Security bump; bugs #77025 and #77094.

author: Tim Yamin <plasmaroo@gentoo.org> 2005-01-08 17:30:04 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2005-01-08 17:30:04 +0000
commit: 14a2482cdd1eb90eeb6a4879debc86d15b100d64 (patch)
tree: f439946cf825d91559714db44bee18b7f99dd717 /sys-kernel
parent: Stable on hppa. (diff)
download: historical-14a2482cdd1eb90eeb6a4879debc86d15b100d64.tar.gz
historical-14a2482cdd1eb90eeb6a4879debc86d15b100d64.tar.bz2
historical-14a2482cdd1eb90eeb6a4879debc86d15b100d64.zip
9 files changed, 691 insertions, 30 deletions
diff --git a/sys-kernel/ck-sources/ChangeLog b/sys-kernel/ck-sources/ChangeLog
index 9601318af497..64093e8c52d0 100644
--- a/sys-kernel/ck-sources/ChangeLog
+++ b/sys-kernel/ck-sources/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for sys-kernel/ck-sources
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.80 2005/01/07 19:05:43 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.81 2005/01/08 17:30:04 plasmaroo Exp $
+
+*ck-sources-2.4.28-r2 (08 Jan 2005)
+
+  08 Jan 2005; <plasmaroo@gentoo.org> -ck-sources-2.4.28-r1.ebuild,
+  +ck-sources-2.4.28-r2.ebuild, ck-sources-2.6.10-r2.ebuild,
+  +files/ck-sources-2.4.28.77094.patch,
+  +files/ck-sources-2.4.28.brk-locked.patch,
+  +files/ck-sources-2.6.10-77094.patch,
+  +files/ck-sources-2.6.10-brk-locked.patch:
+  Security bump; bugs #77025 and #77094.
 
   07 Jan 2005; Daniel Drake <dsd@gentoo.org> ck-sources-2.6.10-r2.ebuild:
   Update to use KV_FULL
diff --git a/sys-kernel/ck-sources/Manifest b/sys-kernel/ck-sources/Manifest
index 2ba358c3da12..7bca458c8704 100644
--- a/sys-kernel/ck-sources/Manifest
+++ b/sys-kernel/ck-sources/Manifest
@@ -1,24 +1,18 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 76b1482dfbccaced9d8fc541bdd21184 ck-sources-2.4.28-r1.ebuild 1089
-MD5 9d00f6ea2ca13444321ec9bccce65bab ck-sources-2.6.10-r2.ebuild 782
-MD5 7316f7df8d3230761084b187b20bc565 ChangeLog 17215
+MD5 072e410d511d4a6f5e04862311b8b275 ChangeLog 17599
+MD5 3c99b06b9782c24519b9da98b9795ce2 ck-sources-2.4.28-r2.ebuild 1152
 MD5 7187b8c28501f454a2412c9e4a7fcf53 metadata.xml 421
-MD5 8c35751caf824a9dacb02e80d6189b2e files/ck-sources-2.4.28.CAN-2004-1137.patch 1764
-MD5 cd90102d73b2dbed58a9263901319844 files/ck-sources-2.6.10-disable-iopriowr.patch 912
+MD5 d81afad5097d8551a96f491772e40a3b ck-sources-2.6.10-r2.ebuild 842
+MD5 3f3b0560e2253b45f6178e8396a6c4ec files/ck-sources-2.6.10-77094.patch 3667
 MD5 6aa8f7a7c2d55734389b53d3bcf78570 files/ck-sources-2.4.28.CAN-2004-1016.patch 2835
-MD5 d1ccc2047be533c992f67270a150a210 files/ck-sources-2.4.28.cmdlineLeak.patch 388
+MD5 45c159d1ec53d40f6d602733313523b5 files/digest-ck-sources-2.6.10-r2 131
 MD5 c27699e9d62f7d46213bd51f87636163 files/ck-sources-2.4.28.vma.patch 8143
-MD5 55eb417b53b98efb6e89557bbf35e51b files/digest-ck-sources-2.4.28-r1 214
 MD5 79a76d3cb0029b85d4303b0019e788a8 files/ck-sources-2.4.28.compileFix.patch 2070
-MD5 b9a94233e1457787352e5f85e3e3582d files/ck-sources-2.4.28.binfmt_a.out.patch 2009
+MD5 1d78b90e495e432432e095ee47bbc2fc files/ck-sources-2.4.28.77094.patch 452
+MD5 6cf860a301930c8cac126ab0c4d859d4 files/ck-sources-2.4.28.brk-locked.patch 8202
+MD5 cd0a7533c43364e377348613c6d76bb7 files/ck-sources-2.6.10-brk-locked.patch 9736
+MD5 cd90102d73b2dbed58a9263901319844 files/ck-sources-2.6.10-disable-iopriowr.patch 912
+MD5 ea61cd84e266e1ddfa963d27e9c1ba99 files/digest-ck-sources-2.4.28-r2 210
 MD5 757ee1239c3f14645ccea3640d551e11 files/ck-sources-2.4.28.CAN-2004-1056.patch 11249
-MD5 45c159d1ec53d40f6d602733313523b5 files/digest-ck-sources-2.6.10-r2 131
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.2.6 (GNU/Linux)
-
-iD8DBQFB3u41iJcSIUGNthERAvOXAKCDT5w3yBuGJ2enOcrzdqbRH+tIkwCeIkaA
-XkkFwDjeIX/VSmdzlqp7Xyw=
-=Ccap
------END PGP SIGNATURE-----
+MD5 d1ccc2047be533c992f67270a150a210 files/ck-sources-2.4.28.cmdlineLeak.patch 388
+MD5 8c35751caf824a9dacb02e80d6189b2e files/ck-sources-2.4.28.CAN-2004-1137.patch 1764
+MD5 b9a94233e1457787352e5f85e3e3582d files/ck-sources-2.4.28.binfmt_a.out.patch 2009
diff --git a/sys-kernel/ck-sources/ck-sources-2.4.28-r1.ebuild b/sys-kernel/ck-sources/ck-sources-2.4.28-r2.ebuild
index 3c72677ff767..bff239d530f3 100644
--- a/sys-kernel/ck-sources/ck-sources-2.4.28-r1.ebuild
+++ b/sys-kernel/ck-sources/ck-sources-2.4.28-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.28-r1.ebuild,v 1.2 2005/01/07 15:23:58 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.28-r2.ebuild,v 1.1 2005/01/08 17:30:04 plasmaroo Exp $
 
 ETYPE="sources"
 
@@ -14,17 +14,19 @@ KEYWORDS="~x86"
 IUSE=""
 UNIPATCH_STRICTORDER="Y"
 UNIPATCH_LIST="${DISTDIR}/patch-${PV}-lck${CKV}.bz2
-	${DISTDIR}/${PN}-2.4.27-CAN-2004-0814.patch
 	${FILESDIR}/${P}.cmdlineLeak.patch
-	${FILESDIR}/${P}.binfmt_a.out.patch
-	${FILESDIR}/${P}.vma.patch
 	${FILESDIR}/${P}.CAN-2004-1016.patch
 	${FILESDIR}/${P}.CAN-2004-1056.patch
 	${FILESDIR}/${P}.CAN-2004-1137.patch
-	${FILESDIR}/${P}.compileFix.patch"
+	${FILESDIR}/${P}.compileFix.patch
+	${FILESDIR}/${P}.binfmt_a.out.patch
+	${FILESDIR}/${P}.vma.patch
+	${FILESDIR}/${P}.brk-locked.patch
+	${DISTDIR}/${P}-CAN-2004-0814.patch
+	${FILESDIR}/${P}.77094.patch"
 
 DESCRIPTION="Full sources for the Stock Linux kernel Con Kolivas's high performance patchset"
 HOMEPAGE="http://members.optusnet.com.au/ckolivas/kernel/"
 SRC_URI="${KERNEL_URI}
 	http://www.plumlocosoft.com/kernel/patches/2.4/${PV}/${PV}-lck${CKV}/patch-${PV}-lck${CKV}.bz2
-	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/${PN}-2.4.27-CAN-2004-0814.patch"
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-2.4.28-CAN-2004-0814.patch"
diff --git a/sys-kernel/ck-sources/ck-sources-2.6.10-r2.ebuild b/sys-kernel/ck-sources/ck-sources-2.6.10-r2.ebuild
index fc69a487aeb0..3cd12df7475d 100644
--- a/sys-kernel/ck-sources/ck-sources-2.6.10-r2.ebuild
+++ b/sys-kernel/ck-sources/ck-sources-2.6.10-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.6.10-r2.ebuild,v 1.2 2005/01/07 19:05:43 dsd Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.6.10-r2.ebuild,v 1.3 2005/01/08 17:30:04 plasmaroo Exp $
 
 K_PREPATCHED="yes"
 UNIPATCH_STRICTORDER="yes"
@@ -12,8 +12,11 @@ inherit kernel-2
 detect_version
 
 CK_PATCH="patch-${KV_FULL}.bz2"
-UNIPATCH_LIST="${DISTDIR}/${CK_PATCH}
-	${FILESDIR}/ck-sources-2.6.10-disable-iopriowr.patch"
+UNIPATCH_LIST="
+	${DISTDIR}/${CK_PATCH}
+	${FILESDIR}/${P}-disable-iopriowr.patch
+	${FILESDIR}/${P}-77094.patch
+	${FILESDIR}/${P}-brk-locked.patch"
 IUSE=""
 
 DESCRIPTION="Full sources for the Stock Linux kernel and Con Kolivas's high performance patchset"
diff --git a/sys-kernel/ck-sources/files/ck-sources-2.4.28.77094.patch b/sys-kernel/ck-sources/files/ck-sources-2.4.28.77094.patch
new file mode 100644
index 000000000000..cc3a1552c83d
--- /dev/null
+++ b/sys-kernel/ck-sources/files/ck-sources-2.4.28.77094.patch
@@ -0,0 +1,12 @@
+diff -ur linux-2.4.28/drivers/char/random.c linux-2.4.28.plasmaroo/drivers/char/random.c
+--- linux-2.4.28/drivers/char/random.c	2004-11-17 11:54:21.000000000 +0000
++++ linux-2.4.28.plasmaroo/drivers/char/random.c	2005-01-08 02:54:49.198635736 +0000
+@@ -1787,7 +1787,7 @@
+ 			     void *oldval, size_t *oldlenp,
+ 			     void *newval, size_t newlen, void **context)
+ {
+-	int	len;
++	size_t	len;
+ 	
+ 	sysctl_poolsize = random_state->poolinfo.POOLBYTES;
+ 
diff --git a/sys-kernel/ck-sources/files/ck-sources-2.4.28.brk-locked.patch b/sys-kernel/ck-sources/files/ck-sources-2.4.28.brk-locked.patch
new file mode 100644
index 000000000000..1e1c198fd69d
--- /dev/null
+++ b/sys-kernel/ck-sources/files/ck-sources-2.4.28.brk-locked.patch
@@ -0,0 +1,247 @@
+diff -ur linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c
+--- linux-2.4.28-gentoo-r4/arch/mips/kernel/irixelf.c	2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/arch/mips/kernel/irixelf.c	2005-01-07 20:20:32.000000000 +0000
+@@ -130,7 +130,7 @@
+ 	end = PAGE_ALIGN(end);
+ 	if (end <= start)
+ 		return;
+-	do_brk(start, end - start);
++	do_brk_locked(start, end - start);
+ }
+ 
+ 
+@@ -379,7 +379,7 @@
+ 
+ 	/* Map the last of the bss segment */
+ 	if (last_bss > len) {
+-		do_brk(len, (last_bss - len));
++		do_brk_locked(len, (last_bss - len));
+ 	}
+ 	kfree(elf_phdata);
+ 
+@@ -567,7 +567,7 @@
+ 	unsigned long v;
+ 	struct prda *pp;
+ 
+-	v =  do_brk (PRDA_ADDRESS, PAGE_SIZE);
++	v =  do_brk_locked (PRDA_ADDRESS, PAGE_SIZE);
+ 
+ 	if (v < 0)
+ 		return;
+@@ -859,7 +859,7 @@
+ 	len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000;
+ 	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ 	if (bss > len)
+-	  do_brk(len, bss-len);
++	  do_brk_locked(len, bss-len);
+ 	kfree(elf_phdata);
+ 	return 0;
+ }
+diff -ur linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c
+--- linux-2.4.28-gentoo-r4/arch/sparc64/kernel/binfmt_aout32.c	2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/arch/sparc64/kernel/binfmt_aout32.c	2005-01-07 20:20:32.000000000 +0000
+@@ -49,7 +49,7 @@
+ 	end = PAGE_ALIGN(end);
+ 	if (end <= start)
+ 		return;
+-	do_brk(start, end - start);
++	do_brk_locked(start, end - start);
+ }
+ 
+ /*
+@@ -246,10 +246,10 @@
+ 	if (N_MAGIC(ex) == NMAGIC) {
+ 		loff_t pos = fd_offset;
+ 		/* Fuck me plenty... */
+-		error = do_brk(N_TXTADDR(ex), ex.a_text);
++		error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ 		bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ 			  ex.a_text, &pos);
+-		error = do_brk(N_DATADDR(ex), ex.a_data);
++		error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ 		bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
+ 			  ex.a_data, &pos);
+ 		goto beyond_if;
+@@ -257,7 +257,7 @@
+ 
+ 	if (N_MAGIC(ex) == OMAGIC) {
+ 		loff_t pos = fd_offset;
+-		do_brk(N_TXTADDR(ex) & PAGE_MASK,
++		do_brk_locked(N_TXTADDR(ex) & PAGE_MASK,
+ 			ex.a_text+ex.a_data + PAGE_SIZE - 1);
+ 		bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ 			  ex.a_text+ex.a_data, &pos);
+@@ -272,7 +272,7 @@
+ 
+ 		if (!bprm->file->f_op->mmap) {
+ 			loff_t pos = fd_offset;
+-			do_brk(0, ex.a_text+ex.a_data);
++			do_brk_locked(0, ex.a_text+ex.a_data);
+ 			bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
+ 				  ex.a_text+ex.a_data, &pos);
+ 			goto beyond_if;
+@@ -388,7 +388,7 @@
+ 	len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ 	bss = ex.a_text + ex.a_data + ex.a_bss;
+ 	if (bss > len) {
+-		error = do_brk(start_addr + len, bss - len);
++		error = do_brk_locked(start_addr + len, bss - len);
+ 		retval = error;
+ 		if (error != start_addr + len)
+ 			goto out;
+diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_aout.c linux-2.4.28-gentoo-r5/fs/binfmt_aout.c
+--- linux-2.4.28-gentoo-r4/fs/binfmt_aout.c	2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/fs/binfmt_aout.c	2005-01-07 20:20:32.000000000 +0000
+@@ -46,7 +46,7 @@
+ 	start = PAGE_ALIGN(start);
+ 	end = PAGE_ALIGN(end);
+ 	if (end > start) {
+-		unsigned long addr = do_brk(start, end - start);
++		unsigned long addr = do_brk_locked(start, end - start);
+ 		if (BAD_ADDR(addr))
+ 			return addr;
+ 	}
+@@ -341,10 +341,10 @@
+ 		loff_t pos = fd_offset;
+ 		/* Fuck me plenty... */
+ 		/* <AOL></AOL> */
+-		error = do_brk(N_TXTADDR(ex), ex.a_text);
++		error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ 		bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ 			  ex.a_text, &pos);
+-		error = do_brk(N_DATADDR(ex), ex.a_data);
++		error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ 		bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
+ 			  ex.a_data, &pos);
+ 		goto beyond_if;
+@@ -365,7 +365,7 @@
+ 		map_size = ex.a_text+ex.a_data;
+ #endif
+ 
+-		error = do_brk(text_addr & PAGE_MASK, map_size);
++		error = do_brk_locked(text_addr & PAGE_MASK, map_size);
+ 		if (error != (text_addr & PAGE_MASK)) {
+ 			send_sig(SIGKILL, current, 0);
+ 			return error;
+@@ -399,7 +399,7 @@
+ 
+ 		if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
+ 			loff_t pos = fd_offset;
+-			do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
++			do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data);
+ 			bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
+ 					ex.a_text+ex.a_data, &pos);
+ 			flush_icache_range((unsigned long) N_TXTADDR(ex),
+@@ -500,7 +500,7 @@
+ 			error_time = jiffies;
+ 		}
+ 
+-		do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
++		do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+ 		
+ 		file->f_op->read(file, (char *)start_addr,
+ 			ex.a_text + ex.a_data, &pos);
+@@ -524,7 +524,7 @@
+ 	len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ 	bss = ex.a_text + ex.a_data + ex.a_bss;
+ 	if (bss > len) {
+-		error = do_brk(start_addr + len, bss - len);
++		error = do_brk_locked(start_addr + len, bss - len);
+ 		retval = error;
+ 		if (error != start_addr + len)
+ 			goto out;
+diff -ur linux-2.4.28-gentoo-r4/fs/binfmt_elf.c linux-2.4.28-gentoo-r5/fs/binfmt_elf.c
+--- linux-2.4.28-gentoo-r4/fs/binfmt_elf.c	2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/fs/binfmt_elf.c	2005-01-07 20:20:46.000000000 +0000
+@@ -88,7 +88,7 @@
+ 	end = ELF_PAGEALIGN(end);
+ 	if (end <= start)
+ 		return;
+-	do_brk(start, end - start);
++	do_brk_locked(start, end - start);
+ }
+ 
+ 
+@@ -370,7 +370,7 @@
+ 
+ 	/* Map the last of the bss segment */
+ 	if (last_bss > elf_bss)
+-		do_brk(elf_bss, last_bss - elf_bss);
++		do_brk_locked(elf_bss, last_bss - elf_bss);
+ 
+ 	*interp_load_addr = load_addr;
+ 	error = ((unsigned long) interp_elf_ex->e_entry) + load_addr;
+@@ -407,7 +407,7 @@
+ 		goto out;
+ 	}
+ 
+-	do_brk(0, text_data);
++	do_brk_locked(0, text_data);
+ 	if (!interpreter->f_op || !interpreter->f_op->read)
+ 		goto out;
+ 	if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0)
+@@ -415,7 +415,7 @@
+ 	flush_icache_range((unsigned long)addr,
+ 	                   (unsigned long)addr + text_data);
+ 
+-	do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
++	do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
+ 		interp_ex->a_bss);
+ 	elf_entry = interp_ex->a_entry;
+ 
+@@ -1271,7 +1271,7 @@
+ 	len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
+ 	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ 	if (bss > len)
+-		do_brk(len, bss - len);
++		do_brk_locked(len, bss - len);
+ 	error = 0;
+ 
+ out_free_ph:
+diff -ur linux-2.4.28-gentoo-r4/include/linux/mm.h linux-2.4.28-gentoo-r5/include/linux/mm.h
+--- linux-2.4.28-gentoo-r4/include/linux/mm.h	2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/include/linux/mm.h	2005-01-07 20:20:32.000000000 +0000
+@@ -601,6 +601,7 @@
+ extern int do_munmap(struct mm_struct *, unsigned long, size_t);
+ 
+ extern unsigned long do_brk(unsigned long, unsigned long);
++extern unsigned long do_brk_locked(unsigned long, unsigned long);
+ 
+ static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev)
+ {
+diff -ur linux-2.4.28-gentoo-r4/kernel/ksyms.c linux-2.4.28-gentoo-r5/kernel/ksyms.c
+--- linux-2.4.28-gentoo-r4/kernel/ksyms.c	2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/kernel/ksyms.c	2005-01-07 20:20:32.000000000 +0000
+@@ -90,6 +90,7 @@
+ EXPORT_SYMBOL(__do_mmap_pgoff);
+ EXPORT_SYMBOL(do_munmap);
+ EXPORT_SYMBOL(do_brk);
++EXPORT_SYMBOL(do_brk_locked);
+ EXPORT_SYMBOL(exit_mm);
+ EXPORT_SYMBOL(exit_files);
+ EXPORT_SYMBOL(exit_fs);
+diff -ur linux-2.4.28-gentoo-r4/mm/mmap.c linux-2.4.28-gentoo-r5/mm/mmap.c
+--- linux-2.4.28-gentoo-r4/mm/mmap.c	2005-01-07 20:33:12.000000000 +0000
++++ linux-2.4.28-gentoo-r5/mm/mmap.c	2005-01-07 20:20:32.000000000 +0000
+@@ -1401,6 +1401,21 @@
+ 	return addr;
+ }
+ 
++/* locking version of do_brk. */
++unsigned long do_brk_locked(unsigned long addr, unsigned long len)
++{
++	unsigned long ret;
++
++	down_write(&current->mm->mmap_sem);
++	ret = do_brk(addr, len);
++	up_write(&current->mm->mmap_sem);
++
++	return ret;
++}
++
++
++
++
+ /* Build the RB tree corresponding to the VMA list. */
+ void build_mmap_rb(struct mm_struct * mm)
+ {
diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.10-77094.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.10-77094.patch
new file mode 100644
index 000000000000..6efea52c29f7
--- /dev/null
+++ b/sys-kernel/ck-sources/files/ck-sources-2.6.10-77094.patch
@@ -0,0 +1,90 @@
+diff -urNp linux-2.6.10/drivers/char/moxa.c linux-2.6.10-new/drivers/char/moxa.c
+--- linux-2.6.10/drivers/char/moxa.c	2005-01-07 10:51:23 -0500
++++ linux-2.6.10-new/drivers/char/moxa.c	2005-01-07 10:51:33 -0500
+@@ -1668,6 +1668,8 @@ int MoxaDriverIoctl(unsigned int cmd, un
+ 		return -EFAULT;
+ 	if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS)
+ 		return -EINVAL;
++	if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff))
++		return -EINVAL;
+ 
+ 	switch(cmd)
+ 	{
+@@ -2822,8 +2824,6 @@ static int moxaload320b(int cardno, unsi
+ 	void __iomem *baseAddr;
+ 	int i;
+ 
+-	if(len > sizeof(moxaBuff))
+-		return -EINVAL;
+ 	if(copy_from_user(moxaBuff, tmp, len))
+ 		return -EFAULT;
+ 	baseAddr = moxaBaseAddr[cardno];
+diff -urNp linux-2.6.10/drivers/block/scsi_ioctl.c linux-2.6.10-new/drivers/block/scsi_ioctl.c
+--- linux-2.6.10/drivers/block/scsi_ioctl.c	2005-01-07 10:51:24 -0500
++++ linux-2.6.10-new/drivers/block/scsi_ioctl.c	2005-01-07 10:51:33 -0500
+@@ -339,7 +339,8 @@ static int sg_scsi_ioctl(struct file *fi
+ 			 struct gendisk *bd_disk, Scsi_Ioctl_Command __user *sic)
+ {
+ 	struct request *rq;
+-	int err, in_len, out_len, bytes, opcode, cmdlen;
++	unsigned int in_len, out_len, bytes, opcode, cmdlen;
++	int err;
+ 	char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
+ 
+ 	/*
+diff -urNp linux-2.6.10/drivers/char/random.c linux-2.6.10-new/drivers/char/random.c
+--- linux-2.6.10/drivers/char/random.c	2005-01-07 10:51:23 -0500
++++ linux-2.6.10-new/drivers/char/random.c	2005-01-07 10:51:33 -0500
+@@ -1912,7 +1912,7 @@ static int poolsize_strategy(ctl_table *
+ 			     void __user *oldval, size_t __user *oldlenp,
+ 			     void __user *newval, size_t newlen, void **context)
+ {
+-	int	len;
++	size_t	len;
+ 	
+ 	sysctl_poolsize = random_state->poolinfo.POOLBYTES;
+ 
+diff -urNp linux-2.6.10/mm/mmap.c linux-2.6.10-new/mm/mmap.c
+--- linux-2.6.10/mm/mmap.c	2004-12-24 22:35:00.000000000 +0100
++++ linux-2.6.10-new/mm/mmap.c	2004-12-27 16:37:47.000000000 +0100
+@@ -1360,6 +1360,13 @@ int expand_stack(struct vm_area_struct *
+ 		vm_unacct_memory(grow);
+ 		return -ENOMEM;
+ 	}
++	if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
++			((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
++			current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
++		anon_vma_unlock(vma);
++		vm_unacct_memory(grow);
++		return -ENOMEM;
++	}
+ 	vma->vm_end = address;
+ 	vma->vm_mm->total_vm += grow;
+ 	if (vma->vm_flags & VM_LOCKED)
+@@ -1422,6 +1429,13 @@ int expand_stack(struct vm_area_struct *
+ 		vm_unacct_memory(grow);
+ 		return -ENOMEM;
+ 	}
++	if ((vma->vm_flags & VM_LOCKED) && !capable(CAP_IPC_LOCK) &&
++			((vma->vm_mm->locked_vm + grow) << PAGE_SHIFT) >
++			current->signal->rlim[RLIMIT_MEMLOCK].rlim_cur) {
++		anon_vma_unlock(vma);
++		vm_unacct_memory(grow);
++		return -ENOMEM;
++	}
+ 	vma->vm_start = address;
+ 	vma->vm_pgoff -= grow;
+ 	vma->vm_mm->total_vm += grow;
+diff -urNp linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+--- linux-2.6.10/net/ipv4/netfilter/ip_conntrack_proto_tcp.c	2005-01-07 10:51:24 -0500
++++ linux-2.6.10-new/net/ipv4/netfilter/ip_conntrack_proto_tcp.c	2005-01-07 10:51:33 -0500
+@@ -906,7 +906,8 @@ static int tcp_packet(struct ip_conntrac
+ 		if (index == TCP_RST_SET
+ 		    && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
+ 		         && conntrack->proto.tcp.last_index <= TCP_SYNACK_SET)
+-		        || conntrack->proto.tcp.last_index == TCP_ACK_SET)
++		        || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
++			 && conntrack->proto.tcp.last_index == TCP_ACK_SET))
+ 		    && after(ntohl(th->ack_seq),
+ 		    	     conntrack->proto.tcp.last_seq)) {
+ 			/* Ignore RST closing down invalid SYN or ACK
diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.10-brk-locked.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.10-brk-locked.patch
new file mode 100644
index 000000000000..6095e844d5f1
--- /dev/null
+++ b/sys-kernel/ck-sources/files/ck-sources-2.6.10-brk-locked.patch
@@ -0,0 +1,303 @@
+diff -ur linux-2.6.10/arch/mips/kernel/irixelf.c linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c
+--- linux-2.6.10/arch/mips/kernel/irixelf.c	2004-12-24 21:35:50.000000000 +0000
++++ linux-2.6.10.plasmaroo/arch/mips/kernel/irixelf.c	2005-01-07 15:36:00.383356800 +0000
+@@ -127,7 +127,7 @@
+ 	end = PAGE_ALIGN(end);
+ 	if (end <= start)
+ 		return;
+-	do_brk(start, end - start);
++	do_brk_locked(start, end - start);
+ }
+ 
+ 
+@@ -375,7 +375,7 @@
+ 
+ 	/* Map the last of the bss segment */
+ 	if (last_bss > len) {
+-		do_brk(len, (last_bss - len));
++		do_brk_locked(len, (last_bss - len));
+ 	}
+ 	kfree(elf_phdata);
+ 
+@@ -562,7 +562,7 @@
+ 	unsigned long v;
+ 	struct prda *pp;
+ 
+-	v =  do_brk (PRDA_ADDRESS, PAGE_SIZE);
++	v =  do_brk_locked (PRDA_ADDRESS, PAGE_SIZE);
+ 
+ 	if (v < 0)
+ 		return;
+@@ -853,7 +853,7 @@
+ 	len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000;
+ 	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ 	if (bss > len)
+-	  do_brk(len, bss-len);
++	  do_brk_locked(len, bss-len);
+ 	kfree(elf_phdata);
+ 	return 0;
+ }
+diff -ur linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c
+--- linux-2.6.10/arch/sparc64/kernel/binfmt_aout32.c	2004-12-24 21:34:45.000000000 +0000
++++ linux-2.6.10.plasmaroo/arch/sparc64/kernel/binfmt_aout32.c	2005-01-07 15:36:00.432349352 +0000
+@@ -49,7 +49,7 @@
+ 	end = PAGE_ALIGN(end);
+ 	if (end <= start)
+ 		return;
+-	do_brk(start, end - start);
++	do_brk_locked(start, end - start);
+ }
+ 
+ /*
+@@ -246,10 +246,10 @@
+ 	if (N_MAGIC(ex) == NMAGIC) {
+ 		loff_t pos = fd_offset;
+ 		/* Fuck me plenty... */
+-		error = do_brk(N_TXTADDR(ex), ex.a_text);
++		error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ 		bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex),
+ 			  ex.a_text, &pos);
+-		error = do_brk(N_DATADDR(ex), ex.a_data);
++		error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ 		bprm->file->f_op->read(bprm->file, (char __user *)N_DATADDR(ex),
+ 			  ex.a_data, &pos);
+ 		goto beyond_if;
+@@ -257,7 +257,7 @@
+ 
+ 	if (N_MAGIC(ex) == OMAGIC) {
+ 		loff_t pos = fd_offset;
+-		do_brk(N_TXTADDR(ex) & PAGE_MASK,
++		do_brk_locked(N_TXTADDR(ex) & PAGE_MASK,
+ 			ex.a_text+ex.a_data + PAGE_SIZE - 1);
+ 		bprm->file->f_op->read(bprm->file, (char __user *)N_TXTADDR(ex),
+ 			  ex.a_text+ex.a_data, &pos);
+@@ -272,7 +272,7 @@
+ 
+ 		if (!bprm->file->f_op->mmap) {
+ 			loff_t pos = fd_offset;
+-			do_brk(0, ex.a_text+ex.a_data);
++			do_brk_locked(0, ex.a_text+ex.a_data);
+ 			bprm->file->f_op->read(bprm->file,
+ 				  (char __user *)N_TXTADDR(ex),
+ 				  ex.a_text+ex.a_data, &pos);
+@@ -389,7 +389,7 @@
+ 	len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ 	bss = ex.a_text + ex.a_data + ex.a_bss;
+ 	if (bss > len) {
+-		error = do_brk(start_addr + len, bss - len);
++		error = do_brk_locked(start_addr + len, bss - len);
+ 		retval = error;
+ 		if (error != start_addr + len)
+ 			goto out;
+diff -Nur linux-2.6.10/arch/x86_64/ia32/ia32_aout.c linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c
+--- linux-2.6.10/arch/x86_64/ia32/ia32_aout.c	2005-01-03 16:17:04.000000000 -0200
++++ linux-2.6.10.plasmaroo/arch/x86_64/ia32/ia32_aout.c	2005-01-03 16:46:53.846823360 -0200
+@@ -115,7 +115,7 @@
+ 	end = PAGE_ALIGN(end);
+ 	if (end <= start)
+ 		return;
+-	do_brk(start, end - start);
++	do_brk_locked(start, end - start);
+ }
+ 
+ #if CORE_DUMP
+@@ -325,7 +325,7 @@
+ 		pos = 32;
+ 		map_size = ex.a_text+ex.a_data;
+ 
+-		error = do_brk(text_addr & PAGE_MASK, map_size);
++		error = do_brk_locked(text_addr & PAGE_MASK, map_size);
+ 		if (error != (text_addr & PAGE_MASK)) {
+ 			send_sig(SIGKILL, current, 0);
+ 			return error;
+@@ -361,7 +361,7 @@
+ 
+ 		if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
+ 			loff_t pos = fd_offset;
+-			do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
++			do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data);
+ 			bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex),
+ 					ex.a_text+ex.a_data, &pos);
+ 			flush_icache_range((unsigned long) N_TXTADDR(ex),
+@@ -470,7 +470,7 @@
+ 		}
+ #endif
+ 
+-		do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
++		do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+ 		
+ 		file->f_op->read(file, (char *)start_addr,
+ 			ex.a_text + ex.a_data, &pos);
+@@ -494,7 +494,7 @@
+ 	len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ 	bss = ex.a_text + ex.a_data + ex.a_bss;
+ 	if (bss > len) {
+-		error = do_brk(start_addr + len, bss - len);
++		error = do_brk_locked(start_addr + len, bss - len);
+ 		retval = error;
+ 		if (error != start_addr + len)
+ 			goto out;
+diff -ur linux-2.6.10/fs/binfmt_aout.c linux-2.6.10.plasmaroo/fs/binfmt_aout.c
+--- linux-2.6.10/fs/binfmt_aout.c	2004-12-24 21:35:50.000000000 +0000
++++ linux-2.6.10.plasmaroo/fs/binfmt_aout.c	2005-01-07 15:36:00.000000000 +0000
+@@ -50,7 +50,7 @@
+ 	start = PAGE_ALIGN(start);
+ 	end = PAGE_ALIGN(end);
+ 	if (end > start) {
+-		unsigned long addr = do_brk(start, end - start);
++		unsigned long addr = do_brk_locked(start, end - start);
+ 		if (BAD_ADDR(addr))
+ 			return addr;
+ 	}
+@@ -323,10 +323,10 @@
+ 		loff_t pos = fd_offset;
+ 		/* Fuck me plenty... */
+ 		/* <AOL></AOL> */
+-		error = do_brk(N_TXTADDR(ex), ex.a_text);
++		error = do_brk_locked(N_TXTADDR(ex), ex.a_text);
+ 		bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex),
+ 			  ex.a_text, &pos);
+-		error = do_brk(N_DATADDR(ex), ex.a_data);
++		error = do_brk_locked(N_DATADDR(ex), ex.a_data);
+ 		bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex),
+ 			  ex.a_data, &pos);
+ 		goto beyond_if;
+@@ -347,7 +347,7 @@
+ 		map_size = ex.a_text+ex.a_data;
+ #endif
+ 
+-		error = do_brk(text_addr & PAGE_MASK, map_size);
++		error = do_brk_locked(text_addr & PAGE_MASK, map_size);
+ 		if (error != (text_addr & PAGE_MASK)) {
+ 			send_sig(SIGKILL, current, 0);
+ 			return error;
+@@ -382,7 +382,7 @@
+ 
+ 		if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) {
+ 			loff_t pos = fd_offset;
+-			do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data);
++			do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data);
+ 			bprm->file->f_op->read(bprm->file,
+ 					(char __user *)N_TXTADDR(ex),
+ 					ex.a_text+ex.a_data, &pos);
+@@ -488,7 +488,7 @@
+ 			error_time = jiffies;
+ 		}
+ 
+-		do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss);
++		do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss);
+ 		
+ 		file->f_op->read(file, (char __user *)start_addr,
+ 			ex.a_text + ex.a_data, &pos);
+@@ -512,7 +512,7 @@
+ 	len = PAGE_ALIGN(ex.a_text + ex.a_data);
+ 	bss = ex.a_text + ex.a_data + ex.a_bss;
+ 	if (bss > len) {
+-		error = do_brk(start_addr + len, bss - len);
++		error = do_brk_locked(start_addr + len, bss - len);
+ 		retval = error;
+ 		if (error != start_addr + len)
+ 			goto out;
+diff -ur linux-2.6.10/fs/binfmt_elf.c linux-2.6.10.plasmaroo/fs/binfmt_elf.c
+--- linux-2.6.10/fs/binfmt_elf.c	2004-12-24 21:34:33.000000000 +0000
++++ linux-2.6.10.plasmaroo/fs/binfmt_elf.c	2005-01-07 15:36:00.000000000 +0000
+@@ -88,7 +88,7 @@
+ 	start = ELF_PAGEALIGN(start);
+ 	end = ELF_PAGEALIGN(end);
+ 	if (end > start) {
+-		unsigned long addr = do_brk(start, end - start);
++		unsigned long addr = do_brk_locked(start, end - start);
+ 		if (BAD_ADDR(addr))
+ 			return addr;
+ 	}
+@@ -408,7 +408,7 @@
+ 
+ 	/* Map the last of the bss segment */
+ 	if (last_bss > elf_bss) {
+-		error = do_brk(elf_bss, last_bss - elf_bss);
++		error = do_brk_locked(elf_bss, last_bss - elf_bss);
+ 		if (BAD_ADDR(error))
+ 			goto out_close;
+ 	}
+@@ -448,7 +448,7 @@
+ 		goto out;
+ 	}
+ 
+-	do_brk(0, text_data);
++	do_brk_locked(0, text_data);
+ 	if (!interpreter->f_op || !interpreter->f_op->read)
+ 		goto out;
+ 	if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0)
+@@ -456,7 +456,7 @@
+ 	flush_icache_range((unsigned long)addr,
+ 	                   (unsigned long)addr + text_data);
+ 
+-	do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
++	do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1),
+ 		interp_ex->a_bss);
+ 	elf_entry = interp_ex->a_entry;
+ 
+@@ -1025,7 +1025,7 @@
+ 	len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1);
+ 	bss = elf_phdata->p_memsz + elf_phdata->p_vaddr;
+ 	if (bss > len)
+-		do_brk(len, bss - len);
++		do_brk_locked(len, bss - len);
+ 	error = 0;
+ 
+ out_free_ph:
+diff -ur linux-2.6.10/include/linux/mm.h linux-2.6.10.plasmaroo/include/linux/mm.h
+--- linux-2.6.10/include/linux/mm.h	2004-12-24 21:33:50.000000000 +0000
++++ linux-2.6.10.plasmaroo/include/linux/mm.h	2005-01-07 15:36:00.000000000 +0000
+@@ -704,6 +704,7 @@
+ extern int do_munmap(struct mm_struct *, unsigned long, size_t);
+ 
+ extern unsigned long do_brk(unsigned long, unsigned long);
++extern unsigned long do_brk_locked(unsigned long, unsigned long);
+ 
+ /* filemap.c */
+ extern unsigned long page_unuse(struct page *);
+diff -ur linux-2.6.10/mm/mmap.c linux-2.6.10.plasmaroo/mm/mmap.c
+--- linux-2.6.10/mm/mmap.c	2004-12-24 21:35:00.000000000 +0000
++++ linux-2.6.10.plasmaroo/mm/mmap.c	2005-01-07 15:36:04.000000000 +0000
+@@ -1826,6 +1826,20 @@
+ 
+ EXPORT_SYMBOL(do_brk);
+ 
++/* locking version of do_brk. */
++unsigned long do_brk_locked(unsigned long addr, unsigned long len)
++{
++	unsigned long ret;
++
++	down_write(&current->mm->mmap_sem);
++	ret = do_brk(addr, len);
++	up_write(&current->mm->mmap_sem);
++
++	return ret;
++}
++
++EXPORT_SYMBOL(do_brk_locked);
++
+ /* Release all mmaps. */
+ void exit_mmap(struct mm_struct *mm)
+ {
+@@ -1952,3 +1966,4 @@
+ 	}
+ 	return new_vma;
+ }
++
+diff -ur linux-2.6.10/mm/nommu.c linux-2.6.10.plasmaroo/mm/nommu.c
+--- linux-2.6.10/mm/nommu.c	2004-12-24 21:35:25.000000000 +0000
++++ linux-2.6.10.plasmaroo/mm/nommu.c	2005-01-07 15:30:24.000000000 +0000
+@@ -557,6 +557,11 @@
+ 	return -ENOMEM;
+ }
+ 
++unsigned long do_brk_locked(unsigned long addr, unsigned long len)
++{
++	return -ENOMEM;
++}
++
+ struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long addr)
+ {
+ 	return NULL;
diff --git a/sys-kernel/ck-sources/files/digest-ck-sources-2.4.28-r1 b/sys-kernel/ck-sources/files/digest-ck-sources-2.4.28-r2
index 6ed8796c30ca..eb0a5120a193 100644
--- a/sys-kernel/ck-sources/files/digest-ck-sources-2.4.28-r1
+++ b/sys-kernel/ck-sources/files/digest-ck-sources-2.4.28-r2
@@ -1,3 +1,3 @@
 MD5 ac7735000d185bc7778c08288760a8a3 linux-2.4.28.tar.bz2 31064046
 MD5 bd4598c4660ddd3e2b95775d5e3cca8c patch-2.4.28-lck1.bz2 384270
-MD5 b3f0e5dab41525e67ed011a73c09fc9f ck-sources-2.4.27-CAN-2004-0814.patch 82216
+MD5 50396cf54380f4525f94bca93e4b5b8a linux-2.4.28-CAN-2004-0814.patch 145448
author	Tim Yamin <plasmaroo@gentoo.org>	2005-01-08 17:30:04 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2005-01-08 17:30:04 +0000
commit	14a2482cdd1eb90eeb6a4879debc86d15b100d64 (patch)
tree	f439946cf825d91559714db44bee18b7f99dd717 /sys-kernel
parent	Stable on hppa. (diff)
download	historical-14a2482cdd1eb90eeb6a4879debc86d15b100d64.tar.gz historical-14a2482cdd1eb90eeb6a4879debc86d15b100d64.tar.bz2 historical-14a2482cdd1eb90eeb6a4879debc86d15b100d64.zip