+++ /dev/null
-# Improve res_randomid in the resolver.
-
---- a/include/resolv.h
-+++ b/include/resolv.h
-@@ -31,6 +31,7 @@ extern struct __res_state _res;
- # endif
-
- /* Now define the internal interfaces. */
-+extern unsigned int _shuffle_next (void);
- extern int __res_vinit (res_state, int);
- extern int __res_maybe_init (res_state, int);
- extern void _sethtent (int);
---- a/resolv/Makefile
-+++ b/resolv/Makefile
-@@ -29,7 +29,7 @@ distribute := ../conf/portability.h mapv4v6addr.h mapv4v6hostent.h \
- Banner res_hconf.h res_debug.h README gai_misc.h ga_test.c
-
- routines := herror inet_addr inet_ntop inet_pton nsap_addr res_init \
-- res_hconf res_libc res-state
-+ res_hconf res_libc res-state shuffle
-
- tests = tst-aton tst-leaks tst-inet_ntop
- xtests = tst-leaks2
---- a/resolv/res_init.c
-+++ b/resolv/res_init.c
-@@ -570,7 +570,9 @@ net_mask(in) /* XXX - should really use system's version of this */
-
- u_int
- res_randomid(void) {
-- return 0xffff & __getpid();
-+/* We should probably randomize the port number as well,
-+ * but this may be better done in the kernel */
-+ return _shuffle_next();
- }
- #ifdef _LIBC
- libc_hidden_def (__res_randomid)
---- a/resolv/res_mkquery.c
-+++ b/resolv/res_mkquery.c
-@@ -120,6 +120,7 @@ res_nmkquery(res_state statp,
- return (-1);
- memset(buf, 0, HFIXEDSZ);
- hp = (HEADER *) buf;
-+#ifdef USE_OLD_RANDOMIZE_CODE
- /* We randomize the IDs every time. The old code just
- incremented by one after the initial randomization which
- still predictable if the application does multiple
-@@ -137,6 +138,9 @@ res_nmkquery(res_state statp,
- }
- while ((randombits & 0xffff) == 0);
- statp->id = (statp->id + randombits) & 0xffff;
-+#else
-+ statp->id = res_randomid ();
-+#endif
- hp->id = statp->id;
- hp->opcode = op;
- hp->rd = (statp->options & RES_RECURSE) != 0;
---- /dev/null
-+++ b/resolv/shuffle.c
-@@ -0,0 +1,258 @@
-+/*
-+ * Written by Solar Designer and placed in the public domain.
-+ */
-+
-+#include <unistd.h>
-+#include <fcntl.h>
-+#include <resolv.h>
-+
-+#ifdef __linux__
-+#define DEVICE "/dev/urandom"
-+#else
-+#undef DEVICE
-+#endif
-+
-+#if defined(DEVICE) && defined(_LIBC)
-+#define CONSERVE_KERNEL_RANDOMNESS
-+#else
-+#undef CONSERVE_KERNEL_RANDOMNESS
-+#endif
-+
-+#ifdef DEVICE
-+#include <errno.h>
-+#endif
-+
-+#include <stdlib.h>
-+#include <string.h>
-+#include <sys/time.h>
-+#include <sys/times.h>
-+
-+#ifdef TEST
-+#include <stdio.h>
-+#endif
-+
-+#define DIV 0x8000
-+
-+static unsigned char pool[0x100];
-+
-+static struct {
-+ unsigned int base, xor;
-+ unsigned char s[0x80];
-+} seed_c;
-+static unsigned char seed_f[0x100];
-+
-+static struct {
-+ unsigned int msb;
-+ unsigned int a, b;
-+ unsigned int n;
-+} state;
-+
-+static void pool_update(unsigned int seed)
-+{
-+ int i, x;
-+
-+ __srandom(seed ^ __random());
-+ for (i = 0; i < sizeof(pool); i++) {
-+ x = __random();
-+ pool[i] += (x >> 16) ^ x;
-+ }
-+}
-+
-+#ifdef DEVICE
-+static int read_loop(int fd, char *buffer, int count)
-+{
-+ int offset, block;
-+
-+ offset = 0;
-+ while (count > 0) {
-+ block = __read(fd, &buffer[offset], count);
-+
-+ if (block < 0) {
-+ if (errno == EINTR) continue;
-+ return block;
-+ }
-+ if (!block) return offset;
-+
-+ offset += block;
-+ count -= block;
-+ }
-+
-+ return offset;
-+}
-+
-+static int read_random(char *buffer, int count)
-+{
-+ int fd;
-+#ifdef CONSERVE_KERNEL_RANDOMNESS
-+ unsigned int seed[2];
-+
-+ if (count > sizeof(pool))
-+ return -1;
-+#endif
-+
-+ if ((fd = __open(DEVICE, O_RDONLY)) < 0)
-+ return -1;
-+
-+#ifdef CONSERVE_KERNEL_RANDOMNESS
-+ if (read_loop(fd, (char *)seed, sizeof(seed)) != sizeof(seed)) {
-+ __close(fd);
-+ return -1;
-+ }
-+ __close(fd);
-+
-+ memset(pool, 'X', sizeof(pool));
-+ pool_update(seed[0]);
-+ pool_update(seed[1]);
-+
-+ memcpy(buffer, pool, count);
-+#else
-+ count = read_loop(fd, buffer, count);
-+ __close(fd);
-+#endif
-+
-+ return count;
-+}
-+#else
-+#define read_random(buffer, count) (-1)
-+#endif
-+
-+static void shuffle_init()
-+{
-+ struct timeval tv;
-+
-+ if (read_random((char *)seed_f, sizeof(seed_f)) != sizeof(seed_f)) {
-+ memset(pool, 'X', sizeof(pool));
-+ pool_update(__getpid());
-+ pool_update(__getppid());
-+ if (!__gettimeofday(&tv, NULL)) {
-+ pool_update(tv.tv_sec);
-+ pool_update(tv.tv_usec);
-+ }
-+
-+ memcpy(seed_f, pool, sizeof(seed_f));
-+ }
-+
-+ state.msb = 0;
-+ state.n = DIV; /* force a reseed() */
-+}
-+
-+static void reseed()
-+{
-+ struct tms buf;
-+
-+ if (read_random((char *)&seed_c, sizeof(seed_c)) != sizeof(seed_c)) {
-+ pool_update(__times(&buf));
-+ pool_update(buf.tms_utime);
-+ pool_update(buf.tms_stime);
-+
-+ memcpy(&seed_c, pool, sizeof(seed_c));
-+ }
-+
-+ seed_c.base &= 0x1fff;
-+ seed_c.base <<= 3;
-+ seed_c.base += DIV + 3;
-+ seed_c.xor &= (DIV - 1);
-+ state.msb ^= 0x8000;
-+ state.a = 1;
-+ state.b = 1;
-+ state.n = 0;
-+}
-+
-+/*
-+ * Now, time for a puzzle. Think of division by DIV in seed_c.base.
-+ * This is not as slow as it might appear: the inner loop needs only
-+ * a few iterations per call, on average.
-+ */
-+static unsigned int shuffle_1_next()
-+{
-+ if (state.n >= DIV - 1)
-+ reseed();
-+
-+ if (state.n && state.b <= state.a) {
-+ do {
-+ state.b = ++state.a;
-+ do {
-+ state.b *= seed_c.base;
-+ state.b %= DIV;
-+ } while (state.b > state.a);
-+ } while (state.a != state.b);
-+ }
-+
-+ state.b *= seed_c.base;
-+ state.b %= DIV;
-+ state.n++;
-+
-+ return state.b ^ seed_c.xor;
-+}
-+
-+/*
-+ * The idea behind shuffle_2 is David Wagner's (any bugs are mine,
-+ * of course).
-+ */
-+static unsigned int shuffle_2(unsigned int x)
-+{
-+ unsigned int i, sum;
-+
-+ sum = 0;
-+ for (i = 0; i < 8; i++) {
-+ sum += 0x79b9;
-+ x ^= ((unsigned int)seed_c.s[(x ^ sum) & 0x7f]) << 7;
-+ x = ((x & 0xff) << 7) | (x >> 8);
-+ }
-+
-+ return x;
-+}
-+
-+/*
-+ * A full 16-bit permutation. This one can't be re-seeded, but still
-+ * makes some attacks quite a bit harder.
-+ */
-+static unsigned int shuffle_3(unsigned int x)
-+{
-+ unsigned int i, sum;
-+
-+ sum = 0;
-+ for (i = 0; i < 8; i++) {
-+ sum += 0x79b9;
-+ x ^= ((unsigned int)seed_f[(x ^ sum) & 0xff]) << 8;
-+ x = ((x & 0xff) << 8) | (x >> 8);
-+ }
-+
-+ return x;
-+}
-+
-+unsigned int _shuffle_next()
-+{
-+ static int initialized = 0;
-+ unsigned int pid, x;
-+
-+/* This isn't MT-safe, but the resolver itself isn't safe, anyway */
-+ if (!initialized) {
-+ shuffle_init();
-+ initialized = 1;
-+ }
-+
-+/* Make sure the sequence we generate changes after fork() */
-+ pid = __getpid();
-+
-+ x = shuffle_1_next();
-+ x ^= pid & 0x7fff;
-+ x = shuffle_2(x);
-+ x |= state.msb;
-+ x ^= (pid >> 15) & 0xffff;
-+ x = shuffle_3(x);
-+
-+ return x;
-+}
-+
-+#ifdef TEST
-+int main()
-+{
-+ int i;
-+
-+ for (i = 0; i < 0xfffe; i++)
-+ printf("%u\n", _shuffle_next());
-+
-+ return 0;
-+}
-+#endif
--- /dev/null
+From f160cfff59261bb661cf829fdcb5a3f391996280 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 22 Sep 2016 16:33:43 +0100
+Subject: [PATCH] Revert "Avoid an extra branch to PLT for -z now"
+
+This reverts commit 6901def689b5c77465d34f07822989ec67e80c1e.
+
+glibc won't compile on x86_64 with PIC and BIND_NOW enabled
+both at the same time.
+
+See: https://sourceware.org/bugzilla/show_bug.cgi?id=20621
+---
+ config.h.in | 3 ---
+ configure | 4 ----
+ configure.ac | 3 ---
+ sysdeps/x86_64/sysdep.h | 8 ++------
+ 4 files changed, 2 insertions(+), 16 deletions(-)
+
+diff --git a/config.h.in b/config.h.in
+index 8cd08b0..f4ec748 100644
+--- a/config.h.in
++++ b/config.h.in
+@@ -94,9 +94,6 @@
+ include/libc-symbols.h that avoid PLT slots in the shared objects. */
+ #undef NO_HIDDEN
+
+-/* Define this to disable lazy relocations in DSOs. */
+-#undef BIND_NOW
+-
+ /* AArch64 big endian ABI */
+ #undef HAVE_AARCH64_BE
+
+diff --git a/configure b/configure
+index 6ff2527..46015c9 100755
+--- a/configure
++++ b/configure
+@@ -3419,10 +3419,6 @@ else
+ fi
+
+
+-if test "x$bindnow" = xyes; then
+- $as_echo "#define BIND_NOW 1" >>confdefs.h
+-
+-fi
+
+ # Check whether --enable-static-nss was given.
+ if test "${enable_static_nss+set}" = set; then :
+diff --git a/configure.ac b/configure.ac
+index 9938ab0..d255b57 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -231,9 +231,6 @@ AC_ARG_ENABLE([bind-now],
+ [bindnow=$enableval],
+ [bindnow=no])
+ AC_SUBST(bindnow)
+-if test "x$bindnow" = xyes; then
+- AC_DEFINE(BIND_NOW)
+-fi
+
+ dnl On some platforms we cannot use dynamic loading. We must provide
+ dnl static NSS modules.
+diff --git a/sysdeps/x86_64/sysdep.h b/sysdeps/x86_64/sysdep.h
+index 75ac747..fbe3560 100644
+--- a/sysdeps/x86_64/sysdep.h
++++ b/sysdeps/x86_64/sysdep.h
+@@ -90,13 +90,9 @@ lose: \
+
+ #undef JUMPTARGET
+ #ifdef PIC
+-# ifdef BIND_NOW
+-# define JUMPTARGET(name) *name##@GOTPCREL(%rip)
+-# else
+-# define JUMPTARGET(name) name##@PLT
+-# endif
++#define JUMPTARGET(name) name##@PLT
+ #else
+-# define JUMPTARGET(name) name
++#define JUMPTARGET(name) name
+ #endif
+
+ /* Local label name for asm code. */
+--
+2.7.4
+
--- /dev/null
+diff --git a/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S b/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S
+index b4890f4..4b717d9 100644
+--- a/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S
++++ b/sysdeps/x86_64/multiarch/memcpy-ssse3-back.S
+@@ -48,8 +48,10 @@
+ .section .text.ssse3,"ax",@progbits
+ #if !defined USE_AS_MEMPCPY && !defined USE_AS_MEMMOVE
+ ENTRY (MEMPCPY_CHK)
++#ifdef _FORTIFY_SOURCE
+ cmpq %rdx, %rcx
+ jb HIDDEN_JUMPTARGET (__chk_fail)
++#endif
+ END (MEMPCPY_CHK)
+
+ ENTRY (MEMPCPY)
+@@ -61,8 +63,10 @@ END (MEMPCPY)
+
+ #if !defined USE_AS_BCOPY
+ ENTRY (MEMCPY_CHK)
++#ifdef _FORTIFY_SOURCE
+ cmpq %rdx, %rcx
+ jb HIDDEN_JUMPTARGET (__chk_fail)
++#endif
+ END (MEMCPY_CHK)
+ #endif
+
+diff --git a/sysdeps/x86_64/multiarch/memcpy-ssse3.S b/sysdeps/x86_64/multiarch/memcpy-ssse3.S
+index 1ca88c0..a2f140b 100644
+--- a/sysdeps/x86_64/multiarch/memcpy-ssse3.S
++++ b/sysdeps/x86_64/multiarch/memcpy-ssse3.S
+@@ -48,8 +48,10 @@
+ .section .text.ssse3,"ax",@progbits
+ #if !defined USE_AS_MEMPCPY && !defined USE_AS_MEMMOVE
+ ENTRY (MEMPCPY_CHK)
++#ifdef _FORTIFY_SOURCE
+ cmpq %rdx, %rcx
+ jb HIDDEN_JUMPTARGET (__chk_fail)
++#endif
+ END (MEMPCPY_CHK)
+
+ ENTRY (MEMPCPY)
+@@ -61,8 +63,10 @@ END (MEMPCPY)
+
+ #if !defined USE_AS_BCOPY
+ ENTRY (MEMCPY_CHK)
++#ifdef _FORTIFY_SOURCE
+ cmpq %rdx, %rcx
+ jb HIDDEN_JUMPTARGET (__chk_fail)
++#endif
+ END (MEMCPY_CHK)
+ #endif
+
+diff --git a/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S b/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S
+index 9687df0..2d0abee 100644
+--- a/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S
++++ b/sysdeps/x86_64/multiarch/memset-avx512-no-vzeroupper.S
+@@ -29,8 +29,10 @@
+ .section .text.avx512,"ax",@progbits
+ #if defined PIC
+ ENTRY (MEMSET_CHK)
++#ifdef _FORTIFY_SOURCE
+ cmpq %rdx, %rcx
+ jb HIDDEN_JUMPTARGET (__chk_fail)
++#endif
+ END (MEMSET_CHK)
+ #endif
+