc_fops = {
++static const struct file_operations pppol2tp_proc_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.open		= pppol2tp_proc_open,
+ 	.read		= seq_read,
+diff -urNp linux-2.6.29.6/drivers/net/tg3.h linux-2.6.29.6/drivers/net/tg3.h
+--- linux-2.6.29.6/drivers/net/tg3.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/tg3.h	2009-07-23 17:34:32.130708691 -0400
+@@ -89,6 +89,7 @@
+ #define  CHIPREV_ID_5750_A0		 0x4000
+ #define  CHIPREV_ID_5750_A1		 0x4001
+ #define  CHIPREV_ID_5750_A3		 0x4003
++#define  CHIPREV_ID_5750_C1		 0x4201
+ #define  CHIPREV_ID_5750_C2		 0x4202
+ #define  CHIPREV_ID_5752_A0_HW		 0x5000
+ #define  CHIPREV_ID_5752_A0		 0x6000
+diff -urNp linux-2.6.29.6/drivers/net/wireless/ath5k/debug.c linux-2.6.29.6/drivers/net/wireless/ath5k/debug.c
+--- linux-2.6.29.6/drivers/net/wireless/ath5k/debug.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/wireless/ath5k/debug.c	2009-07-23 18:40:27.920274556 -0400
+@@ -165,7 +165,7 @@ static int reg_show(struct seq_file *seq
+ 	return 0;
+ }
+ 
+-static struct seq_operations register_seq_ops = {
++static const struct seq_operations register_seq_ops = {
+ 	.start = reg_start,
+ 	.next  = reg_next,
+ 	.stop  = reg_stop,
+diff -urNp linux-2.6.29.6/drivers/net/wireless/libertas/debugfs.c linux-2.6.29.6/drivers/net/wireless/libertas/debugfs.c
+--- linux-2.6.29.6/drivers/net/wireless/libertas/debugfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/wireless/libertas/debugfs.c	2009-07-23 18:40:27.933357619 -0400
+@@ -938,7 +938,7 @@ static ssize_t lbs_debugfs_write(struct 
+ 	return (ssize_t)cnt;
+ }
+ 
+-static struct file_operations lbs_debug_fops = {
++static const struct file_operations lbs_debug_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = open_file_generic,
+ 	.write = lbs_debugfs_write,
+diff -urNp linux-2.6.29.6/drivers/net/wireless/strip.c linux-2.6.29.6/drivers/net/wireless/strip.c
+--- linux-2.6.29.6/drivers/net/wireless/strip.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/net/wireless/strip.c	2009-07-23 18:40:27.958265010 -0400
+@@ -1125,7 +1125,7 @@ static int strip_seq_show(struct seq_fil
+ }
+ 
+ 
+-static struct seq_operations strip_seq_ops = {
++static const struct seq_operations strip_seq_ops = {
+ 	.start = strip_seq_start,
+ 	.next  = strip_seq_next,
+ 	.stop  = strip_seq_stop,
+diff -urNp linux-2.6.29.6/drivers/oprofile/buffer_sync.c linux-2.6.29.6/drivers/oprofile/buffer_sync.c
+--- linux-2.6.29.6/drivers/oprofile/buffer_sync.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/oprofile/buffer_sync.c	2009-07-23 17:34:32.130708691 -0400
+@@ -335,7 +335,7 @@ static void add_data(struct op_entry *en
+ 		if (cookie == NO_COOKIE)
+ 			offset = pc;
+ 		if (cookie == INVALID_COOKIE) {
+-			atomic_inc(&oprofile_stats.sample_lost_no_mapping);
++			atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
+ 			offset = pc;
+ 		}
+ 		if (cookie != last_cookie) {
+@@ -379,14 +379,14 @@ add_sample(struct mm_struct *mm, struct 
+ 	/* add userspace sample */
+ 
+ 	if (!mm) {
+-		atomic_inc(&oprofile_stats.sample_lost_no_mm);
++		atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mm);
+ 		return 0;
+ 	}
+ 
+ 	cookie = lookup_dcookie(mm, s->eip, &offset);
+ 
+ 	if (cookie == INVALID_COOKIE) {
+-		atomic_inc(&oprofile_stats.sample_lost_no_mapping);
++		atomic_inc_unchecked(&oprofile_stats.sample_lost_no_mapping);
+ 		return 0;
+ 	}
+ 
+@@ -555,7 +555,7 @@ void sync_buffer(int cpu)
+ 		/* ignore backtraces if failed to add a sample */
+ 		if (state == sb_bt_start) {
+ 			state = sb_bt_ignore;
+-			atomic_inc(&oprofile_stats.bt_lost_no_mapping);
++			atomic_inc_unchecked(&oprofile_stats.bt_lost_no_mapping);
+ 		}
+ 	}
+ 	release_mm(mm);
+diff -urNp linux-2.6.29.6/drivers/oprofile/event_buffer.c linux-2.6.29.6/drivers/oprofile/event_buffer.c
+--- linux-2.6.29.6/drivers/oprofile/event_buffer.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/oprofile/event_buffer.c	2009-07-23 17:34:32.130708691 -0400
+@@ -42,7 +42,7 @@ static atomic_t buffer_ready = ATOMIC_IN
+ void add_event_entry(unsigned long value)
+ {
+ 	if (buffer_pos == buffer_size) {
+-		atomic_inc(&oprofile_stats.event_lost_overflow);
++		atomic_inc_unchecked(&oprofile_stats.event_lost_overflow);
+ 		return;
+ 	}
+ 
+diff -urNp linux-2.6.29.6/drivers/oprofile/oprofilefs.c linux-2.6.29.6/drivers/oprofile/oprofilefs.c
+--- linux-2.6.29.6/drivers/oprofile/oprofilefs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/oprofile/oprofilefs.c	2009-07-23 18:40:27.469277997 -0400
+@@ -35,7 +35,7 @@ static struct inode *oprofilefs_get_inod
+ }
+ 
+ 
+-static struct super_operations s_ops = {
++static const struct super_operations s_ops = {
+ 	.statfs		= simple_statfs,
+ 	.drop_inode 	= generic_delete_inode,
+ };
+@@ -187,7 +187,7 @@ static const struct file_operations atom
+ 
+ 
+ int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root,
+-	char const *name, atomic_t *val)
++	char const *name, atomic_unchecked_t *val)
+ {
+ 	struct dentry *d = __oprofilefs_create_file(sb, root, name,
+ 						     &atomic_ro_fops, 0444);
+diff -urNp linux-2.6.29.6/drivers/oprofile/oprofile_stats.h linux-2.6.29.6/drivers/oprofile/oprofile_stats.h
+--- linux-2.6.29.6/drivers/oprofile/oprofile_stats.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/oprofile/oprofile_stats.h	2009-07-23 17:34:32.131798606 -0400
+@@ -13,10 +13,10 @@
+ #include <asm/atomic.h>
+ 
+ struct oprofile_stat_struct {
+-	atomic_t sample_lost_no_mm;
+-	atomic_t sample_lost_no_mapping;
+-	atomic_t bt_lost_no_mapping;
+-	atomic_t event_lost_overflow;
++	atomic_unchecked_t sample_lost_no_mm;
++	atomic_unchecked_t sample_lost_no_mapping;
++	atomic_unchecked_t bt_lost_no_mapping;
++	atomic_unchecked_t event_lost_overflow;
+ };
+ 
+ extern struct oprofile_stat_struct oprofile_stats;
+diff -urNp linux-2.6.29.6/drivers/pci/hotplug/cpqphp.h linux-2.6.29.6/drivers/pci/hotplug/cpqphp.h
+--- linux-2.6.29.6/drivers/pci/hotplug/cpqphp.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pci/hotplug/cpqphp.h	2009-07-23 18:40:27.972087415 -0400
+@@ -449,7 +449,7 @@ extern u8 cpqhp_disk_irq;
+ 
+ /* inline functions */
+ 
+-static inline char *slot_name(struct slot *slot)
++static inline const char *slot_name(struct slot *slot)
+ {
+ 	return hotplug_slot_name(slot->hotplug_slot);
+ }
+diff -urNp linux-2.6.29.6/drivers/pci/hotplug/cpqphp_nvram.c linux-2.6.29.6/drivers/pci/hotplug/cpqphp_nvram.c
+--- linux-2.6.29.6/drivers/pci/hotplug/cpqphp_nvram.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pci/hotplug/cpqphp_nvram.c	2009-07-23 17:34:32.131798606 -0400
+@@ -425,9 +425,13 @@ static u32 store_HRT (void __iomem *rom_
+ 
+ void compaq_nvram_init (void __iomem *rom_start)
+ {
++
++#ifndef CONFIG_PAX_KERNEXEC
+ 	if (rom_start) {
+ 		compaq_int15_entry_point = (rom_start + ROM_INT15_PHY_ADDR - ROM_PHY_ADDR);
+ 	}
++#endif
++
+ 	dbg("int15 entry  = %p\n", compaq_int15_entry_point);
+ 
+ 	/* initialize our int15 lock */
+diff -urNp linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv.c linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv.c
+--- linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv.c	2009-07-23 17:34:32.131798606 -0400
+@@ -59,7 +59,7 @@ static struct pcie_port_service_id aer_i
+ 	.port_type 	= PCIE_RC_PORT,
+ 	.service_type 	= PCIE_PORT_SERVICE_AER,
+ 	},
+-	{ /* end: all zeroes */ }
++	{ 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ static struct pci_error_handlers aer_error_handlers = {
+diff -urNp linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv_core.c linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv_core.c
+--- linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv_core.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pci/pcie/aer/aerdrv_core.c	2009-07-23 17:34:32.132779386 -0400
+@@ -670,7 +670,7 @@ static void aer_isr_one_error(struct pci
+ 		struct aer_err_source *e_src)
+ {
+ 	struct device *s_device;
+-	struct aer_err_info e_info = {0, 0, 0,};
++	struct aer_err_info e_info = {0, 0, 0, {0, 0, 0, 0}};
+ 	int i;
+ 	u16 id;
+ 
+diff -urNp linux-2.6.29.6/drivers/pci/pcie/portdrv_pci.c linux-2.6.29.6/drivers/pci/pcie/portdrv_pci.c
+--- linux-2.6.29.6/drivers/pci/pcie/portdrv_pci.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pci/pcie/portdrv_pci.c	2009-07-23 17:34:32.132779386 -0400
+@@ -260,7 +260,7 @@ static void pcie_portdrv_err_resume(stru
+ static const struct pci_device_id port_pci_ids[] = { {
+ 	/* handle any PCI-Express port */
+ 	PCI_DEVICE_CLASS(((PCI_CLASS_BRIDGE_PCI << 8) | 0x00), ~0),
+-	}, { /* end: all zeroes */ }
++	}, { 0, 0, 0, 0, 0, 0, 0 }
+ };
+ MODULE_DEVICE_TABLE(pci, port_pci_ids);
+ 
+diff -urNp linux-2.6.29.6/drivers/pci/proc.c linux-2.6.29.6/drivers/pci/proc.c
+--- linux-2.6.29.6/drivers/pci/proc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pci/proc.c	2009-07-23 17:34:32.132779386 -0400
+@@ -480,7 +480,16 @@ static const struct file_operations proc
+ static int __init pci_proc_init(void)
+ {
+ 	struct pci_dev *dev = NULL;
++
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR, NULL);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	proc_bus_pci_dir = proc_mkdir_mode("bus/pci", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
++#endif
++#else
+ 	proc_bus_pci_dir = proc_mkdir("bus/pci", NULL);
++#endif
+ 	proc_create("devices", 0, proc_bus_pci_dir,
+ 		    &proc_bus_pci_dev_operations);
+ 	proc_initialized = 1;
+diff -urNp linux-2.6.29.6/drivers/pcmcia/ti113x.h linux-2.6.29.6/drivers/pcmcia/ti113x.h
+--- linux-2.6.29.6/drivers/pcmcia/ti113x.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pcmcia/ti113x.h	2009-07-23 17:34:32.132779386 -0400
+@@ -903,7 +903,7 @@ static struct pci_device_id ene_tune_tbl
+ 	DEVID(PCI_VENDOR_ID_MOTOROLA, 0x3410, 0xECC0, PCI_ANY_ID,
+ 		ENE_TEST_C9_TLTENABLE | ENE_TEST_C9_PFENABLE, ENE_TEST_C9_TLTENABLE),
+ 
+-	{}
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ static void ene_tune_bridge(struct pcmcia_socket *sock, struct pci_bus *bus)
+diff -urNp linux-2.6.29.6/drivers/pcmcia/yenta_socket.c linux-2.6.29.6/drivers/pcmcia/yenta_socket.c
+--- linux-2.6.29.6/drivers/pcmcia/yenta_socket.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pcmcia/yenta_socket.c	2009-07-23 17:34:32.133745041 -0400
+@@ -1366,7 +1366,7 @@ static struct pci_device_id yenta_table 
+ 
+ 	/* match any cardbus bridge */
+ 	CB_ID(PCI_ANY_ID, PCI_ANY_ID, DEFAULT),
+-	{ /* all zeroes */ }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ MODULE_DEVICE_TABLE(pci, yenta_table);
+ 
+diff -urNp linux-2.6.29.6/drivers/pnp/pnpbios/bioscalls.c linux-2.6.29.6/drivers/pnp/pnpbios/bioscalls.c
+--- linux-2.6.29.6/drivers/pnp/pnpbios/bioscalls.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pnp/pnpbios/bioscalls.c	2009-07-23 17:34:32.133745041 -0400
+@@ -60,7 +60,7 @@ set_base(gdt[(selname) >> 3], (u32)(addr
+ set_limit(gdt[(selname) >> 3], size); \
+ } while(0)
+ 
+-static struct desc_struct bad_bios_desc;
++static struct desc_struct bad_bios_desc __read_only;
+ 
+ /*
+  * At some point we want to use this stack frame pointer to unwind
+@@ -87,6 +87,10 @@ static inline u16 call_pnp_bios(u16 func
+ 	struct desc_struct save_desc_40;
+ 	int cpu;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	/*
+ 	 * PnP BIOSes are generally not terribly re-entrant.
+ 	 * Also, don't rely on them to save everything correctly.
+@@ -96,8 +100,17 @@ static inline u16 call_pnp_bios(u16 func
+ 
+ 	cpu = get_cpu();
+ 	save_desc_40 = get_cpu_gdt_table(cpu)[0x40 / 8];
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	get_cpu_gdt_table(cpu)[0x40 / 8] = bad_bios_desc;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	/* On some boxes IRQ's during PnP BIOS calls are deadly.  */
+ 	spin_lock_irqsave(&pnp_bios_lock, flags);
+ 
+@@ -134,7 +147,16 @@ static inline u16 call_pnp_bios(u16 func
+ 			     :"memory");
+ 	spin_unlock_irqrestore(&pnp_bios_lock, flags);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	get_cpu_gdt_table(cpu)[0x40 / 8] = save_desc_40;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ 	put_cpu();
+ 
+ 	/* If we get here and this is set then the PnP BIOS faulted on us. */
+@@ -468,16 +490,24 @@ int pnp_bios_read_escd(char *data, u32 n
+ 	return status;
+ }
+ 
+-void pnpbios_calls_init(union pnp_bios_install_struct *header)
++void __init pnpbios_calls_init(union pnp_bios_install_struct *header)
+ {
+ 	int i;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	spin_lock_init(&pnp_bios_lock);
+ 	pnp_bios_callpoint.offset = header->fields.pm16offset;
+ 	pnp_bios_callpoint.segment = PNP_CS16;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	bad_bios_desc.a = 0;
+-	bad_bios_desc.b = 0x00409200;
++	bad_bios_desc.b = 0x00409300;
+ 
+ 	set_base(bad_bios_desc, __va((unsigned long)0x40 << 4));
+ 	_set_limit((char *)&bad_bios_desc, 4095 - (0x40 << 4));
+@@ -491,4 +521,9 @@ void pnpbios_calls_init(union pnp_bios_i
+ 		set_base(gdt[GDT_ENTRY_PNPBIOS_DS],
+ 			 __va(header->fields.pm16dseg));
+ 	}
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
+ }
+diff -urNp linux-2.6.29.6/drivers/pnp/quirks.c linux-2.6.29.6/drivers/pnp/quirks.c
+--- linux-2.6.29.6/drivers/pnp/quirks.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pnp/quirks.c	2009-07-23 17:34:32.133745041 -0400
+@@ -327,7 +327,7 @@ static struct pnp_fixup pnp_fixups[] = {
+ 	/* PnP resources that might overlap PCI BARs */
+ 	{"PNP0c01", quirk_system_pci_resources},
+ 	{"PNP0c02", quirk_system_pci_resources},
+-	{""}
++	{"", NULL}
+ };
+ 
+ void pnp_fixup_device(struct pnp_dev *dev)
+diff -urNp linux-2.6.29.6/drivers/pnp/resource.c linux-2.6.29.6/drivers/pnp/resource.c
+--- linux-2.6.29.6/drivers/pnp/resource.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/pnp/resource.c	2009-07-23 17:34:32.133745041 -0400
+@@ -355,7 +355,7 @@ int pnp_check_irq(struct pnp_dev *dev, s
+ 		return 1;
+ 
+ 	/* check if the resource is valid */
+-	if (*irq < 0 || *irq > 15)
++	if (*irq > 15)
+ 		return 0;
+ 
+ 	/* check if the resource is reserved */
+@@ -419,7 +419,7 @@ int pnp_check_dma(struct pnp_dev *dev, s
+ 		return 1;
+ 
+ 	/* check if the resource is valid */
+-	if (*dma < 0 || *dma == 4 || *dma > 7)
++	if (*dma == 4 || *dma > 7)
+ 		return 0;
+ 
+ 	/* check if the resource is reserved */
+diff -urNp linux-2.6.29.6/drivers/s390/cio/qdio_debug.c linux-2.6.29.6/drivers/s390/cio/qdio_debug.c
+--- linux-2.6.29.6/drivers/s390/cio/qdio_debug.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/s390/cio/qdio_debug.c	2009-07-23 18:40:27.977694137 -0400
+@@ -144,7 +144,7 @@ static void remove_debugfs_entry(struct 
+ 	}
+ }
+ 
+-static struct file_operations debugfs_fops = {
++static const struct file_operations debugfs_fops = {
+ 	.owner	 = THIS_MODULE,
+ 	.open	 = qstat_seq_open,
+ 	.read	 = seq_read,
+diff -urNp linux-2.6.29.6/drivers/s390/cio/qdio_perf.c linux-2.6.29.6/drivers/s390/cio/qdio_perf.c
+--- linux-2.6.29.6/drivers/s390/cio/qdio_perf.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/s390/cio/qdio_perf.c	2009-07-23 18:40:27.982430466 -0400
+@@ -96,7 +96,7 @@ static int qdio_perf_seq_open(struct ino
+ 	return single_open(filp, qdio_perf_proc_show, NULL);
+ }
+ 
+-static struct file_operations qdio_perf_proc_fops = {
++static const struct file_operations qdio_perf_proc_fops = {
+ 	.owner	 = THIS_MODULE,
+ 	.open	 = qdio_perf_seq_open,
+ 	.read	 = seq_read,
+diff -urNp linux-2.6.29.6/drivers/scsi/libfc/fc_exch.c linux-2.6.29.6/drivers/scsi/libfc/fc_exch.c
+--- linux-2.6.29.6/drivers/scsi/libfc/fc_exch.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/scsi/libfc/fc_exch.c	2009-07-23 17:34:32.134722055 -0400
+@@ -84,12 +84,12 @@ struct fc_exch_mgr {
+ 	 * all together if not used XXX
+ 	 */
+ 	struct {
+-		atomic_t no_free_exch;
+-		atomic_t no_free_exch_xid;
+-		atomic_t xid_not_found;
+-		atomic_t xid_busy;
+-		atomic_t seq_not_found;
+-		atomic_t non_bls_resp;
++		atomic_unchecked_t no_free_exch;
++		atomic_unchecked_t no_free_exch_xid;
++		atomic_unchecked_t xid_not_found;
++		atomic_unchecked_t xid_busy;
++		atomic_unchecked_t seq_not_found;
++		atomic_unchecked_t non_bls_resp;
+ 	} stats;
+ 	struct fc_exch **exches;	/* for exch pointers indexed by xid */
+ };
+@@ -534,7 +534,7 @@ struct fc_exch *fc_exch_alloc(struct fc_
+ 	/* allocate memory for exchange */
+ 	ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
+ 	if (!ep) {
+-		atomic_inc(&mp->stats.no_free_exch);
++		atomic_inc_unchecked(&mp->stats.no_free_exch);
+ 		goto out;
+ 	}
+ 	memset(ep, 0, sizeof(*ep));
+@@ -579,7 +579,7 @@ out:
+ 	return ep;
+ err:
+ 	spin_unlock_bh(&mp->em_lock);
+-	atomic_inc(&mp->stats.no_free_exch_xid);
++	atomic_inc_unchecked(&mp->stats.no_free_exch_xid);
+ 	mempool_free(ep, mp->ep_pool);
+ 	return NULL;
+ }
+@@ -682,7 +682,7 @@ static enum fc_pf_rjt_reason fc_seq_look
+ 		xid = ntohs(fh->fh_ox_id);	/* we originated exch */
+ 		ep = fc_exch_find(mp, xid);
+ 		if (!ep) {
+-			atomic_inc(&mp->stats.xid_not_found);
++			atomic_inc_unchecked(&mp->stats.xid_not_found);
+ 			reject = FC_RJT_OX_ID;
+ 			goto out;
+ 		}
+@@ -712,7 +712,7 @@ static enum fc_pf_rjt_reason fc_seq_look
+ 		ep = fc_exch_find(mp, xid);
+ 		if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
+ 			if (ep) {
+-				atomic_inc(&mp->stats.xid_busy);
++				atomic_inc_unchecked(&mp->stats.xid_busy);
+ 				reject = FC_RJT_RX_ID;
+ 				goto rel;
+ 			}
+@@ -723,7 +723,7 @@ static enum fc_pf_rjt_reason fc_seq_look
+ 			}
+ 			xid = ep->xid;	/* get our XID */
+ 		} else if (!ep) {
+-			atomic_inc(&mp->stats.xid_not_found);
++			atomic_inc_unchecked(&mp->stats.xid_not_found);
+ 			reject = FC_RJT_RX_ID;	/* XID not found */
+ 			goto out;
+ 		}
+@@ -744,7 +744,7 @@ static enum fc_pf_rjt_reason fc_seq_look
+ 	} else {
+ 		sp = &ep->seq;
+ 		if (sp->id != fh->fh_seq_id) {
+-			atomic_inc(&mp->stats.seq_not_found);
++			atomic_inc_unchecked(&mp->stats.seq_not_found);
+ 			reject = FC_RJT_SEQ_ID;	/* sequence/exch should exist */
+ 			goto rel;
+ 		}
+@@ -1156,18 +1156,18 @@ static void fc_exch_recv_seq_resp(struct
+ 
+ 	ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
+ 	if (!ep) {
+-		atomic_inc(&mp->stats.xid_not_found);
++		atomic_inc_unchecked(&mp->stats.xid_not_found);
+ 		goto out;
+ 	}
+ 	if (ep->rxid == FC_XID_UNKNOWN)
+ 		ep->rxid = ntohs(fh->fh_rx_id);
+ 	if (ep->sid != 0 && ep->sid != ntoh24(fh->fh_d_id)) {
+-		atomic_inc(&mp->stats.xid_not_found);
++		atomic_inc_unchecked(&mp->stats.xid_not_found);
+ 		goto rel;
+ 	}
+ 	if (ep->did != ntoh24(fh->fh_s_id) &&
+ 	    ep->did != FC_FID_FLOGI) {
+-		atomic_inc(&mp->stats.xid_not_found);
++		atomic_inc_unchecked(&mp->stats.xid_not_found);
+ 		goto rel;
+ 	}
+ 	sof = fr_sof(fp);
+@@ -1178,7 +1178,7 @@ static void fc_exch_recv_seq_resp(struct
+ 	} else {
+ 		sp = &ep->seq;
+ 		if (sp->id != fh->fh_seq_id) {
+-			atomic_inc(&mp->stats.seq_not_found);
++			atomic_inc_unchecked(&mp->stats.seq_not_found);
+ 			goto rel;
+ 		}
+ 	}
+@@ -1237,10 +1237,10 @@ static void fc_exch_recv_resp(struct fc_
+ 
+ 	sp = fc_seq_lookup_orig(mp, fp);	/* doesn't hold sequence */
+ 	if (!sp) {
+-		atomic_inc(&mp->stats.xid_not_found);
++		atomic_inc_unchecked(&mp->stats.xid_not_found);
+ 		FC_DEBUG_EXCH("seq lookup failed\n");
+ 	} else {
+-		atomic_inc(&mp->stats.non_bls_resp);
++		atomic_inc_unchecked(&mp->stats.non_bls_resp);
+ 		FC_DEBUG_EXCH("non-BLS response to sequence");
+ 	}
+ 	fc_frame_free(fp);
+diff -urNp linux-2.6.29.6/drivers/scsi/lpfc/lpfc_debugfs.c linux-2.6.29.6/drivers/scsi/lpfc/lpfc_debugfs.c
+--- linux-2.6.29.6/drivers/scsi/lpfc/lpfc_debugfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/scsi/lpfc/lpfc_debugfs.c	2009-07-23 18:40:27.982430466 -0400
+@@ -1132,7 +1132,7 @@ lpfc_debugfs_dumpDataDif_release(struct 
+ }
+ 
+ #undef lpfc_debugfs_op_disc_trc
+-static struct file_operations lpfc_debugfs_op_disc_trc = {
++static const struct file_operations lpfc_debugfs_op_disc_trc = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_disc_trc_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+@@ -1141,7 +1141,7 @@ static struct file_operations lpfc_debug
+ };
+ 
+ #undef lpfc_debugfs_op_nodelist
+-static struct file_operations lpfc_debugfs_op_nodelist = {
++static const struct file_operations lpfc_debugfs_op_nodelist = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_nodelist_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+@@ -1150,7 +1150,7 @@ static struct file_operations lpfc_debug
+ };
+ 
+ #undef lpfc_debugfs_op_hbqinfo
+-static struct file_operations lpfc_debugfs_op_hbqinfo = {
++static const struct file_operations lpfc_debugfs_op_hbqinfo = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_hbqinfo_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+@@ -1159,7 +1159,7 @@ static struct file_operations lpfc_debug
+ };
+ 
+ #undef lpfc_debugfs_op_dumpHBASlim
+-static struct file_operations lpfc_debugfs_op_dumpHBASlim = {
++static const struct file_operations lpfc_debugfs_op_dumpHBASlim = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_dumpHBASlim_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+@@ -1168,7 +1168,7 @@ static struct file_operations lpfc_debug
+ };
+ 
+ #undef lpfc_debugfs_op_dumpHostSlim
+-static struct file_operations lpfc_debugfs_op_dumpHostSlim = {
++static const struct file_operations lpfc_debugfs_op_dumpHostSlim = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_dumpHostSlim_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+@@ -1177,7 +1177,7 @@ static struct file_operations lpfc_debug
+ };
+ 
+ #undef lpfc_debugfs_op_dumpData
+-static struct file_operations lpfc_debugfs_op_dumpData = {
++static const struct file_operations lpfc_debugfs_op_dumpData = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_dumpData_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+@@ -1187,7 +1187,7 @@ static struct file_operations lpfc_debug
+ };
+ 
+ #undef lpfc_debugfs_op_dumpDif
+-static struct file_operations lpfc_debugfs_op_dumpDif = {
++static const struct file_operations lpfc_debugfs_op_dumpDif = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_dumpDif_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+@@ -1197,7 +1197,7 @@ static struct file_operations lpfc_debug
+ };
+ 
+ #undef lpfc_debugfs_op_slow_ring_trc
+-static struct file_operations lpfc_debugfs_op_slow_ring_trc = {
++static const struct file_operations lpfc_debugfs_op_slow_ring_trc = {
+ 	.owner =        THIS_MODULE,
+ 	.open =         lpfc_debugfs_slow_ring_trc_open,
+ 	.llseek =       lpfc_debugfs_lseek,
+diff -urNp linux-2.6.29.6/drivers/scsi/scsi_logging.h linux-2.6.29.6/drivers/scsi/scsi_logging.h
+--- linux-2.6.29.6/drivers/scsi/scsi_logging.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/scsi/scsi_logging.h	2009-07-23 17:34:32.134722055 -0400
+@@ -51,7 +51,7 @@ do {								\
+ 		} while (0);					\
+ } while (0)
+ #else
+-#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD)
++#define SCSI_CHECK_LOGGING(SHIFT, BITS, LEVEL, CMD) do {} while (0)
+ #endif /* CONFIG_SCSI_LOGGING */
+ 
+ /*
+diff -urNp linux-2.6.29.6/drivers/scsi/sg.c linux-2.6.29.6/drivers/scsi/sg.c
+--- linux-2.6.29.6/drivers/scsi/sg.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/scsi/sg.c	2009-07-23 18:40:27.983261819 -0400
+@@ -1197,7 +1197,7 @@ sg_vma_fault(struct vm_area_struct *vma,
+ 	return VM_FAULT_SIGBUS;
+ }
+ 
+-static struct vm_operations_struct sg_mmap_vm_ops = {
++static const struct vm_operations_struct sg_mmap_vm_ops = {
+ 	.fault = sg_vma_fault,
+ };
+ 
+@@ -1329,7 +1329,7 @@ static void sg_rq_end_io(struct request 
+ 	}
+ }
+ 
+-static struct file_operations sg_fops = {
++static const struct file_operations sg_fops = {
+ 	.owner = THIS_MODULE,
+ 	.read = sg_read,
+ 	.write = sg_write,
+@@ -2222,8 +2222,11 @@ static int sg_proc_seq_show_int(struct s
+ static int sg_proc_single_open_adio(struct inode *inode, struct file *file);
+ static ssize_t sg_proc_write_adio(struct file *filp, const char __user *buffer,
+ 			          size_t count, loff_t *off);
+-static struct file_operations adio_fops = {
+-	/* .owner, .read and .llseek added in sg_proc_init() */
++
++static const struct file_operations adio_fops = {
++	.owner = THIS_MODULE,
++	.read = seq_read,
++	.llseek = seq_lseek,
+ 	.open = sg_proc_single_open_adio,
+ 	.write = sg_proc_write_adio,
+ 	.release = single_release,
+@@ -2232,7 +2235,10 @@ static struct file_operations adio_fops 
+ static int sg_proc_single_open_dressz(struct inode *inode, struct file *file);
+ static ssize_t sg_proc_write_dressz(struct file *filp, 
+ 		const char __user *buffer, size_t count, loff_t *off);
+-static struct file_operations dressz_fops = {
++static const struct file_operations dressz_fops = {
++	.owner = THIS_MODULE,
++	.read = seq_read,
++	.llseek = seq_lseek,
+ 	.open = sg_proc_single_open_dressz,
+ 	.write = sg_proc_write_dressz,
+ 	.release = single_release,
+@@ -2240,14 +2246,20 @@ static struct file_operations dressz_fop
+ 
+ static int sg_proc_seq_show_version(struct seq_file *s, void *v);
+ static int sg_proc_single_open_version(struct inode *inode, struct file *file);
+-static struct file_operations version_fops = {
++static const struct file_operations version_fops = {
++	.owner = THIS_MODULE,
++	.read = seq_read,
++	.llseek = seq_lseek,
+ 	.open = sg_proc_single_open_version,
+ 	.release = single_release,
+ };
+ 
+ static int sg_proc_seq_show_devhdr(struct seq_file *s, void *v);
+ static int sg_proc_single_open_devhdr(struct inode *inode, struct file *file);
+-static struct file_operations devhdr_fops = {
++static const struct file_operations devhdr_fops = {
++	.owner = THIS_MODULE,
++	.read = seq_read,
++	.llseek = seq_lseek,
+ 	.open = sg_proc_single_open_devhdr,
+ 	.release = single_release,
+ };
+@@ -2257,11 +2269,14 @@ static int sg_proc_open_dev(struct inode
+ static void * dev_seq_start(struct seq_file *s, loff_t *pos);
+ static void * dev_seq_next(struct seq_file *s, void *v, loff_t *pos);
+ static void dev_seq_stop(struct seq_file *s, void *v);
+-static struct file_operations dev_fops = {
++static const struct file_operations dev_fops = {
++	.owner = THIS_MODULE,
++	.read = seq_read,
++	.llseek = seq_lseek,
+ 	.open = sg_proc_open_dev,
+ 	.release = seq_release,
+ };
+-static struct seq_operations dev_seq_ops = {
++static const struct seq_operations dev_seq_ops = {
+ 	.start = dev_seq_start,
+ 	.next  = dev_seq_next,
+ 	.stop  = dev_seq_stop,
+@@ -2270,11 +2285,14 @@ static struct seq_operations dev_seq_ops
+ 
+ static int sg_proc_seq_show_devstrs(struct seq_file *s, void *v);
+ static int sg_proc_open_devstrs(struct inode *inode, struct file *file);
+-static struct file_operations devstrs_fops = {
++static const struct file_operations devstrs_fops = {
++	.owner = THIS_MODULE,
++	.read = seq_read,
++	.llseek = seq_lseek,
+ 	.open = sg_proc_open_devstrs,
+ 	.release = seq_release,
+ };
+-static struct seq_operations devstrs_seq_ops = {
++static const struct seq_operations devstrs_seq_ops = {
+ 	.start = dev_seq_start,
+ 	.next  = dev_seq_next,
+ 	.stop  = dev_seq_stop,
+@@ -2283,11 +2301,14 @@ static struct seq_operations devstrs_seq
+ 
+ static int sg_proc_seq_show_debug(struct seq_file *s, void *v);
+ static int sg_proc_open_debug(struct inode *inode, struct file *file);
+-static struct file_operations debug_fops = {
++static const struct file_operations debug_fops = {
++	.owner = THIS_MODULE,
++	.read = seq_read,
++	.llseek = seq_lseek,
+ 	.open = sg_proc_open_debug,
+ 	.release = seq_release,
+ };
+-static struct seq_operations debug_seq_ops = {
++static const struct seq_operations debug_seq_ops = {
+ 	.start = dev_seq_start,
+ 	.next  = dev_seq_next,
+ 	.stop  = dev_seq_stop,
+@@ -2297,7 +2318,7 @@ static struct seq_operations debug_seq_o
+ 
+ struct sg_proc_leaf {
+ 	const char * name;
+-	struct file_operations * fops;
++	const struct file_operations * fops;
+ };
+ 
+ static struct sg_proc_leaf sg_proc_leaf_arr[] = {
+@@ -2323,9 +2344,6 @@ sg_proc_init(void)
+ 	for (k = 0; k < num_leaves; ++k) {
+ 		leaf = &sg_proc_leaf_arr[k];
+ 		mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO;
+-		leaf->fops->owner = THIS_MODULE;
+-		leaf->fops->read = seq_read;
+-		leaf->fops->llseek = seq_lseek;
+ 		proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops);
+ 	}
+ 	return 0;
+diff -urNp linux-2.6.29.6/drivers/serial/8250_pci.c linux-2.6.29.6/drivers/serial/8250_pci.c
+--- linux-2.6.29.6/drivers/serial/8250_pci.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/serial/8250_pci.c	2009-07-23 17:34:32.135751373 -0400
+@@ -3162,7 +3162,7 @@ static struct pci_device_id serial_pci_t
+ 		PCI_ANY_ID, PCI_ANY_ID,
+ 		PCI_CLASS_COMMUNICATION_MULTISERIAL << 8,
+ 		0xffff00, pbn_default },
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ static struct pci_driver serial_pci_driver = {
+diff -urNp linux-2.6.29.6/drivers/spi/spidev.c linux-2.6.29.6/drivers/spi/spidev.c
+--- linux-2.6.29.6/drivers/spi/spidev.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/spi/spidev.c	2009-07-23 18:40:27.984271636 -0400
+@@ -532,7 +532,7 @@ static int spidev_release(struct inode *
+ 	return status;
+ }
+ 
+-static struct file_operations spidev_fops = {
++static const struct file_operations spidev_fops = {
+ 	.owner =	THIS_MODULE,
+ 	/* REVISIT switch to aio primitives, so that userspace
+ 	 * gets more complete API coverage.  It'll simplify things
+diff -urNp linux-2.6.29.6/drivers/staging/altpciechdma/altpciechdma.c linux-2.6.29.6/drivers/staging/altpciechdma/altpciechdma.c
+--- linux-2.6.29.6/drivers/staging/altpciechdma/altpciechdma.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/altpciechdma/altpciechdma.c	2009-07-23 18:40:27.989802153 -0400
+@@ -1085,7 +1085,7 @@ static ssize_t sg_write(struct file *fil
+ /*
+  * character device file operations
+  */
+-static struct file_operations sg_fops = {
++static const struct file_operations sg_fops = {
+   .owner = THIS_MODULE,
+   .open = sg_open,
+   .release = sg_close,
+diff -urNp linux-2.6.29.6/drivers/staging/android/binder.c linux-2.6.29.6/drivers/staging/android/binder.c
+--- linux-2.6.29.6/drivers/staging/android/binder.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/android/binder.c	2009-07-23 18:40:28.031683554 -0400
+@@ -2660,7 +2660,7 @@ static void binder_vma_close(struct vm_a
+ 	proc->vma = NULL;
+ }
+ 
+-static struct vm_operations_struct binder_vm_ops = {
++static const struct vm_operations_struct binder_vm_ops = {
+ 	.open = binder_vma_open,
+ 	.close = binder_vma_close,
+ };
+@@ -3464,7 +3464,7 @@ static int binder_read_proc_transaction_
+ 	return len < count ? len  : count;
+ }
+ 
+-static struct file_operations binder_fops = {
++static const struct file_operations binder_fops = {
+ 	.owner = THIS_MODULE,
+ 	.poll = binder_poll,
+ 	.unlocked_ioctl = binder_ioctl,
+diff -urNp linux-2.6.29.6/drivers/staging/android/logger.c linux-2.6.29.6/drivers/staging/android/logger.c
+--- linux-2.6.29.6/drivers/staging/android/logger.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/android/logger.c	2009-07-23 18:40:28.043741799 -0400
+@@ -519,7 +519,7 @@ static long logger_ioctl(struct file *fi
+ 	return ret;
+ }
+ 
+-static struct file_operations logger_fops = {
++static const struct file_operations logger_fops = {
+ 	.owner = THIS_MODULE,
+ 	.read = logger_read,
+ 	.aio_write = logger_aio_write,
+diff -urNp linux-2.6.29.6/drivers/staging/android/ram_console.c linux-2.6.29.6/drivers/staging/android/ram_console.c
+--- linux-2.6.29.6/drivers/staging/android/ram_console.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/android/ram_console.c	2009-07-23 18:40:28.044366592 -0400
+@@ -365,7 +365,7 @@ static ssize_t ram_console_read_old(stru
+ 	return count;
+ }
+ 
+-static struct file_operations ram_console_file_ops = {
++static const struct file_operations ram_console_file_ops = {
+ 	.owner = THIS_MODULE,
+ 	.read = ram_console_read_old,
+ };
+diff -urNp linux-2.6.29.6/drivers/staging/comedi/comedi_fops.c linux-2.6.29.6/drivers/staging/comedi/comedi_fops.c
+--- linux-2.6.29.6/drivers/staging/comedi/comedi_fops.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/comedi/comedi_fops.c	2009-07-23 18:40:28.047286541 -0400
+@@ -1385,7 +1385,7 @@ void comedi_unmap(struct vm_area_struct 
+ 	mutex_unlock(&dev->mutex);
+ }
+ 
+-static struct vm_operations_struct comedi_vm_ops = {
++static const struct vm_operations_struct comedi_vm_ops = {
+ 	.close =	comedi_unmap,
+ };
+ 
+diff -urNp linux-2.6.29.6/drivers/staging/epl/EplApiLinuxKernel.c linux-2.6.29.6/drivers/staging/epl/EplApiLinuxKernel.c
+--- linux-2.6.29.6/drivers/staging/epl/EplApiLinuxKernel.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/epl/EplApiLinuxKernel.c	2009-07-23 18:40:28.056426086 -0400
+@@ -231,7 +231,7 @@ EXPORT_NO_SYMBOLS;
+ module_init(EplLinInit);
+ module_exit(EplLinExit);
+ 
+-static struct file_operations EplLinFileOps_g = {
++static const struct file_operations EplLinFileOps_g = {
+ 	.owner = THIS_MODULE,
+ 	.open = EplLinOpen,
+ 	.release = EplLinRelease,
+diff -urNp linux-2.6.29.6/drivers/staging/go7007/go7007-v4l2.c linux-2.6.29.6/drivers/staging/go7007/go7007-v4l2.c
+--- linux-2.6.29.6/drivers/staging/go7007/go7007-v4l2.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/go7007/go7007-v4l2.c	2009-07-23 18:40:28.061800902 -0400
+@@ -1717,7 +1717,7 @@ static int go7007_vm_fault(struct vm_are
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct go7007_vm_ops = {
++static const struct vm_operations_struct go7007_vm_ops = {
+ 	.open	= go7007_vm_open,
+ 	.close	= go7007_vm_close,
+ 	.fault	= go7007_vm_fault,
+diff -urNp linux-2.6.29.6/drivers/staging/me4000/me4000.c linux-2.6.29.6/drivers/staging/me4000/me4000.c
+--- linux-2.6.29.6/drivers/staging/me4000/me4000.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/me4000/me4000.c	2009-07-23 18:40:28.080446994 -0400
+@@ -309,7 +309,7 @@ static struct pci_driver me4000_driver =
+ 	.probe = me4000_probe
+ };
+ 
+-static struct file_operations me4000_ao_fops_sing = {
++static const struct file_operations me4000_ao_fops_sing = {
+       .owner = THIS_MODULE,
+       .write = me4000_ao_write_sing,
+       .ioctl = me4000_ao_ioctl_sing,
+@@ -317,7 +317,7 @@ static struct file_operations me4000_ao_
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_ao_fops_wrap = {
++static const struct file_operations me4000_ao_fops_wrap = {
+       .owner = THIS_MODULE,
+       .write = me4000_ao_write_wrap,
+       .ioctl = me4000_ao_ioctl_wrap,
+@@ -325,7 +325,7 @@ static struct file_operations me4000_ao_
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_ao_fops_cont = {
++static const struct file_operations me4000_ao_fops_cont = {
+       .owner = THIS_MODULE,
+       .write = me4000_ao_write_cont,
+       .poll = me4000_ao_poll_cont,
+@@ -335,14 +335,14 @@ static struct file_operations me4000_ao_
+       .fsync = me4000_ao_fsync_cont,
+ };
+ 
+-static struct file_operations me4000_ai_fops_sing = {
++static const struct file_operations me4000_ai_fops_sing = {
+       .owner = THIS_MODULE,
+       .ioctl = me4000_ai_ioctl_sing,
+       .open = me4000_open,
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_ai_fops_cont_sw = {
++static const struct file_operations me4000_ai_fops_cont_sw = {
+       .owner = THIS_MODULE,
+       .read = me4000_ai_read,
+       .poll = me4000_ai_poll,
+@@ -352,7 +352,7 @@ static struct file_operations me4000_ai_
+       .fasync = me4000_ai_fasync,
+ };
+ 
+-static struct file_operations me4000_ai_fops_cont_et = {
++static const struct file_operations me4000_ai_fops_cont_et = {
+       .owner = THIS_MODULE,
+       .read = me4000_ai_read,
+       .poll = me4000_ai_poll,
+@@ -361,7 +361,7 @@ static struct file_operations me4000_ai_
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_ai_fops_cont_et_value = {
++static const struct file_operations me4000_ai_fops_cont_et_value = {
+       .owner = THIS_MODULE,
+       .read = me4000_ai_read,
+       .poll = me4000_ai_poll,
+@@ -370,7 +370,7 @@ static struct file_operations me4000_ai_
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_ai_fops_cont_et_chanlist = {
++static const struct file_operations me4000_ai_fops_cont_et_chanlist = {
+       .owner = THIS_MODULE,
+       .read = me4000_ai_read,
+       .poll = me4000_ai_poll,
+@@ -379,21 +379,21 @@ static struct file_operations me4000_ai_
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_dio_fops = {
++static const struct file_operations me4000_dio_fops = {
+       .owner = THIS_MODULE,
+       .ioctl = me4000_dio_ioctl,
+       .open = me4000_open,
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_cnt_fops = {
++static const struct file_operations me4000_cnt_fops = {
+       .owner = THIS_MODULE,
+       .ioctl = me4000_cnt_ioctl,
+       .open = me4000_open,
+       .release = me4000_release,
+ };
+ 
+-static struct file_operations me4000_ext_int_fops = {
++static const struct file_operations me4000_ext_int_fops = {
+       .owner = THIS_MODULE,
+       .ioctl = me4000_ext_int_ioctl,
+       .open = me4000_open,
+@@ -401,13 +401,13 @@ static struct file_operations me4000_ext
+       .fasync = me4000_ext_int_fasync,
+ };
+ 
+-static struct file_operations *me4000_ao_fops_array[] = {
++static const struct file_operations *me4000_ao_fops_array[] = {
+ 	&me4000_ao_fops_sing,	// single operations
+ 	&me4000_ao_fops_wrap,	// wraparound operations
+ 	&me4000_ao_fops_cont,	// continous operations
+ };
+ 
+-static struct file_operations *me4000_ai_fops_array[] = {
++static const struct file_operations *me4000_ai_fops_array[] = {
+ 	&me4000_ai_fops_sing,	// single operations
+ 	&me4000_ai_fops_cont_sw,	// continuous operations with software start
+ 	&me4000_ai_fops_cont_et,	// continous operations with external trigger
+diff -urNp linux-2.6.29.6/drivers/staging/meilhaus/memain.c linux-2.6.29.6/drivers/staging/meilhaus/memain.c
+--- linux-2.6.29.6/drivers/staging/meilhaus/memain.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/meilhaus/memain.c	2009-07-23 18:40:28.086506170 -0400
+@@ -107,7 +107,7 @@ static struct cdev *cdevp;
+ /* File operations provided by the module
+ */
+ 
+-static struct file_operations me_file_operations = {
++static const struct file_operations me_file_operations = {
+ 	.owner = THIS_MODULE,
+ 	.ioctl = me_ioctl,
+ 	.open = me_open,
+diff -urNp linux-2.6.29.6/drivers/staging/panel/panel.c linux-2.6.29.6/drivers/staging/panel/panel.c
+--- linux-2.6.29.6/drivers/staging/panel/panel.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/panel/panel.c	2009-07-23 18:40:28.087439625 -0400
+@@ -1263,7 +1263,7 @@ static int lcd_release(struct inode *ino
+ 	return 0;
+ }
+ 
+-static struct file_operations lcd_fops = {
++static const struct file_operations lcd_fops = {
+ 	.write   = lcd_write,
+ 	.open    = lcd_open,
+ 	.release = lcd_release,
+@@ -1519,7 +1519,7 @@ static int keypad_release(struct inode *
+ 	return 0;
+ }
+ 
+-static struct file_operations keypad_fops = {
++static const struct file_operations keypad_fops = {
+ 	.read    = keypad_read,		/* read */
+ 	.open    = keypad_open,		/* open */
+ 	.release = keypad_release,	/* close */
+diff -urNp linux-2.6.29.6/drivers/staging/poch/poch.c linux-2.6.29.6/drivers/staging/poch/poch.c
+--- linux-2.6.29.6/drivers/staging/poch/poch.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/poch/poch.c	2009-07-23 18:40:28.100950832 -0400
+@@ -1056,7 +1056,7 @@ static int poch_ioctl(struct inode *inod
+ 	return 0;
+ }
+ 
+-static struct file_operations poch_fops = {
++static const struct file_operations poch_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = poch_open,
+ 	.release = poch_release,
+diff -urNp linux-2.6.29.6/drivers/staging/rspiusb/rspiusb.c linux-2.6.29.6/drivers/staging/rspiusb/rspiusb.c
+--- linux-2.6.29.6/drivers/staging/rspiusb/rspiusb.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/staging/rspiusb/rspiusb.c	2009-07-23 18:40:28.104254239 -0400
+@@ -708,7 +708,7 @@ static int MapUserBuffer(struct ioctl_st
+ 	return 0;
+ }
+ 
+-static struct file_operations piusb_fops = {
++static const struct file_operations piusb_fops = {
+ 	.owner = THIS_MODULE,
+ 	.ioctl = piusb_ioctl,
+ 	.open = piusb_open,
+diff -urNp linux-2.6.29.6/drivers/uio/uio.c linux-2.6.29.6/drivers/uio/uio.c
+--- linux-2.6.29.6/drivers/uio/uio.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/uio/uio.c	2009-07-23 18:40:28.106388317 -0400
+@@ -636,7 +636,7 @@ static int uio_vma_fault(struct vm_area_
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct uio_vm_ops = {
++static const struct vm_operations_struct uio_vm_ops = {
+ 	.open = uio_vma_open,
+ 	.close = uio_vma_close,
+ 	.fault = uio_vma_fault,
+diff -urNp linux-2.6.29.6/drivers/usb/atm/usbatm.c linux-2.6.29.6/drivers/usb/atm/usbatm.c
+--- linux-2.6.29.6/drivers/usb/atm/usbatm.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/atm/usbatm.c	2009-07-23 17:34:32.135751373 -0400
+@@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(stru
+ 		if (printk_ratelimit())
+ 			atm_warn(instance, "%s: OAM not supported (vpi %d, vci %d)!\n",
+ 				__func__, vpi, vci);
+-		atomic_inc(&vcc->stats->rx_err);
++		atomic_inc_unchecked(&vcc->stats->rx_err);
+ 		return;
+ 	}
+ 
+@@ -361,7 +361,7 @@ static void usbatm_extract_one_cell(stru
+ 		if (length > ATM_MAX_AAL5_PDU) {
+ 			atm_rldbg(instance, "%s: bogus length %u (vcc: 0x%p)!\n",
+ 				  __func__, length, vcc);
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			goto out;
+ 		}
+ 
+@@ -370,14 +370,14 @@ static void usbatm_extract_one_cell(stru
+ 		if (sarb->len < pdu_length) {
+ 			atm_rldbg(instance, "%s: bogus pdu_length %u (sarb->len: %u, vcc: 0x%p)!\n",
+ 				  __func__, pdu_length, sarb->len, vcc);
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			goto out;
+ 		}
+ 
+ 		if (crc32_be(~0, skb_tail_pointer(sarb) - pdu_length, pdu_length) != 0xc704dd7b) {
+ 			atm_rldbg(instance, "%s: packet failed crc check (vcc: 0x%p)!\n",
+ 				  __func__, vcc);
+-			atomic_inc(&vcc->stats->rx_err);
++			atomic_inc_unchecked(&vcc->stats->rx_err);
+ 			goto out;
+ 		}
+ 
+@@ -387,7 +387,7 @@ static void usbatm_extract_one_cell(stru
+ 			if (printk_ratelimit())
+ 				atm_err(instance, "%s: no memory for skb (length: %u)!\n",
+ 					__func__, length);
+-			atomic_inc(&vcc->stats->rx_drop);
++			atomic_inc_unchecked(&vcc->stats->rx_drop);
+ 			goto out;
+ 		}
+ 
+@@ -412,7 +412,7 @@ static void usbatm_extract_one_cell(stru
+ 
+ 		vcc->push(vcc, skb);
+ 
+-		atomic_inc(&vcc->stats->rx);
++		atomic_inc_unchecked(&vcc->stats->rx);
+ 	out:
+ 		skb_trim(sarb, 0);
+ 	}
+@@ -616,7 +616,7 @@ static void usbatm_tx_process(unsigned l
+ 			struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc;
+ 
+ 			usbatm_pop(vcc, skb);
+-			atomic_inc(&vcc->stats->tx);
++			atomic_inc_unchecked(&vcc->stats->tx);
+ 
+ 			skb = skb_dequeue(&instance->sndqueue);
+ 		}
+diff -urNp linux-2.6.29.6/drivers/usb/class/cdc-acm.c linux-2.6.29.6/drivers/usb/class/cdc-acm.c
+--- linux-2.6.29.6/drivers/usb/class/cdc-acm.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/class/cdc-acm.c	2009-07-23 17:34:32.135751373 -0400
+@@ -1397,7 +1397,7 @@ static struct usb_device_id acm_ids[] = 
+ 		USB_CDC_ACM_PROTO_AT_CDMA) },
+ 
+ 	/* NOTE:  COMM/ACM/0xff is likely MSFT RNDIS ... NOT a modem!! */
+-	{ }
++	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE (usb, acm_ids);
+diff -urNp linux-2.6.29.6/drivers/usb/class/usblp.c linux-2.6.29.6/drivers/usb/class/usblp.c
+--- linux-2.6.29.6/drivers/usb/class/usblp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/class/usblp.c	2009-07-23 17:34:32.136781202 -0400
+@@ -228,7 +228,7 @@ static const struct quirk_printer_struct
+ 	{ 0x0482, 0x0010, USBLP_QUIRK_BIDIR }, /* Kyocera Mita FS 820, by zut <kernel@zut.de> */
+ 	{ 0x04f9, 0x000d, USBLP_QUIRK_BIDIR }, /* Brother Industries, Ltd HL-1440 Laser Printer */
+ 	{ 0x04b8, 0x0202, USBLP_QUIRK_BAD_CLASS }, /* Seiko Epson Receipt Printer M129C */
+-	{ 0, 0 }
++	{ 0, 0, 0 }
+ };
+ 
+ static int usblp_wwait(struct usblp *usblp, int nonblock);
+@@ -1403,7 +1403,7 @@ static struct usb_device_id usblp_ids []
+ 	{ USB_INTERFACE_INFO(7, 1, 2) },
+ 	{ USB_INTERFACE_INFO(7, 1, 3) },
+ 	{ USB_DEVICE(0x04b8, 0x0202) },	/* Seiko Epson Receipt Printer M129C */
+-	{ }						/* Terminating entry */
++	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }		/* Terminating entry */
+ };
+ 
+ MODULE_DEVICE_TABLE (usb, usblp_ids);
+diff -urNp linux-2.6.29.6/drivers/usb/class/usbtmc.c linux-2.6.29.6/drivers/usb/class/usbtmc.c
+--- linux-2.6.29.6/drivers/usb/class/usbtmc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/class/usbtmc.c	2009-07-23 18:40:28.107490981 -0400
+@@ -954,7 +954,7 @@ static long usbtmc_ioctl(struct file *fi
+ 	return retval;
+ }
+ 
+-static struct file_operations fops = {
++static const struct file_operations fops = {
+ 	.owner		= THIS_MODULE,
+ 	.read		= usbtmc_read,
+ 	.write		= usbtmc_write,
+diff -urNp linux-2.6.29.6/drivers/usb/core/hub.c linux-2.6.29.6/drivers/usb/core/hub.c
+--- linux-2.6.29.6/drivers/usb/core/hub.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/core/hub.c	2009-07-23 17:34:32.136781202 -0400
+@@ -3193,7 +3193,7 @@ static struct usb_device_id hub_id_table
+       .bDeviceClass = USB_CLASS_HUB},
+     { .match_flags = USB_DEVICE_ID_MATCH_INT_CLASS,
+       .bInterfaceClass = USB_CLASS_HUB},
+-    { }						/* Terminating entry */
++    { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }						/* Terminating entry */
+ };
+ 
+ MODULE_DEVICE_TABLE (usb, hub_id_table);
+diff -urNp linux-2.6.29.6/drivers/usb/core/inode.c linux-2.6.29.6/drivers/usb/core/inode.c
+--- linux-2.6.29.6/drivers/usb/core/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/core/inode.c	2009-07-23 18:40:28.126687499 -0400
+@@ -47,7 +47,7 @@
+ #define USBFS_DEFAULT_BUSMODE (S_IXUGO | S_IRUGO)
+ #define USBFS_DEFAULT_LISTMODE S_IRUGO
+ 
+-static struct super_operations usbfs_ops;
++static const struct super_operations usbfs_ops;
+ static const struct file_operations default_file_operations;
+ static struct vfsmount *usbfs_mount;
+ static int usbfs_mount_count;	/* = 0 */
+@@ -444,7 +444,7 @@ static const struct file_operations defa
+ 	.llseek =	default_file_lseek,
+ };
+ 
+-static struct super_operations usbfs_ops = {
++static const struct super_operations usbfs_ops = {
+ 	.statfs =	simple_statfs,
+ 	.drop_inode =	generic_delete_inode,
+ 	.remount_fs =	remount,
+diff -urNp linux-2.6.29.6/drivers/usb/core/message.c linux-2.6.29.6/drivers/usb/core/message.c
+--- linux-2.6.29.6/drivers/usb/core/message.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/core/message.c	2009-07-23 17:34:32.137720292 -0400
+@@ -866,7 +866,8 @@ char *usb_cache_string(struct usb_device
+ 	if (buf) {
+ 		len = usb_string(udev, index, buf, 256);
+ 		if (len > 0) {
+-			smallbuf = kmalloc(++len, GFP_KERNEL);
++			++len;
++			smallbuf = kmalloc(len, GFP_KERNEL);
+ 			if (!smallbuf)
+ 				return buf;
+ 			memcpy(smallbuf, buf, len);
+diff -urNp linux-2.6.29.6/drivers/usb/gadget/inode.c linux-2.6.29.6/drivers/usb/gadget/inode.c
+--- linux-2.6.29.6/drivers/usb/gadget/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/gadget/inode.c	2009-07-23 18:40:28.126687499 -0400
+@@ -2035,7 +2035,7 @@ gadgetfs_create_file (struct super_block
+ 	return inode;
+ }
+ 
+-static struct super_operations gadget_fs_operations = {
++static const struct super_operations gadget_fs_operations = {
+ 	.statfs =	simple_statfs,
+ 	.drop_inode =	generic_delete_inode,
+ };
+diff -urNp linux-2.6.29.6/drivers/usb/gadget/printer.c linux-2.6.29.6/drivers/usb/gadget/printer.c
+--- linux-2.6.29.6/drivers/usb/gadget/printer.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/gadget/printer.c	2009-07-23 18:40:28.127445994 -0400
+@@ -875,7 +875,7 @@ printer_ioctl(struct file *fd, unsigned 
+ }
+ 
+ /* used after endpoint configuration */
+-static struct file_operations printer_io_operations = {
++static const struct file_operations printer_io_operations = {
+ 	.owner =	THIS_MODULE,
+ 	.open =		printer_open,
+ 	.read =		printer_read,
+diff -urNp linux-2.6.29.6/drivers/usb/host/ehci-pci.c linux-2.6.29.6/drivers/usb/host/ehci-pci.c
+--- linux-2.6.29.6/drivers/usb/host/ehci-pci.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/host/ehci-pci.c	2009-07-23 17:34:32.137720292 -0400
+@@ -418,7 +418,7 @@ static const struct pci_device_id pci_id
+ 	PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_EHCI, ~0),
+ 	.driver_data =	(unsigned long) &ehci_pci_hc_driver,
+ 	},
+-	{ /* end: all zeroes */ }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ MODULE_DEVICE_TABLE(pci, pci_ids);
+ 
+diff -urNp linux-2.6.29.6/drivers/usb/host/uhci-hcd.c linux-2.6.29.6/drivers/usb/host/uhci-hcd.c
+--- linux-2.6.29.6/drivers/usb/host/uhci-hcd.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/host/uhci-hcd.c	2009-07-23 17:34:32.138862216 -0400
+@@ -927,7 +927,7 @@ static const struct pci_device_id uhci_p
+ 	/* handle any USB UHCI controller */
+ 	PCI_DEVICE_CLASS(PCI_CLASS_SERIAL_USB_UHCI, ~0),
+ 	.driver_data =	(unsigned long) &uhci_driver,
+-	}, { /* end: all zeroes */ }
++	}, { 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, uhci_pci_ids);
+diff -urNp linux-2.6.29.6/drivers/usb/host/whci/debug.c linux-2.6.29.6/drivers/usb/host/whci/debug.c
+--- linux-2.6.29.6/drivers/usb/host/whci/debug.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/host/whci/debug.c	2009-07-23 18:40:28.128284960 -0400
+@@ -134,7 +134,7 @@ static int pzl_open(struct inode *inode,
+ 	return single_open(file, pzl_print, inode->i_private);
+ }
+ 
+-static struct file_operations di_fops = {
++static const struct file_operations di_fops = {
+ 	.open    = di_open,
+ 	.read    = seq_read,
+ 	.llseek  = seq_lseek,
+@@ -142,7 +142,7 @@ static struct file_operations di_fops = 
+ 	.owner   = THIS_MODULE,
+ };
+ 
+-static struct file_operations asl_fops = {
++static const struct file_operations asl_fops = {
+ 	.open    = asl_open,
+ 	.read    = seq_read,
+ 	.llseek  = seq_lseek,
+@@ -150,7 +150,7 @@ static struct file_operations asl_fops =
+ 	.owner   = THIS_MODULE,
+ };
+ 
+-static struct file_operations pzl_fops = {
++static const struct file_operations pzl_fops = {
+ 	.open    = pzl_open,
+ 	.read    = seq_read,
+ 	.llseek  = seq_lseek,
+diff -urNp linux-2.6.29.6/drivers/usb/mon/mon_bin.c linux-2.6.29.6/drivers/usb/mon/mon_bin.c
+--- linux-2.6.29.6/drivers/usb/mon/mon_bin.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/mon/mon_bin.c	2009-07-23 18:40:28.128284960 -0400
+@@ -1094,7 +1094,7 @@ static int mon_bin_vma_fault(struct vm_a
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct mon_bin_vm_ops = {
++static const struct vm_operations_struct mon_bin_vm_ops = {
+ 	.open =     mon_bin_vma_open,
+ 	.close =    mon_bin_vma_close,
+ 	.fault =    mon_bin_vma_fault,
+diff -urNp linux-2.6.29.6/drivers/usb/storage/debug.h linux-2.6.29.6/drivers/usb/storage/debug.h
+--- linux-2.6.29.6/drivers/usb/storage/debug.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/storage/debug.h	2009-07-23 17:34:32.138862216 -0400
+@@ -54,9 +54,9 @@ void usb_stor_show_sense( unsigned char 
+ #define US_DEBUGPX(x...) printk( x )
+ #define US_DEBUG(x) x 
+ #else
+-#define US_DEBUGP(x...)
+-#define US_DEBUGPX(x...)
+-#define US_DEBUG(x)
++#define US_DEBUGP(x...) do {} while (0)
++#define US_DEBUGPX(x...) do {} while (0)
++#define US_DEBUG(x) do {} while (0)
+ #endif
+ 
+ #endif
+diff -urNp linux-2.6.29.6/drivers/usb/storage/usb.c linux-2.6.29.6/drivers/usb/storage/usb.c
+--- linux-2.6.29.6/drivers/usb/storage/usb.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/usb/storage/usb.c	2009-07-23 17:34:32.138862216 -0400
+@@ -141,7 +141,7 @@ static struct usb_device_id storage_usb_
+ #undef COMPLIANT_DEV
+ #undef USUAL_DEV
+ 	/* Terminating entry */
+-	{ }
++	{ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE (usb, storage_usb_ids);
+@@ -184,7 +184,7 @@ static struct us_unusual_dev us_unusual_
+ #	undef USUAL_DEV
+ 
+ 	/* Terminating entry */
+-	{ NULL }
++	{ NULL, NULL, 0, 0, NULL }
+ };
+ 
+ 
+diff -urNp linux-2.6.29.6/drivers/uwb/uwb-debug.c linux-2.6.29.6/drivers/uwb/uwb-debug.c
+--- linux-2.6.29.6/drivers/uwb/uwb-debug.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/uwb/uwb-debug.c	2009-07-23 18:40:28.137381953 -0400
+@@ -205,7 +205,7 @@ static ssize_t command_write(struct file
+ 	return ret < 0 ? ret : len;
+ }
+ 
+-static struct file_operations command_fops = {
++static const struct file_operations command_fops = {
+ 	.open   = command_open,
+ 	.write  = command_write,
+ 	.read   = NULL,
+@@ -255,7 +255,7 @@ static int reservations_open(struct inod
+ 	return single_open(file, reservations_print, inode->i_private);
+ }
+ 
+-static struct file_operations reservations_fops = {
++static const struct file_operations reservations_fops = {
+ 	.open    = reservations_open,
+ 	.read    = seq_read,
+ 	.llseek  = seq_lseek,
+@@ -283,7 +283,7 @@ static int drp_avail_open(struct inode *
+ 	return single_open(file, drp_avail_print, inode->i_private);
+ }
+ 
+-static struct file_operations drp_avail_fops = {
++static const struct file_operations drp_avail_fops = {
+ 	.open    = drp_avail_open,
+ 	.read    = seq_read,
+ 	.llseek  = seq_lseek,
+diff -urNp linux-2.6.29.6/drivers/uwb/wlp/messages.c linux-2.6.29.6/drivers/uwb/wlp/messages.c
+--- linux-2.6.29.6/drivers/uwb/wlp/messages.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/uwb/wlp/messages.c	2009-07-23 17:34:32.139921746 -0400
+@@ -903,7 +903,7 @@ int wlp_parse_f0(struct wlp *wlp, struct
+ 	size_t len = skb->len;
+ 	size_t used;
+ 	ssize_t result;
+-	struct wlp_nonce enonce, rnonce;
++	struct wlp_nonce enonce = {{0}}, rnonce = {{0}};
+ 	enum wlp_assc_error assc_err;
+ 	char enonce_buf[WLP_WSS_NONCE_STRSIZE];
+ 	char rnonce_buf[WLP_WSS_NONCE_STRSIZE];
+diff -urNp linux-2.6.29.6/drivers/video/fb_defio.c linux-2.6.29.6/drivers/video/fb_defio.c
+--- linux-2.6.29.6/drivers/video/fb_defio.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/fb_defio.c	2009-07-23 18:40:28.143844676 -0400
+@@ -125,7 +125,7 @@ page_already_added:
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct fb_deferred_io_vm_ops = {
++static const struct vm_operations_struct fb_deferred_io_vm_ops = {
+ 	.fault		= fb_deferred_io_fault,
+ 	.page_mkwrite	= fb_deferred_io_mkwrite,
+ };
+diff -urNp linux-2.6.29.6/drivers/video/fbmem.c linux-2.6.29.6/drivers/video/fbmem.c
+--- linux-2.6.29.6/drivers/video/fbmem.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/fbmem.c	2009-07-23 17:34:32.140710667 -0400
+@@ -393,7 +393,7 @@ static void fb_do_show_logo(struct fb_in
+ 			image->dx += image->width + 8;
+ 		}
+ 	} else if (rotate == FB_ROTATE_UD) {
+-		for (x = 0; x < num && image->dx >= 0; x++) {
++		for (x = 0; x < num && (__s32)image->dx >= 0; x++) {
+ 			info->fbops->fb_imageblit(info, image);
+ 			image->dx -= image->width + 8;
+ 		}
+@@ -405,7 +405,7 @@ static void fb_do_show_logo(struct fb_in
+ 			image->dy += image->height + 8;
+ 		}
+ 	} else if (rotate == FB_ROTATE_CCW) {
+-		for (x = 0; x < num && image->dy >= 0; x++) {
++		for (x = 0; x < num && (__s32)image->dy >= 0; x++) {
+ 			info->fbops->fb_imageblit(info, image);
+ 			image->dy -= image->height + 8;
+ 		}
+@@ -1098,7 +1098,7 @@ static long do_fb_ioctl(struct fb_info *
+ 			return -EFAULT;
+ 		if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES)
+ 			return -EINVAL;
+-		if (con2fb.framebuffer < 0 || con2fb.framebuffer >= FB_MAX)
++		if (con2fb.framebuffer >= FB_MAX)
+ 			return -EINVAL;
+ 		if (!registered_fb[con2fb.framebuffer])
+ 			request_module("fb%d", con2fb.framebuffer);
+diff -urNp linux-2.6.29.6/drivers/video/fbmon.c linux-2.6.29.6/drivers/video/fbmon.c
+--- linux-2.6.29.6/drivers/video/fbmon.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/fbmon.c	2009-07-23 17:34:32.140710667 -0400
+@@ -45,7 +45,7 @@
+ #ifdef DEBUG
+ #define DPRINTK(fmt, args...) printk(fmt,## args)
+ #else
+-#define DPRINTK(fmt, args...)
++#define DPRINTK(fmt, args...) do {} while (0)
+ #endif
+ 
+ #define FBMON_FIX_HEADER  1
+diff -urNp linux-2.6.29.6/drivers/video/i810/i810_accel.c linux-2.6.29.6/drivers/video/i810/i810_accel.c
+--- linux-2.6.29.6/drivers/video/i810/i810_accel.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/i810/i810_accel.c	2009-07-23 17:34:32.140710667 -0400
+@@ -73,6 +73,7 @@ static inline int wait_for_space(struct 
+ 		}
+ 	}
+ 	printk("ringbuffer lockup!!!\n");
++	printk("head:%u tail:%u iring.size:%u space:%u\n", head, tail, par->iring.size, space);
+ 	i810_report_error(mmio); 
+ 	par->dev_flags |= LOCKUP;
+ 	info->pixmap.scan_align = 1;
+diff -urNp linux-2.6.29.6/drivers/video/i810/i810_main.c linux-2.6.29.6/drivers/video/i810/i810_main.c
+--- linux-2.6.29.6/drivers/video/i810/i810_main.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/i810/i810_main.c	2009-07-23 17:34:32.141886076 -0400
+@@ -120,7 +120,7 @@ static struct pci_device_id i810fb_pci_t
+ 	  PCI_ANY_ID, PCI_ANY_ID, 0, 0, 4 },
+ 	{ PCI_VENDOR_ID_INTEL, PCI_DEVICE_ID_INTEL_82815_CGC,
+ 	  PCI_ANY_ID, PCI_ANY_ID, 0, 0, 5 },
+-	{ 0 },
++	{ 0, 0, 0, 0, 0, 0, 0 },
+ };
+ 
+ static struct pci_driver i810fb_driver = {
+diff -urNp linux-2.6.29.6/drivers/video/modedb.c linux-2.6.29.6/drivers/video/modedb.c
+--- linux-2.6.29.6/drivers/video/modedb.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/modedb.c	2009-07-23 17:34:32.141886076 -0400
+@@ -38,232 +38,232 @@ static const struct fb_videomode modedb[
+     {
+ 	/* 640x400 @ 70 Hz, 31.5 kHz hsync */
+ 	NULL, 70, 640, 400, 39721, 40, 24, 39, 9, 96, 2,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 640x480 @ 60 Hz, 31.5 kHz hsync */
+ 	NULL, 60, 640, 480, 39721, 40, 24, 32, 11, 96, 2,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 800x600 @ 56 Hz, 35.15 kHz hsync */
+ 	NULL, 56, 800, 600, 27777, 128, 24, 22, 1, 72, 2,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1024x768 @ 87 Hz interlaced, 35.5 kHz hsync */
+ 	NULL, 87, 1024, 768, 22271, 56, 24, 33, 8, 160, 8,
+-	0, FB_VMODE_INTERLACED
++	0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 640x400 @ 85 Hz, 37.86 kHz hsync */
+ 	NULL, 85, 640, 400, 31746, 96, 32, 41, 1, 64, 3,
+-	FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 640x480 @ 72 Hz, 36.5 kHz hsync */
+ 	NULL, 72, 640, 480, 31746, 144, 40, 30, 8, 40, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 640x480 @ 75 Hz, 37.50 kHz hsync */
+ 	NULL, 75, 640, 480, 31746, 120, 16, 16, 1, 64, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 800x600 @ 60 Hz, 37.8 kHz hsync */
+ 	NULL, 60, 800, 600, 25000, 88, 40, 23, 1, 128, 4,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 640x480 @ 85 Hz, 43.27 kHz hsync */
+ 	NULL, 85, 640, 480, 27777, 80, 56, 25, 1, 56, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1152x864 @ 89 Hz interlaced, 44 kHz hsync */
+ 	NULL, 89, 1152, 864, 15384, 96, 16, 110, 1, 216, 10,
+-	0, FB_VMODE_INTERLACED
++	0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 800x600 @ 72 Hz, 48.0 kHz hsync */
+ 	NULL, 72, 800, 600, 20000, 64, 56, 23, 37, 120, 6,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1024x768 @ 60 Hz, 48.4 kHz hsync */
+ 	NULL, 60, 1024, 768, 15384, 168, 8, 29, 3, 144, 6,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 640x480 @ 100 Hz, 53.01 kHz hsync */
+ 	NULL, 100, 640, 480, 21834, 96, 32, 36, 8, 96, 6,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1152x864 @ 60 Hz, 53.5 kHz hsync */
+ 	NULL, 60, 1152, 864, 11123, 208, 64, 16, 4, 256, 8,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 800x600 @ 85 Hz, 55.84 kHz hsync */
+ 	NULL, 85, 800, 600, 16460, 160, 64, 36, 16, 64, 5,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1024x768 @ 70 Hz, 56.5 kHz hsync */
+ 	NULL, 70, 1024, 768, 13333, 144, 24, 29, 3, 136, 6,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1280x1024 @ 87 Hz interlaced, 51 kHz hsync */
+ 	NULL, 87, 1280, 1024, 12500, 56, 16, 128, 1, 216, 12,
+-	0, FB_VMODE_INTERLACED
++	0, FB_VMODE_INTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 800x600 @ 100 Hz, 64.02 kHz hsync */
+ 	NULL, 100, 800, 600, 14357, 160, 64, 30, 4, 64, 6,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1024x768 @ 76 Hz, 62.5 kHz hsync */
+ 	NULL, 76, 1024, 768, 11764, 208, 8, 36, 16, 120, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1152x864 @ 70 Hz, 62.4 kHz hsync */
+ 	NULL, 70, 1152, 864, 10869, 106, 56, 20, 1, 160, 10,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1280x1024 @ 61 Hz, 64.2 kHz hsync */
+ 	NULL, 61, 1280, 1024, 9090, 200, 48, 26, 1, 184, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1400x1050 @ 60Hz, 63.9 kHz hsync */
+ 	NULL, 60, 1400, 1050, 9259, 136, 40, 13, 1, 112, 3,
+-	0, FB_VMODE_NONINTERLACED   	
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1400x1050 @ 75,107 Hz, 82,392 kHz +hsync +vsync*/
+ 	NULL, 75, 1400, 1050, 7190, 120, 56, 23, 10, 112, 13,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1400x1050 @ 60 Hz, ? kHz +hsync +vsync*/
+         NULL, 60, 1400, 1050, 9259, 128, 40, 12, 0, 112, 3,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1024x768 @ 85 Hz, 70.24 kHz hsync */
+ 	NULL, 85, 1024, 768, 10111, 192, 32, 34, 14, 160, 6,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1152x864 @ 78 Hz, 70.8 kHz hsync */
+ 	NULL, 78, 1152, 864, 9090, 228, 88, 32, 0, 84, 12,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1280x1024 @ 70 Hz, 74.59 kHz hsync */
+ 	NULL, 70, 1280, 1024, 7905, 224, 32, 28, 8, 160, 8,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1600x1200 @ 60Hz, 75.00 kHz hsync */
+ 	NULL, 60, 1600, 1200, 6172, 304, 64, 46, 1, 192, 3,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1152x864 @ 84 Hz, 76.0 kHz hsync */
+ 	NULL, 84, 1152, 864, 7407, 184, 312, 32, 0, 128, 12,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1280x1024 @ 74 Hz, 78.85 kHz hsync */
+ 	NULL, 74, 1280, 1024, 7407, 256, 32, 34, 3, 144, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1024x768 @ 100Hz, 80.21 kHz hsync */
+ 	NULL, 100, 1024, 768, 8658, 192, 32, 21, 3, 192, 10,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1280x1024 @ 76 Hz, 81.13 kHz hsync */
+ 	NULL, 76, 1280, 1024, 7407, 248, 32, 34, 3, 104, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1600x1200 @ 70 Hz, 87.50 kHz hsync */
+ 	NULL, 70, 1600, 1200, 5291, 304, 64, 46, 1, 192, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1152x864 @ 100 Hz, 89.62 kHz hsync */
+ 	NULL, 100, 1152, 864, 7264, 224, 32, 17, 2, 128, 19,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1280x1024 @ 85 Hz, 91.15 kHz hsync */
+ 	NULL, 85, 1280, 1024, 6349, 224, 64, 44, 1, 160, 3,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1600x1200 @ 75 Hz, 93.75 kHz hsync */
+ 	NULL, 75, 1600, 1200, 4938, 304, 64, 46, 1, 192, 3,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1680x1050 @ 60 Hz, 65.191 kHz hsync */
+ 	NULL, 60, 1680, 1050, 6848, 280, 104, 30, 3, 176, 6,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1600x1200 @ 85 Hz, 105.77 kHz hsync */
+ 	NULL, 85, 1600, 1200, 4545, 272, 16, 37, 4, 192, 3,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1280x1024 @ 100 Hz, 107.16 kHz hsync */
+ 	NULL, 100, 1280, 1024, 5502, 256, 32, 26, 7, 128, 15,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1800x1440 @ 64Hz, 96.15 kHz hsync  */
+ 	NULL, 64, 1800, 1440, 4347, 304, 96, 46, 1, 192, 3,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1800x1440 @ 70Hz, 104.52 kHz hsync  */
+ 	NULL, 70, 1800, 1440, 4000, 304, 96, 46, 1, 192, 3,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 512x384 @ 78 Hz, 31.50 kHz hsync */
+ 	NULL, 78, 512, 384, 49603, 48, 16, 16, 1, 64, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 512x384 @ 85 Hz, 34.38 kHz hsync */
+ 	NULL, 85, 512, 384, 45454, 48, 16, 16, 1, 64, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 320x200 @ 70 Hz, 31.5 kHz hsync, 8:5 aspect ratio */
+ 	NULL, 70, 320, 200, 79440, 16, 16, 20, 4, 48, 1,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 320x240 @ 60 Hz, 31.5 kHz hsync, 4:3 aspect ratio */
+ 	NULL, 60, 320, 240, 79440, 16, 16, 16, 5, 48, 1,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 320x240 @ 72 Hz, 36.5 kHz hsync */
+ 	NULL, 72, 320, 240, 63492, 16, 16, 16, 4, 48, 2,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 400x300 @ 56 Hz, 35.2 kHz hsync, 4:3 aspect ratio */
+ 	NULL, 56, 400, 300, 55555, 64, 16, 10, 1, 32, 1,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 400x300 @ 60 Hz, 37.8 kHz hsync */
+ 	NULL, 60, 400, 300, 50000, 48, 16, 11, 1, 64, 2,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 400x300 @ 72 Hz, 48.0 kHz hsync */
+ 	NULL, 72, 400, 300, 40000, 32, 24, 11, 19, 64, 3,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 480x300 @ 56 Hz, 35.2 kHz hsync, 8:5 aspect ratio */
+ 	NULL, 56, 480, 300, 46176, 80, 16, 10, 1, 40, 1,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 480x300 @ 60 Hz, 37.8 kHz hsync */
+ 	NULL, 60, 480, 300, 41858, 56, 16, 11, 1, 80, 2,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 480x300 @ 63 Hz, 39.6 kHz hsync */
+ 	NULL, 63, 480, 300, 40000, 56, 16, 11, 1, 80, 2,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 480x300 @ 72 Hz, 48.0 kHz hsync */
+ 	NULL, 72, 480, 300, 33386, 40, 24, 11, 19, 80, 3,
+-	0, FB_VMODE_DOUBLE
++	0, FB_VMODE_DOUBLE, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1920x1200 @ 60 Hz, 74.5 Khz hsync */
+ 	NULL, 60, 1920, 1200, 5177, 128, 336, 1, 38, 208, 3,
+ 	FB_SYNC_HOR_HIGH_ACT | FB_SYNC_VERT_HIGH_ACT,
+-	FB_VMODE_NONINTERLACED
++	FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1152x768, 60 Hz, PowerBook G4 Titanium I and II */
+ 	NULL, 60, 1152, 768, 14047, 158, 26, 29, 3, 136, 6,
+-	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED
++	FB_SYNC_HOR_HIGH_ACT|FB_SYNC_VERT_HIGH_ACT, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     }, {
+ 	/* 1366x768, 60 Hz, 47.403 kHz hsync, WXGA 16:9 aspect ratio */
+ 	NULL, 60, 1366, 768, 13806, 120, 10, 14, 3, 32, 5,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+    }, {
+ 	/* 1280x800, 60 Hz, 47.403 kHz hsync, WXGA 16:10 aspect ratio */
+ 	NULL, 60, 1280, 800, 12048, 200, 64, 24, 1, 136, 3,
+-	0, FB_VMODE_NONINTERLACED
++	0, FB_VMODE_NONINTERLACED, FB_MODE_IS_UNKNOWN
+     },
+ };
+ 
+diff -urNp linux-2.6.29.6/drivers/video/omap/dispc.c linux-2.6.29.6/drivers/video/omap/dispc.c
+--- linux-2.6.29.6/drivers/video/omap/dispc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/omap/dispc.c	2009-07-23 18:40:28.146299850 -0400
+@@ -1011,7 +1011,7 @@ static void mmap_user_close(struct vm_ar
+ 	atomic_dec(&dispc.map_count[plane]);
+ }
+ 
+-static struct vm_operations_struct mmap_user_ops = {
++static const struct vm_operations_struct mmap_user_ops = {
+ 	.open = mmap_user_open,
+ 	.close = mmap_user_close,
+ };
+diff -urNp linux-2.6.29.6/drivers/video/uvesafb.c linux-2.6.29.6/drivers/video/uvesafb.c
+--- linux-2.6.29.6/drivers/video/uvesafb.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/uvesafb.c	2009-07-23 17:34:32.142789474 -0400
+@@ -18,6 +18,7 @@
+ #include <linux/fb.h>
+ #include <linux/io.h>
+ #include <linux/mutex.h>
++#include <linux/moduleloader.h>
+ #include <video/edid.h>
+ #include <video/uvesafb.h>
+ #ifdef CONFIG_X86
+@@ -117,7 +118,7 @@ static int uvesafb_helper_start(void)
+ 		NULL,
+ 	};
+ 
+-	return call_usermodehelper(v86d_path, argv, envp, 1);
++	return call_usermodehelper(v86d_path, argv, envp, UMH_WAIT_PROC);
+ }
+ 
+ /*
+@@ -574,10 +575,34 @@ static int __devinit uvesafb_vbe_getpmi(
+ 	if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) {
+ 		par->pmi_setpal = par->ypan = 0;
+ 	} else {
++
++#ifdef CONFIG_PAX_KERNEXEC
++#ifdef CONFIG_MODULES
++		unsigned long cr0;
++
++		par->pmi_code = module_alloc_exec((u16)task->t.regs.ecx);
++#endif
++		if (!par->pmi_code) {
++			par->pmi_setpal = par->ypan = 0;
++			return 0;
++		}
++#endif
++
+ 		par->pmi_base = (u16 *)phys_to_virt(((u32)task->t.regs.es << 4)
+ 						+ task->t.regs.edi);
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++		pax_open_kernel(cr0);
++		memcpy(par->pmi_code, par->pmi_base, (u16)task->t.regs.ecx);
++		pax_close_kernel(cr0);
++
++		par->pmi_start = ktva_ktla(par->pmi_code + par->pmi_base[1]);
++		par->pmi_pal = ktva_ktla(par->pmi_code + par->pmi_base[2]);
++#else
+ 		par->pmi_start = (u8 *)par->pmi_base + par->pmi_base[1];
+ 		par->pmi_pal = (u8 *)par->pmi_base + par->pmi_base[2];
++#endif
++
+ 		printk(KERN_INFO "uvesafb: protected mode interface info at "
+ 				 "%04x:%04x\n",
+ 				 (u16)task->t.regs.es, (u16)task->t.regs.edi);
+@@ -1832,6 +1857,11 @@ out:
+ 	if (par->vbe_modes)
+ 		kfree(par->vbe_modes);
+ 
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++	if (par->pmi_code)
++		module_free_exec(NULL, par->pmi_code);
++#endif
++
+ 	framebuffer_release(info);
+ 	return err;
+ }
+@@ -1858,6 +1888,12 @@ static int uvesafb_remove(struct platfor
+ 				kfree(par->vbe_state_orig);
+ 			if (par->vbe_state_saved)
+ 				kfree(par->vbe_state_saved);
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++			if (par->pmi_code)
++				module_free_exec(NULL, par->pmi_code);
++#endif
++
+ 		}
+ 
+ 		framebuffer_release(info);
+diff -urNp linux-2.6.29.6/drivers/video/vesafb.c linux-2.6.29.6/drivers/video/vesafb.c
+--- linux-2.6.29.6/drivers/video/vesafb.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/video/vesafb.c	2009-07-23 17:34:32.142789474 -0400
+@@ -9,6 +9,7 @@
+  */
+ 
+ #include <linux/module.h>
++#include <linux/moduleloader.h>
+ #include <linux/kernel.h>
+ #include <linux/errno.h>
+ #include <linux/string.h>
+@@ -53,8 +54,8 @@ static int   vram_remap __initdata;		/* 
+ static int   vram_total __initdata;		/* Set total amount of memory */
+ static int   pmi_setpal __read_mostly = 1;	/* pmi for palette changes ??? */
+ static int   ypan       __read_mostly;		/* 0..nothing, 1..ypan, 2..ywrap */
+-static void  (*pmi_start)(void) __read_mostly;
+-static void  (*pmi_pal)  (void) __read_mostly;
++static void  (*pmi_start)(void) __read_only;
++static void  (*pmi_pal)  (void) __read_only;
+ static int   depth      __read_mostly;
+ static int   vga_compat __read_mostly;
+ /* --------------------------------------------------------------------- */
+@@ -224,6 +225,7 @@ static int __init vesafb_probe(struct pl
+ 	unsigned int size_vmode;
+ 	unsigned int size_remap;
+ 	unsigned int size_total;
++	void *pmi_code = NULL;
+ 
+ 	if (screen_info.orig_video_isVGA != VIDEO_TYPE_VLFB)
+ 		return -ENODEV;
+@@ -266,10 +268,6 @@ static int __init vesafb_probe(struct pl
+ 		size_remap = size_total;
+ 	vesafb_fix.smem_len = size_remap;
+ 
+-#ifndef __i386__
+-	screen_info.vesapm_seg = 0;
+-#endif
+-
+ 	if (!request_mem_region(vesafb_fix.smem_start, size_total, "vesafb")) {
+ 		printk(KERN_WARNING
+ 		       "vesafb: cannot reserve video memory at 0x%lx\n",
+@@ -302,9 +300,21 @@ static int __init vesafb_probe(struct pl
+ 	printk(KERN_INFO "vesafb: mode is %dx%dx%d, linelength=%d, pages=%d\n",
+ 	       vesafb_defined.xres, vesafb_defined.yres, vesafb_defined.bits_per_pixel, vesafb_fix.line_length, screen_info.pages);
+ 
++#ifdef __i386__
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++	pmi_code = module_alloc_exec(screen_info.vesapm_size);
++	if (!pmi_code)
++#elif !defined(CONFIG_PAX_KERNEXEC)
++	if (0)
++#endif
++
++#endif
++	screen_info.vesapm_seg = 0;
++
+ 	if (screen_info.vesapm_seg) {
+-		printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x\n",
+-		       screen_info.vesapm_seg,screen_info.vesapm_off);
++		printk(KERN_INFO "vesafb: protected mode interface info at %04x:%04x %04x bytes\n",
++		       screen_info.vesapm_seg,screen_info.vesapm_off,screen_info.vesapm_size);
+ 	}
+ 
+ 	if (screen_info.vesapm_seg < 0xc000)
+@@ -312,9 +322,29 @@ static int __init vesafb_probe(struct pl
+ 
+ 	if (ypan || pmi_setpal) {
+ 		unsigned short *pmi_base;
+-		pmi_base  = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
+-		pmi_start = (void*)((char*)pmi_base + pmi_base[1]);
+-		pmi_pal   = (void*)((char*)pmi_base + pmi_base[2]);
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++		unsigned long cr0;
++#endif
++
++		pmi_base = (unsigned short*)phys_to_virt(((unsigned long)screen_info.vesapm_seg << 4) + screen_info.vesapm_off);
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++		pax_open_kernel(cr0);
++		memcpy(pmi_code, pmi_base, screen_info.vesapm_size);
++#else
++		pmi_code = pmi_base;
++#endif
++
++		pmi_start = (void*)((char*)pmi_code + pmi_base[1]);
++		pmi_pal   = (void*)((char*)pmi_code + pmi_base[2]);
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++		pmi_start = ktva_ktla(pmi_start);
++		pmi_pal = ktva_ktla(pmi_pal);
++		pax_close_kernel(cr0);
++#endif
++
+ 		printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal);
+ 		if (pmi_base[3]) {
+ 			printk(KERN_INFO "vesafb: pmi: ports = ");
+@@ -456,6 +486,11 @@ static int __init vesafb_probe(struct pl
+ 	       info->node, info->fix.id);
+ 	return 0;
+ err:
++
++#if defined(__i386__) && defined(CONFIG_MODULES) && defined(CONFIG_PAX_KERNEXEC)
++	module_free_exec(NULL, pmi_code);
++#endif
++
+ 	if (info->screen_base)
+ 		iounmap(info->screen_base);
+ 	framebuffer_release(info);
+diff -urNp linux-2.6.29.6/drivers/watchdog/hpwdt.c linux-2.6.29.6/drivers/watchdog/hpwdt.c
+--- linux-2.6.29.6/drivers/watchdog/hpwdt.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/watchdog/hpwdt.c	2009-07-23 18:40:28.157294684 -0400
+@@ -605,7 +605,7 @@ static long hpwdt_ioctl(struct file *fil
+ /*
+  *	Kernel interfaces
+  */
+-static struct file_operations hpwdt_fops = {
++static const struct file_operations hpwdt_fops = {
+ 	.owner = THIS_MODULE,
+ 	.llseek = no_llseek,
+ 	.write = hpwdt_write,
+diff -urNp linux-2.6.29.6/drivers/watchdog/rc32434_wdt.c linux-2.6.29.6/drivers/watchdog/rc32434_wdt.c
+--- linux-2.6.29.6/drivers/watchdog/rc32434_wdt.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/drivers/watchdog/rc32434_wdt.c	2009-07-23 18:40:28.159486351 -0400
+@@ -227,7 +227,7 @@ static long rc32434_wdt_ioctl(struct fil
+ 	return 0;
+ }
+ 
+-static struct file_operations rc32434_wdt_fops = {
++static const struct file_operations rc32434_wdt_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.llseek		= no_llseek,
+ 	.write		= rc32434_wdt_write,
+diff -urNp linux-2.6.29.6/fs/9p/v9fs_vfs.h linux-2.6.29.6/fs/9p/v9fs_vfs.h
+--- linux-2.6.29.6/fs/9p/v9fs_vfs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/9p/v9fs_vfs.h	2009-07-23 18:40:28.173305021 -0400
+@@ -41,8 +41,8 @@ extern struct file_system_type v9fs_fs_t
+ extern const struct address_space_operations v9fs_addr_operations;
+ extern const struct file_operations v9fs_file_operations;
+ extern const struct file_operations v9fs_dir_operations;
+-extern struct dentry_operations v9fs_dentry_operations;
+-extern struct dentry_operations v9fs_cached_dentry_operations;
++extern const struct dentry_operations v9fs_dentry_operations;
++extern const struct dentry_operations v9fs_cached_dentry_operations;
+ 
+ struct inode *v9fs_get_inode(struct super_block *sb, int mode);
+ ino_t v9fs_qid2ino(struct p9_qid *qid);
+diff -urNp linux-2.6.29.6/fs/9p/vfs_dentry.c linux-2.6.29.6/fs/9p/vfs_dentry.c
+--- linux-2.6.29.6/fs/9p/vfs_dentry.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/9p/vfs_dentry.c	2009-07-23 18:40:28.185251831 -0400
+@@ -104,12 +104,12 @@ void v9fs_dentry_release(struct dentry *
+ 	}
+ }
+ 
+-struct dentry_operations v9fs_cached_dentry_operations = {
++const struct dentry_operations v9fs_cached_dentry_operations = {
+ 	.d_delete = v9fs_cached_dentry_delete,
+ 	.d_release = v9fs_dentry_release,
+ };
+ 
+-struct dentry_operations v9fs_dentry_operations = {
++const struct dentry_operations v9fs_dentry_operations = {
+ 	.d_delete = v9fs_dentry_delete,
+ 	.d_release = v9fs_dentry_release,
+ };
+diff -urNp linux-2.6.29.6/fs/9p/vfs_inode.c linux-2.6.29.6/fs/9p/vfs_inode.c
+--- linux-2.6.29.6/fs/9p/vfs_inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/9p/vfs_inode.c	2009-07-23 17:34:32.142789474 -0400
+@@ -1021,7 +1021,7 @@ static void *v9fs_vfs_follow_link(struct
+ static void
+ v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
+ {
+-	char *s = nd_get_link(nd);
++	const char *s = nd_get_link(nd);
+ 
+ 	P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name,
+ 		IS_ERR(s) ? "<error>" : s);
+diff -urNp linux-2.6.29.6/fs/adfs/adfs.h linux-2.6.29.6/fs/adfs/adfs.h
+--- linux-2.6.29.6/fs/adfs/adfs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/adfs/adfs.h	2009-07-23 18:40:28.197959261 -0400
+@@ -86,7 +86,7 @@ void __adfs_error(struct super_block *sb
+ /* dir_*.c */
+ extern const struct inode_operations adfs_dir_inode_operations;
+ extern const struct file_operations adfs_dir_operations;
+-extern struct dentry_operations adfs_dentry_operations;
++extern const struct dentry_operations adfs_dentry_operations;
+ extern struct adfs_dir_ops adfs_f_dir_ops;
+ extern struct adfs_dir_ops adfs_fplus_dir_ops;
+ 
+diff -urNp linux-2.6.29.6/fs/adfs/dir.c linux-2.6.29.6/fs/adfs/dir.c
+--- linux-2.6.29.6/fs/adfs/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/adfs/dir.c	2009-07-23 18:40:28.198372454 -0400
+@@ -263,7 +263,7 @@ adfs_compare(struct dentry *parent, stru
+ 	return 0;
+ }
+ 
+-struct dentry_operations adfs_dentry_operations = {
++const struct dentry_operations adfs_dentry_operations = {
+ 	.d_hash		= adfs_hash,
+ 	.d_compare	= adfs_compare,
+ };
+diff -urNp linux-2.6.29.6/fs/affs/affs.h linux-2.6.29.6/fs/affs/affs.h
+--- linux-2.6.29.6/fs/affs/affs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/affs/affs.h	2009-07-23 18:40:28.203573277 -0400
+@@ -199,8 +199,8 @@ extern const struct address_space_operat
+ extern const struct address_space_operations	 affs_aops;
+ extern const struct address_space_operations	 affs_aops_ofs;
+ 
+-extern struct dentry_operations	 affs_dentry_operations;
+-extern struct dentry_operations	 affs_dentry_operations_intl;
++extern const struct dentry_operations	 affs_dentry_operations;
++extern const struct dentry_operations	 affs_dentry_operations_intl;
+ 
+ static inline void
+ affs_set_blocksize(struct super_block *sb, int size)
+diff -urNp linux-2.6.29.6/fs/affs/namei.c linux-2.6.29.6/fs/affs/namei.c
+--- linux-2.6.29.6/fs/affs/namei.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/affs/namei.c	2009-07-23 18:40:28.222351680 -0400
+@@ -19,12 +19,12 @@ static int	 affs_intl_toupper(int ch);
+ static int	 affs_intl_hash_dentry(struct dentry *, struct qstr *);
+ static int       affs_intl_compare_dentry(struct dentry *, struct qstr *, struct qstr *);
+ 
+-struct dentry_operations affs_dentry_operations = {
++const struct dentry_operations affs_dentry_operations = {
+ 	.d_hash		= affs_hash_dentry,
+ 	.d_compare	= affs_compare_dentry,
+ };
+ 
+-static struct dentry_operations affs_intl_dentry_operations = {
++static const struct dentry_operations affs_intl_dentry_operations = {
+ 	.d_hash		= affs_intl_hash_dentry,
+ 	.d_compare	= affs_intl_compare_dentry,
+ };
+diff -urNp linux-2.6.29.6/fs/afs/dir.c linux-2.6.29.6/fs/afs/dir.c
+--- linux-2.6.29.6/fs/afs/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/afs/dir.c	2009-07-23 18:40:28.235494421 -0400
+@@ -62,7 +62,7 @@ const struct inode_operations afs_dir_in
+ 	.setattr	= afs_setattr,
+ };
+ 
+-static struct dentry_operations afs_fs_dentry_operations = {
++static const struct dentry_operations afs_fs_dentry_operations = {
+ 	.d_revalidate	= afs_d_revalidate,
+ 	.d_delete	= afs_d_delete,
+ 	.d_release	= afs_d_release,
+diff -urNp linux-2.6.29.6/fs/afs/proc.c linux-2.6.29.6/fs/afs/proc.c
+--- linux-2.6.29.6/fs/afs/proc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/afs/proc.c	2009-07-23 18:40:28.235494421 -0400
+@@ -28,7 +28,7 @@ static int afs_proc_cells_show(struct se
+ static ssize_t afs_proc_cells_write(struct file *file, const char __user *buf,
+ 				    size_t size, loff_t *_pos);
+ 
+-static struct seq_operations afs_proc_cells_ops = {
++static const struct seq_operations afs_proc_cells_ops = {
+ 	.start	= afs_proc_cells_start,
+ 	.next	= afs_proc_cells_next,
+ 	.stop	= afs_proc_cells_stop,
+@@ -70,7 +70,7 @@ static void *afs_proc_cell_volumes_next(
+ static void afs_proc_cell_volumes_stop(struct seq_file *p, void *v);
+ static int afs_proc_cell_volumes_show(struct seq_file *m, void *v);
+ 
+-static struct seq_operations afs_proc_cell_volumes_ops = {
++static const struct seq_operations afs_proc_cell_volumes_ops = {
+ 	.start	= afs_proc_cell_volumes_start,
+ 	.next	= afs_proc_cell_volumes_next,
+ 	.stop	= afs_proc_cell_volumes_stop,
+@@ -95,7 +95,7 @@ static void *afs_proc_cell_vlservers_nex
+ static void afs_proc_cell_vlservers_stop(struct seq_file *p, void *v);
+ static int afs_proc_cell_vlservers_show(struct seq_file *m, void *v);
+ 
+-static struct seq_operations afs_proc_cell_vlservers_ops = {
++static const struct seq_operations afs_proc_cell_vlservers_ops = {
+ 	.start	= afs_proc_cell_vlservers_start,
+ 	.next	= afs_proc_cell_vlservers_next,
+ 	.stop	= afs_proc_cell_vlservers_stop,
+@@ -119,7 +119,7 @@ static void *afs_proc_cell_servers_next(
+ static void afs_proc_cell_servers_stop(struct seq_file *p, void *v);
+ static int afs_proc_cell_servers_show(struct seq_file *m, void *v);
+ 
+-static struct seq_operations afs_proc_cell_servers_ops = {
++static const struct seq_operations afs_proc_cell_servers_ops = {
+ 	.start	= afs_proc_cell_servers_start,
+ 	.next	= afs_proc_cell_servers_next,
+ 	.stop	= afs_proc_cell_servers_stop,
+diff -urNp linux-2.6.29.6/fs/aio.c linux-2.6.29.6/fs/aio.c
+--- linux-2.6.29.6/fs/aio.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/aio.c	2009-07-23 17:34:32.143911823 -0400
+@@ -114,7 +114,7 @@ static int aio_setup_ring(struct kioctx 
+ 	size += sizeof(struct io_event) * nr_events;
+ 	nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
+ 
+-	if (nr_pages < 0)
++	if (nr_pages <= 0)
+ 		return -EINVAL;
+ 
+ 	nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
+diff -urNp linux-2.6.29.6/fs/anon_inodes.c linux-2.6.29.6/fs/anon_inodes.c
+--- linux-2.6.29.6/fs/anon_inodes.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/anon_inodes.c	2009-07-23 18:40:28.246761754 -0400
+@@ -48,7 +48,7 @@ static struct file_system_type anon_inod
+ 	.get_sb		= anon_inodefs_get_sb,
+ 	.kill_sb	= kill_anon_super,
+ };
+-static struct dentry_operations anon_inodefs_dentry_operations = {
++static const struct dentry_operations anon_inodefs_dentry_operations = {
+ 	.d_delete	= anon_inodefs_delete_dentry,
+ };
+ 
+diff -urNp linux-2.6.29.6/fs/autofs/root.c linux-2.6.29.6/fs/autofs/root.c
+--- linux-2.6.29.6/fs/autofs/root.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/autofs/root.c	2009-07-23 18:40:27.469277997 -0400
+@@ -192,7 +192,7 @@ static int autofs_revalidate(struct dent
+ 	return 1;
+ }
+ 
+-static struct dentry_operations autofs_dentry_operations = {
++static const struct dentry_operations autofs_dentry_operations = {
+ 	.d_revalidate	= autofs_revalidate,
+ };
+ 
+@@ -299,7 +299,8 @@ static int autofs_root_symlink(struct in
+ 	set_bit(n,sbi->symlink_bitmap);
+ 	sl = &sbi->symlink[n];
+ 	sl->len = strlen(symname);
+-	sl->data = kmalloc(slsize = sl->len+1, GFP_KERNEL);
++	slsize = sl->len + 1;
++	sl->data = kmalloc(slsize, GFP_KERNEL);
+ 	if (!sl->data) {
+ 		clear_bit(n,sbi->symlink_bitmap);
+ 		unlock_kernel();
+diff -urNp linux-2.6.29.6/fs/autofs4/inode.c linux-2.6.29.6/fs/autofs4/inode.c
+--- linux-2.6.29.6/fs/autofs4/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/autofs4/inode.c	2009-07-23 18:40:28.247289762 -0400
+@@ -310,7 +310,7 @@ static struct autofs_info *autofs4_mkroo
+ 	return ino;
+ }
+ 
+-static struct dentry_operations autofs4_sb_dentry_operations = {
++static const struct dentry_operations autofs4_sb_dentry_operations = {
+ 	.d_release      = autofs4_dentry_release,
+ };
+ 
+diff -urNp linux-2.6.29.6/fs/autofs4/root.c linux-2.6.29.6/fs/autofs4/root.c
+--- linux-2.6.29.6/fs/autofs4/root.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/autofs4/root.c	2009-07-23 18:40:28.260399846 -0400
+@@ -349,13 +349,13 @@ void autofs4_dentry_release(struct dentr
+ }
+ 
+ /* For dentries of directories in the root dir */
+-static struct dentry_operations autofs4_root_dentry_operations = {
++static const struct dentry_operations autofs4_root_dentry_operations = {
+ 	.d_revalidate	= autofs4_revalidate,
+ 	.d_release	= autofs4_dentry_release,
+ };
+ 
+ /* For other dentries */
+-static struct dentry_operations autofs4_dentry_operations = {
++static const struct dentry_operations autofs4_dentry_operations = {
+ 	.d_revalidate	= autofs4_revalidate,
+ 	.d_release	= autofs4_dentry_release,
+ };
+diff -urNp linux-2.6.29.6/fs/autofs4/symlink.c linux-2.6.29.6/fs/autofs4/symlink.c
+--- linux-2.6.29.6/fs/autofs4/symlink.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/autofs4/symlink.c	2009-07-23 17:34:32.143911823 -0400
+@@ -15,7 +15,7 @@
+ static void *autofs4_follow_link(struct dentry *dentry, struct nameidata *nd)
+ {
+ 	struct autofs_info *ino = autofs4_dentry_ino(dentry);
+-	nd_set_link(nd, (char *)ino->u.symlink);
++	nd_set_link(nd, ino->u.symlink);
+ 	return NULL;
+ }
+ 
+diff -urNp linux-2.6.29.6/fs/befs/linuxvfs.c linux-2.6.29.6/fs/befs/linuxvfs.c
+--- linux-2.6.29.6/fs/befs/linuxvfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/befs/linuxvfs.c	2009-07-23 17:34:32.144798896 -0400
+@@ -493,7 +493,7 @@ static void befs_put_link(struct dentry 
+ {
+ 	befs_inode_info *befs_ino = BEFS_I(dentry->d_inode);
+ 	if (befs_ino->i_flags & BEFS_LONG_SYMLINK) {
+-		char *link = nd_get_link(nd);
++		const char *link = nd_get_link(nd);
+ 		if (!IS_ERR(link))
+ 			kfree(link);
+ 	}
+diff -urNp linux-2.6.29.6/fs/binfmt_aout.c linux-2.6.29.6/fs/binfmt_aout.c
+--- linux-2.6.29.6/fs/binfmt_aout.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/binfmt_aout.c	2009-07-23 17:34:32.144798896 -0400
+@@ -16,6 +16,7 @@
+ #include <linux/string.h>
+ #include <linux/fs.h>
+ #include <linux/file.h>
++#include <linux/security.h>
+ #include <linux/stat.h>
+ #include <linux/fcntl.h>
+ #include <linux/ptrace.h>
+@@ -113,10 +114,12 @@ static int aout_core_dump(long signr, st
+ 
+ /* If the size of the dump file exceeds the rlimit, then see what would happen
+    if we wrote the stack, but not the data area.  */
++	gr_learn_resource(current, RLIMIT_CORE, (dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE, 1);
+ 	if ((dump.u_dsize + dump.u_ssize+1) * PAGE_SIZE > limit)
+ 		dump.u_dsize = 0;
+ 
+ /* Make sure we have enough room to write the stack and data areas. */
++	gr_learn_resource(current, RLIMIT_CORE, (dump.u_ssize + 1) * PAGE_SIZE, 1);
+ 	if ((dump.u_ssize + 1) * PAGE_SIZE > limit)
+ 		dump.u_ssize = 0;
+ 
+@@ -249,6 +252,8 @@ static int load_aout_binary(struct linux
+ 	rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
+ 	if (rlim >= RLIM_INFINITY)
+ 		rlim = ~0;
++
++	gr_learn_resource(current, RLIMIT_DATA, ex.a_data + ex.a_bss, 1);
+ 	if (ex.a_data + ex.a_bss > rlim)
+ 		return -ENOMEM;
+ 
+@@ -276,6 +281,27 @@ static int load_aout_binary(struct linux
+ 	install_exec_creds(bprm);
+  	current->flags &= ~PF_FORKNOEXEC;
+ 
++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++	current->mm->pax_flags = 0UL;
++#endif
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	if (!(N_FLAGS(ex) & F_PAX_PAGEEXEC)) {
++		current->mm->pax_flags |= MF_PAX_PAGEEXEC;
++
++#ifdef CONFIG_PAX_EMUTRAMP
++		if (N_FLAGS(ex) & F_PAX_EMUTRAMP)
++			current->mm->pax_flags |= MF_PAX_EMUTRAMP;
++#endif
++
++#ifdef CONFIG_PAX_MPROTECT
++		if (!(N_FLAGS(ex) & F_PAX_MPROTECT))
++			current->mm->pax_flags |= MF_PAX_MPROTECT;
++#endif
++
++	}
++#endif
++
+ 	if (N_MAGIC(ex) == OMAGIC) {
+ 		unsigned long text_addr, map_size;
+ 		loff_t pos;
+@@ -348,7 +374,7 @@ static int load_aout_binary(struct linux
+ 
+ 		down_write(&current->mm->mmap_sem);
+  		error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
+-				PROT_READ | PROT_WRITE | PROT_EXEC,
++				PROT_READ | PROT_WRITE,
+ 				MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE,
+ 				fd_offset + ex.a_text);
+ 		up_write(&current->mm->mmap_sem);
+diff -urNp linux-2.6.29.6/fs/binfmt_elf.c linux-2.6.29.6/fs/binfmt_elf.c
+--- linux-2.6.29.6/fs/binfmt_elf.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/binfmt_elf.c	2009-07-23 17:34:32.146933187 -0400
+@@ -42,6 +42,10 @@
+ #include <asm/param.h>
+ #include <asm/page.h>
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++#include <asm/desc.h>
++#endif
++
+ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs);
+ static int load_elf_library(struct file *);
+ static unsigned long elf_map(struct file *, unsigned long, struct elf_phdr *,
+@@ -57,6 +61,10 @@ static int elf_core_dump(long signr, str
+ #define elf_core_dump	NULL
+ #endif
+ 
++#ifdef CONFIG_PAX_MPROTECT
++static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags);
++#endif
++
+ #if ELF_EXEC_PAGESIZE > PAGE_SIZE
+ #define ELF_MIN_ALIGN	ELF_EXEC_PAGESIZE
+ #else
+@@ -76,6 +84,11 @@ static struct linux_binfmt elf_format = 
+ 		.load_binary	= load_elf_binary,
+ 		.load_shlib	= load_elf_library,
+ 		.core_dump	= elf_core_dump,
++
++#ifdef CONFIG_PAX_MPROTECT
++		.handle_mprotect= elf_handle_mprotect,
++#endif
++
+ 		.min_coredump	= ELF_EXEC_PAGESIZE,
+ 		.hasvdso	= 1
+ };
+@@ -84,6 +97,8 @@ static struct linux_binfmt elf_format = 
+ 
+ static int set_brk(unsigned long start, unsigned long end)
+ {
++	unsigned long e = end;
++
+ 	start = ELF_PAGEALIGN(start);
+ 	end = ELF_PAGEALIGN(end);
+ 	if (end > start) {
+@@ -94,7 +109,7 @@ static int set_brk(unsigned long start, 
+ 		if (BAD_ADDR(addr))
+ 			return addr;
+ 	}
+-	current->mm->start_brk = current->mm->brk = end;
++	current->mm->start_brk = current->mm->brk = e;
+ 	return 0;
+ }
+ 
+@@ -155,7 +170,7 @@ create_elf_tables(struct linux_binprm *b
+ 	elf_addr_t __user *u_rand_bytes;
+ 	const char *k_platform = ELF_PLATFORM;
+ 	const char *k_base_platform = ELF_BASE_PLATFORM;
+-	unsigned char k_rand_bytes[16];
++	u32 k_rand_bytes[4];
+ 	int items;
+ 	elf_addr_t *elf_info;
+ 	int ei_index = 0;
+@@ -202,6 +217,10 @@ create_elf_tables(struct linux_binprm *b
+ 	 * Generate 16 random bytes for userspace PRNG seeding.
+ 	 */
+ 	get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
++	srandom32(k_rand_bytes[0] ^ random32());
++	srandom32(k_rand_bytes[1] ^ random32());
++	srandom32(k_rand_bytes[2] ^ random32());
++	srandom32(k_rand_bytes[3] ^ random32());
+ 	u_rand_bytes = (elf_addr_t __user *)
+ 		       STACK_ALLOC(p, sizeof(k_rand_bytes));
+ 	if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
+@@ -392,10 +411,10 @@ static unsigned long load_elf_interp(str
+ {
+ 	struct elf_phdr *elf_phdata;
+ 	struct elf_phdr *eppnt;
+-	unsigned long load_addr = 0;
++	unsigned long load_addr = 0, pax_task_size = TASK_SIZE;
+ 	int load_addr_set = 0;
+ 	unsigned long last_bss = 0, elf_bss = 0;
+-	unsigned long error = ~0UL;
++	unsigned long error = -EINVAL;
+ 	unsigned long total_size;
+ 	int retval, i, size;
+ 
+@@ -441,6 +460,11 @@ static unsigned long load_elf_interp(str
+ 		goto out_close;
+ 	}
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
++
+ 	eppnt = elf_phdata;
+ 	for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
+ 		if (eppnt->p_type == PT_LOAD) {
+@@ -484,8 +508,8 @@ static unsigned long load_elf_interp(str
+ 			k = load_addr + eppnt->p_vaddr;
+ 			if (BAD_ADDR(k) ||
+ 			    eppnt->p_filesz > eppnt->p_memsz ||
+-			    eppnt->p_memsz > TASK_SIZE ||
+-			    TASK_SIZE - eppnt->p_memsz < k) {
++			    eppnt->p_memsz > pax_task_size ||
++			    pax_task_size - eppnt->p_memsz < k) {
+ 				error = -ENOMEM;
+ 				goto out_close;
+ 			}
+@@ -539,6 +563,177 @@ out:
+ 	return error;
+ }
+ 
++#if (defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)) && defined(CONFIG_PAX_SOFTMODE)
++static unsigned long pax_parse_softmode(const struct elf_phdr * const elf_phdata)
++{
++	unsigned long pax_flags = 0UL;
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	if (elf_phdata->p_flags & PF_PAGEEXEC)
++		pax_flags |= MF_PAX_PAGEEXEC;
++#endif
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (elf_phdata->p_flags & PF_SEGMEXEC)
++		pax_flags |= MF_PAX_SEGMEXEC;
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
++	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++		if (nx_enabled)
++			pax_flags &= ~MF_PAX_SEGMEXEC;
++		else
++			pax_flags &= ~MF_PAX_PAGEEXEC;
++	}
++#endif
++
++#ifdef CONFIG_PAX_EMUTRAMP
++	if (elf_phdata->p_flags & PF_EMUTRAMP)
++		pax_flags |= MF_PAX_EMUTRAMP;
++#endif
++
++#ifdef CONFIG_PAX_MPROTECT
++	if (elf_phdata->p_flags & PF_MPROTECT)
++		pax_flags |= MF_PAX_MPROTECT;
++#endif
++
++#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
++	if (randomize_va_space && (elf_phdata->p_flags & PF_RANDMMAP))
++		pax_flags |= MF_PAX_RANDMMAP;
++#endif
++
++	return pax_flags;
++}
++#endif
++
++#ifdef CONFIG_PAX_PT_PAX_FLAGS
++static unsigned long pax_parse_hardmode(const struct elf_phdr * const elf_phdata)
++{
++	unsigned long pax_flags = 0UL;
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	if (!(elf_phdata->p_flags & PF_NOPAGEEXEC))
++		pax_flags |= MF_PAX_PAGEEXEC;
++#endif
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (!(elf_phdata->p_flags & PF_NOSEGMEXEC))
++		pax_flags |= MF_PAX_SEGMEXEC;
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
++	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++		if (nx_enabled)
++			pax_flags &= ~MF_PAX_SEGMEXEC;
++		else
++			pax_flags &= ~MF_PAX_PAGEEXEC;
++	}
++#endif
++
++#ifdef CONFIG_PAX_EMUTRAMP
++	if (!(elf_phdata->p_flags & PF_NOEMUTRAMP))
++		pax_flags |= MF_PAX_EMUTRAMP;
++#endif
++
++#ifdef CONFIG_PAX_MPROTECT
++	if (!(elf_phdata->p_flags & PF_NOMPROTECT))
++		pax_flags |= MF_PAX_MPROTECT;
++#endif
++
++#if defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)
++	if (randomize_va_space && !(elf_phdata->p_flags & PF_NORANDMMAP))
++		pax_flags |= MF_PAX_RANDMMAP;
++#endif
++
++	return pax_flags;
++}
++#endif
++
++#ifdef CONFIG_PAX_EI_PAX
++static unsigned long pax_parse_ei_pax(const struct elfhdr * const elf_ex)
++{
++	unsigned long pax_flags = 0UL;
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_PAGEEXEC))
++		pax_flags |= MF_PAX_PAGEEXEC;
++#endif
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (!(elf_ex->e_ident[EI_PAX] & EF_PAX_SEGMEXEC))
++		pax_flags |= MF_PAX_SEGMEXEC;
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_PAX_SEGMEXEC)
++	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) == (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++		if (nx_enabled)
++			pax_flags &= ~MF_PAX_SEGMEXEC;
++		else
++			pax_flags &= ~MF_PAX_PAGEEXEC;
++	}
++#endif
++
++#ifdef CONFIG_PAX_EMUTRAMP
++	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && (elf_ex->e_ident[EI_PAX] & EF_PAX_EMUTRAMP))
++		pax_flags |= MF_PAX_EMUTRAMP;
++#endif
++
++#ifdef CONFIG_PAX_MPROTECT
++	if ((pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) && !(elf_ex->e_ident[EI_PAX] & EF_PAX_MPROTECT))
++		pax_flags |= MF_PAX_MPROTECT;
++#endif
++
++#ifdef CONFIG_PAX_ASLR
++	if (randomize_va_space && !(elf_ex->e_ident[EI_PAX] & EF_PAX_RANDMMAP))
++		pax_flags |= MF_PAX_RANDMMAP;
++#endif
++
++	return pax_flags;
++}
++#endif
++
++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
++static long pax_parse_elf_flags(const struct elfhdr * const elf_ex, const struct elf_phdr * const elf_phdata)
++{
++	unsigned long pax_flags = 0UL;
++
++#ifdef CONFIG_PAX_PT_PAX_FLAGS
++	unsigned long i;
++#endif
++
++#ifdef CONFIG_PAX_EI_PAX
++	pax_flags = pax_parse_ei_pax(elf_ex);
++#endif
++
++#ifdef CONFIG_PAX_PT_PAX_FLAGS
++	for (i = 0UL; i < elf_ex->e_phnum; i++)
++		if (elf_phdata[i].p_type == PT_PAX_FLAGS) {
++			if (((elf_phdata[i].p_flags & PF_PAGEEXEC) && (elf_phdata[i].p_flags & PF_NOPAGEEXEC)) ||
++			    ((elf_phdata[i].p_flags & PF_SEGMEXEC) && (elf_phdata[i].p_flags & PF_NOSEGMEXEC)) ||
++			    ((elf_phdata[i].p_flags & PF_EMUTRAMP) && (elf_phdata[i].p_flags & PF_NOEMUTRAMP)) ||
++			    ((elf_phdata[i].p_flags & PF_MPROTECT) && (elf_phdata[i].p_flags & PF_NOMPROTECT)) ||
++			    ((elf_phdata[i].p_flags & PF_RANDMMAP) && (elf_phdata[i].p_flags & PF_NORANDMMAP)))
++				return -EINVAL;
++
++#ifdef CONFIG_PAX_SOFTMODE
++			if (pax_softmode)
++				pax_flags = pax_parse_softmode(&elf_phdata[i]);
++			else
++#endif
++
++				pax_flags = pax_parse_hardmode(&elf_phdata[i]);
++			break;
++		}
++#endif
++
++	if (0 > pax_check_flags(&pax_flags))
++		return -EINVAL;
++
++	current->mm->pax_flags = pax_flags;
++	return 0;
++}
++#endif
++
+ /*
+  * These are the functions used to load ELF style executables and shared
+  * libraries.  There is no binary dependent code anywhere else.
+@@ -555,6 +750,11 @@ static unsigned long randomize_stack_top
+ {
+ 	unsigned int random_variable = 0;
+ 
++#ifdef CONFIG_PAX_RANDUSTACK
++	if (randomize_va_space)
++		return stack_top - current->mm->delta_stack;
++#endif
++
+ 	if ((current->flags & PF_RANDOMIZE) &&
+ 		!(current->personality & ADDR_NO_RANDOMIZE)) {
+ 		random_variable = get_random_int() & STACK_RND_MASK;
+@@ -573,7 +773,7 @@ static int load_elf_binary(struct linux_
+  	unsigned long load_addr = 0, load_bias = 0;
+ 	int load_addr_set = 0;
+ 	char * elf_interpreter = NULL;
+-	unsigned long error;
++	unsigned long error = 0;
+ 	struct elf_phdr *elf_ppnt, *elf_phdata;
+ 	unsigned long elf_bss, elf_brk;
+ 	int elf_exec_fileno;
+@@ -584,11 +784,11 @@ static int load_elf_binary(struct linux_
+ 	unsigned long start_code, end_code, start_data, end_data;
+ 	unsigned long reloc_func_desc = 0;
+ 	int executable_stack = EXSTACK_DEFAULT;
+-	unsigned long def_flags = 0;
+ 	struct {
+ 		struct elfhdr elf_ex;
+ 		struct elfhdr interp_elf_ex;
+ 	} *loc;
++	unsigned long pax_task_size = TASK_SIZE;
+ 
+ 	loc = kmalloc(sizeof(*loc), GFP_KERNEL);
+ 	if (!loc) {
+@@ -756,11 +956,80 @@ static int load_elf_binary(struct linux_
+ 
+ 	/* OK, This is the point of no return */
+ 	current->flags &= ~PF_FORKNOEXEC;
+-	current->mm->def_flags = def_flags;
++
++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++	current->mm->pax_flags = 0UL;
++#endif
++
++#ifdef CONFIG_PAX_DLRESOLVE
++	current->mm->call_dl_resolve = 0UL;
++#endif
++
++#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
++	current->mm->call_syscall = 0UL;
++#endif
++
++#ifdef CONFIG_PAX_ASLR
++	current->mm->delta_mmap = 0UL;
++	current->mm->delta_stack = 0UL;
++#endif
++
++	current->mm->def_flags = 0;
++
++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS)
++	if (0 > pax_parse_elf_flags(&loc->elf_ex, elf_phdata)) {
++		send_sig(SIGKILL, current, 0);
++		goto out_free_dentry;
++	}
++#endif
++
++#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
++	pax_set_initial_flags(bprm);
++#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
++	if (pax_set_initial_flags_func)
++		(pax_set_initial_flags_func)(bprm);
++#endif
++
++#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
++	if ((current->mm->pax_flags & MF_PAX_PAGEEXEC) && !nx_enabled) {
++		current->mm->context.user_cs_limit = PAGE_SIZE;
++		current->mm->def_flags |= VM_PAGEEXEC;
++	}
++#endif
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
++		current->mm->context.user_cs_base = SEGMEXEC_TASK_SIZE;
++		current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE;
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++	}
++#endif
++
++#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC)
++	if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++		set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu());
++		put_cpu_no_resched();
++	}
++#endif
++
++#ifdef CONFIG_PAX_ASLR
++	if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
++		current->mm->delta_mmap = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN)-1)) << PAGE_SHIFT;
++		current->mm->delta_stack = (pax_get_random_long() & ((1UL << PAX_DELTA_STACK_LEN)-1)) << PAGE_SHIFT;
++	}
++#endif
+ 
+ 	/* Do this immediately, since STACK_TOP as used in setup_arg_pages
+ 	   may depend on the personality.  */
+ 	SET_PERSONALITY(loc->elf_ex);
++
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++	if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++		executable_stack = EXSTACK_DISABLE_X;
++		current->personality &= ~READ_IMPLIES_EXEC;
++	} else
++#endif
++
+ 	if (elf_read_implies_exec(loc->elf_ex, executable_stack))
+ 		current->personality |= READ_IMPLIES_EXEC;
+ 
+@@ -841,6 +1110,20 @@ static int load_elf_binary(struct linux_
+ #else
+ 			load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
+ #endif
++
++#ifdef CONFIG_PAX_RANDMMAP
++			/* PaX: randomize base address at the default exe base if requested */
++			if ((current->mm->pax_flags & MF_PAX_RANDMMAP) && elf_interpreter) {
++#ifdef CONFIG_SPARC64
++				load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << (PAGE_SHIFT+1);
++#else
++				load_bias = (pax_get_random_long() & ((1UL << PAX_DELTA_MMAP_LEN) - 1)) << PAGE_SHIFT;
++#endif
++				load_bias = ELF_PAGESTART(PAX_ELF_ET_DYN_BASE - vaddr + load_bias);
++				elf_flags |= MAP_FIXED;
++			}
++#endif
++
+ 		}
+ 
+ 		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
+@@ -873,9 +1156,9 @@ static int load_elf_binary(struct linux_
+ 		 * allowed task size. Note that p_filesz must always be
+ 		 * <= p_memsz so it is only necessary to check p_memsz.
+ 		 */
+-		if (BAD_ADDR(k) || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
+-		    elf_ppnt->p_memsz > TASK_SIZE ||
+-		    TASK_SIZE - elf_ppnt->p_memsz < k) {
++		if (k >= pax_task_size || elf_ppnt->p_filesz > elf_ppnt->p_memsz ||
++		    elf_ppnt->p_memsz > pax_task_size ||
++		    pax_task_size - elf_ppnt->p_memsz < k) {
+ 			/* set_brk can never work. Avoid overflows. */
+ 			send_sig(SIGKILL, current, 0);
+ 			retval = -EINVAL;
+@@ -903,6 +1186,11 @@ static int load_elf_binary(struct linux_
+ 	start_data += load_bias;
+ 	end_data += load_bias;
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (current->mm->pax_flags & MF_PAX_RANDMMAP)
++		elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4);
++#endif
++
+ 	/* Calling set_brk effectively mmaps the pages that we need
+ 	 * for the bss and break sections.  We must do this before
+ 	 * mapping in the interpreter, to make sure it doesn't wind
+@@ -914,9 +1202,11 @@ static int load_elf_binary(struct linux_
+ 		goto out_free_dentry;
+ 	}
+ 	if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
+-		send_sig(SIGSEGV, current, 0);
+-		retval = -EFAULT; /* Nobody gets to see this, but.. */
+-		goto out_free_dentry;
++		/*
++		 * This bss-zeroing can fail if the ELF
++		 * file specifies odd protections. So
++		 * we don't check the return value
++		 */
+ 	}
+ 
+ 	if (elf_interpreter) {
+@@ -1153,8 +1443,10 @@ static int dump_seek(struct file *file, 
+ 			unsigned long n = off;
+ 			if (n > PAGE_SIZE)
+ 				n = PAGE_SIZE;
+-			if (!dump_write(file, buf, n))
++			if (!dump_write(file, buf, n)) {
++				free_page((unsigned long)buf);
+ 				return 0;
++			}
+ 			off -= n;
+ 		}
+ 		free_page((unsigned long)buf);
+@@ -1166,7 +1458,7 @@ static int dump_seek(struct file *file, 
+  * Decide what to dump of a segment, part, all or none.
+  */
+ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+-				   unsigned long mm_flags)
++				   unsigned long mm_flags, long signr)
+ {
+ #define FILTER(type)	(mm_flags & (1UL << MMF_DUMP_##type))
+ 
+@@ -1200,7 +1492,7 @@ static unsigned long vma_dump_size(struc
+ 	if (vma->vm_file == NULL)
+ 		return 0;
+ 
+-	if (FILTER(MAPPED_PRIVATE))
++	if (signr == SIGKILL || FILTER(MAPPED_PRIVATE))
+ 		goto whole;
+ 
+ 	/*
+@@ -1296,8 +1588,11 @@ static int writenote(struct memelfnote *
+ #undef DUMP_WRITE
+ 
+ #define DUMP_WRITE(addr, nr)	\
++	do { \
++	gr_learn_resource(current, RLIMIT_CORE, size + (nr), 1); \
+ 	if ((size += (nr)) > limit || !dump_write(file, (addr), (nr))) \
+-		goto end_coredump;
++		goto end_coredump; \
++	} while (0);
+ #define DUMP_SEEK(off)	\
+ 	if (!dump_seek(file, (off))) \
+ 		goto end_coredump;
+@@ -2002,7 +2297,7 @@ static int elf_core_dump(long signr, str
+ 		phdr.p_offset = offset;
+ 		phdr.p_vaddr = vma->vm_start;
+ 		phdr.p_paddr = 0;
+-		phdr.p_filesz = vma_dump_size(vma, mm_flags);
++		phdr.p_filesz = vma_dump_size(vma, mm_flags, signr);
+ 		phdr.p_memsz = vma->vm_end - vma->vm_start;
+ 		offset += phdr.p_filesz;
+ 		phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
+@@ -2034,7 +2329,7 @@ static int elf_core_dump(long signr, str
+ 		unsigned long addr;
+ 		unsigned long end;
+ 
+-		end = vma->vm_start + vma_dump_size(vma, mm_flags);
++		end = vma->vm_start + vma_dump_size(vma, mm_flags, signr);
+ 
+ 		for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
+ 			struct page *page;
+@@ -2054,6 +2349,7 @@ static int elf_core_dump(long signr, str
+ 					flush_cache_page(tmp_vma, addr,
+ 							 page_to_pfn(page));
+ 					kaddr = kmap(page);
++					gr_learn_resource(current, RLIMIT_CORE, size + PAGE_SIZE, 1);
+ 					if ((size += PAGE_SIZE) > limit ||
+ 					    !dump_write(file, kaddr,
+ 					    PAGE_SIZE)) {
+@@ -2084,6 +2380,99 @@ out:
+ 
+ #endif		/* USE_ELF_CORE_DUMP */
+ 
++#ifdef CONFIG_PAX_MPROTECT
++/* PaX: non-PIC ELF libraries need relocations on their executable segments
++ * therefore we'll grant them VM_MAYWRITE once during their life. Similarly
++ * we'll remove VM_MAYWRITE for good on RELRO segments.
++ *
++ * The checks favour ld-linux.so behaviour which operates on a per ELF segment
++ * basis because we want to allow the common case and not the special ones.
++ */
++static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags)
++{
++	struct elfhdr elf_h;
++	struct elf_phdr elf_p;
++	unsigned long i;
++	unsigned long oldflags;
++	bool is_textrel_rw, is_textrel_rx, is_relro;
++
++	if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT))
++		return;
++
++	oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
++	newflags &= VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ;
++
++#ifdef CONFIG_PAX_NOELFRELOCS
++	is_textrel_rw = false;
++	is_textrel_rx = false;
++#else
++	/* possible TEXTREL */
++	is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
++	is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
++#endif
++
++	/* possible RELRO */
++	is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
++
++	if (!is_textrel_rw && !is_textrel_rx && !is_relro)
++		return;
++
++	if (sizeof(elf_h) != kernel_read(vma->vm_file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
++	    memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
++
++#ifdef CONFIG_PAX_ETEXECRELOCS
++	    ((is_textrel_rw || is_textrel_rx) && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
++#else
++	    ((is_textrel_rw || is_textrel_rx) && elf_h.e_type != ET_DYN) ||
++#endif
++
++	    (is_relro && (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC)) ||
++	    !elf_check_arch(&elf_h) ||
++	    elf_h.e_phentsize != sizeof(struct elf_phdr) ||
++	    elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
++		return;
++
++	for (i = 0UL; i < elf_h.e_phnum; i++) {
++		if (sizeof(elf_p) != kernel_read(vma->vm_file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
++			return;
++		switch (elf_p.p_type) {
++		case PT_DYNAMIC: {
++			elf_addr_t dyn_offset = 0UL;
++			elf_dyn dyn;
++
++			if (!is_textrel_rw && !is_textrel_rx)
++				continue;
++			dyn_offset = elf_p.p_offset;
++			i = 0UL;
++			do {
++				if (sizeof(dyn) != kernel_read(vma->vm_file, dyn_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn)))
++					return;
++				if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
++					gr_log_textrel(vma);
++					if (is_textrel_rw)
++						vma->vm_flags |= VM_MAYWRITE;
++					else
++						/* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
++						vma->vm_flags &= ~VM_MAYWRITE;
++					return;
++				}
++				i++;
++			} while (dyn.d_tag != DT_NULL);
++			return;
++		}
++
++		case PT_GNU_RELRO:
++			if (!is_relro)
++				continue;
++			if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start) {
++				vma->vm_flags &= ~VM_MAYWRITE;
++			}
++			return;
++		}
++	}
++}
++#endif
++
+ static int __init init_elf_binfmt(void)
+ {
+ 	return register_binfmt(&elf_format);
+diff -urNp linux-2.6.29.6/fs/binfmt_flat.c linux-2.6.29.6/fs/binfmt_flat.c
+--- linux-2.6.29.6/fs/binfmt_flat.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/binfmt_flat.c	2009-07-23 17:34:32.148887586 -0400
+@@ -554,7 +554,9 @@ static int load_flat_file(struct linux_b
+ 				realdatastart = (unsigned long) -ENOMEM;
+ 			printk("Unable to allocate RAM for process data, errno %d\n",
+ 					(int)-realdatastart);
++			down_write(&current->mm->mmap_sem);
+ 			do_munmap(current->mm, textpos, text_len);
++			up_write(&current->mm->mmap_sem);
+ 			ret = realdatastart;
+ 			goto err;
+ 		}
+@@ -576,8 +578,10 @@ static int load_flat_file(struct linux_b
+ 		}
+ 		if (result >= (unsigned long)-4096) {
+ 			printk("Unable to read data+bss, errno %d\n", (int)-result);
++			down_write(&current->mm->mmap_sem);
+ 			do_munmap(current->mm, textpos, text_len);
+ 			do_munmap(current->mm, realdatastart, data_len + extra);
++			up_write(&current->mm->mmap_sem);
+ 			ret = result;
+ 			goto err;
+ 		}
+@@ -643,8 +647,10 @@ static int load_flat_file(struct linux_b
+ 		}
+ 		if (result >= (unsigned long)-4096) {
+ 			printk("Unable to read code+data+bss, errno %d\n",(int)-result);
++			down_write(&current->mm->mmap_sem);
+ 			do_munmap(current->mm, textpos, text_len + data_len + extra +
+ 				MAX_SHARED_LIBS * sizeof(unsigned long));
++			up_write(&current->mm->mmap_sem);
+ 			ret = result;
+ 			goto err;
+ 		}
+diff -urNp linux-2.6.29.6/fs/binfmt_misc.c linux-2.6.29.6/fs/binfmt_misc.c
+--- linux-2.6.29.6/fs/binfmt_misc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/binfmt_misc.c	2009-07-23 17:34:32.148887586 -0400
+@@ -693,7 +693,7 @@ static int bm_fill_super(struct super_bl
+ 	static struct tree_descr bm_files[] = {
+ 		[2] = {"status", &bm_status_operations, S_IWUSR|S_IRUGO},
+ 		[3] = {"register", &bm_register_operations, S_IWUSR},
+-		/* last one */ {""}
++		/* last one */ {"", NULL, 0}
+ 	};
+ 	int err = simple_fill_super(sb, 0x42494e4d, bm_files);
+ 	if (!err)
+diff -urNp linux-2.6.29.6/fs/bio.c linux-2.6.29.6/fs/bio.c
+--- linux-2.6.29.6/fs/bio.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/bio.c	2009-07-23 17:34:32.148887586 -0400
+@@ -710,7 +710,7 @@ static int __bio_copy_iov(struct bio *bi
+ 
+ 		while (bv_len && iov_idx < iov_count) {
+ 			unsigned int bytes;
+-			char *iov_addr;
++			char __user *iov_addr;
+ 
+ 			bytes = min_t(unsigned int,
+ 				      iov[iov_idx].iov_len - iov_off, bv_len);
+diff -urNp linux-2.6.29.6/fs/btrfs/ctree.h linux-2.6.29.6/fs/btrfs/ctree.h
+--- linux-2.6.29.6/fs/btrfs/ctree.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/btrfs/ctree.h	2009-07-23 18:40:28.276499409 -0400
+@@ -2099,7 +2099,7 @@ int btrfs_sync_file(struct file *file, s
+ int btrfs_drop_extent_cache(struct inode *inode, u64 start, u64 end,
+ 			    int skip_pinned);
+ int btrfs_check_file(struct btrfs_root *root, struct inode *inode);
+-extern struct file_operations btrfs_file_operations;
++extern const struct file_operations btrfs_file_operations;
+ int btrfs_drop_extents(struct btrfs_trans_handle *trans,
+ 		       struct btrfs_root *root, struct inode *inode,
+ 		       u64 start, u64 end, u64 inline_limit, u64 *hint_block);
+diff -urNp linux-2.6.29.6/fs/btrfs/disk-io.c linux-2.6.29.6/fs/btrfs/disk-io.c
+--- linux-2.6.29.6/fs/btrfs/disk-io.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/btrfs/disk-io.c	2009-07-23 18:40:28.282751578 -0400
+@@ -768,7 +768,7 @@ static int btree_writepage(struct page *
+ }
+ #endif
+ 
+-static struct address_space_operations btree_aops = {
++static const struct address_space_operations btree_aops = {
+ 	.readpage	= btree_readpage,
+ 	.writepage	= btree_writepage,
+ 	.writepages	= btree_writepages,
+diff -urNp linux-2.6.29.6/fs/btrfs/file.c linux-2.6.29.6/fs/btrfs/file.c
+--- linux-2.6.29.6/fs/btrfs/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/btrfs/file.c	2009-07-23 18:40:28.305635485 -0400
+@@ -1268,7 +1268,7 @@ out:
+ 	return ret > 0 ? EIO : ret;
+ }
+ 
+-static struct vm_operations_struct btrfs_file_vm_ops = {
++static const struct vm_operations_struct btrfs_file_vm_ops = {
+ 	.fault		= filemap_fault,
+ 	.page_mkwrite	= btrfs_page_mkwrite,
+ };
+@@ -1280,7 +1280,7 @@ static int btrfs_file_mmap(struct file	*
+ 	return 0;
+ }
+ 
+-struct file_operations btrfs_file_operations = {
++const struct file_operations btrfs_file_operations = {
+ 	.llseek		= generic_file_llseek,
+ 	.read		= do_sync_read,
+ 	.aio_read       = generic_file_aio_read,
+diff -urNp linux-2.6.29.6/fs/btrfs/inode.c linux-2.6.29.6/fs/btrfs/inode.c
+--- linux-2.6.29.6/fs/btrfs/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/btrfs/inode.c	2009-07-23 18:40:28.316264775 -0400
+@@ -57,14 +57,14 @@ struct btrfs_iget_args {
+ 	struct btrfs_root *root;
+ };
+ 
+-static struct inode_operations btrfs_dir_inode_operations;
+-static struct inode_operations btrfs_symlink_inode_operations;
+-static struct inode_operations btrfs_dir_ro_inode_operations;
+-static struct inode_operations btrfs_special_inode_operations;
+-static struct inode_operations btrfs_file_inode_operations;
+-static struct address_space_operations btrfs_aops;
+-static struct address_space_operations btrfs_symlink_aops;
+-static struct file_operations btrfs_dir_file_operations;
++static const struct inode_operations btrfs_dir_inode_operations;
++static const struct inode_operations btrfs_symlink_inode_operations;
++static const struct inode_operations btrfs_dir_ro_inode_operations;
++static const struct inode_operations btrfs_special_inode_operations;
++static const struct inode_operations btrfs_file_inode_operations;
++static const struct address_space_operations btrfs_aops;
++static const struct address_space_operations btrfs_symlink_aops;
++static const struct file_operations btrfs_dir_file_operations;
+ static struct extent_io_ops btrfs_extent_io_ops;
+ 
+ static struct kmem_cache *btrfs_inode_cachep;
+@@ -4955,7 +4955,7 @@ static int btrfs_permission(struct inode
+ 	return generic_permission(inode, mask, btrfs_check_acl);
+ }
+ 
+-static struct inode_operations btrfs_dir_inode_operations = {
++static const struct inode_operations btrfs_dir_inode_operations = {
+ 	.getattr	= btrfs_getattr,
+ 	.lookup		= btrfs_lookup,
+ 	.create		= btrfs_create,
+@@ -4973,11 +4973,11 @@ static struct inode_operations btrfs_dir
+ 	.removexattr	= btrfs_removexattr,
+ 	.permission	= btrfs_permission,
+ };
+-static struct inode_operations btrfs_dir_ro_inode_operations = {
++static const struct inode_operations btrfs_dir_ro_inode_operations = {
+ 	.lookup		= btrfs_lookup,
+ 	.permission	= btrfs_permission,
+ };
+-static struct file_operations btrfs_dir_file_operations = {
++static const struct file_operations btrfs_dir_file_operations = {
+ 	.llseek		= generic_file_llseek,
+ 	.read		= generic_read_dir,
+ 	.readdir	= btrfs_real_readdir,
+@@ -5013,7 +5013,7 @@ static struct extent_io_ops btrfs_extent
+  *
+  * For now we're avoiding this by dropping bmap.
+  */
+-static struct address_space_operations btrfs_aops = {
++static const struct address_space_operations btrfs_aops = {
+ 	.readpage	= btrfs_readpage,
+ 	.writepage	= btrfs_writepage,
+ 	.writepages	= btrfs_writepages,
+@@ -5025,14 +5025,14 @@ static struct address_space_operations b
+ 	.set_page_dirty	= btrfs_set_page_dirty,
+ };
+ 
+-static struct address_space_operations btrfs_symlink_aops = {
++static const struct address_space_operations btrfs_symlink_aops = {
+ 	.readpage	= btrfs_readpage,
+ 	.writepage	= btrfs_writepage,
+ 	.invalidatepage = btrfs_invalidatepage,
+ 	.releasepage	= btrfs_releasepage,
+ };
+ 
+-static struct inode_operations btrfs_file_inode_operations = {
++static const struct inode_operations btrfs_file_inode_operations = {
+ 	.truncate	= btrfs_truncate,
+ 	.getattr	= btrfs_getattr,
+ 	.setattr	= btrfs_setattr,
+@@ -5044,7 +5044,7 @@ static struct inode_operations btrfs_fil
+ 	.fallocate	= btrfs_fallocate,
+ 	.fiemap		= btrfs_fiemap,
+ };
+-static struct inode_operations btrfs_special_inode_operations = {
++static const struct inode_operations btrfs_special_inode_operations = {
+ 	.getattr	= btrfs_getattr,
+ 	.setattr	= btrfs_setattr,
+ 	.permission	= btrfs_permission,
+@@ -5053,7 +5053,7 @@ static struct inode_operations btrfs_spe
+ 	.listxattr	= btrfs_listxattr,
+ 	.removexattr	= btrfs_removexattr,
+ };
+-static struct inode_operations btrfs_symlink_inode_operations = {
++static const struct inode_operations btrfs_symlink_inode_operations = {
+ 	.readlink	= generic_readlink,
+ 	.follow_link	= page_follow_link_light,
+ 	.put_link	= page_put_link,
+diff -urNp linux-2.6.29.6/fs/btrfs/super.c linux-2.6.29.6/fs/btrfs/super.c
+--- linux-2.6.29.6/fs/btrfs/super.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/btrfs/super.c	2009-07-23 18:40:28.317383091 -0400
+@@ -52,7 +52,7 @@
+ #include "compression.h"
+ 
+ 
+-static struct super_operations btrfs_super_ops;
++static const struct super_operations btrfs_super_ops;
+ 
+ static void btrfs_put_super(struct super_block *sb)
+ {
+@@ -625,7 +625,7 @@ static int btrfs_unfreeze(struct super_b
+ 	return 0;
+ }
+ 
+-static struct super_operations btrfs_super_ops = {
++static const struct super_operations btrfs_super_ops = {
+ 	.delete_inode	= btrfs_delete_inode,
+ 	.put_super	= btrfs_put_super,
+ 	.write_super	= btrfs_write_super,
+diff -urNp linux-2.6.29.6/fs/buffer.c linux-2.6.29.6/fs/buffer.c
+--- linux-2.6.29.6/fs/buffer.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/buffer.c	2009-07-23 17:34:32.149864089 -0400
+@@ -25,6 +25,7 @@
+ #include <linux/percpu.h>
+ #include <linux/slab.h>
+ #include <linux/capability.h>
++#include <linux/security.h>
+ #include <linux/blkdev.h>
+ #include <linux/file.h>
+ #include <linux/quotaops.h>
+@@ -2312,6 +2313,7 @@ int generic_cont_expand_simple(struct in
+ 
+ 	err = -EFBIG;
+         limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
++	gr_learn_resource(current, RLIMIT_FSIZE, (unsigned long) size, 1);
+ 	if (limit != RLIM_INFINITY && size > (loff_t)limit) {
+ 		send_sig(SIGXFSZ, current, 0);
+ 		goto out;
+diff -urNp linux-2.6.29.6/fs/cifs/cifs_dfs_ref.c linux-2.6.29.6/fs/cifs/cifs_dfs_ref.c
+--- linux-2.6.29.6/fs/cifs/cifs_dfs_ref.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/cifs/cifs_dfs_ref.c	2009-07-23 18:40:28.330897960 -0400
+@@ -387,7 +387,7 @@ out_err:
+ 	goto out;
+ }
+ 
+-struct inode_operations cifs_dfs_referral_inode_operations = {
++const struct inode_operations cifs_dfs_referral_inode_operations = {
+ 	.follow_link = cifs_dfs_follow_mountpoint,
+ };
+ 
+diff -urNp linux-2.6.29.6/fs/cifs/cifsfs.h linux-2.6.29.6/fs/cifs/cifsfs.h
+--- linux-2.6.29.6/fs/cifs/cifsfs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/cifs/cifsfs.h	2009-07-23 18:40:28.331788628 -0400
+@@ -54,7 +54,7 @@ extern int cifs_setattr(struct dentry *,
+ 
+ extern const struct inode_operations cifs_file_inode_ops;
+ extern const struct inode_operations cifs_symlink_inode_ops;
+-extern struct inode_operations cifs_dfs_referral_inode_operations;
++extern const struct inode_operations cifs_dfs_referral_inode_operations;
+ 
+ 
+ /* Functions related to files and directories */
+@@ -78,8 +78,8 @@ extern int cifs_dir_open(struct inode *i
+ extern int cifs_readdir(struct file *file, void *direntry, filldir_t filldir);
+ 
+ /* Functions related to dir entries */
+-extern struct dentry_operations cifs_dentry_ops;
+-extern struct dentry_operations cifs_ci_dentry_ops;
++extern const struct dentry_operations cifs_dentry_ops;
++extern const struct dentry_operations cifs_ci_dentry_ops;
+ 
+ /* Functions related to symlinks */
+ extern void *cifs_follow_link(struct dentry *direntry, struct nameidata *nd);
+diff -urNp linux-2.6.29.6/fs/cifs/cifs_uniupr.h linux-2.6.29.6/fs/cifs/cifs_uniupr.h
+--- linux-2.6.29.6/fs/cifs/cifs_uniupr.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/cifs/cifs_uniupr.h	2009-07-23 17:34:32.150758980 -0400
+@@ -132,7 +132,7 @@ const struct UniCaseRange CifsUniUpperRa
+ 	{0x0490, 0x04cc, UniCaseRangeU0490},
+ 	{0x1e00, 0x1ffc, UniCaseRangeU1e00},
+ 	{0xff40, 0xff5a, UniCaseRangeUff40},
+-	{0}
++	{0, 0, NULL}
+ };
+ #endif
+ 
+diff -urNp linux-2.6.29.6/fs/cifs/dir.c linux-2.6.29.6/fs/cifs/dir.c
+--- linux-2.6.29.6/fs/cifs/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/cifs/dir.c	2009-07-23 18:40:28.331788628 -0400
+@@ -699,7 +699,7 @@ cifs_d_revalidate(struct dentry *direntr
+ 	return rc;
+ }     */
+ 
+-struct dentry_operations cifs_dentry_ops = {
++const struct dentry_operations cifs_dentry_ops = {
+ 	.d_revalidate = cifs_d_revalidate,
+ /* d_delete:       cifs_d_delete,      */ /* not needed except for debugging */
+ };
+@@ -737,7 +737,7 @@ static int cifs_ci_compare(struct dentry
+ 	return 1;
+ }
+ 
+-struct dentry_operations cifs_ci_dentry_ops = {
++const struct dentry_operations cifs_ci_dentry_ops = {
+ 	.d_revalidate = cifs_d_revalidate,
+ 	.d_hash = cifs_ci_hash,
+ 	.d_compare = cifs_ci_compare,
+diff -urNp linux-2.6.29.6/fs/cifs/link.c linux-2.6.29.6/fs/cifs/link.c
+--- linux-2.6.29.6/fs/cifs/link.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/cifs/link.c	2009-07-23 17:34:32.150758980 -0400
+@@ -318,7 +318,7 @@ cifs_readlink(struct dentry *direntry, c
+ 
+ void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie)
+ {
+-	char *p = nd_get_link(nd);
++	const char *p = nd_get_link(nd);
+ 	if (!IS_ERR(p))
+ 		kfree(p);
+ }
+diff -urNp linux-2.6.29.6/fs/compat.c linux-2.6.29.6/fs/compat.c
+--- linux-2.6.29.6/fs/compat.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/compat.c	2009-07-23 17:34:32.150758980 -0400
+@@ -1338,14 +1338,12 @@ static int compat_copy_strings(int argc,
+ 			if (!kmapped_page || kpos != (pos & PAGE_MASK)) {
+ 				struct page *page;
+ 
+-#ifdef CONFIG_STACK_GROWSUP
+ 				ret = expand_stack_downwards(bprm->vma, pos);
+ 				if (ret < 0) {
+ 					/* We've exceed the stack rlimit. */
+ 					ret = -E2BIG;
+ 					goto out;
+ 				}
+-#endif
+ 				ret = get_user_pages(current, bprm->mm, pos,
+ 						     1, 1, 1, &page, NULL);
+ 				if (ret <= 0) {
+@@ -1391,6 +1389,11 @@ int compat_do_execve(char * filename,
+ 	compat_uptr_t __user *envp,
+ 	struct pt_regs * regs)
+ {
++#ifdef CONFIG_GRKERNSEC
++	struct file *old_exec_file;
++	struct acl_subject_label *old_acl;
++	struct rlimit old_rlim[RLIM_NLIMITS];
++#endif
+ 	struct linux_binprm *bprm;
+ 	struct file *file;
+ 	struct files_struct *displaced;
+@@ -1431,6 +1434,14 @@ int compat_do_execve(char * filename,
+ 	bprm->filename = filename;
+ 	bprm->interp = filename;
+ 
++	gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
++	retval = -EAGAIN;
++	if (gr_handle_nproc())
++		goto out_file;
++	retval = -EACCES;
++	if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt))
++		goto out_file;
++
+ 	retval = bprm_mm_init(bprm);
+ 	if (retval)
+ 		goto out_file;
+@@ -1460,9 +1471,40 @@ int compat_do_execve(char * filename,
+ 	if (retval < 0)
+ 		goto out;
+ 
++	if (!gr_tpe_allow(file)) {
++		retval = -EACCES;
++		goto out;
++	}
++
++	if (gr_check_crash_exec(file)) {
++		retval = -EACCES;
++		goto out;
++	}
++
++	gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
++
++	gr_handle_exec_args(bprm, (char __user * __user *)argv);
++
++#ifdef CONFIG_GRKERNSEC
++	old_acl = current->acl;
++	memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
++	old_exec_file = current->exec_file;
++	get_file(file);
++	current->exec_file = file;
++#endif
++
++	retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
++				   bprm->unsafe & LSM_UNSAFE_SHARE);
++	if (retval < 0)
++		goto out_fail;
++
+ 	retval = search_binary_handler(bprm, regs);
+ 	if (retval < 0)
+-		goto out;
++		goto out_fail;
++#ifdef CONFIG_GRKERNSEC
++	if (old_exec_file)
++		fput(old_exec_file);
++#endif
+ 
+ 	/* execve succeeded */
+ 	current->fs->in_exec = 0;
+@@ -1473,6 +1515,14 @@ int compat_do_execve(char * filename,
+ 		put_files_struct(displaced);
+ 	return retval;
+ 
++out_fail:
++#ifdef CONFIG_GRKERNSEC
++	current->acl = old_acl;
++	memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
++	fput(current->exec_file);
++	current->exec_file = old_exec_file;
++#endif
++
+ out:
+ 	if (bprm->mm)
+ 		mmput(bprm->mm);
+diff -urNp linux-2.6.29.6/fs/compat_ioctl.c linux-2.6.29.6/fs/compat_ioctl.c
+--- linux-2.6.29.6/fs/compat_ioctl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/compat_ioctl.c	2009-07-23 17:34:32.151817730 -0400
+@@ -1832,15 +1832,15 @@ struct ioctl_trans {
+ };
+ 
+ #define HANDLE_IOCTL(cmd,handler) \
+-	{ (cmd), (ioctl_trans_handler_t)(handler) },
++	{ (cmd), (ioctl_trans_handler_t)(handler), NULL },
+ 
+ /* pointer to compatible structure or no argument */
+ #define COMPATIBLE_IOCTL(cmd) \
+-	{ (cmd), do_ioctl32_pointer },
++	{ (cmd), do_ioctl32_pointer, NULL },
+ 
+ /* argument is an unsigned long integer, not a pointer */
+ #define ULONG_IOCTL(cmd) \
+-	{ (cmd), (ioctl_trans_handler_t)sys_ioctl },
++	{ (cmd), (ioctl_trans_handler_t)sys_ioctl, NULL },
+ 
+ /* ioctl should not be warned about even if it's not implemented.
+    Valid reasons to use this:
+diff -urNp linux-2.6.29.6/fs/configfs/dir.c linux-2.6.29.6/fs/configfs/dir.c
+--- linux-2.6.29.6/fs/configfs/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/configfs/dir.c	2009-07-23 18:40:28.343404417 -0400
+@@ -72,7 +72,7 @@ static int configfs_d_delete(struct dent
+ 	return 1;
+ }
+ 
+-static struct dentry_operations configfs_dentry_ops = {
++static const struct dentry_operations configfs_dentry_ops = {
+ 	.d_iput		= configfs_d_iput,
+ 	/* simple_delete_dentry() isn't exported */
+ 	.d_delete	= configfs_d_delete,
+diff -urNp linux-2.6.29.6/fs/debugfs/inode.c linux-2.6.29.6/fs/debugfs/inode.c
+--- linux-2.6.29.6/fs/debugfs/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/debugfs/inode.c	2009-07-23 17:34:32.151817730 -0400
+@@ -117,7 +117,7 @@ static inline int debugfs_positive(struc
+ 
+ static int debug_fill_super(struct super_block *sb, void *data, int silent)
+ {
+-	static struct tree_descr debug_files[] = {{""}};
++	static struct tree_descr debug_files[] = {{"", NULL, 0}};
+ 
+ 	return simple_fill_super(sb, DEBUGFS_MAGIC, debug_files);
+ }
+diff -urNp linux-2.6.29.6/fs/dlm/debug_fs.c linux-2.6.29.6/fs/dlm/debug_fs.c
+--- linux-2.6.29.6/fs/dlm/debug_fs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/dlm/debug_fs.c	2009-07-23 18:40:28.344280728 -0400
+@@ -386,9 +386,9 @@ static int table_seq_show(struct seq_fil
+ 	return rv;
+ }
+ 
+-static struct seq_operations format1_seq_ops;
+-static struct seq_operations format2_seq_ops;
+-static struct seq_operations format3_seq_ops;
++static const struct seq_operations format1_seq_ops;
++static const struct seq_operations format2_seq_ops;
++static const struct seq_operations format3_seq_ops;
+ 
+ static void *table_seq_start(struct seq_file *seq, loff_t *pos)
+ {
+@@ -534,21 +534,21 @@ static void table_seq_stop(struct seq_fi
+ 	}
+ }
+ 
+-static struct seq_operations format1_seq_ops = {
++static const struct seq_operations format1_seq_ops = {
+ 	.start = table_seq_start,
+ 	.next  = table_seq_next,
+ 	.stop  = table_seq_stop,
+ 	.show  = table_seq_show,
+ };
+ 
+-static struct seq_operations format2_seq_ops = {
++static const struct seq_operations format2_seq_ops = {
+ 	.start = table_seq_start,
+ 	.next  = table_seq_next,
+ 	.stop  = table_seq_stop,
+ 	.show  = table_seq_show,
+ };
+ 
+-static struct seq_operations format3_seq_ops = {
++static const struct seq_operations format3_seq_ops = {
+ 	.start = table_seq_start,
+ 	.next  = table_seq_next,
+ 	.stop  = table_seq_stop,
+diff -urNp linux-2.6.29.6/fs/ecryptfs/dentry.c linux-2.6.29.6/fs/ecryptfs/dentry.c
+--- linux-2.6.29.6/fs/ecryptfs/dentry.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ecryptfs/dentry.c	2009-07-23 18:40:28.358643960 -0400
+@@ -89,7 +89,7 @@ static void ecryptfs_d_release(struct de
+ 	return;
+ }
+ 
+-struct dentry_operations ecryptfs_dops = {
++const struct dentry_operations ecryptfs_dops = {
+ 	.d_revalidate = ecryptfs_d_revalidate,
+ 	.d_release = ecryptfs_d_release,
+ };
+diff -urNp linux-2.6.29.6/fs/ecryptfs/ecryptfs_kernel.h linux-2.6.29.6/fs/ecryptfs/ecryptfs_kernel.h
+--- linux-2.6.29.6/fs/ecryptfs/ecryptfs_kernel.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ecryptfs/ecryptfs_kernel.h	2009-07-23 18:40:28.368274094 -0400
+@@ -580,8 +580,8 @@ extern const struct inode_operations ecr
+ extern const struct inode_operations ecryptfs_dir_iops;
+ extern const struct inode_operations ecryptfs_symlink_iops;
+ extern const struct super_operations ecryptfs_sops;
+-extern struct dentry_operations ecryptfs_dops;
+-extern struct address_space_operations ecryptfs_aops;
++extern const struct dentry_operations ecryptfs_dops;
++extern const struct address_space_operations ecryptfs_aops;
+ extern int ecryptfs_verbosity;
+ extern unsigned int ecryptfs_message_buf_len;
+ extern signed long ecryptfs_message_wait_timeout;
+diff -urNp linux-2.6.29.6/fs/ecryptfs/mmap.c linux-2.6.29.6/fs/ecryptfs/mmap.c
+--- linux-2.6.29.6/fs/ecryptfs/mmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ecryptfs/mmap.c	2009-07-23 18:40:28.369285541 -0400
+@@ -534,7 +534,7 @@ static sector_t ecryptfs_bmap(struct add
+ 	return rc;
+ }
+ 
+-struct address_space_operations ecryptfs_aops = {
++const struct address_space_operations ecryptfs_aops = {
+ 	.writepage = ecryptfs_writepage,
+ 	.readpage = ecryptfs_readpage,
+ 	.write_begin = ecryptfs_write_begin,
+diff -urNp linux-2.6.29.6/fs/exec.c linux-2.6.29.6/fs/exec.c
+--- linux-2.6.29.6/fs/exec.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/exec.c	2009-07-23 17:34:32.152780047 -0400
+@@ -52,12 +52,24 @@
+ #include <linux/tracehook.h>
+ #include <linux/kmod.h>
+ #include <linux/fsnotify.h>
++#include <linux/random.h>
++#include <linux/seq_file.h>
++
++#ifdef CONFIG_PAX_REFCOUNT
++#include <linux/kallsyms.h>
++#include <linux/kdebug.h>
++#endif
+ 
+ #include <asm/uaccess.h>
+ #include <asm/mmu_context.h>
+ #include <asm/tlb.h>
+ #include "internal.h"
+ 
++#ifdef CONFIG_PAX_HOOK_ACL_FLAGS
++void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
++EXPORT_SYMBOL(pax_set_initial_flags_func);
++#endif
++
+ int core_uses_pid;
+ char core_pattern[CORENAME_MAX_SIZE] = "core";
+ int suid_dumpable = 0;
+@@ -169,18 +181,10 @@ static struct page *get_arg_page(struct 
+ 		int write)
+ {
+ 	struct page *page;
+-	int ret;
+ 
+-#ifdef CONFIG_STACK_GROWSUP
+-	if (write) {
+-		ret = expand_stack_downwards(bprm->vma, pos);
+-		if (ret < 0)
+-			return NULL;
+-	}
+-#endif
+-	ret = get_user_pages(current, bprm->mm, pos,
+-			1, write, 1, &page, NULL);
+-	if (ret <= 0)
++	if (0 > expand_stack_downwards(bprm->vma, pos))
++		return NULL;
++	if (0 >= get_user_pages(current, bprm->mm, pos, 1, write, 1, &page, NULL))
+ 		return NULL;
+ 
+ 	if (write) {
+@@ -252,6 +256,11 @@ static int __bprm_mm_init(struct linux_b
+ 	vma->vm_end = STACK_TOP_MAX;
+ 	vma->vm_start = vma->vm_end - PAGE_SIZE;
+ 	vma->vm_flags = VM_STACK_FLAGS;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	vma->vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
++#endif
++
+ 	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
+ 	err = insert_vm_struct(mm, vma);
+ 	if (err)
+@@ -260,6 +269,12 @@ static int __bprm_mm_init(struct linux_b
+ 	mm->stack_vm = mm->total_vm = 1;
+ 	up_write(&mm->mmap_sem);
+ 	bprm->p = vma->vm_end - sizeof(void *);
++
++#ifdef CONFIG_PAX_RANDUSTACK
++	if (randomize_va_space)
++		bprm->p ^= (pax_get_random_long() & ~15) & ~PAGE_MASK;
++#endif
++
+ 	return 0;
+ err:
+ 	up_write(&mm->mmap_sem);
+@@ -520,6 +535,10 @@ static int shift_arg_pages(struct vm_are
+ 	if (vma != find_vma(mm, new_start))
+ 		return -EFAULT;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	BUG_ON(pax_find_mirror_vma(vma));
++#endif
++
+ 	/*
+ 	 * cover the whole range: [new_start, old_end)
+ 	 */
+@@ -608,6 +627,14 @@ int setup_arg_pages(struct linux_binprm 
+ 	bprm->exec -= stack_shift;
+ 
+ 	down_write(&mm->mmap_sem);
++
++	/* Move stack pages down in memory. */
++	if (stack_shift) {
++		ret = shift_arg_pages(vma, stack_shift);
++		if (ret)
++			goto out_unlock;
++	}
++
+ 	vm_flags = VM_STACK_FLAGS;
+ 
+ 	/*
+@@ -621,21 +648,24 @@ int setup_arg_pages(struct linux_binprm 
+ 		vm_flags &= ~VM_EXEC;
+ 	vm_flags |= mm->def_flags;
+ 
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++	if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++		vm_flags &= ~VM_EXEC;
++
++#ifdef CONFIG_PAX_MPROTECT
++		if (mm->pax_flags & MF_PAX_MPROTECT)
++			vm_flags &= ~VM_MAYEXEC;
++#endif
++
++	}
++#endif
++
+ 	ret = mprotect_fixup(vma, &prev, vma->vm_start, vma->vm_end,
+ 			vm_flags);
+ 	if (ret)
+ 		goto out_unlock;
+ 	BUG_ON(prev != vma);
+ 
+-	/* Move stack pages down in memory. */
+-	if (stack_shift) {
+-		ret = shift_arg_pages(vma, stack_shift);
+-		if (ret) {
+-			up_write(&mm->mmap_sem);
+-			return ret;
+-		}
+-	}
+-
+ #ifdef CONFIG_STACK_GROWSUP
+ 	stack_base = vma->vm_end + EXTRA_STACK_VM_PAGES * PAGE_SIZE;
+ #else
+@@ -647,7 +677,7 @@ int setup_arg_pages(struct linux_binprm 
+ 
+ out_unlock:
+ 	up_write(&mm->mmap_sem);
+-	return 0;
++	return ret;
+ }
+ EXPORT_SYMBOL(setup_arg_pages);
+ 
+@@ -1066,7 +1096,7 @@ int check_unsafe_exec(struct linux_binpr
+ 	}
+ 	rcu_read_unlock();
+ 
+-	if (p->fs->users > n_fs) {
++	if (atomic_read(&p->fs->users) > n_fs) {
+ 		bprm->unsafe |= LSM_UNSAFE_SHARE;
+ 	} else {
+ 		res = -EAGAIN;
+@@ -1270,6 +1300,11 @@ int do_execve(char * filename,
+ 	char __user *__user *envp,
+ 	struct pt_regs * regs)
+ {
++#ifdef CONFIG_GRKERNSEC
++	struct file *old_exec_file;
++	struct acl_subject_label *old_acl;
++	struct rlimit old_rlim[RLIM_NLIMITS];
++#endif
+ 	struct linux_binprm *bprm;
+ 	struct file *file;
+ 	struct files_struct *displaced;
+@@ -1310,6 +1345,18 @@ int do_execve(char * filename,
+ 	bprm->filename = filename;
+ 	bprm->interp = filename;
+ 
++	gr_learn_resource(current, RLIMIT_NPROC, atomic_read(&current->cred->user->processes), 1);
++
++	if (gr_handle_nproc()) {
++		retval = -EAGAIN;
++		goto out_file;
++	}
++
++	if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) {
++		retval = -EACCES;
++		goto out_file;
++	}
++
+ 	retval = bprm_mm_init(bprm);
+ 	if (retval)
+ 		goto out_file;
+@@ -1339,10 +1386,41 @@ int do_execve(char * filename,
+ 	if (retval < 0)
+ 		goto out;
+ 
++	if (!gr_tpe_allow(file)) {
++		retval = -EACCES;
++		goto out;
++	}
++
++	if (gr_check_crash_exec(file)) {
++		retval = -EACCES;
++		goto out;
++	}
++
++	gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt);
++
++	gr_handle_exec_args(bprm, argv);
++
++#ifdef CONFIG_GRKERNSEC
++	old_acl = current->acl;
++	memcpy(old_rlim, current->signal->rlim, sizeof(old_rlim));
++	old_exec_file = current->exec_file;
++	get_file(file);
++	current->exec_file = file;
++#endif
++
++	retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt,
++				   bprm->unsafe & LSM_UNSAFE_SHARE);
++	if (retval < 0)
++		goto out_fail;
++
+ 	current->flags &= ~PF_KTHREAD;
+ 	retval = search_binary_handler(bprm,regs);
+ 	if (retval < 0)
+-		goto out;
++		goto out_fail;
++#ifdef CONFIG_GRKERNSEC
++	if (old_exec_file)
++		fput(old_exec_file);
++#endif
+ 
+ 	/* execve succeeded */
+ 	current->fs->in_exec = 0;
+@@ -1353,6 +1431,14 @@ int do_execve(char * filename,
+ 		put_files_struct(displaced);
+ 	return retval;
+ 
++out_fail:
++#ifdef CONFIG_GRKERNSEC
++	current->acl = old_acl;
++	memcpy(current->signal->rlim, old_rlim, sizeof(old_rlim));
++	fput(current->exec_file);
++	current->exec_file = old_exec_file;
++#endif
++
+ out:
+ 	if (bprm->mm)
+ 		mmput (bprm->mm);
+@@ -1520,6 +1606,164 @@ out:
+ 	return ispipe;
+ }
+ 
++int pax_check_flags(unsigned long *flags)
++{
++	int retval = 0;
++
++#if !defined(CONFIG_X86_32) || !defined(CONFIG_PAX_SEGMEXEC)
++	if (*flags & MF_PAX_SEGMEXEC)
++	{
++		*flags &= ~MF_PAX_SEGMEXEC;
++		retval = -EINVAL;
++	}
++#endif
++
++	if ((*flags & MF_PAX_PAGEEXEC)
++
++#ifdef CONFIG_PAX_PAGEEXEC
++	    &&  (*flags & MF_PAX_SEGMEXEC)
++#endif
++
++	   )
++	{
++		*flags &= ~MF_PAX_PAGEEXEC;
++		retval = -EINVAL;
++	}
++
++	if ((*flags & MF_PAX_MPROTECT)
++
++#ifdef CONFIG_PAX_MPROTECT
++	    && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
++#endif
++
++	   )
++	{
++		*flags &= ~MF_PAX_MPROTECT;
++		retval = -EINVAL;
++	}
++
++	if ((*flags & MF_PAX_EMUTRAMP)
++
++#ifdef CONFIG_PAX_EMUTRAMP
++	    && !(*flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC))
++#endif
++
++	   )
++	{
++		*flags &= ~MF_PAX_EMUTRAMP;
++		retval = -EINVAL;
++	}
++
++	return retval;
++}
++
++EXPORT_SYMBOL(pax_check_flags);
++
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
++{
++	struct task_struct *tsk = current;
++	struct mm_struct *mm = current->mm;
++	char *buffer_exec = (char *)__get_free_page(GFP_KERNEL);
++	char *buffer_fault = (char *)__get_free_page(GFP_KERNEL);
++	char *path_exec = NULL;
++	char *path_fault = NULL;
++	unsigned long start = 0UL, end = 0UL, offset = 0UL;
++
++	if (buffer_exec && buffer_fault) {
++		struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL;
++
++		down_read(&mm->mmap_sem);
++		vma = mm->mmap;
++		while (vma && (!vma_exec || !vma_fault)) {
++			if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file)
++				vma_exec = vma;
++			if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end)
++				vma_fault = vma;
++			vma = vma->vm_next;
++		}
++		if (vma_exec) {
++			path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
++			if (IS_ERR(path_exec))
++				path_exec = "<path too long>";
++			else {
++				path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\");
++				if (path_exec) {
++					*path_exec = 0;
++					path_exec = buffer_exec;
++				} else
++					path_exec = "<path too long>";
++			}
++		}
++		if (vma_fault) {
++			start = vma_fault->vm_start;
++			end = vma_fault->vm_end;
++			offset = vma_fault->vm_pgoff << PAGE_SHIFT;
++			if (vma_fault->vm_file) {
++				path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
++				if (IS_ERR(path_fault))
++					path_fault = "<path too long>";
++				else {
++					path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\");
++					if (path_fault) {
++						*path_fault = 0;
++						path_fault = buffer_fault;
++					} else
++						path_fault = "<path too long>";
++				}
++			} else
++				path_fault = "<anonymous mapping>";
++		}
++		up_read(&mm->mmap_sem);
++	}
++	if (tsk->signal->curr_ip)
++		printk(KERN_ERR "PAX: From %u.%u.%u.%u: execution attempt in: %s, %08lx-%08lx %08lx\n", NIPQUAD(tsk->signal->curr_ip), path_fault, start, end, offset);
++	else
++		printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset);
++	printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, "
++			"PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk),
++			task_uid(tsk), task_euid(tsk), pc, sp);
++	free_page((unsigned long)buffer_exec);
++	free_page((unsigned long)buffer_fault);
++	pax_report_insns(pc, sp);
++	do_coredump(SIGKILL, SIGKILL, regs);
++}
++#endif
++
++#ifdef CONFIG_PAX_REFCOUNT
++void pax_report_refcount_overflow(struct pt_regs *regs)
++{
++	if (current->signal->curr_ip)
++		printk(KERN_ERR "PAX: From %u.%u.%u.%u: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++				 NIPQUAD(current->signal->curr_ip), current->comm, task_pid_nr(current), current_uid(), current_euid());
++	else
++		printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n",
++				 current->comm, task_pid_nr(current), current_uid(), current_euid());
++	print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
++	show_registers(regs);
++	force_sig_specific(SIGKILL, current);
++}
++#endif
++
++#ifdef CONFIG_PAX_USERCOPY
++void pax_report_leak_to_user(const void *ptr, unsigned long len)
++{
++	if (current->signal->curr_ip)
++		printk(KERN_ERR "PAX: From %u.%u.%u.%u: kernel memory leak attempt detected from %p (%lu bytes)\n", NIPQUAD(current->signal->curr_ip), ptr, len);
++	else
++		printk(KERN_ERR "PAX: kernel memory leak attempt detected from %p (%lu bytes)\n", ptr, len);
++	dump_stack();
++	do_group_exit(SIGKILL);
++}
++
++void pax_report_overflow_from_user(const void *ptr, unsigned long len)
++{
++	printk(KERN_ERR "PAX: kernel memory overflow attempt detected to %p (%lu bytes)\n", ptr, len);
++	dump_stack();
++	do_group_exit(SIGKILL);
++}
++#endif
++
+ static int zap_process(struct task_struct *start)
+ {
+ 	struct task_struct *t;
+@@ -1779,6 +2023,10 @@ void do_coredump(long signr, int exit_co
+ 	 */
+ 	clear_thread_flag(TIF_SIGPENDING);
+ 
++	if (signr == SIGKILL || signr == SIGILL)
++		gr_handle_brute_attach(current);
++	gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1);
++
+ 	/*
+ 	 * lock_kernel() because format_corename() is controlled by sysctl, which
+ 	 * uses lock_kernel()
+diff -urNp linux-2.6.29.6/fs/ext2/balloc.c linux-2.6.29.6/fs/ext2/balloc.c
+--- linux-2.6.29.6/fs/ext2/balloc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext2/balloc.c	2009-07-23 17:34:32.152780047 -0400
+@@ -1192,7 +1192,7 @@ static int ext2_has_free_blocks(struct e
+ 
+ 	free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
+ 	root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
+-	if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
++	if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
+ 		sbi->s_resuid != current_fsuid() &&
+ 		(sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
+ 		return 0;
+diff -urNp linux-2.6.29.6/fs/ext3/balloc.c linux-2.6.29.6/fs/ext3/balloc.c
+--- linux-2.6.29.6/fs/ext3/balloc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext3/balloc.c	2009-07-23 17:34:32.153715921 -0400
+@@ -1421,7 +1421,7 @@ static int ext3_has_free_blocks(struct e
+ 
+ 	free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter);
+ 	root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count);
+-	if (free_blocks < root_blocks + 1 && !capable(CAP_SYS_RESOURCE) &&
++	if (free_blocks < root_blocks + 1 && !capable_nolog(CAP_SYS_RESOURCE) &&
+ 		sbi->s_resuid != current_fsuid() &&
+ 		(sbi->s_resgid == 0 || !in_group_p (sbi->s_resgid))) {
+ 		return 0;
+diff -urNp linux-2.6.29.6/fs/ext3/namei.c linux-2.6.29.6/fs/ext3/namei.c
+--- linux-2.6.29.6/fs/ext3/namei.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext3/namei.c	2009-07-23 17:34:32.153715921 -0400
+@@ -1159,7 +1159,7 @@ static struct ext3_dir_entry_2 *do_split
+ 	char *data1 = (*bh)->b_data, *data2;
+ 	unsigned split, move, size;
+ 	struct ext3_dir_entry_2 *de = NULL, *de2;
+-	int	err = 0, i;
++	int	i, err = 0;
+ 
+ 	bh2 = ext3_append (handle, dir, &newblock, &err);
+ 	if (!(bh2)) {
+diff -urNp linux-2.6.29.6/fs/ext3/xattr.c linux-2.6.29.6/fs/ext3/xattr.c
+--- linux-2.6.29.6/fs/ext3/xattr.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext3/xattr.c	2009-07-23 17:34:32.154747281 -0400
+@@ -89,8 +89,8 @@
+ 		printk("\n"); \
+ 	} while (0)
+ #else
+-# define ea_idebug(f...)
+-# define ea_bdebug(f...)
++# define ea_idebug(f...) do {} while (0)
++# define ea_bdebug(f...) do {} while (0)
+ #endif
+ 
+ static void ext3_xattr_cache_insert(struct buffer_head *);
+diff -urNp linux-2.6.29.6/fs/ext4/balloc.c linux-2.6.29.6/fs/ext4/balloc.c
+--- linux-2.6.29.6/fs/ext4/balloc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext4/balloc.c	2009-07-23 17:34:32.154747281 -0400
+@@ -577,7 +577,7 @@ int ext4_has_free_blocks(struct ext4_sb_
+ 	/* Hm, nope.  Are (enough) root reserved blocks available? */
+ 	if (sbi->s_resuid == current_fsuid() ||
+ 	    ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) ||
+-	    capable(CAP_SYS_RESOURCE)) {
++	    capable_nolog(CAP_SYS_RESOURCE)) {
+ 		if (free_blocks >= (nblocks + dirty_blocks))
+ 			return 1;
+ 	}
+diff -urNp linux-2.6.29.6/fs/ext4/file.c linux-2.6.29.6/fs/ext4/file.c
+--- linux-2.6.29.6/fs/ext4/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext4/file.c	2009-07-23 18:40:28.377699187 -0400
+@@ -128,7 +128,7 @@ force_commit:
+ 	return ret;
+ }
+ 
+-static struct vm_operations_struct ext4_file_vm_ops = {
++static const struct vm_operations_struct ext4_file_vm_ops = {
+ 	.fault		= filemap_fault,
+ 	.page_mkwrite   = ext4_page_mkwrite,
+ };
+diff -urNp linux-2.6.29.6/fs/ext4/mballoc.c linux-2.6.29.6/fs/ext4/mballoc.c
+--- linux-2.6.29.6/fs/ext4/mballoc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext4/mballoc.c	2009-07-23 18:40:28.389509253 -0400
+@@ -2215,7 +2215,7 @@ static void ext4_mb_seq_history_stop(str
+ {
+ }
+ 
+-static struct seq_operations ext4_mb_seq_history_ops = {
++static const struct seq_operations ext4_mb_seq_history_ops = {
+ 	.start  = ext4_mb_seq_history_start,
+ 	.next   = ext4_mb_seq_history_next,
+ 	.stop   = ext4_mb_seq_history_stop,
+@@ -2297,7 +2297,7 @@ static ssize_t ext4_mb_seq_history_write
+ 	return count;
+ }
+ 
+-static struct file_operations ext4_mb_seq_history_fops = {
++static const struct file_operations ext4_mb_seq_history_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.open		= ext4_mb_seq_history_open,
+ 	.read		= seq_read,
+@@ -2379,7 +2379,7 @@ static void ext4_mb_seq_groups_stop(stru
+ {
+ }
+ 
+-static struct seq_operations ext4_mb_seq_groups_ops = {
++static const struct seq_operations ext4_mb_seq_groups_ops = {
+ 	.start  = ext4_mb_seq_groups_start,
+ 	.next   = ext4_mb_seq_groups_next,
+ 	.stop   = ext4_mb_seq_groups_stop,
+@@ -2400,7 +2400,7 @@ static int ext4_mb_seq_groups_open(struc
+ 
+ }
+ 
+-static struct file_operations ext4_mb_seq_groups_fops = {
++static const struct file_operations ext4_mb_seq_groups_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.open		= ext4_mb_seq_groups_open,
+ 	.read		= seq_read,
+diff -urNp linux-2.6.29.6/fs/ext4/namei.c linux-2.6.29.6/fs/ext4/namei.c
+--- linux-2.6.29.6/fs/ext4/namei.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ext4/namei.c	2009-07-23 17:34:32.154747281 -0400
+@@ -1177,7 +1177,7 @@ static struct ext4_dir_entry_2 *do_split
+ 	char *data1 = (*bh)->b_data, *data2;
+ 	unsigned split, move, size;
+ 	struct ext4_dir_entry_2 *de = NULL, *de2;
+-	int	err = 0, i;
++	int	i, err = 0;
+ 
+ 	bh2 = ext4_append (handle, dir, &newblock, &err);
+ 	if (!(bh2)) {
+diff -urNp linux-2.6.29.6/fs/fat/namei_msdos.c linux-2.6.29.6/fs/fat/namei_msdos.c
+--- linux-2.6.29.6/fs/fat/namei_msdos.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fat/namei_msdos.c	2009-07-23 18:40:28.403484970 -0400
+@@ -188,7 +188,7 @@ old_compare:
+ 	goto out;
+ }
+ 
+-static struct dentry_operations msdos_dentry_operations = {
++static const struct dentry_operations msdos_dentry_operations = {
+ 	.d_hash		= msdos_hash,
+ 	.d_compare	= msdos_cmp,
+ };
+diff -urNp linux-2.6.29.6/fs/fat/namei_vfat.c linux-2.6.29.6/fs/fat/namei_vfat.c
+--- linux-2.6.29.6/fs/fat/namei_vfat.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fat/namei_vfat.c	2009-07-23 18:40:28.405445251 -0400
+@@ -166,13 +166,13 @@ static int vfat_cmp(struct dentry *dentr
+ 	return 1;
+ }
+ 
+-static struct dentry_operations vfat_ci_dentry_ops = {
++static const struct dentry_operations vfat_ci_dentry_ops = {
+ 	.d_revalidate	= vfat_revalidate_ci,
+ 	.d_hash		= vfat_hashi,
+ 	.d_compare	= vfat_cmpi,
+ };
+ 
+-static struct dentry_operations vfat_dentry_ops = {
++static const struct dentry_operations vfat_dentry_ops = {
+ 	.d_revalidate	= vfat_revalidate,
+ 	.d_hash		= vfat_hash,
+ 	.d_compare	= vfat_cmp,
+diff -urNp linux-2.6.29.6/fs/fcntl.c linux-2.6.29.6/fs/fcntl.c
+--- linux-2.6.29.6/fs/fcntl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fcntl.c	2009-07-23 17:34:32.155702568 -0400
+@@ -269,6 +269,7 @@ static long do_fcntl(int fd, unsigned in
+ 	switch (cmd) {
+ 	case F_DUPFD:
+ 	case F_DUPFD_CLOEXEC:
++		gr_learn_resource(current, RLIMIT_NOFILE, arg, 0);
+ 		if (arg >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
+ 			break;
+ 		err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0);
+@@ -419,7 +420,8 @@ static inline int sigio_perm(struct task
+ 	ret = ((fown->euid == 0 ||
+ 		fown->euid == cred->suid || fown->euid == cred->uid ||
+ 		fown->uid  == cred->suid || fown->uid  == cred->uid) &&
+-	       !security_file_send_sigiotask(p, fown, sig));
++	       !security_file_send_sigiotask(p, fown, sig) &&
++	       !gr_check_protected_task(p) && !gr_pid_is_chrooted(p));
+ 	rcu_read_unlock();
+ 	return ret;
+ }
+diff -urNp linux-2.6.29.6/fs/file.c linux-2.6.29.6/fs/file.c
+--- linux-2.6.29.6/fs/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/file.c	2009-07-23 17:34:32.155702568 -0400
+@@ -13,6 +13,7 @@
+ #include <linux/slab.h>
+ #include <linux/vmalloc.h>
+ #include <linux/file.h>
++#include <linux/security.h>
+ #include <linux/fdtable.h>
+ #include <linux/bitops.h>
+ #include <linux/interrupt.h>
+@@ -256,6 +257,8 @@ int expand_files(struct files_struct *fi
+ 	 * N.B. For clone tasks sharing a files structure, this test
+ 	 * will limit the total number of files that can be opened.
+ 	 */
++
++	gr_learn_resource(current, RLIMIT_NOFILE, nr, 0);
+ 	if (nr >= current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
+ 		return -EMFILE;
+ 
+diff -urNp linux-2.6.29.6/fs/fs_struct.c linux-2.6.29.6/fs/fs_struct.c
+--- linux-2.6.29.6/fs/fs_struct.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fs_struct.c	2009-07-23 17:34:32.155702568 -0400
+@@ -88,7 +88,7 @@ void exit_fs(struct task_struct *tsk)
+ 		task_lock(tsk);
+ 		write_lock(&fs->lock);
+ 		tsk->fs = NULL;
+-		kill = !--fs->users;
++		kill = !atomic_dec_return(&fs->users);
+ 		write_unlock(&fs->lock);
+ 		task_unlock(tsk);
+ 		if (kill)
+@@ -101,7 +101,7 @@ struct fs_struct *copy_fs_struct(struct 
+ 	struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL);
+ 	/* We don't need to lock fs - think why ;-) */
+ 	if (fs) {
+-		fs->users = 1;
++		atomic_set(&fs->users, 1);
+ 		fs->in_exec = 0;
+ 		rwlock_init(&fs->lock);
+ 		fs->umask = old->umask;
+@@ -126,7 +126,7 @@ int unshare_fs_struct(void)
+ 
+ 	task_lock(current);
+ 	write_lock(&fs->lock);
+-	kill = !--fs->users;
++	kill = !atomic_dec_return(&fs->users);
+ 	current->fs = new_fs;
+ 	write_unlock(&fs->lock);
+ 	task_unlock(current);
+@@ -140,7 +140,7 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct);
+ 
+ /* to be mentioned only in INIT_TASK */
+ struct fs_struct init_fs = {
+-	.users		= 1,
++	.users		= ATOMIC_INIT(1),
+ 	.lock		= __RW_LOCK_UNLOCKED(init_fs.lock),
+ 	.umask		= 0022,
+ };
+@@ -155,12 +155,12 @@ void daemonize_fs_struct(void)
+ 		task_lock(current);
+ 
+ 		write_lock(&init_fs.lock);
+-		init_fs.users++;
++		atomic_inc(&init_fs.users);
+ 		write_unlock(&init_fs.lock);
+ 
+ 		write_lock(&fs->lock);
+ 		current->fs = &init_fs;
+-		kill = !--fs->users;
++		kill = !atomic_dec_return(&fs->users);
+ 		write_unlock(&fs->lock);
+ 
+ 		task_unlock(current);
+diff -urNp linux-2.6.29.6/fs/fuse/control.c linux-2.6.29.6/fs/fuse/control.c
+--- linux-2.6.29.6/fs/fuse/control.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fuse/control.c	2009-07-23 17:34:32.155702568 -0400
+@@ -161,7 +161,7 @@ void fuse_ctl_remove_conn(struct fuse_co
+ 
+ static int fuse_ctl_fill_super(struct super_block *sb, void *data, int silent)
+ {
+-	struct tree_descr empty_descr = {""};
++	struct tree_descr empty_descr = {"", NULL, 0};
+ 	struct fuse_conn *fc;
+ 	int err;
+ 
+diff -urNp linux-2.6.29.6/fs/fuse/dir.c linux-2.6.29.6/fs/fuse/dir.c
+--- linux-2.6.29.6/fs/fuse/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fuse/dir.c	2009-07-23 18:40:27.470335769 -0400
+@@ -224,7 +224,7 @@ static int invalid_nodeid(u64 nodeid)
+ 	return !nodeid || nodeid == FUSE_ROOT_ID;
+ }
+ 
+-struct dentry_operations fuse_dentry_operations = {
++const struct dentry_operations fuse_dentry_operations = {
+ 	.d_revalidate	= fuse_dentry_revalidate,
+ };
+ 
+@@ -1081,7 +1081,7 @@ static char *read_link(struct dentry *de
+ 	return link;
+ }
+ 
+-static void free_link(char *link)
++static void free_link(const char *link)
+ {
+ 	if (!IS_ERR(link))
+ 		free_page((unsigned long) link);
+diff -urNp linux-2.6.29.6/fs/fuse/file.c linux-2.6.29.6/fs/fuse/file.c
+--- linux-2.6.29.6/fs/fuse/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fuse/file.c	2009-07-23 18:40:28.411550599 -0400
+@@ -1247,7 +1247,7 @@ static int fuse_page_mkwrite(struct vm_a
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct fuse_file_vm_ops = {
++static const struct vm_operations_struct fuse_file_vm_ops = {
+ 	.close		= fuse_vma_close,
+ 	.fault		= filemap_fault,
+ 	.page_mkwrite	= fuse_page_mkwrite,
+diff -urNp linux-2.6.29.6/fs/fuse/fuse_i.h linux-2.6.29.6/fs/fuse/fuse_i.h
+--- linux-2.6.29.6/fs/fuse/fuse_i.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/fuse/fuse_i.h	2009-07-23 18:40:28.412448044 -0400
+@@ -493,7 +493,7 @@ static inline u64 get_node_id(struct ino
+ /** Device operations */
+ extern const struct file_operations fuse_dev_operations;
+ 
+-extern struct dentry_operations fuse_dentry_operations;
++extern const struct dentry_operations fuse_dentry_operations;
+ 
+ /**
+  * Get a filled in inode
+diff -urNp linux-2.6.29.6/fs/gfs2/ops_dentry.c linux-2.6.29.6/fs/gfs2/ops_dentry.c
+--- linux-2.6.29.6/fs/gfs2/ops_dentry.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/gfs2/ops_dentry.c	2009-07-23 18:40:28.417529345 -0400
+@@ -108,7 +108,7 @@ static int gfs2_dhash(struct dentry *den
+ 	return 0;
+ }
+ 
+-struct dentry_operations gfs2_dops = {
++const struct dentry_operations gfs2_dops = {
+ 	.d_revalidate = gfs2_drevalidate,
+ 	.d_hash = gfs2_dhash,
+ };
+diff -urNp linux-2.6.29.6/fs/gfs2/ops_file.c linux-2.6.29.6/fs/gfs2/ops_file.c
+--- linux-2.6.29.6/fs/gfs2/ops_file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/gfs2/ops_file.c	2009-07-23 18:40:28.423342085 -0400
+@@ -417,7 +417,7 @@ out:
+ 	return ret;
+ }
+ 
+-static struct vm_operations_struct gfs2_vm_ops = {
++static const struct vm_operations_struct gfs2_vm_ops = {
+ 	.fault = filemap_fault,
+ 	.page_mkwrite = gfs2_page_mkwrite,
+ };
+diff -urNp linux-2.6.29.6/fs/gfs2/super.h linux-2.6.29.6/fs/gfs2/super.h
+--- linux-2.6.29.6/fs/gfs2/super.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/gfs2/super.h	2009-07-23 18:40:28.431261400 -0400
+@@ -47,7 +47,7 @@ extern struct file_system_type gfs2_fs_t
+ extern struct file_system_type gfs2meta_fs_type;
+ extern const struct export_operations gfs2_export_ops;
+ extern const struct super_operations gfs2_super_ops;
+-extern struct dentry_operations gfs2_dops;
++extern const struct dentry_operations gfs2_dops;
+ 
+ #endif /* __SUPER_DOT_H__ */
+ 
+diff -urNp linux-2.6.29.6/fs/hfs/inode.c linux-2.6.29.6/fs/hfs/inode.c
+--- linux-2.6.29.6/fs/hfs/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/hfs/inode.c	2009-07-23 17:34:32.156720374 -0400
+@@ -419,7 +419,7 @@ int hfs_write_inode(struct inode *inode,
+ 
+ 	if (S_ISDIR(main_inode->i_mode)) {
+ 		if (fd.entrylength < sizeof(struct hfs_cat_dir))
+-			/* panic? */;
++			{/* panic? */}
+ 		hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
+ 			   sizeof(struct hfs_cat_dir));
+ 		if (rec.type != HFS_CDR_DIR ||
+@@ -440,7 +440,7 @@ int hfs_write_inode(struct inode *inode,
+ 				sizeof(struct hfs_cat_file));
+ 	} else {
+ 		if (fd.entrylength < sizeof(struct hfs_cat_file))
+-			/* panic? */;
++			{/* panic? */}
+ 		hfs_bnode_read(fd.bnode, &rec, fd.entryoffset,
+ 			   sizeof(struct hfs_cat_file));
+ 		if (rec.type != HFS_CDR_FIL ||
+diff -urNp linux-2.6.29.6/fs/hfsplus/hfsplus_fs.h linux-2.6.29.6/fs/hfsplus/hfsplus_fs.h
+--- linux-2.6.29.6/fs/hfsplus/hfsplus_fs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/hfsplus/hfsplus_fs.h	2009-07-23 18:40:28.441324863 -0400
+@@ -327,7 +327,7 @@ void hfsplus_file_truncate(struct inode 
+ /* inode.c */
+ extern const struct address_space_operations hfsplus_aops;
+ extern const struct address_space_operations hfsplus_btree_aops;
+-extern struct dentry_operations hfsplus_dentry_operations;
++extern const struct dentry_operations hfsplus_dentry_operations;
+ 
+ void hfsplus_inode_read_fork(struct inode *, struct hfsplus_fork_raw *);
+ void hfsplus_inode_write_fork(struct inode *, struct hfsplus_fork_raw *);
+diff -urNp linux-2.6.29.6/fs/hfsplus/inode.c linux-2.6.29.6/fs/hfsplus/inode.c
+--- linux-2.6.29.6/fs/hfsplus/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/hfsplus/inode.c	2009-07-23 18:40:27.470335769 -0400
+@@ -137,7 +137,7 @@ const struct address_space_operations hf
+ 	.writepages	= hfsplus_writepages,
+ };
+ 
+-struct dentry_operations hfsplus_dentry_operations = {
++const struct dentry_operations hfsplus_dentry_operations = {
+ 	.d_hash       = hfsplus_hash_dentry,
+ 	.d_compare    = hfsplus_compare_dentry,
+ };
+@@ -406,7 +406,7 @@ int hfsplus_cat_read_inode(struct inode 
+ 		struct hfsplus_cat_folder *folder = &entry.folder;
+ 
+ 		if (fd->entrylength < sizeof(struct hfsplus_cat_folder))
+-			/* panic? */;
++			{/* panic? */}
+ 		hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
+ 					sizeof(struct hfsplus_cat_folder));
+ 		hfsplus_get_perms(inode, &folder->permissions, 1);
+@@ -423,7 +423,7 @@ int hfsplus_cat_read_inode(struct inode 
+ 		struct hfsplus_cat_file *file = &entry.file;
+ 
+ 		if (fd->entrylength < sizeof(struct hfsplus_cat_file))
+-			/* panic? */;
++			{/* panic? */}
+ 		hfs_bnode_read(fd->bnode, &entry, fd->entryoffset,
+ 					sizeof(struct hfsplus_cat_file));
+ 
+@@ -479,7 +479,7 @@ int hfsplus_cat_write_inode(struct inode
+ 		struct hfsplus_cat_folder *folder = &entry.folder;
+ 
+ 		if (fd.entrylength < sizeof(struct hfsplus_cat_folder))
+-			/* panic? */;
++			{/* panic? */}
+ 		hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
+ 					sizeof(struct hfsplus_cat_folder));
+ 		/* simple node checks? */
+@@ -501,7 +501,7 @@ int hfsplus_cat_write_inode(struct inode
+ 		struct hfsplus_cat_file *file = &entry.file;
+ 
+ 		if (fd.entrylength < sizeof(struct hfsplus_cat_file))
+-			/* panic? */;
++			{/* panic? */}
+ 		hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
+ 					sizeof(struct hfsplus_cat_file));
+ 		hfsplus_inode_write_fork(inode, &file->data_fork);
+diff -urNp linux-2.6.29.6/fs/hostfs/hostfs_kern.c linux-2.6.29.6/fs/hostfs/hostfs_kern.c
+--- linux-2.6.29.6/fs/hostfs/hostfs_kern.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/hostfs/hostfs_kern.c	2009-07-23 18:40:28.461464563 -0400
+@@ -36,7 +36,7 @@ int hostfs_d_delete(struct dentry *dentr
+ 	return 1;
+ }
+ 
+-struct dentry_operations hostfs_dentry_ops = {
++const struct dentry_operations hostfs_dentry_ops = {
+ 	.d_delete		= hostfs_d_delete,
+ };
+ 
+diff -urNp linux-2.6.29.6/fs/hpfs/dentry.c linux-2.6.29.6/fs/hpfs/dentry.c
+--- linux-2.6.29.6/fs/hpfs/dentry.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/hpfs/dentry.c	2009-07-23 18:40:28.465659763 -0400
+@@ -49,7 +49,7 @@ static int hpfs_compare_dentry(struct de
+ 	return 0;
+ }
+ 
+-static struct dentry_operations hpfs_dentry_operations = {
++static const struct dentry_operations hpfs_dentry_operations = {
+ 	.d_hash		= hpfs_hash_dentry,
+ 	.d_compare	= hpfs_compare_dentry,
+ };
+diff -urNp linux-2.6.29.6/fs/isofs/inode.c linux-2.6.29.6/fs/isofs/inode.c
+--- linux-2.6.29.6/fs/isofs/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/isofs/inode.c	2009-07-23 18:40:28.473700311 -0400
+@@ -114,7 +114,7 @@ static const struct super_operations iso
+ };
+ 
+ 
+-static struct dentry_operations isofs_dentry_ops[] = {
++static const struct dentry_operations isofs_dentry_ops[] = {
+ 	{
+ 		.d_hash		= isofs_hash,
+ 		.d_compare	= isofs_dentry_cmp,
+diff -urNp linux-2.6.29.6/fs/jbd2/journal.c linux-2.6.29.6/fs/jbd2/journal.c
+--- linux-2.6.29.6/fs/jbd2/journal.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/jbd2/journal.c	2009-07-23 18:40:28.491739581 -0400
+@@ -762,7 +762,7 @@ static void jbd2_seq_history_stop(struct
+ {
+ }
+ 
+-static struct seq_operations jbd2_seq_history_ops = {
++static const struct seq_operations jbd2_seq_history_ops = {
+ 	.start  = jbd2_seq_history_start,
+ 	.next   = jbd2_seq_history_next,
+ 	.stop   = jbd2_seq_history_stop,
+@@ -812,7 +812,7 @@ static int jbd2_seq_history_release(stru
+ 	return seq_release(inode, file);
+ }
+ 
+-static struct file_operations jbd2_seq_history_fops = {
++static const struct file_operations jbd2_seq_history_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.open           = jbd2_seq_history_open,
+ 	.read           = seq_read,
+@@ -866,7 +866,7 @@ static void jbd2_seq_info_stop(struct se
+ {
+ }
+ 
+-static struct seq_operations jbd2_seq_info_ops = {
++static const struct seq_operations jbd2_seq_info_ops = {
+ 	.start  = jbd2_seq_info_start,
+ 	.next   = jbd2_seq_info_next,
+ 	.stop   = jbd2_seq_info_stop,
+@@ -914,7 +914,7 @@ static int jbd2_seq_info_release(struct 
+ 	return seq_release(inode, file);
+ }
+ 
+-static struct file_operations jbd2_seq_info_fops = {
++static const struct file_operations jbd2_seq_info_fops = {
+ 	.owner		= THIS_MODULE,
+ 	.open           = jbd2_seq_info_open,
+ 	.read           = seq_read,
+diff -urNp linux-2.6.29.6/fs/jffs2/debug.h linux-2.6.29.6/fs/jffs2/debug.h
+--- linux-2.6.29.6/fs/jffs2/debug.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/jffs2/debug.h	2009-07-23 17:34:32.156720374 -0400
+@@ -52,13 +52,13 @@
+ #if CONFIG_JFFS2_FS_DEBUG > 0
+ #define D1(x) x
+ #else
+-#define D1(x)
++#define D1(x) do {} while (0);
+ #endif
+ 
+ #if CONFIG_JFFS2_FS_DEBUG > 1
+ #define D2(x) x
+ #else
+-#define D2(x)
++#define D2(x) do {} while (0);
+ #endif
+ 
+ /* The prefixes of JFFS2 messages */
+@@ -114,73 +114,73 @@
+ #ifdef JFFS2_DBG_READINODE_MESSAGES
+ #define dbg_readinode(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_readinode(fmt, ...)
++#define dbg_readinode(fmt, ...)	do {} while (0)
+ #endif
+ #ifdef JFFS2_DBG_READINODE2_MESSAGES
+ #define dbg_readinode2(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_readinode2(fmt, ...)
++#define dbg_readinode2(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* Fragtree build debugging messages */
+ #ifdef JFFS2_DBG_FRAGTREE_MESSAGES
+ #define dbg_fragtree(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_fragtree(fmt, ...)
++#define dbg_fragtree(fmt, ...)	do {} while (0)
+ #endif
+ #ifdef JFFS2_DBG_FRAGTREE2_MESSAGES
+ #define dbg_fragtree2(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_fragtree2(fmt, ...)
++#define dbg_fragtree2(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* Directory entry list manilulation debugging messages */
+ #ifdef JFFS2_DBG_DENTLIST_MESSAGES
+ #define dbg_dentlist(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_dentlist(fmt, ...)
++#define dbg_dentlist(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* Print the messages about manipulating node_refs */
+ #ifdef JFFS2_DBG_NODEREF_MESSAGES
+ #define dbg_noderef(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_noderef(fmt, ...)
++#define dbg_noderef(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* Manipulations with the list of inodes (JFFS2 inocache) */
+ #ifdef JFFS2_DBG_INOCACHE_MESSAGES
+ #define dbg_inocache(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_inocache(fmt, ...)
++#define dbg_inocache(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* Summary debugging messages */
+ #ifdef JFFS2_DBG_SUMMARY_MESSAGES
+ #define dbg_summary(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_summary(fmt, ...)
++#define dbg_summary(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* File system build messages */
+ #ifdef JFFS2_DBG_FSBUILD_MESSAGES
+ #define dbg_fsbuild(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_fsbuild(fmt, ...)
++#define dbg_fsbuild(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* Watch the object allocations */
+ #ifdef JFFS2_DBG_MEMALLOC_MESSAGES
+ #define dbg_memalloc(fmt, ...)	JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_memalloc(fmt, ...)
++#define dbg_memalloc(fmt, ...)	do {} while (0)
+ #endif
+ 
+ /* Watch the XATTR subsystem */
+ #ifdef JFFS2_DBG_XATTR_MESSAGES
+ #define dbg_xattr(fmt, ...)  JFFS2_DEBUG(fmt, ##__VA_ARGS__)
+ #else
+-#define dbg_xattr(fmt, ...)
++#define dbg_xattr(fmt, ...)	do {} while (0)
+ #endif 
+ 
+ /* "Sanity" checks */
+diff -urNp linux-2.6.29.6/fs/jffs2/erase.c linux-2.6.29.6/fs/jffs2/erase.c
+--- linux-2.6.29.6/fs/jffs2/erase.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/jffs2/erase.c	2009-07-23 17:34:32.157742760 -0400
+@@ -432,7 +432,8 @@ static void jffs2_mark_erased_block(stru
+ 		struct jffs2_unknown_node marker = {
+ 			.magic =	cpu_to_je16(JFFS2_MAGIC_BITMASK),
+ 			.nodetype =	cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
+-			.totlen =	cpu_to_je32(c->cleanmarker_size)
++			.totlen =	cpu_to_je32(c->cleanmarker_size),
++			.hdr_crc =	cpu_to_je32(0)
+ 		};
+ 
+ 		jffs2_prealloc_raw_node_refs(c, jeb, 1);
+diff -urNp linux-2.6.29.6/fs/jffs2/summary.h linux-2.6.29.6/fs/jffs2/summary.h
+--- linux-2.6.29.6/fs/jffs2/summary.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/jffs2/summary.h	2009-07-23 17:34:32.157742760 -0400
+@@ -194,18 +194,18 @@ int jffs2_sum_scan_sumnode(struct jffs2_
+ 
+ #define jffs2_sum_active() (0)
+ #define jffs2_sum_init(a) (0)
+-#define jffs2_sum_exit(a)
+-#define jffs2_sum_disable_collecting(a)
++#define jffs2_sum_exit(a) do {} while (0)
++#define jffs2_sum_disable_collecting(a) do {} while (0)
+ #define jffs2_sum_is_disabled(a) (0)
+-#define jffs2_sum_reset_collected(a)
++#define jffs2_sum_reset_collected(a) do {} while (0)
+ #define jffs2_sum_add_kvec(a,b,c,d) (0)
+-#define jffs2_sum_move_collected(a,b)
++#define jffs2_sum_move_collected(a,b) do {} while (0)
+ #define jffs2_sum_write_sumnode(a) (0)
+-#define jffs2_sum_add_padding_mem(a,b)
+-#define jffs2_sum_add_inode_mem(a,b,c)
+-#define jffs2_sum_add_dirent_mem(a,b,c)
+-#define jffs2_sum_add_xattr_mem(a,b,c)
+-#define jffs2_sum_add_xref_mem(a,b,c)
++#define jffs2_sum_add_padding_mem(a,b) do {} while (0)
++#define jffs2_sum_add_inode_mem(a,b,c) do {} while (0)
++#define jffs2_sum_add_dirent_mem(a,b,c) do {} while (0)
++#define jffs2_sum_add_xattr_mem(a,b,c) do {} while (0)
++#define jffs2_sum_add_xref_mem(a,b,c) do {} while (0)
+ #define jffs2_sum_scan_sumnode(a,b,c,d,e) (0)
+ 
+ #endif /* CONFIG_JFFS2_SUMMARY */
+diff -urNp linux-2.6.29.6/fs/jffs2/wbuf.c linux-2.6.29.6/fs/jffs2/wbuf.c
+--- linux-2.6.29.6/fs/jffs2/wbuf.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/jffs2/wbuf.c	2009-07-23 17:34:32.157742760 -0400
+@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node o
+ {
+ 	.magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK),
+ 	.nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER),
+-	.totlen = constant_cpu_to_je32(8)
++	.totlen = constant_cpu_to_je32(8),
++	.hdr_crc = constant_cpu_to_je32(0)
+ };
+ 
+ /*
+diff -urNp linux-2.6.29.6/fs/locks.c linux-2.6.29.6/fs/locks.c
+--- linux-2.6.29.6/fs/locks.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/locks.c	2009-07-23 17:34:32.158731356 -0400
+@@ -2006,16 +2006,16 @@ void locks_remove_flock(struct file *fil
+ 		return;
+ 
+ 	if (filp->f_op && filp->f_op->flock) {
+-		struct file_lock fl = {
++		struct file_lock flock = {
+ 			.fl_pid = current->tgid,
+ 			.fl_file = filp,
+ 			.fl_flags = FL_FLOCK,
+ 			.fl_type = F_UNLCK,
+ 			.fl_end = OFFSET_MAX,
+ 		};
+-		filp->f_op->flock(filp, F_SETLKW, &fl);
+-		if (fl.fl_ops && fl.fl_ops->fl_release_private)
+-			fl.fl_ops->fl_release_private(&fl);
++		filp->f_op->flock(filp, F_SETLKW, &flock);
++		if (flock.fl_ops && flock.fl_ops->fl_release_private)
++			flock.fl_ops->fl_release_private(&flock);
+ 	}
+ 
+ 	lock_kernel();
+diff -urNp linux-2.6.29.6/fs/namei.c linux-2.6.29.6/fs/namei.c
+--- linux-2.6.29.6/fs/namei.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/namei.c	2009-07-23 17:34:32.158731356 -0400
+@@ -622,7 +622,7 @@ static __always_inline int __do_follow_l
+ 	cookie = dentry->d_inode->i_op->follow_link(dentry, nd);
+ 	error = PTR_ERR(cookie);
+ 	if (!IS_ERR(cookie)) {
+-		char *s = nd_get_link(nd);
++		const char *s = nd_get_link(nd);
+ 		error = 0;
+ 		if (s)
+ 			error = __vfs_follow_link(nd, s);
+@@ -653,6 +653,13 @@ static inline int do_follow_link(struct 
+ 	err = security_inode_follow_link(path->dentry, nd);
+ 	if (err)
+ 		goto loop;
++
++	if (gr_handle_follow_link(path->dentry->d_parent->d_inode,
++				  path->dentry->d_inode, path->dentry, nd->path.mnt)) {
++		err = -EACCES;
++		goto loop;
++	}
++
+ 	current->link_count++;
+ 	current->total_link_count++;
+ 	nd->depth++;
+@@ -996,11 +1003,18 @@ return_reval:
+ 				break;
+ 		}
+ return_base:
++		if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) {
++			path_put(&nd->path);
++			return -ENOENT;
++		}
+ 		return 0;
+ out_dput:
+ 		path_put_conditional(&next, nd);
+ 		break;
+ 	}
++	if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt))
++		err = -ENOENT;
++
+ 	path_put(&nd->path);
+ return_err:
+ 	return err;
+@@ -1571,12 +1585,19 @@ static int __open_namei_create(struct na
+ 	int error;
+ 	struct dentry *dir = nd->path.dentry;
+ 
++	if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, nd->path.mnt, flag, mode)) {
++		error = -EACCES;
++		goto out_unlock;
++	}
++
+ 	if (!IS_POSIXACL(dir->d_inode))
+ 		mode &= ~current->fs->umask;
+ 	error = security_path_mknod(&nd->path, path->dentry, mode, 0);
+ 	if (error)
+ 		goto out_unlock;
+ 	error = vfs_create(dir->d_inode, path->dentry, mode, nd);
++	if (!error)
++		gr_handle_create(path->dentry, nd->path.mnt);
+ out_unlock:
+ 	mutex_unlock(&dir->d_inode->i_mutex);
+ 	dput(nd->path.dentry);
+@@ -1658,6 +1679,17 @@ struct file *do_filp_open(int dfd, const
+ 					 &nd, flag);
+ 		if (error)
+ 			return ERR_PTR(error);
++
++		if (gr_handle_rawio(nd.path.dentry->d_inode)) {
++			error = -EPERM;
++			goto exit;
++		}
++
++		if (!gr_acl_handle_open(nd.path.dentry, nd.path.mnt, flag)) {
++			error = -EACCES;
++			goto exit;
++		}
++
+ 		goto ok;
+ 	}
+ 
+@@ -1730,6 +1762,20 @@ do_last:
+ 	/*
+ 	 * It already exists.
+ 	 */
++
++	if (gr_handle_rawio(path.dentry->d_inode)) {
++		error = -EPERM;
++		goto exit_mutex_unlock;
++	}
++	if (!gr_acl_handle_open(path.dentry, nd.path.mnt, flag)) {
++		error = -EACCES;
++		goto exit_mutex_unlock;
++	}
++	if (gr_handle_fifo(path.dentry, nd.path.mnt, dir, flag, acc_mode)) {
++		error = -EACCES;
++		goto exit_mutex_unlock;
++	}
++
+ 	mutex_unlock(&dir->d_inode->i_mutex);
+ 	audit_inode(pathname, path.dentry);
+ 
+@@ -1815,6 +1861,13 @@ do_link:
+ 	error = security_inode_follow_link(path.dentry, &nd);
+ 	if (error)
+ 		goto exit_dput;
++
++	if (gr_handle_follow_link(path.dentry->d_parent->d_inode, path.dentry->d_inode,
++				  path.dentry, nd.path.mnt)) {
++		error = -EACCES;
++		goto exit_dput;
++	}
++
+ 	error = __do_follow_link(&path, &nd);
+ 	if (error) {
+ 		/* Does someone understand code flow here? Or it is only
+@@ -1987,6 +2040,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+ 	error = may_mknod(mode);
+ 	if (error)
+ 		goto out_dput;
++
++	if (gr_handle_chroot_mknod(dentry, nd.path.mnt, mode)) {
++		error = -EPERM;
++		goto out_dput;
++	}
++
++	if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
++		error = -EACCES;
++		goto out_dput;
++	}
++
+ 	error = mnt_want_write(nd.path.mnt);
+ 	if (error)
+ 		goto out_dput;
+@@ -2007,6 +2071,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const
+ 	}
+ out_drop_write:
+ 	mnt_drop_write(nd.path.mnt);
++
++	if (!error)
++		gr_handle_create(dentry, nd.path.mnt);
+ out_dput:
+ 	dput(dentry);
+ out_unlock:
+@@ -2060,6 +2127,11 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+ 	if (IS_ERR(dentry))
+ 		goto out_unlock;
+ 
++	if (!gr_acl_handle_mkdir(dentry, nd.path.dentry, nd.path.mnt)) {
++		error = -EACCES;
++		goto out_dput;
++	}
++
+ 	if (!IS_POSIXACL(nd.path.dentry->d_inode))
+ 		mode &= ~current->fs->umask;
+ 	error = mnt_want_write(nd.path.mnt);
+@@ -2071,6 +2143,10 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const
+ 	error = vfs_mkdir(nd.path.dentry->d_inode, dentry, mode);
+ out_drop_write:
+ 	mnt_drop_write(nd.path.mnt);
++
++	if (!error)
++		gr_handle_create(dentry, nd.path.mnt);
++
+ out_dput:
+ 	dput(dentry);
+ out_unlock:
+@@ -2152,6 +2228,8 @@ static long do_rmdir(int dfd, const char
+ 	char * name;
+ 	struct dentry *dentry;
+ 	struct nameidata nd;
++	ino_t saved_ino = 0;
++	dev_t saved_dev = 0;
+ 
+ 	error = user_path_parent(dfd, pathname, &nd, &name);
+ 	if (error)
+@@ -2176,6 +2254,19 @@ static long do_rmdir(int dfd, const char
+ 	error = PTR_ERR(dentry);
+ 	if (IS_ERR(dentry))
+ 		goto exit2;
++
++	if (dentry->d_inode != NULL) {
++		if (dentry->d_inode->i_nlink <= 1) {
++			saved_ino = dentry->d_inode->i_ino;
++			saved_dev = dentry->d_inode->i_sb->s_dev;
++		}
++
++		if (!gr_acl_handle_rmdir(dentry, nd.path.mnt)) {
++			error = -EACCES;
++			goto exit3;
++		}
++	}
++
+ 	error = mnt_want_write(nd.path.mnt);
+ 	if (error)
+ 		goto exit3;
+@@ -2183,6 +2274,8 @@ static long do_rmdir(int dfd, const char
+ 	if (error)
+ 		goto exit4;
+ 	error = vfs_rmdir(nd.path.dentry->d_inode, dentry);
++	if (!error && (saved_dev || saved_ino))
++		gr_handle_delete(saved_ino, saved_dev);
+ exit4:
+ 	mnt_drop_write(nd.path.mnt);
+ exit3:
+@@ -2244,6 +2337,8 @@ static long do_unlinkat(int dfd, const c
+ 	struct dentry *dentry;
+ 	struct nameidata nd;
+ 	struct inode *inode = NULL;
++	ino_t saved_ino = 0;
++	dev_t saved_dev = 0;
+ 
+ 	error = user_path_parent(dfd, pathname, &nd, &name);
+ 	if (error)
+@@ -2263,8 +2358,19 @@ static long do_unlinkat(int dfd, const c
+ 		if (nd.last.name[nd.last.len])
+ 			goto slashes;
+ 		inode = dentry->d_inode;
+-		if (inode)
++		if (inode) {
++			if (inode->i_nlink <= 1) {
++				saved_ino = inode->i_ino;
++				saved_dev = inode->i_sb->s_dev;
++			}
++
+ 			atomic_inc(&inode->i_count);
++
++			if (!gr_acl_handle_unlink(dentry, nd.path.mnt)) {
++				error = -EACCES;
++				goto exit2;
++			}
++		}
+ 		error = mnt_want_write(nd.path.mnt);
+ 		if (error)
+ 			goto exit2;
+@@ -2272,6 +2378,8 @@ static long do_unlinkat(int dfd, const c
+ 		if (error)
+ 			goto exit3;
+ 		error = vfs_unlink(nd.path.dentry->d_inode, dentry);
++		if (!error && (saved_ino || saved_dev))
++			gr_handle_delete(saved_ino, saved_dev);
+ exit3:
+ 		mnt_drop_write(nd.path.mnt);
+ 	exit2:
+@@ -2350,6 +2458,11 @@ SYSCALL_DEFINE3(symlinkat, const char __
+ 	if (IS_ERR(dentry))
+ 		goto out_unlock;
+ 
++	if (!gr_acl_handle_symlink(dentry, nd.path.dentry, nd.path.mnt, from)) {
++		error = -EACCES;
++		goto out_dput;
++	}
++
+ 	error = mnt_want_write(nd.path.mnt);
+ 	if (error)
+ 		goto out_dput;
+@@ -2357,6 +2470,8 @@ SYSCALL_DEFINE3(symlinkat, const char __
+ 	if (error)
+ 		goto out_drop_write;
+ 	error = vfs_symlink(nd.path.dentry->d_inode, dentry, from);
++	if (!error)
++		gr_handle_create(dentry, nd.path.mnt);
+ out_drop_write:
+ 	mnt_drop_write(nd.path.mnt);
+ out_dput:
+@@ -2450,6 +2565,20 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+ 	error = PTR_ERR(new_dentry);
+ 	if (IS_ERR(new_dentry))
+ 		goto out_unlock;
++
++	if (gr_handle_hardlink(old_path.dentry, old_path.mnt,
++			       old_path.dentry->d_inode,
++			       old_path.dentry->d_inode->i_mode, to)) {
++		error = -EACCES;
++		goto out_dput;
++	}
++
++	if (!gr_acl_handle_link(new_dentry, nd.path.dentry, nd.path.mnt,
++				old_path.dentry, old_path.mnt, to)) {
++		error = -EACCES;
++		goto out_dput;
++	}
++
+ 	error = mnt_want_write(nd.path.mnt);
+ 	if (error)
+ 		goto out_dput;
+@@ -2457,6 +2586,8 @@ SYSCALL_DEFINE5(linkat, int, olddfd, con
+ 	if (error)
+ 		goto out_drop_write;
+ 	error = vfs_link(old_path.dentry, nd.path.dentry->d_inode, new_dentry);
++	if (!error)
++		gr_handle_create(new_dentry, nd.path.mnt);
+ out_drop_write:
+ 	mnt_drop_write(nd.path.mnt);
+ out_dput:
+@@ -2690,6 +2821,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+ 	if (new_dentry == trap)
+ 		goto exit5;
+ 
++	error = gr_acl_handle_rename(new_dentry, new_dir, newnd.path.mnt,
++				     old_dentry, old_dir->d_inode, oldnd.path.mnt,
++				     to);
++	if (error)
++		goto exit5;
++
+ 	error = mnt_want_write(oldnd.path.mnt);
+ 	if (error)
+ 		goto exit5;
+@@ -2699,6 +2836,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, c
+ 		goto exit6;
+ 	error = vfs_rename(old_dir->d_inode, old_dentry,
+ 				   new_dir->d_inode, new_dentry);
++	if (!error)
++		gr_handle_rename(old_dir->d_inode, new_dir->d_inode, old_dentry,
++				 new_dentry, oldnd.path.mnt, new_dentry->d_inode ? 1 : 0);
+ exit6:
+ 	mnt_drop_write(oldnd.path.mnt);
+ exit5:
+diff -urNp linux-2.6.29.6/fs/namespace.c linux-2.6.29.6/fs/namespace.c
+--- linux-2.6.29.6/fs/namespace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/namespace.c	2009-07-23 17:34:32.159721739 -0400
+@@ -1096,6 +1096,8 @@ static int do_umount(struct vfsmount *mn
+ 			lock_kernel();
+ 			retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
+ 			unlock_kernel();
++
++			gr_log_remount(mnt->mnt_devname, retval);
+ 		}
+ 		up_write(&sb->s_umount);
+ 		return retval;
+@@ -1119,6 +1121,9 @@ static int do_umount(struct vfsmount *mn
+ 		security_sb_umount_busy(mnt);
+ 	up_write(&namespace_sem);
+ 	release_mounts(&umount_list);
++
++	gr_log_unmount(mnt->mnt_devname, retval);
++
+ 	return retval;
+ }
+ 
+@@ -1948,6 +1953,11 @@ long do_mount(char *dev_name, char *dir_
+ 	if (retval)
+ 		goto dput_out;
+ 
++	if (gr_handle_chroot_mount(path.dentry, path.mnt, dev_name)) {
++		retval = -EPERM;
++		goto dput_out;
++	}
++
+ 	if (flags & MS_REMOUNT)
+ 		retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
+ 				    data_page);
+@@ -1962,6 +1972,9 @@ long do_mount(char *dev_name, char *dir_
+ 				      dev_name, data_page);
+ dput_out:
+ 	path_put(&path);
++
++	gr_log_mount(dev_name, dir_name, retval);
++
+ 	return retval;
+ }
+ 
+@@ -2073,6 +2086,9 @@ SYSCALL_DEFINE5(mount, char __user *, de
+ 	if (retval < 0)
+ 		goto out3;
+ 
++	if (gr_handle_chroot_pivot())
++		return -EPERM;
++
+ 	lock_kernel();
+ 	retval = do_mount((char *)dev_page, dir_page, (char *)type_page,
+ 			  flags, (void *)data_page);
+diff -urNp linux-2.6.29.6/fs/nfs/client.c linux-2.6.29.6/fs/nfs/client.c
+--- linux-2.6.29.6/fs/nfs/client.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/nfs/client.c	2009-07-23 18:40:28.513673349 -0400
+@@ -1409,7 +1409,7 @@ static void *nfs_server_list_next(struct
+ static void nfs_server_list_stop(struct seq_file *p, void *v);
+ static int nfs_server_list_show(struct seq_file *m, void *v);
+ 
+-static struct seq_operations nfs_server_list_ops = {
++static const struct seq_operations nfs_server_list_ops = {
+ 	.start	= nfs_server_list_start,
+ 	.next	= nfs_server_list_next,
+ 	.stop	= nfs_server_list_stop,
+@@ -1430,7 +1430,7 @@ static void *nfs_volume_list_next(struct
+ static void nfs_volume_list_stop(struct seq_file *p, void *v);
+ static int nfs_volume_list_show(struct seq_file *m, void *v);
+ 
+-static struct seq_operations nfs_volume_list_ops = {
++static const struct seq_operations nfs_volume_list_ops = {
+ 	.start	= nfs_volume_list_start,
+ 	.next	= nfs_volume_list_next,
+ 	.stop	= nfs_volume_list_stop,
+diff -urNp linux-2.6.29.6/fs/nfs/dir.c linux-2.6.29.6/fs/nfs/dir.c
+--- linux-2.6.29.6/fs/nfs/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/nfs/dir.c	2009-07-23 18:40:28.514291879 -0400
+@@ -899,7 +899,7 @@ static void nfs_dentry_iput(struct dentr
+ 	iput(inode);
+ }
+ 
+-struct dentry_operations nfs_dentry_operations = {
++const struct dentry_operations nfs_dentry_operations = {
+ 	.d_revalidate	= nfs_lookup_revalidate,
+ 	.d_delete	= nfs_dentry_delete,
+ 	.d_iput		= nfs_dentry_iput,
+@@ -967,7 +967,7 @@ out:
+ #ifdef CONFIG_NFS_V4
+ static int nfs_open_revalidate(struct dentry *, struct nameidata *);
+ 
+-struct dentry_operations nfs4_dentry_operations = {
++const struct dentry_operations nfs4_dentry_operations = {
+ 	.d_revalidate	= nfs_open_revalidate,
+ 	.d_delete	= nfs_dentry_delete,
+ 	.d_iput		= nfs_dentry_iput,
+diff -urNp linux-2.6.29.6/fs/nfs/file.c linux-2.6.29.6/fs/nfs/file.c
+--- linux-2.6.29.6/fs/nfs/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/nfs/file.c	2009-07-23 18:40:28.515401169 -0400
+@@ -56,7 +56,7 @@ static int nfs_lock(struct file *filp, i
+ static int nfs_flock(struct file *filp, int cmd, struct file_lock *fl);
+ static int nfs_setlease(struct file *file, long arg, struct file_lock **fl);
+ 
+-static struct vm_operations_struct nfs_file_vm_ops;
++static const struct vm_operations_struct nfs_file_vm_ops;
+ 
+ const struct file_operations nfs_file_operations = {
+ 	.llseek		= nfs_file_llseek,
+@@ -487,7 +487,7 @@ out_unlock:
+ 	return VM_FAULT_SIGBUS;
+ }
+ 
+-static struct vm_operations_struct nfs_file_vm_ops = {
++static const struct vm_operations_struct nfs_file_vm_ops = {
+ 	.fault = filemap_fault,
+ 	.page_mkwrite = nfs_vm_page_mkwrite,
+ };
+diff -urNp linux-2.6.29.6/fs/nfs/nfs4_fs.h linux-2.6.29.6/fs/nfs/nfs4_fs.h
+--- linux-2.6.29.6/fs/nfs/nfs4_fs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/nfs/nfs4_fs.h	2009-07-23 18:40:28.516258510 -0400
+@@ -179,7 +179,7 @@ struct nfs4_state_recovery_ops {
+ 	int (*recover_lock)(struct nfs4_state *, struct file_lock *);
+ };
+ 
+-extern struct dentry_operations nfs4_dentry_operations;
++extern const struct dentry_operations nfs4_dentry_operations;
+ extern const struct inode_operations nfs4_dir_inode_operations;
+ 
+ /* inode.c */
+diff -urNp linux-2.6.29.6/fs/nfs/nfs4proc.c linux-2.6.29.6/fs/nfs/nfs4proc.c
+--- linux-2.6.29.6/fs/nfs/nfs4proc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/nfs/nfs4proc.c	2009-07-23 17:34:32.161096484 -0400
+@@ -763,7 +763,7 @@ static int _nfs4_do_open_reclaim(struct 
+ static int nfs4_do_open_reclaim(struct nfs_open_context *ctx, struct nfs4_state *state)
+ {
+ 	struct nfs_server *server = NFS_SERVER(state->inode);
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = _nfs4_do_open_reclaim(ctx, state);
+@@ -805,7 +805,7 @@ static int _nfs4_open_delegation_recall(
+ 
+ int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state *state, const nfs4_stateid *stateid)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	struct nfs_server *server = NFS_SERVER(state->inode);
+ 	int err;
+ 	do {
+@@ -1099,7 +1099,7 @@ static int _nfs4_open_expired(struct nfs
+ static inline int nfs4_do_open_expired(struct nfs_open_context *ctx, struct nfs4_state *state)
+ {
+ 	struct nfs_server *server = NFS_SERVER(state->inode);
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	do {
+@@ -1197,7 +1197,7 @@ out_err:
+ 
+ static struct nfs4_state *nfs4_do_open(struct inode *dir, struct path *path, fmode_t fmode, int flags, struct iattr *sattr, struct rpc_cred *cred)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	struct nfs4_state *res;
+ 	int status;
+ 
+@@ -1288,7 +1288,7 @@ static int nfs4_do_setattr(struct inode 
+ 			   struct nfs4_state *state)
+ {
+ 	struct nfs_server *server = NFS_SERVER(inode);
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(server,
+@@ -1607,7 +1607,7 @@ static int _nfs4_server_capabilities(str
+ 
+ int nfs4_server_capabilities(struct nfs_server *server, struct nfs_fh *fhandle)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(server,
+@@ -1640,7 +1640,7 @@ static int _nfs4_lookup_root(struct nfs_
+ static int nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,
+ 		struct nfs_fsinfo *info)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(server,
+@@ -1729,7 +1729,7 @@ static int _nfs4_proc_getattr(struct nfs
+ 
+ static int nfs4_proc_getattr(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(server,
+@@ -1817,7 +1817,7 @@ static int nfs4_proc_lookupfh(struct nfs
+ 			      struct qstr *name, struct nfs_fh *fhandle,
+ 			      struct nfs_fattr *fattr)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = _nfs4_proc_lookupfh(server, dirfh, name, fhandle, fattr);
+@@ -1846,7 +1846,7 @@ static int _nfs4_proc_lookup(struct inod
+ 
+ static int nfs4_proc_lookup(struct inode *dir, struct qstr *name, struct nfs_fh *fhandle, struct nfs_fattr *fattr)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(dir),
+@@ -1910,7 +1910,7 @@ static int _nfs4_proc_access(struct inod
+ 
+ static int nfs4_proc_access(struct inode *inode, struct nfs_access_entry *entry)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(inode),
+@@ -1965,7 +1965,7 @@ static int _nfs4_proc_readlink(struct in
+ static int nfs4_proc_readlink(struct inode *inode, struct page *page,
+ 		unsigned int pgbase, unsigned int pglen)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(inode),
+@@ -2063,7 +2063,7 @@ static int _nfs4_proc_remove(struct inod
+ 
+ static int nfs4_proc_remove(struct inode *dir, struct qstr *name)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(dir),
+@@ -2135,7 +2135,7 @@ static int _nfs4_proc_rename(struct inod
+ static int nfs4_proc_rename(struct inode *old_dir, struct qstr *old_name,
+ 		struct inode *new_dir, struct qstr *new_name)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(old_dir),
+@@ -2182,7 +2182,7 @@ static int _nfs4_proc_link(struct inode 
+ 
+ static int nfs4_proc_link(struct inode *inode, struct inode *dir, struct qstr *name)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(inode),
+@@ -2273,7 +2273,7 @@ out:
+ static int nfs4_proc_symlink(struct inode *dir, struct dentry *dentry,
+ 		struct page *page, unsigned int len, struct iattr *sattr)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(dir),
+@@ -2304,7 +2304,7 @@ out:
+ static int nfs4_proc_mkdir(struct inode *dir, struct dentry *dentry,
+ 		struct iattr *sattr)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(dir),
+@@ -2353,7 +2353,7 @@ static int _nfs4_proc_readdir(struct den
+ static int nfs4_proc_readdir(struct dentry *dentry, struct rpc_cred *cred,
+                   u64 cookie, struct page *page, unsigned int count, int plus)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(dentry->d_inode),
+@@ -2401,7 +2401,7 @@ out:
+ static int nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,
+ 		struct iattr *sattr, dev_t rdev)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(dir),
+@@ -2430,7 +2430,7 @@ static int _nfs4_proc_statfs(struct nfs_
+ 
+ static int nfs4_proc_statfs(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsstat *fsstat)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(server,
+@@ -2458,7 +2458,7 @@ static int _nfs4_do_fsinfo(struct nfs_se
+ 
+ static int nfs4_do_fsinfo(struct nfs_server *server, struct nfs_fh *fhandle, struct nfs_fsinfo *fsinfo)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	do {
+@@ -2501,7 +2501,7 @@ static int _nfs4_proc_pathconf(struct nf
+ static int nfs4_proc_pathconf(struct nfs_server *server, struct nfs_fh *fhandle,
+ 		struct nfs_pathconf *pathconf)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	do {
+@@ -2788,7 +2788,7 @@ out_free:
+ 
+ static ssize_t nfs4_get_acl_uncached(struct inode *inode, void *buf, size_t buflen)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	ssize_t ret;
+ 	do {
+ 		ret = __nfs4_get_acl_uncached(inode, buf, buflen);
+@@ -2845,7 +2845,7 @@ static int __nfs4_proc_set_acl(struct in
+ 
+ static int nfs4_proc_set_acl(struct inode *inode, const void *buf, size_t buflen)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = nfs4_handle_exception(NFS_SERVER(inode),
+@@ -3068,7 +3068,7 @@ out:
+ int nfs4_proc_delegreturn(struct inode *inode, struct rpc_cred *cred, const nfs4_stateid *stateid, int issync)
+ {
+ 	struct nfs_server *server = NFS_SERVER(inode);
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 	do {
+ 		err = _nfs4_proc_delegreturn(inode, cred, stateid, issync);
+@@ -3141,7 +3141,7 @@ out:
+ 
+ static int nfs4_proc_getlk(struct nfs4_state *state, int cmd, struct file_lock *request)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	do {
+@@ -3498,7 +3498,7 @@ static int _nfs4_do_setlk(struct nfs4_st
+ static int nfs4_lock_reclaim(struct nfs4_state *state, struct file_lock *request)
+ {
+ 	struct nfs_server *server = NFS_SERVER(state->inode);
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	do {
+@@ -3516,7 +3516,7 @@ static int nfs4_lock_reclaim(struct nfs4
+ static int nfs4_lock_expired(struct nfs4_state *state, struct file_lock *request)
+ {
+ 	struct nfs_server *server = NFS_SERVER(state->inode);
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	err = nfs4_set_lock_state(state, request);
+@@ -3571,7 +3571,7 @@ out:
+ 
+ static int nfs4_proc_setlk(struct nfs4_state *state, int cmd, struct file_lock *request)
+ {
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	do {
+@@ -3621,7 +3621,7 @@ nfs4_proc_lock(struct file *filp, int cm
+ int nfs4_lock_delegation_recall(struct nfs4_state *state, struct file_lock *fl)
+ {
+ 	struct nfs_server *server = NFS_SERVER(state->inode);
+-	struct nfs4_exception exception = { };
++	struct nfs4_exception exception = {0, 0};
+ 	int err;
+ 
+ 	err = nfs4_set_lock_state(state, fl);
+diff -urNp linux-2.6.29.6/fs/nfsd/export.c linux-2.6.29.6/fs/nfsd/export.c
+--- linux-2.6.29.6/fs/nfsd/export.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/nfsd/export.c	2009-07-23 18:40:27.471265103 -0400
+@@ -472,7 +472,7 @@ static int secinfo_parse(char **mesg, ch
+ 		 * probably discover the problem when someone fails to
+ 		 * authenticate.
+ 		 */
+-		if (f->pseudoflavor < 0)
++		if ((s32)f->pseudoflavor < 0)
+ 			return -EINVAL;
+ 		err = get_int(mesg, &f->flags);
+ 		if (err)
+@@ -1524,7 +1524,7 @@ static int e_show(struct seq_file *m, vo
+ 	return svc_export_show(m, &svc_export_cache, cp);
+ }
+ 
+-struct seq_operations nfs_exports_op = {
++const struct seq_operations nfs_exports_op = {
+ 	.start	= e_start,
+ 	.next	= e_next,
+ 	.stop	= e_stop,
+diff -urNp linux-2.6.29.6/fs/nls/nls_base.c linux-2.6.29.6/fs/nls/nls_base.c
+--- linux-2.6.29.6/fs/nls/nls_base.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/nls/nls_base.c	2009-07-23 17:34:32.161096484 -0400
+@@ -40,7 +40,7 @@ static const struct utf8_table utf8_tabl
+     {0xF8,  0xF0,   3*6,    0x1FFFFF,       0x10000,   /* 4 byte sequence */},
+     {0xFC,  0xF8,   4*6,    0x3FFFFFF,      0x200000,  /* 5 byte sequence */},
+     {0xFE,  0xFC,   5*6,    0x7FFFFFFF,     0x4000000, /* 6 byte sequence */},
+-    {0,						       /* end of table    */}
++    {0, 0, 0, 0, 0,				       /* end of table    */}
+ };
+ 
+ int
+diff -urNp linux-2.6.29.6/fs/ntfs/file.c linux-2.6.29.6/fs/ntfs/file.c
+--- linux-2.6.29.6/fs/ntfs/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ntfs/file.c	2009-07-23 17:34:32.162058358 -0400
+@@ -2291,6 +2291,6 @@ const struct inode_operations ntfs_file_
+ #endif /* NTFS_RW */
+ };
+ 
+-const struct file_operations ntfs_empty_file_ops = {};
++const struct file_operations ntfs_empty_file_ops;
+ 
+-const struct inode_operations ntfs_empty_inode_ops = {};
++const struct inode_operations ntfs_empty_inode_ops;
+diff -urNp linux-2.6.29.6/fs/ocfs2/cluster/netdebug.c linux-2.6.29.6/fs/ocfs2/cluster/netdebug.c
+--- linux-2.6.29.6/fs/ocfs2/cluster/netdebug.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/cluster/netdebug.c	2009-07-23 18:40:28.530706067 -0400
+@@ -163,7 +163,7 @@ static void nst_seq_stop(struct seq_file
+ {
+ }
+ 
+-static struct seq_operations nst_seq_ops = {
++static const struct seq_operations nst_seq_ops = {
+ 	.start = nst_seq_start,
+ 	.next = nst_seq_next,
+ 	.stop = nst_seq_stop,
+@@ -207,7 +207,7 @@ static int nst_fop_release(struct inode 
+ 	return seq_release_private(inode, file);
+ }
+ 
+-static struct file_operations nst_seq_fops = {
++static const struct file_operations nst_seq_fops = {
+ 	.open = nst_fop_open,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+@@ -344,7 +344,7 @@ static void sc_seq_stop(struct seq_file 
+ {
+ }
+ 
+-static struct seq_operations sc_seq_ops = {
++static const struct seq_operations sc_seq_ops = {
+ 	.start = sc_seq_start,
+ 	.next = sc_seq_next,
+ 	.stop = sc_seq_stop,
+@@ -388,7 +388,7 @@ static int sc_fop_release(struct inode *
+ 	return seq_release_private(inode, file);
+ }
+ 
+-static struct file_operations sc_seq_fops = {
++static const struct file_operations sc_seq_fops = {
+ 	.open = sc_fop_open,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+diff -urNp linux-2.6.29.6/fs/ocfs2/dcache.c linux-2.6.29.6/fs/ocfs2/dcache.c
+--- linux-2.6.29.6/fs/ocfs2/dcache.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/dcache.c	2009-07-23 18:40:28.532382020 -0400
+@@ -455,7 +455,7 @@ out_move:
+ 	d_move(dentry, target);
+ }
+ 
+-struct dentry_operations ocfs2_dentry_ops = {
++const struct dentry_operations ocfs2_dentry_ops = {
+ 	.d_revalidate		= ocfs2_dentry_revalidate,
+ 	.d_iput			= ocfs2_dentry_iput,
+ };
+diff -urNp linux-2.6.29.6/fs/ocfs2/dcache.h linux-2.6.29.6/fs/ocfs2/dcache.h
+--- linux-2.6.29.6/fs/ocfs2/dcache.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/dcache.h	2009-07-23 18:40:28.544320633 -0400
+@@ -26,7 +26,7 @@
+ #ifndef OCFS2_DCACHE_H
+ #define OCFS2_DCACHE_H
+ 
+-extern struct dentry_operations ocfs2_dentry_ops;
++extern const struct dentry_operations ocfs2_dentry_ops;
+ 
+ struct ocfs2_dentry_lock {
+ 	/* Use count of dentry lock */
+diff -urNp linux-2.6.29.6/fs/ocfs2/dlm/dlmdebug.c linux-2.6.29.6/fs/ocfs2/dlm/dlmdebug.c
+--- linux-2.6.29.6/fs/ocfs2/dlm/dlmdebug.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/dlm/dlmdebug.c	2009-07-23 18:40:28.549511769 -0400
+@@ -489,7 +489,7 @@ bail:
+ 	return -ENOMEM;
+ }
+ 
+-static struct file_operations debug_purgelist_fops = {
++static const struct file_operations debug_purgelist_fops = {
+ 	.open =		debug_purgelist_open,
+ 	.release =	debug_buffer_release,
+ 	.read =		debug_buffer_read,
+@@ -539,7 +539,7 @@ bail:
+ 	return -ENOMEM;
+ }
+ 
+-static struct file_operations debug_mle_fops = {
++static const struct file_operations debug_mle_fops = {
+ 	.open =		debug_mle_open,
+ 	.release =	debug_buffer_release,
+ 	.read =		debug_buffer_read,
+@@ -683,7 +683,7 @@ static int lockres_seq_show(struct seq_f
+ 	return 0;
+ }
+ 
+-static struct seq_operations debug_lockres_ops = {
++static const struct seq_operations debug_lockres_ops = {
+ 	.start =	lockres_seq_start,
+ 	.stop =		lockres_seq_stop,
+ 	.next =		lockres_seq_next,
+@@ -742,7 +742,7 @@ static int debug_lockres_release(struct 
+ 	return seq_release_private(inode, file);
+ }
+ 
+-static struct file_operations debug_lockres_fops = {
++static const struct file_operations debug_lockres_fops = {
+ 	.open =		debug_lockres_open,
+ 	.release =	debug_lockres_release,
+ 	.read =		seq_read,
+@@ -903,7 +903,7 @@ bail:
+ 	return -ENOMEM;
+ }
+ 
+-static struct file_operations debug_state_fops = {
++static const struct file_operations debug_state_fops = {
+ 	.open =		debug_state_open,
+ 	.release =	debug_buffer_release,
+ 	.read =		debug_buffer_read,
+diff -urNp linux-2.6.29.6/fs/ocfs2/localalloc.c linux-2.6.29.6/fs/ocfs2/localalloc.c
+--- linux-2.6.29.6/fs/ocfs2/localalloc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/localalloc.c	2009-07-23 17:34:32.162793620 -0400
+@@ -1272,7 +1272,7 @@ static int ocfs2_local_alloc_slide_windo
+ 		goto bail;
+ 	}
+ 
+-	atomic_inc(&osb->alloc_stats.moves);
++	atomic_inc_unchecked(&osb->alloc_stats.moves);
+ 
+ 	status = 0;
+ bail:
+diff -urNp linux-2.6.29.6/fs/ocfs2/mmap.c linux-2.6.29.6/fs/ocfs2/mmap.c
+--- linux-2.6.29.6/fs/ocfs2/mmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/mmap.c	2009-07-23 18:40:28.550266995 -0400
+@@ -202,7 +202,7 @@ out:
+ 	return ret;
+ }
+ 
+-static struct vm_operations_struct ocfs2_file_vm_ops = {
++static const struct vm_operations_struct ocfs2_file_vm_ops = {
+ 	.fault		= ocfs2_fault,
+ 	.page_mkwrite	= ocfs2_page_mkwrite,
+ };
+diff -urNp linux-2.6.29.6/fs/ocfs2/ocfs2.h linux-2.6.29.6/fs/ocfs2/ocfs2.h
+--- linux-2.6.29.6/fs/ocfs2/ocfs2.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/ocfs2.h	2009-07-23 17:34:32.162793620 -0400
+@@ -168,11 +168,11 @@ enum ocfs2_vol_state
+ 
+ struct ocfs2_alloc_stats
+ {
+-	atomic_t moves;
+-	atomic_t local_data;
+-	atomic_t bitmap_data;
+-	atomic_t bg_allocs;
+-	atomic_t bg_extends;
++	atomic_unchecked_t moves;
++	atomic_unchecked_t local_data;
++	atomic_unchecked_t bitmap_data;
++	atomic_unchecked_t bg_allocs;
++	atomic_unchecked_t bg_extends;
+ };
+ 
+ enum ocfs2_local_alloc_state
+diff -urNp linux-2.6.29.6/fs/ocfs2/suballoc.c linux-2.6.29.6/fs/ocfs2/suballoc.c
+--- linux-2.6.29.6/fs/ocfs2/suballoc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ocfs2/suballoc.c	2009-07-23 17:34:32.162793620 -0400
+@@ -602,7 +602,7 @@ static int ocfs2_reserve_suballoc_bits(s
+ 				mlog_errno(status);
+ 			goto bail;
+ 		}
+-		atomic_inc(&osb->alloc_stats.bg_extends);
++		atomic_inc_unchecked(&osb->alloc_stats.bg_extends);
+ 
+ 		/* You should never ask for this much metadata */
+ 		BUG_ON(bits_wanted >
+@@ -1608,7 +1608,7 @@ int ocfs2_claim_metadata(struct ocfs2_su
+ 		mlog_errno(status);
+ 		goto bail;
+ 	}
+-	atomic_inc(&osb->alloc_stats.bg_allocs);
++	atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
+ 
+ 	*blkno_start = bg_blkno + (u64) *suballoc_bit_start;
+ 	ac->ac_bits_given += (*num_bits);
+@@ -1647,7 +1647,7 @@ int ocfs2_claim_new_inode(struct ocfs2_s
+ 		mlog_errno(status);
+ 		goto bail;
+ 	}
+-	atomic_inc(&osb->alloc_stats.bg_allocs);
++	atomic_inc_unchecked(&osb->alloc_stats.bg_allocs);
+ 
+ 	BUG_ON(num_bits != 1);
+ 
+@@ -1748,7 +1748,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
+ 						      cluster_start,
+ 						      num_clusters);
+ 		if (!status)
+-			atomic_inc(&osb->alloc_stats.local_data);
++			atomic_inc_unchecked(&osb->alloc_stats.local_data);
+ 	} else {
+ 		if (min_clusters > (osb->bitmap_cpg - 1)) {
+ 			/* The only paths asking for contiguousness
+@@ -1776,7 +1776,7 @@ int __ocfs2_claim_clusters(struct ocfs2_
+ 				ocfs2_desc_bitmap_to_cluster_off(ac->ac_inode,
+ 								 bg_blkno,
+ 								 bg_bit_off);
+-			atomic_inc(&osb->alloc_stats.bitmap_data);
++			atomic_inc_unchecked(&osb->alloc_stats.bitmap_data);
+ 		}
+ 	}
+ 	if (status < 0) {
+diff -urNp linux-2.6.29.6/fs/omfs/dir.c linux-2.6.29.6/fs/omfs/dir.c
+--- linux-2.6.29.6/fs/omfs/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/omfs/dir.c	2009-07-23 18:40:28.558460904 -0400
+@@ -489,7 +489,7 @@ out:
+ 	return ret;
+ }
+ 
+-struct inode_operations omfs_dir_inops = {
++const struct inode_operations omfs_dir_inops = {
+ 	.lookup = omfs_lookup,
+ 	.mkdir = omfs_mkdir,
+ 	.rename = omfs_rename,
+@@ -498,7 +498,7 @@ struct inode_operations omfs_dir_inops =
+ 	.rmdir = omfs_rmdir,
+ };
+ 
+-struct file_operations omfs_dir_operations = {
++const struct file_operations omfs_dir_operations = {
+ 	.read = generic_read_dir,
+ 	.readdir = omfs_readdir,
+ 	.llseek = generic_file_llseek,
+diff -urNp linux-2.6.29.6/fs/omfs/file.c linux-2.6.29.6/fs/omfs/file.c
+--- linux-2.6.29.6/fs/omfs/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/omfs/file.c	2009-07-23 18:40:28.558460904 -0400
+@@ -337,7 +337,7 @@ static sector_t omfs_bmap(struct address
+ 	return generic_block_bmap(mapping, block, omfs_get_block);
+ }
+ 
+-struct file_operations omfs_file_operations = {
++const struct file_operations omfs_file_operations = {
+ 	.llseek = generic_file_llseek,
+ 	.read = do_sync_read,
+ 	.write = do_sync_write,
+@@ -348,11 +348,11 @@ struct file_operations omfs_file_operati
+ 	.splice_read = generic_file_splice_read,
+ };
+ 
+-struct inode_operations omfs_file_inops = {
++const struct inode_operations omfs_file_inops = {
+ 	.truncate = omfs_truncate
+ };
+ 
+-struct address_space_operations omfs_aops = {
++const struct address_space_operations omfs_aops = {
+ 	.readpage = omfs_readpage,
+ 	.readpages = omfs_readpages,
+ 	.writepage = omfs_writepage,
+diff -urNp linux-2.6.29.6/fs/omfs/inode.c linux-2.6.29.6/fs/omfs/inode.c
+--- linux-2.6.29.6/fs/omfs/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/omfs/inode.c	2009-07-23 18:40:28.559411985 -0400
+@@ -273,7 +273,7 @@ static int omfs_statfs(struct dentry *de
+ 	return 0;
+ }
+ 
+-static struct super_operations omfs_sops = {
++static const struct super_operations omfs_sops = {
+ 	.write_inode	= omfs_write_inode,
+ 	.delete_inode	= omfs_delete_inode,
+ 	.put_super	= omfs_put_super,
+diff -urNp linux-2.6.29.6/fs/omfs/omfs.h linux-2.6.29.6/fs/omfs/omfs.h
+--- linux-2.6.29.6/fs/omfs/omfs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/omfs/omfs.h	2009-07-23 18:40:28.560275663 -0400
+@@ -44,16 +44,16 @@ extern int omfs_allocate_range(struct su
+ extern int omfs_clear_range(struct super_block *sb, u64 block, int count);
+ 
+ /* dir.c */
+-extern struct file_operations omfs_dir_operations;
+-extern struct inode_operations omfs_dir_inops;
++extern const struct file_operations omfs_dir_operations;
++extern const struct inode_operations omfs_dir_inops;
+ extern int omfs_make_empty(struct inode *inode, struct super_block *sb);
+ extern int omfs_is_bad(struct omfs_sb_info *sbi, struct omfs_header *header,
+ 			u64 fsblock);
+ 
+ /* file.c */
+-extern struct file_operations omfs_file_operations;
+-extern struct inode_operations omfs_file_inops;
+-extern struct address_space_operations omfs_aops;
++extern const struct file_operations omfs_file_operations;
++extern const struct inode_operations omfs_file_inops;
++extern const struct address_space_operations omfs_aops;
+ extern void omfs_make_empty_table(struct buffer_head *bh, int offset);
+ extern int omfs_shrink_inode(struct inode *inode);
+ 
+diff -urNp linux-2.6.29.6/fs/open.c linux-2.6.29.6/fs/open.c
+--- linux-2.6.29.6/fs/open.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/open.c	2009-07-23 17:34:32.164099579 -0400
+@@ -205,6 +205,9 @@ int do_truncate(struct dentry *dentry, l
+ 	if (length < 0)
+ 		return -EINVAL;
+ 
++	if (filp && !gr_acl_handle_truncate(dentry, filp->f_path.mnt))
++		return -EACCES;
++
+ 	newattrs.ia_size = length;
+ 	newattrs.ia_valid = ATTR_SIZE | time_attrs;
+ 	if (filp) {
+@@ -509,6 +512,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, con
+ 	if (__mnt_is_readonly(path.mnt))
+ 		res = -EROFS;
+ 
++	if (!res && !gr_acl_handle_access(path.dentry, path.mnt, mode))
++		res = -EACCES;
++
+ out_path_release:
+ 	path_put(&path);
+ out:
+@@ -535,6 +541,8 @@ SYSCALL_DEFINE1(chdir, const char __user
+ 	if (error)
+ 		goto dput_and_out;
+ 
++	gr_log_chdir(path.dentry, path.mnt);
++
+ 	set_fs_pwd(current->fs, &path);
+ 
+ dput_and_out:
+@@ -561,6 +569,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd
+ 		goto out_putf;
+ 
+ 	error = inode_permission(inode, MAY_EXEC | MAY_ACCESS);
++
++	if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt))
++		error = -EPERM;
++
++	if (!error)
++		gr_log_chdir(file->f_path.dentry, file->f_path.mnt);
++
+ 	if (!error)
+ 		set_fs_pwd(current->fs, &file->f_path);
+ out_putf:
+@@ -586,7 +601,18 @@ SYSCALL_DEFINE1(chroot, const char __use
+ 	if (!capable(CAP_SYS_CHROOT))
+ 		goto dput_and_out;
+ 
++	if (gr_handle_chroot_chroot(path.dentry, path.mnt))
++		goto dput_and_out;
++
++	if (gr_handle_chroot_caps(&path)) {
++		error = -ENOMEM;
++		goto dput_and_out;
++	}
++
+ 	set_fs_root(current->fs, &path);
++
++	gr_handle_chroot_chdir(&path);
++
+ 	error = 0;
+ dput_and_out:
+ 	path_put(&path);
+@@ -614,13 +640,28 @@ SYSCALL_DEFINE2(fchmod, unsigned int, fd
+ 	err = mnt_want_write(file->f_path.mnt);
+ 	if (err)
+ 		goto out_putf;
++
++	if (!gr_acl_handle_fchmod(dentry, file->f_path.mnt, mode)) {
++		err = -EACCES;
++		goto out_drop_write;
++	}
++
+ 	mutex_lock(&inode->i_mutex);
+ 	if (mode == (mode_t) -1)
+ 		mode = inode->i_mode;
++
++	if (gr_handle_chroot_chmod(dentry, file->f_path.mnt, mode)) {
++		err = -EPERM;
++		mutex_unlock(&inode->i_mutex);
++		goto out_drop_write;
++	}
++
+ 	newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
+ 	newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
+ 	err = notify_change(dentry, &newattrs);
+ 	mutex_unlock(&inode->i_mutex);
++
++out_drop_write:
+ 	mnt_drop_write(file->f_path.mnt);
+ out_putf:
+ 	fput(file);
+@@ -643,13 +684,28 @@ SYSCALL_DEFINE3(fchmodat, int, dfd, cons
+ 	error = mnt_want_write(path.mnt);
+ 	if (error)
+ 		goto dput_and_out;
++
++	if (!gr_acl_handle_chmod(path.dentry, path.mnt, mode)) {
++		error = -EACCES;
++		goto out_drop_write;
++	}
++
+ 	mutex_lock(&inode->i_mutex);
+ 	if (mode == (mode_t) -1)
+ 		mode = inode->i_mode;
++
++	if (gr_handle_chroot_chmod(path.dentry, path.mnt, mode)) {
++		error = -EACCES;
++		mutex_unlock(&inode->i_mutex);
++		goto out_drop_write;
++	}
++
+ 	newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
+ 	newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
+ 	error = notify_change(path.dentry, &newattrs);
+ 	mutex_unlock(&inode->i_mutex);
++
++out_drop_write:
+ 	mnt_drop_write(path.mnt);
+ dput_and_out:
+ 	path_put(&path);
+@@ -662,12 +718,15 @@ SYSCALL_DEFINE2(chmod, const char __user
+ 	return sys_fchmodat(AT_FDCWD, filename, mode);
+ }
+ 
+-static int chown_common(struct dentry * dentry, uid_t user, gid_t group)
++static int chown_common(struct dentry * dentry, uid_t user, gid_t group, struct vfsmount *mnt)
+ {
+ 	struct inode *inode = dentry->d_inode;
+ 	int error;
+ 	struct iattr newattrs;
+ 
++	if (!gr_acl_handle_chown(dentry, mnt))
++		return -EACCES;
++
+ 	newattrs.ia_valid =  ATTR_CTIME;
+ 	if (user != (uid_t) -1) {
+ 		newattrs.ia_valid |= ATTR_UID;
+@@ -698,7 +757,7 @@ SYSCALL_DEFINE3(chown, const char __user
+ 	error = mnt_want_write(path.mnt);
+ 	if (error)
+ 		goto out_release;
+-	error = chown_common(path.dentry, user, group);
++	error = chown_common(path.dentry, user, group, path.mnt);
+ 	mnt_drop_write(path.mnt);
+ out_release:
+ 	path_put(&path);
+@@ -723,7 +782,7 @@ SYSCALL_DEFINE5(fchownat, int, dfd, cons
+ 	error = mnt_want_write(path.mnt);
+ 	if (error)
+ 		goto out_release;
+-	error = chown_common(path.dentry, user, group);
++	error = chown_common(path.dentry, user, group, path.mnt);
+ 	mnt_drop_write(path.mnt);
+ out_release:
+ 	path_put(&path);
+@@ -742,7 +801,7 @@ SYSCALL_DEFINE3(lchown, const char __use
+ 	error = mnt_want_write(path.mnt);
+ 	if (error)
+ 		goto out_release;
+-	error = chown_common(path.dentry, user, group);
++	error = chown_common(path.dentry, user, group, path.mnt);
+ 	mnt_drop_write(path.mnt);
+ out_release:
+ 	path_put(&path);
+@@ -765,7 +824,7 @@ SYSCALL_DEFINE3(fchown, unsigned int, fd
+ 		goto out_fput;
+ 	dentry = file->f_path.dentry;
+ 	audit_inode(NULL, dentry);
+-	error = chown_common(dentry, user, group);
++	error = chown_common(dentry, user, group, file->f_path.mnt);
+ 	mnt_drop_write(file->f_path.mnt);
+ out_fput:
+ 	fput(file);
+diff -urNp linux-2.6.29.6/fs/pipe.c linux-2.6.29.6/fs/pipe.c
+--- linux-2.6.29.6/fs/pipe.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/pipe.c	2009-07-23 18:40:28.560275663 -0400
+@@ -848,7 +848,7 @@ void free_pipe_info(struct inode *inode)
+ 	inode->i_pipe = NULL;
+ }
+ 
+-static struct vfsmount *pipe_mnt __read_mostly;
++struct vfsmount *pipe_mnt __read_mostly;
+ static int pipefs_delete_dentry(struct dentry *dentry)
+ {
+ 	/*
+@@ -870,7 +870,7 @@ static char *pipefs_dname(struct dentry 
+ 				dentry->d_inode->i_ino);
+ }
+ 
+-static struct dentry_operations pipefs_dentry_operations = {
++static const struct dentry_operations pipefs_dentry_operations = {
+ 	.d_delete	= pipefs_delete_dentry,
+ 	.d_dname	= pipefs_dname,
+ };
+diff -urNp linux-2.6.29.6/fs/proc/array.c linux-2.6.29.6/fs/proc/array.c
+--- linux-2.6.29.6/fs/proc/array.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/array.c	2009-07-23 17:34:32.164990172 -0400
+@@ -321,6 +321,21 @@ static inline void task_context_switch_c
+ 			p->nivcsw);
+ }
+ 
++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++static inline void task_pax(struct seq_file *m, struct task_struct *p)
++{
++	if (p->mm)
++		seq_printf(m, "PaX:\t%c%c%c%c%c\n",
++			   p->mm->pax_flags & MF_PAX_PAGEEXEC ? 'P' : 'p',
++			   p->mm->pax_flags & MF_PAX_EMUTRAMP ? 'E' : 'e',
++			   p->mm->pax_flags & MF_PAX_MPROTECT ? 'M' : 'm',
++			   p->mm->pax_flags & MF_PAX_RANDMMAP ? 'R' : 'r',
++			   p->mm->pax_flags & MF_PAX_SEGMEXEC ? 'S' : 's');
++	else
++		seq_printf(m, "PaX:\t-----\n");
++}
++#endif
++
+ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
+ 			struct pid *pid, struct task_struct *task)
+ {
+@@ -340,9 +355,20 @@ int proc_pid_status(struct seq_file *m, 
+ 	task_show_regs(m, task);
+ #endif
+ 	task_context_switch_counts(m, task);
++
++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++	task_pax(m, task);
++#endif
++
+ 	return 0;
+ }
+ 
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
++			     (_mm->pax_flags & MF_PAX_RANDMMAP || \
++			      _mm->pax_flags & MF_PAX_SEGMEXEC))
++#endif
++
+ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns,
+ 			struct pid *pid, struct task_struct *task, int whole)
+ {
+@@ -439,6 +465,19 @@ static int do_task_stat(struct seq_file 
+ 		gtime = task_gtime(task);
+ 	}
+ 
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++	if (PAX_RAND_FLAGS(mm)) {
++		eip = 0;
++		esp = 0;
++		wchan = 0;
++	}
++#endif
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++	wchan = 0;
++	eip =0;
++	esp =0;
++#endif
++
+ 	/* scale priority and nice values from timeslices to -20..20 */
+ 	/* to make it look like a "normal" Unix priority/nice value  */
+ 	priority = task_prio(task);
+@@ -479,9 +518,15 @@ static int do_task_stat(struct seq_file 
+ 		vsize,
+ 		mm ? get_mm_rss(mm) : 0,
+ 		rsslim,
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++		PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->start_code : 0),
++		PAX_RAND_FLAGS(mm) ? 1 : (mm ? mm->end_code : 0),
++		PAX_RAND_FLAGS(mm) ? 0 : ((permitted && mm) ? mm->start_stack : 0),
++#else
+ 		mm ? mm->start_code : 0,
+ 		mm ? mm->end_code : 0,
+ 		(permitted && mm) ? mm->start_stack : 0,
++#endif
+ 		esp,
+ 		eip,
+ 		/* The signal information here is obsolete.
+@@ -534,3 +579,10 @@ int proc_pid_statm(struct seq_file *m, s
+ 
+ 	return 0;
+ }
++
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++int proc_pid_ipaddr(struct task_struct *task, char *buffer)
++{
++	return sprintf(buffer, "%u.%u.%u.%u\n", NIPQUAD(task->signal->curr_ip));
++}
++#endif
+diff -urNp linux-2.6.29.6/fs/proc/base.c linux-2.6.29.6/fs/proc/base.c
+--- linux-2.6.29.6/fs/proc/base.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/base.c	2009-07-23 17:34:32.165782392 -0400
+@@ -212,6 +212,9 @@ static int check_mem_permission(struct t
+ 	if (task == current)
+ 		return 0;
+ 
++	if (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))
++		return -EPERM;
++
+ 	/*
+ 	 * If current is actively ptrace'ing, and would also be
+ 	 * permitted to freshly attach with ptrace now, permit it.
+@@ -262,6 +265,9 @@ static int proc_pid_cmdline(struct task_
+ 	if (!mm->arg_end)
+ 		goto out_mm;	/* Shh! No looking before we're done */
+ 
++	if (gr_acl_handle_procpidmem(task))
++		goto out_mm;
++
+  	len = mm->arg_end - mm->arg_start;
+  
+ 	if (len > PAGE_SIZE)
+@@ -289,12 +295,26 @@ out:
+ 	return res;
+ }
+ 
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
++			     (_mm->pax_flags & MF_PAX_RANDMMAP || \
++			      _mm->pax_flags & MF_PAX_SEGMEXEC))
++#endif
++
+ static int proc_pid_auxv(struct task_struct *task, char *buffer)
+ {
+ 	int res = 0;
+ 	struct mm_struct *mm = get_task_mm(task);
+ 	if (mm) {
+ 		unsigned int nwords = 0;
++
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++		if (PAX_RAND_FLAGS(mm)) {
++			mmput(mm);
++			return res;
++		}
++#endif
++
+ 		do {
+ 			nwords += 2;
+ 		} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
+@@ -330,7 +350,7 @@ static int proc_pid_wchan(struct task_st
+ }
+ #endif /* CONFIG_KALLSYMS */
+ 
+-#ifdef CONFIG_STACKTRACE
++#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
+ 
+ #define MAX_STACK_TRACE_DEPTH	64
+ 
+@@ -523,7 +543,7 @@ static int proc_pid_limits(struct task_s
+ 	return count;
+ }
+ 
+-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
++#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
+ static int proc_pid_syscall(struct task_struct *task, char *buffer)
+ {
+ 	long nr;
+@@ -937,6 +957,9 @@ static ssize_t environ_read(struct file 
+ 	if (!task)
+ 		goto out_no_task;
+ 
++	if (gr_acl_handle_procpidmem(task))
++		goto out;
++
+ 	if (!ptrace_may_access(task, PTRACE_MODE_READ))
+ 		goto out;
+ 
+@@ -1440,7 +1463,11 @@ static struct inode *proc_pid_make_inode
+ 		rcu_read_lock();
+ 		cred = __task_cred(task);
+ 		inode->i_uid = cred->euid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++		inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++#else
+ 		inode->i_gid = cred->egid;
++#endif
+ 		rcu_read_unlock();
+ 	}
+ 	security_task_to_inode(task, inode);
+@@ -1458,6 +1485,9 @@ static int pid_getattr(struct vfsmount *
+ 	struct inode *inode = dentry->d_inode;
+ 	struct task_struct *task;
+ 	const struct cred *cred;
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	const struct cred *tmpcred = current_cred();
++#endif
+ 
+ 	generic_fillattr(inode, stat);
+ 
+@@ -1465,12 +1495,34 @@ static int pid_getattr(struct vfsmount *
+ 	stat->uid = 0;
+ 	stat->gid = 0;
+ 	task = pid_task(proc_pid(inode), PIDTYPE_PID);
++
++	if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) {
++		rcu_read_unlock();
++		return -ENOENT;
++	}
++
+ 	if (task) {
++		cred = __task_cred(task);
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++		if (!tmpcred->uid || (tmpcred->uid == cred->uid)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++		    || in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++#endif
++		)
++#endif
+ 		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++		    (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++		    (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
++#endif
+ 		    task_dumpable(task)) {
+-			cred = __task_cred(task);
+ 			stat->uid = cred->euid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++			stat->gid = CONFIG_GRKERNSEC_PROC_GID;
++#else
+ 			stat->gid = cred->egid;
++#endif
+ 		}
+ 	}
+ 	rcu_read_unlock();
+@@ -1502,11 +1554,20 @@ static int pid_revalidate(struct dentry 
+ 
+ 	if (task) {
+ 		if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++		    (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) ||
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++		    (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) ||
++#endif
+ 		    task_dumpable(task)) {
+ 			rcu_read_lock();
+ 			cred = __task_cred(task);
+ 			inode->i_uid = cred->euid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++			inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++#else
+ 			inode->i_gid = cred->egid;
++#endif
+ 			rcu_read_unlock();
+ 		} else {
+ 			inode->i_uid = 0;
+@@ -1627,7 +1688,8 @@ static int proc_fd_info(struct inode *in
+ 	int fd = proc_fd(inode);
+ 
+ 	if (task) {
+-		files = get_files_struct(task);
++		if (!gr_acl_handle_procpidmem(task))
++			files = get_files_struct(task);
+ 		put_task_struct(task);
+ 	}
+ 	if (files) {
+@@ -1879,12 +1941,22 @@ static const struct file_operations proc
+ static int proc_fd_permission(struct inode *inode, int mask)
+ {
+ 	int rv;
++	struct task_struct *task;
+ 
+ 	rv = generic_permission(inode, mask, NULL);
+-	if (rv == 0)
+-		return 0;
++
+ 	if (task_pid(current) == proc_pid(inode))
+ 		rv = 0;
++
++	task = get_proc_task(inode);
++	if (task == NULL)
++		return rv;
++
++	if (gr_acl_handle_procpidmem(task))
++		rv = -EACCES;
++
++	put_task_struct(task);
++
+ 	return rv;
+ }
+ 
+@@ -1993,6 +2065,9 @@ static struct dentry *proc_pident_lookup
+ 	if (!task)
+ 		goto out_no_task;
+ 
++	if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
++		goto out;
++
+ 	/*
+ 	 * Yes, it does not scale. And it should not. Don't add
+ 	 * new entries into /proc/<tgid>/ without very good reasons.
+@@ -2037,6 +2112,9 @@ static int proc_pident_readdir(struct fi
+ 	if (!task)
+ 		goto out_no_task;
+ 
++	if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
++		goto out;
++
+ 	ret = 0;
+ 	i = filp->f_pos;
+ 	switch (i) {
+@@ -2397,6 +2475,9 @@ static struct dentry *proc_base_lookup(s
+ 	if (p > last)
+ 		goto out;
+ 
++	if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))
++		goto out;
++
+ 	error = proc_base_instantiate(dir, dentry, task, p);
+ 
+ out:
+@@ -2483,7 +2564,7 @@ static const struct pid_entry tgid_base_
+ #ifdef CONFIG_SCHED_DEBUG
+ 	REG("sched",      S_IRUGO|S_IWUSR, proc_pid_sched_operations),
+ #endif
+-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
++#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
+ 	INF("syscall",    S_IRUSR, proc_pid_syscall),
+ #endif
+ 	INF("cmdline",    S_IRUGO, proc_pid_cmdline),
+@@ -2511,7 +2592,7 @@ static const struct pid_entry tgid_base_
+ #ifdef CONFIG_KALLSYMS
+ 	INF("wchan",      S_IRUGO, proc_pid_wchan),
+ #endif
+-#ifdef CONFIG_STACKTRACE
++#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
+ 	ONE("stack",      S_IRUSR, proc_pid_stack),
+ #endif
+ #ifdef CONFIG_SCHEDSTATS
+@@ -2541,6 +2622,9 @@ static const struct pid_entry tgid_base_
+ #ifdef CONFIG_TASK_IO_ACCOUNTING
+ 	INF("io",	S_IRUGO, proc_tgid_io_accounting),
+ #endif
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++	INF("ipaddr",	  S_IRUSR, proc_pid_ipaddr),
++#endif
+ };
+ 
+ static int proc_tgid_base_readdir(struct file * filp,
+@@ -2670,7 +2754,14 @@ static struct dentry *proc_pid_instantia
+ 	if (!inode)
+ 		goto out;
+ 
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	inode->i_mode = S_IFDIR|S_IRUSR|S_IXUSR;
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++	inode->i_mode = S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP;
++#else
+ 	inode->i_mode = S_IFDIR|S_IRUGO|S_IXUGO;
++#endif
+ 	inode->i_op = &proc_tgid_base_inode_operations;
+ 	inode->i_fop = &proc_tgid_base_operations;
+ 	inode->i_flags|=S_IMMUTABLE;
+@@ -2712,7 +2803,11 @@ struct dentry *proc_pid_lookup(struct in
+ 	if (!task)
+ 		goto out;
+ 
++	if (gr_check_hidden_task(task))
++		goto out_put_task;
++
+ 	result = proc_pid_instantiate(dir, dentry, task, NULL);
++out_put_task:
+ 	put_task_struct(task);
+ out:
+ 	return result;
+@@ -2777,6 +2872,10 @@ int proc_pid_readdir(struct file * filp,
+ {
+ 	unsigned int nr = filp->f_pos - FIRST_PROCESS_ENTRY;
+ 	struct task_struct *reaper = get_proc_task(filp->f_path.dentry->d_inode);
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	const struct cred *tmpcred = current_cred();
++	const struct cred *itercred;
++#endif
+ 	struct tgid_iter iter;
+ 	struct pid_namespace *ns;
+ 
+@@ -2795,6 +2894,20 @@ int proc_pid_readdir(struct file * filp,
+ 	for (iter = next_tgid(ns, iter);
+ 	     iter.task;
+ 	     iter.tgid += 1, iter = next_tgid(ns, iter)) {
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++		itercred = __task_cred(iter.task);
++#endif
++		if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task)
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++		    || (tmpcred->uid && (itercred->uid != tmpcred->uid)
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++			&& !in_group_p(CONFIG_GRKERNSEC_PROC_GID)
++#endif
++			)
++#endif
++		)
++			continue;
++
+ 		filp->f_pos = iter.tgid + TGID_OFFSET;
+ 		if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) {
+ 			put_task_struct(iter.task);
+@@ -2822,7 +2935,7 @@ static const struct pid_entry tid_base_s
+ #ifdef CONFIG_SCHED_DEBUG
+ 	REG("sched",     S_IRUGO|S_IWUSR, proc_pid_sched_operations),
+ #endif
+-#ifdef CONFIG_HAVE_ARCH_TRACEHOOK
++#if defined(CONFIG_HAVE_ARCH_TRACEHOOK) && !defined(CONFIG_GRKERNSEC_PROC_MEMMAP)
+ 	INF("syscall",   S_IRUSR, proc_pid_syscall),
+ #endif
+ 	INF("cmdline",   S_IRUGO, proc_pid_cmdline),
+@@ -2849,7 +2962,7 @@ static const struct pid_entry tid_base_s
+ #ifdef CONFIG_KALLSYMS
+ 	INF("wchan",     S_IRUGO, proc_pid_wchan),
+ #endif
+-#ifdef CONFIG_STACKTRACE
++#if defined(CONFIG_STACKTRACE) && !defined(CONFIG_GRKERNSEC_HIDESYM)
+ 	ONE("stack",      S_IRUSR, proc_pid_stack),
+ #endif
+ #ifdef CONFIG_SCHEDSTATS
+diff -urNp linux-2.6.29.6/fs/proc/cmdline.c linux-2.6.29.6/fs/proc/cmdline.c
+--- linux-2.6.29.6/fs/proc/cmdline.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/cmdline.c	2009-07-23 17:34:32.166858420 -0400
+@@ -23,7 +23,11 @@ static const struct file_operations cmdl
+ 
+ static int __init proc_cmdline_init(void)
+ {
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++	proc_create_grsec("cmdline", 0, NULL, &cmdline_proc_fops);
++#else
+ 	proc_create("cmdline", 0, NULL, &cmdline_proc_fops);
++#endif
+ 	return 0;
+ }
+ module_init(proc_cmdline_init);
+diff -urNp linux-2.6.29.6/fs/proc/devices.c linux-2.6.29.6/fs/proc/devices.c
+--- linux-2.6.29.6/fs/proc/devices.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/devices.c	2009-07-23 17:34:32.166858420 -0400
+@@ -64,7 +64,11 @@ static const struct file_operations proc
+ 
+ static int __init proc_devices_init(void)
+ {
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++	proc_create_grsec("devices", 0, NULL, &proc_devinfo_operations);
++#else
+ 	proc_create("devices", 0, NULL, &proc_devinfo_operations);
++#endif
+ 	return 0;
+ }
+ module_init(proc_devices_init);
+diff -urNp linux-2.6.29.6/fs/proc/inode.c linux-2.6.29.6/fs/proc/inode.c
+--- linux-2.6.29.6/fs/proc/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/inode.c	2009-07-23 17:34:32.166858420 -0400
+@@ -463,7 +463,11 @@ struct inode *proc_get_inode(struct supe
+ 		if (de->mode) {
+ 			inode->i_mode = de->mode;
+ 			inode->i_uid = de->uid;
++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
++			inode->i_gid = CONFIG_GRKERNSEC_PROC_GID;
++#else
+ 			inode->i_gid = de->gid;
++#endif
+ 		}
+ 		if (de->size)
+ 			inode->i_size = de->size;
+diff -urNp linux-2.6.29.6/fs/proc/internal.h linux-2.6.29.6/fs/proc/internal.h
+--- linux-2.6.29.6/fs/proc/internal.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/internal.h	2009-07-23 17:34:32.166858420 -0400
+@@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_fi
+ 				struct pid *pid, struct task_struct *task);
+ extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
+ 				struct pid *pid, struct task_struct *task);
++#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
++extern int proc_pid_ipaddr(struct task_struct *task, char *buffer);
++#endif
+ extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
+ 
+ extern const struct file_operations proc_maps_operations;
+diff -urNp linux-2.6.29.6/fs/proc/Kconfig linux-2.6.29.6/fs/proc/Kconfig
+--- linux-2.6.29.6/fs/proc/Kconfig	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/Kconfig	2009-07-23 17:34:32.166858420 -0400
+@@ -30,12 +30,12 @@ config PROC_FS
+ 
+ config PROC_KCORE
+ 	bool "/proc/kcore support" if !ARM
+-	depends on PROC_FS && MMU
++	depends on PROC_FS && MMU && !GRKERNSEC_PROC_ADD
+ 
+ config PROC_VMCORE
+         bool "/proc/vmcore support (EXPERIMENTAL)"
+-        depends on PROC_FS && CRASH_DUMP
+-	default y
++        depends on PROC_FS && CRASH_DUMP && !GRKERNSEC
++	default n
+         help
+         Exports the dump image of crashed kernel in ELF format.
+ 
+@@ -59,8 +59,8 @@ config PROC_SYSCTL
+ 	  limited in memory.
+ 
+ config PROC_PAGE_MONITOR
+- 	default y
+-	depends on PROC_FS && MMU
++ 	default n
++	depends on PROC_FS && MMU && !GRKERNSEC
+ 	bool "Enable /proc page monitoring" if EMBEDDED
+  	help
+ 	  Various /proc files exist to monitor process memory utilization:
+diff -urNp linux-2.6.29.6/fs/proc/kcore.c linux-2.6.29.6/fs/proc/kcore.c
+--- linux-2.6.29.6/fs/proc/kcore.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/kcore.c	2009-07-23 17:34:32.167803575 -0400
+@@ -404,10 +404,12 @@ read_kcore(struct file *file, char __use
+ 
+ static int __init proc_kcore_init(void)
+ {
++#if !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ 	proc_root_kcore = proc_create("kcore", S_IRUSR, NULL, &proc_kcore_operations);
+ 	if (proc_root_kcore)
+ 		proc_root_kcore->size =
+ 				(size_t)high_memory - PAGE_OFFSET + PAGE_SIZE;
++#endif
+ 	return 0;
+ }
+ module_init(proc_kcore_init);
+diff -urNp linux-2.6.29.6/fs/proc/nommu.c linux-2.6.29.6/fs/proc/nommu.c
+--- linux-2.6.29.6/fs/proc/nommu.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/nommu.c	2009-07-23 18:40:27.471265103 -0400
+@@ -67,7 +67,7 @@ static int nommu_region_show(struct seq_
+ 		if (len < 1)
+ 			len = 1;
+ 		seq_printf(m, "%*c", len, ' ');
+-		seq_path(m, &file->f_path, "");
++		seq_path(m, &file->f_path, "\n\\");
+ 	}
+ 
+ 	seq_putc(m, '\n');
+@@ -109,7 +109,7 @@ static void *nommu_region_list_next(stru
+ 	return rb_next((struct rb_node *) v);
+ }
+ 
+-static struct seq_operations proc_nommu_region_list_seqop = {
++static const struct seq_operations proc_nommu_region_list_seqop = {
+ 	.start	= nommu_region_list_start,
+ 	.next	= nommu_region_list_next,
+ 	.stop	= nommu_region_list_stop,
+diff -urNp linux-2.6.29.6/fs/proc/proc_net.c linux-2.6.29.6/fs/proc/proc_net.c
+--- linux-2.6.29.6/fs/proc/proc_net.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/proc_net.c	2009-07-23 17:34:32.167803575 -0400
+@@ -104,6 +104,17 @@ static struct net *get_proc_task_net(str
+ 	struct task_struct *task;
+ 	struct nsproxy *ns;
+ 	struct net *net = NULL;
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	const struct cred *cred = current_cred();
++#endif
++
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	if (cred->fsuid)
++		return net;
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	if (cred->fsuid && !in_group_p(CONFIG_GRKERNSEC_PROC_GID))
++		return net;
++#endif
+ 
+ 	rcu_read_lock();
+ 	task = pid_task(proc_pid(dir), PIDTYPE_PID);
+diff -urNp linux-2.6.29.6/fs/proc/proc_sysctl.c linux-2.6.29.6/fs/proc/proc_sysctl.c
+--- linux-2.6.29.6/fs/proc/proc_sysctl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/proc_sysctl.c	2009-07-23 19:28:12.262381898 -0400
+@@ -7,7 +7,9 @@
+ #include <linux/security.h>
+ #include "internal.h"
+ 
+-static struct dentry_operations proc_sys_dentry_operations;
++extern __u32 gr_handle_sysctl(const struct ctl_table *table, const int op);
++
++static const struct dentry_operations proc_sys_dentry_operations;
+ static const struct file_operations proc_sys_file_operations;
+ static const struct inode_operations proc_sys_inode_operations;
+ static const struct file_operations proc_sys_dir_file_operations;
+@@ -109,6 +111,9 @@ static struct dentry *proc_sys_lookup(st
+ 	if (!p)
+ 		goto out;
+ 
++	if (gr_handle_sysctl(p, MAY_EXEC))
++		goto out;
++
+ 	err = ERR_PTR(-ENOMEM);
+ 	inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p);
+ 	if (h)
+@@ -228,6 +233,9 @@ static int scan(struct ctl_table_header 
+ 		if (*pos < file->f_pos)
+ 			continue;
+ 
++		if (gr_handle_sysctl(table, 0))
++			continue;
++
+ 		res = proc_sys_fill_cache(file, dirent, filldir, head, table);
+ 		if (res)
+ 			return res;
+@@ -344,6 +352,9 @@ static int proc_sys_getattr(struct vfsmo
+ 	if (IS_ERR(head))
+ 		return PTR_ERR(head);
+ 
++	if (table && gr_handle_sysctl(table, MAY_EXEC))
++		return -ENOENT;
++
+ 	generic_fillattr(inode, stat);
+ 	if (table)
+ 		stat->mode = (stat->mode & S_IFMT) | table->mode;
+@@ -396,7 +407,7 @@ static int proc_sys_compare(struct dentr
+ 	return !sysctl_is_seen(PROC_I(dentry->d_inode)->sysctl);
+ }
+ 
+-static struct dentry_operations proc_sys_dentry_operations = {
++static const struct dentry_operations proc_sys_dentry_operations = {
+ 	.d_revalidate	= proc_sys_revalidate,
+ 	.d_delete	= proc_sys_delete,
+ 	.d_compare	= proc_sys_compare,
+diff -urNp linux-2.6.29.6/fs/proc/root.c linux-2.6.29.6/fs/proc/root.c
+--- linux-2.6.29.6/fs/proc/root.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/root.c	2009-07-23 17:34:32.167803575 -0400
+@@ -101,6 +101,11 @@ static struct file_system_type proc_fs_t
+ 	.kill_sb	= proc_kill_sb,
+ };
+ 
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++static const struct file_operations __kallsyms_operations = {
++};
++#endif
++
+ void __init proc_root_init(void)
+ {
+ 	int err;
+@@ -134,8 +139,21 @@ void __init proc_root_init(void)
+ #ifdef CONFIG_PROC_DEVICETREE
+ 	proc_device_tree_init();
+ #endif
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	proc_mkdir_mode("bus", S_IRUSR | S_IXUSR, NULL);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	proc_mkdir_mode("bus", S_IRUSR | S_IXUSR | S_IRGRP | S_IXGRP, NULL);
++#endif
++#else
+ 	proc_mkdir("bus", NULL);
++#endif
+ 	proc_sys_init();
++
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++	/* fake kallsyms to workaround klogd bug */
++	proc_create("kallsyms", 0444, NULL, &__kallsyms_operations);
++#endif
+ }
+ 
+ static int proc_root_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat
+diff -urNp linux-2.6.29.6/fs/proc/task_mmu.c linux-2.6.29.6/fs/proc/task_mmu.c
+--- linux-2.6.29.6/fs/proc/task_mmu.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/task_mmu.c	2009-07-23 17:34:32.168754984 -0400
+@@ -46,15 +46,26 @@ void task_mem(struct seq_file *m, struct
+ 		"VmStk:\t%8lu kB\n"
+ 		"VmExe:\t%8lu kB\n"
+ 		"VmLib:\t%8lu kB\n"
+-		"VmPTE:\t%8lu kB\n",
+-		hiwater_vm << (PAGE_SHIFT-10),
++		"VmPTE:\t%8lu kB\n"
++
++#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
++		"CsBase:\t%8lx\nCsLim:\t%8lx\n"
++#endif
++
++		,hiwater_vm << (PAGE_SHIFT-10),
+ 		(total_vm - mm->reserved_vm) << (PAGE_SHIFT-10),
+ 		mm->locked_vm << (PAGE_SHIFT-10),
+ 		hiwater_rss << (PAGE_SHIFT-10),
+ 		total_rss << (PAGE_SHIFT-10),
+ 		data << (PAGE_SHIFT-10),
+ 		mm->stack_vm << (PAGE_SHIFT-10), text, lib,
+-		(PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10);
++		(PTRS_PER_PTE*sizeof(pte_t)*mm->nr_ptes) >> 10
++
++#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
++		, mm->context.user_cs_base, mm->context.user_cs_limit
++#endif
++
++	);
+ }
+ 
+ unsigned long task_vsize(struct mm_struct *mm)
+@@ -198,6 +209,12 @@ static int do_maps_open(struct inode *in
+ 	return ret;
+ }
+ 
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++#define PAX_RAND_FLAGS(_mm) (_mm != NULL && _mm != current->mm && \
++			     (_mm->pax_flags & MF_PAX_RANDMMAP || \
++			      _mm->pax_flags & MF_PAX_SEGMEXEC))
++#endif
++
+ static void show_map_vma(struct seq_file *m, struct vm_area_struct *vma)
+ {
+ 	struct mm_struct *mm = vma->vm_mm;
+@@ -214,13 +231,22 @@ static void show_map_vma(struct seq_file
+ 	}
+ 
+ 	seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n",
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++			PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_start,
++			PAX_RAND_FLAGS(mm) ? 0UL : vma->vm_end,
++#else
+ 			vma->vm_start,
+ 			vma->vm_end,
++#endif
+ 			flags & VM_READ ? 'r' : '-',
+ 			flags & VM_WRITE ? 'w' : '-',
+ 			flags & VM_EXEC ? 'x' : '-',
+ 			flags & VM_MAYSHARE ? 's' : 'p',
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++			PAX_RAND_FLAGS(mm) ? 0UL : ((loff_t)vma->vm_pgoff) << PAGE_SHIFT,
++#else
+ 			((loff_t)vma->vm_pgoff) << PAGE_SHIFT,
++#endif
+ 			MAJOR(dev), MINOR(dev), ino, &len);
+ 
+ 	/*
+@@ -229,16 +255,16 @@ static void show_map_vma(struct seq_file
+ 	 */
+ 	if (file) {
+ 		pad_len_spaces(m, len);
+-		seq_path(m, &file->f_path, "\n");
++		seq_path(m, &file->f_path, "\n\\");
+ 	} else {
+ 		const char *name = arch_vma_name(vma);
+ 		if (!name) {
+ 			if (mm) {
+-				if (vma->vm_start <= mm->start_brk &&
+-						vma->vm_end >= mm->brk) {
++				if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
+ 					name = "[heap]";
+-				} else if (vma->vm_start <= mm->start_stack &&
+-					   vma->vm_end >= mm->start_stack) {
++				} else if ((vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP)) ||
++					   (vma->vm_start <= mm->start_stack &&
++					    vma->vm_end >= mm->start_stack)) {
+ 					name = "[stack]";
+ 				}
+ 			} else {
+@@ -381,9 +407,16 @@ static int show_smap(struct seq_file *m,
+ 	};
+ 
+ 	memset(&mss, 0, sizeof mss);
+-	mss.vma = vma;
+-	if (vma->vm_mm && !is_vm_hugetlb_page(vma))
+-		walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
++
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++	if (!PAX_RAND_FLAGS(vma->vm_mm)) {
++#endif
++		mss.vma = vma;
++		if (vma->vm_mm && !is_vm_hugetlb_page(vma))
++			walk_page_range(vma->vm_start, vma->vm_end, &smaps_walk);
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++	}
++#endif
+ 
+ 	show_map_vma(m, vma);
+ 
+@@ -399,7 +432,11 @@ static int show_smap(struct seq_file *m,
+ 		   "Swap:           %8lu kB\n"
+ 		   "KernelPageSize: %8lu kB\n"
+ 		   "MMUPageSize:    %8lu kB\n",
++#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP
++		   PAX_RAND_FLAGS(vma->vm_mm) ? 0UL : (vma->vm_end - vma->vm_start) >> 10,
++#else
+ 		   (vma->vm_end - vma->vm_start) >> 10,
++#endif
+ 		   mss.resident >> 10,
+ 		   (unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
+ 		   mss.shared_clean  >> 10,
+diff -urNp linux-2.6.29.6/fs/proc/task_nommu.c linux-2.6.29.6/fs/proc/task_nommu.c
+--- linux-2.6.29.6/fs/proc/task_nommu.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/proc/task_nommu.c	2009-07-23 17:34:32.168754984 -0400
+@@ -49,7 +49,7 @@ void task_mem(struct seq_file *m, struct
+ 	else
+ 		bytes += kobjsize(mm);
+ 	
+-	if (current->fs && current->fs->users > 1)
++	if (current->fs && atomic_read(&current->fs->users) > 1)
+ 		sbytes += kobjsize(current->fs);
+ 	else
+ 		bytes += kobjsize(current->fs);
+@@ -151,7 +151,7 @@ static int nommu_vma_show(struct seq_fil
+ 		if (len < 1)
+ 			len = 1;
+ 		seq_printf(m, "%*c", len, ' ');
+-		seq_path(m, &file->f_path, "");
++		seq_path(m, &file->f_path, "\n\\");
+ 	}
+ 
+ 	seq_putc(m, '\n');
+diff -urNp linux-2.6.29.6/fs/readdir.c linux-2.6.29.6/fs/readdir.c
+--- linux-2.6.29.6/fs/readdir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/readdir.c	2009-07-23 17:34:32.168754984 -0400
+@@ -16,6 +16,7 @@
+ #include <linux/security.h>
+ #include <linux/syscalls.h>
+ #include <linux/unistd.h>
++#include <linux/namei.h>
+ 
+ #include <asm/uaccess.h>
+ 
+@@ -67,6 +68,7 @@ struct old_linux_dirent {
+ 
+ struct readdir_callback {
+ 	struct old_linux_dirent __user * dirent;
++	struct file * file;
+ 	int result;
+ };
+ 
+@@ -84,6 +86,10 @@ static int fillonedir(void * __buf, cons
+ 		buf->result = -EOVERFLOW;
+ 		return -EOVERFLOW;
+ 	}
++
++	if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
++		return 0;
++
+ 	buf->result++;
+ 	dirent = buf->dirent;
+ 	if (!access_ok(VERIFY_WRITE, dirent,
+@@ -116,6 +122,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned in
+ 
+ 	buf.result = 0;
+ 	buf.dirent = dirent;
++	buf.file = file;
+ 
+ 	error = vfs_readdir(file, fillonedir, &buf);
+ 	if (buf.result)
+@@ -142,6 +149,7 @@ struct linux_dirent {
+ struct getdents_callback {
+ 	struct linux_dirent __user * current_dir;
+ 	struct linux_dirent __user * previous;
++	struct file * file;
+ 	int count;
+ 	int error;
+ };
+@@ -162,6 +170,10 @@ static int filldir(void * __buf, const c
+ 		buf->error = -EOVERFLOW;
+ 		return -EOVERFLOW;
+ 	}
++
++	if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
++		return 0;
++
+ 	dirent = buf->previous;
+ 	if (dirent) {
+ 		if (__put_user(offset, &dirent->d_off))
+@@ -209,6 +221,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, 
+ 	buf.previous = NULL;
+ 	buf.count = count;
+ 	buf.error = 0;
++	buf.file = file;
+ 
+ 	error = vfs_readdir(file, filldir, &buf);
+ 	if (error >= 0)
+@@ -228,6 +241,7 @@ out:
+ struct getdents_callback64 {
+ 	struct linux_dirent64 __user * current_dir;
+ 	struct linux_dirent64 __user * previous;
++	struct file *file;
+ 	int count;
+ 	int error;
+ };
+@@ -242,6 +256,10 @@ static int filldir64(void * __buf, const
+ 	buf->error = -EINVAL;	/* only used if we fail.. */
+ 	if (reclen > buf->count)
+ 		return -EINVAL;
++
++	if (!gr_acl_handle_filldir(buf->file, name, namlen, ino))
++		return 0;
++
+ 	dirent = buf->previous;
+ 	if (dirent) {
+ 		if (__put_user(offset, &dirent->d_off))
+@@ -289,6 +307,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int
+ 
+ 	buf.current_dir = dirent;
+ 	buf.previous = NULL;
++	buf.file = file;
+ 	buf.count = count;
+ 	buf.error = 0;
+ 
+diff -urNp linux-2.6.29.6/fs/reiserfs/do_balan.c linux-2.6.29.6/fs/reiserfs/do_balan.c
+--- linux-2.6.29.6/fs/reiserfs/do_balan.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/reiserfs/do_balan.c	2009-07-23 17:34:32.169708808 -0400
+@@ -2114,7 +2114,7 @@ void do_balance(struct tree_balance *tb,
+ 		return;
+ 	}
+ 
+-	atomic_inc(&(fs_generation(tb->tb_sb)));
++	atomic_inc_unchecked(&(fs_generation(tb->tb_sb)));
+ 	do_balance_starts(tb);
+ 
+ 	/* balance leaf returns 0 except if combining L R and S into
+diff -urNp linux-2.6.29.6/fs/reiserfs/xattr.c linux-2.6.29.6/fs/reiserfs/xattr.c
+--- linux-2.6.29.6/fs/reiserfs/xattr.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/reiserfs/xattr.c	2009-07-23 18:40:28.566682353 -0400
+@@ -1136,7 +1136,7 @@ xattr_lookup_poison(struct dentry *dentr
+ 	return 1;
+ }
+ 
+-static struct dentry_operations xattr_lookup_poison_ops = {
++static const struct dentry_operations xattr_lookup_poison_ops = {
+ 	.d_compare = xattr_lookup_poison,
+ };
+ 
+diff -urNp linux-2.6.29.6/fs/select.c linux-2.6.29.6/fs/select.c
+--- linux-2.6.29.6/fs/select.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/select.c	2009-07-23 17:34:32.169708808 -0400
+@@ -19,6 +19,7 @@
+ #include <linux/module.h>
+ #include <linux/slab.h>
+ #include <linux/poll.h>
++#include <linux/security.h>
+ #include <linux/personality.h> /* for STICKY_TIMEOUTS */
+ #include <linux/file.h>
+ #include <linux/fdtable.h>
+@@ -781,6 +782,7 @@ int do_sys_poll(struct pollfd __user *uf
+  	struct poll_list *walk = head;
+  	unsigned long todo = nfds;
+ 
++	gr_learn_resource(current, RLIMIT_NOFILE, nfds, 1);
+ 	if (nfds > current->signal->rlim[RLIMIT_NOFILE].rlim_cur)
+ 		return -EINVAL;
+ 
+diff -urNp linux-2.6.29.6/fs/seq_file.c linux-2.6.29.6/fs/seq_file.c
+--- linux-2.6.29.6/fs/seq_file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/seq_file.c	2009-07-23 17:34:32.169708808 -0400
+@@ -76,7 +76,8 @@ static int traverse(struct seq_file *m, 
+ 		return 0;
+ 	}
+ 	if (!m->buf) {
+-		m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
++		m->size = PAGE_SIZE;
++		m->buf = kmalloc(m->size, GFP_KERNEL);
+ 		if (!m->buf)
+ 			return -ENOMEM;
+ 	}
+@@ -116,7 +117,8 @@ static int traverse(struct seq_file *m, 
+ Eoverflow:
+ 	m->op->stop(m, p);
+ 	kfree(m->buf);
+-	m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
++	m->size <<= 1;
++	m->buf = kmalloc(m->size, GFP_KERNEL);
+ 	return !m->buf ? -ENOMEM : -EAGAIN;
+ }
+ 
+@@ -169,7 +171,8 @@ ssize_t seq_read(struct file *file, char
+ 	m->version = file->f_version;
+ 	/* grab buffer if we didn't have one */
+ 	if (!m->buf) {
+-		m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL);
++		m->size = PAGE_SIZE;
++		m->buf = kmalloc(m->size, GFP_KERNEL);
+ 		if (!m->buf)
+ 			goto Enomem;
+ 	}
+@@ -210,7 +213,8 @@ ssize_t seq_read(struct file *file, char
+ 			goto Fill;
+ 		m->op->stop(m, p);
+ 		kfree(m->buf);
+-		m->buf = kmalloc(m->size <<= 1, GFP_KERNEL);
++		m->size <<= 1;
++		m->buf = kmalloc(m->size, GFP_KERNEL);
+ 		if (!m->buf)
+ 			goto Enomem;
+ 		m->count = 0;
+diff -urNp linux-2.6.29.6/fs/smbfs/symlink.c linux-2.6.29.6/fs/smbfs/symlink.c
+--- linux-2.6.29.6/fs/smbfs/symlink.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/smbfs/symlink.c	2009-07-23 17:34:32.169708808 -0400
+@@ -55,7 +55,7 @@ static void *smb_follow_link(struct dent
+ 
+ static void smb_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
+ {
+-	char *s = nd_get_link(nd);
++	const char *s = nd_get_link(nd);
+ 	if (!IS_ERR(s))
+ 		__putname(s);
+ }
+diff -urNp linux-2.6.29.6/fs/squashfs/super.c linux-2.6.29.6/fs/squashfs/super.c
+--- linux-2.6.29.6/fs/squashfs/super.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/squashfs/super.c	2009-07-23 18:40:28.577043173 -0400
+@@ -43,7 +43,7 @@
+ #include "squashfs.h"
+ 
+ static struct file_system_type squashfs_fs_type;
+-static struct super_operations squashfs_super_ops;
++static const struct super_operations squashfs_super_ops;
+ 
+ static int supported_squashfs_filesystem(short major, short minor, short comp)
+ {
+@@ -426,7 +426,7 @@ static struct file_system_type squashfs_
+ 	.fs_flags = FS_REQUIRES_DEV
+ };
+ 
+-static struct super_operations squashfs_super_ops = {
++static const struct super_operations squashfs_super_ops = {
+ 	.alloc_inode = squashfs_alloc_inode,
+ 	.destroy_inode = squashfs_destroy_inode,
+ 	.statfs = squashfs_statfs,
+diff -urNp linux-2.6.29.6/fs/sysfs/dir.c linux-2.6.29.6/fs/sysfs/dir.c
+--- linux-2.6.29.6/fs/sysfs/dir.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/sysfs/dir.c	2009-07-23 18:40:28.589290669 -0400
+@@ -302,7 +302,7 @@ static void sysfs_d_iput(struct dentry *
+ 	iput(inode);
+ }
+ 
+-static struct dentry_operations sysfs_dentry_ops = {
++static const struct dentry_operations sysfs_dentry_ops = {
+ 	.d_iput		= sysfs_d_iput,
+ };
+ 
+diff -urNp linux-2.6.29.6/fs/sysfs/symlink.c linux-2.6.29.6/fs/sysfs/symlink.c
+--- linux-2.6.29.6/fs/sysfs/symlink.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/sysfs/symlink.c	2009-07-23 17:34:32.169708808 -0400
+@@ -200,7 +200,7 @@ static void *sysfs_follow_link(struct de
+ 
+ static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie)
+ {
+-	char *page = nd_get_link(nd);
++	const char *page = nd_get_link(nd);
+ 	if (!IS_ERR(page))
+ 		free_page((unsigned long)page);
+ }
+diff -urNp linux-2.6.29.6/fs/sysv/namei.c linux-2.6.29.6/fs/sysv/namei.c
+--- linux-2.6.29.6/fs/sysv/namei.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/sysv/namei.c	2009-07-23 18:40:28.589290669 -0400
+@@ -38,7 +38,7 @@ static int sysv_hash(struct dentry *dent
+ 	return 0;
+ }
+ 
+-struct dentry_operations sysv_dentry_operations = {
++const struct dentry_operations sysv_dentry_operations = {
+ 	.d_hash		= sysv_hash,
+ };
+ 
+diff -urNp linux-2.6.29.6/fs/sysv/sysv.h linux-2.6.29.6/fs/sysv/sysv.h
+--- linux-2.6.29.6/fs/sysv/sysv.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/sysv/sysv.h	2009-07-23 18:40:28.590278279 -0400
+@@ -170,7 +170,7 @@ extern const struct file_operations sysv
+ extern const struct file_operations sysv_dir_operations;
+ extern const struct address_space_operations sysv_aops;
+ extern const struct super_operations sysv_sops;
+-extern struct dentry_operations sysv_dentry_operations;
++extern const struct dentry_operations sysv_dentry_operations;
+ 
+ 
+ enum {
+diff -urNp linux-2.6.29.6/fs/ubifs/file.c linux-2.6.29.6/fs/ubifs/file.c
+--- linux-2.6.29.6/fs/ubifs/file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ubifs/file.c	2009-07-23 18:40:28.610477859 -0400
+@@ -1526,7 +1526,7 @@ out_unlock:
+ 	return err;
+ }
+ 
+-static struct vm_operations_struct ubifs_file_vm_ops = {
++static const struct vm_operations_struct ubifs_file_vm_ops = {
+ 	.fault        = filemap_fault,
+ 	.page_mkwrite = ubifs_vm_page_mkwrite,
+ };
+diff -urNp linux-2.6.29.6/fs/udf/balloc.c linux-2.6.29.6/fs/udf/balloc.c
+--- linux-2.6.29.6/fs/udf/balloc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/udf/balloc.c	2009-07-23 17:34:32.170868529 -0400
+@@ -169,9 +169,7 @@ static void udf_bitmap_free_blocks(struc
+ 	unsigned long overflow;
+ 
+ 	mutex_lock(&sbi->s_alloc_mutex);
+-	if (bloc.logicalBlockNum < 0 ||
+-	    (bloc.logicalBlockNum + count) >
+-		sbi->s_partmaps[bloc.partitionReferenceNum].s_partition_len) {
++	if (bloc.logicalBlockNum + count > sbi->s_partmaps[bloc.partitionReferenceNum].s_partition_len) {
+ 		udf_debug("%d < %d || %d + %d > %d\n",
+ 			  bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count,
+ 			  sbi->s_partmaps[bloc.partitionReferenceNum].
+@@ -239,7 +237,7 @@ static int udf_bitmap_prealloc_blocks(st
+ 
+ 	mutex_lock(&sbi->s_alloc_mutex);
+ 	part_len = sbi->s_partmaps[partition].s_partition_len;
+-	if (first_block < 0 || first_block >= part_len)
++	if (first_block >= part_len)
+ 		goto out;
+ 
+ 	if (first_block + block_count > part_len)
+@@ -300,7 +298,7 @@ static int udf_bitmap_new_block(struct s
+ 	mutex_lock(&sbi->s_alloc_mutex);
+ 
+ repeat:
+-	if (goal < 0 || goal >= sbi->s_partmaps[partition].s_partition_len)
++	if (goal >= sbi->s_partmaps[partition].s_partition_len)
+ 		goal = 0;
+ 
+ 	nr_groups = bitmap->s_nr_groups;
+@@ -438,9 +436,7 @@ static void udf_table_free_blocks(struct
+ 	struct udf_inode_info *iinfo;
+ 
+ 	mutex_lock(&sbi->s_alloc_mutex);
+-	if (bloc.logicalBlockNum < 0 ||
+-	    (bloc.logicalBlockNum + count) >
+-		sbi->s_partmaps[bloc.partitionReferenceNum].s_partition_len) {
++	if (bloc.logicalBlockNum + count > sbi->s_partmaps[bloc.partitionReferenceNum].s_partition_len) {
+ 		udf_debug("%d < %d || %d + %d > %d\n",
+ 			  bloc.logicalBlockNum, 0, bloc.logicalBlockNum, count,
+ 			  sbi->s_partmaps[bloc.partitionReferenceNum].
+@@ -671,8 +667,7 @@ static int udf_table_prealloc_blocks(str
+ 	int8_t etype = -1;
+ 	struct udf_inode_info *iinfo;
+ 
+-	if (first_block < 0 ||
+-		first_block >= sbi->s_partmaps[partition].s_partition_len)
++	if (first_block >= sbi->s_partmaps[partition].s_partition_len)
+ 		return 0;
+ 
+ 	iinfo = UDF_I(table);
+@@ -750,7 +745,7 @@ static int udf_table_new_block(struct su
+ 		return newblock;
+ 
+ 	mutex_lock(&sbi->s_alloc_mutex);
+-	if (goal < 0 || goal >= sbi->s_partmaps[partition].s_partition_len)
++	if (goal >= sbi->s_partmaps[partition].s_partition_len)
+ 		goal = 0;
+ 
+ 	/* We search for the closest matching block to goal. If we find
+diff -urNp linux-2.6.29.6/fs/ufs/inode.c linux-2.6.29.6/fs/ufs/inode.c
+--- linux-2.6.29.6/fs/ufs/inode.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/ufs/inode.c	2009-07-23 17:34:32.170868529 -0400
+@@ -56,9 +56,7 @@ static int ufs_block_to_path(struct inod
+ 
+ 
+ 	UFSD("ptrs=uspi->s_apb = %d,double_blocks=%ld \n",ptrs,double_blocks);
+-	if (i_block < 0) {
+-		ufs_warning(inode->i_sb, "ufs_block_to_path", "block < 0");
+-	} else if (i_block < direct_blocks) {
++	if (i_block < direct_blocks) {
+ 		offsets[n++] = i_block;
+ 	} else if ((i_block -= direct_blocks) < indirect_blocks) {
+ 		offsets[n++] = UFS_IND_BLOCK;
+@@ -440,8 +438,6 @@ int ufs_getfrag_block(struct inode *inod
+ 	lock_kernel();
+ 
+ 	UFSD("ENTER, ino %lu, fragment %llu\n", inode->i_ino, (unsigned long long)fragment);
+-	if (fragment < 0)
+-		goto abort_negative;
+ 	if (fragment >
+ 	    ((UFS_NDADDR + uspi->s_apb + uspi->s_2apb + uspi->s_3apb)
+ 	     << uspi->s_fpbshift))
+@@ -504,10 +500,6 @@ abort:
+ 	unlock_kernel();
+ 	return err;
+ 
+-abort_negative:
+-	ufs_warning(sb, "ufs_get_block", "block < 0");
+-	goto abort;
+-
+ abort_too_big:
+ 	ufs_warning(sb, "ufs_get_block", "block > big");
+ 	goto abort;
+diff -urNp linux-2.6.29.6/fs/utimes.c linux-2.6.29.6/fs/utimes.c
+--- linux-2.6.29.6/fs/utimes.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/utimes.c	2009-07-23 17:34:32.170868529 -0400
+@@ -1,6 +1,7 @@
+ #include <linux/compiler.h>
+ #include <linux/file.h>
+ #include <linux/fs.h>
++#include <linux/security.h>
+ #include <linux/linkage.h>
+ #include <linux/mount.h>
+ #include <linux/namei.h>
+@@ -101,6 +102,12 @@ static int utimes_common(struct path *pa
+ 				goto mnt_drop_write_and_out;
+ 		}
+ 	}
++
++	if (!gr_acl_handle_utime(path->dentry, path->mnt)) {
++		error = -EACCES;
++		goto mnt_drop_write_and_out;
++	}
++
+ 	mutex_lock(&inode->i_mutex);
+ 	error = notify_change(path->dentry, &newattrs);
+ 	mutex_unlock(&inode->i_mutex);
+diff -urNp linux-2.6.29.6/fs/xfs/linux-2.6/xfs_file.c linux-2.6.29.6/fs/xfs/linux-2.6/xfs_file.c
+--- linux-2.6.29.6/fs/xfs/linux-2.6/xfs_file.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/xfs/linux-2.6/xfs_file.c	2009-07-23 18:40:28.621302411 -0400
+@@ -43,7 +43,7 @@
+ #include <linux/dcache.h>
+ #include <linux/smp_lock.h>
+ 
+-static struct vm_operations_struct xfs_file_vm_ops;
++static const struct vm_operations_struct xfs_file_vm_ops;
+ 
+ STATIC ssize_t
+ xfs_file_aio_read(
+@@ -272,7 +272,7 @@ const struct file_operations xfs_dir_fil
+ 	.fsync		= xfs_file_fsync,
+ };
+ 
+-static struct vm_operations_struct xfs_file_vm_ops = {
++static const struct vm_operations_struct xfs_file_vm_ops = {
+ 	.fault		= filemap_fault,
+ 	.page_mkwrite	= xfs_vm_page_mkwrite,
+ };
+diff -urNp linux-2.6.29.6/fs/xfs/linux-2.6/xfs_iops.c linux-2.6.29.6/fs/xfs/linux-2.6/xfs_iops.c
+--- linux-2.6.29.6/fs/xfs/linux-2.6/xfs_iops.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/xfs/linux-2.6/xfs_iops.c	2009-07-23 17:34:32.170868529 -0400
+@@ -494,7 +494,7 @@ xfs_vn_put_link(
+ 	struct nameidata *nd,
+ 	void		*p)
+ {
+-	char		*s = nd_get_link(nd);
++	const char	*s = nd_get_link(nd);
+ 
+ 	if (!IS_ERR(s))
+ 		kfree(s);
+diff -urNp linux-2.6.29.6/fs/xfs/linux-2.6/xfs_super.c linux-2.6.29.6/fs/xfs/linux-2.6/xfs_super.c
+--- linux-2.6.29.6/fs/xfs/linux-2.6/xfs_super.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/xfs/linux-2.6/xfs_super.c	2009-07-23 18:40:28.631296881 -0400
+@@ -69,7 +69,7 @@
+ #include <linux/parser.h>
+ 
+ static struct quotactl_ops xfs_quotactl_operations;
+-static struct super_operations xfs_super_operations;
++static const struct super_operations xfs_super_operations;
+ static kmem_zone_t *xfs_ioend_zone;
+ mempool_t *xfs_ioend_pool;
+ 
+@@ -1564,7 +1564,7 @@ xfs_fs_get_sb(
+ 			   mnt);
+ }
+ 
+-static struct super_operations xfs_super_operations = {
++static const struct super_operations xfs_super_operations = {
+ 	.alloc_inode		= xfs_fs_alloc_inode,
+ 	.destroy_inode		= xfs_fs_destroy_inode,
+ 	.write_inode		= xfs_fs_write_inode,
+diff -urNp linux-2.6.29.6/fs/xfs/xfs_bmap.c linux-2.6.29.6/fs/xfs/xfs_bmap.c
+--- linux-2.6.29.6/fs/xfs/xfs_bmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/fs/xfs/xfs_bmap.c	2009-07-23 17:34:32.171850695 -0400
+@@ -360,7 +360,7 @@ xfs_bmap_validate_ret(
+ 	int			nmap,
+ 	int			ret_nmap);
+ #else
+-#define	xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap)
++#define	xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0)
+ #endif /* DEBUG */
+ 
+ #if defined(XFS_RW_TRACE)
+diff -urNp linux-2.6.29.6/grsecurity/gracl_alloc.c linux-2.6.29.6/grsecurity/gracl_alloc.c
+--- linux-2.6.29.6/grsecurity/gracl_alloc.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_alloc.c	2009-07-23 17:34:32.172792791 -0400
+@@ -0,0 +1,105 @@
++#include <linux/kernel.h>
++#include <linux/mm.h>
++#include <linux/slab.h>
++#include <linux/vmalloc.h>
++#include <linux/gracl.h>
++#include <linux/grsecurity.h>
++
++static unsigned long alloc_stack_next = 1;
++static unsigned long alloc_stack_size = 1;
++static void **alloc_stack;
++
++static __inline__ int
++alloc_pop(void)
++{
++	if (alloc_stack_next == 1)
++		return 0;
++
++	kfree(alloc_stack[alloc_stack_next - 2]);
++
++	alloc_stack_next--;
++
++	return 1;
++}
++
++static __inline__ int
++alloc_push(void *buf)
++{
++	if (alloc_stack_next >= alloc_stack_size)
++		return 1;
++
++	alloc_stack[alloc_stack_next - 1] = buf;
++
++	alloc_stack_next++;
++
++	return 0;
++}
++
++void *
++acl_alloc(unsigned long len)
++{
++	void *ret = NULL;
++
++	if (!len || len > PAGE_SIZE)
++		goto out;
++
++	ret = kmalloc(len, GFP_KERNEL);
++
++	if (ret) {
++		if (alloc_push(ret)) {
++			kfree(ret);
++			ret = NULL;
++		}
++	}
++
++out:
++	return ret;
++}
++
++void *
++acl_alloc_num(unsigned long num, unsigned long len)
++{
++	if (!len || (num > (PAGE_SIZE / len)))
++		return NULL;
++
++	return acl_alloc(num * len);
++}
++
++void
++acl_free_all(void)
++{
++	if (gr_acl_is_enabled() || !alloc_stack)
++		return;
++
++	while (alloc_pop()) ;
++
++	if (alloc_stack) {
++		if ((alloc_stack_size * sizeof (void *)) <= PAGE_SIZE)
++			kfree(alloc_stack);
++		else
++			vfree(alloc_stack);
++	}
++
++	alloc_stack = NULL;
++	alloc_stack_size = 1;
++	alloc_stack_next = 1;
++
++	return;
++}
++
++int
++acl_alloc_stack_init(unsigned long size)
++{
++	if ((size * sizeof (void *)) <= PAGE_SIZE)
++		alloc_stack =
++		    (void **) kmalloc(size * sizeof (void *), GFP_KERNEL);
++	else
++		alloc_stack = (void **) vmalloc(size * sizeof (void *));
++
++	alloc_stack_size = size;
++
++	if (!alloc_stack)
++		return 0;
++	else
++		return 1;
++}
+diff -urNp linux-2.6.29.6/grsecurity/gracl.c linux-2.6.29.6/grsecurity/gracl.c
+--- linux-2.6.29.6/grsecurity/gracl.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl.c	2009-07-23 18:43:31.274004949 -0400
+@@ -0,0 +1,3892 @@
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/namei.h>
++#include <linux/mount.h>
++#include <linux/tty.h>
++#include <linux/proc_fs.h>
++#include <linux/smp_lock.h>
++#include <linux/slab.h>
++#include <linux/vmalloc.h>
++#include <linux/types.h>
++#include <linux/sysctl.h>
++#include <linux/netdevice.h>
++#include <linux/ptrace.h>
++#include <linux/gracl.h>
++#include <linux/gralloc.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++#include <linux/pid_namespace.h>
++#include <linux/fdtable.h>
++#include <linux/percpu.h>
++
++#include <asm/uaccess.h>
++#include <asm/errno.h>
++#include <asm/mman.h>
++
++static struct acl_role_db acl_role_set;
++static struct name_db name_set;
++static struct inodev_db inodev_set;
++
++/* for keeping track of userspace pointers used for subjects, so we
++   can share references in the kernel as well
++*/
++
++static struct dentry *real_root;
++static struct vfsmount *real_root_mnt;
++
++static struct acl_subj_map_db subj_map_set;
++
++static struct acl_role_label *default_role;
++
++static u16 acl_sp_role_value;
++
++extern char *gr_shared_page[4];
++static DECLARE_MUTEX(gr_dev_sem);
++DEFINE_RWLOCK(gr_inode_lock);
++
++struct gr_arg *gr_usermode;
++
++#ifdef CONFIG_PAX_KERNEXEC
++static unsigned int gr_status __read_only = GR_STATUS_INIT;
++#else
++static unsigned int gr_status = GR_STATUS_INIT;
++#endif
++
++extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum);
++extern void gr_clear_learn_entries(void);
++
++#ifdef CONFIG_GRKERNSEC_RESLOG
++extern void gr_log_resource(const struct task_struct *task,
++			    const int res, const unsigned long wanted, const int gt);
++#endif
++
++unsigned char *gr_system_salt;
++unsigned char *gr_system_sum;
++
++static struct sprole_pw **acl_special_roles = NULL;
++static __u16 num_sprole_pws = 0;
++
++static struct acl_role_label *kernel_role = NULL;
++
++static unsigned int gr_auth_attempts = 0;
++static unsigned long gr_auth_expires = 0UL;
++
++extern struct vfsmount *sock_mnt;
++extern struct vfsmount *pipe_mnt;
++extern struct vfsmount *shm_mnt;
++static struct acl_object_label *fakefs_obj;
++
++extern int gr_init_uidset(void);
++extern void gr_free_uidset(void);
++extern void gr_remove_uid(uid_t uid);
++extern int gr_find_uid(uid_t uid);
++
++__inline__ int
++gr_acl_is_enabled(void)
++{
++	return (gr_status & GR_READY);
++}
++
++char gr_roletype_to_char(void)
++{
++	switch (current->role->roletype &
++		(GR_ROLE_DEFAULT | GR_ROLE_USER | GR_ROLE_GROUP |
++		 GR_ROLE_SPECIAL)) {
++	case GR_ROLE_DEFAULT:
++		return 'D';
++	case GR_ROLE_USER:
++		return 'U';
++	case GR_ROLE_GROUP:
++		return 'G';
++	case GR_ROLE_SPECIAL:
++		return 'S';
++	}
++
++	return 'X';
++}
++
++__inline__ int
++gr_acl_tpe_check(void)
++{
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++	if (current->role->roletype & GR_ROLE_TPE)
++		return 1;
++	else
++		return 0;
++}
++
++int
++gr_handle_rawio(const struct inode *inode)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++	if (inode && S_ISBLK(inode->i_mode) &&
++	    grsec_enable_chroot_caps && proc_is_chrooted(current) &&
++	    !capable(CAP_SYS_RAWIO))
++		return 1;
++#endif
++	return 0;
++}
++
++static int
++gr_streq(const char *a, const char *b, const unsigned int lena, const unsigned int lenb)
++{
++	int i;
++	unsigned long *l1;
++	unsigned long *l2;
++	unsigned char *c1;
++	unsigned char *c2;
++	int num_longs;
++
++	if (likely(lena != lenb))
++		return 0;
++
++	l1 = (unsigned long *)a;
++	l2 = (unsigned long *)b;
++
++	num_longs = lena / sizeof(unsigned long);
++
++	for (i = num_longs; i--; l1++, l2++) {
++		if (unlikely(*l1 != *l2))
++			return 0;
++	}
++
++	c1 = (unsigned char *) l1;
++	c2 = (unsigned char *) l2;
++
++	i = lena - (num_longs * sizeof(unsigned long));	
++
++	for (; i--; c1++, c2++) {
++		if (unlikely(*c1 != *c2))
++			return 0;
++	}
++
++	return 1;
++}
++
++static char * __our_d_path(struct dentry *dentry, struct vfsmount *vfsmnt,
++	                   struct dentry *root, struct vfsmount *rootmnt,
++			   char *buffer, int buflen)
++{
++	char * end = buffer+buflen;
++	char * retval;
++	int namelen;
++
++	*--end = '\0';
++	buflen--;
++
++	if (buflen < 1)
++		goto Elong;
++	/* Get '/' right */
++	retval = end-1;
++	*retval = '/';
++
++	for (;;) {
++		struct dentry * parent;
++
++		if (dentry == root && vfsmnt == rootmnt)
++			break;
++		if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) {
++			/* Global root? */
++			spin_lock(&vfsmount_lock);
++			if (vfsmnt->mnt_parent == vfsmnt) {
++				spin_unlock(&vfsmount_lock);
++				goto global_root;
++			}
++			dentry = vfsmnt->mnt_mountpoint;
++			vfsmnt = vfsmnt->mnt_parent;
++			spin_unlock(&vfsmount_lock);
++			continue;
++		}
++		parent = dentry->d_parent;
++		prefetch(parent);
++		namelen = dentry->d_name.len;
++		buflen -= namelen + 1;
++		if (buflen < 0)
++			goto Elong;
++		end -= namelen;
++		memcpy(end, dentry->d_name.name, namelen);
++		*--end = '/';
++		retval = end;
++		dentry = parent;
++	}
++
++	return retval;
++
++global_root:
++	namelen = dentry->d_name.len;
++	buflen -= namelen;
++	if (buflen < 0)
++		goto Elong;
++	retval -= namelen-1;	/* hit the slash */
++	memcpy(retval, dentry->d_name.name, namelen);
++	return retval;
++Elong:
++	return ERR_PTR(-ENAMETOOLONG);
++}
++
++static char *
++gen_full_path(struct dentry *dentry, struct vfsmount *vfsmnt,
++              struct dentry *root, struct vfsmount *rootmnt, char *buf, int buflen)
++{
++	char *retval;
++
++	retval = __our_d_path(dentry, vfsmnt, root, rootmnt, buf, buflen);
++	if (unlikely(IS_ERR(retval)))
++		retval = strcpy(buf, "<path too long>");
++	else if (unlikely(retval[1] == '/' && retval[2] == '\0'))
++		retval[1] = '\0';
++
++	return retval;
++}
++
++static char *
++__d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
++		char *buf, int buflen)
++{
++	char *res;
++
++	/* we can use real_root, real_root_mnt, because this is only called
++	   by the RBAC system */
++	res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, real_root, real_root_mnt, buf, buflen);
++
++	return res;
++}
++
++static char *
++d_real_path(const struct dentry *dentry, const struct vfsmount *vfsmnt,
++	    char *buf, int buflen)
++{
++	char *res;
++	struct dentry *root;
++	struct vfsmount *rootmnt;
++	struct task_struct *reaper = current->nsproxy->pid_ns->child_reaper;
++
++	/* we can't use real_root, real_root_mnt, because they belong only to the RBAC system */
++	read_lock(&reaper->fs->lock);
++	root = dget(reaper->fs->root.dentry);
++	rootmnt = mntget(reaper->fs->root.mnt);
++	read_unlock(&reaper->fs->lock);
++
++	spin_lock(&dcache_lock);
++	res = gen_full_path((struct dentry *)dentry, (struct vfsmount *)vfsmnt, root, rootmnt, buf, buflen);
++	spin_unlock(&dcache_lock);
++
++	dput(root);
++	mntput(rootmnt);
++	return res;
++}
++
++static char *
++gr_to_filename_rbac(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	char *ret;
++	spin_lock(&dcache_lock);
++	ret = __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
++			     PAGE_SIZE);
++	spin_unlock(&dcache_lock);
++	return ret;
++}
++
++char *
++gr_to_filename_nolock(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return __d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0],smp_processor_id()),
++			     PAGE_SIZE);
++}
++
++char *
++gr_to_filename(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
++			   PAGE_SIZE);
++}
++
++char *
++gr_to_filename1(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[1], smp_processor_id()),
++			   PAGE_SIZE);
++}
++
++char *
++gr_to_filename2(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[2], smp_processor_id()),
++			   PAGE_SIZE);
++}
++
++char *
++gr_to_filename3(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[3], smp_processor_id()),
++			   PAGE_SIZE);
++}
++
++__inline__ __u32
++to_gr_audit(const __u32 reqmode)
++{
++	/* masks off auditable permission flags, then shifts them to create
++	   auditing flags, and adds the special case of append auditing if
++	   we're requesting write */
++	return (((reqmode & ~GR_AUDITS) << 10) | ((reqmode & GR_WRITE) ? GR_AUDIT_APPEND : 0));
++}
++
++struct acl_subject_label *
++lookup_subject_map(const struct acl_subject_label *userp)
++{
++	unsigned int index = shash(userp, subj_map_set.s_size);
++	struct subject_map *match;
++
++	match = subj_map_set.s_hash[index];
++
++	while (match && match->user != userp)
++		match = match->next;
++
++	if (match != NULL)
++		return match->kernel;
++	else
++		return NULL;
++}
++
++static void
++insert_subj_map_entry(struct subject_map *subjmap)
++{
++	unsigned int index = shash(subjmap->user, subj_map_set.s_size);
++	struct subject_map **curr;
++
++	subjmap->prev = NULL;
++
++	curr = &subj_map_set.s_hash[index];
++	if (*curr != NULL)
++		(*curr)->prev = subjmap;
++
++	subjmap->next = *curr;
++	*curr = subjmap;
++
++	return;
++}
++
++static struct acl_role_label *
++lookup_acl_role_label(const struct task_struct *task, const uid_t uid,
++		      const gid_t gid)
++{
++	unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size);
++	struct acl_role_label *match;
++	struct role_allowed_ip *ipp;
++	unsigned int x;
++
++	match = acl_role_set.r_hash[index];
++
++	while (match) {
++		if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_USER)) == (GR_ROLE_DOMAIN | GR_ROLE_USER)) {
++			for (x = 0; x < match->domain_child_num; x++) {
++				if (match->domain_children[x] == uid)
++					goto found;
++			}
++		} else if (match->uidgid == uid && match->roletype & GR_ROLE_USER)
++			break;
++		match = match->next;
++	}
++found:
++	if (match == NULL) {
++	      try_group:
++		index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size);
++		match = acl_role_set.r_hash[index];
++
++		while (match) {
++			if ((match->roletype & (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) == (GR_ROLE_DOMAIN | GR_ROLE_GROUP)) {
++				for (x = 0; x < match->domain_child_num; x++) {
++					if (match->domain_children[x] == gid)
++						goto found2;
++				}
++			} else if (match->uidgid == gid && match->roletype & GR_ROLE_GROUP)
++				break;
++			match = match->next;
++		}
++found2:
++		if (match == NULL)
++			match = default_role;
++		if (match->allowed_ips == NULL)
++			return match;
++		else {
++			for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
++				if (likely
++				    ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
++				     (ntohl(ipp->addr) & ipp->netmask)))
++					return match;
++			}
++			match = default_role;
++		}
++	} else if (match->allowed_ips == NULL) {
++		return match;
++	} else {
++		for (ipp = match->allowed_ips; ipp; ipp = ipp->next) {
++			if (likely
++			    ((ntohl(task->signal->curr_ip) & ipp->netmask) ==
++			     (ntohl(ipp->addr) & ipp->netmask)))
++				return match;
++		}
++		goto try_group;
++	}
++
++	return match;
++}
++
++struct acl_subject_label *
++lookup_acl_subj_label(const ino_t ino, const dev_t dev,
++		      const struct acl_role_label *role)
++{
++	unsigned int index = fhash(ino, dev, role->subj_hash_size);
++	struct acl_subject_label *match;
++
++	match = role->subj_hash[index];
++
++	while (match && (match->inode != ino || match->device != dev ||
++	       (match->mode & GR_DELETED))) {
++		match = match->next;
++	}
++
++	if (match && !(match->mode & GR_DELETED))
++		return match;
++	else
++		return NULL;
++}
++
++struct acl_subject_label *
++lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev,
++			  const struct acl_role_label *role)
++{
++	unsigned int index = fhash(ino, dev, role->subj_hash_size);
++	struct acl_subject_label *match;
++
++	match = role->subj_hash[index];
++
++	while (match && (match->inode != ino || match->device != dev ||
++	       !(match->mode & GR_DELETED))) {
++		match = match->next;
++	}
++
++	if (match && (match->mode & GR_DELETED))
++		return match;
++	else
++		return NULL;
++}
++
++static struct acl_object_label *
++lookup_acl_obj_label(const ino_t ino, const dev_t dev,
++		     const struct acl_subject_label *subj)
++{
++	unsigned int index = fhash(ino, dev, subj->obj_hash_size);
++	struct acl_object_label *match;
++
++	match = subj->obj_hash[index];
++
++	while (match && (match->inode != ino || match->device != dev ||
++	       (match->mode & GR_DELETED))) {
++		match = match->next;
++	}
++
++	if (match && !(match->mode & GR_DELETED))
++		return match;
++	else
++		return NULL;
++}
++
++static struct acl_object_label *
++lookup_acl_obj_label_create(const ino_t ino, const dev_t dev,
++		     const struct acl_subject_label *subj)
++{
++	unsigned int index = fhash(ino, dev, subj->obj_hash_size);
++	struct acl_object_label *match;
++
++	match = subj->obj_hash[index];
++
++	while (match && (match->inode != ino || match->device != dev ||
++	       !(match->mode & GR_DELETED))) {
++		match = match->next;
++	}
++
++	if (match && (match->mode & GR_DELETED))
++		return match;
++
++	match = subj->obj_hash[index];
++
++	while (match && (match->inode != ino || match->device != dev ||
++	       (match->mode & GR_DELETED))) {
++		match = match->next;
++	}
++
++	if (match && !(match->mode & GR_DELETED))
++		return match;
++	else
++		return NULL;
++}
++
++static struct name_entry *
++lookup_name_entry(const char *name)
++{
++	unsigned int len = strlen(name);
++	unsigned int key = full_name_hash(name, len);
++	unsigned int index = key % name_set.n_size;
++	struct name_entry *match;
++
++	match = name_set.n_hash[index];
++
++	while (match && (match->key != key || !gr_streq(match->name, name, match->len, len)))
++		match = match->next;
++
++	return match;
++}
++
++static struct name_entry *
++lookup_name_entry_create(const char *name)
++{
++	unsigned int len = strlen(name);
++	unsigned int key = full_name_hash(name, len);
++	unsigned int index = key % name_set.n_size;
++	struct name_entry *match;
++
++	match = name_set.n_hash[index];
++
++	while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
++			 !match->deleted))
++		match = match->next;
++
++	if (match && match->deleted)
++		return match;
++
++	match = name_set.n_hash[index];
++
++	while (match && (match->key != key || !gr_streq(match->name, name, match->len, len) ||
++			 match->deleted))
++		match = match->next;
++
++	if (match && !match->deleted)
++		return match;
++	else
++		return NULL;
++}
++
++static struct inodev_entry *
++lookup_inodev_entry(const ino_t ino, const dev_t dev)
++{
++	unsigned int index = fhash(ino, dev, inodev_set.i_size);
++	struct inodev_entry *match;
++
++	match = inodev_set.i_hash[index];
++
++	while (match && (match->nentry->inode != ino || match->nentry->device != dev))
++		match = match->next;
++
++	return match;
++}
++
++static void
++insert_inodev_entry(struct inodev_entry *entry)
++{
++	unsigned int index = fhash(entry->nentry->inode, entry->nentry->device,
++				    inodev_set.i_size);
++	struct inodev_entry **curr;
++
++	entry->prev = NULL;
++
++	curr = &inodev_set.i_hash[index];
++	if (*curr != NULL)
++		(*curr)->prev = entry;
++	
++	entry->next = *curr;
++	*curr = entry;
++
++	return;
++}
++
++static void
++__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid)
++{
++	unsigned int index =
++	    rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size);
++	struct acl_role_label **curr;
++
++	role->prev = NULL;
++
++	curr = &acl_role_set.r_hash[index];
++	if (*curr != NULL)
++		(*curr)->prev = role;
++
++	role->next = *curr;
++	*curr = role;
++
++	return;
++}
++
++static void
++insert_acl_role_label(struct acl_role_label *role)
++{
++	int i;
++
++	if (role->roletype & GR_ROLE_DOMAIN) {
++		for (i = 0; i < role->domain_child_num; i++)
++			__insert_acl_role_label(role, role->domain_children[i]);
++	} else
++		__insert_acl_role_label(role, role->uidgid);
++}
++					
++static int
++insert_name_entry(char *name, const ino_t inode, const dev_t device, __u8 deleted)
++{
++	struct name_entry **curr, *nentry;
++	struct inodev_entry *ientry;
++	unsigned int len = strlen(name);
++	unsigned int key = full_name_hash(name, len);
++	unsigned int index = key % name_set.n_size;
++
++	curr = &name_set.n_hash[index];
++
++	while (*curr && ((*curr)->key != key || !gr_streq((*curr)->name, name, (*curr)->len, len)))
++		curr = &((*curr)->next);
++
++	if (*curr != NULL)
++		return 1;
++
++	nentry = acl_alloc(sizeof (struct name_entry));
++	if (nentry == NULL)
++		return 0;
++	ientry = acl_alloc(sizeof (struct inodev_entry));
++	if (ientry == NULL)
++		return 0;
++	ientry->nentry = nentry;
++
++	nentry->key = key;
++	nentry->name = name;
++	nentry->inode = inode;
++	nentry->device = device;
++	nentry->len = len;
++	nentry->deleted = deleted;
++
++	nentry->prev = NULL;
++	curr = &name_set.n_hash[index];
++	if (*curr != NULL)
++		(*curr)->prev = nentry;
++	nentry->next = *curr;
++	*curr = nentry;
++
++	/* insert us into the table searchable by inode/dev */
++	insert_inodev_entry(ientry);
++
++	return 1;
++}
++
++static void
++insert_acl_obj_label(struct acl_object_label *obj,
++		     struct acl_subject_label *subj)
++{
++	unsigned int index =
++	    fhash(obj->inode, obj->device, subj->obj_hash_size);
++	struct acl_object_label **curr;
++
++	
++	obj->prev = NULL;
++
++	curr = &subj->obj_hash[index];
++	if (*curr != NULL)
++		(*curr)->prev = obj;
++
++	obj->next = *curr;
++	*curr = obj;
++
++	return;
++}
++
++static void
++insert_acl_subj_label(struct acl_subject_label *obj,
++		      struct acl_role_label *role)
++{
++	unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size);
++	struct acl_subject_label **curr;
++
++	obj->prev = NULL;
++
++	curr = &role->subj_hash[index];
++	if (*curr != NULL)
++		(*curr)->prev = obj;
++
++	obj->next = *curr;
++	*curr = obj;
++
++	return;
++}
++
++/* allocating chained hash tables, so optimal size is where lambda ~ 1 */
++
++static void *
++create_table(__u32 * len, int elementsize)
++{
++	unsigned int table_sizes[] = {
++		7, 13, 31, 61, 127, 251, 509, 1021, 2039, 4093, 8191, 16381,
++		32749, 65521, 131071, 262139, 524287, 1048573, 2097143,
++		4194301, 8388593, 16777213, 33554393, 67108859
++	};
++	void *newtable = NULL;
++	unsigned int pwr = 0;
++
++	while ((pwr < ((sizeof (table_sizes) / sizeof (table_sizes[0])) - 1)) &&
++	       table_sizes[pwr] <= *len)
++		pwr++;
++
++	if (table_sizes[pwr] <= *len || (table_sizes[pwr] > ULONG_MAX / elementsize))
++		return newtable;
++
++	if ((table_sizes[pwr] * elementsize) <= PAGE_SIZE)
++		newtable =
++		    kmalloc(table_sizes[pwr] * elementsize, GFP_KERNEL);
++	else
++		newtable = vmalloc(table_sizes[pwr] * elementsize);
++
++	*len = table_sizes[pwr];
++
++	return newtable;
++}
++
++static int
++init_variables(const struct gr_arg *arg)
++{
++	struct task_struct *reaper = current->nsproxy->pid_ns->child_reaper;
++	unsigned int stacksize;
++
++	subj_map_set.s_size = arg->role_db.num_subjects;
++	acl_role_set.r_size = arg->role_db.num_roles + arg->role_db.num_domain_children;
++	name_set.n_size = arg->role_db.num_objects;
++	inodev_set.i_size = arg->role_db.num_objects;
++
++	if (!subj_map_set.s_size || !acl_role_set.r_size ||
++	    !name_set.n_size || !inodev_set.i_size)
++		return 1;
++
++	if (!gr_init_uidset())
++		return 1;
++
++	/* set up the stack that holds allocation info */
++
++	stacksize = arg->role_db.num_pointers + 5;
++
++	if (!acl_alloc_stack_init(stacksize))
++		return 1;
++
++	/* grab reference for the real root dentry and vfsmount */
++	read_lock(&reaper->fs->lock);
++	real_root_mnt = mntget(reaper->fs->root.mnt);
++	real_root = dget(reaper->fs->root.dentry);
++	read_unlock(&reaper->fs->lock);
++	
++	fakefs_obj = acl_alloc(sizeof(struct acl_object_label));
++	if (fakefs_obj == NULL)
++		return 1;
++	fakefs_obj->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
++
++	subj_map_set.s_hash =
++	    (struct subject_map **) create_table(&subj_map_set.s_size, sizeof(void *));
++	acl_role_set.r_hash =
++	    (struct acl_role_label **) create_table(&acl_role_set.r_size, sizeof(void *));
++	name_set.n_hash = (struct name_entry **) create_table(&name_set.n_size, sizeof(void *));
++	inodev_set.i_hash =
++	    (struct inodev_entry **) create_table(&inodev_set.i_size, sizeof(void *));
++
++	if (!subj_map_set.s_hash || !acl_role_set.r_hash ||
++	    !name_set.n_hash || !inodev_set.i_hash)
++		return 1;
++
++	memset(subj_map_set.s_hash, 0,
++	       sizeof(struct subject_map *) * subj_map_set.s_size);
++	memset(acl_role_set.r_hash, 0,
++	       sizeof (struct acl_role_label *) * acl_role_set.r_size);
++	memset(name_set.n_hash, 0,
++	       sizeof (struct name_entry *) * name_set.n_size);
++	memset(inodev_set.i_hash, 0,
++	       sizeof (struct inodev_entry *) * inodev_set.i_size);
++
++	return 0;
++}
++
++/* free information not needed after startup
++   currently contains user->kernel pointer mappings for subjects
++*/
++
++static void
++free_init_variables(void)
++{
++	__u32 i;
++
++	if (subj_map_set.s_hash) {
++		for (i = 0; i < subj_map_set.s_size; i++) {
++			if (subj_map_set.s_hash[i]) {
++				kfree(subj_map_set.s_hash[i]);
++				subj_map_set.s_hash[i] = NULL;
++			}
++		}
++
++		if ((subj_map_set.s_size * sizeof (struct subject_map *)) <=
++		    PAGE_SIZE)
++			kfree(subj_map_set.s_hash);
++		else
++			vfree(subj_map_set.s_hash);
++	}
++
++	return;
++}
++
++static void
++free_variables(void)
++{
++	struct acl_subject_label *s;
++	struct acl_role_label *r;
++	struct task_struct *task, *task2;
++	unsigned int i, x;
++
++	gr_clear_learn_entries();
++
++	read_lock(&tasklist_lock);
++	do_each_thread(task2, task) {
++		task->acl_sp_role = 0;
++		task->acl_role_id = 0;
++		task->acl = NULL;
++		task->role = NULL;
++	} while_each_thread(task2, task);
++	read_unlock(&tasklist_lock);
++
++	/* release the reference to the real root dentry and vfsmount */
++	if (real_root)
++		dput(real_root);
++	real_root = NULL;
++	if (real_root_mnt)
++		mntput(real_root_mnt);
++	real_root_mnt = NULL;
++
++	/* free all object hash tables */
++
++	FOR_EACH_ROLE_START(r, i)
++		if (r->subj_hash == NULL)
++			break;
++		FOR_EACH_SUBJECT_START(r, s, x)
++			if (s->obj_hash == NULL)
++				break;
++			if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
++				kfree(s->obj_hash);
++			else
++				vfree(s->obj_hash);
++		FOR_EACH_SUBJECT_END(s, x)
++		FOR_EACH_NESTED_SUBJECT_START(r, s)
++			if (s->obj_hash == NULL)
++				break;
++			if ((s->obj_hash_size * sizeof (struct acl_object_label *)) <= PAGE_SIZE)
++				kfree(s->obj_hash);
++			else
++				vfree(s->obj_hash);
++		FOR_EACH_NESTED_SUBJECT_END(s)
++		if ((r->subj_hash_size * sizeof (struct acl_subject_label *)) <= PAGE_SIZE)
++			kfree(r->subj_hash);
++		else
++			vfree(r->subj_hash);
++		r->subj_hash = NULL;
++	FOR_EACH_ROLE_END(r,i)
++
++	acl_free_all();
++
++	if (acl_role_set.r_hash) {
++		if ((acl_role_set.r_size * sizeof (struct acl_role_label *)) <=
++		    PAGE_SIZE)
++			kfree(acl_role_set.r_hash);
++		else
++			vfree(acl_role_set.r_hash);
++	}
++	if (name_set.n_hash) {
++		if ((name_set.n_size * sizeof (struct name_entry *)) <=
++		    PAGE_SIZE)
++			kfree(name_set.n_hash);
++		else
++			vfree(name_set.n_hash);
++	}
++
++	if (inodev_set.i_hash) {
++		if ((inodev_set.i_size * sizeof (struct inodev_entry *)) <=
++		    PAGE_SIZE)
++			kfree(inodev_set.i_hash);
++		else
++			vfree(inodev_set.i_hash);
++	}
++
++	gr_free_uidset();
++
++	memset(&name_set, 0, sizeof (struct name_db));
++	memset(&inodev_set, 0, sizeof (struct inodev_db));
++	memset(&acl_role_set, 0, sizeof (struct acl_role_db));
++	memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db));
++
++	default_role = NULL;
++
++	return;
++}
++
++static __u32
++count_user_objs(struct acl_object_label *userp)
++{
++	struct acl_object_label o_tmp;
++	__u32 num = 0;
++
++	while (userp) {
++		if (copy_from_user(&o_tmp, userp,
++				   sizeof (struct acl_object_label)))
++			break;
++
++		userp = o_tmp.prev;
++		num++;
++	}
++
++	return num;
++}
++
++static struct acl_subject_label *
++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role);
++
++static int
++copy_user_glob(struct acl_object_label *obj)
++{
++	struct acl_object_label *g_tmp, **guser;
++	unsigned int len;
++	char *tmp;
++
++	if (obj->globbed == NULL)
++		return 0;
++
++	guser = &obj->globbed;
++	while (*guser) {
++		g_tmp = (struct acl_object_label *)
++			acl_alloc(sizeof (struct acl_object_label));
++		if (g_tmp == NULL)
++			return -ENOMEM;
++
++		if (copy_from_user(g_tmp, *guser,
++				   sizeof (struct acl_object_label)))
++			return -EFAULT;
++
++		len = strnlen_user(g_tmp->filename, PATH_MAX);
++
++		if (!len || len >= PATH_MAX)
++			return -EINVAL;
++
++		if ((tmp = (char *) acl_alloc(len)) == NULL)
++			return -ENOMEM;
++
++		if (copy_from_user(tmp, g_tmp->filename, len))
++			return -EFAULT;
++
++		g_tmp->filename = tmp;
++
++		*guser = g_tmp;
++		guser = &(g_tmp->next);
++	}
++
++	return 0;
++}
++
++static int
++copy_user_objs(struct acl_object_label *userp, struct acl_subject_label *subj,
++	       struct acl_role_label *role)
++{
++	struct acl_object_label *o_tmp;
++	unsigned int len;
++	int ret;
++	char *tmp;
++
++	while (userp) {
++		if ((o_tmp = (struct acl_object_label *)
++		     acl_alloc(sizeof (struct acl_object_label))) == NULL)
++			return -ENOMEM;
++
++		if (copy_from_user(o_tmp, userp,
++				   sizeof (struct acl_object_label)))
++			return -EFAULT;
++
++		userp = o_tmp->prev;
++
++		len = strnlen_user(o_tmp->filename, PATH_MAX);
++
++		if (!len || len >= PATH_MAX)
++			return -EINVAL;
++
++		if ((tmp = (char *) acl_alloc(len)) == NULL)
++			return -ENOMEM;
++
++		if (copy_from_user(tmp, o_tmp->filename, len))
++			return -EFAULT;
++
++		o_tmp->filename = tmp;
++
++		insert_acl_obj_label(o_tmp, subj);
++		if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
++				       o_tmp->device, (o_tmp->mode & GR_DELETED) ? 1 : 0))
++			return -ENOMEM;
++
++		ret = copy_user_glob(o_tmp);
++		if (ret)
++			return ret;
++
++		if (o_tmp->nested) {
++			o_tmp->nested = do_copy_user_subj(o_tmp->nested, role);
++			if (IS_ERR(o_tmp->nested))
++				return PTR_ERR(o_tmp->nested);
++
++			/* insert into nested subject list */
++			o_tmp->nested->next = role->hash->first;
++			role->hash->first = o_tmp->nested;
++		}
++	}
++
++	return 0;
++}
++
++static __u32
++count_user_subjs(struct acl_subject_label *userp)
++{
++	struct acl_subject_label s_tmp;
++	__u32 num = 0;
++
++	while (userp) {
++		if (copy_from_user(&s_tmp, userp,
++				   sizeof (struct acl_subject_label)))
++			break;
++
++		userp = s_tmp.prev;
++		/* do not count nested subjects against this count, since
++		   they are not included in the hash table, but are
++		   attached to objects.  We have already counted
++		   the subjects in userspace for the allocation 
++		   stack
++		*/
++		if (!(s_tmp.mode & GR_NESTED))
++			num++;
++	}
++
++	return num;
++}
++
++static int
++copy_user_allowedips(struct acl_role_label *rolep)
++{
++	struct role_allowed_ip *ruserip, *rtmp = NULL, *rlast;
++
++	ruserip = rolep->allowed_ips;
++
++	while (ruserip) {
++		rlast = rtmp;
++
++		if ((rtmp = (struct role_allowed_ip *)
++		     acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
++			return -ENOMEM;
++
++		if (copy_from_user(rtmp, ruserip,
++				   sizeof (struct role_allowed_ip)))
++			return -EFAULT;
++
++		ruserip = rtmp->prev;
++
++		if (!rlast) {
++			rtmp->prev = NULL;
++			rolep->allowed_ips = rtmp;
++		} else {
++			rlast->next = rtmp;
++			rtmp->prev = rlast;
++		}
++
++		if (!ruserip)
++			rtmp->next = NULL;
++	}
++
++	return 0;
++}
++
++static int
++copy_user_transitions(struct acl_role_label *rolep)
++{
++	struct role_transition *rusertp, *rtmp = NULL, *rlast;
++	
++	unsigned int len;
++	char *tmp;
++
++	rusertp = rolep->transitions;
++
++	while (rusertp) {
++		rlast = rtmp;
++
++		if ((rtmp = (struct role_transition *)
++		     acl_alloc(sizeof (struct role_transition))) == NULL)
++			return -ENOMEM;
++
++		if (copy_from_user(rtmp, rusertp,
++				   sizeof (struct role_transition)))
++			return -EFAULT;
++
++		rusertp = rtmp->prev;
++
++		len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
++
++		if (!len || len >= GR_SPROLE_LEN)
++			return -EINVAL;
++
++		if ((tmp = (char *) acl_alloc(len)) == NULL)
++			return -ENOMEM;
++
++		if (copy_from_user(tmp, rtmp->rolename, len))
++			return -EFAULT;
++
++		rtmp->rolename = tmp;
++
++		if (!rlast) {
++			rtmp->prev = NULL;
++			rolep->transitions = rtmp;
++		} else {
++			rlast->next = rtmp;
++			rtmp->prev = rlast;
++		}
++
++		if (!rusertp)
++			rtmp->next = NULL;
++	}
++
++	return 0;
++}
++
++static struct acl_subject_label *
++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role)
++{
++	struct acl_subject_label *s_tmp = NULL, *s_tmp2;
++	unsigned int len;
++	char *tmp;
++	__u32 num_objs;
++	struct acl_ip_label **i_tmp, *i_utmp2;
++	struct gr_hash_struct ghash;
++	struct subject_map *subjmap;
++	unsigned int i_num;
++	int err;
++
++	s_tmp = lookup_subject_map(userp);
++
++	/* we've already copied this subject into the kernel, just return
++	   the reference to it, and don't copy it over again
++	*/
++	if (s_tmp)
++		return(s_tmp);
++
++	if ((s_tmp = (struct acl_subject_label *)
++	    acl_alloc(sizeof (struct acl_subject_label))) == NULL)
++		return ERR_PTR(-ENOMEM);
++
++	subjmap = (struct subject_map *)kmalloc(sizeof (struct subject_map), GFP_KERNEL);
++	if (subjmap == NULL)
++		return ERR_PTR(-ENOMEM);
++
++	subjmap->user = userp;
++	subjmap->kernel = s_tmp;
++	insert_subj_map_entry(subjmap);
++
++	if (copy_from_user(s_tmp, userp,
++			   sizeof (struct acl_subject_label)))
++		return ERR_PTR(-EFAULT);
++
++	len = strnlen_user(s_tmp->filename, PATH_MAX);
++
++	if (!len || len >= PATH_MAX)
++		return ERR_PTR(-EINVAL);
++
++	if ((tmp = (char *) acl_alloc(len)) == NULL)
++		return ERR_PTR(-ENOMEM);
++
++	if (copy_from_user(tmp, s_tmp->filename, len))
++		return ERR_PTR(-EFAULT);
++
++	s_tmp->filename = tmp;
++
++	if (!strcmp(s_tmp->filename, "/"))
++		role->root_label = s_tmp;
++
++	if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct)))
++		return ERR_PTR(-EFAULT);
++
++	/* copy user and group transition tables */
++
++	if (s_tmp->user_trans_num) {
++		uid_t *uidlist;
++
++		uidlist = (uid_t *)acl_alloc_num(s_tmp->user_trans_num, sizeof(uid_t));
++		if (uidlist == NULL)
++			return ERR_PTR(-ENOMEM);
++		if (copy_from_user(uidlist, s_tmp->user_transitions, s_tmp->user_trans_num * sizeof(uid_t)))
++			return ERR_PTR(-EFAULT);
++
++		s_tmp->user_transitions = uidlist;
++	}
++
++	if (s_tmp->group_trans_num) {
++		gid_t *gidlist;
++
++		gidlist = (gid_t *)acl_alloc_num(s_tmp->group_trans_num, sizeof(gid_t));
++		if (gidlist == NULL)
++			return ERR_PTR(-ENOMEM);
++		if (copy_from_user(gidlist, s_tmp->group_transitions, s_tmp->group_trans_num * sizeof(gid_t)))
++			return ERR_PTR(-EFAULT);
++
++		s_tmp->group_transitions = gidlist;
++	}
++
++	/* set up object hash table */
++	num_objs = count_user_objs(ghash.first);
++
++	s_tmp->obj_hash_size = num_objs;
++	s_tmp->obj_hash =
++	    (struct acl_object_label **)
++	    create_table(&(s_tmp->obj_hash_size), sizeof(void *));
++
++	if (!s_tmp->obj_hash)
++		return ERR_PTR(-ENOMEM);
++
++	memset(s_tmp->obj_hash, 0,
++	       s_tmp->obj_hash_size *
++	       sizeof (struct acl_object_label *));
++
++	/* add in objects */
++	err = copy_user_objs(ghash.first, s_tmp, role);
++
++	if (err)
++		return ERR_PTR(err);
++
++	/* set pointer for parent subject */
++	if (s_tmp->parent_subject) {
++		s_tmp2 = do_copy_user_subj(s_tmp->parent_subject, role);
++
++		if (IS_ERR(s_tmp2))
++			return s_tmp2;
++
++		s_tmp->parent_subject = s_tmp2;
++	}
++
++	/* add in ip acls */
++
++	if (!s_tmp->ip_num) {
++		s_tmp->ips = NULL;
++		goto insert;
++	}
++
++	i_tmp =
++	    (struct acl_ip_label **) acl_alloc_num(s_tmp->ip_num,
++					       sizeof (struct acl_ip_label *));
++
++	if (!i_tmp)
++		return ERR_PTR(-ENOMEM);
++
++	for (i_num = 0; i_num < s_tmp->ip_num; i_num++) {
++		*(i_tmp + i_num) =
++		    (struct acl_ip_label *)
++		    acl_alloc(sizeof (struct acl_ip_label));
++		if (!*(i_tmp + i_num))
++			return ERR_PTR(-ENOMEM);
++
++		if (copy_from_user
++		    (&i_utmp2, s_tmp->ips + i_num,
++		     sizeof (struct acl_ip_label *)))
++			return ERR_PTR(-EFAULT);
++
++		if (copy_from_user
++		    (*(i_tmp + i_num), i_utmp2,
++		     sizeof (struct acl_ip_label)))
++			return ERR_PTR(-EFAULT);
++		
++		if ((*(i_tmp + i_num))->iface == NULL)
++			continue;
++
++		len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ);
++		if (!len || len >= IFNAMSIZ)
++			return ERR_PTR(-EINVAL);
++		tmp = acl_alloc(len);
++		if (tmp == NULL)
++			return ERR_PTR(-ENOMEM);
++		if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len))
++			return ERR_PTR(-EFAULT);
++		(*(i_tmp + i_num))->iface = tmp;
++	}
++
++	s_tmp->ips = i_tmp;
++
++insert:
++	if (!insert_name_entry(s_tmp->filename, s_tmp->inode,
++			       s_tmp->device, (s_tmp->mode & GR_DELETED) ? 1 : 0))
++		return ERR_PTR(-ENOMEM);
++
++	return s_tmp;
++}
++
++static int
++copy_user_subjs(struct acl_subject_label *userp, struct acl_role_label *role)
++{
++	struct acl_subject_label s_pre;
++	struct acl_subject_label * ret;
++	int err;
++
++	while (userp) {
++		if (copy_from_user(&s_pre, userp,
++				   sizeof (struct acl_subject_label)))
++			return -EFAULT;
++		
++		/* do not add nested subjects here, add
++		   while parsing objects
++		*/
++
++		if (s_pre.mode & GR_NESTED) {
++			userp = s_pre.prev;
++			continue;
++		}
++
++		ret = do_copy_user_subj(userp, role);
++
++		err = PTR_ERR(ret);
++		if (IS_ERR(ret))
++			return err;
++
++		insert_acl_subj_label(ret, role);
++
++		userp = s_pre.prev;
++	}
++
++	return 0;
++}
++
++static int
++copy_user_acl(struct gr_arg *arg)
++{
++	struct acl_role_label *r_tmp = NULL, **r_utmp, *r_utmp2;
++	struct sprole_pw *sptmp;
++	struct gr_hash_struct *ghash;
++	uid_t *domainlist;
++	unsigned int r_num;
++	unsigned int len;
++	char *tmp;
++	int err = 0;
++	__u16 i;
++	__u32 num_subjs;
++
++	/* we need a default and kernel role */
++	if (arg->role_db.num_roles < 2)
++		return -EINVAL;
++
++	/* copy special role authentication info from userspace */
++
++	num_sprole_pws = arg->num_sprole_pws;
++	acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *));
++
++	if (!acl_special_roles) {
++		err = -ENOMEM;
++		goto cleanup;
++	}
++
++	for (i = 0; i < num_sprole_pws; i++) {
++		sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
++		if (!sptmp) {
++			err = -ENOMEM;
++			goto cleanup;
++		}
++		if (copy_from_user(sptmp, arg->sprole_pws + i,
++				   sizeof (struct sprole_pw))) {
++			err = -EFAULT;
++			goto cleanup;
++		}
++
++		len =
++		    strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
++
++		if (!len || len >= GR_SPROLE_LEN) {
++			err = -EINVAL;
++			goto cleanup;
++		}
++
++		if ((tmp = (char *) acl_alloc(len)) == NULL) {
++			err = -ENOMEM;
++			goto cleanup;
++		}
++
++		if (copy_from_user(tmp, sptmp->rolename, len)) {
++			err = -EFAULT;
++			goto cleanup;
++		}
++
++#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
++		printk(KERN_ALERT "Copying special role %s\n", tmp);
++#endif
++		sptmp->rolename = tmp;
++		acl_special_roles[i] = sptmp;
++	}
++
++	r_utmp = (struct acl_role_label **) arg->role_db.r_table;
++
++	for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) {
++		r_tmp = acl_alloc(sizeof (struct acl_role_label));
++
++		if (!r_tmp) {
++			err = -ENOMEM;
++			goto cleanup;
++		}
++
++		if (copy_from_user(&r_utmp2, r_utmp + r_num,
++				   sizeof (struct acl_role_label *))) {
++			err = -EFAULT;
++			goto cleanup;
++		}
++
++		if (copy_from_user(r_tmp, r_utmp2,
++				   sizeof (struct acl_role_label))) {
++			err = -EFAULT;
++			goto cleanup;
++		}
++
++		len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
++
++		if (!len || len >= PATH_MAX) {
++			err = -EINVAL;
++			goto cleanup;
++		}
++
++		if ((tmp = (char *) acl_alloc(len)) == NULL) {
++			err = -ENOMEM;
++			goto cleanup;
++		}
++		if (copy_from_user(tmp, r_tmp->rolename, len)) {
++			err = -EFAULT;
++			goto cleanup;
++		}
++		r_tmp->rolename = tmp;
++
++		if (!strcmp(r_tmp->rolename, "default")
++		    && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
++			default_role = r_tmp;
++		} else if (!strcmp(r_tmp->rolename, ":::kernel:::")) {
++			kernel_role = r_tmp;
++		}
++
++		if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) {
++			err = -ENOMEM;
++			goto cleanup;
++		}
++		if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) {
++			err = -EFAULT;
++			goto cleanup;
++		}
++
++		r_tmp->hash = ghash;
++
++		num_subjs = count_user_subjs(r_tmp->hash->first);
++
++		r_tmp->subj_hash_size = num_subjs;
++		r_tmp->subj_hash =
++		    (struct acl_subject_label **)
++		    create_table(&(r_tmp->subj_hash_size), sizeof(void *));
++
++		if (!r_tmp->subj_hash) {
++			err = -ENOMEM;
++			goto cleanup;
++		}
++
++		err = copy_user_allowedips(r_tmp);
++		if (err)
++			goto cleanup;
++
++		/* copy domain info */
++		if (r_tmp->domain_children != NULL) {
++			domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t));
++			if (domainlist == NULL) {
++				err = -ENOMEM;
++				goto cleanup;
++			}
++			if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) {
++				err = -EFAULT;
++				goto cleanup;
++			}
++			r_tmp->domain_children = domainlist;
++		}
++
++		err = copy_user_transitions(r_tmp);
++		if (err)
++			goto cleanup;
++
++		memset(r_tmp->subj_hash, 0,
++		       r_tmp->subj_hash_size *
++		       sizeof (struct acl_subject_label *));
++
++		err = copy_user_subjs(r_tmp->hash->first, r_tmp);
++
++		if (err)
++			goto cleanup;
++
++		/* set nested subject list to null */
++		r_tmp->hash->first = NULL;
++
++		insert_acl_role_label(r_tmp);
++	}
++
++	goto return_err;
++      cleanup:
++	free_variables();
++      return_err:
++	return err;
++
++}
++
++static int
++gracl_init(struct gr_arg *args)
++{
++	int error = 0;
++
++	memcpy(gr_system_salt, args->salt, GR_SALT_LEN);
++	memcpy(gr_system_sum, args->sum, GR_SHA_LEN);
++
++	if (init_variables(args)) {
++		gr_log_str(GR_DONT_AUDIT_GOOD, GR_INITF_ACL_MSG, GR_VERSION);
++		error = -ENOMEM;
++		free_variables();
++		goto out;
++	}
++
++	error = copy_user_acl(args);
++	free_init_variables();
++	if (error) {
++		free_variables();
++		goto out;
++	}
++
++	if ((error = gr_set_acls(0))) {
++		free_variables();
++		goto out;
++	}
++
++#ifdef CONFIG_PAX_KERNEXEC
++	{
++		unsigned long cr0;
++
++		pax_open_kernel(cr0);
++		gr_status |= GR_READY;
++		pax_close_kernel(cr0);
++	}
++#else
++	gr_status |= GR_READY;
++#endif
++
++      out:
++	return error;
++}
++
++/* derived from glibc fnmatch() 0: match, 1: no match*/
++
++static int
++glob_match(const char *p, const char *n)
++{
++	char c;
++
++	while ((c = *p++) != '\0') {
++	switch (c) {
++		case '?':
++			if (*n == '\0')
++				return 1;
++			else if (*n == '/')
++				return 1;
++			break;
++		case '\\':
++			if (*n != c)
++				return 1;
++			break;
++		case '*':
++			for (c = *p++; c == '?' || c == '*'; c = *p++) {
++				if (*n == '/')
++					return 1;
++				else if (c == '?') {
++					if (*n == '\0')
++						return 1;
++					else
++						++n;
++				}
++			}
++			if (c == '\0') {
++				return 0;
++			} else {
++				const char *endp;
++
++				if ((endp = strchr(n, '/')) == NULL)
++					endp = n + strlen(n);
++
++				if (c == '[') {
++					for (--p; n < endp; ++n)
++						if (!glob_match(p, n))
++							return 0;
++				} else if (c == '/') {
++					while (*n != '\0' && *n != '/')
++						++n;
++					if (*n == '/' && !glob_match(p, n + 1))
++						return 0;
++				} else {
++					for (--p; n < endp; ++n)
++						if (*n == c && !glob_match(p, n))
++							return 0;
++				}
++
++				return 1;
++			}
++		case '[':
++			{
++			int not;
++			char cold;
++
++			if (*n == '\0' || *n == '/')
++				return 1;
++
++			not = (*p == '!' || *p == '^');
++			if (not)
++				++p;
++
++			c = *p++;
++			for (;;) {
++				unsigned char fn = (unsigned char)*n;
++
++				if (c == '\0')
++					return 1;
++				else {
++					if (c == fn)
++						goto matched;
++					cold = c;
++					c = *p++;
++
++					if (c == '-' && *p != ']') {
++						unsigned char cend = *p++;
++
++						if (cend == '\0')
++							return 1;
++
++						if (cold <= fn && fn <= cend)
++							goto matched;
++
++						c = *p++;
++					}
++				}
++
++				if (c == ']')
++					break;
++			}
++			if (!not)
++				return 1;
++			break;
++		matched:
++			while (c != ']') {
++				if (c == '\0')
++					return 1;
++
++				c = *p++;
++			}
++			if (not)
++				return 1;
++		}
++		break;
++	default:
++		if (c != *n)
++			return 1;
++	}
++
++	++n;
++	}
++
++	if (*n == '\0')
++		return 0;
++
++	if (*n == '/')
++		return 0;
++
++	return 1;
++}
++
++static struct acl_object_label *
++chk_glob_label(struct acl_object_label *globbed,
++	struct dentry *dentry, struct vfsmount *mnt, char **path)
++{
++	struct acl_object_label *tmp;
++
++	if (*path == NULL)
++		*path = gr_to_filename_nolock(dentry, mnt);
++
++	tmp = globbed;
++
++	while (tmp) {
++		if (!glob_match(tmp->filename, *path))
++			return tmp;
++		tmp = tmp->next;
++	}
++
++	return NULL;
++}
++
++static struct acl_object_label *
++__full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
++	    const ino_t curr_ino, const dev_t curr_dev,
++	    const struct acl_subject_label *subj, char **path, const int checkglob)
++{
++	struct acl_subject_label *tmpsubj;
++	struct acl_object_label *retval;
++	struct acl_object_label *retval2;
++
++	tmpsubj = (struct acl_subject_label *) subj;
++	read_lock(&gr_inode_lock);
++	do {
++		retval = lookup_acl_obj_label(curr_ino, curr_dev, tmpsubj);
++		if (retval) {
++			if (checkglob && retval->globbed) {
++				retval2 = chk_glob_label(retval->globbed, (struct dentry *)orig_dentry,
++						(struct vfsmount *)orig_mnt, path);
++				if (retval2)
++					retval = retval2;
++			}
++			break;
++		}
++	} while ((tmpsubj = tmpsubj->parent_subject));
++	read_unlock(&gr_inode_lock);
++
++	return retval;
++}
++
++static __inline__ struct acl_object_label *
++full_lookup(const struct dentry *orig_dentry, const struct vfsmount *orig_mnt,
++	    const struct dentry *curr_dentry,
++	    const struct acl_subject_label *subj, char **path, const int checkglob)
++{
++	return __full_lookup(orig_dentry, orig_mnt,
++			     curr_dentry->d_inode->i_ino, 
++			     curr_dentry->d_inode->i_sb->s_dev, subj, path, checkglob);
++}
++
++static struct acl_object_label *
++__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
++	      const struct acl_subject_label *subj, char *path, const int checkglob)
++{
++	struct dentry *dentry = (struct dentry *) l_dentry;
++	struct vfsmount *mnt = (struct vfsmount *) l_mnt;
++	struct acl_object_label *retval;
++
++	spin_lock(&dcache_lock);
++
++	if (unlikely(mnt == shm_mnt || mnt == pipe_mnt || mnt == sock_mnt ||
++		/* ignore Eric Biederman */
++	    IS_PRIVATE(l_dentry->d_inode))) {
++		retval = fakefs_obj;
++		goto out;
++	}
++
++	for (;;) {
++		if (dentry == real_root && mnt == real_root_mnt)
++			break;
++
++		if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
++			if (mnt->mnt_parent == mnt)
++				break;
++
++			retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
++			if (retval != NULL)
++				goto out;
++
++			dentry = mnt->mnt_mountpoint;
++			mnt = mnt->mnt_parent;
++			continue;
++		}
++
++		retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
++		if (retval != NULL)
++			goto out;
++
++		dentry = dentry->d_parent;
++	}
++
++	retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob);
++
++	if (retval == NULL)
++		retval = full_lookup(l_dentry, l_mnt, real_root, subj, &path, checkglob);
++out:
++	spin_unlock(&dcache_lock);
++	return retval;
++}
++
++static __inline__ struct acl_object_label *
++chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
++	      const struct acl_subject_label *subj)
++{
++	char *path = NULL;
++	return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
++}
++
++static __inline__ struct acl_object_label *
++chk_obj_label_noglob(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
++	      const struct acl_subject_label *subj)
++{
++	char *path = NULL;
++	return __chk_obj_label(l_dentry, l_mnt, subj, path, 0);
++}
++
++static __inline__ struct acl_object_label *
++chk_obj_create_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
++		     const struct acl_subject_label *subj, char *path)
++{
++	return __chk_obj_label(l_dentry, l_mnt, subj, path, 1);
++}
++
++static struct acl_subject_label *
++chk_subj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt,
++	       const struct acl_role_label *role)
++{
++	struct dentry *dentry = (struct dentry *) l_dentry;
++	struct vfsmount *mnt = (struct vfsmount *) l_mnt;
++	struct acl_subject_label *retval;
++
++	spin_lock(&dcache_lock);
++
++	for (;;) {
++		if (dentry == real_root && mnt == real_root_mnt)
++			break;
++		if (dentry == mnt->mnt_root || IS_ROOT(dentry)) {
++			if (mnt->mnt_parent == mnt)
++				break;
++
++			read_lock(&gr_inode_lock);
++			retval =
++				lookup_acl_subj_label(dentry->d_inode->i_ino,
++						dentry->d_inode->i_sb->s_dev, role);
++			read_unlock(&gr_inode_lock);
++			if (retval != NULL)
++				goto out;
++
++			dentry = mnt->mnt_mountpoint;
++			mnt = mnt->mnt_parent;
++			continue;
++		}
++
++		read_lock(&gr_inode_lock);
++		retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
++					  dentry->d_inode->i_sb->s_dev, role);
++		read_unlock(&gr_inode_lock);
++		if (retval != NULL)
++			goto out;
++
++		dentry = dentry->d_parent;
++	}
++
++	read_lock(&gr_inode_lock);
++	retval = lookup_acl_subj_label(dentry->d_inode->i_ino,
++				  dentry->d_inode->i_sb->s_dev, role);
++	read_unlock(&gr_inode_lock);
++
++	if (unlikely(retval == NULL)) {
++		read_lock(&gr_inode_lock);
++		retval = lookup_acl_subj_label(real_root->d_inode->i_ino,
++					  real_root->d_inode->i_sb->s_dev, role);
++		read_unlock(&gr_inode_lock);
++	}
++out:
++	spin_unlock(&dcache_lock);
++
++	return retval;
++}
++
++static void
++gr_log_learn(const struct dentry *dentry, const struct vfsmount *mnt, const __u32 mode)
++{
++	struct task_struct *task = current;
++	const struct cred *cred = current_cred();
++
++	security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
++		       cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
++		       task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
++		       1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, NIPQUAD(task->signal->curr_ip));
++
++	return;
++}
++
++static void
++gr_log_learn_sysctl(const char *path, const __u32 mode)
++{
++	struct task_struct *task = current;
++	const struct cred *cred = current_cred();
++
++	security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype,
++		       cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
++		       task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
++		       1UL, 1UL, path, (unsigned long) mode, NIPQUAD(task->signal->curr_ip));
++
++	return;
++}
++
++static void
++gr_log_learn_id_change(const char type, const unsigned int real, 
++		       const unsigned int effective, const unsigned int fs)
++{
++	struct task_struct *task = current;
++	const struct cred *cred = current_cred();
++
++	security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype,
++		       cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry,
++		       task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename,
++		       type, real, effective, fs, NIPQUAD(task->signal->curr_ip));
++
++	return;
++}
++
++__u32
++gr_check_link(const struct dentry * new_dentry,
++	      const struct dentry * parent_dentry,
++	      const struct vfsmount * parent_mnt,
++	      const struct dentry * old_dentry, const struct vfsmount * old_mnt)
++{
++	struct acl_object_label *obj;
++	__u32 oldmode, newmode;
++	__u32 needmode;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return (GR_CREATE | GR_LINK);
++
++	obj = chk_obj_label(old_dentry, old_mnt, current->acl);
++	oldmode = obj->mode;
++
++	if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
++		oldmode |= (GR_CREATE | GR_LINK);
++
++	needmode = GR_CREATE | GR_AUDIT_CREATE | GR_SUPPRESS;
++	if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
++		needmode |= GR_SETID | GR_AUDIT_SETID;
++
++	newmode =
++	    gr_check_create(new_dentry, parent_dentry, parent_mnt,
++			    oldmode | needmode);
++
++	needmode = newmode & (GR_FIND | GR_APPEND | GR_WRITE | GR_EXEC |
++			      GR_SETID | GR_READ | GR_FIND | GR_DELETE |
++			      GR_INHERIT | GR_AUDIT_INHERIT);
++
++	if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID) && !(newmode & GR_SETID))
++		goto bad;
++
++	if ((oldmode & needmode) != needmode)
++		goto bad;
++
++	needmode = oldmode & (GR_NOPTRACE | GR_PTRACERD | GR_INHERIT | GR_AUDITS);
++	if ((newmode & needmode) != needmode)
++		goto bad;
++
++	if ((newmode & (GR_CREATE | GR_LINK)) == (GR_CREATE | GR_LINK))
++		return newmode;
++bad:
++	needmode = oldmode;
++	if (old_dentry->d_inode->i_mode & (S_ISUID | S_ISGID))
++		needmode |= GR_SETID;
++	
++	if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) {
++		gr_log_learn(old_dentry, old_mnt, needmode);
++		return (GR_CREATE | GR_LINK);
++	} else if (newmode & GR_SUPPRESS)
++		return GR_SUPPRESS;
++	else
++		return 0;
++}
++
++__u32
++gr_search_file(const struct dentry * dentry, const __u32 mode,
++	       const struct vfsmount * mnt)
++{
++	__u32 retval = mode;
++	struct acl_subject_label *curracl;
++	struct acl_object_label *currobj;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return (mode & ~GR_AUDITS);
++
++	curracl = current->acl;
++
++	currobj = chk_obj_label(dentry, mnt, curracl);
++	retval = currobj->mode & mode;
++
++	if (unlikely
++	    ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) && !(mode & GR_NOPTRACE)
++	     && (retval != (mode & ~(GR_AUDITS | GR_SUPPRESS))))) {
++		__u32 new_mode = mode;
++
++		new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
++
++		retval = new_mode;
++
++		if (new_mode & GR_EXEC && curracl->mode & GR_INHERITLEARN)
++			new_mode |= GR_INHERIT;
++
++		if (!(mode & GR_NOLEARN))
++			gr_log_learn(dentry, mnt, new_mode);
++	}
++
++	return retval;
++}
++
++__u32
++gr_check_create(const struct dentry * new_dentry, const struct dentry * parent,
++		const struct vfsmount * mnt, const __u32 mode)
++{
++	struct name_entry *match;
++	struct acl_object_label *matchpo;
++	struct acl_subject_label *curracl;
++	char *path;
++	__u32 retval;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return (mode & ~GR_AUDITS);
++
++	preempt_disable();
++	path = gr_to_filename_rbac(new_dentry, mnt);
++	match = lookup_name_entry_create(path);
++
++	if (!match)
++		goto check_parent;
++
++	curracl = current->acl;
++
++	read_lock(&gr_inode_lock);
++	matchpo = lookup_acl_obj_label_create(match->inode, match->device, curracl);
++	read_unlock(&gr_inode_lock);
++
++	if (matchpo) {
++		if ((matchpo->mode & mode) !=
++		    (mode & ~(GR_AUDITS | GR_SUPPRESS))
++		    && curracl->mode & (GR_LEARN | GR_INHERITLEARN)) {
++			__u32 new_mode = mode;
++
++			new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
++
++			gr_log_learn(new_dentry, mnt, new_mode);
++
++			preempt_enable();
++			return new_mode;
++		}
++		preempt_enable();
++		return (matchpo->mode & mode);
++	}
++
++      check_parent:
++	curracl = current->acl;
++
++	matchpo = chk_obj_create_label(parent, mnt, curracl, path);
++	retval = matchpo->mode & mode;
++
++	if ((retval != (mode & ~(GR_AUDITS | GR_SUPPRESS)))
++	    && (curracl->mode & (GR_LEARN | GR_INHERITLEARN))) {
++		__u32 new_mode = mode;
++
++		new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
++
++		gr_log_learn(new_dentry, mnt, new_mode);
++		preempt_enable();
++		return new_mode;
++	}
++
++	preempt_enable();
++	return retval;
++}
++
++int
++gr_check_hidden_task(const struct task_struct *task)
++{
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++
++	if (!(task->acl->mode & GR_PROCFIND) && !(current->acl->mode & GR_VIEW))
++		return 1;
++
++	return 0;
++}
++
++int
++gr_check_protected_task(const struct task_struct *task)
++{
++	if (unlikely(!(gr_status & GR_READY) || !task))
++		return 0;
++
++	if ((task->acl->mode & GR_PROTECTED) && !(current->acl->mode & GR_KILL) &&
++	    task->acl != current->acl)
++		return 1;
++
++	return 0;
++}
++
++void
++gr_copy_label(struct task_struct *tsk)
++{
++	tsk->signal->used_accept = 0;
++	tsk->acl_sp_role = 0;
++	tsk->acl_role_id = current->acl_role_id;
++	tsk->acl = current->acl;
++	tsk->role = current->role;
++	tsk->signal->curr_ip = current->signal->curr_ip;
++	if (current->exec_file)
++		get_file(current->exec_file);
++	tsk->exec_file = current->exec_file;
++	tsk->is_writable = current->is_writable;
++	if (unlikely(current->signal->used_accept))
++		current->signal->curr_ip = 0;
++
++	return;
++}
++
++static void
++gr_set_proc_res(struct task_struct *task)
++{
++	struct acl_subject_label *proc;
++	unsigned short i;
++
++	proc = task->acl;
++
++	if (proc->mode & (GR_LEARN | GR_INHERITLEARN))
++		return;
++
++	for (i = 0; i < RLIM_NLIMITS; i++) {
++		if (!(proc->resmask & (1 << i)))
++			continue;
++
++		task->signal->rlim[i].rlim_cur = proc->res[i].rlim_cur;
++		task->signal->rlim[i].rlim_max = proc->res[i].rlim_max;
++	}
++
++	return;
++}
++
++int
++gr_check_user_change(int real, int effective, int fs)
++{
++	unsigned int i;
++	__u16 num;
++	uid_t *uidlist;
++	int curuid;
++	int realok = 0;
++	int effectiveok = 0;
++	int fsok = 0;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++
++	if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
++		gr_log_learn_id_change('u', real, effective, fs);
++
++	num = current->acl->user_trans_num;
++	uidlist = current->acl->user_transitions;
++
++	if (uidlist == NULL)
++		return 0;
++
++	if (real == -1)
++		realok = 1;
++	if (effective == -1)
++		effectiveok = 1;
++	if (fs == -1)
++		fsok = 1;
++
++	if (current->acl->user_trans_type & GR_ID_ALLOW) {
++		for (i = 0; i < num; i++) {
++			curuid = (int)uidlist[i];
++			if (real == curuid)
++				realok = 1;
++			if (effective == curuid)
++				effectiveok = 1;
++			if (fs == curuid)
++				fsok = 1;
++		}
++	} else if (current->acl->user_trans_type & GR_ID_DENY) {
++		for (i = 0; i < num; i++) {
++			curuid = (int)uidlist[i];
++			if (real == curuid)
++				break;
++			if (effective == curuid)
++				break;
++			if (fs == curuid)
++				break;
++		}
++		/* not in deny list */
++		if (i == num) {
++			realok = 1;
++			effectiveok = 1;
++			fsok = 1;
++		}
++	}
++
++	if (realok && effectiveok && fsok)
++		return 0;
++	else {
++		gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
++		return 1;
++	}
++}
++
++int
++gr_check_group_change(int real, int effective, int fs)
++{
++	unsigned int i;
++	__u16 num;
++	gid_t *gidlist;
++	int curgid;
++	int realok = 0;
++	int effectiveok = 0;
++	int fsok = 0;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++
++	if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN))
++		gr_log_learn_id_change('g', real, effective, fs);
++
++	num = current->acl->group_trans_num;
++	gidlist = current->acl->group_transitions;
++
++	if (gidlist == NULL)
++		return 0;
++
++	if (real == -1)
++		realok = 1;
++	if (effective == -1)
++		effectiveok = 1;
++	if (fs == -1)
++		fsok = 1;
++
++	if (current->acl->group_trans_type & GR_ID_ALLOW) {
++		for (i = 0; i < num; i++) {
++			curgid = (int)gidlist[i];
++			if (real == curgid)
++				realok = 1;
++			if (effective == curgid)
++				effectiveok = 1;
++			if (fs == curgid)
++				fsok = 1;
++		}
++	} else if (current->acl->group_trans_type & GR_ID_DENY) {
++		for (i = 0; i < num; i++) {
++			curgid = (int)gidlist[i];
++			if (real == curgid)
++				break;
++			if (effective == curgid)
++				break;
++			if (fs == curgid)
++				break;
++		}
++		/* not in deny list */
++		if (i == num) {
++			realok = 1;
++			effectiveok = 1;
++			fsok = 1;
++		}
++	}
++
++	if (realok && effectiveok && fsok)
++		return 0;
++	else {
++		gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real);
++		return 1;
++	}
++}
++
++void
++gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid)
++{
++	struct acl_role_label *role = task->role;
++	struct acl_subject_label *subj = NULL;
++	struct acl_object_label *obj;
++	struct file *filp;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return;
++
++	filp = task->exec_file;
++
++	/* kernel process, we'll give them the kernel role */
++	if (unlikely(!filp)) {
++		task->role = kernel_role;
++		task->acl = kernel_role->root_label;
++		return;
++	} else if (!task->role || !(task->role->roletype & GR_ROLE_SPECIAL))
++		role = lookup_acl_role_label(task, uid, gid);
++
++	/* perform subject lookup in possibly new role
++	   we can use this result below in the case where role == task->role
++	*/
++	subj = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, role);
++
++	/* if we changed uid/gid, but result in the same role
++	   and are using inheritance, don't lose the inherited subject
++	   if current subject is other than what normal lookup
++	   would result in, we arrived via inheritance, don't
++	   lose subject
++	*/
++	if (role != task->role || (!(task->acl->mode & GR_INHERITLEARN) &&
++				   (subj == task->acl)))
++		task->acl = subj;
++
++	task->role = role;
++
++	task->is_writable = 0;
++
++	/* ignore additional mmap checks for processes that are writable 
++	   by the default ACL */
++	obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
++	if (unlikely(obj->mode & GR_WRITE))
++		task->is_writable = 1;
++	obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
++	if (unlikely(obj->mode & GR_WRITE))
++		task->is_writable = 1;
++
++#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
++	printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
++#endif
++
++	gr_set_proc_res(task);
++
++	return;
++}
++
++int
++gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
++		  const int unsafe_share)
++{
++	struct task_struct *task = current;
++	struct acl_subject_label *newacl;
++	struct acl_object_label *obj;
++	__u32 retmode;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++
++	newacl = chk_subj_label(dentry, mnt, task->role);
++
++	task_lock(task);
++	if (((task->ptrace & PT_PTRACED) && !(task->acl->mode &
++	     GR_POVERRIDE) && (task->acl != newacl) &&
++	     !(task->role->roletype & GR_ROLE_GOD) &&
++	     !gr_search_file(dentry, GR_PTRACERD, mnt) &&
++	     !(task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))
++	    || unsafe_share) {
++                task_unlock(task);
++		gr_log_fs_generic(GR_DONT_AUDIT, GR_PTRACE_EXEC_ACL_MSG, dentry, mnt);
++		return -EACCES;
++	}
++	task_unlock(task);
++
++	obj = chk_obj_label(dentry, mnt, task->acl);
++	retmode = obj->mode & (GR_INHERIT | GR_AUDIT_INHERIT);
++
++	if (!(task->acl->mode & GR_INHERITLEARN) &&
++	    ((newacl->mode & GR_LEARN) || !(retmode & GR_INHERIT))) {
++		if (obj->nested)
++			task->acl = obj->nested;
++		else
++			task->acl = newacl;
++	} else if (retmode & GR_INHERIT && retmode & GR_AUDIT_INHERIT)
++		gr_log_str_fs(GR_DO_AUDIT, GR_INHERIT_ACL_MSG, task->acl->filename, dentry, mnt);
++
++	task->is_writable = 0;
++
++	/* ignore additional mmap checks for processes that are writable 
++	   by the default ACL */
++	obj = chk_obj_label(dentry, mnt, default_role->root_label);
++	if (unlikely(obj->mode & GR_WRITE))
++		task->is_writable = 1;
++	obj = chk_obj_label(dentry, mnt, task->role->root_label);
++	if (unlikely(obj->mode & GR_WRITE))
++		task->is_writable = 1;
++
++	gr_set_proc_res(task);
++
++#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
++	printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
++#endif
++	return 0;
++}
++
++/* always called with valid inodev ptr */
++static void
++do_handle_delete(struct inodev_entry *inodev, const ino_t ino, const dev_t dev)
++{
++	struct acl_object_label *matchpo;
++	struct acl_subject_label *matchps;
++	struct acl_subject_label *subj;
++	struct acl_role_label *role;
++	unsigned int i, x;
++
++	FOR_EACH_ROLE_START(role, i)
++		FOR_EACH_SUBJECT_START(role, subj, x)
++			if ((matchpo = lookup_acl_obj_label(ino, dev, subj)) != NULL)
++				matchpo->mode |= GR_DELETED;
++		FOR_EACH_SUBJECT_END(subj,x)
++		FOR_EACH_NESTED_SUBJECT_START(role, subj)
++			if (subj->inode == ino && subj->device == dev)
++				subj->mode |= GR_DELETED;
++		FOR_EACH_NESTED_SUBJECT_END(subj)
++		if ((matchps = lookup_acl_subj_label(ino, dev, role)) != NULL)
++			matchps->mode |= GR_DELETED;
++	FOR_EACH_ROLE_END(role,i)
++
++	inodev->nentry->deleted = 1;
++
++	return;
++}
++
++void
++gr_handle_delete(const ino_t ino, const dev_t dev)
++{
++	struct inodev_entry *inodev;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return;
++
++	write_lock(&gr_inode_lock);
++	inodev = lookup_inodev_entry(ino, dev);
++	if (inodev != NULL)
++		do_handle_delete(inodev, ino, dev);
++	write_unlock(&gr_inode_lock);
++
++	return;
++}
++
++static void
++update_acl_obj_label(const ino_t oldinode, const dev_t olddevice,
++		     const ino_t newinode, const dev_t newdevice,
++		     struct acl_subject_label *subj)
++{
++	unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size);
++	struct acl_object_label *match;
++
++	match = subj->obj_hash[index];
++
++	while (match && (match->inode != oldinode ||
++	       match->device != olddevice ||
++	       !(match->mode & GR_DELETED)))
++		match = match->next;
++
++	if (match && (match->inode == oldinode)
++	    && (match->device == olddevice)
++	    && (match->mode & GR_DELETED)) {
++		if (match->prev == NULL) {
++			subj->obj_hash[index] = match->next;
++			if (match->next != NULL)
++				match->next->prev = NULL;
++		} else {
++			match->prev->next = match->next;
++			if (match->next != NULL)
++				match->next->prev = match->prev;
++		}
++		match->prev = NULL;
++		match->next = NULL;
++		match->inode = newinode;
++		match->device = newdevice;
++		match->mode &= ~GR_DELETED;
++
++		insert_acl_obj_label(match, subj);
++	}
++
++	return;
++}
++
++static void
++update_acl_subj_label(const ino_t oldinode, const dev_t olddevice,
++		      const ino_t newinode, const dev_t newdevice,
++		      struct acl_role_label *role)
++{
++	unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size);
++	struct acl_subject_label *match;
++
++	match = role->subj_hash[index];
++
++	while (match && (match->inode != oldinode ||
++	       match->device != olddevice ||
++	       !(match->mode & GR_DELETED)))
++		match = match->next;
++
++	if (match && (match->inode == oldinode)
++	    && (match->device == olddevice)
++	    && (match->mode & GR_DELETED)) {
++		if (match->prev == NULL) {
++			role->subj_hash[index] = match->next;
++			if (match->next != NULL)
++				match->next->prev = NULL;
++		} else {
++			match->prev->next = match->next;
++			if (match->next != NULL)
++				match->next->prev = match->prev;
++		}
++		match->prev = NULL;
++		match->next = NULL;
++		match->inode = newinode;
++		match->device = newdevice;
++		match->mode &= ~GR_DELETED;
++
++		insert_acl_subj_label(match, role);
++	}
++
++	return;
++}
++
++static void
++update_inodev_entry(const ino_t oldinode, const dev_t olddevice,
++		    const ino_t newinode, const dev_t newdevice)
++{
++	unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size);
++	struct inodev_entry *match;
++
++	match = inodev_set.i_hash[index];
++
++	while (match && (match->nentry->inode != oldinode ||
++	       match->nentry->device != olddevice || !match->nentry->deleted))
++		match = match->next;
++
++	if (match && (match->nentry->inode == oldinode)
++	    && (match->nentry->device == olddevice) &&
++	    match->nentry->deleted) {
++		if (match->prev == NULL) {
++			inodev_set.i_hash[index] = match->next;
++			if (match->next != NULL)
++				match->next->prev = NULL;
++		} else {
++			match->prev->next = match->next;
++			if (match->next != NULL)
++				match->next->prev = match->prev;
++		}
++		match->prev = NULL;
++		match->next = NULL;
++		match->nentry->inode = newinode;
++		match->nentry->device = newdevice;
++		match->nentry->deleted = 0;
++
++		insert_inodev_entry(match);
++	}
++
++	return;
++}
++
++static void
++do_handle_create(const struct name_entry *matchn, const struct dentry *dentry,
++		 const struct vfsmount *mnt)
++{
++	struct acl_subject_label *subj;
++	struct acl_role_label *role;
++	unsigned int i, x;
++
++	FOR_EACH_ROLE_START(role, i)
++		update_acl_subj_label(matchn->inode, matchn->device,
++				      dentry->d_inode->i_ino,
++				      dentry->d_inode->i_sb->s_dev, role);
++
++		FOR_EACH_NESTED_SUBJECT_START(role, subj)
++			if ((subj->inode == dentry->d_inode->i_ino) &&
++			    (subj->device == dentry->d_inode->i_sb->s_dev)) {
++				subj->inode = dentry->d_inode->i_ino;
++				subj->device = dentry->d_inode->i_sb->s_dev;
++			}
++		FOR_EACH_NESTED_SUBJECT_END(subj)
++		FOR_EACH_SUBJECT_START(role, subj, x)
++			update_acl_obj_label(matchn->inode, matchn->device,
++					     dentry->d_inode->i_ino,
++					     dentry->d_inode->i_sb->s_dev, subj);
++		FOR_EACH_SUBJECT_END(subj,x)
++	FOR_EACH_ROLE_END(role,i)
++
++	update_inodev_entry(matchn->inode, matchn->device,
++			    dentry->d_inode->i_ino, dentry->d_inode->i_sb->s_dev);
++
++	return;
++}
++
++void
++gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	struct name_entry *matchn;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return;
++
++	preempt_disable();
++	matchn = lookup_name_entry(gr_to_filename_rbac(dentry, mnt));
++
++	if (unlikely((unsigned long)matchn)) {
++		write_lock(&gr_inode_lock);
++		do_handle_create(matchn, dentry, mnt);
++		write_unlock(&gr_inode_lock);
++	}
++	preempt_enable();
++
++	return;
++}
++
++void
++gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
++		 struct dentry *old_dentry,
++		 struct dentry *new_dentry,
++		 struct vfsmount *mnt, const __u8 replace)
++{
++	struct name_entry *matchn;
++	struct inodev_entry *inodev;
++
++	/* vfs_rename swaps the name and parent link for old_dentry and
++	   new_dentry
++	   at this point, old_dentry has the new name, parent link, and inode
++	   for the renamed file
++	   if a file is being replaced by a rename, new_dentry has the inode
++	   and name for the replaced file
++	*/
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return;
++
++	preempt_disable();
++	matchn = lookup_name_entry(gr_to_filename_rbac(old_dentry, mnt));
++
++	/* we wouldn't have to check d_inode if it weren't for
++	   NFS silly-renaming
++	 */
++
++	write_lock(&gr_inode_lock);
++	if (unlikely(replace && new_dentry->d_inode)) {
++		inodev = lookup_inodev_entry(new_dentry->d_inode->i_ino,
++					     new_dentry->d_inode->i_sb->s_dev);
++		if (inodev != NULL && (new_dentry->d_inode->i_nlink <= 1))
++			do_handle_delete(inodev, new_dentry->d_inode->i_ino,
++					 new_dentry->d_inode->i_sb->s_dev);
++	}
++
++	inodev = lookup_inodev_entry(old_dentry->d_inode->i_ino,
++				     old_dentry->d_inode->i_sb->s_dev);
++	if (inodev != NULL && (old_dentry->d_inode->i_nlink <= 1))
++		do_handle_delete(inodev, old_dentry->d_inode->i_ino,
++				 old_dentry->d_inode->i_sb->s_dev);
++
++	if (unlikely((unsigned long)matchn))
++		do_handle_create(matchn, old_dentry, mnt);
++
++	write_unlock(&gr_inode_lock);
++	preempt_enable();
++
++	return;
++}
++
++static int
++lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
++			 unsigned char **sum)
++{
++	struct acl_role_label *r;
++	struct role_allowed_ip *ipp;
++	struct role_transition *trans;
++	unsigned int i;
++	int found = 0;
++
++	/* check transition table */
++
++	for (trans = current->role->transitions; trans; trans = trans->next) {
++		if (!strcmp(rolename, trans->rolename)) {
++			found = 1;
++			break;
++		}
++	}
++
++	if (!found)
++		return 0;
++
++	/* handle special roles that do not require authentication
++	   and check ip */
++
++	FOR_EACH_ROLE_START(r, i)
++		if (!strcmp(rolename, r->rolename) &&
++		    (r->roletype & GR_ROLE_SPECIAL)) {
++			found = 0;
++			if (r->allowed_ips != NULL) {
++				for (ipp = r->allowed_ips; ipp; ipp = ipp->next) {
++					if ((ntohl(current->signal->curr_ip) & ipp->netmask) ==
++					     (ntohl(ipp->addr) & ipp->netmask))
++						found = 1;
++				}
++			} else
++				found = 2;
++			if (!found)
++				return 0;
++
++			if (((mode == GR_SPROLE) && (r->roletype & GR_ROLE_NOPW)) ||
++			    ((mode == GR_SPROLEPAM) && (r->roletype & GR_ROLE_PAM))) {
++				*salt = NULL;
++				*sum = NULL;
++				return 1;
++			}
++		}
++	FOR_EACH_ROLE_END(r,i)
++
++	for (i = 0; i < num_sprole_pws; i++) {
++		if (!strcmp(rolename, acl_special_roles[i]->rolename)) {
++			*salt = acl_special_roles[i]->salt;
++			*sum = acl_special_roles[i]->sum;
++			return 1;
++		}
++	}
++
++	return 0;
++}
++
++static void
++assign_special_role(char *rolename)
++{
++	struct acl_object_label *obj;
++	struct acl_role_label *r;
++	struct acl_role_label *assigned = NULL;
++	struct task_struct *tsk;
++	struct file *filp;
++	unsigned int i;
++
++	FOR_EACH_ROLE_START(r, i)
++		if (!strcmp(rolename, r->rolename) &&
++		    (r->roletype & GR_ROLE_SPECIAL))
++			assigned = r;
++	FOR_EACH_ROLE_END(r,i)
++
++	if (!assigned)
++		return;
++
++	read_lock(&tasklist_lock);
++	read_lock(&grsec_exec_file_lock);
++
++	tsk = current->parent;
++	if (tsk == NULL)
++		goto out_unlock;
++
++	filp = tsk->exec_file;
++	if (filp == NULL)
++		goto out_unlock;
++
++	tsk->is_writable = 0;
++
++	tsk->acl_sp_role = 1;
++	tsk->acl_role_id = ++acl_sp_role_value;
++	tsk->role = assigned;
++	tsk->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role);
++
++	/* ignore additional mmap checks for processes that are writable 
++	   by the default ACL */
++	obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
++	if (unlikely(obj->mode & GR_WRITE))
++		tsk->is_writable = 1;
++	obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, tsk->role->root_label);
++	if (unlikely(obj->mode & GR_WRITE))
++		tsk->is_writable = 1;
++
++#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
++	printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid);
++#endif
++
++out_unlock:
++	read_unlock(&grsec_exec_file_lock);
++	read_unlock(&tasklist_lock);
++	return;
++}
++
++int gr_check_secure_terminal(struct task_struct *task)
++{
++	struct task_struct *p, *p2, *p3;
++	struct files_struct *files;
++	struct fdtable *fdt;
++	struct file *our_file = NULL, *file;
++	int i;
++
++	if (task->signal->tty == NULL)
++		return 1;
++
++	files = get_files_struct(task);
++	if (files != NULL) {
++		rcu_read_lock();
++		fdt = files_fdtable(files);
++		for (i=0; i < fdt->max_fds; i++) {
++			file = fcheck_files(files, i);
++			if (file && (our_file == NULL) && (file->private_data == task->signal->tty)) {
++				get_file(file);
++				our_file = file;
++			}
++		}
++		rcu_read_unlock();
++		put_files_struct(files);
++	}
++
++	if (our_file == NULL)
++		return 1;
++
++	read_lock(&tasklist_lock);
++	do_each_thread(p2, p) {
++		files = get_files_struct(p);
++		if (files == NULL ||
++		    (p->signal && p->signal->tty == task->signal->tty)) {
++			if (files != NULL)
++				put_files_struct(files);
++			continue;
++		}
++		rcu_read_lock();
++		fdt = files_fdtable(files);
++		for (i=0; i < fdt->max_fds; i++) {
++			file = fcheck_files(files, i);
++			if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) &&
++			    file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) {
++				p3 = task;
++				while (p3->pid > 0) {
++					if (p3 == p)
++						break;
++					p3 = p3->parent;
++				}
++				if (p3 == p)
++					break;
++				gr_log_ttysniff(GR_DONT_AUDIT_GOOD, GR_TTYSNIFF_ACL_MSG, p);
++				gr_handle_alertkill(p);
++				rcu_read_unlock();
++				put_files_struct(files);
++				read_unlock(&tasklist_lock);
++				fput(our_file);
++				return 0;
++			}
++		}
++		rcu_read_unlock();
++		put_files_struct(files);
++	} while_each_thread(p2, p);
++	read_unlock(&tasklist_lock);
++
++	fput(our_file);
++	return 1;
++}
++
++ssize_t
++write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
++{
++	struct gr_arg_wrapper uwrap;
++	unsigned char *sprole_salt;
++	unsigned char *sprole_sum;
++	int error = sizeof (struct gr_arg_wrapper);
++	int error2 = 0;
++
++	down(&gr_dev_sem);
++
++	if ((gr_status & GR_READY) && !(current->acl->mode & GR_KERNELAUTH)) {
++		error = -EPERM;
++		goto out;
++	}
++
++	if (count != sizeof (struct gr_arg_wrapper)) {
++		gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper));
++		error = -EINVAL;
++		goto out;
++	}
++
++	
++	if (gr_auth_expires && time_after_eq(get_seconds(), gr_auth_expires)) {
++		gr_auth_expires = 0;
++		gr_auth_attempts = 0;
++	}
++
++	if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) {
++		error = -EFAULT;
++		goto out;
++	}
++
++	if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) {
++		error = -EINVAL;
++		goto out;
++	}
++
++	if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) {
++		error = -EFAULT;
++		goto out;
++	}
++
++	if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
++	    gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
++	    time_after(gr_auth_expires, get_seconds())) {
++		error = -EBUSY;
++		goto out;
++	}
++
++	/* if non-root trying to do anything other than use a special role,
++	   do not attempt authentication, do not count towards authentication
++	   locking
++	 */
++
++	if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS &&
++	    gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM &&
++	    current_uid()) {
++		error = -EPERM;
++		goto out;
++	}
++
++	/* ensure pw and special role name are null terminated */
++
++	gr_usermode->pw[GR_PW_LEN - 1] = '\0';
++	gr_usermode->sp_role[GR_SPROLE_LEN - 1] = '\0';
++
++	/* Okay. 
++	 * We have our enough of the argument structure..(we have yet
++	 * to copy_from_user the tables themselves) . Copy the tables
++	 * only if we need them, i.e. for loading operations. */
++
++	switch (gr_usermode->mode) {
++	case GR_STATUS:
++			if (gr_status & GR_READY) {
++				error = 1;
++				if (!gr_check_secure_terminal(current))
++					error = 3;
++			} else
++				error = 2;
++			goto out;
++	case GR_SHUTDOWN:
++		if ((gr_status & GR_READY)
++		    && !(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
++#ifdef CONFIG_PAX_KERNEXEC
++			{
++				unsigned long cr0;
++
++				pax_open_kernel(cr0);
++				gr_status &= ~GR_READY;
++				pax_close_kernel(cr0);
++			}
++#else
++			gr_status &= ~GR_READY;
++#endif
++			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTS_ACL_MSG);
++			free_variables();
++			memset(gr_usermode, 0, sizeof (struct gr_arg));
++			memset(gr_system_salt, 0, GR_SALT_LEN);
++			memset(gr_system_sum, 0, GR_SHA_LEN);
++		} else if (gr_status & GR_READY) {
++			gr_log_noargs(GR_DONT_AUDIT, GR_SHUTF_ACL_MSG);
++			error = -EPERM;
++		} else {
++			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SHUTI_ACL_MSG);
++			error = -EAGAIN;
++		}
++		break;
++	case GR_ENABLE:
++		if (!(gr_status & GR_READY) && !(error2 = gracl_init(gr_usermode)))
++			gr_log_str(GR_DONT_AUDIT_GOOD, GR_ENABLE_ACL_MSG, GR_VERSION);
++		else {
++			if (gr_status & GR_READY)
++				error = -EAGAIN;
++			else
++				error = error2;
++			gr_log_str(GR_DONT_AUDIT, GR_ENABLEF_ACL_MSG, GR_VERSION);
++		}
++		break;
++	case GR_RELOAD:
++		if (!(gr_status & GR_READY)) {
++			gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOADI_ACL_MSG, GR_VERSION);
++			error = -EAGAIN;
++		} else if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
++			lock_kernel();
++#ifdef CONFIG_PAX_KERNEXEC
++			{
++				unsigned long cr0;
++
++				pax_open_kernel(cr0);
++				gr_status &= ~GR_READY;
++				pax_close_kernel(cr0);
++			}
++#else
++			gr_status &= ~GR_READY;
++#endif
++			free_variables();
++			if (!(error2 = gracl_init(gr_usermode))) {
++				unlock_kernel();
++				gr_log_str(GR_DONT_AUDIT_GOOD, GR_RELOAD_ACL_MSG, GR_VERSION);
++			} else {
++				unlock_kernel();
++				error = error2;
++				gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
++			}
++		} else {
++			gr_log_str(GR_DONT_AUDIT, GR_RELOADF_ACL_MSG, GR_VERSION);
++			error = -EPERM;
++		}
++		break;
++	case GR_SEGVMOD:
++		if (unlikely(!(gr_status & GR_READY))) {
++			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODI_ACL_MSG);
++			error = -EAGAIN;
++			break;
++		}
++
++		if (!(chkpw(gr_usermode, gr_system_salt, gr_system_sum))) {
++			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SEGVMODS_ACL_MSG);
++			if (gr_usermode->segv_device && gr_usermode->segv_inode) {
++				struct acl_subject_label *segvacl;
++				segvacl =
++				    lookup_acl_subj_label(gr_usermode->segv_inode,
++							  gr_usermode->segv_device,
++							  current->role);
++				if (segvacl) {
++					segvacl->crashes = 0;
++					segvacl->expires = 0;
++				}
++			} else if (gr_find_uid(gr_usermode->segv_uid) >= 0) {
++				gr_remove_uid(gr_usermode->segv_uid);
++			}
++		} else {
++			gr_log_noargs(GR_DONT_AUDIT, GR_SEGVMODF_ACL_MSG);
++			error = -EPERM;
++		}
++		break;
++	case GR_SPROLE:
++	case GR_SPROLEPAM:
++		if (unlikely(!(gr_status & GR_READY))) {
++			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_SPROLEI_ACL_MSG);
++			error = -EAGAIN;
++			break;
++		}
++
++		if (current->role->expires && time_after_eq(get_seconds(), current->role->expires)) {
++			current->role->expires = 0;
++			current->role->auth_attempts = 0;
++		}
++
++		if (current->role->auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
++		    time_after(current->role->expires, get_seconds())) {
++			error = -EBUSY;
++			goto out;
++		}
++
++		if (lookup_special_role_auth
++		    (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
++		    && ((!sprole_salt && !sprole_sum)
++			|| !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
++			char *p = "";
++			assign_special_role(gr_usermode->sp_role);
++			read_lock(&tasklist_lock);
++			if (current->parent)
++				p = current->parent->role->rolename;
++			read_unlock(&tasklist_lock);
++			gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLES_ACL_MSG,
++					p, acl_sp_role_value);
++		} else {
++			gr_log_str(GR_DONT_AUDIT, GR_SPROLEF_ACL_MSG, gr_usermode->sp_role);
++			error = -EPERM;
++			if(!(current->role->auth_attempts++))
++				current->role->expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
++
++			goto out;
++		}
++		break;
++	case GR_UNSPROLE:
++		if (unlikely(!(gr_status & GR_READY))) {
++			gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_UNSPROLEI_ACL_MSG);
++			error = -EAGAIN;
++			break;
++		}
++
++		if (current->role->roletype & GR_ROLE_SPECIAL) {
++			char *p = "";
++			int i = 0;
++
++			read_lock(&tasklist_lock);
++			if (current->parent) {
++				p = current->parent->role->rolename;
++				i = current->parent->acl_role_id;
++			}
++			read_unlock(&tasklist_lock);
++
++			gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_UNSPROLES_ACL_MSG, p, i);
++			gr_set_acls(1);
++		} else {
++			gr_log_str(GR_DONT_AUDIT, GR_UNSPROLEF_ACL_MSG, current->role->rolename);
++			error = -EPERM;
++			goto out;
++		}
++		break;
++	default:
++		gr_log_int(GR_DONT_AUDIT, GR_INVMODE_ACL_MSG, gr_usermode->mode);
++		error = -EINVAL;
++		break;
++	}
++
++	if (error != -EPERM)
++		goto out;
++
++	if(!(gr_auth_attempts++))
++		gr_auth_expires = get_seconds() + CONFIG_GRKERNSEC_ACL_TIMEOUT;
++
++      out:
++	up(&gr_dev_sem);
++	return error;
++}
++
++int
++gr_set_acls(const int type)
++{
++	struct acl_object_label *obj;
++	struct task_struct *task, *task2;
++	struct file *filp;
++	struct acl_role_label *role = current->role;
++	__u16 acl_role_id = current->acl_role_id;
++	const struct cred *cred;
++	char *tmpname;
++	struct name_entry *nmatch;
++	struct acl_subject_label *tmpsubj;
++
++	read_lock(&tasklist_lock);
++	read_lock(&grsec_exec_file_lock);
++	do_each_thread(task2, task) {
++		/* check to see if we're called from the exit handler,
++		   if so, only replace ACLs that have inherited the admin
++		   ACL */
++
++		if (type && (task->role != role ||
++			     task->acl_role_id != acl_role_id))
++			continue;
++
++		task->acl_role_id = 0;
++		task->acl_sp_role = 0;
++
++		if ((filp = task->exec_file)) {
++			cred = __task_cred(task);
++			task->role = lookup_acl_role_label(task, cred->uid, cred->gid);
++
++			/* the following is to apply the correct subject 
++			   on binaries running when the RBAC system 
++			   is enabled, when the binaries have been 
++			   replaced or deleted since their execution
++			   -----
++			   when the RBAC system starts, the inode/dev
++			   from exec_file will be one the RBAC system
++			   is unaware of.  It only knows the inode/dev
++			   of the present file on disk, or the absence
++			   of it.
++			*/
++			preempt_disable();
++			tmpname = gr_to_filename_rbac(filp->f_path.dentry, filp->f_path.mnt);
++			
++			nmatch = lookup_name_entry(tmpname);
++			preempt_enable();
++			tmpsubj = NULL;
++			if (nmatch) {
++				if (nmatch->deleted)
++					tmpsubj = lookup_acl_subj_label_deleted(nmatch->inode, nmatch->device, task->role);
++				else
++					tmpsubj = lookup_acl_subj_label(nmatch->inode, nmatch->device, task->role);
++				if (tmpsubj != NULL)
++					task->acl = tmpsubj;
++			}
++			if (tmpsubj == NULL)
++				task->acl = chk_subj_label(filp->f_path.dentry, filp->f_path.mnt,
++							   task->role);
++			if (task->acl) {
++				struct acl_subject_label *curr;
++				curr = task->acl;
++
++				task->is_writable = 0;
++				/* ignore additional mmap checks for processes that are writable 
++				   by the default ACL */
++				obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
++				if (unlikely(obj->mode & GR_WRITE))
++					task->is_writable = 1;
++				obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, task->role->root_label);
++				if (unlikely(obj->mode & GR_WRITE))
++					task->is_writable = 1;
++
++				gr_set_proc_res(task);
++
++#ifdef CONFIG_GRKERNSEC_ACL_DEBUG
++				printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename);
++#endif
++			} else {
++				read_unlock(&grsec_exec_file_lock);
++				read_unlock(&tasklist_lock);
++				gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid);
++				return 1;
++			}
++		} else {
++			// it's a kernel process
++			task->role = kernel_role;
++			task->acl = kernel_role->root_label;
++#ifdef CONFIG_GRKERNSEC_ACL_HIDEKERN
++			task->acl->mode &= ~GR_PROCFIND;
++#endif
++		}
++	} while_each_thread(task2, task);
++	read_unlock(&grsec_exec_file_lock);
++	read_unlock(&tasklist_lock);
++	return 0;
++}
++
++void
++gr_learn_resource(const struct task_struct *task,
++		  const int res, const unsigned long wanted, const int gt)
++{
++	struct acl_subject_label *acl;
++	const struct cred *cred;
++
++	if (unlikely((gr_status & GR_READY) &&
++		     task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))))
++		goto skip_reslog;
++
++#ifdef CONFIG_GRKERNSEC_RESLOG
++	gr_log_resource(task, res, wanted, gt);
++#endif
++      skip_reslog:
++
++	if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS))
++		return;
++
++	acl = task->acl;
++
++	if (likely(!acl || !(acl->mode & (GR_LEARN | GR_INHERITLEARN)) ||
++		   !(acl->resmask & (1 << (unsigned short) res))))
++		return;
++
++	if (wanted >= acl->res[res].rlim_cur) {
++		unsigned long res_add;
++
++		res_add = wanted;
++		switch (res) {
++		case RLIMIT_CPU:
++			res_add += GR_RLIM_CPU_BUMP;
++			break;
++		case RLIMIT_FSIZE:
++			res_add += GR_RLIM_FSIZE_BUMP;
++			break;
++		case RLIMIT_DATA:
++			res_add += GR_RLIM_DATA_BUMP;
++			break;
++		case RLIMIT_STACK:
++			res_add += GR_RLIM_STACK_BUMP;
++			break;
++		case RLIMIT_CORE:
++			res_add += GR_RLIM_CORE_BUMP;
++			break;
++		case RLIMIT_RSS:
++			res_add += GR_RLIM_RSS_BUMP;
++			break;
++		case RLIMIT_NPROC:
++			res_add += GR_RLIM_NPROC_BUMP;
++			break;
++		case RLIMIT_NOFILE:
++			res_add += GR_RLIM_NOFILE_BUMP;
++			break;
++		case RLIMIT_MEMLOCK:
++			res_add += GR_RLIM_MEMLOCK_BUMP;
++			break;
++		case RLIMIT_AS:
++			res_add += GR_RLIM_AS_BUMP;
++			break;
++		case RLIMIT_LOCKS:
++			res_add += GR_RLIM_LOCKS_BUMP;
++			break;
++		case RLIMIT_SIGPENDING:
++			res_add += GR_RLIM_SIGPENDING_BUMP;
++			break;
++		case RLIMIT_MSGQUEUE:
++			res_add += GR_RLIM_MSGQUEUE_BUMP;
++			break;
++		case RLIMIT_NICE:
++			res_add += GR_RLIM_NICE_BUMP;
++			break;
++		case RLIMIT_RTPRIO:
++			res_add += GR_RLIM_RTPRIO_BUMP;
++			break;
++		case RLIMIT_RTTIME:
++			res_add += GR_RLIM_RTTIME_BUMP;
++			break;
++		}
++
++		acl->res[res].rlim_cur = res_add;
++
++		if (wanted > acl->res[res].rlim_max)
++			acl->res[res].rlim_max = res_add;
++
++		/* only log the subject filename, since resource logging is supported for
++		   single-subject learning only */
++		cred = __task_cred(task);
++		security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
++			       task->role->roletype, cred->uid, cred->gid, acl->filename,
++			       acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max,
++			       "", (unsigned long) res, NIPQUAD(task->signal->curr_ip));
++	}
++
++	return;
++}
++
++#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
++void
++pax_set_initial_flags(struct linux_binprm *bprm)
++{
++	struct task_struct *task = current;
++        struct acl_subject_label *proc;
++	unsigned long flags;
++
++        if (unlikely(!(gr_status & GR_READY)))
++                return;
++
++	flags = pax_get_flags(task);
++
++        proc = task->acl;
++
++	if (proc->pax_flags & GR_PAX_DISABLE_PAGEEXEC)
++		flags &= ~MF_PAX_PAGEEXEC;
++	if (proc->pax_flags & GR_PAX_DISABLE_SEGMEXEC)
++		flags &= ~MF_PAX_SEGMEXEC;
++	if (proc->pax_flags & GR_PAX_DISABLE_RANDMMAP)
++		flags &= ~MF_PAX_RANDMMAP;
++	if (proc->pax_flags & GR_PAX_DISABLE_EMUTRAMP)
++		flags &= ~MF_PAX_EMUTRAMP;
++	if (proc->pax_flags & GR_PAX_DISABLE_MPROTECT)
++		flags &= ~MF_PAX_MPROTECT;
++
++	if (proc->pax_flags & GR_PAX_ENABLE_PAGEEXEC)
++		flags |= MF_PAX_PAGEEXEC;
++	if (proc->pax_flags & GR_PAX_ENABLE_SEGMEXEC)
++		flags |= MF_PAX_SEGMEXEC;
++	if (proc->pax_flags & GR_PAX_ENABLE_RANDMMAP)
++		flags |= MF_PAX_RANDMMAP;
++	if (proc->pax_flags & GR_PAX_ENABLE_EMUTRAMP)
++		flags |= MF_PAX_EMUTRAMP;
++	if (proc->pax_flags & GR_PAX_ENABLE_MPROTECT)
++		flags |= MF_PAX_MPROTECT;
++
++	pax_set_flags(task, flags);
++
++        return;
++}
++#endif
++
++#ifdef CONFIG_SYSCTL
++/* Eric Biederman likes breaking userland ABI and every inode-based security
++   system to save 35kb of memory */
++
++/* we modify the passed in filename, but adjust it back before returning */
++static struct acl_object_label *gr_lookup_by_name(char *name, unsigned int len)
++{
++	struct name_entry *nmatch;
++	char *p, *lastp = NULL;
++	struct acl_object_label *obj = NULL, *tmp;
++	struct acl_subject_label *tmpsubj;
++	char c = '\0';
++
++	read_lock(&gr_inode_lock);
++
++	p = name + len - 1;
++	do {
++		nmatch = lookup_name_entry(name);
++		if (lastp != NULL)
++			*lastp = c;
++
++		if (nmatch == NULL)
++			goto next_component;
++		tmpsubj = current->acl;
++		do {
++			obj = lookup_acl_obj_label(nmatch->inode, nmatch->device, tmpsubj);
++			if (obj != NULL) {
++				tmp = obj->globbed;
++				while (tmp) {
++					if (!glob_match(tmp->filename, name)) {
++						obj = tmp;
++						goto found_obj;
++					}
++					tmp = tmp->next;
++				}
++				goto found_obj;
++			}
++		} while ((tmpsubj = tmpsubj->parent_subject));
++next_component:
++		/* end case */
++		if (p == name)
++			break;
++
++		while (*p != '/')
++			p--;
++		if (p == name)
++			lastp = p + 1;
++		else {
++			lastp = p;
++			p--;
++		}
++		c = *lastp;
++		*lastp = '\0';
++	} while (1);
++found_obj:
++	read_unlock(&gr_inode_lock);
++	/* obj returned will always be non-null */
++	return obj;
++}
++
++/* returns 0 when allowing, non-zero on error
++   op of 0 is used for readdir, so we don't log the names of hidden files
++*/
++__u32
++gr_handle_sysctl(const struct ctl_table *table, const int op)
++{
++	ctl_table *tmp;
++	const char *proc_sys = "/proc/sys";
++	char *path;
++	struct acl_object_label *obj;
++	unsigned short len = 0, pos = 0, depth = 0, i;
++	__u32 err = 0;
++	__u32 mode = 0;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++
++	/* for now, ignore operations on non-sysctl entries if it's not a
++	   readdir*/
++	if (table->child != NULL && op != 0)
++		return 0;
++
++	mode |= GR_FIND;
++	/* it's only a read if it's an entry, read on dirs is for readdir */
++	if (op & MAY_READ)
++		mode |= GR_READ;
++	if (op & MAY_WRITE)
++		mode |= GR_WRITE;
++
++	preempt_disable();
++
++	path = per_cpu_ptr(gr_shared_page[0], smp_processor_id());
++
++	/* it's only a read/write if it's an actual entry, not a dir
++	   (which are opened for readdir)
++	*/
++
++	/* convert the requested sysctl entry into a pathname */
++
++	for (tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
++		len += strlen(tmp->procname);
++		len++;
++		depth++;
++	}
++
++	if ((len + depth + strlen(proc_sys) + 1) > PAGE_SIZE) {
++		/* deny */
++		goto out;
++	}
++
++	memset(path, 0, PAGE_SIZE);
++
++	memcpy(path, proc_sys, strlen(proc_sys));
++
++	pos += strlen(proc_sys);
++
++	for (; depth > 0; depth--) {
++		path[pos] = '/';
++		pos++;
++		for (i = 1, tmp = (ctl_table *)table; tmp != NULL; tmp = tmp->parent) {
++			if (depth == i) {
++				memcpy(path + pos, tmp->procname,
++				       strlen(tmp->procname));
++				pos += strlen(tmp->procname);
++			}
++			i++;
++		}
++	}
++
++	obj = gr_lookup_by_name(path, pos);
++	err = obj->mode & (mode | to_gr_audit(mode) | GR_SUPPRESS);
++
++	if (unlikely((current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) &&
++		     ((err & mode) != mode))) {
++		__u32 new_mode = mode;
++
++		new_mode &= ~(GR_AUDITS | GR_SUPPRESS);
++
++		err = 0;
++		gr_log_learn_sysctl(path, new_mode);
++	} else if (!(err & GR_FIND) && !(err & GR_SUPPRESS) && op != 0) {
++		gr_log_hidden_sysctl(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, path);
++		err = -ENOENT;
++	} else if (!(err & GR_FIND)) {
++		err = -ENOENT;
++	} else if (((err & mode) & ~GR_FIND) != (mode & ~GR_FIND) && !(err & GR_SUPPRESS)) {
++		gr_log_str4(GR_DONT_AUDIT, GR_SYSCTL_ACL_MSG, "denied",
++			       path, (mode & GR_READ) ? " reading" : "",
++			       (mode & GR_WRITE) ? " writing" : "");
++		err = -EACCES;
++	} else if ((err & mode) != mode) {
++		err = -EACCES;
++	} else if ((((err & mode) & ~GR_FIND) == (mode & ~GR_FIND)) && (err & GR_AUDITS)) {
++		gr_log_str4(GR_DO_AUDIT, GR_SYSCTL_ACL_MSG, "successful",
++			       path, (mode & GR_READ) ? " reading" : "",
++			       (mode & GR_WRITE) ? " writing" : "");
++		err = 0;
++	} else
++		err = 0;
++
++      out:
++	preempt_enable();
++
++	return err;
++}
++#endif
++
++int
++gr_handle_proc_ptrace(struct task_struct *task)
++{
++	struct file *filp;
++	struct task_struct *tmp = task;
++	struct task_struct *curtemp = current;
++	__u32 retmode;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++
++	read_lock(&tasklist_lock);
++	read_lock(&grsec_exec_file_lock);
++	filp = task->exec_file;
++
++	while (tmp->pid > 0) {
++		if (tmp == curtemp)
++			break;
++		tmp = tmp->parent;
++	}
++
++	if (!filp || (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE))) {
++		read_unlock(&grsec_exec_file_lock);
++		read_unlock(&tasklist_lock);
++		return 1;
++	}
++
++	retmode = gr_search_file(filp->f_path.dentry, GR_NOPTRACE, filp->f_path.mnt);
++	read_unlock(&grsec_exec_file_lock);
++	read_unlock(&tasklist_lock);
++
++	if (retmode & GR_NOPTRACE)
++		return 1;
++
++	if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD)
++	    && (current->acl != task->acl || (current->acl != current->role->root_label
++	    && current->pid != task->pid)))
++		return 1;
++
++	return 0;
++}
++
++int
++gr_handle_ptrace(struct task_struct *task, const long request)
++{
++	struct task_struct *tmp = task;
++	struct task_struct *curtemp = current;
++	__u32 retmode;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return 0;
++
++	read_lock(&tasklist_lock);
++	while (tmp->pid > 0) {
++		if (tmp == curtemp)
++			break;
++		tmp = tmp->parent;
++	}
++
++	if (tmp->pid == 0 && !(current->acl->mode & GR_RELAXPTRACE)) {
++		read_unlock(&tasklist_lock);
++		gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
++		return 1;
++	}
++	read_unlock(&tasklist_lock);
++
++	read_lock(&grsec_exec_file_lock);
++	if (unlikely(!task->exec_file)) {
++		read_unlock(&grsec_exec_file_lock);
++		return 0;
++	}
++
++	retmode = gr_search_file(task->exec_file->f_path.dentry, GR_PTRACERD | GR_NOPTRACE, task->exec_file->f_path.mnt);
++	read_unlock(&grsec_exec_file_lock);
++
++	if (retmode & GR_NOPTRACE) {
++		gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
++		return 1;
++	}
++		
++	if (retmode & GR_PTRACERD) {
++		switch (request) {
++		case PTRACE_POKETEXT:
++		case PTRACE_POKEDATA:
++		case PTRACE_POKEUSR:
++#if !defined(CONFIG_PPC32) && !defined(CONFIG_PPC64) && !defined(CONFIG_PARISC) && !defined(CONFIG_ALPHA) && !defined(CONFIG_IA64)
++		case PTRACE_SETREGS:
++		case PTRACE_SETFPREGS:
++#endif
++#ifdef CONFIG_X86
++		case PTRACE_SETFPXREGS:
++#endif
++#ifdef CONFIG_ALTIVEC
++		case PTRACE_SETVRREGS:
++#endif
++			return 1;
++		default:
++			return 0;
++		}
++	} else if (!(current->acl->mode & GR_POVERRIDE) &&
++		   !(current->role->roletype & GR_ROLE_GOD) &&
++		   (current->acl != task->acl)) {
++		gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task);
++		return 1;
++	}
++
++	return 0;
++}
++
++static int is_writable_mmap(const struct file *filp)
++{
++	struct task_struct *task = current;
++	struct acl_object_label *obj, *obj2;
++
++	if (gr_status & GR_READY && !(task->acl->mode & GR_OVERRIDE) &&
++	    !task->is_writable && S_ISREG(filp->f_path.dentry->d_inode->i_mode)) {
++		obj = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt, default_role->root_label);
++		obj2 = chk_obj_label(filp->f_path.dentry, filp->f_path.mnt,
++				     task->role->root_label);
++		if (unlikely((obj->mode & GR_WRITE) || (obj2->mode & GR_WRITE))) {
++			gr_log_fs_generic(GR_DONT_AUDIT, GR_WRITLIB_ACL_MSG, filp->f_path.dentry, filp->f_path.mnt);
++			return 1;
++		}
++	}
++	return 0;
++}
++
++int
++gr_acl_handle_mmap(const struct file *file, const unsigned long prot)
++{
++	__u32 mode;
++
++	if (unlikely(!file || !(prot & PROT_EXEC)))
++		return 1;
++
++	if (is_writable_mmap(file))
++		return 0;
++
++	mode =
++	    gr_search_file(file->f_path.dentry,
++			   GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
++			   file->f_path.mnt);
++
++	if (!gr_tpe_allow(file))
++		return 0;
++
++	if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
++		gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
++		return 0;
++	} else if (unlikely(!(mode & GR_EXEC))) {
++		return 0;
++	} else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
++		gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MMAP_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
++		return 1;
++	}
++
++	return 1;
++}
++
++int
++gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
++{
++	__u32 mode;
++
++	if (unlikely(!file || !(prot & PROT_EXEC)))
++		return 1;
++
++	if (is_writable_mmap(file))
++		return 0;
++
++	mode =
++	    gr_search_file(file->f_path.dentry,
++			   GR_EXEC | GR_AUDIT_EXEC | GR_SUPPRESS,
++			   file->f_path.mnt);
++
++	if (!gr_tpe_allow(file))
++		return 0;
++
++	if (unlikely(!(mode & GR_EXEC) && !(mode & GR_SUPPRESS))) {
++		gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
++		return 0;
++	} else if (unlikely(!(mode & GR_EXEC))) {
++		return 0;
++	} else if (unlikely(mode & GR_EXEC && mode & GR_AUDIT_EXEC)) {
++		gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_MPROTECT_ACL_MSG, file->f_path.dentry, file->f_path.mnt);
++		return 1;
++	}
++
++	return 1;
++}
++
++void
++gr_acl_handle_psacct(struct task_struct *task, const long code)
++{
++	unsigned long runtime;
++	unsigned long cputime;
++	unsigned int wday, cday;
++	__u8 whr, chr;
++	__u8 wmin, cmin;
++	__u8 wsec, csec;
++	struct timespec timeval;
++
++	if (unlikely(!(gr_status & GR_READY) || !task->acl ||
++		     !(task->acl->mode & GR_PROCACCT)))
++		return;
++
++	do_posix_clock_monotonic_gettime(&timeval);
++	runtime = timeval.tv_sec - task->start_time.tv_sec;
++	wday = runtime / (3600 * 24);
++	runtime -= wday * (3600 * 24);
++	whr = runtime / 3600;
++	runtime -= whr * 3600;
++	wmin = runtime / 60;
++	runtime -= wmin * 60;
++	wsec = runtime;
++
++	cputime = (task->utime + task->stime) / HZ;
++	cday = cputime / (3600 * 24);
++	cputime -= cday * (3600 * 24);
++	chr = cputime / 3600;
++	cputime -= chr * 3600;
++	cmin = cputime / 60;
++	cputime -= cmin * 60;
++	csec = cputime;
++
++	gr_log_procacct(GR_DO_AUDIT, GR_ACL_PROCACCT_MSG, task, wday, whr, wmin, wsec, cday, chr, cmin, csec, code);
++
++	return;
++}
++
++void gr_set_kernel_label(struct task_struct *task)
++{
++	if (gr_status & GR_READY) {
++		task->role = kernel_role;
++		task->acl = kernel_role->root_label;
++	}
++	return;
++}
++
++#ifdef CONFIG_TASKSTATS
++int gr_is_taskstats_denied(int pid)
++{
++	struct task_struct *task;
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	const struct cred *cred;
++#endif
++	int ret = 0;
++
++	/* restrict taskstats viewing to un-chrooted root users
++	   who have the 'view' subject flag if the RBAC system is enabled
++	*/
++
++	read_lock(&tasklist_lock);
++	task = find_task_by_vpid(pid);
++	if (task) {
++		task_lock(task);
++#ifdef CONFIG_GRKERNSEC_CHROOT
++		if (proc_is_chrooted(task))
++			ret = -EACCES;
++#endif
++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++		cred = __task_cred(task);
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++		if (cred->uid != 0)
++			ret = -EACCES;
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++		if (cred->uid != 0 && !groups_search(cred->group_info, CONFIG_GRKERNSEC_PROC_GID))
++			ret = -EACCES;
++#endif
++#endif
++		if (gr_status & GR_READY) {
++			if (!(task->acl->mode & GR_VIEW))
++				ret = -EACCES;
++		}
++		
++		task_unlock(task);
++	} else
++		ret = -ENOENT;
++
++	read_unlock(&tasklist_lock);
++
++	return ret;
++}
++#endif
++
++int gr_acl_handle_filldir(const struct file *file, const char *name, const unsigned int namelen, const ino_t ino)
++{
++	struct task_struct *task = current;
++	struct dentry *dentry = file->f_path.dentry;
++	struct vfsmount *mnt = file->f_path.mnt;
++	struct acl_object_label *obj, *tmp;
++	struct acl_subject_label *subj;
++	unsigned int bufsize;
++	int is_not_root;
++	char *path;
++
++	if (unlikely(!(gr_status & GR_READY)))
++		return 1;
++
++	if (task->acl->mode & (GR_LEARN | GR_INHERITLEARN))
++		return 1;
++
++	/* ignore Eric Biederman */
++	if (IS_PRIVATE(dentry->d_inode))
++		return 1;
++
++	subj = task->acl;
++	do {
++		obj = lookup_acl_obj_label(ino, dentry->d_inode->i_sb->s_dev, subj);
++		if (obj != NULL)
++			return (obj->mode & GR_FIND) ? 1 : 0;
++	} while ((subj = subj->parent_subject));
++	
++	/* this is purely an optimization since we're looking for an object
++	   for the directory we're doing a readdir on
++	   if it's possible for any globbed object to match the entry we're
++	   filling into the directory, then the object we find here will be
++	   an anchor point with attached globbed objects
++	*/
++	obj = chk_obj_label_noglob(dentry, mnt, task->acl);
++	if (obj->globbed == NULL)
++		return (obj->mode & GR_FIND) ? 1 : 0;
++
++	is_not_root = ((obj->filename[0] == '/') &&
++		   (obj->filename[1] == '\0')) ? 0 : 1;
++	bufsize = PAGE_SIZE - namelen - is_not_root;
++
++	/* check bufsize > PAGE_SIZE || bufsize == 0 */
++	if (unlikely((bufsize - 1) > (PAGE_SIZE - 1)))
++		return 1;
++
++	preempt_disable();
++	path = d_real_path(dentry, mnt, per_cpu_ptr(gr_shared_page[0], smp_processor_id()),
++			   bufsize);
++
++	bufsize = strlen(path);
++
++	/* if base is "/", don't append an additional slash */
++	if (is_not_root)
++		*(path + bufsize) = '/';
++	memcpy(path + bufsize + is_not_root, name, namelen);
++	*(path + bufsize + namelen + is_not_root) = '\0';
++
++	tmp = obj->globbed;
++	while (tmp) {
++		if (!glob_match(tmp->filename, path)) {
++			preempt_enable();
++			return (tmp->mode & GR_FIND) ? 1 : 0;
++		}
++		tmp = tmp->next;
++	}
++	preempt_enable();
++	return (obj->mode & GR_FIND) ? 1 : 0;
++}
++
++EXPORT_SYMBOL(gr_learn_resource);
++EXPORT_SYMBOL(gr_set_kernel_label);
++#ifdef CONFIG_SECURITY
++EXPORT_SYMBOL(gr_check_user_change);
++EXPORT_SYMBOL(gr_check_group_change);
++#endif
++
+diff -urNp linux-2.6.29.6/grsecurity/gracl_cap.c linux-2.6.29.6/grsecurity/gracl_cap.c
+--- linux-2.6.29.6/grsecurity/gracl_cap.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_cap.c	2009-07-23 17:34:32.174773311 -0400
+@@ -0,0 +1,131 @@
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/sched.h>
++#include <linux/gracl.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++static const char *captab_log[] = {
++	"CAP_CHOWN",
++	"CAP_DAC_OVERRIDE",
++	"CAP_DAC_READ_SEARCH",
++	"CAP_FOWNER",
++	"CAP_FSETID",
++	"CAP_KILL",
++	"CAP_SETGID",
++	"CAP_SETUID",
++	"CAP_SETPCAP",
++	"CAP_LINUX_IMMUTABLE",
++	"CAP_NET_BIND_SERVICE",
++	"CAP_NET_BROADCAST",
++	"CAP_NET_ADMIN",
++	"CAP_NET_RAW",
++	"CAP_IPC_LOCK",
++	"CAP_IPC_OWNER",
++	"CAP_SYS_MODULE",
++	"CAP_SYS_RAWIO",
++	"CAP_SYS_CHROOT",
++	"CAP_SYS_PTRACE",
++	"CAP_SYS_PACCT",
++	"CAP_SYS_ADMIN",
++	"CAP_SYS_BOOT",
++	"CAP_SYS_NICE",
++	"CAP_SYS_RESOURCE",
++	"CAP_SYS_TIME",
++	"CAP_SYS_TTY_CONFIG",
++	"CAP_MKNOD",
++	"CAP_LEASE",
++	"CAP_AUDIT_WRITE",
++	"CAP_AUDIT_CONTROL",
++	"CAP_SETFCAP",
++	"CAP_MAC_OVERRIDE",
++	"CAP_MAC_ADMIN"
++};
++
++EXPORT_SYMBOL(gr_is_capable);
++EXPORT_SYMBOL(gr_is_capable_nolog);
++
++int
++gr_is_capable(const int cap)
++{
++	struct task_struct *task = current;
++	const struct cred *cred = current_cred();
++	struct acl_subject_label *curracl;
++	kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
++
++	if (!gr_acl_is_enabled())
++		return 1;
++
++	curracl = task->acl;
++
++	cap_drop = curracl->cap_lower;
++	cap_mask = curracl->cap_mask;
++
++	while ((curracl = curracl->parent_subject)) {
++		/* if the cap isn't specified in the current computed mask but is specified in the
++		   current level subject, and is lowered in the current level subject, then add
++		   it to the set of dropped capabilities
++		   otherwise, add the current level subject's mask to the current computed mask
++		 */
++		if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
++			cap_raise(cap_mask, cap);
++			if (cap_raised(curracl->cap_lower, cap))
++				cap_raise(cap_drop, cap);
++		}
++	}
++
++	if (!cap_raised(cap_drop, cap))
++		return 1;
++
++	curracl = task->acl;
++
++	if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN))
++	    && cap_raised(cred->cap_effective, cap)) {
++		security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename,
++			       task->role->roletype, cred->uid,
++			       cred->gid, task->exec_file ?
++			       gr_to_filename(task->exec_file->f_path.dentry,
++			       task->exec_file->f_path.mnt) : curracl->filename,
++			       curracl->filename, 0UL,
++			       0UL, "", (unsigned long) cap, NIPQUAD(task->signal->curr_ip));
++		return 1;
++	}
++
++	if ((cap >= 0) && (cap < (sizeof(captab_log)/sizeof(captab_log[0]))) && cap_raised(cred->cap_effective, cap))
++		gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]);
++	return 0;
++}
++
++int
++gr_is_capable_nolog(const int cap)
++{
++	struct acl_subject_label *curracl;
++	kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set;
++
++	if (!gr_acl_is_enabled())
++		return 1;
++
++	curracl = current->acl;
++
++	cap_drop = curracl->cap_lower;
++	cap_mask = curracl->cap_mask;
++
++	while ((curracl = curracl->parent_subject)) {
++		/* if the cap isn't specified in the current computed mask but is specified in the
++		   current level subject, and is lowered in the current level subject, then add
++		   it to the set of dropped capabilities
++		   otherwise, add the current level subject's mask to the current computed mask
++		 */
++		if (!cap_raised(cap_mask, cap) && cap_raised(curracl->cap_mask, cap)) {
++			cap_raise(cap_mask, cap);
++			if (cap_raised(curracl->cap_lower, cap))
++				cap_raise(cap_drop, cap);
++		}
++	}
++
++	if (!cap_raised(cap_drop, cap))
++		return 1;
++
++	return 0;
++}
++
+diff -urNp linux-2.6.29.6/grsecurity/gracl_fs.c linux-2.6.29.6/grsecurity/gracl_fs.c
+--- linux-2.6.29.6/grsecurity/gracl_fs.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_fs.c	2009-07-23 17:34:32.174773311 -0400
+@@ -0,0 +1,423 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/types.h>
++#include <linux/fs.h>
++#include <linux/file.h>
++#include <linux/stat.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++#include <linux/gracl.h>
++
++__u32
++gr_acl_handle_hidden_file(const struct dentry * dentry,
++			  const struct vfsmount * mnt)
++{
++	__u32 mode;
++
++	if (unlikely(!dentry->d_inode))
++		return GR_FIND;
++
++	mode =
++	    gr_search_file(dentry, GR_FIND | GR_AUDIT_FIND | GR_SUPPRESS, mnt);
++
++	if (unlikely(mode & GR_FIND && mode & GR_AUDIT_FIND)) {
++		gr_log_fs_rbac_generic(GR_DO_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
++		return mode;
++	} else if (unlikely(!(mode & GR_FIND) && !(mode & GR_SUPPRESS))) {
++		gr_log_fs_rbac_generic(GR_DONT_AUDIT, GR_HIDDEN_ACL_MSG, dentry, mnt);
++		return 0;
++	} else if (unlikely(!(mode & GR_FIND)))
++		return 0;
++
++	return GR_FIND;
++}
++
++__u32
++gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
++		   const int fmode)
++{
++	__u32 reqmode = GR_FIND;
++	__u32 mode;
++
++	if (unlikely(!dentry->d_inode))
++		return reqmode;
++
++	if (unlikely(fmode & O_APPEND))
++		reqmode |= GR_APPEND;
++	else if (unlikely(fmode & FMODE_WRITE))
++		reqmode |= GR_WRITE;
++	if (likely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
++		reqmode |= GR_READ;
++
++	mode =
++	    gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
++			   mnt);
++
++	if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
++		gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
++			       reqmode & GR_READ ? " reading" : "",
++			       reqmode & GR_WRITE ? " writing" : reqmode &
++			       GR_APPEND ? " appending" : "");
++		return reqmode;
++	} else
++	    if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
++	{
++		gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_OPEN_ACL_MSG, dentry, mnt,
++			       reqmode & GR_READ ? " reading" : "",
++			       reqmode & GR_WRITE ? " writing" : reqmode &
++			       GR_APPEND ? " appending" : "");
++		return 0;
++	} else if (unlikely((mode & reqmode) != reqmode))
++		return 0;
++
++	return reqmode;
++}
++
++__u32
++gr_acl_handle_creat(const struct dentry * dentry,
++		    const struct dentry * p_dentry,
++		    const struct vfsmount * p_mnt, const int fmode,
++		    const int imode)
++{
++	__u32 reqmode = GR_WRITE | GR_CREATE;
++	__u32 mode;
++
++	if (unlikely(fmode & O_APPEND))
++		reqmode |= GR_APPEND;
++	if (unlikely((fmode & FMODE_READ) && !(fmode & O_DIRECTORY)))
++		reqmode |= GR_READ;
++	if (unlikely((fmode & O_CREAT) && (imode & (S_ISUID | S_ISGID))))
++		reqmode |= GR_SETID;
++
++	mode =
++	    gr_check_create(dentry, p_dentry, p_mnt,
++			    reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
++
++	if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
++		gr_log_fs_rbac_mode2(GR_DO_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
++			       reqmode & GR_READ ? " reading" : "",
++			       reqmode & GR_WRITE ? " writing" : reqmode &
++			       GR_APPEND ? " appending" : "");
++		return reqmode;
++	} else
++	    if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
++	{
++		gr_log_fs_rbac_mode2(GR_DONT_AUDIT, GR_CREATE_ACL_MSG, dentry, p_mnt,
++			       reqmode & GR_READ ? " reading" : "",
++			       reqmode & GR_WRITE ? " writing" : reqmode &
++			       GR_APPEND ? " appending" : "");
++		return 0;
++	} else if (unlikely((mode & reqmode) != reqmode))
++		return 0;
++
++	return reqmode;
++}
++
++__u32
++gr_acl_handle_access(const struct dentry * dentry, const struct vfsmount * mnt,
++		     const int fmode)
++{
++	__u32 mode, reqmode = GR_FIND;
++
++	if ((fmode & S_IXOTH) && !S_ISDIR(dentry->d_inode->i_mode))
++		reqmode |= GR_EXEC;
++	if (fmode & S_IWOTH)
++		reqmode |= GR_WRITE;
++	if (fmode & S_IROTH)
++		reqmode |= GR_READ;
++
++	mode =
++	    gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS,
++			   mnt);
++
++	if (unlikely(((mode & reqmode) == reqmode) && mode & GR_AUDITS)) {
++		gr_log_fs_rbac_mode3(GR_DO_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
++			       reqmode & GR_READ ? " reading" : "",
++			       reqmode & GR_WRITE ? " writing" : "",
++			       reqmode & GR_EXEC ? " executing" : "");
++		return reqmode;
++	} else
++	    if (unlikely((mode & reqmode) != reqmode && !(mode & GR_SUPPRESS)))
++	{
++		gr_log_fs_rbac_mode3(GR_DONT_AUDIT, GR_ACCESS_ACL_MSG, dentry, mnt,
++			       reqmode & GR_READ ? " reading" : "",
++			       reqmode & GR_WRITE ? " writing" : "",
++			       reqmode & GR_EXEC ? " executing" : "");
++		return 0;
++	} else if (unlikely((mode & reqmode) != reqmode))
++		return 0;
++
++	return reqmode;
++}
++
++static __u32 generic_fs_handler(const struct dentry *dentry, const struct vfsmount *mnt, __u32 reqmode, const char *fmt)
++{
++	__u32 mode;
++
++	mode = gr_search_file(dentry, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS, mnt);
++
++	if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
++		gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, dentry, mnt);
++		return mode;
++	} else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
++		gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, dentry, mnt);
++		return 0;
++	} else if (unlikely((mode & (reqmode)) != (reqmode)))
++		return 0;
++
++	return (reqmode);
++}
++
++__u32
++gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++	return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_RMDIR_ACL_MSG);
++}
++
++__u32
++gr_acl_handle_unlink(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return generic_fs_handler(dentry, mnt, GR_WRITE | GR_DELETE , GR_UNLINK_ACL_MSG);
++}
++
++__u32
++gr_acl_handle_truncate(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return generic_fs_handler(dentry, mnt, GR_WRITE, GR_TRUNCATE_ACL_MSG);
++}
++
++__u32
++gr_acl_handle_utime(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return generic_fs_handler(dentry, mnt, GR_WRITE, GR_ATIME_ACL_MSG);
++}
++
++__u32
++gr_acl_handle_fchmod(const struct dentry *dentry, const struct vfsmount *mnt,
++		     mode_t mode)
++{
++	if (unlikely(dentry->d_inode && S_ISSOCK(dentry->d_inode->i_mode)))
++		return 1;
++
++	if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
++		return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
++				   GR_FCHMOD_ACL_MSG);
++	} else {
++		return generic_fs_handler(dentry, mnt, GR_WRITE, GR_FCHMOD_ACL_MSG);
++	}
++}
++
++__u32
++gr_acl_handle_chmod(const struct dentry *dentry, const struct vfsmount *mnt,
++		    mode_t mode)
++{
++	if (unlikely((mode != (mode_t)-1) && (mode & (S_ISUID | S_ISGID)))) {
++		return generic_fs_handler(dentry, mnt, GR_WRITE | GR_SETID,
++				   GR_CHMOD_ACL_MSG);
++	} else {
++		return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHMOD_ACL_MSG);
++	}
++}
++
++__u32
++gr_acl_handle_chown(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return generic_fs_handler(dentry, mnt, GR_WRITE, GR_CHOWN_ACL_MSG);
++}
++
++__u32
++gr_acl_handle_execve(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return generic_fs_handler(dentry, mnt, GR_EXEC, GR_EXEC_ACL_MSG);
++}
++
++__u32
++gr_acl_handle_unix(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return generic_fs_handler(dentry, mnt, GR_READ | GR_WRITE,
++			   GR_UNIXCONNECT_ACL_MSG);
++}
++
++/* hardlinks require at minimum create permission,
++   any additional privilege required is based on the
++   privilege of the file being linked to
++*/
++__u32
++gr_acl_handle_link(const struct dentry * new_dentry,
++		   const struct dentry * parent_dentry,
++		   const struct vfsmount * parent_mnt,
++		   const struct dentry * old_dentry,
++		   const struct vfsmount * old_mnt, const char *to)
++{
++	__u32 mode;
++	__u32 needmode = GR_CREATE | GR_LINK;
++	__u32 needaudit = GR_AUDIT_CREATE | GR_AUDIT_LINK;
++
++	mode =
++	    gr_check_link(new_dentry, parent_dentry, parent_mnt, old_dentry,
++			  old_mnt);
++
++	if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) {
++		gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
++		return mode;
++	} else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
++		gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to);
++		return 0;
++	} else if (unlikely((mode & needmode) != needmode))
++		return 0;
++
++	return 1;
++}
++
++__u32
++gr_acl_handle_symlink(const struct dentry * new_dentry,
++		      const struct dentry * parent_dentry,
++		      const struct vfsmount * parent_mnt, const char *from)
++{
++	__u32 needmode = GR_WRITE | GR_CREATE;
++	__u32 mode;
++
++	mode =
++	    gr_check_create(new_dentry, parent_dentry, parent_mnt,
++			    GR_CREATE | GR_AUDIT_CREATE |
++			    GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS);
++
++	if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) {
++		gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
++		return mode;
++	} else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) {
++		gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt);
++		return 0;
++	} else if (unlikely((mode & needmode) != needmode))
++		return 0;
++
++	return (GR_WRITE | GR_CREATE);
++}
++
++static __u32 generic_fs_create_handler(const struct dentry *new_dentry, const struct dentry *parent_dentry, const struct vfsmount *parent_mnt, __u32 reqmode, const char *fmt)
++{
++	__u32 mode;
++
++	mode = gr_check_create(new_dentry, parent_dentry, parent_mnt, reqmode | to_gr_audit(reqmode) | GR_SUPPRESS);
++
++	if (unlikely(((mode & (reqmode)) == (reqmode)) && mode & GR_AUDITS)) {
++		gr_log_fs_rbac_generic(GR_DO_AUDIT, fmt, new_dentry, parent_mnt);
++		return mode;
++	} else if (unlikely((mode & (reqmode)) != (reqmode) && !(mode & GR_SUPPRESS))) {
++		gr_log_fs_rbac_generic(GR_DONT_AUDIT, fmt, new_dentry, parent_mnt);
++		return 0;
++	} else if (unlikely((mode & (reqmode)) != (reqmode)))
++		return 0;
++
++	return (reqmode);
++}
++
++__u32
++gr_acl_handle_mknod(const struct dentry * new_dentry,
++		    const struct dentry * parent_dentry,
++		    const struct vfsmount * parent_mnt,
++		    const int mode)
++{
++	__u32 reqmode = GR_WRITE | GR_CREATE;
++	if (unlikely(mode & (S_ISUID | S_ISGID)))
++		reqmode |= GR_SETID;
++
++	return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
++				  reqmode, GR_MKNOD_ACL_MSG);
++}
++
++__u32
++gr_acl_handle_mkdir(const struct dentry *new_dentry,
++		    const struct dentry *parent_dentry,
++		    const struct vfsmount *parent_mnt)
++{
++	return generic_fs_create_handler(new_dentry, parent_dentry, parent_mnt,
++				  GR_WRITE | GR_CREATE, GR_MKDIR_ACL_MSG);
++}
++
++#define RENAME_CHECK_SUCCESS(old, new) \
++	(((old & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)) && \
++	 ((new & (GR_WRITE | GR_READ)) == (GR_WRITE | GR_READ)))
++
++int
++gr_acl_handle_rename(struct dentry *new_dentry,
++		     struct dentry *parent_dentry,
++		     const struct vfsmount *parent_mnt,
++		     struct dentry *old_dentry,
++		     struct inode *old_parent_inode,
++		     struct vfsmount *old_mnt, const char *newname)
++{
++	__u32 comp1, comp2;
++	int error = 0;
++
++	if (unlikely(!gr_acl_is_enabled()))
++		return 0;
++
++	if (!new_dentry->d_inode) {
++		comp1 = gr_check_create(new_dentry, parent_dentry, parent_mnt,
++					GR_READ | GR_WRITE | GR_CREATE | GR_AUDIT_READ |
++					GR_AUDIT_WRITE | GR_AUDIT_CREATE | GR_SUPPRESS);
++		comp2 = gr_search_file(old_dentry, GR_READ | GR_WRITE |
++				       GR_DELETE | GR_AUDIT_DELETE |
++				       GR_AUDIT_READ | GR_AUDIT_WRITE |
++				       GR_SUPPRESS, old_mnt);
++	} else {
++		comp1 = gr_search_file(new_dentry, GR_READ | GR_WRITE |
++				       GR_CREATE | GR_DELETE |
++				       GR_AUDIT_CREATE | GR_AUDIT_DELETE |
++				       GR_AUDIT_READ | GR_AUDIT_WRITE |
++				       GR_SUPPRESS, parent_mnt);
++		comp2 =
++		    gr_search_file(old_dentry,
++				   GR_READ | GR_WRITE | GR_AUDIT_READ |
++				   GR_DELETE | GR_AUDIT_DELETE |
++				   GR_AUDIT_WRITE | GR_SUPPRESS, old_mnt);
++	}
++
++	if (RENAME_CHECK_SUCCESS(comp1, comp2) &&
++	    ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS)))
++		gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
++	else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS)
++		 && !(comp2 & GR_SUPPRESS)) {
++		gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname);
++		error = -EACCES;
++	} else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2)))
++		error = -EACCES;
++
++	return error;
++}
++
++void
++gr_acl_handle_exit(void)
++{
++	u16 id;
++	char *rolename;
++	struct file *exec_file;
++
++	if (unlikely(current->acl_sp_role && gr_acl_is_enabled())) {
++		id = current->acl_role_id;
++		rolename = current->role->rolename;
++		gr_set_acls(1);
++		gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id);
++	}
++
++	write_lock(&grsec_exec_file_lock);
++	exec_file = current->exec_file;
++	current->exec_file = NULL;
++	write_unlock(&grsec_exec_file_lock);
++
++	if (exec_file)
++		fput(exec_file);
++}
++
++int
++gr_acl_handle_procpidmem(const struct task_struct *task)
++{
++	if (unlikely(!gr_acl_is_enabled()))
++		return 0;
++
++	if (task != current && task->acl->mode & GR_PROTPROCFD)
++		return -EACCES;
++
++	return 0;
++}
+diff -urNp linux-2.6.29.6/grsecurity/gracl_ip.c linux-2.6.29.6/grsecurity/gracl_ip.c
+--- linux-2.6.29.6/grsecurity/gracl_ip.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_ip.c	2009-07-23 17:34:32.174773311 -0400
+@@ -0,0 +1,340 @@
++#include <linux/kernel.h>
++#include <asm/uaccess.h>
++#include <asm/errno.h>
++#include <net/sock.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/net.h>
++#include <linux/in.h>
++#include <linux/skbuff.h>
++#include <linux/ip.h>
++#include <linux/udp.h>
++#include <linux/smp_lock.h>
++#include <linux/types.h>
++#include <linux/sched.h>
++#include <linux/netdevice.h>
++#include <linux/inetdevice.h>
++#include <linux/gracl.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++#define GR_BIND			0x01
++#define GR_CONNECT		0x02
++#define GR_INVERT		0x04
++#define GR_BINDOVERRIDE		0x08
++#define GR_CONNECTOVERRIDE	0x10
++
++static const char * gr_protocols[256] = {
++	"ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "cbt",
++	"egp", "igp", "bbn-rcc", "nvp", "pup", "argus", "emcon", "xnet",
++	"chaos", "udp", "mux", "dcn", "hmp", "prm", "xns-idp", "trunk-1",
++	"trunk-2", "leaf-1", "leaf-2", "rdp", "irtp", "iso-tp4", "netblt", "mfe-nsp",
++	"merit-inp", "sep", "3pc", "idpr", "xtp", "ddp", "idpr-cmtp", "tp++",
++	"il", "ipv6", "sdrp", "ipv6-route", "ipv6-frag", "idrp", "rsvp", "gre",
++	"mhrp", "bna", "ipv6-crypt", "ipv6-auth", "i-nlsp", "swipe", "narp", "mobile",
++	"tlsp", "skip", "ipv6-icmp", "ipv6-nonxt", "ipv6-opts", "unknown:61", "cftp", "unknown:63",
++	"sat-expak", "kryptolan", "rvd", "ippc", "unknown:68", "sat-mon", "visa", "ipcv",
++	"cpnx", "cphb", "wsn", "pvp", "br-sat-mon", "sun-nd", "wb-mon", "wb-expak", 
++	"iso-ip", "vmtp", "secure-vmtp", "vines", "ttp", "nfsnet-igp", "dgp", "tcf", 
++	"eigrp", "ospf", "sprite-rpc", "larp", "mtp", "ax.25", "ipip", "micp",
++	"scc-sp", "etherip", "encap", "unknown:99", "gmtp", "ifmp", "pnni", "pim",
++	"aris", "scps", "qnx", "a/n", "ipcomp", "snp", "compaq-peer", "ipx-in-ip",
++	"vrrp", "pgm", "unknown:114", "l2tp", "ddx", "iatp", "stp", "srp",
++	"uti", "smp", "sm", "ptp", "isis", "fire", "crtp", "crdup",
++	"sscopmce", "iplt", "sps", "pipe", "sctp", "fc", "unkown:134", "unknown:135",
++	"unknown:136", "unknown:137", "unknown:138", "unknown:139", "unknown:140", "unknown:141", "unknown:142", "unknown:143",
++	"unknown:144", "unknown:145", "unknown:146", "unknown:147", "unknown:148", "unknown:149", "unknown:150", "unknown:151",
++	"unknown:152", "unknown:153", "unknown:154", "unknown:155", "unknown:156", "unknown:157", "unknown:158", "unknown:159",
++	"unknown:160", "unknown:161", "unknown:162", "unknown:163", "unknown:164", "unknown:165", "unknown:166", "unknown:167",
++	"unknown:168", "unknown:169", "unknown:170", "unknown:171", "unknown:172", "unknown:173", "unknown:174", "unknown:175",
++	"unknown:176", "unknown:177", "unknown:178", "unknown:179", "unknown:180", "unknown:181", "unknown:182", "unknown:183",
++	"unknown:184", "unknown:185", "unknown:186", "unknown:187", "unknown:188", "unknown:189", "unknown:190", "unknown:191",
++	"unknown:192", "unknown:193", "unknown:194", "unknown:195", "unknown:196", "unknown:197", "unknown:198", "unknown:199",
++	"unknown:200", "unknown:201", "unknown:202", "unknown:203", "unknown:204", "unknown:205", "unknown:206", "unknown:207",
++	"unknown:208", "unknown:209", "unknown:210", "unknown:211", "unknown:212", "unknown:213", "unknown:214", "unknown:215",
++	"unknown:216", "unknown:217", "unknown:218", "unknown:219", "unknown:220", "unknown:221", "unknown:222", "unknown:223",
++	"unknown:224", "unknown:225", "unknown:226", "unknown:227", "unknown:228", "unknown:229", "unknown:230", "unknown:231",
++	"unknown:232", "unknown:233", "unknown:234", "unknown:235", "unknown:236", "unknown:237", "unknown:238", "unknown:239",
++	"unknown:240", "unknown:241", "unknown:242", "unknown:243", "unknown:244", "unknown:245", "unknown:246", "unknown:247",
++	"unknown:248", "unknown:249", "unknown:250", "unknown:251", "unknown:252", "unknown:253", "unknown:254", "unknown:255",
++	};
++
++static const char * gr_socktypes[11] = {
++	"unknown:0", "stream", "dgram", "raw", "rdm", "seqpacket", "unknown:6", 
++	"unknown:7", "unknown:8", "unknown:9", "packet"
++	};
++
++const char *
++gr_proto_to_name(unsigned char proto)
++{
++	return gr_protocols[proto];
++}
++
++const char *
++gr_socktype_to_name(unsigned char type)
++{
++	return gr_socktypes[type];
++}
++
++int
++gr_search_socket(const int domain, const int type, const int protocol)
++{
++	struct acl_subject_label *curr;
++	const struct cred *cred = current_cred();
++
++	if (unlikely(!gr_acl_is_enabled()))
++		goto exit;
++
++	if ((domain < 0) || (type < 0) || (protocol < 0) || (domain != PF_INET)
++	    || (domain >= NPROTO) || (type >= SOCK_MAX) || (protocol > 255))
++		goto exit;	// let the kernel handle it
++
++	curr = current->acl;
++
++	if (!curr->ips)
++		goto exit;
++
++	if ((curr->ip_type & (1 << type)) &&
++	    (curr->ip_proto[protocol / 32] & (1 << (protocol % 32))))
++		goto exit;
++
++	if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
++		/* we don't place acls on raw sockets , and sometimes
++		   dgram/ip sockets are opened for ioctl and not
++		   bind/connect, so we'll fake a bind learn log */
++		if (type == SOCK_RAW || type == SOCK_PACKET) {
++			__u32 fakeip = 0;
++			security_learn(GR_IP_LEARN_MSG, current->role->rolename,
++				       current->role->roletype, cred->uid,
++				       cred->gid, current->exec_file ?
++				       gr_to_filename(current->exec_file->f_path.dentry,
++				       current->exec_file->f_path.mnt) :
++				       curr->filename, curr->filename,
++				       NIPQUAD(fakeip), 0, type,
++				       protocol, GR_CONNECT, 
++NIPQUAD(current->signal->curr_ip));
++		} else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) {
++			__u32 fakeip = 0;
++			security_learn(GR_IP_LEARN_MSG, current->role->rolename,
++				       current->role->roletype, cred->uid,
++				       cred->gid, current->exec_file ?
++				       gr_to_filename(current->exec_file->f_path.dentry,
++				       current->exec_file->f_path.mnt) :
++				       curr->filename, curr->filename,
++				       NIPQUAD(fakeip), 0, type,
++				       protocol, GR_BIND, NIPQUAD(current->signal->curr_ip));
++		}
++		/* we'll log when they use connect or bind */
++		goto exit;
++	}
++
++	gr_log_str3(GR_DONT_AUDIT, GR_SOCK_MSG, "inet", 
++		    gr_socktype_to_name(type), gr_proto_to_name(protocol));
++
++	return 0;
++      exit:
++	return 1;
++}
++
++int check_ip_policy(struct acl_ip_label *ip, __u32 ip_addr, __u16 ip_port, __u8 protocol, const int mode, const int type, __u32 our_addr, __u32 our_netmask)
++{
++	if ((ip->mode & mode) &&
++	    (ip_port >= ip->low) &&
++	    (ip_port <= ip->high) &&
++	    ((ntohl(ip_addr) & our_netmask) ==
++	     (ntohl(our_addr) & our_netmask))
++	    && (ip->proto[protocol / 32] & (1 << (protocol % 32)))
++	    && (ip->type & (1 << type))) {
++		if (ip->mode & GR_INVERT)
++			return 2; // specifically denied
++		else
++			return 1; // allowed
++	}
++
++	return 0; // not specifically allowed, may continue parsing
++}
++
++static int
++gr_search_connectbind(const int full_mode, struct sock *sk,
++		      struct sockaddr_in *addr, const int type)
++{
++	char iface[IFNAMSIZ] = {0};
++	struct acl_subject_label *curr;
++	struct acl_ip_label *ip;
++	struct inet_sock *isk;
++	struct net_device *dev;
++	struct in_device *idev;
++	unsigned long i;
++	int ret;
++	int mode = full_mode & (GR_BIND | GR_CONNECT);
++	__u32 ip_addr = 0;
++	__u32 our_addr;
++	__u32 our_netmask;
++	char *p;
++	__u16 ip_port = 0;
++	const struct cred *cred = current_cred();
++
++	if (unlikely(!gr_acl_is_enabled() || sk->sk_family != PF_INET))
++		return 0;
++
++	curr = current->acl;
++	isk = inet_sk(sk);
++
++	/* INADDR_ANY overriding for binds, inaddr_any_override is already in network order */
++	if ((full_mode & GR_BINDOVERRIDE) && addr->sin_addr.s_addr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0)
++		addr->sin_addr.s_addr = curr->inaddr_any_override;
++	if ((full_mode & GR_CONNECT) && isk->saddr == htonl(INADDR_ANY) && curr->inaddr_any_override != 0) {
++		struct sockaddr_in saddr;
++		int err;
++
++		saddr.sin_family = AF_INET;
++		saddr.sin_addr.s_addr = curr->inaddr_any_override;
++		saddr.sin_port = isk->sport;
++
++		err = security_socket_bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
++		if (err)
++			return err;
++
++		err = sk->sk_socket->ops->bind(sk->sk_socket, (struct sockaddr *)&saddr, sizeof(struct sockaddr_in));
++		if (err)
++			return err;
++	}
++
++	if (!curr->ips)
++		return 0;
++
++	ip_addr = addr->sin_addr.s_addr;
++	ip_port = ntohs(addr->sin_port);
++
++	if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) {
++		security_learn(GR_IP_LEARN_MSG, current->role->rolename,
++			       current->role->roletype, cred->uid,
++			       cred->gid, current->exec_file ?
++			       gr_to_filename(current->exec_file->f_path.dentry,
++			       current->exec_file->f_path.mnt) :
++			       curr->filename, curr->filename,
++			       NIPQUAD(ip_addr), ip_port, type,
++			       sk->sk_protocol, mode, NIPQUAD(current->signal->curr_ip));
++		return 0;
++	}
++
++	for (i = 0; i < curr->ip_num; i++) {
++		ip = *(curr->ips + i);
++		if (ip->iface != NULL) {
++			strncpy(iface, ip->iface, IFNAMSIZ - 1);
++			p = strchr(iface, ':');
++			if (p != NULL)
++				*p = '\0';
++			dev = dev_get_by_name(sock_net(sk), iface);
++			if (dev == NULL)
++				continue;
++			idev = in_dev_get(dev);
++			if (idev == NULL) {
++				dev_put(dev);
++				continue;
++			}
++			rcu_read_lock();
++			for_ifa(idev) {
++				if (!strcmp(ip->iface, ifa->ifa_label)) {
++					our_addr = ifa->ifa_address;
++					our_netmask = 0xffffffff;
++					ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
++					if (ret == 1) {
++						rcu_read_unlock();
++						in_dev_put(idev);
++						dev_put(dev);
++						return 0;
++					} else if (ret == 2) {
++						rcu_read_unlock();
++						in_dev_put(idev);
++						dev_put(dev);
++						goto denied;
++					}
++				}
++			} endfor_ifa(idev);
++			rcu_read_unlock();
++			in_dev_put(idev);
++			dev_put(dev);
++		} else {
++			our_addr = ip->addr;
++			our_netmask = ip->netmask;
++			ret = check_ip_policy(ip, ip_addr, ip_port, sk->sk_protocol, mode, type, our_addr, our_netmask);
++			if (ret == 1)
++				return 0;
++			else if (ret == 2)
++				goto denied;
++		}
++	}
++
++denied:
++	if (mode == GR_BIND)
++		gr_log_int5_str2(GR_DONT_AUDIT, GR_BIND_ACL_MSG, NIPQUAD(ip_addr), ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
++	else if (mode == GR_CONNECT)
++		gr_log_int5_str2(GR_DONT_AUDIT, GR_CONNECT_ACL_MSG, NIPQUAD(ip_addr), ip_port, gr_socktype_to_name(type), gr_proto_to_name(sk->sk_protocol));
++
++	return -EACCES;
++}
++
++int
++gr_search_connect(struct socket *sock, struct sockaddr_in *addr)
++{
++	return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sock->sk, addr, sock->type);
++}
++
++int
++gr_search_bind(struct socket *sock, struct sockaddr_in *addr)
++{
++	return gr_search_connectbind(GR_BIND | GR_BINDOVERRIDE, sock->sk, addr, sock->type);
++}
++
++int gr_search_listen(struct socket *sock)
++{
++	struct sock *sk = sock->sk;
++	struct sockaddr_in addr;
++
++	addr.sin_addr.s_addr = inet_sk(sk)->saddr;
++	addr.sin_port = inet_sk(sk)->sport;
++
++	return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
++}
++
++int gr_search_accept(struct socket *sock)
++{
++	struct sock *sk = sock->sk;
++	struct sockaddr_in addr;
++
++	addr.sin_addr.s_addr = inet_sk(sk)->saddr;
++	addr.sin_port = inet_sk(sk)->sport;
++
++	return gr_search_connectbind(GR_BIND | GR_CONNECTOVERRIDE, sock->sk, &addr, sock->type);
++}
++
++int
++gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr)
++{
++	if (addr)
++		return gr_search_connectbind(GR_CONNECT, sk, addr, SOCK_DGRAM);
++	else {
++		struct sockaddr_in sin;
++		const struct inet_sock *inet = inet_sk(sk);
++
++		sin.sin_addr.s_addr = inet->daddr;
++		sin.sin_port = inet->dport;
++
++		return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
++	}
++}
++
++int
++gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb)
++{
++	struct sockaddr_in sin;
++
++	if (unlikely(skb->len < sizeof (struct udphdr)))
++		return 0;	// skip this packet
++
++	sin.sin_addr.s_addr = ip_hdr(skb)->saddr;
++	sin.sin_port = udp_hdr(skb)->source;
++
++	return gr_search_connectbind(GR_CONNECT | GR_CONNECTOVERRIDE, sk, &sin, SOCK_DGRAM);
++}
+diff -urNp linux-2.6.29.6/grsecurity/gracl_learn.c linux-2.6.29.6/grsecurity/gracl_learn.c
+--- linux-2.6.29.6/grsecurity/gracl_learn.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_learn.c	2009-07-23 18:43:31.274004949 -0400
+@@ -0,0 +1,211 @@
++#include <linux/kernel.h>
++#include <linux/mm.h>
++#include <linux/sched.h>
++#include <linux/poll.h>
++#include <linux/smp_lock.h>
++#include <linux/string.h>
++#include <linux/file.h>
++#include <linux/types.h>
++#include <linux/vmalloc.h>
++#include <linux/grinternal.h>
++
++extern ssize_t write_grsec_handler(struct file * file, const char __user * buf,
++				   size_t count, loff_t *ppos);
++extern int gr_acl_is_enabled(void);
++
++static DECLARE_WAIT_QUEUE_HEAD(learn_wait);
++static int gr_learn_attached;
++
++/* use a 512k buffer */
++#define LEARN_BUFFER_SIZE (512 * 1024)
++
++static DEFINE_SPINLOCK(gr_learn_lock);
++static DECLARE_MUTEX(gr_learn_user_sem);
++
++/* we need to maintain two buffers, so that the kernel context of grlearn
++   uses a semaphore around the userspace copying, and the other kernel contexts
++   use a spinlock when copying into the buffer, since they cannot sleep
++*/
++static char *learn_buffer;
++static char *learn_buffer_user;
++static int learn_buffer_len;
++static int learn_buffer_user_len;
++
++static ssize_t
++read_learn(struct file *file, char __user * buf, size_t count, loff_t * ppos)
++{
++	DECLARE_WAITQUEUE(wait, current);
++	ssize_t retval = 0;
++
++	add_wait_queue(&learn_wait, &wait);
++	set_current_state(TASK_INTERRUPTIBLE);
++	do {
++		down(&gr_learn_user_sem);
++		spin_lock(&gr_learn_lock);
++		if (learn_buffer_len)
++			break;
++		spin_unlock(&gr_learn_lock);
++		up(&gr_learn_user_sem);
++		if (file->f_flags & O_NONBLOCK) {
++			retval = -EAGAIN;
++			goto out;
++		}
++		if (signal_pending(current)) {
++			retval = -ERESTARTSYS;
++			goto out;
++		}
++
++		schedule();
++	} while (1);
++
++	memcpy(learn_buffer_user, learn_buffer, learn_buffer_len);
++	learn_buffer_user_len = learn_buffer_len;
++	retval = learn_buffer_len;
++	learn_buffer_len = 0;
++
++	spin_unlock(&gr_learn_lock);
++
++	if (copy_to_user(buf, learn_buffer_user, learn_buffer_user_len))
++		retval = -EFAULT;
++
++	up(&gr_learn_user_sem);
++out:
++	set_current_state(TASK_RUNNING);
++	remove_wait_queue(&learn_wait, &wait);
++	return retval;
++}
++
++static unsigned int
++poll_learn(struct file * file, poll_table * wait)
++{
++	poll_wait(file, &learn_wait, wait);
++
++	if (learn_buffer_len)
++		return (POLLIN | POLLRDNORM);
++
++	return 0;
++}
++
++void
++gr_clear_learn_entries(void)
++{
++	char *tmp;
++
++	down(&gr_learn_user_sem);
++	if (learn_buffer != NULL) {
++		spin_lock(&gr_learn_lock);
++		tmp = learn_buffer;
++		learn_buffer = NULL;
++		spin_unlock(&gr_learn_lock);
++		vfree(learn_buffer);
++	}
++	if (learn_buffer_user != NULL) {
++		vfree(learn_buffer_user);
++		learn_buffer_user = NULL;
++	}
++	learn_buffer_len = 0;
++	up(&gr_learn_user_sem);
++
++	return;
++}
++
++void
++gr_add_learn_entry(const char *fmt, ...)
++{
++	va_list args;
++	unsigned int len;
++
++	if (!gr_learn_attached)
++		return;
++
++	spin_lock(&gr_learn_lock);
++
++	/* leave a gap at the end so we know when it's "full" but don't have to
++	   compute the exact length of the string we're trying to append
++	*/
++	if (learn_buffer_len > LEARN_BUFFER_SIZE - 16384) {
++		spin_unlock(&gr_learn_lock);
++		wake_up_interruptible(&learn_wait);
++		return;
++	}
++	if (learn_buffer == NULL) {
++		spin_unlock(&gr_learn_lock);
++		return;
++	}
++
++	va_start(args, fmt);
++	len = vsnprintf(learn_buffer + learn_buffer_len, LEARN_BUFFER_SIZE - learn_buffer_len, fmt, args);
++	va_end(args);
++
++	learn_buffer_len += len + 1;
++
++	spin_unlock(&gr_learn_lock);
++	wake_up_interruptible(&learn_wait);
++
++	return;
++}
++
++static int
++open_learn(struct inode *inode, struct file *file)
++{
++	if (file->f_mode & FMODE_READ && gr_learn_attached)
++		return -EBUSY;
++	if (file->f_mode & FMODE_READ) {
++		int retval = 0;
++		down(&gr_learn_user_sem);
++		if (learn_buffer == NULL)
++			learn_buffer = vmalloc(LEARN_BUFFER_SIZE);
++		if (learn_buffer_user == NULL)
++			learn_buffer_user = vmalloc(LEARN_BUFFER_SIZE);
++		if (learn_buffer == NULL) {
++			retval = -ENOMEM;
++			goto out_error;
++		}
++		if (learn_buffer_user == NULL) {
++			retval = -ENOMEM;
++			goto out_error;
++		}
++		learn_buffer_len = 0;
++		learn_buffer_user_len = 0;
++		gr_learn_attached = 1;
++out_error:
++		up(&gr_learn_user_sem);
++		return retval;
++	}
++	return 0;
++}
++
++static int
++close_learn(struct inode *inode, struct file *file)
++{
++	char *tmp;
++
++	if (file->f_mode & FMODE_READ) {
++		down(&gr_learn_user_sem);
++		if (learn_buffer != NULL) {
++			spin_lock(&gr_learn_lock);
++			tmp = learn_buffer;
++			learn_buffer = NULL;
++			spin_unlock(&gr_learn_lock);
++			vfree(tmp);
++		}
++		if (learn_buffer_user != NULL) {
++			vfree(learn_buffer_user);
++			learn_buffer_user = NULL;
++		}
++		learn_buffer_len = 0;
++		learn_buffer_user_len = 0;
++		gr_learn_attached = 0;
++		up(&gr_learn_user_sem);
++	}
++
++	return 0;
++}
++		
++const struct file_operations grsec_fops = {
++	.read		= read_learn,
++	.write		= write_grsec_handler,
++	.open		= open_learn,
++	.release	= close_learn,
++	.poll		= poll_learn,
++};
+diff -urNp linux-2.6.29.6/grsecurity/gracl_res.c linux-2.6.29.6/grsecurity/gracl_res.c
+--- linux-2.6.29.6/grsecurity/gracl_res.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_res.c	2009-07-23 17:34:32.175727734 -0400
+@@ -0,0 +1,58 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/gracl.h>
++#include <linux/grinternal.h>
++
++static const char *restab_log[] = {
++	[RLIMIT_CPU] = "RLIMIT_CPU",
++	[RLIMIT_FSIZE] = "RLIMIT_FSIZE",
++	[RLIMIT_DATA] = "RLIMIT_DATA",
++	[RLIMIT_STACK] = "RLIMIT_STACK",
++	[RLIMIT_CORE] = "RLIMIT_CORE",
++	[RLIMIT_RSS] = "RLIMIT_RSS",
++	[RLIMIT_NPROC] = "RLIMIT_NPROC",
++	[RLIMIT_NOFILE] = "RLIMIT_NOFILE",
++	[RLIMIT_MEMLOCK] = "RLIMIT_MEMLOCK",
++	[RLIMIT_AS] = "RLIMIT_AS",
++	[RLIMIT_LOCKS] = "RLIMIT_LOCKS",
++	[RLIMIT_SIGPENDING] = "RLIMIT_SIGPENDING",
++	[RLIMIT_MSGQUEUE] = "RLIMIT_MSGQUEUE",
++	[RLIMIT_NICE] = "RLIMIT_NICE",
++	[RLIMIT_RTPRIO] = "RLIMIT_RTPRIO",
++	[RLIMIT_RTTIME] = "RLIMIT_RTTIME",
++	[GR_CRASH_RES] = "RLIMIT_CRASH"
++};
++
++void
++gr_log_resource(const struct task_struct *task,
++		const int res, const unsigned long wanted, const int gt)
++{
++	const struct cred *cred = __task_cred(task);
++
++	if (res == RLIMIT_NPROC && 
++	    (cap_raised(cred->cap_effective, CAP_SYS_ADMIN) || 
++	     cap_raised(cred->cap_effective, CAP_SYS_RESOURCE)))
++		return;
++	else if (res == RLIMIT_MEMLOCK &&
++		 cap_raised(cred->cap_effective, CAP_IPC_LOCK))
++		return;
++	else if (res == RLIMIT_NICE && cap_raised(cred->cap_effective, CAP_SYS_NICE))
++		return;
++
++	if (!gr_acl_is_enabled() && !grsec_resource_logging)
++		return;
++
++	// not yet supported resource
++	if (!restab_log[res])
++		return;
++
++	preempt_disable();
++
++	if (unlikely(((gt && wanted > task->signal->rlim[res].rlim_cur) ||
++		      (!gt && wanted >= task->signal->rlim[res].rlim_cur)) &&
++		     task->signal->rlim[res].rlim_cur != RLIM_INFINITY))
++		gr_log_res_ulong2_str(GR_DONT_AUDIT, GR_RESOURCE_MSG, task, wanted, restab_log[res], task->signal->rlim[res].rlim_cur);
++	preempt_enable_no_resched();
++
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/gracl_segv.c linux-2.6.29.6/grsecurity/gracl_segv.c
+--- linux-2.6.29.6/grsecurity/gracl_segv.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_segv.c	2009-07-23 17:34:32.175727734 -0400
+@@ -0,0 +1,307 @@
++#include <linux/kernel.h>
++#include <linux/mm.h>
++#include <asm/uaccess.h>
++#include <asm/errno.h>
++#include <asm/mman.h>
++#include <net/sock.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/net.h>
++#include <linux/in.h>
++#include <linux/smp_lock.h>
++#include <linux/slab.h>
++#include <linux/types.h>
++#include <linux/sched.h>
++#include <linux/timer.h>
++#include <linux/gracl.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++static struct crash_uid *uid_set;
++static unsigned short uid_used;
++static DEFINE_SPINLOCK(gr_uid_lock);
++extern rwlock_t gr_inode_lock;
++extern struct acl_subject_label *
++	lookup_acl_subj_label(const ino_t inode, const dev_t dev,
++			      struct acl_role_label *role);
++extern int specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t);
++
++int
++gr_init_uidset(void)
++{
++	uid_set =
++	    kmalloc(GR_UIDTABLE_MAX * sizeof (struct crash_uid), GFP_KERNEL);
++	uid_used = 0;
++
++	return uid_set ? 1 : 0;
++}
++
++void
++gr_free_uidset(void)
++{
++	if (uid_set)
++		kfree(uid_set);
++
++	return;
++}
++
++int
++gr_find_uid(const uid_t uid)
++{
++	struct crash_uid *tmp = uid_set;
++	uid_t buid;
++	int low = 0, high = uid_used - 1, mid;
++
++	while (high >= low) {
++		mid = (low + high) >> 1;
++		buid = tmp[mid].uid;
++		if (buid == uid)
++			return mid;
++		if (buid > uid)
++			high = mid - 1;
++		if (buid < uid)
++			low = mid + 1;
++	}
++
++	return -1;
++}
++
++static __inline__ void
++gr_insertsort(void)
++{
++	unsigned short i, j;
++	struct crash_uid index;
++
++	for (i = 1; i < uid_used; i++) {
++		index = uid_set[i];
++		j = i;
++		while ((j > 0) && uid_set[j - 1].uid > index.uid) {
++			uid_set[j] = uid_set[j - 1];
++			j--;
++		}
++		uid_set[j] = index;
++	}
++
++	return;
++}
++
++static __inline__ void
++gr_insert_uid(const uid_t uid, const unsigned long expires)
++{
++	int loc;
++
++	if (uid_used == GR_UIDTABLE_MAX)
++		return;
++
++	loc = gr_find_uid(uid);
++
++	if (loc >= 0) {
++		uid_set[loc].expires = expires;
++		return;
++	}
++
++	uid_set[uid_used].uid = uid;
++	uid_set[uid_used].expires = expires;
++	uid_used++;
++
++	gr_insertsort();
++
++	return;
++}
++
++void
++gr_remove_uid(const unsigned short loc)
++{
++	unsigned short i;
++
++	for (i = loc + 1; i < uid_used; i++)
++		uid_set[i - 1] = uid_set[i];
++
++	uid_used--;
++
++	return;
++}
++
++int
++gr_check_crash_uid(const uid_t uid)
++{
++	int loc;
++	int ret = 0;
++
++	if (unlikely(!gr_acl_is_enabled()))
++		return 0;
++
++	spin_lock(&gr_uid_lock);
++	loc = gr_find_uid(uid);
++
++	if (loc < 0)
++		goto out_unlock;
++
++	if (time_before_eq(uid_set[loc].expires, get_seconds()))
++		gr_remove_uid(loc);
++	else
++		ret = 1;
++
++out_unlock:
++	spin_unlock(&gr_uid_lock);
++	return ret;
++}
++
++static __inline__ int
++proc_is_setxid(const struct cred *cred)
++{
++	if (cred->uid != cred->euid || cred->uid != cred->suid ||
++	    cred->uid != cred->fsuid)
++		return 1;
++	if (cred->gid != cred->egid || cred->gid != cred->sgid ||
++	    cred->gid != cred->fsgid)
++		return 1;
++
++	return 0;
++}
++static __inline__ int
++gr_fake_force_sig(int sig, struct task_struct *t)
++{
++	unsigned long int flags;
++	int ret, blocked, ignored;
++	struct k_sigaction *action;
++
++	spin_lock_irqsave(&t->sighand->siglock, flags);
++	action = &t->sighand->action[sig-1];
++	ignored = action->sa.sa_handler == SIG_IGN;
++	blocked = sigismember(&t->blocked, sig);
++	if (blocked || ignored) {
++		action->sa.sa_handler = SIG_DFL;
++		if (blocked) {
++			sigdelset(&t->blocked, sig);
++			recalc_sigpending_and_wake(t);
++		}
++	}
++	if (action->sa.sa_handler == SIG_DFL)
++		t->signal->flags &= ~SIGNAL_UNKILLABLE;
++	ret = specific_send_sig_info(sig, SEND_SIG_PRIV, t);
++
++	spin_unlock_irqrestore(&t->sighand->siglock, flags);
++
++	return ret;
++}
++
++void
++gr_handle_crash(struct task_struct *task, const int sig)
++{
++	struct acl_subject_label *curr;
++	struct acl_subject_label *curr2;
++	struct task_struct *tsk, *tsk2;
++	const struct cred *cred = __task_cred(task);
++	const struct cred *cred2;
++
++	if (sig != SIGSEGV && sig != SIGKILL && sig != SIGBUS && sig != SIGILL)
++		return;
++
++	if (unlikely(!gr_acl_is_enabled()))
++		return;
++
++	curr = task->acl;
++
++	if (!(curr->resmask & (1 << GR_CRASH_RES)))
++		return;
++
++	if (time_before_eq(curr->expires, get_seconds())) {
++		curr->expires = 0;
++		curr->crashes = 0;
++	}
++
++	curr->crashes++;
++
++	if (!curr->expires)
++		curr->expires = get_seconds() + curr->res[GR_CRASH_RES].rlim_max;
++
++	if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
++	    time_after(curr->expires, get_seconds())) {
++		if (cred->uid && proc_is_setxid(cred)) {
++			gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
++			spin_lock(&gr_uid_lock);
++			gr_insert_uid(cred->uid, curr->expires);
++			spin_unlock(&gr_uid_lock);
++			curr->expires = 0;
++			curr->crashes = 0;
++			read_lock(&tasklist_lock);
++			do_each_thread(tsk2, tsk) {
++				cred2 = __task_cred(tsk);
++				if (tsk != task && cred2->uid == cred->uid)
++					gr_fake_force_sig(SIGKILL, tsk);
++			} while_each_thread(tsk2, tsk);
++			read_unlock(&tasklist_lock);
++		} else {
++			gr_log_crash2(GR_DONT_AUDIT, GR_SEGVNOSUID_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max);
++			read_lock(&tasklist_lock);
++			do_each_thread(tsk2, tsk) {
++				if (likely(tsk != task)) {
++					curr2 = tsk->acl;
++
++					if (curr2->device == curr->device &&
++					    curr2->inode == curr->inode)
++						gr_fake_force_sig(SIGKILL, tsk);
++				}
++			} while_each_thread(tsk2, tsk);
++			read_unlock(&tasklist_lock);
++		}
++	}
++
++	return;
++}
++
++int
++gr_check_crash_exec(const struct file *filp)
++{
++	struct acl_subject_label *curr;
++
++	if (unlikely(!gr_acl_is_enabled()))
++		return 0;
++
++	read_lock(&gr_inode_lock);
++	curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino,
++				     filp->f_path.dentry->d_inode->i_sb->s_dev,
++				     current->role);
++	read_unlock(&gr_inode_lock);
++
++	if (!curr || !(curr->resmask & (1 << GR_CRASH_RES)) ||
++	    (!curr->crashes && !curr->expires))
++		return 0;
++
++	if ((curr->crashes >= curr->res[GR_CRASH_RES].rlim_cur) &&
++	    time_after(curr->expires, get_seconds()))
++		return 1;
++	else if (time_before_eq(curr->expires, get_seconds())) {
++		curr->crashes = 0;
++		curr->expires = 0;
++	}
++
++	return 0;
++}
++
++void
++gr_handle_alertkill(struct task_struct *task)
++{
++	struct acl_subject_label *curracl;
++	__u32 curr_ip;
++	struct task_struct *p, *p2;
++
++	if (unlikely(!gr_acl_is_enabled()))
++		return;
++
++	curracl = task->acl;
++	curr_ip = task->signal->curr_ip;
++
++	if ((curracl->mode & GR_KILLIPPROC) && curr_ip) {
++		read_lock(&tasklist_lock);
++		do_each_thread(p2, p) {
++			if (p->signal->curr_ip == curr_ip)
++				gr_fake_force_sig(SIGKILL, p);
++		} while_each_thread(p2, p);
++		read_unlock(&tasklist_lock);
++	} else if (curracl->mode & GR_KILLPROC)
++		gr_fake_force_sig(SIGKILL, task);
++
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/gracl_shm.c linux-2.6.29.6/grsecurity/gracl_shm.c
+--- linux-2.6.29.6/grsecurity/gracl_shm.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/gracl_shm.c	2009-07-23 17:34:32.175727734 -0400
+@@ -0,0 +1,37 @@
++#include <linux/kernel.h>
++#include <linux/mm.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/ipc.h>
++#include <linux/gracl.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++int
++gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
++		const time_t shm_createtime, const uid_t cuid, const int shmid)
++{
++	struct task_struct *task;
++
++	if (!gr_acl_is_enabled())
++		return 1;
++
++	read_lock(&tasklist_lock);
++
++	task = find_task_by_vpid(shm_cprid);
++
++	if (unlikely(!task))
++		task = find_task_by_vpid(shm_lapid);
++
++	if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) ||
++			      (task->pid == shm_lapid)) &&
++		     (task->acl->mode & GR_PROTSHM) &&
++		     (task->acl != current->acl))) {
++		read_unlock(&tasklist_lock);
++		gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid);
++		return 0;
++	}
++	read_unlock(&tasklist_lock);
++
++	return 1;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_chdir.c linux-2.6.29.6/grsecurity/grsec_chdir.c
+--- linux-2.6.29.6/grsecurity/grsec_chdir.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_chdir.c	2009-07-23 17:34:32.175727734 -0400
+@@ -0,0 +1,19 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/fs.h>
++#include <linux/file.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++void
++gr_log_chdir(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
++	if ((grsec_enable_chdir && grsec_enable_group &&
++	     in_group_p(grsec_audit_gid)) || (grsec_enable_chdir &&
++					      !grsec_enable_group)) {
++		gr_log_fs_generic(GR_DO_AUDIT, GR_CHDIR_AUDIT_MSG, dentry, mnt);
++	}
++#endif
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_chroot.c linux-2.6.29.6/grsecurity/grsec_chroot.c
+--- linux-2.6.29.6/grsecurity/grsec_chroot.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_chroot.c	2009-07-23 17:34:32.175727734 -0400
+@@ -0,0 +1,350 @@
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/mount.h>
++#include <linux/types.h>
++#include <linux/pid_namespace.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++int
++gr_handle_chroot_unix(const pid_t pid)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
++	struct pid *spid = NULL;
++
++	if (unlikely(!grsec_enable_chroot_unix))
++		return 1;
++
++	if (likely(!proc_is_chrooted(current)))
++		return 1;
++
++	read_lock(&tasklist_lock);
++
++	spid = find_vpid(pid);
++	if (spid) {
++		struct task_struct *p;
++		p = pid_task(spid, PIDTYPE_PID);
++		task_lock(p);
++		if (unlikely(!have_same_root(current, p))) {
++			task_unlock(p);
++			read_unlock(&tasklist_lock);
++			gr_log_noargs(GR_DONT_AUDIT, GR_UNIX_CHROOT_MSG);
++			return 0;
++		}
++		task_unlock(p);
++	}
++	read_unlock(&tasklist_lock);
++#endif
++	return 1;
++}
++
++int
++gr_handle_chroot_nice(void)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
++	if (grsec_enable_chroot_nice && proc_is_chrooted(current)) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_NICE_CHROOT_MSG);
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_chroot_setpriority(struct task_struct *p, const int niceval)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
++	if (grsec_enable_chroot_nice && (niceval < task_nice(p))
++			&& proc_is_chrooted(current)) {
++		gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid);
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_chroot_rawio(const struct inode *inode)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++	if (grsec_enable_chroot_caps && proc_is_chrooted(current) && 
++	    inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO))
++		return 1;
++#endif
++	return 0;
++}
++
++int
++gr_pid_is_chrooted(struct task_struct *p)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
++	if (!grsec_enable_chroot_findtask || !proc_is_chrooted(current) || p == NULL)
++		return 0;
++
++	task_lock(p);
++	if ((p->exit_state & (EXIT_ZOMBIE | EXIT_DEAD)) ||
++	    !have_same_root(current, p)) {
++		task_unlock(p);
++		return 1;
++	}
++	task_unlock(p);
++#endif
++	return 0;
++}
++
++EXPORT_SYMBOL(gr_pid_is_chrooted);
++
++#if defined(CONFIG_GRKERNSEC_CHROOT_DOUBLE) || defined(CONFIG_GRKERNSEC_CHROOT_FCHDIR)
++int gr_is_outside_chroot(const struct dentry *u_dentry, const struct vfsmount *u_mnt)
++{
++	struct dentry *dentry = (struct dentry *)u_dentry;
++	struct vfsmount *mnt = (struct vfsmount *)u_mnt;
++	struct dentry *realroot;
++	struct vfsmount *realrootmnt;
++	struct dentry *currentroot;
++	struct vfsmount *currentmnt;
++	struct task_struct *reaper = current->nsproxy->pid_ns->child_reaper;
++	int ret = 1;
++
++	read_lock(&reaper->fs->lock);
++	realrootmnt = mntget(reaper->fs->root.mnt);
++	realroot = dget(reaper->fs->root.dentry);
++	read_unlock(&reaper->fs->lock);
++
++	read_lock(&current->fs->lock);
++	currentmnt = mntget(current->fs->root.mnt);
++	currentroot = dget(current->fs->root.dentry);
++	read_unlock(&current->fs->lock);
++
++	spin_lock(&dcache_lock);
++	for (;;) {
++		if (unlikely((dentry == realroot && mnt == realrootmnt)
++		     || (dentry == currentroot && mnt == currentmnt)))
++			break;
++		if (unlikely(dentry == mnt->mnt_root || IS_ROOT(dentry))) {
++			if (mnt->mnt_parent == mnt)
++				break;
++			dentry = mnt->mnt_mountpoint;
++			mnt = mnt->mnt_parent;
++			continue;
++		}
++		dentry = dentry->d_parent;
++	}
++	spin_unlock(&dcache_lock);
++
++	dput(currentroot);
++	mntput(currentmnt);
++
++	/* access is outside of chroot */
++	if (dentry == realroot && mnt == realrootmnt)
++		ret = 0;
++
++	dput(realroot);
++	mntput(realrootmnt);
++	return ret;
++}
++#endif
++
++int
++gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
++	if (!grsec_enable_chroot_fchdir)
++		return 1;
++
++	if (!proc_is_chrooted(current))
++		return 1;
++	else if (!gr_is_outside_chroot(u_dentry, u_mnt)) {
++		gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_FCHDIR_MSG, u_dentry, u_mnt);
++		return 0;
++	}
++#endif
++	return 1;
++}
++
++int
++gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
++		const time_t shm_createtime)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
++	struct pid *pid = NULL;
++	time_t starttime;
++
++	if (unlikely(!grsec_enable_chroot_shmat))
++		return 1;
++
++	if (likely(!proc_is_chrooted(current)))
++		return 1;
++
++	read_lock(&tasklist_lock);
++
++	pid = find_vpid(shm_cprid);
++	if (pid) {
++		struct task_struct *p;
++		p = pid_task(pid, PIDTYPE_PID);
++		task_lock(p);
++		starttime = p->start_time.tv_sec;
++		if (unlikely(!have_same_root(current, p) &&
++			     time_before_eq((unsigned long)starttime, (unsigned long)shm_createtime))) {
++			task_unlock(p);
++			read_unlock(&tasklist_lock);
++			gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
++			return 0;
++		}
++		task_unlock(p);
++	} else {
++		pid = find_vpid(shm_lapid);
++		if (pid) {
++			struct task_struct *p;
++			p = pid_task(pid, PIDTYPE_PID);
++			task_lock(p);
++			if (unlikely(!have_same_root(current, p))) {
++				task_unlock(p);
++				read_unlock(&tasklist_lock);
++				gr_log_noargs(GR_DONT_AUDIT, GR_SHMAT_CHROOT_MSG);
++				return 0;
++			}
++			task_unlock(p);
++		}
++	}
++
++	read_unlock(&tasklist_lock);
++#endif
++	return 1;
++}
++
++void
++gr_log_chroot_exec(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
++	if (grsec_enable_chroot_execlog && proc_is_chrooted(current))
++		gr_log_fs_generic(GR_DO_AUDIT, GR_EXEC_CHROOT_MSG, dentry, mnt);
++#endif
++	return;
++}
++
++int
++gr_handle_chroot_mknod(const struct dentry *dentry,
++		       const struct vfsmount *mnt, const int mode)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
++	if (grsec_enable_chroot_mknod && !S_ISFIFO(mode) && !S_ISREG(mode) && 
++	    proc_is_chrooted(current)) {
++		gr_log_fs_generic(GR_DONT_AUDIT, GR_MKNOD_CHROOT_MSG, dentry, mnt);
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_chroot_mount(const struct dentry *dentry,
++		       const struct vfsmount *mnt, const char *dev_name)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
++	if (grsec_enable_chroot_mount && proc_is_chrooted(current)) {
++		gr_log_str_fs(GR_DONT_AUDIT, GR_MOUNT_CHROOT_MSG, dev_name, dentry, mnt);
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_chroot_pivot(void)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
++	if (grsec_enable_chroot_pivot && proc_is_chrooted(current)) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_PIVOT_CHROOT_MSG);
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_chroot_chroot(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
++	if (grsec_enable_chroot_double && proc_is_chrooted(current) &&
++	    !gr_is_outside_chroot(dentry, mnt)) {
++		gr_log_fs_generic(GR_DONT_AUDIT, GR_CHROOT_CHROOT_MSG, dentry, mnt);
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_chroot_caps(struct path *path)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++	if (grsec_enable_chroot_caps && current->pid > 1 && current->fs != NULL &&
++		((current->nsproxy->pid_ns->child_reaper->fs->root.dentry->d_inode->i_sb != 
++		path->dentry->d_inode->i_sb) ||
++		 (current->nsproxy->pid_ns->child_reaper->fs->root.dentry->d_inode->i_ino != 
++		  path->dentry->d_inode->i_ino))) {
++
++		kernel_cap_t chroot_caps = GR_CHROOT_CAPS;
++		const struct cred *old = current_cred();
++		struct cred *new = prepare_creds();
++		if (new == NULL)
++			return 1;
++
++		new->cap_permitted = cap_drop(old->cap_permitted, 
++					      chroot_caps);
++		new->cap_inheritable = cap_drop(old->cap_inheritable, 
++						chroot_caps);
++		new->cap_effective = cap_drop(old->cap_effective,
++					      chroot_caps);
++
++		commit_creds(new);
++
++		return 0;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_chroot_sysctl(const int op)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
++	if (grsec_enable_chroot_sysctl && proc_is_chrooted(current)
++	    && (op & MAY_WRITE))
++		return -EACCES;
++#endif
++	return 0;
++}
++
++void
++gr_handle_chroot_chdir(struct path *path)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
++	if (grsec_enable_chroot_chdir)
++		set_fs_pwd(current->fs, path);
++#endif
++	return;
++}
++
++int
++gr_handle_chroot_chmod(const struct dentry *dentry,
++		       const struct vfsmount *mnt, const int mode)
++{
++#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
++	if (grsec_enable_chroot_chmod &&
++	    ((mode & S_ISUID) || ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))) &&
++	    proc_is_chrooted(current)) {
++		gr_log_fs_generic(GR_DONT_AUDIT, GR_CHMOD_CHROOT_MSG, dentry, mnt);
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
++
++#ifdef CONFIG_SECURITY
++EXPORT_SYMBOL(gr_handle_chroot_caps);
++#endif
+diff -urNp linux-2.6.29.6/grsecurity/grsec_disabled.c linux-2.6.29.6/grsecurity/grsec_disabled.c
+--- linux-2.6.29.6/grsecurity/grsec_disabled.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_disabled.c	2009-07-23 17:34:32.175727734 -0400
+@@ -0,0 +1,426 @@
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/kdev_t.h>
++#include <linux/net.h>
++#include <linux/in.h>
++#include <linux/ip.h>
++#include <linux/skbuff.h>
++#include <linux/sysctl.h>
++
++#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
++void
++pax_set_initial_flags(struct linux_binprm *bprm)
++{
++	return;
++}
++#endif
++
++#ifdef CONFIG_SYSCTL
++__u32
++gr_handle_sysctl(const struct ctl_table * table, const int op)
++{
++	return 0;
++}
++#endif
++
++#ifdef CONFIG_TASKSTATS
++int gr_is_taskstats_denied(int pid)
++{
++	return 0;
++}
++#endif
++
++int
++gr_acl_is_enabled(void)
++{
++	return 0;
++}
++
++int
++gr_handle_rawio(const struct inode *inode)
++{
++	return 0;
++}
++
++void
++gr_acl_handle_psacct(struct task_struct *task, const long code)
++{
++	return;
++}
++
++int
++gr_handle_ptrace(struct task_struct *task, const long request)
++{
++	return 0;
++}
++
++int
++gr_handle_proc_ptrace(struct task_struct *task)
++{
++	return 0;
++}
++
++void
++gr_learn_resource(const struct task_struct *task,
++		  const int res, const unsigned long wanted, const int gt)
++{
++	return;
++}
++
++int
++gr_set_acls(const int type)
++{
++	return 0;
++}
++
++int
++gr_check_hidden_task(const struct task_struct *tsk)
++{
++	return 0;
++}
++
++int
++gr_check_protected_task(const struct task_struct *task)
++{
++	return 0;
++}
++
++void
++gr_copy_label(struct task_struct *tsk)
++{
++	return;
++}
++
++void
++gr_set_pax_flags(struct task_struct *task)
++{
++	return;
++}
++
++int
++gr_set_proc_label(const struct dentry *dentry, const struct vfsmount *mnt,
++		  const int unsafe_share)
++{
++	return 0;
++}
++
++void
++gr_handle_delete(const ino_t ino, const dev_t dev)
++{
++	return;
++}
++
++void
++gr_handle_create(const struct dentry *dentry, const struct vfsmount *mnt)
++{
++	return;
++}
++
++void
++gr_handle_crash(struct task_struct *task, const int sig)
++{
++	return;
++}
++
++int
++gr_check_crash_exec(const struct file *filp)
++{
++	return 0;
++}
++
++int
++gr_check_crash_uid(const uid_t uid)
++{
++	return 0;
++}
++
++void
++gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
++		 struct dentry *old_dentry,
++		 struct dentry *new_dentry,
++		 struct vfsmount *mnt, const __u8 replace)
++{
++	return;
++}
++
++int
++gr_search_socket(const int family, const int type, const int protocol)
++{
++	return 1;
++}
++
++int
++gr_search_connectbind(const int mode, const struct socket *sock,
++		      const struct sockaddr_in *addr)
++{
++	return 0;
++}
++
++int
++gr_is_capable(const int cap)
++{
++	return 1;
++}
++
++int
++gr_is_capable_nolog(const int cap)
++{
++	return 1;
++}
++
++void
++gr_handle_alertkill(struct task_struct *task)
++{
++	return;
++}
++
++__u32
++gr_acl_handle_execve(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_hidden_file(const struct dentry * dentry,
++			  const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_open(const struct dentry * dentry, const struct vfsmount * mnt,
++		   const int fmode)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_rmdir(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_unlink(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++int
++gr_acl_handle_mmap(const struct file *file, const unsigned long prot,
++		   unsigned int *vm_flags)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_truncate(const struct dentry * dentry,
++		       const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_utime(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_access(const struct dentry * dentry,
++		     const struct vfsmount * mnt, const int fmode)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_fchmod(const struct dentry * dentry, const struct vfsmount * mnt,
++		     mode_t mode)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_chmod(const struct dentry * dentry, const struct vfsmount * mnt,
++		    mode_t mode)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_chown(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++void
++grsecurity_init(void)
++{
++	return;
++}
++
++__u32
++gr_acl_handle_mknod(const struct dentry * new_dentry,
++		    const struct dentry * parent_dentry,
++		    const struct vfsmount * parent_mnt,
++		    const int mode)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_mkdir(const struct dentry * new_dentry,
++		    const struct dentry * parent_dentry,
++		    const struct vfsmount * parent_mnt)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_symlink(const struct dentry * new_dentry,
++		      const struct dentry * parent_dentry,
++		      const struct vfsmount * parent_mnt, const char *from)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_link(const struct dentry * new_dentry,
++		   const struct dentry * parent_dentry,
++		   const struct vfsmount * parent_mnt,
++		   const struct dentry * old_dentry,
++		   const struct vfsmount * old_mnt, const char *to)
++{
++	return 1;
++}
++
++int
++gr_acl_handle_rename(const struct dentry *new_dentry,
++		     const struct dentry *parent_dentry,
++		     const struct vfsmount *parent_mnt,
++		     const struct dentry *old_dentry,
++		     const struct inode *old_parent_inode,
++		     const struct vfsmount *old_mnt, const char *newname)
++{
++	return 0;
++}
++
++int
++gr_acl_handle_filldir(const struct file *file, const char *name,
++		      const int namelen, const ino_t ino)
++{
++	return 1;
++}
++
++int
++gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
++		const time_t shm_createtime, const uid_t cuid, const int shmid)
++{
++	return 1;
++}
++
++int
++gr_search_bind(const struct socket *sock, const struct sockaddr_in *addr)
++{
++	return 0;
++}
++
++int
++gr_search_accept(const struct socket *sock)
++{
++	return 0;
++}
++
++int
++gr_search_listen(const struct socket *sock)
++{
++	return 0;
++}
++
++int
++gr_search_connect(const struct socket *sock, const struct sockaddr_in *addr)
++{
++	return 0;
++}
++
++__u32
++gr_acl_handle_unix(const struct dentry * dentry, const struct vfsmount * mnt)
++{
++	return 1;
++}
++
++__u32
++gr_acl_handle_creat(const struct dentry * dentry,
++		    const struct dentry * p_dentry,
++		    const struct vfsmount * p_mnt, const int fmode,
++		    const int imode)
++{
++	return 1;
++}
++
++void
++gr_acl_handle_exit(void)
++{
++	return;
++}
++
++int
++gr_acl_handle_mprotect(const struct file *file, const unsigned long prot)
++{
++	return 1;
++}
++
++void
++gr_set_role_label(const uid_t uid, const gid_t gid)
++{
++	return;
++}
++
++int
++gr_acl_handle_procpidmem(const struct task_struct *task)
++{
++	return 0;
++}
++
++int
++gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb)
++{
++	return 0;
++}
++
++int
++gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr)
++{
++	return 0;
++}
++
++void
++gr_set_kernel_label(struct task_struct *task)
++{
++	return;
++}
++
++int
++gr_check_user_change(int real, int effective, int fs)
++{
++	return 0;
++}
++
++int
++gr_check_group_change(int real, int effective, int fs)
++{
++	return 0;
++}
++
++
++EXPORT_SYMBOL(gr_is_capable);
++EXPORT_SYMBOL(gr_is_capable_nolog);
++EXPORT_SYMBOL(gr_learn_resource);
++EXPORT_SYMBOL(gr_set_kernel_label);
++#ifdef CONFIG_SECURITY
++EXPORT_SYMBOL(gr_check_user_change);
++EXPORT_SYMBOL(gr_check_group_change);
++#endif
+diff -urNp linux-2.6.29.6/grsecurity/grsec_exec.c linux-2.6.29.6/grsecurity/grsec_exec.c
+--- linux-2.6.29.6/grsecurity/grsec_exec.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_exec.c	2009-07-23 17:34:32.176740408 -0400
+@@ -0,0 +1,89 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/binfmts.h>
++#include <linux/smp_lock.h>
++#include <linux/fs.h>
++#include <linux/types.h>
++#include <linux/grdefs.h>
++#include <linux/grinternal.h>
++#include <linux/capability.h>
++
++#include <asm/uaccess.h>
++
++#ifdef CONFIG_GRKERNSEC_EXECLOG
++static char gr_exec_arg_buf[132];
++static DECLARE_MUTEX(gr_exec_arg_sem);
++#endif
++
++int
++gr_handle_nproc(void)
++{
++#ifdef CONFIG_GRKERNSEC_EXECVE
++	const struct cred *cred = current_cred();
++	if (grsec_enable_execve && cred->user &&
++	    (atomic_read(&cred->user->processes) >
++	     current->signal->rlim[RLIMIT_NPROC].rlim_cur) &&
++	    !capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE)) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_NPROC_MSG);
++		return -EAGAIN;
++	}
++#endif
++	return 0;
++}
++
++void
++gr_handle_exec_args(struct linux_binprm *bprm, const char __user *__user *argv)
++{
++#ifdef CONFIG_GRKERNSEC_EXECLOG
++	char *grarg = gr_exec_arg_buf;
++	unsigned int i, x, execlen = 0;
++	char c;
++
++	if (!((grsec_enable_execlog && grsec_enable_group &&
++	       in_group_p(grsec_audit_gid))
++	      || (grsec_enable_execlog && !grsec_enable_group)))
++		return;
++
++	down(&gr_exec_arg_sem);
++	memset(grarg, 0, sizeof(gr_exec_arg_buf));
++
++	if (unlikely(argv == NULL))
++		goto log;
++
++	for (i = 0; i < bprm->argc && execlen < 128; i++) {
++		const char __user *p;
++		unsigned int len;
++
++		if (copy_from_user(&p, argv + i, sizeof(p)))
++			goto log;
++		if (!p)
++			goto log;
++		len = strnlen_user(p, 128 - execlen);
++		if (len > 128 - execlen)
++			len = 128 - execlen;
++		else if (len > 0)
++			len--;
++		if (copy_from_user(grarg + execlen, p, len))
++			goto log;
++
++		/* rewrite unprintable characters */
++		for (x = 0; x < len; x++) {
++			c = *(grarg + execlen + x);
++			if (c < 32 || c > 126)
++				*(grarg + execlen + x) = ' ';
++		}
++
++		execlen += len;
++		*(grarg + execlen) = ' ';
++		*(grarg + execlen + 1) = '\0';
++		execlen++;
++	}
++
++      log:
++	gr_log_fs_str(GR_DO_AUDIT, GR_EXEC_AUDIT_MSG, bprm->file->f_path.dentry,
++			bprm->file->f_path.mnt, grarg);
++	up(&gr_exec_arg_sem);
++#endif
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_fifo.c linux-2.6.29.6/grsecurity/grsec_fifo.c
+--- linux-2.6.29.6/grsecurity/grsec_fifo.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_fifo.c	2009-07-23 17:34:32.176740408 -0400
+@@ -0,0 +1,24 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/fs.h>
++#include <linux/file.h>
++#include <linux/grinternal.h>
++
++int
++gr_handle_fifo(const struct dentry *dentry, const struct vfsmount *mnt,
++	       const struct dentry *dir, const int flag, const int acc_mode)
++{
++#ifdef CONFIG_GRKERNSEC_FIFO
++	const struct cred *cred = current_cred();
++
++	if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) &&
++	    !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) &&
++	    (dentry->d_inode->i_uid != dir->d_inode->i_uid) &&
++	    (cred->fsuid != dentry->d_inode->i_uid)) {
++		if (!generic_permission(dentry->d_inode, acc_mode, NULL))
++			gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid);
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_fork.c linux-2.6.29.6/grsecurity/grsec_fork.c
+--- linux-2.6.29.6/grsecurity/grsec_fork.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_fork.c	2009-07-23 17:34:32.176740408 -0400
+@@ -0,0 +1,15 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++#include <linux/errno.h>
++
++void
++gr_log_forkfail(const int retval)
++{
++#ifdef CONFIG_GRKERNSEC_FORKFAIL
++	if (grsec_enable_forkfail && retval != -ERESTARTNOINTR)
++		gr_log_int(GR_DONT_AUDIT, GR_FAILFORK_MSG, retval);
++#endif
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_init.c linux-2.6.29.6/grsecurity/grsec_init.c
+--- linux-2.6.29.6/grsecurity/grsec_init.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_init.c	2009-07-23 18:43:31.274004949 -0400
+@@ -0,0 +1,230 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/smp_lock.h>
++#include <linux/gracl.h>
++#include <linux/slab.h>
++#include <linux/vmalloc.h>
++#include <linux/percpu.h>
++
++int grsec_enable_link;
++int grsec_enable_dmesg;
++int grsec_enable_fifo;
++int grsec_enable_execve;
++int grsec_enable_execlog;
++int grsec_enable_signal;
++int grsec_enable_forkfail;
++int grsec_enable_time;
++int grsec_enable_audit_textrel;
++int grsec_enable_group;
++int grsec_audit_gid;
++int grsec_enable_chdir;
++int grsec_enable_audit_ipc;
++int grsec_enable_mount;
++int grsec_enable_chroot_findtask;
++int grsec_enable_chroot_mount;
++int grsec_enable_chroot_shmat;
++int grsec_enable_chroot_fchdir;
++int grsec_enable_chroot_double;
++int grsec_enable_chroot_pivot;
++int grsec_enable_chroot_chdir;
++int grsec_enable_chroot_chmod;
++int grsec_enable_chroot_mknod;
++int grsec_enable_chroot_nice;
++int grsec_enable_chroot_execlog;
++int grsec_enable_chroot_caps;
++int grsec_enable_chroot_sysctl;
++int grsec_enable_chroot_unix;
++int grsec_enable_tpe;
++int grsec_tpe_gid;
++int grsec_enable_tpe_all;
++int grsec_enable_socket_all;
++int grsec_socket_all_gid;
++int grsec_enable_socket_client;
++int grsec_socket_client_gid;
++int grsec_enable_socket_server;
++int grsec_socket_server_gid;
++int grsec_resource_logging;
++int grsec_lock;
++
++DEFINE_SPINLOCK(grsec_alert_lock);
++unsigned long grsec_alert_wtime = 0;
++unsigned long grsec_alert_fyet = 0;
++
++DEFINE_SPINLOCK(grsec_audit_lock);
++
++DEFINE_RWLOCK(grsec_exec_file_lock);
++
++char *gr_shared_page[4];
++
++char *gr_alert_log_fmt;
++char *gr_audit_log_fmt;
++char *gr_alert_log_buf;
++char *gr_audit_log_buf;
++
++extern struct gr_arg *gr_usermode;
++extern unsigned char *gr_system_salt;
++extern unsigned char *gr_system_sum;
++
++void __init
++grsecurity_init(void)
++{
++	int j;
++	/* create the per-cpu shared pages */
++
++#ifdef CONFIG_X86
++	memset((char *)(0x41a + PAGE_OFFSET), 0, 36);
++#endif
++
++	for (j = 0; j < 4; j++) {
++		gr_shared_page[j] = (char *)__alloc_percpu(PAGE_SIZE);
++		if (gr_shared_page[j] == NULL) {
++			panic("Unable to allocate grsecurity shared page");
++			return;
++		}
++	}
++
++	/* allocate log buffers */
++	gr_alert_log_fmt = kmalloc(512, GFP_KERNEL);
++	if (!gr_alert_log_fmt) {
++		panic("Unable to allocate grsecurity alert log format buffer");
++		return;
++	}
++	gr_audit_log_fmt = kmalloc(512, GFP_KERNEL);
++	if (!gr_audit_log_fmt) {
++		panic("Unable to allocate grsecurity audit log format buffer");
++		return;
++	}
++	gr_alert_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
++	if (!gr_alert_log_buf) {
++		panic("Unable to allocate grsecurity alert log buffer");
++		return;
++	}
++	gr_audit_log_buf = (char *) get_zeroed_page(GFP_KERNEL);
++	if (!gr_audit_log_buf) {
++		panic("Unable to allocate grsecurity audit log buffer");
++		return;
++	}
++
++	/* allocate memory for authentication structure */
++	gr_usermode = kmalloc(sizeof(struct gr_arg), GFP_KERNEL);
++	gr_system_salt = kmalloc(GR_SALT_LEN, GFP_KERNEL);
++	gr_system_sum = kmalloc(GR_SHA_LEN, GFP_KERNEL);
++
++	if (!gr_usermode || !gr_system_salt || !gr_system_sum) {
++		panic("Unable to allocate grsecurity authentication structure");
++		return;
++	}
++
++#if !defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_SYSCTL_ON)
++#ifndef CONFIG_GRKERNSEC_SYSCTL
++	grsec_lock = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
++	grsec_enable_audit_textrel = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
++	grsec_enable_group = 1;
++	grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID;
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
++	grsec_enable_chdir = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	grsec_enable_audit_ipc = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
++	grsec_enable_mount = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_LINK
++	grsec_enable_link = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_DMESG
++	grsec_enable_dmesg = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_FIFO
++	grsec_enable_fifo = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_EXECVE
++	grsec_enable_execve = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_EXECLOG
++	grsec_enable_execlog = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_SIGNAL
++	grsec_enable_signal = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_FORKFAIL
++	grsec_enable_forkfail = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_TIME
++	grsec_enable_time = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_RESLOG
++	grsec_resource_logging = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
++	grsec_enable_chroot_findtask = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
++	grsec_enable_chroot_unix = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
++	grsec_enable_chroot_mount = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
++	grsec_enable_chroot_fchdir = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
++	grsec_enable_chroot_shmat = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
++	grsec_enable_chroot_double = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
++	grsec_enable_chroot_pivot = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
++	grsec_enable_chroot_chdir = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
++	grsec_enable_chroot_chmod = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
++	grsec_enable_chroot_mknod = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
++	grsec_enable_chroot_nice = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
++	grsec_enable_chroot_execlog = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++	grsec_enable_chroot_caps = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
++	grsec_enable_chroot_sysctl = 1;
++#endif
++#ifdef CONFIG_GRKERNSEC_TPE
++	grsec_enable_tpe = 1;
++	grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID;
++#ifdef CONFIG_GRKERNSEC_TPE_ALL
++	grsec_enable_tpe_all = 1;
++#endif
++#endif
++#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
++	grsec_enable_socket_all = 1;
++	grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID;
++#endif
++#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
++	grsec_enable_socket_client = 1;
++	grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID;
++#endif
++#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
++	grsec_enable_socket_server = 1;
++	grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID;
++#endif
++#endif
++
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_ipc.c linux-2.6.29.6/grsecurity/grsec_ipc.c
+--- linux-2.6.29.6/grsecurity/grsec_ipc.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_ipc.c	2009-07-23 17:34:32.176740408 -0400
+@@ -0,0 +1,81 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/types.h>
++#include <linux/ipc.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++void
++gr_log_msgget(const int ret, const int msgflg)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
++	      grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
++					  !grsec_enable_group)) && (ret >= 0)
++	    && (msgflg & IPC_CREAT))
++		gr_log_noargs(GR_DO_AUDIT, GR_MSGQ_AUDIT_MSG);
++#endif
++	return;
++}
++
++void
++gr_log_msgrm(const uid_t uid, const uid_t cuid)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
++	     grsec_enable_audit_ipc) ||
++	    (grsec_enable_audit_ipc && !grsec_enable_group))
++		gr_log_int_int(GR_DO_AUDIT, GR_MSGQR_AUDIT_MSG, uid, cuid);
++#endif
++	return;
++}
++
++void
++gr_log_semget(const int err, const int semflg)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
++	      grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
++					  !grsec_enable_group)) && (err >= 0)
++	    && (semflg & IPC_CREAT))
++		gr_log_noargs(GR_DO_AUDIT, GR_SEM_AUDIT_MSG);
++#endif
++	return;
++}
++
++void
++gr_log_semrm(const uid_t uid, const uid_t cuid)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
++	     grsec_enable_audit_ipc) ||
++	    (grsec_enable_audit_ipc && !grsec_enable_group))
++		gr_log_int_int(GR_DO_AUDIT, GR_SEMR_AUDIT_MSG, uid, cuid);
++#endif
++	return;
++}
++
++void
++gr_log_shmget(const int err, const int shmflg, const size_t size)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	if (((grsec_enable_group && in_group_p(grsec_audit_gid) &&
++	      grsec_enable_audit_ipc) || (grsec_enable_audit_ipc &&
++					  !grsec_enable_group)) && (err >= 0)
++	    && (shmflg & IPC_CREAT))
++		gr_log_int(GR_DO_AUDIT, GR_SHM_AUDIT_MSG, size);
++#endif
++	return;
++}
++
++void
++gr_log_shmrm(const uid_t uid, const uid_t cuid)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	if ((grsec_enable_group && in_group_p(grsec_audit_gid) &&
++	     grsec_enable_audit_ipc) ||
++	    (grsec_enable_audit_ipc && !grsec_enable_group))
++		gr_log_int_int(GR_DO_AUDIT, GR_SHMR_AUDIT_MSG, uid, cuid);
++#endif
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_link.c linux-2.6.29.6/grsecurity/grsec_link.c
+--- linux-2.6.29.6/grsecurity/grsec_link.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_link.c	2009-07-23 17:34:32.176740408 -0400
+@@ -0,0 +1,43 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/fs.h>
++#include <linux/file.h>
++#include <linux/grinternal.h>
++
++int
++gr_handle_follow_link(const struct inode *parent,
++		      const struct inode *inode,
++		      const struct dentry *dentry, const struct vfsmount *mnt)
++{
++#ifdef CONFIG_GRKERNSEC_LINK
++	const struct cred *cred = current_cred();
++
++	if (grsec_enable_link && S_ISLNK(inode->i_mode) &&
++	    (parent->i_mode & S_ISVTX) && (parent->i_uid != inode->i_uid) &&
++	    (parent->i_mode & S_IWOTH) && (cred->fsuid != inode->i_uid)) {
++		gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid);
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_hardlink(const struct dentry *dentry,
++		   const struct vfsmount *mnt,
++		   struct inode *inode, const int mode, const char *to)
++{
++#ifdef CONFIG_GRKERNSEC_LINK
++	const struct cred *cred = current_cred();
++
++	if (grsec_enable_link && cred->fsuid != inode->i_uid &&
++	    (!S_ISREG(mode) || (mode & S_ISUID) ||
++	     ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) ||
++	     (generic_permission(inode, MAY_READ | MAY_WRITE, NULL))) &&
++	    !capable(CAP_FOWNER) && cred->uid) {
++		gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to);
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_log.c linux-2.6.29.6/grsecurity/grsec_log.c
+--- linux-2.6.29.6/grsecurity/grsec_log.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_log.c	2009-07-23 17:34:32.177726844 -0400
+@@ -0,0 +1,288 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/tty.h>
++#include <linux/fs.h>
++#include <linux/grinternal.h>
++
++#define BEGIN_LOCKS(x) \
++	read_lock(&tasklist_lock); \
++	read_lock(&grsec_exec_file_lock); \
++	if (x != GR_DO_AUDIT) \
++		spin_lock(&grsec_alert_lock); \
++	else \
++		spin_lock(&grsec_audit_lock)
++
++#define END_LOCKS(x) \
++	if (x != GR_DO_AUDIT) \
++		spin_unlock(&grsec_alert_lock); \
++	else \
++		spin_unlock(&grsec_audit_lock); \
++	read_unlock(&grsec_exec_file_lock); \
++	read_unlock(&tasklist_lock); \
++	if (x == GR_DONT_AUDIT) \
++		gr_handle_alertkill(current)
++
++enum {
++	FLOODING,
++	NO_FLOODING
++};
++
++extern char *gr_alert_log_fmt;
++extern char *gr_audit_log_fmt;
++extern char *gr_alert_log_buf;
++extern char *gr_audit_log_buf;
++
++static int gr_log_start(int audit)
++{
++	char *loglevel = (audit == GR_DO_AUDIT) ? KERN_INFO : KERN_ALERT;
++	char *fmt = (audit == GR_DO_AUDIT) ? gr_audit_log_fmt : gr_alert_log_fmt;
++	char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++
++	if (audit == GR_DO_AUDIT)
++		goto set_fmt;
++
++	if (!grsec_alert_wtime || jiffies - grsec_alert_wtime > CONFIG_GRKERNSEC_FLOODTIME * HZ) {
++		grsec_alert_wtime = jiffies;
++		grsec_alert_fyet = 0;
++	} else if ((jiffies - grsec_alert_wtime < CONFIG_GRKERNSEC_FLOODTIME * HZ) && (grsec_alert_fyet < CONFIG_GRKERNSEC_FLOODBURST)) {
++		grsec_alert_fyet++;
++	} else if (grsec_alert_fyet == CONFIG_GRKERNSEC_FLOODBURST) {
++		grsec_alert_wtime = jiffies;
++		grsec_alert_fyet++;
++		printk(KERN_ALERT "grsec: more alerts, logging disabled for %d seconds\n", CONFIG_GRKERNSEC_FLOODTIME);
++		return FLOODING;
++	} else return FLOODING;
++
++set_fmt:
++	memset(buf, 0, PAGE_SIZE);
++	if (current->signal->curr_ip && gr_acl_is_enabled()) {
++		sprintf(fmt, "%s%s", loglevel, "grsec: From %u.%u.%u.%u: (%.64s:%c:%.950s) ");
++		snprintf(buf, PAGE_SIZE - 1, fmt, NIPQUAD(current->signal->curr_ip), current->role->rolename, gr_roletype_to_char(), current->acl->filename);
++	} else if (current->signal->curr_ip) {
++		sprintf(fmt, "%s%s", loglevel, "grsec: From %u.%u.%u.%u: ");
++		snprintf(buf, PAGE_SIZE - 1, fmt, NIPQUAD(current->signal->curr_ip));
++	} else if (gr_acl_is_enabled()) {
++		sprintf(fmt, "%s%s", loglevel, "grsec: (%.64s:%c:%.950s) ");
++		snprintf(buf, PAGE_SIZE - 1, fmt, current->role->rolename, gr_roletype_to_char(), current->acl->filename);
++	} else {
++		sprintf(fmt, "%s%s", loglevel, "grsec: ");
++		strcpy(buf, fmt);
++	}
++
++	return NO_FLOODING;
++}
++
++static void gr_log_middle(int audit, const char *msg, va_list ap)
++	__attribute__ ((format (printf, 2, 0)));
++
++static void gr_log_middle(int audit, const char *msg, va_list ap)
++{
++	char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++	unsigned int len = strlen(buf);
++
++	vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
++
++	return;
++}
++
++static void gr_log_middle_varargs(int audit, const char *msg, ...)
++	__attribute__ ((format (printf, 2, 3)));
++
++static void gr_log_middle_varargs(int audit, const char *msg, ...)
++{
++	char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++	unsigned int len = strlen(buf);
++	va_list ap;
++
++	va_start(ap, msg);
++	vsnprintf(buf + len, PAGE_SIZE - len - 1, msg, ap);
++	va_end(ap);
++
++	return;
++}
++
++static void gr_log_end(int audit)
++{
++	char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf;
++	unsigned int len = strlen(buf);
++
++	snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current, current_cred(), __task_cred(current->parent)));
++	printk("%s\n", buf);
++
++	return;
++}
++
++void gr_log_varargs(int audit, const char *msg, int argtypes, ...)
++{
++	int logtype;
++	char *result = (audit == GR_DO_AUDIT) ? "successful" : "denied";
++	char *str1, *str2, *str3;
++	int num1, num2;
++	unsigned long ulong1, ulong2;
++	struct dentry *dentry;
++	struct vfsmount *mnt;
++	struct file *file;
++	struct task_struct *task;
++	const struct cred *cred, *pcred;
++	va_list ap;
++
++	BEGIN_LOCKS(audit);
++	logtype = gr_log_start(audit);
++	if (logtype == FLOODING) {
++		END_LOCKS(audit);
++		return;
++	}
++	va_start(ap, argtypes);
++	switch (argtypes) {
++	case GR_TTYSNIFF:
++		task = va_arg(ap, struct task_struct *);
++		gr_log_middle_varargs(audit, msg, NIPQUAD(task->signal->curr_ip), gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid);
++		break;
++	case GR_SYSCTL_HIDDEN:
++		str1 = va_arg(ap, char *);
++		gr_log_middle_varargs(audit, msg, result, str1);
++		break;
++	case GR_RBAC:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt));
++		break;
++	case GR_RBAC_STR:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		str1 = va_arg(ap, char *);
++		gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1);
++		break;
++	case GR_STR_RBAC:
++		str1 = va_arg(ap, char *);
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		gr_log_middle_varargs(audit, msg, result, str1, gr_to_filename(dentry, mnt));
++		break;
++	case GR_RBAC_MODE2:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		str1 = va_arg(ap, char *);
++		str2 = va_arg(ap, char *);
++		gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2);
++		break;
++	case GR_RBAC_MODE3:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		str1 = va_arg(ap, char *);
++		str2 = va_arg(ap, char *);
++		str3 = va_arg(ap, char *);
++		gr_log_middle_varargs(audit, msg, result, gr_to_filename(dentry, mnt), str1, str2, str3);
++		break;
++	case GR_FILENAME:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt));
++		break;
++	case GR_STR_FILENAME:
++		str1 = va_arg(ap, char *);
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		gr_log_middle_varargs(audit, msg, str1, gr_to_filename(dentry, mnt));
++		break;
++	case GR_FILENAME_STR:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		str1 = va_arg(ap, char *);
++		gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), str1);
++		break;
++	case GR_FILENAME_TWO_INT:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		num1 = va_arg(ap, int);
++		num2 = va_arg(ap, int);
++		gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2);
++		break;
++	case GR_FILENAME_TWO_INT_STR:
++		dentry = va_arg(ap, struct dentry *);
++		mnt = va_arg(ap, struct vfsmount *);
++		num1 = va_arg(ap, int);
++		num2 = va_arg(ap, int);
++		str1 = va_arg(ap, char *);
++		gr_log_middle_varargs(audit, msg, gr_to_filename(dentry, mnt), num1, num2, str1);
++		break;
++	case GR_TEXTREL:
++		file = va_arg(ap, struct file *);
++		ulong1 = va_arg(ap, unsigned long);
++		ulong2 = va_arg(ap, unsigned long);
++		gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>", ulong1, ulong2);
++		break;
++	case GR_PTRACE:
++		task = va_arg(ap, struct task_struct *);
++		gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid);
++		break;
++	case GR_RESOURCE:
++		task = va_arg(ap, struct task_struct *);
++		cred = __task_cred(task);
++		pcred = __task_cred(task->parent);
++		ulong1 = va_arg(ap, unsigned long);
++		str1 = va_arg(ap, char *);
++		ulong2 = va_arg(ap, unsigned long);
++		gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
++		break;
++	case GR_CAP:
++		task = va_arg(ap, struct task_struct *);
++		cred = __task_cred(task);
++		pcred = __task_cred(task->parent);
++		str1 = va_arg(ap, char *);
++		gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
++		break;
++	case GR_SIG:
++		task = va_arg(ap, struct task_struct *);
++		cred = __task_cred(task);
++		pcred = __task_cred(task->parent);
++		num1 = va_arg(ap, int);
++		gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath0(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid);
++		break;
++	case GR_CRASH1:
++		task = va_arg(ap, struct task_struct *);
++		cred = __task_cred(task);
++		pcred = __task_cred(task->parent);
++		ulong1 = va_arg(ap, unsigned long);
++		gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, cred->uid, ulong1);
++		break;
++	case GR_CRASH2:
++		task = va_arg(ap, struct task_struct *);
++		cred = __task_cred(task);
++		pcred = __task_cred(task->parent);
++		ulong1 = va_arg(ap, unsigned long);
++		gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1);
++		break;
++	case GR_PSACCT:
++		{
++			unsigned int wday, cday;
++			__u8 whr, chr;
++			__u8 wmin, cmin;
++			__u8 wsec, csec;
++			char cur_tty[64] = { 0 };
++			char parent_tty[64] = { 0 };
++
++			task = va_arg(ap, struct task_struct *);
++			wday = va_arg(ap, unsigned int);
++			cday = va_arg(ap, unsigned int);
++			whr = va_arg(ap, int);
++			chr = va_arg(ap, int);
++			wmin = va_arg(ap, int);
++			cmin = va_arg(ap, int);
++			wsec = va_arg(ap, int);
++			csec = va_arg(ap, int);
++			ulong1 = va_arg(ap, unsigned long);
++			cred = __task_cred(task);
++			pcred = __task_cred(task->parent);
++
++			gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, NIPQUAD(task->signal->curr_ip), tty_name(task->signal->tty, cur_tty), cred->uid, cred->euid, cred->gid, cred->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->parent->comm, task->parent->pid, NIPQUAD(task->parent->signal->curr_ip), tty_name(task->parent->signal->tty, parent_tty), pcred->uid, pcred->euid, pcred->gid, pcred->egid);
++		}
++		break;
++	default:
++		gr_log_middle(audit, msg, ap);
++	}
++	va_end(ap);
++	gr_log_end(audit);
++	END_LOCKS(audit);
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_mem.c linux-2.6.29.6/grsecurity/grsec_mem.c
+--- linux-2.6.29.6/grsecurity/grsec_mem.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_mem.c	2009-07-23 17:34:32.177726844 -0400
+@@ -0,0 +1,71 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/mman.h>
++#include <linux/grinternal.h>
++
++void
++gr_handle_ioperm(void)
++{
++	gr_log_noargs(GR_DONT_AUDIT, GR_IOPERM_MSG);
++	return;
++}
++
++void
++gr_handle_iopl(void)
++{
++	gr_log_noargs(GR_DONT_AUDIT, GR_IOPL_MSG);
++	return;
++}
++
++void
++gr_handle_mem_write(void)
++{
++	gr_log_noargs(GR_DONT_AUDIT, GR_MEM_WRITE_MSG);
++	return;
++}
++
++void
++gr_handle_kmem_write(void)
++{
++	gr_log_noargs(GR_DONT_AUDIT, GR_KMEM_MSG);
++	return;
++}
++
++void
++gr_handle_open_port(void)
++{
++	gr_log_noargs(GR_DONT_AUDIT, GR_PORT_OPEN_MSG);
++	return;
++}
++
++int
++gr_handle_mem_mmap(const unsigned long offset, struct vm_area_struct *vma)
++{
++	unsigned long start, end;
++
++	start = offset;
++	end = start + vma->vm_end - vma->vm_start;
++
++	if (start > end) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
++		return -EPERM;
++	}
++
++	/* allowed ranges : ISA I/O BIOS */
++	if ((start >= __pa(high_memory))
++#ifdef CONFIG_X86
++	    || (start >= 0x000a0000 && end <= 0x00100000)
++	    || (start >= 0x00000000 && end <= 0x00001000)
++#endif
++	)
++		return 0;
++
++	if (vma->vm_flags & VM_WRITE) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_MEM_MMAP_MSG);
++		return -EPERM;
++	} else
++		vma->vm_flags &= ~VM_MAYWRITE;
++
++	return 0;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_mount.c linux-2.6.29.6/grsecurity/grsec_mount.c
+--- linux-2.6.29.6/grsecurity/grsec_mount.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_mount.c	2009-07-23 17:34:32.177726844 -0400
+@@ -0,0 +1,34 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++void
++gr_log_remount(const char *devname, const int retval)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
++	if (grsec_enable_mount && (retval >= 0))
++		gr_log_str(GR_DO_AUDIT, GR_REMOUNT_AUDIT_MSG, devname ? devname : "none");
++#endif
++	return;
++}
++
++void
++gr_log_unmount(const char *devname, const int retval)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
++	if (grsec_enable_mount && (retval >= 0))
++		gr_log_str(GR_DO_AUDIT, GR_UNMOUNT_AUDIT_MSG, devname ? devname : "none");
++#endif
++	return;
++}
++
++void
++gr_log_mount(const char *from, const char *to, const int retval)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
++	if (grsec_enable_mount && (retval >= 0))
++		gr_log_str_str(GR_DO_AUDIT, GR_MOUNT_AUDIT_MSG, from, to);
++#endif
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_sig.c linux-2.6.29.6/grsecurity/grsec_sig.c
+--- linux-2.6.29.6/grsecurity/grsec_sig.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_sig.c	2009-07-23 17:34:32.177726844 -0400
+@@ -0,0 +1,58 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/delay.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++void
++gr_log_signal(const int sig, const struct task_struct *t)
++{
++#ifdef CONFIG_GRKERNSEC_SIGNAL
++	if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) ||
++				    (sig == SIGABRT) || (sig == SIGBUS))) {
++		if (t->pid == current->pid) {
++			gr_log_int(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, sig);
++		} else {
++			gr_log_sig(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig);
++		}
++	}
++#endif
++	return;
++}
++
++int
++gr_handle_signal(const struct task_struct *p, const int sig)
++{
++#ifdef CONFIG_GRKERNSEC
++	if (current->pid > 1 && gr_check_protected_task(p)) {
++		gr_log_sig(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig);
++		return -EPERM;
++	} else if (gr_pid_is_chrooted((struct task_struct *)p)) {
++		return -EPERM;
++	}
++#endif
++	return 0;
++}
++
++void gr_handle_brute_attach(struct task_struct *p)
++{
++#ifdef CONFIG_GRKERNSEC_BRUTE
++	read_lock(&tasklist_lock);
++	read_lock(&grsec_exec_file_lock);
++	if (p->parent && p->parent->exec_file == p->exec_file)
++		p->parent->brute = 1;
++	read_unlock(&grsec_exec_file_lock);
++	read_unlock(&tasklist_lock);
++#endif
++	return;
++}
++
++void gr_handle_brute_check(void)
++{
++#ifdef CONFIG_GRKERNSEC_BRUTE
++	if (current->brute)
++		msleep(30 * 1000);
++#endif
++	return;
++}
++
+diff -urNp linux-2.6.29.6/grsecurity/grsec_sock.c linux-2.6.29.6/grsecurity/grsec_sock.c
+--- linux-2.6.29.6/grsecurity/grsec_sock.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_sock.c	2009-07-23 17:34:32.177726844 -0400
+@@ -0,0 +1,269 @@
++#include <linux/kernel.h>
++#include <linux/module.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/net.h>
++#include <linux/in.h>
++#include <linux/ip.h>
++#include <net/sock.h>
++#include <net/inet_sock.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++#include <linux/gracl.h>
++
++kernel_cap_t gr_cap_rtnetlink(struct sock *sock);
++EXPORT_SYMBOL(gr_cap_rtnetlink);
++
++extern int gr_search_udp_recvmsg(const struct sock *sk, const struct sk_buff *skb);
++extern int gr_search_udp_sendmsg(const struct sock *sk, const struct sockaddr_in *addr);
++
++EXPORT_SYMBOL(gr_search_udp_recvmsg);
++EXPORT_SYMBOL(gr_search_udp_sendmsg);
++
++#ifdef CONFIG_UNIX_MODULE
++EXPORT_SYMBOL(gr_acl_handle_unix);
++EXPORT_SYMBOL(gr_acl_handle_mknod);
++EXPORT_SYMBOL(gr_handle_chroot_unix);
++EXPORT_SYMBOL(gr_handle_create);
++#endif
++
++#ifdef CONFIG_GRKERNSEC
++#define gr_conn_table_size 32749
++struct conn_table_entry {
++	struct conn_table_entry *next;
++	struct signal_struct *sig;
++};
++
++struct conn_table_entry *gr_conn_table[gr_conn_table_size];
++DEFINE_SPINLOCK(gr_conn_table_lock);
++
++extern const char * gr_socktype_to_name(unsigned char type);
++extern const char * gr_proto_to_name(unsigned char proto);
++
++static __inline__ int 
++conn_hash(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport, unsigned int size)
++{
++	return ((daddr + saddr + (sport << 8) + (dport << 16)) % size);
++}
++
++static __inline__ int
++conn_match(const struct signal_struct *sig, __u32 saddr, __u32 daddr, 
++	   __u16 sport, __u16 dport)
++{
++	if (unlikely(sig->gr_saddr == saddr && sig->gr_daddr == daddr &&
++		     sig->gr_sport == sport && sig->gr_dport == dport))
++		return 1;
++	else
++		return 0;
++}
++
++static void gr_add_to_task_ip_table_nolock(struct signal_struct *sig, struct conn_table_entry *newent)
++{
++	struct conn_table_entry **match;
++	unsigned int index;
++
++	index = conn_hash(sig->gr_saddr, sig->gr_daddr, 
++			  sig->gr_sport, sig->gr_dport, 
++			  gr_conn_table_size);
++
++	newent->sig = sig;
++	
++	match = &gr_conn_table[index];
++	newent->next = *match;
++	*match = newent;
++
++	return;
++}
++
++static void gr_del_task_from_ip_table_nolock(struct signal_struct *sig)
++{
++	struct conn_table_entry *match, *last = NULL;
++	unsigned int index;
++
++	index = conn_hash(sig->gr_saddr, sig->gr_daddr, 
++			  sig->gr_sport, sig->gr_dport, 
++			  gr_conn_table_size);
++
++	match = gr_conn_table[index];
++	while (match && !conn_match(match->sig, 
++		sig->gr_saddr, sig->gr_daddr, sig->gr_sport, 
++		sig->gr_dport)) {
++		last = match;
++		match = match->next;
++	}
++
++	if (match) {
++		if (last)
++			last->next = match->next;
++		else
++			gr_conn_table[index] = NULL;
++		kfree(match);
++	}
++
++	return;
++}
++
++static struct signal_struct * gr_lookup_task_ip_table(__u32 saddr, __u32 daddr,
++					     __u16 sport, __u16 dport)
++{
++	struct conn_table_entry *match;
++	unsigned int index;
++
++	index = conn_hash(saddr, daddr, sport, dport, gr_conn_table_size);
++
++	match = gr_conn_table[index];
++	while (match && !conn_match(match->sig, saddr, daddr, sport, dport))
++		match = match->next;
++
++	if (match)
++		return match->sig;
++	else
++		return NULL;
++}
++
++#endif
++
++void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet)
++{
++#ifdef CONFIG_GRKERNSEC
++	struct signal_struct *sig = task->signal;
++	struct conn_table_entry *newent;
++
++	newent = kmalloc(sizeof(struct conn_table_entry), GFP_ATOMIC);
++	if (newent == NULL)
++		return;
++	/* no bh lock needed since we are called with bh disabled */
++	spin_lock(&gr_conn_table_lock);
++	gr_del_task_from_ip_table_nolock(sig);
++	sig->gr_saddr = inet->rcv_saddr;
++	sig->gr_daddr = inet->daddr;
++	sig->gr_sport = inet->sport;
++	sig->gr_dport = inet->dport;
++	gr_add_to_task_ip_table_nolock(sig, newent);
++	spin_unlock(&gr_conn_table_lock);
++#endif
++	return;
++}
++
++void gr_del_task_from_ip_table(struct task_struct *task)
++{
++#ifdef CONFIG_GRKERNSEC
++	spin_lock_bh(&gr_conn_table_lock);
++	gr_del_task_from_ip_table_nolock(task->signal);
++	spin_unlock_bh(&gr_conn_table_lock);
++#endif
++	return;
++}
++
++void
++gr_attach_curr_ip(const struct sock *sk)
++{
++#ifdef CONFIG_GRKERNSEC
++	struct signal_struct *p, *set;
++	const struct inet_sock *inet = inet_sk(sk);	
++
++	if (unlikely(sk->sk_protocol != IPPROTO_TCP))
++		return;
++
++	set = current->signal;
++
++	spin_lock_bh(&gr_conn_table_lock);
++	p = gr_lookup_task_ip_table(inet->daddr, inet->rcv_saddr,
++				    inet->dport, inet->sport);
++	if (unlikely(p != NULL)) {
++		set->curr_ip = p->curr_ip;
++		set->used_accept = 1;
++		gr_del_task_from_ip_table_nolock(p);
++		spin_unlock_bh(&gr_conn_table_lock);
++		return;
++	}
++	spin_unlock_bh(&gr_conn_table_lock);
++
++	set->curr_ip = inet->daddr;
++	set->used_accept = 1;
++#endif
++	return;
++}
++
++int
++gr_handle_sock_all(const int family, const int type, const int protocol)
++{
++#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
++	if (grsec_enable_socket_all && in_group_p(grsec_socket_all_gid) &&
++	    (family != AF_UNIX) && (family != AF_LOCAL)) {
++		gr_log_int_str2(GR_DONT_AUDIT, GR_SOCK2_MSG, family, gr_socktype_to_name(type), gr_proto_to_name(protocol));
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_sock_server(const struct sockaddr *sck)
++{
++#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
++	if (grsec_enable_socket_server &&
++	    in_group_p(grsec_socket_server_gid) &&
++	    sck && (sck->sa_family != AF_UNIX) &&
++	    (sck->sa_family != AF_LOCAL)) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_sock_server_other(const struct sock *sck)
++{
++#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
++	if (grsec_enable_socket_server &&
++	    in_group_p(grsec_socket_server_gid) &&
++	    sck && (sck->sk_family != AF_UNIX) &&
++	    (sck->sk_family != AF_LOCAL)) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_BIND_MSG);
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
++
++int
++gr_handle_sock_client(const struct sockaddr *sck)
++{
++#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
++	if (grsec_enable_socket_client && in_group_p(grsec_socket_client_gid) &&
++	    sck && (sck->sa_family != AF_UNIX) &&
++	    (sck->sa_family != AF_LOCAL)) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_CONNECT_MSG);
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
++
++kernel_cap_t
++gr_cap_rtnetlink(struct sock *sock)
++{
++#ifdef CONFIG_GRKERNSEC
++	if (!gr_acl_is_enabled())
++		return current_cap();
++	else if (sock->sk_protocol == NETLINK_ISCSI &&
++		 cap_raised(current_cap(), CAP_SYS_ADMIN) &&
++		 gr_is_capable(CAP_SYS_ADMIN))
++		return current_cap();
++	else if (sock->sk_protocol == NETLINK_AUDIT &&
++		 cap_raised(current_cap(), CAP_AUDIT_WRITE) &&
++		 gr_is_capable(CAP_AUDIT_WRITE) &&
++		 cap_raised(current_cap(), CAP_AUDIT_CONTROL) &&
++		 gr_is_capable(CAP_AUDIT_CONTROL))
++		return current_cap();
++	else if (cap_raised(current_cap(), CAP_NET_ADMIN) &&
++		 gr_is_capable(CAP_NET_ADMIN))
++		return current_cap();
++	else
++		return __cap_empty_set;
++#else
++	return current_cap();
++#endif
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_sysctl.c linux-2.6.29.6/grsecurity/grsec_sysctl.c
+--- linux-2.6.29.6/grsecurity/grsec_sysctl.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_sysctl.c	2009-07-23 17:34:32.178838233 -0400
+@@ -0,0 +1,435 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/sysctl.h>
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++#ifdef CONFIG_GRKERNSEC_MODSTOP
++int grsec_modstop;
++#endif
++
++int
++gr_handle_sysctl_mod(const char *dirname, const char *name, const int op)
++{
++#ifdef CONFIG_GRKERNSEC_SYSCTL
++	if (!strcmp(dirname, "grsecurity") && grsec_lock && (op & MAY_WRITE)) {
++		gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
++		return -EACCES;
++	}
++#endif
++#ifdef CONFIG_GRKERNSEC_MODSTOP
++	if (!strcmp(dirname, "grsecurity") && !strcmp(name, "disable_modules") &&
++	    grsec_modstop && (op & MAY_WRITE)) {
++		gr_log_str(GR_DONT_AUDIT, GR_SYSCTL_MSG, name);
++		return -EACCES;
++	}
++#endif
++	return 0;
++}
++
++#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP)
++ctl_table grsecurity_table[] = {
++#ifdef CONFIG_GRKERNSEC_SYSCTL
++#ifdef CONFIG_GRKERNSEC_LINK
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "linking_restrictions",
++		.data		= &grsec_enable_link,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_FIFO
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "fifo_restrictions",
++		.data		= &grsec_enable_fifo,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_EXECVE
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "execve_limiting",
++		.data		= &grsec_enable_execve,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_EXECLOG
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "exec_logging",
++		.data		= &grsec_enable_execlog,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_SIGNAL
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "signal_logging",
++		.data		= &grsec_enable_signal,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_FORKFAIL
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "forkfail_logging",
++		.data		= &grsec_enable_forkfail,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_TIME
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "timechange_logging",
++		.data		= &grsec_enable_time,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_SHMAT
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_shmat",
++		.data		= &grsec_enable_chroot_shmat,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_unix",
++		.data		= &grsec_enable_chroot_unix,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_MOUNT
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_mount",
++		.data		= &grsec_enable_chroot_mount,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_FCHDIR
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_fchdir",
++		.data		= &grsec_enable_chroot_fchdir,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_DOUBLE
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_chroot",
++		.data		= &grsec_enable_chroot_double,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_PIVOT
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_pivot",
++		.data		= &grsec_enable_chroot_pivot,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_enforce_chdir",
++		.data		= &grsec_enable_chroot_chdir,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_CHMOD
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_chmod",
++		.data		= &grsec_enable_chroot_chmod,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_MKNOD
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_mknod",
++		.data		= &grsec_enable_chroot_mknod,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_NICE
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_restrict_nice",
++		.data		= &grsec_enable_chroot_nice,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_EXECLOG
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_execlog",
++		.data		= &grsec_enable_chroot_execlog,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_caps",
++		.data		= &grsec_enable_chroot_caps,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_deny_sysctl",
++		.data		= &grsec_enable_chroot_sysctl,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_TPE
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "tpe",
++		.data		= &grsec_enable_tpe,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "tpe_gid",
++		.data		= &grsec_tpe_gid,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_TPE_ALL
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "tpe_restrict_all",
++		.data		= &grsec_enable_tpe_all,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_SOCKET_ALL
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "socket_all",
++		.data		= &grsec_enable_socket_all,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "socket_all_gid",
++		.data		= &grsec_socket_all_gid,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "socket_client",
++		.data		= &grsec_enable_socket_client,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "socket_client_gid",
++		.data		= &grsec_socket_client_gid,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "socket_server",
++		.data		= &grsec_enable_socket_server,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "socket_server_gid",
++		.data		= &grsec_socket_server_gid,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "audit_group",
++		.data		= &grsec_enable_group,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "audit_gid",
++		.data		= &grsec_audit_gid,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_CHDIR
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "audit_chdir",
++		.data		= &grsec_enable_chdir,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_MOUNT
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "audit_mount",
++		.data		= &grsec_enable_mount,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_IPC
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "audit_ipc",
++		.data		= &grsec_enable_audit_ipc,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "audit_textrel",
++		.data		= &grsec_enable_audit_textrel,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_DMESG
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "dmesg",
++		.data		= &grsec_enable_dmesg,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "chroot_findtask",
++		.data		= &grsec_enable_chroot_findtask,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_RESLOG
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "resource_logging",
++		.data		= &grsec_resource_logging,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "grsec_lock",
++		.data		= &grsec_lock,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++#ifdef CONFIG_GRKERNSEC_MODSTOP
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "disable_modules",
++		.data		= &grsec_modstop,
++		.maxlen		= sizeof(int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++#endif
++	{ .ctl_name = 0 }
++};
++#endif
++
++int gr_check_modstop(void)
++{
++#ifdef CONFIG_GRKERNSEC_MODSTOP
++	if (grsec_modstop == 1) {
++		gr_log_noargs(GR_DONT_AUDIT, GR_STOPMOD_MSG);
++		return 1;
++	}
++#endif
++	return 0;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_textrel.c linux-2.6.29.6/grsecurity/grsec_textrel.c
+--- linux-2.6.29.6/grsecurity/grsec_textrel.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_textrel.c	2009-07-23 17:34:32.178838233 -0400
+@@ -0,0 +1,16 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/file.h>
++#include <linux/grinternal.h>
++#include <linux/grsecurity.h>
++
++void
++gr_log_textrel(struct vm_area_struct * vma)
++{
++#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
++	if (grsec_enable_audit_textrel)
++		gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
++#endif
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_time.c linux-2.6.29.6/grsecurity/grsec_time.c
+--- linux-2.6.29.6/grsecurity/grsec_time.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_time.c	2009-07-23 17:34:32.178838233 -0400
+@@ -0,0 +1,13 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/grinternal.h>
++
++void
++gr_log_timechange(void)
++{
++#ifdef CONFIG_GRKERNSEC_TIME
++	if (grsec_enable_time)
++		gr_log_noargs(GR_DONT_AUDIT_GOOD, GR_TIME_MSG);
++#endif
++	return;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsec_tpe.c linux-2.6.29.6/grsecurity/grsec_tpe.c
+--- linux-2.6.29.6/grsecurity/grsec_tpe.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsec_tpe.c	2009-07-23 17:34:32.178838233 -0400
+@@ -0,0 +1,38 @@
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/file.h>
++#include <linux/fs.h>
++#include <linux/grinternal.h>
++
++extern int gr_acl_tpe_check(void);
++
++int
++gr_tpe_allow(const struct file *file)
++{
++#ifdef CONFIG_GRKERNSEC
++	struct inode *inode = file->f_path.dentry->d_parent->d_inode;
++	const struct cred *cred = current_cred();
++
++	if (cred->uid && ((grsec_enable_tpe &&
++#ifdef CONFIG_GRKERNSEC_TPE_INVERT
++	    !in_group_p(grsec_tpe_gid)
++#else
++	    in_group_p(grsec_tpe_gid)
++#endif
++	    ) || gr_acl_tpe_check()) &&
++	    (inode->i_uid || (!inode->i_uid && ((inode->i_mode & S_IWGRP) ||
++						(inode->i_mode & S_IWOTH))))) {
++		gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
++		return 0;
++	}
++#ifdef CONFIG_GRKERNSEC_TPE_ALL
++	if (cred->uid && grsec_enable_tpe && grsec_enable_tpe_all &&
++	    ((inode->i_uid && (inode->i_uid != cred->uid)) ||
++	     (inode->i_mode & S_IWGRP) || (inode->i_mode & S_IWOTH))) {
++		gr_log_fs_generic(GR_DONT_AUDIT, GR_EXEC_TPE_MSG, file->f_path.dentry, file->f_path.mnt);
++		return 0;
++	}
++#endif
++#endif
++	return 1;
++}
+diff -urNp linux-2.6.29.6/grsecurity/grsum.c linux-2.6.29.6/grsecurity/grsum.c
+--- linux-2.6.29.6/grsecurity/grsum.c	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/grsum.c	2009-07-23 17:34:32.179767198 -0400
+@@ -0,0 +1,59 @@
++#include <linux/err.h>
++#include <linux/kernel.h>
++#include <linux/sched.h>
++#include <linux/mm.h>
++#include <linux/scatterlist.h>
++#include <linux/crypto.h>
++#include <linux/gracl.h>
++
++
++#if !defined(CONFIG_CRYPTO) || defined(CONFIG_CRYPTO_MODULE) || !defined(CONFIG_CRYPTO_SHA256) || defined(CONFIG_CRYPTO_SHA256_MODULE)
++#error "crypto and sha256 must be built into the kernel"
++#endif
++
++int
++chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
++{
++	char *p;
++	struct crypto_hash *tfm;
++	struct hash_desc desc;
++	struct scatterlist sg;
++	unsigned char temp_sum[GR_SHA_LEN];
++	volatile int retval = 0;
++	volatile int dummy = 0;
++	unsigned int i;
++
++	tfm = crypto_alloc_hash("sha256", 0, CRYPTO_ALG_ASYNC);
++	if (IS_ERR(tfm)) {
++		/* should never happen, since sha256 should be built in */
++		return 1;
++	}
++
++	desc.tfm = tfm;
++	desc.flags = 0;
++
++	crypto_hash_init(&desc);
++
++	p = salt;
++	sg_set_buf(&sg, p, GR_SALT_LEN);
++	crypto_hash_update(&desc, &sg, sg.length);
++
++	p = entry->pw;
++	sg_set_buf(&sg, p, strlen(p));
++	
++	crypto_hash_update(&desc, &sg, sg.length);
++
++	crypto_hash_final(&desc, temp_sum);
++
++	memset(entry->pw, 0, GR_PW_LEN);
++
++	for (i = 0; i < GR_SHA_LEN; i++)
++		if (sum[i] != temp_sum[i])
++			retval = 1;
++		else
++			dummy = 1;	// waste a cycle
++
++	crypto_free_hash(tfm);
++
++	return retval;
++}
+diff -urNp linux-2.6.29.6/grsecurity/Kconfig linux-2.6.29.6/grsecurity/Kconfig
+--- linux-2.6.29.6/grsecurity/Kconfig	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/Kconfig	2009-07-23 17:36:47.298949106 -0400
+@@ -0,0 +1,894 @@
++#
++# grecurity configuration
++#
++
++menu "Grsecurity"
++
++config GRKERNSEC
++	bool "Grsecurity"
++	select CRYPTO
++	select CRYPTO_SHA256
++	select SECURITY
++	select SECURITY_CAPABILITIES
++	help
++	  If you say Y here, you will be able to configure many features
++	  that will enhance the security of your system.  It is highly
++	  recommended that you say Y here and read through the help
++	  for each option so that you fully understand the features and
++	  can evaluate their usefulness for your machine.
++
++choice
++	prompt "Security Level"
++	depends on GRKERNSEC
++	default GRKERNSEC_CUSTOM
++
++config GRKERNSEC_LOW
++	bool "Low"
++	select GRKERNSEC_LINK
++	select GRKERNSEC_FIFO
++	select GRKERNSEC_EXECVE
++	select GRKERNSEC_RANDNET
++	select GRKERNSEC_DMESG
++	select GRKERNSEC_CHROOT
++	select GRKERNSEC_CHROOT_CHDIR
++	select GRKERNSEC_MODSTOP if (MODULES)
++
++	help
++	  If you choose this option, several of the grsecurity options will
++	  be enabled that will give you greater protection against a number
++	  of attacks, while assuring that none of your software will have any
++	  conflicts with the additional security measures.  If you run a lot
++	  of unusual software, or you are having problems with the higher
++	  security levels, you should say Y here.  With this option, the
++	  following features are enabled:
++
++	  - Linking restrictions
++	  - FIFO restrictions
++	  - Enforcing RLIMIT_NPROC on execve
++	  - Restricted dmesg
++	  - Enforced chdir("/") on chroot
++	  - Runtime module disabling
++
++config GRKERNSEC_MEDIUM
++	bool "Medium"
++	select PAX
++	select PAX_EI_PAX
++	select PAX_PT_PAX_FLAGS
++	select PAX_HAVE_ACL_FLAGS
++	select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
++	select GRKERNSEC_CHROOT
++	select GRKERNSEC_CHROOT_SYSCTL
++	select GRKERNSEC_LINK
++	select GRKERNSEC_FIFO
++	select GRKERNSEC_EXECVE
++	select GRKERNSEC_DMESG
++	select GRKERNSEC_RANDNET
++	select GRKERNSEC_FORKFAIL
++	select GRKERNSEC_TIME
++	select GRKERNSEC_SIGNAL
++	select GRKERNSEC_CHROOT
++	select GRKERNSEC_CHROOT_UNIX
++	select GRKERNSEC_CHROOT_MOUNT
++	select GRKERNSEC_CHROOT_PIVOT
++	select GRKERNSEC_CHROOT_DOUBLE
++	select GRKERNSEC_CHROOT_CHDIR
++	select GRKERNSEC_CHROOT_MKNOD
++	select GRKERNSEC_PROC
++	select GRKERNSEC_PROC_USERGROUP
++	select GRKERNSEC_MODSTOP if (MODULES)
++	select PAX_RANDUSTACK
++	select PAX_ASLR
++	select PAX_RANDMMAP
++	select PAX_REFCOUNT if (X86)
++	select PAX_USERCOPY if (X86 && (SLAB || SLUB || SLOB))
++
++	help
++	  If you say Y here, several features in addition to those included
++	  in the low additional security level will be enabled.  These
++	  features provide even more security to your system, though in rare
++	  cases they may be incompatible with very old or poorly written
++	  software.  If you enable this option, make sure that your auth
++	  service (identd) is running as gid 1001.  With this option, 
++	  the following features (in addition to those provided in the 
++	  low additional security level) will be enabled:
++
++	  - Failed fork logging
++	  - Time change logging
++	  - Signal logging
++	  - Deny mounts in chroot
++	  - Deny double chrooting
++	  - Deny sysctl writes in chroot
++	  - Deny mknod in chroot
++	  - Deny access to abstract AF_UNIX sockets out of chroot
++	  - Deny pivot_root in chroot
++	  - Denied writes of /dev/kmem, /dev/mem, and /dev/port
++	  - /proc restrictions with special GID set to 10 (usually wheel)
++	  - Address Space Layout Randomization (ASLR)
++	  - Prevent exploitation of most refcount overflows
++	  - Bounds checking of copying between the kernel and userland
++
++config GRKERNSEC_HIGH
++	bool "High"
++	select GRKERNSEC_LINK
++	select GRKERNSEC_FIFO
++	select GRKERNSEC_EXECVE
++	select GRKERNSEC_DMESG
++	select GRKERNSEC_FORKFAIL
++	select GRKERNSEC_TIME
++	select GRKERNSEC_SIGNAL
++	select GRKERNSEC_CHROOT
++	select GRKERNSEC_CHROOT_SHMAT
++	select GRKERNSEC_CHROOT_UNIX
++	select GRKERNSEC_CHROOT_MOUNT
++	select GRKERNSEC_CHROOT_FCHDIR
++	select GRKERNSEC_CHROOT_PIVOT
++	select GRKERNSEC_CHROOT_DOUBLE
++	select GRKERNSEC_CHROOT_CHDIR
++	select GRKERNSEC_CHROOT_MKNOD
++	select GRKERNSEC_CHROOT_CAPS
++	select GRKERNSEC_CHROOT_SYSCTL
++	select GRKERNSEC_CHROOT_FINDTASK
++	select GRKERNSEC_PROC
++	select GRKERNSEC_PROC_MEMMAP if (PAX_NOEXEC || PAX_ASLR)
++	select GRKERNSEC_HIDESYM
++	select GRKERNSEC_BRUTE
++	select GRKERNSEC_PROC_USERGROUP
++	select GRKERNSEC_KMEM
++	select GRKERNSEC_RESLOG
++	select GRKERNSEC_RANDNET
++	select GRKERNSEC_PROC_ADD
++	select GRKERNSEC_CHROOT_CHMOD
++	select GRKERNSEC_CHROOT_NICE
++	select GRKERNSEC_AUDIT_MOUNT
++	select GRKERNSEC_MODSTOP if (MODULES)
++	select PAX
++	select PAX_RANDUSTACK
++	select PAX_ASLR
++	select PAX_RANDMMAP
++	select PAX_NOEXEC
++	select PAX_MPROTECT
++	select PAX_EI_PAX
++	select PAX_PT_PAX_FLAGS
++	select PAX_HAVE_ACL_FLAGS
++	select PAX_KERNEXEC if (X86 && !EFI && !COMPAT_VDSO && !PARAVIRT && (!X86_32 || X86_WP_WORKS_OK))
++	select PAX_MEMORY_UDEREF if (!X86_64 && !COMPAT_VDSO)
++	select PAX_RANDKSTACK if (X86_TSC && !X86_64)
++	select PAX_SEGMEXEC if (X86 && !X86_64)
++	select PAX_PAGEEXEC if (!X86)
++	select PAX_EMUPLT if (ALPHA || PARISC || PPC32 || SPARC32 || SPARC64)
++	select PAX_DLRESOLVE if (SPARC32 || SPARC64)
++	select PAX_SYSCALL if (PPC32)
++	select PAX_EMUTRAMP if (PARISC)
++	select PAX_EMUSIGRT if (PARISC)
++	select PAX_ETEXECRELOCS if (ALPHA || IA64 || PARISC)
++	select PAX_REFCOUNT if (X86)
++	select PAX_USERCOPY if (X86 && (SLAB || SLUB || SLOB))
++	help
++	  If you say Y here, many of the features of grsecurity will be
++	  enabled, which will protect you against many kinds of attacks
++	  against your system.  The heightened security comes at a cost
++	  of an increased chance of incompatibilities with rare software
++	  on your machine.  Since this security level enables PaX, you should
++	  view <http://pax.grsecurity.net> and read about the PaX
++	  project.  While you are there, download chpax and run it on
++	  binaries that cause problems with PaX.  Also remember that
++	  since the /proc restrictions are enabled, you must run your
++	  identd as gid 1001.  This security level enables the following 
++	  features in addition to those listed in the low and medium 
++	  security levels:
++
++	  - Additional /proc restrictions
++	  - Chmod restrictions in chroot
++	  - No signals, ptrace, or viewing of processes outside of chroot
++	  - Capability restrictions in chroot
++	  - Deny fchdir out of chroot
++	  - Priority restrictions in chroot
++	  - Segmentation-based implementation of PaX
++	  - Mprotect restrictions
++	  - Removal of addresses from /proc/<pid>/[smaps|maps|stat]
++	  - Kernel stack randomization
++	  - Mount/unmount/remount logging
++	  - Kernel symbol hiding
++	  - Prevention of memory exhaustion-based exploits
++config GRKERNSEC_CUSTOM
++	bool "Custom"
++	help
++	  If you say Y here, you will be able to configure every grsecurity
++	  option, which allows you to enable many more features that aren't
++	  covered in the basic security levels.  These additional features
++	  include TPE, socket restrictions, and the sysctl system for
++	  grsecurity.  It is advised that you read through the help for
++	  each option to determine its usefulness in your situation.
++
++endchoice
++
++menu "Address Space Protection"
++depends on GRKERNSEC
++
++config GRKERNSEC_KMEM
++	bool "Deny writing to /dev/kmem, /dev/mem, and /dev/port"
++	help
++	  If you say Y here, /dev/kmem and /dev/mem won't be allowed to
++	  be written to via mmap or otherwise to modify the running kernel.
++	  /dev/port will also not be allowed to be opened. If you have module
++	  support disabled, enabling this will close up four ways that are
++	  currently used  to insert malicious code into the running kernel.
++	  Even with all these features enabled, we still highly recommend that
++	  you use the RBAC system, as it is still possible for an attacker to
++	  modify the running kernel through privileged I/O granted by ioperm/iopl.
++	  If you are not using XFree86, you may be able to stop this additional
++	  case by enabling the 'Disable privileged I/O' option. Though nothing
++	  legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem,
++	  but only to video memory, which is the only writing we allow in this
++	  case.  If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will
++	  not be allowed to mprotect it with PROT_WRITE later.
++	  It is highly recommended that you say Y here if you meet all the
++	  conditions above.
++
++config GRKERNSEC_IO
++	bool "Disable privileged I/O"
++	depends on X86
++	select RTC_CLASS
++	select RTC_INTF_DEV
++	select RTC_DRV_CMOS
++
++	help
++	  If you say Y here, all ioperm and iopl calls will return an error.
++	  Ioperm and iopl can be used to modify the running kernel.
++	  Unfortunately, some programs need this access to operate properly,
++	  the most notable of which are XFree86 and hwclock.  hwclock can be
++	  remedied by having RTC support in the kernel, so real-time 
++	  clock support is enabled if this option is enabled, to ensure 
++	  that hwclock operates correctly.  XFree86 still will not 
++	  operate correctly with this option enabled, so DO NOT CHOOSE Y 
++	  IF YOU USE XFree86.  If you use XFree86 and you still want to 
++	  protect your kernel against modification, use the RBAC system.
++
++config GRKERNSEC_PROC_MEMMAP
++	bool "Remove addresses from /proc/<pid>/[smaps|maps|stat]"
++	depends on PAX_NOEXEC || PAX_ASLR
++	help
++	  If you say Y here, the /proc/<pid>/maps and /proc/<pid>/stat files will
++	  give no information about the addresses of its mappings if
++	  PaX features that rely on random addresses are enabled on the task.
++	  If you use PaX it is greatly recommended that you say Y here as it
++	  closes up a hole that makes the full ASLR useless for suid
++	  binaries.
++
++config GRKERNSEC_BRUTE
++	bool "Deter exploit bruteforcing"
++	help
++	  If you say Y here, attempts to bruteforce exploits against forking
++	  daemons such as apache or sshd will be deterred.  When a child of a
++	  forking daemon is killed by PaX or crashes due to an illegal
++	  instruction, the parent process will be delayed 30 seconds upon every
++	  subsequent fork until the administrator is able to assess the
++	  situation and restart the daemon.  It is recommended that you also
++	  enable signal logging in the auditing section so that logs are
++	  generated when a process performs an illegal instruction.
++
++config GRKERNSEC_MODSTOP
++	bool "Runtime module disabling"
++	depends on MODULES
++	help
++	  If you say Y here, you will be able to disable the ability to (un)load
++	  modules at runtime.  This feature is useful if you need the ability
++	  to load kernel modules at boot time, but do not want to allow an
++	  attacker to load a rootkit kernel module into the system, or to remove
++	  a loaded kernel module important to system functioning.  You should
++	  enable the /dev/mem protection feature as well, since rootkits can be
++	  inserted into the kernel via other methods than kernel modules.  Since
++	  an untrusted module could still be loaded by modifying init scripts and
++	  rebooting the system, it is also recommended that you enable the RBAC
++	  system.  If you enable this option, a sysctl option with name
++	  "disable_modules" will be created.  Setting this option to "1" disables
++	  module loading.  After this option is set, no further writes to it are
++	  allowed until the system is rebooted.
++
++config GRKERNSEC_HIDESYM
++	bool "Hide kernel symbols"
++	help
++	  If you say Y here, getting information on loaded modules, and
++	  displaying all kernel symbols through a syscall will be restricted
++	  to users with CAP_SYS_MODULE.  This option is only effective
++	  provided the following conditions are met:
++	  1) The kernel using grsecurity is not precompiled by some distribution
++	  2) You are using the RBAC system and hiding other files such as your
++	     kernel image and System.map
++	  3) You have the additional /proc restrictions enabled, which removes
++	     /proc/kcore
++	  If the above conditions are met, this option will aid to provide a
++	  useful protection against local and remote kernel exploitation of
++	  overflows and arbitrary read/write vulnerabilities.
++
++endmenu
++menu "Role Based Access Control Options"
++depends on GRKERNSEC
++
++config GRKERNSEC_NO_RBAC
++	bool "Disable RBAC system"
++	help
++	  If you say Y here, the /dev/grsec device will be removed from the kernel,
++	  preventing the RBAC system from being enabled.  You should only say Y
++	  here if you have no intention of using the RBAC system, so as to prevent
++	  an attacker with root access from misusing the RBAC system to hide files
++	  and processes when loadable module support and /dev/[k]mem have been
++	  locked down.
++
++config GRKERNSEC_ACL_HIDEKERN
++	bool "Hide kernel processes"
++	help
++	  If you say Y here, all kernel threads will be hidden to all
++	  processes but those whose subject has the "view hidden processes"
++	  flag.
++
++config GRKERNSEC_ACL_MAXTRIES
++	int "Maximum tries before password lockout"
++	default 3
++	help
++	  This option enforces the maximum number of times a user can attempt
++	  to authorize themselves with the grsecurity RBAC system before being
++	  denied the ability to attempt authorization again for a specified time.
++	  The lower the number, the harder it will be to brute-force a password.
++
++config GRKERNSEC_ACL_TIMEOUT
++	int "Time to wait after max password tries, in seconds"
++	default 30
++	help
++	  This option specifies the time the user must wait after attempting to
++	  authorize to the RBAC system with the maximum number of invalid
++	  passwords.  The higher the number, the harder it will be to brute-force
++	  a password.
++
++endmenu
++menu "Filesystem Protections"
++depends on GRKERNSEC
++
++config GRKERNSEC_PROC
++	bool "Proc restrictions"
++	help
++	  If you say Y here, the permissions of the /proc filesystem
++	  will be altered to enhance system security and privacy.  You MUST
++  	  choose either a user only restriction or a user and group restriction.
++	  Depending upon the option you choose, you can either restrict users to
++	  see only the processes they themselves run, or choose a group that can
++	  view all processes and files normally restricted to root if you choose
++	  the "restrict to user only" option.  NOTE: If you're running identd as
++	  a non-root user, you will have to run it as the group you specify here.
++
++config GRKERNSEC_PROC_USER
++	bool "Restrict /proc to user only"
++	depends on GRKERNSEC_PROC
++	help
++	  If you say Y here, non-root users will only be able to view their own
++	  processes, and restricts them from viewing network-related information,
++	  and viewing kernel symbol and module information.
++
++config GRKERNSEC_PROC_USERGROUP
++	bool "Allow special group"
++	depends on GRKERNSEC_PROC && !GRKERNSEC_PROC_USER
++	help
++	  If you say Y here, you will be able to select a group that will be
++	  able to view all processes, network-related information, and
++	  kernel and symbol information.  This option is useful if you want
++	  to run identd as a non-root user.
++
++config GRKERNSEC_PROC_GID
++	int "GID for special group"
++	depends on GRKERNSEC_PROC_USERGROUP
++	default 1001
++
++config GRKERNSEC_PROC_ADD
++	bool "Additional restrictions"
++	depends on GRKERNSEC_PROC_USER || GRKERNSEC_PROC_USERGROUP
++	help
++	  If you say Y here, additional restrictions will be placed on
++	  /proc that keep normal users from viewing device information and 
++	  slabinfo information that could be useful for exploits.
++
++config GRKERNSEC_LINK
++	bool "Linking restrictions"
++	help
++	  If you say Y here, /tmp race exploits will be prevented, since users
++	  will no longer be able to follow symlinks owned by other users in
++	  world-writable +t directories (i.e. /tmp), unless the owner of the
++	  symlink is the owner of the directory. users will also not be
++	  able to hardlink to files they do not own.  If the sysctl option is
++	  enabled, a sysctl option with name "linking_restrictions" is created.
++
++config GRKERNSEC_FIFO
++	bool "FIFO restrictions"
++	help
++	  If you say Y here, users will not be able to write to FIFOs they don't
++	  own in world-writable +t directories (i.e. /tmp), unless the owner of
++	  the FIFO is the same owner of the directory it's held in.  If the sysctl
++	  option is enabled, a sysctl option with name "fifo_restrictions" is
++	  created.
++
++config GRKERNSEC_CHROOT
++	bool "Chroot jail restrictions"
++	help
++	  If you say Y here, you will be able to choose several options that will
++	  make breaking out of a chrooted jail much more difficult.  If you
++	  encounter no software incompatibilities with the following options, it
++	  is recommended that you enable each one.
++
++config GRKERNSEC_CHROOT_MOUNT
++	bool "Deny mounts"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to
++	  mount or remount filesystems.  If the sysctl option is enabled, a
++	  sysctl option with name "chroot_deny_mount" is created.
++
++config GRKERNSEC_CHROOT_DOUBLE
++	bool "Deny double-chroots"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to chroot
++	  again outside the chroot.  This is a widely used method of breaking
++	  out of a chroot jail and should not be allowed.  If the sysctl 
++	  option is enabled, a sysctl option with name 
++	  "chroot_deny_chroot" is created.
++
++config GRKERNSEC_CHROOT_PIVOT
++	bool "Deny pivot_root in chroot"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to use
++	  a function called pivot_root() that was introduced in Linux 2.3.41.  It
++	  works similar to chroot in that it changes the root filesystem.  This
++	  function could be misused in a chrooted process to attempt to break out
++	  of the chroot, and therefore should not be allowed.  If the sysctl
++	  option is enabled, a sysctl option with name "chroot_deny_pivot" is
++	  created.
++
++config GRKERNSEC_CHROOT_CHDIR
++	bool "Enforce chdir(\"/\") on all chroots"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, the current working directory of all newly-chrooted
++	  applications will be set to the the root directory of the chroot.
++	  The man page on chroot(2) states:
++	  Note that this call does not change  the  current  working
++	  directory,  so  that `.' can be outside the tree rooted at
++	  `/'.  In particular, the  super-user  can  escape  from  a
++	  `chroot jail' by doing `mkdir foo; chroot foo; cd ..'.
++
++	  It is recommended that you say Y here, since it's not known to break
++	  any software.  If the sysctl option is enabled, a sysctl option with
++	  name "chroot_enforce_chdir" is created.
++
++config GRKERNSEC_CHROOT_CHMOD
++	bool "Deny (f)chmod +s"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to chmod
++	  or fchmod files to make them have suid or sgid bits.  This protects
++	  against another published method of breaking a chroot.  If the sysctl
++	  option is enabled, a sysctl option with name "chroot_deny_chmod" is
++	  created.
++
++config GRKERNSEC_CHROOT_FCHDIR
++	bool "Deny fchdir out of chroot"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, a well-known method of breaking chroots by fchdir'ing
++	  to a file descriptor of the chrooting process that points to a directory
++	  outside the filesystem will be stopped.  If the sysctl option
++	  is enabled, a sysctl option with name "chroot_deny_fchdir" is created.
++
++config GRKERNSEC_CHROOT_MKNOD
++	bool "Deny mknod"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be allowed to
++	  mknod.  The problem with using mknod inside a chroot is that it
++	  would allow an attacker to create a device entry that is the same
++	  as one on the physical root of your system, which could range from
++	  anything from the console device to a device for your harddrive (which
++	  they could then use to wipe the drive or steal data).  It is recommended
++	  that you say Y here, unless you run into software incompatibilities.
++	  If the sysctl option is enabled, a sysctl option with name
++	  "chroot_deny_mknod" is created.
++
++config GRKERNSEC_CHROOT_SHMAT
++	bool "Deny shmat() out of chroot"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to attach
++	  to shared memory segments that were created outside of the chroot jail.
++	  It is recommended that you say Y here.  If the sysctl option is enabled,
++	  a sysctl option with name "chroot_deny_shmat" is created.
++
++config GRKERNSEC_CHROOT_UNIX
++	bool "Deny access to abstract AF_UNIX sockets out of chroot"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to
++	  connect to abstract (meaning not belonging to a filesystem) Unix
++	  domain sockets that were bound outside of a chroot.  It is recommended
++	  that you say Y here.  If the sysctl option is enabled, a sysctl option
++	  with name "chroot_deny_unix" is created.
++
++config GRKERNSEC_CHROOT_FINDTASK
++	bool "Protect outside processes"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to
++	  kill, send signals with fcntl, ptrace, capget, getpgid, getsid,
++	  or view any process outside of the chroot.  If the sysctl
++	  option is enabled, a sysctl option with name "chroot_findtask" is
++	  created.
++
++config GRKERNSEC_CHROOT_NICE
++	bool "Restrict priority changes"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, processes inside a chroot will not be able to raise
++	  the priority of processes in the chroot, or alter the priority of
++	  processes outside the chroot.  This provides more security than simply
++	  removing CAP_SYS_NICE from the process' capability set.  If the
++	  sysctl option is enabled, a sysctl option with name "chroot_restrict_nice"
++	  is created.
++
++config GRKERNSEC_CHROOT_SYSCTL
++	bool "Deny sysctl writes"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, an attacker in a chroot will not be able to
++	  write to sysctl entries, either by sysctl(2) or through a /proc
++	  interface.  It is strongly recommended that you say Y here. If the
++	  sysctl option is enabled, a sysctl option with name
++	  "chroot_deny_sysctl" is created.
++
++config GRKERNSEC_CHROOT_CAPS
++	bool "Capability restrictions"
++	depends on GRKERNSEC_CHROOT
++	help
++	  If you say Y here, the capabilities on all root processes within a
++	  chroot jail will be lowered to stop module insertion, raw i/o,
++	  system and net admin tasks, rebooting the system, modifying immutable
++	  files, modifying IPC owned by another, and changing the system time.
++	  This is left an option because it can break some apps.  Disable this
++	  if your chrooted apps are having problems performing those kinds of
++	  tasks.  If the sysctl option is enabled, a sysctl option with
++	  name "chroot_caps" is created.
++
++endmenu
++menu "Kernel Auditing"
++depends on GRKERNSEC
++
++config GRKERNSEC_AUDIT_GROUP
++	bool "Single group for auditing"
++	help
++	  If you say Y here, the exec, chdir, (un)mount, and ipc logging features
++	  will only operate on a group you specify.  This option is recommended
++	  if you only want to watch certain users instead of having a large
++	  amount of logs from the entire system.  If the sysctl option is enabled,
++	  a sysctl option with name "audit_group" is created.
++
++config GRKERNSEC_AUDIT_GID
++	int "GID for auditing"
++	depends on GRKERNSEC_AUDIT_GROUP
++	default 1007
++
++config GRKERNSEC_EXECLOG
++	bool "Exec logging"
++	help
++	  If you say Y here, all execve() calls will be logged (since the
++	  other exec*() calls are frontends to execve(), all execution
++	  will be logged).  Useful for shell-servers that like to keep track
++	  of their users.  If the sysctl option is enabled, a sysctl option with
++	  name "exec_logging" is created.
++	  WARNING: This option when enabled will produce a LOT of logs, especially
++	  on an active system.
++
++config GRKERNSEC_RESLOG
++	bool "Resource logging"
++	help
++	  If you say Y here, all attempts to overstep resource limits will
++	  be logged with the resource name, the requested size, and the current
++	  limit.  It is highly recommended that you say Y here.  If the sysctl
++	  option is enabled, a sysctl option with name "resource_logging" is
++	  created.  If the RBAC system is enabled, the sysctl value is ignored.
++
++config GRKERNSEC_CHROOT_EXECLOG
++	bool "Log execs within chroot"
++	help
++	  If you say Y here, all executions inside a chroot jail will be logged
++	  to syslog.  This can cause a large amount of logs if certain
++	  applications (eg. djb's daemontools) are installed on the system, and
++	  is therefore left as an option.  If the sysctl option is enabled, a
++	  sysctl option with name "chroot_execlog" is created.
++
++config GRKERNSEC_AUDIT_CHDIR
++	bool "Chdir logging"
++	help
++	  If you say Y here, all chdir() calls will be logged.  If the sysctl
++ 	  option is enabled, a sysctl option with name "audit_chdir" is created.
++
++config GRKERNSEC_AUDIT_MOUNT
++	bool "(Un)Mount logging"
++	help
++	  If you say Y here, all mounts and unmounts will be logged.  If the
++	  sysctl option is enabled, a sysctl option with name "audit_mount" is
++	  created.
++
++config GRKERNSEC_AUDIT_IPC
++	bool "IPC logging"
++	help
++	  If you say Y here, creation and removal of message queues, semaphores,
++	  and shared memory will be logged.  If the sysctl option is enabled, a
++	  sysctl option with name "audit_ipc" is created.
++
++config GRKERNSEC_SIGNAL
++	bool "Signal logging"
++	help
++	  If you say Y here, certain important signals will be logged, such as
++	  SIGSEGV, which will as a result inform you of when a error in a program
++	  occurred, which in some cases could mean a possible exploit attempt.
++	  If the sysctl option is enabled, a sysctl option with name
++	  "signal_logging" is created.
++
++config GRKERNSEC_FORKFAIL
++	bool "Fork failure logging"
++	help
++	  If you say Y here, all failed fork() attempts will be logged.
++	  This could suggest a fork bomb, or someone attempting to overstep
++	  their process limit.  If the sysctl option is enabled, a sysctl option
++	  with name "forkfail_logging" is created.
++
++config GRKERNSEC_TIME
++	bool "Time change logging"
++	help
++	  If you say Y here, any changes of the system clock will be logged.
++	  If the sysctl option is enabled, a sysctl option with name
++	  "timechange_logging" is created.
++
++config GRKERNSEC_PROC_IPADDR
++	bool "/proc/<pid>/ipaddr support"
++	help
++	  If you say Y here, a new entry will be added to each /proc/<pid>
++	  directory that contains the IP address of the person using the task.
++	  The IP is carried across local TCP and AF_UNIX stream sockets.
++	  This information can be useful for IDS/IPSes to perform remote response
++	  to a local attack.  The entry is readable by only the owner of the
++	  process (and root if he has CAP_DAC_OVERRIDE, which can be removed via
++	  the RBAC system), and thus does not create privacy concerns.
++
++config GRKERNSEC_AUDIT_TEXTREL
++	bool 'ELF text relocations logging (READ HELP)'
++	depends on PAX_MPROTECT
++	help
++	  If you say Y here, text relocations will be logged with the filename
++	  of the offending library or binary.  The purpose of the feature is
++	  to help Linux distribution developers get rid of libraries and
++	  binaries that need text relocations which hinder the future progress
++	  of PaX.  Only Linux distribution developers should say Y here, and
++	  never on a production machine, as this option creates an information
++	  leak that could aid an attacker in defeating the randomization of
++	  a single memory region.  If the sysctl option is enabled, a sysctl
++	  option with name "audit_textrel" is created.
++
++endmenu
++
++menu "Executable Protections"
++depends on GRKERNSEC
++
++config GRKERNSEC_EXECVE
++	bool "Enforce RLIMIT_NPROC on execs"
++	help
++	  If you say Y here, users with a resource limit on processes will
++	  have the value checked during execve() calls.  The current system
++	  only checks the system limit during fork() calls.  If the sysctl option
++	  is enabled, a sysctl option with name "execve_limiting" is created.
++
++config GRKERNSEC_DMESG
++	bool "Dmesg(8) restriction"
++	help
++	  If you say Y here, non-root users will not be able to use dmesg(8)
++	  to view up to the last 4kb of messages in the kernel's log buffer.
++	  If the sysctl option is enabled, a sysctl option with name "dmesg" is
++	  created.
++
++config GRKERNSEC_TPE
++	bool "Trusted Path Execution (TPE)"
++	help
++	  If you say Y here, you will be able to choose a gid to add to the
++	  supplementary groups of users you want to mark as "untrusted."
++	  These users will not be able to execute any files that are not in
++	  root-owned directories writable only by root.  If the sysctl option
++	  is enabled, a sysctl option with name "tpe" is created.
++
++config GRKERNSEC_TPE_ALL
++	bool "Partially restrict non-root users"
++	depends on GRKERNSEC_TPE
++	help
++	  If you say Y here, All non-root users other than the ones in the
++	  group specified in the main TPE option will only be allowed to
++	  execute files in directories they own that are not group or
++	  world-writable, or in directories owned by root and writable only by
++	  root.  If the sysctl option is enabled, a sysctl option with name
++	  "tpe_restrict_all" is created.
++
++config GRKERNSEC_TPE_INVERT
++	bool "Invert GID option"
++	depends on GRKERNSEC_TPE
++	help
++	  If you say Y here, the group you specify in the TPE configuration will
++	  decide what group TPE restrictions will be *disabled* for.  This
++	  option is useful if you want TPE restrictions to be applied to most
++	  users on the system.
++
++config GRKERNSEC_TPE_GID
++	int "GID for untrusted users"
++	depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT
++	default 1005
++	help
++	  If you have selected the "Invert GID option" above, setting this
++	  GID determines what group TPE restrictions will be *disabled* for.
++	  If you have not selected the "Invert GID option" above, setting this
++	  GID determines what group TPE restrictions will be *enabled* for.
++	  If the sysctl option is enabled, a sysctl option with name "tpe_gid"
++	  is created.
++
++config GRKERNSEC_TPE_GID
++	int "GID for trusted users"
++	depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT
++	default 1005
++	help
++	  If you have selected the "Invert GID option" above, setting this
++	  GID determines what group TPE restrictions will be *disabled* for.
++	  If you have not selected the "Invert GID option" above, setting this
++	  GID determines what group TPE restrictions will be *enabled* for.
++	  If the sysctl option is enabled, a sysctl option with name "tpe_gid"
++	  is created.
++
++endmenu
++menu "Network Protections"
++depends on GRKERNSEC
++
++config GRKERNSEC_RANDNET
++	bool "Larger entropy pools"
++	help
++	  If you say Y here, the entropy pools used for many features of Linux
++	  and grsecurity will be doubled in size.  Since several grsecurity
++	  features use additional randomness, it is recommended that you say Y
++	  here.  Saying Y here has a similar effect as modifying
++	  /proc/sys/kernel/random/poolsize.
++
++config GRKERNSEC_BLACKHOLE
++	bool "TCP/UDP blackhole"
++	help
++	  If you say Y here, neither TCP resets nor ICMP
++	  destination-unreachable packets will be sent in response to packets
++	  send to ports for which no associated listening process exists.
++	  This feature supports both IPV4 and IPV6 and exempts the 
++	  loopback interface from blackholing.  Enabling this feature 
++	  makes a host more resilient to DoS attacks and reduces network
++	  visibility against scanners.
++
++config GRKERNSEC_SOCKET
++	bool "Socket restrictions"
++	help
++	  If you say Y here, you will be able to choose from several options.
++	  If you assign a GID on your system and add it to the supplementary
++	  groups of users you want to restrict socket access to, this patch
++	  will perform up to three things, based on the option(s) you choose.
++
++config GRKERNSEC_SOCKET_ALL
++	bool "Deny any sockets to group"
++	depends on GRKERNSEC_SOCKET
++	help
++	  If you say Y here, you will be able to choose a GID of whose users will
++	  be unable to connect to other hosts from your machine or run server
++	  applications from your machine.  If the sysctl option is enabled, a
++	  sysctl option with name "socket_all" is created.
++
++config GRKERNSEC_SOCKET_ALL_GID
++	int "GID to deny all sockets for"
++	depends on GRKERNSEC_SOCKET_ALL
++	default 1004
++	help
++	  Here you can choose the GID to disable socket access for. Remember to
++	  add the users you want socket access disabled for to the GID
++	  specified here.  If the sysctl option is enabled, a sysctl option
++	  with name "socket_all_gid" is created.
++
++config GRKERNSEC_SOCKET_CLIENT
++	bool "Deny client sockets to group"
++	depends on GRKERNSEC_SOCKET
++	help
++	  If you say Y here, you will be able to choose a GID of whose users will
++	  be unable to connect to other hosts from your machine, but will be
++	  able to run servers.  If this option is enabled, all users in the group
++	  you specify will have to use passive mode when initiating ftp transfers
++	  from the shell on your machine.  If the sysctl option is enabled, a
++	  sysctl option with name "socket_client" is created.
++
++config GRKERNSEC_SOCKET_CLIENT_GID
++	int "GID to deny client sockets for"
++	depends on GRKERNSEC_SOCKET_CLIENT
++	default 1003
++	help
++	  Here you can choose the GID to disable client socket access for.
++	  Remember to add the users you want client socket access disabled for to
++	  the GID specified here.  If the sysctl option is enabled, a sysctl
++	  option with name "socket_client_gid" is created.
++
++config GRKERNSEC_SOCKET_SERVER
++	bool "Deny server sockets to group"
++	depends on GRKERNSEC_SOCKET
++	help
++	  If you say Y here, you will be able to choose a GID of whose users will
++	  be unable to run server applications from your machine.  If the sysctl
++	  option is enabled, a sysctl option with name "socket_server" is created.
++
++config GRKERNSEC_SOCKET_SERVER_GID
++	int "GID to deny server sockets for"
++	depends on GRKERNSEC_SOCKET_SERVER
++	default 1002
++	help
++	  Here you can choose the GID to disable server socket access for.
++	  Remember to add the users you want server socket access disabled for to
++	  the GID specified here.  If the sysctl option is enabled, a sysctl
++	  option with name "socket_server_gid" is created.
++
++endmenu
++menu "Sysctl support"
++depends on GRKERNSEC && SYSCTL
++
++config GRKERNSEC_SYSCTL
++	bool "Sysctl support"
++	help
++	  If you say Y here, you will be able to change the options that
++	  grsecurity runs with at bootup, without having to recompile your
++	  kernel.  You can echo values to files in /proc/sys/kernel/grsecurity
++	  to enable (1) or disable (0) various features.  All the sysctl entries
++	  are mutable until the "grsec_lock" entry is set to a non-zero value.
++	  All features enabled in the kernel configuration are disabled at boot
++	  if you do not say Y to the "Turn on features by default" option.
++	  All options should be set at startup, and the grsec_lock entry should
++	  be set to a non-zero value after all the options are set.
++	  *THIS IS EXTREMELY IMPORTANT*
++
++config GRKERNSEC_SYSCTL_ON
++	bool "Turn on features by default"
++	depends on GRKERNSEC_SYSCTL
++	help
++	  If you say Y here, instead of having all features enabled in the
++	  kernel configuration disabled at boot time, the features will be
++	  enabled at boot time.  It is recommended you say Y here unless
++	  there is some reason you would want all sysctl-tunable features to
++	  be disabled by default.  As mentioned elsewhere, it is important
++	  to enable the grsec_lock entry once you have finished modifying
++	  the sysctl entries.
++
++endmenu
++menu "Logging Options"
++depends on GRKERNSEC
++
++config GRKERNSEC_FLOODTIME
++	int "Seconds in between log messages (minimum)"
++	default 10
++	help
++	  This option allows you to enforce the number of seconds between
++	  grsecurity log messages.  The default should be suitable for most
++	  people, however, if you choose to change it, choose a value small enough
++	  to allow informative logs to be produced, but large enough to
++	  prevent flooding.
++
++config GRKERNSEC_FLOODBURST
++	int "Number of messages in a burst (maximum)"
++	default 4
++	help
++	  This option allows you to choose the maximum number of messages allowed
++	  within the flood time interval you chose in a separate option.  The
++	  default should be suitable for most people, however if you find that
++	  many of your logs are being interpreted as flooding, you may want to
++	  raise this value.
++
++endmenu
++
++endmenu
+diff -urNp linux-2.6.29.6/grsecurity/Makefile linux-2.6.29.6/grsecurity/Makefile
+--- linux-2.6.29.6/grsecurity/Makefile	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/grsecurity/Makefile	2009-07-23 17:34:32.180729893 -0400
+@@ -0,0 +1,21 @@
++# grsecurity's ACL system was originally written in 2001 by Michael Dalton
++# during 2001-2005 it has been completely redesigned by Brad Spengler
++# into an RBAC system
++#
++# All code in this directory and various hooks inserted throughout the kernel
++# are copyright Brad Spengler - Open Source Security, Inc., and released 
++# under the GPL v2 or higher
++
++obj-y = grsec_chdir.o grsec_chroot.o grsec_exec.o grsec_fifo.o grsec_fork.o \
++	grsec_mount.o grsec_sig.o grsec_sock.o grsec_sysctl.o \
++	grsec_time.o grsec_tpe.o grsec_ipc.o grsec_link.o grsec_textrel.o
++
++obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_ip.o gracl_segv.o \
++	gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
++	gracl_learn.o grsec_log.o
++obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
++
++ifndef CONFIG_GRKERNSEC
++obj-y += grsec_disabled.o
++endif
++
+diff -urNp linux-2.6.29.6/include/acpi/processor.h linux-2.6.29.6/include/acpi/processor.h
+--- linux-2.6.29.6/include/acpi/processor.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/acpi/processor.h	2009-07-23 18:40:28.648332539 -0400
+@@ -322,7 +322,7 @@ static inline int acpi_processor_ppc_has
+ int acpi_processor_tstate_has_changed(struct acpi_processor *pr);
+ int acpi_processor_get_throttling_info(struct acpi_processor *pr);
+ extern int acpi_processor_set_throttling(struct acpi_processor *pr, int state);
+-extern struct file_operations acpi_processor_throttling_fops;
++extern const struct file_operations acpi_processor_throttling_fops;
+ extern void acpi_processor_throttling_init(void);
+ /* in processor_idle.c */
+ int acpi_processor_power_init(struct acpi_processor *pr,
+@@ -336,7 +336,7 @@ extern struct cpuidle_driver acpi_idle_d
+ 
+ /* in processor_thermal.c */
+ int acpi_processor_get_limit_info(struct acpi_processor *pr);
+-extern struct file_operations acpi_processor_limit_fops;
++extern const struct file_operations acpi_processor_limit_fops;
+ extern struct thermal_cooling_device_ops processor_cooling_ops;
+ #ifdef CONFIG_CPU_FREQ
+ void acpi_thermal_cpufreq_init(void);
+diff -urNp linux-2.6.29.6/include/asm-frv/atomic.h linux-2.6.29.6/include/asm-frv/atomic.h
+--- linux-2.6.29.6/include/asm-frv/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-frv/atomic.h	2009-07-23 17:34:32.180729893 -0400
+@@ -114,6 +114,10 @@ static inline void atomic_dec(atomic_t *
+ 	atomic_sub_return(1, v);
+ }
+ 
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ #define atomic_dec_return(v)		atomic_sub_return(1, (v))
+ #define atomic_inc_return(v)		atomic_add_return(1, (v))
+ 
+diff -urNp linux-2.6.29.6/include/asm-frv/kmap_types.h linux-2.6.29.6/include/asm-frv/kmap_types.h
+--- linux-2.6.29.6/include/asm-frv/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-frv/kmap_types.h	2009-07-23 17:34:32.180729893 -0400
+@@ -23,6 +23,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/include/asm-generic/futex.h linux-2.6.29.6/include/asm-generic/futex.h
+--- linux-2.6.29.6/include/asm-generic/futex.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-generic/futex.h	2009-07-23 17:34:32.180729893 -0400
+@@ -6,7 +6,7 @@
+ #include <asm/errno.h>
+ 
+ static inline int
+-futex_atomic_op_inuser (int encoded_op, int __user *uaddr)
++futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr)
+ {
+ 	int op = (encoded_op >> 28) & 7;
+ 	int cmp = (encoded_op >> 24) & 15;
+@@ -48,7 +48,7 @@ futex_atomic_op_inuser (int encoded_op, 
+ }
+ 
+ static inline int
+-futex_atomic_cmpxchg_inatomic(int __user *uaddr, int oldval, int newval)
++futex_atomic_cmpxchg_inatomic(u32 __user *uaddr, int oldval, int newval)
+ {
+ 	return -ENOSYS;
+ }
+diff -urNp linux-2.6.29.6/include/asm-generic/int-l64.h linux-2.6.29.6/include/asm-generic/int-l64.h
+--- linux-2.6.29.6/include/asm-generic/int-l64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-generic/int-l64.h	2009-07-23 17:34:32.180729893 -0400
+@@ -44,6 +44,8 @@ typedef unsigned int u32;
+ typedef signed long s64;
+ typedef unsigned long u64;
+ 
++typedef unsigned int intoverflow_t __attribute__ ((mode(TI)));
++
+ #define S8_C(x)  x
+ #define U8_C(x)  x ## U
+ #define S16_C(x) x
+diff -urNp linux-2.6.29.6/include/asm-generic/int-ll64.h linux-2.6.29.6/include/asm-generic/int-ll64.h
+--- linux-2.6.29.6/include/asm-generic/int-ll64.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-generic/int-ll64.h	2009-07-23 17:34:32.180729893 -0400
+@@ -49,6 +49,8 @@ typedef unsigned int u32;
+ typedef signed long long s64;
+ typedef unsigned long long u64;
+ 
++typedef unsigned long long intoverflow_t;
++
+ #define S8_C(x)  x
+ #define U8_C(x)  x ## U
+ #define S16_C(x) x
+diff -urNp linux-2.6.29.6/include/asm-generic/vmlinux.lds.h linux-2.6.29.6/include/asm-generic/vmlinux.lds.h
+--- linux-2.6.29.6/include/asm-generic/vmlinux.lds.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-generic/vmlinux.lds.h	2009-07-23 17:34:32.181776916 -0400
+@@ -88,6 +88,7 @@
+ 	.rodata           : AT(ADDR(.rodata) - LOAD_OFFSET) {		\
+ 		VMLINUX_SYMBOL(__start_rodata) = .;			\
+ 		*(.rodata) *(.rodata.*)					\
++		*(.data.read_only)					\
+ 		*(__vermagic)		/* Kernel version magic */	\
+ 		*(__markers_strings)	/* Markers: strings */		\
+ 		*(__tracepoints_strings)/* Tracepoints: strings */	\
+diff -urNp linux-2.6.29.6/include/asm-m32r/atomic.h linux-2.6.29.6/include/asm-m32r/atomic.h
+--- linux-2.6.29.6/include/asm-m32r/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-m32r/atomic.h	2009-07-23 17:34:32.181776916 -0400
+@@ -308,6 +308,10 @@ static __inline__ void atomic_set_mask(u
+ 	local_irq_restore(flags);
+ }
+ 
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ /* Atomic operations are already serializing on m32r */
+ #define smp_mb__before_atomic_dec()	barrier()
+ #define smp_mb__after_atomic_dec()	barrier()
+diff -urNp linux-2.6.29.6/include/asm-m32r/kmap_types.h linux-2.6.29.6/include/asm-m32r/kmap_types.h
+--- linux-2.6.29.6/include/asm-m32r/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-m32r/kmap_types.h	2009-07-23 17:34:32.181776916 -0400
+@@ -21,7 +21,8 @@ D(9)	KM_IRQ0,
+ D(10)	KM_IRQ1,
+ D(11)	KM_SOFTIRQ0,
+ D(12)	KM_SOFTIRQ1,
+-D(13)	KM_TYPE_NR
++D(13)	KM_CLEARPAGE,
++D(14)	KM_TYPE_NR
+ };
+ 
+ #undef D
+diff -urNp linux-2.6.29.6/include/asm-mn10300/atomic.h linux-2.6.29.6/include/asm-mn10300/atomic.h
+--- linux-2.6.29.6/include/asm-mn10300/atomic.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-mn10300/atomic.h	2009-07-23 17:34:32.181776916 -0400
+@@ -145,6 +145,10 @@ static inline void atomic_clear_mask(uns
+ #define atomic_xchg(ptr, v)		(xchg(&(ptr)->counter, (v)))
+ #define atomic_cmpxchg(v, old, new)	(cmpxchg(&((v)->counter), (old), (new)))
+ 
++#define atomic_inc_unchecked(v) atomic_inc(v)
++#define atomic_add_unchecked(i,v) atomic_add((i),(v))
++#define atomic_sub_unchecked(i,v) atomic_sub((i),(v))
++
+ /* Atomic operations are already serializing on MN10300??? */
+ #define smp_mb__before_atomic_dec()	barrier()
+ #define smp_mb__after_atomic_dec()	barrier()
+diff -urNp linux-2.6.29.6/include/asm-mn10300/kmap_types.h linux-2.6.29.6/include/asm-mn10300/kmap_types.h
+--- linux-2.6.29.6/include/asm-mn10300/kmap_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/asm-mn10300/kmap_types.h	2009-07-23 17:34:32.181776916 -0400
+@@ -25,6 +25,7 @@ enum km_type {
+ 	KM_IRQ1,
+ 	KM_SOFTIRQ0,
+ 	KM_SOFTIRQ1,
++	KM_CLEARPAGE,
+ 	KM_TYPE_NR
+ };
+ 
+diff -urNp linux-2.6.29.6/include/drm/drm_pciids.h linux-2.6.29.6/include/drm/drm_pciids.h
+--- linux-2.6.29.6/include/drm/drm_pciids.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/drm/drm_pciids.h	2009-07-23 17:34:32.182748165 -0400
+@@ -243,7 +243,7 @@
+ 	{0x1002, 0x796d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS740|RADEON_IS_IGP|RADEON_NEW_MEMMAP|RADEON_IS_IGPGART}, \
+ 	{0x1002, 0x796e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS740|RADEON_IS_IGP|RADEON_NEW_MEMMAP|RADEON_IS_IGPGART}, \
+ 	{0x1002, 0x796f, PCI_ANY_ID, PCI_ANY_ID, 0, 0, CHIP_RS740|RADEON_IS_IGP|RADEON_NEW_MEMMAP|RADEON_IS_IGPGART}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define r128_PCI_IDS \
+ 	{0x1002, 0x4c45, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+@@ -283,14 +283,14 @@
+ 	{0x1002, 0x5446, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x1002, 0x544C, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x1002, 0x5452, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define mga_PCI_IDS \
+ 	{0x102b, 0x0520, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
+ 	{0x102b, 0x0521, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G200}, \
+ 	{0x102b, 0x0525, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G400}, \
+ 	{0x102b, 0x2527, PCI_ANY_ID, PCI_ANY_ID, 0, 0, MGA_CARD_TYPE_G550}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define mach64_PCI_IDS \
+ 	{0x1002, 0x4749, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+@@ -313,7 +313,7 @@
+ 	{0x1002, 0x4c53, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x1002, 0x4c4d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x1002, 0x4c4e, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define sisdrv_PCI_IDS \
+ 	{0x1039, 0x0300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+@@ -324,7 +324,7 @@
+ 	{0x1039, 0x7300, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x18CA, 0x0040, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
+ 	{0x18CA, 0x0042, PCI_ANY_ID, PCI_ANY_ID, 0, 0, SIS_CHIP_315}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define tdfx_PCI_IDS \
+ 	{0x121a, 0x0003, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+@@ -333,7 +333,7 @@
+ 	{0x121a, 0x0007, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x121a, 0x0009, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x121a, 0x000b, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define viadrv_PCI_IDS \
+ 	{0x1106, 0x3022, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+@@ -345,25 +345,25 @@
+ 	{0x1106, 0x3343, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x1106, 0x3230, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_DX9_0}, \
+ 	{0x1106, 0x3157, PCI_ANY_ID, PCI_ANY_ID, 0, 0, VIA_PRO_GROUP_A}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define i810_PCI_IDS \
+ 	{0x8086, 0x7121, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x8086, 0x7123, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x8086, 0x7125, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x8086, 0x1132, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define i830_PCI_IDS \
+ 	{0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x8086, 0x2562, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x8086, 0x3582, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+ 	{0x8086, 0x2572, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define gamma_PCI_IDS \
+ 	{0x3d3d, 0x0008, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define savage_PCI_IDS \
+ 	{0x5333, 0x8a20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_SAVAGE3D}, \
+@@ -389,10 +389,10 @@
+ 	{0x5333, 0x8d02, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_TWISTER}, \
+ 	{0x5333, 0x8d03, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
+ 	{0x5333, 0x8d04, PCI_ANY_ID, PCI_ANY_ID, 0, 0, S3_PROSAVAGEDDR}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define ffb_PCI_IDS \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+ 
+ #define i915_PCI_IDS \
+ 	{0x8086, 0x3577, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
+@@ -419,4 +419,4 @@
+ 	{0x8086, 0x2e12, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
+ 	{0x8086, 0x2e22, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
+ 	{0x8086, 0x2e32, PCI_ANY_ID, PCI_ANY_ID, PCI_CLASS_DISPLAY_VGA << 8, 0xffff00, 0}, \
+-	{0, 0, 0}
++	{0, 0, 0, 0, 0, 0}
+diff -urNp linux-2.6.29.6/include/drm/drmP.h linux-2.6.29.6/include/drm/drmP.h
+--- linux-2.6.29.6/include/drm/drmP.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/drm/drmP.h	2009-07-23 18:40:27.472293076 -0400
+@@ -769,7 +769,7 @@ struct drm_driver {
+ 	void (*gem_free_object) (struct drm_gem_object *obj);
+ 
+ 	/* Driver private ops for this object */
+-	struct vm_operations_struct *gem_vm_ops;
++	const struct vm_operations_struct *gem_vm_ops;
+ 
+ 	int major;
+ 	int minor;
+@@ -825,7 +825,7 @@ struct drm_device {
+ 
+ 	/** \name Usage Counters */
+ 	/*@{ */
+-	int open_count;			/**< Outstanding files open */
++	atomic_t open_count;		/**< Outstanding files open */
+ 	atomic_t ioctl_count;		/**< Outstanding IOCTLs pending */
+ 	atomic_t vma_count;		/**< Outstanding vma areas open */
+ 	int buf_use;			/**< Buffers in use -- cannot alloc */
+@@ -836,7 +836,7 @@ struct drm_device {
+ 	/*@{ */
+ 	unsigned long counters;
+ 	enum drm_stat_type types[15];
+-	atomic_t counts[15];
++	atomic_unchecked_t counts[15];
+ 	/*@} */
+ 
+ 	struct list_head filelist;
+diff -urNp linux-2.6.29.6/include/linux/a.out.h linux-2.6.29.6/include/linux/a.out.h
+--- linux-2.6.29.6/include/linux/a.out.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/a.out.h	2009-07-23 17:34:32.184929094 -0400
+@@ -39,6 +39,14 @@ enum machine_type {
+   M_MIPS2 = 152		/* MIPS R6000/R4000 binary */
+ };
+ 
++/* Constants for the N_FLAGS field */
++#define F_PAX_PAGEEXEC	1	/* Paging based non-executable pages */
++#define F_PAX_EMUTRAMP	2	/* Emulate trampolines */
++#define F_PAX_MPROTECT	4	/* Restrict mprotect() */
++#define F_PAX_RANDMMAP	8	/* Randomize mmap() base */
++/*#define F_PAX_RANDEXEC	16*/	/* Randomize ET_EXEC base */
++#define F_PAX_SEGMEXEC	32	/* Segmentation based non-executable pages */
++
+ #if !defined (N_MAGIC)
+ #define N_MAGIC(exec) ((exec).a_info & 0xffff)
+ #endif
+diff -urNp linux-2.6.29.6/include/linux/atmdev.h linux-2.6.29.6/include/linux/atmdev.h
+--- linux-2.6.29.6/include/linux/atmdev.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/atmdev.h	2009-07-23 17:34:32.185714643 -0400
+@@ -237,7 +237,7 @@ struct compat_atm_iobuf {
+ #endif
+ 
+ struct k_atm_aal_stats {
+-#define __HANDLE_ITEM(i) atomic_t i
++#define __HANDLE_ITEM(i) atomic_unchecked_t i
+ 	__AAL_STAT_ITEMS
+ #undef __HANDLE_ITEM
+ };
+diff -urNp linux-2.6.29.6/include/linux/binfmts.h linux-2.6.29.6/include/linux/binfmts.h
+--- linux-2.6.29.6/include/linux/binfmts.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/binfmts.h	2009-07-23 17:34:32.186791450 -0400
+@@ -79,6 +79,7 @@ struct linux_binfmt {
+ 	int (*load_binary)(struct linux_binprm *, struct  pt_regs * regs);
+ 	int (*load_shlib)(struct file *);
+ 	int (*core_dump)(long signr, struct pt_regs *regs, struct file *file, unsigned long limit);
++	void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
+ 	unsigned long min_coredump;	/* minimal dump size */
+ 	int hasvdso;
+ };
+diff -urNp linux-2.6.29.6/include/linux/cache.h linux-2.6.29.6/include/linux/cache.h
+--- linux-2.6.29.6/include/linux/cache.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/cache.h	2009-07-23 17:34:32.186791450 -0400
+@@ -16,6 +16,10 @@
+ #define __read_mostly
+ #endif
+ 
++#ifndef __read_only
++#define __read_only __read_mostly
++#endif
++
+ #ifndef ____cacheline_aligned
+ #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES)))
+ #endif
+diff -urNp linux-2.6.29.6/include/linux/capability.h linux-2.6.29.6/include/linux/capability.h
+--- linux-2.6.29.6/include/linux/capability.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/capability.h	2009-07-23 17:34:32.186791450 -0400
+@@ -563,6 +563,7 @@ extern const kernel_cap_t __cap_init_eff
+ 	(security_real_capable_noaudit((t), (cap)) == 0)
+ 
+ extern int capable(int cap);
++int capable_nolog(int cap);
+ 
+ /* audit system wants to get cap info from files as well */
+ struct dentry;
+diff -urNp linux-2.6.29.6/include/linux/cgroup.h linux-2.6.29.6/include/linux/cgroup.h
+--- linux-2.6.29.6/include/linux/cgroup.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/cgroup.h	2009-07-23 18:40:28.658648615 -0400
+@@ -35,7 +35,7 @@ extern void cgroup_exit(struct task_stru
+ extern int cgroupstats_build(struct cgroupstats *stats,
+ 				struct dentry *dentry);
+ 
+-extern struct file_operations proc_cgroup_operations;
++extern const struct file_operations proc_cgroup_operations;
+ 
+ /* Define the enumeration of all cgroup subsystems */
+ #define SUBSYS(_x) _x ## _subsys_id,
+diff -urNp linux-2.6.29.6/include/linux/cpumask.h linux-2.6.29.6/include/linux/cpumask.h
+--- linux-2.6.29.6/include/linux/cpumask.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/cpumask.h	2009-07-23 17:34:32.187810630 -0400
+@@ -142,7 +142,6 @@
+ #include <linux/bitmap.h>
+ 
+ typedef struct cpumask { DECLARE_BITMAP(bits, NR_CPUS); } cpumask_t;
+-extern cpumask_t _unused_cpumask_arg_;
+ 
+ #ifndef CONFIG_DISABLE_OBSOLETE_CPUMASK_FUNCTIONS
+ #define cpu_set(cpu, dst) __cpu_set((cpu), &(dst))
+diff -urNp linux-2.6.29.6/include/linux/dcache.h linux-2.6.29.6/include/linux/dcache.h
+--- linux-2.6.29.6/include/linux/dcache.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/dcache.h	2009-07-23 18:40:28.672304095 -0400
+@@ -112,7 +112,7 @@ struct dentry {
+ 	struct list_head d_subdirs;	/* our children */
+ 	struct list_head d_alias;	/* inode alias list */
+ 	unsigned long d_time;		/* used by d_revalidate */
+-	struct dentry_operations *d_op;
++	const struct dentry_operations *d_op;
+ 	struct super_block *d_sb;	/* The root of the dentry tree */
+ 	void *d_fsdata;			/* fs-specific data */
+ 
+diff -urNp linux-2.6.29.6/include/linux/elf.h linux-2.6.29.6/include/linux/elf.h
+--- linux-2.6.29.6/include/linux/elf.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/elf.h	2009-07-23 17:34:32.187810630 -0400
+@@ -49,6 +49,17 @@ typedef __s64	Elf64_Sxword;
+ #define PT_GNU_EH_FRAME		0x6474e550
+ 
+ #define PT_GNU_STACK	(PT_LOOS + 0x474e551)
++#define PT_GNU_RELRO	(PT_LOOS + 0x474e552)
++
++#define PT_PAX_FLAGS	(PT_LOOS + 0x5041580)
++
++/* Constants for the e_flags field */
++#define EF_PAX_PAGEEXEC		1	/* Paging based non-executable pages */
++#define EF_PAX_EMUTRAMP		2	/* Emulate trampolines */
++#define EF_PAX_MPROTECT		4	/* Restrict mprotect() */
++#define EF_PAX_RANDMMAP		8	/* Randomize mmap() base */
++/*#define EF_PAX_RANDEXEC		16*/	/* Randomize ET_EXEC base */
++#define EF_PAX_SEGMEXEC		32	/* Segmentation based non-executable pages */
+ 
+ /* These constants define the different elf file types */
+ #define ET_NONE   0
+@@ -84,6 +95,8 @@ typedef __s64	Elf64_Sxword;
+ #define DT_DEBUG	21
+ #define DT_TEXTREL	22
+ #define DT_JMPREL	23
++#define DT_FLAGS	30
++  #define DF_TEXTREL  0x00000004
+ #define DT_ENCODING	32
+ #define OLD_DT_LOOS	0x60000000
+ #define DT_LOOS		0x6000000d
+@@ -230,6 +243,19 @@ typedef struct elf64_hdr {
+ #define PF_W		0x2
+ #define PF_X		0x1
+ 
++#define PF_PAGEEXEC	(1U << 4)	/* Enable  PAGEEXEC */
++#define PF_NOPAGEEXEC	(1U << 5)	/* Disable PAGEEXEC */
++#define PF_SEGMEXEC	(1U << 6)	/* Enable  SEGMEXEC */
++#define PF_NOSEGMEXEC	(1U << 7)	/* Disable SEGMEXEC */
++#define PF_MPROTECT	(1U << 8)	/* Enable  MPROTECT */
++#define PF_NOMPROTECT	(1U << 9)	/* Disable MPROTECT */
++/*#define PF_RANDEXEC	(1U << 10)*/	/* Enable  RANDEXEC */
++/*#define PF_NORANDEXEC	(1U << 11)*/	/* Disable RANDEXEC */
++#define PF_EMUTRAMP	(1U << 12)	/* Enable  EMUTRAMP */
++#define PF_NOEMUTRAMP	(1U << 13)	/* Disable EMUTRAMP */
++#define PF_RANDMMAP	(1U << 14)	/* Enable  RANDMMAP */
++#define PF_NORANDMMAP	(1U << 15)	/* Disable RANDMMAP */
++
+ typedef struct elf32_phdr{
+   Elf32_Word	p_type;
+   Elf32_Off	p_offset;
+@@ -322,6 +348,8 @@ typedef struct elf64_shdr {
+ #define	EI_OSABI	7
+ #define	EI_PAD		8
+ 
++#define	EI_PAX		14
++
+ #define	ELFMAG0		0x7f		/* EI_MAG */
+ #define	ELFMAG1		'E'
+ #define	ELFMAG2		'L'
+@@ -385,6 +413,7 @@ extern Elf32_Dyn _DYNAMIC [];
+ #define elf_phdr	elf32_phdr
+ #define elf_note	elf32_note
+ #define elf_addr_t	Elf32_Off
++#define elf_dyn		Elf32_Dyn
+ 
+ #else
+ 
+@@ -393,6 +422,7 @@ extern Elf64_Dyn _DYNAMIC [];
+ #define elf_phdr	elf64_phdr
+ #define elf_note	elf64_note
+ #define elf_addr_t	Elf64_Off
++#define elf_dyn		Elf64_Dyn
+ 
+ #endif
+ 
+diff -urNp linux-2.6.29.6/include/linux/fs.h linux-2.6.29.6/include/linux/fs.h
+--- linux-2.6.29.6/include/linux/fs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/fs.h	2009-07-23 18:40:28.682280722 -0400
+@@ -2207,7 +2207,7 @@ static int __fops ## _open(struct inode 
+ 	__simple_attr_check_format(__fmt, 0ull);			\
+ 	return simple_attr_open(inode, file, __get, __set, __fmt);	\
+ }									\
+-static struct file_operations __fops = {				\
++static const struct file_operations __fops = {				\
+ 	.owner	 = THIS_MODULE,						\
+ 	.open	 = __fops ## _open,					\
+ 	.release = simple_attr_release,					\
+diff -urNp linux-2.6.29.6/include/linux/fs_struct.h linux-2.6.29.6/include/linux/fs_struct.h
+--- linux-2.6.29.6/include/linux/fs_struct.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/fs_struct.h	2009-07-23 17:34:32.187810630 -0400
+@@ -4,7 +4,7 @@
+ #include <linux/path.h>
+ 
+ struct fs_struct {
+-	int users;
++	atomic_t users;
+ 	rwlock_t lock;
+ 	int umask;
+ 	int in_exec;
+diff -urNp linux-2.6.29.6/include/linux/genhd.h linux-2.6.29.6/include/linux/genhd.h
+--- linux-2.6.29.6/include/linux/genhd.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/genhd.h	2009-07-23 17:34:32.188714513 -0400
+@@ -159,7 +159,7 @@ struct gendisk {
+ 
+ 	struct timer_rand_state *random;
+ 
+-	atomic_t sync_io;		/* RAID */
++	atomic_unchecked_t sync_io;	/* RAID */
+ 	struct work_struct async_notify;
+ #ifdef  CONFIG_BLK_DEV_INTEGRITY
+ 	struct blk_integrity *integrity;
+diff -urNp linux-2.6.29.6/include/linux/gracl.h linux-2.6.29.6/include/linux/gracl.h
+--- linux-2.6.29.6/include/linux/gracl.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/include/linux/gracl.h	2009-07-23 17:34:32.188714513 -0400
+@@ -0,0 +1,318 @@
++#ifndef GR_ACL_H
++#define GR_ACL_H
++
++#include <linux/grdefs.h>
++#include <linux/resource.h>
++#include <linux/capability.h>
++#include <linux/dcache.h>
++#include <asm/resource.h>
++
++/* Major status information */
++
++#define GR_VERSION  "grsecurity 2.1.14"
++#define GRSECURITY_VERSION 0x2114
++
++enum {
++	GR_SHUTDOWN = 0,
++	GR_ENABLE = 1,
++	GR_SPROLE = 2,
++	GR_RELOAD = 3,
++	GR_SEGVMOD = 4,
++	GR_STATUS = 5,
++	GR_UNSPROLE = 6,
++	GR_PASSSET = 7,
++	GR_SPROLEPAM = 8,
++};
++
++/* Password setup definitions
++ * kernel/grhash.c */
++enum {
++	GR_PW_LEN = 128,
++	GR_SALT_LEN = 16,
++	GR_SHA_LEN = 32,
++};
++
++enum {
++	GR_SPROLE_LEN = 64,
++};
++
++#define GR_NLIMITS 32
++
++/* Begin Data Structures */
++
++struct sprole_pw {
++	unsigned char *rolename;
++	unsigned char salt[GR_SALT_LEN];
++	unsigned char sum[GR_SHA_LEN];	/* 256-bit SHA hash of the password */
++};
++
++struct name_entry {
++	__u32 key;
++	ino_t inode;
++	dev_t device;
++	char *name;
++	__u16 len;
++	__u8 deleted;
++	struct name_entry *prev;
++	struct name_entry *next;
++};
++
++struct inodev_entry {
++	struct name_entry *nentry;
++	struct inodev_entry *prev;
++	struct inodev_entry *next;
++};
++
++struct acl_role_db {
++	struct acl_role_label **r_hash;
++	__u32 r_size;
++};
++
++struct inodev_db {
++	struct inodev_entry **i_hash;
++	__u32 i_size;
++};
++
++struct name_db {
++	struct name_entry **n_hash;
++	__u32 n_size;
++};
++
++struct crash_uid {
++	uid_t uid;
++	unsigned long expires;
++};
++
++struct gr_hash_struct {
++	void **table;
++	void **nametable;
++	void *first;
++	__u32 table_size;
++	__u32 used_size;
++	int type;
++};
++
++/* Userspace Grsecurity ACL data structures */
++
++struct acl_subject_label {
++	char *filename;
++	ino_t inode;
++	dev_t device;
++	__u32 mode;
++	kernel_cap_t cap_mask;
++	kernel_cap_t cap_lower;
++
++	struct rlimit res[GR_NLIMITS];
++	__u32 resmask;
++
++	__u8 user_trans_type;
++	__u8 group_trans_type;
++	uid_t *user_transitions;
++	gid_t *group_transitions;
++	__u16 user_trans_num;
++	__u16 group_trans_num;
++
++	__u32 ip_proto[8];
++	__u32 ip_type;
++	struct acl_ip_label **ips;
++	__u32 ip_num;
++	__u32 inaddr_any_override;
++
++	__u32 crashes;
++	unsigned long expires;
++
++	struct acl_subject_label *parent_subject;
++	struct gr_hash_struct *hash;
++	struct acl_subject_label *prev;
++	struct acl_subject_label *next;
++
++	struct acl_object_label **obj_hash;
++	__u32 obj_hash_size;
++	__u16 pax_flags;
++};
++
++struct role_allowed_ip {
++	__u32 addr;
++	__u32 netmask;
++
++	struct role_allowed_ip *prev;
++	struct role_allowed_ip *next;
++};
++
++struct role_transition {
++	char *rolename;
++
++	struct role_transition *prev;
++	struct role_transition *next;
++};
++
++struct acl_role_label {
++	char *rolename;
++	uid_t uidgid;
++	__u16 roletype;
++
++	__u16 auth_attempts;
++	unsigned long expires;
++
++	struct acl_subject_label *root_label;
++	struct gr_hash_struct *hash;
++
++	struct acl_role_label *prev;
++	struct acl_role_label *next;
++
++	struct role_transition *transitions;
++	struct role_allowed_ip *allowed_ips;
++	uid_t *domain_children;
++	__u16 domain_child_num;
++
++	struct acl_subject_label **subj_hash;
++	__u32 subj_hash_size;
++};
++
++struct user_acl_role_db {
++	struct acl_role_label **r_table;
++	__u32 num_pointers;		/* Number of allocations to track */
++	__u32 num_roles;		/* Number of roles */
++	__u32 num_domain_children;	/* Number of domain children */
++	__u32 num_subjects;		/* Number of subjects */
++	__u32 num_objects;		/* Number of objects */
++};
++
++struct acl_object_label {
++	char *filename;
++	ino_t inode;
++	dev_t device;
++	__u32 mode;
++
++	struct acl_subject_label *nested;
++	struct acl_object_label *globbed;
++
++	/* next two structures not used */
++
++	struct acl_object_label *prev;
++	struct acl_object_label *next;
++};
++
++struct acl_ip_label {
++	char *iface;
++	__u32 addr;
++	__u32 netmask;
++	__u16 low, high;
++	__u8 mode;
++	__u32 type;
++	__u32 proto[8];
++
++	/* next two structures not used */
++
++	struct acl_ip_label *prev;
++	struct acl_ip_label *next;
++};
++
++struct gr_arg {
++	struct user_acl_role_db role_db;
++	unsigned char pw[GR_PW_LEN];
++	unsigned char salt[GR_SALT_LEN];
++	unsigned char sum[GR_SHA_LEN];
++	unsigned char sp_role[GR_SPROLE_LEN];
++	struct sprole_pw *sprole_pws;
++	dev_t segv_device;
++	ino_t segv_inode;
++	uid_t segv_uid;
++	__u16 num_sprole_pws;
++	__u16 mode;
++};
++
++struct gr_arg_wrapper {
++	struct gr_arg *arg;
++	__u32 version;
++	__u32 size;
++};
++
++struct subject_map {
++	struct acl_subject_label *user;
++	struct acl_subject_label *kernel;
++	struct subject_map *prev;
++	struct subject_map *next;
++};
++
++struct acl_subj_map_db {
++	struct subject_map **s_hash;
++	__u32 s_size;
++};
++
++/* End Data Structures Section */
++
++/* Hash functions generated by empirical testing by Brad Spengler
++   Makes good use of the low bits of the inode.  Generally 0-1 times
++   in loop for successful match.  0-3 for unsuccessful match.
++   Shift/add algorithm with modulus of table size and an XOR*/
++
++static __inline__ unsigned int
++rhash(const uid_t uid, const __u16 type, const unsigned int sz)
++{
++	return (((uid << type) + (uid ^ type)) % sz);
++}
++
++ static __inline__ unsigned int
++shash(const struct acl_subject_label *userp, const unsigned int sz)
++{
++	return ((const unsigned long)userp % sz);
++}
++
++static __inline__ unsigned int
++fhash(const ino_t ino, const dev_t dev, const unsigned int sz)
++{
++	return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz);
++}
++
++static __inline__ unsigned int
++nhash(const char *name, const __u16 len, const unsigned int sz)
++{
++	return full_name_hash(name, len) % sz;
++}
++
++#define FOR_EACH_ROLE_START(role,iter) \
++	role = NULL; \
++	iter = 0; \
++	while (iter < acl_role_set.r_size) { \
++		if (role == NULL) \
++			role = acl_role_set.r_hash[iter]; \
++		if (role == NULL) { \
++			iter++; \
++			continue; \
++		}
++
++#define FOR_EACH_ROLE_END(role,iter) \
++		role = role->next; \
++		if (role == NULL) \
++			iter++; \
++	}
++
++#define FOR_EACH_SUBJECT_START(role,subj,iter) \
++	subj = NULL; \
++	iter = 0; \
++	while (iter < role->subj_hash_size) { \
++		if (subj == NULL) \
++			subj = role->subj_hash[iter]; \
++		if (subj == NULL) { \
++			iter++; \
++			continue; \
++		}
++
++#define FOR_EACH_SUBJECT_END(subj,iter) \
++		subj = subj->next; \
++		if (subj == NULL) \
++			iter++; \
++	}
++
++
++#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
++	subj = role->hash->first; \
++	while (subj != NULL) {
++
++#define FOR_EACH_NESTED_SUBJECT_END(subj) \
++		subj = subj->next; \
++	}
++
++#endif
++
+diff -urNp linux-2.6.29.6/include/linux/gralloc.h linux-2.6.29.6/include/linux/gralloc.h
+--- linux-2.6.29.6/include/linux/gralloc.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/include/linux/gralloc.h	2009-07-23 17:34:32.188714513 -0400
+@@ -0,0 +1,9 @@
++#ifndef __GRALLOC_H
++#define __GRALLOC_H
++
++void acl_free_all(void);
++int acl_alloc_stack_init(unsigned long size);
++void *acl_alloc(unsigned long len);
++void *acl_alloc_num(unsigned long num, unsigned long len);
++
++#endif
+diff -urNp linux-2.6.29.6/include/linux/grdefs.h linux-2.6.29.6/include/linux/grdefs.h
+--- linux-2.6.29.6/include/linux/grdefs.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/include/linux/grdefs.h	2009-07-23 17:34:32.188714513 -0400
+@@ -0,0 +1,136 @@
++#ifndef GRDEFS_H
++#define GRDEFS_H
++
++/* Begin grsecurity status declarations */
++
++enum {
++	GR_READY = 0x01,
++	GR_STATUS_INIT = 0x00	// disabled state
++};
++
++/* Begin  ACL declarations */
++
++/* Role flags */
++
++enum {
++	GR_ROLE_USER = 0x0001,
++	GR_ROLE_GROUP = 0x0002,
++	GR_ROLE_DEFAULT = 0x0004,
++	GR_ROLE_SPECIAL = 0x0008,
++	GR_ROLE_AUTH = 0x0010,
++	GR_ROLE_NOPW = 0x0020,
++	GR_ROLE_GOD = 0x0040,
++	GR_ROLE_LEARN = 0x0080,
++	GR_ROLE_TPE = 0x0100,
++	GR_ROLE_DOMAIN = 0x0200,
++	GR_ROLE_PAM = 0x0400
++};
++
++/* ACL Subject and Object mode flags */
++enum {
++	GR_DELETED = 0x80000000
++};
++
++/* ACL Object-only mode flags */
++enum {
++	GR_READ 	= 0x00000001,
++	GR_APPEND 	= 0x00000002,
++	GR_WRITE 	= 0x00000004,
++	GR_EXEC 	= 0x00000008,
++	GR_FIND 	= 0x00000010,
++	GR_INHERIT 	= 0x00000020,
++	GR_SETID 	= 0x00000040,
++	GR_CREATE 	= 0x00000080,
++	GR_DELETE 	= 0x00000100,
++	GR_LINK		= 0x00000200,
++	GR_AUDIT_READ 	= 0x00000400,
++	GR_AUDIT_APPEND = 0x00000800,
++	GR_AUDIT_WRITE 	= 0x00001000,
++	GR_AUDIT_EXEC 	= 0x00002000,
++	GR_AUDIT_FIND 	= 0x00004000,
++	GR_AUDIT_INHERIT= 0x00008000,
++	GR_AUDIT_SETID 	= 0x00010000,
++	GR_AUDIT_CREATE = 0x00020000,
++	GR_AUDIT_DELETE = 0x00040000,
++	GR_AUDIT_LINK	= 0x00080000,
++	GR_PTRACERD 	= 0x00100000,
++	GR_NOPTRACE	= 0x00200000,
++	GR_SUPPRESS 	= 0x00400000,
++	GR_NOLEARN 	= 0x00800000
++};
++
++#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
++		   GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
++		   GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
++
++/* ACL subject-only mode flags */
++enum {
++	GR_KILL 	= 0x00000001,
++	GR_VIEW 	= 0x00000002,
++	GR_PROTECTED 	= 0x00000004,
++	GR_LEARN 	= 0x00000008,
++	GR_OVERRIDE 	= 0x00000010,
++	/* just a placeholder, this mode is only used in userspace */
++	GR_DUMMY 	= 0x00000020,
++	GR_PROTSHM	= 0x00000040,
++	GR_KILLPROC	= 0x00000080,
++	GR_KILLIPPROC	= 0x00000100,
++	/* just a placeholder, this mode is only used in userspace */
++	GR_NOTROJAN	= 0x00000200,
++	GR_PROTPROCFD	= 0x00000400,
++	GR_PROCACCT	= 0x00000800,
++	GR_RELAXPTRACE	= 0x00001000,
++	GR_NESTED	= 0x00002000,
++	GR_INHERITLEARN	= 0x00004000,
++	GR_PROCFIND	= 0x00008000,
++	GR_POVERRIDE	= 0x00010000,
++	GR_KERNELAUTH	= 0x00020000,
++};
++
++enum {
++	GR_PAX_ENABLE_SEGMEXEC	= 0x0001,
++	GR_PAX_ENABLE_PAGEEXEC	= 0x0002,
++	GR_PAX_ENABLE_MPROTECT	= 0x0004,
++	GR_PAX_ENABLE_RANDMMAP	= 0x0008,
++	GR_PAX_ENABLE_EMUTRAMP	= 0x0010,
++	GR_PAX_DISABLE_SEGMEXEC	= 0x0100,
++	GR_PAX_DISABLE_PAGEEXEC	= 0x0200,
++	GR_PAX_DISABLE_MPROTECT	= 0x0400,
++	GR_PAX_DISABLE_RANDMMAP	= 0x0800,
++	GR_PAX_DISABLE_EMUTRAMP	= 0x1000,
++};
++
++enum {
++	GR_ID_USER	= 0x01,
++	GR_ID_GROUP	= 0x02,
++};
++
++enum {
++	GR_ID_ALLOW	= 0x01,
++	GR_ID_DENY	= 0x02,
++};
++
++#define GR_CRASH_RES	31
++#define GR_UIDTABLE_MAX 500
++
++/* begin resource learning section */
++enum {
++	GR_RLIM_CPU_BUMP = 60,
++	GR_RLIM_FSIZE_BUMP = 50000,
++	GR_RLIM_DATA_BUMP = 10000,
++	GR_RLIM_STACK_BUMP = 1000,
++	GR_RLIM_CORE_BUMP = 10000,
++	GR_RLIM_RSS_BUMP = 500000,
++	GR_RLIM_NPROC_BUMP = 1,
++	GR_RLIM_NOFILE_BUMP = 5,
++	GR_RLIM_MEMLOCK_BUMP = 50000,
++	GR_RLIM_AS_BUMP = 500000,
++	GR_RLIM_LOCKS_BUMP = 2,
++	GR_RLIM_SIGPENDING_BUMP = 5,
++	GR_RLIM_MSGQUEUE_BUMP = 10000,
++	GR_RLIM_NICE_BUMP = 1,
++	GR_RLIM_RTPRIO_BUMP = 1,
++	GR_RLIM_RTTIME_BUMP = 1000000
++};
++
++#endif
+diff -urNp linux-2.6.29.6/include/linux/grinternal.h linux-2.6.29.6/include/linux/grinternal.h
+--- linux-2.6.29.6/include/linux/grinternal.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/include/linux/grinternal.h	2009-07-23 17:34:32.188714513 -0400
+@@ -0,0 +1,211 @@
++#ifndef __GRINTERNAL_H
++#define __GRINTERNAL_H
++
++#ifdef CONFIG_GRKERNSEC
++
++#include <linux/fs.h>
++#include <linux/gracl.h>
++#include <linux/grdefs.h>
++#include <linux/grmsg.h>
++
++void gr_add_learn_entry(const char *fmt, ...)
++	__attribute__ ((format (printf, 1, 2)));
++__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
++			    const struct vfsmount *mnt);
++__u32 gr_check_create(const struct dentry *new_dentry,
++			     const struct dentry *parent,
++			     const struct vfsmount *mnt, const __u32 mode);
++int gr_check_protected_task(const struct task_struct *task);
++__u32 to_gr_audit(const __u32 reqmode);
++int gr_set_acls(const int type);
++
++int gr_acl_is_enabled(void);
++char gr_roletype_to_char(void);
++
++void gr_handle_alertkill(struct task_struct *task);
++char *gr_to_filename(const struct dentry *dentry,
++			    const struct vfsmount *mnt);
++char *gr_to_filename1(const struct dentry *dentry,
++			    const struct vfsmount *mnt);
++char *gr_to_filename2(const struct dentry *dentry,
++			    const struct vfsmount *mnt);
++char *gr_to_filename3(const struct dentry *dentry,
++			    const struct vfsmount *mnt);
++
++extern int grsec_enable_link;
++extern int grsec_enable_fifo;
++extern int grsec_enable_execve;
++extern int grsec_enable_shm;
++extern int grsec_enable_execlog;
++extern int grsec_enable_signal;
++extern int grsec_enable_forkfail;
++extern int grsec_enable_time;
++extern int grsec_enable_chroot_shmat;
++extern int grsec_enable_chroot_findtask;
++extern int grsec_enable_chroot_mount;
++extern int grsec_enable_chroot_double;
++extern int grsec_enable_chroot_pivot;
++extern int grsec_enable_chroot_chdir;
++extern int grsec_enable_chroot_chmod;
++extern int grsec_enable_chroot_mknod;
++extern int grsec_enable_chroot_fchdir;
++extern int grsec_enable_chroot_nice;
++extern int grsec_enable_chroot_execlog;
++extern int grsec_enable_chroot_caps;
++extern int grsec_enable_chroot_sysctl;
++extern int grsec_enable_chroot_unix;
++extern int grsec_enable_tpe;
++extern int grsec_tpe_gid;
++extern int grsec_enable_tpe_all;
++extern int grsec_enable_sidcaps;
++extern int grsec_enable_socket_all;
++extern int grsec_socket_all_gid;
++extern int grsec_enable_socket_client;
++extern int grsec_socket_client_gid;
++extern int grsec_enable_socket_server;
++extern int grsec_socket_server_gid;
++extern int grsec_audit_gid;
++extern int grsec_enable_group;
++extern int grsec_enable_audit_ipc;
++extern int grsec_enable_audit_textrel;
++extern int grsec_enable_mount;
++extern int grsec_enable_chdir;
++extern int grsec_resource_logging;
++extern int grsec_lock;
++
++extern spinlock_t grsec_alert_lock;
++extern unsigned long grsec_alert_wtime;
++extern unsigned long grsec_alert_fyet;
++
++extern spinlock_t grsec_audit_lock;
++
++extern rwlock_t grsec_exec_file_lock;
++
++#define gr_task_fullpath(tsk) (tsk->exec_file ? \
++			gr_to_filename2(tsk->exec_file->f_path.dentry, \
++			tsk->exec_file->f_vfsmnt) : "/")
++
++#define gr_parent_task_fullpath(tsk) (tsk->parent->exec_file ? \
++			gr_to_filename3(tsk->parent->exec_file->f_path.dentry, \
++			tsk->parent->exec_file->f_vfsmnt) : "/")
++
++#define gr_task_fullpath0(tsk) (tsk->exec_file ? \
++			gr_to_filename(tsk->exec_file->f_path.dentry, \
++			tsk->exec_file->f_vfsmnt) : "/")
++
++#define gr_parent_task_fullpath0(tsk) (tsk->parent->exec_file ? \
++			gr_to_filename1(tsk->parent->exec_file->f_path.dentry, \
++			tsk->parent->exec_file->f_vfsmnt) : "/")
++
++#define proc_is_chrooted(tsk_a)  ((tsk_a->pid > 1) && (tsk_a->fs != NULL) && \
++			  ((tsk_a->fs->root.dentry->d_inode->i_sb->s_dev != \
++			  tsk_a->nsproxy->pid_ns->child_reaper->fs->root.dentry->d_inode->i_sb->s_dev) || \
++			  (tsk_a->fs->root.dentry->d_inode->i_ino != \
++			  tsk_a->nsproxy->pid_ns->child_reaper->fs->root.dentry->d_inode->i_ino)))
++
++#define have_same_root(tsk_a,tsk_b) ((tsk_a->fs != NULL) && (tsk_b->fs != NULL) && \
++			  (tsk_a->fs->root.dentry->d_inode->i_sb->s_dev == \
++			  tsk_b->fs->root.dentry->d_inode->i_sb->s_dev) && \
++			  (tsk_a->fs->root.dentry->d_inode->i_ino == \
++			  tsk_b->fs->root.dentry->d_inode->i_ino))
++
++#define DEFAULTSECARGS(task, cred, pcred) gr_task_fullpath(task), task->comm, \
++		       task->pid, cred->uid, \
++		       cred->euid, cred->gid, cred->egid, \
++		       gr_parent_task_fullpath(task), \
++		       task->parent->comm, task->parent->pid, \
++		       pcred->uid, pcred->euid, \
++		       pcred->gid, pcred->egid
++
++#define GR_CHROOT_CAPS {{ \
++	CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
++	CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
++	CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
++	CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
++	CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
++	CAP_TO_MASK(CAP_IPC_OWNER) , 0 }}
++
++#define security_learn(normal_msg,args...) \
++({ \
++	read_lock(&grsec_exec_file_lock); \
++	gr_add_learn_entry(normal_msg "\n", ## args); \
++	read_unlock(&grsec_exec_file_lock); \
++})
++
++enum {
++	GR_DO_AUDIT,
++	GR_DONT_AUDIT,
++	GR_DONT_AUDIT_GOOD
++};
++
++enum {
++	GR_TTYSNIFF,
++	GR_RBAC,
++	GR_RBAC_STR,
++	GR_STR_RBAC,
++	GR_RBAC_MODE2,
++	GR_RBAC_MODE3,
++	GR_FILENAME,
++	GR_SYSCTL_HIDDEN,
++	GR_NOARGS,
++	GR_ONE_INT,
++	GR_ONE_INT_TWO_STR,
++	GR_ONE_STR,
++	GR_STR_INT,
++	GR_TWO_INT,
++	GR_THREE_INT,
++	GR_FIVE_INT_TWO_STR,
++	GR_TWO_STR,
++	GR_THREE_STR,
++	GR_FOUR_STR,
++	GR_STR_FILENAME,
++	GR_FILENAME_STR,
++	GR_FILENAME_TWO_INT,
++	GR_FILENAME_TWO_INT_STR,
++	GR_TEXTREL,
++	GR_PTRACE,
++	GR_RESOURCE,
++	GR_CAP,
++	GR_SIG,
++	GR_CRASH1,
++	GR_CRASH2,
++	GR_PSACCT
++};
++
++#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
++#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
++#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
++#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
++#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
++#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
++#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
++#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
++#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
++#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
++#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
++#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
++#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
++#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
++#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
++#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
++#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
++#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
++#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
++#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
++#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
++#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
++#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
++#define gr_log_textrel_ulong_ulong(audit, msg, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, file, ulong1, ulong2)
++#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
++#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
++#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
++#define gr_log_sig(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG, task, num)
++#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
++#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
++#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
++
++void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
++
++#endif
++
++#endif
+diff -urNp linux-2.6.29.6/include/linux/grmsg.h linux-2.6.29.6/include/linux/grmsg.h
+--- linux-2.6.29.6/include/linux/grmsg.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/include/linux/grmsg.h	2009-07-23 17:34:32.188714513 -0400
+@@ -0,0 +1,108 @@
++#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
++#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%u.%u.%u.%u TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
++#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
++#define GR_STOPMOD_MSG "denied modification of module state by "
++#define GR_IOPERM_MSG "denied use of ioperm() by "
++#define GR_IOPL_MSG "denied use of iopl() by "
++#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
++#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
++#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
++#define GR_KMEM_MSG "denied write of /dev/kmem by "
++#define GR_PORT_OPEN_MSG "denied open of /dev/port by "
++#define GR_MEM_WRITE_MSG "denied write of /dev/mem by "
++#define GR_MEM_MMAP_MSG "denied mmap write of /dev/[k]mem by "
++#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
++#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%u.%u.%u.%u"
++#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%u.%u.%u.%u"
++#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
++#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
++#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
++#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
++#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
++#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
++#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
++#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%u.%u.%u.%u %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
++#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
++#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
++#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
++#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
++#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
++#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
++#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
++#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
++#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
++#define GR_NPROC_MSG "denied overstep of process limit by "
++#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
++#define GR_EXEC_TPE_MSG "denied untrusted exec of %.950s by "
++#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
++#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
++#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
++#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
++#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
++#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
++#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
++#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
++#define GR_FCHMOD_ACL_MSG "%s fchmod of %.950s by "
++#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
++#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
++#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
++#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
++#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
++#define GR_INITF_ACL_MSG "init_variables() failed %s by "
++#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
++#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbaged by "
++#define GR_SHUTS_ACL_MSG "shutdown auth success for "
++#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
++#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
++#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
++#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
++#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
++#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
++#define GR_ENABLEF_ACL_MSG "unable to load %s for "
++#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
++#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
++#define GR_RELOADF_ACL_MSG "failed reload of %s for "
++#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
++#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
++#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
++#define GR_SPROLEF_ACL_MSG "special role %s failure for "
++#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
++#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
++#define GR_UNSPROLEF_ACL_MSG "special role unauth of %s failure for "
++#define GR_INVMODE_ACL_MSG "invalid mode %d by "
++#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
++#define GR_FAILFORK_MSG "failed fork with errno %d by "
++#define GR_NICE_CHROOT_MSG "denied priority change by "
++#define GR_UNISIGLOG_MSG "signal %d sent to "
++#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
++#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
++#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
++#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
++#define GR_TIME_MSG "time set by "
++#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
++#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
++#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
++#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
++#define GR_SOCK2_MSG "denied socket(%d,%.16s,%.16s) by "
++#define GR_BIND_MSG "denied bind() by "
++#define GR_CONNECT_MSG "denied connect() by "
++#define GR_BIND_ACL_MSG "denied bind() to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by "
++#define GR_CONNECT_ACL_MSG "denied connect() to %u.%u.%u.%u port %u sock type %.16s protocol %.16s by "
++#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%u.%u.%u.%u\t%u\t%u\t%u\t%u\t%u.%u.%u.%u"
++#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
++#define GR_CAP_ACL_MSG "use of %s denied for "
++#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
++#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
++#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
++#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
++#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
++#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
++#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
++#define GR_MSGQ_AUDIT_MSG "message queue created by "
++#define GR_MSGQR_AUDIT_MSG "message queue of uid:%u euid:%u removed by "
++#define GR_SEM_AUDIT_MSG "semaphore created by "
++#define GR_SEMR_AUDIT_MSG "semaphore of uid:%u euid:%u removed by "
++#define GR_SHM_AUDIT_MSG "shared memory of size %d created by "
++#define GR_SHMR_AUDIT_MSG "shared memory of uid:%u euid:%u removed by "
++#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
++#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
+diff -urNp linux-2.6.29.6/include/linux/grsecurity.h linux-2.6.29.6/include/linux/grsecurity.h
+--- linux-2.6.29.6/include/linux/grsecurity.h	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/include/linux/grsecurity.h	2009-07-23 17:34:32.189932774 -0400
+@@ -0,0 +1,201 @@
++#ifndef GR_SECURITY_H
++#define GR_SECURITY_H
++#include <linux/fs.h>
++#include <linux/binfmts.h>
++#include <linux/gracl.h>
++
++/* notify of brain-dead configs */
++#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
++#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
++#endif
++#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
++#error "CONFIG_PAX_NOEXEC enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
++#endif
++#if defined(CONFIG_PAX_ASLR) && (defined(CONFIG_PAX_RANDMMAP) || defined(CONFIG_PAX_RANDUSTACK)) && !defined(CONFIG_PAX_EI_PAX) && !defined(CONFIG_PAX_PT_PAX_FLAGS)
++#error "CONFIG_PAX_ASLR enabled, but neither CONFIG_PAX_EI_PAX nor CONFIG_PAX_PT_PAX_FLAGS are enabled."
++#endif
++#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
++#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
++#endif
++#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
++#error "CONFIG_PAX enabled, but no PaX options are enabled."
++#endif
++
++void gr_handle_brute_attach(struct task_struct *p);
++void gr_handle_brute_check(void);
++
++char gr_roletype_to_char(void);
++
++int gr_check_user_change(int real, int effective, int fs);
++int gr_check_group_change(int real, int effective, int fs);
++
++void gr_del_task_from_ip_table(struct task_struct *p);
++
++int gr_pid_is_chrooted(struct task_struct *p);
++int gr_handle_chroot_nice(void);
++int gr_handle_chroot_sysctl(const int op);
++int gr_handle_chroot_setpriority(struct task_struct *p,
++					const int niceval);
++int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
++int gr_handle_chroot_chroot(const struct dentry *dentry,
++				   const struct vfsmount *mnt);
++int gr_handle_chroot_caps(struct path *path);
++void gr_handle_chroot_chdir(struct path *path);
++int gr_handle_chroot_chmod(const struct dentry *dentry,
++				  const struct vfsmount *mnt, const int mode);
++int gr_handle_chroot_mknod(const struct dentry *dentry,
++				  const struct vfsmount *mnt, const int mode);
++int gr_handle_chroot_mount(const struct dentry *dentry,
++				  const struct vfsmount *mnt,
++				  const char *dev_name);
++int gr_handle_chroot_pivot(void);
++int gr_handle_chroot_unix(const pid_t pid);
++
++int gr_handle_rawio(const struct inode *inode);
++int gr_handle_nproc(void);
++
++void gr_handle_ioperm(void);
++void gr_handle_iopl(void);
++
++int gr_tpe_allow(const struct file *file);
++
++int gr_random_pid(void);
++
++void gr_log_forkfail(const int retval);
++void gr_log_timechange(void);
++void gr_log_signal(const int sig, const struct task_struct *t);
++void gr_log_chdir(const struct dentry *dentry,
++			 const struct vfsmount *mnt);
++void gr_log_chroot_exec(const struct dentry *dentry,
++			       const struct vfsmount *mnt);
++void gr_handle_exec_args(struct linux_binprm *bprm, char **argv);
++void gr_log_remount(const char *devname, const int retval);
++void gr_log_unmount(const char *devname, const int retval);
++void gr_log_mount(const char *from, const char *to, const int retval);
++void gr_log_msgget(const int ret, const int msgflg);
++void gr_log_msgrm(const uid_t uid, const uid_t cuid);
++void gr_log_semget(const int err, const int semflg);
++void gr_log_semrm(const uid_t uid, const uid_t cuid);
++void gr_log_shmget(const int err, const int shmflg, const size_t size);
++void gr_log_shmrm(const uid_t uid, const uid_t cuid);
++void gr_log_textrel(struct vm_area_struct *vma);
++
++int gr_handle_follow_link(const struct inode *parent,
++				 const struct inode *inode,
++				 const struct dentry *dentry,
++				 const struct vfsmount *mnt);
++int gr_handle_fifo(const struct dentry *dentry,
++			  const struct vfsmount *mnt,
++			  const struct dentry *dir, const int flag,
++			  const int acc_mode);
++int gr_handle_hardlink(const struct dentry *dentry,
++			      const struct vfsmount *mnt,
++			      struct inode *inode,
++			      const int mode, const char *to);
++
++int gr_is_capable(const int cap);
++int gr_is_capable_nolog(const int cap);
++void gr_learn_resource(const struct task_struct *task, const int limit,
++			      const unsigned long wanted, const int gt);
++void gr_copy_label(struct task_struct *tsk);
++void gr_handle_crash(struct task_struct *task, const int sig);
++int gr_handle_signal(const struct task_struct *p, const int sig);
++int gr_check_crash_uid(const uid_t uid);
++int gr_check_protected_task(const struct task_struct *task);
++int gr_acl_handle_mmap(const struct file *file,
++			      const unsigned long prot);
++int gr_acl_handle_mprotect(const struct file *file,
++				  const unsigned long prot);
++int gr_check_hidden_task(const struct task_struct *tsk);
++__u32 gr_acl_handle_truncate(const struct dentry *dentry,
++				    const struct vfsmount *mnt);
++__u32 gr_acl_handle_utime(const struct dentry *dentry,
++				 const struct vfsmount *mnt);
++__u32 gr_acl_handle_access(const struct dentry *dentry,
++				  const struct vfsmount *mnt, const int fmode);
++__u32 gr_acl_handle_fchmod(const struct dentry *dentry,
++				  const struct vfsmount *mnt, mode_t mode);
++__u32 gr_acl_handle_chmod(const struct dentry *dentry,
++				 const struct vfsmount *mnt, mode_t mode);
++__u32 gr_acl_handle_chown(const struct dentry *dentry,
++				 const struct vfsmount *mnt);
++int gr_handle_ptrace(struct task_struct *task, const long request);
++int gr_handle_proc_ptrace(struct task_struct *task);
++__u32 gr_acl_handle_execve(const struct dentry *dentry,
++				  const struct vfsmount *mnt);
++int gr_check_crash_exec(const struct file *filp);
++int gr_acl_is_enabled(void);
++void gr_set_kernel_label(struct task_struct *task);
++void gr_set_role_label(struct task_struct *task, const uid_t uid,
++			      const gid_t gid);
++int gr_set_proc_label(const struct dentry *dentry,
++			const struct vfsmount *mnt,
++			const int unsafe_share);
++__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
++				const struct vfsmount *mnt);
++__u32 gr_acl_handle_open(const struct dentry *dentry,
++				const struct vfsmount *mnt, const int fmode);
++__u32 gr_acl_handle_creat(const struct dentry *dentry,
++				 const struct dentry *p_dentry,
++				 const struct vfsmount *p_mnt, const int fmode,
++				 const int imode);
++void gr_handle_create(const struct dentry *dentry,
++			     const struct vfsmount *mnt);
++__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
++				 const struct dentry *parent_dentry,
++				 const struct vfsmount *parent_mnt,
++				 const int mode);
++__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
++				 const struct dentry *parent_dentry,
++				 const struct vfsmount *parent_mnt);
++__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
++				 const struct vfsmount *mnt);
++void gr_handle_delete(const ino_t ino, const dev_t dev);
++__u32 gr_acl_handle_unlink(const struct dentry *dentry,
++				  const struct vfsmount *mnt);
++__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
++				   const struct dentry *parent_dentry,
++				   const struct vfsmount *parent_mnt,
++				   const char *from);
++__u32 gr_acl_handle_link(const struct dentry *new_dentry,
++				const struct dentry *parent_dentry,
++				const struct vfsmount *parent_mnt,
++				const struct dentry *old_dentry,
++				const struct vfsmount *old_mnt, const char *to);
++int gr_acl_handle_rename(struct dentry *new_dentry,
++				struct dentry *parent_dentry,
++				const struct vfsmount *parent_mnt,
++				struct dentry *old_dentry,
++				struct inode *old_parent_inode,
++				struct vfsmount *old_mnt, const char *newname);
++void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
++				struct dentry *old_dentry,
++				struct dentry *new_dentry,
++				struct vfsmount *mnt, const __u8 replace);
++__u32 gr_check_link(const struct dentry *new_dentry,
++			   const struct dentry *parent_dentry,
++			   const struct vfsmount *parent_mnt,
++			   const struct dentry *old_dentry,
++			   const struct vfsmount *old_mnt);
++int gr_acl_handle_filldir(const struct file *file, const char *name,
++				 const unsigned int namelen, const ino_t ino);
++
++__u32 gr_acl_handle_unix(const struct dentry *dentry,
++				const struct vfsmount *mnt);
++void gr_acl_handle_exit(void);
++void gr_acl_handle_psacct(struct task_struct *task, const long code);
++int gr_acl_handle_procpidmem(const struct task_struct *task);
++
++#ifdef CONFIG_GRKERNSEC
++void gr_handle_mem_write(void);
++void gr_handle_kmem_write(void);
++void gr_handle_open_port(void);
++int gr_handle_mem_mmap(const unsigned long offset,
++			      struct vm_area_struct *vma);
++
++extern int grsec_enable_dmesg;
++extern int grsec_enable_randsrc;
++extern int grsec_enable_shm;
++#endif
++
++#endif
+diff -urNp linux-2.6.29.6/include/linux/highmem.h linux-2.6.29.6/include/linux/highmem.h
+--- linux-2.6.29.6/include/linux/highmem.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/highmem.h	2009-07-23 17:34:32.189932774 -0400
+@@ -124,6 +124,18 @@ static inline void clear_highpage(struct
+ 	kunmap_atomic(kaddr, KM_USER0);
+ }
+ 
++static inline void sanitize_highpage(struct page *page)
++{
++	void *kaddr;
++	unsigned long flags;
++
++	local_irq_save(flags);
++	kaddr = kmap_atomic(page, KM_CLEARPAGE);
++	clear_page(kaddr);
++	kunmap_atomic(kaddr, KM_CLEARPAGE);
++	local_irq_restore(flags);
++}
++
+ static inline void zero_user_segments(struct page *page,
+ 	unsigned start1, unsigned end1,
+ 	unsigned start2, unsigned end2)
+diff -urNp linux-2.6.29.6/include/linux/hugetlb.h linux-2.6.29.6/include/linux/hugetlb.h
+--- linux-2.6.29.6/include/linux/hugetlb.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/hugetlb.h	2009-07-23 18:40:28.693352210 -0400
+@@ -138,7 +138,7 @@ static inline struct hugetlbfs_sb_info *
+ }
+ 
+ extern const struct file_operations hugetlbfs_file_operations;
+-extern struct vm_operations_struct hugetlb_vm_ops;
++extern const struct vm_operations_struct hugetlb_vm_ops;
+ struct file *hugetlb_file_setup(const char *name, size_t, int);
+ int hugetlb_get_quota(struct address_space *mapping, long delta);
+ void hugetlb_put_quota(struct address_space *mapping, long delta);
+diff -urNp linux-2.6.29.6/include/linux/jbd2.h linux-2.6.29.6/include/linux/jbd2.h
+--- linux-2.6.29.6/include/linux/jbd2.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/jbd2.h	2009-07-23 17:34:32.189932774 -0400
+@@ -66,7 +66,7 @@ extern u8 jbd2_journal_enable_debug;
+ 		}							\
+ 	} while (0)
+ #else
+-#define jbd_debug(f, a...)	/**/
++#define jbd_debug(f, a...)	do {} while (0)
+ #endif
+ 
+ static inline void *jbd2_alloc(size_t size, gfp_t flags)
+diff -urNp linux-2.6.29.6/include/linux/jbd.h linux-2.6.29.6/include/linux/jbd.h
+--- linux-2.6.29.6/include/linux/jbd.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/jbd.h	2009-07-23 17:34:32.189932774 -0400
+@@ -66,7 +66,7 @@ extern u8 journal_enable_debug;
+ 		}							\
+ 	} while (0)
+ #else
+-#define jbd_debug(f, a...)	/**/
++#define jbd_debug(f, a...)	do {} while (0)
+ #endif
+ 
+ static inline void *jbd_alloc(size_t size, gfp_t flags)
+diff -urNp linux-2.6.29.6/include/linux/kvm_host.h linux-2.6.29.6/include/linux/kvm_host.h
+--- linux-2.6.29.6/include/linux/kvm_host.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/kvm_host.h	2009-07-23 17:34:32.189932774 -0400
+@@ -155,7 +155,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vc
+ void vcpu_load(struct kvm_vcpu *vcpu);
+ void vcpu_put(struct kvm_vcpu *vcpu);
+ 
+-int kvm_init(void *opaque, unsigned int vcpu_size,
++int kvm_init(const void *opaque, unsigned int vcpu_size,
+ 		  struct module *module);
+ void kvm_exit(void);
+ 
+@@ -263,7 +263,7 @@ int kvm_arch_vcpu_ioctl_debug_guest(stru
+ 				    struct kvm_debug_guest *dbg);
+ int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
+ 
+-int kvm_arch_init(void *opaque);
++int kvm_arch_init(const void *opaque);
+ void kvm_arch_exit(void);
+ 
+ int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu);
+diff -urNp linux-2.6.29.6/include/linux/libata.h linux-2.6.29.6/include/linux/libata.h
+--- linux-2.6.29.6/include/linux/libata.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/libata.h	2009-07-23 17:34:32.190921738 -0400
+@@ -64,11 +64,11 @@
+ #ifdef ATA_VERBOSE_DEBUG
+ #define VPRINTK(fmt, args...) printk(KERN_ERR "%s: " fmt, __func__, ## args)
+ #else
+-#define VPRINTK(fmt, args...)
++#define VPRINTK(fmt, args...) do {} while (0)
+ #endif	/* ATA_VERBOSE_DEBUG */
+ #else
+-#define DPRINTK(fmt, args...)
+-#define VPRINTK(fmt, args...)
++#define DPRINTK(fmt, args...) do {} while (0)
++#define VPRINTK(fmt, args...) do {} while (0)
+ #endif	/* ATA_DEBUG */
+ 
+ #define BPRINTK(fmt, args...) if (ap->flags & ATA_FLAG_DEBUGMSG) printk(KERN_ERR "%s: " fmt, __func__, ## args)
+diff -urNp linux-2.6.29.6/include/linux/mm.h linux-2.6.29.6/include/linux/mm.h
+--- linux-2.6.29.6/include/linux/mm.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/mm.h	2009-07-23 17:34:32.190921738 -0400
+@@ -39,6 +39,7 @@ extern unsigned long mmap_min_addr;
+ #include <asm/page.h>
+ #include <asm/pgtable.h>
+ #include <asm/processor.h>
++#include <asm/mman.h>
+ 
+ #define nth_page(page,n) pfn_to_page(page_to_pfn((page)) + (n))
+ 
+@@ -105,6 +106,10 @@ extern unsigned int kobjsize(const void 
+ #define VM_MIXEDMAP	0x10000000	/* Can contain "struct page" and pure PFN pages */
+ #define VM_SAO		0x20000000	/* Strong Access Ordering (powerpc) */
+ 
++#ifdef CONFIG_PAX_PAGEEXEC
++#define VM_PAGEEXEC	0x40000000	/* vma->vm_page_prot needs special handling */
++#endif
++
+ #ifndef VM_STACK_DEFAULT_FLAGS		/* arch can override this */
+ #define VM_STACK_DEFAULT_FLAGS VM_DATA_DEFAULT_FLAGS
+ #endif
+@@ -899,6 +904,8 @@ struct shrinker {
+ extern void register_shrinker(struct shrinker *);
+ extern void unregister_shrinker(struct shrinker *);
+ 
++pgprot_t vm_get_page_prot(unsigned long vm_flags);
++
+ int vma_wants_writenotify(struct vm_area_struct *vma);
+ 
+ extern pte_t *get_locked_pte(struct mm_struct *mm, unsigned long addr, spinlock_t **ptl);
+@@ -1170,6 +1177,7 @@ out:
+ }
+ 
+ extern int do_munmap(struct mm_struct *, unsigned long, size_t);
++extern int __do_munmap(struct mm_struct *, unsigned long, size_t);
+ 
+ extern unsigned long do_brk(unsigned long, unsigned long);
+ 
+@@ -1223,6 +1231,10 @@ extern struct vm_area_struct * find_vma(
+ extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
+ 					     struct vm_area_struct **pprev);
+ 
++extern struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma);
++extern void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma);
++extern void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl);
++
+ /* Look up the first VMA which intersects the interval start_addr..end_addr-1,
+    NULL if none.  Assume start_addr < end_addr. */
+ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
+@@ -1239,7 +1251,6 @@ static inline unsigned long vma_pages(st
+ 	return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT;
+ }
+ 
+-pgprot_t vm_get_page_prot(unsigned long vm_flags);
+ struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr);
+ int remap_pfn_range(struct vm_area_struct *, unsigned long addr,
+ 			unsigned long pfn, unsigned long size, pgprot_t);
+@@ -1331,5 +1342,12 @@ void vmemmap_populate_print_last(void);
+ extern void *alloc_locked_buffer(size_t size);
+ extern void free_locked_buffer(void *buffer, size_t size);
+ extern void release_locked_buffer(void *buffer, size_t size);
++
++#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
++extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
++#else
++static inline void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot) {}
++#endif
++
+ #endif /* __KERNEL__ */
+ #endif /* _LINUX_MM_H */
+diff -urNp linux-2.6.29.6/include/linux/mm_types.h linux-2.6.29.6/include/linux/mm_types.h
+--- linux-2.6.29.6/include/linux/mm_types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/mm_types.h	2009-07-23 18:40:27.472293076 -0400
+@@ -159,7 +159,7 @@ struct vm_area_struct {
+ 	struct anon_vma *anon_vma;	/* Serialized by page_table_lock */
+ 
+ 	/* Function pointers to deal with this struct. */
+-	struct vm_operations_struct * vm_ops;
++	const struct vm_operations_struct * vm_ops;
+ 
+ 	/* Information about our backing store: */
+ 	unsigned long vm_pgoff;		/* Offset (within vm_file) in PAGE_SIZE
+@@ -174,6 +174,8 @@ struct vm_area_struct {
+ #ifdef CONFIG_NUMA
+ 	struct mempolicy *vm_policy;	/* NUMA policy for the VMA */
+ #endif
++
++	struct vm_area_struct *vm_mirror;/* PaX: mirror vma or NULL */
+ };
+ 
+ struct core_thread {
+@@ -274,6 +276,24 @@ struct mm_struct {
+ #ifdef CONFIG_MMU_NOTIFIER
+ 	struct mmu_notifier_mm *mmu_notifier_mm;
+ #endif
++
++#if defined(CONFIG_PAX_EI_PAX) || defined(CONFIG_PAX_PT_PAX_FLAGS) || defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++	unsigned long pax_flags;
++#endif
++
++#ifdef CONFIG_PAX_DLRESOLVE
++	unsigned long call_dl_resolve;
++#endif
++
++#if defined(CONFIG_PPC32) && defined(CONFIG_PAX_EMUSIGRT)
++	unsigned long call_syscall;
++#endif
++
++#ifdef CONFIG_PAX_ASLR
++	unsigned long delta_mmap;		/* randomized offset */
++	unsigned long delta_stack;		/* randomized offset */
++#endif
++
+ };
+ 
+ /* Future-safe accessor for struct mm_struct's cpu_vm_mask. */
+diff -urNp linux-2.6.29.6/include/linux/module.h linux-2.6.29.6/include/linux/module.h
+--- linux-2.6.29.6/include/linux/module.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/module.h	2009-07-23 17:34:32.191875265 -0400
+@@ -278,16 +278,16 @@ struct module
+ 	int (*init)(void);
+ 
+ 	/* If this is non-NULL, vfree after init() returns */
+-	void *module_init;
++	void *module_init_rx, *module_init_rw;
+ 
+ 	/* Here is the actual code + data, vfree'd on unload. */
+-	void *module_core;
++	void *module_core_rx, *module_core_rw;
+ 
+ 	/* Here are the sizes of the init and core sections */
+-	unsigned int init_size, core_size;
++	unsigned int init_size_rw, core_size_rw;
+ 
+ 	/* The size of the executable code in each section.  */
+-	unsigned int init_text_size, core_text_size;
++	unsigned int init_size_rx, core_size_rx;
+ 
+ 	/* Arch-specific module values */
+ 	struct mod_arch_specific arch;
+@@ -363,16 +363,46 @@ struct module *module_text_address(unsig
+ struct module *__module_text_address(unsigned long addr);
+ int is_module_address(unsigned long addr);
+ 
++static inline int within_module_range(unsigned long addr, void *start, unsigned long size)
++{
++
++#ifdef CONFIG_PAX_KERNEXEC
++	if (ktla_ktva(addr) >= (unsigned long)start &&
++	    ktla_ktva(addr) < (unsigned long)start + size)
++		return 1;
++#endif
++
++	return ((void *)addr >= start && (void *)addr < start + size);
++}
++
++static inline int within_module_core_rx(unsigned long addr, struct module *mod)
++{
++	return within_module_range(addr, mod->module_core_rx, mod->core_size_rx);
++}
++
++static inline int within_module_core_rw(unsigned long addr, struct module *mod)
++{
++	return within_module_range(addr, mod->module_core_rw, mod->core_size_rw);
++}
++
++static inline int within_module_init_rx(unsigned long addr, struct module *mod)
++{
++	return within_module_range(addr, mod->module_init_rx, mod->init_size_rx);
++}
++
++static inline int within_module_init_rw(unsigned long addr, struct module *mod)
++{
++	return within_module_range(addr, mod->module_init_rw, mod->init_size_rw);
++}
++
+ static inline int within_module_core(unsigned long addr, struct module *mod)
+ {
+-	return (unsigned long)mod->module_core <= addr &&
+-	       addr < (unsigned long)mod->module_core + mod->core_size;
++	return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod);
+ }
+ 
+ static inline int within_module_init(unsigned long addr, struct module *mod)
+ {
+-	return (unsigned long)mod->module_init <= addr &&
+-	       addr < (unsigned long)mod->module_init + mod->init_size;
++	return within_module_init_rx(addr, mod) || within_module_init_rw(addr, mod);
+ }
+ 
+ /* Returns 0 and fills in value, defined and namebuf, or -ERANGE if
+@@ -396,7 +426,11 @@ void symbol_put_addr(void *addr);
+ static inline local_t *__module_ref_addr(struct module *mod, int cpu)
+ {
+ #ifdef CONFIG_SMP
++#ifdef CONFIG_X86_32
++	return (local_t *) (mod->refptr + __per_cpu_offset[cpu]);
++#else
+ 	return (local_t *) (mod->refptr + per_cpu_offset(cpu));
++#endif
+ #else
+ 	return &mod->ref;
+ #endif
+diff -urNp linux-2.6.29.6/include/linux/moduleloader.h linux-2.6.29.6/include/linux/moduleloader.h
+--- linux-2.6.29.6/include/linux/moduleloader.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/moduleloader.h	2009-07-23 17:34:32.192794045 -0400
+@@ -20,9 +20,21 @@ unsigned int arch_mod_section_prepend(st
+    sections.  Returns NULL on failure. */
+ void *module_alloc(unsigned long size);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++void *module_alloc_exec(unsigned long size);
++#else
++#define module_alloc_exec(x) module_alloc(x)
++#endif
++
+ /* Free memory returned from module_alloc. */
+ void module_free(struct module *mod, void *module_region);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++void module_free_exec(struct module *mod, void *module_region);
++#else
++#define module_free_exec(x, y) module_free(x, y)
++#endif
++
+ /* Apply the given relocation to the (simplified) ELF.  Return -error
+    or 0. */
+ int apply_relocate(Elf_Shdr *sechdrs,
+diff -urNp linux-2.6.29.6/include/linux/namei.h linux-2.6.29.6/include/linux/namei.h
+--- linux-2.6.29.6/include/linux/namei.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/namei.h	2009-07-23 17:34:32.192794045 -0400
+@@ -21,7 +21,7 @@ struct nameidata {
+ 	unsigned int	flags;
+ 	int		last_type;
+ 	unsigned	depth;
+-	char *saved_names[MAX_NESTED_LINKS + 1];
++	const char *saved_names[MAX_NESTED_LINKS + 1];
+ 
+ 	/* Intent data */
+ 	union {
+@@ -84,12 +84,12 @@ extern int follow_up(struct vfsmount **,
+ extern struct dentry *lock_rename(struct dentry *, struct dentry *);
+ extern void unlock_rename(struct dentry *, struct dentry *);
+ 
+-static inline void nd_set_link(struct nameidata *nd, char *path)
++static inline void nd_set_link(struct nameidata *nd, const char *path)
+ {
+ 	nd->saved_names[nd->depth] = path;
+ }
+ 
+-static inline char *nd_get_link(struct nameidata *nd)
++static inline const char *nd_get_link(struct nameidata *nd)
+ {
+ 	return nd->saved_names[nd->depth];
+ }
+diff -urNp linux-2.6.29.6/include/linux/nfsd/nfsd.h linux-2.6.29.6/include/linux/nfsd/nfsd.h
+--- linux-2.6.29.6/include/linux/nfsd/nfsd.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/nfsd/nfsd.h	2009-07-23 18:40:28.718303595 -0400
+@@ -56,7 +56,7 @@ extern struct svc_version	nfsd_version2,
+ extern struct mutex		nfsd_mutex;
+ extern struct svc_serv		*nfsd_serv;
+ 
+-extern struct seq_operations nfs_exports_op;
++extern const struct seq_operations nfs_exports_op;
+ 
+ /*
+  * Function prototypes.
+diff -urNp linux-2.6.29.6/include/linux/nfs_fs.h linux-2.6.29.6/include/linux/nfs_fs.h
+--- linux-2.6.29.6/include/linux/nfs_fs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/nfs_fs.h	2009-07-23 18:40:28.706582042 -0400
+@@ -415,7 +415,7 @@ extern const struct inode_operations nfs
+ extern const struct inode_operations nfs3_dir_inode_operations;
+ #endif /* CONFIG_NFS_V3 */
+ extern const struct file_operations nfs_dir_operations;
+-extern struct dentry_operations nfs_dentry_operations;
++extern const struct dentry_operations nfs_dentry_operations;
+ 
+ extern void nfs_force_lookup_revalidate(struct inode *dir);
+ extern int nfs_instantiate(struct dentry *dentry, struct nfs_fh *fh, struct nfs_fattr *fattr);
+diff -urNp linux-2.6.29.6/include/linux/nfs_xdr.h linux-2.6.29.6/include/linux/nfs_xdr.h
+--- linux-2.6.29.6/include/linux/nfs_xdr.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/nfs_xdr.h	2009-07-23 18:40:28.713831736 -0400
+@@ -785,7 +785,7 @@ struct nfs_access_entry;
+  */
+ struct nfs_rpc_ops {
+ 	u32	version;		/* Protocol version */
+-	struct dentry_operations *dentry_ops;
++	const struct dentry_operations *dentry_ops;
+ 	const struct inode_operations *dir_inode_ops;
+ 	const struct inode_operations *file_inode_ops;
+ 
+diff -urNp linux-2.6.29.6/include/linux/nodemask.h linux-2.6.29.6/include/linux/nodemask.h
+--- linux-2.6.29.6/include/linux/nodemask.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/nodemask.h	2009-07-23 17:34:32.192794045 -0400
+@@ -442,11 +442,11 @@ static inline int num_node_state(enum no
+ 
+ #define any_online_node(mask)			\
+ ({						\
+-	int node;				\
+-	for_each_node_mask(node, (mask))	\
+-		if (node_online(node))		\
++	int __node;				\
++	for_each_node_mask(__node, (mask))	\
++		if (node_online(__node))	\
+ 			break;			\
+-	node;					\
++	__node;					\
+ })
+ 
+ #define num_online_nodes()	num_node_state(N_ONLINE)
+diff -urNp linux-2.6.29.6/include/linux/oprofile.h linux-2.6.29.6/include/linux/oprofile.h
+--- linux-2.6.29.6/include/linux/oprofile.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/oprofile.h	2009-07-23 17:34:32.192794045 -0400
+@@ -128,7 +128,7 @@ int oprofilefs_create_ro_ulong(struct su
+  
+ /** Create a file for read-only access to an atomic_t. */
+ int oprofilefs_create_ro_atomic(struct super_block * sb, struct dentry * root,
+-	char const * name, atomic_t * val);
++	char const * name, atomic_unchecked_t * val);
+  
+ /** create a directory */
+ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
+diff -urNp linux-2.6.29.6/include/linux/percpu.h linux-2.6.29.6/include/linux/percpu.h
+--- linux-2.6.29.6/include/linux/percpu.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/percpu.h	2009-07-23 17:34:32.192794045 -0400
+@@ -50,7 +50,7 @@
+ #endif
+ 
+ #define PERCPU_ENOUGH_ROOM						\
+-	(__per_cpu_end - __per_cpu_start + PERCPU_MODULE_RESERVE)
++	((unsigned long)(__per_cpu_end - __per_cpu_start + PERCPU_MODULE_RESERVE))
+ #endif	/* PERCPU_ENOUGH_ROOM */
+ 
+ /*
+diff -urNp linux-2.6.29.6/include/linux/personality.h linux-2.6.29.6/include/linux/personality.h
+--- linux-2.6.29.6/include/linux/personality.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/personality.h	2009-07-23 17:34:32.192794045 -0400
+@@ -40,7 +40,7 @@ enum {
+  * Security-relevant compatibility flags that must be
+  * cleared upon setuid or setgid exec:
+  */
+-#define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE)
++#define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC|ADDR_NO_RANDOMIZE|ADDR_COMPAT_LAYOUT|MMAP_PAGE_ZERO)
+ 
+ /*
+  * Personality types.
+diff -urNp linux-2.6.29.6/include/linux/poison.h linux-2.6.29.6/include/linux/poison.h
+--- linux-2.6.29.6/include/linux/poison.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/poison.h	2009-07-23 17:34:32.193834517 -0400
+@@ -7,8 +7,8 @@
+  * under normal circumstances, used to verify that nobody uses
+  * non-initialized list entries.
+  */
+-#define LIST_POISON1  ((void *) 0x00100100)
+-#define LIST_POISON2  ((void *) 0x00200200)
++#define LIST_POISON1  ((void *) 0xFF1001FFFF1001FFULL)
++#define LIST_POISON2  ((void *) 0xFF2002FFFF2002FFULL)
+ 
+ /********** include/linux/timer.h **********/
+ /*
+diff -urNp linux-2.6.29.6/include/linux/proc_fs.h linux-2.6.29.6/include/linux/proc_fs.h
+--- linux-2.6.29.6/include/linux/proc_fs.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/proc_fs.h	2009-07-23 17:34:32.193834517 -0400
+@@ -174,6 +174,19 @@ static inline struct proc_dir_entry *pro
+ 	return proc_create_data(name, mode, parent, proc_fops, NULL);
+ }
+ 
++static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode,
++	struct proc_dir_entry *parent, const struct file_operations *proc_fops)
++{
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	return proc_create_data(name, S_IRUSR, parent, proc_fops, NULL);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	return proc_create_data(name, S_IRUSR | S_IRGRP, parent, proc_fops, NULL);
++#else
++	return proc_create_data(name, mode, parent, proc_fops, NULL);
++#endif
++}
++	
++
+ static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
+ 	mode_t mode, struct proc_dir_entry *base, 
+ 	read_proc_t *read_proc, void * data)
+diff -urNp linux-2.6.29.6/include/linux/raid/md_k.h linux-2.6.29.6/include/linux/raid/md_k.h
+--- linux-2.6.29.6/include/linux/raid/md_k.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/raid/md_k.h	2009-07-23 17:34:32.193834517 -0400
+@@ -293,7 +293,7 @@ static inline void rdev_dec_pending(mdk_
+ 
+ static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors)
+ {
+-        atomic_add(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
++	atomic_add_unchecked(nr_sectors, &bdev->bd_contains->bd_disk->sync_io);
+ }
+ 
+ struct mdk_personality
+diff -urNp linux-2.6.29.6/include/linux/random.h linux-2.6.29.6/include/linux/random.h
+--- linux-2.6.29.6/include/linux/random.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/random.h	2009-07-23 17:34:32.193834517 -0400
+@@ -74,6 +74,11 @@ unsigned long randomize_range(unsigned l
+ u32 random32(void);
+ void srandom32(u32 seed);
+ 
++static inline unsigned long pax_get_random_long(void)
++{
++	return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0);
++}
++
+ #endif /* __KERNEL___ */
+ 
+ #endif /* _LINUX_RANDOM_H */
+diff -urNp linux-2.6.29.6/include/linux/reiserfs_fs_sb.h linux-2.6.29.6/include/linux/reiserfs_fs_sb.h
+--- linux-2.6.29.6/include/linux/reiserfs_fs_sb.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/reiserfs_fs_sb.h	2009-07-23 17:34:32.194808945 -0400
+@@ -374,7 +374,7 @@ struct reiserfs_sb_info {
+ 	/* Comment? -Hans */
+ 	wait_queue_head_t s_wait;
+ 	/* To be obsoleted soon by per buffer seals.. -Hans */
+-	atomic_t s_generation_counter;	// increased by one every time the
++	atomic_unchecked_t s_generation_counter;	// increased by one every time the
+ 	// tree gets re-balanced
+ 	unsigned long s_properties;	/* File system properties. Currently holds
+ 					   on-disk FS format */
+diff -urNp linux-2.6.29.6/include/linux/sched.h linux-2.6.29.6/include/linux/sched.h
+--- linux-2.6.29.6/include/linux/sched.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/sched.h	2009-07-23 17:34:32.195781799 -0400
+@@ -97,6 +97,7 @@ struct futex_pi_state;
+ struct robust_list_head;
+ struct bio;
+ struct bts_tracer;
++struct linux_binprm;
+ 
+ /*
+  * List of flags we want to share for kernel threads,
+@@ -606,6 +607,15 @@ struct signal_struct {
+ 	unsigned audit_tty;
+ 	struct tty_audit_buf *tty_audit_buf;
+ #endif
++
++#ifdef CONFIG_GRKERNSEC
++	u32 curr_ip;
++	u32 gr_saddr;
++	u32 gr_daddr;
++	u16 gr_sport;
++	u16 gr_dport;
++	u8 used_accept:1;
++#endif
+ };
+ 
+ /* Context switch must be unlocked if interrupts are to be enabled */
+@@ -1114,7 +1124,7 @@ struct sched_rt_entity {
+ 
+ struct task_struct {
+ 	volatile long state;	/* -1 unrunnable, 0 runnable, >0 stopped */
+-	void *stack;
++	struct thread_info *stack;
+ 	atomic_t usage;
+ 	unsigned int flags;	/* per process flags, defined below */
+ 	unsigned int ptrace;
+@@ -1179,10 +1189,9 @@ struct task_struct {
+ 	pid_t pid;
+ 	pid_t tgid;
+ 
+-#ifdef CONFIG_CC_STACKPROTECTOR
+ 	/* Canary value for the -fstack-protector gcc feature */
+ 	unsigned long stack_canary;
+-#endif
++
+ 	/* 
+ 	 * pointers to (original) parent process, youngest child, younger sibling,
+ 	 * older sibling, respectively.  (p->father can be replaced with 
+@@ -1223,8 +1232,8 @@ struct task_struct {
+ 	struct list_head thread_group;
+ 
+ 	struct completion *vfork_done;		/* for vfork() */
+-	int __user *set_child_tid;		/* CLONE_CHILD_SETTID */
+-	int __user *clear_child_tid;		/* CLONE_CHILD_CLEARTID */
++	pid_t __user *set_child_tid;		/* CLONE_CHILD_SETTID */
++	pid_t __user *clear_child_tid;		/* CLONE_CHILD_CLEARTID */
+ 
+ 	cputime_t utime, stime, utimescaled, stimescaled;
+ 	cputime_t gtime;
+@@ -1418,8 +1427,66 @@ struct task_struct {
+ 	/* state flags for use by tracers */
+ 	unsigned long trace;
+ #endif
++
++#ifdef CONFIG_GRKERNSEC
++	/* grsecurity */
++	struct acl_subject_label *acl;
++	struct acl_role_label *role;
++	struct file *exec_file;
++	u16 acl_role_id;
++	u8 acl_sp_role;
++	u8 is_writable;
++	u8 brute;
++#endif
++
+ };
+ 
++#define MF_PAX_PAGEEXEC		0x01000000	/* Paging based non-executable pages */
++#define MF_PAX_EMUTRAMP		0x02000000	/* Emulate trampolines */
++#define MF_PAX_MPROTECT		0x04000000	/* Restrict mprotect() */
++#define MF_PAX_RANDMMAP		0x08000000	/* Randomize mmap() base */
++/*#define MF_PAX_RANDEXEC		0x10000000*/	/* Randomize ET_EXEC base */
++#define MF_PAX_SEGMEXEC		0x20000000	/* Segmentation based non-executable pages */
++
++#ifdef CONFIG_PAX_SOFTMODE
++extern unsigned int pax_softmode;
++#endif
++
++extern int pax_check_flags(unsigned long *);
++
++/* if tsk != current then task_lock must be held on it */
++#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
++static inline unsigned long pax_get_flags(struct task_struct *tsk)
++{
++	if (likely(tsk->mm))
++		return tsk->mm->pax_flags;
++	else
++		return 0UL;
++}
++
++/* if tsk != current then task_lock must be held on it */
++static inline long pax_set_flags(struct task_struct *tsk, unsigned long flags)
++{
++	if (likely(tsk->mm)) {
++		tsk->mm->pax_flags = flags;
++		return 0;
++	}
++	return -EINVAL;
++}
++#endif
++
++#ifdef CONFIG_PAX_HAVE_ACL_FLAGS
++extern void pax_set_initial_flags(struct linux_binprm *bprm);
++#elif defined(CONFIG_PAX_HOOK_ACL_FLAGS)
++extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
++#endif
++
++void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
++void pax_report_insns(void *pc, void *sp);
++void pax_report_refcount_overflow(struct pt_regs *regs);
++void pax_report_leak_to_user(const void *ptr, unsigned long len);
++void pax_report_overflow_from_user(const void *ptr, unsigned long len);
++
+ /* Future-safe accessor for struct task_struct's cpus_allowed. */
+ #define tsk_cpumask(tsk) (&(tsk)->cpus_allowed)
+ 
+@@ -1961,7 +2028,7 @@ extern void __cleanup_sighand(struct sig
+ extern void exit_itimers(struct signal_struct *);
+ extern void flush_itimer_signals(void);
+ 
+-extern NORET_TYPE void do_group_exit(int);
++extern NORET_TYPE void do_group_exit(int) ATTRIB_NORET;
+ 
+ extern void daemonize(const char *, ...);
+ extern int allow_signal(int);
+@@ -2066,8 +2133,8 @@ static inline void unlock_task_sighand(s
+ 
+ #ifndef __HAVE_THREAD_FUNCTIONS
+ 
+-#define task_thread_info(task)	((struct thread_info *)(task)->stack)
+-#define task_stack_page(task)	((task)->stack)
++#define task_thread_info(task)	((task)->stack)
++#define task_stack_page(task)	((void *)(task)->stack)
+ 
+ static inline void setup_thread_stack(struct task_struct *p, struct task_struct *org)
+ {
+diff -urNp linux-2.6.29.6/include/linux/screen_info.h linux-2.6.29.6/include/linux/screen_info.h
+--- linux-2.6.29.6/include/linux/screen_info.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/screen_info.h	2009-07-23 17:34:32.195781799 -0400
+@@ -42,7 +42,8 @@ struct screen_info {
+ 	__u16 pages;		/* 0x32 */
+ 	__u16 vesa_attributes;	/* 0x34 */
+ 	__u32 capabilities;     /* 0x36 */
+-	__u8  _reserved[6];	/* 0x3a */
++	__u16 vesapm_size;	/* 0x3a */
++	__u8  _reserved[4];	/* 0x3c */
+ } __attribute__((packed));
+ 
+ #define VIDEO_TYPE_MDA		0x10	/* Monochrome Text Display	*/
+diff -urNp linux-2.6.29.6/include/linux/security.h linux-2.6.29.6/include/linux/security.h
+--- linux-2.6.29.6/include/linux/security.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/security.h	2009-07-23 17:34:32.196774213 -0400
+@@ -32,6 +32,7 @@
+ #include <linux/sched.h>
+ #include <linux/key.h>
+ #include <linux/xfrm.h>
++#include <linux/grsecurity.h>
+ #include <net/flow.h>
+ 
+ /* Maximum number of letters for an LSM name string */
+diff -urNp linux-2.6.29.6/include/linux/shm.h linux-2.6.29.6/include/linux/shm.h
+--- linux-2.6.29.6/include/linux/shm.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/shm.h	2009-07-23 17:34:32.196774213 -0400
+@@ -95,6 +95,10 @@ struct shmid_kernel /* private to the ke
+ 	pid_t			shm_cprid;
+ 	pid_t			shm_lprid;
+ 	struct user_struct	*mlock_user;
++#ifdef CONFIG_GRKERNSEC
++	time_t			shm_createtime;
++	pid_t			shm_lapid;
++#endif
+ };
+ 
+ /* shm_mode upper byte flags */
+diff -urNp linux-2.6.29.6/include/linux/slab.h linux-2.6.29.6/include/linux/slab.h
+--- linux-2.6.29.6/include/linux/slab.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/slab.h	2009-07-23 17:34:32.196774213 -0400
+@@ -73,10 +73,9 @@
+  * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
+  * Both make kfree a no-op.
+  */
+-#define ZERO_SIZE_PTR ((void *)16)
++#define ZERO_SIZE_PTR ((void *)-1024L)
+ 
+-#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) <= \
+-				(unsigned long)ZERO_SIZE_PTR)
++#define ZERO_OR_NULL_PTR(x) (!(x) || (x) == ZERO_SIZE_PTR)
+ 
+ /*
+  * struct kmem_cache related prototypes
+@@ -129,6 +128,7 @@ void * __must_check krealloc(const void 
+ void kfree(const void *);
+ void kzfree(const void *);
+ size_t ksize(const void *);
++void check_object_size(const void *ptr, unsigned long n, bool to);
+ 
+ /*
+  * Allocator specific definitions. These are mainly used to establish optimized
+@@ -317,4 +317,35 @@ static inline void *kzalloc_node(size_t 
+ 	return kmalloc_node(size, flags | __GFP_ZERO, node);
+ }
+ 
++#define kmalloc(x,y) \
++	({ \
++		void *___retval; \
++		intoverflow_t ___x = (intoverflow_t)x; \
++		if (likely(___x <= ULONG_MAX)) \
++			___retval = kmalloc((size_t)___x, y); \
++		else \
++			___retval = NULL; \
++		___retval; \
++	})
++#define kmalloc_node(x,y,z) \
++	({ \
++		void *___retval; \
++		intoverflow_t ___x = (intoverflow_t)x; \
++		if (likely(___x <= ULONG_MAX)) \
++			___retval = kmalloc_node((size_t)___x, y, z); \
++		else \
++			___retval = NULL; \
++		___retval; \
++	})
++#define kzalloc(x,y) \
++	({ \
++		void *___retval; \
++		intoverflow_t ___x = (intoverflow_t)x; \
++		if (likely(___x <= ULONG_MAX)) \
++			___retval = kzalloc((size_t)___x, y); \
++		else \
++			___retval = NULL; \
++		___retval; \
++	})
++
+ #endif	/* _LINUX_SLAB_H */
+diff -urNp linux-2.6.29.6/include/linux/slub_def.h linux-2.6.29.6/include/linux/slub_def.h
+--- linux-2.6.29.6/include/linux/slub_def.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/slub_def.h	2009-07-23 17:34:32.196774213 -0400
+@@ -85,7 +85,7 @@ struct kmem_cache {
+ 	struct kmem_cache_order_objects max;
+ 	struct kmem_cache_order_objects min;
+ 	gfp_t allocflags;	/* gfp flags to use on each alloc */
+-	int refcount;		/* Refcount for slab cache destroy */
++	atomic_t refcount;	/* Refcount for slab cache destroy */
+ 	void (*ctor)(void *);
+ 	int inuse;		/* Offset to metadata */
+ 	int align;		/* Alignment */
+diff -urNp linux-2.6.29.6/include/linux/sonet.h linux-2.6.29.6/include/linux/sonet.h
+--- linux-2.6.29.6/include/linux/sonet.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/sonet.h	2009-07-23 17:34:37.460011249 -0400
+@@ -61,7 +61,7 @@ struct sonet_stats {
+ #include <asm/atomic.h>
+ 
+ struct k_sonet_stats {
+-#define __HANDLE_ITEM(i) atomic_t i
++#define __HANDLE_ITEM(i) atomic_unchecked_t i
+ 	__SONET_ITEMS
+ #undef __HANDLE_ITEM
+ };
+diff -urNp linux-2.6.29.6/include/linux/sysctl.h linux-2.6.29.6/include/linux/sysctl.h
+--- linux-2.6.29.6/include/linux/sysctl.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/sysctl.h	2009-07-23 17:34:32.197772567 -0400
+@@ -165,7 +165,11 @@ enum
+ 	KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */
+ };
+ 
+-
++#ifdef CONFIG_PAX_SOFTMODE
++enum {
++	PAX_SOFTMODE=1		/* PaX: disable/enable soft mode */
++};
++#endif
+ 
+ /* CTL_VM names: */
+ enum
+diff -urNp linux-2.6.29.6/include/linux/thread_info.h linux-2.6.29.6/include/linux/thread_info.h
+--- linux-2.6.29.6/include/linux/thread_info.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/thread_info.h	2009-07-23 17:34:32.197772567 -0400
+@@ -23,7 +23,7 @@ struct restart_block {
+ 		};
+ 		/* For futex_wait */
+ 		struct {
+-			u32 *uaddr;
++			u32 __user *uaddr;
+ 			u32 val;
+ 			u32 flags;
+ 			u32 bitset;
+diff -urNp linux-2.6.29.6/include/linux/tty_ldisc.h linux-2.6.29.6/include/linux/tty_ldisc.h
+--- linux-2.6.29.6/include/linux/tty_ldisc.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/tty_ldisc.h	2009-07-23 17:34:32.197772567 -0400
+@@ -139,12 +139,12 @@ struct tty_ldisc_ops {
+ 
+ 	struct  module *owner;
+ 	
+-	int refcount;
++	atomic_t refcount;
+ };
+ 
+ struct tty_ldisc {
+ 	struct tty_ldisc_ops *ops;
+-	int refcount;
++	atomic_t refcount;
+ };
+ 
+ #define TTY_LDISC_MAGIC	0x5403
+diff -urNp linux-2.6.29.6/include/linux/types.h linux-2.6.29.6/include/linux/types.h
+--- linux-2.6.29.6/include/linux/types.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/types.h	2009-07-23 17:34:32.197772567 -0400
+@@ -198,10 +198,26 @@ typedef struct {
+ 	volatile int counter;
+ } atomic_t;
+ 
++#ifdef CONFIG_PAX_REFCOUNT
++typedef struct {
++	volatile int counter;
++} atomic_unchecked_t;
++#else
++typedef atomic_t atomic_unchecked_t;
++#endif
++
+ #ifdef CONFIG_64BIT
+ typedef struct {
+ 	volatile long counter;
+ } atomic64_t;
++
++#ifdef CONFIG_PAX_REFCOUNT
++typedef struct {
++	volatile long counter;
++} atomic64_unchecked_t;
++#else
++typedef atomic64_t atomic64_unchecked_t;
++#endif
+ #endif
+ 
+ struct ustat {
+diff -urNp linux-2.6.29.6/include/linux/uaccess.h linux-2.6.29.6/include/linux/uaccess.h
+--- linux-2.6.29.6/include/linux/uaccess.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/uaccess.h	2009-07-23 17:34:32.197772567 -0400
+@@ -76,11 +76,11 @@ static inline unsigned long __copy_from_
+ 		long ret;				\
+ 		mm_segment_t old_fs = get_fs();		\
+ 							\
+-		set_fs(KERNEL_DS);			\
+ 		pagefault_disable();			\
++		set_fs(KERNEL_DS);			\
+ 		ret = __copy_from_user_inatomic(&(retval), (__force typeof(retval) __user *)(addr), sizeof(retval));		\
+-		pagefault_enable();			\
+ 		set_fs(old_fs);				\
++		pagefault_enable();			\
+ 		ret;					\
+ 	})
+ 
+diff -urNp linux-2.6.29.6/include/linux/vmalloc.h linux-2.6.29.6/include/linux/vmalloc.h
+--- linux-2.6.29.6/include/linux/vmalloc.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/linux/vmalloc.h	2009-07-23 17:34:32.197772567 -0400
+@@ -13,6 +13,11 @@ struct vm_area_struct;		/* vma defining 
+ #define VM_MAP		0x00000004	/* vmap()ed pages */
+ #define VM_USERMAP	0x00000008	/* suitable for remap_vmalloc_range */
+ #define VM_VPAGES	0x00000010	/* buffer for pages was vmalloc'ed */
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#define VM_KERNEXEC	0x00000020	/* allocate from executable kernel memory range */
++#endif
++
+ /* bits [20..32] reserved for arch specific ioremap internals */
+ 
+ /*
+@@ -111,4 +116,75 @@ extern long vwrite(char *buf, char *addr
+ extern rwlock_t vmlist_lock;
+ extern struct vm_struct *vmlist;
+ 
++#define vmalloc(x) \
++        ({ \
++                void *___retval; \
++                intoverflow_t ___x = (intoverflow_t)x; \
++                if (likely(___x <= ULONG_MAX)) \
++                        ___retval = vmalloc((unsigned long)___x); \
++                else \
++                        ___retval = NULL; \
++                ___retval; \
++        })
++#define __vmalloc(x,y,z) \
++        ({ \
++                void *___retval; \
++                intoverflow_t ___x = (intoverflow_t)x; \
++                if (likely(___x <= ULONG_MAX)) \
++                        ___retval = __vmalloc((unsigned long)___x, y, z); \
++                else \
++                        ___retval = NULL; \
++                ___retval; \
++        })
++#define vmalloc_user(x) \
++        ({ \
++                void *___retval; \
++                intoverflow_t ___x = (intoverflow_t)x; \
++                if (likely(___x <= ULONG_MAX)) \
++                        ___retval = vmalloc_user((unsigned long)___x); \
++                else \
++                        ___retval = NULL; \
++                ___retval; \
++        })
++#define vmalloc_exec(x) \
++        ({ \
++                void *___retval; \
++                intoverflow_t ___x = (intoverflow_t)x; \
++                if (likely(___x <= ULONG_MAX)) \
++                        ___retval = vmalloc_exec((unsigned long)___x); \
++                else \
++                        ___retval = NULL; \
++                ___retval; \
++        })
++#define vmalloc_node(x,y) \
++        ({ \
++                void *___retval; \
++                intoverflow_t ___x = (intoverflow_t)x; \
++                if (likely(___x <= ULONG_MAX)) \
++                        ___retval = vmalloc_node((unsigned long)___x,y); \
++                else \
++                        ___retval = NULL; \
++                ___retval; \
++        })
++#define vmalloc_32(x) \
++        ({ \
++                void *___retval; \
++                intoverflow_t ___x = (intoverflow_t)x; \
++                if (likely(___x <= ULONG_MAX)) \
++                        ___retval = vmalloc_32((unsigned long)___x); \
++                else \
++                        ___retval = NULL; \
++                ___retval; \
++        })
++#define vmalloc_32_user(x) \
++        ({ \
++                void *___retval; \
++                intoverflow_t ___x = (intoverflow_t)x; \
++                if (likely(___x <= ULONG_MAX)) \
++                        ___retval = vmalloc_32_user((unsigned long)___x); \
++                else \
++                        ___retval = NULL; \
++                ___retval; \
++        })
++
+ #endif /* _LINUX_VMALLOC_H */
+diff -urNp linux-2.6.29.6/include/net/sctp/sctp.h linux-2.6.29.6/include/net/sctp/sctp.h
+--- linux-2.6.29.6/include/net/sctp/sctp.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/net/sctp/sctp.h	2009-07-23 17:34:32.198741602 -0400
+@@ -310,8 +310,8 @@ extern int sctp_debug_flag;
+ 
+ #else	/* SCTP_DEBUG */
+ 
+-#define SCTP_DEBUG_PRINTK(whatever...)
+-#define SCTP_DEBUG_PRINTK_IPADDR(whatever...)
++#define SCTP_DEBUG_PRINTK(whatever...) do {} while (0)
++#define SCTP_DEBUG_PRINTK_IPADDR(whatever...) do {} while (0)
+ #define SCTP_ENABLE_DEBUG
+ #define SCTP_DISABLE_DEBUG
+ #define SCTP_ASSERT(expr, str, func)
+diff -urNp linux-2.6.29.6/include/sound/core.h linux-2.6.29.6/include/sound/core.h
+--- linux-2.6.29.6/include/sound/core.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/sound/core.h	2009-07-23 17:34:32.198741602 -0400
+@@ -427,7 +427,7 @@ static inline int __snd_bug_on(int cond)
+  */
+ #define snd_printdd(format, args...) snd_printk(format, ##args)
+ #else
+-#define snd_printdd(format, args...) /* nothing */
++#define snd_printdd(format, args...) do {} while (0)
+ #endif
+ 
+ 
+diff -urNp linux-2.6.29.6/include/video/uvesafb.h linux-2.6.29.6/include/video/uvesafb.h
+--- linux-2.6.29.6/include/video/uvesafb.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/include/video/uvesafb.h	2009-07-23 17:34:32.198741602 -0400
+@@ -177,6 +177,7 @@ struct uvesafb_par {
+ 	u8 ypan;			/* 0 - nothing, 1 - ypan, 2 - ywrap */
+ 	u8 pmi_setpal;			/* PMI for palette changes */
+ 	u16 *pmi_base;			/* protected mode interface location */
++	u8 *pmi_code;			/* protected mode code location */
+ 	void *pmi_start;
+ 	void *pmi_pal;
+ 	u8 *vbe_state_orig;		/*
+diff -urNp linux-2.6.29.6/init/do_mounts.c linux-2.6.29.6/init/do_mounts.c
+--- linux-2.6.29.6/init/do_mounts.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/do_mounts.c	2009-07-23 17:34:32.198741602 -0400
+@@ -215,11 +215,11 @@ static void __init get_fs_names(char *pa
+ 
+ static int __init do_mount_root(char *name, char *fs, int flags, void *data)
+ {
+-	int err = sys_mount(name, "/root", fs, flags, data);
++	int err = sys_mount((char __user *)name, (char __user *)"/root", (char __user *)fs, flags, (void __user *)data);
+ 	if (err)
+ 		return err;
+ 
+-	sys_chdir("/root");
++	sys_chdir((char __user *)"/root");
+ 	ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev;
+ 	printk("VFS: Mounted root (%s filesystem)%s on device %u:%u.\n",
+ 	       current->fs->pwd.mnt->mnt_sb->s_type->name,
+@@ -309,18 +309,18 @@ void __init change_floppy(char *fmt, ...
+ 	va_start(args, fmt);
+ 	vsprintf(buf, fmt, args);
+ 	va_end(args);
+-	fd = sys_open("/dev/root", O_RDWR | O_NDELAY, 0);
++	fd = sys_open((char __user *)"/dev/root", O_RDWR | O_NDELAY, 0);
+ 	if (fd >= 0) {
+ 		sys_ioctl(fd, FDEJECT, 0);
+ 		sys_close(fd);
+ 	}
+ 	printk(KERN_NOTICE "VFS: Insert %s and press ENTER\n", buf);
+-	fd = sys_open("/dev/console", O_RDWR, 0);
++	fd = sys_open((char __user *)"/dev/console", O_RDWR, 0);
+ 	if (fd >= 0) {
+ 		sys_ioctl(fd, TCGETS, (long)&termios);
+ 		termios.c_lflag &= ~ICANON;
+ 		sys_ioctl(fd, TCSETSF, (long)&termios);
+-		sys_read(fd, &c, 1);
++		sys_read(fd, (char __user *)&c, 1);
+ 		termios.c_lflag |= ICANON;
+ 		sys_ioctl(fd, TCSETSF, (long)&termios);
+ 		sys_close(fd);
+@@ -413,7 +413,7 @@ void __init prepare_namespace(void)
+ 
+ 	mount_root();
+ out:
+-	sys_mount(".", "/", NULL, MS_MOVE, NULL);
+-	sys_chroot(".");
++	sys_mount((char __user *)".", (char __user *)"/", NULL, MS_MOVE, NULL);
++	sys_chroot((char __user *)".");
+ }
+ 
+diff -urNp linux-2.6.29.6/init/do_mounts.h linux-2.6.29.6/init/do_mounts.h
+--- linux-2.6.29.6/init/do_mounts.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/do_mounts.h	2009-07-23 17:34:32.198741602 -0400
+@@ -14,15 +14,15 @@ extern int root_mountflags;
+ 
+ static inline int create_dev(char *name, dev_t dev)
+ {
+-	sys_unlink(name);
+-	return sys_mknod(name, S_IFBLK|0600, new_encode_dev(dev));
++	sys_unlink((char __user *)name);
++	return sys_mknod((char __user *)name, S_IFBLK|0600, new_encode_dev(dev));
+ }
+ 
+ #if BITS_PER_LONG == 32
+ static inline u32 bstat(char *name)
+ {
+ 	struct stat64 stat;
+-	if (sys_stat64(name, &stat) != 0)
++	if (sys_stat64((char __user *)name, (struct stat64 __user *)&stat) != 0)
+ 		return 0;
+ 	if (!S_ISBLK(stat.st_mode))
+ 		return 0;
+diff -urNp linux-2.6.29.6/init/do_mounts_initrd.c linux-2.6.29.6/init/do_mounts_initrd.c
+--- linux-2.6.29.6/init/do_mounts_initrd.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/do_mounts_initrd.c	2009-07-23 17:34:32.199729497 -0400
+@@ -32,7 +32,7 @@ static int __init do_linuxrc(void * shel
+ 	sys_close(old_fd);sys_close(root_fd);
+ 	sys_close(0);sys_close(1);sys_close(2);
+ 	sys_setsid();
+-	(void) sys_open("/dev/console",O_RDWR,0);
++	(void) sys_open((const char __user *)"/dev/console",O_RDWR,0);
+ 	(void) sys_dup(0);
+ 	(void) sys_dup(0);
+ 	return kernel_execve(shell, argv, envp_init);
+@@ -47,13 +47,13 @@ static void __init handle_initrd(void)
+ 	create_dev("/dev/root.old", Root_RAM0);
+ 	/* mount initrd on rootfs' /root */
+ 	mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
+-	sys_mkdir("/old", 0700);
+-	root_fd = sys_open("/", 0, 0);
+-	old_fd = sys_open("/old", 0, 0);
++	sys_mkdir((const char __user *)"/old", 0700);
++	root_fd = sys_open((const char __user *)"/", 0, 0);
++	old_fd = sys_open((const char __user *)"/old", 0, 0);
+ 	/* move initrd over / and chdir/chroot in initrd root */
+-	sys_chdir("/root");
+-	sys_mount(".", "/", NULL, MS_MOVE, NULL);
+-	sys_chroot(".");
++	sys_chdir((const char __user *)"/root");
++	sys_mount((char __user *)".", (char __user *)"/", NULL, MS_MOVE, NULL);
++	sys_chroot((const char __user *)".");
+ 
+ 	/*
+ 	 * In case that a resume from disk is carried out by linuxrc or one of
+@@ -70,15 +70,15 @@ static void __init handle_initrd(void)
+ 
+ 	/* move initrd to rootfs' /old */
+ 	sys_fchdir(old_fd);
+-	sys_mount("/", ".", NULL, MS_MOVE, NULL);
++	sys_mount((char __user *)"/", (char __user *)".", NULL, MS_MOVE, NULL);
+ 	/* switch root and cwd back to / of rootfs */
+ 	sys_fchdir(root_fd);
+-	sys_chroot(".");
++	sys_chroot((const char __user *)".");
+ 	sys_close(old_fd);
+ 	sys_close(root_fd);
+ 
+ 	if (new_decode_dev(real_root_dev) == Root_RAM0) {
+-		sys_chdir("/old");
++		sys_chdir((const char __user *)"/old");
+ 		return;
+ 	}
+ 
+@@ -86,17 +86,17 @@ static void __init handle_initrd(void)
+ 	mount_root();
+ 
+ 	printk(KERN_NOTICE "Trying to move old root to /initrd ... ");
+-	error = sys_mount("/old", "/root/initrd", NULL, MS_MOVE, NULL);
++	error = sys_mount((char __user *)"/old", (char __user *)"/root/initrd", NULL, MS_MOVE, NULL);
+ 	if (!error)
+ 		printk("okay\n");
+ 	else {
+-		int fd = sys_open("/dev/root.old", O_RDWR, 0);
++		int fd = sys_open((const char __user *)"/dev/root.old", O_RDWR, 0);
+ 		if (error == -ENOENT)
+ 			printk("/initrd does not exist. Ignored.\n");
+ 		else
+ 			printk("failed\n");
+ 		printk(KERN_NOTICE "Unmounting old root\n");
+-		sys_umount("/old", MNT_DETACH);
++		sys_umount((char __user *)"/old", MNT_DETACH);
+ 		printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
+ 		if (fd < 0) {
+ 			error = fd;
+@@ -119,11 +119,11 @@ int __init initrd_load(void)
+ 		 * mounted in the normal path.
+ 		 */
+ 		if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
+-			sys_unlink("/initrd.image");
++			sys_unlink((const char __user *)"/initrd.image");
+ 			handle_initrd();
+ 			return 1;
+ 		}
+ 	}
+-	sys_unlink("/initrd.image");
++	sys_unlink((const char __user *)"/initrd.image");
+ 	return 0;
+ }
+diff -urNp linux-2.6.29.6/init/do_mounts_md.c linux-2.6.29.6/init/do_mounts_md.c
+--- linux-2.6.29.6/init/do_mounts_md.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/do_mounts_md.c	2009-07-23 17:34:32.199729497 -0400
+@@ -171,7 +171,7 @@ static void __init md_setup_drive(void)
+ 			partitioned ? "_d" : "", minor,
+ 			md_setup_args[ent].device_names);
+ 
+-		fd = sys_open(name, 0, 0);
++		fd = sys_open((char __user *)name, 0, 0);
+ 		if (fd < 0) {
+ 			printk(KERN_ERR "md: open failed - cannot start "
+ 					"array %s\n", name);
+@@ -234,7 +234,7 @@ static void __init md_setup_drive(void)
+ 			 * array without it
+ 			 */
+ 			sys_close(fd);
+-			fd = sys_open(name, 0, 0);
++			fd = sys_open((char __user *)name, 0, 0);
+ 			sys_ioctl(fd, BLKRRPART, 0);
+ 		}
+ 		sys_close(fd);
+@@ -284,7 +284,7 @@ static void __init autodetect_raid(void)
+ 
+ 	wait_for_device_probe();
+ 
+-	fd = sys_open("/dev/md0", 0, 0);
++	fd = sys_open((char __user *)"/dev/md0", 0, 0);
+ 	if (fd >= 0) {
+ 		sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
+ 		sys_close(fd);
+diff -urNp linux-2.6.29.6/init/initramfs.c linux-2.6.29.6/init/initramfs.c
+--- linux-2.6.29.6/init/initramfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/initramfs.c	2009-07-23 17:34:32.199729497 -0400
+@@ -276,7 +276,7 @@ static int __init maybe_link(void)
+ 	if (nlink >= 2) {
+ 		char *old = find_link(major, minor, ino, mode, collected);
+ 		if (old)
+-			return (sys_link(old, collected) < 0) ? -1 : 1;
++			return (sys_link((char __user *)old, (char __user *)collected) < 0) ? -1 : 1;
+ 	}
+ 	return 0;
+ }
+@@ -285,11 +285,11 @@ static void __init clean_path(char *path
+ {
+ 	struct stat st;
+ 
+-	if (!sys_newlstat(path, &st) && (st.st_mode^mode) & S_IFMT) {
++	if (!sys_newlstat((char __user *)path, (struct stat __user *)&st) && (st.st_mode^mode) & S_IFMT) {
+ 		if (S_ISDIR(st.st_mode))
+-			sys_rmdir(path);
++			sys_rmdir((char __user *)path);
+ 		else
+-			sys_unlink(path);
++			sys_unlink((char __user *)path);
+ 	}
+ }
+ 
+@@ -312,7 +312,7 @@ static int __init do_name(void)
+ 			int openflags = O_WRONLY|O_CREAT;
+ 			if (ml != 1)
+ 				openflags |= O_TRUNC;
+-			wfd = sys_open(collected, openflags, mode);
++			wfd = sys_open((char __user *)collected, openflags, mode);
+ 
+ 			if (wfd >= 0) {
+ 				sys_fchown(wfd, uid, gid);
+@@ -323,16 +323,16 @@ static int __init do_name(void)
+ 			}
+ 		}
+ 	} else if (S_ISDIR(mode)) {
+-		sys_mkdir(collected, mode);
+-		sys_chown(collected, uid, gid);
+-		sys_chmod(collected, mode);
++		sys_mkdir((char __user *)collected, mode);
++		sys_chown((char __user *)collected, uid, gid);
++		sys_chmod((char __user *)collected, mode);
+ 		dir_add(collected, mtime);
+ 	} else if (S_ISBLK(mode) || S_ISCHR(mode) ||
+ 		   S_ISFIFO(mode) || S_ISSOCK(mode)) {
+ 		if (maybe_link() == 0) {
+-			sys_mknod(collected, mode, rdev);
+-			sys_chown(collected, uid, gid);
+-			sys_chmod(collected, mode);
++			sys_mknod((char __user *)collected, mode, rdev);
++			sys_chown((char __user *)collected, uid, gid);
++			sys_chmod((char __user *)collected, mode);
+ 			do_utime(collected, mtime);
+ 		}
+ 	}
+@@ -342,7 +342,7 @@ static int __init do_name(void)
+ static int __init do_copy(void)
+ {
+ 	if (count >= body_len) {
+-		sys_write(wfd, victim, body_len);
++		sys_write(wfd, (char __user *)victim, body_len);
+ 		sys_close(wfd);
+ 		do_utime(vcollected, mtime);
+ 		kfree(vcollected);
+@@ -350,7 +350,7 @@ static int __init do_copy(void)
+ 		state = SkipIt;
+ 		return 0;
+ 	} else {
+-		sys_write(wfd, victim, count);
++		sys_write(wfd, (char __user *)victim, count);
+ 		body_len -= count;
+ 		eat(count);
+ 		return 1;
+@@ -361,8 +361,8 @@ static int __init do_symlink(void)
+ {
+ 	collected[N_ALIGN(name_len) + body_len] = '\0';
+ 	clean_path(collected, 0);
+-	sys_symlink(collected + N_ALIGN(name_len), collected);
+-	sys_lchown(collected, uid, gid);
++	sys_symlink((char __user *)collected + N_ALIGN(name_len), (char __user *)collected);
++	sys_lchown((char __user *)collected, uid, gid);
+ 	do_utime(collected, mtime);
+ 	state = SkipIt;
+ 	next_state = Reset;
+diff -urNp linux-2.6.29.6/init/Kconfig linux-2.6.29.6/init/Kconfig
+--- linux-2.6.29.6/init/Kconfig	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/Kconfig	2009-07-23 17:34:32.199729497 -0400
+@@ -712,6 +712,7 @@ config SYSCTL_SYSCALL
+ config KALLSYMS
+ 	 bool "Load all symbols for debugging/ksymoops" if EMBEDDED
+ 	 default y
++	 depends on !GRKERNSEC_HIDESYM
+ 	 help
+ 	   Say Y here to let the kernel print out symbolic crash information and
+ 	   symbolic stack backtraces. This increases the size of the kernel
+@@ -887,7 +888,7 @@ config SLUB_DEBUG
+ 
+ config COMPAT_BRK
+ 	bool "Disable heap randomization"
+-	default y
++	default n
+ 	help
+ 	  Randomizing heap placement makes heap exploits harder, but it
+ 	  also breaks ancient binaries (including anything libc5 based).
+@@ -960,9 +961,9 @@ config HAVE_GENERIC_DMA_COHERENT
+ 
+ config SLABINFO
+ 	bool
+-	depends on PROC_FS
++	depends on PROC_FS && !GRKERNSEC_PROC_ADD
+ 	depends on SLAB || SLUB_DEBUG
+-	default y
++	default n
+ 
+ config RT_MUTEXES
+ 	boolean
+diff -urNp linux-2.6.29.6/init/main.c linux-2.6.29.6/init/main.c
+--- linux-2.6.29.6/init/main.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/main.c	2009-07-23 17:34:32.200835198 -0400
+@@ -96,6 +96,7 @@ static inline void mark_rodata_ro(void) 
+ #ifdef CONFIG_TC
+ extern void tc_init(void);
+ #endif
++extern void grsecurity_init(void);
+ 
+ enum system_states system_state __read_mostly;
+ EXPORT_SYMBOL(system_state);
+@@ -182,6 +183,40 @@ static int __init set_reset_devices(char
+ 
+ __setup("reset_devices", set_reset_devices);
+ 
++#if defined(CONFIG_PAX_MEMORY_UDEREF) && defined(CONFIG_X86_32)
++static int __init setup_pax_nouderef(char *str)
++{
++	unsigned int cpu;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++
++	pax_open_kernel(cr0);
++#endif
++
++	for (cpu = 0; cpu < NR_CPUS; cpu++)
++		get_cpu_gdt_table(cpu)[GDT_ENTRY_KERNEL_DS].b = 0x00cf9300;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
++	return 1;
++}
++__setup("pax_nouderef", setup_pax_nouderef);
++#endif
++
++#ifdef CONFIG_PAX_SOFTMODE
++unsigned int pax_softmode;
++
++static int __init setup_pax_softmode(char *str)
++{
++	get_option(&str, &pax_softmode);
++	return 1;
++}
++__setup("pax_softmode=", setup_pax_softmode);
++#endif
++
+ static char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
+ char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
+ static const char *panic_later, *panic_param;
+@@ -375,7 +410,7 @@ static void __init setup_nr_cpu_ids(void
+ }
+ 
+ #ifndef CONFIG_HAVE_SETUP_PER_CPU_AREA
+-unsigned long __per_cpu_offset[NR_CPUS] __read_mostly;
++unsigned long __per_cpu_offset[NR_CPUS] __read_only;
+ 
+ EXPORT_SYMBOL(__per_cpu_offset);
+ 
+@@ -694,6 +729,7 @@ int do_one_initcall(initcall_t fn)
+ {
+ 	int count = preempt_count();
+ 	ktime_t calltime, delta, rettime;
++	const char *msg1 = "", *msg2 = "";
+ 	char msgbuf[64];
+ 	struct boot_trace_call call;
+ 	struct boot_trace_ret ret;
+@@ -724,15 +760,15 @@ int do_one_initcall(initcall_t fn)
+ 		sprintf(msgbuf, "error code %d ", ret.result);
+ 
+ 	if (preempt_count() != count) {
+-		strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf));
++		msg1 = " preemption imbalance";
+ 		preempt_count() = count;
+ 	}
+ 	if (irqs_disabled()) {
+-		strlcat(msgbuf, "disabled interrupts ", sizeof(msgbuf));
++		msg2 = " disabled interrupts";
+ 		local_irq_enable();
+ 	}
+-	if (msgbuf[0]) {
+-		printk("initcall %pF returned with %s\n", fn, msgbuf);
++	if (msgbuf[0] || *msg1 || *msg2) {
++		printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2);
+ 	}
+ 
+ 	return ret.result;
+@@ -873,6 +909,8 @@ static int __init kernel_init(void * unu
+ 		prepare_namespace();
+ 	}
+ 
++	grsecurity_init();
++
+ 	/*
+ 	 * Ok, we have completed the initial bootup, and
+ 	 * we're essentially up and running. Get rid of the
+diff -urNp linux-2.6.29.6/init/noinitramfs.c linux-2.6.29.6/init/noinitramfs.c
+--- linux-2.6.29.6/init/noinitramfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/init/noinitramfs.c	2009-07-23 17:34:32.200835198 -0400
+@@ -29,7 +29,7 @@ static int __init default_rootfs(void)
+ {
+ 	int err;
+ 
+-	err = sys_mkdir("/dev", 0755);
++	err = sys_mkdir((const char __user *)"/dev", 0755);
+ 	if (err < 0)
+ 		goto out;
+ 
+@@ -39,7 +39,7 @@ static int __init default_rootfs(void)
+ 	if (err < 0)
+ 		goto out;
+ 
+-	err = sys_mkdir("/root", 0700);
++	err = sys_mkdir((const char __user *)"/root", 0700);
+ 	if (err < 0)
+ 		goto out;
+ 
+diff -urNp linux-2.6.29.6/ipc/ipc_sysctl.c linux-2.6.29.6/ipc/ipc_sysctl.c
+--- linux-2.6.29.6/ipc/ipc_sysctl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/ipc/ipc_sysctl.c	2009-07-23 17:34:32.200835198 -0400
+@@ -267,7 +267,7 @@ static struct ctl_table ipc_kern_table[]
+ 		.extra1		= &zero,
+ 		.extra2		= &one,
+ 	},
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static struct ctl_table ipc_root_table[] = {
+@@ -277,7 +277,7 @@ static struct ctl_table ipc_root_table[]
+ 		.mode		= 0555,
+ 		.child		= ipc_kern_table,
+ 	},
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static int __init ipc_sysctl_init(void)
+diff -urNp linux-2.6.29.6/ipc/mqueue.c linux-2.6.29.6/ipc/mqueue.c
+--- linux-2.6.29.6/ipc/mqueue.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/ipc/mqueue.c	2009-07-23 18:40:28.718303595 -0400
+@@ -90,7 +90,7 @@ struct mqueue_inode_info {
+ 
+ static const struct inode_operations mqueue_dir_inode_operations;
+ static const struct file_operations mqueue_file_operations;
+-static struct super_operations mqueue_super_ops;
++static const struct super_operations mqueue_super_ops;
+ static void remove_notification(struct mqueue_inode_info *info);
+ 
+ static spinlock_t mq_lock;
+@@ -151,6 +151,7 @@ static struct inode *mqueue_get_inode(st
+ 			mq_bytes = (mq_msg_tblsz +
+ 				(info->attr.mq_maxmsg * info->attr.mq_msgsize));
+ 
++			gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1);
+ 			spin_lock(&mq_lock);
+ 			if (u->mq_bytes + mq_bytes < u->mq_bytes ||
+ 		 	    u->mq_bytes + mq_bytes >
+@@ -1189,7 +1190,7 @@ static const struct file_operations mque
+ 	.read = mqueue_read_file,
+ };
+ 
+-static struct super_operations mqueue_super_ops = {
++static const struct super_operations mqueue_super_ops = {
+ 	.alloc_inode = mqueue_alloc_inode,
+ 	.destroy_inode = mqueue_destroy_inode,
+ 	.statfs = simple_statfs,
+diff -urNp linux-2.6.29.6/ipc/msg.c linux-2.6.29.6/ipc/msg.c
+--- linux-2.6.29.6/ipc/msg.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/ipc/msg.c	2009-07-23 17:34:32.201947567 -0400
+@@ -314,6 +314,7 @@ SYSCALL_DEFINE2(msgget, key_t, key, int,
+ 	struct ipc_namespace *ns;
+ 	struct ipc_ops msg_ops;
+ 	struct ipc_params msg_params;
++	long err;
+ 
+ 	ns = current->nsproxy->ipc_ns;
+ 
+@@ -324,7 +325,11 @@ SYSCALL_DEFINE2(msgget, key_t, key, int,
+ 	msg_params.key = key;
+ 	msg_params.flg = msgflg;
+ 
+-	return ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params);
++	err = ipcget(ns, &msg_ids(ns), &msg_ops, &msg_params);
++
++	gr_log_msgget(err, msgflg);
++
++	return err;
+ }
+ 
+ static inline unsigned long
+@@ -434,6 +439,7 @@ static int msgctl_down(struct ipc_namesp
+ 
+ 	switch (cmd) {
+ 	case IPC_RMID:
++		gr_log_msgrm(ipcp->uid, ipcp->cuid);
+ 		freeque(ns, ipcp);
+ 		goto out_up;
+ 	case IPC_SET:
+diff -urNp linux-2.6.29.6/ipc/sem.c linux-2.6.29.6/ipc/sem.c
+--- linux-2.6.29.6/ipc/sem.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/ipc/sem.c	2009-07-23 17:34:32.201947567 -0400
+@@ -313,6 +313,7 @@ SYSCALL_DEFINE3(semget, key_t, key, int,
+ 	struct ipc_namespace *ns;
+ 	struct ipc_ops sem_ops;
+ 	struct ipc_params sem_params;
++	long err;
+ 
+ 	ns = current->nsproxy->ipc_ns;
+ 
+@@ -327,7 +328,11 @@ SYSCALL_DEFINE3(semget, key_t, key, int,
+ 	sem_params.flg = semflg;
+ 	sem_params.u.nsems = nsems;
+ 
+-	return ipcget(ns, &sem_ids(ns), &sem_ops, &sem_params);
++	err = ipcget(ns, &sem_ids(ns), &sem_ops, &sem_params);
++
++	gr_log_semget(err, semflg);
++
++	return err;
+ }
+ 
+ /*
+@@ -870,6 +875,7 @@ static int semctl_down(struct ipc_namesp
+ 
+ 	switch(cmd){
+ 	case IPC_RMID:
++		gr_log_semrm(ipcp->uid, ipcp->cuid);
+ 		freeary(ns, ipcp);
+ 		goto out_up;
+ 	case IPC_SET:
+diff -urNp linux-2.6.29.6/ipc/shm.c linux-2.6.29.6/ipc/shm.c
+--- linux-2.6.29.6/ipc/shm.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/ipc/shm.c	2009-07-23 19:29:38.792396623 -0400
+@@ -54,7 +54,7 @@ struct shm_file_data {
+ #define shm_file_data(file) (*((struct shm_file_data **)&(file)->private_data))
+ 
+ static const struct file_operations shm_file_operations;
+-static struct vm_operations_struct shm_vm_ops;
++static const struct vm_operations_struct shm_vm_ops;
+ 
+ #define shm_ids(ns)	((ns)->ids[IPC_SHM_IDS])
+ 
+@@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_name
+ static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
+ #endif
+ 
++#ifdef CONFIG_GRKERNSEC
++extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
++			   const time_t shm_createtime, const uid_t cuid,
++			   const int shmid);
++extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid,
++			   const time_t shm_createtime);
++#endif
++
+ void shm_init_ns(struct ipc_namespace *ns)
+ {
+ 	ns->shm_ctlmax = SHMMAX;
+@@ -87,6 +95,8 @@ static void do_shm_rmid(struct ipc_names
+ 	struct shmid_kernel *shp;
+ 	shp = container_of(ipcp, struct shmid_kernel, shm_perm);
+ 
++	gr_log_shmrm(shp->shm_perm.uid, shp->shm_perm.cuid);
++
+ 	if (shp->shm_nattch){
+ 		shp->shm_perm.mode |= SHM_DEST;
+ 		/* Do not find it any more */
+@@ -311,7 +321,7 @@ static const struct file_operations shm_
+ 	.get_unmapped_area	= shm_get_unmapped_area,
+ };
+ 
+-static struct vm_operations_struct shm_vm_ops = {
++static const struct vm_operations_struct shm_vm_ops = {
+ 	.open	= shm_open,	/* callback for a new vm-area open */
+ 	.close	= shm_close,	/* callback for when the vm-area is released */
+ 	.fault	= shm_fault,
+@@ -394,6 +404,14 @@ static int newseg(struct ipc_namespace *
+ 	shp->shm_lprid = 0;
+ 	shp->shm_atim = shp->shm_dtim = 0;
+ 	shp->shm_ctim = get_seconds();
++#ifdef CONFIG_GRKERNSEC
++	{
++		struct timespec timeval;
++		do_posix_clock_monotonic_gettime(&timeval);
++
++		shp->shm_createtime = timeval.tv_sec;
++	}
++#endif
+ 	shp->shm_segsz = size;
+ 	shp->shm_nattch = 0;
+ 	shp->shm_file = file;
+@@ -447,6 +465,7 @@ SYSCALL_DEFINE3(shmget, key_t, key, size
+ 	struct ipc_namespace *ns;
+ 	struct ipc_ops shm_ops;
+ 	struct ipc_params shm_params;
++	long err;
+ 
+ 	ns = current->nsproxy->ipc_ns;
+ 
+@@ -458,7 +477,11 @@ SYSCALL_DEFINE3(shmget, key_t, key, size
+ 	shm_params.flg = shmflg;
+ 	shm_params.u.size = size;
+ 
+-	return ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params);
++	err = ipcget(ns, &shm_ids(ns), &shm_ops, &shm_params);
++
++	gr_log_shmget(err, shmflg, size);
++
++	return err;
+ }
+ 
+ static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_ds *in, int version)
+@@ -873,9 +896,21 @@ long do_shmat(int shmid, char __user *sh
+ 	if (err)
+ 		goto out_unlock;
+ 
++#ifdef CONFIG_GRKERNSEC
++	if (!gr_handle_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime,
++			     shp->shm_perm.cuid, shmid) ||
++	    !gr_chroot_shmat(shp->shm_cprid, shp->shm_lapid, shp->shm_createtime)) {
++		err = -EACCES;
++		goto out_unlock;
++	}
++#endif
++
+ 	path.dentry = dget(shp->shm_file->f_path.dentry);
+ 	path.mnt    = shp->shm_file->f_path.mnt;
+ 	shp->shm_nattch++;
++#ifdef CONFIG_GRKERNSEC
++	shp->shm_lapid = current->pid;
++#endif
+ 	size = i_size_read(path.dentry->d_inode);
+ 	shm_unlock(shp);
+ 
+diff -urNp linux-2.6.29.6/ipc/util.c linux-2.6.29.6/ipc/util.c
+--- linux-2.6.29.6/ipc/util.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/ipc/util.c	2009-07-23 18:40:28.718303595 -0400
+@@ -951,7 +951,7 @@ static int sysvipc_proc_show(struct seq_
+ 	return iface->show(s, it);
+ }
+ 
+-static struct seq_operations sysvipc_proc_seqops = {
++static const struct seq_operations sysvipc_proc_seqops = {
+ 	.start = sysvipc_proc_start,
+ 	.stop  = sysvipc_proc_stop,
+ 	.next  = sysvipc_proc_next,
+diff -urNp linux-2.6.29.6/kernel/acct.c linux-2.6.29.6/kernel/acct.c
+--- linux-2.6.29.6/kernel/acct.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/acct.c	2009-07-23 17:34:32.202812463 -0400
+@@ -574,7 +574,7 @@ static void do_acct_process(struct bsd_a
+ 	 */
+ 	flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
+ 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
+-	file->f_op->write(file, (char *)&ac,
++	file->f_op->write(file, (char __user *)&ac,
+ 			       sizeof(acct_t), &file->f_pos);
+ 	current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
+ 	set_fs(fs);
+diff -urNp linux-2.6.29.6/kernel/capability.c linux-2.6.29.6/kernel/capability.c
+--- linux-2.6.29.6/kernel/capability.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/capability.c	2009-07-23 17:34:32.203740622 -0400
+@@ -306,10 +306,21 @@ int capable(int cap)
+ 		BUG();
+ 	}
+ 
+-	if (security_capable(cap) == 0) {
++	if (security_capable(cap) == 0 && gr_is_capable(cap)) {
+ 		current->flags |= PF_SUPERPRIV;
+ 		return 1;
+ 	}
+ 	return 0;
+ }
++
++int capable_nolog(int cap)
++{
++	if (security_capable(cap) == 0 && gr_is_capable_nolog(cap)) {
++		current->flags |= PF_SUPERPRIV;
++		return 1;
++	}
++	return 0;
++}
++
+ EXPORT_SYMBOL(capable);
++EXPORT_SYMBOL(capable_nolog);
+diff -urNp linux-2.6.29.6/kernel/cgroup.c linux-2.6.29.6/kernel/cgroup.c
+--- linux-2.6.29.6/kernel/cgroup.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/cgroup.c	2009-07-23 18:40:28.719355936 -0400
+@@ -560,8 +560,8 @@ void cgroup_unlock(void)
+ static int cgroup_mkdir(struct inode *dir, struct dentry *dentry, int mode);
+ static int cgroup_rmdir(struct inode *unused_dir, struct dentry *dentry);
+ static int cgroup_populate_dir(struct cgroup *cgrp);
+-static struct inode_operations cgroup_dir_inode_operations;
+-static struct file_operations proc_cgroupstats_operations;
++static const struct inode_operations cgroup_dir_inode_operations;
++static const struct file_operations proc_cgroupstats_operations;
+ 
+ static struct backing_dev_info cgroup_backing_dev_info = {
+ 	.capabilities	= BDI_CAP_NO_ACCT_AND_WRITEBACK,
+@@ -872,7 +872,7 @@ static int cgroup_remount(struct super_b
+ 	return ret;
+ }
+ 
+-static struct super_operations cgroup_ops = {
++static const struct super_operations cgroup_ops = {
+ 	.statfs = simple_statfs,
+ 	.drop_inode = generic_delete_inode,
+ 	.show_options = cgroup_show_options,
+@@ -1550,7 +1550,7 @@ static int cgroup_seqfile_release(struct
+ 	return single_release(inode, file);
+ }
+ 
+-static struct file_operations cgroup_seqfile_operations = {
++static const struct file_operations cgroup_seqfile_operations = {
+ 	.read = seq_read,
+ 	.write = cgroup_file_write,
+ 	.llseek = seq_lseek,
+@@ -1609,7 +1609,7 @@ static int cgroup_rename(struct inode *o
+ 	return simple_rename(old_dir, old_dentry, new_dir, new_dentry);
+ }
+ 
+-static struct file_operations cgroup_file_operations = {
++static const struct file_operations cgroup_file_operations = {
+ 	.read = cgroup_file_read,
+ 	.write = cgroup_file_write,
+ 	.llseek = generic_file_llseek,
+@@ -1617,7 +1617,7 @@ static struct file_operations cgroup_fil
+ 	.release = cgroup_file_release,
+ };
+ 
+-static struct inode_operations cgroup_dir_inode_operations = {
++static const struct inode_operations cgroup_dir_inode_operations = {
+ 	.lookup = simple_lookup,
+ 	.mkdir = cgroup_mkdir,
+ 	.rmdir = cgroup_rmdir,
+@@ -2171,7 +2171,7 @@ static int cgroup_tasks_show(struct seq_
+ 	return seq_printf(s, "%d\n", *(int *)v);
+ }
+ 
+-static struct seq_operations cgroup_tasks_seq_operations = {
++static const struct seq_operations cgroup_tasks_seq_operations = {
+ 	.start = cgroup_tasks_start,
+ 	.stop = cgroup_tasks_stop,
+ 	.next = cgroup_tasks_next,
+@@ -2201,7 +2201,7 @@ static int cgroup_tasks_release(struct i
+ 	return seq_release(inode, file);
+ }
+ 
+-static struct file_operations cgroup_tasks_operations = {
++static const struct file_operations cgroup_tasks_operations = {
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+ 	.write = cgroup_file_write,
+@@ -2796,7 +2796,7 @@ static int cgroup_open(struct inode *ino
+ 	return single_open(file, proc_cgroup_show, pid);
+ }
+ 
+-struct file_operations proc_cgroup_operations = {
++const struct file_operations proc_cgroup_operations = {
+ 	.open		= cgroup_open,
+ 	.read		= seq_read,
+ 	.llseek		= seq_lseek,
+@@ -2825,7 +2825,7 @@ static int cgroupstats_open(struct inode
+ 	return single_open(file, proc_cgroupstats_show, NULL);
+ }
+ 
+-static struct file_operations proc_cgroupstats_operations = {
++static const struct file_operations proc_cgroupstats_operations = {
+ 	.open = cgroupstats_open,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+diff -urNp linux-2.6.29.6/kernel/configs.c linux-2.6.29.6/kernel/configs.c
+--- linux-2.6.29.6/kernel/configs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/configs.c	2009-07-23 17:34:32.203740622 -0400
+@@ -73,8 +73,19 @@ static int __init ikconfig_init(void)
+ 	struct proc_dir_entry *entry;
+ 
+ 	/* create the current config file */
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	entry = proc_create("config.gz", S_IFREG | S_IRUSR, NULL,
++			    &ikconfig_file_ops);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	entry = proc_create("config.gz", S_IFREG | S_IRUSR | S_IRGRP, NULL,
++			    &ikconfig_file_ops);
++#endif
++#else
+ 	entry = proc_create("config.gz", S_IFREG | S_IRUGO, NULL,
+ 			    &ikconfig_file_ops);
++#endif
++
+ 	if (!entry)
+ 		return -ENOMEM;
+ 
+diff -urNp linux-2.6.29.6/kernel/cpu.c linux-2.6.29.6/kernel/cpu.c
+--- linux-2.6.29.6/kernel/cpu.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/cpu.c	2009-07-23 17:34:32.203740622 -0400
+@@ -19,7 +19,7 @@
+ /* Serializes the updates to cpu_online_mask, cpu_present_mask */
+ static DEFINE_MUTEX(cpu_add_remove_lock);
+ 
+-static __cpuinitdata RAW_NOTIFIER_HEAD(cpu_chain);
++static RAW_NOTIFIER_HEAD(cpu_chain);
+ 
+ /* If set, cpu_up and cpu_down will return -EBUSY and do nothing.
+  * Should always be manipulated under cpu_add_remove_lock
+diff -urNp linux-2.6.29.6/kernel/cred.c linux-2.6.29.6/kernel/cred.c
+--- linux-2.6.29.6/kernel/cred.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/cred.c	2009-07-23 17:34:32.203740622 -0400
+@@ -366,6 +366,8 @@ int commit_creds(struct cred *new)
+ 
+ 	get_cred(new); /* we will require a ref for the subj creds too */
+ 
++	gr_set_role_label(task, new->uid, new->gid);
++
+ 	/* dumpability changes */
+ 	if (old->euid != new->euid ||
+ 	    old->egid != new->egid ||
+diff -urNp linux-2.6.29.6/kernel/exit.c linux-2.6.29.6/kernel/exit.c
+--- linux-2.6.29.6/kernel/exit.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/exit.c	2009-07-23 17:34:32.204997623 -0400
+@@ -59,6 +59,10 @@ DEFINE_TRACE(sched_process_free);
+ DEFINE_TRACE(sched_process_exit);
+ DEFINE_TRACE(sched_process_wait);
+ 
++#ifdef CONFIG_GRKERNSEC
++extern rwlock_t grsec_exec_file_lock;
++#endif
++
+ static void exit_mm(struct task_struct * tsk);
+ 
+ static inline int task_detached(struct task_struct *p)
+@@ -172,6 +176,8 @@ void release_task(struct task_struct * p
+ 	struct task_struct *leader;
+ 	int zap_leader;
+ repeat:
++	gr_del_task_from_ip_table(p);
++
+ 	tracehook_prepare_release_task(p);
+ 	/* don't need to get the RCU readlock here - the process is dead and
+ 	 * can't be modifying its own credentials */
+@@ -338,11 +344,22 @@ static void reparent_to_kthreadd(void)
+ {
+ 	write_lock_irq(&tasklist_lock);
+ 
++#ifdef CONFIG_GRKERNSEC
++	write_lock(&grsec_exec_file_lock);
++	if (current->exec_file) {
++		fput(current->exec_file);
++		current->exec_file = NULL;
++	}
++	write_unlock(&grsec_exec_file_lock);
++#endif
++
+ 	ptrace_unlink(current);
+ 	/* Reparent to init */
+ 	current->real_parent = current->parent = kthreadd_task;
+ 	list_move_tail(&current->sibling, &current->real_parent->children);
+ 
++	gr_set_kernel_label(current);
++
+ 	/* Set the exit signal to SIGCHLD so we signal init on exit */
+ 	current->exit_signal = SIGCHLD;
+ 
+@@ -435,6 +452,17 @@ void daemonize(const char *name, ...)
+ 	vsnprintf(current->comm, sizeof(current->comm), name, args);
+ 	va_end(args);
+ 
++#ifdef CONFIG_GRKERNSEC
++	write_lock(&grsec_exec_file_lock);
++	if (current->exec_file) {
++		fput(current->exec_file);
++		current->exec_file = NULL;
++	}
++	write_unlock(&grsec_exec_file_lock);
++#endif
++
++	gr_set_kernel_label(current);
++
+ 	/*
+ 	 * If we were started as result of loading a module, close all of the
+ 	 * user space pages.  We don't need them, and if we didn't close them
+@@ -1034,6 +1062,9 @@ NORET_TYPE void do_exit(long code)
+ 	tsk->exit_code = code;
+ 	taskstats_exit(tsk, group_dead);
+ 
++	gr_acl_handle_psacct(tsk, code);
++	gr_acl_handle_exit();
++
+ 	exit_mm(tsk);
+ 
+ 	if (group_dead)
+@@ -1238,7 +1269,7 @@ static int wait_task_zombie(struct task_
+ 
+ 	if (unlikely(options & WNOWAIT)) {
+ 		int exit_code = p->exit_code;
+-		int why, status;
++		int why;
+ 
+ 		get_task_struct(p);
+ 		read_unlock(&tasklist_lock);
+diff -urNp linux-2.6.29.6/kernel/fork.c linux-2.6.29.6/kernel/fork.c
+--- linux-2.6.29.6/kernel/fork.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/fork.c	2009-07-23 17:34:32.205707403 -0400
+@@ -239,7 +239,7 @@ static struct task_struct *dup_task_stru
+ 	setup_thread_stack(tsk, orig);
+ 
+ #ifdef CONFIG_CC_STACKPROTECTOR
+-	tsk->stack_canary = get_random_int();
++	tsk->stack_canary = pax_get_random_long();
+ #endif
+ 
+ 	/* One for us, one for whoever does the "release_task()" (usually parent) */
+@@ -276,8 +276,8 @@ static int dup_mmap(struct mm_struct *mm
+ 	mm->locked_vm = 0;
+ 	mm->mmap = NULL;
+ 	mm->mmap_cache = NULL;
+-	mm->free_area_cache = oldmm->mmap_base;
+-	mm->cached_hole_size = ~0UL;
++	mm->free_area_cache = oldmm->free_area_cache;
++	mm->cached_hole_size = oldmm->cached_hole_size;
+ 	mm->map_count = 0;
+ 	cpus_clear(mm->cpu_vm_mask);
+ 	mm->mm_rb = RB_ROOT;
+@@ -314,6 +314,7 @@ static int dup_mmap(struct mm_struct *mm
+ 		tmp->vm_flags &= ~VM_LOCKED;
+ 		tmp->vm_mm = mm;
+ 		tmp->vm_next = NULL;
++		tmp->vm_mirror = NULL;
+ 		anon_vma_link(tmp);
+ 		file = tmp->vm_file;
+ 		if (file) {
+@@ -361,6 +362,31 @@ static int dup_mmap(struct mm_struct *mm
+ 		if (retval)
+ 			goto out;
+ 	}
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (oldmm->pax_flags & MF_PAX_SEGMEXEC) {
++		struct vm_area_struct *mpnt_m;
++
++		for (mpnt = oldmm->mmap, mpnt_m = mm->mmap; mpnt; mpnt = mpnt->vm_next, mpnt_m = mpnt_m->vm_next) {
++			BUG_ON(!mpnt_m || mpnt_m->vm_mirror || mpnt->vm_mm != oldmm || mpnt_m->vm_mm != mm);
++
++			if (!mpnt->vm_mirror)
++				continue;
++
++			if (mpnt->vm_end <= SEGMEXEC_TASK_SIZE) {
++				BUG_ON(mpnt->vm_mirror->vm_mirror != mpnt);
++				mpnt->vm_mirror = mpnt_m;
++			} else {
++				BUG_ON(mpnt->vm_mirror->vm_mirror == mpnt || mpnt->vm_mirror->vm_mirror->vm_mm != mm);
++				mpnt_m->vm_mirror = mpnt->vm_mirror->vm_mirror;
++				mpnt_m->vm_mirror->vm_mirror = mpnt_m;
++				mpnt->vm_mirror->vm_mirror = mpnt;
++			}
++		}
++		BUG_ON(mpnt_m);
++	}
++#endif
++
+ 	/* a new mm has just been created */
+ 	arch_dup_mmap(oldmm, mm);
+ 	retval = 0;
+@@ -541,9 +567,11 @@ void mm_release(struct task_struct *tsk,
+ #ifdef CONFIG_FUTEX
+ 	if (unlikely(tsk->robust_list))
+ 		exit_robust_list(tsk);
++	tsk->robust_list = NULL;
+ #ifdef CONFIG_COMPAT
+ 	if (unlikely(tsk->compat_robust_list))
+ 		compat_exit_robust_list(tsk);
++	tsk->compat_robust_list = NULL;
+ #endif
+ #endif
+ 
+@@ -565,7 +593,7 @@ void mm_release(struct task_struct *tsk,
+ 	if (tsk->clear_child_tid
+ 	    && !(tsk->flags & PF_SIGNALED)
+ 	    && atomic_read(&mm->mm_users) > 1) {
+-		u32 __user * tidptr = tsk->clear_child_tid;
++		pid_t __user * tidptr = tsk->clear_child_tid;
+ 		tsk->clear_child_tid = NULL;
+ 
+ 		/*
+@@ -573,7 +601,7 @@ void mm_release(struct task_struct *tsk,
+ 		 * not set up a proper pointer then tough luck.
+ 		 */
+ 		put_user(0, tidptr);
+-		sys_futex(tidptr, FUTEX_WAKE, 1, NULL, NULL, 0);
++		sys_futex((u32 __user *)tidptr, FUTEX_WAKE, 1, NULL, NULL, 0);
+ 	}
+ }
+ 
+@@ -686,7 +714,7 @@ static int copy_fs(unsigned long clone_f
+ 			write_unlock(&fs->lock);
+ 			return -EAGAIN;
+ 		}
+-		fs->users++;
++		atomic_inc(&fs->users);
+ 		write_unlock(&fs->lock);
+ 		return 0;
+ 	}
+@@ -978,6 +1006,9 @@ static struct task_struct *copy_process(
+ 	DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
+ #endif
+ 	retval = -EAGAIN;
++
++	gr_learn_resource(p, RLIMIT_NPROC, atomic_read(&p->real_cred->user->processes), 0);
++
+ 	if (atomic_read(&p->real_cred->user->processes) >=
+ 			p->signal->rlim[RLIMIT_NPROC].rlim_cur) {
+ 		if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
+@@ -1138,6 +1169,8 @@ static struct task_struct *copy_process(
+ 			goto bad_fork_free_graph;
+ 	}
+ 
++	gr_copy_label(p);
++
+ 	p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL;
+ 	/*
+ 	 * Clear TID on mm_release()?
+@@ -1306,6 +1339,8 @@ bad_fork_cleanup_count:
+ bad_fork_free:
+ 	free_task(p);
+ fork_out:
++	gr_log_forkfail(retval);
++
+ 	return ERR_PTR(retval);
+ }
+ 
+@@ -1399,6 +1434,8 @@ long do_fork(unsigned long clone_flags,
+ 		if (clone_flags & CLONE_PARENT_SETTID)
+ 			put_user(nr, parent_tidptr);
+ 
++		gr_handle_brute_check();
++
+ 		if (clone_flags & CLONE_VFORK) {
+ 			p->vfork_done = &vfork;
+ 			init_completion(&vfork);
+@@ -1530,7 +1567,7 @@ static int unshare_fs(unsigned long unsh
+ 		return 0;
+ 
+ 	/* don't need lock here; in the worst case we'll do useless copy */
+-	if (fs->users == 1)
++	if (atomic_read(&fs->users) == 1)
+ 		return 0;
+ 
+ 	*new_fsp = copy_fs_struct(fs);
+@@ -1653,7 +1690,7 @@ SYSCALL_DEFINE1(unshare, unsigned long, 
+ 			fs = current->fs;
+ 			write_lock(&fs->lock);
+ 			current->fs = new_fs;
+-			if (--fs->users)
++			if (atomic_dec_return(&fs->users))
+ 				new_fs = NULL;
+ 			else
+ 				new_fs = fs;
+diff -urNp linux-2.6.29.6/kernel/futex.c linux-2.6.29.6/kernel/futex.c
+--- linux-2.6.29.6/kernel/futex.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/futex.c	2009-07-23 17:34:32.205707403 -0400
+@@ -213,6 +213,11 @@ get_futex_key(u32 __user *uaddr, int fsh
+ 	struct page *page;
+ 	int err;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && address >= SEGMEXEC_TASK_SIZE)
++		return -EFAULT;
++#endif
++
+ 	/*
+ 	 * The futex address must be "naturally" aligned.
+ 	 */
+@@ -1306,7 +1311,7 @@ retry:
+ 
+ 	restart = &current_thread_info()->restart_block;
+ 	restart->fn = futex_wait_restart;
+-	restart->futex.uaddr = (u32 *)uaddr;
++	restart->futex.uaddr = uaddr;
+ 	restart->futex.val = val;
+ 	restart->futex.time = abs_time->tv64;
+ 	restart->futex.bitset = bitset;
+@@ -1848,7 +1853,7 @@ retry:
+  */
+ static inline int fetch_robust_entry(struct robust_list __user **entry,
+ 				     struct robust_list __user * __user *head,
+-				     int *pi)
++				     unsigned int *pi)
+ {
+ 	unsigned long uentry;
+ 
+diff -urNp linux-2.6.29.6/kernel/irq/handle.c linux-2.6.29.6/kernel/irq/handle.c
+--- linux-2.6.29.6/kernel/irq/handle.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/irq/handle.c	2009-07-23 17:34:32.206808804 -0400
+@@ -222,7 +222,8 @@ struct irq_desc irq_desc[NR_IRQS] __cach
+ 		.depth = 1,
+ 		.lock = __SPIN_LOCK_UNLOCKED(irq_desc->lock),
+ #ifdef CONFIG_SMP
+-		.affinity = CPU_MASK_ALL
++		.affinity = CPU_MASK_ALL,
++		.cpu = 0,
+ #endif
+ 	}
+ };
+diff -urNp linux-2.6.29.6/kernel/kallsyms.c linux-2.6.29.6/kernel/kallsyms.c
+--- linux-2.6.29.6/kernel/kallsyms.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/kallsyms.c	2009-07-23 17:34:32.206808804 -0400
+@@ -62,6 +62,18 @@ static inline int is_kernel_text(unsigne
+ 
+ static inline int is_kernel(unsigned long addr)
+ {
++
++#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
++	if ((unsigned long)MODULES_VADDR <= ktla_ktva(addr) &&
++	    ktla_ktva(addr) < (unsigned long)MODULES_END)
++		return 0;
++#endif
++
++#ifdef CONFIG_X86_32
++	if (is_kernel_inittext(addr))
++		return 1;
++#endif
++
+ 	if (addr >= (unsigned long)_stext && addr <= (unsigned long)_end)
+ 		return 1;
+ 	return in_gate_area_no_task(addr);
+@@ -372,7 +384,6 @@ static unsigned long get_ksymbol_core(st
+ 
+ static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
+ {
+-	iter->name[0] = '\0';
+ 	iter->nameoff = get_symbol_offset(new_pos);
+ 	iter->pos = new_pos;
+ }
+@@ -456,7 +467,7 @@ static int kallsyms_open(struct inode *i
+ 	struct kallsym_iter *iter;
+ 	int ret;
+ 
+-	iter = kmalloc(sizeof(*iter), GFP_KERNEL);
++	iter = kzalloc(sizeof(*iter), GFP_KERNEL);
+ 	if (!iter)
+ 		return -ENOMEM;
+ 	reset_iter(iter, 0);
+@@ -478,7 +489,15 @@ static const struct file_operations kall
+ 
+ static int __init kallsyms_init(void)
+ {
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	proc_create("kallsyms", S_IFREG | S_IRUSR, NULL, &kallsyms_operations);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	proc_create("kallsyms", S_IFREG | S_IRUSR | S_IRGRP, NULL, &kallsyms_operations);
++#endif
++#else
+ 	proc_create("kallsyms", 0444, NULL, &kallsyms_operations);
++#endif
+ 	return 0;
+ }
+ __initcall(kallsyms_init);
+diff -urNp linux-2.6.29.6/kernel/kmod.c linux-2.6.29.6/kernel/kmod.c
+--- linux-2.6.29.6/kernel/kmod.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/kmod.c	2009-07-23 17:34:32.206808804 -0400
+@@ -108,7 +108,7 @@ int request_module(const char *fmt, ...)
+ 		return -ENOMEM;
+ 	}
+ 
+-	ret = call_usermodehelper(modprobe_path, argv, envp, 1);
++	ret = call_usermodehelper(modprobe_path, argv, envp, UMH_WAIT_PROC);
+ 	atomic_dec(&kmod_concurrent);
+ 	return ret;
+ }
+diff -urNp linux-2.6.29.6/kernel/kprobes.c linux-2.6.29.6/kernel/kprobes.c
+--- linux-2.6.29.6/kernel/kprobes.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/kprobes.c	2009-07-23 18:40:27.474712638 -0400
+@@ -183,7 +183,7 @@ static kprobe_opcode_t __kprobes *__get_
+ 	 * kernel image and loaded module images reside. This is required
+ 	 * so x86_64 can correctly handle the %rip-relative fixups.
+ 	 */
+-	kip->insns = module_alloc(PAGE_SIZE);
++	kip->insns = module_alloc_exec(PAGE_SIZE);
+ 	if (!kip->insns) {
+ 		kfree(kip);
+ 		return NULL;
+@@ -224,7 +224,7 @@ static int __kprobes collect_one_slot(st
+ 			hlist_add_head(&kip->hlist,
+ 				       &kprobe_insn_pages);
+ 		} else {
+-			module_free(NULL, kip->insns);
++			module_free_exec(NULL, kip->insns);
+ 			kfree(kip);
+ 		}
+ 		return 1;
+@@ -1246,7 +1246,7 @@ static int __kprobes show_kprobe_addr(st
+ 	return 0;
+ }
+ 
+-static struct seq_operations kprobes_seq_ops = {
++static const struct seq_operations kprobes_seq_ops = {
+ 	.start = kprobe_seq_start,
+ 	.next  = kprobe_seq_next,
+ 	.stop  = kprobe_seq_stop,
+@@ -1258,7 +1258,7 @@ static int __kprobes kprobes_open(struct
+ 	return seq_open(filp, &kprobes_seq_ops);
+ }
+ 
+-static struct file_operations debugfs_kprobes_operations = {
++static const struct file_operations debugfs_kprobes_operations = {
+ 	.open           = kprobes_open,
+ 	.read           = seq_read,
+ 	.llseek         = seq_lseek,
+@@ -1371,7 +1371,7 @@ static ssize_t write_enabled_file_bool(s
+ 	return count;
+ }
+ 
+-static struct file_operations fops_kp = {
++static const struct file_operations fops_kp = {
+ 	.read =         read_enabled_file_bool,
+ 	.write =        write_enabled_file_bool,
+ };
+diff -urNp linux-2.6.29.6/kernel/latencytop.c linux-2.6.29.6/kernel/latencytop.c
+--- linux-2.6.29.6/kernel/latencytop.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/latencytop.c	2009-07-23 18:40:28.720267146 -0400
+@@ -223,7 +223,7 @@ static int lstats_open(struct inode *ino
+ 	return single_open(filp, lstats_show, NULL);
+ }
+ 
+-static struct file_operations lstats_fops = {
++static const struct file_operations lstats_fops = {
+ 	.open		= lstats_open,
+ 	.read		= seq_read,
+ 	.write		= lstats_write,
+diff -urNp linux-2.6.29.6/kernel/lockdep.c linux-2.6.29.6/kernel/lockdep.c
+--- linux-2.6.29.6/kernel/lockdep.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/lockdep.c	2009-07-23 17:34:32.207852017 -0400
+@@ -631,6 +631,10 @@ static int static_obj(void *obj)
+ 	int i;
+ #endif
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	start = (unsigned long )&_data;
++#endif
++
+ 	/*
+ 	 * static variable?
+ 	 */
+@@ -642,9 +646,12 @@ static int static_obj(void *obj)
+ 	 * percpu var?
+ 	 */
+ 	for_each_possible_cpu(i) {
++#ifdef CONFIG_X86_32
++		start = per_cpu_offset(i);
++#else
+ 		start = (unsigned long) &__per_cpu_start + per_cpu_offset(i);
+-		end   = (unsigned long) &__per_cpu_start + PERCPU_ENOUGH_ROOM
+-					+ per_cpu_offset(i);
++#endif
++		end   = start + PERCPU_ENOUGH_ROOM;
+ 
+ 		if ((addr >= start) && (addr < end))
+ 			return 1;
+diff -urNp linux-2.6.29.6/kernel/lockdep_proc.c linux-2.6.29.6/kernel/lockdep_proc.c
+--- linux-2.6.29.6/kernel/lockdep_proc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/lockdep_proc.c	2009-07-23 18:40:28.720267146 -0400
+@@ -666,7 +666,7 @@ static int ls_show(struct seq_file *m, v
+ 	return 0;
+ }
+ 
+-static struct seq_operations lockstat_ops = {
++static const struct seq_operations lockstat_ops = {
+ 	.start	= ls_start,
+ 	.next	= ls_next,
+ 	.stop	= ls_stop,
+diff -urNp linux-2.6.29.6/kernel/module.c linux-2.6.29.6/kernel/module.c
+--- linux-2.6.29.6/kernel/module.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/module.c	2009-07-23 17:34:32.207852017 -0400
+@@ -46,6 +46,11 @@
+ #include <linux/rculist.h>
+ #include <asm/uaccess.h>
+ #include <asm/cacheflush.h>
++
++#ifdef CONFIG_PAX_KERNEXEC
++#include <asm/desc.h>
++#endif
++
+ #include <linux/license.h>
+ #include <asm/sections.h>
+ #include <linux/tracepoint.h>
+@@ -76,7 +81,10 @@ static DECLARE_WAIT_QUEUE_HEAD(module_wq
+ static BLOCKING_NOTIFIER_HEAD(module_notify_list);
+ 
+ /* Bounds of module allocation, for speeding __module_text_address */
+-static unsigned long module_addr_min = -1UL, module_addr_max = 0;
++static unsigned long module_addr_min_rw = -1UL, module_addr_max_rw = 0;
++static unsigned long module_addr_min_rx = -1UL, module_addr_max_rx = 0;
++
++extern int gr_check_modstop(void);
+ 
+ int register_module_notifier(struct notifier_block * nb)
+ {
+@@ -245,7 +253,7 @@ static bool each_symbol(bool (*fn)(const
+ 		return true;
+ 
+ 	list_for_each_entry_rcu(mod, &modules, list) {
+-		struct symsearch arr[] = {
++		struct symsearch modarr[] = {
+ 			{ mod->syms, mod->syms + mod->num_syms, mod->crcs,
+ 			  NOT_GPL_ONLY, false },
+ 			{ mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms,
+@@ -267,7 +275,7 @@ static bool each_symbol(bool (*fn)(const
+ #endif
+ 		};
+ 
+-		if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data))
++		if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data))
+ 			return true;
+ 	}
+ 	return false;
+@@ -403,6 +411,8 @@ static inline unsigned int block_size(in
+ 	return val;
+ }
+ 
++EXPORT_SYMBOL(__per_cpu_start);
++
+ static void *percpu_modalloc(unsigned long size, unsigned long align,
+ 			     const char *name)
+ {
+@@ -410,7 +420,7 @@ static void *percpu_modalloc(unsigned lo
+ 	unsigned int i;
+ 	void *ptr;
+ 
+-	if (align > PAGE_SIZE) {
++	if (align-1 >= PAGE_SIZE) {
+ 		printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n",
+ 		       name, align, PAGE_SIZE);
+ 		align = PAGE_SIZE;
+@@ -492,7 +502,11 @@ static void percpu_modcopy(void *pcpudes
+ 	int cpu;
+ 
+ 	for_each_possible_cpu(cpu)
++#ifdef CONFIG_X86_32
++		memcpy(pcpudest + __per_cpu_offset[cpu], from, size);
++#else
+ 		memcpy(pcpudest + per_cpu_offset(cpu), from, size);
++#endif
+ }
+ 
+ static int percpu_modinit(void)
+@@ -751,6 +765,9 @@ SYSCALL_DEFINE2(delete_module, const cha
+ 	char name[MODULE_NAME_LEN];
+ 	int ret, forced = 0;
+ 
++	if (gr_check_modstop())
++		return -EPERM;
++
+ 	if (!capable(CAP_SYS_MODULE))
+ 		return -EPERM;
+ 
+@@ -1458,10 +1475,11 @@ static void free_module(struct module *m
+ 	module_unload_free(mod);
+ 
+ 	/* release any pointers to mcount in this module */
+-	ftrace_release(mod->module_core, mod->core_size);
++	ftrace_release(mod->module_core_rx, mod->core_size_rx);
+ 
+ 	/* This may be NULL, but that's OK */
+-	module_free(mod, mod->module_init);
++	module_free(mod, mod->module_init_rw);
++	module_free_exec(mod, mod->module_init_rx);
+ 	kfree(mod->args);
+ 	if (mod->percpu)
+ 		percpu_modfree(mod->percpu);
+@@ -1470,10 +1488,12 @@ static void free_module(struct module *m
+ 		percpu_modfree(mod->refptr);
+ #endif
+ 	/* Free lock-classes: */
+-	lockdep_free_key_range(mod->module_core, mod->core_size);
++	lockdep_free_key_range(mod->module_core_rx, mod->core_size_rx);
++	lockdep_free_key_range(mod->module_core_rw, mod->core_size_rw);
+ 
+ 	/* Finally, free the core (containing the module structure) */
+-	module_free(mod, mod->module_core);
++	module_free_exec(mod, mod->module_core_rx);
++	module_free(mod, mod->module_core_rw);
+ }
+ 
+ void *__symbol_get(const char *symbol)
+@@ -1539,10 +1559,14 @@ static int simplify_symbols(Elf_Shdr *se
+ 			    struct module *mod)
+ {
+ 	Elf_Sym *sym = (void *)sechdrs[symindex].sh_addr;
+-	unsigned long secbase;
++	unsigned long secbase, symbol;
+ 	unsigned int i, n = sechdrs[symindex].sh_size / sizeof(Elf_Sym);
+ 	int ret = 0;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	for (i = 1; i < n; i++) {
+ 		switch (sym[i].st_shndx) {
+ 		case SHN_COMMON:
+@@ -1561,10 +1585,19 @@ static int simplify_symbols(Elf_Shdr *se
+ 			break;
+ 
+ 		case SHN_UNDEF:
+-			sym[i].st_value
+-			  = resolve_symbol(sechdrs, versindex,
++			symbol = resolve_symbol(sechdrs, versindex,
+ 					   strtab + sym[i].st_name, mod);
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
++			sym[i].st_value = symbol;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			/* Ok if resolved.  */
+ 			if (!IS_ERR_VALUE(sym[i].st_value))
+ 				break;
+@@ -1579,11 +1612,27 @@ static int simplify_symbols(Elf_Shdr *se
+ 
+ 		default:
+ 			/* Divert to percpu allocation if a percpu var. */
+-			if (sym[i].st_shndx == pcpuindex)
++			if (sym[i].st_shndx == pcpuindex) {
++
++#if defined(CONFIG_X86_32) && defined(CONFIG_SMP)
++				secbase = (unsigned long)mod->percpu - (unsigned long)__per_cpu_start;
++#else
+ 				secbase = (unsigned long)mod->percpu;
+-			else
++#endif
++
++			} else
+ 				secbase = sechdrs[sym[i].st_shndx].sh_addr;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_open_kernel(cr0);
++#endif
++
+ 			sym[i].st_value += secbase;
++
++#ifdef CONFIG_PAX_KERNEXEC
++			pax_close_kernel(cr0);
++#endif
++
+ 			break;
+ 		}
+ 	}
+@@ -1645,11 +1694,12 @@ static void layout_sections(struct modul
+ 			    || strncmp(secstrings + s->sh_name,
+ 				       ".init", 5) == 0)
+ 				continue;
+-			s->sh_entsize = get_offset(mod, &mod->core_size, s, i);
++			if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
++				s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i);
++			else
++				s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i);
+ 			DEBUGP("\t%s\n", secstrings + s->sh_name);
+ 		}
+-		if (m == 0)
+-			mod->core_text_size = mod->core_size;
+ 	}
+ 
+ 	DEBUGP("Init section allocation order:\n");
+@@ -1663,12 +1713,13 @@ static void layout_sections(struct modul
+ 			    || strncmp(secstrings + s->sh_name,
+ 				       ".init", 5) != 0)
+ 				continue;
+-			s->sh_entsize = (get_offset(mod, &mod->init_size, s, i)
+-					 | INIT_OFFSET_MASK);
++			if ((s->sh_flags & SHF_WRITE) || !(s->sh_flags & SHF_ALLOC))
++				s->sh_entsize = get_offset(mod, &mod->init_size_rw, s, i);
++			else
++				s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i);
++			s->sh_entsize |= INIT_OFFSET_MASK;
+ 			DEBUGP("\t%s\n", secstrings + s->sh_name);
+ 		}
+-		if (m == 0)
+-			mod->init_text_size = mod->init_size;
+ 	}
+ }
+ 
+@@ -1808,14 +1859,31 @@ static void add_kallsyms(struct module *
+ {
+ 	unsigned int i;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	mod->symtab = (void *)sechdrs[symindex].sh_addr;
+ 	mod->num_symtab = sechdrs[symindex].sh_size / sizeof(Elf_Sym);
+ 	mod->strtab = (void *)sechdrs[strindex].sh_addr;
+ 
+ 	/* Set types up while we still have access to sections. */
+-	for (i = 0; i < mod->num_symtab; i++)
+-		mod->symtab[i].st_info
+-			= elf_type(&mod->symtab[i], sechdrs, secstrings, mod);
++
++	for (i = 0; i < mod->num_symtab; i++) {
++		char type = elf_type(&mod->symtab[i], sechdrs, secstrings, mod);
++
++#ifdef CONFIG_PAX_KERNEXEC
++		pax_open_kernel(cr0);
++#endif
++
++		mod->symtab[i].st_info = type;
++
++#ifdef CONFIG_PAX_KERNEXEC
++		pax_close_kernel(cr0);
++#endif
++
++	}
++
+ }
+ #else
+ static inline void add_kallsyms(struct module *mod,
+@@ -1842,16 +1910,30 @@ static void dynamic_printk_setup(struct 
+ #endif /* CONFIG_DYNAMIC_PRINTK_DEBUG */
+ }
+ 
+-static void *module_alloc_update_bounds(unsigned long size)
++static void *module_alloc_update_bounds_rw(unsigned long size)
+ {
+ 	void *ret = module_alloc(size);
+ 
+ 	if (ret) {
+ 		/* Update module bounds. */
+-		if ((unsigned long)ret < module_addr_min)
+-			module_addr_min = (unsigned long)ret;
+-		if ((unsigned long)ret + size > module_addr_max)
+-			module_addr_max = (unsigned long)ret + size;
++		if ((unsigned long)ret < module_addr_min_rw)
++			module_addr_min_rw = (unsigned long)ret;
++		if ((unsigned long)ret + size > module_addr_max_rw)
++			module_addr_max_rw = (unsigned long)ret + size;
++	}
++	return ret;
++}
++
++static void *module_alloc_update_bounds_rx(unsigned long size)
++{
++	void *ret = module_alloc_exec(size);
++
++	if (ret) {
++		/* Update module bounds. */
++		if ((unsigned long)ret < module_addr_min_rx)
++			module_addr_min_rx = (unsigned long)ret;
++		if ((unsigned long)ret + size > module_addr_max_rx)
++			module_addr_max_rx = (unsigned long)ret + size;
+ 	}
+ 	return ret;
+ }
+@@ -1878,6 +1960,10 @@ static noinline struct module *load_modu
+ 	unsigned long *mseg;
+ 	mm_segment_t old_fs;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
++
+ 	DEBUGP("load_module: umod=%p, len=%lu, uargs=%p\n",
+ 	       umod, len, uargs);
+ 	if (len < sizeof(*hdr))
+@@ -2034,22 +2120,57 @@ static noinline struct module *load_modu
+ 	layout_sections(mod, hdr, sechdrs, secstrings);
+ 
+ 	/* Do the allocs. */
+-	ptr = module_alloc_update_bounds(mod->core_size);
++	ptr = module_alloc_update_bounds_rw(mod->core_size_rw);
+ 	if (!ptr) {
+ 		err = -ENOMEM;
+ 		goto free_percpu;
+ 	}
+-	memset(ptr, 0, mod->core_size);
+-	mod->module_core = ptr;
++	memset(ptr, 0, mod->core_size_rw);
++	mod->module_core_rw = ptr;
++
++	ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
++	if (!ptr && mod->init_size_rw) {
++		err = -ENOMEM;
++		goto free_core_rw;
++	}
++	memset(ptr, 0, mod->init_size_rw);
++	mod->module_init_rw = ptr;
++
++	ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
++	if (!ptr) {
++		err = -ENOMEM;
++		goto free_init_rw;
++	}
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	memset(ptr, 0, mod->core_size_rx);
+ 
+-	ptr = module_alloc_update_bounds(mod->init_size);
+-	if (!ptr && mod->init_size) {
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
++	mod->module_core_rx = ptr;
++
++	ptr = module_alloc_update_bounds_rx(mod->init_size_rx);
++	if (!ptr && mod->init_size_rx) {
+ 		err = -ENOMEM;
+-		goto free_core;
++		goto free_core_rx;
+ 	}
+-	memset(ptr, 0, mod->init_size);
+-	mod->module_init = ptr;
+ 
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
++	memset(ptr, 0, mod->init_size_rx);
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
++	mod->module_init_rx = ptr;
+ 	/* Transfer each section which specifies SHF_ALLOC */
+ 	DEBUGP("final section addresses:\n");
+ 	for (i = 0; i < hdr->e_shnum; i++) {
+@@ -2058,17 +2179,41 @@ static noinline struct module *load_modu
+ 		if (!(sechdrs[i].sh_flags & SHF_ALLOC))
+ 			continue;
+ 
+-		if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK)
+-			dest = mod->module_init
+-				+ (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
+-		else
+-			dest = mod->module_core + sechdrs[i].sh_entsize;
++		if (sechdrs[i].sh_entsize & INIT_OFFSET_MASK) {
++			if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
++				dest = mod->module_init_rw
++					+ (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
++			else
++				dest = mod->module_init_rx
++					+ (sechdrs[i].sh_entsize & ~INIT_OFFSET_MASK);
++		} else {
++			if ((sechdrs[i].sh_flags & SHF_WRITE) || !(sechdrs[i].sh_flags & SHF_ALLOC))
++				dest = mod->module_core_rw + sechdrs[i].sh_entsize;
++			else
++				dest = mod->module_core_rx + sechdrs[i].sh_entsize;
++		}
+ 
+-		if (sechdrs[i].sh_type != SHT_NOBITS)
+-			memcpy(dest, (void *)sechdrs[i].sh_addr,
+-			       sechdrs[i].sh_size);
++		if (sechdrs[i].sh_type != SHT_NOBITS) {
++
++#ifdef CONFIG_PAX_KERNEXEC
++			if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) {
++				pax_open_kernel(cr0);
++				memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
++				pax_close_kernel(cr0);
++			} else
++#endif
++
++			memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
++		}
+ 		/* Update sh_addr to point to copy in image. */
+-		sechdrs[i].sh_addr = (unsigned long)dest;
++
++#ifdef CONFIG_PAX_KERNEXEC
++		if (sechdrs[i].sh_flags & SHF_EXECINSTR)
++			sechdrs[i].sh_addr = ktva_ktla((unsigned long)dest);
++		else
++#endif
++
++			sechdrs[i].sh_addr = (unsigned long)dest;
+ 		DEBUGP("\t0x%lx %s\n", sechdrs[i].sh_addr, secstrings + sechdrs[i].sh_name);
+ 	}
+ 	/* Module has been moved. */
+@@ -2079,7 +2224,7 @@ static noinline struct module *load_modu
+ 				      mod->name);
+ 	if (!mod->refptr) {
+ 		err = -ENOMEM;
+-		goto free_init;
++		goto free_init_rx;
+ 	}
+ #endif
+ 	/* Now we've moved module, initialize linked lists, etc. */
+@@ -2176,8 +2321,8 @@ static noinline struct module *load_modu
+ 
+ 	/* Now do relocations. */
+ 	for (i = 1; i < hdr->e_shnum; i++) {
+-		const char *strtab = (char *)sechdrs[strindex].sh_addr;
+ 		unsigned int info = sechdrs[i].sh_info;
++		strtab = (char *)sechdrs[strindex].sh_addr;
+ 
+ 		/* Not a valid relocation section? */
+ 		if (info >= hdr->e_shnum)
+@@ -2239,12 +2384,12 @@ static noinline struct module *load_modu
+ 	 * Do it before processing of module parameters, so the module
+ 	 * can provide parameter accessor functions of its own.
+ 	 */
+-	if (mod->module_init)
+-		flush_icache_range((unsigned long)mod->module_init,
+-				   (unsigned long)mod->module_init
+-				   + mod->init_size);
+-	flush_icache_range((unsigned long)mod->module_core,
+-			   (unsigned long)mod->module_core + mod->core_size);
++	if (mod->module_init_rx)
++		flush_icache_range((unsigned long)mod->module_init_rx,
++				   (unsigned long)mod->module_init_rx
++				   + mod->init_size_rx);
++	flush_icache_range((unsigned long)mod->module_core_rx,
++			   (unsigned long)mod->module_core_rx + mod->core_size_rx);
+ 
+ 	set_fs(old_fs);
+ 
+@@ -2285,16 +2430,20 @@ static noinline struct module *load_modu
+  cleanup:
+ 	kobject_del(&mod->mkobj.kobj);
+ 	kobject_put(&mod->mkobj.kobj);
+-	ftrace_release(mod->module_core, mod->core_size);
++	ftrace_release(mod->module_core_rx, mod->core_size_rx);
+  free_unload:
+ 	module_unload_free(mod);
+- free_init:
++ free_init_rx:
+ #if defined(CONFIG_MODULE_UNLOAD) && defined(CONFIG_SMP)
+ 	percpu_modfree(mod->refptr);
+ #endif
+-	module_free(mod, mod->module_init);
+- free_core:
+-	module_free(mod, mod->module_core);
++	module_free_exec(mod, mod->module_init_rx);
++ free_core_rx:
++	module_free_exec(mod, mod->module_core_rx);
++ free_init_rw:
++	module_free(mod, mod->module_init_rw);
++ free_core_rw:
++	module_free(mod, mod->module_core_rw);
+ 	/* mod will be freed with core. Don't access it beyond this line! */
+  free_percpu:
+ 	if (percpu)
+@@ -2319,6 +2468,9 @@ SYSCALL_DEFINE3(init_module, void __user
+ 	struct module *mod;
+ 	int ret = 0;
+ 
++	if (gr_check_modstop())
++		return -EPERM;
++
+ 	/* Must have permission */
+ 	if (!capable(CAP_SYS_MODULE))
+ 		return -EPERM;
+@@ -2375,20 +2527,17 @@ SYSCALL_DEFINE3(init_module, void __user
+ 	mutex_lock(&module_mutex);
+ 	/* Drop initial reference. */
+ 	module_put(mod);
+-	module_free(mod, mod->module_init);
+-	mod->module_init = NULL;
+-	mod->init_size = 0;
+-	mod->init_text_size = 0;
++	module_free(mod, mod->module_init_rw);
++	module_free_exec(mod, mod->module_init_rx);
++	mod->module_init_rw = NULL;
++	mod->module_init_rx = NULL;
++	mod->init_size_rw = 0;
++	mod->init_size_rx = 0;
+ 	mutex_unlock(&module_mutex);
+ 
+ 	return 0;
+ }
+ 
+-static inline int within(unsigned long addr, void *start, unsigned long size)
+-{
+-	return ((void *)addr >= start && (void *)addr < start + size);
+-}
+-
+ #ifdef CONFIG_KALLSYMS
+ /*
+  * This ignores the intensely annoying "mapping symbols" found
+@@ -2409,10 +2558,16 @@ static const char *get_ksymbol(struct mo
+ 	unsigned long nextval;
+ 
+ 	/* At worse, next value is at end of module */
+-	if (within_module_init(addr, mod))
+-		nextval = (unsigned long)mod->module_init+mod->init_text_size;
++	if (within_module_init_rx(addr, mod))
++		nextval = (unsigned long)mod->module_init_rx+mod->init_size_rx;
++	else if (within_module_init_rw(addr, mod))
++		nextval = (unsigned long)mod->module_init_rw+mod->init_size_rw;
++	else if (within_module_core_rx(addr, mod))
++		nextval = (unsigned long)mod->module_core_rx+mod->core_size_rx;
++	else if (within_module_core_rw(addr, mod))
++		nextval = (unsigned long)mod->module_core_rw+mod->core_size_rw;
+ 	else
+-		nextval = (unsigned long)mod->module_core+mod->core_text_size;
++		return NULL;
+ 
+ 	/* Scan for closest preceeding symbol, and next symbol. (ELF
+ 	   starts real symbols at 1). */
+@@ -2639,7 +2794,7 @@ static int m_show(struct seq_file *m, vo
+ 	char buf[8];
+ 
+ 	seq_printf(m, "%s %u",
+-		   mod->name, mod->init_size + mod->core_size);
++		   mod->name, mod->init_size_rx + mod->init_size_rw + mod->core_size_rx + mod->core_size_rw);
+ 	print_unload_info(m, mod);
+ 
+ 	/* Informative for users. */
+@@ -2648,7 +2803,7 @@ static int m_show(struct seq_file *m, vo
+ 		   mod->state == MODULE_STATE_COMING ? "Loading":
+ 		   "Live");
+ 	/* Used by oprofile and other similar tools. */
+-	seq_printf(m, " 0x%p", mod->module_core);
++	seq_printf(m, " 0x%p 0x%p", mod->module_core_rx, mod->module_core_rw);
+ 
+ 	/* Taints info */
+ 	if (mod->taints)
+@@ -2741,12 +2896,15 @@ __notrace_funcgraph struct module *__mod
+ {
+ 	struct module *mod;
+ 
+-	if (addr < module_addr_min || addr > module_addr_max)
++#ifdef CONFIG_X86_32
++	addr = ktla_ktva(addr);
++#endif
++
++	if (addr < module_addr_min_rx || addr > module_addr_max_rx)
+ 		return NULL;
+ 
+ 	list_for_each_entry_rcu(mod, &modules, list)
+-		if (within(addr, mod->module_init, mod->init_text_size)
+-		    || within(addr, mod->module_core, mod->core_text_size))
++		if (within_module_init_rx(addr, mod) || within_module_core_rx(addr, mod))
+ 			return mod;
+ 	return NULL;
+ }
+diff -urNp linux-2.6.29.6/kernel/mutex.c linux-2.6.29.6/kernel/mutex.c
+--- linux-2.6.29.6/kernel/mutex.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/mutex.c	2009-07-23 17:34:32.208921522 -0400
+@@ -83,7 +83,7 @@ __mutex_lock_slowpath(atomic_t *lock_cou
+  *
+  * This function is similar to (but not equivalent to) down().
+  */
+-void inline __sched mutex_lock(struct mutex *lock)
++inline void __sched mutex_lock(struct mutex *lock)
+ {
+ 	might_sleep();
+ 	/*
+diff -urNp linux-2.6.29.6/kernel/panic.c linux-2.6.29.6/kernel/panic.c
+--- linux-2.6.29.6/kernel/panic.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/panic.c	2009-07-23 17:34:32.208921522 -0400
+@@ -361,7 +361,8 @@ EXPORT_SYMBOL(warn_slowpath);
+  */
+ void __stack_chk_fail(void)
+ {
+-	panic("stack-protector: Kernel stack is corrupted");
++	dump_stack();
++	panic("stack-protector: Kernel stack is corrupted in: %pS\n", __builtin_return_address(0));
+ }
+ EXPORT_SYMBOL(__stack_chk_fail);
+ #endif
+diff -urNp linux-2.6.29.6/kernel/pid.c linux-2.6.29.6/kernel/pid.c
+--- linux-2.6.29.6/kernel/pid.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/pid.c	2009-07-23 17:34:32.208921522 -0400
+@@ -33,6 +33,7 @@
+ #include <linux/rculist.h>
+ #include <linux/bootmem.h>
+ #include <linux/hash.h>
++#include <linux/security.h>
+ #include <linux/pid_namespace.h>
+ #include <linux/init_task.h>
+ #include <linux/syscalls.h>
+@@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT
+ 
+ int pid_max = PID_MAX_DEFAULT;
+ 
+-#define RESERVED_PIDS		300
++#define RESERVED_PIDS		500
+ 
+ int pid_max_min = RESERVED_PIDS + 1;
+ int pid_max_max = PID_MAX_LIMIT;
+@@ -381,7 +382,14 @@ EXPORT_SYMBOL(pid_task);
+ struct task_struct *find_task_by_pid_type_ns(int type, int nr,
+ 		struct pid_namespace *ns)
+ {
+-	return pid_task(find_pid_ns(nr, ns), type);
++	struct task_struct *task;
++
++	task = pid_task(find_pid_ns(nr, ns), type);
++
++	if (gr_pid_is_chrooted(task))
++		return NULL;
++
++	return task;
+ }
+ 
+ EXPORT_SYMBOL(find_task_by_pid_type_ns);
+diff -urNp linux-2.6.29.6/kernel/posix-cpu-timers.c linux-2.6.29.6/kernel/posix-cpu-timers.c
+--- linux-2.6.29.6/kernel/posix-cpu-timers.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/posix-cpu-timers.c	2009-07-23 17:34:32.209811964 -0400
+@@ -6,6 +6,7 @@
+ #include <linux/posix-timers.h>
+ #include <linux/errno.h>
+ #include <linux/math64.h>
++#include <linux/security.h>
+ #include <asm/uaccess.h>
+ #include <linux/kernel_stat.h>
+ 
+@@ -1040,6 +1041,7 @@ static void check_thread_timers(struct t
+ 			__group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
+ 			return;
+ 		}
++		gr_learn_resource(tsk, RLIMIT_RTTIME, tsk->rt.timeout, 1);
+ 		if (tsk->rt.timeout > DIV_ROUND_UP(*soft, USEC_PER_SEC/HZ)) {
+ 			/*
+ 			 * At the soft limit, send a SIGXCPU every second.
+@@ -1195,6 +1197,7 @@ static void check_process_timers(struct 
+ 			__group_send_sig_info(SIGKILL, SEND_SIG_PRIV, tsk);
+ 			return;
+ 		}
++		gr_learn_resource(tsk, RLIMIT_CPU, psecs, 0);
+ 		if (psecs >= sig->rlim[RLIMIT_CPU].rlim_cur) {
+ 			/*
+ 			 * At the soft limit, send a SIGXCPU every second.
+@@ -1419,17 +1422,17 @@ void run_posix_cpu_timers(struct task_st
+ 	 * timer call will interfere.
+ 	 */
+ 	list_for_each_entry_safe(timer, next, &firing, it.cpu.entry) {
+-		int firing;
++		int __firing;
+ 		spin_lock(&timer->it_lock);
+ 		list_del_init(&timer->it.cpu.entry);
+-		firing = timer->it.cpu.firing;
++		__firing = timer->it.cpu.firing;
+ 		timer->it.cpu.firing = 0;
+ 		/*
+ 		 * The firing flag is -1 if we collided with a reset
+ 		 * of the timer, which already reported this
+ 		 * almost-firing as an overrun.  So don't generate an event.
+ 		 */
+-		if (likely(firing >= 0)) {
++		if (likely(__firing >= 0)) {
+ 			cpu_timer_fire(timer);
+ 		}
+ 		spin_unlock(&timer->it_lock);
+diff -urNp linux-2.6.29.6/kernel/power/poweroff.c linux-2.6.29.6/kernel/power/poweroff.c
+--- linux-2.6.29.6/kernel/power/poweroff.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/power/poweroff.c	2009-07-23 17:34:32.209811964 -0400
+@@ -37,7 +37,7 @@ static struct sysrq_key_op	sysrq_powerof
+  	.enable_mask	= SYSRQ_ENABLE_BOOT,
+ };
+ 
+-static int pm_sysrq_init(void)
++static int __init pm_sysrq_init(void)
+ {
+ 	register_sysrq_key('o', &sysrq_poweroff_op);
+ 	return 0;
+diff -urNp linux-2.6.29.6/kernel/printk.c linux-2.6.29.6/kernel/printk.c
+--- linux-2.6.29.6/kernel/printk.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/printk.c	2009-07-23 17:34:32.209811964 -0400
+@@ -253,6 +253,11 @@ int do_syslog(int type, char __user *buf
+ 	char c;
+ 	int error = 0;
+ 
++#ifdef CONFIG_GRKERNSEC_DMESG
++	if (grsec_enable_dmesg && !capable(CAP_SYS_ADMIN))
++		return -EPERM;
++#endif
++
+ 	error = security_syslog(type);
+ 	if (error)
+ 		return error;
+diff -urNp linux-2.6.29.6/kernel/ptrace.c linux-2.6.29.6/kernel/ptrace.c
+--- linux-2.6.29.6/kernel/ptrace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/ptrace.c	2009-07-23 17:34:32.210756226 -0400
+@@ -149,7 +149,7 @@ int __ptrace_may_access(struct task_stru
+ 	     cred->gid != tcred->egid ||
+ 	     cred->gid != tcred->sgid ||
+ 	     cred->gid != tcred->gid) &&
+-	    !capable(CAP_SYS_PTRACE)) {
++	    !capable_nolog(CAP_SYS_PTRACE)) {
+ 		rcu_read_unlock();
+ 		return -EPERM;
+ 	}
+@@ -157,7 +157,7 @@ int __ptrace_may_access(struct task_stru
+ 	smp_rmb();
+ 	if (task->mm)
+ 		dumpable = get_dumpable(task->mm);
+-	if (!dumpable && !capable(CAP_SYS_PTRACE))
++	if (!dumpable && !capable_nolog(CAP_SYS_PTRACE))
+ 		return -EPERM;
+ 
+ 	return security_ptrace_may_access(task, mode);
+@@ -221,7 +221,7 @@ repeat:
+ 
+ 	/* Go */
+ 	task->ptrace |= PT_PTRACED;
+-	if (capable(CAP_SYS_PTRACE))
++	if (capable_nolog(CAP_SYS_PTRACE))
+ 		task->ptrace |= PT_PTRACE_CAP;
+ 
+ 	__ptrace_link(task, current);
+@@ -612,6 +612,11 @@ SYSCALL_DEFINE4(ptrace, long, request, l
+ 	if (ret < 0)
+ 		goto out_put_task_struct;
+ 
++	if (gr_handle_ptrace(child, request)) {
++		ret = -EPERM;
++		goto out_put_task_struct;
++	}
++
+ 	ret = arch_ptrace(child, request, addr, data);
+ 	if (ret < 0)
+ 		goto out_put_task_struct;
+diff -urNp linux-2.6.29.6/kernel/rcupreempt_trace.c linux-2.6.29.6/kernel/rcupreempt_trace.c
+--- linux-2.6.29.6/kernel/rcupreempt_trace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/rcupreempt_trace.c	2009-07-23 18:40:28.721271955 -0400
+@@ -261,17 +261,17 @@ static ssize_t rcuctrs_read(struct file 
+ 	return bcount;
+ }
+ 
+-static struct file_operations rcustats_fops = {
++static const struct file_operations rcustats_fops = {
+ 	.owner = THIS_MODULE,
+ 	.read = rcustats_read,
+ };
+ 
+-static struct file_operations rcugp_fops = {
++static const struct file_operations rcugp_fops = {
+ 	.owner = THIS_MODULE,
+ 	.read = rcugp_read,
+ };
+ 
+-static struct file_operations rcuctrs_fops = {
++static const struct file_operations rcuctrs_fops = {
+ 	.owner = THIS_MODULE,
+ 	.read = rcuctrs_read,
+ };
+diff -urNp linux-2.6.29.6/kernel/rcutree_trace.c linux-2.6.29.6/kernel/rcutree_trace.c
+--- linux-2.6.29.6/kernel/rcutree_trace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/rcutree_trace.c	2009-07-23 18:40:28.721271955 -0400
+@@ -88,7 +88,7 @@ static int rcudata_open(struct inode *in
+ 	return single_open(file, show_rcudata, NULL);
+ }
+ 
+-static struct file_operations rcudata_fops = {
++static const struct file_operations rcudata_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = rcudata_open,
+ 	.read = seq_read,
+@@ -138,7 +138,7 @@ static int rcudata_csv_open(struct inode
+ 	return single_open(file, show_rcudata_csv, NULL);
+ }
+ 
+-static struct file_operations rcudata_csv_fops = {
++static const struct file_operations rcudata_csv_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = rcudata_csv_open,
+ 	.read = seq_read,
+@@ -185,7 +185,7 @@ static int rcuhier_open(struct inode *in
+ 	return single_open(file, show_rcuhier, NULL);
+ }
+ 
+-static struct file_operations rcuhier_fops = {
++static const struct file_operations rcuhier_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = rcuhier_open,
+ 	.read = seq_read,
+@@ -207,7 +207,7 @@ static int rcugp_open(struct inode *inod
+ 	return single_open(file, show_rcugp, NULL);
+ }
+ 
+-static struct file_operations rcugp_fops = {
++static const struct file_operations rcugp_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = rcugp_open,
+ 	.read = seq_read,
+diff -urNp linux-2.6.29.6/kernel/relay.c linux-2.6.29.6/kernel/relay.c
+--- linux-2.6.29.6/kernel/relay.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/relay.c	2009-07-23 18:40:27.474712638 -0400
+@@ -60,7 +60,7 @@ static int relay_buf_fault(struct vm_are
+ /*
+  * vm_ops for relay file mappings.
+  */
+-static struct vm_operations_struct relay_file_mmap_ops = {
++static const struct vm_operations_struct relay_file_mmap_ops = {
+ 	.fault = relay_buf_fault,
+ 	.close = relay_file_mmap_close,
+ };
+@@ -1292,7 +1292,7 @@ static int subbuf_splice_actor(struct fi
+ 		return 0;
+ 
+ 	ret = *nonpad_ret = splice_to_pipe(pipe, &spd);
+-	if (ret < 0 || ret < total_len)
++	if ((int)ret < 0 || ret < total_len)
+ 		return ret;
+ 
+         if (read_start + ret == nonpad_end)
+diff -urNp linux-2.6.29.6/kernel/resource.c linux-2.6.29.6/kernel/resource.c
+--- linux-2.6.29.6/kernel/resource.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/resource.c	2009-07-23 17:34:32.210756226 -0400
+@@ -132,8 +132,18 @@ static const struct file_operations proc
+ 
+ static int __init ioresources_init(void)
+ {
++#ifdef CONFIG_GRKERNSEC_PROC_ADD
++#ifdef CONFIG_GRKERNSEC_PROC_USER
++	proc_create("ioports", S_IRUSR, NULL, &proc_ioports_operations);
++	proc_create("iomem", S_IRUSR, NULL, &proc_iomem_operations);
++#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
++	proc_create("ioports", S_IRUSR | S_IRGRP, NULL, &proc_ioports_operations);
++	proc_create("iomem", S_IRUSR | S_IRGRP, NULL, &proc_iomem_operations);
++#endif
++#else
+ 	proc_create("ioports", 0, NULL, &proc_ioports_operations);
+ 	proc_create("iomem", 0, NULL, &proc_iomem_operations);
++#endif
+ 	return 0;
+ }
+ __initcall(ioresources_init);
+diff -urNp linux-2.6.29.6/kernel/sched.c linux-2.6.29.6/kernel/sched.c
+--- linux-2.6.29.6/kernel/sched.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/sched.c	2009-07-23 18:40:27.477441834 -0400
+@@ -801,7 +801,7 @@ static int sched_feat_open(struct inode 
+ 	return single_open(filp, sched_feat_show, NULL);
+ }
+ 
+-static struct file_operations sched_feat_fops = {
++static const struct file_operations sched_feat_fops = {
+ 	.open		= sched_feat_open,
+ 	.write		= sched_feat_write,
+ 	.read		= seq_read,
+@@ -5175,6 +5175,8 @@ int can_nice(const struct task_struct *p
+ 	/* convert nice value [19,-20] to rlimit style value [1,40] */
+ 	int nice_rlim = 20 - nice;
+ 
++	gr_learn_resource(p, RLIMIT_NICE, nice_rlim, 1);
++
+ 	return (nice_rlim <= p->signal->rlim[RLIMIT_NICE].rlim_cur ||
+ 		capable(CAP_SYS_NICE));
+ }
+@@ -5208,7 +5210,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+ 	if (nice > 19)
+ 		nice = 19;
+ 
+-	if (increment < 0 && !can_nice(current, nice))
++	if (increment < 0 && (!can_nice(current, nice) ||
++			      gr_handle_chroot_nice()))
+ 		return -EPERM;
+ 
+ 	retval = security_task_setnice(current, nice);
+@@ -5350,6 +5353,8 @@ recheck:
+ 		if (rt_policy(policy)) {
+ 			unsigned long rlim_rtprio;
+ 
++			gr_learn_resource(p, RLIMIT_RTPRIO, param->sched_priority, 1);
++
+ 			if (!lock_task_sighand(p, &flags))
+ 				return -ESRCH;
+ 			rlim_rtprio = p->signal->rlim[RLIMIT_RTPRIO].rlim_cur;
+@@ -6497,7 +6502,7 @@ static struct ctl_table sd_ctl_dir[] = {
+ 		.procname	= "sched_domain",
+ 		.mode		= 0555,
+ 	},
+-	{0, },
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static struct ctl_table sd_ctl_root[] = {
+@@ -6507,7 +6512,7 @@ static struct ctl_table sd_ctl_root[] = 
+ 		.mode		= 0555,
+ 		.child		= sd_ctl_dir,
+ 	},
+-	{0, },
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static struct ctl_table *sd_alloc_ctl_entry(int n)
+diff -urNp linux-2.6.29.6/kernel/signal.c linux-2.6.29.6/kernel/signal.c
+--- linux-2.6.29.6/kernel/signal.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/signal.c	2009-07-23 17:34:32.213855277 -0400
+@@ -198,6 +198,9 @@ static struct sigqueue *__sigqueue_alloc
+ 	 */
+ 	user = get_uid(__task_cred(t)->user);
+ 	atomic_inc(&user->sigpending);
++
++	if (!override_rlimit)
++		gr_learn_resource(t, RLIMIT_SIGPENDING, atomic_read(&user->sigpending), 1);
+ 	if (override_rlimit ||
+ 	    atomic_read(&user->sigpending) <=
+ 			t->signal->rlim[RLIMIT_SIGPENDING].rlim_cur)
+@@ -611,6 +614,9 @@ static int check_kill_permission(int sig
+ 		}
+ 	}
+ 
++	if (gr_handle_signal(t, sig))
++		return -EPERM;
++
+ 	return security_task_kill(t, info, sig, 0);
+ }
+ 
+@@ -903,8 +909,8 @@ static void print_fatal_signal(struct pt
+ 		for (i = 0; i < 16; i++) {
+ 			unsigned char insn;
+ 
+-			__get_user(insn, (unsigned char *)(regs->ip + i));
+-			printk("%02x ", insn);
++			if (!get_user(insn, (unsigned char __user *)(regs->ip + i)))
++				printk("%02x ", insn);
+ 		}
+ 	}
+ #endif
+@@ -929,7 +935,7 @@ __group_send_sig_info(int sig, struct si
+ 	return send_signal(sig, info, p, 1);
+ }
+ 
+-static int
++int
+ specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+ {
+ 	return send_signal(sig, info, t, 0);
+@@ -969,6 +975,9 @@ force_sig_info(int sig, struct siginfo *
+ 	ret = specific_send_sig_info(sig, info, t);
+ 	spin_unlock_irqrestore(&t->sighand->siglock, flags);
+ 
++	gr_log_signal(sig, t);
++	gr_handle_crash(t, sig);
++
+ 	return ret;
+ }
+ 
+@@ -1043,6 +1052,8 @@ int group_send_sig_info(int sig, struct 
+ 			ret = __group_send_sig_info(sig, info, p);
+ 			unlock_task_sighand(p, &flags);
+ 		}
++		if (!ret)
++			gr_log_signal(sig, p);
+ 	}
+ 
+ 	return ret;
+diff -urNp linux-2.6.29.6/kernel/softirq.c linux-2.6.29.6/kernel/softirq.c
+--- linux-2.6.29.6/kernel/softirq.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/softirq.c	2009-07-23 17:34:32.213855277 -0400
+@@ -450,9 +450,9 @@ void tasklet_kill(struct tasklet_struct 
+ 		printk("Attempt to kill tasklet from interrupt\n");
+ 
+ 	while (test_and_set_bit(TASKLET_STATE_SCHED, &t->state)) {
+-		do
++		do {
+ 			yield();
+-		while (test_bit(TASKLET_STATE_SCHED, &t->state));
++		} while (test_bit(TASKLET_STATE_SCHED, &t->state));
+ 	}
+ 	tasklet_unlock_wait(t);
+ 	clear_bit(TASKLET_STATE_SCHED, &t->state);
+diff -urNp linux-2.6.29.6/kernel/sys.c linux-2.6.29.6/kernel/sys.c
+--- linux-2.6.29.6/kernel/sys.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/sys.c	2009-07-23 17:34:32.214754476 -0400
+@@ -131,6 +131,12 @@ static int set_one_prio(struct task_stru
+ 		error = -EACCES;
+ 		goto out;
+ 	}
++
++	if (gr_handle_chroot_setpriority(p, niceval)) {
++		error = -EACCES;
++		goto out;
++	}
++
+ 	no_nice = security_task_setnice(p, niceval);
+ 	if (no_nice) {
+ 		error = no_nice;
+@@ -503,6 +509,7 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, g
+ 		else
+ 			goto error;
+ 	}
++
+ 	if (egid != (gid_t) -1) {
+ 		if (old->gid == egid ||
+ 		    old->egid == egid ||
+@@ -513,6 +520,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, g
+ 			goto error;
+ 	}
+ 
++	if (gr_check_group_change(new->gid, new->egid, -1))
++		goto error;
++
+ 	if (rgid != (gid_t) -1 ||
+ 	    (egid != (gid_t) -1 && egid != old->gid))
+ 		new->sgid = new->egid;
+@@ -546,6 +556,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
+ 		goto error;
+ 
+ 	retval = -EPERM;
++
++	if (gr_check_group_change(gid, gid, gid))
++		goto error;
++
+ 	if (capable(CAP_SETGID))
+ 		new->gid = new->egid = new->sgid = new->fsgid = gid;
+ 	else if (gid == old->gid || gid == old->sgid)
+@@ -636,6 +650,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, u
+ 			goto error;
+ 	}
+ 
++	if (gr_check_user_change(new->uid, new->euid, -1))
++		goto error;
++
+ 	if (new->uid != old->uid) {
+ 		retval = set_user(new);
+ 		if (retval < 0)
+@@ -684,6 +701,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
+ 		goto error;
+ 
+ 	retval = -EPERM;
++
++	if (gr_check_crash_uid(uid))
++		goto error;
++	if (gr_check_user_change(uid, uid, uid))
++		goto error;
++
+ 	if (capable(CAP_SETUID)) {
+ 		new->suid = new->uid = uid;
+ 		if (uid != old->uid) {
+@@ -741,6 +764,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, 
+ 			goto error;
+ 	}
+ 
++	if (gr_check_user_change(ruid, euid, -1))
++		goto error;
++
+ 	if (ruid != (uid_t) -1) {
+ 		new->uid = ruid;
+ 		if (ruid != old->uid) {
+@@ -809,6 +835,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, 
+ 			goto error;
+ 	}
+ 
++	if (gr_check_group_change(rgid, egid, -1))
++		goto error;
++
+ 	if (rgid != (gid_t) -1)
+ 		new->gid = rgid;
+ 	if (egid != (gid_t) -1)
+@@ -858,6 +887,9 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+ 	if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0)
+ 		goto error;
+ 
++	if (gr_check_user_change(-1, -1, uid))
++		goto error;
++
+ 	if (uid == old->uid  || uid == old->euid  ||
+ 	    uid == old->suid || uid == old->fsuid ||
+ 	    capable(CAP_SETUID)) {
+@@ -898,6 +930,9 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
+ 	if (gid == old->gid  || gid == old->egid  ||
+ 	    gid == old->sgid || gid == old->fsgid ||
+ 	    capable(CAP_SETGID)) {
++		if (gr_check_group_change(-1, -1, gid))
++			goto error;
++
+ 		if (gid != old_fsgid) {
+ 			new->fsgid = gid;
+ 			goto change_okay;
+@@ -974,7 +1009,10 @@ SYSCALL_DEFINE2(setpgid, pid_t, pid, pid
+ 	write_lock_irq(&tasklist_lock);
+ 
+ 	err = -ESRCH;
+-	p = find_task_by_vpid(pid);
++	/* grsec: replaced find_task_by_vpid with equivalent call which
++	   lacks the chroot restriction
++	*/
++	p = pid_task(find_pid_ns(pid, current->nsproxy->pid_ns), PIDTYPE_PID);
+ 	if (!p)
+ 		goto out;
+ 
+@@ -1732,7 +1770,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsi
+ 			error = get_dumpable(me->mm);
+ 			break;
+ 		case PR_SET_DUMPABLE:
+-			if (arg2 < 0 || arg2 > 1) {
++			if (arg2 > 1) {
+ 				error = -EINVAL;
+ 				break;
+ 			}
+diff -urNp linux-2.6.29.6/kernel/sysctl.c linux-2.6.29.6/kernel/sysctl.c
+--- linux-2.6.29.6/kernel/sysctl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/sysctl.c	2009-07-23 17:34:32.215815558 -0400
+@@ -61,6 +61,13 @@
+ static int deprecated_sysctl_warning(struct __sysctl_args *args);
+ 
+ #if defined(CONFIG_SYSCTL)
++#include <linux/grsecurity.h>
++#include <linux/grinternal.h>
++
++extern __u32 gr_handle_sysctl(const ctl_table *table, const int op);
++extern int gr_handle_sysctl_mod(const char *dirname, const char *name,
++				const int op);
++extern int gr_handle_chroot_sysctl(const int op);
+ 
+ /* External variables not in a header file. */
+ extern int C_A_D;
+@@ -155,6 +162,7 @@ static int proc_do_cad_pid(struct ctl_ta
+ static int proc_taint(struct ctl_table *table, int write, struct file *filp,
+ 			       void __user *buffer, size_t *lenp, loff_t *ppos);
+ #endif
++extern ctl_table grsecurity_table[];
+ 
+ static struct ctl_table root_table[];
+ static struct ctl_table_root sysctl_table_root;
+@@ -187,6 +195,21 @@ extern struct ctl_table epoll_table[];
+ int sysctl_legacy_va_layout;
+ #endif
+ 
++#ifdef CONFIG_PAX_SOFTMODE
++static ctl_table pax_table[] = {
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "softmode",
++		.data		= &pax_softmode,
++		.maxlen		= sizeof(unsigned int),
++		.mode		= 0600,
++		.proc_handler	= &proc_dointvec,
++	},
++
++	{ .ctl_name = 0 }
++};
++#endif
++
+ extern int prove_locking;
+ extern int lock_stat;
+ 
+@@ -897,6 +920,25 @@ static struct ctl_table kern_table[] = {
+ 		.proc_handler	= &scan_unevictable_handler,
+ 	},
+ #endif
++
++#if defined(CONFIG_GRKERNSEC_SYSCTL) || defined(CONFIG_GRKERNSEC_MODSTOP)
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "grsecurity",
++		.mode		= 0500,
++		.child		= grsecurity_table,
++	},
++#endif
++
++#ifdef CONFIG_PAX_SOFTMODE
++	{
++		.ctl_name	= CTL_UNNUMBERED,
++		.procname	= "pax",
++		.mode		= 0500,
++		.child		= pax_table,
++	},
++#endif
++
+ /*
+  * NOTE: do not add new entries to this table unless you have read
+  * Documentation/sysctl/ctl_unnumbered.txt
+@@ -1634,6 +1676,8 @@ static int do_sysctl_strategy(struct ctl
+ 	return 0;
+ }
+ 
++static int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op);
++
+ static int parse_table(int __user *name, int nlen,
+ 		       void __user *oldval, size_t __user *oldlenp,
+ 		       void __user *newval, size_t newlen,
+@@ -1652,7 +1696,7 @@ repeat:
+ 		if (n == table->ctl_name) {
+ 			int error;
+ 			if (table->child) {
+-				if (sysctl_perm(root, table, MAY_EXEC))
++				if (sysctl_perm_nochk(root, table, MAY_EXEC))
+ 					return -EPERM;
+ 				name++;
+ 				nlen--;
+@@ -1737,6 +1781,33 @@ int sysctl_perm(struct ctl_table_root *r
+ 	int error;
+ 	int mode;
+ 
++	if (table->parent != NULL && table->parent->procname != NULL &&
++	   table->procname != NULL &&
++	    gr_handle_sysctl_mod(table->parent->procname, table->procname, op))
++		return -EACCES;
++	if (gr_handle_chroot_sysctl(op))
++		return -EACCES;
++	error = gr_handle_sysctl(table, op);
++	if (error)
++		return error;
++
++	error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
++	if (error)
++		return error;
++
++	if (root->permissions)
++		mode = root->permissions(root, current->nsproxy, table);
++	else
++		mode = table->mode;
++
++	return test_perm(mode, op);
++}
++
++int sysctl_perm_nochk(struct ctl_table_root *root, struct ctl_table *table, int op)
++{
++	int error;
++	int mode;
++
+ 	error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
+ 	if (error)
+ 		return error;
+diff -urNp linux-2.6.29.6/kernel/taskstats.c linux-2.6.29.6/kernel/taskstats.c
+--- linux-2.6.29.6/kernel/taskstats.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/taskstats.c	2009-07-23 17:34:32.215815558 -0400
+@@ -26,9 +26,12 @@
+ #include <linux/cgroup.h>
+ #include <linux/fs.h>
+ #include <linux/file.h>
++#include <linux/grsecurity.h>
+ #include <net/genetlink.h>
+ #include <asm/atomic.h>
+ 
++extern int gr_is_taskstats_denied(int pid);
++
+ /*
+  * Maximum length of a cpumask that can be specified in
+  * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute
+@@ -433,6 +436,9 @@ static int taskstats_user_cmd(struct sk_
+ 	size_t size;
+ 	cpumask_var_t mask;
+ 
++	if (gr_is_taskstats_denied(current->pid))
++		return -EACCES;
++
+ 	if (!alloc_cpumask_var(&mask, GFP_KERNEL))
+ 		return -ENOMEM;
+ 
+diff -urNp linux-2.6.29.6/kernel/time/tick-broadcast.c linux-2.6.29.6/kernel/time/tick-broadcast.c
+--- linux-2.6.29.6/kernel/time/tick-broadcast.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/time/tick-broadcast.c	2009-07-23 17:34:32.216793372 -0400
+@@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct cl
+ 		 * then clear the broadcast bit.
+ 		 */
+ 		if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
+-			int cpu = smp_processor_id();
++			cpu = smp_processor_id();
+ 
+ 			cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
+ 			tick_broadcast_clear_oneshot(cpu);
+diff -urNp linux-2.6.29.6/kernel/time/timer_list.c linux-2.6.29.6/kernel/time/timer_list.c
+--- linux-2.6.29.6/kernel/time/timer_list.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/time/timer_list.c	2009-07-23 18:40:28.721271955 -0400
+@@ -275,7 +275,7 @@ static int timer_list_open(struct inode 
+ 	return single_open(filp, timer_list_show, NULL);
+ }
+ 
+-static struct file_operations timer_list_fops = {
++static const struct file_operations timer_list_fops = {
+ 	.open		= timer_list_open,
+ 	.read		= seq_read,
+ 	.llseek		= seq_lseek,
+diff -urNp linux-2.6.29.6/kernel/time/timer_stats.c linux-2.6.29.6/kernel/time/timer_stats.c
+--- linux-2.6.29.6/kernel/time/timer_stats.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/time/timer_stats.c	2009-07-23 18:40:28.722279043 -0400
+@@ -395,7 +395,7 @@ static int tstats_open(struct inode *ino
+ 	return single_open(filp, tstats_show, NULL);
+ }
+ 
+-static struct file_operations tstats_fops = {
++static const struct file_operations tstats_fops = {
+ 	.open		= tstats_open,
+ 	.read		= seq_read,
+ 	.write		= tstats_write,
+diff -urNp linux-2.6.29.6/kernel/time.c linux-2.6.29.6/kernel/time.c
+--- linux-2.6.29.6/kernel/time.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/time.c	2009-07-23 17:34:32.216793372 -0400
+@@ -94,6 +94,9 @@ SYSCALL_DEFINE1(stime, time_t __user *, 
+ 		return err;
+ 
+ 	do_settimeofday(&tv);
++
++	gr_log_timechange();
++
+ 	return 0;
+ }
+ 
+@@ -202,6 +205,8 @@ SYSCALL_DEFINE2(settimeofday, struct tim
+ 			return -EFAULT;
+ 	}
+ 
++	gr_log_timechange();
++
+ 	return do_sys_settimeofday(tv ? &new_ts : NULL, tz ? &new_tz : NULL);
+ }
+ 
+@@ -240,7 +245,7 @@ EXPORT_SYMBOL(current_fs_time);
+  * Avoid unnecessary multiplications/divisions in the
+  * two most common HZ cases:
+  */
+-unsigned int inline jiffies_to_msecs(const unsigned long j)
++inline unsigned int jiffies_to_msecs(const unsigned long j)
+ {
+ #if HZ <= MSEC_PER_SEC && !(MSEC_PER_SEC % HZ)
+ 	return (MSEC_PER_SEC / HZ) * j;
+@@ -256,7 +261,7 @@ unsigned int inline jiffies_to_msecs(con
+ }
+ EXPORT_SYMBOL(jiffies_to_msecs);
+ 
+-unsigned int inline jiffies_to_usecs(const unsigned long j)
++inline unsigned int jiffies_to_usecs(const unsigned long j)
+ {
+ #if HZ <= USEC_PER_SEC && !(USEC_PER_SEC % HZ)
+ 	return (USEC_PER_SEC / HZ) * j;
+diff -urNp linux-2.6.29.6/kernel/trace/ftrace.c linux-2.6.29.6/kernel/trace/ftrace.c
+--- linux-2.6.29.6/kernel/trace/ftrace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/trace/ftrace.c	2009-07-23 18:40:28.722279043 -0400
+@@ -873,7 +873,7 @@ static int t_show(struct seq_file *m, vo
+ 	return 0;
+ }
+ 
+-static struct seq_operations show_ftrace_seq_ops = {
++static const struct seq_operations show_ftrace_seq_ops = {
+ 	.start = t_start,
+ 	.next = t_next,
+ 	.stop = t_stop,
+@@ -1303,21 +1303,21 @@ ftrace_notrace_release(struct inode *ino
+ 	return ftrace_regex_release(inode, file, 0);
+ }
+ 
+-static struct file_operations ftrace_avail_fops = {
++static const struct file_operations ftrace_avail_fops = {
+ 	.open = ftrace_avail_open,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+ 	.release = ftrace_avail_release,
+ };
+ 
+-static struct file_operations ftrace_failures_fops = {
++static const struct file_operations ftrace_failures_fops = {
+ 	.open = ftrace_failures_open,
+ 	.read = seq_read,
+ 	.llseek = seq_lseek,
+ 	.release = ftrace_avail_release,
+ };
+ 
+-static struct file_operations ftrace_filter_fops = {
++static const struct file_operations ftrace_filter_fops = {
+ 	.open = ftrace_filter_open,
+ 	.read = ftrace_regex_read,
+ 	.write = ftrace_filter_write,
+@@ -1325,7 +1325,7 @@ static struct file_operations ftrace_fil
+ 	.release = ftrace_filter_release,
+ };
+ 
+-static struct file_operations ftrace_notrace_fops = {
++static const struct file_operations ftrace_notrace_fops = {
+ 	.open = ftrace_notrace_open,
+ 	.read = ftrace_regex_read,
+ 	.write = ftrace_notrace_write,
+@@ -1385,7 +1385,7 @@ static int g_show(struct seq_file *m, vo
+ 	return 0;
+ }
+ 
+-static struct seq_operations ftrace_graph_seq_ops = {
++static const struct seq_operations ftrace_graph_seq_ops = {
+ 	.start = g_start,
+ 	.next = g_next,
+ 	.stop = g_stop,
+@@ -1840,7 +1840,7 @@ ftrace_pid_write(struct file *filp, cons
+ 	return cnt;
+ }
+ 
+-static struct file_operations ftrace_pid_fops = {
++static const struct file_operations ftrace_pid_fops = {
+ 	.read = ftrace_pid_read,
+ 	.write = ftrace_pid_write,
+ };
+diff -urNp linux-2.6.29.6/kernel/trace/Kconfig linux-2.6.29.6/kernel/trace/Kconfig
+--- linux-2.6.29.6/kernel/trace/Kconfig	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/trace/Kconfig	2009-07-23 18:43:34.850823161 -0400
+@@ -51,6 +51,7 @@ config FUNCTION_TRACER
+ 	bool "Kernel Function Tracer"
+ 	depends on HAVE_FUNCTION_TRACER
+ 	depends on DEBUG_KERNEL
++	depends on !PAX_KERNEXEC
+ 	select FRAME_POINTER
+ 	select KALLSYMS
+ 	select TRACING
+@@ -237,6 +238,7 @@ config STACK_TRACER
+ 	bool "Trace max stack"
+ 	depends on HAVE_FUNCTION_TRACER
+ 	depends on DEBUG_KERNEL
++	depends on !PAX_KERNEXEC
+ 	select FUNCTION_TRACER
+ 	select STACKTRACE
+ 	select KALLSYMS
+diff -urNp linux-2.6.29.6/kernel/trace/ring_buffer.c linux-2.6.29.6/kernel/trace/ring_buffer.c
+--- linux-2.6.29.6/kernel/trace/ring_buffer.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/trace/ring_buffer.c	2009-07-23 18:40:28.723274997 -0400
+@@ -2509,7 +2509,7 @@ rb_simple_write(struct file *filp, const
+ 	return cnt;
+ }
+ 
+-static struct file_operations rb_simple_fops = {
++static const struct file_operations rb_simple_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= rb_simple_read,
+ 	.write		= rb_simple_write,
+diff -urNp linux-2.6.29.6/kernel/trace/trace_branch.c linux-2.6.29.6/kernel/trace/trace_branch.c
+--- linux-2.6.29.6/kernel/trace/trace_branch.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/trace/trace_branch.c	2009-07-23 18:40:28.724260937 -0400
+@@ -267,7 +267,7 @@ static int t_show(struct seq_file *m, vo
+ 	return 0;
+ }
+ 
+-static struct seq_operations tracing_likely_seq_ops = {
++static const struct seq_operations tracing_likely_seq_ops = {
+ 	.start		= t_start,
+ 	.next		= t_next,
+ 	.stop		= t_stop,
+diff -urNp linux-2.6.29.6/kernel/trace/trace.c linux-2.6.29.6/kernel/trace/trace.c
+--- linux-2.6.29.6/kernel/trace/trace.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/trace/trace.c	2009-07-23 18:40:27.478286190 -0400
+@@ -442,7 +442,7 @@ trace_seq_path(struct trace_seq *s, stru
+ 		return 0;
+ 	p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len);
+ 	if (!IS_ERR(p)) {
+-		p = mangle_path(s->buffer + s->len, p, "\n");
++		p = mangle_path(s->buffer + s->len, p, "\n\\");
+ 		if (p) {
+ 			s->len = p - s->buffer;
+ 			return 1;
+@@ -2418,7 +2418,7 @@ static int s_show(struct seq_file *m, vo
+ 	return 0;
+ }
+ 
+-static struct seq_operations tracer_seq_ops = {
++static const struct seq_operations tracer_seq_ops = {
+ 	.start		= s_start,
+ 	.next		= s_next,
+ 	.stop		= s_stop,
+@@ -2600,7 +2600,7 @@ static int t_show(struct seq_file *m, vo
+ 	return 0;
+ }
+ 
+-static struct seq_operations show_traces_seq_ops = {
++static const struct seq_operations show_traces_seq_ops = {
+ 	.start		= t_start,
+ 	.next		= t_next,
+ 	.stop		= t_stop,
+@@ -2623,21 +2623,21 @@ static int show_traces_open(struct inode
+ 	return ret;
+ }
+ 
+-static struct file_operations tracing_fops = {
++static const struct file_operations tracing_fops = {
+ 	.open		= tracing_open,
+ 	.read		= seq_read,
+ 	.llseek		= seq_lseek,
+ 	.release	= tracing_release,
+ };
+ 
+-static struct file_operations tracing_lt_fops = {
++static const struct file_operations tracing_lt_fops = {
+ 	.open		= tracing_lt_open,
+ 	.read		= seq_read,
+ 	.llseek		= seq_lseek,
+ 	.release	= tracing_release,
+ };
+ 
+-static struct file_operations show_traces_fops = {
++static const struct file_operations show_traces_fops = {
+ 	.open		= show_traces_open,
+ 	.read		= seq_read,
+ 	.release	= seq_release,
+@@ -2730,7 +2730,7 @@ err_unlock:
+ 	return err;
+ }
+ 
+-static struct file_operations tracing_cpumask_fops = {
++static const struct file_operations tracing_cpumask_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_cpumask_read,
+ 	.write		= tracing_cpumask_write,
+@@ -2875,7 +2875,7 @@ tracing_trace_options_write(struct file 
+ 	return cnt;
+ }
+ 
+-static struct file_operations tracing_iter_fops = {
++static const struct file_operations tracing_iter_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_trace_options_read,
+ 	.write		= tracing_trace_options_write,
+@@ -2908,7 +2908,7 @@ tracing_readme_read(struct file *filp, c
+ 					readme_msg, strlen(readme_msg));
+ }
+ 
+-static struct file_operations tracing_readme_fops = {
++static const struct file_operations tracing_readme_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_readme_read,
+ };
+@@ -3433,38 +3433,38 @@ tracing_mark_write(struct file *filp, co
+ 	return cnt;
+ }
+ 
+-static struct file_operations tracing_max_lat_fops = {
++static const struct file_operations tracing_max_lat_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_max_lat_read,
+ 	.write		= tracing_max_lat_write,
+ };
+ 
+-static struct file_operations tracing_ctrl_fops = {
++static const struct file_operations tracing_ctrl_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_ctrl_read,
+ 	.write		= tracing_ctrl_write,
+ };
+ 
+-static struct file_operations set_tracer_fops = {
++static const struct file_operations set_tracer_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_set_trace_read,
+ 	.write		= tracing_set_trace_write,
+ };
+ 
+-static struct file_operations tracing_pipe_fops = {
++static const struct file_operations tracing_pipe_fops = {
+ 	.open		= tracing_open_pipe,
+ 	.poll		= tracing_poll_pipe,
+ 	.read		= tracing_read_pipe,
+ 	.release	= tracing_release_pipe,
+ };
+ 
+-static struct file_operations tracing_entries_fops = {
++static const struct file_operations tracing_entries_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_entries_read,
+ 	.write		= tracing_entries_write,
+ };
+ 
+-static struct file_operations tracing_mark_fops = {
++static const struct file_operations tracing_mark_fops = {
+ 	.open		= tracing_open_generic,
+ 	.write		= tracing_mark_write,
+ };
+@@ -3500,7 +3500,7 @@ tracing_read_dyn_info(struct file *filp,
+ 	return r;
+ }
+ 
+-static struct file_operations tracing_dyn_info_fops = {
++static const struct file_operations tracing_dyn_info_fops = {
+ 	.open		= tracing_open_generic,
+ 	.read		= tracing_read_dyn_info,
+ };
+diff -urNp linux-2.6.29.6/kernel/trace/trace_sysprof.c linux-2.6.29.6/kernel/trace/trace_sysprof.c
+--- linux-2.6.29.6/kernel/trace/trace_sysprof.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/trace/trace_sysprof.c	2009-07-23 18:40:28.724260937 -0400
+@@ -317,7 +317,7 @@ sysprof_sample_write(struct file *filp, 
+ 	return cnt;
+ }
+ 
+-static struct file_operations sysprof_sample_fops = {
++static const struct file_operations sysprof_sample_fops = {
+ 	.read		= sysprof_sample_read,
+ 	.write		= sysprof_sample_write,
+ };
+diff -urNp linux-2.6.29.6/kernel/utsname_sysctl.c linux-2.6.29.6/kernel/utsname_sysctl.c
+--- linux-2.6.29.6/kernel/utsname_sysctl.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/kernel/utsname_sysctl.c	2009-07-23 17:34:32.217711177 -0400
+@@ -123,7 +123,7 @@ static struct ctl_table uts_kern_table[]
+ 		.proc_handler	= proc_do_uts_string,
+ 		.strategy	= sysctl_uts_string,
+ 	},
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static struct ctl_table uts_root_table[] = {
+@@ -133,7 +133,7 @@ static struct ctl_table uts_root_table[]
+ 		.mode		= 0555,
+ 		.child		= uts_kern_table,
+ 	},
+-	{}
++	{ 0, NULL, NULL, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL }
+ };
+ 
+ static int __init utsname_sysctl_init(void)
+diff -urNp linux-2.6.29.6/lib/dynamic_printk.c linux-2.6.29.6/lib/dynamic_printk.c
+--- linux-2.6.29.6/lib/dynamic_printk.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/lib/dynamic_printk.c	2009-07-23 18:40:28.724260937 -0400
+@@ -352,7 +352,7 @@ static int pr_debug_seq_show(struct seq_
+ 	return 0;
+ }
+ 
+-static struct seq_operations pr_debug_seq_ops = {
++static const struct seq_operations pr_debug_seq_ops = {
+ 	.start = pr_debug_seq_start,
+ 	.next  = pr_debug_seq_next,
+ 	.stop  = pr_debug_seq_stop,
+diff -urNp linux-2.6.29.6/lib/Kconfig.debug linux-2.6.29.6/lib/Kconfig.debug
+--- linux-2.6.29.6/lib/Kconfig.debug	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/lib/Kconfig.debug	2009-07-23 17:34:32.218743017 -0400
+@@ -783,7 +783,7 @@ config LATENCYTOP
+ 	select STACKTRACE
+ 	select SCHEDSTATS
+ 	select SCHED_DEBUG
+-	depends on HAVE_LATENCYTOP_SUPPORT
++	depends on HAVE_LATENCYTOP_SUPPORT && !GRKERNSEC_HIDESYM
+ 	help
+ 	  Enable this option if you want to use the LatencyTOP tool
+ 	  to find out which userspace is blocking on what kernel operations.
+diff -urNp linux-2.6.29.6/lib/parser.c linux-2.6.29.6/lib/parser.c
+--- linux-2.6.29.6/lib/parser.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/lib/parser.c	2009-07-23 17:34:32.218743017 -0400
+@@ -126,7 +126,7 @@ static int match_number(substring_t *s, 
+ 	char *buf;
+ 	int ret;
+ 
+-	buf = kmalloc(s->to - s->from + 1, GFP_KERNEL);
++	buf = kmalloc((s->to - s->from) + 1, GFP_KERNEL);
+ 	if (!buf)
+ 		return -ENOMEM;
+ 	memcpy(buf, s->from, s->to - s->from);
+diff -urNp linux-2.6.29.6/lib/radix-tree.c linux-2.6.29.6/lib/radix-tree.c
+--- linux-2.6.29.6/lib/radix-tree.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/lib/radix-tree.c	2009-07-23 17:34:32.218743017 -0400
+@@ -81,7 +81,7 @@ struct radix_tree_preload {
+ 	int nr;
+ 	struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH];
+ };
+-static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads) = { 0, };
++static DEFINE_PER_CPU(struct radix_tree_preload, radix_tree_preloads);
+ 
+ static inline gfp_t root_gfp_mask(struct radix_tree_root *root)
+ {
+diff -urNp linux-2.6.29.6/lib/random32.c linux-2.6.29.6/lib/random32.c
+--- linux-2.6.29.6/lib/random32.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/lib/random32.c	2009-07-23 17:34:32.219722211 -0400
+@@ -61,7 +61,7 @@ static u32 __random32(struct rnd_state *
+  */
+ static inline u32 __seed(u32 x, u32 m)
+ {
+-	return (x < m) ? x + m : x;
++	return (x <= m) ? x + m + 1 : x;
+ }
+ 
+ /**
+diff -urNp linux-2.6.29.6/localversion-grsec linux-2.6.29.6/localversion-grsec
+--- linux-2.6.29.6/localversion-grsec	1969-12-31 19:00:00.000000000 -0500
++++ linux-2.6.29.6/localversion-grsec	2009-07-23 17:34:32.219722211 -0400
+@@ -0,0 +1 @@
++-grsec
+diff -urNp linux-2.6.29.6/Makefile linux-2.6.29.6/Makefile
+--- linux-2.6.29.6/Makefile	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/Makefile	2009-07-23 17:34:37.457730203 -0400
+@@ -226,7 +226,7 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH"
+ 
+ HOSTCC       = gcc
+ HOSTCXX      = g++
+-HOSTCFLAGS   = -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer
++HOSTCFLAGS   = -Wall -W -Wno-unused -Wno-sign-compare -Wstrict-prototypes -O2 -fomit-frame-pointer -fno-delete-null-pointer-checks
+ HOSTCXXFLAGS = -O2
+ 
+ # Decide whether to build built-in, modular, or both.
+@@ -567,7 +567,7 @@ KBUILD_CFLAGS += $(call cc-option,-Wdecl
+ KBUILD_CFLAGS += $(call cc-option,-Wno-pointer-sign,)
+ 
+ # disable invalid "can't wrap" optimzations for signed / pointers
+-KBUILD_CFLAGS	+= $(call cc-option,-fwrapv)
++KBUILD_CFLAGS	+= $(call cc-option,-fno-strict-overflow)
+ 
+ # revert to pre-gcc-4.4 behaviour of .eh_frame
+ KBUILD_CFLAGS	+= $(call cc-option,-fno-dwarf2-cfi-asm)
+@@ -636,7 +636,7 @@ export mod_strip_cmd
+ 
+ 
+ ifeq ($(KBUILD_EXTMOD),)
+-core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/
++core-y		+= kernel/ mm/ fs/ ipc/ security/ crypto/ block/ grsecurity/
+ 
+ vmlinux-dirs	:= $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
+ 		     $(core-y) $(core-m) $(drivers-y) $(drivers-m) \
+diff -urNp linux-2.6.29.6/mm/filemap.c linux-2.6.29.6/mm/filemap.c
+--- linux-2.6.29.6/mm/filemap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/filemap.c	2009-07-23 18:40:27.479596094 -0400
+@@ -1604,7 +1604,7 @@ page_not_uptodate:
+ }
+ EXPORT_SYMBOL(filemap_fault);
+ 
+-struct vm_operations_struct generic_file_vm_ops = {
++const struct vm_operations_struct generic_file_vm_ops = {
+ 	.fault		= filemap_fault,
+ };
+ 
+@@ -1615,7 +1615,7 @@ int generic_file_mmap(struct file * file
+ 	struct address_space *mapping = file->f_mapping;
+ 
+ 	if (!mapping->a_ops->readpage)
+-		return -ENOEXEC;
++		return -ENODEV;
+ 	file_accessed(file);
+ 	vma->vm_ops = &generic_file_vm_ops;
+ 	vma->vm_flags |= VM_CAN_NONLINEAR;
+@@ -1976,6 +1976,7 @@ inline int generic_write_checks(struct f
+                         *pos = i_size_read(inode);
+ 
+ 		if (limit != RLIM_INFINITY) {
++			gr_learn_resource(current, RLIMIT_FSIZE,*pos, 0);
+ 			if (*pos >= limit) {
+ 				send_sig(SIGXFSZ, current, 0);
+ 				return -EFBIG;
+diff -urNp linux-2.6.29.6/mm/filemap_xip.c linux-2.6.29.6/mm/filemap_xip.c
+--- linux-2.6.29.6/mm/filemap_xip.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/filemap_xip.c	2009-07-23 18:40:28.737571137 -0400
+@@ -296,7 +296,7 @@ out:
+ 	}
+ }
+ 
+-static struct vm_operations_struct xip_file_vm_ops = {
++static const struct vm_operations_struct xip_file_vm_ops = {
+ 	.fault	= xip_file_fault,
+ };
+ 
+diff -urNp linux-2.6.29.6/mm/fremap.c linux-2.6.29.6/mm/fremap.c
+--- linux-2.6.29.6/mm/fremap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/fremap.c	2009-07-23 17:34:32.221026931 -0400
+@@ -153,6 +153,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsign
+  retry:
+ 	vma = find_vma(mm, start);
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (vma && (mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_MAYEXEC))
++		goto out;
++#endif
++
+ 	/*
+ 	 * Make sure the vma is shared, that it supports prefaulting,
+ 	 * and that the remapped range is valid and fully within
+diff -urNp linux-2.6.29.6/mm/hugetlb.c linux-2.6.29.6/mm/hugetlb.c
+--- linux-2.6.29.6/mm/hugetlb.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/hugetlb.c	2009-07-23 18:40:27.480266950 -0400
+@@ -1661,7 +1661,7 @@ static int hugetlb_vm_op_fault(struct vm
+ 	return 0;
+ }
+ 
+-struct vm_operations_struct hugetlb_vm_ops = {
++const struct vm_operations_struct hugetlb_vm_ops = {
+ 	.fault = hugetlb_vm_op_fault,
+ 	.open = hugetlb_vm_op_open,
+ 	.close = hugetlb_vm_op_close,
+@@ -1864,6 +1864,26 @@ static int unmap_ref_private(struct mm_s
+ 	return 1;
+ }
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++static void pax_mirror_huge_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m)
++{
++	struct mm_struct *mm = vma->vm_mm;
++	struct vm_area_struct *vma_m;
++	unsigned long address_m;
++	pte_t *ptep_m;
++
++	vma_m = pax_find_mirror_vma(vma);
++	if (!vma_m)
++		return;
++
++	BUG_ON(address >= SEGMEXEC_TASK_SIZE);
++	address_m = address + SEGMEXEC_TASK_SIZE;
++	ptep_m = huge_pte_offset(mm, address_m & HPAGE_MASK);
++	get_page(page_m);
++	set_huge_pte_at(mm, address_m, ptep_m, make_huge_pte(vma_m, page_m, 0));
++}
++#endif
++
+ static int hugetlb_cow(struct mm_struct *mm, struct vm_area_struct *vma,
+ 			unsigned long address, pte_t *ptep, pte_t pte,
+ 			struct page *pagecache_page)
+@@ -1935,6 +1955,11 @@ retry_avoidcopy:
+ 		huge_ptep_clear_flush(vma, address, ptep);
+ 		set_huge_pte_at(mm, address, ptep,
+ 				make_huge_pte(vma, new_page, 1));
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		pax_mirror_huge_pte(vma, address, new_page);
++#endif
++
+ 		/* Make the old page be freed below */
+ 		new_page = old_page;
+ 	}
+@@ -2044,6 +2069,10 @@ retry:
+ 				&& (vma->vm_flags & VM_SHARED)));
+ 	set_huge_pte_at(mm, address, ptep, new_pte);
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	pax_mirror_huge_pte(vma, address, page);
++#endif
++
+ 	if (write_access && !(vma->vm_flags & VM_SHARED)) {
+ 		/* Optimization, do the COW without a second fault */
+ 		ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
+@@ -2072,6 +2101,28 @@ int hugetlb_fault(struct mm_struct *mm, 
+ 	static DEFINE_MUTEX(hugetlb_instantiation_mutex);
+ 	struct hstate *h = hstate_vma(vma);
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m;
++
++	vma_m = pax_find_mirror_vma(vma);
++	if (vma_m) {
++		unsigned long address_m;
++
++		if (vma->vm_start > vma_m->vm_start) {
++			address_m = address;
++			address -= SEGMEXEC_TASK_SIZE;
++			vma = vma_m;
++			h = hstate_vma(vma);
++		} else
++			address_m = address + SEGMEXEC_TASK_SIZE;
++
++		if (!huge_pte_alloc(mm, address_m, huge_page_size(h)))
++			return VM_FAULT_OOM;
++		address_m &= HPAGE_MASK;
++		unmap_hugepage_range(vma, address_m, address_m + HPAGE_SIZE, NULL);
++	}
++#endif
++
+ 	ptep = huge_pte_alloc(mm, address, huge_page_size(h));
+ 	if (!ptep)
+ 		return VM_FAULT_OOM;
+diff -urNp linux-2.6.29.6/mm/madvise.c linux-2.6.29.6/mm/madvise.c
+--- linux-2.6.29.6/mm/madvise.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/madvise.c	2009-07-23 17:34:32.221732895 -0400
+@@ -43,6 +43,10 @@ static long madvise_behavior(struct vm_a
+ 	pgoff_t pgoff;
+ 	int new_flags = vma->vm_flags;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m;
++#endif
++
+ 	switch (behavior) {
+ 	case MADV_NORMAL:
+ 		new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ;
+@@ -92,6 +96,13 @@ success:
+ 	/*
+ 	 * vm_flags is protected by the mmap_sem held in write mode.
+ 	 */
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	vma_m = pax_find_mirror_vma(vma);
++	if (vma_m)
++		vma_m->vm_flags = new_flags & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT);
++#endif
++
+ 	vma->vm_flags = new_flags;
+ 
+ out:
+@@ -244,6 +255,17 @@ madvise_vma(struct vm_area_struct *vma, 
+ 
+ 	case MADV_DONTNEED:
+ 		error = madvise_dontneed(vma, prev, start, end);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if (!error) {
++			struct vm_area_struct *vma_m, *prev_m;
++
++			vma_m = pax_find_mirror_vma(vma);
++			if (vma_m)
++				error = madvise_dontneed(vma_m, &prev_m, start + SEGMEXEC_TASK_SIZE, end + SEGMEXEC_TASK_SIZE);
++		}
++#endif
++
+ 		break;
+ 
+ 	default:
+@@ -316,6 +338,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, 
+ 	if (end < start)
+ 		goto out;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
++		if (end > SEGMEXEC_TASK_SIZE)
++			goto out;
++	} else
++#endif
++
++	if (end > TASK_SIZE)
++		goto out;
++
+ 	error = 0;
+ 	if (end == start)
+ 		goto out;
+diff -urNp linux-2.6.29.6/mm/memory.c linux-2.6.29.6/mm/memory.c
+--- linux-2.6.29.6/mm/memory.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/memory.c	2009-07-23 17:34:32.222717577 -0400
+@@ -47,6 +47,7 @@
+ #include <linux/pagemap.h>
+ #include <linux/rmap.h>
+ #include <linux/module.h>
++#include <linux/security.h>
+ #include <linux/delayacct.h>
+ #include <linux/init.h>
+ #include <linux/writeback.h>
+@@ -1222,11 +1223,11 @@ int __get_user_pages(struct task_struct 
+ 	vm_flags &= force ? (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE);
+ 	i = 0;
+ 
+-	do {
++	while (len) {
+ 		struct vm_area_struct *vma;
+ 		unsigned int foll_flags;
+ 
+-		vma = find_extend_vma(mm, start);
++		vma = find_vma(mm, start);
+ 		if (!vma && in_gate_area(tsk, start)) {
+ 			unsigned long pg = start & PAGE_MASK;
+ 			struct vm_area_struct *gate_vma = get_gate_vma(tsk);
+@@ -1268,7 +1269,7 @@ int __get_user_pages(struct task_struct 
+ 			continue;
+ 		}
+ 
+-		if (!vma ||
++		if (!vma || start < vma->vm_start ||
+ 		    (vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
+ 		    (!ignore && !(vm_flags & vma->vm_flags)))
+ 			return i ? : -EFAULT;
+@@ -1351,7 +1352,7 @@ int __get_user_pages(struct task_struct 
+ 			start += PAGE_SIZE;
+ 			len--;
+ 		} while (len && start < vma->vm_end);
+-	} while (len);
++	}
+ 	return i;
+ }
+ 
+@@ -1869,6 +1870,186 @@ static inline void cow_user_page(struct 
+ 		copy_user_highpage(dst, src, va, vma);
+ }
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++static void pax_unmap_mirror_pte(struct vm_area_struct *vma, unsigned long address, pmd_t *pmd)
++{
++	struct mm_struct *mm = vma->vm_mm;
++	spinlock_t *ptl;
++	pte_t *pte, entry;
++
++	pte = pte_offset_map_lock(mm, pmd, address, &ptl);
++	entry = *pte;
++	if (!pte_present(entry)) {
++		if (!pte_none(entry)) {
++			BUG_ON(pte_file(entry));
++			free_swap_and_cache(pte_to_swp_entry(entry));
++			pte_clear_not_present_full(mm, address, pte, 0);
++		}
++	} else {
++		struct page *page;
++
++		flush_cache_page(vma, address, pte_pfn(entry));
++		entry = ptep_clear_flush(vma, address, pte);
++		BUG_ON(pte_dirty(entry));
++		page = vm_normal_page(vma, address, entry);
++		if (page) {
++			update_hiwater_rss(mm);
++			if (PageAnon(page))
++				dec_mm_counter(mm, anon_rss);
++			else
++				dec_mm_counter(mm, file_rss);
++			page_remove_rmap(page);
++			page_cache_release(page);
++		}
++	}
++	pte_unmap_unlock(pte, ptl);
++}
++
++/* PaX: if vma is mirrored, synchronize the mirror's PTE
++ *
++ * the ptl of the lower mapped page is held on entry and is not released on exit
++ * or inside to ensure atomic changes to the PTE states (swapout, mremap, munmap, etc)
++ */
++static void pax_mirror_anon_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
++{
++	struct mm_struct *mm = vma->vm_mm;
++	unsigned long address_m;
++	spinlock_t *ptl_m;
++	struct vm_area_struct *vma_m;
++	pmd_t *pmd_m;
++	pte_t *pte_m, entry_m;
++
++	BUG_ON(!page_m || !PageAnon(page_m));
++
++	vma_m = pax_find_mirror_vma(vma);
++	if (!vma_m)
++		return;
++
++	BUG_ON(!PageLocked(page_m));
++	BUG_ON(address >= SEGMEXEC_TASK_SIZE);
++	address_m = address + SEGMEXEC_TASK_SIZE;
++	pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
++	pte_m = pte_offset_map_nested(pmd_m, address_m);
++	ptl_m = pte_lockptr(mm, pmd_m);
++	if (ptl != ptl_m) {
++		spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
++		if (!pte_none(*pte_m))
++			goto out;
++	}
++
++	entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
++	page_cache_get(page_m);
++	page_add_anon_rmap(page_m, vma_m, address_m);
++	inc_mm_counter(mm, anon_rss);
++	set_pte_at(mm, address_m, pte_m, entry_m);
++	update_mmu_cache(vma_m, address_m, entry_m);
++out:
++	if (ptl != ptl_m)
++		spin_unlock(ptl_m);
++	pte_unmap_nested(pte_m);
++	unlock_page(page_m);
++}
++
++void pax_mirror_file_pte(struct vm_area_struct *vma, unsigned long address, struct page *page_m, spinlock_t *ptl)
++{
++	struct mm_struct *mm = vma->vm_mm;
++	unsigned long address_m;
++	spinlock_t *ptl_m;
++	struct vm_area_struct *vma_m;
++	pmd_t *pmd_m;
++	pte_t *pte_m, entry_m;
++
++	BUG_ON(!page_m || PageAnon(page_m));
++
++	vma_m = pax_find_mirror_vma(vma);
++	if (!vma_m)
++		return;
++
++	BUG_ON(address >= SEGMEXEC_TASK_SIZE);
++	address_m = address + SEGMEXEC_TASK_SIZE;
++	pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
++	pte_m = pte_offset_map_nested(pmd_m, address_m);
++	ptl_m = pte_lockptr(mm, pmd_m);
++	if (ptl != ptl_m) {
++		spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
++		if (!pte_none(*pte_m))
++			goto out;
++	}
++
++	entry_m = pfn_pte(page_to_pfn(page_m), vma_m->vm_page_prot);
++	page_cache_get(page_m);
++	page_add_file_rmap(page_m);
++	inc_mm_counter(mm, file_rss);
++	set_pte_at(mm, address_m, pte_m, entry_m);
++	update_mmu_cache(vma_m, address_m, entry_m);
++out:
++	if (ptl != ptl_m)
++		spin_unlock(ptl_m);
++	pte_unmap_nested(pte_m);
++}
++
++static void pax_mirror_pfn_pte(struct vm_area_struct *vma, unsigned long address, unsigned long pfn_m, spinlock_t *ptl)
++{
++	struct mm_struct *mm = vma->vm_mm;
++	unsigned long address_m;
++	spinlock_t *ptl_m;
++	struct vm_area_struct *vma_m;
++	pmd_t *pmd_m;
++	pte_t *pte_m, entry_m;
++
++	vma_m = pax_find_mirror_vma(vma);
++	if (!vma_m)
++		return;
++
++	BUG_ON(address >= SEGMEXEC_TASK_SIZE);
++	address_m = address + SEGMEXEC_TASK_SIZE;
++	pmd_m = pmd_offset(pud_offset(pgd_offset(mm, address_m), address_m), address_m);
++	pte_m = pte_offset_map_nested(pmd_m, address_m);
++	ptl_m = pte_lockptr(mm, pmd_m);
++	if (ptl != ptl_m) {
++		spin_lock_nested(ptl_m, SINGLE_DEPTH_NESTING);
++		if (!pte_none(*pte_m))
++			goto out;
++	}
++
++	entry_m = pfn_pte(pfn_m, vma_m->vm_page_prot);
++	set_pte_at(mm, address_m, pte_m, entry_m);
++out:
++	if (ptl != ptl_m)
++		spin_unlock(ptl_m);
++	pte_unmap_nested(pte_m);
++}
++
++static void pax_mirror_pte(struct vm_area_struct *vma, unsigned long address, pte_t *pte, pmd_t *pmd, spinlock_t *ptl)
++{
++	struct page *page_m;
++	pte_t entry;
++
++	if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC))
++		goto out;
++
++	entry = *pte;
++	page_m  = vm_normal_page(vma, address, entry);
++	if (!page_m)
++		pax_mirror_pfn_pte(vma, address, pte_pfn(entry), ptl);
++	else if (PageAnon(page_m)) {
++		if (pax_find_mirror_vma(vma)) {
++			pte_unmap_unlock(pte, ptl);
++			lock_page(page_m);
++			pte = pte_offset_map_lock(vma->vm_mm, pmd, address, &ptl);
++			if (pte_same(entry, *pte))
++				pax_mirror_anon_pte(vma, address, page_m, ptl);
++			else
++				unlock_page(page_m);
++		}
++	} else
++		pax_mirror_file_pte(vma, address, page_m, ptl);
++
++out:
++	pte_unmap_unlock(pte, ptl);
++}
++#endif
++
+ /*
+  * This routine handles present pages, when users try to write
+  * to a shared page. It is done by copying the page to a new address
+@@ -2041,6 +2222,12 @@ gotten:
+ 	 */
+ 	page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
+ 	if (likely(pte_same(*page_table, orig_pte))) {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if (pax_find_mirror_vma(vma))
++			BUG_ON(!trylock_page(new_page));
++#endif
++
+ 		if (old_page) {
+ 			if (!PageAnon(old_page)) {
+ 				dec_mm_counter(mm, file_rss);
+@@ -2087,6 +2274,10 @@ gotten:
+ 			page_remove_rmap(old_page);
+ 		}
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++		pax_mirror_anon_pte(vma, address, new_page, ptl);
++#endif
++
+ 		/* Free the old page.. */
+ 		new_page = old_page;
+ 		ret |= VM_FAULT_WRITE;
+@@ -2368,6 +2559,7 @@ int vmtruncate(struct inode * inode, lof
+ 		unsigned long limit;
+ 
+ 		limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
++		gr_learn_resource(current, RLIMIT_FSIZE, offset, 1);
+ 		if (limit != RLIM_INFINITY && offset > limit)
+ 			goto out_sig;
+ 		if (offset > inode->i_sb->s_maxbytes)
+@@ -2533,6 +2725,11 @@ static int do_swap_page(struct mm_struct
+ 	swap_free(entry);
+ 	if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
+ 		try_to_free_swap(page);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (write_access || !pax_find_mirror_vma(vma))
++#endif
++
+ 	unlock_page(page);
+ 
+ 	if (write_access) {
+@@ -2544,6 +2741,11 @@ static int do_swap_page(struct mm_struct
+ 
+ 	/* No need to invalidate - it was non-present before */
+ 	update_mmu_cache(vma, address, pte);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	pax_mirror_anon_pte(vma, address, page, ptl);
++#endif
++
+ unlock:
+ 	pte_unmap_unlock(page_table, ptl);
+ out:
+@@ -2588,12 +2790,23 @@ static int do_anonymous_page(struct mm_s
+ 	page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
+ 	if (!pte_none(*page_table))
+ 		goto release;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (pax_find_mirror_vma(vma))
++		BUG_ON(!trylock_page(page));
++#endif
++
+ 	inc_mm_counter(mm, anon_rss);
+ 	page_add_new_anon_rmap(page, vma, address);
+ 	set_pte_at(mm, address, page_table, entry);
+ 
+ 	/* No need to invalidate - it was non-present before */
+ 	update_mmu_cache(vma, address, entry);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	pax_mirror_anon_pte(vma, address, page, ptl);
++#endif
++
+ unlock:
+ 	pte_unmap_unlock(page_table, ptl);
+ 	return 0;
+@@ -2730,6 +2943,12 @@ static int __do_fault(struct mm_struct *
+ 	 */
+ 	/* Only go through if we didn't race with anybody else... */
+ 	if (likely(pte_same(*page_table, orig_pte))) {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if (anon && pax_find_mirror_vma(vma))
++			BUG_ON(!trylock_page(page));
++#endif
++
+ 		flush_icache_page(vma, page);
+ 		entry = mk_pte(page, vma->vm_page_prot);
+ 		if (flags & FAULT_FLAG_WRITE)
+@@ -2749,6 +2968,14 @@ static int __do_fault(struct mm_struct *
+ 
+ 		/* no need to invalidate: a not-present page won't be cached */
+ 		update_mmu_cache(vma, address, entry);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if (anon)
++			pax_mirror_anon_pte(vma, address, page, ptl);
++		else
++			pax_mirror_file_pte(vma, address, page, ptl);
++#endif
++
+ 	} else {
+ 		if (charged)
+ 			mem_cgroup_uncharge_page(page);
+@@ -2897,6 +3124,12 @@ static inline int handle_pte_fault(struc
+ 		if (write_access)
+ 			flush_tlb_page(vma, address);
+ 	}
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	pax_mirror_pte(vma, address, pte, pmd, ptl);
++	return 0;
++#endif
++
+ unlock:
+ 	pte_unmap_unlock(pte, ptl);
+ 	return 0;
+@@ -2913,6 +3146,10 @@ int handle_mm_fault(struct mm_struct *mm
+ 	pmd_t *pmd;
+ 	pte_t *pte;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m;
++#endif
++
+ 	__set_current_state(TASK_RUNNING);
+ 
+ 	count_vm_event(PGFAULT);
+@@ -2920,6 +3157,34 @@ int handle_mm_fault(struct mm_struct *mm
+ 	if (unlikely(is_vm_hugetlb_page(vma)))
+ 		return hugetlb_fault(mm, vma, address, write_access);
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	vma_m = pax_find_mirror_vma(vma);
++	if (vma_m) {
++		unsigned long address_m;
++		pgd_t *pgd_m;
++		pud_t *pud_m;
++		pmd_t *pmd_m;
++
++		if (vma->vm_start > vma_m->vm_start) {
++			address_m = address;
++			address -= SEGMEXEC_TASK_SIZE;
++			vma = vma_m;
++		} else
++			address_m = address + SEGMEXEC_TASK_SIZE;
++
++		pgd_m = pgd_offset(mm, address_m);
++		pud_m = pud_alloc(mm, pgd_m, address_m);
++		if (!pud_m)
++			return VM_FAULT_OOM;
++		pmd_m = pmd_alloc(mm, pud_m, address_m);
++		if (!pmd_m)
++			return VM_FAULT_OOM;
++		if (!pmd_present(*pmd_m) && __pte_alloc(mm, pmd_m, address_m))
++			return VM_FAULT_OOM;
++		pax_unmap_mirror_pte(vma_m, address_m, pmd_m);
++	}
++#endif
++
+ 	pgd = pgd_offset(mm, address);
+ 	pud = pud_alloc(mm, pgd, address);
+ 	if (!pud)
+@@ -3017,7 +3282,7 @@ static int __init gate_vma_init(void)
+ 	gate_vma.vm_start = FIXADDR_USER_START;
+ 	gate_vma.vm_end = FIXADDR_USER_END;
+ 	gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
+-	gate_vma.vm_page_prot = __P101;
++	gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
+ 	/*
+ 	 * Make sure the vDSO gets into every core dump.
+ 	 * Dumping its contents makes post-mortem fully interpretable later
+diff -urNp linux-2.6.29.6/mm/mempolicy.c linux-2.6.29.6/mm/mempolicy.c
+--- linux-2.6.29.6/mm/mempolicy.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/mempolicy.c	2009-07-23 17:34:32.224099604 -0400
+@@ -551,6 +551,10 @@ static int mbind_range(struct vm_area_st
+ 	struct vm_area_struct *next;
+ 	int err;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m;
++#endif
++
+ 	err = 0;
+ 	for (; vma && vma->vm_start < end; vma = next) {
+ 		next = vma->vm_next;
+@@ -562,6 +566,16 @@ static int mbind_range(struct vm_area_st
+ 			err = policy_vma(vma, new);
+ 		if (err)
+ 			break;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		vma_m = pax_find_mirror_vma(vma);
++		if (vma_m) {
++			err = policy_vma(vma_m, new);
++			if (err)
++				break;
++		}
++#endif
++
+ 	}
+ 	return err;
+ }
+@@ -954,6 +968,17 @@ static long do_mbind(unsigned long start
+ 
+ 	if (end < start)
+ 		return -EINVAL;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (mm->pax_flags & MF_PAX_SEGMEXEC) {
++		if (end > SEGMEXEC_TASK_SIZE)
++			return -EINVAL;
++	} else
++#endif
++
++	if (end > TASK_SIZE)
++		return -EINVAL;
++
+ 	if (end == start)
+ 		return 0;
+ 
+@@ -2290,7 +2315,7 @@ int show_numa_map(struct seq_file *m, vo
+ 
+ 	if (file) {
+ 		seq_printf(m, " file=");
+-		seq_path(m, &file->f_path, "\n\t= ");
++		seq_path(m, &file->f_path, "\n\t\\= ");
+ 	} else if (vma->vm_start <= mm->brk && vma->vm_end >= mm->start_brk) {
+ 		seq_printf(m, " heap");
+ 	} else if (vma->vm_start <= mm->start_stack &&
+diff -urNp linux-2.6.29.6/mm/mlock.c linux-2.6.29.6/mm/mlock.c
+--- linux-2.6.29.6/mm/mlock.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/mlock.c	2009-07-23 17:34:32.224099604 -0400
+@@ -13,6 +13,7 @@
+ #include <linux/pagemap.h>
+ #include <linux/mempolicy.h>
+ #include <linux/syscalls.h>
++#include <linux/security.h>
+ #include <linux/sched.h>
+ #include <linux/module.h>
+ #include <linux/rmap.h>
+@@ -453,6 +454,17 @@ static int do_mlock(unsigned long start,
+ 		return -EINVAL;
+ 	if (end == start)
+ 		return 0;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
++		if (end > SEGMEXEC_TASK_SIZE)
++			return -EINVAL;
++	} else
++#endif
++
++	if (end > TASK_SIZE)
++		return -EINVAL;
++
+ 	vma = find_vma_prev(current->mm, start, &prev);
+ 	if (!vma || vma->vm_start > start)
+ 		return -ENOMEM;
+@@ -512,6 +524,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, st
+ 	lock_limit >>= PAGE_SHIFT;
+ 
+ 	/* check against resource limits */
++	gr_learn_resource(current, RLIMIT_MEMLOCK, (current->mm->locked_vm << PAGE_SHIFT) + len, 1);
+ 	if ((locked <= lock_limit) || capable(CAP_IPC_LOCK))
+ 		error = do_mlock(start, len, 1);
+ 	up_write(&current->mm->mmap_sem);
+@@ -533,10 +546,10 @@ SYSCALL_DEFINE2(munlock, unsigned long, 
+ static int do_mlockall(int flags)
+ {
+ 	struct vm_area_struct * vma, * prev = NULL;
+-	unsigned int def_flags = 0;
++	unsigned int def_flags = current->mm->def_flags & ~VM_LOCKED;
+ 
+ 	if (flags & MCL_FUTURE)
+-		def_flags = VM_LOCKED;
++		def_flags |= VM_LOCKED;
+ 	current->mm->def_flags = def_flags;
+ 	if (flags == MCL_FUTURE)
+ 		goto out;
+@@ -544,6 +557,12 @@ static int do_mlockall(int flags)
+ 	for (vma = current->mm->mmap; vma ; vma = prev->vm_next) {
+ 		unsigned int newflags;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++		if ((current->mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE))
++			break;
++#endif
++
++		BUG_ON(vma->vm_end > TASK_SIZE);
+ 		newflags = vma->vm_flags | VM_LOCKED;
+ 		if (!(flags & MCL_CURRENT))
+ 			newflags &= ~VM_LOCKED;
+@@ -575,6 +594,7 @@ SYSCALL_DEFINE1(mlockall, int, flags)
+ 	lock_limit >>= PAGE_SHIFT;
+ 
+ 	ret = -ENOMEM;
++	gr_learn_resource(current, RLIMIT_MEMLOCK, current->mm->total_vm, 1);
+ 	if (!(flags & MCL_CURRENT) || (current->mm->total_vm <= lock_limit) ||
+ 	    capable(CAP_IPC_LOCK))
+ 		ret = do_mlockall(flags);
+diff -urNp linux-2.6.29.6/mm/mmap.c linux-2.6.29.6/mm/mmap.c
+--- linux-2.6.29.6/mm/mmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/mmap.c	2009-07-23 19:29:10.716514097 -0400
+@@ -43,6 +43,16 @@
+ #define arch_rebalance_pgtables(addr, len)		(addr)
+ #endif
+ 
++static inline void verify_mm_writelocked(struct mm_struct *mm)
++{
++#if defined(CONFIG_DEBUG_VM) || defined(CONFIG_PAX)
++	if (unlikely(down_read_trylock(&mm->mmap_sem))) {
++		up_read(&mm->mmap_sem);
++		BUG();
++	}
++#endif
++}
++
+ static void unmap_region(struct mm_struct *mm,
+ 		struct vm_area_struct *vma, struct vm_area_struct *prev,
+ 		unsigned long start, unsigned long end);
+@@ -68,16 +78,25 @@ static void unmap_region(struct mm_struc
+  *		x: (no) no	x: (no) yes	x: (no) yes	x: (yes) yes
+  *
+  */
+-pgprot_t protection_map[16] = {
++pgprot_t protection_map[16] __read_only = {
+ 	__P000, __P001, __P010, __P011, __P100, __P101, __P110, __P111,
+ 	__S000, __S001, __S010, __S011, __S100, __S101, __S110, __S111
+ };
+ 
+ pgprot_t vm_get_page_prot(unsigned long vm_flags)
+ {
+-	return __pgprot(pgprot_val(protection_map[vm_flags &
++	pgprot_t prot = __pgprot(pgprot_val(protection_map[vm_flags &
+ 				(VM_READ|VM_WRITE|VM_EXEC|VM_SHARED)]) |
+ 			pgprot_val(arch_vm_get_page_prot(vm_flags)));
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
++	if (!nx_enabled &&
++	    (vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC &&
++	    (vm_flags & (VM_READ | VM_WRITE)))
++		prot = __pgprot(pte_val(pte_exprotect(__pte(pgprot_val(prot)))));
++#endif
++
++	return prot;
+ }
+ EXPORT_SYMBOL(vm_get_page_prot);
+ 
+@@ -229,6 +248,7 @@ static struct vm_area_struct *remove_vma
+ 	struct vm_area_struct *next = vma->vm_next;
+ 
+ 	might_sleep();
++	BUG_ON(vma->vm_mirror);
+ 	if (vma->vm_ops && vma->vm_ops->close)
+ 		vma->vm_ops->close(vma);
+ 	if (vma->vm_file) {
+@@ -265,6 +285,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
+ 	 * not page aligned -Ram Gupta
+ 	 */
+ 	rlim = current->signal->rlim[RLIMIT_DATA].rlim_cur;
++	gr_learn_resource(current, RLIMIT_DATA, (brk - mm->start_brk) + (mm->end_data - mm->start_data), 1);
+ 	if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
+ 			(mm->end_data - mm->start_data) > rlim)
+ 		goto out;
+@@ -694,6 +715,12 @@ static int
+ can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
+ 	struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
+ {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_start == SEGMEXEC_TASK_SIZE)
++		return 0;
++#endif
++
+ 	if (is_mergeable_vma(vma, file, vm_flags) &&
+ 	    is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
+ 		if (vma->vm_pgoff == vm_pgoff)
+@@ -713,6 +740,12 @@ static int
+ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
+ 	struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
+ {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) && vma->vm_end == SEGMEXEC_TASK_SIZE)
++		return 0;
++#endif
++
+ 	if (is_mergeable_vma(vma, file, vm_flags) &&
+ 	    is_mergeable_anon_vma(anon_vma, vma->anon_vma)) {
+ 		pgoff_t vm_pglen;
+@@ -755,12 +788,19 @@ can_vma_merge_after(struct vm_area_struc
+ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+ 			struct vm_area_struct *prev, unsigned long addr,
+ 			unsigned long end, unsigned long vm_flags,
+-		     	struct anon_vma *anon_vma, struct file *file,
++			struct anon_vma *anon_vma, struct file *file,
+ 			pgoff_t pgoff, struct mempolicy *policy)
+ {
+ 	pgoff_t pglen = (end - addr) >> PAGE_SHIFT;
+ 	struct vm_area_struct *area, *next;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE, end_m = end + SEGMEXEC_TASK_SIZE;
++	struct vm_area_struct *area_m = NULL, *next_m = NULL, *prev_m = NULL;
++
++	BUG_ON((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE < end);
++#endif
++
+ 	/*
+ 	 * We later require that vma->vm_flags == vm_flags,
+ 	 * so this tests vma->vm_flags & VM_SPECIAL, too.
+@@ -776,6 +816,15 @@ struct vm_area_struct *vma_merge(struct 
+ 	if (next && next->vm_end == end)		/* cases 6, 7, 8 */
+ 		next = next->vm_next;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (prev)
++		prev_m = pax_find_mirror_vma(prev);
++	if (area)
++		area_m = pax_find_mirror_vma(area);
++	if (next)
++		next_m = pax_find_mirror_vma(next);
++#endif
++
+ 	/*
+ 	 * Can it merge with the predecessor?
+ 	 */
+@@ -795,9 +844,24 @@ struct vm_area_struct *vma_merge(struct 
+ 							/* cases 1, 6 */
+ 			vma_adjust(prev, prev->vm_start,
+ 				next->vm_end, prev->vm_pgoff, NULL);
+-		} else					/* cases 2, 5, 7 */
++
++#ifdef CONFIG_PAX_SEGMEXEC
++			if (prev_m)
++				vma_adjust(prev_m, prev_m->vm_start,
++					next_m->vm_end, prev_m->vm_pgoff, NULL);
++#endif
++
++		} else {				/* cases 2, 5, 7 */
+ 			vma_adjust(prev, prev->vm_start,
+ 				end, prev->vm_pgoff, NULL);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++			if (prev_m)
++				vma_adjust(prev_m, prev_m->vm_start,
++					end_m, prev_m->vm_pgoff, NULL);
++#endif
++
++		}
+ 		return prev;
+ 	}
+ 
+@@ -808,12 +872,27 @@ struct vm_area_struct *vma_merge(struct 
+  			mpol_equal(policy, vma_policy(next)) &&
+ 			can_vma_merge_before(next, vm_flags,
+ 					anon_vma, file, pgoff+pglen)) {
+-		if (prev && addr < prev->vm_end)	/* case 4 */
++		if (prev && addr < prev->vm_end) {	/* case 4 */
+ 			vma_adjust(prev, prev->vm_start,
+ 				addr, prev->vm_pgoff, NULL);
+-		else					/* cases 3, 8 */
++
++#ifdef CONFIG_PAX_SEGMEXEC
++			if (prev_m)
++				vma_adjust(prev_m, prev_m->vm_start,
++					addr_m, prev_m->vm_pgoff, NULL);
++#endif
++
++		} else {				/* cases 3, 8 */
+ 			vma_adjust(area, addr, next->vm_end,
+ 				next->vm_pgoff - pglen, NULL);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++			if (area_m)
++				vma_adjust(area_m, addr_m, next_m->vm_end,
++					next_m->vm_pgoff - pglen, NULL);
++#endif
++
++		}
+ 		return area;
+ 	}
+ 
+@@ -888,14 +967,11 @@ none:
+ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
+ 						struct file *file, long pages)
+ {
+-	const unsigned long stack_flags
+-		= VM_STACK_FLAGS & (VM_GROWSUP|VM_GROWSDOWN);
+-
+ 	if (file) {
+ 		mm->shared_vm += pages;
+ 		if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
+ 			mm->exec_vm += pages;
+-	} else if (flags & stack_flags)
++	} else if (flags & (VM_GROWSUP|VM_GROWSDOWN))
+ 		mm->stack_vm += pages;
+ 	if (flags & (VM_RESERVED|VM_IO))
+ 		mm->reserved_vm += pages;
+@@ -922,7 +998,7 @@ unsigned long do_mmap_pgoff(struct file 
+ 	 * (the exception is when the underlying filesystem is noexec
+ 	 *  mounted, in which case we dont add PROT_EXEC.)
+ 	 */
+-	if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
++	if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
+ 		if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
+ 			prot |= PROT_EXEC;
+ 
+@@ -932,15 +1008,15 @@ unsigned long do_mmap_pgoff(struct file 
+ 	if (!(flags & MAP_FIXED))
+ 		addr = round_hint_to_min(addr);
+ 
+-	error = arch_mmap_check(addr, len, flags);
+-	if (error)
+-		return error;
+-
+ 	/* Careful about overflows.. */
+ 	len = PAGE_ALIGN(len);
+ 	if (!len || len > TASK_SIZE)
+ 		return -ENOMEM;
+ 
++	error = arch_mmap_check(addr, len, flags);
++	if (error)
++		return error;
++
+ 	/* offset overflow? */
+ 	if ((pgoff + (len >> PAGE_SHIFT)) < pgoff)
+                return -EOVERFLOW;
+@@ -952,7 +1028,7 @@ unsigned long do_mmap_pgoff(struct file 
+ 	/* Obtain the address to map to. we verify (or select) it and ensure
+ 	 * that it represents a valid section of the address space.
+ 	 */
+-	addr = get_unmapped_area(file, addr, len, pgoff, flags);
++	addr = get_unmapped_area(file, addr, len, pgoff, flags | ((prot & PROT_EXEC) ? MAP_EXECUTABLE : 0));
+ 	if (addr & ~PAGE_MASK)
+ 		return addr;
+ 
+@@ -963,6 +1039,26 @@ unsigned long do_mmap_pgoff(struct file 
+ 	vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
+ 			mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
+ 
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++	if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++
++#ifdef CONFIG_PAX_MPROTECT
++		if (mm->pax_flags & MF_PAX_MPROTECT) {
++			if ((prot & (PROT_WRITE | PROT_EXEC)) != PROT_EXEC)
++				vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
++			else
++				vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
++		}
++#endif
++
++	}
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
++	if ((mm->pax_flags & MF_PAX_PAGEEXEC) && file)
++		vm_flags &= ~VM_PAGEEXEC;
++#endif
++
+ 	if (flags & MAP_LOCKED) {
+ 		if (!can_do_mlock())
+ 			return -EPERM;
+@@ -976,6 +1072,7 @@ unsigned long do_mmap_pgoff(struct file 
+ 		locked += mm->locked_vm;
+ 		lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
+ 		lock_limit >>= PAGE_SHIFT;
++		gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
+ 		if (locked > lock_limit && !capable(CAP_IPC_LOCK))
+ 			return -EAGAIN;
+ 	}
+@@ -1046,6 +1143,9 @@ unsigned long do_mmap_pgoff(struct file 
+ 	if (error)
+ 		return error;
+ 
++	if (!gr_acl_handle_mmap(file, prot))
++		return -EACCES;
++
+ 	return mmap_region(file, addr, len, flags, vm_flags, pgoff);
+ }
+ EXPORT_SYMBOL(do_mmap_pgoff);
+@@ -1058,10 +1158,10 @@ EXPORT_SYMBOL(do_mmap_pgoff);
+  */
+ int vma_wants_writenotify(struct vm_area_struct *vma)
+ {
+-	unsigned int vm_flags = vma->vm_flags;
++	unsigned long vm_flags = vma->vm_flags;
+ 
+ 	/* If it was private or non-writable, the write bit is already clear */
+-	if ((vm_flags & (VM_WRITE|VM_SHARED)) != ((VM_WRITE|VM_SHARED)))
++	if ((vm_flags & (VM_WRITE|VM_SHARED)) != (VM_WRITE|VM_SHARED))
+ 		return 0;
+ 
+ 	/* The backer wishes to know when pages are first written to? */
+@@ -1110,14 +1210,24 @@ unsigned long mmap_region(struct file *f
+ 	unsigned long charged = 0;
+ 	struct inode *inode =  file ? file->f_path.dentry->d_inode : NULL;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m = NULL;
++#endif
++
++	/*
++	 * mm->mmap_sem is required to protect against another thread
++	 * changing the mappings in case we sleep.
++	 */
++	verify_mm_writelocked(mm);
++
+ 	/* Clear old maps */
+ 	error = -ENOMEM;
+-munmap_back:
+ 	vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
+ 	if (vma && vma->vm_start < addr + len) {
+ 		if (do_munmap(mm, addr, len))
+ 			return -ENOMEM;
+-		goto munmap_back;
++		vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
++		BUG_ON(vma && vma->vm_start < addr + len);
+ 	}
+ 
+ 	/* Check against address space limit. */
+@@ -1166,6 +1276,16 @@ munmap_back:
+ 		goto unacct_error;
+ 	}
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vm_flags & VM_EXEC)) {
++		vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++		if (!vma_m) {
++			error = -ENOMEM;
++			goto free_vma;
++		}
++	}
++#endif
++
+ 	vma->vm_mm = mm;
+ 	vma->vm_start = addr;
+ 	vma->vm_end = addr + len;
+@@ -1188,6 +1308,19 @@ munmap_back:
+ 		error = file->f_op->mmap(file, vma);
+ 		if (error)
+ 			goto unmap_and_free_vma;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if (vma_m && (vm_flags & VM_EXECUTABLE))
++			added_exe_file_vma(mm);
++#endif
++
++#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32)
++		if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) {
++			vma->vm_flags |= VM_PAGEEXEC;
++			vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
++		}
++#endif
++
+ 		if (vm_flags & VM_EXECUTABLE)
+ 			added_exe_file_vma(mm);
+ 	} else if (vm_flags & VM_SHARED) {
+@@ -1211,12 +1344,18 @@ munmap_back:
+ 	vma_link(mm, vma, prev, rb_link, rb_parent);
+ 	file = vma->vm_file;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (vma_m)
++		pax_mirror_vma(vma_m, vma);
++#endif
++
+ 	/* Once vma denies write, undo our temporary denial count */
+ 	if (correct_wcount)
+ 		atomic_inc(&inode->i_writecount);
+ out:
+ 	mm->total_vm += len >> PAGE_SHIFT;
+ 	vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
++	track_exec_limit(mm, addr, addr + len, vm_flags);
+ 	if (vm_flags & VM_LOCKED) {
+ 		/*
+ 		 * makes pages present; downgrades, drops, reacquires mmap_sem
+@@ -1239,6 +1378,12 @@ unmap_and_free_vma:
+ 	unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
+ 	charged = 0;
+ free_vma:
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (vma_m)
++		kmem_cache_free(vm_area_cachep, vma_m);
++#endif
++
+ 	kmem_cache_free(vm_area_cachep, vma);
+ unacct_error:
+ 	if (charged)
+@@ -1272,6 +1417,10 @@ arch_get_unmapped_area(struct file *filp
+ 	if (flags & MAP_FIXED)
+ 		return addr;
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	if (addr) {
+ 		addr = PAGE_ALIGN(addr);
+ 		vma = find_vma(mm, addr);
+@@ -1280,10 +1429,10 @@ arch_get_unmapped_area(struct file *filp
+ 			return addr;
+ 	}
+ 	if (len > mm->cached_hole_size) {
+-	        start_addr = addr = mm->free_area_cache;
++		start_addr = addr = mm->free_area_cache;
+ 	} else {
+-	        start_addr = addr = TASK_UNMAPPED_BASE;
+-	        mm->cached_hole_size = 0;
++		start_addr = addr = mm->mmap_base;
++		mm->cached_hole_size = 0;
+ 	}
+ 
+ full_search:
+@@ -1294,9 +1443,8 @@ full_search:
+ 			 * Start a new search - just in case we missed
+ 			 * some holes.
+ 			 */
+-			if (start_addr != TASK_UNMAPPED_BASE) {
+-				addr = TASK_UNMAPPED_BASE;
+-			        start_addr = addr;
++			if (start_addr != mm->mmap_base) {
++				start_addr = addr = mm->mmap_base;
+ 				mm->cached_hole_size = 0;
+ 				goto full_search;
+ 			}
+@@ -1318,10 +1466,16 @@ full_search:
+ 
+ void arch_unmap_area(struct mm_struct *mm, unsigned long addr)
+ {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
++		return;
++#endif
++
+ 	/*
+ 	 * Is this a new hole at the lowest possible address?
+ 	 */
+-	if (addr >= TASK_UNMAPPED_BASE && addr < mm->free_area_cache) {
++	if (addr >= mm->mmap_base && addr < mm->free_area_cache) {
+ 		mm->free_area_cache = addr;
+ 		mm->cached_hole_size = ~0UL;
+ 	}
+@@ -1339,7 +1493,7 @@ arch_get_unmapped_area_topdown(struct fi
+ {
+ 	struct vm_area_struct *vma;
+ 	struct mm_struct *mm = current->mm;
+-	unsigned long addr = addr0;
++	unsigned long base = mm->mmap_base, addr = addr0;
+ 
+ 	/* requested length too big for entire address space */
+ 	if (len > TASK_SIZE)
+@@ -1348,6 +1502,10 @@ arch_get_unmapped_area_topdown(struct fi
+ 	if (flags & MAP_FIXED)
+ 		return addr;
+ 
++#ifdef CONFIG_PAX_RANDMMAP
++	if (!(mm->pax_flags & MF_PAX_RANDMMAP))
++#endif
++
+ 	/* requesting a specific address */
+ 	if (addr) {
+ 		addr = PAGE_ALIGN(addr);
+@@ -1405,13 +1563,21 @@ bottomup:
+ 	 * can happen with large stack limits and large mmap()
+ 	 * allocations.
+ 	 */
++	mm->mmap_base = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (mm->pax_flags & MF_PAX_RANDMMAP)
++		mm->mmap_base += mm->delta_mmap;
++#endif
++
++	mm->free_area_cache = mm->mmap_base;
+ 	mm->cached_hole_size = ~0UL;
+-  	mm->free_area_cache = TASK_UNMAPPED_BASE;
+ 	addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags);
+ 	/*
+ 	 * Restore the topdown base:
+ 	 */
+-	mm->free_area_cache = mm->mmap_base;
++	mm->mmap_base = base;
++	mm->free_area_cache = base;
+ 	mm->cached_hole_size = ~0UL;
+ 
+ 	return addr;
+@@ -1420,6 +1586,12 @@ bottomup:
+ 
+ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+ {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && SEGMEXEC_TASK_SIZE <= addr)
++		return;
++#endif
++
+ 	/*
+ 	 * Is this a new hole at the highest possible address?
+ 	 */
+@@ -1427,8 +1599,10 @@ void arch_unmap_area_topdown(struct mm_s
+ 		mm->free_area_cache = addr;
+ 
+ 	/* dont allow allocations above current base */
+-	if (mm->free_area_cache > mm->mmap_base)
++	if (mm->free_area_cache > mm->mmap_base) {
+ 		mm->free_area_cache = mm->mmap_base;
++		mm->cached_hole_size = ~0UL;
++	}
+ }
+ 
+ unsigned long
+@@ -1528,6 +1702,27 @@ out:
+ 	return prev ? prev->vm_next : vma;
+ }
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma)
++{
++	struct vm_area_struct *vma_m;
++
++	BUG_ON(!vma || vma->vm_start >= vma->vm_end);
++	if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) {
++		BUG_ON(vma->vm_mirror);
++		return NULL;
++	}
++	BUG_ON(vma->vm_start < SEGMEXEC_TASK_SIZE && SEGMEXEC_TASK_SIZE < vma->vm_end);
++	vma_m = vma->vm_mirror;
++	BUG_ON(!vma_m || vma_m->vm_mirror != vma);
++	BUG_ON(vma->vm_file != vma_m->vm_file);
++	BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start);
++	BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff || vma->anon_vma != vma_m->anon_vma);
++	BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED));
++	return vma_m;
++}
++#endif
++
+ /*
+  * Verify that the stack growth is acceptable and
+  * update accounting. This is shared with both the
+@@ -1544,6 +1739,7 @@ static int acct_stack_growth(struct vm_a
+ 		return -ENOMEM;
+ 
+ 	/* Stack limit test */
++	gr_learn_resource(current, RLIMIT_STACK, size, 1);
+ 	if (size > rlim[RLIMIT_STACK].rlim_cur)
+ 		return -ENOMEM;
+ 
+@@ -1553,6 +1749,7 @@ static int acct_stack_growth(struct vm_a
+ 		unsigned long limit;
+ 		locked = mm->locked_vm + grow;
+ 		limit = rlim[RLIMIT_MEMLOCK].rlim_cur >> PAGE_SHIFT;
++		gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
+ 		if (locked > limit && !capable(CAP_IPC_LOCK))
+ 			return -ENOMEM;
+ 	}
+@@ -1588,35 +1785,40 @@ static
+ #endif
+ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+ {
+-	int error;
++	int error, locknext;
+ 
+ 	if (!(vma->vm_flags & VM_GROWSUP))
+ 		return -EFAULT;
+ 
++	/* Also guard against wrapping around to address 0. */
++	if (address < PAGE_ALIGN(address+1))
++		address = PAGE_ALIGN(address+1);
++	else
++		return -ENOMEM;
++
+ 	/*
+ 	 * We must make sure the anon_vma is allocated
+ 	 * so that the anon_vma locking is not a noop.
+ 	 */
+ 	if (unlikely(anon_vma_prepare(vma)))
+ 		return -ENOMEM;
++	locknext = vma->vm_next && (vma->vm_next->vm_flags & VM_GROWSDOWN);
++	if (locknext && unlikely(anon_vma_prepare(vma->vm_next)))
++		return -ENOMEM;
+ 	anon_vma_lock(vma);
++	if (locknext)
++		anon_vma_lock(vma->vm_next);
+ 
+ 	/*
+ 	 * vma->vm_start/vm_end cannot change under us because the caller
+ 	 * is required to hold the mmap_sem in read mode.  We need the
+-	 * anon_vma lock to serialize against concurrent expand_stacks.
+-	 * Also guard against wrapping around to address 0.
++	 * anon_vma locks to serialize against concurrent expand_stacks
++	 * and expand_upwards.
+ 	 */
+-	if (address < PAGE_ALIGN(address+4))
+-		address = PAGE_ALIGN(address+4);
+-	else {
+-		anon_vma_unlock(vma);
+-		return -ENOMEM;
+-	}
+ 	error = 0;
+ 
+ 	/* Somebody else might have raced and expanded it already */
+-	if (address > vma->vm_end) {
++	if (address > vma->vm_end && (!locknext || vma->vm_next->vm_start >= address)) {
+ 		unsigned long size, grow;
+ 
+ 		size = address - vma->vm_start;
+@@ -1626,6 +1828,8 @@ int expand_upwards(struct vm_area_struct
+ 		if (!error)
+ 			vma->vm_end = address;
+ 	}
++	if (locknext)
++		anon_vma_unlock(vma->vm_next);
+ 	anon_vma_unlock(vma);
+ 	return error;
+ }
+@@ -1637,7 +1841,8 @@ int expand_upwards(struct vm_area_struct
+ static int expand_downwards(struct vm_area_struct *vma,
+ 				   unsigned long address)
+ {
+-	int error;
++	int error, lockprev = 0;
++	struct vm_area_struct *prev = NULL;
+ 
+ 	/*
+ 	 * We must make sure the anon_vma is allocated
+@@ -1651,6 +1856,15 @@ static int expand_downwards(struct vm_ar
+ 	if (error)
+ 		return error;
+ 
++#if defined(CONFIG_STACK_GROWSUP) || defined(CONFIG_IA64)
++	find_vma_prev(vma->vm_mm, address, &prev);
++	lockprev = prev && (prev->vm_flags & VM_GROWSUP);
++#endif
++	if (lockprev && unlikely(anon_vma_prepare(prev)))
++		return -ENOMEM;
++	if (lockprev)
++		anon_vma_lock(prev);
++
+ 	anon_vma_lock(vma);
+ 
+ 	/*
+@@ -1660,9 +1874,15 @@ static int expand_downwards(struct vm_ar
+ 	 */
+ 
+ 	/* Somebody else might have raced and expanded it already */
+-	if (address < vma->vm_start) {
++	if (address < vma->vm_start && (!lockprev || prev->vm_end <= address)) {
+ 		unsigned long size, grow;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++		struct vm_area_struct *vma_m;
++
++		vma_m = pax_find_mirror_vma(vma);
++#endif
++
+ 		size = vma->vm_end - address;
+ 		grow = (vma->vm_start - address) >> PAGE_SHIFT;
+ 
+@@ -1670,9 +1890,20 @@ static int expand_downwards(struct vm_ar
+ 		if (!error) {
+ 			vma->vm_start = address;
+ 			vma->vm_pgoff -= grow;
++			track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++			if (vma_m) {
++				vma_m->vm_start -= grow << PAGE_SHIFT;
++				vma_m->vm_pgoff -= grow;
++			}
++#endif
++
+ 		}
+ 	}
+ 	anon_vma_unlock(vma);
++	if (lockprev)
++		anon_vma_unlock(prev);
+ 	return error;
+ }
+ 
+@@ -1748,6 +1979,13 @@ static void remove_vma_list(struct mm_st
+ 	do {
+ 		long nrpages = vma_pages(vma);
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++		if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_start >= SEGMEXEC_TASK_SIZE)) {
++			vma = remove_vma(vma);
++			continue;
++		}
++#endif
++
+ 		mm->total_vm -= nrpages;
+ 		vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
+ 		vma = remove_vma(vma);
+@@ -1792,6 +2030,16 @@ detach_vmas_to_be_unmapped(struct mm_str
+ 
+ 	insertion_point = (prev ? &prev->vm_next : &mm->mmap);
+ 	do {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++		if (vma->vm_mirror) {
++			BUG_ON(!vma->vm_mirror->vm_mirror || vma->vm_mirror->vm_mirror != vma);
++			vma->vm_mirror->vm_mirror = NULL;
++			vma->vm_mirror->vm_flags &= ~VM_EXEC;
++			vma->vm_mirror = NULL;
++		}
++#endif
++
+ 		rb_erase(&vma->vm_rb, &mm->mm_rb);
+ 		mm->map_count--;
+ 		tail_vma = vma;
+@@ -1811,6 +2059,108 @@ detach_vmas_to_be_unmapped(struct mm_str
+  * Split a vma into two pieces at address 'addr', a new vma is allocated
+  * either for the first part or the tail.
+  */
++
++#ifdef CONFIG_PAX_SEGMEXEC
++int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
++	      unsigned long addr, int new_below)
++{
++	struct mempolicy *pol;
++	struct vm_area_struct *new, *vma_m, *new_m = NULL;
++	unsigned long addr_m = addr + SEGMEXEC_TASK_SIZE;
++
++	if (is_vm_hugetlb_page(vma) && (addr & ~HPAGE_MASK))
++		return -EINVAL;
++
++	vma_m = pax_find_mirror_vma(vma);
++	if (vma_m) {
++		BUG_ON(vma->vm_end > SEGMEXEC_TASK_SIZE);
++		if (mm->map_count >= sysctl_max_map_count-1)
++			return -ENOMEM;
++	} else if (mm->map_count >= sysctl_max_map_count)
++		return -ENOMEM;
++
++	new = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
++	if (!new)
++		return -ENOMEM;
++
++	if (vma_m) {
++		new_m = kmem_cache_alloc(vm_area_cachep, GFP_KERNEL);
++		if (!new_m) {
++			kmem_cache_free(vm_area_cachep, new);
++			return -ENOMEM;
++		}
++	}
++
++	/* most fields are the same, copy all, and then fixup */
++	*new = *vma;
++
++	if (new_below)
++		new->vm_end = addr;
++	else {
++		new->vm_start = addr;
++		new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
++	}
++
++	if (vma_m) {
++		*new_m = *vma_m;
++		new_m->vm_mirror = new;
++		new->vm_mirror = new_m;
++
++		if (new_below)
++			new_m->vm_end = addr_m;
++		else {
++			new_m->vm_start = addr_m;
++			new_m->vm_pgoff += ((addr_m - vma_m->vm_start) >> PAGE_SHIFT);
++		}
++	}
++
++	pol = mpol_dup(vma_policy(vma));
++	if (IS_ERR(pol)) {
++		if (new_m)
++			kmem_cache_free(vm_area_cachep, new_m);
++		kmem_cache_free(vm_area_cachep, new);
++		return PTR_ERR(pol);
++	}
++	vma_set_policy(new, pol);
++
++	if (new->vm_file) {
++		get_file(new->vm_file);
++		if (vma->vm_flags & VM_EXECUTABLE)
++			added_exe_file_vma(mm);
++	}
++
++	if (new->vm_ops && new->vm_ops->open)
++		new->vm_ops->open(new);
++
++	if (new_below)
++		vma_adjust(vma, addr, vma->vm_end, vma->vm_pgoff +
++			((addr - new->vm_start) >> PAGE_SHIFT), new);
++	else
++		vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
++
++	if (vma_m) {
++		mpol_get(pol);
++		vma_set_policy(new_m, pol);
++
++		if (new_m->vm_file) {
++			get_file(new_m->vm_file);
++			if (vma_m->vm_flags & VM_EXECUTABLE)
++				added_exe_file_vma(mm);
++		}
++
++		if (new_m->vm_ops && new_m->vm_ops->open)
++			new_m->vm_ops->open(new_m);
++
++		if (new_below)
++			vma_adjust(vma_m, addr_m, vma_m->vm_end, vma_m->vm_pgoff +
++				((addr_m - new_m->vm_start) >> PAGE_SHIFT), new_m);
++		else
++			vma_adjust(vma_m, vma_m->vm_start, addr_m, vma_m->vm_pgoff, new_m);
++	}
++
++	return 0;
++}
++#else
+ int split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+ 	      unsigned long addr, int new_below)
+ {
+@@ -1862,17 +2212,37 @@ int split_vma(struct mm_struct * mm, str
+ 
+ 	return 0;
+ }
++#endif
+ 
+ /* Munmap is split into 2 main parts -- this part which finds
+  * what needs doing, and the areas themselves, which do the
+  * work.  This now handles partial unmappings.
+  * Jeremy Fitzhardinge <jeremy@goop.org>
+  */
++#ifdef CONFIG_PAX_SEGMEXEC
+ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+ {
++	int ret = __do_munmap(mm, start, len);
++	if (ret || !(mm->pax_flags & MF_PAX_SEGMEXEC))
++		return ret;
++
++	return __do_munmap(mm, start + SEGMEXEC_TASK_SIZE, len);
++}
++
++int __do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
++#else
++int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
++#endif
++{
+ 	unsigned long end;
+ 	struct vm_area_struct *vma, *prev, *last;
+ 
++	/*
++	 * mm->mmap_sem is required to protect against another thread
++	 * changing the mappings in case we sleep.
++	 */
++	verify_mm_writelocked(mm);
++
+ 	if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
+ 		return -EINVAL;
+ 
+@@ -1936,6 +2306,8 @@ int do_munmap(struct mm_struct *mm, unsi
+ 	/* Fix up all other VM information */
+ 	remove_vma_list(mm, vma);
+ 
++	track_exec_limit(mm, start, end, 0UL);
++
+ 	return 0;
+ }
+ 
+@@ -1948,22 +2320,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, a
+ 
+ 	profile_munmap(addr);
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) &&
++	    (len > SEGMEXEC_TASK_SIZE || addr > SEGMEXEC_TASK_SIZE-len))
++		return -EINVAL;
++#endif
++
+ 	down_write(&mm->mmap_sem);
+ 	ret = do_munmap(mm, addr, len);
+ 	up_write(&mm->mmap_sem);
+ 	return ret;
+ }
+ 
+-static inline void verify_mm_writelocked(struct mm_struct *mm)
+-{
+-#ifdef CONFIG_DEBUG_VM
+-	if (unlikely(down_read_trylock(&mm->mmap_sem))) {
+-		WARN_ON(1);
+-		up_read(&mm->mmap_sem);
+-	}
+-#endif
+-}
+-
+ /*
+  *  this is really a simplified "do_mmap".  it only handles
+  *  anonymous maps.  eventually we may be able to do some
+@@ -1977,6 +2345,11 @@ unsigned long do_brk(unsigned long addr,
+ 	struct rb_node ** rb_link, * rb_parent;
+ 	pgoff_t pgoff = addr >> PAGE_SHIFT;
+ 	int error;
++	unsigned long charged;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m = NULL;
++#endif
+ 
+ 	len = PAGE_ALIGN(len);
+ 	if (!len)
+@@ -1994,19 +2367,34 @@ unsigned long do_brk(unsigned long addr,
+ 
+ 	flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
+ 
++#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++	if (mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
++		flags &= ~VM_EXEC;
++
++#ifdef CONFIG_PAX_MPROTECT
++		if (mm->pax_flags & MF_PAX_MPROTECT)
++			flags &= ~VM_MAYEXEC;
++#endif
++
++	}
++#endif
++
+ 	error = arch_mmap_check(addr, len, flags);
+ 	if (error)
+ 		return error;
+ 
++	charged = len >> PAGE_SHIFT;
++
+ 	/*
+ 	 * mlock MCL_FUTURE?
+ 	 */
+ 	if (mm->def_flags & VM_LOCKED) {
+ 		unsigned long locked, lock_limit;
+-		locked = len >> PAGE_SHIFT;
++		locked = charged;
+ 		locked += mm->locked_vm;
+ 		lock_limit = current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur;
+ 		lock_limit >>= PAGE_SHIFT;
++		gr_learn_resource(current, RLIMIT_MEMLOCK, locked << PAGE_SHIFT, 1);
+ 		if (locked > lock_limit && !capable(CAP_IPC_LOCK))
+ 			return -EAGAIN;
+ 	}
+@@ -2020,22 +2408,22 @@ unsigned long do_brk(unsigned long addr,
+ 	/*
+ 	 * Clear old maps.  this also does some error checking for us
+ 	 */
+- munmap_back:
+ 	vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
+ 	if (vma && vma->vm_start < addr + len) {
+ 		if (do_munmap(mm, addr, len))
+ 			return -ENOMEM;
+-		goto munmap_back;
++		vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent);
++		BUG_ON(vma && vma->vm_start < addr + len);
+ 	}
+ 
+ 	/* Check against address space limits *after* clearing old maps... */
+-	if (!may_expand_vm(mm, len >> PAGE_SHIFT))
++	if (!may_expand_vm(mm, charged))
+ 		return -ENOMEM;
+ 
+ 	if (mm->map_count > sysctl_max_map_count)
+ 		return -ENOMEM;
+ 
+-	if (security_vm_enough_memory(len >> PAGE_SHIFT))
++	if (security_vm_enough_memory(charged))
+ 		return -ENOMEM;
+ 
+ 	/* Can we just expand an old private anonymous mapping? */
+@@ -2049,10 +2437,21 @@ unsigned long do_brk(unsigned long addr,
+ 	 */
+ 	vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
+ 	if (!vma) {
+-		vm_unacct_memory(len >> PAGE_SHIFT);
++		vm_unacct_memory(charged);
+ 		return -ENOMEM;
+ 	}
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (flags & VM_EXEC)) {
++		vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++		if (!vma_m) {
++			kmem_cache_free(vm_area_cachep, vma);
++			vm_unacct_memory(charged);
++			return -ENOMEM;
++		}
++	}
++#endif
++
+ 	vma->vm_mm = mm;
+ 	vma->vm_start = addr;
+ 	vma->vm_end = addr + len;
+@@ -2061,11 +2460,12 @@ unsigned long do_brk(unsigned long addr,
+ 	vma->vm_page_prot = vm_get_page_prot(flags);
+ 	vma_link(mm, vma, prev, rb_link, rb_parent);
+ out:
+-	mm->total_vm += len >> PAGE_SHIFT;
++	mm->total_vm += charged;
+ 	if (flags & VM_LOCKED) {
+ 		if (!mlock_vma_pages_range(vma, addr, addr + len))
+-			mm->locked_vm += (len >> PAGE_SHIFT);
++			mm->locked_vm += charged;
+ 	}
++	track_exec_limit(mm, addr, addr + len, flags);
+ 	return addr;
+ }
+ 
+@@ -2111,8 +2511,10 @@ void exit_mmap(struct mm_struct *mm)
+ 	 * Walk the list again, actually closing and freeing it,
+ 	 * with preemption enabled, without holding any MM locks.
+ 	 */
+-	while (vma)
++	while (vma) {
++		vma->vm_mirror = NULL;
+ 		vma = remove_vma(vma);
++	}
+ 
+ 	BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT);
+ }
+@@ -2126,6 +2528,10 @@ int insert_vm_struct(struct mm_struct * 
+ 	struct vm_area_struct * __vma, * prev;
+ 	struct rb_node ** rb_link, * rb_parent;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m = NULL;
++#endif
++
+ 	/*
+ 	 * The vm_pgoff of a purely anonymous vma should be irrelevant
+ 	 * until its first write fault, when page's anon_vma and index
+@@ -2148,7 +2554,22 @@ int insert_vm_struct(struct mm_struct * 
+ 	if ((vma->vm_flags & VM_ACCOUNT) &&
+ 	     security_vm_enough_memory_mm(mm, vma_pages(vma)))
+ 		return -ENOMEM;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && (vma->vm_flags & VM_EXEC)) {
++		vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++		if (!vma_m)
++			return -ENOMEM;
++	}
++#endif
++
+ 	vma_link(mm, vma, prev, rb_link, rb_parent);
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (vma_m)
++		pax_mirror_vma(vma_m, vma);
++#endif
++
+ 	return 0;
+ }
+ 
+@@ -2166,6 +2587,8 @@ struct vm_area_struct *copy_vma(struct v
+ 	struct rb_node **rb_link, *rb_parent;
+ 	struct mempolicy *pol;
+ 
++	BUG_ON(vma->vm_mirror);
++
+ 	/*
+ 	 * If anonymous vma has not yet been faulted, update new pgoff
+ 	 * to match new location, to increase its chance of merging.
+@@ -2209,6 +2632,35 @@ struct vm_area_struct *copy_vma(struct v
+ 	return new_vma;
+ }
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++void pax_mirror_vma(struct vm_area_struct *vma_m, struct vm_area_struct *vma)
++{
++	struct vm_area_struct *prev_m;
++	struct rb_node **rb_link_m, *rb_parent_m;
++	struct mempolicy *pol_m;
++
++	BUG_ON(!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC));
++	BUG_ON(vma->vm_mirror || vma_m->vm_mirror);
++	BUG_ON(!mpol_equal(vma_policy(vma), vma_policy(vma_m)));
++	*vma_m = *vma;
++	pol_m = vma_policy(vma_m);
++	mpol_get(pol_m);
++	vma_set_policy(vma_m, pol_m);
++	vma_m->vm_start += SEGMEXEC_TASK_SIZE;
++	vma_m->vm_end += SEGMEXEC_TASK_SIZE;
++	vma_m->vm_flags &= ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED);
++	vma_m->vm_page_prot = vm_get_page_prot(vma_m->vm_flags);
++	if (vma_m->vm_file)
++		get_file(vma_m->vm_file);
++	if (vma_m->vm_ops && vma_m->vm_ops->open)
++		vma_m->vm_ops->open(vma_m);
++	find_vma_prepare(vma->vm_mm, vma_m->vm_start, &prev_m, &rb_link_m, &rb_parent_m);
++	vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m);
++	vma_m->vm_mirror = vma;
++	vma->vm_mirror = vma_m;
++}
++#endif
++
+ /*
+  * Return true if the calling process may expand its vm space by the passed
+  * number of pages
+@@ -2219,7 +2671,7 @@ int may_expand_vm(struct mm_struct *mm, 
+ 	unsigned long lim;
+ 
+ 	lim = current->signal->rlim[RLIMIT_AS].rlim_cur >> PAGE_SHIFT;
+-
++	gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1);
+ 	if (cur + npages > lim)
+ 		return 0;
+ 	return 1;
+@@ -2260,7 +2712,7 @@ static void special_mapping_close(struct
+ {
+ }
+ 
+-static struct vm_operations_struct special_mapping_vmops = {
++static const struct vm_operations_struct special_mapping_vmops = {
+ 	.close = special_mapping_close,
+ 	.fault = special_mapping_fault,
+ };
+@@ -2288,6 +2740,15 @@ int install_special_mapping(struct mm_st
+ 	vma->vm_start = addr;
+ 	vma->vm_end = addr + len;
+ 
++#ifdef CONFIG_PAX_MPROTECT
++	if (mm->pax_flags & MF_PAX_MPROTECT) {
++		if ((vm_flags & (VM_WRITE | VM_EXEC)) != VM_EXEC)
++			vm_flags &= ~(VM_EXEC | VM_MAYEXEC);
++		else
++			vm_flags &= ~(VM_WRITE | VM_MAYWRITE);
++	}
++#endif
++
+ 	vma->vm_flags = vm_flags | mm->def_flags | VM_DONTEXPAND;
+ 	vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
+ 
+diff -urNp linux-2.6.29.6/mm/mprotect.c linux-2.6.29.6/mm/mprotect.c
+--- linux-2.6.29.6/mm/mprotect.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/mprotect.c	2009-07-23 17:34:32.228714408 -0400
+@@ -23,10 +23,16 @@
+ #include <linux/swapops.h>
+ #include <linux/mmu_notifier.h>
+ #include <linux/migrate.h>
++
++#ifdef CONFIG_PAX_MPROTECT
++#include <linux/elf.h>
++#endif
++
+ #include <asm/uaccess.h>
+ #include <asm/pgtable.h>
+ #include <asm/cacheflush.h>
+ #include <asm/tlbflush.h>
++#include <asm/mmu_context.h>
+ 
+ #ifndef pgprot_modify
+ static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot)
+@@ -131,6 +137,48 @@ static void change_protection(struct vm_
+ 	flush_tlb_range(vma, start, end);
+ }
+ 
++#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
++/* called while holding the mmap semaphor for writing except stack expansion */
++void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot)
++{
++	unsigned long oldlimit, newlimit = 0UL;
++
++	if (!(mm->pax_flags & MF_PAX_PAGEEXEC) || nx_enabled)
++		return;
++
++	spin_lock(&mm->page_table_lock);
++	oldlimit = mm->context.user_cs_limit;
++	if ((prot & VM_EXEC) && oldlimit < end)
++		/* USER_CS limit moved up */
++		newlimit = end;
++	else if (!(prot & VM_EXEC) && start < oldlimit && oldlimit <= end)
++		/* USER_CS limit moved down */
++		newlimit = start;
++
++	if (newlimit) {
++		mm->context.user_cs_limit = newlimit;
++
++#ifdef CONFIG_SMP
++		wmb();
++		cpus_clear(mm->context.cpu_user_cs_mask);
++		cpu_set(smp_processor_id(), mm->context.cpu_user_cs_mask);
++#endif
++
++		set_user_cs(mm->context.user_cs_base, mm->context.user_cs_limit, smp_processor_id());
++	}
++	spin_unlock(&mm->page_table_lock);
++	if (newlimit == end) {
++		struct vm_area_struct *vma = find_vma(mm, oldlimit);
++
++		for (; vma && vma->vm_start < end; vma = vma->vm_next)
++			if (is_vm_hugetlb_page(vma))
++				hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot);
++			else
++				change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma));
++	}
++}
++#endif
++
+ int
+ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev,
+ 	unsigned long start, unsigned long end, unsigned long newflags)
+@@ -143,6 +191,14 @@ mprotect_fixup(struct vm_area_struct *vm
+ 	int error;
+ 	int dirty_accountable = 0;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	struct vm_area_struct *vma_m = NULL;
++	unsigned long start_m, end_m;
++
++	start_m = start + SEGMEXEC_TASK_SIZE;
++	end_m = end + SEGMEXEC_TASK_SIZE;
++#endif
++
+ 	if (newflags == oldflags) {
+ 		*pprev = vma;
+ 		return 0;
+@@ -164,6 +220,38 @@ mprotect_fixup(struct vm_area_struct *vm
+ 		}
+ 	}
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if ((mm->pax_flags & MF_PAX_SEGMEXEC) && ((oldflags ^ newflags) & VM_EXEC)) {
++		if (start != vma->vm_start) {
++			error = split_vma(mm, vma, start, 1);
++			if (error)
++				goto fail;
++			BUG_ON(!*pprev || (*pprev)->vm_next == vma);
++			*pprev = (*pprev)->vm_next;
++		}
++
++		if (end != vma->vm_end) {
++			error = split_vma(mm, vma, end, 0);
++			if (error)
++				goto fail;
++		}
++
++		if (pax_find_mirror_vma(vma)) {
++			error = __do_munmap(mm, start_m, end_m - start_m);
++			if (error)
++				goto fail;
++		} else {
++			vma_m = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
++			if (!vma_m) {
++				error = -ENOMEM;
++				goto fail;
++			}
++			vma->vm_flags = newflags;
++			pax_mirror_vma(vma_m, vma);
++		}
++	}
++#endif
++
+ 	/*
+ 	 * First try to merge with previous and/or next vma.
+ 	 */
+@@ -195,8 +283,14 @@ success:
+ 	 * held in write mode.
+ 	 */
+ 	vma->vm_flags = newflags;
++
++#ifdef CONFIG_PAX_MPROTECT
++	if (current->binfmt && current->binfmt->handle_mprotect)
++		current->binfmt->handle_mprotect(vma, newflags);
++#endif
++
+ 	vma->vm_page_prot = pgprot_modify(vma->vm_page_prot,
+-					  vm_get_page_prot(newflags));
++					  vm_get_page_prot(vma->vm_flags));
+ 
+ 	if (vma_wants_writenotify(vma)) {
+ 		vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED);
+@@ -237,6 +331,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
+ 	end = start + len;
+ 	if (end <= start)
+ 		return -ENOMEM;
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
++		if (end > SEGMEXEC_TASK_SIZE)
++			return -EINVAL;
++	} else
++#endif
++
++	if (end > TASK_SIZE)
++		return -EINVAL;
++
+ 	if (!arch_validate_prot(prot))
+ 		return -EINVAL;
+ 
+@@ -244,7 +349,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
+ 	/*
+ 	 * Does the application expect PROT_READ to imply PROT_EXEC:
+ 	 */
+-	if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))
++	if ((prot & (PROT_READ | PROT_WRITE)) && (current->personality & READ_IMPLIES_EXEC))
+ 		prot |= PROT_EXEC;
+ 
+ 	vm_flags = calc_vm_prot_bits(prot);
+@@ -276,6 +381,16 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
+ 	if (start > vma->vm_start)
+ 		prev = vma;
+ 
++	if (!gr_acl_handle_mprotect(vma->vm_file, prot)) {
++		error = -EACCES;
++		goto out;
++	}
++
++#ifdef CONFIG_PAX_MPROTECT
++	if (current->binfmt && current->binfmt->handle_mprotect)
++		current->binfmt->handle_mprotect(vma, vm_flags);
++#endif
++
+ 	for (nstart = start ; ; ) {
+ 		unsigned long newflags;
+ 
+@@ -299,6 +414,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long,
+ 		error = mprotect_fixup(vma, &prev, nstart, tmp, newflags);
+ 		if (error)
+ 			goto out;
++
++		track_exec_limit(current->mm, nstart, tmp, vm_flags);
++
+ 		nstart = tmp;
+ 
+ 		if (nstart < prev->vm_end)
+diff -urNp linux-2.6.29.6/mm/mremap.c linux-2.6.29.6/mm/mremap.c
+--- linux-2.6.29.6/mm/mremap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/mremap.c	2009-07-23 17:34:32.228714408 -0400
+@@ -113,6 +113,12 @@ static void move_ptes(struct vm_area_str
+ 			continue;
+ 		pte = ptep_clear_flush(vma, old_addr, old_pte);
+ 		pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr);
++
++#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
++		if (!nx_enabled && (new_vma->vm_flags & (VM_PAGEEXEC | VM_EXEC)) == VM_PAGEEXEC)
++			pte = pte_exprotect(pte);
++#endif
++
+ 		set_pte_at(mm, new_addr, new_pte, pte);
+ 	}
+ 
+@@ -262,6 +268,7 @@ unsigned long do_mremap(unsigned long ad
+ 	struct vm_area_struct *vma;
+ 	unsigned long ret = -EINVAL;
+ 	unsigned long charged = 0;
++	unsigned long pax_task_size = TASK_SIZE;
+ 
+ 	if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
+ 		goto out;
+@@ -280,6 +287,15 @@ unsigned long do_mremap(unsigned long ad
+ 	if (!new_len)
+ 		goto out;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (current->mm->pax_flags & MF_PAX_SEGMEXEC)
++		pax_task_size = SEGMEXEC_TASK_SIZE;
++#endif
++
++	if (new_len > pax_task_size || addr > pax_task_size-new_len ||
++	    old_len > pax_task_size || addr > pax_task_size-old_len)
++		goto out;
++
+ 	/* new_addr is only valid if MREMAP_FIXED is specified */
+ 	if (flags & MREMAP_FIXED) {
+ 		if (new_addr & ~PAGE_MASK)
+@@ -287,16 +303,13 @@ unsigned long do_mremap(unsigned long ad
+ 		if (!(flags & MREMAP_MAYMOVE))
+ 			goto out;
+ 
+-		if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len)
++		if (new_addr > pax_task_size - new_len)
+ 			goto out;
+ 
+ 		/* Check if the location we're moving into overlaps the
+ 		 * old location at all, and fail if it does.
+ 		 */
+-		if ((new_addr <= addr) && (new_addr+new_len) > addr)
+-			goto out;
+-
+-		if ((addr <= new_addr) && (addr+old_len) > new_addr)
++		if (addr + old_len > new_addr && new_addr + new_len > addr)
+ 			goto out;
+ 
+ 		ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1);
+@@ -334,6 +347,14 @@ unsigned long do_mremap(unsigned long ad
+ 		ret = -EINVAL;
+ 		goto out;
+ 	}
++
++#ifdef CONFIG_PAX_SEGMEXEC
++	if (pax_find_mirror_vma(vma)) {
++		ret = -EINVAL;
++		goto out;
++	}
++#endif
++
+ 	/* We can't remap across vm area boundaries */
+ 	if (old_len > vma->vm_end - addr)
+ 		goto out;
+@@ -367,7 +388,7 @@ unsigned long do_mremap(unsigned long ad
+ 	if (old_len == vma->vm_end - addr &&
+ 	    !((flags & MREMAP_FIXED) && (addr != new_addr)) &&
+ 	    (old_len != new_len || !(flags & MREMAP_MAYMOVE))) {
+-		unsigned long max_addr = TASK_SIZE;
++		unsigned long max_addr = pax_task_size;
+ 		if (vma->vm_next)
+ 			max_addr = vma->vm_next->vm_start;
+ 		/* can we just expand the current mapping? */
+@@ -385,6 +406,7 @@ unsigned long do_mremap(unsigned long ad
+ 						   addr + new_len);
+ 			}
+ 			ret = addr;
++			track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags);
+ 			goto out;
+ 		}
+ 	}
+@@ -395,8 +417,8 @@ unsigned long do_mremap(unsigned long ad
+ 	 */
+ 	ret = -ENOMEM;
+ 	if (flags & MREMAP_MAYMOVE) {
++		unsigned long map_flags = 0;
+ 		if (!(flags & MREMAP_FIXED)) {
+-			unsigned long map_flags = 0;
+ 			if (vma->vm_flags & VM_MAYSHARE)
+ 				map_flags |= MAP_SHARED;
+ 
+@@ -411,7 +433,12 @@ unsigned long do_mremap(unsigned long ad
+ 			if (ret)
+ 				goto out;
+ 		}
++		map_flags = vma->vm_flags;
+ 		ret = move_vma(vma, addr, old_len, new_len, new_addr);
++		if (!(ret & ~PAGE_MASK)) {
++			track_exec_limit(current->mm, addr, addr + old_len, 0UL);
++			track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags);
++		}
+ 	}
+ out:
+ 	if (ret & ~PAGE_MASK)
+diff -urNp linux-2.6.29.6/mm/nommu.c linux-2.6.29.6/mm/nommu.c
+--- linux-2.6.29.6/mm/nommu.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/nommu.c	2009-07-23 18:40:27.482433806 -0400
+@@ -79,7 +79,7 @@ static struct kmem_cache *vm_region_jar;
+ struct rb_root nommu_region_tree = RB_ROOT;
+ DECLARE_RWSEM(nommu_region_sem);
+ 
+-struct vm_operations_struct generic_file_vm_ops = {
++const struct vm_operations_struct generic_file_vm_ops = {
+ };
+ 
+ /*
+@@ -770,15 +770,6 @@ struct vm_area_struct *find_vma(struct m
+ EXPORT_SYMBOL(find_vma);
+ 
+ /*
+- * find a VMA
+- * - we don't extend stack VMAs under NOMMU conditions
+- */
+-struct vm_area_struct *find_extend_vma(struct mm_struct *mm, unsigned long addr)
+-{
+-	return find_vma(mm, addr);
+-}
+-
+-/*
+  * expand a stack to a given address
+  * - not supported under NOMMU conditions
+  */
+diff -urNp linux-2.6.29.6/mm/page_alloc.c linux-2.6.29.6/mm/page_alloc.c
+--- linux-2.6.29.6/mm/page_alloc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/page_alloc.c	2009-07-23 17:34:32.229702725 -0400
+@@ -549,6 +549,10 @@ static void __free_pages_ok(struct page 
+ 	int i;
+ 	int bad = 0;
+ 
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++	unsigned long index = 1UL << order;
++#endif
++
+ 	for (i = 0 ; i < (1 << order) ; ++i)
+ 		bad += free_pages_check(page + i);
+ 	if (bad)
+@@ -559,6 +563,12 @@ static void __free_pages_ok(struct page 
+ 		debug_check_no_obj_freed(page_address(page),
+ 					   PAGE_SIZE << order);
+ 	}
++
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++	for (; index; --index)
++		sanitize_highpage(page + index - 1);
++#endif
++
+ 	arch_free_page(page, order);
+ 	kernel_map_pages(page, 1 << order, 0);
+ 
+@@ -647,8 +657,10 @@ static int prep_new_page(struct page *pa
+ 	arch_alloc_page(page, order);
+ 	kernel_map_pages(page, 1 << order, 1);
+ 
++#ifndef CONFIG_PAX_MEMORY_SANITIZE
+ 	if (gfp_flags & __GFP_ZERO)
+ 		prep_zero_page(page, order, gfp_flags);
++#endif
+ 
+ 	if (order && (gfp_flags & __GFP_COMP))
+ 		prep_compound_page(page, order);
+@@ -1009,6 +1021,11 @@ static void free_hot_cold_page(struct pa
+ 		debug_check_no_locks_freed(page_address(page), PAGE_SIZE);
+ 		debug_check_no_obj_freed(page_address(page), PAGE_SIZE);
+ 	}
++
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++	sanitize_highpage(page);
++#endif
++
+ 	arch_free_page(page, 0);
+ 	kernel_map_pages(page, 1, 0);
+ 
+diff -urNp linux-2.6.29.6/mm/rmap.c linux-2.6.29.6/mm/rmap.c
+--- linux-2.6.29.6/mm/rmap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/rmap.c	2009-07-23 17:34:32.230802833 -0400
+@@ -103,6 +103,10 @@ int anon_vma_prepare(struct vm_area_stru
+ 		struct mm_struct *mm = vma->vm_mm;
+ 		struct anon_vma *allocated;
+ 
++#ifdef CONFIG_PAX_SEGMEXEC
++		struct vm_area_struct *vma_m;
++#endif
++
+ 		anon_vma = find_mergeable_anon_vma(vma);
+ 		allocated = NULL;
+ 		if (!anon_vma) {
+@@ -116,6 +120,15 @@ int anon_vma_prepare(struct vm_area_stru
+ 		/* page_table_lock to protect against threads */
+ 		spin_lock(&mm->page_table_lock);
+ 		if (likely(!vma->anon_vma)) {
++
++#ifdef CONFIG_PAX_SEGMEXEC
++			vma_m = pax_find_mirror_vma(vma);
++			if (vma_m) {
++				vma_m->anon_vma = anon_vma;
++				__anon_vma_link(vma_m);
++			}
++#endif
++
+ 			vma->anon_vma = anon_vma;
+ 			list_add_tail(&vma->anon_vma_node, &anon_vma->head);
+ 			allocated = NULL;
+diff -urNp linux-2.6.29.6/mm/shmem.c linux-2.6.29.6/mm/shmem.c
+--- linux-2.6.29.6/mm/shmem.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/shmem.c	2009-07-23 18:40:28.737571137 -0400
+@@ -29,7 +29,7 @@
+ #include <linux/module.h>
+ #include <linux/swap.h>
+ 
+-static struct vfsmount *shm_mnt;
++struct vfsmount *shm_mnt;
+ 
+ #ifdef CONFIG_SHMEM
+ /*
+@@ -203,7 +203,7 @@ static const struct file_operations shme
+ static const struct inode_operations shmem_inode_operations;
+ static const struct inode_operations shmem_dir_inode_operations;
+ static const struct inode_operations shmem_special_inode_operations;
+-static struct vm_operations_struct shmem_vm_ops;
++static const struct vm_operations_struct shmem_vm_ops;
+ 
+ static struct backing_dev_info shmem_backing_dev_info  __read_mostly = {
+ 	.ra_pages	= 0,	/* No readahead */
+@@ -2482,7 +2482,7 @@ static const struct super_operations shm
+ 	.put_super	= shmem_put_super,
+ };
+ 
+-static struct vm_operations_struct shmem_vm_ops = {
++static const struct vm_operations_struct shmem_vm_ops = {
+ 	.fault		= shmem_fault,
+ #ifdef CONFIG_NUMA
+ 	.set_policy     = shmem_set_policy,
+diff -urNp linux-2.6.29.6/mm/slab.c linux-2.6.29.6/mm/slab.c
+--- linux-2.6.29.6/mm/slab.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/slab.c	2009-07-23 17:34:32.231924238 -0400
+@@ -305,7 +305,7 @@ struct kmem_list3 {
+  * Need this for bootstrapping a per node allocator.
+  */
+ #define NUM_INIT_LISTS (3 * MAX_NUMNODES)
+-struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
++struct kmem_list3 initkmem_list3[NUM_INIT_LISTS];
+ #define	CACHE_CACHE 0
+ #define	SIZE_AC MAX_NUMNODES
+ #define	SIZE_L3 (2 * MAX_NUMNODES)
+@@ -628,7 +628,7 @@ static inline void *index_to_obj(struct 
+  *   reciprocal_divide(offset, cache->reciprocal_buffer_size)
+  */
+ static inline unsigned int obj_to_index(const struct kmem_cache *cache,
+-					const struct slab *slab, void *obj)
++					const struct slab *slab, const void *obj)
+ {
+ 	u32 offset = (obj - slab->s_mem);
+ 	return reciprocal_divide(offset, cache->reciprocal_buffer_size);
+@@ -654,14 +654,14 @@ struct cache_names {
+ static struct cache_names __initdata cache_names[] = {
+ #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
+ #include <linux/kmalloc_sizes.h>
+-	{NULL,}
++	{NULL, NULL}
+ #undef CACHE
+ };
+ 
+ static struct arraycache_init initarray_cache __initdata =
+-    { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
++    { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
+ static struct arraycache_init initarray_generic =
+-    { {0, BOOT_CPUCACHE_ENTRIES, 1, 0} };
++    { {0, BOOT_CPUCACHE_ENTRIES, 1, 0}, {NULL} };
+ 
+ /* internal cache of cache description objs */
+ static struct kmem_cache cache_cache = {
+@@ -4428,15 +4428,60 @@ static const struct file_operations proc
+ 
+ static int __init slab_proc_init(void)
+ {
++#if !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ 	proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations);
+ #ifdef CONFIG_DEBUG_SLAB_LEAK
+ 	proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations);
+ #endif
++#endif
+ 	return 0;
+ }
+ module_init(slab_proc_init);
+ #endif
+ 
++void check_object_size(const void *ptr, unsigned long n, bool to)
++{
++
++#ifdef CONFIG_PAX_USERCOPY
++	struct kmem_cache *cachep;
++	struct slab *slabp;
++	struct page *page;
++	unsigned int objnr;
++	unsigned long offset;
++
++	if (!n)
++		return;
++
++	if (ZERO_OR_NULL_PTR(ptr))
++		goto report;
++
++	if (!virt_addr_valid(ptr))
++		return;
++
++	page = virt_to_head_page(ptr);
++
++	if (!PageSlab(page))
++		/* TODO: check for stack based ptr */
++		return;
++
++	cachep = page_get_cache(page);
++	slabp = page_get_slab(page);
++	objnr = obj_to_index(cachep, slabp, ptr);
++	BUG_ON(objnr >= cachep->num);
++	offset = ptr - index_to_obj(cachep, slabp, objnr) - obj_offset(cachep);
++	if (offset <= obj_size(cachep) && n <= obj_size(cachep) - offset)
++		return;
++
++report:
++	if (to)
++		pax_report_leak_to_user(ptr, n);
++	else
++		pax_report_overflow_from_user(ptr, n);
++#endif
++
++}
++EXPORT_SYMBOL(check_object_size);
++
+ /**
+  * ksize - get the actual amount of memory allocated for a given object
+  * @objp: Pointer to the object
+diff -urNp linux-2.6.29.6/mm/slob.c linux-2.6.29.6/mm/slob.c
+--- linux-2.6.29.6/mm/slob.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/slob.c	2009-07-23 17:34:32.232713662 -0400
+@@ -29,7 +29,7 @@
+  * If kmalloc is asked for objects of PAGE_SIZE or larger, it calls
+  * alloc_pages() directly, allocating compound pages so the page order
+  * does not have to be separately tracked, and also stores the exact
+- * allocation size in page->private so that it can be used to accurately
++ * allocation size in slob_page->size so that it can be used to accurately
+  * provide ksize(). These objects are detected in kfree() because slob_page()
+  * is false for them.
+  *
+@@ -58,6 +58,7 @@
+  */
+ 
+ #include <linux/kernel.h>
++#include <linux/sched.h>
+ #include <linux/slab.h>
+ #include <linux/mm.h>
+ #include <linux/cache.h>
+@@ -97,7 +98,8 @@ struct slob_page {
+ 			unsigned long flags;	/* mandatory */
+ 			atomic_t _count;	/* mandatory */
+ 			slobidx_t units;	/* free units left in page */
+-			unsigned long pad[2];
++			unsigned long pad[1];
++			unsigned long size;	/* size when >=PAGE_SIZE */
+ 			slob_t *free;		/* first free slob_t in page */
+ 			struct list_head list;	/* linked list of free pages */
+ 		};
+@@ -130,7 +132,7 @@ static LIST_HEAD(free_slob_large);
+  */
+ static inline int slob_page(struct slob_page *sp)
+ {
+-	return PageSlobPage((struct page *)sp);
++	return PageSlobPage((struct page *)sp) && !sp->size;
+ }
+ 
+ static inline void set_slob_page(struct slob_page *sp)
+@@ -200,7 +202,7 @@ static void set_slob(slob_t *s, slobidx_
+ /*
+  * Return the size of a slob block.
+  */
+-static slobidx_t slob_units(slob_t *s)
++static slobidx_t slob_units(const slob_t *s)
+ {
+ 	if (s->units > 0)
+ 		return s->units;
+@@ -210,7 +212,7 @@ static slobidx_t slob_units(slob_t *s)
+ /*
+  * Return the next free slob block pointer after this one.
+  */
+-static slob_t *slob_next(slob_t *s)
++static slob_t *slob_next(const slob_t *s)
+ {
+ 	slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK);
+ 	slobidx_t next;
+@@ -225,7 +227,7 @@ static slob_t *slob_next(slob_t *s)
+ /*
+  * Returns true if s is the last free block in its page.
+  */
+-static int slob_last(slob_t *s)
++static int slob_last(const slob_t *s)
+ {
+ 	return !((unsigned long)slob_next(s) & ~PAGE_MASK);
+ }
+@@ -244,6 +246,7 @@ static void *slob_new_page(gfp_t gfp, in
+ 	if (!page)
+ 		return NULL;
+ 
++	set_slob_page(page);
+ 	return page_address(page);
+ }
+ 
+@@ -353,11 +356,11 @@ static void *slob_alloc(size_t size, gfp
+ 		if (!b)
+ 			return 0;
+ 		sp = (struct slob_page *)virt_to_page(b);
+-		set_slob_page(sp);
+ 
+ 		spin_lock_irqsave(&slob_lock, flags);
+ 		sp->units = SLOB_UNITS(PAGE_SIZE);
+ 		sp->free = b;
++		sp->size = 0;
+ 		INIT_LIST_HEAD(&sp->list);
+ 		set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
+ 		set_slob_page_free(sp, slob_list);
+@@ -459,10 +462,9 @@ out:
+ #define ARCH_SLAB_MINALIGN __alignof__(unsigned long)
+ #endif
+ 
+-void *__kmalloc_node(size_t size, gfp_t gfp, int node)
++static void *__kmalloc_node_align(size_t size, gfp_t gfp, int node, int align)
+ {
+-	unsigned int *m;
+-	int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
++	slob_t *m;
+ 
+ 	if (size < PAGE_SIZE - align) {
+ 		if (!size)
+@@ -471,20 +473,30 @@ void *__kmalloc_node(size_t size, gfp_t 
+ 		m = slob_alloc(size + align, gfp, align, node);
+ 		if (!m)
+ 			return NULL;
+-		*m = size;
++		BUILD_BUG_ON(ARCH_KMALLOC_MINALIGN < 2 * SLOB_UNIT);
++		BUILD_BUG_ON(ARCH_SLAB_MINALIGN < 2 * SLOB_UNIT);
++		m[0].units = size;
++		m[1].units = align;
+ 		return (void *)m + align;
+ 	} else {
+ 		void *ret;
+ 
+ 		ret = slob_new_page(gfp | __GFP_COMP, get_order(size), node);
+ 		if (ret) {
+-			struct page *page;
+-			page = virt_to_page(ret);
+-			page->private = size;
++			struct slob_page *sp;
++			sp = (struct slob_page *)virt_to_head_page(ret);
++			sp->size = size;
+ 		}
+ 		return ret;
+ 	}
+ }
++
++void *__kmalloc_node(size_t size, gfp_t gfp, int node)
++{
++	int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
++
++	return __kmalloc_node_align(size, gfp, node, align);
++}
+ EXPORT_SYMBOL(__kmalloc_node);
+ 
+ void kfree(const void *block)
+@@ -497,13 +509,81 @@ void kfree(const void *block)
+ 	sp = (struct slob_page *)virt_to_page(block);
+ 	if (slob_page(sp)) {
+ 		int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
+-		unsigned int *m = (unsigned int *)(block - align);
+-		slob_free(m, *m + align);
+-	} else
++		slob_t *m = (slob_t *)(block - align);
++		slob_free(m, m[0].units + align);
++	} else {
++		clear_slob_page(sp);
++		free_slob_page(sp);
++		sp->size = 0;
+ 		put_page(&sp->page);
++	}
+ }
+ EXPORT_SYMBOL(kfree);
+ 
++void check_object_size(const void *ptr, unsigned long n, bool to)
++{
++
++#ifdef CONFIG_PAX_USERCOPY
++	struct slob_page *sp;
++	const slob_t *free;
++	const void *base;
++
++	if (!n)
++		return;
++
++	if (ZERO_OR_NULL_PTR(ptr))
++		goto report;
++
++	if (!virt_addr_valid(ptr))
++		return;
++
++	sp = (struct slob_page *)virt_to_head_page(ptr);
++	if (!PageSlobPage((struct page*)sp))
++		return;
++
++	if (sp->size) {
++		base = page_address(&sp->page);
++		if (base <= ptr && n <= sp->size - (ptr - base))
++			return;
++		goto report;
++	}
++
++	/* some tricky double walking to find the chunk */
++	base = (void *)((unsigned long)ptr & PAGE_MASK);
++	free = sp->free;
++
++	while (!slob_last(free) && (void *)free <= ptr) {
++		base = free + slob_units(free);
++		free = slob_next(free);
++	}
++
++	while (base < (void *)free) {
++		slobidx_t m = ((slob_t *)base)[0].units, align = ((slob_t *)base)[1].units;
++		int size = SLOB_UNIT * SLOB_UNITS(m + align);
++		int offset;
++
++		if (ptr < base + align)
++			goto report;
++
++		offset = ptr - base - align;
++		if (offset < m) {
++			if (n <= m - offset)
++				return;
++			goto report;
++		}
++		base += size;
++	}
++
++report:
++	if (to)
++		pax_report_leak_to_user(ptr, n);
++	else
++		pax_report_overflow_from_user(ptr, n);
++#endif
++
++}
++EXPORT_SYMBOL(check_object_size);
++
+ /* can't use ksize for kmem_cache_alloc memory, only kmalloc */
+ size_t ksize(const void *block)
+ {
+@@ -516,10 +596,10 @@ size_t ksize(const void *block)
+ 	sp = (struct slob_page *)virt_to_page(block);
+ 	if (slob_page(sp)) {
+ 		int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN);
+-		unsigned int *m = (unsigned int *)(block - align);
+-		return SLOB_UNITS(*m) * SLOB_UNIT;
++		slob_t *m = (slob_t *)(block - align);
++		return SLOB_UNITS(m[0].units) * SLOB_UNIT;
+ 	} else
+-		return sp->page.private;
++		return sp->size;
+ }
+ EXPORT_SYMBOL(ksize);
+ 
+@@ -570,10 +650,19 @@ void *kmem_cache_alloc_node(struct kmem_
+ {
+ 	void *b;
+ 
++#ifdef CONFIG_PAX_USERCOPY
++	b = __kmalloc_node_align(c->size, flags, node, c->align);
++#else
+ 	if (c->size < PAGE_SIZE)
+ 		b = slob_alloc(c->size, flags, c->align, node);
+-	else
++	else {
++		struct slob_page *sp;
++
+ 		b = slob_new_page(flags, get_order(c->size), node);
++		sp = (struct slob_page *)virt_to_head_page(b);
++		sp->size = c->size;
++	}
++#endif
+ 
+ 	if (c->ctor)
+ 		c->ctor(b);
+@@ -584,10 +673,16 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
+ 
+ static void __kmem_cache_free(void *b, int size)
+ {
+-	if (size < PAGE_SIZE)
++	struct slob_page *sp = (struct slob_page *)virt_to_head_page(b);
++
++	if (slob_page(sp))
+ 		slob_free(b, size);
+-	else
++	else {
++		clear_slob_page(sp);
++		free_slob_page(sp);
++		sp->size = 0;
+ 		free_pages((unsigned long)b, get_order(size));
++	}
+ }
+ 
+ static void kmem_rcu_free(struct rcu_head *head)
+@@ -600,14 +695,23 @@ static void kmem_rcu_free(struct rcu_hea
+ 
+ void kmem_cache_free(struct kmem_cache *c, void *b)
+ {
++	int size = c->size;
++
++#ifdef CONFIG_PAX_USERCOPY
++	if (size + c->align < PAGE_SIZE) {
++		size += c->align;
++		b -= c->align;
++	}
++#endif
++
+ 	if (unlikely(c->flags & SLAB_DESTROY_BY_RCU)) {
+ 		struct slob_rcu *slob_rcu;
+-		slob_rcu = b + (c->size - sizeof(struct slob_rcu));
++		slob_rcu = b + (size - sizeof(struct slob_rcu));
+ 		INIT_RCU_HEAD(&slob_rcu->head);
+-		slob_rcu->size = c->size;
++		slob_rcu->size = size;
+ 		call_rcu(&slob_rcu->head, kmem_rcu_free);
+ 	} else {
+-		__kmem_cache_free(b, c->size);
++		__kmem_cache_free(b, size);
+ 	}
+ }
+ EXPORT_SYMBOL(kmem_cache_free);
+diff -urNp linux-2.6.29.6/mm/slub.c linux-2.6.29.6/mm/slub.c
+--- linux-2.6.29.6/mm/slub.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/slub.c	2009-07-23 17:34:32.232713662 -0400
+@@ -1786,7 +1786,7 @@ static int slub_min_objects;
+  * Merge control. If this is set then no merging of slab caches will occur.
+  * (Could be removed. This was introduced to pacify the merge skeptics.)
+  */
+-static int slub_nomerge;
++static int slub_nomerge = 1;
+ 
+ /*
+  * Calculate the order of allocation given an slab object size.
+@@ -2322,7 +2322,7 @@ static int kmem_cache_open(struct kmem_c
+ 	if (!calculate_sizes(s, -1))
+ 		goto error;
+ 
+-	s->refcount = 1;
++	atomic_set(&s->refcount, 1);
+ #ifdef CONFIG_NUMA
+ 	s->remote_node_defrag_ratio = 1000;
+ #endif
+@@ -2459,8 +2459,7 @@ static inline int kmem_cache_close(struc
+ void kmem_cache_destroy(struct kmem_cache *s)
+ {
+ 	down_write(&slub_lock);
+-	s->refcount--;
+-	if (!s->refcount) {
++	if (atomic_dec_and_test(&s->refcount)) {
+ 		list_del(&s->list);
+ 		up_write(&slub_lock);
+ 		if (kmem_cache_close(s)) {
+@@ -2702,6 +2701,44 @@ void *__kmalloc_node(size_t size, gfp_t 
+ EXPORT_SYMBOL(__kmalloc_node);
+ #endif
+ 
++void check_object_size(const void *ptr, unsigned long n, bool to)
++{
++
++#ifdef CONFIG_PAX_USERCOPY
++	struct page *page;
++	struct kmem_cache *s;
++	unsigned long offset;
++
++	if (!n)
++		return;
++
++	if (ZERO_OR_NULL_PTR(ptr))
++		goto report;
++
++	if (!virt_addr_valid(ptr))
++		return;
++
++	page = get_object_page(ptr);
++
++	if (!page)
++		/* TODO: check for stack based ptr */
++		return;
++
++	s = page->slab;
++	offset = (ptr - page_address(page)) % s->size;
++	if (offset <= s->objsize && n <= s->objsize - offset)
++		return;
++
++report:
++	if (to)
++		pax_report_leak_to_user(ptr, n);
++	else
++		pax_report_overflow_from_user(ptr, n);
++#endif
++
++}
++EXPORT_SYMBOL(check_object_size);
++
+ size_t ksize(const void *object)
+ {
+ 	struct page *page;
+@@ -2970,7 +3007,7 @@ void __init kmem_cache_init(void)
+ 	 */
+ 	create_kmalloc_cache(&kmalloc_caches[0], "kmem_cache_node",
+ 		sizeof(struct kmem_cache_node), GFP_KERNEL);
+-	kmalloc_caches[0].refcount = -1;
++	atomic_set(&kmalloc_caches[0].refcount, -1);
+ 	caches++;
+ 
+ 	hotplug_memory_notifier(slab_memory_callback, SLAB_CALLBACK_PRI);
+@@ -3060,7 +3097,7 @@ static int slab_unmergeable(struct kmem_
+ 	/*
+ 	 * We may have set a slab to be unmergeable during bootstrap.
+ 	 */
+-	if (s->refcount < 0)
++	if (atomic_read(&s->refcount) < 0)
+ 		return 1;
+ 
+ 	return 0;
+@@ -3117,7 +3154,7 @@ struct kmem_cache *kmem_cache_create(con
+ 	if (s) {
+ 		int cpu;
+ 
+-		s->refcount++;
++		atomic_inc(&s->refcount);
+ 		/*
+ 		 * Adjust the object sizes so that we clear
+ 		 * the complete object on kzalloc.
+@@ -3136,7 +3173,7 @@ struct kmem_cache *kmem_cache_create(con
+ 
+ 		if (sysfs_slab_alias(s, name)) {
+ 			down_write(&slub_lock);
+-			s->refcount--;
++			atomic_dec(&s->refcount);
+ 			up_write(&slub_lock);
+ 			goto err;
+ 		}
+@@ -3852,7 +3889,7 @@ SLAB_ATTR_RO(ctor);
+ 
+ static ssize_t aliases_show(struct kmem_cache *s, char *buf)
+ {
+-	return sprintf(buf, "%d\n", s->refcount - 1);
++	return sprintf(buf, "%d\n", atomic_read(&s->refcount) - 1);
+ }
+ SLAB_ATTR_RO(aliases);
+ 
+@@ -4530,7 +4567,9 @@ static const struct file_operations proc
+ 
+ static int __init slab_proc_init(void)
+ {
++#if !defined(CONFIG_GRKERNSEC_PROC_ADD)
+ 	proc_create("slabinfo",S_IWUSR|S_IRUGO,NULL,&proc_slabinfo_operations);
++#endif
+ 	return 0;
+ }
+ module_init(slab_proc_init);
+diff -urNp linux-2.6.29.6/mm/util.c linux-2.6.29.6/mm/util.c
+--- linux-2.6.29.6/mm/util.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/util.c	2009-07-23 17:34:32.233880520 -0400
+@@ -187,6 +187,12 @@ EXPORT_SYMBOL(strndup_user);
+ void arch_pick_mmap_layout(struct mm_struct *mm)
+ {
+ 	mm->mmap_base = TASK_UNMAPPED_BASE;
++
++#ifdef CONFIG_PAX_RANDMMAP
++	if (mm->pax_flags & MF_PAX_RANDMMAP)
++		mm->mmap_base += mm->delta_mmap;
++#endif
++
+ 	mm->get_unmapped_area = arch_get_unmapped_area;
+ 	mm->unmap_area = arch_unmap_area;
+ }
+diff -urNp linux-2.6.29.6/mm/vmalloc.c linux-2.6.29.6/mm/vmalloc.c
+--- linux-2.6.29.6/mm/vmalloc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/mm/vmalloc.c	2009-07-23 17:34:32.233880520 -0400
+@@ -90,6 +90,11 @@ static int vmap_pte_range(pmd_t *pmd, un
+ 		unsigned long end, pgprot_t prot, struct page **pages, int *nr)
+ {
+ 	pte_t *pte;
++	int ret = -ENOMEM;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	unsigned long cr0;
++#endif
+ 
+ 	/*
+ 	 * nr is a running index into the array which helps higher level
+@@ -99,17 +104,33 @@ static int vmap_pte_range(pmd_t *pmd, un
+ 	pte = pte_alloc_kernel(pmd, addr);
+ 	if (!pte)
+ 		return -ENOMEM;
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_open_kernel(cr0);
++#endif
++
+ 	do {
+ 		struct page *page = pages[*nr];
+ 
+-		if (WARN_ON(!pte_none(*pte)))
+-			return -EBUSY;
+-		if (WARN_ON(!page))
+-			return -ENOMEM;
++		if (WARN_ON(!pte_none(*pte))) {
++			ret = -EBUSY;
++			goto out;
++		}
++		if (WARN_ON(!page)) {
++			ret = -ENOMEM;
++			goto out;
++		}
+ 		set_pte_at(&init_mm, addr, pte, mk_pte(page, prot));
+ 		(*nr)++;
+ 	} while (pte++, addr += PAGE_SIZE, addr != end);
+-	return 0;
++	ret = 0;
++out:
++
++#ifdef CONFIG_PAX_KERNEXEC
++	pax_close_kernel(cr0);
++#endif
++
++	return ret;
+ }
+ 
+ static int vmap_pmd_range(pud_t *pud, unsigned long addr,
+@@ -1056,6 +1077,16 @@ static struct vm_struct *__get_vm_area_n
+ 	unsigned long align = 1;
+ 
+ 	BUG_ON(in_interrupt());
++
++#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++	if (flags & VM_KERNEXEC) {
++		if (start != VMALLOC_START || end != VMALLOC_END)
++			return NULL;
++		start = (unsigned long)MODULES_VADDR;
++		end = (unsigned long)MODULES_END;
++	}
++#endif
++
+ 	if (flags & VM_IOREMAP) {
+ 		int bit = fls(size);
+ 
+@@ -1289,6 +1320,11 @@ void *vmap(struct page **pages, unsigned
+ 	if (count > num_physpages)
+ 		return NULL;
+ 
++#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++	if (!(pgprot_val(prot) & _PAGE_NX))
++		flags |= VM_KERNEXEC;
++#endif
++
+ 	area = get_vm_area_caller((count << PAGE_SHIFT), flags,
+ 					__builtin_return_address(0));
+ 	if (!area)
+@@ -1385,6 +1421,13 @@ static void *__vmalloc_node(unsigned lon
+ 	if (!size || (size >> PAGE_SHIFT) > num_physpages)
+ 		return NULL;
+ 
++#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++	if (!(pgprot_val(prot) & _PAGE_NX))
++		area = __get_vm_area_node(size, VM_ALLOC | VM_KERNEXEC, VMALLOC_START, VMALLOC_END,
++						node, gfp_mask, caller);
++	else
++#endif
++
+ 	area = __get_vm_area_node(size, VM_ALLOC, VMALLOC_START, VMALLOC_END,
+ 						node, gfp_mask, caller);
+ 
+@@ -1394,6 +1437,7 @@ static void *__vmalloc_node(unsigned lon
+ 	return __vmalloc_area_node(area, gfp_mask, prot, node, caller);
+ }
+ 
++#undef __vmalloc
+ void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot)
+ {
+ 	return __vmalloc_node(size, gfp_mask, prot, -1,
+@@ -1410,6 +1454,7 @@ EXPORT_SYMBOL(__vmalloc);
+  *	For tight control over page level allocator and protection flags
+  *	use __vmalloc() instead.
+  */
++#undef vmalloc
+ void *vmalloc(unsigned long size)
+ {
+ 	return __vmalloc_node(size, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
+@@ -1424,6 +1469,7 @@ EXPORT_SYMBOL(vmalloc);
+  * The resulting memory area is zeroed so it can be mapped to userspace
+  * without leaking data.
+  */
++#undef vmalloc_user
+ void *vmalloc_user(unsigned long size)
+ {
+ 	struct vm_struct *area;
+@@ -1450,6 +1496,7 @@ EXPORT_SYMBOL(vmalloc_user);
+  *	For tight control over page level allocator and protection flags
+  *	use __vmalloc() instead.
+  */
++#undef vmalloc_node
+ void *vmalloc_node(unsigned long size, int node)
+ {
+ 	return __vmalloc_node(size, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL,
+@@ -1472,10 +1519,10 @@ EXPORT_SYMBOL(vmalloc_node);
+  *	For tight control over page level allocator and protection flags
+  *	use __vmalloc() instead.
+  */
+-
++#undef vmalloc_exec
+ void *vmalloc_exec(unsigned long size)
+ {
+-	return __vmalloc_node(size, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC,
++	return __vmalloc_node(size, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC,
+ 			      -1, __builtin_return_address(0));
+ }
+ 
+@@ -1494,6 +1541,7 @@ void *vmalloc_exec(unsigned long size)
+  *	Allocate enough 32bit PA addressable pages to cover @size from the
+  *	page level allocator and map them into contiguous kernel virtual space.
+  */
++#undef vmalloc_32
+ void *vmalloc_32(unsigned long size)
+ {
+ 	return __vmalloc_node(size, GFP_VMALLOC32, PAGE_KERNEL,
+@@ -1508,6 +1556,7 @@ EXPORT_SYMBOL(vmalloc_32);
+  * The resulting memory area is 32bit addressable and zeroed so it can be
+  * mapped to userspace without leaking data.
+  */
++#undef vmalloc_32_user
+ void *vmalloc_32_user(unsigned long size)
+ {
+ 	struct vm_struct *area;
+diff -urNp linux-2.6.29.6/net/atm/atm_misc.c linux-2.6.29.6/net/atm/atm_misc.c
+--- linux-2.6.29.6/net/atm/atm_misc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/atm/atm_misc.c	2009-07-23 17:34:37.460011249 -0400
+@@ -19,7 +19,7 @@ int atm_charge(struct atm_vcc *vcc,int t
+ 	if (atomic_read(&sk_atm(vcc)->sk_rmem_alloc) <= sk_atm(vcc)->sk_rcvbuf)
+ 		return 1;
+ 	atm_return(vcc,truesize);
+-	atomic_inc(&vcc->stats->rx_drop);
++	atomic_inc_unchecked(&vcc->stats->rx_drop);
+ 	return 0;
+ }
+ 
+@@ -41,7 +41,7 @@ struct sk_buff *atm_alloc_charge(struct 
+ 		}
+ 	}
+ 	atm_return(vcc,guess);
+-	atomic_inc(&vcc->stats->rx_drop);
++	atomic_inc_unchecked(&vcc->stats->rx_drop);
+ 	return NULL;
+ }
+ 
+@@ -96,7 +96,7 @@ void sonet_copy_stats(struct k_sonet_sta
+ 
+ void sonet_subtract_stats(struct k_sonet_stats *from,struct sonet_stats *to)
+ {
+-#define __HANDLE_ITEM(i) atomic_sub(to->i,&from->i)
++#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i,&from->i)
+ 	__SONET_ITEMS
+ #undef __HANDLE_ITEM
+ }
+diff -urNp linux-2.6.29.6/net/atm/resources.c linux-2.6.29.6/net/atm/resources.c
+--- linux-2.6.29.6/net/atm/resources.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/atm/resources.c	2009-07-23 17:34:32.234796571 -0400
+@@ -170,7 +170,7 @@ static void copy_aal_stats(struct k_atm_
+ static void subtract_aal_stats(struct k_atm_aal_stats *from,
+     struct atm_aal_stats *to)
+ {
+-#define __HANDLE_ITEM(i) atomic_sub(to->i, &from->i)
++#define __HANDLE_ITEM(i) atomic_sub_unchecked(to->i, &from->i)
+ 	__AAL_STAT_ITEMS
+ #undef __HANDLE_ITEM
+ }
+diff -urNp linux-2.6.29.6/net/bridge/br_stp_if.c linux-2.6.29.6/net/bridge/br_stp_if.c
+--- linux-2.6.29.6/net/bridge/br_stp_if.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/bridge/br_stp_if.c	2009-07-23 17:34:32.234796571 -0400
+@@ -146,7 +146,7 @@ static void br_stp_stop(struct net_bridg
+ 	char *envp[] = { NULL };
+ 
+ 	if (br->stp_enabled == BR_USER_STP) {
+-		r = call_usermodehelper(BR_STP_PROG, argv, envp, 1);
++		r = call_usermodehelper(BR_STP_PROG, argv, envp, UMH_WAIT_PROC);
+ 		printk(KERN_INFO "%s: userspace STP stopped, return code %d\n",
+ 			br->dev->name, r);
+ 
+diff -urNp linux-2.6.29.6/net/core/flow.c linux-2.6.29.6/net/core/flow.c
+--- linux-2.6.29.6/net/core/flow.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/core/flow.c	2009-07-23 17:34:32.234796571 -0400
+@@ -39,7 +39,7 @@ atomic_t flow_cache_genid = ATOMIC_INIT(
+ 
+ static u32 flow_hash_shift;
+ #define flow_hash_size	(1 << flow_hash_shift)
+-static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables) = { NULL };
++static DEFINE_PER_CPU(struct flow_cache_entry **, flow_tables);
+ 
+ #define flow_table(cpu) (per_cpu(flow_tables, cpu))
+ 
+@@ -52,7 +52,7 @@ struct flow_percpu_info {
+ 	u32 hash_rnd;
+ 	int count;
+ };
+-static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info) = { 0 };
++static DEFINE_PER_CPU(struct flow_percpu_info, flow_hash_info);
+ 
+ #define flow_hash_rnd_recalc(cpu) \
+ 	(per_cpu(flow_hash_info, cpu).hash_rnd_recalc)
+@@ -69,7 +69,7 @@ struct flow_flush_info {
+ 	atomic_t cpuleft;
+ 	struct completion completion;
+ };
+-static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets) = { NULL };
++static DEFINE_PER_CPU(struct tasklet_struct, flow_flush_tasklets);
+ 
+ #define flow_flush_tasklet(cpu) (&per_cpu(flow_flush_tasklets, cpu))
+ 
+diff -urNp linux-2.6.29.6/net/dccp/ccids/ccid3.c linux-2.6.29.6/net/dccp/ccids/ccid3.c
+--- linux-2.6.29.6/net/dccp/ccids/ccid3.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/dccp/ccids/ccid3.c	2009-07-23 17:34:32.234796571 -0400
+@@ -43,7 +43,7 @@
+ static int ccid3_debug;
+ #define ccid3_pr_debug(format, a...)	DCCP_PR_DEBUG(ccid3_debug, format, ##a)
+ #else
+-#define ccid3_pr_debug(format, a...)
++#define ccid3_pr_debug(format, a...) do {} while (0)
+ #endif
+ 
+ /*
+diff -urNp linux-2.6.29.6/net/dccp/dccp.h linux-2.6.29.6/net/dccp/dccp.h
+--- linux-2.6.29.6/net/dccp/dccp.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/dccp/dccp.h	2009-07-23 17:34:32.235712173 -0400
+@@ -43,8 +43,8 @@ extern int dccp_debug;
+ #define dccp_pr_debug(format, a...)	  DCCP_PR_DEBUG(dccp_debug, format, ##a)
+ #define dccp_pr_debug_cat(format, a...)   DCCP_PRINTK(dccp_debug, format, ##a)
+ #else
+-#define dccp_pr_debug(format, a...)
+-#define dccp_pr_debug_cat(format, a...)
++#define dccp_pr_debug(format, a...) do {} while (0)
++#define dccp_pr_debug_cat(format, a...) do {} while (0)
+ #endif
+ 
+ extern struct inet_hashinfo dccp_hashinfo;
+diff -urNp linux-2.6.29.6/net/ipv4/inet_connection_sock.c linux-2.6.29.6/net/ipv4/inet_connection_sock.c
+--- linux-2.6.29.6/net/ipv4/inet_connection_sock.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv4/inet_connection_sock.c	2009-07-23 17:34:32.235712173 -0400
+@@ -15,6 +15,7 @@
+ 
+ #include <linux/module.h>
+ #include <linux/jhash.h>
++#include <linux/security.h>
+ 
+ #include <net/inet_connection_sock.h>
+ #include <net/inet_hashtables.h>
+diff -urNp linux-2.6.29.6/net/ipv4/inet_hashtables.c linux-2.6.29.6/net/ipv4/inet_hashtables.c
+--- linux-2.6.29.6/net/ipv4/inet_hashtables.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv4/inet_hashtables.c	2009-07-23 17:34:32.235712173 -0400
+@@ -18,11 +18,14 @@
+ #include <linux/sched.h>
+ #include <linux/slab.h>
+ #include <linux/wait.h>
++#include <linux/security.h>
+ 
+ #include <net/inet_connection_sock.h>
+ #include <net/inet_hashtables.h>
+ #include <net/ip.h>
+ 
++extern void gr_update_task_in_ip_table(struct task_struct *task, const struct inet_sock *inet);
++
+ /*
+  * Allocate and initialize a new local port bind bucket.
+  * The bindhash mutex for snum's hash chain must be held here.
+@@ -481,6 +484,8 @@ ok:
+ 		}
+ 		spin_unlock(&head->lock);
+ 
++		gr_update_task_in_ip_table(current, inet_sk(sk));
++
+ 		if (tw) {
+ 			inet_twsk_deschedule(tw, death_row);
+ 			inet_twsk_put(tw);
+diff -urNp linux-2.6.29.6/net/ipv4/netfilter/nf_nat_snmp_basic.c linux-2.6.29.6/net/ipv4/netfilter/nf_nat_snmp_basic.c
+--- linux-2.6.29.6/net/ipv4/netfilter/nf_nat_snmp_basic.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv4/netfilter/nf_nat_snmp_basic.c	2009-07-23 17:34:32.235712173 -0400
+@@ -397,7 +397,7 @@ static unsigned char asn1_octets_decode(
+ 
+ 	*len = 0;
+ 
+-	*octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
++	*octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC);
+ 	if (*octets == NULL) {
+ 		if (net_ratelimit())
+ 			printk("OOM in bsalg (%d)\n", __LINE__);
+diff -urNp linux-2.6.29.6/net/ipv4/tcp_ipv4.c linux-2.6.29.6/net/ipv4/tcp_ipv4.c
+--- linux-2.6.29.6/net/ipv4/tcp_ipv4.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv4/tcp_ipv4.c	2009-07-23 17:34:32.236754222 -0400
+@@ -1512,6 +1512,9 @@ int tcp_v4_do_rcv(struct sock *sk, struc
+ 	return 0;
+ 
+ reset:
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++	if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
++#endif
+ 	tcp_v4_send_reset(rsk, skb);
+ discard:
+ 	kfree_skb(skb);
+@@ -1620,6 +1623,9 @@ no_tcp_socket:
+ bad_packet:
+ 		TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
+ 	} else {
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++		if (skb->dev->flags & IFF_LOOPBACK)
++#endif
+ 		tcp_v4_send_reset(NULL, skb);
+ 	}
+ 
+diff -urNp linux-2.6.29.6/net/ipv4/tcp_minisocks.c linux-2.6.29.6/net/ipv4/tcp_minisocks.c
+--- linux-2.6.29.6/net/ipv4/tcp_minisocks.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv4/tcp_minisocks.c	2009-07-23 17:34:32.236754222 -0400
+@@ -695,8 +695,11 @@ listen_overflow:
+ 
+ embryonic_reset:
+ 	NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS);
++
++#ifndef CONFIG_GRKERNSEC_BLACKHOLE
+ 	if (!(flg & TCP_FLAG_RST))
+ 		req->rsk_ops->send_reset(sk, skb);
++#endif
+ 
+ 	inet_csk_reqsk_queue_drop(sk, req, prev);
+ 	return NULL;
+diff -urNp linux-2.6.29.6/net/ipv4/udp.c linux-2.6.29.6/net/ipv4/udp.c
+--- linux-2.6.29.6/net/ipv4/udp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv4/udp.c	2009-07-23 17:34:32.237793198 -0400
+@@ -86,6 +86,7 @@
+ #include <linux/types.h>
+ #include <linux/fcntl.h>
+ #include <linux/module.h>
++#include <linux/security.h>
+ #include <linux/socket.h>
+ #include <linux/sockios.h>
+ #include <linux/igmp.h>
+@@ -369,6 +370,9 @@ found:
+ 	return s;
+ }
+ 
++extern int gr_search_udp_recvmsg(struct sock *sk, const struct sk_buff *skb);
++extern int gr_search_udp_sendmsg(struct sock *sk, struct sockaddr_in *addr);
++
+ /*
+  * This routine is called by the ICMP module when it gets some
+  * sort of error condition.  If err < 0 then the socket should
+@@ -630,9 +634,18 @@ int udp_sendmsg(struct kiocb *iocb, stru
+ 		dport = usin->sin_port;
+ 		if (dport == 0)
+ 			return -EINVAL;
++
++		err = gr_search_udp_sendmsg(sk, usin);
++		if (err)
++			return err;
+ 	} else {
+ 		if (sk->sk_state != TCP_ESTABLISHED)
+ 			return -EDESTADDRREQ;
++
++		err = gr_search_udp_sendmsg(sk, NULL);
++		if (err)
++			return err;
++
+ 		daddr = inet->daddr;
+ 		dport = inet->dport;
+ 		/* Open fast path for connected socket.
+@@ -898,6 +911,10 @@ try_again:
+ 	if (!skb)
+ 		goto out;
+ 
++	err = gr_search_udp_recvmsg(sk, skb);
++	if (err)
++		goto out_free;
++
+ 	ulen = skb->len - sizeof(struct udphdr);
+ 	copied = len;
+ 	if (copied > ulen)
+@@ -1288,6 +1305,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, 
+ 		goto csum_error;
+ 
+ 	UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++	if (skb->dev->flags & IFF_LOOPBACK)
++#endif
+ 	icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
+ 
+ 	/*
+diff -urNp linux-2.6.29.6/net/ipv6/exthdrs.c linux-2.6.29.6/net/ipv6/exthdrs.c
+--- linux-2.6.29.6/net/ipv6/exthdrs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv6/exthdrs.c	2009-07-23 17:34:32.237793198 -0400
+@@ -630,7 +630,7 @@ static struct tlvtype_proc tlvprochopopt
+ 		.type	= IPV6_TLV_JUMBO,
+ 		.func	= ipv6_hop_jumbo,
+ 	},
+-	{ -1, }
++	{ -1, NULL }
+ };
+ 
+ int ipv6_parse_hopopts(struct sk_buff *skb)
+diff -urNp linux-2.6.29.6/net/ipv6/ip6mr.c linux-2.6.29.6/net/ipv6/ip6mr.c
+--- linux-2.6.29.6/net/ipv6/ip6mr.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv6/ip6mr.c	2009-07-23 18:40:28.745511060 -0400
+@@ -204,7 +204,7 @@ static int ip6mr_vif_seq_show(struct seq
+ 	return 0;
+ }
+ 
+-static struct seq_operations ip6mr_vif_seq_ops = {
++static const struct seq_operations ip6mr_vif_seq_ops = {
+ 	.start = ip6mr_vif_seq_start,
+ 	.next  = ip6mr_vif_seq_next,
+ 	.stop  = ip6mr_vif_seq_stop,
+@@ -217,7 +217,7 @@ static int ip6mr_vif_open(struct inode *
+ 			    sizeof(struct ipmr_vif_iter));
+ }
+ 
+-static struct file_operations ip6mr_vif_fops = {
++static const struct file_operations ip6mr_vif_fops = {
+ 	.owner	 = THIS_MODULE,
+ 	.open    = ip6mr_vif_open,
+ 	.read    = seq_read,
+@@ -328,7 +328,7 @@ static int ipmr_mfc_seq_show(struct seq_
+ 	return 0;
+ }
+ 
+-static struct seq_operations ipmr_mfc_seq_ops = {
++static const struct seq_operations ipmr_mfc_seq_ops = {
+ 	.start = ipmr_mfc_seq_start,
+ 	.next  = ipmr_mfc_seq_next,
+ 	.stop  = ipmr_mfc_seq_stop,
+@@ -341,7 +341,7 @@ static int ipmr_mfc_open(struct inode *i
+ 			    sizeof(struct ipmr_mfc_iter));
+ }
+ 
+-static struct file_operations ip6mr_mfc_fops = {
++static const struct file_operations ip6mr_mfc_fops = {
+ 	.owner	 = THIS_MODULE,
+ 	.open    = ipmr_mfc_open,
+ 	.read    = seq_read,
+diff -urNp linux-2.6.29.6/net/ipv6/raw.c linux-2.6.29.6/net/ipv6/raw.c
+--- linux-2.6.29.6/net/ipv6/raw.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv6/raw.c	2009-07-23 17:34:32.237793198 -0400
+@@ -600,7 +600,7 @@ out:
+ 	return err;
+ }
+ 
+-static int rawv6_send_hdrinc(struct sock *sk, void *from, int length,
++static int rawv6_send_hdrinc(struct sock *sk, void *from, unsigned int length,
+ 			struct flowi *fl, struct rt6_info *rt,
+ 			unsigned int flags)
+ {
+diff -urNp linux-2.6.29.6/net/ipv6/tcp_ipv6.c linux-2.6.29.6/net/ipv6/tcp_ipv6.c
+--- linux-2.6.29.6/net/ipv6/tcp_ipv6.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv6/tcp_ipv6.c	2009-07-23 17:34:32.238737195 -0400
+@@ -1576,6 +1576,9 @@ static int tcp_v6_do_rcv(struct sock *sk
+ 	return 0;
+ 
+ reset:
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++	if (!skb->dev || (skb->dev->flags & IFF_LOOPBACK))
++#endif
+ 	tcp_v6_send_reset(sk, skb);
+ discard:
+ 	if (opt_skb)
+@@ -1699,6 +1702,9 @@ no_tcp_socket:
+ bad_packet:
+ 		TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
+ 	} else {
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++		if (skb->dev->flags & IFF_LOOPBACK)
++#endif
+ 		tcp_v6_send_reset(NULL, skb);
+ 	}
+ 
+diff -urNp linux-2.6.29.6/net/ipv6/udp.c linux-2.6.29.6/net/ipv6/udp.c
+--- linux-2.6.29.6/net/ipv6/udp.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/ipv6/udp.c	2009-07-23 17:34:32.238737195 -0400
+@@ -558,6 +558,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, 
+ 		UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS,
+ 				proto == IPPROTO_UDPLITE);
+ 
++#ifdef CONFIG_GRKERNSEC_BLACKHOLE
++		if (skb->dev->flags & IFF_LOOPBACK)
++#endif
+ 		icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0, dev);
+ 
+ 		kfree_skb(skb);
+diff -urNp linux-2.6.29.6/net/key/af_key.c linux-2.6.29.6/net/key/af_key.c
+--- linux-2.6.29.6/net/key/af_key.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/key/af_key.c	2009-07-23 18:40:28.770272617 -0400
+@@ -3707,7 +3707,7 @@ static void pfkey_seq_stop(struct seq_fi
+ 	read_unlock(&pfkey_table_lock);
+ }
+ 
+-static struct seq_operations pfkey_seq_ops = {
++static const struct seq_operations pfkey_seq_ops = {
+ 	.start	= pfkey_seq_start,
+ 	.next	= pfkey_seq_next,
+ 	.stop	= pfkey_seq_stop,
+@@ -3720,7 +3720,7 @@ static int pfkey_seq_open(struct inode *
+ 			    sizeof(struct seq_net_private));
+ }
+ 
+-static struct file_operations pfkey_proc_ops = {
++static const struct file_operations pfkey_proc_ops = {
+ 	.open	 = pfkey_seq_open,
+ 	.read	 = seq_read,
+ 	.llseek	 = seq_lseek,
+diff -urNp linux-2.6.29.6/net/mac80211/ieee80211_i.h linux-2.6.29.6/net/mac80211/ieee80211_i.h
+--- linux-2.6.29.6/net/mac80211/ieee80211_i.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/mac80211/ieee80211_i.h	2009-07-23 17:34:32.239733592 -0400
+@@ -562,7 +562,7 @@ struct ieee80211_local {
+ 	unsigned long queue_stop_reasons[IEEE80211_MAX_QUEUES];
+ 	spinlock_t queue_stop_reason_lock;
+ 	struct net_device *mdev; /* wmaster# - "master" 802.11 device */
+-	int open_count;
++	atomic_t open_count;
+ 	int monitors, cooked_mntrs;
+ 	/* number of interfaces with corresponding FIF_ flags */
+ 	int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss;
+diff -urNp linux-2.6.29.6/net/mac80211/iface.c linux-2.6.29.6/net/mac80211/iface.c
+--- linux-2.6.29.6/net/mac80211/iface.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/mac80211/iface.c	2009-07-23 17:34:32.239733592 -0400
+@@ -146,7 +146,7 @@ static int ieee80211_open(struct net_dev
+ 		break;
+ 	}
+ 
+-	if (local->open_count == 0) {
++	if (atomic_read(&local->open_count) == 0) {
+ 		res = 0;
+ 		if (local->ops->start)
+ 			res = local->ops->start(local_to_hw(local));
+@@ -182,7 +182,7 @@ static int ieee80211_open(struct net_dev
+ 	 * Validate the MAC address for this device.
+ 	 */
+ 	if (!is_valid_ether_addr(dev->dev_addr)) {
+-		if (!local->open_count && local->ops->stop)
++		if (!atomic_read(&local->open_count) && local->ops->stop)
+ 			local->ops->stop(local_to_hw(local));
+ 		return -EADDRNOTAVAIL;
+ 	}
+@@ -267,7 +267,7 @@ static int ieee80211_open(struct net_dev
+ 		}
+ 	}
+ 
+-	if (local->open_count == 0) {
++	if (atomic_read(&local->open_count) == 0) {
+ 		res = dev_open(local->mdev);
+ 		WARN_ON(res);
+ 		if (res)
+@@ -287,7 +287,7 @@ static int ieee80211_open(struct net_dev
+ 	if (sdata->flags & IEEE80211_SDATA_PROMISC)
+ 		atomic_inc(&local->iff_promiscs);
+ 
+-	local->open_count++;
++	atomic_inc(&local->open_count);
+ 	if (hw_reconf_flags) {
+ 		ieee80211_hw_config(local, hw_reconf_flags);
+ 		/*
+@@ -316,7 +316,7 @@ static int ieee80211_open(struct net_dev
+  err_del_interface:
+ 	local->ops->remove_interface(local_to_hw(local), &conf);
+  err_stop:
+-	if (!local->open_count && local->ops->stop)
++	if (!atomic_read(&local->open_count) && local->ops->stop)
+ 		local->ops->stop(local_to_hw(local));
+  err_del_bss:
+ 	sdata->bss = NULL;
+@@ -401,7 +401,7 @@ static int ieee80211_stop(struct net_dev
+ 		WARN_ON(!list_empty(&sdata->u.ap.vlans));
+ 	}
+ 
+-	local->open_count--;
++	atomic_dec(&local->open_count);
+ 
+ 	switch (sdata->vif.type) {
+ 	case NL80211_IFTYPE_AP_VLAN:
+@@ -514,7 +514,7 @@ static int ieee80211_stop(struct net_dev
+ 
+ 	sdata->bss = NULL;
+ 
+-	if (local->open_count == 0) {
++	if (atomic_read(&local->open_count) == 0) {
+ 		if (netif_running(local->mdev))
+ 			dev_close(local->mdev);
+ 
+diff -urNp linux-2.6.29.6/net/mac80211/main.c linux-2.6.29.6/net/mac80211/main.c
+--- linux-2.6.29.6/net/mac80211/main.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/mac80211/main.c	2009-07-23 17:34:32.239733592 -0400
+@@ -233,7 +233,7 @@ int ieee80211_hw_config(struct ieee80211
+ 		local->hw.conf.power_level = power;
+ 	}
+ 
+-	if (changed && local->open_count) {
++	if (changed && atomic_read(&local->open_count)) {
+ 		ret = local->ops->config(local_to_hw(local), changed);
+ 		/*
+ 		 * Goal:
+diff -urNp linux-2.6.29.6/net/mac80211/rate.c linux-2.6.29.6/net/mac80211/rate.c
+--- linux-2.6.29.6/net/mac80211/rate.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/mac80211/rate.c	2009-07-23 17:34:32.240714874 -0400
+@@ -256,7 +256,7 @@ int ieee80211_init_rate_ctrl_alg(struct 
+ 	struct rate_control_ref *ref, *old;
+ 
+ 	ASSERT_RTNL();
+-	if (local->open_count || netif_running(local->mdev))
++	if (atomic_read(&local->open_count) || netif_running(local->mdev))
+ 		return -EBUSY;
+ 
+ 	ref = rate_control_alloc(name, local);
+diff -urNp linux-2.6.29.6/net/mac80211/rc80211_minstrel_debugfs.c linux-2.6.29.6/net/mac80211/rc80211_minstrel_debugfs.c
+--- linux-2.6.29.6/net/mac80211/rc80211_minstrel_debugfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/mac80211/rc80211_minstrel_debugfs.c	2009-07-23 18:40:28.777436731 -0400
+@@ -139,7 +139,7 @@ minstrel_stats_release(struct inode *ino
+ 	return 0;
+ }
+ 
+-static struct file_operations minstrel_stat_fops = {
++static const struct file_operations minstrel_stat_fops = {
+ 	.owner = THIS_MODULE,
+ 	.open = minstrel_stats_open,
+ 	.read = minstrel_stats_read,
+diff -urNp linux-2.6.29.6/net/mac80211/rc80211_pid_debugfs.c linux-2.6.29.6/net/mac80211/rc80211_pid_debugfs.c
+--- linux-2.6.29.6/net/mac80211/rc80211_pid_debugfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/mac80211/rc80211_pid_debugfs.c	2009-07-23 18:40:28.783149857 -0400
+@@ -198,7 +198,7 @@ static ssize_t rate_control_pid_events_r
+ 
+ #undef RC_PID_PRINT_BUF_SIZE
+ 
+-static struct file_operations rc_pid_fop_events = {
++static const struct file_operations rc_pid_fop_events = {
+ 	.owner = THIS_MODULE,
+ 	.read = rate_control_pid_events_read,
+ 	.poll = rate_control_pid_events_poll,
+diff -urNp linux-2.6.29.6/net/packet/af_packet.c linux-2.6.29.6/net/packet/af_packet.c
+--- linux-2.6.29.6/net/packet/af_packet.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/packet/af_packet.c	2009-07-23 18:40:28.789919912 -0400
+@@ -1741,7 +1741,7 @@ static void packet_mm_close(struct vm_ar
+ 		atomic_dec(&pkt_sk(sk)->mapped);
+ }
+ 
+-static struct vm_operations_struct packet_mmap_ops = {
++static const struct vm_operations_struct packet_mmap_ops = {
+ 	.open =	packet_mm_open,
+ 	.close =packet_mm_close,
+ };
+diff -urNp linux-2.6.29.6/net/sctp/socket.c linux-2.6.29.6/net/sctp/socket.c
+--- linux-2.6.29.6/net/sctp/socket.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/sctp/socket.c	2009-07-23 17:34:32.240714874 -0400
+@@ -1434,7 +1434,7 @@ SCTP_STATIC int sctp_sendmsg(struct kioc
+ 	struct sctp_sndrcvinfo *sinfo;
+ 	struct sctp_initmsg *sinit;
+ 	sctp_assoc_t associd = 0;
+-	sctp_cmsgs_t cmsgs = { NULL };
++	sctp_cmsgs_t cmsgs = { NULL, NULL };
+ 	int err;
+ 	sctp_scope_t scope;
+ 	long timeo;
+@@ -5756,7 +5756,6 @@ pp_found:
+ 		 */
+ 		int reuse = sk->sk_reuse;
+ 		struct sock *sk2;
+-		struct hlist_node *node;
+ 
+ 		SCTP_DEBUG_PRINTK("sctp_get_port() found a possible match\n");
+ 		if (pp->fastreuse && sk->sk_reuse &&
+diff -urNp linux-2.6.29.6/net/socket.c linux-2.6.29.6/net/socket.c
+--- linux-2.6.29.6/net/socket.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/socket.c	2009-07-23 19:30:30.968455360 -0400
+@@ -86,6 +86,7 @@
+ #include <linux/audit.h>
+ #include <linux/wireless.h>
+ #include <linux/nsproxy.h>
++#include <linux/in.h>
+ 
+ #include <asm/uaccess.h>
+ #include <asm/unistd.h>
+@@ -96,6 +97,21 @@
+ #include <net/sock.h>
+ #include <linux/netfilter.h>
+ 
++extern void gr_attach_curr_ip(const struct sock *sk);
++extern int gr_handle_sock_all(const int family, const int type,
++			      const int protocol);
++extern int gr_handle_sock_server(const struct sockaddr *sck);
++extern int gr_handle_sock_server_other(const struct socket *sck);
++extern int gr_handle_sock_client(const struct sockaddr *sck);
++extern int gr_search_connect(struct socket * sock,
++			     struct sockaddr_in * addr);
++extern int gr_search_bind(struct socket * sock,
++			  struct sockaddr_in * addr);
++extern int gr_search_listen(struct socket * sock);
++extern int gr_search_accept(struct socket * sock);
++extern int gr_search_socket(const int domain, const int type,
++			    const int protocol);
++
+ static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
+ static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
+ 			 unsigned long nr_segs, loff_t pos);
+@@ -285,7 +301,7 @@ static int init_inodecache(void)
+ 	return 0;
+ }
+ 
+-static struct super_operations sockfs_ops = {
++static const struct super_operations sockfs_ops = {
+ 	.alloc_inode =	sock_alloc_inode,
+ 	.destroy_inode =sock_destroy_inode,
+ 	.statfs =	simple_statfs,
+@@ -299,7 +315,7 @@ static int sockfs_get_sb(struct file_sys
+ 			     mnt);
+ }
+ 
+-static struct vfsmount *sock_mnt __read_mostly;
++struct vfsmount *sock_mnt __read_mostly;
+ 
+ static struct file_system_type sock_fs_type = {
+ 	.name =		"sockfs",
+@@ -328,7 +344,7 @@ static char *sockfs_dname(struct dentry 
+ 				dentry->d_inode->i_ino);
+ }
+ 
+-static struct dentry_operations sockfs_dentry_operations = {
++static const struct dentry_operations sockfs_dentry_operations = {
+ 	.d_delete = sockfs_delete_dentry,
+ 	.d_dname  = sockfs_dname,
+ };
+@@ -1234,6 +1250,16 @@ SYSCALL_DEFINE3(socket, int, family, int
+ 	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
+ 		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
+ 
++	if(!gr_search_socket(family, type, protocol)) {
++		retval = -EACCES;
++		goto out;
++	}
++
++	if (gr_handle_sock_all(family, type, protocol)) {
++		retval = -EACCES;
++		goto out;
++	}
++
+ 	retval = sock_create(family, type, protocol, &sock);
+ 	if (retval < 0)
+ 		goto out;
+@@ -1366,6 +1392,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
+ 	if (sock) {
+ 		err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
+ 		if (err >= 0) {
++			if (gr_handle_sock_server((struct sockaddr *)&address)) {
++				err = -EACCES;
++				goto error;
++			}
++			err = gr_search_bind(sock, (struct sockaddr_in *)&address);
++			if (err)
++				goto error;
++
+ 			err = security_socket_bind(sock,
+ 						   (struct sockaddr *)&address,
+ 						   addrlen);
+@@ -1374,6 +1408,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct so
+ 						      (struct sockaddr *)
+ 						      &address, addrlen);
+ 		}
++error:
+ 		fput_light(sock->file, fput_needed);
+ 	}
+ 	return err;
+@@ -1397,10 +1432,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, ba
+ 		if ((unsigned)backlog > somaxconn)
+ 			backlog = somaxconn;
+ 
++		if (gr_handle_sock_server_other(sock)) {
++			err = -EPERM;
++			goto error;
++		}
++
++		err = gr_search_listen(sock);
++		if (err)
++			goto error;
++
+ 		err = security_socket_listen(sock, backlog);
+ 		if (!err)
+ 			err = sock->ops->listen(sock, backlog);
+ 
++error:
+ 		fput_light(sock->file, fput_needed);
+ 	}
+ 	return err;
+@@ -1443,6 +1488,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
+ 	newsock->type = sock->type;
+ 	newsock->ops = sock->ops;
+ 
++	if (gr_handle_sock_server_other(sock)) {
++		err = -EPERM;
++		sock_release(newsock);
++		goto out_put;
++	}
++
++	err = gr_search_accept(sock);
++	if (err) {
++		sock_release(newsock);
++		goto out_put;
++	}
++
+ 	/*
+ 	 * We don't need try_module_get here, as the listening socket (sock)
+ 	 * has the protocol module (sock->ops->owner) held.
+@@ -1486,6 +1543,7 @@ SYSCALL_DEFINE4(accept4, int, fd, struct
+ 	err = newfd;
+ 
+ 	security_socket_post_accept(sock, newsock);
++	gr_attach_curr_ip(newsock->sk);
+ 
+ out_put:
+ 	fput_light(sock->file, fput_needed);
+@@ -1524,6 +1582,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct
+ 		int, addrlen)
+ {
+ 	struct socket *sock;
++	struct sockaddr *sck;
+ 	struct sockaddr_storage address;
+ 	int err, fput_needed;
+ 
+@@ -1534,6 +1593,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct
+ 	if (err < 0)
+ 		goto out_put;
+ 
++	sck = (struct sockaddr *)&address;
++
++	if (gr_handle_sock_client(sck)) {
++		err = -EACCES;
++		goto out_put;
++	}
++
++	err = gr_search_connect(sock, (struct sockaddr_in *)sck);
++	if (err)
++		goto out_put;
++
+ 	err =
+ 	    security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
+ 	if (err)
+diff -urNp linux-2.6.29.6/net/sunrpc/rpc_pipe.c linux-2.6.29.6/net/sunrpc/rpc_pipe.c
+--- linux-2.6.29.6/net/sunrpc/rpc_pipe.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/sunrpc/rpc_pipe.c	2009-07-23 18:40:28.803536193 -0400
+@@ -480,7 +480,7 @@ static int rpc_delete_dentry(struct dent
+ 	return 1;
+ }
+ 
+-static struct dentry_operations rpc_dentry_operations = {
++static const struct dentry_operations rpc_dentry_operations = {
+ 	.d_delete = rpc_delete_dentry,
+ };
+ 
+@@ -858,7 +858,7 @@ EXPORT_SYMBOL_GPL(rpc_unlink);
+ /*
+  * populate the filesystem
+  */
+-static struct super_operations s_ops = {
++static const struct super_operations s_ops = {
+ 	.alloc_inode	= rpc_alloc_inode,
+ 	.destroy_inode	= rpc_destroy_inode,
+ 	.statfs		= simple_statfs,
+diff -urNp linux-2.6.29.6/net/unix/af_unix.c linux-2.6.29.6/net/unix/af_unix.c
+--- linux-2.6.29.6/net/unix/af_unix.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/unix/af_unix.c	2009-07-23 17:34:32.242831111 -0400
+@@ -734,6 +734,12 @@ static struct sock *unix_find_other(stru
+ 		err = -ECONNREFUSED;
+ 		if (!S_ISSOCK(inode->i_mode))
+ 			goto put_fail;
++
++		if (!gr_acl_handle_unix(path.dentry, path.mnt)) {
++			err = -EACCES;
++			goto put_fail;
++		}
++
+ 		u = unix_find_socket_byinode(net, inode);
+ 		if (!u)
+ 			goto put_fail;
+@@ -754,6 +760,13 @@ static struct sock *unix_find_other(stru
+ 		if (u) {
+ 			struct dentry *dentry;
+ 			dentry = unix_sk(u)->dentry;
++
++			if (!gr_handle_chroot_unix(u->sk_peercred.pid)) {
++				err = -EPERM;
++				sock_put(u);
++				goto fail;
++			}
++
+ 			if (dentry)
+ 				touch_atime(unix_sk(u)->mnt, dentry);
+ 		} else
+@@ -839,11 +852,18 @@ static int unix_bind(struct socket *sock
+ 		err = security_path_mknod(&nd.path, dentry, mode, 0);
+ 		if (err)
+ 			goto out_mknod_drop_write;
++		if (!gr_acl_handle_mknod(dentry, nd.path.dentry, nd.path.mnt, mode)) {
++			err = -EACCES;
++			goto out_mknod_drop_write;
++		}
+ 		err = vfs_mknod(nd.path.dentry->d_inode, dentry, mode, 0);
+ out_mknod_drop_write:
+ 		mnt_drop_write(nd.path.mnt);
+ 		if (err)
+ 			goto out_mknod_dput;
++
++		gr_handle_create(dentry, nd.path.mnt);
++
+ 		mutex_unlock(&nd.path.dentry->d_inode->i_mutex);
+ 		dput(nd.path.dentry);
+ 		nd.path.dentry = dentry;
+@@ -861,6 +881,10 @@ out_mknod_drop_write:
+ 			goto out_unlock;
+ 		}
+ 
++#ifdef CONFIG_GRKERNSEC_CHROOT_UNIX
++		sk->sk_peercred.pid = current->pid;
++#endif
++
+ 		list = &unix_socket_table[addr->hash];
+ 	} else {
+ 		list = &unix_socket_table[dentry->d_inode->i_ino & (UNIX_HASH_SIZE-1)];
+diff -urNp linux-2.6.29.6/net/xfrm/xfrm_proc.c linux-2.6.29.6/net/xfrm/xfrm_proc.c
+--- linux-2.6.29.6/net/xfrm/xfrm_proc.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/net/xfrm/xfrm_proc.c	2009-07-23 18:40:28.814555102 -0400
+@@ -60,7 +60,7 @@ static int xfrm_statistics_seq_open(stru
+ 	return single_open_net(inode, file, xfrm_statistics_seq_show);
+ }
+ 
+-static struct file_operations xfrm_statistics_seq_fops = {
++static const struct file_operations xfrm_statistics_seq_fops = {
+ 	.owner	 = THIS_MODULE,
+ 	.open	 = xfrm_statistics_seq_open,
+ 	.read	 = seq_read,
+diff -urNp linux-2.6.29.6/samples/markers/marker-example.c linux-2.6.29.6/samples/markers/marker-example.c
+--- linux-2.6.29.6/samples/markers/marker-example.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/samples/markers/marker-example.c	2009-07-23 18:40:28.823705055 -0400
+@@ -26,7 +26,7 @@ static int my_open(struct inode *inode, 
+ 	return -EPERM;
+ }
+ 
+-static struct file_operations mark_ops = {
++static const struct file_operations mark_ops = {
+ 	.open = my_open,
+ };
+ 
+diff -urNp linux-2.6.29.6/samples/tracepoints/tracepoint-sample.c linux-2.6.29.6/samples/tracepoints/tracepoint-sample.c
+--- linux-2.6.29.6/samples/tracepoints/tracepoint-sample.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/samples/tracepoints/tracepoint-sample.c	2009-07-23 18:40:28.824321350 -0400
+@@ -28,7 +28,7 @@ static int my_open(struct inode *inode, 
+ 	return -EPERM;
+ }
+ 
+-static struct file_operations mark_ops = {
++static const struct file_operations mark_ops = {
+ 	.open = my_open,
+ };
+ 
+diff -urNp linux-2.6.29.6/scripts/mod/modpost.c linux-2.6.29.6/scripts/mod/modpost.c
+--- linux-2.6.29.6/scripts/mod/modpost.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/scripts/mod/modpost.c	2009-07-23 17:34:32.242831111 -0400
+@@ -830,6 +830,7 @@ enum mismatch {
+ 	INIT_TO_EXIT,
+ 	EXIT_TO_INIT,
+ 	EXPORT_TO_INIT_EXIT,
++	DATA_TO_TEXT
+ };
+ 
+ struct sectioncheck {
+@@ -891,6 +892,12 @@ const struct sectioncheck sectioncheck[]
+ 	.fromsec = { "__ksymtab*", NULL },
+ 	.tosec   = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
+ 	.mismatch = EXPORT_TO_INIT_EXIT
++},
++/* Do not reference code from writable data */
++{
++	.fromsec = { DATA_SECTIONS, NULL },
++	.tosec   = { TEXT_SECTIONS, NULL },
++	.mismatch = DATA_TO_TEXT
+ }
+ };
+ 
+@@ -1249,6 +1256,14 @@ static void report_sec_mismatch(const ch
+ 		"Fix this by removing the %sannotation of %s "
+ 		"or drop the export.\n",
+ 		tosym, sec2annotation(tosec), sec2annotation(tosec), tosym);
++	case DATA_TO_TEXT:
++/*
++		fprintf(stderr,
++		"The variable %s references\n"
++		"the %s %s%s%s\n"
++		fromsym, to, sec2annotation(tosec), tosym, to_p);
++*/
++		break;
+ 	case NO_MISMATCH:
+ 		/* To get warnings on missing members */
+ 		break;
+diff -urNp linux-2.6.29.6/scripts/pnmtologo.c linux-2.6.29.6/scripts/pnmtologo.c
+--- linux-2.6.29.6/scripts/pnmtologo.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/scripts/pnmtologo.c	2009-07-23 17:34:32.243888317 -0400
+@@ -237,14 +237,14 @@ static void write_header(void)
+     fprintf(out, " *  Linux logo %s\n", logoname);
+     fputs(" */\n\n", out);
+     fputs("#include <linux/linux_logo.h>\n\n", out);
+-    fprintf(out, "static unsigned char %s_data[] __initdata = {\n",
++    fprintf(out, "static unsigned char %s_data[] = {\n",
+ 	    logoname);
+ }
+ 
+ static void write_footer(void)
+ {
+     fputs("\n};\n\n", out);
+-    fprintf(out, "struct linux_logo %s __initdata = {\n", logoname);
++    fprintf(out, "struct linux_logo %s = {\n", logoname);
+     fprintf(out, "    .type\t= %s,\n", logo_types[logo_type]);
+     fprintf(out, "    .width\t= %d,\n", logo_width);
+     fprintf(out, "    .height\t= %d,\n", logo_height);
+@@ -374,7 +374,7 @@ static void write_logo_clut224(void)
+     fputs("\n};\n\n", out);
+ 
+     /* write logo clut */
+-    fprintf(out, "static unsigned char %s_clut[] __initdata = {\n",
++    fprintf(out, "static unsigned char %s_clut[] = {\n",
+ 	    logoname);
+     write_hex_cnt = 0;
+     for (i = 0; i < logo_clutsize; i++) {
+diff -urNp linux-2.6.29.6/security/commoncap.c linux-2.6.29.6/security/commoncap.c
+--- linux-2.6.29.6/security/commoncap.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/security/commoncap.c	2009-07-23 17:34:32.243888317 -0400
+@@ -28,9 +28,11 @@
+ #include <linux/prctl.h>
+ #include <linux/securebits.h>
+ 
++extern kernel_cap_t gr_cap_rtnetlink(struct sock *sk);
++
+ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
+ {
+-	NETLINK_CB(skb).eff_cap = current_cap();
++	NETLINK_CB(skb).eff_cap = gr_cap_rtnetlink(sk);
+ 	return 0;
+ }
+ 
+diff -urNp linux-2.6.29.6/security/Kconfig linux-2.6.29.6/security/Kconfig
+--- linux-2.6.29.6/security/Kconfig	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/security/Kconfig	2009-07-23 17:35:37.439768706 -0400
+@@ -4,6 +4,465 @@
+ 
+ menu "Security options"
+ 
++source grsecurity/Kconfig
++
++menu "PaX"
++
++config PAX
++	bool "Enable various PaX features"
++	depends on GRKERNSEC && (ALPHA || ARM || AVR32 || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
++	help
++	  This allows you to enable various PaX features.  PaX adds
++	  intrusion prevention mechanisms to the kernel that reduce
++	  the risks posed by exploitable memory corruption bugs.
++
++menu "PaX Control"
++	depends on PAX
++
++config PAX_SOFTMODE
++	bool 'Support soft mode'
++	help
++	  Enabling this option will allow you to run PaX in soft mode, that
++	  is, PaX features will not be enforced by default, only on executables
++	  marked explicitly.  You must also enable PT_PAX_FLAGS support as it
++	  is the only way to mark executables for soft mode use.
++
++	  Soft mode can be activated by using the "pax_softmode=1" kernel command
++	  line option on boot.  Furthermore you can control various PaX features
++	  at runtime via the entries in /proc/sys/kernel/pax.
++
++config PAX_EI_PAX
++	bool 'Use legacy ELF header marking'
++	help
++	  Enabling this option will allow you to control PaX features on
++	  a per executable basis via the 'chpax' utility available at
++	  http://pax.grsecurity.net/.  The control flags will be read from
++	  an otherwise reserved part of the ELF header.  This marking has
++	  numerous drawbacks (no support for soft-mode, toolchain does not
++	  know about the non-standard use of the ELF header) therefore it
++	  has been deprecated in favour of PT_PAX_FLAGS support.
++
++	  If you have applications not marked by the PT_PAX_FLAGS ELF
++	  program header then you MUST enable this option otherwise they
++	  will not get any protection.
++
++	  Note that if you enable PT_PAX_FLAGS marking support as well,
++	  the PT_PAX_FLAG marks will override the legacy EI_PAX marks.
++
++config PAX_PT_PAX_FLAGS
++	bool 'Use ELF program header marking'
++	help
++	  Enabling this option will allow you to control PaX features on
++	  a per executable basis via the 'paxctl' utility available at
++	  http://pax.grsecurity.net/.  The control flags will be read from
++	  a PaX specific ELF program header (PT_PAX_FLAGS).  This marking
++	  has the benefits of supporting both soft mode and being fully
++	  integrated into the toolchain (the binutils patch is available
++	  from http://pax.grsecurity.net).
++
++	  If you have applications not marked by the PT_PAX_FLAGS ELF
++	  program header then you MUST enable the EI_PAX marking support
++	  otherwise they will not get any protection.
++
++	  Note that if you enable the legacy EI_PAX marking support as well,
++	  the EI_PAX marks will be overridden by the PT_PAX_FLAGS marks.
++
++choice
++	prompt 'MAC system integration'
++	default PAX_HAVE_ACL_FLAGS
++	help
++	  Mandatory Access Control systems have the option of controlling
++	  PaX flags on a per executable basis, choose the method supported
++	  by your particular system.
++
++	  - "none": if your MAC system does not interact with PaX,
++	  - "direct": if your MAC system defines pax_set_initial_flags() itself,
++	  - "hook": if your MAC system uses the pax_set_initial_flags_func callback.
++
++	  NOTE: this option is for developers/integrators only.
++
++	config PAX_NO_ACL_FLAGS
++		bool 'none'
++
++	config PAX_HAVE_ACL_FLAGS
++		bool 'direct'
++
++	config PAX_HOOK_ACL_FLAGS
++		bool 'hook'
++endchoice
++
++endmenu
++
++menu "Non-executable pages"
++	depends on PAX
++
++config PAX_NOEXEC
++	bool "Enforce non-executable pages"
++	depends on (PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS) && (ALPHA || IA64 || MIPS32 || MIPS64 || PARISC || PPC32 || PPC64 || SPARC32 || SPARC64 || X86)
++	help
++	  By design some architectures do not allow for protecting memory
++	  pages against execution or even if they do, Linux does not make
++	  use of this feature.  In practice this means that if a page is
++	  readable (such as the stack or heap) it is also executable.
++
++	  There is a well known exploit technique that makes use of this
++	  fact and a common programming mistake where an attacker can
++	  introduce code of his choice somewhere in the attacked program's
++	  memory (typically the stack or the heap) and then execute it.
++
++	  If the attacked program was running with different (typically
++	  higher) privileges than that of the attacker, then he can elevate
++	  his own privilege level (e.g. get a root shell, write to files for
++	  which he does not have write access to, etc).
++
++	  Enabling this option will let you choose from various features
++	  that prevent the injection and execution of 'foreign' code in
++	  a program.
++
++	  This will also break programs that rely on the old behaviour and
++	  expect that dynamically allocated memory via the malloc() family
++	  of functions is executable (which it is not).  Notable examples
++	  are the XFree86 4.x server, the java runtime and wine.
++
++config PAX_PAGEEXEC
++	bool "Paging based non-executable pages"
++	depends on !COMPAT_VDSO && PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
++	help
++	  This implementation is based on the paging feature of the CPU.
++	  On i386 without hardware non-executable bit support there is a
++	  variable but usually low performance impact, however on Intel's
++	  P4 core based CPUs it is very high so you should not enable this
++	  for kernels meant to be used on such CPUs.
++
++	  On alpha, avr32, ia64, parisc, sparc, sparc64, x86_64 and i386
++	  with hardware non-executable bit support there is no performance
++	  impact, on ppc the impact is negligible.
++
++	  Note that several architectures require various emulations due to
++	  badly designed userland ABIs, this will cause a performance impact
++	  but will disappear as soon as userland is fixed (e.g., ppc users
++	  can make use of the secure-plt feature found in binutils).
++
++config PAX_SEGMEXEC
++	bool "Segmentation based non-executable pages"
++	depends on !COMPAT_VDSO && PAX_NOEXEC && X86_32
++	help
++	  This implementation is based on the segmentation feature of the
++	  CPU and has a very small performance impact, however applications
++	  will be limited to a 1.5 GB address space instead of the normal
++	  3 GB.
++
++config PAX_EMUTRAMP
++	bool "Emulate trampolines" if (PAX_PAGEEXEC || PAX_SEGMEXEC) && (PARISC || PPC32 || X86)
++	default y if PARISC || PPC32
++	help
++	  There are some programs and libraries that for one reason or
++	  another attempt to execute special small code snippets from
++	  non-executable memory pages.  Most notable examples are the
++	  signal handler return code generated by the kernel itself and
++	  the GCC trampolines.
++
++	  If you enabled CONFIG_PAX_PAGEEXEC or CONFIG_PAX_SEGMEXEC then
++	  such programs will no longer work under your kernel.
++
++	  As a remedy you can say Y here and use the 'chpax' or 'paxctl'
++	  utilities to enable trampoline emulation for the affected programs
++	  yet still have the protection provided by the non-executable pages.
++
++	  On parisc and ppc you MUST enable this option and EMUSIGRT as
++	  well, otherwise your system will not even boot.
++
++	  Alternatively you can say N here and use the 'chpax' or 'paxctl'
++	  utilities to disable CONFIG_PAX_PAGEEXEC and CONFIG_PAX_SEGMEXEC
++	  for the affected files.
++
++	  NOTE: enabling this feature *may* open up a loophole in the
++	  protection provided by non-executable pages that an attacker
++	  could abuse.  Therefore the best solution is to not have any
++	  files on your system that would require this option.  This can
++	  be achieved by not using libc5 (which relies on the kernel
++	  signal handler return code) and not using or rewriting programs
++	  that make use of the nested function implementation of GCC.
++	  Skilled users can just fix GCC itself so that it implements
++	  nested function calls in a way that does not interfere with PaX.
++
++config PAX_EMUSIGRT
++	bool "Automatically emulate sigreturn trampolines"
++	depends on PAX_EMUTRAMP && (PARISC || PPC32)
++	default y
++	help
++	  Enabling this option will have the kernel automatically detect
++	  and emulate signal return trampolines executing on the stack
++	  that would otherwise lead to task termination.
++
++	  This solution is intended as a temporary one for users with
++	  legacy versions of libc (libc5, glibc 2.0, uClibc before 0.9.17,
++	  Modula-3 runtime, etc) or executables linked to such, basically
++	  everything that does not specify its own SA_RESTORER function in
++	  normal executable memory like glibc 2.1+ does.
++
++	  On parisc and ppc you MUST enable this option, otherwise your
++	  system will not even boot.
++
++	  NOTE: this feature cannot be disabled on a per executable basis
++	  and since it *does* open up a loophole in the protection provided
++	  by non-executable pages, the best solution is to not have any
++	  files on your system that would require this option.
++
++config PAX_MPROTECT
++	bool "Restrict mprotect()"
++	depends on (PAX_PAGEEXEC || PAX_SEGMEXEC) && !PPC64
++	help
++	  Enabling this option will prevent programs from
++	   - changing the executable status of memory pages that were
++	     not originally created as executable,
++	   - making read-only executable pages writable again,
++	   - creating executable pages from anonymous memory.
++
++	  You should say Y here to complete the protection provided by
++	  the enforcement of non-executable pages.
++
++	  NOTE: you can use the 'chpax' or 'paxctl' utilities to control
++	  this feature on a per file basis.
++
++config PAX_NOELFRELOCS
++	bool "Disallow ELF text relocations"
++	depends on PAX_MPROTECT && !PAX_ETEXECRELOCS && (IA64 || X86)
++	help
++	  Non-executable pages and mprotect() restrictions are effective
++	  in preventing the introduction of new executable code into an
++	  attacked task's address space.  There remain only two venues
++	  for this kind of attack: if the attacker can execute already
++	  existing code in the attacked task then he can either have it
++	  create and mmap() a file containing his code or have it mmap()
++	  an already existing ELF library that does not have position
++	  independent code in it and use mprotect() on it to make it
++	  writable and copy his code there.  While protecting against
++	  the former approach is beyond PaX, the latter can be prevented
++	  by having only PIC ELF libraries on one's system (which do not
++	  need to relocate their code).  If you are sure this is your case,
++	  then enable this option otherwise be careful as you may not even
++	  be able to boot or log on your system (for example, some PAM
++	  modules are erroneously compiled as non-PIC by default).
++
++	  NOTE: if you are using dynamic ELF executables (as suggested
++	  when using ASLR) then you must have made sure that you linked
++	  your files using the PIC version of crt1 (the et_dyn.tar.gz package
++	  referenced there has already been updated to support this).
++
++config PAX_ETEXECRELOCS
++	bool "Allow ELF ET_EXEC text relocations"
++	depends on PAX_MPROTECT && (ALPHA || IA64 || PARISC)
++	default y
++	help
++	  On some architectures there are incorrectly created applications
++	  that require text relocations and would not work without enabling
++	  this option.  If you are an alpha, ia64 or parisc user, you should
++	  enable this option and disable it once you have made sure that
++	  none of your applications need it.
++
++config PAX_EMUPLT
++	bool "Automatically emulate ELF PLT"
++	depends on PAX_MPROTECT && (ALPHA || PARISC || PPC32 || SPARC32 || SPARC64)
++	default y
++	help
++	  Enabling this option will have the kernel automatically detect
++	  and emulate the Procedure Linkage Table entries in ELF files.
++	  On some architectures such entries are in writable memory, and
++	  become non-executable leading to task termination.  Therefore
++	  it is mandatory that you enable this option on alpha, parisc,
++	  ppc (if secure-plt is not used throughout in userland), sparc
++	  and sparc64, otherwise your system would not even boot.
++
++	  NOTE: this feature *does* open up a loophole in the protection
++	  provided by the non-executable pages, therefore the proper
++	  solution is to modify the toolchain to produce a PLT that does
++	  not need to be writable.
++
++config PAX_DLRESOLVE
++	bool
++	depends on PAX_EMUPLT && (SPARC32 || SPARC64)
++	default y
++
++config PAX_SYSCALL
++	bool
++	depends on PAX_PAGEEXEC && PPC32
++	default y
++
++config PAX_KERNEXEC
++	bool "Enforce non-executable kernel pages"
++	depends on PAX_NOEXEC && X86 && !EFI && !COMPAT_VDSO && (!X86_32 || X86_WP_WORKS_OK) && !PARAVIRT
++	help
++	  This is the kernel land equivalent of PAGEEXEC and MPROTECT,
++	  that is, enabling this option will make it harder to inject
++	  and execute 'foreign' code in kernel memory itself.
++
++endmenu
++
++menu "Address Space Layout Randomization"
++	depends on PAX
++
++config PAX_ASLR
++	bool "Address Space Layout Randomization"
++	depends on PAX_EI_PAX || PAX_PT_PAX_FLAGS || PAX_HAVE_ACL_FLAGS || PAX_HOOK_ACL_FLAGS
++	help
++	  Many if not most exploit techniques rely on the knowledge of
++	  certain addresses in the attacked program.  The following options
++	  will allow the kernel to apply a certain amount of randomization
++	  to specific parts of the program thereby forcing an attacker to
++	  guess them in most cases.  Any failed guess will most likely crash
++	  the attacked program which allows the kernel to detect such attempts
++	  and react on them.  PaX itself provides no reaction mechanisms,
++	  instead it is strongly encouraged that you make use of Nergal's
++	  segvguard (ftp://ftp.pl.openwall.com/misc/segvguard/) or grsecurity's
++	  (http://www.grsecurity.net/) built-in crash detection features or
++	  develop one yourself.
++
++	  By saying Y here you can choose to randomize the following areas:
++	   - top of the task's kernel stack
++	   - top of the task's userland stack
++	   - base address for mmap() requests that do not specify one
++	     (this includes all libraries)
++	   - base address of the main executable
++
++	  It is strongly recommended to say Y here as address space layout
++	  randomization has negligible impact on performance yet it provides
++	  a very effective protection.
++
++	  NOTE: you can use the 'chpax' or 'paxctl' utilities to control
++	  this feature on a per file basis.
++
++config PAX_RANDKSTACK
++	bool "Randomize kernel stack base"
++	depends on PAX_ASLR && X86_TSC && X86_32
++	help
++	  By saying Y here the kernel will randomize every task's kernel
++	  stack on every system call.  This will not only force an attacker
++	  to guess it but also prevent him from making use of possible
++	  leaked information about it.
++
++	  Since the kernel stack is a rather scarce resource, randomization
++	  may cause unexpected stack overflows, therefore you should very
++	  carefully test your system.  Note that once enabled in the kernel
++	  configuration, this feature cannot be disabled on a per file basis.
++
++config PAX_RANDUSTACK
++	bool "Randomize user stack base"
++	depends on PAX_ASLR
++	help
++	  By saying Y here the kernel will randomize every task's userland
++	  stack.  The randomization is done in two steps where the second
++	  one may apply a big amount of shift to the top of the stack and
++	  cause problems for programs that want to use lots of memory (more
++	  than 2.5 GB if SEGMEXEC is not active, or 1.25 GB when it is).
++	  For this reason the second step can be controlled by 'chpax' or
++	  'paxctl' on a per file basis.
++
++config PAX_RANDMMAP
++	bool "Randomize mmap() base"
++	depends on PAX_ASLR
++	help
++	  By saying Y here the kernel will use a randomized base address for
++	  mmap() requests that do not specify one themselves.  As a result
++	  all dynamically loaded libraries will appear at random addresses
++	  and therefore be harder to exploit by a technique where an attacker
++	  attempts to execute library code for his purposes (e.g. spawn a
++	  shell from an exploited program that is running at an elevated
++	  privilege level).
++
++	  Furthermore, if a program is relinked as a dynamic ELF file, its
++	  base address will be randomized as well, completing the full
++	  randomization of the address space layout.  Attacking such programs
++	  becomes a guess game.  You can find an example of doing this at
++	  http://pax.grsecurity.net/et_dyn.tar.gz and practical samples at
++	  http://www.grsecurity.net/grsec-gcc-specs.tar.gz .
++
++	  NOTE: you can use the 'chpax' or 'paxctl' utilities to control this
++	  feature on a per file basis.
++
++endmenu
++
++menu "Miscellaneous hardening features"
++
++config PAX_MEMORY_SANITIZE
++	bool "Sanitize all freed memory"
++	help
++	  By saying Y here the kernel will erase memory pages as soon as they
++	  are freed.  This in turn reduces the lifetime of data stored in the
++	  pages, making it less likely that sensitive information such as
++	  passwords, cryptographic secrets, etc stay in memory for too long.
++
++	  This is especially useful for programs whose runtime is short, long
++	  lived processes and the kernel itself benefit from this as long as
++	  they operate on whole memory pages and ensure timely freeing of pages
++	  that may hold sensitive information.
++
++	  The tradeoff is performance impact, on a single CPU system kernel
++	  compilation sees a 3% slowdown, other systems and workloads may vary
++	  and you are advised to test this feature on your expected workload
++	  before deploying it.
++
++	  Note that this feature does not protect data stored in live pages,
++	  e.g., process memory swapped to disk may stay there for a long time.
++
++config PAX_MEMORY_UDEREF
++	bool "Prevent invalid userland pointer dereference"
++	depends on X86_32 && !COMPAT_VDSO && !UML_X86
++	help
++	  By saying Y here the kernel will be prevented from dereferencing
++	  userland pointers in contexts where the kernel expects only kernel
++	  pointers.  This is both a useful runtime debugging feature and a
++	  security measure that prevents exploiting a class of kernel bugs.
++
++	  The tradeoff is that some virtualization solutions may experience
++	  a huge slowdown and therefore you should not enable this feature
++	  for kernels meant to run in such environments.  Whether a given VM
++	  solution is affected or not is best determined by simply trying it
++	  out, the performance impact will be obvious right on boot as this
++	  mechanism engages from very early on.  A good rule of thumb is that
++	  VMs running on CPUs without hardware virtualization support (i.e.,
++	  the majority of IA-32 CPUs) will likely experience the slowdown.
++
++config PAX_REFCOUNT
++	bool "Prevent various kernel object reference counter overflows"
++	depends on GRKERNSEC && X86
++	help
++	  By saying Y here the kernel will detect and prevent overflowing
++	  various (but not all) kinds of object reference counters.  Such
++	  overflows can normally occur due to bugs only and are often, if
++	  not always, exploitable.
++
++	  The tradeoff is that data structures protected by an overflowed
++	  refcount will never be freed and therefore will leak memory.  Note
++	  that this leak also happens even without this protection but in
++	  that case the overflow can eventually trigger the freeing of the
++	  data structure while it is still being used elsewhere, resulting
++	  in the exploitable situation that this feature prevents.
++
++	  Since this has a negligible performance impact, you should enable
++	  this feature.
++
++config PAX_USERCOPY
++	bool "Bounds check heap object copies between kernel and userland"
++	depends on X86
++	depends on GRKERNSEC && (SLAB || SLUB || SLOB)
++	help
++	  By saying Y here the kernel will enforce the size of heap objects
++	  when they are copied in either direction between the kernel and
++	  userland, even if only a part of the heap object is copied.
++
++	  Specifically, this checking prevents information leaking from the
++	  kernel heap during kernel to userland copies (if the kernel heap
++	  object is otherwise fully initialized) and prevents kernel heap
++	  overflows during userland to kernel copies.
++
++	  Note that the current implementation provides the strictest checks
++	  for the SLUB allocator.
++
++endmenu
++
++endmenu
++
+ config KEYS
+ 	bool "Enable access key retention support"
+ 	help
+diff -urNp linux-2.6.29.6/security/smack/smackfs.c linux-2.6.29.6/security/smack/smackfs.c
+--- linux-2.6.29.6/security/smack/smackfs.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/security/smack/smackfs.c	2009-07-23 18:40:28.832499629 -0400
+@@ -179,7 +179,7 @@ static void load_seq_stop(struct seq_fil
+ 	/* No-op */
+ }
+ 
+-static struct seq_operations load_seq_ops = {
++static const struct seq_operations load_seq_ops = {
+ 	.start = load_seq_start,
+ 	.next  = load_seq_next,
+ 	.show  = load_seq_show,
+@@ -491,7 +491,7 @@ static void cipso_seq_stop(struct seq_fi
+ 	/* No-op */
+ }
+ 
+-static struct seq_operations cipso_seq_ops = {
++static const struct seq_operations cipso_seq_ops = {
+ 	.start = cipso_seq_start,
+ 	.stop  = cipso_seq_stop,
+ 	.next  = cipso_seq_next,
+@@ -675,7 +675,7 @@ static void netlbladdr_seq_stop(struct s
+ 	/* No-op */
+ }
+ 
+-static struct seq_operations netlbladdr_seq_ops = {
++static const struct seq_operations netlbladdr_seq_ops = {
+ 	.start = netlbladdr_seq_start,
+ 	.stop  = netlbladdr_seq_stop,
+ 	.next  = netlbladdr_seq_next,
+diff -urNp linux-2.6.29.6/sound/core/oss/pcm_oss.c linux-2.6.29.6/sound/core/oss/pcm_oss.c
+--- linux-2.6.29.6/sound/core/oss/pcm_oss.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/core/oss/pcm_oss.c	2009-07-23 17:34:32.245757940 -0400
+@@ -2929,8 +2929,8 @@ static void snd_pcm_oss_proc_done(struct
+ 	}
+ }
+ #else /* !CONFIG_SND_VERBOSE_PROCFS */
+-#define snd_pcm_oss_proc_init(pcm)
+-#define snd_pcm_oss_proc_done(pcm)
++#define snd_pcm_oss_proc_init(pcm) do {} while (0)
++#define snd_pcm_oss_proc_done(pcm) do {} while (0)
+ #endif /* CONFIG_SND_VERBOSE_PROCFS */
+ 
+ /*
+diff -urNp linux-2.6.29.6/sound/core/seq/seq_lock.h linux-2.6.29.6/sound/core/seq/seq_lock.h
+--- linux-2.6.29.6/sound/core/seq/seq_lock.h	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/core/seq/seq_lock.h	2009-07-23 17:34:32.245757940 -0400
+@@ -23,10 +23,10 @@ void snd_use_lock_sync_helper(snd_use_lo
+ #else /* SMP || CONFIG_SND_DEBUG */
+ 
+ typedef spinlock_t snd_use_lock_t;	/* dummy */
+-#define snd_use_lock_init(lockp) /**/
+-#define snd_use_lock_use(lockp) /**/
+-#define snd_use_lock_free(lockp) /**/
+-#define snd_use_lock_sync(lockp) /**/
++#define snd_use_lock_init(lockp) do {} while (0)
++#define snd_use_lock_use(lockp) do {} while (0)
++#define snd_use_lock_free(lockp) do {} while (0)
++#define snd_use_lock_sync(lockp) do {} while (0)
+ 
+ #endif /* SMP || CONFIG_SND_DEBUG */
+ 
+diff -urNp linux-2.6.29.6/sound/pci/ac97/ac97_patch.c linux-2.6.29.6/sound/pci/ac97/ac97_patch.c
+--- linux-2.6.29.6/sound/pci/ac97/ac97_patch.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/pci/ac97/ac97_patch.c	2009-07-23 17:34:32.246936980 -0400
+@@ -1498,7 +1498,7 @@ static const struct snd_ac97_res_table a
+ 	{ AC97_VIDEO, 0x9f1f },
+ 	{ AC97_AUX, 0x9f1f },
+ 	{ AC97_PCM, 0x9f1f },
+-	{ } /* terminator */
++	{ 0, 0 } /* terminator */
+ };
+ 
+ static int patch_ad1819(struct snd_ac97 * ac97)
+@@ -3873,7 +3873,7 @@ static struct snd_ac97_res_table lm4550_
+ 	{ AC97_AUX, 0x1f1f },
+ 	{ AC97_PCM, 0x1f1f },
+ 	{ AC97_REC_GAIN, 0x0f0f },
+-	{ } /* terminator */
++	{ 0, 0 } /* terminator */
+ };
+ 
+ static int patch_lm4550(struct snd_ac97 *ac97)
+diff -urNp linux-2.6.29.6/sound/pci/ens1370.c linux-2.6.29.6/sound/pci/ens1370.c
+--- linux-2.6.29.6/sound/pci/ens1370.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/pci/ens1370.c	2009-07-23 17:34:32.247850956 -0400
+@@ -452,7 +452,7 @@ static struct pci_device_id snd_audiopci
+ 	{ 0x1274, 0x5880, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0, },	/* ES1373 - CT5880 */
+ 	{ 0x1102, 0x8938, PCI_ANY_ID, PCI_ANY_ID, 0, 0, 0, },	/* Ectiva EV1938 */
+ #endif
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, snd_audiopci_ids);
+diff -urNp linux-2.6.29.6/sound/pci/intel8x0.c linux-2.6.29.6/sound/pci/intel8x0.c
+--- linux-2.6.29.6/sound/pci/intel8x0.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/pci/intel8x0.c	2009-07-23 17:34:32.247850956 -0400
+@@ -443,7 +443,7 @@ static struct pci_device_id snd_intel8x0
+ 	{ 0x1022, 0x746d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DEVICE_INTEL },	/* AMD8111 */
+ 	{ 0x1022, 0x7445, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DEVICE_INTEL },	/* AMD768 */
+ 	{ 0x10b9, 0x5455, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DEVICE_ALI },   /* Ali5455 */
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, snd_intel8x0_ids);
+@@ -2088,7 +2088,7 @@ static struct ac97_quirk ac97_quirks[] _
+ 		.type = AC97_TUNE_HP_ONLY
+ 	},
+ #endif
+-	{ } /* terminator */
++	{ 0, 0, 0, 0, NULL, 0 } /* terminator */
+ };
+ 
+ static int __devinit snd_intel8x0_mixer(struct intel8x0 *chip, int ac97_clock,
+diff -urNp linux-2.6.29.6/sound/pci/intel8x0m.c linux-2.6.29.6/sound/pci/intel8x0m.c
+--- linux-2.6.29.6/sound/pci/intel8x0m.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/pci/intel8x0m.c	2009-07-23 17:34:32.249009543 -0400
+@@ -239,7 +239,7 @@ static struct pci_device_id snd_intel8x0
+ 	{ 0x1022, 0x746d, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DEVICE_INTEL },	/* AMD8111 */
+ 	{ 0x10b9, 0x5455, PCI_ANY_ID, PCI_ANY_ID, 0, 0, DEVICE_ALI },   /* Ali5455 */
+ #endif
+-	{ 0, }
++	{ 0, 0, 0, 0, 0, 0, 0 }
+ };
+ 
+ MODULE_DEVICE_TABLE(pci, snd_intel8x0m_ids);
+@@ -1258,7 +1258,7 @@ static struct shortname_table {
+ 	{ 0x5455, "ALi M5455" },
+ 	{ 0x746d, "AMD AMD8111" },
+ #endif
+-	{ 0 },
++	{ 0, NULL },
+ };
+ 
+ static int __devinit snd_intel8x0m_probe(struct pci_dev *pci,
+diff -urNp linux-2.6.29.6/sound/usb/usx2y/us122l.c linux-2.6.29.6/sound/usb/usx2y/us122l.c
+--- linux-2.6.29.6/sound/usb/usx2y/us122l.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/usb/usx2y/us122l.c	2009-07-23 18:40:28.832499629 -0400
+@@ -154,7 +154,7 @@ static void usb_stream_hwdep_vm_close(st
+ 	snd_printdd(KERN_DEBUG "%i\n", atomic_read(&us122l->mmap_count));
+ }
+ 
+-static struct vm_operations_struct usb_stream_hwdep_vm_ops = {
++static const struct vm_operations_struct usb_stream_hwdep_vm_ops = {
+ 	.open = usb_stream_hwdep_vm_open,
+ 	.fault = usb_stream_hwdep_vm_fault,
+ 	.close = usb_stream_hwdep_vm_close,
+diff -urNp linux-2.6.29.6/sound/usb/usx2y/usX2Yhwdep.c linux-2.6.29.6/sound/usb/usx2y/usX2Yhwdep.c
+--- linux-2.6.29.6/sound/usb/usx2y/usX2Yhwdep.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/usb/usx2y/usX2Yhwdep.c	2009-07-23 18:40:28.833508615 -0400
+@@ -56,7 +56,7 @@ static int snd_us428ctls_vm_fault(struct
+ 	return 0;
+ }
+ 
+-static struct vm_operations_struct us428ctls_vm_ops = {
++static const struct vm_operations_struct us428ctls_vm_ops = {
+ 	.fault = snd_us428ctls_vm_fault,
+ };
+ 
+diff -urNp linux-2.6.29.6/sound/usb/usx2y/usx2yhwdeppcm.c linux-2.6.29.6/sound/usb/usx2y/usx2yhwdeppcm.c
+--- linux-2.6.29.6/sound/usb/usx2y/usx2yhwdeppcm.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/sound/usb/usx2y/usx2yhwdeppcm.c	2009-07-23 18:40:28.833508615 -0400
+@@ -697,7 +697,7 @@ static int snd_usX2Y_hwdep_pcm_vm_fault(
+ }
+ 
+ 
+-static struct vm_operations_struct snd_usX2Y_hwdep_pcm_vm_ops = {
++static const struct vm_operations_struct snd_usX2Y_hwdep_pcm_vm_ops = {
+ 	.open = snd_usX2Y_hwdep_pcm_vm_open,
+ 	.close = snd_usX2Y_hwdep_pcm_vm_close,
+ 	.fault = snd_usX2Y_hwdep_pcm_vm_fault,
+diff -urNp linux-2.6.29.6/virt/kvm/kvm_main.c linux-2.6.29.6/virt/kvm/kvm_main.c
+--- linux-2.6.29.6/virt/kvm/kvm_main.c	2009-07-02 19:41:20.000000000 -0400
++++ linux-2.6.29.6/virt/kvm/kvm_main.c	2009-07-23 17:34:32.249724330 -0400
+@@ -2059,6 +2059,9 @@ static struct miscdevice kvm_dev = {
+ 	KVM_MINOR,
+ 	"kvm",
+ 	&kvm_chardev_ops,
++	{NULL, NULL},
++	NULL,
++	NULL
+ };
+ 
+ static void hardware_enable(void *junk)
+@@ -2290,7 +2293,7 @@ static void kvm_sched_out(struct preempt
+ 	kvm_arch_vcpu_put(vcpu);
+ }
+ 
+-int kvm_init(void *opaque, unsigned int vcpu_size,
++int kvm_init(const void *opaque, unsigned int vcpu_size,
+ 		  struct module *module)
+ {
+ 	int r;
diff --git a/main/linux-grsec/kernelconfig b/main/linux-grsec/kernelconfig
new file mode 100644
index 0000000000..425e5cedae
--- /dev/null
+++ b/main/linux-grsec/kernelconfig
@@ -0,0 +1,4432 @@
+#
+# Automatically generated make config: don't edit
+# Linux kernel version: 2.6.29.5
+# Mon Jun 29 16:25:46 2009
+#
+# CONFIG_64BIT is not set
+CONFIG_X86_32=y
+# CONFIG_X86_64 is not set
+CONFIG_X86=y
+CONFIG_ARCH_DEFCONFIG="arch/x86/configs/i386_defconfig"
+CONFIG_GENERIC_TIME=y
+CONFIG_GENERIC_CMOS_UPDATE=y
+CONFIG_CLOCKSOURCE_WATCHDOG=y
+CONFIG_GENERIC_CLOCKEVENTS=y
+CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y
+CONFIG_LOCKDEP_SUPPORT=y
+CONFIG_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_LATENCYTOP_SUPPORT=y
+CONFIG_FAST_CMPXCHG_LOCAL=y
+CONFIG_MMU=y
+CONFIG_ZONE_DMA=y
+CONFIG_GENERIC_ISA_DMA=y
+CONFIG_GENERIC_IOMAP=y
+CONFIG_GENERIC_BUG=y
+CONFIG_GENERIC_HWEIGHT=y
+CONFIG_GENERIC_GPIO=y
+CONFIG_ARCH_MAY_HAVE_PC_FDC=y
+# CONFIG_RWSEM_GENERIC_SPINLOCK is not set
+CONFIG_RWSEM_XCHGADD_ALGORITHM=y
+CONFIG_ARCH_HAS_CPU_IDLE_WAIT=y
+CONFIG_GENERIC_CALIBRATE_DELAY=y
+# CONFIG_GENERIC_TIME_VSYSCALL is not set
+CONFIG_ARCH_HAS_CPU_RELAX=y
+CONFIG_ARCH_HAS_DEFAULT_IDLE=y
+CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
+CONFIG_HAVE_SETUP_PER_CPU_AREA=y
+# CONFIG_HAVE_CPUMASK_OF_CPU_MAP is not set
+CONFIG_ARCH_HIBERNATION_POSSIBLE=y
+CONFIG_ARCH_SUSPEND_POSSIBLE=y
+# CONFIG_ZONE_DMA32 is not set
+CONFIG_ARCH_POPULATES_NODE_MAP=y
+# CONFIG_AUDIT_ARCH is not set
+CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y
+CONFIG_GENERIC_HARDIRQS=y
+CONFIG_GENERIC_IRQ_PROBE=y
+CONFIG_GENERIC_PENDING_IRQ=y
+CONFIG_X86_SMP=y
+CONFIG_USE_GENERIC_SMP_HELPERS=y
+CONFIG_X86_32_SMP=y
+CONFIG_X86_HT=y
+CONFIG_X86_BIOS_REBOOT=y
+CONFIG_X86_TRAMPOLINE=y
+CONFIG_KTIME_SCALAR=y
+CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
+
+#
+# General setup
+#
+CONFIG_EXPERIMENTAL=y
+CONFIG_LOCK_KERNEL=y
+CONFIG_INIT_ENV_ARG_LIMIT=32
+CONFIG_LOCALVERSION=""
+# CONFIG_LOCALVERSION_AUTO is not set
+CONFIG_SWAP=y
+CONFIG_SYSVIPC=y
+CONFIG_SYSVIPC_SYSCTL=y
+# CONFIG_POSIX_MQUEUE is not set
+CONFIG_BSD_PROCESS_ACCT=y
+CONFIG_BSD_PROCESS_ACCT_V3=y
+# CONFIG_TASKSTATS is not set
+# CONFIG_AUDIT is not set
+
+#
+# RCU Subsystem
+#
+CONFIG_CLASSIC_RCU=y
+# CONFIG_TREE_RCU is not set
+# CONFIG_PREEMPT_RCU is not set
+# CONFIG_TREE_RCU_TRACE is not set
+# CONFIG_PREEMPT_RCU_TRACE is not set
+CONFIG_IKCONFIG=m
+CONFIG_IKCONFIG_PROC=y
+CONFIG_LOG_BUF_SHIFT=14
+CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y
+CONFIG_GROUP_SCHED=y
+CONFIG_FAIR_GROUP_SCHED=y
+# CONFIG_RT_GROUP_SCHED is not set
+CONFIG_USER_SCHED=y
+# CONFIG_CGROUP_SCHED is not set
+# CONFIG_CGROUPS is not set
+# CONFIG_SYSFS_DEPRECATED_V2 is not set
+# CONFIG_RELAY is not set
+# CONFIG_NAMESPACES is not set
+CONFIG_BLK_DEV_INITRD=y
+CONFIG_INITRAMFS_SOURCE=""
+CONFIG_CC_OPTIMIZE_FOR_SIZE=y
+CONFIG_SYSCTL=y
+CONFIG_ANON_INODES=y
+CONFIG_EMBEDDED=y
+CONFIG_UID16=y
+CONFIG_SYSCTL_SYSCALL=y
+# CONFIG_KALLSYMS is not set
+CONFIG_HOTPLUG=y
+CONFIG_PRINTK=y
+CONFIG_BUG=y
+CONFIG_ELF_CORE=y
+CONFIG_PCSPKR_PLATFORM=y
+CONFIG_BASE_FULL=y
+CONFIG_FUTEX=y
+CONFIG_EPOLL=y
+CONFIG_SIGNALFD=y
+CONFIG_TIMERFD=y
+CONFIG_EVENTFD=y
+CONFIG_SHMEM=y
+CONFIG_AIO=y
+CONFIG_VM_EVENT_COUNTERS=y
+CONFIG_PCI_QUIRKS=y
+# CONFIG_SLUB_DEBUG is not set
+# CONFIG_COMPAT_BRK is not set
+# CONFIG_SLAB is not set
+CONFIG_SLUB=y
+# CONFIG_SLOB is not set
+# CONFIG_PROFILING is not set
+CONFIG_HAVE_OPROFILE=y
+CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
+CONFIG_HAVE_IOREMAP_PROT=y
+CONFIG_HAVE_KPROBES=y
+CONFIG_HAVE_KRETPROBES=y
+CONFIG_HAVE_ARCH_TRACEHOOK=y
+CONFIG_HAVE_GENERIC_DMA_COHERENT=y
+CONFIG_RT_MUTEXES=y
+CONFIG_BASE_SMALL=0
+CONFIG_MODULES=y
+# CONFIG_MODULE_FORCE_LOAD is not set
+CONFIG_MODULE_UNLOAD=y
+# CONFIG_MODULE_FORCE_UNLOAD is not set
+CONFIG_MODVERSIONS=y
+# CONFIG_MODULE_SRCVERSION_ALL is not set
+CONFIG_STOP_MACHINE=y
+CONFIG_BLOCK=y
+CONFIG_LBD=y
+# CONFIG_BLK_DEV_IO_TRACE is not set
+CONFIG_BLK_DEV_BSG=y
+# CONFIG_BLK_DEV_INTEGRITY is not set
+
+#
+# IO Schedulers
+#
+CONFIG_IOSCHED_NOOP=y
+CONFIG_IOSCHED_AS=m
+CONFIG_IOSCHED_DEADLINE=m
+CONFIG_IOSCHED_CFQ=m
+# CONFIG_DEFAULT_AS is not set
+# CONFIG_DEFAULT_DEADLINE is not set
+# CONFIG_DEFAULT_CFQ is not set
+CONFIG_DEFAULT_NOOP=y
+CONFIG_DEFAULT_IOSCHED="noop"
+CONFIG_PREEMPT_NOTIFIERS=y
+CONFIG_FREEZER=y
+
+#
+# Processor type and features
+#
+CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ=y
+CONFIG_HIGH_RES_TIMERS=y
+CONFIG_GENERIC_CLOCKEVENTS_BUILD=y
+CONFIG_SMP=y
+# CONFIG_SPARSE_IRQ is not set
+CONFIG_X86_FIND_SMP_CONFIG=y
+CONFIG_X86_MPPARSE=y
+CONFIG_X86_PC=y
+# CONFIG_X86_ELAN is not set
+# CONFIG_X86_VOYAGER is not set
+# CONFIG_X86_GENERICARCH is not set
+# CONFIG_X86_VSMP is not set
+# CONFIG_X86_RDC321X is not set
+CONFIG_SCHED_OMIT_FRAME_POINTER=y
+CONFIG_PARAVIRT_GUEST=y
+CONFIG_VMI=y
+CONFIG_KVM_CLOCK=y
+CONFIG_KVM_GUEST=y
+CONFIG_LGUEST_GUEST=y
+CONFIG_PARAVIRT=y
+CONFIG_PARAVIRT_CLOCK=y
+# CONFIG_MEMTEST is not set
+# CONFIG_M386 is not set
+# CONFIG_M486 is not set
+CONFIG_M586=y
+# CONFIG_M586TSC is not set
+# CONFIG_M586MMX is not set
+# CONFIG_M686 is not set
+# CONFIG_MPENTIUMII is not set
+# CONFIG_MPENTIUMIII is not set
+# CONFIG_MPENTIUMM is not set
+# CONFIG_MPENTIUM4 is not set
+# CONFIG_MK6 is not set
+# CONFIG_MK7 is not set
+# CONFIG_MK8 is not set
+# CONFIG_MCRUSOE is not set
+# CONFIG_MEFFICEON is not set
+# CONFIG_MWINCHIPC6 is not set
+# CONFIG_MWINCHIP3D is not set
+# CONFIG_MGEODEGX1 is not set
+# CONFIG_MGEODE_LX is not set
+# CONFIG_MCYRIXIII is not set
+# CONFIG_MVIAC3_2 is not set
+# CONFIG_MVIAC7 is not set
+# CONFIG_MPSC is not set
+# CONFIG_MCORE2 is not set
+# CONFIG_GENERIC_CPU is not set
+CONFIG_X86_GENERIC=y
+CONFIG_X86_CPU=y
+CONFIG_X86_CMPXCHG=y
+CONFIG_X86_L1_CACHE_SHIFT=7
+CONFIG_X86_XADD=y
+# CONFIG_X86_PPRO_FENCE is not set
+CONFIG_X86_F00F_BUG=y
+CONFIG_X86_WP_WORKS_OK=y
+CONFIG_X86_INVLPG=y
+CONFIG_X86_BSWAP=y
+CONFIG_X86_POPAD_OK=y
+CONFIG_X86_ALIGNMENT_16=y
+CONFIG_X86_INTEL_USERCOPY=y
+CONFIG_X86_MINIMUM_CPU_FAMILY=4
+# CONFIG_PROCESSOR_SELECT is not set
+CONFIG_CPU_SUP_INTEL=y
+CONFIG_CPU_SUP_CYRIX_32=y
+CONFIG_CPU_SUP_AMD=y
+CONFIG_CPU_SUP_CENTAUR_32=y
+CONFIG_CPU_SUP_TRANSMETA_32=y
+CONFIG_CPU_SUP_UMC_32=y
+CONFIG_HPET_TIMER=y
+CONFIG_HPET_EMULATE_RTC=y
+CONFIG_DMI=y
+# CONFIG_IOMMU_HELPER is not set
+# CONFIG_IOMMU_API is not set
+CONFIG_NR_CPUS=8
+# CONFIG_SCHED_SMT is not set
+CONFIG_SCHED_MC=y
+CONFIG_PREEMPT_NONE=y
+# CONFIG_PREEMPT_VOLUNTARY is not set
+# CONFIG_PREEMPT is not set
+CONFIG_X86_LOCAL_APIC=y
+CONFIG_X86_IO_APIC=y
+# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set
+# CONFIG_X86_MCE is not set
+CONFIG_VM86=y
+CONFIG_TOSHIBA=m
+CONFIG_I8K=m
+CONFIG_X86_REBOOTFIXUPS=y
+CONFIG_MICROCODE=m
+CONFIG_MICROCODE_INTEL=y
+CONFIG_MICROCODE_AMD=y
+CONFIG_MICROCODE_OLD_INTERFACE=y
+CONFIG_X86_MSR=m
+CONFIG_X86_CPUID=m
+# CONFIG_NOHIGHMEM is not set
+CONFIG_HIGHMEM4G=y
+# CONFIG_HIGHMEM64G is not set
+CONFIG_VMSPLIT_3G=y
+# CONFIG_VMSPLIT_3G_OPT is not set
+# CONFIG_VMSPLIT_2G is not set
+# CONFIG_VMSPLIT_2G_OPT is not set
+# CONFIG_VMSPLIT_1G is not set
+CONFIG_PAGE_OFFSET=0xC0000000
+CONFIG_HIGHMEM=y
+# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set
+CONFIG_ARCH_FLATMEM_ENABLE=y
+CONFIG_ARCH_SPARSEMEM_ENABLE=y
+CONFIG_ARCH_SELECT_MEMORY_MODEL=y
+CONFIG_SELECT_MEMORY_MODEL=y
+CONFIG_FLATMEM_MANUAL=y
+# CONFIG_DISCONTIGMEM_MANUAL is not set
+# CONFIG_SPARSEMEM_MANUAL is not set
+CONFIG_FLATMEM=y
+CONFIG_FLAT_NODE_MEM_MAP=y
+CONFIG_SPARSEMEM_STATIC=y
+CONFIG_PAGEFLAGS_EXTENDED=y
+CONFIG_SPLIT_PTLOCK_CPUS=4
+# CONFIG_PHYS_ADDR_T_64BIT is not set
+CONFIG_ZONE_DMA_FLAG=1
+CONFIG_BOUNCE=y
+CONFIG_VIRT_TO_BUS=y
+CONFIG_UNEVICTABLE_LRU=y
+CONFIG_MMU_NOTIFIER=y
+# CONFIG_HIGHPTE is not set
+# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set
+CONFIG_X86_RESERVE_LOW_64K=y
+CONFIG_MATH_EMULATION=y
+CONFIG_MTRR=y
+CONFIG_MTRR_SANITIZER=y
+CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0
+CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1
+# CONFIG_X86_PAT is not set
+# CONFIG_EFI is not set
+# CONFIG_SECCOMP is not set
+# CONFIG_HZ_100 is not set
+# CONFIG_HZ_250 is not set
+CONFIG_HZ_300=y
+# CONFIG_HZ_1000 is not set
+CONFIG_HZ=300
+CONFIG_SCHED_HRTICK=y
+# CONFIG_KEXEC is not set
+# CONFIG_CRASH_DUMP is not set
+CONFIG_PHYSICAL_START=0x100000
+# CONFIG_RELOCATABLE is not set
+CONFIG_PHYSICAL_ALIGN=0x100000
+CONFIG_HOTPLUG_CPU=y
+# CONFIG_CMDLINE_BOOL is not set
+CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y
+
+#
+# Power management and ACPI options
+#
+CONFIG_PM=y
+# CONFIG_PM_DEBUG is not set
+CONFIG_PM_SLEEP_SMP=y
+CONFIG_PM_SLEEP=y
+CONFIG_SUSPEND=y
+CONFIG_SUSPEND_FREEZER=y
+# CONFIG_HIBERNATION is not set
+CONFIG_ACPI=y
+CONFIG_ACPI_SLEEP=y
+CONFIG_ACPI_PROCFS=y
+CONFIG_ACPI_PROCFS_POWER=y
+CONFIG_ACPI_SYSFS_POWER=y
+CONFIG_ACPI_PROC_EVENT=y
+CONFIG_ACPI_AC=m
+CONFIG_ACPI_BATTERY=m
+CONFIG_ACPI_BUTTON=m
+CONFIG_ACPI_VIDEO=m
+CONFIG_ACPI_FAN=m
+CONFIG_ACPI_DOCK=y
+CONFIG_ACPI_PROCESSOR=m
+CONFIG_ACPI_HOTPLUG_CPU=y
+CONFIG_ACPI_THERMAL=m
+# CONFIG_ACPI_CUSTOM_DSDT is not set
+CONFIG_ACPI_BLACKLIST_YEAR=2000
+# CONFIG_ACPI_DEBUG is not set
+CONFIG_ACPI_PCI_SLOT=m
+CONFIG_X86_PM_TIMER=y
+CONFIG_ACPI_CONTAINER=m
+CONFIG_ACPI_SBS=m
+# CONFIG_APM is not set
+
+#
+# CPU Frequency scaling
+#
+CONFIG_CPU_FREQ=y
+CONFIG_CPU_FREQ_TABLE=m
+# CONFIG_CPU_FREQ_DEBUG is not set
+CONFIG_CPU_FREQ_STAT=m
+# CONFIG_CPU_FREQ_STAT_DETAILS is not set
+CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
+# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
+# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
+# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
+# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
+CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
+CONFIG_CPU_FREQ_GOV_POWERSAVE=m
+CONFIG_CPU_FREQ_GOV_USERSPACE=m
+CONFIG_CPU_FREQ_GOV_ONDEMAND=m
+CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m
+
+#
+# CPUFreq processor drivers
+#
+CONFIG_X86_ACPI_CPUFREQ=m
+CONFIG_X86_POWERNOW_K6=m
+CONFIG_X86_POWERNOW_K7=m
+CONFIG_X86_POWERNOW_K7_ACPI=y
+CONFIG_X86_POWERNOW_K8=m
+CONFIG_X86_POWERNOW_K8_ACPI=y
+CONFIG_X86_GX_SUSPMOD=m
+CONFIG_X86_SPEEDSTEP_CENTRINO=m
+CONFIG_X86_SPEEDSTEP_CENTRINO_TABLE=y
+CONFIG_X86_SPEEDSTEP_ICH=m
+CONFIG_X86_SPEEDSTEP_SMI=m
+CONFIG_X86_P4_CLOCKMOD=m
+CONFIG_X86_CPUFREQ_NFORCE2=m
+CONFIG_X86_LONGRUN=m
+CONFIG_X86_LONGHAUL=m
+CONFIG_X86_E_POWERSAVER=m
+
+#
+# shared options
+#
+CONFIG_X86_SPEEDSTEP_LIB=m
+CONFIG_X86_SPEEDSTEP_RELAXED_CAP_CHECK=y
+CONFIG_CPU_IDLE=y
+CONFIG_CPU_IDLE_GOV_LADDER=y
+CONFIG_CPU_IDLE_GOV_MENU=y
+
+#
+# Bus options (PCI etc.)
+#
+CONFIG_PCI=y
+# CONFIG_PCI_GOBIOS is not set
+# CONFIG_PCI_GOMMCONFIG is not set
+# CONFIG_PCI_GODIRECT is not set
+# CONFIG_PCI_GOOLPC is not set
+CONFIG_PCI_GOANY=y
+CONFIG_PCI_BIOS=y
+CONFIG_PCI_DIRECT=y
+CONFIG_PCI_MMCONFIG=y
+CONFIG_PCI_DOMAINS=y
+CONFIG_PCIEPORTBUS=y
+CONFIG_HOTPLUG_PCI_PCIE=m
+# CONFIG_PCIEAER is not set
+CONFIG_PCIEASPM=y
+# CONFIG_PCIEASPM_DEBUG is not set
+CONFIG_ARCH_SUPPORTS_MSI=y
+# CONFIG_PCI_MSI is not set
+CONFIG_PCI_LEGACY=y
+CONFIG_PCI_STUB=m
+CONFIG_HT_IRQ=y
+CONFIG_ISA_DMA_API=y
+CONFIG_ISA=y
+# CONFIG_EISA is not set
+# CONFIG_MCA is not set
+CONFIG_SCx200=m
+CONFIG_SCx200HR_TIMER=m
+# CONFIG_OLPC is not set
+CONFIG_K8_NB=y
+CONFIG_PCCARD=m
+# CONFIG_PCMCIA_DEBUG is not set
+CONFIG_PCMCIA=m
+CONFIG_PCMCIA_LOAD_CIS=y
+CONFIG_PCMCIA_IOCTL=y
+CONFIG_CARDBUS=y
+
+#
+# PC-card bridges
+#
+CONFIG_YENTA=m
+CONFIG_YENTA_O2=y
+CONFIG_YENTA_RICOH=y
+CONFIG_YENTA_TI=y
+CONFIG_YENTA_ENE_TUNE=y
+CONFIG_YENTA_TOSHIBA=y
+CONFIG_PD6729=m
+CONFIG_I82092=m
+CONFIG_I82365=m
+CONFIG_TCIC=m
+CONFIG_PCMCIA_PROBE=y
+CONFIG_PCCARD_NONSTATIC=m
+CONFIG_HOTPLUG_PCI=m
+CONFIG_HOTPLUG_PCI_FAKE=m
+CONFIG_HOTPLUG_PCI_COMPAQ=m
+# CONFIG_HOTPLUG_PCI_COMPAQ_NVRAM is not set
+CONFIG_HOTPLUG_PCI_IBM=m
+CONFIG_HOTPLUG_PCI_ACPI=m
+CONFIG_HOTPLUG_PCI_ACPI_IBM=m
+CONFIG_HOTPLUG_PCI_CPCI=y
+CONFIG_HOTPLUG_PCI_CPCI_ZT5550=m
+CONFIG_HOTPLUG_PCI_CPCI_GENERIC=m
+CONFIG_HOTPLUG_PCI_SHPC=m
+
+#
+# Executable file formats / Emulations
+#
+CONFIG_BINFMT_ELF=y
+# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_HAVE_AOUT=y
+CONFIG_BINFMT_AOUT=m
+CONFIG_BINFMT_MISC=m
+CONFIG_HAVE_ATOMIC_IOMAP=y
+CONFIG_NET=y
+
+#
+# Networking options
+#
+CONFIG_COMPAT_NET_DEV_OPS=y
+CONFIG_PACKET=m
+CONFIG_PACKET_MMAP=y
+CONFIG_UNIX=y
+CONFIG_XFRM=y
+CONFIG_XFRM_USER=m
+CONFIG_XFRM_SUB_POLICY=y
+CONFIG_XFRM_MIGRATE=y
+# CONFIG_XFRM_STATISTICS is not set
+CONFIG_XFRM_IPCOMP=m
+CONFIG_NET_KEY=m
+CONFIG_NET_KEY_MIGRATE=y
+CONFIG_INET=y
+CONFIG_IP_MULTICAST=y
+CONFIG_IP_ADVANCED_ROUTER=y
+CONFIG_ASK_IP_FIB_HASH=y
+# CONFIG_IP_FIB_TRIE is not set
+CONFIG_IP_FIB_HASH=y
+CONFIG_IP_MULTIPLE_TABLES=y
+CONFIG_IP_ROUTE_MULTIPATH=y
+CONFIG_IP_ROUTE_VERBOSE=y
+CONFIG_IP_PNP=y
+CONFIG_IP_PNP_DHCP=y
+CONFIG_IP_PNP_BOOTP=y
+CONFIG_IP_PNP_RARP=y
+CONFIG_NET_IPIP=m
+CONFIG_NET_IPGRE=m
+CONFIG_NET_IPGRE_BROADCAST=y
+CONFIG_IP_MROUTE=y
+# CONFIG_IP_PIMSM_V1 is not set
+CONFIG_IP_PIMSM_V2=y
+CONFIG_ARPD=y
+CONFIG_SYN_COOKIES=y
+CONFIG_INET_AH=m
+CONFIG_INET_ESP=m
+CONFIG_INET_IPCOMP=m
+CONFIG_INET_XFRM_TUNNEL=m
+CONFIG_INET_TUNNEL=m
+CONFIG_INET_XFRM_MODE_TRANSPORT=m
+CONFIG_INET_XFRM_MODE_TUNNEL=m
+CONFIG_INET_XFRM_MODE_BEET=m
+CONFIG_INET_LRO=m
+CONFIG_INET_DIAG=m
+CONFIG_INET_TCP_DIAG=m
+CONFIG_TCP_CONG_ADVANCED=y
+CONFIG_TCP_CONG_BIC=m
+CONFIG_TCP_CONG_CUBIC=y
+CONFIG_TCP_CONG_WESTWOOD=m
+CONFIG_TCP_CONG_HTCP=m
+CONFIG_TCP_CONG_HSTCP=m
+CONFIG_TCP_CONG_HYBLA=m
+CONFIG_TCP_CONG_VEGAS=m
+CONFIG_TCP_CONG_SCALABLE=m
+CONFIG_TCP_CONG_LP=m
+CONFIG_TCP_CONG_VENO=m
+CONFIG_TCP_CONG_YEAH=m
+CONFIG_TCP_CONG_ILLINOIS=m
+# CONFIG_DEFAULT_BIC is not set
+CONFIG_DEFAULT_CUBIC=y
+# CONFIG_DEFAULT_HTCP is not set
+# CONFIG_DEFAULT_VEGAS is not set
+# CONFIG_DEFAULT_WESTWOOD is not set
+# CONFIG_DEFAULT_RENO is not set
+CONFIG_DEFAULT_TCP_CONG="cubic"
+CONFIG_TCP_MD5SIG=y
+CONFIG_IPV6=m
+CONFIG_IPV6_PRIVACY=y
+CONFIG_IPV6_ROUTER_PREF=y
+CONFIG_IPV6_ROUTE_INFO=y
+# CONFIG_IPV6_OPTIMISTIC_DAD is not set
+CONFIG_INET6_AH=m
+CONFIG_INET6_ESP=m
+CONFIG_INET6_IPCOMP=m
+CONFIG_IPV6_MIP6=m
+CONFIG_INET6_XFRM_TUNNEL=m
+CONFIG_INET6_TUNNEL=m
+CONFIG_INET6_XFRM_MODE_TRANSPORT=m
+CONFIG_INET6_XFRM_MODE_TUNNEL=m
+CONFIG_INET6_XFRM_MODE_BEET=m
+CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
+CONFIG_IPV6_SIT=m
+CONFIG_IPV6_NDISC_NODETYPE=y
+CONFIG_IPV6_TUNNEL=m
+CONFIG_IPV6_MULTIPLE_TABLES=y
+CONFIG_IPV6_SUBTREES=y
+CONFIG_IPV6_MROUTE=y
+CONFIG_IPV6_PIMSM_V2=y
+CONFIG_NETLABEL=y
+CONFIG_NETWORK_SECMARK=y
+CONFIG_NETFILTER=y
+# CONFIG_NETFILTER_DEBUG is not set
+CONFIG_NETFILTER_ADVANCED=y
+CONFIG_BRIDGE_NETFILTER=y
+
+#
+# Core Netfilter Configuration
+#
+CONFIG_NETFILTER_NETLINK=m
+CONFIG_NETFILTER_NETLINK_QUEUE=m
+CONFIG_NETFILTER_NETLINK_LOG=m
+CONFIG_NF_CONNTRACK=m
+CONFIG_NF_CT_ACCT=y
+CONFIG_NF_CONNTRACK_MARK=y
+CONFIG_NF_CONNTRACK_SECMARK=y
+CONFIG_NF_CONNTRACK_EVENTS=y
+CONFIG_NF_CT_PROTO_DCCP=m
+CONFIG_NF_CT_PROTO_GRE=m
+CONFIG_NF_CT_PROTO_SCTP=m
+CONFIG_NF_CT_PROTO_UDPLITE=m
+CONFIG_NF_CONNTRACK_AMANDA=m
+CONFIG_NF_CONNTRACK_FTP=m
+CONFIG_NF_CONNTRACK_H323=m
+CONFIG_NF_CONNTRACK_IRC=m
+CONFIG_NF_CONNTRACK_NETBIOS_NS=m
+CONFIG_NF_CONNTRACK_PPTP=m
+CONFIG_NF_CONNTRACK_SANE=m
+CONFIG_NF_CONNTRACK_SIP=m
+CONFIG_NF_CONNTRACK_TFTP=m
+CONFIG_NF_CT_NETLINK=m
+CONFIG_NETFILTER_TPROXY=m
+CONFIG_NETFILTER_XTABLES=m
+CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m
+CONFIG_NETFILTER_XT_TARGET_CONNMARK=m
+CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m
+CONFIG_NETFILTER_XT_TARGET_DSCP=m
+CONFIG_NETFILTER_XT_TARGET_MARK=m
+CONFIG_NETFILTER_XT_TARGET_NFLOG=m
+CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m
+CONFIG_NETFILTER_XT_TARGET_NOTRACK=m
+CONFIG_NETFILTER_XT_TARGET_RATEEST=m
+CONFIG_NETFILTER_XT_TARGET_TPROXY=m
+CONFIG_NETFILTER_XT_TARGET_TRACE=m
+CONFIG_NETFILTER_XT_TARGET_SECMARK=m
+CONFIG_NETFILTER_XT_TARGET_TCPMSS=m
+CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m
+CONFIG_NETFILTER_XT_MATCH_COMMENT=m
+CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m
+CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m
+CONFIG_NETFILTER_XT_MATCH_CONNMARK=m
+CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m
+CONFIG_NETFILTER_XT_MATCH_DCCP=m
+CONFIG_NETFILTER_XT_MATCH_DSCP=m
+CONFIG_NETFILTER_XT_MATCH_ESP=m
+CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m
+CONFIG_NETFILTER_XT_MATCH_HELPER=m
+CONFIG_NETFILTER_XT_MATCH_IPRANGE=m
+CONFIG_NETFILTER_XT_MATCH_LENGTH=m
+CONFIG_NETFILTER_XT_MATCH_LIMIT=m
+CONFIG_NETFILTER_XT_MATCH_MAC=m
+CONFIG_NETFILTER_XT_MATCH_MARK=m
+CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m
+CONFIG_NETFILTER_XT_MATCH_OWNER=m
+CONFIG_NETFILTER_XT_MATCH_POLICY=m
+CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m
+CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m
+CONFIG_NETFILTER_XT_MATCH_QUOTA=m
+CONFIG_NETFILTER_XT_MATCH_RATEEST=m
+CONFIG_NETFILTER_XT_MATCH_REALM=m
+CONFIG_NETFILTER_XT_MATCH_RECENT=m
+# CONFIG_NETFILTER_XT_MATCH_RECENT_PROC_COMPAT is not set
+CONFIG_NETFILTER_XT_MATCH_SCTP=m
+CONFIG_NETFILTER_XT_MATCH_SOCKET=m
+CONFIG_NETFILTER_XT_MATCH_STATE=m
+CONFIG_NETFILTER_XT_MATCH_STATISTIC=m
+CONFIG_NETFILTER_XT_MATCH_STRING=m
+CONFIG_NETFILTER_XT_MATCH_TCPMSS=m
+CONFIG_NETFILTER_XT_MATCH_TIME=m
+CONFIG_NETFILTER_XT_MATCH_U32=m
+CONFIG_IP_VS=m
+CONFIG_IP_VS_IPV6=y
+# CONFIG_IP_VS_DEBUG is not set
+CONFIG_IP_VS_TAB_BITS=12
+
+#
+# IPVS transport protocol load balancing support
+#
+CONFIG_IP_VS_PROTO_TCP=y
+CONFIG_IP_VS_PROTO_UDP=y
+CONFIG_IP_VS_PROTO_AH_ESP=y
+CONFIG_IP_VS_PROTO_ESP=y
+CONFIG_IP_VS_PROTO_AH=y
+
+#
+# IPVS scheduler
+#
+CONFIG_IP_VS_RR=m
+CONFIG_IP_VS_WRR=m
+CONFIG_IP_VS_LC=m
+CONFIG_IP_VS_WLC=m
+CONFIG_IP_VS_LBLC=m
+CONFIG_IP_VS_LBLCR=m
+CONFIG_IP_VS_DH=m
+CONFIG_IP_VS_SH=m
+CONFIG_IP_VS_SED=m
+CONFIG_IP_VS_NQ=m
+
+#
+# IPVS application helper
+#
+CONFIG_IP_VS_FTP=m
+
+#
+# IP: Netfilter Configuration
+#
+CONFIG_NF_DEFRAG_IPV4=m
+CONFIG_NF_CONNTRACK_IPV4=m
+CONFIG_NF_CONNTRACK_PROC_COMPAT=y
+CONFIG_IP_NF_QUEUE=m
+CONFIG_IP_NF_IPTABLES=m
+CONFIG_IP_NF_MATCH_ADDRTYPE=m
+CONFIG_IP_NF_MATCH_AH=m
+CONFIG_IP_NF_MATCH_ECN=m
+CONFIG_IP_NF_MATCH_TTL=m
+CONFIG_IP_NF_FILTER=m
+CONFIG_IP_NF_TARGET_REJECT=m
+CONFIG_IP_NF_TARGET_LOG=m
+CONFIG_IP_NF_TARGET_ULOG=m
+CONFIG_NF_NAT=m
+CONFIG_NF_NAT_NEEDED=y
+CONFIG_IP_NF_TARGET_MASQUERADE=m
+CONFIG_IP_NF_TARGET_NETMAP=m
+CONFIG_IP_NF_TARGET_REDIRECT=m
+CONFIG_NF_NAT_SNMP_BASIC=m
+CONFIG_NF_NAT_PROTO_DCCP=m
+CONFIG_NF_NAT_PROTO_GRE=m
+CONFIG_NF_NAT_PROTO_UDPLITE=m
+CONFIG_NF_NAT_PROTO_SCTP=m
+CONFIG_NF_NAT_FTP=m
+CONFIG_NF_NAT_IRC=m
+CONFIG_NF_NAT_TFTP=m
+CONFIG_NF_NAT_AMANDA=m
+CONFIG_NF_NAT_PPTP=m
+CONFIG_NF_NAT_H323=m
+CONFIG_NF_NAT_SIP=m
+CONFIG_IP_NF_MANGLE=m
+CONFIG_IP_NF_TARGET_CLUSTERIP=m
+CONFIG_IP_NF_TARGET_ECN=m
+CONFIG_IP_NF_TARGET_TTL=m
+CONFIG_IP_NF_RAW=m
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP_NF_ARPTABLES=m
+CONFIG_IP_NF_ARPFILTER=m
+CONFIG_IP_NF_ARP_MANGLE=m
+
+#
+# IPv6: Netfilter Configuration
+#
+CONFIG_NF_CONNTRACK_IPV6=m
+CONFIG_IP6_NF_QUEUE=m
+CONFIG_IP6_NF_IPTABLES=m
+CONFIG_IP6_NF_MATCH_AH=m
+CONFIG_IP6_NF_MATCH_EUI64=m
+CONFIG_IP6_NF_MATCH_FRAG=m
+CONFIG_IP6_NF_MATCH_OPTS=m
+CONFIG_IP6_NF_MATCH_HL=m
+CONFIG_IP6_NF_MATCH_IPV6HEADER=m
+CONFIG_IP6_NF_MATCH_MH=m
+CONFIG_IP6_NF_MATCH_RT=m
+CONFIG_IP6_NF_TARGET_LOG=m
+CONFIG_IP6_NF_FILTER=m
+CONFIG_IP6_NF_TARGET_REJECT=m
+CONFIG_IP6_NF_MANGLE=m
+CONFIG_IP6_NF_TARGET_HL=m
+CONFIG_IP6_NF_RAW=m
+CONFIG_IP6_NF_SECURITY=m
+
+#
+# DECnet: Netfilter Configuration
+#
+CONFIG_DECNET_NF_GRABULATOR=m
+CONFIG_BRIDGE_NF_EBTABLES=m
+CONFIG_BRIDGE_EBT_BROUTE=m
+CONFIG_BRIDGE_EBT_T_FILTER=m
+CONFIG_BRIDGE_EBT_T_NAT=m
+CONFIG_BRIDGE_EBT_802_3=m
+CONFIG_BRIDGE_EBT_AMONG=m
+CONFIG_BRIDGE_EBT_ARP=m
+CONFIG_BRIDGE_EBT_IP=m
+CONFIG_BRIDGE_EBT_IP6=m
+CONFIG_BRIDGE_EBT_LIMIT=m
+CONFIG_BRIDGE_EBT_MARK=m
+CONFIG_BRIDGE_EBT_PKTTYPE=m
+CONFIG_BRIDGE_EBT_STP=m
+CONFIG_BRIDGE_EBT_VLAN=m
+CONFIG_BRIDGE_EBT_ARPREPLY=m
+CONFIG_BRIDGE_EBT_DNAT=m
+CONFIG_BRIDGE_EBT_MARK_T=m
+CONFIG_BRIDGE_EBT_REDIRECT=m
+CONFIG_BRIDGE_EBT_SNAT=m
+CONFIG_BRIDGE_EBT_LOG=m
+CONFIG_BRIDGE_EBT_ULOG=m
+CONFIG_BRIDGE_EBT_NFLOG=m
+CONFIG_IP_DCCP=m
+CONFIG_INET_DCCP_DIAG=m
+
+#
+# DCCP CCIDs Configuration (EXPERIMENTAL)
+#
+# CONFIG_IP_DCCP_CCID2_DEBUG is not set
+CONFIG_IP_DCCP_CCID3=y
+# CONFIG_IP_DCCP_CCID3_DEBUG is not set
+CONFIG_IP_DCCP_CCID3_RTO=100
+CONFIG_IP_DCCP_TFRC_LIB=y
+CONFIG_IP_SCTP=m
+# CONFIG_SCTP_DBG_MSG is not set
+# CONFIG_SCTP_DBG_OBJCNT is not set
+# CONFIG_SCTP_HMAC_NONE is not set
+CONFIG_SCTP_HMAC_SHA1=y
+# CONFIG_SCTP_HMAC_MD5 is not set
+CONFIG_TIPC=m
+# CONFIG_TIPC_ADVANCED is not set
+# CONFIG_TIPC_DEBUG is not set
+CONFIG_ATM=m
+CONFIG_ATM_CLIP=m
+# CONFIG_ATM_CLIP_NO_ICMP is not set
+CONFIG_ATM_LANE=m
+CONFIG_ATM_MPOA=m
+CONFIG_ATM_BR2684=m
+# CONFIG_ATM_BR2684_IPFILTER is not set
+CONFIG_STP=m
+CONFIG_BRIDGE=m
+# CONFIG_NET_DSA is not set
+CONFIG_VLAN_8021Q=m
+# CONFIG_VLAN_8021Q_GVRP is not set
+CONFIG_DECNET=m
+CONFIG_DECNET_ROUTER=y
+CONFIG_LLC=m
+CONFIG_LLC2=m
+CONFIG_IPX=m
+# CONFIG_IPX_INTERN is not set
+CONFIG_ATALK=m
+CONFIG_DEV_APPLETALK=m
+CONFIG_LTPC=m
+CONFIG_COPS=m
+CONFIG_COPS_DAYNA=y
+CONFIG_COPS_TANGENT=y
+CONFIG_IPDDP=m
+CONFIG_IPDDP_ENCAP=y
+CONFIG_IPDDP_DECAP=y
+CONFIG_X25=m
+CONFIG_LAPB=m
+CONFIG_ECONET=m
+CONFIG_ECONET_AUNUDP=y
+CONFIG_ECONET_NATIVE=y
+CONFIG_WAN_ROUTER=m
+CONFIG_NET_SCHED=y
+
+#
+# Queueing/Scheduling
+#
+CONFIG_NET_SCH_CBQ=m
+CONFIG_NET_SCH_HTB=m
+CONFIG_NET_SCH_HFSC=m
+CONFIG_NET_SCH_ATM=m
+CONFIG_NET_SCH_PRIO=m
+CONFIG_NET_SCH_MULTIQ=m
+CONFIG_NET_SCH_RED=m
+CONFIG_NET_SCH_SFQ=m
+CONFIG_NET_SCH_TEQL=m
+CONFIG_NET_SCH_TBF=m
+CONFIG_NET_SCH_GRED=m
+CONFIG_NET_SCH_DSMARK=m
+CONFIG_NET_SCH_NETEM=m
+CONFIG_NET_SCH_DRR=m
+CONFIG_NET_SCH_INGRESS=m
+
+#
+# Classification
+#
+CONFIG_NET_CLS=y
+CONFIG_NET_CLS_BASIC=m
+CONFIG_NET_CLS_TCINDEX=m
+CONFIG_NET_CLS_ROUTE4=m
+CONFIG_NET_CLS_ROUTE=y
+CONFIG_NET_CLS_FW=m
+CONFIG_NET_CLS_U32=m
+CONFIG_CLS_U32_PERF=y
+CONFIG_CLS_U32_MARK=y
+CONFIG_NET_CLS_RSVP=m
+CONFIG_NET_CLS_RSVP6=m
+CONFIG_NET_CLS_FLOW=m
+CONFIG_NET_EMATCH=y
+CONFIG_NET_EMATCH_STACK=32
+CONFIG_NET_EMATCH_CMP=m
+CONFIG_NET_EMATCH_NBYTE=m
+CONFIG_NET_EMATCH_U32=m
+CONFIG_NET_EMATCH_META=m
+CONFIG_NET_EMATCH_TEXT=m
+CONFIG_NET_CLS_ACT=y
+CONFIG_NET_ACT_POLICE=m
+CONFIG_NET_ACT_GACT=m
+CONFIG_GACT_PROB=y
+CONFIG_NET_ACT_MIRRED=m
+CONFIG_NET_ACT_IPT=m
+CONFIG_NET_ACT_NAT=m
+CONFIG_NET_ACT_PEDIT=m
+CONFIG_NET_ACT_SIMP=m
+CONFIG_NET_ACT_SKBEDIT=m
+# CONFIG_NET_CLS_IND is not set
+CONFIG_NET_SCH_FIFO=y
+# CONFIG_DCB is not set
+
+#
+# Network testing
+#
+CONFIG_NET_PKTGEN=m
+# CONFIG_HAMRADIO is not set
+CONFIG_CAN=m
+CONFIG_CAN_RAW=m
+CONFIG_CAN_BCM=m
+
+#
+# CAN Device Drivers
+#
+CONFIG_CAN_VCAN=m
+# CONFIG_CAN_DEBUG_DEVICES is not set
+CONFIG_IRDA=m
+
+#
+# IrDA protocols
+#
+CONFIG_IRLAN=m
+CONFIG_IRNET=m
+CONFIG_IRCOMM=m
+CONFIG_IRDA_ULTRA=y
+
+#
+# IrDA options
+#
+CONFIG_IRDA_CACHE_LAST_LSAP=y
+CONFIG_IRDA_FAST_RR=y
+# CONFIG_IRDA_DEBUG is not set
+
+#
+# Infrared-port device drivers
+#
+
+#
+# SIR device drivers
+#
+CONFIG_IRTTY_SIR=m
+
+#
+# Dongle support
+#
+CONFIG_DONGLE=y
+CONFIG_ESI_DONGLE=m
+CONFIG_ACTISYS_DONGLE=m
+CONFIG_TEKRAM_DONGLE=m
+CONFIG_TOIM3232_DONGLE=m
+CONFIG_LITELINK_DONGLE=m
+CONFIG_MA600_DONGLE=m
+CONFIG_GIRBIL_DONGLE=m
+CONFIG_MCP2120_DONGLE=m
+CONFIG_OLD_BELKIN_DONGLE=m
+CONFIG_ACT200L_DONGLE=m
+CONFIG_KINGSUN_DONGLE=m
+CONFIG_KSDAZZLE_DONGLE=m
+CONFIG_KS959_DONGLE=m
+
+#
+# FIR device drivers
+#
+CONFIG_USB_IRDA=m
+CONFIG_SIGMATEL_FIR=m
+CONFIG_NSC_FIR=m
+CONFIG_WINBOND_FIR=m
+CONFIG_TOSHIBA_FIR=m
+CONFIG_SMC_IRCC_FIR=m
+CONFIG_ALI_FIR=m
+CONFIG_VLSI_FIR=m
+CONFIG_VIA_FIR=m
+CONFIG_MCS_FIR=m
+CONFIG_BT=m
+CONFIG_BT_L2CAP=m
+CONFIG_BT_SCO=m
+CONFIG_BT_RFCOMM=m
+CONFIG_BT_RFCOMM_TTY=y
+CONFIG_BT_BNEP=m
+CONFIG_BT_BNEP_MC_FILTER=y
+CONFIG_BT_BNEP_PROTO_FILTER=y
+CONFIG_BT_CMTP=m
+CONFIG_BT_HIDP=m
+
+#
+# Bluetooth device drivers
+#
+CONFIG_BT_HCIBTUSB=m
+CONFIG_BT_HCIBTSDIO=m
+CONFIG_BT_HCIUART=m
+CONFIG_BT_HCIUART_H4=y
+CONFIG_BT_HCIUART_BCSP=y
+CONFIG_BT_HCIUART_LL=y
+CONFIG_BT_HCIBCM203X=m
+CONFIG_BT_HCIBPA10X=m
+CONFIG_BT_HCIBFUSB=m
+CONFIG_BT_HCIDTL1=m
+CONFIG_BT_HCIBT3C=m
+CONFIG_BT_HCIBLUECARD=m
+CONFIG_BT_HCIBTUART=m
+CONFIG_BT_HCIVHCI=m
+CONFIG_AF_RXRPC=m
+# CONFIG_AF_RXRPC_DEBUG is not set
+CONFIG_RXKAD=m
+CONFIG_PHONET=m
+CONFIG_FIB_RULES=y
+CONFIG_WIRELESS=y
+CONFIG_CFG80211=m
+# CONFIG_CFG80211_REG_DEBUG is not set
+CONFIG_NL80211=y
+CONFIG_WIRELESS_OLD_REGULATORY=y
+CONFIG_WIRELESS_EXT=y
+CONFIG_WIRELESS_EXT_SYSFS=y
+CONFIG_LIB80211=m
+CONFIG_LIB80211_CRYPT_WEP=m
+CONFIG_LIB80211_CRYPT_CCMP=m
+CONFIG_LIB80211_CRYPT_TKIP=m
+# CONFIG_LIB80211_DEBUG is not set
+CONFIG_MAC80211=m
+
+#
+# Rate control algorithm selection
+#
+CONFIG_MAC80211_RC_PID=y
+CONFIG_MAC80211_RC_MINSTREL=y
+CONFIG_MAC80211_RC_DEFAULT_PID=y
+# CONFIG_MAC80211_RC_DEFAULT_MINSTREL is not set
+CONFIG_MAC80211_RC_DEFAULT="pid"
+CONFIG_MAC80211_MESH=y
+CONFIG_MAC80211_LEDS=y
+# CONFIG_MAC80211_DEBUG_MENU is not set
+CONFIG_WIMAX=m
+CONFIG_WIMAX_DEBUG_LEVEL=8
+CONFIG_RFKILL=m
+CONFIG_RFKILL_INPUT=m
+CONFIG_RFKILL_LEDS=y
+CONFIG_NET_9P=m
+CONFIG_NET_9P_VIRTIO=m
+CONFIG_NET_9P_RDMA=m
+# CONFIG_NET_9P_DEBUG is not set
+
+#
+# Device Drivers
+#
+
+#
+# Generic Driver Options
+#
+CONFIG_UEVENT_HELPER_PATH="/sbin/hotplug"
+CONFIG_STANDALONE=y
+# CONFIG_PREVENT_FIRMWARE_BUILD is not set
+CONFIG_FW_LOADER=m
+# CONFIG_FIRMWARE_IN_KERNEL is not set
+CONFIG_EXTRA_FIRMWARE=""
+# CONFIG_SYS_HYPERVISOR is not set
+CONFIG_CONNECTOR=m
+CONFIG_MTD=m
+# CONFIG_MTD_DEBUG is not set
+CONFIG_MTD_CONCAT=m
+CONFIG_MTD_PARTITIONS=y
+CONFIG_MTD_TESTS=m
+CONFIG_MTD_REDBOOT_PARTS=m
+CONFIG_MTD_REDBOOT_DIRECTORY_BLOCK=-1
+# CONFIG_MTD_REDBOOT_PARTS_UNALLOCATED is not set
+# CONFIG_MTD_REDBOOT_PARTS_READONLY is not set
+CONFIG_MTD_AR7_PARTS=m
+
+#
+# User Modules And Translation Layers
+#
+CONFIG_MTD_CHAR=m
+CONFIG_HAVE_MTD_OTP=y
+CONFIG_MTD_BLKDEVS=m
+CONFIG_MTD_BLOCK=m
+CONFIG_MTD_BLOCK_RO=m
+CONFIG_FTL=m
+CONFIG_NFTL=m
+CONFIG_NFTL_RW=y
+CONFIG_INFTL=m
+CONFIG_RFD_FTL=m
+CONFIG_SSFDC=m
+CONFIG_MTD_OOPS=m
+
+#
+# RAM/ROM/Flash chip drivers
+#
+CONFIG_MTD_CFI=m
+CONFIG_MTD_JEDECPROBE=m
+CONFIG_MTD_GEN_PROBE=m
+# CONFIG_MTD_CFI_ADV_OPTIONS is not set
+CONFIG_MTD_MAP_BANK_WIDTH_1=y
+CONFIG_MTD_MAP_BANK_WIDTH_2=y
+CONFIG_MTD_MAP_BANK_WIDTH_4=y
+# CONFIG_MTD_MAP_BANK_WIDTH_8 is not set
+# CONFIG_MTD_MAP_BANK_WIDTH_16 is not set
+# CONFIG_MTD_MAP_BANK_WIDTH_32 is not set
+CONFIG_MTD_CFI_I1=y
+CONFIG_MTD_CFI_I2=y
+# CONFIG_MTD_CFI_I4 is not set
+# CONFIG_MTD_CFI_I8 is not set
+CONFIG_MTD_CFI_INTELEXT=m
+CONFIG_MTD_CFI_AMDSTD=m
+CONFIG_MTD_CFI_STAA=m
+CONFIG_MTD_CFI_UTIL=m
+CONFIG_MTD_RAM=m
+CONFIG_MTD_ROM=m
+CONFIG_MTD_ABSENT=m
+
+#
+# Mapping drivers for chip access
+#
+CONFIG_MTD_COMPLEX_MAPPINGS=y
+CONFIG_MTD_PHYSMAP=m
+# CONFIG_MTD_PHYSMAP_COMPAT is not set
+CONFIG_MTD_SC520CDP=m
+CONFIG_MTD_NETSC520=m
+CONFIG_MTD_TS5500=m
+CONFIG_MTD_SBC_GXX=m
+CONFIG_MTD_SCx200_DOCFLASH=m
+CONFIG_MTD_AMD76XROM=m
+CONFIG_MTD_ICHXROM=m
+CONFIG_MTD_ESB2ROM=m
+CONFIG_MTD_CK804XROM=m
+CONFIG_MTD_SCB2_FLASH=m
+CONFIG_MTD_NETtel=m
+CONFIG_MTD_DILNETPC=m
+CONFIG_MTD_DILNETPC_BOOTSIZE=0x80000
+CONFIG_MTD_L440GX=m
+CONFIG_MTD_PCI=m
+CONFIG_MTD_INTEL_VR_NOR=m
+CONFIG_MTD_PLATRAM=m
+
+#
+# Self-contained MTD device drivers
+#
+CONFIG_MTD_PMC551=m
+CONFIG_MTD_PMC551_BUGFIX=y
+# CONFIG_MTD_PMC551_DEBUG is not set
+CONFIG_MTD_DATAFLASH=m
+# CONFIG_MTD_DATAFLASH_WRITE_VERIFY is not set
+# CONFIG_MTD_DATAFLASH_OTP is not set
+CONFIG_MTD_M25P80=m
+CONFIG_M25PXX_USE_FAST_READ=y
+CONFIG_MTD_SLRAM=m
+CONFIG_MTD_PHRAM=m
+CONFIG_MTD_MTDRAM=m
+CONFIG_MTDRAM_TOTAL_SIZE=4096
+CONFIG_MTDRAM_ERASE_SIZE=128
+CONFIG_MTD_BLOCK2MTD=m
+
+#
+# Disk-On-Chip Device Drivers
+#
+CONFIG_MTD_DOC2000=m
+CONFIG_MTD_DOC2001=m
+CONFIG_MTD_DOC2001PLUS=m
+CONFIG_MTD_DOCPROBE=m
+CONFIG_MTD_DOCECC=m
+CONFIG_MTD_DOCPROBE_ADVANCED=y
+CONFIG_MTD_DOCPROBE_ADDRESS=0x0000
+# CONFIG_MTD_DOCPROBE_HIGH is not set
+# CONFIG_MTD_DOCPROBE_55AA is not set
+CONFIG_MTD_NAND=m
+# CONFIG_MTD_NAND_VERIFY_WRITE is not set
+CONFIG_MTD_NAND_ECC_SMC=y
+# CONFIG_MTD_NAND_MUSEUM_IDS is not set
+CONFIG_MTD_NAND_IDS=m
+CONFIG_MTD_NAND_DISKONCHIP=m
+# CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADVANCED is not set
+CONFIG_MTD_NAND_DISKONCHIP_PROBE_ADDRESS=0
+# CONFIG_MTD_NAND_DISKONCHIP_BBTWRITE is not set
+CONFIG_MTD_NAND_CAFE=m
+CONFIG_MTD_NAND_CS553X=m
+CONFIG_MTD_NAND_NANDSIM=m
+CONFIG_MTD_NAND_PLATFORM=m
+CONFIG_MTD_ALAUDA=m
+CONFIG_MTD_ONENAND=m
+# CONFIG_MTD_ONENAND_VERIFY_WRITE is not set
+CONFIG_MTD_ONENAND_OTP=y
+CONFIG_MTD_ONENAND_2X_PROGRAM=y
+CONFIG_MTD_ONENAND_SIM=m
+
+#
+# LPDDR flash memory drivers
+#
+CONFIG_MTD_LPDDR=m
+CONFIG_MTD_QINFO_PROBE=m
+
+#
+# UBI - Unsorted block images
+#
+CONFIG_MTD_UBI=m
+CONFIG_MTD_UBI_WL_THRESHOLD=4096
+CONFIG_MTD_UBI_BEB_RESERVE=1
+# CONFIG_MTD_UBI_GLUEBI is not set
+
+#
+# UBI debugging options
+#
+# CONFIG_MTD_UBI_DEBUG is not set
+CONFIG_PARPORT=m
+CONFIG_PARPORT_PC=m
+CONFIG_PARPORT_SERIAL=m
+# CONFIG_PARPORT_PC_FIFO is not set
+# CONFIG_PARPORT_PC_SUPERIO is not set
+CONFIG_PARPORT_PC_PCMCIA=m
+# CONFIG_PARPORT_GSC is not set
+CONFIG_PARPORT_AX88796=m
+# CONFIG_PARPORT_1284 is not set
+CONFIG_PARPORT_NOT_PC=y
+CONFIG_PNP=y
+# CONFIG_PNP_DEBUG_MESSAGES is not set
+
+#
+# Protocols
+#
+CONFIG_ISAPNP=y
+CONFIG_PNPBIOS=y
+# CONFIG_PNPBIOS_PROC_FS is not set
+CONFIG_PNPACPI=y
+CONFIG_BLK_DEV=y
+CONFIG_BLK_DEV_FD=m
+CONFIG_BLK_DEV_XD=m
+# CONFIG_PARIDE is not set
+CONFIG_BLK_CPQ_DA=m
+CONFIG_BLK_CPQ_CISS_DA=m
+CONFIG_CISS_SCSI_TAPE=y
+CONFIG_BLK_DEV_DAC960=m
+CONFIG_BLK_DEV_UMEM=m
+# CONFIG_BLK_DEV_COW_COMMON is not set
+CONFIG_BLK_DEV_LOOP=m
+CONFIG_BLK_DEV_CRYPTOLOOP=m
+CONFIG_BLK_DEV_NBD=m
+CONFIG_BLK_DEV_SX8=m
+CONFIG_BLK_DEV_UB=m
+CONFIG_BLK_DEV_RAM=y
+CONFIG_BLK_DEV_RAM_COUNT=16
+CONFIG_BLK_DEV_RAM_SIZE=4096
+# CONFIG_BLK_DEV_XIP is not set
+CONFIG_CDROM_PKTCDVD=m
+CONFIG_CDROM_PKTCDVD_BUFFERS=8
+# CONFIG_CDROM_PKTCDVD_WCACHE is not set
+CONFIG_ATA_OVER_ETH=m
+CONFIG_VIRTIO_BLK=m
+# CONFIG_BLK_DEV_HD is not set
+CONFIG_MISC_DEVICES=y
+CONFIG_IBM_ASM=m
+CONFIG_PHANTOM=m
+CONFIG_SGI_IOC4=m
+CONFIG_TIFM_CORE=m
+CONFIG_TIFM_7XX1=m
+CONFIG_ICS932S401=m
+CONFIG_ENCLOSURE_SERVICES=m
+CONFIG_HP_ILO=m
+CONFIG_DELL_LAPTOP=m
+CONFIG_C2PORT=m
+CONFIG_C2PORT_DURAMAR_2150=m
+
+#
+# EEPROM support
+#
+CONFIG_EEPROM_AT24=m
+CONFIG_EEPROM_AT25=m
+CONFIG_EEPROM_LEGACY=m
+CONFIG_EEPROM_93CX6=m
+CONFIG_HAVE_IDE=y
+CONFIG_IDE=m
+
+#
+# Please see Documentation/ide/ide.txt for help/info on IDE drives
+#
+CONFIG_IDE_TIMINGS=y
+CONFIG_IDE_ATAPI=y
+CONFIG_IDE_LEGACY=y
+# CONFIG_BLK_DEV_IDE_SATA is not set
+CONFIG_IDE_GD=m
+CONFIG_IDE_GD_ATA=y
+# CONFIG_IDE_GD_ATAPI is not set
+CONFIG_BLK_DEV_IDECS=m
+CONFIG_BLK_DEV_DELKIN=m
+CONFIG_BLK_DEV_IDECD=m
+# CONFIG_BLK_DEV_IDECD_VERBOSE_ERRORS is not set
+CONFIG_BLK_DEV_IDETAPE=m
+CONFIG_BLK_DEV_IDEACPI=y
+# CONFIG_IDE_TASK_IOCTL is not set
+CONFIG_IDE_PROC_FS=y
+
+#
+# IDE chipset support/bugfixes
+#
+CONFIG_IDE_GENERIC=m
+CONFIG_BLK_DEV_PLATFORM=m
+CONFIG_BLK_DEV_CMD640=m
+# CONFIG_BLK_DEV_CMD640_ENHANCED is not set
+CONFIG_BLK_DEV_IDEPNP=m
+CONFIG_BLK_DEV_IDEDMA_SFF=y
+
+#
+# PCI IDE chipsets support
+#
+CONFIG_BLK_DEV_IDEPCI=y
+# CONFIG_BLK_DEV_OFFBOARD is not set
+CONFIG_BLK_DEV_GENERIC=m
+CONFIG_BLK_DEV_OPTI621=m
+CONFIG_BLK_DEV_RZ1000=m
+CONFIG_BLK_DEV_IDEDMA_PCI=y
+CONFIG_BLK_DEV_AEC62XX=m
+CONFIG_BLK_DEV_ALI15X3=m
+CONFIG_BLK_DEV_AMD74XX=m
+CONFIG_BLK_DEV_ATIIXP=m
+CONFIG_BLK_DEV_CMD64X=m
+CONFIG_BLK_DEV_TRIFLEX=m
+CONFIG_BLK_DEV_CS5520=m
+CONFIG_BLK_DEV_CS5530=m
+CONFIG_BLK_DEV_CS5535=m
+CONFIG_BLK_DEV_CS5536=m
+CONFIG_BLK_DEV_HPT366=m
+CONFIG_BLK_DEV_JMICRON=m
+CONFIG_BLK_DEV_SC1200=m
+CONFIG_BLK_DEV_PIIX=m
+CONFIG_BLK_DEV_IT8172=m
+CONFIG_BLK_DEV_IT8213=m
+CONFIG_BLK_DEV_IT821X=m
+CONFIG_BLK_DEV_NS87415=m
+CONFIG_BLK_DEV_PDC202XX_OLD=m
+CONFIG_BLK_DEV_PDC202XX_NEW=m
+CONFIG_BLK_DEV_SVWKS=m
+CONFIG_BLK_DEV_SIIMAGE=m
+CONFIG_BLK_DEV_SIS5513=m
+CONFIG_BLK_DEV_SLC90E66=m
+CONFIG_BLK_DEV_TRM290=m
+CONFIG_BLK_DEV_VIA82CXXX=m
+CONFIG_BLK_DEV_TC86C001=m
+
+#
+# Other IDE chipsets support
+#
+
+#
+# Note: most of these also require special kernel boot parameters
+#
+CONFIG_BLK_DEV_4DRIVES=m
+CONFIG_BLK_DEV_ALI14XX=m
+CONFIG_BLK_DEV_DTC2278=m
+CONFIG_BLK_DEV_HT6560B=m
+CONFIG_BLK_DEV_QD65XX=m
+CONFIG_BLK_DEV_UMC8672=m
+CONFIG_BLK_DEV_IDEDMA=y
+
+#
+# SCSI device support
+#
+CONFIG_RAID_ATTRS=m
+CONFIG_SCSI=m
+CONFIG_SCSI_DMA=y
+CONFIG_SCSI_TGT=m
+CONFIG_SCSI_NETLINK=y
+CONFIG_SCSI_PROC_FS=y
+
+#
+# SCSI support type (disk, tape, CD-ROM)
+#
+CONFIG_BLK_DEV_SD=m
+CONFIG_CHR_DEV_ST=m
+CONFIG_CHR_DEV_OSST=m
+CONFIG_BLK_DEV_SR=m
+CONFIG_BLK_DEV_SR_VENDOR=y
+CONFIG_CHR_DEV_SG=m
+CONFIG_CHR_DEV_SCH=m
+CONFIG_SCSI_ENCLOSURE=m
+
+#
+# Some SCSI devices (e.g. CD jukebox) support multiple LUNs
+#
+CONFIG_SCSI_MULTI_LUN=y
+# CONFIG_SCSI_CONSTANTS is not set
+# CONFIG_SCSI_LOGGING is not set
+CONFIG_SCSI_SCAN_ASYNC=y
+CONFIG_SCSI_WAIT_SCAN=m
+
+#
+# SCSI Transports
+#
+CONFIG_SCSI_SPI_ATTRS=m
+CONFIG_SCSI_FC_ATTRS=m
+CONFIG_SCSI_FC_TGT_ATTRS=y
+CONFIG_SCSI_ISCSI_ATTRS=m
+CONFIG_SCSI_SAS_ATTRS=m
+CONFIG_SCSI_SAS_LIBSAS=m
+CONFIG_SCSI_SAS_ATA=y
+CONFIG_SCSI_SAS_HOST_SMP=y
+# CONFIG_SCSI_SAS_LIBSAS_DEBUG is not set
+CONFIG_SCSI_SRP_ATTRS=m
+CONFIG_SCSI_SRP_TGT_ATTRS=y
+CONFIG_SCSI_LOWLEVEL=y
+CONFIG_ISCSI_TCP=m
+CONFIG_SCSI_CXGB3_ISCSI=m
+CONFIG_BLK_DEV_3W_XXXX_RAID=m
+CONFIG_SCSI_3W_9XXX=m
+CONFIG_SCSI_7000FASST=m
+CONFIG_SCSI_ACARD=m
+CONFIG_SCSI_AHA152X=m
+CONFIG_SCSI_AHA1542=m
+CONFIG_SCSI_AACRAID=m
+CONFIG_SCSI_AIC7XXX=m
+CONFIG_AIC7XXX_CMDS_PER_DEVICE=32
+CONFIG_AIC7XXX_RESET_DELAY_MS=15000
+# CONFIG_AIC7XXX_BUILD_FIRMWARE is not set
+CONFIG_AIC7XXX_DEBUG_ENABLE=y
+CONFIG_AIC7XXX_DEBUG_MASK=0
+CONFIG_AIC7XXX_REG_PRETTY_PRINT=y
+CONFIG_SCSI_AIC7XXX_OLD=m
+CONFIG_SCSI_AIC79XX=m
+CONFIG_AIC79XX_CMDS_PER_DEVICE=32
+CONFIG_AIC79XX_RESET_DELAY_MS=15000
+# CONFIG_AIC79XX_BUILD_FIRMWARE is not set
+CONFIG_AIC79XX_DEBUG_ENABLE=y
+CONFIG_AIC79XX_DEBUG_MASK=0
+CONFIG_AIC79XX_REG_PRETTY_PRINT=y
+CONFIG_SCSI_AIC94XX=m
+# CONFIG_AIC94XX_DEBUG is not set
+CONFIG_SCSI_DPT_I2O=m
+CONFIG_SCSI_ADVANSYS=m
+CONFIG_SCSI_IN2000=m
+CONFIG_SCSI_ARCMSR=m
+CONFIG_MEGARAID_NEWGEN=y
+CONFIG_MEGARAID_MM=m
+CONFIG_MEGARAID_MAILBOX=m
+CONFIG_MEGARAID_LEGACY=m
+CONFIG_MEGARAID_SAS=m
+CONFIG_SCSI_HPTIOP=m
+CONFIG_SCSI_BUSLOGIC=m
+CONFIG_SCSI_FLASHPOINT=y
+CONFIG_LIBFC=m
+CONFIG_FCOE=m
+CONFIG_SCSI_DMX3191D=m
+CONFIG_SCSI_DTC3280=m
+CONFIG_SCSI_EATA=m
+# CONFIG_SCSI_EATA_TAGGED_QUEUE is not set
+# CONFIG_SCSI_EATA_LINKED_COMMANDS is not set
+CONFIG_SCSI_EATA_MAX_TAGS=16
+CONFIG_SCSI_FUTURE_DOMAIN=m
+CONFIG_SCSI_GDTH=m
+CONFIG_SCSI_GENERIC_NCR5380=m
+CONFIG_SCSI_GENERIC_NCR5380_MMIO=m
+CONFIG_SCSI_GENERIC_NCR53C400=y
+CONFIG_SCSI_IPS=m
+CONFIG_SCSI_INITIO=m
+CONFIG_SCSI_INIA100=m
+CONFIG_SCSI_PPA=m
+CONFIG_SCSI_IMM=m
+# CONFIG_SCSI_IZIP_EPP16 is not set
+# CONFIG_SCSI_IZIP_SLOW_CTR is not set
+CONFIG_SCSI_MVSAS=m
+CONFIG_SCSI_NCR53C406A=m
+CONFIG_SCSI_STEX=m
+CONFIG_SCSI_SYM53C8XX_2=m
+CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1
+CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16
+CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64
+CONFIG_SCSI_SYM53C8XX_MMIO=y
+CONFIG_SCSI_IPR=m
+CONFIG_SCSI_IPR_TRACE=y
+# CONFIG_SCSI_IPR_DUMP is not set
+CONFIG_SCSI_PAS16=m
+CONFIG_SCSI_QLOGIC_FAS=m
+CONFIG_SCSI_QLOGIC_1280=m
+CONFIG_SCSI_QLA_FC=m
+CONFIG_SCSI_QLA_ISCSI=m
+CONFIG_SCSI_LPFC=m
+CONFIG_SCSI_SYM53C416=m
+CONFIG_SCSI_DC395x=m
+CONFIG_SCSI_DC390T=m
+CONFIG_SCSI_T128=m
+CONFIG_SCSI_U14_34F=m
+# CONFIG_SCSI_U14_34F_TAGGED_QUEUE is not set
+# CONFIG_SCSI_U14_34F_LINKED_COMMANDS is not set
+CONFIG_SCSI_U14_34F_MAX_TAGS=8
+CONFIG_SCSI_ULTRASTOR=m
+CONFIG_SCSI_NSP32=m
+CONFIG_SCSI_DEBUG=m
+CONFIG_SCSI_SRP=m
+CONFIG_SCSI_LOWLEVEL_PCMCIA=y
+CONFIG_PCMCIA_AHA152X=m
+CONFIG_PCMCIA_FDOMAIN=m
+CONFIG_PCMCIA_NINJA_SCSI=m
+CONFIG_PCMCIA_QLOGIC=m
+CONFIG_PCMCIA_SYM53C500=m
+CONFIG_SCSI_DH=m
+CONFIG_SCSI_DH_RDAC=m
+CONFIG_SCSI_DH_HP_SW=m
+CONFIG_SCSI_DH_EMC=m
+CONFIG_SCSI_DH_ALUA=m
+CONFIG_ATA=m
+# CONFIG_ATA_NONSTANDARD is not set
+CONFIG_ATA_ACPI=y
+CONFIG_SATA_PMP=y
+CONFIG_SATA_AHCI=m
+CONFIG_SATA_SIL24=m
+CONFIG_ATA_SFF=y
+CONFIG_SATA_SVW=m
+CONFIG_ATA_PIIX=m
+CONFIG_SATA_MV=m
+CONFIG_SATA_NV=m
+CONFIG_PDC_ADMA=m
+CONFIG_SATA_QSTOR=m
+CONFIG_SATA_PROMISE=m
+CONFIG_SATA_SX4=m
+CONFIG_SATA_SIL=m
+CONFIG_SATA_SIS=m
+CONFIG_SATA_ULI=m
+CONFIG_SATA_VIA=m
+CONFIG_SATA_VITESSE=m
+CONFIG_SATA_INIC162X=m
+CONFIG_PATA_ACPI=m
+CONFIG_PATA_ALI=m
+CONFIG_PATA_AMD=m
+CONFIG_PATA_ARTOP=m
+CONFIG_PATA_ATIIXP=m
+CONFIG_PATA_CMD640_PCI=m
+CONFIG_PATA_CMD64X=m
+CONFIG_PATA_CS5520=m
+CONFIG_PATA_CS5530=m
+CONFIG_PATA_CS5535=m
+CONFIG_PATA_CS5536=m
+CONFIG_PATA_CYPRESS=m
+CONFIG_PATA_EFAR=m
+CONFIG_ATA_GENERIC=m
+CONFIG_PATA_HPT366=m
+CONFIG_PATA_HPT37X=m
+CONFIG_PATA_HPT3X2N=m
+CONFIG_PATA_HPT3X3=m
+CONFIG_PATA_HPT3X3_DMA=y
+CONFIG_PATA_ISAPNP=m
+CONFIG_PATA_IT821X=m
+CONFIG_PATA_IT8213=m
+CONFIG_PATA_JMICRON=m
+CONFIG_PATA_LEGACY=m
+CONFIG_PATA_TRIFLEX=m
+CONFIG_PATA_MARVELL=m
+CONFIG_PATA_MPIIX=m
+CONFIG_PATA_OLDPIIX=m
+CONFIG_PATA_NETCELL=m
+CONFIG_PATA_NINJA32=m
+CONFIG_PATA_NS87410=m
+CONFIG_PATA_NS87415=m
+CONFIG_PATA_OPTI=m
+CONFIG_PATA_OPTIDMA=m
+CONFIG_PATA_PCMCIA=m
+CONFIG_PATA_PDC_OLD=m
+CONFIG_PATA_QDI=m
+CONFIG_PATA_RADISYS=m
+CONFIG_PATA_RZ1000=m
+CONFIG_PATA_SC1200=m
+CONFIG_PATA_SERVERWORKS=m
+CONFIG_PATA_PDC2027X=m
+CONFIG_PATA_SIL680=m
+CONFIG_PATA_SIS=m
+CONFIG_PATA_VIA=m
+CONFIG_PATA_WINBOND=m
+CONFIG_PATA_WINBOND_VLB=m
+CONFIG_PATA_PLATFORM=m
+CONFIG_PATA_SCH=m
+CONFIG_MD=y
+CONFIG_BLK_DEV_MD=y
+# CONFIG_MD_AUTODETECT is not set
+CONFIG_MD_LINEAR=m
+CONFIG_MD_RAID0=m
+CONFIG_MD_RAID1=m
+CONFIG_MD_RAID10=m
+CONFIG_MD_RAID456=m
+CONFIG_MD_RAID5_RESHAPE=y
+CONFIG_MD_MULTIPATH=m
+CONFIG_MD_FAULTY=m
+CONFIG_BLK_DEV_DM=m
+# CONFIG_DM_DEBUG is not set
+CONFIG_DM_CRYPT=m
+CONFIG_DM_SNAPSHOT=m
+CONFIG_DM_MIRROR=m
+CONFIG_DM_ZERO=m
+CONFIG_DM_MULTIPATH=m
+CONFIG_DM_DELAY=m
+# CONFIG_DM_UEVENT is not set
+CONFIG_FUSION=y
+CONFIG_FUSION_SPI=m
+CONFIG_FUSION_FC=m
+CONFIG_FUSION_SAS=m
+CONFIG_FUSION_MAX_SGE=128
+CONFIG_FUSION_CTL=m
+# CONFIG_FUSION_LOGGING is not set
+
+#
+# IEEE 1394 (FireWire) support
+#
+
+#
+# Enable only one of the two stacks, unless you know what you are doing
+#
+CONFIG_FIREWIRE=m
+CONFIG_FIREWIRE_OHCI=m
+CONFIG_FIREWIRE_OHCI_DEBUG=y
+CONFIG_FIREWIRE_SBP2=m
+CONFIG_IEEE1394=m
+CONFIG_IEEE1394_OHCI1394=m
+CONFIG_IEEE1394_PCILYNX=m
+CONFIG_IEEE1394_SBP2=m
+# CONFIG_IEEE1394_SBP2_PHYS_DMA is not set
+CONFIG_IEEE1394_ETH1394_ROM_ENTRY=y
+CONFIG_IEEE1394_ETH1394=m
+CONFIG_IEEE1394_RAWIO=m
+CONFIG_IEEE1394_VIDEO1394=m
+CONFIG_IEEE1394_DV1394=m
+# CONFIG_IEEE1394_VERBOSEDEBUG is not set
+CONFIG_I2O=m
+CONFIG_I2O_LCT_NOTIFY_ON_CHANGES=y
+CONFIG_I2O_EXT_ADAPTEC=y
+CONFIG_I2O_CONFIG=m
+CONFIG_I2O_CONFIG_OLD_IOCTL=y
+CONFIG_I2O_BUS=m
+CONFIG_I2O_BLOCK=m
+CONFIG_I2O_SCSI=m
+CONFIG_I2O_PROC=m
+# CONFIG_MACINTOSH_DRIVERS is not set
+CONFIG_NETDEVICES=y
+CONFIG_IFB=m
+CONFIG_DUMMY=m
+CONFIG_BONDING=m
+CONFIG_MACVLAN=m
+CONFIG_EQUALIZER=m
+CONFIG_TUN=m
+CONFIG_VETH=m
+CONFIG_NET_SB1000=m
+CONFIG_ARCNET=m
+CONFIG_ARCNET_1201=m
+CONFIG_ARCNET_1051=m
+CONFIG_ARCNET_RAW=m
+CONFIG_ARCNET_CAP=m
+CONFIG_ARCNET_COM90xx=m
+CONFIG_ARCNET_COM90xxIO=m
+CONFIG_ARCNET_RIM_I=m
+CONFIG_ARCNET_COM20020=m
+CONFIG_ARCNET_COM20020_ISA=m
+CONFIG_ARCNET_COM20020_PCI=m
+CONFIG_PHYLIB=m
+
+#
+# MII PHY device drivers
+#
+CONFIG_MARVELL_PHY=m
+CONFIG_DAVICOM_PHY=m
+CONFIG_QSEMI_PHY=m
+CONFIG_LXT_PHY=m
+CONFIG_CICADA_PHY=m
+CONFIG_VITESSE_PHY=m
+CONFIG_SMSC_PHY=m
+CONFIG_BROADCOM_PHY=m
+CONFIG_ICPLUS_PHY=m
+CONFIG_REALTEK_PHY=m
+CONFIG_NATIONAL_PHY=m
+CONFIG_STE10XP=m
+CONFIG_LSI_ET1011C_PHY=m
+CONFIG_MDIO_BITBANG=m
+CONFIG_MDIO_GPIO=m
+CONFIG_NET_ETHERNET=y
+CONFIG_MII=m
+CONFIG_HAPPYMEAL=m
+CONFIG_SUNGEM=m
+CONFIG_CASSINI=m
+CONFIG_NET_VENDOR_3COM=y
+CONFIG_EL1=m
+CONFIG_EL2=m
+CONFIG_ELPLUS=m
+CONFIG_EL16=m
+CONFIG_EL3=m
+CONFIG_3C515=m
+CONFIG_VORTEX=m
+CONFIG_TYPHOON=m
+CONFIG_LANCE=m
+CONFIG_NET_VENDOR_SMC=y
+CONFIG_WD80x3=m
+CONFIG_ULTRA=m
+CONFIG_SMC9194=m
+CONFIG_ENC28J60=m
+# CONFIG_ENC28J60_WRITEVERIFY is not set
+CONFIG_NET_VENDOR_RACAL=y
+CONFIG_NI52=m
+CONFIG_NI65=m
+CONFIG_DNET=m
+CONFIG_NET_TULIP=y
+CONFIG_DE2104X=m
+CONFIG_TULIP=m
+# CONFIG_TULIP_MWI is not set
+# CONFIG_TULIP_MMIO is not set
+# CONFIG_TULIP_NAPI is not set
+CONFIG_DE4X5=m
+CONFIG_WINBOND_840=m
+CONFIG_DM9102=m
+CONFIG_ULI526X=m
+CONFIG_PCMCIA_XIRCOM=m
+CONFIG_AT1700=m
+CONFIG_DEPCA=m
+CONFIG_HP100=m
+CONFIG_NET_ISA=y
+CONFIG_E2100=m
+CONFIG_EWRK3=m
+CONFIG_EEXPRESS=m
+CONFIG_EEXPRESS_PRO=m
+CONFIG_HPLAN_PLUS=m
+CONFIG_HPLAN=m
+CONFIG_LP486E=m
+CONFIG_ETH16I=m
+CONFIG_NE2000=m
+CONFIG_ZNET=m
+CONFIG_SEEQ8005=m
+# CONFIG_IBM_NEW_EMAC_ZMII is not set
+# CONFIG_IBM_NEW_EMAC_RGMII is not set
+# CONFIG_IBM_NEW_EMAC_TAH is not set
+# CONFIG_IBM_NEW_EMAC_EMAC4 is not set
+# CONFIG_IBM_NEW_EMAC_NO_FLOW_CTRL is not set
+# CONFIG_IBM_NEW_EMAC_MAL_CLR_ICINTSTAT is not set
+# CONFIG_IBM_NEW_EMAC_MAL_COMMON_ERR is not set
+CONFIG_NET_PCI=y
+CONFIG_PCNET32=m
+CONFIG_AMD8111_ETH=m
+CONFIG_ADAPTEC_STARFIRE=m
+CONFIG_AC3200=m
+CONFIG_APRICOT=m
+CONFIG_B44=m
+CONFIG_B44_PCI_AUTOSELECT=y
+CONFIG_B44_PCICORE_AUTOSELECT=y
+CONFIG_B44_PCI=y
+CONFIG_FORCEDETH=m
+# CONFIG_FORCEDETH_NAPI is not set
+CONFIG_CS89x0=m
+CONFIG_E100=m
+CONFIG_FEALNX=m
+CONFIG_NATSEMI=m
+CONFIG_NE2K_PCI=m
+CONFIG_8139CP=m
+CONFIG_8139TOO=m
+CONFIG_8139TOO_PIO=y
+# CONFIG_8139TOO_TUNE_TWISTER is not set
+# CONFIG_8139TOO_8129 is not set
+# CONFIG_8139_OLD_RX_RESET is not set
+CONFIG_R6040=m
+CONFIG_SIS900=m
+CONFIG_EPIC100=m
+CONFIG_SMSC9420=m
+CONFIG_SUNDANCE=m
+# CONFIG_SUNDANCE_MMIO is not set
+CONFIG_TLAN=m
+CONFIG_VIA_RHINE=m
+# CONFIG_VIA_RHINE_MMIO is not set
+CONFIG_SC92031=m
+CONFIG_NET_POCKET=y
+CONFIG_ATP=m
+CONFIG_DE600=m
+CONFIG_DE620=m
+CONFIG_ATL2=m
+CONFIG_NETDEV_1000=y
+CONFIG_ACENIC=m
+# CONFIG_ACENIC_OMIT_TIGON_I is not set
+CONFIG_DL2K=m
+CONFIG_E1000=m
+CONFIG_E1000E=m
+CONFIG_IP1000=m
+CONFIG_IGB=m
+CONFIG_IGB_LRO=y
+CONFIG_NS83820=m
+CONFIG_HAMACHI=m
+CONFIG_YELLOWFIN=m
+CONFIG_R8169=m
+CONFIG_R8169_VLAN=y
+CONFIG_SIS190=m
+CONFIG_SKGE=m
+CONFIG_SKY2=m
+CONFIG_VIA_VELOCITY=m
+CONFIG_TIGON3=m
+CONFIG_BNX2=m
+CONFIG_QLA3XXX=m
+CONFIG_ATL1=m
+CONFIG_ATL1E=m
+CONFIG_ATL1C=m
+CONFIG_JME=m
+CONFIG_NETDEV_10000=y
+CONFIG_CHELSIO_T1=m
+CONFIG_CHELSIO_T1_1G=y
+CONFIG_CHELSIO_T3_DEPENDS=y
+CONFIG_CHELSIO_T3=m
+CONFIG_ENIC=m
+CONFIG_IXGBE=m
+CONFIG_IXGB=m
+CONFIG_S2IO=m
+CONFIG_MYRI10GE=m
+CONFIG_NETXEN_NIC=m
+CONFIG_NIU=m
+CONFIG_MLX4_EN=m
+CONFIG_MLX4_CORE=m
+CONFIG_MLX4_DEBUG=y
+CONFIG_TEHUTI=m
+CONFIG_BNX2X=m
+CONFIG_QLGE=m
+CONFIG_SFC=m
+CONFIG_SFC_MTD=y
+CONFIG_BE2NET=m
+# CONFIG_TR is not set
+
+#
+# Wireless LAN
+#
+CONFIG_WLAN_PRE80211=y
+CONFIG_STRIP=m
+CONFIG_ARLAN=m
+CONFIG_WAVELAN=m
+CONFIG_PCMCIA_WAVELAN=m
+CONFIG_PCMCIA_NETWAVE=m
+CONFIG_WLAN_80211=y
+CONFIG_PCMCIA_RAYCS=m
+CONFIG_LIBERTAS=m
+CONFIG_LIBERTAS_USB=m
+CONFIG_LIBERTAS_CS=m
+CONFIG_LIBERTAS_SDIO=m
+# CONFIG_LIBERTAS_DEBUG is not set
+CONFIG_LIBERTAS_THINFIRM=m
+CONFIG_LIBERTAS_THINFIRM_USB=m
+CONFIG_AIRO=m
+CONFIG_HERMES=m
+CONFIG_HERMES_CACHE_FW_ON_INIT=y
+CONFIG_PLX_HERMES=m
+CONFIG_TMD_HERMES=m
+CONFIG_NORTEL_HERMES=m
+CONFIG_PCI_HERMES=m
+CONFIG_PCMCIA_HERMES=m
+CONFIG_PCMCIA_SPECTRUM=m
+CONFIG_ATMEL=m
+CONFIG_PCI_ATMEL=m
+CONFIG_PCMCIA_ATMEL=m
+CONFIG_AIRO_CS=m
+CONFIG_PCMCIA_WL3501=m
+CONFIG_PRISM54=m
+CONFIG_USB_ZD1201=m
+CONFIG_USB_NET_RNDIS_WLAN=m
+CONFIG_RTL8180=m
+CONFIG_RTL8187=m
+CONFIG_ADM8211=m
+CONFIG_MAC80211_HWSIM=m
+CONFIG_P54_COMMON=m
+CONFIG_P54_USB=m
+CONFIG_P54_PCI=m
+CONFIG_ATH5K=m
+# CONFIG_ATH5K_DEBUG is not set
+CONFIG_ATH9K=m
+# CONFIG_ATH9K_DEBUG is not set
+CONFIG_IPW2100=m
+CONFIG_IPW2100_MONITOR=y
+# CONFIG_IPW2100_DEBUG is not set
+CONFIG_IPW2200=m
+CONFIG_IPW2200_MONITOR=y
+CONFIG_IPW2200_RADIOTAP=y
+CONFIG_IPW2200_PROMISCUOUS=y
+CONFIG_IPW2200_QOS=y
+# CONFIG_IPW2200_DEBUG is not set
+CONFIG_LIBIPW=m
+# CONFIG_LIBIPW_DEBUG is not set
+CONFIG_IWLWIFI=m
+CONFIG_IWLCORE=m
+# CONFIG_IWLWIFI_LEDS is not set
+# CONFIG_IWLWIFI_RFKILL is not set
+# CONFIG_IWLWIFI_DEBUG is not set
+CONFIG_IWLAGN=m
+CONFIG_IWLAGN_SPECTRUM_MEASUREMENT=y
+# CONFIG_IWLAGN_LEDS is not set
+CONFIG_IWL4965=y
+CONFIG_IWL5000=y
+CONFIG_IWL3945=m
+CONFIG_IWL3945_RFKILL=y
+# CONFIG_IWL3945_SPECTRUM_MEASUREMENT is not set
+CONFIG_IWL3945_LEDS=y
+# CONFIG_IWL3945_DEBUG is not set
+CONFIG_HOSTAP=m
+CONFIG_HOSTAP_FIRMWARE=y
+CONFIG_HOSTAP_FIRMWARE_NVRAM=y
+CONFIG_HOSTAP_PLX=m
+CONFIG_HOSTAP_PCI=m
+CONFIG_HOSTAP_CS=m
+CONFIG_B43=m
+CONFIG_B43_PCI_AUTOSELECT=y
+CONFIG_B43_PCICORE_AUTOSELECT=y
+CONFIG_B43_PCMCIA=y
+CONFIG_B43_PIO=y
+CONFIG_B43_LEDS=y
+CONFIG_B43_RFKILL=y
+# CONFIG_B43_DEBUG is not set
+CONFIG_B43LEGACY=m
+CONFIG_B43LEGACY_PCI_AUTOSELECT=y
+CONFIG_B43LEGACY_PCICORE_AUTOSELECT=y
+CONFIG_B43LEGACY_LEDS=y
+CONFIG_B43LEGACY_RFKILL=y
+CONFIG_B43LEGACY_DEBUG=y
+CONFIG_B43LEGACY_DMA=y
+CONFIG_B43LEGACY_PIO=y
+CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y
+# CONFIG_B43LEGACY_DMA_MODE is not set
+# CONFIG_B43LEGACY_PIO_MODE is not set
+CONFIG_ZD1211RW=m
+# CONFIG_ZD1211RW_DEBUG is not set
+CONFIG_RT2X00=m
+CONFIG_RT2400PCI=m
+CONFIG_RT2500PCI=m
+CONFIG_RT61PCI=m
+CONFIG_RT2500USB=m
+CONFIG_RT73USB=m
+CONFIG_RT2X00_LIB_PCI=m
+CONFIG_RT2X00_LIB_USB=m
+CONFIG_RT2X00_LIB=m
+CONFIG_RT2X00_LIB_FIRMWARE=y
+CONFIG_RT2X00_LIB_CRYPTO=y
+CONFIG_RT2X00_LIB_RFKILL=y
+CONFIG_RT2X00_LIB_LEDS=y
+# CONFIG_RT2X00_DEBUG is not set
+
+#
+# WiMAX Wireless Broadband devices
+#
+CONFIG_WIMAX_I2400M=m
+CONFIG_WIMAX_I2400M_USB=m
+CONFIG_WIMAX_I2400M_SDIO=m
+CONFIG_WIMAX_I2400M_DEBUG_LEVEL=8
+
+#
+# USB Network Adapters
+#
+CONFIG_USB_CATC=m
+CONFIG_USB_KAWETH=m
+CONFIG_USB_PEGASUS=m
+CONFIG_USB_RTL8150=m
+CONFIG_USB_USBNET=m
+CONFIG_USB_NET_AX8817X=m
+CONFIG_USB_NET_CDCETHER=m
+CONFIG_USB_NET_DM9601=m
+CONFIG_USB_NET_SMSC95XX=m
+CONFIG_USB_NET_GL620A=m
+CONFIG_USB_NET_NET1080=m
+CONFIG_USB_NET_PLUSB=m
+CONFIG_USB_NET_MCS7830=m
+CONFIG_USB_NET_RNDIS_HOST=m
+CONFIG_USB_NET_CDC_SUBSET=m
+CONFIG_USB_ALI_M5632=y
+CONFIG_USB_AN2720=y
+CONFIG_USB_BELKIN=y
+CONFIG_USB_ARMLINUX=y
+CONFIG_USB_EPSON2888=y
+CONFIG_USB_KC2190=y
+CONFIG_USB_NET_ZAURUS=m
+CONFIG_USB_HSO=m
+CONFIG_NET_PCMCIA=y
+CONFIG_PCMCIA_3C589=m
+CONFIG_PCMCIA_3C574=m
+CONFIG_PCMCIA_FMVJ18X=m
+CONFIG_PCMCIA_PCNET=m
+CONFIG_PCMCIA_NMCLAN=m
+CONFIG_PCMCIA_SMC91C92=m
+CONFIG_PCMCIA_XIRC2PS=m
+CONFIG_PCMCIA_AXNET=m
+CONFIG_ARCNET_COM20020_CS=m
+CONFIG_WAN=y
+CONFIG_HOSTESS_SV11=m
+CONFIG_COSA=m
+CONFIG_LANMEDIA=m
+CONFIG_SEALEVEL_4021=m
+CONFIG_HDLC=m
+CONFIG_HDLC_RAW=m
+CONFIG_HDLC_RAW_ETH=m
+CONFIG_HDLC_CISCO=m
+CONFIG_HDLC_FR=m
+CONFIG_HDLC_PPP=m
+CONFIG_HDLC_X25=m
+CONFIG_PCI200SYN=m
+CONFIG_WANXL=m
+# CONFIG_WANXL_BUILD_FIRMWARE is not set
+CONFIG_PC300TOO=m
+CONFIG_N2=m
+CONFIG_C101=m
+CONFIG_FARSYNC=m
+CONFIG_DSCC4=m
+CONFIG_DSCC4_PCISYNC=y
+CONFIG_DSCC4_PCI_RST=y
+CONFIG_DLCI=m
+CONFIG_DLCI_MAX=8
+CONFIG_SDLA=m
+CONFIG_WAN_ROUTER_DRIVERS=m
+CONFIG_CYCLADES_SYNC=m
+CONFIG_CYCLOMX_X25=y
+CONFIG_LAPBETHER=m
+CONFIG_X25_ASY=m
+CONFIG_SBNI=m
+CONFIG_SBNI_MULTILINE=y
+CONFIG_ATM_DRIVERS=y
+CONFIG_ATM_DUMMY=m
+CONFIG_ATM_TCP=m
+CONFIG_ATM_LANAI=m
+CONFIG_ATM_ENI=m
+# CONFIG_ATM_ENI_DEBUG is not set
+# CONFIG_ATM_ENI_TUNE_BURST is not set
+CONFIG_ATM_FIRESTREAM=m
+CONFIG_ATM_ZATM=m
+# CONFIG_ATM_ZATM_DEBUG is not set
+CONFIG_ATM_NICSTAR=m
+CONFIG_ATM_NICSTAR_USE_SUNI=y
+CONFIG_ATM_NICSTAR_USE_IDT77105=y
+CONFIG_ATM_IDT77252=m
+# CONFIG_ATM_IDT77252_DEBUG is not set
+# CONFIG_ATM_IDT77252_RCV_ALL is not set
+CONFIG_ATM_IDT77252_USE_SUNI=y
+CONFIG_ATM_AMBASSADOR=m
+# CONFIG_ATM_AMBASSADOR_DEBUG is not set
+CONFIG_ATM_HORIZON=m
+# CONFIG_ATM_HORIZON_DEBUG is not set
+CONFIG_ATM_IA=m
+# CONFIG_ATM_IA_DEBUG is not set
+CONFIG_ATM_FORE200E=m
+CONFIG_ATM_FORE200E_USE_TASKLET=y
+CONFIG_ATM_FORE200E_TX_RETRY=16
+CONFIG_ATM_FORE200E_DEBUG=0
+CONFIG_ATM_HE=m
+CONFIG_ATM_HE_USE_SUNI=y
+CONFIG_ATM_SOLOS=m
+CONFIG_FDDI=y
+CONFIG_DEFXX=m
+# CONFIG_DEFXX_MMIO is not set
+CONFIG_SKFP=m
+CONFIG_HIPPI=y
+CONFIG_ROADRUNNER=m
+# CONFIG_ROADRUNNER_LARGE_RINGS is not set
+CONFIG_PLIP=m
+CONFIG_PPP=m
+CONFIG_PPP_MULTILINK=y
+CONFIG_PPP_FILTER=y
+CONFIG_PPP_ASYNC=m
+CONFIG_PPP_SYNC_TTY=m
+CONFIG_PPP_DEFLATE=m
+CONFIG_PPP_BSDCOMP=m
+CONFIG_PPP_MPPE=m
+CONFIG_PPPOE=m
+CONFIG_PPPOATM=m
+CONFIG_PPPOL2TP=m
+CONFIG_SLIP=m
+CONFIG_SLIP_COMPRESSED=y
+CONFIG_SLHC=m
+CONFIG_SLIP_SMART=y
+CONFIG_SLIP_MODE_SLIP6=y
+# CONFIG_NET_FC is not set
+CONFIG_NETCONSOLE=m
+CONFIG_NETCONSOLE_DYNAMIC=y
+CONFIG_NETPOLL=y
+# CONFIG_NETPOLL_TRAP is not set
+CONFIG_NET_POLL_CONTROLLER=y
+CONFIG_VIRTIO_NET=m
+CONFIG_ISDN=y
+CONFIG_MISDN=m
+CONFIG_MISDN_DSP=m
+CONFIG_MISDN_L1OIP=m
+
+#
+# mISDN hardware drivers
+#
+CONFIG_MISDN_HFCPCI=m
+CONFIG_MISDN_HFCMULTI=m
+CONFIG_MISDN_HFCUSB=m
+# CONFIG_ISDN_I4L is not set
+CONFIG_ISDN_CAPI=m
+# CONFIG_ISDN_DRV_AVMB1_VERBOSE_REASON is not set
+# CONFIG_CAPI_TRACE is not set
+CONFIG_ISDN_CAPI_MIDDLEWARE=y
+CONFIG_ISDN_CAPI_CAPI20=m
+CONFIG_ISDN_CAPI_CAPIFS_BOOL=y
+CONFIG_ISDN_CAPI_CAPIFS=m
+
+#
+# CAPI hardware drivers
+#
+CONFIG_CAPI_AVM=y
+CONFIG_ISDN_DRV_AVMB1_B1ISA=m
+CONFIG_ISDN_DRV_AVMB1_B1PCI=m
+CONFIG_ISDN_DRV_AVMB1_B1PCIV4=y
+CONFIG_ISDN_DRV_AVMB1_T1ISA=m
+CONFIG_ISDN_DRV_AVMB1_B1PCMCIA=m
+CONFIG_ISDN_DRV_AVMB1_AVM_CS=m
+CONFIG_ISDN_DRV_AVMB1_T1PCI=m
+CONFIG_ISDN_DRV_AVMB1_C4=m
+CONFIG_CAPI_EICON=y
+CONFIG_ISDN_DIVAS=m
+CONFIG_ISDN_DIVAS_BRIPCI=y
+CONFIG_ISDN_DIVAS_PRIPCI=y
+CONFIG_ISDN_DIVAS_DIVACAPI=m
+CONFIG_ISDN_DIVAS_USERIDI=m
+CONFIG_ISDN_DIVAS_MAINT=m
+CONFIG_PHONE=m
+CONFIG_PHONE_IXJ=m
+CONFIG_PHONE_IXJ_PCMCIA=m
+
+#
+# Input device support
+#
+CONFIG_INPUT=y
+CONFIG_INPUT_FF_MEMLESS=m
+CONFIG_INPUT_POLLDEV=m
+
+#
+# Userland interfaces
+#
+CONFIG_INPUT_MOUSEDEV=m
+CONFIG_INPUT_MOUSEDEV_PSAUX=y
+CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024
+CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768
+CONFIG_INPUT_JOYDEV=m
+CONFIG_INPUT_EVDEV=m
+CONFIG_INPUT_EVBUG=m
+
+#
+# Input Device Drivers
+#
+CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ATKBD=y
+CONFIG_KEYBOARD_SUNKBD=m
+CONFIG_KEYBOARD_LKKBD=m
+CONFIG_KEYBOARD_XTKBD=m
+CONFIG_KEYBOARD_NEWTON=m
+CONFIG_KEYBOARD_STOWAWAY=m
+CONFIG_KEYBOARD_GPIO=m
+CONFIG_INPUT_MOUSE=y
+CONFIG_MOUSE_PS2=m
+CONFIG_MOUSE_PS2_ALPS=y
+CONFIG_MOUSE_PS2_LOGIPS2PP=y
+CONFIG_MOUSE_PS2_SYNAPTICS=y
+CONFIG_MOUSE_PS2_LIFEBOOK=y
+CONFIG_MOUSE_PS2_TRACKPOINT=y
+# CONFIG_MOUSE_PS2_ELANTECH is not set
+# CONFIG_MOUSE_PS2_TOUCHKIT is not set
+CONFIG_MOUSE_SERIAL=m
+CONFIG_MOUSE_APPLETOUCH=m
+CONFIG_MOUSE_BCM5974=m
+CONFIG_MOUSE_INPORT=m
+# CONFIG_MOUSE_ATIXL is not set
+CONFIG_MOUSE_LOGIBM=m
+CONFIG_MOUSE_PC110PAD=m
+CONFIG_MOUSE_VSXXXAA=m
+CONFIG_MOUSE_GPIO=m
+CONFIG_INPUT_JOYSTICK=y
+CONFIG_JOYSTICK_ANALOG=m
+CONFIG_JOYSTICK_A3D=m
+CONFIG_JOYSTICK_ADI=m
+CONFIG_JOYSTICK_COBRA=m
+CONFIG_JOYSTICK_GF2K=m
+CONFIG_JOYSTICK_GRIP=m
+CONFIG_JOYSTICK_GRIP_MP=m
+CONFIG_JOYSTICK_GUILLEMOT=m
+CONFIG_JOYSTICK_INTERACT=m
+CONFIG_JOYSTICK_SIDEWINDER=m
+CONFIG_JOYSTICK_TMDC=m
+CONFIG_JOYSTICK_IFORCE=m
+CONFIG_JOYSTICK_IFORCE_USB=y
+CONFIG_JOYSTICK_IFORCE_232=y
+CONFIG_JOYSTICK_WARRIOR=m
+CONFIG_JOYSTICK_MAGELLAN=m
+CONFIG_JOYSTICK_SPACEORB=m
+CONFIG_JOYSTICK_SPACEBALL=m
+CONFIG_JOYSTICK_STINGER=m
+CONFIG_JOYSTICK_TWIDJOY=m
+CONFIG_JOYSTICK_ZHENHUA=m
+CONFIG_JOYSTICK_DB9=m
+CONFIG_JOYSTICK_GAMECON=m
+CONFIG_JOYSTICK_TURBOGRAFX=m
+CONFIG_JOYSTICK_JOYDUMP=m
+CONFIG_JOYSTICK_XPAD=m
+# CONFIG_JOYSTICK_XPAD_FF is not set
+# CONFIG_JOYSTICK_XPAD_LEDS is not set
+CONFIG_JOYSTICK_WALKERA0701=m
+CONFIG_INPUT_TABLET=y
+CONFIG_TABLET_USB_ACECAD=m
+CONFIG_TABLET_USB_AIPTEK=m
+CONFIG_TABLET_USB_GTCO=m
+CONFIG_TABLET_USB_KBTAB=m
+CONFIG_TABLET_USB_WACOM=m
+CONFIG_INPUT_TOUCHSCREEN=y
+CONFIG_TOUCHSCREEN_ADS7846=m
+CONFIG_TOUCHSCREEN_FUJITSU=m
+CONFIG_TOUCHSCREEN_GUNZE=m
+CONFIG_TOUCHSCREEN_ELO=m
+CONFIG_TOUCHSCREEN_WACOM_W8001=m
+CONFIG_TOUCHSCREEN_MTOUCH=m
+CONFIG_TOUCHSCREEN_INEXIO=m
+CONFIG_TOUCHSCREEN_MK712=m
+CONFIG_TOUCHSCREEN_HTCPEN=m
+CONFIG_TOUCHSCREEN_PENMOUNT=m
+CONFIG_TOUCHSCREEN_TOUCHRIGHT=m
+CONFIG_TOUCHSCREEN_TOUCHWIN=m
+CONFIG_TOUCHSCREEN_UCB1400=m
+CONFIG_TOUCHSCREEN_WM97XX=m
+CONFIG_TOUCHSCREEN_WM9705=y
+CONFIG_TOUCHSCREEN_WM9712=y
+CONFIG_TOUCHSCREEN_WM9713=y
+CONFIG_TOUCHSCREEN_USB_COMPOSITE=m
+CONFIG_TOUCHSCREEN_USB_EGALAX=y
+CONFIG_TOUCHSCREEN_USB_PANJIT=y
+CONFIG_TOUCHSCREEN_USB_3M=y
+CONFIG_TOUCHSCREEN_USB_ITM=y
+CONFIG_TOUCHSCREEN_USB_ETURBO=y
+CONFIG_TOUCHSCREEN_USB_GUNZE=y
+CONFIG_TOUCHSCREEN_USB_DMC_TSC10=y
+CONFIG_TOUCHSCREEN_USB_IRTOUCH=y
+CONFIG_TOUCHSCREEN_USB_IDEALTEK=y
+CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH=y
+CONFIG_TOUCHSCREEN_USB_GOTOP=y
+CONFIG_TOUCHSCREEN_TOUCHIT213=m
+CONFIG_TOUCHSCREEN_TSC2007=m
+CONFIG_INPUT_MISC=y
+CONFIG_INPUT_PCSPKR=m
+CONFIG_INPUT_APANEL=m
+CONFIG_INPUT_WISTRON_BTNS=m
+CONFIG_INPUT_ATLAS_BTNS=m
+CONFIG_INPUT_ATI_REMOTE=m
+CONFIG_INPUT_ATI_REMOTE2=m
+CONFIG_INPUT_KEYSPAN_REMOTE=m
+CONFIG_INPUT_POWERMATE=m
+CONFIG_INPUT_YEALINK=m
+CONFIG_INPUT_CM109=m
+CONFIG_INPUT_UINPUT=m
+CONFIG_INPUT_PCF50633_PMU=m
+
+#
+# Hardware I/O ports
+#
+CONFIG_SERIO=y
+CONFIG_SERIO_I8042=y
+CONFIG_SERIO_SERPORT=m
+CONFIG_SERIO_CT82C710=m
+CONFIG_SERIO_PARKBD=m
+CONFIG_SERIO_PCIPS2=m
+CONFIG_SERIO_LIBPS2=y
+CONFIG_SERIO_RAW=m
+CONFIG_GAMEPORT=m
+CONFIG_GAMEPORT_NS558=m
+CONFIG_GAMEPORT_L4=m
+CONFIG_GAMEPORT_EMU10K1=m
+CONFIG_GAMEPORT_FM801=m
+
+#
+# Character devices
+#
+CONFIG_VT=y
+CONFIG_CONSOLE_TRANSLATIONS=y
+CONFIG_VT_CONSOLE=y
+CONFIG_HW_CONSOLE=y
+# CONFIG_VT_HW_CONSOLE_BINDING is not set
+# CONFIG_DEVKMEM is not set
+CONFIG_SERIAL_NONSTANDARD=y
+CONFIG_COMPUTONE=m
+CONFIG_ROCKETPORT=m
+CONFIG_CYCLADES=m
+# CONFIG_CYZ_INTR is not set
+CONFIG_DIGIEPCA=m
+CONFIG_MOXA_INTELLIO=m
+CONFIG_MOXA_SMARTIO=m
+CONFIG_ISI=m
+CONFIG_SYNCLINK=m
+CONFIG_SYNCLINKMP=m
+CONFIG_SYNCLINK_GT=m
+CONFIG_N_HDLC=m
+CONFIG_RISCOM8=m
+CONFIG_SPECIALIX=m
+CONFIG_SX=m
+CONFIG_RIO=m
+CONFIG_RIO_OLDPCI=y
+CONFIG_STALDRV=y
+CONFIG_STALLION=m
+CONFIG_ISTALLION=m
+CONFIG_NOZOMI=m
+
+#
+# Serial drivers
+#
+CONFIG_SERIAL_8250=y
+CONFIG_SERIAL_8250_CONSOLE=y
+CONFIG_FIX_EARLYCON_MEM=y
+CONFIG_SERIAL_8250_PCI=m
+CONFIG_SERIAL_8250_PNP=m
+CONFIG_SERIAL_8250_CS=m
+CONFIG_SERIAL_8250_NR_UARTS=16
+CONFIG_SERIAL_8250_RUNTIME_UARTS=4
+# CONFIG_SERIAL_8250_EXTENDED is not set
+
+#
+# Non-8250 serial port support
+#
+CONFIG_SERIAL_CORE=y
+CONFIG_SERIAL_CORE_CONSOLE=y
+CONFIG_SERIAL_JSM=m
+CONFIG_UNIX98_PTYS=y
+# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
+# CONFIG_LEGACY_PTYS is not set
+CONFIG_PRINTER=m
+# CONFIG_LP_CONSOLE is not set
+CONFIG_PPDEV=m
+CONFIG_HVC_DRIVER=y
+CONFIG_VIRTIO_CONSOLE=y
+CONFIG_IPMI_HANDLER=m
+# CONFIG_IPMI_PANIC_EVENT is not set
+CONFIG_IPMI_DEVICE_INTERFACE=m
+CONFIG_IPMI_SI=m
+CONFIG_IPMI_WATCHDOG=m
+CONFIG_IPMI_POWEROFF=m
+CONFIG_HW_RANDOM=m
+CONFIG_HW_RANDOM_INTEL=m
+CONFIG_HW_RANDOM_AMD=m
+CONFIG_HW_RANDOM_GEODE=m
+CONFIG_HW_RANDOM_VIA=m
+CONFIG_HW_RANDOM_VIRTIO=m
+CONFIG_NVRAM=m
+CONFIG_DTLK=m
+CONFIG_R3964=m
+CONFIG_APPLICOM=m
+CONFIG_SONYPI=m
+
+#
+# PCMCIA character devices
+#
+CONFIG_SYNCLINK_CS=m
+CONFIG_CARDMAN_4000=m
+CONFIG_CARDMAN_4040=m
+CONFIG_IPWIRELESS=m
+CONFIG_MWAVE=m
+CONFIG_SCx200_GPIO=m
+CONFIG_PC8736x_GPIO=m
+CONFIG_NSC_GPIO=m
+CONFIG_CS5535_GPIO=m
+CONFIG_RAW_DRIVER=m
+CONFIG_MAX_RAW_DEVS=256
+CONFIG_HPET=y
+CONFIG_HPET_MMAP=y
+CONFIG_HANGCHECK_TIMER=m
+CONFIG_TCG_TPM=m
+CONFIG_TCG_TIS=m
+CONFIG_TCG_NSC=m
+CONFIG_TCG_ATMEL=m
+CONFIG_TCG_INFINEON=m
+CONFIG_TELCLOCK=m
+CONFIG_DEVPORT=y
+CONFIG_I2C=m
+CONFIG_I2C_BOARDINFO=y
+CONFIG_I2C_CHARDEV=m
+CONFIG_I2C_HELPER_AUTO=y
+CONFIG_I2C_ALGOBIT=m
+CONFIG_I2C_ALGOPCA=m
+
+#
+# I2C Hardware Bus support
+#
+
+#
+# PC SMBus host controller drivers
+#
+CONFIG_I2C_ALI1535=m
+CONFIG_I2C_ALI1563=m
+CONFIG_I2C_ALI15X3=m
+CONFIG_I2C_AMD756=m
+CONFIG_I2C_AMD756_S4882=m
+CONFIG_I2C_AMD8111=m
+CONFIG_I2C_I801=m
+CONFIG_I2C_ISCH=m
+CONFIG_I2C_PIIX4=m
+CONFIG_I2C_NFORCE2=m
+CONFIG_I2C_NFORCE2_S4985=m
+CONFIG_I2C_SIS5595=m
+CONFIG_I2C_SIS630=m
+CONFIG_I2C_SIS96X=m
+CONFIG_I2C_VIA=m
+CONFIG_I2C_VIAPRO=m
+
+#
+# I2C system bus drivers (mostly embedded / system-on-chip)
+#
+CONFIG_I2C_GPIO=m
+CONFIG_I2C_OCORES=m
+CONFIG_I2C_SIMTEC=m
+
+#
+# External I2C/SMBus adapter drivers
+#
+CONFIG_I2C_PARPORT=m
+CONFIG_I2C_PARPORT_LIGHT=m
+CONFIG_I2C_TAOS_EVM=m
+CONFIG_I2C_TINY_USB=m
+
+#
+# Graphics adapter I2C/DDC channel drivers
+#
+CONFIG_I2C_VOODOO3=m
+
+#
+# Other I2C/SMBus bus drivers
+#
+CONFIG_I2C_PCA_ISA=m
+CONFIG_I2C_PCA_PLATFORM=m
+CONFIG_I2C_STUB=m
+CONFIG_SCx200_I2C=m
+CONFIG_SCx200_I2C_SCL=12
+CONFIG_SCx200_I2C_SDA=13
+CONFIG_SCx200_ACB=m
+
+#
+# Miscellaneous I2C Chip support
+#
+CONFIG_DS1682=m
+CONFIG_SENSORS_PCF8591=m
+CONFIG_SENSORS_MAX6875=m
+CONFIG_SENSORS_TSL2550=m
+# CONFIG_I2C_DEBUG_CORE is not set
+# CONFIG_I2C_DEBUG_ALGO is not set
+# CONFIG_I2C_DEBUG_BUS is not set
+# CONFIG_I2C_DEBUG_CHIP is not set
+CONFIG_SPI=y
+CONFIG_SPI_MASTER=y
+
+#
+# SPI Master Controller Drivers
+#
+CONFIG_SPI_BITBANG=m
+CONFIG_SPI_BUTTERFLY=m
+CONFIG_SPI_GPIO=m
+CONFIG_SPI_LM70_LLP=m
+
+#
+# SPI Protocol Masters
+#
+CONFIG_SPI_SPIDEV=m
+CONFIG_SPI_TLE62X0=m
+CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y
+CONFIG_GPIOLIB=y
+# CONFIG_GPIO_SYSFS is not set
+
+#
+# Memory mapped GPIO expanders:
+#
+
+#
+# I2C GPIO expanders:
+#
+CONFIG_GPIO_MAX732X=m
+CONFIG_GPIO_PCA953X=m
+CONFIG_GPIO_PCF857X=m
+
+#
+# PCI GPIO expanders:
+#
+
+#
+# SPI GPIO expanders:
+#
+CONFIG_GPIO_MAX7301=m
+CONFIG_GPIO_MCP23S08=m
+CONFIG_W1=m
+CONFIG_W1_CON=y
+
+#
+# 1-wire Bus Masters
+#
+CONFIG_W1_MASTER_MATROX=m
+CONFIG_W1_MASTER_DS2490=m
+CONFIG_W1_MASTER_DS2482=m
+CONFIG_W1_MASTER_GPIO=m
+
+#
+# 1-wire Slaves
+#
+CONFIG_W1_SLAVE_THERM=m
+CONFIG_W1_SLAVE_SMEM=m
+CONFIG_W1_SLAVE_DS2431=m
+CONFIG_W1_SLAVE_DS2433=m
+# CONFIG_W1_SLAVE_DS2433_CRC is not set
+CONFIG_W1_SLAVE_DS2760=m
+CONFIG_W1_SLAVE_BQ27000=m
+CONFIG_POWER_SUPPLY=y
+# CONFIG_POWER_SUPPLY_DEBUG is not set
+CONFIG_PDA_POWER=m
+CONFIG_WM8350_POWER=m
+CONFIG_BATTERY_DS2760=m
+CONFIG_BATTERY_BQ27x00=m
+CONFIG_CHARGER_PCF50633=m
+CONFIG_HWMON=m
+CONFIG_HWMON_VID=m
+CONFIG_SENSORS_ABITUGURU=m
+CONFIG_SENSORS_ABITUGURU3=m
+CONFIG_SENSORS_AD7414=m
+CONFIG_SENSORS_AD7418=m
+CONFIG_SENSORS_ADCXX=m
+CONFIG_SENSORS_ADM1021=m
+CONFIG_SENSORS_ADM1025=m
+CONFIG_SENSORS_ADM1026=m
+CONFIG_SENSORS_ADM1029=m
+CONFIG_SENSORS_ADM1031=m
+CONFIG_SENSORS_ADM9240=m
+CONFIG_SENSORS_ADT7462=m
+CONFIG_SENSORS_ADT7470=m
+CONFIG_SENSORS_ADT7473=m
+CONFIG_SENSORS_ADT7475=m
+CONFIG_SENSORS_K8TEMP=m
+CONFIG_SENSORS_ASB100=m
+CONFIG_SENSORS_ATXP1=m
+CONFIG_SENSORS_DS1621=m
+CONFIG_SENSORS_I5K_AMB=m
+CONFIG_SENSORS_F71805F=m
+CONFIG_SENSORS_F71882FG=m
+CONFIG_SENSORS_F75375S=m
+CONFIG_SENSORS_FSCHER=m
+CONFIG_SENSORS_FSCPOS=m
+CONFIG_SENSORS_FSCHMD=m
+CONFIG_SENSORS_GL518SM=m
+CONFIG_SENSORS_GL520SM=m
+CONFIG_SENSORS_CORETEMP=m
+CONFIG_SENSORS_IBMAEM=m
+CONFIG_SENSORS_IBMPEX=m
+CONFIG_SENSORS_IT87=m
+CONFIG_SENSORS_LM63=m
+CONFIG_SENSORS_LM70=m
+CONFIG_SENSORS_LM75=m
+CONFIG_SENSORS_LM77=m
+CONFIG_SENSORS_LM78=m
+CONFIG_SENSORS_LM80=m
+CONFIG_SENSORS_LM83=m
+CONFIG_SENSORS_LM85=m
+CONFIG_SENSORS_LM87=m
+CONFIG_SENSORS_LM90=m
+CONFIG_SENSORS_LM92=m
+CONFIG_SENSORS_LM93=m
+CONFIG_SENSORS_LTC4245=m
+CONFIG_SENSORS_MAX1111=m
+CONFIG_SENSORS_MAX1619=m
+CONFIG_SENSORS_MAX6650=m
+CONFIG_SENSORS_PC87360=m
+CONFIG_SENSORS_PC87427=m
+CONFIG_SENSORS_SIS5595=m
+CONFIG_SENSORS_DME1737=m
+CONFIG_SENSORS_SMSC47M1=m
+CONFIG_SENSORS_SMSC47M192=m
+CONFIG_SENSORS_SMSC47B397=m
+CONFIG_SENSORS_ADS7828=m
+CONFIG_SENSORS_THMC50=m
+CONFIG_SENSORS_VIA686A=m
+CONFIG_SENSORS_VT1211=m
+CONFIG_SENSORS_VT8231=m
+CONFIG_SENSORS_W83781D=m
+CONFIG_SENSORS_W83791D=m
+CONFIG_SENSORS_W83792D=m
+CONFIG_SENSORS_W83793=m
+CONFIG_SENSORS_W83L785TS=m
+CONFIG_SENSORS_W83L786NG=m
+CONFIG_SENSORS_W83627HF=m
+CONFIG_SENSORS_W83627EHF=m
+CONFIG_SENSORS_HDAPS=m
+CONFIG_SENSORS_LIS3LV02D=m
+CONFIG_SENSORS_APPLESMC=m
+# CONFIG_HWMON_DEBUG_CHIP is not set
+CONFIG_THERMAL=y
+CONFIG_WATCHDOG=y
+# CONFIG_WATCHDOG_NOWAYOUT is not set
+
+#
+# Watchdog Device Drivers
+#
+CONFIG_SOFT_WATCHDOG=m
+CONFIG_WM8350_WATCHDOG=m
+CONFIG_ACQUIRE_WDT=m
+CONFIG_ADVANTECH_WDT=m
+CONFIG_ALIM1535_WDT=m
+CONFIG_ALIM7101_WDT=m
+CONFIG_SC520_WDT=m
+CONFIG_EUROTECH_WDT=m
+CONFIG_IB700_WDT=m
+CONFIG_IBMASR=m
+CONFIG_WAFER_WDT=m
+CONFIG_I6300ESB_WDT=m
+CONFIG_ITCO_WDT=m
+CONFIG_ITCO_VENDOR_SUPPORT=y
+CONFIG_IT8712F_WDT=m
+CONFIG_IT87_WDT=m
+CONFIG_HP_WATCHDOG=m
+CONFIG_SC1200_WDT=m
+CONFIG_SCx200_WDT=m
+CONFIG_PC87413_WDT=m
+CONFIG_60XX_WDT=m
+CONFIG_SBC8360_WDT=m
+CONFIG_SBC7240_WDT=m
+CONFIG_CPU5_WDT=m
+CONFIG_SMSC_SCH311X_WDT=m
+CONFIG_SMSC37B787_WDT=m
+CONFIG_W83627HF_WDT=m
+CONFIG_W83697HF_WDT=m
+CONFIG_W83697UG_WDT=m
+CONFIG_W83877F_WDT=m
+CONFIG_W83977F_WDT=m
+CONFIG_MACHZ_WDT=m
+CONFIG_SBC_EPX_C3_WATCHDOG=m
+
+#
+# ISA-based Watchdog Cards
+#
+CONFIG_PCWATCHDOG=m
+CONFIG_MIXCOMWD=m
+CONFIG_WDT=m
+CONFIG_WDT_501=y
+
+#
+# PCI-based Watchdog Cards
+#
+CONFIG_PCIPCWATCHDOG=m
+CONFIG_WDTPCI=m
+CONFIG_WDT_501_PCI=y
+
+#
+# USB-based Watchdog Cards
+#
+CONFIG_USBPCWATCHDOG=m
+CONFIG_SSB_POSSIBLE=y
+
+#
+# Sonics Silicon Backplane
+#
+CONFIG_SSB=m
+CONFIG_SSB_SPROM=y
+CONFIG_SSB_BLOCKIO=y
+CONFIG_SSB_PCIHOST_POSSIBLE=y
+CONFIG_SSB_PCIHOST=y
+CONFIG_SSB_B43_PCI_BRIDGE=y
+CONFIG_SSB_PCMCIAHOST_POSSIBLE=y
+CONFIG_SSB_PCMCIAHOST=y
+# CONFIG_SSB_SILENT is not set
+# CONFIG_SSB_DEBUG is not set
+CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y
+CONFIG_SSB_DRIVER_PCICORE=y
+
+#
+# Multifunction device drivers
+#
+CONFIG_MFD_CORE=m
+CONFIG_MFD_SM501=m
+# CONFIG_MFD_SM501_GPIO is not set
+CONFIG_HTC_PASIC3=m
+CONFIG_UCB1400_CORE=m
+CONFIG_TPS65010=m
+# CONFIG_MFD_TMIO is not set
+CONFIG_MFD_WM8400=m
+CONFIG_MFD_WM8350=m
+CONFIG_MFD_WM8350_I2C=m
+CONFIG_MFD_PCF50633=m
+CONFIG_PCF50633_ADC=m
+CONFIG_PCF50633_GPIO=m
+CONFIG_REGULATOR=y
+# CONFIG_REGULATOR_DEBUG is not set
+# CONFIG_REGULATOR_FIXED_VOLTAGE is not set
+CONFIG_REGULATOR_VIRTUAL_CONSUMER=m
+CONFIG_REGULATOR_BQ24022=m
+CONFIG_REGULATOR_WM8350=m
+CONFIG_REGULATOR_WM8400=m
+CONFIG_REGULATOR_PCF50633=m
+
+#
+# Multimedia devices
+#
+
+#
+# Multimedia core support
+#
+CONFIG_VIDEO_DEV=m
+CONFIG_VIDEO_V4L2_COMMON=m
+CONFIG_VIDEO_ALLOW_V4L1=y
+CONFIG_VIDEO_V4L1_COMPAT=y
+CONFIG_DVB_CORE=m
+CONFIG_VIDEO_MEDIA=m
+
+#
+# Multimedia drivers
+#
+CONFIG_VIDEO_SAA7146=m
+CONFIG_VIDEO_SAA7146_VV=m
+# CONFIG_MEDIA_ATTACH is not set
+CONFIG_MEDIA_TUNER=m
+# CONFIG_MEDIA_TUNER_CUSTOMIZE is not set
+CONFIG_MEDIA_TUNER_SIMPLE=m
+CONFIG_MEDIA_TUNER_TDA8290=m
+CONFIG_MEDIA_TUNER_TDA827X=m
+CONFIG_MEDIA_TUNER_TDA18271=m
+CONFIG_MEDIA_TUNER_TDA9887=m
+CONFIG_MEDIA_TUNER_TEA5761=m
+CONFIG_MEDIA_TUNER_TEA5767=m
+CONFIG_MEDIA_TUNER_MT20XX=m
+CONFIG_MEDIA_TUNER_MT2060=m
+CONFIG_MEDIA_TUNER_MT2266=m
+CONFIG_MEDIA_TUNER_MT2131=m
+CONFIG_MEDIA_TUNER_QT1010=m
+CONFIG_MEDIA_TUNER_XC2028=m
+CONFIG_MEDIA_TUNER_XC5000=m
+CONFIG_MEDIA_TUNER_MXL5005S=m
+CONFIG_MEDIA_TUNER_MXL5007T=m
+CONFIG_VIDEO_V4L2=m
+CONFIG_VIDEO_V4L1=m
+CONFIG_VIDEOBUF_GEN=m
+CONFIG_VIDEOBUF_DMA_SG=m
+CONFIG_VIDEOBUF_VMALLOC=m
+CONFIG_VIDEOBUF_DVB=m
+CONFIG_VIDEO_BTCX=m
+CONFIG_VIDEO_IR=m
+CONFIG_VIDEO_TVEEPROM=m
+CONFIG_VIDEO_TUNER=m
+CONFIG_VIDEO_CAPTURE_DRIVERS=y
+# CONFIG_VIDEO_ADV_DEBUG is not set
+# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set
+# CONFIG_VIDEO_HELPER_CHIPS_AUTO is not set
+CONFIG_VIDEO_IR_I2C=m
+
+#
+# Encoders/decoders and other helper chips
+#
+
+#
+# Audio decoders
+#
+CONFIG_VIDEO_TVAUDIO=m
+CONFIG_VIDEO_TDA7432=m
+CONFIG_VIDEO_TDA9840=m
+CONFIG_VIDEO_TDA9875=m
+CONFIG_VIDEO_TEA6415C=m
+CONFIG_VIDEO_TEA6420=m
+CONFIG_VIDEO_MSP3400=m
+CONFIG_VIDEO_CS5345=m
+CONFIG_VIDEO_CS53L32A=m
+CONFIG_VIDEO_M52790=m
+CONFIG_VIDEO_TLV320AIC23B=m
+CONFIG_VIDEO_WM8775=m
+CONFIG_VIDEO_WM8739=m
+CONFIG_VIDEO_VP27SMPX=m
+
+#
+# Video decoders
+#
+CONFIG_VIDEO_BT819=m
+CONFIG_VIDEO_BT856=m
+CONFIG_VIDEO_BT866=m
+CONFIG_VIDEO_KS0127=m
+CONFIG_VIDEO_OV7670=m
+CONFIG_VIDEO_TCM825X=m
+CONFIG_VIDEO_SAA7110=m
+CONFIG_VIDEO_SAA7111=m
+CONFIG_VIDEO_SAA7114=m
+CONFIG_VIDEO_SAA711X=m
+CONFIG_VIDEO_SAA717X=m
+CONFIG_VIDEO_SAA7191=m
+CONFIG_VIDEO_TVP514X=m
+CONFIG_VIDEO_TVP5150=m
+CONFIG_VIDEO_VPX3220=m
+
+#
+# Video and audio decoders
+#
+CONFIG_VIDEO_CX25840=m
+
+#
+# MPEG video encoders
+#
+CONFIG_VIDEO_CX2341X=m
+
+#
+# Video encoders
+#
+CONFIG_VIDEO_SAA7127=m
+CONFIG_VIDEO_SAA7185=m
+CONFIG_VIDEO_ADV7170=m
+CONFIG_VIDEO_ADV7175=m
+
+#
+# Video improvement chips
+#
+CONFIG_VIDEO_UPD64031A=m
+CONFIG_VIDEO_UPD64083=m
+CONFIG_VIDEO_VIVI=m
+CONFIG_VIDEO_BT848=m
+CONFIG_VIDEO_BT848_DVB=y
+CONFIG_VIDEO_SAA6588=m
+CONFIG_VIDEO_PMS=m
+CONFIG_VIDEO_BWQCAM=m
+CONFIG_VIDEO_CQCAM=m
+CONFIG_VIDEO_CPIA=m
+CONFIG_VIDEO_CPIA_USB=m
+CONFIG_VIDEO_CPIA2=m
+CONFIG_VIDEO_SAA5246A=m
+CONFIG_VIDEO_SAA5249=m
+CONFIG_VIDEO_STRADIS=m
+CONFIG_VIDEO_ZORAN=m
+CONFIG_VIDEO_ZORAN_DC30=m
+CONFIG_VIDEO_ZORAN_ZR36060=m
+CONFIG_VIDEO_ZORAN_BUZ=m
+CONFIG_VIDEO_ZORAN_DC10=m
+CONFIG_VIDEO_ZORAN_LML33=m
+CONFIG_VIDEO_ZORAN_LML33R10=m
+CONFIG_VIDEO_ZORAN_AVS6EYES=m
+CONFIG_VIDEO_MEYE=m
+CONFIG_VIDEO_SAA7134=m
+CONFIG_VIDEO_SAA7134_ALSA=m
+CONFIG_VIDEO_SAA7134_DVB=m
+CONFIG_VIDEO_MXB=m
+CONFIG_VIDEO_HEXIUM_ORION=m
+CONFIG_VIDEO_HEXIUM_GEMINI=m
+CONFIG_VIDEO_CX88=m
+CONFIG_VIDEO_CX88_ALSA=m
+CONFIG_VIDEO_CX88_BLACKBIRD=m
+CONFIG_VIDEO_CX88_DVB=m
+CONFIG_VIDEO_CX88_MPEG=m
+CONFIG_VIDEO_CX88_VP3054=m
+CONFIG_VIDEO_CX23885=m
+CONFIG_VIDEO_AU0828=m
+CONFIG_VIDEO_IVTV=m
+CONFIG_VIDEO_FB_IVTV=m
+CONFIG_VIDEO_CX18=m
+CONFIG_VIDEO_CAFE_CCIC=m
+CONFIG_SOC_CAMERA=m
+CONFIG_SOC_CAMERA_MT9M001=m
+# CONFIG_MT9M001_PCA9536_SWITCH is not set
+CONFIG_SOC_CAMERA_MT9M111=m
+CONFIG_SOC_CAMERA_MT9T031=m
+CONFIG_SOC_CAMERA_MT9V022=m
+# CONFIG_MT9V022_PCA9536_SWITCH is not set
+CONFIG_SOC_CAMERA_TW9910=m
+CONFIG_SOC_CAMERA_PLATFORM=m
+CONFIG_SOC_CAMERA_OV772X=m
+CONFIG_V4L_USB_DRIVERS=y
+CONFIG_USB_VIDEO_CLASS=m
+CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y
+CONFIG_USB_GSPCA=m
+CONFIG_USB_M5602=m
+CONFIG_USB_STV06XX=m
+CONFIG_USB_GSPCA_CONEX=m
+CONFIG_USB_GSPCA_ETOMS=m
+CONFIG_USB_GSPCA_FINEPIX=m
+CONFIG_USB_GSPCA_MARS=m
+CONFIG_USB_GSPCA_OV519=m
+CONFIG_USB_GSPCA_OV534=m
+CONFIG_USB_GSPCA_PAC207=m
+CONFIG_USB_GSPCA_PAC7311=m
+CONFIG_USB_GSPCA_SONIXB=m
+CONFIG_USB_GSPCA_SONIXJ=m
+CONFIG_USB_GSPCA_SPCA500=m
+CONFIG_USB_GSPCA_SPCA501=m
+CONFIG_USB_GSPCA_SPCA505=m
+CONFIG_USB_GSPCA_SPCA506=m
+CONFIG_USB_GSPCA_SPCA508=m
+CONFIG_USB_GSPCA_SPCA561=m
+CONFIG_USB_GSPCA_STK014=m
+CONFIG_USB_GSPCA_SUNPLUS=m
+CONFIG_USB_GSPCA_T613=m
+CONFIG_USB_GSPCA_TV8532=m
+CONFIG_USB_GSPCA_VC032X=m
+CONFIG_USB_GSPCA_ZC3XX=m
+CONFIG_VIDEO_PVRUSB2=m
+CONFIG_VIDEO_PVRUSB2_SYSFS=y
+CONFIG_VIDEO_PVRUSB2_DVB=y
+# CONFIG_VIDEO_PVRUSB2_DEBUGIFC is not set
+CONFIG_VIDEO_EM28XX=m
+CONFIG_VIDEO_EM28XX_ALSA=m
+CONFIG_VIDEO_EM28XX_DVB=m
+CONFIG_VIDEO_USBVISION=m
+CONFIG_VIDEO_USBVIDEO=m
+CONFIG_USB_VICAM=m
+CONFIG_USB_IBMCAM=m
+CONFIG_USB_KONICAWC=m
+CONFIG_USB_QUICKCAM_MESSENGER=m
+CONFIG_USB_ET61X251=m
+CONFIG_VIDEO_OVCAMCHIP=m
+CONFIG_USB_W9968CF=m
+CONFIG_USB_OV511=m
+CONFIG_USB_SE401=m
+CONFIG_USB_SN9C102=m
+CONFIG_USB_STV680=m
+CONFIG_USB_ZC0301=m
+CONFIG_USB_PWC=m
+# CONFIG_USB_PWC_DEBUG is not set
+CONFIG_USB_ZR364XX=m
+CONFIG_USB_STKWEBCAM=m
+CONFIG_USB_S2255=m
+CONFIG_RADIO_ADAPTERS=y
+CONFIG_RADIO_CADET=m
+CONFIG_RADIO_RTRACK=m
+CONFIG_RADIO_RTRACK2=m
+CONFIG_RADIO_AZTECH=m
+CONFIG_RADIO_GEMTEK=m
+CONFIG_RADIO_GEMTEK_PCI=m
+CONFIG_RADIO_MAXIRADIO=m
+CONFIG_RADIO_MAESTRO=m
+CONFIG_RADIO_SF16FMI=m
+CONFIG_RADIO_SF16FMR2=m
+CONFIG_RADIO_TERRATEC=m
+CONFIG_RADIO_TRUST=m
+CONFIG_RADIO_TYPHOON=m
+CONFIG_RADIO_TYPHOON_PROC_FS=y
+CONFIG_RADIO_ZOLTRIX=m
+CONFIG_USB_DSBR=m
+CONFIG_USB_SI470X=m
+CONFIG_USB_MR800=m
+CONFIG_RADIO_TEA5764=m
+# CONFIG_DVB_DYNAMIC_MINORS is not set
+CONFIG_DVB_CAPTURE_DRIVERS=y
+
+#
+# Supported SAA7146 based PCI Adapters
+#
+CONFIG_TTPCI_EEPROM=m
+CONFIG_DVB_AV7110=m
+CONFIG_DVB_AV7110_OSD=y
+CONFIG_DVB_BUDGET_CORE=m
+CONFIG_DVB_BUDGET=m
+CONFIG_DVB_BUDGET_CI=m
+CONFIG_DVB_BUDGET_AV=m
+CONFIG_DVB_BUDGET_PATCH=m
+
+#
+# Supported USB Adapters
+#
+CONFIG_DVB_USB=m
+# CONFIG_DVB_USB_DEBUG is not set
+CONFIG_DVB_USB_A800=m
+CONFIG_DVB_USB_DIBUSB_MB=m
+# CONFIG_DVB_USB_DIBUSB_MB_FAULTY is not set
+CONFIG_DVB_USB_DIBUSB_MC=m
+CONFIG_DVB_USB_DIB0700=m
+CONFIG_DVB_USB_UMT_010=m
+CONFIG_DVB_USB_CXUSB=m
+CONFIG_DVB_USB_M920X=m
+CONFIG_DVB_USB_GL861=m
+CONFIG_DVB_USB_AU6610=m
+CONFIG_DVB_USB_DIGITV=m
+CONFIG_DVB_USB_VP7045=m
+CONFIG_DVB_USB_VP702X=m
+CONFIG_DVB_USB_GP8PSK=m
+CONFIG_DVB_USB_NOVA_T_USB2=m
+CONFIG_DVB_USB_TTUSB2=m
+CONFIG_DVB_USB_DTT200U=m
+CONFIG_DVB_USB_OPERA1=m
+CONFIG_DVB_USB_AF9005=m
+CONFIG_DVB_USB_AF9005_REMOTE=m
+CONFIG_DVB_USB_DW2102=m
+CONFIG_DVB_USB_CINERGY_T2=m
+CONFIG_DVB_USB_ANYSEE=m
+CONFIG_DVB_USB_DTV5100=m
+CONFIG_DVB_USB_AF9015=m
+CONFIG_DVB_TTUSB_BUDGET=m
+CONFIG_DVB_TTUSB_DEC=m
+CONFIG_DVB_SIANO_SMS1XXX=m
+CONFIG_DVB_SIANO_SMS1XXX_SMS_IDS=y
+
+#
+# Supported FlexCopII (B2C2) Adapters
+#
+CONFIG_DVB_B2C2_FLEXCOP=m
+CONFIG_DVB_B2C2_FLEXCOP_PCI=m
+CONFIG_DVB_B2C2_FLEXCOP_USB=m
+# CONFIG_DVB_B2C2_FLEXCOP_DEBUG is not set
+
+#
+# Supported BT878 Adapters
+#
+CONFIG_DVB_BT8XX=m
+
+#
+# Supported Pluto2 Adapters
+#
+CONFIG_DVB_PLUTO2=m
+
+#
+# Supported SDMC DM1105 Adapters
+#
+CONFIG_DVB_DM1105=m
+
+#
+# Supported FireWire (IEEE 1394) Adapters
+#
+CONFIG_DVB_FIREDTV=m
+CONFIG_DVB_FIREDTV_IEEE1394=y
+CONFIG_DVB_FIREDTV_INPUT=y
+
+#
+# Supported DVB Frontends
+#
+
+#
+# Customise DVB Frontends
+#
+# CONFIG_DVB_FE_CUSTOMISE is not set
+
+#
+# Multistandard (satellite) frontends
+#
+CONFIG_DVB_STB0899=m
+CONFIG_DVB_STB6100=m
+
+#
+# DVB-S (satellite) frontends
+#
+CONFIG_DVB_CX24110=m
+CONFIG_DVB_CX24123=m
+CONFIG_DVB_MT312=m
+CONFIG_DVB_S5H1420=m
+CONFIG_DVB_STV0288=m
+CONFIG_DVB_STB6000=m
+CONFIG_DVB_STV0299=m
+CONFIG_DVB_TDA8083=m
+CONFIG_DVB_TDA10086=m
+CONFIG_DVB_TDA8261=m
+CONFIG_DVB_VES1X93=m
+CONFIG_DVB_TUNER_ITD1000=m
+CONFIG_DVB_TUNER_CX24113=m
+CONFIG_DVB_TDA826X=m
+CONFIG_DVB_TUA6100=m
+CONFIG_DVB_CX24116=m
+CONFIG_DVB_SI21XX=m
+
+#
+# DVB-T (terrestrial) frontends
+#
+CONFIG_DVB_SP8870=m
+CONFIG_DVB_SP887X=m
+CONFIG_DVB_CX22700=m
+CONFIG_DVB_CX22702=m
+CONFIG_DVB_DRX397XD=m
+CONFIG_DVB_L64781=m
+CONFIG_DVB_TDA1004X=m
+CONFIG_DVB_NXT6000=m
+CONFIG_DVB_MT352=m
+CONFIG_DVB_ZL10353=m
+CONFIG_DVB_DIB3000MB=m
+CONFIG_DVB_DIB3000MC=m
+CONFIG_DVB_DIB7000M=m
+CONFIG_DVB_DIB7000P=m
+CONFIG_DVB_TDA10048=m
+
+#
+# DVB-C (cable) frontends
+#
+CONFIG_DVB_VES1820=m
+CONFIG_DVB_TDA10021=m
+CONFIG_DVB_TDA10023=m
+CONFIG_DVB_STV0297=m
+
+#
+# ATSC (North American/Korean Terrestrial/Cable DTV) frontends
+#
+CONFIG_DVB_NXT200X=m
+CONFIG_DVB_OR51211=m
+CONFIG_DVB_OR51132=m
+CONFIG_DVB_BCM3510=m
+CONFIG_DVB_LGDT330X=m
+CONFIG_DVB_LGDT3304=m
+CONFIG_DVB_S5H1409=m
+CONFIG_DVB_AU8522=m
+CONFIG_DVB_S5H1411=m
+
+#
+# ISDB-T (terrestrial) frontends
+#
+CONFIG_DVB_S921=m
+
+#
+# Digital terrestrial only tuners/PLL
+#
+CONFIG_DVB_PLL=m
+CONFIG_DVB_TUNER_DIB0070=m
+
+#
+# SEC control devices for DVB-S
+#
+CONFIG_DVB_LNBP21=m
+CONFIG_DVB_ISL6405=m
+CONFIG_DVB_ISL6421=m
+CONFIG_DVB_LGS8GL5=m
+
+#
+# Tools to develop new frontends
+#
+CONFIG_DVB_DUMMY_FE=m
+CONFIG_DVB_AF9013=m
+CONFIG_DAB=y
+CONFIG_USB_DABUSB=m
+
+#
+# Graphics support
+#
+CONFIG_AGP=m
+CONFIG_AGP_ALI=m
+CONFIG_AGP_ATI=m
+CONFIG_AGP_AMD=m
+CONFIG_AGP_AMD64=m
+CONFIG_AGP_INTEL=m
+CONFIG_AGP_NVIDIA=m
+CONFIG_AGP_SIS=m
+CONFIG_AGP_SWORKS=m
+CONFIG_AGP_VIA=m
+CONFIG_AGP_EFFICEON=m
+CONFIG_DRM=m
+CONFIG_DRM_TDFX=m
+CONFIG_DRM_R128=m
+CONFIG_DRM_RADEON=m
+CONFIG_DRM_I810=m
+CONFIG_DRM_I830=m
+CONFIG_DRM_I915=m
+# CONFIG_DRM_I915_KMS is not set
+CONFIG_DRM_MGA=m
+CONFIG_DRM_SIS=m
+CONFIG_DRM_VIA=m
+CONFIG_DRM_SAVAGE=m
+CONFIG_VGASTATE=m
+CONFIG_VIDEO_OUTPUT_CONTROL=m
+CONFIG_FB=m
+# CONFIG_FIRMWARE_EDID is not set
+CONFIG_FB_DDC=m
+CONFIG_FB_BOOT_VESA_SUPPORT=y
+CONFIG_FB_CFB_FILLRECT=m
+CONFIG_FB_CFB_COPYAREA=m
+CONFIG_FB_CFB_IMAGEBLIT=m
+# CONFIG_FB_CFB_REV_PIXELS_IN_BYTE is not set
+CONFIG_FB_SYS_FILLRECT=m
+CONFIG_FB_SYS_COPYAREA=m
+CONFIG_FB_SYS_IMAGEBLIT=m
+# CONFIG_FB_FOREIGN_ENDIAN is not set
+CONFIG_FB_SYS_FOPS=m
+CONFIG_FB_DEFERRED_IO=y
+CONFIG_FB_HECUBA=m
+CONFIG_FB_SVGALIB=m
+# CONFIG_FB_MACMODES is not set
+CONFIG_FB_BACKLIGHT=y
+CONFIG_FB_MODE_HELPERS=y
+CONFIG_FB_TILEBLITTING=y
+
+#
+# Frame buffer hardware drivers
+#
+CONFIG_FB_CIRRUS=m
+CONFIG_FB_PM2=m
+CONFIG_FB_PM2_FIFO_DISCONNECT=y
+CONFIG_FB_CYBER2000=m
+CONFIG_FB_ARC=m
+CONFIG_FB_VGA16=m
+CONFIG_FB_UVESA=m
+CONFIG_FB_N411=m
+CONFIG_FB_HGA=m
+# CONFIG_FB_HGA_ACCEL is not set
+CONFIG_FB_S1D13XXX=m
+CONFIG_FB_NVIDIA=m
+CONFIG_FB_NVIDIA_I2C=y
+# CONFIG_FB_NVIDIA_DEBUG is not set
+CONFIG_FB_NVIDIA_BACKLIGHT=y
+CONFIG_FB_RIVA=m
+CONFIG_FB_RIVA_I2C=y
+# CONFIG_FB_RIVA_DEBUG is not set
+CONFIG_FB_RIVA_BACKLIGHT=y
+CONFIG_FB_I810=m
+CONFIG_FB_I810_GTF=y
+CONFIG_FB_I810_I2C=y
+CONFIG_FB_LE80578=m
+CONFIG_FB_CARILLO_RANCH=m
+CONFIG_FB_INTEL=m
+# CONFIG_FB_INTEL_DEBUG is not set
+CONFIG_FB_INTEL_I2C=y
+CONFIG_FB_MATROX=m
+CONFIG_FB_MATROX_MILLENIUM=y
+CONFIG_FB_MATROX_MYSTIQUE=y
+CONFIG_FB_MATROX_G=y
+CONFIG_FB_MATROX_I2C=m
+CONFIG_FB_MATROX_MAVEN=m
+CONFIG_FB_MATROX_MULTIHEAD=y
+CONFIG_FB_RADEON=m
+CONFIG_FB_RADEON_I2C=y
+CONFIG_FB_RADEON_BACKLIGHT=y
+# CONFIG_FB_RADEON_DEBUG is not set
+CONFIG_FB_ATY128=m
+CONFIG_FB_ATY128_BACKLIGHT=y
+CONFIG_FB_ATY=m
+CONFIG_FB_ATY_CT=y
+CONFIG_FB_ATY_GENERIC_LCD=y
+CONFIG_FB_ATY_GX=y
+CONFIG_FB_ATY_BACKLIGHT=y
+CONFIG_FB_S3=m
+CONFIG_FB_SAVAGE=m
+CONFIG_FB_SAVAGE_I2C=y
+CONFIG_FB_SAVAGE_ACCEL=y
+CONFIG_FB_SIS=m
+CONFIG_FB_SIS_300=y
+CONFIG_FB_SIS_315=y
+CONFIG_FB_VIA=m
+CONFIG_FB_NEOMAGIC=m
+CONFIG_FB_KYRO=m
+CONFIG_FB_3DFX=m
+CONFIG_FB_3DFX_ACCEL=y
+CONFIG_FB_VOODOO1=m
+CONFIG_FB_VT8623=m
+CONFIG_FB_CYBLA=m
+CONFIG_FB_TRIDENT=m
+CONFIG_FB_TRIDENT_ACCEL=y
+CONFIG_FB_ARK=m
+CONFIG_FB_PM3=m
+CONFIG_FB_CARMINE=m
+CONFIG_FB_CARMINE_DRAM_EVAL=y
+# CONFIG_CARMINE_DRAM_CUSTOM is not set
+CONFIG_FB_GEODE=y
+CONFIG_FB_GEODE_LX=m
+CONFIG_FB_GEODE_GX=m
+CONFIG_FB_GEODE_GX1=m
+CONFIG_FB_TMIO=m
+CONFIG_FB_TMIO_ACCELL=y
+CONFIG_FB_SM501=m
+# CONFIG_FB_VIRTUAL is not set
+CONFIG_FB_METRONOME=m
+CONFIG_FB_MB862XX=m
+# CONFIG_FB_MB862XX_PCI_GDC is not set
+CONFIG_BACKLIGHT_LCD_SUPPORT=y
+CONFIG_LCD_CLASS_DEVICE=m
+CONFIG_LCD_LTV350QV=m
+CONFIG_LCD_ILI9320=m
+CONFIG_LCD_TDO24M=m
+CONFIG_LCD_VGG2432A4=m
+CONFIG_LCD_PLATFORM=m
+CONFIG_BACKLIGHT_CLASS_DEVICE=m
+CONFIG_BACKLIGHT_GENERIC=m
+CONFIG_BACKLIGHT_PROGEAR=m
+CONFIG_BACKLIGHT_CARILLO_RANCH=m
+CONFIG_BACKLIGHT_MBP_NVIDIA=m
+CONFIG_BACKLIGHT_SAHARA=m
+
+#
+# Display device support
+#
+CONFIG_DISPLAY_SUPPORT=m
+
+#
+# Display hardware drivers
+#
+
+#
+# Console display driver support
+#
+CONFIG_VGA_CONSOLE=y
+# CONFIG_VGACON_SOFT_SCROLLBACK is not set
+CONFIG_MDA_CONSOLE=m
+CONFIG_DUMMY_CONSOLE=y
+CONFIG_FRAMEBUFFER_CONSOLE=m
+CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
+CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y
+# CONFIG_FONTS is not set
+CONFIG_FONT_8x8=y
+CONFIG_FONT_8x16=y
+# CONFIG_LOGO is not set
+CONFIG_SOUND=m
+CONFIG_SOUND_OSS_CORE=y
+CONFIG_SND=m
+CONFIG_SND_TIMER=m
+CONFIG_SND_PCM=m
+CONFIG_SND_HWDEP=m
+CONFIG_SND_RAWMIDI=m
+CONFIG_SND_JACK=y
+CONFIG_SND_SEQUENCER=m
+CONFIG_SND_SEQ_DUMMY=m
+CONFIG_SND_OSSEMUL=y
+CONFIG_SND_MIXER_OSS=m
+CONFIG_SND_PCM_OSS=m
+CONFIG_SND_PCM_OSS_PLUGINS=y
+CONFIG_SND_SEQUENCER_OSS=y
+CONFIG_SND_HRTIMER=m
+CONFIG_SND_SEQ_HRTIMER_DEFAULT=y
+CONFIG_SND_DYNAMIC_MINORS=y
+# CONFIG_SND_SUPPORT_OLD_API is not set
+# CONFIG_SND_VERBOSE_PROCFS is not set
+# CONFIG_SND_VERBOSE_PRINTK is not set
+# CONFIG_SND_DEBUG is not set
+CONFIG_SND_VMASTER=y
+CONFIG_SND_MPU401_UART=m
+CONFIG_SND_OPL3_LIB=m
+CONFIG_SND_OPL4_LIB=m
+CONFIG_SND_VX_LIB=m
+CONFIG_SND_AC97_CODEC=m
+CONFIG_SND_DRIVERS=y
+CONFIG_SND_PCSP=m
+CONFIG_SND_DUMMY=m
+CONFIG_SND_VIRMIDI=m
+CONFIG_SND_MTPAV=m
+CONFIG_SND_MTS64=m
+CONFIG_SND_SERIAL_U16550=m
+CONFIG_SND_MPU401=m
+CONFIG_SND_PORTMAN2X4=m
+CONFIG_SND_AC97_POWER_SAVE=y
+CONFIG_SND_AC97_POWER_SAVE_DEFAULT=0
+CONFIG_SND_WSS_LIB=m
+CONFIG_SND_SB_COMMON=m
+CONFIG_SND_SB8_DSP=m
+CONFIG_SND_SB16_DSP=m
+CONFIG_SND_ISA=y
+CONFIG_SND_ADLIB=m
+CONFIG_SND_AD1816A=m
+CONFIG_SND_AD1848=m
+CONFIG_SND_ALS100=m
+CONFIG_SND_AZT2320=m
+CONFIG_SND_CMI8330=m
+CONFIG_SND_CS4231=m
+CONFIG_SND_CS4232=m
+CONFIG_SND_CS4236=m
+CONFIG_SND_DT019X=m
+CONFIG_SND_ES968=m
+CONFIG_SND_ES1688=m
+CONFIG_SND_ES18XX=m
+CONFIG_SND_SC6000=m
+CONFIG_SND_GUSCLASSIC=m
+CONFIG_SND_GUSEXTREME=m
+CONFIG_SND_GUSMAX=m
+CONFIG_SND_INTERWAVE=m
+CONFIG_SND_INTERWAVE_STB=m
+CONFIG_SND_OPL3SA2=m
+CONFIG_SND_OPTI92X_AD1848=m
+CONFIG_SND_OPTI92X_CS4231=m
+CONFIG_SND_OPTI93X=m
+CONFIG_SND_MIRO=m
+CONFIG_SND_SB8=m
+CONFIG_SND_SB16=m
+CONFIG_SND_SBAWE=m
+CONFIG_SND_SB16_CSP=y
+CONFIG_SND_SGALAXY=m
+CONFIG_SND_SSCAPE=m
+CONFIG_SND_WAVEFRONT=m
+CONFIG_SND_WAVEFRONT_FIRMWARE_IN_KERNEL=y
+CONFIG_SND_PCI=y
+CONFIG_SND_AD1889=m
+CONFIG_SND_ALS300=m
+CONFIG_SND_ALS4000=m
+CONFIG_SND_ALI5451=m
+CONFIG_SND_ATIIXP=m
+CONFIG_SND_ATIIXP_MODEM=m
+CONFIG_SND_AU8810=m
+CONFIG_SND_AU8820=m
+CONFIG_SND_AU8830=m
+CONFIG_SND_AW2=m
+CONFIG_SND_AZT3328=m
+CONFIG_SND_BT87X=m
+# CONFIG_SND_BT87X_OVERCLOCK is not set
+CONFIG_SND_CA0106=m
+CONFIG_SND_CMIPCI=m
+CONFIG_SND_OXYGEN_LIB=m
+CONFIG_SND_OXYGEN=m
+CONFIG_SND_CS4281=m
+CONFIG_SND_CS46XX=m
+CONFIG_SND_CS46XX_NEW_DSP=y
+CONFIG_SND_CS5530=m
+CONFIG_SND_CS5535AUDIO=m
+CONFIG_SND_DARLA20=m
+CONFIG_SND_GINA20=m
+CONFIG_SND_LAYLA20=m
+CONFIG_SND_DARLA24=m
+CONFIG_SND_GINA24=m
+CONFIG_SND_LAYLA24=m
+CONFIG_SND_MONA=m
+CONFIG_SND_MIA=m
+CONFIG_SND_ECHO3G=m
+CONFIG_SND_INDIGO=m
+CONFIG_SND_INDIGOIO=m
+CONFIG_SND_INDIGODJ=m
+CONFIG_SND_EMU10K1=m
+CONFIG_SND_EMU10K1X=m
+CONFIG_SND_ENS1370=m
+CONFIG_SND_ENS1371=m
+CONFIG_SND_ES1938=m
+CONFIG_SND_ES1968=m
+CONFIG_SND_FM801=m
+# CONFIG_SND_FM801_TEA575X_BOOL is not set
+CONFIG_SND_HDA_INTEL=m
+CONFIG_SND_HDA_HWDEP=y
+# CONFIG_SND_HDA_RECONFIG is not set
+CONFIG_SND_HDA_INPUT_BEEP=y
+CONFIG_SND_HDA_CODEC_REALTEK=y
+CONFIG_SND_HDA_CODEC_ANALOG=y
+CONFIG_SND_HDA_CODEC_SIGMATEL=y
+CONFIG_SND_HDA_CODEC_VIA=y
+CONFIG_SND_HDA_CODEC_ATIHDMI=y
+CONFIG_SND_HDA_CODEC_NVHDMI=y
+CONFIG_SND_HDA_CODEC_INTELHDMI=y
+CONFIG_SND_HDA_ELD=y
+CONFIG_SND_HDA_CODEC_CONEXANT=y
+CONFIG_SND_HDA_CODEC_CMEDIA=y
+CONFIG_SND_HDA_CODEC_SI3054=y
+CONFIG_SND_HDA_GENERIC=y
+# CONFIG_SND_HDA_POWER_SAVE is not set
+CONFIG_SND_HDSP=m
+CONFIG_SND_HDSPM=m
+CONFIG_SND_HIFIER=m
+CONFIG_SND_ICE1712=m
+CONFIG_SND_ICE1724=m
+CONFIG_SND_INTEL8X0=m
+CONFIG_SND_INTEL8X0M=m
+CONFIG_SND_KORG1212=m
+CONFIG_SND_MAESTRO3=m
+CONFIG_SND_MIXART=m
+CONFIG_SND_NM256=m
+CONFIG_SND_PCXHR=m
+CONFIG_SND_RIPTIDE=m
+CONFIG_SND_RME32=m
+CONFIG_SND_RME96=m
+CONFIG_SND_RME9652=m
+CONFIG_SND_SIS7019=m
+CONFIG_SND_SONICVIBES=m
+CONFIG_SND_TRIDENT=m
+CONFIG_SND_VIA82XX=m
+CONFIG_SND_VIA82XX_MODEM=m
+CONFIG_SND_VIRTUOSO=m
+CONFIG_SND_VX222=m
+CONFIG_SND_YMFPCI=m
+CONFIG_SND_SPI=y
+CONFIG_SND_USB=y
+CONFIG_SND_USB_AUDIO=m
+CONFIG_SND_USB_USX2Y=m
+CONFIG_SND_USB_CAIAQ=m
+# CONFIG_SND_USB_CAIAQ_INPUT is not set
+CONFIG_SND_USB_US122L=m
+CONFIG_SND_PCMCIA=y
+CONFIG_SND_VXPOCKET=m
+CONFIG_SND_PDAUDIOCF=m
+CONFIG_SND_SOC=m
+CONFIG_SND_SOC_I2C_AND_SPI=m
+CONFIG_SND_SOC_ALL_CODECS=m
+CONFIG_SND_SOC_AD73311=m
+CONFIG_SND_SOC_AK4535=m
+CONFIG_SND_SOC_CS4270=m
+CONFIG_SND_SOC_L3=m
+CONFIG_SND_SOC_PCM3008=m
+CONFIG_SND_SOC_SSM2602=m
+CONFIG_SND_SOC_TLV320AIC23=m
+CONFIG_SND_SOC_TLV320AIC26=m
+CONFIG_SND_SOC_TLV320AIC3X=m
+CONFIG_SND_SOC_UDA134X=m
+CONFIG_SND_SOC_UDA1380=m
+CONFIG_SND_SOC_WM8350=m
+CONFIG_SND_SOC_WM8510=m
+CONFIG_SND_SOC_WM8580=m
+CONFIG_SND_SOC_WM8728=m
+CONFIG_SND_SOC_WM8731=m
+CONFIG_SND_SOC_WM8750=m
+CONFIG_SND_SOC_WM8753=m
+CONFIG_SND_SOC_WM8900=m
+CONFIG_SND_SOC_WM8903=m
+CONFIG_SND_SOC_WM8971=m
+CONFIG_SND_SOC_WM8990=m
+# CONFIG_SOUND_PRIME is not set
+CONFIG_AC97_BUS=m
+CONFIG_HID_SUPPORT=y
+CONFIG_HID=m
+# CONFIG_HID_DEBUG is not set
+CONFIG_HIDRAW=y
+
+#
+# USB Input Devices
+#
+CONFIG_USB_HID=m
+# CONFIG_HID_PID is not set
+# CONFIG_USB_HIDDEV is not set
+
+#
+# USB HID Boot Protocol drivers
+#
+CONFIG_USB_KBD=m
+CONFIG_USB_MOUSE=m
+
+#
+# Special HID drivers
+#
+# CONFIG_HID_COMPAT is not set
+CONFIG_HID_A4TECH=m
+CONFIG_HID_APPLE=m
+CONFIG_HID_BELKIN=m
+CONFIG_HID_CHERRY=m
+CONFIG_HID_CHICONY=m
+CONFIG_HID_CYPRESS=m
+CONFIG_HID_EZKEY=m
+CONFIG_HID_GYRATION=m
+CONFIG_HID_LOGITECH=m
+# CONFIG_LOGITECH_FF is not set
+# CONFIG_LOGIRUMBLEPAD2_FF is not set
+CONFIG_HID_MICROSOFT=m
+CONFIG_HID_MONTEREY=m
+CONFIG_HID_NTRIG=m
+CONFIG_HID_PANTHERLORD=m
+# CONFIG_PANTHERLORD_FF is not set
+CONFIG_HID_PETALYNX=m
+CONFIG_HID_SAMSUNG=m
+CONFIG_HID_SONY=m
+CONFIG_HID_SUNPLUS=m
+CONFIG_GREENASIA_FF=m
+CONFIG_HID_TOPSEED=m
+CONFIG_THRUSTMASTER_FF=m
+CONFIG_ZEROPLUS_FF=m
+CONFIG_USB_SUPPORT=y
+CONFIG_USB_ARCH_HAS_HCD=y
+CONFIG_USB_ARCH_HAS_OHCI=y
+CONFIG_USB_ARCH_HAS_EHCI=y
+CONFIG_USB=m
+# CONFIG_USB_DEBUG is not set
+CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
+
+#
+# Miscellaneous USB options
+#
+CONFIG_USB_DEVICEFS=y
+CONFIG_USB_DEVICE_CLASS=y
+# CONFIG_USB_DYNAMIC_MINORS is not set
+# CONFIG_USB_SUSPEND is not set
+# CONFIG_USB_OTG is not set
+# CONFIG_USB_OTG_WHITELIST is not set
+# CONFIG_USB_OTG_BLACKLIST_HUB is not set
+CONFIG_USB_MON=m
+CONFIG_USB_WUSB=m
+CONFIG_USB_WUSB_CBAF=m
+# CONFIG_USB_WUSB_CBAF_DEBUG is not set
+
+#
+# USB Host Controller Drivers
+#
+CONFIG_USB_C67X00_HCD=m
+CONFIG_USB_EHCI_HCD=m
+# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
+# CONFIG_USB_EHCI_TT_NEWSCHED is not set
+CONFIG_USB_OXU210HP_HCD=m
+CONFIG_USB_ISP116X_HCD=m
+CONFIG_USB_ISP1760_HCD=m
+CONFIG_USB_OHCI_HCD=m
+CONFIG_USB_OHCI_HCD_SSB=y
+# CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set
+# CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set
+CONFIG_USB_OHCI_LITTLE_ENDIAN=y
+CONFIG_USB_UHCI_HCD=m
+CONFIG_USB_U132_HCD=m
+CONFIG_USB_SL811_HCD=m
+CONFIG_USB_SL811_CS=m
+CONFIG_USB_R8A66597_HCD=m
+CONFIG_USB_WHCI_HCD=m
+CONFIG_USB_HWA_HCD=m
+
+#
+# Enable Host or Gadget support to see Inventra options
+#
+
+#
+# USB Device Class drivers
+#
+CONFIG_USB_ACM=m
+CONFIG_USB_PRINTER=m
+CONFIG_USB_WDM=m
+CONFIG_USB_TMC=m
+
+#
+# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may also be needed;
+#
+
+#
+# see USB_STORAGE Help for more information
+#
+CONFIG_USB_STORAGE=m
+# CONFIG_USB_STORAGE_DEBUG is not set
+CONFIG_USB_STORAGE_DATAFAB=y
+CONFIG_USB_STORAGE_FREECOM=y
+CONFIG_USB_STORAGE_ISD200=y
+CONFIG_USB_STORAGE_USBAT=y
+CONFIG_USB_STORAGE_SDDR09=y
+CONFIG_USB_STORAGE_SDDR55=y
+CONFIG_USB_STORAGE_JUMPSHOT=y
+CONFIG_USB_STORAGE_ALAUDA=y
+CONFIG_USB_STORAGE_ONETOUCH=y
+CONFIG_USB_STORAGE_KARMA=y
+CONFIG_USB_STORAGE_CYPRESS_ATACB=y
+CONFIG_USB_LIBUSUAL=y
+
+#
+# USB Imaging devices
+#
+CONFIG_USB_MDC800=m
+CONFIG_USB_MICROTEK=m
+
+#
+# USB port drivers
+#
+CONFIG_USB_USS720=m
+CONFIG_USB_SERIAL=m
+CONFIG_USB_EZUSB=y
+CONFIG_USB_SERIAL_GENERIC=y
+CONFIG_USB_SERIAL_AIRCABLE=m
+CONFIG_USB_SERIAL_ARK3116=m
+CONFIG_USB_SERIAL_BELKIN=m
+CONFIG_USB_SERIAL_CH341=m
+CONFIG_USB_SERIAL_WHITEHEAT=m
+CONFIG_USB_SERIAL_DIGI_ACCELEPORT=m
+CONFIG_USB_SERIAL_CP2101=m
+CONFIG_USB_SERIAL_CYPRESS_M8=m
+CONFIG_USB_SERIAL_EMPEG=m
+CONFIG_USB_SERIAL_FTDI_SIO=m
+CONFIG_USB_SERIAL_FUNSOFT=m
+CONFIG_USB_SERIAL_VISOR=m
+CONFIG_USB_SERIAL_IPAQ=m
+CONFIG_USB_SERIAL_IR=m
+CONFIG_USB_SERIAL_EDGEPORT=m
+CONFIG_USB_SERIAL_EDGEPORT_TI=m
+CONFIG_USB_SERIAL_GARMIN=m
+CONFIG_USB_SERIAL_IPW=m
+CONFIG_USB_SERIAL_IUU=m
+CONFIG_USB_SERIAL_KEYSPAN_PDA=m
+CONFIG_USB_SERIAL_KEYSPAN=m
+CONFIG_USB_SERIAL_KLSI=m
+CONFIG_USB_SERIAL_KOBIL_SCT=m
+CONFIG_USB_SERIAL_MCT_U232=m
+CONFIG_USB_SERIAL_MOS7720=m
+CONFIG_USB_SERIAL_MOS7840=m
+CONFIG_USB_SERIAL_MOTOROLA=m
+CONFIG_USB_SERIAL_NAVMAN=m
+CONFIG_USB_SERIAL_PL2303=m
+CONFIG_USB_SERIAL_OTI6858=m
+CONFIG_USB_SERIAL_SPCP8X5=m
+CONFIG_USB_SERIAL_HP4X=m
+CONFIG_USB_SERIAL_SAFE=m
+CONFIG_USB_SERIAL_SAFE_PADDED=y
+CONFIG_USB_SERIAL_SIEMENS_MPI=m
+CONFIG_USB_SERIAL_SIERRAWIRELESS=m
+CONFIG_USB_SERIAL_TI=m
+CONFIG_USB_SERIAL_CYBERJACK=m
+CONFIG_USB_SERIAL_XIRCOM=m
+CONFIG_USB_SERIAL_OPTION=m
+CONFIG_USB_SERIAL_OMNINET=m
+CONFIG_USB_SERIAL_OPTICON=m
+CONFIG_USB_SERIAL_DEBUG=m
+
+#
+# USB Miscellaneous drivers
+#
+CONFIG_USB_EMI62=m
+CONFIG_USB_EMI26=m
+CONFIG_USB_ADUTUX=m
+CONFIG_USB_SEVSEG=m
+CONFIG_USB_RIO500=m
+CONFIG_USB_LEGOTOWER=m
+CONFIG_USB_LCD=m
+CONFIG_USB_BERRY_CHARGE=m
+CONFIG_USB_LED=m
+CONFIG_USB_CYPRESS_CY7C63=m
+CONFIG_USB_CYTHERM=m
+CONFIG_USB_PHIDGET=m
+CONFIG_USB_PHIDGETKIT=m
+CONFIG_USB_PHIDGETMOTORCONTROL=m
+CONFIG_USB_PHIDGETSERVO=m
+CONFIG_USB_IDMOUSE=m
+CONFIG_USB_FTDI_ELAN=m
+CONFIG_USB_APPLEDISPLAY=m
+CONFIG_USB_SISUSBVGA=m
+CONFIG_USB_SISUSBVGA_CON=y
+CONFIG_USB_LD=m
+CONFIG_USB_TRANCEVIBRATOR=m
+CONFIG_USB_IOWARRIOR=m
+CONFIG_USB_TEST=m
+CONFIG_USB_ISIGHTFW=m
+CONFIG_USB_VST=m
+CONFIG_USB_ATM=m
+CONFIG_USB_SPEEDTOUCH=m
+CONFIG_USB_CXACRU=m
+CONFIG_USB_UEAGLEATM=m
+CONFIG_USB_XUSBATM=m
+# CONFIG_USB_GADGET is not set
+
+#
+# OTG and related infrastructure
+#
+CONFIG_USB_OTG_UTILS=y
+CONFIG_USB_GPIO_VBUS=m
+CONFIG_UWB=m
+CONFIG_UWB_HWA=m
+CONFIG_UWB_WHCI=m
+CONFIG_UWB_WLP=m
+CONFIG_UWB_I1480U=m
+CONFIG_UWB_I1480U_WLP=m
+CONFIG_MMC=m
+# CONFIG_MMC_DEBUG is not set
+# CONFIG_MMC_UNSAFE_RESUME is not set
+
+#
+# MMC/SD/SDIO Card Drivers
+#
+CONFIG_MMC_BLOCK=m
+CONFIG_MMC_BLOCK_BOUNCE=y
+CONFIG_SDIO_UART=m
+CONFIG_MMC_TEST=m
+
+#
+# MMC/SD/SDIO Host Controller Drivers
+#
+CONFIG_MMC_SDHCI=m
+CONFIG_MMC_SDHCI_PCI=m
+CONFIG_MMC_RICOH_MMC=m
+CONFIG_MMC_WBSD=m
+CONFIG_MMC_TIFM_SD=m
+CONFIG_MMC_SDRICOH_CS=m
+CONFIG_MEMSTICK=m
+# CONFIG_MEMSTICK_DEBUG is not set
+
+#
+# MemoryStick drivers
+#
+# CONFIG_MEMSTICK_UNSAFE_RESUME is not set
+CONFIG_MSPRO_BLOCK=m
+
+#
+# MemoryStick Host Controller Drivers
+#
+CONFIG_MEMSTICK_TIFM_MS=m
+CONFIG_MEMSTICK_JMICRON_38X=m
+CONFIG_NEW_LEDS=y
+CONFIG_LEDS_CLASS=m
+
+#
+# LED drivers
+#
+CONFIG_LEDS_NET48XX=m
+CONFIG_LEDS_WRAP=m
+CONFIG_LEDS_ALIX2=m
+CONFIG_LEDS_PCA9532=m
+CONFIG_LEDS_GPIO=m
+CONFIG_LEDS_CLEVO_MAIL=m
+CONFIG_LEDS_PCA955X=m
+CONFIG_LEDS_WM8350=m
+
+#
+# LED Triggers
+#
+CONFIG_LEDS_TRIGGERS=y
+CONFIG_LEDS_TRIGGER_TIMER=m
+CONFIG_LEDS_TRIGGER_IDE_DISK=y
+CONFIG_LEDS_TRIGGER_HEARTBEAT=m
+CONFIG_LEDS_TRIGGER_BACKLIGHT=m
+CONFIG_LEDS_TRIGGER_DEFAULT_ON=m
+CONFIG_ACCESSIBILITY=y
+# CONFIG_A11Y_BRAILLE_CONSOLE is not set
+CONFIG_INFINIBAND=m
+CONFIG_INFINIBAND_USER_MAD=m
+CONFIG_INFINIBAND_USER_ACCESS=m
+CONFIG_INFINIBAND_USER_MEM=y
+CONFIG_INFINIBAND_ADDR_TRANS=y
+CONFIG_INFINIBAND_MTHCA=m
+# CONFIG_INFINIBAND_MTHCA_DEBUG is not set
+CONFIG_INFINIBAND_AMSO1100=m
+# CONFIG_INFINIBAND_AMSO1100_DEBUG is not set
+CONFIG_INFINIBAND_CXGB3=m
+# CONFIG_INFINIBAND_CXGB3_DEBUG is not set
+CONFIG_MLX4_INFINIBAND=m
+CONFIG_INFINIBAND_NES=m
+# CONFIG_INFINIBAND_NES_DEBUG is not set
+CONFIG_INFINIBAND_IPOIB=m
+# CONFIG_INFINIBAND_IPOIB_CM is not set
+# CONFIG_INFINIBAND_IPOIB_DEBUG is not set
+CONFIG_INFINIBAND_SRP=m
+CONFIG_INFINIBAND_ISER=m
+# CONFIG_EDAC is not set
+CONFIG_RTC_LIB=m
+CONFIG_RTC_CLASS=m
+
+#
+# RTC interfaces
+#
+CONFIG_RTC_INTF_SYSFS=y
+CONFIG_RTC_INTF_PROC=y
+CONFIG_RTC_INTF_DEV=y
+CONFIG_RTC_INTF_DEV_UIE_EMUL=y
+CONFIG_RTC_DRV_TEST=m
+
+#
+# I2C RTC drivers
+#
+CONFIG_RTC_DRV_DS1307=m
+CONFIG_RTC_DRV_DS1374=m
+CONFIG_RTC_DRV_DS1672=m
+CONFIG_RTC_DRV_MAX6900=m
+CONFIG_RTC_DRV_RS5C372=m
+CONFIG_RTC_DRV_ISL1208=m
+CONFIG_RTC_DRV_X1205=m
+CONFIG_RTC_DRV_PCF8563=m
+CONFIG_RTC_DRV_PCF8583=m
+CONFIG_RTC_DRV_M41T80=m
+CONFIG_RTC_DRV_M41T80_WDT=y
+CONFIG_RTC_DRV_S35390A=m
+CONFIG_RTC_DRV_FM3130=m
+CONFIG_RTC_DRV_RX8581=m
+
+#
+# SPI RTC drivers
+#
+CONFIG_RTC_DRV_M41T94=m
+CONFIG_RTC_DRV_DS1305=m
+CONFIG_RTC_DRV_DS1390=m
+CONFIG_RTC_DRV_MAX6902=m
+CONFIG_RTC_DRV_R9701=m
+CONFIG_RTC_DRV_RS5C348=m
+CONFIG_RTC_DRV_DS3234=m
+
+#
+# Platform RTC drivers
+#
+CONFIG_RTC_DRV_CMOS=m
+CONFIG_RTC_DRV_DS1286=m
+CONFIG_RTC_DRV_DS1511=m
+CONFIG_RTC_DRV_DS1553=m
+CONFIG_RTC_DRV_DS1742=m
+CONFIG_RTC_DRV_STK17TA8=m
+CONFIG_RTC_DRV_M48T86=m
+CONFIG_RTC_DRV_M48T35=m
+CONFIG_RTC_DRV_M48T59=m
+CONFIG_RTC_DRV_BQ4802=m
+CONFIG_RTC_DRV_V3020=m
+CONFIG_RTC_DRV_WM8350=m
+CONFIG_RTC_DRV_PCF50633=m
+
+#
+# on-CPU RTC drivers
+#
+# CONFIG_DMADEVICES is not set
+CONFIG_AUXDISPLAY=y
+CONFIG_KS0108=m
+CONFIG_KS0108_PORT=0x378
+CONFIG_KS0108_DELAY=2
+# CONFIG_CFAG12864B is not set
+CONFIG_UIO=m
+CONFIG_UIO_CIF=m
+CONFIG_UIO_PDRV=m
+CONFIG_UIO_PDRV_GENIRQ=m
+CONFIG_UIO_SMX=m
+CONFIG_UIO_SERCOS3=m
+# CONFIG_STAGING is not set
+CONFIG_X86_PLATFORM_DEVICES=y
+CONFIG_ACER_WMI=m
+CONFIG_ASUS_LAPTOP=m
+CONFIG_FUJITSU_LAPTOP=m
+# CONFIG_FUJITSU_LAPTOP_DEBUG is not set
+CONFIG_TC1100_WMI=m
+CONFIG_HP_WMI=m
+CONFIG_MSI_LAPTOP=m
+CONFIG_PANASONIC_LAPTOP=m
+CONFIG_COMPAL_LAPTOP=m
+CONFIG_SONY_LAPTOP=m
+# CONFIG_SONYPI_COMPAT is not set
+CONFIG_THINKPAD_ACPI=m
+# CONFIG_THINKPAD_ACPI_DEBUGFACILITIES is not set
+# CONFIG_THINKPAD_ACPI_DEBUG is not set
+CONFIG_THINKPAD_ACPI_BAY=y
+CONFIG_THINKPAD_ACPI_VIDEO=y
+CONFIG_THINKPAD_ACPI_HOTKEY_POLL=y
+CONFIG_INTEL_MENLOW=m
+CONFIG_EEEPC_LAPTOP=m
+CONFIG_ACPI_WMI=m
+CONFIG_ACPI_ASUS=m
+CONFIG_ACPI_TOSHIBA=m
+
+#
+# Firmware Drivers
+#
+CONFIG_EDD=m
+# CONFIG_EDD_OFF is not set
+CONFIG_FIRMWARE_MEMMAP=y
+CONFIG_DELL_RBU=m
+CONFIG_DCDBAS=m
+CONFIG_DMIID=y
+# CONFIG_ISCSI_IBFT_FIND is not set
+
+#
+# File systems
+#
+CONFIG_EXT2_FS=m
+CONFIG_EXT2_FS_XATTR=y
+CONFIG_EXT2_FS_POSIX_ACL=y
+CONFIG_EXT2_FS_SECURITY=y
+CONFIG_EXT2_FS_XIP=y
+CONFIG_EXT3_FS=m
+CONFIG_EXT3_FS_XATTR=y
+CONFIG_EXT3_FS_POSIX_ACL=y
+CONFIG_EXT3_FS_SECURITY=y
+CONFIG_EXT4_FS=m
+# CONFIG_EXT4DEV_COMPAT is not set
+CONFIG_EXT4_FS_XATTR=y
+CONFIG_EXT4_FS_POSIX_ACL=y
+CONFIG_EXT4_FS_SECURITY=y
+CONFIG_FS_XIP=y
+CONFIG_JBD=m
+CONFIG_JBD2=m
+CONFIG_FS_MBCACHE=m
+CONFIG_REISERFS_FS=m
+# CONFIG_REISERFS_CHECK is not set
+CONFIG_REISERFS_PROC_INFO=y
+CONFIG_REISERFS_FS_XATTR=y
+CONFIG_REISERFS_FS_POSIX_ACL=y
+# CONFIG_REISERFS_FS_SECURITY is not set
+CONFIG_JFS_FS=m
+CONFIG_JFS_POSIX_ACL=y
+CONFIG_JFS_SECURITY=y
+# CONFIG_JFS_DEBUG is not set
+CONFIG_JFS_STATISTICS=y
+CONFIG_FS_POSIX_ACL=y
+CONFIG_FILE_LOCKING=y
+CONFIG_XFS_FS=m
+CONFIG_XFS_QUOTA=y
+CONFIG_XFS_POSIX_ACL=y
+CONFIG_XFS_RT=y
+# CONFIG_XFS_DEBUG is not set
+CONFIG_GFS2_FS=m
+CONFIG_GFS2_FS_LOCKING_DLM=m
+CONFIG_OCFS2_FS=m
+CONFIG_OCFS2_FS_O2CB=m
+CONFIG_OCFS2_FS_USERSPACE_CLUSTER=m
+CONFIG_OCFS2_FS_STATS=y
+CONFIG_OCFS2_DEBUG_MASKLOG=y
+# CONFIG_OCFS2_DEBUG_FS is not set
+CONFIG_OCFS2_FS_POSIX_ACL=y
+CONFIG_BTRFS_FS=m
+CONFIG_BTRFS_FS_POSIX_ACL=y
+# CONFIG_DNOTIFY is not set
+CONFIG_INOTIFY=y
+CONFIG_INOTIFY_USER=y
+CONFIG_QUOTA=y
+CONFIG_QUOTA_NETLINK_INTERFACE=y
+# CONFIG_PRINT_QUOTA_WARNING is not set
+CONFIG_QUOTA_TREE=m
+CONFIG_QFMT_V1=m
+CONFIG_QFMT_V2=m
+CONFIG_QUOTACTL=y
+CONFIG_AUTOFS_FS=m
+CONFIG_AUTOFS4_FS=m
+CONFIG_FUSE_FS=m
+
+#
+# CD-ROM/DVD Filesystems
+#
+CONFIG_ISO9660_FS=m
+CONFIG_JOLIET=y
+CONFIG_ZISOFS=y
+CONFIG_UDF_FS=m
+CONFIG_UDF_NLS=y
+
+#
+# DOS/FAT/NT Filesystems
+#
+CONFIG_FAT_FS=m
+CONFIG_MSDOS_FS=m
+CONFIG_VFAT_FS=m
+CONFIG_FAT_DEFAULT_CODEPAGE=437
+CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1"
+CONFIG_NTFS_FS=m
+# CONFIG_NTFS_DEBUG is not set
+CONFIG_NTFS_RW=y
+
+#
+# Pseudo filesystems
+#
+CONFIG_PROC_FS=y
+CONFIG_PROC_SYSCTL=y
+CONFIG_SYSFS=y
+CONFIG_TMPFS=y
+# CONFIG_TMPFS_POSIX_ACL is not set
+# CONFIG_HUGETLBFS is not set
+# CONFIG_HUGETLB_PAGE is not set
+CONFIG_CONFIGFS_FS=m
+CONFIG_MISC_FILESYSTEMS=y
+CONFIG_ADFS_FS=m
+# CONFIG_ADFS_FS_RW is not set
+CONFIG_AFFS_FS=m
+CONFIG_ECRYPT_FS=m
+CONFIG_HFS_FS=m
+CONFIG_HFSPLUS_FS=m
+CONFIG_BEFS_FS=m
+# CONFIG_BEFS_DEBUG is not set
+CONFIG_BFS_FS=m
+CONFIG_EFS_FS=m
+CONFIG_JFFS2_FS=m
+CONFIG_JFFS2_FS_DEBUG=0
+CONFIG_JFFS2_FS_WRITEBUFFER=y
+# CONFIG_JFFS2_FS_WBUF_VERIFY is not set
+CONFIG_JFFS2_SUMMARY=y
+CONFIG_JFFS2_FS_XATTR=y
+CONFIG_JFFS2_FS_POSIX_ACL=y
+CONFIG_JFFS2_FS_SECURITY=y
+CONFIG_JFFS2_COMPRESSION_OPTIONS=y
+CONFIG_JFFS2_ZLIB=y
+CONFIG_JFFS2_LZO=y
+CONFIG_JFFS2_RTIME=y
+CONFIG_JFFS2_RUBIN=y
+# CONFIG_JFFS2_CMODE_NONE is not set
+CONFIG_JFFS2_CMODE_PRIORITY=y
+# CONFIG_JFFS2_CMODE_SIZE is not set
+# CONFIG_JFFS2_CMODE_FAVOURLZO is not set
+CONFIG_UBIFS_FS=m
+# CONFIG_UBIFS_FS_XATTR is not set
+# CONFIG_UBIFS_FS_ADVANCED_COMPR is not set
+CONFIG_UBIFS_FS_LZO=y
+CONFIG_UBIFS_FS_ZLIB=y
+# CONFIG_UBIFS_FS_DEBUG is not set
+CONFIG_CRAMFS=m
+CONFIG_SQUASHFS=m
+# CONFIG_SQUASHFS_EMBEDDED is not set
+CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3
+CONFIG_VXFS_FS=m
+CONFIG_MINIX_FS=m
+CONFIG_OMFS_FS=m
+CONFIG_HPFS_FS=m
+CONFIG_QNX4FS_FS=m
+CONFIG_ROMFS_FS=m
+CONFIG_SYSV_FS=m
+CONFIG_UFS_FS=m
+# CONFIG_UFS_FS_WRITE is not set
+# CONFIG_UFS_DEBUG is not set
+CONFIG_NETWORK_FILESYSTEMS=y
+CONFIG_NFS_FS=m
+CONFIG_NFS_V3=y
+# CONFIG_NFS_V3_ACL is not set
+CONFIG_NFS_V4=y
+CONFIG_NFSD=m
+CONFIG_NFSD_V3=y
+# CONFIG_NFSD_V3_ACL is not set
+CONFIG_NFSD_V4=y
+CONFIG_LOCKD=m
+CONFIG_LOCKD_V4=y
+CONFIG_EXPORTFS=m
+CONFIG_NFS_COMMON=y
+CONFIG_SUNRPC=m
+CONFIG_SUNRPC_GSS=m
+CONFIG_SUNRPC_XPRT_RDMA=m
+# CONFIG_SUNRPC_REGISTER_V4 is not set
+CONFIG_RPCSEC_GSS_KRB5=m
+CONFIG_RPCSEC_GSS_SPKM3=m
+CONFIG_SMB_FS=m
+# CONFIG_SMB_NLS_DEFAULT is not set
+CONFIG_CIFS=m
+# CONFIG_CIFS_STATS is not set
+# CONFIG_CIFS_WEAK_PW_HASH is not set
+# CONFIG_CIFS_UPCALL is not set
+CONFIG_CIFS_XATTR=y
+CONFIG_CIFS_POSIX=y
+# CONFIG_CIFS_DEBUG2 is not set
+CONFIG_CIFS_EXPERIMENTAL=y
+# CONFIG_CIFS_DFS_UPCALL is not set
+CONFIG_NCP_FS=m
+# CONFIG_NCPFS_PACKET_SIGNING is not set
+# CONFIG_NCPFS_IOCTL_LOCKING is not set
+# CONFIG_NCPFS_STRONG is not set
+# CONFIG_NCPFS_NFS_NS is not set
+# CONFIG_NCPFS_OS2_NS is not set
+# CONFIG_NCPFS_SMALLDOS is not set
+# CONFIG_NCPFS_NLS is not set
+# CONFIG_NCPFS_EXTRAS is not set
+CONFIG_CODA_FS=m
+CONFIG_AFS_FS=m
+# CONFIG_AFS_DEBUG is not set
+CONFIG_9P_FS=m
+
+#
+# Partition Types
+#
+# CONFIG_PARTITION_ADVANCED is not set
+CONFIG_MSDOS_PARTITION=y
+CONFIG_NLS=m
+CONFIG_NLS_DEFAULT="iso8859-1"
+CONFIG_NLS_CODEPAGE_437=m
+CONFIG_NLS_CODEPAGE_737=m
+CONFIG_NLS_CODEPAGE_775=m
+CONFIG_NLS_CODEPAGE_850=m
+CONFIG_NLS_CODEPAGE_852=m
+CONFIG_NLS_CODEPAGE_855=m
+CONFIG_NLS_CODEPAGE_857=m
+CONFIG_NLS_CODEPAGE_860=m
+CONFIG_NLS_CODEPAGE_861=m
+CONFIG_NLS_CODEPAGE_862=m
+CONFIG_NLS_CODEPAGE_863=m
+CONFIG_NLS_CODEPAGE_864=m
+CONFIG_NLS_CODEPAGE_865=m
+CONFIG_NLS_CODEPAGE_866=m
+CONFIG_NLS_CODEPAGE_869=m
+CONFIG_NLS_CODEPAGE_936=m
+CONFIG_NLS_CODEPAGE_950=m
+CONFIG_NLS_CODEPAGE_932=m
+CONFIG_NLS_CODEPAGE_949=m
+CONFIG_NLS_CODEPAGE_874=m
+CONFIG_NLS_ISO8859_8=m
+CONFIG_NLS_CODEPAGE_1250=m
+CONFIG_NLS_CODEPAGE_1251=m
+CONFIG_NLS_ASCII=m
+CONFIG_NLS_ISO8859_1=m
+CONFIG_NLS_ISO8859_2=m
+CONFIG_NLS_ISO8859_3=m
+CONFIG_NLS_ISO8859_4=m
+CONFIG_NLS_ISO8859_5=m
+CONFIG_NLS_ISO8859_6=m
+CONFIG_NLS_ISO8859_7=m
+CONFIG_NLS_ISO8859_9=m
+CONFIG_NLS_ISO8859_13=m
+CONFIG_NLS_ISO8859_14=m
+CONFIG_NLS_ISO8859_15=m
+CONFIG_NLS_KOI8_R=m
+CONFIG_NLS_KOI8_U=m
+CONFIG_NLS_UTF8=m
+CONFIG_DLM=m
+# CONFIG_DLM_DEBUG is not set
+
+#
+# Kernel hacking
+#
+CONFIG_TRACE_IRQFLAGS_SUPPORT=y
+# CONFIG_PRINTK_TIME is not set
+CONFIG_ENABLE_WARN_DEPRECATED=y
+# CONFIG_ENABLE_MUST_CHECK is not set
+CONFIG_FRAME_WARN=1024
+# CONFIG_MAGIC_SYSRQ is not set
+# CONFIG_UNUSED_SYMBOLS is not set
+# CONFIG_DEBUG_FS is not set
+# CONFIG_HEADERS_CHECK is not set
+# CONFIG_DEBUG_KERNEL is not set
+# CONFIG_DEBUG_BUGVERBOSE is not set
+# CONFIG_DEBUG_MEMORY_INIT is not set
+CONFIG_ARCH_WANT_FRAME_POINTERS=y
+CONFIG_FRAME_POINTER=y
+# CONFIG_RCU_CPU_STALL_DETECTOR is not set
+# CONFIG_LATENCYTOP is not set
+CONFIG_SYSCTL_SYSCALL_CHECK=y
+CONFIG_USER_STACKTRACE_SUPPORT=y
+CONFIG_HAVE_FUNCTION_TRACER=y
+CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
+CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y
+CONFIG_HAVE_DYNAMIC_FTRACE=y
+CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
+
+#
+# Tracers
+#
+# CONFIG_SYSPROF_TRACER is not set
+# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set
+# CONFIG_FIREWIRE_OHCI_REMOTE_DMA is not set
+# CONFIG_DYNAMIC_PRINTK_DEBUG is not set
+# CONFIG_SAMPLES is not set
+CONFIG_HAVE_ARCH_KGDB=y
+CONFIG_STRICT_DEVMEM=y
+# CONFIG_X86_VERBOSE_BOOTUP is not set
+# CONFIG_EARLY_PRINTK is not set
+# CONFIG_4KSTACKS is not set
+# CONFIG_DOUBLEFAULT is not set
+CONFIG_HAVE_MMIOTRACE_SUPPORT=y
+CONFIG_IO_DELAY_TYPE_0X80=0
+CONFIG_IO_DELAY_TYPE_0XED=1
+CONFIG_IO_DELAY_TYPE_UDELAY=2
+CONFIG_IO_DELAY_TYPE_NONE=3
+CONFIG_IO_DELAY_0X80=y
+# CONFIG_IO_DELAY_0XED is not set
+# CONFIG_IO_DELAY_UDELAY is not set
+# CONFIG_IO_DELAY_NONE is not set
+CONFIG_DEFAULT_IO_DELAY_TYPE=0
+# CONFIG_OPTIMIZE_INLINING is not set
+
+#
+# Security options
+#
+
+#
+# Grsecurity
+#
+CONFIG_GRKERNSEC=y
+# CONFIG_GRKERNSEC_LOW is not set
+# CONFIG_GRKERNSEC_MEDIUM is not set
+# CONFIG_GRKERNSEC_HIGH is not set
+CONFIG_GRKERNSEC_CUSTOM=y
+
+#
+# Address Space Protection
+#
+CONFIG_GRKERNSEC_KMEM=y
+# CONFIG_GRKERNSEC_IO is not set
+CONFIG_GRKERNSEC_PROC_MEMMAP=y
+# CONFIG_GRKERNSEC_BRUTE is not set
+# CONFIG_GRKERNSEC_MODSTOP is not set
+# CONFIG_GRKERNSEC_HIDESYM is not set
+
+#
+# Role Based Access Control Options
+#
+# CONFIG_GRKERNSEC_NO_RBAC is not set
+CONFIG_GRKERNSEC_ACL_HIDEKERN=y
+CONFIG_GRKERNSEC_ACL_MAXTRIES=3
+CONFIG_GRKERNSEC_ACL_TIMEOUT=30
+
+#
+# Filesystem Protections
+#
+CONFIG_GRKERNSEC_PROC=y
+CONFIG_GRKERNSEC_PROC_USER=y
+CONFIG_GRKERNSEC_PROC_ADD=y
+CONFIG_GRKERNSEC_LINK=y
+CONFIG_GRKERNSEC_FIFO=y
+CONFIG_GRKERNSEC_CHROOT=y
+CONFIG_GRKERNSEC_CHROOT_MOUNT=y
+CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
+CONFIG_GRKERNSEC_CHROOT_PIVOT=y
+CONFIG_GRKERNSEC_CHROOT_CHDIR=y
+CONFIG_GRKERNSEC_CHROOT_CHMOD=y
+CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
+CONFIG_GRKERNSEC_CHROOT_MKNOD=y
+CONFIG_GRKERNSEC_CHROOT_SHMAT=y
+CONFIG_GRKERNSEC_CHROOT_UNIX=y
+CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
+CONFIG_GRKERNSEC_CHROOT_NICE=y
+CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
+CONFIG_GRKERNSEC_CHROOT_CAPS=y
+
+#
+# Kernel Auditing
+#
+# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
+# CONFIG_GRKERNSEC_EXECLOG is not set
+CONFIG_GRKERNSEC_RESLOG=y
+# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
+# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
+# CONFIG_GRKERNSEC_AUDIT_MOUNT is not set
+CONFIG_GRKERNSEC_AUDIT_IPC=y
+CONFIG_GRKERNSEC_SIGNAL=y
+CONFIG_GRKERNSEC_FORKFAIL=y
+CONFIG_GRKERNSEC_TIME=y
+CONFIG_GRKERNSEC_PROC_IPADDR=y
+# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
+
+#
+# Executable Protections
+#
+CONFIG_GRKERNSEC_EXECVE=y
+# CONFIG_GRKERNSEC_DMESG is not set
+# CONFIG_GRKERNSEC_TPE is not set
+
+#
+# Network Protections
+#
+CONFIG_GRKERNSEC_RANDNET=y
+# CONFIG_GRKERNSEC_BLACKHOLE is not set
+# CONFIG_GRKERNSEC_SOCKET is not set
+
+#
+# Sysctl support
+#
+CONFIG_GRKERNSEC_SYSCTL=y
+CONFIG_GRKERNSEC_SYSCTL_ON=y
+
+#
+# Logging Options
+#
+CONFIG_GRKERNSEC_FLOODTIME=10
+CONFIG_GRKERNSEC_FLOODBURST=4
+
+#
+# PaX
+#
+CONFIG_PAX=y
+
+#
+# PaX Control
+#
+CONFIG_PAX_SOFTMODE=y
+CONFIG_PAX_EI_PAX=y
+CONFIG_PAX_PT_PAX_FLAGS=y
+# CONFIG_PAX_NO_ACL_FLAGS is not set
+CONFIG_PAX_HAVE_ACL_FLAGS=y
+# CONFIG_PAX_HOOK_ACL_FLAGS is not set
+
+#
+# Non-executable pages
+#
+CONFIG_PAX_NOEXEC=y
+# CONFIG_PAX_PAGEEXEC is not set
+CONFIG_PAX_SEGMEXEC=y
+# CONFIG_PAX_EMUTRAMP is not set
+CONFIG_PAX_MPROTECT=y
+CONFIG_PAX_NOELFRELOCS=y
+
+#
+# Address Space Layout Randomization
+#
+CONFIG_PAX_ASLR=y
+CONFIG_PAX_RANDUSTACK=y
+CONFIG_PAX_RANDMMAP=y
+
+#
+# Miscellaneous hardening features
+#
+# CONFIG_PAX_MEMORY_SANITIZE is not set
+CONFIG_PAX_MEMORY_UDEREF=y
+CONFIG_PAX_REFCOUNT=y
+# CONFIG_PAX_USERCOPY is not set
+CONFIG_KEYS=y
+# CONFIG_KEYS_DEBUG_PROC_KEYS is not set
+CONFIG_SECURITY=y
+CONFIG_SECURITYFS=y
+# CONFIG_SECURITY_NETWORK is not set
+# CONFIG_SECURITY_PATH is not set
+CONFIG_SECURITY_FILE_CAPABILITIES=y
+CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=0
+CONFIG_XOR_BLOCKS=m
+CONFIG_ASYNC_CORE=m
+CONFIG_ASYNC_MEMCPY=m
+CONFIG_ASYNC_XOR=m
+CONFIG_CRYPTO=y
+
+#
+# Crypto core or helper
+#
+CONFIG_CRYPTO_FIPS=y
+CONFIG_CRYPTO_ALGAPI=y
+CONFIG_CRYPTO_ALGAPI2=y
+CONFIG_CRYPTO_AEAD=m
+CONFIG_CRYPTO_AEAD2=y
+CONFIG_CRYPTO_BLKCIPHER=m
+CONFIG_CRYPTO_BLKCIPHER2=y
+CONFIG_CRYPTO_HASH=y
+CONFIG_CRYPTO_HASH2=y
+CONFIG_CRYPTO_RNG=m
+CONFIG_CRYPTO_RNG2=y
+CONFIG_CRYPTO_MANAGER=m
+CONFIG_CRYPTO_MANAGER2=y
+CONFIG_CRYPTO_GF128MUL=m
+CONFIG_CRYPTO_NULL=m
+CONFIG_CRYPTO_CRYPTD=m
+CONFIG_CRYPTO_AUTHENC=m
+CONFIG_CRYPTO_TEST=m
+
+#
+# Authenticated Encryption with Associated Data
+#
+CONFIG_CRYPTO_CCM=m
+CONFIG_CRYPTO_GCM=m
+CONFIG_CRYPTO_SEQIV=m
+
+#
+# Block modes
+#
+CONFIG_CRYPTO_CBC=m
+CONFIG_CRYPTO_CTR=m
+CONFIG_CRYPTO_CTS=m
+CONFIG_CRYPTO_ECB=m
+CONFIG_CRYPTO_LRW=m
+CONFIG_CRYPTO_PCBC=m
+CONFIG_CRYPTO_XTS=m
+
+#
+# Hash modes
+#
+CONFIG_CRYPTO_HMAC=m
+CONFIG_CRYPTO_XCBC=m
+
+#
+# Digest
+#
+CONFIG_CRYPTO_CRC32C=m
+CONFIG_CRYPTO_CRC32C_INTEL=m
+CONFIG_CRYPTO_MD4=m
+CONFIG_CRYPTO_MD5=y
+CONFIG_CRYPTO_MICHAEL_MIC=m
+CONFIG_CRYPTO_RMD128=m
+CONFIG_CRYPTO_RMD160=m
+CONFIG_CRYPTO_RMD256=m
+CONFIG_CRYPTO_RMD320=m
+CONFIG_CRYPTO_SHA1=m
+CONFIG_CRYPTO_SHA256=y
+CONFIG_CRYPTO_SHA512=m
+CONFIG_CRYPTO_TGR192=m
+CONFIG_CRYPTO_WP512=m
+
+#
+# Ciphers
+#
+CONFIG_CRYPTO_AES=m
+CONFIG_CRYPTO_AES_586=m
+CONFIG_CRYPTO_ANUBIS=m
+CONFIG_CRYPTO_ARC4=m
+CONFIG_CRYPTO_BLOWFISH=m
+CONFIG_CRYPTO_CAMELLIA=m
+CONFIG_CRYPTO_CAST5=m
+CONFIG_CRYPTO_CAST6=m
+CONFIG_CRYPTO_DES=m
+CONFIG_CRYPTO_FCRYPT=m
+CONFIG_CRYPTO_KHAZAD=m
+CONFIG_CRYPTO_SALSA20=m
+CONFIG_CRYPTO_SALSA20_586=m
+CONFIG_CRYPTO_SEED=m
+CONFIG_CRYPTO_SERPENT=m
+CONFIG_CRYPTO_TEA=m
+CONFIG_CRYPTO_TWOFISH=m
+CONFIG_CRYPTO_TWOFISH_COMMON=m
+CONFIG_CRYPTO_TWOFISH_586=m
+
+#
+# Compression
+#
+CONFIG_CRYPTO_DEFLATE=m
+CONFIG_CRYPTO_LZO=m
+
+#
+# Random Number Generation
+#
+CONFIG_CRYPTO_ANSI_CPRNG=m
+CONFIG_CRYPTO_HW=y
+CONFIG_CRYPTO_DEV_PADLOCK=m
+CONFIG_CRYPTO_DEV_PADLOCK_AES=m
+CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
+CONFIG_CRYPTO_DEV_GEODE=m
+CONFIG_CRYPTO_DEV_HIFN_795X=m
+CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y
+CONFIG_HAVE_KVM=y
+CONFIG_HAVE_KVM_IRQCHIP=y
+CONFIG_VIRTUALIZATION=y
+CONFIG_KVM=m
+CONFIG_KVM_INTEL=m
+CONFIG_KVM_AMD=m
+CONFIG_LGUEST=m
+CONFIG_VIRTIO=y
+CONFIG_VIRTIO_RING=y
+CONFIG_VIRTIO_PCI=m
+CONFIG_VIRTIO_BALLOON=m
+
+#
+# Library routines
+#
+CONFIG_BITREVERSE=m
+CONFIG_GENERIC_FIND_FIRST_BIT=y
+CONFIG_GENERIC_FIND_NEXT_BIT=y
+CONFIG_GENERIC_FIND_LAST_BIT=y
+CONFIG_CRC_CCITT=m
+CONFIG_CRC16=m
+CONFIG_CRC_T10DIF=m
+CONFIG_CRC_ITU_T=m
+CONFIG_CRC32=m
+CONFIG_CRC7=m
+CONFIG_LIBCRC32C=m
+CONFIG_ZLIB_INFLATE=m
+CONFIG_ZLIB_DEFLATE=m
+CONFIG_LZO_COMPRESS=m
+CONFIG_LZO_DECOMPRESS=m
+CONFIG_GENERIC_ALLOCATOR=y
+CONFIG_REED_SOLOMON=m
+CONFIG_REED_SOLOMON_DEC16=y
+CONFIG_TEXTSEARCH=y
+CONFIG_TEXTSEARCH_KMP=m
+CONFIG_TEXTSEARCH_BM=m
+CONFIG_TEXTSEARCH_FSM=m
+CONFIG_PLIST=y
+CONFIG_HAS_IOMEM=y
+CONFIG_HAS_IOPORT=y
+CONFIG_HAS_DMA=y
+CONFIG_CHECK_SIGNATURE=y
diff --git a/main/linux-grsec/linux-grsec.post-install b/main/linux-grsec/linux-grsec.post-install
new file mode 100644
index 0000000000..626046f64c
--- /dev/null
+++ b/main/linux-grsec/linux-grsec.post-install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# strip pkgrel from version
+ver=${1%-r[0-9]}
+
+mkinitfs $ver-grsec
+
diff --git a/main/linux-grsec/linux-grsec.post-upgrade b/main/linux-grsec/linux-grsec.post-upgrade
new file mode 120000
index 0000000000..1e3bdc8536
--- /dev/null
+++ b/main/linux-grsec/linux-grsec.post-upgrade
@@ -0,0 +1 @@
+linux-grsec.post-install
\ No newline at end of file
diff --git a/main/linux-grsec/net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch b/main/linux-grsec/net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
new file mode 100644
index 0000000000..97983d79d2
--- /dev/null
+++ b/main/linux-grsec/net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
@@ -0,0 +1,96 @@
+From: Timo Teras <timo.teras@iki.fi>
+Date: Thu, 11 Jun 2009 11:16:28 +0000 (-0700)
+Subject: neigh: fix state transition INCOMPLETE->FAILED via Netlink request
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=5ef12d98a19254ee5dc851bd83e214b43ec1f725;hp=2b85a34e911bf483c27cfdd124aeb1605145dc80
+
+neigh: fix state transition INCOMPLETE->FAILED via Netlink request
+
+The current code errors out the INCOMPLETE neigh entry skb queue only from
+the timer if maximum probes have been attempted and there has been no reply.
+This also causes the transtion to FAILED state.
+
+However, the neigh entry can be also updated via Netlink to inform that the
+address is unavailable.  Currently, neigh_update() just stops the timers and
+leaves the pending skb's unreleased. This results that the clean up code in
+the timer callback is never called, preventing also proper garbage collection.
+
+This fixes neigh_update() to process the pending skb queue immediately if
+INCOMPLETE -> FAILED state transtion occurs due to a Netlink request.
+
+Signed-off-by: Timo Teras <timo.teras@iki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+
+diff --git a/net/core/neighbour.c b/net/core/neighbour.c
+index c54229b..163b4f5 100644
+--- a/net/core/neighbour.c
++++ b/net/core/neighbour.c
+@@ -771,6 +771,28 @@ static __inline__ int neigh_max_probes(struct neighbour *n)
+ 		p->ucast_probes + p->app_probes + p->mcast_probes);
+ }
+ 
++static void neigh_invalidate(struct neighbour *neigh)
++{
++	struct sk_buff *skb;
++
++	NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
++	NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
++	neigh->updated = jiffies;
++
++	/* It is very thin place. report_unreachable is very complicated
++	   routine. Particularly, it can hit the same neighbour entry!
++
++	   So that, we try to be accurate and avoid dead loop. --ANK
++	 */
++	while (neigh->nud_state == NUD_FAILED &&
++	       (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
++		write_unlock(&neigh->lock);
++		neigh->ops->error_report(neigh, skb);
++		write_lock(&neigh->lock);
++	}
++	skb_queue_purge(&neigh->arp_queue);
++}
++
+ /* Called when a timer expires for a neighbour entry. */
+ 
+ static void neigh_timer_handler(unsigned long arg)
+@@ -835,26 +857,9 @@ static void neigh_timer_handler(unsigned long arg)
+ 
+ 	if ((neigh->nud_state & (NUD_INCOMPLETE | NUD_PROBE)) &&
+ 	    atomic_read(&neigh->probes) >= neigh_max_probes(neigh)) {
+-		struct sk_buff *skb;
+-
+ 		neigh->nud_state = NUD_FAILED;
+-		neigh->updated = jiffies;
+ 		notify = 1;
+-		NEIGH_CACHE_STAT_INC(neigh->tbl, res_failed);
+-		NEIGH_PRINTK2("neigh %p is failed.\n", neigh);
+-
+-		/* It is very thin place. report_unreachable is very complicated
+-		   routine. Particularly, it can hit the same neighbour entry!
+-
+-		   So that, we try to be accurate and avoid dead loop. --ANK
+-		 */
+-		while (neigh->nud_state == NUD_FAILED &&
+-		       (skb = __skb_dequeue(&neigh->arp_queue)) != NULL) {
+-			write_unlock(&neigh->lock);
+-			neigh->ops->error_report(neigh, skb);
+-			write_lock(&neigh->lock);
+-		}
+-		skb_queue_purge(&neigh->arp_queue);
++		neigh_invalidate(neigh);
+ 	}
+ 
+ 	if (neigh->nud_state & NUD_IN_TIMER) {
+@@ -1001,6 +1006,11 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
+ 		neigh->nud_state = new;
+ 		err = 0;
+ 		notify = old & NUD_VALID;
++		if ((old & (NUD_INCOMPLETE | NUD_PROBE)) &&
++		    (new & NUD_FAILED)) {
++			neigh_invalidate(neigh);
++			notify = 1;
++		}
+ 		goto out;
+ 	}
+ 
diff --git a/main/linux-headers/APKBUILD b/main/linux-headers/APKBUILD
new file mode 100644
index 0000000000..25bb30b382
--- /dev/null
+++ b/main/linux-headers/APKBUILD
@@ -0,0 +1,37 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=linux-headers
+pkgver=2.6.29.5
+_kernver=2.6.29
+pkgrel=0
+pkgdesc="Linux system headers"
+url="http://kernel.org"
+license='GPL-2'
+makedepends="perl"
+options="!strip !tracedeps"
+source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
+	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
+	linux-nbma-mroute-v4-2.6.29.diff
+	"
+
+build() {
+	cd $srcdir/linux-$_kernver
+	if [ "$_kernver" != "$pkgver" ]; then
+		bunzip2 -c < ../patch-$pkgver.bz2 | patch -p1 || return 1
+	fi
+
+	# opennhrp needs this ABI compat breaker
+	patch -p1 < ../linux-nbma-mroute-v4-2.6.29.diff || return 1
+
+	mkdir -p "$pkgdir/usr"
+	make headers_install INSTALL_HDR_PATH="$pkgdir/usr" 
+
+	find "$pkgdir/usr" \( -name .install -o -name ..install.cmd \) -exec \
+		rm -f {} \;
+
+	# provided by libdrm
+	rm -rf "$pkgdir"/usr/include/drm
+}
+
+md5sums="64921b5ff5cdadbccfcd3820f03be7d8  linux-2.6.29.tar.bz2
+bd23086872a85c9fd00163e9ab78038a  patch-2.6.29.5.bz2
+0b9670600a6af0261f8c994fc585ef82  linux-nbma-mroute-v4-2.6.29.diff"
diff --git a/main/linux-headers/linux-nbma-mroute-v4-2.6.29.diff b/main/linux-headers/linux-nbma-mroute-v4-2.6.29.diff
new file mode 100644
index 0000000000..a79adc2815
--- /dev/null
+++ b/main/linux-headers/linux-nbma-mroute-v4-2.6.29.diff
@@ -0,0 +1,321 @@
+diff --git a/include/linux/mroute.h b/include/linux/mroute.h
+index 8a45569..13500a3 100644
+--- a/include/linux/mroute.h
++++ b/include/linux/mroute.h
+@@ -33,7 +33,7 @@
+ #define SIOCGETSGCNT	(SIOCPROTOPRIVATE+1)
+ #define SIOCGETRPF	(SIOCPROTOPRIVATE+2)
+ 
+-#define MAXVIFS		32	
++#define MAXVIFS		256
+ typedef unsigned long vifbitmap_t;	/* User mode code depends on this lot */
+ typedef unsigned short vifi_t;
+ #define ALL_VIFS	((vifi_t)(-1))
+@@ -41,7 +41,7 @@ typedef unsigned short vifi_t;
+ /*
+  *	Same idea as select
+  */
+- 
++
+ #define VIFM_SET(n,m)	((m)|=(1<<(n)))
+ #define VIFM_CLR(n,m)	((m)&=~(1<<(n)))
+ #define VIFM_ISSET(n,m)	((m)&(1<<(n)))
+@@ -53,7 +53,7 @@ typedef unsigned short vifi_t;
+  *	Passed by mrouted for an MRT_ADD_VIF - again we use the
+  *	mrouted 3.6 structures for compatibility
+  */
+- 
++
+ struct vifctl {
+ 	vifi_t	vifc_vifi;		/* Index of VIF */
+ 	unsigned char vifc_flags;	/* VIFF_ flags */
+@@ -66,11 +66,12 @@ struct vifctl {
+ #define VIFF_TUNNEL	0x1	/* IPIP tunnel */
+ #define VIFF_SRCRT	0x2	/* NI */
+ #define VIFF_REGISTER	0x4	/* register vif	*/
++#define VIFF_NBMA	0x10
+ 
+ /*
+  *	Cache manipulation structures for mrouted and PIMd
+  */
+- 
++
+ struct mfcctl
+ {
+ 	struct in_addr mfcc_origin;		/* Origin of mcast	*/
+@@ -83,10 +84,10 @@ struct mfcctl
+ 	int	     mfcc_expire;
+ };
+ 
+-/* 
++/*
+  *	Group count retrieval for mrouted
+  */
+- 
++
+ struct sioc_sg_req
+ {
+ 	struct in_addr src;
+@@ -113,7 +114,7 @@ struct sioc_vif_req
+  *	This is the format the mroute daemon expects to see IGMP control
+  *	data. Magically happens to be like an IP packet as per the original
+  */
+- 
++
+ struct igmpmsg
+ {
+ 	__u32 unused1,unused2;
+@@ -190,7 +191,7 @@ struct vif_device
+ 
+ #define VIFF_STATIC 0x8000
+ 
+-struct mfc_cache 
++struct mfc_cache
+ {
+ 	struct mfc_cache *next;			/* Next entry on cache line 	*/
+ 	__be32 mfc_mcastgrp;			/* Group the entry belongs to 	*/
+@@ -224,7 +225,7 @@ struct mfc_cache
+ #define MFC_HASH(a,b)	(((((__force u32)(__be32)a)>>24)^(((__force u32)(__be32)b)>>26))&(MFC_LINES-1))
+ #else
+ #define MFC_HASH(a,b)	((((__force u32)(__be32)a)^(((__force u32)(__be32)b)>>2))&(MFC_LINES-1))
+-#endif		
++#endif
+ 
+ #endif
+ 
+diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
+index 1466644..5adea03 100644
+--- a/net/ipv4/ipmr.c
++++ b/net/ipv4/ipmr.c
+@@ -116,6 +116,31 @@ static struct net_protocol pim_protocol;
+ 
+ static struct timer_list ipmr_expire_timer;
+ 
++static __be32 ipmr_get_skb_nbma(struct sk_buff *skb)
++{
++	union {
++		char addr[MAX_ADDR_LEN];
++		__be32 inaddr;
++	} u;
++
++	if (dev_parse_header(skb, u.addr) != 4)
++		return INADDR_ANY;
++
++	return u.inaddr;
++}
++
++static int ip_mr_match_vif_skb(struct vif_device *vif, struct sk_buff *skb)
++{
++	if (vif->dev != skb->dev)
++		return 0;
++
++	if (vif->flags & VIFF_NBMA)
++		return ipmr_get_skb_nbma(skb) == vif->remote;
++
++	return 1;
++}
++
++
+ /* Service routines creating virtual interfaces: DVMRP tunnels and PIMREG */
+ 
+ static void ipmr_del_tunnel(struct net_device *dev, struct vifctl *v)
+@@ -468,6 +493,7 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
+ 			return err;
+ 		}
+ 		break;
++	case VIFF_NBMA:
+ 	case 0:
+ 		dev = ip_dev_find(&init_net, vifc->vifc_lcl_addr.s_addr);
+ 		if (!dev)
+@@ -502,7 +528,7 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
+ 	v->pkt_in = 0;
+ 	v->pkt_out = 0;
+ 	v->link = dev->ifindex;
+-	if (v->flags&(VIFF_TUNNEL|VIFF_REGISTER))
++	if (v->flags&(VIFF_TUNNEL|VIFF_REGISTER|VIFF_NBMA))
+ 		v->link = dev->iflink;
+ 
+ 	/* And finish update writing critical data */
+@@ -1191,12 +1217,15 @@ static inline int ipmr_forward_finish(struct sk_buff *skb)
+ {
+ 	struct ip_options * opt	= &(IPCB(skb)->opt);
+ 
+-	IP_INC_STATS_BH(dev_net(skb->dst->dev), IPSTATS_MIB_OUTFORWDATAGRAMS);
++	IP_INC_STATS_BH(dev_net(skb->dev), IPSTATS_MIB_OUTFORWDATAGRAMS);
+ 
+ 	if (unlikely(opt->optlen))
+ 		ip_forward_options(skb);
+ 
+-	return dst_output(skb);
++	if (skb->dst != NULL)
++		return dst_output(skb);
++	else
++		return dev_queue_xmit(skb);
+ }
+ 
+ /*
+@@ -1208,7 +1237,8 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
+ 	const struct iphdr *iph = ip_hdr(skb);
+ 	struct vif_device *vif = &vif_table[vifi];
+ 	struct net_device *dev;
+-	struct rtable *rt;
++	struct net_device *fromdev = skb->dev;
++	struct rtable *rt = NULL;
+ 	int    encap = 0;
+ 
+ 	if (vif->dev == NULL)
+@@ -1236,6 +1266,19 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
+ 		if (ip_route_output_key(&init_net, &rt, &fl))
+ 			goto out_free;
+ 		encap = sizeof(struct iphdr);
++		dev = rt->u.dst.dev;
++	} else if (vif->flags&VIFF_NBMA) {
++		/* Fixme, we should take tunnel source address from the
++		 * tunnel device binding if it exists */
++		struct flowi fl = { .oif = vif->link,
++				    .nl_u = { .ip4_u =
++					      { .daddr = vif->remote,
++						.tos = RT_TOS(iph->tos) } },
++				    .proto = IPPROTO_GRE };
++		if (ip_route_output_key(&init_net, &rt, &fl))
++			goto out_free;
++		encap = LL_RESERVED_SPACE(rt->u.dst.dev);
++		dev = vif->dev;
+ 	} else {
+ 		struct flowi fl = { .oif = vif->link,
+ 				    .nl_u = { .ip4_u =
+@@ -1244,34 +1287,39 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
+ 				    .proto = IPPROTO_IPIP };
+ 		if (ip_route_output_key(&init_net, &rt, &fl))
+ 			goto out_free;
++		dev = rt->u.dst.dev;
+ 	}
+ 
+-	dev = rt->u.dst.dev;
++	if (!(vif->flags & VIFF_NBMA)) {
++		if (skb->len+encap > dst_mtu(&rt->u.dst) && (ntohs(iph->frag_off) & IP_DF)) {
++			/* Do not fragment multicasts. Alas, IPv4 does not
++			   allow to send ICMP, so that packets will disappear
++			   to blackhole.
++			*/
+ 
+-	if (skb->len+encap > dst_mtu(&rt->u.dst) && (ntohs(iph->frag_off) & IP_DF)) {
+-		/* Do not fragment multicasts. Alas, IPv4 does not
+-		   allow to send ICMP, so that packets will disappear
+-		   to blackhole.
+-		 */
+-
+-		IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
+-		ip_rt_put(rt);
+-		goto out_free;
++			IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_FRAGFAILS);
++			goto out_free_rt;
++		}
+ 	}
+ 
+ 	encap += LL_RESERVED_SPACE(dev) + rt->u.dst.header_len;
+ 
+-	if (skb_cow(skb, encap)) {
+-		ip_rt_put(rt);
+-		goto out_free;
+-	}
++	if (skb_cow(skb, encap))
++		goto out_free_rt;
+ 
+ 	vif->pkt_out++;
+ 	vif->bytes_out += skb->len;
+ 
+ 	dst_release(skb->dst);
+-	skb->dst = &rt->u.dst;
++	if (vif->flags & VIFF_NBMA) {
++		ip_rt_put(rt);
++		skb->dst = NULL;
++		rt = NULL;
++	} else {
++		skb->dst = &rt->u.dst;
++	}
+ 	ip_decrease_ttl(ip_hdr(skb));
++	skb->dev = dev;
+ 
+ 	/* FIXME: forward and output firewalls used to be called here.
+ 	 * What do we do with netfilter? -- RR */
+@@ -1280,6 +1328,10 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
+ 		/* FIXME: extra output firewall step used to be here. --RR */
+ 		vif->dev->stats.tx_packets++;
+ 		vif->dev->stats.tx_bytes += skb->len;
++	} else if (vif->flags & VIFF_NBMA) {
++		if (dev_hard_header(skb, dev, ntohs(skb->protocol),
++				    &vif->remote, NULL, 4) < 0)
++			goto out_free_rt;
+ 	}
+ 
+ 	IPCB(skb)->flags |= IPSKB_FORWARDED;
+@@ -1295,20 +1347,29 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
+ 	 * not mrouter) cannot join to more than one interface - it will
+ 	 * result in receiving multiple packets.
+ 	 */
+-	NF_HOOK(PF_INET, NF_INET_FORWARD, skb, skb->dev, dev,
++	NF_HOOK(PF_INET, NF_INET_FORWARD, skb, fromdev, dev,
+ 		ipmr_forward_finish);
+ 	return;
+ 
++out_free_rt:
++	if (rt != NULL)
++		ip_rt_put(rt);
+ out_free:
+ 	kfree_skb(skb);
+ 	return;
+ }
+ 
+-static int ipmr_find_vif(struct net_device *dev)
++static int ipmr_find_vif(struct net_device *dev, __be32 nbma_origin)
+ {
+ 	int ct;
+ 	for (ct=maxvif-1; ct>=0; ct--) {
+-		if (vif_table[ct].dev == dev)
++		if (vif_table[ct].dev != dev)
++			continue;
++
++		if (vif_table[ct].flags & VIFF_NBMA) {
++			if (vif_table[ct].remote == nbma_origin)
++				break;
++		} else if (nbma_origin == INADDR_ANY)
+ 			break;
+ 	}
+ 	return ct;
+@@ -1328,7 +1389,7 @@ static int ip_mr_forward(struct sk_buff *skb, struct mfc_cache *cache, int local
+ 	/*
+ 	 * Wrong interface: drop packet and (maybe) send PIM assert.
+ 	 */
+-	if (vif_table[vif].dev != skb->dev) {
++	if (!ip_mr_match_vif_skb(&vif_table[vif], skb)) {
+ 		int true_vifi;
+ 
+ 		if (skb->rtable->fl.iif == 0) {
+@@ -1347,7 +1408,7 @@ static int ip_mr_forward(struct sk_buff *skb, struct mfc_cache *cache, int local
+ 		}
+ 
+ 		cache->mfc_un.res.wrong_if++;
+-		true_vifi = ipmr_find_vif(skb->dev);
++		true_vifi = ipmr_find_vif(skb->dev, ipmr_get_skb_nbma(skb));
+ 
+ 		if (true_vifi >= 0 && mroute_do_assert &&
+ 		    /* pimsm uses asserts, when switching from RPT to SPT,
+@@ -1454,7 +1515,7 @@ int ip_mr_input(struct sk_buff *skb)
+ 			skb = skb2;
+ 		}
+ 
+-		vif = ipmr_find_vif(skb->dev);
++		vif = ipmr_find_vif(skb->dev, ipmr_get_skb_nbma(skb));
+ 		if (vif >= 0) {
+ 			int err = ipmr_cache_unresolved(vif, skb);
+ 			read_unlock(&mrt_lock);
+@@ -1634,7 +1695,7 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
+ 		}
+ 
+ 		dev = skb->dev;
+-		if (dev == NULL || (vif = ipmr_find_vif(dev)) < 0) {
++		if (dev == NULL || (vif = ipmr_find_vif(dev, INADDR_ANY)) < 0) {
+ 			read_unlock(&mrt_lock);
+ 			return -ENODEV;
+ 		}
diff --git a/main/lm_sensors/APKBUILD b/main/lm_sensors/APKBUILD
new file mode 100644
index 0000000000..0327dc7751
--- /dev/null
+++ b/main/lm_sensors/APKBUILD
@@ -0,0 +1,63 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lm_sensors
+pkgver=3.1.1
+pkgrel=0
+pkgdesc="Collection of user space tools for general SMBus access and hardware monitoring."
+url="http://www.lm-sensors.org/"
+license="GPL"
+depends="sysfsutils rrdtool"
+makedepends="perl rrdtool-dev bison flex"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-detect"
+#install=sensors.install
+source="http://dl.lm-sensors.org/lm-sensors/releases/$pkgname-$pkgver.tar.bz2
+	lm_sensors-3.1.0-sensors-detect-alpine.patch
+	fancontrol.initd
+	lm_sensors.initd
+	sensord.confd
+	sensord.initd
+	"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	
+	sed -i -e 's:^# \(PROG_EXTRA\):\1:' Makefile
+	# Respect LDFLAGS
+	sed -i -e 's/\$(LIBDIR)$/\$(LIBDIR) \$(LDFLAGS)/g' Makefile
+	sed -i -e 's/\$(LIBSHSONAME) -o/$(LIBSHSONAME) \$(LDFLAGS) -o/g' \
+		lib/Module.mk
+
+	export CFLAGS="$CFLAGS -fno-stack-protector"
+
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+	make PREFIX=/usr user || return 1
+	make user_install \
+		PREFIX=/usr \
+		MANDIR=/usr/share/man \
+		DESTDIR="$pkgdir" || return 1
+
+	cd "$srcdir"
+	install -Dm755 fancontrol.initd "$pkgdir"/etc/init.d/fancontrol
+	install -Dm755 lm_sensors.initd "$pkgdir"/etc/init.d/lm_sensors
+	install -Dm755 sensord.initd "$pkgdir"/etc/init.d/sensord
+	install -Dm755 sensord.confd "$pkgdir"/etc/conf.d/sensord
+}
+
+detect() {
+	depends="perl"
+	pkgdesc="Detection/migration scripts for lm_sensors"
+	mkdir -p "$subpkgdir"/usr/bin "$subpkgdir"/usr/sbin
+	cd "$pkgdir"
+	mv usr/bin/sensors-conf-convert "$subpkgdir"/usr/bin/
+	mv usr/sbin/sensors-detect "$subpkgdir"/usr/bin/
+}
+
+md5sums="613d7cfa23b70c0abae3fabb0a72ff5f  lm_sensors-3.1.1.tar.bz2
+b6e7de1a1768f7a6ea2e00c226331877  lm_sensors-3.1.0-sensors-detect-alpine.patch
+58f4c9193a903711ace7fa0754693bd2  fancontrol.initd
+2c7e97203da2c39bc9fbfc2a4849cfd4  lm_sensors.initd
+82e075236a61334abb3adf46280380d3  sensord.confd
+6f3a880988e7cdbcb20870e3c6d1e554  sensord.initd"
diff --git a/main/lm_sensors/fancontrol.initd b/main/lm_sensors/fancontrol.initd
new file mode 100644
index 0000000000..fb163abc23
--- /dev/null
+++ b/main/lm_sensors/fancontrol.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/fancontrol-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $
+
+CONFIG=/etc/fancontrol
+PID=/var/run/fancontrol.pid
+
+depend() {
+	after lm_sensors
+}
+
+checkconfig() {
+	if [ ! -f ${CONFIG} ]; then
+		eerror "Configuration file ${CONFIG} not found"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting fancontrol"
+	start-stop-daemon --start --quiet --background --pidfile ${PID} \
+		--exec /usr/sbin/fancontrol -- ${CONFIG}
+	eend ${?}
+}
+
+stop() {
+	ebegin "Stopping fancontrol"
+	start-stop-daemon --stop --pidfile ${PID}
+	eend ${?}
+}
diff --git a/main/lm_sensors/lm_sensors-3.1.0-sensors-detect-alpine.patch b/main/lm_sensors/lm_sensors-3.1.0-sensors-detect-alpine.patch
new file mode 100644
index 0000000000..9271c6bac2
--- /dev/null
+++ b/main/lm_sensors/lm_sensors-3.1.0-sensors-detect-alpine.patch
@@ -0,0 +1,39 @@
+diff -ru lm_sensors-3.1.0.orig/prog/detect/sensors-detect lm_sensors-3.1.0/prog/detect/sensors-detect
+--- lm_sensors-3.1.0.orig/prog/detect/sensors-detect	2009-04-14 07:14:22.000000000 +0000
++++ lm_sensors-3.1.0/prog/detect/sensors-detect	2009-04-14 07:44:48.000000000 +0000
+@@ -5282,19 +5282,24 @@
+ 		}
+ 	}
+ 
+-	my $have_sysconfig = -d '/etc/sysconfig';
+-	printf "Do you want to \%s /etc/sysconfig/lm_sensors? (\%s): ",
+-	       (-e '/etc/sysconfig/lm_sensors' ? 'overwrite' : 'generate'),
+-	       ($have_sysconfig ? 'YES/no' : 'yes/NO');
++	my $config = '/etc/conf.d/lm_sensors';
++	my $have_config = -f $config;
++	printf "Do you want to \%s \%s? (\%s): ",
++	       (-e $config ? 'overwrite' : 'generate'),
++	       $config,
++	       ($have_config ? 'YES/no' : 'yes/NO');
+ 	$_ = <STDIN>;
+-	if (($have_sysconfig and not m/^\s*n/i) or m/^\s*y/i) {
+-		unless ($have_sysconfig) {
+-			mkdir('/etc/sysconfig', 0777)
+-				or die "Sorry, can't create /etc/sysconfig ($!)";
+-		}
+-		open(local *SYSCONFIG, ">/etc/sysconfig/lm_sensors")
+-			or die "Sorry, can't create /etc/sysconfig/lm_sensors ($!)";
++	if (($have_config and not m/^\s*n/i) or m/^\s*y/i) {
++		open(local *SYSCONFIG, ">$config")
++			or die "Sorry, can't create $config ($!)";
+ 		print SYSCONFIG "# Generated by sensors-detect on " . scalar localtime() . "\n";
++		print SYSCONFIG
++			"\n".
++			"# Load modules at startup\n".
++			"LOADMODULES=yes\n\n".
++			"# Initialize sensors at startup\n".
++			"INITSENSORS=yes\n\n";
++
+ 		print SYSCONFIG <<'EOT';
+ # This file is sourced by /etc/init.d/lm_sensors and defines the modules to
+ # be loaded/unloaded.
diff --git a/main/lm_sensors/lm_sensors.initd b/main/lm_sensors/lm_sensors.initd
new file mode 100644
index 0000000000..18fb353706
--- /dev/null
+++ b/main/lm_sensors/lm_sensors.initd
@@ -0,0 +1,105 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/lm_sensors-3-init.d,v 1.1 2008/03/17 07:59:28 dberkholz Exp $
+
+checkconfig() {
+	if [ ! -f /etc/conf.d/lm_sensors ]; then
+		eerror "/etc/conf.d/lm_sensors does not exist, try running sensors-detect"
+		return 1
+	fi
+
+	if [ "${LOADMODULES}" = "yes" -a -f /proc/modules ]; then
+		if [ -z "${MODULE_0}" ]; then
+			eerror "MODULE_0 is not set in /etc/conf.d/lm_sensors, try running sensors-detect"
+			return 1
+		fi
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	if [ "${LOADMODULES}" = "yes" -a -f /proc/modules ]; then
+		einfo "Loading lm_sensors modules..."
+
+		mount | grep sysfs >/dev/null 2>&1
+		if [ ${?} = 0 ]; then
+			if ! ( [ -e /sys/i2c ] || [ -e /sys/bus/i2c ] ); then
+				ebegin "  Loading i2c-core"
+				modprobe i2c-core >/dev/null 2>&1
+				if [ ${?} != 0 ]; then
+					eerror "    Could not load i2c-core!"
+					eend 1
+				fi
+				( [ -e /sys/i2c ] || [ -e /sys/bus/i2c ] ) || return 1
+				eend 0
+			fi
+		elif ! [ -e /proc/sys/dev/sensors ]; then
+			ebegin "  Loading i2c-proc"
+			modprobe i2c-proc >/dev/null 2>&1
+			if [ ${?} != 0 ]; then
+				eerror "    Could not load i2c-proc!"
+				eend 1
+			fi
+			[ -e /proc/sys/dev/sensors ] || return 1
+			eend 0
+		fi
+
+		i=0
+		while true; do
+			module=`eval echo '$'MODULE_${i}`
+			module_args=`eval echo '$'MODULE_${i}_ARGS`
+			if [ -z "${module}" ]; then
+				break
+			fi
+			ebegin "  Loading ${module}"
+			modprobe ${module} ${module_args} >/dev/null 2>&1
+			eend $?
+			i=$(($i+1))
+		done
+	fi
+
+	if [ "${INITSENSORS}" = "yes" ]; then
+		if ! [ -f /etc/sensors3.conf ]; then
+			eerror "/etc/sensors3.conf does not exist!"
+			return 1
+		fi
+
+		ebegin "Initializing sensors"
+		/usr/bin/sensors -s >/dev/null 2>&1
+		eend ${?}
+	fi
+}
+
+stop() {
+	checkconfig || return 1
+
+	if [ "${LOADMODULES}" = "yes" -a -f /proc/modules ]; then
+		einfo "Unloading lm_sensors modules..."
+
+		# find the highest possible MODULE_ number
+		i=0
+		while true; do
+			module=`eval echo '$'MODULE_${i}`
+			if [ -z "${module}" ] ; then
+				break
+			fi
+			i=$(($i+1))
+		done
+
+		while [ ${i} -gt 0 ]; do
+			i=$(($i-1))
+			module=`eval echo '$'MODULE_${i}`
+			ebegin "  Unloading ${module}"
+			rmmod ${module} >/dev/null 2>&1
+			eend $?
+		done
+
+		if [ -e /proc/sys/dev/sensors ] ; then
+			ebegin "  Unloading i2c-proc"
+			rmmod i2c-proc >/dev/null 2>&1
+			eend $?
+		fi
+	fi
+}
diff --git a/main/lm_sensors/sensord.confd b/main/lm_sensors/sensord.confd
new file mode 100644
index 0000000000..d82841aebd
--- /dev/null
+++ b/main/lm_sensors/sensord.confd
@@ -0,0 +1,3 @@
+# Extra options to pass to the sensord daemon,
+# see sensord(8) for more information
+SENSORD_OPTIONS=""
diff --git a/main/lm_sensors/sensord.initd b/main/lm_sensors/sensord.initd
new file mode 100644
index 0000000000..cb99dce3f0
--- /dev/null
+++ b/main/lm_sensors/sensord.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/lm_sensors/files/sensord-init.d,v 1.1 2007/05/17 07:31:41 phreak Exp $
+
+CONFIG=/etc/sensors.conf
+
+depend() {
+	need logger
+	use lm_sensors
+}
+
+checkconfig() {
+	if [ ! -f ${CONFIG} ]; then
+		eerror "Configuration file ${CONFIG} not found"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting sensord"
+	start-stop-daemon --start --exec /usr/sbin/sensord \
+		-- --config-file ${CONFIG} ${SENSORD_OPTIONS}
+	eend ${?}
+}
+
+stop() {
+	ebegin "Stopping sensord"
+	start-stop-daemon --stop --pidfile /var/run/sensord.pid
+	eend ${?}
+}
diff --git a/main/lm_sensors/sensors.install b/main/lm_sensors/sensors.install
new file mode 100644
index 0000000000..d593f84144
--- /dev/null
+++ b/main/lm_sensors/sensors.install
@@ -0,0 +1,12 @@
+post_install() {
+	echo ">>> to control the lm_sensors daemon type"
+	echo ">>> \"/etc/rc.d/sensors start|stop|restart\" "
+	echo ">>> --------------------------------------"
+	echo ">>> before you can use the fancontrol daemon"
+	echo ">>> first create a fancontrol config file, use \"pwmconfig\""
+	echo ">>> then type \"/etc/rc.d/fancontrol start|stop|restart\" "
+	echo ">>> --------------------------------------"
+	echo ">>> to decode memory SPD timings modprobe eeprom module"
+	echo ">>> and get this perl script from"
+	echo ">>> \"http://www.lm-sensors.org/browser/lm-sensors/trunk/prog/eeprom/decode-dimms.pl\""
+}
diff --git a/main/logrotate/APKBUILD b/main/logrotate/APKBUILD
new file mode 100644
index 0000000000..6881d4c224
--- /dev/null
+++ b/main/logrotate/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=logrotate
+pkgver=3.7.8
+pkgrel=1
+pkgdesc="Tool to rotate logfiles"
+url="https://fedorahosted.org/logrotate/"
+license="GPL"
+depends=
+makedepends="popt-dev wget"
+subpackages="$pkgname-doc"
+source="https://fedorahosted.org/releases/l/o/logrotate/logrotate-3.7.8.tar.gz
+	logrotate.conf"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make || return 1
+	install -Dm755 logrotate "$pkgdir"/usr/sbin/logrotate
+	install -Dm644 logrotate.8 "$pkgdir"/usr/share/man/man8/logrotate.8
+	install -Dm644 ../logrotate.conf "$pkgdir"/etc/logrotate.conf
+	install -Dm755 examples/logrotate.cron "$pkgdir"/etc/periodic/daily/logrotate
+}
+
+md5sums="b3589bea6d8d5afc8a84134fddaae973  logrotate-3.7.8.tar.gz
+fef6415a79a6fede8cf9b9b6b8410090  logrotate.conf"
diff --git a/main/logrotate/logrotate.conf b/main/logrotate/logrotate.conf
new file mode 100644
index 0000000000..125268ae80
--- /dev/null
+++ b/main/logrotate/logrotate.conf
@@ -0,0 +1,20 @@
+# see "man logrotate" for details
+# rotate log files weekly
+weekly
+
+# keep 4 weeks worth of backlogs
+rotate 4
+
+# create new (empty) log files after rotating old ones
+create
+
+# use date as a suffix of the rotated file
+dateext
+
+# uncomment this if you want your log files compressed
+compress
+
+# apk packages drop log rotation information into this directory
+include /etc/logrotate.d
+
+# system-specific logs may be also be configured here.
diff --git a/main/lpc/APKBUILD b/main/lpc/APKBUILD
new file mode 100644
index 0000000000..af2b8a089d
--- /dev/null
+++ b/main/lpc/APKBUILD
@@ -0,0 +1,18 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lpc
+pkgver=1.0.0
+pkgrel=0
+pkgdesc="Lua Process Call"
+url="http://lua.net-core.org/sputnik.lua?p=Telesto:About"
+license="MIT/X11"
+depends="uclibc lua-dev"
+source="http://lua.net-core.org/dl/telesto/lpc-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make CFLAGS="$CFLAGS" LDFLAGS="$LDFLAGS -shared"
+	# does not respect DESTDIR
+	make install PREFIX="$pkgdir"/usr
+}
+
+md5sums="fce047808fbdfe3f9439557c7afae871  lpc-1.0.0.tar.gz"
diff --git a/main/lua/APKBUILD b/main/lua/APKBUILD
new file mode 100644
index 0000000000..5e41bc03ad
--- /dev/null
+++ b/main/lua/APKBUILD
@@ -0,0 +1,48 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lua
+pkgver=5.1.4
+pkgrel=2
+pkgdesc="A powerful light-weight programming language designed for extending applications."
+url="http://www.lua.org/"
+license="MIT"
+depends=
+makedepends="readline-dev libtool"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://www.$pkgname.org/ftp/$pkgname-$pkgver.tar.gz
+	lua-5.1-make.patch
+	lua-5.1-module_paths.patch
+	"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+
+	# correct lua versioning
+	sed -i -e 's/\(LIB_VERSION = \)6:1:1/\16:4:1/' src/Makefile
+	
+	# we want packages to find our things
+	sed -i -e 's:/usr/local:/usr:' etc/lua.pc
+
+	cd src
+	make CFLAGS=" -DLUA_USE_LINUX $CFLAGS" \
+		RPATH="/usr/lib" \
+		LUA_LIBS="-lreadline" \
+		LIB_LIBS="-lm -ldl" \
+		V=$pkgver \
+		gentoo_all || return 1
+
+	cd "$srcdir/$pkgname-$pkgver"
+	make INSTALL_TOP="$pkgdir"/usr INSTALL_LIB="$pkgdir"/usr/lib \
+		V=$pkgver gentoo_install || return 1
+
+	install -D -m 644 etc/lua.pc "$pkgdir"/usr/lib/pkgconfig/lua.pc
+	install -D -m 644 doc/lua.1 "$pkgdir"/usr/share/man/man1/lua.1
+	install -D -m 644 doc/luac.1 "$pkgdir"/usr/share/man/man1/luac.1
+}
+md5sums="d0870f2de55d59c1c8419f36e8fac150  lua-5.1.4.tar.gz
+0145ff6036eb6bfdab427dc8f0c3f3c0  lua-5.1-make.patch
+e60ef15deefb72a5930c498f1184aced  lua-5.1-module_paths.patch"
diff --git a/main/lua/lua-5.1-make.patch b/main/lua/lua-5.1-make.patch
new file mode 100644
index 0000000000..d051a21cb6
--- /dev/null
+++ b/main/lua/lua-5.1-make.patch
@@ -0,0 +1,64 @@
+--- lua-5.1.1.orig/Makefile	2006-06-02 12:53:38.000000000 +0200
++++ lua-5.1.1/Makefile	2006-11-16 02:16:53.000000000 +0100
+@@ -127,3 +127,22 @@
+ .PHONY: all $(PLATS) clean test install local none dummy echo pecho lecho newer
+ 
+ # (end of Makefile)
++
++# Use libtool for binary installs, etc.
++
++export V
++export LIBTOOL = libtool --quiet --tag=CC
++# See libtool manual about how to set this
++
++gentoo_clean:
++	cd src; $(MAKE) $@
++
++gentoo_test: gentoo_linux
++	test/lua.static test/hello.lua
++
++gentoo_install:
++	mkdir -p $(INSTALL_BIN) $(INSTALL_INC) $(INSTALL_LIB)
++	cd src; $(LIBTOOL) --mode=install $(INSTALL_EXEC) lua luac $(INSTALL_BIN)
++	cd src; $(INSTALL_DATA) $(TO_INC) $(INSTALL_INC)
++	cd src; $(LIBTOOL) --mode=install $(INSTALL_DATA) liblua.la $(INSTALL_LIB)
++	cd src; $(LIBTOOL) --mode=install $(INSTALL_DATA) liblua.a $(INSTALL_LIB)
+--- lua-5.1.1.orig/src/Makefile	2006-03-22 01:41:49.000000000 +0100
++++ lua-5.1.1/src/Makefile	2006-11-16 02:10:27.000000000 +0100
+@@ -176,3 +176,36 @@
+   ltm.h lzio.h lmem.h lopcodes.h lundump.h
+ 
+ # (end of Makefile)
++
++export LIBTOOL = libtool --quiet --tag=CC
++export LIB_VERSION = 6:1:1
++
++# The following rules use libtool for compiling and linking in order to
++# provide shared library support.
++
++LIB_NAME = liblua.la
++LIB_OBJS = $(CORE_O:.o=.lo) $(LIB_O:.o=.lo)
++
++%.lo %.o: %.c
++	$(LIBTOOL) --mode=compile $(CC) -c $(CPPFLAGS) $(CFLAGS) -o $@ $<
++
++$(LIB_NAME): $(LIB_OBJS)
++	$(LIBTOOL) --mode=link $(CC) -version-info $(LIB_VERSION) \
++            -rpath $(RPATH) -o $(LIB_NAME) $(LIB_OBJS) $(LIB_LIBS)
++
++$(LIB_NAME:.la=.a): $(LIB_OBJS)
++	$(LIBTOOL) --mode=link $(CC) -static -o $(LIB_NAME:.la=.a) $(LIB_OBJS)
++
++$(LUA_T): $(LUA_O) $(LIB_NAME)
++	$(LIBTOOL) --mode=link $(CC) -Wl,-E -o $@ $(LUA_O) $(LUA_LIBS) -llua
++
++lua_test: $(LUA_O) $(LIB_NAME)
++	$(LIBTOOL) --mode=link $(CC) -static -Wl,-E -o $@ $(LUA_O) $(LIB_NAME) $(LUA_LIBS)
++
++$(LUAC_T): $(LUAC_O) $(LIB_NAME)
++	$(LIBTOOL) --mode=link $(CC) -static -o $@ $(LUAC_O) $(LIB_NAME)
++
++gentoo_clean:
++	$(LIBTOOL) --mode=clean $(RM) $(ALL_O:.o=.lo) $(LIB_NAME) lua luac
++
++gentoo_all: $(LIB_NAME) $(LIB_NAME:.la=.a) $(LUA_T) lua_test $(LUAC_T)
diff --git a/main/lua/lua-5.1-module_paths.patch b/main/lua/lua-5.1-module_paths.patch
new file mode 100644
index 0000000000..29ac4c3bf4
--- /dev/null
+++ b/main/lua/lua-5.1-module_paths.patch
@@ -0,0 +1,30 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## src_luaconf.h.dpatch by John V. Belmonte <jbelmonte@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Set Lua's default PATH and CPATH.
+
+@DPATCH@
+diff -urNad trunk~/src/luaconf.h trunk/src/luaconf.h
+--- trunk~/src/luaconf.h	2006-02-10 12:44:06.000000000 -0500
++++ trunk/src/luaconf.h	2006-02-17 21:32:55.000000000 -0500
+@@ -83,13 +83,17 @@
+ 
+ #else
+ #define LUA_ROOT	"/usr/local/"
++#define LUA_ROOT2	"/usr/"
+ #define LUA_LDIR	LUA_ROOT "share/lua/5.1/"
++#define LUA_LDIR2	LUA_ROOT2 "share/lua/5.1/"
+ #define LUA_CDIR	LUA_ROOT "lib/lua/5.1/"
++#define LUA_CDIR2	LUA_ROOT2 "lib/lua/5.1/"
+ #define LUA_PATH_DEFAULT  \
+ 		"./?.lua;"  LUA_LDIR"?.lua;"  LUA_LDIR"?/init.lua;" \
+-		            LUA_CDIR"?.lua;"  LUA_CDIR"?/init.lua"
++		            LUA_CDIR"?.lua;"  LUA_CDIR"?/init.lua;" \
++		            LUA_LDIR2"?.lua;"  LUA_LDIR2"?/init.lua"
+ #define LUA_CPATH_DEFAULT \
+-	"./?.so;"  LUA_CDIR"?.so;" LUA_CDIR"loadall.so"
++	"./?.so;" LUA_CDIR"?.so;" LUA_CDIR2"?.so;" LUA_CDIR"loadall.so"
+ #endif
+ 
+ 
diff --git a/main/luaposix/APKBUILD b/main/luaposix/APKBUILD
new file mode 100644
index 0000000000..7b85aeafdf
--- /dev/null
+++ b/main/luaposix/APKBUILD
@@ -0,0 +1,18 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=luaposix
+pkgver=5.1.4
+pkgrel=0
+pkgdesc="POSIX library for Lua"
+url="http://luaforge.net/projects/luaposix/"
+license="MIT"
+depends="uclibc"
+makedepends="lua-dev"
+source="http://luaforge.net/frs/download.php/3572/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make PREFIX=/usr || return 1
+	make PREFIX=/usr DESTDIR="$pkgdir" install
+}
+
+md5sums="073019b1a52bfddb94e2521553b47ef5  luaposix-5.1.4.tar.gz"
diff --git a/main/luasql-postgres/APKBUILD b/main/luasql-postgres/APKBUILD
new file mode 100644
index 0000000000..36756ca657
--- /dev/null
+++ b/main/luasql-postgres/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Mika Havela <mika.havela@gmail.com>
+# Maintainer: Mika Havela <mika.havela@gmail.com>
+pkgname=luasql-postgres
+pkgver=2.1.1
+pkgrel=0
+pkgdesc="LuaSQL is a simple interface from Lua to a DBMS"
+url="http://www.keplerproject.org/luasql/"
+license="MIT"
+depends="lua"
+makedepends="lua-dev postgresql-dev"
+install=
+subpackages=
+source="http://luaforge.net/frs/download.php/2686/luasql-$pkgver.tar.gz
+	config.new
+	"
+
+build() {
+	cd "$srcdir/luasql-$pkgver"
+	cp "$srcdir/config.new" config
+
+	make || return 1
+	mkdir -p "$pkgdir"/usr/lib/lua/5.1/luasql
+	cp src/postgres.so "$pkgdir"/usr/lib/lua/5.1/luasql
+}
+
+md5sums="63bdd57de4b9d1be336ba112d8cb69eb  luasql-2.1.1.tar.gz
+6ee28fa90394da6a7e38cf507d56ba80  config.new"
diff --git a/main/luasql-postgres/config.new b/main/luasql-postgres/config.new
new file mode 100644
index 0000000000..a8650c5511
--- /dev/null
+++ b/main/luasql-postgres/config.new
@@ -0,0 +1,59 @@
+# Driver (leave uncommented ONLY the line with the name of the driver)
+#T= mysql
+#T= oci8
+#T= odbc
+T= postgres
+#T= sqlite
+#T=sqlite3
+
+# Installation directories
+
+# Default prefix
+PREFIX = /usr
+
+# System's libraries directory (where binary libraries are installed)
+LUA_LIBDIR= $(PREFIX)/lib/lua/5.1
+
+# System's lua directory (where Lua libraries are installed)
+LUA_DIR= $(PREFIX)/share/lua/5.1
+
+# Lua includes directory
+LUA_INC= $(PREFIX)/include
+
+# Lua version number (first and second digits of target version)
+LUA_VERSION_NUM= 514
+
+# OS dependent
+LIB_OPTION= -shared #for Linux
+#LIB_OPTION= -bundle -undefined dynamic_lookup #for MacOS X
+
+LIBNAME= $T.so
+COMPAT_DIR= ../compat/src
+
+# Compilation parameters
+# Driver specific
+######## MySQL
+#DRIVER_LIBS= -L/usr/local/mysql/lib -lmysqlclient -lz
+#DRIVER_INCS= -I/usr/local/mysql/include
+######## Oracle OCI8
+#DRIVER_LIBS= -L/home/oracle/OraHome1/lib -lz -lclntsh
+#DRIVER_INCS= -I/home/oracle/OraHome1/rdbms/demo -I/home/oracle/OraHome1/rdbms/public
+######## PostgreSQL
+DRIVER_LIBS= -L/usr/pgsql/lib -lpq
+DRIVER_INCS= -I/usr/pgsql/include
+######## SQLite
+#DRIVER_LIBS= -lsqlite
+#DRIVER_INCS=
+######## SQLite3
+#DRIVER_LIBS= -L/opt/local/lib -lsqlite3
+#DRIVER_INCS= -I/opt/local/include
+######## ODBC
+#DRIVER_LIBS= -L/usr/local/lib -lodbc
+#DRIVER_INCS= -DUNIXODBC -I/usr/local/include
+
+WARN= -Wall -Wmissing-prototypes -Wmissing-declarations -ansi -pedantic
+INCS= -I$(LUA_INC)
+CFLAGS= -O2 $(WARN) -I$(COMPAT_DIR) $(DRIVER_INCS) $(INCS) $(DEFS)
+CC= gcc
+
+# $Id: config,v 1.8 2007/10/27 22:55:27 carregal Exp $
diff --git a/main/lvm2/APKBUILD b/main/lvm2/APKBUILD
new file mode 100644
index 0000000000..d113a383c4
--- /dev/null
+++ b/main/lvm2/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=lvm2
+pkgver=2.02.48
+pkgrel=0
+pkgdesc="Logical Volume Manager 2 utilities"
+url="http://sourceware.org/lvm2/"
+license="GPL"
+depends=
+makedepends="readline-dev"
+source="ftp://sources.redhat.com/pub/$pkgname/LVM2.$pkgver.tgz
+	lvm.initd
+	"
+subpackages="$pkgname-dev $pkgname-doc"
+
+build () {
+	cd "$srcdir"/LVM2.$pkgver
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--libdir=/lib \
+		--sbindir=/sbin \
+		--localstatedir=/var \
+		--disable-nls \
+		CLDFLAGS="$LDFLAGS" \
+		|| return 1
+
+	# TODO: fix parallel builds
+	make -j1 || return 1
+	make -j1 DESTDIR="$pkgdir" install || return 1
+
+	install -d "$pkgdir"/etc/lvm/archive "$pkgdir"/etc/lvm/backup
+	install -Dm755 "$srcdir"/lvm.initd "$pkgdir"/etc/init.d/lvm
+}
+md5sums="0d24c2709f439eeca36261e5cea68330  LVM2.2.02.48.tgz
+e60d88f78eedb9c1252deb5b9b9b978b  lvm.initd"
diff --git a/main/lvm2/lvm.initd b/main/lvm2/lvm.initd
new file mode 100644
index 0000000000..022cbb1e0d
--- /dev/null
+++ b/main/lvm2/lvm.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+
+dm_in_proc() {
+	local rc=0 i=
+	for i in devices misc; do
+		grep -qs 'device-mapper' /proc/$i
+		rc=$(($rc + $?))
+	done
+	return $rc
+}
+
+start() {
+	local rc=0 msg=
+	ebegin "Setting up the Logical Volume Manager"
+	if [ -e  /proc/modules ] && ! dm_in_proc; then
+		modprobe dm-mod 2>/dev/null
+	fi
+	if [ -d /proc/lvm ] || dm_in_proc; then
+		vgscan --mknodes --ignorelockingfailure >/dev/null 2>&1 &&\
+			vgchange --ignorelockingfailure -a y >/dev/null 2>&1
+		rc=$?
+	else
+		rc=1
+	fi
+	eend $rc
+}
+
+stop() {
+	ebegin "Shutting down the Logical Volume Manager"
+	vgchange --ignorelockingfailure -a n >/dev/null 2>&1
+	eend $?
+}
+
diff --git a/main/lzo/APKBUILD b/main/lzo/APKBUILD
new file mode 100644
index 0000000000..a9f2b912e1
--- /dev/null
+++ b/main/lzo/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Michael Mason <ms13sp@gmail.com>
+pkgname=lzo
+pkgver=2.03
+pkgrel=0
+pkgdesc="LZO -- a real-time data compression library"
+url="http://www.oberhumer.com/opensource/lzo"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages="$pkgname-dev"
+source="http://www.oberhumer.com/opensource/lzo/download/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--enable-shared
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="0c3d078c2e8ea5a88971089a2f02a726  lzo-2.03.tar.gz"
diff --git a/main/m4/APKBUILD b/main/m4/APKBUILD
new file mode 100644
index 0000000000..65a998eafb
--- /dev/null
+++ b/main/m4/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=m4
+pkgver=1.4.13
+pkgrel=0
+pkgdesc="GNU macro processor"
+arch=i486
+url="http://www.gnu.org/software/m4"
+source=ftp://ftp.gnu.org/gnu/m4/$pkgname-$pkgver.tar.gz
+depends=uclibc
+license=GPL
+subpackages="m4-doc"
+origin="core/$pkgname"
+
+build() {
+	cd $srcdir/$pkgname-$pkgver
+	./configure --prefix=/usr
+	make
+	make install DESTDIR="$pkgdir"
+}
+
+md5sums="e9e36108b5f9855a82ca4a07ebc0fd2e  m4-1.4.13.tar.gz"
diff --git a/main/make/APKBUILD b/main/make/APKBUILD
new file mode 100644
index 0000000000..5d2141402d
--- /dev/null
+++ b/main/make/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=make
+pkgver=3.81
+pkgrel=1
+pkgdesc="GNU make utility to maintain groups of programs"
+url="http://www.gnu.org/software/make"
+license=GPL
+depends=uclibc
+subpackages="$pkgname-doc"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd $startdir/src/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums='a4e9494ac6dc3f6b0c5ff75c5d52abba  make-3.81.tar.gz'
diff --git a/main/man-pages/APKBUILD b/main/man-pages/APKBUILD
new file mode 100644
index 0000000000..b47b21cbfd
--- /dev/null
+++ b/main/man-pages/APKBUILD
@@ -0,0 +1,28 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=man-pages
+pkgver=3.21
+_posixver=2003-a
+pkgrel=0
+pkgdesc="Linux man pages"
+url="http://www.kernel.org/doc/man-pages/"
+license="GPL"
+depends="man"
+makedepends=""
+options="!strip"
+source="http://www.kernel.org/pub/linux/docs/$pkgname/$pkgname-$pkgver.tar.gz
+	http://www.kernel.org/pub/linux/docs/$pkgname/$pkgname-posix/$pkgname-posix-${_posixver}.tar.bz2"
+
+build ()
+{
+	cd "$srcdir"/$pkgname-$pkgver
+	mkdir -p "$srcdir"/$pkgname-$pkgver/man0
+	for sect in 0 1 3; do
+		sed -i "/^\.so /s/man${sect}p/man$sect/" \
+			"$srcdir"/$pkgname-posix-${_posixver}/man${sect}p/*
+		mv "$srcdir"/$pkgname-posix-${_posixver}/man${sect}p/* \
+			"$srcdir"/$pkgname-$pkgver/man$sect/
+	done
+	make prefix="$pkgdir"/usr install || return 1
+}
+md5sums="05eb6e209375f24cd40c7b106323d1c3  man-pages-3.21.tar.gz
+7c78aff03c0a6767ba483d34f19e4b09  man-pages-posix-2003-a.tar.bz2"
diff --git a/main/man/APKBUILD b/main/man/APKBUILD
new file mode 100644
index 0000000000..c6940dbf3b
--- /dev/null
+++ b/main/man/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=man
+pkgver=1.6f
+pkgrel=1
+pkgdesc="A utility for reading man pages"
+url="http://primates.ximian.com/~flucifredi/man/"
+license="GPL"
+depends="groff"
+subpackages="$pkgname-doc"
+source="http://primates.ximian.com/~flucifredi/$pkgname/$pkgname-$pkgver.tar.gz
+	whatis.periodic.daily
+	$pkgname-troff.patch"
+
+build () {
+	local i
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 -i $i || return 1
+	done
+
+	./configure -confdir=/etc +sgid +fhs +lang none
+	
+	make || return 1
+	make PREFIX="$pkgdir" install || return 1
+
+	sed -i -e "s|-Tlatin1||g" \
+		-e "s|less -is|less|g" \
+		"$pkgdir"/etc/man.conf
+	install -D -m744 ../whatis.periodic.daily \
+		"$pkgdir"/etc/periodic/daily/whatis
+}
+md5sums="67aaaa6df35215e812fd7d89472c44b6  man-1.6f.tar.gz
+9cb02e4491777430a9ad3b503e87ec0d  whatis.periodic.daily
+21541cb3073259f7fb9335675ca41b0e  man-troff.patch"
diff --git a/main/man/man-troff.patch b/main/man/man-troff.patch
new file mode 100644
index 0000000000..e08e9316b2
--- /dev/null
+++ b/main/man/man-troff.patch
@@ -0,0 +1,16 @@
+diff -Naur man-1.5p-orig/src/man.conf.in man-1.5p/src/man.conf.in
+--- man-1.5p-orig/src/man.conf.in	2005-01-08 10:50:45.000000000 -0800
++++ man-1.5p/src/man.conf.in	2005-03-18 13:22:17.000000000 -0800
+@@ -88,9 +88,9 @@
+ # If you have a new troff (version 1.18.1?) and its colored output
+ # causes problems, add the -c option to TROFF, NROFF, JNROFF.
+ #
+-TROFF		@troff@
+-NROFF		@nroff@
+-JNROFF		@jnroff@
++TROFF		@troff@ -c
++NROFF		@nroff@ -c
++JNROFF		@jnroff@ -c
+ EQN		@eqn@
+ NEQN		@neqn@
+ JNEQN		@jneqn@
diff --git a/main/man/whatis.periodic.daily b/main/man/whatis.periodic.daily
new file mode 100755
index 0000000000..00d40dd9af
--- /dev/null
+++ b/main/man/whatis.periodic.daily
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# Make sure MANPATH is complete
+. /etc/profile
+. /etc/profile.d/* 2>/dev/null
+
+# Update the "whatis" database
+/usr/sbin/makewhatis -u -w
+
diff --git a/main/md5/APKBUILD b/main/md5/APKBUILD
new file mode 100644
index 0000000000..93e3747a92
--- /dev/null
+++ b/main/md5/APKBUILD
@@ -0,0 +1,19 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=md5
+pkgver=1.1.2
+pkgrel=0
+pkgdesc="Basic cryptographic facilities for Lua"
+url="http://www.keplerproject.org/md5/"
+license="MIT"
+depends="uclibc lua"
+makedepends="lua-dev"
+source="http://luaforge.net/frs/download.php/3355/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make CFLAGS="$CFLAGS" || return 1
+	make PREFIX="$pkgdir"/usr install
+}
+
+md5sums="68874cff64547f2157d5ecdc3572b544  md5-1.1.2.tar.gz"
diff --git a/main/mdadm/APKBUILD b/main/mdadm/APKBUILD
new file mode 100644
index 0000000000..bc98d6e33e
--- /dev/null
+++ b/main/mdadm/APKBUILD
@@ -0,0 +1,33 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=mdadm
+pkgver=2.6.9
+pkgrel=0
+pkgdesc="a tool for managing Linux Software RAID arrays"
+url="http://neil.brown.name/blog/mdadm"
+license="GPL-2"
+depends="uclibc"
+makedepends="groff"
+subpackages="$pkgname-doc"
+source="http://www.kernel.org/pub/linux/utils/raid/${pkgname}/${pkgname}-${pkgver}.tar.gz
+	${pkgname}.initd
+	${pkgname}.confd
+	mdadm-raid.initd
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make || return 1
+	make DESTDIR=$pkgdir install
+
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -m755 -D "$srcdir"/$pkgname-raid.initd "$pkgdir"/etc/init.d/$pkgname-raid
+	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -m644 -D mdadm.conf-example "$pkgdir"/etc/mdadm.conf
+}
+
+md5sums="beaa0f066288441d9b3ad1ef67fa0237  mdadm-2.6.9.tar.gz
+96b323ba5b778aeb905c119b9547b2a5  mdadm.initd
+16d2b8eb2e17184357db503470fdd8eb  mdadm.confd
+cf60ee08fc4fbed0450c5a2d4efc4214  mdadm-raid.initd"
diff --git a/main/mdadm/mdadm-raid.initd b/main/mdadm/mdadm-raid.initd
new file mode 100644
index 0000000000..ea84088886
--- /dev/null
+++ b/main/mdadm/mdadm-raid.initd
@@ -0,0 +1,19 @@
+#!/sbin/runscript
+
+# script to start raid devices described in /etc/mdadm.conf.
+
+start() {
+	[ -f /proc/mdstat ] || modprobe -k md > /dev/null 2>&1
+	ebegin "Starting RAID devices"
+	mdadm -A -s -q
+	eend $?						
+}
+
+stop() {
+	# you need to make sure no device is mounted.
+	if [ -f /etc/mdadm.conf ] ; then
+		ebegin "Stopping RAID devices"
+		mdadm --stop -q `awk '/^ARRAY/ { print $2 }' /etc/mdadm.conf`
+		eend $?
+	fi
+}
diff --git a/main/mdadm/mdadm.confd b/main/mdadm/mdadm.confd
new file mode 100644
index 0000000000..f1ed9c41d2
--- /dev/null
+++ b/main/mdadm/mdadm.confd
@@ -0,0 +1,5 @@
+# Misc options to pass to mdadm in monitor mode.
+# For more info, run `mdadm --monitor --help` or see
+# the mdadm(8) manpage.
+
+OPTS="--syslog"
diff --git a/main/mdadm/mdadm.initd b/main/mdadm/mdadm.initd
new file mode 100644
index 0000000000..747661e8ee
--- /dev/null
+++ b/main/mdadm/mdadm.initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+
+# Sample init.d file for alpine linux.
+
+NAME=mdadm
+DAEMON=/sbin/$NAME
+
+depend() {
+	use logger dns net
+}
+
+start() {
+	ebegin "Starting ${NAME}"
+		start-stop-daemon --start --quiet --background \
+			--exec ${DAEMON} -- \
+			--monitor --scan \
+			--daemonise ${OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+		start-stop-daemon --stop --quiet \
+			--exec ${DAEMON}
+	eend $?
+}
+
diff --git a/main/mini_httpd/APKBUILD b/main/mini_httpd/APKBUILD
new file mode 100644
index 0000000000..4f7167e709
--- /dev/null
+++ b/main/mini_httpd/APKBUILD
@@ -0,0 +1,42 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mini_httpd
+pkgver=1.19
+pkgrel=1
+pkgdesc="Small forking webserver with ssl and ipv6 support"
+url="http://www.acme.com/software/mini_httpd/"
+license="BSD"
+depends=
+makedepends="openssl-dev"
+subpackages="$pkgname-doc"
+source="http://www.acme.com/software/mini_httpd/$pkgname-$pkgver.tar.gz
+	$pkgname.conf.sample
+	$pkgname.initd
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make CFLAGS="${CFLAGS} -DUSE_SSL" \
+		LDFLAGS="${LDFLAGS}" \
+		SSL_LIBS="-lssl -lcrypto" \
+		|| return 1
+#		SSL_DEFS="-DUSE_SSL" \
+
+	# does not respect DESTDIR
+	make install \
+		BINDIR="$pkgdir"/usr/sbin \
+		MANDIR="$pkgdir"/usr/share/man
+
+	# rename htpasswd to mini_htpasswd
+	mv "$pkgdir"/usr/sbin/htpasswd "$pkgdir"/usr/sbin/mini_htpasswd
+	mv "$pkgdir"/usr/share/man/man1/htpasswd.1 \
+		"$pkgdir"/usr/share/man/man1/mini_htpasswd.1
+
+	mkdir -p "$pkgdir"/var/www/localhost/htdocs
+	install -D -m644 ../mini_httpd.conf.sample \
+		"$pkgdir"/etc/mini_httpd.conf
+	install -D -m755 ../mini_httpd.initd "$pkgdir"/etc/init.d/mini_httpd
+}
+
+md5sums="7c68293ad265ecfe2edea917912f6f1f  mini_httpd-1.19.tar.gz
+ec656aadd4751a3f4f6e8c788a5237f2  mini_httpd.conf.sample
+804e5cba1537bddac195e64b5b50d609  mini_httpd.initd"
diff --git a/main/mini_httpd/mini_httpd.conf.sample b/main/mini_httpd/mini_httpd.conf.sample
new file mode 100644
index 0000000000..397a331ad3
--- /dev/null
+++ b/main/mini_httpd/mini_httpd.conf.sample
@@ -0,0 +1,50 @@
+## /etc/mini_httpd.conf
+##
+## do not leave empty lines in here!
+## format is: key=value
+##
+## run in debug-mode?
+#debug
+##
+## what interface to bind to?
+## (default is binding to any interface)
+#host=www.example.org
+port=80
+#port=443
+user=nobody
+##
+## The DOCROOT
+dir=/var/www/localhost/htdocs
+##
+## CGI:
+##	?	match a single char
+##	*	matches any string excluding "/"
+##	**	matches any string including "/"
+##	separate multiple patterns with "|"
+#cgipat=**.sh|**.cgi
+##
+## chroot:
+chroot
+#nochroot
+##
+logfile=/var/log/mini_httpd.log
+##
+#charset=iso-8859-1
+##
+## control the caching: (in secs)
+#maxage 60
+##
+## useless setting (just modifies the http-header)
+## (see mini_httpd(8) and http://www.w3.org/P3P/ for more info)
+#p3p
+##
+## virtual hosting:
+#vhost
+##
+## cache-control: send this "max-age" in all HTTP-responses:
+#max-age=0
+##
+## ssl:
+#nossl
+#ssl
+#certfile=/etc/mini_httpd/mini_httpd.pem
diff --git a/main/mini_httpd/mini_httpd.initd b/main/mini_httpd/mini_httpd.initd
new file mode 100644
index 0000000000..4460a539ef
--- /dev/null
+++ b/main/mini_httpd/mini_httpd.initd
@@ -0,0 +1,25 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-servers/mini_httpd/files/mini_httpd.init,v 1.2 2007/08/26 21:20:21 bangert Exp $
+
+pidfile=/var/run/${SVCNAME}.pid
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting $SVCNAME"
+	start-stop-daemon --quiet --start --exec /usr/sbin/mini_httpd \
+		--pidfile $pidfile -- -i $pidfile \
+		${MINI_HTTPD_OPTS:--C /etc/${SVCNAME}.conf}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping $SVCNAME"
+	start-stop-daemon --quiet --stop --pidfile $pidfile
+	eend $?
+}
+
diff --git a/main/mkinitfs/APKBUILD b/main/mkinitfs/APKBUILD
new file mode 100644
index 0000000000..d6dda34715
--- /dev/null
+++ b/main/mkinitfs/APKBUILD
@@ -0,0 +1,16 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mkinitfs
+pkgver=1.7
+pkgrel=0
+pkgdesc="Tool to generate initramfs images for Alpine"
+url=http://git.alpinelinux.org/cgit/mkinitfs
+depends="busybox"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2"
+license="GPL-2"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	make
+	make install DESTDIR="$pkgdir" || return 1
+}
+md5sums="56ab75d5f094e75ef242394280d7ecd1  mkinitfs-1.7.tar.bz2"
diff --git a/main/mlmmj/APKBUILD b/main/mlmmj/APKBUILD
new file mode 100644
index 0000000000..96649fd6b6
--- /dev/null
+++ b/main/mlmmj/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mlmmj
+pkgver=1.2.16
+pkgrel=0
+pkgdesc="Mailing list managing made joyful"
+url="http://mlmmj.org/"
+license="MIT"
+subpackages="$pkgname-doc"
+depends="uclibc"
+source="http://mlmmj.mmj.dk/files/$pkgname-$pkgver.tar.bz2 "
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	configure --prefix=/usr
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install || return 1
+	install -d "$pkgdir"/usr/share/mlmmj/texts
+	cp -r listtexts/* "$pkgdir"/usr/share/mlmmj/texts/
+}
+md5sums="9ea7ba91ccb55b9edf3e5148537364e3  mlmmj-1.2.16.tar.bz2"
diff --git a/main/module-init-tools/APKBUILD b/main/module-init-tools/APKBUILD
new file mode 100644
index 0000000000..1441c2fd4e
--- /dev/null
+++ b/main/module-init-tools/APKBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Natanel Copa <ncopa@alpinelinux.org>
+pkgname=module-init-tools
+pkgver=3.8
+pkgrel=0
+pkgdesc="Utilities for inserting and removing modules from the Linux kernel"
+url="http://www.kernel.org"
+license='GPL'
+depends=
+source="http://www.kernel.org/pub/linux/utils/kernel/module-init-tools/module-init-tools-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+#  patch -Np1 -i ../makefile.patch
+#  patch -Np0 -i ../fix-modprobe-ignore-path.patch || return 1
+#  sed -i 's|/usr/bin/install|/bin/install|g' install-with-care
+	./configure --prefix=/usr --exec-prefix=/
+	make DOCBOOKTOMAN=: || return 1
+  	make -j1 DESTDIR="$pkgdir" INSTALL=install install || return 1
+
+	# remove empty manpages.
+	rm -r "$pkgdir/usr"
+}
+
+md5sums="470d7830fd263d29a92149da6ae9f122  module-init-tools-3.8.tar.bz2"
diff --git a/main/mpfr/APKBUILD b/main/mpfr/APKBUILD
new file mode 100644
index 0000000000..c58f2cac78
--- /dev/null
+++ b/main/mpfr/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mpfr
+pkgver=2.4.1
+pkgrel=0
+pkgdesc="multiple-precision floating-point library"
+url="http://www.mpfr.org/"
+license="GPL LGPL"
+depends="gmp"
+makedepends="gmp-dev texinfo"
+source="http://www.mpfr.org/mpfr-current/mpfr-$pkgver.tar.bz2"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build() { 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--disable-thread-safe \
+		--enable-shared || return 1;
+	make || return 1;
+	make DESTDIR="${pkgdir}" install || return 1;
+}
+md5sums="c5ee0a8ce82ad55fe29ac57edd35d09e  mpfr-2.4.1.tar.bz2"
diff --git a/main/mpg123/APKBUILD b/main/mpg123/APKBUILD
new file mode 100644
index 0000000000..4a13dea81a
--- /dev/null
+++ b/main/mpg123/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mpg123
+pkgver=1.8.1
+pkgrel=0
+pkgdesc="A console based real time MPEG Audio Player for Layer 1, 2 and 3"
+url="http://sourceforge.net/projects/mpg123"
+license="GPL2 LGPL2"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends="pkgconfig libtool alsa-lib-dev"
+source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build() { 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--disable-dependency-tracking \
+		--with-ipv6 \
+		--with-pic \
+		--with-optimization=0 \
+		--with-cpu=i386_fpu \
+		--with-audio="alsa oss" || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+md5sums="856893f14b29b1cddf4aba32469860b4  mpg123-1.8.1.tar.bz2"
diff --git a/main/mtools/APKBUILD b/main/mtools/APKBUILD
new file mode 100644
index 0000000000..b556426163
--- /dev/null
+++ b/main/mtools/APKBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mtools
+pkgver=4.0.10
+pkgrel=2
+pkgdesc="A collection of utilities to access MS-DOS disks from Unix without mounting them"
+url="http://www.gnu.org/software/mtools/"
+license="GPL"
+depends=
+makedepends="texinfo"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.bz2"
+subpackages="$pkgname-doc"
+
+build () { 
+	cd $srcdir/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--sysconfdir=/etc \
+		--without-x
+	make || return 1
+	make -j1 install DESTDIR="$pkgdir"
+}
+
+md5sums="750c2beba968a5d46dbaae24551a82b9  mtools-4.0.10.tar.bz2"
diff --git a/main/mysql/APKBUILD b/main/mysql/APKBUILD
new file mode 100644
index 0000000000..de03c127da
--- /dev/null
+++ b/main/mysql/APKBUILD
@@ -0,0 +1,70 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=mysql
+pkgver=5.0.83
+pkgrel=0
+pkgdesc="A fast SQL database server"
+url="http://www.mysql.com/"
+license='GPL'
+depends=
+makedepends="libtool uclibc++-dev readline-dev openssl-dev ncurses-dev zlib-dev"
+source="http://sunsite.informatik.rwth-aachen.de/mysql/Downloads/MySQL-5.0/${pkgname}-${pkgver}.tar.gz
+$pkgname.initd
+$pkgname.mycnf"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-test libmysqlclient $pkgname-client"
+
+build() {
+        cd "$srcdir/$pkgname-$pkgver"
+	export CXX=g++-uc
+        ./configure --prefix=/usr --libexecdir=/usr/sbin \
+        --localstatedir=/var/lib/mysql \
+        --disable-assembler --with-pthread \
+        --without-raid --without-libwrap \
+        --without-pstack --without-docs \
+        --without-embedded-server --with-openssl \
+        --without-mysqlfs --without-vio \
+        --without-bench --without-debug \
+	--with-unix-socket-path=/var/run/mysqld/mysqld.sock \
+        --with-innodb --mandir=/usr/share/man || return 1
+        make || return 1
+        make -j1 DESTDIR="$pkgdir/" install
+        install -Dm 755 "$startdir"/$pkgname.initd $pkgdir/etc/init.d/$pkgname
+        install -Dm 644 "$startdir"/$pkgname.mycnf $pkgdir/etc/mysql/my.cnf
+        install -dDo mysql $pkgdir/var/log/mysql
+        install -dDo mysql $pkgdir/var/run/mysqld
+}
+
+libmysqlclient() {
+	pkgdesc="MySQL client library"
+	mkdir -p "$subpkgdir"/usr/lib/mysql
+	mv "$pkgdir"/usr/lib/mysql/libmysqlclient.so* "$subpkgdir"/usr/lib/mysql
+	# make symlinks
+	cd "$subpkgdir"/usr/lib
+	for i in mysql/*; do
+		ln -s "$i" "${i##*/}"
+	done
+}
+
+test() {
+        mkdir -p "$subpkgdir"/usr
+        mv "$pkgdir"/usr/mysql-test "$subpkgdir"/usr/
+}
+
+client() {
+	pkgdesc="client for the MySQL database"
+	install=""
+	local bins="myisam_ftdump mysql mysqlaccess mysqladmin mysqlbug mysqlcheck
+	mysql_client_test mysqldump mysqldumpslow mysql_explain_log mysql_find_rows
+	mysql_fix_extensions mysqlimport mysqlshow mysql_tableinfo mysqltestmanagerc
+	mysqltestmanager-pwgen mysql_waitpid"
+	
+	mkdir -p "$subpkgdir"/usr/bin/
+
+	for i in $bins; do
+		mv "$pkgdir"/usr/bin/${i} "$subpkgdir"/usr/bin/
+	done
+}
+
+md5sums="051392064a1e32cca5c23a593908b10e  mysql-5.0.83.tar.gz
+3ce9827b22d8fbbb29d83a91cbe98ffc  mysql.initd
+15a7e3ddd6a40bf5a1eb3a8c69d9c34c  mysql.mycnf"
diff --git a/main/mysql/mysql.initd b/main/mysql/mysql.initd
new file mode 100644
index 0000000000..8f841646b8
--- /dev/null
+++ b/main/mysql/mysql.initd
@@ -0,0 +1,38 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/dev-db/mysql/files/mysql.init,v 1.7 2004/07/14 21:41:15 agriffis Exp $
+
+depend() {
+  need net
+  use dns
+}
+
+checkconfig() {
+  if [ ! -f /etc/mysql/my.cnf ] ; then
+    eerror "No /etc/mysql/my.cnf file exists!"
+  fi
+
+    dir=`my_print_defaults -c /etc/mysql/my.cnf mysqld | grep -- --datadir | sed -e "s|^.*=\(.*\)|\1|"`
+
+  if [ ! -d $dir/mysql ] ; then
+    eerror "You dont appear to have the mysql database installed yet."
+    eerror "Please run /usr/bin/mysql_install_db --user=mysql to have this done..."
+    return 1
+  fi
+}
+
+start() {
+  checkconfig || return 1
+  ebegin "Starting mysqld"
+  /usr/bin/mysqld_safe --defaults-file=/etc/mysql/my.cnf >/dev/null 2>&1 &
+  eend $?
+}
+
+stop () {
+  ebegin "Stopping mysqld"
+  start-stop-daemon --stop --quiet \
+    --pidfile=/var/run/mysqld/mysqld.pid --retry 20
+  eend $?
+}
+
diff --git a/main/mysql/mysql.mycnf b/main/mysql/mysql.mycnf
new file mode 100644
index 0000000000..6df0334eff
--- /dev/null
+++ b/main/mysql/mysql.mycnf
@@ -0,0 +1,49 @@
+# The following values assume you have at least 32M RAM!
+
+[client]
+#password = my_password
+port			= 3306
+socket			= /var/run/mysqld/mysqld.sock
+
+[safe_mysqld]
+err-log			= /var/log/mysql/mysql.err
+
+[mysqld]
+# this disabled mysqld from listing on any interface.
+# Use localhost to connect to socket
+# If you need networking comment out the following line
+skip-networking
+
+# If innodb is needed commend next line
+# if not leave this to increase performance
+skip-innodb
+
+innodb_file_per_table
+user			= mysql
+pid-file		= /var/run/mysqld/mysqld.pid
+socket			= /var/run/mysqld/mysqld.sock
+port			= 3306
+
+# Only enable this if you really need it
+# eats resources.
+#log			= /var/log/mysql/mysql.log
+
+basedir			= /usr
+datadir			= /var/lib/mysql
+tmpdir			= /tmp
+language		= /usr/share/mysql/english
+skip-locking
+set-variable		= key_buffer=16M
+set-variable		= max_allowed_packet=1M
+set-variable		= thread_stack=128K
+
+[mysqldump]
+quick
+set-variable		= max_allowed_packet=1M
+
+[mysql]
+#no-auto-rehash # faster start of mysql but no tab completition
+
+[isamchk]
+set-variable		= key_buffer=16M
+
diff --git a/main/nano/APKBUILD b/main/nano/APKBUILD
new file mode 100644
index 0000000000..ab2a8bfc56
--- /dev/null
+++ b/main/nano/APKBUILD
@@ -0,0 +1,33 @@
+# Contributor: ms13sp <ms13sp@gmail.com>
+# Maintainer: ms13sp <ms13sp@gmail.com>
+pkgname=nano
+pkgver=2.0.9
+pkgmaj=2.0
+pkgrel=1
+pkgdesc="Text Editor. GNU nano is designed to be a free replacement for the Pico text editor."
+url="http://www.nano-editor.org/"
+license="GPL"
+depends="ncurses uclibc ncurses-terminfo"
+makedepends="ncurses-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://www.nano-editor.org/dist/v$pkgmaj/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--enable-tiny \
+		--disable-nls \
+		--disable-speller
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	# install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	# install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+
+md5sums="2be94dc43fb60fff4626a2401a977220  nano-2.0.9.tar.gz"
diff --git a/main/nasm/APKBUILD b/main/nasm/APKBUILD
new file mode 100644
index 0000000000..cc5d60ae5d
--- /dev/null
+++ b/main/nasm/APKBUILD
@@ -0,0 +1,18 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=nasm
+pkgver=2.05.01
+pkgrel=0
+pkgdesc="80x86 assembler designed for portability and modularity"
+url="http://nasm.sourceforge.net"
+license="LGPL"
+depends="uclibc"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2"
+subpackages="$pkgname-doc"
+
+build () { 
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr
+	make || return 1
+	make INSTALLROOT="$pkgdir" install
+}
+md5sums="da4977f6d9d9b8f00527f2c62109453b  nasm-2.05.01.tar.bz2"
diff --git a/main/ncftp/APKBUILD b/main/ncftp/APKBUILD
new file mode 100644
index 0000000000..4a43f4582c
--- /dev/null
+++ b/main/ncftp/APKBUILD
@@ -0,0 +1,38 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=ncftp
+pkgver=3.2.2
+pkgrel=1
+pkgdesc="A set of free application programs implementing FTP"
+url="http://www.ncftp.com/"
+license="custom"
+depends="uclibc"
+makedepends="ncurses-dev"
+install="$pkgname.post-install"
+source="ftp://ftp.$pkgname.com/$pkgname/$pkgname-$pkgver-src.tar.bz2
+$pkgname.post-install"
+subpackages="$pkgname-doc $pkgname-bookmarks"
+
+build () {
+	cd "${srcdir}/${pkgname}-${pkgver}" || return 1
+	install -d "${pkgdir}"/usr/share | return 1
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man || return 1
+	cd "${srcdir}/${pkgname}-${pkgver}"/libncftp
+	make shared || return 1
+	make PREFIX="${pkgdir}"/usr soinstall || return 1
+	cd "${srcdir}/${pkgname}-${pkgver}" || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -D doc/LICENSE.txt "${pkgdir}/usr/share/licenses/${pkgname}"/LICENSE || return 1
+}
+
+bookmarks () {
+	depends="ncurses"
+	install=""
+	mkdir -p "$subpkgdir"/usr/bin || return 1
+	mv "$pkgdir"/usr/bin/ncftpbookmarks "$subpkgdir"/usr/bin/ || return 1
+}
+
+md5sums="b2b4b2fd38c81754b8f13895d784d491  ncftp-3.2.2-src.tar.bz2
+b2f4e60fb769c6c9461f28979efa087d  ncftp.post-install"
diff --git a/main/ncftp/ncftp.post-install b/main/ncftp/ncftp.post-install
new file mode 100644
index 0000000000..e1ccb7b839
--- /dev/null
+++ b/main/ncftp/ncftp.post-install
@@ -0,0 +1,7 @@
+#!/bin/sh
+echo '*'
+echo '* If you like to install the ncurses based bookmark manager run: '
+echo '*'
+echo '*   apk_add ncftp-bookmarks' 
+echo '*'
+exit 0
diff --git a/main/ncurses/APKBUILD b/main/ncurses/APKBUILD
new file mode 100644
index 0000000000..6bd01f640d
--- /dev/null
+++ b/main/ncurses/APKBUILD
@@ -0,0 +1,34 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ncurses
+pkgver=5.7
+pkgrel=0
+pkgdesc="Console display library"
+url="http://www.gnu.org/software/ncurses/"
+license=MIT
+depends=
+
+source="ftp://ftp.gnu.org/pub/gnu/${pkgname}/${pkgname}-${pkgver}.tar.gz
+	"
+	
+subpackages="$pkgname-dev $pkgname-doc $pkgname-terminfo"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	 ./configure \
+	 	--mandir=/usr/share/man \
+	 	--disable-ada \
+		--without-cxx-binding \
+		--with-shared
+
+	 make || return 1
+	 make install DESTDIR=$pkgdir/
+}
+
+terminfo() {
+	rm -rf $subpkgdir
+	mkdir -p $subpkgdir/usr/share
+	mv $pkgdir/usr/share/terminfo $subpkgdir/usr/share
+}
+
+md5sums="cce05daf61a64501ef6cd8da1f727ec6  ncurses-5.7.tar.gz"
diff --git a/main/neon/APKBUILD b/main/neon/APKBUILD
new file mode 100644
index 0000000000..76d099e471
--- /dev/null
+++ b/main/neon/APKBUILD
@@ -0,0 +1,27 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=neon
+pkgver=0.28.4
+pkgrel=1
+pkgdesc="HTTP and WebDAV client library with a C interface"
+url="http://www.webdav.org/neon/"
+license="GPL LGPL"
+depends="openssl zlib expat"
+makedepends="expat-dev openssl-dev zlib-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://www.webdav.org/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build () {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--with-ssl \
+		--with-expat \
+		--without-gssapi \
+		--disable-nls \
+		--disable-socks \
+		--enable-shared \
+		--disable-static \
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="6c3b94362af743d046e198e9fcbe4a85  neon-0.28.4.tar.gz"
diff --git a/main/net-snmp/APKBUILD b/main/net-snmp/APKBUILD
new file mode 100644
index 0000000000..ac497cb9b3
--- /dev/null
+++ b/main/net-snmp/APKBUILD
@@ -0,0 +1,57 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=net-snmp
+pkgver=5.4.2.1
+pkgrel=0
+pkgdesc="Simple Network Management Protocol"
+url="http://www.net-snmp.org/"
+license="GPL"
+depends=
+makedepends="perl-dev"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-tools"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+snmpd.initd
+snmpd.confd
+snmptrapd.initd
+snmptrapd.confd"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	export lt_cv_sys_max_cmd_len=8192
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/snmp \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-default-snmp-version="3" \
+		--with-sys-contact="root@unknown" \
+		--with-sys-location="unknown" \
+		--with-logfile="/var/log/net-snmpd.log" \
+		--enable-ucd-snmp-compatibility \
+		--with-persistent-directory="/var/lib/net-snmp" \
+		--enable-shared \
+		--enable-as-needed
+
+	make -j1 || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+	install -m755 -D "$srcdir"/snmpd.initd "$pkgdir"/etc/init.d/snmpd
+	install -m644 -D "$srcdir"/snmpd.confd "$pkgdir"/etc/conf.d/snmpd
+        install -m755 -D "$srcdir"/snmptrapd.initd "$pkgdir"/etc/init.d/snmptrapd
+	install -m644 -D "$srcdir"/snmptrapd.confd "$pkgdir"/etc/conf.d/snmptrapd
+	install -m644 -D EXAMPLE.conf "$pkgdir"/etc/snmp/snmpd.conf.example
+	mkdir -p "$pkgdir"/var/lib/net-snmp
+}
+
+tools() {
+	mkdir -p "$subpkgdir"/usr
+	mv "$pkgdir"/usr/bin "$subpkgdir"/usr
+}
+
+
+md5sums="984932520143f0c8bf7b7ce1fc9e1da1  net-snmp-5.4.2.1.tar.gz
+941e257218aa773b33696a2c7222a14e  snmpd.initd
+96510a2f3bc9f21648b03f7e8d76c0d3  snmpd.confd
+c5198c350991637849595dba93019bda  snmptrapd.initd
+363f7728a76bdfc46e29b7e1f5cf4950  snmptrapd.confd"
diff --git a/main/net-snmp/snmpd.confd b/main/net-snmp/snmpd.confd
new file mode 100644
index 0000000000..ad48a1d94d
--- /dev/null
+++ b/main/net-snmp/snmpd.confd
@@ -0,0 +1,14 @@
+# Initial (empty) options.
+OPTS=""
+
+# Enable connection logging.
+#SNMPD_FLAGS="${OPTS} -a"
+
+# Enable syslog and disable file log.
+#SNMPD_FLAGS="${OPTS} -Lsd -Lf /dev/null"
+
+# Enable agentx socket as /var/agentx/master
+# *NOTE* Before uncommenting this, make sure
+#        the /var/agentx directory exists.
+#SNMPD_FLAGS="${OPTS} -x /var/agentx/master"
+
diff --git a/main/net-snmp/snmpd.initd b/main/net-snmp/snmpd.initd
new file mode 100644
index 0000000000..49beda58d8
--- /dev/null
+++ b/main/net-snmp/snmpd.initd
@@ -0,0 +1,30 @@
+#!/sbin/runscript
+
+NAME=snmpd
+DAEMON=/usr/sbin/$NAME
+
+depend() {
+	use logger
+	need net
+}
+
+checkconfig() {
+	if [ ! -e /etc/snmp/snmpd.conf ] ; then
+		eerror "You need an /etc/snmp/snmpd.conf config file to run snmpd"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ${NAME}"
+		start-stop-daemon --start --quiet --background \
+			--exec ${DAEMON} -- -p /var/run/${NAME}.pid ${OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+		start-stop-daemon --stop --quiet --pidfile /var/run/${NAME}.pid
+	eend $?
+}
diff --git a/main/net-snmp/snmptrapd.confd b/main/net-snmp/snmptrapd.confd
new file mode 100644
index 0000000000..d9cee614ea
--- /dev/null
+++ b/main/net-snmp/snmptrapd.confd
@@ -0,0 +1,12 @@
+# extra flags to pass to snmptrapd
+OPTS=""
+
+# ignore authentication failure traps
+#SNMPTRAPD_FLAGS="${OPTS} -a"
+
+# log messages to specified file
+#SNMPTRAPD_FLAGS="${OPTS} -Lf /var/log/snmptrapd.log"
+
+# log messages to syslog with the specified facility
+# where facility is: 'd' = LOG_DAEMON, 'u' = LOG_USER, [0-7] = LOG_LOCAL[0-7]
+#SNMPTRAPD_FLAGS="${OPTS} -Ls d"
diff --git a/main/net-snmp/snmptrapd.initd b/main/net-snmp/snmptrapd.initd
new file mode 100644
index 0000000000..bf56233ab6
--- /dev/null
+++ b/main/net-snmp/snmptrapd.initd
@@ -0,0 +1,22 @@
+#!/sbin/runscript
+
+NAME=snmptrapd
+DAEMON=/usr/sbin/$NAME
+
+depend() {
+	use logger
+	need net
+}
+
+start() {
+	ebegin "Starting ${NAME}"
+		start-stop-daemon --start --quiet --background \
+			--exec ${DAEMON} -- -p /var/run/${NAME}.pid ${OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+		start-stop-daemon --stop --quiet --pidfile /var/run/${NAME}.pid
+	eend $?
+}
diff --git a/main/newt/APKBUILD b/main/newt/APKBUILD
new file mode 100644
index 0000000000..dc81b8b670
--- /dev/null
+++ b/main/newt/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=newt
+pkgver=0.52.8
+pkgrel=0
+pkgdesc="Redhat's Newt windowing toolkit development files"
+url="http://www.redhat.com/"
+license="LGPL-2"
+depends="uclibc slang popt ncurses"
+makedepends="slang-dev popt-dev python-dev ncurses-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://distfiles.gentoo.org/distfiles/$pkgname-$pkgver.tar.gz
+	$pkgname-0.52.7-notcl.patch
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	sed -i -e 's:-lslang:-lslang -lncurses:g' \
+		-e 's:instroot:DESTDIR:g' Makefile.in || return 1
+
+	./configure --prefix=/usr \
+		--without-gpm \
+		--without-tcl \
+		--disable-nls
+	make -j1 RPM_OPT_FLAGS="$CFLAGS" || return 1
+	# TODO: fix the make install target to not try install po files
+	make -j1 DESTDIR="$pkgdir" prefix="/usr" RPM_OPT_FLAGS="ERROR" install \
+		||  true
+}
+md5sums="0daef93590e9b6fd3419c871e75f9fa7  newt-0.52.8.tar.gz
+6780156f3b66a3f05efe1ee821617031  newt-0.52.7-notcl.patch"
diff --git a/main/newt/newt-0.52.7-notcl.patch b/main/newt/newt-0.52.7-notcl.patch
new file mode 100644
index 0000000000..b9f86e6b60
--- /dev/null
+++ b/main/newt/newt-0.52.7-notcl.patch
@@ -0,0 +1,35 @@
+--- newt-0.52.7/Makefile.in.orig	2008-01-15 16:57:12.000000000 +0100
++++ newt-0.52.7/Makefile.in	2008-01-15 16:58:38.000000000 +0100
+@@ -15,7 +15,7 @@
+ PYTHONVERS = @PYTHONVERS@
+ WHIPTCLSO = @WHIPTCLSO@
+ 
+-PROGS = test whiptail $(WHIPTCLSO) testgrid testtree showchars showkey
++PROGS = test whiptail testgrid testtree showchars showkey
+ TESTOBJS = test.o testgrid.o testtree.o showchars.o showkey.o
+ NDIALOGOBJS = whiptail.o dialogboxes.o
+ WHIPTCLOBJS = shared/whiptcl.o shared/dialogboxes.o
+@@ -78,9 +78,6 @@
+ whiptail: $(NDIALOGOBJS) $(LIBNEWTSH)
+ 	$(CC) -g -o whiptail $(NDIALOGOBJS) -L . -lnewt $(LIBS) -lpopt
+ 
+-whiptcl.so: $(WHIPTCLOBJS) $(LIBNEWTSH)
+-	$(CC) -shared $(SHCFLAGS) -o whiptcl.so $(WHIPTCLOBJS) -L . -lnewt  $(LIBTCL) -lslang -lpopt -lm
+-
+ $(LIBNEWT): $(LIBOBJS)
+ 	ar rv $@ $^
+ 
+@@ -120,12 +117,11 @@
+ 	install -m 644 whiptail.1 $(instroot)/$(man1dir)
+ 	make -C po datadir=$(instroot)/$(datadir) install
+ 
+-install-sh: sharedlib $(WHIPTCLSO) _snackmodule.so
++install-sh: sharedlib _snackmodule.so
+ 	[ -d $(instroot)/$(libdir) ] || install -m 755 -d $(instroot)/$(libdir)
+ 	install -m 755 $(LIBNEWTSH) $(instroot)/$(libdir)
+ 	ln -sf $(LIBNEWTSONAME) $(instroot)/$(libdir)/libnewt.so
+ 	ln -sf $(LIBNEWTSH) $(instroot)/$(libdir)/$(LIBNEWTSONAME)
+-	[ -n "$(WHIPTCLSO)" ] && install -m 755 whiptcl.so $(instroot)/$(libdir) || :
+ 	for ver in $(PYTHONVERS) ; do \
+ 	   [ -d $(instroot)/$(libdir)/$$ver/site-packages ] || install -m 755 -d $(instroot)/$(libdir)/$$ver/site-packages ;\
+ 	   install -m 755 $$ver/_snackmodule.so $(instroot)/$(libdir)/$$ver/site-packages ;\
diff --git a/main/nfs-utils/APKBUILD b/main/nfs-utils/APKBUILD
new file mode 100644
index 0000000000..b9225f9663
--- /dev/null
+++ b/main/nfs-utils/APKBUILD
@@ -0,0 +1,54 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=nfs-utils
+pkgver=1.2.0
+pkgrel=0
+pkgdesc="kernel-mode NFS"
+url="http://nfs.sourceforge.net/"
+license="GPL"
+depends="portmap"
+makedepends="e2fsprogs-dev"
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/nfs/$pkgname-$pkgver.tar.bz2
+	nfs.initd
+	nfs.confd
+	nfs.exports
+	nfs-utils-no-exec.patch
+	nfs-utils-mtab-sym.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	for i in "$srcdir"/*.patch; do
+		msg "Applying $i"
+		patch -p0 -i "${i}" || return 1
+	done
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--without-tcp-wrappers \
+		--disable-nfsv4 \
+		--enable-uuid \
+		--disable-gss \
+		--enable-mount \
+		--enable-nfsv3 \
+		--with-statedir=/var/lib/nfs
+
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+	install -m755 -D "$srcdir"/nfs.initd "$pkgdir"/etc/init.d/nfs
+	install -m644 -D "$srcdir"/nfs.confd "$pkgdir"/etc/conf.d/nfs
+	install -m644 -D "$srcdir"/nfs.exports "$pkgdir"/etc/exports
+	#mkdir -p "$pkgdir"/usr/lib/nfs
+	install -m755 -D tools/rpcgen/rpcgen "$pkgdir"/usr/bin/rpcgen
+}
+
+md5sums="779cf81044e92cb51ad590960e7b3671  nfs-utils-1.2.0.tar.bz2
+4538f67470c916f8da9c76a17e314906  nfs.initd
+09135438d6df50b868bbe5a2260f973c  nfs.confd
+4f1bb7b2412ce5952ecb5ec22d8ed99d  nfs.exports
+5e0963b0889e779ff36af0299d17d6cb  nfs-utils-no-exec.patch
+a3a7338f8de3ac37c1ffc05bdcb77d16  nfs-utils-mtab-sym.patch"
diff --git a/main/nfs-utils/nfs-utils-mtab-sym.patch b/main/nfs-utils/nfs-utils-mtab-sym.patch
new file mode 100644
index 0000000000..1ebbd99b57
--- /dev/null
+++ b/main/nfs-utils/nfs-utils-mtab-sym.patch
@@ -0,0 +1,38 @@
+--- utils/mount/fstab.c
++++ utils/mount/fstab.c
+@@ -57,7 +57,7 @@ mtab_does_not_exist(void) {
+ 	return var_mtab_does_not_exist;
+ }
+ 
+-static int
++int
+ mtab_is_a_symlink(void) {
+         get_mtab_info();
+         return var_mtab_is_a_symlink;
+--- utils/mount/fstab.h
++++ utils/mount/fstab.h
+@@ -7,6 +7,7 @@
+ #define _PATH_FSTAB "/etc/fstab"
+ #endif
+ 
++int mtab_is_a_symlink(void);
+ int mtab_is_writable(void);
+ int mtab_does_not_exist(void);
+ void reset_mtab_info(void);
+--- utils/mount/mount.c
++++ utils/mount/mount.c
+@@ -230,6 +230,13 @@ create_mtab (void) {
+ 	int flags;
+ 	mntFILE *mfp;
+ 
++	/* Avoid writing if the mtab is a symlink to /proc/mounts, since
++	   that would create a file /proc/mounts in case the proc filesystem
++	   is not mounted, and the fchmod below would also fail. */
++	if (mtab_is_a_symlink()) {
++		return EX_SUCCESS;
++	}
++
+ 	lock_mtab();
+ 
+ 	mfp = nfs_setmntent (MOUNTED, "a+");
+
diff --git a/main/nfs-utils/nfs-utils-no-exec.patch b/main/nfs-utils/nfs-utils-no-exec.patch
new file mode 100644
index 0000000000..94a73d366f
--- /dev/null
+++ b/main/nfs-utils/nfs-utils-no-exec.patch
@@ -0,0 +1,13 @@
+--- utils/mount/mount.c Wed Apr  8 09:25:26 2009
++++ utils/mount/mount.c	Wed Apr  8 09:25:26 2009
+@@ -407,10 +407,6 @@
+ 		mount_error(NULL, mount_point, ENOTDIR);
+ 		return 1;
+ 	}
+-	if (access(mount_point, X_OK) < 0) {
+-		mount_error(NULL, mount_point, errno);
+-		return 1;
+-	}
+ 
+ 	return 0;
+ }
diff --git a/main/nfs-utils/nfs.confd b/main/nfs-utils/nfs.confd
new file mode 100644
index 0000000000..98a143a654
--- /dev/null
+++ b/main/nfs-utils/nfs.confd
@@ -0,0 +1,30 @@
+# /etc/conf.d/nfs
+
+# If you wish to set the port numbers for lockd,
+# please see /etc/sysctl.conf
+
+# Number of servers to be started up by default
+OPTS_RPC_NFSD="8"
+
+# Options to pass to rpc.mountd
+# ex. OPTS_RPC_MOUNTD="-p 32767"
+OPTS_RPC_MOUNTD=""
+
+# Options to pass to rpc.statd
+# ex. OPTS_RPC_STATD="-p 32765 -o 32766"
+OPTS_RPC_STATD=""
+
+# Options to pass to rpc.idmapd
+OPTS_RPC_IDMAPD=""
+
+# Options to pass to rpc.gssd
+OPTS_RPC_GSSD=""
+
+# Options to pass to rpc.svcgssd
+OPTS_RPC_SVCGSSD=""
+
+# Options to pass to rpc.rquotad (requires sys-fs/quota)
+OPTS_RPC_RQUOTAD=""
+
+# Timeout (in seconds) for exportfs
+EXPORTFS_TIMEOUT=30
diff --git a/main/nfs-utils/nfs.exports b/main/nfs-utils/nfs.exports
new file mode 100644
index 0000000000..dc0b839271
--- /dev/null
+++ b/main/nfs-utils/nfs.exports
@@ -0,0 +1,7 @@
+# /etc/exports
+#
+# See exports(5) for a description.
+
+# use exportfs -arv to reread
+#/export    192.168.1.10(rw,no_root_squash)
+
diff --git a/main/nfs-utils/nfs.initd b/main/nfs-utils/nfs.initd
new file mode 100644
index 0000000000..e9711d914d
--- /dev/null
+++ b/main/nfs-utils/nfs.initd
@@ -0,0 +1,154 @@
+#!/sbin/runscript
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-fs/nfs-utils/files/nfs.initd,v 1.18 2009/02/27 01:41:55 vapier Exp $
+
+opts="reload"
+
+# This variable is used for controlling whether or not to run exportfs -ua;
+# see stop() for more information
+restarting=no
+
+# The binary locations
+exportfs=/usr/sbin/exportfs
+  mountd=/usr/sbin/rpc.mountd
+    nfsd=/usr/sbin/rpc.nfsd
+smnotify=/usr/sbin/sm-notify
+
+depend() {
+	local myneed=""
+	if [ -e /etc/exports ] ; then
+		if awk '!/^[[:space:]]*#/ && $2 ~ /sec=/ { exit 0 } END { exit 1 }' /etc/exports ; then
+			myneed="${myneed} rpc.svcgssd"
+		fi
+	fi
+	config /etc/exports
+	need portmap rpc.statd ${myneed}
+	use ypbind net dns rpc.rquotad rpc.idmapd rpc.svcgssd
+	after quota
+}
+
+mkdir_nfsdirs() {
+	local d
+	for d in rpc_pipefs v4recovery v4root ; do
+		d="/var/lib/nfs/${d}"
+		[ ! -d "${d}" ] && mkdir -p "${d}"
+	done
+}
+
+waitfor_exportfs() {
+	local pid=$1
+	( sleep ${EXPORTFS_TIMEOUT:-30}; kill -9 $pid 2>/dev/null ) &
+	wait $1
+}
+
+mount_nfsd() {
+	if [ -e /proc/modules ] ; then
+		# Make sure nfs support is loaded in the kernel #64709
+		if ! grep -qs nfsd /proc/filesystems ; then
+			modprobe -q nfsd
+		fi
+		# Restart idmapd if needed #220747
+		if grep -qs nfsd /proc/modules ; then
+			killall -q -HUP rpc.idmapd
+		fi
+	fi
+
+	# This is the new "kernel 2.6 way" to handle the exports file
+	if grep -qs nfsd /proc/filesystems ; then
+		if ! grep -qs "nfsd /proc/fs/nfsd" /proc/mounts ; then
+			ebegin "Mounting nfsd filesystem in /proc"
+			mount -t nfsd -o nodev,noexec,nosuid nfsd /proc/fs/nfsd
+			eend $?
+		fi
+	fi
+}
+
+start_it() {
+	ebegin "Starting NFS $1"
+	shift
+	"$@"
+	eend $?
+	ret=$((ret + $?))
+}
+start() {
+	mount_nfsd
+	mkdir_nfsdirs
+
+	# Exportfs likes to hang if networking isn't working.
+	# If that's the case, then try to kill it so the
+	# bootup process can continue.
+	if grep -qs '^[[:space:]]*/' /etc/exports ; then
+		ebegin "Exporting NFS directories"
+		${exportfs} -r &
+		waitfor_exportfs $!
+		eend $?
+	fi
+
+	local ret=0
+	start_it mountd ${mountd} ${OPTS_RPC_MOUNTD}
+	start_it daemon ${nfsd} ${OPTS_RPC_NFSD}
+	[ -x "${smnotify}" ] && start_it smnotify ${smnotify} ${OPTS_SMNOTIFY}
+	return ${ret}
+}
+
+stop() {
+	local ret=0
+
+	# Don't check NFSSERVER variable since it might have changed,
+	# instead use --oknodo to smooth things over
+	ebegin "Stopping NFS mountd"
+	start-stop-daemon --stop --oknodo --exec ${mountd}
+	eend $?
+	ret=$((ret + $?))
+
+	# nfsd sets its process name to [nfsd] so don't look for $nfsd
+	ebegin "Stopping NFS daemon"
+	start-stop-daemon --stop --oknodo --name nfsd --user root --signal 2
+	eend $?
+	ret=$((ret + $?))
+	# in case things don't work out ... #228127
+	rpc.nfsd 0
+
+	# When restarting the NFS server, running "exportfs -ua" probably
+	# isn't what the user wants.  Running it causes all entries listed
+	# in xtab to be removed from the kernel export tables, and the
+	# xtab file is cleared. This effectively shuts down all NFS
+	# activity, leaving all clients holding stale NFS filehandles,
+	# *even* when the NFS server has restarted.
+	#
+	# That's what you would want if you were shutting down the NFS
+	# server for good, or for a long period of time, but not when the
+	# NFS server will be running again in short order.  In this case,
+	# then "exportfs -r" will reread the xtab, and all the current
+	# clients will be able to resume NFS activity, *without* needing
+	# to umount/(re)mount the filesystem.
+	if [ "${restarting}" = no -o "${RC_CMD}" = "restart" ] ; then
+		ebegin "Unexporting NFS directories"
+		# Exportfs likes to hang if networking isn't working.
+		# If that's the case, then try to kill it so the
+		# shutdown process can continue.
+		${exportfs} -ua &
+		waitfor_exportfs $!
+		eend $?
+	fi
+
+	return ${ret}
+}
+
+reload() {
+	# Exportfs likes to hang if networking isn't working.
+	# If that's the case, then try to kill it so the
+	# bootup process can continue.
+	ebegin "Reloading /etc/exports"
+	${exportfs} -r 1>&2 &
+	waitfor_exportfs $!
+	eend $?
+}
+
+restart() {
+	# See long comment in stop() regarding "restarting" and exportfs -ua
+	restarting=yes
+	svc_stop
+	svc_start
+}
diff --git a/main/ngircd/APKBUILD b/main/ngircd/APKBUILD
new file mode 100644
index 0000000000..2f618a0776
--- /dev/null
+++ b/main/ngircd/APKBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ngircd
+pkgver=14.1
+pkgrel=0
+pkgdesc="Next Generation IRC Daemon"
+url="http://ngircd.barton.de/"
+license="GPL"
+makedepends=""
+makedepends="openssl-dev zlib-dev"
+install="$pkgname.pre-install"
+source="ftp://ftp.berlios.de/pub/$pkgname/$pkgname-$pkgver.tar.gz
+	$pkgname.initd
+	$install"
+
+build ()
+{
+	cd "$srcdir"/$pkgname-$pkgver
+	sed -i \
+		-e "s:/usr/local/etc/ngircd.motd:/etc/ngircd/ngircd.motd:" \
+		-e "s:;ServerUID = 65534:ServerUID = ngircd:" \
+		-e "s:;ServerGID = 65534:ServerGID = nogroup:" \
+		doc/sample-ngircd.conf
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/ngircd \
+		--mandir=/usr/share/man \
+		--without-ident \
+		--with-openssl
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -Dm755 ../$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+}
+
+md5sums="eef90855414c35bfb6590d17e24ee06f  ngircd-14.1.tar.gz
+1a91f517ef865b51d67b77ceb28e4261  ngircd.initd
+c8fbedf0690f35ba565e6a1937afd4fb  ngircd.pre-install"
diff --git a/main/ngircd/ngircd.initd b/main/ngircd/ngircd.initd
new file mode 100644
index 0000000000..807d844e8d
--- /dev/null
+++ b/main/ngircd/ngircd.initd
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-irc/ngircd/files/ngircd.init.d,v 1.3 2006/01/02 15:31:27 swegener Exp $
+
+depend() {
+	need net
+	provide ircd
+}
+
+start() {
+	ebegin "Starting ngIRCd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/ngircd
+	eend $? "Failed to start ngIRCd"
+}
+
+stop() {
+	ebegin "Stopping ngIRCd"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/ngircd
+	eend $? "Failed to stop ngIRCd"
+}
diff --git a/main/ngircd/ngircd.pre-install b/main/ngircd/ngircd.pre-install
new file mode 100644
index 0000000000..062e37ae4f
--- /dev/null
+++ b/main/ngircd/ngircd.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -H -h /etc/ngircd -s /bin/false -D ngircd 2>/dev/null
+exit 0
diff --git a/main/nmap/APKBUILD b/main/nmap/APKBUILD
new file mode 100644
index 0000000000..bb04078768
--- /dev/null
+++ b/main/nmap/APKBUILD
@@ -0,0 +1,47 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=nmap 
+pkgver=4.76
+pkgrel=2
+pkgdesc="A network exploration tool and security/port scanner"
+url="http:/nmap.org"
+license="custom:GPL"
+depends="pcre libpcap uclibc++ openssl lua"
+makedepends="uclibc++-dev libpcap-dev openssl-dev lua-dev"
+install=
+subpackages="$pkgname-doc $pkgname-nse"
+source="http://nmap.org/dist/$pkgname-$pkgver.tgz
+	nmap-4.53-uclibc++-output.cc.patch
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	export CXX=g++-uc
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--without-zenmap \
+		--with-liblua=/usr/include \
+		--with-openssl=/usr/lib
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	# install custom GPL2 license
+	install -D -m644 COPYING ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
+}
+
+nse() {
+	mkdir -p "$subpkgdir"/usr/share/$pkgname
+	mv "$pkgdir"/usr/share/$pkgname/nselib "$subpkgdir"/usr/share/$pkgname/
+	mv "$pkgdir"/usr/share/$pkgname/scripts "$subpkgdir"/usr/share/$pkgname/
+}
+
+md5sums="54b5c9e3f44c1adde17df68170eb7cfe  nmap-4.76.tgz
+507b0936aaafaeddebad309b0924de39  nmap-4.53-uclibc++-output.cc.patch"
diff --git a/main/nmap/nmap-4.53-uclibc++-output.cc.patch b/main/nmap/nmap-4.53-uclibc++-output.cc.patch
new file mode 100644
index 0000000000..3253fc26b3
--- /dev/null
+++ b/main/nmap/nmap-4.53-uclibc++-output.cc.patch
@@ -0,0 +1,11 @@
+--- nmap/output.cc.orig	2007-12-15 09:54:07.000000000 -0800
++++ nmap/output.cc	2007-12-15 09:54:19.000000000 -0800
+@@ -1904,7 +1904,7 @@
+ 
+   /* Compares this record to another. First compare the directory names, then
+      compare the file names. */
+-  bool operator<(const struct data_file_record& other) {
++  bool operator<(const struct data_file_record& other) const {
+     int cmp;
+ 
+     cmp = dir.compare(other.dir);
diff --git a/main/ntfs-3g/APKBUILD b/main/ntfs-3g/APKBUILD
new file mode 100644
index 0000000000..5575e696de
--- /dev/null
+++ b/main/ntfs-3g/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ntfs-3g
+pkgver=2009.4.4
+pkgrel=0
+pkgdesc="A userspace ntfs driver with write support"
+url="http://www.ntfs-3g.org"
+license="GPL"
+depends="uclibc"
+makedepends=""
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://www.ntfs-3g.org/${pkgname}-${pkgver}.tgz
+	nocxx.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	patch configure < ../nocxx.patch || return 1
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" LDCONFIG=: install
+
+}
+
+md5sums="e0b5c170f088a8d82968f0a6b34d31da  ntfs-3g-2009.4.4.tgz
+28513788ba4d556ccd538867dc6205ab  nocxx.patch"
diff --git a/main/ntfs-3g/nocxx.patch b/main/ntfs-3g/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/ntfs-3g/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/oidentd/APKBUILD b/main/oidentd/APKBUILD
new file mode 100644
index 0000000000..130283f72a
--- /dev/null
+++ b/main/oidentd/APKBUILD
@@ -0,0 +1,34 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=oidentd
+pkgver=2.0.8
+pkgrel=0
+pkgdesc="Configurable IDENT server that supports NAT/IP masq."
+url="http://dev.ojnk.net/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/ojnk/$pkgname-$pkgver.tar.gz
+oidentd.conf
+oidentd.initd
+oidentd.confd"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -D -m755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -D -m644 "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -D -m644 "$srcdir"/$pkgname.conf "$pkgdir"/etc/$pkgname.conf
+
+}
+
+md5sums="c3d9a56255819ef8904b867284386911  oidentd-2.0.8.tar.gz
+d9c40e4d6a0bde685a359ad49b4eada2  oidentd.conf
+89a027c3b8245f6c5e79930d16d485f7  oidentd.initd
+05a43d3987754f179f4e31bbe61ff315  oidentd.confd"
diff --git a/main/oidentd/oidentd.conf b/main/oidentd/oidentd.conf
new file mode 100644
index 0000000000..03b28d8278
--- /dev/null
+++ b/main/oidentd/oidentd.conf
@@ -0,0 +1,22 @@
+# Configuration for oidentd
+# see oidentd.conf(5)
+# 
+default {
+	default {
+		deny spoof
+		deny spoof_all
+		deny spoof_privport
+		allow random
+		allow random_numeric
+		allow numeric
+		deny hide
+	}
+}
+
+# you may want to hide root connections
+#user "root" {
+#	default {
+#		force reply "UNKNOWN"
+#	}
+#}
+
diff --git a/main/oidentd/oidentd.confd b/main/oidentd/oidentd.confd
new file mode 100644
index 0000000000..3116889e67
--- /dev/null
+++ b/main/oidentd/oidentd.confd
@@ -0,0 +1,4 @@
+# oidentd start-up options
+USER="nobody"
+GROUP="nobody"
+OPTIONS=""
diff --git a/main/oidentd/oidentd.initd b/main/oidentd/oidentd.initd
new file mode 100644
index 0000000000..c40b058dac
--- /dev/null
+++ b/main/oidentd/oidentd.initd
@@ -0,0 +1,42 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-misc/oidentd/files/oidentd-2.0.7-init,v 1.4 2007/10/24 11:38:14 uberlord Exp $
+
+depend() {
+    need net
+}
+
+check_config() {
+	if [ -z "${USER}" ]
+	then
+		eerror "Please set \$USER in /etc/conf.d/oidentd!"
+		return 1
+	fi
+	if [ -z "${GROUP}" ]
+	then
+		eerror "Please set \$GROUP in /etc/conf.d/oidentd!"
+		return 1
+	fi
+
+	if [ "$(sysctl -n security.bsd.see_other_uids 2>/dev/null)" = "0" ]; then
+		eerror "${SVCNAME} cannot work if the sysctl security.bsd.see_other_uids is 0"
+		return 1
+	fi
+}
+
+
+start() {
+	check_config || return 1
+	ebegin "Starting oidentd"
+	OPTIONS="${OPTIONS} -u ${USER} -g ${GROUP}"
+	start-stop-daemon --start --quiet --exec /usr/sbin/oidentd -- $OPTIONS
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping oidentd"
+	start-stop-daemon --stop --quiet --exec /usr/sbin/oidentd
+	eend $?
+}
+
diff --git a/main/openldap/APKBUILD b/main/openldap/APKBUILD
new file mode 100644
index 0000000000..bb4db8296e
--- /dev/null
+++ b/main/openldap/APKBUILD
@@ -0,0 +1,80 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openldap
+pkgver=2.4.16
+pkgrel=1
+pkgdesc="LDAP Server"
+url="http://www.openldap.org/"
+license="custom"
+depends="db openssl uclibc libldap"
+makedepends="db-dev openssl-dev groff"
+subpackages="$pkgname-dev $pkgname-doc libldap"
+install="$pkgname.pre-install $pkgname.post-install"
+source="ftp://ftp.$pkgname.org/pub/OpenLDAP/$pkgname-release/$pkgname-$pkgver.tgz
+	openldap-2.4-ppolicy.patch
+	openldap-2.4.11-libldap_r.patch
+	$install
+	slapd.initd
+	slapd.confd
+	slurpd.initd
+	"
+
+# berkdb crypt ipv6 ssl 
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--libexecdir=/usr/sbin \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--localstatedir=/var/lib/openldap \
+		--enable-slapd \
+		--enable-bdb \
+		--enable-hdb \
+		--enable-crypt \
+		--enable-dynamic \
+		--enable-dnssrv=mod \
+		--enable-ldap=mod \
+		--enable-meta=mod \
+		--enable-monitor=mod \
+		--enable-null=mod \
+		--enable-passwd=mod \
+		--enable-relay=mod \
+		--enable-shell=mod \
+		--enable-sock=mod \
+		--with-tls=openssl 
+	
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -d "$pkgdir"/var/run/openldap
+	sed -i -e 's:/var/lib/openldap/run:/var/run/openldap:g' \
+		"$pkgdir"/etc/openldap/slapd.conf
+
+	chmod g+r "$pkgdir"/etc/openldap/slapd.conf
+	install -Dm755 ../slapd.initd "$pkgdir"/etc/init.d/slapd
+	install -Dm755 ../slapd.confd "$pkgdir"/etc/conf.d/slapd
+	install -Dm755 ../slurpd.initd "$pkgdir"/etc/init.d/slurpd
+}
+
+libldap() {
+	depends="uclibc openssl"
+	pkgdesc="OpenLDAP libraries"
+	install=
+	mkdir -p "$subpkgdir"/usr "$subpkgdir"/etc/openldap
+	mv "$pkgdir"/usr/lib "$subpkgdir"/usr/
+	mv "$pkgdir"/etc/openldap/ldap.conf "$subpkgdir"/etc/openldap/
+}
+
+md5sums="ed5b86e9d2b372d10edfe3bb59fee165  openldap-2.4.16.tgz
+2524e490ba334a760fa57057c16da7a9  openldap-2.4-ppolicy.patch
+d19d0502f046078ecd737e29e7552fa8  openldap-2.4.11-libldap_r.patch
+07b1fae35627ea4216dccce33c0b8c69  openldap.pre-install
+f38a6f1de624c17cc0cb6776a089880b  openldap.post-install
+13d0e57e54df945671e975acdfb48636  slapd.initd
+b672311fca605c398240cd37a2ae080a  slapd.confd
+ba44f1a0e62cb88c68aa64e4a39847fa  slurpd.initd"
diff --git a/main/openldap/openldap-2.4-ppolicy.patch b/main/openldap/openldap-2.4-ppolicy.patch
new file mode 100644
index 0000000000..c05790e3e2
--- /dev/null
+++ b/main/openldap/openldap-2.4-ppolicy.patch
@@ -0,0 +1,13 @@
+diff -urN ./clients.orig/tools/common.c ./clients/tools/common.c
+--- ./clients.orig/tools/common.c	2007-09-01 01:13:50.000000000 +0200
++++ ./clients/tools/common.c	2008-01-13 21:50:06.000000000 +0100
+@@ -1262,8 +1262,8 @@
+ 	int		nsctrls = 0;
+ 
+ #ifdef LDAP_CONTROL_PASSWORDPOLICYREQUEST
++	LDAPControl c;
+ 	if ( ppolicy ) {
+-		LDAPControl c;
+ 		c.ldctl_oid = LDAP_CONTROL_PASSWORDPOLICYREQUEST;
+ 		c.ldctl_value.bv_val = NULL;
+ 		c.ldctl_value.bv_len = 0;
diff --git a/main/openldap/openldap-2.4.11-libldap_r.patch b/main/openldap/openldap-2.4.11-libldap_r.patch
new file mode 100644
index 0000000000..448249a3b5
--- /dev/null
+++ b/main/openldap/openldap-2.4.11-libldap_r.patch
@@ -0,0 +1,11 @@
+diff -Nuar openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in openldap-2.4.11/servers/slapd/slapi/Makefile.in
+--- openldap-2.4.11.orig/servers/slapd/slapi/Makefile.in	2008-02-11 15:26:49.000000000 -0800
++++ openldap-2.4.11/servers/slapd/slapi/Makefile.in	2008-10-14 02:10:18.402799262 -0700
+@@ -37,6 +37,7 @@
+ XLIBS = $(LIBRARY)
+ XXLIBS = 
+ NT_LINK_LIBS = $(AC_LIBS)
++UNIX_LINK_LIBS = ../../../libraries/libldap_r/libldap_r.la $(LTHREAD_LIBS)
+ 
+ XINCPATH = -I$(srcdir)/.. -I$(srcdir)
+ XDEFS = $(MODULES_CPPFLAGS)
diff --git a/main/openldap/openldap.post-install b/main/openldap/openldap.post-install
new file mode 100644
index 0000000000..1d6affdfee
--- /dev/null
+++ b/main/openldap/openldap.post-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+chown -R ldap:ldap /var/lib/openldap /var/run/openldap
+chgrp ldap /etc/openldap/slapd.conf
diff --git a/main/openldap/openldap.pre-install b/main/openldap/openldap.pre-install
new file mode 100644
index 0000000000..b208a9f5f2
--- /dev/null
+++ b/main/openldap/openldap.pre-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+adduser -h /usr/lib/openldap -s /bin/false -S -D ldap 2>/dev/null || true
diff --git a/main/openldap/slapd.confd b/main/openldap/slapd.confd
new file mode 100644
index 0000000000..2240ad3f30
--- /dev/null
+++ b/main/openldap/slapd.confd
@@ -0,0 +1,9 @@
+# conf.d file for openldap
+#
+# To enable both the standard unciphered server and the ssl encrypted
+# one uncomment this line or set any other server starting options
+# you may desire.
+#
+# OPTS="-h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
+# Uncomment the below to use the new slapd configuration for openldap 2.3
+#OPTS="-F /etc/openldap/slapd.d -h 'ldaps:// ldap:// ldapi://%2fvar%2frun%2fopenldap%2fslapd.sock'"
diff --git a/main/openldap/slapd.initd b/main/openldap/slapd.initd
new file mode 100644
index 0000000000..1637d3335a
--- /dev/null
+++ b/main/openldap/slapd.initd
@@ -0,0 +1,20 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slapd-initd,v 1.2 2008/10/14 10:29:44 robbat2 Exp $
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting ldap-server"
+	eval start-stop-daemon --start --pidfile /var/run/openldap/slapd.pid --exec /usr/sbin/slapd -- -u ldap -g ldap "${OPTS}"
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ldap-server"
+	start-stop-daemon --stop --signal 2 --quiet --pidfile /var/run/openldap/slapd.pid 
+	eend $?
+}
diff --git a/main/openldap/slurpd.initd b/main/openldap/slurpd.initd
new file mode 100644
index 0000000000..f5aa2ead5a
--- /dev/null
+++ b/main/openldap/slurpd.initd
@@ -0,0 +1,22 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/openldap/files/slurpd-initd,v 1.1 2007/01/16 23:22:02 jokey Exp $
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting slurpd"
+	start-stop-daemon --start --quiet \
+	--exec /usr/lib/openldap/slurpd 
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping slurpd"
+	start-stop-daemon --stop --quiet \
+	--exec /usr/lib/openldap/slurpd 
+	eend $?
+}
diff --git a/main/opennhrp/APKBUILD b/main/opennhrp/APKBUILD
new file mode 100644
index 0000000000..c72d0d269c
--- /dev/null
+++ b/main/opennhrp/APKBUILD
@@ -0,0 +1,33 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=opennhrp
+pkgver=0.11
+pkgrel=0
+pkgdesc="NBMA Next Hop Resolution Protocol daemon"
+url="http://sourceforge.net/projects/opennhrp"
+license="GPL-3"
+depends=
+makedepends="c-ares-dev"
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2
+	opennhrp-0.9.3-peer-up-bgp.patch
+	$pkgname.initd
+	$pkgname.confd
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+	
+	sed -i -e 's/-Werror//' Make.rules
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -Dm755 "$srcdir"/opennhrp.initd "$pkgdir"/etc/init.d/opennhrp
+	install -Dm644 "$srcdir"/opennhrp.confd "$pkgdir"/etc/cond.d/opennhrp
+}
+md5sums="473dace79e7eefe0a0b79159a2c61cb5  opennhrp-0.11.tar.bz2
+f81539fc92800bb79668dda119a97d1d  opennhrp-0.9.3-peer-up-bgp.patch
+85821b61c02427146b866b7582157cfd  opennhrp.initd
+8eee86233728dc0d156bbfee6d98f338  opennhrp.confd"
diff --git a/main/opennhrp/opennhrp-0.9.2-fix-false-assert.patch b/main/opennhrp/opennhrp-0.9.2-fix-false-assert.patch
new file mode 100644
index 0000000000..67b44ab5d2
--- /dev/null
+++ b/main/opennhrp/opennhrp-0.9.2-fix-false-assert.patch
@@ -0,0 +1,13 @@
+diff -ru opennhrp-0.9.2.orig/nhrp/nhrp_peer.c opennhrp-0.9.2/nhrp/nhrp_peer.c
+--- opennhrp-0.9.2.orig/nhrp/nhrp_peer.c	2009-02-02 13:12:46 +0000
++++ opennhrp-0.9.2/nhrp/nhrp_peer.c	2009-02-02 13:36:51 +0000
+@@ -1260,7 +1260,8 @@
+ {
+ 	char tmp[NHRP_PEER_FORMAT_LEN];
+ 
+-	NHRP_BUG_ON(peer->flags & NHRP_PEER_FLAG_REMOVED);
++	if (peer->flags & NHRP_PEER_FLAG_REMOVED)
++		return;
+ 
+ 	nhrp_debug("Removing %s %s",
+ 		   nhrp_peer_type[peer->type],
diff --git a/main/opennhrp/opennhrp-0.9.3-peer-up-bgp.patch b/main/opennhrp/opennhrp-0.9.3-peer-up-bgp.patch
new file mode 100644
index 0000000000..60e4827d6f
--- /dev/null
+++ b/main/opennhrp/opennhrp-0.9.3-peer-up-bgp.patch
@@ -0,0 +1,11 @@
+diff -ru opennhrp-0.9.3.orig/etc/opennhrp-script opennhrp-0.9.3/etc/opennhrp-script
+--- opennhrp-0.9.3.orig/etc/opennhrp-script	2009-02-26 10:35:38 +0000
++++ opennhrp-0.9.3/etc/opennhrp-script	2009-02-26 10:52:26 +0000
+@@ -15,6 +15,7 @@
+ 	echo "Create link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)"
+ 	racoonctl establish-sa -w isakmp inet $NHRP_SRCNBMA $NHRP_DESTNBMA || exit 1
+ 	racoonctl establish-sa -w esp inet $NHRP_SRCNBMA $NHRP_DESTNBMA gre || exit 1 
++	vtysh -d bgpd -c "clear bgp $NHRP_DESTADDR" 2>/dev/null || true
+ 	;;
+ peer-down)
+ 	echo "Delete link from $NHRP_SRCADDR ($NHRP_SRCNBMA) to $NHRP_DESTADDR ($NHRP_DESTNBMA)"
diff --git a/main/opennhrp/opennhrp.confd b/main/opennhrp/opennhrp.confd
new file mode 100644
index 0000000000..c3bece169e
--- /dev/null
+++ b/main/opennhrp/opennhrp.confd
@@ -0,0 +1,2 @@
+# Uncomment the row below to enable verbose logging.
+#OPENNHRP_OPTS=-v
diff --git a/main/opennhrp/opennhrp.initd b/main/opennhrp/opennhrp.initd
new file mode 100755
index 0000000000..ac7ea6a572
--- /dev/null
+++ b/main/opennhrp/opennhrp.initd
@@ -0,0 +1,32 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/files/snmpd.rc7,v 1.1 2006/11/26 21:37:22 cedk Exp $
+
+PIDFILE=/var/run/opennhrp.pid
+
+depend() {
+	use logger
+	need net
+}
+
+checkconfig() {
+	if [ ! -e /etc/opennhrp/opennhrp.conf ] ; then
+		eerror "You need an /etc/opennhrp/opennhrp.conf config file to run opennhrp"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting opennhrp"
+	start-stop-daemon --start --quiet --pidfile $PIDFILE \
+		--exec /usr/sbin/opennhrp -- -d -p $PIDFILE 2> /dev/null
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping opennhrp"
+	start-stop-daemon --stop --quiet --pidfile $PIDFILE
+	eend $?
+}
diff --git a/main/openntpd/APKBUILD b/main/openntpd/APKBUILD
new file mode 100644
index 0000000000..38c11ca514
--- /dev/null
+++ b/main/openntpd/APKBUILD
@@ -0,0 +1,49 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openntpd
+pkgver=3.9_p1
+_myver=3.9p1
+pkgrel=4
+pkgdesc="Lightweight NTP server ported from OpenBSD"
+url=http://www.openntpd.org/
+install=openntpd.pre-install
+
+subpackages="openntpd-doc"
+depends=
+makedepends="openssl-dev"
+license=BSD
+source="
+	ftp://ftp.openbsd.org/pub/OpenBSD/OpenNTPD/openntpd-$_myver.tar.gz
+	openntpd-3.9p1_reconnect_on_sendto_EINVAL.diff
+	openntpd.conf.d
+	openntpd.rc
+	$install
+	"
+
+_prepare() {
+	cd "$srcdir/$pkgname-$_myver"
+	patch -p1 < ../openntpd-3.9p1_reconnect_on_sendto_EINVAL.diff
+	sed -i '/NTPD_USER/s:_ntp:ntp:' ntpd.h || return 1
+}
+
+_compile() {
+	cd "$srcdir/$pkgname-$_myver"
+	./configure --prefix=/usr --mandir=/usr/share/man
+	make || return 1
+}
+
+_install() {
+	cd "$srcdir/$pkgname-$_myver"
+	make install DESTDIR="$pkgdir"
+	install -Dm755 ../openntpd.rc "$pkgdir/etc/init.d/ntpd"
+	install -Dm644 ../openntpd.conf.d "$pkgdir/etc/conf.d/ntpd"
+}
+
+
+build() {
+	_prepare && _compile && _install
+}
+md5sums="afc34175f38d08867c1403d9008600b3  openntpd-3.9p1.tar.gz
+ae2f708b860975b64126bb316aeb6641  openntpd-3.9p1_reconnect_on_sendto_EINVAL.diff
+e3eee9eb2ea092dfdf9d887cd6df5795  openntpd.conf.d
+5000453927b7ae9943d51194c1042355  openntpd.rc
+05349f95db78fb482798b2c6d1f9c61e  openntpd.pre-install"
diff --git a/main/openntpd/openntpd-3.9p1_reconnect_on_sendto_EINVAL.diff b/main/openntpd/openntpd-3.9p1_reconnect_on_sendto_EINVAL.diff
new file mode 100644
index 0000000000..adca55614a
--- /dev/null
+++ b/main/openntpd/openntpd-3.9p1_reconnect_on_sendto_EINVAL.diff
@@ -0,0 +1,43 @@
+diff -Naur openntpd-3.9p1/client.c openntpd-3.9p1-fixed/client.c
+--- openntpd-3.9p1/client.c	2006-05-14 07:29:21.000000000 +0200
++++ openntpd-3.9p1-fixed/client.c	2006-10-11 02:41:44.000000000 +0200
+@@ -116,6 +116,7 @@
+ client_query(struct ntp_peer *p)
+ {
+ 	int	tos = IPTOS_LOWDELAY;
++	int	result;
+ 
+ 	if (p->addr == NULL && client_nextaddr(p) == -1) {
+ 		set_next(p, error_interval());
+@@ -163,9 +164,17 @@
+ 	p->query->msg.xmttime.fractionl = arc4random();
+ 	p->query->xmttime = gettime();
+ 
+-	if (ntp_sendmsg(p->query->fd, NULL, &p->query->msg,
+-	    NTP_MSGSIZE_NOAUTH, 0) == -1) {
++	if ((result = ntp_sendmsg(p->query->fd, NULL, &p->query->msg,
++	    NTP_MSGSIZE_NOAUTH, 0)) < 0) {
+ 		set_next(p, INTERVAL_QUERY_PATHETIC);
++		if (result == -2) {
++			/*
++			 * got EINVAL in sendto(), probably the local socket
++			 * address got invalidated -> force re-connect()
++			 */
++			close(p->query->fd);
++			p->query->fd = -1;
++		}
+ 		return (-1);
+ 	}
+ 
+diff -Naur openntpd-3.9p1/ntp_msg.c openntpd-3.9p1-fixed/ntp_msg.c
+--- openntpd-3.9p1/ntp_msg.c	2006-05-14 07:29:21.000000000 +0200
++++ openntpd-3.9p1-fixed/ntp_msg.c	2006-10-11 02:41:49.000000000 +0200
+@@ -98,6 +98,8 @@
+ 			return (-1);
+ 		}
+ 		log_warn("sendto");
++		if (errno == EINVAL)
++			return (-2);
+ 		return (-1);
+ 	}
+ 
diff --git a/main/openntpd/openntpd.conf.d b/main/openntpd/openntpd.conf.d
new file mode 100644
index 0000000000..6b938dc766
--- /dev/null
+++ b/main/openntpd/openntpd.conf.d
@@ -0,0 +1,7 @@
+# /etc/conf.d/ntpd: config file for openntpd's ntpd
+
+NTPD_HOME=/var/empty
+
+# See ntpd(8) man page ... some popular options:
+#  -s   Set the time immediately at startup
+NTPD_OPTS=""
diff --git a/main/openntpd/openntpd.pre-install b/main/openntpd/openntpd.pre-install
new file mode 100644
index 0000000000..32c6f51293
--- /dev/null
+++ b/main/openntpd/openntpd.pre-install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# this user should be included in alpine-baselayout-1.2.
+# included here for backward compability.
+adduser -H -h /var/empty -s /bin/false -D ntp  2>/dev/null
+
+exit 0
diff --git a/main/openntpd/openntpd.rc b/main/openntpd/openntpd.rc
new file mode 100644
index 0000000000..81648dc03f
--- /dev/null
+++ b/main/openntpd/openntpd.rc
@@ -0,0 +1,41 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openntpd/files/openntpd.rc,v 1.7 2008/10/10 09:40:10 bangert Exp $
+
+depend() {
+	need net
+	after ntp-client
+	use dns logger
+}
+
+checkconfig() {
+	if [ ! -f /etc/ntpd.conf ] ; then
+		eerror "Could not find /etc/ntpd.conf!"
+		return 1
+	fi
+
+	if [ -x /usr/bin/getent ] ; then
+		if [ "`getent passwd ntp | cut -d: -f 6`" != "${NTPD_HOME}" ] ; then
+			eerror "Home directory of ntp needs to be ${NTPD_HOME}"
+			eerror "Please run 'usermod -d ${NTPD_HOME} ntp'"
+			return 1
+		fi
+	fi
+
+	return 0
+}
+
+start() {
+	checkconfig || return $?
+
+	ebegin "Starting ntpd"
+	start-stop-daemon --start --exec /usr/sbin/ntpd --name ntpd -- ${NTPD_OPTS}
+	eend $? "Failed to start ntpd"
+}
+
+stop() {
+	ebegin "Stopping ntpd"
+	start-stop-daemon --stop --exec /usr/sbin/ntpd --name ntpd --user root
+	eend $? "Failed to stop openntpd"
+}
diff --git a/main/openrc/APKBUILD b/main/openrc/APKBUILD
new file mode 100644
index 0000000000..415f24a580
--- /dev/null
+++ b/main/openrc/APKBUILD
@@ -0,0 +1,56 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openrc
+pkgver=0.5.0
+pkgrel=6
+pkgdesc="OpenRC manages the services, startup and shutdown of a host"
+url="http://roy.marples.name/openrc"
+license='BSD-2'
+depends=""
+subpackages="$pkgname-doc $pkgname-dev"
+install="$pkgname.post-install $pkgname.post-upgrade"
+source="http://roy.marples.name/downloads/$pkgname/$pkgname-$pkgver.tar.bz2
+	openrc-0.4.3-mkmntdirs.patch
+	openrc-hwclock.patch
+	hostname.initd
+	hwdrivers.initd
+	keymaps.initd
+	modules.initd
+	modloop.initd
+	networking.initd
+	$install
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	make
+	make DESTDIR="$pkgdir/" install
+
+	# we cannot have anything turned on by default
+	rm -f "$pkgdir"/etc/runlevels/*/*
+
+	#rm -f "$pkgdir"/lib/rc/net/* "$pkgdir"/etc/init.d/net.lo
+
+	# we override some of the scripts
+	for i in ../*.initd; do
+		j=${i##*/}
+		install -Dm755 $i "$pkgdir"/etc/init.d/${j%.initd}
+	done
+
+}
+
+md5sums="9ec7f8425e12abbbd0f7a962aae3fa3c  openrc-0.5.0.tar.bz2
+8c2c1c2ee0509b63966b7187a2079f4b  openrc-0.4.3-mkmntdirs.patch
+f462c976b04cfbb35b2335be15eee7f6  openrc-hwclock.patch
+c32e15b0858eef708497e7ee6355a055  hostname.initd
+b1e64885f301166df30be3e3cf5338ff  hwdrivers.initd
+33ca3e558c42cdd17adccbc7807298f7  keymaps.initd
+098a1f16812f56fcb56eb6b6f0fa31f6  modules.initd
+c77cb4a67aa7ef40dfb12dd1ff5bf5e2  modloop.initd
+747168eee535e845179eaef5a3fcb334  networking.initd
+71d823acc9935a8ac82649a94b5bc0b9  openrc.post-install
+393ff61bc0bf2c07f9af81795554c584  openrc.post-upgrade"
diff --git a/main/openrc/hostname.initd b/main/openrc/hostname.initd
new file mode 100644
index 0000000000..995e4b95d8
--- /dev/null
+++ b/main/openrc/hostname.initd
@@ -0,0 +1,18 @@
+#!/sbin/runscript
+
+description="Sets the hostname of the machine."
+
+depend() {
+	keyword noprefix
+}
+
+start() {
+	if [ -f /etc/hostname ] ; then
+		opts="-F /etc/hostname"
+	else
+		opts="localhost"
+	fi
+	ebegin "Setting hostname"
+	hostname $opts
+	eend $?
+}
diff --git a/main/openrc/hwdrivers.initd b/main/openrc/hwdrivers.initd
new file mode 100644
index 0000000000..3d0ebf12b5
--- /dev/null
+++ b/main/openrc/hwdrivers.initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+
+depend() {
+	need sysfs dev
+	before checkfs fsck
+	after modloop
+	keyword novserver
+}
+
+# Load hardware drivers
+start() {
+	# check for boot option "nocoldplug"
+	if get_bootparam noautodetect; then
+		ewarn "Autodetection of hardware disabled from boot cmdline"
+		return 0
+	fi
+	
+
+	ebegin "Loading hardware drivers"
+	find /sys -name modalias | xargs sort -u \
+		| xargs modprobe -a 2> /dev/null
+	# we run it twice so we detect all devices
+	find /sys -name modalias | xargs sort -u \
+		| xargs modprobe -a 2> /dev/null
+	eend 0
+}
+
diff --git a/main/openrc/keymaps.initd b/main/openrc/keymaps.initd
new file mode 100644
index 0000000000..8ee019c69d
--- /dev/null
+++ b/main/openrc/keymaps.initd
@@ -0,0 +1,20 @@
+#!/sbin/runscript
+
+description="Applies a keymap for the consoles."
+
+depend()
+{
+	need localmount
+	keyword noopenvz noprefix nouml novserver noxenu
+}
+
+start() {
+	[ -z "$KEYMAP" ] && return
+	ebegin "Setting keymap"
+	zcat "$KEYMAP" | loadkmap
+	eend $?
+}
+
+stop() {
+	return
+}
diff --git a/main/openrc/modloop.initd b/main/openrc/modloop.initd
new file mode 100644
index 0000000000..c32e1f49f5
--- /dev/null
+++ b/main/openrc/modloop.initd
@@ -0,0 +1,87 @@
+#!/sbin/runscript
+
+# script that will mount image with modules
+
+depend() {
+	need dev
+	before checkfs fsck hwdrivers modules hwclock
+	keyword novserver
+}
+
+# read kernel options
+init_KOPT() {
+	eval set -- $(cat /proc/cmdline 2>/dev/null)
+	while [ $# -gt 0 ]; do
+	        case "$1" in
+                	*=*)    eval "KOPT_${1%%=*}='${1#*=}'" ;;
+	                *)      eval "KOPT_$(echo $1 | sed 's: :_:g')=yes" ;;
+        	esac
+        	shift
+	done
+}
+
+find_mnt() {
+	local dev="$1"
+	local fsfile="$2"
+	awk "\$ == \"$dev\" {print \$2}\"" "$fsfile" 2>/dev/null
+}
+
+# initialies: alpine_dev, alpine_mnt, alpine_fs, alpine_mounted
+find_media() {
+	init_KOPT
+	alpine_mounted=
+	alpine_dev=${KOPT_alpine_dev%%:*}
+	alpine_fs=${KOPT_alpine_dev#*:}
+	[ "$alpine_fs" = "$KOPT_alpine_dev" ] && unset alpine_fs
+	# first we check if alpine_dev is mounted and use this
+	alpine_mnt=$(find_mnt /dev/$alpine_dev /proc/mounts)
+	if [ -z "$alpine_mnt" ]; then
+		# then we check fstab
+		alpine_mnt=$(find_mnt /dev/$alpine_dev /etc/fstab)
+	else
+		alpine_mounted=yes
+	fi
+	# finally we fallback to /media/<devicename>
+	[ -z "$alpine_mnt" ] && alpine_mnt=/media/$alpine_dev
+}
+
+start() {
+	local modloop mount_opts
+	find_media
+	if [ -z "$alpine_dev" ] ; then
+		ebegin "Skipping mount module loopback (specify with alpine_dev)"
+		eend 0
+		return 0
+	fi
+
+        modloop=${KOPT_modloop:-$KOPT_BOOT_IMAGE.cmg}
+	[ -n "$alpine_fs" ] && mount_opts="-t $alpine_fs"
+
+	ebegin "Mounting loopback device for kernel modules"
+	if [ -z "$alpine_mounted" ]; then
+		mount $mount_opts /dev/$alpine_dev $alpine_mnt 2>/dev/null
+	fi
+	mkdir -p /.modloop /lib
+
+	mount -o loop,ro -t cramfs  $alpine_mnt/$modloop /.modloop &&\
+		rm -rf /lib/modules &&\
+		ln -sf /.modloop/modules /lib/
+	eend $? || return 1
+
+	# copy firmware if there are any
+	if [ -d $alpine_mnt/firmware ]; then
+	        ebegin "Copying firmware from $alpine_mnt/firmware"
+	        cp -R -a $alpine_mnt/firmware /lib/
+	        eend $?
+	fi
+}
+
+stop() {
+	find_media
+	[ -z "$alpine_dev" ] && return 0
+	ebegin "Unmounting loopback device for kernel modules"
+	umount -d /.modloop &&\
+	umount $alpine_mnt 2>/dev/null
+	eend $?
+}
+
diff --git a/main/openrc/modules.initd b/main/openrc/modules.initd
new file mode 100644
index 0000000000..ef7d1f15f1
--- /dev/null
+++ b/main/openrc/modules.initd
@@ -0,0 +1,23 @@
+#!/sbin/runscript
+
+description="Loads a user defined list of kernel modules."
+
+depend()
+{
+	before hwclock hwdrivers
+	keyword noopenvz noprefix novserver
+}
+
+
+start() {
+	if [ -f /etc/modules ] ; then
+		ebegin "Loading modules"
+		sed 's/\#.*//g' < /etc/modules |
+		while read module args
+		do
+			modprobe -q $module $args
+		done
+		eend $?
+	fi
+}
+
diff --git a/main/openrc/networking.initd b/main/openrc/networking.initd
new file mode 100644
index 0000000000..2269e6f04f
--- /dev/null
+++ b/main/openrc/networking.initd
@@ -0,0 +1,28 @@
+#!/sbin/runscript
+
+# note that the spoofprotect, syncoockies and ip_forward options are set in 
+# /etc/sysctl.conf
+depend() {
+	after bootmisc
+	provide net
+	keyword nojail noprefix novserver
+}
+
+start() {
+	ebegin "Configuring network interfaces"
+	ifup -a >/dev/null 2>&1
+	eend $?
+}
+
+stop() {
+	ebegin "Deconfiguring network interfaces"
+	ifdown -a >/dev/null 2>&1
+	eend $?
+}
+
+restart() {
+	ebegin "Reconfiguring network interfaces"
+	ifdown -a >/dev/null 2>&1 && ifup -a >/dev/null 2>&1
+	eend $?
+}
+
diff --git a/main/openrc/openrc-0.4.3-mkmntdirs.patch b/main/openrc/openrc-0.4.3-mkmntdirs.patch
new file mode 100644
index 0000000000..01512ad7c0
--- /dev/null
+++ b/main/openrc/openrc-0.4.3-mkmntdirs.patch
@@ -0,0 +1,11 @@
+diff -ru openrc-0.4.3.orig/init.d/localmount.in openrc-0.4.3/init.d/localmount.in
+--- openrc-0.4.3.orig/init.d/localmount.in	2009-04-19 14:24:11.000000000 +0000
++++ openrc-0.4.3/init.d/localmount.in	2009-04-19 14:25:06.000000000 +0000
+@@ -13,6 +13,7 @@
+ 
+ start()
+ {
++	[ -x /sbin/mkmntdirs ] && mkmntdirs
+ 	# Mount local filesystems in /etc/fstab.
+ 	local types="noproc" x=
+ 	for x in ${net_fs_list}; do
diff --git a/main/openrc/openrc-hwclock.patch b/main/openrc/openrc-hwclock.patch
new file mode 100644
index 0000000000..593e9ba82f
--- /dev/null
+++ b/main/openrc/openrc-hwclock.patch
@@ -0,0 +1,13 @@
+Index: hwclock.in
+===================================================================
+--- a/init.d/hwclock.in	(revision 1571)
++++ b/niit.d/hwclock.in	(working copy)
+@@ -118,7 +118,7 @@
+ 
+ 	if ! yesno $clock_adjfile; then
+ 		# Some implementations don't handle adjustments
+-		if LC_ALL=C hwclock --help | grep -q "\-\-noadjfile"; then
++		if LC_ALL=C hwclock --help 2>&1 | grep -q "\-\-noadjfile"; then
+ 			utc_cmd="$utc_cmd --noadjfile"
+ 		fi
+ 	fi
diff --git a/main/openrc/openrc.post-install b/main/openrc/openrc.post-install
new file mode 100644
index 0000000000..1d0201d3aa
--- /dev/null
+++ b/main/openrc/openrc.post-install
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+rc_update() {
+	local svc="$1"
+	local level="$2"
+	mkdir -p /etc/runlevels/$level
+	ln -sf /etc/init.d/$svc /etc/runlevels/$level
+}
+
+if [ ! -d etc/rcS.d ] && [ ! -d etc/rcL.d ]; then
+	exit 0
+fi
+
+for i in etc/rc[SL].d/*; do
+	[ -L "$i" ] || continue
+	oldsvc=${i##*/S[0-9][0-9]}
+	# some services are renamed
+	case "$oldsvc" in
+		modutils)	svc=modules;;
+		procps)		svc=sysctl;;
+		bootmisc.sh) 	svc=bootmisc;;
+		keymap)		svc=keymaps;;
+		*)		svc=$oldsvc;;
+	esac
+	
+	# add the service to correct "runlevel"
+	case "$svc" in
+		hwclock|modules|sysctl|hostname|keymaps|syslog|bootmisc)
+			rc_update $svc boot;;
+		*)	rc_update $svc default;;
+	esac
+
+	rm $i
+done
+
diff --git a/main/openrc/openrc.post-upgrade b/main/openrc/openrc.post-upgrade
new file mode 100644
index 0000000000..b09f2f240c
--- /dev/null
+++ b/main/openrc/openrc.post-upgrade
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+# in 0.5.x the state dir moved from /lib/rc/init.d to /libexec/rc/init.d
+
+[ -d /lib/rc/init.d ] || exit 0
+
+mv /lib/rc/init.d/* /libexec/rc/init.d/
+rmdir /lib/rc/init.d
+exit 0
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD
new file mode 100644
index 0000000000..b81ae46efe
--- /dev/null
+++ b/main/openssh/APKBUILD
@@ -0,0 +1,47 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openssh
+pkgver=5.2_p1
+_myver=5.2p1
+pkgrel=1
+pkgdesc="Port of OpenBSD's free SSH release"
+url="http://www.openssh.org/portable.html"
+license="as-is"
+depends="openssl zlib"
+makedepends="openssl-dev zlib-dev"
+subpackages="$pkgname-doc"
+source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar.gz
+	sshd.initd
+	sshd.confd
+	"
+
+build () 
+{ 
+	cd $startdir/src/$pkgname-$_myver
+	sed -i -e '/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:/usr/bin/xauth:' \
+		pathnames.h || return 1
+
+	./configure --prefix=/usr \
+		--with-mantype=man \
+		--mandir=/usr/share/man \
+	        --with-ldflags="${LDFLAGS}" \
+	        --disable-strip \
+		--disable-lastlog \
+	        --sysconfdir=/etc/ssh \
+        	--datadir=/usr/share/openssh \
+	        --with-privsep-path=/var/empty \
+	        --with-privsep-user=sshd \
+	        --with-md5-passwords \
+	        --with-ssl-engine \
+		--libexecdir=/usr/lib/ssh \
+		--without-tcp-wrappers \
+		--without-pam
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	mkdir -p "$pkgdir"/var/empty
+	install -D -m755 "$srcdir"/sshd.initd "$pkgdir"/etc/init.d/sshd
+	install -D -m644 "$srcdir"/sshd.confd "$pkgdir"/etc/conf.d/sshd
+}
+md5sums="ada79c7328a8551bdf55c95e631e7dad  openssh-5.2p1.tar.gz
+f71564ffab359faead63717920c3086b  sshd.initd
+b35e9f3829f4cfca07168fcba98749c7  sshd.confd"
diff --git a/main/openssh/sshd.confd b/main/openssh/sshd.confd
new file mode 100644
index 0000000000..28952b4a28
--- /dev/null
+++ b/main/openssh/sshd.confd
@@ -0,0 +1,21 @@
+# /etc/conf.d/sshd: config file for /etc/init.d/sshd
+
+# Where is your sshd_config file stored?
+
+SSHD_CONFDIR="/etc/ssh"
+
+
+# Any random options you want to pass to sshd.
+# See the sshd(8) manpage for more info.
+
+SSHD_OPTS=""
+
+
+# Pid file to use (needs to be absolute path).
+
+#SSHD_PIDFILE="/var/run/sshd.pid"
+
+
+# Path to the sshd binary (needs to be absolute path).
+
+#SSHD_BINARY="/usr/sbin/sshd"
diff --git a/main/openssh/sshd.initd b/main/openssh/sshd.initd
new file mode 100644
index 0000000000..2a5d4ae259
--- /dev/null
+++ b/main/openssh/sshd.initd
@@ -0,0 +1,80 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.23 2007/09/20 07:38:06 vapier Exp $
+
+opts="reload"
+
+depend() {
+	use logger dns
+	need net
+}
+
+SSHD_CONFDIR=${SSHD_CONFDIR:-/etc/ssh}
+SSHD_PIDFILE=${SSHD_PIDFILE:-/var/run/${SVCNAME}.pid}
+SSHD_BINARY=${SSHD_BINARY:-/usr/sbin/sshd}
+
+checkconfig() {
+	if [ ! -d /var/empty ] ; then
+		mkdir -p /var/empty || return 1
+	fi
+
+	if [ ! -e "${SSHD_CONFDIR}"/sshd_config ] ; then
+		eerror "You need an ${SSHD_CONFDIR}/sshd_config file to run sshd"
+		eerror "There is a sample file in /usr/share/doc/openssh"
+		return 1
+	fi
+
+	gen_keys || return 1
+
+	"${SSHD_BINARY}" -t ${myopts} || return 1
+}
+
+gen_keys() {
+	if [ ! -e "${SSHD_CONFDIR}"/ssh_host_key ] ; then
+		einfo "Generating Hostkey..."
+		/usr/bin/ssh-keygen -t rsa1 -b 1024 -f "${SSHD_CONFDIR}"/ssh_host_key -N '' || return 1
+	fi
+	if [ ! -e "${SSHD_CONFDIR}"/ssh_host_dsa_key ] ; then
+		einfo "Generating DSA-Hostkey..."
+		/usr/bin/ssh-keygen -d -f "${SSHD_CONFDIR}"/ssh_host_dsa_key -N '' || return 1
+	fi
+	if [ ! -e "${SSHD_CONFDIR}"/ssh_host_rsa_key ] ; then
+		einfo "Generating RSA-Hostkey..."
+		/usr/bin/ssh-keygen -t rsa -f "${SSHD_CONFDIR}"/ssh_host_rsa_key -N '' || return 1
+	fi
+	return 0
+}
+
+start() {
+	local myopts=""
+	[ "${SSHD_PIDFILE}" != "/var/run/sshd.pid" ] \
+		&& myopts="${myopts} -o PidFile=${SSHD_PIDFILE}"
+	[ "${SSHD_CONFDIR}" != "/etc/ssh" ] \
+		&& myopts="${myopts} -f ${SSHD_CONFDIR}/sshd_config"
+
+	checkconfig || return 1
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --exec "${SSHD_BINARY}" \
+	    --pidfile "${SSHD_PIDFILE}" \
+	    -- ${myopts} ${SSHD_OPTS}
+	eend $?
+}
+
+stop() {
+	if [ "${RC_CMD}" = "restart" ] ; then
+		checkconfig || return 1
+	fi
+
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --exec "${SSHD_BINARY}" \
+	    --pidfile "${SSHD_PIDFILE}" --quiet
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading ${SVCNAME}"
+	start-stop-daemon --stop --signal HUP --oknodo \
+	    --exec "${SSHD_BINARY}" --pidfile "${SSHD_PIDFILE}"
+	eend $?
+}
diff --git a/main/openssl/APKBUILD b/main/openssl/APKBUILD
new file mode 100644
index 0000000000..46d1e064b4
--- /dev/null
+++ b/main/openssl/APKBUILD
@@ -0,0 +1,47 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openssl
+pkgver=0.9.8k
+pkgrel=3
+pkgdesc="Toolkit for SSL v2/v3 and TLS v1"
+url=http://openssl.org
+depends=
+makedepends="perl"
+license="openssl"
+
+subpackages="$pkgname-dev $pkgname-doc libcrypto"
+
+source="http://www.openssl.org/source/${pkgname}-${pkgver}.tar.gz
+        http://www.linuxfromscratch.org/patches/downloads/openssl/openssl-0.9.8g-fix_manpages-1.patch
+	openssl-bb-basename.patch
+	openssl-0.9.8k-quote-cc.patch
+	openssl-0.9.8k-padlock-sha.patch
+	"
+	
+build() {
+	cd "$startdir"/src/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	./config --prefix=/usr --openssldir=/etc/ssl shared
+
+	make -j1 || return 1
+	make -j1 INSTALL_PREFIX="$pkgdir" MANDIR=/usr/share/man install
+}
+
+libcrypto() {
+	pkgdesc="Crypto library from openssl"
+	mkdir -p "$subpkgdir"/lib "$subpkgdir"/usr/lib
+	for i in "$pkgdir"/usr/lib/libcrypto*; do
+		mv $i "$subpkgdir"/lib/
+		ln -s ../../lib/${i##*/} "$subpkgdir"/usr/lib/${i##*/}
+	done
+	mv "$pkgdir"/usr/lib/engines "$subpkgdir"/usr/lib/
+}
+
+md5sums="e555c6d58d276aec7fdc53363e338ab3  openssl-0.9.8k.tar.gz
+04a6a88c2ee4badd4f8649792b73eaf3  openssl-0.9.8g-fix_manpages-1.patch
+c6a9857a5dbd30cead0404aa7dd73977  openssl-bb-basename.patch
+c838eb8488896cfeb7de957a0cbe04ae  openssl-0.9.8k-quote-cc.patch
+4c4f8c1482fb61aed5bd0fdec344d721  openssl-0.9.8k-padlock-sha.patch"
diff --git a/main/openssl/openssl-0.9.8k-padlock-sha.patch b/main/openssl/openssl-0.9.8k-padlock-sha.patch
new file mode 100644
index 0000000000..63b27cea36
--- /dev/null
+++ b/main/openssl/openssl-0.9.8k-padlock-sha.patch
@@ -0,0 +1,897 @@
+#
+# OpenSSL patch to support VIA C7 hash engine
+# Written by: Timo Teras <timo.teras@iki.fi>
+# based on patch by: Michal Ludvig <michal@logix.cz>
+#                    http://www.logix.cz/michal/devel/padlock
+#
+Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
+===================================================================
+--- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c	2009-07-12 19:24:42.000000000 +0300
++++ openssl-0.9.8k/crypto/engine/eng_padlock.c	2009-07-13 13:07:26.000000000 +0300
+@@ -1,10 +1,13 @@
+-/* 
++/*
+  * Support for VIA PadLock Advanced Cryptography Engine (ACE)
+  * Written by Michal Ludvig <michal@logix.cz>
+  *            http://www.logix.cz/michal
+  *
+- * Big thanks to Andy Polyakov for a help with optimization, 
+- * assembler fixes, port to MS Windows and a lot of other 
++ * SHA support by Timo Teras <timo.teras@iki.fi> based on code
++ * originally by Michal Ludvig.
++ *
++ * Big thanks to Andy Polyakov for a help with optimization,
++ * assembler fixes, port to MS Windows and a lot of other
+  * valuable work on this engine!
+  */
+ 
+@@ -66,6 +69,13 @@
+ #include <stdio.h>
+ #include <string.h>
+ 
++#include <signal.h>
++#include <stdint.h>
++#include <unistd.h>
++#include <sys/mman.h>
++#include <sys/ucontext.h>
++#include <arpa/inet.h>
++
+ #include <openssl/opensslconf.h>
+ #include <openssl/crypto.h>
+ #include <openssl/dso.h>
+@@ -74,12 +84,23 @@
+ #ifndef OPENSSL_NO_AES
+ #include <openssl/aes.h>
+ #endif
++#ifndef OPENSSL_NO_SHA
++#include <openssl/sha.h>
++#endif
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+ 
+ #ifndef OPENSSL_NO_HW
+ #ifndef OPENSSL_NO_HW_PADLOCK
+ 
++/* PadLock RNG is disabled by default */
++#define	PADLOCK_NO_RNG	1
++
++/* No ASM routines for SHA in MSC yet */
++#ifdef _MSC_VER
++#define OPENSSL_NO_SHA
++#endif
++
+ /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
+ #if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+ #  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+@@ -96,7 +117,7 @@
+ /* VIA PadLock AES is available *ONLY* on some x86 CPUs.
+    Not only that it doesn't exist elsewhere, but it
+    even can't be compiled on other platforms!
+- 
++
+    In addition, because of the heavy use of inline assembler,
+    compiler choice is limited to GCC and Microsoft C. */
+ #undef COMPILE_HW_PADLOCK
+@@ -138,20 +159,42 @@
+ static int padlock_init(ENGINE *e);
+ 
+ /* RNG Stuff */
++#ifndef PADLOCK_NO_RNG
+ static RAND_METHOD padlock_rand;
++#endif
+ 
+ /* Cipher Stuff */
+ #ifndef OPENSSL_NO_AES
+ static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
+ #endif
+ 
++/* Digest Stuff */
++#ifndef OPENSSL_NO_SHA
++static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
++static volatile void *padlock_cached_sha_buffer = NULL;
++#endif
++
+ /* Engine names */
+ static const char *padlock_id = "padlock";
+ static char padlock_name[100];
+ 
+ /* Available features */
+-static int padlock_use_ace = 0;	/* Advanced Cryptography Engine */
+-static int padlock_use_rng = 0;	/* Random Number Generator */
++enum padlock_flags {
++	PADLOCK_RNG  = 0x01,
++	PADLOCK_ACE  = 0x02,
++	PADLOCK_ACE2 = 0x04,
++	PADLOCK_PHE  = 0x08,
++	PADLOCK_PMM  = 0x10
++};
++enum padlock_flags padlock_flags;
++
++#define PADLOCK_HAVE_RNG  (padlock_flags & PADLOCK_RNG)
++#define PADLOCK_HAVE_ACE  (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2))
++#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE)
++#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2)
++#define PADLOCK_HAVE_PHE  (padlock_flags & PADLOCK_PHE)
++#define PADLOCK_HAVE_PMM  (padlock_flags & PADLOCK_PMM)
++
+ #ifndef OPENSSL_NO_AES
+ static int padlock_aes_align_required = 1;
+ #endif
+@@ -165,25 +208,30 @@
+ 	/* Check available features */
+ 	padlock_available();
+ 
+-#if 1	/* disable RNG for now, see commentary in vicinity of RNG code */
+-	padlock_use_rng=0;
+-#endif
+-
+ 	/* Generate a nice engine name with available features */
+ 	BIO_snprintf(padlock_name, sizeof(padlock_name),
+-		"VIA PadLock (%s, %s)", 
+-		 padlock_use_rng ? "RNG" : "no-RNG",
+-		 padlock_use_ace ? "ACE" : "no-ACE");
++		"VIA PadLock: %s%s%s%s%s",
++		 padlock_flags ? "" : "not supported",
++		 PADLOCK_HAVE_RNG ? "RNG " : "",
++		 PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "",
++		 PADLOCK_HAVE_PHE ? "PHE " : "",
++		 PADLOCK_HAVE_PMM ? "PMM " : "");
+ 
+-	/* Register everything or return with an error */ 
++	/* Register everything or return with an error */
+ 	if (!ENGINE_set_id(e, padlock_id) ||
+ 	    !ENGINE_set_name(e, padlock_name) ||
+ 
+-	    !ENGINE_set_init_function(e, padlock_init) ||
++	    !ENGINE_set_init_function(e, padlock_init)
+ #ifndef OPENSSL_NO_AES
+-	    (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
++	    || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
++#endif
++#ifndef OPENSSL_NO_SHA
++	    || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
++#endif
++#ifndef PADLOCK_NO_RNG
++	    || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
+ #endif
+-	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
++	    ) {
+ 		return 0;
+ 	}
+ 
+@@ -213,7 +261,7 @@
+ static int
+ padlock_init(ENGINE *e)
+ {
+-	return (padlock_use_rng || padlock_use_ace);
++	return (padlock_flags);
+ }
+ 
+ /* This stuff is needed if this ENGINE is being compiled into a self-contained
+@@ -247,7 +295,7 @@
+ #define AES_KEY_SIZE_192	24
+ #define AES_KEY_SIZE_256	32
+ 
+-/* Here we store the status information relevant to the 
++/* Here we store the status information relevant to the
+    current context. */
+ /* BIG FAT WARNING:
+  * 	Inline assembler in PADLOCK_XCRYPT_ASM()
+@@ -306,7 +354,7 @@
+ {
+ 	int result = -1;
+ 
+-	/* We're checking if the bit #21 of EFLAGS 
++	/* We're checking if the bit #21 of EFLAGS
+ 	   can be toggled. If yes = CPUID is available. */
+ 	asm volatile (
+ 		"pushf\n"
+@@ -322,7 +370,7 @@
+ 		"xorl %%eax, %%ecx\n"
+ 		"movl %%ecx, %0\n"
+ 		: "=r" (result) : : "eax", "ecx");
+-	
++
+ 	return (result == 0);
+ }
+ 
+@@ -365,10 +413,22 @@
+ 		: "+a"(eax), "=d"(edx) : : "ecx");
+ 
+ 	/* Fill up some flags */
+-	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
+-	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
++	padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0);
++	padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0);
++	padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
++	padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
++	padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
++
++	return padlock_flags;
++}
+ 
+-	return padlock_use_ace + padlock_use_rng;
++static inline void
++padlock_htonl_block(uint32_t *data, size_t count)
++{
++	while (count--) {
++		asm volatile ("bswapl %0" : "+r"(*data));
++		data++;
++	}
+ }
+ 
+ #ifndef OPENSSL_NO_AES
+@@ -377,17 +437,14 @@
+ padlock_bswapl(AES_KEY *ks)
+ {
+ 	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
+-	unsigned int *key = ks->rd_key;
++	uint32_t *key = (uint32_t*) ks->rd_key;
+ 
+-	while (i--) {
+-		asm volatile ("bswapl %0" : "+r"(*key));
+-		key++;
+-	}
++	padlock_htonl_block(key, i);
+ }
+ #endif
+ 
+ /* Force key reload from memory to the CPU microcode.
+-   Loading EFLAGS from the stack clears EFLAGS[30] 
++   Loading EFLAGS from the stack clears EFLAGS[30]
+    which does the trick. */
+ static inline void
+ padlock_reload_key(void)
+@@ -423,7 +480,7 @@
+ }
+ 
+ /* Template for padlock_xcrypt_* modes */
+-/* BIG FAT WARNING: 
++/* BIG FAT WARNING:
+  * 	The offsets used with 'leal' instructions
+  * 	describe items of the 'padlock_cipher_data'
+  * 	structure.
+@@ -475,7 +532,7 @@
+  * In case you wonder 'rep xcrypt*' instructions above are *not*
+  * affected by the Direction Flag and pointers advance toward
+  * larger addresses unconditionally.
+- */ 
++ */
+ static inline unsigned char *
+ padlock_memcpy(void *dst,const void *src,size_t n)
+ {
+@@ -501,7 +558,7 @@
+ 	_asm _emit 0x0f _asm _emit 0xa7	\
+ 	_asm _emit code
+ 
+-/* BIG FAT WARNING: 
++/* BIG FAT WARNING:
+  * 	The offsets used with 'lea' instructions
+  * 	describe items of the 'padlock_cipher_data'
+  * 	structure.
+@@ -840,7 +897,7 @@
+ 	return 1;
+ }
+ 
+-/* 
++/*
+  * Simplified version of padlock_aes_cipher() used when
+  * 1) both input and output buffers are at aligned addresses.
+  * or when
+@@ -895,7 +952,7 @@
+ # error "insane PADLOCK_CHUNK..."
+ #endif
+ 
+-/* Re-align the arguments to 16-Bytes boundaries and run the 
++/* Re-align the arguments to 16-Bytes boundaries and run the
+    encryption function itself. This function is not AES-specific. */
+ static int
+ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
+@@ -1157,6 +1214,470 @@
+ 
+ #endif /* OPENSSL_NO_AES */
+ 
++#ifndef OPENSSL_NO_SHA
++
++struct padlock_digest_data {
++	unsigned char		output[128+16];
++	uint64_t		total;
++
++	unsigned char		*buffer;
++	size_t			used;
++	size_t			size;
++
++	void			(*hash)(struct padlock_digest_data *data,
++				        const void *buf, size_t len);
++	int			(*update)(EVP_MD_CTX *ctx,
++					  const void *buffer, size_t len);
++	int			(*final)(EVP_MD_CTX *ctx, unsigned char *buffer);
++};
++
++#define DIGEST_DATA(ctx)	((struct padlock_digest_data *)(ctx->md_data))
++#define DIGEST_DATA_OUTPUT(dd)	(uint32_t*)(((uintptr_t)(dd->output) + 15) & ~15)
++#define PADLOCK_BUFFER_PAGES	14
++
++static inline void *
++padlock_atomic_xchg(volatile void **mem, void *fixed)
++{
++	/* No lock prefix due the xchg asserts it anyway, and the
++	 * funny unsigned long* cast is required to workaround some gcc
++	 * problems if compiling in PIC mode */
++	asm volatile (
++		"xchg %0, %1"
++		: "=r"(fixed)
++		: "m"(*(unsigned long*)mem), "0"(fixed)
++		: "memory");
++	return fixed;
++}
++
++static void
++padlock_do_sha1(struct padlock_digest_data *data, const void *buf, size_t len)
++{
++	uint32_t *output = DIGEST_DATA_OUTPUT(data);
++	asm volatile (
++		"xsha1"
++		: "+S"(buf), "+D"(output)
++		: "c"(len), "a"(0));
++}
++
++static void
++padlock_do_sha256(struct padlock_digest_data *data, const void *buf, size_t len)
++{
++	uint32_t *output = DIGEST_DATA_OUTPUT(data);
++	asm volatile (
++		"xsha256"
++		: "+S"(buf), "+D"(output)
++		: "c"(len), "a"(0));
++}
++
++static void
++handle_sigsegv(int sig, siginfo_t *info, void *uctxp)
++{
++	ucontext_t *uctx = uctxp;
++
++	uctx->uc_mcontext.gregs[14] += 4;
++}
++
++static void
++padlock_sha_nonfinalizing(struct padlock_digest_data *data)
++{
++	struct sigaction act, oldact;
++	size_t bofs = 0;
++
++	if (data->used != data->size) {
++		bofs = data->size - data->used;
++		memmove(&data->buffer[bofs], data->buffer, data->used);
++	}
++
++	memset(&act, 0, sizeof(act));
++	act.sa_sigaction = handle_sigsegv;
++	act.sa_flags = SA_SIGINFO;
++	sigaction(SIGSEGV, &act, &oldact);
++	data->hash(data, &data->buffer[bofs], data->used + 64);
++	sigaction(SIGSEGV, &oldact, NULL);
++}
++
++static void
++padlock_free_buffer(void *buf)
++{
++	buf = padlock_atomic_xchg(&padlock_cached_sha_buffer, buf);
++	if (buf != NULL)
++		munmap(buf, (PADLOCK_BUFFER_PAGES + 1) * getpagesize());
++}
++
++static void *
++padlock_allocate_buffer(size_t *maxsize)
++{
++	void *buf;
++	size_t size, page;
++
++	page = getpagesize();
++	buf = padlock_atomic_xchg(&padlock_cached_sha_buffer, NULL);
++	if (buf != NULL)
++		goto ret;
++
++	size = (PADLOCK_BUFFER_PAGES + 1) * page;
++	buf = mmap(0, size, PROT_READ | PROT_WRITE,
++		   MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
++	if (buf == NULL)
++		return NULL;
++
++	/* Try locking the pages to avoid swapping, but don't fail if
++	 * we are over quota. */
++	mlock(buf, size);
++
++	if (mprotect(buf + PADLOCK_BUFFER_PAGES * page, page, PROT_NONE) < 0) {
++		munmap(buf, size);
++		return NULL;
++	}
++
++ret:
++	*maxsize = PADLOCK_BUFFER_PAGES * page - 64;
++
++	return buf;
++}
++
++static int
++padlock_multi_update(EVP_MD_CTX *ctx, const void *data, size_t len)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	size_t chunk_size;
++
++	if (ddata->buffer == NULL) {
++		ddata->buffer = padlock_allocate_buffer(&ddata->size);
++	}
++
++	while (len) {
++		if (ddata->used + len < ddata->size) {
++			memcpy(&ddata->buffer[ddata->used], data, len);
++			ddata->used += len;
++			ddata->total += len;
++			return 1;
++		}
++
++		chunk_size = ddata->size - ddata->used;
++		memcpy(&ddata->buffer[ddata->used], data, chunk_size);
++
++		data += chunk_size;
++		len -= chunk_size;
++		ddata->used = ddata->size;
++		ddata->total += chunk_size;
++		padlock_sha_nonfinalizing(ddata);
++		ddata->used = 0;
++	}
++
++	return 1;
++}
++
++static int
++padlock_oneshot_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	size_t size = EVP_MD_CTX_size(ctx);
++	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
++
++	padlock_htonl_block(output, size / sizeof(uint32_t));
++	memcpy(md, output, size);
++
++	return 1;
++}
++
++static int
++padlock_multi_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++	static const char padding[64] = { 0x80, };
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	if (ddata->used == ddata->total) {
++		/* Sweet, everything fits in one buffer. */
++		ddata->hash(ddata, ddata->buffer, ddata->used);
++	} else {
++		/* Hardware already hashed some buffers.
++		 * Do finalizing manually */
++		union {
++			uint64_t u64;
++			uint32_t u32[2];
++		} bits_le, bits;
++		size_t lastblocklen, padlen;
++
++		/* BigEndianise the length. */
++		bits_le.u64 = ddata->total * 8;
++		bits.u32[1] = htonl(bits_le.u32[0]);
++		bits.u32[0] = htonl(bits_le.u32[1]);
++
++		/* Append padding, leave space for length. */
++		lastblocklen = ddata->total & 63;
++		padlen = (lastblocklen < 56) ? (56 - lastblocklen) : ((64+56) - lastblocklen);
++		padlock_multi_update(ctx, padding, padlen);
++
++		/* Length in BigEndian64 */
++		padlock_multi_update(ctx, (const char *) &bits, sizeof(bits));
++
++		/* And finally calculate it */
++		padlock_sha_nonfinalizing(ddata);
++	}
++
++	return padlock_oneshot_final(ctx, md);
++}
++
++static int
++padlock_oneshot_update(EVP_MD_CTX *ctx, const void *data, size_t length)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	/* Oneshot update is only possible if context flags indicate so */
++	if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
++		ddata->update = padlock_multi_update;
++		ddata->final  = padlock_multi_final;
++		return padlock_multi_update(ctx, data, length);
++	}
++
++	ddata->hash(ddata, data, length);
++	return 1;
++}
++
++static void
++padlock_sha_init(struct padlock_digest_data *ddata)
++{
++	ddata->total  = 0;
++	ddata->buffer = NULL;
++	ddata->used   = 0;
++	ddata->size   = 0;
++	ddata->update = padlock_oneshot_update;
++	ddata->final  = padlock_oneshot_final;
++}
++
++static int
++padlock_sha1_init(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
++
++	output[0] = 0x67452301;
++	output[1] = 0xEFCDAB89;
++	output[2] = 0x98BADCFE;
++	output[3] = 0x10325476;
++	output[4] = 0xC3D2E1F0;
++
++	padlock_sha_init(ddata);
++	ddata->hash = padlock_do_sha1;
++
++	return 1;
++}
++
++static int
++padlock_sha224_init(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
++
++	output[0] = 0xC1059ED8UL;
++	output[1] = 0x367CD507UL;
++	output[2] = 0x3070DD17UL;
++	output[3] = 0xF70E5939UL;
++	output[4] = 0xFFC00B31UL;
++	output[5] = 0x68581511UL;
++	output[6] = 0x64F98FA7UL;
++	output[7] = 0xBEFA4FA4UL;
++
++	padlock_sha_init(ddata);
++	ddata->hash = padlock_do_sha256;
++
++	return 1;
++}
++
++static int
++padlock_sha256_init(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++	uint32_t *output = DIGEST_DATA_OUTPUT(ddata);
++
++	output[0] = 0x6A09E667;
++	output[1] = 0xBB67AE85;
++	output[2] = 0x3C6EF372;
++	output[3] = 0xA54FF53A;
++	output[4] = 0x510E527F;
++	output[5] = 0x9B05688C;
++	output[6] = 0x1F83D9AB;
++	output[7] = 0x5BE0CD19;
++
++	padlock_sha_init(ddata);
++	ddata->hash = padlock_do_sha256;
++
++	return 1;
++}
++
++static int
++padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length)
++{
++	return DIGEST_DATA(ctx)->update(ctx, data, length);
++}
++
++static int
++padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md)
++{
++	return DIGEST_DATA(ctx)->final(ctx, md);
++}
++
++static int
++padlock_sha_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
++{
++	struct padlock_digest_data *dfrom = DIGEST_DATA(from);
++	struct padlock_digest_data *dto = DIGEST_DATA(to);
++
++	/* Copy the internal state */
++	memcpy(DIGEST_DATA_OUTPUT(dto), DIGEST_DATA_OUTPUT(dfrom), 128);
++	dto->total = dfrom->total - dfrom->used;
++	dto->hash  = dfrom->hash;
++	dto->used  = 0;
++
++	/* Try using oneshot update if possible */
++	if (dfrom->used == dfrom->total) {
++		dto->update = padlock_oneshot_update;
++		dto->final  = padlock_oneshot_final;
++	} else {
++		dto->update = padlock_multi_update;
++		dto->final  = padlock_multi_final;
++	}
++
++	/* Copy pending data - one oneshot destination, this means finalizing
++	 * the contents if we are still on the first iteration. */
++	if (dfrom->buffer != NULL)
++		padlock_sha_update(to, dfrom->buffer, dfrom->used);
++
++	return 1;
++}
++
++static int
++padlock_sha_cleanup(EVP_MD_CTX *ctx)
++{
++	struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
++
++	if (ddata->buffer != NULL)
++		padlock_free_buffer(ddata->buffer);
++	ddata->buffer = NULL;
++
++	return 1;
++}
++
++static const EVP_MD padlock_sha1_md = {
++	NID_sha1,
++	NID_sha1WithRSAEncryption,
++	SHA_DIGEST_LENGTH,
++	0,
++	padlock_sha1_init,
++	padlock_sha_update,
++	padlock_sha_final,
++	padlock_sha_copy,
++	padlock_sha_cleanup,
++	EVP_PKEY_RSA_method,
++	SHA_CBLOCK,
++	sizeof(struct padlock_digest_data),
++};
++
++static const EVP_MD padlock_dss1_md = {
++	NID_dsa,
++	NID_dsaWithSHA1,
++	SHA_DIGEST_LENGTH,
++	0,
++	padlock_sha1_init,
++	padlock_sha_update,
++	padlock_sha_final,
++	padlock_sha_copy,
++	padlock_sha_cleanup,
++	EVP_PKEY_DSA_method,
++	SHA_CBLOCK,
++	sizeof(struct padlock_digest_data),
++};
++
++static const EVP_MD padlock_sha224_md = {
++	NID_sha224,
++	NID_sha224WithRSAEncryption,
++	SHA224_DIGEST_LENGTH,
++	0,
++	padlock_sha224_init,
++	padlock_sha_update,
++	padlock_sha_final,
++	padlock_sha_copy,
++	padlock_sha_cleanup,
++	EVP_PKEY_RSA_method,
++	SHA_CBLOCK,
++	sizeof(struct padlock_digest_data),
++};
++
++static const EVP_MD padlock_sha256_md = {
++	NID_sha256,
++	NID_sha256WithRSAEncryption,
++	SHA256_DIGEST_LENGTH,
++	0,
++	padlock_sha256_init,
++	padlock_sha_update,
++	padlock_sha_final,
++	padlock_sha_copy,
++	padlock_sha_cleanup,
++	EVP_PKEY_RSA_method,
++	SHA_CBLOCK,
++	sizeof(struct padlock_digest_data),
++};
++
++static int padlock_digest_nids[] = {
++#if !defined(OPENSSL_NO_SHA)
++	NID_sha1,
++	NID_dsa,
++#endif
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++	NID_sha224,
++#endif
++	NID_sha256,
++#endif
++};
++
++static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]);
++
++static int
++padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
++{
++	/* No specific digest => return a list of supported nids ... */
++	if (!digest) {
++		*nids = padlock_digest_nids;
++		return padlock_digest_nids_num;
++	}
++
++	/* ... or the requested "digest" otherwise */
++	switch (nid) {
++#if !defined(OPENSSL_NO_SHA)
++	  case NID_sha1:
++	    *digest = &padlock_sha1_md;
++	    break;
++	  case NID_dsa:
++	    *digest = &padlock_dss1_md;
++	    break;
++#endif
++
++#if !defined(OPENSSL_NO_SHA256)
++#if !defined(OPENSSL_NO_SHA224)
++	  case NID_sha224:
++	    *digest = &padlock_sha224_md;
++	    break;
++#endif	/* OPENSSL_NO_SHA224 */
++
++	  case NID_sha256:
++	    *digest = &padlock_sha256_md;
++	    break;
++#endif	/* OPENSSL_NO_SHA256 */
++
++	  default:
++	    /* Sorry, we don't support this NID */
++	    *digest = NULL;
++	    return 0;
++	}
++
++	return 1;
++}
++
++#endif /* OPENSSL_NO_SHA */
++
++#ifndef PADLOCK_NO_RNG
+ /* ===== Random Number Generator ===== */
+ /*
+  * This code is not engaged. The reason is that it does not comply
+@@ -1164,7 +1685,7 @@
+  * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
+  * provide meaningful error control...
+  */
+-/* Wrapper that provides an interface between the API and 
++/* Wrapper that provides an interface between the API and
+    the raw PadLock RNG */
+ static int
+ padlock_rand_bytes(unsigned char *output, int count)
+@@ -1212,6 +1733,7 @@
+ 	padlock_rand_bytes,	/* pseudorand */
+ 	padlock_rand_status,	/* rand status */
+ };
++#endif /* PADLOCK_NO_RNG */
+ 
+ #endif /* COMPILE_HW_PADLOCK */
+ 
+Index: openssl-0.9.8k/crypto/evp/p_sign.c
+===================================================================
+--- openssl-0.9.8k.orig/crypto/evp/p_sign.c	2009-07-13 11:01:02.000000000 +0300
++++ openssl-0.9.8k/crypto/evp/p_sign.c	2009-07-13 11:01:45.000000000 +0300
+@@ -5,21 +5,21 @@
+  * This package is an SSL implementation written
+  * by Eric Young (eay@cryptsoft.com).
+  * The implementation was written so as to conform with Netscapes SSL.
+- * 
++ *
+  * This library is free for commercial and non-commercial use as long as
+  * the following conditions are aheared to.  The following conditions
+  * apply to all code found in this distribution, be it the RC4, RSA,
+  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+  * included with this distribution is covered by the same copyright terms
+  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
++ *
+  * Copyright remains Eric Young's, and as such any Copyright notices in
+  * the code are not to be removed.
+  * If this package is used in a product, Eric Young should be given attribution
+  * as the author of the parts of the library used.
+  * This can be in the form of a textual message at program startup or
+  * in documentation (online or textual) provided with the package.
+- * 
++ *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+  * are met:
+@@ -34,10 +34,10 @@
+  *     Eric Young (eay@cryptsoft.com)"
+  *    The word 'cryptographic' can be left out if the rouines from the library
+  *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
++ * 4. If you include any Windows specific code (or a derivative thereof) from
+  *    the apps directory (application code) you must include an acknowledgement:
+  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
++ *
+  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+@@ -49,7 +49,7 @@
+  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+- * 
++ *
+  * The licence and distribution terms for any publically available version or
+  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+  * copied and put under another distribution licence
+@@ -105,6 +105,7 @@
+ 		return(0);
+ 		}
+ 	EVP_MD_CTX_init(&tmp_ctx);
++	M_EVP_MD_CTX_set_flags(&tmp_ctx,EVP_MD_CTX_FLAG_ONESHOT);
+ 	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
+ 	if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
+ 		{
+Index: openssl-0.9.8k/crypto/evp/p_verify.c
+===================================================================
+--- openssl-0.9.8k.orig/crypto/evp/p_verify.c	2009-07-13 11:01:06.000000000 +0300
++++ openssl-0.9.8k/crypto/evp/p_verify.c	2009-07-13 11:02:11.000000000 +0300
+@@ -5,21 +5,21 @@
+  * This package is an SSL implementation written
+  * by Eric Young (eay@cryptsoft.com).
+  * The implementation was written so as to conform with Netscapes SSL.
+- * 
++ *
+  * This library is free for commercial and non-commercial use as long as
+  * the following conditions are aheared to.  The following conditions
+  * apply to all code found in this distribution, be it the RC4, RSA,
+  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+  * included with this distribution is covered by the same copyright terms
+  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
++ *
+  * Copyright remains Eric Young's, and as such any Copyright notices in
+  * the code are not to be removed.
+  * If this package is used in a product, Eric Young should be given attribution
+  * as the author of the parts of the library used.
+  * This can be in the form of a textual message at program startup or
+  * in documentation (online or textual) provided with the package.
+- * 
++ *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+  * are met:
+@@ -34,10 +34,10 @@
+  *     Eric Young (eay@cryptsoft.com)"
+  *    The word 'cryptographic' can be left out if the rouines from the library
+  *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
++ * 4. If you include any Windows specific code (or a derivative thereof) from
+  *    the apps directory (application code) you must include an acknowledgement:
+  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
++ *
+  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+@@ -49,7 +49,7 @@
+  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+- * 
++ *
+  * The licence and distribution terms for any publically available version or
+  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+  * copied and put under another distribution licence
+@@ -92,7 +92,8 @@
+ 		}
+ 
+ 	EVP_MD_CTX_init(&tmp_ctx);
+-	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
++	M_EVP_MD_CTX_set_flags(&tmp_ctx,EVP_MD_CTX_FLAG_ONESHOT);
++	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
+ 	if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
+ 		{
+ 		EVP_MD_SVCTX sctmp;
diff --git a/main/openssl/openssl-0.9.8k-quote-cc.patch b/main/openssl/openssl-0.9.8k-quote-cc.patch
new file mode 100644
index 0000000000..5a61662886
--- /dev/null
+++ b/main/openssl/openssl-0.9.8k-quote-cc.patch
@@ -0,0 +1,72 @@
+--- openssl-0.9.8k/Makefile.orig	2009-04-07 12:28:31.000000000 +0000
++++ openssl-0.9.8k/Makefile	2009-04-07 12:30:13.000000000 +0000
+@@ -359,7 +359,7 @@
+ 			$(AR) libcrypto.a fips/fipscanister.o ; \
+ 		else \
+ 			if [ "$(FIPSCANLIB)" = "libcrypto" ]; then \
+-				FIPSLD_CC=$(CC); CC=fips/fipsld; \
++				FIPSLD_CC="$(CC)"; CC=fips/fipsld; \
+ 				export CC FIPSLD_CC; \
+ 			fi; \
+ 			$(MAKE) -e SHLIBDIRS='crypto' build-shared; \
+@@ -382,9 +382,9 @@
+ fips/fipscanister.o:	build_fips
+ libfips$(SHLIB_EXT):		fips/fipscanister.o
+ 	@if [ "$(SHLIB_TARGET)" != "" ]; then \
+-		FIPSLD_CC=$(CC); CC=fips/fipsld; export CC FIPSLD_CC; \
++		FIPSLD_CC="$(CC)"; CC=fips/fipsld; export CC FIPSLD_CC; \
+ 		$(MAKE) -f Makefile.shared -e $(BUILDENV) \
+-			CC=$${CC} LIBNAME=fips THIS=$@ \
++			CC="$${CC}" LIBNAME=fips THIS=$@ \
+ 			LIBEXTRAS=fips/fipscanister.o \
+ 			LIBDEPS="$(EX_LIBS)" \
+ 			LIBVERSION=${SHLIB_MAJOR}.${SHLIB_MINOR} \
+--- openssl-0.9.8k/apps/Makefile.orig	2009-04-07 12:35:30.000000000 +0000
++++ openssl-0.9.8k/apps/Makefile	2009-04-07 12:56:53.000000000 +0000
+@@ -153,12 +153,12 @@
+ 	shlib_target=; if [ -n "$(SHARED_LIBS)" ]; then \
+ 		shlib_target="$(SHLIB_TARGET)"; \
+ 	elif [ -n "$(FIPSCANLIB)" ]; then \
+-	  FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
++	  FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ 	fi; \
+ 	LIBRARIES="$(LIBSSL) $(LIBKRB5) $(LIBCRYPTO)" ; \
+ 	[ "x$(FIPSCANLIB)" = "xlibfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
+ 	$(MAKE) -f $(TOP)/Makefile.shared -e \
+-		CC=$${CC} APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
++		CC="$${CC}" APPNAME=$(EXE) OBJECTS="$(PROGRAM).o $(E_OBJ)" \
+ 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ 		link_app.$${shlib_target}
+ 	-(cd ..; \
+--- openssl-0.9.8k/test/Makefile.orig	2009-04-07 13:26:06.000000000 +0000
++++ openssl-0.9.8k/test/Makefile	2009-04-07 13:26:38.000000000 +0000
+@@ -402,13 +402,13 @@
+ 	if [ "$(FIPSCANLIB)" = "libfips" ]; then \
+ 		LIBRARIES="-L$(TOP) -lfips"; \
+ 	elif [ -n "$(FIPSCANLIB)" ]; then \
+-		FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
++		FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ 		LIBRARIES="$${FIPSLIBDIR:-$(TOP)/fips/}fipscanister.o"; \
+ 	else \
+ 		LIBRARIES="$(LIBCRYPTO)"; \
+ 	fi; \
+ 	$(MAKE) -f $(TOP)/Makefile.shared -e \
+-		CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
++		CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
+ 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ 		link_app.$${shlib_target}
+ 
+@@ -417,11 +417,11 @@
+ 	fi; \
+ 	LIBRARIES="$(LIBSSL) $(LIBCRYPTO) $(LIBKRB5)"; \
+ 	if [ -z "$(SHARED_LIBS)" -a -n "$(FIPSCANLIB)" ] ; then \
+-		FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
++		FIPSLD_CC="$(CC)"; CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ 	fi; \
+ 	[ "$(FIPSCANLIB)" = "libfips" ] && LIBRARIES="$$LIBRARIES -lfips"; \
+ 	$(MAKE) -f $(TOP)/Makefile.shared -e \
+-		CC=$${CC} APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
++		CC="$${CC}" APPNAME=$$target$(EXE_EXT) OBJECTS="$$target.o" \
+ 		LIBDEPS="$(PEX_LIBS) $$LIBRARIES $(EX_LIBS)" \
+ 		link_app.$${shlib_target}
+ 
diff --git a/main/openssl/openssl-bb-basename.patch b/main/openssl/openssl-bb-basename.patch
new file mode 100644
index 0000000000..441c7b91e3
--- /dev/null
+++ b/main/openssl/openssl-bb-basename.patch
@@ -0,0 +1,20 @@
+--- openssl-0.9.8i.orig/Makefile.org	Wed Nov  5 21:43:31 2008
++++ openssl-0.9.8i/Makefile.org	Wed Nov  5 22:26:40 2008
+@@ -551,7 +551,7 @@
+ 		filecase=-i; \
+ 	fi; \
+ 	set -e; for i in doc/apps/*.pod; do \
+-		fn=`basename $$i .pod`; \
++		fn=`basename $$i .pod || true`; \
+ 		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
+ 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ 		(cd `$(PERL) util/dirname.pl $$i`; \
+@@ -568,7 +568,7 @@
+ 			 done); \
+ 	done; \
+ 	set -e; for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+-		fn=`basename $$i .pod`; \
++		fn=`basename $$i .pod || true`; \
+ 		sec=`$(PERL) util/extract-section.pl 3 < $$i`; \
+ 		echo "installing man$$sec/$$fn.$${sec}$(MANSUFFIX)"; \
+ 		(cd `$(PERL) util/dirname.pl $$i`; \
diff --git a/main/openvpn/APKBUILD b/main/openvpn/APKBUILD
new file mode 100644
index 0000000000..be48bdf61d
--- /dev/null
+++ b/main/openvpn/APKBUILD
@@ -0,0 +1,61 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=openvpn
+pkgver=2.0.9
+pkgrel=1
+pkgdesc="A robust, and highly configurable VPN (Virtual Private Network)"
+url="http://openvpn.sourceforge.net/"
+license="custom"
+subpackages="$pkgname-doc"
+depends="iproute2"
+makedepends="openssl-dev lzo-dev"
+install=
+source="http://$pkgname.net/release/$pkgname-$pkgver.tar.gz
+	openvpn-2.0.9-persistent.patch
+	openvpn.initd
+	"
+
+build() { 
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--enable-ssl \
+		--enable-crypto \
+		--disable-threads \
+		--enable-iproute2
+
+	make || return 1
+
+	cd plugin/down-root
+	make || return 1
+	cd ../..
+
+	make DESTDIR="$pkgdir" install || return 1
+
+	# install plugins
+	install -d "$pkgdir"/usr/lib/$pkgname
+	cp plugin/*/*.so "$pkgdir"/usr/lib/$pkgname
+
+	# install easy-rsa
+	sed -i -e 's/--directory/-d/g; s/--mode=/-m/g' easy-rsa/2.0/Makefile
+	sed -i -e '1s|#!/bin/bash|#!/bin/sh|' easy-rsa/2.0/*
+	make -C easy-rsa/2.0 DESTDIR="$pkgdir" \
+		PREFIX=etc/openvpn/easy-rsa \
+		install
+
+	# install examples
+	mkdir -p "$pkgdir"/usr/share/doc/$pkgname/examples
+	cp -a sample-config-files "$pkgdir"/usr/share/doc/$pkgname/examples
+	install -D -m644 COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+
+	# install init.d
+	install -Dm755 ../openvpn.initd "$pkgdir"/etc/init.d/openvpn
+
+}
+md5sums="60745008b90b7dbe25fe8337c550fec6  openvpn-2.0.9.tar.gz
+a9075ceb8552980519132cc27fda85ac  openvpn-2.0.9-persistent.patch
+10390247d1fdc4fd1ebec1ebae8872be  openvpn.initd"
diff --git a/main/openvpn/openvpn-2.0.9-persistent.patch b/main/openvpn/openvpn-2.0.9-persistent.patch
new file mode 100644
index 0000000000..e042124ea4
--- /dev/null
+++ b/main/openvpn/openvpn-2.0.9-persistent.patch
@@ -0,0 +1,44 @@
+diff -ru openvpn-2.0.9~/init.c openvpn-2.0.9/init.c
+--- openvpn-2.0.9~/init.c	2008-05-13 23:21:30.000000000 +0200
++++ openvpn-2.0.9/init.c	2008-05-13 23:22:51.000000000 +0200
+@@ -347,7 +347,8 @@
+ 	msg (M_FATAL|M_OPTERR,
+ 	     "options --mktun or --rmtun should only be used together with --dev");
+       tuncfg (options->dev, options->dev_type, options->dev_node,
+-	      options->tun_ipv6, options->persist_mode);
++	      options->tun_ipv6, options->persist_mode,
++	      &options->tuntap_options);
+       return true;
+     }
+ #endif
+diff -ru openvpn-2.0.9~/tun.c openvpn-2.0.9/tun.c
+--- openvpn-2.0.9~/tun.c	2008-05-13 23:21:30.000000000 +0200
++++ openvpn-2.0.9/tun.c	2008-05-13 23:22:51.000000000 +0200
+@@ -1095,13 +1095,14 @@
+ #ifdef TUNSETPERSIST
+ 
+ void
+-tuncfg (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, int persist_mode)
++tuncfg (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, int persist_mode, const struct tuntap_options *options)
+ {
+   struct tuntap *tt;
+ 
+   ALLOC_OBJ (tt, struct tuntap);
+   clear_tuntap (tt);
+   tt->type = dev_type_enum (dev, dev_type);
++  tt->options = *options;
+   open_tun (dev, dev_type, dev_node, ipv6, tt);
+   if (ioctl (tt->fd, TUNSETPERSIST, persist_mode) < 0)
+     msg (M_ERR, "Cannot ioctl TUNSETPERSIST(%d) %s", persist_mode, dev);
+diff -ru openvpn-2.0.9~/tun.h openvpn-2.0.9/tun.h
+--- openvpn-2.0.9~/tun.h	2008-05-13 23:21:30.000000000 +0200
++++ openvpn-2.0.9/tun.h	2008-05-13 23:22:51.000000000 +0200
+@@ -194,7 +194,7 @@
+ int read_tun (struct tuntap* tt, uint8_t *buf, int len);
+ 
+ void tuncfg (const char *dev, const char *dev_type, const char *dev_node,
+-	     bool ipv6, int persist_mode);
++	     bool ipv6, int persist_mode, const struct tuntap_options *options);
+ 
+ const char *guess_tuntap_dev (const char *dev,
+ 			      const char *dev_type,
diff --git a/main/openvpn/openvpn.initd b/main/openvpn/openvpn.initd
new file mode 100644
index 0000000000..a6e4529e1c
--- /dev/null
+++ b/main/openvpn/openvpn.initd
@@ -0,0 +1,63 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+VPNDIR="/etc/openvpn"
+VPN="${SVCNAME#*.}"
+if [ -n "${VPN}" ] && [ "${SVCNAME}" != "openvpn" ]; then
+	VPNPID="/var/run/openvpn.${VPN}.pid"
+else
+	VPNPID="/var/run/openvpn.pid"
+fi
+VPNCONF="${VPNDIR}/${VPN}.conf"
+
+depend() {
+	need localmount net
+	before netmount
+	after bootmisc
+}
+
+checktundevice() {
+	if [ ! -e /dev/net/tun ]; then
+		if ! modprobe tun ; then
+			eerror "TUN/TAP support is not available in this kernel"
+			return 1
+		fi
+	fi
+	if [ -h /dev/net/tun ] && [ -c /dev/misc/net/tun ]; then
+		ebegin "Detected broken /dev/net/tun symlink, fixing..."
+		rm -f /dev/net/tun
+		ln -s /dev/misc/net/tun /dev/net/tun
+		eend $?
+	fi
+}
+
+start() {
+	ebegin "Starting ${SVCNAME}"
+
+	checktundevice || return 1
+
+	if [ ! -e "${VPNCONF}" ]; then
+		eend 1 "${VPNCONF} does not exist"
+		return 1
+	fi
+
+	local args=""
+	# If the config file does not specify the cd option, we do
+	# But if we specify it, we override the config option which we do not want
+	if ! grep -q "^[ \t]*cd[ \t].*" "${VPNCONF}" ; then
+		args="${args} --cd ${VPNDIR}"
+	fi
+
+	start-stop-daemon --start --exec /usr/sbin/openvpn --pidfile "${VPNPID}" \
+		-- --config "${VPNCONF}" --writepid "${VPNPID}" --daemon ${args}
+	eend $? "Check your logs to see why startup failed"
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop --exec /usr/sbin/openvpn --pidfile "${VPNPID}"
+	eend $?
+}
+
+# vim: ts=4
diff --git a/main/p7zip/APKBUILD b/main/p7zip/APKBUILD
new file mode 100644
index 0000000000..38d6760282
--- /dev/null
+++ b/main/p7zip/APKBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=p7zip
+pkgver=4.65
+pkgrel=0
+pkgdesc="A command-line port of the 7zip compression utility"
+url="http://p7zip.sourceforge.net"
+license="GPL"
+subpackages="$pkgname-doc"
+depends="uclibc uclibc++ libgcc"
+makedepends="bash uclibc++-dev"
+#install=p7zip.install
+source="http://downloads.sourceforge.net/sourceforge/$pkgname/${pkgname}_${pkgver}_src_all.tar.bz2
+	p7zip-cc-cxx.patch"
+
+build ()
+{
+	cd "$srcdir"/${pkgname}_${pkgver}
+	patch -p1 -i ../p7zip-cc-cxx.patch || return 1
+	sed -i "s|usr/local|usr|g" makefile
+	export CXX=${UC_CXX:-g++-uc}
+
+	make all3 OPTFLAGS="${CXXFLAGS}" || return 1
+	make install DEST_HOME="$pkgdir"/usr DEST_MAN="$pkgdir"/usr/share/man \
+		DEST_SHARE_DOC="http://www.bugaco.com/7zip"
+
+#	echo "creating dir"
+#	mkdir -p "$pkgdir"/usr/share/doc/p7zip/DOCS
+#	install -m555 bin/7z.so "$pkgdir"/usr/lib/p7zip/
+	sed -i "s|"$pkgdir"/usr|/usr|g" "$pkgdir"/usr/bin/7z
+	sed -i "s|"$pkgdir"/usr|/usr|g" "$pkgdir"/usr/bin/7za
+	sed -i "s|"$pkgdir"/usr|/usr|g" "$pkgdir"/usr/bin/7zr
+#	install -m755 -D contrib/VirtualFileSystemForMidnightCommander/u7z "$pkgdir"/usr/share/mc/extfs/u7z
+}
+
+md5sums="f78ed232436dc8f8be25a2f95d4e5f9a  p7zip_4.65_src_all.tar.bz2
+8e8f415267bb5db179e4a8ed75985244  p7zip-cc-cxx.patch"
diff --git a/main/p7zip/p7zip-cc-cxx.patch b/main/p7zip/p7zip-cc-cxx.patch
new file mode 100644
index 0000000000..d06708b4bb
--- /dev/null
+++ b/main/p7zip/p7zip-cc-cxx.patch
@@ -0,0 +1,22 @@
+--- a/makefile.machine	2009-05-29 07:24:22.000000000 +0000
++++ b/makefile.machine	2009-05-29 07:25:22.000000000 +0000
+@@ -2,6 +2,8 @@
+ # makefile for Linux (x86, PPC, alpha ...)
+ #
+ 
++CXX ?= g++
++CC ?= gcc
+ OPTFLAGS=-O
+ 
+ ALLFLAGS=${OPTFLAGS} -s \
+@@ -9,8 +11,8 @@
+ 	-DNDEBUG -D_REENTRANT -DENV_UNIX \
+ 	$(LOCAL_FLAGS)
+ 
+-CXX=g++ $(ALLFLAGS)
+-CC=gcc $(ALLFLAGS)
++CXX += $(ALLFLAGS)
++CC += $(ALLFLAGS)
+ CC_SHARED=-fPIC
+ LINK_SHARED=-fPIC -shared
+ 
diff --git a/main/parted/APKBUILD b/main/parted/APKBUILD
new file mode 100644
index 0000000000..a606b75796
--- /dev/null
+++ b/main/parted/APKBUILD
@@ -0,0 +1,27 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=parted
+pkgver=1.8.8
+pkgrel=1
+pkgdesc="Utility to create, destroy, resize, check and copy partitions"
+url="http://www.gnu.org/software/parted/parted.html"
+license="GPL3"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends="pkgconfig e2fsprogs-dev readline-dev ncurses-dev"
+source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	nocxx.patch"
+
+build ()
+{
+	cd "$srcdir"/$pkgname-$pkgver
+	patch configure < ../nocxx.patch || return 1
+
+	./configure --prefix=/usr \
+		--disable-debug \
+		--disable-nls \
+		--disable-Werror
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="0d494591731082ec57cc18627728124a  parted-1.8.8.tar.gz
+28513788ba4d556ccd538867dc6205ab  nocxx.patch"
diff --git a/main/parted/nocxx.patch b/main/parted/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/parted/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/patch/APKBUILD b/main/patch/APKBUILD
new file mode 100644
index 0000000000..8e4691db72
--- /dev/null
+++ b/main/patch/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=patch
+pkgver=2.5.9
+pkgrel=0
+pkgdesc="Utility to apply diffs to files"
+url="http://www.gnu.org/software/patch/patch.html"
+license='GPL'
+depends=
+source=http://alpha.gnu.org/gnu/diffutils/$pkgname-$pkgver.tar.gz
+
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man
+	make || return 1
+	make prefix="$pkgdir"/usr mandir="$pkgdir"/usr/share/man install
+}
+
+md5sums='dacfb618082f8d3a2194601193cf8716  patch-2.5.9.tar.gz'
diff --git a/main/pax-utils/APKBUILD b/main/pax-utils/APKBUILD
new file mode 100644
index 0000000000..4d0308e859
--- /dev/null
+++ b/main/pax-utils/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=pax-utils
+pkgver=0.1.19
+pkgrel=0
+pkgdesc="ELF related utils for ELF 32/64 binaries"
+url="http://hardened.gentoo.org/pax-utils.xml"
+license='GPL-2'
+depends="uclibc"
+makedepends=""
+source="http://dev.gentoo.org/~vapier/dist/pax-utils-$pkgver.tar.bz2"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+md5sums="98f6b9fe17a740a8cc577255422c6103  pax-utils-0.1.19.tar.bz2"
diff --git a/main/paxctl/APKBUILD b/main/paxctl/APKBUILD
new file mode 100644
index 0000000000..b8ac414d76
--- /dev/null
+++ b/main/paxctl/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=paxctl
+pkgver=0.5
+pkgrel=0
+pkgdesc="Manage PaX releated program header flags"
+url="http://pax.grsecurity.net"
+license="GPL-2"
+depends=""
+makedepends=""
+install=
+subpackages="$pkgname-doc"
+source="http://pax.grsecurity.net/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	sed -i -e 's:--owner:-o:g; s:--group:-g:g; s:--mode:-m:g' Makefile
+
+	make CFLAGS="$CFLAGS" LDFLASG="$LDFLAGS" || return 1
+	make DESTDIR="$pkgdir" install
+
+	# install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	# install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+
+md5sums="6ec138522977dc7654d33ddbe32755f0  paxctl-0.5.tar.gz"
diff --git a/main/pciutils/APKBUILD b/main/pciutils/APKBUILD
new file mode 100644
index 0000000000..1c41b6d07b
--- /dev/null
+++ b/main/pciutils/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=pciutils
+pkgver=3.1.2
+pkgrel=0
+pkgdesc="PCI bus configuration space access library and tools"
+url="http://mj.ucw.cz/pciutils.html"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install=
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://www.kernel.org/pub/software/utils/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make ZLIB=no PREFIX=/usr SHAREDIR=/usr/share/hwdata MANDIR=/usr/share/man all || return 1
+	make PREFIX=${pkgdir}/usr SHAREDIR=${pkgdir}/usr/share/hwdata MANDIR=${pkgdir}/usr/share/man install
+	
+	install -d ${pkgdir}/usr/lib
+	install -m644 lib/libpci.a ${pkgdir}/usr/lib
+	for i in config.h header.h pci.h types.h; do
+	  install -D -m 644 lib/${i} ${pkgdir}/usr/include/pci/${i}
+	done
+
+}
+
+md5sums="b6cc13955ad769a25c475a87d2ef5596  pciutils-3.1.2.tar.gz"
diff --git a/main/pcmciautils/APKBUILD b/main/pcmciautils/APKBUILD
new file mode 100644
index 0000000000..f11f6e06bf
--- /dev/null
+++ b/main/pcmciautils/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=pcmciautils
+pkgver=015
+pkgrel=0
+pkgdesc="Utilities for inserting and removing PCMCIA cards"
+url="http://kernel.org/pub/linux/utils/kernel/pcmcia/pcmcia.html"
+license="GPL"
+subpackages="$pkgname-doc"
+depends="uclibc sysfsutils"
+makedepends="sysfsutils-dev bison flex"
+source="http://kernel.org/pub/linux/utils/kernel/pcmcia/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+#	sed -i -e 's,/usr/bin/install,/bin/install,g' Makefile
+	make build/ccdv || return 1
+	make LEX=flex || return 1
+	make DESTDIR="$pkgdir"/ install
+	ln -sf pccardctl "$pkgdir"/sbin/lspcmcia
+}
+md5sums="9e12435c8b6cf7bf59894e90e480b4aa  pcmciautils-015.tar.bz2"
diff --git a/main/pcre/APKBUILD b/main/pcre/APKBUILD
new file mode 100644
index 0000000000..f2749d6a3e
--- /dev/null
+++ b/main/pcre/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=pcre
+pkgver=7.9
+pkgrel=0
+pkgdesc="Perl-compatible regular expression library"
+url="http://pcre.sourceforge.net"
+license="BSD"
+depends="uclibc"
+makedepends=""
+source="ftp://ftp.csx.cam.ac.uk/pub/software/programming/$pkgname/$pkgname-$pkgver.tar.bz2"
+subpackages="$pkgname-dev $pkgname-doc"
+
+build() { 
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--disable-cpp \
+		--enable-utf8 \
+		--with-match-limit-recursion=8192 \
+		--htmldir=/usr/share/doc/$pkgname-$pkgver/html \
+		--docdir=/usr/share/doc/$pkgname-$pkgver
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+
+md5sums="b6a9669d1863423f01ea46cdf00f93dc  pcre-7.9.tar.bz2"
diff --git a/main/perl-archive-zip/APKBUILD b/main/perl-archive-zip/APKBUILD
new file mode 100644
index 0000000000..7e8d32019e
--- /dev/null
+++ b/main/perl-archive-zip/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-archive-zip
+_realname=Archive-Zip
+pkgver=1.26
+pkgrel=0
+pkgdesc="Provide a perl interface to ZIP archive files."
+url="http://search.cpan.org/dist/Archive-Zip/"
+license="GPL PerlArtistic"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/A/AD/ADAMK/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="a2e1cc1d99dbaebc41421295c93f61b5  Archive-Zip-1.26.tar.gz"
diff --git a/main/perl-convert-binhex/APKBUILD b/main/perl-convert-binhex/APKBUILD
new file mode 100644
index 0000000000..96f2e86e99
--- /dev/null
+++ b/main/perl-convert-binhex/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-convert-binhex
+_realname=Convert-BinHex
+pkgver=1.119
+pkgrel=0
+pkgdesc="Extract data from Macintosh BinHex files"
+url="http://search.cpan.org/~eryq/Convert-BinHex-1.119/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/E/ER/ERYQ/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="ba70ad1772abac6270078f28197a7961  Convert-BinHex-1.119.tar.gz"
diff --git a/main/perl-convert-tnef/APKBUILD b/main/perl-convert-tnef/APKBUILD
new file mode 100644
index 0000000000..ec2fb8cdc7
--- /dev/null
+++ b/main/perl-convert-tnef/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-convert-tnef
+_realname=Convert-TNEF
+pkgver=0.17
+pkgrel=0
+pkgdesc="Perl module to read TNEF files"
+url="http://search.cpan.org/~dougw/Convert-TNEF-0.17/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/D/DO/DOUGW/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="31cddf42fae9495b4a686b17ec68d7e0  Convert-TNEF-0.17.tar.gz"
diff --git a/main/perl-convert-uulib/APKBUILD b/main/perl-convert-uulib/APKBUILD
new file mode 100644
index 0000000000..e469ed9acb
--- /dev/null
+++ b/main/perl-convert-uulib/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-convert-uulib
+_realname=Convert-UUlib
+pkgver=1.12
+pkgrel=0
+pkgdesc="Perl interface to the uulib library"
+url="http://search.cpan.org/~mlehmann/Convert-UUlib-1.12/UUlib.pm"
+license="Artistic GPL2"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/M/ML/MLEHMANN/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="360d29db09aa7692d8873b336b7ec9d7  Convert-UUlib-1.12.tar.gz"
diff --git a/main/perl-crypt-openssl-random/APKBUILD b/main/perl-crypt-openssl-random/APKBUILD
new file mode 100644
index 0000000000..78568c61bd
--- /dev/null
+++ b/main/perl-crypt-openssl-random/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-crypt-openssl-random
+_realname=Crypt-OpenSSL-Random
+pkgver=0.04
+pkgrel=0
+pkgdesc="RSA encoding and decoding, using the openSSL libraries"
+url="http://search.cpan.org/~iroberts/Crypt-OpenSSL-Random-0.04/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev openssl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/I/IR/IROBERTS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="c56ac5dbdd46122eb9b8da59613b7b0a  Crypt-OpenSSL-Random-0.04.tar.gz"
diff --git a/main/perl-crypt-openssl-rsa/APKBUILD b/main/perl-crypt-openssl-rsa/APKBUILD
new file mode 100644
index 0000000000..cff3d0e1bd
--- /dev/null
+++ b/main/perl-crypt-openssl-rsa/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-crypt-openssl-rsa
+_realname=Crypt-OpenSSL-RSA
+pkgver=0.25
+pkgrel=0
+pkgdesc="RSA encoding and decoding, using the openSSL libraries"
+url="http://search.cpan.org/~iroberts/Crypt-OpenSSL-RSA-0.25/"
+license="Unknown"
+depends="perl perl-crypt-openssl-random"
+makedepends="perl-dev openssl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/I/IR/IROBERTS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="fdf19c9093f47cffb851ae937d053c14  Crypt-OpenSSL-RSA-0.25.tar.gz"
diff --git a/main/perl-db/APKBUILD b/main/perl-db/APKBUILD
new file mode 100644
index 0000000000..b55e744bdf
--- /dev/null
+++ b/main/perl-db/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-db
+_realname=BerkeleyDB
+pkgver=0.38
+pkgrel=0
+pkgdesc="Perl extension for Berkeley DB version 2, 3 or 4"
+url="http://search.cpan.org/~pmqs/BerkeleyDB-0.38/"
+license="GPL PerlArtistic"
+depends="perl db"
+makedepends="perl-dev db-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="33a0c1a9d566a3f5fc71601a165d8335  BerkeleyDB-0.38.tar.gz"
diff --git a/main/perl-db_file/APKBUILD b/main/perl-db_file/APKBUILD
new file mode 100644
index 0000000000..6415f1bbf9
--- /dev/null
+++ b/main/perl-db_file/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-db_file
+_realname=DB_File
+pkgver=1.820
+pkgrel=0
+pkgdesc="Perl5 access to Berkeley DB"
+url="http://search.cpan.org/~pmqs/DB_File-1.820/"
+license="GPL PerlArtistic"
+depends="perl db"
+makedepends="perl-dev db-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="28979bee29d8075b0dffab02fe29df6e  DB_File-1.820.tar.gz"
diff --git a/main/perl-digest-sha1/APKBUILD b/main/perl-digest-sha1/APKBUILD
new file mode 100644
index 0000000000..0b40dfb40a
--- /dev/null
+++ b/main/perl-digest-sha1/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-digest-sha1
+_realname=Digest-SHA1
+pkgver=2.12
+pkgrel=0
+pkgdesc="Perl interface to the SHA-1 algorithm"
+url="http://search.cpan.org/~gaas/Digest-SHA1-2.12/"
+license="GPL PerlArtistic"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="eeb0292868801a202bd7ead87b291374  Digest-SHA1-2.12.tar.gz"
diff --git a/main/perl-getopt-long/APKBUILD b/main/perl-getopt-long/APKBUILD
new file mode 100644
index 0000000000..d89e3e7568
--- /dev/null
+++ b/main/perl-getopt-long/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-getopt-long
+_realname=Getopt-Long
+pkgver=2.38
+pkgrel=0
+pkgdesc="Extended processing of command line options"
+url="http://search.cpan.org/~jv/Getopt-Long-2.38/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/J/JV/JV/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="4d38c78300e79a7fde4700e88759c2b3  Getopt-Long-2.38.tar.gz"
diff --git a/main/perl-html-parser/APKBUILD b/main/perl-html-parser/APKBUILD
new file mode 100644
index 0000000000..5e374b94f2
--- /dev/null
+++ b/main/perl-html-parser/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-html-parser
+_realname=HTML-Parser
+pkgver=3.60
+pkgrel=0
+pkgdesc="Parse section of HTML documents"
+url="http://search.cpan.org/~gaas/HTML-Parser-3.60/"
+license="GPL PerlArtistic"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="fb97ea7e5bd832b079d8660732f9d8d9  HTML-Parser-3.60.tar.gz"
diff --git a/main/perl-inline/APKBUILD b/main/perl-inline/APKBUILD
new file mode 100644
index 0000000000..f81f4268f0
--- /dev/null
+++ b/main/perl-inline/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-inline
+_realname=Inline
+pkgver=0.45
+pkgrel=0
+pkgdesc="Write Perl subroutines in other programming languages"
+url="http://search.cpan.org/~sisyphus/Inline-0.45/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/S/SI/SISYPHUS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="63140a6c911f1576fdee71ba4457610f  Inline-0.45.tar.gz"
diff --git a/main/perl-io-stringy/APKBUILD b/main/perl-io-stringy/APKBUILD
new file mode 100644
index 0000000000..4b51ff9921
--- /dev/null
+++ b/main/perl-io-stringy/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-io-stringy
+_realname=IO-stringy
+pkgver=2.110
+pkgrel=0
+pkgdesc="A Perl module for I/O on in-core objects like strings and arrays"
+url="http://search.cpan.org/~dskoll/IO-stringy-2.110/"
+license="unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/D/DS/DSKOLL/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="2e6a976cfa5521e815c1fdf4006982de  IO-stringy-2.110.tar.gz"
diff --git a/main/perl-mail-clamav/APKBUILD b/main/perl-mail-clamav/APKBUILD
new file mode 100644
index 0000000000..c8ef7ea723
--- /dev/null
+++ b/main/perl-mail-clamav/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-mail-clamav
+_realname=Mail-ClamAV
+pkgver=0.29
+pkgrel=0
+pkgdesc="Perl extension for the clamav virus scanner"
+url="http://search.cpan.org/~converter/Mail-ClamAV-0.29/"
+license="Unknown"
+depends="perl clamav"
+makedepends="perl-dev perl-inline perl-parse-recdescent clamav-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/C/CO/CONVERTER/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	sed -i -e 's%\(clamav-config --version\)%sh /usr/bin/\1%' Makefile.PL
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make -j1 || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="737ea1c041d9312cdcfe5b85eb45428e  Mail-ClamAV-0.29.tar.gz"
diff --git a/main/perl-mail-dkim/APKBUILD b/main/perl-mail-dkim/APKBUILD
new file mode 100644
index 0000000000..718be6e9d5
--- /dev/null
+++ b/main/perl-mail-dkim/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-mail-dkim
+_realname=Mail-DKIM
+pkgver=0.36
+pkgrel=0
+pkgdesc="Signs/verifies Internet mail with DKIM/DomainKey signatures"
+url="http://search.cpan.org/~jaslong/Mail-DKIM-0.36/"
+license="unknown"
+depends="perl perl-net-dns perl-net-ip perl-mail-tools perl-crypt-openssl-rsa"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/J/JA/JASLONG/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="b6681a7b3cc21c0976205d4ad616455d  Mail-DKIM-0.36.tar.gz"
diff --git a/main/perl-mail-domainkeys/APKBUILD b/main/perl-mail-domainkeys/APKBUILD
new file mode 100644
index 0000000000..36feb26e9e
--- /dev/null
+++ b/main/perl-mail-domainkeys/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-mail-domainkeys
+_realname=Mail-DomainKeys
+pkgver=1.0
+pkgrel=0
+pkgdesc="A perl implementation of DomainKeys"
+url="http://search.cpan.org/~anthonyu/Mail-DomainKeys-1.0/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/A/AN/ANTHONYU/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="a4565f21ada263cf34c55f50d7eb9944  Mail-DomainKeys-1.0.tar.gz"
diff --git a/main/perl-mail-spamassassin/APKBUILD b/main/perl-mail-spamassassin/APKBUILD
new file mode 100644
index 0000000000..6a3c884616
--- /dev/null
+++ b/main/perl-mail-spamassassin/APKBUILD
@@ -0,0 +1,25 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-mail-spamassassin
+_realname=Mail-SpamAssassin
+pkgver=3.2.5
+pkgrel=0
+pkgdesc="Spam detector and markup engine"
+url="http://search.cpan.org/~jmason/Mail-SpamAssassin-3.2.5/"
+license="unknown"
+depends="perl perl-digest-sha1 perl-html-parser perl-net-dns perl-db_file
+perl-mail-spf razor"
+makedepends="perl-dev zlib-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/J/JM/JMASON/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="7fdc1651d0371c4a7f95ac9ae6f828a6  Mail-SpamAssassin-3.2.5.tar.gz"
diff --git a/main/perl-mail-spf/APKBUILD b/main/perl-mail-spf/APKBUILD
new file mode 100644
index 0000000000..372398d65f
--- /dev/null
+++ b/main/perl-mail-spf/APKBUILD
@@ -0,0 +1,24 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-mail-spf
+_realname=Mail-SPF
+pkgver=2.006
+pkgrel=0
+pkgdesc="An object-oriented implementation of Sender Policy Framework"
+url="http://search.cpan.org/~jmehnle/Mail-SPF-v2.006/"
+license="GPL PerlArtistic"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/J/JM/JMEHNLE/mail-spf/$_realname-v$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-v$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="4da41591b612560627ddbc6026b047a3  Mail-SPF-v2.006.tar.gz"
diff --git a/main/perl-mail-tools/APKBUILD b/main/perl-mail-tools/APKBUILD
new file mode 100644
index 0000000000..8b287ed259
--- /dev/null
+++ b/main/perl-mail-tools/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-mail-tools
+_realname=MailTools
+pkgver=2.04
+pkgrel=0
+pkgdesc="Manipulation of electronic mail addresses"
+url="http://search.cpan.org/~markov/MailTools-2.04/"
+license="GPL PerlArtistic"
+depends="perl perl-time-date perl-test-pod"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/M/MA/MARKOV/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="d21ea4f375d1e5f3da6b0a4e8ba1e2c6  MailTools-2.04.tar.gz"
diff --git a/main/perl-mime-tools/APKBUILD b/main/perl-mime-tools/APKBUILD
new file mode 100644
index 0000000000..9a0a8c63d3
--- /dev/null
+++ b/main/perl-mime-tools/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-mime-tools
+_realname=MIME-tools
+pkgver=5.427
+pkgrel=0
+pkgdesc="Perl modules for parsing (and creating!) MIME entities"
+url="http://search.cpan.org/~doneill/MIME-tools-5.427/"
+license="PerlArtistic GPL"
+depends="perl perl-io-stringy perl-mail-tools perl-convert-binhex"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/D/DO/DONEILL/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="4333caa7238cb9eafb5f7fb39fcbd8e7  MIME-tools-5.427.tar.gz"
diff --git a/main/perl-net-dns/APKBUILD b/main/perl-net-dns/APKBUILD
new file mode 100644
index 0000000000..a9eef71bf4
--- /dev/null
+++ b/main/perl-net-dns/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-net-dns
+_realname=Net-DNS
+pkgver=0.65
+pkgrel=0
+pkgdesc="Perl interface to the DNS resolver"
+url="http://search.cpan.org/dist/Archive-Zip/"
+license="unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/O/OL/OLAF/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+        # creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="54e5a12a20de39b954a93723927ac789  Net-DNS-0.65.tar.gz"
diff --git a/main/perl-net-ip/APKBUILD b/main/perl-net-ip/APKBUILD
new file mode 100644
index 0000000000..dc334bc48c
--- /dev/null
+++ b/main/perl-net-ip/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-net-ip
+_realname=Net-IP
+pkgver=1.25
+pkgrel=0
+pkgdesc="Perl extension for manipulating IPv4/IPv6 addresses"
+url="http://search.cpan.org/~manu/Net-IP-1.25/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/M/MA/MANU/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="a49c0b02a9b793ff60191cdafc0c202e  Net-IP-1.25.tar.gz"
diff --git a/main/perl-net-server/APKBUILD b/main/perl-net-server/APKBUILD
new file mode 100644
index 0000000000..4e5fb7b2f4
--- /dev/null
+++ b/main/perl-net-server/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-net-server
+_realname=Net-Server
+pkgver=0.97
+pkgrel=0
+pkgdesc="Extensible, general Perl server engine"
+url="http://search.cpan.org/~rhandom/Net-Server-0.97/"
+license="unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/R/RH/RHANDOM/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="f884b6c5b1d2698a82bbc7ba659690a1  Net-Server-0.97.tar.gz"
diff --git a/main/perl-parse-recdescent/APKBUILD b/main/perl-parse-recdescent/APKBUILD
new file mode 100644
index 0000000000..8aa9ed89b1
--- /dev/null
+++ b/main/perl-parse-recdescent/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-parse-recdescent
+_realname=Parse-RecDescent
+pkgver=1.96.0
+pkgrel=0
+pkgdesc="Generate Recursive-Descent Parsers"
+url="http://search.cpan.org/~dconway/Parse-RecDescent-1.96.0/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/D/DC/DCONWAY/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="373dc01e102d81d01a4fb1431c5ff3fb  Parse-RecDescent-1.96.0.tar.gz"
diff --git a/main/perl-test-pod/APKBUILD b/main/perl-test-pod/APKBUILD
new file mode 100644
index 0000000000..83e13d8f6b
--- /dev/null
+++ b/main/perl-test-pod/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-test-pod
+_realname=Test-Pod
+pkgver=1.26
+pkgrel=0
+pkgdesc="Check for POD errors in files"
+url="http://search.cpan.org/~petdance/Test-Pod-1.26/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="2f259135656ac4549b65a4f14f07b7c6  Test-Pod-1.26.tar.gz"
diff --git a/main/perl-time-date/APKBUILD b/main/perl-time-date/APKBUILD
new file mode 100644
index 0000000000..c1e928849d
--- /dev/null
+++ b/main/perl-time-date/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-time-date
+_realname=TimeDate
+pkgver=1.16
+pkgrel=0
+pkgdesc="Date formating subroutines"
+url="http://search.cpan.org/~gbarr/TimeDate-1.16/"
+license="Unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/G/GB/GBARR/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="b3cc35a7cabd106ac8829d2f2ff4bd9d  TimeDate-1.16.tar.gz"
diff --git a/main/perl-unix-syslog/APKBUILD b/main/perl-unix-syslog/APKBUILD
new file mode 100644
index 0000000000..3bc8793d37
--- /dev/null
+++ b/main/perl-unix-syslog/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-unix-syslog
+_realname=Unix-Syslog
+pkgver=1.1
+pkgrel=0
+pkgdesc="Perl interface to the UNIX syslog(3) calls"
+url="http://search.cpan.org/~mharnisch/Unix-Syslog-1.1/"
+license="unknown"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/M/MH/MHARNISCH/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor \
+		|| return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="73d78e309fe9508ffc9a54d84d79aac9  Unix-Syslog-1.1.tar.gz"
diff --git a/main/perl-uri-escape/APKBUILD b/main/perl-uri-escape/APKBUILD
new file mode 100644
index 0000000000..d0c5d5d7d5
--- /dev/null
+++ b/main/perl-uri-escape/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=perl-uri-escape
+_realname=URI
+pkgver=1.38
+pkgrel=0
+pkgdesc="Uniform Resource Identifiers (absolute and relative)"
+url="http://search.cpan.org/~gaas/URI-1.38/"
+license="GPL PerlArtistic"
+depends="perl"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/$_realname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="35fba2715eb8ac56e8e30244ae69ff65  URI-1.38.tar.gz"
diff --git a/main/perl-uri/APKBUILD b/main/perl-uri/APKBUILD
new file mode 100644
index 0000000000..599f455eae
--- /dev/null
+++ b/main/perl-uri/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=perl-uri
+pkgver=1.37
+pkgrel=0
+pkgdesc="Perl Module: form Resource Identifiers (absolute and relative)"
+url="http://search.cpan.org/dist/URI/"
+license="PerlArtistic"
+subpackages="$pkgname-doc"
+depends="perl"
+makedepends="perl-dev"
+source="http://www.cpan.org/authors/id/G/GA/GAAS/URI-$pkgver.tar.gz"
+
+build ()
+{
+	cd "$srcdir"/URI-$pkgver
+	perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make install DESTDIR="$pkgdir" || return 1
+	find "$pkgdir" -name perllocal.pod -delete
+	find "$pkgdir" -name .packlist -delete
+}
+md5sums="b81b3610b78654e11c099f74a5247860  URI-1.37.tar.gz"
diff --git a/main/perl-xml-parser/APKBUILD b/main/perl-xml-parser/APKBUILD
new file mode 100644
index 0000000000..e2319ac8f3
--- /dev/null
+++ b/main/perl-xml-parser/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=perl-xml-parser
+_name=XML-Parser
+pkgver=2.36
+pkgrel=0
+pkgdesc="XML::Parser - an XML parser module for perl"
+url="http://search.cpan.org/dist/XML-Parser/"
+license="GPL PerlArtistic"
+depends="perl"
+makedepends="expat-dev perl-dev"
+source="http://search.cpan.org/CPAN/authors/id/M/MS/MSERGEANT/XML-Parser-$pkgver.tar.gz"
+
+build () {
+	cd "$srcdir"/$_name-$pkgver
+	perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make MAN1EXT=1p MAN3EXT=3pm || return 1
+	make install MAN1EXT=1p MAN3EXT=3pm DESTDIR="$pkgdir" || return 1
+	find "$pkgdir" -name perllocal.pod -delete
+	find "$pkgdir" -name .packlist -delete
+}
+md5sums="1b868962b658bd87e1563ecd56498ded  XML-Parser-2.36.tar.gz"
diff --git a/main/perl-xml-simple/APKBUILD b/main/perl-xml-simple/APKBUILD
new file mode 100644
index 0000000000..74d2ecbe19
--- /dev/null
+++ b/main/perl-xml-simple/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=perl-xml-simple
+pkgver=2.18
+pkgrel=0
+pkgdesc="Simple XML parser for perl"
+url="http://search.cpan.org/dist/XML-Simple/"
+license="PerlArtistic"
+subpackages="$pkgname-doc"
+depends="perl-xml-parser perl"
+makedepends="perl-dev"
+source="ftp://ftp.cpan.org/pub/CPAN/authors/id/G/GR/GRANTM/XML-Simple-$pkgver.tar.gz"
+
+build ()
+{
+	cd "$srcdir"/XML-Simple-$pkgver
+	perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	find "$pkgdir" -name '.packlist' -delete
+	find "$pkgdir" -name 'perllocal.pod' -delete
+}
+md5sums="593aa8001e5c301cdcdb4bb3b63abc33  XML-Simple-2.18.tar.gz"
diff --git a/main/perl/APKBUILD b/main/perl/APKBUILD
new file mode 100644
index 0000000000..fec034e538
--- /dev/null
+++ b/main/perl/APKBUILD
@@ -0,0 +1,55 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=perl
+pkgver=5.10.0
+pkgrel=1
+pkgdesc="Larry Wall's Practical Extraction and Report Language"
+url=http://www.perl.org
+license="Artistic GPL-2"
+source=http://www.perl.com/CPAN/src/perl-${pkgver}.tar.gz
+depends=
+subpackages="$pkgname-dev $pkgname-doc miniperl"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	./Configure -des \
+		-Dcccdlflags='-fPIC' \
+		-Dcccdlflags='-fPIC' \
+		-Dccdlflags='-rdynamic' \
+		-Dprefix=/usr \
+		-Dprivlib=/usr/share/perl5/core_perl \
+		-Darchlib=/usr/lib/perl5/core_perl \
+		-Dvendorprefix=/usr \
+		-Dvendorlib=/usr/share/perl5/vendor_perl \
+		-Dvendorarch=/usr/lib/perl5/vendor_perl \
+		-Dsiteprefix=/usr/local \
+		-Dsitelib=/usr/local/share/perl5/site_perl \
+		-Dsitearch=/usr/local/lib/perl5/site_perl \
+		-Dlocincpth=' ' \
+		-Doptimize="${CFLAGS}" \
+		-Duselargefiles \
+		-Dd_semctl_semun \
+		-Dman1dir=/usr/share/man/man1 \
+		-Dman3dir=/usr/share/man/man3 \
+		-Dinstallman1dir=/usr/share/man/man1 \
+		-Dinstallman3dir=/usr/share/man/man3 \
+		-Dman1ext='1' \
+		-Dman3ext='3pm' \
+		-Dinc_version_list="$inclist" \
+		-Dcf_by='Alpine' \
+		-Ud_csh \
+		-Dusenm \
+		|| return 1
+#		-Dscriptdir=/usr/bin \
+
+	make
+	make install DESTDIR="$pkgdir"
+}
+
+miniperl() {
+	pkgname=miniperl
+	mkdir -p "$subpkgdir"/usr/bin
+	cp "$srcdir/perl-$pkgver"/miniperl "$subpkgdir/usr/bin"
+}
+
+md5sums="872c3b9f1238c06766733f42087aea24  perl-5.10.0.tar.gz"
+md5sums="d2c39b002ebfd2c3c5dba589365c5a71  perl-5.10.0.tar.gz"
diff --git a/main/pgcluster/APKBUILD b/main/pgcluster/APKBUILD
new file mode 100644
index 0000000000..9d92b9b65b
--- /dev/null
+++ b/main/pgcluster/APKBUILD
@@ -0,0 +1,51 @@
+# Maintainer: Cameron Banta <cbanta@gmail.com>
+pkgname=pgcluster
+pkgver=1.9.0_rc5
+_myver=1.9.0rc5
+pkgrel=1
+pkgdesc="PostgreSQL with multi-master cluster/replication patch"
+url="http://pgfoundry.org/projects/pgcluster/"
+license="BSD"
+depends=
+makedepends="readline-dev openssl-dev zlib-dev"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-libpq $pkgname-client"
+source="http://pgfoundry.org/frs/download.php/1705/$pkgname-$_myver.tar.gz
+	$pkgname.initd
+	$pkgname.confd
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$_myver || return 1
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--with-docdir=/usr/share/doc \
+		--with-openssl \
+		|| return 1
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+
+	install -D -m755 "$srcdir"/$pkgname.initd \
+		"$pkgdir"/etc/init.d/$pkgname
+	install -D -m644 "$srcdir"/$pkgname.confd \
+		"$pkgdir"/etc/conf.d/$pkgname || return 1
+}
+
+libpq() {
+	depends=
+	pkgdesc="PGCluster libraries"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libpq.so* "$subpkgdir"/usr/lib/
+}
+
+client() {
+	depends=
+	pkgdesc="PGCluster client"
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/psql "$subpkgdir"/usr/bin/
+}
+
+
+md5sums="d2fe705e25a01c19c8f8daa1fbcc55d1  pgcluster-1.9.0rc5.tar.gz
+ad21a30c7fd5ce9de1290c317492a0e5  pgcluster.initd
+503f94824fc7a385a831d7e55b74f9a0  pgcluster.confd"
diff --git a/main/pgcluster/pgcluster.confd b/main/pgcluster/pgcluster.confd
new file mode 100644
index 0000000000..9e1376eec7
--- /dev/null
+++ b/main/pgcluster/pgcluster.confd
@@ -0,0 +1,57 @@
+# PostgreSQL's Database Directory
+PGDATA="/var/lib/postgresql/pgcluster"
+
+# PostgreSQL User
+PGUSER="postgres"
+
+# PostgreSQL Group
+PGGROUP="postgres"
+
+# control what gets started by init script
+PG_START_DB="yes"
+PG_START_REPLICATE="yes"
+PG_START_LB="no"
+
+# Extra options to run postmaster with, e.g.:
+# -N is the maximal number of client connections
+# -B is the number of shared buffers and has to be at least 2x the value for -N
+# Please read the man-page to postmaster for more options. Many of these options
+# can be set directly in the configuration-file.
+#PGOPTS="-N 512 -B 1024"
+
+
+# SERVER SHUTDOWN:
+# The server will receive 3 signals in the worst case:
+# 1. SIGTERM
+#  This signals the server to ignore new connections and to
+#  wait for all clients to end their transactions before shutting down.
+#  Use WAIT_FOR_DISCONNECT to control how much time the clients
+#  should have until the next signal is being sent.
+# 2. SIGINT
+#  Tell the server to forcefully disconnect all clients.
+#  Terminating a client results in a rollback of the open transactions for this client.
+#  Use WAIT_FOR_CLEANUP to determine how much time the server has
+#  for cleanup.
+# 3. SIGQUIT
+#  This will terminate the server immediately and results in a recovery run for the next start.
+
+# Wait for clients to disconnect
+WAIT_FOR_DISCONNECT=30
+
+# Time the server has to clean up
+WAIT_FOR_CLEANUP=60
+
+# Time the server has to quit (with a recover-run on next startup)
+# Set to 0 to deactivate it
+WAIT_FOR_QUIT=60
+
+# Comment this out if you don't want to wait for the server to
+# startup before continuing.  For example, if this server is a 
+# PITR log shipping based replication standby
+WAIT_FOR_START="-w"
+
+# If you have to export environment variables for the database process,
+# this can be done here.
+#
+# Example:
+#   export R_HOME="/usr/lib/R"
diff --git a/main/pgcluster/pgcluster.initd b/main/pgcluster/pgcluster.initd
new file mode 100644
index 0000000000..fb5cdfdf35
--- /dev/null
+++ b/main/pgcluster/pgcluster.initd
@@ -0,0 +1,172 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql-server/files/postgresql.init-8.3,v 1.4 2008/09/28 22:53:02 caleb Exp $
+
+opts="${opts} reload setup"
+
+depend() {
+	use net
+	provide postgresql
+}
+
+checkconfig() {
+	if [ ! -d "$PGDATA" ] ; then
+		eerror "Directory not found: $PGDATA"
+		eerror "Please make sure that PGDATA points to the right path."
+		eerror "You can run '/etc/init.d/pgcluster setup' to setup a new database cluster."
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	#ebegin "Starting PostgreSQL"
+
+	if [ -f "$PGDATA/postmaster.pid" ] ; then
+		rm -f "$PGDATA/postmaster.pid"
+	fi
+
+	local retval
+
+	if [ ${PG_START_DB} == "yes" ]; then 
+		ebegin "Starting PGCluster database instance"
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl start ${WAIT_FOR_START} -o '--silent-mode=true ${PGOPTS}'" >/dev/null
+		retval=$?
+		if [ $retval -ne 0 ]; then
+			eend $retval 
+		else
+
+			# The following is to catch the case of an already running server
+			# in which pg_ctl doesn't know to which server it connected to and false reports the server as 'up'
+			sleep 2
+			if [ ! -f "$PGDATA/postmaster.pid" ] ; then
+				eerror "The pid-file doesn't exist but pg_ctl reported a running server."
+				eerror "Please check whether there is another server running on the same port or read the log-file."
+				eend 1 
+			else
+				local pid=$(grep "^[0-9]\+" "$PGDATA/postmaster.pid")
+				test -d /proc/"${pid}" 
+				eend $?
+			fi
+		fi
+	fi
+
+	if [ ${PG_START_REPLICATE} == "yes" ]; then
+		ebegin "Starting PGCluster replicate instance"
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pgreplicate -D ${PGDATA} -l" >/dev/null
+		retval=$?
+		sleep 1
+		if [ ! -f "$PGDATA/pgreplicate.pid" ] ; then
+			eerror "Where's the pid file?"
+			eend 1 
+		else
+			local pid=$(grep "^[0-9]\+" "$PGDATA/pgreplicate.pid")
+			test -d /proc/"${pid}" 
+			eend $?
+		fi
+	fi
+
+	if [ ${PG_START_LB} == "yes" ]; then
+		ebegin "Starting PGCluster load balancer instance"
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pglb -D ${PGDATA} -l" >/dev/null
+		retval=$?
+		sleep 1
+		if [ ! -f "$PGDATA/pglb.pid" ] ; then
+			eerror "Where's the pid file?"
+			eend 1 
+		else
+			local pid=$(grep "^[0-9]\+" "$PGDATA/pglb.pid")
+			test -d /proc/"${pid}" 
+			eend $?
+		fi
+	fi
+	return
+}
+
+stop() {
+	local retval
+
+	if [ ${PG_START_LB} == "yes" ]; then
+		ebegin "Stopping PGCluster Load Balancer instance"
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pglb -D ${PGDATA} -l stop" >/dev/null
+		eend $?
+	fi
+	if [ ${PG_START_REPLICATE} == "yes" ]; then
+		ebegin "Stopping PGCluster Replicate instance"
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pgreplicate -D ${PGDATA} -l stop" >/dev/null
+		eend $?
+	fi
+
+
+	if [ ${PG_START_DB} == "yes" ]; then 
+		ebegin "Stopping PGCLuster database (this can take up to $(( ${WAIT_FOR_DISCONNECT} + ${WAIT_FOR_CLEANUP} )) seconds)"
+		if [ ! -f "$PGDATA/postmaster.pid" ] ; then
+			ewarn "$PGDATA/postmaster.pid not found. Was it running?"
+			eend 1
+			return 0
+		fi
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl stop -t ${WAIT_FOR_DISCONNECT} -m smart" >/dev/null
+
+		retval=$?
+		[ $retval -eq 0 ] && eend $retval && return $retval
+
+		ewarn "Some clients did not disconnect within ${WAIT_FOR_DISCONNECT} seconds."
+		ewarn "Going to shutdown the server anyway."
+
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl stop -m fast" >/dev/null
+
+		retval=$?
+		[ $retval -eq 0 ] && eend $retval && return $retval
+
+		if [ ${WAIT_FOR_QUIT} -eq 0 ] ; then
+			eerror "Server did not shut down and sending the SIGQUIT has been disabled."
+			eend $retval
+			return $retval
+		fi
+
+		ewarn "Shutting down the server gracefully failed."
+		ewarn "Forcing it to shutdown which leads to a recover-run on next startup."
+
+		su -l ${PGUSER} \
+			-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl stop -m immediate" >/dev/null
+
+		retval=$?
+		[ $retval -eq 0 ] && eend $retval && return $retval
+
+		eerror "Forced shutdown failed!!! Something is wrong with your system, please take care of it manually."
+		eend $?
+	fi
+}
+
+reload() {
+	ebegin "Reloading PostgreSQL configuration"
+	su -l ${PGUSER} \
+		-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl reload" >/dev/null
+	eend $?
+}
+
+setup() { 
+	ebegin "Creating a new PGCluster database cluster" 
+	if [ -d "${PGDATA}" ] ; then 
+		eend 1 "${PGDATA} already exist" 
+		return 
+	fi 
+	mkdir -p "${PGDATA}" 
+	chown -Rf postgres:postgres "${PGDATA}" 
+	chmod 0700 "${PGDATA}" 
+	cd "${PGDATA}" # to avoid the: could not change directory to "/root" 
+	su -c "/usr/bin/initdb --pgdata ${PGDATA}" postgres
+	einfo "You can use the '/etc/init.d/pgcluster' script to run PostgreSQL instead"
+	einfo "of 'pg_ctl'."
+	eend $? 
+} 
+
diff --git a/main/pgpool/APKBUILD b/main/pgpool/APKBUILD
new file mode 100644
index 0000000000..980b3019a8
--- /dev/null
+++ b/main/pgpool/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Cameron <cbanta@gmail.com>
+# Maintainer: Cameron <cbanta@gmail.com>
+pkgname=pgpool
+_opkgname=pgpool-II
+pkgver=2.2.2
+pkgrel=0
+pkgdesc="Pgpool II is a connection pooling/replication server for PostgreSQL."
+url="http://pgfoundry.org/projects/pgpool/"
+license="BSD"
+makedepends="postgresql-dev"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://pgfoundry.org/frs/download.php/2191/$_opkgname-$pkgver.tar.gz
+	$pkgname.initd"
+
+build() {
+	cd "$srcdir/$_opkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+}
+
+md5sums="6f14514ed4ed5368ad3ab7e2d4c5136b  pgpool-II-2.2.2.tar.gz
+21573def15ffd08a07221569ef54c149  pgpool.initd"
diff --git a/main/pgpool/pgpool.initd b/main/pgpool/pgpool.initd
new file mode 100644
index 0000000000..d577cf9e16
--- /dev/null
+++ b/main/pgpool/pgpool.initd
@@ -0,0 +1,24 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: $
+
+depend() {
+	need net
+	use postgresql
+}
+
+start() {
+	ebegin "Starting pgpool-II"
+	start-stop-daemon --start --quiet --exec /usr/bin/pgpool --f /etc/pgpool.conf -F /etc/pcp.conf
+	result=$?
+	eend $result
+}
+
+stop() {
+	ebegin "Stopping pgpool-II"
+	start-stop-daemon --stop --quiet --pidfile /var/run/pgpool.pid
+	result=$?
+	eend $result
+}
+
diff --git a/main/php-apc/APKBUILD b/main/php-apc/APKBUILD
new file mode 100644
index 0000000000..d3460aaa56
--- /dev/null
+++ b/main/php-apc/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=php-apc
+pkgver=3.1.2
+pkgrel=0
+pkgdesc="Alternative PHP Cache"
+url="http://pecl.php.net/package/APC"
+license="PHP"
+depends="php"
+makedepends="php-dev autoconf pcre-dev"
+subpackages=""
+source="http://pecl.php.net/get/APC-${pkgver}.tgz
+apc.ini"
+
+build() {
+	cd "$srcdir/APC-${pkgver}"
+
+	phpize || return 1
+	./configure --enable-apc \
+	--disable-apc-mmap \
+	--with-php-config=/usr/bin/php-config
+	make || return 1
+	make INSTALL_ROOT=$pkgdir install || return 1
+	install -D -m644 "$srcdir"/apc.ini "$pkgdir"/etc/php/conf.d/apc.ini
+
+}
+
+md5sums="0a18cf164b3e044e27edd4c1d8c3145c  APC-3.1.2.tgz
+1be423cbc197a302abd50cfd5834258b  apc.ini"
diff --git a/main/php-apc/apc.ini b/main/php-apc/apc.ini
new file mode 100644
index 0000000000..eb8a7e8f2c
--- /dev/null
+++ b/main/php-apc/apc.ini
@@ -0,0 +1,11 @@
+;PHP suggest APC settings
+extension=apc.so
+;apc.enabled=1
+;apc.shm_segments=1
+;apc.shm_size=128
+;apc.ttl=7200
+;apc.user_ttl=7200
+;apc.num_files_hint=1024
+;apc.mmap_file_mask=/tmp/apc.XXXXXX
+;apc.enable_cli=1
+
diff --git a/main/php-fileinfo/APKBUILD b/main/php-fileinfo/APKBUILD
new file mode 100644
index 0000000000..8e72f404c3
--- /dev/null
+++ b/main/php-fileinfo/APKBUILD
@@ -0,0 +1,26 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=php-fileinfo
+pkgver=1.0.4
+pkgrel=0
+pkgdesc="This extension allows retrieval of information regarding vast majority of file."
+url="http://pecl.php.net/package/Fileinfo"
+license="PHP"
+depends="file php"
+makedepends="autoconf php-dev file-dev"
+install=""
+source="http://pecl.php.net/get/Fileinfo-$pkgver.tgz
+	magic.patch"
+
+build ()
+{
+	cd $srcdir/Fileinfo-$pkgver
+	patch -p1 -i "$srcdir"/magic.patch || return 1
+	phpize || return 1
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make INSTALL_ROOT="$pkgdir" install || return 1
+	echo ';extension=fileinfo.so' > fileinfo.ini
+	install -D -m644 fileinfo.ini "$pkgdir"/etc/php/conf.d/fileinfo.ini
+}
+md5sums="2854e749db157365c769cb9496f5586f  Fileinfo-1.0.4.tgz
+e2689b892a795f1b9c601997dd48edab  magic.patch"
diff --git a/main/php-fileinfo/magic.patch b/main/php-fileinfo/magic.patch
new file mode 100644
index 0000000000..7f939e8b88
--- /dev/null
+++ b/main/php-fileinfo/magic.patch
@@ -0,0 +1,13 @@
+--- a/config.m4	2006-11-07 22:31:19.000000000 +0100
++++ b/config.m4	2009-04-19 20:23:37.923512186 +0200
+@@ -47,8 +47,8 @@
+     -L$FILEINFO_DIR/lib
+   ])
+ 
+-  MAGIC_MIME_DIRS="/usr/local/share/file /usr/share/file /usr/share/misc/file /etc /usr/share/misc"
+-  MAGIC_MIME_FILENAMES="magic magic.mime"
++  MAGIC_MIME_DIRS="/usr/share/misc/file"
++  MAGIC_MIME_FILENAMES="magic.mgc"
+   
+   for i in $MAGIC_MIME_DIRS; do
+     for j in $MAGIC_MIME_FILENAMES; do
diff --git a/main/php/APKBUILD b/main/php/APKBUILD
new file mode 100644
index 0000000000..f1a36a24e9
--- /dev/null
+++ b/main/php/APKBUILD
@@ -0,0 +1,144 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=php
+pkgver=5.2.10
+pkgrel=0
+pkgdesc="The PHP language runtime engine"
+url="http://www.php.net/"
+license="PHP-3"
+depends=
+makedepends="pcre-dev libxml2-dev libiconv-dev openssl-dev zlib-dev bzip2-dev
+	curl-dev libpng-dev jpeg-dev freetype-dev libmcrypt-dev mysql-dev
+	sqlite-dev libtool libltdl postgresql-dev"
+subpackages="$pkgname-doc $pkgname-dev $pkgname-bcmath $pkgname-bz2
+	$pkgname-calendar $pkgname-curl $pkgname-exif $pkgname-ftp $pkgname-gd
+	$pkgname-iconv $pkgname-json $pkgname-mcrypt $pkgname-mime_magic
+	$pkgname-mysql $pkgname-mysqli $pkgname-openssl $pkgname-pdo
+	$pkgname-pdo_mysql $pkgname-pdo_sqlite $pkgname-posix $pkgname-session
+	$pkgname-shmop $pkgname-soap $pkgname-sockets $pkgname-sqlite
+	$pkgname-sysvmsg $pkgname-sysvsem $pkgname-sysvshm $pkgname-xmlrpc
+	$pkgname-zip $pkgname-zlib $pkgname-postgresql $pkgname-pdo_pgsql"
+source="http://www.php.net/distributions/${pkgname}-${pkgver}.tar.bz2"
+
+build() {
+        cd "$srcdir/$pkgname-$pkgver"
+
+        ./configure --build=${CHOST:-i486-alpine-linux-uclibc} \
+		--prefix=/usr \
+		--sysconfdir=/etc/php \
+		--with-layout=GNU \
+		--with-config-file-path=/etc/php \
+		--with-config-file-scan-dir=/etc/php/conf.d \
+		--enable-inline-optimization \
+		--disable-debug \
+		--disable-rpath \
+		--disable-static \
+		--enable-shared \
+		--mandir=/usr/share/man \
+		--with-openssl=shared \
+		--with-zlib=shared \
+		--enable-bcmath=shared \
+		--with-bz2=shared \
+		--enable-calendar=shared \
+		--with-curl=shared \
+		--enable-exif=shared \
+		--enable-ftp=shared \
+		--with-gd=shared \
+		--with-jpeg-dir=shared,/usr \
+		--with-png-dir=shared,/usr \
+		--enable-gd-native-ttf \
+		--enable-mbstring=shared \
+		--with-mcrypt=shared \
+		--with-mysql=shared \
+		--with-mysql-sock=/tmp/mysql.sock \
+		--with-mysql=shared \
+		--with-mysqli=shared \
+		--with-pear=/usr/share/pear \
+		--enable-pdo=shared \
+		--with-pdo-mysql=shared \
+		--with-pdo-sqlite=shared,/usr \
+		--enable-fastcgi \
+		--with-sqlite=shared \
+		--enable-sqlite-utf8 \
+		--enable-shmop=shared \
+		--enable-soap=shared \
+		--enable-sysvmsg=shared \
+		--enable-sysvsem=shared \
+		--enable-sysvshm=shared \
+		--enable-zip=shared \
+		--enable-posix=shared \
+		--enable-sockets=shared \
+		--enable-xml \
+		--with-ttf=shared \
+		--enable-session=shared \
+		--with-regex=php \
+		--with-pcre-regex=/usr \
+		--enable-mbstring=all \
+		--enable-mbregex \
+		--enable-json=shared \
+		--with-iconv=shared \
+		--with-xmlrpc=shared \
+		--enable-cgi \
+		--with-freetype-dir=shared,/usr \
+		--with-mime-magic=shared \
+		--enable-discard-path \
+		--enable-force-cgi-redirect \
+		--disable-cli \
+		--with-pgsql=shared \
+		--with-pdo-pgsql=shared \
+		--with-pic
+
+        make || return 1
+        make -j1 INSTALL_ROOT="$pkgdir" install || return 1
+        install -D -m644 php.ini-recommended "$pkgdir"/etc/php/php.ini
+}
+
+_mv_mod() {
+	local d=usr/lib/php/20060613
+	mkdir -p "$subpkgdir/$d"
+	mv "$pkgdir/$d/${1}.so" "$subpkgdir/$d/" || return 1
+	# last one removed the dir
+	rmdir "$pkgdir/$d" 2>/dev/null
+	return 0
+}
+
+bcmath()	{ _mv_mod bcmath; }
+bz2()		{ _mv_mod bz2; }
+calendar()	{ _mv_mod calendar; }
+curl()		{ _mv_mod curl; }
+exif()		{ _mv_mod exif; }
+ftp()		{ _mv_mod ftp; }
+gd()		{ _mv_mod gd; }
+iconv()		{ _mv_mod iconv; }
+json()		{ _mv_mod json; }
+mcrypt()	{ _mv_mod mcrypt; }
+mime_magic()	{ _mv_mod mime_magic; }
+mysql()		{ _mv_mod mysql; }
+mysqli()	{ _mv_mod mysqli; }
+openssl()	{ _mv_mod openssl; }
+pdo()		{ _mv_mod pdo; }
+pdo_mysql()	{ _mv_mod pdo_mysql; }
+pdo_sqlite()	{ _mv_mod pdo_sqlite; }
+posix()		{ _mv_mod posix; }
+session()	{ _mv_mod session; }
+shmop()		{ _mv_mod shmop; }
+soap()		{ _mv_mod soap; }
+sockets()	{ _mv_mod sockets; }
+sqlite()	{ _mv_mod sqlite; }
+sysvmsg()	{ _mv_mod sysvmsg; }
+sysvsem()	{ _mv_mod sysvsem; }
+sysvshm()	{ _mv_mod sysvshm; }
+xmlrpc()	{ _mv_mod xmlrpc; }
+zip()		{ _mv_mod zip; }
+zlib()		{ _mv_mod zlib; }
+postgresql()	{ _mv_mod pgsql; }
+pdo_pgsql()	{ _mv_mod pdo_pgsql; }
+
+# devleoper package
+dev() {
+	default_dev
+	mkdir -p "$subpkgdir"/usr/lib/php/
+	mv "$pkgdir"/usr/lib/php/build "$subpkgdir"/usr/lib/php/
+}
+
+md5sums="15c7b5a87f57332d6fc683528e28247b  php-5.2.10.tar.bz2"
diff --git a/main/pinentry/APKBUILD b/main/pinentry/APKBUILD
new file mode 100644
index 0000000000..5322ebe7a2
--- /dev/null
+++ b/main/pinentry/APKBUILD
@@ -0,0 +1,42 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=pinentry
+pkgver=0.7.5
+_uiconv_ver=0.3
+pkgrel=0
+pkgdesc="Collection of simple PIN or passphrase entry dialogs which utilize the Assuan protocol"
+url="http://www.gnupg.org/aegypten2"
+license="GPL-2"
+depends="ncurses libcap"
+makedepends="ncurses-dev libcap-dev"
+subpackages="$pkgname-doc"
+source="ftp://ftp.gnupg.org/gcrypt/$pkgname/$pkgname-$pkgver.tar.gz
+	http://git.alpinelinux.org/cgit/uiconv/snapshot/uiconv-$_uiconv_ver.tar.bz2
+	"
+
+build () {
+	# we build it against uiconv to avoid the bloaty GNU libiconv.
+	# it will be linked statically so we don't need it in depends
+	cd "$srcdir/uiconv-$_uiconv_ver"
+	make
+	make DESTDIR="$srcdir" PREFIX=/uiconv install
+
+	cd "$srcdir"/$pkgname-$pkgver
+
+	# the configure script have a broken --with-libiconv-prefix option
+	# so we set the -I and -L flags hard
+	export CFLAGS="$CFLAGS -I $srcdir/uiconv/include"
+	export LDFLAGS="$LDFLAGS -L $srcdir/uiconv/lib"
+
+	./configure --prefix=/usr \
+		--disable-pinentry-gtk \
+		--disable-pinentry-gtk2 \
+		--disable-pinentry-qt \
+		--enable-pinentry-curses \
+		--enable-fallback-curses \
+		--with-libiconv-prefix="$srcdir"/uiconv
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="ca492afbbb59cd19f1c875533f18b269  pinentry-0.7.5.tar.gz
+5cd7f80085324d08cb976fec674cd98d  uiconv-0.3.tar.bz2"
diff --git a/main/pingu/APKBUILD b/main/pingu/APKBUILD
new file mode 100644
index 0000000000..fdd91972ab
--- /dev/null
+++ b/main/pingu/APKBUILD
@@ -0,0 +1,23 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=pingu
+pkgver=0.3
+pkgrel=0
+pkgdesc="Small daemon that pings hosts and executes a script when status change"
+url="http://git.alpinelinux.org/cgit/pingu"
+license="GPL"
+depends="uclibc"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshot/$pkgname-$pkgver.tar.bz2
+	pingu.initd
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make || return 1
+	make BINDIR=/usr/sbin DESTDIR="$pkgdir" install
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+}
+
+md5sums="59f9c927a80c71d85f2363e314a25197  pingu-0.3.tar.bz2
+d2162d9c02a66691bb6360f4f2d9d701  pingu.initd"
diff --git a/main/pingu/pingu.initd b/main/pingu/pingu.initd
new file mode 100644
index 0000000000..39301f80e4
--- /dev/null
+++ b/main/pingu/pingu.initd
@@ -0,0 +1,27 @@
+#!/sbin/runscript
+
+# Sample init.d file for alpine linux.
+
+NAME=pingu
+DAEMON=/usr/bin/$NAME
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting ${NAME}"
+		start-stop-daemon --start --quiet \
+			--pidfile /var/run/${NAME}.pid \
+			--exec ${DAEMON} -- -d
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+		start-stop-daemon --stop --quiet \
+			--exec ${DAEMON} \
+			--pidfile /var/run/${NAME}.pid
+	eend $?
+}
+
diff --git a/main/pkgconfig/APKBUILD b/main/pkgconfig/APKBUILD
new file mode 100644
index 0000000000..afdb272888
--- /dev/null
+++ b/main/pkgconfig/APKBUILD
@@ -0,0 +1,19 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=pkgconfig
+pkgver=0.23
+pkgrel=0
+pkgdesc="A system for managing library compile/link flags"
+url="http://pkgconfig.freedesktop.org/wiki/"
+license="GPL"
+depends=
+source="http://$pkgname.freedesktop.org/releases/pkg-config-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir"/pkg-config-$pkgver
+	./configure --prefix=/usr
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="d922a88782b64441d06547632fd85744  pkg-config-0.23.tar.gz"
diff --git a/main/popt/APKBUILD b/main/popt/APKBUILD
new file mode 100644
index 0000000000..a46f218c2e
--- /dev/null
+++ b/main/popt/APKBUILD
@@ -0,0 +1,19 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=popt
+pkgver=1.14
+pkgrel=0
+pkgdesc="A commandline option parser"
+url="http://rpm5.org"
+license="custom"
+depends=
+source="http://rpm5.org/files/$pkgname/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build ()
+{
+	cd $srcdir/$pkgname-$pkgver
+	./configure --prefix=/usr 
+	make || return 1
+	make DESTDIR=$pkgdir install || return 1
+}
+md5sums="4f90a07316eb825604dd10ae4f9f3f04  popt-1.14.tar.gz"
diff --git a/main/portmap/APKBUILD b/main/portmap/APKBUILD
new file mode 100644
index 0000000000..7539f314aa
--- /dev/null
+++ b/main/portmap/APKBUILD
@@ -0,0 +1,39 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=portmap
+pkgver=6.0
+pkgrel=2
+pkgdesc="RPC connection manager"
+url="http://neil.brown.name/portmap/"
+license="GPL"
+depends="uclibc"
+makedepends=""
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc"
+source="http://neil.brown.name/$pkgname/$pkgname-$pkgver.tgz
+	$pkgname-6.0-tcpd.patch
+	$install
+	$pkgname.confd
+	$pkgname.initd"
+
+build () 
+{ 
+	cd "$srcdir"/portmap_$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+
+	make NO_TCP_WRAPPER=NO || return 1
+	mkdir -p "$pkgdir"/sbin
+	mkdir -p "$pkgdir"/usr/share/man/man8
+	make BASEDIR="$pkgdir" install
+	mkdir -p "$pkgdir"/etc/init.d "$pkgdir"/etc/conf.d
+	install -m 755 "$startdir"/$pkgname.initd $pkgdir/etc/init.d/$pkgname
+	install -m 644 "$startdir"/$pkgname.confd $pkgdir/etc/conf.d/$pkgname
+}
+
+md5sums="ac108ab68bf0f34477f8317791aaf1ff  portmap-6.0.tgz
+bdcd217a0d459c75116d0b5aa90a372b  portmap-6.0-tcpd.patch
+b726a64e91b47244a7539288338c6bbd  portmap.pre-install
+56b0f47cda2003f3394ef7c37ec4cdff  portmap.confd
+2944aa0387aba4ed6219d7856e5e8fb0  portmap.initd"
diff --git a/main/portmap/portmap-6.0-tcpd.patch b/main/portmap/portmap-6.0-tcpd.patch
new file mode 100644
index 0000000000..c6af8f8c80
--- /dev/null
+++ b/main/portmap/portmap-6.0-tcpd.patch
@@ -0,0 +1,18 @@
+Enable compile without tcp-wrappers
+
+Patch by Timothy Redaelli <drizzt@gentoo.org>
+
+http://bugs.gentoo.org/178242
+
+--- portmap_6.0/pmap_check.c
++++ portmap_6.0/pmap_check.c
+@@ -44,7 +44,9 @@
+ #include <netinet/in.h>
+ #include <rpc/rpcent.h>
+ #endif
++#ifdef HOSTS_ACCESS
+ #include <tcpd.h>
++#endif
+ #include <arpa/inet.h>
+ #include <grp.h>
+ 
diff --git a/main/portmap/portmap.confd b/main/portmap/portmap.confd
new file mode 100644
index 0000000000..c2756c992b
--- /dev/null
+++ b/main/portmap/portmap.confd
@@ -0,0 +1,5 @@
+# /etc/conf.d/portmap: config file for /etc/init.d/portmap
+
+# Options for `portmap`.
+# For a full list, just run `portmap -h`.
+#PORTMAP_OPTS="-l"
diff --git a/main/portmap/portmap.initd b/main/portmap/portmap.initd
new file mode 100644
index 0000000000..65d23d7484
--- /dev/null
+++ b/main/portmap/portmap.initd
@@ -0,0 +1,46 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nds/portmap/files/portmap.rc6,v 1.12 2007/06/13 07:52:44 vapier Exp $
+
+depend() {
+	use net
+	before inetd
+	before xinetd
+}
+
+start() {
+	ebegin "Starting portmap"
+	start-stop-daemon --start --quiet --exec /sbin/portmap -- ${PORTMAP_OPTS}
+	local ret=$?
+	eend ${ret}
+	# without, if a service depending on portmap is started too fast,
+	# connecting to portmap will fail -- azarah
+	sleep 1
+	return ${ret}
+}
+
+stop() {
+	ebegin "Stopping portmap"
+	start-stop-daemon --stop --quiet --exec /sbin/portmap
+	eend $?
+}
+
+restart() {
+	# Dump the portmapper's table before stopping
+	ebegin "Saving portmap table"
+	local pmap=$(pmap_dump)
+	eend $?
+
+	# Stop and restart portmapper
+	svc_stop
+	sleep 1
+	svc_start
+
+	# Reload the portmapper's table
+	if [ -n "${pmap}" ] ; then
+		ebegin "Reloading portmap table"
+		echo "${pmap}" | pmap_set
+		eend $?
+	fi
+}
diff --git a/main/portmap/portmap.pre-install b/main/portmap/portmap.pre-install
new file mode 100644
index 0000000000..b0dcfb9c5c
--- /dev/null
+++ b/main/portmap/portmap.pre-install
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+adduser -h /dev/null -s /bin/false -D rpc 2>/dev/null || true
diff --git a/main/postfix/APKBUILD b/main/postfix/APKBUILD
new file mode 100644
index 0000000000..71a9199c07
--- /dev/null
+++ b/main/postfix/APKBUILD
@@ -0,0 +1,151 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=postfix
+pkgver=2.6.2
+pkgrel=3
+pkgdesc="Secure and fast drop-in replacement for Sendmail (MTA)"
+url="http://www.postfix.org/"
+license="IPL-1"
+depends=
+makedepends="db-dev pcre-dev openssl-dev postgresql-dev mysql-dev openldap-dev cyrus-sasl-dev perl"
+install="$pkgname.pre-install $pkgname.post-install"
+subpackages="$pkgname-doc $pkgname-ldap $pkgname-mysql $pkgname-pcre
+	$pkgname-pgsql"
+source="ftp://ftp.porcupine.org/mirrors/$pkgname-release/official/$pkgname-$pkgver.tar.gz
+	$pkgname.initd
+	$install
+	postfix-2.6.1-dynamicmaps.patch
+	dynamicmaps.cf
+	postfix-ldap.post-install
+	postfix-mysql.post-install
+	postfix-pcre.post-install
+	postfix-pgsql.post-install
+	"
+
+# the dynamic maps patch is taken from mandriva
+# http://svn.mandriva.com/cgi-bin/viewvc.cgi/packages/cooker/postfix/current/SOURCES
+
+_shared_libs() {
+	file --mime-type "$@" | \
+		awk '$2 == "application/x-sharedlib" {print $1}' | \
+		tr -d :
+}
+
+build () { 
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+	cp ../dynamicmaps.cf conf/
+
+	sed -i -e "s|#define HAS_NIS|//#define HAS_NIS|g" \
+		-e "/^#define ALIAS_DB_MAP/s|:/etc/aliases|:/etc/postfix/aliases|" \
+		src/util/sys_defs.h || return 1
+	sed -i -e "s:/usr/local/:/usr/:g" conf/master.cf || return 1
+
+	# needed for dynamic maps.
+	local ccargs="-DHAS_DLOPEN -DHAS_SHL_LOAD"
+	local auxlibs="$LDFLAGS -lpthread -lcrypt"
+
+	ccargs="$ccargs -DDEF_DAEMON_DIR=\\\"/usr/lib/postfix\\\""
+
+	# pcre
+	ccargs="$ccargs -DHAS_PCRE"
+	#auxlibs="$auxlibs -lpcre"
+
+	# ssl
+	ccargs="$ccargs -DUSE_TLS"
+	auxlibs="$auxlibs -lssl -lcrypto" 
+
+	## dovecot-sasl
+	#ccargs="$ccargs -DUSE_SASL_AUTH -DDEF_SERVER_SASL_TYPE=\\\"dovecot\\\""
+
+	# cyrus sasl
+	ccargs="$ccargs	-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl"
+	auxlibs="$auxlibs -lsasl2"
+
+	# postgresql
+	ccargs="$ccargs -DHAS_PGSQL -I$(pg_config --includedir)"
+	#auxlibs="$auxlibs -lpq -L$(pg_config --libdir)"
+
+	# mysql
+	ccargs="$ccargs -DHAS_MYSQL $(mysql_config --include)"
+	#auxlibs="$auxlibs -lmysqlclient -lm -lz"
+
+	# compile
+	make DEBUG="" \
+		OPT="$CFLAGS" \
+		CCARGS="$ccargs" \
+		AUXLIBS="$auxlibs" \
+		makefiles || return 1
+	
+	make OPT="$CFLAGS" || return 1
+
+	for i in $(_shared_libs lib/*.a); do
+		j=${i#lib/lib}
+		ln -s ${i#lib/} lib/libpostfix-${j%.a}.so.1
+	done
+
+	# install to pkgdir
+	LD_LIBRARY_PATH=$PWD/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} make \
+		non-interactive-package \
+		install_root="$pkgdir" \
+		config_directory=/usr/share/doc/$pkgname/defaults \
+		readme_directory=/usr/share/doc/$pkgname/readme \
+		manpage_directory=/usr/share/man \
+		|| return 1
+
+	install -d "$pkgdir"/usr/lib
+	for i in $(_shared_libs lib/*.a); do
+		j=${i#lib/lib}
+		install $i "$pkgdir"/usr/lib/libpostfix-${j%.a}.so.1 || return 1
+	done
+
+	# fix permissions
+	for i in postdrop postqueue; do
+		chgrp postdrop "$pkgdir"/usr/sbin/$i
+		chmod g+s "$pkgdir"/usr/sbin/$i
+	done
+
+	mkdir -p "$pkgdir"/etc/postfix
+	mv "$pkgdir"/usr/share/doc/$pkgname/defaults/*.cf \
+		"$pkgdir"/usr/share/doc/$pkgname/defaults/aliases \
+		"$pkgdir"/usr/share/doc/$pkgname/defaults/canonical \
+		"$pkgdir"/usr/share/doc/$pkgname/defaults/generic \
+		"$pkgdir"/usr/share/doc/$pkgname/defaults/header_checks \
+		"$pkgdir"/usr/share/doc/$pkgname/defaults/relocated \
+		"$pkgdir"/usr/share/doc/$pkgname/defaults/transport \
+		"$pkgdir"/usr/share/doc/$pkgname/defaults/virtual \
+		"$pkgdir"/etc/postfix/ || return 1
+
+	install -d -o postfix -g postfix "$pkgdir"/var/spool/postfix
+	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/${pkgname}/LICENSE
+}
+
+_mv_dict() {
+	local m=$1
+	shift
+	pkgdesc="$m map support for postfix"
+	depends=
+	install="postfix-${m}.post-install"
+	mkdir -p "$subpkgdir"/usr/lib/postfix
+	mv "$pkgdir"/usr/lib/postfix/dict_${m}.so \
+		"$subpkgdir"/usr/lib/postfix/
+}
+
+ldap()  { _mv_dict ldap ; }
+mysql() { _mv_dict mysql ;}
+pcre()  { _mv_dict pcre ; }
+pgsql() { _mv_dict pgsql ; }
+
+md5sums="1f0edbd521d2b0473626f4d61e8bb4eb  postfix-2.6.2.tar.gz
+8416354d402f3be288fa98b60af86240  postfix.initd
+2bfc3864183694e5484ac073bb0cb7ef  postfix.pre-install
+0064d45c2c8a46c374b55c4abc46cfb2  postfix.post-install
+d45552cfdcd911d0934c0cb7816c4011  postfix-2.6.1-dynamicmaps.patch
+442efd1a95b0c061dfb8ab75456e0f24  dynamicmaps.cf
+2ebe51a882eb9d6d7866583eb6af3969  postfix-ldap.post-install
+2ebe51a882eb9d6d7866583eb6af3969  postfix-mysql.post-install
+fd16ec00b60269c4ede4a0a0a514cefa  postfix-pcre.post-install
+2ebe51a882eb9d6d7866583eb6af3969  postfix-pgsql.post-install"
diff --git a/main/postfix/dynamicmaps.cf b/main/postfix/dynamicmaps.cf
new file mode 100644
index 0000000000..dfe2110552
--- /dev/null
+++ b/main/postfix/dynamicmaps.cf
@@ -0,0 +1,16 @@
+# Postfix dynamic maps configuration file.
+#
+# The first match found is the one that is used.  Wildcards are not
+# supported.
+#
+#type	location of .so file         	name of open function
+#====	=============================	=====================
+#ldap	/usr/lib/postfix/dict_ldap.so	dict_ldap_open 
+#mysql	/usr/lib/postfix/dict_mysql.so	dict_mysql_open
+#pcre	/usr/lib/postfix/dict_pcre.so	dict_pcre_open
+#regex	/usr/lib/postfix/dict_pcre.so	dict_pcre_open
+#pgsql	/usr/lib/postfix/dict_pgsql.so	dict_pgsql_open
+
+# apk tools will manage the lines below
+## AUTO BEGIN ##
+## AUTO END ##
diff --git a/main/postfix/postfix-2.6.1-dynamicmaps.patch b/main/postfix/postfix-2.6.1-dynamicmaps.patch
new file mode 100644
index 0000000000..630abedc3b
--- /dev/null
+++ b/main/postfix/postfix-2.6.1-dynamicmaps.patch
@@ -0,0 +1,5273 @@
+diff -ruN a/conf/postfix-files b/conf/postfix-files
+--- a/conf/postfix-files	2009-06-01 12:27:42.000000000 +0000
++++ b/conf/postfix-files	2009-06-01 13:08:26.000000000 +0000
+@@ -65,6 +65,10 @@
+ $queue_directory/trace:d:$mail_owner:-:700:ucr
+ $daemon_directory/anvil:f:root:-:755
+ $daemon_directory/bounce:f:root:-:755
++$daemon_directory/dict_ldap.so:f:root:-:755
++$daemon_directory/dict_pcre.so:f:root:-:755
++$daemon_directory/dict_mysql.so:f:root:-:755
++$daemon_directory/dict_pgsql.so:f:root:-:755
+ $daemon_directory/cleanup:f:root:-:755
+ $daemon_directory/discard:f:root:-:755
+ $daemon_directory/error:f:root:-:755
+@@ -94,6 +98,11 @@
+ $daemon_directory/trivial-rewrite:f:root:-:755
+ $daemon_directory/verify:f:root:-:755
+ $daemon_directory/virtual:f:root:-:755
++/usr/lib/libpostfix-dns.so.1:f:root:-:755
++/usr/lib/libpostfix-global.so.1:f:root:-:755
++/usr/lib/libpostfix-tls.so.1:f:root:-:755
++/usr/lib/libpostfix-master.so.1:f:root:-:755
++/usr/lib/libpostfix-util.so.1:f:root:-:755
+ $daemon_directory/nqmgr:h:$daemon_directory/qmgr
+ $daemon_directory/lmtp:h:$daemon_directory/smtp
+ $command_directory/postalias:f:root:-:755
+@@ -117,6 +126,7 @@
+ $config_directory/aliases:f:root:-:644:p1
+ $config_directory/bounce.cf.default:f:root:-:644:1
+ $config_directory/canonical:f:root:-:644:p1
++$config_directory/dynamicmaps.cf:f:root:-:644:p
+ $config_directory/cidr_table:f:root:-:644:o
+ $config_directory/generic:f:root:-:644:p1
+ $config_directory/generics:f:root:-:644:o
+diff -ruN a/src/dns/Makefile.in b/src/dns/Makefile.in
+--- a/src/dns/Makefile.in	2009-06-01 12:27:43.000000000 +0000
++++ b/src/dns/Makefile.in	2009-06-01 13:08:26.000000000 +0000
+@@ -14,7 +14,7 @@
+ LIB_DIR	= ../../lib
+ INC_DIR	= ../../include
+ 
+-.c.o:;	$(CC) $(CFLAGS) -c $*.c
++.c.o:;	$(CC) -fPIC $(CFLAGS) -c $*.c
+ 
+ all: $(LIB)
+ 
+@@ -31,12 +31,10 @@
+ root_tests:
+ 
+ $(LIB):	$(OBJS)
+-	$(AR) $(ARFL) $(LIB) $?
+-	$(RANLIB) $(LIB)
++	gcc -shared -Wl,-soname,libpostfix-dns.so.1 -o $(LIB) $(OBJS) $(LIBS) $(SYSLIBS)
+ 
+ $(LIB_DIR)/$(LIB): $(LIB)
+ 	cp $(LIB) $(LIB_DIR)
+-	$(RANLIB) $(LIB_DIR)/$(LIB)
+ 
+ update: $(LIB_DIR)/$(LIB) $(HDRS)
+ 	-for i in $(HDRS); \
+diff -ruN a/src/global/Makefile.in b/src/global/Makefile.in
+--- a/src/global/Makefile.in	2009-06-01 12:27:43.000000000 +0000
++++ b/src/global/Makefile.in	2009-06-01 13:08:26.000000000 +0000
+@@ -34,7 +34,7 @@
+ 	canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
+ 	clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
+ 	defer.o deliver_completed.o deliver_flock.o deliver_pass.o \
+-	deliver_request.o dict_ldap.o dict_mysql.o dict_pgsql.o \
++	deliver_request.o \
+ 	dict_proxy.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
+ 	dsb_scan.o dsn.o dsn_buf.o dsn_mask.o dsn_print.o dsn_util.o \
+ 	ehlo_mask.o ext_prop.o file_id.o flush_clnt.o header_opts.o \
+@@ -103,10 +103,13 @@
+ LIB_DIR	= ../../lib
+ INC_DIR	= ../../include
+ MAKES	=
++LDAPSO  = dict_ldap.so
++MYSQLSO = dict_mysql.so
++PGSQLSO = dict_pgsql.so
+ 
+-.c.o:;	$(CC) $(CFLAGS) -c $*.c
++.c.o:;	$(CC) -fPIC $(CFLAGS) -c $*.c
+ 
+-all: $(LIB)
++all: $(LIB) $(LDAPSO) $(MYSQLSO) $(PGSQLSO) 
+ 
+ $(OBJS): ../../conf/makedefs.out
+ 
+@@ -116,14 +119,30 @@
+ test:	$(TESTPROG)
+ 
+ $(LIB):	$(OBJS)
+-	$(AR) $(ARFL) $(LIB) $?
+-	$(RANLIB) $(LIB)
++	gcc -shared -Wl,-soname,libpostfix-global.so.1 -o $(LIB) $(OBJS) $(LIBS) $(SYSLIBS)
++
++$(LDAPSO): dict_ldap.o $(LIB) ../../lib/libglobal.a
++	gcc -shared -Wl,-soname,dict_ldap.so -o $@ $? -lldap -llber -L../../lib -lutil -L. -lglobal
++
++$(MYSQLSO): dict_mysql.o $(LIB) ../../lib/libglobal.a
++	gcc -shared -Wl,-soname,dict_mysql.so -o $@ $? -lmysqlclient -L. -lutil -lglobal
++
++$(PGSQLSO): dict_pgsql.o $(LIB) ../../lib/libglobal.a
++	gcc -shared -Wl,-soname,dict_pgsql.so -o $@ $? -lpq -L. -lutil -lglobal
+ 
+ $(LIB_DIR)/$(LIB): $(LIB)
+ 	cp $(LIB) $(LIB_DIR)
+-	$(RANLIB) $(LIB_DIR)/$(LIB)
+ 
+-update: $(LIB_DIR)/$(LIB) $(HDRS)
++../../libexec/$(LDAPSO): $(LDAPSO)
++	cp $(LDAPSO) ../../libexec
++
++../../libexec/$(MYSQLSO): $(MYSQLSO)
++	cp $(MYSQLSO) ../../libexec
++
++../../libexec/$(PGSQLSO): $(PGSQLSO)
++	cp $(PGSQLSO) ../../libexec
++
++update: $(LIB_DIR)/$(LIB) ../../libexec/$(LDAPSO) ../../libexec/$(MYSQLSO) ../../libexec/$(PGSQLSO) $(HDRS)
+ 	-for i in $(HDRS); \
+ 	do \
+ 	  cmp -s $$i $(INC_DIR)/$$i 2>/dev/null || cp $$i $(INC_DIR); \
+@@ -491,7 +510,7 @@
+ 	lint $(DEFS) $(SRCS) $(LINTFIX)
+ 
+ clean:
+-	rm -f *.o $(LIB) *core $(TESTPROG) junk
++	rm -f *.o $(LIB) $(LDAPSO) $(MYSQLSO) $(PGSQLSO) *core $(TESTPROG) junk
+ 	rm -rf printfck
+ 
+ tidy:	clean
+diff -ruN a/src/global/Makefile.in.orig b/src/global/Makefile.in.orig
+--- a/src/global/Makefile.in.orig	1970-01-01 00:00:00.000000000 +0000
++++ b/src/global/Makefile.in.orig	2009-06-01 13:07:56.000000000 +0000
+@@ -0,0 +1,2018 @@
++SHELL	= /bin/sh
++SRCS	= abounce.c anvil_clnt.c been_here.c bounce.c bounce_log.c \
++	canon_addr.c cfg_parser.c cleanup_strerror.c cleanup_strflags.c \
++	clnt_stream.c conv_time.c db_common.c debug_peer.c debug_process.c \
++	defer.c deliver_completed.c deliver_flock.c deliver_pass.c \
++	deliver_request.c dict_ldap.c dict_mysql.c dict_pgsql.c \
++	dict_proxy.c domain_list.c dot_lockfile.c dot_lockfile_as.c \
++	dsb_scan.c dsn.c dsn_buf.c dsn_mask.c dsn_print.c dsn_util.c \
++	ehlo_mask.c ext_prop.c file_id.c flush_clnt.c header_opts.c \
++	header_token.c input_transp.c int_filt.c is_header.c log_adhoc.c \
++	mail_addr.c mail_addr_crunch.c mail_addr_find.c mail_addr_map.c \
++	mail_command_client.c mail_command_server.c mail_conf.c \
++	mail_conf_bool.c mail_conf_int.c mail_conf_long.c mail_conf_raw.c \
++	mail_conf_str.c mail_conf_time.c mail_connect.c mail_copy.c \
++	mail_date.c mail_dict.c mail_error.c mail_flush.c mail_open_ok.c \
++	mail_params.c mail_pathname.c mail_queue.c mail_run.c \
++	mail_scan_dir.c mail_stream.c mail_task.c mail_trigger.c maps.c \
++	mark_corrupt.c match_parent_style.c mbox_conf.c mbox_open.c \
++	mime_state.c mkmap_cdb.c mkmap_db.c mkmap_dbm.c mkmap_open.c \
++	mkmap_sdbm.c msg_stats_print.c msg_stats_scan.c mynetworks.c \
++	mypwd.c namadr_list.c off_cvt.c opened.c own_inet_addr.c \
++	pipe_command.c post_mail.c quote_821_local.c quote_822_local.c \
++	rcpt_buf.c rcpt_print.c rec_attr_map.c rec_streamlf.c rec_type.c \
++	recipient_list.c record.c remove.c resolve_clnt.c resolve_local.c \
++	rewrite_clnt.c scache_clnt.c scache_multi.c scache_single.c \
++	sent.c smtp_stream.c split_addr.c string_list.c strip_addr.c \
++	sys_exits.c timed_ipc.c tok822_find.c tok822_node.c tok822_parse.c \
++	tok822_resolve.c tok822_rewrite.c tok822_tree.c trace.c \
++	user_acl.c valid_mailhost_addr.c verify.c verify_clnt.c \
++	verp_sender.c wildcard_inet_addr.c xtext.c delivered_hdr.c \
++	fold_addr.c header_body_checks.c mkmap_proxy.c data_redirect.c \
++	match_service.c mail_conf_nint.c
++OBJS	= abounce.o anvil_clnt.o been_here.o bounce.o bounce_log.o \
++	canon_addr.o cfg_parser.o cleanup_strerror.o cleanup_strflags.o \
++	clnt_stream.o conv_time.o db_common.o debug_peer.o debug_process.o \
++	defer.o deliver_completed.o deliver_flock.o deliver_pass.o \
++	deliver_request.o dict_ldap.o dict_mysql.o dict_pgsql.o \
++	dict_proxy.o domain_list.o dot_lockfile.o dot_lockfile_as.o \
++	dsb_scan.o dsn.o dsn_buf.o dsn_mask.o dsn_print.o dsn_util.o \
++	ehlo_mask.o ext_prop.o file_id.o flush_clnt.o header_opts.o \
++	header_token.o input_transp.o int_filt.o is_header.o log_adhoc.o \
++	mail_addr.o mail_addr_crunch.o mail_addr_find.o mail_addr_map.o \
++	mail_command_client.o mail_command_server.o mail_conf.o \
++	mail_conf_bool.o mail_conf_int.o mail_conf_long.o mail_conf_raw.o \
++	mail_conf_str.o mail_conf_time.o mail_connect.o mail_copy.o \
++	mail_date.o mail_dict.o mail_error.o mail_flush.o mail_open_ok.o \
++	mail_params.o mail_pathname.o mail_queue.o mail_run.o \
++	mail_scan_dir.o mail_stream.o mail_task.o mail_trigger.o maps.o \
++	mark_corrupt.o match_parent_style.o mbox_conf.o mbox_open.o \
++	mime_state.o mkmap_cdb.o mkmap_db.o mkmap_dbm.o mkmap_open.o \
++	mkmap_sdbm.o msg_stats_print.o msg_stats_scan.o mynetworks.o \
++	mypwd.o namadr_list.o off_cvt.o opened.o own_inet_addr.o \
++	pipe_command.o post_mail.o quote_821_local.o quote_822_local.o \
++	rcpt_buf.o rcpt_print.o rec_attr_map.o rec_streamlf.o rec_type.o \
++	recipient_list.o record.o remove.o resolve_clnt.o resolve_local.o \
++	rewrite_clnt.o scache_clnt.o scache_multi.o scache_single.o \
++	sent.o smtp_stream.o split_addr.o string_list.o strip_addr.o \
++	sys_exits.o timed_ipc.o tok822_find.o tok822_node.o tok822_parse.o \
++	tok822_resolve.o tok822_rewrite.o tok822_tree.o trace.o \
++	user_acl.o valid_mailhost_addr.o verify.o verify_clnt.o \
++	verp_sender.o wildcard_inet_addr.o xtext.o delivered_hdr.o \
++	fold_addr.o header_body_checks.o mkmap_proxy.o data_redirect.o \
++	match_service.o mail_conf_nint.o
++HDRS	= abounce.h anvil_clnt.h been_here.h bounce.h bounce_log.h \
++	canon_addr.h cfg_parser.h cleanup_user.h clnt_stream.h config.h \
++	conv_time.h db_common.h debug_peer.h debug_process.h defer.h \
++	deliver_completed.h deliver_flock.h deliver_pass.h deliver_request.h \
++	dict_ldap.h dict_mysql.h dict_pgsql.h dict_proxy.h domain_list.h \
++	dot_lockfile.h dot_lockfile_as.h dsb_scan.h dsn.h dsn_buf.h \
++	dsn_mask.h dsn_print.h dsn_util.h ehlo_mask.h ext_prop.h \
++	file_id.h flush_clnt.h header_opts.h header_token.h input_transp.h \
++	int_filt.h is_header.h lex_822.h log_adhoc.h mail_addr.h \
++	mail_addr_crunch.h mail_addr_find.h mail_addr_map.h mail_conf.h \
++	mail_copy.h mail_date.h mail_dict.h mail_error.h mail_flush.h \
++	mail_open_ok.h mail_params.h mail_proto.h mail_queue.h mail_run.h \
++	mail_scan_dir.h mail_stream.h mail_task.h mail_version.h maps.h \
++	mark_corrupt.h match_parent_style.h mbox_conf.h mbox_open.h \
++	mime_state.h mkmap.h msg_stats.h mynetworks.h mypwd.h namadr_list.h \
++	off_cvt.h opened.h own_inet_addr.h pipe_command.h post_mail.h \
++	qmgr_user.h qmqp_proto.h quote_821_local.h quote_822_local.h \
++	quote_flags.h rcpt_buf.h rcpt_print.h rec_attr_map.h rec_streamlf.h \
++	rec_type.h recipient_list.h record.h resolve_clnt.h resolve_local.h \
++	rewrite_clnt.h scache.h sent.h smtp_stream.h split_addr.h \
++	string_list.h strip_addr.h sys_exits.h timed_ipc.h tok822.h \
++	trace.h user_acl.h valid_mailhost_addr.h verify.h verify_clnt.h \
++	verp_sender.h wildcard_inet_addr.h xtext.h delivered_hdr.h \
++	fold_addr.h header_body_checks.h data_redirect.h match_service.h
++TESTSRC	= rec2stream.c stream2rec.c recdump.c
++DEFS	= -I. -I$(INC_DIR) -D$(SYSTYPE)
++CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
++INCL	=
++LIB	= libglobal.a
++TESTPROG= domain_list dot_lockfile mail_addr_crunch mail_addr_find \
++	mail_addr_map mail_date maps mynetworks mypwd namadr_list \
++	off_cvt quote_822_local rec2stream recdump resolve_clnt \
++	resolve_local rewrite_clnt stream2rec string_list tok822_parse \
++	quote_821_local mail_conf_time mime_state strip_addr \
++	verify_clnt xtext anvil_clnt scache ehlo_mask \
++	valid_mailhost_addr own_inet_addr header_body_checks \
++	data_redirect
++
++LIBS	= ../../lib/libutil.a
++LIB_DIR	= ../../lib
++INC_DIR	= ../../include
++MAKES	=
++
++.c.o:;	$(CC) $(CFLAGS) -c $*.c
++
++all: $(LIB)
++
++$(OBJS): ../../conf/makedefs.out
++
++Makefile: Makefile.in
++	cat ../../conf/makedefs.out $? >$@
++
++test:	$(TESTPROG)
++
++$(LIB):	$(OBJS)
++	$(AR) $(ARFL) $(LIB) $?
++	$(RANLIB) $(LIB)
++
++$(LIB_DIR)/$(LIB): $(LIB)
++	cp $(LIB) $(LIB_DIR)
++	$(RANLIB) $(LIB_DIR)/$(LIB)
++
++update: $(LIB_DIR)/$(LIB) $(HDRS)
++	-for i in $(HDRS); \
++	do \
++	  cmp -s $$i $(INC_DIR)/$$i 2>/dev/null || cp $$i $(INC_DIR); \
++	done
++	cd $(INC_DIR); chmod 644 $(HDRS)
++
++dot_lockfile: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) -DTEST $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++tok822_parse: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) -DTEST $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++rec2stream: rec2stream.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++stream2rec: stream2rec.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++recdump: recdump.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++namadr_list: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++domain_list: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++mynetworks: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++resolve_clnt: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++rewrite_clnt: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++quote_822_local: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++off_cvt: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++mail_addr_map: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++mail_addr_find: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++maps: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++mypwd: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++mail_date: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++resolve_local: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++mail_addr_crunch: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++string_list: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++local_transport: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++quote_821_local: quote_821_local.c $(LIBS)
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIBS) $(SYSLIBS)
++
++mail_conf_time: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) -DTEST $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++mime_state: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) -DTEST $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++strip_addr: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) -DTEST $(CFLAGS) -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++verify_clnt: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++xtext: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++anvil_clnt: $(LIB) $(LIBS)
++	mv $@.o junk
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++	mv junk $@.o
++
++scache: scache.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++ehlo_mask: ehlo_mask.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++valid_mailhost_addr: valid_mailhost_addr.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++own_inet_addr: own_inet_addr.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++header_body_checks: header_body_checks.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++data_redirect: data_redirect.c $(LIB) $(LIBS)
++	$(CC) $(CFLAGS) -DTEST -o $@ $@.c $(LIB) $(LIBS) $(SYSLIBS)
++
++tests: tok822_test mime_tests strip_addr_test tok822_limit_test \
++	xtext_test scache_multi_test ehlo_mask_test \
++	namadr_list_test mail_conf_time_test header_body_checks_tests
++
++mime_tests: mime_test mime_nest mime_8bit mime_dom mime_trunc mime_cvt \
++	mime_cvt2 mime_cvt3 mime_garb1 mime_garb2 mime_garb3 mime_garb4
++
++header_body_checks_tests: header_body_checks_null_test \
++	header_body_checks_warn_test header_body_checks_prepend_test \
++	header_body_checks_ignore_test header_body_checks_replace_test
++
++root_tests: rewrite_clnt_test resolve_clnt_test
++
++tok822_test: tok822_parse tok822_parse.in tok822_parse.ref
++	./tok822_parse <tok822_parse.in >tok822_parse.tmp 2>&1
++	diff tok822_parse.ref tok822_parse.tmp
++	rm -f tok822_parse.tmp
++
++mime_test: mime_state mime_test.in mime_test.ref
++	./mime_state <mime_test.in >mime_test.tmp
++	diff  mime_test.ref mime_test.tmp
++	rm -f mime_test.tmp
++
++mime_nest: mime_state mime_nest.in mime_nest.ref
++	./mime_state <mime_nest.in >mime_nest.tmp
++	diff  mime_nest.ref mime_nest.tmp
++	rm -f mime_nest.tmp
++
++mime_8bit: mime_state mime_8bit.in mime_8bit.ref
++	./mime_state <mime_8bit.in >mime_8bit.tmp
++	diff  mime_8bit.ref mime_8bit.tmp
++	rm -f mime_8bit.tmp
++
++mime_dom: mime_state mime_dom.in mime_dom.ref
++	./mime_state <mime_dom.in >mime_dom.tmp
++	diff  mime_dom.ref mime_dom.tmp
++	rm -f mime_dom.tmp
++
++mime_trunc: mime_state mime_trunc.in mime_trunc.ref
++	./mime_state <mime_trunc.in >mime_trunc.tmp
++	diff  mime_trunc.ref mime_trunc.tmp
++	rm -f mime_trunc.tmp
++
++mime_cvt: mime_state mime_cvt.in mime_cvt.ref
++	./mime_state <mime_cvt.in >mime_cvt.tmp
++	diff  mime_cvt.ref mime_cvt.tmp
++	rm -f mime_cvt.tmp
++
++mime_cvt2: mime_state mime_cvt.in2 mime_cvt.ref2
++	./mime_state <mime_cvt.in2 >mime_cvt.tmp
++	diff  mime_cvt.ref2 mime_cvt.tmp
++	rm -f mime_cvt.tmp
++
++mime_cvt3: mime_state mime_cvt.in3 mime_cvt.ref3
++	./mime_state <mime_cvt.in3 >mime_cvt.tmp
++	diff  mime_cvt.ref3 mime_cvt.tmp
++	rm -f mime_cvt.tmp
++
++mime_garb1: mime_state mime_garb1.in mime_garb1.ref
++	./mime_state <mime_garb1.in >mime_cvt.tmp
++	diff  mime_garb1.ref mime_cvt.tmp
++	rm -f mime_cvt.tmp
++
++mime_garb2: mime_state mime_garb2.in mime_garb2.ref
++	./mime_state <mime_garb2.in >mime_cvt.tmp
++	diff  mime_garb2.ref mime_cvt.tmp
++	rm -f mime_cvt.tmp
++
++mime_garb3: mime_state mime_garb3.in mime_garb3.ref
++	./mime_state <mime_garb3.in >mime_cvt.tmp
++	diff  mime_garb3.ref mime_cvt.tmp
++	rm -f mime_cvt.tmp
++
++mime_garb4: mime_state mime_garb4.in mime_garb4.ref
++	./mime_state <mime_garb4.in >mime_cvt.tmp
++	diff  mime_garb4.ref mime_cvt.tmp
++	rm -f mime_cvt.tmp
++
++tok822_limit_test: tok822_parse tok822_limit.in tok822_limit.ref
++	./tok822_parse <tok822_limit.in >tok822_limit.tmp
++	diff tok822_limit.ref tok822_limit.tmp
++	rm -f tok822_limit.tmp
++
++strip_addr_test: strip_addr strip_addr.ref
++	./strip_addr 2>strip_addr.tmp
++	diff strip_addr.ref strip_addr.tmp
++	rm -f strip_addr.tmp
++
++xtext_test: xtext
++	./xtext <xtext.c | od -cb >xtext.tmp
++	od -cb <xtext.c >xtext.ref
++	cmp xtext.ref xtext.tmp
++	rm -f xtext.ref xtext.tmp
++
++# Requires: Postfix running, root privileges
++
++rewrite_clnt_test: rewrite_clnt rewrite_clnt.in rewrite_clnt.ref
++	@set -- `id`; case "$$1" in \
++	    *"(root)") ;; \
++	    *) echo 'This test requires root privilege'; exit 1;; \
++	esac
++	@test -n "`postconf -h remote_header_rewrite_domain`" || { \
++	    echo 'This test requires non-empty remote_header_rewrite_domain'; exit 1; }
++	./rewrite_clnt <rewrite_clnt.in >rewrite_clnt.tmp
++	sed -e "s/MYDOMAIN/`postconf -h mydomain`/" \
++	    -e "s/INVALID_DOMAIN/`postconf -h remote_header_rewrite_domain`/" \
++		rewrite_clnt.ref | diff - rewrite_clnt.tmp
++	rm -f rewrite_clnt.tmp
++
++# Requires: Postfix, root, relayhost=$mydomain, no transport map
++
++resolve_clnt_test: resolve_clnt resolve_clnt.in resolve_clnt.ref
++	@set -- `id`; case "$$1" in \
++	    *"(root)") ;; \
++	    *) echo 'This test requires root privilege'; exit 1;; \
++	esac
++	@test "`postconf -h relayhost`" = '$$mydomain' || { \
++	    echo 'This test requires relayhost=$$mydomain'; exit 1; }
++	@test "`postconf -h transport_maps`" = "" || { \
++	    echo 'This test requires no transport map'; exit 1; }
++	sed -e "s/MYDOMAIN/`postconf -h mydomain`/g" \
++	    -e "s/MYHOSTNAME/`postconf -h myhostname`/g" \
++	    resolve_clnt.in | ./resolve_clnt >resolve_clnt.tmp
++	sed -e "s/MYDOMAIN/`postconf -h mydomain`/g" \
++	    -e "s/MYHOSTNAME/`postconf -h myhostname`/g" \
++	    -e "s/RELAYHOST/`postconf -h mydomain`/g" \
++	    resolve_clnt.ref | diff - resolve_clnt.tmp
++	rm -f resolve_clnt.tmp
++
++scache_multi_test: scache scache_multi.in scache_multi.ref
++	./scache <scache_multi.in >scache_multi.tmp
++	diff scache_multi.ref scache_multi.tmp
++	rm -f scache_multi.tmp
++
++ehlo_mask_test: ehlo_mask ehlo_mask.in ehlo_mask.ref
++	./ehlo_mask <ehlo_mask.in >ehlo_mask.tmp
++	diff ehlo_mask.ref ehlo_mask.tmp
++	rm -f ehlo_mask.tmp
++
++namadr_list_test: namadr_list namadr_list.in namadr_list.ref
++	-sh namadr_list.in >namadr_list.tmp 2>&1
++	diff namadr_list.ref namadr_list.tmp
++	rm -f namadr_list.tmp
++
++mail_conf_time_test: mail_conf_time mail_conf_time.ref
++	./mail_conf_time >mail_conf_time.tmp
++	diff mail_conf_time.ref mail_conf_time.tmp
++	rm -f mail_conf_time.tmp
++
++header_body_checks_null_test: header_body_checks header_body_checks_null.ref
++	./header_body_checks "" "" "" "" \
++		<mime_test.in >header_body_checks_null.tmp 2>&1
++	cmp header_body_checks_null.ref header_body_checks_null.tmp
++	./header_body_checks static:dunno static:dunno static:dunno static:dunno \
++		<mime_test.in >header_body_checks_null.tmp 2>&1
++	cmp header_body_checks_null.ref header_body_checks_null.tmp
++	./header_body_checks static:ok static:ok static:ok static:ok \
++		<mime_test.in >header_body_checks_null.tmp 2>&1
++	cmp header_body_checks_null.ref header_body_checks_null.tmp
++	rm -f header_body_checks_null.tmp
++
++header_body_checks_warn_test: header_body_checks header_body_checks_warn.ref
++	./header_body_checks static:warn static:warn static:warn static:warn \
++		<mime_test.in >header_body_checks_warn.tmp 2>&1
++	cmp header_body_checks_warn.ref header_body_checks_warn.tmp
++	rm -f header_body_checks_warn.tmp
++
++header_body_checks_prepend_test: header_body_checks header_body_checks_prepend.ref
++	echo /./ prepend header: head >header_body_checks_head
++	echo /./ prepend header: mime >header_body_checks_mime
++	echo /./ prepend header: nest >header_body_checks_nest
++	echo /./ prepend body >header_body_checks_body
++	./header_body_checks regexp:header_body_checks_head regexp:header_body_checks_mime \
++		regexp:header_body_checks_nest regexp:header_body_checks_body \
++		<mime_test.in >header_body_checks_prepend.tmp 2>&1
++	cmp header_body_checks_prepend.ref header_body_checks_prepend.tmp
++	rm -f header_body_checks_prepend.tmp header_body_checks_head header_body_checks_mime header_body_checks_nest header_body_checks_body
++
++# Note: the IGNORE action will not strip empty lines. Postfix maps
++# currently never see null query strings because some map types raise
++# errors. We can eliminate this restriction by allowing individual
++# map types to advertise whether they can handle null queries.
++header_body_checks_ignore_test: header_body_checks header_body_checks_ignore.ref
++	./header_body_checks static:ignore static:ignore static:ignore static:ignore \
++		<mime_test.in >header_body_checks_ignore.tmp 2>&1
++	cmp header_body_checks_ignore.ref header_body_checks_ignore.tmp
++	rm -f header_body_checks_ignore.tmp header_body_checks_head header_body_checks_mime header_body_checks_nest header_body_checks_body
++
++header_body_checks_replace_test: header_body_checks header_body_checks_replace.ref
++	echo /./ replace header: head >header_body_checks_head
++	echo /./ replace header: mime >header_body_checks_mime
++	echo /./ replace header: nest >header_body_checks_nest
++	echo /./ replace body >header_body_checks_body
++	./header_body_checks regexp:header_body_checks_head regexp:header_body_checks_mime \
++		regexp:header_body_checks_nest regexp:header_body_checks_body \
++		<mime_test.in >header_body_checks_replace.tmp 2>&1
++	cmp header_body_checks_replace.ref header_body_checks_replace.tmp
++	rm -f header_body_checks_replace.tmp header_body_checks_head header_body_checks_mime header_body_checks_nest header_body_checks_body
++
++printfck: $(OBJS) $(PROG)
++	rm -rf printfck
++	mkdir printfck
++	cp *.h printfck
++	sed '1,/^# do not edit/!d' Makefile >printfck/Makefile
++	set -e; for i in *.c; do printfck -f .printfck $$i >printfck/$$i; done
++	cd printfck; make "INC_DIR=../../../include" `cd ..; ls *.o`
++
++lint:
++	lint $(DEFS) $(SRCS) $(LINTFIX)
++
++clean:
++	rm -f *.o $(LIB) *core $(TESTPROG) junk
++	rm -rf printfck
++
++tidy:	clean
++
++depend: $(MAKES)
++	(sed '1,/^# do not edit/!d' Makefile.in; \
++	set -e; for i in [a-z][a-z0-9]*.c; do \
++	    $(CC) -E $(DEFS) $(INCL) $$i | grep -v '[<>]' | sed -n -e '/^# *1 *"\([^"]*\)".*/{' \
++	    -e 's//'`echo $$i|sed 's/c$$/o/'`': \1/' \
++	    -e 's/o: \.\//o: /' -e p -e '}' ; \
++	done | sort -u) | grep -v '[.][o][:][ ][/]' >$$$$ && mv $$$$ Makefile.in
++	@$(EXPORT) make -f Makefile.in Makefile 1>&2
++
++# do not edit below this line - it is generated by 'make depend'
++abounce.o: ../../include/attr.h
++abounce.o: ../../include/events.h
++abounce.o: ../../include/iostuff.h
++abounce.o: ../../include/msg.h
++abounce.o: ../../include/mymalloc.h
++abounce.o: ../../include/sys_defs.h
++abounce.o: ../../include/vbuf.h
++abounce.o: ../../include/vstream.h
++abounce.o: ../../include/vstring.h
++abounce.o: abounce.c
++abounce.o: abounce.h
++abounce.o: bounce.h
++abounce.o: deliver_request.h
++abounce.o: dsn.h
++abounce.o: dsn_buf.h
++abounce.o: mail_params.h
++abounce.o: mail_proto.h
++abounce.o: msg_stats.h
++abounce.o: recipient_list.h
++anvil_clnt.o: ../../include/attr.h
++anvil_clnt.o: ../../include/attr_clnt.h
++anvil_clnt.o: ../../include/iostuff.h
++anvil_clnt.o: ../../include/msg.h
++anvil_clnt.o: ../../include/mymalloc.h
++anvil_clnt.o: ../../include/stringops.h
++anvil_clnt.o: ../../include/sys_defs.h
++anvil_clnt.o: ../../include/vbuf.h
++anvil_clnt.o: ../../include/vstream.h
++anvil_clnt.o: ../../include/vstring.h
++anvil_clnt.o: anvil_clnt.c
++anvil_clnt.o: anvil_clnt.h
++anvil_clnt.o: mail_params.h
++anvil_clnt.o: mail_proto.h
++been_here.o: ../../include/htable.h
++been_here.o: ../../include/msg.h
++been_here.o: ../../include/mymalloc.h
++been_here.o: ../../include/stringops.h
++been_here.o: ../../include/sys_defs.h
++been_here.o: ../../include/vbuf.h
++been_here.o: ../../include/vstring.h
++been_here.o: been_here.c
++been_here.o: been_here.h
++bounce.o: ../../include/attr.h
++bounce.o: ../../include/iostuff.h
++bounce.o: ../../include/msg.h
++bounce.o: ../../include/mymalloc.h
++bounce.o: ../../include/sys_defs.h
++bounce.o: ../../include/vbuf.h
++bounce.o: ../../include/vstream.h
++bounce.o: ../../include/vstring.h
++bounce.o: bounce.c
++bounce.o: bounce.h
++bounce.o: defer.h
++bounce.o: deliver_request.h
++bounce.o: dsn.h
++bounce.o: dsn_buf.h
++bounce.o: dsn_print.h
++bounce.o: dsn_util.h
++bounce.o: log_adhoc.h
++bounce.o: mail_params.h
++bounce.o: mail_proto.h
++bounce.o: msg_stats.h
++bounce.o: rcpt_print.h
++bounce.o: recipient_list.h
++bounce.o: trace.h
++bounce.o: verify.h
++bounce_log.o: ../../include/attr.h
++bounce_log.o: ../../include/iostuff.h
++bounce_log.o: ../../include/msg.h
++bounce_log.o: ../../include/mymalloc.h
++bounce_log.o: ../../include/stringops.h
++bounce_log.o: ../../include/sys_defs.h
++bounce_log.o: ../../include/vbuf.h
++bounce_log.o: ../../include/vstream.h
++bounce_log.o: ../../include/vstring.h
++bounce_log.o: ../../include/vstring_vstream.h
++bounce_log.o: bounce_log.c
++bounce_log.o: bounce_log.h
++bounce_log.o: dsn.h
++bounce_log.o: dsn_buf.h
++bounce_log.o: dsn_mask.h
++bounce_log.o: mail_params.h
++bounce_log.o: mail_proto.h
++bounce_log.o: mail_queue.h
++bounce_log.o: rcpt_buf.h
++bounce_log.o: recipient_list.h
++canon_addr.o: ../../include/attr.h
++canon_addr.o: ../../include/iostuff.h
++canon_addr.o: ../../include/mymalloc.h
++canon_addr.o: ../../include/sys_defs.h
++canon_addr.o: ../../include/vbuf.h
++canon_addr.o: ../../include/vstream.h
++canon_addr.o: ../../include/vstring.h
++canon_addr.o: canon_addr.c
++canon_addr.o: canon_addr.h
++canon_addr.o: mail_proto.h
++canon_addr.o: rewrite_clnt.h
++cfg_parser.o: ../../include/argv.h
++cfg_parser.o: ../../include/dict.h
++cfg_parser.o: ../../include/msg.h
++cfg_parser.o: ../../include/mymalloc.h
++cfg_parser.o: ../../include/sys_defs.h
++cfg_parser.o: ../../include/vbuf.h
++cfg_parser.o: ../../include/vstream.h
++cfg_parser.o: ../../include/vstring.h
++cfg_parser.o: cfg_parser.c
++cfg_parser.o: cfg_parser.h
++cfg_parser.o: mail_conf.h
++cleanup_strerror.o: ../../include/msg.h
++cleanup_strerror.o: ../../include/sys_defs.h
++cleanup_strerror.o: ../../include/vbuf.h
++cleanup_strerror.o: ../../include/vstring.h
++cleanup_strerror.o: cleanup_strerror.c
++cleanup_strerror.o: cleanup_user.h
++cleanup_strflags.o: ../../include/msg.h
++cleanup_strflags.o: ../../include/sys_defs.h
++cleanup_strflags.o: ../../include/vbuf.h
++cleanup_strflags.o: ../../include/vstring.h
++cleanup_strflags.o: cleanup_strflags.c
++cleanup_strflags.o: cleanup_user.h
++clnt_stream.o: ../../include/attr.h
++clnt_stream.o: ../../include/events.h
++clnt_stream.o: ../../include/iostuff.h
++clnt_stream.o: ../../include/msg.h
++clnt_stream.o: ../../include/mymalloc.h
++clnt_stream.o: ../../include/sys_defs.h
++clnt_stream.o: ../../include/vbuf.h
++clnt_stream.o: ../../include/vstream.h
++clnt_stream.o: clnt_stream.c
++clnt_stream.o: clnt_stream.h
++clnt_stream.o: mail_params.h
++clnt_stream.o: mail_proto.h
++conv_time.o: ../../include/msg.h
++conv_time.o: ../../include/sys_defs.h
++conv_time.o: conv_time.c
++conv_time.o: conv_time.h
++data_redirect.o: ../../include/argv.h
++data_redirect.o: ../../include/dict.h
++data_redirect.o: ../../include/dict_cdb.h
++data_redirect.o: ../../include/dict_db.h
++data_redirect.o: ../../include/dict_dbm.h
++data_redirect.o: ../../include/msg.h
++data_redirect.o: ../../include/name_code.h
++data_redirect.o: ../../include/split_at.h
++data_redirect.o: ../../include/stringops.h
++data_redirect.o: ../../include/sys_defs.h
++data_redirect.o: ../../include/vbuf.h
++data_redirect.o: ../../include/vstream.h
++data_redirect.o: ../../include/vstring.h
++data_redirect.o: data_redirect.c
++data_redirect.o: data_redirect.h
++data_redirect.o: dict_proxy.h
++data_redirect.o: mail_params.h
++db_common.o: ../../include/argv.h
++db_common.o: ../../include/dict.h
++db_common.o: ../../include/match_list.h
++db_common.o: ../../include/match_ops.h
++db_common.o: ../../include/msg.h
++db_common.o: ../../include/mymalloc.h
++db_common.o: ../../include/sys_defs.h
++db_common.o: ../../include/vbuf.h
++db_common.o: ../../include/vstream.h
++db_common.o: ../../include/vstring.h
++db_common.o: cfg_parser.h
++db_common.o: db_common.c
++db_common.o: db_common.h
++db_common.o: string_list.h
++debug_peer.o: ../../include/match_list.h
++debug_peer.o: ../../include/match_ops.h
++debug_peer.o: ../../include/msg.h
++debug_peer.o: ../../include/sys_defs.h
++debug_peer.o: debug_peer.c
++debug_peer.o: debug_peer.h
++debug_peer.o: mail_params.h
++debug_peer.o: match_parent_style.h
++debug_peer.o: namadr_list.h
++debug_process.o: ../../include/msg.h
++debug_process.o: ../../include/sys_defs.h
++debug_process.o: debug_process.c
++debug_process.o: debug_process.h
++debug_process.o: mail_conf.h
++debug_process.o: mail_params.h
++defer.o: ../../include/attr.h
++defer.o: ../../include/iostuff.h
++defer.o: ../../include/msg.h
++defer.o: ../../include/sys_defs.h
++defer.o: ../../include/vbuf.h
++defer.o: ../../include/vstream.h
++defer.o: ../../include/vstring.h
++defer.o: bounce.h
++defer.o: defer.c
++defer.o: defer.h
++defer.o: deliver_request.h
++defer.o: dsn.h
++defer.o: dsn_buf.h
++defer.o: dsn_print.h
++defer.o: dsn_util.h
++defer.o: flush_clnt.h
++defer.o: log_adhoc.h
++defer.o: mail_params.h
++defer.o: mail_proto.h
++defer.o: mail_queue.h
++defer.o: msg_stats.h
++defer.o: rcpt_print.h
++defer.o: recipient_list.h
++defer.o: trace.h
++defer.o: verify.h
++deliver_completed.o: ../../include/msg.h
++deliver_completed.o: ../../include/sys_defs.h
++deliver_completed.o: ../../include/vbuf.h
++deliver_completed.o: ../../include/vstream.h
++deliver_completed.o: ../../include/vstring.h
++deliver_completed.o: deliver_completed.c
++deliver_completed.o: deliver_completed.h
++deliver_completed.o: rec_type.h
++deliver_completed.o: record.h
++deliver_flock.o: ../../include/iostuff.h
++deliver_flock.o: ../../include/myflock.h
++deliver_flock.o: ../../include/sys_defs.h
++deliver_flock.o: ../../include/vbuf.h
++deliver_flock.o: ../../include/vstring.h
++deliver_flock.o: deliver_flock.c
++deliver_flock.o: deliver_flock.h
++deliver_flock.o: mail_params.h
++deliver_pass.o: ../../include/attr.h
++deliver_pass.o: ../../include/iostuff.h
++deliver_pass.o: ../../include/msg.h
++deliver_pass.o: ../../include/mymalloc.h
++deliver_pass.o: ../../include/split_at.h
++deliver_pass.o: ../../include/sys_defs.h
++deliver_pass.o: ../../include/vbuf.h
++deliver_pass.o: ../../include/vstream.h
++deliver_pass.o: ../../include/vstring.h
++deliver_pass.o: bounce.h
++deliver_pass.o: defer.h
++deliver_pass.o: deliver_pass.c
++deliver_pass.o: deliver_pass.h
++deliver_pass.o: deliver_request.h
++deliver_pass.o: dsb_scan.h
++deliver_pass.o: dsn.h
++deliver_pass.o: dsn_buf.h
++deliver_pass.o: mail_params.h
++deliver_pass.o: mail_proto.h
++deliver_pass.o: msg_stats.h
++deliver_pass.o: rcpt_print.h
++deliver_pass.o: recipient_list.h
++deliver_request.o: ../../include/attr.h
++deliver_request.o: ../../include/iostuff.h
++deliver_request.o: ../../include/msg.h
++deliver_request.o: ../../include/myflock.h
++deliver_request.o: ../../include/mymalloc.h
++deliver_request.o: ../../include/sys_defs.h
++deliver_request.o: ../../include/vbuf.h
++deliver_request.o: ../../include/vstream.h
++deliver_request.o: ../../include/vstring.h
++deliver_request.o: deliver_request.c
++deliver_request.o: deliver_request.h
++deliver_request.o: dsn.h
++deliver_request.o: dsn_print.h
++deliver_request.o: mail_open_ok.h
++deliver_request.o: mail_proto.h
++deliver_request.o: mail_queue.h
++deliver_request.o: msg_stats.h
++deliver_request.o: rcpt_buf.h
++deliver_request.o: recipient_list.h
++delivered_hdr.o: ../../include/htable.h
++delivered_hdr.o: ../../include/msg.h
++delivered_hdr.o: ../../include/mymalloc.h
++delivered_hdr.o: ../../include/stringops.h
++delivered_hdr.o: ../../include/sys_defs.h
++delivered_hdr.o: ../../include/vbuf.h
++delivered_hdr.o: ../../include/vstream.h
++delivered_hdr.o: ../../include/vstring.h
++delivered_hdr.o: ../../include/vstring_vstream.h
++delivered_hdr.o: delivered_hdr.c
++delivered_hdr.o: delivered_hdr.h
++delivered_hdr.o: fold_addr.h
++delivered_hdr.o: header_opts.h
++delivered_hdr.o: is_header.h
++delivered_hdr.o: quote_822_local.h
++delivered_hdr.o: quote_flags.h
++delivered_hdr.o: rec_type.h
++delivered_hdr.o: record.h
++dict_ldap.o: ../../include/argv.h
++dict_ldap.o: ../../include/binhash.h
++dict_ldap.o: ../../include/dict.h
++dict_ldap.o: ../../include/match_list.h
++dict_ldap.o: ../../include/match_ops.h
++dict_ldap.o: ../../include/msg.h
++dict_ldap.o: ../../include/mymalloc.h
++dict_ldap.o: ../../include/stringops.h
++dict_ldap.o: ../../include/sys_defs.h
++dict_ldap.o: ../../include/vbuf.h
++dict_ldap.o: ../../include/vstream.h
++dict_ldap.o: ../../include/vstring.h
++dict_ldap.o: cfg_parser.h
++dict_ldap.o: db_common.h
++dict_ldap.o: dict_ldap.c
++dict_ldap.o: dict_ldap.h
++dict_ldap.o: string_list.h
++dict_mysql.o: ../../include/argv.h
++dict_mysql.o: ../../include/dict.h
++dict_mysql.o: ../../include/events.h
++dict_mysql.o: ../../include/find_inet.h
++dict_mysql.o: ../../include/match_list.h
++dict_mysql.o: ../../include/match_ops.h
++dict_mysql.o: ../../include/msg.h
++dict_mysql.o: ../../include/mymalloc.h
++dict_mysql.o: ../../include/myrand.h
++dict_mysql.o: ../../include/split_at.h
++dict_mysql.o: ../../include/stringops.h
++dict_mysql.o: ../../include/sys_defs.h
++dict_mysql.o: ../../include/vbuf.h
++dict_mysql.o: ../../include/vstream.h
++dict_mysql.o: ../../include/vstring.h
++dict_mysql.o: cfg_parser.h
++dict_mysql.o: db_common.h
++dict_mysql.o: dict_mysql.c
++dict_mysql.o: dict_mysql.h
++dict_mysql.o: string_list.h
++dict_pgsql.o: ../../include/argv.h
++dict_pgsql.o: ../../include/dict.h
++dict_pgsql.o: ../../include/events.h
++dict_pgsql.o: ../../include/find_inet.h
++dict_pgsql.o: ../../include/match_list.h
++dict_pgsql.o: ../../include/match_ops.h
++dict_pgsql.o: ../../include/msg.h
++dict_pgsql.o: ../../include/mymalloc.h
++dict_pgsql.o: ../../include/myrand.h
++dict_pgsql.o: ../../include/split_at.h
++dict_pgsql.o: ../../include/stringops.h
++dict_pgsql.o: ../../include/sys_defs.h
++dict_pgsql.o: ../../include/vbuf.h
++dict_pgsql.o: ../../include/vstream.h
++dict_pgsql.o: ../../include/vstring.h
++dict_pgsql.o: cfg_parser.h
++dict_pgsql.o: db_common.h
++dict_pgsql.o: dict_pgsql.c
++dict_pgsql.o: dict_pgsql.h
++dict_pgsql.o: string_list.h
++dict_proxy.o: ../../include/argv.h
++dict_proxy.o: ../../include/attr.h
++dict_proxy.o: ../../include/dict.h
++dict_proxy.o: ../../include/iostuff.h
++dict_proxy.o: ../../include/msg.h
++dict_proxy.o: ../../include/mymalloc.h
++dict_proxy.o: ../../include/stringops.h
++dict_proxy.o: ../../include/sys_defs.h
++dict_proxy.o: ../../include/vbuf.h
++dict_proxy.o: ../../include/vstream.h
++dict_proxy.o: ../../include/vstring.h
++dict_proxy.o: clnt_stream.h
++dict_proxy.o: dict_proxy.c
++dict_proxy.o: dict_proxy.h
++dict_proxy.o: mail_params.h
++dict_proxy.o: mail_proto.h
++domain_list.o: ../../include/match_list.h
++domain_list.o: ../../include/match_ops.h
++domain_list.o: ../../include/sys_defs.h
++domain_list.o: domain_list.c
++domain_list.o: domain_list.h
++dot_lockfile.o: ../../include/iostuff.h
++dot_lockfile.o: ../../include/mymalloc.h
++dot_lockfile.o: ../../include/stringops.h
++dot_lockfile.o: ../../include/sys_defs.h
++dot_lockfile.o: ../../include/vbuf.h
++dot_lockfile.o: ../../include/vstring.h
++dot_lockfile.o: dot_lockfile.c
++dot_lockfile.o: dot_lockfile.h
++dot_lockfile.o: mail_params.h
++dot_lockfile_as.o: ../../include/msg.h
++dot_lockfile_as.o: ../../include/set_eugid.h
++dot_lockfile_as.o: ../../include/sys_defs.h
++dot_lockfile_as.o: ../../include/vbuf.h
++dot_lockfile_as.o: ../../include/vstring.h
++dot_lockfile_as.o: dot_lockfile.h
++dot_lockfile_as.o: dot_lockfile_as.c
++dot_lockfile_as.o: dot_lockfile_as.h
++dsb_scan.o: ../../include/attr.h
++dsb_scan.o: ../../include/iostuff.h
++dsb_scan.o: ../../include/sys_defs.h
++dsb_scan.o: ../../include/vbuf.h
++dsb_scan.o: ../../include/vstream.h
++dsb_scan.o: ../../include/vstring.h
++dsb_scan.o: dsb_scan.c
++dsb_scan.o: dsb_scan.h
++dsb_scan.o: dsn.h
++dsb_scan.o: dsn_buf.h
++dsb_scan.o: mail_proto.h
++dsn.o: ../../include/msg.h
++dsn.o: ../../include/mymalloc.h
++dsn.o: ../../include/sys_defs.h
++dsn.o: dsn.c
++dsn.o: dsn.h
++dsn_buf.o: ../../include/msg.h
++dsn_buf.o: ../../include/mymalloc.h
++dsn_buf.o: ../../include/sys_defs.h
++dsn_buf.o: ../../include/vbuf.h
++dsn_buf.o: ../../include/vstring.h
++dsn_buf.o: dsn.h
++dsn_buf.o: dsn_buf.c
++dsn_buf.o: dsn_buf.h
++dsn_mask.o: ../../include/msg.h
++dsn_mask.o: ../../include/name_code.h
++dsn_mask.o: ../../include/name_mask.h
++dsn_mask.o: ../../include/sys_defs.h
++dsn_mask.o: ../../include/vbuf.h
++dsn_mask.o: ../../include/vstring.h
++dsn_mask.o: dsn_mask.c
++dsn_mask.o: dsn_mask.h
++dsn_print.o: ../../include/attr.h
++dsn_print.o: ../../include/iostuff.h
++dsn_print.o: ../../include/sys_defs.h
++dsn_print.o: ../../include/vbuf.h
++dsn_print.o: ../../include/vstream.h
++dsn_print.o: dsn.h
++dsn_print.o: dsn_print.c
++dsn_print.o: dsn_print.h
++dsn_print.o: mail_proto.h
++dsn_util.o: ../../include/msg.h
++dsn_util.o: ../../include/mymalloc.h
++dsn_util.o: ../../include/stringops.h
++dsn_util.o: ../../include/sys_defs.h
++dsn_util.o: ../../include/vbuf.h
++dsn_util.o: ../../include/vstring.h
++dsn_util.o: dsn_util.c
++dsn_util.o: dsn_util.h
++ehlo_mask.o: ../../include/name_mask.h
++ehlo_mask.o: ../../include/sys_defs.h
++ehlo_mask.o: ../../include/vbuf.h
++ehlo_mask.o: ../../include/vstring.h
++ehlo_mask.o: ehlo_mask.c
++ehlo_mask.o: ehlo_mask.h
++ext_prop.o: ../../include/name_mask.h
++ext_prop.o: ../../include/sys_defs.h
++ext_prop.o: ../../include/vbuf.h
++ext_prop.o: ../../include/vstring.h
++ext_prop.o: ext_prop.c
++ext_prop.o: ext_prop.h
++ext_prop.o: mail_params.h
++file_id.o: ../../include/msg.h
++file_id.o: ../../include/sys_defs.h
++file_id.o: ../../include/vbuf.h
++file_id.o: ../../include/vstring.h
++file_id.o: file_id.c
++file_id.o: file_id.h
++flush_clnt.o: ../../include/attr.h
++flush_clnt.o: ../../include/iostuff.h
++flush_clnt.o: ../../include/match_list.h
++flush_clnt.o: ../../include/match_ops.h
++flush_clnt.o: ../../include/msg.h
++flush_clnt.o: ../../include/sys_defs.h
++flush_clnt.o: ../../include/vbuf.h
++flush_clnt.o: ../../include/vstream.h
++flush_clnt.o: domain_list.h
++flush_clnt.o: flush_clnt.c
++flush_clnt.o: flush_clnt.h
++flush_clnt.o: mail_flush.h
++flush_clnt.o: mail_params.h
++flush_clnt.o: mail_proto.h
++flush_clnt.o: match_parent_style.h
++fold_addr.o: ../../include/stringops.h
++fold_addr.o: ../../include/sys_defs.h
++fold_addr.o: ../../include/vbuf.h
++fold_addr.o: ../../include/vstring.h
++fold_addr.o: fold_addr.c
++fold_addr.o: fold_addr.h
++header_body_checks.o: ../../include/argv.h
++header_body_checks.o: ../../include/dict.h
++header_body_checks.o: ../../include/msg.h
++header_body_checks.o: ../../include/mymalloc.h
++header_body_checks.o: ../../include/sys_defs.h
++header_body_checks.o: ../../include/vbuf.h
++header_body_checks.o: ../../include/vstream.h
++header_body_checks.o: ../../include/vstring.h
++header_body_checks.o: cleanup_user.h
++header_body_checks.o: dsn_util.h
++header_body_checks.o: header_body_checks.c
++header_body_checks.o: header_body_checks.h
++header_body_checks.o: header_opts.h
++header_body_checks.o: is_header.h
++header_body_checks.o: maps.h
++header_body_checks.o: mime_state.h
++header_body_checks.o: rec_type.h
++header_opts.o: ../../include/htable.h
++header_opts.o: ../../include/msg.h
++header_opts.o: ../../include/stringops.h
++header_opts.o: ../../include/sys_defs.h
++header_opts.o: ../../include/vbuf.h
++header_opts.o: ../../include/vstring.h
++header_opts.o: header_opts.c
++header_opts.o: header_opts.h
++header_token.o: ../../include/msg.h
++header_token.o: ../../include/sys_defs.h
++header_token.o: ../../include/vbuf.h
++header_token.o: ../../include/vstring.h
++header_token.o: header_token.c
++header_token.o: header_token.h
++header_token.o: lex_822.h
++input_transp.o: ../../include/msg.h
++input_transp.o: ../../include/name_mask.h
++input_transp.o: ../../include/sys_defs.h
++input_transp.o: ../../include/vbuf.h
++input_transp.o: ../../include/vstring.h
++input_transp.o: cleanup_user.h
++input_transp.o: input_transp.c
++input_transp.o: input_transp.h
++input_transp.o: mail_params.h
++int_filt.o: ../../include/msg.h
++int_filt.o: ../../include/name_mask.h
++int_filt.o: ../../include/sys_defs.h
++int_filt.o: ../../include/vbuf.h
++int_filt.o: ../../include/vstring.h
++int_filt.o: cleanup_user.h
++int_filt.o: int_filt.c
++int_filt.o: int_filt.h
++int_filt.o: mail_params.h
++is_header.o: ../../include/sys_defs.h
++is_header.o: is_header.c
++is_header.o: is_header.h
++log_adhoc.o: ../../include/attr.h
++log_adhoc.o: ../../include/format_tv.h
++log_adhoc.o: ../../include/msg.h
++log_adhoc.o: ../../include/sys_defs.h
++log_adhoc.o: ../../include/vbuf.h
++log_adhoc.o: ../../include/vstream.h
++log_adhoc.o: ../../include/vstring.h
++log_adhoc.o: dsn.h
++log_adhoc.o: log_adhoc.c
++log_adhoc.o: log_adhoc.h
++log_adhoc.o: mail_params.h
++log_adhoc.o: msg_stats.h
++log_adhoc.o: recipient_list.h
++mail_addr.o: ../../include/stringops.h
++mail_addr.o: ../../include/sys_defs.h
++mail_addr.o: ../../include/vbuf.h
++mail_addr.o: ../../include/vstring.h
++mail_addr.o: mail_addr.c
++mail_addr.o: mail_addr.h
++mail_addr.o: mail_params.h
++mail_addr_crunch.o: ../../include/argv.h
++mail_addr_crunch.o: ../../include/mymalloc.h
++mail_addr_crunch.o: ../../include/sys_defs.h
++mail_addr_crunch.o: ../../include/vbuf.h
++mail_addr_crunch.o: ../../include/vstring.h
++mail_addr_crunch.o: canon_addr.h
++mail_addr_crunch.o: mail_addr_crunch.c
++mail_addr_crunch.o: mail_addr_crunch.h
++mail_addr_crunch.o: resolve_clnt.h
++mail_addr_crunch.o: tok822.h
++mail_addr_find.o: ../../include/argv.h
++mail_addr_find.o: ../../include/dict.h
++mail_addr_find.o: ../../include/msg.h
++mail_addr_find.o: ../../include/mymalloc.h
++mail_addr_find.o: ../../include/stringops.h
++mail_addr_find.o: ../../include/sys_defs.h
++mail_addr_find.o: ../../include/vbuf.h
++mail_addr_find.o: ../../include/vstream.h
++mail_addr_find.o: ../../include/vstring.h
++mail_addr_find.o: mail_addr_find.c
++mail_addr_find.o: mail_addr_find.h
++mail_addr_find.o: mail_params.h
++mail_addr_find.o: maps.h
++mail_addr_find.o: resolve_local.h
++mail_addr_find.o: strip_addr.h
++mail_addr_map.o: ../../include/argv.h
++mail_addr_map.o: ../../include/dict.h
++mail_addr_map.o: ../../include/msg.h
++mail_addr_map.o: ../../include/mymalloc.h
++mail_addr_map.o: ../../include/sys_defs.h
++mail_addr_map.o: ../../include/vbuf.h
++mail_addr_map.o: ../../include/vstream.h
++mail_addr_map.o: ../../include/vstring.h
++mail_addr_map.o: mail_addr_crunch.h
++mail_addr_map.o: mail_addr_find.h
++mail_addr_map.o: mail_addr_map.c
++mail_addr_map.o: mail_addr_map.h
++mail_addr_map.o: maps.h
++mail_command_client.o: ../../include/attr.h
++mail_command_client.o: ../../include/iostuff.h
++mail_command_client.o: ../../include/sys_defs.h
++mail_command_client.o: ../../include/vbuf.h
++mail_command_client.o: ../../include/vstream.h
++mail_command_client.o: mail_command_client.c
++mail_command_client.o: mail_proto.h
++mail_command_server.o: ../../include/attr.h
++mail_command_server.o: ../../include/iostuff.h
++mail_command_server.o: ../../include/sys_defs.h
++mail_command_server.o: ../../include/vbuf.h
++mail_command_server.o: ../../include/vstream.h
++mail_command_server.o: mail_command_server.c
++mail_command_server.o: mail_proto.h
++mail_conf.o: ../../include/argv.h
++mail_conf.o: ../../include/dict.h
++mail_conf.o: ../../include/msg.h
++mail_conf.o: ../../include/mymalloc.h
++mail_conf.o: ../../include/readlline.h
++mail_conf.o: ../../include/safe.h
++mail_conf.o: ../../include/stringops.h
++mail_conf.o: ../../include/sys_defs.h
++mail_conf.o: ../../include/vbuf.h
++mail_conf.o: ../../include/vstream.h
++mail_conf.o: ../../include/vstring.h
++mail_conf.o: mail_conf.c
++mail_conf.o: mail_conf.h
++mail_conf.o: mail_params.h
++mail_conf_bool.o: ../../include/argv.h
++mail_conf_bool.o: ../../include/dict.h
++mail_conf_bool.o: ../../include/msg.h
++mail_conf_bool.o: ../../include/sys_defs.h
++mail_conf_bool.o: ../../include/vbuf.h
++mail_conf_bool.o: ../../include/vstream.h
++mail_conf_bool.o: ../../include/vstring.h
++mail_conf_bool.o: mail_conf.h
++mail_conf_bool.o: mail_conf_bool.c
++mail_conf_int.o: ../../include/argv.h
++mail_conf_int.o: ../../include/dict.h
++mail_conf_int.o: ../../include/msg.h
++mail_conf_int.o: ../../include/mymalloc.h
++mail_conf_int.o: ../../include/stringops.h
++mail_conf_int.o: ../../include/sys_defs.h
++mail_conf_int.o: ../../include/vbuf.h
++mail_conf_int.o: ../../include/vstream.h
++mail_conf_int.o: ../../include/vstring.h
++mail_conf_int.o: mail_conf.h
++mail_conf_int.o: mail_conf_int.c
++mail_conf_long.o: ../../include/argv.h
++mail_conf_long.o: ../../include/dict.h
++mail_conf_long.o: ../../include/msg.h
++mail_conf_long.o: ../../include/mymalloc.h
++mail_conf_long.o: ../../include/stringops.h
++mail_conf_long.o: ../../include/sys_defs.h
++mail_conf_long.o: ../../include/vbuf.h
++mail_conf_long.o: ../../include/vstream.h
++mail_conf_long.o: ../../include/vstring.h
++mail_conf_long.o: mail_conf.h
++mail_conf_long.o: mail_conf_long.c
++mail_conf_nint.o: ../../include/argv.h
++mail_conf_nint.o: ../../include/dict.h
++mail_conf_nint.o: ../../include/msg.h
++mail_conf_nint.o: ../../include/mymalloc.h
++mail_conf_nint.o: ../../include/stringops.h
++mail_conf_nint.o: ../../include/sys_defs.h
++mail_conf_nint.o: ../../include/vbuf.h
++mail_conf_nint.o: ../../include/vstream.h
++mail_conf_nint.o: ../../include/vstring.h
++mail_conf_nint.o: mail_conf.h
++mail_conf_nint.o: mail_conf_nint.c
++mail_conf_raw.o: ../../include/msg.h
++mail_conf_raw.o: ../../include/mymalloc.h
++mail_conf_raw.o: ../../include/sys_defs.h
++mail_conf_raw.o: mail_conf.h
++mail_conf_raw.o: mail_conf_raw.c
++mail_conf_str.o: ../../include/msg.h
++mail_conf_str.o: ../../include/mymalloc.h
++mail_conf_str.o: ../../include/stringops.h
++mail_conf_str.o: ../../include/sys_defs.h
++mail_conf_str.o: ../../include/vbuf.h
++mail_conf_str.o: ../../include/vstring.h
++mail_conf_str.o: mail_conf.h
++mail_conf_str.o: mail_conf_str.c
++mail_conf_time.o: ../../include/argv.h
++mail_conf_time.o: ../../include/dict.h
++mail_conf_time.o: ../../include/msg.h
++mail_conf_time.o: ../../include/mymalloc.h
++mail_conf_time.o: ../../include/stringops.h
++mail_conf_time.o: ../../include/sys_defs.h
++mail_conf_time.o: ../../include/vbuf.h
++mail_conf_time.o: ../../include/vstream.h
++mail_conf_time.o: ../../include/vstring.h
++mail_conf_time.o: conv_time.h
++mail_conf_time.o: mail_conf.h
++mail_conf_time.o: mail_conf_time.c
++mail_connect.o: ../../include/attr.h
++mail_connect.o: ../../include/connect.h
++mail_connect.o: ../../include/iostuff.h
++mail_connect.o: ../../include/msg.h
++mail_connect.o: ../../include/mymalloc.h
++mail_connect.o: ../../include/stringops.h
++mail_connect.o: ../../include/sys_defs.h
++mail_connect.o: ../../include/vbuf.h
++mail_connect.o: ../../include/vstream.h
++mail_connect.o: ../../include/vstring.h
++mail_connect.o: mail_connect.c
++mail_connect.o: mail_proto.h
++mail_connect.o: timed_ipc.h
++mail_copy.o: ../../include/htable.h
++mail_copy.o: ../../include/iostuff.h
++mail_copy.o: ../../include/msg.h
++mail_copy.o: ../../include/safe_open.h
++mail_copy.o: ../../include/stringops.h
++mail_copy.o: ../../include/sys_defs.h
++mail_copy.o: ../../include/vbuf.h
++mail_copy.o: ../../include/vstream.h
++mail_copy.o: ../../include/vstring.h
++mail_copy.o: ../../include/vstring_vstream.h
++mail_copy.o: dsn.h
++mail_copy.o: dsn_buf.h
++mail_copy.o: mail_addr.h
++mail_copy.o: mail_copy.c
++mail_copy.o: mail_copy.h
++mail_copy.o: mail_params.h
++mail_copy.o: mail_queue.h
++mail_copy.o: mark_corrupt.h
++mail_copy.o: mbox_open.h
++mail_copy.o: quote_822_local.h
++mail_copy.o: quote_flags.h
++mail_copy.o: rec_type.h
++mail_copy.o: record.h
++mail_copy.o: sys_exits.h
++mail_date.o: ../../include/msg.h
++mail_date.o: ../../include/sys_defs.h
++mail_date.o: ../../include/vbuf.h
++mail_date.o: ../../include/vstring.h
++mail_date.o: mail_date.c
++mail_date.o: mail_date.h
++mail_dict.o: ../../include/argv.h
++mail_dict.o: ../../include/dict.h
++mail_dict.o: ../../include/msg.h
++mail_dict.o: ../../include/sys_defs.h
++mail_dict.o: ../../include/vbuf.h
++mail_dict.o: ../../include/vstream.h
++mail_dict.o: ../../include/vstring.h
++mail_dict.o: dict_ldap.h
++mail_dict.o: dict_mysql.h
++mail_dict.o: dict_pgsql.h
++mail_dict.o: dict_proxy.h
++mail_dict.o: mail_dict.c
++mail_dict.o: mail_dict.h
++mail_error.o: ../../include/name_mask.h
++mail_error.o: ../../include/sys_defs.h
++mail_error.o: ../../include/vbuf.h
++mail_error.o: ../../include/vstring.h
++mail_error.o: mail_error.c
++mail_error.o: mail_error.h
++mail_flush.o: ../../include/attr.h
++mail_flush.o: ../../include/iostuff.h
++mail_flush.o: ../../include/sys_defs.h
++mail_flush.o: ../../include/vbuf.h
++mail_flush.o: ../../include/vstream.h
++mail_flush.o: mail_flush.c
++mail_flush.o: mail_flush.h
++mail_flush.o: mail_params.h
++mail_flush.o: mail_proto.h
++mail_open_ok.o: ../../include/msg.h
++mail_open_ok.o: ../../include/sys_defs.h
++mail_open_ok.o: ../../include/vbuf.h
++mail_open_ok.o: ../../include/vstream.h
++mail_open_ok.o: ../../include/vstring.h
++mail_open_ok.o: mail_open_ok.c
++mail_open_ok.o: mail_open_ok.h
++mail_open_ok.o: mail_queue.h
++mail_params.o: ../../include/argv.h
++mail_params.o: ../../include/attr.h
++mail_params.o: ../../include/dict.h
++mail_params.o: ../../include/dict_db.h
++mail_params.o: ../../include/get_hostname.h
++mail_params.o: ../../include/inet_addr_list.h
++mail_params.o: ../../include/inet_proto.h
++mail_params.o: ../../include/iostuff.h
++mail_params.o: ../../include/msg.h
++mail_params.o: ../../include/msg_syslog.h
++mail_params.o: ../../include/myaddrinfo.h
++mail_params.o: ../../include/mymalloc.h
++mail_params.o: ../../include/safe.h
++mail_params.o: ../../include/safe_open.h
++mail_params.o: ../../include/stringops.h
++mail_params.o: ../../include/sys_defs.h
++mail_params.o: ../../include/valid_hostname.h
++mail_params.o: ../../include/vbuf.h
++mail_params.o: ../../include/vstream.h
++mail_params.o: ../../include/vstring.h
++mail_params.o: ../../include/vstring_vstream.h
++mail_params.o: mail_conf.h
++mail_params.o: mail_params.c
++mail_params.o: mail_params.h
++mail_params.o: mail_proto.h
++mail_params.o: mail_version.h
++mail_params.o: mynetworks.h
++mail_params.o: own_inet_addr.h
++mail_params.o: recipient_list.h
++mail_params.o: verp_sender.h
++mail_pathname.o: ../../include/attr.h
++mail_pathname.o: ../../include/iostuff.h
++mail_pathname.o: ../../include/stringops.h
++mail_pathname.o: ../../include/sys_defs.h
++mail_pathname.o: ../../include/vbuf.h
++mail_pathname.o: ../../include/vstream.h
++mail_pathname.o: ../../include/vstring.h
++mail_pathname.o: mail_pathname.c
++mail_pathname.o: mail_proto.h
++mail_queue.o: ../../include/argv.h
++mail_queue.o: ../../include/dir_forest.h
++mail_queue.o: ../../include/make_dirs.h
++mail_queue.o: ../../include/msg.h
++mail_queue.o: ../../include/mymalloc.h
++mail_queue.o: ../../include/sane_fsops.h
++mail_queue.o: ../../include/split_at.h
++mail_queue.o: ../../include/sys_defs.h
++mail_queue.o: ../../include/valid_hostname.h
++mail_queue.o: ../../include/vbuf.h
++mail_queue.o: ../../include/vstream.h
++mail_queue.o: ../../include/vstring.h
++mail_queue.o: file_id.h
++mail_queue.o: mail_params.h
++mail_queue.o: mail_queue.c
++mail_queue.o: mail_queue.h
++mail_run.o: ../../include/msg.h
++mail_run.o: ../../include/mymalloc.h
++mail_run.o: ../../include/stringops.h
++mail_run.o: ../../include/sys_defs.h
++mail_run.o: ../../include/vbuf.h
++mail_run.o: ../../include/vstring.h
++mail_run.o: mail_params.h
++mail_run.o: mail_run.c
++mail_run.o: mail_run.h
++mail_scan_dir.o: ../../include/scan_dir.h
++mail_scan_dir.o: ../../include/sys_defs.h
++mail_scan_dir.o: mail_scan_dir.c
++mail_scan_dir.o: mail_scan_dir.h
++mail_stream.o: ../../include/argv.h
++mail_stream.o: ../../include/attr.h
++mail_stream.o: ../../include/iostuff.h
++mail_stream.o: ../../include/msg.h
++mail_stream.o: ../../include/mymalloc.h
++mail_stream.o: ../../include/sane_fsops.h
++mail_stream.o: ../../include/stringops.h
++mail_stream.o: ../../include/sys_defs.h
++mail_stream.o: ../../include/vbuf.h
++mail_stream.o: ../../include/vstream.h
++mail_stream.o: ../../include/vstring.h
++mail_stream.o: cleanup_user.h
++mail_stream.o: mail_params.h
++mail_stream.o: mail_proto.h
++mail_stream.o: mail_queue.h
++mail_stream.o: mail_stream.c
++mail_stream.o: mail_stream.h
++mail_stream.o: opened.h
++mail_task.o: ../../include/safe.h
++mail_task.o: ../../include/sys_defs.h
++mail_task.o: ../../include/vbuf.h
++mail_task.o: ../../include/vstring.h
++mail_task.o: mail_conf.h
++mail_task.o: mail_params.h
++mail_task.o: mail_task.c
++mail_task.o: mail_task.h
++mail_trigger.o: ../../include/attr.h
++mail_trigger.o: ../../include/iostuff.h
++mail_trigger.o: ../../include/msg.h
++mail_trigger.o: ../../include/mymalloc.h
++mail_trigger.o: ../../include/sys_defs.h
++mail_trigger.o: ../../include/trigger.h
++mail_trigger.o: ../../include/vbuf.h
++mail_trigger.o: ../../include/vstream.h
++mail_trigger.o: mail_params.h
++mail_trigger.o: mail_proto.h
++mail_trigger.o: mail_trigger.c
++mail_version.o: mail_version.c
++maps.o: ../../include/argv.h
++maps.o: ../../include/dict.h
++maps.o: ../../include/msg.h
++maps.o: ../../include/mymalloc.h
++maps.o: ../../include/split_at.h
++maps.o: ../../include/stringops.h
++maps.o: ../../include/sys_defs.h
++maps.o: ../../include/vbuf.h
++maps.o: ../../include/vstream.h
++maps.o: ../../include/vstring.h
++maps.o: mail_conf.h
++maps.o: maps.c
++maps.o: maps.h
++mark_corrupt.o: ../../include/attr.h
++mark_corrupt.o: ../../include/msg.h
++mark_corrupt.o: ../../include/set_eugid.h
++mark_corrupt.o: ../../include/sys_defs.h
++mark_corrupt.o: ../../include/vbuf.h
++mark_corrupt.o: ../../include/vstream.h
++mark_corrupt.o: ../../include/vstring.h
++mark_corrupt.o: deliver_request.h
++mark_corrupt.o: dsn.h
++mark_corrupt.o: mail_params.h
++mark_corrupt.o: mail_queue.h
++mark_corrupt.o: mark_corrupt.c
++mark_corrupt.o: mark_corrupt.h
++mark_corrupt.o: msg_stats.h
++mark_corrupt.o: recipient_list.h
++match_parent_style.o: ../../include/match_list.h
++match_parent_style.o: ../../include/match_ops.h
++match_parent_style.o: ../../include/sys_defs.h
++match_parent_style.o: mail_params.h
++match_parent_style.o: match_parent_style.c
++match_parent_style.o: match_parent_style.h
++match_parent_style.o: string_list.h
++match_service.o: ../../include/argv.h
++match_service.o: ../../include/msg.h
++match_service.o: ../../include/mymalloc.h
++match_service.o: ../../include/stringops.h
++match_service.o: ../../include/sys_defs.h
++match_service.o: ../../include/vbuf.h
++match_service.o: ../../include/vstring.h
++match_service.o: match_service.c
++match_service.o: match_service.h
++mbox_conf.o: ../../include/argv.h
++mbox_conf.o: ../../include/name_mask.h
++mbox_conf.o: ../../include/sys_defs.h
++mbox_conf.o: ../../include/vbuf.h
++mbox_conf.o: ../../include/vstring.h
++mbox_conf.o: mail_params.h
++mbox_conf.o: mbox_conf.c
++mbox_conf.o: mbox_conf.h
++mbox_open.o: ../../include/argv.h
++mbox_open.o: ../../include/iostuff.h
++mbox_open.o: ../../include/msg.h
++mbox_open.o: ../../include/myflock.h
++mbox_open.o: ../../include/mymalloc.h
++mbox_open.o: ../../include/safe_open.h
++mbox_open.o: ../../include/sys_defs.h
++mbox_open.o: ../../include/vbuf.h
++mbox_open.o: ../../include/vstream.h
++mbox_open.o: ../../include/vstring.h
++mbox_open.o: deliver_flock.h
++mbox_open.o: dot_lockfile.h
++mbox_open.o: dsn.h
++mbox_open.o: dsn_buf.h
++mbox_open.o: mbox_conf.h
++mbox_open.o: mbox_open.c
++mbox_open.o: mbox_open.h
++mime_state.o: ../../include/msg.h
++mime_state.o: ../../include/mymalloc.h
++mime_state.o: ../../include/sys_defs.h
++mime_state.o: ../../include/vbuf.h
++mime_state.o: ../../include/vstring.h
++mime_state.o: header_opts.h
++mime_state.o: header_token.h
++mime_state.o: is_header.h
++mime_state.o: lex_822.h
++mime_state.o: mail_params.h
++mime_state.o: mime_state.c
++mime_state.o: mime_state.h
++mime_state.o: rec_type.h
++mkmap_cdb.o: ../../include/argv.h
++mkmap_cdb.o: ../../include/dict.h
++mkmap_cdb.o: ../../include/dict_cdb.h
++mkmap_cdb.o: ../../include/mymalloc.h
++mkmap_cdb.o: ../../include/sys_defs.h
++mkmap_cdb.o: ../../include/vbuf.h
++mkmap_cdb.o: ../../include/vstream.h
++mkmap_cdb.o: ../../include/vstring.h
++mkmap_cdb.o: mkmap.h
++mkmap_cdb.o: mkmap_cdb.c
++mkmap_db.o: ../../include/argv.h
++mkmap_db.o: ../../include/dict.h
++mkmap_db.o: ../../include/dict_db.h
++mkmap_db.o: ../../include/msg.h
++mkmap_db.o: ../../include/myflock.h
++mkmap_db.o: ../../include/mymalloc.h
++mkmap_db.o: ../../include/stringops.h
++mkmap_db.o: ../../include/sys_defs.h
++mkmap_db.o: ../../include/vbuf.h
++mkmap_db.o: ../../include/vstream.h
++mkmap_db.o: ../../include/vstring.h
++mkmap_db.o: mail_params.h
++mkmap_db.o: mkmap.h
++mkmap_db.o: mkmap_db.c
++mkmap_dbm.o: ../../include/argv.h
++mkmap_dbm.o: ../../include/dict.h
++mkmap_dbm.o: ../../include/dict_dbm.h
++mkmap_dbm.o: ../../include/msg.h
++mkmap_dbm.o: ../../include/myflock.h
++mkmap_dbm.o: ../../include/mymalloc.h
++mkmap_dbm.o: ../../include/stringops.h
++mkmap_dbm.o: ../../include/sys_defs.h
++mkmap_dbm.o: ../../include/vbuf.h
++mkmap_dbm.o: ../../include/vstream.h
++mkmap_dbm.o: ../../include/vstring.h
++mkmap_dbm.o: mkmap.h
++mkmap_dbm.o: mkmap_dbm.c
++mkmap_open.o: ../../include/argv.h
++mkmap_open.o: ../../include/dict.h
++mkmap_open.o: ../../include/dict_cdb.h
++mkmap_open.o: ../../include/dict_db.h
++mkmap_open.o: ../../include/dict_dbm.h
++mkmap_open.o: ../../include/dict_sdbm.h
++mkmap_open.o: ../../include/msg.h
++mkmap_open.o: ../../include/mymalloc.h
++mkmap_open.o: ../../include/sigdelay.h
++mkmap_open.o: ../../include/sys_defs.h
++mkmap_open.o: ../../include/vbuf.h
++mkmap_open.o: ../../include/vstream.h
++mkmap_open.o: ../../include/vstring.h
++mkmap_open.o: dict_proxy.h
++mkmap_open.o: mkmap.h
++mkmap_open.o: mkmap_open.c
++mkmap_proxy.o: ../../include/argv.h
++mkmap_proxy.o: ../../include/dict.h
++mkmap_proxy.o: ../../include/mymalloc.h
++mkmap_proxy.o: ../../include/sys_defs.h
++mkmap_proxy.o: ../../include/vbuf.h
++mkmap_proxy.o: ../../include/vstream.h
++mkmap_proxy.o: ../../include/vstring.h
++mkmap_proxy.o: dict_proxy.h
++mkmap_proxy.o: mkmap.h
++mkmap_proxy.o: mkmap_proxy.c
++mkmap_sdbm.o: ../../include/argv.h
++mkmap_sdbm.o: ../../include/dict.h
++mkmap_sdbm.o: ../../include/dict_sdbm.h
++mkmap_sdbm.o: ../../include/msg.h
++mkmap_sdbm.o: ../../include/myflock.h
++mkmap_sdbm.o: ../../include/mymalloc.h
++mkmap_sdbm.o: ../../include/stringops.h
++mkmap_sdbm.o: ../../include/sys_defs.h
++mkmap_sdbm.o: ../../include/vbuf.h
++mkmap_sdbm.o: ../../include/vstream.h
++mkmap_sdbm.o: ../../include/vstring.h
++mkmap_sdbm.o: mkmap.h
++mkmap_sdbm.o: mkmap_sdbm.c
++msg_stats_print.o: ../../include/attr.h
++msg_stats_print.o: ../../include/iostuff.h
++msg_stats_print.o: ../../include/sys_defs.h
++msg_stats_print.o: ../../include/vbuf.h
++msg_stats_print.o: ../../include/vstream.h
++msg_stats_print.o: mail_proto.h
++msg_stats_print.o: msg_stats.h
++msg_stats_print.o: msg_stats_print.c
++msg_stats_scan.o: ../../include/attr.h
++msg_stats_scan.o: ../../include/iostuff.h
++msg_stats_scan.o: ../../include/msg.h
++msg_stats_scan.o: ../../include/sys_defs.h
++msg_stats_scan.o: ../../include/vbuf.h
++msg_stats_scan.o: ../../include/vstream.h
++msg_stats_scan.o: ../../include/vstring.h
++msg_stats_scan.o: mail_proto.h
++msg_stats_scan.o: msg_stats.h
++msg_stats_scan.o: msg_stats_scan.c
++mynetworks.o: ../../include/argv.h
++mynetworks.o: ../../include/inet_addr_list.h
++mynetworks.o: ../../include/mask_addr.h
++mynetworks.o: ../../include/msg.h
++mynetworks.o: ../../include/myaddrinfo.h
++mynetworks.o: ../../include/name_mask.h
++mynetworks.o: ../../include/sock_addr.h
++mynetworks.o: ../../include/sys_defs.h
++mynetworks.o: ../../include/vbuf.h
++mynetworks.o: ../../include/vstring.h
++mynetworks.o: been_here.h
++mynetworks.o: mail_params.h
++mynetworks.o: mynetworks.c
++mynetworks.o: mynetworks.h
++mynetworks.o: own_inet_addr.h
++mypwd.o: ../../include/binhash.h
++mypwd.o: ../../include/htable.h
++mypwd.o: ../../include/msg.h
++mypwd.o: ../../include/mymalloc.h
++mypwd.o: ../../include/sys_defs.h
++mypwd.o: mypwd.c
++mypwd.o: mypwd.h
++namadr_list.o: ../../include/match_list.h
++namadr_list.o: ../../include/match_ops.h
++namadr_list.o: ../../include/sys_defs.h
++namadr_list.o: namadr_list.c
++namadr_list.o: namadr_list.h
++off_cvt.o: ../../include/msg.h
++off_cvt.o: ../../include/sys_defs.h
++off_cvt.o: ../../include/vbuf.h
++off_cvt.o: ../../include/vstring.h
++off_cvt.o: off_cvt.c
++off_cvt.o: off_cvt.h
++opened.o: ../../include/msg.h
++opened.o: ../../include/sys_defs.h
++opened.o: ../../include/vbuf.h
++opened.o: ../../include/vstring.h
++opened.o: opened.c
++opened.o: opened.h
++own_inet_addr.o: ../../include/inet_addr_host.h
++own_inet_addr.o: ../../include/inet_addr_list.h
++own_inet_addr.o: ../../include/inet_addr_local.h
++own_inet_addr.o: ../../include/inet_proto.h
++own_inet_addr.o: ../../include/msg.h
++own_inet_addr.o: ../../include/myaddrinfo.h
++own_inet_addr.o: ../../include/mymalloc.h
++own_inet_addr.o: ../../include/sock_addr.h
++own_inet_addr.o: ../../include/stringops.h
++own_inet_addr.o: ../../include/sys_defs.h
++own_inet_addr.o: ../../include/vbuf.h
++own_inet_addr.o: ../../include/vstring.h
++own_inet_addr.o: mail_params.h
++own_inet_addr.o: own_inet_addr.c
++own_inet_addr.o: own_inet_addr.h
++pipe_command.o: ../../include/argv.h
++pipe_command.o: ../../include/chroot_uid.h
++pipe_command.o: ../../include/clean_env.h
++pipe_command.o: ../../include/exec_command.h
++pipe_command.o: ../../include/iostuff.h
++pipe_command.o: ../../include/msg.h
++pipe_command.o: ../../include/msg_vstream.h
++pipe_command.o: ../../include/set_eugid.h
++pipe_command.o: ../../include/set_ugid.h
++pipe_command.o: ../../include/stringops.h
++pipe_command.o: ../../include/sys_defs.h
++pipe_command.o: ../../include/timed_wait.h
++pipe_command.o: ../../include/vbuf.h
++pipe_command.o: ../../include/vstream.h
++pipe_command.o: ../../include/vstring.h
++pipe_command.o: dsn.h
++pipe_command.o: dsn_buf.h
++pipe_command.o: dsn_util.h
++pipe_command.o: mail_copy.h
++pipe_command.o: mail_params.h
++pipe_command.o: pipe_command.c
++pipe_command.o: pipe_command.h
++pipe_command.o: sys_exits.h
++post_mail.o: ../../include/attr.h
++post_mail.o: ../../include/events.h
++post_mail.o: ../../include/iostuff.h
++post_mail.o: ../../include/msg.h
++post_mail.o: ../../include/mymalloc.h
++post_mail.o: ../../include/sys_defs.h
++post_mail.o: ../../include/vbuf.h
++post_mail.o: ../../include/vstream.h
++post_mail.o: ../../include/vstring.h
++post_mail.o: cleanup_user.h
++post_mail.o: int_filt.h
++post_mail.o: mail_date.h
++post_mail.o: mail_params.h
++post_mail.o: mail_proto.h
++post_mail.o: post_mail.c
++post_mail.o: post_mail.h
++post_mail.o: rec_type.h
++post_mail.o: record.h
++quote_821_local.o: ../../include/sys_defs.h
++quote_821_local.o: ../../include/vbuf.h
++quote_821_local.o: ../../include/vstring.h
++quote_821_local.o: quote_821_local.c
++quote_821_local.o: quote_821_local.h
++quote_821_local.o: quote_flags.h
++quote_822_local.o: ../../include/sys_defs.h
++quote_822_local.o: ../../include/vbuf.h
++quote_822_local.o: ../../include/vstring.h
++quote_822_local.o: quote_822_local.c
++quote_822_local.o: quote_822_local.h
++quote_822_local.o: quote_flags.h
++rcpt_buf.o: ../../include/attr.h
++rcpt_buf.o: ../../include/iostuff.h
++rcpt_buf.o: ../../include/mymalloc.h
++rcpt_buf.o: ../../include/sys_defs.h
++rcpt_buf.o: ../../include/vbuf.h
++rcpt_buf.o: ../../include/vstream.h
++rcpt_buf.o: ../../include/vstring.h
++rcpt_buf.o: mail_proto.h
++rcpt_buf.o: rcpt_buf.c
++rcpt_buf.o: rcpt_buf.h
++rcpt_buf.o: recipient_list.h
++rcpt_print.o: ../../include/attr.h
++rcpt_print.o: ../../include/iostuff.h
++rcpt_print.o: ../../include/sys_defs.h
++rcpt_print.o: ../../include/vbuf.h
++rcpt_print.o: ../../include/vstream.h
++rcpt_print.o: mail_proto.h
++rcpt_print.o: rcpt_print.c
++rcpt_print.o: rcpt_print.h
++rcpt_print.o: recipient_list.h
++rec2stream.o: ../../include/sys_defs.h
++rec2stream.o: ../../include/vbuf.h
++rec2stream.o: ../../include/vstream.h
++rec2stream.o: ../../include/vstring.h
++rec2stream.o: rec2stream.c
++rec2stream.o: rec_streamlf.h
++rec2stream.o: rec_type.h
++rec2stream.o: record.h
++rec_attr_map.o: ../../include/attr.h
++rec_attr_map.o: ../../include/iostuff.h
++rec_attr_map.o: ../../include/sys_defs.h
++rec_attr_map.o: ../../include/vbuf.h
++rec_attr_map.o: ../../include/vstream.h
++rec_attr_map.o: mail_proto.h
++rec_attr_map.o: rec_attr_map.c
++rec_attr_map.o: rec_attr_map.h
++rec_attr_map.o: rec_type.h
++rec_streamlf.o: ../../include/sys_defs.h
++rec_streamlf.o: ../../include/vbuf.h
++rec_streamlf.o: ../../include/vstream.h
++rec_streamlf.o: ../../include/vstring.h
++rec_streamlf.o: rec_streamlf.c
++rec_streamlf.o: rec_streamlf.h
++rec_streamlf.o: rec_type.h
++rec_streamlf.o: record.h
++rec_type.o: rec_type.c
++rec_type.o: rec_type.h
++recdump.o: ../../include/msg_vstream.h
++recdump.o: ../../include/sys_defs.h
++recdump.o: ../../include/vbuf.h
++recdump.o: ../../include/vstream.h
++recdump.o: ../../include/vstring.h
++recdump.o: rec_streamlf.h
++recdump.o: rec_type.h
++recdump.o: recdump.c
++recdump.o: record.h
++recipient_list.o: ../../include/msg.h
++recipient_list.o: ../../include/mymalloc.h
++recipient_list.o: ../../include/sys_defs.h
++recipient_list.o: recipient_list.c
++recipient_list.o: recipient_list.h
++record.o: ../../include/msg.h
++record.o: ../../include/mymalloc.h
++record.o: ../../include/stringops.h
++record.o: ../../include/sys_defs.h
++record.o: ../../include/vbuf.h
++record.o: ../../include/vstream.h
++record.o: ../../include/vstring.h
++record.o: off_cvt.h
++record.o: rec_type.h
++record.o: record.c
++record.o: record.h
++remove.o: ../../include/sys_defs.h
++remove.o: ../../include/vbuf.h
++remove.o: ../../include/vstring.h
++remove.o: mail_params.h
++remove.o: remove.c
++resolve_clnt.o: ../../include/attr.h
++resolve_clnt.o: ../../include/events.h
++resolve_clnt.o: ../../include/iostuff.h
++resolve_clnt.o: ../../include/msg.h
++resolve_clnt.o: ../../include/sys_defs.h
++resolve_clnt.o: ../../include/vbuf.h
++resolve_clnt.o: ../../include/vstream.h
++resolve_clnt.o: ../../include/vstring.h
++resolve_clnt.o: ../../include/vstring_vstream.h
++resolve_clnt.o: clnt_stream.h
++resolve_clnt.o: mail_params.h
++resolve_clnt.o: mail_proto.h
++resolve_clnt.o: resolve_clnt.c
++resolve_clnt.o: resolve_clnt.h
++resolve_local.o: ../../include/inet_addr_list.h
++resolve_local.o: ../../include/match_list.h
++resolve_local.o: ../../include/match_ops.h
++resolve_local.o: ../../include/msg.h
++resolve_local.o: ../../include/myaddrinfo.h
++resolve_local.o: ../../include/mymalloc.h
++resolve_local.o: ../../include/sys_defs.h
++resolve_local.o: ../../include/valid_hostname.h
++resolve_local.o: mail_params.h
++resolve_local.o: own_inet_addr.h
++resolve_local.o: resolve_local.c
++resolve_local.o: resolve_local.h
++resolve_local.o: string_list.h
++resolve_local.o: valid_mailhost_addr.h
++rewrite_clnt.o: ../../include/attr.h
++rewrite_clnt.o: ../../include/events.h
++rewrite_clnt.o: ../../include/iostuff.h
++rewrite_clnt.o: ../../include/msg.h
++rewrite_clnt.o: ../../include/sys_defs.h
++rewrite_clnt.o: ../../include/vbuf.h
++rewrite_clnt.o: ../../include/vstream.h
++rewrite_clnt.o: ../../include/vstring.h
++rewrite_clnt.o: ../../include/vstring_vstream.h
++rewrite_clnt.o: clnt_stream.h
++rewrite_clnt.o: mail_params.h
++rewrite_clnt.o: mail_proto.h
++rewrite_clnt.o: quote_822_local.h
++rewrite_clnt.o: quote_flags.h
++rewrite_clnt.o: rewrite_clnt.c
++rewrite_clnt.o: rewrite_clnt.h
++scache.o: ../../include/argv.h
++scache.o: ../../include/events.h
++scache.o: ../../include/msg.h
++scache.o: ../../include/sys_defs.h
++scache.o: ../../include/vbuf.h
++scache.o: ../../include/vstream.h
++scache.o: ../../include/vstring.h
++scache.o: ../../include/vstring_vstream.h
++scache.o: scache.c
++scache.o: scache.h
++scache_clnt.o: ../../include/attr.h
++scache_clnt.o: ../../include/auto_clnt.h
++scache_clnt.o: ../../include/iostuff.h
++scache_clnt.o: ../../include/msg.h
++scache_clnt.o: ../../include/mymalloc.h
++scache_clnt.o: ../../include/stringops.h
++scache_clnt.o: ../../include/sys_defs.h
++scache_clnt.o: ../../include/vbuf.h
++scache_clnt.o: ../../include/vstream.h
++scache_clnt.o: ../../include/vstring.h
++scache_clnt.o: mail_params.h
++scache_clnt.o: mail_proto.h
++scache_clnt.o: scache.h
++scache_clnt.o: scache_clnt.c
++scache_multi.o: ../../include/events.h
++scache_multi.o: ../../include/htable.h
++scache_multi.o: ../../include/msg.h
++scache_multi.o: ../../include/mymalloc.h
++scache_multi.o: ../../include/ring.h
++scache_multi.o: ../../include/sys_defs.h
++scache_multi.o: ../../include/vbuf.h
++scache_multi.o: ../../include/vstring.h
++scache_multi.o: scache.h
++scache_multi.o: scache_multi.c
++scache_single.o: ../../include/events.h
++scache_single.o: ../../include/msg.h
++scache_single.o: ../../include/mymalloc.h
++scache_single.o: ../../include/sys_defs.h
++scache_single.o: ../../include/vbuf.h
++scache_single.o: ../../include/vstring.h
++scache_single.o: scache.h
++scache_single.o: scache_single.c
++sent.o: ../../include/attr.h
++sent.o: ../../include/msg.h
++sent.o: ../../include/sys_defs.h
++sent.o: ../../include/vbuf.h
++sent.o: ../../include/vstream.h
++sent.o: ../../include/vstring.h
++sent.o: bounce.h
++sent.o: defer.h
++sent.o: deliver_request.h
++sent.o: dsn.h
++sent.o: dsn_buf.h
++sent.o: dsn_mask.h
++sent.o: dsn_util.h
++sent.o: log_adhoc.h
++sent.o: mail_params.h
++sent.o: msg_stats.h
++sent.o: recipient_list.h
++sent.o: sent.c
++sent.o: sent.h
++sent.o: trace.h
++sent.o: verify.h
++smtp_stream.o: ../../include/iostuff.h
++smtp_stream.o: ../../include/msg.h
++smtp_stream.o: ../../include/sys_defs.h
++smtp_stream.o: ../../include/vbuf.h
++smtp_stream.o: ../../include/vstream.h
++smtp_stream.o: ../../include/vstring.h
++smtp_stream.o: ../../include/vstring_vstream.h
++smtp_stream.o: smtp_stream.c
++smtp_stream.o: smtp_stream.h
++split_addr.o: ../../include/split_at.h
++split_addr.o: ../../include/sys_defs.h
++split_addr.o: mail_addr.h
++split_addr.o: mail_params.h
++split_addr.o: split_addr.c
++split_addr.o: split_addr.h
++stream2rec.o: ../../include/sys_defs.h
++stream2rec.o: ../../include/vbuf.h
++stream2rec.o: ../../include/vstream.h
++stream2rec.o: ../../include/vstring.h
++stream2rec.o: rec_streamlf.h
++stream2rec.o: rec_type.h
++stream2rec.o: record.h
++stream2rec.o: stream2rec.c
++string_list.o: ../../include/match_list.h
++string_list.o: ../../include/match_ops.h
++string_list.o: ../../include/sys_defs.h
++string_list.o: string_list.c
++string_list.o: string_list.h
++strip_addr.o: ../../include/mymalloc.h
++strip_addr.o: ../../include/sys_defs.h
++strip_addr.o: split_addr.h
++strip_addr.o: strip_addr.c
++strip_addr.o: strip_addr.h
++sys_exits.o: ../../include/msg.h
++sys_exits.o: ../../include/sys_defs.h
++sys_exits.o: ../../include/vbuf.h
++sys_exits.o: ../../include/vstring.h
++sys_exits.o: sys_exits.c
++sys_exits.o: sys_exits.h
++timed_ipc.o: ../../include/msg.h
++timed_ipc.o: ../../include/sys_defs.h
++timed_ipc.o: ../../include/vbuf.h
++timed_ipc.o: ../../include/vstream.h
++timed_ipc.o: mail_params.h
++timed_ipc.o: timed_ipc.c
++timed_ipc.o: timed_ipc.h
++tok822_find.o: ../../include/sys_defs.h
++tok822_find.o: ../../include/vbuf.h
++tok822_find.o: ../../include/vstring.h
++tok822_find.o: resolve_clnt.h
++tok822_find.o: tok822.h
++tok822_find.o: tok822_find.c
++tok822_node.o: ../../include/mymalloc.h
++tok822_node.o: ../../include/sys_defs.h
++tok822_node.o: ../../include/vbuf.h
++tok822_node.o: ../../include/vstring.h
++tok822_node.o: resolve_clnt.h
++tok822_node.o: tok822.h
++tok822_node.o: tok822_node.c
++tok822_parse.o: ../../include/msg.h
++tok822_parse.o: ../../include/stringops.h
++tok822_parse.o: ../../include/sys_defs.h
++tok822_parse.o: ../../include/vbuf.h
++tok822_parse.o: ../../include/vstring.h
++tok822_parse.o: lex_822.h
++tok822_parse.o: quote_822_local.h
++tok822_parse.o: quote_flags.h
++tok822_parse.o: resolve_clnt.h
++tok822_parse.o: tok822.h
++tok822_parse.o: tok822_parse.c
++tok822_resolve.o: ../../include/msg.h
++tok822_resolve.o: ../../include/sys_defs.h
++tok822_resolve.o: ../../include/vbuf.h
++tok822_resolve.o: ../../include/vstring.h
++tok822_resolve.o: resolve_clnt.h
++tok822_resolve.o: tok822.h
++tok822_resolve.o: tok822_resolve.c
++tok822_rewrite.o: ../../include/attr.h
++tok822_rewrite.o: ../../include/iostuff.h
++tok822_rewrite.o: ../../include/msg.h
++tok822_rewrite.o: ../../include/sys_defs.h
++tok822_rewrite.o: ../../include/vbuf.h
++tok822_rewrite.o: ../../include/vstream.h
++tok822_rewrite.o: ../../include/vstring.h
++tok822_rewrite.o: mail_proto.h
++tok822_rewrite.o: resolve_clnt.h
++tok822_rewrite.o: rewrite_clnt.h
++tok822_rewrite.o: tok822.h
++tok822_rewrite.o: tok822_rewrite.c
++tok822_tree.o: ../../include/mymalloc.h
++tok822_tree.o: ../../include/sys_defs.h
++tok822_tree.o: ../../include/vbuf.h
++tok822_tree.o: ../../include/vstring.h
++tok822_tree.o: resolve_clnt.h
++tok822_tree.o: tok822.h
++tok822_tree.o: tok822_tree.c
++trace.o: ../../include/attr.h
++trace.o: ../../include/iostuff.h
++trace.o: ../../include/msg.h
++trace.o: ../../include/sys_defs.h
++trace.o: ../../include/vbuf.h
++trace.o: ../../include/vstream.h
++trace.o: ../../include/vstring.h
++trace.o: bounce.h
++trace.o: deliver_request.h
++trace.o: dsn.h
++trace.o: dsn_buf.h
++trace.o: dsn_print.h
++trace.o: log_adhoc.h
++trace.o: mail_params.h
++trace.o: mail_proto.h
++trace.o: msg_stats.h
++trace.o: rcpt_print.h
++trace.o: recipient_list.h
++trace.o: trace.c
++trace.o: trace.h
++user_acl.o: ../../include/match_list.h
++user_acl.o: ../../include/match_ops.h
++user_acl.o: ../../include/sys_defs.h
++user_acl.o: ../../include/vbuf.h
++user_acl.o: ../../include/vstring.h
++user_acl.o: mail_params.h
++user_acl.o: mypwd.h
++user_acl.o: string_list.h
++user_acl.o: user_acl.c
++user_acl.o: user_acl.h
++valid_mailhost_addr.o: ../../include/msg.h
++valid_mailhost_addr.o: ../../include/myaddrinfo.h
++valid_mailhost_addr.o: ../../include/sys_defs.h
++valid_mailhost_addr.o: ../../include/valid_hostname.h
++valid_mailhost_addr.o: valid_mailhost_addr.c
++valid_mailhost_addr.o: valid_mailhost_addr.h
++verify.o: ../../include/attr.h
++verify.o: ../../include/iostuff.h
++verify.o: ../../include/msg.h
++verify.o: ../../include/sys_defs.h
++verify.o: ../../include/vbuf.h
++verify.o: ../../include/vstream.h
++verify.o: ../../include/vstring.h
++verify.o: deliver_request.h
++verify.o: dsn.h
++verify.o: log_adhoc.h
++verify.o: mail_params.h
++verify.o: mail_proto.h
++verify.o: msg_stats.h
++verify.o: recipient_list.h
++verify.o: verify.c
++verify.o: verify.h
++verify.o: verify_clnt.h
++verify_clnt.o: ../../include/attr.h
++verify_clnt.o: ../../include/iostuff.h
++verify_clnt.o: ../../include/msg.h
++verify_clnt.o: ../../include/sys_defs.h
++verify_clnt.o: ../../include/vbuf.h
++verify_clnt.o: ../../include/vstream.h
++verify_clnt.o: ../../include/vstring.h
++verify_clnt.o: clnt_stream.h
++verify_clnt.o: deliver_request.h
++verify_clnt.o: dsn.h
++verify_clnt.o: mail_params.h
++verify_clnt.o: mail_proto.h
++verify_clnt.o: msg_stats.h
++verify_clnt.o: recipient_list.h
++verify_clnt.o: verify_clnt.c
++verify_clnt.o: verify_clnt.h
++verp_sender.o: ../../include/sys_defs.h
++verp_sender.o: ../../include/vbuf.h
++verp_sender.o: ../../include/vstring.h
++verp_sender.o: mail_params.h
++verp_sender.o: recipient_list.h
++verp_sender.o: verp_sender.c
++verp_sender.o: verp_sender.h
++wildcard_inet_addr.o: ../../include/inet_addr_host.h
++wildcard_inet_addr.o: ../../include/inet_addr_list.h
++wildcard_inet_addr.o: ../../include/msg.h
++wildcard_inet_addr.o: ../../include/myaddrinfo.h
++wildcard_inet_addr.o: ../../include/sys_defs.h
++wildcard_inet_addr.o: wildcard_inet_addr.c
++wildcard_inet_addr.o: wildcard_inet_addr.h
++xtext.o: ../../include/msg.h
++xtext.o: ../../include/sys_defs.h
++xtext.o: ../../include/vbuf.h
++xtext.o: ../../include/vstring.h
++xtext.o: xtext.c
++xtext.o: xtext.h
+diff -ruN a/src/global/mail_conf.c b/src/global/mail_conf.c
+--- a/src/global/mail_conf.c	2009-06-01 12:27:43.000000000 +0000
++++ b/src/global/mail_conf.c	2009-06-01 13:08:26.000000000 +0000
+@@ -182,6 +182,13 @@
+     path = concatenate(var_config_dir, "/", "main.cf", (char *) 0);
+     dict_load_file(CONFIG_DICT, path);
+     myfree(path);
++
++#ifndef NO_DYNAMIC_MAPS
++    path = concatenate(var_config_dir, "/", "dynamicmaps.cf", (char *) 0);
++    dict_open_dlinfo(path);
++    myfree(path);
++#endif
++
+ }
+ 
+ /* mail_conf_flush - discard configuration dictionary */
+diff -ruN a/src/global/mail_conf.c.orig b/src/global/mail_conf.c.orig
+--- a/src/global/mail_conf.c.orig	1970-01-01 00:00:00.000000000 +0000
++++ b/src/global/mail_conf.c.orig	2009-06-01 13:07:56.000000000 +0000
+@@ -0,0 +1,229 @@
++/*++
++/* NAME
++/*	mail_conf 3
++/* SUMMARY
++/*	global configuration parameter management
++/* SYNOPSIS
++/*	#include <mail_conf.h>
++/*
++/*	void	mail_conf_read()
++/*
++/*	void	mail_conf_suck()
++/*
++/*	void	mail_conf_flush()
++/*
++/*	void	mail_conf_update(name, value)
++/*	const char *name;
++/*	const char *value;
++/*
++/*	const char *mail_conf_lookup(name)
++/*	const char *name;
++/*
++/*	const char *mail_conf_eval(string)
++/*	const char *string;
++/*
++/*	const char *mail_conf_lookup_eval(name)
++/*	const char *name;
++/* DESCRIPTION
++/*	mail_conf_suck() reads the global Postfix configuration file, and
++/*	stores its values into a global configuration dictionary.
++/*
++/*	mail_conf_read() invokes mail_conf_suck() and assigns the values
++/*	to global variables by calling mail_params_init().
++/*
++/*	mail_conf_flush() discards the global configuration dictionary.
++/*	This is needed in programs that read main.cf multiple times, to
++/*	ensure that deleted parameter settings are handled properly.
++/*
++/*	The following routines are wrappers around the generic dictionary
++/*	access routines.
++/*
++/*	mail_conf_update() updates the named global parameter. This has
++/*	no effect on parameters whose value has already been looked up.
++/*	The update succeeds or the program terminates with fatal error.
++/*
++/*	mail_conf_lookup() looks up the value of the named parameter.
++/*	A null pointer result means the parameter was not found.
++/*	The result is volatile and should be copied if it is to be
++/*	used for any appreciable amount of time.
++/*
++/*	mail_conf_eval() recursively expands any $parameters in the
++/*	string argument. The result is volatile and should be copied
++/*	if it is to be used for any appreciable amount of time.
++/*
++/*	mail_conf_lookup_eval() looks up the named parameter, and expands any
++/*	$parameters in the result. The result is volatile and should be
++/*	copied if it is to be used for any appreciable amount of time.
++/* DIAGNOSTICS
++/*	Fatal errors: malformed numerical value.
++/* ENVIRONMENT
++/*	MAIL_CONFIG, non-default configuration database
++/*	MAIL_VERBOSE, enable verbose mode
++/* FILES
++/*	/etc/postfix: default Postfix configuration directory.
++/* SEE ALSO
++/*	dict(3) generic dictionary manager
++/*	mail_conf_int(3) integer-valued parameters
++/*	mail_conf_str(3) string-valued parameters
++/* LICENSE
++/* .ad
++/* .fi
++/*	The Secure Mailer license must be distributed with this software.
++/* AUTHOR(S)
++/*	Wietse Venema
++/*	IBM T.J. Watson Research
++/*	P.O. Box 704
++/*	Yorktown Heights, NY 10598, USA
++/*--*/
++
++/* System library. */
++
++#include <sys_defs.h>
++#include <unistd.h>
++#include <stdlib.h>
++#include <string.h>
++
++/* Utility library. */
++
++#include <msg.h>
++#include <mymalloc.h>
++#include <vstream.h>
++#include <vstring.h>
++#include <dict.h>
++#include <safe.h>
++#include <stringops.h>
++#include <readlline.h>
++
++/* Global library. */
++
++#include "mail_params.h"
++#include "mail_conf.h"
++
++/* mail_conf_checkdir - authorize non-default directory */
++
++static void mail_conf_checkdir(const char *config_dir)
++{
++    VSTRING *buf;
++    VSTREAM *fp;
++    char   *path;
++    char   *name;
++    char   *value;
++    char   *cp;
++    int     found = 0;
++
++    /*
++     * If running set-[ug]id, require that a non-default configuration
++     * directory name is blessed as a bona fide configuration directory in
++     * the default main.cf file.
++     */
++    path = concatenate(DEF_CONFIG_DIR, "/", "main.cf", (char *) 0);
++    if ((fp = vstream_fopen(path, O_RDONLY, 0)) == 0)
++	msg_fatal("open file %s: %m", path);
++
++    buf = vstring_alloc(1);
++    while (found == 0 && readlline(buf, fp, (int *) 0)) {
++	if (split_nameval(vstring_str(buf), &name, &value) == 0
++	    && (strcmp(name, VAR_CONFIG_DIRS) == 0
++		|| strcmp(name, VAR_MULTI_CONF_DIRS) == 0)) {
++	    while (found == 0 && (cp = mystrtok(&value, ", \t\r\n")) != 0)
++		if (strcmp(cp, config_dir) == 0)
++		    found = 1;
++	}
++    }
++    if (vstream_fclose(fp))
++	msg_fatal("read file %s: %m", path);
++    vstring_free(buf);
++
++    if (found == 0) {
++	msg_error("untrusted configuration directory name: %s", config_dir);
++	msg_fatal("specify \"%s = %s\" in %s",
++		  VAR_CONFIG_DIRS, config_dir, path);
++    }
++    myfree(path);
++}
++
++/* mail_conf_read - read global configuration file */
++
++void    mail_conf_read(void)
++{
++    mail_conf_suck();
++    mail_params_init();
++}
++
++/* mail_conf_suck - suck in the global configuration file */
++
++void    mail_conf_suck(void)
++{
++    char   *config_dir;
++    char   *path;
++
++    /*
++     * Permit references to unknown configuration variable names. We rely on
++     * a separate configuration checking tool to spot misspelled names and
++     * other kinds of trouble. Enter the configuration directory into the
++     * default dictionary.
++     */
++    dict_unknown_allowed = 1;
++    if (var_config_dir)
++	myfree(var_config_dir);
++    if ((config_dir = getenv(CONF_ENV_PATH)) == 0)
++	config_dir = DEF_CONFIG_DIR;
++    var_config_dir = mystrdup(config_dir);
++    set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);
++
++    /*
++     * If the configuration directory name comes from a different trust
++     * domain, require that it is listed in the default main.cf file.
++     */
++    if (strcmp(var_config_dir, DEF_CONFIG_DIR) != 0	/* non-default */
++	&& safe_getenv(CONF_ENV_PATH) == 0	/* non-default */
++	&& geteuid() != 0)			/* untrusted */
++	mail_conf_checkdir(var_config_dir);
++    path = concatenate(var_config_dir, "/", "main.cf", (char *) 0);
++    dict_load_file(CONFIG_DICT, path);
++    myfree(path);
++}
++
++/* mail_conf_flush - discard configuration dictionary */
++
++void mail_conf_flush(void)
++{
++    if (dict_handle(CONFIG_DICT) != 0)
++        dict_unregister(CONFIG_DICT);
++}
++
++/* mail_conf_eval - expand macros in string */
++
++const char *mail_conf_eval(const char *string)
++{
++#define RECURSIVE	1
++
++    return (dict_eval(CONFIG_DICT, string, RECURSIVE));
++}
++
++/* mail_conf_lookup - lookup named variable */
++
++const char *mail_conf_lookup(const char *name)
++{
++    return (dict_lookup(CONFIG_DICT, name));
++}
++
++/* mail_conf_lookup_eval - expand named variable */
++
++const char *mail_conf_lookup_eval(const char *name)
++{
++    const char *value;
++
++#define RECURSIVE	1
++
++    if ((value = dict_lookup(CONFIG_DICT, name)) != 0)
++	value = dict_eval(CONFIG_DICT, value, RECURSIVE);
++    return (value);
++}
++
++/* mail_conf_update - update parameter */
++
++void    mail_conf_update(const char *key, const char *value)
++{
++    dict_update(CONFIG_DICT, key, value);
++}
+diff -ruN a/src/global/mail_dict.c b/src/global/mail_dict.c
+--- a/src/global/mail_dict.c	2009-06-01 12:27:43.000000000 +0000
++++ b/src/global/mail_dict.c	2009-06-01 13:08:26.000000000 +0000
+@@ -45,6 +45,7 @@
+ 
+ static const DICT_OPEN_INFO dict_open_info[] = {
+     DICT_TYPE_PROXY, dict_proxy_open,
++#ifdef NO_DYNAMIC_MAPS
+ #ifdef HAS_LDAP
+     DICT_TYPE_LDAP, dict_ldap_open,
+ #endif
+@@ -54,6 +55,7 @@
+ #ifdef HAS_PGSQL
+     DICT_TYPE_PGSQL, dict_pgsql_open,
+ #endif
++#endif /* NO_DYNAMIC_MAPS */
+     0,
+ };
+ 
+diff -ruN a/src/global/mail_params.c b/src/global/mail_params.c
+--- a/src/global/mail_params.c	2009-06-01 12:27:43.000000000 +0000
++++ b/src/global/mail_params.c	2009-06-01 13:08:26.000000000 +0000
+@@ -79,6 +79,7 @@
+ /*	char	*var_export_environ;
+ /*	char	*var_debug_peer_list;
+ /*	int	var_debug_peer_level;
++/*	int	var_command_maxtime;
+ /*	int	var_in_flow_delay;
+ /*	int	var_fault_inj_code;
+ /*	char   *var_bounce_service;
+@@ -265,6 +266,7 @@
+ char   *var_export_environ;
+ char   *var_debug_peer_list;
+ int     var_debug_peer_level;
++int	var_command_maxtime;
+ int     var_fault_inj_code;
+ char   *var_bounce_service;
+ char   *var_cleanup_service;
+@@ -276,6 +278,7 @@
+ char   *var_error_service;
+ char   *var_flush_service;
+ char   *var_verify_service;
++char   *var_scache_service;
+ char   *var_trace_service;
+ char   *var_proxymap_service;
+ char   *var_proxywrite_service;
+diff -ruN a/src/global/mail_params.c.orig b/src/global/mail_params.c.orig
+--- a/src/global/mail_params.c.orig	1970-01-01 00:00:00.000000000 +0000
++++ b/src/global/mail_params.c.orig	2009-06-01 13:07:56.000000000 +0000
+@@ -0,0 +1,752 @@
++/*++
++/* NAME
++/*	mail_params 3
++/* SUMMARY
++/*	global mail configuration parameters
++/* SYNOPSIS
++/*	#include <mail_params.h>
++/*
++/*	char	*var_myhostname;
++/*	char	*var_mydomain;
++/*	char	*var_myorigin;
++/*	char	*var_mydest;
++/*	char	*var_relayhost;
++/*	char	*var_transit_origin;
++/*	char	*var_transit_dest;
++/*	char	*var_mail_name;
++/*	int	var_helpful_warnings;
++/*	char	*var_syslog_name;
++/*	char	*var_mail_owner;
++/*	uid_t	var_owner_uid;
++/*	gid_t	var_owner_gid;
++/*	char	*var_sgid_group;
++/*	gid_t	var_sgid_gid;
++/*	char	*var_default_privs;
++/*	uid_t	var_default_uid;
++/*	gid_t	var_default_gid;
++/*	char	*var_config_dir;
++/*	char	*var_daemon_dir;
++/*	char	*var_data_dir;
++/*	char	*var_command_dir;
++/*	char	*var_queue_dir;
++/*	int	var_use_limit;
++/*	int	var_idle_limit;
++/*	int	var_event_drain;
++/*	int	var_bundle_rcpt;
++/*	char	*var_procname;
++/*	int	var_pid;
++/*	int	var_ipc_timeout;
++/*	char	*var_pid_dir;
++/*	int	var_dont_remove;
++/*	char	*var_inet_interfaces;
++/*	char	*var_proxy_interfaces;
++/*	char	*var_inet_protocols;
++/*	char	*var_mynetworks;
++/*	char	*var_double_bounce_sender;
++/*	int	var_line_limit;
++/*	char	*var_alias_db_map;
++/*	int	var_message_limit;
++/*	char	*var_mail_release;
++/*	char	*var_mail_version;
++/*	int	var_ipc_idle_limit;
++/*	int	var_ipc_ttl_limit;
++/*	char	*var_db_type;
++/*	char	*var_hash_queue_names;
++/*	int	var_hash_queue_depth;
++/*	int	var_trigger_timeout;
++/*	char	*var_rcpt_delim;
++/*	int	var_fork_tries;
++/*	int	var_fork_delay;
++/*	int	var_flock_tries;
++/*	int	var_flock_delay;
++/*	int	var_flock_stale;
++/*	int	var_disable_dns;
++/*	int	var_soft_bounce;
++/*	time_t	var_starttime;
++/*	int	var_ownreq_special;
++/*	int	var_daemon_timeout;
++/*	char	*var_syslog_facility;
++/*	char	*var_relay_domains;
++/*	char	*var_fflush_domains;
++/*	char	*var_mynetworks_style;
++/*	char	*var_verp_delims;
++/*	char	*var_verp_filter;
++/*	char	*var_par_dom_match;
++/*	char	*var_config_dirs;
++/*
++/*	int	var_inet_windowsize;
++/*	char	*var_import_environ;
++/*	char	*var_export_environ;
++/*	char	*var_debug_peer_list;
++/*	int	var_debug_peer_level;
++/*	int	var_in_flow_delay;
++/*	int	var_fault_inj_code;
++/*	char   *var_bounce_service;
++/*	char   *var_cleanup_service;
++/*	char   *var_defer_service;
++/*	char   *var_pickup_service;
++/*	char   *var_queue_service;
++/*	char   *var_rewrite_service;
++/*	char   *var_showq_service;
++/*	char   *var_error_service;
++/*	char   *var_flush_service;
++/*	char   *var_verify_service;
++/*	char   *var_trace_service;
++/*	char   *var_proxymap_service;
++/*	char   *var_proxywrite_service;
++/*	int	var_db_create_buf;
++/*	int	var_db_read_buf;
++/*	int	var_mime_maxdepth;
++/*	int	var_mime_bound_len;
++/*	int	var_header_limit;
++/*	int	var_token_limit;
++/*	int	var_disable_mime_input;
++/*	int	var_disable_mime_oconv;
++/*	int     var_strict_8bitmime;
++/*	int     var_strict_7bit_hdrs;
++/*	int     var_strict_8bit_body;
++/*	int     var_strict_encoding;
++/*	int     var_verify_neg_cache;
++/*	int	var_oldlog_compat;
++/*	int	var_delay_max_res;
++/*	char	*var_int_filt_classes;
++/*	int	var_cyrus_sasl_authzid;
++/*
++/*	char	*var_multi_conf_dirs;
++/*	char	*var_multi_wrapper;
++/*	char	*var_multi_group;
++/*	char	*var_multi_name;
++/*	bool	var_multi_enable;
++/*
++/*	void	mail_params_init()
++/*
++/*	const	char null_format_string[1];
++/* DESCRIPTION
++/*	This module (actually the associated include file) define the names
++/*	and defaults of all mail configuration parameters.
++/*
++/*	mail_params_init() initializes the built-in parameters listed above.
++/*	These parameters are relied upon by library routines, so they are
++/*	initialized globally so as to avoid hard-to-find errors due to
++/*	missing initialization. This routine must be called early, at
++/*	least before entering a chroot jail.
++/*
++/*	null_format_string is a workaround for gcc compilers that complain
++/*	about empty or null format strings.
++/* DIAGNOSTICS
++/*	Fatal errors: out of memory; null system or domain name.
++/* LICENSE
++/* .ad
++/* .fi
++/*	The Secure Mailer license must be distributed with this software.
++/* AUTHOR(S)
++/*	Wietse Venema
++/*	IBM T.J. Watson Research
++/*	P.O. Box 704
++/*	Yorktown Heights, NY 10598, USA
++/*--*/
++
++/* System library. */
++
++#include <sys_defs.h>
++#include <unistd.h>
++#include <stdlib.h>
++#include <string.h>
++#include <pwd.h>
++#include <grp.h>
++#include <time.h>
++#include <ctype.h>
++
++#ifdef STRCASECMP_IN_STRINGS_H
++#include <strings.h>
++#endif
++
++/* Utility library. */
++
++#include <msg.h>
++#include <msg_syslog.h>
++#include <get_hostname.h>
++#include <valid_hostname.h>
++#include <stringops.h>
++#include <safe.h>
++#include <safe_open.h>
++#include <mymalloc.h>
++#ifdef HAS_DB
++#include <dict_db.h>
++#endif
++#include <inet_proto.h>
++#include <vstring_vstream.h>
++#include <iostuff.h>
++
++/* Global library. */
++
++#include <mynetworks.h>
++#include <mail_conf.h>
++#include <mail_version.h>
++#include <mail_proto.h>
++#include <verp_sender.h>
++#include <own_inet_addr.h>
++#include <mail_params.h>
++
++ /*
++  * Special configuration variables.
++  */
++char   *var_myhostname;
++char   *var_mydomain;
++char   *var_myorigin;
++char   *var_mydest;
++char   *var_relayhost;
++char   *var_transit_origin;
++char   *var_transit_dest;
++char   *var_mail_name;
++int     var_helpful_warnings;
++char   *var_syslog_name;
++char   *var_mail_owner;
++uid_t   var_owner_uid;
++gid_t   var_owner_gid;
++char   *var_sgid_group;
++gid_t   var_sgid_gid;
++char   *var_default_privs;
++uid_t   var_default_uid;
++gid_t   var_default_gid;
++char   *var_config_dir;
++char   *var_daemon_dir;
++char   *var_data_dir;
++char   *var_command_dir;
++char   *var_queue_dir;
++int     var_use_limit;
++int     var_event_drain;
++int     var_idle_limit;
++int     var_bundle_rcpt;
++char   *var_procname;
++int     var_pid;
++int     var_ipc_timeout;
++char   *var_pid_dir;
++int     var_dont_remove;
++char   *var_inet_interfaces;
++char   *var_proxy_interfaces;
++char   *var_inet_protocols;
++char   *var_mynetworks;
++char   *var_double_bounce_sender;
++int     var_line_limit;
++char   *var_alias_db_map;
++int     var_message_limit;
++char   *var_mail_release;
++char   *var_mail_version;
++int     var_ipc_idle_limit;
++int     var_ipc_ttl_limit;
++char   *var_db_type;
++char   *var_hash_queue_names;
++int     var_hash_queue_depth;
++int     var_trigger_timeout;
++char   *var_rcpt_delim;
++int     var_fork_tries;
++int     var_fork_delay;
++int     var_flock_tries;
++int     var_flock_delay;
++int     var_flock_stale;
++int     var_disable_dns;
++int     var_soft_bounce;
++time_t  var_starttime;
++int     var_ownreq_special;
++int     var_daemon_timeout;
++char   *var_syslog_facility;
++char   *var_relay_domains;
++char   *var_fflush_domains;
++char   *var_mynetworks_style;
++char   *var_verp_delims;
++char   *var_verp_filter;
++int     var_in_flow_delay;
++char   *var_par_dom_match;
++char   *var_config_dirs;
++
++int     var_inet_windowsize;
++char   *var_import_environ;
++char   *var_export_environ;
++char   *var_debug_peer_list;
++int     var_debug_peer_level;
++int     var_fault_inj_code;
++char   *var_bounce_service;
++char   *var_cleanup_service;
++char   *var_defer_service;
++char   *var_pickup_service;
++char   *var_queue_service;
++char   *var_rewrite_service;
++char   *var_showq_service;
++char   *var_error_service;
++char   *var_flush_service;
++char   *var_verify_service;
++char   *var_trace_service;
++char   *var_proxymap_service;
++char   *var_proxywrite_service;
++int     var_db_create_buf;
++int     var_db_read_buf;
++int     var_mime_maxdepth;
++int     var_mime_bound_len;
++int     var_header_limit;
++int     var_token_limit;
++int     var_disable_mime_input;
++int     var_disable_mime_oconv;
++int     var_strict_8bitmime;
++int     var_strict_7bit_hdrs;
++int     var_strict_8bit_body;
++int     var_strict_encoding;
++int     var_verify_neg_cache;
++int     var_oldlog_compat;
++int     var_delay_max_res;
++char   *var_int_filt_classes;
++int     var_cyrus_sasl_authzid;
++
++char   *var_multi_conf_dirs;
++char   *var_multi_wrapper;
++char   *var_multi_group;
++char   *var_multi_name;
++bool    var_multi_enable;
++
++const char null_format_string[1] = "";
++
++/* check_myhostname - lookup hostname and validate */
++
++static const char *check_myhostname(void)
++{
++    static const char *name;
++    const char *dot;
++    const char *domain;
++
++    /*
++     * Use cached result.
++     */
++    if (name)
++	return (name);
++
++    /*
++     * If the local machine name is not in FQDN form, try to append the
++     * contents of $mydomain. Use a default domain as a final workaround.
++     */
++    name = get_hostname();
++    if ((dot = strchr(name, '.')) == 0) {
++	if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0)
++	    domain = DEF_MYDOMAIN;
++	name = concatenate(name, ".", domain, (char *) 0);
++    }
++    return (name);
++}
++
++/* check_mydomainname - lookup domain name and validate */
++
++static const char *check_mydomainname(void)
++{
++    char   *dot;
++
++    /*
++     * Use a default domain when the hostname is not a FQDN ("foo").
++     */
++    if ((dot = strchr(var_myhostname, '.')) == 0)
++	return (DEF_MYDOMAIN);
++    return (dot + 1);
++}
++
++/* check_default_privs - lookup default user attributes and validate */
++
++static void check_default_privs(void)
++{
++    struct passwd *pwd;
++
++    if ((pwd = getpwnam(var_default_privs)) == 0)
++	msg_fatal("file %s/%s: parameter %s: unknown user name value: %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_DEFAULT_PRIVS, var_default_privs);
++    if ((var_default_uid = pwd->pw_uid) == 0)
++	msg_fatal("file %s/%s: parameter %s: user %s has privileged user ID",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_DEFAULT_PRIVS, var_default_privs);
++    if ((var_default_gid = pwd->pw_gid) == 0)
++	msg_fatal("file %s/%s: parameter %s: user %s has privileged group ID",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_DEFAULT_PRIVS, var_default_privs);
++}
++
++/* check_mail_owner - lookup owner user attributes and validate */
++
++static void check_mail_owner(void)
++{
++    struct passwd *pwd;
++
++    if ((pwd = getpwnam(var_mail_owner)) == 0)
++	msg_fatal("file %s/%s: parameter %s: unknown user name value: %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_MAIL_OWNER, var_mail_owner);
++    if ((var_owner_uid = pwd->pw_uid) == 0)
++	msg_fatal("file %s/%s: parameter %s: user %s has privileged user ID",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_MAIL_OWNER, var_mail_owner);
++    if ((var_owner_gid = pwd->pw_gid) == 0)
++	msg_fatal("file %s/%s: parameter %s: user %s has privileged group ID",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_MAIL_OWNER, var_mail_owner);
++
++    /*
++     * This detects only some forms of sharing. Enumerating the entire
++     * password file name space could be expensive. The purpose of this code
++     * is to discourage user ID sharing by developers and package
++     * maintainers.
++     */
++    if ((pwd = getpwuid(var_owner_uid)) != 0
++	&& strcmp(pwd->pw_name, var_mail_owner) != 0)
++	msg_fatal("file %s/%s: parameter %s: user %s has same user ID as %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_MAIL_OWNER, var_mail_owner, pwd->pw_name);
++}
++
++/* check_sgid_group - lookup setgid group attributes and validate */
++
++static void check_sgid_group(void)
++{
++    struct group *grp;
++
++    if ((grp = getgrnam(var_sgid_group)) == 0)
++	msg_fatal("file %s/%s: parameter %s: unknown group name: %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_SGID_GROUP, var_sgid_group);
++    if ((var_sgid_gid = grp->gr_gid) == 0)
++	msg_fatal("file %s/%s: parameter %s: group %s has privileged group ID",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_SGID_GROUP, var_sgid_group);
++
++    /*
++     * This detects only some forms of sharing. Enumerating the entire group
++     * file name space could be expensive. The purpose of this code is to
++     * discourage group ID sharing by developers and package maintainers.
++     */
++    if ((grp = getgrgid(var_sgid_gid)) != 0
++	&& strcmp(grp->gr_name, var_sgid_group) != 0)
++	msg_fatal("file %s/%s: parameter %s: group %s has same group ID as %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_SGID_GROUP, var_sgid_group, grp->gr_name);
++}
++
++/* check_overlap - disallow UID or GID sharing */
++
++static void check_overlap(void)
++{
++    if (strcmp(var_default_privs, var_mail_owner) == 0)
++	msg_fatal("file %s/%s: parameters %s and %s specify the same user %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER,
++		  var_default_privs);
++    if (var_default_uid == var_owner_uid)
++	msg_fatal("file %s/%s: parameters %s and %s: users %s and %s have the same user ID: %ld",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER,
++		  var_default_privs, var_mail_owner,
++		  (long) var_owner_uid);
++    if (var_default_gid == var_owner_gid)
++	msg_fatal("file %s/%s: parameters %s and %s: users %s and %s have the same group ID: %ld",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_DEFAULT_PRIVS, VAR_MAIL_OWNER,
++		  var_default_privs, var_mail_owner,
++		  (long) var_owner_gid);
++    if (var_default_gid == var_sgid_gid)
++	msg_fatal("file %s/%s: parameters %s and %s: user %s and group %s have the same group ID: %ld",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_DEFAULT_PRIVS, VAR_SGID_GROUP,
++		  var_default_privs, var_sgid_group,
++		  (long) var_sgid_gid);
++    if (var_owner_gid == var_sgid_gid)
++	msg_fatal("file %s/%s: parameters %s and %s: user %s and group %s have the same group ID: %ld",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_MAIL_OWNER, VAR_SGID_GROUP,
++		  var_mail_owner, var_sgid_group,
++		  (long) var_sgid_gid);
++}
++
++#ifdef MYORIGIN_FROM_FILE
++
++/* read_param_from_file - read parameter value from file */
++
++static char *read_param_from_file(const char *path)
++{
++    VSTRING *why = vstring_alloc(100);
++    VSTRING *buf = vstring_alloc(100);
++    VSTREAM *fp;
++    char   *bp;
++    char   *result;
++
++    /*
++     * Ugly macros to make complex expressions less unreadable.
++     */
++#define SKIP(start, var, cond) \
++	for (var = start; *var && (cond); var++);
++
++#define TRIM(s) { \
++	char *p; \
++	for (p = (s) + strlen(s); p > (s) && ISSPACE(p[-1]); p--); \
++	*p = 0; \
++    }
++
++    fp = safe_open(path, O_RDONLY, 0, (struct stat *) 0, -1, -1, why);
++    if (fp == 0)
++	msg_fatal("%s: %s", path, vstring_str(why));
++    vstring_get_nonl(buf, fp);
++    if (vstream_ferror(fp))			/* FIX 20070501 */
++	msg_fatal("%s: read error: %m", path);
++    vstream_fclose(fp);
++    SKIP(vstring_str(buf), bp, ISSPACE(*bp));
++    TRIM(bp);
++    result = mystrdup(bp);
++
++    vstring_free(why);
++    vstring_free(buf);
++    return (result);
++}
++
++#endif
++
++/* mail_params_init - configure built-in parameters */
++
++void    mail_params_init()
++{
++    static const CONFIG_STR_TABLE first_str_defaults[] = {
++	VAR_SYSLOG_FACILITY, DEF_SYSLOG_FACILITY, &var_syslog_facility, 1, 0,
++	VAR_INET_PROTOCOLS, DEF_INET_PROTOCOLS, &var_inet_protocols, 1, 0,
++	VAR_MULTI_CONF_DIRS, DEF_MULTI_CONF_DIRS, &var_multi_conf_dirs, 0, 0,
++	VAR_MULTI_WRAPPER, DEF_MULTI_WRAPPER, &var_multi_wrapper, 0, 0,
++	VAR_MULTI_GROUP, DEF_MULTI_GROUP, &var_multi_group, 0, 0,
++	VAR_MULTI_NAME, DEF_MULTI_NAME, &var_multi_name, 0, 0,
++	0,
++    };
++    static const CONFIG_STR_FN_TABLE function_str_defaults[] = {
++	VAR_MYHOSTNAME, check_myhostname, &var_myhostname, 1, 0,
++	VAR_MYDOMAIN, check_mydomainname, &var_mydomain, 1, 0,
++	0,
++    };
++    static const CONFIG_STR_TABLE other_str_defaults[] = {
++	VAR_MAIL_NAME, DEF_MAIL_NAME, &var_mail_name, 1, 0,
++	VAR_SYSLOG_NAME, DEF_SYSLOG_NAME, &var_syslog_name, 1, 0,
++	VAR_MAIL_OWNER, DEF_MAIL_OWNER, &var_mail_owner, 1, 0,
++	VAR_SGID_GROUP, DEF_SGID_GROUP, &var_sgid_group, 1, 0,
++	VAR_MYDEST, DEF_MYDEST, &var_mydest, 0, 0,
++	VAR_MYORIGIN, DEF_MYORIGIN, &var_myorigin, 1, 0,
++	VAR_RELAYHOST, DEF_RELAYHOST, &var_relayhost, 0, 0,
++	VAR_DAEMON_DIR, DEF_DAEMON_DIR, &var_daemon_dir, 1, 0,
++	VAR_DATA_DIR, DEF_DATA_DIR, &var_data_dir, 1, 0,
++	VAR_COMMAND_DIR, DEF_COMMAND_DIR, &var_command_dir, 1, 0,
++	VAR_QUEUE_DIR, DEF_QUEUE_DIR, &var_queue_dir, 1, 0,
++	VAR_PID_DIR, DEF_PID_DIR, &var_pid_dir, 1, 0,
++	VAR_INET_INTERFACES, DEF_INET_INTERFACES, &var_inet_interfaces, 1, 0,
++	VAR_PROXY_INTERFACES, DEF_PROXY_INTERFACES, &var_proxy_interfaces, 0, 0,
++	VAR_DOUBLE_BOUNCE, DEF_DOUBLE_BOUNCE, &var_double_bounce_sender, 1, 0,
++	VAR_DEFAULT_PRIVS, DEF_DEFAULT_PRIVS, &var_default_privs, 1, 0,
++	VAR_ALIAS_DB_MAP, DEF_ALIAS_DB_MAP, &var_alias_db_map, 0, 0,
++	VAR_MAIL_RELEASE, DEF_MAIL_RELEASE, &var_mail_release, 1, 0,
++	VAR_MAIL_VERSION, DEF_MAIL_VERSION, &var_mail_version, 1, 0,
++	VAR_DB_TYPE, DEF_DB_TYPE, &var_db_type, 1, 0,
++	VAR_HASH_QUEUE_NAMES, DEF_HASH_QUEUE_NAMES, &var_hash_queue_names, 1, 0,
++	VAR_RCPT_DELIM, DEF_RCPT_DELIM, &var_rcpt_delim, 0, 1,
++	VAR_RELAY_DOMAINS, DEF_RELAY_DOMAINS, &var_relay_domains, 0, 0,
++	VAR_FFLUSH_DOMAINS, DEF_FFLUSH_DOMAINS, &var_fflush_domains, 0, 0,
++	VAR_EXPORT_ENVIRON, DEF_EXPORT_ENVIRON, &var_export_environ, 0, 0,
++	VAR_IMPORT_ENVIRON, DEF_IMPORT_ENVIRON, &var_import_environ, 0, 0,
++	VAR_MYNETWORKS_STYLE, DEF_MYNETWORKS_STYLE, &var_mynetworks_style, 1, 0,
++	VAR_DEBUG_PEER_LIST, DEF_DEBUG_PEER_LIST, &var_debug_peer_list, 0, 0,
++	VAR_VERP_DELIMS, DEF_VERP_DELIMS, &var_verp_delims, 2, 2,
++	VAR_VERP_FILTER, DEF_VERP_FILTER, &var_verp_filter, 1, 0,
++	VAR_PAR_DOM_MATCH, DEF_PAR_DOM_MATCH, &var_par_dom_match, 0, 0,
++	VAR_CONFIG_DIRS, DEF_CONFIG_DIRS, &var_config_dirs, 0, 0,
++	VAR_BOUNCE_SERVICE, DEF_BOUNCE_SERVICE, &var_bounce_service, 1, 0,
++	VAR_CLEANUP_SERVICE, DEF_CLEANUP_SERVICE, &var_cleanup_service, 1, 0,
++	VAR_DEFER_SERVICE, DEF_DEFER_SERVICE, &var_defer_service, 1, 0,
++	VAR_PICKUP_SERVICE, DEF_PICKUP_SERVICE, &var_pickup_service, 1, 0,
++	VAR_QUEUE_SERVICE, DEF_QUEUE_SERVICE, &var_queue_service, 1, 0,
++	VAR_REWRITE_SERVICE, DEF_REWRITE_SERVICE, &var_rewrite_service, 1, 0,
++	VAR_SHOWQ_SERVICE, DEF_SHOWQ_SERVICE, &var_showq_service, 1, 0,
++	VAR_ERROR_SERVICE, DEF_ERROR_SERVICE, &var_error_service, 1, 0,
++	VAR_FLUSH_SERVICE, DEF_FLUSH_SERVICE, &var_flush_service, 1, 0,
++	VAR_VERIFY_SERVICE, DEF_VERIFY_SERVICE, &var_verify_service, 1, 0,
++	VAR_TRACE_SERVICE, DEF_TRACE_SERVICE, &var_trace_service, 1, 0,
++	VAR_PROXYMAP_SERVICE, DEF_PROXYMAP_SERVICE, &var_proxymap_service, 1, 0,
++	VAR_PROXYWRITE_SERVICE, DEF_PROXYWRITE_SERVICE, &var_proxywrite_service, 1, 0,
++	VAR_INT_FILT_CLASSES, DEF_INT_FILT_CLASSES, &var_int_filt_classes, 0, 0,
++	0,
++    };
++    static const CONFIG_STR_FN_TABLE function_str_defaults_2[] = {
++	VAR_MYNETWORKS, mynetworks, &var_mynetworks, 0, 0,
++	0,
++    };
++    static const CONFIG_INT_TABLE other_int_defaults[] = {
++	VAR_MAX_USE, DEF_MAX_USE, &var_use_limit, 1, 0,
++	VAR_DONT_REMOVE, DEF_DONT_REMOVE, &var_dont_remove, 0, 0,
++	VAR_LINE_LIMIT, DEF_LINE_LIMIT, &var_line_limit, 512, 0,
++	VAR_MESSAGE_LIMIT, DEF_MESSAGE_LIMIT, &var_message_limit, 0, 0,
++	VAR_HASH_QUEUE_DEPTH, DEF_HASH_QUEUE_DEPTH, &var_hash_queue_depth, 1, 0,
++	VAR_FORK_TRIES, DEF_FORK_TRIES, &var_fork_tries, 1, 0,
++	VAR_FLOCK_TRIES, DEF_FLOCK_TRIES, &var_flock_tries, 1, 0,
++	VAR_DEBUG_PEER_LEVEL, DEF_DEBUG_PEER_LEVEL, &var_debug_peer_level, 1, 0,
++	VAR_FAULT_INJ_CODE, DEF_FAULT_INJ_CODE, &var_fault_inj_code, 0, 0,
++	VAR_DB_CREATE_BUF, DEF_DB_CREATE_BUF, &var_db_create_buf, 1, 0,
++	VAR_DB_READ_BUF, DEF_DB_READ_BUF, &var_db_read_buf, 1, 0,
++	VAR_HEADER_LIMIT, DEF_HEADER_LIMIT, &var_header_limit, 1, 0,
++	VAR_TOKEN_LIMIT, DEF_TOKEN_LIMIT, &var_token_limit, 1, 0,
++	VAR_MIME_MAXDEPTH, DEF_MIME_MAXDEPTH, &var_mime_maxdepth, 1, 0,
++	VAR_MIME_BOUND_LEN, DEF_MIME_BOUND_LEN, &var_mime_bound_len, 1, 0,
++	VAR_DELAY_MAX_RES, DEF_DELAY_MAX_RES, &var_delay_max_res, MIN_DELAY_MAX_RES, MAX_DELAY_MAX_RES,
++	VAR_INET_WINDOW, DEF_INET_WINDOW, &var_inet_windowsize, 0, 0,
++	0,
++    };
++    static const CONFIG_TIME_TABLE time_defaults[] = {
++	VAR_EVENT_DRAIN, DEF_EVENT_DRAIN, &var_event_drain, 1, 0,
++	VAR_MAX_IDLE, DEF_MAX_IDLE, &var_idle_limit, 1, 0,
++	VAR_IPC_TIMEOUT, DEF_IPC_TIMEOUT, &var_ipc_timeout, 1, 0,
++	VAR_IPC_IDLE, DEF_IPC_IDLE, &var_ipc_idle_limit, 1, 0,
++	VAR_IPC_TTL, DEF_IPC_TTL, &var_ipc_ttl_limit, 1, 0,
++	VAR_TRIGGER_TIMEOUT, DEF_TRIGGER_TIMEOUT, &var_trigger_timeout, 1, 0,
++	VAR_FORK_DELAY, DEF_FORK_DELAY, &var_fork_delay, 1, 0,
++	VAR_FLOCK_DELAY, DEF_FLOCK_DELAY, &var_flock_delay, 1, 0,
++	VAR_FLOCK_STALE, DEF_FLOCK_STALE, &var_flock_stale, 1, 0,
++	VAR_DAEMON_TIMEOUT, DEF_DAEMON_TIMEOUT, &var_daemon_timeout, 1, 0,
++	VAR_IN_FLOW_DELAY, DEF_IN_FLOW_DELAY, &var_in_flow_delay, 0, 10,
++	0,
++    };
++    static const CONFIG_BOOL_TABLE bool_defaults[] = {
++	VAR_DISABLE_DNS, DEF_DISABLE_DNS, &var_disable_dns,
++	VAR_SOFT_BOUNCE, DEF_SOFT_BOUNCE, &var_soft_bounce,
++	VAR_OWNREQ_SPECIAL, DEF_OWNREQ_SPECIAL, &var_ownreq_special,
++	VAR_STRICT_8BITMIME, DEF_STRICT_8BITMIME, &var_strict_8bitmime,
++	VAR_STRICT_7BIT_HDRS, DEF_STRICT_7BIT_HDRS, &var_strict_7bit_hdrs,
++	VAR_STRICT_8BIT_BODY, DEF_STRICT_8BIT_BODY, &var_strict_8bit_body,
++	VAR_STRICT_ENCODING, DEF_STRICT_ENCODING, &var_strict_encoding,
++	VAR_DISABLE_MIME_INPUT, DEF_DISABLE_MIME_INPUT, &var_disable_mime_input,
++	VAR_DISABLE_MIME_OCONV, DEF_DISABLE_MIME_OCONV, &var_disable_mime_oconv,
++	VAR_VERIFY_NEG_CACHE, DEF_VERIFY_NEG_CACHE, &var_verify_neg_cache,
++	VAR_OLDLOG_COMPAT, DEF_OLDLOG_COMPAT, &var_oldlog_compat,
++	VAR_HELPFUL_WARNINGS, DEF_HELPFUL_WARNINGS, &var_helpful_warnings,
++	VAR_CYRUS_SASL_AUTHZID, DEF_CYRUS_SASL_AUTHZID, &var_cyrus_sasl_authzid,
++	VAR_MULTI_ENABLE, DEF_MULTI_ENABLE, &var_multi_enable,
++	0,
++    };
++    const char *cp;
++    INET_PROTO_INFO *proto_info;
++
++    /*
++     * Extract syslog_facility early, so that from here on all errors are
++     * logged with the proper facility.
++     */
++    get_mail_conf_str_table(first_str_defaults);
++
++    if (!msg_syslog_facility(var_syslog_facility))
++	msg_fatal("file %s/%s: parameter %s: unrecognized value: %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_SYSLOG_FACILITY, var_syslog_facility);
++
++    /*
++     * What protocols should we attempt to support? The result is stored in
++     * the global inet_proto_table variable.
++     */
++    proto_info = inet_proto_init(VAR_INET_PROTOCOLS, var_inet_protocols);
++
++    /*
++     * Variables whose defaults are determined at runtime. Some sites use
++     * short hostnames in the host table; some sites name their system after
++     * the domain.
++     */
++    get_mail_conf_str_fn_table(function_str_defaults);
++    if (!valid_hostname(var_myhostname, DO_GRIPE))
++	msg_fatal("file %s/%s: parameter %s: bad parameter value: %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_MYHOSTNAME, var_myhostname);
++    if (!valid_hostname(var_mydomain, DO_GRIPE))
++	msg_fatal("file %s/%s: parameter %s: bad parameter value: %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_MYDOMAIN, var_mydomain);
++
++    /*
++     * Variables that are needed by almost every program.
++     * 
++     * XXX Reading the myorigin value from file is originally a Debian Linux
++     * feature. This code is not enabled by default because of problems: 1)
++     * it re-implements its own parameter syntax checks, and 2) it does not
++     * implement $name expansions.
++     */
++    get_mail_conf_str_table(other_str_defaults);
++#ifdef MYORIGIN_FROM_FILE
++    if (*var_myorigin == '/') {
++	char   *origin = read_param_from_file(var_myorigin);
++
++	if (*origin == 0)
++	    msg_fatal("%s file %s is empty", VAR_MYORIGIN, var_myorigin);
++	myfree(var_myorigin);			/* FIX 20070501 */
++	var_myorigin = origin;
++    }
++#endif
++    get_mail_conf_int_table(other_int_defaults);
++    get_mail_conf_bool_table(bool_defaults);
++    get_mail_conf_time_table(time_defaults);
++    check_default_privs();
++    check_mail_owner();
++    check_sgid_group();
++    check_overlap();
++#ifdef HAS_DB
++    dict_db_cache_size = var_db_read_buf;
++#endif
++    inet_windowsize = var_inet_windowsize;
++
++    /*
++     * Variables whose defaults are determined at runtime, after other
++     * variables have been set. This dependency is admittedly a bit tricky.
++     * XXX Perhaps we should just register variables, and let the evaluator
++     * figure out in what order to evaluate things.
++     */
++    get_mail_conf_str_fn_table(function_str_defaults_2);
++
++    /*
++     * FIX 200412 The IPv6 patch did not call own_inet_addr_list() before
++     * entering the chroot jail on Linux IPv6 systems. Linux has the IPv6
++     * interface list in /proc, which is not available after chrooting.
++     */
++    (void) own_inet_addr_list();
++
++    /*
++     * The PID variable cannot be set from the configuration file!!
++     */
++    set_mail_conf_int(VAR_PID, var_pid = getpid());
++
++    /*
++     * Neither can the start time variable. It isn't even visible.
++     */
++    time(&var_starttime);
++
++    /*
++     * Export the syslog name so children can inherit and use it before they
++     * have initialized.
++     */
++    if ((cp = safe_getenv(CONF_ENV_LOGTAG)) == 0
++	|| strcmp(cp, var_syslog_name) != 0)
++	if (setenv(CONF_ENV_LOGTAG, var_syslog_name, 1) < 0)
++	    msg_fatal("setenv %s %s: %m", CONF_ENV_LOGTAG, var_syslog_name);
++
++    /*
++     * I have seen this happen just too often.
++     */
++    if (strcasecmp(var_myhostname, var_relayhost) == 0)
++	msg_fatal("%s and %s parameter settings must not be identical: %s",
++		  VAR_MYHOSTNAME, VAR_RELAYHOST, var_myhostname);
++
++    /*
++     * XXX These should be caught by a proper parameter parsing algorithm.
++     */
++    if (var_myorigin[strcspn(var_myorigin, ", \t\r\n")])
++	msg_fatal("%s parameter setting must not contain multiple values: %s",
++		  VAR_MYORIGIN, var_myorigin);
++
++    if (var_relayhost[strcspn(var_relayhost, ", \t\r\n")])
++	msg_fatal("%s parameter setting must not contain multiple values: %s",
++		  VAR_RELAYHOST, var_relayhost);
++
++    /*
++     * One more sanity check.
++     */
++    if ((cp = verp_delims_verify(var_verp_delims)) != 0)
++	msg_fatal("file %s/%s: parameters %s and %s: %s",
++		  var_config_dir, MAIN_CONF_FILE,
++		  VAR_VERP_DELIMS, VAR_VERP_FILTER, cp);
++}
+diff -ruN a/src/global/mkmap_open.c b/src/global/mkmap_open.c
+--- a/src/global/mkmap_open.c	2009-06-01 12:27:44.000000000 +0000
++++ b/src/global/mkmap_open.c	2009-06-01 13:08:26.000000000 +0000
+@@ -81,7 +81,7 @@
+   * We use a different table (in dict_open.c) when querying maps.
+   */
+ typedef struct {
+-    char   *type;
++    const char   *type;
+     MKMAP  *(*before_open) (const char *);
+ } MKMAP_OPEN_INFO;
+ 
+@@ -156,7 +156,16 @@
+      */
+     for (mp = mkmap_types; /* void */ ; mp++) {
+ 	if (mp->type == 0)
++#ifndef NO_DYNAMIC_MAPS
++	{
++	    static MKMAP_OPEN_INFO oi;
++	    oi.before_open=(MKMAP*(*)(const char*))dict_mkmap_func(type);
++	    oi.type=type;
++	    mp=&oi;
++	}
++#else
+ 	    msg_fatal("unsupported map type: %s", type);
++#endif
+ 	if (strcmp(type, mp->type) == 0)
+ 	    break;
+     }
+diff -ruN a/src/master/Makefile.in b/src/master/Makefile.in
+--- a/src/master/Makefile.in	2009-06-01 12:27:44.000000000 +0000
++++ b/src/master/Makefile.in	2009-06-01 13:08:26.000000000 +0000
+@@ -20,7 +20,7 @@
+ INC_DIR	= ../../include
+ BIN_DIR	= ../../libexec
+ 
+-.c.o:;	$(CC) $(CFLAGS) -c $*.c
++.c.o:;	$(CC) `for i in $(LIB_OBJ); do [ $$i = $@ ] && echo -fPIC; done` $(CFLAGS) -c $*.c
+ 
+ all:	$(PROG) $(LIB)
+ 
+@@ -39,12 +39,10 @@
+ root_tests:
+ 
+ $(LIB):	$(LIB_OBJ)
+-	$(AR) $(ARFL) $(LIB) $?
+-	$(RANLIB) $(LIB)
++	gcc -shared -Wl,-soname,libpostfix-master.so.1 -o $(LIB) $(LIB_OBJ) $(LIBS) $(SYSLIBS)
+ 
+ $(LIB_DIR)/$(LIB): $(LIB)
+ 	cp $(LIB) $(LIB_DIR)/$(LIB)
+-	$(RANLIB) $(LIB_DIR)/$(LIB)
+ 
+ $(BIN_DIR)/$(PROG): $(PROG)
+ 	 cp $(PROG) $(BIN_DIR)
+diff -ruN a/src/milter/Makefile.in b/src/milter/Makefile.in
+--- a/src/milter/Makefile.in	2009-06-01 12:27:45.000000000 +0000
++++ b/src/milter/Makefile.in	2009-06-01 13:08:26.000000000 +0000
+@@ -14,7 +14,7 @@
+ INC_DIR	= ../../include
+ MAKES	=
+ 
+-.c.o:;	$(CC) $(CFLAGS) -c $*.c
++.c.o:;	$(CC) -fPIC $(CFLAGS) -c $*.c
+ 
+ all: $(LIB)
+ 
+@@ -30,12 +30,10 @@
+ root_tests:
+ 
+ $(LIB):	$(OBJS)
+-	$(AR) $(ARFL) $(LIB) $?
+-	$(RANLIB) $(LIB)
++	 gcc -shared -Wl,-soname,libpostfix-milter.so.1 -o $(LIB) $(OBJS) $(LIBS) $(SYSLIBS)
+ 
+ $(LIB_DIR)/$(LIB): $(LIB)
+ 	cp $(LIB) $(LIB_DIR)
+-	$(RANLIB) $(LIB_DIR)/$(LIB)
+ 
+ update: $(LIB_DIR)/$(LIB) $(HDRS)
+ 	-for i in $(HDRS); \
+diff -ruN a/src/postconf/postconf.c b/src/postconf/postconf.c
+--- a/src/postconf/postconf.c	2009-06-01 12:27:45.000000000 +0000
++++ b/src/postconf/postconf.c	2009-06-01 13:08:26.000000000 +0000
+@@ -962,6 +962,16 @@
+ {
+     ARGV   *maps_argv;
+     int     i;
++#ifndef NO_DYNAMIC_MAPS
++    char   *path;
++    char   *config_dir;
++
++    var_config_dir = mystrdup((config_dir = safe_getenv(CONF_ENV_PATH)) != 0 ?
++			      config_dir : DEF_CONFIG_DIR);	/* XXX */
++    path = concatenate(var_config_dir, "/", "dynamicmaps.cf", (char *) 0);
++    dict_open_dlinfo(path);
++    myfree(path);
++#endif
+ 
+     maps_argv = dict_mapnames();
+     for (i = 0; i < maps_argv->argc; i++)
+diff -ruN a/src/postconf/postconf.c.orig b/src/postconf/postconf.c.orig
+--- a/src/postconf/postconf.c.orig	1970-01-01 00:00:00.000000000 +0000
++++ b/src/postconf/postconf.c.orig	2009-06-01 13:07:57.000000000 +0000
+@@ -0,0 +1,1218 @@
++/*++
++/* NAME
++/*	postconf 1
++/* SUMMARY
++/*	Postfix configuration utility
++/* SYNOPSIS
++/* .fi
++/*	\fBpostconf\fR [\fB-dhnv\fR] [\fB-c \fIconfig_dir\fR]
++/*	[\fIparameter ...\fR]
++/*
++/*	\fBpostconf\fR [\fB-aAmlv\fR] [\fB-c \fIconfig_dir\fR]
++/*
++/*	\fBpostconf\fR [\fB-ev\fR] [\fB-c \fIconfig_dir\fR]
++/*	[\fIparameter=value ...\fR]
++/*
++/*	\fBpostconf\fR [\fB-#v\fR] [\fB-c \fIconfig_dir\fR]
++/*	[\fIparameter ...\fR]
++/*
++/*	\fBpostconf\fR [\fB-btv\fR] [\fB-c \fIconfig_dir\fR] [\fItemplate_file\fR]
++/* DESCRIPTION
++/*	The \fBpostconf\fR(1) command displays the actual values
++/*	of configuration parameters, changes configuration parameter
++/*	values, or displays other configuration information about
++/*	the Postfix mail system.
++/*
++/*	Options:
++/* .IP \fB-a\fR
++/*	List the available SASL server plug-in types.  The SASL
++/*	plug-in type is selected with the \fBsmtpd_sasl_type\fR
++/*	configuration parameter by specifying one of the names
++/*	listed below.
++/* .RS
++/* .IP \fBcyrus\fR
++/*	This server plug-in is available when Postfix is built with
++/*	Cyrus SASL support.
++/* .IP \fBdovecot\fR
++/*	This server plug-in uses the Dovecot authentication server,
++/*	and is available when Postfix is built with any form of SASL
++/*	support.
++/* .RE
++/* .IP
++/*	This feature is available with Postfix 2.3 and later.
++/* .IP \fB-A\fR
++/*	List the available SASL client plug-in types.  The SASL
++/*	plug-in type is selected with the \fBsmtp_sasl_type\fR or
++/*	\fBlmtp_sasl_type\fR configuration parameters by specifying
++/*	one of the names listed below.
++/* .RS
++/* .IP \fBcyrus\fR
++/*	This client plug-in is available when Postfix is built with
++/*	Cyrus SASL support.
++/* .RE
++/* .IP
++/*	This feature is available with Postfix 2.3 and later.
++/* .IP "\fB-b\fR [\fItemplate_file\fR]"
++/*	Display the message text that appears at the beginning of
++/*	delivery status notification (DSN) messages, with $\fBname\fR
++/*	expressions replaced by actual values.  To override the
++/*	built-in message text, specify a template file at the end
++/*	of the command line, or specify a template file in main.cf
++/*	with the \fBbounce_template_file\fR parameter.
++/*	To force selection of the built-in message text templates,
++/*	specify an empty template file name (in shell language: "").
++/*
++/*	This feature is available with Postfix 2.3 and later.
++/* .IP "\fB-c \fIconfig_dir\fR"
++/*	The \fBmain.cf\fR configuration file is in the named directory
++/*	instead of the default configuration directory.
++/* .IP \fB-d\fR
++/*	Print default parameter settings instead of actual settings.
++/* .IP \fB-e\fR
++/*	Edit the \fBmain.cf\fR configuration file. The file is copied
++/*	to a temporary file then renamed into place. Parameters and
++/*	values are specified on the command line. Use quotes in order
++/*	to protect shell metacharacters and whitespace.
++/* .IP \fB-h\fR
++/*	Show parameter values only, not the ``name = '' label
++/*	that normally precedes the value.
++/* .IP \fB-l\fR
++/*	List the names of all supported mailbox locking methods.
++/*	Postfix supports the following methods:
++/* .RS
++/* .IP \fBflock\fR
++/*	A kernel-based advisory locking method for local files only.
++/*	This locking method is available on systems with a BSD
++/*	compatible library.
++/* .IP \fBfcntl\fR
++/*	A kernel-based advisory locking method for local and remote files.
++/* .IP \fBdotlock\fR
++/*	An application-level locking method. An application locks a file
++/*	named \fIfilename\fR by creating a file named \fIfilename\fB.lock\fR.
++/*	The application is expected to remove its own lock file, as well as
++/*	stale lock files that were left behind after abnormal termination.
++/* .RE
++/* .IP \fB-m\fR
++/*	List the names of all supported lookup table types. In Postfix
++/*	configuration files,
++/*	lookup tables are specified as \fItype\fB:\fIname\fR, where
++/*	\fItype\fR is one of the types listed below. The table \fIname\fR
++/*	syntax depends on the lookup table type as described in the
++/*	DATABASE_README document.
++/* .RS
++/* .IP \fBbtree\fR
++/*	A sorted, balanced tree structure.
++/*	This is available on systems with support for Berkeley DB
++/*	databases.
++/* .IP \fBcdb\fR
++/*	A read-optimized structure with no support for incremental updates.
++/*	This is available on systems with support for CDB databases.
++/* .IP \fBcidr\fR
++/*	A table that associates values with Classless Inter-Domain Routing
++/*	(CIDR) patterns. This is described in \fBcidr_table\fR(5).
++/* .IP \fBdbm\fR
++/*	An indexed file type based on hashing.
++/*	This is available on systems with support for DBM databases.
++/* .IP \fBenviron\fR
++/*	The UNIX process environment array. The lookup key is the variable
++/*	name. Originally implemented for testing, someone may find this
++/*	useful someday.
++/* .IP \fBhash\fR
++/*	An indexed file type based on hashing.
++/*	This is available on systems with support for Berkeley DB
++/*	databases.
++/* .IP "\fBldap\fR (read-only)"
++/*	Perform lookups using the LDAP protocol. This is described
++/*	in \fBldap_table\fR(5).
++/* .IP "\fBmysql\fR (read-only)"
++/*	Perform lookups using the MYSQL protocol. This is described
++/*	in \fBmysql_table\fR(5).
++/* .IP "\fBpcre\fR (read-only)"
++/*	A lookup table based on Perl Compatible Regular Expressions. The
++/*	file format is described in \fBpcre_table\fR(5).
++/* .IP "\fBpgsql\fR (read-only)"
++/*	Perform lookups using the PostgreSQL protocol. This is described
++/*	in \fBpgsql_table\fR(5).
++/* .IP "\fBproxy\fR (read-only)"
++/*	A lookup table that is implemented via the Postfix
++/*	\fBproxymap\fR(8) service. The table name syntax is
++/*	\fItype\fB:\fIname\fR.
++/* .IP "\fBregexp\fR (read-only)"
++/*	A lookup table based on regular expressions. The file format is
++/*	described in \fBregexp_table\fR(5).
++/* .IP \fBsdbm\fR
++/*	An indexed file type based on hashing.
++/*	This is available on systems with support for SDBM databases.
++/* .IP "\fBstatic\fR (read-only)"
++/*	A table that always returns its name as lookup result. For example,
++/*	\fBstatic:foobar\fR always returns the string \fBfoobar\fR as lookup
++/*	result.
++/* .IP "\fBtcp\fR (read-only)"
++/*	Perform lookups using a simple request-reply protocol that is
++/*	described in \fBtcp_table\fR(5).
++/*	This feature is not included with the stable Postfix release.
++/* .IP "\fBunix\fR (read-only)"
++/*	A limited way to query the UNIX authentication database. The
++/*	following tables are implemented:
++/* .RS
++/*. IP \fBunix:passwd.byname\fR
++/*	The table is the UNIX password database. The key is a login name.
++/*	The result is a password file entry in \fBpasswd\fR(5) format.
++/* .IP \fBunix:group.byname\fR
++/*	The table is the UNIX group database. The key is a group name.
++/*	The result is a group file entry in \fBgroup\fR(5) format.
++/* .RE
++/* .RE
++/* .IP
++/*	Other table types may exist depending on how Postfix was built.
++/* .IP \fB-n\fR
++/*	Print parameter settings that are not left at their built-in
++/*	default value, because they are explicitly specified in main.cf.
++/* .IP "\fB-t\fR [\fItemplate_file\fR]"
++/*	Display the templates for delivery status notification (DSN)
++/*	messages. To override the built-in templates, specify a
++/*	template file at the end of the command line, or specify a
++/*	template file in main.cf with the \fBbounce_template_file\fR
++/*	parameter.  To force selection of the built-in templates,
++/*	specify an empty template file name (in shell language:
++/*	"").
++/*
++/*	This feature is available with Postfix 2.3 and later.
++/* .IP \fB-v\fR
++/*	Enable verbose logging for debugging purposes. Multiple \fB-v\fR
++/*	options make the software increasingly verbose.
++/* .IP \fB-#\fR
++/*	Edit the \fBmain.cf\fR configuration file. The file is copied
++/*	to a temporary file then renamed into place. The parameters
++/*	specified on the command line are commented-out, so that they
++/*	revert to their default values. Specify a list of parameter
++/*	names, not name=value pairs.  There is no \fBpostconf\fR command
++/*	to perform the reverse operation.
++/*
++/*	This feature is available with Postfix 2.6 and later.
++/* DIAGNOSTICS
++/*	Problems are reported to the standard error stream.
++/* ENVIRONMENT
++/* .ad
++/* .fi
++/* .IP \fBMAIL_CONFIG\fR
++/*	Directory with Postfix configuration files.
++/* CONFIGURATION PARAMETERS
++/* .ad
++/* .fi
++/*	The following \fBmain.cf\fR parameters are especially relevant to
++/*	this program.
++/*
++/*	The text below provides only a parameter summary. See
++/*	\fBpostconf\fR(5) for more details including examples.
++/* .IP "\fBconfig_directory (see 'postconf -d' output)\fR"
++/*	The default location of the Postfix main.cf and master.cf
++/*	configuration files.
++/* .IP "\fBbounce_template_file (empty)\fR"
++/*	Pathname of a configuration file with bounce message templates.
++/* FILES
++/*	/etc/postfix/main.cf, Postfix configuration parameters
++/* SEE ALSO
++/*	bounce(5), bounce template file format
++/*	postconf(5), configuration parameters
++/* README FILES
++/* .ad
++/* .fi
++/*	Use "\fBpostconf readme_directory\fR" or
++/*	"\fBpostconf html_directory\fR" to locate this information.
++/* .na
++/* .nf
++/*	DATABASE_README, Postfix lookup table overview
++/* LICENSE
++/* .ad
++/* .fi
++/*	The Secure Mailer license must be distributed with this software.
++/* AUTHOR(S)
++/*	Wietse Venema
++/*	IBM T.J. Watson Research
++/*	P.O. Box 704
++/*	Yorktown Heights, NY 10598, USA
++/*--*/
++
++/* System library. */
++
++#include <sys_defs.h>
++#include <sys/stat.h>
++#include <stdio.h>			/* rename() */
++#include <pwd.h>
++#include <string.h>
++#include <stdlib.h>
++#include <unistd.h>
++#include <ctype.h>
++
++#ifdef USE_PATHS_H
++#include <paths.h>
++#endif
++
++/* Utility library. */
++
++#include <msg.h>
++#include <vstream.h>
++#include <msg_vstream.h>
++#include <get_hostname.h>
++#include <stringops.h>
++#include <htable.h>
++#include <dict.h>
++#include <safe.h>
++#include <mymalloc.h>
++#include <argv.h>
++#include <split_at.h>
++#include <vstring_vstream.h>
++#include <myflock.h>
++#include <inet_proto.h>
++#include <argv.h>
++#include <edit_file.h>
++
++/* Global library. */
++
++#include <mynetworks.h>
++#include <mail_conf.h>
++#include <mail_dict.h>
++#include <mail_proto.h>
++#include <mail_version.h>
++#include <mail_params.h>
++#include <mail_addr.h>
++#include <mbox_conf.h>
++#include <mail_run.h>
++
++/* XSASL library. */
++
++#include <xsasl.h>
++
++ /*
++  * What we're supposed to be doing.
++  */
++#define SHOW_NONDEF	(1<<0)		/* show non-default settings */
++#define SHOW_DEFS	(1<<1)		/* show default setting */
++#define SHOW_NAME	(1<<2)		/* show parameter name */
++#define SHOW_MAPS	(1<<3)		/* show map types */
++#define EDIT_MAIN	(1<<4)		/* edit main.cf */
++#define SHOW_LOCKS	(1<<5)		/* show mailbox lock methods */
++#define SHOW_EVAL	(1<<6)		/* expand right-hand sides */
++#define SHOW_SASL_SERV	(1<<7)		/* show server auth plugin types */
++#define SHOW_SASL_CLNT	(1<<8)		/* show client auth plugin types */
++#define COMMENT_OUT	(1<<9)		/* #-out selected main.cf entries */
++
++ /*
++  * Lookup table for in-core parameter info.
++  */
++HTABLE *param_table;
++
++ /*
++  * Lookup table for external parameter info.
++  */
++DICT   *text_table;
++
++ /*
++  * Declarations generated by scanning actual C source files.
++  */
++#include "time_vars.h"
++#include "bool_vars.h"
++#include "int_vars.h"
++#include "str_vars.h"
++#include "raw_vars.h"
++#include "nint_vars.h"
++
++ /*
++  * Manually extracted.
++  */
++#include "auto_vars.h"
++#include "install_vars.h"
++
++ /*
++  * Lookup tables generated by scanning actual C source files.
++  */
++static const CONFIG_TIME_TABLE time_table[] = {
++#include "time_table.h"
++    0,
++};
++
++static const CONFIG_BOOL_TABLE bool_table[] = {
++#include "bool_table.h"
++    0,
++};
++
++static const CONFIG_INT_TABLE int_table[] = {
++#include "int_table.h"
++    0,
++};
++
++static const CONFIG_STR_TABLE str_table[] = {
++#include "str_table.h"
++#include "auto_table.h"			/* XXX */
++#include "install_table.h"
++    0,
++};
++
++static const CONFIG_RAW_TABLE raw_table[] = {
++#include "raw_table.h"
++    0,
++};
++
++static const CONFIG_NINT_TABLE nint_table[] = {
++#include "nint_table.h"
++    0,
++};
++
++ /*
++  * Parameters with default values obtained via function calls.
++  */
++char   *var_myhostname;
++char   *var_mydomain;
++char   *var_mynetworks;
++
++static const char *check_myhostname(void);
++static const char *check_mydomainname(void);
++static const char *check_mynetworks(void);
++
++static const CONFIG_STR_FN_TABLE str_fn_table[] = {
++    VAR_MYHOSTNAME, check_myhostname, &var_myhostname, 1, 0,
++    VAR_MYDOMAIN, check_mydomainname, &var_mydomain, 1, 0,
++    0,
++};
++static const CONFIG_STR_FN_TABLE str_fn_table_2[] = {
++    VAR_MYNETWORKS, check_mynetworks, &var_mynetworks, 1, 0,
++    0,
++};
++
++ /*
++  * XXX Global so that call-backs can see it.
++  */
++static int cmd_mode = SHOW_NAME;
++
++/* check_myhostname - lookup hostname and validate */
++
++static const char *check_myhostname(void)
++{
++    static const char *name;
++    const char *dot;
++    const char *domain;
++
++    /*
++     * Use cached result.
++     */
++    if (name)
++	return (name);
++
++    /*
++     * If the local machine name is not in FQDN form, try to append the
++     * contents of $mydomain.
++     */
++    name = get_hostname();
++    if ((dot = strchr(name, '.')) == 0) {
++	if ((domain = mail_conf_lookup_eval(VAR_MYDOMAIN)) == 0)
++	    domain = DEF_MYDOMAIN;
++	name = concatenate(name, ".", domain, (char *) 0);
++    }
++    return (name);
++}
++
++/* get_myhostname - look up and store my hostname */
++
++static void get_myhostname(void)
++{
++    const char *name;
++
++    if ((name = mail_conf_lookup_eval(VAR_MYHOSTNAME)) == 0)
++	name = check_myhostname();
++    var_myhostname = mystrdup(name);
++}
++
++/* check_mydomainname - lookup domain name and validate */
++
++static const char *check_mydomainname(void)
++{
++    char   *dot;
++
++    /*
++     * Use the hostname when it is not a FQDN ("foo"), or when the hostname
++     * actually is a domain name ("foo.com").
++     */
++    if (var_myhostname == 0)
++	get_myhostname();
++    if ((dot = strchr(var_myhostname, '.')) == 0 || strchr(dot + 1, '.') == 0)
++	return (DEF_MYDOMAIN);
++    return (dot + 1);
++}
++
++/* check_mynetworks - lookup network address list */
++
++static const char *check_mynetworks(void)
++{
++    INET_PROTO_INFO *proto_info;
++    const char *junk;
++
++    if (var_inet_interfaces == 0) {
++	if ((cmd_mode & SHOW_DEFS)
++	    || (junk = mail_conf_lookup_eval(VAR_INET_INTERFACES)) == 0)
++	    junk = DEF_INET_INTERFACES;
++	var_inet_interfaces = mystrdup(junk);
++    }
++    if (var_mynetworks_style == 0) {
++	if ((cmd_mode & SHOW_DEFS)
++	    || (junk = mail_conf_lookup_eval(VAR_MYNETWORKS_STYLE)) == 0)
++	    junk = DEF_MYNETWORKS_STYLE;
++	var_mynetworks_style = mystrdup(junk);
++    }
++    if (var_inet_protocols == 0) {
++	if ((cmd_mode & SHOW_DEFS)
++	    || (junk = mail_conf_lookup_eval(VAR_INET_PROTOCOLS)) == 0)
++	    junk = DEF_INET_PROTOCOLS;
++	var_inet_protocols = mystrdup(junk);
++	proto_info = inet_proto_init(VAR_INET_PROTOCOLS, var_inet_protocols);
++    }
++    return (mynetworks());
++}
++
++/* edit_parameters - edit parameter file */
++
++static void edit_parameters(int cmd_mode, int argc, char **argv)
++{
++    char   *config_dir;
++    char   *path;
++    EDIT_FILE *ep;
++    VSTREAM *src;
++    VSTREAM *dst;
++    VSTRING *buf = vstring_alloc(100);
++    VSTRING *key = vstring_alloc(10);
++    char   *cp;
++    char   *edit_key;
++    char   *edit_val;
++    HTABLE *table;
++    struct cvalue {
++	char   *value;
++	int     found;
++    };
++    struct cvalue *cvalue;
++    HTABLE_INFO **ht_info;
++    HTABLE_INFO **ht;
++    int     interesting;
++    const char *err;
++
++    /*
++     * Store command-line parameters for quick lookup.
++     */
++    table = htable_create(argc);
++    while ((cp = *argv++) != 0) {
++	if (strchr(cp, '\n') != 0)
++	    msg_fatal("-e or -# accepts no multi-line input");
++	while (ISSPACE(*cp))
++	    cp++;
++	if (*cp == '#')
++	    msg_fatal("-e or -# accepts no comment input");
++	if (cmd_mode & EDIT_MAIN) {
++	    if ((err = split_nameval(cp, &edit_key, &edit_val)) != 0)
++		msg_fatal("%s: \"%s\"", err, cp);
++	} else if (cmd_mode & COMMENT_OUT) {
++	    if (*cp == 0)
++		msg_fatal("-# requires non-blank parameter names");
++	    if (strchr(cp, '=') != 0)
++		msg_fatal("-# requires parameter names only");
++	    edit_key = mystrdup(cp);
++	    trimblanks(edit_key, 0);
++	    edit_val = 0;
++	} else {
++	    msg_panic("edit_parameters: unknown mode %d", cmd_mode);
++	}
++	cvalue = (struct cvalue *) mymalloc(sizeof(*cvalue));
++	cvalue->value = edit_val;
++	cvalue->found = 0;
++	htable_enter(table, edit_key, (char *) cvalue);
++    }
++
++    /*
++     * XXX Avoid code duplication by better code decomposition.
++     */
++    if (var_config_dir)
++	myfree(var_config_dir);
++    var_config_dir = mystrdup((config_dir = safe_getenv(CONF_ENV_PATH)) != 0 ?
++			      config_dir : DEF_CONFIG_DIR);	/* XXX */
++    set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);
++
++    /*
++     * Open a temp file for the result. This uses a deterministic name so we
++     * don't leave behind thrash with random names.
++     */
++    path = concatenate(var_config_dir, "/", "main.cf", (char *) 0);
++    if ((ep = edit_file_open(path, O_CREAT | O_WRONLY, 0644)) == 0)
++	msg_fatal("open %s%s: %m", path, EDIT_FILE_SUFFIX);
++    dst = ep->tmp_fp;
++
++    /*
++     * Open the original file for input.
++     */
++    if ((src = vstream_fopen(path, O_RDONLY, 0)) == 0) {
++	/* OK to delete, since we control the temp file name exclusively. */
++	(void) unlink(ep->tmp_path);
++	msg_fatal("open %s for reading: %m", path);
++    }
++
++    /*
++     * Copy original file to temp file, while replacing parameters on the
++     * fly. Issue warnings for names found multiple times.
++     */
++#define STR(x) vstring_str(x)
++
++    interesting = 0;
++    while (vstring_get(buf, src) != VSTREAM_EOF) {
++	for (cp = STR(buf); ISSPACE(*cp) /* including newline */ ; cp++)
++	     /* void */ ;
++	/* Copy comment, all-whitespace, or empty line. */
++	if (*cp == '#' || *cp == 0) {
++	    vstream_fputs(STR(buf), dst);
++	}
++	/* Copy, skip or replace continued text. */
++	else if (cp > STR(buf)) {
++	    if (interesting == 0)
++		vstream_fputs(STR(buf), dst);
++	    else if (cmd_mode & COMMENT_OUT)
++		vstream_fprintf(dst, "#%s", STR(buf));
++	}
++	/* Copy or replace start of logical line. */
++	else {
++	    vstring_strncpy(key, cp, strcspn(cp, " \t\r\n="));
++	    cvalue = (struct cvalue *) htable_find(table, STR(key));
++	    if ((interesting = !!cvalue) != 0) {
++		if (cvalue->found++ == 1)
++		    msg_warn("%s: multiple entries for \"%s\"", path, STR(key));
++		if (cmd_mode & EDIT_MAIN)
++		    vstream_fprintf(dst, "%s = %s\n", STR(key), cvalue->value);
++		else if (cmd_mode & COMMENT_OUT)
++		    vstream_fprintf(dst, "#%s", cp);
++		else
++		    msg_panic("edit_parameters: unknown mode %d", cmd_mode);
++	    } else {
++		vstream_fputs(STR(buf), dst);
++	    }
++	}
++    }
++
++    /*
++     * Generate new entries for parameters that were not found.
++     */
++    if (cmd_mode & EDIT_MAIN) {
++	for (ht_info = ht = htable_list(table); *ht; ht++) {
++	    cvalue = (struct cvalue *) ht[0]->value;
++	    if (cvalue->found == 0)
++		vstream_fprintf(dst, "%s = %s\n", ht[0]->key, cvalue->value);
++	}
++	myfree((char *) ht_info);
++    }
++
++    /*
++     * When all is well, rename the temp file to the original one.
++     */
++    if (vstream_fclose(src))
++	msg_fatal("read %s: %m", path);
++    if (edit_file_close(ep) != 0)
++	msg_fatal("close %s%s: %m", path, EDIT_FILE_SUFFIX);
++
++    /*
++     * Cleanup.
++     */
++    myfree(path);
++    vstring_free(buf);
++    vstring_free(key);
++    htable_free(table, myfree);
++}
++
++/* read_parameters - read parameter info from file */
++
++static void read_parameters(void)
++{
++    char   *config_dir;
++    char   *path;
++
++    /*
++     * A direct rip-off of mail_conf_read(). XXX Avoid code duplication by
++     * better code decomposition.
++     */
++    dict_unknown_allowed = 1;
++    if (var_config_dir)
++	myfree(var_config_dir);
++    var_config_dir = mystrdup((config_dir = safe_getenv(CONF_ENV_PATH)) != 0 ?
++			      config_dir : DEF_CONFIG_DIR);	/* XXX */
++    set_mail_conf_str(VAR_CONFIG_DIR, var_config_dir);
++    path = concatenate(var_config_dir, "/", "main.cf", (char *) 0);
++    dict_load_file(CONFIG_DICT, path);
++    myfree(path);
++}
++
++/* set_parameters - set parameter values from default or explicit setting */
++
++static void set_parameters(void)
++{
++
++    /*
++     * Populate the configuration parameter dictionary with default settings
++     * or with actual settings.
++     * 
++     * Iterate over each entry in str_fn_table, str_fn_table_2, time_table,
++     * bool_table, int_table, str_table, and raw_table. Look up each
++     * parameter name in the configuration parameter dictionary. If the
++     * parameter is not set, take the default value, or take the value from
++     * main.cf, without doing $name expansions. This includes converting
++     * default values from numeric/boolean internal forms to external string
++     * form.
++     * 
++     * Once the configuration parameter dictionary is populated, printing a
++     * parameter setting is a matter of querying the configuration parameter
++     * dictionary, optionally expanding of $name values, and printing the
++     * result.
++     */
++}
++
++/* hash_parameters - hash all parameter names so we can find and sort them */
++
++static void hash_parameters(void)
++{
++    const CONFIG_TIME_TABLE *ctt;
++    const CONFIG_BOOL_TABLE *cbt;
++    const CONFIG_INT_TABLE *cit;
++    const CONFIG_STR_TABLE *cst;
++    const CONFIG_STR_FN_TABLE *csft;
++    const CONFIG_RAW_TABLE *rst;
++    const CONFIG_NINT_TABLE *nst;
++
++    param_table = htable_create(100);
++
++    for (ctt = time_table; ctt->name; ctt++)
++	htable_enter(param_table, ctt->name, (char *) ctt);
++    for (cbt = bool_table; cbt->name; cbt++)
++	htable_enter(param_table, cbt->name, (char *) cbt);
++    for (cit = int_table; cit->name; cit++)
++	htable_enter(param_table, cit->name, (char *) cit);
++    for (cst = str_table; cst->name; cst++)
++	htable_enter(param_table, cst->name, (char *) cst);
++    for (csft = str_fn_table; csft->name; csft++)
++	htable_enter(param_table, csft->name, (char *) csft);
++    for (csft = str_fn_table_2; csft->name; csft++)
++	htable_enter(param_table, csft->name, (char *) csft);
++    for (rst = raw_table; rst->name; rst++)
++	htable_enter(param_table, rst->name, (char *) rst);
++    for (nst = nint_table; nst->name; nst++)
++	htable_enter(param_table, nst->name, (char *) nst);
++}
++
++/* show_strval - show string-valued parameter */
++
++static void show_strval(int mode, const char *name, const char *value)
++{
++    if (mode & SHOW_EVAL)
++	value = mail_conf_eval(value);
++
++    if (mode & SHOW_NAME) {
++	vstream_printf("%s = %s\n", name, value);
++    } else {
++	vstream_printf("%s\n", value);
++    }
++}
++
++/* show_intval - show integer-valued parameter */
++
++static void show_intval(int mode, const char *name, int value)
++{
++    if (mode & SHOW_NAME) {
++	vstream_printf("%s = %d\n", name, value);
++    } else {
++	vstream_printf("%d\n", value);
++    }
++}
++
++/* print_bool - print boolean parameter */
++
++static void print_bool(int mode, CONFIG_BOOL_TABLE *cbt)
++{
++    const char *value;
++
++    if (mode & SHOW_DEFS) {
++	show_strval(mode, cbt->name, cbt->defval ? "yes" : "no");
++    } else {
++	value = dict_lookup(CONFIG_DICT, cbt->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_strval(mode, cbt->name, cbt->defval ? "yes" : "no");
++	    } else {
++		show_strval(mode, cbt->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, cbt->name, value);
++	}
++    }
++}
++
++/* print_time - print relative time parameter */
++
++static void print_time(int mode, CONFIG_TIME_TABLE *ctt)
++{
++    const char *value;
++
++    if (mode & SHOW_DEFS) {
++	show_strval(mode, ctt->name, ctt->defval);
++    } else {
++	value = dict_lookup(CONFIG_DICT, ctt->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_strval(mode, ctt->name, ctt->defval);
++	    } else {
++		show_strval(mode, ctt->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, ctt->name, value);
++	}
++    }
++}
++
++/* print_int - print integer parameter */
++
++static void print_int(int mode, CONFIG_INT_TABLE *cit)
++{
++    const char *value;
++
++    if (mode & SHOW_DEFS) {
++	show_intval(mode, cit->name, cit->defval);
++    } else {
++	value = dict_lookup(CONFIG_DICT, cit->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_intval(mode, cit->name, cit->defval);
++	    } else {
++		show_strval(mode, cit->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, cit->name, value);
++	}
++    }
++}
++
++/* print_str - print string parameter */
++
++static void print_str(int mode, CONFIG_STR_TABLE *cst)
++{
++    const char *value;
++
++    if (mode & SHOW_DEFS) {
++	show_strval(mode, cst->name, cst->defval);
++    } else {
++	value = dict_lookup(CONFIG_DICT, cst->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_strval(mode, cst->name, cst->defval);
++	    } else {
++		show_strval(mode, cst->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, cst->name, value);
++	}
++    }
++}
++
++/* print_str_fn - print string-function parameter */
++
++static void print_str_fn(int mode, CONFIG_STR_FN_TABLE *csft)
++{
++    const char *value;
++
++    if (mode & SHOW_DEFS) {
++	show_strval(mode, csft->name, csft->defval());
++    } else {
++	value = dict_lookup(CONFIG_DICT, csft->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_strval(mode, csft->name, csft->defval());
++	    } else {
++		show_strval(mode, csft->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, csft->name, value);
++	}
++    }
++}
++
++/* print_str_fn_2 - print string-function parameter */
++
++static void print_str_fn_2(int mode, CONFIG_STR_FN_TABLE *csft)
++{
++    const char *value;
++
++    if (mode & SHOW_DEFS) {
++	show_strval(mode, csft->name, csft->defval());
++    } else {
++	value = dict_lookup(CONFIG_DICT, csft->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_strval(mode, csft->name, csft->defval());
++	    } else {
++		show_strval(mode, csft->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, csft->name, value);
++	}
++    }
++}
++
++/* print_raw - print raw string parameter */
++
++static void print_raw(int mode, CONFIG_RAW_TABLE * rst)
++{
++    const char *value;
++
++    if (mode & SHOW_EVAL)
++	msg_warn("parameter %s expands at run-time", rst->name);
++    mode &= ~SHOW_EVAL;
++
++    if (mode & SHOW_DEFS) {
++	show_strval(mode, rst->name, rst->defval);
++    } else {
++	value = dict_lookup(CONFIG_DICT, rst->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_strval(mode, rst->name, rst->defval);
++	    } else {
++		show_strval(mode, rst->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, rst->name, value);
++	}
++    }
++}
++
++/* print_nint - print new integer parameter */
++
++static void print_nint(int mode, CONFIG_NINT_TABLE * rst)
++{
++    const char *value;
++
++    if (mode & SHOW_EVAL)
++	msg_warn("parameter %s expands at run-time", rst->name);
++    mode &= ~SHOW_EVAL;
++
++    if (mode & SHOW_DEFS) {
++	show_strval(mode, rst->name, rst->defval);
++    } else {
++	value = dict_lookup(CONFIG_DICT, rst->name);
++	if ((mode & SHOW_NONDEF) == 0) {
++	    if (value == 0) {
++		show_strval(mode, rst->name, rst->defval);
++	    } else {
++		show_strval(mode, rst->name, value);
++	    }
++	} else {
++	    if (value != 0)
++		show_strval(mode, rst->name, value);
++	}
++    }
++}
++
++/* print_parameter - show specific parameter */
++
++static void print_parameter(int mode, char *ptr)
++{
++
++#define INSIDE(p,t) (ptr >= (char *) t && ptr < ((char *) t) + sizeof(t))
++
++    /*
++     * This is gross, but the best we can do on short notice.
++     */
++    if (INSIDE(ptr, time_table))
++	print_time(mode, (CONFIG_TIME_TABLE *) ptr);
++    if (INSIDE(ptr, bool_table))
++	print_bool(mode, (CONFIG_BOOL_TABLE *) ptr);
++    if (INSIDE(ptr, int_table))
++	print_int(mode, (CONFIG_INT_TABLE *) ptr);
++    if (INSIDE(ptr, str_table))
++	print_str(mode, (CONFIG_STR_TABLE *) ptr);
++    if (INSIDE(ptr, str_fn_table))
++	print_str_fn(mode, (CONFIG_STR_FN_TABLE *) ptr);
++    if (INSIDE(ptr, str_fn_table_2))
++	print_str_fn_2(mode, (CONFIG_STR_FN_TABLE *) ptr);
++    if (INSIDE(ptr, raw_table))
++	print_raw(mode, (CONFIG_RAW_TABLE *) ptr);
++    if (INSIDE(ptr, nint_table))
++	print_nint(mode, (CONFIG_NINT_TABLE *) ptr);
++    if (msg_verbose)
++	vstream_fflush(VSTREAM_OUT);
++}
++
++/* comp_names - qsort helper */
++
++static int comp_names(const void *a, const void *b)
++{
++    HTABLE_INFO **ap = (HTABLE_INFO **) a;
++    HTABLE_INFO **bp = (HTABLE_INFO **) b;
++
++    return (strcmp(ap[0]->key, bp[0]->key));
++}
++
++/* show_maps - show available maps */
++
++static void show_maps(void)
++{
++    ARGV   *maps_argv;
++    int     i;
++
++    maps_argv = dict_mapnames();
++    for (i = 0; i < maps_argv->argc; i++)
++	vstream_printf("%s\n", maps_argv->argv[i]);
++    argv_free(maps_argv);
++}
++
++/* show_locks - show available mailbox locking methods */
++
++static void show_locks(void)
++{
++    ARGV   *locks_argv;
++    int     i;
++
++    locks_argv = mbox_lock_names();
++    for (i = 0; i < locks_argv->argc; i++)
++	vstream_printf("%s\n", locks_argv->argv[i]);
++    argv_free(locks_argv);
++}
++
++/* show_sasl - show SASL plug-in types */
++
++static void show_sasl(int what)
++{
++    ARGV   *sasl_argv;
++    int     i;
++
++    sasl_argv = (what & SHOW_SASL_SERV) ? xsasl_server_types() :
++	xsasl_client_types();
++    for (i = 0; i < sasl_argv->argc; i++)
++	vstream_printf("%s\n", sasl_argv->argv[i]);
++    argv_free(sasl_argv);
++}
++
++/* show_parameters - show parameter info */
++
++static void show_parameters(int mode, char **names)
++{
++    HTABLE_INFO **list;
++    HTABLE_INFO **ht;
++    char  **namep;
++    char   *value;
++
++    /*
++     * Show all parameters.
++     */
++    if (*names == 0) {
++	list = htable_list(param_table);
++	qsort((char *) list, param_table->used, sizeof(*list), comp_names);
++	for (ht = list; *ht; ht++)
++	    print_parameter(mode, ht[0]->value);
++	myfree((char *) list);
++	return;
++    }
++
++    /*
++     * Show named parameters.
++     */
++    for (namep = names; *namep; namep++) {
++	if ((value = htable_find(param_table, *namep)) == 0) {
++	    msg_warn("%s: unknown parameter", *namep);
++	} else {
++	    print_parameter(mode, value);
++	}
++    }
++}
++
++MAIL_VERSION_STAMP_DECLARE;
++
++/* main */
++
++int     main(int argc, char **argv)
++{
++    int     ch;
++    int     fd;
++    struct stat st;
++    int     junk;
++    ARGV   *ext_argv = 0;
++
++    /*
++     * Fingerprint executables and core dumps.
++     */
++    MAIL_VERSION_STAMP_ALLOCATE;
++
++    /*
++     * Be consistent with file permissions.
++     */
++    umask(022);
++
++    /*
++     * To minimize confusion, make sure that the standard file descriptors
++     * are open before opening anything else. XXX Work around for 44BSD where
++     * fstat can return EBADF on an open file descriptor.
++     */
++    for (fd = 0; fd < 3; fd++)
++	if (fstat(fd, &st) == -1
++	    && (close(fd), open("/dev/null", O_RDWR, 0)) != fd)
++	    msg_fatal("open /dev/null: %m");
++
++    /*
++     * Set up logging.
++     */
++    msg_vstream_init(argv[0], VSTREAM_ERR);
++
++    /*
++     * Parse JCL.
++     */
++    while ((ch = GETOPT(argc, argv, "aAbc:deE#hmlntv")) > 0) {
++	switch (ch) {
++	case 'a':
++	    cmd_mode |= SHOW_SASL_SERV;
++	    break;
++	case 'A':
++	    cmd_mode |= SHOW_SASL_CLNT;
++	    break;
++	case 'b':
++	    if (ext_argv)
++		msg_fatal("specify one of -b and -t");
++	    ext_argv = argv_alloc(2);
++	    argv_add(ext_argv, "bounce", "-SVnexpand_templates", (char *) 0);
++	    break;
++	case 'c':
++	    if (setenv(CONF_ENV_PATH, optarg, 1) < 0)
++		msg_fatal("out of memory");
++	    break;
++	case 'd':
++	    cmd_mode |= SHOW_DEFS;
++	    break;
++	case 'e':
++	    cmd_mode |= EDIT_MAIN;
++	    break;
++
++	    /*
++	     * People, this does not work unless you properly handle default
++	     * settings. For example, fast_flush_domains = $relay_domains
++	     * must not evaluate to the empty string when relay_domains is
++	     * left at its default setting of $mydestination.
++	     */
++#if 0
++	case 'E':
++	    cmd_mode |= SHOW_EVAL;
++	    break;
++#endif
++	case '#':
++	    cmd_mode = COMMENT_OUT;
++	    break;
++
++	case 'h':
++	    cmd_mode &= ~SHOW_NAME;
++	    break;
++	case 'l':
++	    cmd_mode |= SHOW_LOCKS;
++	    break;
++	case 'm':
++	    cmd_mode |= SHOW_MAPS;
++	    break;
++	case 'n':
++	    cmd_mode |= SHOW_NONDEF;
++	    break;
++	case 't':
++	    if (ext_argv)
++		msg_fatal("specify one of -b and -t");
++	    ext_argv = argv_alloc(2);
++	    argv_add(ext_argv, "bounce", "-SVndump_templates", (char *) 0);
++	    break;
++	case 'v':
++	    msg_verbose++;
++	    break;
++	default:
++	    msg_fatal("usage: %s [-a (server SASL types)] [-A (client SASL types)] [-b (bounce templates)] [-c config_dir] [-d (defaults)] [-e (edit)] [-# (comment-out)] [-h (no names)] [-l (lock types)] [-m (map types)] [-n (non-defaults)] [-v] [name...]", argv[0]);
++	}
++    }
++
++    /*
++     * Sanity check.
++     */
++    junk = (cmd_mode & (SHOW_DEFS | SHOW_NONDEF | SHOW_MAPS | SHOW_LOCKS | EDIT_MAIN | SHOW_SASL_SERV | SHOW_SASL_CLNT | COMMENT_OUT));
++    if (junk != 0 && ((junk != SHOW_DEFS && junk != SHOW_NONDEF
++	     && junk != SHOW_MAPS && junk != SHOW_LOCKS && junk != EDIT_MAIN
++		       && junk != SHOW_SASL_SERV && junk != SHOW_SASL_CLNT
++		       && junk != COMMENT_OUT)
++		      || ext_argv != 0))
++	msg_fatal("specify one of -a, -A, -b, -d, -e, -#, -m, -l and -n");
++
++    /*
++     * Display bounce template information and exit.
++     */
++    if (ext_argv) {
++	if (argv[optind]) {
++	    if (argv[optind + 1])
++		msg_fatal("options -b and -t require at most one template file");
++	    argv_add(ext_argv, "-o",
++		     concatenate(VAR_BOUNCE_TMPL, "=",
++				 argv[optind], (char *) 0),
++		     (char *) 0);
++	}
++	/* Grr... */
++	argv_add(ext_argv, "-o",
++		 concatenate(VAR_QUEUE_DIR, "=", ".", (char *) 0),
++		 (char *) 0);
++	mail_conf_read();
++	mail_run_replace(var_daemon_dir, ext_argv->argv);
++	/* NOTREACHED */
++    }
++
++    /*
++     * If showing map types, show them and exit
++     */
++    if (cmd_mode & SHOW_MAPS) {
++	mail_dict_init();
++	show_maps();
++    }
++
++    /*
++     * If showing locking methods, show them and exit
++     */
++    else if (cmd_mode & SHOW_LOCKS) {
++	show_locks();
++    }
++
++    /*
++     * If showing SASL plug-in types, show them and exit
++     */
++    else if (cmd_mode & SHOW_SASL_SERV) {
++	show_sasl(SHOW_SASL_SERV);
++    } else if (cmd_mode & SHOW_SASL_CLNT) {
++	show_sasl(SHOW_SASL_CLNT);
++    }
++
++    /*
++     * Edit main.cf.
++     */
++    else if (cmd_mode & (EDIT_MAIN | COMMENT_OUT)) {
++	edit_parameters(cmd_mode, argc - optind, argv + optind);
++    }
++
++    /*
++     * If showing non-default values, read main.cf.
++     */
++    else {
++	if ((cmd_mode & SHOW_DEFS) == 0) {
++	    read_parameters();
++	    set_parameters();
++	}
++
++	/*
++	 * Throw together all parameters and show the asked values.
++	 */
++	hash_parameters();
++	show_parameters(cmd_mode, argv + optind);
++    }
++    vstream_fflush(VSTREAM_OUT);
++    exit(0);
++}
+diff -ruN a/src/postmap/postmap.c b/src/postmap/postmap.c
+--- a/src/postmap/postmap.c	2009-06-01 12:27:45.000000000 +0000
++++ b/src/postmap/postmap.c	2009-06-01 13:08:26.000000000 +0000
+@@ -5,7 +5,7 @@
+ /*	Postfix lookup table management
+ /* SYNOPSIS
+ /* .fi
+-/*	\fBpostmap\fR [\fB-Nbfhimnoprsvw\fR] [\fB-c \fIconfig_dir\fR]
++/*	\fBpostmap\fR [\fB-Nbfhimnoprsuvw\fR] [\fB-c \fIconfig_dir\fR]
+ /*	[\fB-d \fIkey\fR] [\fB-q \fIkey\fR]
+ /*		[\fIfile_type\fR:]\fIfile_name\fR ...
+ /* DESCRIPTION
+@@ -151,6 +151,8 @@
+ /* .sp
+ /*	This feature is available in Postfix version 2.2 and later,
+ /*	and is not available for all database types.
++/* .IP \fB-u\fR
++/*     Upgrade the database to the current version.
+ /* .IP \fB-v\fR
+ /*	Enable verbose logging for debugging purposes. Multiple \fB-v\fR
+ /*	options make the software increasingly verbose.
+@@ -723,6 +725,18 @@
+     dict_close(dict);
+ }
+ 
++/* postmap_upgrade - upgrade a map */
++
++static int postmap_upgrade(const char *map_type, const char *map_name)
++{
++    DICT   *dict;
++
++    dict = dict_open3(map_type, map_name, O_RDWR,
++                       DICT_FLAG_LOCK|DICT_FLAG_UPGRADE);
++    dict_close(dict);
++    return (dict != 0);
++}
++
+ /* usage - explain */
+ 
+ static NORETURN usage(char *myname)
+@@ -743,6 +757,7 @@
+     int     postmap_flags = POSTMAP_FLAG_AS_OWNER | POSTMAP_FLAG_SAVE_PERM;
+     int     open_flags = O_RDWR | O_CREAT | O_TRUNC;
+     int     dict_flags = DICT_FLAG_DUP_WARN | DICT_FLAG_FOLD_FIX;
++    int     upgrade = 0;
+     char   *query = 0;
+     char   *delkey = 0;
+     int     sequence = 0;
+@@ -787,7 +802,7 @@
+     /*
+      * Parse JCL.
+      */
+-    while ((ch = GETOPT(argc, argv, "Nbc:d:fhimnopq:rsvw")) > 0) {
++    while ((ch = GETOPT(argc, argv, "Nbc:d:fhimnopq:rsuvw")) > 0) {
+ 	switch (ch) {
+ 	default:
+ 	    usage(argv[0]);
+@@ -804,8 +819,8 @@
+ 		msg_fatal("out of memory");
+ 	    break;
+ 	case 'd':
+-	    if (sequence || query || delkey)
+-		msg_fatal("specify only one of -s -q or -d");
++	    if (sequence || query || delkey || upgrade)
++		msg_fatal("specify only one of -s -q -u or -d");
+ 	    delkey = optarg;
+ 	    break;
+ 	case 'f':
+@@ -831,8 +846,8 @@
+ 	    postmap_flags &= ~POSTMAP_FLAG_SAVE_PERM;
+ 	    break;
+ 	case 'q':
+-	    if (sequence || query || delkey)
+-		msg_fatal("specify only one of -s -q or -d");
++	    if (sequence || query || delkey || upgrade)
++		msg_fatal("specify only one of -s -q -u or -d");
+ 	    query = optarg;
+ 	    break;
+ 	case 'r':
+@@ -840,10 +855,15 @@
+ 	    dict_flags |= DICT_FLAG_DUP_REPLACE;
+ 	    break;
+ 	case 's':
+-	    if (query || delkey)
+-		msg_fatal("specify only one of -s or -q or -d");
++	    if (query || delkey || upgrade)
++		msg_fatal("specify only one of -s or -q or -u or -d");
+ 	    sequence = 1;
+ 	    break;
++       case 'u':
++           if (sequence || query || delkey || upgrade)
++               msg_fatal("specify only one of -s -q -u or -d");
++           upgrade=1;
++           break;
+ 	case 'v':
+ 	    msg_verbose++;
+ 	    break;
+@@ -914,6 +934,21 @@
+ 	    exit(0);
+ 	}
+ 	exit(1);
++    } else if (upgrade) {                      /* Upgrade the map(s) */
++       int success = 1;
++       if (optind + 1 > argc)
++           usage(argv[0]);
++       while (optind < argc) {
++           if ((path_name = split_at(argv[optind], ':')) != 0) {
++               success &= postmap_upgrade(argv[optind], path_name);
++           } else {
++               success &= postmap_upgrade(var_db_type, path_name);
++           }
++           if (!success)
++               exit(1);
++           optind++;
++       }
++       exit(0);
+     } else {					/* create/update map(s) */
+ 	if (optind + 1 > argc)
+ 	    usage(argv[0]);
+diff -ruN a/src/tls/Makefile.in b/src/tls/Makefile.in
+--- a/src/tls/Makefile.in	2009-06-01 12:27:45.000000000 +0000
++++ b/src/tls/Makefile.in	2009-06-01 13:08:26.000000000 +0000
+@@ -22,7 +22,7 @@
+ INC_DIR	= ../../include
+ MAKES	=
+ 
+-.c.o:;	$(CC) $(CFLAGS) -c $*.c
++.c.o:;	$(CC) -fPIC $(CFLAGS) -c $*.c
+ 
+ all: $(LIB)
+ 
+@@ -38,12 +38,10 @@
+ root_tests:
+ 
+ $(LIB):	$(OBJS)
+-	$(AR) $(ARFL) $(LIB) $?
+-	$(RANLIB) $(LIB)
++	gcc -shared -Wl,-soname,libpostfix-tls.so.1 -o $(LIB) $(OBJS) $(LIBS) $(SYSLIBS)
+ 
+ $(LIB_DIR)/$(LIB): $(LIB)
+ 	cp $(LIB) $(LIB_DIR)
+-	$(RANLIB) $(LIB_DIR)/$(LIB)
+ 
+ update: $(LIB_DIR)/$(LIB) $(HDRS)
+ 	-for i in $(HDRS); \
+diff -ruN a/src/util/Makefile.in b/src/util/Makefile.in
+--- a/src/util/Makefile.in	2009-06-01 12:27:45.000000000 +0000
++++ b/src/util/Makefile.in	2009-06-01 13:08:26.000000000 +0000
+@@ -31,21 +31,23 @@
+ 	vstream_popen.c vstring.c vstring_vstream.c watchdog.c writable.c \
+ 	write_buf.c write_wait.c sane_basename.c format_tv.c allspace.c \
+ 	allascii.c load_file.c killme_after.c vstream_tweak.c upass_connect.c \
+-	upass_listen.c upass_trigger.c edit_file.c inet_windowsize.c
++	upass_listen.c upass_trigger.c edit_file.c inet_windowsize.c \
++	load_lib.c
+ OBJS	= alldig.o allprint.o argv.o argv_split.o attr_clnt.o attr_print0.o \
+ 	attr_print64.o attr_print_plain.o attr_scan0.o attr_scan64.o \
+ 	attr_scan_plain.o auto_clnt.o base64_code.o basename.o binhash.o \
+ 	chroot_uid.o cidr_match.o clean_env.o close_on_exec.o concatenate.o \
+ 	ctable.o dict.o dict_alloc.o dict_cdb.o dict_cidr.o dict_db.o \
+ 	dict_dbm.o dict_debug.o dict_env.o dict_ht.o dict_ni.o dict_nis.o \
+-	dict_nisplus.o dict_open.o dict_pcre.o dict_regexp.o dict_sdbm.o \
+-	dict_static.o dict_tcp.o dict_unix.o dir_forest.o doze.o dummy_read.o \
++	dict_nisplus.o dict_open.o dict_regexp.o \
++	dict_static.o dict_unix.o dir_forest.o doze.o dummy_read.o \
+ 	dummy_write.o duplex_pipe.o environ.o events.o exec_command.o \
+ 	fifo_listen.o fifo_trigger.o file_limit.o find_inet.o fsspace.o \
+ 	fullname.o get_domainname.o get_hostname.o hex_code.o hex_quote.o \
+ 	host_port.o htable.o inet_addr_host.o inet_addr_list.o \
+ 	inet_addr_local.o inet_connect.o inet_listen.o inet_proto.o \
+ 	inet_trigger.o line_wrap.o lowercase.o lstat_as.o mac_expand.o \
++	load_lib.o \
+ 	mac_parse.o make_dirs.o mask_addr.o match_list.o match_ops.o msg.o \
+ 	msg_output.o msg_syslog.o msg_vstream.o mvect.o myaddrinfo.o myflock.o \
+ 	mymalloc.o myrand.o mystrtok.o name_code.o name_mask.o netstring.o \
+@@ -78,7 +80,7 @@
+ 	msg_output.h msg_syslog.h msg_vstream.h mvect.h myaddrinfo.h myflock.h \
+ 	mymalloc.h myrand.h name_code.h name_mask.h netstring.h nvtable.h \
+ 	open_as.h open_lock.h percentm.h posix_signals.h readlline.h ring.h \
+-	safe.h safe_open.h sane_accept.h sane_connect.h sane_fsops.h \
++	safe.h safe_open.h sane_accept.h sane_connect.h sane_fsops.h load_lib.h \
+ 	sane_socketpair.h sane_time.h scan_dir.h set_eugid.h set_ugid.h \
+ 	sigdelay.h sock_addr.h spawn_command.h split_at.h stat_as.h \
+ 	stringops.h sys_defs.h timed_connect.h timed_wait.h trigger.h \
+@@ -91,6 +93,7 @@
+ CFLAGS	= $(DEBUG) $(OPT) $(DEFS)
+ FILES	= Makefile $(SRCS) $(HDRS)
+ INCL	=
++PCRESO  = dict_pcre.so
+ LIB	= libutil.a
+ TESTPROG= dict_open dup2_pass_on_exec events exec_command fifo_open \
+ 	fifo_rdonly_bug fifo_rdwr_bug fifo_trigger fsspace fullname \
+@@ -105,10 +108,11 @@
+ 
+ LIB_DIR	= ../../lib
+ INC_DIR	= ../../include
++LIBS    = $(LIB_DIR)/$(LIB) $(PCRESO)
+ 
+-.c.o:;	$(CC) $(CFLAGS) -c $*.c
++.c.o:;	$(CC) -fPIC $(CFLAGS) -c $*.c
+ 
+-all: $(LIB)
++all: $(LIB) $(PCRESO)
+ 
+ $(OBJS): ../../conf/makedefs.out
+ 
+@@ -117,15 +121,19 @@
+ 
+ test:	$(TESTPROG)
+ 
++$(PCRESO): dict_pcre.o libutil.a
++	gcc -shared -Wl,-soname,dict_pcre.so -o $@ $? -lpcre -L. -lutil
++
+ $(LIB):	$(OBJS)
+-	$(AR) $(ARFL) $(LIB) $?
+-	$(RANLIB) $(LIB)
++	gcc -shared -Wl,-soname,libpostfix-util.so.1 -o $(LIB) $(OBJS) -ldl $(SYSLIBS)
+ 
+ $(LIB_DIR)/$(LIB): $(LIB)
+ 	cp $(LIB) $(LIB_DIR)
+-	$(RANLIB) $(LIB_DIR)/$(LIB)
+ 
+-update: $(LIB_DIR)/$(LIB) $(HDRS)
++../../libexec/$(PCRESO): $(PCRESO)
++	cp $(PCRESO) ../../libexec
++
++update: $(LIBS) ../../libexec/$(PCRESO) $(HDRS)
+ 	-for i in $(HDRS); \
+ 	do \
+ 	  cmp -s $$i $(INC_DIR)/$$i 2>/dev/null || cp $$i $(INC_DIR); \
+@@ -147,7 +155,8 @@
+ 	lint $(SRCS)
+ 
+ clean:
+-	rm -f *.o $(LIB) *core $(TESTPROG) junk $(MAKES) *.tmp
++	rm -f *.o $(LIB) $(PCRESO) *core $(TESTPROG) \
++		junk $(MAKES) *.tmp
+ 	rm -rf printfck
+ 
+ tidy:	clean
+diff -ruN a/src/util/dict.h b/src/util/dict.h
+--- a/src/util/dict.h	2009-06-01 12:27:45.000000000 +0000
++++ b/src/util/dict.h	2009-06-01 13:08:26.000000000 +0000
+@@ -66,6 +66,7 @@
+ #define DICT_FLAG_NO_UNAUTH	(1<<13)	/* disallow unauthenticated data */
+ #define DICT_FLAG_FOLD_FIX	(1<<14)	/* case-fold key with fixed-case map */
+ #define DICT_FLAG_FOLD_MUL	(1<<15)	/* case-fold key with multi-case map */
++#define DICT_FLAG_UPGRADE	(1<<30) /* Upgrade the db */
+ #define DICT_FLAG_FOLD_ANY	(DICT_FLAG_FOLD_FIX | DICT_FLAG_FOLD_MUL)
+ 
+  /* IMPORTANT: Update the dict_mask[] table when the above changes */
+@@ -138,6 +139,11 @@
+ extern DICT *dict_open(const char *, int, int);
+ extern DICT *dict_open3(const char *, const char *, int, int);
+ extern void dict_open_register(const char *, DICT *(*) (const char *, int, int));
++#ifndef NO_DYNAMIC_MAPS
++extern void dict_open_dlinfo(const char *path);
++typedef void* (*dict_mkmap_func_t)(const char *);
++dict_mkmap_func_t dict_mkmap_func(const char *dict_type);
++#endif
+ 
+ #define dict_get(dp, key)	((const char *) (dp)->lookup((dp), (key)))
+ #define dict_put(dp, key, val)	(dp)->update((dp), (key), (val))
+diff -ruN a/src/util/dict_db.c b/src/util/dict_db.c
+--- a/src/util/dict_db.c	2009-06-01 12:27:45.000000000 +0000
++++ b/src/util/dict_db.c	2009-06-01 13:08:26.000000000 +0000
+@@ -664,6 +664,12 @@
+ 	msg_fatal("set DB cache size %d: %m", dict_db_cache_size);
+     if (type == DB_HASH && db->set_h_nelem(db, DICT_DB_NELM) != 0)
+ 	msg_fatal("set DB hash element count %d: %m", DICT_DB_NELM);
++    if (dict_flags & DICT_FLAG_UPGRADE) {
++	if (msg_verbose)
++	    msg_info("upgrading database %s",db_path);
++	if ((errno = db->upgrade(db,db_path,0)) != 0)
++	    msg_fatal("upgrade of database %s: %m",db_path);
++    }
+ #if (DB_VERSION_MAJOR == 4 && DB_VERSION_MINOR > 0)
+     if ((errno = db->open(db, 0, db_path, 0, type, db_flags, 0644)) != 0)
+ 	msg_fatal("open database %s: %m", db_path);
+diff -ruN a/src/util/dict_dbm.c b/src/util/dict_dbm.c
+--- a/src/util/dict_dbm.c	2009-06-01 12:27:45.000000000 +0000
++++ b/src/util/dict_dbm.c	2009-06-01 13:08:26.000000000 +0000
+@@ -407,6 +407,10 @@
+     char   *dbm_path;
+     int     lock_fd;
+ 
++#ifdef HAVE_GDBM
++    msg_fatal("%s: gdbm maps use locking that is incompatible with postfix.  Use a hash map instead.",
++		 path);
++#endif
+     /*
+      * Note: DICT_FLAG_LOCK is used only by programs that do fine-grained (in
+      * the time domain) locking while accessing individual database records.
+diff -ruN a/src/util/dict_open.c b/src/util/dict_open.c
+--- a/src/util/dict_open.c	2009-06-01 12:27:45.000000000 +0000
++++ b/src/util/dict_open.c	2009-06-01 13:08:26.000000000 +0000
+@@ -44,6 +44,8 @@
+ /*	DICT	*(*open) (const char *, int, int);
+ /*
+ /*	ARGV	*dict_mapnames()
++/*
++/*	void (*)() dict_mkmap_func(const char *dict_type)
+ /* DESCRIPTION
+ /*	This module implements a low-level interface to multiple
+ /*	physical dictionary types.
+@@ -159,6 +161,9 @@
+ /*
+ /*	dict_mapnames() returns a sorted list with the names of all available
+ /*	dictionary types.
++/*
++/*	dict_mkmap_func() returns a pointer to the mkmap setup function
++/*	for the given map type, as given in /etc/dynamicmaps.cf
+ /* DIAGNOSTICS
+ /*	Fatal error: open error, unsupported dictionary type, attempt to
+ /*	update non-writable dictionary.
+@@ -183,6 +188,9 @@
+ #include <strings.h>
+ #endif
+ 
++#include <sys/stat.h>
++#include <unistd.h>
++
+ /* Utility library. */
+ 
+ #include <argv.h>
+@@ -207,6 +215,27 @@
+ #include <split_at.h>
+ #include <htable.h>
+ 
++#ifndef NO_DYNAMIC_MAPS
++#include <load_lib.h>
++#include <vstring.h>
++#include <vstream.h>
++#include <vstring_vstream.h>
++#include <mvect.h>
++
++ /*
++  * Interface for dynamic map loading.
++  */
++typedef struct {
++    const char  *pattern;
++    const char  *soname;
++    const char  *openfunc;
++    const char  *mkmapfunc;
++} DLINFO;
++
++static DLINFO *dict_dlinfo;
++static DLINFO *dict_open_dlfind(const char *type);
++#endif
++
+  /*
+   * lookup table for available map types.
+   */
+@@ -221,9 +250,11 @@
+ #endif
+     DICT_TYPE_ENVIRON, dict_env_open,
+     DICT_TYPE_UNIX, dict_unix_open,
++#ifdef NO_DYNAMIC_MAPS
+ #ifdef SNAPSHOT
+     DICT_TYPE_TCP, dict_tcp_open,
+ #endif
++#endif
+ #ifdef HAS_SDBM
+     DICT_TYPE_SDBM, dict_sdbm_open,
+ #endif
+@@ -243,9 +274,11 @@
+ #ifdef HAS_NETINFO
+     DICT_TYPE_NETINFO, dict_ni_open,
+ #endif
++#ifdef NO_DYNAMIC_MAPS
+ #ifdef HAS_PCRE
+     DICT_TYPE_PCRE, dict_pcre_open,
+ #endif
++#endif /* NO_DYNAMIC_MAPS */
+ #ifdef HAS_POSIX_REGEXP
+     DICT_TYPE_REGEXP, dict_regexp_open,
+ #endif
+@@ -303,8 +336,31 @@
+ 		  dict_type, dict_name);
+     if (dict_open_hash == 0)
+ 	dict_open_init();
+-    if ((dp = (DICT_OPEN_INFO *) htable_find(dict_open_hash, dict_type)) == 0)
+-	msg_fatal("unsupported dictionary type: %s", dict_type);
++    if ((dp = (DICT_OPEN_INFO *) htable_find(dict_open_hash, dict_type)) == 0) {
++#ifdef NO_DYNAMIC_MAPS
++	msg_fatal("%s: unsupported dictionary type: %s", myname, dict_type);
++#else
++	struct stat st;
++	LIB_FN fn[2];
++	DICT *(*open) (const char *, int, int);
++	DLINFO *dl=dict_open_dlfind(dict_type);
++	if (!dl)
++	    msg_fatal("%s: unsupported dictionary type: %s:  Is the postfix-%s package installed?", myname, dict_type, dict_type);
++	if (stat(dl->soname,&st) < 0) {
++	    msg_fatal("%s: unsupported dictionary type: %s (%s not found.  Is the postfix-%s package installed?)",
++		myname, dict_type, dl->soname, dict_type);
++	}
++	fn[0].name = dl->openfunc;
++	fn[0].ptr  = (void**)&open;
++	fn[1].name = NULL;
++	load_library_symbols(dl->soname, fn, NULL);
++	dict_open_register(dict_type, open);
++	dp = (DICT_OPEN_INFO *) htable_find(dict_open_hash, dict_type);
++#endif
++    }
++    if (msg_verbose>1) {
++	msg_info("%s: calling %s open routine",myname,dict_type);
++    }
+     if ((dict = dp->open(dict_name, open_flags, dict_flags)) == 0)
+ 	msg_fatal("opening %s:%s %m", dict_type, dict_name);
+     if (msg_verbose)
+@@ -312,6 +368,36 @@
+     return (dict);
+ }
+ 
++dict_mkmap_func_t dict_mkmap_func(const char *dict_type)
++{
++    char   *myname="dict_mkmap_func";
++    struct stat st;
++    LIB_FN fn[2];
++    dict_mkmap_func_t mkmap;
++    DLINFO *dl;
++#ifndef NO_DYNAMIC_MAPS
++    if (!dict_dlinfo)
++	msg_fatal("dlinfo==NULL");
++    dl=dict_open_dlfind(dict_type);
++    if (!dl)
++	msg_fatal("%s: unsupported dictionary type: %s:  Is the postfix-%s package installed?", myname, dict_type, dict_type);
++    if (stat(dl->soname,&st) < 0) {
++	msg_fatal("%s: unsupported dictionary type: %s (%s not found.  Is the postfix-%s package installed?)",
++	    myname, dict_type, dl->soname, dict_type);
++    }
++    if (!dl->mkmapfunc)
++	msg_fatal("%s: unsupported dictionary type: %s does not allow map creation.", myname, dict_type);
++
++    fn[0].name = dl->mkmapfunc;
++    fn[0].ptr  = (void**)&mkmap;
++    fn[1].name = NULL;
++    load_library_symbols(dl->soname, fn, NULL);
++    return mkmap;
++#else
++    return (void(*)())NULL;
++#endif
++}
++
+ /* dict_open_register - register dictionary type */
+ 
+ void    dict_open_register(const char *type,
+@@ -345,6 +431,9 @@
+     HTABLE_INFO **ht;
+     DICT_OPEN_INFO *dp;
+     ARGV   *mapnames;
++#ifndef NO_DYNAMIC_MAPS
++    DLINFO *dlp;
++#endif
+ 
+     if (dict_open_hash == 0)
+ 	dict_open_init();
+@@ -353,6 +442,13 @@
+ 	dp = (DICT_OPEN_INFO *) ht[0]->value;
+ 	argv_add(mapnames, dp->type, ARGV_END);
+     }
++#ifndef NO_DYNAMIC_MAPS
++    if (!dict_dlinfo)
++	msg_fatal("dlinfo==NULL");
++    for (dlp=dict_dlinfo; dlp->pattern; dlp++) {
++	argv_add(mapnames, dlp->pattern, ARGV_END);
++    }
++#endif
+     qsort((void *) mapnames->argv, mapnames->argc, sizeof(mapnames->argv[0]),
+ 	  dict_sort_alpha_cpp);
+     myfree((char *) ht_info);
+@@ -360,6 +456,87 @@
+     return mapnames;
+ }
+ 
++#ifndef NO_DYNAMIC_MAPS
++#define	STREQ(x,y) (x == y || (x[0] == y[0] && strcmp(x,y) == 0))
++
++void dict_open_dlinfo(const char *path)
++{
++    char    *myname="dict_open_dlinfo";
++    VSTREAM *conf_fp=vstream_fopen(path,O_RDONLY,0);
++    VSTRING *buf = vstring_alloc(100);
++    char    *cp;
++    ARGV    *argv;
++    MVECT    vector;
++    int      nelm=0;
++    int      linenum=0;
++
++    dict_dlinfo=(DLINFO*)mvect_alloc(&vector,sizeof(DLINFO),3,NULL,NULL);
++
++    if (!conf_fp) {
++	msg_warn("%s: cannot open %s.  No dynamic maps will be allowed.",
++		myname, path);
++    } else {
++	while (vstring_get_nonl(buf,conf_fp) != VSTREAM_EOF) {
++	    cp = vstring_str(buf);
++	    linenum++;
++	    if (*cp == '#' || *cp == '\0')
++		continue;
++	    argv = argv_split(cp, " \t");
++	    if (argv->argc != 3 && argv->argc != 4) {
++		msg_fatal("%s: Expected \"pattern .so-name open-function [mkmap-function]\" at line %d",
++			  myname, linenum);
++	    }
++	    if (STREQ(argv->argv[0],"*")) {
++		msg_warn("%s: wildcard dynamic map entry no longer supported.",
++			  myname);
++		continue;
++	    }
++	    if (argv->argv[1][0] != '/') {
++		msg_fatal("%s: .so name must begin with a \"/\" at line %d",
++			  myname, linenum);
++	    }
++	    if (nelm >= vector.nelm) {
++		dict_dlinfo=(DLINFO*)mvect_realloc(&vector,vector.nelm+3);
++	    }
++	    dict_dlinfo[nelm].pattern  = mystrdup(argv->argv[0]);
++	    dict_dlinfo[nelm].soname   = mystrdup(argv->argv[1]);
++	    dict_dlinfo[nelm].openfunc = mystrdup(argv->argv[2]);
++	    if (argv->argc==4)
++		dict_dlinfo[nelm].mkmapfunc = mystrdup(argv->argv[3]);
++	    else
++		dict_dlinfo[nelm].mkmapfunc = NULL;
++	    nelm++;
++	    argv_free(argv);
++	}
++    }
++    if (nelm >= vector.nelm) {
++	dict_dlinfo=(DLINFO*)mvect_realloc(&vector,vector.nelm+1);
++    }
++    dict_dlinfo[nelm].pattern  = NULL;
++    dict_dlinfo[nelm].soname   = NULL;
++    dict_dlinfo[nelm].openfunc = NULL;
++    dict_dlinfo[nelm].mkmapfunc = NULL;
++    if (conf_fp)
++	vstream_fclose(conf_fp);
++    vstring_free(buf);
++}
++
++static DLINFO *dict_open_dlfind(const char *type)
++{
++    DLINFO *dp;
++
++    if (!dict_dlinfo)
++	return NULL;
++
++    for (dp=dict_dlinfo; dp->pattern; dp++) {
++	if (STREQ(dp->pattern,type))
++	    return dp;
++    }
++    return NULL;
++}
++
++#endif /* !NO_DYNAMIC_MAPS */
++
+ #ifdef TEST
+ 
+  /*
+diff -ruN a/src/util/load_lib.c b/src/util/load_lib.c
+--- a/src/util/load_lib.c	1970-01-01 00:00:00.000000000 +0000
++++ b/src/util/load_lib.c	2009-06-01 13:08:26.000000000 +0000
+@@ -0,0 +1,135 @@
++/*++
++/* NAME
++/*	load_lib 3
++/* SUMMARY
++/*	library loading wrappers
++/* SYNOPSIS
++/*	#include <load_lib.h>
++/*
++/*	extern int  load_library_symbols(const char *, LIB_FN *, LIB_FN *);
++/*	const char *libname;
++/*      LIB_FN     *libfuncs;
++/*      LIB_FN     *libdata;
++/*
++/* DESCRIPTION
++/*	This module loads functions from libraries, returnine pointers
++/*	to the named functions.
++/*
++/*	load_library_symbols() loads all of the desired functions, and
++/*	returns zero for success, or exits via msg_fatal().
++/*
++/* SEE ALSO
++/*	msg(3) diagnostics interface
++/* DIAGNOSTICS
++/*	Problems are reported via the msg(3) diagnostics routines:
++/*	library not found, symbols not found, other fatal errors.
++/* LICENSE
++/* .ad
++/* .fi
++/*	The Secure Mailer license must be distributed with this software.
++/* AUTHOR(S)
++/*	LaMont Jones
++/*	Hewlett-Packard Company
++/*	3404 Harmony Road
++/*	Fort Collins, CO 80528, USA
++/*
++/*	Wietse Venema
++/*	IBM T.J. Watson Research
++/*	P.O. Box 704
++/*	Yorktown Heights, NY 10598, USA
++/*--*/
++
++/* System libraries. */
++
++#include "sys_defs.h"
++#include <stdlib.h>
++#include <stddef.h>
++#include <string.h>
++#if defined(HAS_DLOPEN)
++#include <dlfcn.h>
++#elif defined(HAS_SHL_LOAD)
++#include <dl.h>
++#endif
++
++/* Application-specific. */
++
++#include "msg.h"
++#include "load_lib.h"
++
++extern int  load_library_symbols(const char * libname, LIB_FN * libfuncs, LIB_FN * libdata)
++{
++    char   *myname = "load_library_symbols";
++    LIB_FN *fn;
++
++#if defined(HAS_DLOPEN)
++    void   *handle;
++    char   *emsg;
++
++    handle=dlopen(libname,RTLD_NOW);
++    emsg=dlerror();
++    if (emsg) {
++	msg_fatal("%s: dlopen failure loading %s: %s", myname, libname, emsg);
++    }
++
++    if (libfuncs) {
++	for (fn=libfuncs; fn->name; fn++) {
++	    *(fn->ptr) = dlsym(handle,fn->name);
++	    emsg=dlerror();
++	    if (emsg) {
++		msg_fatal("%s: dlsym failure looking up %s in %s: %s", myname,
++			  fn->name, libname, emsg);
++	    }
++	    if (msg_verbose>1) {
++		msg_info("loaded %s = %lx",fn->name, *((long*)(fn->ptr)));
++	    }
++	}
++    }
++
++    if (libdata) {
++	for (fn=libdata; fn->name; fn++) {
++	    *(fn->ptr) = dlsym(handle,fn->name);
++	    emsg=dlerror();
++	    if (emsg) {
++		msg_fatal("%s: dlsym failure looking up %s in %s: %s", myname,
++			  fn->name, libname, emsg);
++	    }
++	    if (msg_verbose>1) {
++		msg_info("loaded %s = %lx",fn->name, *((long*)(fn->ptr)));
++	    }
++	}
++    }
++#elif defined(HAS_SHL_LOAD)
++    shl_t   handle;
++
++    handle = shl_load(libname,BIND_IMMEDIATE,0);
++
++    if (libfuncs) {
++	for (fn=libfuncs; fn->name; fn++) {
++	    if (shl_findsym(&handle,fn->name,TYPE_PROCEDURE,fn->ptr) != 0) {
++		msg_fatal("%s: shl_findsym failure looking up %s in %s: %m",
++			  myname, fn->name, libname);
++	    }
++	    if (msg_verbose>1) {
++		msg_info("loaded %s = %x",fn->name, *((long*)(fn->ptr)));
++	    }
++	}
++    }
++
++    if (libdata) {
++	for (fn=libdata; fn->name; fn++) {
++	    if (shl_findsym(&handle,fn->name,TYPE_DATA,fn->ptr) != 0) {
++		msg_fatal("%s: shl_findsym failure looking up %s in %s: %m",
++			  myname, fn->name, libname);
++	    }
++	    if (msg_verbose>1) {
++		msg_info("loaded %s = %x",fn->name, *((long*)(fn->ptr)));
++	    }
++	}
++    }
++
++#else
++    msg_fatal("%s: need dlopen or shl_load support for dynamic libraries",
++		myname);
++#endif
++    return 0;
++}
+diff -ruN a/src/util/load_lib.h b/src/util/load_lib.h
+--- a/src/util/load_lib.h	1970-01-01 00:00:00.000000000 +0000
++++ b/src/util/load_lib.h	2009-06-01 13:08:26.000000000 +0000
+@@ -0,0 +1,41 @@
++#ifndef _LOAD_LIB_H_INCLUDED_
++#define _LOAD_LIB_H_INCLUDED_
++
++/*++
++/* NAME
++/*	load_lib 3h
++/* SUMMARY
++/*	library loading wrappers
++/* SYNOPSIS
++/*	#include "load_lib.h"
++/* DESCRIPTION
++/* .nf
++
++ /*
++  * External interface.
++  */
++/* NULL name terminates list */
++typedef struct LIB_FN {
++    const char *name;
++    void       **ptr;
++} LIB_FN;
++
++extern int  load_library_symbols(const char *, LIB_FN *, LIB_FN *);
++
++/* LICENSE
++/* .ad
++/* .fi
++/*	The Secure Mailer license must be distributed with this software.
++/* AUTHOR(S)
++/*	LaMont Jones
++/*	Hewlett-Packard Company
++/*	3404 Harmony Road
++/*	Fort Collins, CO 80528, USA
++/*
++/*	Wietse Venema
++/*	IBM T.J. Watson Research
++/*	P.O. Box 704
++/*	Yorktown Heights, NY 10598, USA
++/*--*/
++
++#endif
diff --git a/main/postfix/postfix-ldap.post-install b/main/postfix/postfix-ldap.post-install
new file mode 100644
index 0000000000..b8d23833b6
--- /dev/null
+++ b/main/postfix/postfix-ldap.post-install
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# update the dynamicmaps.cf
+conf=/etc/postfix/dynamicmaps.cf
+
+sed -i -e '/\#\# AUTO BEGIN/,/\#\# AUTO END/d' $conf
+
+(
+echo '## AUTO BEGIN ##'
+if cd /usr/lib/postfix/; then
+	for i in *.so; do
+		m=${i#dict_}
+		m=${m%.so}
+		echo -e "$m\t/usr/lib/postfix/$i\tdict_${m}_open"
+	done
+fi
+	
+echo '## AUTO END ##'
+) >> $conf
diff --git a/main/postfix/postfix-mysql.post-install b/main/postfix/postfix-mysql.post-install
new file mode 100644
index 0000000000..b8d23833b6
--- /dev/null
+++ b/main/postfix/postfix-mysql.post-install
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# update the dynamicmaps.cf
+conf=/etc/postfix/dynamicmaps.cf
+
+sed -i -e '/\#\# AUTO BEGIN/,/\#\# AUTO END/d' $conf
+
+(
+echo '## AUTO BEGIN ##'
+if cd /usr/lib/postfix/; then
+	for i in *.so; do
+		m=${i#dict_}
+		m=${m%.so}
+		echo -e "$m\t/usr/lib/postfix/$i\tdict_${m}_open"
+	done
+fi
+	
+echo '## AUTO END ##'
+) >> $conf
diff --git a/main/postfix/postfix-pcre.post-install b/main/postfix/postfix-pcre.post-install
new file mode 100644
index 0000000000..f15b00cf75
--- /dev/null
+++ b/main/postfix/postfix-pcre.post-install
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# update the dynamicmaps.cf
+conf=/etc/postfix/dynamicmaps.cf
+
+sed -i -e '/\#\# AUTO BEGIN/,/\#\# AUTO END/d' $conf
+
+(
+echo '## AUTO BEGIN ##'
+if cd /usr/lib/postfix/; then
+	for i in *.so; do
+		m=${i#dict_}
+		m=${m%.so}
+		echo -e "$m\t/usr/lib/postfix/$i\tdict_${m}_open"
+		# pcre also handles regexp
+		if [ "$m" = "pcre" ]; then
+			echo -e "regex\t/usr/lib/postfix/$i\tdict_${m}_open"
+		fi
+
+	done
+fi
+	
+echo '## AUTO END ##'
+) >> $conf
+
diff --git a/main/postfix/postfix-pgsql.post-install b/main/postfix/postfix-pgsql.post-install
new file mode 100644
index 0000000000..b8d23833b6
--- /dev/null
+++ b/main/postfix/postfix-pgsql.post-install
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+# update the dynamicmaps.cf
+conf=/etc/postfix/dynamicmaps.cf
+
+sed -i -e '/\#\# AUTO BEGIN/,/\#\# AUTO END/d' $conf
+
+(
+echo '## AUTO BEGIN ##'
+if cd /usr/lib/postfix/; then
+	for i in *.so; do
+		m=${i#dict_}
+		m=${m%.so}
+		echo -e "$m\t/usr/lib/postfix/$i\tdict_${m}_open"
+	done
+fi
+	
+echo '## AUTO END ##'
+) >> $conf
diff --git a/main/postfix/postfix.initd b/main/postfix/postfix.initd
new file mode 100644
index 0000000000..b2396b3aea
--- /dev/null
+++ b/main/postfix/postfix.initd
@@ -0,0 +1,48 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/mail-mta/postfix/files/postfix.rc6.2.5,v 1.3 2008/08/18 14:18:40 falco Exp $
+
+# If you plan to simultaneously use several Postfix instances, don't forget
+# to specify your alternate_config_directories variable in your main main.cf file.
+# Then make a symlink from /etc/init.d/postfix to /etc/init.d/postfix.alt,
+# prepare your new /etc/postfix.alt environment, and at least change these working paths:
+# queue_directory = /var/spool/postfix.alt
+# data_directory = /var/lib/postfix.alt
+
+CONF_DIR="/etc/postfix"
+CONF_OPT="${SVCNAME##*.}"
+if [ -n ${CONF_OPT} -a ${SVCNAME} != "postfix" ]; then
+	CONF_DIR="${CONF_DIR}.${CONF_OPT}"
+fi
+
+opts="${opts} reload"
+
+depend() {
+	use logger dns ypbind amavisd mysql postgresql antivirus postfix_greylist net saslauthd
+	if [ "${SVCNAME}" = "postfix" ]; then
+		provide mta
+	fi
+}
+
+start() {
+	ebegin "Starting postfix (${CONF_DIR})"
+	if [ ! -d ${CONF_DIR} ]; then
+		eend 1 "${CONF_DIR} does not exist"
+		return 1
+	fi
+	/usr/sbin/postfix -c ${CONF_DIR} start >/dev/null 2>&1
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping postfix (${CONF_DIR})"
+	/usr/sbin/postfix -c ${CONF_DIR} stop >/dev/null 2>&1
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading postfix (${CONF_DIR})"
+	/usr/sbin/postfix -c ${CONF_DIR} reload >/dev/null 2>&1
+	eend $?
+}
diff --git a/main/postfix/postfix.post-install b/main/postfix/postfix.post-install
new file mode 100644
index 0000000000..98e01db0bb
--- /dev/null
+++ b/main/postfix/postfix.post-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+chown postfix /var/spool/postfix/* /var/lib/postfix
+chgrp postdrop /var/spool/postfix/maildrop /var/spool/postfix/public
+
+exit 0
diff --git a/main/postfix/postfix.pre-install b/main/postfix/postfix.pre-install
new file mode 100644
index 0000000000..22414ef615
--- /dev/null
+++ b/main/postfix/postfix.pre-install
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+addgroup postfix 2>/dev/null
+addgroup postdrop 2>/dev/null
+adduser postfix -h /var/spool/postfix -G postfix,mail 2>/dev/null
+
+exit 0
diff --git a/main/postgresql/APKBUILD b/main/postgresql/APKBUILD
new file mode 100644
index 0000000000..a2d921ed14
--- /dev/null
+++ b/main/postgresql/APKBUILD
@@ -0,0 +1,50 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=postgresql
+pkgver=8.3.7
+pkgrel=3
+pkgdesc="A sophisticated object-relational DBMS"
+url="http://www.postgresql.org/"
+license="BSD"
+depends="bbsuid"
+makedepends="readline-dev openssl-dev zlib-dev"
+subpackages="$pkgname-dev $pkgname-doc libpq $pkgname-client"
+source="ftp://ftp.$pkgname.org/pub/source/v$pkgver/$pkgname-$pkgver.tar.bz2
+	$pkgname.initd
+	$pkgname.confd
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver || return 1
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--with-docdir=/usr/share/doc \
+		--with-openssl \
+		|| return 1
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+
+	install -D -m755 "$srcdir"/postgresql.initd \
+		"$pkgdir"/etc/init.d/postgresql
+	install -D -m644 "$srcdir"/postgresql.confd \
+		"$pkgdir"/etc/conf.d/postgresql || return 1
+}
+
+libpq() {
+	depends=
+	pkgdesc="PostgreSQL libraries"
+	mkdir -p "$subpkgdir"/usr/lib
+	mv "$pkgdir"/usr/lib/libpq.so* "$subpkgdir"/usr/lib/
+}
+
+client() {
+	depends=
+	pkgdesc="PostgreSQL client"
+	mkdir -p "$subpkgdir"/usr/bin
+	mv "$pkgdir"/usr/bin/psql "$subpkgdir"/usr/bin/
+}
+
+
+md5sums="7b7e91a2221e55fe1b167e663217a96d  postgresql-8.3.7.tar.bz2
+6dd7bd7c97252312357a255237115b38  postgresql.initd
+ea3320c56a22f5c305199886c2766387  postgresql.confd"
diff --git a/main/postgresql/postgresql.confd b/main/postgresql/postgresql.confd
new file mode 100644
index 0000000000..56561b0c40
--- /dev/null
+++ b/main/postgresql/postgresql.confd
@@ -0,0 +1,52 @@
+# PostgreSQL's Database Directory
+PGDATA="/var/lib/postgresql/8.3/data"
+
+# PostgreSQL User
+PGUSER="postgres"
+
+# PostgreSQL Group
+PGGROUP="postgres"
+
+# Extra options to run postmaster with, e.g.:
+# -N is the maximal number of client connections
+# -B is the number of shared buffers and has to be at least 2x the value for -N
+# Please read the man-page to postmaster for more options. Many of these options
+# can be set directly in the configuration-file.
+#PGOPTS="-N 512 -B 1024"
+
+
+# SERVER SHUTDOWN:
+# The server will receive 3 signals in the worst case:
+# 1. SIGTERM
+#  This signals the server to ignore new connections and to
+#  wait for all clients to end their transactions before shutting down.
+#  Use WAIT_FOR_DISCONNECT to control how much time the clients
+#  should have until the next signal is being sent.
+# 2. SIGINT
+#  Tell the server to forcefully disconnect all clients.
+#  Terminating a client results in a rollback of the open transactions for this client.
+#  Use WAIT_FOR_CLEANUP to determine how much time the server has
+#  for cleanup.
+# 3. SIGQUIT
+#  This will terminate the server immediately and results in a recovery run for the next start.
+
+# Wait for clients to disconnect
+WAIT_FOR_DISCONNECT=30
+
+# Time the server has to clean up
+WAIT_FOR_CLEANUP=60
+
+# Time the server has to quit (with a recover-run on next startup)
+# Set to 0 to deactivate it
+WAIT_FOR_QUIT=60
+
+# Comment this out if you don't want to wait for the server to
+# startup before continuing.  For example, if this server is a 
+# PITR log shipping based replication standby
+WAIT_FOR_START="-w"
+
+# If you have to export environment variables for the database process,
+# this can be done here.
+#
+# Example:
+#   export R_HOME="/usr/lib/R"
diff --git a/main/postgresql/postgresql.initd b/main/postgresql/postgresql.initd
new file mode 100644
index 0000000000..3863a49aa4
--- /dev/null
+++ b/main/postgresql/postgresql.initd
@@ -0,0 +1,113 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/dev-db/postgresql-server/files/postgresql.init-8.3,v 1.4 2008/09/28 22:53:02 caleb Exp $
+
+opts="${opts} reload setup"
+
+depend() {
+	use net
+}
+
+checkconfig() {
+	if [ ! -d "$PGDATA" ] ; then
+		eerror "Directory not found: $PGDATA"
+		eerror "Please make sure that PGDATA points to the right path."
+		eerror "You can run '/etc/init.d/postgresql setup' to setup a new database cluster."
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting PostgreSQL"
+
+	if [ -f "$PGDATA/postmaster.pid" ] ; then
+		rm -f "$PGDATA/postmaster.pid"
+	fi
+
+	local retval
+
+	su -l ${PGUSER} \
+		-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl start ${WAIT_FOR_START} -o '--silent-mode=true ${PGOPTS}'" >/dev/null
+	retval=$?
+	[ $retval -ne 0 ] && eend $retval && return $retval
+
+	# The following is to catch the case of an already running server
+	# in which pg_ctl doesn't know to which server it connected to and false reports the server as 'up'
+	sleep 2
+	if [ ! -f "$PGDATA/postmaster.pid" ] ; then
+		eerror "The pid-file doesn't exist but pg_ctl reported a running server."
+		eerror "Please check whether there is another server running on the same port or read the log-file."
+		eend 1
+		return 1
+	fi
+
+	local pid=$(grep "^[0-9]\+" "$PGDATA/postmaster.pid")
+	test -d /proc/"${pid}" 
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping PostgreSQL (this can take up to $(( ${WAIT_FOR_DISCONNECT} + ${WAIT_FOR_CLEANUP} )) seconds)"
+
+	local retval
+
+	su -l ${PGUSER} \
+		-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl stop -t ${WAIT_FOR_DISCONNECT} -m smart" >/dev/null
+
+	retval=$?
+	[ $retval -eq 0 ] && eend $retval && return $retval
+
+	ewarn "Some clients did not disconnect within ${WAIT_FOR_DISCONNECT} seconds."
+	ewarn "Going to shutdown the server anyway."
+
+	su -l ${PGUSER} \
+		-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl stop -m fast" >/dev/null
+
+	retval=$?
+	[ $retval -eq 0 ] && eend $retval && return $retval
+
+	if [ ${WAIT_FOR_QUIT} -eq 0 ] ; then
+		eerror "Server did not shut down and sending the SIGQUIT has been disabled."
+		eend $retval
+		return $retval
+	fi
+
+	ewarn "Shutting down the server gracefully failed."
+	ewarn "Forcing it to shutdown which leads to a recover-run on next startup."
+
+	su -l ${PGUSER} \
+		-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl stop -m immediate" >/dev/null
+
+	retval=$?
+	[ $retval -eq 0 ] && eend $retval && return $retval
+
+	eerror "Forced shutdown failed!!! Something is wrong with your system, please take care of it manually."
+	eend $?
+}
+
+reload() {
+	ebegin "Reloading PostgreSQL configuration"
+	su -l ${PGUSER} \
+		-c "env PGDATA=\"${PGDATA}\" /usr/bin/pg_ctl reload" >/dev/null
+	eend $?
+}
+
+setup() { 
+	ebegin "Creating a new PostgreSQL database cluster" 
+	if [ -d "${PGDATA}" ] ; then 
+		eend 1 "${PGDATA} already exist" 
+		return 
+	fi 
+	mkdir -p "${PGDATA}" 
+	chown -Rf postgres:postgres "${PGDATA}" 
+	chmod 0700 "${PGDATA}" 
+	cd "${PGDATA}" # to avoid the: could not change directory to "/root" 
+	su -c "/usr/bin/initdb --pgdata ${PGDATA}" postgres
+	einfo "You can use the '/etc/init.d/postgresql' script to run PostgreSQL instead"
+	einfo "of 'pg_ctl'."
+	eend $? 
+} 
+
diff --git a/main/ppp/APKBUILD b/main/ppp/APKBUILD
new file mode 100644
index 0000000000..c50ea10c0a
--- /dev/null
+++ b/main/ppp/APKBUILD
@@ -0,0 +1,44 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=ppp
+pkgver=2.4.4
+pkgrel=0
+pkgdesc="A daemon which implements the PPP protocol for dial-up networking"
+url="http://www.samba.org/ppp/"
+license="custom:GPL/BSD"
+depends="uclibc libpcap"
+makedepends="libpcap-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://ftp.samba.org/pub/$pkgname/$pkgname-$pkgver.tar.gz
+	options
+	pon
+	poff
+	plog
+	pon.1
+	ip-up
+	ip-down"
+
+build () { 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr
+	make COPTS="$CFLAGS" || return 1
+	make INSTROOT="$pkgdir" install
+
+	install -D -m644 "$srcdir"/options "$pkgdir"/etc/ppp/options
+	install -D -m755 "$srcdir"/ip-up "$pkgdir"/etc/ppp/ip-up
+	install -D -m755 "$srcdir"/ip-down "$pkgdir"/etc/ppp/ip-down
+	install -D -m755 "$srcdir"/pon "$pkgdir"/usr/bin/pon
+	install -D -m755 "$srcdir"/poff "$pkgdir"/usr/bin/poff
+	install -D -m755 "$srcdir"/plog "$pkgdir"/usr/sbin/plog
+	install -D -m600 etc.ppp/pap-secrets "$pkgdir"/etc/ppp/pap-secrets
+	install -D -m600 etc.ppp/chap-secrets "$pkgdir"/etc/ppp/chap-secrets
+	install -D -m644 "$srcdir"/pon.1 "$pkgdir"/usr/share/man/man1/pon.1
+	mkdir -p "$pkgdir"/etc/ppp/peers
+}
+md5sums="183800762e266132218b204dfb428d29  ppp-2.4.4.tar.gz
+7a9259a8f038073eeea7e4552ff1849f  options
+48c024f73a80c8b69c4def22f86902cc  pon
+2d811f8470ccdea3b8c4505a438483e9  poff
+86cdaf133f7a79fb464f02d83afc7734  plog
+44cc662ba9aa61dd9add3ddd4c5ded57  pon.1
+fac0c773490371ea673f4be0977a230f  ip-up
+a88b40b1bf91eb5cca3762b7195e4fe2  ip-down"
diff --git a/main/ppp/ip-down b/main/ppp/ip-down
new file mode 100644
index 0000000000..3a88c496b8
--- /dev/null
+++ b/main/ppp/ip-down
@@ -0,0 +1,4 @@
+#!/bin/sh
+#
+# This script is run by pppd after the connection has ended.
+#
diff --git a/main/ppp/ip-up b/main/ppp/ip-up
new file mode 100644
index 0000000000..57e09c0047
--- /dev/null
+++ b/main/ppp/ip-up
@@ -0,0 +1,4 @@
+#!/bin/sh
+#
+# This script is run by pppd when there's a successful ppp connection.
+#
diff --git a/main/ppp/options b/main/ppp/options
new file mode 100644
index 0000000000..63691842c9
--- /dev/null
+++ b/main/ppp/options
@@ -0,0 +1,352 @@
+# /etc/ppp/options
+# 
+# Originally created by Jim Knoble <jmknoble@mercury.interpath.net>
+# Modified for Debian by alvar Bray <alvar@meiko.co.uk>
+# Modified for PPP Server setup by Christoph Lameter <clameter@debian.org>
+# Modified for ArchLinux by Manolis Tzanidakis <manolis@archlinux.org>
+#
+# To quickly see what options are active in this file, use this command:
+#   egrep -v '#|^ *$' /etc/ppp/options
+
+# Specify which DNS Servers the incoming Win95 or WinNT Connection should use
+# Two Servers can be remotely configured
+# ms-dns 192.168.1.1
+# ms-dns 192.168.1.2
+
+# Specify which WINS Servers the incoming connection Win95 or WinNT should use
+# ms-wins 192.168.1.50
+# ms-wins 192.168.1.51
+
+# Run the executable or shell command specified after pppd has
+# terminated the link.  This script could, for example, issue commands
+# to the modem to cause it to hang up if hardware modem control signals
+# were not available.
+#disconnect "chat -- \d+++\d\c OK ath0 OK"
+
+# async character map -- 32-bit hex; each bit is a character
+# that needs to be escaped for pppd to receive it.  0x00000001
+# represents '\x01', and 0x80000000 represents '\x1f'.
+asyncmap 0
+
+# Require the peer to authenticate itself before allowing network
+# packets to be sent or received.
+# Please do not disable this setting. It is expected to be standard in
+# future releases of pppd. Use the call option (see manpage) to disable
+# authentication for specific peers.
+auth
+
+# Use hardware flow control (i.e. RTS/CTS) to control the flow of data
+# on the serial port.
+crtscts
+
+# Use software flow control (i.e. XON/XOFF) to control the flow of data
+# on the serial port.
+#xonxoff
+
+# Specifies that certain characters should be escaped on transmission
+# (regardless of whether the peer requests them to be escaped with its
+# async control character map).  The characters to be escaped are
+# specified as a list of hex numbers separated by commas.  Note that
+# almost any character can be specified for the escape option, unlike
+# the asyncmap option which only allows control characters to be
+# specified.  The characters which may not be escaped are those with hex
+# values 0x20 - 0x3f or 0x5e.
+#escape 11,13,ff
+
+# Don't use the modem control lines.
+#local
+
+# Specifies that pppd should use a UUCP-style lock on the serial device
+# to ensure exclusive access to the device.
+lock
+
+# Don't show the passwords when logging the contents of PAP packets.
+# This is the default.
+hide-password
+
+# When logging the contents of PAP packets, this option causes pppd to
+# show the password string in the log message.
+#show-password
+
+# Use the modem control lines.  On Ultrix, this option implies hardware
+# flow control, as for the crtscts option.  (This option is not fully
+# implemented.)
+modem
+
+# Set the MRU [Maximum Receive Unit] value to <n> for negotiation.  pppd
+# will ask the peer to send packets of no more than <n> bytes. The
+# minimum MRU value is 128.  The default MRU value is 1500.  A value of
+# 296 is recommended for slow links (40 bytes for TCP/IP header + 256
+# bytes of data).
+#mru 542
+
+# Set the interface netmask to <n>, a 32 bit netmask in "decimal dot"
+# notation (e.g. 255.255.255.0).
+#netmask 255.255.255.0
+
+# Disables the default behaviour when no local IP address is specified,
+# which is to determine (if possible) the local IP address from the
+# hostname. With this option, the peer will have to supply the local IP
+# address during IPCP negotiation (unless it specified explicitly on the
+# command line or in an options file).
+#noipdefault
+
+# Enables the "passive" option in the LCP.  With this option, pppd will
+# attempt to initiate a connection; if no reply is received from the
+# peer, pppd will then just wait passively for a valid LCP packet from
+# the peer (instead of exiting, as it does without this option).
+#passive
+
+# With this option, pppd will not transmit LCP packets to initiate a
+# connection until a valid LCP packet is received from the peer (as for
+# the "passive" option with old versions of pppd).
+#silent
+
+# Don't request or allow negotiation of any options for LCP and IPCP
+# (use default values).
+#-all
+
+# Disable Address/Control compression negotiation (use default, i.e.
+# address/control field disabled).
+#-ac
+
+# Disable asyncmap negotiation (use the default asyncmap, i.e. escape
+# all control characters).
+#-am
+
+# Don't fork to become a background process (otherwise pppd will do so
+# if a serial device is specified).
+#-detach
+
+# Disable IP address negotiation (with this option, the remote IP
+# address must be specified with an option on the command line or in
+# an options file).
+#-ip
+
+# Disable IPCP negotiation and IP communication. This option should
+# only be required if the peer is buggy and gets confused by requests
+# from pppd for IPCP negotiation.
+#noip
+
+# Disable magic number negotiation.  With this option, pppd cannot
+# detect a looped-back line.
+#-mn
+
+# Disable MRU [Maximum Receive Unit] negotiation (use default, i.e.
+# 1500).
+#-mru
+
+# Disable protocol field compression negotiation (use default, i.e.
+# protocol field compression disabled).
+#-pc
+
+# Require the peer to authenticate itself using PAP.
+#+pap
+
+# Don't agree to authenticate using PAP.
+#-pap
+
+# Require the peer to authenticate itself using CHAP [Cryptographic
+# Handshake Authentication Protocol] authentication.
+#+chap
+
+# Don't agree to authenticate using CHAP.
+#-chap
+
+# Disable negotiation of Van Jacobson style IP header compression (use
+# default, i.e. no compression).
+#-vj
+
+# Increase debugging level (same as -d).  If this option is given, pppd
+# will log the contents of all control packets sent or received in a
+# readable form.  The packets are logged through syslog with facility
+# daemon and level debug. This information can be directed to a file by
+# setting up /etc/syslog.conf appropriately (see syslog.conf(5)).  (If
+# pppd is compiled with extra debugging enabled, it will log messages
+# using facility local2 instead of daemon).
+#debug
+
+# Append the domain name <d> to the local host name for authentication
+# purposes.  For example, if gethostname() returns the name porsche,
+# but the fully qualified domain name is porsche.Quotron.COM, you would
+# use the domain option to set the domain name to Quotron.COM.
+#domain <d>
+
+# Enable debugging code in the kernel-level PPP driver.  The argument n
+# is a number which is the sum of the following values: 1 to enable
+# general debug messages, 2 to request that the contents of received
+# packets be printed, and 4 to request that the contents of transmitted
+# packets be printed.
+#kdebug n
+
+# Set the MTU [Maximum Transmit Unit] value to <n>. Unless the peer
+# requests a smaller value via MRU negotiation, pppd will request that
+# the kernel networking code send data packets of no more than n bytes
+# through the PPP network interface.
+#mtu <n>
+
+# Set the name of the local system for authentication purposes to <n>.
+# This is a privileged option. With this option, pppd will use lines in the
+# secrets files which have <n> as the second field when looking for a
+# secret to use in authenticating the peer. In addition, unless overridden
+# with the user option, <n> will be used as the name to send to the peer
+# when authenticating the local system to the peer. (Note that pppd does
+# not append the domain name to <n>.)
+#name <n>
+
+# Enforce the use of the hostname as the name of the local system for
+# authentication purposes (overrides the name option).
+#usehostname
+
+# Set the assumed name of the remote system for authentication purposes
+# to <n>.
+#remotename <n>
+
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system.
+proxyarp
+
+# Use the system password database for authenticating the peer using
+# PAP. Note: mgetty already provides this option. If this is specified
+# then dialin from users using a script under Linux to fire up ppp wont work.
+# login
+
+# If this option is given, pppd will send an LCP echo-request frame to the
+# peer every n seconds. Normally the peer should respond to the echo-request
+# by sending an echo-reply. This option can be used with the
+# lcp-echo-failure option to detect that the peer is no longer connected.
+lcp-echo-interval 30
+
+# If this option is given, pppd will presume the peer to be dead if n
+# LCP echo-requests are sent without receiving a valid LCP echo-reply.
+# If this happens, pppd will terminate the connection.  Use of this
+# option requires a non-zero value for the lcp-echo-interval parameter.
+# This option can be used to enable pppd to terminate after the physical
+# connection has been broken (e.g., the modem has hung up) in
+# situations where no hardware modem control lines are available.
+lcp-echo-failure 4
+
+# Set the LCP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#lcp-restart <n>
+
+# Set the maximum number of LCP terminate-request transmissions to <n>
+# (default 3).
+#lcp-max-terminate <n>
+
+# Set the maximum number of LCP configure-request transmissions to <n>
+# (default 10).
+#lcp-max-configure <n>
+
+# Set the maximum number of LCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#lcp-max-failure <n>
+
+# Set the IPCP restart interval (retransmission timeout) to <n>
+# seconds (default 3).
+#ipcp-restart <n>
+
+# Set the maximum number of IPCP terminate-request transmissions to <n>
+# (default 3).
+#ipcp-max-terminate <n>
+
+# Set the maximum number of IPCP configure-request transmissions to <n>
+# (default 10).
+#ipcp-max-configure <n>
+
+# Set the maximum number of IPCP configure-NAKs returned before starting
+# to send configure-Rejects instead to <n> (default 10).
+#ipcp-max-failure <n>
+
+# Set the PAP restart interval (retransmission timeout) to <n> seconds
+# (default 3).
+#pap-restart <n>
+
+# Set the maximum number of PAP authenticate-request transmissions to
+# <n> (default 10).
+#pap-max-authreq <n>
+
+# Set the maximum time that pppd will wait for the peer to authenticate
+# itself with PAP to <n> seconds (0 means no limit).
+#pap-timeout <n>
+
+# Set the CHAP restart interval (retransmission timeout for
+# challenges) to <n> seconds (default 3).
+#chap-restart <n>
+
+# Set the maximum number of CHAP challenge transmissions to <n>
+# (default 10).
+#chap-max-challenge
+
+# If this option is given, pppd will rechallenge the peer every <n>
+# seconds.
+#chap-interval <n>
+
+# With this option, pppd will accept the peer's idea of our local IP
+# address, even if the local IP address was specified in an option.
+#ipcp-accept-local
+
+# With this option, pppd will accept the peer's idea of its (remote) IP
+# address, even if the remote IP address was specified in an option.
+#ipcp-accept-remote
+
+# Disable the IPXCP and IPX protocols.
+# To let pppd pass IPX packets comment this out --- you'll probably also
+# want to install ipxripd, and have the Internal IPX Network option enabled
+# in your kernel.  /usr/doc/HOWTO/IPX-HOWTO.gz contains more info.
+noipx
+
+# Exit once a connection has been made and terminated. This is the default,
+# unless the `persist' or `demand' option has been specified.
+#nopersist
+
+# Do not exit after a connection is terminated; instead try to reopen
+# the connection.
+#persist
+
+# Terminate after n consecutive failed connection attempts.
+# A value of 0 means no limit. The default value is 10.
+#maxfail <n>
+
+# Initiate the link only on demand, i.e. when data traffic is present. 
+# With this option, the remote IP address must be specified by the user on
+# the command line or in an options file.  Pppd will initially configure
+# the interface and enable it for IP traffic without connecting to the peer. 
+# When traffic is available, pppd will connect to the peer and perform
+# negotiation, authentication, etc.  When this is completed, pppd will
+# commence passing data packets (i.e., IP packets) across the link.
+#demand
+
+# Specifies that pppd should disconnect if the link is idle for <n> seconds.
+# The link is idle when no data packets (i.e. IP packets) are being sent or
+# received.  Note: it is not advisable to use this option with the persist
+# option without the demand option.  If the active-filter option is given,
+# data packets which are rejected by the specified activity filter also
+# count as the link being idle.
+#idle <n>
+
+# Specifies how many seconds to wait before re-initiating the link after
+# it terminates.  This option only has any effect if the persist or demand
+# option is used.  The holdoff period is not applied if the link was
+# terminated because it was idle.
+#holdoff <n>
+
+# Wait for up n milliseconds after the connect script finishes for a valid
+# PPP packet from the peer.  At the end of this time, or when a valid PPP
+# packet is received from the peer, pppd will commence negotiation by
+# sending its first LCP packet.  The default value is 1000 (1 second).
+# This wait period only applies if the connect or pty option is used.
+#connect-delay <n>
+
+# Packet filtering: for more information, see pppd(8)
+# Any packets matching the filter expression will be interpreted as link
+# activity, and will cause a "demand" connection to be activated, and reset
+# the idle connection timer. (idle option)
+# The filter expression is akin to that of tcpdump(1)
+#active-filter <filter-expression>
+
+# uncomment the line below this if you use PPPoE
+#plugin /usr/lib/pppd/plugins/pppoe.so
+
+# ---<End of File>---
diff --git a/main/ppp/plog b/main/ppp/plog
new file mode 100644
index 0000000000..84d2c7340c
--- /dev/null
+++ b/main/ppp/plog
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ -s /var/log/ppp.log ]; then
+  exec tail "$@" /var/log/ppp.log
+else
+  exec tail "$@" /var/log/syslog | grep ' \(pppd\|chat\)\['
+fi
diff --git a/main/ppp/poff b/main/ppp/poff
new file mode 100644
index 0000000000..8b4dffc59e
--- /dev/null
+++ b/main/ppp/poff
@@ -0,0 +1,103 @@
+#!/bin/sh
+
+# Written by John Hasler <john@dhh.gt.org> and based on work 
+# by Phil Hands <phil@hands.com>.  Distributed under the GNU GPL
+
+if [ -x /usr/bin/kill ]; then
+  KILL="/usr/bin/kill"
+else
+  KILL="/bin/kill"
+fi
+SIG=TERM
+DONE="stopped"
+MODE=""
+
+usage ()
+{
+   cat <<!EOF!
+usage: $0 [option] [provider]
+options:
+  -r        Cause pppd to drop the line and redial.
+  -d        Toggle the state of pppd's debug option.
+  -c        Cause pppd to renegotiate compression.
+  -a        Stop all pppd's.  'provider' will be ignored.
+  -h        Print this help summary and exit.
+  -v        Print version and exit.
+  none      Stop pppd.
+
+Options may not be combined.
+
+If 'provider' is omitted pppd will be stopped or signalled if and only if
+there is exactly one running unless the '-a' option was given.  If
+'provider' is supplied the pppd controlling the connection to that
+provider will be stopped or signalled.
+!EOF!
+}
+
+# Get option.  If there are none replace the "?" that getopts puts in
+# FLAG on error with "null".
+getopts rdcavh FLAG
+if [ "$?" -ne 0 ]; then
+    FLAG="null"
+fi
+
+# Check for additional options.  Should be none.
+getopts :rdcavh DUMMY
+if [ "$?" -eq 0 ]; then
+    echo "$0: Illegal option -- ${OPTARG}."
+    exit 1
+fi
+
+case $FLAG in
+ "r") SIG=HUP;  DONE=signalled; shift ;;
+ "d") SIG=USR1; DONE=signalled; shift ;;
+ "c") SIG=USR2; DONE=signalled; shift ;;
+ "a") MODE="all"; shift ;;
+ "v") echo "$0$Revision: 1.1 $_TrickToPrint_RCS_Revision"; exit 0 ;;
+ "h") usage; exit 0 ;;
+ "?") exit 1;
+esac
+
+# Get the PIDs of all the pppds running.  Could also get these from
+# /var/run, but pppd doesn't create .pid files until ppp is up.
+PIDS=`pidof pppd`
+
+# poff is pointless if pppd isn't running.
+if test -z "$PIDS"; then
+    echo "$0: No pppd is running.  None ${DONE}."
+    exit 1
+fi
+
+# Find out how many pppd's are running.
+N=`echo "$PIDS" | wc -w`
+
+# If there are no arguments we can't do anything if there is more than one
+# pppd running.
+if test "$#" -eq 0 -a "$N" -gt 1 -a $FLAG != "a" ; then
+    echo "$0: More than one pppd running and no "-a" option and 
+no arguments supplied. Nothing ${DONE}."
+    exit 1
+fi
+
+# If either there are no arguments or '-a' was specified kill all the
+# pppd's.
+if test "$#" -eq 0 -o "$MODE" = "all" ; then
+    $KILL -$SIG $PIDS || {
+        echo "$0: $KILL failed.  None ${DONE}."
+        exit 1
+    }
+    exit 0
+fi
+
+# There is an argument, so kill the pppd started on that provider.
+PID=`ps axw | grep "[ /]pppd call $1 *\$" | awk '{print $1}'`
+if test -n "$PID" ; then
+    $KILL -$SIG $PID || {
+        echo "$0: $KILL failed.  None ${DONE}."
+        exit 1
+    }
+else
+   echo "$0: I could not find a pppd process for provider '$1'. None ${DONE}."
+   exit 1
+fi
+exit 0
diff --git a/main/ppp/pon b/main/ppp/pon
new file mode 100644
index 0000000000..36885050b5
--- /dev/null
+++ b/main/ppp/pon
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+case "$1" in
+  -*) echo "
+Usage: pon [provider] [arguments]
+
+If you specify one argument, a PPP connection will be started using
+settings from the appropriate file in the /etc/ppp/peers/ directory, and
+any additional arguments supplied will be passed as extra arguments to
+pppd.
+"
+      exit 0
+      ;;
+esac
+
+if [ -z "$1" -a ! -f /etc/ppp/peers/provider ]; then
+  echo "
+Please configure /etc/ppp/peers/provider or use a command line argument to
+use another file in /etc/ppp/peers/ directory.
+"
+  exit 1
+fi
+
+if [ "$1" -a ! -f "/etc/ppp/peers/$1" ]; then
+  echo "
+The file /etc/ppp/peers/$1 does not exist.
+"
+  exit 1
+fi
+
+exec /usr/sbin/pppd call ${@:-provider}
+
diff --git a/main/ppp/pon.1 b/main/ppp/pon.1
new file mode 100644
index 0000000000..bb3220564b
--- /dev/null
+++ b/main/ppp/pon.1
@@ -0,0 +1,121 @@
+.\" This manual is published under the GPL.
+.\" All guidelines specified in the GPL apply here.
+.\" To get an ascii file:
+.\" groff -man -Tascii pon.1 > pon.txt
+.\"
+.TH PON 1 "July 2000" "Debian Project" "Debian PPPD"
+.SH NAME
+pon, poff, plog \- starts up, shuts down or lists the log of PPP connections
+.SH SYNOPSIS
+.B pon
+[ isp-name [ options ] ]
+.br
+.B poff
+[ -r ] [ -d ] [ -c ] [ -a ] [ -h ] [ isp-name ]
+.br
+.B plog
+[ arguments ]
+.SH DESCRIPTION
+This manual page describes the \fBpon\fP, \fBplog\fP and \fBpoff\fP
+scripts, which allow users to control PPP connections.
+..
+.SS pon
+\fBpon\fP, invoked without arguments, runs the \fI/etc/ppp/ppp_on_boot\fP
+file, if it exists and is executable. Otherwise, a PPP connection will be
+started using configuration from \fI/etc/ppp/peers/provider\fP.
+This is the default behaviour unless an \fBisp-name\fP argument is given.
+.PP
+For instance, to use ISP configuration "myisp" run:
+.IP
+pon myisp
+.PP
+\fBpon\fP will then use the options file \fI/etc/ppp/peers/myisp\fP.
+You can pass additional \fBoptions\fP after the ISP name, too.
+\fBpon\fP can be used to run multiple, simultaneous PPP connections.
+..
+.SS poff
+\fBpoff\fP closes a PPP connection. If more than one PPP connection exists,
+the one named in the argument to \fBpoff\fP will be killed, e.g.
+.IP
+poff myprovider2
+.PP
+will terminate the connection to myprovider2, and leave the PPP connections
+to e.g. "myprovider1" or "myprovider3" up and running.
+.PP
+\fBpoff\fP takes the following command line options:
+.RS
+.TP
+.B "\-r"
+causes the connection to be redialed after it is dropped.
+.TP
+.B "\-d"
+toggles the state of pppd's debug option.
+.TP
+.B "\-c"
+causes
+.BR pppd (8)
+to renegotiate compression.
+.TP
+.B "\-a"
+stops all running ppp connections. If the argument \fBisp-name\fP
+is given it will be ignored.
+.TP
+.B "\-h"
+displays help information.
+.TP
+.B "\-v"
+prints the version and exits.
+.PP
+If no argument is given, \fBpoff\fP will stop or signal pppd if and only
+if there is exactly one running. If more than one connection is active,
+it will exit with an error code of 1.
+..
+.SS plog
+\fBplog\fP shows you the last few lines of \fI/var/log/ppp.log\fP. If that
+file doesn't exist, it shows you the last few lines of your
+\fI/var/log/syslog\fP file, but excluding the lines not generated by pppd.
+This script makes use of the
+.BR tail (1)
+command, so arguments that can be passed to
+.BR tail (1)
+can also be passed to \fBplog\fP.
+.PP
+Note: the \fBplog\fP script can only be used by root or another system
+administrator in group "adm", due to security reasons. Also, to have all
+pppd-generated information in one logfile, that plog can show, you need the
+following line in your \fI/etc/syslog.conf\fP file:
+.PP
+local2.*                -/var/log/ppp.log
+.RE
+.SH FILES
+.TP
+.I /etc/ppp/options
+PPPd system options file.
+.TP
+.I /etc/ppp/pap-secrets
+System PAP passwords file.
+.TP
+.I /etc/ppp/chap-secrets
+System CHAP passwords file.
+.TP
+.I /etc/ppp/peers/
+Directory holding the peer options files. The default file is called
+\fIprovider\fP.
+.TP
+.I /etc/chatscripts/provider
+The chat script invoked from the default \fI/etc/ppp/peers/provider\fP.
+.TP
+.I /var/log/ppp.log
+The default PPP log file.
+.SH AUTHORS
+The p-commands were written by Christoph Lameter <clameter@debian.org>.
+Updated and revised by Philip Hands <phil@hands.com>.
+.br
+This manual was written by Othmar Pasteka <othmar@tron.at>. Modified
+by Rob Levin <lilo@openprojects.net>, with some extensions taken from
+the old p-commands manual written by John Hasler <jhasler@debian.org>.
+.SH "SEE ALSO"
+.BR pppd (8),
+.BR chat (8),
+.BR tail (1).
+
diff --git a/main/pth/APKBUILD b/main/pth/APKBUILD
new file mode 100644
index 0000000000..ce5cc5e126
--- /dev/null
+++ b/main/pth/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=pth
+pkgver=2.0.7
+pkgrel=0
+pkgdesc="The GNU Portable Threads."
+url="http://www.gnu.org/software/pth"
+license="LGPL-2.1"
+depends="uclibc"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	pth-2.0.5-parallelfix.patch
+	pth-2.0.6-ldflags.patch
+	pth-2.0.6-sigstack.patch
+	"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--localstatedir=/var \
+		--mandir=/usr/share/man
+
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+}
+md5sums="9cb4a25331a4c4db866a31cbe507c793  pth-2.0.7.tar.gz
+7bbd4f3328807c740c86db94e93e48ad  pth-2.0.5-parallelfix.patch
+942fa4be28117756cd579937b257b9cc  pth-2.0.6-ldflags.patch
+04e43157d758a3dc7925c35e6dd1e39c  pth-2.0.6-sigstack.patch"
diff --git a/main/pth/pth-2.0.5-parallelfix.patch b/main/pth/pth-2.0.5-parallelfix.patch
new file mode 100644
index 0000000000..1c8200a4cb
--- /dev/null
+++ b/main/pth/pth-2.0.5-parallelfix.patch
@@ -0,0 +1,15 @@
+--- a/Makefile.in	2005-11-08 05:58:55.000000000 +1100
++++ b/Makefile.in	2005-11-08 06:29:02.000000000 +1100
+@@ -148,10 +148,9 @@
+ 
+ #   be aware of libtool when building the objects
+ .SUFFIXES:
+-.SUFFIXES: .c .o .lo
+-.c.o:
++%.o: %.c $(TARGET_PREQ)
+ 	$(CC) -c $(CPPFLAGS) $(CFLAGS) $<
+-.c.lo:
++%.lo: %.c $(TARGET_PREQ)
+ 	$(LIBTOOL) --mode=compile --quiet $(CC) -c $(CPPFLAGS) $(CFLAGS) $<
+ 
+ #   the default target
diff --git a/main/pth/pth-2.0.6-ldflags.patch b/main/pth/pth-2.0.6-ldflags.patch
new file mode 100644
index 0000000000..7a4a5ab300
--- /dev/null
+++ b/main/pth/pth-2.0.6-ldflags.patch
@@ -0,0 +1,17 @@
+Index: pth-2.0.6/Makefile.in
+===================================================================
+--- pth-2.0.6.orig/Makefile.in
++++ pth-2.0.6/Makefile.in
+@@ -168,10 +168,10 @@ pth_p.h: $(S)pth_p.h.in
+ 
+ #   build the static and possibly shared libraries
+ libpth.la: $(LOBJS)
+-	$(LIBTOOL) --mode=link --quiet $(CC) -o libpth.la $(LOBJS) \
++	$(LIBTOOL) --mode=link --quiet $(CC) $(LDFLAGS) -o libpth.la $(LOBJS) \
+ 	-rpath $(libdir) -version-info `$(SHTOOL) version -lc -dlibtool $(_VERSION_FILE)`
+ libpthread.la: pthread.lo $(LOBJS)
+-	$(LIBTOOL) --mode=link --quiet $(CC) -o libpthread.la pthread.lo $(LOBJS) \
++	$(LIBTOOL) --mode=link --quiet $(CC) $(LDFLAGS) -o libpthread.la pthread.lo $(LOBJS) \
+ 	-rpath $(libdir) -version-info `$(SHTOOL) version -lc -dlibtool $(_VERSION_FILE)`
+ 
+ #   build the manual pages
diff --git a/main/pth/pth-2.0.6-sigstack.patch b/main/pth/pth-2.0.6-sigstack.patch
new file mode 100644
index 0000000000..3914dea7ac
--- /dev/null
+++ b/main/pth/pth-2.0.6-sigstack.patch
@@ -0,0 +1,22 @@
+diff -urNp pth-2.0.6.old/aclocal.m4 pth-2.0.6/aclocal.m4
+--- pth-2.0.6.old/aclocal.m4	2004-12-31 21:33:19.000000000 +0200
++++ pth-2.0.6/aclocal.m4	2006-09-20 14:46:59.000000000 +0300
+@@ -1522,6 +1522,7 @@ int main(int argc, char *argv[])
+     int sksize;
+     char result[1024];
+     int i;
++exit (1);
+     sksize = 32768;
+     skbuf = (char *)malloc(sksize*2+2*sizeof(union alltypes));
+     if (skbuf == NULL)
+diff -urNp pth-2.0.6.old/configure pth-2.0.6/configure
+--- pth-2.0.6.old/configure	2005-11-22 09:49:21.000000000 +0200
++++ pth-2.0.6/configure	2006-09-20 14:55:23.000000000 +0300
+@@ -24735,6 +24735,7 @@ int main(int argc, char *argv[])
+     int sksize;
+     char result[1024];
+     int i;
++exit (1);
+     sksize = 32768;
+     skbuf = (char *)malloc(sksize*2+2*sizeof(union alltypes));
+     if (skbuf == NULL)
diff --git a/main/python/APKBUILD b/main/python/APKBUILD
new file mode 100644
index 0000000000..d5d38b99ca
--- /dev/null
+++ b/main/python/APKBUILD
@@ -0,0 +1,33 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=python
+pkgver=2.6.2
+pkgrel=1
+pkgdesc="A high-level scripting language"
+url="http://www.python.org"
+license="custom"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="db expat openssl zlib ncurses uclibc"
+makedepends="db-dev expat-dev openssl-dev zlib-dev ncurses-dev bzip2-dev !gettext"
+source="http://www.$pkgname.org/ftp/$pkgname/$pkgver/Python-$pkgver.tar.bz2
+	$pkgname-2.6-internal-expat.patch
+	"
+
+build() {
+	cd "$srcdir/Python-$pkgver"
+	for i in ../*.patch; do
+		msg "Apply $i"
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--enable-shared \
+		--with-threads \
+		--enable-unicode \
+		--disable-gdbm
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -Dm644 LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+}
+md5sums="245db9f1e0f09ab7e0faaa0cf7301011  Python-2.6.2.tar.bz2
+9d64df5e0a6aed149a792c7bff16e3d9  python-2.6-internal-expat.patch"
diff --git a/main/python/python-2.6-internal-expat.patch b/main/python/python-2.6-internal-expat.patch
new file mode 100644
index 0000000000..f345db8c8e
--- /dev/null
+++ b/main/python/python-2.6-internal-expat.patch
@@ -0,0 +1,33 @@
+--- a/setup.py    2008-04-22 12:12:24.613554757 +0300
++++ b/setup.py    2008-04-22 12:13:09.276544063 +0300
+@@ -1035,18 +1035,15 @@
+         #
+         # More information on Expat can be found at www.libexpat.org.
+         #
+-        expatinc = os.path.join(os.getcwd(), srcdir, 'Modules', 'expat')
+-        define_macros = [
+-            ('HAVE_EXPAT_CONFIG_H', '1'),
+-        ]
++        # Use system expat
++        expatinc = '/usr/include'
++        define_macros = []
+
+         exts.append(Extension('pyexpat',
+                               define_macros = define_macros,
+                               include_dirs = [expatinc],
++                              libraries = ['expat'],
+                               sources = ['pyexpat.c',
+-                                         'expat/xmlparse.c',
+-                                         'expat/xmlrole.c',
+-                                         'expat/xmltok.c',
+                                          ],
+                               ))
+
+@@ -1058,6 +1055,7 @@
+             exts.append(Extension('_elementtree',
+                                   define_macros = define_macros,
+                                   include_dirs = [expatinc],
++                                  libraries = ['expat'],
+                                   sources = ['_elementtree.c'],
+                                   ))
+
diff --git a/main/quagga/APKBUILD b/main/quagga/APKBUILD
new file mode 100644
index 0000000000..aaa3fc64d0
--- /dev/null
+++ b/main/quagga/APKBUILD
@@ -0,0 +1,79 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=quagga
+pkgver=0.99.13
+pkgrel=0
+pkgdesc="A free routing daemon replacing Zebra supporting RIP, OSPF and BGP."
+url="http://quagga.net/"
+license="GPL-2"
+depends="iproute2"
+makedepends="readline-dev ncurses-dev gawk
+	autoconf automake libtool"
+install="$pkgname.pre-install $pkgname.post-install"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://www.quagga.net/download/$pkgname-$pkgver.tar.gz
+	$pkgname-0.99.11-link-libcap.patch
+	$pkgname-0.99.11-ipv6-only.patch
+	$pkgname-0.99.11-del-routes.patch
+	$pkgname-0.99.11-zombie.patch
+	$pkgname-0.99.11-fd-leak.patch
+	bgpd.initd
+	ospf6d.initd
+	ospfd.initd
+	ripd.initd
+	ripngd.initd
+	zebra.initd
+	zebra.confd
+	$install
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	msg "Running autotools..."
+	aclocal || return 1
+	autoconf || return 1
+	automake || return 1
+	libtoolize || return 1
+
+	./configure --prefix=/usr \
+		--disable-static \
+		--enable-ipv6 \
+		--enable-ospf6d \
+		--enable-rtadv \
+		--enable-user=quagga \
+		--enable-group=quagga \
+		--enable-vty-group=quagga \
+		--enable-vtysh \
+		--sysconfdir=/etc/quagga \
+		--enable-exampledir=/usr/share/doc/quagga/ \
+		--localstatedir=/var/run/quagga \
+		|| return 1
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -d "$pkgdir"/var/run/quagga
+	for i in zebra ripd ospfd bgpd ripngd ospf6d; do
+		install -Dm755 "$srcdir"/$i.initd "$pkgdir"/etc/init.d/$i
+	done
+	install -Dm644 "$srcdir/zebra.confd" "$pkgdir"/etc/conf.d/zebra
+}
+md5sums="55a7d2dcf016580a7c7412b3518cd942  quagga-0.99.13.tar.gz
+8f99d41a8ed79e51704e8f655d255f29  quagga-0.99.11-link-libcap.patch
+44c517e988273e0e5076d24f3959a125  quagga-0.99.11-ipv6-only.patch
+1cbcf60a637b2577dee4d6df711e1247  quagga-0.99.11-del-routes.patch
+ce345725f2e7240cebe0fd5ac2b2fc48  quagga-0.99.11-zombie.patch
+e2391e19b542ec1743776ca9e36ac11a  quagga-0.99.11-fd-leak.patch
+cc109a746273bc0d6aee9d758e7524ab  bgpd.initd
+44547b687343ebfed7524cebc5626067  ospf6d.initd
+89b0cf4e70172bfcd195b2869cae28da  ospfd.initd
+39b8cb21b55de53af38c94c2f5d85917  ripd.initd
+120ab1b53975ec86e78266f31e935ab6  ripngd.initd
+3490a10510e416ab83d5b4d767136de8  zebra.initd
+c38e884372406e9e59616e436cd26388  zebra.confd
+44b4c3684e4c7300665bf90fa4520af9  quagga.pre-install
+d2181a6401280478b8700cfcee32794e  quagga.post-install"
diff --git a/main/quagga/bgpd.initd b/main/quagga/bgpd.initd
new file mode 100644
index 0000000000..b6104235c3
--- /dev/null
+++ b/main/quagga/bgpd.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2003 DataCore GmbH, Amir Guindehi
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/files/bgpd.init,v 1.1 2005/09/14 11:11:08 mrness Exp $
+
+depend() {
+	need net zebra
+}
+
+checkconfig() {
+        if [ ! -e /etc/quagga/bgpd.conf ] ; then
+        	eerror "You need to create /etc/quagga/bgpd.conf first."
+        	eerror "An example can be found in /etc/quagga/samples/bgpd.conf.sample"
+          return 1
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting bgpd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/bgpd \
+	                  -- -d -f /etc/quagga/bgpd.conf \
+			     --pid_file /var/run/quagga/bgpd.pid
+	result=$?
+	eend $result
+}
+
+stop() {
+	ebegin "Stopping bgpd"
+	start-stop-daemon --stop --quiet --pidfile /var/run/quagga/bgpd.pid
+	result=$?
+	eend $result
+}
diff --git a/main/quagga/ospf6d.initd b/main/quagga/ospf6d.initd
new file mode 100644
index 0000000000..6edafe5f74
--- /dev/null
+++ b/main/quagga/ospf6d.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2003 DataCore GmbH, Amir Guindehi
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/files/ospf6d.init,v 1.1 2005/09/14 11:11:08 mrness Exp $
+
+depend() {
+	need net zebra
+}
+
+checkconfig() {
+        if [ ! -e /etc/quagga/ospf6d.conf ] ; then
+        	eerror "You need to create /etc/quagga/ospf6d.conf first."
+        	eerror "An example can be found in /etc/quagga/samples/ospf6d.conf.sample"
+          return 1
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ospf6d"
+	start-stop-daemon --start --quiet --exec /usr/sbin/ospf6d \
+	                  -- -d -f /etc/quagga/ospf6d.conf \
+			    --pid_file /var/run/quagga/ospf6d.pid
+	result=$?
+	eend $result
+}
+
+stop() {
+	ebegin "Stopping ospf6d"
+	start-stop-daemon --stop --quiet --pidfile /var/run/quagga/ospf6d.pid
+	result=$?
+	eend $result
+}
diff --git a/main/quagga/ospfd.initd b/main/quagga/ospfd.initd
new file mode 100644
index 0000000000..f67ca2c154
--- /dev/null
+++ b/main/quagga/ospfd.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2003 DataCore GmbH, Amir Guindehi
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/files/ospfd.init,v 1.1 2005/09/14 11:11:08 mrness Exp $
+
+depend() {
+	need net zebra
+}
+
+checkconfig() {
+        if [ ! -e /etc/quagga/ospfd.conf ] ; then
+        	eerror "You need to create /etc/quagga/ospfd.conf first."
+        	eerror "An example can be found in /etc/quagga/samples/ospfd.conf.sample"
+          return 1
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ospfd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/ospfd \
+	                  -- -d -f /etc/quagga/ospfd.conf \
+			     --pid_file /var/run/quagga/ospfd.pid
+	result=$?
+	eend $result
+}
+
+stop() {
+	ebegin "Stopping ospfd"
+	start-stop-daemon --stop --quiet --pidfile /var/run/quagga/ospfd.pid
+	result=$?
+	eend $result
+}
diff --git a/main/quagga/quagga-0.99.11-del-routes.patch b/main/quagga/quagga-0.99.11-del-routes.patch
new file mode 100644
index 0000000000..72ee89929c
--- /dev/null
+++ b/main/quagga/quagga-0.99.11-del-routes.patch
@@ -0,0 +1,44 @@
+From http://lists.quagga.net/pipermail/quagga-dev/2009-January/006362.html
+
+If there are two paralell PtP links to the same router:
+ C * 192.168.101.112/32 is directly connected, p1-4-19-4-20
+ C>* 192.168.101.112/32 is directly connected, p1-4-17-4-18
+and the cable is to one of the ppp links is pulled, Zebra
+deletes both routes instead of just the one that got yanked.
+This fixes it to only delete the route to the interface that
+got yanked.
+---
+This fix was suggested by lsorense at csclub.uwaterloo.ca (Lennart Sorensen)
+who had a similar problem. See [quagga-dev 6355]
+
+ zebra/zebra_rib.c |    9 ++++++++-
+ 1 files changed, 8 insertions(+), 1 deletions(-)
+
+diff --git a/zebra/zebra_rib.c b/zebra/zebra_rib.c
+index 90db932..7a37387 100644
+--- a/zebra/zebra_rib.c
++++ b/zebra/zebra_rib.c
+@@ -1896,6 +1896,13 @@ rib_delete_ipv4 (int type, int flags, struct prefix_ipv4 *p,
+ 		       inet_ntoa (*gate), 
+ 		       ifindex);
+ 
++  if (IS_ZEBRA_DEBUG_KERNEL && !gate)
++    zlog_debug ("rib_delete_ipv4(): route delete %s/%d directly, %s ifindex %d",
++		inet_ntop (AF_INET, &p->prefix, buf1, BUFSIZ),
++		p->prefixlen,
++		ifindex2ifname(ifindex),
++		ifindex);
++
+   /* Lookup route node. */
+   rn = route_node_lookup (table, (struct prefix *) p);
+   if (! rn)
+@@ -1942,7 +1949,7 @@ rib_delete_ipv4 (int type, int flags, struct prefix_ipv4 *p,
+ 	  break;
+ 	}
+       /* Make sure that the route found has the same gateway. */
+-      else if (gate == NULL ||
++      else if (gate != NULL &&
+ 	       ((nexthop = rib->nexthop) &&
+ 	        (IPV4_ADDR_SAME (&nexthop->gate.ipv4, gate) ||
+ 		 IPV4_ADDR_SAME (&nexthop->rgate.ipv4, gate)))) 
+
diff --git a/main/quagga/quagga-0.99.11-fd-leak.patch b/main/quagga/quagga-0.99.11-fd-leak.patch
new file mode 100644
index 0000000000..e558d30a6e
--- /dev/null
+++ b/main/quagga/quagga-0.99.11-fd-leak.patch
@@ -0,0 +1,19 @@
+--- quagga-0.99.11.DIST/bgpd/bgp_fsm.c	2008-09-09 16:18:57.000000000 -0400
++++ quagga-0.99.11/bgpd/bgp_fsm.c	2009-04-13 13:09:25.000000000 -0400
+@@ -1013,11 +1013,11 @@
+   {
+     /* Clearing, */
+     {bgp_ignore,  Clearing},	/* BGP_Start                    */
+-    {bgp_ignore,  Clearing},	/* BGP_Stop                     */
+-    {bgp_ignore,  Clearing},	/* TCP_connection_open          */
+-    {bgp_ignore,  Clearing},	/* TCP_connection_closed        */
+-    {bgp_ignore,  Clearing},	/* TCP_connection_open_failed   */
+-    {bgp_ignore,  Clearing},	/* TCP_fatal_error              */
++    {bgp_stop,    Clearing},	/* BGP_Stop                     */
++    {bgp_stop,    Clearing},	/* TCP_connection_open          */
++    {bgp_stop,    Clearing},	/* TCP_connection_closed        */
++    {bgp_stop,    Clearing},	/* TCP_connection_open_failed   */
++    {bgp_stop,    Clearing},	/* TCP_fatal_error              */
+     {bgp_ignore,  Clearing},	/* ConnectRetry_timer_expired   */
+     {bgp_ignore,  Clearing},	/* Hold_Timer_expired           */
+     {bgp_ignore,  Clearing},	/* KeepAlive_timer_expired      */
diff --git a/main/quagga/quagga-0.99.11-ipv6-only.patch b/main/quagga/quagga-0.99.11-ipv6-only.patch
new file mode 100644
index 0000000000..53636d6b57
--- /dev/null
+++ b/main/quagga/quagga-0.99.11-ipv6-only.patch
@@ -0,0 +1,29 @@
+On Linux the default behaviour of getaddrinfo is to provide both IPV4 and IPV6
+addresses if available. But the default behaviour of binding to an IPV6 address
+is to handle both the native IPV6 address and IPV4 to IPV6 mapped addresses.
+Without this patch what happens is:
+  1. First address is IPV6, bind succeeds.
+  2. Second address is IPV4, bind fails (port already used by IPV6)
+  3. incoming connections come in on IPV6 listen socket, as IPV4 mapped 
+     addresses then BGP gets confused because of client with unexpected address.
+
+The fix is to force IPV6 socket as IPV6 only.
+
+--- a/bgpd/bgp_network.c	2008-08-27 17:59:20.000000000 -0700
++++ b/bgpd/bgp_network.c	2008-08-27 18:02:46.000000000 -0700
+@@ -412,6 +412,15 @@ bgp_socket (struct bgp *bgp, unsigned sh
+ 	setsockopt_ipv4_tos (sock, IPTOS_PREC_INTERNETCONTROL);
+ #endif
+ 
++#ifdef IPV6_V6ONLY
++      /* Want only IPV6 on ipv6 socket (not mapped addresses) */
++      if (ainfo->ai_family == AF_INET6) {
++	int on = 1;
++	setsockopt (sock, IPPROTO_IPV6, IPV6_V6ONLY,
++		    (void *) &on, sizeof (on));
++      }
++#endif
++
+       if (bgpd_privs.change (ZPRIVS_RAISE) )
+         zlog_err ("bgp_socket: could not raise privs");
+ 
diff --git a/main/quagga/quagga-0.99.11-link-libcap.patch b/main/quagga/quagga-0.99.11-link-libcap.patch
new file mode 100644
index 0000000000..2c1b868d15
--- /dev/null
+++ b/main/quagga/quagga-0.99.11-link-libcap.patch
@@ -0,0 +1,24 @@
+diff -ur quagga-0.99.11.orig/lib/Makefile.am quagga-0.99.11/lib/Makefile.am
+--- quagga-0.99.11.orig/lib/Makefile.am	2008-09-24 15:22:43.000000000 +0000
++++ quagga-0.99.11/lib/Makefile.am	2008-10-09 20:29:17.000000000 +0000
+@@ -18,7 +18,7 @@
+ 
+ libzebra_la_DEPENDENCIES = @LIB_REGEX@
+ 
+-libzebra_la_LIBADD = @LIB_REGEX@
++libzebra_la_LIBADD = @LIB_REGEX@ @LIBCAP@
+ 
+ pkginclude_HEADERS = \
+ 	buffer.h checksum.h command.h filter.h getopt.h hash.h \
+diff -ur quagga-0.99.11.orig/zebra/Makefile.am quagga-0.99.11/zebra/Makefile.am
+--- quagga-0.99.11.orig/zebra/Makefile.am	2008-09-05 14:27:26.000000000 +0000
++++ quagga-0.99.11/zebra/Makefile.am	2008-10-09 20:29:17.000000000 +0000
+@@ -39,7 +39,7 @@
+ 	connected.h ioctl.h rib.h rt.h zserv.h redistribute.h debug.h rtadv.h \
+ 	interface.h ipforward.h irdp.h router-id.h kernel_socket.h
+ 
+-zebra_LDADD = $(otherobj) $(LIBCAP) $(LIB_IPV6) ../lib/libzebra.la
++zebra_LDADD = $(otherobj) ../lib/libzebra.la $(LIBCAP) $(LIB_IPV6)
+ 
+ testzebra_LDADD = $(LIBCAP) $(LIB_IPV6) ../lib/libzebra.la
+ 
diff --git a/main/quagga/quagga-0.99.11-zombie.patch b/main/quagga/quagga-0.99.11-zombie.patch
new file mode 100644
index 0000000000..ad562df000
--- /dev/null
+++ b/main/quagga/quagga-0.99.11-zombie.patch
@@ -0,0 +1,29 @@
+
+Currently, when accepting the connection, it can be left as zombie,
+when the peer just initiates a connection, but never sends data (and
+the TCP connection end packets are lost). This happens because for
+accepted connections a temporary new peer entry is created until OPEN
+message is exchanged, and this temporary peer entry does not get the
+hold time parameter set at all.
+
+Signed-off-by: Timo Teras <timo.teras@iki.fi>
+---
+ bgpd/bgp_network.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/bgpd/bgp_network.c b/bgpd/bgp_network.c
+index 5dbd487..9a4c36d 100644
+--- a/bgpd/bgp_network.c
++++ b/bgpd/bgp_network.c
+@@ -185,6 +185,8 @@ bgp_accept (struct thread *thread)
+     peer->fd = bgp_sock;
+     peer->status = Active;
+     peer->local_id = peer1->local_id;
++    peer->v_holdtime = peer1->v_holdtime;
++    peer->v_keepalive = peer1->v_keepalive;
+ 
+     /* Make peer's address string. */
+     sockunion2str (&su, buf, SU_ADDRSTRLEN);
+-- 
+1.5.6.3
+
diff --git a/main/quagga/quagga.post-install b/main/quagga/quagga.post-install
new file mode 100644
index 0000000000..c1c670d201
--- /dev/null
+++ b/main/quagga/quagga.post-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+chown root:root var/empty
+chown quagga:quagga /var/run/quagga
+exit 0
+
diff --git a/main/quagga/quagga.pre-install b/main/quagga/quagga.pre-install
new file mode 100644
index 0000000000..2643891dc7
--- /dev/null
+++ b/main/quagga/quagga.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+adduser -H -h /var/empty -s /bin/false -D quagga 2>/dev/null
+mkdir -p var/empty
+exit 0
+
diff --git a/main/quagga/ripd.initd b/main/quagga/ripd.initd
new file mode 100644
index 0000000000..987d6ec4b6
--- /dev/null
+++ b/main/quagga/ripd.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2003 DataCore GmbH, Amir Guindehi
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/files/ripd.init,v 1.1 2005/09/14 11:11:08 mrness Exp $
+
+depend() {
+	need net zebra
+}
+
+checkconfig() {
+        if [ ! -e /etc/quagga/ripd.conf ] ; then
+        	eerror "You need to create /etc/quagga/ripd.conf first."
+        	eerror "An example can be found in /etc/quagga/samples/ripd.conf.sample"
+          return 1
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ripd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/ripd \
+	                  -- -d -f /etc/quagga/ripd.conf \
+			     --pid_file /var/run/quagga/ripd.pid
+	result=$?
+	eend $result
+}
+
+stop() {
+	ebegin "Stopping ripd"
+	start-stop-daemon --stop --quiet --pidfile /var/run/quagga/ripd.pid
+	result=$?
+	eend $result
+}
diff --git a/main/quagga/ripngd.initd b/main/quagga/ripngd.initd
new file mode 100644
index 0000000000..9bf2ff2a87
--- /dev/null
+++ b/main/quagga/ripngd.initd
@@ -0,0 +1,33 @@
+#!/sbin/runscript
+# Copyright 1999-2003 DataCore GmbH, Amir Guindehi
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/files/ripngd.init,v 1.1 2005/09/14 11:11:08 mrness Exp $
+
+depend() {
+	need net zebra
+}
+
+checkconfig() {
+        if [ ! -e /etc/quagga/ripngd.conf ] ; then
+        	eerror "You need to create /etc/quagga/ripngd.conf first."
+        	eerror "An example can be found in /etc/quagga/samples/ripngd.conf.sample"
+          return 1
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ripngd"
+	start-stop-daemon --start --quiet --exec /usr/sbin/ripngd \
+	                  -- -d -f /etc/quagga/ripngd.conf \
+			     --pid_file /var/run/quagga/ripngd.pid
+	result=$?
+	eend $result
+}
+
+stop() {
+	ebegin "Stopping ripngd"
+	start-stop-daemon --stop --quiet --pidfile /var/run/quagga/ripngd.pid
+	result=$?
+	eend $result
+}
diff --git a/main/quagga/zebra.confd b/main/quagga/zebra.confd
new file mode 100644
index 0000000000..a5256acd04
--- /dev/null
+++ b/main/quagga/zebra.confd
@@ -0,0 +1,7 @@
+# Additional command-line parameters to run zebra with:
+#	-k, --keep_kernel     Don't delete old routes which installed by zebra.
+#	-l, --log_mode number Set verbose log mode flag
+#	-A, --vty_addr addr   Set vty's bind address
+#	-P, --vty_port port   Set vty's port number
+#	-r, --retain          When program terminates, retain added route by zebra.
+ZEBRA_OPTS="-l 255"
diff --git a/main/quagga/zebra.initd b/main/quagga/zebra.initd
new file mode 100644
index 0000000000..f0cc008432
--- /dev/null
+++ b/main/quagga/zebra.initd
@@ -0,0 +1,41 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/net-misc/quagga/files/zebra.init,v 1.2 2007/02/25 09:57:18 mrness Exp $
+
+depend() {
+	need net
+}
+
+checkconfig() {
+        if [ ! -e /etc/quagga/zebra.conf ] ; then
+        	eerror "You need to create /etc/quagga/zebra.conf first."
+        	eerror "An example can be found in /etc/quagga/samples/zebra.conf.sample"
+          return 1
+        fi
+}
+
+cleanup() {
+	ebegin "Cleaning up stale zebra routes..."
+	/usr/sbin/ip route flush proto zebra
+	eend $?
+}
+
+start() {
+	checkconfig || return 1
+	cleanup
+
+	ebegin "Starting zebra"
+	start-stop-daemon --start --quiet --exec /usr/sbin/zebra \
+	                  -- -d -f /etc/quagga/zebra.conf ${ZEBRA_OPTS} \
+			     --pid_file /var/run/quagga/zebra.pid
+	result=$?
+	eend $result
+}
+
+stop() {
+	ebegin "Stopping zebra"
+	start-stop-daemon --stop --quiet --pidfile /var/run/quagga/zebra.pid
+	result=$?
+	eend $result
+}
diff --git a/main/razor/APKBUILD b/main/razor/APKBUILD
new file mode 100644
index 0000000000..a5dc72c69b
--- /dev/null
+++ b/main/razor/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=razor
+_realname=razor-agents
+pkgver=2.84
+pkgrel=0
+pkgdesc="Vipul's Razor is a distributed, collaborative spam detection and filtering network"
+url="http://razor.sourceforge.net/"
+license="Artistic"
+depends="uclibc perl perl-digest-sha1 perl-getopt-long perl-uri-escape"
+makedepends="perl-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://garr.dl.sourceforge.net/sourceforge/razor/$_realname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="8b9a11a6ce020383c32c45d1530d77c2  razor-agents-2.84.tar.bz2"
diff --git a/main/readline/APKBUILD b/main/readline/APKBUILD
new file mode 100644
index 0000000000..3c26ba1274
--- /dev/null
+++ b/main/readline/APKBUILD
@@ -0,0 +1,39 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=readline
+_myver=6.0
+_patchver=003
+pkgver=${_myver}.${_patchver}
+pkgrel=0
+pkgdesc="GNU readline library"
+url="ftp://ftp.cwru.edu/pub/bash/"
+license="GPL"
+depends=
+makedepends="ncurses-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://ftp.gnu.org/gnu/readline/readline-6.0.tar.gz
+	ftp://ftp.gnu.org/gnu/readline/readline-6.0-patches/readline60-001
+	ftp://ftp.gnu.org/gnu/readline/readline-6.0-patches/readline60-002
+	ftp://ftp.gnu.org/gnu/readline/readline-6.0-patches/readline60-003
+	"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$_myver"
+	for i in "$srcdir"/readline60-???; do
+		msg "Applying ${i##*/}"
+        	patch -Np2 -i ${i} || return 1
+	done
+
+	./configure \
+		--prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	
+	make SHLIB_LIBS=-lncurses || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	
+}
+md5sums="b7f65a48add447693be6e86f04a63019  readline-6.0.tar.gz
+85c01ea031ad38a179053c67186bafed  readline60-001
+4fad2a4ce987e3101229d0c8dfb0cd80  readline60-002
+80967f663864983a889af2eb53aea177  readline60-003"
diff --git a/main/roundcubemail/APKBUILD b/main/roundcubemail/APKBUILD
new file mode 100644
index 0000000000..f56de7b77c
--- /dev/null
+++ b/main/roundcubemail/APKBUILD
@@ -0,0 +1,19 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=roundcubemail
+pkgver=0.2.2
+pkgrel=0
+pkgdesc="A PHP web-based mail client"
+url="http://www.roundcube.net"
+license="GPL"
+depends="php"
+makedepends=""
+source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz"
+
+build ()
+{
+	_instdir="$pkgdir"/usr/share/webapps/roundcube
+	mkdir -p "${_instdir}"
+	cd "${_instdir}"
+	cp -ra "$srcdir"/roundcubemail-$pkgver/* .
+}
+md5sums="992bd125a5f3c91e81f1eebbdef63575  roundcubemail-0.2.2.tar.gz"
diff --git a/main/rrdtool/APKBUILD b/main/rrdtool/APKBUILD
new file mode 100644
index 0000000000..541a54e85e
--- /dev/null
+++ b/main/rrdtool/APKBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=rrdtool
+pkgver=1.2.30
+pkgrel=0
+pkgdesc="Data logging and graphing application"
+url="http://www.rrdtool.org"
+license="GPL"
+depends="libart-lgpl libpng freetype uclibc"
+makedepends="libart-lgpl-dev libpng-dev freetype-dev"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://oss.oetiker.ch/$pkgname/pub/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+
+	./configure --prefix=/usr \
+		--disable-tcl \
+		--disable-perl \
+		--disable-perl-site-install \
+		--disable-python \
+		--disable-ruby \
+		--disable-rrdcgi
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	find "$pkgdir" -name '.packlist' -delete
+	find "$pkgdir" -name 'perllocal.pod' -delete
+}
+
+dev() {
+	default_dev
+	mkdir -p "$subpkgdir"/usr/share/$pkgname
+	mv "$pkgdir"/usr/share/$pkgname/examples "$subpkgdir"/usr/share/$pkgname/
+}
+
+md5sums="19b24f7184a8dbf7b48c1bbb565ad9fb  rrdtool-1.2.30.tar.gz"
diff --git a/main/rsync/APKBUILD b/main/rsync/APKBUILD
new file mode 100644
index 0000000000..4b0e8f1205
--- /dev/null
+++ b/main/rsync/APKBUILD
@@ -0,0 +1,36 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=rsync
+pkgver=3.0.6
+pkgrel=0
+pkgdesc="A file transfer program to keep remote files in sync"
+url="http://samba.anu.edu.au/rsync/"
+license="GPL3"
+depends="uclibc"
+source="http://$pkgname.samba.org/ftp/$pkgname/$pkgname-$pkgver.tar.gz
+	rsyncd.initd
+	rsyncd.confd
+	rsyncd.conf
+	rsyncd.logrotate
+	"
+subpackages="$pkgname-doc"
+
+build() { 
+	cd "$srcdir/$pkgname-$pkgver"
+	./prepare-source || return 1
+	./configure --prefix=/usr \
+		--with-included-popt \
+		--disable-acl-support \
+		--disable-xattr-support || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -D -m 755 ../rsyncd.initd ${pkgdir}/etc/init.d/rsyncd
+	install -D -m 644 ../rsyncd.conf ${pkgdir}/etc/rsyncd.conf 
+	install -D -m 644 ../rsyncd.confd ${pkgdir}/etc/conf.d/rsyncd
+	install -D -m 644 ../rsyncd.logrotate ${pkgdir}/etc/logrotate.d/rsyncd
+}
+
+md5sums="e9865d093a18e4668b9d31b635dc8e99  rsync-3.0.6.tar.gz
+492d13dbba49a9e7c77c89d01b4f617a  rsyncd.initd
+e5e62e8cef29e09c22e8ba8152ec1751  rsyncd.confd
+a99211a14af1766ba849035241cd5bb2  rsyncd.conf
+169cafc6907a4c3787bb0462e9d6a5c2  rsyncd.logrotate"
diff --git a/main/rsync/rsyncd.conf b/main/rsync/rsyncd.conf
new file mode 100644
index 0000000000..b6dd5994d4
--- /dev/null
+++ b/main/rsync/rsyncd.conf
@@ -0,0 +1,10 @@
+# /etc/rsyncd.conf
+
+# Minimal configuration file for rsync daemon
+# See rsync(1) and rsyncd.conf(5) man pages for help
+
+# This line is required by the /etc/init.d/rsyncd script
+pid file = /var/run/rsyncd.pid
+use chroot = yes
+read only = yes
+
diff --git a/main/rsync/rsyncd.confd b/main/rsync/rsyncd.confd
new file mode 100644
index 0000000000..c3d897ed2f
--- /dev/null
+++ b/main/rsync/rsyncd.confd
@@ -0,0 +1,5 @@
+# /etc/conf.d/rsyncd: config file for /etc/init.d/rsyncd
+
+# see man pages for rsync or run `rsync --help`
+# for valid cmdline options
+#RSYNC_OPTS=""
diff --git a/main/rsync/rsyncd.initd b/main/rsync/rsyncd.initd
new file mode 100644
index 0000000000..1b20282296
--- /dev/null
+++ b/main/rsync/rsyncd.initd
@@ -0,0 +1,23 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/rsync/files/rsyncd.init.d,v 1.5 2007/02/23 11:33:59 uberlord Exp $
+
+depend() {
+	use net
+}
+
+start() {
+	ebegin "Starting rsyncd"
+	start-stop-daemon --start --exec /usr/bin/rsync \
+	    --pidfile /var/run/rsyncd.pid \
+	    -- --daemon ${RSYNC_OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping rsyncd"
+	start-stop-daemon --stop --exec /usr/bin/rsync \
+	    --pidfile /var/run/rsyncd.pid
+	eend $?
+}
diff --git a/main/rsync/rsyncd.logrotate b/main/rsync/rsyncd.logrotate
new file mode 100644
index 0000000000..34bcf72d21
--- /dev/null
+++ b/main/rsync/rsyncd.logrotate
@@ -0,0 +1,9 @@
+/var/log/rsync.log {
+	compress
+	maxage 365
+	rotate 7
+	size=+1024k
+	notifempty
+	missingok
+	copytruncate
+}
diff --git a/main/ruby/APKBUILD b/main/ruby/APKBUILD
new file mode 100644
index 0000000000..ffeb781502
--- /dev/null
+++ b/main/ruby/APKBUILD
@@ -0,0 +1,44 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=ruby
+pkgver=1.8.7_p174
+_pkgver=1.8.7-p174
+pkgrel=1
+pkgdesc="An object-oriented language for quick and easy programming"
+url="http://www.ruby-lang.org/en/"
+license="Ruby"
+depends=
+makedepends="zlib-dev openssl-dev libiconv-dev gdbm-dev db-dev readline-dev"
+subpackages="$pkgname-doc $pkgname-dev"
+source="ftp://ftp.ruby-lang.org/pub/ruby/1.8/${pkgname}-${_pkgver}.tar.bz2"
+#
+# maybe its a good idea to split dep libs to seperate pkg's.
+#
+build() {
+	cd "$srcdir/$pkgname-${_pkgver}"
+
+	# -fomit-frame-pointer makes ruby segfault, see gentoo bug #150413
+	# In many places aliasing rules are broken; play it safe
+	# as it's risky with newer compilers to leave it as it is.
+	export CFLAGS="$CFLAGS -fno-omit-frame-pointer -fno-strict-aliasing"
+
+	# turn off distcc/ccache
+	# http://bugs.alpinelinux.org/issues/show/1
+	export CC=cc
+
+	./configure --build=${CHOST:-i486-alpine-linux-uclibc} \
+		--prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--with-sitedir='/usr/local/lib/site_ruby' \
+		--with-extra-site-search-path='/usr/lib/site_ruby/$(ruby_ver)/i686-linux' \
+		--enable-shared
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -Dm644 COPYING "${pkgdir}/usr/share/licenses/${pkgname}"/COPYING || return 1
+
+}
+
+md5sums="88c45aaf627b4404e5e4273cb03ba2ee  ruby-1.8.7-p174.tar.bz2"
diff --git a/main/rubygems/APKBUILD b/main/rubygems/APKBUILD
new file mode 100644
index 0000000000..8ba7c48834
--- /dev/null
+++ b/main/rubygems/APKBUILD
@@ -0,0 +1,21 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=rubygems
+pkgver=1.3.1
+pkgrel=0
+pkgdesc="Ruby package manager"
+url="http://docs.rubygems.org"
+license="GPL"
+depends="ruby"
+makedepends="ruby-dev"
+source="http://rubyforge.org/frs/download.php/45905/${pkgname}-${pkgver}.tgz
+rubygems-1.3.1-setup.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	patch -p0 -i "$srcdir"/rubygems-1.3.1-setup.patch
+	ruby setup.rb --prefix=/usr --destdir "$pkgdir"
+}
+
+md5sums="a04ee6f6897077c5b75f5fd1e134c5a9  rubygems-1.3.1.tgz
+40ef7562319ac6f82bbbe7315c78bdbb  rubygems-1.3.1-setup.patch"
diff --git a/main/rubygems/rubygems-1.3.1-setup.patch b/main/rubygems/rubygems-1.3.1-setup.patch
new file mode 100644
index 0000000000..3b76ad3f99
--- /dev/null
+++ b/main/rubygems/rubygems-1.3.1-setup.patch
@@ -0,0 +1,53 @@
+--- setup.rb.~1~	2008-06-22 01:51:11.000000000 +0200
++++ setup.rb	2008-06-28 09:05:54.923666929 +0200
+@@ -128,8 +128,8 @@
+     lib_dir = Gem::ConfigMap[site_or_vendor]
+     bin_dir = Gem::ConfigMap[:bindir]
+   else
+-    lib_dir = File.join prefix, 'lib'
+-    bin_dir = File.join prefix, 'bin'
++    lib_dir = File.join prefix, Gem::ConfigMap[site_or_vendor]
++    bin_dir = File.join prefix, Gem::ConfigMap[:bindir]
+   end
+ end
+ 
+@@ -240,19 +240,6 @@
+   end
+ end
+ 
+-# Remove source caches
+-if install_destdir.empty?
+-  require 'rubygems/source_info_cache'
+-
+-  user_cache_file = File.join(install_destdir,
+-                              Gem::SourceInfoCache.user_cache_file)
+-  system_cache_file = File.join(install_destdir,
+-                                Gem::SourceInfoCache.system_cache_file)
+-
+-  rm_f user_cache_file if File.writable? File.dirname(user_cache_file)
+-  rm_f system_cache_file if File.writable? File.dirname(system_cache_file)
+-end
+-
+ # install RDoc
+ 
+ gem_doc_dir = File.join Gem.dir, 'doc'
+@@ -262,10 +249,6 @@
+ if File.writable? gem_doc_dir and
+    (not File.exist? rubygems_doc_dir or
+     File.writable? rubygems_doc_dir) then
+-  puts "Removing old RubyGems RDoc and ri"
+-  Dir[File.join(Gem.dir, 'doc', 'rubygems-[0-9]*')].each do |dir|
+-    rm_rf dir
+-  end
+ 
+   def run_rdoc(*args)
+     begin
+@@ -277,7 +260,7 @@
+ 
+     args << '--quiet'
+     args << '--main' << 'README'
+-    args << '.' << 'README' << 'LICENSE.txt' << 'GPL.txt'
++    args << '.' << 'README'
+ 
+     r = RDoc::RDoc.new
+     r.document args
diff --git a/main/run-parts/APKBUILD b/main/run-parts/APKBUILD
new file mode 100644
index 0000000000..5854fa5d81
--- /dev/null
+++ b/main/run-parts/APKBUILD
@@ -0,0 +1,19 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=run-parts
+pkgver=3.1.3
+pkgrel=0
+pkgdesc="run-parts from the debianutils package"
+url="http://packages.qa.debian.org/d/debianutils.html"
+license="GPL"
+depends=
+subpackages="$pkgname-doc"
+source="http://ftp.debian.org/debian/pool/main/d/debianutils/debianutils_$pkgver.tar.gz"
+
+build () {
+	cd $srcdir/debianutils-$pkgver
+	./configure --prefix=/usr
+	make
+	install -D -m755 run-parts $pkgdir/usr/bin/run-parts
+	install -D -m644 run-parts.8 $pkgdir/usr/share/man/man8/run-parts.8
+}
+md5sums="42c759ff41851313bb0b9c419598c04c  debianutils_3.1.3.tar.gz"
diff --git a/main/samba/APKBUILD b/main/samba/APKBUILD
new file mode 100644
index 0000000000..3f63f8c0f5
--- /dev/null
+++ b/main/samba/APKBUILD
@@ -0,0 +1,102 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=samba
+pkgver=3.3.6
+pkgrel=0
+pkgdesc="Tools to access a server's filespace and printers via SMB"
+url="http://www.samba.org"
+license="GPL3"
+subpackages="$pkgname-dev $pkgname-doc winbind $pkgname-common 
+	$pkgname-initscript tdb"
+depends="samba-initscript"
+makedepends="db-dev popt-dev ncurses-dev openldap-dev heimdal-dev"
+source="http://us1.$pkgname.org/$pkgname/ftp/stable/$pkgname-$pkgver.tar.gz
+	samba.initd
+	samba.confd
+	samba.logrotate
+	"
+
+build() { 
+	cd "$srcdir"/$pkgname-$pkgver/source
+	./configure --prefix=/usr \
+		--sysconfdir=/etc/samba \
+		--with-configdir=/etc/samba \
+		--localstatedir=/var \
+		--with-fhs \
+		--with-lockdir=/var/cache/samba \
+		--with-piddir=/var/run/samba \
+		--with-logfilebase=/var/log/samba \
+		--without-pam \
+		--with-ads \
+		--with-krb5 \
+		--with-libsmbclient \
+		--with-shared-modules=idmap_rid,imap_ad \
+		--disable-nss-wrapper \
+		--disable-dnssd \
+		--disable-swat
+	make everything || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -d "$pkgdir"/var/log/samba \
+		"$pkgdir"/usr/share/doc/samba
+	cd "$srcdir"/$pkgname-$pkgver
+	cp -r examples "$pkgdir"/usr/share/doc/samba/
+	install -D packaging/RHEL/setup/smbusers "$pkgdir"/etc/samba/smbusers
+	install -Dm644 ../samba.logrotate "$pkgdir"/etc/logrotate.d/samba
+}
+
+initscript() {
+	pkgdesc="Init script for Samba"
+	depends=""
+	install -Dm755 $srcdir/samba.initd "$subpkgdir"/etc/init.d/samba 
+	install -Dm644 $srcdir/samba.confd "$subpkgdir"/etc/conf.d/samba 
+}
+
+_mv_files() {
+	local i
+	for i in "$@"; do
+		mkdir -p "$subpkgdir"/${i%/*}
+		mv "$pkgdir"/$i "$subpkgdir"/$i || return 1
+	done
+}
+
+winbind() {
+	pkgdesc="Samba user and group resolver"
+	depends=
+	cd "$pkgdir"
+	_mv_files \
+		usr/bin/wbinfo \
+		usr/bin/ntlm_auth \
+		usr/sbin/winbindd \
+		usr/lib/samba/idmap \
+		usr/lib/libwbclient* 
+}
+
+common() {
+	pkgdesc="Samba common files for both client an servers"
+	depends=
+	cd "$pkgdir"
+	_mv_files \
+		usr/bin/net \
+		usr/bin/nmblookup \
+		usr/bin/smbpasswd \
+		usr/bin/testparm \
+		usr/lib/samba/*.dat \
+		usr/lib/libtalloc* \
+		var/run/samba \
+		var/cache/samba \
+		var/log/samba
+}
+
+tdb() {
+	pkgdesc="Trivial database"
+	depends=
+	cd "$pkgdir"
+	_mv_files \
+		usr/lib/libtdb* \
+		usr/bin/tdb*
+}
+
+md5sums="858cb6c640358be0e81297c5de615a3c  samba-3.3.6.tar.gz
+1b701fdb22c52c63b3af0e4a286a9329  samba.initd
+c150433426e18261e6e3eed3930e1a76  samba.confd
+b7cafabfb4fa5b3ab5f2e857d8d1c733  samba.logrotate"
diff --git a/main/samba/samba.confd b/main/samba/samba.confd
new file mode 100644
index 0000000000..3788c3c173
--- /dev/null
+++ b/main/samba/samba.confd
@@ -0,0 +1,6 @@
+# add "winbindd" to daemon_list if you want start winbind from here as well
+daemon_list="smbd nmbd"
+
+smbd_options="-D"
+nmbd_options="-D"
+#winbindd_options=""
diff --git a/main/samba/samba.initd b/main/samba/samba.initd
new file mode 100644
index 0000000000..d2d395a989
--- /dev/null
+++ b/main/samba/samba.initd
@@ -0,0 +1,64 @@
+#!/sbin/runscript
+
+opts="reload"
+
+DAEMON=${SVCNAME#samba.}
+if [ "$DAEMON" != "samba" ]; then
+	daemon_list=$DAEMON
+fi
+
+depend() {
+	need net
+}
+
+start_smbd() {
+	start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- \
+		${smbd_options:-"-D"}
+}
+
+stop_smbd() {
+	start-stop-daemon --stop --quiet --pidfile /var/run/samba/smbd.pid
+}
+
+start_nmbd() {
+	start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- \
+		${nmbd_options:-"-D"}
+}
+
+stop_nmbd() {
+	start-stop-daemon --stop --quiet --pidfile /var/run/samba/nmbd.pid
+}
+
+start_winbindd() {
+	start-stop-daemon --start --quiet --exec /usr/sbin/winbindd -- \
+		$winbindd_options
+}
+
+stop_winbindd() {
+	start-stop-daemon --stop --quiet --pidfile /var/run/samba/winbindd.pid
+}
+
+start() {
+	for i in $daemon_list; do
+		ebegin "Starting $i"
+		start_$i
+		eend $?
+	done
+}
+
+stop() {
+	for i in $daemon_list; do
+		ebegin "Stopping $i"
+		stop_$i
+		eend $?
+	done
+}
+
+reload() {
+	for i in $daemon_list; do
+		ebegin "Reloading $i"
+		killall -HUP $i
+		eend $?
+	done
+}
+
diff --git a/main/samba/samba.logrotate b/main/samba/samba.logrotate
new file mode 100644
index 0000000000..bf957bd747
--- /dev/null
+++ b/main/samba/samba.logrotate
@@ -0,0 +1,9 @@
+/var/log/samba/log.* /var/log/samba/*.log {
+   notifempty
+   missingok
+   sharedscripts
+   copytruncate
+   postrotate
+      /bin/kill -HUP `cat /var/run/samba/*.pid 2>/dev/null` 2>/dev/null || true
+   endscript
+}
diff --git a/main/screen/APKBUILD b/main/screen/APKBUILD
new file mode 100644
index 0000000000..a8a04b1653
--- /dev/null
+++ b/main/screen/APKBUILD
@@ -0,0 +1,33 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+# Maintainer: 
+pkgname=screen
+pkgver=4.0.3
+pkgrel=0
+pkgdesc="A window manager that multiplexes a physical terminal"
+url="http://ftp.gnu.org/gnu/screen/"
+license="GPL"
+depends=
+makedepends=""
+install=
+subpackages="$pkgname-doc"
+source="http://ftp.gnu.org/gnu/screen/$pkgname-$pkgver.tar.gz
+	$pkgname-$pkgver.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+}
+
+md5sums="8506fd205028a96c741e4037de6e3c42  screen-4.0.3.tar.gz
+243e18daf4b2bbff898fdf0d772fad52  screen-4.0.3.patch"
diff --git a/main/screen/screen-4.0.3.patch b/main/screen/screen-4.0.3.patch
new file mode 100644
index 0000000000..4a90f49b91
--- /dev/null
+++ b/main/screen/screen-4.0.3.patch
@@ -0,0 +1,272 @@
+--- screen-4.0.3-orig/acls.h	Mon Sep  8 14:23:38 2003
++++ screen-4.0.3/acls.h	Fri Feb 27 18:32:07 2009
+@@ -20,6 +20,8 @@
+  *
+  ****************************************************************
+  */
++#ifndef _SCREEN_ACLS_H_
++#define _SCREEN_ACLS_H_
+ 
+ #ifdef MULTIUSER
+ 
+@@ -91,3 +93,4 @@
+ 
+ extern int DefaultEsc, DefaultMetaEsc;
+ 
++#endif /* define _SCREEN_ACLS_H_ */
+--- screen-4.0.3-orig/ansi.h	Mon Feb 24 16:55:08 2003
++++ screen-4.0.3/ansi.h	Fri Feb 27 18:32:49 2009
+@@ -21,6 +21,8 @@
+  ****************************************************************
+  * $Id: ansi.h,v 1.6 1994/05/31 12:31:28 mlschroe Exp $ FAU
+  */
++#ifndef _SCREEN_ANSI_H_
++#define _SCREEN_ANSI_H_
+ 
+ #define NATTR		6
+ 
+@@ -168,3 +170,5 @@
+ # define dw_left(ml, x, enc) 0
+ # define dw_right(ml, x, enc) 0
+ #endif
++
++#endif /* define _SCREEN_ANSI_H_ */
+--- screen-4.0.3-orig/braille.h	Sat Apr 28 13:26:42 2001
++++ screen-4.0.3/braille.h	Fri Feb 27 18:33:51 2009
+@@ -24,6 +24,8 @@
+  ****************************************************************
+  * $Id: braille.h,v 1.1 1995/09/06 15:51:18 jnweiger Exp jnweiger $ FAU
+  */
++#ifndef _SCREEN_BRAILLE_H_
++#define _SCREEN_BRAILLE_H_
+ 
+ #ifdef HAVE_BRAILLE
+ 
+@@ -81,3 +83,5 @@
+ #define BD_FORE bd.bd_dpy->d_fore
+ 
+ #endif
++
++#endif /* define _SCREEN_BRAILLE_H_ */
+--- screen-4.0.3-orig/display.h	Tue Jul  1 14:01:42 2003
++++ screen-4.0.3/display.h	Fri Feb 27 18:34:30 2009
+@@ -21,6 +21,8 @@
+  ****************************************************************
+  * $Id: display.h,v 1.9 1994/05/31 12:31:54 mlschroe Exp $ FAU
+  */
++#ifndef _SCREEN_DISPLAY_H_
++#define _SCREEN_DISPLAY_H_
+ 
+ #ifdef MAPKEYS
+ 
+@@ -343,3 +345,5 @@
+ #define HSTATUS_MESSAGE		2
+ #define HSTATUS_HS		3
+ #define HSTATUS_ALWAYS		(1<<2)
++
++#endif /* define _SCREEN_DISPLAY_H_ */
+--- screen-4.0.3-orig/extern.h	Fri Aug 22 12:27:57 2003
++++ screen-4.0.3/extern.h	Fri Feb 27 18:35:17 2009
+@@ -21,6 +21,8 @@
+  ****************************************************************
+  * $Id: extern.h,v 1.18 1994/05/31 12:31:57 mlschroe Exp $ FAU
+  */
++#ifndef _SCREEN_EXTERN_H_
++#define _SCREEN_EXTERN_H_
+ 
+ #if !defined(__GNUC__) || __GNUC__ < 2
+ #undef __attribute__
+@@ -490,3 +492,5 @@
+ # endif
+ #endif
+ extern int   EncodeChar __P((char *, int, int, int *));
++
++#endif /* define _SCREEN_EXTERN_H_ */
+--- screen-4.0.3-orig/image.h	Fri Dec  5 13:45:41 2003
++++ screen-4.0.3/image.h	Fri Feb 27 18:35:53 2009
+@@ -21,8 +21,9 @@
+  ****************************************************************
+  * $Id: image.h,v 1.9 1994/05/31 12:31:54 mlschroe Exp $ FAU
+  */
++#ifndef _SCREEN_IMAGE_H_
++#define _SCREEN_IMAGE_H_
+ 
+-
+ #undef IFFONT
+ #undef IFCOLOR
+ 
+@@ -161,3 +162,5 @@
+ #  define cole2i(c) ((c) ^ 9)
+ # endif
+ #endif
++
++#endif /* define _SCREEN_IMAGE_H_ */
+--- screen-4.0.3-orig/layer.h	Tue Jan  8 15:42:25 2002
++++ screen-4.0.3/layer.h	Fri Feb 27 18:36:50 2009
+@@ -22,6 +22,9 @@
+  * $Id: overlay.h,v 1.3 1994/05/31 12:32:31 mlschroe Exp $ FAU
+  */
+ 
++#ifndef _SCREEN_LAYER_H_
++#define _SCREEN_LAYER_H_
++
+ /*
+  * This is the overlay structure. It is used to create a seperate
+  * layer over the current windows.
+@@ -103,3 +106,4 @@
+ 	  display = olddisplay;				\
+ 	} while(0)
+ 
++#endif /* define _SCREEN_LAYER_H_ */
+--- screen-4.0.3-orig/logfile.h	Tue Jan  8 15:42:27 2002
++++ screen-4.0.3/logfile.h	Fri Feb 27 18:37:29 2009
+@@ -22,6 +22,9 @@
+  * $Id: logfile.h,v 1.11 1994/05/31 12:33:27 jnweiger Exp $ FAU
+  */
+ 
++#ifndef _SCREEN_LOGFILE_H_
++#define _SCREEN_LOGFILE_H_
++
+ struct logfile
+ {
+   struct logfile *next;
+@@ -80,3 +83,5 @@
+  * It closes fd and opens wantfd to access whatever fd accessed.
+  */
+ int lf_move_fd __P((int fd, int wantfd));
++
++#endif /* define _SCREEN_LOGFILE_H_ */
+--- screen-4.0.3-orig/mark.h	Tue Jan  8 15:42:30 2002
++++ screen-4.0.3/mark.h	Fri Feb 27 18:38:02 2009
+@@ -21,6 +21,8 @@
+  ****************************************************************
+  * $Id: mark.h,v 1.1.1.1 1993/06/16 23:51:13 jnweiger Exp $ FAU
+  */
++#ifndef _SCREEN_MARK_H_
++#define _SCREEN_MARK_H_
+ 
+ struct markdata
+ {
+@@ -47,3 +49,4 @@
+ #define W2D(y) ((y) - markdata->hist_offset)
+ #define D2W(y) ((y) + markdata->hist_offset)
+ 
++#endif /* define _SCREEN_MARK_H_ */
+--- screen-4.0.3-orig/os.h	Tue Jan  8 15:42:33 2002
++++ screen-4.0.3/os.h	Fri Feb 27 18:39:09 2009
+@@ -21,6 +21,8 @@
+  ****************************************************************
+  * $Id: os.h,v 1.10 1994/05/31 12:32:22 mlschroe Exp $ FAU
+  */
++#ifndef _SCREEN_OS_H_
++#define _SCREEN_OS_H_
+ 
+ #include <stdio.h>
+ #include <errno.h>
+@@ -531,3 +533,4 @@
+  */
+ #define IOSIZE		4096
+ 
++#endif /* define _SCREEN_OS_H_ */
+--- screen-4.0.3-orig/osdef.h.in	Sat Apr 28 13:26:43 2001
++++ screen-4.0.3/osdef.h.in	Fri Feb 27 18:38:36 2009
+@@ -27,6 +27,8 @@
+  * mangled the screen source through 'gcc -Wall'.
+  ****************************************************************
+  */
++#ifndef _SCREEN_OSDEF_H_
++#define _SCREEN_OSDEF_H_
+ 
+ extern int   printf __P((char *, ...));
+ extern int   fprintf __P((FILE *, char *, ...));
+@@ -199,3 +201,4 @@
+ extern int getloadavg(double *, int);
+ #endif
+ 
++#endif /* define _SCREEN_OSDEF_H_ */
+--- screen-4.0.3-orig/patchlevel.h	Mon Oct 23 13:04:11 2006
++++ screen-4.0.3/patchlevel.h	Fri Feb 27 18:40:53 2009
+@@ -523,6 +523,8 @@
+  *                     (cstone & Rich Felker).
+  *                     -- DISTRIBUTED
+  */
++#ifndef _SCREEN_PATCHLEVEL_H_
++#define _SCREEN_PATCHLEVEL_H_
+ 
+ #define ORIGIN "FAU"
+ #define REV 4
+@@ -530,3 +532,5 @@
+ #define PATCHLEVEL 3
+ #define DATE "23-Oct-06"
+ #define STATE ""
++
++#endif /* define _SCREEN_PATCHLEVEL_H_ */
+--- screen-4.0.3-orig/pty.c	Mon Sep  8 14:26:18 2003
++++ screen-4.0.3/pty.c	Fri Feb 27 19:31:53 2009
+@@ -33,11 +33,6 @@
+ # include <sys/ioctl.h>
+ #endif
+ 
+-/* for solaris 2.1, Unixware (SVR4.2) and possibly others */
+-#ifdef HAVE_SVR4_PTYS
+-# include <sys/stropts.h>
+-#endif
+-
+ #if defined(sun) && defined(LOCKPTY) && !defined(TIOCEXCL)
+ # include <sys/ttold.h>
+ #endif
+--- screen-4.0.3-orig/sched.h	Tue Jan  8 15:42:43 2002
++++ screen-4.0.3/sched.h	Fri Feb 27 19:39:49 2009
+@@ -21,6 +21,9 @@
+  ****************************************************************
+  * $Id: sched.h,v 1.1.1.1 1993/06/16 23:51:13 jnweiger Exp $ FAU
+  */
++#ifndef _SCREEN_SCHED_H_
++#define _SCREEN_SCHED_H_
++#include <sys/types.h>
+ 
+ struct event
+ {
+@@ -41,3 +44,5 @@
+ #define EV_READ		1
+ #define EV_WRITE	2
+ #define EV_ALWAYS	3
++
++#endif /* define _SCREEN_SCHED_H_ */
+--- screen-4.0.3-orig/screen.h	Fri Aug 22 12:28:43 2003
++++ screen-4.0.3/screen.h	Fri Feb 27 18:42:11 2009
+@@ -22,6 +22,9 @@
+  * $Id: screen.h,v 1.12 1994/05/31 12:32:54 mlschroe Exp $ FAU
+  */
+ 
++#ifndef _SCREEN_SCREEN_H_
++#define _SCREEN_SCREEN_H_
++
+ #include "os.h"
+ 
+ #if defined(__STDC__)
+@@ -293,3 +296,5 @@
+  */
+ #define WLIST_NUM 0
+ #define WLIST_MRU 1
++
++#endif /* define _SCREEN_SCREEN_H_ */
+--- screen-4.0.3-orig/window.h	Thu Aug 21 14:57:30 2003
++++ screen-4.0.3/window.h	Fri Feb 27 18:42:45 2009
+@@ -21,8 +21,9 @@
+  ****************************************************************
+  * $Id: window.h,v 1.11 1994/05/31 12:33:27 mlschroe Exp $ FAU
+  */
++#ifndef _SCREEN_WINDOW_H_
++#define _SCREEN_WINDOW_H_
+ 
+-
+ /* keep this in sync with the initialisations in window.c */
+ struct NewWindow
+ {
+@@ -315,3 +316,5 @@
+     : &fore->w_mlines[y - fore->w_histheight])
+ 
+ #define Layer2Window(l) ((struct win *)(l)->l_bottom->l_data)
++
++#endif /* define _SCREEN_WINDOW_H_ */
diff --git a/main/sed/APKBUILD b/main/sed/APKBUILD
new file mode 100644
index 0000000000..99ba1e6f8b
--- /dev/null
+++ b/main/sed/APKBUILD
@@ -0,0 +1,27 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sed
+pkgver=4.2.1
+pkgrel=0
+subpackages="$pkgname-doc"
+pkgdesc="GNU stream editor"
+url="http://www.gnu.org/software/sed"
+license="GPL"
+depends=
+makedepends=""
+install="$pkgname.post-deinstall"
+source="ftp://ftp.gnu.org/pub/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	$install"
+
+build() { 
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-i18n \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="f0fd4d7da574d4707e442285fd2d3b86  sed-4.2.1.tar.gz
+b84506d253e04db3c5af9016fead45a3  sed.post-deinstall"
diff --git a/main/sed/sed.post-deinstall b/main/sed/sed.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/sed/sed.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/sfic/APKBUILD b/main/sfic/APKBUILD
new file mode 100644
index 0000000000..3f781b4dee
--- /dev/null
+++ b/main/sfic/APKBUILD
@@ -0,0 +1,29 @@
+pkgdesc="Small and Simple File Integrity Checker"
+pkgname=sfic
+pkgver=0.1.7
+pkgrel=1
+depends=uclibc
+license=GPL
+makedepends="autoconf automake samba-dev"
+depends="tdb uclibc"
+arch=i486
+url=http://sfic.sourceforge.net
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	$pkgname-0.1.7-signal.patch"
+
+subpackages="$pkgname-doc"
+
+build() {
+	cd $srcdir/$pkgname-$pkgver
+	patch -p1 < ../$pkgname-0.1.7-signal.patch || return 1 
+		
+	aclocal
+	autoconf
+	automake --add-missing || return 1
+	./configure --prefix=/usr
+	make || return 1
+	make install DESTDIR="$pkgdir"
+}
+
+md5sums="6197f7a1e8b0fc4887d4573f67b7bb81  sfic-0.1.7.tar.gz
+e0c284f8b4e355b3ea52927fb02e163a  sfic-0.1.7-signal.patch"
diff --git a/main/sfic/sfic-0.1.7-signal.patch b/main/sfic/sfic-0.1.7-signal.patch
new file mode 100644
index 0000000000..54538aac1a
--- /dev/null
+++ b/main/sfic/sfic-0.1.7-signal.patch
@@ -0,0 +1,10 @@
+--- sfic-0.1.7.orig/src/sfic.c	2009-04-13 13:25:49.000000000 +0000
++++ sfic-0.1.7/src/sfic.c	2009-04-13 13:26:14.000000000 +0000
+@@ -37,6 +37,7 @@
+ #include <dirent.h>
+ #include <stdarg.h>
+ 
++#include <signal.h>
+ #include <tdb.h>
+ 
+ #include "heap.h"
diff --git a/main/shorewall-common/APKBUILD b/main/shorewall-common/APKBUILD
new file mode 100644
index 0000000000..1c0a51d8a6
--- /dev/null
+++ b/main/shorewall-common/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=shorewall-common
+pkgver=4.2.10
+pkgrel=0
+pkgdesc="Shoreline Firewall is an iptables-based firewall for Linux."
+url="http://www.shorewall.net/"
+license="GPL-2"
+depends="iptables iproute2"
+subpackages="$pkgname-doc"
+source="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-$pkgver/shorewall-common-$pkgver.tar.bz2
+	shorewall.initd
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	PREFIX="${pkgdir}" ./install.sh || return 1
+	install -Dm755 "$srcdir"/shorewall.initd "$pkgdir"/etc/init.d/shorewall
+}
+md5sums="49bdbbae8dec65154c4e5538ed3c9865  shorewall-common-4.2.10.tar.bz2
+71fb6da1f50f5c6e9dd35b60b3629531  shorewall.initd"
diff --git a/main/shorewall-common/shorewall.initd b/main/shorewall-common/shorewall.initd
new file mode 100644
index 0000000000..9dda676c57
--- /dev/null
+++ b/main/shorewall-common/shorewall.initd
@@ -0,0 +1,80 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall-common/files/shorewall.initd,v 1.2 2008/05/04 13:16:40 pva Exp $
+
+opts="start stop restart clear reset refresh check"
+
+depend() {
+	need net
+	provide firewall
+	after ulogd
+}
+
+start() {
+	ebegin "Starting firewall"
+	/sbin/shorewall -f start 1>/dev/null
+	eend $? 
+}
+
+stop() {
+	ebegin "Stopping firewall"
+	/sbin/shorewall stop 1>/dev/null
+	eend $?
+}
+
+restart() {
+	# shorewall comes with its own control script that includes a
+	# restart function, so refrain from calling svc_stop/svc_start
+	# here.  Note that this comment is required to fix bug 55576;
+	# runscript.sh greps this script...  (09 Jul 2004 agriffis)
+	ebegin "Restarting firewall"
+	/sbin/shorewall status >/dev/null
+	if [ $? != 0 ] ; then
+	    svc_start
+	else
+	    if [ -f /var/lib/shorewall/restore ] ; then
+		/sbin/shorewall restore
+	    else
+		/sbin/shorewall restart 1>/dev/null
+	    fi
+	fi
+	eend $?
+}
+
+clear() {
+	# clear will remove all the rules and bring the system to an unfirewalled
+	# state. (21 Nov 2004 eldad)
+
+	ebegin "Clearing all firewall rules and setting policy to ACCEPT"
+	/sbin/shorewall clear
+	eend $?
+}
+
+reset() {
+	# reset the packet and byte counters in the firewall
+
+	ebegin "Resetting the packet and byte counters in the firewall"
+	/sbin/shorewall reset
+	eend $?
+}
+
+refresh() {
+	# refresh the rules involving the broadcast addresses of firewall 
+	# interfaces, the black list, traffic control rules and 
+	# ECN control rules
+
+	ebegin "Refreshing firewall rules"
+	/sbin/shorewall refresh
+	eend $?
+}
+
+check() {
+	# perform cursory validation of the zones, interfaces, hosts, rules
+	# and policy files. CAUTION: does not parse and validate the generated 
+	# iptables commands.
+
+	ebegin "Checking configuration files"
+	/sbin/shorewall check
+	eend $?
+}
diff --git a/main/shorewall-lite/APKBUILD b/main/shorewall-lite/APKBUILD
new file mode 100644
index 0000000000..9c98a3bfda
--- /dev/null
+++ b/main/shorewall-lite/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=shorewall-lite
+pkgver=4.2.10
+pkgrel=0
+pkgdesc="An iptables-based firewall whose config is handled by a normal Shorewall"
+url="http://www.shorewall.net/"
+license="GPL-2"
+depends="iptables iproute2"
+#subpackages="$pkgname-doc"
+source="http://www1.shorewall.net/pub/shorewall/4.2/shorewall-$pkgver/$pkgname-$pkgver.tar.bz2
+	$pkgname.initd
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	PREFIX="$pkgdir" ./install.sh || return 1
+	install -Dm755 "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+}
+md5sums="ef5958819ba18801bacfe20e67184f2a  shorewall-lite-4.2.10.tar.bz2
+17a37c934aeb601ce288f77000253e1e  shorewall-lite.initd"
diff --git a/main/shorewall-lite/shorewall-lite.initd b/main/shorewall-lite/shorewall-lite.initd
new file mode 100755
index 0000000000..d2537e8a12
--- /dev/null
+++ b/main/shorewall-lite/shorewall-lite.initd
@@ -0,0 +1,65 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-firewall/shorewall-lite/files/shorewall-lite,v 1.1 2007/05/20 22:32:36 mjolnir Exp $
+
+opts="start stop restart clear reset refresh"
+
+depend() {
+	need net
+	provide firewall
+	after ulogd
+}
+
+start() {
+	ebegin "Starting firewall"
+	/sbin/shorewall-lite -f start 1>/dev/null
+	eend $? 
+}
+
+stop() {
+	ebegin "Stopping firewall"
+	/sbin/shorewall-lite stop 1>/dev/null
+	eend $?
+}
+
+restart() {
+	# shorewall comes with its own control script that includes a
+	# restart function, so refrain from calling svc_stop/svc_start
+	# here.  Note that this comment is required to fix bug 55576;
+	# runscript.sh greps this script...  (09 Jul 2004 agriffis)
+	ebegin "Restarting firewall"
+	if [ -f /var/lib/shorewall-lite/restore ] ; then
+		/sbin/shorewall-lite restore
+	else
+		/sbin/shorewall-lite restart 1>/dev/null
+	fi
+	eend $?
+}
+
+clear() {
+	# clear will remove all the rules and bring the system to an unfirewalled
+	# state. (21 Nov 2004 eldad)
+
+	ebegin "Clearing all firewall rules and setting policy to ACCEPT"
+	/sbin/shorewall-lite clear
+	eend $?
+}
+
+reset() {
+	# reset the packet and byte counters in the firewall
+
+	ebegin "Resetting the packet and byte counters in the firewall"
+	/sbin/shorewall-lite reset
+	eend $?
+}
+
+refresh() {
+	# refresh the rules involving the broadcast addresses of firewall 
+	# interfaces, the black list, traffic control rules and 
+	# ECN control rules
+
+	ebegin "Refreshing firewall rules"
+	/sbin/shorewall-lite refresh
+	eend $?
+}
diff --git a/main/shorewall-perl/APKBUILD b/main/shorewall-perl/APKBUILD
new file mode 100644
index 0000000000..e601c96a52
--- /dev/null
+++ b/main/shorewall-perl/APKBUILD
@@ -0,0 +1,16 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=shorewall-perl
+pkgver=4.2.10.3
+_v=4.2.10
+pkgrel=0
+pkgdesc="Shoreline Firewall Perl-based compiler"
+url="http://www.shorewall.net/"
+license="GPL-2"
+depends="shorewall-common"
+source="http://www1.shorewall.net/pub/shorewall/${_v%.*}/shorewall-${_v}/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	PREFIX="$pkgdir" ./install.sh || return 1
+}
+md5sums="f19bed40fe28a905fd08482b9dc5f7ce  shorewall-perl-4.2.10.3.tar.bz2"
diff --git a/main/shorewall-shell/APKBUILD b/main/shorewall-shell/APKBUILD
new file mode 100644
index 0000000000..643562f209
--- /dev/null
+++ b/main/shorewall-shell/APKBUILD
@@ -0,0 +1,17 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=shorewall-shell
+_v=4.2.10
+pkgver=4.2.10
+pkgrel=0
+pkgdesc="Shoreline Firewall shell-based compiler."
+url="http://www.shorewall.net/"
+license="GPL-2"
+depends="shorewall-common"
+#subpackages="$pkgname-doc"
+source="http://www.shorewall.net/pub/shorewall/${_v%.*}/shorewall-$_v/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	PREFIX="$pkgdir" ./install.sh || return 1
+}
+md5sums="d6f7cbc3c502c09921ede920547d5017  shorewall-shell-4.2.10.tar.bz2"
diff --git a/main/shorewall/APKBUILD b/main/shorewall/APKBUILD
new file mode 100644
index 0000000000..735973cc26
--- /dev/null
+++ b/main/shorewall/APKBUILD
@@ -0,0 +1,16 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=shorewall
+pkgver=4.2.10
+pkgrel=0
+pkgdesc="Meta package for shorewall"
+url="http://www.shorewall.net/"
+license="GPL"
+depends="shorewall-shell"
+makedepends=""
+source=""
+
+build() {
+	mkdir -p "$pkgdir"
+}
+
diff --git a/main/sic/APKBUILD b/main/sic/APKBUILD
new file mode 100644
index 0000000000..72e197ea08
--- /dev/null
+++ b/main/sic/APKBUILD
@@ -0,0 +1,20 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sic
+pkgver=1.0
+pkgrel=0
+pkgdesc="an extremely simple IRC client"
+url="http://www.suckless.org/programs/sic.html"
+license="GPL"
+depends="uclibc"
+subpackages="$pkgname-doc"
+source="http://code.suckless.org/dl/tools/sic-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make PREFIX=/usr || return 1
+	make DESTDIR="$pkgdir" PREFIX=/usr install
+}
+
+md5sums="d73d07d5de3ea06e9e83b90d26749202  sic-1.0.tar.gz"
diff --git a/main/slang/APKBUILD b/main/slang/APKBUILD
new file mode 100644
index 0000000000..c1fe962000
--- /dev/null
+++ b/main/slang/APKBUILD
@@ -0,0 +1,27 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=slang
+pkgver=2.1.4
+pkgrel=0
+pkgdesc="S-Lang is a powerful interpreted language"
+url="http://www.s-lang.org/"
+license="GPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="uclibc pcre"
+makedepends="pcre-dev"
+source="ftp://ftp.fu-berlin.de/pub/unix/misc/$pkgname/v2.1/$pkgname-$pkgver.tar.gz
+	slang-2.1.3-uclibc.patch
+	"
+
+build () {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+	./configure --prefix=/usr \
+		--sysconfdir=/etc || return 1
+	make || return 1
+	make install-all DESTDIR="$pkgdir" || return 1
+}
+md5sums="3516f593bc04975844f26137c18275d2  slang-2.1.4.tar.gz
+56ca82f415578994b6050e769b6b7bc9  slang-2.1.3-uclibc.patch"
diff --git a/main/slang/slang-2.1.3-uclibc.patch b/main/slang/slang-2.1.3-uclibc.patch
new file mode 100644
index 0000000000..d7ed5a8d65
--- /dev/null
+++ b/main/slang/slang-2.1.3-uclibc.patch
@@ -0,0 +1,12 @@
+diff -ur slang-2.1.3.orig/src/slcommon.c slang-2.1.3/src/slcommon.c
+--- slang-2.1.3.orig/src/slcommon.c	2007-01-10 18:09:07.000000000 +0200
++++ slang-2.1.3/src/slcommon.c	2008-03-19 16:09:09.000000000 +0200
+@@ -191,7 +191,7 @@
+    return p;
+ }
+ 
+-#if !defined(HAVE_ISSETUGID) && defined(__GLIBC__) && (__GLIBC__ >= 2)
++#if !defined(HAVE_ISSETUGID) && defined(__GLIBC__) && (__GLIBC__ >= 2) && !defined(__UCLIBC__)
+ extern int __libc_enable_secure;
+ # define HAVE___LIBC_ENABLE_SECURE 1
+ #endif
diff --git a/main/snort/APKBUILD b/main/snort/APKBUILD
new file mode 100644
index 0000000000..35b4820651
--- /dev/null
+++ b/main/snort/APKBUILD
@@ -0,0 +1,40 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+pkgname=snort
+pkgver=2.8.4
+pkgrel=0
+pkgdesc="An open source network intrusion prevention and detection system"
+url="http://www.snort.org/"
+license="GPL"
+depends="uclibc libpcap libnet"
+makedepends="pcre-dev libpcap-dev libnet-dev"
+install="$pkgname.pre-install"
+subpackages="$pkgname-doc $pkgname-dev"
+source="http://www.snort.org/dl/$pkgname-$pkgver.tar.gz
+	nocxx.patch
+        snort.initd
+        snort.confd
+        $install
+        "
+
+build() {
+        cd "$srcdir/$pkgname-$pkgver"
+	patch configure < ../nocxx.patch || return 1
+
+        ./configure --prefix=/usr \
+                --sysconfdir=/etc \
+                --mandir=/usr/share/man \
+                --infodir=/usr/share/info \
+                --enable-ipv6 \
+                --enable-gre
+        make -j1 || return 1
+        make -j1 DESTDIR="$pkgdir" install
+
+        install -D -m 755 ../snort.initd "$pkgdir"/etc/init.d/snort
+        install -D -m 644 ../snort.confd "$pkgdir"/etc/conf.d/snort
+}
+
+md5sums="193179da8db8aac5ee6b0a751ce7b76d  snort-2.8.4.tar.gz
+28513788ba4d556ccd538867dc6205ab  nocxx.patch
+b3207150805e7b948d958c6f86e70a5b  snort.initd
+446f8d2b3435b8a6be738da978670605  snort.confd
+b9473b349cc9d21faf7b91b591f497d6  snort.pre-install"
diff --git a/main/snort/nocxx.patch b/main/snort/nocxx.patch
new file mode 100644
index 0000000000..beb1ab9006
--- /dev/null
+++ b/main/snort/nocxx.patch
@@ -0,0 +1,15 @@
+--- a/configure	2004-12-07 21:34:23.205172545 +0000
++++ b/configure	2004-12-07 21:37:17.726654782 +0000
+@@ -5148,10 +5148,8 @@
+   :
+ else
+   { { echo "$as_me:$LINENO: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&5
+-echo "$as_me: error: C++ preprocessor \"$CXXCPP\" fails sanity check
+-See \`config.log' for more details." >&2;}
+-   { (exit 1); exit 1; }; }
++See \`config.log' for more details." >&5;}
++   { echo "C++ sucks, ignoring ..." >&5; }; }
+ fi
+ 
+ ac_ext=cc
diff --git a/main/snort/snort.confd b/main/snort/snort.confd
new file mode 100644
index 0000000000..d4d240ac96
--- /dev/null
+++ b/main/snort/snort.confd
@@ -0,0 +1,16 @@
+# Config file for /etc/init.d/snort
+
+# This tell snort which interface to listen on (any for every interface)
+IFACE=eth0
+
+# Make sure this matches your IFACE
+PIDFILE=/var/run/snort_$IFACE.pid
+
+# You probably don't want to change this, but in case you do
+LOGDIR="/var/log/snort"
+
+# Probably not this either
+CONF=/etc/snort/snort.conf
+
+# This pulls in the options above
+SNORT_OPTS="-D -u snort -i $IFACE -l $LOGDIR -c $CONF"
diff --git a/main/snort/snort.initd b/main/snort/snort.initd
new file mode 100644
index 0000000000..a5c2b05c47
--- /dev/null
+++ b/main/snort/snort.initd
@@ -0,0 +1,31 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-analyzer/snort/files/snort.rc7,v 1.3 2007/04/22 06:21:15 dragonheart Exp $
+
+depend() {
+	need net
+}
+
+checkconfig() {
+	if [ ! -e $CONF ] ; then
+		eerror "You need a configuration file to run snort"
+		eerror "There is an example config in /etc/snort/snort.conf.distrib"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting snort"
+	start-stop-daemon --start --quiet --exec /usr/bin/snort \
+		--pidfile ${PIDFILE} \
+		-- ${SNORT_OPTS} >/dev/null 2>&1
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping snort"
+	start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
+	eend $?
+}
diff --git a/main/snort/snort.pre-install b/main/snort/snort.pre-install
new file mode 100644
index 0000000000..e1555163a7
--- /dev/null
+++ b/main/snort/snort.pre-install
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+adduser -h /var/log/snort -s /bin/false -D snort 2>/dev/null
+exit 0
diff --git a/main/sntpc/APKBUILD b/main/sntpc/APKBUILD
new file mode 100644
index 0000000000..6df6a6efd0
--- /dev/null
+++ b/main/sntpc/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sntpc
+pkgver=0.9
+pkgrel=0
+pkgdesc="Simple NTP client"
+url="http://git.alpinelinux.org/cgit/sntpc"
+license="GPL-2"
+depends="uclibc"
+source="http://git.alpinelinux.org/cgit/sntpc/snapshot/sntpc-$pkgver.tar.bz2
+	sntpc.initd
+	sntpc.confd
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	make || return 1
+	install -m755 -D sntpc "$pkgdir"/usr/sbin/sntpc
+	install -m755 -D "$srcdir"/sntpc.initd "$pkgdir"/etc/init.d/sntpc
+	install -m644 -D "$srcdir"/sntpc.confd "$pkgdir"/etc/conf.d/sntpc
+}
+
+md5sums="60c64d975daa3a6f371e9e81538e38db  sntpc-0.9.tar.bz2
+c5018237685af2cddb0b4ede1751bee1  sntpc.initd
+4ea1ceee01f94080be86188bde8f9adc  sntpc.confd"
diff --git a/main/sntpc/sntpc.confd b/main/sntpc/sntpc.confd
new file mode 100644
index 0000000000..a92e4be868
--- /dev/null
+++ b/main/sntpc/sntpc.confd
@@ -0,0 +1,9 @@
+#
+# Set time sync interval (in seconds) here.
+# Setting SNTPC_INTERVAL to 0 will make sntp run once and just exit
+#
+
+SNTPC_INTERVAL="0"
+
+# The NTP server to use as time source
+SNTPC_HOST=pool.ntp.org
diff --git a/main/sntpc/sntpc.initd b/main/sntpc/sntpc.initd
new file mode 100644
index 0000000000..a97e51bdbd
--- /dev/null
+++ b/main/sntpc/sntpc.initd
@@ -0,0 +1,30 @@
+#!/sbin/runscript
+
+NAME=sntpc
+DAEMON=/usr/sbin/$NAME
+
+depend() {
+	need net
+}
+
+start() {
+	local msg opts
+	if [ "$SNTPC_INTERVAL" = "0" ]; then
+		msg="Setting time from NTP source"
+	else
+		msg="Starting ${NAME}"
+		opts="-d"
+	fi
+	ebegin "$msg"
+		start-stop-daemon --start --quiet --name sntpc \
+			--exec ${DAEMON} -- \
+			-i ${SNTPC_INTERVAL} $opts ${SNTPC_HOST}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+		start-stop-daemon --stop --quiet \
+			--exec ${DAEMON} 
+	eend $?
+}
diff --git a/main/spamassassin/APKBUILD b/main/spamassassin/APKBUILD
new file mode 100644
index 0000000000..e22803fa43
--- /dev/null
+++ b/main/spamassassin/APKBUILD
@@ -0,0 +1,30 @@
+# Contributor: Leonardo Arena <rnalrd@gmail.com>
+# Maintainer:  Leonardo Arena <rnalrd@gmail.com>
+pkgname=spamassassin
+_realname=Mail-SpamAssassin
+pkgver=3.2.5
+pkgrel=0
+pkgdesc="The Powerful #1 Open-Source Spam Filter"
+url="http://spamassassin.apache.org"
+license="Apache"
+depends="perl perl-digest-sha1 perl-html-parser perl-net-dns perl-db_file zlib"
+makedepends="perl-dev zlib-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://www.apache.org/dist/spamassassin/source/$_realname-3.2.5.tar.gz"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	PERL_MM_USE_DEFAULT=1 perl Makefile.PL INSTALLDIRS=vendor || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	install -m755 -D ../../spamd.init $pkgdir/etc/init.d/spamd
+	install -m644 -D ../../spamd.conf $pkgdir/etc/conf.d/spamd.conf
+	mkdir $pkgdir/usr/sbin
+	mv $pkgdir/usr/bin/spamd $pkgdir/usr/sbin/spamd
+	# creates file collision among perl modules
+	find "$pkgdir" -name perllocal.pod -delete
+}
+
+md5sums="7fdc1651d0371c4a7f95ac9ae6f828a6  Mail-SpamAssassin-3.2.5.tar.gz"
diff --git a/main/spamassassin/spamd.conf b/main/spamassassin/spamd.conf
new file mode 100644
index 0000000000..b6fca036f2
--- /dev/null
+++ b/main/spamassassin/spamd.conf
@@ -0,0 +1,46 @@
+# Config file for /etc/init.d/spamd
+
+
+# ***WARNING***
+# spamd was not designed to listed to an untrusted network. spamd
+# is vulnerable to DoS attacks (and eternal doom) if used to listen
+# to an untrusted network.
+#
+
+
+# Some options:
+#
+# -c          to create a per user configuration file
+# -H [dir]    to switch home dirs for helper apps, dir optional
+# -i [ip]     to listen on the specified IP,
+#             127.0.0.1 if omitted,
+#             0.0.0.0 (ie. all) if given without value;
+#             must be used in combination with -A to actually allow
+#             connections from anybody but localhost
+# -m limit    to set the number of children, default 5
+# -u user     the user to run spamd as
+# -L          if you want to run no net tests
+#
+# for more help look in man spamd
+#
+# Note: if you plan on using the -u flag to spamd you will need to
+# make sure the location of the PID file is writable by that user.
+# This can be done by making the directory /var/run/spamd and
+# changing the owner to the UID that runs spamd.  You will then
+# need to edit $pidfile in /etc/init.d/spamd. This should fix the
+# problem with stop/restart in the init scripts.
+#
+# See http://bugs.gentoo.org/show_bug.cgi?id=70124 for a full
+# explanation.
+
+SPAMD_OPTS="-m 5 -c -H"
+
+# spamd stores its pid in this file. If you use the -u option to
+# run spamd under another user, you might need to adjust it.
+
+PIDFILE="/var/run/spamd.pid"
+
+# SPAMD_NICELEVEL lets you set the 'nice'ness of the running 
+# spamd process
+
+# SPAMD_NICELEVEL=5
diff --git a/main/spamassassin/spamd.init b/main/spamassassin/spamd.init
new file mode 100644
index 0000000000..89723889f4
--- /dev/null
+++ b/main/spamassassin/spamd.init
@@ -0,0 +1,39 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/mail-filter/spamassassin/files/3.0.0-spamd.init,v 1.8 2008/05/14 21:25:56 sbriesen Exp $
+
+# NB: Config is in /etc/conf.d/spamd
+
+# Provide a default location if they haven't in /etc/conf.d/spamd
+PIDFILE=${PIDFILE:-/var/run/spamd.pid}
+
+opts="reload"
+
+depend() {
+	need net
+	before mta
+	use logger
+}
+
+start() {
+	ebegin "Starting spamd"
+	start-stop-daemon --start --quiet \
+		--name spamd \
+		--nicelevel ${SPAMD_NICELEVEL:-0} \
+		--exec /usr/sbin/spamd -- -d -r ${PIDFILE} \
+			${SPAMD_OPTS}
+	eend $? "Failed to start spamd"
+}
+
+stop() {
+	ebegin "Stopping spamd"
+	start-stop-daemon --stop --quiet --pidfile ${PIDFILE}
+	eend $? "Failed to stop spamd"
+}
+
+reload() {
+	ebegin "Reloading configuration"
+	kill -HUP $(< ${PIDFILE})
+	eend $?
+}
diff --git a/main/sqlite/APKBUILD b/main/sqlite/APKBUILD
new file mode 100644
index 0000000000..40a5cd7e44
--- /dev/null
+++ b/main/sqlite/APKBUILD
@@ -0,0 +1,31 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=sqlite
+pkgver=3.6.15
+pkgrel=0
+pkgdesc="A C library that implements an SQL database engine"
+url="http://www.sqlite.org/"
+license="custom"
+depends=""
+makedepends=""
+source="http://www.sqlite.org/$pkgname-$pkgver.tar.gz
+       license.txt"
+
+subpackages="$pkgname-doc $pkgname-dev"
+
+build ()
+{
+       cd ${srcdir}/${pkgname}-${pkgver}
+       ./configure --prefix=/usr \
+       --enable-threadsafe \
+       --disable-static \
+       --disable-tcl \
+       --disable-readline \
+       || return 1
+       make || return 1
+       make DESTDIR=${pkgdir} install || return 1
+       install -Dm0644 sqlite3.1 ${pkgdir}/usr/share/man/man1/sqlite3.1
+       install -Dm644 ${srcdir}/license.txt ${pkgdir}/usr/share/licenses/${pkgname}/license.txt
+}
+
+md5sums="ccde887ffc8a26251f3514d54594ff92  sqlite-3.6.15.tar.gz
+c1cdbc5544034d9012e421e75a5e4890  license.txt"
diff --git a/main/sqlite/license.txt b/main/sqlite/license.txt
new file mode 100644
index 0000000000..118c5d5e60
--- /dev/null
+++ b/main/sqlite/license.txt
@@ -0,0 +1,33 @@
+SQLite Copyright
+SQLite is in the
+Public Domain 
+
+
+All of the deliverable code in SQLite has been dedicated to the public domain by the authors. All code authors, and representatives of the companies they work for, have signed affidavits dedicating their contributions to the public domain and originals of those signed affidavits are stored in a firesafe at the main offices of Hwaci. Anyone is free to copy, modify, publish, use, compile, sell, or distribute the original SQLite code, either in source code form or as a compiled binary, for any purpose, commercial or non-commercial, and by any means. 
+
+The previous paragraph applies to the deliverable code in SQLite - those parts of the SQLite library that you actually bundle and ship with a larger application. Portions of the documentation and some code used as part of the build process might fall under other licenses. The details here are unclear. We do not worry about the licensing of the documentation and build code so much because none of these things are part of the core deliverable SQLite library. 
+
+All of the deliverable code in SQLite has been written from scratch. No code has been taken from other projects or from the open internet. Every line of code can be traced back to its original author, and all of those authors have public domain dedications on file. So the SQLite code base is clean and is uncontaminated with licensed code from other projects. 
+Obtaining An Explicit License To Use SQLite
+
+Even though SQLite is in the public domain and does not require a license, some users want to obtain a license anyway. Some reasons for obtaining a license include: 
+You are using SQLite in a jurisdiction that does not recognize the public domain. 
+You are using SQLite in a jurisdiction that does not recognize the right of an author to dedicate their work to the public domain. 
+You want to hold a tangible legal document as evidence that you have the legal right to use and distribute SQLite. 
+Your legal department tells you that you have to purchase a license. 
+
+If you feel like you really have to purchase a license for SQLite, Hwaci, the company that employs the architect and principal developers of SQLite, will sell you one. 
+Contributed Code
+
+In order to keep SQLite completely free and unencumbered by copyright, all new contributors to the SQLite code base are asked to dedicate their contributions to the public domain. If you want to send a patch or enhancement for possible inclusion in the SQLite source tree, please accompany the patch with the following statement: 
+The author or authors of this code dedicate any and all copyright interest in this code to the public domain. We make this dedication for the benefit of the public at large and to the detriment of our heirs and successors. We intend this dedication to be an overt act of relinquishment in perpetuity of all present and future rights to this code under copyright law. 
+
+We are not able to accept patches or changes to SQLite that are not accompanied by a statement such as the above. In addition, if you make changes or enhancements as an employee, then a simple statement such as the above is insufficient. You must also send by surface mail a copyright release signed by a company officer. A signed original of the copyright release should be mailed to:
+Hwaci
+6200 Maple Cove Lane
+Charlotte, NC 28269
+USA 
+
+A template copyright release is available in PDF or HTML. You can use this release to make future changes.
+
+see http://www.sqlite.org/copyright.html
\ No newline at end of file
diff --git a/main/squid/APKBUILD b/main/squid/APKBUILD
new file mode 100644
index 0000000000..c93bfba602
--- /dev/null
+++ b/main/squid/APKBUILD
@@ -0,0 +1,279 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=squid
+pkgver=2.7.6
+_ver=2.7.STABLE6
+pkgrel=6
+pkgdesc="A full-featured Web proxy cache server."
+url="http://www.squid-cache.org"
+install="squid.post-install"
+license="GPL-2"
+depends="$pkgname-errors-english logrotate"
+makedepends="openssl-dev perl-dev autoconf automake"
+subpackages="$pkgname-doc
+	$pkgname-errors-armenian:errors_armenian
+	$pkgname-errors-azerbaijani:errors_azerbaijani
+	$pkgname-errors-bulgarian:errors_bulgarian
+	$pkgname-errors-catalan:errors_catalan 
+	$pkgname-errors-czech:errors_czech
+	$pkgname-errors-danish:errors_danish
+	$pkgname-errors-dutch:errors_dutch
+	$pkgname-errors-english:errors_english
+	$pkgname-errors-estonian:errors_estonian
+	$pkgname-errors-finnish:errors_finnish
+	$pkgname-errors-french:errors_french
+	$pkgname-errors-german:errors_german
+	$pkgname-errors-greek:errors_greek
+	$pkgname-errors-hebrew:errors_hebrew
+	$pkgname-errors-hungarian:errors_hungarian
+	$pkgname-errors-italian:errors_italian
+	$pkgname-errors-japanese:errors_japanese
+	$pkgname-errors-korean:errors_korean
+	$pkgname-errors-lithuanian:errors_lithuanian
+	$pkgname-errors-polish:errors_polish
+	$pkgname-errors-portuguese:errors_portuguese
+	$pkgname-errors-romanian:errors_romanian
+	$pkgname-errors-russian-1251:errors_russian_1251
+	$pkgname-errors-russian-koi8-r:errors_russian_koi8_r
+	$pkgname-errors-serbian:errors_serbian
+	$pkgname-errors-simplify_chinese:errors_simplify_chinese
+	$pkgname-errors-slovak:errors_slovak
+	$pkgname-errors-spanish:errors_spanish
+	$pkgname-errors-swedish:errors_swedish
+	$pkgname-errors-traditional_chinese:errors_traditional_chinese
+	$pkgname-errors-turkish:errors_turkish
+	$pkgname-errors-ukrainian-1251:errors_ukrainian_1251
+	$pkgname-errors-ukrainian-koi8-u:errors_ukrainian_koi8_u
+	$pkgname-errors-ukrainian-utf8:errors_ukrainian_utf8"
+
+source="http://www.squid-cache.org/Versions/v2/2.7/${pkgname}-${_ver}.tar.bz2
+	squid.initd
+	squid.confd
+	squid.post-install
+	squid-2.7-gentoo.patch
+	$pkgname.logrotate
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$_ver"
+
+	patch -p1 -i "$srcdir"/squid-2.7-gentoo.patch || return 1
+	touch NEWS AUTHORS
+	aclocal && autoconf && automake -a || return 1
+
+	./configure --prefix=/usr --datadir=/usr/share/squid \
+		--sysconfdir=/etc/squid --libexecdir=/usr/lib/squid \
+		--localstatedir=/var \
+		--enable-auth="basic,digest,ntlm,negotiate" \
+		--enable-removal-policies="lru,heap" \
+		--enable-digest-auth-helpers="password" \
+		--enable-storeio="aufs,ufs,diskd,coss,null" \
+		--enable-basic-auth-helpers="getpwnam,NCSA,SMB,MSNT,multi-domain-NTLM" \
+		--enable-external-acl-helpers="ip_user,unix_group,wbinfo_group" \
+		--enable-ntlm-auth-helpers="SMB,fakeauth,no_check" \
+		--enable-delay-pools --enable-arp-acl --enable-ssl \
+		--enable-linux-netfilter --enable-ident-lookups \
+		--enable-useragent-log --enable-cache-digests --enable-referer-log \
+		--enable-async-io --enable-truncate --enable-arp-acl \
+		--enable-htcp --enable-carp --enable-poll --with-maxfd=4096 \
+		--enable-follow-x-forwarded-for
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	install -m644 -D "$srcdir"/$pkgname.logrotate \
+		"$pkgdir"/etc/logrotate.d/squid
+
+	mkdir -p "$pkgdir"/var/cache/squid "$pkgdir"/var/log/squid
+	chmod +x "$pkgdir"/usr/lib/squid/*
+}
+
+
+_mv_error() {
+	local d=usr/share/squid/errors
+	mkdir -p "$subpkgdir/$d"
+	mv "$pkgdir/$d/${1}" "$subpkgdir/$d/" || return 1
+	# last one removed the dir
+	rmdir "$pkgdir/$d" 2>/dev/null
+	return 0
+}
+
+errors_armenian() {
+	depends="$pkgname"
+	_mv_error Armenian
+}
+
+errors_azerbaijani() {
+	depends="$pkgname"
+	_mv_error Azerbaijani
+}
+
+errors_bulgarian() {
+	depends="$pkgname"
+	_mv_error Bulgarian
+}
+
+errors_catalan() {
+	depends="$pkgname"
+	_mv_error Catalan
+}
+
+errors_czech() {
+	depends="$pkgname"
+	_mv_error Czech
+}
+
+errors_danish() {
+	depends="$pkgname"
+	_mv_error Danish
+}
+
+errors_dutch() {
+	depends="$pkgname"
+	_mv_error Dutch
+}
+
+errors_english() {
+	depends="$pkgname"
+	_mv_error English
+}
+
+errors_estonian() {
+	depends="$pkgname"
+	_mv_error Estonian
+}
+
+errors_finnish() {
+	depends="$pkgname"
+	_mv_error Finnish
+}
+
+errors_french() {
+	depends="$pkgname"
+	_mv_error French
+}
+
+errors_german() {
+	depends="$pkgname"
+	_mv_error German
+}
+
+errors_greek() {
+	depends="$pkgname"
+	_mv_error Greek
+}
+
+errors_hebrew() {
+	depends="$pkgname"
+	_mv_error Hebrew
+}
+
+errors_hungarian() {
+	depends="$pkgname"
+	_mv_error Hungarian
+}
+
+errors_italian() {
+	depends="$pkgname"
+	_mv_error Italian
+}
+
+errors_japanese() {
+	depends="$pkgname"
+	_mv_error Japanese
+}
+
+errors_korean() {
+	depends="$pkgname"
+	_mv_error Korean
+}
+
+errors_lithuanian() {
+	depends="$pkgname"
+	_mv_error Lithuanian
+}
+
+errors_polish() {
+	depends="$pkgname"
+	_mv_error Polish
+}
+
+errors_portuguese() {
+	depends="$pkgname"
+	_mv_error Portuguese
+}
+
+errors_romanian() {
+	depends="$pkgname"
+	_mv_error Romanian
+}
+
+errors_russian_1251() {
+	depends="$pkgname"
+	_mv_error Russian-1251
+}
+
+errors_russian_koi8_r() {
+	depends="$pkgname"
+	_mv_error Russian-koi8-r
+}
+
+errors_serbian() {
+	depends="$pkgname"
+	_mv_error Serbian
+}
+
+errors_simplify_chinese() {
+	depends="$pkgname"
+	_mv_error Simplify_Chinese
+}
+
+errors_slovak() {
+	depends="$pkgname"
+	_mv_error Slovak
+}
+
+errors_spanish() {
+	depends="$pkgname"
+	_mv_error Spanish
+}
+
+errors_swedish() {
+	depends="$pkgname"
+	_mv_error Swedish
+}
+
+errors_traditional_chinese() {
+	depends="$pkgname"
+	_mv_error Traditional_Chinese
+}
+
+errors_turkish() {
+	depends="$pkgname"
+	_mv_error Turkish
+}
+
+errors_ukrainian_1251() {
+	depends="$pkgname"
+	_mv_error Ukrainian-1251
+}
+
+errors_ukrainian_koi8_u() {
+	depends="$pkgname"
+	_mv_error Ukrainian-koi8-u
+}
+
+errors_ukrainian_utf8() {
+	depends="$pkgname"
+	_mv_error Ukrainian-utf8
+}
+
+
+md5sums="6de3a6a7a56a7ecae092f2d31a04f039  squid-2.7.STABLE6.tar.bz2
+d31f293cf10a90bc3d60aa6428889db5  squid.initd
+44b052db7910f386ef88ddcf69c9ba4e  squid.confd
+9bf350646e321f7c38ffeb9af828ec98  squid.post-install
+1d33108353d788b238d9a8877bf2e401  squid-2.7-gentoo.patch
+58823e0b86bc2dc71d270208b7b284b4  squid.logrotate"
diff --git a/main/squid/squid-2.7-gentoo.patch b/main/squid/squid-2.7-gentoo.patch
new file mode 100644
index 0000000000..5ac174dee2
--- /dev/null
+++ b/main/squid/squid-2.7-gentoo.patch
@@ -0,0 +1,298 @@
+Gentoo squid patch for 2.7.4
+
+http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-proxy/squid/files/squid-2.7.4-gentoo.patch?view=markup
+
+--- squid-2.7.STABLE6/configure.in	Wed Feb  4 00:44:06 2009
++++ squid-2.7.STABLE6-patched/configure.in	Mon Feb 16 11:56:34 2009
+@@ -18,9 +18,9 @@
+ PRESET_LDFLAGS="$LDFLAGS"
+ 
+ dnl Set default LDFLAGS
+-if test -z "$LDFLAGS"; then
+-	LDFLAGS="-g"
+-fi
++dnl if test -z "$LDFLAGS"; then
++dnl 	LDFLAGS="-g"
++dnl fi
+ 
+ dnl Check for GNU cc
+ AC_PROG_CC
+--- squid-2.7.STABLE6/helpers/basic_auth/MSNT/confload.c	Wed Jun 26 19:09:48 2002
++++ squid-2.7.STABLE6-patched/helpers/basic_auth/MSNT/confload.c	Mon Feb 16 11:56:34 2009
+@@ -24,7 +24,7 @@
+ 
+ /* Path to configuration file */
+ #ifndef SYSCONFDIR
+-#define SYSCONFDIR "/usr/local/squid/etc"
++#define SYSCONFDIR "/etc/squid"
+ #endif
+ #define CONFIGFILE   SYSCONFDIR "/msntauth.conf"
+ 
+--- squid-2.7.STABLE6/helpers/basic_auth/MSNT/msntauth.conf.default	Wed Jun 26 18:44:28 2002
++++ squid-2.7.STABLE6-patched/helpers/basic_auth/MSNT/msntauth.conf.default	Mon Feb 16 11:56:34 2009
+@@ -8,6 +8,6 @@
+ server other_PDC	other_BDC	otherdomain
+ 
+ # Denied and allowed users. Comment these if not needed.
+-#denyusers	/usr/local/squid/etc/msntauth.denyusers
+-#allowusers	/usr/local/squid/etc/msntauth.allowusers
++#denyusers	/etc/squid/msntauth.denyusers
++#allowusers	/etc/squid/msntauth.allowusers
+ 
+--- squid-2.7.STABLE6/helpers/basic_auth/SMB/Makefile.am	Tue May 17 16:56:26 2005
++++ squid-2.7.STABLE6-patched/helpers/basic_auth/SMB/Makefile.am	Mon Feb 16 11:56:34 2009
+@@ -14,7 +14,7 @@
+ ## FIXME: autoconf should test for the samba path.
+ 
+ SMB_AUTH_HELPER	= smb_auth.sh
+-SAMBAPREFIX=/usr/local/samba
++SAMBAPREFIX=/usr
+ SMB_AUTH_HELPER_PATH = $(libexecdir)/$(SMB_AUTH_HELPER)
+ 
+ libexec_SCRIPTS	= $(SMB_AUTH_HELPER)
+--- squid-2.7.STABLE6/helpers/basic_auth/SMB/smb_auth.sh	Sun Jan  7 23:36:46 2001
++++ squid-2.7.STABLE6-patched/helpers/basic_auth/SMB/smb_auth.sh	Mon Feb 16 11:56:34 2009
+@@ -24,7 +24,7 @@
+ read AUTHSHARE
+ read AUTHFILE
+ read SMBUSER
+-read SMBPASS
++read -r SMBPASS
+ 
+ # Find domain controller
+ echo "Domain name: $DOMAINNAME"
+@@ -47,7 +47,7 @@
+   addropt=""
+ fi
+ echo "Query address options: $addropt"
+-dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+ / { print $1 ; exit }'`
++dcip=`$SAMBAPREFIX/bin/nmblookup $addropt "$PASSTHROUGH#1c" | awk '/^[0-9.]+\..+ / { print $1 ; exit }'`
+ echo "Domain controller IP address: $dcip"
+ [ -n "$dcip" ] || exit 1
+ 
+--- squid-2.7.STABLE6/helpers/external_acl/session/squid_session.8	Sat Jan  6 17:28:35 2007
++++ squid-2.7.STABLE6-patched/helpers/external_acl/session/squid_session.8	Mon Feb 16 11:56:34 2009
+@@ -35,7 +35,7 @@
+ .P
+ Configuration example using the default automatic mode
+ .IP
+-external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/local/squid/libexec/squid_session
++external_acl_type session ttl=300 negative_ttl=0 children=1 concurrency=200 %LOGIN /usr/libexec/squid/squid_session
+ .IP
+ acl session external session
+ .IP
+--- squid-2.7.STABLE6/helpers/external_acl/unix_group/squid_unix_group.8	Sun May 14 15:07:24 2006
++++ squid-2.7.STABLE6-patched/helpers/external_acl/unix_group/squid_unix_group.8	Mon Feb 16 11:56:34 2009
+@@ -27,7 +27,7 @@
+ This squid.conf example defines two Squid acls. usergroup1 matches users in group1, and usergroup2
+ matches users in group2 or group3
+ .IP
+-external_acl_type unix_group %LOGIN /usr/local/squid/libexec/squid_unix_group -p
++external_acl_type unix_group %LOGIN /usr/libexec/squid/squid_unix_group -p
+ .IP
+ acl usergroup1 external unix_group group1
+ .IP
+--- squid-2.7.STABLE6/src/Makefile.am	Wed Jan  2 15:50:39 2008
++++ squid-2.7.STABLE6-patched/src/Makefile.am	Mon Feb 16 11:56:34 2009
+@@ -340,13 +340,13 @@
+ DEFAULT_CONFIG_FILE     = $(sysconfdir)/squid.conf
+ DEFAULT_MIME_TABLE	= $(sysconfdir)/mime.conf
+ DEFAULT_DNSSERVER       = $(libexecdir)/`echo dnsserver | sed '$(transform);s/$$/$(EXEEXT)/'`
+-DEFAULT_LOG_PREFIX	= $(localstatedir)/logs
++DEFAULT_LOG_PREFIX	= $(localstatedir)/log/squid
+ DEFAULT_CACHE_LOG       = $(DEFAULT_LOG_PREFIX)/cache.log
+ DEFAULT_ACCESS_LOG      = $(DEFAULT_LOG_PREFIX)/access.log
+ DEFAULT_STORE_LOG       = $(DEFAULT_LOG_PREFIX)/store.log
+-DEFAULT_PID_FILE        = $(DEFAULT_LOG_PREFIX)/squid.pid
++DEFAULT_PID_FILE        = $(localstatedir)/run/squid.pid
+ DEFAULT_NETDB_FILE      = $(DEFAULT_LOG_PREFIX)/netdb.state
+-DEFAULT_SWAP_DIR        = $(localstatedir)/cache
++DEFAULT_SWAP_DIR        = $(localstatedir)/cache/squid
+ DEFAULT_PINGER		= $(libexecdir)/`echo pinger | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_UNLINKD		= $(libexecdir)/`echo unlinkd | sed '$(transform);s/$$/$(EXEEXT)/'`
+ DEFAULT_DISKD		= $(libexecdir)/`echo diskd-daemon | sed '$(transform);s/$$/$(EXEEXT)/'`
+--- squid-2.7.STABLE6/src/access_log.c	Tue Mar 18 02:48:43 2008
++++ squid-2.7.STABLE6-patched/src/access_log.c	Mon Feb 16 11:56:34 2009
+@@ -1261,7 +1261,7 @@
+ 	LogfileStatus = LOG_ENABLE;
+     }
+ #if HEADERS_LOG
+-    headerslog = logfileOpen("/usr/local/squid/logs/headers.log", MAX_URL << 1, 0);
++    headerslog = logfileOpen("/var/log/squid/headers.log", MAX_URL << 1, 0);
+     assert(NULL != headerslog);
+ #endif
+ #if FORW_VIA_DB
+--- squid-2.7.STABLE6/src/cf.data.pre	Mon Feb  2 11:28:55 2009
++++ squid-2.7.STABLE6-patched/src/cf.data.pre	Mon Feb 16 11:56:34 2009
+@@ -678,6 +678,8 @@
+ acl Safe_ports port 488		# gss-http
+ acl Safe_ports port 591		# filemaker
+ acl Safe_ports port 777		# multiling http
++acl Safe_ports port 901		# SWAT
++acl purge method PURGE
+ acl CONNECT method CONNECT
+ NOCOMMENT_END
+ DOC_END
+@@ -711,6 +713,9 @@
+ # Only allow cachemgr access from localhost
+ http_access allow manager localhost
+ http_access deny manager
++# Only allow purge requests from localhost
++http_access allow purge localhost
++http_access deny purge
+ # Deny requests to unknown ports
+ http_access deny !Safe_ports
+ # Deny CONNECT to other than SSL ports
+@@ -728,6 +733,9 @@
+ # from where browsing should be allowed
+ http_access allow localnet
+ 
++# Allow the localhost to have access by default
++http_access allow localhost
++
+ # And finally deny all other access to this proxy
+ http_access deny all
+ NOCOMMENT_END
+@@ -3754,11 +3762,11 @@
+ 
+ NAME: cache_mgr
+ TYPE: string
+-DEFAULT: webmaster
++DEFAULT: root
+ LOC: Config.adminEmail
+ DOC_START
+ 	Email-address of local cache manager who will receive
+-	mail if the cache dies. The default is "webmaster".
++	mail if the cache dies. The default is "root".
+ DOC_END
+ 
+ NAME: mail_from
+@@ -3787,12 +3795,12 @@
+ 
+ NAME: cache_effective_user
+ TYPE: string
+-DEFAULT: nobody
++DEFAULT: squid
+ LOC: Config.effectiveUser
+ DOC_START
+ 	If you start Squid as root, it will change its effective/real
+ 	UID/GID to the user specified below.  The default is to change
+-	to UID to nobody.  If you define cache_effective_user, but not
++	to UID to squid.  If you define cache_effective_user, but not
+ 	cache_effective_group, Squid sets the GID to the effective
+ 	user's default group ID (taken from the password file) and
+ 	supplementary group list from the from groups membership of
+@@ -4429,12 +4437,12 @@
+ NAME: snmp_port
+ TYPE: ushort
+ LOC: Config.Port.snmp
+-DEFAULT: 3401
++DEFAULT: 0
+ IFDEF: SQUID_SNMP
+ DOC_START
+ 	Squid can now serve statistics and status information via SNMP.
+-	By default it listens to port 3401 on the machine. If you don't
+-	wish to use SNMP, set this to "0".
++	By default snmp_port is disabled. If you wish to use SNMP, 
++	set this to "3401" (or any other number you like).
+ DOC_END
+ 
+ NAME: snmp_access
+@@ -4505,12 +4513,12 @@
+ NAME: htcp_port
+ IFDEF: USE_HTCP
+ TYPE: ushort
+-DEFAULT: 4827
++DEFAULT: 0
+ LOC: Config.Port.htcp
+ DOC_START
+ 	The port number where Squid sends and receives HTCP queries to
+-	and from neighbor caches.  Default is 4827.  To disable use
+-	"0".
++	and from neighbor caches.  To turn it on you want to set it to
++	4827.  By default it is set to "0" (disabled).
+ DOC_END
+ 
+ NAME: log_icp_queries
+@@ -5407,6 +5415,9 @@
+ 	If you disable this, it will appear as
+ 
+ 		X-Forwarded-For: unknown
++NOCOMMENT_START
++forwarded_for off
++NOCOMMENT_END
+ DOC_END
+ 
+ NAME: cachemgr_passwd
+--- squid-2.7.STABLE6/src/client_side.c	Mon Oct  6 21:27:44 2008
++++ squid-2.7.STABLE6-patched/src/client_side.c	Mon Feb 16 11:56:34 2009
+@@ -4706,14 +4706,7 @@
+ 	debug(83, 2) ("clientNegotiateSSL: Session %p reused on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+     } else {
+ 	if (do_debug(83, 4)) {
+-	    /* Write out the SSL session details.. actually the call below, but
+-	     * OpenSSL headers do strange typecasts confusing GCC.. */
+-	    /* PEM_write_SSL_SESSION(debug_log, SSL_get_session(ssl)); */
+-#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x00908000L
+-	    PEM_ASN1_write((i2d_of_void *) i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#else
+ 	    PEM_ASN1_write(i2d_SSL_SESSION, PEM_STRING_SSL_SESSION, debug_log, (char *) SSL_get_session(ssl), NULL, NULL, 0, NULL, NULL);
+-#endif
+ 	    /* Note: This does not automatically fflush the log file.. */
+ 	}
+ 	debug(83, 2) ("clientNegotiateSSL: New session %p on FD %d (%s:%d)\n", SSL_get_session(ssl), fd, fd_table[fd].ipaddr, (int) fd_table[fd].remote_port);
+--- squid-2.7.STABLE6/src/defines.h	Mon Sep 24 13:31:19 2007
++++ squid-2.7.STABLE6-patched/src/defines.h	Mon Feb 16 11:56:34 2009
+@@ -259,7 +259,7 @@
+ 
+ /* were to look for errors if config path fails */
+ #ifndef DEFAULT_SQUID_ERROR_DIR
+-#define DEFAULT_SQUID_ERROR_DIR "/usr/local/squid/etc/errors"
++#define DEFAULT_SQUID_ERROR_DIR "/usr/share/squid/errors/English"
+ #endif
+ 
+ /* gb_type operations */
+--- squid-2.7.STABLE6/src/main.c	Thu Sep 25 02:21:52 2008
++++ squid-2.7.STABLE6-patched/src/main.c	Mon Feb 16 11:56:34 2009
+@@ -376,6 +376,22 @@
+     asnFreeMemory();
+ }
+ 
++#if USE_UNLINKD
++static int
++needUnlinkd(void)
++{
++    int i;
++    int r = 0;
++    for (i = 0; i < Config.cacheSwap.n_configured; i++) {
++       if (strcmp(Config.cacheSwap.swapDirs[i].type, "ufs") == 0 ||
++           strcmp(Config.cacheSwap.swapDirs[i].type, "aufs") == 0 ||
++           strcmp(Config.cacheSwap.swapDirs[i].type, "diskd") == 0)
++          r++;
++    }
++    return r;
++}
++#endif
++
+ static void
+ mainReconfigure(void)
+ {
+@@ -614,7 +630,7 @@
+ 
+     if (!configured_once) {
+ #if USE_UNLINKD
+-	unlinkdInit();
++	if (needUnlinkd()) unlinkdInit();
+ #endif
+ 	urlInitialize();
+ 	cachemgrInit();
+@@ -636,6 +652,9 @@
+ #endif
+ #if USE_WCCPv2
+     wccp2Init();
++#endif
++#if USE_UNLINKD
++    if (needUnlinkd()) unlinkdInit();
+ #endif
+     serverConnectionsOpen();
+     neighbors_init();
diff --git a/main/squid/squid.confd b/main/squid/squid.confd
new file mode 100644
index 0000000000..14a9ee84bd
--- /dev/null
+++ b/main/squid/squid.confd
@@ -0,0 +1,15 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-proxy/squid/files/squid.confd,v 1.2 2008/11/30 19:20:44 mrness Exp $
+
+# Config file for /etc/init.d/squid
+
+SQUID_OPTS="-DYC"
+
+# Max. number of filedescriptors to use. You can increase this on a busy
+# cache to a maximum of (currently) 8192 filedescriptors. Default is 1024.
+SQUID_MAXFD=1024
+
+# Kerberos keytab file to use. This is required if you enable kerberos authentication.
+SQUID_KEYTAB=""
+
diff --git a/main/squid/squid.initd b/main/squid/squid.initd
new file mode 100644
index 0000000000..bbdc2bed2a
--- /dev/null
+++ b/main/squid/squid.initd
@@ -0,0 +1,97 @@
+#!/sbin/runscript
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/www/viewcvs.gentoo.org/raw_cvs/gentoo-x86/net-proxy/squid/files/squid.initd,v 1.10 2008/11/30 19:20:44 mrness Exp $
+
+opts="${opts} reload rotate"
+
+depend() {
+	need net
+}
+
+# Try to increase the # of filedescriptors we can open.
+maxfds() {
+	[ -n "$SQUID_MAXFD" ] || return
+	[ -f /proc/sys/fs/file-max ] || return 0
+	[ $SQUID_MAXFD -le 8192 ] || SQUID_MAXFD=8192
+	local global_file_max=`cat /proc/sys/fs/file-max`
+	local minimal_file_max=$(($SQUID_MAXFD + 4096))
+	if [ "$global_file_max" -lt $minimal_file_max ]; then
+		echo $minimal_file_max > /proc/sys/fs/file-max
+	fi
+	ulimit -n $SQUID_MAXFD
+}
+
+checkconfig() {
+	maxfds
+	
+	local CACHE_SWAP=$(awk '/^[ \t]*cache_dir[ \t]+/ { if ($2 == "coss" ) printf "%s/stripe ", $3 ; else printf "%s/00 ", $3; }' < /etc/squid/squid.conf)
+	[ -z "$CACHE_SWAP" ] && CACHE_SWAP="/var/cache/squid/00"
+	
+	local x
+	for x in $CACHE_SWAP ; do
+		if [ ! -e $x ] ; then
+			ebegin "Initializing cache directories"
+			local ORIG_UMASK=$(umask)
+			umask 027
+			local INIT_CACHE_RESPONSE="$(/usr/sbin/squid -z -N -D 2>&1)"
+			if [ $? != 0 ] || echo "$INIT_CACHE_RESPONSE" | grep -q "erminated abnormally" ; then
+				umask $ORIG_UMASK
+				eend 1
+				echo "$INIT_CACHE_RESPONSE"
+				return 1
+			fi
+			umask $ORIG_UMASK
+			eend 0
+			break
+		fi
+	done
+	
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting squid"
+	KRB5_KTNAME="${SQUID_KEYTAB}" /usr/sbin/squid ${SQUID_OPTS}
+	eend $? && sleep 1
+}
+
+stop() {
+	ebegin "Stopping squid"
+	/usr/sbin/squid -k shutdown
+	# Now we have to wait until squid has _really_ stopped.
+	sleep 1
+	if [ -f /var/run/squid.pid ] ; then
+		einfon "Waiting for squid to shutdown ."
+		cnt=0
+		while [ -f /var/run/squid.pid ] ; do
+			cnt=$(expr $cnt + 1)
+			if [ $cnt -gt 60 ] ; then
+				# Waited 120 seconds now. Fail.
+				echo
+				eend 1 "Failed."
+				break
+			fi
+			sleep 2
+			echo -n "."
+		done
+		echo
+	fi
+	eend 0
+}
+
+reload() {
+	checkconfig || return 1
+	ebegin "Reloading squid"
+	/usr/sbin/squid -k reconfigure
+	eend $?
+}
+
+rotate() {
+	service_started squid || return 1
+	ebegin "Rotating logs"
+	/usr/sbin/squid -k rotate
+	eend $?
+}
+
diff --git a/main/squid/squid.logrotate b/main/squid/squid.logrotate
new file mode 100644
index 0000000000..fb3279e013
--- /dev/null
+++ b/main/squid/squid.logrotate
@@ -0,0 +1,11 @@
+/var/log/squid/*.log {
+	daily
+	compress
+	rotate 5
+	missingok
+	nocreate
+	sharedscripts
+	postrotate
+	/usr/sbin/squid -k rotate
+	endscript
+}
diff --git a/main/squid/squid.post-install b/main/squid/squid.post-install
new file mode 100644
index 0000000000..88df6d26f9
--- /dev/null
+++ b/main/squid/squid.post-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+chown squid:squid /var/cache/squid /var/log/squid
+exit 0
+
diff --git a/main/ssmtp/APKBUILD b/main/ssmtp/APKBUILD
new file mode 100644
index 0000000000..2f63b689f9
--- /dev/null
+++ b/main/ssmtp/APKBUILD
@@ -0,0 +1,32 @@
+#Contributor: Leonardo Arena <rnalrd@gmail.com>
+pkgname=ssmtp
+pkgver=2.62
+pkgrel=0
+pkgdesc="Extremely simple MTA to get mail off the system to a mail hub"
+subpackages="$pkgname-doc"
+arch=""
+url="http://packages.debian.org/source/lenny/ssmtp"
+license="GPL-2"
+depends="uclibc"
+makedepends="openssl-dev"
+install=
+source="http://ftp.debian.org/debian/pool/main/s/$pkgname/${pkgname}_${pkgver}.orig.tar.gz
+        CVE-2008-3962.patch
+        generate_config.patch"
+
+build() {
+	cd "$srcdir/$pkgname"
+	patch generate_config ../../generate_config.patch
+	sed -i -e 's:$(CC) -o:$(CC) @LDFLAGS@ -o:' Makefile.in
+	patch -p1 ssmtp.c ../../CVE-2008-3962.patch
+
+	./configure --prefix=/usr \
+	--mandir=/usr/share/man \
+	--sysconfdir=/etc \
+	--enable-ssl
+	make || return 1
+	make prefix="$pkgdir"/usr etcdir="$pkgdir"/etc mandir="$pkgdir"/usr/share/man install
+}
+md5sums="257ac04e62ab7e3616e220333a1140cb  ssmtp_2.62.orig.tar.gz
+18f0686f1b8888d187f06dcff3b6212a  CVE-2008-3962.patch
+c70c395fe71589ca8b10b666455d5071  generate_config.patch"
diff --git a/main/ssmtp/CVE-2008-3962.patch b/main/ssmtp/CVE-2008-3962.patch
new file mode 100644
index 0000000000..fca144fa68
--- /dev/null
+++ b/main/ssmtp/CVE-2008-3962.patch
@@ -0,0 +1,14 @@
+--- ssmtp.orig/ssmtp.c
++++ ssmtp/ssmtp.c
+@@ -485,6 +485,11 @@ char *from_format(char *str, bool_t over
+ 				die("from_format() -- snprintf() failed");
+ 			}
+ 		}
++		else {
++			if(snprintf(buf, BUF_SZ, "%s", str) == -1) {
++				die("from_format() -- snprintf() failed");
++			}
++		}
+ 	}
+ 
+ #if 0
diff --git a/main/ssmtp/generate_config.patch b/main/ssmtp/generate_config.patch
new file mode 100644
index 0000000000..dd4baf9f8a
--- /dev/null
+++ b/main/ssmtp/generate_config.patch
@@ -0,0 +1,49 @@
+--- src/ssmtp/generate_config	2004-07-23 05:58:48.000000000 +0000
++++ generate_config	2009-01-27 10:09:11.000000000 +0000
+@@ -4,7 +4,7 @@
+ # Figure out the system's mailname
+ #
+ 
+-syshostname=`hostname --fqdn`
++syshostname="localhost"
+ if test -f /etc/mailname
+ then
+ 	mailname="`head -1 /etc/mailname`"
+@@ -15,23 +15,7 @@
+ 	mailname=$syshostname
+ fi
+ 
+-echo "Please enter the mail name of your system."
+-echo "This is the hostname portion of the address to be shown"
+-echo "on outgoing news and mail messages headers."
+-echo "The default is $syshostname, your system's host name."
+-echo
+-echo -n "Mail name [$syshostname]: "
+-read mailname
+-echo
+-
+-echo -n "Please enter the SMTP port number [25]: "
+-read smtpport
+-if test -z "$smtpport"
+-then
+-	mailhub=$mailhub
+-else
+-	mailhub="$mailhub:$smtpport"
+-fi
++mailhub="$mailhub:$smtpport"
+ 
+ #
+ # Generate configuration file
+@@ -56,11 +40,5 @@
+ # Where will the mail seem to come from?
+ #rewriteDomain=`echo -n $mailname`
+ # The full hostname
+-hostname=`hostname --fqdn`
++#hostname="localhost"
+ EOF
+-
+-echo
+-echo
+-echo "Please check the configuration file $1 for correctness."
+-echo
+-echo
diff --git a/main/strace/APKBUILD b/main/strace/APKBUILD
new file mode 100644
index 0000000000..eb1f88c2fa
--- /dev/null
+++ b/main/strace/APKBUILD
@@ -0,0 +1,20 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=strace
+pkgver=4.5.18
+pkgrel=0
+pkgdesc="A useful diagnositic, instructional, and debugging tool"
+url="http://sourceforge.net/projects/strace/"
+license="BSD"
+depends="uclibc"
+source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.bz2"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+}
+md5sums="e9449fcee97e6a8ed73934c883c870e0  strace-4.5.18.tar.bz2"
diff --git a/main/subversion/APKBUILD b/main/subversion/APKBUILD
new file mode 100644
index 0000000000..538f77d0be
--- /dev/null
+++ b/main/subversion/APKBUILD
@@ -0,0 +1,38 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=subversion
+pkgver=1.6.3
+pkgrel=0
+pkgdesc="Replacement for CVS, another versioning system (svn)"
+url="http://subversion.tigris.org/"
+license="apache bsd"
+depends=
+makedepends="apr-dev apr-util-dev expat-dev neon-dev openssl-dev zlib-dev
+	e2fsprogs-dev sqlite-dev"
+install="$pkgname.pre-install"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://svn.collab.net/tarballs/$pkgname-$pkgver.tar.gz
+	svnserve.confd
+	svnserve.initd
+	$install
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--disable-nls \
+		--without-apxs \
+		--disable-javahl \
+		--without-jdk 
+
+	make external-all || return 1
+	make local-all || return 1
+	make -j1 DESTDIR="$pkgdir" install || return 1
+
+	install -Dm755 "$srcdir"/svnserve.initd "$pkgdir"/etc/init.d/svnserve
+	install -Dm644 "$srcdir"/svnserve.confd "$pkgdir"/etc/conf.d/svnserve
+}
+md5sums="8357468ed2485b88151c50fb5deb28ca  subversion-1.6.3.tar.gz
+d084a7558053784886bc858b94fa9186  svnserve.confd
+06cf9328f63a935654971052a2c3594a  svnserve.initd
+bfd0d890c07830f1a6010891dd25fa5c  subversion.pre-install"
diff --git a/main/subversion/subversion.pre-install b/main/subversion/subversion.pre-install
new file mode 100644
index 0000000000..fb516ee5a0
--- /dev/null
+++ b/main/subversion/subversion.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+addgroup svnusers 2>/dev/null
+adduser svn -D -h /var/svn -G svnusers 2>/dev/null
+exit 0
+
diff --git a/main/subversion/svnserve.confd b/main/subversion/svnserve.confd
new file mode 100644
index 0000000000..b487a40975
--- /dev/null
+++ b/main/subversion/svnserve.confd
@@ -0,0 +1,10 @@
+# The commented variables in this file are the defaults that are used
+# in the init-script.  You don't need to uncomment them except to
+# customize them to different values.
+
+# Options for svnserve
+#SVNSERVE_OPTS="--root=/var/svn"
+
+# User and group as which to run svnserve
+SVNSERVE_USER="svn"
+SVNSERVE_GROUP="svnusers"
diff --git a/main/subversion/svnserve.initd b/main/subversion/svnserve.initd
new file mode 100644
index 0000000000..036d0187e7
--- /dev/null
+++ b/main/subversion/svnserve.initd
@@ -0,0 +1,44 @@
+#!/sbin/runscript
+# Copyright 2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/dev-util/subversion/files/svnserve.initd,v 1.2 2005/08/25 13:59:48 pauldv Exp $
+
+opts="$opts setup"
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting svnserve"
+	# Ensure that we run from a readable working dir, and that we do not
+	# lock filesystems when being run from such a location.
+	cd /
+	start-stop-daemon --start --quiet --background --make-pidfile \
+		--pidfile /var/run/svnserve.pid --exec /usr/bin/svnserve \
+		--chuid ${SVNSERVE_USER:-apache}:${SVNSERVE_GROUP:-apache} -- \
+		--foreground --daemon ${SVNSERVE_OPTS:---root=/var/svn}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping svnserve"
+	start-stop-daemon --stop --quiet --pidfile /var/run/svnserve.pid
+	eend $?
+}
+
+setup() {
+	local root=${SVNSERVE_ROOT:-/var/svn}
+	ebeging "Setting up svnserve repositories in $root"
+	if [ -e "$root/repos" ]; then
+		eend 1 "$root/repos already exist"
+		return 1
+	fi
+		
+	svnadmin create "$root"/repos
+	chown -Rf "${SVNSERVE_USER}:${SVNSERVE_GROUP}" "$root/repos"
+	mkdir -p "$root/conf"
+	chmod -Rf go-rwx "$root/conf"
+	chmod -Rf o-rwx "$root/repos"
+	eend $?
+}
diff --git a/main/sudo/APKBUILD b/main/sudo/APKBUILD
new file mode 100644
index 0000000000..75fd70f3c9
--- /dev/null
+++ b/main/sudo/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sudo
+pkgver=1.7.2
+pkgrel=0
+pkgdesc="Give certain users the ability to run some commands as root"
+url="http://www.sudo.ws/sudo/"
+license='custom ISC'
+depends=
+source="ftp://ftp.sudo.ws/pub/sudo/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--with-env-editor \
+		--without-pam \
+		--without-skey \
+		--without-offensive-insults \
+		|| return 1
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install || return 1
+}
+
+md5sums="9caba8719c3e0f163880a05f02a48249  sudo-1.7.2.tar.gz"
diff --git a/main/sysfsutils/APKBUILD b/main/sysfsutils/APKBUILD
new file mode 100644
index 0000000000..e462aec705
--- /dev/null
+++ b/main/sysfsutils/APKBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sysfsutils
+pkgver=2.1.0
+pkgrel=3
+pkgdesc="System Utilities Based on Sysfs"
+url="http://linux-diag.sourceforge.net/Sysfsutils.html"
+license="GPL LGPL"
+depends="uclibc"
+makedepends=""
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://downloads.sourceforge.net/sourceforge/linux-diag/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir"/ install
+#	cd "$srcdir"/pkg
+#	mkdir -v lib
+#	mv -v usr/lib/libsysfs.so.2* lib/
+#	ln -svf ../../lib/libsysfs.so.2 usr/lib/libsysfs.so
+}
+md5sums="14e7dcd0436d2f49aa403f67e1ef7ddc  sysfsutils-2.1.0.tar.gz"
diff --git a/main/sysklogd/APKBUILD b/main/sysklogd/APKBUILD
new file mode 100644
index 0000000000..e3fe8badc5
--- /dev/null
+++ b/main/sysklogd/APKBUILD
@@ -0,0 +1,50 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sysklogd
+pkgver=1.5
+pkgrel=0
+pkgdesc="System and kernel log daemons"
+url="http://www.infodrom.org/projects/sysklogd/"
+license="GPL BSD"
+subpackages="$pkgname-doc"
+depends="logrotate"
+makedepends=""
+source="http://www.infodrom.org/projects/$pkgname/download/$pkgname-$pkgver.tar.gz
+	sysklogd.logrotate
+	sysklogd.initd
+	sysklogd.confd
+	sysklogd-1.4.2-caen-owl-klogd-drop-root.diff
+	sysklogd-1.4.2-caen-owl-syslogd-bind.diff
+	sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff
+	sysklogd-1.5-build.patch
+	LICENSE"
+
+build ()
+{
+	cd "$srcdir"/$pkgname-$pkgver
+
+	for i in ../*.patch ../*.diff; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+
+	export CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE" 
+	make || return 1
+	install -d "$pkgdir"/usr/sbin
+	install -d "$pkgdir"/usr/share/man/man5 
+	install -d "$pkgdir"/usr/share/man/man8
+	make INSTALL=install prefix="$pkgdir" install
+	install -D -m644 ../sysklogd.logrotate \
+		"$pkgdir"/etc/logrotate.d/sysklogd
+	install -D -m755 ../sysklogd.initd "$pkgdir"/etc/init.d/sysklogd
+	install -D -m644 ../sysklogd.confd "$pkgdir"/etc/conf.d/sysklogd
+	install -D -m644 ../LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
+}
+md5sums="e053094e8103165f98ddafe828f6ae4b  sysklogd-1.5.tar.gz
+40304e92b2f6a92e252de24c5e3ca88e  sysklogd.logrotate
+9332657663a9f4286e5c61d22c46378f  sysklogd.initd
+e25d7b583b7e4bd8be503b89e1771e90  sysklogd.confd
+3b7ba3aa6519f96f11165a7d5900a8b1  sysklogd-1.4.2-caen-owl-klogd-drop-root.diff
+4715e1dd2deb7a9ac137e004210e3154  sysklogd-1.4.2-caen-owl-syslogd-bind.diff
+6c0a416e40a678cf99c454b0e98185c9  sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff
+c71826d1a4f3f7e8ffa57adbfc24f1ce  sysklogd-1.5-build.patch
+7930f7ff5038e1318511624e348581cc  LICENSE"
diff --git a/main/sysklogd/LICENSE b/main/sysklogd/LICENSE
new file mode 100644
index 0000000000..7e9b5d59c3
--- /dev/null
+++ b/main/sysklogd/LICENSE
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 1983, 1988 Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff b/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff
new file mode 100644
index 0000000000..40b8817d4e
--- /dev/null
+++ b/main/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff
@@ -0,0 +1,162 @@
+http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-klogd-drop-root.diff?rev=1.2;content-type=text%2Fplain
+diff -upk.orig sysklogd-1.4.2.orig/klogd.8 sysklogd-1.4.2/klogd.8
+--- sysklogd-1.4.2.orig/klogd.8	2005-03-11 16:12:09 +0000
++++ sysklogd-1.4.2/klogd.8	2005-08-18 14:37:47 +0000
+@@ -18,6 +19,12 @@ klogd \- Kernel Log Daemon
+ .RB [ " \-f "
+ .I fname
+ ]
++.RB [ " \-u "
++.I username
++]
++.RB [ " \-j "
++.I chroot_dir
++]
+ .RB [ " \-iI " ]
+ .RB [ " \-n " ]
+ .RB [ " \-o " ]
+@@ -53,6 +60,20 @@ stderr.
+ .BI "\-f " file
+ Log messages to the specified filename rather than to the syslog facility.
+ .TP
++.BI "\-u " username
++Tells klogd to become the specified user and drop root privileges before
++starting logging.
++.TP
++.BI "\-j " chroot_dir
++Tells klogd to
++.BR chroot (2)
++into this directory after initializing.
++This option is only valid if the \-u option is also used to run klogd
++without root privileges.
++Note that the use of this option will prevent \-i and \-I from working
++unless you set up the chroot directory in such a way that klogd can still
++read the kernel module symbols.
++.TP
+ .BI "\-i \-I"
+ Signal the currently executing klogd daemon.  Both of these switches control
+ the loading/reloading of symbol information.  The \-i switch signals the
+diff -upk.orig sysklogd-1.4.2.orig/klogd.c sysklogd-1.4.2/klogd.c
+--- sysklogd-1.4.2.orig/klogd.c	2005-08-18 12:29:52 +0000
++++ sysklogd-1.4.2/klogd.c	2005-08-18 14:37:47 +0000
+@@ -261,6 +261,8 @@
+ #include <stdarg.h>
+ #include <paths.h>
+ #include <stdlib.h>
++#include <pwd.h>
++#include <grp.h>
+ #include "klogd.h"
+ #include "ksyms.h"
+ #ifndef TESTING
+@@ -315,6 +317,9 @@ static enum LOGSRC {none, proc, kernel} 
+ int debugging = 0;
+ int symbols_twice = 0;
+ 
++char *server_user = NULL;
++char *chroot_dir = NULL;
++int log_flags = 0;
+ 
+ /* Function prototypes. */
+ extern int ksyslog(int type, char *buf, int len);
+@@ -535,8 +540,9 @@ static enum LOGSRC GetKernelLogSrc(void)
+ 	 * First do a stat to determine whether or not the proc based
+ 	 * file system is available to get kernel messages from.
+ 	 */
+-	if ( use_syscall ||
+-	    ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT)) )
++	if (!server_user &&
++	    (use_syscall ||
++	    ((stat(_PATH_KLOG, &sb) < 0) && (errno == ENOENT))))
+ 	{
+ 	  	/* Initialize kernel logging. */
+ 	  	ksyslog(1, NULL, 0);
+@@ -983,6 +989,27 @@ static void LogProcLine(void)
+ }
+ 
+ 
++static int drop_root(void)
++{
++	struct passwd *pw;
++
++	if (!(pw = getpwnam(server_user))) return -1;
++
++	if (!pw->pw_uid) return -1;
++
++	if (chroot_dir) {
++		if (chdir(chroot_dir)) return -1;
++		if (chroot(".")) return -1;
++	}
++
++	if (setgroups(0, NULL)) return -1;
++	if (setgid(pw->pw_gid)) return -1;
++	if (setuid(pw->pw_uid)) return -1;
++
++	return 0;
++}
++
++
+ int main(argc, argv)
+ 
+ 	int argc;
+@@ -1000,7 +1027,7 @@ int main(argc, argv)
+ 	chdir ("/");
+ #endif
+ 	/* Parse the command-line. */
+-	while ((ch = getopt(argc, argv, "c:df:iIk:nopsvx2")) != EOF)
++	while ((ch = getopt(argc, argv, "c:df:u:j:iIk:nopsvx2")) != EOF)
+ 		switch((char)ch)
+ 		{
+ 		    case '2':		/* Print lines with symbols twice. */
+@@ -1022,6 +1049,10 @@ int main(argc, argv)
+ 		    case 'I':
+ 			SignalDaemon(SIGUSR2);
+ 			return(0);
++		    case 'j':		/* chroot 'j'ail */
++			chroot_dir = optarg;
++			log_flags |= LOG_NDELAY;
++			break;
+ 		    case 'k':		/* Kernel symbol file. */
+ 			symfile = optarg;
+ 			break;
+@@ -1037,6 +1068,9 @@ int main(argc, argv)
+ 		    case 's':		/* Use syscall interface. */
+ 			use_syscall = 1;
+ 			break;
++		    case 'u':		/* Run as this user */
++			server_user = optarg;
++			break;
+ 		    case 'v':
+ 			printf("klogd %s.%s\n", VERSION, PATCHLEVEL);
+ 			exit (1);
+@@ -1045,6 +1079,10 @@ int main(argc, argv)
+ 			break;
+ 		}
+ 
++	if (chroot_dir && !server_user) {
++		fputs("'-j' is only valid with '-u'\n", stderr);
++		exit(1);
++	}
+ 
+ 	/* Set console logging level. */
+ 	if ( log_level != (char *) 0 )
+@@ -1158,7 +1196,7 @@ int main(argc, argv)
+ 		}
+ 	}
+ 	else
+-		openlog("kernel", 0, LOG_KERN);
++		openlog("kernel", log_flags, LOG_KERN);
+ 
+ 
+ 	/* Handle one-shot logging. */
+@@ -1191,6 +1229,11 @@ int main(argc, argv)
+ 		}
+ 	}
+ 
++	if (server_user && drop_root()) {
++		syslog(LOG_ALERT, "klogd: failed to drop root");
++		Terminate();
++	}
++
+         /* The main loop. */
+ 	while (1)
+ 	{
diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff
new file mode 100644
index 0000000000..ad311a512c
--- /dev/null
+++ b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff
@@ -0,0 +1,103 @@
+http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-bind.diff?rev=1.1;content-type=text%2Fplain
+diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8
+--- sysklogd-1.4.2.orig/sysklogd.8	2004-07-09 17:33:32 +0000
++++ sysklogd-1.4.2/sysklogd.8	2005-08-18 14:40:25 +0000
+@@ -15,6 +15,9 @@ sysklogd \- Linux system logging utiliti
+ .I config file
+ ]
+ .RB [ " \-h " ] 
++.RB [ " \-i "
++.I IP address
++]
+ .RB [ " \-l "
+ .I hostlist
+ ]
+@@ -104,6 +107,13 @@ Specifying this switch on the command li
+ This can cause syslog loops that fill up hard disks quite fast and
+ thus needs to be used with caution.
+ .TP
++.BI "\-i " "IP address"
++If
++.B syslogd
++is configured to accept log input from a UDP port, specify an IP address
++to bind to, rather than the default of INADDR_ANY.  The address must be in
++dotted quad notation, DNS host names are not allowed.
++.TP
+ .BI "\-l " "hostlist"
+ Specify a hostname that should be logged only with its simple hostname
+ and not the fqdn.  Multiple hosts may be specified using the colon
+diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c
+--- sysklogd-1.4.2.orig/syslogd.c	2005-08-18 14:33:22 +0000
++++ sysklogd-1.4.2/syslogd.c	2005-08-18 14:40:25 +0000
+@@ -774,6 +774,8 @@ char	**LocalHosts = NULL;	/* these hosts
+ int	NoHops = 1;		/* Can we bounce syslog messages through an
+ 				   intermediate host. */
+ 
++char	*bind_addr = NULL;	/* bind UDP port to this interface only */
++
+ extern	int errno;
+ 
+ /* Function prototypes. */
+@@ -878,7 +880,7 @@ int main(argc, argv)
+ 		funix[i]  = -1;
+ 	}
+ 
+-	while ((ch = getopt(argc, argv, "a:dhf:l:m:np:rs:v")) != EOF)
++	while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF)
+ 		switch((char)ch) {
+ 		case 'a':
+ 			if (nfunix < MAXFUNIX)
+@@ -895,9 +897,17 @@ int main(argc, argv)
+ 		case 'h':
+ 			NoHops = 0;
+ 			break;
++		case 'i':
++			if (bind_addr) {
++				fprintf(stderr, "Only one -i argument allowed, "
++					"the first one is taken.\n");
++				break;
++			}
++			bind_addr = optarg;
++			break;
+ 		case 'l':
+ 			if (LocalHosts) {
+-				fprintf (stderr, "Only one -l argument allowed," \
++				fprintf(stderr, "Only one -l argument allowed, "
+ 					"the first one is taken.\n");
+ 				break;
+ 			}
+@@ -1244,7 +1254,7 @@ int main(argc, argv)
+ int usage()
+ {
+ 	fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
+-		" [-s domainlist] [-f conffile]\n");
++		" [-s domainlist] [-f conffile] [-i IP address]\n");
+ 	exit(1);
+ }
+ 
+@@ -1286,15 +1296,22 @@ static int create_inet_socket()
+ 	int fd, on = 1;
+ 	struct sockaddr_in sin;
+ 
++	memset(&sin, 0, sizeof(sin));
++	sin.sin_family = AF_INET;
++	sin.sin_port = LogPort;
++	if (bind_addr) {
++		if (!inet_aton(bind_addr, &sin.sin_addr)) {
++			logerror("syslog: not a valid IP address to bind to.");
++			return -1;
++		}
++	}
++
+ 	fd = socket(AF_INET, SOCK_DGRAM, 0);
+ 	if (fd < 0) {
+ 		logerror("syslog: Unknown protocol, suspending inet service.");
+ 		return fd;
+ 	}
+ 
+-	memset(&sin, 0, sizeof(sin));
+-	sin.sin_family = AF_INET;
+-	sin.sin_port = LogPort;
+ 	if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, \
+ 		       (char *) &on, sizeof(on)) < 0 ) {
+ 		logerror("setsockopt(REUSEADDR), suspending inet");
diff --git a/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff
new file mode 100644
index 0000000000..8c3f571f3c
--- /dev/null
+++ b/main/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff
@@ -0,0 +1,118 @@
+http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/sysklogd/sysklogd-1.4.2-caen-owl-syslogd-drop-root.diff?rev=1.1;content-type=text%2Fplain
+diff -upk.orig sysklogd-1.4.2.orig/sysklogd.8 sysklogd-1.4.2/sysklogd.8
+--- sysklogd-1.4.2.orig/sysklogd.8	2005-08-18 14:40:25 +0000
++++ sysklogd-1.4.2/sysklogd.8	2005-08-18 14:41:26 +0000
+@@ -32,6 +32,9 @@ sysklogd \- Linux system logging utiliti
+ .RB [ " \-s "
+ .I domainlist
+ ]
++.RB [ " \-u"
++.IB username
++]
+ .RB [ " \-v " ]
+ .LP
+ .SH DESCRIPTION
+@@ -161,6 +164,19 @@ is specified and the host logging resolv
+ no domain would be cut, you will have to specify two domains like:
+ .BR "\-s north.de:infodrom.north.de" .
+ .TP
++.BI "\-u " "username"
++This causes the
++.B syslogd
++daemon to become the named user before starting up logging.
++
++Note that when this option is in use,
++.B syslogd
++will open all log files as root when the daemon is first started;
++however, after a
++.B SIGHUP
++the files will be reopened as the non-privileged user.  You should
++take this into account when deciding the ownership of the log files.
++.TP
+ .B "\-v"
+ Print version and exit.
+ .LP
+diff -upk.orig sysklogd-1.4.2.orig/syslogd.c sysklogd-1.4.2/syslogd.c
+--- sysklogd-1.4.2.orig/syslogd.c	2005-08-18 14:40:25 +0000
++++ sysklogd-1.4.2/syslogd.c	2005-08-18 14:41:26 +0000
+@@ -524,6 +524,10 @@ static char sccsid[] = "@(#)syslogd.c	5.
+ #include <arpa/nameser.h>
+ #include <arpa/inet.h>
+ #include <resolv.h>
++
++#include <pwd.h>
++#include <grp.h>
++
+ #ifndef TESTING
+ #include "pidfile.h"
+ #endif
+@@ -775,6 +779,7 @@ int	NoHops = 1;		/* Can we bounce syslog
+ 				   intermediate host. */
+ 
+ char	*bind_addr = NULL;	/* bind UDP port to this interface only */
++char	*server_user = NULL;	/* user name to run server as */
+ 
+ extern	int errno;
+ 
+@@ -827,6 +832,21 @@ static int set_nonblock_flag(int desc)
+ 	return fcntl(desc, F_SETFL, flags | O_NONBLOCK);
+ }
+ 
++static int drop_root(void)
++{
++	struct passwd *pw;
++
++	if (!(pw = getpwnam(server_user))) return -1;
++
++	if (!pw->pw_uid) return -1;
++
++	if (initgroups(server_user, pw->pw_gid)) return -1;
++	if (setgid(pw->pw_gid)) return -1;
++	if (setuid(pw->pw_uid)) return -1;
++
++	return 0;
++}
++
+ int main(argc, argv)
+ 	int argc;
+ 	char **argv;
+@@ -880,7 +900,7 @@ int main(argc, argv)
+ 		funix[i]  = -1;
+ 	}
+ 
+-	while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:v")) != EOF)
++	while ((ch = getopt(argc, argv, "a:dhf:i:l:m:np:rs:u:v")) != EOF)
+ 		switch((char)ch) {
+ 		case 'a':
+ 			if (nfunix < MAXFUNIX)
+@@ -933,6 +953,9 @@ int main(argc, argv)
+ 			}
+ 			StripDomains = crunch_list(optarg);
+ 			break;
++		case 'u':
++			server_user = optarg;
++			break;
+ 		case 'v':
+ 			printf("syslogd %s.%s\n", VERSION, PATCHLEVEL);
+ 			exit (0);
+@@ -1100,6 +1123,11 @@ int main(argc, argv)
+ 		kill (ppid, SIGTERM);
+ #endif
+ 
++	if (server_user && drop_root()) {
++		dprintf("syslogd: failed to drop root\n");
++		exit(1);
++	}
++
+ 	/* Main loop begins here. */
+ 	for (;;) {
+ 		int nfds;
+@@ -1254,7 +1282,7 @@ int main(argc, argv)
+ int usage()
+ {
+ 	fprintf(stderr, "usage: syslogd [-drvh] [-l hostlist] [-m markinterval] [-n] [-p path]\n" \
+-		" [-s domainlist] [-f conffile] [-i IP address]\n");
++		" [-s domainlist] [-f conffile] [-i IP address] [-u username]\n");
+ 	exit(1);
+ }
+ 
diff --git a/main/sysklogd/sysklogd-1.5-build.patch b/main/sysklogd/sysklogd-1.5-build.patch
new file mode 100644
index 0000000000..6175cdfe78
--- /dev/null
+++ b/main/sysklogd/sysklogd-1.5-build.patch
@@ -0,0 +1,20 @@
+respect env CC/CFLAGS/CPPFLAGS/LDFLAGS
+
+--- a/Makefile
++++ b/Makefile
+@@ -17,14 +17,12 @@
+ #   along with this program; if not, write to the Free Software
+ #   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ 
+-CC= gcc
+ #SKFLAGS= -g -DSYSV -Wall
+ #LDFLAGS= -g
+-SKFLAGS= $(RPM_OPT_FLAGS) -O3 -DSYSV -fomit-frame-pointer -Wall -fno-strength-reduce
++SKFLAGS= $(CFLAGS) $(CPPFLAGS) -DSYSV -Wall -fno-strength-reduce
+ # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE
+ # -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
+ # $(shell getconf LFS_SKFLAGS)
+-LDFLAGS= -s
+ 
+ # Look where your install program is.
+ INSTALL = /usr/bin/install
diff --git a/main/sysklogd/sysklogd.confd b/main/sysklogd/sysklogd.confd
new file mode 100644
index 0000000000..c973573911
--- /dev/null
+++ b/main/sysklogd/sysklogd.confd
@@ -0,0 +1,6 @@
+# Config file for /etc/init.d/sysklogd
+
+SYSLOGD="-m 0"
+# send warnings and above to the console
+KLOGD="-c 3 -2"
+
diff --git a/main/sysklogd/sysklogd.initd b/main/sysklogd/sysklogd.initd
new file mode 100644
index 0000000000..59db00fc99
--- /dev/null
+++ b/main/sysklogd/sysklogd.initd
@@ -0,0 +1,79 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License, v2 or later
+# $Header: /var/cvsroot/gentoo-x86/app-admin/sysklogd/files/sysklogd.rc6,v 1.12 2007/05/01 12:49:04 uberlord Exp $
+
+opts="reload"
+
+depend() {
+	need clock hostname cron
+	provide logger
+}
+
+start_daemon() {
+	local retval=0
+	local daemon="$1"
+	local options="$2"
+
+	[ -z "${daemon}" ] && return 1
+
+	ebegin "sysklogd -> start: ${daemon}"
+	start-stop-daemon --start --exec /usr/sbin/"${daemon}" \
+		--pidfile /var/run/"${daemon}".pid -- ${options}
+	retval=$?
+	eend ${retval} "Failed to start ${daemon}"
+
+	return ${retval}
+}
+
+stop_daemon() {
+	local retval=0
+	local daemon="$1"
+
+	[ -z "${daemon}" ] && return 1
+	
+	ebegin "sysklogd -> stop: ${daemon}"
+	# syslogd can be stubborn some times (--retry 15)...
+	start-stop-daemon --stop --retry 15 --quiet --pidfile /var/run/"${daemon}".pid
+	retval=$?
+	eend ${retval} "Failed to stop ${daemon}"
+
+	return ${retval}
+}
+
+start() {
+	start_daemon "syslogd" "${SYSLOGD}" || return 1
+
+	# vservers should not start klogd
+	[ "$RC_SYS" = "VSERVER" ] && return 0
+	# klogd do not always start proper if started too early
+	sleep 1
+
+	if ! start_daemon "klogd" "${KLOGD}" ; then
+		stop_daemon "syslogd"
+		return 1
+	fi
+
+	return 0
+}
+
+stop() {
+	if [ "$RC_SYS" != "VSERVER" ]; then
+		stop_daemon "klogd" || return 1
+	fi
+	stop_daemon "syslogd" || return 1 
+	return 0
+}
+
+reload() {
+	local ret=0
+
+	ebegin "Reloading configuration"
+
+	start-stop-daemon --stop --oknodo --signal HUP --pidfile /var/run/syslogd.pid
+	ret=$((${ret} + $?))
+	start-stop-daemon --stop --oknodo --signal USR1 --pidfile /var/run/klogd.pid
+	ret=$((${ret} + $?))
+
+	eend ${ret}
+}
diff --git a/main/sysklogd/sysklogd.logrotate b/main/sysklogd/sysklogd.logrotate
new file mode 100644
index 0000000000..29afd15bd4
--- /dev/null
+++ b/main/sysklogd/sysklogd.logrotate
@@ -0,0 +1,6 @@
+/var/log/messages /var/log/auth /var/log/mail /var/log/errors /var/log/kernel {
+    sharedscripts
+    postrotate
+	    /etc/init.d/sysklogd --quiet reload
+    endscript
+}
diff --git a/main/syslinux/APKBUILD b/main/syslinux/APKBUILD
new file mode 100644
index 0000000000..e7036c0f87
--- /dev/null
+++ b/main/syslinux/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=syslinux
+pkgver=3.81
+pkgrel=0
+pkgdesc="a boot loader for the Linux operating system which operates off an MS-DOS/Windows FAT filesystem."
+url="http://syslinux.org"
+license="GPL"
+makedepends="nasm perl"
+depends="mtools uclibc"
+source="http://www.kernel.org/pub/linux/utils/boot/$pkgname/$pkgname-$pkgver.tar.bz2
+	$pkgname-3.72-nopie.patch
+	"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$pkgver"
+	patch -p1 < ../$pkgname-3.72-nopie.patch || return 1
+	unset LDFLAGS
+	make installer || return 1
+	make INSTALLROOT="$pkgdir" MANDIR=/usr/share/man local-install
+}
+
+md5sums="9be7f19e65aa8ffad325ccff1b6175a4  syslinux-3.81.tar.bz2
+c08398d165d29e48711e55058e2897de  syslinux-3.72-nopie.patch"
diff --git a/main/syslinux/syslinux-3.72-nopie.patch b/main/syslinux/syslinux-3.72-nopie.patch
new file mode 100644
index 0000000000..2662d17b43
--- /dev/null
+++ b/main/syslinux/syslinux-3.72-nopie.patch
@@ -0,0 +1,12 @@
+diff -ur a/com32/MCONFIG b/com32/MCONFIG
+--- a/com32/MCONFIG	2008-09-26 01:46:02.000000000 +0200
++++ b/com32/MCONFIG	2008-10-28 16:10:16.107964907 +0100
+@@ -19,6 +19,8 @@
+ GCCOPT := $(call gcc_ok,-std=gnu99,) \
+ 	  $(call gcc_ok,-m32,) \
+ 	  $(call gcc_ok,-fno-stack-protector,) \
++	  $(call gcc_ok,-nopie,) \
++	  $(call gcc_ok,-fno-pie,) \
+ 	  -mregparm=3 -DREGPARM=3 -march=i386 -Os
+ 
+ com32 = $(topdir)/com32
diff --git a/main/sysstat/APKBUILD b/main/sysstat/APKBUILD
new file mode 100644
index 0000000000..f9a1408b7f
--- /dev/null
+++ b/main/sysstat/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=sysstat
+pkgver=9.0.3
+pkgrel=0
+pkgdesc="Performance monitoring tools for Linux"
+url="http://pagesperso-orange.fr/sebastien.godard/"
+license="GPL"
+depends=
+makedepends=""
+subpackages="$pkgname-doc"
+source="http://pagesperso-orange.fr/sebastien.godard/sysstat-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="0b464951596db934418259737cf50a31  sysstat-9.0.3.tar.gz"
diff --git a/main/tar/APKBUILD b/main/tar/APKBUILD
new file mode 100644
index 0000000000..7e713be6c9
--- /dev/null
+++ b/main/tar/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=tar
+pkgver=1.22
+pkgrel=0
+pkgdesc="Utility used to store, backup, and transport files"
+url="http://www.gnu.org"
+license='GPL'
+depends="uclibc"
+install="$pkgname.post-deinstall"
+makedepends=""
+source="ftp://ftp.gnu.org/gnu/tar/$pkgname-$pkgver.tar.gz
+$pkgname.post-deinstall"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+	--mandir=/usr/share/man
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+md5sums="efafad1b256e3de410f4fce5335d9c9d  tar-1.22.tar.gz
+b84506d253e04db3c5af9016fead45a3  tar.post-deinstall"
diff --git a/main/tar/tar.post-deinstall b/main/tar/tar.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/tar/tar.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/tcl/APKBUILD b/main/tcl/APKBUILD
new file mode 100644
index 0000000000..32a9eff63f
--- /dev/null
+++ b/main/tcl/APKBUILD
@@ -0,0 +1,33 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=tcl
+pkgver=8.5.7
+pkgrel=0
+pkgdesc="The Tcl scripting language"
+url="http://tcl.sourceforge.net/"
+license="custom"
+depends="uclibc"
+makedepends=""
+source="http://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname$pkgver-src.tar.gz"
+subpackages="$pkgname-doc $pkgname-dev"
+
+build ()
+{
+        cd ${srcdir}/tcl${pkgver}/unix
+        ./configure --prefix=/usr \
+        --mandir=/usr/share/man \
+        --disable-64bit
+        make || return 1
+        make INSTALL_ROOT=${pkgdir} install install-private-headers
+        ln -sf tclsh8.5 ${pkgdir}/usr/bin/tclsh
+        install -Dm644 ../license.terms ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
+        sed -i \
+        -e "s,^TCL_BUILD_LIB_SPEC='-L.*/unix,TCL_BUILD_LIB_SPEC='-L/usr/lib," \
+        -e "s,^TCL_SRC_DIR='.*',TCL_SRC_DIR='/usr/include'," \
+        -e "s,^TCL_BUILD_STUB_LIB_SPEC='-L.*/unix,TCL_BUILD_STUB_LIB_SPEC='-L/usr/lib," \
+        -e "s,^TCL_BUILD_STUB_LIB_PATH='.*/unix,TCL_BUILD_STUB_LIB_PATH='/usr/lib," \
+        -e "s,^TCL_LIB_FILE='libtcl8.5..TCL_DBGX..so',TCL_LIB_FILE=\"libtcl8.5\$\{TCL_DBGX\}.so\"," \
+        -e "s,^TCL_CC_SEARCH_FLAGS='\(.*\)',TCL_CC_SEARCH_FLAGS='\1:/usr/lib'," \
+        -e "s,^TCL_LD_SEARCH_FLAGS='\(.*\)',TCL_LD_SEARCH_FLAGS='\1:/usr/lib'," \
+        ${pkgdir}/usr/lib/tclConfig.sh
+}
+md5sums="f70ad8f78b5e4a9f792fe101f22b125f  tcl8.5.7-src.tar.gz"
diff --git a/main/tcpdump/APKBUILD b/main/tcpdump/APKBUILD
new file mode 100644
index 0000000000..ad9f5323f4
--- /dev/null
+++ b/main/tcpdump/APKBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=tcpdump
+pkgver=4.0.0
+pkgrel=1
+pkgdesc="A tool for network monitoring and data acquisition"
+url="http://www.tcpdump.org"
+license="BSD"
+depends="libpcap openssl"
+makedepends="libpcap-dev openssl-dev"
+source="http://www.$pkgname.org/release/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--enable-ipv6
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	rm -f "$pkgdir"/usr/sbin/tcpdump.4*
+}
+
+md5sums="b22ca72890df2301d922c9f2d17867f9  tcpdump-4.0.0.tar.gz"
diff --git a/main/tcpproxy/APKBUILD b/main/tcpproxy/APKBUILD
new file mode 100644
index 0000000000..a06aacb39a
--- /dev/null
+++ b/main/tcpproxy/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Michael Mason <ms13sp@gmail.com> 
+pkgname=tcpproxy
+pkgver=2.0.0_beta15
+_realver=2.0.0-beta15
+pkgrel=0
+pkgdesc="Transparent TCP Proxy"
+url="http://www.quietsche-entchen.de/cgi-bin/wiki.cgi/proxies/TcpProxy"
+license="GPL"
+depends=
+makedepends="ctags"
+install=""
+subpackages=""
+source="http://www.quietsche-entchen.de/download/$pkgname-$_realver.tar.gz
+	tcpproxy.initd"
+
+build() {
+	cd "$srcdir/$pkgname-$_realver"
+
+	make || return 1
+
+	install -m755 -D "$pkgname" "$pkgdir"/usr/sbin/"$pkgname"
+	install -Dm 755 "$startdir"/$pkgname.initd $pkgdir/etc/init.d/$pkgname
+}
+
+md5sums="e946f807049d6296f54aa57b5c17f1c8  tcpproxy-2.0.0-beta15.tar.gz
+f13fccf076e24df1352dfb884aa7b880  tcpproxy.initd"
diff --git a/main/tcpproxy/tcpproxy.initd b/main/tcpproxy/tcpproxy.initd
new file mode 100644
index 0000000000..a7fd4292db
--- /dev/null
+++ b/main/tcpproxy/tcpproxy.initd
@@ -0,0 +1,14 @@
+#!/sbin/runscript
+
+DAEMON=/usr/sbin/tcpproxy
+start() {
+	ebegin "Starting tcpproxy"
+	start-stop-daemon -S -x $DAEMON -- $TCPPROXY_OPTS
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping tcpproxy"
+	start-stop-daemon -K -x $DAEMON
+	eend $?
+}
diff --git a/main/texinfo/APKBUILD b/main/texinfo/APKBUILD
new file mode 100644
index 0000000000..a8484bf43b
--- /dev/null
+++ b/main/texinfo/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=texinfo
+pkgver=4.13a
+pkgrel=1
+pkgdesc="Utilities to work with and produce manuals, ASCII text, and on-line documentation from a single source file"
+url="http://www.gnu.org/software/texinfo/"
+license='GPL3'
+depends=
+makedepends="ncurses-dev"
+source="ftp://ftp.gnu.org/pub/gnu/${pkgname}/${pkgname}-${pkgver}.tar.gz"
+subpackages="$pkgname-doc"
+
+build() {
+	cd ${srcdir}/${pkgname}-4.13
+	./configure --prefix=/usr || return 1
+	make || return 1
+	make DESTDIR=${pkgdir} install || return 1
+	rm -f ${pkgdir}/usr/share/info/dir
+	gzip ${pkgdir}/usr/share/info/*
+}
+
+md5sums="71ba711519209b5fb583fed2b3d86fcb  texinfo-4.13a.tar.gz"
diff --git a/main/tiff/APKBUILD b/main/tiff/APKBUILD
new file mode 100644
index 0000000000..c580a84a30
--- /dev/null
+++ b/main/tiff/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Michael Mason <ms13sp@gmail.com>
+pkgname=tiff
+pkgver=3.8.2
+pkgrel=0
+pkgdesc="Provides support for the Tag Image File Format or TIFF"
+url="http://www.libtiff.org/"
+license="GPL"
+depends="uclibc"
+subpackages="$pkgname-doc $pkgname-dev"
+source="ftp://ftp.remotesensing.org/pub/lib$pkgname/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-cxx
+	make || return 1
+	make DESTDIR="$pkgdir" install
+
+}
+
+md5sums="fbb6f446ea4ed18955e2714934e5b698  tiff-3.8.2.tar.gz"
diff --git a/main/tinyproxy/APKBUILD b/main/tinyproxy/APKBUILD
new file mode 100644
index 0000000000..72abc3f24d
--- /dev/null
+++ b/main/tinyproxy/APKBUILD
@@ -0,0 +1,41 @@
+# Contributor: Michael Mason <ms13sp@gmail.com>
+# Maintainer: Michael Mason <ms13sp@gmail.com>
+pkgname=tinyproxy
+pkgver=1.6.3
+pkgrel=1
+pkgdesc="Lightweight HTTP proxy"
+url="https://www.banu.com/tinyproxy/"
+license="GPL"
+depends=
+makedepends=""
+install="tinyproxy.pre-install tinyproxy.post-install"
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	tinyproxy.initd
+	$install
+	"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	# set default user to tinyproxy:tinyproxy and correct pidfile
+	sed -i -e 's:^User.*:User tinyproxy:' \
+		-e 's:^Group.*:Group tinyproxy:' \
+		-e 's:^PidFile.*:PidFile "/var/run/tinyproxy/tinyproxy.pid":' \
+		doc/tinyproxy.conf
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info
+
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	mkdir -p "$pkgdir"/var/run/tinyproxy
+	install -Dm755 "$srcdir"/tinyproxy.initd "$pkgdir"/etc/init.d/tinyproxy
+}
+
+md5sums="bd14d029b12621bcfd7ee71b2f4893da  tinyproxy-1.6.3.tar.gz
+554da6fc363fbe251f081b342541bef4  tinyproxy.initd
+ab854eaf0ad44de6c85660350ed9f758  tinyproxy.pre-install
+0d2d99e5759292d00c4e5c73d8c220ff  tinyproxy.post-install"
diff --git a/main/tinyproxy/tinyproxy.initd b/main/tinyproxy/tinyproxy.initd
new file mode 100644
index 0000000000..bee5d041fb
--- /dev/null
+++ b/main/tinyproxy/tinyproxy.initd
@@ -0,0 +1,45 @@
+#!/sbin/runscript
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-proxy/tinyproxy/files/tinyproxy.initd,v 1.1 2008/02/16 07:11:25 mrness Exp $
+
+CONFFILE="/etc/tinyproxy/${SVCNAME}.conf"
+
+depend() {
+	use logger dns
+	need net
+}
+
+checkconfig() {
+	if [ ! -f "${CONFFILE}" ]; then
+		eerror "Configuration file ${CONFFILE} not found!"
+		return 1
+	fi
+
+	PIDFILE=$(sed -n -e 's/^[[:space:]]*PidFile[[:space:]]\+"\(.*\)"[[:space:]]*$/\1/p' "${CONFFILE}")
+	return 0
+}
+
+start() {
+	checkconfig || return 1
+
+	ebegin "Starting tinyproxy"
+	if [ -n "${PIDFILE}" ]; then
+		start-stop-daemon --start --pidfile "${PIDFILE}" --startas /usr/sbin/tinyproxy -- -c "${CONFFILE}"
+	else
+		start-stop-daemon --start --exec /usr/sbin/tinyproxy -- -c "${CONFFILE}"
+	fi
+	eend $?
+}
+
+stop() {
+	checkconfig || return 1
+
+	ebegin "Stopping tinyproxy"
+	if [ -n "${PIDFILE}" ]; then
+		start-stop-daemon --stop --pidfile "${PIDFILE}"
+	else
+		start-stop-daemon --stop --exec /usr/sbin/tinyproxy
+	fi
+	eend $?
+}
diff --git a/main/tinyproxy/tinyproxy.post-install b/main/tinyproxy/tinyproxy.post-install
new file mode 100755
index 0000000000..ef518c6162
--- /dev/null
+++ b/main/tinyproxy/tinyproxy.post-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+chown tinyproxy:tinyproxy /var/run/tinyproxy
+
+# return with success even if user already exist
+exit 0
diff --git a/main/tinyproxy/tinyproxy.pre-install b/main/tinyproxy/tinyproxy.pre-install
new file mode 100755
index 0000000000..d324b044e3
--- /dev/null
+++ b/main/tinyproxy/tinyproxy.pre-install
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+adduser -h /dev/null -s /bin/false -D tinyproxy 2>/dev/null
+
+# return with success even if user already exist
+exit 0
diff --git a/main/tmux/APKBUILD b/main/tmux/APKBUILD
new file mode 100644
index 0000000000..7edc932264
--- /dev/null
+++ b/main/tmux/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Natanael Copa <ncopa@alpinelinux.org>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=tmux
+pkgver=0.9
+pkgrel=0
+pkgdesc="Tool to control multiple terminals from a single terminal"
+url="http://tmux.sourceforge.net/"
+license="BSD"
+depends=""
+makedepends="ncurses-dev"
+install=
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz
+	build.patch"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	patch -p1 < ../build.patch || return 1
+
+	./configure 
+	make || return 1
+	make DESTDIR="$pkgdir" PREFIX=/usr install
+
+}
+
+md5sums="2d1df646a6977bb7d9b20e53770d5593  tmux-0.9.tar.gz
+373cabbc35601c3ee71fde0877f5fe83  build.patch"
diff --git a/main/tmux/build.patch b/main/tmux/build.patch
new file mode 100644
index 0000000000..b16c4f4cab
--- /dev/null
+++ b/main/tmux/build.patch
@@ -0,0 +1,23 @@
+diff -ru tmux-0.9.orig/GNUmakefile tmux-0.9/GNUmakefile
+--- tmux-0.9.orig/GNUmakefile	2009-07-09 08:11:37.000000000 +0000
++++ tmux-0.9/GNUmakefile	2009-07-09 08:12:09.000000000 +0000
+@@ -53,5 +53,5 @@
+ install:	all
+ 		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/bin
+ 		$(INSTALLBIN) tmux $(DESTDIR)$(PREFIX)/bin/tmux
+-		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/man/man1
+-		$(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/man/man1/tmux.1
++		$(INSTALLDIR) $(DESTDIR)$(PREFIX)/share/man/man1
++		$(INSTALLMAN) tmux.1 $(DESTDIR)$(PREFIX)/share/man/man1/tmux.1
+diff -ru tmux-0.9.orig/configure tmux-0.9/configure
+--- tmux-0.9.orig/configure	2009-07-09 08:11:37.000000000 +0000
++++ tmux-0.9/configure	2009-07-09 08:12:20.000000000 +0000
+@@ -82,7 +82,7 @@
+ 	compat/strtonum.c \
+         compat/getopt.c \
+ 	compat/vis.c
+-CFLAGS+= -D_GNU_SOURCE -D_POSIX_SOURCE
++CFLAGS+= -D_GNU_SOURCE -D_POSIX_SOURCE -std=c99
+ LIBS+= -lcrypt -lutil
+ EOF
+ 	;;
diff --git a/main/transmission/APKBUILD b/main/transmission/APKBUILD
new file mode 100644
index 0000000000..0942c1b2a3
--- /dev/null
+++ b/main/transmission/APKBUILD
@@ -0,0 +1,32 @@
+# Maintainer:Carlo Landmeter
+pkgname=transmission
+pkgver=1.61
+pkgel=0
+pkgdesc="Fast, easy, and fee BitToent client (CLI tools daemon and webinterface)"
+url="http://www.tansmissionbt.com"
+install="$pkgname.pre-install"
+license="MIT"
+depends="curl"
+makedepends="openssl-dev pkgconfig curl-dev g++"
+source="http://download.m0k.org/transmission/files/transmission-$pkgver.tar.bz2
+	transmission-daemon.initd
+	transmission-daemon.confd
+	$pkgname.pre-install"
+subpackages="$pkgname-doc"
+
+build() {
+        cd "$srcdir/$pkgname-$pkgver"
+
+        ./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--disable-gtk \
+		--disable-nls
+        make || return 1
+        make prefix="$pkgdir"/usr mandir="$pkgdir"/usr/share/man install
+        install -D -m755 "$srcdir"/transmission-daemon.initd "$pkgdir"/etc/init.d/transmission-daemon
+        install -D -m644 "$srcdir"/transmission-daemon.confd "$pkgdir"/etc/conf.d/transmission-daemon
+}
+md5sums="0b0428f4a6237a64dc8b7d378ace3f06  transmission-1.61.tar.bz2
+b3b921242bdc3b33a8ac05fc30653b6c  transmission-daemon.initd
+89478a70fcd93463e1dd8d751da994da  transmission-daemon.confd
+f1c8d94e1f7ff77c23a7e92d3860754d  transmission.pre-install"
diff --git a/main/transmission/transmission-daemon.confd b/main/transmission/transmission-daemon.confd
new file mode 100644
index 0000000000..c1f338f07c
--- /dev/null
+++ b/main/transmission/transmission-daemon.confd
@@ -0,0 +1,18 @@
+#
+# transmission-daemon options
+#
+# -a --acl          <list>      Access Control List.  (Default: +127.0.0.1)
+# -b --blocklist                Enable peer blocklists
+# -B --no-blocklist             Disable peer blocklists
+# -f --foreground               Run in the foreground instead of daemonizing
+# -g --config-dir   <path>      Where to look for configuration files
+# -p --port         <port>      RPC port (Default: 9091)
+# -t --auth                     Require authentication
+# -T --no-auth                  Don't require authentication
+# -u --username     <username>  Set username for authentication
+# -v --password     <password>  Set password for authentication
+# -w --download-dir <path>      Where to save downloaded data
+#
+# NOTE: webif does not work without the -f switch
+#
+TD_OPTS="-f -g /var/lib/transmission/.config -w /var/lib/transmission"
diff --git a/main/transmission/transmission-daemon.initd b/main/transmission/transmission-daemon.initd
new file mode 100644
index 0000000000..af9461cc60
--- /dev/null
+++ b/main/transmission/transmission-daemon.initd
@@ -0,0 +1,21 @@
+#!/sbin/runscript
+
+depend() {
+        need net
+}
+
+start() {
+        ebegin "Starting transmission-daemon"
+                start-stop-daemon --start --quiet --background --make-pidfile \
+                --chuid transmission:transmission \
+                --pidfile /var/run/transmission-daemon.pid \
+                --exec /usr/bin/transmission-daemon -- ${TD_OPTS}
+        eend $?
+}
+
+stop() {
+        ebegin "Stopping transmission-daemon"
+                start-stop-daemon --stop --quiet \
+                --pidfile /var/run/transmission-daemon.pid \
+        eend $?
+}
diff --git a/main/transmission/transmission.pre-install b/main/transmission/transmission.pre-install
new file mode 100644
index 0000000000..44a14760f6
--- /dev/null
+++ b/main/transmission/transmission.pre-install
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+adduser -h /var/lib/transmission -s /bin/false -D transmission 2>/dev/null
+
+exit 0
diff --git a/main/uclibc++/APKBUILD b/main/uclibc++/APKBUILD
new file mode 100644
index 0000000000..e6545e482f
--- /dev/null
+++ b/main/uclibc++/APKBUILD
@@ -0,0 +1,47 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=uclibc++
+pkgver=0.2.2
+pkgrel=3
+pkgdesc="Embedded C++ library"
+url="http://cxx.uclibc.org/"
+license='GPL-2'
+depends=
+makedepends=
+subpackages="$pkgname-dev"
+source="http://cxx.uclibc.org/src/uClibc++-$pkgver.tar.bz2
+	associative_base.patch
+	uclibc++-gcc-4.3.patch
+	uclibc++config
+	"
+
+build() {
+	cd "$srcdir/uClibc++-$pkgver"
+	cp ../uclibc++config .config
+	make oldconfig
+
+	for i in ../*.patch; do
+		if ! patch -p1 < $i; then
+			error "failed to apply $i"
+			return 1
+		fi
+	done
+	sed -i -e 's:bin/bash:bin/sh:' bin/Makefile scripts/find_lib*
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+dev() {
+	depends="$pkgname g++"
+	mkdir -p "$subpkgdir"
+	# move everything to -dev package except *.so files
+	mv "$pkgdir"/* "$subpkgdir"/
+	mkdir -p "$pkgdir"/usr/lib/
+	mv "$subpkgdir"/usr/lib/*.so* \
+		"$pkgdir"/usr/lib/
+}
+
+
+md5sums="1ceef3209cca88be8f1bd9de99735954  uClibc++-0.2.2.tar.bz2
+5689baa3f3bf8488c0a5d27a690d30fa  associative_base.patch
+4c7b499e4697225378acef25f6364e9b  uclibc++-gcc-4.3.patch
+2f573c1e2a0c7a320ea4685cc3ce9e2a  uclibc++config"
diff --git a/main/uclibc++/associative_base.patch b/main/uclibc++/associative_base.patch
new file mode 100644
index 0000000000..3453c996a4
--- /dev/null
+++ b/main/uclibc++/associative_base.patch
@@ -0,0 +1,13 @@
+--- a/include/associative_base.orig	2008-03-18 08:46:20 +0000
++++ b/include/associative_base	2008-03-18 08:46:56 +0000
+@@ -221,9 +221,9 @@
+ 	bool operator!=(const __base_associative & x){
+ 		return !(x.backing == backing);
+ 	}
++	void swap(__base_associative & x);
+ 
+ protected:
+-	void swap(__base_associative & x);
+ 
+ 	Compare c;
+ 	std::list<value_type> backing;
diff --git a/main/uclibc++/uclibc++-gcc-4.3.patch b/main/uclibc++/uclibc++-gcc-4.3.patch
new file mode 100644
index 0000000000..37d45a5d5a
--- /dev/null
+++ b/main/uclibc++/uclibc++-gcc-4.3.patch
@@ -0,0 +1,73 @@
+diff -ru uClibc++-0.2.2.orig/include/associative_base uClibc++-0.2.2/include/associative_base
+--- uClibc++-0.2.2.orig/include/associative_base	2009-03-03 14:03:40.000000000 +0000
++++ uClibc++-0.2.2/include/associative_base	2009-03-03 14:03:52.000000000 +0000
+@@ -318,7 +318,7 @@
+ 	typedef std::list<ValueType> listtype;
+ 
+ 	typename listtype::iterator base_iter;
+-	typedef _associative_citer<ValueType, Compare, Allocator> _associative_citer;
++	typedef _associative_citer<ValueType, Compare, Allocator> __associative_citer;
+ 
+ 	
+ public:
+@@ -347,13 +347,13 @@
+ 	bool operator==(const _associative_iter & m) const{
+ 		return m.base_iter == base_iter;
+ 	}
+-	bool operator==(const _associative_citer & m) const{
++	bool operator==(const __associative_citer & m) const{
+ 		return m.base_iter == base_iter;
+ 	}
+ 	bool operator!=(const _associative_iter & m) const{
+ 		return m.base_iter != base_iter;
+ 	}
+-	bool operator!=(const _associative_citer & m) const{
++	bool operator!=(const __associative_citer & m) const{
+ 		return m.base_iter != base_iter;
+ 	}
+ 	_associative_iter & operator++(){
+@@ -378,8 +378,8 @@
+ 		--base_iter;
+ 		return temp;
+ 	}
+-	operator _associative_citer() const{
+-		return _associative_citer(base_iter);
++	operator __associative_citer() const{
++		return __associative_citer(base_iter);
+ 	}
+ 	typename listtype::iterator base_iterator(){
+ 		return base_iter;
+diff -ru uClibc++-0.2.2.orig/include/string uClibc++-0.2.2/include/string
+--- uClibc++-0.2.2.orig/include/string	2009-03-03 14:03:40.000000000 +0000
++++ uClibc++-0.2.2/include/string	2009-03-03 14:03:52.000000000 +0000
+@@ -1017,11 +1017,11 @@
+ 
+ template <> _UCXXEXPORT bool operator==(const string & lhs, const string & rhs);
+ template <> _UCXXEXPORT bool operator==(const char * lhs, const string & rhs);
+-template <> _UCXXEXPORT bool operator==(const string & rhs, const char * rhs);
++template <> _UCXXEXPORT bool operator==(const string & lhs, const char * rhs);
+ 
+ template <> _UCXXEXPORT bool operator!=(const string & lhs, const string & rhs);
+ template <> _UCXXEXPORT bool operator!=(const char * lhs, const string & rhs);
+-template <> _UCXXEXPORT bool operator!=(const string & rhs, const char * rhs);
++template <> _UCXXEXPORT bool operator!=(const string & lhs, const char * rhs);
+ 
+ template <> _UCXXEXPORT string operator+(const string & lhs, const char* rhs);
+ template <> _UCXXEXPORT string operator+(const char* lhs, const string & rhs);
+diff -ru uClibc++-0.2.2.orig/src/string.cpp uClibc++-0.2.2/src/string.cpp
+--- uClibc++-0.2.2.orig/src/string.cpp	2009-03-03 14:03:41.000000000 +0000
++++ uClibc++-0.2.2/src/string.cpp	2009-03-03 14:03:52.000000000 +0000
+@@ -76,11 +76,11 @@
+ 
+ 	template _UCXXEXPORT bool operator==(const string & lhs, const string & rhs);
+ 	template _UCXXEXPORT bool operator==(const char * lhs, const string & rhs);
+-	template _UCXXEXPORT bool operator==(const string & rhs, const char * rhs);
++	template _UCXXEXPORT bool operator==(const string & lhs, const char * rhs);
+ 
+ 	template _UCXXEXPORT bool operator!=(const string & lhs, const string & rhs);
+ 	template _UCXXEXPORT bool operator!=(const char * lhs, const string & rhs);
+-	template _UCXXEXPORT bool operator!=(const string & rhs, const char * rhs);
++	template _UCXXEXPORT bool operator!=(const string & lhs, const char * rhs);
+ 
+ 	template _UCXXEXPORT string operator+(const string & lhs, const char* rhs);
+ 	template _UCXXEXPORT string operator+(const char* lhs, const string & rhs);
diff --git a/main/uclibc++/uclibc++config b/main/uclibc++/uclibc++config
new file mode 100644
index 0000000000..181bd4e7cf
--- /dev/null
+++ b/main/uclibc++/uclibc++config
@@ -0,0 +1,54 @@
+#
+# Automatically generated make config: don't edit
+#
+
+#
+# Target Features and Options
+#
+UCLIBCXX_HAS_FLOATS=y
+UCLIBCXX_HAS_LONG_DOUBLE=y
+# UCLIBCXX_HAS_TLS is not set
+WARNINGS="-Wall"
+BUILD_EXTRA_LIBRARIES=""
+HAVE_DOT_CONFIG=y
+
+#
+# String and I/O Stream Support
+#
+# UCLIBCXX_HAS_WCHAR is not set
+UCLIBCXX_IOSTREAM_BUFSIZE=32
+UCLIBCXX_HAS_LFS=y
+UCLIBCXX_SUPPORT_CDIR=y
+UCLIBCXX_SUPPORT_CIN=y
+UCLIBCXX_SUPPORT_COUT=y
+UCLIBCXX_SUPPORT_CERR=y
+# UCLIBCXX_SUPPORT_CLOG is not set
+
+#
+# STL and Code Expansion
+#
+UCLIBCXX_STL_BUFFER_SIZE=32
+UCLIBCXX_CODE_EXPANSION=y
+UCLIBCXX_EXPAND_CONSTRUCTORS_DESTRUCTORS=y
+UCLIBCXX_EXPAND_STRING_CHAR=y
+UCLIBCXX_EXPAND_VECTOR_BASIC=y
+UCLIBCXX_EXPAND_IOS_CHAR=y
+UCLIBCXX_EXPAND_STREAMBUF_CHAR=y
+UCLIBCXX_EXPAND_ISTREAM_CHAR=y
+UCLIBCXX_EXPAND_OSTREAM_CHAR=y
+UCLIBCXX_EXPAND_FSTREAM_CHAR=y
+UCLIBCXX_EXPAND_SSTREAM_CHAR=y
+
+#
+# Library Installation Options
+#
+UCLIBCXX_RUNTIME_PREFIX="/usr"
+UCLIBCXX_RUNTIME_INCLUDE_SUBDIR="/include"
+UCLIBCXX_RUNTIME_LIB_SUBDIR="/lib"
+UCLIBCXX_RUNTIME_BIN_SUBDIR="/bin"
+UCLIBCXX_EXCEPTION_SUPPORT=y
+IMPORT_LIBSUP=y
+IMPORT_LIBGCC_EH=y
+BUILD_STATIC_LIB=y
+# BUILD_ONLY_STATIC_LIB is not set
+# DODEBUG is not set
diff --git a/main/uclibc/0001-first-pass-at-implementing-at-funcs.patch b/main/uclibc/0001-first-pass-at-implementing-at-funcs.patch
new file mode 100644
index 0000000000..cf46258696
--- /dev/null
+++ b/main/uclibc/0001-first-pass-at-implementing-at-funcs.patch
@@ -0,0 +1,928 @@
+From 69ddd883084998dbeedf1ca9abbb9927cef20be0 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 24 Jul 2009 13:22:39 +0000
+Subject: [PATCH 1/2] first pass at implementing *at funcs
+
+Tested basic functionality with coreutils and things seem to work.  At
+least gives us a basis to jump from.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+
+Conflicts:
+
+	include/features.h
+	include/sys/stat.h
+	libc/misc/dirent/opendir.c
+---
+ include/dirent.h                       |   10 +++++-
+ include/fcntl.h                        |   15 +++++---
+ include/features.h                     |   53 +++++++++++++++++++++------
+ include/stdio.h                        |    5 +++
+ include/sys/stat.h                     |   33 +++++++++++++----
+ include/sys/time.h                     |    2 +-
+ libc/misc/dirent/opendir.c             |   63 +++++++++++++++++++++++++-------
+ libc/sysdeps/linux/common/faccessat.c  |   16 ++++++++
+ libc/sysdeps/linux/common/fchmodat.c   |   16 ++++++++
+ libc/sysdeps/linux/common/fchownat.c   |   16 ++++++++
+ libc/sysdeps/linux/common/fstatat.c    |   27 ++++++++++++++
+ libc/sysdeps/linux/common/fstatat64.c  |   31 ++++++++++++++++
+ libc/sysdeps/linux/common/futimesat.c  |   16 ++++++++
+ libc/sysdeps/linux/common/linkat.c     |   16 ++++++++
+ libc/sysdeps/linux/common/mkdirat.c    |   16 ++++++++
+ libc/sysdeps/linux/common/mkfifoat.c   |   19 ++++++++++
+ libc/sysdeps/linux/common/mknodat.c    |   25 +++++++++++++
+ libc/sysdeps/linux/common/openat.c     |   18 +++++++++
+ libc/sysdeps/linux/common/openat64.c   |   25 +++++++++++++
+ libc/sysdeps/linux/common/readlinkat.c |   16 ++++++++
+ libc/sysdeps/linux/common/renameat.c   |   16 ++++++++
+ libc/sysdeps/linux/common/symlinkat.c  |   16 ++++++++
+ libc/sysdeps/linux/common/unlinkat.c   |   16 ++++++++
+ libc/sysdeps/linux/common/utimensat.c  |   16 ++++++++
+ 24 files changed, 462 insertions(+), 40 deletions(-)
+ create mode 100644 libc/sysdeps/linux/common/faccessat.c
+ create mode 100644 libc/sysdeps/linux/common/fchmodat.c
+ create mode 100644 libc/sysdeps/linux/common/fchownat.c
+ create mode 100644 libc/sysdeps/linux/common/fstatat.c
+ create mode 100644 libc/sysdeps/linux/common/fstatat64.c
+ create mode 100644 libc/sysdeps/linux/common/futimesat.c
+ create mode 100644 libc/sysdeps/linux/common/linkat.c
+ create mode 100644 libc/sysdeps/linux/common/mkdirat.c
+ create mode 100644 libc/sysdeps/linux/common/mkfifoat.c
+ create mode 100644 libc/sysdeps/linux/common/mknodat.c
+ create mode 100644 libc/sysdeps/linux/common/openat.c
+ create mode 100644 libc/sysdeps/linux/common/openat64.c
+ create mode 100644 libc/sysdeps/linux/common/readlinkat.c
+ create mode 100644 libc/sysdeps/linux/common/renameat.c
+ create mode 100644 libc/sysdeps/linux/common/symlinkat.c
+ create mode 100644 libc/sysdeps/linux/common/unlinkat.c
+ create mode 100644 libc/sysdeps/linux/common/utimensat.c
+
+diff --git a/include/dirent.h b/include/dirent.h
+index 565a94d..376ca61 100644
+--- a/include/dirent.h
++++ b/include/dirent.h
+@@ -134,6 +134,14 @@ typedef struct __dirstream DIR;
+    marked with __THROW.  */
+ extern DIR *opendir (__const char *__name) __nonnull ((1));
+ 
++#ifdef __USE_XOPEN2K8
++/* Same as opendir, but open the stream on the file descriptor FD.
++
++   This function is a possible cancellation point and therefore not
++   marked with __THROW.  */
++extern DIR *fdopendir (int __fd);
++#endif
++
+ /* Close the directory stream DIRP.
+    Return 0 if successful, -1 if not.
+ 
+@@ -210,7 +218,7 @@ extern void seekdir (DIR *__dirp, long int __pos) __THROW __nonnull ((1));
+ extern long int telldir (DIR *__dirp) __THROW __nonnull ((1));
+ #endif
+ 
+-#if defined __USE_BSD || defined __USE_MISC
++#if defined __USE_BSD || defined __USE_MISC || defined __XOPEN_2K8
+ 
+ /* Return the file descriptor used by DIRP.  */
+ extern int dirfd (DIR *__dirp) __THROW __nonnull ((1));
+diff --git a/include/fcntl.h b/include/fcntl.h
+index 3e0aab5..084ee8c 100644
+--- a/include/fcntl.h
++++ b/include/fcntl.h
+@@ -56,13 +56,16 @@ __BEGIN_DECLS
+ # define SEEK_END	2	/* Seek from end of file.  */
+ #endif	/* XPG */
+ 
+-#if 0 /*def __USE_GNU*/
++#ifdef __USE_ATFILE
+ # define AT_FDCWD		-100	/* Special value used to indicate
+-					   openat should use the current
+-					   working directory. */
++					   the *at functions should use the
++					   current working directory. */
+ # define AT_SYMLINK_NOFOLLOW	0x100	/* Do not follow symbolic links.  */
+ # define AT_REMOVEDIR		0x200	/* Remove directory instead of
+ 					   unlinking file.  */
++# define AT_SYMLINK_FOLLOW	0x400	/* Follow symbolic links.  */
++# define AT_EACCESS		0x200	/* Test access permitted for
++					   effective IDs, not real IDs.  */
+ #endif
+ 
+ /* Do the file control operation described by CMD on FD.
+@@ -103,11 +106,11 @@ extern int __REDIRECT (open, (__const char *__file, int __oflag, ...), open64)
+ extern int open64 (__const char *__file, int __oflag, ...) __nonnull ((1));
+ #endif
+ 
+-#if 0 /*def __USE_GNU*/
+-/* Similar to OPEN but a relative path name is interpreted relative to
++#ifdef __USE_ATFILE
++/* Similar to `open' but a relative path name is interpreted relative to
+    the directory for which FD is a descriptor.
+ 
+-   NOTE: some other OPENAT implementation support additional functionality
++   NOTE: some other `openat' implementation support additional functionality
+    through this interface, especially using the O_XATTR flag.  This is not
+    yet supported here.
+ 
+diff --git a/include/features.h b/include/features.h
+index defdd04..51c6548 100644
+--- a/include/features.h
++++ b/include/features.h
+@@ -1,4 +1,4 @@
+-/* Copyright (C) 1991-1993,1995-2003,2004,2005 Free Software Foundation, Inc.
++/* Copyright (C) 1991-1993,1995-2006,2007,2009 Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -50,9 +50,10 @@
+ 			if >=199309L, add IEEE Std 1003.1b-1993;
+ 			if >=199506L, add IEEE Std 1003.1c-1995;
+ 			if >=200112L, all of IEEE 1003.1-2004
++			if >=200809L, all of IEEE 1003.1-2008
+    _XOPEN_SOURCE	Includes POSIX and XPG things.  Set to 500 if
+ 			Single Unix conformance is wanted, to 600 for the
+-			upcoming sixth revision.
++			sixth revision, to 700 for the seventh revision.
+    _XOPEN_SOURCE_EXTENDED XPG things and X/Open Unix extensions.
+    _LARGEFILE_SOURCE	Some more functions for correct standard I/O.
+    _LARGEFILE64_SOURCE	Additional functionality from LFS for large files.
+@@ -69,7 +70,7 @@
+    The `-ansi' switch to the GNU C compiler defines __STRICT_ANSI__.
+    If none of these are defined, the default is to have _SVID_SOURCE,
+    _BSD_SOURCE, and _POSIX_SOURCE set to one and _POSIX_C_SOURCE set to
+-   199506L.  If more than one of these are defined, they accumulate.
++   200112L.  If more than one of these are defined, they accumulate.
+    For example __STRICT_ANSI__, _POSIX_SOURCE and _POSIX_C_SOURCE
+    together give you ISO C, 1003.1, and 1003.2, but nothing else.
+ 
+@@ -77,6 +78,7 @@
+    header files to decide what to declare or define:
+ 
+    __USE_ISOC99		Define ISO C99 things.
++   __USE_ISOC95		Define ISO C90 AMD1 (C95) things.
+    __USE_POSIX		Define IEEE Std 1003.1 things.
+    __USE_POSIX2		Define IEEE Std 1003.2 things.
+    __USE_POSIX199309	Define IEEE Std 1003.1, and .1b things.
+@@ -85,6 +87,7 @@
+    __USE_XOPEN_EXTENDED	Define X/Open Unix things.
+    __USE_UNIX98		Define Single Unix V2 things.
+    __USE_XOPEN2K        Define XPG6 things.
++   __USE_XOPEN2K8       Define XPG7 things.
+    __USE_LARGEFILE	Define correct standard I/O things.
+    __USE_LARGEFILE64	Define LFS things with separate names.
+    __USE_FILE_OFFSET64	Define 64bit interface as default.
+@@ -111,6 +114,7 @@
+ 
+ /* Undefine everything, so we get a clean slate.  */
+ #undef	__USE_ISOC99
++#undef	__USE_ISOC95
+ #undef	__USE_POSIX
+ #undef	__USE_POSIX2
+ #undef	__USE_POSIX199309
+@@ -119,6 +123,7 @@
+ #undef	__USE_XOPEN_EXTENDED
+ #undef	__USE_UNIX98
+ #undef	__USE_XOPEN2K
++#undef	__USE_XOPEN2K8
+ #undef	__USE_LARGEFILE
+ #undef	__USE_LARGEFILE64
+ #undef	__USE_FILE_OFFSET64
+@@ -171,9 +176,9 @@
+ # undef  _POSIX_SOURCE
+ # define _POSIX_SOURCE	1
+ # undef  _POSIX_C_SOURCE
+-# define _POSIX_C_SOURCE	199506L
++# define _POSIX_C_SOURCE	200809L
+ # undef  _XOPEN_SOURCE
+-# define _XOPEN_SOURCE	600
++# define _XOPEN_SOURCE	700
+ # undef  _XOPEN_SOURCE_EXTENDED
+ # define _XOPEN_SOURCE_EXTENDED	1
+ # ifdef __UCLIBC_HAS_LFS__
+@@ -207,6 +212,12 @@
+ # define __USE_ISOC99	1
+ #endif
+ 
++/* This is to enable the ISO C90 Amendment 1:1995 extension.  */
++#if (defined _ISOC99_SOURCE || defined _ISOC9X_SOURCE \
++     || (defined __STDC_VERSION__ && __STDC_VERSION__ >= 199409L))
++# define __USE_ISOC95	1
++#endif
++
+ /* If none of the ANSI/POSIX macros are defined, use POSIX.1 and POSIX.2
+    (and IEEE Std 1003.1b-1993 unless _XOPEN_SOURCE is defined).  */
+ #if ((!defined __STRICT_ANSI__ || (_XOPEN_SOURCE - 0) >= 500) && \
+@@ -214,9 +225,14 @@
+ # define _POSIX_SOURCE	1
+ # if defined _XOPEN_SOURCE && (_XOPEN_SOURCE - 0) < 500
+ #  define _POSIX_C_SOURCE	2
+-# else
++# elif defined _XOPEN_SOURCE && (_XOPEN_SOURCE - 0) < 600
+ #  define _POSIX_C_SOURCE	199506L
++# elif defined _XOPEN_SOURCE && (_XOPEN_SOURCE - 0) < 700
++#  define _POSIX_C_SOURCE	200112L
++# else
++#  define _POSIX_C_SOURCE	200809L
+ # endif
++# define __USE_POSIX_IMPLICITLY	1
+ #endif
+ 
+ #if defined _POSIX_SOURCE || _POSIX_C_SOURCE >= 1 || defined _XOPEN_SOURCE
+@@ -237,6 +253,14 @@
+ 
+ #if (_POSIX_C_SOURCE - 0) >= 200112L
+ # define __USE_XOPEN2K		1
++# undef __USE_ISOC99
++# define __USE_ISOC99		1
++#endif
++
++#if (_POSIX_C_SOURCE - 0) >= 200809L
++# define __USE_XOPEN2K8		1
++# undef  _ATFILE_SOURCE
++# define _ATFILE_SOURCE	1
+ #endif
+ 
+ #ifdef	_XOPEN_SOURCE
+@@ -247,6 +271,9 @@
+ #  undef _LARGEFILE_SOURCE
+ #  define _LARGEFILE_SOURCE	1
+ #  if (_XOPEN_SOURCE - 0) >= 600
++#   if (_XOPEN_SOURCE - 0) >= 700
++#    define __USE_XOPEN2K8	1
++#   endif
+ #   define __USE_XOPEN2K	1
+ #   undef __USE_ISOC99
+ #   define __USE_ISOC99		1
+@@ -313,7 +340,7 @@
+ 
+ #ifdef __UCLIBC_HAS_WCHAR__
+ /* wchar_t uses ISO 10646-1 (2nd ed., published 2000-09-15) / Unicode 3.1.  */
+-# define __STDC_ISO_10646__		200009L
++#define __STDC_ISO_10646__		200009L
+ #endif
+ 
+ /*  There is an unwholesomely huge amount of code out there that depends on the
+@@ -365,7 +392,13 @@
+ 
+ #endif	/* !ASSEMBLER */
+ 
+-/* Decide whether we can define 'extern inline' functions in headers.  */
++/* Decide whether we can, and are willing to define extern inline
++ * functions in headers, even if this results in a slightly bigger
++ * code for user programs built against uclibc.
++ * Enabled only in -O2 compiles, not -Os.
++ * uclibc itself is usually built without __USE_EXTERN_INLINES,
++ * remove "&& !defined __OPTIMIZE_SIZE__" part to do otherwise.
++ */
+ #if __GNUC_PREREQ (2, 7) && defined __OPTIMIZE__ \
+     && !defined __OPTIMIZE_SIZE__ && !defined __NO_INLINE__ \
+     && (defined __extern_inline || defined __GNUC_GNU_INLINE__)
+@@ -406,10 +439,6 @@ uClibc was built without large file support enabled.
+ # define __USE_LARGEFILE64       1
+ #endif
+ 
+-/* uClibc does not support *at interfaces. */
+-#undef _ATFILE_SOURCE
+-#undef __USE_ATFILE
+-
+ #ifdef _LIBC
+ # include <libc-internal.h>
+ #endif
+diff --git a/include/stdio.h b/include/stdio.h
+index f14016a..237b9a7 100644
+--- a/include/stdio.h
++++ b/include/stdio.h
+@@ -147,6 +147,11 @@ extern int remove (__const char *__filename) __THROW;
+ extern int rename (__const char *__old, __const char *__new) __THROW;
+ __END_NAMESPACE_STD
+ 
++#ifdef __USE_ATFILE
++/* Rename file OLD relative to OLDFD to NEW relative to NEWFD.  */
++extern int renameat (int __oldfd, __const char *__old, int __newfd,
++		     __const char *__new) __THROW;
++#endif
+ 
+ __BEGIN_NAMESPACE_STD
+ /* Create a temporary file and open it read/write.
+diff --git a/include/sys/stat.h b/include/sys/stat.h
+index 5082390..17d1a05 100644
+--- a/include/sys/stat.h
++++ b/include/sys/stat.h
+@@ -1,4 +1,5 @@
+-/* Copyright (C) 1991,1992,1995-2004,2005,2006 Free Software Foundation, Inc.
++/* Copyright (C) 1991, 1992, 1995-2004, 2005, 2006, 2007, 2009
++   Free Software Foundation, Inc.
+    This file is part of the GNU C Library.
+ 
+    The GNU C Library is free software; you can redistribute it and/or
+@@ -27,11 +28,12 @@
+ 
+ #include <bits/types.h>		/* For __mode_t and __dev_t.  */
+ 
+-#if defined __USE_XOPEN || defined __USE_MISC
++#if defined __USE_XOPEN || defined __USE_XOPEN2K || defined __USE_MISC \
++         || defined __USE_ATFILE
+ # if defined __USE_XOPEN || defined __USE_XOPEN2K
+ #  define __need_time_t
+ # endif
+-# ifdef __USE_MISC
++# if defined __USE_MISC || defined __USE_ATFILE
+ #  define __need_timespec
+ # endif
+ # include <time.h>		/* For time_t resp. timespec.  */
+@@ -247,12 +249,14 @@ extern int __REDIRECT_NTH (fstatat, (int __fd, __const char *__restrict __file,
+ #  endif
+ # endif
+ 
++# ifdef __USE_LARGEFILE64
+ extern int fstatat64 (int __fd, __const char *__restrict __file,
+ 		      struct stat64 *__restrict __buf, int __flag)
+      __THROW __nonnull ((2, 3));
++# endif
+ #endif
+ 
+-#if defined __USE_BSD || defined __USE_XOPEN_EXTENDED
++#if defined __USE_BSD || defined __USE_XOPEN_EXTENDED || defined __USE_XOPEN2K
+ # ifndef __USE_FILE_OFFSET64
+ /* Get file attributes about FILE and put them in BUF.
+    If FILE is a symbolic link, do not follow it.  */
+@@ -296,7 +300,8 @@ extern int fchmod (int __fd, __mode_t __mode) __THROW;
+ #ifdef __USE_ATFILE
+ /* Set file access permissions of FILE relative to
+    the directory FD is open on.  */
+-extern int fchmodat (int __fd, __const char *__file, __mode_t mode, int __flag)
++extern int fchmodat (int __fd, __const char *__file, __mode_t __mode,
++		     int __flag)
+      __THROW __nonnull ((2)) __wur;
+ #endif /* Use ATFILE.  */
+ 
+@@ -330,14 +335,14 @@ extern int mkdirat (int __fd, __const char *__path, __mode_t __mode)
+ #if defined __USE_MISC || defined __USE_BSD || defined __USE_XOPEN_EXTENDED
+ extern int mknod (__const char *__path, __mode_t __mode, __dev_t __dev)
+      __THROW __nonnull ((1));
+-#endif
+ 
+-#ifdef __USE_ATFILE
++# ifdef __USE_ATFILE
+ /* Like mknod, create a new device file with permission bits MODE and
+    device number DEV.  But interpret relative PATH names relative to
+    the directory associated with FD.  */
+ extern int mknodat (int __fd, __const char *__path, __mode_t __mode,
+ 		    __dev_t __dev) __THROW __nonnull ((2));
++# endif
+ #endif
+ 
+ 
+@@ -352,7 +357,21 @@ extern int mkfifo (__const char *__path, __mode_t __mode)
+ extern int mkfifoat (int __fd, __const char *__path, __mode_t __mode)
+      __THROW __nonnull ((2));
+ #endif
++
++#ifdef __USE_ATFILE
++/* Set file access and modification times relative to directory file
++   descriptor.  */
++extern int utimensat (int __fd, __const char *__path,
++		      __const struct timespec __times[2],
++		      int __flags)
++     __THROW __nonnull ((2));
++#endif
+ 
++#ifdef __USE_XOPEN2K8
++/* Set file access and modification times of the file associated with FD.  */
++extern int futimens (int __fd, __const struct timespec __times[2]) __THROW;
++#endif
++
+ /* on uClibc we have unversioned struct stat and mknod.
+  * bits/stat.h is filled with wrong info, so we undo it here.  */
+ #undef _STAT_VER
+diff --git a/include/sys/time.h b/include/sys/time.h
+index 66fb9e0..2ba124f 100644
+--- a/include/sys/time.h
++++ b/include/sys/time.h
+@@ -148,7 +148,7 @@ extern int lutimes (__const char *__file, __const struct timeval __tvp[2])
+ extern int futimes (int __fd, __const struct timeval __tvp[2]) __THROW;
+ #endif
+ 
+-#if 0 /*def __USE_GNU*/
++#ifdef __USE_GNU
+ /* Change the access time of FILE relative to FD to TVP[0] and the
+    modification time of FILE to TVP[1].  If TVP is a null pointer, use
+    the current time instead.  Returns 0 on success, -1 on errors.  */
+diff --git a/libc/misc/dirent/opendir.c b/libc/misc/dirent/opendir.c
+index 26ab915..c03fcbd 100644
+--- a/libc/misc/dirent/opendir.c
++++ b/libc/misc/dirent/opendir.c
+@@ -12,6 +12,7 @@
+ #include <unistd.h>
+ #include <sys/dir.h>
+ #include <sys/stat.h>
++#include <dirent.h>
+ #include "dirstream.h"
+ 
+ libc_hidden_proto(opendir)
+@@ -21,6 +22,53 @@ libc_hidden_proto(close)
+ libc_hidden_proto(stat)
+ libc_hidden_proto(fstat)
+ 
++static DIR *fd_to_DIR(int fd, __blksize_t size)
++{
++	DIR *ptr;
++
++	ptr = malloc(sizeof(*ptr));
++	if (!ptr)
++		return NULL;
++
++	ptr->dd_fd = fd;
++	ptr->dd_nextloc = ptr->dd_size = ptr->dd_nextoff = 0;
++	ptr->dd_max = size;
++	if (ptr->dd_max < 512)
++		ptr->dd_max = 512;
++
++	ptr->dd_buf = calloc(1, ptr->dd_max);
++	if (!ptr->dd_buf) {
++		free(ptr);
++		return NULL;
++	}
++	__pthread_mutex_init(&ptr->dd_lock, NULL);
++
++	return ptr;
++}
++
++DIR *fdopendir(int fd)
++{
++	int flags;
++	struct stat st;
++
++	if (fstat(fd, &st))
++		return NULL;
++	if (!S_ISDIR(st.st_mode)) {
++		__set_errno(ENOTDIR);
++		return NULL;
++	}
++
++	flags = fcntl(fd, F_GETFL);
++	if (flags == -1)
++		return NULL;
++	if ((flags & O_ACCMODE) == O_WRONLY) {
++		__set_errno(EINVAL);
++		return NULL;
++	}
++
++	return fd_to_DIR(fd, st.st_blksize);
++}
++
+ /* opendir just makes an open() call - it return NULL if it fails
+  * (open sets errno), otherwise it returns a DIR * pointer.
+  */
+@@ -61,23 +109,12 @@ close_and_ret:
+ 		__set_errno(saved_errno);
+ 		return NULL;
+ 	}
+-	if (!(ptr = malloc(sizeof(*ptr))))
+-		goto nomem_close_and_ret;
+ 
+-	ptr->dd_fd = fd;
+-	ptr->dd_nextloc = ptr->dd_size = ptr->dd_nextoff = 0;
+-	ptr->dd_max = statbuf.st_blksize;
+-	if (ptr->dd_max < 512)
+-		ptr->dd_max = 512;
+-
+-	if (!(ptr->dd_buf = calloc(1, ptr->dd_max))) {
+-		free(ptr);
+-nomem_close_and_ret:
++	ptr = fd_to_DIR(fd, statbuf.st_blksize);
++	if (!ptr) {
+ 		close(fd);
+ 		__set_errno(ENOMEM);
+-		return NULL;
+ 	}
+-	__pthread_mutex_init(&(ptr->dd_lock), NULL);
+ 	return ptr;
+ }
+ libc_hidden_def(opendir)
+diff --git a/libc/sysdeps/linux/common/faccessat.c b/libc/sysdeps/linux/common/faccessat.c
+new file mode 100644
+index 0000000..09ca129
+--- /dev/null
++++ b/libc/sysdeps/linux/common/faccessat.c
+@@ -0,0 +1,16 @@
++/*
++ * faccessat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <unistd.h>
++
++#ifdef __NR_faccessat
++_syscall4(int, faccessat, int, fd, const char *, file, int, type, int, flag)
++#else
++/* should add emulation with faccess() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/fchmodat.c b/libc/sysdeps/linux/common/fchmodat.c
+new file mode 100644
+index 0000000..7d4dd4e
+--- /dev/null
++++ b/libc/sysdeps/linux/common/fchmodat.c
+@@ -0,0 +1,16 @@
++/*
++ * fchmodat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/stat.h>
++
++#ifdef __NR_fchmodat
++_syscall4(int, fchmodat, int, fd, const char *, file, mode_t, mode, int, flag)
++#else
++/* should add emulation with fchmod() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/fchownat.c b/libc/sysdeps/linux/common/fchownat.c
+new file mode 100644
+index 0000000..707164d
+--- /dev/null
++++ b/libc/sysdeps/linux/common/fchownat.c
+@@ -0,0 +1,16 @@
++/*
++ * fchownat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <unistd.h>
++
++#ifdef __NR_fchownat
++_syscall5(int, fchownat, int, fd, const char *, file, uid_t, owner, gid_t, group, int, flag)
++#else
++/* should add emulation with fchown() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/fstatat.c b/libc/sysdeps/linux/common/fstatat.c
+new file mode 100644
+index 0000000..149c189
+--- /dev/null
++++ b/libc/sysdeps/linux/common/fstatat.c
+@@ -0,0 +1,27 @@
++/*
++ * fstatat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/stat.h>
++#include "xstatconv.h"
++
++#ifdef __NR_fstatat64
++int fstatat(int fd, const char *file, struct stat *buf, int flag)
++{
++	int ret;
++	struct kernel_stat kbuf;
++
++	ret = INLINE_SYSCALL(fstatat64, 4, fd, file, &kbuf, flag);
++	if (ret == 0)
++		__xstat_conv(&kbuf, buf);
++
++	return ret;
++}
++#else
++/* should add emulation with fstat() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/fstatat64.c b/libc/sysdeps/linux/common/fstatat64.c
+new file mode 100644
+index 0000000..5ae1fad
+--- /dev/null
++++ b/libc/sysdeps/linux/common/fstatat64.c
+@@ -0,0 +1,31 @@
++/*
++ * fstatat64() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/stat.h>
++#include "xstatconv.h"
++
++#ifdef __UCLIBC_HAS_LFS__
++
++#ifdef __NR_fstatat64
++int fstatat64(int fd, const char *file, struct stat64 *buf, int flag)
++{
++	int ret;
++	struct kernel_stat64 kbuf;
++
++	ret = INLINE_SYSCALL(fstatat64, 4, fd, file, &kbuf, flag);
++	if (ret == 0)
++		__xstat64_conv(&kbuf, buf);
++
++	return ret;
++}
++#else
++/* should add emulation with fstat64() and /proc/self/fd/ ... */
++#endif
++
++#endif
+diff --git a/libc/sysdeps/linux/common/futimesat.c b/libc/sysdeps/linux/common/futimesat.c
+new file mode 100644
+index 0000000..bd73eae
+--- /dev/null
++++ b/libc/sysdeps/linux/common/futimesat.c
+@@ -0,0 +1,16 @@
++/*
++ * futimesat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/time.h>
++
++#ifdef __NR_futimesat
++_syscall3(int, futimesat, int, fd, const char *, file, const struct timeval *, tvp)
++#else
++/* should add emulation with futimes() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/linkat.c b/libc/sysdeps/linux/common/linkat.c
+new file mode 100644
+index 0000000..9abe9ec
+--- /dev/null
++++ b/libc/sysdeps/linux/common/linkat.c
+@@ -0,0 +1,16 @@
++/*
++ * linkat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <unistd.h>
++
++#ifdef __NR_linkat
++_syscall5(int, linkat, int, fromfd, const char *, from, int, tofd, const char *, to, int, flags)
++#else
++/* should add emulation with link() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/mkdirat.c b/libc/sysdeps/linux/common/mkdirat.c
+new file mode 100644
+index 0000000..4da9468
+--- /dev/null
++++ b/libc/sysdeps/linux/common/mkdirat.c
+@@ -0,0 +1,16 @@
++/*
++ * mkdirat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/stat.h>
++
++#ifdef __NR_mkdirat
++_syscall3(int, mkdirat, int, fd, const char *, path, mode_t, mode)
++#else
++/* should add emulation with mkdir() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/mkfifoat.c b/libc/sysdeps/linux/common/mkfifoat.c
+new file mode 100644
+index 0000000..e442fe2
+--- /dev/null
++++ b/libc/sysdeps/linux/common/mkfifoat.c
+@@ -0,0 +1,19 @@
++/*
++ * mkfifoat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/stat.h>
++
++#ifdef __NR_mknodat
++int mkfifoat(int fd, const char *path, mode_t mode)
++{
++	return mknodat(fd, path, mode | S_IFIFO, 0);
++}
++#else
++/* should add emulation with mkfifo() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/mknodat.c b/libc/sysdeps/linux/common/mknodat.c
+new file mode 100644
+index 0000000..93b9e6e
+--- /dev/null
++++ b/libc/sysdeps/linux/common/mknodat.c
+@@ -0,0 +1,25 @@
++/*
++ * mknodat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/stat.h>
++
++#ifdef __NR_mknodat
++int mknodat(int fd, const char *path, mode_t mode, dev_t dev)
++{
++	unsigned long long int k_dev;
++
++	/* We must convert the value to dev_t type used by the kernel.  */
++	k_dev = (dev) & ((1ULL << 32) - 1);
++
++	return INLINE_SYSCALL(mknodat, 4, fd, path, mode, (unsigned int)k_dev);
++}
++libc_hidden_def(mknodat)
++#else
++/* should add emulation with mknod() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/openat.c b/libc/sysdeps/linux/common/openat.c
+new file mode 100644
+index 0000000..33bd606
+--- /dev/null
++++ b/libc/sysdeps/linux/common/openat.c
+@@ -0,0 +1,18 @@
++/*
++ * openat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#define openat __xx_openat
++#include <sys/syscall.h>
++#include <fcntl.h>
++#undef openat
++
++#ifdef __NR_openat
++_syscall4(int, openat, int, fd, const char *, file, int, oflag, mode_t, mode)
++#else
++/* should add emulation with open() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/openat64.c b/libc/sysdeps/linux/common/openat64.c
+new file mode 100644
+index 0000000..75711aa
+--- /dev/null
++++ b/libc/sysdeps/linux/common/openat64.c
+@@ -0,0 +1,25 @@
++/*
++ * openat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#define openat64 __xx_openat
++#include <sys/syscall.h>
++#include <fcntl.h>
++#undef openat64
++
++#ifdef __UCLIBC_HAS_LFS__
++
++#ifdef __NR_openat
++int openat64(int fd, const char *file, int oflag, mode_t mode)
++{
++	return openat(fd, file, oflag | O_LARGEFILE, mode);
++}
++#else
++/* should add emulation with open() and /proc/self/fd/ ... */
++#endif
++
++#endif
+diff --git a/libc/sysdeps/linux/common/readlinkat.c b/libc/sysdeps/linux/common/readlinkat.c
+new file mode 100644
+index 0000000..d0a98e1
+--- /dev/null
++++ b/libc/sysdeps/linux/common/readlinkat.c
+@@ -0,0 +1,16 @@
++/*
++ * readlinkat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <unistd.h>
++
++#ifdef __NR_readlinkat
++_syscall4(ssize_t, readlinkat, int, fd, const char *, path, char *, buf, size_t, len)
++#else
++/* should add emulation with readlink() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/renameat.c b/libc/sysdeps/linux/common/renameat.c
+new file mode 100644
+index 0000000..a898f7b
+--- /dev/null
++++ b/libc/sysdeps/linux/common/renameat.c
+@@ -0,0 +1,16 @@
++/*
++ * renameat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <stdio.h>
++
++#ifdef __NR_renameat
++_syscall4(int, renameat, int, oldfd, const char *, old, int, newfd, const char *, new)
++#else
++/* should add emulation with rename() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/symlinkat.c b/libc/sysdeps/linux/common/symlinkat.c
+new file mode 100644
+index 0000000..6381b33
+--- /dev/null
++++ b/libc/sysdeps/linux/common/symlinkat.c
+@@ -0,0 +1,16 @@
++/*
++ * symlinkat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <unistd.h>
++
++#ifdef __NR_symlinkat
++_syscall3(int, symlinkat, const char *, from, int, tofd, const char *, to)
++#else
++/* should add emulation with symlink() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/unlinkat.c b/libc/sysdeps/linux/common/unlinkat.c
+new file mode 100644
+index 0000000..0eaf2b6
+--- /dev/null
++++ b/libc/sysdeps/linux/common/unlinkat.c
+@@ -0,0 +1,16 @@
++/*
++ * unlinkat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <unistd.h>
++
++#ifdef __NR_unlinkat
++_syscall3(int, unlinkat, int, fd, const char *, file, int, flag)
++#else
++/* should add emulation with unlink() and /proc/self/fd/ ... */
++#endif
+diff --git a/libc/sysdeps/linux/common/utimensat.c b/libc/sysdeps/linux/common/utimensat.c
+new file mode 100644
+index 0000000..3c5af85
+--- /dev/null
++++ b/libc/sysdeps/linux/common/utimensat.c
+@@ -0,0 +1,16 @@
++/*
++ * utimensat() for uClibc
++ *
++ * Copyright (C) 2009 Analog Devices Inc.
++ *
++ * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
++ */
++
++#include <sys/syscall.h>
++#include <sys/stat.h>
++
++#ifdef __NR_utimensat
++_syscall4(int, utimensat, int, fd, const char *, path, const struct timespec *, times, int, flags)
++#else
++/* should add emulation with utimens() and /proc/self/fd/ ... */
++#endif
+-- 
+1.6.3.3
+
diff --git a/main/uclibc/0001-ldd-segfault-fix.patch b/main/uclibc/0001-ldd-segfault-fix.patch
new file mode 100644
index 0000000000..4384fa548c
--- /dev/null
+++ b/main/uclibc/0001-ldd-segfault-fix.patch
@@ -0,0 +1,49 @@
+From f29b6882327573ec4e694c1c852307c957d544b9 Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Tue, 5 May 2009 14:10:42 +0000
+Subject: [PATCH] ldd segfault fix
+
+Fixes ldd segfault on this testcase:
+
+extern void _dl_getenv(void);
+void foo(void)
+{
+	printf("foo: %x\n", &_dl_getenv);
+}
+
+linked as -shared
+---
+ utils/ldd.c |    8 +++++---
+ 1 files changed, 5 insertions(+), 3 deletions(-)
+
+diff --git a/utils/ldd.c b/utils/ldd.c
+index 1f1dc25..2cd173c 100644
+--- a/utils/ldd.c
++++ b/utils/ldd.c
+@@ -576,18 +576,20 @@ static struct library *find_elf_interpreter(ElfW(Ehdr) *ehdr)
+ 				}
+ 				newlib->name = NULL;
+ 				newlib->path = NULL;
+-				return NULL;
++				break;
+ 			}
+ 		}
+-		if (newlib == NULL)
++		if (newlib == NULL) {
+ 			newlib = malloc(sizeof(struct library));
++			if (newlib)
++				newlib->next = NULL;
++		}
+ 		if (!newlib)
+ 			return NULL;
+ 		newlib->name = malloc(strlen(s) + 1);
+ 		strcpy(newlib->name, s);
+ 		newlib->path = strdup(newlib->name);
+ 		newlib->resolved = 1;
+-		newlib->next = NULL;
+ 
+ #if 0
+ 		/*printf("find_elf_interpreter is adding '%s' to '%s'\n", newlib->name, newlib->path); */
+-- 
+1.6.2.3
+
diff --git a/main/uclibc/0001-linuxthreads-fixes-from-Will-Newton-will.newton-AT-g.patch b/main/uclibc/0001-linuxthreads-fixes-from-Will-Newton-will.newton-AT-g.patch
new file mode 100644
index 0000000000..6b54d25f28
--- /dev/null
+++ b/main/uclibc/0001-linuxthreads-fixes-from-Will-Newton-will.newton-AT-g.patch
@@ -0,0 +1,281 @@
+From 52c9ef85a65f4dc25a4d1ff79c0fba1ed53ef43a Mon Sep 17 00:00:00 2001
+From: Denis Vlasenko <vda.linux@googlemail.com>
+Date: Thu, 12 Mar 2009 20:56:59 +0000
+Subject: [PATCH 01/39] linuxthreads fixes from Will Newton (will.newton AT gmail.com):
+ * share Sys V semaphores in order to get appropriate SEM_UNDO semantics.
+ * correct guardaddr in pthread_free() for TLS case
+ * move spinlock unlocking before restart()
+ * When exit was called from a signal handler, the restart
+   from the manager processing the exit request instead restarted the thread
+   in pthread_cond_timedwait.
+   (see http://sources.redhat.com/ml/libc-ports/2006-05/msg00000.html)
+
+---
+ libpthread/linuxthreads/descr.h            |    2 --
+ libpthread/linuxthreads/manager.c          |   15 ++++++++-------
+ libpthread/linuxthreads/pthread.c          |   26 +++++++++++++++-----------
+ libpthread/linuxthreads/specific.c         |   10 ++++++----
+ libpthread/linuxthreads/spinlock.c         |   14 +++++++++++++-
+ libpthread/linuxthreads/spinlock.h         |    6 ++++--
+ libpthread/linuxthreads/sysdeps/i386/tls.h |    2 --
+ 7 files changed, 46 insertions(+), 29 deletions(-)
+
+diff --git a/libpthread/linuxthreads/descr.h b/libpthread/linuxthreads/descr.h
+index 24ec30b..47a9acd 100644
+--- a/libpthread/linuxthreads/descr.h
++++ b/libpthread/linuxthreads/descr.h
+@@ -123,9 +123,7 @@ struct _pthread_descr_struct
+       union dtv *dtvp;
+       pthread_descr self;	/* Pointer to this structure */
+       int multiple_threads;
+-# ifdef NEED_DL_SYSINFO
+       uintptr_t sysinfo;
+-# endif
+     } data;
+     void *__padding[16];
+   } p_header;
+diff --git a/libpthread/linuxthreads/manager.c b/libpthread/linuxthreads/manager.c
+index be1e8d2..b068d6c 100644
+--- a/libpthread/linuxthreads/manager.c
++++ b/libpthread/linuxthreads/manager.c
+@@ -742,15 +742,15 @@ static int pthread_handle_create(pthread_t *thread, const pthread_attr_t *attr,
+ 	  pid = __clone2(pthread_start_thread_event,
+   		 (void **)new_thread_bottom,
+ 			 (char *)stack_addr - new_thread_bottom,
+-			 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
++			 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM |
+ 			 __pthread_sig_cancel, new_thread);
+ #elif _STACK_GROWS_UP
+ 	  pid = __clone(pthread_start_thread_event, (void *) new_thread_bottom,
+-			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
++			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM |
+ 			__pthread_sig_cancel, new_thread);
+ #else
+ 	  pid = __clone(pthread_start_thread_event, stack_addr,
+-			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
++			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM |
+ 			__pthread_sig_cancel, new_thread);
+ #endif
+ 	  saved_errno = errno;
+@@ -783,15 +783,15 @@ static int pthread_handle_create(pthread_t *thread, const pthread_attr_t *attr,
+       pid = __clone2(pthread_start_thread,
+ 		     (void **)new_thread_bottom,
+                      (char *)stack_addr - new_thread_bottom,
+-		     CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
++		     CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM |
+ 		     __pthread_sig_cancel, new_thread);
+ #elif _STACK_GROWS_UP
+       pid = __clone(pthread_start_thread, (void *) new_thread_bottom,
+-		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
++		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM |
+ 		    __pthread_sig_cancel, new_thread);
+ #else
+       pid = __clone(pthread_start_thread, stack_addr,
+-		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
++		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM |
+ 		    __pthread_sig_cancel, new_thread);
+ #endif /* !NEED_SEPARATE_REGISTER_STACK */
+       saved_errno = errno;
+@@ -892,10 +892,11 @@ static void pthread_free(pthread_descr th)
+ #ifdef _STACK_GROWS_UP
+ # ifdef USE_TLS
+       size_t stacksize = guardaddr - th->p_stackaddr;
++      guardaddr = th->p_stackaddr;
+ # else
+       size_t stacksize = guardaddr - (char *)th;
+-# endif
+       guardaddr = (char *)th;
++# endif
+ #else
+       /* Guardaddr is always set, even if guardsize is 0.  This allows
+ 	 us to compute everything else.  */
+diff --git a/libpthread/linuxthreads/pthread.c b/libpthread/linuxthreads/pthread.c
+index 91333f2..4d1d906 100644
+--- a/libpthread/linuxthreads/pthread.c
++++ b/libpthread/linuxthreads/pthread.c
+@@ -740,17 +740,17 @@ int __pthread_initialize_manager(void)
+ 	  pid = __clone2(__pthread_manager_event,
+ 			 (void **) __pthread_manager_thread_bos,
+ 			 THREAD_MANAGER_STACK_SIZE,
+-			 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND,
++			 CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM,
+ 			 mgr);
+ #elif _STACK_GROWS_UP
+ 	  pid = __clone(__pthread_manager_event,
+ 			(void **) __pthread_manager_thread_bos,
+-			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND,
++			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM,
+ 			mgr);
+ #else
+ 	  pid = __clone(__pthread_manager_event,
+ 			(void **) __pthread_manager_thread_tos,
+-			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND,
++			CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM,
+ 			mgr);
+ #endif
+ 
+@@ -780,13 +780,13 @@ int __pthread_initialize_manager(void)
+ #ifdef NEED_SEPARATE_REGISTER_STACK
+       pid = __clone2(__pthread_manager, (void **) __pthread_manager_thread_bos,
+ 		     THREAD_MANAGER_STACK_SIZE,
+-		     CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND, mgr);
++		     CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM, mgr);
+ #elif _STACK_GROWS_UP
+       pid = __clone(__pthread_manager, (void **) __pthread_manager_thread_bos,
+-		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND, mgr);
++		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM, mgr);
+ #else
+       pid = __clone(__pthread_manager, (void **) __pthread_manager_thread_tos,
+-		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND, mgr);
++		    CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_SYSVSEM, mgr);
+ #endif
+     }
+   if (__builtin_expect (pid, 0) == -1) {
+@@ -972,6 +972,10 @@ static void pthread_onexit_process(int retcode, void *arg)
+     struct pthread_request request;
+     pthread_descr self = thread_self();
+ 
++    /* Make sure we come back here after suspend(), in case we entered
++       from a signal handler.  */
++    THREAD_SETMEM(self, p_signal_jmp, NULL);
++
+     request.req_thread = self;
+     request.req_kind = REQ_PROCESS_EXIT;
+     request.req_args.exit.code = retcode;
+@@ -1201,13 +1205,13 @@ void __pthread_wait_for_restart_signal(pthread_descr self)
+ 
+ void __pthread_restart_old(pthread_descr th)
+ {
+-  if (atomic_increment(&th->p_resume_count) == -1)
++  if (pthread_atomic_increment(&th->p_resume_count) == -1)
+     kill(th->p_pid, __pthread_sig_restart);
+ }
+ 
+ void __pthread_suspend_old(pthread_descr self)
+ {
+-  if (atomic_decrement(&self->p_resume_count) <= 0)
++  if (pthread_atomic_decrement(&self->p_resume_count) <= 0)
+     __pthread_wait_for_restart_signal(self);
+ }
+ 
+@@ -1218,7 +1222,7 @@ __pthread_timedsuspend_old(pthread_descr self, const struct timespec *abstime)
+   int was_signalled = 0;
+   sigjmp_buf jmpbuf;
+ 
+-  if (atomic_decrement(&self->p_resume_count) == 0) {
++  if (pthread_atomic_decrement(&self->p_resume_count) == 0) {
+     /* Set up a longjmp handler for the restart signal, unblock
+        the signal and sleep. */
+ 
+@@ -1275,9 +1279,9 @@ __pthread_timedsuspend_old(pthread_descr self, const struct timespec *abstime)
+      being delivered. */
+ 
+   if (!was_signalled) {
+-    if (atomic_increment(&self->p_resume_count) != -1) {
++    if (pthread_atomic_increment(&self->p_resume_count) != -1) {
+       __pthread_wait_for_restart_signal(self);
+-      atomic_decrement(&self->p_resume_count); /* should be zero now! */
++      pthread_atomic_decrement(&self->p_resume_count); /* should be zero now! */
+       /* woke spontaneously and consumed restart signal */
+       return 1;
+     }
+diff --git a/libpthread/linuxthreads/specific.c b/libpthread/linuxthreads/specific.c
+index 92eec3d..764bf1e 100644
+--- a/libpthread/linuxthreads/specific.c
++++ b/libpthread/linuxthreads/specific.c
+@@ -104,13 +104,14 @@ int pthread_key_delete(pthread_key_t key)
+      that if the key is reallocated later by pthread_key_create, its
+      associated values will be NULL in all threads.
+ 
+-     If no threads have been created yet, clear it just in the
+-     current thread.  */
++     If no threads have been created yet, or if we are exiting, clear
++     it just in the current thread.  */
+ 
+   struct pthread_key_delete_helper_args args;
+   args.idx1st = key / PTHREAD_KEY_2NDLEVEL_SIZE;
+   args.idx2nd = key % PTHREAD_KEY_2NDLEVEL_SIZE;
+-  if (__pthread_manager_request != -1)
++  if (__pthread_manager_request != -1
++      && !(__builtin_expect (__pthread_exit_requested, 0)))
+     {
+       struct pthread_request request;
+ 
+@@ -203,8 +204,9 @@ void __pthread_destroy_specifics()
+   __pthread_lock(THREAD_GETMEM(self, p_lock), self);
+   for (i = 0; i < PTHREAD_KEY_1STLEVEL_SIZE; i++) {
+     if (THREAD_GETMEM_NC(self, p_specific[i]) != NULL) {
+-      free(THREAD_GETMEM_NC(self, p_specific[i]));
++      void *p = THREAD_GETMEM_NC(self, p_specific[i]);
+       THREAD_SETMEM_NC(self, p_specific[i], NULL);
++      free(p);
+     }
+   }
+   __pthread_unlock(THREAD_GETMEM(self, p_lock));
+diff --git a/libpthread/linuxthreads/spinlock.c b/libpthread/linuxthreads/spinlock.c
+index f325402..f0cf19c 100644
+--- a/libpthread/linuxthreads/spinlock.c
++++ b/libpthread/linuxthreads/spinlock.c
+@@ -637,8 +637,20 @@ void __pthread_alt_unlock(struct _pthread_fastlock *lock)
+ #if defined HAS_COMPARE_AND_SWAP
+ 	wait_node_dequeue(pp_head, pp_max_prio, p_max_prio);
+ #endif
++
++      /* Release the spinlock *before* restarting.  */
++#if defined TEST_FOR_COMPARE_AND_SWAP
++      if (!__pthread_has_cas)
++#endif
++#if !defined HAS_COMPARE_AND_SWAP || defined TEST_FOR_COMPARE_AND_SWAP
++	{
++	  __pthread_release(&lock->__spinlock);
++	}
++#endif
++
+       restart(p_max_prio->thr);
+-      break;
++
++      return;
+     }
+   }
+ 
+diff --git a/libpthread/linuxthreads/spinlock.h b/libpthread/linuxthreads/spinlock.h
+index 210ead4..2a3c227 100644
+--- a/libpthread/linuxthreads/spinlock.h
++++ b/libpthread/linuxthreads/spinlock.h
+@@ -172,7 +172,8 @@ static __inline__ int __pthread_alt_trylock (struct _pthread_fastlock * lock)
+ 
+ /* Operations on pthread_atomic, which is defined in internals.h */
+ 
+-static __inline__ long atomic_increment(struct pthread_atomic *pa)
++static __inline__ long
++pthread_atomic_increment (struct pthread_atomic *pa)
+ {
+     long oldval;
+ 
+@@ -184,7 +185,8 @@ static __inline__ long atomic_increment(struct pthread_atomic *pa)
+ }
+ 
+ 
+-static __inline__ long atomic_decrement(struct pthread_atomic *pa)
++static __inline__ long
++pthread_atomic_decrement (struct pthread_atomic *pa)
+ {
+     long oldval;
+ 
+diff --git a/libpthread/linuxthreads/sysdeps/i386/tls.h b/libpthread/linuxthreads/sysdeps/i386/tls.h
+index 2abd3a0..4c9b680 100644
+--- a/libpthread/linuxthreads/sysdeps/i386/tls.h
++++ b/libpthread/linuxthreads/sysdeps/i386/tls.h
+@@ -46,9 +46,7 @@ typedef struct
+   dtv_t *dtv;
+   void *self;		/* Pointer to the thread descriptor.  */
+   int multiple_threads;
+-#ifdef NEED_DL_SYSINFO
+   uintptr_t sysinfo;
+-#endif
+ } tcbhead_t;
+ 
+ #else /* __ASSEMBLER__ */
+-- 
+1.6.3.2
+
diff --git a/main/uclibc/0002-add-hidden-aliases-for-openat-funcs.patch b/main/uclibc/0002-add-hidden-aliases-for-openat-funcs.patch
new file mode 100644
index 0000000000..03fddbf98e
--- /dev/null
+++ b/main/uclibc/0002-add-hidden-aliases-for-openat-funcs.patch
@@ -0,0 +1,78 @@
+From 3f2b14f91f253d8e71b3f089b6864be9fcfbb09a Mon Sep 17 00:00:00 2001
+From: Mike Frysinger <vapier@gentoo.org>
+Date: Wed, 22 Jul 2009 01:48:08 -0400
+Subject: [PATCH 2/2] add hidden aliases for openat funcs
+
+openat64() uses openat(), so we need hidden aliases for it.
+
+Signed-off-by: Mike Frysinger <vapier@gentoo.org>
+---
+ include/fcntl.h                      |    2 ++
+ libc/sysdeps/linux/common/openat.c   |    7 +++++++
+ libc/sysdeps/linux/common/openat64.c |    7 +++++++
+ 3 files changed, 16 insertions(+), 0 deletions(-)
+
+diff --git a/include/fcntl.h b/include/fcntl.h
+index 084ee8c..7ce3150 100644
+--- a/include/fcntl.h
++++ b/include/fcntl.h
+@@ -119,6 +119,7 @@ extern int open64 (__const char *__file, int __oflag, ...) __nonnull ((1));
+ # ifndef __USE_FILE_OFFSET64
+ extern int openat (int __fd, __const char *__file, int __oflag, ...)
+      __nonnull ((2));
++libc_hidden_proto(openat)
+ # else
+ #  ifdef __REDIRECT
+ extern int __REDIRECT (openat, (int __fd, __const char *__file, int __oflag,
+@@ -130,6 +131,7 @@ extern int __REDIRECT (openat, (int __fd, __const char *__file, int __oflag,
+ 
+ extern int openat64 (int __fd, __const char *__file, int __oflag, ...)
+      __nonnull ((2));
++libc_hidden_proto(openat64)
+ #endif
+ 
+ /* Create and open FILE, with mode MODE.  This takes an `int' MODE
+diff --git a/libc/sysdeps/linux/common/openat.c b/libc/sysdeps/linux/common/openat.c
+index 33bd606..8380ec6 100644
+--- a/libc/sysdeps/linux/common/openat.c
++++ b/libc/sysdeps/linux/common/openat.c
+@@ -12,7 +12,14 @@
+ #undef openat
+ 
+ #ifdef __NR_openat
++/* The openat() prototype is varargs based, but we don't care about that
++ * here, so need to provide our own dedicated signature.
++ */
++extern int openat(int fd, const char *file, int oflag, mode_t mode);
++libc_hidden_proto(openat)
++
+ _syscall4(int, openat, int, fd, const char *, file, int, oflag, mode_t, mode)
++libc_hidden_def(openat)
+ #else
+ /* should add emulation with open() and /proc/self/fd/ ... */
+ #endif
+diff --git a/libc/sysdeps/linux/common/openat64.c b/libc/sysdeps/linux/common/openat64.c
+index 75711aa..06a5819 100644
+--- a/libc/sysdeps/linux/common/openat64.c
++++ b/libc/sysdeps/linux/common/openat64.c
+@@ -14,10 +14,17 @@
+ #ifdef __UCLIBC_HAS_LFS__
+ 
+ #ifdef __NR_openat
++/* The openat() prototype is varargs based, but we don't care about that
++ * here, so need to provide our own dedicated signature.
++ */
++extern int openat64(int fd, const char *file, int oflag, mode_t mode);
++libc_hidden_proto(openat64)
++
+ int openat64(int fd, const char *file, int oflag, mode_t mode)
+ {
+ 	return openat(fd, file, oflag | O_LARGEFILE, mode);
+ }
++libc_hidden_def(openat64)
+ #else
+ /* should add emulation with open() and /proc/self/fd/ ... */
+ #endif
+-- 
+1.6.3.3
+
diff --git a/main/uclibc/0003-remove-libc_hidden_def-mknodat.patch b/main/uclibc/0003-remove-libc_hidden_def-mknodat.patch
new file mode 100644
index 0000000000..af6dda8a8b
--- /dev/null
+++ b/main/uclibc/0003-remove-libc_hidden_def-mknodat.patch
@@ -0,0 +1,24 @@
+From 35d0f8c3a46d139d49b0e3158f0192bc327beb3d Mon Sep 17 00:00:00 2001
+From: Natanael Copa <ncopa@alpinelinux.org>
+Date: Fri, 24 Jul 2009 13:46:36 +0000
+Subject: [PATCH 3/3] remove libc_hidden_def(mknodat)
+
+---
+ libc/sysdeps/linux/common/mknodat.c |    1 -
+ 1 files changed, 0 insertions(+), 1 deletions(-)
+
+diff --git a/libc/sysdeps/linux/common/mknodat.c b/libc/sysdeps/linux/common/mknodat.c
+index 93b9e6e..8ffcaae 100644
+--- a/libc/sysdeps/linux/common/mknodat.c
++++ b/libc/sysdeps/linux/common/mknodat.c
+@@ -19,7 +19,6 @@ int mknodat(int fd, const char *path, mode_t mode, dev_t dev)
+ 
+ 	return INLINE_SYSCALL(mknodat, 4, fd, path, mode, (unsigned int)k_dev);
+ }
+-libc_hidden_def(mknodat)
+ #else
+ /* should add emulation with mknod() and /proc/self/fd/ ... */
+ #endif
+-- 
+1.6.3.3
+
diff --git a/main/uclibc/APKBUILD b/main/uclibc/APKBUILD
new file mode 100644
index 0000000000..c21385550a
--- /dev/null
+++ b/main/uclibc/APKBUILD
@@ -0,0 +1,74 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=uclibc
+pkgver=0.9.30.1
+pkgrel=12
+pkgdesc="C library for developing embedded Linux systems"
+url=http://uclibc.org
+license="LGPL-2"
+_mynamever=uClibc-$pkgver
+
+subpackages="$pkgname-dev"
+depends_dev="linux-headers"
+
+source="http://uclibc.org/downloads/$_mynamever.tar.bz2
+	$pkgname-0.9.30.1-resolv.patch
+	uclibc-0.9.30.1-pthread_getattr_np.patch
+	0001-ldd-segfault-fix.patch
+	0001-linuxthreads-fixes-from-Will-Newton-will.newton-AT-g.patch
+	pthread-new-aliasing-fix.diff
+	uclibc-resolv-cname-fix.diff
+	uclibc-i386-floating-stacks.diff
+	ppoll.patch
+	uclibc-fork-hook.diff
+	uclibcconfig
+	"
+# backport openat funcs
+source="$source
+	0001-first-pass-at-implementing-at-funcs.patch
+	0002-add-hidden-aliases-for-openat-funcs.patch
+	0003-remove-libc_hidden_def-mknodat.patch
+	"
+
+_prepare() {
+	local i gcc_major
+	cd "$srcdir/$_mynamever/"
+	# patches goes here
+	for i in ../*.patch ../*.diff; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+}
+
+_compile() {
+	cd "$srcdir/$_mynamever/"
+	cp ../uclibcconfig .config
+	make silentoldconfig
+	# this is a hack to get uclibc-i386-floating-stacks.diff working
+	touch libc/sysdeps/linux/i386/sysdep.h
+	make || return 1
+}
+
+_install() {
+	cd "$srcdir/$_mynamever/"
+	make install DESTDIR="$pkgdir" install_utils
+	install -Dm755 extra/scripts/getent "$pkgdir"/usr/bin/getent
+}
+
+build() {
+	_prepare && _compile && _install
+}
+
+md5sums="1a4b84e5536ad8170563ffa88c34679c  uClibc-0.9.30.1.tar.bz2
+ea91460617601b6e084ead66bc3948f5  uclibc-0.9.30.1-resolv.patch
+cf80c0d44a41e02f389be427ee615d61  uclibc-0.9.30.1-pthread_getattr_np.patch
+4079b20c763727863bc53408e4988434  0001-ldd-segfault-fix.patch
+bcd1c4c9c87f092fb4631559e6ec13ba  0001-linuxthreads-fixes-from-Will-Newton-will.newton-AT-g.patch
+969187e1da84d0a0a5957b392a3d5a2b  pthread-new-aliasing-fix.diff
+bbb8475963e791f596c34c81ef5583d7  uclibc-resolv-cname-fix.diff
+0b3966ab7774ac42ecf34a7b596c661b  uclibc-i386-floating-stacks.diff
+60738298e377295d359768a09adac0bb  ppoll.patch
+55bb709f5efd937df323f0d39a202cfd  uclibc-fork-hook.diff
+329b92fec717c8808c3fa9ffd68f2dfb  0001-first-pass-at-implementing-at-funcs.patch
+7ffa41082d9de2bc512b4bed9577bdf9  0002-add-hidden-aliases-for-openat-funcs.patch
+e12c647716eef19dd4ad08602dcc435b  0003-remove-libc_hidden_def-mknodat.patch
+0a87f57d3e5001027f43b7c959d96319  uclibcconfig"
diff --git a/main/uclibc/ppoll.patch b/main/uclibc/ppoll.patch
new file mode 100644
index 0000000000..e73733e216
--- /dev/null
+++ b/main/uclibc/ppoll.patch
@@ -0,0 +1,59 @@
+commit f82635e74a7e174f71f955eaa4f5dc788e596cc0
+Author: Denis Vlasenko <vda.linux@googlemail.com>
+Date:   Wed Jan 28 23:42:01 2009 +0000
+
+    fix ppoll. we forgot to pass 5th parameter to the syscall
+
+diff --git a/libc/sysdeps/linux/common/ppoll.c b/libc/sysdeps/linux/common/ppoll.c
+index edcb1dc..d550ae8 100644
+--- a/libc/sysdeps/linux/common/ppoll.c
++++ b/libc/sysdeps/linux/common/ppoll.c
+@@ -17,6 +17,7 @@
+    Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+    02111-1307 USA.  */
+ 
++#include <signal.h>
+ #include <sys/syscall.h>
+ #include <sys/poll.h>
+ 
+@@ -26,24 +27,26 @@
+ 
+ # define __NR___libc_ppoll __NR_ppoll
+ static __always_inline
+-_syscall4(int, __libc_ppoll, struct pollfd *, fds,
+-	nfds_t, nfds, const struct timespec *, timeout,
+-	const __sigset_t *, sigmask)
++_syscall5(int, __libc_ppoll,
++	struct pollfd *, fds,
++	nfds_t, nfds,
++	const struct timespec *, timeout,
++	const __sigset_t *, sigmask,
++	size_t, sigsetsize)
+ 
+ int
+-ppoll (struct pollfd *fds, nfds_t nfds, const struct timespec *timeout,
++ppoll(struct pollfd *fds, nfds_t nfds, const struct timespec *timeout,
+        const __sigset_t *sigmask)
+ {
+-  /* The Linux kernel can in some situations update the timeout value.
+-     We do not want that so use a local variable.  */
+-  struct timespec tval;
+-  if (timeout != NULL)
+-    {
+-      tval = *timeout;
+-      timeout = &tval;
+-    }
+-
+-  return __libc_ppoll(fds, nfds, timeout, sigmask);
++	/* The Linux kernel can in some situations update the timeout value.
++	   We do not want that so use a local variable.  */
++	struct timespec tval;
++	if (timeout != NULL) {
++		tval = *timeout;
++		timeout = &tval;
++	}
++
++	return __libc_ppoll(fds, nfds, timeout, sigmask, _NSIG / 8);
+ }
+ libc_hidden_def(ppoll)
+ 
diff --git a/main/uclibc/pthread-new-aliasing-fix.diff b/main/uclibc/pthread-new-aliasing-fix.diff
new file mode 100644
index 0000000000..2b2b37723a
--- /dev/null
+++ b/main/uclibc/pthread-new-aliasing-fix.diff
@@ -0,0 +1,147 @@
+diff --git a/libpthread/linuxthreads/cancel.c b/libpthread/linuxthreads/cancel.c
+index 3435680..1412b57 100644
+--- a/libpthread/linuxthreads/cancel.c
++++ b/libpthread/linuxthreads/cancel.c
+@@ -152,8 +152,8 @@ void pthread_testcancel(void)
+     __pthread_do_exit(PTHREAD_CANCELED, CURRENT_STACK_FRAME);
+ }
+ 
+-void _pthread_cleanup_push(struct _pthread_cleanup_buffer * buffer,
+-			   void (*routine)(void *), void * arg)
++void __pthread_cleanup_push(struct _pthread_cleanup_buffer * buffer,
++			    void (*routine)(void *), void * arg)
+ {
+   pthread_descr self = thread_self();
+   buffer->__routine = routine;
+@@ -163,17 +163,19 @@ void _pthread_cleanup_push(struct _pthread_cleanup_buffer * buffer,
+     buffer->__prev = NULL;
+   THREAD_SETMEM(self, p_cleanup, buffer);
+ }
++strong_alias(__pthread_cleanup_push, _pthread_cleanup_push);
+ 
+-void _pthread_cleanup_pop(struct _pthread_cleanup_buffer * buffer,
+-			  int execute)
++void __pthread_cleanup_pop(struct _pthread_cleanup_buffer * buffer,
++			   int execute)
+ {
+   pthread_descr self = thread_self();
+   if (execute) buffer->__routine(buffer->__arg);
+   THREAD_SETMEM(self, p_cleanup, buffer->__prev);
+ }
++strong_alias(__pthread_cleanup_pop, _pthread_cleanup_pop);
+ 
+-void _pthread_cleanup_push_defer(struct _pthread_cleanup_buffer * buffer,
+-				 void (*routine)(void *), void * arg)
++void __pthread_cleanup_push_defer(struct _pthread_cleanup_buffer * buffer,
++				  void (*routine)(void *), void * arg)
+ {
+   pthread_descr self = thread_self();
+   buffer->__routine = routine;
+@@ -185,9 +187,10 @@ void _pthread_cleanup_push_defer(struct _pthread_cleanup_buffer * buffer,
+   THREAD_SETMEM(self, p_canceltype, PTHREAD_CANCEL_DEFERRED);
+   THREAD_SETMEM(self, p_cleanup, buffer);
+ }
++strong_alias(__pthread_cleanup_push_defer, _pthread_cleanup_push_defer);
+ 
+-void _pthread_cleanup_pop_restore(struct _pthread_cleanup_buffer * buffer,
+-				  int execute)
++void __pthread_cleanup_pop_restore(struct _pthread_cleanup_buffer * buffer,
++				   int execute)
+ {
+   pthread_descr self = thread_self();
+   if (execute) buffer->__routine(buffer->__arg);
+@@ -198,6 +201,7 @@ void _pthread_cleanup_pop_restore(struct _pthread_cleanup_buffer * buffer,
+       THREAD_GETMEM(self, p_canceltype) == PTHREAD_CANCEL_ASYNCHRONOUS)
+     __pthread_do_exit(PTHREAD_CANCELED, CURRENT_STACK_FRAME);
+ }
++strong_alias(__pthread_cleanup_pop_restore, _pthread_cleanup_pop_restore);
+ 
+ extern void __rpc_thread_destroy(void);
+ void __pthread_perform_cleanup(char *currentframe)
+diff --git a/libpthread/linuxthreads/forward.c b/libpthread/linuxthreads/forward.c
+index f9f8ea1..385e79f 100644
+--- a/libpthread/linuxthreads/forward.c
++++ b/libpthread/linuxthreads/forward.c
+@@ -24,6 +24,10 @@
+ /* psm: keep this before internals.h */
+ /* libc_hidden_proto(exit) */
+ 
++#define hidden_strong_alias(name, aliasname) \
++  extern __typeof (name) aliasname __attribute__ ((alias (#name), \
++                                                   visibility ("hidden")));
++
+ #include "internals.h"
+ 
+ /* Pointers to the libc functions.  */
+@@ -104,8 +108,7 @@ FORWARD (pthread_equal, (pthread_t thread1, pthread_t thread2),
+ 
+ /* Use an alias to avoid warning, as pthread_exit is declared noreturn.  */
+ FORWARD2 (__pthread_exit, void, (void *retval), (retval), exit (EXIT_SUCCESS))
+-strong_alias (__pthread_exit, pthread_exit)
+-
++hidden_strong_alias (__pthread_exit, pthread_exit)
+ 
+ FORWARD (pthread_getschedparam,
+ 	 (pthread_t target_thread, int *policy, struct sched_param *param),
+@@ -120,16 +123,16 @@ FORWARD (pthread_mutex_destroy, (pthread_mutex_t *mutex), (mutex), 0)
+ FORWARD (pthread_mutex_init,
+ 	 (pthread_mutex_t *mutex, const pthread_mutexattr_t *mutexattr),
+ 	 (mutex, mutexattr), 0)
+-strong_alias(pthread_mutex_init, __pthread_mutex_init)
++hidden_strong_alias(pthread_mutex_init, __pthread_mutex_init)
+ 
+ FORWARD (pthread_mutex_lock, (pthread_mutex_t *mutex), (mutex), 0)
+-strong_alias(pthread_mutex_lock, __pthread_mutex_lock)
++hidden_strong_alias(pthread_mutex_lock, __pthread_mutex_lock)
+ 
+ FORWARD (pthread_mutex_trylock, (pthread_mutex_t *mutex), (mutex), 0)
+-strong_alias(pthread_mutex_trylock, __pthread_mutex_trylock)
++hidden_strong_alias(pthread_mutex_trylock, __pthread_mutex_trylock)
+ 
+ FORWARD (pthread_mutex_unlock, (pthread_mutex_t *mutex), (mutex), 0)
+-strong_alias(pthread_mutex_unlock, __pthread_mutex_unlock)
++hidden_strong_alias(pthread_mutex_unlock, __pthread_mutex_unlock)
+ 
+ FORWARD2 (pthread_self, pthread_t, (void), (), return 0)
+ 
+diff --git a/libpthread/linuxthreads/internals.h b/libpthread/linuxthreads/internals.h
+index eb0a519..4ad6a0d 100644
+--- a/libpthread/linuxthreads/internals.h
++++ b/libpthread/linuxthreads/internals.h
+@@ -380,6 +380,17 @@ extern int __pthread_setschedparam (pthread_t thread, int policy,
+ extern int __pthread_setcancelstate (int state, int * oldstate);
+ extern int __pthread_setcanceltype (int type, int * oldtype);
+ 
++extern void __pthread_cleanup_push (struct _pthread_cleanup_buffer *__buffer,
++                                    void (*__routine) (void *),
++                                    void *__arg) __THROW;
++extern void __pthread_cleanup_pop (struct _pthread_cleanup_buffer *__buffer,
++                                   int __execute) __THROW;
++extern void __pthread_cleanup_push_defer (struct _pthread_cleanup_buffer *__buffer,
++                                          void (*__routine) (void *),
++                                          void *__arg) __THROW;
++extern void __pthread_cleanup_pop_restore (struct _pthread_cleanup_buffer *__buffer,
++                                           int __execute) __THROW;
++
+ extern void __pthread_restart_old(pthread_descr th);
+ extern void __pthread_suspend_old(pthread_descr self);
+ extern int __pthread_timedsuspend_old(pthread_descr self, const struct timespec *abstime);
+diff --git a/libpthread/linuxthreads/pthread.c b/libpthread/linuxthreads/pthread.c
+index 4d1d906..012b74b 100644
+--- a/libpthread/linuxthreads/pthread.c
++++ b/libpthread/linuxthreads/pthread.c
+@@ -280,10 +280,10 @@ struct pthread_functions __pthread_functions =
+     .ptr_pthread_sigaction = __pthread_sigaction,
+     .ptr_pthread_sigwait = __pthread_sigwait,
+     .ptr_pthread_raise = __pthread_raise,
+-    .ptr__pthread_cleanup_push = _pthread_cleanup_push,
+-    .ptr__pthread_cleanup_push_defer = _pthread_cleanup_push_defer,
+-    .ptr__pthread_cleanup_pop = _pthread_cleanup_pop,
+-    .ptr__pthread_cleanup_pop_restore = _pthread_cleanup_pop_restore,
++    .ptr__pthread_cleanup_push = __pthread_cleanup_push,
++    .ptr__pthread_cleanup_push_defer = __pthread_cleanup_push_defer,
++    .ptr__pthread_cleanup_pop = __pthread_cleanup_pop,
++    .ptr__pthread_cleanup_pop_restore = __pthread_cleanup_pop_restore,
+   };
+ #ifdef SHARED
+ # define ptr_pthread_functions &__pthread_functions
diff --git a/main/uclibc/uclibc-0.9.30.1-pthread_getattr_np.patch b/main/uclibc/uclibc-0.9.30.1-pthread_getattr_np.patch
new file mode 100644
index 0000000000..28469be236
--- /dev/null
+++ b/main/uclibc/uclibc-0.9.30.1-pthread_getattr_np.patch
@@ -0,0 +1,137 @@
+--- uClibc-0.9.30.1.orig/libpthread/linuxthreads.old/sysdeps/pthread/pthread.h	2009-03-30 15:01:48.000000000 +0000
++++ uClibc-0.9.30.1/libpthread/linuxthreads.old/sysdeps/pthread/pthread.h	2009-03-30 15:48:16.000000000 +0000
+@@ -288,16 +288,12 @@
+ 				      __attr, size_t *__restrict __stacksize)
+      __THROW;
+ 
+-#if 0
+-/* Not yet implemented in uClibc! */
+-
+ #ifdef __USE_GNU
+ /* Initialize thread attribute *ATTR with attributes corresponding to the
+    already running thread TH.  It shall be called on uninitialized ATTR
+    and destroyed with pthread_attr_destroy when no longer needed.  */
+ extern int pthread_getattr_np (pthread_t __th, pthread_attr_t *__attr) __THROW;
+ #endif
+-#endif
+ 
+ /* Functions for scheduling control.  */
+ 
+@@ -599,6 +595,11 @@
+    cancelled.  */
+ extern void pthread_testcancel (void);
+ 
++/* Return the previously set address for the stack.  */
++extern int pthread_attr_getstack (__const pthread_attr_t *__restrict __attr,
++				  void **__restrict __stackaddr,
++				  size_t *__restrict __stacksize) __THROW;
++
+ 
+ /* Install a cleanup handler: ROUTINE will be called with arguments ARG
+    when the thread is cancelled or calls pthread_exit.  ROUTINE will also
+--- a/libpthread/linuxthreads.old/attr.c.orig	2007-11-22 16:55:08.000000000 +0000
++++ b/libpthread/linuxthreads.old/attr.c	2009-03-30 19:15:51.000000000 +0000
+@@ -38,6 +38,14 @@
+ libpthread_hidden_proto(pthread_attr_getscope)
+ libpthread_hidden_proto(pthread_attr_setscope)
+ 
++#include <sys/resource.h>
++#include <inttypes.h>
++#include <stdio.h>
++#include <stdio_ext.h>
++#include <stdlib.h>
++#include <sys/resource.h>
++
++
+ /* NOTE: With uClibc I don't think we need this versioning stuff.
+  * Therefore, define the function pthread_attr_init() here using
+  * a strong symbol. */
+@@ -235,4 +243,88 @@
+   *stacksize = attr->__stacksize;
+   return 0;
+ }
++
++
++extern int *__libc_stack_end;
++
+ weak_alias (__pthread_attr_getstacksize, pthread_attr_getstacksize)
++int pthread_getattr_np(pthread_t thread, pthread_attr_t *attr)
++{
++    static void *stackBase = 0;
++    static size_t stackSize = 0;
++    int ret = 0;
++    /* Stack size limit.  */
++    struct rlimit rl;
++
++    /* The safest way to get the top of the stack is to read
++    /proc/self/maps and locate the line into which
++    __libc_stack_end falls.  */
++    FILE *fp = fopen("/proc/self/maps", "rc");
++    if (fp == NULL)
++        ret = errno;
++    /* We need the limit of the stack in any case.  */
++    else if (getrlimit (RLIMIT_STACK, &rl) != 0)
++        ret = errno;
++    else {
++        /* We need no locking.  */
++        __fsetlocking (fp, FSETLOCKING_BYCALLER);
++
++        /* Until we found an entry (which should always be the case)
++        mark the result as a failure.  */
++        ret = ENOENT;
++
++        char *line = NULL;
++        size_t linelen = 0;
++        uintptr_t last_to = 0;
++
++        while (! feof_unlocked (fp)) {
++            if (getdelim (&line, &linelen, '\n', fp) <= 0)
++                break;
++
++            uintptr_t from;
++            uintptr_t to;
++            if (sscanf (line, "%x-%x", &from, &to) != 2)
++                continue;
++            if (from <= (uintptr_t) __libc_stack_end
++            && (uintptr_t) __libc_stack_end < to) {
++                /* Found the entry.  Now we have the info we need.  */
++                attr->__stacksize = rl.rlim_cur;
++#ifdef _STACK_GROWS_UP
++                /* Don't check to enforce a limit on the __stacksize */
++                attr->__stackaddr = (void *) from;
++#else
++                attr->__stackaddr = (void *) to;
++
++                /* The limit might be too high.  */
++                if ((size_t) attr->__stacksize > (size_t) attr->__stackaddr - last_to)
++                    attr->__stacksize = (size_t) attr->__stackaddr - last_to;
++#endif
++
++                /* We succeed and no need to look further.  */
++                ret = 0;
++                break;
++            }
++            last_to = to;
++        }
++
++        fclose (fp);
++        free (line);
++    }
++    return ret;
++}
++
++int __pthread_attr_getstack (const pthread_attr_t *attr, void **stackaddr,
++			     size_t *stacksize)
++{
++  /* XXX This function has a stupid definition.  The standard specifies
++     no error value but what is if no stack address was set?  We simply
++     return the value we have in the member.  */
++#ifndef _STACK_GROWS_UP
++  *stackaddr = (char *) attr->__stackaddr - attr->__stacksize;
++#else
++  *stackaddr = attr->__stackaddr;
++#endif
++  *stacksize = attr->__stacksize;
++  return 0;
++}
++weak_alias (__pthread_attr_getstack, pthread_attr_getstack)
diff --git a/main/uclibc/uclibc-0.9.30.1-resolv.patch b/main/uclibc/uclibc-0.9.30.1-resolv.patch
new file mode 100644
index 0000000000..55b7d991e1
--- /dev/null
+++ b/main/uclibc/uclibc-0.9.30.1-resolv.patch
@@ -0,0 +1,13 @@
+diff -ru uClibc-0.9.30.1.orig/libc/inet/resolv.c uClibc-0.9.30.1/libc/inet/resolv.c
+--- uClibc-0.9.30.1.orig/libc/inet/resolv.c	2009-03-10 15:32:14.000000000 +0000
++++ uClibc-0.9.30.1/libc/inet/resolv.c	2009-03-10 15:39:20.000000000 +0000
+@@ -1331,7 +1331,8 @@
+ 	i = __dns_lookup(dname, type, __nameserversXX, __nameserverXX, &packet, &a);
+ 
+ 	if (i < 0) {
+-		h_errno = TRY_AGAIN;
++		if (!h_errno) /* TODO: can this ever happen? */
++			h_errno = TRY_AGAIN;
+ 		return -1;
+ 	}
+ 
diff --git a/main/uclibc/uclibc-fork-hook.diff b/main/uclibc/uclibc-fork-hook.diff
new file mode 100644
index 0000000000..0126918836
--- /dev/null
+++ b/main/uclibc/uclibc-fork-hook.diff
@@ -0,0 +1,36 @@
+diff --git a/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.c b/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.c
+index e15b99b..70c750d 100644
+--- a/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.c
++++ b/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.c
+@@ -20,6 +20,7 @@
+ #include <errno.h>
+ #include <fork.h>
+ #include <bits/libc-lock.h>
++#include <internals.h>
+ 
+ struct fork_block __fork_block =
+ {
+@@ -28,3 +29,12 @@ struct fork_block __fork_block =
+   .parent_list = { &__fork_block.parent_list, &__fork_block.parent_list },
+   .child_list = { &__fork_block.child_list, &__fork_block.child_list }
+ };
++
++pid_t
++__libc_fork (void)
++{
++  return __libc_maybe_call2 (pthread_fork, (&__fork_block), ARCH_FORK ());
++}
++weak_alias (__libc_fork, __fork)
++libc_hidden_def (__fork)
++weak_alias (__libc_fork, fork)
+diff --git a/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.h b/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.h
+index 85477eb..1e7379e 100644
+--- a/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.h
++++ b/libpthread/linuxthreads/sysdeps/unix/sysv/linux/fork.h
+@@ -54,5 +54,5 @@ extern int __register_atfork (void (*__prepare) (void),
+ 			      void *dso_handle);
+ 
+ #ifndef ARCH_FORK
+-# define ARCH_FORK() __libc_fork()
++# define ARCH_FORK() INLINE_SYSCALL (fork, 0)
+ #endif
diff --git a/main/uclibc/uclibc-i386-floating-stacks.diff b/main/uclibc/uclibc-i386-floating-stacks.diff
new file mode 100644
index 0000000000..553195e69f
--- /dev/null
+++ b/main/uclibc/uclibc-i386-floating-stacks.diff
@@ -0,0 +1,23 @@
+--- uClibc-0.9.30.1/libpthread/linuxthreads/sysdeps/i386/pt-machine.h	Thu Sep 25 13:55:14 2008
++++ /root/uClibc-0.9.30.1-patched/libpthread/linuxthreads/sysdeps/i386/pt-machine.h	Wed Jun 24 13:13:31 2009
+@@ -113,6 +113,8 @@
+ }
+ #endif /* __ASSEMBLER__ */
+ 
++#include "./useldt.h"
++
+ #endif /* pt-machine.h */
+ 
+ #endif
+--- uClibc-0.9.30.1/libpthread/linuxthreads/sysdeps/i386/useldt.h	Tue May 15 00:35:00 2007
++++ /root/uClibc-0.9.30.1-patched/libpthread/linuxthreads/sysdeps/i386/useldt.h	Wed Jun 24 13:22:38 2009
+@@ -23,7 +23,8 @@
+ #include <stddef.h>	/* For offsetof.  */
+ #include <stdlib.h>	/* For abort().	 */
+ #include <sysdep.h>
+-
++#include <sys/syscall.h>
++#include <kernel-features.h>
+ 
+ /* We don't want to include the kernel header.	So duplicate the
+    information.	 */
diff --git a/main/uclibc/uclibc-resolv-cname-fix.diff b/main/uclibc/uclibc-resolv-cname-fix.diff
new file mode 100644
index 0000000000..041e150f35
--- /dev/null
+++ b/main/uclibc/uclibc-resolv-cname-fix.diff
@@ -0,0 +1,16 @@
+--- a/libc/inet/resolv.c.orig	2009-06-18 09:38:26.000000000 +0300
++++ b/libc/inet/resolv.c	2009-06-18 09:38:32.000000000 +0300
+@@ -1337,10 +1337,9 @@ int res_query(const char *dname, int cla
+ 
+ 	free(a.dotted);
+ 
+-	if (a.atype == type) { /* CNAME */
+-		i = MIN(anslen, i);
+-		memcpy(answer, packet, i);
+-	}
++	i = MIN(anslen, i);
++	memcpy(answer, packet, i);
++
+ 	free(packet);
+ 	return i;
+ }
diff --git a/main/uclibc/uclibcconfig b/main/uclibc/uclibcconfig
new file mode 100644
index 0000000000..8cc64d90a8
--- /dev/null
+++ b/main/uclibc/uclibcconfig
@@ -0,0 +1,246 @@
+#
+# Automatically generated make config: don't edit
+# Version: 0.9.30.1
+# Mon Jun 15 09:42:10 2009
+#
+# TARGET_alpha is not set
+# TARGET_arm is not set
+# TARGET_avr32 is not set
+# TARGET_bfin is not set
+# TARGET_cris is not set
+# TARGET_e1 is not set
+# TARGET_frv is not set
+# TARGET_h8300 is not set
+# TARGET_hppa is not set
+TARGET_i386=y
+# TARGET_i960 is not set
+# TARGET_ia64 is not set
+# TARGET_m68k is not set
+# TARGET_microblaze is not set
+# TARGET_mips is not set
+# TARGET_nios is not set
+# TARGET_nios2 is not set
+# TARGET_powerpc is not set
+# TARGET_sh is not set
+# TARGET_sh64 is not set
+# TARGET_sparc is not set
+# TARGET_v850 is not set
+# TARGET_vax is not set
+# TARGET_x86_64 is not set
+# TARGET_xtensa is not set
+
+#
+# Target Architecture Features and Options
+#
+TARGET_ARCH="i386"
+FORCE_OPTIONS_FOR_ARCH=y
+# CONFIG_GENERIC_386 is not set
+# CONFIG_386 is not set
+CONFIG_486=y
+# CONFIG_586 is not set
+# CONFIG_586MMX is not set
+# CONFIG_686 is not set
+# CONFIG_PENTIUMII is not set
+# CONFIG_PENTIUMIII is not set
+# CONFIG_PENTIUM4 is not set
+# CONFIG_K6 is not set
+# CONFIG_K7 is not set
+# CONFIG_ELAN is not set
+# CONFIG_CRUSOE is not set
+# CONFIG_WINCHIPC6 is not set
+# CONFIG_WINCHIP2 is not set
+# CONFIG_CYRIXIII is not set
+# CONFIG_NEHEMIAH is not set
+TARGET_SUBARCH=""
+
+#
+# Using ELF file format
+#
+ARCH_LITTLE_ENDIAN=y
+
+#
+# Using Little Endian
+#
+ARCH_HAS_MMU=y
+ARCH_USE_MMU=y
+UCLIBC_HAS_FLOATS=y
+UCLIBC_HAS_FPU=y
+DO_C99_MATH=y
+UCLIBC_HAS_FENV=y
+UCLIBC_HAS_LONG_DOUBLE_MATH=y
+KERNEL_HEADERS="/usr/include"
+HAVE_DOT_CONFIG=y
+
+#
+# General Library Settings
+#
+# HAVE_NO_PIC is not set
+DOPIC=y
+# ARCH_HAS_NO_SHARED is not set
+# ARCH_HAS_NO_LDSO is not set
+HAVE_SHARED=y
+FORCE_SHAREABLE_TEXT_SEGMENTS=y
+LDSO_LDD_SUPPORT=y
+LDSO_CACHE_SUPPORT=y
+# LDSO_PRELOAD_FILE_SUPPORT is not set
+LDSO_BASE_FILENAME="ld.so"
+UCLIBC_STATIC_LDCONFIG=y
+LDSO_RUNPATH=y
+UCLIBC_CTOR_DTOR=y
+# LDSO_GNU_HASH_SUPPORT is not set
+# HAS_NO_THREADS is not set
+UCLIBC_HAS_THREADS=y
+# PTHREADS_DEBUG_SUPPORT is not set
+# LINUXTHREADS_OLD is not set
+LINUXTHREADS_NEW=y
+UCLIBC_HAS_SYSLOG=y
+UCLIBC_HAS_LFS=y
+# MALLOC is not set
+# MALLOC_SIMPLE is not set
+MALLOC_STANDARD=y
+MALLOC_GLIBC_COMPAT=y
+UCLIBC_DYNAMIC_ATEXIT=y
+COMPAT_ATEXIT=y
+UCLIBC_SUSV3_LEGACY=y
+UCLIBC_SUSV3_LEGACY_MACROS=y
+# UCLIBC_HAS_STUBS is not set
+UCLIBC_HAS_SHADOW=y
+UCLIBC_HAS_PROGRAM_INVOCATION_NAME=y
+UCLIBC_HAS___PROGNAME=y
+UCLIBC_HAS_PTY=y
+ASSUME_DEVPTS=y
+UNIX98PTY_ONLY=y
+# UCLIBC_HAS_GETPT is not set
+UCLIBC_HAS_TM_EXTENSIONS=y
+UCLIBC_HAS_TZ_CACHING=y
+UCLIBC_HAS_TZ_FILE=y
+UCLIBC_HAS_TZ_FILE_READ_MANY=y
+UCLIBC_TZ_FILE_PATH="/etc/TZ"
+
+#
+# Advanced Library Settings
+#
+UCLIBC_PWD_BUFFER_SIZE=256
+UCLIBC_GRP_BUFFER_SIZE=256
+
+#
+# Support various families of functions
+#
+UCLIBC_LINUX_MODULE_24=y
+UCLIBC_LINUX_SPECIFIC=y
+UCLIBC_HAS_GNU_ERROR=y
+UCLIBC_BSD_SPECIFIC=y
+UCLIBC_HAS_BSD_ERR=y
+UCLIBC_HAS_OBSOLETE_BSD_SIGNAL=y
+UCLIBC_HAS_OBSOLETE_SYSV_SIGNAL=y
+# UCLIBC_NTP_LEGACY is not set
+UCLIBC_SV4_DEPRECATED=y
+UCLIBC_HAS_REALTIME=y
+UCLIBC_HAS_ADVANCED_REALTIME=y
+UCLIBC_HAS_EPOLL=y
+UCLIBC_HAS_XATTR=y
+UCLIBC_HAS_PROFILING=y
+UCLIBC_HAS_CRYPT_IMPL=y
+UCLIBC_HAS_CRYPT=y
+UCLIBC_HAS_NETWORK_SUPPORT=y
+UCLIBC_HAS_SOCKET=y
+UCLIBC_HAS_IPV4=y
+UCLIBC_HAS_IPV6=y
+UCLIBC_HAS_RPC=y
+UCLIBC_HAS_FULL_RPC=y
+UCLIBC_HAS_REENTRANT_RPC=y
+UCLIBC_USE_NETLINK=y
+UCLIBC_SUPPORT_AI_ADDRCONFIG=y
+UCLIBC_HAS_BSD_RES_CLOSE=y
+
+#
+# String and Stdio Support
+#
+UCLIBC_HAS_STRING_GENERIC_OPT=y
+UCLIBC_HAS_STRING_ARCH_OPT=y
+UCLIBC_HAS_CTYPE_TABLES=y
+UCLIBC_HAS_CTYPE_SIGNED=y
+# UCLIBC_HAS_CTYPE_UNSAFE is not set
+UCLIBC_HAS_CTYPE_CHECKED=y
+# UCLIBC_HAS_CTYPE_ENFORCED is not set
+UCLIBC_HAS_WCHAR=y
+# UCLIBC_HAS_LOCALE is not set
+UCLIBC_HAS_HEXADECIMAL_FLOATS=y
+UCLIBC_HAS_GLIBC_CUSTOM_PRINTF=y
+UCLIBC_PRINTF_SCANF_POSITIONAL_ARGS=9
+# UCLIBC_HAS_SCANF_GLIBC_A_FLAG is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_NONE is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_256 is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_512 is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_1024 is not set
+# UCLIBC_HAS_STDIO_BUFSIZ_2048 is not set
+UCLIBC_HAS_STDIO_BUFSIZ_4096=y
+# UCLIBC_HAS_STDIO_BUFSIZ_8192 is not set
+UCLIBC_HAS_STDIO_BUILTIN_BUFFER_NONE=y
+# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_4 is not set
+# UCLIBC_HAS_STDIO_BUILTIN_BUFFER_8 is not set
+# UCLIBC_HAS_STDIO_SHUTDOWN_ON_ABORT is not set
+UCLIBC_HAS_STDIO_GETC_MACRO=y
+UCLIBC_HAS_STDIO_PUTC_MACRO=y
+UCLIBC_HAS_STDIO_AUTO_RW_TRANSITION=y
+# UCLIBC_HAS_FOPEN_LARGEFILE_MODE is not set
+UCLIBC_HAS_FOPEN_EXCLUSIVE_MODE=y
+UCLIBC_HAS_GLIBC_CUSTOM_STREAMS=y
+UCLIBC_HAS_PRINTF_M_SPEC=y
+UCLIBC_HAS_ERRNO_MESSAGES=y
+# UCLIBC_HAS_SYS_ERRLIST is not set
+UCLIBC_HAS_SIGNUM_MESSAGES=y
+# UCLIBC_HAS_SYS_SIGLIST is not set
+UCLIBC_HAS_GNU_GETOPT=y
+UCLIBC_HAS_GNU_GETSUBOPT=y
+
+#
+# Big and Tall
+#
+UCLIBC_HAS_REGEX=y
+UCLIBC_HAS_REGEX_OLD=y
+UCLIBC_HAS_FNMATCH=y
+UCLIBC_HAS_FNMATCH_OLD=y
+UCLIBC_HAS_WORDEXP=y
+UCLIBC_HAS_FTW=y
+UCLIBC_HAS_GLOB=y
+UCLIBC_HAS_GNU_GLOB=y
+
+#
+# Library Installation Options
+#
+SHARED_LIB_LOADER_PREFIX="/lib"
+RUNTIME_PREFIX="/"
+DEVEL_PREFIX="/usr"
+
+#
+# Security options
+#
+UCLIBC_BUILD_PIE=y
+UCLIBC_HAS_ARC4RANDOM=y
+# HAVE_NO_SSP is not set
+UCLIBC_HAS_SSP=y
+UCLIBC_HAS_SSP_COMPAT=y
+# SSP_QUICK_CANARY is not set
+# PROPOLICE_BLOCK_ABRT is not set
+PROPOLICE_BLOCK_SEGV=y
+UCLIBC_BUILD_SSP=y
+UCLIBC_BUILD_RELRO=y
+UCLIBC_BUILD_NOW=y
+UCLIBC_BUILD_NOEXECSTACK=y
+
+#
+# uClibc development/debugging options
+#
+CROSS_COMPILER_PREFIX=""
+UCLIBC_EXTRA_CFLAGS=""
+# DODEBUG is not set
+# DOSTRIP is not set
+# DOASSERTS is not set
+# SUPPORT_LD_DEBUG is not set
+# SUPPORT_LD_DEBUG_EARLY is not set
+# UCLIBC_MALLOC_DEBUGGING is not set
+WARNINGS="-Wall"
+# EXTRA_WARNINGS is not set
+# DOMULTI is not set
+# UCLIBC_MJN3_ONLY is not set
diff --git a/main/udev/APKBUILD b/main/udev/APKBUILD
new file mode 100644
index 0000000000..d25b5faa49
--- /dev/null
+++ b/main/udev/APKBUILD
@@ -0,0 +1,41 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=udev
+pkgver=142
+pkgrel=0
+pkgdesc="The userspace dev tools (udev)"
+url="http://www.kernel.org/pub/linux/utils/kernel/hotplug/udev.html"
+license="GPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends="uclibc"
+makedepends=""
+install=
+source="http://www.kernel.org/pub/linux/utils/kernel/hotplug/$pkgname-$pkgver.tar.bz2
+	write_root_link_rule
+	move_tmp_persistent_rules.sh
+	udev-mount.initd
+	udev-postmount.initd
+	udev.initd"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--exec-prefix="" \
+		--with-libdir-name=/lib
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	chmod +x "$pkgdir"/lib/udev/write_*_rules
+	for _i in write_root_link_rule move_tmp_persistent_rules.sh; do
+		install -Dm755 ../$_i "$pkgdir"/lib/udev/$_i
+	done
+	for _i in udev udev-mount udev-postmount; do
+		install -Dm755 ../$_i.initd "$pkgdir"/etc/init.d/$_i
+	done
+}
+md5sums="3edc4cf383dccb06d866c5156d59ddd5  udev-142.tar.bz2
+c9de7581099cdfdcd105666cd98a0f0a  write_root_link_rule
+7bf11e11519117f743483c73e0767750  move_tmp_persistent_rules.sh
+12760065a66ccbddc9e3a86a6cd2231c  udev-mount.initd
+bffb42859ca508cfe1d9fa0a169ba810  udev-postmount.initd
+e913f8f122e8879252d2a05de7dd7499  udev.initd"
diff --git a/main/udev/move_tmp_persistent_rules.sh b/main/udev/move_tmp_persistent_rules.sh
new file mode 100755
index 0000000000..1a0259798b
--- /dev/null
+++ b/main/udev/move_tmp_persistent_rules.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+. /etc/init.d/functions.sh
+
+# store persistent-rules that got created while booting
+# when / was still read-only
+store_persistent_rules() {
+	local file dest
+
+	for file in /dev/.udev/tmp-rules--*; do
+		dest=${file##*tmp-rules--}
+		[ "$dest" = '*' ] && break
+		type=${dest##70-persistent-}
+		type=${type%%.rules}
+		ebegin "Saving udev persistent ${type} rules to /etc/udev/rules.d"
+		cat "$file" >> /etc/udev/rules.d/"$dest" && rm -f "$file"
+		eend $? "Failed moving persistent rules!"
+	done
+}
+
+store_persistent_rules
+
+# vim:ts=4
diff --git a/main/udev/udev-mount.initd b/main/udev/udev-mount.initd
new file mode 100755
index 0000000000..839565a5ba
--- /dev/null
+++ b/main/udev/udev-mount.initd
@@ -0,0 +1,83 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Mount tmpfs on /dev"
+[ -e /etc/conf.d/udev ] && . /etc/conf.d/udev
+
+mount_dev_directory()
+{
+	# No options are processed here as they should all be in /etc/fstab
+	ebegin "Mounting /dev"
+	if fstabinfo --quiet /dev; then
+		mount -n /dev
+	else
+		# Some devices require exec, Bug #92921
+		mount -n -t tmpfs -o "exec,nosuid,mode=0755,size=10M" udev /dev
+	fi
+	eend $?
+}
+
+seed_dev()
+{
+	# Seed /dev with some things that we know we need
+
+	# creating /dev/console, /dev/tty and /dev/tty1 to be able to write
+	# to $CONSOLE with/without bootsplash before udevd creates it
+	[ -c /dev/console ] || mknod -m 600 /dev/console c 5 1
+	[ -c /dev/tty1 ] || mknod -m 620 /dev/tty1 c 4 1
+	[ -c /dev/tty ] || mknod -m 666 /dev/tty c 5 0
+
+	# udevd will dup its stdin/stdout/stderr to /dev/null
+	# and we do not want a file which gets buffered in ram
+	[ -c /dev/null ] || mknod -m 666 /dev/null c 1 3
+
+	# so udev can add its start-message to dmesg
+	[ -c /dev/kmsg ] || mknod -m 660 /dev/kmsg c 1 11
+
+	# copy over any persistant things
+	if [ -d /lib/udev/devices ]; then
+		cp -RPp /lib/udev/devices/* /dev 2>/dev/null
+	fi
+
+	# Not provided by sysfs but needed
+	ln -snf /proc/self/fd /dev/fd
+	ln -snf fd/0 /dev/stdin
+	ln -snf fd/1 /dev/stdout
+	ln -snf fd/2 /dev/stderr
+	[ -e /proc/kcore ] && ln -snf /proc/kcore /dev/core
+
+	# Create problematic directories
+	mkdir -p /dev/pts /dev/shm
+	return 0
+}
+
+
+start()
+{
+	# do not run this on too old baselayout - udev-addon is already loaded!
+	if [ ! -f /etc/init.d/sysfs ]; then
+		eerror "The $SVCNAME init-script is written for baselayout-2!"
+		eerror "Please do not use it with baselayout-1!".
+		return 1
+	fi
+
+	_start
+}
+
+_start()
+{
+	mount_dev_directory || return 1
+
+	# Selinux lovin; /selinux should be mounted by selinux-patched init
+	if [ -x /sbin/restorecon -a -c /selinux/null ]; then
+		restorecon /dev > /selinux/null
+	fi
+
+	# make sure it exists
+	mkdir -p /dev/.udev
+	
+	seed_dev
+
+	return 0
+}
diff --git a/main/udev/udev-postmount.initd b/main/udev/udev-postmount.initd
new file mode 100755
index 0000000000..96beb845bb
--- /dev/null
+++ b/main/udev/udev-postmount.initd
@@ -0,0 +1,31 @@
+#!/sbin/runscript
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-fs/udev/files/136/udev-postmount.initd,v 1.3 2009/02/23 16:30:53 zzam Exp $
+
+depend() {
+	need localmount
+}
+
+dir_writeable()
+{
+        mkdir "$1"/.test.$$ 2>/dev/null && rmdir "$1"/.test.$$
+}
+
+start() {
+	# check if this system uses udev
+	[ -d /dev/.udev/ ] || return 0
+
+	# only continue if rules-directory is writable
+	dir_writeable /etc/udev/rules.d || return 0
+
+	# store persistent-rules that got created while booting
+	# when / was still read-only
+	/lib/udev/move_tmp_persistent_rules.sh
+}
+
+stop() {
+	:
+}
+
+# vim:ts=4
diff --git a/main/udev/udev-start.sh b/main/udev/udev-start.sh
new file mode 100644
index 0000000000..87c3a6ac93
--- /dev/null
+++ b/main/udev/udev-start.sh
@@ -0,0 +1,51 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+[ -e /etc/conf.d/udev ] && . /etc/conf.d/udev
+
+compat_volume_nodes()
+{
+	# Only do this for baselayout-1*
+	# This check is likely to get false positives due to some multilib stuff,
+	# but that should not matter, as this can only happen on old openrc versions
+	# no longer available as ebuilds.
+	if [ ! -e /lib/librc.so ]; then
+
+		# Create nodes that udev can't
+		[ -x /sbin/lvm ] && \
+			/sbin/lvm vgscan -P --mknodes --ignorelockingfailure &>/dev/null
+		# Running evms_activate on a LiveCD causes lots of headaches
+		[ -z "${CDBOOT}" -a -x /sbin/evms_activate ] && \
+			/sbin/evms_activate -q &>/dev/null
+	fi
+}
+
+start_initd()
+{
+	(
+		. /etc/init.d/"$1"
+		_start
+	)
+}
+
+# mount tmpfs on /dev
+start_initd udev-mount || exit 1
+
+# Create a file so that our rc system knows it's still in sysinit.
+# Existance means init scripts will not directly run.
+# rc will remove the file when done with sysinit.
+# this is no longer needed as of openrc-0.4.0
+touch /dev/.rcsysinit
+
+# load device tarball
+start_initd udev-dev-tarball
+
+# run udevd
+start_initd udev || exit 1
+
+compat_volume_nodes
+
+# inject into boot runlevel
+IN_HOTPLUG=1 /etc/init.d/udev-postmount start >/dev/null 2>&1
+
+# udev started successfully
diff --git a/main/udev/udev.initd b/main/udev/udev.initd
new file mode 100755
index 0000000000..26774ab4ac
--- /dev/null
+++ b/main/udev/udev.initd
@@ -0,0 +1,239 @@
+#!/sbin/runscript
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+description="Run udevd and create the device-nodes"
+
+[ -e /etc/udev/udev.conf ] && . /etc/udev/udev.conf
+
+rc_coldplug=${rc_coldplug:-${RC_COLDPLUG:-YES}}
+
+depend()
+{
+	provide dev
+	if yesno "${rc_device_tarball:-no}"; then
+		need sysfs udev-mount udev-dev-tarball
+	else
+		need sysfs udev-mount
+	fi
+	before checkfs fsck
+
+	# udev does not work inside vservers
+	keyword novserver
+}
+
+cleanup()
+{
+	# fail more gracely and not leave udevd running
+	start-stop-daemon --stop --exec /sbin/udevd
+	exit 1
+}
+
+disable_hotplug_agent()
+{
+	if [ -e /proc/sys/kernel/hotplug ]; then
+		echo "" >/proc/sys/kernel/hotplug
+	fi
+}
+
+root_link()
+{
+	/lib/udev/write_root_link_rule
+}
+
+rules_disable_switch()
+{
+	# this function disables rules files
+	# by creating new files with the same name
+	# in a temp rules directory with higher priority
+	local d=/dev/.udev/rules.d bname="$1" onoff="$2"
+
+	if yesno "${onoff}"; then
+		mkdir -p "$d"
+		echo "# This file disables ${bname} due to /etc/conf.d/udev" \
+			> "${d}/${bname}"
+	else
+		rm -f "${d}/${bname}"
+	fi
+}
+
+start_udevd()
+{
+	# load unix domain sockets if built as module, Bug #221253
+	if [ -e /proc/modules ] ; then
+		modprobe -q unix 2>/dev/null
+	fi
+	ebegin "Starting udevd"
+	start-stop-daemon --start --exec /sbin/udevd -- --daemon
+	eend $?
+}
+
+# populate /dev with devices already found by the kernel
+populate_dev()
+{
+	if get_bootparam "nocoldplug" ; then
+		rc_coldplug="NO"
+		ewarn "Skipping udev coldplug as requested in kernel cmdline"
+	fi
+
+	ebegin "Populating /dev with existing devices through uevents"
+	if yesno "${rc_coldplug}"; then
+		udevadm trigger
+	else
+		# Do not run any init-scripts, Bug #206518
+		udevadm control --env do_not_run_plug_service=1
+
+		# only create device nodes
+		udevadm trigger --attr-match=dev
+
+		# run persistent-net stuff, bug 191466
+		udevadm trigger --subsystem-match=net
+	fi
+	eend $?
+
+	ebegin "Waiting for uevents to be processed"
+	udevadm settle --timeout=${udev_settle_timeout:-60}
+	eend $?
+
+	udevadm control --env do_not_run_plug_service=
+	return 0
+}
+
+# for debugging
+start_udevmonitor()
+{
+	yesno "${udev_monitor:-no}" || return 0
+
+	udevmonitor_log=/dev/.udev/udevmonitor.log
+	udevmonitor_pid=/dev/.udev/udevmonitor.pid
+
+	einfo "udev: Running udevadm monitor ${udev_monitor_opts} to get a log of all events"
+	start-stop-daemon --start --stdout "${udevmonitor_log}" \
+		--make-pidfile --pidfile "${udevmonitor_pid}" \
+		--background --exec /sbin/udevadm -- monitor ${udev_monitor_opts}
+}
+
+stop_udevmonitor()
+{
+	yesno "${udev_monitor:-no}" || return 0
+
+	if yesno "${udev_monitor_keep_running:-no}"; then
+		ewarn "udev: udevmonitor is still running and writing into ${udevmonitor_log}"
+	else
+		einfo "udev: Stopping udevmonitor: Log is in ${udevmonitor_log}"
+		start-stop-daemon --stop --pidfile "${udevmonitor_pid}" --exec /sbin/udevadm
+	fi
+}
+
+display_hotplugged_services() {
+	local svcfile= svc= services=
+	for svcfile in "${RC_SVCDIR}"/hotplugged/*; do
+		svc="${svcfile##*/}"
+		[ -x "${svcfile}" ] || continue
+
+		# do not display this - better: do only inject it later :)
+		[ "$svc" = "udev-postmount" ] && continue
+
+		services="${services} ${svc}"
+	done
+	[ -n "${services}" ] && einfo "Device initiated services:${HILITE}${services}${NORMAL}"
+}
+
+inject_postmount_initd() {
+	if ! mark_service_hotplugged udev-postmount; then
+		IN_HOTPLUG=1 /etc/init.d/udev-postmount start >/dev/null 2>&1
+	fi
+	#einfo "Injected udev-postmount service"
+}
+
+check_persistent_net()
+{
+	# check if there are problems with persistent-net
+	local syspath= devs= problem=false
+	for syspath in /sys/class/net/*_rename*; do
+		if [ -d "${syspath}" ]; then
+			devs="${devs} ${syspath##*/}"
+			problem=true
+		fi
+	done
+
+	${problem} || return 0
+
+	eerror "UDEV: Your system has a problem assigning persistent names"
+	eerror "to these network interfaces: ${devs}"
+
+	einfo "Checking persistent-net rules:"
+	# the sed-expression lists all duplicate lines
+	# from the input, like "uniq -d" does, but uniq
+	# is installed into /usr/bin and not available at boot.
+	dups=$(
+	RULES_FILE='/etc/udev/rules.d/70-persistent-net.rules'
+	. /lib/udev/rule_generator.functions
+	find_all_rules 'NAME=' '.*' | \
+	tr ' ' '\n' | \
+	sort | \
+	sed '$!N; s/^\(.*\)\n\1$/\1/; t; D'
+	)
+	if [ -n "${dups}" ]; then
+		ewarn "The rules create multiple entries assigning these names:"
+		eindent
+		ewarn "${dups}"
+		eoutdent
+	else
+		ewarn "Found no duplicate names in persistent-net rules,"
+		ewarn "there must be some other problem!"
+	fi
+	return 1
+}
+
+check_udev_works()
+{
+	# should exist on every system, else udev failed
+	if [ ! -e /dev/zero ]; then
+		eerror "Assuming udev failed somewhere, as /dev/zero does not exist."
+		return 1
+	fi
+	return 0
+}
+
+start()
+{
+	# do not run this on old baselayout where udev-addon gets loaded
+	if [ ! -f /etc/init.d/sysfs ]; then
+		eerror "The $SVCNAME init-script is written for baselayout-2!"
+		eerror "Please do not use it with baselayout-1!".
+		return 1
+	fi
+
+	_start
+	
+	display_hotplugged_services
+
+	inject_postmount_initd
+}
+
+_start()
+{
+	root_link
+	rules_disable_switch 75-persistent-net-generator.rules "${persistent_net_disable:-no}"
+	rules_disable_switch 75-cd-aliases-generator.rules ${persistent_cd_disable:-no}
+	
+	disable_hotplug_agent
+	start_udevd || cleanup
+	start_udevmonitor
+	populate_dev || cleanup
+
+	check_persistent_net
+
+	check_udev_works || cleanup
+	stop_udevmonitor
+
+	return 0
+}
+
+stop() {
+	ebegin "Stopping udevd"
+	start-stop-daemon --stop --exec /sbin/udevd
+	eend $?
+}
+
diff --git a/main/udev/write_root_link_rule b/main/udev/write_root_link_rule
new file mode 100755
index 0000000000..8eaea11769
--- /dev/null
+++ b/main/udev/write_root_link_rule
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# This script should run before doing udevtrigger at boot.
+# It will create a rule matching the device directory / is on, and
+# creating /dev/root symlink pointing on its device node.
+#
+# This is especially useful for hal looking at /proc/mounts containing
+# a line listing /dev/root as device:
+#   /dev/root / reiserfs rw 0 0
+# 
+# This program is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation version 2 of the License.
+#
+# (c) 2007-2008 Matthias Schwarzott <zzam@gentoo.org>
+
+eval $(udevadm info --export --export-prefix="ROOT_" --device-id-of-file=/)
+
+[ $? = 0 ] || exit 0
+[ "$ROOT_MAJOR" = 0 ] && exit 0
+
+DIR=/dev/.udev/rules.d
+[ -d "$DIR" ] || mkdir -p "$DIR"
+RULES=$DIR/10-root-link.rules
+
+echo "# Created by /lib/udev/write_root_link_rule" > "${RULES}"
+echo "# This rule should create /dev/root as link to real root device." >> "${RULES}"
+echo "SUBSYSTEM==\"block\", ENV{MAJOR}==\"$ROOT_MAJOR\", ENV{MINOR}==\"$ROOT_MINOR\", SYMLINK+=\"root\"" >> "${RULES}"
+
diff --git a/main/uiconv/APKBUILD b/main/uiconv/APKBUILD
new file mode 100644
index 0000000000..3814bb5656
--- /dev/null
+++ b/main/uiconv/APKBUILD
@@ -0,0 +1,17 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=uiconv
+pkgver=0.3
+pkgrel=0
+pkgdesc="Micro iconv implementation"
+url="http://git.alpinelinux.org/cgit/uiconv"
+license="GPL"
+depends="uclibc"
+source="http://git.alpinelinux.org/cgit/$pkgname/snapshots/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	make || return 1
+	make DESTDIR="$pkgdir" PREFIX=/usr/uiconv install
+}
+
+md5sums="5cd7f80085324d08cb976fec674cd98d  uiconv-0.3.tar.bz2"
diff --git a/main/unarj/APKBUILD b/main/unarj/APKBUILD
new file mode 100644
index 0000000000..b2e0c72607
--- /dev/null
+++ b/main/unarj/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Leonardo Arena <rnalrd@gmail.com>
+pkgname=unarj
+pkgver=2.63a
+pkgrel=0
+pkgdesc="Extracting, testing and  viewing the contents of archives created with the ARJ archiver"
+url="http://www.arjsoftware.com"
+license="custom"
+subpackages=""
+depends="uclibc"
+makedepends=""
+install=
+source="http://ibiblio.org/pub/Linux/utils/compress/$pkgname-$pkgver.tar.gz"
+
+build ()
+{
+	cd "$srcdir"/${pkgname}-${pkgver}
+	make || return 1
+	install -D -m755 unarj $pkgdir/usr/bin/unarj || return 1
+	#install -D -m644 ../LICENSE ${pkgdir}/usr/share/licenses/${pkgname}/LICENSE
+}
+
+md5sums="a83d139c245f911f22cb1b611ec9768f  unarj-2.63a.tar.gz"
diff --git a/main/unfs3/APKBUILD b/main/unfs3/APKBUILD
new file mode 100644
index 0000000000..28de301571
--- /dev/null
+++ b/main/unfs3/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=unfs3
+pkgver=0.9.22
+pkgrel=0
+pkgdesc="a user-space implementation of the NFSv3 server specification"
+url="http://unfs3.sourceforge.net/"
+license='GPL'
+depends="uclibc"
+makedepends="flex"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-doc"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man
+	make -j1 || return 1
+	make DESTDIR="$pkgdir/" install
+}
+
+md5sums="ddf679a5d4d80096a59f3affc64f16e5  unfs3-0.9.22.tar.gz"
diff --git a/main/unixodbc/APKBUILD b/main/unixodbc/APKBUILD
new file mode 100644
index 0000000000..cd72a16537
--- /dev/null
+++ b/main/unixodbc/APKBUILD
@@ -0,0 +1,27 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=unixodbc
+pkgver=2.2.14
+pkgrel=0
+pkgdesc="ODBC is an open specification to access Data Sources"
+url="http://www.unixodbc.org/"
+license="GPL2"
+depends="readline"
+makedepends="readline-dev"
+subpackages="$pkgname-dev"
+source="http://www.unixodbc.org/unixODBC-${pkgver}.tar.gz"
+
+build() {
+	cd "$srcdir/unixODBC-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--enable-gui=no
+	make || return 1
+	make -j1 DESTDIR="$pkgdir" install
+
+}
+
+md5sums="f47c2efb28618ecf5f33319140a7acd0  unixODBC-2.2.14.tar.gz"
diff --git a/main/unrar/APKBUILD b/main/unrar/APKBUILD
new file mode 100644
index 0000000000..67f33fac05
--- /dev/null
+++ b/main/unrar/APKBUILD
@@ -0,0 +1,26 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=unrar
+pkgver=3.9.4
+pkgrel=0
+pkgdesc="The RAR uncompression program"
+url="http://www.rarlab.com"
+license="GPL"
+depends=
+makedepends="uclibc++-dev"
+subpackages="$pkgname-doc"
+source="http://www.rarlab.com/rar/unrarsrc-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname"
+
+	export CXX=g++-uc
+
+	make -f makefile.unix || return 1
+	install -Dm755 unrar "$pkgdir"/usr/bin/unrar
+
+	install -Dm644 license.txt "$pkgdir/usr/share/licenses/$pkgname/license.txt"
+
+}
+
+md5sums="1800a2242911fc118f6a2b084d0c22c1  unrarsrc-3.9.4.tar.gz"
diff --git a/main/usbutils/APKBUILD b/main/usbutils/APKBUILD
new file mode 100644
index 0000000000..7dc7905c30
--- /dev/null
+++ b/main/usbutils/APKBUILD
@@ -0,0 +1,24 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=usbutils
+pkgver=0.82
+pkgrel=1
+pkgdesc="USB Device Utilities"
+url="http://linux-usb.sourceforge.net/"
+license="GPL"
+subpackags="$pkgname-doc"
+depends=
+makedepends="pkgconfig libusb-compat-dev"
+source="http://downloads.sourceforge.net/sourceforge/linux-usb/$pkgname-$pkgver.tar.gz"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname-$pkgver
+	rm usb.ids
+	wget http://www.linux-usb.org/usb.ids
+	./configure --prefix=/usr \
+		--datadir=/usr/share/hwdata \
+		--disable-zlib
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+md5sums="6e393cc7423b5d228fa3d34c21481ae4  usbutils-0.82.tar.gz"
diff --git a/main/v86d/APKBUILD b/main/v86d/APKBUILD
new file mode 100644
index 0000000000..8bcdcf6181
--- /dev/null
+++ b/main/v86d/APKBUILD
@@ -0,0 +1,21 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=v86d
+pkgver=0.1.9
+pkgdesc="userspace helper for uvesafb that runs x86 code in an emulated environment"
+url="http://dev.gentoo.org/~spock/projects/uvesafb/"
+license="GPL2"
+depends="uclibc"
+makedepends="bash"
+source="http://dev.gentoo.org/~spock/projects/uvesafb/archive/$pkgname-$pkgver.tar.bz2
+	modprobe.uvesafb"
+
+build () 
+{ 
+	cd "$srcdir"/v86d-$pkgver
+	./configure --with-x86emu
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+	install -D -m644 "$srcdir"/modprobe.uvesafb "$pkgdir"/etc/modprobe.d/uvesafb || return 1
+}
+md5sums="ebbbc8e7013c9544b6ba6981add43831  v86d-0.1.9.tar.bz2
+2d7cc8dc6a41916a13869212d0191147  modprobe.uvesafb"
diff --git a/main/v86d/modprobe.uvesafb b/main/v86d/modprobe.uvesafb
new file mode 100644
index 0000000000..5e46e10883
--- /dev/null
+++ b/main/v86d/modprobe.uvesafb
@@ -0,0 +1,10 @@
+#
+# This file sets the parameters for uvesafb module.
+# The following format should be used:
+# options uvesafb mode=<xres>x<yres>[-<bpp>][@<refresh>] scroll=<ywrap|ypan|redraw> ...
+#
+# For more details see:
+# http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=blob;f=Documentation/fb/uvesafb.txt
+#
+ 
+options uvesafb mode_option=1024x768-32 scroll=ywrap
diff --git a/main/vala/APKBUILD b/main/vala/APKBUILD
new file mode 100644
index 0000000000..1a03977a05
--- /dev/null
+++ b/main/vala/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=vala
+pkgver=0.7.4
+pkgrel=0
+pkgdesc="Compiler for the GObject type system"
+url="http://live.gnome.org/Vala"
+license="LGPL"
+subpackages="$pkgname-doc"
+depends="glib-dev"
+makedepends="libxslt-dev bash glib-dev flex bison"
+source="http://ftp.gnome.org/pub/gnome/sources/$pkgname/0.7/$pkgname-$pkgver.tar.gz"
+
+build ()
+{
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--enable-vapigen || return 1
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+}
+
+md5sums="6ca0017be63244aff4d62d5f51f4b31a  vala-0.7.4.tar.gz"
diff --git a/main/valgrind/APKBUILD b/main/valgrind/APKBUILD
new file mode 100644
index 0000000000..dcba298373
--- /dev/null
+++ b/main/valgrind/APKBUILD
@@ -0,0 +1,55 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=valgrind
+pkgver=3.4.1
+pkgrel=1
+pkgdesc="A tool to help find memory-management problems in programs"
+url="http://valgrind.org/"
+license="GPL"
+depends="uclibc"
+# it seems like busybox sed works but the configure script requires GNU sed
+makedepends="sed paxctl pax-utils"
+# from README_PACKAGERS:
+#   Don't strip the debug info off lib/valgrind/$platform/vgpreload*.so
+#   in the installation tree.  Either Valgrind won't work at all, or it
+#   will still work if you do, but will generate less helpful error
+#   messages. 
+options="!strip"
+subpackages="$pkgname-dev $pkgname-doc"
+source="http://$pkgname.org/downloads/$pkgname-$pkgver.tar.bz2
+	$pkgname-3.4.0-uclibc.patch
+	"
+
+build() {
+	local i
+	cd "$srcdir/$pkgname-$pkgver"
+	for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p1 < $i || return 1
+	done
+
+	# make sure our CFLAGS are respected
+	sed -e 's:^CFLAGS="-Wno-long-long":CFLAGS="$CFLAGS -Wno-long-long -fno-stack-protector":' \
+		-i configure.in
+
+	./configure --prefix=/usr \
+		 --without-mpicc \
+		--mandir=/usr/share/man || return 1
+
+	make || return 1
+	make DESTDIR="$pkgdir" install || return 1
+
+	# we have options=!strip above so we strip the /usr/bin/* manually
+	strip "$pkgdir"/usr/bin/valgrind \
+		"$pkgdir"/usr/bin/no_op_client_for_valgrind \
+		"$pkgdir"/usr/bin/valgrind-listener \
+		"$pkgdir"/usr/bin/cg_merge 
+
+	# pax causes some issues
+	# http://marc.info/?l=gentoo-hardened&m=119512627126298&w=2
+	scanelf "$pkgdir"/usr/lib/valgrind/x86-linux \
+		| awk '$1 == "ET_EXEC" {print $2}' | xargs paxctl -c -m
+
+}
+
+md5sums="b5f039dd2271aaf9ae570ab4116f87c7  valgrind-3.4.1.tar.bz2
+37bc90d0783bc0f8ba5754c8407e3dcc  valgrind-3.4.0-uclibc.patch"
diff --git a/main/valgrind/valgrind-3.4.0-uclibc.patch b/main/valgrind/valgrind-3.4.0-uclibc.patch
new file mode 100644
index 0000000000..db6551996e
--- /dev/null
+++ b/main/valgrind/valgrind-3.4.0-uclibc.patch
@@ -0,0 +1,12 @@
+--- valgrind-3.4.0/drd/drd_pthread_intercepts.c.orig	Thu Jan 22 14:37:52 2009
++++ valgrind-3.4.0/drd/drd_pthread_intercepts.c	Thu Jan 22 14:38:12 2009
+@@ -122,9 +122,6 @@
+     /* PTHREAD_MUTEX_TIMED_NP */
+     /* PTHREAD_MUTEX_NORMAL */
+   case PTHREAD_MUTEX_DEFAULT:
+-#if defined(HAVE_PTHREAD_MUTEX_ADAPTIVE_NP)
+-  case PTHREAD_MUTEX_ADAPTIVE_NP:
+-#endif
+     return mutex_type_default_mutex;
+   }
+   return mutex_type_invalid_mutex;
diff --git a/main/vim/APKBUILD b/main/vim/APKBUILD
new file mode 100644
index 0000000000..3dee6bda28
--- /dev/null
+++ b/main/vim/APKBUILD
@@ -0,0 +1,519 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=vim
+_srcver=7.2
+_patchver=234
+pkgver=$_srcver.$_patchver
+pkgrel=0
+pkgdesc="advanced text editor"
+url="http://www.vim.org"
+license='GPL'
+depends="ncurses-terminfo"
+makedepends="ncurses-dev"
+subpackages="$pkgname-doc"
+
+# use "abuild patchlist >> APKBUILD" to generate the list of patches
+source="ftp://ftp.vim.org/pub/vim/unix/vim-7.2.tar.bz2
+	ftp://ftp.vim.org/pub/vim/extra/vim-7.2-extra.tar.gz
+	vimrc
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.001
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.002
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.003
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.004
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.005
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.006
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.007
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.008
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.009
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.010
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.011
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.012
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.013
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.014
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.015
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.016
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.017
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.018
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.019
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.020
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.021
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.022
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.023
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.024
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.025
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.026
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.027
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.028
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.029
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.030
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.031
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.032
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.033
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.034
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.035
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.036
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.037
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.038
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.039
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.040
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.041
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.042
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.043
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.044
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.045
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.046
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.047
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.048
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.049
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.050
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.051
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.052
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.053
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.054
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.055
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.056
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.057
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.058
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.059
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.060
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.061
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.062
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.063
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.064
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.065
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.066
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.067
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.068
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.069
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.070
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.071
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.072
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.073
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.074
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.075
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.076
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.077
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.078
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.079
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.080
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.081
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.082
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.083
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.084
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.085
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.086
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.087
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.088
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.089
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.090
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.091
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.092
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.093
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.094
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.095
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.096
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.097
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.098
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.099
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.100
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.101
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.102
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.103
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.104
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.105
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.106
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.107
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.108
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.109
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.110
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.111
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.112
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.113
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.114
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.115
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.116
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.117
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.118
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.119
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.120
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.121
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.122
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.123
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.124
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.125
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.126
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.127
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.128
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.129
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.130
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.131
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.132
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.133
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.134
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.135
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.136
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.137
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.138
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.139
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.140
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.141
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.142
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.143
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.144
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.145
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.146
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.147
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.148
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.149
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.150
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.151
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.152
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.153
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.154
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.155
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.156
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.157
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.158
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.159
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.160
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.161
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.162
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.163
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.164
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.165
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.166
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.167
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.168
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.169
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.170
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.171
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.172
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.173
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.174
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.175
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.176
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.177
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.178
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.179
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.180
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.181
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.182
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.183
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.184
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.185
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.186
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.187
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.188
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.189
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.190
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.191
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.192
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.193
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.194
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.195
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.196
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.197
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.198
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.199
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.200
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.201
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.202
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.203
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.204
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.205
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.206
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.207
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.208
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.209
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.210
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.211
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.212
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.213
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.214
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.215
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.216
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.217
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.218
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.219
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.220
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.221
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.222
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.223
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.224
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.225
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.226
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.227
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.228
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.229
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.230
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.231
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.232
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.233
+	ftp://ftp.vim.org/pub/vim/patches/7.2/7.2.234
+	"
+
+# this generates the patches list
+patchlist() {
+	local i j
+	for i in $(seq 1 $_patchver); do
+		local v=$(printf "%0.3i" $i)
+		echo -e "\tftp://ftp.vim.org/pub/vim/patches/7.2/$_srcver.$v"
+	done
+}
+
+build() {
+	local i
+	cd "$srcdir/${pkgname}72"
+
+	for i in ../"$_srcver".* ; do
+		msg "Applying ${i##*/}"
+		patch -p0 < $i || return 1
+	done
+
+	# Read vimrc from /etc/vim
+        echo '#define SYS_VIMRC_FILE "/etc/vim/vimrc"' >> src/feature.h
+
+	./configure --prefix=/usr \
+		--without-x \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir/" install
+	install -D "$srcdir"/vimrc "$pkgdir"/etc/vim/vimrc
+}
+
+md5sums="f0901284b338e448bfd79ccca0041254  vim-7.2.tar.bz2
+35e04482f07c57221c9a751aaa3b8dac  vim-7.2-extra.tar.gz
+7c2dc4a956cf315e546e347bc349968c  7.2.001
+7f16f80814f1e071a689806c2056b39d  7.2.002
+0de916fdfd450a4a0d95bed44ae2c398  7.2.003
+25cc99ad42b25b16a4610e2fad9cdab4  7.2.004
+a5b7b1c7c5b75aa7d730b0b9aa491558  7.2.005
+a93a72cd40c37da91dc634dc8dddefec  7.2.006
+c2b2b63dea27ddad92668e63797406c5  7.2.007
+e65c8c2223eea5289d8cbef2e867a5de  7.2.008
+ab1566b69bd0e0c82a866f00675ffe0e  7.2.009
+d69f559bfb5436c157e8069a829ca50d  7.2.010
+05334a6bb31402bfd49d82ea6f59a57b  7.2.011
+a11dcd5552f36544a9e27978b5359935  7.2.012
+8bc70978291aadea9c82072b623c955d  7.2.013
+a87826187cb77ad2e567a40c1609eea4  7.2.014
+47a466fbfdbca616f519fc4afa0432df  7.2.015
+fd08bac73d7ffcabf53bd25a63dff893  7.2.016
+0f0284d87f6f52101802dbe1a45d54c3  7.2.017
+38d06ba325b716c1177c1012d781bada  7.2.018
+661ca021fb70c24ef4df229512cfb14b  7.2.019
+cb2c5ca0f9a9718fb635874925432dd8  7.2.020
+9073d2311ae7101c143237a45afb4efa  7.2.021
+48ccb0deec77a3bb91bf967dacb43492  7.2.022
+d77ed8aa4de30d4dbd17a7998ae8f269  7.2.023
+cf983237e5e866ef459870fee2754bac  7.2.024
+ab32defa4b2cfb509ccb34d4858b1223  7.2.025
+5e96c227c7765b1e0f03f44cb5b750f6  7.2.026
+f26b7ee0f271eacbb3652dbdf92dd860  7.2.027
+fc54a3d35bdc7b7a7660c6d2274f7b74  7.2.028
+d53630dc8f3a823f54dfba73dcd47b36  7.2.029
+208f8ed2db2665ebfc17674f78d47c6d  7.2.030
+3387583af86faa78e10be979214071f3  7.2.031
+eca017686205ec8658bf9fa8c73f7af6  7.2.032
+88c91b84ffc772fd57f86475f7ba90f1  7.2.033
+c3d6eaaa0b74df423f90afaaafa3a0de  7.2.034
+f4c35dae581d671dc271407d377f7199  7.2.035
+0ae8b6ed636fc013e2fa6bdabc182041  7.2.036
+1c6501c366cc8df205955f3e4d3ebba9  7.2.037
+ed3479ddb4ded7b74c82af5e50b0e4a6  7.2.038
+2a61f28f6f793c5a43abded6e59b6506  7.2.039
+4c493255ae227498016f30a0002ec1cc  7.2.040
+66bde35426c09d9c666e23215f9a19c9  7.2.041
+99baedef8a9c908774b7ed74deacf184  7.2.042
+87035b208c9377c28d796b1e48ab8aac  7.2.043
+b127def242996b4e7d7e870cab3e4b45  7.2.044
+5233327e4c97d310e3793b223892ea8d  7.2.045
+9ecfa0454f5a329996b273cb12369962  7.2.046
+35e16f4e7198e861a71322fee2cb7909  7.2.047
+84ef9658181f49bfbd7a61ec87dd0b8d  7.2.048
+fc9b65eef81954f6006c307ff11be925  7.2.049
+27a9700e39e266a31df702677acea52c  7.2.050
+89ce3f5b513510fb288a4a301e7494c7  7.2.051
+5992bb56b07a9b9b4e3504f1f2f2c79c  7.2.052
+3fe570c1317fee8a71ede17197358e02  7.2.053
+5b047e8e8413c4807d74a6d9716474a2  7.2.054
+c276080d95de2fafa9706f247c35ff74  7.2.055
+5b65e2654a78dcc4c15dc49dbce5418e  7.2.056
+cab5a9ddf0ab180089d84bf9ec685574  7.2.057
+80991ff846f88222e3266dab6b07e2b8  7.2.058
+89cede639caf8beed5ea071790445e26  7.2.059
+9781d833263060308a9622dd097ad378  7.2.060
+71b4bc625bc1cdd68747262d329db551  7.2.061
+9243a773d19966dbfd98b7aff3fe3ab7  7.2.062
+08155711f8db2dfce217ec5a34253a76  7.2.063
+fd692f9624ec0170800b3d9a2a9a53cb  7.2.064
+ee1a8dc311c7580608e3bd2196a7d042  7.2.065
+8d1d5f8aefabf0abcb54de5247893246  7.2.066
+fa0ccca2decdd2db64947658b04b8c99  7.2.067
+ca5ab057205023613020ca920d903028  7.2.068
+f3e6f3dd76278a9f7e396955faa4ca31  7.2.069
+805cdc76da46e73ae908038e09efae16  7.2.070
+9224b5e9c85fa4d47d418c248aff542e  7.2.071
+ab9250d36651dde9267d1241cac9fb74  7.2.072
+0d77ee653eabe4b7fdb640d768d7c1be  7.2.073
+5b0a423e9f3ca07e5c62d4f0f5803a5c  7.2.074
+d7eccf57f8fc04cf0385f85eff3d989a  7.2.075
+99750c988d0c48f56cb12a04b78aebc2  7.2.076
+1967f5e7fa4cec07bd67cc47925ec3c8  7.2.077
+7b285d2ba24fdd2390b4aaba08fcf5f6  7.2.078
+a3385578174d3867f17ab287276db49b  7.2.079
+ea45aa4d1a74989d361b2a29c1e9ff9b  7.2.080
+3bdf4ec7db7976876a827f2dfa269e89  7.2.081
+590c9aa51fcb808ece4b6b4bfaaaaf30  7.2.082
+2a10abc536f7a69ff3ef353b55b6cb65  7.2.083
+78defaaa03e61955f6624b796efb8655  7.2.084
+869116b3e92e944d40a3e03f9a99816f  7.2.085
+5af26f073ebeba60af90525d68a61725  7.2.086
+639d7a80864afe68132725e377f52f19  7.2.087
+44b152484534fa23c4ff531316a0e518  7.2.088
+990e6a23c4061df0dcc0ab84528a2e1a  7.2.089
+8985dcfe7df6b439e88554e22cf34919  7.2.090
+137faec139470453ca446c015c226e47  7.2.091
+e15782bf5892ad787d149491bfe013e7  7.2.092
+2198caf9e5f422eacde337e9c27677ab  7.2.093
+49ab5014904d459e54a667e1433b4bee  7.2.094
+ba21ee323426561e75ebff23090e4bdb  7.2.095
+7ffef4a30cdcd6d8426e44d3a25df991  7.2.096
+c7264031ad24af960d717189b344e244  7.2.097
+dc7b06bb5c5b11a3d487614287d99a6b  7.2.098
+656c12368934868f35747f3955366142  7.2.099
+15dacd715d6f8c655265bbf77ebaddd4  7.2.100
+65e59923311b136306284319521d70d7  7.2.101
+42e2274c6a3152279720d8623f7916ad  7.2.102
+654ba716e77d092c1c314fed18c7486d  7.2.103
+b839c2c957eb3bb7511ace0b61d5d5fe  7.2.104
+7f37ad0b1573be8bc39a817a21422a4e  7.2.105
+4801df8c2833a683cd1b2a5870565e41  7.2.106
+e6801b619d40efe81428399e26e0486f  7.2.107
+76f17428d216ec6b29036e22397c2765  7.2.108
+db97daa4f1e56440a988e7f5272997c7  7.2.109
+b8752c88429f869dec05232db89018e2  7.2.110
+e8cdc1e862b60215c12265e44b38239d  7.2.111
+e933dd778c6f8687cf1f9f3e550e6cc0  7.2.112
+861729d9d4dc422e45c22bd8e006fc32  7.2.113
+5da3a29b3184af1780a82499343e7587  7.2.114
+b35c7b1cfa2a5f7b45829cd09ac27b7a  7.2.115
+1355cc34fbc7be7eb48fa777e8f49dfb  7.2.116
+8b9c839ec7448691b0a88475f0d0d4f9  7.2.117
+74d97a563ec1b1f1606705097396c391  7.2.118
+2ddd84423b902a2b3594c64c567be0b4  7.2.119
+5394e442f011d47b6d69a7b03984cdf4  7.2.120
+6bdb5e63ca3d79d3dcb7127e14ae3949  7.2.121
+36554c0103cafc8759f3e71ccd56c56f  7.2.122
+841c74d1f3cb8380fa5713d5b9ca2c98  7.2.123
+2489ebcb72280dd50b8756e4ab7d36ed  7.2.124
+10b15d637133b73d825650363d863b58  7.2.125
+b31534667bb741e21479b1e3757c9e21  7.2.126
+71e87e78bea69d8876ff7f6d824c8986  7.2.127
+21da01d371757282bfd402ddd91005ba  7.2.128
+e890b630efa3847c8cdee2f197145b6c  7.2.129
+d3fe3bf37d5c0940f3e751f41d92e817  7.2.130
+3c2aaa22914d06a65bf0f212e43c3ace  7.2.131
+379aa718df5dbcde8215fc4d94062d9f  7.2.132
+6d51f9deb4c2604692f532c118b73ef8  7.2.133
+4acae77b2a217e1cb47040c08e28180d  7.2.134
+4d30bf2c9d2973f5dd1c12468123dc41  7.2.135
+f2ae8cc595933938ee608e040d1256a5  7.2.136
+c613c1e0fac319f05ffe1fa7e27d6600  7.2.137
+e7d02c3dea47fa579366bb1cd025ce5e  7.2.138
+04f7131164b3f46d6365a8faea0e32c6  7.2.139
+e1c0e4fbd985f5a2e5a24a4cfab1112c  7.2.140
+e5a9c7ef44a38057c0c5c1191d9cdf77  7.2.141
+f08f7f966749c2ef20ff87dfeb9bef62  7.2.142
+6b132dad3ad947662d1c370193a14218  7.2.143
+4e2a1d1cb12198a783759f88e6c64fc4  7.2.144
+38877e2ac720e45e5d62cd1089167db3  7.2.145
+cb97aca73a1f4fdd2fac894bba7e43ae  7.2.146
+4219afedebf0172118f2d078d9012995  7.2.147
+49ca89a47315f512c7ee06f5b2617a90  7.2.148
+9197a669e4ee024c1a9218e861e21c7e  7.2.149
+cbdf7ce960ad4646a8884e51bc7e037e  7.2.150
+56b24ce6e78e71c64d05fda51748b01c  7.2.151
+7c088583f063cd09d26f7291d9f5817b  7.2.152
+e966483b6755f4e7b2cd92708a8ff656  7.2.153
+27bcb5f1d5932ee7eaae40ba0a4eb968  7.2.154
+611ab5b97cd9d87a1be0a84e3006b17a  7.2.155
+27fb40dbdb85052a598be88f205484c6  7.2.156
+93a85a3606193b8875f0eba05dba3be3  7.2.157
+808ba7888bdfdf559366dfdf1446dab5  7.2.158
+08bd6d6db2e029beab84b32bf36494e0  7.2.159
+c07df493053267849115b579928a4dae  7.2.160
+e44297c9ed5928e55ca43b4e2b3509ce  7.2.161
+0d4768bd2395f3ebf3ebd7fa4979288c  7.2.162
+032f90bcee8f36ad7b77a17bb76719f0  7.2.163
+21341ed82eb080e590d15dd6368e8d78  7.2.164
+51de241d7d03200a7b3490f40256c633  7.2.165
+9c645166c92865d644fd232760b56494  7.2.166
+a29266c1573ff106366ebdbd460b17ce  7.2.167
+09105d79266562b6afe0179c07149738  7.2.168
+36d18f0e42f0c24722116cb823b52c8a  7.2.169
+a00979f910f29d5062faf15e8670735b  7.2.170
+439a415dab8a77790c7da1526da083f9  7.2.171
+3defcc24541cd3d62fda6cfb4af6ba4b  7.2.172
+5f16d8af9b11f44c8e104abc942152c2  7.2.173
+4949fe9f14ac4f7b2717ddb05968285c  7.2.174
+7462cd9ba69a7eb674aa8e5653fdad63  7.2.175
+4b5c77673b5d62f1a94e4d605e92d81e  7.2.176
+cde1647ab09a432c134d6fbae5ca15dc  7.2.177
+5a126dd404945088b61aaf9d8c2effaa  7.2.178
+a15fe587377fac500d0fae2b1c3adbbf  7.2.179
+d4db5a69da98dbda41429d66e339e515  7.2.180
+8b9dee3c4aeeb563cbff6f3cf0357675  7.2.181
+d5d50f1da385bee588348aaaa5bb2dd7  7.2.182
+77e46725488937910d1cf051760ad11d  7.2.183
+3bdbab52e0ac635962ce9983ef1d9f01  7.2.184
+fa88ae980d6e68f9aa9f9b257f1f3e71  7.2.185
+2262a6034d4cf01859a1d36982f38505  7.2.186
+c98b89c2594d7127574d0bd9838f241a  7.2.187
+8efff5f82388c43183739c280249b643  7.2.188
+bab560f5a4b1809c2859ab632f037135  7.2.189
+63098e6cdb253d83c30f42d3d4469900  7.2.190
+87a02a6db9029357d7e248bcf4923330  7.2.191
+88102a28fb2139fe14a66b2970958166  7.2.192
+66a202b39e36ac062db1432896d8d988  7.2.193
+3ba1ab13de695c1422e0cda65c03503d  7.2.194
+a42b79c5328c30b0951ce67da505a3f4  7.2.195
+f1ece679735785c46b58ed4d791b3880  7.2.196
+352908f71b12a7a30aafd985c338d247  7.2.197
+2a4764a5df5c1d18e4c7fee81074f55c  7.2.198
+61a30d8c51533f08a94ba23025a12f11  7.2.199
+1a21534f09d529a9096c5e9b978187e9  7.2.200
+61e01d2aef1d5c1c3b40d5e927bd83c9  7.2.201
+30df1365ef27c34558d4322cb71c5d83  7.2.202
+24ae52da6519c8f8fbd08676c64eac75  7.2.203
+e75f99a06eb7a03a5cf854505b1d795d  7.2.204
+3e2da4100f83cf2d308545d0c822a196  7.2.205
+4895874100f932e15a8c661fb40a19b1  7.2.206
+e3345b11c12eedd8871b2eeb811c9234  7.2.207
+a7f6deca2df02cc4d23274f3104b94d1  7.2.208
+62e83a3e30fe5b6f96ba276a342faf1c  7.2.209
+296e40f03bf6243583541ca440af802c  7.2.210
+3714237966fa05c9cae8fd4518a42ac4  7.2.211
+3537ef914ffbe5acbdede8d3581ecf41  7.2.212
+9f4b0f8a1dc9c3720eca6028c987fa01  7.2.213
+fb46e419802a06e26d8531628f50aca9  7.2.214
+388c0884878256fca9db1fb1fe9df98e  7.2.215
+cd568cf0b9b751b9ff1151fa6f5f0ae0  7.2.216
+288d5ee4b5ff25caa79446a95cb3ee98  7.2.217
+d86a84a239c25dda5101aac8c365154c  7.2.218
+9c0f11d3c52d1756381231e1c0a6156d  7.2.219
+bfed5d4e0bcae8eb7a7e0806d4367e0a  7.2.220
+3b169a3f976cf1808b12230dd24c0ff5  7.2.221
+a3f9c7d976ad8a49250d0ff3130b6390  7.2.222
+3ca61604214ef919b7bfe4b24eb69518  7.2.223
+5c550bd6e2111c10407b7aca009b1242  7.2.224
+b3ae8fa424e01a0fc67c9ed7393b422e  7.2.225
+6057e1247bd3b1538eef15c532caf881  7.2.226
+932e2a5394788124cbda950bfff327ff  7.2.227
+b97e5d33fa4fb8a1ea1308558bb33d41  7.2.228
+2107c7d981ca14d8e795ae744a903106  7.2.229
+7e98ae111e74676ef88c5e3edce785ed  7.2.230
+2abbb80186d28da703eb329d4247dd41  7.2.231
+5e5cfa4e5ee34cbbdd01c27ece1b7398  7.2.232
+9fa12db95776e9174ca7c95172a48838  7.2.233
+a46776a6914ec2972ada91b33b0cfb39  7.2.234
+97aecde2ab504e543a96bec84b3b5638  vimrc"
diff --git a/main/vim/vimrc b/main/vim/vimrc
new file mode 100644
index 0000000000..e301734245
--- /dev/null
+++ b/main/vim/vimrc
@@ -0,0 +1,15 @@
+set nocompatible        " Use Vim defaults (much better!)
+set bs=2                " Allow backspacing over everything in insert mode
+set ai                  " Always set auto-indenting on
+set history=50          " keep 50 lines of command history
+set ruler               " Show the cursor position all the time
+
+" Don't use Ex mode, use Q for formatting
+map Q gq
+
+" When doing tab completion, give the following files lower priority.
+set suffixes+=.info,.aux,.log,.dvi,.bbl,.out,.o,.lo
+
+set nomodeline
+syntax on
+autocmd BufRead APKBUILD set filetype=sh
diff --git a/main/vsftpd/APKBUILD b/main/vsftpd/APKBUILD
new file mode 100644
index 0000000000..fef929cad6
--- /dev/null
+++ b/main/vsftpd/APKBUILD
@@ -0,0 +1,36 @@
+# Contributor: Carlo Landmeter <clandmeter@gmail.com>
+pkgname=vsftpd
+pkgver=2.1.0
+pkgrel=1
+pkgdesc="Very secure ftpd"
+url="http://vsftpd.beasts.org"
+license="GPL"
+depends="openssl"
+makedepends="openssl-dev !libcap-dev"
+subpackages="$pkgname-doc"
+source="ftp://vsftpd.beasts.org/users/cevans/vsftpd-${pkgver}.tar.gz
+vsftpd-enable-ssl.patch
+vsftpd.initd
+vsftpd.confd"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	
+	#Enable SSL support 
+	patch -p0 -i "$srcdir"/vsftpd-enable-ssl.patch || return 1
+
+	make || return 1
+	
+	install -m755 -D vsftpd "$pkgdir"/usr/sbin/vsftpd
+	install -m644 -D vsftpd.8 "$pkgdir"/usr/share/man/man8/vsftpd.8
+	install -m644 -D vsftpd.conf.5 "$pkgdir"/usr/share/man/man5/vsftpd.conf.5
+	install -m644 -D vsftpd.conf "$pkgdir"/etc/vsftpd.conf
+	install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+	install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+	mkdir -p "$pkgdir"/usr/share/empty
+}
+
+md5sums="7890b54e7ffa6106ffbdfda53f47fa41  vsftpd-2.1.0.tar.gz
+f3cbaf364cd3c46a2a03b00de9d7e184  vsftpd-enable-ssl.patch
+7edf5990c9f5dda983e918c55c92078e  vsftpd.initd
+431dfe7403323e247a88b97beade5d78  vsftpd.confd"
diff --git a/main/vsftpd/vsftpd-enable-ssl.patch b/main/vsftpd/vsftpd-enable-ssl.patch
new file mode 100644
index 0000000000..22161907cd
--- /dev/null
+++ b/main/vsftpd/vsftpd-enable-ssl.patch
@@ -0,0 +1,11 @@
+--- builddefs.h.orig	Sun Mar  1 15:18:09 2009
++++ builddefs.h	Sun Mar  1 15:15:24 2009
+@@ -3,7 +3,7 @@
+ 
+ #undef VSF_BUILD_TCPWRAPPERS
+ #define VSF_BUILD_PAM
+-#undef VSF_BUILD_SSL
++#define VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */
+ 
diff --git a/main/vsftpd/vsftpd.confd b/main/vsftpd/vsftpd.confd
new file mode 100644
index 0000000000..0abb80c6e8
--- /dev/null
+++ b/main/vsftpd/vsftpd.confd
@@ -0,0 +1,9 @@
+# Sample conf.d file for alpine linux
+
+#
+# Specify daemon $OPTS here.
+#
+
+OPTS=""
+USER="nobody"
+GROUP="nobody"
diff --git a/main/vsftpd/vsftpd.initd b/main/vsftpd/vsftpd.initd
new file mode 100644
index 0000000000..9e8b124b00
--- /dev/null
+++ b/main/vsftpd/vsftpd.initd
@@ -0,0 +1,25 @@
+#!/sbin/runscript
+
+NAME=vsftpd
+DAEMON=/usr/sbin/$NAME
+
+depend() {
+	need net
+}
+
+start() {
+	ebegin "Starting ${NAME}"
+		start-stop-daemon --start --quiet --background \
+			--make-pidfile --pidfile /var/run/${NAME}.pid \
+			--exec ${DAEMON} -- ${OPTS}
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping ${NAME}"
+		start-stop-daemon --stop --quiet \
+			--exec ${DAEMON} \
+			--pidfile /var/run/${NAME}.pid \
+	eend $?
+}
+
diff --git a/main/wget/APKBUILD b/main/wget/APKBUILD
new file mode 100644
index 0000000000..b6581fa48a
--- /dev/null
+++ b/main/wget/APKBUILD
@@ -0,0 +1,29 @@
+# Contributor: Carlo Landmeter <clandmeter at gmail>
+# Maintainer: Carlo Landmeter <clandmeter at gmail>
+pkgname=wget
+pkgver=1.11.4
+pkgrel=1
+pkgdesc="A network utility to retrieve files from the Web"
+url="http://www.gnu.org/software/wget/wget.html"
+license="GPL3"
+depends="openssl"
+makedepends="openssl-dev"
+subpackages="$pkgname-doc"
+install="wget.post-deinstall"
+source="ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
+	$install"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+
+	./configure --prefix=/usr \
+		--sysconfdir=/etc \
+		--mandir=/usr/share/man \
+		--infodir=/usr/share/info \
+		--disable-nls
+	make || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="69e8a7296c0e12c53bd9ffd786462e87  wget-1.11.4.tar.gz
+b84506d253e04db3c5af9016fead45a3  wget.post-deinstall"
diff --git a/main/wget/wget.post-deinstall b/main/wget/wget.post-deinstall
new file mode 100644
index 0000000000..99b57c4635
--- /dev/null
+++ b/main/wget/wget.post-deinstall
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+busybox --install -s
diff --git a/main/wireless_tools/APKBUILD b/main/wireless_tools/APKBUILD
new file mode 100644
index 0000000000..fe8c72ef91
--- /dev/null
+++ b/main/wireless_tools/APKBUILD
@@ -0,0 +1,22 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=wireless_tools
+pkgver=29
+pkgrel=0
+pkgdesc="Wireless Tools"
+url="http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html"
+license="GPL"
+subpackages="$pkgname-dev $pkgname-doc"
+depends=
+makedepends=
+source="http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/$pkgname.$pkgver.tar.gz"
+
+build ()
+{
+	cd $srcdir/wireless_tools.$pkgver
+	make || return 1
+	make INSTALL_DIR=$pkgdir/usr/sbin \
+		INSTALL_LIB=$pkgdir/usr/lib \
+		INSTALL_INC=$pkgdir/usr/include \
+		INSTALL_MAN=$pkgdir/usr/share/man install || return 1
+}
+md5sums="e06c222e186f7cc013fd272d023710cb  wireless_tools.29.tar.gz"
diff --git a/main/xfsprogs/APKBUILD b/main/xfsprogs/APKBUILD
new file mode 100644
index 0000000000..6efce7220e
--- /dev/null
+++ b/main/xfsprogs/APKBUILD
@@ -0,0 +1,35 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=xfsprogs
+pkgver=3.0.1
+pkgrel=0
+pkgdesc="XFS filesystem utilities"
+url="http://oss.sgi.com/projects/xfs/"
+license="LGPL"
+depends="e2fsprogs"
+makedepends="e2fsprogs-dev bash"
+subpackages="$pkgname-dev $pkgname-doc"
+source="ftp://oss.sgi.com/projects/xfs/cmd_tars/${pkgname}-$pkgver.tar.gz
+	xfsprogs-3.0.0-gzip.patch
+	"
+
+build() {
+	cd "$srcdir"/$pkgname-$pkgver
+	for i in ../*.patch; do
+		msg "Applying $i..."
+		patch -p1 < $i || return 1
+	done
+	
+	export DEBUG=-DNDEBUG
+	export OPTIMIZER="$CFLAGS"
+
+	ac_cv_header_aio_h=yes ac_cv_lib_rt_lio_listio=yes \
+	./configure --prefix=/usr \
+		--sbindir=/sbin \
+		--libexecdir=/usr/lib \
+		--enable-gettext=no
+
+	make SHELL=/bin/bash || return 1
+	make -j1 DIST_ROOT="$pkgdir" install install-dev
+}
+md5sums="d7f879a21692d4f7abc16a20479b0829  xfsprogs-3.0.1.tar.gz
+c72865de30f55343e843dd4fd49a91c5  xfsprogs-3.0.0-gzip.patch"
diff --git a/main/xfsprogs/xfsprogs-3.0.0-gzip.patch b/main/xfsprogs/xfsprogs-3.0.0-gzip.patch
new file mode 100644
index 0000000000..40f80023d4
--- /dev/null
+++ b/main/xfsprogs/xfsprogs-3.0.0-gzip.patch
@@ -0,0 +1,24 @@
+diff -ru xfsprogs-3.0.0.orig/doc/Makefile xfsprogs-3.0.0/doc/Makefile
+--- xfsprogs-3.0.0.orig/doc/Makefile	2009-02-18 13:42:47.000000000 +0000
++++ xfsprogs-3.0.0/doc/Makefile	2009-02-18 13:43:10.000000000 +0000
+@@ -13,7 +13,7 @@
+ include $(BUILDRULES)
+ 
+ CHANGES.gz:
+-	$(ZIP) --best -c < CHANGES > $@
++	$(ZIP) -c < CHANGES > $@
+ 
+ install: default
+ 	$(INSTALL) -m 755 -d $(PKG_DOC_DIR)
+diff -ru xfsprogs-3.0.0.orig/include/buildmacros xfsprogs-3.0.0/include/buildmacros
+--- xfsprogs-3.0.0.orig/include/buildmacros	2009-02-18 13:42:47.000000000 +0000
++++ xfsprogs-3.0.0/include/buildmacros	2009-02-18 13:43:46.000000000 +0000
+@@ -128,7 +128,7 @@
+ MAN_MAKERULE = \
+ 	@for f in *.[12345678] ""; do \
+ 		if test ! -z "$$f"; then \
+-			$(ZIP) --best -c < $$f > $$f.gz; \
++			$(ZIP) -c < $$f > $$f.gz; \
+ 		fi; \
+ 	done
+ 
diff --git a/main/xtables-addons-grsec/APKBUILD b/main/xtables-addons-grsec/APKBUILD
new file mode 100644
index 0000000000..59521d59c7
--- /dev/null
+++ b/main/xtables-addons-grsec/APKBUILD
@@ -0,0 +1,39 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+_flavor=${FLAVOR:-grsec}
+_realname=xtables-addons
+
+# source the kernel version
+if [ -f ../linux-$_flavor/APKBUILD ]; then
+	. ../linux-$_flavor/APKBUILD
+fi
+_abi_release=$pkgver-${_flavor}
+
+# get pkgver from xtables-addons package
+if [ -f ../$_realname/APKBUILD ]; then
+	. ../$_realname/APKBUILD
+fi
+
+pkgname=${_realname}-${_flavor}
+pkgver=${pkgver:-1.17}
+pkgrel=1
+pkgdesc="Iptables extensions kernel modules"
+url="http://xtables-addons.sourceforge.net/"
+license="GPL"
+depends=
+makedepends="linux-${_flavor}-dev iptables-dev pkgconfig"
+install=
+subpackages=
+source="http://downloads.sourceforge.net/$_realname/$_realname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$_realname-$pkgver"
+
+	./configure --prefix=/usr \
+		--with-kbuild=/usr/src/linux-headers-${_abi_release}
+
+	cd extensions
+	make CC="${CC:-gcc}" modules || return 1
+	make DESTDIR="$pkgdir" modules_install
+}
+
+md5sums="eca2e3f4f4904814e3a301539876fae6  xtables-addons-1.17.tar.bz2"
diff --git a/main/xtables-addons/APKBUILD b/main/xtables-addons/APKBUILD
new file mode 100644
index 0000000000..febbcdd72e
--- /dev/null
+++ b/main/xtables-addons/APKBUILD
@@ -0,0 +1,28 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=xtables-addons
+pkgver=1.17
+pkgrel=0
+pkgdesc="Netfilter userspace extensions for iptables"
+url="http://xtables-addons.sourceforge.net/"
+license="GPL"
+depends="iptables"
+makedepends="iptables-dev pkgconfig bash"
+install=
+subpackages="$pkgname-doc"
+source="http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.bz2"
+
+build() {
+	cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr \
+		--mandir=/usr/share/man \
+		--without-kbuild 
+
+	# we dont want to build or install modules. We hack the makefile
+	sed -i -e '/^all:/s/modules//; /^install:/s/modules_install//' \
+		extensions/GNUmakefile
+
+	make CC="${CC-gcc}" || return 1
+	make DESTDIR="$pkgdir" install
+}
+
+md5sums="eca2e3f4f4904814e3a301539876fae6  xtables-addons-1.17.tar.bz2"
diff --git a/main/xvidcore/APKBUILD b/main/xvidcore/APKBUILD
new file mode 100644
index 0000000000..64858bf8df
--- /dev/null
+++ b/main/xvidcore/APKBUILD
@@ -0,0 +1,25 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=xvidcore
+pkgver=1.2.1
+pkgrel=1
+pkgdesc="XviD is an open source MPEG-4 video codec"
+url="http://www.xvid.org/"
+license="GPL"
+subpackages="$pkgname-dev"
+depends=
+makedepends="nasm"
+source="http://downloads.xvid.org/downloads/$pkgname-$pkgver.tar.bz2"
+
+build () 
+{ 
+	cd "$srcdir"/$pkgname/build/generic
+	./configure --prefix=/usr \
+		--disable-assembly
+	make || return 1
+	make DESTDIR="$pkgdir" install
+	cd "$pkgdir"/usr/lib
+	mylib=$(basename libxvidcore.so.*)
+	ln -sf ${mylib} libxvidcore.so.4
+	ln -sf ${mylib} libxvidcore.so
+}
+md5sums="8c4470ae8e5a104abedb39f6c70e2a40  xvidcore-1.2.1.tar.bz2"
diff --git a/main/zip/10-zip-3.0-build.patch b/main/zip/10-zip-3.0-build.patch
new file mode 100644
index 0000000000..5ddad23b95
--- /dev/null
+++ b/main/zip/10-zip-3.0-build.patch
@@ -0,0 +1,36 @@
+respect build environment settings
+
+--- unix/configure	Wed Jan 28 22:22:13 2009
++++ unix/configure	Wed Jan 28 22:23:54 2009
+@@ -18,7 +18,7 @@
+ 
+ CC=${1-cc}
+ CFLAGS=${2-"-I. -DUNIX"}
+-LFLAGS1=''
++LFLAGS1="${LDFLAGS}"
+ LFLAGS2=''
+ LN="ln -s"
+ 
+@@ -118,7 +118,7 @@
+ fi
+ 
+ # optimization flags
+-if test -n "${CFLAGS_OPT}"; then
++if false; then
+   CFLAGS="${CFLAGS} ${CFLAGS_OPT}"
+   CFLAGS_BZ="${CFLAGS_BZ} ${CFLAGS_OPT}"
+ fi
+@@ -220,13 +220,6 @@
+ echo Check for the C preprocessor
+ # on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp.
+ CPP="${CC} -E"
+-# solaris as(1) needs -P, maybe others as well ?
+-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
+-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
+-[ -f /lib/cpp ] && CPP=/lib/cpp
+-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
+-[ -f /xenix ] && CPP="${CC} -E"
+-[ -f /lynx.os ] && CPP="${CC} -E"
+ 
+ echo "#include <stdio.h>" > conftest.c
+ $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E"
diff --git a/main/zip/20-zip-3.0-exec-stack.patch b/main/zip/20-zip-3.0-exec-stack.patch
new file mode 100644
index 0000000000..d85fb117b0
--- /dev/null
+++ b/main/zip/20-zip-3.0-exec-stack.patch
@@ -0,0 +1,22 @@
+add proper GNU stack markings so we dont get the default: executable
+
+--- crc_i386.S	Wed Jan 28 22:22:13 2009
++++ crc_i386.S	Wed Jan 28 22:27:04 2009
+@@ -302,3 +302,7 @@
+ #endif /* i386 || _i386 || _I386 || __i386 */
+ 
+ #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */
++
++#if defined __ELF__ && defined __linux__
++.section .note.GNU-stack,"",@progbits
++#endif
+--- match.S	Wed Jan 28 22:22:13 2009
++++ match.S	Wed Jan 28 22:27:04 2009
+@@ -405,3 +405,7 @@
+ #endif /* i386 || _I386 || _i386 || __i386  */
+ 
+ #endif /* !USE_ZLIB */
++
++#if defined __ELF__ && defined __linux__
++.section .note.GNU-stack,"",@progbits
++#endif
diff --git a/main/zip/30-zip-3.0-pic.patch b/main/zip/30-zip-3.0-pic.patch
new file mode 100644
index 0000000000..14a8821b04
--- /dev/null
+++ b/main/zip/30-zip-3.0-pic.patch
@@ -0,0 +1,15 @@
+if our toolchain generates PIC by default, then do not use the hand written
+assembly files as none of it is PIC friendly.
+
+--- unix/configure	Wed Jan 28 22:23:54 2009
++++ unix/configure	Wed Jan 28 22:29:51 2009
+@@ -228,6 +228,9 @@
+ echo Check if we can use asm code
+ OBJA=""
+ OCRCU8=""
++piclib="$(echo | $CPP -dM $CFLAGS - | grep -i __pic__)"
++echo "Checking if compiler wants to create pic code"
++[ "$piclib" == "" ] && \
+ if eval "$CPP match.S > _match.s 2>/dev/null"; then
+   if test ! -s _match.s || grep error < _match.s > /dev/null; then
+     :
diff --git a/main/zip/APKBUILD b/main/zip/APKBUILD
new file mode 100644
index 0000000000..4998c35b76
--- /dev/null
+++ b/main/zip/APKBUILD
@@ -0,0 +1,30 @@
+# Maintainer: Carlo Landmeter <clandmeter at gmail.com>
+pkgname=zip
+pkgver=3.0
+pkgrel=0
+pkgdesc="Creates PKZIP-compatible .zip files"
+url="http://www.info-zip.org/pub/infozip/Zip.html"
+license="AS IS"
+depends="uclibc"
+makedepends=""
+source="ftp://ftp.info-${pkgname}.org/pub/info${pkgname}/src/${pkgname}30.zip
+10-zip-3.0-build.patch
+20-zip-3.0-exec-stack.patch
+30-zip-3.0-pic.patch"
+subpackages="$pkgname-doc"
+
+build () 
+{ 
+	cd "${srcdir}/${pkgname}30"
+        for i in ../*.patch; do
+		msg "Applying $i"
+		patch -p0 < $i || return 1
+	done
+	make -f unix/Makefile LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" prefix=/usr generic || return 1
+	make -f unix/Makefile prefix=${pkgdir}/usr MANDIR=${pkgdir}/usr/share/man install
+}
+
+md5sums="e88492c8abd68fa9cfba72bc08757dba  zip30.zip
+c86c527b6ad487aef02954bb1607ff07  10-zip-3.0-build.patch
+f6490facf87e501b5d0c7095949515a7  20-zip-3.0-exec-stack.patch
+f0b90de421d370f1b40b0f681d3829d8  30-zip-3.0-pic.patch"
diff --git a/main/zlib/APKBUILD b/main/zlib/APKBUILD
new file mode 100644
index 0000000000..f497f2c114
--- /dev/null
+++ b/main/zlib/APKBUILD
@@ -0,0 +1,23 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=zlib
+pkgver=1.2.3.3
+pkgrel=7
+pkgdesc="A compression/decompression Library"
+license=custom:zlib
+url="http://www.gzip.org/zlib"
+depends=
+source="ftp://ftp.archlinux.org/other/$pkgname/$pkgname-$pkgver.tar.gz"
+subpackages="$pkgname-dev $pkgname-doc"
+
+build() {
+        cd "$srcdir/$pkgname-$pkgver"
+	./configure --prefix=/usr --libdir=/lib --shared
+	make || return 1
+	make install DESTDIR="$pkgdir" || return 1
+
+	# we want the zlib.pc be a part of -dev package
+	mkdir -p "$pkgdir"/usr/lib
+	mv "$pkgdir"/lib/pkgconfig "$pkgdir"/usr/lib/
+}
+
+md5sums="c444cf020e5f0e3323b11f5a2d8af8d3  zlib-1.2.3.3.tar.gz"
diff --git a/main/zonenotify/APKBUILD b/main/zonenotify/APKBUILD
new file mode 100644
index 0000000000..9709eba4ee
--- /dev/null
+++ b/main/zonenotify/APKBUILD
@@ -0,0 +1,18 @@
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=zonenotify
+pkgver=0.1
+pkgrel=0
+pkgdesc="Utility to send NS_NOTIFY packets to slave DNS servers"
+arch=""
+url="http://www.morettoni.net/zonenotify.en.html"
+license='BSD'
+depends="uclibc"
+source="http://www.morettoni.net/bsd/$pkgname-$pkgver.tar.gz"
+
+build() {
+	cd "$srcdir/$pkgname"
+	make || return 1
+	install -D zonenotify "$pkgdir"/usr/bin/zonenotify
+}
+
+md5sums="1cb15b505eaa22440c7a26ea34af2514  zonenotify-0.1.tar.gz"