diff options
author | 2004-06-25 21:13:15 +0000 | |
---|---|---|
committer | 2004-06-25 21:13:15 +0000 | |
commit | 12e14d04271350efa6516cef2ce65a739bae7a95 (patch) | |
tree | 2bf03018aedb0dc01add45522e47583968bc5a67 /sys-kernel | |
parent | Add depend on automake 1.7.9 to close bug 54498. (Manifest recommit) (diff) | |
download | gentoo-2-12e14d04271350efa6516cef2ce65a739bae7a95.tar.gz gentoo-2-12e14d04271350efa6516cef2ce65a739bae7a95.tar.bz2 gentoo-2-12e14d04271350efa6516cef2ce65a739bae7a95.zip |
Security patch for the CAN-2004-0495 and CAN-2004-0535 vulnerabilities.
Diffstat (limited to 'sys-kernel')
13 files changed, 677 insertions, 258 deletions
diff --git a/sys-kernel/ck-sources/ChangeLog b/sys-kernel/ck-sources/ChangeLog index 16c8a1ceaa09..537e6376087d 100644 --- a/sys-kernel/ck-sources/ChangeLog +++ b/sys-kernel/ck-sources/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-kernel/ck-sources # Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.39 2004/06/24 22:55:31 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.40 2004/06/25 21:13:15 plasmaroo Exp $ + + 25 Jun 2004; <plasmaroo@gentoo.org> ck-sources-2.4.26-r1.ebuild, + -ck-sources-2.6.4-r2.ebuild, +files/ck-sources-2.4.26.CAN-2004-0495.patch, + +files/ck-sources-2.4.26.CAN-2004-0535.patch: + Security patch for the CAN-2004-0495 and CAN-2004-0535 vulnerabilities. Old + 2.6.4 version removed. *ck-sources-2.6.7-r1 (20 Jun 2004) diff --git a/sys-kernel/ck-sources/ck-sources-2.4.26-r1.ebuild b/sys-kernel/ck-sources/ck-sources-2.4.26-r1.ebuild index 14fdcbb41fd9..53891cda90db 100644 --- a/sys-kernel/ck-sources/ck-sources-2.4.26-r1.ebuild +++ b/sys-kernel/ck-sources/ck-sources-2.4.26-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2004 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.26-r1.ebuild,v 1.3 2004/06/24 22:55:31 agriffis Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.26-r1.ebuild,v 1.4 2004/06/25 21:13:15 plasmaroo Exp $ IUSE="" @@ -59,6 +59,8 @@ src_unpack() { bzcat ${DISTDIR}/patch-${KV}.bz2|patch -p1 || die "-lck patch failed!" epatch ${FILESDIR}/${P}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0495.patch || die "Failed to add the CAN-2004-0495 patch!" + epatch ${FILESDIR}/${P}.CAN-2004-0535.patch || die "Failed to add the CAN-2004-0535 patch!" epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!" kernel_universal_unpack } diff --git a/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild b/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild deleted file mode 100644 index 93c60930c4e8..000000000000 --- a/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild +++ /dev/null @@ -1,31 +0,0 @@ -# Copyright 1999-2004 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild,v 1.7 2004/06/24 22:55:31 agriffis Exp $ - -UNIPATCH_LIST="${DISTDIR}/patch-${KV}.bz2 ${FILESDIR}/${P}.CAN-2004-0075.patch ${FILESDIR}/${P}.CAN-2004-0109.patch ${FILESDIR}/${P}.CAN-2004-0181.patch ${FILESDIR}/${P}.CAN-2004-0228.patch ${FILESDIR}/${P}.CAN-2004-0229.patch ${FILESDIR}/${P}.CAN-2004-0427.patch ${FILESDIR}/${P}.FPULockup-53804.patch" -K_PREPATCHED="yes" -UNIPATCH_STRICTORDER="yes" - -K_NOUSENAME="yes" -ETYPE="sources" -inherit kernel-2 -detect_version -IUSE="" - -DESCRIPTION="Full sources for the Stock Linux kernel Con Kolivas's high performance patchset" -HOMEPAGE="http://members.optusnet.com.au/ckolivas/kernel/" -SRC_URI="${KERNEL_URI} http://ck.kolivas.org/patches/2.6/${KV/-ck*/}/${KV}/patch-${KV}.bz2" - -KEYWORDS="~x86 ~ppc" - -pkg_postinst() { - postinst_sources - - ewarn "IMPORTANT:" - ewarn "ptyfs support has now been dropped from devfs and as a" - ewarn "result you are now required to compile this support into" - ewarn "the kernel. You can do so by enabling the following options" - ewarn " Device Drivers -> Character devices -> Unix98 PTY Support" - ewarn " File systems -> Pseudo filesystems -> /dev/pts filesystem." - echo -} diff --git a/sys-kernel/ck-sources/files/ck-sources-2.4.26.CAN-2004-0495.patch b/sys-kernel/ck-sources/files/ck-sources-2.4.26.CAN-2004-0495.patch new file mode 100644 index 000000000000..bea80eac69a9 --- /dev/null +++ b/sys-kernel/ck-sources/files/ck-sources-2.4.26.CAN-2004-0495.patch @@ -0,0 +1,655 @@ +--- linux/net/decnet/dn_dev.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/net/decnet/dn_dev.c Wed Jun 16 14:42:34 2004 +@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev, + { + struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr; + struct dn_ifaddr *ifa; +- struct ifreq *ifr = (struct ifreq *)buf; ++ char buffer[DN_IFREQ_SIZE]; ++ struct ifreq *ifr = (struct ifreq *)buffer; ++ struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr; + int done = 0; + + if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL)) + return 0; + + for(; ifa; ifa = ifa->ifa_next) { +- if (!ifr) { ++ if (!buf) { + done += sizeof(DN_IFREQ_SIZE); + continue; + } + if (len < DN_IFREQ_SIZE) + return done; +- memset(ifr, 0, DN_IFREQ_SIZE); ++ memset(buffer, 0, DN_IFREQ_SIZE); + + if (ifa->ifa_label) + strcpy(ifr->ifr_name, ifa->ifa_label); + else + strcpy(ifr->ifr_name, dev->name); + +- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet; +- (*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2; +- (*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local; ++ addr->sdn_family = AF_DECnet; ++ addr->sdn_add.a_len = 2; ++ memcpy(addr->sdn_add.a_addr, &ifa->ifa_local, ++ sizeof(dn_address)); + +- ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE); ++ if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) { ++ done = -EFAULT; ++ break; ++ } ++ ++ buf += DN_IFREQ_SIZE; + len -= DN_IFREQ_SIZE; + done += DN_IFREQ_SIZE; + } +--- linux-2.4.21/drivers/net/wireless/airo.c 2003-06-13 15:51:35.000000000 +0100 ++++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo 2004-06-24 11:09:08.260352168 +0100 +@@ -3012,19 +3012,22 @@ + size_t len, + loff_t *offset ) + { +- int i; +- int pos; ++ loff_t pos = *offset; + struct proc_data *priv = (struct proc_data*)file->private_data; + +- if( !priv->rbuffer ) return -EINVAL; ++ if (!priv->rbuffer) ++ return -EINVAL; + +- pos = *offset; +- for( i = 0; i+pos < priv->readlen && i < len; i++ ) { +- if (put_user( priv->rbuffer[i+pos], buffer+i )) +- return -EFAULT; +- } +- *offset += i; +- return i; ++ if (pos < 0) ++ return -EINVAL; ++ if (pos >= priv->readlen) ++ return 0; ++ if (len > priv->readlen - pos) ++ len = priv->readlen - pos; ++ if (copy_to_user(buffer, priv->rbuffer + pos, len)) ++ return -EFAULT; ++ *offset = pos + len; ++ return len; + } + + /* +@@ -3036,24 +3039,24 @@ + size_t len, + loff_t *offset ) + { +- int i; +- int pos; ++ loff_t pos = *offset; + struct proc_data *priv = (struct proc_data*)file->private_data; + +- if ( !priv->wbuffer ) { ++ if (!priv->wbuffer) + return -EINVAL; +- } +- +- pos = *offset; + +- for( i = 0; i + pos < priv->maxwritelen && +- i < len; i++ ) { +- if (get_user( priv->wbuffer[i+pos], buffer + i )) +- return -EFAULT; +- } +- if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos; +- *offset += i; +- return i; ++ if (pos < 0) ++ return -EINVAL; ++ if (pos >= priv->maxwritelen) ++ return 0; ++ if (len > priv->maxwritelen - pos) ++ len = priv->maxwritelen - pos; ++ if (copy_from_user(priv->wbuffer + pos, buffer, len)) ++ return -EFAULT; ++ if (pos + len > priv->writelen) ++ priv->writelen = pos + len; ++ *offset = pos + len; ++ return len; + } + + static int proc_status_open( struct inode *inode, struct file *file ) { +--- linux/drivers/sound/mpu401.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/mpu401.c Wed Jun 16 14:42:34 2004 +@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time( + static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg) + { + int midi_dev = sound_timer_devs[dev]->devlink; ++ int *p = (int *)arg; + + switch (command) + { + case SNDCTL_TMR_SOURCE: + { + int parm; +- +- parm = *(int *) arg; ++ ++ if (get_user(parm, p)) ++ return -EFAULT; + parm &= timer_caps; + + if (parm != 0) +@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi + else if (timer_mode & TMR_MODE_SMPTE) + mpu_cmd(midi_dev, 0x3d, 0); /* Use SMPTE sync */ + } +- return (*(int *) arg = timer_mode); ++ if (put_user(timer_mode, p)) ++ return -EFAULT; ++ return timer_mode; + } + break; + +@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi + { + int val; + +- val = *(int *) arg; ++ if (get_user(val, p)) ++ return -EFAULT; + if (val) + set_timebase(midi_dev, val); +- return (*(int *) arg = curr_timebase); ++ if (put_user(curr_timebase, p)) ++ return -EFAULT; ++ return curr_timebase; + } + break; + +@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi + int val; + int ret; + +- val = *(int *) arg; ++ if (get_user(val, p)) ++ return -EFAULT; + + if (val) + { +@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi + } + curr_tempo = val; + } +- return (*(int *) arg = curr_tempo); ++ if (put_user(curr_tempo, p)) ++ return -EFAULT; ++ return curr_tempo; + } + break; + +@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi + { + int val; + +- val = *(int *) arg; ++ if (get_user(val, p)) ++ return -EFAULT; + if (val != 0) /* Can't change */ + return -EINVAL; +- return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60); ++ val = (curr_tempo * curr_timebase + 30) / 60; ++ if (put_user(val, p)) ++ return -EFAULT; ++ return val; + } + break; + + case SNDCTL_SEQ_GETTIME: +- return (*(int *) arg = curr_ticks); ++ if (put_user(curr_ticks, p)) ++ return -EFAULT; ++ return curr_ticks; + + case SNDCTL_TMR_METRONOME: +- metronome_mode = *(int *) arg; ++ if (get_user(metronome_mode, p)) ++ return -EFAULT; + setup_metronome(midi_dev); + return 0; + +--- linux/drivers/sound/msnd.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/msnd.c Wed Jun 16 14:42:34 2004 +@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f) + f->len = f->tail = f->head = 0; + } + +-int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user) ++int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len) + { + int count = 0; + +- if (f->len == f->n) +- return 0; +- + while ((count < len) && (f->len != f->n)) { + + int nwritten; +@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const + nwritten = len - count; + } + +- if (user) { +- if (copy_from_user(f->data + f->tail, buf, nwritten)) +- return -EFAULT; +- } else +- isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); ++ isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten); + + count += nwritten; + buf += nwritten; +@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const + return count; + } + +-int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user) ++int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len) + { + int count = 0; + +- if (f->len == 0) +- return f->len; +- + while ((count < len) && (f->len > 0)) { + + int nread; +@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b + nread = len - count; + } + +- if (user) { +- if (copy_to_user(buf, f->data + f->head, nread)) +- return -EFAULT; +- } else +- isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); ++ isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread); + + count += nread; + buf += nread; +--- linux/drivers/sound/msnd.h.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/msnd.h Wed Jun 16 14:42:34 2004 +@@ -266,8 +266,8 @@ void msnd_fifo_init(msnd_fifo *f); + void msnd_fifo_free(msnd_fifo *f); + int msnd_fifo_alloc(msnd_fifo *f, size_t n); + void msnd_fifo_make_empty(msnd_fifo *f); +-int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user); +-int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user); ++int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len); ++int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len); + + int msnd_wait_TXDE(multisound_dev_t *dev); + int msnd_wait_HC0(multisound_dev_t *dev); +--- linux/drivers/sound/msnd_pinnacle.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/msnd_pinnacle.c Wed Jun 16 14:42:34 2004 +@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino + + static __inline__ int pack_DARQ_to_DARF(register int bank) + { +- register int size, n, timeout = 3; ++ register int size, timeout = 3; + register WORD wTmp; + LPDAQD DAQD; + +@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF( + /* Read data from the head (unprotected bank 1 access okay + since this is only called inside an interrupt) */ + outb(HPBLKSEL_1, dev.io + HP_BLKS); +- if ((n = msnd_fifo_write( ++ msnd_fifo_write( + &dev.DARF, + (char *)(dev.base + bank * DAR_BUFF_SIZE), +- size, 0)) <= 0) { +- outb(HPBLKSEL_0, dev.io + HP_BLKS); +- return n; +- } ++ size); + outb(HPBLKSEL_0, dev.io + HP_BLKS); + + return 1; +@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ( + if (protect) { + /* Critical section: protect fifo in non-interrupt */ + spin_lock_irqsave(&dev.lock, flags); +- if ((n = msnd_fifo_read( ++ n = msnd_fifo_read( + &dev.DAPF, + (char *)(dev.base + bank_num * DAP_BUFF_SIZE), +- DAP_BUFF_SIZE, 0)) < 0) { +- spin_unlock_irqrestore(&dev.lock, flags); +- return n; +- } ++ DAP_BUFF_SIZE); + spin_unlock_irqrestore(&dev.lock, flags); + } else { +- if ((n = msnd_fifo_read( ++ n = msnd_fifo_read( + &dev.DAPF, + (char *)(dev.base + bank_num * DAP_BUFF_SIZE), +- DAP_BUFF_SIZE, 0)) < 0) { +- return n; +- } ++ DAP_BUFF_SIZE); + } + if (!n) + break; +@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ( + static int dsp_read(char *buf, size_t len) + { + int count = len; ++ char *page = (char *)__get_free_page(PAGE_SIZE); ++ ++ if (!page) ++ return -ENOMEM; + + while (count > 0) { +- int n; ++ int n, k; + unsigned long flags; + ++ k = PAGE_SIZE; ++ if (k > count) ++ k = count; ++ + /* Critical section: protect fifo in non-interrupt */ + spin_lock_irqsave(&dev.lock, flags); +- if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) { +- printk(KERN_WARNING LOGNAME ": FIFO read error\n"); +- spin_unlock_irqrestore(&dev.lock, flags); +- return n; +- } ++ n = msnd_fifo_read(&dev.DARF, page, k); + spin_unlock_irqrestore(&dev.lock, flags); ++ if (copy_to_user(buf, page, n)) { ++ free_page((unsigned long)page); ++ return -EFAULT; ++ } + buf += n; + count -= n; + ++ if (n == k && count) ++ continue; ++ + if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) { + dev.last_recbank = -1; + if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0) + set_bit(F_READING, &dev.flags); + } + +- if (dev.rec_ndelay) ++ if (dev.rec_ndelay) { ++ free_page((unsigned long)page); + return count == len ? -EAGAIN : len - count; ++ } + + if (count > 0) { + set_bit(F_READBLOCK, &dev.flags); +@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le + get_rec_delay_jiffies(DAR_BUFF_SIZE))) + clear_bit(F_READING, &dev.flags); + clear_bit(F_READBLOCK, &dev.flags); +- if (signal_pending(current)) ++ if (signal_pending(current)) { ++ free_page((unsigned long)page); + return -EINTR; ++ } + } + } +- ++ free_page((unsigned long)page); + return len - count; + } + + static int dsp_write(const char *buf, size_t len) + { + int count = len; ++ char *page = (char *)__get_free_page(GFP_KERNEL); ++ ++ if (!page) ++ return -ENOMEM; + + while (count > 0) { +- int n; ++ int n, k; + unsigned long flags; + ++ k = PAGE_SIZE; ++ if (k > count) ++ k = count; ++ ++ if (copy_from_user(page, buf, k)) { ++ free_page((unsigned long)page); ++ return -EFAULT; ++ } ++ + /* Critical section: protect fifo in non-interrupt */ + spin_lock_irqsave(&dev.lock, flags); +- if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) { +- printk(KERN_WARNING LOGNAME ": FIFO write error\n"); +- spin_unlock_irqrestore(&dev.lock, flags); +- return n; +- } ++ n = msnd_fifo_write(&dev.DAPF, page, k); + spin_unlock_irqrestore(&dev.lock, flags); + buf += n; + count -= n; + ++ if (count && n == k) ++ continue; ++ + if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) { + dev.last_playbank = -1; + if (pack_DAPF_to_DAPQ(1) > 0) + set_bit(F_WRITING, &dev.flags); + } + +- if (dev.play_ndelay) ++ if (dev.play_ndelay) { ++ free_page((unsigned long)page); + return count == len ? -EAGAIN : len - count; ++ } + + if (count > 0) { + set_bit(F_WRITEBLOCK, &dev.flags); +@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si + &dev.writeblock, + get_play_delay_jiffies(DAP_BUFF_SIZE)); + clear_bit(F_WRITEBLOCK, &dev.flags); +- if (signal_pending(current)) ++ if (signal_pending(current)) { ++ free_page((unsigned long)page); + return -EINTR; ++ } + } + } + ++ free_page((unsigned long)page); + return len - count; + } + +--- linux/drivers/sound/pss.c.bak Wed Jun 16 14:42:24 2004 ++++ linux/drivers/sound/pss.c Wed Jun 16 14:42:34 2004 +@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata + } + } + +-static void arg_to_volume_mono(unsigned int volume, int *aleft) ++static int set_volume_mono(caddr_t p, int *aleft) + { + int left; ++ unsigned volume; ++ if (get_user(volume, (unsigned *)p)) ++ return -EFAULT; + +- left = volume & 0x00ff; ++ left = volume & 0xff; + if (left > 100) + left = 100; + *aleft = left; ++ return 0; + } + +-static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright) ++static int set_volume_stereo(caddr_t p, int *aleft, int *aright) + { +- arg_to_volume_mono(volume, aleft); +- arg_to_volume_mono(volume >> 8, aright); ++ int left, right; ++ unsigned volume; ++ if (get_user(volume, (unsigned *)p)) ++ return -EFAULT; ++ ++ left = volume & 0xff; ++ if (left > 100) ++ left = 100; ++ right = (volume >> 8) & 0xff; ++ if (right > 100) ++ right = 100; ++ *aleft = left; ++ *aright = right; ++ return 0; + } + + static int ret_vol_mono(int left) +@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns + return call_ad_mixer(devc, cmd, arg); + else + { +- if (*(int *)arg != 0) ++ int v; ++ if (get_user(v, (int *)arg)) ++ return -EFAULT; ++ if (v != 0) + return -EINVAL; + return 0; + } + case SOUND_MIXER_VOLUME: +- arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l, +- &devc->mixer.volume_r); ++ if (set_volume_stereo(arg, ++ &devc->mixer.volume_l, ++ &devc->mixer.volume_r)) ++ return -EFAULT; + set_master_volume(devc, devc->mixer.volume_l, + devc->mixer.volume_r); + return ret_vol_stereo(devc->mixer.volume_l, + devc->mixer.volume_r); + + case SOUND_MIXER_BASS: +- arg_to_volume_mono(*(unsigned int *)arg, +- &devc->mixer.bass); ++ if (set_volume_mono(arg, &devc->mixer.bass)) ++ return -EFAULT; + set_bass(devc, devc->mixer.bass); + return ret_vol_mono(devc->mixer.bass); + + case SOUND_MIXER_TREBLE: +- arg_to_volume_mono(*(unsigned int *)arg, +- &devc->mixer.treble); ++ if (set_volume_mono(arg, &devc->mixer.treble)) ++ return -EFAULT; + set_treble(devc, devc->mixer.treble); + return ret_vol_mono(devc->mixer.treble); + + case SOUND_MIXER_SYNTH: +- arg_to_volume_mono(*(unsigned int *)arg, +- &devc->mixer.synth); ++ if (set_volume_mono(arg, &devc->mixer.synth)) ++ return -EFAULT; + set_synth_volume(devc, devc->mixer.synth); + return ret_vol_mono(devc->mixer.synth); + +@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns + } + else + { ++ int val, and_mask = 0, or_mask = 0; + /* + * Return parameters + */ + switch (cmdf) + { +- + case SOUND_MIXER_DEVMASK: + if (call_ad_mixer(devc, cmd, arg) == -EINVAL) +- *(int *)arg = 0; /* no mixer devices */ +- return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH); ++ break; ++ and_mask = ~0; ++ or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH; ++ break; + + case SOUND_MIXER_STEREODEVS: + if (call_ad_mixer(devc, cmd, arg) == -EINVAL) +- *(int *)arg = 0; /* no stereo devices */ +- return (*(int *)arg |= SOUND_MASK_VOLUME); ++ break; ++ and_mask = ~0; ++ or_mask = SOUND_MASK_VOLUME; ++ break; + + case SOUND_MIXER_RECMASK: + if (devc->ad_mixer_dev != NO_WSS_MIXER) + return call_ad_mixer(devc, cmd, arg); +- else +- return (*(int *)arg = 0); /* no record devices */ ++ break; + + case SOUND_MIXER_CAPS: + if (devc->ad_mixer_dev != NO_WSS_MIXER) + return call_ad_mixer(devc, cmd, arg); +- else +- return (*(int *)arg = SOUND_CAP_EXCL_INPUT); ++ or_mask = SOUND_CAP_EXCL_INPUT; ++ break; + + case SOUND_MIXER_RECSRC: + if (devc->ad_mixer_dev != NO_WSS_MIXER) + return call_ad_mixer(devc, cmd, arg); +- else +- return (*(int *)arg = 0); /* no record source */ ++ break; + + case SOUND_MIXER_VOLUME: +- return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r)); ++ or_mask = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r); ++ break; + + case SOUND_MIXER_BASS: +- return (*(int *)arg = ret_vol_mono(devc->mixer.bass)); ++ or_mask = ret_vol_mono(devc->mixer.bass); ++ break; + + case SOUND_MIXER_TREBLE: +- return (*(int *)arg = ret_vol_mono(devc->mixer.treble)); ++ or_mask = ret_vol_mono(devc->mixer.treble); ++ break; + + case SOUND_MIXER_SYNTH: +- return (*(int *)arg = ret_vol_mono(devc->mixer.synth)); ++ or_mask = ret_vol_mono(devc->mixer.synth); ++ break; + default: + return -EINVAL; + } ++ if (get_user(val, (int *)arg)) ++ return -EFAULT; ++ val &= and_mask; ++ val |= or_mask; ++ if (put_user(val, (int *)arg)) ++ return -EFAULT; ++ return val; + } + } + diff --git a/sys-kernel/ck-sources/files/ck-sources-2.4.26.CAN-2004-0535.patch b/sys-kernel/ck-sources/files/ck-sources-2.4.26.CAN-2004-0535.patch new file mode 100644 index 000000000000..669fc5fd32fb --- /dev/null +++ b/sys-kernel/ck-sources/files/ck-sources-2.4.26.CAN-2004-0535.patch @@ -0,0 +1,12 @@ +--- drivers/net/e1000/e1000_ethtool.c 2003-06-13 15:51:34.000000000 +0100 ++++ drivers/net/e1000/e1000_ethtool.c.plasmaroo 2004-06-24 11:23:32.524963976 +0100 +@@ -468,6 +468,9 @@ + + if(copy_from_user(®s, addr, sizeof(regs))) + return -EFAULT; ++ memset(regs_buff, 0, sizeof(regs_buff)); ++ if (regs.len > E1000_REGS_LEN) ++ regs.len = E1000_REGS_LEN; + e1000_ethtool_gregs(adapter, ®s, regs_buff); + if(copy_to_user(addr, ®s, sizeof(regs))) + return -EFAULT; diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0075.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0075.patch deleted file mode 100644 index e131c957cb0a..000000000000 --- a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0075.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- linux-2.6.6-rc1/drivers/usb/media/vicam.c 2004-04-15 11:18:18.000000000 +0200 -+++ linux-2.6.6-rc1-mich/drivers/usb/media/vicam.c 2004-04-15 11:50:02.791604312 +0200 -@@ -612,15 +612,20 @@ vicam_ioctl(struct inode *inode, struct - - case VIDIOCSPICT: - { -- struct video_picture *vp = (struct video_picture *) arg; -- -- DBG("VIDIOCSPICT depth = %d, pal = %d\n", vp->depth, -- vp->palette); -+ struct video_picture vp; -+ -+ if (copy_from_user(&vp, arg, sizeof(vp))) { -+ retval = -EFAULT; -+ break; -+ } -+ -+ DBG("VIDIOCSPICT depth = %d, pal = %d\n", vp.depth, -+ vp.palette); - -- cam->gain = vp->brightness >> 8; -+ cam->gain = vp.brightness >> 8; - -- if (vp->depth != 24 -- || vp->palette != VIDEO_PALETTE_RGB24) -+ if (vp.depth != 24 -+ || vp.palette != VIDEO_PALETTE_RGB24) - retval = -EINVAL; - - break; -@@ -659,7 +659,7 @@ - { - - struct video_window *vw = (struct video_window *) arg; -- DBG("VIDIOCSWIN %d x %d\n", vw->width, vw->height); -+ DBG("VIDIOCSWIN %d x %d\n", vw.width, vw.height); - - if ( vw->width != 320 || vw->height != 240 ) - retval = -EFAULT; diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0109.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0109.patch deleted file mode 100644 index d7726c2e5aaf..000000000000 --- a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0109.patch +++ /dev/null @@ -1,88 +0,0 @@ ---- linux/fs/isofs/rock.c.orig -+++ linux/fs/isofs/rock.c -@@ -14,6 +14,7 @@ - #include <linux/slab.h> - #include <linux/pagemap.h> - #include <linux/smp_lock.h> - #include <linux/buffer_head.h> -+#include <asm/page.h> - - #include "rock.h" -@@ -419,7 +420,7 @@ int parse_rock_ridge_inode_internal(stru - return 0; - } - --static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr) -+static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit) - { - int slen; - int rootflag; -@@ -431,16 +432,25 @@ static char *get_symlink_chunk(char *rpn - rootflag = 0; - switch (slp->flags & ~1) { - case 0: -+ if (slp->len > plimit - rpnt) -+ return NULL; - memcpy(rpnt, slp->text, slp->len); - rpnt+=slp->len; - break; -+ case 2: -+ if (rpnt >= plimit) -+ return NULL; -+ *rpnt++='.'; -+ break; - case 4: -+ if (2 > plimit - rpnt) -+ return NULL; - *rpnt++='.'; -- /* fallthru */ -- case 2: - *rpnt++='.'; - break; - case 8: -+ if (rpnt >= plimit) -+ return NULL; - rootflag = 1; - *rpnt++='/'; - break; -@@ -457,17 +467,23 @@ static char *get_symlink_chunk(char *rpn - * If there is another SL record, and this component - * record isn't continued, then add a slash. - */ -- if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1)) -+ if ((!rootflag) && (rr->u.SL.flags & 1) && -+ !(oldslp->flags & 1)) { -+ if (rpnt >= plimit) -+ return NULL; - *rpnt++='/'; -+ } - break; - } - - /* - * If this component record isn't continued, then append a '/'. - */ -- if (!rootflag && !(oldslp->flags & 1)) -+ if (!rootflag && !(oldslp->flags & 1)) { -+ if (rpnt >= plimit) -+ return NULL; - *rpnt++='/'; -- -+ } - } - return rpnt; - } -@@ -548,7 +564,10 @@ static int rock_ridge_symlink_readpage(s - CHECK_SP(goto out); - break; - case SIG('S', 'L'): -- rpnt = get_symlink_chunk(rpnt, rr); -+ rpnt = get_symlink_chunk(rpnt, rr, -+ link + (PAGE_SIZE - 1)); -+ if (rpnt == NULL) -+ goto out; - break; - case SIG('C', 'E'): - /* This tells is if there is a continuation record */ - - diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0181.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0181.patch deleted file mode 100644 index 4f4742b992f0..000000000000 --- a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0181.patch +++ /dev/null @@ -1,39 +0,0 @@ ---- linux-2.6.3/fs/jfs/jfs_logmgr.c.zy62.orig 2004-02-17 20:57:59.000000000 -0700 -+++ linux-2.6.3/fs/jfs/jfs_logmgr.c 2004-04-02 16:57:38.000000000 -0700 -@@ -1702,7 +1702,7 @@ - lbuf = kmalloc(sizeof(struct lbuf), GFP_KERNEL); - if (lbuf == 0) - goto error; -- lbuf->l_ldata = (char *) __get_free_page(GFP_KERNEL); -+ lbuf->l_ldata = (char *) get_zeroed_page(GFP_KERNEL); - if (lbuf->l_ldata == 0) { - kfree(lbuf); - goto error; ---- linux-2.6.3/fs/jfs/jfs_metapage.c.zy62.orig 2004-02-17 20:57:20.000000000 -0700 -+++ linux-2.6.3/fs/jfs/jfs_metapage.c 2004-04-02 16:29:03.000000000 -0700 -@@ -341,6 +341,10 @@ - } - mp->data = kmap(mp->page) + page_offset; - } -+ -+ if (new) -+ memset(mp->data, 0, PSIZE); -+ - jfs_info("__get_metapage: returning = 0x%p", mp); - return mp; - ---- linux-2.6.3/fs/jfs/super.c.zy62.orig 2004-02-17 20:57:48.000000000 -0700 -+++ linux-2.6.3/fs/jfs/super.c 2004-04-02 17:57:02.903281078 -0700 -@@ -549,11 +549,11 @@ - - if ((flags & (SLAB_CTOR_VERIFY | SLAB_CTOR_CONSTRUCTOR)) == - SLAB_CTOR_CONSTRUCTOR) { -+ memset(jfs_ip, 0, sizeof(struct jfs_inode_info)); - INIT_LIST_HEAD(&jfs_ip->anon_inode_list); - init_rwsem(&jfs_ip->rdwrlock); - init_MUTEX(&jfs_ip->commit_sem); - init_rwsem(&jfs_ip->xattr_sem); -- jfs_ip->atlhead = 0; - jfs_ip->active_ag = -1; - #ifdef CONFIG_JFS_POSIX_ACL - jfs_ip->i_acl = JFS_ACL_NOT_CACHED; diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0228.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0228.patch deleted file mode 100644 index 746ade9ab1c0..000000000000 --- a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0228.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.6.3/drivers/cpufreq/cpufreq_userspace.c.overflow 2004-02-18 04:57:16.000000000 +0100 -+++ linux-2.6.3/drivers/cpufreq/cpufreq_userspace.c 2004-05-14 11:40:37.000000000 +0200 -@@ -168,7 +168,7 @@ cpufreq_procctl(ctl_table *ctl, int writ - { - char buf[16], *p; - int cpu = (int) ctl->extra1; -- int len, left = *lenp; -+ unsigned int len, left = *lenp; - - if (!left || (filp->f_pos && !write) || !cpu_online(cpu)) { - *lenp = 0; diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0229.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0229.patch deleted file mode 100644 index 2b6dfff88e25..000000000000 --- a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0229.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.6.3/drivers/video/fbmem.c.zy67 2004-04-23 07:32:22.000000000 -0400 -+++ linux-2.6.3/drivers/video/fbmem.c 2004-04-23 07:33:09.000000000 -0400 -@@ -1042,7 +1042,7 @@ - case FBIOGETCMAP: - if (copy_from_user(&cmap, (void *) arg, sizeof(cmap))) - return -EFAULT; -- return (fb_copy_cmap(&info->cmap, &cmap, 0)); -+ return (fb_copy_cmap(&info->cmap, &cmap, 2)); - case FBIOPAN_DISPLAY: - if (copy_from_user(&var, (void *) arg, sizeof(var))) - return -EFAULT; diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0427.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0427.patch deleted file mode 100644 index adadefd53db2..000000000000 --- a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0427.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- linux-2.6.3/kernel/fork.c.zy64 2004-04-21 12:26:51.000000000 -0400 -+++ linux-2.6.3/kernel/fork.c 2004-04-21 12:29:34.000000000 -0400 -@@ -1073,6 +1073,8 @@ - exit_namespace(p); - bad_fork_cleanup_mm: - exit_mm(p); -+ if (p->active_mm) -+ mmdrop(p->active_mm); - bad_fork_cleanup_signal: - exit_signal(p); - bad_fork_cleanup_sighand: diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.FPULockup-53804.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.FPULockup-53804.patch deleted file mode 100644 index a813f48ec23b..000000000000 --- a/sys-kernel/ck-sources/files/ck-sources-2.6.4.FPULockup-53804.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -Nru a/include/asm-i386/i387.h b/include/asm-i386/i387.h ---- a/include/asm-i386/i387.h 2004-05-06 12:26:10 -07:00 -+++ b/include/asm-i386/i387.h 2004-06-12 19:12:23 -07:00 -@@ -51,7 +51,7 @@ - #define __clear_fpu( tsk ) \ - do { \ - if ((tsk)->thread_info->status & TS_USEDFPU) { \ -- asm volatile("fwait"); \ -+ asm volatile("fnclex ; fwait"); \ - (tsk)->thread_info->status &= ~TS_USEDFPU; \ - stts(); \ - } \ -diff -Nru a/include/asm-x86_64/i387.h b/include/asm-x86_64/i387.h ---- a/include/asm-x86_64/i387.h 2004-06-13 20:43:56.742530792 +0100 -+++ a/include/asm-x86_64/i387.h 2004-06-13 20:42:59.200278544 +0100 -@@ -46,7 +46,7 @@ - - #define clear_fpu(tsk) do { \ - if ((tsk)->thread_info->status & TS_USEDFPU) { \ -- asm volatile("fwait"); \ -+ asm volatile("fnclex; fwait"); \ - (tsk)->thread_info->status &= ~TS_USEDFPU; \ - stts(); \ - } \ diff --git a/sys-kernel/ck-sources/files/digest-ck-sources-2.6.4-r2 b/sys-kernel/ck-sources/files/digest-ck-sources-2.6.4-r2 deleted file mode 100644 index e553fe45030b..000000000000 --- a/sys-kernel/ck-sources/files/digest-ck-sources-2.6.4-r2 +++ /dev/null @@ -1,2 +0,0 @@ -MD5 335f06eba1e5372ba38a0d2b253629bd linux-2.6.4.tar.bz2 34386912 -MD5 40edea9030e43c48055df9c24a8e37c7 patch-2.6.4-ck2.bz2 704169 |