summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--patches/glibc-2.18/0001-ARM-Fix-clone-code-when-built-for-Thumb.patch35
-rw-r--r--patches/glibc-2.18/0002-Fix-PI-mutex-check-in-pthread_cond_broadcast-and-pth.patch51
-rw-r--r--patches/glibc-2.18/0003-ARM-Fix-memcpy-computed-jump-calculations-for-ARM_AL.patch70
-rw-r--r--patches/glibc-2.18/0004-Accept-make-versions-4.0-and-greater.patch35
-rw-r--r--patches/glibc-2.18/0005-Simplify-strcoll-implementation.patch795
-rw-r--r--patches/glibc-2.18/0006-Fall-back-to-non-cached-sequence-traversal-and-compa.patch384
-rw-r--r--patches/glibc-2.18/0007-Check-for-integer-overflow-in-cache-size-computation.patch121
-rw-r--r--patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch199
-rw-r--r--patches/glibc-2.18/0009-CVE-2013-4237-BZ-14699-Buffer-overflow-in-readdir_r.patch171
-rw-r--r--patches/glibc-2.18/0010-malloc-Check-for-integer-overflow-in-pvalloc.patch37
-rw-r--r--patches/glibc-2.18/0011-malloc-Check-for-integer-overflow-in-valloc.patch37
-rw-r--r--patches/glibc-2.18/0012-malloc-Check-for-integer-overflow-in-memalign.patch37
-rw-r--r--patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch51
-rw-r--r--patches/glibc-2.18/series27
-rw-r--r--patches/glibc-2.20/0100-add-install-lib-all-target.patch (renamed from patches/glibc-2.18/0100-add-install-lib-all-target.patch)4
-rw-r--r--patches/glibc-2.20/0101-don-t-regen-docs-if-perl-is-not-found.patch (renamed from patches/glibc-2.18/0101-don-t-regen-docs-if-perl-is-not-found.patch)4
-rw-r--r--patches/glibc-2.20/0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch (renamed from patches/glibc-2.18/0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch)4
-rw-r--r--patches/glibc-2.20/0300-resolv-dynamic.patch (renamed from patches/glibc-2.18/0300-resolv-dynamic.patch)2
-rw-r--r--patches/glibc-2.20/0400-optimized-string-functions-for-NEON-from-Linaro.patch (renamed from patches/glibc-2.18/0400-optimized-string-functions-for-NEON-from-Linaro.patch)10
-rw-r--r--patches/glibc-2.20/0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch (renamed from patches/glibc-2.18/0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch)10
-rw-r--r--patches/glibc-2.20/series14
21 files changed, 31 insertions, 2067 deletions
diff --git a/patches/glibc-2.18/0001-ARM-Fix-clone-code-when-built-for-Thumb.patch b/patches/glibc-2.18/0001-ARM-Fix-clone-code-when-built-for-Thumb.patch
deleted file mode 100644
index 78bf5f9..0000000
--- a/patches/glibc-2.18/0001-ARM-Fix-clone-code-when-built-for-Thumb.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Will Newton <will.newton@linaro.org>
-Date: Thu, 29 Aug 2013 20:10:26 +0100
-Subject: [PATCH] ARM: Fix clone code when built for Thumb.
-
-The mov lr, pc instruction will lose the Thumb bit from the return address
-so use blx lr instead.
-
-ports/ChangeLog.arm:
-
-2013-08-30 Will Newton <will.newton@linaro.org>
-
- [BZ #15909]
- * sysdeps/unix/sysv/linux/arm/clone.S (__clone): Use blx
- instead of mov lr, pc.
-
-(cherry picked from commit 6b06ac56cdfc9293908724e51e827534e97819aa)
----
- ports/sysdeps/unix/sysv/linux/arm/clone.S | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/ports/sysdeps/unix/sysv/linux/arm/clone.S b/ports/sysdeps/unix/sysv/linux/arm/clone.S
-index ce9c2a5..6e74fa7 100644
---- a/ports/sysdeps/unix/sysv/linux/arm/clone.S
-+++ b/ports/sysdeps/unix/sysv/linux/arm/clone.S
-@@ -93,8 +93,8 @@ PSEUDO_END (__clone)
- mov lr, pc
- bx ip
- #else
-- mov lr, pc
-- ldr pc, [sp], #8
-+ ldr lr, [sp], #8
-+ blx lr
- #endif
-
- @ and we are done, passing the return value through r0
diff --git a/patches/glibc-2.18/0002-Fix-PI-mutex-check-in-pthread_cond_broadcast-and-pth.patch b/patches/glibc-2.18/0002-Fix-PI-mutex-check-in-pthread_cond_broadcast-and-pth.patch
deleted file mode 100644
index a255632..0000000
--- a/patches/glibc-2.18/0002-Fix-PI-mutex-check-in-pthread_cond_broadcast-and-pth.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From: Siddhesh Poyarekar <siddhesh@redhat.com>
-Date: Thu, 3 Oct 2013 08:26:21 +0530
-Subject: [PATCH] Fix PI mutex check in pthread_cond_broadcast and
- pthread_cond_signal
-
-Fixes BZ #15996.
-
-The check had a typo - it checked for PTHREAD_MUTEX_ROBUST_NP instead
-of PTHREAD_MUTEX_ROBUST_NORMAL_NP. It has now been replaced by the
-already existing convenience macro USE_REQUEUE_PI.
----
- nptl/pthread_cond_broadcast.c | 5 +----
- nptl/pthread_cond_signal.c | 7 +------
- 2 files changed, 2 insertions(+), 10 deletions(-)
-
-diff --git a/nptl/pthread_cond_broadcast.c b/nptl/pthread_cond_broadcast.c
-index 0702ec0..7ba9efa 100644
---- a/nptl/pthread_cond_broadcast.c
-+++ b/nptl/pthread_cond_broadcast.c
-@@ -63,10 +63,7 @@ __pthread_cond_broadcast (cond)
-
- #if (defined lll_futex_cmp_requeue_pi \
- && defined __ASSUME_REQUEUE_PI)
-- int pi_flag = PTHREAD_MUTEX_PRIO_INHERIT_NP | PTHREAD_MUTEX_ROBUST_NP;
-- pi_flag &= mut->__data.__kind;
--
-- if (pi_flag == PTHREAD_MUTEX_PRIO_INHERIT_NP)
-+ if (USE_REQUEUE_PI (mut))
- {
- if (lll_futex_cmp_requeue_pi (&cond->__data.__futex, 1, INT_MAX,
- &mut->__data.__lock, futex_val,
-diff --git a/nptl/pthread_cond_signal.c b/nptl/pthread_cond_signal.c
-index 102d0b3..ffc35dc 100644
---- a/nptl/pthread_cond_signal.c
-+++ b/nptl/pthread_cond_signal.c
-@@ -49,14 +49,9 @@ __pthread_cond_signal (cond)
-
- #if (defined lll_futex_cmp_requeue_pi \
- && defined __ASSUME_REQUEUE_PI)
-- int pi_flag = PTHREAD_MUTEX_PRIO_INHERIT_NP | PTHREAD_MUTEX_ROBUST_NP;
- pthread_mutex_t *mut = cond->__data.__mutex;
-
-- /* Do not use requeue for pshared condvars. */
-- if (mut != (void *) ~0l)
-- pi_flag &= mut->__data.__kind;
--
-- if (__builtin_expect (pi_flag == PTHREAD_MUTEX_PRIO_INHERIT_NP, 0)
-+ if (USE_REQUEUE_PI (mut)
- /* This can only really fail with a ENOSYS, since nobody can modify
- futex while we have the cond_lock. */
- && lll_futex_cmp_requeue_pi (&cond->__data.__futex, 1, 0,
diff --git a/patches/glibc-2.18/0003-ARM-Fix-memcpy-computed-jump-calculations-for-ARM_AL.patch b/patches/glibc-2.18/0003-ARM-Fix-memcpy-computed-jump-calculations-for-ARM_AL.patch
deleted file mode 100644
index e02a24d..0000000
--- a/patches/glibc-2.18/0003-ARM-Fix-memcpy-computed-jump-calculations-for-ARM_AL.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From: Roland McGrath <roland@hack.frob.com>
-Date: Fri, 22 Nov 2013 11:39:20 -0800
-Subject: [PATCH] ARM: Fix memcpy computed-jump calculations for ARM_ALWAYS_BX
- case.
-
----
- ports/sysdeps/arm/arm-features.h | 8 --------
- ports/sysdeps/arm/armv7/multiarch/memcpy_impl.S | 21 +++++++++++----------
- 2 files changed, 11 insertions(+), 18 deletions(-)
-
-diff --git a/ports/sysdeps/arm/arm-features.h b/ports/sysdeps/arm/arm-features.h
-index 1d4b0f1..336b690 100644
---- a/ports/sysdeps/arm/arm-features.h
-+++ b/ports/sysdeps/arm/arm-features.h
-@@ -53,14 +53,6 @@
- # define ARM_BX_ALIGN_LOG2 2
- #endif
-
--/* The number of instructions that 'bx' expands to. A more-specific
-- arm-features.h that defines 'bx' as a macro should define this to the
-- number instructions it expands to. This is used only in a context
-- where the 'bx' expansion won't cross an ARM_BX_ALIGN_LOG2 boundary. */
--#ifndef ARM_BX_NINSNS
--# define ARM_BX_NINSNS 1
--#endif
--
- /* An OS-specific arm-features.h file may define ARM_NO_INDEX_REGISTER to
- indicate that the two-register addressing modes must never be used. */
-
-diff --git a/ports/sysdeps/arm/armv7/multiarch/memcpy_impl.S b/ports/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-index 3decad6..5ed076e 100644
---- a/ports/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-+++ b/ports/sysdeps/arm/armv7/multiarch/memcpy_impl.S
-@@ -128,25 +128,26 @@
- .purgem dispatch_step
- .endm
- #else
--# if ARM_BX_ALIGN_LOG2 < 4
-+# if ARM_BX_ALIGN_LOG2 < 3
- # error case not handled
- # endif
- .macro dispatch_helper steps, log2_bytes_per_step
-- .p2align ARM_BX_ALIGN_LOG2
- /* TMP1 gets (max_bytes - bytes_to_copy), where max_bytes is
- (STEPS << LOG2_BYTES_PER_STEP).
-- So this is (steps_to_skip << LOG2_BYTES_PER_STEP). */
-- rsb tmp1, tmp1, #(\steps << \log2_bytes_per_step)
-- /* Pad so that the add;bx pair immediately precedes an alignment
-- boundary. Hence, TMP1=0 will run all the steps. */
-- .rept (1 << (ARM_BX_ALIGN_LOG2 - 2)) - (2 + ARM_BX_NINSNS)
-- nop
-- .endr
-+ So this is (steps_to_skip << LOG2_BYTES_PER_STEP).
-+ Then it needs further adjustment to compensate for the
-+ distance between the PC value taken below (0f + PC_OFS)
-+ and the first step's instructions (1f). */
-+ rsb tmp1, tmp1, #((\steps << \log2_bytes_per_step) \
-+ + ((1f - PC_OFS - 0f) \
-+ >> (ARM_BX_ALIGN_LOG2 - \log2_bytes_per_step)))
- /* Shifting down LOG2_BYTES_PER_STEP gives us the number of
- steps to skip, then shifting up ARM_BX_ALIGN_LOG2 gives us
- the (byte) distance to add to the PC. */
-- add tmp1, pc, tmp1, lsl #(ARM_BX_ALIGN_LOG2 - \log2_bytes_per_step)
-+0: add tmp1, pc, tmp1, lsl #(ARM_BX_ALIGN_LOG2 - \log2_bytes_per_step)
- bx tmp1
-+ .p2align ARM_BX_ALIGN_LOG2
-+1:
- .endm
-
- .macro dispatch_7_dword
diff --git a/patches/glibc-2.18/0004-Accept-make-versions-4.0-and-greater.patch b/patches/glibc-2.18/0004-Accept-make-versions-4.0-and-greater.patch
deleted file mode 100644
index 3206a74..0000000
--- a/patches/glibc-2.18/0004-Accept-make-versions-4.0-and-greater.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From: Marc-Antoine Perennou <Marc-Antoine@Perennou.com>
-Date: Thu, 31 Oct 2013 12:37:50 +1000
-Subject: [PATCH] Accept make versions 4.0 and greater
-
----
- configure | 2 +-
- configure.in | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure b/configure
-index 1ee4c42..804fd7e 100755
---- a/configure
-+++ b/configure
-@@ -4772,7 +4772,7 @@ $as_echo_n "checking version of $MAKE... " >&6; }
- ac_prog_version=`$MAKE --version 2>&1 | sed -n 's/^.*GNU Make[^0-9]*\([0-9][0-9.]*\).*$/\1/p'`
- case $ac_prog_version in
- '') ac_prog_version="v. ?.??, bad"; ac_verc_fail=yes;;
-- 3.79* | 3.[89]*)
-+ 3.79* | 3.[89]* | [4-9].* | [1-9][0-9]*)
- ac_prog_version="$ac_prog_version, ok"; ac_verc_fail=no;;
- *) ac_prog_version="$ac_prog_version, bad"; ac_verc_fail=yes;;
-
-diff --git a/configure.in b/configure.in
-index 769e8ef..2364142 100644
---- a/configure.in
-+++ b/configure.in
-@@ -989,7 +989,7 @@ AC_CHECK_PROG_VER(CC, ${ac_tool_prefix}gcc ${ac_tool_prefix}cc, -v,
- critic_missing="$critic_missing gcc")
- AC_CHECK_PROG_VER(MAKE, gnumake gmake make, --version,
- [GNU Make[^0-9]*\([0-9][0-9.]*\)],
-- [3.79* | 3.[89]*], critic_missing="$critic_missing make")
-+ [3.79* | 3.[89]* | [4-9].* | [1-9][0-9]*], critic_missing="$critic_missing make")
-
- AC_CHECK_PROG_VER(MSGFMT, gnumsgfmt gmsgfmt msgfmt, --version,
- [GNU gettext.* \([0-9]*\.[0-9.]*\)],
diff --git a/patches/glibc-2.18/0005-Simplify-strcoll-implementation.patch b/patches/glibc-2.18/0005-Simplify-strcoll-implementation.patch
deleted file mode 100644
index e715b38..0000000
--- a/patches/glibc-2.18/0005-Simplify-strcoll-implementation.patch
+++ /dev/null
@@ -1,795 +0,0 @@
-From: Siddhesh Poyarekar <siddhesh@redhat.com>
-Date: Tue, 20 Aug 2013 08:40:05 +0530
-Subject: [PATCH] Simplify strcoll implementation
-
-Break up strcoll into simpler functions so that the logic is easier to
-follow and maintain.
----
- string/strcoll_l.c | 701 ++++++++++++++++++++++-------------------------------
- 1 file changed, 295 insertions(+), 406 deletions(-)
-
-diff --git a/string/strcoll_l.c b/string/strcoll_l.c
-index ecda08f..50ed84d 100644
---- a/string/strcoll_l.c
-+++ b/string/strcoll_l.c
-@@ -41,11 +41,244 @@
-
- #include "../locale/localeinfo.h"
-
-+/* Track status while looking for sequences in a string. */
-+typedef struct
-+{
-+ int len; /* Length of the current sequence. */
-+ int val; /* Position of the sequence relative to the
-+ previous non-ignored sequence. */
-+ size_t idxnow; /* Current index in sequences. */
-+ size_t idxmax; /* Maximum index in sequences. */
-+ size_t idxcnt; /* Current count of indices. */
-+ size_t backw; /* Current Backward sequence index. */
-+ size_t backw_stop; /* Index where the backward sequences stop. */
-+ const USTRING_TYPE *us; /* The string. */
-+ int32_t *idxarr; /* Array to cache weight indices. */
-+ unsigned char *rulearr; /* Array to cache rules. */
-+} coll_seq;
-+
-+/* Get next sequence. The weight indices are cached, so we don't need to
-+ traverse the string. */
-+static void
-+get_next_seq_cached (coll_seq *seq, int nrules, int pass,
-+ const unsigned char *rulesets,
-+ const USTRING_TYPE *weights)
-+{
-+ int val = seq->val = 0;
-+ int len = seq->len;
-+ size_t backw_stop = seq->backw_stop;
-+ size_t backw = seq->backw;
-+ size_t idxcnt = seq->idxcnt;
-+ size_t idxmax = seq->idxmax;
-+ size_t idxnow = seq->idxnow;
-+ unsigned char *rulearr = seq->rulearr;
-+ int32_t *idxarr = seq->idxarr;
-+
-+ while (len == 0)
-+ {
-+ ++val;
-+ if (backw_stop != ~0ul)
-+ {
-+ /* There is something pushed. */
-+ if (backw == backw_stop)
-+ {
-+ /* The last pushed character was handled. Continue
-+ with forward characters. */
-+ if (idxcnt < idxmax)
-+ {
-+ idxnow = idxcnt;
-+ backw_stop = ~0ul;
-+ }
-+ else
-+ {
-+ /* Nothing any more. The backward sequence
-+ ended with the last sequence in the string. */
-+ idxnow = ~0ul;
-+ break;
-+ }
-+ }
-+ else
-+ idxnow = --backw;
-+ }
-+ else
-+ {
-+ backw_stop = idxcnt;
-+
-+ while (idxcnt < idxmax)
-+ {
-+ if ((rulesets[rulearr[idxcnt] * nrules + pass]
-+ & sort_backward) == 0)
-+ /* No more backward characters to push. */
-+ break;
-+ ++idxcnt;
-+ }
-+
-+ if (backw_stop == idxcnt)
-+ {
-+ /* No sequence at all or just one. */
-+ if (idxcnt == idxmax)
-+ /* Note that LEN is still zero. */
-+ break;
-+
-+ backw_stop = ~0ul;
-+ idxnow = idxcnt++;
-+ }
-+ else
-+ /* We pushed backward sequences. */
-+ idxnow = backw = idxcnt - 1;
-+ }
-+ len = weights[idxarr[idxnow]++];
-+ }
-+
-+ /* Update the structure. */
-+ seq->val = val;
-+ seq->len = len;
-+ seq->backw_stop = backw_stop;
-+ seq->backw = backw;
-+ seq->idxcnt = idxcnt;
-+ seq->idxnow = idxnow;
-+}
-+
-+/* Get next sequence. Traverse the string as required. */
-+static void
-+get_next_seq (coll_seq *seq, int nrules, const unsigned char *rulesets,
-+ const USTRING_TYPE *weights, const int32_t *table,
-+ const USTRING_TYPE *extra, const int32_t *indirect)
-+{
-+#include WEIGHT_H
-+ int val = seq->val = 0;
-+ int len = seq->len;
-+ size_t backw_stop = seq->backw_stop;
-+ size_t backw = seq->backw;
-+ size_t idxcnt = seq->idxcnt;
-+ size_t idxmax = seq->idxmax;
-+ size_t idxnow = seq->idxnow;
-+ unsigned char *rulearr = seq->rulearr;
-+ int32_t *idxarr = seq->idxarr;
-+ const USTRING_TYPE *us = seq->us;
-+
-+ while (len == 0)
-+ {
-+ ++val;
-+ if (backw_stop != ~0ul)
-+ {
-+ /* The is something pushed. */
-+ if (backw == backw_stop)
-+ {
-+ /* The last pushed character was handled. Continue
-+ with forward characters. */
-+ if (idxcnt < idxmax)
-+ {
-+ idxnow = idxcnt;
-+ backw_stop = ~0ul;
-+ }
-+ else
-+ /* Nothing any more. The backward sequence ended with
-+ the last sequence in the string. Note that LEN
-+ is still zero. */
-+ break;
-+ }
-+ else
-+ idxnow = --backw;
-+ }
-+ else
-+ {
-+ backw_stop = idxmax;
-+
-+ while (*us != L('\0'))
-+ {
-+ int32_t tmp = findidx (&us, -1);
-+ rulearr[idxmax] = tmp >> 24;
-+ idxarr[idxmax] = tmp & 0xffffff;
-+ idxcnt = idxmax++;
-+
-+ if ((rulesets[rulearr[idxcnt] * nrules]
-+ & sort_backward) == 0)
-+ /* No more backward characters to push. */
-+ break;
-+ ++idxcnt;
-+ }
-+
-+ if (backw_stop >= idxcnt)
-+ {
-+ /* No sequence at all or just one. */
-+ if (idxcnt == idxmax || backw_stop > idxcnt)
-+ /* Note that LEN is still zero. */
-+ break;
-+
-+ backw_stop = ~0ul;
-+ idxnow = idxcnt;
-+ }
-+ else
-+ /* We pushed backward sequences. */
-+ idxnow = backw = idxcnt - 1;
-+ }
-+ len = weights[idxarr[idxnow]++];
-+ }
-+
-+ /* Update the structure. */
-+ seq->val = val;
-+ seq->len = len;
-+ seq->backw_stop = backw_stop;
-+ seq->backw = backw;
-+ seq->idxcnt = idxcnt;
-+ seq->idxmax = idxmax;
-+ seq->idxnow = idxnow;
-+ seq->us = us;
-+}
-+
-+/* Compare two sequences. */
-+static int
-+do_compare (coll_seq *seq1, coll_seq *seq2, int position,
-+ const USTRING_TYPE *weights)
-+{
-+ int seq1len = seq1->len;
-+ int seq2len = seq2->len;
-+ int val1 = seq1->val;
-+ int val2 = seq2->val;
-+ int32_t *idx1arr = seq1->idxarr;
-+ int32_t *idx2arr = seq2->idxarr;
-+ int idx1now = seq1->idxnow;
-+ int idx2now = seq2->idxnow;
-+ int result = 0;
-+
-+ /* Test for position if necessary. */
-+ if (position && val1 != val2)
-+ {
-+ result = val1 - val2;
-+ goto out;
-+ }
-+
-+ /* Compare the two sequences. */
-+ do
-+ {
-+ if (weights[idx1arr[idx1now]] != weights[idx2arr[idx2now]])
-+ {
-+ /* The sequences differ. */
-+ result = weights[idx1arr[idx1now]] - weights[idx2arr[idx2now]];
-+ goto out;
-+ }
-+
-+ /* Increment the offsets. */
-+ ++idx1arr[idx1now];
-+ ++idx2arr[idx2now];
-+
-+ --seq1len;
-+ --seq2len;
-+ }
-+ while (seq1len > 0 && seq2len > 0);
-+
-+ if (position && seq1len != seq2len)
-+ result = seq1len - seq2len;
-+
-+out:
-+ seq1->len = seq1len;
-+ seq2->len = seq2len;
-+ return result;
-+}
-+
- int
--STRCOLL (s1, s2, l)
-- const STRING_TYPE *s1;
-- const STRING_TYPE *s2;
-- __locale_t l;
-+STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2, __locale_t l)
- {
- struct __locale_data *current = l->__locales[LC_COLLATE];
- uint_fast32_t nrules = current->values[_NL_ITEM_INDEX (_NL_COLLATE_NRULES)].word;
-@@ -56,34 +289,6 @@ STRCOLL (s1, s2, l)
- const USTRING_TYPE *weights;
- const USTRING_TYPE *extra;
- const int32_t *indirect;
-- uint_fast32_t pass;
-- int result = 0;
-- const USTRING_TYPE *us1;
-- const USTRING_TYPE *us2;
-- size_t s1len;
-- size_t s2len;
-- int32_t *idx1arr;
-- int32_t *idx2arr;
-- unsigned char *rule1arr;
-- unsigned char *rule2arr;
-- size_t idx1max;
-- size_t idx2max;
-- size_t idx1cnt;
-- size_t idx2cnt;
-- size_t idx1now;
-- size_t idx2now;
-- size_t backw1_stop;
-- size_t backw2_stop;
-- size_t backw1;
-- size_t backw2;
-- int val1;
-- int val2;
-- int position;
-- int seq1len;
-- int seq2len;
-- int use_malloc;
--
--#include WEIGHT_H
-
- if (nrules == 0)
- return STRCMP (s1, s2);
-@@ -98,7 +303,6 @@ STRCOLL (s1, s2, l)
- current->values[_NL_ITEM_INDEX (CONCAT(_NL_COLLATE_EXTRA,SUFFIX))].string;
- indirect = (const int32_t *)
- current->values[_NL_ITEM_INDEX (CONCAT(_NL_COLLATE_INDIRECT,SUFFIX))].string;
-- use_malloc = 0;
-
- assert (((uintptr_t) table) % __alignof__ (table[0]) == 0);
- assert (((uintptr_t) weights) % __alignof__ (weights[0]) == 0);
-@@ -106,18 +310,13 @@ STRCOLL (s1, s2, l)
- assert (((uintptr_t) indirect) % __alignof__ (indirect[0]) == 0);
-
- /* We need this a few times. */
-- s1len = STRLEN (s1);
-- s2len = STRLEN (s2);
-+ size_t s1len = STRLEN (s1);
-+ size_t s2len = STRLEN (s2);
-
- /* Catch empty strings. */
-- if (__builtin_expect (s1len == 0, 0) || __builtin_expect (s2len == 0, 0))
-+ if (__glibc_unlikely (s1len == 0) || __glibc_unlikely (s2len == 0))
- return (s1len != 0) - (s2len != 0);
-
-- /* We need the elements of the strings as unsigned values since they
-- are used as indeces. */
-- us1 = (const USTRING_TYPE *) s1;
-- us2 = (const USTRING_TYPE *) s2;
--
- /* Perform the first pass over the string and while doing this find
- and store the weights for each character. Since we want this to
- be as fast as possible we are using `alloca' to store the temporary
-@@ -127,411 +326,101 @@ STRCOLL (s1, s2, l)
-
- Please note that the localedef programs makes sure that `position'
- is not used at the first level. */
-+
-+ coll_seq seq1, seq2;
-+ bool use_malloc = false;
-+ int result = 0;
-+
-+ memset (&seq1, 0, sizeof (seq1));
-+ seq2 = seq1;
-+
-+ /* We need the elements of the strings as unsigned values since they
-+ are used as indices. */
-+ seq1.us = (const USTRING_TYPE *) s1;
-+ seq2.us = (const USTRING_TYPE *) s2;
-+
- if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1)))
- {
-- idx1arr = (int32_t *) malloc ((s1len + s2len) * (sizeof (int32_t) + 1));
-- idx2arr = &idx1arr[s1len];
-- rule1arr = (unsigned char *) &idx2arr[s2len];
-- rule2arr = &rule1arr[s1len];
-+ seq1.idxarr = (int32_t *) malloc ((s1len + s2len) * (sizeof (int32_t) + 1));
-+ seq2.idxarr = &seq1.idxarr[s1len];
-+ seq1.rulearr = (unsigned char *) &seq2.idxarr[s2len];
-+ seq2.rulearr = &seq1.rulearr[s1len];
-
-- if (idx1arr == NULL)
-+ if (seq1.idxarr == NULL)
- /* No memory. Well, go with the stack then.
-
- XXX Once this implementation is stable we will handle this
-- differently. Instead of precomputing the indeces we will
-+ differently. Instead of precomputing the indices we will
- do this in time. This means, though, that this happens for
- every pass again. */
- goto try_stack;
-- use_malloc = 1;
-+ use_malloc = true;
- }
- else
- {
- try_stack:
-- idx1arr = (int32_t *) alloca (s1len * sizeof (int32_t));
-- idx2arr = (int32_t *) alloca (s2len * sizeof (int32_t));
-- rule1arr = (unsigned char *) alloca (s1len);
-- rule2arr = (unsigned char *) alloca (s2len);
-+ seq1.idxarr = (int32_t *) alloca (s1len * sizeof (int32_t));
-+ seq2.idxarr = (int32_t *) alloca (s2len * sizeof (int32_t));
-+ seq1.rulearr = (unsigned char *) alloca (s1len);
-+ seq2.rulearr = (unsigned char *) alloca (s2len);
- }
-
-- idx1cnt = 0;
-- idx2cnt = 0;
-- idx1max = 0;
-- idx2max = 0;
-- idx1now = 0;
-- idx2now = 0;
-- backw1_stop = ~0ul;
-- backw2_stop = ~0ul;
-- backw1 = ~0ul;
-- backw2 = ~0ul;
-- seq1len = 0;
-- seq2len = 0;
-- position = rulesets[0] & sort_position;
-- while (1)
-- {
-- val1 = 0;
-- val2 = 0;
--
-- /* Get the next non-IGNOREd element for string `s1'. */
-- if (seq1len == 0)
-- do
-- {
-- ++val1;
--
-- if (backw1_stop != ~0ul)
-- {
-- /* The is something pushed. */
-- if (backw1 == backw1_stop)
-- {
-- /* The last pushed character was handled. Continue
-- with forward characters. */
-- if (idx1cnt < idx1max)
-- {
-- idx1now = idx1cnt;
-- backw1_stop = ~0ul;
-- }
-- else
-- /* Nothing anymore. The backward sequence ended with
-- the last sequence in the string. Note that seq1len
-- is still zero. */
-- break;
-- }
-- else
-- idx1now = --backw1;
-- }
-- else
-- {
-- backw1_stop = idx1max;
--
-- while (*us1 != L('\0'))
-- {
-- int32_t tmp = findidx (&us1, -1);
-- rule1arr[idx1max] = tmp >> 24;
-- idx1arr[idx1max] = tmp & 0xffffff;
-- idx1cnt = idx1max++;
--
-- if ((rulesets[rule1arr[idx1cnt] * nrules]
-- & sort_backward) == 0)
-- /* No more backward characters to push. */
-- break;
-- ++idx1cnt;
-- }
--
-- if (backw1_stop >= idx1cnt)
-- {
-- /* No sequence at all or just one. */
-- if (idx1cnt == idx1max || backw1_stop > idx1cnt)
-- /* Note that seq1len is still zero. */
-- break;
--
-- backw1_stop = ~0ul;
-- idx1now = idx1cnt;
-- }
-- else
-- /* We pushed backward sequences. */
-- idx1now = backw1 = idx1cnt - 1;
-- }
-- }
-- while ((seq1len = weights[idx1arr[idx1now]++]) == 0);
--
-- /* And the same for string `s2'. */
-- if (seq2len == 0)
-- do
-- {
-- ++val2;
--
-- if (backw2_stop != ~0ul)
-- {
-- /* The is something pushed. */
-- if (backw2 == backw2_stop)
-- {
-- /* The last pushed character was handled. Continue
-- with forward characters. */
-- if (idx2cnt < idx2max)
-- {
-- idx2now = idx2cnt;
-- backw2_stop = ~0ul;
-- }
-- else
-- /* Nothing anymore. The backward sequence ended with
-- the last sequence in the string. Note that seq2len
-- is still zero. */
-- break;
-- }
-- else
-- idx2now = --backw2;
-- }
-- else
-- {
-- backw2_stop = idx2max;
--
-- while (*us2 != L('\0'))
-- {
-- int32_t tmp = findidx (&us2, -1);
-- rule2arr[idx2max] = tmp >> 24;
-- idx2arr[idx2max] = tmp & 0xffffff;
-- idx2cnt = idx2max++;
--
-- if ((rulesets[rule2arr[idx2cnt] * nrules]
-- & sort_backward) == 0)
-- /* No more backward characters to push. */
-- break;
-- ++idx2cnt;
-- }
--
-- if (backw2_stop >= idx2cnt)
-- {
-- /* No sequence at all or just one. */
-- if (idx2cnt == idx2max || backw2_stop > idx2cnt)
-- /* Note that seq1len is still zero. */
-- break;
--
-- backw2_stop = ~0ul;
-- idx2now = idx2cnt;
-- }
-- else
-- /* We pushed backward sequences. */
-- idx2now = backw2 = idx2cnt - 1;
-- }
-- }
-- while ((seq2len = weights[idx2arr[idx2now]++]) == 0);
--
-- /* See whether any or both strings are empty. */
-- if (seq1len == 0 || seq2len == 0)
-- {
-- if (seq1len == seq2len)
-- /* Both ended. So far so good, both strings are equal at the
-- first level. */
-- break;
--
-- /* This means one string is shorter than the other. Find out
-- which one and return an appropriate value. */
-- result = seq1len == 0 ? -1 : 1;
-- goto free_and_return;
-- }
--
-- /* Test for position if necessary. */
-- if (position && val1 != val2)
-- {
-- result = val1 - val2;
-- goto free_and_return;
-- }
--
-- /* Compare the two sequences. */
-- do
-- {
-- if (weights[idx1arr[idx1now]] != weights[idx2arr[idx2now]])
-- {
-- /* The sequences differ. */
-- result = weights[idx1arr[idx1now]] - weights[idx2arr[idx2now]];
-- goto free_and_return;
-- }
--
-- /* Increment the offsets. */
-- ++idx1arr[idx1now];
-- ++idx2arr[idx2now];
-+ seq1.rulearr[0] = 0;
-
-- --seq1len;
-- --seq2len;
-- }
-- while (seq1len > 0 && seq2len > 0);
--
-- if (position && seq1len != seq2len)
-- {
-- result = seq1len - seq2len;
-- goto free_and_return;
-- }
-- }
--
-- /* Now the remaining passes over the weights. We now use the
-- indeces we found before. */
-- for (pass = 1; pass < nrules; ++pass)
-+ /* Cache values in the first pass and if needed, use them in subsequent
-+ passes. */
-+ for (int pass = 0; pass < nrules; ++pass)
- {
-+ seq1.idxcnt = 0;
-+ seq1.backw_stop = ~0ul;
-+ seq1.backw = ~0ul;
-+ seq2.idxcnt = 0;
-+ seq2.backw_stop = ~0ul;
-+ seq2.backw = ~0ul;
-+
- /* We assume that if a rule has defined `position' in one section
- this is true for all of them. */
-- idx1cnt = 0;
-- idx2cnt = 0;
-- backw1_stop = ~0ul;
-- backw2_stop = ~0ul;
-- backw1 = ~0ul;
-- backw2 = ~0ul;
-- position = rulesets[rule1arr[0] * nrules + pass] & sort_position;
-+ int position = rulesets[seq1.rulearr[0] * nrules + pass] & sort_position;
-
- while (1)
- {
-- val1 = 0;
-- val2 = 0;
--
-- /* Get the next non-IGNOREd element for string `s1'. */
-- if (seq1len == 0)
-- do
-- {
-- ++val1;
--
-- if (backw1_stop != ~0ul)
-- {
-- /* The is something pushed. */
-- if (backw1 == backw1_stop)
-- {
-- /* The last pushed character was handled. Continue
-- with forward characters. */
-- if (idx1cnt < idx1max)
-- {
-- idx1now = idx1cnt;
-- backw1_stop = ~0ul;
-- }
-- else
-- {
-- /* Nothing anymore. The backward sequence
-- ended with the last sequence in the string. */
-- idx1now = ~0ul;
-- break;
-- }
-- }
-- else
-- idx1now = --backw1;
-- }
-- else
-- {
-- backw1_stop = idx1cnt;
--
-- while (idx1cnt < idx1max)
-- {
-- if ((rulesets[rule1arr[idx1cnt] * nrules + pass]
-- & sort_backward) == 0)
-- /* No more backward characters to push. */
-- break;
-- ++idx1cnt;
-- }
--
-- if (backw1_stop == idx1cnt)
-- {
-- /* No sequence at all or just one. */
-- if (idx1cnt == idx1max)
-- /* Note that seq1len is still zero. */
-- break;
--
-- backw1_stop = ~0ul;
-- idx1now = idx1cnt++;
-- }
-- else
-- /* We pushed backward sequences. */
-- idx1now = backw1 = idx1cnt - 1;
-- }
-- }
-- while ((seq1len = weights[idx1arr[idx1now]++]) == 0);
--
-- /* And the same for string `s2'. */
-- if (seq2len == 0)
-- do
-- {
-- ++val2;
--
-- if (backw2_stop != ~0ul)
-- {
-- /* The is something pushed. */
-- if (backw2 == backw2_stop)
-- {
-- /* The last pushed character was handled. Continue
-- with forward characters. */
-- if (idx2cnt < idx2max)
-- {
-- idx2now = idx2cnt;
-- backw2_stop = ~0ul;
-- }
-- else
-- {
-- /* Nothing anymore. The backward sequence
-- ended with the last sequence in the string. */
-- idx2now = ~0ul;
-- break;
-- }
-- }
-- else
-- idx2now = --backw2;
-- }
-- else
-- {
-- backw2_stop = idx2cnt;
--
-- while (idx2cnt < idx2max)
-- {
-- if ((rulesets[rule2arr[idx2cnt] * nrules + pass]
-- & sort_backward) == 0)
-- /* No more backward characters to push. */
-- break;
-- ++idx2cnt;
-- }
--
-- if (backw2_stop == idx2cnt)
-- {
-- /* No sequence at all or just one. */
-- if (idx2cnt == idx2max)
-- /* Note that seq2len is still zero. */
-- break;
--
-- backw2_stop = ~0ul;
-- idx2now = idx2cnt++;
-- }
-- else
-- /* We pushed backward sequences. */
-- idx2now = backw2 = idx2cnt - 1;
-- }
-- }
-- while ((seq2len = weights[idx2arr[idx2now]++]) == 0);
-+ if (pass == 0)
-+ {
-+ get_next_seq (&seq1, nrules, rulesets, weights, table, extra,
-+ indirect);
-+ get_next_seq (&seq2, nrules, rulesets, weights, table, extra,
-+ indirect);
-+ }
-+ else
-+ {
-+ get_next_seq_cached (&seq1, nrules, pass, rulesets, weights);
-+ get_next_seq_cached (&seq2, nrules, pass, rulesets, weights);
-+ }
-
- /* See whether any or both strings are empty. */
-- if (seq1len == 0 || seq2len == 0)
-+ if (seq1.len == 0 || seq2.len == 0)
- {
-- if (seq1len == seq2len)
-+ if (seq1.len == seq2.len)
- /* Both ended. So far so good, both strings are equal
- at this level. */
- break;
-
- /* This means one string is shorter than the other. Find out
- which one and return an appropriate value. */
-- result = seq1len == 0 ? -1 : 1;
-+ result = seq1.len == 0 ? -1 : 1;
- goto free_and_return;
- }
-
-- /* Test for position if necessary. */
-- if (position && val1 != val2)
-- {
-- result = val1 - val2;
-- goto free_and_return;
-- }
--
-- /* Compare the two sequences. */
-- do
-- {
-- if (weights[idx1arr[idx1now]] != weights[idx2arr[idx2now]])
-- {
-- /* The sequences differ. */
-- result = (weights[idx1arr[idx1now]]
-- - weights[idx2arr[idx2now]]);
-- goto free_and_return;
-- }
--
-- /* Increment the offsets. */
-- ++idx1arr[idx1now];
-- ++idx2arr[idx2now];
--
-- --seq1len;
-- --seq2len;
-- }
-- while (seq1len > 0 && seq2len > 0);
--
-- if (position && seq1len != seq2len)
-- {
-- result = seq1len - seq2len;
-- goto free_and_return;
-- }
-+ result = do_compare (&seq1, &seq2, position, weights);
-+ if (result != 0)
-+ goto free_and_return;
- }
- }
-
- /* Free the memory if needed. */
- free_and_return:
- if (use_malloc)
-- free (idx1arr);
-+ free (seq1.idxarr);
-
- return result;
- }
diff --git a/patches/glibc-2.18/0006-Fall-back-to-non-cached-sequence-traversal-and-compa.patch b/patches/glibc-2.18/0006-Fall-back-to-non-cached-sequence-traversal-and-compa.patch
deleted file mode 100644
index b7f1c22..0000000
--- a/patches/glibc-2.18/0006-Fall-back-to-non-cached-sequence-traversal-and-compa.patch
+++ /dev/null
@@ -1,384 +0,0 @@
-From: Siddhesh Poyarekar <siddhesh@redhat.com>
-Date: Mon, 23 Sep 2013 11:20:02 +0530
-Subject: [PATCH] Fall back to non-cached sequence traversal and comparison on
- malloc fail
-
-strcoll currently falls back to alloca if malloc fails, resulting in a
-possible stack overflow. This patch implements sequence traversal and
-comparison without caching indices and rules.
-
-Fixes CVE-2012-4424.
----
- string/strcoll_l.c | 265 ++++++++++++++++++++++++++++++++++++++++++++++-------
- 1 file changed, 234 insertions(+), 31 deletions(-)
-
-diff --git a/string/strcoll_l.c b/string/strcoll_l.c
-index 50ed84d..eb042ff 100644
---- a/string/strcoll_l.c
-+++ b/string/strcoll_l.c
-@@ -45,7 +45,7 @@
- typedef struct
- {
- int len; /* Length of the current sequence. */
-- int val; /* Position of the sequence relative to the
-+ size_t val; /* Position of the sequence relative to the
- previous non-ignored sequence. */
- size_t idxnow; /* Current index in sequences. */
- size_t idxmax; /* Maximum index in sequences. */
-@@ -55,6 +55,12 @@ typedef struct
- const USTRING_TYPE *us; /* The string. */
- int32_t *idxarr; /* Array to cache weight indices. */
- unsigned char *rulearr; /* Array to cache rules. */
-+ unsigned char rule; /* Saved rule for the first sequence. */
-+ int32_t idx; /* Index to weight of the current sequence. */
-+ int32_t save_idx; /* Save looked up index of a forward
-+ sequence after the last backward
-+ sequence. */
-+ const USTRING_TYPE *back_us; /* Beginning of the backward sequence. */
- } coll_seq;
-
- /* Get next sequence. The weight indices are cached, so we don't need to
-@@ -64,7 +70,7 @@ get_next_seq_cached (coll_seq *seq, int nrules, int pass,
- const unsigned char *rulesets,
- const USTRING_TYPE *weights)
- {
-- int val = seq->val = 0;
-+ size_t val = seq->val = 0;
- int len = seq->len;
- size_t backw_stop = seq->backw_stop;
- size_t backw = seq->backw;
-@@ -146,7 +152,7 @@ get_next_seq (coll_seq *seq, int nrules, const unsigned char *rulesets,
- const USTRING_TYPE *extra, const int32_t *indirect)
- {
- #include WEIGHT_H
-- int val = seq->val = 0;
-+ size_t val = seq->val = 0;
- int len = seq->len;
- size_t backw_stop = seq->backw_stop;
- size_t backw = seq->backw;
-@@ -162,7 +168,7 @@ get_next_seq (coll_seq *seq, int nrules, const unsigned char *rulesets,
- ++val;
- if (backw_stop != ~0ul)
- {
-- /* The is something pushed. */
-+ /* There is something pushed. */
- if (backw == backw_stop)
- {
- /* The last pushed character was handled. Continue
-@@ -227,15 +233,199 @@ get_next_seq (coll_seq *seq, int nrules, const unsigned char *rulesets,
- seq->us = us;
- }
-
--/* Compare two sequences. */
-+/* Get next sequence. Traverse the string as required. This function does not
-+ set or use any index or rule cache. */
-+static void
-+get_next_seq_nocache (coll_seq *seq, int nrules, const unsigned char *rulesets,
-+ const USTRING_TYPE *weights, const int32_t *table,
-+ const USTRING_TYPE *extra, const int32_t *indirect,
-+ int pass)
-+{
-+#include WEIGHT_H
-+ size_t val = seq->val = 0;
-+ int len = seq->len;
-+ size_t backw_stop = seq->backw_stop;
-+ size_t backw = seq->backw;
-+ size_t idxcnt = seq->idxcnt;
-+ size_t idxmax = seq->idxmax;
-+ int32_t idx = seq->idx;
-+ const USTRING_TYPE *us = seq->us;
-+
-+ while (len == 0)
-+ {
-+ ++val;
-+ if (backw_stop != ~0ul)
-+ {
-+ /* There is something pushed. */
-+ if (backw == backw_stop)
-+ {
-+ /* The last pushed character was handled. Continue
-+ with forward characters. */
-+ if (idxcnt < idxmax)
-+ {
-+ idx = seq->save_idx;
-+ backw_stop = ~0ul;
-+ }
-+ else
-+ {
-+ /* Nothing anymore. The backward sequence ended with
-+ the last sequence in the string. Note that len is
-+ still zero. */
-+ idx = 0;
-+ break;
-+ }
-+ }
-+ else
-+ {
-+ /* XXX Traverse BACKW sequences from the beginning of
-+ BACKW_STOP to get the next sequence. Is ther a quicker way
-+ to do this? */
-+ size_t i = backw_stop;
-+ us = seq->back_us;
-+ while (i < backw)
-+ {
-+ int32_t tmp = findidx (&us, -1);
-+ idx = tmp & 0xffffff;
-+ i++;
-+ }
-+ --backw;
-+ us = seq->us;
-+ }
-+ }
-+ else
-+ {
-+ backw_stop = idxmax;
-+ int32_t prev_idx = idx;
-+
-+ while (*us != L('\0'))
-+ {
-+ int32_t tmp = findidx (&us, -1);
-+ unsigned char rule = tmp >> 24;
-+ prev_idx = idx;
-+ idx = tmp & 0xffffff;
-+ idxcnt = idxmax++;
-+
-+ /* Save the rule for the first sequence. */
-+ if (__glibc_unlikely (idxcnt == 0))
-+ seq->rule = rule;
-+
-+ if ((rulesets[rule * nrules + pass]
-+ & sort_backward) == 0)
-+ /* No more backward characters to push. */
-+ break;
-+ ++idxcnt;
-+ }
-+
-+ if (backw_stop >= idxcnt)
-+ {
-+ /* No sequence at all or just one. */
-+ if (idxcnt == idxmax || backw_stop > idxcnt)
-+ /* Note that len is still zero. */
-+ break;
-+
-+ backw_stop = ~0ul;
-+ }
-+ else
-+ {
-+ /* We pushed backward sequences. If the stream ended with the
-+ backward sequence, then we process the last sequence we
-+ found. Otherwise we process the sequence before the last
-+ one since the last one was a forward sequence. */
-+ seq->back_us = seq->us;
-+ seq->us = us;
-+ backw = idxcnt;
-+ if (idxmax > idxcnt)
-+ {
-+ backw--;
-+ seq->save_idx = idx;
-+ idx = prev_idx;
-+ }
-+ if (backw > backw_stop)
-+ backw--;
-+ }
-+ }
-+
-+ len = weights[idx++];
-+ /* Skip over indices of previous levels. */
-+ for (int i = 0; i < pass; i++)
-+ {
-+ idx += len;
-+ len = weights[idx];
-+ idx++;
-+ }
-+ }
-+
-+ /* Update the structure. */
-+ seq->val = val;
-+ seq->len = len;
-+ seq->backw_stop = backw_stop;
-+ seq->backw = backw;
-+ seq->idxcnt = idxcnt;
-+ seq->idxmax = idxmax;
-+ seq->us = us;
-+ seq->idx = idx;
-+}
-+
-+/* Compare two sequences. This version does not use the index and rules
-+ cache. */
-+static int
-+do_compare_nocache (coll_seq *seq1, coll_seq *seq2, int position,
-+ const USTRING_TYPE *weights)
-+{
-+ int seq1len = seq1->len;
-+ int seq2len = seq2->len;
-+ size_t val1 = seq1->val;
-+ size_t val2 = seq2->val;
-+ int idx1 = seq1->idx;
-+ int idx2 = seq2->idx;
-+ int result = 0;
-+
-+ /* Test for position if necessary. */
-+ if (position && val1 != val2)
-+ {
-+ result = val1 > val2 ? 1 : -1;
-+ goto out;
-+ }
-+
-+ /* Compare the two sequences. */
-+ do
-+ {
-+ if (weights[idx1] != weights[idx2])
-+ {
-+ /* The sequences differ. */
-+ result = weights[idx1] - weights[idx2];
-+ goto out;
-+ }
-+
-+ /* Increment the offsets. */
-+ ++idx1;
-+ ++idx2;
-+
-+ --seq1len;
-+ --seq2len;
-+ }
-+ while (seq1len > 0 && seq2len > 0);
-+
-+ if (position && seq1len != seq2len)
-+ result = seq1len - seq2len;
-+
-+out:
-+ seq1->len = seq1len;
-+ seq2->len = seq2len;
-+ seq1->idx = idx1;
-+ seq2->idx = idx2;
-+ return result;
-+}
-+
-+/* Compare two sequences using the index cache. */
- static int
- do_compare (coll_seq *seq1, coll_seq *seq2, int position,
- const USTRING_TYPE *weights)
- {
- int seq1len = seq1->len;
- int seq2len = seq2->len;
-- int val1 = seq1->val;
-- int val2 = seq2->val;
-+ size_t val1 = seq1->val;
-+ size_t val2 = seq2->val;
- int32_t *idx1arr = seq1->idxarr;
- int32_t *idx2arr = seq2->idxarr;
- int idx1now = seq1->idxnow;
-@@ -245,7 +435,7 @@ do_compare (coll_seq *seq1, coll_seq *seq2, int position,
- /* Test for position if necessary. */
- if (position && val1 != val2)
- {
-- result = val1 - val2;
-+ result = val1 > val2 ? 1 : -1;
- goto out;
- }
-
-@@ -334,57 +524,62 @@ STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2, __locale_t l)
- memset (&seq1, 0, sizeof (seq1));
- seq2 = seq1;
-
-- /* We need the elements of the strings as unsigned values since they
-- are used as indices. */
-- seq1.us = (const USTRING_TYPE *) s1;
-- seq2.us = (const USTRING_TYPE *) s2;
--
- if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1)))
- {
- seq1.idxarr = (int32_t *) malloc ((s1len + s2len) * (sizeof (int32_t) + 1));
-- seq2.idxarr = &seq1.idxarr[s1len];
-- seq1.rulearr = (unsigned char *) &seq2.idxarr[s2len];
-- seq2.rulearr = &seq1.rulearr[s1len];
--
-- if (seq1.idxarr == NULL)
-- /* No memory. Well, go with the stack then.
--
-- XXX Once this implementation is stable we will handle this
-- differently. Instead of precomputing the indices we will
-- do this in time. This means, though, that this happens for
-- every pass again. */
-- goto try_stack;
-- use_malloc = true;
-+
-+ /* If we failed to allocate memory, we leave everything as NULL so that
-+ we use the nocache version of traversal and comparison functions. */
-+ if (seq1.idxarr != NULL)
-+ {
-+ seq2.idxarr = &seq1.idxarr[s1len];
-+ seq1.rulearr = (unsigned char *) &seq2.idxarr[s2len];
-+ seq2.rulearr = &seq1.rulearr[s1len];
-+ use_malloc = true;
-+ }
- }
- else
- {
-- try_stack:
- seq1.idxarr = (int32_t *) alloca (s1len * sizeof (int32_t));
- seq2.idxarr = (int32_t *) alloca (s2len * sizeof (int32_t));
- seq1.rulearr = (unsigned char *) alloca (s1len);
- seq2.rulearr = (unsigned char *) alloca (s2len);
- }
-
-- seq1.rulearr[0] = 0;
-+ int rule = 0;
-
- /* Cache values in the first pass and if needed, use them in subsequent
- passes. */
- for (int pass = 0; pass < nrules; ++pass)
- {
- seq1.idxcnt = 0;
-+ seq1.idx = 0;
-+ seq2.idx = 0;
- seq1.backw_stop = ~0ul;
- seq1.backw = ~0ul;
- seq2.idxcnt = 0;
- seq2.backw_stop = ~0ul;
- seq2.backw = ~0ul;
-
-+ /* We need the elements of the strings as unsigned values since they
-+ are used as indices. */
-+ seq1.us = (const USTRING_TYPE *) s1;
-+ seq2.us = (const USTRING_TYPE *) s2;
-+
- /* We assume that if a rule has defined `position' in one section
- this is true for all of them. */
-- int position = rulesets[seq1.rulearr[0] * nrules + pass] & sort_position;
-+ int position = rulesets[rule * nrules + pass] & sort_position;
-
- while (1)
- {
-- if (pass == 0)
-+ if (__glibc_unlikely (seq1.idxarr == NULL))
-+ {
-+ get_next_seq_nocache (&seq1, nrules, rulesets, weights, table,
-+ extra, indirect, pass);
-+ get_next_seq_nocache (&seq2, nrules, rulesets, weights, table,
-+ extra, indirect, pass);
-+ }
-+ else if (pass == 0)
- {
- get_next_seq (&seq1, nrules, rulesets, weights, table, extra,
- indirect);
-@@ -411,10 +606,18 @@ STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2, __locale_t l)
- goto free_and_return;
- }
-
-- result = do_compare (&seq1, &seq2, position, weights);
-+ if (__glibc_unlikely (seq1.idxarr == NULL))
-+ result = do_compare_nocache (&seq1, &seq2, position, weights);
-+ else
-+ result = do_compare (&seq1, &seq2, position, weights);
- if (result != 0)
- goto free_and_return;
- }
-+
-+ if (__glibc_likely (seq1.rulearr != NULL))
-+ rule = seq1.rulearr[0];
-+ else
-+ rule = seq1.rule;
- }
-
- /* Free the memory if needed. */
diff --git a/patches/glibc-2.18/0007-Check-for-integer-overflow-in-cache-size-computation.patch b/patches/glibc-2.18/0007-Check-for-integer-overflow-in-cache-size-computation.patch
deleted file mode 100644
index 549e3e2..0000000
--- a/patches/glibc-2.18/0007-Check-for-integer-overflow-in-cache-size-computation.patch
+++ /dev/null
@@ -1,121 +0,0 @@
-From: Siddhesh Poyarekar <siddhesh@redhat.com>
-Date: Mon, 23 Sep 2013 11:24:30 +0530
-Subject: [PATCH] Check for integer overflow in cache size computation in
- strcoll
-
-strcoll is implemented using a cache for indices and weights of
-collation sequences in the strings so that subsequent passes do not
-have to search through collation data again. For very large string
-inputs, the cache size computation could overflow. In such a case,
-use the fallback function that does not cache indices and weights of
-collation sequences.
-
-Fixes CVE-2012-4412.
----
- string/Makefile | 2 ++
- string/strcoll_l.c | 10 ++++++-
- string/tst-strcoll-overflow.c | 61 +++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 72 insertions(+), 1 deletion(-)
- create mode 100644 string/tst-strcoll-overflow.c
-
-diff --git a/string/Makefile b/string/Makefile
-index 0237edd..59c658f 100644
---- a/string/Makefile
-+++ b/string/Makefile
-@@ -57,6 +57,8 @@ tests := tester inl-tester noinl-tester testcopy test-ffs \
- tests-ifunc := $(strop-tests:%=test-%-ifunc)
- tests += $(tests-ifunc)
-
-+xtests = tst-strcoll-overflow
-+
- include ../Rules
-
- tester-ENV = LANGUAGE=C
-diff --git a/string/strcoll_l.c b/string/strcoll_l.c
-index eb042ff..4ee101a 100644
---- a/string/strcoll_l.c
-+++ b/string/strcoll_l.c
-@@ -524,7 +524,15 @@ STRCOLL (const STRING_TYPE *s1, const STRING_TYPE *s2, __locale_t l)
- memset (&seq1, 0, sizeof (seq1));
- seq2 = seq1;
-
-- if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1)))
-+ size_t size_max = SIZE_MAX / (sizeof (int32_t) + 1);
-+
-+ if (MIN (s1len, s2len) > size_max
-+ || MAX (s1len, s2len) > size_max - MIN (s1len, s2len))
-+ {
-+ /* If the strings are long enough to cause overflow in the size request,
-+ then skip the allocation and proceed with the non-cached routines. */
-+ }
-+ else if (! __libc_use_alloca ((s1len + s2len) * (sizeof (int32_t) + 1)))
- {
- seq1.idxarr = (int32_t *) malloc ((s1len + s2len) * (sizeof (int32_t) + 1));
-
-diff --git a/string/tst-strcoll-overflow.c b/string/tst-strcoll-overflow.c
-new file mode 100644
-index 0000000..bb665ac
---- /dev/null
-+++ b/string/tst-strcoll-overflow.c
-@@ -0,0 +1,61 @@
-+/* Copyright (C) 2013 Free Software Foundation, Inc.
-+ This file is part of the GNU C Library.
-+
-+ The GNU C Library is free software; you can redistribute it and/or
-+ modify it under the terms of the GNU Lesser General Public
-+ License as published by the Free Software Foundation; either
-+ version 2.1 of the License, or (at your option) any later version.
-+
-+ The GNU C Library is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ Lesser General Public License for more details.
-+
-+ You should have received a copy of the GNU Lesser General Public
-+ License along with the GNU C Library; if not, see
-+ <http://www.gnu.org/licenses/>. */
-+
-+#include <locale.h>
-+#include <stdio.h>
-+#include <stdint.h>
-+#include <stdlib.h>
-+#include <string.h>
-+
-+/* Verify that strcoll does not crash for large strings for which it cannot
-+ cache weight lookup results. The size is large enough to cause integer
-+ overflows on 32-bit as well as buffer overflows on 64-bit. The test should
-+ work reasonably reliably when overcommit is disabled, but it obviously
-+ depends on how much memory the system has. There's a limitation to this
-+ test in that it does not run to completion. Actually collating such a
-+ large string can take days and we can't have xcheck running that long. For
-+ that reason, we run the test for about 5 minutes and then assume that
-+ everything is fine if there are no crashes. */
-+#define SIZE 0x40000000ul
-+
-+int
-+do_test (void)
-+{
-+ if (setlocale (LC_COLLATE, "en_GB.UTF-8") == NULL)
-+ {
-+ puts ("setlocale failed, cannot test for overflow");
-+ return 0;
-+ }
-+
-+ char *p = malloc (SIZE);
-+
-+ if (p == NULL)
-+ {
-+ puts ("could not allocate memory");
-+ return 1;
-+ }
-+
-+ memset (p, 'x', SIZE - 1);
-+ p[SIZE - 1] = 0;
-+ printf ("%d\n", strcoll (p, p));
-+ return 0;
-+}
-+
-+#define TIMEOUT 300
-+#define EXPECTED_SIGNAL SIGALRM
-+#define TEST_FUNCTION do_test ()
-+#include "../test-skeleton.c"
diff --git a/patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch b/patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch
deleted file mode 100644
index d027f7e..0000000
--- a/patches/glibc-2.18/0008-BZ-15754-CVE-2013-4788.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From: Carlos O'Donell <carlos@redhat.com>
-Date: Mon, 23 Sep 2013 00:52:09 -0400
-Subject: [PATCH] BZ #15754: CVE-2013-4788
-
-The pointer guard used for pointer mangling was not initialized for
-static applications resulting in the security feature being disabled.
-The pointer guard is now correctly initialized to a random value for
-static applications. Existing static applications need to be
-recompiled to take advantage of the fix.
-
-The test tst-ptrguard1-static and tst-ptrguard1 add regression
-coverage to ensure the pointer guards are sufficiently random
-and initialized to a default value.
----
- ports/sysdeps/ia64/stackguard-macros.h | 3 +++
- ports/sysdeps/tile/stackguard-macros.h | 6 ++++++
- sysdeps/generic/stackguard-macros.h | 3 +++
- sysdeps/i386/stackguard-macros.h | 8 ++++++++
- sysdeps/powerpc/powerpc32/stackguard-macros.h | 10 ++++++++++
- sysdeps/powerpc/powerpc64/stackguard-macros.h | 10 ++++++++++
- sysdeps/s390/s390-32/stackguard-macros.h | 11 +++++++++++
- sysdeps/s390/s390-64/stackguard-macros.h | 14 ++++++++++++++
- sysdeps/sparc/sparc32/stackguard-macros.h | 3 +++
- sysdeps/sparc/sparc64/stackguard-macros.h | 3 +++
- sysdeps/x86_64/stackguard-macros.h | 5 +++++
- 11 files changed, 76 insertions(+)
-
-diff --git a/ports/sysdeps/ia64/stackguard-macros.h b/ports/sysdeps/ia64/stackguard-macros.h
-index dc683c2..3907293 100644
---- a/ports/sysdeps/ia64/stackguard-macros.h
-+++ b/ports/sysdeps/ia64/stackguard-macros.h
-@@ -2,3 +2,6 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
-+
-+#define POINTER_CHK_GUARD \
-+ ({ uintptr_t x; asm ("adds %0 = -16, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
-diff --git a/ports/sysdeps/tile/stackguard-macros.h b/ports/sysdeps/tile/stackguard-macros.h
-index 589ea2b..f2e041b 100644
---- a/ports/sysdeps/tile/stackguard-macros.h
-+++ b/ports/sysdeps/tile/stackguard-macros.h
-@@ -4,11 +4,17 @@
- # if __WORDSIZE == 64
- # define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("addi %0, tp, -16; ld %0, %0" : "=r" (x)); x; })
-+# define POINTER_CHK_GUARD \
-+ ({ uintptr_t x; asm ("addi %0, tp, -24; ld %0, %0" : "=r" (x)); x; })
- # else
- # define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("addi %0, tp, -8; ld4s %0, %0" : "=r" (x)); x; })
-+# define POINTER_CHK_GUARD \
-+ ({ uintptr_t x; asm ("addi %0, tp, -12; ld4s %0, %0" : "=r" (x)); x; })
- # endif
- #else
- # define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("addi %0, tp, -8; lw %0, %0" : "=r" (x)); x; })
-+# define POINTER_CHK_GUARD \
-+ ({ uintptr_t x; asm ("addi %0, tp, -12; lw %0, %0" : "=r" (x)); x; })
- #endif
-diff --git a/sysdeps/generic/stackguard-macros.h b/sysdeps/generic/stackguard-macros.h
-index ababf65..4fa3d96 100644
---- a/sysdeps/generic/stackguard-macros.h
-+++ b/sysdeps/generic/stackguard-macros.h
-@@ -2,3 +2,6 @@
-
- extern uintptr_t __stack_chk_guard;
- #define STACK_CHK_GUARD __stack_chk_guard
-+
-+extern uintptr_t __pointer_chk_guard_local;
-+#define POINTER_CHK_GUARD __pointer_chk_guard_local
-diff --git a/sysdeps/i386/stackguard-macros.h b/sysdeps/i386/stackguard-macros.h
-index 8c31e19..0397629 100644
---- a/sysdeps/i386/stackguard-macros.h
-+++ b/sysdeps/i386/stackguard-macros.h
-@@ -2,3 +2,11 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
-+
-+#define POINTER_CHK_GUARD \
-+ ({ \
-+ uintptr_t x; \
-+ asm ("movl %%gs:%c1, %0" : "=r" (x) \
-+ : "i" (offsetof (tcbhead_t, pointer_guard))); \
-+ x; \
-+ })
-diff --git a/sysdeps/powerpc/powerpc32/stackguard-macros.h b/sysdeps/powerpc/powerpc32/stackguard-macros.h
-index 839f6a4..b3d0af8 100644
---- a/sysdeps/powerpc/powerpc32/stackguard-macros.h
-+++ b/sysdeps/powerpc/powerpc32/stackguard-macros.h
-@@ -2,3 +2,13 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; })
-+
-+#define POINTER_CHK_GUARD \
-+ ({ \
-+ uintptr_t x; \
-+ asm ("lwz %0,%1(2)" \
-+ : "=r" (x) \
-+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
-+ ); \
-+ x; \
-+ })
-diff --git a/sysdeps/powerpc/powerpc64/stackguard-macros.h b/sysdeps/powerpc/powerpc64/stackguard-macros.h
-index 9da879c..4620f96 100644
---- a/sysdeps/powerpc/powerpc64/stackguard-macros.h
-+++ b/sysdeps/powerpc/powerpc64/stackguard-macros.h
-@@ -2,3 +2,13 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
-+
-+#define POINTER_CHK_GUARD \
-+ ({ \
-+ uintptr_t x; \
-+ asm ("ld %0,%1(2)" \
-+ : "=r" (x) \
-+ : "i" (offsetof (tcbhead_t, pointer_guard) - TLS_TCB_OFFSET - sizeof (tcbhead_t)) \
-+ ); \
-+ x; \
-+ })
-diff --git a/sysdeps/s390/s390-32/stackguard-macros.h b/sysdeps/s390/s390-32/stackguard-macros.h
-index b74c579..449e8d4 100644
---- a/sysdeps/s390/s390-32/stackguard-macros.h
-+++ b/sysdeps/s390/s390-32/stackguard-macros.h
-@@ -2,3 +2,14 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; })
-+
-+/* On s390/s390x there is no unique pointer guard, instead we use the
-+ same value as the stack guard. */
-+#define POINTER_CHK_GUARD \
-+ ({ \
-+ uintptr_t x; \
-+ asm ("ear %0,%%a0; l %0,%1(%0)" \
-+ : "=a" (x) \
-+ : "i" (offsetof (tcbhead_t, stack_guard))); \
-+ x; \
-+ })
-diff --git a/sysdeps/s390/s390-64/stackguard-macros.h b/sysdeps/s390/s390-64/stackguard-macros.h
-index 0cebb5f..c8270fb 100644
---- a/sysdeps/s390/s390-64/stackguard-macros.h
-+++ b/sysdeps/s390/s390-64/stackguard-macros.h
-@@ -2,3 +2,17 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; })
-+
-+/* On s390/s390x there is no unique pointer guard, instead we use the
-+ same value as the stack guard. */
-+#define POINTER_CHK_GUARD \
-+ ({ \
-+ uintptr_t x; \
-+ asm ("ear %0,%%a0;" \
-+ "sllg %0,%0,32;" \
-+ "ear %0,%%a1;" \
-+ "lg %0,%1(%0)" \
-+ : "=a" (x) \
-+ : "i" (offsetof (tcbhead_t, stack_guard))); \
-+ x; \
-+ })
-diff --git a/sysdeps/sparc/sparc32/stackguard-macros.h b/sysdeps/sparc/sparc32/stackguard-macros.h
-index c0b02b0..1eef0f1 100644
---- a/sysdeps/sparc/sparc32/stackguard-macros.h
-+++ b/sysdeps/sparc/sparc32/stackguard-macros.h
-@@ -2,3 +2,6 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; })
-+
-+#define POINTER_CHK_GUARD \
-+ ({ uintptr_t x; asm ("ld [%%g7+0x18], %0" : "=r" (x)); x; })
-diff --git a/sysdeps/sparc/sparc64/stackguard-macros.h b/sysdeps/sparc/sparc64/stackguard-macros.h
-index 80f0635..cc0c12c 100644
---- a/sysdeps/sparc/sparc64/stackguard-macros.h
-+++ b/sysdeps/sparc/sparc64/stackguard-macros.h
-@@ -2,3 +2,6 @@
-
- #define STACK_CHK_GUARD \
- ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; })
-+
-+#define POINTER_CHK_GUARD \
-+ ({ uintptr_t x; asm ("ldx [%%g7+0x30], %0" : "=r" (x)); x; })
-diff --git a/sysdeps/x86_64/stackguard-macros.h b/sysdeps/x86_64/stackguard-macros.h
-index d7fedb3..1948800 100644
---- a/sysdeps/x86_64/stackguard-macros.h
-+++ b/sysdeps/x86_64/stackguard-macros.h
-@@ -4,3 +4,8 @@
- ({ uintptr_t x; \
- asm ("mov %%fs:%c1, %0" : "=r" (x) \
- : "i" (offsetof (tcbhead_t, stack_guard))); x; })
-+
-+#define POINTER_CHK_GUARD \
-+ ({ uintptr_t x; \
-+ asm ("mov %%fs:%c1, %0" : "=r" (x) \
-+ : "i" (offsetof (tcbhead_t, pointer_guard))); x; })
diff --git a/patches/glibc-2.18/0009-CVE-2013-4237-BZ-14699-Buffer-overflow-in-readdir_r.patch b/patches/glibc-2.18/0009-CVE-2013-4237-BZ-14699-Buffer-overflow-in-readdir_r.patch
deleted file mode 100644
index 526775b..0000000
--- a/patches/glibc-2.18/0009-CVE-2013-4237-BZ-14699-Buffer-overflow-in-readdir_r.patch
+++ /dev/null
@@ -1,171 +0,0 @@
-From: Florian Weimer <fweimer@redhat.com>
-Date: Fri, 16 Aug 2013 09:38:52 +0200
-Subject: [PATCH] CVE-2013-4237, BZ #14699: Buffer overflow in readdir_r
-
- * sysdeps/posix/dirstream.h (struct __dirstream): Add errcode
- member.
- * sysdeps/posix/opendir.c (__alloc_dir): Initialize errcode
- member.
- * sysdeps/posix/rewinddir.c (rewinddir): Reset errcode member.
- * sysdeps/posix/readdir_r.c (__READDIR_R): Enforce NAME_MAX limit.
- Return delayed error code. Remove GETDENTS_64BIT_ALIGNED
- conditional.
- * sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c: Do not define
- GETDENTS_64BIT_ALIGNED.
- * sysdeps/unix/sysv/linux/i386/readdir64_r.c: Likewise.
- * manual/filesys.texi (Reading/Closing Directory): Document
- ENAMETOOLONG return value of readdir_r. Recommend readdir more
- strongly.
- * manual/conf.texi (Limits for Files): Add portability note to
- NAME_MAX, PATH_MAX.
- (Pathconf): Add portability note for _PC_NAME_MAX, _PC_PATH_MAX.
----
- sysdeps/posix/dirstream.h | 2 ++
- sysdeps/posix/opendir.c | 1 +
- sysdeps/posix/readdir_r.c | 42 ++++++++++++++++++-------
- sysdeps/posix/rewinddir.c | 1 +
- sysdeps/unix/sysv/linux/i386/readdir64_r.c | 1 -
- sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c | 1 -
- 6 files changed, 34 insertions(+), 14 deletions(-)
-
-diff --git a/sysdeps/posix/dirstream.h b/sysdeps/posix/dirstream.h
-index a7a074d..8e8570d 100644
---- a/sysdeps/posix/dirstream.h
-+++ b/sysdeps/posix/dirstream.h
-@@ -39,6 +39,8 @@ struct __dirstream
-
- off_t filepos; /* Position of next entry to read. */
-
-+ int errcode; /* Delayed error code. */
-+
- /* Directory block. */
- char data[0] __attribute__ ((aligned (__alignof__ (void*))));
- };
-diff --git a/sysdeps/posix/opendir.c b/sysdeps/posix/opendir.c
-index ddfc3a7..fc05b0f 100644
---- a/sysdeps/posix/opendir.c
-+++ b/sysdeps/posix/opendir.c
-@@ -231,6 +231,7 @@ __alloc_dir (int fd, bool close_fd, int flags, const struct stat64 *statp)
- dirp->size = 0;
- dirp->offset = 0;
- dirp->filepos = 0;
-+ dirp->errcode = 0;
-
- return dirp;
- }
-diff --git a/sysdeps/posix/readdir_r.c b/sysdeps/posix/readdir_r.c
-index b5a8e2e..8ed5c3f 100644
---- a/sysdeps/posix/readdir_r.c
-+++ b/sysdeps/posix/readdir_r.c
-@@ -40,6 +40,7 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
- DIRENT_TYPE *dp;
- size_t reclen;
- const int saved_errno = errno;
-+ int ret;
-
- __libc_lock_lock (dirp->lock);
-
-@@ -70,10 +71,10 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
- bytes = 0;
- __set_errno (saved_errno);
- }
-+ if (bytes < 0)
-+ dirp->errcode = errno;
-
- dp = NULL;
-- /* Reclen != 0 signals that an error occurred. */
-- reclen = bytes != 0;
- break;
- }
- dirp->size = (size_t) bytes;
-@@ -106,29 +107,46 @@ __READDIR_R (DIR *dirp, DIRENT_TYPE *entry, DIRENT_TYPE **result)
- dirp->filepos += reclen;
- #endif
-
-- /* Skip deleted files. */
-+#ifdef NAME_MAX
-+ if (reclen > offsetof (DIRENT_TYPE, d_name) + NAME_MAX + 1)
-+ {
-+ /* The record is very long. It could still fit into the
-+ caller-supplied buffer if we can skip padding at the
-+ end. */
-+ size_t namelen = _D_EXACT_NAMLEN (dp);
-+ if (namelen <= NAME_MAX)
-+ reclen = offsetof (DIRENT_TYPE, d_name) + namelen + 1;
-+ else
-+ {
-+ /* The name is too long. Ignore this file. */
-+ dirp->errcode = ENAMETOOLONG;
-+ dp->d_ino = 0;
-+ continue;
-+ }
-+ }
-+#endif
-+
-+ /* Skip deleted and ignored files. */
- }
- while (dp->d_ino == 0);
-
- if (dp != NULL)
- {
--#ifdef GETDENTS_64BIT_ALIGNED
-- /* The d_reclen value might include padding which is not part of
-- the DIRENT_TYPE data structure. */
-- reclen = MIN (reclen,
-- offsetof (DIRENT_TYPE, d_name) + sizeof (dp->d_name));
--#endif
- *result = memcpy (entry, dp, reclen);
--#ifdef GETDENTS_64BIT_ALIGNED
-+#ifdef _DIRENT_HAVE_D_RECLEN
- entry->d_reclen = reclen;
- #endif
-+ ret = 0;
- }
- else
-- *result = NULL;
-+ {
-+ *result = NULL;
-+ ret = dirp->errcode;
-+ }
-
- __libc_lock_unlock (dirp->lock);
-
-- return dp != NULL ? 0 : reclen ? errno : 0;
-+ return ret;
- }
-
- #ifdef __READDIR_R_ALIAS
-diff --git a/sysdeps/posix/rewinddir.c b/sysdeps/posix/rewinddir.c
-index 2935a8e..d4991ad 100644
---- a/sysdeps/posix/rewinddir.c
-+++ b/sysdeps/posix/rewinddir.c
-@@ -33,6 +33,7 @@ rewinddir (dirp)
- dirp->filepos = 0;
- dirp->offset = 0;
- dirp->size = 0;
-+ dirp->errcode = 0;
- #ifndef NOT_IN_libc
- __libc_lock_unlock (dirp->lock);
- #endif
-diff --git a/sysdeps/unix/sysv/linux/i386/readdir64_r.c b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
-index 8ebbcfd..a7d114e 100644
---- a/sysdeps/unix/sysv/linux/i386/readdir64_r.c
-+++ b/sysdeps/unix/sysv/linux/i386/readdir64_r.c
-@@ -18,7 +18,6 @@
- #define __READDIR_R __readdir64_r
- #define __GETDENTS __getdents64
- #define DIRENT_TYPE struct dirent64
--#define GETDENTS_64BIT_ALIGNED 1
-
- #include <sysdeps/posix/readdir_r.c>
-
-diff --git a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
-index 5ed8e95..290f2c8 100644
---- a/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
-+++ b/sysdeps/unix/sysv/linux/wordsize-64/readdir_r.c
-@@ -1,5 +1,4 @@
- #define readdir64_r __no_readdir64_r_decl
--#define GETDENTS_64BIT_ALIGNED 1
- #include <sysdeps/posix/readdir_r.c>
- #undef readdir64_r
- weak_alias (__readdir_r, readdir64_r)
diff --git a/patches/glibc-2.18/0010-malloc-Check-for-integer-overflow-in-pvalloc.patch b/patches/glibc-2.18/0010-malloc-Check-for-integer-overflow-in-pvalloc.patch
deleted file mode 100644
index 9331ceb..0000000
--- a/patches/glibc-2.18/0010-malloc-Check-for-integer-overflow-in-pvalloc.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Will Newton <will.newton@linaro.org>
-Date: Mon, 12 Aug 2013 15:08:02 +0100
-Subject: [PATCH] malloc: Check for integer overflow in pvalloc.
-
-A large bytes parameter to pvalloc could cause an integer overflow
-and corrupt allocator internals. Check the overflow does not occur
-before continuing with the allocation.
-
-ChangeLog:
-
-2013-09-11 Will Newton <will.newton@linaro.org>
-
- [BZ #15855]
- * malloc/malloc.c (__libc_pvalloc): Check the value of bytes
- does not overflow.
----
- malloc/malloc.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/malloc/malloc.c b/malloc/malloc.c
-index be472b2..bcc08c4 100644
---- a/malloc/malloc.c
-+++ b/malloc/malloc.c
-@@ -3082,6 +3082,13 @@ __libc_pvalloc(size_t bytes)
- size_t page_mask = GLRO(dl_pagesize) - 1;
- size_t rounded_bytes = (bytes + page_mask) & ~(page_mask);
-
-+ /* Check for overflow. */
-+ if (bytes > SIZE_MAX - 2*pagesz - MINSIZE)
-+ {
-+ __set_errno (ENOMEM);
-+ return 0;
-+ }
-+
- void *(*hook) (size_t, size_t, const void *) =
- force_reg (__memalign_hook);
- if (__builtin_expect (hook != NULL, 0))
diff --git a/patches/glibc-2.18/0011-malloc-Check-for-integer-overflow-in-valloc.patch b/patches/glibc-2.18/0011-malloc-Check-for-integer-overflow-in-valloc.patch
deleted file mode 100644
index 1a29ffb..0000000
--- a/patches/glibc-2.18/0011-malloc-Check-for-integer-overflow-in-valloc.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Will Newton <will.newton@linaro.org>
-Date: Fri, 16 Aug 2013 11:59:37 +0100
-Subject: [PATCH] malloc: Check for integer overflow in valloc.
-
-A large bytes parameter to valloc could cause an integer overflow
-and corrupt allocator internals. Check the overflow does not occur
-before continuing with the allocation.
-
-ChangeLog:
-
-2013-09-11 Will Newton <will.newton@linaro.org>
-
- [BZ #15856]
- * malloc/malloc.c (__libc_valloc): Check the value of bytes
- does not overflow.
----
- malloc/malloc.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/malloc/malloc.c b/malloc/malloc.c
-index bcc08c4..31e2dfa 100644
---- a/malloc/malloc.c
-+++ b/malloc/malloc.c
-@@ -3046,6 +3046,13 @@ __libc_valloc(size_t bytes)
-
- size_t pagesz = GLRO(dl_pagesize);
-
-+ /* Check for overflow. */
-+ if (bytes > SIZE_MAX - pagesz - MINSIZE)
-+ {
-+ __set_errno (ENOMEM);
-+ return 0;
-+ }
-+
- void *(*hook) (size_t, size_t, const void *) =
- force_reg (__memalign_hook);
- if (__builtin_expect (hook != NULL, 0))
diff --git a/patches/glibc-2.18/0012-malloc-Check-for-integer-overflow-in-memalign.patch b/patches/glibc-2.18/0012-malloc-Check-for-integer-overflow-in-memalign.patch
deleted file mode 100644
index 8bc5718..0000000
--- a/patches/glibc-2.18/0012-malloc-Check-for-integer-overflow-in-memalign.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From: Will Newton <will.newton@linaro.org>
-Date: Fri, 16 Aug 2013 12:54:29 +0100
-Subject: [PATCH] malloc: Check for integer overflow in memalign.
-
-A large bytes parameter to memalign could cause an integer overflow
-and corrupt allocator internals. Check the overflow does not occur
-before continuing with the allocation.
-
-ChangeLog:
-
-2013-09-11 Will Newton <will.newton@linaro.org>
-
- [BZ #15857]
- * malloc/malloc.c (__libc_memalign): Check the value of bytes
- does not overflow.
----
- malloc/malloc.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/malloc/malloc.c b/malloc/malloc.c
-index 31e2dfa..ebbe86d 100644
---- a/malloc/malloc.c
-+++ b/malloc/malloc.c
-@@ -3015,6 +3015,13 @@ __libc_memalign(size_t alignment, size_t bytes)
- /* Otherwise, ensure that it is at least a minimum chunk size */
- if (alignment < MINSIZE) alignment = MINSIZE;
-
-+ /* Check for overflow. */
-+ if (bytes > SIZE_MAX - alignment - MINSIZE)
-+ {
-+ __set_errno (ENOMEM);
-+ return 0;
-+ }
-+
- arena_get(ar_ptr, bytes + alignment + MINSIZE);
- if(!ar_ptr)
- return 0;
diff --git a/patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch b/patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch
deleted file mode 100644
index c59df8c..0000000
--- a/patches/glibc-2.18/0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From: Siddhesh Poyarekar <siddhesh@redhat.com>
-Date: Fri, 25 Oct 2013 10:22:12 +0530
-Subject: [PATCH] Fix stack overflow due to large AF_INET6 requests
-
-Resolves #16072 (CVE-2013-4458).
-
-This patch fixes another stack overflow in getaddrinfo when it is
-called with AF_INET6. The AF_UNSPEC case was fixed as CVE-2013-1914,
-but the AF_INET6 case went undetected back then.
----
- sysdeps/posix/getaddrinfo.c | 20 ++++++++++++++++++--
- 1 file changed, 18 insertions(+), 2 deletions(-)
-
-diff --git a/sysdeps/posix/getaddrinfo.c b/sysdeps/posix/getaddrinfo.c
-index 7bb3ded..2e97255 100644
---- a/sysdeps/posix/getaddrinfo.c
-+++ b/sysdeps/posix/getaddrinfo.c
-@@ -197,7 +197,22 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
- &rc, &herrno, NULL, &localcanon)); \
- if (rc != ERANGE || herrno != NETDB_INTERNAL) \
- break; \
-- tmpbuf = extend_alloca (tmpbuf, tmpbuflen, 2 * tmpbuflen); \
-+ if (!malloc_tmpbuf && __libc_use_alloca (alloca_used + 2 * tmpbuflen)) \
-+ tmpbuf = extend_alloca_account (tmpbuf, tmpbuflen, 2 * tmpbuflen, \
-+ alloca_used); \
-+ else \
-+ { \
-+ char *newp = realloc (malloc_tmpbuf ? tmpbuf : NULL, \
-+ 2 * tmpbuflen); \
-+ if (newp == NULL) \
-+ { \
-+ result = -EAI_MEMORY; \
-+ goto free_and_return; \
-+ } \
-+ tmpbuf = newp; \
-+ malloc_tmpbuf = true; \
-+ tmpbuflen = 2 * tmpbuflen; \
-+ } \
- } \
- if (status == NSS_STATUS_SUCCESS && rc == 0) \
- h = &th; \
-@@ -209,7 +224,8 @@ gaih_inet_serv (const char *servicename, const struct gaih_typeproto *tp,
- { \
- __set_h_errno (herrno); \
- _res.options |= old_res_options & RES_USE_INET6; \
-- return -EAI_SYSTEM; \
-+ result = -EAI_SYSTEM; \
-+ goto free_and_return; \
- } \
- if (herrno == TRY_AGAIN) \
- no_data = EAI_AGAIN; \
diff --git a/patches/glibc-2.18/series b/patches/glibc-2.18/series
deleted file mode 100644
index ba8f90c..0000000
--- a/patches/glibc-2.18/series
+++ /dev/null
@@ -1,27 +0,0 @@
-# generated by git-ptx-patches
-#tag:base --start-number 1
-#tag:upstream --start-number 1
-0001-ARM-Fix-clone-code-when-built-for-Thumb.patch
-0002-Fix-PI-mutex-check-in-pthread_cond_broadcast-and-pth.patch
-0003-ARM-Fix-memcpy-computed-jump-calculations-for-ARM_AL.patch
-0004-Accept-make-versions-4.0-and-greater.patch
-0005-Simplify-strcoll-implementation.patch
-0006-Fall-back-to-non-cached-sequence-traversal-and-compa.patch
-0007-Check-for-integer-overflow-in-cache-size-computation.patch
-0008-BZ-15754-CVE-2013-4788.patch
-0009-CVE-2013-4237-BZ-14699-Buffer-overflow-in-readdir_r.patch
-0010-malloc-Check-for-integer-overflow-in-pvalloc.patch
-0011-malloc-Check-for-integer-overflow-in-valloc.patch
-0012-malloc-Check-for-integer-overflow-in-memalign.patch
-0013-Fix-stack-overflow-due-to-large-AF_INET6-requests.patch
-#tag:build-system --start-number 100
-0100-add-install-lib-all-target.patch
-0101-don-t-regen-docs-if-perl-is-not-found.patch
-#tag:debian --start-number 200
-0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch
-#tag:gentoo --start-number 300
-0300-resolv-dynamic.patch
-#tag:linaro --start-number 400
-0400-optimized-string-functions-for-NEON-from-Linaro.patch
-0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch
-# c7c37d04f6d7c2fc5e7140d9570db200 - git-ptx-patches magic
diff --git a/patches/glibc-2.18/0100-add-install-lib-all-target.patch b/patches/glibc-2.20/0100-add-install-lib-all-target.patch
index 078aba9..45971cc 100644
--- a/patches/glibc-2.18/0100-add-install-lib-all-target.patch
+++ b/patches/glibc-2.20/0100-add-install-lib-all-target.patch
@@ -16,10 +16,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
1 file changed, 7 insertions(+)
diff --git a/Makerules b/Makerules
-index 03eafb0..5d7effd 100644
+index 6b30e8ce58d0..16b24ad2b20a 100644
--- a/Makerules
+++ b/Makerules
-@@ -801,6 +801,13 @@ endef
+@@ -834,6 +834,13 @@ endef
installed-libcs := $(foreach o,$(filter-out .os,$(object-suffixes-for-libc)),\
$(inst_libdir)/$(patsubst %,$(libtype$o),\
$(libprefix)$(libc-name)))
diff --git a/patches/glibc-2.18/0101-don-t-regen-docs-if-perl-is-not-found.patch b/patches/glibc-2.20/0101-don-t-regen-docs-if-perl-is-not-found.patch
index f89304d..653aee3 100644
--- a/patches/glibc-2.18/0101-don-t-regen-docs-if-perl-is-not-found.patch
+++ b/patches/glibc-2.20/0101-don-t-regen-docs-if-perl-is-not-found.patch
@@ -15,10 +15,10 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
1 file changed, 5 insertions(+)
diff --git a/manual/Makefile b/manual/Makefile
-index 44c0fd4..54217e0 100644
+index 62217a2d7a71..4a726edc215a 100644
--- a/manual/Makefile
+++ b/manual/Makefile
-@@ -107,9 +107,14 @@ $(objpfx)dir-add.texi: xtract-typefun.awk $(texis-path)
+@@ -104,9 +104,14 @@ $(objpfx)dir-add.texi: xtract-typefun.awk $(texis-path)
$(objpfx)libm-err.texi: $(objpfx)stamp-libm-err
$(objpfx)stamp-libm-err: libm-err-tab.pl $(wildcard $(foreach dir,$(sysdirs),\
$(dir)/libm-test-ulps))
diff --git a/patches/glibc-2.18/0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch b/patches/glibc-2.20/0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch
index 02c87ef..f898798 100644
--- a/patches/glibc-2.18/0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch
+++ b/patches/glibc-2.20/0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch
@@ -19,7 +19,7 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
1 file changed, 36 insertions(+)
diff --git a/locale/programs/3level.h b/locale/programs/3level.h
-index 9b8b1b9..93b643c 100644
+index c83cdf205e40..1d4553e512a5 100644
--- a/locale/programs/3level.h
+++ b/locale/programs/3level.h
@@ -204,6 +204,42 @@ CONCAT(TABLE,_iterate) (struct TABLE *t,
@@ -64,4 +64,4 @@ index 9b8b1b9..93b643c 100644
+
#endif
- #ifndef NO_FINALIZE
+ #ifndef NO_ADD_LOCALE
diff --git a/patches/glibc-2.18/0300-resolv-dynamic.patch b/patches/glibc-2.20/0300-resolv-dynamic.patch
index efe056e..8865e25 100644
--- a/patches/glibc-2.18/0300-resolv-dynamic.patch
+++ b/patches/glibc-2.20/0300-resolv-dynamic.patch
@@ -13,7 +13,7 @@ http://bugs.gentoo.org/177416
1 file changed, 15 insertions(+)
diff --git a/resolv/res_libc.c b/resolv/res_libc.c
-index 48d3200..a443345 100644
+index ee3fa2114b70..10cb08bdd9be 100644
--- a/resolv/res_libc.c
+++ b/resolv/res_libc.c
@@ -22,6 +22,7 @@
diff --git a/patches/glibc-2.18/0400-optimized-string-functions-for-NEON-from-Linaro.patch b/patches/glibc-2.20/0400-optimized-string-functions-for-NEON-from-Linaro.patch
index 4795949..f823c45 100644
--- a/patches/glibc-2.18/0400-optimized-string-functions-for-NEON-from-Linaro.patch
+++ b/patches/glibc-2.20/0400-optimized-string-functions-for-NEON-from-Linaro.patch
@@ -18,7 +18,7 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
diff --git a/cortex-strings/sysdeps/arm/armv7/memchr.S b/cortex-strings/sysdeps/arm/armv7/memchr.S
new file mode 100644
-index 0000000..92a2d9f
+index 000000000000..92a2d9f0967d
--- /dev/null
+++ b/cortex-strings/sysdeps/arm/armv7/memchr.S
@@ -0,0 +1,155 @@
@@ -179,7 +179,7 @@ index 0000000..92a2d9f
+ bx lr
diff --git a/cortex-strings/sysdeps/arm/armv7/memcpy.S b/cortex-strings/sysdeps/arm/armv7/memcpy.S
new file mode 100644
-index 0000000..3be24ca
+index 000000000000..3be24cad2c8d
--- /dev/null
+++ b/cortex-strings/sysdeps/arm/armv7/memcpy.S
@@ -0,0 +1,152 @@
@@ -337,7 +337,7 @@ index 0000000..3be24ca
+ b 4b
diff --git a/cortex-strings/sysdeps/arm/armv7/memset.S b/cortex-strings/sysdeps/arm/armv7/memset.S
new file mode 100644
-index 0000000..921cb75
+index 000000000000..921cb7535cc8
--- /dev/null
+++ b/cortex-strings/sysdeps/arm/armv7/memset.S
@@ -0,0 +1,118 @@
@@ -461,7 +461,7 @@ index 0000000..921cb75
+ bx lr @ goodbye
diff --git a/cortex-strings/sysdeps/arm/armv7/strchr.S b/cortex-strings/sysdeps/arm/armv7/strchr.S
new file mode 100644
-index 0000000..8875dbf
+index 000000000000..8875dbfce6da
--- /dev/null
+++ b/cortex-strings/sysdeps/arm/armv7/strchr.S
@@ -0,0 +1,76 @@
@@ -543,7 +543,7 @@ index 0000000..8875dbf
+ bx lr
diff --git a/cortex-strings/sysdeps/arm/armv7/strlen.S b/cortex-strings/sysdeps/arm/armv7/strlen.S
new file mode 100644
-index 0000000..8efa235
+index 000000000000..8efa2356fdd1
--- /dev/null
+++ b/cortex-strings/sysdeps/arm/armv7/strlen.S
@@ -0,0 +1,150 @@
diff --git a/patches/glibc-2.18/0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch b/patches/glibc-2.20/0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch
index 363ee0d..2ffcdbb 100644
--- a/patches/glibc-2.18/0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch
+++ b/patches/glibc-2.20/0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch
@@ -12,7 +12,7 @@ Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
5 files changed, 11 insertions(+)
diff --git a/cortex-strings/sysdeps/arm/armv7/memchr.S b/cortex-strings/sysdeps/arm/armv7/memchr.S
-index 92a2d9f..6e41953 100644
+index 92a2d9f0967d..6e4195325c82 100644
--- a/cortex-strings/sysdeps/arm/armv7/memchr.S
+++ b/cortex-strings/sysdeps/arm/armv7/memchr.S
@@ -153,3 +153,6 @@ memchr:
@@ -23,7 +23,7 @@ index 92a2d9f..6e41953 100644
+strong_alias (memchr, __memchr)
+libc_hidden_builtin_def (memchr)
diff --git a/cortex-strings/sysdeps/arm/armv7/memcpy.S b/cortex-strings/sysdeps/arm/armv7/memcpy.S
-index 3be24ca..c274207 100644
+index 3be24cad2c8d..c2742073a329 100644
--- a/cortex-strings/sysdeps/arm/armv7/memcpy.S
+++ b/cortex-strings/sysdeps/arm/armv7/memcpy.S
@@ -150,3 +150,5 @@ memcpy:
@@ -33,7 +33,7 @@ index 3be24ca..c274207 100644
+
+libc_hidden_builtin_def (memcpy)
diff --git a/cortex-strings/sysdeps/arm/armv7/memset.S b/cortex-strings/sysdeps/arm/armv7/memset.S
-index 921cb75..d4c12a4 100644
+index 921cb7535cc8..d4c12a4d1243 100644
--- a/cortex-strings/sysdeps/arm/armv7/memset.S
+++ b/cortex-strings/sysdeps/arm/armv7/memset.S
@@ -116,3 +116,5 @@ memset:
@@ -43,7 +43,7 @@ index 921cb75..d4c12a4 100644
+
+libc_hidden_builtin_def (memset)
diff --git a/cortex-strings/sysdeps/arm/armv7/strchr.S b/cortex-strings/sysdeps/arm/armv7/strchr.S
-index 8875dbf..05c832f 100644
+index 8875dbfce6da..05c832f1faf4 100644
--- a/cortex-strings/sysdeps/arm/armv7/strchr.S
+++ b/cortex-strings/sysdeps/arm/armv7/strchr.S
@@ -74,3 +74,6 @@ strchr:
@@ -54,7 +54,7 @@ index 8875dbf..05c832f 100644
+weak_alias (strchr, index)
+libc_hidden_builtin_def (strchr)
diff --git a/cortex-strings/sysdeps/arm/armv7/strlen.S b/cortex-strings/sysdeps/arm/armv7/strlen.S
-index 8efa235..1445d8e 100644
+index 8efa2356fdd1..1445d8e8118e 100644
--- a/cortex-strings/sysdeps/arm/armv7/strlen.S
+++ b/cortex-strings/sysdeps/arm/armv7/strlen.S
@@ -148,3 +148,4 @@ def_fn strlen p2align=6
diff --git a/patches/glibc-2.20/series b/patches/glibc-2.20/series
new file mode 100644
index 0000000..d573f03
--- /dev/null
+++ b/patches/glibc-2.20/series
@@ -0,0 +1,14 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+#tag:upstream --start-number 1
+#tag:build-system --start-number 100
+0100-add-install-lib-all-target.patch
+0101-don-t-regen-docs-if-perl-is-not-found.patch
+#tag:debian --start-number 200
+0200-Fix-localedef-segfault-when-run-under-exec-shield-Pa.patch
+#tag:gentoo --start-number 300
+0300-resolv-dynamic.patch
+#tag:linaro --start-number 400
+0400-optimized-string-functions-for-NEON-from-Linaro.patch
+0401-add-libc_hidden_builtin_def-for-all-cortex-functions.patch
+# 9424473d0c6432ce5c5a28abd362c91c - git-ptx-patches magic