summaryrefslogtreecommitdiffstats
path: root/patches/source/glibc
diff options
context:
space:
mode:
author Patrick J Volkerding <volkerdi@slackware.com>2018-05-25 23:29:36 +0000
committer Eric Hameleers <alien@slackware.com>2018-06-01 00:36:01 +0200
commit39366733c3fe943363566756e2e152c45a1b3cb2 (patch)
tree228b0735896af90ca78151c9a69aa3efd12c8cae /patches/source/glibc
parentd31c50870d0bee042ce660e445c9294a59a3a65b (diff)
downloadcurrent-14.2.tar.gz
current-14.2.tar.xz
Fri May 25 23:29:36 UTC 201814.2
patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.2.txz: Rebuilt. Handle removal of US/Pacific-New timezone. If we see that the machine is using this, it will be automatically switched to US/Pacific.
Diffstat (limited to 'patches/source/glibc')
-rw-r--r--patches/source/glibc/doinst.sh-glibc179
-rw-r--r--patches/source/glibc/doinst.sh-glibc-solibs137
-rw-r--r--patches/source/glibc/glibc-2.10-dns-no-gethostbyname4.diff26
-rw-r--r--patches/source/glibc/glibc-c-utf8-locale.patch251
-rwxr-xr-xpatches/source/glibc/glibc-cvs-checkout.sh3
-rw-r--r--patches/source/glibc/glibc.3776f38f.diff52
-rw-r--r--patches/source/glibc/glibc.46703a39.diff119
-rw-r--r--patches/source/glibc/glibc.6a824767.dont.assert.on.older.intel.cpus.diff32
-rw-r--r--patches/source/glibc/glibc.CVE-2017-1000366.3c7cd212.diff32
-rwxr-xr-xpatches/source/glibc/glibc.SlackBuild440
-rw-r--r--patches/source/glibc/glibc.adc7e06f.diff38
-rw-r--r--patches/source/glibc/glibc.c69d4a0f.diff201
-rw-r--r--patches/source/glibc/glibc.ldd.trace.through.dynamic.linker.diff49
-rw-r--r--patches/source/glibc/glibc.locale.no-archive.diff10
-rw-r--r--patches/source/glibc/glibc.make-3.82.diff28
-rw-r--r--patches/source/glibc/glibc.revert.to.fix.build.breakages.diff13
-rw-r--r--patches/source/glibc/glibc.ru_RU.CP1251.diff10
-rw-r--r--patches/source/glibc/is_IS.diff19
-rwxr-xr-xpatches/source/glibc/profile.d/glibc.csh.new9
-rwxr-xr-xpatches/source/glibc/profile.d/glibc.sh.new8
-rw-r--r--patches/source/glibc/slack-desc.glibc19
-rw-r--r--patches/source/glibc/slack-desc.glibc-debug19
-rw-r--r--patches/source/glibc/slack-desc.glibc-i18n19
-rw-r--r--patches/source/glibc/slack-desc.glibc-profile19
-rw-r--r--patches/source/glibc/slack-desc.glibc-solibs19
-rw-r--r--patches/source/glibc/slack-desc.glibc-solibs-linuxthreads18
26 files changed, 1769 insertions, 0 deletions
diff --git a/patches/source/glibc/doinst.sh-glibc b/patches/source/glibc/doinst.sh-glibc
new file mode 100644
index 000000000..fc947587e
--- /dev/null
+++ b/patches/source/glibc/doinst.sh-glibc
@@ -0,0 +1,179 @@
+#!/bin/sh
+# Copyright (C) 2002, 2005 Slackware Linux, Inc.
+# Copyright 2005, 2006, 2007, 2011, 2012 Patrick J. Volkerding, Sebeka, Minnesota, USA
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# Swap glibc on the fly.
+#
+# If we're on a running system we have to handle this _very_ carefully. :-)
+# The tricks involved here get trickier every time...
+
+# OK, now we have to be sure of a few things. First, you do have a 2.6
+# kernel running, right?
+
+if [ -r /proc/ksyms ]; then
+ echo "FATAL: you need to be running a 2.6.x kernel in order to upgrade"
+ echo "to this version of glibc."
+ echo
+ sleep 999
+ exit 1
+fi
+
+# Next, stop using the /lib/ntpl libraries. These are now obsolete and
+# will break the installation if present:
+if [ -d lib/tls ]; then
+ mkdir -p lib/obsolete
+ mv lib/tls lib/obsolete
+fi
+if [ -x sbin/ldconfig ]; then
+ sbin/ldconfig -r .
+fi
+
+# Install NPTL glibc libraries:
+if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly
+ # First create copies of the incoming libraries:
+ ( cd lib/incoming
+ for file in * ; do
+ if [ ! -r ../${file}.incoming ]; then
+ cp -a $file ../${file}.incoming
+ fi
+ done
+ )
+ # Then switch to them all at once:
+ /sbin/ldconfig -l lib/*.incoming 2> /dev/null
+ # Finally, rename them and clean up:
+ ( cd lib
+ for file in *.incoming ; do
+ rm -f `basename $file .incoming`
+ cp -a $file `basename $file .incoming`
+ /sbin/ldconfig -l `basename $file .incoming`
+ rm -f $file
+ done
+ )
+else # no ldconfig? Good, it's safe to just jam it on home (and make links below):
+ ( cd lib/incoming
+ for file in * ; do
+ cp -a $file ..
+ done
+ )
+fi
+# Now, get rid of the temporary directory:
+rm -rf lib/incoming
+# Done installing NPTL glibc libraries.
+
+# Handle config files:
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+config etc/nscd.conf.new
+config etc/profile.d/glibc.csh.new
+config etc/profile.d/glibc.sh.new
+# Clearly you already decided this issue. :-)
+rm -f etc/profile.d/glibc.csh.new
+rm -f etc/profile.d/glibc.sh.new
+
+# In case there's no ldconfig, make the links manually:
+if [ ! -x /sbin/ldconfig ]; then
+( cd lib ; rm -rf libnss_nis.so.2 )
+( cd lib ; ln -sf libnss_nis-@@VERSION@@.so libnss_nis.so.2 )
+( cd lib ; rm -rf libm.so.6 )
+( cd lib ; ln -sf libm-@@VERSION@@.so libm.so.6 )
+( cd lib ; rm -rf libnss_files.so.2 )
+( cd lib ; ln -sf libnss_files-@@VERSION@@.so libnss_files.so.2 )
+( cd lib ; rm -rf libresolv.so.2 )
+( cd lib ; ln -sf libresolv-@@VERSION@@.so libresolv.so.2 )
+( cd lib ; rm -rf libnsl.so.1 )
+( cd lib ; ln -sf libnsl-@@VERSION@@.so libnsl.so.1 )
+( cd lib ; rm -rf libutil.so.1 )
+( cd lib ; ln -sf libutil-@@VERSION@@.so libutil.so.1 )
+( cd lib ; rm -rf libnss_compat.so.2 )
+( cd lib ; ln -sf libnss_compat-@@VERSION@@.so libnss_compat.so.2 )
+( cd lib ; rm -rf libthread_db.so.1 )
+( cd lib ; ln -sf libthread_db-1.0.so libthread_db.so.1 )
+( cd lib ; rm -rf libnss_hesiod.so.2 )
+( cd lib ; ln -sf libnss_hesiod-@@VERSION@@.so libnss_hesiod.so.2 )
+( cd lib ; rm -rf libanl.so.1 )
+( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 )
+( cd lib ; rm -rf libcrypt.so.1 )
+( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 )
+( cd lib ; rm -rf libBrokenLocale.so.1 )
+( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 )
+( cd lib ; rm -rf ld-linux.so.2 )
+( cd lib ; ln -sf ld-@@VERSION@@.so ld-linux.so.2 )
+( cd lib ; rm -rf libdl.so.2 )
+( cd lib ; ln -sf libdl-@@VERSION@@.so libdl.so.2 )
+( cd lib ; rm -rf libnss_dns.so.2 )
+( cd lib ; ln -sf libnss_dns-@@VERSION@@.so libnss_dns.so.2 )
+( cd lib ; rm -rf libpthread.so.0 )
+( cd lib ; ln -sf libpthread-@@VERSION@@.so libpthread.so.0 )
+( cd lib ; rm -rf libnss_nisplus.so.2 )
+( cd lib ; ln -sf libnss_nisplus-@@VERSION@@.so libnss_nisplus.so.2 )
+( cd lib ; rm -rf libc.so.6 )
+( cd lib ; ln -sf libc-@@VERSION@@.so libc.so.6 )
+( cd lib ; rm -rf librt.so.1 )
+( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 )
+fi
+
+# More links:
+( cd usr/lib ; rm -rf libnss_nisplus.so )
+( cd usr/lib ; ln -sf ../../lib/libnss_nisplus.so.2 libnss_nisplus.so )
+# This is now a linker script:
+#( cd usr/lib ; rm -rf libpthread.so )
+#( cd usr/lib ; ln -sf ../../lib/libpthread.so.0 libpthread.so )
+( cd usr/lib ; rm -rf libresolv.so )
+( cd usr/lib ; ln -sf ../../lib/libresolv.so.2 libresolv.so )
+( cd usr/lib ; rm -rf libnsl.so )
+( cd usr/lib ; ln -sf ../../lib/libnsl.so.1 libnsl.so )
+( cd usr/lib ; rm -rf libnss_hesiod.so )
+( cd usr/lib ; ln -sf ../../lib/libnss_hesiod.so.2 libnss_hesiod.so )
+( cd usr/lib ; rm -rf libnss_files.so )
+( cd usr/lib ; ln -sf ../../lib/libnss_files.so.2 libnss_files.so )
+# This is now a linker script:
+#( cd usr/lib ; rm -rf libm.so )
+#( cd usr/lib ; ln -sf ../../lib/libm.so.6 libm.so )
+( cd usr/lib ; rm -rf libutil.so )
+( cd usr/lib ; ln -sf ../../lib/libutil.so.1 libutil.so )
+( cd usr/lib ; rm -rf libnss_compat.so )
+( cd usr/lib ; ln -sf ../../lib/libnss_compat.so.2 libnss_compat.so )
+( cd usr/lib ; rm -rf libthread_db.so )
+( cd usr/lib ; ln -sf ../../lib/libthread_db.so.1 libthread_db.so )
+( cd usr/lib ; rm -rf libcrypt.so )
+( cd usr/lib ; ln -sf ../../lib/libcrypt.so.1 libcrypt.so )
+( cd usr/lib ; rm -rf libBrokenLocale.so )
+( cd usr/lib ; ln -sf ../../lib/libBrokenLocale.so.1 libBrokenLocale.so )
+( cd usr/lib ; rm -rf libdl.so )
+( cd usr/lib ; ln -sf ../../lib/libdl.so.2 libdl.so )
+( cd usr/lib ; rm -rf libnss_dns.so )
+( cd usr/lib ; ln -sf ../../lib/libnss_dns.so.2 libnss_dns.so )
+( cd usr/lib ; rm -rf librt.so )
+( cd usr/lib ; ln -sf ../../lib/librt.so.1 librt.so )
+( cd usr/lib ; rm -rf libanl.so )
+( cd usr/lib ; ln -sf ../../lib/libanl.so.1 libanl.so )
+( cd usr/lib ; rm -rf libnss_nis.so )
+( cd usr/lib ; ln -sf ../../lib/libnss_nis.so.2 libnss_nis.so )
+( cd usr/share/zoneinfo ; rm -rf localtime )
+( cd usr/share/zoneinfo ; ln -sf /etc/localtime localtime )
+( cd bin ; rm -rf sln )
+( cd bin ; ln -sf /sbin/sln sln )
+
+# Reload to prevent init from holding a stale handle to glibc on shutdown:
+if [ -x /sbin/telinit ]; then
+ /sbin/telinit u
+fi
diff --git a/patches/source/glibc/doinst.sh-glibc-solibs b/patches/source/glibc/doinst.sh-glibc-solibs
new file mode 100644
index 000000000..a11c36a55
--- /dev/null
+++ b/patches/source/glibc/doinst.sh-glibc-solibs
@@ -0,0 +1,137 @@
+#!/bin/sh
+# Copyright (C) 2002, 2005 Slackware Linux, Inc.
+# Copyright 2005, 2006, 2011, 2012 Patrick J. Volkerding, Sebeka, Minnesota, USA
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# Swap glibc on the fly.
+#
+# If we're on a running system we have to handle this _very_ carefully. :-)
+# The tricks involved here get trickier every time...
+
+# OK, now we have to be sure of a few things. First, you do have a 2.6
+# kernel running, right?
+
+if [ -r /proc/ksyms ]; then
+ echo "FATAL: you need to be running a 2.6.x kernel in order to upgrade"
+ echo "to this version of glibc."
+ echo
+ sleep 999
+ exit 1
+fi
+
+# Next, stop using the /lib/ntpl libraries. These are now obsolete and
+# will break the installation if present:
+if [ -d lib/tls ]; then
+ mkdir -p lib/obsolete
+ mv lib/tls lib/obsolete
+fi
+if [ -x sbin/ldconfig ]; then
+ sbin/ldconfig -r .
+fi
+
+# Install NPTL glibc libraries:
+if [ -x /sbin/ldconfig -a -d lib/incoming ]; then # swap on the fly
+ # First create copies of the incoming libraries:
+ ( cd lib/incoming
+ for file in * ; do
+ if [ ! -r ../${file}.incoming ]; then
+ cp -a $file ../${file}.incoming
+ fi
+ done
+ )
+ # Then switch to them all at once:
+ /sbin/ldconfig -l lib/*.incoming 2> /dev/null
+ # Finally, rename them and clean up:
+ ( cd lib
+ for file in *.incoming ; do
+ rm -f `basename $file .incoming`
+ cp -a $file `basename $file .incoming`
+ /sbin/ldconfig -l `basename $file .incoming`
+ rm -f $file
+ done
+ )
+else # no ldconfig? Good, it's safe to just jam it on home (and make links below):
+ ( cd lib/incoming
+ for file in * ; do
+ cp -a $file ..
+ done
+ )
+fi
+# Now, get rid of the temporary directory:
+rm -rf lib/incoming
+# Done installing NPTL glibc libraries.
+
+# Handle config files:
+config() {
+ NEW="$1"
+ OLD="$(dirname $NEW)/$(basename $NEW .new)"
+ # If there's no config file by that name, mv it over:
+ if [ ! -r $OLD ]; then
+ mv $NEW $OLD
+ elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then # toss the redundant copy
+ rm $NEW
+ fi
+ # Otherwise, we leave the .new copy for the admin to consider...
+}
+config etc/profile.d/glibc.csh.new
+config etc/profile.d/glibc.sh.new
+# Clearly you already decided this issue. :-)
+rm -f etc/profile.d/glibc.csh.new
+rm -f etc/profile.d/glibc.sh.new
+
+# In case there's no ldconfig, make the links manually:
+if [ ! -x /sbin/ldconfig ]; then
+( cd lib ; rm -rf libnss_nis.so.2 )
+( cd lib ; ln -sf libnss_nis-@@VERSION@@.so libnss_nis.so.2 )
+( cd lib ; rm -rf libm.so.6 )
+( cd lib ; ln -sf libm-@@VERSION@@.so libm.so.6 )
+( cd lib ; rm -rf libnss_files.so.2 )
+( cd lib ; ln -sf libnss_files-@@VERSION@@.so libnss_files.so.2 )
+( cd lib ; rm -rf libresolv.so.2 )
+( cd lib ; ln -sf libresolv-@@VERSION@@.so libresolv.so.2 )
+( cd lib ; rm -rf libnsl.so.1 )
+( cd lib ; ln -sf libnsl-@@VERSION@@.so libnsl.so.1 )
+( cd lib ; rm -rf libutil.so.1 )
+( cd lib ; ln -sf libutil-@@VERSION@@.so libutil.so.1 )
+( cd lib ; rm -rf libnss_compat.so.2 )
+( cd lib ; ln -sf libnss_compat-@@VERSION@@.so libnss_compat.so.2 )
+( cd lib ; rm -rf libthread_db.so.1 )
+( cd lib ; ln -sf libthread_db-1.0.so libthread_db.so.1 )
+( cd lib ; rm -rf libnss_hesiod.so.2 )
+( cd lib ; ln -sf libnss_hesiod-@@VERSION@@.so libnss_hesiod.so.2 )
+( cd lib ; rm -rf libanl.so.1 )
+( cd lib ; ln -sf libanl-@@VERSION@@.so libanl.so.1 )
+( cd lib ; rm -rf libcrypt.so.1 )
+( cd lib ; ln -sf libcrypt-@@VERSION@@.so libcrypt.so.1 )
+( cd lib ; rm -rf libBrokenLocale.so.1 )
+( cd lib ; ln -sf libBrokenLocale-@@VERSION@@.so libBrokenLocale.so.1 )
+( cd lib ; rm -rf ld-linux.so.2 )
+( cd lib ; ln -sf ld-@@VERSION@@.so ld-linux.so.2 )
+( cd lib ; rm -rf libdl.so.2 )
+( cd lib ; ln -sf libdl-@@VERSION@@.so libdl.so.2 )
+( cd lib ; rm -rf libnss_dns.so.2 )
+( cd lib ; ln -sf libnss_dns-@@VERSION@@.so libnss_dns.so.2 )
+( cd lib ; rm -rf libpthread.so.0 )
+( cd lib ; ln -sf libpthread-@@VERSION@@.so libpthread.so.0 )
+( cd lib ; rm -rf libnss_nisplus.so.2 )
+( cd lib ; ln -sf libnss_nisplus-@@VERSION@@.so libnss_nisplus.so.2 )
+( cd lib ; rm -rf libc.so.6 )
+( cd lib ; ln -sf libc-@@VERSION@@.so libc.so.6 )
+( cd lib ; rm -rf librt.so.1 )
+( cd lib ; ln -sf librt-@@VERSION@@.so librt.so.1 )
+fi
+
+# Reload to prevent init from holding a stale handle to glibc on shutdown:
+if [ -x /sbin/telinit ]; then
+ /sbin/telinit u
+fi
+
diff --git a/patches/source/glibc/glibc-2.10-dns-no-gethostbyname4.diff b/patches/source/glibc/glibc-2.10-dns-no-gethostbyname4.diff
new file mode 100644
index 000000000..3fa365afa
--- /dev/null
+++ b/patches/source/glibc/glibc-2.10-dns-no-gethostbyname4.diff
@@ -0,0 +1,26 @@
+The gethostbyname4() lookup method is problematic since it fires out both
+the A and AAAA DNS queries in parallel and over the same socket. This
+should work in theory, but it turns out that many cheap DSL modems and
+similar devices have buggy DNS servers - if the AAAA query arrives too
+quickly after the A query, the server will generate only a single reply
+with the A query id but returning an error for the AAAA query; we get
+stuck waiting for the second reply.
+
+For gethostbyname4() users affected, disabling IPv6 in the system might
+work around the issue, unfortunately it only helps with applications
+using AI_ADDRCONFIG (e.g. Firefox); some (notably e.g. Pidgin) neglect
+to do that.
+
+Real fix should be using separate ports for the A and AAAA queries.
+
+--- resolv/Versions 2008-08-02 10:26:09.000000000 +0200
++++ resolv/Versions 2008-12-08 12:51:53.000000000 +0100
+@@ -102,7 +102,7 @@ libnss_dns {
+ _nss_dns_gethostbyname_r; _nss_dns_getnetbyaddr_r;
+ _nss_dns_getnetbyname_r; _nss_dns_getcanonname_r;
+ _nss_dns_gethostbyaddr2_r;
+- _nss_dns_gethostbyname4_r;
++# _nss_dns_gethostbyname4_r;
+ }
+ }
+
diff --git a/patches/source/glibc/glibc-c-utf8-locale.patch b/patches/source/glibc/glibc-c-utf8-locale.patch
new file mode 100644
index 000000000..70c92a986
--- /dev/null
+++ b/patches/source/glibc/glibc-c-utf8-locale.patch
@@ -0,0 +1,251 @@
+--- ./localedata/SUPPORTED.orig 2015-08-05 01:42:21.000000000 -0500
++++ ./localedata/SUPPORTED 2015-12-17 17:07:08.053200616 -0600
+@@ -1,6 +1,7 @@
+ # This file names the currently supported and somewhat tested locales.
+ # If you have any additions please file a glibc bug report.
+ SUPPORTED-LOCALES=\
++C.UTF-8/UTF-8 \
+ aa_DJ.UTF-8/UTF-8 \
+ aa_DJ/ISO-8859-1 \
+ aa_ER/UTF-8 \
+--- ./localedata/locales/C.orig 2015-12-17 17:07:08.053200616 -0600
++++ ./localedata/locales/C 2015-12-17 17:07:08.053200616 -0600
+@@ -0,0 +1,238 @@
++escape_char /
++comment_char %
++% Locale for C locale in UTF-8
++
++LC_IDENTIFICATION
++title "C locale"
++source ""
++address ""
++contact ""
++email ""
++tel ""
++fax ""
++language "C"
++territory ""
++revision "1.0"
++date "2015-08-10"
++%
++category "C:2015";LC_IDENTIFICATION
++category "C:2015";LC_CTYPE
++category "C:2015";LC_COLLATE
++category "C:2015";LC_TIME
++category "C:2015";LC_NUMERIC
++category "C:2015";LC_MONETARY
++category "C:2015";LC_MESSAGES
++category "C:2015";LC_PAPER
++category "C:2015";LC_NAME
++category "C:2015";LC_ADDRESS
++category "C:2015";LC_TELEPHONE
++category "C:2015";LC_MEASUREMENT
++END LC_IDENTIFICATION
++
++LC_CTYPE
++copy "i18n"
++
++translit_start
++include "translit_combining";""
++translit_end
++
++END LC_CTYPE
++
++LC_COLLATE
++order_start forward
++<U0000>
++..
++<UFFFF>
++<U10000>
++..
++<U1FFFF>
++<U20000>
++..
++<U2FFFF>
++<UE0000>
++..
++<UEFFFF>
++<UF0000>
++..
++<UFFFFF>
++<U100000>
++..
++<U10FFFF>
++UNDEFINED
++order_end
++END LC_COLLATE
++
++LC_MONETARY
++% This is the 14652 i18n fdcc-set definition for
++% the LC_MONETARY category
++% (except for the int_curr_symbol and currency_symbol, they are empty in
++% the 14652 i18n fdcc-set definition and also empty in
++% glibc/locale/C-monetary.c. But localedef complains in that case).
++%
++% Using "USD" for int_curr_symbol. But maybe "XXX" would be better?
++% XXX is "No currency" (https://en.wikipedia.org/wiki/ISO_4217)
++int_curr_symbol "<U0055><U0053><U0044><U0020>"
++% Using "$" for currency_symbol. But maybe <U00A4> would be better?
++% U+00A4 is the "generic currency symbol"
++% (https://en.wikipedia.org/wiki/Currency_sign_%28typography%29)
++currency_symbol "<U0024>"
++mon_decimal_point "<U002E>"
++mon_thousands_sep ""
++mon_grouping -1
++positive_sign ""
++negative_sign "<U002D>"
++int_frac_digits -1
++frac_digits -1
++p_cs_precedes -1
++int_p_sep_by_space -1
++p_sep_by_space -1
++n_cs_precedes -1
++int_n_sep_by_space -1
++n_sep_by_space -1
++p_sign_posn -1
++n_sign_posn -1
++%
++END LC_MONETARY
++
++LC_NUMERIC
++% This is the POSIX Locale definition for
++% the LC_NUMERIC category.
++%
++decimal_point "<U002E>"
++thousands_sep ""
++grouping -1
++END LC_NUMERIC
++
++LC_TIME
++% This is the POSIX Locale definition for
++% the LC_TIME category.
++%
++% Abbreviated weekday names (%a)
++abday "<U0053><U0075><U006E>";"<U004D><U006F><U006E>";/
++ "<U0054><U0075><U0065>";"<U0057><U0065><U0064>";/
++ "<U0054><U0068><U0075>";"<U0046><U0072><U0069>";/
++ "<U0053><U0061><U0074>"
++
++% Full weekday names (%A)
++day "<U0053><U0075><U006E><U0064><U0061><U0079>";/
++ "<U004D><U006F><U006E><U0064><U0061><U0079>";/
++ "<U0054><U0075><U0065><U0073><U0064><U0061><U0079>";/
++ "<U0057><U0065><U0064><U006E><U0065><U0073><U0064><U0061><U0079>";/
++ "<U0054><U0068><U0075><U0072><U0073><U0064><U0061><U0079>";/
++ "<U0046><U0072><U0069><U0064><U0061><U0079>";/
++ "<U0053><U0061><U0074><U0075><U0072><U0064><U0061><U0079>"
++
++% Abbreviated month names (%b)
++abmon "<U004A><U0061><U006E>";"<U0046><U0065><U0062>";/
++ "<U004D><U0061><U0072>";"<U0041><U0070><U0072>";/
++ "<U004D><U0061><U0079>";"<U004A><U0075><U006E>";/
++ "<U004A><U0075><U006C>";"<U0041><U0075><U0067>";/
++ "<U0053><U0065><U0070>";"<U004F><U0063><U0074>";/
++ "<U004E><U006F><U0076>";"<U0044><U0065><U0063>"
++
++% Full month names (%B)
++mon "<U004A><U0061><U006E><U0075><U0061><U0072><U0079>";/
++ "<U0046><U0065><U0062><U0072><U0075><U0061><U0072><U0079>";/
++ "<U004D><U0061><U0072><U0063><U0068>";/
++ "<U0041><U0070><U0072><U0069><U006C>";/
++ "<U004D><U0061><U0079>";/
++ "<U004A><U0075><U006E><U0065>";/
++ "<U004A><U0075><U006C><U0079>";/
++ "<U0041><U0075><U0067><U0075><U0073><U0074>";/
++ "<U0053><U0065><U0070><U0074><U0065><U006D><U0062><U0065><U0072>";/
++ "<U004F><U0063><U0074><U006F><U0062><U0065><U0072>";/
++ "<U004E><U006F><U0076><U0065><U006D><U0062><U0065><U0072>";/
++ "<U0044><U0065><U0063><U0065><U006D><U0062><U0065><U0072>"
++
++% Week description, consists of three fields:
++% 1. Number of days in a week.
++% 2. Gregorian date that is a first weekday (19971130 for Sunday, 19971201 for Monday).
++% 3. The weekday number to be contained in the first week of the year.
++%
++% ISO 8601 conforming applications should use the values 7, 19971201 (a
++% Monday), and 4 (Thursday), respectively.
++week 7;19971201;4
++first_weekday 1
++first_workday 1
++
++% Appropriate date and time representation (%c)
++% "%a %b %e %H:%M:%S %Y"
++d_t_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0059>"
++
++% Appropriate date representation (%x)
++% "%m/%d/%y"
++d_fmt "<U0025><U006D><U002F><U0025><U0064><U002F><U0025><U0079>"
++
++% Appropriate time representation (%X)
++% "%H:%M:%S"
++t_fmt "<U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053>"
++
++% Appropriate AM/PM time representation (%r)
++% "%I:%M:%S %p"
++t_fmt_ampm "<U0025><U0049><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U0070>"
++
++% Equivalent of AM/PM (%p) "AM"/"PM"
++%
++am_pm "<U0041><U004D>";"<U0050><U004D>"
++
++% Appropriate date representation (date(1)) "%a %b %e %H:%M:%S %Z %Y"
++date_fmt "<U0025><U0061><U0020><U0025><U0062><U0020><U0025><U0065><U0020><U0025><U0048><U003A><U0025><U004D><U003A><U0025><U0053><U0020><U0025><U005A><U0020><U0025><U0059>"
++END LC_TIME
++
++LC_MESSAGES
++% This is the POSIX Locale definition for
++% the LC_NUMERIC category.
++%
++yesexpr "<U005E><U005B><U0079><U0059><U005D>"
++noexpr "<U005E><U005B><U006E><U004E><U005D>"
++yesstr "<U0059><U0065><U0073>"
++nostr "<U004E><U006F>"
++END LC_MESSAGES
++
++LC_PAPER
++% This is the ISO/IEC 14652 "i18n" definition for
++% the LC_PAPER category.
++% (A4 paper, this is also used in the built in C/POSIX
++% locale in glibc/locale/C-paper.c)
++height 297
++width 210
++END LC_PAPER
++
++LC_NAME
++% This is the ISO/IEC 14652 "i18n" definition for
++% the LC_NAME category.
++% "%p%t%g%t%m%t%f"
++% (also used in the built in C/POSIX locale in glibc/locale/C-name.c)
++name_fmt "<U0025><U0070><U0025><U0074><U0025><U0067><U0025><U0074>/
++<U0025><U006D><U0025><U0074><U0025><U0066>"
++END LC_NAME
++
++LC_ADDRESS
++% This is the ISO/IEC 14652 "i18n" definition for
++% the LC_ADDRESS category.
++% "%a%N%f%N%d%N%b%N%s %h %e %r%N%C-%z %T%N%c%N"
++% (also used in the built in C/POSIX locale in glibc/locale/C-address.c)
++postal_fmt "<U0025><U0061><U0025><U004E><U0025><U0066><U0025><U004E>/
++<U0025><U0064><U0025><U004E><U0025><U0062><U0025><U004E><U0025><U0073>/
++<U0020><U0025><U0068><U0020><U0025><U0065><U0020><U0025><U0072><U0025>/
++<U004E><U0025><U0043><U002D><U0025><U007A><U0020><U0025><U0054><U0025>/
++<U004E><U0025><U0063><U0025><U004E>"
++END LC_ADDRESS
++
++LC_TELEPHONE
++% This is the ISO/IEC 14652 "i18n" definition for
++% the LC_TELEPHONE category.
++% "+%c %a %l"
++tel_int_fmt "<U002B><U0025><U0063><U0020><U0025><U0061><U0020><U0025>/
++<U006C>"
++% (also used in the built in C/POSIX locale in glibc/locale/C-telephone.c)
++END LC_TELEPHONE
++
++LC_MEASUREMENT
++% This is the ISO/IEC 14652 "i18n" definition for
++% the LC_MEASUREMENT category.
++% (same as in the built in C/POSIX locale in glibc/locale/C-measurement.c)
++%metric
++measurement 1
++END LC_MEASUREMENT
++
diff --git a/patches/source/glibc/glibc-cvs-checkout.sh b/patches/source/glibc/glibc-cvs-checkout.sh
new file mode 100755
index 000000000..022d0117b
--- /dev/null
+++ b/patches/source/glibc/glibc-cvs-checkout.sh
@@ -0,0 +1,3 @@
+echo "The password below is \"anoncvs\":"
+cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/glibc login
+cvs -z 9 -d :pserver:anoncvs@sources.redhat.com:/cvs/glibc co libc
diff --git a/patches/source/glibc/glibc.3776f38f.diff b/patches/source/glibc/glibc.3776f38f.diff
new file mode 100644
index 000000000..d2b787a4f
--- /dev/null
+++ b/patches/source/glibc/glibc.3776f38f.diff
@@ -0,0 +1,52 @@
+From 3776f38fcd267c127ba5eb222e2c614c191744aa Mon Sep 17 00:00:00 2001
+From: Siddhesh Poyarekar <siddhesh@sourceware.org>
+Date: Tue, 20 Jun 2017 05:59:17 +0200
+Subject: [PATCH] Ignore and remove LD_HWCAP_MASK for AT_SECURE programs (bug
+ #21209)
+
+The LD_HWCAP_MASK environment variable may alter the selection of
+function variants for some architectures. For AT_SECURE process it
+means that if an outdated routine has a bug that would otherwise not
+affect newer platforms by default, LD_HWCAP_MASK will allow that bug
+to be exploited.
+
+To be on the safe side, ignore and disable LD_HWCAP_MASK for setuid
+binaries.
+
+ [BZ #21209]
+ * elf/rtld.c (process_envvars): Ignore LD_HWCAP_MASK for
+ AT_SECURE processes.
+ * sysdeps/generic/unsecvars.h: Add LD_HWCAP_MASK.
+
+(cherry picked from commit 1c1243b6fc33c029488add276e56570a07803bfd)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 369724b..9362a21 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2534,7 +2534,8 @@ process_envvars (enum mode *modep)
+
+ case 10:
+ /* Mask for the important hardware capabilities. */
+- if (memcmp (envline, "HWCAP_MASK", 10) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "HWCAP_MASK", 10) == 0)
+ GLRO(dl_hwcap_mask) = __strtoul_internal (&envline[11], NULL,
+ 0, 0);
+ break;
+diff --git a/sysdeps/generic/unsecvars.h b/sysdeps/generic/unsecvars.h
+index a740837..5ea8a4a 100644
+--- a/sysdeps/generic/unsecvars.h
++++ b/sysdeps/generic/unsecvars.h
+@@ -16,6 +16,7 @@
+ "LD_DEBUG\0" \
+ "LD_DEBUG_OUTPUT\0" \
+ "LD_DYNAMIC_WEAK\0" \
++ "LD_HWCAP_MASK\0" \
+ "LD_LIBRARY_PATH\0" \
+ "LD_ORIGIN_PATH\0" \
+ "LD_PRELOAD\0" \
+--
+2.9.3
+
+
diff --git a/patches/source/glibc/glibc.46703a39.diff b/patches/source/glibc/glibc.46703a39.diff
new file mode 100644
index 000000000..c21200bea
--- /dev/null
+++ b/patches/source/glibc/glibc.46703a39.diff
@@ -0,0 +1,119 @@
+From 46703a3995aa3ca2b816814aa4ad05ed524194dd Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:31:04 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_PRELOAD path elements
+
+(cherry picked from commit 6d0ba622891bed9d8394eef1935add53003b12e8)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 2fc33a6..4badcf6 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -99,6 +99,35 @@ uintptr_t __pointer_chk_guard_local
+ strong_alias (__pointer_chk_guard_local, __pointer_chk_guard)
+ #endif
+
++/* Length limits for names and paths, to protect the dynamic linker,
++ particularly when __libc_enable_secure is active. */
++#ifdef NAME_MAX
++# define SECURE_NAME_LIMIT NAME_MAX
++#else
++# define SECURE_NAME_LIMIT 255
++#endif
++#ifdef PATH_MAX
++# define SECURE_PATH_LIMIT PATH_MAX
++#else
++# define SECURE_PATH_LIMIT 1024
++#endif
++
++/* Check that AT_SECURE=0, or that the passed name does not contain
++ directories and is not overly long. Reject empty names
++ unconditionally. */
++static bool
++dso_name_valid_for_suid (const char *p)
++{
++ if (__glibc_unlikely (__libc_enable_secure))
++ {
++ /* Ignore pathnames with directories for AT_SECURE=1
++ programs, and also skip overlong names. */
++ size_t len = strlen (p);
++ if (len >= SECURE_NAME_LIMIT || memchr (p, '/', len) != NULL)
++ return false;
++ }
++ return *p != '\0';
++}
+
+ /* List of auditing DSOs. */
+ static struct audit_list
+@@ -716,6 +745,42 @@ static const char *preloadlist attribute_relro;
+ /* Nonzero if information about versions has to be printed. */
+ static int version_info attribute_relro;
+
++/* The LD_PRELOAD environment variable gives list of libraries
++ separated by white space or colons that are loaded before the
++ executable's dependencies and prepended to the global scope list.
++ (If the binary is running setuid all elements containing a '/' are
++ ignored since it is insecure.) Return the number of preloads
++ performed. */
++unsigned int
++handle_ld_preload (const char *preloadlist, struct link_map *main_map)
++{
++ unsigned int npreloads = 0;
++ const char *p = preloadlist;
++ char fname[SECURE_PATH_LIMIT];
++
++ while (*p != '\0')
++ {
++ /* Split preload list at space/colon. */
++ size_t len = strcspn (p, " :");
++ if (len > 0 && len < sizeof (fname))
++ {
++ memcpy (fname, p, len);
++ fname[len] = '\0';
++ }
++ else
++ fname[0] = '\0';
++
++ /* Skip over the substring and the following delimiter. */
++ p += len;
++ if (*p != '\0')
++ ++p;
++
++ if (dso_name_valid_for_suid (fname))
++ npreloads += do_preload (fname, main_map, "LD_PRELOAD");
++ }
++ return npreloads;
++}
++
+ static void
+ dl_main (const ElfW(Phdr) *phdr,
+ ElfW(Word) phnum,
+@@ -1462,23 +1527,8 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+
+ if (__glibc_unlikely (preloadlist != NULL))
+ {
+- /* The LD_PRELOAD environment variable gives list of libraries
+- separated by white space or colons that are loaded before the
+- executable's dependencies and prepended to the global scope
+- list. If the binary is running setuid all elements
+- containing a '/' are ignored since it is insecure. */
+- char *list = strdupa (preloadlist);
+- char *p;
+-
+ HP_TIMING_NOW (start);
+-
+- /* Prevent optimizing strsep. Speed is not important here. */
+- while ((p = (strsep) (&list, " :")) != NULL)
+- if (p[0] != '\0'
+- && (__builtin_expect (! __libc_enable_secure, 1)
+- || strchr (p, '/') == NULL))
+- npreloads += do_preload (p, main_map, "LD_PRELOAD");
+-
++ npreloads += handle_ld_preload (preloadlist, main_map);
+ HP_TIMING_NOW (stop);
+ HP_TIMING_DIFF (diff, start, stop);
+ HP_TIMING_ACCUM_NT (load_time, diff);
+--
+2.9.3
+
+
diff --git a/patches/source/glibc/glibc.6a824767.dont.assert.on.older.intel.cpus.diff b/patches/source/glibc/glibc.6a824767.dont.assert.on.older.intel.cpus.diff
new file mode 100644
index 000000000..a3d1b147f
--- /dev/null
+++ b/patches/source/glibc/glibc.6a824767.dont.assert.on.older.intel.cpus.diff
@@ -0,0 +1,32 @@
+From 6a824767d8948faf10d8d3a602eb4f2a59431601 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.tools@gmail.com>
+Date: Wed, 12 Oct 2016 08:22:52 -0700
+Subject: [PATCH] X86: Don't assert on older Intel CPUs [BZ #20647]
+
+Since the maximum CPUID level of older Intel CPUs is 1, change
+handle_intel to return -1, instead of assert, when the maximum
+CPUID level is less than 2.
+
+ [BZ #20647]
+ * sysdeps/x86_64/cacheinfo.c (handle_intel): Return -1 if the
+ maximum CPUID level is less than 2.
+
+diff --git a/sysdeps/x86_64/cacheinfo.c b/sysdeps/x86_64/cacheinfo.c
+index cf4f64b..35268e8 100644
+--- a/sysdeps/x86_64/cacheinfo.c
++++ b/sysdeps/x86_64/cacheinfo.c
+@@ -259,7 +259,9 @@ intel_check_word (int name, unsigned int value, bool *has_level_2,
+ static long int __attribute__ ((noinline))
+ handle_intel (int name, unsigned int maxidx)
+ {
+- assert (maxidx >= 2);
++ /* Return -1 for older CPUs. */
++ if (maxidx < 2)
++ return -1;
+
+ /* OK, we can use the CPUID instruction to get all info about the
+ caches. */
+--
+2.9.3
+
+
diff --git a/patches/source/glibc/glibc.CVE-2017-1000366.3c7cd212.diff b/patches/source/glibc/glibc.CVE-2017-1000366.3c7cd212.diff
new file mode 100644
index 000000000..ee2870bc8
--- /dev/null
+++ b/patches/source/glibc/glibc.CVE-2017-1000366.3c7cd212.diff
@@ -0,0 +1,32 @@
+From 3c7cd21290cabdadd72984fb69bc51e64ff1002d Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 18:31:27 +0200
+Subject: [PATCH] CVE-2017-1000366: Ignore LD_LIBRARY_PATH for AT_SECURE=1
+ programs [BZ #21624]
+
+LD_LIBRARY_PATH can only be used to reorder system search paths, which
+is not useful functionality.
+
+This makes an exploitable unbounded alloca in _dl_init_paths unreachable
+for AT_SECURE=1 programs.
+
+(cherry picked from commit f6110a8fee2ca36f8e2d2abecf3cba9fa7b8ea7d)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index a036ece..2fc33a6 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -2418,7 +2418,8 @@ process_envvars (enum mode *modep)
+
+ case 12:
+ /* The library search path. */
+- if (memcmp (envline, "LIBRARY_PATH", 12) == 0)
++ if (!__libc_enable_secure
++ && memcmp (envline, "LIBRARY_PATH", 12) == 0)
+ {
+ library_path = &envline[13];
+ break;
+--
+2.9.3
+
+
diff --git a/patches/source/glibc/glibc.SlackBuild b/patches/source/glibc/glibc.SlackBuild
new file mode 100755
index 000000000..a1dd9a90e
--- /dev/null
+++ b/patches/source/glibc/glibc.SlackBuild
@@ -0,0 +1,440 @@
+#!/bin/sh
+
+# Copyright 2006, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Patrick J. Volkerding, Sebeka, MN, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+## build glibc-$VERSION for Slackware
+
+VERSION=${VERSION:-$(echo glibc-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+CHECKOUT=${CHECKOUT:-""}
+BUILD=${BUILD:-4_slack14.2}
+
+# I was considering disabling NSCD, but MoZes talked me out of it. :)
+#DISABLE_NSCD=" --disable-nscd "
+
+# $ARCH may be preset, otherwise i586 compatibility with i686 binary
+# structuring is the Slackware default.
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) export ARCH=i586 ;;
+ arm*) export ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) export ARCH=$( uname -m ) ;;
+ esac
+fi
+
+# I'll break this out as an option for fun :-)
+case $ARCH in
+ i386)
+ OPTIMIZ="-O3 -march=i386 -mcpu=i686"
+ LIBDIRSUFFIX=""
+ ;;
+ i486)
+ OPTIMIZ="-O3 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+ ;;
+ i586)
+ OPTIMIZ="-O3 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+ ;;
+ i686)
+ OPTIMIZ="-O3 -march=i686"
+ LIBDIRSUFFIX=""
+ ;;
+ athlon)
+ OPTIMIZ="-O3 -march=athlon"
+ LIBDIRSUFFIX=""
+ ;;
+ s390)
+ OPTIMIZ="-O3"
+ LIBDIRSUFFIX=""
+ ;;
+ x86_64)
+ OPTIMIZ="-O3 -fPIC"
+ LIBDIRSUFFIX="64"
+ ;;
+ *)
+ OPTIMIZ="-O3"
+ LIBDIRSUFFIX=""
+ ;;
+esac
+
+case $ARCH in
+ x86_64)
+ TARGET=${TARGET:-x86_64}
+ ;;
+ i586)
+ # This should be i586 for all 32-bit x86 arch:
+ TARGET=${TARGET:-i586}
+ ;;
+esac
+
+# Hand off the $ARCH variable to $SLACKWARE_ARCH to avoid confusing glibc:
+SLACKWARE_ARCH=$ARCH
+unset ARCH
+
+CVSVER=${VERSION}${CHECKOUT}
+
+# NOTE!!! glibc needs to be built against the sanitized kernel headers,
+# which will be installed under /usr/include by the kernel-headers package.
+# Be sure the correct version of the headers package is installed BEFORE
+# building glibc!
+
+CWD=$(pwd)
+# Temporary build location. This should not be a directory
+# path a non-root user could create later...
+TMP=${TMP:-/glibc-tmp-$(mcookie)}
+mkdir -p $TMP
+
+NUMJOBS=${NUMJOBS:-" -j7 "}
+
+# This function fixes a doinst.sh file for x86_64.
+# With thanks to Fred Emmott.
+fix_doinst() {
+ if [ "x$LIBDIRSUFFIX" = "x" ]; then
+ return;
+ fi;
+ # Fix "( cd usr/lib ;" occurrences
+ sed -i "s#lib ;#lib${LIBDIRSUFFIX} ;#" install/doinst.sh
+ # Fix "lib/" occurrences
+ sed -i "s#lib/#lib${LIBDIRSUFFIX}/#g" install/doinst.sh
+ # Fix "( cd lib" occurrences
+ sed -i "s#( cd lib\$#( cd lib${LIBDIRSUFFIX}#" install/doinst.sh
+
+ if [ "$SLACKWARE_ARCH" = "x86_64" ]; then
+ sed -i 's#ld-linux.so.2#ld-linux-x86-64.so.2#' install/doinst.sh
+ fi
+}
+
+# This is a patch function to put all glibc patches in the build script
+# up near the top.
+apply_patches() {
+ # Use old-style locale directories rather than a single (and strangely
+ # formatted) /usr/lib/locale/locale-archive file:
+ zcat $CWD/glibc.locale.no-archive.diff.gz | patch -p1 --verbose || exit 1
+ # The is_IS locale is causing a strange error about the "echn" command
+ # not existing. This patch reverts is_IS to the version shipped in
+ # glibc-2.5:
+ zcat $CWD/is_IS.diff.gz | patch -p1 --verbose || exit 1
+ # Support ru_RU.CP1251 locale:
+ zcat $CWD/glibc.ru_RU.CP1251.diff.gz | patch -p1 --verbose || exit 1
+ # Fix resolver problem with glibc-2.9:
+ zcat $CWD/glibc-2.10-dns-no-gethostbyname4.diff.gz | patch -p0 --verbose || exit 1
+ # This reverts a patch that was made to glibc to fix "namespace leakage",
+ # which seems to cause some build failures (e.g. with conntrack):
+ zcat $CWD/glibc.revert.to.fix.build.breakages.diff.gz | patch -p1 -l --verbose || exit 1
+ # Make it harder for people to trick ldd into running code:
+ zcat $CWD/glibc.ldd.trace.through.dynamic.linker.diff.gz | patch -p1 --verbose || exit 1
+ # Add a C.UTF-8 locale:
+ zcat $CWD/glibc-c-utf8-locale.patch.gz | patch -p1 --verbose || exit 1
+ # Upstream git patches for security hardening (CVE-2017-1000366):
+ zcat $CWD/glibc.3776f38f.diff.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/glibc.46703a39.diff.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/glibc.CVE-2017-1000366.3c7cd212.diff.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/glibc.adc7e06f.diff.gz | patch -p1 --verbose || exit 1
+ zcat $CWD/glibc.c69d4a0f.diff.gz | patch -p1 --verbose || exit 1
+ # Don't assert on older Intel CPUs.
+ # This fixes an ldconfig failure on Pentium MMX.
+ zcat $CWD/glibc.6a824767.dont.assert.on.older.intel.cpus.diff.gz | patch -p1 --verbose || exit 1
+}
+
+# This is going to be the initial $DESTDIR:
+export PKG=$TMP/package-glibc-incoming-tree
+PGLIBC=$TMP/package-glibc
+PSOLIBS=$TMP/package-glibc-solibs
+PI18N=$TMP/package-glibc-i18n
+PPROFILE=$TMP/package-glibc-profile
+PDEBUG=$TMP/package-glibc-debug
+
+# Empty these locations first:
+for dir in $PKG $PGLIBC $PSOLIBS $PZONE $PI18N $PPROFILE $PDEBUG ; do
+ if [ -d $dir ]; then
+ rm -rf $dir
+ fi
+ mkdir -p $dir
+done
+if [ -d $TMP/glibc-$VERSION ]; then
+ rm -rf $TMP/glibc-$VERSION
+fi
+
+# Create an incoming directory structure for glibc to be built into:
+mkdir -p $PKG/lib${LIBDIRSUFFIX}
+mkdir -p $PKG/sbin
+mkdir -p $PKG/usr/bin
+mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}
+mkdir -p $PKG/usr/sbin
+mkdir -p $PKG/usr/include
+mkdir -p $PKG/usr/doc
+mkdir -p $PKG/usr/man
+mkdir -p $PKG/usr/share
+mkdir -p $PKG/var/db/nscd
+mkdir -p $PKG/var/run/nscd
+
+# Begin extract/compile:
+cd $TMP
+rm -rf glibc-$CVSVER
+tar xvf $CWD/glibc-$CVSVER.tar.xz \
+ || tar xvf $CWD/glibc-$CVSVER.tar.bz2 \
+ || tar xvf $CWD/glibc-$CVSVER.tar.gz
+cd glibc-$CVSVER
+
+chown -R root:root .
+find . -perm 666 -exec chmod 644 {} \;
+find . -perm 664 -exec chmod 644 {} \;
+find . -perm 600 -exec chmod 644 {} \;
+find . -perm 444 -exec chmod 644 {} \;
+find . -perm 400 -exec chmod 644 {} \;
+find . -perm 440 -exec chmod 644 {} \;
+find . -perm 777 -exec chmod 755 {} \;
+find . -perm 775 -exec chmod 755 {} \;
+find . -perm 511 -exec chmod 755 {} \;
+find . -perm 711 -exec chmod 755 {} \;
+find . -perm 555 -exec chmod 755 {} \;
+
+# Clean up leftover CVS directories:
+find . -type d -name CVS -exec rm -r {} \; 2> /dev/null
+
+# Apply patches; exit if any fail.
+apply_patches
+if [ ! $? = 0 ]; then
+ exit 1
+fi
+
+# Make build directory:
+mkdir build-glibc-$VERSION
+cd build-glibc-$VERSION || exit 1
+
+echo "BUILDING DAS NPTL GLIBC"
+CFLAGS="-g $OPTIMIZ" \
+../configure \
+ --prefix=/usr \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --enable-kernel=2.6.32 \
+ --with-headers=/usr/include \
+ --enable-add-ons \
+ --enable-obsolete-rpc \
+ --enable-profile \
+ $DISABLE_NSCD \
+ --infodir=/usr/info \
+ --mandir=/usr/man \
+ --with-tls \
+ --with-__thread \
+ --without-cvs \
+ $TARGET-slackware-linux
+
+make $NUMJOBS || make || exit 1
+make install install_root=$PKG || exit 1
+make localedata/install-locales install_root=$PKG || exit 1
+
+# The prevailing standard seems to be putting unstripped libraries in
+# /usr/lib/debug/ and stripping the debugging symbols from all the other
+# libraries.
+mkdir -p $PKG/usr/lib${LIBDIRSUFFIX}/debug
+cp -a $PKG/lib${LIBDIRSUFFIX}/l*.so* $PKG/usr/lib${LIBDIRSUFFIX}/debug
+cp -a $PKG/usr/lib${LIBDIRSUFFIX}/*.a $PKG/usr/lib${LIBDIRSUFFIX}/debug
+# Don't need debug+profile:
+( cd $PKG/usr/lib${LIBDIRSUFFIX}/debug ; rm -f *_p.* )
+# NOTE: Is there really a reason for the glibc-debug package?
+# If you're debugging glibc, you can also compile it, right?
+
+## COMMENTED OUT: There's no reason for profile libs to include -g information.
+## Put back unstripped profiling libraries:
+#mv $PKG/usr/lib${LIBDIRSUFFIX}/debug/*_p.a $PKG/usr/lib${LIBDIRSUFFIX}
+# It might be best to put the unstripped and profiling libraries in glibc-debug and glibc-profile.
+
+# I don't think "strip -g" causes the pthread problems. It's --strip-unneeded that does.
+strip -g $PKG/lib${LIBDIRSUFFIX}/l*.so*
+strip -g $PKG/usr/lib${LIBDIRSUFFIX}/l*.so*
+strip -g $PKG/usr/lib${LIBDIRSUFFIX}/lib*.a
+
+# Remove the rquota.x and rquota.h include files, as they are provided by
+# the quota package:
+rm -f $PKG/usr/include/rpcsvc/rquota.{h,x}
+
+# Back to the sources dir to add some files/docs:
+cd $TMP/glibc-$CVSVER
+
+# We'll automatically install the config file for the Name Server Cache Daemon.
+# Perhaps this should also have some commented-out startup code in rc.inet2...
+mkdir -p $PKG/etc
+cat nscd/nscd.conf > $PKG/etc/nscd.conf.new
+
+# Install docs:
+( mkdir -p $PKG/usr/doc/glibc-$VERSION
+ cp -a \
+ BUGS CONFORMANCE COPYING* FAQ INSTALL LICENSES NAMESPACE \
+ NEWS NOTES PROJECTS README* \
+ $PKG/usr/doc/glibc-$VERSION
+)
+
+# Trim the NEWS file to omit ancient history:
+if [ -r NEWS ]; then
+ DOCSDIR=$(echo $PKG/usr/doc/glibc-$VERSION)
+ cat NEWS | head -n 1000 > $DOCSDIR/NEWS
+ touch -r NEWS $DOCSDIR/NEWS
+fi
+
+# OK, there are some very old Linux standards that say that any binaries in a /bin or
+# /sbin directory (and the directories themselves) should be group bin rather than
+# group root, unless a specific group is really needed for some reason.
+#
+# I can't find any mention of this in more recent standards docs, and always thought
+# that it was pretty cosmetic anyway (hey, if there's a reason -- fill me in!), so
+# it's possible that this ownership change won't be followed in the near future
+# (it's a PITA, and causes many bug reports when the perms change is occasionally
+# forgotten).
+#
+# But, it's hard to get me to break old habits, so we'll continue the tradition here:
+#
+# No, no we won't. You know how we love to break traditions.
+
+# Strip most binaries:
+( cd $PKG
+ find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-debug 2> /dev/null
+ find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip -g 2> /dev/null
+)
+
+# Fix info dir:
+rm $PKG/usr/info/dir
+gzip -9 $PKG/usr/info/*
+
+# This is junk
+rm $PKG/etc/ld.so.cache
+( cd $PKG
+ find . -name "*.orig" -exec rm {} \;
+)
+
+##################################
+# OK, time to make some packages #
+##################################
+
+# glibc-profile:
+cd $PPROFILE
+mkdir -p usr/lib${LIBDIRSUFFIX}
+# Might as well just grab these with 'mv' to simplify things later:
+mv $PKG/usr/lib${LIBDIRSUFFIX}/lib*_p.a usr/lib${LIBDIRSUFFIX}
+# Profile libs should be stripped. Use the debug libs to debug...
+( cd usr/lib${LIBDIRSUFFIX} ; strip -g *.a )
+mkdir install
+cp -a $CWD/slack-desc.glibc-profile install/slack-desc
+makepkg -l y -c n $TMP/glibc-profile-$VERSION-$SLACKWARE_ARCH-$BUILD.txz
+
+# THIS IS NO LONGER PACKAGED (or is it? might be better to let it be made, and then ship it or not...)
+# glibc-debug:
+cd $PDEBUG
+mkdir -p usr/lib${LIBDIRSUFFIX}
+# Might as well just grab these with 'mv' to simplify things later:
+mv $PKG/usr/lib${LIBDIRSUFFIX}/debug usr/lib${LIBDIRSUFFIX}
+mkdir install
+cp -a $CWD/slack-desc.glibc-debug install/slack-desc
+# Don't package this.
+#makepkg -l y -c n $TMP/glibc-debug-$VERSION-$SLACKWARE_ARCH-$BUILD.txz
+## INSTEAD, NUKE THESE LIBS
+#rm -rf $PKG/usr/lib${LIBDIRSUFFIX}/debug
+
+# glibc-i18n:
+cd $PI18N
+mkdir -p usr/lib${LIBDIRSUFFIX}/locale
+mv $PKG/usr/lib${LIBDIRSUFFIX}/locale/* usr/lib${LIBDIRSUFFIX}/locale
+mkdir -p usr/share/{i18n,locale}
+mv $PKG/usr/share/i18n/* usr/share/i18n
+mv $PKG/usr/share/locale/* usr/share/locale
+# Leave copies of the C, POSIX, and en_US locales in the main glibc package:
+cp -a usr/lib${LIBDIRSUFFIX}/locale/{C,en_US}* $PKG/usr/lib${LIBDIRSUFFIX}/locale
+mkdir -p $PKG/usr/share/i18n/locales
+cp -a usr/share/i18n/locales/{C,POSIX,en_US} $PKG/usr/share/i18n/locales
+mkdir install
+cp -a $CWD/slack-desc.glibc-i18n install/slack-desc
+makepkg -l y -c n $TMP/glibc-i18n-$VERSION-$SLACKWARE_ARCH-$BUILD.txz
+
+# glibc-solibs:
+cd $PSOLIBS
+mkdir -p etc/profile.d
+cp -a $CWD/profile.d/* etc/profile.d
+chown -R root:root etc
+chmod 755 etc/profile.d/*
+mkdir -p lib${LIBDIRSUFFIX}
+cp -a $PKG/lib${LIBDIRSUFFIX}/* lib${LIBDIRSUFFIX}
+( cd lib${LIBDIRSUFFIX}
+ mkdir incoming
+ mv *so* incoming
+ mv incoming/libSegFault.so .
+)
+mkdir -p usr
+cp -a $PKG/usr/bin usr
+mv usr/bin/ldd .
+rm usr/bin/*
+mv ldd usr/bin
+mkdir -p usr/lib${LIBDIRSUFFIX}
+# The gconv directory has a lot of stuff, but including it here will save some problems.
+# Seems standard elsewhere.
+cp -a $PKG/usr/lib${LIBDIRSUFFIX}/gconv usr/lib${LIBDIRSUFFIX}
+# Another manpage abandoned by GNU...
+#mkdir -p usr/man/man1
+#cp -a $PKG/usr/man/man1/ldd.1.gz usr/man/man1
+mkdir -p usr/libexec
+cp -a $PKG/usr/libexec/pt_chown usr/libexec
+# Same usr.bin deal:
+cp -a $PKG/sbin .
+mv sbin/ldconfig .
+rm sbin/*
+mv ldconfig sbin
+mkdir install
+cp -a $CWD/slack-desc.glibc-solibs install/slack-desc
+cp -a $CWD/doinst.sh-glibc-solibs install/doinst.sh
+fix_doinst
+sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh
+# Ditch links:
+find . -type l -exec rm {} \;
+# libm.so is *not* a linker script on all $ARCH.
+# If it's missing now, replace the symlink:
+if [ ! -r usr/lib${LIBDIRSUFFIX}/libm.so ]; then
+ ( cd usr/lib${LIBDIRSUFFIX} ; ln -sf ../../lib${LIBDIRSUFFIX}/libm.so.6 libm.so )
+fi
+# Build the package:
+makepkg -l y -c n $TMP/glibc-solibs-$VERSION-$SLACKWARE_ARCH-$BUILD.txz
+
+# And finally, the complete "all-in-one" glibc package is created
+# from whatever was leftover:
+cd $PGLIBC
+mv $PKG/* .
+mkdir -p etc/profile.d
+cp -a $CWD/profile.d/* etc/profile.d
+chown -R root:root etc
+chmod 755 etc/profile.d/*
+# Ditch links (these are in doinst.sh-glibc):
+find . -type l -exec rm {} \;
+mkdir install
+cp -a $CWD/slack-desc.glibc install/slack-desc
+cp -a $CWD/doinst.sh-glibc install/doinst.sh
+fix_doinst
+sed -i "s/@@VERSION@@/$VERSION/g" install/doinst.sh
+( cd lib${LIBDIRSUFFIX}
+ mkdir incoming
+ mv *so* incoming
+ mv incoming/libSegFault.so .
+)
+# Build the package:
+/sbin/makepkg -l y -c n $TMP/glibc-$VERSION-$SLACKWARE_ARCH-$BUILD.txz
+
+# Done!
+echo
+echo "glibc packages built in $TMP!"
+
diff --git a/patches/source/glibc/glibc.adc7e06f.diff b/patches/source/glibc/glibc.adc7e06f.diff
new file mode 100644
index 000000000..ca5eac556
--- /dev/null
+++ b/patches/source/glibc/glibc.adc7e06f.diff
@@ -0,0 +1,38 @@
+From adc7e06fb412a2a1ee52f8cb788caf436335b9f3 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Wed, 14 Jun 2017 08:11:22 +0200
+Subject: [PATCH] i686: Add missing IS_IN (libc) guards to vectorized strcspn
+
+Since commit d957c4d3fa48d685ff2726c605c988127ef99395 (i386: Compile
+rtld-*.os with -mno-sse -mno-mmx -mfpmath=387), vector intrinsics can
+no longer be used in ld.so, even if the compiled code never makes it
+into the final ld.so link. This commit adds the missing IS_IN (libc)
+guard to the SSE 4.2 strcspn implementation, so that it can be used from
+ld.so in the future.
+
+(cherry picked from commit 69052a3a95da37169a08f9e59b2cc1808312753c)
+
+diff --git a/sysdeps/i386/i686/multiarch/strcspn-c.c b/sysdeps/i386/i686/multiarch/strcspn-c.c
+index 6d61e19..ec230fb 100644
+--- a/sysdeps/i386/i686/multiarch/strcspn-c.c
++++ b/sysdeps/i386/i686/multiarch/strcspn-c.c
+@@ -1,2 +1,4 @@
+-#define __strcspn_sse2 __strcspn_ia32
+-#include <sysdeps/x86_64/multiarch/strcspn-c.c>
++#if IS_IN (libc)
++# define __strcspn_sse2 __strcspn_ia32
++# include <sysdeps/x86_64/multiarch/strcspn-c.c>
++#endif
+diff --git a/sysdeps/i386/i686/multiarch/varshift.c b/sysdeps/i386/i686/multiarch/varshift.c
+index 7760b96..6742a35 100644
+--- a/sysdeps/i386/i686/multiarch/varshift.c
++++ b/sysdeps/i386/i686/multiarch/varshift.c
+@@ -1 +1,3 @@
+-#include <sysdeps/x86_64/multiarch/varshift.c>
++#if IS_IN (libc)
++# include <sysdeps/x86_64/multiarch/varshift.c>
++#endif
+--
+2.9.3
+
+
diff --git a/patches/source/glibc/glibc.c69d4a0f.diff b/patches/source/glibc/glibc.c69d4a0f.diff
new file mode 100644
index 000000000..f44880003
--- /dev/null
+++ b/patches/source/glibc/glibc.c69d4a0f.diff
@@ -0,0 +1,201 @@
+From c69d4a0f680a24fdbe323764a50382ad324041e9 Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fweimer@redhat.com>
+Date: Mon, 19 Jun 2017 22:32:12 +0200
+Subject: [PATCH] ld.so: Reject overly long LD_AUDIT path elements
+
+Also only process the last LD_AUDIT entry.
+
+(cherry picked from commit 81b82fb966ffbd94353f793ad17116c6088dedd9)
+
+diff --git a/elf/rtld.c b/elf/rtld.c
+index 4badcf6..369724b 100644
+--- a/elf/rtld.c
++++ b/elf/rtld.c
+@@ -129,13 +129,91 @@ dso_name_valid_for_suid (const char *p)
+ return *p != '\0';
+ }
+
+-/* List of auditing DSOs. */
++/* LD_AUDIT variable contents. Must be processed before the
++ audit_list below. */
++const char *audit_list_string;
++
++/* Cyclic list of auditing DSOs. audit_list->next is the first
++ element. */
+ static struct audit_list
+ {
+ const char *name;
+ struct audit_list *next;
+ } *audit_list;
+
++/* Iterator for audit_list_string followed by audit_list. */
++struct audit_list_iter
++{
++ /* Tail of audit_list_string still needing processing, or NULL. */
++ const char *audit_list_tail;
++
++ /* The list element returned in the previous iteration. NULL before
++ the first element. */
++ struct audit_list *previous;
++
++ /* Scratch buffer for returning a name which is part of
++ audit_list_string. */
++ char fname[SECURE_NAME_LIMIT];
++};
++
++/* Initialize an audit list iterator. */
++static void
++audit_list_iter_init (struct audit_list_iter *iter)
++{
++ iter->audit_list_tail = audit_list_string;
++ iter->previous = NULL;
++}
++
++/* Iterate through both audit_list_string and audit_list. */
++static const char *
++audit_list_iter_next (struct audit_list_iter *iter)
++{
++ if (iter->audit_list_tail != NULL)
++ {
++ /* First iterate over audit_list_string. */
++ while (*iter->audit_list_tail != '\0')
++ {
++ /* Split audit list at colon. */
++ size_t len = strcspn (iter->audit_list_tail, ":");
++ if (len > 0 && len < sizeof (iter->fname))
++ {
++ memcpy (iter->fname, iter->audit_list_tail, len);
++ iter->fname[len] = '\0';
++ }
++ else
++ /* Do not return this name to the caller. */
++ iter->fname[0] = '\0';
++
++ /* Skip over the substring and the following delimiter. */
++ iter->audit_list_tail += len;
++ if (*iter->audit_list_tail == ':')
++ ++iter->audit_list_tail;
++
++ /* If the name is valid, return it. */
++ if (dso_name_valid_for_suid (iter->fname))
++ return iter->fname;
++ /* Otherwise, wrap around and try the next name. */
++ }
++ /* Fall through to the procesing of audit_list. */
++ }
++
++ if (iter->previous == NULL)
++ {
++ if (audit_list == NULL)
++ /* No pre-parsed audit list. */
++ return NULL;
++ /* Start of audit list. The first list element is at
++ audit_list->next (cyclic list). */
++ iter->previous = audit_list->next;
++ return iter->previous->name;
++ }
++ if (iter->previous == audit_list)
++ /* Cyclic list wrap-around. */
++ return NULL;
++ iter->previous = iter->previous->next;
++ return iter->previous->name;
++}
++
+ #ifndef HAVE_INLINED_SYSCALLS
+ /* Set nonzero during loading and initialization of executable and
+ libraries, cleared before the executable's entry point runs. This
+@@ -1303,11 +1381,13 @@ of this helper program; chances are you did not intend to run this program.\n\
+ GL(dl_rtld_map).l_tls_modid = _dl_next_tls_modid ();
+
+ /* If we have auditing DSOs to load, do it now. */
+- if (__glibc_unlikely (audit_list != NULL))
++ bool need_security_init = true;
++ if (__glibc_unlikely (audit_list != NULL)
++ || __glibc_unlikely (audit_list_string != NULL))
+ {
+- /* Iterate over all entries in the list. The order is important. */
+ struct audit_ifaces *last_audit = NULL;
+- struct audit_list *al = audit_list->next;
++ struct audit_list_iter al_iter;
++ audit_list_iter_init (&al_iter);
+
+ /* Since we start using the auditing DSOs right away we need to
+ initialize the data structures now. */
+@@ -1318,9 +1398,14 @@ of this helper program; chances are you did not intend to run this program.\n\
+ use different values (especially the pointer guard) and will
+ fail later on. */
+ security_init ();
++ need_security_init = false;
+
+- do
++ while (true)
+ {
++ const char *name = audit_list_iter_next (&al_iter);
++ if (name == NULL)
++ break;
++
+ int tls_idx = GL(dl_tls_max_dtv_idx);
+
+ /* Now it is time to determine the layout of the static TLS
+@@ -1329,7 +1414,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ no DF_STATIC_TLS bit is set. The reason is that we know
+ glibc will use the static model. */
+ struct dlmopen_args dlmargs;
+- dlmargs.fname = al->name;
++ dlmargs.fname = name;
+ dlmargs.map = NULL;
+
+ const char *objname;
+@@ -1342,7 +1427,7 @@ of this helper program; chances are you did not intend to run this program.\n\
+ not_loaded:
+ _dl_error_printf ("\
+ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+- al->name, err_str);
++ name, err_str);
+ if (malloced)
+ free ((char *) err_str);
+ }
+@@ -1446,10 +1531,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ goto not_loaded;
+ }
+ }
+-
+- al = al->next;
+ }
+- while (al != audit_list->next);
+
+ /* If we have any auditing modules, announce that we already
+ have two objects loaded. */
+@@ -1713,7 +1795,7 @@ ERROR: ld.so: object '%s' cannot be loaded as audit interface: %s; ignored.\n",
+ if (tcbp == NULL)
+ tcbp = init_tls ();
+
+- if (__glibc_likely (audit_list == NULL))
++ if (__glibc_likely (need_security_init))
+ /* Initialize security features. But only if we have not done it
+ earlier. */
+ security_init ();
+@@ -2344,9 +2426,7 @@ process_dl_audit (char *str)
+ char *p;
+
+ while ((p = (strsep) (&str, ":")) != NULL)
+- if (p[0] != '\0'
+- && (__builtin_expect (! __libc_enable_secure, 1)
+- || strchr (p, '/') == NULL))
++ if (dso_name_valid_for_suid (p))
+ {
+ /* This is using the local malloc, not the system malloc. The
+ memory can never be freed. */
+@@ -2410,7 +2490,7 @@ process_envvars (enum mode *modep)
+ break;
+ }
+ if (memcmp (envline, "AUDIT", 5) == 0)
+- process_dl_audit (&envline[6]);
++ audit_list_string = &envline[6];
+ break;
+
+ case 7:
+--
+2.9.3
+
+
diff --git a/patches/source/glibc/glibc.ldd.trace.through.dynamic.linker.diff b/patches/source/glibc/glibc.ldd.trace.through.dynamic.linker.diff
new file mode 100644
index 000000000..6b1f5c843
--- /dev/null
+++ b/patches/source/glibc/glibc.ldd.trace.through.dynamic.linker.diff
@@ -0,0 +1,49 @@
+2009-11-08 Aurelien Jarno <aurelien@aurel32.net>
+
+ * elf/ldd.bash.in: also handle error code 126 (ld.so non
+ executable). Always trace dynamic library dependencies through
+ the dynamic linker.
+
+--- a/elf/ldd.bash.in
++++ b/elf/ldd.bash.in
+@@ -153,8 +153,6 @@ for file do
+ echo "ldd: ${file}:" $"not regular file" >&2
+ result=1
+ elif test -r "$file"; then
+- test -x "$file" || echo 'ldd:' $"\
+-warning: you do not have execution permission for" "\`$file'" >&2
+ RTLD=
+ ret=1
+ for rtld in ${RTLDLIST}; do
+@@ -167,28 +165,16 @@ warning: you do not have execution permission for" "\`$file'" >&2
+ fi
+ done
+ case $ret in
+- 0)
+- # If the program exits with exit code 5, it means the process has been
+- # invoked with __libc_enable_secure. Fall back to running it through
+- # the dynamic linker.
+- try_trace "$file"
+- rc=$?
+- if [ $rc = 5 ]; then
+- try_trace "$RTLD" "$file"
+- rc=$?
+- fi
+- [ $rc = 0 ] || result=1
++ 0|2)
++ try_trace "$RTLD" "$file" || result=1
+ ;;
+- 1)
++ 1|126)
+ # This can be a non-ELF binary or no binary at all.
+ nonelf "$file" || {
+ echo $" not a dynamic executable"
+ result=1
+ }
+ ;;
+- 2)
+- try_trace "$RTLD" "$file" || result=1
+- ;;
+ *)
+ echo 'ldd:' ${RTLD} $"exited with unknown exit code" "($ret)" >&2
+ exit 1
diff --git a/patches/source/glibc/glibc.locale.no-archive.diff b/patches/source/glibc/glibc.locale.no-archive.diff
new file mode 100644
index 000000000..bf1a83b71
--- /dev/null
+++ b/patches/source/glibc/glibc.locale.no-archive.diff
@@ -0,0 +1,10 @@
+--- ./localedata/Makefile.orig 2003-11-20 15:31:38.000000000 -0800
++++ ./localedata/Makefile 2004-08-03 17:20:54.000000000 -0700
+@@ -222,6 +222,7 @@
+ echo -n '...'; \
+ input=`echo $$locale | sed 's/\([^.]*\)[^@]*\(.*\)/\1\2/'`; \
+ $(LOCALEDEF) --alias-file=../intl/locale.alias \
++ --no-archive \
+ -i locales/$$input -c -f charmaps/$$charset \
+ $(addprefix --prefix=,$(install_root)) $$locale; \
+ echo ' done'; \
diff --git a/patches/source/glibc/glibc.make-3.82.diff b/patches/source/glibc/glibc.make-3.82.diff
new file mode 100644
index 000000000..56b0675b3
--- /dev/null
+++ b/patches/source/glibc/glibc.make-3.82.diff
@@ -0,0 +1,28 @@
+Submitted By: Matt Burgess <matthew_at_linuxfromscratch_dot_org>
+Date: 2010-07-26
+Initial Package Version: 2.11.2
+Upstream Status: Not submitted
+Origin: Denis Onischenko
+ (http://www.mail-archive.com/help-make@gnu.org/msg08847.html)
+Description: Fixes an incompatibility with Make-3.82.
+
+diff -Naur glibc-2.11.2.orig/manual/Makefile glibc-2.11.2/manual/Makefile
+--- glibc-2.11.2.orig/manual/Makefile 2010-05-19 20:38:20.000000000 +0000
++++ glibc-2.11.2/manual/Makefile 2010-07-26 06:51:27.049899308 +0000
+@@ -232,9 +232,13 @@
+ .PHONY: stubs
+ stubs: $(objpfx)stubs
+ endif
+-$(objpfx)stubs ../po/manual.pot $(objpfx)stamp%:
+- $(make-target-directory)
+- touch $@
++$(objpfx)stubs ../po/manual.pot:
++ $(make-target-directory)
++ touch $@
++
++$(objpfx)stamp%:
++ $(make-target-directory)
++ touch $@
+
+ # Make the target directory if it doesn't exist, using the `mkinstalldirs'
+ # script that does `mkdir -p' even if `mkdir' doesn't support that flag.
diff --git a/patches/source/glibc/glibc.revert.to.fix.build.breakages.diff b/patches/source/glibc/glibc.revert.to.fix.build.breakages.diff
new file mode 100644
index 000000000..9c8e93b9b
--- /dev/null
+++ b/patches/source/glibc/glibc.revert.to.fix.build.breakages.diff
@@ -0,0 +1,13 @@
+--- ./sysdeps/unix/sysv/linux/bits/socket.h.orig 2008-07-27 03:25:30.000000000 -0500
++++ ./sysdeps/unix/sysv/linux/bits/socket.h 2009-02-24 17:38:52.000000000 -0600
+@@ -26,8 +26,9 @@
+ #endif
+
+ #define __need_size_t
++#define __need_NULL
+ #include <stddef.h>
+-
++#include <limits.h>
+ #include <sys/types.h>
+
+ /* Type for length arguments in socket calls. */
diff --git a/patches/source/glibc/glibc.ru_RU.CP1251.diff b/patches/source/glibc/glibc.ru_RU.CP1251.diff
new file mode 100644
index 000000000..376cf76a7
--- /dev/null
+++ b/patches/source/glibc/glibc.ru_RU.CP1251.diff
@@ -0,0 +1,10 @@
+--- ./localedata/SUPPORTED.orig 2005-07-17 20:50:35.000000000 -0500
++++ ./localedata/SUPPORTED 2006-08-22 01:33:09.000000000 -0500
+@@ -270,6 +270,7 @@
+ ro_RO/ISO-8859-2 \
+ ru_RU.KOI8-R/KOI8-R \
+ ru_RU.UTF-8/UTF-8 \
++ru_RU.CP1251/CP1251 \
+ ru_RU/ISO-8859-5 \
+ ru_UA.UTF-8/UTF-8 \
+ ru_UA/KOI8-U \
diff --git a/patches/source/glibc/is_IS.diff b/patches/source/glibc/is_IS.diff
new file mode 100644
index 000000000..52a99696c
--- /dev/null
+++ b/patches/source/glibc/is_IS.diff
@@ -0,0 +1,19 @@
+--- ./localedata/locales/is_IS.orig 2007-09-30 17:30:17.000000000 -0500
++++ ./localedata/locales/is_IS 2006-07-30 17:19:43.000000000 -0500
+@@ -947,6 +947,7 @@
+ <UE00D> IGNORE;IGNORE;IGNORE;<UE00D>
+ <UE00E> IGNORE;IGNORE;IGNORE;<UE00E>
+ <UE00F> IGNORE;IGNORE;IGNORE;<UE00F>
++<"=> IGNORE;IGNORE;IGNORE;<"=>
+ <UE011> IGNORE;IGNORE;IGNORE;<UE011>
+ <UE012> IGNORE;IGNORE;IGNORE;<UE012>
+ <UE013> IGNORE;IGNORE;IGNORE;<UE013>
+@@ -955,6 +956,8 @@
+ <UE017> IGNORE;IGNORE;IGNORE;<UE017>
+ <UE018> IGNORE;IGNORE;IGNORE;<UE018>
+ <UE019> IGNORE;IGNORE;IGNORE;<UE019>
++<Mc> IGNORE;IGNORE;IGNORE;<Mc>
++<Fl> IGNORE;IGNORE;IGNORE;<Fl>
+ UNDEFINED IGNORE;IGNORE;IGNORE
+
+ <U0030> <U0030>;<U0030>;IGNORE;IGNORE
diff --git a/patches/source/glibc/profile.d/glibc.csh.new b/patches/source/glibc/profile.d/glibc.csh.new
new file mode 100755
index 000000000..1f33e9663
--- /dev/null
+++ b/patches/source/glibc/profile.d/glibc.csh.new
@@ -0,0 +1,9 @@
+#!/bin/csh
+# Set more relaxed (glibc-2.3.5 like) malloc() checking.
+#
+# This relaxes the default paranoia level so that it reports
+# bugs, but does not kill the questionable process. You can
+# get away with running broken programs with this setting,
+# but at a possible performance and security cost.
+#
+#setenv MALLOC_CHECK_ 1
diff --git a/patches/source/glibc/profile.d/glibc.sh.new b/patches/source/glibc/profile.d/glibc.sh.new
new file mode 100755
index 000000000..979f4879e
--- /dev/null
+++ b/patches/source/glibc/profile.d/glibc.sh.new
@@ -0,0 +1,8 @@
+#!/bin/sh
+# Set more relaxed (glibc-2.3.5 like) malloc() checking.
+#
+# This relaxes the default paranoia level so that it reports
+# bugs, but does not kill the questionable process. You can
+# get away with running broken programs with this setting,
+# but at a possible performance and security cost.
+#export MALLOC_CHECK_=1
diff --git a/patches/source/glibc/slack-desc.glibc b/patches/source/glibc/slack-desc.glibc
new file mode 100644
index 000000000..c9c35c2da
--- /dev/null
+++ b/patches/source/glibc/slack-desc.glibc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
+# leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+glibc: glibc (GNU C libraries)
+glibc:
+glibc: This package contains the GNU C libraries and header files. The GNU
+glibc: C library was written originally by Roland McGrath, and is currently
+glibc: maintained by Ulrich Drepper. Some parts of the library were
+glibc: contributed or worked on by other people.
+glibc:
+glibc: You'll need this package to compile programs.
+glibc:
+glibc:
+glibc:
diff --git a/patches/source/glibc/slack-desc.glibc-debug b/patches/source/glibc/slack-desc.glibc-debug
new file mode 100644
index 000000000..79398d0b6
--- /dev/null
+++ b/patches/source/glibc/slack-desc.glibc-debug
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
+# leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+glibc-debug: glibc-debug (GNU C libraries with debugging symbols)
+glibc-debug:
+glibc-debug: This package contains versions of the GNU C libraries with debugging
+glibc-debug: information. These are needed only if you wish to be able to step
+glibc-debug: through C library routines while debugging programs. Most debugging
+glibc-debug: efforts will not require these.
+glibc-debug: To use these libraries, set LD_LIBRARY_PATH when calling the debugger:
+glibc-debug: LD_LIBRARY_PATH=/usr/lib/debug gdb <executable>
+glibc-debug:
+glibc-debug: Or, use this approach if you need to debug a setuid binary:
+glibc-debug: su user -c "LD_LIBRARY_PATH=/usr/lib/debug gdb <executable>"
diff --git a/patches/source/glibc/slack-desc.glibc-i18n b/patches/source/glibc/slack-desc.glibc-i18n
new file mode 100644
index 000000000..1a678d98a
--- /dev/null
+++ b/patches/source/glibc/slack-desc.glibc-i18n
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
+# leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+glibc-i18n: glibc-i18n (locale files from glibc)
+glibc-i18n:
+glibc-i18n: These files go in /usr/lib/locale, /usr/share/i18n/, and
+glibc-i18n: /usr/share/locale/ to provide internationalization support.
+glibc-i18n: You'll need this package unless you will be using US English only.
+glibc-i18n:
+glibc-i18n:
+glibc-i18n:
+glibc-i18n:
+glibc-i18n:
+glibc-i18n:
diff --git a/patches/source/glibc/slack-desc.glibc-profile b/patches/source/glibc/slack-desc.glibc-profile
new file mode 100644
index 000000000..8c873fd92
--- /dev/null
+++ b/patches/source/glibc/slack-desc.glibc-profile
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
+# leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+glibc-profile: glibc-profile (GNU C libraries with profiling support)
+glibc-profile:
+glibc-profile: This package contains static versions of the GNU C libraries with
+glibc-profile: support for profiling binaries using gprof. gprof calculates how
+glibc-profile: much time a program spends in each routine which can suggest where
+glibc-profile: to concentrate efforts to improve performance.
+glibc-profile:
+glibc-profile: See the gprof man page for more details.
+glibc-profile:
+glibc-profile:
+glibc-profile:
diff --git a/patches/source/glibc/slack-desc.glibc-solibs b/patches/source/glibc/slack-desc.glibc-solibs
new file mode 100644
index 000000000..807df645a
--- /dev/null
+++ b/patches/source/glibc/slack-desc.glibc-solibs
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
+# leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+glibc-solibs: glibc-solibs (shared GNU C libraries)
+glibc-solibs:
+glibc-solibs: This package contains the shared libraries, binaries, and support
+glibc-solibs: files required to run most Linux applications linked with glibc.
+glibc-solibs:
+glibc-solibs:
+glibc-solibs:
+glibc-solibs:
+glibc-solibs:
+glibc-solibs:
+glibc-solibs:
diff --git a/patches/source/glibc/slack-desc.glibc-solibs-linuxthreads b/patches/source/glibc/slack-desc.glibc-solibs-linuxthreads
new file mode 100644
index 000000000..9efe3bf1d
--- /dev/null
+++ b/patches/source/glibc/slack-desc.glibc-solibs-linuxthreads
@@ -0,0 +1,18 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description. Line
+# up the first '|' above the ':' following the base package name, and the '|' on
+# the right side marks the last column you can put a character in. You must make
+# exactly 11 lines for the formatting to be correct. It's also customary to
+# leave one space after the ':'.
+
+ |-----handy-ruler------------------------------------------------------|
+glibc-solibs-linuxthreads: glibc-solibs-linuxthreads (LinuxThreads shared GNU C libraries)
+glibc-solibs-linuxthreads:
+glibc-solibs-linuxthreads: This package contains the shared libraries for glibc that uses
+glibc-solibs-linuxthreads: LinuxThreads, the threading implementation in Linux 2.4.x and
+glibc-solibs-linuxthreads: earlier kernels. In some cases you'll need to use these libraries
+glibc-solibs-linuxthreads: to run old binaries by setting these environment variables:
+glibc-solibs-linuxthreads: export LD_ASSUME_KERNEL=2.4.33
+glibc-solibs-linuxthreads: export LD_LIBRARY_PATH=/lib/obsolete/linuxthreads
+glibc-solibs-linuxthreads: old-program
+glibc-solibs-linuxthreads: Most users should have no need for this package. Recompile. :-)