summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'sys-libs/glibc')
-rw-r--r--sys-libs/glibc/Manifest62
-rw-r--r--sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c315
-rw-r--r--sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch30
-rw-r--r--sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch274
-rw-r--r--sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch168
-rw-r--r--sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch40
-rw-r--r--sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch39
-rw-r--r--sys-libs/glibc/files/2.15/glibc-2.15-localstatedir-backport.patch13
-rw-r--r--sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch39
-rw-r--r--sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch42
-rw-r--r--sys-libs/glibc/files/2.17/glibc-2.17-runtime-prefix.patch162
-rw-r--r--sys-libs/glibc/files/2.17/glibc-2.17-shadow-prefix.patch33
-rw-r--r--sys-libs/glibc/files/2.17/locale-gen_prefix.patch77
-rw-r--r--sys-libs/glibc/files/2.17/vdso-disable.patch34
-rw-r--r--sys-libs/glibc/files/2.17/vdso.patch17
-rw-r--r--sys-libs/glibc/files/2.19/glibc-2.19-configurable-paths.patch2115
-rw-r--r--sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch30
-rw-r--r--sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch32
-rw-r--r--sys-libs/glibc/files/2.19/glibc-2.19-vdso-disable.patch37
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-configurable-paths.patch3012
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c299
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c2
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch306
-rw-r--r--sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch20
-rw-r--r--sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch68
-rw-r--r--sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c311
-rw-r--r--sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch29
-rw-r--r--sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch283
-rw-r--r--sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch39
-rw-r--r--sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c321
-rw-r--r--sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch273
-rw-r--r--sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch273
-rw-r--r--sys-libs/glibc/files/eblits/common.eblit380
-rw-r--r--sys-libs/glibc/files/eblits/pkg_postinst.eblit27
-rw-r--r--sys-libs/glibc/files/eblits/pkg_preinst.eblit63
-rw-r--r--sys-libs/glibc/files/eblits/pkg_pretend.eblit157
-rw-r--r--sys-libs/glibc/files/eblits/pkg_setup.eblit9
-rw-r--r--sys-libs/glibc/files/eblits/src_compile.eblit24
-rw-r--r--sys-libs/glibc/files/eblits/src_configure.eblit263
-rw-r--r--sys-libs/glibc/files/eblits/src_install.eblit244
-rw-r--r--sys-libs/glibc/files/eblits/src_prepare.eblit63
-rw-r--r--sys-libs/glibc/files/eblits/src_test.eblit30
-rw-r--r--sys-libs/glibc/files/eblits/src_unpack.eblit121
-rw-r--r--sys-libs/glibc/files/nscd64
-rw-r--r--sys-libs/glibc/files/nscd.service15
-rw-r--r--sys-libs/glibc/files/nscd.tmpfilesd4
-rw-r--r--sys-libs/glibc/files/nsswitch.conf24
-rw-r--r--sys-libs/glibc/glibc-2.15-r1.ebuild233
-rw-r--r--sys-libs/glibc/glibc-2.15-r2.ebuild225
-rw-r--r--sys-libs/glibc/glibc-2.15-r3.ebuild227
-rw-r--r--sys-libs/glibc/glibc-2.17.ebuild228
-rw-r--r--sys-libs/glibc/glibc-2.19-r1.ebuild227
-rw-r--r--sys-libs/glibc/metadata.xml11
53 files changed, 11434 insertions, 0 deletions
diff --git a/sys-libs/glibc/Manifest b/sys-libs/glibc/Manifest
new file mode 100644
index 0000000..51fa4f0
--- /dev/null
+++ b/sys-libs/glibc/Manifest
@@ -0,0 +1,62 @@
+AUX 2.10/glibc-2.10-gentoo-chk_fail.c 9407 SHA256 7745c0f5d37b37959b43b41e39762fc35b877161bc5740d9d3e9a83021acbc0e SHA512 d1c51c573353b3b8ae6ab1bcc8c10eda5cad8b98fc7ab4848e4fbd8a8736174f3c3fd1b72dd80c72b1e54be78f1cae4dc1ab8130df25aa6d1495e5cbbaf3b9f6 WHIRLPOOL 32028ddeb422d89c0523fec994413e67c6afd9fcfdaf147d3d6a28bd02f8feabda9571ced4509253b7061a95bb2c16cecf94a4274671b33909ff545b1787f101
+AUX 2.10/glibc-2.10-hardened-configure-picdefault.patch 865 SHA256 b50b29f85d88011555bbcbe6046e6600be9344f2d78412b14aebdea515420774 SHA512 e0a09f77b209a72ab577fe1e62126609fdddedf3fba0eec749c4b506cdf793779b48390f055a3594892120f694291f8340c0b6f51862e94c03fd516897138be7 WHIRLPOOL d1b8e1536696350e0ed9eaf9a923daa7c004ef40ae94c1c3ba3d6cb293f1c19364cefbe8491089061124cbe26a9fded9f3d38d89f1bda56d408162e53702e8d4
+AUX 2.10/glibc-2.10-hardened-inittls-nosysenter.patch 8823 SHA256 dcf78c6524c222dbee907200a8878aff727e29d43a4962b977a16d85752e5c10 SHA512 0605b7964af87d1d6bdccea5c4d1bfe6267d4401b8bbf0c8bb689663e6bb3ef92eebad8be6c23ffdf6632a4d5e6098d8a403c3e84ffb21b5e87b5b1d1ec3512d WHIRLPOOL 635261b547883bbfbe23c802fcf97916dee823b367f96732ccecd7506dff004b87f2d36d97ed398510711330f3a53f039a14e226d20a681cc201a8c7a3450833
+AUX 2.10/glibc-2.10-hardened-ssp-compat.patch 4802 SHA256 bd6f0aa8eace0a935731749e101d5fe30210f9edb65f2f5ccd425cef581ddce4 SHA512 16fc6cbf366c3a0f476f28da8d4e465b1d894f68d33ebdb02de60d6b22bdc6341915d8529952fa4213b11c377302f18a63c462898fe0e4b13f5ec9e3ceda96c7 WHIRLPOOL 059e84269286b285261cc57846b34462524661fef3582396a6b301ee2dd156d2511c88f17f52679e4d5fd96ae0ed6673c8b75a32048e40efa87fad34da6cc066
+AUX 2.11/glibc-2.11-hardened-pie.patch 1492 SHA256 74277f76ace9cb6b408ef7c1d43a3604ae0d6c1af539055aeaeb542d2bfa2a46 SHA512 31ad12fdafc20f783bde32fa3cb477e18d19c5436309b0023284c3134f99c849b0281ea7815ae7509b96f1a88e9c24d52805044cd1c65a88a1a62eebc519a0e5 WHIRLPOOL cf3fe8c5e164623bf553487cf589f85eff28d1073e55a87ef14da716ce313bfaec0dadbf322f2e705c1d4f975458d9cbd6f2eca268a9dc5dce16e54305907aa7
+AUX 2.12/glibc-2.12-hardened-pie.patch 1542 SHA256 9d11da52900a4cfdaa9052476029cb1b4c8004dfaef3cf446f3b728035f75fbe SHA512 97abb62a72d95b07f546658846718755ed78286b11cb72b2cf6ebc809afb1e775ca860e3903f9936ee54761b6d6bb309e822957387900454dd3c66be35ba8148 WHIRLPOOL 4b9b95d1c6c6e02ba21ec43f382a1d932ed8be5ff548a828c3e9a1d945c44cb8435fd502f6c8becf6a2c19bd23c77ad003598b3b3b68b7bad5a5af79e92d6077
+AUX 2.15/glibc-2.15-localstatedir-backport.patch 412 SHA256 465bedaaf735a48825cd6433007abfb1e40c2ef8ddf94d12d452b486c70ce36b SHA512 76506a540d47ad7e76073c3b25bc46278a9e56e34e17d49caf9fffc0622646e8e0d6905fe7d00599db02f444420ed0b9d64d3d70df78446564b137fd65021e45 WHIRLPOOL f21fb6d6eb3555421f7d90b179a7a2745e7056316eacbf209066f01e742037fd283689c5a5f5a313666a2fb79d5ad0631dbada94d9c7eb958ee01217b605533a
+AUX 2.16/glibc-2.16-hardened-pie.patch 1570 SHA256 9a8d8a8268605251782b1fba509cda090f39f56edc8a5497c7b4acfc428041f7 SHA512 1dff16b1ce4ba6246336d19fac21ea6e8d5710e138a23603fa6b79896d895834b6d28bb1948c83648120ca1d038805db7dd7138ba3e28e9071254d6320cdc092 WHIRLPOOL f96487ac4bd95a99e9e70204c686c3f19bb8238cfd4a9856b031be58ac23927886f228a8b4add14213e0489a204c51ebbeb8a376311305025116b8ae45fc90c2
+AUX 2.17/glibc-2.17-hardened-pie.patch 1784 SHA256 bba32e40c73aef20122b2825f31e5c3aa058b61feae4f32f336e1941f83f82d1 SHA512 9ecfe2b6c8c982a42786181d6507d5fa588a6868109065451f58a779848837bd5e69c32a24e43a186c2ff63a9784015c51487e342c87982ac074139e36c169fc WHIRLPOOL 1baffbef9e6d870ea2f2ae5be014b71020a213a1a11e9856fa207545867de444ed164cb926b2aac23471854eaaf72a87e38760702b32bfcfa639add8733d925e
+AUX 2.17/glibc-2.17-runtime-prefix.patch 6695 SHA256 466198a1e2f92957017d3e550b806196de40a6cbf780320b3b11ac72459c19d8 SHA512 9adf787c8516ec86609bb2c1975d2d05c679199200732c141f4c8ae2724bc1b92a3981995f814542d2fed44662d7ccf560b0e9d904e27d68eafcfe3f55787a43 WHIRLPOOL 3bc2aab75168ad3a8b4b273577c3f0e71396a631f151974433187ecb3c73b0adc2ad15e9fd17334b9cb1332035c98937d302a03bc1afb3f66ff1d36d347d21f4
+AUX 2.17/glibc-2.17-shadow-prefix.patch 950 SHA256 36fa45e0e2642c6ce8809341b69e93d45d97d3b6c451a089198f7b90a5d0eb21 SHA512 3101b9814bcbd0443d309f3949024e753cb6101e84e9cbbae1502fb4c3f85c2fad041608ba69c966cb1da2cf64f5f2c0931c08db222933a2053394f7b0fabf9d WHIRLPOOL 5243b70d2d2e2d3c3c9b07eb2251bb5e78767e776c0491f91fc8499c3d807b44bdab384f7c81867373a577574999079791695eb65ed8c2da1ce5a79c8e60a5ef
+AUX 2.17/locale-gen_prefix.patch 2704 SHA256 0807c8979b7a1a63b48d155417ff8ecc7e14773e928a0d1fe6c349a36fcdadef SHA512 d6b41b953713f7fe0ba14af6d045fc0e6b649f278da691ca5f021d95be5cdabfc87de399880cf988fec2b189fac22864d004ec8d159e59a2348b41945de1d5db WHIRLPOOL 3c7d6b4e789ae494cebea620ed64a6ba8dd401837914f4ead72c7b2d6af94538c9a28f65781db7e6ae0d21c7fac13c531b71147fdb5456ffd39ae1246b331069
+AUX 2.17/vdso-disable.patch 1136 SHA256 49006855c1ba3ae3d3aa5ed71787056dc64e993eec70a4bef05bcc9f4d824014 SHA512 6eeb6eae8b8c1777ebd18170a7651b9e95297125cfc3829786c4d02887cad4a5d768fc2950723d1d040d16d15d72491d7443a3c14ca9f20eb2adb1ba6d1649ca WHIRLPOOL 80367da491b958d0b7855d23d3225a5c17a3a7a1b1f9a54ebc093c53823a5ef1642b974b45e079aec0abff0476494368ed9afcaed83b87576ed8458b8348e41e
+AUX 2.17/vdso.patch 697 SHA256 26f2089344709de9c1bdd2f974d02ff5d4c465f6ebebd5d1ac2cd72b732de201 SHA512 a303a6828ed001b16f2f5c3532890cff66a50259c2e2aa2843e992f2bed5e6141abc9e120afed25f2e1f30d77bc218c3940d680c3d73c227d2056370d5e6b806 WHIRLPOOL edcaa815b8f86e17d77f0582453a717fbbd848400bfdbd302730fec20a952a584ea8f5ba4f7175b25d84752bc895519d7baa55664073cae5037962b0c1825aa3
+AUX 2.19/glibc-2.19-configurable-paths.patch 81250 SHA256 ae15864d46cb4d5e061465249c9a9c4585961a312d61d6e9edbf8dd8a5dc8a22 SHA512 e9b4c4d48560fc4af41505996b40f3dd0023ba86a71182d965a5c0978f1ed6236311da5b990199e2916b9fc091ce374b2d346b03c133f2d8fcf7e6f07616a3fd WHIRLPOOL 67cf918f3f26b74cf34108806195465dbfe0a51b3c97a7ed19e398c093980dbb0bf5b9102f351cdd95acad58cb3b7c947a50efd593c6a161212afe2f4a9f8ac0
+AUX 2.19/glibc-2.19-hardened-configure-picdefault.patch 865 SHA256 feeb2ddc276e90f55d2fd358837e8d4922d3b2875cb8080b1d8e27e5da83a2d9 SHA512 d8e6fea72e240f1fde8a487958463140a84e8bd6bb5b176f8ce84a34df3137943db9016300884f3efdd4da130e342448e57ed0c0dc6eb2956d647286ce1d00ce WHIRLPOOL 3a5d2882b5fc1bea78c45409c848c94a260659e3ea1e28a5dc8818de8825e55453aa1cc97b86eef99c91b17bde9f2a6db1fd8ae03839f7029d93a71feaa4d4d0
+AUX 2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch 1360 SHA256 f0d8bb004f598375b61e67e1c215b15953c293038243207f2d85cbe9f10d093e SHA512 79876b12871b3e7693340bfdf99276ac0dfd6ff30bc977a9526af9e681fcbab2f25d3ac9e2b33f027c968b38a4b670237de54ffd08edc418423ecd82dddd1d67 WHIRLPOOL 5ca64dddf58a790cc5f6090ae48fc4bd4799a9aac4c67f6ef7d1fea9498208ffc38ee8167b6ec80dc97c4f723fcdfade8f573893f1b380aff04f6d0476d0d253
+AUX 2.19/glibc-2.19-vdso-disable.patch 1120 SHA256 20048700be532bd1b692471420f930951cc0be2d2c9eb2a95e895e9771a0e13c SHA512 8f52408e5acd96708e5376b3aee77d4851dbe98a7f4b2d2503d3ce5c0088bc93640023659d9e49c8c802ab33ad9f987630667bd5094e4b4aab2c48bb1183a84e WHIRLPOOL 67b6bc23ef1a90886f8860396d52b9004764f3ebefd1d48736c734db419d47402c01c9b746a16147a84b77b8510d243c63d76048c8b2a46daed8aa0acac73fe4
+AUX 2.20/glibc-2.20-configurable-paths.patch 116486 SHA256 d7fe27619225d6e2941e52bc3dd049bfffbed2cf633329ad4ae9a76150ce5f1a SHA512 e2998c66d7c84e6da8f9f24e3b710c8c62f0042a65c7af6f0a2f9cf303724d732aec753e6002ed265c95947f72534de6da9fb0681328c5f8cebbb8c8a60ac61a WHIRLPOOL 50e5984c09e76dd5ebd9172c2e560dc2ff721af23a9be0d1c24fc289af20a5a4e0bf278ec4ef878151bf1cde4d51f42d536aeefdde1f5c206d7942630c8f93a2
+AUX 2.20/glibc-2.20-gentoo-chk_fail.c 8978 SHA256 f9cc426b0fb21de1dc11bb36e43bca8e1b3114fe78f8b343f672a951a82c742e SHA512 5cb529ac9d18a315f25fd48a3a80a529924bee0588074c97e6df7dbe8568a67f786363c41da6300ea55818369e3609ed4315b2e2104f8a8b4f1266ba43076eda WHIRLPOOL 2d38c19a20226fc4687037b8bb19025065f039ddaa62466879ca98765c8899e64b147dd148565304419ed1a98fbe1f8403710b22c930b08a19bddba7e79b0f1d
+AUX 2.20/glibc-2.20-gentoo-stack_chk_fail.c 55 SHA256 ec73e74297b5eade591bfb3a2999989e2a7aa80752140048ffa67349635f05e7 SHA512 4dfec1bd17007b826110dcb73d09331a58b7a892c87de55b94480b14c28686442c567725b610082813411cf9911e180835a400a54ea704fe80f81cfba966a989 WHIRLPOOL b2b338a50f7895c530a71a19e4582bd0116a0b9d13b2e1505f0566924557493849f93cefb2c0ad1719ef684321e145129e0f72cfc9aa85a44ea7ebf910e7304c
+AUX 2.20/glibc-2.20-hardened-inittls-nosysenter.patch 9951 SHA256 992fb70b9b62674d94ef8938297a3f2591b3121495987d927f5a44c1d8788658 SHA512 a8302ee2963bd791be859233223b17cd154afbf04c13c046956bb1140d748272d7bcb3a6167ce8b61573ebcffe906dff064308374d2910656b8fad18480fe422 WHIRLPOOL b8753d6f1301650b91b5cf4f342de22010d819deb2bf4da27aac33d7540e15a140b8a7a4c5e111faba320873ed5784b22f6add29181fbaef14c3e9504b1b838f
+AUX 2.20/glibc-2.20-vdso-disable.patch 725 SHA256 476d1198e990a0beb42a7350c52c34783de33d0364ab3e11d9b74a81e027977b SHA512 2c47efc06aa93eea18e6d407c2b1cfdaa80b374bdaf7ad257ca02857aab53d7a6ec46092872d3affff2ec800f6937012571115b8c83d116084c21f8130c4fdd6 WHIRLPOOL fb919be2a23f5a240817dc8540582915cb0e0497196237a7bcd891113738b81072e96f4af4668d0ebd05094c2983c411265267bbcfc2be96c5ff33f37fe7f936
+AUX 2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch 2329 SHA256 b5cf51d1ff5479d09fbc82992f126ca4969006c90c3a2ae94ad586d4902d791b SHA512 939ec7da977837ef46aa8894f99ac06b3fccfc36dd672889b85ae8cbbfc9a963c5d0c031d776aa2feee29ddf8341b4cc7a50ea19b7c6f7e80df74eef5f1fd977 WHIRLPOOL 47d248ddba815a517aed9b7dbfa247bdedf293cb5adad8079be803ea4a682136f01b47fd3817a1696b3758c4631d1a25376bf58ef039998ace4a6b65807fe75e
+AUX 2.5/glibc-2.5-gentoo-stack_chk_fail.c 9058 SHA256 067fba2a36d2630d50198c44395ef208cdf080508f1b716bd3d079f7b964e2df SHA512 2d404bec1e009d111b775fde620102b3d0ea7614d07ba31350940f2693e937e825acc43d1ab94bad2eecac61d47c696098327096dff8f08b4b7312d0873d71a6 WHIRLPOOL bb27ef90afb256d3822787b93574d4f4f5632995663e08b7201db17a4f38f6e2a8fd6368aaf699a808cd8f7acc346625b5607dcbf1e88f8b28dcc6d3dba92399
+AUX 2.5/glibc-2.5-hardened-configure-picdefault.patch 794 SHA256 0c0359f567e4ad2d3184618bf6ac7e6102b703eab6227c7e9a4ff4dcdeed2c91 SHA512 99caace6c3528db400f8039c3f5aa65a2d5088d9758894c8a49df2b5045226a4056972de2d162411617162edd9023b6c6f80d85509638b5d68a8d0cda40adafe WHIRLPOOL 1271cea2155149e789f1242759e516443c5cf152ae9612d91d2a25a727952684eb043fbcfb38186a31fc6a1568201de5ef40af45436b137453e0582f2f6facde
+AUX 2.5/glibc-2.5-hardened-inittls-nosysenter.patch 9407 SHA256 2a912e82445815ae32744d990c59d8758ec74e482b856bd274c292848b9af1fd SHA512 6acdfad1c2395a8097500216df3aab7a96211e418b56eb07ad317c25049c30c4bd9538905f186eb6d5b9260d98423bf525ec005a283e385ba4a83e7425080b10 WHIRLPOOL a542db44162d1322b23c574e20f59c8df7a5c17ca26560a22f73da832ff1743c7f56915a7e43d5d13a6068b3b975521f6b33940309496ae62fa952cfc2cd23dd
+AUX 2.5/glibc-2.5-hardened-pie.patch 1569 SHA256 ff9cde8857c5da89faa4039e2a81748674fbeaaa49d85c378d80711d55f2b0c1 SHA512 bd026dba9df97d5a2a66c92feb8e004fcbaf69aaff489688990f9c0716e31d35654e2ad2b4f6ee8ea02259567f28a7d389cc5d43f0a77122c3f65a61fb4db112 WHIRLPOOL 888ca7bd8d4fe89961ee582bf96c141962b6702a92af663c7cb86d245f471f55b0817232744a7218dbf9d0f9eae9a8cc6a52843257c9353eef1332cf5c368e2e
+AUX 2.6/glibc-2.6-gentoo-stack_chk_fail.c 9545 SHA256 1410ded812be80d452eada5f9d6b9bd7bdb504c14f01cc27dce3e36b6f92b92a SHA512 360b77df2d19d14060e19e763878297bf042eccd5206ce4829a33c78c982b59b46144116d237a7cac73a22dd6cb4987c8dd50f1d16003baa22c2cb2942d2cbdf WHIRLPOOL 44e14dacdd258c46201a44c2c6aae4d975b960a914c24e49f2b39dae960636512049daa052d3cd8e8d93819d263327c28eac947efdb5d9e240d1bc6e9964016f
+AUX 2.6/glibc-2.6-hardened-inittls-nosysenter.patch 8674 SHA256 cf58ded8fbe9fcb3dc094521feec2588c1520ff2c632b20c69d6a210325c4fcf SHA512 094b24474e42a9714f5298b0768d44f2c0e01b7d8c3b0a754bb16caa6c024106e8c0b1acbce670bacec1ead6653f8365397173d62cb8168b946c8f521ca155d2 WHIRLPOOL 9fa16256f9d3bd2f38023549c0bd4c932d3173b6c3f4ef66e19cdb3eff5cb2def6ec02fa72a7e57ba74da6d5f29b82ddb9692d59f6c694d45b5989fa0bfa6057
+AUX 2.7/glibc-2.7-hardened-inittls-nosysenter.patch 8755 SHA256 b0b1bf0746f7160b89cf281502b95c38dec9cb948d6a50a907b84fd6230a2dc3 SHA512 50563c26e1fd2e71cb034c8a1b85e0e4075ac6467bae46d4cba0c105c940c5aa6531c39cf00c63ebf94be4e290ee485d7bd8239ff08dbc781db605b45c4aa38f WHIRLPOOL 2047148b53073bae4031ad864fc360112e2812115ec455142c82d4694a57387b49b36c98f400dd6f77f5dab3d419303faabe8183a16f0fd68387996c95888a43
+AUX eblits/common.eblit 10934 SHA256 5e12fe093156b639b308212562a92cd68a7778272efdec9c2dbcf3c6f94406fc SHA512 d8bf175a3f88dd93bf338af9ca2edda88ba0e3b0be43f5110865da58911092c7920ffa210d82b579e402bfe29545c3376a6257ede04dc5ef27dee2318a7d452f WHIRLPOOL e7e97534c857f56c5a7821372d1209f757b89981ba6e2386aedb42acb60afd72e0f27181a5246eaf94716808551f14933c11d57b54c3308a3bbdb20c7316e346
+AUX eblits/pkg_postinst.eblit 971 SHA256 abcb925bb0730d1eae22bbcee7a4ba6523280390f410f38bfdf9eb44e0280000 SHA512 65e577c77a9a488c5e93ccd4afa325ab7e3904df594c13fda17136c8aa2748fa4e6d0102f4799b4ac9b8c3bea9920faadc4db356ece9929ee708bbfa9151dfc2 WHIRLPOOL fb3cdfb702b0ce616064f94321b9225a53b300f76d95495098b6c97eb3ab1650ea2d323eae169bb8d1fd8795134aacb5c54ba6927fe743b01f124aec416b15a0
+AUX eblits/pkg_preinst.eblit 2105 SHA256 aba79a4369067615bc48429ec371ae91ccfc793ddc72cc05862b705cf63c303f SHA512 993ac0b94bae95819bf11f2ba88820bdabdc41c4c63ed25f00adb16e9e965d4206b68d316faf329ab3870a3e810183662e12e554a0150829ed026567bf9829da WHIRLPOOL 01c511f6995fc5b8cd9bf564298ab6bf6609e660fce26dff23c36081ccb72b28fdd3ba0787384c11fd126a7db0f1a0744e9396c6225b0881b9d02ee52d6eaa42
+AUX eblits/pkg_pretend.eblit 4990 SHA256 219947e495090b640ec6229b028299edc3f06ee81a130211cf91803923ccf477 SHA512 cb27a05b798ec892576239d6146403f2430c9568faad410f42933610c83c60317bcd79198be4ff9b6c08f9e13b3e0ea897a9ddb8613ccc75975fa227e3c9e26d WHIRLPOOL 613f1920a3d8f51fc6274f73d72cc2be1f3df8b5f2d5af173d050142cbea8b52da4eabe50ba28192af2f2a62c259d512d466b33b303a16648cc82e6422904ba7
+AUX eblits/pkg_setup.eblit 275 SHA256 c5de97dc69d3508555ac579e14ead694a75edf4707c1749219677ebee88ca9ab SHA512 627740976e372842b09034b79f61f5cb5d8283f47c94cfe66b2aa1517c901df0bf3b456f1ba26a9ddc0aa0215190d0415ed4f881cc950d163d8203a0e6bba2a9 WHIRLPOOL 16ef3155b35671311443f4c231c1867d12731035aa603dedb6e86eabdc1501c67183474a26bb06048e12c19ac3bda054fdb8a107792a3dddb743b6dc7d447339
+AUX eblits/src_compile.eblit 598 SHA256 3b90a6f44d307b92cee36fdd91d412bdb9fcbab555e6c6bf8174c8e3f29137ca SHA512 ee216aa3bb13f75313d141459acb47523442addf12a6bb8d829ca40eda4f63324911a13ff0ae90fe6eed1fbe0058c89308a2205c5357a0e1897a89573fea2f51 WHIRLPOOL 3bfc5406e794ee9ee4005e97aa2d40a82d77de090c72767d6b43be6993048536b4f2442bf6864157d036e7ea3fce6ba6537a97cd2afee04c61f9e98e1adc3c00
+AUX eblits/src_configure.eblit 7909 SHA256 5947f6fe819d936e0e32484a6d3f49ad7aac5e5c89333251c5659fe998c6a083 SHA512 63ef84d95c47d5881db383c4c90be03434e1c1a87db673f562ead7e6edbf694a428cdc0cf69d312159797f70fc5ac74584d7a7087b314d92dc21e452d1d66477 WHIRLPOOL e5aa3b11ac35b05ea52b077ffe16f8c5fa144a5c70dcf086569a7b6bf2daf171d552dc4a72fee65b892297af1796e80247512e17c313c4c56b6f4b7351fe8ef3
+AUX eblits/src_install.eblit 7814 SHA256 8d64a4a031263dd7c3e7ba710a5dbe51fa7004b9795fefdab55f7db273f5e89f SHA512 fb9fc62103e1803509f5910b71eb28398258433762b930c93cccb7578756599739714c41077a2d0fd81c78e8fd14fd30b384a2c141d8df801507414531062551 WHIRLPOOL 4634ef7da02f35d461027a4d5bd27bd4e888805de0713b577ac47eb1161048f929e1c52e38fc4ad8da333a2198877b82962416edfb30bbaafb9055fb658a6226
+AUX eblits/src_prepare.eblit 2231 SHA256 02e28094bb57137d0f12031dc3ed75d022df711847904f428ffea2e0bc42b778 SHA512 967e831a0390c2fb328cb69a75489f3ecddf2a3aecd3d8b95e8ef36fdced3b0b15a320245cd1274e5bf78bc49a17a862fe4af26f610c3f864418c707e7d6150a WHIRLPOOL 4855e3979903daa6b4586d5bed08a1f7806c03b9873f4b51a0b6b73254bb40eb08cb0e6329992f663f98907e8d82f485ee7f49ee4f82fd52dbfe880f8dd1fe70
+AUX eblits/src_test.eblit 698 SHA256 96b044ef9a27c2591b2a440b45bd89989022d0b41c546ce4dcea58a631315bf4 SHA512 0a46dddf53ccbfaab3f85ba7d2e8f202b4d5be98052601686592eca0ec115de29d8cb1f324ba12dcb77f3a8d4bbb39032532042b8adf809a772ebcc845b1a152 WHIRLPOOL 42af8b97859789b52a5a0c100ba109d8c3dd47532ef3f0b764c95b7a61be9d293d99de25e601dacd840c0a4cc921740b5acc2a3567b5aa3ae8ac6f88430ccf04
+AUX eblits/src_unpack.eblit 3096 SHA256 f0934fe81278797a0625fde2518f5bdf8531c75443ed3dc6ba7d18aa751cb235 SHA512 6fb32f854920ac4c0df5d60d334f4b9376b05d9b2df7d1bfac979acc3d7c282846fcce36c9816558ee75db030c3551b95f2ff26e53ea166adf97a2ae5db55abf WHIRLPOOL cee004cf4967f0b073f56ef5bbc67e56981f109400622f70cfba51ce120115f4c25ee7696a5b9baf7b22080d01d038ea936d5c342d65b7331b3801510a509123
+AUX nscd 1621 SHA256 6165db3a2fcb251d4f3655c0461e018ce9c92a37f7f22a8fd2b75178b5435bc8 SHA512 3e1255ab014b3806112120000c3d2189a7c1c69dcd6639d5ce55e96bec721683a22b141982f6a6c6d44b14481c33fbbaa470863bef04e9b9eab7ccad1ddd5d95 WHIRLPOOL b7152f8d888fca13a16ea403c44eadbf1da2249dae3add11f73999259061824460a5479aa7e58c012bd737b62ecc81814109832cee33638279d90d4c08bfdbdc
+AUX nscd.service 337 SHA256 de7bc9946309d34f0ab44aa22a4d3cf259fe91c57e8000d741cb09ecd3a6caa0 SHA512 2001100f3b054843c69b6fd2d38852c7c824282aa8998c25a3c0352db993705429d25c70d8ce6cb3579f836b7089644c520acac423ebd69cb1b36e94a77c5bea WHIRLPOOL f01d191971b0dc45f541c9ebaaa1a40f3497e2cc838cff6a20a7b1828d726c248abbd94322a5a5ff30c33ddb7d9086cd4d2ba3bdc1811fed59ff292ef3983a72
+AUX nscd.tmpfilesd 111 SHA256 f0f64c4612d2097173854d2ec2e94ecbf4b77c7a6e94d950874e37346aa90d72 SHA512 53b80b331e1a85d8ee16eb2ce547a7249e944926c3d1cdd4a47a5301a5c842ffc7ec1e3dc0a731542a8facf8261c1c57121802d01741aa89898a3476c09da340 WHIRLPOOL cf1fed1a7e2ac1623a84f1cfa2062645afe3f791da2f4ace3859d12aa05df0e282b4c2e367a460015956ac2a8d01fee4cda84917a3adf2c38561dff200335270
+AUX nsswitch.conf 503 SHA256 6c38b8642d5da884327ad678d0351d57be3621562253bd9711394bad87e45e2d SHA512 c13714110f3ccc9a2270f51d0da9293ab19b9df368092d19b1a84d5051d888297bd9439a322eca1ea60d6d5e58952797d803a368a295f2db6d5e97e173907373 WHIRLPOOL 0d37755ba5928ff894c355b3fdcf7079f19c1cb7a4f3676634084da89c74d7175823a4659b8c66d8dc1395d086991857162822ddf977dbe8dff9a59bccab821e
+DIST gcc-4.7.3-r1-multilib-bootstrap.tar.bz2 8064097 SHA256 34aec5a59bb4d0ecf908c62fd418461d0f3793238296897687305fd7a1f27299 SHA512 40b93e194ad41a75d649d84d1c49070680f253a13f0617803243bc61c44fed1ca2d0a7572a97ebb79353f312b58b5f6360be916dd7435928cc53935082e15269 WHIRLPOOL bbce19e7fe5c30faa55ddd4e29070f0d1fdfca3a04e8d68e0772260fa9be89ccde63ec92badb490209008df5fee6e53dfdeec4ae51857b90ba298a79315a199f
+DIST glibc-2.15-patches-13.tar.bz2 154658 SHA256 59c11d8b70bc406f6bc7dd87509f1c5fa05998fb0dde8e1be530064e9dd24a53 SHA512 ceec0506e10cff25ec9acce3d4e3f174d56a7cbb00993cb8edbf532f303c48e3b2d5e965e4470f537dbed23d14a29bae4ac4c834b4c11fcd27d8e66d8500e4c6 WHIRLPOOL 9dadbcd8626df9938b6b215a0618cbc605405bf56bb143f25e029c0aa00d5d6ac75877c7b2fd2a2c22291f62587cf8011c30d32baafb5ed0dd2bb539895f1c54
+DIST glibc-2.15-patches-21.tar.bz2 110297 SHA256 5553c0a37c5c0a3abb303850fa9d2ad309e2f47c3f42806c2f1dd32a48affbfe SHA512 5255ef053a2c30f9cae583133094f41604385b9d6e653a0d6aab1d13d69e6c8cbf16fde712607ab0bac738944a0410ddc050dc231ad4ea7d3584271937b0b059 WHIRLPOOL d70249c6c3c3c0a4d02c3ebbf0309bd6b3da3962231c153c77be38d217e2f57e0eba88614e34f0f219f485ba8f8474586d0059cfc505e44f312396e6a753d441
+DIST glibc-2.15-patches-23.tar.bz2 118999 SHA256 11c38082635822eb7b12d538e3b9c38ee71f6a86be6cebb59f5f2c575be93830 SHA512 ff3792a0029ea24990fe2419579472bd02119ed6a2dab28e85089d232029be5f1c18c643bcb9d577dce78a7c682bb5eee1ed3644f086b5cf19230bcf37ce8a4b WHIRLPOOL 110ddb5989bf1b66a487c9ebae03a3e62ac22b7a28b4c70d142e1c56160bdd50b9f5fa6f4dc4a28cfb28d94281c582fcfc1f60df8ae2ef4e8a946b3b06d2b1b1
+DIST glibc-2.15.tar.xz 10280176 SHA256 321ec482abdc27b03244f7b345ee22dc431bc55daf9c000a4e7b040fbdbecb50 SHA512 fc8bc407cd9edfd79bd286d28c84e0b8224e1f57c1d318e73da098a9693257d78970178fd59f487f0321a079fcb772e8e78473fab52f091b2addb0a48fe8dcf7 WHIRLPOOL 061fc0c9915bd821dc31c2fea8e4f9a75b6c7ec0c935ea713d8c087408a8bf3c600179273438f3d9748fe40b946866b2f160e6da6fee4da51e549a30d0f0ebbc
+DIST glibc-2.17-patches-7.tar.bz2 79288 SHA256 8000409d072571d2d5119d4dd538e3a3ea39213407e202ea10033bf6aed516af SHA512 c6de4d7754cec6e7a9e36d56eadc6605ba6fcfac116eb50553503738873659977beb935112d361620c35e7b15e86f845a49fd13269ffbf98c72f54dffade19f7 WHIRLPOOL 259e938e8f4ca6b7296db4982748429f00135f80cd03965da589e4318134aeddb5acdfa0f8f61871e46330a0c96eb8e734a3c2f50d564882ba37f13f722b78c5
+DIST glibc-2.17.tar.xz 10981956 SHA256 6914e337401e0e0ade23694e1b2c52a5f09e4eda3270c67e7c3ba93a89b5b23e SHA512 384e54037daaa344a26ce58242acc3f9a249d0765088d18a540a305745afa33ae6dec4024adae958eacd7100be9c713d117260ace8340f6d8c8396dbde4868d2 WHIRLPOOL 9b98c1c298aeff607aaa554341c300c15491b7314f127524fc5c048c67c5059daaf706e6cf206bb69213d5307e37bed87137ab46f504d8072bb778310081fc23
+DIST glibc-2.19-patches-3.tar.bz2 80664 SHA256 6fb03292e224199e0dd9ba7ee83aca723e1560f26831e85cdc6302b187c6de3c SHA512 d281d6a2757920124cf8a3f02b97e75192598b08d96ae48840df34c7ffdcb212952d171f233e6f12a429b19437d0a296212fe1f2eae164d6a1c6793cb3cb69f0 WHIRLPOOL 6f28a2d0dff42e8ad0e77859938e3093753f77f78821375777eebb2db5568bf1c56e8b8208f02280f23acb2dd26dc8a313fedd5b2c10755f1659e6d324a1dbc3
+DIST glibc-2.19.tar.xz 12083312 SHA256 2d3997f588401ea095a0b27227b1d50cdfdd416236f6567b564549d3b46ea2a2 SHA512 9e021fcb3afbb9ace2a0e37fded231a62de861bd766e29d47163a03182e37add718b7acc3963d1c525f9556773e842297725715acde48dcfbaab6e756af1a23d WHIRLPOOL 9581a3a23ebdd56bc559b56b95b7bcd21ca039546ec19c6c0e4e0738597542164fdb21ab1d1f36d5e73a205fb51f0974c7d497972615bce69ae002298f6475b6
+DIST glibc-ports-2.15.tar.xz 421820 SHA256 fcc271fcc3a808bf0f3aa1d144bc39b8d0d5f730aed6e206b883961515f0d1b9 SHA512 fc3c80a9a7ede0f35054e5be043fff4b967e6ef6678f42e617dd1dd498920edb4e4c785cf8e3cd97fc2914a35a892e0fd7e1aab24f0c3c8d207765a131bf3744 WHIRLPOOL a8a617eacb326615265832f86a7ef39678364b5b65d5c16d58680ec0debfbca6780018b7da9c1a86bdfffcde58aa1258b96ea4bd50b114901b522e62d48ae4a5
+EBUILD glibc-2.15-r1.ebuild 8143 SHA256 94c831d06eb6cd7c153db3267dfc7811739d90b8761751b384e85360f77e70bd SHA512 53d5b41729a282362d3447a45dd373c098e04cafddc81d7da0304b7ef56a4bf53058c4ea88763db48d3796345131f6b25cc56949770af1a628549d3e2b24af59 WHIRLPOOL 3f76b15a4db14db99afece549cd4c4982f1fbcefac313bbdf10127f10630da9c43f272ec85ee99afafeb3ab9afcf5f2eafd612386e152e3cfa08d360ca639115
+EBUILD glibc-2.15-r2.ebuild 7692 SHA256 1ee891da4bbb450ce16318877a9043773c34a7418eb49f7f684155e48ecc1b6b SHA512 4e0e5c7e85a514a0fed90a9e339eef8748e3a0f06211a93463db355b9b921337ead3f645a3fe8b99dbe2f12d1c03e2ffcad7e2dbe2909b5d97fa5486fe53215f WHIRLPOOL 84ab863b0f70cf8d40291a155f21c987e9b48dce005890e34e105bb3fed950d463f0b053fe2d7988a9b218dc3ccc9afb0c952845009b2e7e2569b28298f8e479
+EBUILD glibc-2.15-r3.ebuild 7764 SHA256 17540bbede72db02e113f556cd3c4a6873c45be1191bade644b5a78d2557c673 SHA512 b9f856356a1dad8f51a62610defce3984477e7f8265427c7e6d21c7868bb6756de4f66b16d3184fd51180155112339e33547a2348d55a2cf1059ccbdf68f0c3f WHIRLPOOL 9c36e9f55427b2cf0180db983446d572d63be309e64b42bbe3571105446f4eddaa815081faf79fe6fc639e3ddf3e3720f11e7af2e85ea19125ef561176eaeff5
+EBUILD glibc-2.17.ebuild 7668 SHA256 b6b7142b8fded3c848424eec002b0e9b15912fe03841d854377b827ea3975eb9 SHA512 0d5dafad92578139720403aa29e1406c366892cd7bdebbfa3fee8a1a4eed06009941d9a55f6f9e9f3ec035947e03d17137e6b9ecdb4061812b0254aa48d0d1a8 WHIRLPOOL 2fdb5ab665c6ac7297e2586644f121101ab84ae3a17ade1fff87be8a31e4d89096063ccb25ceadba53328a398d65240833cf2508b3fa20c42f1e4354a3f1f81d
+EBUILD glibc-2.19-r1.ebuild 7397 SHA256 c96062bad2386baf72d3e31e9858eedc5a05980fbfe90b3bc618f7027d90c80b SHA512 df34e6de33e59afb49c4c6d98bf32ce47f21c54979b2db5e21bdad8357f9e2921ab5c80f9926aeeb4cc65f010ee8407bd078ae121adedb22e8d5e6431b8123ac WHIRLPOOL f74da4cd1fbd863928551144cef903093df3db95ca7db8da982a1eede571e5cbe123700ef8d81546754cfc29a9edccd58bd42ea1d51f8cfb76a35072fc96680a
+MISC metadata.xml 521 SHA256 e89c6157189c7a76823ea61ad88e85d6c5e497855abfa03d4e044b09bd0d0955 SHA512 46d36653c75257e1091d88eed54dda553a81a246407f7ae37864e3a9f1c359560bf3d08f5946a725624804e74b1684414a729a1a3b961220dc76cdedd9a4d0ce WHIRLPOOL eb3695d1ce708f3668dc85332b4ad9de6e021b3a98c1b48c4b874d7254168ee5aff2ac6b51866b1df29f1689085ab07e97a7b39708bcffbafedb21288e01f42e
diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
new file mode 100644
index 0000000..37711e8
--- /dev/null
+++ b/sys-libs/glibc/files/2.10/glibc-2.10-gentoo-chk_fail.c
@@ -0,0 +1,315 @@
+/* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+/* Copyright (C) 2006-2008 Gentoo Foundation Inc.
+ * License terms as above.
+ *
+ * Hardened Gentoo SSP and FORTIFY handler
+ *
+ * An SSP failure handler that does not use functions from the rest of
+ * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
+ * no possibility of recursion into the handler.
+ *
+ * Direct all bug reports to http://bugs.gentoo.org/
+ *
+ * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
+ * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ *
+ * The following people contributed to the glibc-2.3 Hardened
+ * Gentoo SSP and FORTIFY handler, from which this implementation draws much:
+ *
+ * Ned Ludd - <solar[@]gentoo.org>
+ * Alexander Gabert - <pappy[@]gentoo.org>
+ * The PaX Team - <pageexec[@]freemail.hu>
+ * Peter S. Mazinger - <ps.m[@]gmx.net>
+ * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ * Robert Connolly - <robert[@]linuxfromscratch.org>
+ * Cory Visi <cory[@]visi.name>
+ * Mike Frysinger <vapier[@]gentoo.org>
+ * Magnus Granberg <zorry[@]ume.nu>
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+#include <bp-checks.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# define ENABLE_SSP_SMASH_DUMPS_CORE 1
+# if !defined _KERNEL_NSIG && !defined _NSIG
+# error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigaction && !defined __NR_rt_sigaction
+# error Cannot do syscall sigaction or rt_sigaction
+# endif
+/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+ * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+ * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+ * some reason.
+ */
+# ifdef _KERNEL_NSIG
+# define _SSP_NSIG _KERNEL_NSIG
+# else
+# define _SSP_NSIG _NSIG
+# endif
+#else
+# define _SSP_NSIG 0
+# define ENABLE_SSP_SMASH_DUMPS_CORE 0
+#endif
+
+/* Define DO_SIGACTION - default to newer rt signal interface but
+ * fallback to old as needed.
+ */
+#ifdef __NR_rt_sigaction
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
+#else
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
+#endif
+
+/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
+#if defined(__NR_socket) && defined(__NR_connect)
+# define USE_OLD_SOCKETCALL 0
+#else
+# define USE_OLD_SOCKETCALL 1
+#endif
+
+/* stub out the __NR_'s so we can let gcc optimize away dead code */
+#ifndef __NR_socketcall
+# define __NR_socketcall 0
+#endif
+#ifndef __NR_socket
+# define __NR_socket 0
+#endif
+#ifndef __NR_connect
+# define __NR_connect 0
+#endif
+#define DO_SOCKET(result, domain, type, protocol) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = domain; \
+ socketargs[1] = type; \
+ socketargs[2] = protocol; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
+ } while (0)
+#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = sockfd; \
+ socketargs[1] = (unsigned long int)serv_addr; \
+ socketargs[2] = addrlen; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
+ } while (0)
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[] = _PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static char *__progname = "<rtld>";
+#else
+extern char *__progname;
+#endif
+
+/* Common handler code, used by chk_fail
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+__attribute__ ((__noreturn__ , __always_inline__))
+static inline void
+__hardened_gentoo_chk_fail(char func[], int damaged)
+{
+#define MESSAGE_BUFSIZ 256
+ static pid_t pid;
+ static int plen, i;
+ static char message[MESSAGE_BUFSIZ];
+ static const char msg_ssa[] = ": buffer overflow attack";
+ static const char msg_inf[] = " in function ";
+ static const char msg_ssd[] = "*** buffer overflow detected ***: ";
+ static const char msg_terminated[] = " - terminated\n";
+ static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
+ static const char msg_unknown[] = "<unknown>";
+ static int log_socket, connect_result;
+ static struct sockaddr_un sock;
+ static unsigned long int socketargs[4];
+
+ /* Build socket address
+ */
+ sock.sun_family = AF_UNIX;
+ i = 0;
+ while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
+ sock.sun_path[i] = path_log[i];
+ i++;
+ }
+ sock.sun_path[i] = '\0';
+
+ /* Try SOCK_DGRAM connection to syslog */
+ connect_result = -1;
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ if (connect_result == -1) {
+ if (log_socket != -1)
+ INLINE_SYSCALL(close, 1, log_socket);
+ /* Try SOCK_STREAM connection to syslog */
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ }
+
+ /* Build message. Messages are generated both in the old style and new style,
+ * so that log watchers that are configured for the old-style message continue
+ * to work.
+ */
+#define strconcat(str) \
+ {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
+ {\
+ message[plen+i]=str[i];\
+ i++;\
+ }\
+ plen+=i;}
+
+ /* R.Henderson post-gcc-4 style message */
+ plen = 0;
+ strconcat(msg_ssd);
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+
+ /* Dr. Etoh pre-gcc-4 style message */
+ plen = 0;
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_ssa);
+ strconcat(msg_inf);
+ if (func != NULL)
+ strconcat(func)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+
+ /* Direct reports to bugs.gentoo.org */
+ plen=0;
+ strconcat(msg_report);
+ message[plen++]='\0';
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+
+ if (log_socket != -1)
+ INLINE_SYSCALL(close, 1, log_socket);
+
+ /* Suicide */
+ pid = INLINE_SYSCALL(getpid, 0);
+
+ if (ENABLE_SSP_SMASH_DUMPS_CORE) {
+ static struct sigaction default_abort_act;
+ /* Remove any user-supplied handler for SIGABRT, before using it */
+ default_abort_act.sa_handler = SIG_DFL;
+ default_abort_act.sa_sigaction = NULL;
+ __sigfillset(&default_abort_act.sa_mask);
+ default_abort_act.sa_flags = 0;
+ if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
+ INLINE_SYSCALL(kill, 2, pid, SIGABRT);
+ }
+
+ /* Note; actions cannot be added to SIGKILL */
+ INLINE_SYSCALL(kill, 2, pid, SIGKILL);
+
+ /* In case the kill didn't work, exit anyway
+ * The loop prevents gcc thinking this routine returns
+ */
+ while (1)
+ INLINE_SYSCALL(exit, 0);
+}
+
+__attribute__ ((__noreturn__))
+void __chk_fail(void)
+{
+ __hardened_gentoo_chk_fail(NULL, 0);
+}
+
diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch
new file mode 100644
index 0000000..e75ccc7
--- /dev/null
+++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-configure-picdefault.patch
@@ -0,0 +1,30 @@
+Prevent default-fPIE from confusing configure into thinking
+PIC code is default. This causes glibc to build both PIC and
+non-PIC code as normal, which on the hardened compiler generates
+PIC and PIE.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+Fixed for glibc 2.10 by Magnus Granberg <zorry@ume.nu>
+
+--- configure.in
++++ configure.in
+@@ -2145,7 +2145,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+ libc_cv_pic_default=no
+ fi
+ rm -f conftest.*])
+--- configure
++++ configure
+@@ -7698,7 +7698,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
+ libc_cv_pic_default=no
+ fi
+ rm -f conftest.*
diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
new file mode 100644
index 0000000..cb6d8e3
--- /dev/null
+++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
@@ -0,0 +1,274 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue. Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation. This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation. Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
+
+--- csu/libc-start.c
++++ csu/libc-start.c
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void);
+@@ -129,6 +130,11 @@
+ # endif
+ _dl_aux_init (auxvec);
+ # endif
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ /* Do the initial TLS initialization before _dl_osversion,
++ since the latter uses the uname syscall. */
++ __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+@@ -138,10 +144,12 @@
+ }
+ # endif
+
++# ifndef INTERNAL_SYSCALL_NOSYSENTER
+ /* Initialize the thread library at least a bit since the libgcc
+ functions are using thread functions if these are available and
+ we need to setup errno. */
+ __pthread_initialize_minimal ();
++# endif
+
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+--- csu/libc-tls.c
++++ csu/libc-tls.c
+@@ -23,6 +23,7 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+
+
+ #ifdef SHARED
+@@ -29,6 +30,9 @@
+ #error makefile bug, this file is for static only
+ #endif
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++extern void *__sbrk_nosysenter (intptr_t __delta);
++#endif
+ extern ElfW(Phdr) *_dl_phdr;
+ extern size_t _dl_phnum;
+
+@@ -141,14 +145,26 @@
+
+ The initialized value of _dl_tls_static_size is provided by dl-open.c
+ to request some surplus that permits dynamic loading of modules with
+- IE-model TLS. */
++ IE-model TLS.
++
++ Where the normal sbrk would use a syscall that needs the TLS (i386)
++ use the special non-sysenter version instead. */
+ #if TLS_TCB_AT_TP
+ tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
++# else
+ tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
++# endif
+ #elif TLS_DTV_AT_TP
+ tcb_offset = roundup (tcbsize, align ?: 1);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# else
+ tlsblock = __sbrk (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# endif
+ tlsblock += TLS_PRE_TCB_SIZE;
+ #else
+ /* In case a model with a different layout for the TCB and DTV
+--- misc/sbrk.c
++++ misc/sbrk.c
+@@ -18,6 +18,7 @@
+ #include <errno.h>
+ #include <stdint.h>
+ #include <unistd.h>
++#include <sysdep.h>
+
+ /* Defined in brk.c. */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+ If INCREMENT is negative, shrink data space by - INCREMENT.
+ Return start of new space allocated, or -1 for errors. */
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++ void *oldbrk;
++
++ /* If this is not part of the dynamic library or the library is used
++ via dynamic loading in a statically linked program update
++ __curbrk from the kernel's brk value. That way two separate
++ instances of __brk and __sbrk can share the heap, returning
++ interleaved pieces of it. */
++ if (__curbrk == NULL || __libc_multiple_libcs)
++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
++ return (void *) -1;
++
++ if (increment == 0)
++ return __curbrk;
++
++ oldbrk = __curbrk;
++ if (__brk_nosysenter (oldbrk + increment) < 0)
++ return (void *) -1;
++
++ return oldbrk;
++}
++#endif
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- sysdeps/unix/sysv/linux/i386/brk.c
++++ sysdeps/unix/sysv/linux/i386/brk.c
+@@ -31,6 +31,30 @@
+ linker. */
+ weak_alias (__curbrk, ___brk_addr)
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ * if the SYSENTER version requires the TLS (which it does on i386).
++ * Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++ void *__unbounded newbrk;
++
++ INTERNAL_SYSCALL_DECL (err);
++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
++ __ptrvalue (addr));
++
++ __curbrk = newbrk;
++
++ if (newbrk < addr)
++ {
++ __set_errno (ENOMEM);
++ return -1;
++ }
++
++ return 0;
++}
++#endif
+ int
+ __brk (void *addr)
+ {
+--- sysdeps/unix/sysv/linux/i386/sysdep.h
++++ sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+ to use int $0x80. */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ # define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+ possible to use more than four parameters. */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+@@ -384,6 +384,18 @@
+ : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
+ ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
++ ({ \
++ register unsigned int resultvar; \
++ EXTRAVAR_##nr \
++ asm volatile ( \
++ LOADARGS_NOSYSENTER_##nr \
++ "movl %1, %%eax\n\t" \
++ "int $0x80\n\t" \
++ RESTOREARGS_NOSYSENTER_##nr \
++ : "=a" (resultvar) \
++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
++ (int) resultvar; })
+ # else
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+@@ -447,12 +459,20 @@
+
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k3, %k3\n\t"
+ # define LOADARGS_5 \
+ "movl %%ebx, %4\n\t" \
+ "movl %3, %%ebx\n\t"
++# define LOADARGS_NOSYSENTER_1 \
++ "bpushl .L__X'%k2, %k2\n\t"
++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
++# define LOADARGS_NOSYSENTER_3 LOADARGS_3
++# define LOADARGS_NOSYSENTER_4 LOADARGS_3
++# define LOADARGS_NOSYSENTER_5 \
++ "movl %%ebx, %3\n\t" \
++ "movl %2, %%ebx\n\t"
+ # else
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +495,18 @@
+
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k3, %k3\n\t"
+ # define RESTOREARGS_5 \
+ "movl %4, %%ebx"
++# define RESTOREARGS_NOSYSENTER_1 \
++ "bpopl .L__X'%k2, %k2\n\t"
++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_5 \
++ "movl %3, %%ebx"
+ # else
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
diff --git a/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch
new file mode 100644
index 0000000..a1c9eef
--- /dev/null
+++ b/sys-libs/glibc/files/2.10/glibc-2.10-hardened-ssp-compat.patch
@@ -0,0 +1,168 @@
+Add backwards compat support for gcc-3.x ssp ... older ssp versions
+used __guard and __stack_smash_handler symbols while gcc-4.1 and newer
+uses __stack_chk_guard and __stack_chk_fail.
+
+--- config.h.in
++++ config.h.in
+@@ -42,6 +42,9 @@
+ assembler instructions per line. Default is `;' */
+ #undef ASM_LINE_SEP
+
++/* Define if we want to enable support for old ssp symbols */
++#undef ENABLE_OLD_SSP_COMPAT
++
+ /* Define if not using ELF, but `.init' and `.fini' sections are available. */
+ #undef HAVE_INITFINI
+
+--- configure
++++ configure
+@@ -1378,6 +1378,9 @@ Optional Features:
+ --enable-kernel=VERSION compile for compatibility with kernel not older than
+ VERSION
+ --enable-all-warnings enable all useful warnings gcc can issue
++ --disable-old-ssp-compat
++ enable support for older ssp symbols
++ [default=no]
+ --enable-multi-arch enable single DSO with optimizations for multiple
+ architectures
+ --enable-experimental-malloc
+@@ -6462,6 +6465,20 @@ fi
+ $as_echo "$libc_cv_ssp" >&6; }
+
+
++# Check whether --enable-old-ssp-compat or --disable-old-ssp-compat was given.
++if test "${enable_old_ssp_compat+set}" = set; then
++ enableval="$enable_old_ssp_compat"
++ enable_old_ssp_compat=$enableval
++else
++ enable_old_ssp_compat=no
++fi;
++if test "x$enable_old_ssp_compat" = "xyes"; then
++ cat >>confdefs.h <<\_ACEOF
++#define ENABLE_OLD_SSP_COMPAT 1
++_ACEOF
++
++fi
++
+ { $as_echo "$as_me:$LINENO: checking for -fgnu89-inline" >&5
+ $as_echo_n "checking for -fgnu89-inline... " >&6; }
+ if test "${libc_cv_gnu89_inline+set}" = set; then
+--- configure.in
++++ configure.in
+@@ -1641,6 +1641,15 @@ fi
+ rm -f conftest*])
+ AC_SUBST(libc_cv_ssp)
+
++AC_ARG_ENABLE([old-ssp-compat],
++ AC_HELP_STRING([--enable-old-ssp-compat],
++ [enable support for older ssp symbols @<:@default=no@:>@]),
++ [enable_old_ssp_compat=$enableval],
++ [enable_old_ssp_compat=no])
++if test "x$enable_old_ssp_compat" = "xyes"; then
++ AC_DEFINE(ENABLE_OLD_SSP_COMPAT)
++fi
++
+ AC_CACHE_CHECK(for -fgnu89-inline, libc_cv_gnu89_inline, [dnl
+ cat > conftest.c <<EOF
+ int foo;
+--- csu/libc-start.c
++++ csu/libc-start.c
+@@ -37,6 +37,9 @@ extern void __pthread_initialize_minimal
+ uintptr_t __stack_chk_guard attribute_relro;
+ # endif
+ #endif
++#ifdef ENABLE_OLD_SSP_COMPAT
++uintptr_t __guard attribute_relro;
++#endif
+
+ #ifdef HAVE_PTR_NTHREADS
+ /* We need atomic operations. */
+@@ -141,6 +145,9 @@ LIBC_START_MAIN (int (*main) (int, char
+
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random);
++#ifdef ENABLE_OLD_SSP_COMPAT
++ __guard = stack_chk_guard;
++#endif
+ # ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+ # else
+--- csu/Versions
++++ csu/Versions
+@@ -17,6 +17,12 @@ libc {
+ # New special glibc functions.
+ gnu_get_libc_release; gnu_get_libc_version;
+ }
++ GLIBC_2.3.2 {
++%ifdef ENABLE_OLD_SSP_COMPAT
++ # global objects and functions for the old propolice patch in gcc
++ __guard;
++%endif
++ }
+ GLIBC_PRIVATE {
+ %if HAVE___THREAD
+ # This version is for the TLS symbol, GLIBC_2.0 is the old object symbol.
+--- debug/Versions
++++ debug/Versions
+@@ -10,6 +10,12 @@ libc {
+ # These are to support some gcc features.
+ __cyg_profile_func_enter; __cyg_profile_func_exit;
+ }
++%ifdef ENABLE_OLD_SSP_COMPAT
++ GLIBC_2.3.2 {
++ # backwards ssp compat support; alias to __stack_chk_fail
++ __stack_smash_handler;
++ }
++%endif
+ GLIBC_2.3.4 {
+ __chk_fail;
+ __memcpy_chk; __memmove_chk; __mempcpy_chk; __memset_chk; __stpcpy_chk;
+--- elf/rtld.c
++++ elf/rtld.c
+@@ -89,6 +89,9 @@ INTDEF(_dl_argv)
+ in thread local area. */
+ uintptr_t __stack_chk_guard attribute_relro;
+ #endif
++#ifdef ENABLE_OLD_SSP_COMPAT
++uintptr_t __guard attribute_relro;
++#endif
+
+ /* Only exported for architectures that don't store the pointer guard
+ value in thread local area. */
+@@ -1817,6 +1821,9 @@ ERROR: ld.so: object '%s' cannot be load
+
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard (_dl_random);
++#ifdef ENABLE_OLD_SSP_COMPAT
++ __guard = stack_chk_guard;
++#endif
+ #ifdef THREAD_SET_STACK_GUARD
+ THREAD_SET_STACK_GUARD (stack_chk_guard);
+ #else
+--- elf/Versions
++++ elf/Versions
+@@ -43,6 +43,12 @@ ld {
+ # runtime interface to TLS
+ __tls_get_addr;
+ }
++%ifdef ENABLE_OLD_SSP_COMPAT
++ GLIBC_2.3.2 {
++ # backwards ssp compat support
++ __guard;
++ }
++%endif
+ GLIBC_2.4 {
+ # stack canary
+ __stack_chk_guard;
+--- Versions.def
++++ Versions.def
+@@ -109,6 +109,9 @@ ld {
+ GLIBC_2.0
+ GLIBC_2.1
+ GLIBC_2.3
++%ifdef ENABLE_OLD_SSP_COMPAT
++ GLIBC_2.3.2
++%endif
+ GLIBC_2.4
+ GLIBC_PRIVATE
+ }
diff --git a/sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch b/sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch
new file mode 100644
index 0000000..df7292f
--- /dev/null
+++ b/sys-libs/glibc/files/2.11/glibc-2.11-hardened-pie.patch
@@ -0,0 +1,40 @@
+http://bugs.gentoo.org/292139
+
+2009-11-08 Magnus Granberg <zorry@ume.nu>
+
+ * Makeconfig (+link): Set to +link-pie.
+ (+link-static): Change $(static-start-installed-name) to
+ S$(static-start-installed-name).
+ (+prector): Set to +prectorS.
+ (+postctor): Set to +postctorS.
+
+--- libc/Makeconfig
++++ libc/Makeconfig
+@@ -447,11 +447,12 @@
+ $(common-objpfx)libc% $(+postinit),$^) \
+ $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
+ endif
+++link = $(+link-pie)
+ # Command for statically linking programs with the C library.
+ ifndef +link-static
+ +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
+ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
+ $(+preinit) $(+prector) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ $(start-installed-name))\
+@@ -549,11 +550,10 @@
+ ifeq ($(elf),yes)
+ +preinit = $(addprefix $(csu-objpfx),crti.o)
+ +postinit = $(addprefix $(csu-objpfx),crtn.o)
+-+prector = `$(CC) --print-file-name=crtbegin.o`
+-+postctor = `$(CC) --print-file-name=crtend.o`
+-# Variants of the two previous definitions for linking PIE programs.
+ +prectorS = `$(CC) --print-file-name=crtbeginS.o`
+ +postctorS = `$(CC) --print-file-name=crtendS.o`
+++prector = $(+prectorS)
+++postctor = $(+postctorS)
+ +interp = $(addprefix $(elf-objpfx),interp.os)
+ endif
+ csu-objpfx = $(common-objpfx)csu/
diff --git a/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch b/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch
new file mode 100644
index 0000000..3315171
--- /dev/null
+++ b/sys-libs/glibc/files/2.12/glibc-2.12-hardened-pie.patch
@@ -0,0 +1,39 @@
+2010-08-11 Magnus Granberg <zorry@ume.nu>
+
+ #332331
+ * Makeconfig (+link): Set to +link-pie.
+ (+link-static): Change $(static-start-installed-name) to
+ S$(static-start-installed-name).
+ (+prector): Set to +prectorS.
+ (+postctor): Set to +postctorS.
+
+--- libc/Makeconfig
++++ libc/Makeconfig
+@@ -447,11 +447,12 @@
+ $(common-objpfx)libc% $(+postinit),$^) \
+ $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
+ endif
+++link = $(+link-pie)
+ # Command for statically linking programs with the C library.
+ ifndef +link-static
+ +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
+ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
+ $(+preinit) $(+prector) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ $(start-installed-name))\
+@@ -549,11 +550,10 @@
+ ifeq ($(elf),yes)
+ +preinit = $(addprefix $(csu-objpfx),crti.o)
+ +postinit = $(addprefix $(csu-objpfx),crtn.o)
+-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
+-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+-# Variants of the two previous definitions for linking PIE programs.
+ +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
+ +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
+++prector = $(+prectorS)
+++postctor = $(+postctorS)
+ +interp = $(addprefix $(elf-objpfx),interp.os)
+ endif
+ csu-objpfx = $(common-objpfx)csu/
diff --git a/sys-libs/glibc/files/2.15/glibc-2.15-localstatedir-backport.patch b/sys-libs/glibc/files/2.15/glibc-2.15-localstatedir-backport.patch
new file mode 100644
index 0000000..5f8f15a
--- /dev/null
+++ b/sys-libs/glibc/files/2.15/glibc-2.15-localstatedir-backport.patch
@@ -0,0 +1,13 @@
+Index: work/glibc-2.15/Makeconfig
+===================================================================
+--- work.orig/glibc-2.15/Makeconfig
++++ work/glibc-2.15/Makeconfig
+@@ -293,7 +293,7 @@ inst_sysconfdir = $(install_root)$(sysco
+
+ # Directory for the database files and Makefile for nss_db.
+ ifndef vardbdir
+-vardbdir = /var/db
++vardbdir = $(prefix)/var/db
+ endif
+ inst_vardbdir = $(install_root)$(vardbdir)
+
diff --git a/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch b/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch
new file mode 100644
index 0000000..a850a61
--- /dev/null
+++ b/sys-libs/glibc/files/2.16/glibc-2.16-hardened-pie.patch
@@ -0,0 +1,39 @@
+2012-11-11 Magnus Granberg <zorry@gentoo.org>
+
+ #442712
+ * Makeconfig (+link): Set to +link-pie.
+ (+link-static-before-libc): Change $(static-start-installed-name) to
+ S$(static-start-installed-name).
+ (+prector): Set to +prectorS.
+ (+postctor): Set to +postctorS.
+
+--- libc/Makeconfig
++++ libc/Makeconfig
+@@ -447,11 +447,12 @@
+ $(common-objpfx)libc% $(+postinit),$^) \
+ $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
+ endif
+++link = $(+link-pie)
+ # Command for statically linking programs with the C library.
+ ifndef +link-static
+ +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
+ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
+ $(+preinit) $(+prector) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ $(start-installed-name))\
+@@ -549,11 +550,10 @@
+ ifeq ($(elf),yes)
+ +preinit = $(addprefix $(csu-objpfx),crti.o)
+ +postinit = $(addprefix $(csu-objpfx),crtn.o)
+-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
+-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+-# Variants of the two previous definitions for linking PIE programs.
+ +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
+ +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
+++prector = $(+prectorS)
+++postctor = $(+postctorS)
+ +interp = $(addprefix $(elf-objpfx),interp.os)
+ endif
+ csu-objpfx = $(common-objpfx)csu/
diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
new file mode 100644
index 0000000..da4fb82
--- /dev/null
+++ b/sys-libs/glibc/files/2.17/glibc-2.17-hardened-pie.patch
@@ -0,0 +1,42 @@
+2012-11-11 Magnus Granberg <zorry@gentoo.org>
+
+ #442712
+ * Makeconfig (+link): Set to +link-pie.
+ (+link-static-before-libc): Change $(static-start-installed-name) to
+ S$(static-start-installed-name).
+ (+prector): Set to +prectorS.
+ (+postctor): Set to +postctorS.
+
+--- libc/Makeconfig
++++ libc/Makeconfig
+@@ -447,11 +447,12 @@
+ $(common-objpfx)libc% $(+postinit),$^) \
+ $(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
+ endif
+++link = $(+link-pie)
+ # Command for statically linking programs with the C library.
+ ifndef +link-static
+ +link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
+ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
+ $(+preinit) $(+prectorT) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ $(start-installed-name))\
+@@ -549,11 +550,10 @@
+ ifeq ($(elf),yes)
+ +preinit = $(addprefix $(csu-objpfx),crti.o)
+ +postinit = $(addprefix $(csu-objpfx),crtn.o)
+-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
+-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+-# Variants of the two previous definitions for linking PIE programs.
+ +prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
+ +postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
+++prector = $(+prectorS)
+++postctor = $(+postctorS)
+ # Variants of the two previous definitions for statically linking programs.
+ +prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
+ +postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+ +interp = $(addprefix $(elf-objpfx),interp.os)
+ endif
+ csu-objpfx = $(common-objpfx)csu/
diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-runtime-prefix.patch b/sys-libs/glibc/files/2.17/glibc-2.17-runtime-prefix.patch
new file mode 100644
index 0000000..8fc683d
--- /dev/null
+++ b/sys-libs/glibc/files/2.17/glibc-2.17-runtime-prefix.patch
@@ -0,0 +1,162 @@
+Index: glibc-2.19/sysdeps/generic/paths.h
+===================================================================
+--- glibc-2.19.orig/sysdeps/generic/paths.h
++++ glibc-2.19/sysdeps/generic/paths.h
+@@ -33,43 +33,43 @@
+ #define _PATHS_H_
+
+ /* Default search path. */
+-#define _PATH_DEFPATH "/usr/bin:/bin"
++#define _PATH_DEFPATH "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin"
+ /* All standard utilities path. */
+ #define _PATH_STDPATH \
+- "/usr/bin:/bin:/usr/sbin:/sbin"
++ "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin:@GENTOO_PORTAGE_EPREFIX@/usr/sbin:@GENTOO_PORTAGE_EPREFIX@/sbin"
+
+-#define _PATH_BSHELL "/bin/sh"
++#define _PATH_BSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/sh"
+ #define _PATH_CONSOLE "/dev/console"
+-#define _PATH_CSHELL "/bin/csh"
+-#define _PATH_DEVDB "/var/run/dev.db"
++#define _PATH_CSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/csh"
++#define _PATH_DEVDB "@GENTOO_PORTAGE_EPREFIX@/var/run/dev.db"
+ #define _PATH_DEVNULL "/dev/null"
+ #define _PATH_DRUM "/dev/drum"
+-#define _PATH_GSHADOW "/etc/gshadow"
++#define _PATH_GSHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/gshadow"
+ #define _PATH_KMEM "/dev/kmem"
+-#define _PATH_LASTLOG "/var/log/lastlog"
++#define _PATH_LASTLOG "@GENTOO_PORTAGE_EPREFIX@/var/log/lastlog"
+ #define _PATH_MAILDIR "/var/mail"
+-#define _PATH_MAN "/usr/share/man"
++#define _PATH_MAN "@GENTOO_PORTAGE_EPREFIX@/usr/share/man"
+ #define _PATH_MEM "/dev/mem"
+-#define _PATH_MNTTAB "/etc/fstab"
+-#define _PATH_MOUNTED "/var/run/mtab"
+-#define _PATH_NOLOGIN "/etc/nologin"
+-#define _PATH_PRESERVE "/var/lib"
+-#define _PATH_RWHODIR "/var/spool/rwho"
+-#define _PATH_SENDMAIL "/usr/sbin/sendmail"
+-#define _PATH_SHADOW "/etc/shadow"
+-#define _PATH_SHELLS "/etc/shells"
++#define _PATH_MNTTAB "@GENTOO_PORTAGE_EPREFIX@/etc/fstab"
++#define _PATH_MOUNTED "@GENTOO_PORTAGE_EPREFIX@/var/run/mtab"
++#define _PATH_NOLOGIN "@GENTOO_PORTAGE_EPREFIX@/etc/nologin"
++#define _PATH_PRESERVE "@GENTOO_PORTAGE_EPREFIX@/var/lib"
++#define _PATH_RWHODIR "@GENTOO_PORTAGE_EPREFIX@/var/spool/rwho"
++#define _PATH_SENDMAIL "@GENTOO_PORTAGE_EPREFIX@/usr/sbin/sendmail"
++#define _PATH_SHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/shadow"
++#define _PATH_SHELLS "@GENTOO_PORTAGE_EPREFIX@/etc/shells"
+ #define _PATH_TTY "/dev/tty"
+ #define _PATH_UNIX "/vmunix"
+-#define _PATH_UTMP "/var/run/utmp"
+-#define _PATH_UTMP_DB "/var/run/utmp.db"
+-#define _PATH_VI "/usr/bin/vi"
++#define _PATH_UTMP "@GENTOO_PORTAGE_EPREFIX@/var/run/utmp"
++#define _PATH_UTMP_DB "@GENTOO_PORTAGE_EPREFIX@/var/run/utmp.db"
++#define _PATH_VI "@GENTOO_PORTAGE_EPREFIX@/usr/bin/vi"
+ #define _PATH_WTMP "/var/log/wtmp"
+
+ /* Provide trailing slash, since mostly used for building pathnames. */
+ #define _PATH_DEV "/dev/"
+ #define _PATH_TMP "/tmp/"
+-#define _PATH_VARDB "/var/db/"
+-#define _PATH_VARRUN "/var/run/"
++#define _PATH_VARDB "@GENTOO_PORTAGE_EPREFIX@/var/db/"
++#define _PATH_VARRUN "@GENTOO_PORTAGE_EPREFIX@/var/run/"
+ #define _PATH_VARTMP "/var/tmp/"
+
+ #endif /* !_PATHS_H_ */
+Index: glibc-2.19/sysdeps/unix/sysv/linux/paths.h
+===================================================================
+--- glibc-2.19.orig/sysdeps/unix/sysv/linux/paths.h
++++ glibc-2.19/sysdeps/unix/sysv/linux/paths.h
+@@ -33,43 +33,43 @@
+ #define _PATHS_H_
+
+ /* Default search path. */
+-#define _PATH_DEFPATH "/usr/bin:/bin"
++#define _PATH_DEFPATH "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin"
+ /* All standard utilities path. */
+ #define _PATH_STDPATH \
+- "/usr/bin:/bin:/usr/sbin:/sbin"
++ "@GENTOO_PORTAGE_EPREFIX@/usr/bin:@GENTOO_PORTAGE_EPREFIX@/bin:@GENTOO_PORTAGE_EPREFIX@/usr/sbin:@GENTOO_PORTAGE_EPREFIX@/sbin"
+
+-#define _PATH_BSHELL "/bin/sh"
++#define _PATH_BSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/sh"
+ #define _PATH_CONSOLE "/dev/console"
+-#define _PATH_CSHELL "/bin/csh"
+-#define _PATH_DEVDB "/var/run/dev.db"
++#define _PATH_CSHELL "@GENTOO_PORTAGE_EPREFIX@/bin/csh"
++#define _PATH_DEVDB "@GENTOO_PORTAGE_EPREFIX@/var/run/dev.db"
+ #define _PATH_DEVNULL "/dev/null"
+ #define _PATH_DRUM "/dev/drum"
+-#define _PATH_GSHADOW "/etc/gshadow"
++#define _PATH_GSHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/gshadow"
+ #define _PATH_KLOG "/proc/kmsg"
+ #define _PATH_KMEM "/dev/kmem"
+ #define _PATH_LASTLOG "/var/log/lastlog"
+ #define _PATH_MAILDIR "/var/mail"
+-#define _PATH_MAN "/usr/share/man"
++#define _PATH_MAN "@GENTOO_PORTAGE_EPREFIX@/usr/share/man"
+ #define _PATH_MEM "/dev/mem"
+-#define _PATH_MNTTAB "/etc/fstab"
+-#define _PATH_MOUNTED "/etc/mtab"
+-#define _PATH_NOLOGIN "/etc/nologin"
+-#define _PATH_PRESERVE "/var/lib"
+-#define _PATH_RWHODIR "/var/spool/rwho"
+-#define _PATH_SENDMAIL "/usr/sbin/sendmail"
+-#define _PATH_SHADOW "/etc/shadow"
+-#define _PATH_SHELLS "/etc/shells"
++#define _PATH_MNTTAB "@GENTOO_PORTAGE_EPREFIX@/etc/fstab"
++#define _PATH_MOUNTED "@GENTOO_PORTAGE_EPREFIX@/etc/mtab"
++#define _PATH_NOLOGIN "@GENTOO_PORTAGE_EPREFIX@/etc/nologin"
++#define _PATH_PRESERVE "@GENTOO_PORTAGE_EPREFIX@/var/lib"
++#define _PATH_RWHODIR "@GENTOO_PORTAGE_EPREFIX@/var/spool/rwho"
++#define _PATH_SENDMAIL "@GENTOO_PORTAGE_EPREFIX@/usr/sbin/sendmail"
++#define _PATH_SHADOW "@GENTOO_PORTAGE_EPREFIX@/etc/shadow"
++#define _PATH_SHELLS "@GENTOO_PORTAGE_EPREFIX@/etc/shells"
+ #define _PATH_TTY "/dev/tty"
+ #define _PATH_UNIX "/boot/vmlinux"
+-#define _PATH_UTMP "/var/run/utmp"
+-#define _PATH_VI "/usr/bin/vi"
++#define _PATH_UTMP "@GENTOO_PORTAGE_EPREFIX@/var/run/utmp"
++#define _PATH_VI "@GENTOO_PORTAGE_EPREFIX@/usr/bin/vi"
+ #define _PATH_WTMP "/var/log/wtmp"
+
+ /* Provide trailing slash, since mostly used for building pathnames. */
+ #define _PATH_DEV "/dev/"
+ #define _PATH_TMP "/tmp/"
+-#define _PATH_VARDB "/var/db/"
+-#define _PATH_VARRUN "/var/run/"
++#define _PATH_VARDB "@GENTOO_PORTAGE_EPREFIX@/var/db/"
++#define _PATH_VARRUN "@GENTOO_PORTAGE_EPREFIX@/var/run/"
+ #define _PATH_VARTMP "/var/tmp/"
+
+ #endif /* !_PATHS_H_ */
+Index: glibc-2.19/sysdeps/posix/system.c
+===================================================================
+--- glibc-2.19.orig/sysdeps/posix/system.c
++++ glibc-2.19/sysdeps/posix/system.c
+@@ -26,7 +26,7 @@
+ #include <sysdep-cancel.h>
+
+
+-#define SHELL_PATH "/bin/sh" /* Path of the shell. */
++#define SHELL_PATH "@GENTOO_PORTAGE_EPREFIX@/bin/sh" /* Path of the shell. */
+ #define SHELL_NAME "sh" /* Name to give it. */
+
+
+Index: glibc-2.19/libio/iopopen.c
+===================================================================
+--- glibc-2.19.orig/libio/iopopen.c
++++ glibc-2.19/libio/iopopen.c
+@@ -222,7 +222,7 @@ _IO_new_proc_open (fp, command, mode)
+ _IO_close (fd);
+ }
+
+- _IO_execl ("/bin/sh", "sh", "-c", command, (char *) 0);
++ _IO_execl ("@GENTOO_PORTAGE_EPREFIX@/bin/sh", "sh", "-c", command, (char *) 0);
+ _IO__exit (127);
+ }
+ _IO_close (child_end);
diff --git a/sys-libs/glibc/files/2.17/glibc-2.17-shadow-prefix.patch b/sys-libs/glibc/files/2.17/glibc-2.17-shadow-prefix.patch
new file mode 100644
index 0000000..0e3979c
--- /dev/null
+++ b/sys-libs/glibc/files/2.17/glibc-2.17-shadow-prefix.patch
@@ -0,0 +1,33 @@
+Index: shadow/Makefile
+===================================================================
+--- shadow/Makefile.orig
++++ shadow/Makefile
+@@ -20,6 +20,8 @@
+ #
+ subdir := shadow
+
++include ../Makeconfig
++
+ headers = shadow.h
+ routines = getspent getspnam sgetspent fgetspent putspent \
+ getspent_r getspnam_r sgetspent_r fgetspent_r \
+@@ -34,5 +36,6 @@ CFLAGS-fgetspent_r.c = -fexceptions $(li
+ CFLAGS-putspent.c = -fexceptions $(libio-mtsafe)
+ CFLAGS-getspnam.c = -fexceptions
+ CFLAGS-getspnam_r.c = -fexceptions
++CPPFLAGS-lckpwdf.c = -DSYSCONFDIR='"$(sysconfdir)"'
+
+ include ../Rules
+Index: shadow/lckpwdf.c
+===================================================================
+--- shadow/lckpwdf.c.orig
++++ shadow/lckpwdf.c
+@@ -29,7 +29,7 @@
+
+
+ /* Name of the lock file. */
+-#define PWD_LOCKFILE "/etc/.pwd.lock"
++#define PWD_LOCKFILE SYSCONFDIR "/.pwd.lock"
+
+ /* How long to wait for getting the lock before returning with an
+ error. */
diff --git a/sys-libs/glibc/files/2.17/locale-gen_prefix.patch b/sys-libs/glibc/files/2.17/locale-gen_prefix.patch
new file mode 100644
index 0000000..f378605
--- /dev/null
+++ b/sys-libs/glibc/files/2.17/locale-gen_prefix.patch
@@ -0,0 +1,77 @@
+bug #473484
+Index: work/extra/locale/locale-gen
+===================================================================
+--- work.orig/extra/locale/locale-gen
++++ work/extra/locale/locale-gen
+@@ -8,7 +8,13 @@ unset POSIXLY_CORRECT IFS
+ umask 0022
+
+ argv0=${0##*/}
+-source /etc/init.d/functions.sh || {
++
++EPREFIX="@GENTOO_PORTAGE_EPREFIX@"
++if [[ ${EPREFIX} == "@"GENTOO_PORTAGE_EPREFIX"@" ]] ; then
++ EPREFIX=""
++fi
++
++source "${EPREFIX}"/etc/init.d/functions.sh || {
+ echo "${argv0}: Could not source /etc/init.d/functions.sh!" 1>&2
+ exit 1
+ }
+@@ -97,13 +103,14 @@ if [[ -n ${DESTDIR} ]] && [[ ${ROOT} !=
+ eerror "DESTDIR and ROOT are mutually exclusive options"
+ exit 1
+ fi
+-if [[ ${ROOT} != "/" ]] ; then
+- einfo "Using locale.gen from ROOT ${ROOT}etc/"
++: ${EROOT:="${ROOT%/}${EPREFIX}/"}
++if [[ ${EROOT} != "/" ]] ; then
++ einfo "Using locale.gen from ROOT ${EROOT}etc/"
+ fi
+ if [[ -n ${DESTDIR} ]] ; then
+ einfo "Building locales in DESTDIR '${DESTDIR}'"
+ else
+- DESTDIR=${ROOT}
++ DESTDIR=${EROOT}
+ fi
+
+ # XXX: should fix this ...
+@@ -112,7 +119,7 @@ if [[ ${ROOT} != "/" ]] ; then
+ exit 0
+ fi
+
+-: ${CONFIG:=${ROOT}etc/locale.gen}
++: ${CONFIG:=${EROOT}etc/locale.gen}
+ LOCALES=${DESTDIR}usr/share/i18n/locales
+ CHARMAPS=${DESTDIR}usr/share/i18n/charmaps
+ SUPPORTED=${DESTDIR}usr/share/i18n/SUPPORTED
+@@ -150,7 +157,10 @@ fi
+
+ # Extract the location of the locale dir on the fly as `localedef --help` has:
+ # locale path : /usr/lib64/locale:/usr/share/i18n
+-LOCALEDIR=${DESTDIR}$(LC_ALL="C" "${DESTDIR}"usr/bin/localedef --help | sed -n -e '/locale path/{s|.* : ||;s|:.*||;p}')
++# For long paths, the line may get wrapped into two, in which case space (' ') is replaced
++# by newline (\n).
++LOCALEDIR=$(LC_ALL="C" "${DESTDIR}"usr/bin/localedef --help | sed -n -r '/locale path/{N;s|.*:[ \n](.*):/.*|\1|;p}')
++LOCALEDIR="${DESTDIR}${LOCALEDIR#${EPREFIX}}"
+ if [[ $? -ne 0 ]] || [[ -z ${LOCALEDIR} ]] || [[ ${LOCALEDIR} != ${DESTDIR}/usr/lib*/locale ]] ; then
+ eerror "Unable to parse the output of your localedef utility." 1>&2
+ eerror "File a bug about this issue and include the output of 'localedef --help'." 1>&2
+@@ -160,7 +170,7 @@ fi
+
+
+ if [[ ${QUIET} -eq 0 ]] && [[ -z ${JUST_LIST} ]] && \
+- [[ -e ${ROOT}etc/locales.build ]]
++ [[ -e ${EROOT}etc/locales.build ]]
+ then
+ ewarn "You should upgrade your /etc/locales.build to /etc/locale.gen"
+ ewarn "and then remove /etc/locales.build when you're done.\n"
+@@ -280,7 +290,7 @@ generate_locale() {
+ -i "${input}" \
+ -f "${charmap}" \
+ -A "${ALIAS}" \
+- --prefix "${DESTDIR}" \
++ --prefix "${DESTDIR%${EPREFIX}/}/" \
+ "${locale}" 2>&1
+ ret=$?
+ [[ -n ${output} ]] && eend ${ret}
diff --git a/sys-libs/glibc/files/2.17/vdso-disable.patch b/sys-libs/glibc/files/2.17/vdso-disable.patch
new file mode 100644
index 0000000..0354ae9
--- /dev/null
+++ b/sys-libs/glibc/files/2.17/vdso-disable.patch
@@ -0,0 +1,34 @@
+Index: work/glibc-2.17/elf/dl-support.c
+===================================================================
+--- work.orig/glibc-2.17/elf/dl-support.c
++++ work/glibc-2.17/elf/dl-support.c
+@@ -212,16 +212,6 @@ _dl_aux_init (ElfW(auxv_t) *av)
+ case AT_HWCAP:
+ GLRO(dl_hwcap) = (unsigned long int) av->a_un.a_val;
+ break;
+-#ifdef NEED_DL_SYSINFO
+- case AT_SYSINFO:
+- GL(dl_sysinfo) = av->a_un.a_val;
+- break;
+-#endif
+-#if defined NEED_DL_SYSINFO || defined NEED_DL_SYSINFO_DSO
+- case AT_SYSINFO_EHDR:
+- GL(dl_sysinfo_dso) = (void *) av->a_un.a_val;
+- break;
+-#endif
+ case AT_UID:
+ uid ^= av->a_un.a_val;
+ seen |= 1;
+Index: work/glibc-2.17/elf/setup-vdso.h
+===================================================================
+--- work.orig/glibc-2.17/elf/setup-vdso.h
++++ work/glibc-2.17/elf/setup-vdso.h
+@@ -20,7 +20,7 @@ static inline void __attribute__ ((alway
+ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
+ struct link_map ***first_preload __attribute__ ((unused)))
+ {
+-#if defined NEED_DL_SYSINFO || defined NEED_DL_SYSINFO_DSO
++#if 0
+ if (GLRO(dl_sysinfo_dso) == NULL)
+ return;
+
diff --git a/sys-libs/glibc/files/2.17/vdso.patch b/sys-libs/glibc/files/2.17/vdso.patch
new file mode 100644
index 0000000..eb9a492
--- /dev/null
+++ b/sys-libs/glibc/files/2.17/vdso.patch
@@ -0,0 +1,17 @@
+Index: glibc-2.17/sysdeps/unix/sysv/linux/x86_64/gettimeofday.c
+===================================================================
+--- glibc-2.17.orig/sysdeps/unix/sysv/linux/x86_64/gettimeofday.c
++++ glibc-2.17/sysdeps/unix/sysv/linux/x86_64/gettimeofday.c
+@@ -28,11 +28,7 @@ void *gettimeofday_ifunc (void) __asm__
+ void *
+ gettimeofday_ifunc (void)
+ {
+- PREPARE_VERSION (linux26, "LINUX_2.6", 61765110);
+-
+- /* If the vDSO is not available we fall back on the old vsyscall. */
+- return (_dl_vdso_vsym ("__vdso_gettimeofday", &linux26)
+- ?: (void *) VSYSCALL_ADDR_vgettimeofday);
++ return (void *) VSYSCALL_ADDR_vgettimeofday;
+ }
+ asm (".type __gettimeofday, %gnu_indirect_function");
+
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-configurable-paths.patch b/sys-libs/glibc/files/2.19/glibc-2.19-configurable-paths.patch
new file mode 100644
index 0000000..1cf906a
--- /dev/null
+++ b/sys-libs/glibc/files/2.19/glibc-2.19-configurable-paths.patch
@@ -0,0 +1,2115 @@
+Index: glibc-2.19/nis/Makefile
+===================================================================
+--- glibc-2.19.orig/nis/Makefile
++++ glibc-2.19/nis/Makefile
+@@ -58,6 +58,11 @@ libnsl-routines = yp_xdr ypclnt ypupdate
+ nis_clone_res nss-default
+
+ libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups)
++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"'
++CPPFLAGS-compat-grp.c = $(SYSCONF-FLAGS)
++CPPFLAGS-compat-pwd.c = $(SYSCONF-FLAGS)
++CPPFLAGS-compat-spwd.c = $(SYSCONF-FLAGS)
++CPPFLAGS-compat-initgroups.c = $(SYSCONF-FLAGS)
+ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
+
+ libnss_nis-routines := $(addprefix nis-,$(databases)) nis-initgroups \
+Index: glibc-2.19/nis/nss_compat/compat-grp.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_compat/compat-grp.c
++++ glibc-2.19/nis/nss_compat/compat-grp.c
+@@ -120,7 +120,7 @@ internal_setgrent (ent_t *ent, int stayo
+
+ if (ent->stream == NULL)
+ {
+- ent->stream = fopen ("/etc/group", "rme");
++ ent->stream = fopen (SYSCONFDIR "/group", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.19/nis/nss_compat/compat-initgroups.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_compat/compat-initgroups.c
++++ glibc-2.19/nis/nss_compat/compat-initgroups.c
+@@ -136,7 +136,7 @@ internal_setgrent (ent_t *ent)
+ else
+ ent->blacklist.current = 0;
+
+- ent->stream = fopen ("/etc/group", "rme");
++ ent->stream = fopen (SYSCONFDIR "/group", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.19/nis/nss_compat/compat-pwd.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_compat/compat-pwd.c
++++ glibc-2.19/nis/nss_compat/compat-pwd.c
+@@ -235,7 +235,7 @@ internal_setpwent (ent_t *ent, int stayo
+
+ if (ent->stream == NULL)
+ {
+- ent->stream = fopen ("/etc/passwd", "rme");
++ ent->stream = fopen (SYSCONFDIR "/passwd", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.19/nis/nss_compat/compat-spwd.c
+===================================================================
+--- glibc-2.19.orig/nis/nss_compat/compat-spwd.c
++++ glibc-2.19/nis/nss_compat/compat-spwd.c
+@@ -191,7 +191,7 @@ internal_setspent (ent_t *ent, int stayo
+
+ if (ent->stream == NULL)
+ {
+- ent->stream = fopen ("/etc/shadow", "rme");
++ ent->stream = fopen (SYSCONFDIR "/shadow", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.19/nss/Makefile
+===================================================================
+--- glibc-2.19.orig/nss/Makefile
++++ glibc-2.19/nss/Makefile
+@@ -39,6 +39,8 @@ extra-objs += $(makedb-modules:=.o)
+
+ tests = test-netdb tst-nss-test1 test-digits-dots
+ xtests = bug-erange
++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"'
++CPPFLAGS-bug-erange.c = $(SYSCONF-FLAGS)
+
+ include ../Makeconfig
+
+@@ -57,6 +59,8 @@ vpath %.c $(subdir-dirs) ../locale/progr
+
+ libnss_files-routines := $(addprefix files-,$(databases)) \
+ files-initgroups files-have_o_cloexec files-init
++CPPFLAGS-files-init.c = $(SYSCONF-FLAGS)
++CPPFLAGS-files-initgroups.c = $(SYSCONF-FLAGS)
+
+ libnss_db-dbs := $(addprefix db-,\
+ $(filter-out hosts network key alias,\
+@@ -102,7 +106,7 @@ $(libnss_db-dbs:%=$(objpfx)%.c): $(objpf
+
+ $(objpfx)makedb: $(makedb-modules:%=$(objpfx)%.o)
+
+-$(inst_vardbdir)/Makefile: db-Makefile $(+force)
++$(inst_vardbdir)/Makefile: $(objpfx)db-Makefile $(+force)
+ $(do-install)
+
+ CFLAGS-nss_test1.c = -DNOT_IN_libc=1
+Index: glibc-2.19/nss/bug-erange.c
+===================================================================
+--- glibc-2.19.orig/nss/bug-erange.c
++++ glibc-2.19/nss/bug-erange.c
+@@ -37,7 +37,7 @@ main (void)
+ {
+ printf ("gethostbyname_r failed: %s (errno: %m)\n", strerror (res));
+
+- if (access ("/etc/resolv.conf", R_OK))
++ if (access (SYSCONFDIR "/resolv.conf", R_OK))
+ {
+ puts ("DNS probably not set up");
+ return 0;
+Index: glibc-2.19/nss/nss_files/files-init.c
+===================================================================
+--- glibc-2.19.orig/nss/nss_files/files-init.c
++++ glibc-2.19/nss/nss_files/files-init.c
+@@ -35,33 +35,33 @@ static union \
+ } \
+ }
+
+-TF (pwd, "/etc/passwd");
+-TF (grp, "/etc/group");
+-TF (hst, "/etc/hosts");
+-TF (resolv, "/etc/resolv.conf", .call_res_init = 1);
+-TF (serv, "/etc/services");
+-TF (netgr, "/etc/netgroup");
++TF (pwd, SYSCONFDIR "/passwd");
++TF (grp, SYSCONFDIR "/group");
++TF (hst, SYSCONFDIR "/hosts");
++TF (resolv, SYSCONFDIR "/resolv.conf", .call_res_init = 1);
++TF (serv, SYSCONFDIR "/services");
++TF (netgr, SYSCONFDIR "/netgroup");
+
+
+ void
+ _nss_files_init (void (*cb) (size_t, struct traced_file *))
+ {
+- strcpy (pwd_traced_file.file.fname, "/etc/passwd");
++ strcpy (pwd_traced_file.file.fname, SYSCONFDIR "/passwd");
+ cb (pwddb, &pwd_traced_file.file);
+
+- strcpy (grp_traced_file.file.fname, "/etc/group");
++ strcpy (grp_traced_file.file.fname, SYSCONFDIR "/group");
+ cb (grpdb, &grp_traced_file.file);
+
+- strcpy (hst_traced_file.file.fname, "/etc/hosts");
++ strcpy (hst_traced_file.file.fname, SYSCONFDIR "/hosts");
+ cb (hstdb, &hst_traced_file.file);
+
+- strcpy (resolv_traced_file.file.fname, "/etc/resolv.conf");
++ strcpy (resolv_traced_file.file.fname, SYSCONFDIR "/resolv.conf");
+ cb (hstdb, &resolv_traced_file.file);
+
+- strcpy (serv_traced_file.file.fname, "/etc/services");
++ strcpy (serv_traced_file.file.fname, SYSCONFDIR "/services");
+ cb (servdb, &serv_traced_file.file);
+
+- strcpy (netgr_traced_file.file.fname, "/etc/netgroup");
++ strcpy (netgr_traced_file.file.fname, SYSCONFDIR "/netgroup");
+ cb (netgrdb, &netgr_traced_file.file);
+ }
+
+Index: glibc-2.19/nss/nss_files/files-initgroups.c
+===================================================================
+--- glibc-2.19.orig/nss/nss_files/files-initgroups.c
++++ glibc-2.19/nss/nss_files/files-initgroups.c
+@@ -31,7 +31,7 @@ _nss_files_initgroups_dyn (const char *u
+ long int *size, gid_t **groupsp, long int limit,
+ int *errnop)
+ {
+- FILE *stream = fopen ("/etc/group", "rce");
++ FILE *stream = fopen (SYSCONFDIR "/group", "rce");
+ if (stream == NULL)
+ {
+ *errnop = errno;
+Index: glibc-2.19/nss/db-Makefile
+===================================================================
+--- glibc-2.19.orig/nss/db-Makefile
++++ /dev/null
+@@ -1,166 +0,0 @@
+-# Makefile to (re-)generate db versions of system database files.
+-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+-# This file is part of the GNU C Library.
+-# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
+-#
+-
+-# The GNU C Library is free software; you can redistribute it and/or
+-# modify it under the terms of the GNU Lesser General Public
+-# License as published by the Free Software Foundation; either
+-# version 2.1 of the License, or (at your option) any later version.
+-
+-# The GNU C Library is distributed in the hope that it will be useful,
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+-# Lesser General Public License for more details.
+-
+-# You should have received a copy of the GNU Lesser General Public
+-# License along with the GNU C Library; if not, see
+-# <http://www.gnu.org/licenses/>.
+-
+-DATABASES = $(wildcard /etc/passwd /etc/group /etc/ethers /etc/protocols \
+- /etc/rpc /etc/services /etc/shadow /etc/gshadow \
+- /etc/netgroup)
+-
+-VAR_DB = /var/db
+-
+-AWK = awk
+-MAKEDB = makedb --quiet
+-
+-all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES)))
+-
+-
+-$(VAR_DB)/passwd.db: /etc/passwd
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$3; print }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/group.db: /etc/group
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$3; print; \
+- if ($$4 != "") { \
+- split($$4, grmems, ","); \
+- for (memidx in grmems) { \
+- mem=grmems[memidx]; \
+- if (members[mem] == "") \
+- members[mem]=$$3; \
+- else \
+- members[mem]=members[mem] "," $$3; \
+- } \
+- delete grmems; } } \
+- END { for (mem in members) \
+- printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/ethers.db: /etc/ethers
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) '/^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$2; print }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/protocols.db: /etc/protocols
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) '/^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$2; print; \
+- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
+- { printf ".%s ", $$i; print } }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/rpc.db: /etc/rpc
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) '/^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$2; print; \
+- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
+- { printf ".%s ", $$i; print } }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/services.db: /etc/services
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS="[ \t/]+" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { sub(/[ \t]*#.*$$/, "");\
+- printf ":%s/%s ", $$1, $$3; print; \
+- printf ":%s/ ", $$1; print; \
+- printf "=%s/%s ", $$2, $$3; print; \
+- printf "=%s/ ", $$2; print; \
+- for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \
+- { printf ":%s/%s ", $$i, $$3; print; \
+- printf ":%s/ ", $$i; print } }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/shadow.db: /etc/shadow
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
+- (umask 077 && $(MAKEDB) -o $@ -)
+- @echo "done."
+- @if chgrp shadow $@ 2>/dev/null; then \
+- chmod g+r $@; \
+- else \
+- chown 0 $@; chgrp 0 $@; chmod 600 $@; \
+- echo; \
+- echo "Warning: The shadow password database $@"; \
+- echo "has been set to be readable only by root. You may want"; \
+- echo "to make it readable by the \`shadow' group depending"; \
+- echo "on your configuration."; \
+- echo; \
+- fi
+-
+-$(VAR_DB)/gshadow.db: /etc/gshadow
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
+- (umask 077 && $(MAKEDB) -o $@ -)
+- @echo "done."
+- @if chgrp shadow $@ 2>/dev/null; then \
+- chmod g+r $@; \
+- else \
+- chown 0 $@; chgrp 0 $@; chmod 600 $@; \
+- echo; \
+- echo "Warning: The shadow group database $@"; \
+- echo "has been set to be readable only by root. You may want"; \
+- echo "to make it readable by the \`shadow' group depending"; \
+- echo "on your configuration."; \
+- echo; \
+- fi
+-
+-$(VAR_DB)/netgroup.db: /etc/netgroup
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { ini=1 } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \
+- else end=""; \
+- gsub(/[ \t]+/, " "); \
+- sub(/^[ \t]*/, ""); \
+- if (ini == 0) printf "%s%s", $$0, end; \
+- else printf ".%s %s%s", $$1, $$0, end; \
+- ini=end == "" ? 0 : 1; } \
+- END { if (ini==0) printf "\n" }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+Index: glibc-2.19/nss/db-Makefile.in
+===================================================================
+--- /dev/null
++++ glibc-2.19/nss/db-Makefile.in
+@@ -0,0 +1,173 @@
++
++# Makefile to (re-)generate db versions of system database files.
++# Copyright (C) 1996-2014 Free Software Foundation, Inc.
++# This file is part of the GNU C Library.
++# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
++#
++
++# The GNU C Library is free software; you can redistribute it and/or
++# modify it under the terms of the GNU Lesser General Public
++# License as published by the Free Software Foundation; either
++# version 2.1 of the License, or (at your option) any later version.
++
++# The GNU C Library is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# Lesser General Public License for more details.
++
++# You should have received a copy of the GNU Lesser General Public
++# License along with the GNU C Library; if not, see
++# <http://www.gnu.org/licenses/>.
++
++DATABASES = $(wildcard @libc_cv_sysconfdir@/passwd \
++ @libc_cv_sysconfdir@/group \
++ @libc_cv_sysconfdir@/ethers \
++ @libc_cv_sysconfdir@/protocols \
++ @libc_cv_sysconfdir@/rpc \
++ @libc_cv_sysconfdir@/services \
++ @libc_cv_sysconfdir@/shadow \
++ @libc_cv_sysconfdir@/gshadow \
++ @libc_cv_sysconfdir@/netgroup)
++
++VAR_DB = /var/db
++
++AWK = awk
++MAKEDB = makedb --quiet
++
++all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES)))
++
++
++$(VAR_DB)/passwd.db: @libc_cv_sysconfdir@/passwd
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$3; print }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/group.db: @libc_cv_sysconfdir@/group
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$3; print; \
++ if ($$4 != "") { \
++ split($$4, grmems, ","); \
++ for (memidx in grmems) { \
++ mem=grmems[memidx]; \
++ if (members[mem] == "") \
++ members[mem]=$$3; \
++ else \
++ members[mem]=members[mem] "," $$3; \
++ } \
++ delete grmems; } } \
++ END { for (mem in members) \
++ printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/ethers.db: @libc_cv_sysconfdir@/ethers
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) '/^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$2; print }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/protocols.db: @libc_cv_sysconfdir@/protocols
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) '/^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$2; print; \
++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
++ { printf ".%s ", $$i; print } }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/rpc.db: @libc_cv_sysconfdir@/rpc
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) '/^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$2; print; \
++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
++ { printf ".%s ", $$i; print } }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/services.db: @libc_cv_sysconfdir@/services
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS="[ \t/]+" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { sub(/[ \t]*#.*$$/, "");\
++ printf ":%s/%s ", $$1, $$3; print; \
++ printf ":%s/ ", $$1; print; \
++ printf "=%s/%s ", $$2, $$3; print; \
++ printf "=%s/ ", $$2; print; \
++ for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \
++ { printf ":%s/%s ", $$i, $$3; print; \
++ printf ":%s/ ", $$i; print } }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/shadow.db: @libc_cv_sysconfdir@/shadow
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
++ (umask 077 && $(MAKEDB) -o $@ -)
++ @echo "done."
++ @if chgrp shadow $@ 2>/dev/null; then \
++ chmod g+r $@; \
++ else \
++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \
++ echo; \
++ echo "Warning: The shadow password database $@"; \
++ echo "has been set to be readable only by root. You may want"; \
++ echo "to make it readable by the \`shadow' group depending"; \
++ echo "on your configuration."; \
++ echo; \
++ fi
++
++$(VAR_DB)/gshadow.db: @libc_cv_sysconfdir@/gshadow
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
++ (umask 077 && $(MAKEDB) -o $@ -)
++ @echo "done."
++ @if chgrp shadow $@ 2>/dev/null; then \
++ chmod g+r $@; \
++ else \
++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \
++ echo; \
++ echo "Warning: The shadow group database $@"; \
++ echo "has been set to be readable only by root. You may want"; \
++ echo "to make it readable by the \`shadow' group depending"; \
++ echo "on your configuration."; \
++ echo; \
++ fi
++
++$(VAR_DB)/netgroup.db: @libc_cv_sysconfdir@/netgroup
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { ini=1 } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \
++ else end=""; \
++ gsub(/[ \t]+/, " "); \
++ sub(/^[ \t]*/, ""); \
++ if (ini == 0) printf "%s%s", $$0, end; \
++ else printf ".%s %s%s", $$1, $$0, end; \
++ ini=end == "" ? 0 : 1; } \
++ END { if (ini==0) printf "\n" }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
+Index: glibc-2.19/resolv/netdb.h
+===================================================================
+--- glibc-2.19.orig/resolv/netdb.h
++++ glibc-2.19/resolv/netdb.h
+@@ -42,12 +42,12 @@
+ #include <bits/netdb.h>
+
+ /* Absolute file name for network data base files. */
+-#define _PATH_HEQUIV "/etc/hosts.equiv"
+-#define _PATH_HOSTS "/etc/hosts"
+-#define _PATH_NETWORKS "/etc/networks"
+-#define _PATH_NSSWITCH_CONF "/etc/nsswitch.conf"
+-#define _PATH_PROTOCOLS "/etc/protocols"
+-#define _PATH_SERVICES "/etc/services"
++#define _PATH_HEQUIV SYSCONFDIR "/hosts.equiv"
++#define _PATH_HOSTS SYSCONFDIR "/hosts"
++#define _PATH_NETWORKS SYSCONFDIR "/networks"
++#define _PATH_NSSWITCH_CONF SYSCONFDIR "/nsswitch.conf"
++#define _PATH_PROTOCOLS SYSCONFDIR "/protocols"
++#define _PATH_SERVICES SYSCONFDIR "/services"
+
+
+ __BEGIN_DECLS
+Index: glibc-2.19/resolv/resolv.h
+===================================================================
+--- glibc-2.19.orig/resolv/resolv.h
++++ /dev/null
+@@ -1,389 +0,0 @@
+-/*
+- * Copyright (c) 1983, 1987, 1989
+- * The Regents of the University of California. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 4. Neither the name of the University nor the names of its contributors
+- * may be used to endorse or promote products derived from this software
+- * without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-/*
+- * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
+- *
+- * Permission to use, copy, modify, and distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+- * SOFTWARE.
+- */
+-
+-/*
+- * @(#)resolv.h 8.1 (Berkeley) 6/2/93
+- * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $
+- */
+-
+-#ifndef _RESOLV_H_
+-
+-/* These headers are needed for types used in the `struct res_state'
+- declaration. */
+-#include <sys/types.h>
+-#include <netinet/in.h>
+-
+-#ifndef __need_res_state
+-# define _RESOLV_H_
+-
+-# include <sys/param.h>
+-# include <sys/cdefs.h>
+-# include <stdio.h>
+-# include <arpa/nameser.h>
+-#endif
+-
+-#ifndef __res_state_defined
+-# define __res_state_defined
+-
+-typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error }
+- res_sendhookact;
+-
+-typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns,
+- const u_char **__query,
+- int *__querylen,
+- u_char *__ans,
+- int __anssiz,
+- int *__resplen);
+-
+-typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns,
+- const u_char *__query,
+- int __querylen,
+- u_char *__ans,
+- int __anssiz,
+- int *__resplen);
+-
+-/*
+- * Global defines and variables for resolver stub.
+- */
+-# define MAXNS 3 /* max # name servers we'll track */
+-# define MAXDFLSRCH 3 /* # default domain levels to try */
+-# define MAXDNSRCH 6 /* max # domains in search path */
+-# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */
+-
+-# define RES_TIMEOUT 5 /* min. seconds between retries */
+-# define MAXRESOLVSORT 10 /* number of net to sort on */
+-# define RES_MAXNDOTS 15 /* should reflect bit field size */
+-# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */
+-# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */
+-# define RES_DFLRETRY 2 /* Default #/tries. */
+-# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */
+-
+-struct __res_state {
+- int retrans; /* retransmition time interval */
+- int retry; /* number of times to retransmit */
+- u_long options; /* option flags - see below. */
+- int nscount; /* number of name servers */
+- struct sockaddr_in
+- nsaddr_list[MAXNS]; /* address of name server */
+-# define nsaddr nsaddr_list[0] /* for backward compatibility */
+- u_short id; /* current message id */
+- /* 2 byte hole here. */
+- char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */
+- char defdname[256]; /* default domain (deprecated) */
+- u_long pfcode; /* RES_PRF_ flags - see below. */
+- unsigned ndots:4; /* threshold for initial abs. query */
+- unsigned nsort:4; /* number of elements in sort_list[] */
+- unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */
+- unsigned unused:23;
+- struct {
+- struct in_addr addr;
+- u_int32_t mask;
+- } sort_list[MAXRESOLVSORT];
+- /* 4 byte hole here on 64-bit architectures. */
+- res_send_qhook qhook; /* query hook */
+- res_send_rhook rhook; /* response hook */
+- int res_h_errno; /* last one set for this context */
+- int _vcsock; /* PRIVATE: for res_send VC i/o */
+- u_int _flags; /* PRIVATE: see below */
+- /* 4 byte hole here on 64-bit architectures. */
+- union {
+- char pad[52]; /* On an i386 this means 512b total. */
+- struct {
+- u_int16_t nscount;
+- u_int16_t nsmap[MAXNS];
+- int nssocks[MAXNS];
+- u_int16_t nscount6;
+- u_int16_t nsinit;
+- struct sockaddr_in6 *nsaddrs[MAXNS];
+-#ifdef _LIBC
+- unsigned long long int initstamp
+- __attribute__((packed));
+-#else
+- unsigned int _initstamp[2];
+-#endif
+- } _ext;
+- } _u;
+-};
+-
+-typedef struct __res_state *res_state;
+-# undef __need_res_state
+-#endif
+-
+-#ifdef _RESOLV_H_
+-/*
+- * Revision information. This is the release date in YYYYMMDD format.
+- * It can change every day so the right thing to do with it is use it
+- * in preprocessor commands such as "#if (__RES > 19931104)". Do not
+- * compare for equality; rather, use it to determine whether your resolver
+- * is new enough to contain a certain feature.
+- */
+-
+-#define __RES 19991006
+-
+-/*
+- * Resolver configuration file.
+- * Normally not present, but may contain the address of the
+- * inital name server(s) to query and the domain search list.
+- */
+-
+-#ifndef _PATH_RESCONF
+-#define _PATH_RESCONF "/etc/resolv.conf"
+-#endif
+-
+-struct res_sym {
+- int number; /* Identifying number, like T_MX */
+- char * name; /* Its symbolic name, like "MX" */
+- char * humanname; /* Its fun name, like "mail exchanger" */
+-};
+-
+-/*
+- * Resolver flags (used to be discrete per-module statics ints).
+- */
+-#define RES_F_VC 0x00000001 /* socket is TCP */
+-#define RES_F_CONN 0x00000002 /* socket is connected */
+-#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */
+-
+-/* res_findzonecut() options */
+-#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */
+-
+-/*
+- * Resolver options (keep these in synch with res_debug.c, please)
+- */
+-#define RES_INIT 0x00000001 /* address initialized */
+-#define RES_DEBUG 0x00000002 /* print debug messages */
+-#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/
+-#define RES_USEVC 0x00000008 /* use virtual circuit */
+-#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */
+-#define RES_IGNTC 0x00000020 /* ignore trucation errors */
+-#define RES_RECURSE 0x00000040 /* recursion desired */
+-#define RES_DEFNAMES 0x00000080 /* use default domain name */
+-#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */
+-#define RES_DNSRCH 0x00000200 /* search up local domain tree */
+-#define RES_INSECURE1 0x00000400 /* type 1 security disabled */
+-#define RES_INSECURE2 0x00000800 /* type 2 security disabled */
+-#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
+-#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
+-#define RES_ROTATE 0x00004000 /* rotate ns list after each query */
+-#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */
+-#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */
+-#define RES_BLAST 0x00020000 /* blast all recursive servers */
+-#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte
+- strings */
+-#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6
+- reverse lookup */
+-#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */
+-#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */
+-#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each
+- request */
+-#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */
+-#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name
+- as a TLD. */
+-
+-#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)
+-
+-/*
+- * Resolver "pfcode" values. Used by dig.
+- */
+-#define RES_PRF_STATS 0x00000001
+-#define RES_PRF_UPDATE 0x00000002
+-#define RES_PRF_CLASS 0x00000004
+-#define RES_PRF_CMD 0x00000008
+-#define RES_PRF_QUES 0x00000010
+-#define RES_PRF_ANS 0x00000020
+-#define RES_PRF_AUTH 0x00000040
+-#define RES_PRF_ADD 0x00000080
+-#define RES_PRF_HEAD1 0x00000100
+-#define RES_PRF_HEAD2 0x00000200
+-#define RES_PRF_TTLID 0x00000400
+-#define RES_PRF_HEADX 0x00000800
+-#define RES_PRF_QUERY 0x00001000
+-#define RES_PRF_REPLY 0x00002000
+-#define RES_PRF_INIT 0x00004000
+-/* 0x00008000 */
+-
+-/* Things involving an internal (static) resolver context. */
+-__BEGIN_DECLS
+-extern struct __res_state *__res_state(void) __attribute__ ((__const__));
+-__END_DECLS
+-#define _res (*__res_state())
+-
+-#ifndef __BIND_NOSTATIC
+-#define fp_nquery __fp_nquery
+-#define fp_query __fp_query
+-#define hostalias __hostalias
+-#define p_query __p_query
+-#define res_close __res_close
+-#define res_init __res_init
+-#define res_isourserver __res_isourserver
+-#define res_mkquery __res_mkquery
+-#define res_query __res_query
+-#define res_querydomain __res_querydomain
+-#define res_search __res_search
+-#define res_send __res_send
+-
+-__BEGIN_DECLS
+-void fp_nquery (const u_char *, int, FILE *) __THROW;
+-void fp_query (const u_char *, FILE *) __THROW;
+-const char * hostalias (const char *) __THROW;
+-void p_query (const u_char *) __THROW;
+-void res_close (void) __THROW;
+-int res_init (void) __THROW;
+-int res_isourserver (const struct sockaddr_in *) __THROW;
+-int res_mkquery (int, const char *, int, int, const u_char *,
+- int, const u_char *, u_char *, int) __THROW;
+-int res_query (const char *, int, int, u_char *, int) __THROW;
+-int res_querydomain (const char *, const char *, int, int,
+- u_char *, int) __THROW;
+-int res_search (const char *, int, int, u_char *, int) __THROW;
+-int res_send (const u_char *, int, u_char *, int) __THROW;
+-__END_DECLS
+-#endif
+-
+-#define b64_ntop __b64_ntop
+-#define b64_pton __b64_pton
+-#define dn_comp __dn_comp
+-#define dn_count_labels __dn_count_labels
+-#define dn_expand __dn_expand
+-#define dn_skipname __dn_skipname
+-#define fp_resstat __fp_resstat
+-#define loc_aton __loc_aton
+-#define loc_ntoa __loc_ntoa
+-#define p_cdname __p_cdname
+-#define p_cdnname __p_cdnname
+-#define p_class __p_class
+-#define p_fqname __p_fqname
+-#define p_fqnname __p_fqnname
+-#define p_option __p_option
+-#define p_secstodate __p_secstodate
+-#define p_section __p_section
+-#define p_time __p_time
+-#define p_type __p_type
+-#define p_rcode __p_rcode
+-#define putlong __putlong
+-#define putshort __putshort
+-#define res_dnok __res_dnok
+-#define res_hnok __res_hnok
+-#define res_hostalias __res_hostalias
+-#define res_mailok __res_mailok
+-#define res_nameinquery __res_nameinquery
+-#define res_nclose __res_nclose
+-#define res_ninit __res_ninit
+-#define res_nmkquery __res_nmkquery
+-#define res_npquery __res_npquery
+-#define res_nquery __res_nquery
+-#define res_nquerydomain __res_nquerydomain
+-#define res_nsearch __res_nsearch
+-#define res_nsend __res_nsend
+-#define res_nisourserver __res_nisourserver
+-#define res_ownok __res_ownok
+-#define res_queriesmatch __res_queriesmatch
+-#define res_randomid __res_randomid
+-#define sym_ntop __sym_ntop
+-#define sym_ntos __sym_ntos
+-#define sym_ston __sym_ston
+-__BEGIN_DECLS
+-int res_hnok (const char *) __THROW;
+-int res_ownok (const char *) __THROW;
+-int res_mailok (const char *) __THROW;
+-int res_dnok (const char *) __THROW;
+-int sym_ston (const struct res_sym *, const char *, int *) __THROW;
+-const char * sym_ntos (const struct res_sym *, int, int *) __THROW;
+-const char * sym_ntop (const struct res_sym *, int, int *) __THROW;
+-int b64_ntop (u_char const *, size_t, char *, size_t) __THROW;
+-int b64_pton (char const *, u_char *, size_t) __THROW;
+-int loc_aton (const char *__ascii, u_char *__binary) __THROW;
+-const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW;
+-int dn_skipname (const u_char *, const u_char *) __THROW;
+-void putlong (u_int32_t, u_char *) __THROW;
+-void putshort (u_int16_t, u_char *) __THROW;
+-const char * p_class (int) __THROW;
+-const char * p_time (u_int32_t) __THROW;
+-const char * p_type (int) __THROW;
+-const char * p_rcode (int) __THROW;
+-const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *)
+- __THROW;
+-const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW;
+-const u_char * p_fqnname (const u_char *__cp, const u_char *__msg,
+- int, char *, int) __THROW;
+-const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW;
+-const char * p_option (u_long __option) __THROW;
+-char * p_secstodate (u_long) __THROW;
+-int dn_count_labels (const char *) __THROW;
+-int dn_comp (const char *, u_char *, int, u_char **, u_char **)
+- __THROW;
+-int dn_expand (const u_char *, const u_char *, const u_char *,
+- char *, int) __THROW;
+-u_int res_randomid (void) __THROW;
+-int res_nameinquery (const char *, int, int,
+- const u_char *, const u_char *) __THROW;
+-int res_queriesmatch (const u_char *, const u_char *,
+- const u_char *, const u_char *) __THROW;
+-const char * p_section (int __section, int __opcode) __THROW;
+-/* Things involving a resolver context. */
+-int res_ninit (res_state) __THROW;
+-int res_nisourserver (const res_state,
+- const struct sockaddr_in *) __THROW;
+-void fp_resstat (const res_state, FILE *) __THROW;
+-void res_npquery (const res_state, const u_char *, int, FILE *)
+- __THROW;
+-const char * res_hostalias (const res_state, const char *, char *, size_t)
+- __THROW;
+-int res_nquery (res_state, const char *, int, int, u_char *, int)
+- __THROW;
+-int res_nsearch (res_state, const char *, int, int, u_char *, int)
+- __THROW;
+-int res_nquerydomain (res_state, const char *, const char *, int,
+- int, u_char *, int) __THROW;
+-int res_nmkquery (res_state, int, const char *, int, int,
+- const u_char *, int, const u_char *, u_char *,
+- int) __THROW;
+-int res_nsend (res_state, const u_char *, int, u_char *, int)
+- __THROW;
+-void res_nclose (res_state) __THROW;
+-__END_DECLS
+-#endif
+-
+-#endif /* !_RESOLV_H_ */
+Index: glibc-2.19/shadow/Makefile
+===================================================================
+--- glibc-2.19.orig/shadow/Makefile
++++ glibc-2.19/shadow/Makefile
+@@ -34,5 +34,6 @@ CFLAGS-fgetspent_r.c = -fexceptions $(li
+ CFLAGS-putspent.c = -fexceptions $(libio-mtsafe)
+ CFLAGS-getspnam.c = -fexceptions
+ CFLAGS-getspnam_r.c = -fexceptions
++CPPFLAGS-lckpwdf.c = -DSYSCONFDIR='"$(sysconfdir)"'
+
+ include ../Rules
+Index: glibc-2.19/shadow/lckpwdf.c
+===================================================================
+--- glibc-2.19.orig/shadow/lckpwdf.c
++++ glibc-2.19/shadow/lckpwdf.c
+@@ -29,7 +29,7 @@
+
+
+ /* Name of the lock file. */
+-#define PWD_LOCKFILE "/etc/.pwd.lock"
++#define PWD_LOCKFILE SYSCONFDIR "/.pwd.lock"
+
+ /* How long to wait for getting the lock before returning with an
+ error. */
+Index: glibc-2.19/configure.ac
+===================================================================
+--- glibc-2.19.orig/configure.ac
++++ glibc-2.19/configure.ac
+@@ -2173,7 +2173,7 @@ RELEASE=`sed -n -e 's/^#define RELEASE "
+ AC_SUBST(VERSION)
+ AC_SUBST(RELEASE)
+
+-AC_CONFIG_FILES([config.make Makefile])
++AC_CONFIG_FILES([config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h])
+ AC_CONFIG_COMMANDS([default],[[
+ case $CONFIG_FILES in *config.make*)
+ echo "$config_vars" >> config.make;;
+Index: glibc-2.19/resolv/netdb.h.in
+===================================================================
+--- /dev/null
++++ glibc-2.19/resolv/netdb.h.in
+@@ -0,0 +1,715 @@
++ /* Copyright (C) 1996-2014 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++/* All data returned by the network data base library are supplied in
++ host order and returned in network order (suitable for use in
++ system calls). */
++
++#ifndef _NETDB_H
++#define _NETDB_H 1
++
++#include <features.h>
++
++#include <netinet/in.h>
++#include <stdint.h>
++#ifdef __USE_MISC
++/* This is necessary to make this include file properly replace the
++ Sun version. */
++# include <rpc/netdb.h>
++#endif
++
++#ifdef __USE_GNU
++# define __need_sigevent_t
++# include <bits/siginfo.h>
++# define __need_timespec
++# include <time.h>
++#endif
++
++#include <bits/netdb.h>
++
++/* Absolute file name for network data base files. */
++#define _PATH_HEQUIV "@libc_cv_sysconfdir@/hosts.equiv"
++#define _PATH_HOSTS "@libc_cv_sysconfdir@/hosts"
++#define _PATH_NETWORKS "@libc_cv_sysconfdir@/networks"
++#define _PATH_NSSWITCH_CONF "@libc_cv_sysconfdir@/nsswitch.conf"
++#define _PATH_PROTOCOLS "@libc_cv_sysconfdir@/protocols"
++#define _PATH_SERVICES "@libc_cv_sysconfdir@/services"
++
++
++__BEGIN_DECLS
++
++#if defined __USE_MISC || !defined __USE_XOPEN2K8
++/* Error status for non-reentrant lookup functions.
++ We use a macro to access always the thread-specific `h_errno' variable. */
++# define h_errno (*__h_errno_location ())
++
++/* Function to get address of global `h_errno' variable. */
++extern int *__h_errno_location (void) __THROW __attribute__ ((__const__));
++
++
++/* Possible values left in `h_errno'. */
++# define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found. */
++# define TRY_AGAIN 2 /* Non-Authoritative Host not found,
++ or SERVERFAIL. */
++# define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED,
++ NOTIMP. */
++# define NO_DATA 4 /* Valid name, no data record of requested
++ type. */
++#endif
++#ifdef __USE_MISC
++# define NETDB_INTERNAL -1 /* See errno. */
++# define NETDB_SUCCESS 0 /* No problem. */
++# define NO_ADDRESS NO_DATA /* No address, look for MX record. */
++#endif
++
++#if defined __USE_XOPEN2K || defined __USE_XOPEN_EXTENDED
++/* Highest reserved Internet port number. */
++# define IPPORT_RESERVED 1024
++#endif
++
++#ifdef __USE_GNU
++/* Scope delimiter for getaddrinfo(), getnameinfo(). */
++# define SCOPE_DELIMITER '%'
++#endif
++
++#ifdef __USE_MISC
++/* Print error indicated by `h_errno' variable on standard error. STR
++ if non-null is printed before the error string. */
++extern void herror (const char *__str) __THROW;
++
++/* Return string associated with error ERR_NUM. */
++extern const char *hstrerror (int __err_num) __THROW;
++#endif
++
++
++/* Description of data base entry for a single host. */
++struct hostent
++{
++ char *h_name; /* Official name of host. */
++ char **h_aliases; /* Alias list. */
++ int h_addrtype; /* Host address type. */
++ int h_length; /* Length of address. */
++ char **h_addr_list; /* List of addresses from name server. */
++#ifdef __USE_MISC
++# define h_addr h_addr_list[0] /* Address, for backward compatibility.*/
++#endif
++};
++
++/* Open host data base files and mark them as staying open even after
++ a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void sethostent (int __stay_open);
++
++/* Close host data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endhostent (void);
++
++/* Get next entry from host data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct hostent *gethostent (void);
++
++/* Return entry from host data base which address match ADDR with
++ length LEN and type TYPE.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct hostent *gethostbyaddr (const void *__addr, __socklen_t __len,
++ int __type);
++
++/* Return entry from host data base for host with NAME.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct hostent *gethostbyname (const char *__name);
++
++#ifdef __USE_MISC
++/* Return entry from host data base for host with NAME. AF must be
++ set to the address type which is `AF_INET' for IPv4 or `AF_INET6'
++ for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern struct hostent *gethostbyname2 (const char *__name, int __af);
++
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF. The last
++ argument is a pointer to a variable which gets the value which
++ would be stored in the global variable `herrno' by the
++ non-reentrant functions.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int gethostent_r (struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len,
++ int __type,
++ struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int gethostbyname_r (const char *__restrict __name,
++ struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int gethostbyname2_r (const char *__restrict __name, int __af,
++ struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++#endif /* misc */
++
++
++/* Open network data base files and mark them as staying open even
++ after a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void setnetent (int __stay_open);
++
++/* Close network data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endnetent (void);
++
++/* Get next entry from network data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct netent *getnetent (void);
++
++/* Return entry from network data base which address match NET and
++ type TYPE.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct netent *getnetbyaddr (uint32_t __net, int __type);
++
++/* Return entry from network data base for network with NAME.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct netent *getnetbyname (const char *__name);
++
++#ifdef __USE_MISC
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF. The last
++ argument is a pointer to a variable which gets the value which
++ would be stored in the global variable `herrno' by the
++ non-reentrant functions.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int getnetent_r (struct netent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct netent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int getnetbyaddr_r (uint32_t __net, int __type,
++ struct netent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct netent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int getnetbyname_r (const char *__restrict __name,
++ struct netent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct netent **__restrict __result,
++ int *__restrict __h_errnop);
++#endif /* misc */
++
++
++/* Description of data base entry for a single service. */
++struct servent
++{
++ char *s_name; /* Official service name. */
++ char **s_aliases; /* Alias list. */
++ int s_port; /* Port number. */
++ char *s_proto; /* Protocol to use. */
++};
++
++/* Open service data base files and mark them as staying open even
++ after a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void setservent (int __stay_open);
++
++/* Close service data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endservent (void);
++
++/* Get next entry from service data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct servent *getservent (void);
++
++/* Return entry from network data base for network with NAME and
++ protocol PROTO.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct servent *getservbyname (const char *__name, const char *__proto);
++
++/* Return entry from service data base which matches port PORT and
++ protocol PROTO.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct servent *getservbyport (int __port, const char *__proto);
++
++
++#ifdef __USE_MISC
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int getservent_r (struct servent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct servent **__restrict __result);
++
++extern int getservbyname_r (const char *__restrict __name,
++ const char *__restrict __proto,
++ struct servent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct servent **__restrict __result);
++
++extern int getservbyport_r (int __port, const char *__restrict __proto,
++ struct servent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct servent **__restrict __result);
++#endif /* misc */
++
++
++/* Description of data base entry for a single service. */
++struct protoent
++{
++ char *p_name; /* Official protocol name. */
++ char **p_aliases; /* Alias list. */
++ int p_proto; /* Protocol number. */
++};
++
++/* Open protocol data base files and mark them as staying open even
++ after a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void setprotoent (int __stay_open);
++
++/* Close protocol data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endprotoent (void);
++
++/* Get next entry from protocol data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct protoent *getprotoent (void);
++
++/* Return entry from protocol data base for network with NAME.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct protoent *getprotobyname (const char *__name);
++
++/* Return entry from protocol data base which number is PROTO.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct protoent *getprotobynumber (int __proto);
++
++
++#ifdef __USE_MISC
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int getprotoent_r (struct protoent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct protoent **__restrict __result);
++
++extern int getprotobyname_r (const char *__restrict __name,
++ struct protoent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct protoent **__restrict __result);
++
++extern int getprotobynumber_r (int __proto,
++ struct protoent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct protoent **__restrict __result);
++
++
++/* Establish network group NETGROUP for enumeration.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int setnetgrent (const char *__netgroup);
++
++/* Free all space allocated by previous `setnetgrent' call.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern void endnetgrent (void);
++
++/* Get next member of netgroup established by last `setnetgrent' call
++ and return pointers to elements in HOSTP, USERP, and DOMAINP.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int getnetgrent (char **__restrict __hostp,
++ char **__restrict __userp,
++ char **__restrict __domainp);
++
++
++/* Test whether NETGROUP contains the triple (HOST,USER,DOMAIN).
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int innetgr (const char *__netgroup, const char *__host,
++ const char *__user, const char *__domain);
++
++/* Reentrant version of `getnetgrent' where result is placed in BUFFER.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int getnetgrent_r (char **__restrict __hostp,
++ char **__restrict __userp,
++ char **__restrict __domainp,
++ char *__restrict __buffer, size_t __buflen);
++#endif /* misc */
++
++
++#ifdef __USE_MISC
++/* Call `rshd' at port RPORT on remote machine *AHOST to execute CMD.
++ The local user is LOCUSER, on the remote machine the command is
++ executed as REMUSER. In *FD2P the descriptor to the socket for the
++ connection is returned. The caller must have the right to use a
++ reserved port. When the function returns *AHOST contains the
++ official host name.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rcmd (char **__restrict __ahost, unsigned short int __rport,
++ const char *__restrict __locuser,
++ const char *__restrict __remuser,
++ const char *__restrict __cmd, int *__restrict __fd2p);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rcmd_af (char **__restrict __ahost, unsigned short int __rport,
++ const char *__restrict __locuser,
++ const char *__restrict __remuser,
++ const char *__restrict __cmd, int *__restrict __fd2p,
++ sa_family_t __af);
++
++/* Call `rexecd' at port RPORT on remote machine *AHOST to execute
++ CMD. The process runs at the remote machine using the ID of user
++ NAME whose cleartext password is PASSWD. In *FD2P the descriptor
++ to the socket for the connection is returned. When the function
++ returns *AHOST contains the official host name.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rexec (char **__restrict __ahost, int __rport,
++ const char *__restrict __name,
++ const char *__restrict __pass,
++ const char *__restrict __cmd, int *__restrict __fd2p);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rexec_af (char **__restrict __ahost, int __rport,
++ const char *__restrict __name,
++ const char *__restrict __pass,
++ const char *__restrict __cmd, int *__restrict __fd2p,
++ sa_family_t __af);
++
++/* Check whether user REMUSER on system RHOST is allowed to login as LOCUSER.
++ If SUSER is not zero the user tries to become superuser. Return 0 if
++ it is possible.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int ruserok (const char *__rhost, int __suser,
++ const char *__remuser, const char *__locuser);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int ruserok_af (const char *__rhost, int __suser,
++ const char *__remuser, const char *__locuser,
++ sa_family_t __af);
++
++/* Check whether user REMUSER on system indicated by IPv4 address
++ RADDR is allowed to login as LOCUSER. Non-IPv4 (e.g., IPv6) are
++ not supported. If SUSER is not zero the user tries to become
++ superuser. Return 0 if it is possible.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int iruserok (uint32_t __raddr, int __suser,
++ const char *__remuser, const char *__locuser);
++
++/* This is the equivalent function where the pfamiliy if the address
++ pointed to by RADDR is determined by the value of AF. It therefore
++ can be used for IPv6
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int iruserok_af (const void *__raddr, int __suser,
++ const char *__remuser, const char *__locuser,
++ sa_family_t __af);
++
++/* Try to allocate reserved port, returning a descriptor for a socket opened
++ at this port or -1 if unsuccessful. The search for an available port
++ will start at ALPORT and continues with lower numbers.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rresvport (int *__alport);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rresvport_af (int *__alport, sa_family_t __af);
++#endif
++
++
++/* Extension from POSIX.1g. */
++#ifdef __USE_POSIX
++/* Structure to contain information about address of a service provider. */
++struct addrinfo
++{
++ int ai_flags; /* Input flags. */
++ int ai_family; /* Protocol family for socket. */
++ int ai_socktype; /* Socket type. */
++ int ai_protocol; /* Protocol for socket. */
++ socklen_t ai_addrlen; /* Length of socket address. */
++ struct sockaddr *ai_addr; /* Socket address for socket. */
++ char *ai_canonname; /* Canonical name for service location. */
++ struct addrinfo *ai_next; /* Pointer to next in list. */
++};
++
++# ifdef __USE_GNU
++/* Structure used as control block for asynchronous lookup. */
++struct gaicb
++{
++ const char *ar_name; /* Name to look up. */
++ const char *ar_service; /* Service name. */
++ const struct addrinfo *ar_request; /* Additional request specification. */
++ struct addrinfo *ar_result; /* Pointer to result. */
++ /* The following are internal elements. */
++ int __return;
++ int __glibc_reserved[5];
++};
++
++/* Lookup mode. */
++# define GAI_WAIT 0
++# define GAI_NOWAIT 1
++# endif
++
++/* Possible values for `ai_flags' field in `addrinfo' structure. */
++# define AI_PASSIVE 0x0001 /* Socket address is intended for `bind'. */
++# define AI_CANONNAME 0x0002 /* Request for canonical name. */
++# define AI_NUMERICHOST 0x0004 /* Don't use name resolution. */
++# define AI_V4MAPPED 0x0008 /* IPv4 mapped addresses are acceptable. */
++# define AI_ALL 0x0010 /* Return IPv4 mapped and IPv6 addresses. */
++# define AI_ADDRCONFIG 0x0020 /* Use configuration of this host to choose
++ returned address type.. */
++# ifdef __USE_GNU
++# define AI_IDN 0x0040 /* IDN encode input (assuming it is encoded
++ in the current locale's character set)
++ before looking it up. */
++# define AI_CANONIDN 0x0080 /* Translate canonical name from IDN format. */
++# define AI_IDN_ALLOW_UNASSIGNED 0x0100 /* Don't reject unassigned Unicode
++ code points. */
++# define AI_IDN_USE_STD3_ASCII_RULES 0x0200 /* Validate strings according to
++ STD3 rules. */
++# endif
++# define AI_NUMERICSERV 0x0400 /* Don't use name resolution. */
++
++/* Error values for `getaddrinfo' function. */
++# define EAI_BADFLAGS -1 /* Invalid value for `ai_flags' field. */
++# define EAI_NONAME -2 /* NAME or SERVICE is unknown. */
++# define EAI_AGAIN -3 /* Temporary failure in name resolution. */
++# define EAI_FAIL -4 /* Non-recoverable failure in name res. */
++# define EAI_FAMILY -6 /* `ai_family' not supported. */
++# define EAI_SOCKTYPE -7 /* `ai_socktype' not supported. */
++# define EAI_SERVICE -8 /* SERVICE not supported for `ai_socktype'. */
++# define EAI_MEMORY -10 /* Memory allocation failure. */
++# define EAI_SYSTEM -11 /* System error returned in `errno'. */
++# define EAI_OVERFLOW -12 /* Argument buffer overflow. */
++# ifdef __USE_GNU
++# define EAI_NODATA -5 /* No address associated with NAME. */
++# define EAI_ADDRFAMILY -9 /* Address family for NAME not supported. */
++# define EAI_INPROGRESS -100 /* Processing request in progress. */
++# define EAI_CANCELED -101 /* Request canceled. */
++# define EAI_NOTCANCELED -102 /* Request not canceled. */
++# define EAI_ALLDONE -103 /* All requests done. */
++# define EAI_INTR -104 /* Interrupted by a signal. */
++# define EAI_IDN_ENCODE -105 /* IDN encoding failed. */
++# endif
++
++# ifdef __USE_MISC
++# define NI_MAXHOST 1025
++# define NI_MAXSERV 32
++# endif
++
++# define NI_NUMERICHOST 1 /* Don't try to look up hostname. */
++# define NI_NUMERICSERV 2 /* Don't convert port number to name. */
++# define NI_NOFQDN 4 /* Only return nodename portion. */
++# define NI_NAMEREQD 8 /* Don't return numeric addresses. */
++# define NI_DGRAM 16 /* Look up UDP service rather than TCP. */
++# ifdef __USE_GNU
++# define NI_IDN 32 /* Convert name from IDN format. */
++# define NI_IDN_ALLOW_UNASSIGNED 64 /* Don't reject unassigned Unicode
++ code points. */
++# define NI_IDN_USE_STD3_ASCII_RULES 128 /* Validate strings according to
++ STD3 rules. */
++# endif
++
++/* Translate name of a service location and/or a service name to set of
++ socket addresses.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern int getaddrinfo (const char *__restrict __name,
++ const char *__restrict __service,
++ const struct addrinfo *__restrict __req,
++ struct addrinfo **__restrict __pai);
++
++/* Free `addrinfo' structure AI including associated storage. */
++extern void freeaddrinfo (struct addrinfo *__ai) __THROW;
++
++/* Convert error return from getaddrinfo() to a string. */
++extern const char *gai_strerror (int __ecode) __THROW;
++
++/* Translate a socket address to a location and service name.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern int getnameinfo (const struct sockaddr *__restrict __sa,
++ socklen_t __salen, char *__restrict __host,
++ socklen_t __hostlen, char *__restrict __serv,
++ socklen_t __servlen, int __flags);
++#endif /* POSIX */
++
++#ifdef __USE_GNU
++/* Enqueue ENT requests from the LIST. If MODE is GAI_WAIT wait until all
++ requests are handled. If WAIT is GAI_NOWAIT return immediately after
++ queueing the requests and signal completion according to SIG.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int getaddrinfo_a (int __mode, struct gaicb *__list[__restrict_arr],
++ int __ent, struct sigevent *__restrict __sig);
++
++/* Suspend execution of the thread until at least one of the ENT requests
++ in LIST is handled. If TIMEOUT is not a null pointer it specifies the
++ longest time the function keeps waiting before returning with an error.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int gai_suspend (const struct gaicb *const __list[], int __ent,
++ const struct timespec *__timeout);
++
++/* Get the error status of the request REQ. */
++extern int gai_error (struct gaicb *__req) __THROW;
++
++/* Cancel the requests associated with GAICBP. */
++extern int gai_cancel (struct gaicb *__gaicbp) __THROW;
++#endif /* GNU */
++
++__END_DECLS
++
++#endif /* netdb.h */
+Index: glibc-2.19/resolv/resolv.h.in
+===================================================================
+--- /dev/null
++++ glibc-2.19/resolv/resolv.h.in
+@@ -0,0 +1,389 @@
++/*
++ * Copyright (c) 1983, 1987, 1989
++ * The Regents of the University of California. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 4. Neither the name of the University nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++/*
++ * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
++ */
++
++/*
++ * @(#)resolv.h 8.1 (Berkeley) 6/2/93
++ * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $
++ */
++
++#ifndef _RESOLV_H_
++
++/* These headers are needed for types used in the `struct res_state'
++ declaration. */
++#include <sys/types.h>
++#include <netinet/in.h>
++
++#ifndef __need_res_state
++# define _RESOLV_H_
++
++# include <sys/param.h>
++# include <sys/cdefs.h>
++# include <stdio.h>
++# include <arpa/nameser.h>
++#endif
++
++#ifndef __res_state_defined
++# define __res_state_defined
++
++typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error }
++ res_sendhookact;
++
++typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns,
++ const u_char **__query,
++ int *__querylen,
++ u_char *__ans,
++ int __anssiz,
++ int *__resplen);
++
++typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns,
++ const u_char *__query,
++ int __querylen,
++ u_char *__ans,
++ int __anssiz,
++ int *__resplen);
++
++/*
++ * Global defines and variables for resolver stub.
++ */
++# define MAXNS 3 /* max # name servers we'll track */
++# define MAXDFLSRCH 3 /* # default domain levels to try */
++# define MAXDNSRCH 6 /* max # domains in search path */
++# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */
++
++# define RES_TIMEOUT 5 /* min. seconds between retries */
++# define MAXRESOLVSORT 10 /* number of net to sort on */
++# define RES_MAXNDOTS 15 /* should reflect bit field size */
++# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */
++# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */
++# define RES_DFLRETRY 2 /* Default #/tries. */
++# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */
++
++struct __res_state {
++ int retrans; /* retransmition time interval */
++ int retry; /* number of times to retransmit */
++ u_long options; /* option flags - see below. */
++ int nscount; /* number of name servers */
++ struct sockaddr_in
++ nsaddr_list[MAXNS]; /* address of name server */
++# define nsaddr nsaddr_list[0] /* for backward compatibility */
++ u_short id; /* current message id */
++ /* 2 byte hole here. */
++ char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */
++ char defdname[256]; /* default domain (deprecated) */
++ u_long pfcode; /* RES_PRF_ flags - see below. */
++ unsigned ndots:4; /* threshold for initial abs. query */
++ unsigned nsort:4; /* number of elements in sort_list[] */
++ unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */
++ unsigned unused:23;
++ struct {
++ struct in_addr addr;
++ u_int32_t mask;
++ } sort_list[MAXRESOLVSORT];
++ /* 4 byte hole here on 64-bit architectures. */
++ res_send_qhook qhook; /* query hook */
++ res_send_rhook rhook; /* response hook */
++ int res_h_errno; /* last one set for this context */
++ int _vcsock; /* PRIVATE: for res_send VC i/o */
++ u_int _flags; /* PRIVATE: see below */
++ /* 4 byte hole here on 64-bit architectures. */
++ union {
++ char pad[52]; /* On an i386 this means 512b total. */
++ struct {
++ u_int16_t nscount;
++ u_int16_t nsmap[MAXNS];
++ int nssocks[MAXNS];
++ u_int16_t nscount6;
++ u_int16_t nsinit;
++ struct sockaddr_in6 *nsaddrs[MAXNS];
++#ifdef _LIBC
++ unsigned long long int initstamp
++ __attribute__((packed));
++#else
++ unsigned int _initstamp[2];
++#endif
++ } _ext;
++ } _u;
++};
++
++typedef struct __res_state *res_state;
++# undef __need_res_state
++#endif
++
++#ifdef _RESOLV_H_
++/*
++ * Revision information. This is the release date in YYYYMMDD format.
++ * It can change every day so the right thing to do with it is use it
++ * in preprocessor commands such as "#if (__RES > 19931104)". Do not
++ * compare for equality; rather, use it to determine whether your resolver
++ * is new enough to contain a certain feature.
++ */
++
++#define __RES 19991006
++
++/*
++ * Resolver configuration file.
++ * Normally not present, but may contain the address of the
++ * inital name server(s) to query and the domain search list.
++ */
++
++#ifndef _PATH_RESCONF
++#define _PATH_RESCONF "@libc_cv_sysconfdir@/resolv.conf"
++#endif
++
++struct res_sym {
++ int number; /* Identifying number, like T_MX */
++ char * name; /* Its symbolic name, like "MX" */
++ char * humanname; /* Its fun name, like "mail exchanger" */
++};
++
++/*
++ * Resolver flags (used to be discrete per-module statics ints).
++ */
++#define RES_F_VC 0x00000001 /* socket is TCP */
++#define RES_F_CONN 0x00000002 /* socket is connected */
++#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */
++
++/* res_findzonecut() options */
++#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */
++
++/*
++ * Resolver options (keep these in synch with res_debug.c, please)
++ */
++#define RES_INIT 0x00000001 /* address initialized */
++#define RES_DEBUG 0x00000002 /* print debug messages */
++#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/
++#define RES_USEVC 0x00000008 /* use virtual circuit */
++#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */
++#define RES_IGNTC 0x00000020 /* ignore trucation errors */
++#define RES_RECURSE 0x00000040 /* recursion desired */
++#define RES_DEFNAMES 0x00000080 /* use default domain name */
++#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */
++#define RES_DNSRCH 0x00000200 /* search up local domain tree */
++#define RES_INSECURE1 0x00000400 /* type 1 security disabled */
++#define RES_INSECURE2 0x00000800 /* type 2 security disabled */
++#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
++#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
++#define RES_ROTATE 0x00004000 /* rotate ns list after each query */
++#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */
++#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */
++#define RES_BLAST 0x00020000 /* blast all recursive servers */
++#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte
++ strings */
++#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6
++ reverse lookup */
++#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */
++#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */
++#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each
++ request */
++#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */
++#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name
++ as a TLD. */
++
++#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)
++
++/*
++ * Resolver "pfcode" values. Used by dig.
++ */
++#define RES_PRF_STATS 0x00000001
++#define RES_PRF_UPDATE 0x00000002
++#define RES_PRF_CLASS 0x00000004
++#define RES_PRF_CMD 0x00000008
++#define RES_PRF_QUES 0x00000010
++#define RES_PRF_ANS 0x00000020
++#define RES_PRF_AUTH 0x00000040
++#define RES_PRF_ADD 0x00000080
++#define RES_PRF_HEAD1 0x00000100
++#define RES_PRF_HEAD2 0x00000200
++#define RES_PRF_TTLID 0x00000400
++#define RES_PRF_HEADX 0x00000800
++#define RES_PRF_QUERY 0x00001000
++#define RES_PRF_REPLY 0x00002000
++#define RES_PRF_INIT 0x00004000
++/* 0x00008000 */
++
++/* Things involving an internal (static) resolver context. */
++__BEGIN_DECLS
++extern struct __res_state *__res_state(void) __attribute__ ((__const__));
++__END_DECLS
++#define _res (*__res_state())
++
++#ifndef __BIND_NOSTATIC
++#define fp_nquery __fp_nquery
++#define fp_query __fp_query
++#define hostalias __hostalias
++#define p_query __p_query
++#define res_close __res_close
++#define res_init __res_init
++#define res_isourserver __res_isourserver
++#define res_mkquery __res_mkquery
++#define res_query __res_query
++#define res_querydomain __res_querydomain
++#define res_search __res_search
++#define res_send __res_send
++
++__BEGIN_DECLS
++void fp_nquery (const u_char *, int, FILE *) __THROW;
++void fp_query (const u_char *, FILE *) __THROW;
++const char * hostalias (const char *) __THROW;
++void p_query (const u_char *) __THROW;
++void res_close (void) __THROW;
++int res_init (void) __THROW;
++int res_isourserver (const struct sockaddr_in *) __THROW;
++int res_mkquery (int, const char *, int, int, const u_char *,
++ int, const u_char *, u_char *, int) __THROW;
++int res_query (const char *, int, int, u_char *, int) __THROW;
++int res_querydomain (const char *, const char *, int, int,
++ u_char *, int) __THROW;
++int res_search (const char *, int, int, u_char *, int) __THROW;
++int res_send (const u_char *, int, u_char *, int) __THROW;
++__END_DECLS
++#endif
++
++#define b64_ntop __b64_ntop
++#define b64_pton __b64_pton
++#define dn_comp __dn_comp
++#define dn_count_labels __dn_count_labels
++#define dn_expand __dn_expand
++#define dn_skipname __dn_skipname
++#define fp_resstat __fp_resstat
++#define loc_aton __loc_aton
++#define loc_ntoa __loc_ntoa
++#define p_cdname __p_cdname
++#define p_cdnname __p_cdnname
++#define p_class __p_class
++#define p_fqname __p_fqname
++#define p_fqnname __p_fqnname
++#define p_option __p_option
++#define p_secstodate __p_secstodate
++#define p_section __p_section
++#define p_time __p_time
++#define p_type __p_type
++#define p_rcode __p_rcode
++#define putlong __putlong
++#define putshort __putshort
++#define res_dnok __res_dnok
++#define res_hnok __res_hnok
++#define res_hostalias __res_hostalias
++#define res_mailok __res_mailok
++#define res_nameinquery __res_nameinquery
++#define res_nclose __res_nclose
++#define res_ninit __res_ninit
++#define res_nmkquery __res_nmkquery
++#define res_npquery __res_npquery
++#define res_nquery __res_nquery
++#define res_nquerydomain __res_nquerydomain
++#define res_nsearch __res_nsearch
++#define res_nsend __res_nsend
++#define res_nisourserver __res_nisourserver
++#define res_ownok __res_ownok
++#define res_queriesmatch __res_queriesmatch
++#define res_randomid __res_randomid
++#define sym_ntop __sym_ntop
++#define sym_ntos __sym_ntos
++#define sym_ston __sym_ston
++__BEGIN_DECLS
++int res_hnok (const char *) __THROW;
++int res_ownok (const char *) __THROW;
++int res_mailok (const char *) __THROW;
++int res_dnok (const char *) __THROW;
++int sym_ston (const struct res_sym *, const char *, int *) __THROW;
++const char * sym_ntos (const struct res_sym *, int, int *) __THROW;
++const char * sym_ntop (const struct res_sym *, int, int *) __THROW;
++int b64_ntop (u_char const *, size_t, char *, size_t) __THROW;
++int b64_pton (char const *, u_char *, size_t) __THROW;
++int loc_aton (const char *__ascii, u_char *__binary) __THROW;
++const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW;
++int dn_skipname (const u_char *, const u_char *) __THROW;
++void putlong (u_int32_t, u_char *) __THROW;
++void putshort (u_int16_t, u_char *) __THROW;
++const char * p_class (int) __THROW;
++const char * p_time (u_int32_t) __THROW;
++const char * p_type (int) __THROW;
++const char * p_rcode (int) __THROW;
++const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *)
++ __THROW;
++const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW;
++const u_char * p_fqnname (const u_char *__cp, const u_char *__msg,
++ int, char *, int) __THROW;
++const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW;
++const char * p_option (u_long __option) __THROW;
++char * p_secstodate (u_long) __THROW;
++int dn_count_labels (const char *) __THROW;
++int dn_comp (const char *, u_char *, int, u_char **, u_char **)
++ __THROW;
++int dn_expand (const u_char *, const u_char *, const u_char *,
++ char *, int) __THROW;
++u_int res_randomid (void) __THROW;
++int res_nameinquery (const char *, int, int,
++ const u_char *, const u_char *) __THROW;
++int res_queriesmatch (const u_char *, const u_char *,
++ const u_char *, const u_char *) __THROW;
++const char * p_section (int __section, int __opcode) __THROW;
++/* Things involving a resolver context. */
++int res_ninit (res_state) __THROW;
++int res_nisourserver (const res_state,
++ const struct sockaddr_in *) __THROW;
++void fp_resstat (const res_state, FILE *) __THROW;
++void res_npquery (const res_state, const u_char *, int, FILE *)
++ __THROW;
++const char * res_hostalias (const res_state, const char *, char *, size_t)
++ __THROW;
++int res_nquery (res_state, const char *, int, int, u_char *, int)
++ __THROW;
++int res_nsearch (res_state, const char *, int, int, u_char *, int)
++ __THROW;
++int res_nquerydomain (res_state, const char *, const char *, int,
++ int, u_char *, int) __THROW;
++int res_nmkquery (res_state, int, const char *, int, int,
++ const u_char *, int, const u_char *, u_char *,
++ int) __THROW;
++int res_nsend (res_state, const u_char *, int, u_char *, int)
++ __THROW;
++void res_nclose (res_state) __THROW;
++__END_DECLS
++#endif
++
++#endif /* !_RESOLV_H_ */
+Index: glibc-2.19/configure
+===================================================================
+--- glibc-2.19.orig/configure
++++ glibc-2.19/configure
+@@ -7387,7 +7387,7 @@ RELEASE=`sed -n -e 's/^#define RELEASE "
+
+
+
+-ac_config_files="$ac_config_files config.make Makefile"
++ac_config_files="$ac_config_files config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h"
+
+ ac_config_commands="$ac_config_commands default"
+
+@@ -8107,6 +8107,9 @@ do
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "config.make") CONFIG_FILES="$CONFIG_FILES config.make" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
++ "nss/db-Makefile") CONFIG_FILES="$CONFIG_FILES nss/db-Makefile" ;;
++ "resolv/netdb.h") CONFIG_FILES="$CONFIG_FILES resolv/netdb.h" ;;
++ "resolv/resolv.h") CONFIG_FILES="$CONFIG_FILES resolv/resolv.h" ;;
+ "default") CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch
new file mode 100644
index 0000000..341d8c5
--- /dev/null
+++ b/sys-libs/glibc/files/2.19/glibc-2.19-hardened-configure-picdefault.patch
@@ -0,0 +1,30 @@
+Prevent default-fPIE from confusing configure into thinking
+PIC code is default. This causes glibc to build both PIC and
+non-PIC code as normal, which on the hardened compiler generates
+PIC and PIE.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+Fixed for glibc 2.19 by Magnus Granberg <zorry@ume.nu>
+
+--- configure.ac
++++ configure.ac
+@@ -2145,7 +2145,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+ libc_cv_pic_default=no
+ fi
+ rm -f conftest.*])
+--- configure
++++ configure
+@@ -7698,7 +7698,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
+ libc_cv_pic_default=no
+ fi
+ rm -f conftest.*
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch
new file mode 100644
index 0000000..72a616a
--- /dev/null
+++ b/sys-libs/glibc/files/2.19/glibc-2.19-ia64-gcc-4.8-reloc-hack.patch
@@ -0,0 +1,32 @@
+https://bugs.gentoo.org/503838
+http://gcc.gnu.org/PR60465
+https://sourceware.org/ml/libc-alpha/2015-12/msg00556.html
+https://trofi.github.io/posts/189-glibc-on-ia64-or-how-relocations-bootstrap.html
+
+newer versions of gcc generate relocations in the elf_get_dynamic_info func
+which glibc relies on to populate some info structs. those structs are then
+used by ldso to process relocations in itself. glibc requires that there are
+no relocations until that point (*after* elf_get_dynamic_info), so we end up
+crashing during elf_get_dynamic_info because the relocation has not yet been
+processed.
+
+this hack shuffles the code in a way that tricks gcc into not generating the
+relocation. we need to figure out something better for upstream.
+
+--- a/elf/get-dynamic-info.h
++++ b/elf/get-dynamic-info.h
+@@ -66,8 +66,12 @@ elf_get_dynamic_info (struct link_map *l, ElfW(Dyn) *temp)
+ info[DT_VALTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
+ + DT_VERSIONTAGNUM + DT_EXTRANUM] = dyn;
+ else if ((d_tag_utype) DT_ADDRTAGIDX (dyn->d_tag) < DT_ADDRNUM)
+- info[DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
+- + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM] = dyn;
++ {
++ d_tag_utype i =
++ DT_ADDRTAGIDX (dyn->d_tag) + DT_NUM + DT_THISPROCNUM
++ + DT_VERSIONTAGNUM + DT_EXTRANUM + DT_VALNUM;
++ info[i] = dyn;
++ }
+ ++dyn;
+ }
+
diff --git a/sys-libs/glibc/files/2.19/glibc-2.19-vdso-disable.patch b/sys-libs/glibc/files/2.19/glibc-2.19-vdso-disable.patch
new file mode 100644
index 0000000..31ed0d4
--- /dev/null
+++ b/sys-libs/glibc/files/2.19/glibc-2.19-vdso-disable.patch
@@ -0,0 +1,37 @@
+Disable vdso for some buggy kernels
+http://thread.gmane.org/gmane.comp.lib.glibc.user/1903
+
+Index: glibc-2.19/elf/dl-support.c
+===================================================================
+--- glibc-2.19.orig/elf/dl-support.c
++++ glibc-2.19/elf/dl-support.c
+@@ -260,16 +260,6 @@ _dl_aux_init (ElfW(auxv_t) *av)
+ case AT_FPUCW:
+ GLRO(dl_fpu_control) = av->a_un.a_val;
+ break;
+-#ifdef NEED_DL_SYSINFO
+- case AT_SYSINFO:
+- GL(dl_sysinfo) = av->a_un.a_val;
+- break;
+-#endif
+-#ifdef NEED_DL_SYSINFO_DSO
+- case AT_SYSINFO_EHDR:
+- GL(dl_sysinfo_dso) = (void *) av->a_un.a_val;
+- break;
+-#endif
+ case AT_UID:
+ uid ^= av->a_un.a_val;
+ seen |= 1;
+Index: glibc-2.19/elf/setup-vdso.h
+===================================================================
+--- glibc-2.19.orig/elf/setup-vdso.h
++++ glibc-2.19/elf/setup-vdso.h
+@@ -20,7 +20,7 @@ static inline void __attribute__ ((alway
+ setup_vdso (struct link_map *main_map __attribute__ ((unused)),
+ struct link_map ***first_preload __attribute__ ((unused)))
+ {
+-#ifdef NEED_DL_SYSINFO_DSO
++#if 0
+ if (GLRO(dl_sysinfo_dso) == NULL)
+ return;
+
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-configurable-paths.patch b/sys-libs/glibc/files/2.20/glibc-2.20-configurable-paths.patch
new file mode 100644
index 0000000..1480595
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-configurable-paths.patch
@@ -0,0 +1,3012 @@
+Index: glibc-2.20/nis/Makefile
+===================================================================
+--- glibc-2.20.orig/nis/Makefile
++++ glibc-2.20/nis/Makefile
+@@ -58,6 +58,11 @@ libnsl-routines = yp_xdr ypclnt ypupdate
+ nis_clone_res nss-default
+
+ libnss_compat-routines := $(addprefix compat-,grp pwd spwd initgroups)
++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"'
++CPPFLAGS-compat-grp.c = $(SYSCONF-FLAGS)
++CPPFLAGS-compat-pwd.c = $(SYSCONF-FLAGS)
++CPPFLAGS-compat-spwd.c = $(SYSCONF-FLAGS)
++CPPFLAGS-compat-initgroups.c = $(SYSCONF-FLAGS)
+ libnss_compat-inhibit-o = $(filter-out .os,$(object-suffixes))
+
+ libnss_nis-routines := $(addprefix nis-,$(databases)) nis-initgroups \
+Index: glibc-2.20/nis/nss_compat/compat-grp.c
+===================================================================
+--- glibc-2.20.orig/nis/nss_compat/compat-grp.c
++++ glibc-2.20/nis/nss_compat/compat-grp.c
+@@ -120,7 +120,7 @@ internal_setgrent (ent_t *ent, int stayo
+
+ if (ent->stream == NULL)
+ {
+- ent->stream = fopen ("/etc/group", "rme");
++ ent->stream = fopen (SYSCONFDIR "/group", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.20/nis/nss_compat/compat-initgroups.c
+===================================================================
+--- glibc-2.20.orig/nis/nss_compat/compat-initgroups.c
++++ glibc-2.20/nis/nss_compat/compat-initgroups.c
+@@ -136,7 +136,7 @@ internal_setgrent (ent_t *ent)
+ else
+ ent->blacklist.current = 0;
+
+- ent->stream = fopen ("/etc/group", "rme");
++ ent->stream = fopen (SYSCONFDIR "/group", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.20/nis/nss_compat/compat-pwd.c
+===================================================================
+--- glibc-2.20.orig/nis/nss_compat/compat-pwd.c
++++ glibc-2.20/nis/nss_compat/compat-pwd.c
+@@ -235,7 +235,7 @@ internal_setpwent (ent_t *ent, int stayo
+
+ if (ent->stream == NULL)
+ {
+- ent->stream = fopen ("/etc/passwd", "rme");
++ ent->stream = fopen (SYSCONFDIR "/passwd", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.20/nis/nss_compat/compat-spwd.c
+===================================================================
+--- glibc-2.20.orig/nis/nss_compat/compat-spwd.c
++++ glibc-2.20/nis/nss_compat/compat-spwd.c
+@@ -191,7 +191,7 @@ internal_setspent (ent_t *ent, int stayo
+
+ if (ent->stream == NULL)
+ {
+- ent->stream = fopen ("/etc/shadow", "rme");
++ ent->stream = fopen (SYSCONFDIR "/shadow", "rme");
+
+ if (ent->stream == NULL)
+ status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;
+Index: glibc-2.20/nss/Makefile
+===================================================================
+--- glibc-2.20.orig/nss/Makefile
++++ glibc-2.20/nss/Makefile
+@@ -41,6 +41,8 @@ extra-objs += $(makedb-modules:=.o)
+
+ tests = test-netdb tst-nss-test1 test-digits-dots
+ xtests = bug-erange
++SYSCONF-FLAGS := -D'SYSCONFDIR="$(sysconfdir)"'
++CPPFLAGS-bug-erange.c = $(SYSCONF-FLAGS)
+
+ # Specify rules for the nss_* modules. We have some services.
+ services := files db
+@@ -57,6 +59,8 @@ vpath %.c $(subdir-dirs) ../locale/progr
+
+ libnss_files-routines := $(addprefix files-,$(databases)) \
+ files-initgroups files-have_o_cloexec files-init
++CPPFLAGS-files-init.c = $(SYSCONF-FLAGS)
++CPPFLAGS-files-initgroups.c = $(SYSCONF-FLAGS)
+
+ libnss_db-dbs := $(addprefix db-,\
+ $(filter-out hosts network key alias,\
+@@ -102,7 +106,7 @@ $(libnss_db-dbs:%=$(objpfx)%.c): $(objpf
+
+ $(objpfx)makedb: $(makedb-modules:%=$(objpfx)%.o)
+
+-$(inst_vardbdir)/Makefile: db-Makefile $(+force)
++$(inst_vardbdir)/Makefile: $(objpfx)db-Makefile $(+force)
+ $(do-install)
+
+ CFLAGS-nss_test1.c = -DNOT_IN_libc=1
+Index: glibc-2.20/nss/bug-erange.c
+===================================================================
+--- glibc-2.20.orig/nss/bug-erange.c
++++ glibc-2.20/nss/bug-erange.c
+@@ -37,7 +37,7 @@ main (void)
+ {
+ printf ("gethostbyname_r failed: %s (errno: %m)\n", strerror (res));
+
+- if (access ("/etc/resolv.conf", R_OK))
++ if (access (SYSCONFDIR "/resolv.conf", R_OK))
+ {
+ puts ("DNS probably not set up");
+ return 0;
+Index: glibc-2.20/nss/nss_files/files-init.c
+===================================================================
+--- glibc-2.20.orig/nss/nss_files/files-init.c
++++ glibc-2.20/nss/nss_files/files-init.c
+@@ -35,33 +35,33 @@ static union \
+ } \
+ }
+
+-TF (pwd, "/etc/passwd");
+-TF (grp, "/etc/group");
+-TF (hst, "/etc/hosts");
+-TF (resolv, "/etc/resolv.conf", .call_res_init = 1);
+-TF (serv, "/etc/services");
+-TF (netgr, "/etc/netgroup");
++TF (pwd, SYSCONFDIR "/passwd");
++TF (grp, SYSCONFDIR "/group");
++TF (hst, SYSCONFDIR "/hosts");
++TF (resolv, SYSCONFDIR "/resolv.conf", .call_res_init = 1);
++TF (serv, SYSCONFDIR "/services");
++TF (netgr, SYSCONFDIR "/netgroup");
+
+
+ void
+ _nss_files_init (void (*cb) (size_t, struct traced_file *))
+ {
+- strcpy (pwd_traced_file.file.fname, "/etc/passwd");
++ strcpy (pwd_traced_file.file.fname, SYSCONFDIR "/passwd");
+ cb (pwddb, &pwd_traced_file.file);
+
+- strcpy (grp_traced_file.file.fname, "/etc/group");
++ strcpy (grp_traced_file.file.fname, SYSCONFDIR "/group");
+ cb (grpdb, &grp_traced_file.file);
+
+- strcpy (hst_traced_file.file.fname, "/etc/hosts");
++ strcpy (hst_traced_file.file.fname, SYSCONFDIR "/hosts");
+ cb (hstdb, &hst_traced_file.file);
+
+- strcpy (resolv_traced_file.file.fname, "/etc/resolv.conf");
++ strcpy (resolv_traced_file.file.fname, SYSCONFDIR "/resolv.conf");
+ cb (hstdb, &resolv_traced_file.file);
+
+- strcpy (serv_traced_file.file.fname, "/etc/services");
++ strcpy (serv_traced_file.file.fname, SYSCONFDIR "/services");
+ cb (servdb, &serv_traced_file.file);
+
+- strcpy (netgr_traced_file.file.fname, "/etc/netgroup");
++ strcpy (netgr_traced_file.file.fname, SYSCONFDIR "/netgroup");
+ cb (netgrdb, &netgr_traced_file.file);
+ }
+
+Index: glibc-2.20/nss/nss_files/files-initgroups.c
+===================================================================
+--- glibc-2.20.orig/nss/nss_files/files-initgroups.c
++++ glibc-2.20/nss/nss_files/files-initgroups.c
+@@ -31,7 +31,7 @@ _nss_files_initgroups_dyn (const char *u
+ long int *size, gid_t **groupsp, long int limit,
+ int *errnop)
+ {
+- FILE *stream = fopen ("/etc/group", "rce");
++ FILE *stream = fopen (SYSCONFDIR "/group", "rce");
+ if (stream == NULL)
+ {
+ *errnop = errno;
+Index: glibc-2.20/nss/db-Makefile
+===================================================================
+--- glibc-2.20.orig/nss/db-Makefile
++++ /dev/null
+@@ -1,166 +0,0 @@
+-# Makefile to (re-)generate db versions of system database files.
+-# Copyright (C) 1996-2014 Free Software Foundation, Inc.
+-# This file is part of the GNU C Library.
+-# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
+-#
+-
+-# The GNU C Library is free software; you can redistribute it and/or
+-# modify it under the terms of the GNU Lesser General Public
+-# License as published by the Free Software Foundation; either
+-# version 2.1 of the License, or (at your option) any later version.
+-
+-# The GNU C Library is distributed in the hope that it will be useful,
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+-# Lesser General Public License for more details.
+-
+-# You should have received a copy of the GNU Lesser General Public
+-# License along with the GNU C Library; if not, see
+-# <http://www.gnu.org/licenses/>.
+-
+-DATABASES = $(wildcard /etc/passwd /etc/group /etc/ethers /etc/protocols \
+- /etc/rpc /etc/services /etc/shadow /etc/gshadow \
+- /etc/netgroup)
+-
+-VAR_DB = /var/db
+-
+-AWK = awk
+-MAKEDB = makedb --quiet
+-
+-all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES)))
+-
+-
+-$(VAR_DB)/passwd.db: /etc/passwd
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$3; print }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/group.db: /etc/group
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$3; print; \
+- if ($$4 != "") { \
+- split($$4, grmems, ","); \
+- for (memidx in grmems) { \
+- mem=grmems[memidx]; \
+- if (members[mem] == "") \
+- members[mem]=$$3; \
+- else \
+- members[mem]=members[mem] "," $$3; \
+- } \
+- delete grmems; } } \
+- END { for (mem in members) \
+- printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/ethers.db: /etc/ethers
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) '/^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$2; print }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/protocols.db: /etc/protocols
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) '/^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$2; print; \
+- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
+- { printf ".%s ", $$i; print } }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/rpc.db: /etc/rpc
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) '/^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print; \
+- printf "=%s ", $$2; print; \
+- for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
+- { printf ".%s ", $$i; print } }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/services.db: /etc/services
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS="[ \t/]+" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { sub(/[ \t]*#.*$$/, "");\
+- printf ":%s/%s ", $$1, $$3; print; \
+- printf ":%s/ ", $$1; print; \
+- printf "=%s/%s ", $$2, $$3; print; \
+- printf "=%s/ ", $$2; print; \
+- for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \
+- { printf ":%s/%s ", $$i, $$3; print; \
+- printf ":%s/ ", $$i; print } }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+-
+-$(VAR_DB)/shadow.db: /etc/shadow
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
+- (umask 077 && $(MAKEDB) -o $@ -)
+- @echo "done."
+- @if chgrp shadow $@ 2>/dev/null; then \
+- chmod g+r $@; \
+- else \
+- chown 0 $@; chgrp 0 $@; chmod 600 $@; \
+- echo; \
+- echo "Warning: The shadow password database $@"; \
+- echo "has been set to be readable only by root. You may want"; \
+- echo "to make it readable by the \`shadow' group depending"; \
+- echo "on your configuration."; \
+- echo; \
+- fi
+-
+-$(VAR_DB)/gshadow.db: /etc/gshadow
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
+- (umask 077 && $(MAKEDB) -o $@ -)
+- @echo "done."
+- @if chgrp shadow $@ 2>/dev/null; then \
+- chmod g+r $@; \
+- else \
+- chown 0 $@; chgrp 0 $@; chmod 600 $@; \
+- echo; \
+- echo "Warning: The shadow group database $@"; \
+- echo "has been set to be readable only by root. You may want"; \
+- echo "to make it readable by the \`shadow' group depending"; \
+- echo "on your configuration."; \
+- echo; \
+- fi
+-
+-$(VAR_DB)/netgroup.db: /etc/netgroup
+- @echo -n "$(patsubst %.db,%,$(@F))... "
+- @$(AWK) 'BEGIN { ini=1 } \
+- /^[ \t]*$$/ { next } \
+- /^[ \t]*#/ { next } \
+- /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \
+- else end=""; \
+- gsub(/[ \t]+/, " "); \
+- sub(/^[ \t]*/, ""); \
+- if (ini == 0) printf "%s%s", $$0, end; \
+- else printf ".%s %s%s", $$1, $$0, end; \
+- ini=end == "" ? 0 : 1; } \
+- END { if (ini==0) printf "\n" }' $^ | \
+- $(MAKEDB) -o $@ -
+- @echo "done."
+Index: glibc-2.20/nss/db-Makefile.in
+===================================================================
+--- /dev/null
++++ glibc-2.20/nss/db-Makefile.in
+@@ -0,0 +1,173 @@
++
++# Makefile to (re-)generate db versions of system database files.
++# Copyright (C) 1996-2014 Free Software Foundation, Inc.
++# This file is part of the GNU C Library.
++# Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
++#
++
++# The GNU C Library is free software; you can redistribute it and/or
++# modify it under the terms of the GNU Lesser General Public
++# License as published by the Free Software Foundation; either
++# version 2.1 of the License, or (at your option) any later version.
++
++# The GNU C Library is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++# Lesser General Public License for more details.
++
++# You should have received a copy of the GNU Lesser General Public
++# License along with the GNU C Library; if not, see
++# <http://www.gnu.org/licenses/>.
++
++DATABASES = $(wildcard @libc_cv_sysconfdir@/passwd \
++ @libc_cv_sysconfdir@/group \
++ @libc_cv_sysconfdir@/ethers \
++ @libc_cv_sysconfdir@/protocols \
++ @libc_cv_sysconfdir@/rpc \
++ @libc_cv_sysconfdir@/services \
++ @libc_cv_sysconfdir@/shadow \
++ @libc_cv_sysconfdir@/gshadow \
++ @libc_cv_sysconfdir@/netgroup)
++
++VAR_DB = /var/db
++
++AWK = awk
++MAKEDB = makedb --quiet
++
++all: $(patsubst %,$(VAR_DB)/%.db,$(notdir $(DATABASES)))
++
++
++$(VAR_DB)/passwd.db: @libc_cv_sysconfdir@/passwd
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$3; print }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/group.db: @libc_cv_sysconfdir@/group
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$3; print; \
++ if ($$4 != "") { \
++ split($$4, grmems, ","); \
++ for (memidx in grmems) { \
++ mem=grmems[memidx]; \
++ if (members[mem] == "") \
++ members[mem]=$$3; \
++ else \
++ members[mem]=members[mem] "," $$3; \
++ } \
++ delete grmems; } } \
++ END { for (mem in members) \
++ printf ":%s %s %s\n", mem, mem, members[mem]; }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/ethers.db: @libc_cv_sysconfdir@/ethers
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) '/^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$2; print }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/protocols.db: @libc_cv_sysconfdir@/protocols
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) '/^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$2; print; \
++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
++ { printf ".%s ", $$i; print } }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/rpc.db: @libc_cv_sysconfdir@/rpc
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) '/^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print; \
++ printf "=%s ", $$2; print; \
++ for (i = 3; i <= NF && !($$i ~ /^#/); ++i) \
++ { printf ".%s ", $$i; print } }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/services.db: @libc_cv_sysconfdir@/services
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS="[ \t/]+" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { sub(/[ \t]*#.*$$/, "");\
++ printf ":%s/%s ", $$1, $$3; print; \
++ printf ":%s/ ", $$1; print; \
++ printf "=%s/%s ", $$2, $$3; print; \
++ printf "=%s/ ", $$2; print; \
++ for (i = 4; i <= NF && !($$i ~ /^#/); ++i) \
++ { printf ":%s/%s ", $$i, $$3; print; \
++ printf ":%s/ ", $$i; print } }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
++
++$(VAR_DB)/shadow.db: @libc_cv_sysconfdir@/shadow
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
++ (umask 077 && $(MAKEDB) -o $@ -)
++ @echo "done."
++ @if chgrp shadow $@ 2>/dev/null; then \
++ chmod g+r $@; \
++ else \
++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \
++ echo; \
++ echo "Warning: The shadow password database $@"; \
++ echo "has been set to be readable only by root. You may want"; \
++ echo "to make it readable by the \`shadow' group depending"; \
++ echo "on your configuration."; \
++ echo; \
++ fi
++
++$(VAR_DB)/gshadow.db: @libc_cv_sysconfdir@/gshadow
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { FS=":"; OFS=":" } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { printf ".%s ", $$1; print }' $^ | \
++ (umask 077 && $(MAKEDB) -o $@ -)
++ @echo "done."
++ @if chgrp shadow $@ 2>/dev/null; then \
++ chmod g+r $@; \
++ else \
++ chown 0 $@; chgrp 0 $@; chmod 600 $@; \
++ echo; \
++ echo "Warning: The shadow group database $@"; \
++ echo "has been set to be readable only by root. You may want"; \
++ echo "to make it readable by the \`shadow' group depending"; \
++ echo "on your configuration."; \
++ echo; \
++ fi
++
++$(VAR_DB)/netgroup.db: @libc_cv_sysconfdir@/netgroup
++ @echo -n "$(patsubst %.db,%,$(@F))... "
++ @$(AWK) 'BEGIN { ini=1 } \
++ /^[ \t]*$$/ { next } \
++ /^[ \t]*#/ { next } \
++ /^[^#]/ { if (sub(/[ \t]*\\$$/, " ") == 0) end="\n"; \
++ else end=""; \
++ gsub(/[ \t]+/, " "); \
++ sub(/^[ \t]*/, ""); \
++ if (ini == 0) printf "%s%s", $$0, end; \
++ else printf ".%s %s%s", $$1, $$0, end; \
++ ini=end == "" ? 0 : 1; } \
++ END { if (ini==0) printf "\n" }' $^ | \
++ $(MAKEDB) -o $@ -
++ @echo "done."
+Index: glibc-2.20/resolv/netdb.h
+===================================================================
+--- glibc-2.20.orig/resolv/netdb.h
++++ /dev/null
+@@ -1,715 +0,0 @@
+- /* Copyright (C) 1996-2014 Free Software Foundation, Inc.
+- This file is part of the GNU C Library.
+-
+- The GNU C Library is free software; you can redistribute it and/or
+- modify it under the terms of the GNU Lesser General Public
+- License as published by the Free Software Foundation; either
+- version 2.1 of the License, or (at your option) any later version.
+-
+- The GNU C Library is distributed in the hope that it will be useful,
+- but WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- Lesser General Public License for more details.
+-
+- You should have received a copy of the GNU Lesser General Public
+- License along with the GNU C Library; if not, see
+- <http://www.gnu.org/licenses/>. */
+-
+-/* All data returned by the network data base library are supplied in
+- host order and returned in network order (suitable for use in
+- system calls). */
+-
+-#ifndef _NETDB_H
+-#define _NETDB_H 1
+-
+-#include <features.h>
+-
+-#include <netinet/in.h>
+-#include <stdint.h>
+-#ifdef __USE_MISC
+-/* This is necessary to make this include file properly replace the
+- Sun version. */
+-# include <rpc/netdb.h>
+-#endif
+-
+-#ifdef __USE_GNU
+-# define __need_sigevent_t
+-# include <bits/siginfo.h>
+-# define __need_timespec
+-# include <time.h>
+-#endif
+-
+-#include <bits/netdb.h>
+-
+-/* Absolute file name for network data base files. */
+-#define _PATH_HEQUIV "/etc/hosts.equiv"
+-#define _PATH_HOSTS "/etc/hosts"
+-#define _PATH_NETWORKS "/etc/networks"
+-#define _PATH_NSSWITCH_CONF "/etc/nsswitch.conf"
+-#define _PATH_PROTOCOLS "/etc/protocols"
+-#define _PATH_SERVICES "/etc/services"
+-
+-
+-__BEGIN_DECLS
+-
+-#if defined __USE_MISC || !defined __USE_XOPEN2K8
+-/* Error status for non-reentrant lookup functions.
+- We use a macro to access always the thread-specific `h_errno' variable. */
+-# define h_errno (*__h_errno_location ())
+-
+-/* Function to get address of global `h_errno' variable. */
+-extern int *__h_errno_location (void) __THROW __attribute__ ((__const__));
+-
+-
+-/* Possible values left in `h_errno'. */
+-# define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found. */
+-# define TRY_AGAIN 2 /* Non-Authoritative Host not found,
+- or SERVERFAIL. */
+-# define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED,
+- NOTIMP. */
+-# define NO_DATA 4 /* Valid name, no data record of requested
+- type. */
+-#endif
+-#ifdef __USE_MISC
+-# define NETDB_INTERNAL -1 /* See errno. */
+-# define NETDB_SUCCESS 0 /* No problem. */
+-# define NO_ADDRESS NO_DATA /* No address, look for MX record. */
+-#endif
+-
+-#if defined __USE_XOPEN2K || defined __USE_XOPEN_EXTENDED
+-/* Highest reserved Internet port number. */
+-# define IPPORT_RESERVED 1024
+-#endif
+-
+-#ifdef __USE_GNU
+-/* Scope delimiter for getaddrinfo(), getnameinfo(). */
+-# define SCOPE_DELIMITER '%'
+-#endif
+-
+-#ifdef __USE_MISC
+-/* Print error indicated by `h_errno' variable on standard error. STR
+- if non-null is printed before the error string. */
+-extern void herror (const char *__str) __THROW;
+-
+-/* Return string associated with error ERR_NUM. */
+-extern const char *hstrerror (int __err_num) __THROW;
+-#endif
+-
+-
+-/* Description of data base entry for a single host. */
+-struct hostent
+-{
+- char *h_name; /* Official name of host. */
+- char **h_aliases; /* Alias list. */
+- int h_addrtype; /* Host address type. */
+- int h_length; /* Length of address. */
+- char **h_addr_list; /* List of addresses from name server. */
+-#ifdef __USE_MISC
+-# define h_addr h_addr_list[0] /* Address, for backward compatibility.*/
+-#endif
+-};
+-
+-/* Open host data base files and mark them as staying open even after
+- a later search if STAY_OPEN is non-zero.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void sethostent (int __stay_open);
+-
+-/* Close host data base files and clear `stay open' flag.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void endhostent (void);
+-
+-/* Get next entry from host data base file. Open data base if
+- necessary.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct hostent *gethostent (void);
+-
+-/* Return entry from host data base which address match ADDR with
+- length LEN and type TYPE.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct hostent *gethostbyaddr (const void *__addr, __socklen_t __len,
+- int __type);
+-
+-/* Return entry from host data base for host with NAME.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct hostent *gethostbyname (const char *__name);
+-
+-#ifdef __USE_MISC
+-/* Return entry from host data base for host with NAME. AF must be
+- set to the address type which is `AF_INET' for IPv4 or `AF_INET6'
+- for IPv6.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern struct hostent *gethostbyname2 (const char *__name, int __af);
+-
+-/* Reentrant versions of the functions above. The additional
+- arguments specify a buffer of BUFLEN starting at BUF. The last
+- argument is a pointer to a variable which gets the value which
+- would be stored in the global variable `herrno' by the
+- non-reentrant functions.
+-
+- These functions are not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation they are cancellation points and
+- therefore not marked with __THROW. */
+-extern int gethostent_r (struct hostent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct hostent **__restrict __result,
+- int *__restrict __h_errnop);
+-
+-extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len,
+- int __type,
+- struct hostent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct hostent **__restrict __result,
+- int *__restrict __h_errnop);
+-
+-extern int gethostbyname_r (const char *__restrict __name,
+- struct hostent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct hostent **__restrict __result,
+- int *__restrict __h_errnop);
+-
+-extern int gethostbyname2_r (const char *__restrict __name, int __af,
+- struct hostent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct hostent **__restrict __result,
+- int *__restrict __h_errnop);
+-#endif /* misc */
+-
+-
+-/* Open network data base files and mark them as staying open even
+- after a later search if STAY_OPEN is non-zero.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void setnetent (int __stay_open);
+-
+-/* Close network data base files and clear `stay open' flag.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void endnetent (void);
+-
+-/* Get next entry from network data base file. Open data base if
+- necessary.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct netent *getnetent (void);
+-
+-/* Return entry from network data base which address match NET and
+- type TYPE.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct netent *getnetbyaddr (uint32_t __net, int __type);
+-
+-/* Return entry from network data base for network with NAME.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct netent *getnetbyname (const char *__name);
+-
+-#ifdef __USE_MISC
+-/* Reentrant versions of the functions above. The additional
+- arguments specify a buffer of BUFLEN starting at BUF. The last
+- argument is a pointer to a variable which gets the value which
+- would be stored in the global variable `herrno' by the
+- non-reentrant functions.
+-
+- These functions are not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation they are cancellation points and
+- therefore not marked with __THROW. */
+-extern int getnetent_r (struct netent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct netent **__restrict __result,
+- int *__restrict __h_errnop);
+-
+-extern int getnetbyaddr_r (uint32_t __net, int __type,
+- struct netent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct netent **__restrict __result,
+- int *__restrict __h_errnop);
+-
+-extern int getnetbyname_r (const char *__restrict __name,
+- struct netent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct netent **__restrict __result,
+- int *__restrict __h_errnop);
+-#endif /* misc */
+-
+-
+-/* Description of data base entry for a single service. */
+-struct servent
+-{
+- char *s_name; /* Official service name. */
+- char **s_aliases; /* Alias list. */
+- int s_port; /* Port number. */
+- char *s_proto; /* Protocol to use. */
+-};
+-
+-/* Open service data base files and mark them as staying open even
+- after a later search if STAY_OPEN is non-zero.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void setservent (int __stay_open);
+-
+-/* Close service data base files and clear `stay open' flag.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void endservent (void);
+-
+-/* Get next entry from service data base file. Open data base if
+- necessary.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct servent *getservent (void);
+-
+-/* Return entry from network data base for network with NAME and
+- protocol PROTO.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct servent *getservbyname (const char *__name, const char *__proto);
+-
+-/* Return entry from service data base which matches port PORT and
+- protocol PROTO.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct servent *getservbyport (int __port, const char *__proto);
+-
+-
+-#ifdef __USE_MISC
+-/* Reentrant versions of the functions above. The additional
+- arguments specify a buffer of BUFLEN starting at BUF.
+-
+- These functions are not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation they are cancellation points and
+- therefore not marked with __THROW. */
+-extern int getservent_r (struct servent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct servent **__restrict __result);
+-
+-extern int getservbyname_r (const char *__restrict __name,
+- const char *__restrict __proto,
+- struct servent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct servent **__restrict __result);
+-
+-extern int getservbyport_r (int __port, const char *__restrict __proto,
+- struct servent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct servent **__restrict __result);
+-#endif /* misc */
+-
+-
+-/* Description of data base entry for a single service. */
+-struct protoent
+-{
+- char *p_name; /* Official protocol name. */
+- char **p_aliases; /* Alias list. */
+- int p_proto; /* Protocol number. */
+-};
+-
+-/* Open protocol data base files and mark them as staying open even
+- after a later search if STAY_OPEN is non-zero.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void setprotoent (int __stay_open);
+-
+-/* Close protocol data base files and clear `stay open' flag.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern void endprotoent (void);
+-
+-/* Get next entry from protocol data base file. Open data base if
+- necessary.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct protoent *getprotoent (void);
+-
+-/* Return entry from protocol data base for network with NAME.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct protoent *getprotobyname (const char *__name);
+-
+-/* Return entry from protocol data base which number is PROTO.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern struct protoent *getprotobynumber (int __proto);
+-
+-
+-#ifdef __USE_MISC
+-/* Reentrant versions of the functions above. The additional
+- arguments specify a buffer of BUFLEN starting at BUF.
+-
+- These functions are not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation they are cancellation points and
+- therefore not marked with __THROW. */
+-extern int getprotoent_r (struct protoent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct protoent **__restrict __result);
+-
+-extern int getprotobyname_r (const char *__restrict __name,
+- struct protoent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct protoent **__restrict __result);
+-
+-extern int getprotobynumber_r (int __proto,
+- struct protoent *__restrict __result_buf,
+- char *__restrict __buf, size_t __buflen,
+- struct protoent **__restrict __result);
+-
+-
+-/* Establish network group NETGROUP for enumeration.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int setnetgrent (const char *__netgroup);
+-
+-/* Free all space allocated by previous `setnetgrent' call.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern void endnetgrent (void);
+-
+-/* Get next member of netgroup established by last `setnetgrent' call
+- and return pointers to elements in HOSTP, USERP, and DOMAINP.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int getnetgrent (char **__restrict __hostp,
+- char **__restrict __userp,
+- char **__restrict __domainp);
+-
+-
+-/* Test whether NETGROUP contains the triple (HOST,USER,DOMAIN).
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int innetgr (const char *__netgroup, const char *__host,
+- const char *__user, const char *__domain);
+-
+-/* Reentrant version of `getnetgrent' where result is placed in BUFFER.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int getnetgrent_r (char **__restrict __hostp,
+- char **__restrict __userp,
+- char **__restrict __domainp,
+- char *__restrict __buffer, size_t __buflen);
+-#endif /* misc */
+-
+-
+-#ifdef __USE_MISC
+-/* Call `rshd' at port RPORT on remote machine *AHOST to execute CMD.
+- The local user is LOCUSER, on the remote machine the command is
+- executed as REMUSER. In *FD2P the descriptor to the socket for the
+- connection is returned. The caller must have the right to use a
+- reserved port. When the function returns *AHOST contains the
+- official host name.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int rcmd (char **__restrict __ahost, unsigned short int __rport,
+- const char *__restrict __locuser,
+- const char *__restrict __remuser,
+- const char *__restrict __cmd, int *__restrict __fd2p);
+-
+-/* This is the equivalent function where the protocol can be selected
+- and which therefore can be used for IPv6.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int rcmd_af (char **__restrict __ahost, unsigned short int __rport,
+- const char *__restrict __locuser,
+- const char *__restrict __remuser,
+- const char *__restrict __cmd, int *__restrict __fd2p,
+- sa_family_t __af);
+-
+-/* Call `rexecd' at port RPORT on remote machine *AHOST to execute
+- CMD. The process runs at the remote machine using the ID of user
+- NAME whose cleartext password is PASSWD. In *FD2P the descriptor
+- to the socket for the connection is returned. When the function
+- returns *AHOST contains the official host name.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int rexec (char **__restrict __ahost, int __rport,
+- const char *__restrict __name,
+- const char *__restrict __pass,
+- const char *__restrict __cmd, int *__restrict __fd2p);
+-
+-/* This is the equivalent function where the protocol can be selected
+- and which therefore can be used for IPv6.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int rexec_af (char **__restrict __ahost, int __rport,
+- const char *__restrict __name,
+- const char *__restrict __pass,
+- const char *__restrict __cmd, int *__restrict __fd2p,
+- sa_family_t __af);
+-
+-/* Check whether user REMUSER on system RHOST is allowed to login as LOCUSER.
+- If SUSER is not zero the user tries to become superuser. Return 0 if
+- it is possible.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int ruserok (const char *__rhost, int __suser,
+- const char *__remuser, const char *__locuser);
+-
+-/* This is the equivalent function where the protocol can be selected
+- and which therefore can be used for IPv6.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int ruserok_af (const char *__rhost, int __suser,
+- const char *__remuser, const char *__locuser,
+- sa_family_t __af);
+-
+-/* Check whether user REMUSER on system indicated by IPv4 address
+- RADDR is allowed to login as LOCUSER. Non-IPv4 (e.g., IPv6) are
+- not supported. If SUSER is not zero the user tries to become
+- superuser. Return 0 if it is possible.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int iruserok (uint32_t __raddr, int __suser,
+- const char *__remuser, const char *__locuser);
+-
+-/* This is the equivalent function where the pfamiliy if the address
+- pointed to by RADDR is determined by the value of AF. It therefore
+- can be used for IPv6
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int iruserok_af (const void *__raddr, int __suser,
+- const char *__remuser, const char *__locuser,
+- sa_family_t __af);
+-
+-/* Try to allocate reserved port, returning a descriptor for a socket opened
+- at this port or -1 if unsuccessful. The search for an available port
+- will start at ALPORT and continues with lower numbers.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int rresvport (int *__alport);
+-
+-/* This is the equivalent function where the protocol can be selected
+- and which therefore can be used for IPv6.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int rresvport_af (int *__alport, sa_family_t __af);
+-#endif
+-
+-
+-/* Extension from POSIX.1g. */
+-#ifdef __USE_POSIX
+-/* Structure to contain information about address of a service provider. */
+-struct addrinfo
+-{
+- int ai_flags; /* Input flags. */
+- int ai_family; /* Protocol family for socket. */
+- int ai_socktype; /* Socket type. */
+- int ai_protocol; /* Protocol for socket. */
+- socklen_t ai_addrlen; /* Length of socket address. */
+- struct sockaddr *ai_addr; /* Socket address for socket. */
+- char *ai_canonname; /* Canonical name for service location. */
+- struct addrinfo *ai_next; /* Pointer to next in list. */
+-};
+-
+-# ifdef __USE_GNU
+-/* Structure used as control block for asynchronous lookup. */
+-struct gaicb
+-{
+- const char *ar_name; /* Name to look up. */
+- const char *ar_service; /* Service name. */
+- const struct addrinfo *ar_request; /* Additional request specification. */
+- struct addrinfo *ar_result; /* Pointer to result. */
+- /* The following are internal elements. */
+- int __return;
+- int __glibc_reserved[5];
+-};
+-
+-/* Lookup mode. */
+-# define GAI_WAIT 0
+-# define GAI_NOWAIT 1
+-# endif
+-
+-/* Possible values for `ai_flags' field in `addrinfo' structure. */
+-# define AI_PASSIVE 0x0001 /* Socket address is intended for `bind'. */
+-# define AI_CANONNAME 0x0002 /* Request for canonical name. */
+-# define AI_NUMERICHOST 0x0004 /* Don't use name resolution. */
+-# define AI_V4MAPPED 0x0008 /* IPv4 mapped addresses are acceptable. */
+-# define AI_ALL 0x0010 /* Return IPv4 mapped and IPv6 addresses. */
+-# define AI_ADDRCONFIG 0x0020 /* Use configuration of this host to choose
+- returned address type.. */
+-# ifdef __USE_GNU
+-# define AI_IDN 0x0040 /* IDN encode input (assuming it is encoded
+- in the current locale's character set)
+- before looking it up. */
+-# define AI_CANONIDN 0x0080 /* Translate canonical name from IDN format. */
+-# define AI_IDN_ALLOW_UNASSIGNED 0x0100 /* Don't reject unassigned Unicode
+- code points. */
+-# define AI_IDN_USE_STD3_ASCII_RULES 0x0200 /* Validate strings according to
+- STD3 rules. */
+-# endif
+-# define AI_NUMERICSERV 0x0400 /* Don't use name resolution. */
+-
+-/* Error values for `getaddrinfo' function. */
+-# define EAI_BADFLAGS -1 /* Invalid value for `ai_flags' field. */
+-# define EAI_NONAME -2 /* NAME or SERVICE is unknown. */
+-# define EAI_AGAIN -3 /* Temporary failure in name resolution. */
+-# define EAI_FAIL -4 /* Non-recoverable failure in name res. */
+-# define EAI_FAMILY -6 /* `ai_family' not supported. */
+-# define EAI_SOCKTYPE -7 /* `ai_socktype' not supported. */
+-# define EAI_SERVICE -8 /* SERVICE not supported for `ai_socktype'. */
+-# define EAI_MEMORY -10 /* Memory allocation failure. */
+-# define EAI_SYSTEM -11 /* System error returned in `errno'. */
+-# define EAI_OVERFLOW -12 /* Argument buffer overflow. */
+-# ifdef __USE_GNU
+-# define EAI_NODATA -5 /* No address associated with NAME. */
+-# define EAI_ADDRFAMILY -9 /* Address family for NAME not supported. */
+-# define EAI_INPROGRESS -100 /* Processing request in progress. */
+-# define EAI_CANCELED -101 /* Request canceled. */
+-# define EAI_NOTCANCELED -102 /* Request not canceled. */
+-# define EAI_ALLDONE -103 /* All requests done. */
+-# define EAI_INTR -104 /* Interrupted by a signal. */
+-# define EAI_IDN_ENCODE -105 /* IDN encoding failed. */
+-# endif
+-
+-# ifdef __USE_MISC
+-# define NI_MAXHOST 1025
+-# define NI_MAXSERV 32
+-# endif
+-
+-# define NI_NUMERICHOST 1 /* Don't try to look up hostname. */
+-# define NI_NUMERICSERV 2 /* Don't convert port number to name. */
+-# define NI_NOFQDN 4 /* Only return nodename portion. */
+-# define NI_NAMEREQD 8 /* Don't return numeric addresses. */
+-# define NI_DGRAM 16 /* Look up UDP service rather than TCP. */
+-# ifdef __USE_GNU
+-# define NI_IDN 32 /* Convert name from IDN format. */
+-# define NI_IDN_ALLOW_UNASSIGNED 64 /* Don't reject unassigned Unicode
+- code points. */
+-# define NI_IDN_USE_STD3_ASCII_RULES 128 /* Validate strings according to
+- STD3 rules. */
+-# endif
+-
+-/* Translate name of a service location and/or a service name to set of
+- socket addresses.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern int getaddrinfo (const char *__restrict __name,
+- const char *__restrict __service,
+- const struct addrinfo *__restrict __req,
+- struct addrinfo **__restrict __pai);
+-
+-/* Free `addrinfo' structure AI including associated storage. */
+-extern void freeaddrinfo (struct addrinfo *__ai) __THROW;
+-
+-/* Convert error return from getaddrinfo() to a string. */
+-extern const char *gai_strerror (int __ecode) __THROW;
+-
+-/* Translate a socket address to a location and service name.
+-
+- This function is a possible cancellation point and therefore not
+- marked with __THROW. */
+-extern int getnameinfo (const struct sockaddr *__restrict __sa,
+- socklen_t __salen, char *__restrict __host,
+- socklen_t __hostlen, char *__restrict __serv,
+- socklen_t __servlen, int __flags);
+-#endif /* POSIX */
+-
+-#ifdef __USE_GNU
+-/* Enqueue ENT requests from the LIST. If MODE is GAI_WAIT wait until all
+- requests are handled. If WAIT is GAI_NOWAIT return immediately after
+- queueing the requests and signal completion according to SIG.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int getaddrinfo_a (int __mode, struct gaicb *__list[__restrict_arr],
+- int __ent, struct sigevent *__restrict __sig);
+-
+-/* Suspend execution of the thread until at least one of the ENT requests
+- in LIST is handled. If TIMEOUT is not a null pointer it specifies the
+- longest time the function keeps waiting before returning with an error.
+-
+- This function is not part of POSIX and therefore no official
+- cancellation point. But due to similarity with an POSIX interface
+- or due to the implementation it is a cancellation point and
+- therefore not marked with __THROW. */
+-extern int gai_suspend (const struct gaicb *const __list[], int __ent,
+- const struct timespec *__timeout);
+-
+-/* Get the error status of the request REQ. */
+-extern int gai_error (struct gaicb *__req) __THROW;
+-
+-/* Cancel the requests associated with GAICBP. */
+-extern int gai_cancel (struct gaicb *__gaicbp) __THROW;
+-#endif /* GNU */
+-
+-__END_DECLS
+-
+-#endif /* netdb.h */
+Index: glibc-2.20/resolv/resolv.h
+===================================================================
+--- glibc-2.20.orig/resolv/resolv.h
++++ /dev/null
+@@ -1,389 +0,0 @@
+-/*
+- * Copyright (c) 1983, 1987, 1989
+- * The Regents of the University of California. All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- * notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- * notice, this list of conditions and the following disclaimer in the
+- * documentation and/or other materials provided with the distribution.
+- * 4. Neither the name of the University nor the names of its contributors
+- * may be used to endorse or promote products derived from this software
+- * without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- */
+-
+-/*
+- * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
+- *
+- * Permission to use, copy, modify, and distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+- * SOFTWARE.
+- */
+-
+-/*
+- * @(#)resolv.h 8.1 (Berkeley) 6/2/93
+- * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $
+- */
+-
+-#ifndef _RESOLV_H_
+-
+-/* These headers are needed for types used in the `struct res_state'
+- declaration. */
+-#include <sys/types.h>
+-#include <netinet/in.h>
+-
+-#ifndef __need_res_state
+-# define _RESOLV_H_
+-
+-# include <sys/param.h>
+-# include <sys/cdefs.h>
+-# include <stdio.h>
+-# include <arpa/nameser.h>
+-#endif
+-
+-#ifndef __res_state_defined
+-# define __res_state_defined
+-
+-typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error }
+- res_sendhookact;
+-
+-typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns,
+- const u_char **__query,
+- int *__querylen,
+- u_char *__ans,
+- int __anssiz,
+- int *__resplen);
+-
+-typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns,
+- const u_char *__query,
+- int __querylen,
+- u_char *__ans,
+- int __anssiz,
+- int *__resplen);
+-
+-/*
+- * Global defines and variables for resolver stub.
+- */
+-# define MAXNS 3 /* max # name servers we'll track */
+-# define MAXDFLSRCH 3 /* # default domain levels to try */
+-# define MAXDNSRCH 6 /* max # domains in search path */
+-# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */
+-
+-# define RES_TIMEOUT 5 /* min. seconds between retries */
+-# define MAXRESOLVSORT 10 /* number of net to sort on */
+-# define RES_MAXNDOTS 15 /* should reflect bit field size */
+-# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */
+-# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */
+-# define RES_DFLRETRY 2 /* Default #/tries. */
+-# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */
+-
+-struct __res_state {
+- int retrans; /* retransmition time interval */
+- int retry; /* number of times to retransmit */
+- u_long options; /* option flags - see below. */
+- int nscount; /* number of name servers */
+- struct sockaddr_in
+- nsaddr_list[MAXNS]; /* address of name server */
+-# define nsaddr nsaddr_list[0] /* for backward compatibility */
+- u_short id; /* current message id */
+- /* 2 byte hole here. */
+- char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */
+- char defdname[256]; /* default domain (deprecated) */
+- u_long pfcode; /* RES_PRF_ flags - see below. */
+- unsigned ndots:4; /* threshold for initial abs. query */
+- unsigned nsort:4; /* number of elements in sort_list[] */
+- unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */
+- unsigned unused:23;
+- struct {
+- struct in_addr addr;
+- u_int32_t mask;
+- } sort_list[MAXRESOLVSORT];
+- /* 4 byte hole here on 64-bit architectures. */
+- res_send_qhook qhook; /* query hook */
+- res_send_rhook rhook; /* response hook */
+- int res_h_errno; /* last one set for this context */
+- int _vcsock; /* PRIVATE: for res_send VC i/o */
+- u_int _flags; /* PRIVATE: see below */
+- /* 4 byte hole here on 64-bit architectures. */
+- union {
+- char pad[52]; /* On an i386 this means 512b total. */
+- struct {
+- u_int16_t nscount;
+- u_int16_t nsmap[MAXNS];
+- int nssocks[MAXNS];
+- u_int16_t nscount6;
+- u_int16_t nsinit;
+- struct sockaddr_in6 *nsaddrs[MAXNS];
+-#ifdef _LIBC
+- unsigned long long int initstamp
+- __attribute__((packed));
+-#else
+- unsigned int _initstamp[2];
+-#endif
+- } _ext;
+- } _u;
+-};
+-
+-typedef struct __res_state *res_state;
+-# undef __need_res_state
+-#endif
+-
+-#ifdef _RESOLV_H_
+-/*
+- * Revision information. This is the release date in YYYYMMDD format.
+- * It can change every day so the right thing to do with it is use it
+- * in preprocessor commands such as "#if (__RES > 19931104)". Do not
+- * compare for equality; rather, use it to determine whether your resolver
+- * is new enough to contain a certain feature.
+- */
+-
+-#define __RES 19991006
+-
+-/*
+- * Resolver configuration file.
+- * Normally not present, but may contain the address of the
+- * inital name server(s) to query and the domain search list.
+- */
+-
+-#ifndef _PATH_RESCONF
+-#define _PATH_RESCONF "/etc/resolv.conf"
+-#endif
+-
+-struct res_sym {
+- int number; /* Identifying number, like T_MX */
+- char * name; /* Its symbolic name, like "MX" */
+- char * humanname; /* Its fun name, like "mail exchanger" */
+-};
+-
+-/*
+- * Resolver flags (used to be discrete per-module statics ints).
+- */
+-#define RES_F_VC 0x00000001 /* socket is TCP */
+-#define RES_F_CONN 0x00000002 /* socket is connected */
+-#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */
+-
+-/* res_findzonecut() options */
+-#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */
+-
+-/*
+- * Resolver options (keep these in synch with res_debug.c, please)
+- */
+-#define RES_INIT 0x00000001 /* address initialized */
+-#define RES_DEBUG 0x00000002 /* print debug messages */
+-#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/
+-#define RES_USEVC 0x00000008 /* use virtual circuit */
+-#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */
+-#define RES_IGNTC 0x00000020 /* ignore trucation errors */
+-#define RES_RECURSE 0x00000040 /* recursion desired */
+-#define RES_DEFNAMES 0x00000080 /* use default domain name */
+-#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */
+-#define RES_DNSRCH 0x00000200 /* search up local domain tree */
+-#define RES_INSECURE1 0x00000400 /* type 1 security disabled */
+-#define RES_INSECURE2 0x00000800 /* type 2 security disabled */
+-#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
+-#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
+-#define RES_ROTATE 0x00004000 /* rotate ns list after each query */
+-#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */
+-#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */
+-#define RES_BLAST 0x00020000 /* blast all recursive servers */
+-#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte
+- strings */
+-#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6
+- reverse lookup */
+-#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */
+-#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */
+-#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each
+- request */
+-#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */
+-#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name
+- as a TLD. */
+-
+-#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)
+-
+-/*
+- * Resolver "pfcode" values. Used by dig.
+- */
+-#define RES_PRF_STATS 0x00000001
+-#define RES_PRF_UPDATE 0x00000002
+-#define RES_PRF_CLASS 0x00000004
+-#define RES_PRF_CMD 0x00000008
+-#define RES_PRF_QUES 0x00000010
+-#define RES_PRF_ANS 0x00000020
+-#define RES_PRF_AUTH 0x00000040
+-#define RES_PRF_ADD 0x00000080
+-#define RES_PRF_HEAD1 0x00000100
+-#define RES_PRF_HEAD2 0x00000200
+-#define RES_PRF_TTLID 0x00000400
+-#define RES_PRF_HEADX 0x00000800
+-#define RES_PRF_QUERY 0x00001000
+-#define RES_PRF_REPLY 0x00002000
+-#define RES_PRF_INIT 0x00004000
+-/* 0x00008000 */
+-
+-/* Things involving an internal (static) resolver context. */
+-__BEGIN_DECLS
+-extern struct __res_state *__res_state(void) __attribute__ ((__const__));
+-__END_DECLS
+-#define _res (*__res_state())
+-
+-#ifndef __BIND_NOSTATIC
+-#define fp_nquery __fp_nquery
+-#define fp_query __fp_query
+-#define hostalias __hostalias
+-#define p_query __p_query
+-#define res_close __res_close
+-#define res_init __res_init
+-#define res_isourserver __res_isourserver
+-#define res_mkquery __res_mkquery
+-#define res_query __res_query
+-#define res_querydomain __res_querydomain
+-#define res_search __res_search
+-#define res_send __res_send
+-
+-__BEGIN_DECLS
+-void fp_nquery (const u_char *, int, FILE *) __THROW;
+-void fp_query (const u_char *, FILE *) __THROW;
+-const char * hostalias (const char *) __THROW;
+-void p_query (const u_char *) __THROW;
+-void res_close (void) __THROW;
+-int res_init (void) __THROW;
+-int res_isourserver (const struct sockaddr_in *) __THROW;
+-int res_mkquery (int, const char *, int, int, const u_char *,
+- int, const u_char *, u_char *, int) __THROW;
+-int res_query (const char *, int, int, u_char *, int) __THROW;
+-int res_querydomain (const char *, const char *, int, int,
+- u_char *, int) __THROW;
+-int res_search (const char *, int, int, u_char *, int) __THROW;
+-int res_send (const u_char *, int, u_char *, int) __THROW;
+-__END_DECLS
+-#endif
+-
+-#define b64_ntop __b64_ntop
+-#define b64_pton __b64_pton
+-#define dn_comp __dn_comp
+-#define dn_count_labels __dn_count_labels
+-#define dn_expand __dn_expand
+-#define dn_skipname __dn_skipname
+-#define fp_resstat __fp_resstat
+-#define loc_aton __loc_aton
+-#define loc_ntoa __loc_ntoa
+-#define p_cdname __p_cdname
+-#define p_cdnname __p_cdnname
+-#define p_class __p_class
+-#define p_fqname __p_fqname
+-#define p_fqnname __p_fqnname
+-#define p_option __p_option
+-#define p_secstodate __p_secstodate
+-#define p_section __p_section
+-#define p_time __p_time
+-#define p_type __p_type
+-#define p_rcode __p_rcode
+-#define putlong __putlong
+-#define putshort __putshort
+-#define res_dnok __res_dnok
+-#define res_hnok __res_hnok
+-#define res_hostalias __res_hostalias
+-#define res_mailok __res_mailok
+-#define res_nameinquery __res_nameinquery
+-#define res_nclose __res_nclose
+-#define res_ninit __res_ninit
+-#define res_nmkquery __res_nmkquery
+-#define res_npquery __res_npquery
+-#define res_nquery __res_nquery
+-#define res_nquerydomain __res_nquerydomain
+-#define res_nsearch __res_nsearch
+-#define res_nsend __res_nsend
+-#define res_nisourserver __res_nisourserver
+-#define res_ownok __res_ownok
+-#define res_queriesmatch __res_queriesmatch
+-#define res_randomid __res_randomid
+-#define sym_ntop __sym_ntop
+-#define sym_ntos __sym_ntos
+-#define sym_ston __sym_ston
+-__BEGIN_DECLS
+-int res_hnok (const char *) __THROW;
+-int res_ownok (const char *) __THROW;
+-int res_mailok (const char *) __THROW;
+-int res_dnok (const char *) __THROW;
+-int sym_ston (const struct res_sym *, const char *, int *) __THROW;
+-const char * sym_ntos (const struct res_sym *, int, int *) __THROW;
+-const char * sym_ntop (const struct res_sym *, int, int *) __THROW;
+-int b64_ntop (u_char const *, size_t, char *, size_t) __THROW;
+-int b64_pton (char const *, u_char *, size_t) __THROW;
+-int loc_aton (const char *__ascii, u_char *__binary) __THROW;
+-const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW;
+-int dn_skipname (const u_char *, const u_char *) __THROW;
+-void putlong (u_int32_t, u_char *) __THROW;
+-void putshort (u_int16_t, u_char *) __THROW;
+-const char * p_class (int) __THROW;
+-const char * p_time (u_int32_t) __THROW;
+-const char * p_type (int) __THROW;
+-const char * p_rcode (int) __THROW;
+-const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *)
+- __THROW;
+-const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW;
+-const u_char * p_fqnname (const u_char *__cp, const u_char *__msg,
+- int, char *, int) __THROW;
+-const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW;
+-const char * p_option (u_long __option) __THROW;
+-char * p_secstodate (u_long) __THROW;
+-int dn_count_labels (const char *) __THROW;
+-int dn_comp (const char *, u_char *, int, u_char **, u_char **)
+- __THROW;
+-int dn_expand (const u_char *, const u_char *, const u_char *,
+- char *, int) __THROW;
+-u_int res_randomid (void) __THROW;
+-int res_nameinquery (const char *, int, int,
+- const u_char *, const u_char *) __THROW;
+-int res_queriesmatch (const u_char *, const u_char *,
+- const u_char *, const u_char *) __THROW;
+-const char * p_section (int __section, int __opcode) __THROW;
+-/* Things involving a resolver context. */
+-int res_ninit (res_state) __THROW;
+-int res_nisourserver (const res_state,
+- const struct sockaddr_in *) __THROW;
+-void fp_resstat (const res_state, FILE *) __THROW;
+-void res_npquery (const res_state, const u_char *, int, FILE *)
+- __THROW;
+-const char * res_hostalias (const res_state, const char *, char *, size_t)
+- __THROW;
+-int res_nquery (res_state, const char *, int, int, u_char *, int)
+- __THROW;
+-int res_nsearch (res_state, const char *, int, int, u_char *, int)
+- __THROW;
+-int res_nquerydomain (res_state, const char *, const char *, int,
+- int, u_char *, int) __THROW;
+-int res_nmkquery (res_state, int, const char *, int, int,
+- const u_char *, int, const u_char *, u_char *,
+- int) __THROW;
+-int res_nsend (res_state, const u_char *, int, u_char *, int)
+- __THROW;
+-void res_nclose (res_state) __THROW;
+-__END_DECLS
+-#endif
+-
+-#endif /* !_RESOLV_H_ */
+Index: glibc-2.20/shadow/Makefile
+===================================================================
+--- glibc-2.20.orig/shadow/Makefile
++++ glibc-2.20/shadow/Makefile
+@@ -36,5 +36,6 @@ CFLAGS-fgetspent_r.c = -fexceptions $(li
+ CFLAGS-putspent.c = -fexceptions $(libio-mtsafe)
+ CFLAGS-getspnam.c = -fexceptions
+ CFLAGS-getspnam_r.c = -fexceptions
++CPPFLAGS-lckpwdf.c = -DSYSCONFDIR='"$(sysconfdir)"'
+
+ include ../Rules
+Index: glibc-2.20/shadow/lckpwdf.c
+===================================================================
+--- glibc-2.20.orig/shadow/lckpwdf.c
++++ glibc-2.20/shadow/lckpwdf.c
+@@ -29,7 +29,7 @@
+
+
+ /* Name of the lock file. */
+-#define PWD_LOCKFILE "/etc/.pwd.lock"
++#define PWD_LOCKFILE SYSCONFDIR "/.pwd.lock"
+
+ /* How long to wait for getting the lock before returning with an
+ error. */
+Index: glibc-2.20/configure.ac
+===================================================================
+--- glibc-2.20.orig/configure.ac
++++ glibc-2.20/configure.ac
+@@ -2038,7 +2038,8 @@ RELEASE=`sed -n -e 's/^#define RELEASE "
+ AC_SUBST(VERSION)
+ AC_SUBST(RELEASE)
+
+-AC_CONFIG_FILES([config.make Makefile])
++AC_CONFIG_FILES([config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h
++ sysdeps/generic/ldconfig.h])
+ AC_CONFIG_COMMANDS([default],[[
+ case $CONFIG_FILES in *config.make*)
+ echo "$config_vars" >> config.make;;
+Index: glibc-2.20/resolv/netdb.h.in
+===================================================================
+--- /dev/null
++++ glibc-2.20/resolv/netdb.h.in
+@@ -0,0 +1,715 @@
++ /* Copyright (C) 1996-2014 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++/* All data returned by the network data base library are supplied in
++ host order and returned in network order (suitable for use in
++ system calls). */
++
++#ifndef _NETDB_H
++#define _NETDB_H 1
++
++#include <features.h>
++
++#include <netinet/in.h>
++#include <stdint.h>
++#ifdef __USE_MISC
++/* This is necessary to make this include file properly replace the
++ Sun version. */
++# include <rpc/netdb.h>
++#endif
++
++#ifdef __USE_GNU
++# define __need_sigevent_t
++# include <bits/siginfo.h>
++# define __need_timespec
++# include <time.h>
++#endif
++
++#include <bits/netdb.h>
++
++/* Absolute file name for network data base files. */
++#define _PATH_HEQUIV "@libc_cv_sysconfdir@/hosts.equiv"
++#define _PATH_HOSTS "@libc_cv_sysconfdir@/hosts"
++#define _PATH_NETWORKS "@libc_cv_sysconfdir@/networks"
++#define _PATH_NSSWITCH_CONF "@libc_cv_sysconfdir@/nsswitch.conf"
++#define _PATH_PROTOCOLS "@libc_cv_sysconfdir@/protocols"
++#define _PATH_SERVICES "@libc_cv_sysconfdir@/services"
++
++
++__BEGIN_DECLS
++
++#if defined __USE_MISC || !defined __USE_XOPEN2K8
++/* Error status for non-reentrant lookup functions.
++ We use a macro to access always the thread-specific `h_errno' variable. */
++# define h_errno (*__h_errno_location ())
++
++/* Function to get address of global `h_errno' variable. */
++extern int *__h_errno_location (void) __THROW __attribute__ ((__const__));
++
++
++/* Possible values left in `h_errno'. */
++# define HOST_NOT_FOUND 1 /* Authoritative Answer Host not found. */
++# define TRY_AGAIN 2 /* Non-Authoritative Host not found,
++ or SERVERFAIL. */
++# define NO_RECOVERY 3 /* Non recoverable errors, FORMERR, REFUSED,
++ NOTIMP. */
++# define NO_DATA 4 /* Valid name, no data record of requested
++ type. */
++#endif
++#ifdef __USE_MISC
++# define NETDB_INTERNAL -1 /* See errno. */
++# define NETDB_SUCCESS 0 /* No problem. */
++# define NO_ADDRESS NO_DATA /* No address, look for MX record. */
++#endif
++
++#if defined __USE_XOPEN2K || defined __USE_XOPEN_EXTENDED
++/* Highest reserved Internet port number. */
++# define IPPORT_RESERVED 1024
++#endif
++
++#ifdef __USE_GNU
++/* Scope delimiter for getaddrinfo(), getnameinfo(). */
++# define SCOPE_DELIMITER '%'
++#endif
++
++#ifdef __USE_MISC
++/* Print error indicated by `h_errno' variable on standard error. STR
++ if non-null is printed before the error string. */
++extern void herror (const char *__str) __THROW;
++
++/* Return string associated with error ERR_NUM. */
++extern const char *hstrerror (int __err_num) __THROW;
++#endif
++
++
++/* Description of data base entry for a single host. */
++struct hostent
++{
++ char *h_name; /* Official name of host. */
++ char **h_aliases; /* Alias list. */
++ int h_addrtype; /* Host address type. */
++ int h_length; /* Length of address. */
++ char **h_addr_list; /* List of addresses from name server. */
++#ifdef __USE_MISC
++# define h_addr h_addr_list[0] /* Address, for backward compatibility.*/
++#endif
++};
++
++/* Open host data base files and mark them as staying open even after
++ a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void sethostent (int __stay_open);
++
++/* Close host data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endhostent (void);
++
++/* Get next entry from host data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct hostent *gethostent (void);
++
++/* Return entry from host data base which address match ADDR with
++ length LEN and type TYPE.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct hostent *gethostbyaddr (const void *__addr, __socklen_t __len,
++ int __type);
++
++/* Return entry from host data base for host with NAME.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct hostent *gethostbyname (const char *__name);
++
++#ifdef __USE_MISC
++/* Return entry from host data base for host with NAME. AF must be
++ set to the address type which is `AF_INET' for IPv4 or `AF_INET6'
++ for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern struct hostent *gethostbyname2 (const char *__name, int __af);
++
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF. The last
++ argument is a pointer to a variable which gets the value which
++ would be stored in the global variable `herrno' by the
++ non-reentrant functions.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int gethostent_r (struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int gethostbyaddr_r (const void *__restrict __addr, __socklen_t __len,
++ int __type,
++ struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int gethostbyname_r (const char *__restrict __name,
++ struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int gethostbyname2_r (const char *__restrict __name, int __af,
++ struct hostent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct hostent **__restrict __result,
++ int *__restrict __h_errnop);
++#endif /* misc */
++
++
++/* Open network data base files and mark them as staying open even
++ after a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void setnetent (int __stay_open);
++
++/* Close network data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endnetent (void);
++
++/* Get next entry from network data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct netent *getnetent (void);
++
++/* Return entry from network data base which address match NET and
++ type TYPE.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct netent *getnetbyaddr (uint32_t __net, int __type);
++
++/* Return entry from network data base for network with NAME.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct netent *getnetbyname (const char *__name);
++
++#ifdef __USE_MISC
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF. The last
++ argument is a pointer to a variable which gets the value which
++ would be stored in the global variable `herrno' by the
++ non-reentrant functions.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int getnetent_r (struct netent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct netent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int getnetbyaddr_r (uint32_t __net, int __type,
++ struct netent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct netent **__restrict __result,
++ int *__restrict __h_errnop);
++
++extern int getnetbyname_r (const char *__restrict __name,
++ struct netent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct netent **__restrict __result,
++ int *__restrict __h_errnop);
++#endif /* misc */
++
++
++/* Description of data base entry for a single service. */
++struct servent
++{
++ char *s_name; /* Official service name. */
++ char **s_aliases; /* Alias list. */
++ int s_port; /* Port number. */
++ char *s_proto; /* Protocol to use. */
++};
++
++/* Open service data base files and mark them as staying open even
++ after a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void setservent (int __stay_open);
++
++/* Close service data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endservent (void);
++
++/* Get next entry from service data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct servent *getservent (void);
++
++/* Return entry from network data base for network with NAME and
++ protocol PROTO.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct servent *getservbyname (const char *__name, const char *__proto);
++
++/* Return entry from service data base which matches port PORT and
++ protocol PROTO.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct servent *getservbyport (int __port, const char *__proto);
++
++
++#ifdef __USE_MISC
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int getservent_r (struct servent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct servent **__restrict __result);
++
++extern int getservbyname_r (const char *__restrict __name,
++ const char *__restrict __proto,
++ struct servent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct servent **__restrict __result);
++
++extern int getservbyport_r (int __port, const char *__restrict __proto,
++ struct servent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct servent **__restrict __result);
++#endif /* misc */
++
++
++/* Description of data base entry for a single service. */
++struct protoent
++{
++ char *p_name; /* Official protocol name. */
++ char **p_aliases; /* Alias list. */
++ int p_proto; /* Protocol number. */
++};
++
++/* Open protocol data base files and mark them as staying open even
++ after a later search if STAY_OPEN is non-zero.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void setprotoent (int __stay_open);
++
++/* Close protocol data base files and clear `stay open' flag.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern void endprotoent (void);
++
++/* Get next entry from protocol data base file. Open data base if
++ necessary.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct protoent *getprotoent (void);
++
++/* Return entry from protocol data base for network with NAME.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct protoent *getprotobyname (const char *__name);
++
++/* Return entry from protocol data base which number is PROTO.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern struct protoent *getprotobynumber (int __proto);
++
++
++#ifdef __USE_MISC
++/* Reentrant versions of the functions above. The additional
++ arguments specify a buffer of BUFLEN starting at BUF.
++
++ These functions are not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation they are cancellation points and
++ therefore not marked with __THROW. */
++extern int getprotoent_r (struct protoent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct protoent **__restrict __result);
++
++extern int getprotobyname_r (const char *__restrict __name,
++ struct protoent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct protoent **__restrict __result);
++
++extern int getprotobynumber_r (int __proto,
++ struct protoent *__restrict __result_buf,
++ char *__restrict __buf, size_t __buflen,
++ struct protoent **__restrict __result);
++
++
++/* Establish network group NETGROUP for enumeration.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int setnetgrent (const char *__netgroup);
++
++/* Free all space allocated by previous `setnetgrent' call.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern void endnetgrent (void);
++
++/* Get next member of netgroup established by last `setnetgrent' call
++ and return pointers to elements in HOSTP, USERP, and DOMAINP.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int getnetgrent (char **__restrict __hostp,
++ char **__restrict __userp,
++ char **__restrict __domainp);
++
++
++/* Test whether NETGROUP contains the triple (HOST,USER,DOMAIN).
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int innetgr (const char *__netgroup, const char *__host,
++ const char *__user, const char *__domain);
++
++/* Reentrant version of `getnetgrent' where result is placed in BUFFER.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int getnetgrent_r (char **__restrict __hostp,
++ char **__restrict __userp,
++ char **__restrict __domainp,
++ char *__restrict __buffer, size_t __buflen);
++#endif /* misc */
++
++
++#ifdef __USE_MISC
++/* Call `rshd' at port RPORT on remote machine *AHOST to execute CMD.
++ The local user is LOCUSER, on the remote machine the command is
++ executed as REMUSER. In *FD2P the descriptor to the socket for the
++ connection is returned. The caller must have the right to use a
++ reserved port. When the function returns *AHOST contains the
++ official host name.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rcmd (char **__restrict __ahost, unsigned short int __rport,
++ const char *__restrict __locuser,
++ const char *__restrict __remuser,
++ const char *__restrict __cmd, int *__restrict __fd2p);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rcmd_af (char **__restrict __ahost, unsigned short int __rport,
++ const char *__restrict __locuser,
++ const char *__restrict __remuser,
++ const char *__restrict __cmd, int *__restrict __fd2p,
++ sa_family_t __af);
++
++/* Call `rexecd' at port RPORT on remote machine *AHOST to execute
++ CMD. The process runs at the remote machine using the ID of user
++ NAME whose cleartext password is PASSWD. In *FD2P the descriptor
++ to the socket for the connection is returned. When the function
++ returns *AHOST contains the official host name.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rexec (char **__restrict __ahost, int __rport,
++ const char *__restrict __name,
++ const char *__restrict __pass,
++ const char *__restrict __cmd, int *__restrict __fd2p);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rexec_af (char **__restrict __ahost, int __rport,
++ const char *__restrict __name,
++ const char *__restrict __pass,
++ const char *__restrict __cmd, int *__restrict __fd2p,
++ sa_family_t __af);
++
++/* Check whether user REMUSER on system RHOST is allowed to login as LOCUSER.
++ If SUSER is not zero the user tries to become superuser. Return 0 if
++ it is possible.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int ruserok (const char *__rhost, int __suser,
++ const char *__remuser, const char *__locuser);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int ruserok_af (const char *__rhost, int __suser,
++ const char *__remuser, const char *__locuser,
++ sa_family_t __af);
++
++/* Check whether user REMUSER on system indicated by IPv4 address
++ RADDR is allowed to login as LOCUSER. Non-IPv4 (e.g., IPv6) are
++ not supported. If SUSER is not zero the user tries to become
++ superuser. Return 0 if it is possible.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int iruserok (uint32_t __raddr, int __suser,
++ const char *__remuser, const char *__locuser);
++
++/* This is the equivalent function where the pfamiliy if the address
++ pointed to by RADDR is determined by the value of AF. It therefore
++ can be used for IPv6
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int iruserok_af (const void *__raddr, int __suser,
++ const char *__remuser, const char *__locuser,
++ sa_family_t __af);
++
++/* Try to allocate reserved port, returning a descriptor for a socket opened
++ at this port or -1 if unsuccessful. The search for an available port
++ will start at ALPORT and continues with lower numbers.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rresvport (int *__alport);
++
++/* This is the equivalent function where the protocol can be selected
++ and which therefore can be used for IPv6.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int rresvport_af (int *__alport, sa_family_t __af);
++#endif
++
++
++/* Extension from POSIX.1g. */
++#ifdef __USE_POSIX
++/* Structure to contain information about address of a service provider. */
++struct addrinfo
++{
++ int ai_flags; /* Input flags. */
++ int ai_family; /* Protocol family for socket. */
++ int ai_socktype; /* Socket type. */
++ int ai_protocol; /* Protocol for socket. */
++ socklen_t ai_addrlen; /* Length of socket address. */
++ struct sockaddr *ai_addr; /* Socket address for socket. */
++ char *ai_canonname; /* Canonical name for service location. */
++ struct addrinfo *ai_next; /* Pointer to next in list. */
++};
++
++# ifdef __USE_GNU
++/* Structure used as control block for asynchronous lookup. */
++struct gaicb
++{
++ const char *ar_name; /* Name to look up. */
++ const char *ar_service; /* Service name. */
++ const struct addrinfo *ar_request; /* Additional request specification. */
++ struct addrinfo *ar_result; /* Pointer to result. */
++ /* The following are internal elements. */
++ int __return;
++ int __glibc_reserved[5];
++};
++
++/* Lookup mode. */
++# define GAI_WAIT 0
++# define GAI_NOWAIT 1
++# endif
++
++/* Possible values for `ai_flags' field in `addrinfo' structure. */
++# define AI_PASSIVE 0x0001 /* Socket address is intended for `bind'. */
++# define AI_CANONNAME 0x0002 /* Request for canonical name. */
++# define AI_NUMERICHOST 0x0004 /* Don't use name resolution. */
++# define AI_V4MAPPED 0x0008 /* IPv4 mapped addresses are acceptable. */
++# define AI_ALL 0x0010 /* Return IPv4 mapped and IPv6 addresses. */
++# define AI_ADDRCONFIG 0x0020 /* Use configuration of this host to choose
++ returned address type.. */
++# ifdef __USE_GNU
++# define AI_IDN 0x0040 /* IDN encode input (assuming it is encoded
++ in the current locale's character set)
++ before looking it up. */
++# define AI_CANONIDN 0x0080 /* Translate canonical name from IDN format. */
++# define AI_IDN_ALLOW_UNASSIGNED 0x0100 /* Don't reject unassigned Unicode
++ code points. */
++# define AI_IDN_USE_STD3_ASCII_RULES 0x0200 /* Validate strings according to
++ STD3 rules. */
++# endif
++# define AI_NUMERICSERV 0x0400 /* Don't use name resolution. */
++
++/* Error values for `getaddrinfo' function. */
++# define EAI_BADFLAGS -1 /* Invalid value for `ai_flags' field. */
++# define EAI_NONAME -2 /* NAME or SERVICE is unknown. */
++# define EAI_AGAIN -3 /* Temporary failure in name resolution. */
++# define EAI_FAIL -4 /* Non-recoverable failure in name res. */
++# define EAI_FAMILY -6 /* `ai_family' not supported. */
++# define EAI_SOCKTYPE -7 /* `ai_socktype' not supported. */
++# define EAI_SERVICE -8 /* SERVICE not supported for `ai_socktype'. */
++# define EAI_MEMORY -10 /* Memory allocation failure. */
++# define EAI_SYSTEM -11 /* System error returned in `errno'. */
++# define EAI_OVERFLOW -12 /* Argument buffer overflow. */
++# ifdef __USE_GNU
++# define EAI_NODATA -5 /* No address associated with NAME. */
++# define EAI_ADDRFAMILY -9 /* Address family for NAME not supported. */
++# define EAI_INPROGRESS -100 /* Processing request in progress. */
++# define EAI_CANCELED -101 /* Request canceled. */
++# define EAI_NOTCANCELED -102 /* Request not canceled. */
++# define EAI_ALLDONE -103 /* All requests done. */
++# define EAI_INTR -104 /* Interrupted by a signal. */
++# define EAI_IDN_ENCODE -105 /* IDN encoding failed. */
++# endif
++
++# ifdef __USE_MISC
++# define NI_MAXHOST 1025
++# define NI_MAXSERV 32
++# endif
++
++# define NI_NUMERICHOST 1 /* Don't try to look up hostname. */
++# define NI_NUMERICSERV 2 /* Don't convert port number to name. */
++# define NI_NOFQDN 4 /* Only return nodename portion. */
++# define NI_NAMEREQD 8 /* Don't return numeric addresses. */
++# define NI_DGRAM 16 /* Look up UDP service rather than TCP. */
++# ifdef __USE_GNU
++# define NI_IDN 32 /* Convert name from IDN format. */
++# define NI_IDN_ALLOW_UNASSIGNED 64 /* Don't reject unassigned Unicode
++ code points. */
++# define NI_IDN_USE_STD3_ASCII_RULES 128 /* Validate strings according to
++ STD3 rules. */
++# endif
++
++/* Translate name of a service location and/or a service name to set of
++ socket addresses.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern int getaddrinfo (const char *__restrict __name,
++ const char *__restrict __service,
++ const struct addrinfo *__restrict __req,
++ struct addrinfo **__restrict __pai);
++
++/* Free `addrinfo' structure AI including associated storage. */
++extern void freeaddrinfo (struct addrinfo *__ai) __THROW;
++
++/* Convert error return from getaddrinfo() to a string. */
++extern const char *gai_strerror (int __ecode) __THROW;
++
++/* Translate a socket address to a location and service name.
++
++ This function is a possible cancellation point and therefore not
++ marked with __THROW. */
++extern int getnameinfo (const struct sockaddr *__restrict __sa,
++ socklen_t __salen, char *__restrict __host,
++ socklen_t __hostlen, char *__restrict __serv,
++ socklen_t __servlen, int __flags);
++#endif /* POSIX */
++
++#ifdef __USE_GNU
++/* Enqueue ENT requests from the LIST. If MODE is GAI_WAIT wait until all
++ requests are handled. If WAIT is GAI_NOWAIT return immediately after
++ queueing the requests and signal completion according to SIG.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int getaddrinfo_a (int __mode, struct gaicb *__list[__restrict_arr],
++ int __ent, struct sigevent *__restrict __sig);
++
++/* Suspend execution of the thread until at least one of the ENT requests
++ in LIST is handled. If TIMEOUT is not a null pointer it specifies the
++ longest time the function keeps waiting before returning with an error.
++
++ This function is not part of POSIX and therefore no official
++ cancellation point. But due to similarity with an POSIX interface
++ or due to the implementation it is a cancellation point and
++ therefore not marked with __THROW. */
++extern int gai_suspend (const struct gaicb *const __list[], int __ent,
++ const struct timespec *__timeout);
++
++/* Get the error status of the request REQ. */
++extern int gai_error (struct gaicb *__req) __THROW;
++
++/* Cancel the requests associated with GAICBP. */
++extern int gai_cancel (struct gaicb *__gaicbp) __THROW;
++#endif /* GNU */
++
++__END_DECLS
++
++#endif /* netdb.h */
+Index: glibc-2.20/resolv/resolv.h.in
+===================================================================
+--- /dev/null
++++ glibc-2.20/resolv/resolv.h.in
+@@ -0,0 +1,389 @@
++/*
++ * Copyright (c) 1983, 1987, 1989
++ * The Regents of the University of California. All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ * notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ * notice, this list of conditions and the following disclaimer in the
++ * documentation and/or other materials provided with the distribution.
++ * 4. Neither the name of the University nor the names of its contributors
++ * may be used to endorse or promote products derived from this software
++ * without specific prior written permission.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ */
++
++/*
++ * Portions Copyright (c) 1996-1999 by Internet Software Consortium.
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
++ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
++ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
++ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
++ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
++ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
++ * SOFTWARE.
++ */
++
++/*
++ * @(#)resolv.h 8.1 (Berkeley) 6/2/93
++ * $BINDId: resolv.h,v 8.31 2000/03/30 20:16:50 vixie Exp $
++ */
++
++#ifndef _RESOLV_H_
++
++/* These headers are needed for types used in the `struct res_state'
++ declaration. */
++#include <sys/types.h>
++#include <netinet/in.h>
++
++#ifndef __need_res_state
++# define _RESOLV_H_
++
++# include <sys/param.h>
++# include <sys/cdefs.h>
++# include <stdio.h>
++# include <arpa/nameser.h>
++#endif
++
++#ifndef __res_state_defined
++# define __res_state_defined
++
++typedef enum { res_goahead, res_nextns, res_modified, res_done, res_error }
++ res_sendhookact;
++
++typedef res_sendhookact (*res_send_qhook) (struct sockaddr_in * const *__ns,
++ const u_char **__query,
++ int *__querylen,
++ u_char *__ans,
++ int __anssiz,
++ int *__resplen);
++
++typedef res_sendhookact (*res_send_rhook) (const struct sockaddr_in *__ns,
++ const u_char *__query,
++ int __querylen,
++ u_char *__ans,
++ int __anssiz,
++ int *__resplen);
++
++/*
++ * Global defines and variables for resolver stub.
++ */
++# define MAXNS 3 /* max # name servers we'll track */
++# define MAXDFLSRCH 3 /* # default domain levels to try */
++# define MAXDNSRCH 6 /* max # domains in search path */
++# define LOCALDOMAINPARTS 2 /* min levels in name that is "local" */
++
++# define RES_TIMEOUT 5 /* min. seconds between retries */
++# define MAXRESOLVSORT 10 /* number of net to sort on */
++# define RES_MAXNDOTS 15 /* should reflect bit field size */
++# define RES_MAXRETRANS 30 /* only for resolv.conf/RES_OPTIONS */
++# define RES_MAXRETRY 5 /* only for resolv.conf/RES_OPTIONS */
++# define RES_DFLRETRY 2 /* Default #/tries. */
++# define RES_MAXTIME 65535 /* Infinity, in milliseconds. */
++
++struct __res_state {
++ int retrans; /* retransmition time interval */
++ int retry; /* number of times to retransmit */
++ u_long options; /* option flags - see below. */
++ int nscount; /* number of name servers */
++ struct sockaddr_in
++ nsaddr_list[MAXNS]; /* address of name server */
++# define nsaddr nsaddr_list[0] /* for backward compatibility */
++ u_short id; /* current message id */
++ /* 2 byte hole here. */
++ char *dnsrch[MAXDNSRCH+1]; /* components of domain to search */
++ char defdname[256]; /* default domain (deprecated) */
++ u_long pfcode; /* RES_PRF_ flags - see below. */
++ unsigned ndots:4; /* threshold for initial abs. query */
++ unsigned nsort:4; /* number of elements in sort_list[] */
++ unsigned ipv6_unavail:1; /* connecting to IPv6 server failed */
++ unsigned unused:23;
++ struct {
++ struct in_addr addr;
++ u_int32_t mask;
++ } sort_list[MAXRESOLVSORT];
++ /* 4 byte hole here on 64-bit architectures. */
++ res_send_qhook qhook; /* query hook */
++ res_send_rhook rhook; /* response hook */
++ int res_h_errno; /* last one set for this context */
++ int _vcsock; /* PRIVATE: for res_send VC i/o */
++ u_int _flags; /* PRIVATE: see below */
++ /* 4 byte hole here on 64-bit architectures. */
++ union {
++ char pad[52]; /* On an i386 this means 512b total. */
++ struct {
++ u_int16_t nscount;
++ u_int16_t nsmap[MAXNS];
++ int nssocks[MAXNS];
++ u_int16_t nscount6;
++ u_int16_t nsinit;
++ struct sockaddr_in6 *nsaddrs[MAXNS];
++#ifdef _LIBC
++ unsigned long long int initstamp
++ __attribute__((packed));
++#else
++ unsigned int _initstamp[2];
++#endif
++ } _ext;
++ } _u;
++};
++
++typedef struct __res_state *res_state;
++# undef __need_res_state
++#endif
++
++#ifdef _RESOLV_H_
++/*
++ * Revision information. This is the release date in YYYYMMDD format.
++ * It can change every day so the right thing to do with it is use it
++ * in preprocessor commands such as "#if (__RES > 19931104)". Do not
++ * compare for equality; rather, use it to determine whether your resolver
++ * is new enough to contain a certain feature.
++ */
++
++#define __RES 19991006
++
++/*
++ * Resolver configuration file.
++ * Normally not present, but may contain the address of the
++ * inital name server(s) to query and the domain search list.
++ */
++
++#ifndef _PATH_RESCONF
++#define _PATH_RESCONF "@libc_cv_sysconfdir@/resolv.conf"
++#endif
++
++struct res_sym {
++ int number; /* Identifying number, like T_MX */
++ char * name; /* Its symbolic name, like "MX" */
++ char * humanname; /* Its fun name, like "mail exchanger" */
++};
++
++/*
++ * Resolver flags (used to be discrete per-module statics ints).
++ */
++#define RES_F_VC 0x00000001 /* socket is TCP */
++#define RES_F_CONN 0x00000002 /* socket is connected */
++#define RES_F_EDNS0ERR 0x00000004 /* EDNS0 caused errors */
++
++/* res_findzonecut() options */
++#define RES_EXHAUSTIVE 0x00000001 /* always do all queries */
++
++/*
++ * Resolver options (keep these in synch with res_debug.c, please)
++ */
++#define RES_INIT 0x00000001 /* address initialized */
++#define RES_DEBUG 0x00000002 /* print debug messages */
++#define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/
++#define RES_USEVC 0x00000008 /* use virtual circuit */
++#define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */
++#define RES_IGNTC 0x00000020 /* ignore trucation errors */
++#define RES_RECURSE 0x00000040 /* recursion desired */
++#define RES_DEFNAMES 0x00000080 /* use default domain name */
++#define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */
++#define RES_DNSRCH 0x00000200 /* search up local domain tree */
++#define RES_INSECURE1 0x00000400 /* type 1 security disabled */
++#define RES_INSECURE2 0x00000800 /* type 2 security disabled */
++#define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
++#define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
++#define RES_ROTATE 0x00004000 /* rotate ns list after each query */
++#define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity (!IMPL) */
++#define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */
++#define RES_BLAST 0x00020000 /* blast all recursive servers */
++#define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte
++ strings */
++#define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6
++ reverse lookup */
++#define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */
++#define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */
++#define RES_SNGLKUPREOP 0x00400000 /* -"-, but open new socket for each
++ request */
++#define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */
++#define RES_NOTLDQUERY 0x01000000 /* Do not look up unqualified name
++ as a TLD. */
++
++#define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)
++
++/*
++ * Resolver "pfcode" values. Used by dig.
++ */
++#define RES_PRF_STATS 0x00000001
++#define RES_PRF_UPDATE 0x00000002
++#define RES_PRF_CLASS 0x00000004
++#define RES_PRF_CMD 0x00000008
++#define RES_PRF_QUES 0x00000010
++#define RES_PRF_ANS 0x00000020
++#define RES_PRF_AUTH 0x00000040
++#define RES_PRF_ADD 0x00000080
++#define RES_PRF_HEAD1 0x00000100
++#define RES_PRF_HEAD2 0x00000200
++#define RES_PRF_TTLID 0x00000400
++#define RES_PRF_HEADX 0x00000800
++#define RES_PRF_QUERY 0x00001000
++#define RES_PRF_REPLY 0x00002000
++#define RES_PRF_INIT 0x00004000
++/* 0x00008000 */
++
++/* Things involving an internal (static) resolver context. */
++__BEGIN_DECLS
++extern struct __res_state *__res_state(void) __attribute__ ((__const__));
++__END_DECLS
++#define _res (*__res_state())
++
++#ifndef __BIND_NOSTATIC
++#define fp_nquery __fp_nquery
++#define fp_query __fp_query
++#define hostalias __hostalias
++#define p_query __p_query
++#define res_close __res_close
++#define res_init __res_init
++#define res_isourserver __res_isourserver
++#define res_mkquery __res_mkquery
++#define res_query __res_query
++#define res_querydomain __res_querydomain
++#define res_search __res_search
++#define res_send __res_send
++
++__BEGIN_DECLS
++void fp_nquery (const u_char *, int, FILE *) __THROW;
++void fp_query (const u_char *, FILE *) __THROW;
++const char * hostalias (const char *) __THROW;
++void p_query (const u_char *) __THROW;
++void res_close (void) __THROW;
++int res_init (void) __THROW;
++int res_isourserver (const struct sockaddr_in *) __THROW;
++int res_mkquery (int, const char *, int, int, const u_char *,
++ int, const u_char *, u_char *, int) __THROW;
++int res_query (const char *, int, int, u_char *, int) __THROW;
++int res_querydomain (const char *, const char *, int, int,
++ u_char *, int) __THROW;
++int res_search (const char *, int, int, u_char *, int) __THROW;
++int res_send (const u_char *, int, u_char *, int) __THROW;
++__END_DECLS
++#endif
++
++#define b64_ntop __b64_ntop
++#define b64_pton __b64_pton
++#define dn_comp __dn_comp
++#define dn_count_labels __dn_count_labels
++#define dn_expand __dn_expand
++#define dn_skipname __dn_skipname
++#define fp_resstat __fp_resstat
++#define loc_aton __loc_aton
++#define loc_ntoa __loc_ntoa
++#define p_cdname __p_cdname
++#define p_cdnname __p_cdnname
++#define p_class __p_class
++#define p_fqname __p_fqname
++#define p_fqnname __p_fqnname
++#define p_option __p_option
++#define p_secstodate __p_secstodate
++#define p_section __p_section
++#define p_time __p_time
++#define p_type __p_type
++#define p_rcode __p_rcode
++#define putlong __putlong
++#define putshort __putshort
++#define res_dnok __res_dnok
++#define res_hnok __res_hnok
++#define res_hostalias __res_hostalias
++#define res_mailok __res_mailok
++#define res_nameinquery __res_nameinquery
++#define res_nclose __res_nclose
++#define res_ninit __res_ninit
++#define res_nmkquery __res_nmkquery
++#define res_npquery __res_npquery
++#define res_nquery __res_nquery
++#define res_nquerydomain __res_nquerydomain
++#define res_nsearch __res_nsearch
++#define res_nsend __res_nsend
++#define res_nisourserver __res_nisourserver
++#define res_ownok __res_ownok
++#define res_queriesmatch __res_queriesmatch
++#define res_randomid __res_randomid
++#define sym_ntop __sym_ntop
++#define sym_ntos __sym_ntos
++#define sym_ston __sym_ston
++__BEGIN_DECLS
++int res_hnok (const char *) __THROW;
++int res_ownok (const char *) __THROW;
++int res_mailok (const char *) __THROW;
++int res_dnok (const char *) __THROW;
++int sym_ston (const struct res_sym *, const char *, int *) __THROW;
++const char * sym_ntos (const struct res_sym *, int, int *) __THROW;
++const char * sym_ntop (const struct res_sym *, int, int *) __THROW;
++int b64_ntop (u_char const *, size_t, char *, size_t) __THROW;
++int b64_pton (char const *, u_char *, size_t) __THROW;
++int loc_aton (const char *__ascii, u_char *__binary) __THROW;
++const char * loc_ntoa (const u_char *__binary, char *__ascii) __THROW;
++int dn_skipname (const u_char *, const u_char *) __THROW;
++void putlong (u_int32_t, u_char *) __THROW;
++void putshort (u_int16_t, u_char *) __THROW;
++const char * p_class (int) __THROW;
++const char * p_time (u_int32_t) __THROW;
++const char * p_type (int) __THROW;
++const char * p_rcode (int) __THROW;
++const u_char * p_cdnname (const u_char *, const u_char *, int, FILE *)
++ __THROW;
++const u_char * p_cdname (const u_char *, const u_char *, FILE *) __THROW;
++const u_char * p_fqnname (const u_char *__cp, const u_char *__msg,
++ int, char *, int) __THROW;
++const u_char * p_fqname (const u_char *, const u_char *, FILE *) __THROW;
++const char * p_option (u_long __option) __THROW;
++char * p_secstodate (u_long) __THROW;
++int dn_count_labels (const char *) __THROW;
++int dn_comp (const char *, u_char *, int, u_char **, u_char **)
++ __THROW;
++int dn_expand (const u_char *, const u_char *, const u_char *,
++ char *, int) __THROW;
++u_int res_randomid (void) __THROW;
++int res_nameinquery (const char *, int, int,
++ const u_char *, const u_char *) __THROW;
++int res_queriesmatch (const u_char *, const u_char *,
++ const u_char *, const u_char *) __THROW;
++const char * p_section (int __section, int __opcode) __THROW;
++/* Things involving a resolver context. */
++int res_ninit (res_state) __THROW;
++int res_nisourserver (const res_state,
++ const struct sockaddr_in *) __THROW;
++void fp_resstat (const res_state, FILE *) __THROW;
++void res_npquery (const res_state, const u_char *, int, FILE *)
++ __THROW;
++const char * res_hostalias (const res_state, const char *, char *, size_t)
++ __THROW;
++int res_nquery (res_state, const char *, int, int, u_char *, int)
++ __THROW;
++int res_nsearch (res_state, const char *, int, int, u_char *, int)
++ __THROW;
++int res_nquerydomain (res_state, const char *, const char *, int,
++ int, u_char *, int) __THROW;
++int res_nmkquery (res_state, int, const char *, int, int,
++ const u_char *, int, const u_char *, u_char *,
++ int) __THROW;
++int res_nsend (res_state, const u_char *, int, u_char *, int)
++ __THROW;
++void res_nclose (res_state) __THROW;
++__END_DECLS
++#endif
++
++#endif /* !_RESOLV_H_ */
+Index: glibc-2.20/configure
+===================================================================
+--- glibc-2.20.orig/configure
++++ glibc-2.20/configure
+@@ -7177,7 +7177,7 @@ RELEASE=`sed -n -e 's/^#define RELEASE "
+
+
+
+-ac_config_files="$ac_config_files config.make Makefile"
++ac_config_files="$ac_config_files config.make Makefile nss/db-Makefile resolv/netdb.h resolv/resolv.h sysdeps/generic/ldconfig.h"
+
+ ac_config_commands="$ac_config_commands default"
+
+@@ -7897,6 +7897,10 @@ do
+ "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+ "config.make") CONFIG_FILES="$CONFIG_FILES config.make" ;;
+ "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
++ "nss/db-Makefile") CONFIG_FILES="$CONFIG_FILES nss/db-Makefile" ;;
++ "resolv/netdb.h") CONFIG_FILES="$CONFIG_FILES resolv/netdb.h" ;;
++ "resolv/resolv.h") CONFIG_FILES="$CONFIG_FILES resolv/resolv.h" ;;
++ "sysdeps/generic/ldconfig.h") CONFIG_FILES="$CONFIG_FILES sysdeps/generic/ldconfig.h" ;;
+ "default") CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;;
+
+ *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+Index: glibc-2.20/sysdeps/generic/ldconfig.h
+===================================================================
+--- glibc-2.20.orig/sysdeps/generic/ldconfig.h
++++ /dev/null
+@@ -1,94 +0,0 @@
+-/* Copyright (C) 1999-2014 Free Software Foundation, Inc.
+- This file is part of the GNU C Library.
+- Contributed by Andreas Jaeger <aj@suse.de>, 1999.
+-
+- The GNU C Library is free software; you can redistribute it and/or
+- modify it under the terms of the GNU Lesser General Public
+- License as published by the Free Software Foundation; either
+- version 2.1 of the License, or (at your option) any later version.
+-
+- The GNU C Library is distributed in the hope that it will be useful,
+- but WITHOUT ANY WARRANTY; without even the implied warranty of
+- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+- Lesser General Public License for more details.
+-
+- You should have received a copy of the GNU Lesser General Public
+- License along with the GNU C Library; if not, see
+- <http://www.gnu.org/licenses/>. */
+-
+-#ifndef _LDCONFIG_H
+-#define _LDCONFIG_H
+-
+-#include <stdint.h>
+-
+-#define FLAG_ANY -1
+-#define FLAG_TYPE_MASK 0x00ff
+-#define FLAG_LIBC4 0x0000
+-#define FLAG_ELF 0x0001
+-#define FLAG_ELF_LIBC5 0x0002
+-#define FLAG_ELF_LIBC6 0x0003
+-#define FLAG_REQUIRED_MASK 0xff00
+-#define FLAG_SPARC_LIB64 0x0100
+-#define FLAG_IA64_LIB64 0x0200
+-#define FLAG_X8664_LIB64 0x0300
+-#define FLAG_S390_LIB64 0x0400
+-#define FLAG_POWERPC_LIB64 0x0500
+-#define FLAG_MIPS64_LIBN32 0x0600
+-#define FLAG_MIPS64_LIBN64 0x0700
+-#define FLAG_X8664_LIBX32 0x0800
+-#define FLAG_ARM_LIBHF 0x0900
+-#define FLAG_AARCH64_LIB64 0x0a00
+-#define FLAG_ARM_LIBSF 0x0b00
+-#define FLAG_MIPS_LIB32_NAN2008 0x0c00
+-#define FLAG_MIPS64_LIBN32_NAN2008 0x0d00
+-#define FLAG_MIPS64_LIBN64_NAN2008 0x0e00
+-
+-/* Name of auxiliary cache. */
+-#define _PATH_LDCONFIG_AUX_CACHE "/var/cache/ldconfig/aux-cache"
+-
+-/* Declared in cache.c. */
+-extern void print_cache (const char *cache_name);
+-
+-extern void init_cache (void);
+-
+-extern void save_cache (const char *cache_name);
+-
+-extern void add_to_cache (const char *path, const char *lib, int flags,
+- unsigned int osversion, uint64_t hwcap);
+-
+-extern void init_aux_cache (void);
+-
+-extern void load_aux_cache (const char *aux_cache_name);
+-
+-extern int search_aux_cache (struct stat64 *stat_buf, int *flags,
+- unsigned int *osversion, char **soname);
+-
+-extern void add_to_aux_cache (struct stat64 *stat_buf, int flags,
+- unsigned int osversion, const char *soname);
+-
+-extern void save_aux_cache (const char *aux_cache_name);
+-
+-/* Declared in readlib.c. */
+-extern int process_file (const char *real_file_name, const char *file_name,
+- const char *lib, int *flag, unsigned int *osversion,
+- char **soname, int is_link, struct stat64 *stat_buf);
+-
+-extern char *implicit_soname (const char *lib, int flag);
+-
+-/* Declared in readelflib.c. */
+-extern int process_elf_file (const char *file_name, const char *lib, int *flag,
+- unsigned int *osversion, char **soname,
+- void *file_contents, size_t file_length);
+-
+-/* Declared in chroot_canon.c. */
+-extern char *chroot_canon (const char *chroot, const char *name);
+-
+-/* Declared in ldconfig.c. */
+-extern int opt_verbose;
+-
+-extern int opt_format;
+-
+-/* Prototypes for a few program-wide used functions. */
+-#include <programs/xmalloc.h>
+-
+-#endif /* ! _LDCONFIG_H */
+Index: glibc-2.20/sysdeps/generic/ldconfig.h.in
+===================================================================
+--- /dev/null
++++ glibc-2.20/sysdeps/generic/ldconfig.h.in
+@@ -0,0 +1,94 @@
++/* Copyright (C) 1999-2014 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++ Contributed by Andreas Jaeger <aj@suse.de>, 1999.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#ifndef _LDCONFIG_H
++#define _LDCONFIG_H
++
++#include <stdint.h>
++
++#define FLAG_ANY -1
++#define FLAG_TYPE_MASK 0x00ff
++#define FLAG_LIBC4 0x0000
++#define FLAG_ELF 0x0001
++#define FLAG_ELF_LIBC5 0x0002
++#define FLAG_ELF_LIBC6 0x0003
++#define FLAG_REQUIRED_MASK 0xff00
++#define FLAG_SPARC_LIB64 0x0100
++#define FLAG_IA64_LIB64 0x0200
++#define FLAG_X8664_LIB64 0x0300
++#define FLAG_S390_LIB64 0x0400
++#define FLAG_POWERPC_LIB64 0x0500
++#define FLAG_MIPS64_LIBN32 0x0600
++#define FLAG_MIPS64_LIBN64 0x0700
++#define FLAG_X8664_LIBX32 0x0800
++#define FLAG_ARM_LIBHF 0x0900
++#define FLAG_AARCH64_LIB64 0x0a00
++#define FLAG_ARM_LIBSF 0x0b00
++#define FLAG_MIPS_LIB32_NAN2008 0x0c00
++#define FLAG_MIPS64_LIBN32_NAN2008 0x0d00
++#define FLAG_MIPS64_LIBN64_NAN2008 0x0e00
++
++/* Name of auxiliary cache. */
++#define _PATH_LDCONFIG_AUX_CACHE "@libc_cv_localstatedir@/cache/ldconfig/aux-cache"
++
++/* Declared in cache.c. */
++extern void print_cache (const char *cache_name);
++
++extern void init_cache (void);
++
++extern void save_cache (const char *cache_name);
++
++extern void add_to_cache (const char *path, const char *lib, int flags,
++ unsigned int osversion, uint64_t hwcap);
++
++extern void init_aux_cache (void);
++
++extern void load_aux_cache (const char *aux_cache_name);
++
++extern int search_aux_cache (struct stat64 *stat_buf, int *flags,
++ unsigned int *osversion, char **soname);
++
++extern void add_to_aux_cache (struct stat64 *stat_buf, int flags,
++ unsigned int osversion, const char *soname);
++
++extern void save_aux_cache (const char *aux_cache_name);
++
++/* Declared in readlib.c. */
++extern int process_file (const char *real_file_name, const char *file_name,
++ const char *lib, int *flag, unsigned int *osversion,
++ char **soname, int is_link, struct stat64 *stat_buf);
++
++extern char *implicit_soname (const char *lib, int flag);
++
++/* Declared in readelflib.c. */
++extern int process_elf_file (const char *file_name, const char *lib, int *flag,
++ unsigned int *osversion, char **soname,
++ void *file_contents, size_t file_length);
++
++/* Declared in chroot_canon.c. */
++extern char *chroot_canon (const char *chroot, const char *name);
++
++/* Declared in ldconfig.c. */
++extern int opt_verbose;
++
++extern int opt_format;
++
++/* Prototypes for a few program-wide used functions. */
++#include <programs/xmalloc.h>
++
++#endif /* ! _LDCONFIG_H */
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
new file mode 100644
index 0000000..a8ab9d8
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-chk_fail.c
@@ -0,0 +1,299 @@
+/* Copyright (C) 2004-2014 Free Software Foundation, Inc.
+ Copyright (C) 2006-2014 Gentoo Foundation Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+/* Hardened Gentoo SSP and FORTIFY handler
+
+ A failure handler that does not use functions from the rest of glibc;
+ it uses the INTERNAL_SYSCALL methods directly. This helps ensure no
+ possibility of recursion into the handler.
+
+ Direct all bug reports to http://bugs.gentoo.org/
+
+ People who have contributed significantly to the evolution of this file:
+ Ned Ludd - <solar[@]gentoo.org>
+ Alexander Gabert - <pappy[@]gentoo.org>
+ The PaX Team - <pageexec[@]freemail.hu>
+ Peter S. Mazinger - <ps.m[@]gmx.net>
+ Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ Robert Connolly - <robert[@]linuxfromscratch.org>
+ Cory Visi <cory[@]visi.name>
+ Mike Frysinger <vapier[@]gentoo.org>
+ Magnus Granberg <zorry[@]gentoo.org>
+ Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# define ENABLE_SSP_SMASH_DUMPS_CORE 1
+# if !defined _KERNEL_NSIG && !defined _NSIG
+# error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigaction && !defined __NR_rt_sigaction
+# error Cannot do syscall sigaction or rt_sigaction
+# endif
+/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+ * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+ * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+ * some reason.
+ */
+# ifdef _KERNEL_NSIG
+# define _SSP_NSIG _KERNEL_NSIG
+# else
+# define _SSP_NSIG _NSIG
+# endif
+#else
+# define _SSP_NSIG 0
+# define ENABLE_SSP_SMASH_DUMPS_CORE 0
+#endif
+
+/* Define DO_SIGACTION - default to newer rt signal interface but
+ * fallback to old as needed.
+ */
+#ifdef __NR_rt_sigaction
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
+#else
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
+#endif
+
+/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
+#if defined(__NR_socket) && defined(__NR_connect)
+# define USE_OLD_SOCKETCALL 0
+#else
+# define USE_OLD_SOCKETCALL 1
+#endif
+
+/* stub out the __NR_'s so we can let gcc optimize away dead code */
+#ifndef __NR_socketcall
+# define __NR_socketcall 0
+#endif
+#ifndef __NR_socket
+# define __NR_socket 0
+#endif
+#ifndef __NR_connect
+# define __NR_connect 0
+#endif
+#define DO_SOCKET(result, domain, type, protocol) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = domain; \
+ socketargs[1] = type; \
+ socketargs[2] = protocol; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
+ } while (0)
+#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = sockfd; \
+ socketargs[1] = (unsigned long int)serv_addr; \
+ socketargs[2] = addrlen; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
+ } while (0)
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[] = _PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static const char *__progname = "<ldso>";
+#else
+extern const char *__progname;
+#endif
+
+#ifdef GENTOO_SSP_HANDLER
+# define ERROR_MSG "stack smashing"
+#else
+# define ERROR_MSG "buffer overflow"
+#endif
+
+/* Common handler code, used by chk_fail
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+__attribute__ ((__noreturn__, __always_inline__))
+static inline void
+__hardened_gentoo_fail(void)
+{
+#define MESSAGE_BUFSIZ 512
+ static pid_t pid;
+ static int plen, i, hlen;
+ static char message[MESSAGE_BUFSIZ];
+ /* <11> is LOG_USER|LOG_ERR. A dummy date for loggers to skip over. */
+ static const char msg_header[] = "<11>" __DATE__ " " __TIME__ " glibc-gentoo-hardened-check: ";
+ static const char msg_ssd[] = "*** " ERROR_MSG " detected ***: ";
+ static const char msg_terminated[] = " terminated; ";
+ static const char msg_report[] = "report to " REPORT_BUGS_TO "\n";
+ static const char msg_unknown[] = "<unknown>";
+ static int log_socket, connect_result;
+ static struct sockaddr_un sock;
+ static unsigned long int socketargs[4];
+
+ /* Build socket address */
+ sock.sun_family = AF_UNIX;
+ i = 0;
+ while (path_log[i] != '\0' && i < sizeof(sock.sun_path) - 1) {
+ sock.sun_path[i] = path_log[i];
+ ++i;
+ }
+ sock.sun_path[i] = '\0';
+
+ /* Try SOCK_DGRAM connection to syslog */
+ connect_result = -1;
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ if (connect_result == -1) {
+ if (log_socket != -1)
+ INLINE_SYSCALL(close, 1, log_socket);
+ /* Try SOCK_STREAM connection to syslog */
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ }
+
+ /* Build message. Messages are generated both in the old style and new style,
+ * so that log watchers that are configured for the old-style message continue
+ * to work.
+ */
+#define strconcat(str) \
+ ({ \
+ i = 0; \
+ while ((str[i] != '\0') && ((i + plen) < (MESSAGE_BUFSIZ - 1))) { \
+ message[plen + i] = str[i]; \
+ ++i; \
+ } \
+ plen += i; \
+ })
+
+ /* Tersely log the failure */
+ plen = 0;
+ strconcat(msg_header);
+ hlen = plen;
+ strconcat(msg_ssd);
+ if (__progname != NULL)
+ strconcat(__progname);
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+ strconcat(msg_report);
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message + hlen, plen - hlen);
+ if (connect_result != -1) {
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+ INLINE_SYSCALL(close, 1, log_socket);
+ }
+
+ /* Time to kill self since we have no idea what is going on */
+ pid = INLINE_SYSCALL(getpid, 0);
+
+ if (ENABLE_SSP_SMASH_DUMPS_CORE) {
+ /* Remove any user-supplied handler for SIGABRT, before using it. */
+#if 0
+ /*
+ * Note: Disabled because some programs catch & process their
+ * own crashes. We've already enabled this code path which
+ * means we want to let core dumps happen.
+ */
+ static struct sigaction default_abort_act;
+ default_abort_act.sa_handler = SIG_DFL;
+ default_abort_act.sa_sigaction = NULL;
+ __sigfillset(&default_abort_act.sa_mask);
+ default_abort_act.sa_flags = 0;
+ if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
+#endif
+ INLINE_SYSCALL(kill, 2, pid, SIGABRT);
+ }
+
+ /* SIGKILL is only signal which cannot be caught */
+ INLINE_SYSCALL(kill, 2, pid, SIGKILL);
+
+ /* In case the kill didn't work, exit anyway.
+ * The loop prevents gcc thinking this routine returns.
+ */
+ while (1)
+ INLINE_SYSCALL(exit, 1, 137);
+}
+
+__attribute__ ((__noreturn__))
+#ifdef GENTOO_SSP_HANDLER
+void __stack_chk_fail(void)
+#else
+void __chk_fail(void)
+#endif
+{
+ __hardened_gentoo_fail();
+}
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
new file mode 100644
index 0000000..4a537bb
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-gentoo-stack_chk_fail.c
@@ -0,0 +1,2 @@
+#define GENTOO_SSP_HANDLER
+#include <debug/chk_fail.c>
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
new file mode 100644
index 0000000..35eabe9
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-hardened-inittls-nosysenter.patch
@@ -0,0 +1,306 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue. Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation. This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation. Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_PRE_TLS is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_PRE_TLS is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_PRE_TLS is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_PRE_TLS is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_PRE_TLS
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+Fixed for 2.10 by Magnus Granberg <zorry@ume.nu>
+Fixed for 2.18 by Magnus Granberg <zorry@gentoo.org>
+Fixed for 2.20 by Francisco Blas Izquierdo Riera <klondike@gentoo.org>
+
+--- a/csu/libc-start.c
++++ b/csu/libc-start.c
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void);
+@@ -170,6 +171,11 @@ LIBC_START_MAIN (int (*main) (int, char
+ }
+ }
+
++# ifdef INTERNAL_SYSCALL_PRE_TLS
++ /* Do the initial TLS initialization before _dl_osversion,
++ since the latter uses the uname syscall. */
++ __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+@@ -138,10 +144,12 @@
+ }
+ # endif
+
++# ifndef INTERNAL_SYSCALL_PRE_TLS
+ /* Initialize the thread library at least a bit since the libgcc
+ functions are using thread functions if these are available and
+ we need to setup errno. */
+ __pthread_initialize_minimal ();
++# endif
+
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+--- a/csu/libc-tls.c
++++ b/csu/libc-tls.c
+@@ -22,12 +22,17 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+
+
+ #ifdef SHARED
+ #error makefile bug, this file is for static only
+ #endif
+
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++extern void *__sbrk_nosysenter (intptr_t __delta);
++#endif
++
+ dtv_t _dl_static_dtv[2 + TLS_SLOTINFO_SURPLUS];
+
+
+@@ -139,20 +144,29 @@ __libc_setup_tls (size_t tcbsize, size_t
+
+ The initialized value of _dl_tls_static_size is provided by dl-open.c
+ to request some surplus that permits dynamic loading of modules with
+- IE-model TLS. */
++ IE-model TLS.
++
++ Where the normal sbrk would use a syscall that needs the TLS (i386)
++ use the special non-sysenter version instead. */
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++# define __sbrk __sbrk_nosysenter
++#endif
+ #if TLS_TCB_AT_TP
+ tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
+ tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
+ #elif TLS_DTV_AT_TP
+ tcb_offset = roundup (tcbsize, align ?: 1);
+ tlsblock = __sbrk (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
+ tlsblock += TLS_PRE_TCB_SIZE;
+ #else
+ /* In case a model with a different layout for the TCB and DTV
+ is defined add another #elif here and in the following #ifs. */
+ # error "Either TLS_TCB_AT_TP or TLS_DTV_AT_TP must be defined"
+ #endif
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++# undef __sbrk
++#endif
+
+ /* Align the TLS block. */
+ tlsblock = (void *) (((uintptr_t) tlsblock + max_align - 1)
+--- a/misc/sbrk.c
++++ b/misc/sbrk.c
+@@ -18,6 +18,7 @@
+ #include <errno.h>
+ #include <stdint.h>
+ #include <unistd.h>
++#include <sysdep.h>
+
+ /* Defined in brk.c. */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+ If INCREMENT is negative, shrink data space by - INCREMENT.
+ Return start of new space allocated, or -1 for errors. */
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++ void *oldbrk;
++
++ /* If this is not part of the dynamic library or the library is used via
++ dynamic loading in a statically linked program update __curbrk from the
++ kernel's brk value. That way two separate instances of __brk and __sbrk
++ can share the heap, returning interleaved pieces of it. */
++ if (__curbrk == NULL || __libc_multiple_libcs)
++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
++ return (void *) -1;
++
++ if (increment == 0)
++ return __curbrk;
++
++ oldbrk = __curbrk;
++ if (__brk_nosysenter (oldbrk + increment) < 0)
++ return (void *) -1;
++
++ return oldbrk;
++}
++#endif
++
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- a/sysdeps/unix/sysv/linux/i386/brk.c
++++ b/sysdeps/unix/sysv/linux/i386/brk.c
+@@ -31,6 +31,30 @@
+ linker. */
+ weak_alias (__curbrk, ___brk_addr)
+
++#ifdef INTERNAL_SYSCALL_PRE_TLS
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++ void *newbrk;
++
++ INTERNAL_SYSCALL_DECL (err);
++ newbrk = (void *) INTERNAL_SYSCALL_PRE_TLS (brk, err, 1, addr);
++
++ __curbrk = newbrk;
++
++ if (newbrk < addr)
++ {
++ __set_errno (ENOMEM);
++ return -1;
++ }
++
++ return 0;
++}
++#endif
++
+ int
+ __brk (void *addr)
+ {
+--- a/sysdeps/unix/sysv/linux/i386/sysdep.h
++++ b/sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+ to use int $0x80. */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# ifdef __PIC__
+ # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ # define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+ possible to use more than four parameters. */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# ifdef __PIC__
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+@@ -384,6 +384,18 @@
+ : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
+ ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
++# define INTERNAL_SYSCALL_PRE_TLS(name, err, nr, args...) \
++ ({ \
++ register unsigned int resultvar; \
++ EXTRAVAR_##nr \
++ asm volatile ( \
++ LOADARGS_NOSYSENTER_##nr \
++ "movl %1, %%eax\n\t" \
++ "int $0x80\n\t" \
++ RESTOREARGS_NOSYSENTER_##nr \
++ : "=a" (resultvar) \
++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
++ (int) resultvar; })
+ # else
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+@@ -447,12 +459,20 @@
+
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && defined __PIC__
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k3, %k3\n\t"
+ # define LOADARGS_5 \
+ "movl %%ebx, %4\n\t" \
+ "movl %3, %%ebx\n\t"
++# define LOADARGS_NOSYSENTER_1 \
++ "bpushl .L__X'%k2, %k2\n\t"
++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
++# define LOADARGS_NOSYSENTER_3 LOADARGS_3
++# define LOADARGS_NOSYSENTER_4 LOADARGS_3
++# define LOADARGS_NOSYSENTER_5 \
++ "movl %%ebx, %3\n\t" \
++ "movl %2, %%ebx\n\t"
+ # else
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +494,18 @@
+
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && defined __PIC__
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k3, %k3\n\t"
+ # define RESTOREARGS_5 \
+ "movl %4, %%ebx"
++# define RESTOREARGS_NOSYSENTER_1 \
++ "bpopl .L__X'%k2, %k2\n\t"
++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_5 \
++ "movl %3, %%ebx"
+ # else
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
+--- a/sysdeps/i386/nptl/tls.h
++++ b/sysdeps/i386/nptl/tls.h
+@@ -189,6 +189,15 @@
+ desc->vals[3] = 0x51;
+ }
+
++/* We have no sysenter until the tls is initialized which is a
++ problem for PIC. Thus we need to do the right call depending
++ on the situation. */
++#ifndef INTERNAL_SYSCALL_PRE_TLS
++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL
++#else
++# define TLS_INIT_SYSCALL INTERNAL_SYSCALL_PRE_TLS
++#endif
++
+ /* Code to initially initialize the thread pointer. This might need
+ special attention since 'errno' is not yet available and if the
+ operation can cause a failure 'errno' must not be touched. */
+@@ -209,7 +218,7 @@
+ \
+ /* Install the TLS. */ \
+ INTERNAL_SYSCALL_DECL (err); \
+- _result = INTERNAL_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
++ _result = TLS_INIT_SYSCALL (set_thread_area, err, 1, &_segdescr.desc); \
+ \
+ if (_result == 0) \
+ /* We know the index in the GDT, now load the segment register. \
diff --git a/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch b/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch
new file mode 100644
index 0000000..2b2de6b
--- /dev/null
+++ b/sys-libs/glibc/files/2.20/glibc-2.20-vdso-disable.patch
@@ -0,0 +1,20 @@
+disable vdso loading in ELF handler unconditionally for some buggy kernel
+like that shipped with RHEL(likely CentOS and SL) 5.6
+
+ https://bugzilla.redhat.com/show_bug.cgi?id=673616
+
+Benda Xu <heroxbd@gentoo.org> (24 Nov, 2014)
+
+Index: work/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h
+===================================================================
+--- work.orig/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h
++++ work/glibc-2.20/sysdeps/unix/sysv/linux/dl-sysdep.h
+@@ -23,7 +23,7 @@
+ machines, we should look at it for unwind information even if
+ we aren't making direct use of it. So enable this across the board. */
+
+-#define NEED_DL_SYSINFO_DSO 1
++#define NEED_DL_SYSINFO_DSO 0
+
+
+ #ifndef __ASSEMBLER__
diff --git a/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch b/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch
new file mode 100644
index 0000000..7c4399f
--- /dev/null
+++ b/sys-libs/glibc/files/2.3.3/glibc-2.3.3-localedef-fix-trampoline.patch
@@ -0,0 +1,68 @@
+#! /bin/sh -e
+
+# DP: Description: Fix localedef segfault when run under exec-shield,
+# PaX or similar. (#231438, #198099)
+# DP: Dpatch Author: James Troup <james@nocrew.org>
+# DP: Patch Author: (probably) Jakub Jelinek <jakub@redhat.com>
+# DP: Upstream status: Unknown
+# DP: Status Details: Unknown
+# DP: Date: 2004-03-16
+
+if [ $# -ne 2 ]; then
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+fi
+case "$1" in
+ -patch) patch -d "$2" -f --no-backup-if-mismatch -p1 < $0;;
+ -unpatch) patch -d "$2" -f --no-backup-if-mismatch -R -p1 < $0;;
+ *)
+ echo >&2 "`basename $0`: script expects -patch|-unpatch as argument"
+ exit 1
+esac
+exit 0
+
+--- glibc-2.3.3-net/locale/programs/3level.h 16 Jun 2003 07:19:09 -0000 1.1.1.5
++++ glibc-2.3.3-redhat/locale/programs/3level.h 16 Jun 2003 09:32:40 -0000 1.4
+@@ -204,6 +204,42 @@ CONCAT(TABLE,_iterate) (struct TABLE *t,
+ }
+ }
+ }
++
++/* GCC ATM seems to do a poor job with pointers to nested functions passed
++ to inlined functions. Help it a little bit with this hack. */
++#define wchead_table_iterate(tp, fn) \
++do \
++ { \
++ struct wchead_table *t = (tp); \
++ uint32_t index1; \
++ for (index1 = 0; index1 < t->level1_size; index1++) \
++ { \
++ uint32_t lookup1 = t->level1[index1]; \
++ if (lookup1 != ((uint32_t) ~0)) \
++ { \
++ uint32_t lookup1_shifted = lookup1 << t->q; \
++ uint32_t index2; \
++ for (index2 = 0; index2 < (1 << t->q); index2++) \
++ { \
++ uint32_t lookup2 = t->level2[index2 + lookup1_shifted]; \
++ if (lookup2 != ((uint32_t) ~0)) \
++ { \
++ uint32_t lookup2_shifted = lookup2 << t->p; \
++ uint32_t index3; \
++ for (index3 = 0; index3 < (1 << t->p); index3++) \
++ { \
++ struct element_t *lookup3 \
++ = t->level3[index3 + lookup2_shifted]; \
++ if (lookup3 != NULL) \
++ fn ((((index1 << t->q) + index2) << t->p) + index3, \
++ lookup3); \
++ } \
++ } \
++ } \
++ } \
++ } \
++ } while (0)
++
+ #endif
+
+ #ifndef NO_FINALIZE
diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c
new file mode 100644
index 0000000..e304440
--- /dev/null
+++ b/sys-libs/glibc/files/2.5/glibc-2.5-gentoo-stack_chk_fail.c
@@ -0,0 +1,311 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+/* Copyright (C) 2006 Gentoo Foundation Inc.
+ * License terms as above.
+ *
+ * Hardened Gentoo SSP handler
+ *
+ * An SSP failure handler that does not use functions from the rest of
+ * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
+ * no possibility of recursion into the handler.
+ *
+ * Direct all bug reports to http://bugs.gentoo.org/
+ *
+ * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
+ * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ *
+ * The following people contributed to the glibc-2.3 Hardened
+ * Gentoo SSP handler, from which this implementation draws much:
+ *
+ * Ned Ludd - <solar[@]gentoo.org>
+ * Alexander Gabert - <pappy[@]gentoo.org>
+ * The PaX Team - <pageexec[@]freemail.hu>
+ * Peter S. Mazinger - <ps.m[@]gmx.net>
+ * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ * Robert Connolly - <robert[@]linuxfromscratch.org>
+ * Cory Visi <cory[@]visi.name>
+ * Mike Frysinger <vapier[@]gentoo.org>
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+#include <bp-checks.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# if !defined _KERNEL_NSIG && !defined _NSIG
+# error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigation && !defined __NR_rt_sigaction
+# error Cannot do syscall sigaction or rt_sigaction
+# endif
+#endif
+
+
+
+/* Define DO_SOCKET/DO_CONNECT macros to deal with socketcall vs socket/connect */
+#ifdef __NR_socketcall
+
+# define DO_SOCKET(result,domain,type,protocol) \
+ {socketargs[0] = domain; \
+ socketargs[1] = type; \
+ socketargs[2] = protocol; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall,2,SOCKOP_socket,socketargs);}
+
+# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \
+ {socketargs[0] = sockfd; \
+ socketargs[1] = (unsigned long int)serv_addr; \
+ socketargs[2] = addrlen; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall,2,SOCKOP_connect,socketargs);}
+
+#else
+
+# define DO_SOCKET(result,domain,type,protocol) \
+ {result = INLINE_SYSCALL(socket,3,domain,type,protocol);}
+
+# define DO_CONNECT(result,sockfd,serv_addr,addrlen) \
+ {result = INLINE_SYSCALL(connect,3,sockfd,serv_addr,addrlen);}
+
+#endif
+/* __NR_socketcall */
+
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[]=_PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static char *__progname = "<rtld>";
+#else
+extern char *__progname;
+#endif
+
+
+/* Common handler code, used by stack_chk_fail and __stack_smash_handler
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+static inline void
+__attribute__ ((__noreturn__ , __always_inline__))
+__hardened_gentoo_stack_chk_fail (char func[], int damaged)
+{
+#define MESSAGE_BUFSIZ 256
+ static pid_t pid;
+ static int plen, i;
+ static char message[MESSAGE_BUFSIZ];
+ static const char msg_ssa[]=": stack smashing attack";
+ static const char msg_inf[]=" in function ";
+ static const char msg_ssd[]="*** stack smashing detected ***: ";
+ static const char msg_terminated[]=" - terminated\n";
+ static const char msg_report[]="Report to http://bugs.gentoo.org/\n";
+ static const char msg_unknown[]="<unknown>";
+#ifdef SSP_SMASH_DUMPS_CORE
+ static struct sigaction default_abort_act;
+#endif
+ static int log_socket, connect_result;
+ static struct sockaddr_un sock;
+#ifdef __NR_socketcall
+ static unsigned long int socketargs[4];
+#endif
+
+ /* Build socket address
+ */
+ sock.sun_family = AF_UNIX;
+ i=0;
+ while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1)))
+ {
+ sock.sun_path[i]=path_log[i];
+ i++;
+ }
+ sock.sun_path[i]='\0';
+
+ /* Try SOCK_DGRAM connection to syslog */
+ connect_result=-1;
+ DO_SOCKET(log_socket,AF_UNIX,SOCK_DGRAM,0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock)));
+ if (connect_result == -1)
+ {
+ if (log_socket != -1)
+ INLINE_SYSCALL(close,1,log_socket);
+ /* Try SOCK_STREAM connection to syslog */
+ DO_SOCKET(log_socket,AF_UNIX,SOCK_STREAM,0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result,log_socket,(&sock),(sizeof(sock)));
+ }
+
+ /* Build message. Messages are generated both in the old style and new style,
+ * so that log watchers that are configured for the old-style message continue
+ * to work.
+ */
+#define strconcat(str) \
+ {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
+ {\
+ message[plen+i]=str[i];\
+ i++;\
+ }\
+ plen+=i;}
+
+ /* R.Henderson post-gcc-4 style message */
+ plen=0;
+ strconcat(msg_ssd);
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+ /* Dr. Etoh pre-gcc-4 style message */
+ plen=0;
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_ssa);
+ strconcat(msg_inf);
+ if (func!=NULL)
+ strconcat(func)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+ /* Direct reports to bugs.gentoo.org */
+ plen=0;
+ strconcat(msg_report);
+ message[plen++]='\0';
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write,3,STDERR_FILENO,message,plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write,3,log_socket,message,plen);
+
+ if (log_socket != -1)
+ INLINE_SYSCALL(close,1,log_socket);
+
+ /* Suicide */
+ pid=INLINE_SYSCALL(getpid,0);
+#ifdef SSP_SMASH_DUMPS_CORE
+ /* Remove any user-supplied handler for SIGABRT, before using it */
+ default_abort_act.sa_handler = SIG_DFL;
+ default_abort_act.sa_sigaction = NULL;
+ __sigfillset(&default_abort_act.sa_mask);
+ default_abort_act.sa_flags = 0;
+ /* sigaction doesn't exist on amd64; however rt_sigaction seems to
+ * exist everywhere. rt_sigaction has an extra parameter - the
+ * size of sigset_t.
+ */
+# ifdef __NR_sigation
+ if (INLINE_SYSCALL(sigaction,3,SIGABRT,&default_abort_act,NULL) == 0)
+# else
+ /* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+ * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+ * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+ * some reason.
+ */
+# ifdef _KERNEL_NSIG
+ if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_KERNEL_NSIG/8) == 0)
+# else
+ if (INLINE_SYSCALL(rt_sigaction,4,SIGABRT,&default_abort_act,NULL,_NSIG/8) == 0)
+# endif
+# endif
+ INLINE_SYSCALL(kill,2,pid,SIGABRT);
+#endif
+ /* Note; actions cannot be added to SIGKILL */
+ INLINE_SYSCALL(kill,2,pid,SIGKILL);
+
+ /* In case the kill didn't work, exit anyway
+ * The loop prevents gcc thinking this routine returns
+ */
+ while (1) INLINE_SYSCALL(exit,0);
+}
+
+void
+__attribute__ ((__noreturn__))
+ __stack_chk_fail (void)
+{
+ __hardened_gentoo_stack_chk_fail(NULL,0);
+}
+
+#ifdef ENABLE_OLD_SSP_COMPAT
+void
+__attribute__ ((__noreturn__))
+__stack_smash_handler(char func[], int damaged)
+{
+ __hardened_gentoo_stack_chk_fail(func,damaged);
+}
+#endif
+
diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch
new file mode 100644
index 0000000..253a61b
--- /dev/null
+++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-configure-picdefault.patch
@@ -0,0 +1,29 @@
+Prevent default-fPIE from confusing configure into thinking
+PIC code is default. This causes glibc to build both PIC and
+non-PIC code as normal, which on the hardened compiler generates
+PIC and PIE.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- configure.in
++++ configure.in
+@@ -2145,7 +2145,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&AS_MESSAGE_LOG_FD 1>&AS_MESSAGE_LOG_FD"; then
+ pic_default=no
+ fi
+ rm -f conftest.*])
+--- configure
++++ configure
+@@ -7698,7 +7698,7 @@
+ # error PIC is default.
+ #endif
+ EOF
+-if eval "${CC-cc} -S conftest.c 2>&5 1>&5"; then
++if eval "${CC-cc} -fno-PIE -S conftest.c 2>&5 1>&5"; then
+ pic_default=no
+ fi
+ rm -f conftest.*
diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
new file mode 100644
index 0000000..420e6fd
--- /dev/null
+++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-inittls-nosysenter.patch
@@ -0,0 +1,283 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue. Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation. This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation. Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- csu/libc-start.c.orig 2007-01-21 11:51:06.000000000 +0100
++++ csu/libc-start.c 2007-01-21 11:55:57.000000000 +0100
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void)
+@@ -133,6 +134,14 @@
+ # endif
+ _dl_aux_init (auxvec);
+ # endif
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ /* Do the initial TLS initialization before _dl_osversion,
++ since the latter uses the uname syscall. */
++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP
++ if (__pthread_initialize_minimal)
++# endif
++ __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+@@ -142,15 +151,17 @@
+ }
+ # endif
+
++# ifndef INTERNAL_SYSCALL_NOSYSENTER
+ /* Initialize the thread library at least a bit since the libgcc
+ functions are using thread functions if these are available and
+ we need to setup errno. If there is no thread library and we
+ handle TLS the function is defined in the libc to initialized the
+ TLS handling. */
+-# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP
++# if !(USE_TLS - 0) && !defined NONTLS_INIT_TP
+ if (__pthread_initialize_minimal)
+-# endif
++# endif
+ __pthread_initialize_minimal ();
++# endif
+ #endif
+
+ # ifndef SHARED
+--- csu/libc-tls.c.orig 2007-01-21 11:37:02.000000000 +0100
++++ csu/libc-tls.c 2007-01-21 12:09:33.000000000 +0100
+@@ -23,6 +23,7 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+
+
+ #ifdef SHARED
+@@ -30,6 +31,9 @@
+ #endif
+
+ #ifdef USE_TLS
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++extern void *__sbrk_nosysenter (intptr_t __delta);
++# endif
+ extern ElfW(Phdr) *_dl_phdr;
+ extern size_t _dl_phnum;
+
+@@ -142,14 +146,26 @@
+
+ The initialized value of _dl_tls_static_size is provided by dl-open.c
+ to request some surplus that permits dynamic loading of modules with
+- IE-model TLS. */
++ IE-model TLS.
++
++ Where the normal sbrk would use a syscall that needs the TLS (i386)
++ use the special non-sysenter version instead. */
+ # if TLS_TCB_AT_TP
+ tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
++# else
+ tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
++# endif
+ # elif TLS_DTV_AT_TP
+ tcb_offset = roundup (tcbsize, align ?: 1);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# else
+ tlsblock = __sbrk (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# endif
+ tlsblock += TLS_PRE_TCB_SIZE;
+ # else
+ /* In case a model with a different layout for the TCB and DTV
+--- misc/sbrk.c.orig 2007-01-21 11:38:27.000000000 +0100
++++ misc/sbrk.c 2007-01-21 12:07:29.000000000 +0100
+@@ -18,6 +18,7 @@
+
+ #include <unistd.h>
+ #include <errno.h>
++#include <sysdep.h>
+
+ /* Defined in brk.c. */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+ If INCREMENT is negative, shrink data space by - INCREMENT.
+ Return start of new space allocated, or -1 for errors. */
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++ void *oldbrk;
++
++ /* If this is not part of the dynamic library or the library is used
++ via dynamic loading in a statically linked program update
++ __curbrk from the kernel's brk value. That way two separate
++ instances of __brk and __sbrk can share the heap, returning
++ interleaved pieces of it. */
++ if (__curbrk == NULL || __libc_multiple_libcs)
++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
++ return (void *) -1;
++
++ if (increment == 0)
++ return __curbrk;
++
++ oldbrk = __curbrk;
++ if (__brk_nosysenter (oldbrk + increment) < 0)
++ return (void *) -1;
++
++ return oldbrk;
++}
++#endif
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- sysdeps/unix/sysv/linux/i386/brk.c.orig 2007-01-21 11:39:16.000000000 +0100
++++ sysdeps/unix/sysv/linux/i386/brk.c 2007-01-21 11:44:01.000000000 +0100
+@@ -31,6 +31,30 @@
+ linker. */
+ weak_alias (__curbrk, ___brk_addr)
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ * if the SYSENTER version requires the TLS (which it does on i386).
++ * Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++ void *__unbounded newbrk;
++
++ INTERNAL_SYSCALL_DECL (err);
++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
++ __ptrvalue (addr));
++
++ __curbrk = newbrk;
++
++ if (newbrk < addr)
++ {
++ __set_errno (ENOMEM);
++ return -1;
++ }
++
++ return 0;
++}
++#endif
+ int
+ __brk (void *addr)
+ {
+--- sysdeps/unix/sysv/linux/i386/sysdep.h.orig 2007-01-21 13:08:00.000000000 +0100
++++ sysdeps/unix/sysv/linux/i386/sysdep.h 2007-01-21 13:19:10.000000000 +0100
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+ to use int $0x80. */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ # define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+ possible to use more than four parameters. */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+@@ -384,6 +384,18 @@
+ : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
+ ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
++ ({ \
++ register unsigned int resultvar; \
++ EXTRAVAR_##nr \
++ asm volatile ( \
++ LOADARGS_NOSYSENTER_##nr \
++ "movl %1, %%eax\n\t" \
++ "int $0x80\n\t" \
++ RESTOREARGS_NOSYSENTER_##nr \
++ : "=a" (resultvar) \
++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
++ (int) resultvar; })
+ # else
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+@@ -447,12 +459,20 @@
+
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k3, %k3\n\t"
+ # define LOADARGS_5 \
+ "movl %%ebx, %4\n\t" \
+ "movl %3, %%ebx\n\t"
++# define LOADARGS_NOSYSENTER_1 \
++ "bpushl .L__X'%k2, %k2\n\t"
++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
++# define LOADARGS_NOSYSENTER_3 LOADARGS_3
++# define LOADARGS_NOSYSENTER_4 LOADARGS_3
++# define LOADARGS_NOSYSENTER_5 \
++ "movl %%ebx, %3\n\t" \
++ "movl %2, %%ebx\n\t"
+ # else
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +495,18 @@
+
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k3, %k3\n\t"
+ # define RESTOREARGS_5 \
+ "movl %4, %%ebx"
++# define RESTOREARGS_NOSYSENTER_1 \
++ "bpopl .L__X'%k2, %k2\n\t"
++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_5 \
++ "movl %3, %%ebx"
+ # else
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
diff --git a/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
new file mode 100644
index 0000000..46f3de4
--- /dev/null
+++ b/sys-libs/glibc/files/2.5/glibc-2.5-hardened-pie.patch
@@ -0,0 +1,39 @@
+Change link commands for glibc executables to build PIEs
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- Makeconfig
++++ Makeconfig
+@@ -415,10 +415,10 @@
+
+ # Command for linking programs with the C library.
+ ifndef +link
+-+link = $(CC) -nostdlib -nostartfiles -o $@ \
+++link = $(CC) -nostdlib -nostartfiles -fPIE -pie -o $@ \
+ $(sysdep-LDFLAGS) $(config-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+ $(combreloc-LDFLAGS) $(relro-LDFLAGS) $(hashstyle-LDFLAGS) \
+- $(addprefix $(csu-objpfx),$(start-installed-name)) \
++ $(addprefix $(csu-objpfx),S$(start-installed-name)) \
+ $(+preinit) $(+prector) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ $(start-installed-name))\
+@@ -429,7 +429,7 @@
+ ifndef +link-static
+ +link-static = $(CC) -nostdlib -nostartfiles -static -o $@ \
+ $(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
+- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
++ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
+ $(+preinit) $(+prector) \
+ $(filter-out $(addprefix $(csu-objpfx),start.o \
+ $(start-installed-name))\
+@@ -528,8 +528,8 @@
+ ifeq ($(elf),yes)
+ +preinit = $(addprefix $(csu-objpfx),crti.o)
+ +postinit = $(addprefix $(csu-objpfx),crtn.o)
+-+prector = `$(CC) --print-file-name=crtbegin.o`
+-+postctor = `$(CC) --print-file-name=crtend.o`
+++prector = `$(CC) --print-file-name=crtbeginS.o`
+++postctor = `$(CC) --print-file-name=crtendS.o`
+ +interp = $(addprefix $(elf-objpfx),interp.os)
+ endif
+ csu-objpfx = $(common-objpfx)csu/
diff --git a/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c
new file mode 100644
index 0000000..217bf1a
--- /dev/null
+++ b/sys-libs/glibc/files/2.6/glibc-2.6-gentoo-stack_chk_fail.c
@@ -0,0 +1,321 @@
+/* Copyright (C) 2005 Free Software Foundation, Inc.
+ This file is part of the GNU C Library.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, write to the Free
+ Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+ 02111-1307 USA. */
+
+/* Copyright (C) 2006-2007 Gentoo Foundation Inc.
+ * License terms as above.
+ *
+ * Hardened Gentoo SSP handler
+ *
+ * An SSP failure handler that does not use functions from the rest of
+ * glibc; it uses the INTERNAL_SYSCALL methods directly. This ensures
+ * no possibility of recursion into the handler.
+ *
+ * Direct all bug reports to http://bugs.gentoo.org/
+ *
+ * Re-written from the glibc-2.3 Hardened Gentoo SSP handler
+ * by Kevin F. Quinn - <kevquinn[@]gentoo.org>
+ *
+ * The following people contributed to the glibc-2.3 Hardened
+ * Gentoo SSP handler, from which this implementation draws much:
+ *
+ * Ned Ludd - <solar[@]gentoo.org>
+ * Alexander Gabert - <pappy[@]gentoo.org>
+ * The PaX Team - <pageexec[@]freemail.hu>
+ * Peter S. Mazinger - <ps.m[@]gmx.net>
+ * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
+ * Robert Connolly - <robert[@]linuxfromscratch.org>
+ * Cory Visi <cory[@]visi.name>
+ * Mike Frysinger <vapier[@]gentoo.org>
+ */
+
+#include <errno.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <signal.h>
+
+#include <sys/types.h>
+
+#include <sysdep-cancel.h>
+#include <sys/syscall.h>
+#include <bp-checks.h>
+
+#include <kernel-features.h>
+
+#include <alloca.h>
+/* from sysdeps */
+#include <socketcall.h>
+/* for the stuff in bits/socket.h */
+#include <sys/socket.h>
+#include <sys/un.h>
+
+
+/* Sanity check on SYSCALL macro names - force compilation
+ * failure if the names used here do not exist
+ */
+#if !defined __NR_socketcall && !defined __NR_socket
+# error Cannot do syscall socket or socketcall
+#endif
+#if !defined __NR_socketcall && !defined __NR_connect
+# error Cannot do syscall connect or socketcall
+#endif
+#ifndef __NR_write
+# error Cannot do syscall write
+#endif
+#ifndef __NR_close
+# error Cannot do syscall close
+#endif
+#ifndef __NR_getpid
+# error Cannot do syscall getpid
+#endif
+#ifndef __NR_kill
+# error Cannot do syscall kill
+#endif
+#ifndef __NR_exit
+# error Cannot do syscall exit
+#endif
+#ifdef SSP_SMASH_DUMPS_CORE
+# define ENABLE_SSP_SMASH_DUMPS_CORE 1
+# if !defined _KERNEL_NSIG && !defined _NSIG
+# error No _NSIG or _KERNEL_NSIG for rt_sigaction
+# endif
+# if !defined __NR_sigaction && !defined __NR_rt_sigaction
+# error Cannot do syscall sigaction or rt_sigaction
+# endif
+/* Although rt_sigaction expects sizeof(sigset_t) - it expects the size
+ * of the _kernel_ sigset_t which is not the same as the user sigset_t.
+ * Most arches have this as _NSIG bits - mips has _KERNEL_NSIG bits for
+ * some reason.
+ */
+# ifdef _KERNEL_NSIG
+# define _SSP_NSIG _KERNEL_NSIG
+# else
+# define _SSP_NSIG _NSIG
+# endif
+#else
+# define _SSP_NSIG 0
+# define ENABLE_SSP_SMASH_DUMPS_CORE 0
+#endif
+
+/* Define DO_SIGACTION - default to newer rt signal interface but
+ * fallback to old as needed.
+ */
+#ifdef __NR_rt_sigaction
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(rt_sigaction, 4, signum, act, oldact, _SSP_NSIG/8)
+#else
+# define DO_SIGACTION(signum, act, oldact) \
+ INLINE_SYSCALL(sigaction, 3, signum, act, oldact)
+#endif
+
+/* Define DO_SOCKET/DO_CONNECT functions to deal with socketcall vs socket/connect */
+#if defined(__NR_socket) && defined(__NR_connect)
+# define USE_OLD_SOCKETCALL 0
+#else
+# define USE_OLD_SOCKETCALL 1
+#endif
+/* stub out the __NR_'s so we can let gcc optimize away dead code */
+#ifndef __NR_socketcall
+# define __NR_socketcall 0
+#endif
+#ifndef __NR_socket
+# define __NR_socket 0
+#endif
+#ifndef __NR_connect
+# define __NR_connect 0
+#endif
+#define DO_SOCKET(result, domain, type, protocol) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = domain; \
+ socketargs[1] = type; \
+ socketargs[2] = protocol; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_socket, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(socket, 3, domain, type, protocol); \
+ } while (0)
+#define DO_CONNECT(result, sockfd, serv_addr, addrlen) \
+ do { \
+ if (USE_OLD_SOCKETCALL) { \
+ socketargs[0] = sockfd; \
+ socketargs[1] = (unsigned long int)serv_addr; \
+ socketargs[2] = addrlen; \
+ socketargs[3] = 0; \
+ result = INLINE_SYSCALL(socketcall, 2, SOCKOP_connect, socketargs); \
+ } else \
+ result = INLINE_SYSCALL(connect, 3, sockfd, serv_addr, addrlen); \
+ } while (0)
+
+#ifndef _PATH_LOG
+# define _PATH_LOG "/dev/log"
+#endif
+
+static const char path_log[] = _PATH_LOG;
+
+/* For building glibc with SSP switched on, define __progname to a
+ * constant if building for the run-time loader, to avoid pulling
+ * in more of libc.so into ld.so
+ */
+#ifdef IS_IN_rtld
+static char *__progname = "<rtld>";
+#else
+extern char *__progname;
+#endif
+
+
+/* Common handler code, used by stack_chk_fail and __stack_smash_handler
+ * Inlined to ensure no self-references to the handler within itself.
+ * Data static to avoid putting more than necessary on the stack,
+ * to aid core debugging.
+ */
+__attribute__ ((__noreturn__ , __always_inline__))
+static inline void
+__hardened_gentoo_stack_chk_fail(char func[], int damaged)
+{
+#define MESSAGE_BUFSIZ 256
+ static pid_t pid;
+ static int plen, i;
+ static char message[MESSAGE_BUFSIZ];
+ static const char msg_ssa[] = ": stack smashing attack";
+ static const char msg_inf[] = " in function ";
+ static const char msg_ssd[] = "*** stack smashing detected ***: ";
+ static const char msg_terminated[] = " - terminated\n";
+ static const char msg_report[] = "Report to http://bugs.gentoo.org/\n";
+ static const char msg_unknown[] = "<unknown>";
+ static int log_socket, connect_result;
+ static struct sockaddr_un sock;
+ static unsigned long int socketargs[4];
+
+ /* Build socket address
+ */
+ sock.sun_family = AF_UNIX;
+ i = 0;
+ while ((path_log[i] != '\0') && (i<(sizeof(sock.sun_path)-1))) {
+ sock.sun_path[i] = path_log[i];
+ i++;
+ }
+ sock.sun_path[i] = '\0';
+
+ /* Try SOCK_DGRAM connection to syslog */
+ connect_result = -1;
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_DGRAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ if (connect_result == -1) {
+ if (log_socket != -1)
+ INLINE_SYSCALL(close, 1, log_socket);
+ /* Try SOCK_STREAM connection to syslog */
+ DO_SOCKET(log_socket, AF_UNIX, SOCK_STREAM, 0);
+ if (log_socket != -1)
+ DO_CONNECT(connect_result, log_socket, &sock, sizeof(sock));
+ }
+
+ /* Build message. Messages are generated both in the old style and new style,
+ * so that log watchers that are configured for the old-style message continue
+ * to work.
+ */
+#define strconcat(str) \
+ {i=0; while ((str[i] != '\0') && ((i+plen)<(MESSAGE_BUFSIZ-1))) \
+ {\
+ message[plen+i]=str[i];\
+ i++;\
+ }\
+ plen+=i;}
+
+ /* R.Henderson post-gcc-4 style message */
+ plen = 0;
+ strconcat(msg_ssd);
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+
+ /* Dr. Etoh pre-gcc-4 style message */
+ plen = 0;
+ if (__progname != (char *)0)
+ strconcat(__progname)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_ssa);
+ strconcat(msg_inf);
+ if (func != NULL)
+ strconcat(func)
+ else
+ strconcat(msg_unknown);
+ strconcat(msg_terminated);
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+
+ /* Direct reports to bugs.gentoo.org */
+ plen=0;
+ strconcat(msg_report);
+ message[plen++]='\0';
+
+ /* Write out error message to STDERR, to syslog if open */
+ INLINE_SYSCALL(write, 3, STDERR_FILENO, message, plen);
+ if (connect_result != -1)
+ INLINE_SYSCALL(write, 3, log_socket, message, plen);
+
+ if (log_socket != -1)
+ INLINE_SYSCALL(close, 1, log_socket);
+
+ /* Suicide */
+ pid = INLINE_SYSCALL(getpid, 0);
+
+ if (ENABLE_SSP_SMASH_DUMPS_CORE) {
+ static struct sigaction default_abort_act;
+ /* Remove any user-supplied handler for SIGABRT, before using it */
+ default_abort_act.sa_handler = SIG_DFL;
+ default_abort_act.sa_sigaction = NULL;
+ __sigfillset(&default_abort_act.sa_mask);
+ default_abort_act.sa_flags = 0;
+ if (DO_SIGACTION(SIGABRT, &default_abort_act, NULL) == 0)
+ INLINE_SYSCALL(kill, 2, pid, SIGABRT);
+ }
+
+ /* Note; actions cannot be added to SIGKILL */
+ INLINE_SYSCALL(kill, 2, pid, SIGKILL);
+
+ /* In case the kill didn't work, exit anyway
+ * The loop prevents gcc thinking this routine returns
+ */
+ while (1)
+ INLINE_SYSCALL(exit, 0);
+}
+
+__attribute__ ((__noreturn__))
+void __stack_chk_fail(void)
+{
+ __hardened_gentoo_stack_chk_fail(NULL, 0);
+}
+
+#ifdef ENABLE_OLD_SSP_COMPAT
+__attribute__ ((__noreturn__))
+void __stack_smash_handler(char func[], int damaged)
+{
+ __hardened_gentoo_stack_chk_fail(func, damaged);
+}
+#endif
diff --git a/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch
new file mode 100644
index 0000000..be8ca19
--- /dev/null
+++ b/sys-libs/glibc/files/2.6/glibc-2.6-hardened-inittls-nosysenter.patch
@@ -0,0 +1,273 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue. Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation. This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation. Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- csu/libc-start.c
++++ csu/libc-start.c
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void);
+@@ -129,6 +130,11 @@
+ # endif
+ _dl_aux_init (auxvec);
+ # endif
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ /* Do the initial TLS initialization before _dl_osversion,
++ since the latter uses the uname syscall. */
++ __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+@@ -138,10 +144,12 @@
+ }
+ # endif
+
++# ifndef INTERNAL_SYSCALL_NOSYSENTER
+ /* Initialize the thread library at least a bit since the libgcc
+ functions are using thread functions if these are available and
+ we need to setup errno. */
+ __pthread_initialize_minimal ();
++# endif
+ #endif
+
+ # ifndef SHARED
+--- csu/libc-tls.c
++++ csu/libc-tls.c
+@@ -23,6 +23,7 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+
+
+ #ifdef SHARED
+@@ -29,6 +30,9 @@
+ #error makefile bug, this file is for static only
+ #endif
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++extern void *__sbrk_nosysenter (intptr_t __delta);
++#endif
+ extern ElfW(Phdr) *_dl_phdr;
+ extern size_t _dl_phnum;
+
+@@ -141,14 +145,26 @@
+
+ The initialized value of _dl_tls_static_size is provided by dl-open.c
+ to request some surplus that permits dynamic loading of modules with
+- IE-model TLS. */
++ IE-model TLS.
++
++ Where the normal sbrk would use a syscall that needs the TLS (i386)
++ use the special non-sysenter version instead. */
+ #if TLS_TCB_AT_TP
+ tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
++# else
+ tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
++# endif
+ #elif TLS_DTV_AT_TP
+ tcb_offset = roundup (tcbsize, align ?: 1);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# else
+ tlsblock = __sbrk (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# endif
+ tlsblock += TLS_PRE_TCB_SIZE;
+ #else
+ /* In case a model with a different layout for the TCB and DTV
+--- misc/sbrk.c
++++ misc/sbrk.c
+@@ -18,6 +18,7 @@
+
+ #include <unistd.h>
+ #include <errno.h>
++#include <sysdep.h>
+
+ /* Defined in brk.c. */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+ If INCREMENT is negative, shrink data space by - INCREMENT.
+ Return start of new space allocated, or -1 for errors. */
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++ void *oldbrk;
++
++ /* If this is not part of the dynamic library or the library is used
++ via dynamic loading in a statically linked program update
++ __curbrk from the kernel's brk value. That way two separate
++ instances of __brk and __sbrk can share the heap, returning
++ interleaved pieces of it. */
++ if (__curbrk == NULL || __libc_multiple_libcs)
++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
++ return (void *) -1;
++
++ if (increment == 0)
++ return __curbrk;
++
++ oldbrk = __curbrk;
++ if (__brk_nosysenter (oldbrk + increment) < 0)
++ return (void *) -1;
++
++ return oldbrk;
++}
++#endif
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- sysdeps/unix/sysv/linux/i386/brk.c
++++ sysdeps/unix/sysv/linux/i386/brk.c
+@@ -31,6 +31,30 @@
+ linker. */
+ weak_alias (__curbrk, ___brk_addr)
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ * if the SYSENTER version requires the TLS (which it does on i386).
++ * Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++ void *__unbounded newbrk;
++
++ INTERNAL_SYSCALL_DECL (err);
++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
++ __ptrvalue (addr));
++
++ __curbrk = newbrk;
++
++ if (newbrk < addr)
++ {
++ __set_errno (ENOMEM);
++ return -1;
++ }
++
++ return 0;
++}
++#endif
+ int
+ __brk (void *addr)
+ {
+--- sysdeps/unix/sysv/linux/i386/sysdep.h
++++ sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+ to use int $0x80. */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ # define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+ possible to use more than four parameters. */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+@@ -384,6 +384,18 @@
+ : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
+ ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
++ ({ \
++ register unsigned int resultvar; \
++ EXTRAVAR_##nr \
++ asm volatile ( \
++ LOADARGS_NOSYSENTER_##nr \
++ "movl %1, %%eax\n\t" \
++ "int $0x80\n\t" \
++ RESTOREARGS_NOSYSENTER_##nr \
++ : "=a" (resultvar) \
++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
++ (int) resultvar; })
+ # else
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+@@ -447,12 +459,20 @@
+
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k3, %k3\n\t"
+ # define LOADARGS_5 \
+ "movl %%ebx, %4\n\t" \
+ "movl %3, %%ebx\n\t"
++# define LOADARGS_NOSYSENTER_1 \
++ "bpushl .L__X'%k2, %k2\n\t"
++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
++# define LOADARGS_NOSYSENTER_3 LOADARGS_3
++# define LOADARGS_NOSYSENTER_4 LOADARGS_3
++# define LOADARGS_NOSYSENTER_5 \
++ "movl %%ebx, %3\n\t" \
++ "movl %2, %%ebx\n\t"
+ # else
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +495,18 @@
+
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k3, %k3\n\t"
+ # define RESTOREARGS_5 \
+ "movl %4, %%ebx"
++# define RESTOREARGS_NOSYSENTER_1 \
++ "bpopl .L__X'%k2, %k2\n\t"
++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_5 \
++ "movl %3, %%ebx"
+ # else
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
diff --git a/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch b/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch
new file mode 100644
index 0000000..ecf57a9
--- /dev/null
+++ b/sys-libs/glibc/files/2.7/glibc-2.7-hardened-inittls-nosysenter.patch
@@ -0,0 +1,273 @@
+When building glibc PIE (which is not something upstream support),
+several modifications are necessary to the glibc build process.
+
+First, any syscalls in PIEs must be of the PIC variant, otherwise
+textrels ensue. Then, any syscalls made before the initialisation
+of the TLS will fail on i386, as the sysenter variant on i386 uses
+the TLS, giving rise to a chicken-and-egg situation. This patch
+defines a PIC syscall variant that doesn't use sysenter, even when the sysenter
+version is normally used, and uses the non-sysenter version for the brk
+syscall that is performed by the TLS initialisation. Further, the TLS
+initialisation is moved in this case prior to the initialisation of
+dl_osversion, as that requires further syscalls.
+
+csu/libc-start.c: Move initial TLS initialization to before the
+initialisation of dl_osversion, when INTERNAL_SYSCALL_NOSYSENTER is defined
+
+csu/libc-tls.c: Use the no-sysenter version of sbrk when
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/sbrk.c: Define a no-sysenter version of sbrk, using the no-sysenter
+version of brk - if INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+misc/brk.c: Define a no-sysenter version of brk if
+INTERNAL_SYSCALL_NOSYSENTER is defined.
+
+sysdeps/unix/sysv/linux/i386/sysdep.h: Define INTERNAL_SYSCALL_NOSYSENTER
+Make INTERNAL_SYSCALL always use the PIC variant, even if not SHARED.
+
+Patch by Kevin F. Quinn <kevquinn@gentoo.org>
+
+--- csu/libc-start.c
++++ csu/libc-start.c
+@@ -28,6 +28,7 @@
+ extern int __libc_multiple_libcs;
+
+ #include <tls.h>
++#include <sysdep.h>
+ #ifndef SHARED
+ # include <dl-osinfo.h>
+ extern void __pthread_initialize_minimal (void);
+@@ -129,6 +130,11 @@
+ # endif
+ _dl_aux_init (auxvec);
+ # endif
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ /* Do the initial TLS initialization before _dl_osversion,
++ since the latter uses the uname syscall. */
++ __pthread_initialize_minimal ();
++# endif
+ # ifdef DL_SYSDEP_OSCHECK
+ if (!__libc_multiple_libcs)
+ {
+@@ -138,10 +144,12 @@
+ }
+ # endif
+
++# ifndef INTERNAL_SYSCALL_NOSYSENTER
+ /* Initialize the thread library at least a bit since the libgcc
+ functions are using thread functions if these are available and
+ we need to setup errno. */
+ __pthread_initialize_minimal ();
++# endif
+
+ /* Set up the stack checker's canary. */
+ uintptr_t stack_chk_guard = _dl_setup_stack_chk_guard ();
+--- csu/libc-tls.c
++++ csu/libc-tls.c
+@@ -23,6 +23,7 @@
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/param.h>
++#include <sysdep.h>
+
+
+ #ifdef SHARED
+@@ -29,6 +30,9 @@
+ #error makefile bug, this file is for static only
+ #endif
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++extern void *__sbrk_nosysenter (intptr_t __delta);
++#endif
+ extern ElfW(Phdr) *_dl_phdr;
+ extern size_t _dl_phnum;
+
+@@ -141,14 +145,26 @@
+
+ The initialized value of _dl_tls_static_size is provided by dl-open.c
+ to request some surplus that permits dynamic loading of modules with
+- IE-model TLS. */
++ IE-model TLS.
++
++ Where the normal sbrk would use a syscall that needs the TLS (i386)
++ use the special non-sysenter version instead. */
+ #if TLS_TCB_AT_TP
+ tcb_offset = roundup (memsz + GL(dl_tls_static_size), tcbalign);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + tcbsize + max_align);
++# else
+ tlsblock = __sbrk (tcb_offset + tcbsize + max_align);
++# endif
+ #elif TLS_DTV_AT_TP
+ tcb_offset = roundup (tcbsize, align ?: 1);
++# ifdef INTERNAL_SYSCALL_NOSYSENTER
++ tlsblock = __sbrk_nosysenter (tcb_offset + memsz + max_align
++ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# else
+ tlsblock = __sbrk (tcb_offset + memsz + max_align
+ + TLS_PRE_TCB_SIZE + GL(dl_tls_static_size));
++# endif
+ tlsblock += TLS_PRE_TCB_SIZE;
+ #else
+ /* In case a model with a different layout for the TCB and DTV
+--- misc/sbrk.c
++++ misc/sbrk.c
+@@ -18,6 +18,7 @@
+
+ #include <unistd.h>
+ #include <errno.h>
++#include <sysdep.h>
+
+ /* Defined in brk.c. */
+ extern void *__curbrk;
+@@ -29,6 +30,35 @@
+ /* Extend the process's data space by INCREMENT.
+ If INCREMENT is negative, shrink data space by - INCREMENT.
+ Return start of new space allocated, or -1 for errors. */
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ if the SYSENTER version requires the TLS (which it does on i386).
++ Obviously using the TLS before it is initialised is broken. */
++extern int __brk_nosysenter (void *addr);
++void *
++__sbrk_nosysenter (intptr_t increment)
++{
++ void *oldbrk;
++
++ /* If this is not part of the dynamic library or the library is used
++ via dynamic loading in a statically linked program update
++ __curbrk from the kernel's brk value. That way two separate
++ instances of __brk and __sbrk can share the heap, returning
++ interleaved pieces of it. */
++ if (__curbrk == NULL || __libc_multiple_libcs)
++ if (__brk_nosysenter (0) < 0) /* Initialize the break. */
++ return (void *) -1;
++
++ if (increment == 0)
++ return __curbrk;
++
++ oldbrk = __curbrk;
++ if (__brk_nosysenter (oldbrk + increment) < 0)
++ return (void *) -1;
++
++ return oldbrk;
++}
++#endif
+ void *
+ __sbrk (intptr_t increment)
+ {
+--- sysdeps/unix/sysv/linux/i386/brk.c
++++ sysdeps/unix/sysv/linux/i386/brk.c
+@@ -31,6 +31,30 @@
+ linker. */
+ weak_alias (__curbrk, ___brk_addr)
+
++#ifdef INTERNAL_SYSCALL_NOSYSENTER
++/* This version is used by csu/libc-tls.c whem initialising the TLS
++ * if the SYSENTER version requires the TLS (which it does on i386).
++ * Obviously using the TLS before it is initialised is broken. */
++int
++__brk_nosysenter (void *addr)
++{
++ void *__unbounded newbrk;
++
++ INTERNAL_SYSCALL_DECL (err);
++ newbrk = (void *__unbounded) INTERNAL_SYSCALL_NOSYSENTER (brk, err, 1,
++ __ptrvalue (addr));
++
++ __curbrk = newbrk;
++
++ if (newbrk < addr)
++ {
++ __set_errno (ENOMEM);
++ return -1;
++ }
++
++ return 0;
++}
++#endif
+ int
+ __brk (void *addr)
+ {
+--- sysdeps/unix/sysv/linux/i386/sysdep.h
++++ sysdeps/unix/sysv/linux/i386/sysdep.h
+@@ -187,7 +187,7 @@
+ /* The original calling convention for system calls on Linux/i386 is
+ to use int $0x80. */
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define ENTER_KERNEL call *%gs:SYSINFO_OFFSET
+ # else
+ # define ENTER_KERNEL call *_dl_sysinfo
+@@ -358,7 +358,7 @@
+ possible to use more than four parameters. */
+ #undef INTERNAL_SYSCALL
+ #ifdef I386_USE_SYSENTER
+-# ifdef SHARED
++# if defined SHARED || defined __PIC__
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+ register unsigned int resultvar; \
+@@ -384,6 +384,18 @@
+ : "0" (name), "i" (offsetof (tcbhead_t, sysinfo)) \
+ ASMFMT_##nr(args) : "memory", "cc"); \
+ (int) resultvar; })
++# define INTERNAL_SYSCALL_NOSYSENTER(name, err, nr, args...) \
++ ({ \
++ register unsigned int resultvar; \
++ EXTRAVAR_##nr \
++ asm volatile ( \
++ LOADARGS_NOSYSENTER_##nr \
++ "movl %1, %%eax\n\t" \
++ "int $0x80\n\t" \
++ RESTOREARGS_NOSYSENTER_##nr \
++ : "=a" (resultvar) \
++ : "i" (__NR_##name) ASMFMT_##nr(args) : "memory", "cc"); \
++ (int) resultvar; })
+ # else
+ # define INTERNAL_SYSCALL(name, err, nr, args...) \
+ ({ \
+@@ -447,12 +459,20 @@
+
+ #define LOADARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k3, %k3\n\t"
+ # define LOADARGS_5 \
+ "movl %%ebx, %4\n\t" \
+ "movl %3, %%ebx\n\t"
++# define LOADARGS_NOSYSENTER_1 \
++ "bpushl .L__X'%k2, %k2\n\t"
++# define LOADARGS_NOSYSENTER_2 LOADARGS_NOSYSENTER_1
++# define LOADARGS_NOSYSENTER_3 LOADARGS_3
++# define LOADARGS_NOSYSENTER_4 LOADARGS_3
++# define LOADARGS_NOSYSENTER_5 \
++ "movl %%ebx, %3\n\t" \
++ "movl %2, %%ebx\n\t"
+ # else
+ # define LOADARGS_1 \
+ "bpushl .L__X'%k2, %k2\n\t"
+@@ -474,11 +495,18 @@
+
+ #define RESTOREARGS_0
+ #ifdef __PIC__
+-# if defined I386_USE_SYSENTER && defined SHARED
++# if defined I386_USE_SYSENTER && ( defined SHARED || defined __PIC__ )
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k3, %k3\n\t"
+ # define RESTOREARGS_5 \
+ "movl %4, %%ebx"
++# define RESTOREARGS_NOSYSENTER_1 \
++ "bpopl .L__X'%k2, %k2\n\t"
++# define RESTOREARGS_NOSYSENTER_2 RESTOREARGS_NOSYSENTER_1
++# define RESTOREARGS_NOSYSENTER_3 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_4 RESTOREARGS_3
++# define RESTOREARGS_NOSYSENTER_5 \
++ "movl %3, %%ebx"
+ # else
+ # define RESTOREARGS_1 \
+ "bpopl .L__X'%k2, %k2\n\t"
diff --git a/sys-libs/glibc/files/eblits/common.eblit b/sys-libs/glibc/files/eblits/common.eblit
new file mode 100644
index 0000000..e56f10e
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/common.eblit
@@ -0,0 +1,380 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+alt_prefix() {
+ is_crosscompile && echo /usr/${CTARGET}
+}
+
+if [[ ${EAPI:-0} == [012] ]] ; then
+ : ${ED:=${D}}
+ : ${EROOT:=${ROOT}}
+fi
+# This indirection is for binpkgs. #523332
+_nonfatal() { nonfatal "$@" ; }
+if [[ ${EAPI:-0} == [0123] ]] ; then
+ nonfatal() { "$@" ; }
+ _nonfatal() { "$@" ; }
+fi
+
+# We need to be able to set alternative headers for
+# compiling for non-native platform
+# Will also become useful for testing kernel-headers without screwing up
+# the whole system.
+# note: intentionally undocumented.
+alt_headers() {
+ echo ${ALT_HEADERS:=$(alt_prefix)/usr/include}
+}
+alt_build_headers() {
+ if [[ -z ${ALT_BUILD_HEADERS} ]] ; then
+ ALT_BUILD_HEADERS="${EPREFIX}$(alt_headers)"
+ if tc-is-cross-compiler ; then
+ ALT_BUILD_HEADERS=${SYSROOT}$(alt_headers)
+ if [[ ! -e ${ALT_BUILD_HEADERS}/linux/version.h ]] ; then
+ local header_path=$(echo '#include <linux/version.h>' | $(tc-getCPP ${CTARGET}) ${CFLAGS} 2>&1 | grep -o '[^"]*linux/version.h')
+ ALT_BUILD_HEADERS=${header_path%/linux/version.h}
+ fi
+ fi
+ fi
+ echo "${ALT_BUILD_HEADERS}"
+}
+
+alt_libdir() {
+ echo $(alt_prefix)/$(get_libdir)
+}
+alt_usrlibdir() {
+ echo $(alt_prefix)/usr/$(get_libdir)
+}
+
+builddir() {
+ echo "${WORKDIR}/build-${ABI}-${CTARGET}-$1"
+}
+
+setup_target_flags() {
+ # This largely mucks with compiler flags. None of which should matter
+ # when building up just the headers.
+ just_headers && return 0
+
+ case $(tc-arch) in
+ x86)
+ # -march needed for #185404 #199334
+ # TODO: When creating the first glibc cross-compile, this test will
+ # always fail as it does a full link which in turn requires glibc.
+ # Probably also applies when changing multilib profile settings (e.g.
+ # enabling x86 when the profile was amd64-only previously).
+ # We could change main to _start and pass -nostdlib here so that we
+ # only test the gcc code compilation. Or we could do a compile and
+ # then look for the symbol via scanelf.
+ if ! glibc_compile_test "" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
+ local t=${CTARGET_OPT:-${CTARGET}}
+ t=${t%%-*}
+ filter-flags '-march=*'
+ export CFLAGS="-march=${t} ${CFLAGS}"
+ einfo "Auto adding -march=${t} to CFLAGS #185404"
+ fi
+ ;;
+ amd64)
+ # -march needed for #185404 #199334
+ # Note: This test only matters when the x86 ABI is enabled, so we could
+ # optimize a bit and elide it.
+ # TODO: See cross-compile issues listed above for x86.
+ if ! glibc_compile_test "${CFLAGS_x86}" 'void f(int i, void *p) {if (__sync_fetch_and_add(&i, 1)) f(i, p);}\nint main(){return 0;}\n' 2>/dev/null ; then
+ local t=${CTARGET_OPT:-${CTARGET}}
+ t=${t%%-*}
+ # Normally the target is x86_64-xxx, so turn that into the -march that
+ # gcc actually accepts. #528708
+ [[ ${t} == "x86_64" ]] && t="x86-64"
+ filter-flags '-march=*'
+ # ugly, ugly, ugly. ugly.
+ CFLAGS_x86=$(CFLAGS=${CFLAGS_x86} filter-flags '-march=*'; echo "${CFLAGS}")
+ export CFLAGS_x86="${CFLAGS_x86} -march=${t}"
+ einfo "Auto adding -march=${t} to CFLAGS_x86 #185404"
+ fi
+ ;;
+ mips)
+ # The mips abi cannot support the GNU style hashes. #233233
+ filter-ldflags -Wl,--hash-style=gnu -Wl,--hash-style=both
+ ;;
+ ppc)
+ append-flags "-freorder-blocks"
+ ;;
+ sparc)
+ # Both sparc and sparc64 can use -fcall-used-g6. -g7 is bad, though.
+ filter-flags "-fcall-used-g7"
+ append-flags "-fcall-used-g6"
+
+ # If the CHOST is the basic one (e.g. not sparcv9-xxx already),
+ # try to pick a better one so glibc can use cpu-specific .S files.
+ # We key off the CFLAGS to get a good value. Also need to handle
+ # version skew.
+ # We can't force users to set their CHOST to their exact machine
+ # as many of these are not recognized by config.sub/gcc and such :(.
+ # Note: If the mcpu values don't scale, we might try probing CPP defines.
+ # Note: Should we factor in -Wa,-AvXXX flags too ? Or -mvis/etc... ?
+
+ local cpu
+ case ${CTARGET} in
+ sparc64-*)
+ case $(get-flag mcpu) in
+ niagara[234])
+ if version_is_at_least 2.8 ; then
+ cpu="sparc64v2"
+ elif version_is_at_least 2.4 ; then
+ cpu="sparc64v"
+ elif version_is_at_least 2.2.3 ; then
+ cpu="sparc64b"
+ fi
+ ;;
+ niagara)
+ if version_is_at_least 2.4 ; then
+ cpu="sparc64v"
+ elif version_is_at_least 2.2.3 ; then
+ cpu="sparc64b"
+ fi
+ ;;
+ ultrasparc3)
+ cpu="sparc64b"
+ ;;
+ *)
+ # We need to force at least v9a because the base build doesn't
+ # work with just v9.
+ # https://sourceware.org/bugzilla/show_bug.cgi?id=19477
+ [[ -z ${cpu} ]] && append-flags "-Wa,-xarch=v9a"
+ ;;
+ esac
+ ;;
+ sparc-*)
+ case $(get-flag mcpu) in
+ niagara[234])
+ if version_is_at_least 2.8 ; then
+ cpu="sparcv9v2"
+ elif version_is_at_least 2.4 ; then
+ cpu="sparcv9v"
+ elif version_is_at_least 2.2.3 ; then
+ cpu="sparcv9b"
+ else
+ cpu="sparcv9"
+ fi
+ ;;
+ niagara)
+ if version_is_at_least 2.4 ; then
+ cpu="sparcv9v"
+ elif version_is_at_least 2.2.3 ; then
+ cpu="sparcv9b"
+ else
+ cpu="sparcv9"
+ fi
+ ;;
+ ultrasparc3)
+ cpu="sparcv9b"
+ ;;
+ v9|ultrasparc)
+ cpu="sparcv9"
+ ;;
+ v8|supersparc|hypersparc|leon|leon3)
+ cpu="sparcv8"
+ ;;
+ esac
+ ;;
+ esac
+ [[ -n ${cpu} ]] && CTARGET_OPT="${cpu}-${CTARGET#*-}"
+ ;;
+ esac
+}
+
+setup_flags() {
+ # Make sure host make.conf doesn't pollute us
+ if is_crosscompile || tc-is-cross-compiler ; then
+ CHOST=${CTARGET} strip-unsupported-flags
+ fi
+
+ # Store our CFLAGS because it's changed depending on which CTARGET
+ # we are building when pulling glibc on a multilib profile
+ CFLAGS_BASE=${CFLAGS_BASE-${CFLAGS}}
+ CFLAGS=${CFLAGS_BASE}
+ CXXFLAGS_BASE=${CXXFLAGS_BASE-${CXXFLAGS}}
+ CXXFLAGS=${CXXFLAGS_BASE}
+ ASFLAGS_BASE=${ASFLAGS_BASE-${ASFLAGS}}
+ ASFLAGS=${ASFLAGS_BASE}
+
+ # Over-zealous CFLAGS can often cause problems. What may work for one
+ # person may not work for another. To avoid a large influx of bugs
+ # relating to failed builds, we strip most CFLAGS out to ensure as few
+ # problems as possible.
+ strip-flags
+ strip-unsupported-flags
+ filter-flags -m32 -m64 -mabi=*
+
+ # Bug 492892.
+ filter-flags -frecord-gcc-switches
+
+ unset CBUILD_OPT CTARGET_OPT
+ if use multilib ; then
+ CTARGET_OPT=$(get_abi_CTARGET)
+ [[ -z ${CTARGET_OPT} ]] && CTARGET_OPT=$(get_abi_CHOST)
+ fi
+
+ setup_target_flags
+
+ if [[ -n ${CTARGET_OPT} && ${CBUILD} == ${CHOST} ]] && ! is_crosscompile; then
+ CBUILD_OPT=${CTARGET_OPT}
+ fi
+
+ # Lock glibc at -O2 -- linuxthreads needs it and we want to be
+ # conservative here. -fno-strict-aliasing is to work around #155906
+ filter-flags -O?
+ append-flags -O2 -fno-strict-aliasing
+
+ # Can't build glibc itself with fortify code. Newer versions add
+ # this flag for us, so no need to do it manually.
+ version_is_at_least 2.16 ${PV} || append-cppflags -U_FORTIFY_SOURCE
+
+ # building glibc with SSP is fraught with difficulty, especially
+ # due to __stack_chk_fail_local which would mean significant changes
+ # to the glibc build process. See bug #94325 #293721
+ # Note we have to handle both user-given CFLAGS and gcc defaults via
+ # spec rules here. We can't simply add -fno-stack-protector as it gets
+ # added before user flags, and we can't just filter-flags because
+ # _filter_hardened doesn't support globs.
+ filter-flags -fstack-protector*
+ gcc-specs-ssp && append-flags $(test-flags -fno-stack-protector)
+
+ if use hardened && gcc-specs-pie ; then
+ # Force PIC macro definition for all compilations since they're all
+ # either -fPIC or -fPIE with the default-PIE compiler.
+ append-cppflags -DPIC
+ else
+ # Don't build -fPIE without the default-PIE compiler and the
+ # hardened-pie patch
+ filter-flags -fPIE
+ fi
+}
+
+want_nptl() {
+ [[ -z ${LT_VER} ]] && return 0
+ want_tls || return 1
+ use nptl || return 1
+
+ # Older versions of glibc had incomplete arch support for nptl.
+ # But if you're building those now, you can handle USE=nptl yourself.
+ return 0
+}
+
+want_linuxthreads() {
+ [[ -z ${LT_VER} ]] && return 1
+ use linuxthreads
+}
+
+want_tls() {
+ # Archs that can use TLS (Thread Local Storage)
+ case $(tc-arch) in
+ x86)
+ # requires i486 or better #106556
+ [[ ${CTARGET} == i[4567]86* ]] && return 0
+ return 1
+ ;;
+ esac
+
+ return 0
+}
+
+want__thread() {
+ want_tls || return 1
+
+ # For some reason --with-tls --with__thread is causing segfaults on sparc32.
+ [[ ${PROFILE_ARCH} == "sparc" ]] && return 1
+
+ [[ -n ${WANT__THREAD} ]] && return ${WANT__THREAD}
+
+ # only test gcc -- cant test linking yet
+ tc-has-tls -c ${CTARGET}
+ WANT__THREAD=$?
+
+ return ${WANT__THREAD}
+}
+
+use_multiarch() {
+ # Make sure binutils is new enough to support indirect functions #336792
+ # This funky sed supports gold and bfd linkers.
+ local bver nver
+ bver=$($(tc-getLD ${CTARGET}) -v | sed -n -r '1{s:[^0-9]*::;s:^([0-9.]*).*:\1:;p}')
+ case $(tc-arch ${CTARGET}) in
+ amd64|x86) nver="2.20" ;;
+ arm) nver="2.22" ;;
+ hppa) nver="2.23" ;;
+ ppc|ppc64) nver="2.20" ;;
+ # ifunc was added in 2.23, but glibc also needs machinemode which is in 2.24.
+ s390) nver="2.24" ;;
+ sparc) nver="2.21" ;;
+ *) return 1 ;;
+ esac
+ version_is_at_least ${nver} ${bver}
+}
+
+# Setup toolchain variables that had historically
+# been defined in the profiles for these archs.
+setup_env() {
+ # silly users
+ unset LD_RUN_PATH
+ unset LD_ASSUME_KERNEL
+
+ multilib_env ${CTARGET_OPT:-${CTARGET}}
+ if is_crosscompile || tc-is-cross-compiler ; then
+ if ! use multilib ; then
+ MULTILIB_ABIS=${DEFAULT_ABI}
+ else
+ MULTILIB_ABIS=${MULTILIB_ABIS:-${DEFAULT_ABI}}
+ fi
+
+ # If the user has CFLAGS_<CTARGET> in their make.conf, use that,
+ # and fall back on CFLAGS.
+ local VAR=CFLAGS_${CTARGET//[-.]/_}
+ CFLAGS=${!VAR-${CFLAGS}}
+ fi
+
+ setup_flags
+
+ export ABI=${ABI:-${DEFAULT_ABI:-default}}
+
+ local VAR=CFLAGS_${ABI}
+ # We need to export CFLAGS with abi information in them because glibc's
+ # configure script checks CFLAGS for some targets (like mips). Keep
+ # around the original clean value to avoid appending multiple ABIs on
+ # top of each other.
+ : ${__GLIBC_CC:=$(tc-getCC ${CTARGET_OPT:-${CTARGET}})}
+ export __GLIBC_CC CC="${__GLIBC_CC} ${!VAR}"
+}
+
+foreach_abi() {
+ setup_env
+
+ local ret=0
+ local abilist=""
+ if use multilib ; then
+ abilist=$(get_install_abis)
+ else
+ abilist=${DEFAULT_ABI}
+ fi
+ evar_push ABI
+ export ABI
+ for ABI in ${abilist:-default} ; do
+ setup_env
+ einfo "Running $1 for ABI ${ABI}"
+ $1
+ : $(( ret |= $? ))
+ done
+ evar_pop
+ return ${ret}
+}
+
+just_headers() {
+ is_crosscompile && use crosscompile_opts_headers-only
+}
+
+glibc_banner() {
+ local b="Gentoo ${PVR}"
+ [[ -n ${SNAP_VER} ]] && b+=" snapshot ${SNAP_VER}"
+ [[ -n ${BRANCH_UPDATE} ]] && b+=" branch ${BRANCH_UPDATE}"
+ [[ -n ${PATCH_VER} ]] && ! use vanilla && b+=" p${PATCH_VER}"
+ echo "${b}"
+}
diff --git a/sys-libs/glibc/files/eblits/pkg_postinst.eblit b/sys-libs/glibc/files/eblits/pkg_postinst.eblit
new file mode 100644
index 0000000..8178fa1
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/pkg_postinst.eblit
@@ -0,0 +1,27 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+eblit-glibc-pkg_postinst() {
+ # nothing to do if just installing headers
+ just_headers && return
+
+ if ! tc-is-cross-compiler && [[ -x ${EROOT}/usr/sbin/iconvconfig ]] ; then
+ # Generate fastloading iconv module configuration file.
+ "${EROOT}"/usr/sbin/iconvconfig --prefix="${ROOT}"
+ fi
+
+ if ! is_crosscompile && [[ ${ROOT} == "/" ]] ; then
+ # Reload init ... if in a chroot or a diff init package, ignore
+ # errors from this step #253697
+ /sbin/telinit U 2>/dev/null
+
+ # if the host locales.gen contains no entries, we'll install everything
+ local locale_list="${EROOT}etc/locale.gen"
+ if [[ -z $(locale-gen --list --config "${locale_list}") ]] ; then
+ ewarn "Generating all locales; edit /etc/locale.gen to save time/space"
+ locale_list="${EROOT}usr/share/i18n/SUPPORTED"
+ fi
+ locale-gen -j $(makeopts_jobs) --config "${locale_list}"
+ fi
+}
diff --git a/sys-libs/glibc/files/eblits/pkg_preinst.eblit b/sys-libs/glibc/files/eblits/pkg_preinst.eblit
new file mode 100644
index 0000000..f40f402
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/pkg_preinst.eblit
@@ -0,0 +1,63 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+# Simple test to make sure our new glibc isnt completely broken.
+# Make sure we don't test with statically built binaries since
+# they will fail. Also, skip if this glibc is a cross compiler.
+#
+# If coreutils is built with USE=multicall, some of these files
+# will just be wrapper scripts, not actual ELFs we can test.
+glibc_sanity_check() {
+ cd / #228809
+
+ # We enter ${ED} so to avoid trouble if the path contains
+ # special characters; for instance if the path contains the
+ # colon character (:), then the linker will try to split it
+ # and look for the libraries in an unexpected place. This can
+ # lead to unsafe code execution if the generated prefix is
+ # within a world-writable directory.
+ # (e.g. /var/tmp/portage:${HOSTNAME})
+ pushd "${ED}"/$(get_libdir) >/dev/null
+
+ local x striptest
+ for x in cal date env free ls true uname uptime ; do
+ x=$(type -p ${x})
+ [[ -z ${x} || ${x} != ${EPREFIX}/* ]] && continue
+ striptest=$(LC_ALL="C" file -L ${x} 2>/dev/null) || continue
+ case ${striptest} in
+ *"statically linked"*) continue;;
+ *"ASCII text"*) continue;;
+ esac
+ # We need to clear the locale settings as the upgrade might want
+ # incompatible locale data. This test is not for verifying that.
+ LC_ALL=C \
+ ./ld-*.so --library-path . ${x} > /dev/null \
+ || die "simple run test (${x}) failed"
+ done
+
+ popd >/dev/null
+}
+
+eblit-glibc-pkg_preinst() {
+ # nothing to do if just installing headers
+ just_headers && return
+
+ # prepare /etc/ld.so.conf.d/ for files
+ mkdir -p "${EROOT}"/etc/ld.so.conf.d
+
+ # Default /etc/hosts.conf:multi to on for systems with small dbs.
+ if [[ $(wc -l < "${EROOT}"/etc/hosts) -lt 1000 ]] ; then
+ sed -i '/^multi off/s:off:on:' "${ED}"/etc/host.conf
+ elog "Defaulting /etc/host.conf:multi to on"
+ fi
+
+ [[ ${ROOT} != "/" ]] && return 0
+ [[ -d ${ED}/$(get_libdir) ]] || return 0
+ [[ -z ${BOOTSTRAP_RAP} ]] && glibc_sanity_check
+
+ # For newer EAPIs, this was run in pkg_pretend.
+ if [[ ${EAPI:-0} == [0123] ]] ; then
+ check_devpts
+ fi
+}
diff --git a/sys-libs/glibc/files/eblits/pkg_pretend.eblit b/sys-libs/glibc/files/eblits/pkg_pretend.eblit
new file mode 100644
index 0000000..c900ccc
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/pkg_pretend.eblit
@@ -0,0 +1,157 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+glibc_compile_test() {
+ local ret save_cflags=${CFLAGS}
+ CFLAGS+=" $1"
+ shift
+
+ pushd "${T}" >/dev/null
+
+ rm -f glibc-test*
+ printf '%b' "$*" > glibc-test.c
+
+ _nonfatal emake -s glibc-test
+ ret=$?
+
+ popd >/dev/null
+
+ CFLAGS=${save_cflags}
+ return ${ret}
+}
+
+glibc_run_test() {
+ local ret
+
+ if [[ ${EMERGE_FROM} == "binary" ]] ; then
+ # ignore build failures when installing a binary package #324685
+ glibc_compile_test "" "$@" 2>/dev/null || return 0
+ else
+ if ! glibc_compile_test "" "$@" ; then
+ ewarn "Simple build failed ... assuming this is desired #324685"
+ return 0
+ fi
+ fi
+
+ pushd "${T}" >/dev/null
+
+ ./glibc-test
+ ret=$?
+ rm -f glibc-test*
+
+ popd >/dev/null
+
+ return ${ret}
+}
+
+check_devpts() {
+ # Make sure devpts is mounted correctly for use w/out setuid pt_chown.
+
+ # If merely building the binary package, then there's nothing to verify.
+ [[ ${MERGE_TYPE} == "buildonly" ]] && return
+
+ # Only sanity check when installing the native glibc.
+ [[ ${ROOT} != "/" ]] && return
+
+ # Older versions always installed setuid, so no need to check.
+ in_iuse suid || return
+
+ # If they're opting in to the old suid code, then no need to check.
+ use suid && return
+
+ if awk '$3 == "devpts" && $4 ~ /[, ]gid=5[, ]/ { exit 1 }' /proc/mounts ; then
+ eerror "In order to use glibc with USE=-suid, you must make sure that"
+ eerror "you have devpts mounted at /dev/pts with the gid=5 option."
+ eerror "Openrc should do this for you, so you should check /etc/fstab"
+ eerror "and make sure you do not have any invalid settings there."
+ # Do not die on older kernels as devpts did not export these settings #489520.
+ if version_is_at_least 2.6.25 $(uname -r) ; then
+ die "mount & fix your /dev/pts settings"
+ fi
+ fi
+}
+
+eblit-glibc-pkg_pretend() {
+ # For older EAPIs, this is run in pkg_preinst.
+ if [[ ${EAPI:-0} != [0123] ]] ; then
+ check_devpts
+ fi
+
+ # prevent native builds from downgrading ... maybe update to allow people
+ # to change between diff -r versions ? (2.3.6-r4 -> 2.3.6-r2)
+ if [[ ${MERGE_TYPE} != "buildonly" ]] && \
+ [[ ${ROOT} == "/" ]] && \
+ [[ ${CBUILD} == ${CHOST} ]] && \
+ [[ ${CHOST} == ${CTARGET} ]] ; then
+ if has_version '>'${CATEGORY}/${PF} ; then
+ eerror "Sanity check to keep you from breaking your system:"
+ eerror " Downgrading glibc is not supported and a sure way to destruction"
+ die "aborting to save your system"
+ fi
+
+ if ! glibc_run_test '#include <pwd.h>\nint main(){return getpwuid(0)==0;}\n'
+ then
+ eerror "Your patched vendor kernel is broken. You need to get an"
+ eerror "update from whoever is providing the kernel to you."
+ eerror "http://sourceware.org/bugzilla/show_bug.cgi?id=5227"
+ eerror "http://bugs.gentoo.org/262698"
+ die "keeping your system alive, say thank you"
+ fi
+
+ if ! glibc_run_test '#include <unistd.h>\n#include <sys/syscall.h>\nint main(){return syscall(1000)!=-1;}\n'
+ then
+ eerror "Your old kernel is broken. You need to update it to"
+ eerror "a newer version as syscall(<bignum>) will break."
+ eerror "http://bugs.gentoo.org/279260"
+ die "keeping your system alive, say thank you"
+ fi
+ fi
+
+ # users have had a chance to phase themselves, time to give em the boot
+ if [[ -e ${EROOT}/etc/locale.gen ]] && [[ -e ${EROOT}/etc/locales.build ]] ; then
+ eerror "You still haven't deleted ${EROOT}/etc/locales.build."
+ eerror "Do so now after making sure ${EROOT}/etc/locale.gen is kosher."
+ die "lazy upgrader detected"
+ fi
+
+ if [[ ${CTARGET} == i386-* ]] ; then
+ eerror "i386 CHOSTs are no longer supported."
+ eerror "Chances are you don't actually want/need i386."
+ eerror "Please read http://www.gentoo.org/doc/en/change-chost.xml"
+ die "please fix your CHOST"
+ fi
+
+ if [[ -e /proc/xen ]] && [[ $(tc-arch) == "x86" ]] && ! is-flag -mno-tls-direct-seg-refs ; then
+ ewarn "You are using Xen but don't have -mno-tls-direct-seg-refs in your CFLAGS."
+ ewarn "This will result in a 50% performance penalty when running with a 32bit"
+ ewarn "hypervisor, which is probably not what you want."
+ fi
+
+ use hardened && ! gcc-specs-pie && \
+ ewarn "PIE hardening not applied, as your compiler doesn't default to PIE"
+
+ # Make sure host system is up to date #394453
+ if has_version '<sys-libs/glibc-2.13' && \
+ [[ -n $(scanelf -qys__guard -F'#s%F' "${EROOT}"/lib*/l*-*.so) ]]
+ then
+ ebegin "Scanning system for __guard to see if you need to rebuild first ..."
+ local files=$(
+ scanelf -qys__guard -F'#s%F' \
+ "${EROOT}"/*bin/ \
+ "${EROOT}"/lib* \
+ "${EROOT}"/usr/*bin/ \
+ "${EROOT}"/usr/lib* | \
+ egrep -v \
+ -e "^${EROOT}/lib.*/(libc|ld)-2.*.so$" \
+ -e "^${EROOT}/sbin/(ldconfig|sln)$"
+ )
+ [[ -z ${files} ]]
+ if ! eend $? ; then
+ eerror "Your system still has old SSP __guard symbols. You need to"
+ eerror "rebuild all the packages that provide these files first:"
+ eerror "${files}"
+ die "old __guard detected"
+ fi
+ fi
+}
diff --git a/sys-libs/glibc/files/eblits/pkg_setup.eblit b/sys-libs/glibc/files/eblits/pkg_setup.eblit
new file mode 100644
index 0000000..2aff258
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/pkg_setup.eblit
@@ -0,0 +1,9 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+[[ ${EAPI:-0} == [0123] ]] && source "${FILESDIR}/eblits/pkg_pretend.eblit"
+
+eblit-glibc-pkg_setup() {
+ [[ ${EAPI:-0} == [0123] ]] && eblit-glibc-pkg_pretend
+}
diff --git a/sys-libs/glibc/files/eblits/src_compile.eblit b/sys-libs/glibc/files/eblits/src_compile.eblit
new file mode 100644
index 0000000..7a38b3e
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/src_compile.eblit
@@ -0,0 +1,24 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_configure.eblit"
+
+toolchain-glibc_src_compile() {
+ local t
+ for t in linuxthreads nptl ; do
+ if want_${t} ; then
+ [[ ${EAPI:-0} == [01] ]] && glibc_do_configure ${t}
+ emake -C "$(builddir ${t})" || die "make ${t} for ${ABI} failed"
+ fi
+ done
+}
+
+eblit-glibc-src_compile() {
+ if just_headers ; then
+ [[ ${EAPI:-0} == [01] ]] && toolchain-glibc_headers_configure
+ return
+ fi
+
+ foreach_abi toolchain-glibc_src_compile
+}
diff --git a/sys-libs/glibc/files/eblits/src_configure.eblit b/sys-libs/glibc/files/eblits/src_configure.eblit
new file mode 100644
index 0000000..5f2fec0
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/src_configure.eblit
@@ -0,0 +1,263 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+dump_toolchain_settings() {
+ echo
+
+ einfo "$*"
+
+ local v
+ for v in ABI CBUILD CHOST CTARGET CBUILD_OPT CTARGET_OPT CC LD {AS,C,CPP,CXX,LD}FLAGS ; do
+ einfo " $(printf '%15s' ${v}:) ${!v}"
+ done
+
+ # The glibc configure script doesn't properly use LDFLAGS all the time.
+ export CC="$(tc-getCC ${CTARGET}) ${LDFLAGS}"
+ einfo " $(printf '%15s' 'Manual CC:') ${CC}"
+ echo
+}
+
+glibc_do_configure() {
+ # Glibc does not work with gold (for various reasons) #269274.
+ tc-ld-disable-gold
+
+ dump_toolchain_settings "Configuring glibc for $1"
+
+ local myconf=()
+
+ # set addons
+ pushd "${S}" > /dev/null
+ local addons=$(echo */configure | sed \
+ -e 's:/configure::g' \
+ -e 's:\(linuxthreads\|nptl\|rtkaio\|glibc-compat\)\( \|$\)::g' \
+ -e 's: \+$::' \
+ -e 's! !,!g' \
+ -e 's!^!,!' \
+ -e '/^,\*$/d')
+ [[ -d ports ]] && addons+=",ports"
+ popd > /dev/null
+
+ myconf+=( $(use_enable hardened stackguard-randomization) )
+ if has_version '<sys-libs/glibc-2.13' ; then
+ myconf+=( --enable-old-ssp-compat )
+ fi
+
+ [[ $(tc-is-softfloat) == "yes" ]] && myconf+=( --without-fp )
+
+ if [[ $1 == "linuxthreads" ]] ; then
+ if want_tls ; then
+ myconf+=( --with-tls )
+
+ if ! want__thread || use glibc-compat20 || [[ ${LT_KER_VER} == 2.[02].* ]] ; then
+ myconf+=( --without-__thread )
+ else
+ myconf+=( --with-__thread )
+ fi
+ else
+ myconf+=( --without-tls --without-__thread )
+ fi
+
+ myconf+=( --disable-sanity-checks )
+ addons="linuxthreads${addons}"
+ myconf+=( --enable-kernel=${LT_KER_VER} )
+ elif [[ $1 == "nptl" ]] ; then
+ # Newer versions require nptl, so there is no addon for it.
+ version_is_at_least 2.20 || addons="nptl${addons}"
+ myconf+=( --enable-kernel=${NPTL_KERN_VER} )
+ else
+ die "invalid pthread option"
+ fi
+ myconf+=( --enable-add-ons="${addons#,}" )
+
+ # Since SELinux support is only required for nscd, only enable it if:
+ # 1. USE selinux
+ # 2. only for the primary ABI on multilib systems
+ # 3. Not a crosscompile
+ if ! is_crosscompile && use selinux ; then
+ if use multilib ; then
+ if is_final_abi ; then
+ myconf+=( --with-selinux )
+ else
+ myconf+=( --without-selinux )
+ fi
+ else
+ myconf+=( --with-selinux )
+ fi
+ else
+ myconf+=( --without-selinux )
+ fi
+
+ # Force a few tests where we always know the answer but
+ # configure is incapable of finding it.
+ if is_crosscompile ; then
+ export \
+ libc_cv_c_cleanup=yes \
+ libc_cv_forced_unwind=yes
+ fi
+
+ myconf+=(
+ --without-cvs
+ --disable-werror
+ --enable-bind-now
+ --build=${CBUILD_OPT:-${CBUILD}}
+ --host=${CTARGET_OPT:-${CTARGET}}
+ $(use_enable profile)
+ $(use_with gd)
+ --with-headers=$(alt_build_headers)
+ --libexecdir="${EPREFIX}/usr/$(get_libdir)/misc/glibc"
+ --with-bugurl=http://bugs.gentoo.org/
+ --with-pkgversion="$(glibc_banner)"
+ $(use_multiarch || echo --disable-multi-arch)
+ $(in_iuse rpc && use_enable rpc obsolete-rpc || echo --enable-obsolete-rpc)
+ $(in_iuse systemtap && use_enable systemtap)
+ $(in_iuse nscd && use_enable nscd)
+ ${EXTRA_ECONF}
+ )
+
+ # We rely on sys-libs/timezone-data for timezone tools normally.
+ if version_is_at_least 2.23 ; then
+ myconf+=( $(use_enable vanilla timezone-tools) )
+ fi
+
+ # These libs don't have configure flags.
+ ac_cv_lib_audit_audit_log_user_avc_message=$(in_iuse audit && usex audit || echo no)
+ ac_cv_lib_cap_cap_init=$(in_iuse caps && usex caps || echo no)
+
+ # There is no configure option for this and we need to export it
+ # since the glibc build will re-run configure on itself
+ export libc_cv_slibdir="${EPREFIX}/$(get_libdir)"
+ export libc_cv_rootsbindir="${EPREFIX}/sbin"
+
+ # We take care of patching our binutils to use both hash styles,
+ # and many people like to force gnu hash style only, so disable
+ # this overriding check. #347761
+ export libc_cv_hashstyle=no
+
+ # Overtime, generating info pages can be painful. So disable this for
+ # versions older than the latest stable to avoid the issue (this ver
+ # should be updated from time to time). #464394 #465816
+ if ! version_is_at_least 2.17 ; then
+ export ac_cv_prog_MAKEINFO=:
+ fi
+
+ local builddir=$(builddir "$1")
+ mkdir -p "${builddir}"
+ cd "${builddir}"
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+
+ # ia64 static cross-compilers are a pita in so much that they
+ # can't produce static ELFs (as the libgcc.a is broken). so
+ # disable building of the programs for those targets if it
+ # doesn't work.
+ # XXX: We could turn this into a compiler test, but ia64 is
+ # the only one that matters, so this should be fine for now.
+ if is_crosscompile && [[ ${CTARGET} == ia64* ]] ; then
+ sed -i '1i+link-static = touch $@' config.make
+ fi
+
+ # If we're trying to migrate between ABI sets, we need
+ # to lie and use a local copy of gcc. Like if the system
+ # is built with MULTILIB_ABIS="amd64 x86" but we want to
+ # add x32 to it, gcc/glibc don't yet support x32.
+ if [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib ; then
+ echo 'main(){}' > "${T}"/test.c
+ if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/test.c -Wl,-emain -lgcc 2>/dev/null ; then
+ sed -i -e '/^CC = /s:$: -B$(objdir)/../'"gcc-${GCC_BOOTSTRAP_VER}/${ABI}:" config.make || die
+ mkdir -p sunrpc
+ cp $(which rpcgen) sunrpc/cross-rpcgen || die
+ touch -t 202001010101 sunrpc/cross-rpcgen || die
+ fi
+ fi
+}
+
+toolchain-glibc_headers_configure() {
+ export ABI=default
+
+ local builddir=$(builddir "headers")
+ mkdir -p "${builddir}"
+ cd "${builddir}"
+
+ # if we don't have a compiler yet, we cant really test it now ...
+ # hopefully they don't affect header geneation, so let's hope for
+ # the best here ...
+ local v vars=(
+ ac_cv_header_cpuid_h=yes
+ libc_cv_{386,390,alpha,arm,hppa,ia64,mips,{powerpc,sparc}{,32,64},sh,x86_64}_tls=yes
+ libc_cv_asm_cfi_directives=yes
+ libc_cv_broken_visibility_attribute=no
+ libc_cv_c_cleanup=yes
+ libc_cv_forced_unwind=yes
+ libc_cv_gcc___thread=yes
+ libc_cv_mlong_double_128=yes
+ libc_cv_mlong_double_128ibm=yes
+ libc_cv_ppc_machine=yes
+ libc_cv_ppc_rel16=yes
+ libc_cv_predef_{fortify_source,stack_protector}=no
+ libc_cv_visibility_attribute=yes
+ libc_cv_z_combreloc=yes
+ libc_cv_z_execstack=yes
+ libc_cv_z_initfirst=yes
+ libc_cv_z_nodelete=yes
+ libc_cv_z_nodlopen=yes
+ libc_cv_z_relro=yes
+ libc_mips_abi=${ABI}
+ libc_mips_float=$([[ $(tc-is-softfloat) == "yes" ]] && echo soft || echo hard)
+ # These libs don't have configure flags.
+ ac_cv_lib_audit_audit_log_user_avc_message=no
+ ac_cv_lib_cap_cap_init=no
+ )
+ einfo "Forcing cached settings:"
+ for v in "${vars[@]}" ; do
+ einfo " ${v}"
+ export ${v}
+ done
+
+ # Blow away some random CC settings that screw things up. #550192
+ if [[ -d ${S}/sysdeps/mips ]]; then
+ pushd "${S}"/sysdeps/mips >/dev/null
+ sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=32:' mips32/Makefile mips64/n32/Makefile || die
+ sed -i -e '/^CC +=/s:=.*:= -D_MIPS_SZPTR=64:' mips64/n64/Makefile || die
+ popd >/dev/null
+ fi
+
+ local myconf=()
+ myconf+=(
+ --disable-sanity-checks
+ --enable-hacker-mode
+ --without-cvs
+ --disable-werror
+ --enable-bind-now
+ --build=${CBUILD_OPT:-${CBUILD}}
+ --host=${CTARGET_OPT:-${CTARGET}}
+ --with-headers=$(alt_build_headers)
+ ${EXTRA_ECONF}
+ )
+
+ local addons
+ [[ -d ${S}/ports ]] && addons+=",ports"
+ # Newer versions require nptl, so there is no addon for it.
+ version_is_at_least 2.20 || addons+=",nptl"
+ myconf+=( --enable-add-ons="${addons#,}" )
+
+ # Nothing is compiled here which would affect the headers for the target.
+ # So forcing CC/CFLAGS is sane.
+ CC="$(tc-getBUILD_CC)" \
+ CFLAGS="-O1 -pipe" \
+ CPPFLAGS="-U_FORTIFY_SOURCE" \
+ LDFLAGS="" \
+ ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+toolchain-glibc_src_configure() {
+ if just_headers ; then
+ toolchain-glibc_headers_configure
+ else
+ want_linuxthreads && glibc_do_configure linuxthreads
+ want_nptl && glibc_do_configure nptl
+ fi
+}
+
+eblit-glibc-src_configure() {
+ foreach_abi toolchain-glibc_src_configure
+}
diff --git a/sys-libs/glibc/files/eblits/src_install.eblit b/sys-libs/glibc/files/eblits/src_install.eblit
new file mode 100644
index 0000000..a23173e
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/src_install.eblit
@@ -0,0 +1,244 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+toolchain-glibc_src_install() {
+ local builddir=$(builddir $(want_linuxthreads && echo linuxthreads || echo nptl))
+ cd "${builddir}"
+
+ emake install_root="${D}$(alt_prefix)" install || die
+
+ if want_linuxthreads && want_nptl ; then
+ einfo "Installing NPTL to $(alt_libdir)/tls/..."
+ cd "$(builddir nptl)"
+ dodir $(alt_libdir)/tls $(alt_usrlibdir)/nptl
+
+ local l src_lib
+ for l in libc libm librt libpthread libthread_db ; do
+ # take care of shared lib first ...
+ l=${l}.so
+ if [[ -e ${l} ]] ; then
+ src_lib=${l}
+ else
+ src_lib=$(eval echo */${l})
+ fi
+ cp -a ${src_lib} "${ED}"$(alt_libdir)/tls/${l} || die "copying nptl ${l}"
+ fperms a+rx $(alt_libdir)/tls/${l}
+ dosym ${l} $(alt_libdir)/tls/$(scanelf -qSF'%S#F' ${src_lib})
+
+ # then grab the linker script or the symlink ...
+ if [[ -L ${ED}$(alt_usrlibdir)/${l} ]] ; then
+ dosym $(alt_libdir)/tls/${l} $(alt_usrlibdir)/nptl/${l}
+ else
+ sed \
+ -e "s:/${l}:/tls/${l}:g" \
+ -e "s:/${l/%.so/_nonshared.a}:/nptl/${l/%.so/_nonshared.a}:g" \
+ "${ED}"$(alt_usrlibdir)/${l} > "${ED}"$(alt_usrlibdir)/nptl/${l}
+ fi
+
+ # then grab the static lib ...
+ src_lib=${src_lib/%.so/.a}
+ [[ ! -e ${src_lib} ]] && src_lib=${src_lib/%.a/_pic.a}
+ cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
+ src_lib=${src_lib/%.a/_nonshared.a}
+ if [[ -e ${src_lib} ]] ; then
+ cp -a ${src_lib} "${ED}"$(alt_usrlibdir)/nptl/ || die "copying nptl ${src_lib}"
+ fi
+ done
+
+ # use the nptl linker instead of the linuxthreads one as the linuxthreads
+ # one may lack TLS support and that can be really bad for business
+ cp -a elf/ld.so "${ED}"$(alt_libdir)/$(scanelf -qSF'%S#F' elf/ld.so) || die "copying nptl interp"
+ fi
+
+ # We'll take care of the cache ourselves
+ rm -f "${ED}"/etc/ld.so.cache
+
+ # Everything past this point just needs to be done once ...
+ is_final_abi || return 0
+
+ # Make sure the non-native interp can be found on multilib systems even
+ # if the main library set isn't installed into the right place. Maybe
+ # we should query the active gcc for info instead of hardcoding it ?
+ local i ldso_abi ldso_name
+ local ldso_abi_list=(
+ # x86
+ amd64 /lib64/ld-linux-x86-64.so.2
+ x32 /libx32/ld-linux-x32.so.2
+ x86 /lib/ld-linux.so.2
+ # mips
+ o32 /lib/ld.so.1
+ n32 /lib32/ld.so.1
+ n64 /lib64/ld.so.1
+ # powerpc
+ ppc /lib/ld.so.1
+ ppc64 /lib64/ld64.so.1
+ # s390
+ s390 /lib/ld.so.1
+ s390x /lib/ld64.so.1
+ # sparc
+ sparc32 /lib/ld-linux.so.2
+ sparc64 /lib64/ld-linux.so.2
+ )
+ case $(tc-endian) in
+ little)
+ ldso_abi_list+=(
+ # arm
+ arm64 /lib/ld-linux-aarch64.so.1
+ )
+ ;;
+ big)
+ ldso_abi_list+=(
+ # arm
+ arm64 /lib/ld-linux-aarch64_be.so.1
+ )
+ ;;
+ esac
+ if [[ ${SYMLINK_LIB} == "yes" ]] && [[ ! -e ${ED}/$(alt_prefix)/lib ]] ; then
+ dosym $(get_abi_LIBDIR ${DEFAULT_ABI}) $(alt_prefix)/lib
+ fi
+ for (( i = 0; i < ${#ldso_abi_list[@]}; i += 2 )) ; do
+ ldso_abi=${ldso_abi_list[i]}
+ has ${ldso_abi} $(get_install_abis) || continue
+
+ ldso_name="$(alt_prefix)${ldso_abi_list[i+1]}"
+ if [[ ! -L ${ED}/${ldso_name} && ! -e ${ED}/${ldso_name} ]] ; then
+ dosym ../$(get_abi_LIBDIR ${ldso_abi})/${ldso_name##*/} ${ldso_name}
+ fi
+ done
+
+ # With devpts under Linux mounted properly, we do not need the pt_chown
+ # binary to be setuid. This is because the default owners/perms will be
+ # exactly what we want.
+ if in_iuse suid && ! use suid ; then
+ find "${ED}" -name pt_chown -exec chmod -s {} +
+ fi
+
+ #################################################################
+ # EVERYTHING AFTER THIS POINT IS FOR NATIVE GLIBC INSTALLS ONLY #
+ # Make sure we install some symlink hacks so that when we build
+ # a 2nd stage cross-compiler, gcc finds the target system
+ # headers correctly. See gcc/doc/gccinstall.info
+ if is_crosscompile ; then
+ # We need to make sure that /lib and /usr/lib always exists.
+ # gcc likes to use relative paths to get to its multilibs like
+ # /usr/lib/../lib64/. So while we don't install any files into
+ # /usr/lib/, we do need it to exist.
+ cd "${ED}"$(alt_libdir)/..
+ [[ -e lib ]] || mkdir lib
+ cd "${ED}"$(alt_usrlibdir)/..
+ [[ -e lib ]] || mkdir lib
+
+ dosym usr/include $(alt_prefix)/sys-include
+ return 0
+ fi
+
+ # Files for Debian-style locale updating
+ dodir /usr/share/i18n
+ sed \
+ -e "/^#/d" \
+ -e "/SUPPORTED-LOCALES=/d" \
+ -e "s: \\\\::g" -e "s:/: :g" \
+ "${S}"/localedata/SUPPORTED > "${ED}"/usr/share/i18n/SUPPORTED \
+ || die "generating /usr/share/i18n/SUPPORTED failed"
+ cd "${WORKDIR}"/extra/locale
+ dosbin locale-gen || die
+ doman *.[0-8]
+ insinto /etc
+ doins locale.gen || die
+
+ # Make sure all the ABI's can find the locales and so we only
+ # have to generate one set
+ local a
+ keepdir /usr/$(get_libdir)/locale
+ for a in $(get_install_abis) ; do
+ if [[ ! -e ${ED}/usr/$(get_abi_LIBDIR ${a})/locale ]] ; then
+ dosym /usr/$(get_libdir)/locale /usr/$(get_abi_LIBDIR ${a})/locale
+ fi
+ done
+
+ cd "${S}"
+
+ # Install misc network config files
+ insinto /etc
+ doins nscd/nscd.conf posix/gai.conf nss/nsswitch.conf || die
+ doins "${WORKDIR}"/extra/etc/*.conf || die
+
+ if ! in_iuse nscd || use nscd ; then
+ doinitd "${WORKDIR}"/extra/etc/nscd || die
+
+ local nscd_args=(
+ -e "s:@PIDFILE@:$(strings "${ED}"/usr/sbin/nscd | grep nscd.pid):"
+ )
+ version_is_at_least 2.16 || nscd_args+=( -e 's: --foreground : :' )
+ sed -i "${nscd_args[@]}" "${ED}"/etc/init.d/nscd
+
+ # Newer versions of glibc include the nscd.service themselves.
+ # TODO: Drop the $FILESDIR copy once 2.19 goes stable.
+ if version_is_at_least 2.19 ; then
+ systemd_dounit nscd/nscd.service || die
+ systemd_newtmpfilesd nscd/nscd.tmpfiles nscd.conf || die
+ else
+ systemd_dounit "${FILESDIR}"/nscd.service || die
+ systemd_newtmpfilesd "${FILESDIR}"/nscd.tmpfilesd nscd.conf || die
+ fi
+ else
+ # Do this since extra/etc/*.conf above might have nscd.conf.
+ rm -f "${ED}"/etc/nscd.conf
+ fi
+
+ echo 'LDPATH="include ld.so.conf.d/*.conf"' > "${T}"/00glibc
+ doenvd "${T}"/00glibc || die
+
+ for d in BUGS ChangeLog* CONFORMANCE FAQ NEWS NOTES PROJECTS README* ; do
+ [[ -s ${d} ]] && dodoc ${d}
+ done
+
+ # Prevent overwriting of the /etc/localtime symlink. We'll handle the
+ # creation of the "factory" symlink in pkg_postinst().
+ rm -f "${ED}"/etc/localtime
+}
+
+toolchain-glibc_headers_install() {
+ local builddir=$(builddir "headers")
+ cd "${builddir}"
+ emake install_root="${D}$(alt_prefix)" install-headers || die
+ if ! version_is_at_least 2.16 ; then
+ insinto $(alt_headers)/bits
+ doins bits/stdio_lim.h || die
+ fi
+ insinto $(alt_headers)/gnu
+ doins "${S}"/include/gnu/stubs.h || die "doins include gnu"
+ # Make sure we install the sys-include symlink so that when
+ # we build a 2nd stage cross-compiler, gcc finds the target
+ # system headers correctly. See gcc/doc/gccinstall.info
+ dosym usr/include $(alt_prefix)/sys-include
+}
+
+src_strip() {
+ # gdb is lame and requires some debugging information to remain in
+ # libpthread, so we need to strip it by hand. libthread_db makes no
+ # sense stripped as it is only used when debugging.
+ local pthread=$(has splitdebug ${FEATURES} && echo "libthread_db" || echo "lib{pthread,thread_db}")
+ env \
+ -uRESTRICT \
+ CHOST=${CTARGET} \
+ STRIP_MASK="/*/{,tls/}${pthread}*" \
+ prepallstrip
+ # if user has stripping enabled and does not have split debug turned on,
+ # then leave the debugging sections in libpthread.
+ if ! has nostrip ${FEATURES} && ! has splitdebug ${FEATURES} ; then
+ ${STRIP:-${CTARGET}-strip} --strip-debug "${ED}"/*/libpthread-*.so
+ fi
+}
+
+eblit-glibc-src_install() {
+ if just_headers ; then
+ export ABI=default
+ toolchain-glibc_headers_install
+ return
+ fi
+
+ foreach_abi toolchain-glibc_src_install
+ src_strip
+}
diff --git a/sys-libs/glibc/files/eblits/src_prepare.eblit b/sys-libs/glibc/files/eblits/src_prepare.eblit
new file mode 100644
index 0000000..162cf53
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/src_prepare.eblit
@@ -0,0 +1,63 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+eblit-glibc-src_prepare() {
+ # XXX: We should do the branchupdate, before extracting the manpages and
+ # infopages else it does not help much (mtimes change if there is a change
+ # to them with branchupdate)
+ if [[ -n ${BRANCH_UPDATE} ]] ; then
+ epatch "${DISTDIR}"/glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+
+ # Snapshot date patch
+ einfo "Patching version to display snapshot date ..."
+ sed -i -e "s:\(#define RELEASE\).*:\1 \"${BRANCH_UPDATE}\":" version.h
+ fi
+
+ # tag, glibc is it
+ if ! version_is_at_least 2.17 ; then
+ [[ -e csu/Banner ]] && die "need new banner location"
+ glibc_banner > csu/Banner
+ fi
+ if [[ -n ${PATCH_VER} ]] && ! use vanilla ; then
+ EPATCH_MULTI_MSG="Applying Gentoo Glibc Patchset ${RELEASE_VER}-${PATCH_VER} ..." \
+ EPATCH_EXCLUDE=${GLIBC_PATCH_EXCLUDE} \
+ EPATCH_SUFFIX="patch" \
+ ARCH=$(tc-arch) \
+ epatch "${WORKDIR}"/patches
+ fi
+
+ if just_headers ; then
+ if [[ -e ports/sysdeps/mips/preconfigure ]] ; then
+ # mips peeps like to screw with us. if building headers,
+ # we don't have a real compiler, so we can't let them
+ # insert -mabi on us.
+ sed -i '/CPPFLAGS=.*-mabi/s|.*|:|' ports/sysdeps/mips/preconfigure || die
+ find ports/sysdeps/mips/ -name Makefile -exec sed -i '/^CC.*-mabi=/s:-mabi=.*:-D_MIPS_SZPTR=32:' {} +
+ fi
+ fi
+
+ epatch_user
+
+ gnuconfig_update
+
+ # Glibc is stupid sometimes, and doesn't realize that with a
+ # static C-Only gcc, -lgcc_eh doesn't exist.
+ # http://sourceware.org/ml/libc-alpha/2003-09/msg00100.html
+ # http://sourceware.org/ml/libc-alpha/2005-02/msg00042.html
+ # But! Finally fixed in recent versions:
+ # http://sourceware.org/ml/libc-alpha/2012-05/msg01865.html
+ if ! version_is_at_least 2.16 ; then
+ echo 'int main(){}' > "${T}"/gcc_eh_test.c
+ if ! $(tc-getCC ${CTARGET}) ${CFLAGS} ${LDFLAGS} "${T}"/gcc_eh_test.c -lgcc_eh 2>/dev/null ; then
+ sed -i -e 's:-lgcc_eh::' Makeconfig || die "sed gcc_eh"
+ fi
+ fi
+
+ cd "${WORKDIR}"
+ find . -type f '(' -size 0 -o -name "*.orig" ')' -delete
+ find . -name configure -exec touch {} +
+
+ # Fix permissions on some of the scripts.
+ chmod u+x "${S}"/scripts/*.sh
+}
diff --git a/sys-libs/glibc/files/eblits/src_test.eblit b/sys-libs/glibc/files/eblits/src_test.eblit
new file mode 100644
index 0000000..fc5b950
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/src_test.eblit
@@ -0,0 +1,30 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+glibc_src_test() {
+ cd "$(builddir $1)"
+ nonfatal emake -j1 check && return 0
+ einfo "make check failed - re-running with --keep-going to get the rest of the results"
+ nonfatal emake -j1 -k check
+ ewarn "make check failed for ${ABI}-${CTARGET}-$1"
+ return 1
+}
+
+toolchain-glibc_src_test() {
+ local ret=0 t
+ for t in linuxthreads nptl ; do
+ if want_${t} ; then
+ glibc_src_test ${t}
+ : $(( ret |= $? ))
+ fi
+ done
+ return ${ret}
+}
+
+eblit-glibc-src_test() {
+ # Give tests more time to complete.
+ export TIMEOUTFACTOR=5
+
+ foreach_abi toolchain-glibc_src_test || die "tests failed"
+}
diff --git a/sys-libs/glibc/files/eblits/src_unpack.eblit b/sys-libs/glibc/files/eblits/src_unpack.eblit
new file mode 100644
index 0000000..8d4c740
--- /dev/null
+++ b/sys-libs/glibc/files/eblits/src_unpack.eblit
@@ -0,0 +1,121 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+[[ ${EAPI:-0} == [01] ]] && source "${FILESDIR}/eblits/src_prepare.eblit"
+
+int_to_KV() {
+ local version=$1 major minor micro
+ major=$((version / 65536))
+ minor=$(((version % 65536) / 256))
+ micro=$((version % 256))
+ echo ${major}.${minor}.${micro}
+}
+
+eend_KV() {
+ [[ $(KV_to_int $1) -ge $(KV_to_int $2) ]]
+ eend $?
+}
+
+get_kheader_version() {
+ printf '#include <linux/version.h>\nLINUX_VERSION_CODE\n' | \
+ $(tc-getCPP ${CTARGET}) -I "${EPREFIX}/$(alt_build_headers)" - | \
+ tail -n 1
+}
+
+check_nptl_support() {
+ # don't care about the compiler here as we arent using it
+ just_headers && return
+
+ local run_kv build_kv want_kv
+ run_kv=$(int_to_KV $(get_KV))
+ build_kv=$(int_to_KV $(get_kheader_version))
+ want_kv=${NPTL_KERN_VER}
+
+ ebegin "Checking gcc for __thread support"
+ if ! eend $(want__thread ; echo $?) ; then
+ echo
+ eerror "Could not find a gcc that supports the __thread directive!"
+ eerror "Please update your binutils/gcc and try again."
+ die "No __thread support in gcc!"
+ fi
+
+ if ! is_crosscompile && ! tc-is-cross-compiler ; then
+ # Building fails on an non-supporting kernel
+ ebegin "Checking kernel version (${run_kv} >= ${want_kv})"
+ if ! eend_KV ${run_kv} ${want_kv} ; then
+ echo
+ eerror "You need a kernel of at least ${want_kv} for NPTL support!"
+ die "Kernel version too low!"
+ fi
+ fi
+
+ ebegin "Checking linux-headers version (${build_kv} >= ${want_kv})"
+ if ! eend_KV ${build_kv} ${want_kv} ; then
+ echo
+ eerror "You need linux-headers of at least ${want_kv} for NPTL support!"
+ die "linux-headers version too low!"
+ fi
+}
+
+unpack_pkg() {
+ local a=${PN}
+ [[ -n ${SNAP_VER} ]] && a="${a}-${RELEASE_VER}"
+ [[ -n $1 ]] && a="${a}-$1"
+ if [[ -n ${SNAP_VER} ]] ; then
+ a="${a}-${SNAP_VER}"
+ else
+ if [[ -n $2 ]] ; then
+ a="${a}-$2"
+ else
+ a="${a}-${RELEASE_VER}"
+ fi
+ fi
+ if has ${a}.tar.xz ${A} ; then
+ unpacker ${a}.tar.xz
+ else
+ unpack ${a}.tar.bz2
+ fi
+ [[ -n $1 ]] && { mv ${a} $1 || die ; }
+}
+
+toolchain-glibc_src_unpack() {
+ # Check NPTL support _before_ we unpack things to save some time
+ want_nptl && check_nptl_support
+
+ if [[ -n ${EGIT_REPO_URIS} ]] ; then
+ local i d
+ for ((i=0; i<${#EGIT_REPO_URIS[@]}; ++i)) ; do
+ EGIT_REPO_URI=${EGIT_REPO_URIS[$i]}
+ EGIT_SOURCEDIR=${EGIT_SOURCEDIRS[$i]}
+ git-2_src_unpack
+ done
+ else
+ unpack_pkg
+ fi
+
+ cd "${S}"
+ touch locale/C-translit.h #185476 #218003
+ [[ -n ${LT_VER} ]] && unpack_pkg linuxthreads ${LT_VER}
+ [[ -n ${PORTS_VER} ]] && unpack_pkg ports ${PORTS_VER}
+ [[ -n ${LIBIDN_VER} ]] && unpack_pkg libidn
+
+ if [[ -n ${PATCH_VER} ]] ; then
+ cd "${WORKDIR}"
+ unpack glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
+ # pull out all the addons
+ local d
+ for d in extra/*/configure ; do
+ d=${d%/configure}
+ [[ -d ${S}/${d} ]] && die "${d} already exists in \${S}"
+ mv "${d}" "${S}" || die "moving ${d} failed"
+ done
+ fi
+}
+
+eblit-glibc-src_unpack() {
+ setup_env
+
+ toolchain-glibc_src_unpack
+ [[ ${EAPI:-0} == [01] ]] && cd "${S}" && eblit-glibc-src_prepare
+}
diff --git a/sys-libs/glibc/files/nscd b/sys-libs/glibc/files/nscd
new file mode 100644
index 0000000..b102de0
--- /dev/null
+++ b/sys-libs/glibc/files/nscd
@@ -0,0 +1,64 @@
+#!/sbin/runscript
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nscd,v 1.7 2007/02/23 12:09:39 uberlord Exp $
+
+depend() {
+ use dns ldap net slapd
+}
+
+checkconfig() {
+ if [ ! -d /var/run/nscd ] ; then
+ mkdir -p /var/run/nscd
+ chmod 755 /var/run/nscd
+ fi
+ if [ -z "${NSCD_PERMS_OK}" ] && [ "$(stat -c %a /var/run/nscd)" != "755" ] ; then
+ echo ""
+ ewarn "nscd run dir is not world readable, you should reset the perms:"
+ ewarn "chmod 755 /var/run/nscd"
+ ewarn "chmod a+rw /var/run/nscd/socket"
+ echo ""
+ ewarn "To disable this warning, set 'NSCD_PERMS_OK' in /etc/conf.d/nscd"
+ echo ""
+ fi
+}
+
+start() {
+ checkconfig
+
+ ebegin "Starting Name Service Cache Daemon"
+ local secure=`while read curline ; do
+ table=${curline%:*}
+ entries=${curline##$table:}
+ table=${table%%[^a-z]*}
+ case $table in
+ passwd*|group*|hosts)
+ for entry in $entries ; do
+ case $entry in
+ nisplus*)
+ /usr/sbin/nscd_nischeck $table || \
+ /echo "-S $table,yes"
+ ;;
+ esac
+ done
+ ;;
+ esac
+ done < /etc/nsswitch.conf`
+ local pidfile="$(strings /usr/sbin/nscd | grep nscd.pid)"
+ mkdir -p "$(dirname ${pidfile})"
+ save_options pidfile "${pidfile}"
+ start-stop-daemon --start --quiet \
+ --exec /usr/sbin/nscd --pidfile "${pidfile}" \
+ -- $secure
+ eend $?
+}
+
+stop() {
+ local pidfile="$(get_options pidfile)"
+ [ -n "${pidfile}" ] && pidfile="--pidfile ${pidfile}"
+ ebegin "Shutting down Name Service Cache Daemon"
+ start-stop-daemon --stop --quiet --exec /usr/sbin/nscd ${pidfile}
+ eend $?
+}
+
+# vim:ts=4
diff --git a/sys-libs/glibc/files/nscd.service b/sys-libs/glibc/files/nscd.service
new file mode 100644
index 0000000..25a3b1d
--- /dev/null
+++ b/sys-libs/glibc/files/nscd.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Name Service Cache Daemon
+After=network.target
+
+[Service]
+ExecStart=/usr/sbin/nscd -F
+ExecStop=/usr/sbin/nscd --shutdown
+ExecReload=/usr/sbin/nscd -i passwd
+ExecReload=/usr/sbin/nscd -i group
+ExecReload=/usr/sbin/nscd -i hosts
+ExecReload=/usr/sbin/nscd -i services
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/sys-libs/glibc/files/nscd.tmpfilesd b/sys-libs/glibc/files/nscd.tmpfilesd
new file mode 100644
index 0000000..52edbba
--- /dev/null
+++ b/sys-libs/glibc/files/nscd.tmpfilesd
@@ -0,0 +1,4 @@
+# Configuration to create /run/nscd directory
+# Used as part of systemd's tmpfiles
+
+d /run/nscd 0755 root root
diff --git a/sys-libs/glibc/files/nsswitch.conf b/sys-libs/glibc/files/nsswitch.conf
new file mode 100644
index 0000000..eb16961
--- /dev/null
+++ b/sys-libs/glibc/files/nsswitch.conf
@@ -0,0 +1,24 @@
+# /etc/nsswitch.conf:
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/files/nsswitch.conf,v 1.1 2005/05/17 00:52:41 vapier Exp $
+
+passwd: compat
+shadow: compat
+group: compat
+
+# passwd: db files nis
+# shadow: db files nis
+# group: db files nis
+
+hosts: files dns
+networks: files dns
+
+services: db files
+protocols: db files
+rpc: db files
+ethers: db files
+netmasks: files
+netgroup: files
+bootparams: files
+
+automount: files
+aliases: files
diff --git a/sys-libs/glibc/glibc-2.15-r1.ebuild b/sys-libs/glibc/glibc-2.15-r1.ebuild
new file mode 100644
index 0000000..757f34d
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.15-r1.ebuild
@@ -0,0 +1,233 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.15-r1.ebuild,v 1.17 2013/04/05 00:25:16 vapier Exp $
+
+inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib unpacker multiprocessing
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2.1+ BSD HPND inner-net"
+KEYWORDS="~amd64 -hppa ~ia64 ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+RELEASE_VER=""
+BRANCH_UPDATE=""
+SNAP_VER=""
+case ${PV} in
+9999*)
+ EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" )
+ EGIT_SOURCEDIRS=( "${S}" "${S}/ports" )
+ inherit git-2
+ ;;
+*_p*)
+ RELEASE_VER=${PV%_p*}
+ SNAP_VER=${PV#*_p}
+ ;;
+*)
+ RELEASE_VER=${PV}
+ ;;
+esac
+LIBIDN_VER="" # it's integrated into the main tarball now
+PATCH_VER="13" # Gentoo patchset
+PORTS_VER=${RELEASE_VER} # version of glibc ports addon
+LT_VER="" # version of linuxthreads addon
+NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires
+#LT_KERN_VER=${LT_KERN_VER:-"2.4.1"} # min kernel version linuxthreads requires
+
+IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only ${LT_VER:+glibc-compat20 nptl linuxthreads}"
+[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}}
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY} == cross-* ]] ; then
+ export CTARGET=${CATEGORY#cross-}
+ fi
+fi
+
+[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20}
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+
+# Why SLOT 2.2 you ask yourself while sippin your tea ?
+# Everyone knows 2.2 > 0, duh.
+SLOT="2.2"
+
+# General: We need a new-enough binutils for as-needed
+# arch: we need to make sure our binutils/gcc supports TLS
+DEPEND=">=sys-devel/gcc-3.4.4
+ arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 )
+ x86? ( >=sys-devel/gcc-4.3 )
+ amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 )
+ ppc? ( >=sys-devel/gcc-4.1.0 )
+ ppc64? ( >=sys-devel/gcc-4.1.0 )
+ >=sys-devel/binutils-2.15.94
+ ${LT_VER:+nptl? (} >=sys-kernel/linux-headers-${NPTL_KERN_VER} ${LT_VER:+)}
+ >=app-misc/pax-utils-0.1.10
+ virtual/os-headers
+ !<sys-apps/sandbox-1.2.18.1-r2
+ !<sys-apps/portage-2.1.2
+ !<sys-devel/patch-2.6
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-kernel/ps3-sources
+ selinux? ( sys-libs/libselinux )
+ !sys-libs/nss-db"
+
+if [[ ${CATEGORY} == cross-* ]] ; then
+ DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers"
+else
+ DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )"
+ RDEPEND="${RDEPEND}
+ vanilla? ( !sys-libs/timezone-data )
+ !vanilla? ( sys-libs/timezone-data )"
+fi
+
+SRC_URI=$(
+ upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+ }
+ gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
+ devspace=${devspace//HTTP/http://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+ }
+
+ TARNAME=${PN}
+ if [[ -n ${SNAP_VER} ]] ; then
+ TARNAME="${PN}-${RELEASE_VER}"
+ [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER}
+ upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2
+ elif [[ -z ${EGIT_REPO_URIS} ]] ; then
+ upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz
+ fi
+ [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2
+ [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz
+ [[ -n ${LT_VER} ]] && upstream_uris ${TARNAME}-linuxthreads-${LT_VER}.tar.bz2
+ [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+ [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
+)
+
+# eblit-include [--skip] <function> [version]
+eblit-include() {
+ local skipable=false
+ [[ $1 == "--skip" ]] && skipable=true && shift
+ [[ $1 == pkg_* ]] && skipable=true
+
+ local e v func=$1 ver=$2
+ [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
+ for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
+ e="${FILESDIR}/eblits/${func}${v}.eblit"
+ if [[ -e ${e} ]] ; then
+ source "${e}"
+ return 0
+ fi
+ done
+ ${skipable} && return 0
+ die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
+}
+
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+ [[ $(type -t "$@") == "function" ]] && "$@"
+}
+
+# eblit-run <function> [version]
+# aka: src_unpack() { eblit-run src_unpack ; }
+eblit-run() {
+ eblit-include --skip common "${*:2}"
+ eblit-include "$@"
+ eblit-run-maybe eblit-$1-pre
+ eblit-${PN}-$1
+ eblit-run-maybe eblit-$1-post
+}
+
+src_unpack() { eblit-run src_unpack ; }
+src_compile() { eblit-run src_compile ; }
+src_test() { eblit-run src_test ; }
+src_install() { eblit-run src_install ; }
+
+# FILESDIR might not be available during binpkg install
+for x in setup {pre,post}inst ; do
+ e="${FILESDIR}/eblits/pkg_${x}.eblit"
+ if [[ -e ${e} ]] ; then
+ . "${e}"
+ eval "pkg_${x}() { eblit-run pkg_${x} ; }"
+ fi
+done
+
+eblit-src_unpack-pre() {
+ GLIBC_PATCH_EXCLUDE+=" 1200_all_glibc-${PV}-x32.patch"
+}
+
+eblit-src_unpack-post() {
+ if use hardened ; then
+ cd "${S}"
+ einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+ gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
+
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
+ cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
+ debug/chk_fail.c || die
+
+ if use debug ; then
+ # When using Hardened Gentoo stack handler, have smashes dump core for
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug fortify handler"
+ fi
+
+ # Build nscd with ssp-all
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
+ fi
+}
+
+eblit-pkg_preinst-post() {
+ if [[ ${CTARGET} == arm* ]] ; then
+ # Backwards compat support for renaming hardfp ldsos #417287
+ local oldso='/lib/ld-linux.so.3'
+ local nldso='/lib/ld-linux-armhf.so.3'
+ if [[ -e ${D}${nldso} ]] ; then
+ if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
+ ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
+ ewarn "Please rebuild all packages using this old ldso as compat"
+ ewarn "support will be dropped in the future."
+ ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
+ fi
+ fi
+ fi
+}
diff --git a/sys-libs/glibc/glibc-2.15-r2.ebuild b/sys-libs/glibc/glibc-2.15-r2.ebuild
new file mode 100644
index 0000000..2d106b9
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.15-r2.ebuild
@@ -0,0 +1,225 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.15-r2.ebuild,v 1.30 2013/04/05 00:25:16 vapier Exp $
+
+inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib unpacker multiprocessing
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2.1+ BSD HPND inner-net"
+KEYWORDS="alpha amd64 arm -hppa ia64 ~mips ppc ppc64 s390 ~sh sparc x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+RELEASE_VER=""
+BRANCH_UPDATE=""
+SNAP_VER=""
+case ${PV} in
+9999*)
+ EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" )
+ EGIT_SOURCEDIRS=( "${S}" "${S}/ports" )
+ inherit git-2
+ ;;
+*_p*)
+ RELEASE_VER=${PV%_p*}
+ SNAP_VER=${PV#*_p}
+ ;;
+*)
+ RELEASE_VER=${PV}
+ ;;
+esac
+LIBIDN_VER="" # it's integrated into the main tarball now
+PATCH_VER="21" # Gentoo patchset
+PORTS_VER=${RELEASE_VER} # version of glibc ports addon
+NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires
+
+IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only"
+[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}}
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY} == cross-* ]] ; then
+ export CTARGET=${CATEGORY#cross-}
+ fi
+fi
+
+[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20}
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+
+# Why SLOT 2.2 you ask yourself while sippin your tea ?
+# Everyone knows 2.2 > 0, duh.
+SLOT="2.2"
+
+# General: We need a new-enough binutils for as-needed
+# arch: we need to make sure our binutils/gcc supports TLS
+DEPEND=">=sys-devel/gcc-3.4.4
+ arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 )
+ x86? ( >=sys-devel/gcc-4.3 )
+ amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 )
+ ppc? ( >=sys-devel/gcc-4.1.0 )
+ ppc64? ( >=sys-devel/gcc-4.1.0 )
+ >=sys-devel/binutils-2.15.94
+ >=app-misc/pax-utils-0.1.10
+ virtual/os-headers
+ !<sys-apps/sandbox-1.2.18.1-r2
+ !<sys-apps/portage-2.1.2
+ !<sys-devel/patch-2.6
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-kernel/ps3-sources
+ selinux? ( sys-libs/libselinux )
+ !sys-libs/nss-db"
+
+if [[ ${CATEGORY} == cross-* ]] ; then
+ DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers"
+else
+ DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )"
+ RDEPEND="${RDEPEND}
+ vanilla? ( !sys-libs/timezone-data )
+ !vanilla? ( sys-libs/timezone-data )"
+fi
+
+SRC_URI=$(
+ upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+ }
+ gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
+ devspace=${devspace//HTTP/http://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+ }
+
+ TARNAME=${PN}
+ if [[ -n ${SNAP_VER} ]] ; then
+ TARNAME="${PN}-${RELEASE_VER}"
+ [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER}
+ upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2
+ elif [[ -z ${EGIT_REPO_URIS} ]] ; then
+ upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz
+ fi
+ [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2
+ [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz
+ [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+ [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
+)
+
+# eblit-include [--skip] <function> [version]
+eblit-include() {
+ local skipable=false
+ [[ $1 == "--skip" ]] && skipable=true && shift
+ [[ $1 == pkg_* ]] && skipable=true
+
+ local e v func=$1 ver=$2
+ [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
+ for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
+ e="${FILESDIR}/eblits/${func}${v}.eblit"
+ if [[ -e ${e} ]] ; then
+ source "${e}"
+ return 0
+ fi
+ done
+ ${skipable} && return 0
+ die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
+}
+
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+ [[ $(type -t "$@") == "function" ]] && "$@"
+}
+
+# eblit-run <function> [version]
+# aka: src_unpack() { eblit-run src_unpack ; }
+eblit-run() {
+ eblit-include --skip common "${*:2}"
+ eblit-include "$@"
+ eblit-run-maybe eblit-$1-pre
+ eblit-${PN}-$1
+ eblit-run-maybe eblit-$1-post
+}
+
+src_unpack() { eblit-run src_unpack ; }
+src_compile() { eblit-run src_compile ; }
+src_test() { eblit-run src_test ; }
+src_install() { eblit-run src_install ; }
+
+# FILESDIR might not be available during binpkg install
+for x in setup {pre,post}inst ; do
+ e="${FILESDIR}/eblits/pkg_${x}.eblit"
+ if [[ -e ${e} ]] ; then
+ . "${e}"
+ eval "pkg_${x}() { eblit-run pkg_${x} ; }"
+ fi
+done
+
+eblit-src_unpack-post() {
+ if use hardened ; then
+ cd "${S}"
+ einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+ gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
+
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
+ cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
+ debug/chk_fail.c || die
+
+ if use debug ; then
+ # When using Hardened Gentoo stack handler, have smashes dump core for
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug fortify handler"
+ fi
+
+ # Build nscd with ssp-all
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
+ fi
+}
+
+eblit-pkg_preinst-post() {
+ if [[ ${CTARGET} == arm* ]] ; then
+ # Backwards compat support for renaming hardfp ldsos #417287
+ local oldso='/lib/ld-linux.so.3'
+ local nldso='/lib/ld-linux-armhf.so.3'
+ if [[ -e ${D}${nldso} ]] ; then
+ if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
+ ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
+ ewarn "Please rebuild all packages using this old ldso as compat"
+ ewarn "support will be dropped in the future."
+ ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
+ fi
+ fi
+ fi
+}
diff --git a/sys-libs/glibc/glibc-2.15-r3.ebuild b/sys-libs/glibc/glibc-2.15-r3.ebuild
new file mode 100644
index 0000000..fb2b257
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.15-r3.ebuild
@@ -0,0 +1,227 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.15-r3.ebuild,v 1.14 2013/05/09 04:41:16 vapier Exp $
+
+inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib unpacker multiprocessing
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2.1+ BSD HPND inner-net"
+KEYWORDS="alpha amd64 arm -hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+RELEASE_VER=""
+BRANCH_UPDATE=""
+SNAP_VER=""
+case ${PV} in
+9999*)
+ EGIT_REPO_URIS=( "git://sourceware.org/git/glibc.git" "git://sourceware.org/git/glibc-ports.git" )
+ EGIT_SOURCEDIRS=( "${S}" "${S}/ports" )
+ inherit git-2
+ ;;
+*_p*)
+ RELEASE_VER=${PV%_p*}
+ SNAP_VER=${PV#*_p}
+ ;;
+*)
+ RELEASE_VER=${PV}
+ ;;
+esac
+LIBIDN_VER="" # it's integrated into the main tarball now
+PATCH_VER="23" # Gentoo patchset
+PORTS_VER=${RELEASE_VER} # version of glibc ports addon
+NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.9"} # min kernel version nptl requires
+
+IUSE="debug gd hardened multilib selinux profile vanilla crosscompile_opts_headers-only"
+[[ -n ${RELEASE_VER} ]] && S=${WORKDIR}/glibc-${RELEASE_VER}${SNAP_VER:+-${SNAP_VER}}
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY} == cross-* ]] ; then
+ export CTARGET=${CATEGORY#cross-}
+ fi
+fi
+
+[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.9/2.6.20}
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+
+# Why SLOT 2.2 you ask yourself while sippin your tea ?
+# Everyone knows 2.2 > 0, duh.
+SLOT="2.2"
+
+# General: We need a new-enough binutils for as-needed
+# arch: we need to make sure our binutils/gcc supports TLS
+DEPEND=">=sys-devel/gcc-3.4.4
+ arm? ( >=sys-devel/binutils-2.16.90 >=sys-devel/gcc-4.1.0 )
+ x86? ( >=sys-devel/gcc-4.3 )
+ amd64? ( >=sys-devel/binutils-2.19 >=sys-devel/gcc-4.3 )
+ ppc? ( >=sys-devel/gcc-4.1.0 )
+ ppc64? ( >=sys-devel/gcc-4.1.0 )
+ >=sys-devel/binutils-2.15.94
+ >=app-misc/pax-utils-0.1.10
+ virtual/os-headers
+ !<sys-apps/sandbox-1.2.18.1-r2
+ !<sys-apps/portage-2.1.2
+ !<sys-devel/patch-2.6
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-kernel/ps3-sources
+ selinux? ( sys-libs/libselinux )
+ !sys-libs/nss-db"
+
+if [[ ${CATEGORY} == cross-* ]] ; then
+ DEPEND="${DEPEND} !crosscompile_opts_headers-only? ( ${CATEGORY}/gcc )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND="${DEPEND} ${CATEGORY}/linux-headers"
+else
+ DEPEND="${DEPEND} !vanilla? ( >=sys-libs/timezone-data-2007c )"
+ RDEPEND="${RDEPEND}
+ vanilla? ( !sys-libs/timezone-data )
+ !vanilla? ( sys-libs/timezone-data )"
+fi
+
+SRC_URI=$(
+ upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+ }
+ gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
+ devspace=${devspace//HTTP/http://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+ }
+
+ TARNAME=${PN}
+ if [[ -n ${SNAP_VER} ]] ; then
+ TARNAME="${PN}-${RELEASE_VER}"
+ [[ -n ${PORTS_VER} ]] && PORTS_VER=${SNAP_VER}
+ upstream_uris ${TARNAME}-${SNAP_VER}.tar.bz2
+ elif [[ -z ${EGIT_REPO_URIS} ]] ; then
+ upstream_uris ${TARNAME}-${RELEASE_VER}.tar.xz
+ fi
+ [[ -n ${LIBIDN_VER} ]] && upstream_uris glibc-libidn-${LIBIDN_VER}.tar.bz2
+ [[ -n ${PORTS_VER} ]] && upstream_uris ${TARNAME}-ports-${PORTS_VER}.tar.xz
+ [[ -n ${BRANCH_UPDATE} ]] && gentoo_uris glibc-${RELEASE_VER}-branch-update-${BRANCH_UPDATE}.patch.bz2
+ [[ -n ${PATCH_VER} ]] && gentoo_uris glibc-${RELEASE_VER}-patches-${PATCH_VER}.tar.bz2
+)
+
+# eblit-include [--skip] <function> [version]
+eblit-include() {
+ local skipable=false
+ [[ $1 == "--skip" ]] && skipable=true && shift
+ [[ $1 == pkg_* ]] && skipable=true
+
+ local e v func=$1 ver=$2
+ [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
+ for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
+ e="${FILESDIR}/eblits/${func}${v}.eblit"
+ if [[ -e ${e} ]] ; then
+ source "${e}"
+ return 0
+ fi
+ done
+ ${skipable} && return 0
+ die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
+}
+
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+ [[ $(type -t "$@") == "function" ]] && "$@"
+}
+
+# eblit-run <function> [version]
+# aka: src_unpack() { eblit-run src_unpack ; }
+eblit-run() {
+ eblit-include --skip common "${*:2}"
+ eblit-include "$@"
+ eblit-run-maybe eblit-$1-pre
+ eblit-${PN}-$1
+ eblit-run-maybe eblit-$1-post
+}
+
+src_unpack() { eblit-run src_unpack ; }
+src_compile() { eblit-run src_compile ; }
+src_test() { eblit-run src_test ; }
+src_install() { eblit-run src_install ; }
+
+# FILESDIR might not be available during binpkg install
+for x in setup {pre,post}inst ; do
+ e="${FILESDIR}/eblits/pkg_${x}.eblit"
+ if [[ -e ${e} ]] ; then
+ . "${e}"
+ eval "pkg_${x}() { eblit-run pkg_${x} ; }"
+ fi
+done
+
+eblit-src_unpack-post() {
+ epatch "${FILESDIR}"/2.15/glibc-2.15-localstatedir-backport.patch
+
+ if use hardened ; then
+ cd "${S}"
+ einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+ gcc-specs-pie && epatch "${FILESDIR}"/2.12/glibc-2.12-hardened-pie.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
+
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
+ cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
+ debug/chk_fail.c || die
+
+ if use debug ; then
+ # When using Hardened Gentoo stack handler, have smashes dump core for
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug fortify handler"
+ fi
+
+ # Build nscd with ssp-all
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
+ fi
+}
+
+eblit-pkg_preinst-post() {
+ if [[ ${CTARGET} == arm* ]] ; then
+ # Backwards compat support for renaming hardfp ldsos #417287
+ local oldso='/lib/ld-linux.so.3'
+ local nldso='/lib/ld-linux-armhf.so.3'
+ if [[ -e ${D}${nldso} ]] ; then
+ if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
+ ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
+ ewarn "Please rebuild all packages using this old ldso as compat"
+ ewarn "support will be dropped in the future."
+ ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
+ fi
+ fi
+ fi
+}
diff --git a/sys-libs/glibc/glibc-2.17.ebuild b/sys-libs/glibc/glibc-2.17.ebuild
new file mode 100644
index 0000000..40b2f6c
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.17.ebuild
@@ -0,0 +1,228 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.17.ebuild,v 1.16 2013/06/27 12:19:41 jer Exp $
+
+inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
+KEYWORDS="~alpha ~amd64 ~arm hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+RELEASE_VER=""
+case ${PV} in
+9999*)
+ EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
+ EGIT_SOURCEDIRS="${S}"
+ inherit git-2
+ ;;
+*)
+ RELEASE_VER=${PV}
+ ;;
+esac
+PATCH_VER="7" # Gentoo patchset
+NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
+
+IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only"
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY} == cross-* ]] ; then
+ export CTARGET=${CATEGORY#cross-}
+ fi
+fi
+
+[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+
+# Why SLOT 2.2 you ask yourself while sippin your tea ?
+# Everyone knows 2.2 > 0, duh.
+SLOT="2.2"
+
+# General: We need a new-enough binutils/gcc to match upstream baseline.
+# arch: we need to make sure our binutils/gcc supports TLS.
+DEPEND=">=app-misc/pax-utils-0.1.10
+ !<sys-apps/sandbox-1.6
+ !<sys-apps/portage-2.1.2
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-kernel/ps3-sources
+ selinux? ( sys-libs/libselinux )
+ !sys-libs/nss-db"
+
+if [[ ${CATEGORY} == cross-* ]] ; then
+ DEPEND+=" !crosscompile_opts_headers-only? (
+ >=${CATEGORY}/binutils-2.20
+ >=${CATEGORY}/gcc-4.3
+ )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
+else
+ DEPEND+="
+ >=sys-devel/binutils-2.20
+ >=sys-devel/gcc-4.3
+ virtual/os-headers
+ !vanilla? ( >=sys-libs/timezone-data-2012c )"
+ RDEPEND+="
+ vanilla? ( !sys-libs/timezone-data )
+ !vanilla? ( sys-libs/timezone-data )"
+fi
+
+SRC_URI=$(
+ upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+ }
+ gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
+ devspace=${devspace//HTTP/http://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+ }
+
+ [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
+ [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
+)
+
+# eblit-include [--skip] <function> [version]
+eblit-include() {
+ local skipable=false
+ [[ $1 == "--skip" ]] && skipable=true && shift
+ [[ $1 == pkg_* ]] && skipable=true
+
+ local e v func=$1 ver=$2
+ [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
+ for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
+ e="${FILESDIR}/eblits/${func}${v}.eblit"
+ if [[ -e ${e} ]] ; then
+ source "${e}"
+ return 0
+ fi
+ done
+ ${skipable} && return 0
+ die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
+}
+
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+ [[ $(type -t "$@") == "function" ]] && "$@"
+}
+
+# eblit-run <function> [version]
+# aka: src_unpack() { eblit-run src_unpack ; }
+eblit-run() {
+ eblit-include --skip common "${*:2}"
+ eblit-include "$@"
+ eblit-run-maybe eblit-$1-pre
+ eblit-${PN}-$1
+ eblit-run-maybe eblit-$1-post
+}
+
+src_unpack() { eblit-run src_unpack ; }
+src_compile() { eblit-run src_compile ; }
+src_test() { eblit-run src_test ; }
+src_install() { eblit-run src_install ; }
+
+# FILESDIR might not be available during binpkg install
+for x in setup {pre,post}inst ; do
+ e="${FILESDIR}/eblits/pkg_${x}.eblit"
+ if [[ -e ${e} ]] ; then
+ . "${e}"
+ eval "pkg_${x}() { eblit-run pkg_${x} ; }"
+ fi
+done
+
+eblit-src_unpack-pre() {
+ GLIBC_PATCH_EXCLUDE+=" 6600_mips_librt-mips.patch" #456912
+}
+
+eblit-src_unpack-post() {
+ if use hardened ; then
+ cd "${S}"
+ einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+ gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.10/glibc-2.10-hardened-inittls-nosysenter.patch
+
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp -f "${FILESDIR}"/2.6/glibc-2.6-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
+ cp -f "${FILESDIR}"/2.10/glibc-2.10-gentoo-chk_fail.c \
+ debug/chk_fail.c || die
+
+ if use debug ; then
+ # When using Hardened Gentoo stack handler, have smashes dump core for
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug fortify handler"
+ fi
+
+ # Build nscd with ssp-all
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
+ fi
+
+ # RHEL(likely CentOS and SL) 5.6 have kernels with vdso bug,
+ # https://bugzilla.redhat.com/show_bug.cgi?id=673616
+ # we disable vdso loading in ELF handler, as suggest by Mike Frysinger
+ # http://article.gmane.org/gmane.comp.lib.glibc.user/1904
+ # Benda Xu <heroxbd@gentoo.org> (3 Jul, 2013)
+ elog "Your kernel is known to have vdso bug, disabling this feature"
+ epatch "${FILESDIR}"/2.17/vdso-disable.patch
+
+ epatch "${FILESDIR}"/2.17/locale-gen_prefix.patch
+ eprefixify "${WORKDIR}"/extra/locale/locale-gen
+
+ cd "${S}"
+ epatch "${FILESDIR}"/2.17/glibc-2.17-runtime-prefix.patch
+ eprefixify glibc-compat/nss_{compat/compat-{grp,{,s}pwd},files/files-netgrp}.c \
+ nis/nss_compat/compat-{grp,initgroups,{,s}pwd}.c \
+ nss/{db-Makefile,{bug-erange,nss_files/files-init{,groups}}.c} \
+ resolv/{netdb,resolv}.h sysdeps/{{generic,unix/sysv/linux}/paths.h,posix/system.c} \
+ libio/iopopen.c
+ epatch "${FILESDIR}"/${PV}/${P}-shadow-prefix.patch
+}
+
+eblit-pkg_preinst-post() {
+ if [[ ${CTARGET} == arm* ]] ; then
+ # Backwards compat support for renaming hardfp ldsos #417287
+ local oldso='/lib/ld-linux.so.3'
+ local nldso='/lib/ld-linux-armhf.so.3'
+ if [[ -e ${D}${nldso} ]] ; then
+ if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
+ ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
+ ewarn "Please rebuild all packages using this old ldso as compat"
+ ewarn "support will be dropped in the future."
+ ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
+ fi
+ fi
+ fi
+}
diff --git a/sys-libs/glibc/glibc-2.19-r1.ebuild b/sys-libs/glibc/glibc-2.19-r1.ebuild
new file mode 100644
index 0000000..8758b70
--- /dev/null
+++ b/sys-libs/glibc/glibc-2.19-r1.ebuild
@@ -0,0 +1,227 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/glibc/glibc-2.19-r1.ebuild,v 1.11 2014/10/26 08:05:50 vapier Exp $
+
+inherit eutils versionator toolchain-funcs flag-o-matic gnuconfig multilib systemd unpacker multiprocessing prefix
+
+DESCRIPTION="GNU libc6 (also called glibc2) C library"
+HOMEPAGE="http://www.gnu.org/software/libc/libc.html"
+
+LICENSE="LGPL-2.1+ BSD HPND ISC inner-net rc PCRE"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86"
+RESTRICT="strip" # strip ourself #46186
+EMULTILIB_PKG="true"
+
+# Configuration variables
+RELEASE_VER=""
+case ${PV} in
+9999*)
+ EGIT_REPO_URIS="git://sourceware.org/git/glibc.git"
+ EGIT_SOURCEDIRS="${S}"
+ inherit git-2
+ ;;
+*)
+ RELEASE_VER=${PV}
+ ;;
+esac
+GCC_BOOTSTRAP_VER="4.7.3-r1"
+PATCH_VER="3" # Gentoo patchset
+NPTL_KERN_VER=${NPTL_KERN_VER:-"2.6.16"} # min kernel version nptl requires
+
+IUSE="debug gd hardened multilib nscd selinux systemtap profile suid vanilla crosscompile_opts_headers-only rap"
+
+# Here's how the cross-compile logic breaks down ...
+# CTARGET - machine that will target the binaries
+# CHOST - machine that will host the binaries
+# CBUILD - machine that will build the binaries
+# If CTARGET != CHOST, it means you want a libc for cross-compiling.
+# If CHOST != CBUILD, it means you want to cross-compile the libc.
+# CBUILD = CHOST = CTARGET - native build/install
+# CBUILD != (CHOST = CTARGET) - cross-compile a native build
+# (CBUILD = CHOST) != CTARGET - libc for cross-compiler
+# CBUILD != CHOST != CTARGET - cross-compile a libc for a cross-compiler
+# For install paths:
+# CHOST = CTARGET - install into /
+# CHOST != CTARGET - install into /usr/CTARGET/
+
+export CBUILD=${CBUILD:-${CHOST}}
+export CTARGET=${CTARGET:-${CHOST}}
+if [[ ${CTARGET} == ${CHOST} ]] ; then
+ if [[ ${CATEGORY} == cross-* ]] ; then
+ export CTARGET=${CATEGORY#cross-}
+ fi
+fi
+
+[[ ${CTARGET} == hppa* ]] && NPTL_KERN_VER=${NPTL_KERN_VER/2.6.16/2.6.20}
+
+is_crosscompile() {
+ [[ ${CHOST} != ${CTARGET} ]]
+}
+
+# Why SLOT 2.2 you ask yourself while sippin your tea ?
+# Everyone knows 2.2 > 0, duh.
+SLOT="2.2"
+
+# General: We need a new-enough binutils/gcc to match upstream baseline.
+# arch: we need to make sure our binutils/gcc supports TLS.
+DEPEND=">=app-misc/pax-utils-0.1.10
+ !<sys-apps/sandbox-1.6
+ !<sys-apps/portage-2.1.2
+ selinux? ( sys-libs/libselinux )"
+RDEPEND="!sys-kernel/ps3-sources
+ selinux? ( sys-libs/libselinux )
+ !sys-libs/nss-db"
+
+if [[ ${CATEGORY} == cross-* ]] ; then
+ DEPEND+=" !crosscompile_opts_headers-only? (
+ >=${CATEGORY}/binutils-2.20
+ >=${CATEGORY}/gcc-4.3
+ )"
+ [[ ${CATEGORY} == *-linux* ]] && DEPEND+=" ${CATEGORY}/linux-headers"
+else
+ DEPEND+="
+ >=sys-devel/binutils-2.20
+ >=sys-devel/gcc-4.3
+ virtual/os-headers
+ !vanilla? ( >=sys-libs/timezone-data-2012c )"
+ RDEPEND+="
+ vanilla? ( !sys-libs/timezone-data )
+ !vanilla? ( sys-libs/timezone-data )"
+fi
+
+upstream_uris() {
+ echo mirror://gnu/glibc/$1 ftp://sourceware.org/pub/glibc/{releases,snapshots}/$1 mirror://gentoo/$1
+}
+gentoo_uris() {
+ local devspace="HTTP~vapier/dist/URI HTTP~azarah/glibc/URI"
+ devspace=${devspace//HTTP/http://dev.gentoo.org/}
+ echo mirror://gentoo/$1 ${devspace//URI/$1}
+}
+SRC_URI=$(
+ [[ -z ${EGIT_REPO_URIS} ]] && upstream_uris ${P}.tar.xz
+ [[ -n ${PATCH_VER} ]] && gentoo_uris ${P}-patches-${PATCH_VER}.tar.bz2
+)
+SRC_URI+=" ${GCC_BOOTSTRAP_VER:+multilib? ( $(gentoo_uris gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2) )}"
+
+# eblit-include [--skip] <function> [version]
+eblit-include() {
+ local skipable=false
+ [[ $1 == "--skip" ]] && skipable=true && shift
+ [[ $1 == pkg_* ]] && skipable=true
+
+ local e v func=$1 ver=$2
+ [[ -z ${func} ]] && die "Usage: eblit-include <function> [version]"
+ for v in ${ver:+-}${ver} -${PVR} -${PV} "" ; do
+ e="${FILESDIR}/eblits/${func}${v}.eblit"
+ if [[ -e ${e} ]] ; then
+ source "${e}"
+ return 0
+ fi
+ done
+ ${skipable} && return 0
+ die "Could not locate requested eblit '${func}' in ${FILESDIR}/eblits/"
+}
+
+# eblit-run-maybe <function>
+# run the specified function if it is defined
+eblit-run-maybe() {
+ [[ $(type -t "$@") == "function" ]] && "$@"
+}
+
+# eblit-run <function> [version]
+# aka: src_unpack() { eblit-run src_unpack ; }
+eblit-run() {
+ eblit-include --skip common "${*:2}"
+ eblit-include "$@"
+ eblit-run-maybe eblit-$1-pre
+ eblit-${PN}-$1
+ eblit-run-maybe eblit-$1-post
+}
+
+src_unpack() { eblit-run src_unpack ; }
+src_compile() { eblit-run src_compile ; }
+src_test() { eblit-run src_test ; }
+src_install() { eblit-run src_install ; }
+
+# FILESDIR might not be available during binpkg install
+for x in setup {pre,post}inst ; do
+ e="${FILESDIR}/eblits/pkg_${x}.eblit"
+ if [[ -e ${e} ]] ; then
+ . "${e}"
+ eval "pkg_${x}() { eblit-run pkg_${x} ; }"
+ fi
+done
+
+eblit-src_unpack-pre() {
+ [[ -n ${GCC_BOOTSTRAP_VER} ]] && use multilib && unpack gcc-${GCC_BOOTSTRAP_VER}-multilib-bootstrap.tar.bz2
+}
+
+eblit-src_unpack-post() {
+ eprefixify extra/locale/locale-gen
+
+ cd "${S}"
+
+ if use hardened ; then
+ einfo "Patching to get working PIE binaries on PIE (hardened) platforms"
+ gcc-specs-pie && epatch "${FILESDIR}"/2.17/glibc-2.17-hardened-pie.patch
+ epatch "${FILESDIR}"/2.19/glibc-2.19-hardened-configure-picdefault.patch
+ epatch "${FILESDIR}"/2.18/glibc-2.18-hardened-inittls-nosysenter.patch
+
+ einfo "Installing Hardened Gentoo SSP and FORTIFY_SOURCE handler"
+ cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-stack_chk_fail.c \
+ debug/stack_chk_fail.c || die
+ cp -f "${FILESDIR}"/2.18/glibc-2.18-gentoo-chk_fail.c \
+ debug/chk_fail.c || die
+
+ if use debug ; then
+ # When using Hardened Gentoo stack handler, have smashes dump core for
+ # analysis - debug only, as core could be an information leak
+ # (paranoia).
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-stack_chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug stack handler"
+ sed -i \
+ -e '/^CFLAGS-backtrace.c/ iCFLAGS-chk_fail.c = -DSSP_SMASH_DUMPS_CORE' \
+ debug/Makefile \
+ || die "Failed to modify debug/Makefile for debug fortify handler"
+ fi
+
+ # Build nscd with ssp-all
+ sed -i \
+ -e 's:-fstack-protector$:-fstack-protector-all:' \
+ nscd/Makefile \
+ || die "Failed to ensure nscd builds with ssp-all"
+ fi
+
+ if use rap; then
+ if type -p lsb_release > lsb-loc; then
+ local lsb_id=$(lsb_release -i)
+ local lsb_rel=$(lsb_release -r)
+ fi
+
+ if [[ ${lsb_id} == *CentOS ]] || [[ ${lsb_id} == *RedHat* ]]; then
+ if [[ ${lsb_rel} == *5.6 ]]; then
+ elog "Your kernel is known to have vdso bug, disabling this feature"
+ elog "https://bugzilla.redhat.com/show_bug.cgi?id=678613"
+ epatch "${FILESDIR}"/${PV}/${P}-vdso-disable.patch
+ fi
+ fi
+ fi
+}
+
+eblit-pkg_preinst-post() {
+ if [[ ${CTARGET} == arm* ]] ; then
+ # Backwards compat support for renaming hardfp ldsos #417287
+ local oldso='/lib/ld-linux.so.3'
+ local nldso='/lib/ld-linux-armhf.so.3'
+ if [[ -e ${D}${nldso} ]] ; then
+ if scanelf -qRyi "${ROOT}$(alt_prefix)"/*bin/ | grep -s "^${oldso}" ; then
+ ewarn "Symlinking old ldso (${oldso}) to new ldso (${nldso})."
+ ewarn "Please rebuild all packages using this old ldso as compat"
+ ewarn "support will be dropped in the future."
+ ln -s "${nldso##*/}" "${D}$(alt_prefix)${oldso}"
+ fi
+ fi
+ fi
+}
diff --git a/sys-libs/glibc/metadata.xml b/sys-libs/glibc/metadata.xml
new file mode 100644
index 0000000..f1f3fd9
--- /dev/null
+++ b/sys-libs/glibc/metadata.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>toolchain</herd>
+<use>
+ <flag name='gd'>build memusage and memusagestat tools</flag>
+ <flag name='nscd'>Build, and enable support for, the Name Service Cache Daemon</flag>
+ <flag name='suid'>Make internal pt_chown helper setuid -- not needed if using Linux and have /dev/pts mounted with gid=5</flag>
+ <flag name='systemtap'>enable systemtap static probe points</flag>
+</use>
+</pkgmetadata>