- gen-tempname-randomness.patch: Fix missing randomness in __gen_tempname

(bsc#1230965, BZ #32214)

- Use nss-systemd by default also in SLE (bsc#1230638)

OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=721

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

.gitignore

@@ -0,0 +1 @@
+.osc

_constraints

@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<constraints>
+  <overwrite>
+    <conditions>
+      <package>glibc:testsuite</package>
+    </conditions>
+    <hardware>
+      <memory>
+	<size unit="M">3000</size>
+      </memory>
+      <disk>
+        <size unit="M">5600</size>
+      </disk>
+    </hardware>
+  </overwrite>
+</constraints>

_multibuild

@@ -0,0 +1,9 @@
+<multibuild>
+  <package>i686</package>
+  <package>utils</package>
+  <package>testsuite</package>
+  <package>cross-aarch64</package>
+  <package>cross-ppc64le</package>
+  <package>cross-riscv64</package>
+  <package>cross-s390x</package>
+</multibuild>

add-locales.patch

@@ -0,0 +1,29 @@
+Index: glibc-2.27/localedata/SUPPORTED
+===================================================================
+--- glibc-2.27.orig/localedata/SUPPORTED
++++ glibc-2.27/localedata/SUPPORTED
+@@ -135,6 +135,7 @@ en_CA.UTF-8/UTF-8 \
+ en_CA/ISO-8859-1 \
+ en_DK.UTF-8/UTF-8 \
+ en_DK/ISO-8859-1 \
++en_GB.ISO-8859-15/ISO-8859-15 \
+ en_GB.UTF-8/UTF-8 \
+ en_GB/ISO-8859-1 \
+ en_HK.UTF-8/UTF-8 \
+@@ -152,6 +153,7 @@ en_PH/ISO-8859-1 \
+ en_SC.UTF-8/UTF-8 \
+ en_SG.UTF-8/UTF-8 \
+ en_SG/ISO-8859-1 \
++en_US.ISO-8859-15/ISO-8859-15 \
+ en_US.UTF-8/UTF-8 \
+ en_US/ISO-8859-1 \
+ en_ZA.UTF-8/UTF-8 \
+@@ -277,6 +279,8 @@ it_IT/ISO-8859-1 \
+ it_IT@euro/ISO-8859-15 \
+ iu_CA/UTF-8 \
+ ja_JP.EUC-JP/EUC-JP \
++ja_JP.SHIFT_JISX0213/SHIFT_JISX0213 \
++ja_JP.SJIS/SHIFT_JIS \
+ ja_JP.UTF-8/UTF-8 \
+ ka_GE.UTF-8/UTF-8 \
+ ka_GE/GEORGIAN-PS \

baselibs.conf

@@ -0,0 +1,35 @@
+glibc
+  arch i586 block!
+  targettype x86 +/etc/ld.so.conf
+  targettype x86 "/lib/ld-linux.so.2 -> <prefix>/lib/ld-linux.so.2"
+  targettype x86 obsoletes "baselibs-x86"
+  targettype ia32 +/etc/ld.so.conf
+  targettype ia32 "/lib/ld-linux.so.2 -> <prefix>/lib/ld-linux.so.2"
+  +/usr/lib(64)?/gconv/gconv-modules
+  targettype x86 -/usr/lib(64)?/gconv/gconv-modules
+  prereq -glibc-x86
+  +/usr/lib/getconf/[^g]
+  +/usr/sbin/iconvconfig -> /usr/sbin/iconvconfig-<extension>
+  post "/usr/sbin/iconvconfig-<extension>"
+  recommends "glibc-gconv-modules-extra-<targettype> = %version"
+  obsoletes "glibc-locale-base-<targettype>"
+glibc-gconv-modules-extra
+  arch i586 block!
+  +/usr/lib(64)?/gconv/gconv-modules
+  targettype x86 -/usr/lib(64)?/gconv/gconv-modules
+  post "/usr/sbin/iconvconfig-<extension>"
+  postun "/usr/sbin/iconvconfig-<extension>"
+  obsoletes "glibc-locale-base-<targettype>"
+  provides "glibc-locale-base-<targettype> = %version"
+glibc-devel
+  requires "glibc-<targettype> = %version"
+  arch i586 block!
+  +^/usr/include/gnu/lib-names-.*\.h$
+  +^/usr/include/gnu/stubs-.*\.h$
+glibc-devel-static
+  arch i586 block!
+glibc-profile
+  arch i586 block!
+glibc-utils
+libnsl1
+  arch i586 block!

bindresvport.blacklist

@@ -0,0 +1,14 @@
+#
+# This file contains a list of port numbers between 600 and 1024,
+# which should not be used by bindresvport. bindresvport is mostly
+# called by RPC services. This mostly solves the problem, that a
+# RPC service uses a well known port of another service.
+#
+623	# ASF, used by IPMI on some cards
+631	# cups
+636	# ldaps
+664	# Secure ASF, used by IPMI on some cards
+774	# rpasswd
+921	# lwresd
+993	# imaps
+995	# pops

gen-tempname-randomness.patch

@@ -0,0 +1,28 @@
+From 5f62cf88c4530c11904482775b7582bd7f6d80d2 Mon Sep 17 00:00:00 2001
+From: Andreas Schwab <schwab@suse.de>
+Date: Wed, 25 Sep 2024 11:49:30 +0200
+Subject: [PATCH] Fix missing randomness in __gen_tempname (bug 32214)
+
+Make sure to update the random value also if getrandom fails.
+
+Fixes: 686d542025 ("posix: Sync tempname with gnulib")
+---
+ sysdeps/posix/tempname.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sysdeps/posix/tempname.c b/sysdeps/posix/tempname.c
+index c00fe0c181..fc30958a0c 100644
+--- a/sysdeps/posix/tempname.c
++++ b/sysdeps/posix/tempname.c
+@@ -117,6 +117,8 @@ random_bits (random_value *r, random_value s)
+      succeed.  */
+ #if !_LIBC
+   *r = mix_random_values (v, clock ());
++#else
++  *r = v;
+ #endif
+   return false;
+ }
+-- 
+2.46.2
+

glibc-2.3.2.no_archive.diff

@@ -0,0 +1,44 @@
+Wed Jun  4 14:29:07 CEST 2003 - kukuk@suse.de
+
+- Make --no-archive default for localedef
+
+Index: glibc-2.27/locale/programs/localedef.c
+===================================================================
+--- glibc-2.27.orig/locale/programs/localedef.c
++++ glibc-2.27/locale/programs/localedef.c
+@@ -71,7 +71,7 @@ const char *alias_file;
+ static struct localedef_t *locales;
+ 
+ /* If true don't add locale data to archive.  */
+-bool no_archive;
++bool no_archive = true;
+ 
+ /* If true add named locales to archive.  */
+ static bool add_to_archive;
+@@ -101,6 +101,7 @@ void (*argp_program_version_hook) (FILE
+ #define OPT_REPLACE 307
+ #define OPT_DELETE_FROM_ARCHIVE 308
+ #define OPT_LIST_ARCHIVE 309
++#define OPT_ARCHIVE 310
+ #define OPT_LITTLE_ENDIAN 400
+ #define OPT_BIG_ENDIAN 401
+ #define OPT_NO_WARN 402
+@@ -133,6 +134,8 @@ static const struct argp_option options[
+        "supported warnings are: ascii, intcurrsym") },
+ 
+   { NULL, 0, NULL, 0, N_("Archive control:") },
++  { "archive", OPT_ARCHIVE, NULL, 0,
++    N_("Add new data to archive") },
+   { "no-archive", OPT_NO_ARCHIVE, NULL, 0,
+     N_("Don't add new data to archive") },
+   { "add-to-archive", OPT_ADD_TO_ARCHIVE, NULL, 0,
+@@ -360,6 +363,9 @@ parse_opt (int key, char *arg, struct ar
+     case OPT_PREFIX:
+       output_prefix = arg;
+       break;
++    case OPT_ARCHIVE:
++      no_archive = false;
++      break;
+     case OPT_NO_ARCHIVE:
+       no_archive = true;
+       break;

glibc-2.3.3-nscd-db-path.diff

@@ -0,0 +1,21 @@
+Index: glibc-2.27/nscd/nscd.h
+===================================================================
+--- glibc-2.27.orig/nscd/nscd.h
++++ glibc-2.27/nscd/nscd.h
+@@ -161,11 +161,11 @@ struct database_dyn
+ 
+ 
+ /* Paths of the file for the persistent storage.  */
+-#define _PATH_NSCD_PASSWD_DB	"/var/db/nscd/passwd"
+-#define _PATH_NSCD_GROUP_DB	"/var/db/nscd/group"
+-#define _PATH_NSCD_HOSTS_DB	"/var/db/nscd/hosts"
+-#define _PATH_NSCD_SERVICES_DB	"/var/db/nscd/services"
+-#define _PATH_NSCD_NETGROUP_DB	"/var/db/nscd/netgroup"
++#define _PATH_NSCD_PASSWD_DB	"/var/lib/nscd/passwd"
++#define _PATH_NSCD_GROUP_DB	"/var/lib/nscd/group"
++#define _PATH_NSCD_HOSTS_DB	"/var/lib/nscd/hosts"
++#define _PATH_NSCD_SERVICES_DB	"/var/lib/nscd/services"
++#define _PATH_NSCD_NETGROUP_DB	"/var/lib/nscd/netgroup"
+ 
+ /* Path used when not using persistent storage.  */
+ #define _PATH_NSCD_XYZ_DB_TMP	"/var/run/nscd/dbXXXXXX"

glibc-2.3.90-langpackdir.diff

@@ -0,0 +1,33 @@
+Index: glibc-2.38/intl/loadmsgcat.c
+===================================================================
+--- glibc-2.38.orig/intl/loadmsgcat.c
++++ glibc-2.38/intl/loadmsgcat.c
+@@ -796,8 +796,26 @@ _nl_load_domain (struct loaded_l10nfile
+   if (domain_file->filename == NULL)
+     goto out;
+ 
+-  /* Try to open the addressed file.  */
+-  fd = open (domain_file->filename, O_RDONLY | O_BINARY);
++  /* Replace /locale/ with /usr/share/locale-langpack/ */
++  const char *langpackdir = "/usr/share/locale-langpack/";
++  char *filename_langpack = malloc (strlen (domain_file->filename)
++				    + strlen (langpackdir));
++  if (filename_langpack != NULL)
++    {
++      char *p = strstr (domain_file->filename, "/locale/");
++      if (p != NULL)
++	{
++	  strcpy (__stpcpy (filename_langpack, langpackdir), p + 8);
++	  fd = open (filename_langpack, O_RDONLY | O_BINARY);
++	}
++
++      free (filename_langpack);
++    }
++
++  if (fd == -1)
++    /* Try to open the addressed file.  */
++    fd = open (domain_file->filename, O_RDONLY | O_BINARY);
++
+   if (fd == -1)
+     goto out;
+ 

glibc-2.4-china.diff

@@ -0,0 +1,22 @@
+Index: glibc-2.27/localedata/locales/zh_TW
+===================================================================
+--- glibc-2.27.orig/localedata/locales/zh_TW
++++ glibc-2.27/localedata/locales/zh_TW
+@@ -8,7 +8,7 @@ escape_char /
+ % exempt you from the conditions of the license if your use would
+ % otherwise be governed by that license.
+ 
+-% Chinese language locale for Taiwan R.O.C.
++% Chinese language locale for Taiwan
+ %
+ % Original Author:
+ %    Ming-Che Chuang
+@@ -23,7 +23,7 @@ escape_char /
+ % Reference:	http://wwwold.dkuug.dk/JTC1/SC22/WG20/docs/n690.pdf
+ 
+ LC_IDENTIFICATION
+-title      "Chinese locale for Taiwan R.O.C."
++title      "Chinese locale for Taiwan"
+ source     ""
+ address    ""
+ contact    ""

glibc-2.4.90-no_NO.diff

@@ -0,0 +1,100 @@
+Index: glibc-2.27/intl/locale.alias
+===================================================================
+--- glibc-2.27.orig/intl/locale.alias
++++ glibc-2.27/intl/locale.alias
+@@ -65,8 +65,6 @@ korean		ko_KR.eucKR
+ korean.euc 	ko_KR.eucKR
+ ko_KR		ko_KR.eucKR
+ lithuanian      lt_LT.ISO-8859-13
+-no_NO		nb_NO.ISO-8859-1
+-no_NO.ISO-8859-1 nb_NO.ISO-8859-1
+ norwegian       nb_NO.ISO-8859-1
+ nynorsk		nn_NO.ISO-8859-1
+ polish          pl_PL.ISO-8859-2
+Index: glibc-2.27/localedata/SUPPORTED
+===================================================================
+--- glibc-2.27.orig/localedata/SUPPORTED
++++ glibc-2.27/localedata/SUPPORTED
+@@ -355,6 +355,8 @@ nl_NL/ISO-8859-1 \
+ nl_NL@euro/ISO-8859-15 \
+ nn_NO.UTF-8/UTF-8 \
+ nn_NO/ISO-8859-1 \
++no_NO.UTF-8/UTF-8 \
++no_NO/ISO-8859-1 \
+ nr_ZA/UTF-8 \
+ nso_ZA/UTF-8 \
+ oc_FR.UTF-8/UTF-8 \
+Index: glibc-2.27/localedata/locales/no_NO
+===================================================================
+--- /dev/null
++++ glibc-2.27/localedata/locales/no_NO
+@@ -0,0 +1,69 @@
++escape_char	/
++comment_char    %
++
++% Norwegian language locale for Norway
++% Source: Norsk Standardiseringsforbund
++% Address: University Library,
++%   Drammensveien 41, N-9242 Oslo, Norge
++% Contact: Kolbjoern Aamboe
++% Tel: +47 - 22859109
++% Fax: +47 - 22434497
++% Email: kolbjorn.aambo@usit.uio.no
++% Language: no
++% Territory: NO
++% Revision: 4.3
++% Date: 1996-10-15
++% Application: general
++% Users: general
++% Repertoiremap: mnemonic.ds
++% Charset: ISO-8859-1
++% Distribution and use is free, also
++% for commercial purposes.
++
++LC_IDENTIFICATION
++copy "nb_NO"
++END LC_IDENTIFICATION
++
++LC_COLLATE
++copy "nb_NO"
++END LC_COLLATE
++
++LC_CTYPE
++copy "nb_NO"
++END LC_CTYPE
++
++LC_MONETARY
++copy "nb_NO"
++END LC_MONETARY
++
++LC_NUMERIC
++copy "nb_NO"
++END LC_NUMERIC
++
++LC_TIME
++copy "nb_NO"
++END LC_TIME
++
++LC_MESSAGES
++copy "nb_NO"
++END LC_MESSAGES
++
++LC_PAPER
++copy "nb_NO"
++END LC_PAPER
++
++LC_TELEPHONE
++copy "nb_NO"
++END LC_TELEPHONE
++
++LC_MEASUREMENT
++copy "nb_NO"
++END LC_MEASUREMENT
++
++LC_NAME
++copy "nb_NO"
++END LC_NAME
++
++LC_ADDRESS
++copy "nb_NO"
++END LC_ADDRESS

glibc-2.40.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:19a890175e9263d748f627993de6f4b1af9cd21e03f080e4bfb3a1fac10205a2
+size 18752204

glibc-2.40.tar.xz.sig

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEcnNUKzmWLfeymZMUFnkrTqJTQPgFAmaeSXIACgkQFnkrTqJT
+QPhcfw/+LG5lo6bi7F8Kggp7rsxw1QpRsT76HUNdsoVZRbKvERYihexEQST8rNM/
+BvzWv+eAxE8h1XcBdYk3qKtyvsggVogaxnsfRq1+5yonrI0FGDdQZEjDhYVBEPma
+T1m8qmZywPingm37gT5RevQJP3vg2OBW9l5/nwGk9K33e+09RXCAyvZVrn7binTV
+27VESY5/6X7uC2Ga1WnZG2omu3W5+vAsGWoFnCNjJHfqyW6agaGLbGNSBJnSABv+
+mTy4v8S6zpRovWZOA2hi7FUVbtDyvyJrGZLnTNBA/DxqKiKc2ZQUljXy7Uv+piDt
+H0bwNsrC0mcRxdqsA8FNUv/gIpHcuBaLjUz37bA6d0iwkvqf8YCJ47O6KbMuuDeu
+DudKO+QIVTgs0ahUnbomW27Un46cvkM2JM7dU9Akt5Cja9hImOOn1cbotkaMfmsL
+c3Hq+O3LYwI76p3HUwsjg3xjgoLZy24+46PaXRncrYImgTif6yGq4uVjWXnaFsLs
+WtE16EU9fvU1zCBRbdcT6cI6TiNQvQdc8aBGxKs4oFTMROWiczfwKmcIrC6OROIJ
+kW5V0nI5t3Sk8XSubUxj4dZhk6E1e58RhKm/5pcdOVzwbd3H9sb5q/BhlWB7M49M
+i5n7p77a1YCjuhl/m43Q036uDCER7/JSbnekU6zsTYUDX/ZfWiA=
+=hPC5
+-----END PGP SIGNATURE-----

glibc-bindresvport-blacklist.diff

@@ -0,0 +1,158 @@
+Index: glibc-2.32/inet/bindresvport.c
+===================================================================
+--- glibc-2.32.orig/inet/bindresvport.c
++++ glibc-2.32/inet/bindresvport.c
+@@ -29,6 +29,9 @@
+  *   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+  */
+ 
++#include <stdio.h>
++#include <ctype.h>
++#include <stdlib.h>
+ #include <errno.h>
+ #include <unistd.h>
+ #include <string.h>
+@@ -42,6 +45,93 @@
+  */
+ __libc_lock_define_initialized (static, lock);
+ 
++#define STARTPORT 600
++#define LOWPORT 512
++#define ENDPORT (IPPORT_RESERVED - 1)
++#define NPORTS	(ENDPORT - STARTPORT + 1)
++
++/* Read the file /etc/rpc.blacklisted, so that we don't bind to these
++   ports.  */
++
++static int blacklist_read;
++static int *list;
++static int list_size = 0;
++
++static void
++load_blacklist (void)
++{
++  FILE *fp;
++  char *buf = NULL;
++  size_t buflen = 0;
++  int size = 0, ptr = 0;
++
++  __libc_lock_lock (lock);
++  if (blacklist_read)
++    goto unlock;
++  blacklist_read = 1;
++
++  fp = fopen ("/etc/bindresvport.blacklist", "r");
++  if (fp == NULL)
++    goto unlock;
++
++  while (!feof_unlocked (fp))
++    {
++      unsigned long port;
++      char *tmp, *cp;
++      ssize_t n = __getline (&buf, &buflen, fp);
++      if (n < 1)
++        break;
++
++      cp = buf;
++      /* Remove comments.  */
++      tmp = strchr (cp, '#');
++      if (tmp)
++        *tmp = '\0';
++      /* Remove spaces and tabs.  */
++      while (isspace ((unsigned char) *cp))
++        ++cp;
++      /* Ignore empty lines.  */
++      if (*cp == '\0')
++        continue;
++      if (cp[strlen (cp) - 1] == '\n')
++        cp[strlen (cp) - 1] = '\0';
++
++      port = strtoul (cp, &tmp, 0);
++      while (isspace ((unsigned char) *tmp))
++        ++tmp;
++      if (*tmp != '\0' || (port == ULONG_MAX && errno == ERANGE))
++	continue;
++
++      /* Don't bother with out-of-range ports.  */
++      if (port < LOWPORT || port > ENDPORT)
++        continue;
++
++      if (ptr >= size)
++	{
++	  size += 10;
++	  int *new_list = realloc (list, size * sizeof (int));
++	  if (new_list == NULL)
++	    {
++	      free (list);
++	      list = NULL;
++	      free (buf);
++	      goto unlock;
++	    }
++	  list = new_list;
++	}
++
++      list[ptr++] = port;
++    }
++
++  fclose (fp);
++  free (buf);
++  list_size = ptr;
++
++ unlock:
++  __libc_lock_unlock (lock);
++}
++
++
+ /*
+  * Bind a socket to a privileged IP port
+  */
+@@ -52,12 +142,11 @@ bindresvport (int sd, struct sockaddr_in
+   struct sockaddr_in myaddr;
+   int i;
+ 
+-#define STARTPORT 600
+-#define LOWPORT 512
+-#define ENDPORT (IPPORT_RESERVED - 1)
+-#define NPORTS	(ENDPORT - STARTPORT + 1)
+   static short startport = STARTPORT;
+ 
++  if (!blacklist_read)
++    load_blacklist ();
++
+   if (sin == (struct sockaddr_in *) 0)
+     {
+       sin = &myaddr;
+@@ -75,6 +164,7 @@ bindresvport (int sd, struct sockaddr_in
+       port = (__getpid () % NPORTS) + STARTPORT;
+     }
+ 
++  __set_errno (EADDRINUSE);
+   /* Initialize to make gcc happy.  */
+   int res = -1;
+ 
+@@ -86,12 +176,22 @@ bindresvport (int sd, struct sockaddr_in
+  again:
+   for (i = 0; i < nports; ++i)
+     {
+-      sin->sin_port = htons (port++);
+-      if (port > endport)
+-	port = startport;
++      int j;
++
++      sin->sin_port = htons (port);
++
++      /* Check that this port is not blacklisted.  */
++      for (j = 0; j < list_size; j++)
++	if (port == list[j])
++	  goto try_next_port;
++
+       res = __bind (sd, sin, sizeof (struct sockaddr_in));
+       if (res >= 0 || errno != EADDRINUSE)
+ 	break;
++
++    try_next_port:
++      if (++port > endport)
++	port = startport;
+     }
+ 
+   if (i == nports && startport != LOWPORT)

glibc-fix-double-loopback.diff

@@ -0,0 +1,25 @@
+This fixes the problem of getent ahosts localhost returning 127.0.0.1
+_twice_ on systems that have no ipv6 interfaces up (hence are regarded
+as ipv4 only by the lookup code), but still have localhost entries for
+::1 and 127.0.0.1 in /etc/hosts (like most current systems).
+
+Remapping ::1 to 127.0.0.1 is bogus when /etc/hosts is correct.
+bnc #684534, #606980
+http://sources.redhat.com/bugzilla/show_bug.cgi?id=4980
+
+Index: glibc-2.27/nss/nss_files/files-hosts.c
+===================================================================
+--- glibc-2.27.orig/nss/nss_files/files-hosts.c
++++ glibc-2.27/nss/nss_files/files-hosts.c
+@@ -70,11 +70,6 @@ LINE_PARSER
+ 	 {
+ 	   if (IN6_IS_ADDR_V4MAPPED (entdata->host_addr))
+ 	     memcpy (entdata->host_addr, entdata->host_addr + 12, INADDRSZ);
+-	   else if (IN6_IS_ADDR_LOOPBACK (entdata->host_addr))
+-	     {
+-	       in_addr_t localhost = htonl (INADDR_LOOPBACK);
+-	       memcpy (entdata->host_addr, &localhost, sizeof (localhost));
+-	     }
+ 	   else
+ 	     /* Illegal address: ignore line.  */
+ 	     return 0;

glibc-nscd.conf.patch

@@ -0,0 +1,19 @@
+Index: glibc-2.27/nscd/nscd.conf
+===================================================================
+--- glibc-2.27.orig/nscd/nscd.conf
++++ glibc-2.27/nscd/nscd.conf
+@@ -61,11 +61,11 @@
+ 	auto-propagate		group		yes
+ 
+ 	enable-cache		hosts		yes
+-	positive-time-to-live	hosts		3600
+-	negative-time-to-live	hosts		20
++	positive-time-to-live	hosts		600
++	negative-time-to-live	hosts		0
+ 	suggested-size		hosts		211
+ 	check-files		hosts		yes
+-	persistent		hosts		yes
++	persistent		hosts		no
+ 	shared			hosts		yes
+ 	max-db-size		hosts		33554432
+ 

glibc-nsswitch-usr.diff

@@ -0,0 +1,13 @@
+Index: glibc-2.33/nss/nss_database.c
+===================================================================
+--- glibc-2.33.orig/nss/nss_database.c
++++ glibc-2.33/nss/nss_database.c
+@@ -303,6 +303,8 @@ nss_database_reload (struct nss_database
+ {
+   FILE *fp = fopen (_PATH_NSSWITCH_CONF, "rce");
+   if (fp == NULL)
++    fp = fopen ("/usr" _PATH_NSSWITCH_CONF, "rce");
++  if (fp == NULL)
+     switch (errno)
+       {
+       case EACCES:

glibc-resolv-mdnshint.diff

@@ -0,0 +1,19 @@
+Index: glibc-2.27/resolv/res_hconf.c
+===================================================================
+--- glibc-2.27.orig/resolv/res_hconf.c
++++ glibc-2.27/resolv/res_hconf.c
+@@ -215,9 +215,12 @@ parse_line (const char *fname, int line_
+   if (c == NULL)
+     {
+       char *buf;
++      const char *hint = "";
+ 
+-      if (__asprintf (&buf, _("%s: line %d: bad command `%s'\n"),
+-		      fname, line_num, start) < 0)
++      if (__strncasecmp (start, "mdns", len) == 0 && len == 4)
++        hint = "Multicast DNS is now configured in /etc/nsswitch.conf instead.\nSee also the package and manpage of nss-mdns.\n";
++      if (__asprintf (&buf, _("%s: line %d: bad command `%s'\n%s"),
++		      fname, line_num, start, hint) < 0)
+ 	return;
+ 
+       __fxprintf (NULL, "%s", buf);

glibc-version.diff

@@ -0,0 +1,18 @@
+Index: glibc-2.27/csu/version.c
+===================================================================
+--- glibc-2.27.orig/csu/version.c
++++ glibc-2.27/csu/version.c
+@@ -24,11 +24,12 @@ static const char __libc_release[] = REL
+ static const char __libc_version[] = VERSION;
+ 
+ static const char banner[] =
+-"GNU C Library "PKGVERSION RELEASE" release version "VERSION".\n\
++"GNU C Library "PKGVERSION RELEASE" release version "VERSION" (git "GITID").\n\
+ Copyright (C) 2024 Free Software Foundation, Inc.\n\
+ This is free software; see the source for copying conditions.\n\
+ There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A\n\
+ PARTICULAR PURPOSE.\n\
++Configured for "CONFHOST".\n\
+ Compiled by GNU CC version "__VERSION__".\n"
+ #ifdef LIBC_ABIS_STRING
+ LIBC_ABIS_STRING

glibc.rpmlintrc

@@ -0,0 +1,16 @@
+# glibc-profile is a devel package
+addFilter("glibc-profile.* devel-file-in-non-devel-package.*/usr/lib.*/lib.*_p\.a")
+# glibc is not a devel package
+addFilter("glibc\..* non-devel-file-in-devel-package")
+# getent deliberately uses gethostbyname
+addFilter("binary-or-shlib-calls-gethostbyname /usr/bin/getent")
+# We do need to keep the symtab (see comments in glibc.spec), so this is intented:
+addFilter("unstripped-binary-or-object")
+# ld.so is special:
+addFilter("shared-library-without-dependency-information /usr/lib.*/ld.*\.so")
+# the cross..-devel packages contain everything, in non-std paths, so no
+# ldconfig is wanted or needed (for sle-15 based trees), and we accept
+# the *.so symlinks, and deliver (target) binaries
+addFilter("cross.*library-without-ldconfig-post.*")
+addFilter("cross.*non-devel-file-in-devel-package.*")
+addFilter("cross.*arch-independent-package-contains-binary-or-object.*")

ldconfig-concurrency.patch

@@ -0,0 +1,53 @@
+	* elf/cache.c (save_cache): Use unique temporary name.
+	(save_aux_cache): Likewise.
+
+Index: glibc-2.34/elf/cache.c
+===================================================================
+--- glibc-2.34.orig/elf/cache.c
++++ glibc-2.34/elf/cache.c
+@@ -716,12 +716,12 @@ save_cache (const char *cache_name)
+   /* Write out the cache.  */
+ 
+   /* Write cache first to a temporary file and rename it later.  */
+-  char *temp_name = xmalloc (strlen (cache_name) + 2);
+-  sprintf (temp_name, "%s~", cache_name);
++  char *temp_name;
++  if (asprintf (&temp_name, "%s.XXXXXX", cache_name) < 0)
++    error (EXIT_FAILURE, errno, _("Can't allocate temporary name for cache file"));
+ 
+   /* Create file.  */
+-  int fd = open (temp_name, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW,
+-		 S_IRUSR|S_IWUSR);
++  int fd = mkostemp (temp_name, 0);
+   if (fd < 0)
+     error (EXIT_FAILURE, errno, _("Can't create temporary cache file %s"),
+ 	   temp_name);
+@@ -1128,8 +1128,9 @@ save_aux_cache (const char *aux_cache_na
+   /* Write out auxiliary cache file.  */
+   /* Write auxiliary cache first to a temporary file and rename it later.  */
+ 
+-  char *temp_name = xmalloc (strlen (aux_cache_name) + 2);
+-  sprintf (temp_name, "%s~", aux_cache_name);
++  char *temp_name;
++  if (asprintf (&temp_name, "%s.XXXXXX", aux_cache_name) < 0)
++    goto out_fail2;
+ 
+   /* Check that directory exists and create if needed.  */
+   char *dir = strdupa (aux_cache_name);
+@@ -1143,8 +1144,7 @@ save_aux_cache (const char *aux_cache_na
+     }
+ 
+   /* Create file.  */
+-  int fd = open (temp_name, O_CREAT|O_WRONLY|O_TRUNC|O_NOFOLLOW,
+-		 S_IRUSR|S_IWUSR);
++  int fd = mkostemp (temp_name, 0);
+   if (fd < 0)
+     goto out_fail;
+ 
+@@ -1167,5 +1167,6 @@ save_aux_cache (const char *aux_cache_na
+ out_fail:
+   /* Free allocated memory.  */
+   free (temp_name);
++out_fail2:
+   free (file_entries);
+ }

manpages.patch

@@ -0,0 +1,21 @@
+Index: ./manpages/locale.alias.5
+===================================================================
+--- ./manpages/locale.alias.5.orig
++++ ./manpages/locale.alias.5
+@@ -18,7 +18,7 @@
+ .SH "NAME"
+ locale.alias \- Locale name alias data base
+ .SH "DESCRIPTION"
+-The locale.alias database file (/etc/locale.alias) is used by the
++The locale.alias database file (/usr/share/locale/locale.alias) is used by the
+ .B locale
+ command and the 
+ .B X Window System
+@@ -40,6 +40,6 @@ name, or simpler versions of the POSIX l
+ Lines beginning with Hash ("#") are treated as comments and ignored.
+ 
+ .SH "SEE ALSO"
+-locale(1), localedef(1), locale-gen(8),  locale.gen(5) 
++locale(1), localedef(1)
+ .SH "AUTHOR"
+ Alastair McKinstry <mckinstry@computer.org>

nscd-server-user.patch

@@ -0,0 +1,13 @@
+Index: glibc-2.27/nscd/nscd.conf
+===================================================================
+--- glibc-2.27.orig/nscd/nscd.conf
++++ glibc-2.27/nscd/nscd.conf
+@@ -33,7 +33,7 @@
+ #	logfile			/var/log/nscd.log
+ #	threads			4
+ #	max-threads		32
+-#	server-user		nobody
++	server-user		nscd
+ #	stat-user		somebody
+ 	debug-level		0
+ #	reload-count		5

nscd.conf

@@ -0,0 +1 @@
+d /run/nscd 0755 root root

nscd.service

@@ -0,0 +1,22 @@
+# systemd service file for nscd
+
+[Unit]
+Description=Name Service Cache Daemon
+After=sysinit.target
+Wants=nss-lookup.target nss-user-lookup.target
+Before=nss-lookup.target nss-user-lookup.target
+
+[Service]
+Type=forking
+ExecStart=/usr/sbin/nscd
+ExecStop=/usr/sbin/nscd --shutdown
+ExecReload=/usr/sbin/nscd -i passwd
+ExecReload=/usr/sbin/nscd -i group
+ExecReload=/usr/sbin/nscd -i hosts
+ExecReload=/usr/sbin/nscd -i services
+ExecReload=/usr/sbin/nscd -i netgroup
+Restart=always
+PIDFile=/run/nscd/nscd.pid
+
+[Install]
+WantedBy=multi-user.target

nscd.sysusers

@@ -0,0 +1,2 @@
+#Type Name ID GECOS           Home directory Shell
+u     nscd -  "User for nscd" /run/nscd      -

nss-db-path.patch

@@ -0,0 +1,41 @@
+Use /var/db for nss_db
+
+Index: glibc-2.27/Makeconfig
+===================================================================
+--- glibc-2.27.orig/Makeconfig
++++ glibc-2.27/Makeconfig
+@@ -245,7 +245,7 @@ inst_sysconfdir = $(install_root)$(sysco
+ 
+ # Directory for the database files and Makefile for nss_db.
+ ifndef vardbdir
+-vardbdir = $(localstatedir)/db
++vardbdir = /var/lib/misc
+ endif
+ inst_vardbdir = $(install_root)$(vardbdir)
+ 
+Index: glibc-2.27/nss/db-Makefile
+===================================================================
+--- glibc-2.27.orig/nss/db-Makefile
++++ glibc-2.27/nss/db-Makefile
+@@ -22,7 +22,7 @@ DATABASES = $(wildcard /etc/passwd /etc/
+ 		       /etc/rpc /etc/services /etc/shadow /etc/gshadow \
+ 		       /etc/netgroup)
+ 
+-VAR_DB = /var/db
++VAR_DB = /var/lib/misc
+ 
+ AWK = awk
+ MAKEDB = makedb --quiet
+Index: glibc-2.27/sysdeps/unix/sysv/linux/paths.h
+===================================================================
+--- glibc-2.27.orig/sysdeps/unix/sysv/linux/paths.h
++++ glibc-2.27/sysdeps/unix/sysv/linux/paths.h
+@@ -68,7 +68,7 @@
+ /* Provide trailing slash, since mostly used for building pathnames. */
+ #define	_PATH_DEV	"/dev/"
+ #define	_PATH_TMP	"/tmp/"
+-#define	_PATH_VARDB	"/var/db/"
++#define	_PATH_VARDB	"/var/lib/misc/"
+ #define	_PATH_VARRUN	"/var/run/"
+ #define	_PATH_VARTMP	"/var/tmp/"
+ 

nsswitch.conf

@@ -0,0 +1,75 @@
+#
+# /etc/nsswitch.conf
+#
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
+#
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use Samba winbind support
+#	wins			Use Samba wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
+
+passwd:		compat systemd
+group:		compat [SUCCESS=merge] systemd
+shadow:		compat systemd
+# Allow initgroups to default to the setting for group.
+# initgroups:	compat
+
+hosts:  	files dns
+networks:	files dns
+
+aliases:	files usrfiles
+ethers:		files usrfiles
+gshadow:	files usrfiles
+netgroup:	files nis
+protocols:	files usrfiles
+publickey:	files
+rpc:		files usrfiles
+services:	files usrfiles
+
+automount:	files nis
+bootparams:	files
+netmasks:	files

sle-nsswitch.conf

@@ -0,0 +1,75 @@
+#
+# /etc/nsswitch.conf
+#
+# An example Name Service Switch config file. This file should be
+# sorted with the most-used services at the beginning.
+#
+# Valid databases are: aliases, ethers, group, gshadow, hosts,
+# initgroups, netgroup, networks, passwd, protocols, publickey,
+# rpc, services, and shadow.
+#
+# Valid service provider entries include (in alphabetical order):
+#
+#	compat			Use /etc files plus *_compat pseudo-db
+#	db			Use the pre-processed /var/db files
+#	dns			Use DNS (Domain Name Service)
+#	files			Use the local files in /etc
+#	hesiod			Use Hesiod (DNS) for user lookups
+#	nis			Use NIS (NIS version 2), also called YP
+#	nisplus			Use NIS+ (NIS version 3)
+#
+# See `info libc 'NSS Basics'` for more information.
+#
+# Commonly used alternative service providers (may need installation):
+#
+#	ldap			Use LDAP directory server
+#	myhostname		Use systemd host names
+#	mymachines		Use systemd machine names
+#	mdns*, mdns*_minimal	Use Avahi mDNS/DNS-SD
+#	resolve			Use systemd resolved resolver
+#	sss			Use System Security Services Daemon (sssd)
+#	systemd			Use systemd for dynamic user option
+#	winbind			Use Samba winbind support
+#	wins			Use Samba wins support
+#	wrapper			Use wrapper module for testing
+#
+# Notes:
+#
+# 'sssd' performs its own 'files'-based caching, so it should generally
+# come before 'files'.
+#
+# WARNING: Running nscd with a secondary caching service like sssd may
+# 	   lead to unexpected behaviour, especially with how long
+# 	   entries are cached.
+#
+# Installation instructions:
+#
+# To use 'db', install the appropriate package(s) (provide 'makedb' and
+# libnss_db.so.*), and place the 'db' in front of 'files' for entries
+# you want to be looked up first in the databases, like this:
+#
+# passwd:    db files
+# shadow:    db files
+# group:     db files
+
+passwd:		compat
+group:		compat
+shadow:		compat
+# Allow initgroups to default to the setting for group.
+# initgroups:	compat
+
+hosts:  	files dns
+networks:	files dns
+
+aliases:	files usrfiles
+ethers:		files usrfiles
+gshadow:	files usrfiles
+netgroup:	files nis
+protocols:	files usrfiles
+publickey:	files
+rpc:		files usrfiles
+services:	files usrfiles
+
+automount:	files nis
+bootparams:	files
+netmasks:	files

ulp-prologue-into-asm-functions.patch

@@ -0,0 +1,272 @@
+From ec4f0a28ed48c51165e3e72c7427efb0ae14a124 Mon Sep 17 00:00:00 2001
+From: Giuliano Belinassi <gbelinassi@suse.de>
+Date: Mon, 6 May 2024 20:09:55 -0300
+Subject: [PATCH] Add Userspace Livepatch prologue into ASM functions
+
+Userspace Live Patching (ULP) refers to the process of applying
+patches to the libraries used by a running process, without
+interrupting it. In order to archive this, functions must have
+the NOP prologue. This prologue is included automatically when
+compiled with -fpatchable-function-entry, but for ASM functions
+this have to be included manually. This patch does this.
+
+Signed-off-by: Giuliano Belinassi <gbelinassi@suse.de>
+---
+ Makeconfig                               |  5 +++
+ config.h.in                              |  3 ++
+ config.make.in                           |  1 +
+ configure                                | 21 +++++++++
+ configure.ac                             | 13 ++++++
+ sysdeps/x86_64/multiarch/strcmp-avx2.S   |  5 +--
+ sysdeps/x86_64/multiarch/strcmp-evex.S   |  5 +--
+ sysdeps/x86_64/multiarch/strcmp-sse4_2.S |  5 +--
+ sysdeps/x86_64/sysdep.h                  | 54 ++++++++++++++++++++++--
+ 9 files changed, 96 insertions(+), 16 deletions(-)
+
+diff --git a/Makeconfig b/Makeconfig
+index e583765712..b136e10224 100644
+--- a/Makeconfig
++++ b/Makeconfig
+@@ -981,6 +981,11 @@ else
+ +cflags += $(no-fortify-source)
+ endif
+ 
++# Add flags for Userspace Livepatching support.
++ifeq (yes,$(enable-userspace-livepatch))
+++cflags	+= -fpatchable-function-entry=16,14
++endif
++
+ # Each sysdeps directory can contain header files that both will be
+ # used to compile and will be installed.  Each can also contain an
+ # include/ subdirectory, whose header files will be used to compile
+diff --git a/config.h.in b/config.h.in
+index c4cc7d3b9a..dc70ed03d0 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -205,6 +205,9 @@
+ /* Define to 1 if libpthread actually resides in libc.  */
+ #define PTHREAD_IN_LIBC 0
+ 
++/* Define to 1 if support for userspace livepatching is enabled.  */
++#define ENABLE_USERSPACE_LIVEPATCH 0
++
+ /* An integer used to scale the timeout of test programs.  */
+ #define TIMEOUTFACTOR 1
+ 
+diff --git a/config.make.in b/config.make.in
+index 55e8b7563b..0f14c05d62 100644
+--- a/config.make.in
++++ b/config.make.in
+@@ -81,6 +81,7 @@ mach-interface-list = @mach_interface_list@
+ memory-tagging = @memory_tagging@
+ 
+ # Configuration options.
++enable-userspace-livepatch = @enable_userspace_livepatch@
+ build-shared = @shared@
+ build-profile = @profile@
+ build-static-nss = @static_nss@
+diff --git a/configure b/configure
+index 432e40a592..eb6b203925 100755
+--- a/configure
++++ b/configure
+@@ -622,6 +622,7 @@ LIBOBJS
+ pthread_in_libc
+ RELEASE
+ VERSION
++enable_userspace_livepatch
+ mach_interface_list
+ DEFINES
+ static_nss
+@@ -812,6 +813,7 @@ enable_cet
+ enable_scv
+ enable_fortify_source
+ with_cpu
++enable_userspace_livepatch
+ '
+       ac_precious_vars='build_alias
+ host_alias
+@@ -1490,6 +1492,8 @@ Optional Features:
+                           Use -D_FORTIFY_SOURCE=[1|2|3] to control code
+                           hardening, defaults to highest possible value
+                           supported by the build compiler.
++  --enable-userspace-livepatch
++                          build with userspace livepatch support [default=no]
+ 
+ Optional Packages:
+   --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+@@ -7867,6 +7871,23 @@ libc_cv_multidir=`${CC-cc} $CFLAGS $CPPFLAGS -print-multi-directory`
+ 
+ 
+ 
++# Check whether --enable-userspace-livepatch was given.
++if test ${enable_userspace_livepatch+y}
++then :
++  enableval=$enable_userspace_livepatch; enable_userspace_livepatch=$enableval
++else $as_nop
++  enable_userspace_livepatch=no
++fi
++
++
++# Libpulp uses -fpatchable-function-entry to add padding NOPS to the
++# prologue of all functions.
++if test "x$enable_userspace_livepatch" = xyes; then
++  printf "%s\n" "#define ENABLE_USERSPACE_LIVEPATCH 1" >>confdefs.h
++
++fi
++
++
+ VERSION=`sed -n -e 's/^#define VERSION "\([^"]*\)"/\1/p' < $srcdir/version.h`
+ RELEASE=`sed -n -e 's/^#define RELEASE "\([^"]*\)"/\1/p' < $srcdir/version.h`
+ 
+diff --git a/configure.ac b/configure.ac
+index bdc385d03c..cb4d28b3d8 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1756,6 +1756,19 @@ AC_SUBST(DEFINES)
+ dnl See sysdeps/mach/configure.ac for this variable.
+ AC_SUBST(mach_interface_list)
+ 
++AC_ARG_ENABLE([userspace-livepatch],
++	      AS_HELP_STRING([--enable-userspace-livepatch],
++			     [build with userspace livepatch support @<:@default=no@:>@]),
++	      [enable_userspace_livepatch=$enableval],
++	      [enable_userspace_livepatch=no])
++
++# Libpulp uses -fpatchable-function-entry to add padding NOPS to the
++# prologue of all functions.
++if test "x$enable_userspace_livepatch" = xyes; then
++  AC_DEFINE(ENABLE_USERSPACE_LIVEPATCH)
++fi
++AC_SUBST(enable_userspace_livepatch)
++
+ VERSION=`sed -n -e 's/^#define VERSION "\([^"]*\)"/\1/p' < $srcdir/version.h`
+ RELEASE=`sed -n -e 's/^#define RELEASE "\([^"]*\)"/\1/p' < $srcdir/version.h`
+ AC_SUBST(VERSION)
+diff --git a/sysdeps/x86_64/multiarch/strcmp-avx2.S b/sysdeps/x86_64/multiarch/strcmp-avx2.S
+index 5bc1d90078..3ea96c0aa3 100644
+--- a/sysdeps/x86_64/multiarch/strcmp-avx2.S
++++ b/sysdeps/x86_64/multiarch/strcmp-avx2.S
+@@ -201,10 +201,7 @@ END (STRCASECMP)
+ # endif
+ 
+ 	.p2align 4
+-STRCMP:
+-	cfi_startproc
+-	_CET_ENDBR
+-	CALL_MCOUNT
++FUNCTION_START(STRCMP)
+ 
+ # if defined USE_AS_STRCASECMP_L
+ 	/* We have to fall back on the C implementation for locales with
+diff --git a/sysdeps/x86_64/multiarch/strcmp-evex.S b/sysdeps/x86_64/multiarch/strcmp-evex.S
+index 06730ab2a1..d96b1c4824 100644
+--- a/sysdeps/x86_64/multiarch/strcmp-evex.S
++++ b/sysdeps/x86_64/multiarch/strcmp-evex.S
+@@ -224,10 +224,7 @@ END (STRCASECMP)
+ # endif
+ 
+ 	.p2align 4
+-STRCMP:
+-	cfi_startproc
+-	_CET_ENDBR
+-	CALL_MCOUNT
++FUNCTION_START(STRCMP)
+ 
+ # if defined USE_AS_STRCASECMP_L
+ 	/* We have to fall back on the C implementation for locales with
+diff --git a/sysdeps/x86_64/multiarch/strcmp-sse4_2.S b/sysdeps/x86_64/multiarch/strcmp-sse4_2.S
+index 4e98da0246..2a2280c65f 100644
+--- a/sysdeps/x86_64/multiarch/strcmp-sse4_2.S
++++ b/sysdeps/x86_64/multiarch/strcmp-sse4_2.S
+@@ -103,10 +103,7 @@ END (STRCASECMP)
+ 
+ # define arg arg
+ 
+-STRCMP:
+-	cfi_startproc
+-	_CET_ENDBR
+-	CALL_MCOUNT
++FUNCTION_START(STRCMP)
+ 
+ /*
+  * This implementation uses SSE to compare up to 16 bytes at a time.
+diff --git a/sysdeps/x86_64/sysdep.h b/sysdeps/x86_64/sysdep.h
+index db6e36b2dd..86a5d1b2be 100644
+--- a/sysdeps/x86_64/sysdep.h
++++ b/sysdeps/x86_64/sysdep.h
+@@ -49,6 +49,46 @@ enum cf_protection_level
+ 
+ #ifdef	__ASSEMBLER__
+ 
++/* Libpulp uses -fpatchable-function-entry to add padding NOPS to the
++   prologue of all functions. This works for C functions. For functions
++   written in ASM, the way we do this is by adding this prologue manually.  */
++
++#if ENABLE_USERSPACE_LIVEPATCH
++
++/* Instructions to be inserted before the function label.  */
++# define ULP_NOPS_PRE_PROLOGUE     .rept 14; nop; .endr
++
++/* Instruction to be inserted after the function label.  */
++# define ULP_NOPS_POST_PROLOGUE    .rept  2; nop; .endr
++
++
++/* this macro expands according to the following condition:
++ * if name = _start, then the prologue is not inserted.
++ * if name = _dl_relocate_static_pie, then the prologue is not inserted.
++ * if name = anything else, then the prologue is inserted.
++ **/
++# define __ULP_POST_PROLOGUE_dl_relocate_static_pie   ,
++# define __ULP_PRE_PROLOGUE_start                     ,
++# define __ULP_PRE_PROLOGUE(x, y,...)                 y
++# define _ULP_PRE_PROLOGUE(x, ...)                    __ULP_PRE_PROLOGUE(x, __VA_ARGS__)
++# define ULP_PRE_PROLOGUE(name)                       _ULP_PRE_PROLOGUE(__ULP_PRE_PROLOGUE##name, ULP_NOPS_PRE_PROLOGUE,)
++
++/* this macro expands according to the following condition:
++ * if name = _start, then the postlogue is not inserted.
++ * if name = _dl_relocate_static_pie, then the postlogue is not inserted.
++ * if name = anything else, then the postlogue is inserted.
++ **/
++# define __ULP_POST_PROLOGUE_dl_relocate_static_pie   ,
++# define __ULP_POST_PROLOGUE_start                    ,
++# define __ULP_POST_PROLOGUE(x, y,...)                y
++# define _ULP_POST_PROLOGUE(x, ...)                   __ULP_POST_PROLOGUE(x, __VA_ARGS__)
++# define ULP_POST_PROLOGUE(name)                      _ULP_POST_PROLOGUE(__ULP_POST_PROLOGUE##name, ULP_NOPS_POST_PROLOGUE,)
++
++#else
++# define ULP_PRE_PROLOGUE(name)
++# define ULP_POST_PROLOGUE(name)
++#endif
++
+ /* Syntactic details of assembler.  */
+ 
+ #ifdef _CET_ENDBR
+@@ -58,15 +98,21 @@ enum cf_protection_level
+ # define _CET_NOTRACK
+ #endif
+ 
++/* Define the first instructions of a function.  */
++#define FUNCTION_START(name)						      \
++  ULP_PRE_PROLOGUE(name);							      \
++  C_LABEL(name);							      \
++  cfi_startproc;							      \
++  _CET_ENDBR;								      \
++  ULP_POST_PROLOGUE(name);							      \
++  CALL_MCOUNT;
++
+ /* Define an entry point visible from C.  */
+ #define	ENTRY_P2ALIGN(name, alignment)					      \
+   .globl C_SYMBOL_NAME(name);						      \
+   .type C_SYMBOL_NAME(name),@function;					      \
+   .align ALIGNARG(alignment);						      \
+-  C_LABEL(name)								      \
+-  cfi_startproc;							      \
+-  _CET_ENDBR;								      \
+-  CALL_MCOUNT
++  FUNCTION_START(name)
+ 
+ /* This macro is for setting proper CFI with DW_CFA_expression describing
+    the register as saved relative to %rsp instead of relative to the CFA.
+-- 
+2.44.0
+