Add win4lin

sys-kernel/win4lin-sources/ChangeLog

@@ -0,0 +1,198 @@
+# ChangeLog for sys-kernel/win4lin-sources
+# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/ChangeLog,v 1.37 2004/10/21 18:33:36 plasmaroo Exp $
+
+*win4lin-sources-2.6.7-r6 (21 Oct 2004)
+
+  21 Oct 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.6.7-r5.ebuild,
+  +win4lin-sources-2.6.7-r6.ebuild,
+  +files/win4lin-sources-2.6.CAN-2004-0816.patch:
+  Version bumped to address CAN-2004-0816; bug #68375.
+
+  26 Aug 2004; <plasmaroo@gentoo.org> win4lin-sources-2.6.7-r5.ebuild:
+  Marking the 2.6 version as "~x86"; bug #55587.
+
+  23 Aug 2004; Michal Januszewski <spock@gentoo.org>
+  win4lin-sources-2.6.7-r5.ebuild:
+  Updated the ebuild to make use of the explicit patch levels kernel-2 eclass
+  feature.
+
+*win4lin-sources-2.4.26-r6 (10 Aug 2004)
+
+  10 Aug 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.4.26-r5.ebuild,
+  +win4lin-sources-2.4.26-r6.ebuild, -win4lin-sources-2.6.7-r4.ebuild,
+  +win4lin-sources-2.6.7-r5.ebuild,
+  +files/win4lin-sources-2.4.26.cmdlineLeak.patch,
+  +files/win4lin-sources-2.6.cmdlineLeak.patch:
+  Version bump for the /proc/cmdline leak vulnerability; bug #59905.
+
+*win4lin-sources-2.4.26-r5 (08 Aug 2004)
+
+  08 Aug 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.4.26-r4.ebuild,
+  +win4lin-sources-2.4.26-r5.ebuild,
+  +files/win4lin-sources-2.4.26.CAN-2004-0685.patch:
+  Version bump for CAN-2004-0685, bug #59769.
+
+  05 Aug 2004; <plasmaroo@gentoo.org> win4lin-sources-2.6.7-r4.ebuild:
+  Added a fix for bug #58008 to the 2.6 ebuild.
+
+*win4lin-sources-2.6.7-r4 (05 Aug 2004)
+
+  05 Aug 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.4.26-r3.ebuild,
+  +win4lin-sources-2.4.26-r4.ebuild, -win4lin-sources-2.6.7-r3.ebuild,
+  +win4lin-sources-2.6.7-r4.ebuild:
+  Added a patch for the CAN-2004-0415 vulnerability, bug #59378.
+
+*win4lin-sources-2.6.7-r3 (21 Jul 2004)
+
+  21 Jul 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.6.7-r2.ebuild,
+  +win4lin-sources-2.6.7-r3.ebuild,
+  +files/win4lin-sources-2.6.CAN-2004-0596.patch:
+  Version bump for the CAN-2004-0596 issue; bug #57826.
+
+*win4lin-sources-2.4.26-r3 (09 Jul 2004)
+*win4lin-sources-2.6.7-r2 (09 Jul 2004)
+
+  09 Jul 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.4.26-r2.ebuild,
+  +win4lin-sources-2.4.26-r3.ebuild, -win4lin-sources-2.6.7-r1.ebuild,
+  +win4lin-sources-2.6.7-r2.ebuild,
+  +files/win4lin-sources-2.6.ProcPerms.patch,
+  +files/win4lin-sources.CAN-2004-0497.patch:
+  Version bumps for kernel attribute vulnerabilities, bug #56479.
+
+*win4lin-sources-2.6.6-r2 (30 Jun 2004)
+
+  30 Jun 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.6.6-r1.ebuild,
+  +win4lin-sources-2.6.6-r2.ebuild,
+  +files/win4lin-sources-2.6.IPTables-RDoS.patch:
+  Version bump for the 2.6 IPTables RDoS vulnerability; bug #55694.
+
+*win4lin-sources-2.4.26-r2 (29 Jun 2004)
+
+  29 Jun 2004; <plasmaroo@gentoo.org> -win4lin-sources-2.4.26-r1.ebuild,
+  +win4lin-sources-2.4.26-r2.ebuild,
+  +files/win4lin-sources-2.4.26.CAN-2004-0495.patch,
+  +files/win4lin-sources-2.4.26.CAN-2004-0535.patch:
+  Security bump for the CAN-2004-0495 and CAN-2004-0535 vulnerabilities.
+
+*win4lin-sources-2.4.26-r1 (15 Jun 2004)
+
+  15 Jun 2004; <plasmaroo@gentoo.org> +win4lin-sources-2.4.26-r1.ebuild,
+  -win4lin-sources-2.4.26.ebuild, +win4lin-sources-2.6.6-r1.ebuild,
+  -win4lin-sources-2.6.6.ebuild,
+  +files/win4lin-sources-2.4.26.FPULockup-53804.patch,
+  +files/win4lin-sources-2.6.6.FPULockup-53804.patch:
+  Added patches for the FPU-lockup issues; please see bug #58304 for details.
+
+*win4lin-sources-2.4.26 (01 Jun 2004)
+
+  01 Jun 2004; <plasmaroo@gentoo.org> +win4lin-sources-2.4.26.ebuild,
+  +win4lin-sources-2.6.6.ebuild:
+  Version bumps; closes bugs #47881, #48200, and #49976. Old versions
+  removed.
+
+  31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
+  win4lin-sources-2.4.25-r2.ebuild, win4lin-sources-2.6.5-r1.ebuild:
+  Masked win4lin-sources-2.6.5-r1.ebuild broken for ppc.
+
+  31 May 2004; Pieter Van den Abeele <pvdabeel@gentoo.org>
+  win4lin-sources-2.4.25-r2.ebuild:
+  Masked win4lin-sources-2.4.25-r2.ebuild broken for ppc.
+
+  27 Apr 2004; Aron Griffis <agriffis@gentoo.org>
+  win4lin-sources-2.4.25-r2.ebuild:
+  Add inherit eutils.
+
+*win4lin-sources-2.4.25-r2 (17 Apr 2004)
+
+  17 Apr 2004; <plasmaroo@gentoo.org>
+  +files/win4lin-sources-2.4.25.CAN-2004-0177.patch,
+  +files/win4lin-sources-2.4.25.CAN-2004-0178.patch,
+  -win4lin-sources-2.4.25-r1.ebuild, +win4lin-sources-2.4.25-r2.ebuild:
+  Added patches for the CAN-2004-0177 and CAN-2004-0178 vulnerabilities.
+
+  17 Apr 2004; Michael Sterrett <mr_bones_@gentoo.org>
+  win4lin-sources-2.6.5-r1.ebuild:
+  Fixed patch name (bug #48029).
+
+*win4lin-sources-2.6.5-r1 (15 Apr 2004)
+
+  15 Apr 2004; <plasmaroo@gentoo.org> win4lin-sources-2.4.25-r1.ebuild,
+  win4lin-sources-2.6.5-r1.ebuild:
+  Version bump for the CAN-2004-0109 issue; bug #47881. Old versions
+  removed.
+
+  12 Apr 2004; Daniel Ahlberg <aliz@gentoo.org>
+  win4lin-sources-2.4.23-r2.ebuild, win4lin-sources-2.6.2-r1.ebuild:
+  Add eutils to inherit, add IUSE=
+
+*win4lin-sources-2.4.25 (24 Mar 2004)
+
+  24 Mar 2004; <plasmaroo@gentoo.org> win4lin-sources-2.4.25.ebuild:
+  Version bump. Closes bug #45541.
+
+*win4lin-sources-2.4.23-r2 (18 Feb 2004)
+*win4lin-sources-2.6.2-r1 (18 Feb 2004)
+
+  18 Feb 2004; <plasmaroo@gentoo.org> win4lin-sources-2.4.22-r1.ebuild,
+  win4lin-sources-2.4.23-r1.ebuild, win4lin-sources-2.4.23-r2.ebuild,
+  win4lin-sources-2.6.0-r1.ebuild, win4lin-sources-2.6.2-r1.ebuild,
+  files/win4lin-sources-2.4.munmap.patch,
+  files/win4lin-sources-2.6.munmap.patch:
+  Added the patch for the mremap/munmap vulnerability. Bug #42024.
+  Removed vulnerable versions.
+
+*win4lin-sources-2.6.0-r1 (06 Jan 2004)
+
+  06 Jan 2004; <plasmaroo@gentoo.org> win4lin-sources-2.4.20-r1.ebuild,
+  win4lin-sources-2.4.22-r1.ebuild, win4lin-sources-2.4.22.ebuild,
+  win4lin-sources-2.4.23-r1.ebuild, win4lin-sources-2.4.23.ebuild,
+  win4lin-sources-2.6.0-r1.ebuild, win4lin-sources-2.6.0.ebuild,
+  files/win4lin-sources-2.4.CAN-2003-0985.patch,
+  files/win4lin-sources-2.4.rtc_fix.patch,
+  files/win4lin-sources-2.6.CAN-2003-0985.patch:
+  Added patches to address the security vulnerabilities in bugs #37292 and
+  #37317. Removed old unpatched releases and the 2.4.20-r1 release.
+
+*win4lin-sources-2.6.0 (30 Dec 2003)
+
+  30 Dec 2003; <plasmaroo@gentoo.org> win4lin-sources-2.6.0.ebuild:
+  Version bump; closes bug #36747.
+
+*win4lin-sources-2.4.23 (04 Dec 2003)
+
+  04 Dec 2003; <plasmaroo@gentoo.org> win4lin-sources-2.4.23.ebuild:
+  Version bump; this resolves bug ID #35087.
+
+  01 Dec 2003; Brian Jackson <iggy@gentoo.org>
+  win4lin-sources-2.4.20-r1.ebuild, win4lin-sources-2.4.22.ebuild,
+  files/do_brk_fix.patch: Fix the 'do_brk' vulnerability.
+
+  20 Nov 2003; Brandon Low <lostlogic@gentoo.org>
+  win4lin-sources-2.4.20-r1.ebuild, win4lin-sources-2.4.22.ebuild:
+  Move version handling logic to after inherit kernel, or insert it where
+  necessary.
+
+*win4lin-sources-2.4.22 (28 Oct 2003)
+
+  28 Oct 2003; <plasmaroo@gentoo.org> win4lin-sources-2.4.22.ebuild:
+  Version bump. Bug #32088.
+
+  29 Sep 2003; Martin Holzer <mholzer@gentoo.org>
+  win4lin-sources-2.4.20-r1.ebuild:
+  Now uses mirror://kernel.
+
+  17 Dec 2002; Brandon Low <lostlogic@gentoo.org>:
+  Make all kernel-sources SLOT="${KV}"
+
+*win4lin-sources-2.4.20-r1 (12 Dec 2002)
+
+  14 Dec 2002; John Lennard <yakmoose@gentoo.org>; win4lin-sources-2.4.20-r2.ebuild :
+  Fixed the mki-adapter patch line in the ebuild as the mki-adapter module
+  was not being patched into the source tree...
+
+*win4lin-sources-2.4.20-r1 (12 Dec 2002)
+
+  12 Dec 2002; Brandon Low <lostlogic@gentoo.org>; win4lin-sources-2.4.20-r1.ebuild :
+  The first release of the win4lin-sources in Gentoo.  This kernel should 
+  allow licensed or trial users of Win4Lin to run their systems :)

sys-kernel/win4lin-sources/Manifest

@@ -0,0 +1,19 @@
+MD5 8deefecf39c704e907c2c42f810b7b4b ChangeLog 7780
+MD5 608fe99985244b0445f76cee44c9ae14 metadata.xml 290
+MD5 014ba03b3e63507d68b4ea6c5ad65296 win4lin-sources-2.6.7-r6.ebuild 1575
+MD5 1bcdac5843dca353edd3fdd3ab7d787f win4lin-sources-2.4.26-r6.ebuild 2051
+MD5 6d3c92f001f307906b42c86de91d8fd0 files/digest-win4lin-sources-2.6.7-r6 283
+MD5 8204afea1d572b49a4a80d8da4eef0c9 files/win4lin-sources-2.6.CAN-2004-0596.patch 1033
+MD5 c2510fe1891f5a9effb12c2196922206 files/win4lin-sources-2.6.cmdlineLeak.patch 281
+MD5 c9da1bc82b906f6abc648c056e7bf662 files/win4lin-sources-2.4.26.FPULockup-53804.patch 354
+MD5 d1ccc2047be533c992f67270a150a210 files/win4lin-sources-2.4.26.cmdlineLeak.patch 388
+MD5 aa595005721b58929ee55e2e8f4b6ba0 files/win4lin-sources-2.6.CAN-2004-0816.patch 1693
+MD5 dc18e982f8149588a291956481885a8c files/win4lin-sources-2.4.26.CAN-2004-0495.patch 17549
+MD5 60d25ff310fc6abfdce39ec9e47345af files/win4lin-sources-2.4.26.CAN-2004-0685.patch 2809
+MD5 39361f8d16b1fe5891aab62e92f8cd30 files/win4lin-sources-2.6.IPTables-RDoS.patch 390
+MD5 57a8c410c25a71c974158ab331b65640 files/digest-win4lin-sources-2.4.26-r6 277
+MD5 d4a740ae56c2049247083af387a22a85 files/win4lin-sources-2.4.26.CAN-2004-0394.patch 350
+MD5 02c062ec3a11a6a1498cdf0b1716c90a files/win4lin-sources-2.6.6.FPULockup-53804.patch 895
+MD5 0f66013f643c79c97fda489618a4e2fd files/win4lin-sources-2.4.26.CAN-2004-0535.patch 476
+MD5 95708646470a95668e8789cd415844ed files/win4lin-sources.CAN-2004-0497.patch 846
+MD5 b738cb0120a32aa92cfcfdbd564dd21f files/win4lin-sources-2.6.ProcPerms.patch 1368

sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.4.26-r6

@@ -0,0 +1,4 @@
+MD5 88d7aefa03c92739cb70298a0b486e2c linux-2.4.26.tar.bz2 30772389
+MD5 32e4cda45fa0f090dffa157bc4504a4e mki-adapter.patch 181483
+MD5 e9bc95992e489a3f54aabef100e13fcf Kernel-Win4Lin3-2.4.26.patch 23600
+MD5 8f8f2412aacf9a01b5549bf2a9a3bff8 linux-2.4.26-CAN-2004-0415.patch 90145

sys-kernel/win4lin-sources/files/digest-win4lin-sources-2.6.7-r6

@@ -0,0 +1,4 @@
+MD5 a74671ea68b0e3c609e8785ed8497c14 linux-2.6.7.tar.bz2 35092228
+MD5 45347c8bd1a1c791e9a12d1e09162f33 mki-adapter26_1_3_6.patch 127032
+MD5 e5b7ca075f0281509442913cbd09ca26 Kernel-Win4Lin3-2.6.7.patch 26620
+MD5 52996b643afbd6ed9ba38b9483c2cac3 linux-2.6.7-CAN-2004-0415.patch 112612

sys-kernel/win4lin-sources/files/win4lin-sources-2.4.26.CAN-2004-0394.patch

@@ -0,0 +1,11 @@
+--- linux-2.4.22-oM3-orig/kernel/panic.c	Tue Mar 30 15:37:18 2004
++++ linux-2.4.22-oM3-mod/kernel/panic.c	Mon May 17 18:44:01 2004
+@@ -51,7 +51,7 @@
+ 
+ 	bust_spinlocks(1);
+ 	va_start(args, fmt);
+-	vsprintf(buf, fmt, args);
++	vsnprintf(buf, sizeof(buf), fmt, args);
+ 	va_end(args);
+ 	printk(KERN_EMERG "Kernel panic: %s\n",buf);
+ 	if (in_interrupt())

sys-kernel/win4lin-sources/files/win4lin-sources-2.4.26.CAN-2004-0495.patch

@@ -0,0 +1,655 @@
+--- linux/net/decnet/dn_dev.c.bak	Wed Jun 16 14:42:24 2004
++++ linux/net/decnet/dn_dev.c	Wed Jun 16 14:42:34 2004
+@@ -1070,31 +1070,39 @@ int dnet_gifconf(struct net_device *dev,
+ {
+ 	struct dn_dev *dn_db = (struct dn_dev *)dev->dn_ptr;
+ 	struct dn_ifaddr *ifa;
+-	struct ifreq *ifr = (struct ifreq *)buf;
++	char buffer[DN_IFREQ_SIZE];
++	struct ifreq *ifr = (struct ifreq *)buffer;
++	struct sockaddr_dn *addr = (struct sockaddr_dn *)&ifr->ifr_addr;
+ 	int done = 0;
+ 
+ 	if ((dn_db == NULL) || ((ifa = dn_db->ifa_list) == NULL))
+ 		return 0;
+ 
+ 	for(; ifa; ifa = ifa->ifa_next) {
+-		if (!ifr) {
++		if (!buf) {
+ 			done += sizeof(DN_IFREQ_SIZE);
+ 			continue;
+ 		}
+ 		if (len < DN_IFREQ_SIZE)
+ 			return done;
+-		memset(ifr, 0, DN_IFREQ_SIZE);
++		memset(buffer, 0, DN_IFREQ_SIZE);
+ 
+ 		if (ifa->ifa_label)
+ 			strcpy(ifr->ifr_name, ifa->ifa_label);
+ 		else
+ 			strcpy(ifr->ifr_name, dev->name);
+ 
+-		(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_family = AF_DECnet;
+-		(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_len = 2;
+-		(*(dn_address *)(*(struct sockaddr_dn *) &ifr->ifr_addr).sdn_add.a_addr) = ifa->ifa_local;
++		addr->sdn_family = AF_DECnet;
++		addr->sdn_add.a_len = 2;
++		memcpy(addr->sdn_add.a_addr, &ifa->ifa_local,
++			sizeof(dn_address));
+ 
+-		ifr = (struct ifreq *)((char *)ifr + DN_IFREQ_SIZE);
++		if (copy_to_user(buf, buffer, DN_IFREQ_SIZE)) {
++			done = -EFAULT;
++			break;
++		}
++
++		buf  += DN_IFREQ_SIZE;
+ 		len  -= DN_IFREQ_SIZE;
+ 		done += DN_IFREQ_SIZE;
+ 	}
+--- linux-2.4.21/drivers/net/wireless/airo.c	2003-06-13 15:51:35.000000000 +0100
++++ linux-2.4.21/drivers/net/wireless/airo.c.plasmaroo	2004-06-24 11:09:08.260352168 +0100
+@@ -3012,19 +3012,22 @@
+ 			  size_t len,
+ 			  loff_t *offset )
+ {
+-	int i;
+-	int pos;
++	loff_t pos = *offset;
+ 	struct proc_data *priv = (struct proc_data*)file->private_data;
+ 
+-	if( !priv->rbuffer ) return -EINVAL;
++	if (!priv->rbuffer)
++		return -EINVAL;
+ 
+-	pos = *offset;
+-	for( i = 0; i+pos < priv->readlen && i < len; i++ ) {
+-		if (put_user( priv->rbuffer[i+pos], buffer+i ))
+-			return -EFAULT;
+-	}
+-	*offset += i;
+-	return i;
++	if (pos < 0)
++		return -EINVAL;
++	if (pos >= priv->readlen)
++		return 0;
++	if (len > priv->readlen - pos)
++		len = priv->readlen - pos;
++	if (copy_to_user(buffer, priv->rbuffer + pos, len))
++		return -EFAULT;
++	*offset = pos + len;
++	return len;
+ }
+ 
+ /*
+@@ -3036,24 +3039,24 @@
+ 			   size_t len,
+ 			   loff_t *offset )
+ {
+-	int i;
+-	int pos;
++	loff_t pos = *offset;
+ 	struct proc_data *priv = (struct proc_data*)file->private_data;
+ 
+-	if ( !priv->wbuffer ) {
++	if (!priv->wbuffer)
+ 		return -EINVAL;
+-	}
+-
+-	pos = *offset;
+ 
+-	for( i = 0; i + pos <  priv->maxwritelen &&
+-		     i < len; i++ ) {
+-		if (get_user( priv->wbuffer[i+pos], buffer + i ))
+-			return -EFAULT;
+-	}
+-	if ( i+pos > priv->writelen ) priv->writelen = i+file->f_pos;
+-	*offset += i;
+-	return i;
++	if (pos < 0)
++		return -EINVAL;
++	if (pos >= priv->maxwritelen)
++		return 0;
++	if (len > priv->maxwritelen - pos)
++		len = priv->maxwritelen - pos;
++	if (copy_from_user(priv->wbuffer + pos, buffer, len))
++		return -EFAULT;
++	if (pos + len > priv->writelen)
++		priv->writelen = pos + len;
++	*offset = pos + len;
++	return len;
+ }
+ 
+ static int proc_status_open( struct inode *inode, struct file *file ) {
+--- linux/drivers/sound/mpu401.c.bak	Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/mpu401.c	Wed Jun 16 14:42:34 2004
+@@ -1493,14 +1493,16 @@ static unsigned long mpu_timer_get_time(
+ static int mpu_timer_ioctl(int dev, unsigned int command, caddr_t arg)
+ {
+ 	int midi_dev = sound_timer_devs[dev]->devlink;
++	int *p = (int *)arg;
+ 
+ 	switch (command)
+ 	{
+ 		case SNDCTL_TMR_SOURCE:
+ 			{
+ 				int parm;
+-	
+-				parm = *(int *) arg;
++
++				if (get_user(parm, p))
++					return -EFAULT;
+ 				parm &= timer_caps;
+ 
+ 				if (parm != 0)
+@@ -1512,7 +1514,9 @@ static int mpu_timer_ioctl(int dev, unsi
+ 					else if (timer_mode & TMR_MODE_SMPTE)
+ 						mpu_cmd(midi_dev, 0x3d, 0);		/* Use SMPTE sync */
+ 				}
+-				return (*(int *) arg = timer_mode);
++				if (put_user(timer_mode, p))
++					return -EFAULT;
++				return timer_mode;
+ 			}
+ 			break;
+ 
+@@ -1537,10 +1541,13 @@ static int mpu_timer_ioctl(int dev, unsi
+ 			{
+ 				int val;
+ 
+-				val = *(int *) arg;
++				if (get_user(val, p))
++					return -EFAULT;
+ 				if (val)
+ 					set_timebase(midi_dev, val);
+-				return (*(int *) arg = curr_timebase);
++				if (put_user(curr_timebase, p))
++					return -EFAULT;
++				return curr_timebase;
+ 			}
+ 			break;
+ 
+@@ -1549,7 +1556,8 @@ static int mpu_timer_ioctl(int dev, unsi
+ 				int val;
+ 				int ret;
+ 
+-				val = *(int *) arg;
++				if (get_user(val, p))
++					return -EFAULT;
+ 
+ 				if (val)
+ 				{
+@@ -1564,7 +1572,9 @@ static int mpu_timer_ioctl(int dev, unsi
+ 					}
+ 					curr_tempo = val;
+ 				}
+-				return (*(int *) arg = curr_tempo);
++				if (put_user(curr_tempo, p))
++					return -EFAULT;
++				return curr_tempo;
+ 			}
+ 			break;
+ 
+@@ -1572,18 +1582,25 @@ static int mpu_timer_ioctl(int dev, unsi
+ 			{
+ 				int val;
+ 
+-				val = *(int *) arg;
++				if (get_user(val, p))
++					return -EFAULT;
+ 				if (val != 0)		/* Can't change */
+ 					return -EINVAL;
+-				return (*(int *) arg = ((curr_tempo * curr_timebase) + 30) / 60);
++				val = (curr_tempo * curr_timebase + 30) / 60;
++				if (put_user(val, p))
++					return -EFAULT;
++				return val;
+ 			}
+ 			break;
+ 
+ 		case SNDCTL_SEQ_GETTIME:
+-			return (*(int *) arg = curr_ticks);
++			if (put_user(curr_ticks, p))
++				return -EFAULT;
++			return curr_ticks;
+ 
+ 		case SNDCTL_TMR_METRONOME:
+-			metronome_mode = *(int *) arg;
++			if (get_user(metronome_mode, p))
++				return -EFAULT;
+ 			setup_metronome(midi_dev);
+ 			return 0;
+ 
+--- linux/drivers/sound/msnd.c.bak	Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/msnd.c	Wed Jun 16 14:42:34 2004
+@@ -155,13 +155,10 @@ void msnd_fifo_make_empty(msnd_fifo *f)
+ 	f->len = f->tail = f->head = 0;
+ }
+ 
+-int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user)
++int msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len)
+ {
+ 	int count = 0;
+ 
+-	if (f->len == f->n)
+-		return 0;
+-
+ 	while ((count < len) && (f->len != f->n)) {
+ 
+ 		int nwritten;
+@@ -177,11 +174,7 @@ int msnd_fifo_write(msnd_fifo *f, const 
+ 				nwritten = len - count;
+ 		}
+ 
+-		if (user) {
+-			if (copy_from_user(f->data + f->tail, buf, nwritten))
+-				return -EFAULT;
+-		} else
+-			isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten);
++		isa_memcpy_fromio(f->data + f->tail, (unsigned long) buf, nwritten);
+ 
+ 		count += nwritten;
+ 		buf += nwritten;
+@@ -193,13 +186,10 @@ int msnd_fifo_write(msnd_fifo *f, const 
+ 	return count;
+ }
+ 
+-int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user)
++int msnd_fifo_read(msnd_fifo *f, char *buf, size_t len)
+ {
+ 	int count = 0;
+ 
+-	if (f->len == 0)
+-		return f->len;
+-
+ 	while ((count < len) && (f->len > 0)) {
+ 
+ 		int nread;
+@@ -215,11 +205,7 @@ int msnd_fifo_read(msnd_fifo *f, char *b
+ 				nread = len - count;
+ 		}
+ 
+-		if (user) {
+-			if (copy_to_user(buf, f->data + f->head, nread))
+-				return -EFAULT;
+-		} else
+-			isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread);
++		isa_memcpy_toio((unsigned long) buf, f->data + f->head, nread);
+ 
+ 		count += nread;
+ 		buf += nread;
+--- linux/drivers/sound/msnd.h.bak	Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/msnd.h	Wed Jun 16 14:42:34 2004
+@@ -266,8 +266,8 @@ void				msnd_fifo_init(msnd_fifo *f);
+ void				msnd_fifo_free(msnd_fifo *f);
+ int				msnd_fifo_alloc(msnd_fifo *f, size_t n);
+ void				msnd_fifo_make_empty(msnd_fifo *f);
+-int				msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len, int user);
+-int				msnd_fifo_read(msnd_fifo *f, char *buf, size_t len, int user);
++int				msnd_fifo_write(msnd_fifo *f, const char *buf, size_t len);
++int				msnd_fifo_read(msnd_fifo *f, char *buf, size_t len);
+ 
+ int				msnd_wait_TXDE(multisound_dev_t *dev);
+ int				msnd_wait_HC0(multisound_dev_t *dev);
+--- linux/drivers/sound/msnd_pinnacle.c.bak	Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/msnd_pinnacle.c	Wed Jun 16 14:42:34 2004
+@@ -804,7 +804,7 @@ static int dev_release(struct inode *ino
+ 
+ static __inline__ int pack_DARQ_to_DARF(register int bank)
+ {
+-	register int size, n, timeout = 3;
++	register int size, timeout = 3;
+ 	register WORD wTmp;
+ 	LPDAQD DAQD;
+ 
+@@ -825,13 +825,10 @@ static __inline__ int pack_DARQ_to_DARF(
+ 	/* Read data from the head (unprotected bank 1 access okay
+            since this is only called inside an interrupt) */
+ 	outb(HPBLKSEL_1, dev.io + HP_BLKS);
+-	if ((n = msnd_fifo_write(
++	msnd_fifo_write(
+ 		&dev.DARF,
+ 		(char *)(dev.base + bank * DAR_BUFF_SIZE),
+-		size, 0)) <= 0) {
+-		outb(HPBLKSEL_0, dev.io + HP_BLKS);
+-		return n;
+-	}
++		size);
+ 	outb(HPBLKSEL_0, dev.io + HP_BLKS);
+ 
+ 	return 1;
+@@ -853,21 +850,16 @@ static __inline__ int pack_DAPF_to_DAPQ(
+ 		if (protect) {
+ 			/* Critical section: protect fifo in non-interrupt */
+ 			spin_lock_irqsave(&dev.lock, flags);
+-			if ((n = msnd_fifo_read(
++			n = msnd_fifo_read(
+ 				&dev.DAPF,
+ 				(char *)(dev.base + bank_num * DAP_BUFF_SIZE),
+-				DAP_BUFF_SIZE, 0)) < 0) {
+-				spin_unlock_irqrestore(&dev.lock, flags);
+-				return n;
+-			}
++				DAP_BUFF_SIZE);
+ 			spin_unlock_irqrestore(&dev.lock, flags);
+ 		} else {
+-			if ((n = msnd_fifo_read(
++			n = msnd_fifo_read(
+ 				&dev.DAPF,
+ 				(char *)(dev.base + bank_num * DAP_BUFF_SIZE),
+-				DAP_BUFF_SIZE, 0)) < 0) {
+-				return n;
+-			}
++				DAP_BUFF_SIZE);
+ 		}
+ 		if (!n)
+ 			break;
+@@ -894,30 +886,43 @@ static __inline__ int pack_DAPF_to_DAPQ(
+ static int dsp_read(char *buf, size_t len)
+ {
+ 	int count = len;
++	char *page = (char *)__get_free_page(PAGE_SIZE);
++
++	if (!page)
++		return -ENOMEM;
+ 
+ 	while (count > 0) {
+-		int n;
++		int n, k;
+ 		unsigned long flags;
+ 
++		k = PAGE_SIZE;
++		if (k > count)
++			k = count;
++
+ 		/* Critical section: protect fifo in non-interrupt */
+ 		spin_lock_irqsave(&dev.lock, flags);
+-		if ((n = msnd_fifo_read(&dev.DARF, buf, count, 1)) < 0) {
+-			printk(KERN_WARNING LOGNAME ": FIFO read error\n");
+-			spin_unlock_irqrestore(&dev.lock, flags);
+-			return n;
+-		}
++		n = msnd_fifo_read(&dev.DARF, page, k);
+ 		spin_unlock_irqrestore(&dev.lock, flags);
++		if (copy_to_user(buf, page, n)) {
++			free_page((unsigned long)page);
++			return -EFAULT;
++		}
+ 		buf += n;
+ 		count -= n;
+ 
++		if (n == k && count)
++			continue;
++
+ 		if (!test_bit(F_READING, &dev.flags) && dev.mode & FMODE_READ) {
+ 			dev.last_recbank = -1;
+ 			if (chk_send_dsp_cmd(&dev, HDEX_RECORD_START) == 0)
+ 				set_bit(F_READING, &dev.flags);
+ 		}
+ 
+-		if (dev.rec_ndelay)
++		if (dev.rec_ndelay) {
++			free_page((unsigned long)page);
+ 			return count == len ? -EAGAIN : len - count;
++		}
+ 
+ 		if (count > 0) {
+ 			set_bit(F_READBLOCK, &dev.flags);
+@@ -926,41 +931,57 @@ static int dsp_read(char *buf, size_t le
+ 				get_rec_delay_jiffies(DAR_BUFF_SIZE)))
+ 				clear_bit(F_READING, &dev.flags);
+ 			clear_bit(F_READBLOCK, &dev.flags);
+-			if (signal_pending(current))
++			if (signal_pending(current)) {
++				free_page((unsigned long)page);
+ 				return -EINTR;
++			}
+ 		}
+ 	}
+-
++	free_page((unsigned long)page);
+ 	return len - count;
+ }
+ 
+ static int dsp_write(const char *buf, size_t len)
+ {
+ 	int count = len;
++	char *page = (char *)__get_free_page(GFP_KERNEL);
++
++	if (!page)
++		return -ENOMEM;
+ 
+ 	while (count > 0) {
+-		int n;
++		int n, k;
+ 		unsigned long flags;
+ 
++		k = PAGE_SIZE;
++		if (k > count)
++			k = count;
++
++		if (copy_from_user(page, buf, k)) {
++			free_page((unsigned long)page);
++			return -EFAULT;
++		}
++
+ 		/* Critical section: protect fifo in non-interrupt */
+ 		spin_lock_irqsave(&dev.lock, flags);
+-		if ((n = msnd_fifo_write(&dev.DAPF, buf, count, 1)) < 0) {
+-			printk(KERN_WARNING LOGNAME ": FIFO write error\n");
+-			spin_unlock_irqrestore(&dev.lock, flags);
+-			return n;
+-		}
++		n = msnd_fifo_write(&dev.DAPF, page, k);
+ 		spin_unlock_irqrestore(&dev.lock, flags);
+ 		buf += n;
+ 		count -= n;
+ 
++		if (count && n == k)
++			continue;
++
+ 		if (!test_bit(F_WRITING, &dev.flags) && (dev.mode & FMODE_WRITE)) {
+ 			dev.last_playbank = -1;
+ 			if (pack_DAPF_to_DAPQ(1) > 0)
+ 				set_bit(F_WRITING, &dev.flags);
+ 		}
+ 
+-		if (dev.play_ndelay)
++		if (dev.play_ndelay) {
++			free_page((unsigned long)page);
+ 			return count == len ? -EAGAIN : len - count;
++		}
+ 
+ 		if (count > 0) {
+ 			set_bit(F_WRITEBLOCK, &dev.flags);
+@@ -968,11 +989,14 @@ static int dsp_write(const char *buf, si
+ 				&dev.writeblock,
+ 				get_play_delay_jiffies(DAP_BUFF_SIZE));
+ 			clear_bit(F_WRITEBLOCK, &dev.flags);
+-			if (signal_pending(current))
++			if (signal_pending(current)) {
++				free_page((unsigned long)page);
+ 				return -EINTR;
++			}
+ 		}
+ 	}
+ 
++	free_page((unsigned long)page);
+ 	return len - count;
+ }
+ 
+--- linux/drivers/sound/pss.c.bak	Wed Jun 16 14:42:24 2004
++++ linux/drivers/sound/pss.c	Wed Jun 16 14:42:34 2004
+@@ -450,20 +450,36 @@ static void pss_mixer_reset(pss_confdata
+ 	}
+ }
+ 
+-static void arg_to_volume_mono(unsigned int volume, int *aleft)
++static int set_volume_mono(caddr_t p, int *aleft)
+ {
+ 	int left;
++	unsigned volume;
++	if (get_user(volume, (unsigned *)p))
++		return -EFAULT;
+ 	
+-	left = volume & 0x00ff;
++	left = volume & 0xff;
+ 	if (left > 100)
+ 		left = 100;
+ 	*aleft = left;
++	return 0;
+ }
+ 
+-static void arg_to_volume_stereo(unsigned int volume, int *aleft, int *aright)
++static int set_volume_stereo(caddr_t p, int *aleft, int *aright)
+ {
+-	arg_to_volume_mono(volume, aleft);
+-	arg_to_volume_mono(volume >> 8, aright);
++	int left, right;
++	unsigned volume;
++	if (get_user(volume, (unsigned *)p))
++		return -EFAULT;
++
++	left = volume & 0xff;
++	if (left > 100)
++		left = 100;
++	right = (volume >> 8) & 0xff;
++	if (right > 100)
++		right = 100;
++	*aleft = left;
++	*aright = right;
++	return 0;
+ }
+ 
+ static int ret_vol_mono(int left)
+@@ -510,33 +526,38 @@ static int pss_mixer_ioctl (int dev, uns
+ 					return call_ad_mixer(devc, cmd, arg);
+ 				else
+ 				{
+-					if (*(int *)arg != 0)
++					int v;
++					if (get_user(v, (int *)arg))
++						return -EFAULT;
++					if (v != 0)
+ 						return -EINVAL;
+ 					return 0;
+ 				}
+ 			case SOUND_MIXER_VOLUME:
+-				arg_to_volume_stereo(*(unsigned int *)arg, &devc->mixer.volume_l,
+-					&devc->mixer.volume_r); 
++				if (set_volume_stereo(arg,
++					&devc->mixer.volume_l,
++					&devc->mixer.volume_r))
++					return -EFAULT;
+ 				set_master_volume(devc, devc->mixer.volume_l,
+ 					devc->mixer.volume_r);
+ 				return ret_vol_stereo(devc->mixer.volume_l,
+ 					devc->mixer.volume_r);
+ 		  
+ 			case SOUND_MIXER_BASS:
+-				arg_to_volume_mono(*(unsigned int *)arg,
+-					&devc->mixer.bass);
++				if (set_volume_mono(arg, &devc->mixer.bass))
++					return -EFAULT;
+ 				set_bass(devc, devc->mixer.bass);
+ 				return ret_vol_mono(devc->mixer.bass);
+ 		  
+ 			case SOUND_MIXER_TREBLE:
+-				arg_to_volume_mono(*(unsigned int *)arg,
+-					&devc->mixer.treble);
++				if (set_volume_mono(arg, &devc->mixer.treble))
++					return -EFAULT;
+ 				set_treble(devc, devc->mixer.treble);
+ 				return ret_vol_mono(devc->mixer.treble);
+ 		  
+ 			case SOUND_MIXER_SYNTH:
+-				arg_to_volume_mono(*(unsigned int *)arg,
+-					&devc->mixer.synth);
++				if (set_volume_mono(arg, &devc->mixer.synth))
++					return -EFAULT;
+ 				set_synth_volume(devc, devc->mixer.synth);
+ 				return ret_vol_mono(devc->mixer.synth);
+ 		  
+@@ -546,54 +567,67 @@ static int pss_mixer_ioctl (int dev, uns
+ 	}
+ 	else			
+ 	{
++		int val, and_mask = 0, or_mask = 0;
+ 		/*
+ 		 * Return parameters
+ 		 */
+ 		switch (cmdf)
+ 		{
+-
+ 			case SOUND_MIXER_DEVMASK:
+ 				if (call_ad_mixer(devc, cmd, arg) == -EINVAL)
+-					*(int *)arg = 0; /* no mixer devices */
+-				return (*(int *)arg |= SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH);
++					break;
++				and_mask = ~0;
++				or_mask = SOUND_MASK_VOLUME | SOUND_MASK_BASS | SOUND_MASK_TREBLE | SOUND_MASK_SYNTH;
++				break;
+ 		  
+ 			case SOUND_MIXER_STEREODEVS:
+ 				if (call_ad_mixer(devc, cmd, arg) == -EINVAL)
+-					*(int *)arg = 0; /* no stereo devices */
+-				return (*(int *)arg |= SOUND_MASK_VOLUME);
++					break;
++				and_mask = ~0;
++				or_mask = SOUND_MASK_VOLUME;
++				break;
+ 		  
+ 			case SOUND_MIXER_RECMASK:
+ 				if (devc->ad_mixer_dev != NO_WSS_MIXER)
+ 					return call_ad_mixer(devc, cmd, arg);
+-				else
+-					return (*(int *)arg = 0); /* no record devices */
++				break;
+ 
+ 			case SOUND_MIXER_CAPS:
+ 				if (devc->ad_mixer_dev != NO_WSS_MIXER)
+ 					return call_ad_mixer(devc, cmd, arg);
+-				else
+-					return (*(int *)arg = SOUND_CAP_EXCL_INPUT);
++				or_mask = SOUND_CAP_EXCL_INPUT;
++				break;
+ 
+ 			case SOUND_MIXER_RECSRC:
+ 				if (devc->ad_mixer_dev != NO_WSS_MIXER)
+ 					return call_ad_mixer(devc, cmd, arg);
+-				else
+-					return (*(int *)arg = 0); /* no record source */
++				break;
+ 
+ 			case SOUND_MIXER_VOLUME:
+-				return (*(int *)arg = ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r));
++				or_mask =  ret_vol_stereo(devc->mixer.volume_l, devc->mixer.volume_r);
++				break;
+ 			  
+ 			case SOUND_MIXER_BASS:
+-				return (*(int *)arg = ret_vol_mono(devc->mixer.bass));
++				or_mask =  ret_vol_mono(devc->mixer.bass);
++				break;
+ 			  
+ 			case SOUND_MIXER_TREBLE:
+-				return (*(int *)arg = ret_vol_mono(devc->mixer.treble));
++				or_mask = ret_vol_mono(devc->mixer.treble);
++				break;
+ 			  
+ 			case SOUND_MIXER_SYNTH:
+-				return (*(int *)arg = ret_vol_mono(devc->mixer.synth));
++				or_mask = ret_vol_mono(devc->mixer.synth);
++				break;
+ 			default:
+ 				return -EINVAL;
+ 		}
++		if (get_user(val, (int *)arg))
++			return -EFAULT;
++		val &= and_mask;
++		val |= or_mask;
++		if (put_user(val, (int *)arg))
++			return -EFAULT;
++		return val;
+ 	}
+ }
+ 

sys-kernel/win4lin-sources/files/win4lin-sources-2.4.26.CAN-2004-0535.patch

@@ -0,0 +1,12 @@
+--- drivers/net/e1000/e1000_ethtool.c	2003-06-13 15:51:34.000000000 +0100
++++ drivers/net/e1000/e1000_ethtool.c.plasmaroo	2004-06-24 11:23:32.524963976 +0100
+@@ -468,6 +468,9 @@
+ 
+ 		if(copy_from_user(&regs, addr, sizeof(regs)))
+ 			return -EFAULT;
++		memset(regs_buff, 0, sizeof(regs_buff));
++		if (regs.len > E1000_REGS_LEN)
++			regs.len = E1000_REGS_LEN;
+ 		e1000_ethtool_gregs(adapter, &regs, regs_buff);
+ 		if(copy_to_user(addr, &regs, sizeof(regs)))
+ 			return -EFAULT;

sys-kernel/win4lin-sources/files/win4lin-sources-2.4.26.CAN-2004-0685.patch

@@ -0,0 +1,83 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/07/26 19:14:16-03:00 mjc@redhat.com 
+#   [PATCH] USB: more sparse fixes
+#   
+#   Back in October 2003 Arnaldo commited some fixes prior to 2.6 for some leaking info to userspace in the
+#   usb drivers:
+#   http://linux.bkbits.net:8080/linux-2.6/cset@3f986b35LyBKc-OxB8G6k22oOjgYTQ
+#   
+#   The corresponding changes have not been commited to 2.4, or included in
+#   the previous sparse fixes.
+# 
+# drivers/usb/audio.c
+#   2004/07/15 08:46:52-03:00 mjc@redhat.com +4 -0
+#   USB: more sparse fixes
+# 
+# drivers/usb/brlvger.c
+#   2004/07/15 08:47:27-03:00 mjc@redhat.com +1 -0
+#   USB: more sparse fixes
+# 
+# drivers/usb/serial/io_edgeport.c
+#   2004/07/15 08:48:06-03:00 mjc@redhat.com +1 -0
+#   USB: more sparse fixes
+# 
+# drivers/usb/vicam.c
+#   2004/07/15 08:47:13-03:00 mjc@redhat.com +1 -0
+#   USB: more sparse fixes
+# 
+diff -Nru a/drivers/usb/audio.c b/drivers/usb/audio.c
+--- a/drivers/usb/audio.c	2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/audio.c	2004-08-08 07:41:30 -07:00
+@@ -2141,6 +2141,8 @@
+   
+ 	if (cmd == SOUND_MIXER_INFO) {
+ 		mixer_info info;
++
++		memset(&info, 0, sizeof(info));
+ 		strncpy(info.id, "USB_AUDIO", sizeof(info.id));
+ 		strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
+ 		info.modify_counter = ms->modcnt;
+@@ -2150,6 +2152,8 @@
+ 	}
+ 	if (cmd == SOUND_OLD_MIXER_INFO) {
+ 		_old_mixer_info info;
++
++		memset(&info, 0, sizeof(info));
+ 		strncpy(info.id, "USB_AUDIO", sizeof(info.id));
+ 		strncpy(info.name, "USB Audio Class Driver", sizeof(info.name));
+ 		if (copy_to_user((void *)arg, &info, sizeof(info)))
+diff -Nru a/drivers/usb/brlvger.c b/drivers/usb/brlvger.c
+--- a/drivers/usb/brlvger.c	2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/brlvger.c	2004-08-08 07:41:30 -07:00
+@@ -743,6 +743,7 @@
+ 	case BRLVGER_GET_INFO: {
+ 		struct brlvger_info vi;
+ 
++		memset(&vi, 0, sizeof(vi));
+ 		strncpy(vi.driver_version, DRIVER_VERSION,
+ 			sizeof(vi.driver_version));
+ 		vi.driver_version[sizeof(vi.driver_version)-1] = 0;
+diff -Nru a/drivers/usb/serial/io_edgeport.c b/drivers/usb/serial/io_edgeport.c
+--- a/drivers/usb/serial/io_edgeport.c	2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/serial/io_edgeport.c	2004-08-08 07:41:30 -07:00
+@@ -1913,6 +1913,7 @@
+ 
+ 		case TIOCGICOUNT:
+ 			cnow = edge_port->icount;
++			memset(&icount, 0, sizeof(icount));
+ 			icount.cts = cnow.cts;
+ 			icount.dsr = cnow.dsr;
+ 			icount.rng = cnow.rng;
+diff -Nru a/drivers/usb/vicam.c b/drivers/usb/vicam.c
+--- a/drivers/usb/vicam.c	2004-08-08 07:41:30 -07:00
++++ b/drivers/usb/vicam.c	2004-08-08 07:41:30 -07:00
+@@ -481,6 +481,7 @@
+ 			struct video_capability b;
+ 
+ 			DBG("VIDIOCGCAP\n");
++			memset(&b, 0, sizeof(b));
+ 			strcpy(b.name, "ViCam-based Camera");
+ 			b.type = VID_TYPE_CAPTURE;
+ 			b.channels = 1;

sys-kernel/win4lin-sources/files/win4lin-sources-2.4.26.FPULockup-53804.patch

@@ -0,0 +1,11 @@
+--- linux-2.4/include/asm-i386/i387.h	2004-06-13 20:06:05.044881328 +0100
++++ linux-2.4/include/asm-i386/i387.h	2004-06-13 20:25:42.836829736 +0100
+@@ -34,7 +34,7 @@
+ 
+ #define clear_fpu( tsk ) do { \
+ 	if ( tsk->flags & PF_USEDFPU ) { \
+-		asm volatile("fwait"); \
++		asm volatile("fnclex ; fwait"); \
+ 		tsk->flags &= ~PF_USEDFPU; \
+ 		stts(); \
+ 	} \

sys-kernel/win4lin-sources/files/win4lin-sources-2.4.26.cmdlineLeak.patch

@@ -0,0 +1,11 @@
+--- linux-2.4/fs/proc/base.c	2004-04-15 07:09:32.000000000 +0100
++++ linux-2.4/fs/proc/base.c.plasmaroo	2004-08-09 23:30:43.869195800 +0100
+@@ -187,7 +187,7 @@ static int proc_pid_cmdline(struct task_
+ 	if (mm)
+ 		atomic_inc(&mm->mm_users);
+ 	task_unlock(task);
+-	if (mm) {
++	if (mm && mm->arg_end) {
+ 		int len = mm->arg_end - mm->arg_start;
+ 		if (len > PAGE_SIZE)
+ 			len = PAGE_SIZE;

sys-kernel/win4lin-sources/files/win4lin-sources-2.6.6.FPULockup-53804.patch

@@ -0,0 +1,24 @@
+diff -Nru a/include/asm-i386/i387.h b/include/asm-i386/i387.h
+--- a/include/asm-i386/i387.h	2004-05-06 12:26:10 -07:00
++++ b/include/asm-i386/i387.h	2004-06-12 19:12:23 -07:00
+@@ -51,7 +51,7 @@
+ #define __clear_fpu( tsk )					\
+ do {								\
+ 	if ((tsk)->thread_info->status & TS_USEDFPU) {		\
+-		asm volatile("fwait");				\
++		asm volatile("fnclex ; fwait");			\
+ 		(tsk)->thread_info->status &= ~TS_USEDFPU;	\
+ 		stts();						\
+ 	}							\
+diff -Nru a/include/asm-x86_64/i387.h b/include/asm-x86_64/i387.h
+--- a/include/asm-x86_64/i387.h	2004-06-13 20:43:56.742530792 +0100
++++ a/include/asm-x86_64/i387.h	2004-06-13 20:42:59.200278544 +0100
+@@ -46,7 +46,7 @@
+ 
+ #define clear_fpu(tsk) do { \
+ 	if ((tsk)->thread_info->status & TS_USEDFPU) {		\
+-		asm volatile("fwait");				\
++		asm volatile("fnclex; fwait");			\
+ 		(tsk)->thread_info->status &= ~TS_USEDFPU;	\
+ 		stts();						\
+ 	}							\

sys-kernel/win4lin-sources/files/win4lin-sources-2.6.CAN-2004-0596.patch

@@ -0,0 +1,46 @@
+--- 1.13/drivers/net/eql.c	2004-07-21 03:13:40 -07:00
++++ 1.14/drivers/net/eql.c	2004-07-21 03:13:40 -07:00
+@@ -495,6 +495,8 @@
+ 		return -EFAULT;
+ 
+ 	slave_dev = dev_get_by_name(sc.slave_name);
++	if (!slave_dev)
++		return -ENODEV;
+ 
+ 	ret = -EINVAL;
+ 
+@@ -527,11 +529,13 @@
+ 	if (copy_from_user(&sc, scp, sizeof (slave_config_t)))
+ 		return -EFAULT;
+ 
+-	eql = dev->priv;
+ 	slave_dev = dev_get_by_name(sc.slave_name);
++	if (!slave_dev)
++		return -ENODEV;
+ 
+ 	ret = -EINVAL;
+ 
++	eql = dev->priv;
+ 	spin_lock_bh(&eql->queue.lock);
+ 	if (eql_is_slave(slave_dev)) {
+ 		slave = __eql_find_slave_dev(&eql->queue, slave_dev);
+--- 1.14/drivers/net/eql.c	2004-07-21 03:13:33 -07:00
++++ 1.15/drivers/net/eql.c	2004-07-21 03:13:33 -07:00
+@@ -499,6 +499,8 @@
+ 		return -ENODEV;
+ 
+ 	ret = -EINVAL;
++	if (!slave_dev)
++		return ret;
+ 
+ 	spin_lock_bh(&eql->queue.lock);
+ 	if (eql_is_slave(slave_dev)) {
+@@ -534,6 +536,8 @@
+ 		return -ENODEV;
+ 
+ 	ret = -EINVAL;
++	if (!slave_dev)
++		return ret;
+ 
+ 	eql = dev->priv;
+ 	spin_lock_bh(&eql->queue.lock);

sys-kernel/win4lin-sources/files/win4lin-sources-2.6.CAN-2004-0816.patch

@@ -0,0 +1,43 @@
+Subject: Prevent ICMP crash in netfilter logging
+From: Olaf Kirch <okir@suse.de>
+References: 46016
+
+This patch fixes a remotely triggerable crash in the netfilter code
+when looking at ICMP unreachables. It dies when trying to copy
+BIGNUM bytes...
+
+Index: linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv4/netfilter/ipt_LOG.c	2004-02-19 11:36:37.000000000 +0100
++++ linux-2.6.5/net/ipv4/netfilter/ipt_LOG.c	2004-09-24 15:48:54.000000000 +0200
+@@ -71,7 +71,7 @@
+ 		printk("FRAG:%u ", ntohs(iph.frag_off) & IP_OFFSET);
+ 
+ 	if ((info->logflags & IPT_LOG_IPOPT)
+-	    && iph.ihl * 4 != sizeof(struct iphdr)) {
++	    && iph.ihl * 4 > sizeof(struct iphdr)) {
+ 		unsigned char opt[4 * 15 - sizeof(struct iphdr)];
+ 		unsigned int i, optsize;
+ 
+@@ -138,7 +138,7 @@
+ 		printk("URGP=%u ", ntohs(tcph.urg_ptr));
+ 
+ 		if ((info->logflags & IPT_LOG_TCPOPT)
+-		    && tcph.doff * 4 != sizeof(struct tcphdr)) {
++		    && tcph.doff * 4 > sizeof(struct tcphdr)) {
+ 			unsigned char opt[4 * 15 - sizeof(struct tcphdr)];
+ 			unsigned int i, optsize;
+ 
+Index: linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c
+===================================================================
+--- linux-2.6.5.orig/net/ipv6/netfilter/ip6t_LOG.c	2004-09-24 15:47:00.000000000 +0200
++++ linux-2.6.5/net/ipv6/netfilter/ip6t_LOG.c	2004-09-24 15:48:35.000000000 +0200
+@@ -188,7 +188,7 @@
+ 		printk("URGP=%u ", ntohs(tcph->urg_ptr));
+ 
+ 		if ((info->logflags & IP6T_LOG_TCPOPT)
+-		    && tcph->doff * 4 != sizeof(struct tcphdr)) {
++		    && tcph->doff * 4 > sizeof(struct tcphdr)) {
+ 			unsigned int i;
+ 
+ 			/* Max length: 127 "OPT (" 15*4*2chars ") " */

sys-kernel/win4lin-sources/files/win4lin-sources-2.6.IPTables-RDoS.patch

@@ -0,0 +1,11 @@
+--- net/ipv4/netfilter/ip_tables.c.orig	2004-04-04 05:36:47.000000000 +0200
++++ net/ipv4/netfilter/ip_tables.c	2004-06-24 21:24:26.000000000 +0200
+@@ -1461,7 +1461,7 @@
+ 		int *hotdrop)
+ {
+ 	/* tcp.doff is only 4 bits, ie. max 15 * 4 bytes */
+-	char opt[60 - sizeof(struct tcphdr)];
++	u_int8_t opt[60 - sizeof(struct tcphdr)];
+ 	unsigned int i;
+ 
+ 	duprintf("tcp_match: finding option\n");

sys-kernel/win4lin-sources/files/win4lin-sources-2.6.ProcPerms.patch

@@ -0,0 +1,49 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/07/02 18:48:26-07:00 chrisw@osdl.org 
+#   [PATCH] check attr updates in /proc
+#   
+#   Any proc entry with default proc_file_inode_operations allow unauthorized
+#   attribute updates.  This is very dangerous for proc entries that rely
+#   solely on file permissions for open/read/write.
+#   
+#   Signed-off-by: Chris Wright <chrisw@osdl.org>
+#   Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+# 
+# fs/proc/generic.c
+#   2004/07/02 15:47:55-07:00 chrisw@osdl.org +14 -7
+#   check attr updates in /proc
+# 
+diff -Nru a/fs/proc/generic.c b/fs/proc/generic.c
+--- a/fs/proc/generic.c	2004-07-08 17:03:20 -07:00
++++ b/fs/proc/generic.c	2004-07-08 17:03:20 -07:00
+@@ -231,14 +231,21 @@
+ static int proc_notify_change(struct dentry *dentry, struct iattr *iattr)
+ {
+ 	struct inode *inode = dentry->d_inode;
+-	int error = inode_setattr(inode, iattr);
+-	if (!error) {
+-		struct proc_dir_entry *de = PDE(inode);
+-		de->uid = inode->i_uid;
+-		de->gid = inode->i_gid;
+-		de->mode = inode->i_mode;
+-	}
++	struct proc_dir_entry *de = PDE(inode);
++	int error;
+ 
++	error = inode_change_ok(inode, iattr);
++	if (error)
++		goto out;
++
++	error = inode_setattr(inode, iattr);
++	if (error)
++		goto out;
++	
++	de->uid = inode->i_uid;
++	de->gid = inode->i_gid;
++	de->mode = inode->i_mode;
++out:
+ 	return error;
+ }
+ 

sys-kernel/win4lin-sources/files/win4lin-sources-2.6.cmdlineLeak.patch

@@ -0,0 +1,12 @@
+--- linux-2.6.7/fs/proc/base.c~	2004-08-05 10:35:04.411443536 +0200
++++ linux-2.6.7/fs/proc/base.c	2004-08-05 10:35:04.412443384 +0200
+@@ -330,6 +330,9 @@
+ 	if (!mm)
+ 		goto out;
+ 
++	if (!mm->arg_end)
++		goto out;
++	
+  	len = mm->arg_end - mm->arg_start;
+  
+ 	if (len > PAGE_SIZE)

sys-kernel/win4lin-sources/files/win4lin-sources.CAN-2004-0497.patch

@@ -0,0 +1,26 @@
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/07/02 20:55:04-07:00 chrisw@osdl.org 
+#   [PATCH] chown permission check fix for ATTR_GID
+#   
+#   SuSE discovered this problem with chown and ATTR_GID.  Make sure user
+#   is authorized to change the group, CAN-2004-0497.
+# 
+# fs/attr.c
+#   2004/07/02 09:07:32-07:00 chrisw@osdl.org +2 -1
+#   chown permission check fix for ATTR_GID
+# 
+diff -Nru a/fs/attr.c b/fs/attr.c
+--- a/fs/attr.c	2004-07-08 16:35:57 -07:00
++++ b/fs/attr.c	2004-07-08 16:35:57 -07:00
+@@ -35,7 +35,8 @@
+ 
+ 	/* Make sure caller can chgrp. */
+ 	if ((ia_valid & ATTR_GID) &&
+-	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
++	    (current->fsuid != inode->i_uid ||
++	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
+ 	    !capable(CAP_CHOWN))
+ 		goto error;
+ 

sys-kernel/win4lin-sources/metadata.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>kernel</herd>
+<maintainer>
+  <email>plasmaroo@gentoo.org</email>
+</maintainer>
+<maintainer>
+  <email>x86-kernel@gentoo.org</email>
+</maintainer>
+</pkgmetadata>

sys-kernel/win4lin-sources/win4lin-sources-2.4.26-r6.ebuild

@@ -0,0 +1,44 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/win4lin-sources-2.4.26-r6.ebuild,v 1.1 2004/08/10 00:52:17 plasmaroo Exp $
+
+# OKV=original kernel version, KV=patched kernel version.  They can be the same.
+
+IUSE=""
+ETYPE="sources"
+inherit kernel eutils
+OKV="2.4.26"
+EXTRAVERSION="-win4lin-${PR}"
+KV="2.4.26${EXTRAVERSION}"
+
+S=${WORKDIR}/linux-${KV}
+
+DESCRIPTION="Full sources for the Linux kernel, with Win4Lin support."
+SRC_URI="mirror://kernel/linux/kernel/v2.4/linux-${OKV}.tar.bz2
+	 http://www.netraverse.com/member/downloads/files/mki-adapter.patch
+	 http://www.netraverse.com/member/downloads/files/Kernel-Win4Lin3-${OKV}.patch
+	 http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch"
+HOMEPAGE="http://www.kernel.org/ http://www.netraverse.com/"
+KEYWORDS="x86"
+SLOT="${KV}"
+
+src_unpack() {
+	unpack linux-${OKV}.tar.bz2
+	mv linux-${OKV} linux-${KV} || die
+
+	cd linux-${KV}
+	epatch ${DISTDIR}/Kernel-Win4Lin3-${OKV}.patch || die "Error: Win4Lin3 patch failed."
+	ebegin 'Applying mki-adapter.patch'
+	patch -Np1 -i ${DISTDIR}/mki-adapter.patch >/dev/null 2>&1 || die "Error: mki-adapter patch failed."
+	eend $?
+	epatch ${FILESDIR}/${P}.CAN-2004-0394.patch || die "Failed to add the CAN-2004-0394 patch!"
+	epatch ${DISTDIR}/linux-${OKV}-CAN-2004-0415.patch || die "Failed to add the CAN-2004-0415 patch!"
+	epatch ${FILESDIR}/${P}.CAN-2004-0495.patch || die "Failed to add the CAN-2004-0495 patch!"
+	epatch ${FILESDIR}/${PN}.CAN-2004-0497.patch || die "Failed to add the CAN-2004-0497 patch!"
+	epatch ${FILESDIR}/${P}.CAN-2004-0535.patch || die "Failed to add the CAN-2004-0535 patch!"
+	epatch ${FILESDIR}/${P}.CAN-2004-0685.patch || die "Failed to add the CAN-2004-0685 patch!"
+	epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!"
+	epatch ${FILESDIR}/${P}.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
+
+	kernel_universal_unpack
+}

sys-kernel/win4lin-sources/win4lin-sources-2.6.7-r6.ebuild

@@ -0,0 +1,37 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/win4lin-sources/win4lin-sources-2.6.7-r6.ebuild,v 1.1 2004/10/21 18:33:36 plasmaroo Exp $
+
+ETYPE="sources"
+inherit kernel-2
+detect_version
+
+MKI_VERSION='1_3_6'
+UNIPATCH_LIST="
+	${DISTDIR}/Kernel-Win4Lin3-${OKV}.patch
+	${DISTDIR}/linux-${OKV}-CAN-2004-0415.patch
+	${DISTDIR}/mki-adapter26_${MKI_VERSION}.patch:1
+	${FILESDIR}/${PN}.CAN-2004-0497.patch
+	${FILESDIR}/${PN}-2.6.CAN-2004-0596.patch
+	${FILESDIR}/${PN}-2.6.IPTables-RDoS.patch
+	${FILESDIR}/${PN}-2.6.ProcPerms.patch
+	${FILESDIR}/${PN}-2.6.cmdlineLeak.patch
+	${FILESDIR}/${PN}-2.6.CAN-2004-0816.patch"
+
+S=${WORKDIR}/linux-${KV}
+
+DESCRIPTION="Full sources for the 2.6 of the Linux kernel with the Win4Lin patches"
+SRC_URI="mirror://kernel/linux/kernel/v2.6/linux-${OKV}.tar.bz2
+	http://www.netraverse.com/member/downloads/files/mki-adapter26_${MKI_VERSION}.patch
+	http://www.netraverse.com/member/downloads/files/Kernel-Win4Lin3-${OKV}.patch
+	http://dev.gentoo.org/~plasmaroo/patches/kernel/misc/security/linux-${OKV}-CAN-2004-0415.patch"
+
+# Best to keep "~x86" until Win4Lin-5.1.10 is in the tree and stable;
+# bug #55587.
+KEYWORDS="~x86 -*"
+SLOT="${KV}"
+
+K_EXTRAEINFO="If there are issues with this kernel, search http://bugs.gentoo.org/ for an
+existing bug. Only create a new bug if you have not found one that matches
+your issue. It is best to do an advanced search as the initial search has a
+very low yield. Please assign your bugs to x86-kernel@gentoo.org."