Merge remote branch 'amanison/master'

22 files changed, 572 insertions, 858 deletions

diff --git a/.gitignore b/.gitignore
index 9ef5555f12..9d9743a234 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,13 @@
 *.apk
 *.gz
+*.tgz
 *.bz2
+*.tbz2
+*.zip
 src
 pkg
 pkg-*
+main/vim/7.2.*
+main_*.txt
+testing_*.txt
+unstable_*.txt
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000000..67eb3daaec
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,69 @@
+.PHONY: main testing non-free unstable
+
+rootdir := $(shell pwd)
+
+all: main testing non-free unstable
+
+apkbuilds := $(shell find . -maxdepth 3 -name APKBUILD -print)
+
+all-pkgs := $(sort $(subst ./,,$(patsubst %/,%,$(dir $(apkbuilds)))))
+
+main-pkgs :=  $(shell ./aport.lua deplist $(rootdir) main)
+
+testing-pkgs :=  $(shell ./aport.lua deplist $(rootdir) testing)
+
+non-free-pkgs :=  $(shell ./aport.lua deplist $(rootdir) non-free)
+
+unstable-pkgs :=  $(shell ./aport.lua deplist $(rootdir) unstable)
+
+main: 
+        for p in $(main-pkgs) ; \
+        do \
+                cd $(rootdir)/$@/$$p; \
+                abuild -r; \
+        done
+
+testing: 
+        for p in $(testing-pkgs) ; \
+        do \
+                cd $(rootdir)/$@/$$p; \
+                abuild -r; \
+        done
+
+non-free: 
+        for p in $(non-free-pkgs) ; \
+        do \
+                cd $(rootdir)/$@/$$p; \
+                abuild -r; \
+        done
+
+unstable: 
+        for p in $(unstable-pkgs) ; \
+        do \
+                cd $(rootdir)/$@/$$p; \
+                abuild -r; \
+        done
+
+clean:
+        for p in $(all-pkgs) ; do \
+                cd $(rootdir)/$$p; \
+                abuild clean; \
+                abuild cleanpkg; \
+        done
+
+fetch:
+        for p in $(all-pkgs) ; do \
+                cd $(rootdir)/$$p; \
+                abuild fetch; \
+        done
+
+distclean:
+        for p in $(all-pkgs) ; \
+        do \
+                cd $(rootdir)/$$p; \
+                abuild clean; \
+                abuild cleanoldpkg; \
+                abuild cleanpkg; \
+                abuild cleancache; \
+        done
+
diff --git a/aport.lua b/aport.lua
new file mode 100755
index 0000000000..71113475af
--- /dev/null
+++ b/aport.lua
@@ -0,0 +1,244 @@
+#!/usr/bin/lua
+
+
+-- those should be read from some config file
+aportsdir = "~/aports"
+repos = { "main", "testing" }
+
+
+function split(str)
+        local t = {}
+        if (str == nil) then
+                return nil
+        end
+        for e in string.gmatch(str, "%S+") do
+                table.insert(t, e)
+        end
+        return t
+end
+
+function split_apkbuild(line)
+        local r = {}
+        local dir, pkgname, pkgver, pkgrel, depends, makedepends, subpackages, source = string.match(line, "([^|]*)|([^|]*)|([^|]*)|([^|]*)|([^|]*)|([^|]*)|([^|]*)")
+        r.dir = dir
+        r.pkgname = pkgname
+        r.pkgver = pkgver
+        r.pkgrel = pkgrel
+        r.depends = split(depends)
+        r.makedepends = split(makedepends)
+        r.subpackages = split(subpackages)
+        r.source = split(source)
+        return r
+end
+
+-- parse the APKBUILDs and return a list
+function parse_apkbuilds(dir, repos)
+        local i,v, p
+        local str=""
+        if repos == nil then
+                return
+        end
+        --expand repos
+        for i,v in ipairs(repos) do
+                str = str..dir.."/"..v.."/*/APKBUILD "
+        end
+
+        local p = io.popen([[
+                for i in ]]..str..[[; do
+                        pkgname=
+                        pkgver=
+                        pkgrel=
+                        depends=
+                        makedepends=
+                        subpackages=
+                        source=
+                        dir="${i%/APKBUILD}"
+                        cd "$dir"
+                        . ./APKBUILD
+                        echo $dir\|$pkgname\|$pkgver\|$pkgrel\|$depends\|$makedepends\|$subpackages\|$source
+                done
+        ]])
+        return function()
+                local line = p:read("*line")
+                if line == nil then
+                        p:close()
+                        return nil
+                end
+                return split_apkbuild(line)
+        end
+end
+
+function target_packages(pkgdb, pkgname)
+        local i,v
+        local t = {}
+        for i,v in ipairs(pkgdb[pkgname]) do
+                table.insert(t, pkgname.."-"..v.pkgver.."-r"..v.pkgrel..".apk")
+        end
+        return t
+end
+
+function list_depends( pkg, pkgdb )
+        local dl = {}
+        local s
+        if pkg and not pkg.added then
+                pkg.added = true
+
+                if pkg.depends then
+                        for i,v in ipairs(pkg.depends) do
+                                --print("v = <"..v..">")
+                                s = list_depends( pkgdb[v], pkgdb )
+                                if #s > 0 then
+                                        dl[#dl + 1] = s
+                                end
+                        end
+                end
+                if pkg.makedepends then
+                        for i,v in ipairs(pkg.makedepends) do
+                                --print("v = {"..v.."}")
+                                s = list_depends( pkgdb[v], pkgdb )
+                                if #s > 0 then
+                                        dl[#dl + 1] = s
+                                end
+                        end
+                end
+                dl[#dl + 1] = pkg.pkgname
+        end
+
+        s = table.concat(dl," ")
+        --print("s = ["..s.."]")
+        return s
+end
+
+function init_apkdb(aportsdir, repos)
+        local pkgdb = {}
+        local revdeps = {}
+        local a
+
+        for a in parse_apkbuilds(aportsdir, repos) do
+        --      io.write(a.pkgname.." "..a.pkgver.."\t"..a.dir.."\n")
+                if pkgdb[a.pkgname] == nil then
+                        pkgdb[a.pkgname] = {}
+                end
+                --table.insert(pkgdb[a.pkgname], a)
+                pkgdb[a.pkgname] = a
+                --print("pk "..a.pkgname.." is a "..type(a).." ("..pkgdb[a.pkgname].pkgname..")")
+                -- add subpackages to package db
+                local k,v
+                for k,v in ipairs(a.subpackages) do
+                        if pkgdb[v] == nil then
+                                pkgdb[v] = {}
+                        end
+                        --table.insert(pkgdb[v], a)
+                        pkgdb[v] = a
+                end
+                -- add to reverse dependencies
+                for k,v in ipairs(a.makedepends) do
+                        if revdeps[v] == nil then
+                                revdeps[v] = {}
+                        end
+                        table.insert(revdeps[v], a)
+                end
+        end
+        return pkgdb, revdeps
+end
+
+-- PKGBUILD import
+function split_pkgbuild(line)
+        local r = {}
+        local pkgname, pkgver = string.match(line, "([^|]*)|([^|]*)")
+        r.pkgname = pkgname
+        r.pkgver = pkgver
+        return r
+end
+
+function parse_pkgbuilds(dir, repos)
+        local i,v, p
+        local str=""
+        if repos == nil then
+                return
+        end
+        --expand repos
+        for i,v in ipairs(repos) do
+                str = str..dir.."/"..v.."/*/PKGBUILD "
+        end
+
+        local p = io.popen([[/bin/bash -c '
+                for i in ]]..str..[[; do
+                        pkgname=
+                        pkgver=
+                        source $i
+                        echo $pkgname\|$pkgver
+                done
+                ' 2>/dev/null
+        ]])
+        return function()
+                local line = p:read("*line")
+                if line == nil then
+                        p:close()
+                        return nil
+                end
+                return split_pkgbuild(line)
+        end
+end
+
+function init_absdb(dir, repos)
+        local p
+        local db = {}
+        for p in parse_pkgbuilds(dir, repos) do
+                if db[p.pkgname] == nil then
+                        db[p.pkgname] = {}
+                end
+                table.insert(db[p.pkgname], p.pkgver)
+        end
+        return db
+end
+
+
+-- Applets -----------------------
+applet = {}
+function applet.revdep(arg)
+        local pkg = arg[2]
+        if pkg == nil then
+                -- usage?
+                return nil
+        end
+        local apkdb, rev = init_apkdb(aportsdir, repos)
+        local _,p
+        for _,p in ipairs(rev[pkg] or {}) do
+                print(p.pkgname)
+        end
+end
+--absdb = init_absdb("/var/abs", { "core", "extra", "community" })
+
+function applet.deplist(arg)
+        local apkdb, rev = init_apkdb(arg[2],{ arg[3] })
+
+        local deplist = {}
+        local nm,pk
+        for nm,pk in pairs(apkdb) do
+                local dl
+                --print("pk "..nm.." is a "..type(pk).." ("..apkdb[nm].pkgname..")")
+                --deplist[#deplist + 1] = "***"
+                dl = list_depends(pk,apkdb)
+                -- print("deplist for "..nm..": "..deplist)
+                if #dl > 0 then
+                        deplist[#deplist + 1] = dl
+                end
+        end
+        print(table.concat(deplist," "))
+end
+
+cmd = arg[1]
+
+if cmd == nil then
+        -- usage
+        io.stderr:write( "no command given\n" );
+        return
+end
+
+if type(applet[cmd]) == "function" then
+        applet[cmd](arg)
+else
+        io.stderr:write(cmd..": invalid applet\n")
+end
+
diff --git a/main/apr-util/APKBUILD b/main/apr-util/APKBUILD
index d97674ae68..9b8d15407b 100644
--- a/main/apr-util/APKBUILD
+++ b/main/apr-util/APKBUILD
@@ -7,7 +7,7 @@ url="http://apr.apache.org/"
 license="APACHE"
 depends=
 subpackages="$pkgname-dev"
-makedepends="apr-dev expat-dev e2fsprogs-dev"
+makedepends="apr-dev expat-dev e2fsprogs-dev bash"
 source="http://www.apache.org/dist/apr/$pkgname-$pkgver.tar.bz2"
 
 build() {
diff --git a/main/chrony/APKBUILD b/main/chrony/APKBUILD
index b83a0e853d..cc0696605a 100644
--- a/main/chrony/APKBUILD
+++ b/main/chrony/APKBUILD
@@ -3,12 +3,12 @@ pkgname=chrony
 pkgver=1.23
 pkgrel=6
 pkgdesc="NTP client and server programs"
-url="http://chrony.sunsite.dk/"
+url="http://chrony.tuxfamily.org/"
 license="GPL-2"
 depends="logrotate"
 makedepends="texinfo"
 subpackages="$pkgname-doc"
-source="http://www.sfr-fresh.com/linux/misc/chrony-$pkgver.tar.gz
+source="http://download.tuxfamily.org/chrony/$pkgname-$pkgver.tar.gz
         $pkgname-1.20-conf.c-gentoo.diff
         $pkgname-1.20-chrony.conf.example-gentoo.diff
         $pkgname-1.21-makefile.diff
diff --git a/main/dhcp/APKBUILD b/main/dhcp/APKBUILD
index 622902c10e..caf32b7685 100644
--- a/main/dhcp/APKBUILD
+++ b/main/dhcp/APKBUILD
@@ -10,7 +10,7 @@ depends=
 makedepends=
 install="dhcp.pre-install dhcp.post-install dhcp.pre-upgrade dhcp.post-upgrade"
 subpackages="$pkgname-doc $pkgname-dev dhclient dhcrelay"
-source="http://ftp.isc.org/isc/dhcp/$pkgname-$_realver.tar.gz
+source="http://ftp.isc.org/isc/dhcp/dhcp-4.1-history/$pkgname-$_realver.tar.gz
         linux_ipv6_discover.patch
         dhcp-3.0-fix-perms.patch
         dhcrelay.initd
diff --git a/main/dialog/APKBUILD b/main/dialog/APKBUILD
index 5c6703dc92..1035f0d442 100644
--- a/main/dialog/APKBUILD
+++ b/main/dialog/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Michael Mason <ms13sp@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=dialog
-pkgver=1.1.20080819
-_ver=${pkgver%.*}-${pkgver##*.}
+pkgver=1.1.20100428
+_pkgver=1.1-20100428
 pkgrel=1
 pkgdesc="A script-interpreter which provides a set of curses"
 url="http://invisible-island.net/dialog/dialog.html"
@@ -11,10 +11,10 @@ depends=
 makedepends="ncurses-dev"
 install=
 subpackages="$pkgname-doc"
-source="ftp://invisible-island.net/dialog/$pkgname.tar.gz"
+source="ftp://ftp.us.debian.org/debian/pool/main/d/$pkgname/dialog_$_pkgver.orig.tar.gz"
 
 build() {
-        cd "$srcdir/$pkgname-$_ver"
+        cd "$srcdir/$pkgname-$_pkgver"
         ./configure --prefix=/usr \
                 --sysconfdir=/etc \
                 --mandir=/usr/share/man \
@@ -23,8 +23,8 @@ build() {
 }
 
 package() {
-        cd "$srcdir/$pkgname-$_ver"
+        cd "$srcdir/$pkgname-$_pkgver"
         make DESTDIR="$pkgdir" install
 }
 
-md5sums="3caebd641a9f337b980becb4444336c5  dialog.tar.gz"
+md5sums="519c0a0cbac28ddb992111ec2c3f82aa  dialog_1.1-20100428.orig.tar.gz"
diff --git a/main/heimdal/APKBUILD b/main/heimdal/APKBUILD
index 92a0eda1c0..1bf4d91fc1 100644
--- a/main/heimdal/APKBUILD
+++ b/main/heimdal/APKBUILD
@@ -12,7 +12,7 @@ makedepends="gawk readline-dev e2fsprogs-dev>=1.41.9-r2 sqlite-dev autoconf auto
 install=
 subpackages="$pkgname-doc $pkgname-dev $pkgname-ftp $pkgname-telnet \
 $pkgname-su $pkgname-rsh $pkgname-rcp $pkgname-pagsh $pkgname-kf"
-source="http://www.h5l.org/dist/src/$pkgname-$pkgver.tar.gz
+source="http://ftp4.de.freesbie.org/pub/misc/heimdal/src/$pkgname-$pkgver.tar.gz
 001_all_heimdal-no_libedit.patch
 002_all_heimdal-fPIC.patch
 003_all_heimdal-rxapps.patch
diff --git a/main/libconfig/APKBUILD b/main/libconfig/APKBUILD
index e153c6fb65..db88ca1ca7 100644
--- a/main/libconfig/APKBUILD
+++ b/main/libconfig/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libconfig
-pkgver=1.4.1
-pkgrel=2
+pkgver=1.4.5
+pkgrel=0
 pkgdesc="a simple library for manipulating structured configuration files"
 url="http://www.hyperrealm.com/libconfig/"
 license='LGPL'
@@ -24,4 +24,4 @@ package() {
         make -j1 DESTDIR="$pkgdir/" install
 }
 
-md5sums="7b2885272802b3ace56d3c8b445a4588  libconfig-1.4.1.tar.gz"
+md5sums="f2219e1b2501e7296a7d3e971c63666a  libconfig-1.4.5.tar.gz"
diff --git a/main/libxfce4menu/APKBUILD b/main/libxfce4menu/APKBUILD
index 7ba2bd6d5d..52a0b32e99 100644
--- a/main/libxfce4menu/APKBUILD
+++ b/main/libxfce4menu/APKBUILD
@@ -9,7 +9,7 @@ depends=
 subpackages="$pkgname-dev $pkgname-doc"
 makedepends="libxfce4util-dev intltool pkgconfig gtk+-dev gettext-dev
         libiconv-dev"
-source="http://mocha.xfce.org/archive/xfce-$pkgver/src/$pkgname-$pkgver.tar.bz2"
+source="http://i386.miwibox.org/distfiles/xfce4/$pkgname-$pkgver.tar.bz2"
 
 build () {
         cd "$srcdir"/$pkgname-$pkgver
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index efd0e36a50..07993f9654 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.16
 _kernver=2.6.32
-pkgrel=2
+pkgrel=3
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -99,13 +99,13 @@ dev() {
         # kernel modules and install those as /usr/src/linux-headers,
         # simlar to what ubuntu does
         #
-        # this way you dont need to install the 300-400 kernel sources to 
+        # this way you dont need to install the 300-400 kernel sources to
         # build a tiny kernel module
         #
         pkgdesc="Headers and script for third party modules for grsec kernel"
         local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
 
-        # first we import config, run prepare to set up for building 
+        # first we import config, run prepare to set up for building
         # external modules, and create the scripts
         mkdir -p "$dir"
         cp "$srcdir"/$_config "$dir"/.config
diff --git a/main/linux-pae/APKBUILD b/main/linux-pae/APKBUILD
index cfaa725493..2617081935 100644
--- a/main/linux-pae/APKBUILD
+++ b/main/linux-pae/APKBUILD
@@ -4,7 +4,7 @@ _flavor=pae
 pkgname=linux-${_flavor}
 pkgver=2.6.32.15
 _kernver=2.6.32
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with PAE enabled"
 url=http://www.kernel.org
 depends="mkinitfs linux-firmware"
@@ -96,13 +96,13 @@ dev() {
         # kernel modules and install those as /usr/src/linux-headers,
         # simlar to what ubuntu does
         #
-        # this way you dont need to install the 300-400 kernel sources to 
+        # this way you dont need to install the 300-400 kernel sources to
         # build a tiny kernel module
         #
         pkgdesc="Headers and script for third party modules for grsec kernel"
         local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
 
-        # first we import config, run prepare to set up for building 
+        # first we import config, run prepare to set up for building
         # external modules, and create the scripts
         mkdir -p "$dir"
         cp "$srcdir"/$_config "$dir"/.config
diff --git a/main/linux-vserver/APKBUILD b/main/linux-vserver/APKBUILD
index d9aaf94794..912954526a 100644
--- a/main/linux-vserver/APKBUILD
+++ b/main/linux-vserver/APKBUILD
@@ -5,7 +5,7 @@ pkgname=linux-${_flavor}
 pkgver=2.6.32.16
 
 _kernver=2.6.32
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with vserver"
 url="http://linux-vserver.org/"
 depends="mkinitfs linux-firmware"
@@ -37,7 +37,7 @@ prepare() {
 
         mkdir -p "$srcdir"/build
         cp "$srcdir"/$_config "$srcdir"/build/.config
-        make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="$CC" \
+        make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \
                 silentoldconfig
 }
 
@@ -64,7 +64,7 @@ package() {
                 INSTALL_PATH="$pkgdir"/boot
 
         rm -f "$pkgdir"/lib/modules/${_abi_release}/build \
-                "$pkgdir"/lib/modules/${_abi_release}/source 
+                "$pkgdir"/lib/modules/${_abi_release}/source
         rm -rf "$pkgdir"/lib/firmware
 
         install -D include/config/kernel.release \
@@ -76,17 +76,17 @@ dev() {
         # kernel modules and install those as /usr/src/linux-headers,
         # simlar to what ubuntu does
         #
-        # this way you dont need to install the 300-400 kernel sources to 
+        # this way you dont need to install the 300-400 kernel sources to
         # build a tiny kernel module
         #
         pkgdesc="Headers and script for third party modules for grsec kernel"
         local dir="$subpkgdir"/usr/src/linux-headers-${_abi_release}
 
-        # first we import config, run prepare to set up for building 
+        # first we import config, run prepare to set up for building
         # external modules, and create the scripts
         mkdir -p "$dir"
         cp "$srcdir"/$_config "$dir"/.config
-        make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="$CC" \
+        make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
                 silentoldconfig prepare scripts
 
         # remove the stuff that poits to real sources. we want 3rd party
diff --git a/main/openssl/openssl-0.9.8k-padlock-sha.patch b/main/openssl/openssl-0.9.8k-padlock-sha.patch
deleted file mode 100644
index b2e7e954d6..0000000000
--- a/main/openssl/openssl-0.9.8k-padlock-sha.patch
+++ /dev/null
@@ -1,821 +0,0 @@
-#
-# OpenSSL patch to support VIA C7 hash engine
-# Written by: Timo Teras <timo.teras@iki.fi>
-# based on patch by: Michal Ludvig <michal@logix.cz>
-#                    http://www.logix.cz/michal/devel/padlock
-#
-Index: openssl-0.9.8k/crypto/engine/eng_padlock.c
-===================================================================
---- openssl-0.9.8k.orig/crypto/engine/eng_padlock.c     2009-07-27 16:18:20.000000000 +0300
-+++ openssl-0.9.8k/crypto/engine/eng_padlock.c  2009-07-30 22:02:54.000000000 +0300
-@@ -1,10 +1,13 @@
--/* 
-+/*
-  * Support for VIA PadLock Advanced Cryptography Engine (ACE)
-  * Written by Michal Ludvig <michal@logix.cz>
-  *            http://www.logix.cz/michal
-  *
-- * Big thanks to Andy Polyakov for a help with optimization, 
-- * assembler fixes, port to MS Windows and a lot of other 
-+ * SHA support by Timo Teras <timo.teras@iki.fi> based on code
-+ * originally by Michal Ludvig.
-+ *
-+ * Big thanks to Andy Polyakov for a help with optimization,
-+ * assembler fixes, port to MS Windows and a lot of other
-  * valuable work on this engine!
-  */
- 
-@@ -66,6 +69,13 @@
- #include <stdio.h>
- #include <string.h>
- 
-+#include <signal.h>
-+#include <stdint.h>
-+#include <unistd.h>
-+#include <sys/mman.h>
-+#include <sys/ucontext.h>
-+#include <arpa/inet.h>
-+
- #include <openssl/opensslconf.h>
- #include <openssl/crypto.h>
- #include <openssl/dso.h>
-@@ -74,12 +84,23 @@
- #ifndef OPENSSL_NO_AES
- #include <openssl/aes.h>
- #endif
-+#ifndef OPENSSL_NO_SHA
-+#include <openssl/sha.h>
-+#endif
- #include <openssl/rand.h>
- #include <openssl/err.h>
- 
- #ifndef OPENSSL_NO_HW
- #ifndef OPENSSL_NO_HW_PADLOCK
- 
-+/* PadLock RNG is disabled by default */
-+#define        PADLOCK_NO_RNG  1
-+
-+/* No ASM routines for SHA in MSC yet */
-+#ifdef _MSC_VER
-+#define OPENSSL_NO_SHA
-+#endif
-+
- /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
- #if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
- #  ifndef OPENSSL_NO_DYNAMIC_ENGINE
-@@ -96,7 +117,7 @@
- /* VIA PadLock AES is available *ONLY* on some x86 CPUs.
-    Not only that it doesn't exist elsewhere, but it
-    even can't be compiled on other platforms!
-- 
-+
-    In addition, because of the heavy use of inline assembler,
-    compiler choice is limited to GCC and Microsoft C. */
- #undef COMPILE_HW_PADLOCK
-@@ -138,20 +159,42 @@
- static int padlock_init(ENGINE *e);
- 
- /* RNG Stuff */
-+#ifndef PADLOCK_NO_RNG
- static RAND_METHOD padlock_rand;
-+#endif
- 
- /* Cipher Stuff */
- #ifndef OPENSSL_NO_AES
- static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
- #endif
- 
-+/* Digest Stuff */
-+#ifndef OPENSSL_NO_SHA
-+static int padlock_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid);
-+static volatile void *padlock_cached_sha_buffer = NULL;
-+#endif
-+
- /* Engine names */
- static const char *padlock_id = "padlock";
- static char padlock_name[100];
- 
- /* Available features */
--static int padlock_use_ace = 0;        /* Advanced Cryptography Engine */
--static int padlock_use_rng = 0;        /* Random Number Generator */
-+enum padlock_flags {
-+       PADLOCK_RNG  = 0x01,
-+       PADLOCK_ACE  = 0x02,
-+       PADLOCK_ACE2 = 0x04,
-+       PADLOCK_PHE  = 0x08,
-+       PADLOCK_PMM  = 0x10
-+};
-+enum padlock_flags padlock_flags;
-+
-+#define PADLOCK_HAVE_RNG  (padlock_flags & PADLOCK_RNG)
-+#define PADLOCK_HAVE_ACE  (padlock_flags & (PADLOCK_ACE|PADLOCK_ACE2))
-+#define PADLOCK_HAVE_ACE1 (padlock_flags & PADLOCK_ACE)
-+#define PADLOCK_HAVE_ACE2 (padlock_flags & PADLOCK_ACE2)
-+#define PADLOCK_HAVE_PHE  (padlock_flags & PADLOCK_PHE)
-+#define PADLOCK_HAVE_PMM  (padlock_flags & PADLOCK_PMM)
-+
- #ifndef OPENSSL_NO_AES
- static int padlock_aes_align_required = 1;
- #endif
-@@ -165,25 +208,30 @@
-        /* Check available features */
-        padlock_available();
- 
--#if 1  /* disable RNG for now, see commentary in vicinity of RNG code */
--       padlock_use_rng=0;
--#endif
--
-        /* Generate a nice engine name with available features */
-        BIO_snprintf(padlock_name, sizeof(padlock_name),
--               "VIA PadLock (%s, %s)", 
--                padlock_use_rng ? "RNG" : "no-RNG",
--                padlock_use_ace ? "ACE" : "no-ACE");
-+               "VIA PadLock: %s%s%s%s%s",
-+                padlock_flags ? "" : "not supported",
-+                PADLOCK_HAVE_RNG ? "RNG " : "",
-+                PADLOCK_HAVE_ACE ? (PADLOCK_HAVE_ACE2 ? "ACE2 " : "ACE ") : "",
-+                PADLOCK_HAVE_PHE ? "PHE " : "",
-+                PADLOCK_HAVE_PMM ? "PMM " : "");
- 
--       /* Register everything or return with an error */ 
-+       /* Register everything or return with an error */
-        if (!ENGINE_set_id(e, padlock_id) ||
-            !ENGINE_set_name(e, padlock_name) ||
- 
--           !ENGINE_set_init_function(e, padlock_init) ||
-+           !ENGINE_set_init_function(e, padlock_init)
- #ifndef OPENSSL_NO_AES
--           (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
-+           || (PADLOCK_HAVE_ACE && !ENGINE_set_ciphers (e, padlock_ciphers))
- #endif
--           (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
-+#ifndef OPENSSL_NO_SHA
-+           || (PADLOCK_HAVE_PHE && !ENGINE_set_digests (e, padlock_digests))
-+#endif
-+#ifndef PADLOCK_NO_RNG
-+           || (PADLOCK_HAVE_RNG && !ENGINE_set_RAND (e, &padlock_rand))
-+#endif
-+           ) {
-                return 0;
-        }
- 
-@@ -213,7 +261,7 @@
- static int
- padlock_init(ENGINE *e)
- {
--       return (padlock_use_rng || padlock_use_ace);
-+       return (padlock_flags);
- }
- 
- /* This stuff is needed if this ENGINE is being compiled into a self-contained
-@@ -247,7 +295,7 @@
- #define AES_KEY_SIZE_192       24
- #define AES_KEY_SIZE_256       32
- 
--/* Here we store the status information relevant to the 
-+/* Here we store the status information relevant to the
-    current context. */
- /* BIG FAT WARNING:
-  *     Inline assembler in PADLOCK_XCRYPT_ASM()
-@@ -306,7 +354,7 @@
- {
-        int result = -1;
- 
--       /* We're checking if the bit #21 of EFLAGS 
-+       /* We're checking if the bit #21 of EFLAGS
-           can be toggled. If yes = CPUID is available. */
-        asm volatile (
-                "pushf\n"
-@@ -322,7 +370,7 @@
-                "xorl %%eax, %%ecx\n"
-                "movl %%ecx, %0\n"
-                : "=r" (result) : : "eax", "ecx");
--       
-+
-        return (result == 0);
- }
- 
-@@ -365,10 +413,22 @@
-                : "+a"(eax), "=d"(edx) : : "ecx");
- 
-        /* Fill up some flags */
--       padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
--       padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
-+       padlock_flags |= ((edx & (0x3<<3)) ? PADLOCK_RNG : 0);
-+       padlock_flags |= ((edx & (0x3<<7)) ? PADLOCK_ACE : 0);
-+       padlock_flags |= ((edx & (0x3<<9)) ? PADLOCK_ACE2 : 0);
-+       padlock_flags |= ((edx & (0x3<<11)) ? PADLOCK_PHE : 0);
-+       padlock_flags |= ((edx & (0x3<<13)) ? PADLOCK_PMM : 0);
- 
--       return padlock_use_ace + padlock_use_rng;
-+       return padlock_flags;
-+}
-+
-+static inline void
-+padlock_htonl_block(uint32_t *data, size_t count)
-+{
-+       while (count--) {
-+               asm volatile ("bswapl %0" : "+r"(*data));
-+               data++;
-+       }
- }
- 
- #ifndef OPENSSL_NO_AES
-@@ -377,17 +437,14 @@
- padlock_bswapl(AES_KEY *ks)
- {
-        size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
--       unsigned int *key = ks->rd_key;
-+       uint32_t *key = (uint32_t*) ks->rd_key;
- 
--       while (i--) {
--               asm volatile ("bswapl %0" : "+r"(*key));
--               key++;
--       }
-+       padlock_htonl_block(key, i);
- }
- #endif
- 
- /* Force key reload from memory to the CPU microcode.
--   Loading EFLAGS from the stack clears EFLAGS[30] 
-+   Loading EFLAGS from the stack clears EFLAGS[30]
-    which does the trick. */
- static inline void
- padlock_reload_key(void)
-@@ -423,7 +480,7 @@
- }
- 
- /* Template for padlock_xcrypt_* modes */
--/* BIG FAT WARNING: 
-+/* BIG FAT WARNING:
-  *     The offsets used with 'leal' instructions
-  *     describe items of the 'padlock_cipher_data'
-  *     structure.
-@@ -475,7 +532,7 @@
-  * In case you wonder 'rep xcrypt*' instructions above are *not*
-  * affected by the Direction Flag and pointers advance toward
-  * larger addresses unconditionally.
-- */ 
-+ */
- static inline unsigned char *
- padlock_memcpy(void *dst,const void *src,size_t n)
- {
-@@ -501,7 +558,7 @@
-        _asm _emit 0x0f _asm _emit 0xa7 \
-        _asm _emit code
- 
--/* BIG FAT WARNING: 
-+/* BIG FAT WARNING:
-  *     The offsets used with 'lea' instructions
-  *     describe items of the 'padlock_cipher_data'
-  *     structure.
-@@ -840,7 +897,7 @@
-        return 1;
- }
- 
--/* 
-+/*
-  * Simplified version of padlock_aes_cipher() used when
-  * 1) both input and output buffers are at aligned addresses.
-  * or when
-@@ -895,7 +952,7 @@
- # error "insane PADLOCK_CHUNK..."
- #endif
- 
--/* Re-align the arguments to 16-Bytes boundaries and run the 
-+/* Re-align the arguments to 16-Bytes boundaries and run the
-    encryption function itself. This function is not AES-specific. */
- static int
- padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-@@ -1157,6 +1214,514 @@
- 
- #endif /* OPENSSL_NO_AES */
- 
-+#ifndef OPENSSL_NO_SHA
-+
-+#define DIGEST_DATA(ctx)       ((struct padlock_digest_data *)(ctx->md_data))
-+#define PADLOCK_SHA_ALIGN(dd)  (uint32_t*)(((uintptr_t)(dd) + 15) & ~15)
-+#define PADLOCK_SHA_PAGES      14
-+#define PADLOCK_SHA_BUFFER     (512 - sizeof(size_t) - 4*sizeof(void*))
-+#define PADLOCK_SHA_INITVECTOR_SIZE (8 * sizeof(uint32_t))
-+
-+struct padlock_digest_data {
-+       union {
-+               unsigned char           smallbuffer[PADLOCK_SHA_BUFFER];
-+               struct {
-+                       unsigned char   padlockctx[128+16];
-+                       unsigned char   *buffer;
-+                       size_t          mmap_size;
-+                       uint64_t        total;
-+               };
-+       };
-+       void    *initvector;
-+       size_t  used;
-+       void    (*hash)(void *padlockctx, const void *buf, size_t len);
-+       int     (*update)(EVP_MD_CTX *ctx, const void *buffer, size_t len);
-+       int     (*final)(EVP_MD_CTX *ctx, unsigned char *buffer);
-+};
-+
-+static inline void *
-+padlock_atomic_xchg(volatile void **mem, void *fixed)
-+{
-+       /* No lock prefix due the xchg asserts it anyway, and the
-+        * funny unsigned long* cast is required to workaround some gcc
-+        * problems if compiling in PIC mode */
-+       asm volatile (
-+               "xchg %0, %1"
-+               : "=r"(fixed)
-+               : "m"(*(unsigned long*)mem), "0"(fixed)
-+               : "memory");
-+       return fixed;
-+}
-+
-+static void
-+padlock_do_sha1(void *padlockctx, const void *buf, size_t len)
-+{
-+       asm volatile (
-+               "xsha1"
-+               : "+S"(buf), "+D"(padlockctx)
-+               : "c"(len), "a"(0));
-+}
-+
-+static void
-+padlock_do_sha256(void *padlockctx, const void *buf, size_t len)
-+{
-+       asm volatile (
-+               "xsha256"
-+               : "+S"(buf), "+D"(padlockctx)
-+               : "c"(len), "a"(0));
-+}
-+
-+static void
-+handle_sigsegv(int sig, siginfo_t *info, void *uctxp)
-+{
-+       ucontext_t *uctx = uctxp;
-+       uctx->uc_mcontext.gregs[14] += 4;
-+}
-+
-+static void
-+padlock_sha_nonfinalizing(struct padlock_digest_data *data)
-+{
-+       struct sigaction act, oldact;
-+       size_t bofs = 0;
-+
-+       if (data->used != data->mmap_size) {
-+               bofs = data->mmap_size - data->used;
-+               memmove(&data->buffer[bofs], data->buffer, data->used);
-+       }
-+
-+       memset(&act, 0, sizeof(act));
-+       act.sa_sigaction = handle_sigsegv;
-+       act.sa_flags = SA_SIGINFO;
-+       sigaction(SIGSEGV, &act, &oldact);
-+       data->hash(PADLOCK_SHA_ALIGN(data->padlockctx),
-+                  &data->buffer[bofs], data->used + 64);
-+       sigaction(SIGSEGV, &oldact, NULL);
-+}
-+
-+static void
-+padlock_free_buffer(void *buf)
-+{
-+       buf = padlock_atomic_xchg(&padlock_cached_sha_buffer, buf);
-+       if (buf != NULL) {
-+               munmap(buf, (PADLOCK_SHA_PAGES + 1) * getpagesize());
-+       }
-+}
-+
-+static void *
-+padlock_allocate_buffer(size_t *maxsize)
-+{
-+       void *buf;
-+       size_t size, page;
-+
-+       page = getpagesize();
-+       buf = padlock_atomic_xchg(&padlock_cached_sha_buffer, NULL);
-+       if (buf != NULL)
-+               goto ret;
-+
-+       size = (PADLOCK_SHA_PAGES + 1) * page;
-+       buf = mmap(0, size, PROT_READ | PROT_WRITE,
-+                  MAP_PRIVATE | MAP_ANONYMOUS, 0, 0);
-+       if (buf == NULL)
-+               return NULL;
-+
-+       /* Try locking the pages to avoid swapping, but don't fail if
-+        * we are over quota. */
-+       mlock(buf, size);
-+
-+       if (mprotect(buf + PADLOCK_SHA_PAGES * page, page, PROT_NONE) < 0) {
-+               munmap(buf, size);
-+               return NULL;
-+       }
-+
-+ret:
-+       *maxsize = PADLOCK_SHA_PAGES * page - 64;
-+
-+       return buf;
-+}
-+
-+static int
-+padlock_multi_update(EVP_MD_CTX *ctx, const void *data, size_t len)
-+{
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+       size_t chunk_size;
-+
-+       if (ddata->buffer == NULL)
-+               ddata->buffer = padlock_allocate_buffer(&ddata->mmap_size);
-+
-+       while (len) {
-+               if (ddata->used + len < ddata->mmap_size) {
-+                       memcpy(&ddata->buffer[ddata->used], data, len);
-+                       ddata->used += len;
-+                       ddata->total += len;
-+                       return 1;
-+               }
-+
-+               chunk_size = ddata->mmap_size - ddata->used;
-+               memcpy(&ddata->buffer[ddata->used], data, chunk_size);
-+
-+               data += chunk_size;
-+               len -= chunk_size;
-+               ddata->used = ddata->mmap_size;
-+               ddata->total += chunk_size;
-+               padlock_sha_nonfinalizing(ddata);
-+               ddata->used = 0;
-+       }
-+
-+       return 1;
-+}
-+
-+static int
-+padlock_oneshot_final(EVP_MD_CTX *ctx, unsigned char *md)
-+{
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+       size_t size = EVP_MD_CTX_size(ctx);
-+
-+       memcpy(md, PADLOCK_SHA_ALIGN(ddata->padlockctx), size);
-+       return 1;
-+}
-+
-+static int
-+padlock_copy_final(EVP_MD_CTX *ctx, unsigned char *md)
-+{
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+       char padlockctx[128+16];
-+       void *aligned = PADLOCK_SHA_ALIGN(padlockctx);
-+       size_t size = EVP_MD_CTX_size(ctx);
-+
-+       memcpy(aligned, ddata->initvector, PADLOCK_SHA_INITVECTOR_SIZE);
-+       ddata->hash(aligned, ddata->smallbuffer, ddata->used);
-+       padlock_htonl_block(aligned, size / sizeof(uint32_t));
-+       memcpy(md, aligned, size);
-+
-+       return 1;
-+}
-+
-+static int
-+padlock_multi_final(EVP_MD_CTX *ctx, unsigned char *md)
-+{
-+       static const char padding[64] = { 0x80, };
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+       size_t mdsize = EVP_MD_CTX_size(ctx);
-+       void *aligned = PADLOCK_SHA_ALIGN(ddata->padlockctx);
-+
-+       if (ddata->used == ddata->total) {
-+               /* Sweet, everything fits in one buffer. */
-+               ddata->hash(aligned, ddata->buffer, ddata->used);
-+       } else {
-+               /* Hardware already hashed some buffers.
-+                * Do finalizing manually */
-+               union {
-+                       uint64_t u64;
-+                       uint32_t u32[2];
-+               } bits_le, bits;
-+               size_t lastblocklen, padlen;
-+
-+               /* BigEndianise the length. */
-+               bits_le.u64 = ddata->total * 8;
-+               bits.u32[1] = htonl(bits_le.u32[0]);
-+               bits.u32[0] = htonl(bits_le.u32[1]);
-+
-+               /* Append padding, leave space for length. */
-+               lastblocklen = ddata->total & 63;
-+               padlen = (lastblocklen < 56) ? (56 - lastblocklen) : ((64+56) - lastblocklen);
-+               padlock_multi_update(ctx, padding, padlen);
-+
-+               /* Length in BigEndian64 */
-+               padlock_multi_update(ctx, (const char *) &bits, sizeof(bits));
-+
-+               /* And finally calculate it */
-+               padlock_sha_nonfinalizing(ddata);
-+       }
-+       padlock_htonl_block(aligned, mdsize / sizeof(uint32_t));
-+       memcpy(md, aligned, mdsize);
-+
-+       return 1;
-+}
-+
-+static int
-+padlock_copy_update(EVP_MD_CTX *ctx, const void *data, size_t len)
-+{
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+
-+       if (ddata->used + len > sizeof(ddata->smallbuffer)) {
-+               ddata->update = padlock_multi_update;
-+               ddata->final  = padlock_multi_final;
-+
-+               if (ddata->used != 0) {
-+                       void *buffer;
-+                       size_t mmap_size;
-+
-+                       buffer = padlock_allocate_buffer(&mmap_size);
-+                       memcpy(buffer, ddata->smallbuffer, ddata->used);
-+                       ddata->buffer = buffer;
-+                       ddata->total = ddata->used;
-+                       ddata->mmap_size = mmap_size;
-+               } else {
-+                       ddata->buffer = NULL;
-+                       ddata->total = 0;
-+               }
-+
-+               memcpy(PADLOCK_SHA_ALIGN(ddata->padlockctx), ddata->initvector,
-+                      PADLOCK_SHA_INITVECTOR_SIZE);
-+
-+               return padlock_multi_update(ctx, data, len);
-+       }
-+
-+       memcpy(&ddata->smallbuffer[ddata->used], data, len);
-+       ddata->used += len;
-+
-+       return 1;
-+}
-+
-+static int
-+padlock_oneshot_update(EVP_MD_CTX *ctx, const void *data, size_t len)
-+{
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+       void *aligned = PADLOCK_SHA_ALIGN(ddata->padlockctx);
-+       size_t mdsize = EVP_MD_CTX_size(ctx);
-+
-+       /* Oneshot update is only possible if context flags indicate so */
-+       if (!(ctx->flags & EVP_MD_CTX_FLAG_ONESHOT)) {
-+               ddata->update = padlock_copy_update;
-+               ddata->final  = padlock_copy_final;
-+               return padlock_copy_update(ctx, data, len);
-+       }
-+
-+       memcpy(aligned, ddata->initvector, PADLOCK_SHA_INITVECTOR_SIZE);
-+       ddata->hash(aligned, data, len);
-+       padlock_htonl_block(aligned, mdsize / sizeof(uint32_t));
-+       ddata->used += len;
-+
-+       return 1;
-+}
-+
-+static int
-+padlock_sha_init(struct padlock_digest_data *ddata)
-+{
-+       ddata->used      = 0;
-+       ddata->update    = padlock_oneshot_update;
-+       ddata->final     = padlock_oneshot_final;
-+
-+       return 1;
-+}
-+
-+static int
-+padlock_sha1_init(EVP_MD_CTX *ctx)
-+{
-+       static uint32_t sha1_initvector[8] = {
-+               0x67452301, 0xEFCDAB89, 0x98BADCFE, 0x10325476,
-+               0xC3D2E1F0
-+       };
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+
-+       ddata->hash = padlock_do_sha1;
-+       ddata->initvector = sha1_initvector;
-+       return padlock_sha_init(ddata);
-+}
-+
-+static int
-+padlock_sha224_init(EVP_MD_CTX *ctx)
-+{
-+       static uint32_t sha224_initvector[] = {
-+               0xC1059ED8, 0x367CD507, 0x3070DD17, 0xF70E5939,
-+               0xFFC00B31, 0x68581511, 0x64F98FA7, 0xBEFA4FA4,
-+       };
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+
-+       ddata->hash = padlock_do_sha256;
-+       ddata->initvector = sha224_initvector;
-+       return padlock_sha_init(ddata);
-+}
-+
-+static int
-+padlock_sha256_init(EVP_MD_CTX *ctx)
-+{
-+       static uint32_t sha256_initvector[] = {
-+               0x6A09E667, 0xBB67AE85, 0x3C6EF372, 0xA54FF53A,
-+               0x510E527F, 0x9B05688C, 0x1F83D9AB, 0x5BE0CD19
-+       };
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+
-+       ddata->hash = padlock_do_sha256;
-+       ddata->initvector = sha256_initvector;
-+       return padlock_sha_init(ddata);
-+}
-+
-+static int
-+padlock_sha_update(EVP_MD_CTX *ctx, const void *data, size_t length)
-+{
-+       return DIGEST_DATA(ctx)->update(ctx, data, length);
-+}
-+
-+static int
-+padlock_sha_final(EVP_MD_CTX *ctx, unsigned char *md)
-+{
-+       return DIGEST_DATA(ctx)->final(ctx, md);
-+}
-+
-+static int
-+padlock_sha_copy(EVP_MD_CTX *to, const EVP_MD_CTX *from)
-+{
-+       struct padlock_digest_data *dfrom = DIGEST_DATA(from);
-+       struct padlock_digest_data *dto = DIGEST_DATA(to);
-+
-+       /* When we get here, dto is already a memcpied from dfrom,
-+        * it's ok for all other cases except when data is on a separate
-+        * mmapped area. It would be nice if we had a flag, if this is
-+        * a "finalization copy", so we could do finalizing SHA here and
-+        * store the result to *to precalculated. But there's no such
-+        * flag as to is reset on copy. */
-+
-+       if (dfrom->update != padlock_copy_update) {
-+               /* Recopy the context, as they might have different alignment */
-+               memcpy(PADLOCK_SHA_ALIGN(dto->padlockctx),
-+                      PADLOCK_SHA_ALIGN(dfrom->padlockctx),
-+                      PADLOCK_SHA_INITVECTOR_SIZE);
-+       }
-+
-+       if (dfrom->update == padlock_multi_update) {
-+               /* Update total, and copy the buffer */
-+               dto->total     = dfrom->total - dfrom->used;
-+               dto->buffer    = NULL;
-+               dto->used      = 0;
-+               dto->mmap_size = 0;
-+               if (dfrom->used != 0)
-+                       padlock_sha_update(to, dfrom->buffer, dfrom->used);
-+       }
-+
-+       return 1;
-+}
-+
-+static int
-+padlock_sha_cleanup(EVP_MD_CTX *ctx)
-+{
-+       struct padlock_digest_data *ddata = DIGEST_DATA(ctx);
-+
-+       if (ddata->update == padlock_multi_update && ddata->buffer != NULL)
-+               padlock_free_buffer(ddata->buffer);
-+
-+       return 1;
-+}
-+
-+static const EVP_MD padlock_sha1_md = {
-+       NID_sha1,
-+       NID_sha1WithRSAEncryption,
-+       SHA_DIGEST_LENGTH,
-+       0,
-+       padlock_sha1_init,
-+       padlock_sha_update,
-+       padlock_sha_final,
-+       padlock_sha_copy,
-+       padlock_sha_cleanup,
-+       EVP_PKEY_RSA_method,
-+       SHA_CBLOCK,
-+       sizeof(struct padlock_digest_data),
-+};
-+
-+static const EVP_MD padlock_dss1_md = {
-+       NID_dsa,
-+       NID_dsaWithSHA1,
-+       SHA_DIGEST_LENGTH,
-+       0,
-+       padlock_sha1_init,
-+       padlock_sha_update,
-+       padlock_sha_final,
-+       padlock_sha_copy,
-+       padlock_sha_cleanup,
-+       EVP_PKEY_DSA_method,
-+       SHA_CBLOCK,
-+       sizeof(struct padlock_digest_data),
-+};
-+
-+static const EVP_MD padlock_sha224_md = {
-+       NID_sha224,
-+       NID_sha224WithRSAEncryption,
-+       SHA224_DIGEST_LENGTH,
-+       0,
-+       padlock_sha224_init,
-+       padlock_sha_update,
-+       padlock_sha_final,
-+       padlock_sha_copy,
-+       padlock_sha_cleanup,
-+       EVP_PKEY_RSA_method,
-+       SHA_CBLOCK,
-+       sizeof(struct padlock_digest_data),
-+};
-+
-+static const EVP_MD padlock_sha256_md = {
-+       NID_sha256,
-+       NID_sha256WithRSAEncryption,
-+       SHA256_DIGEST_LENGTH,
-+       0,
-+       padlock_sha256_init,
-+       padlock_sha_update,
-+       padlock_sha_final,
-+       padlock_sha_copy,
-+       padlock_sha_cleanup,
-+       EVP_PKEY_RSA_method,
-+       SHA_CBLOCK,
-+       sizeof(struct padlock_digest_data),
-+};
-+
-+static int padlock_digest_nids[] = {
-+#if !defined(OPENSSL_NO_SHA)
-+       NID_sha1,
-+       NID_dsa,
-+#endif
-+#if !defined(OPENSSL_NO_SHA256)
-+#if !defined(OPENSSL_NO_SHA224)
-+       NID_sha224,
-+#endif
-+       NID_sha256,
-+#endif
-+};
-+
-+static int padlock_digest_nids_num = sizeof(padlock_digest_nids)/sizeof(padlock_digest_nids[0]);
-+
-+static int
-+padlock_digests (ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
-+{
-+       /* No specific digest => return a list of supported nids ... */
-+       if (!digest) {
-+               *nids = padlock_digest_nids;
-+               return padlock_digest_nids_num;
-+       }
-+
-+       /* ... or the requested "digest" otherwise */
-+       switch (nid) {
-+#if !defined(OPENSSL_NO_SHA)
-+         case NID_sha1:
-+           *digest = &padlock_sha1_md;
-+           break;
-+         case NID_dsa:
-+           *digest = &padlock_dss1_md;
-+           break;
-+#endif
-+
-+#if !defined(OPENSSL_NO_SHA256)
-+#if !defined(OPENSSL_NO_SHA224)
-+         case NID_sha224:
-+           *digest = &padlock_sha224_md;
-+           break;
-+#endif /* OPENSSL_NO_SHA224 */
-+
-+         case NID_sha256:
-+           *digest = &padlock_sha256_md;
-+           break;
-+#endif /* OPENSSL_NO_SHA256 */
-+
-+         default:
-+           /* Sorry, we don't support this NID */
-+           *digest = NULL;
-+           return 0;
-+       }
-+
-+       return 1;
-+}
-+
-+#endif /* OPENSSL_NO_SHA */
-+
-+#ifndef PADLOCK_NO_RNG
- /* ===== Random Number Generator ===== */
- /*
-  * This code is not engaged. The reason is that it does not comply
-@@ -1164,7 +1729,7 @@
-  * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
-  * provide meaningful error control...
-  */
--/* Wrapper that provides an interface between the API and 
-+/* Wrapper that provides an interface between the API and
-    the raw PadLock RNG */
- static int
- padlock_rand_bytes(unsigned char *output, int count)
-@@ -1212,6 +1777,7 @@
-        padlock_rand_bytes,     /* pseudorand */
-        padlock_rand_status,    /* rand status */
- };
-+#endif /* PADLOCK_NO_RNG */
- 
- #endif /* COMPILE_HW_PADLOCK */
- 
diff --git a/main/procps/01-fix-install-options-for-busybox.patch b/main/procps/01-fix-install-options-for-busybox.patch
new file mode 100644
index 0000000000..792a78155b
--- /dev/null
+++ b/main/procps/01-fix-install-options-for-busybox.patch
@@ -0,0 +1,65 @@
+--- orig/procps-3.2.8/Makefile
++++ src/procps-3.2.8/Makefile
+@@ -27,7 +27,7 @@
+ ldconfig := ldconfig
+ ln_f     := ln -f
+ ln_sf    := ln -sf
+-install  := install -D --owner 0 --group 0
++install  := install -D -o 0 -g 0
+ 
+ # Lame x86-64 /lib64 and /usr/lib64 abomination:
+ lib64    := lib$(shell [ -d /lib64 ] && echo 64)
+@@ -222,10 +222,10 @@
+ ###### install
+ 
+ $(BINFILES) : all
+-       $(install) --mode a=rx $(notdir $@) $@
++       $(install) -m a=rx $(notdir $@) $@
+ 
+ $(MANFILES) : all
+-       $(install) --mode a=r $(notdir $@) $@
++       $(install) -m a=r $(notdir $@) $@
+ 
+ install: $(filter-out $(SKIP) $(addprefix $(DESTDIR),$(SKIP)),$(INSTALL))
+        cd $(usr/bin) && $(ln_f) skill snice
+--- orig/procps-3.2.8/proc/module.mk
++++ src/procps-3.2.8/proc/module.mk
+@@ -96,7 +96,7 @@
+ #################### install rules ###########################
+ 
+ $(lib)$(SOFILE) : proc/$(SONAME)
+-       $(install) --mode a=rx $< $@
++       $(install) -m a=rx $< $@
+ 
+ ifneq ($(SOLINK),$(SOFILE))
+ .PHONY: $(lib)$(SOLINK)
+@@ -115,14 +115,14 @@
+        $(ldconfig)
+ 
+ $(usr/lib)$(ANAME) : proc/$(ANAME)
+-       $(install) --mode a=r $< $@
++       $(install) -m a=r $< $@
+ 
+ # Junk anyway... supposed to go in /usr/include/$(NAME)
+ #INSTALL += $(addprefix $(include),$(HDRFILES))
+ #
+ #$(addprefix $(include),$(HDRFILES)): $(include)% : proc/%
+ #$(include)% : proc/%
+-#      $(install) --mode a=r $< $@
++#      $(install) -m a=r $< $@
+ 
+ ##################################################################
+ 
+--- orig/procps-3.2.8/ps/module.mk
++++ src/procps-3.2.8/ps/module.mk
+@@ -33,8 +33,8 @@
+ 
+ 
+ $(bin)ps: ps/ps
+-       $(install) --mode a=rx $< $@
++       $(install) -m a=rx $< $@
+ 
+ $(man1)ps.1 : ps/ps.1
+-       $(install) --mode a=r $< $@
++       $(install) -m a=r $< $@
+        -rm -f $(DESTDIR)/var/catman/cat1/ps.1.gz $(DESTDIR)/var/man/cat1/ps.1.gz
diff --git a/main/procps/APKBUILD b/main/procps/APKBUILD
index 4df2d72194..2a3accd622 100644
--- a/main/procps/APKBUILD
+++ b/main/procps/APKBUILD
@@ -9,7 +9,13 @@ depends=
 # needs fancy install
 makedepends="ncurses-dev coreutils"
 subpackages="$pkgname-dev $pkgname-doc libproc"
-source="http://$pkgname.sourceforge.net/$pkgname-$pkgver.tar.gz"
+source="http://$pkgname.sourceforge.net/$pkgname-$pkgver.tar.gz
+        01-fix-install-options-for-busybox.patch"
+
+prepare() {
+        cd "$srcdir"
+        patch -p1 -i "$srcdir"/01-fix-install-options-for-busybox.patch || return 1
+}
 
 build() {
         cd "$srcdir"/$pkgname-$pkgver
@@ -31,4 +37,5 @@ libproc() {
         ln -s libproc-$pkgver.so "$subpkgdir"/lib/libproc.so
 }
 
-md5sums="9532714b6846013ca9898984ba4cd7e0  procps-3.2.8.tar.gz"
+md5sums="9532714b6846013ca9898984ba4cd7e0  procps-3.2.8.tar.gz
+2b821e841acd08620789d5ffd19d58e9  01-fix-install-options-for-busybox.patch"
diff --git a/main/snort/APKBUILD b/main/snort/APKBUILD
index f9fc94b412..7c43bbcf02 100644
--- a/main/snort/APKBUILD
+++ b/main/snort/APKBUILD
@@ -1,8 +1,8 @@
 # Contributor: Michael Mason <ms13sp@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=snort
-pkgver=2.8.5.1
-pkgrel=1
+pkgver=2.8.6
+pkgrel=0
 pkgdesc="An open source network intrusion prevention and detection system"
 url="http://www.snort.org/"
 license="GPL"
@@ -10,7 +10,7 @@ depends=
 makedepends="pcre-dev libpcap-dev libnet-dev autoconf automake libtool bison flex"
 install="$pkgname.pre-install"
 subpackages="$pkgname-doc $pkgname-dev"
-source="http://dl.snort.org/snort-current/snort-$pkgver.tar.gz
+source="http://ansel.dnsalias.com/alpine/snort-$pkgver.tar.gz
         snort.initd
         snort.confd
         "
@@ -22,7 +22,7 @@ build() {
         sed -i -e 's/^all-local:.*/all-local: $(LTLIBRARIES)/' \
                 src/dynamic-preprocessors/*/Makefile.am || return 1
         aclocal -I m4 && autoconf && automake --add-missing && libtoolize || return 1
-        
+
         ./configure --prefix=/usr \
                 --sysconfdir=/etc \
                 --mandir=/usr/share/man \
@@ -40,6 +40,6 @@ package() {
         install -D -m 644 ../snort.confd "$pkgdir"/etc/conf.d/snort
 }
 
-md5sums="b1abf3a9fa3486720c9a2b5eff920417  snort-2.8.5.1.tar.gz
+md5sums="b1c2d3ddb1c0a859a47c5a31d19e60ad  snort-2.8.6.tar.gz
 ffda56f7c20f5cea1c37c971e0f1d6c9  snort.initd
 446f8d2b3435b8a6be738da978670605  snort.confd"
diff --git a/main/wpa_supplicant/APKBUILD b/main/wpa_supplicant/APKBUILD
index 62695bf711..bbe82e4661 100644
--- a/main/wpa_supplicant/APKBUILD
+++ b/main/wpa_supplicant/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=wpa_supplicant
 pkgver=0.7.2
-pkgrel=1
+pkgrel=2
 pkgdesc="A utility providing key negotiation for WPA wireless networks"
 url="http://hostap.epitest.fi/wpa_supplicant"
 license="GPL"
@@ -17,7 +17,7 @@ _builddir="$srcdir"/$pkgname-$pkgver/$pkgname
 prepare() {
         cd "$_builddir"
         # Toolchain setup
-        echo "CC = $CC" > .config
+        echo "CC = ${CC:-gcc}" > .config
 
         # Basic setup
         echo "CONFIG_CTRL_IFACE=y" >> .config
@@ -88,7 +88,7 @@ prepare() {
         echo "CONFIG_DELAYED_MIC_ERROR_REPORT=y" >> .config
 }
 
-build() { 
+build() {
         cd "$_builddir"
         make LIBDIR=/lib BINDIR=/sbin || return 1
         # comment out the network={ } stansas in config
diff --git a/main/xbitmap/APKBUILD b/main/xbitmaps/APKBUILD
index 535572923b..535572923b 100644
--- a/main/xbitmap/APKBUILD
+++ b/main/xbitmaps/APKBUILD
diff --git a/makeall.sh b/makeall.sh
new file mode 100755
index 0000000000..10966c3fdf
--- /dev/null
+++ b/makeall.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+for p in 1 2 3
+do
+    echo "============>>> ERROR: Pass $p <<<============"
+    make main 2>&1 | tee makelog-pass-$p-main.txt | grep ">>> ERROR:"
+    make testing 2>&1 | tee makelog-pass-$p-testing.txt | grep ">>> ERROR:"
+done
diff --git a/rebuild-alpine.sh b/rebuild-alpine.sh
new file mode 100755
index 0000000000..20756bd9a5
--- /dev/null
+++ b/rebuild-alpine.sh
@@ -0,0 +1,85 @@
+rootdir=$(pwd -P)
+
+distclean () {
+    echo "Removing traces of previous builds from $rootdir"
+    local allpkgs=$(find $rootdir -maxdepth 3 -name APKBUILD -print | sed -e 's/\/APKBUILD//g' | sort)
+    for p in $allpkgs ; do
+        cd $p
+        pwd
+        abuild clean            2>&1
+        abuild cleanoldpkg      2>&1
+        abuild cleanpkg         2>&1
+        abuild cleancache       2>&1
+    done
+}
+
+build () {
+    local pkgs
+    local maintainer
+    local pkgno
+    local failed
+    pkgs=$($rootdir/aport.lua deplist $rootdir $1)
+    pktcnt=$(echo $pkgs | wc -w)
+    pkgno=0
+    failed=0
+    for p in $pkgs ; do
+        pkgno=$(expr "$pkgno" + 1)
+        echo "Building $p ($pkgno of $pktcnt in $1 - $failed failed)"
+        cd $rootdir/$1/$p
+        abuild -rm > $rootdir/$1_$p.txt 2>&1
+        if [ "$?" = "0" ] ; then
+            rm $rootdir/$1_$p.txt
+        else
+            echo "Package $1/$p failed to build (output in $rootdir/$1_$p.txt)"
+            if [ -n "$mail" ] ; then
+                maintainer=$(grep Maintainer APKBUILD | cut -d " " -f 3-)
+                if [ -n "$maintainer" ] ; then
+                    recipients="$maintainer -c dev@lists.alpinelinux.org"
+                else
+                    recipients="dev@lists.alpinelinux.org"
+                fi
+                if [ -n "$mail" ] ; then
+                    echo "Package $1/$p failed to build. Build output is attached" | \
+                        email -s "NOT SPAM $p build report" -a $rootdir/$1_$p.txt \
+                              -n AlpineBuildBot -f buildbot@alpinelinux.org $recipients
+                fi
+            fi
+            failed=$(expr "$failed" + 1)
+        fi
+    done
+    cd $rootdir
+}
+
+touch START_OF_BUILD.txt
+
+unset clean
+unset mail
+while getopts "cm" opt; do
+        case $opt in
+                'c') clean="--clean";;
+                'm') mail="--mail";;
+        esac
+done
+
+if [ -n "$clean" ] ; then
+    echo "Invoked with 'clean' option. This will take a while ..."
+    tmp=$(distclean)
+    echo "Done"
+fi
+
+echo "Refresh aports tree"
+git pull
+
+#cd main/build-base
+#abuild -Ru
+#cd $rootdir
+
+for s in main testing unstable ; do
+    echo "Building packages in $s"
+    build $s
+done
+
+touch END_OF_BUILD.txt
+
+echo "Done"
+
diff --git a/testing/mutt/APKBUILD b/testing/mutt/APKBUILD
new file mode 100644
index 0000000000..e8cfa03fd1
--- /dev/null
+++ b/testing/mutt/APKBUILD
@@ -0,0 +1,50 @@
+# Contributor: Andrew Manison<amanison@anselsystems.com>
+# Maintainer:  Andrew Manison<amanison@anselsystems.com>
+pkgname=mutt
+pkgver=1.4.2.3
+pkgrel=0
+pkgdesc="a small but very powerful text-mode email client"
+url="http://www.mutt.org"
+license="GPL"
+depends="openssl ncurses libiconv"
+makedepends="openssl-dev ncurses-dev"
+install=
+subpackages="$pkgname-doc"
+source="ftp://ftp.mutt.org/$pkgname/$pkgname-$pkgver.tar.gz"
+
+# append extra dependencies to -dev subpackage
+# remove if not used.
+# depends_dev="somepackage-dev"
+
+_builddir="$srcdir"/$pkgname-$pkgver
+
+prepare() {
+        cd "$_builddir"
+        # apply patches here
+}
+
+build() {
+        cd "$_builddir"
+        ./configure --prefix=/usr \
+                --sysconfdir=/etc \
+                --mandir=/usr/share/man \
+                --infodir=/usr/share/info \
+                --enable-imap \
+                --enable-pop \
+                --enable-smtp \
+                --with-curses \
+                --with-mailpath=/var/spool/mail \
+                --with-ssl
+        make || return 1
+}
+
+package() {
+        cd "$_builddir"
+        make DESTDIR="$pkgdir" install
+
+        # remove the 2 lines below (and this) if there is no init.d script
+        # install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
+        # install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
+}
+
+md5sums="dcb94661827dd090fa813e73e122ea0c  mutt-1.4.2.3.tar.gz"