# ChangeLog for sys-kernel/xen-sources
-# Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.36 2006/12/16 03:55:01 aross Exp $
+# Copyright 1999-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/ChangeLog,v 1.37 2007/01/27 07:44:34 aross Exp $
+
+*xen-sources-2.6.16.28-r2 (27 Jan 2007)
+
+ 27 Jan 2007; Andrew Ross <aross@gentoo.org> +files/CVE-2005-4352.patch,
+ +files/CVE-2006-4572.patch, +files/CVE-2006-5619.patch,
+ +files/CVE-2006-6056.patch, +files/CVE-2006-6060.patch,
+ +files/dvb-core-ule-sndu.patch, +xen-sources-2.6.16.28-r2.ebuild:
+ Security fixes: CVE-2005-4352 (bug #158792), CVE-2006-4572 (bug #154327),
+ CVE-2006-5619 (bug #154323), CVE-2006-6056 (bug #158786), CVE-2006-6060 (bug
+ #155769) and dvb-core (bug #144870)
*xen-sources-2.6.16.28-r1 (16 Dec 2006)
+AUX CVE-2005-4352.patch 391 RMD160 b07dea8156cb170b108120650034b4fcaf1f3077 SHA1 674f939f044d305f1973648420cc24d2e830fc7a SHA256 a4952a6c668cf28254d636e7c40ac8d83caa882bf952bcc0996d8035644318fb
+MD5 47fa422c2de58b41190cd0cbf9964e05 files/CVE-2005-4352.patch 391
+RMD160 b07dea8156cb170b108120650034b4fcaf1f3077 files/CVE-2005-4352.patch 391
+SHA256 a4952a6c668cf28254d636e7c40ac8d83caa882bf952bcc0996d8035644318fb files/CVE-2005-4352.patch 391
+AUX CVE-2006-4572.patch 6223 RMD160 188e61fcf35ecf7ed78532b4eed1403d1e56ed15 SHA1 84fa7d17b7623a0b7641574715f67997cd50c68c SHA256 3869f6a119c922ac96cee82a93ea55adfd72e745f4313dfad784b41448071c19
+MD5 2a988d3d54c2e8512d1119c4570396de files/CVE-2006-4572.patch 6223
+RMD160 188e61fcf35ecf7ed78532b4eed1403d1e56ed15 files/CVE-2006-4572.patch 6223
+SHA256 3869f6a119c922ac96cee82a93ea55adfd72e745f4313dfad784b41448071c19 files/CVE-2006-4572.patch 6223
+AUX CVE-2006-5619.patch 285 RMD160 a0c30a9e43ae478f1c79b0a701857c19752b93c7 SHA1 44cc23ce75be081e15244fcddabc512f106fff40 SHA256 a6a5245f75b03ce4e9368078d8a94f46ede690ab4945ebb7fd0e6164c720765f
+MD5 c5c16a65bbd81c36858aa0542f7707a5 files/CVE-2006-5619.patch 285
+RMD160 a0c30a9e43ae478f1c79b0a701857c19752b93c7 files/CVE-2006-5619.patch 285
+SHA256 a6a5245f75b03ce4e9368078d8a94f46ede690ab4945ebb7fd0e6164c720765f files/CVE-2006-5619.patch 285
+AUX CVE-2006-6056.patch 1945 RMD160 53d08f0519ae52dceb34676bb96db50aae17486c SHA1 24295b88daa088b31c37669d9533d12233887ae4 SHA256 fc4fbfc040645670292e5066d164f13d8fc27780f4eba5dd965a8d52a4651042
+MD5 5e9bbd6326e6aa29e2b9c03171c75d72 files/CVE-2006-6056.patch 1945
+RMD160 53d08f0519ae52dceb34676bb96db50aae17486c files/CVE-2006-6056.patch 1945
+SHA256 fc4fbfc040645670292e5066d164f13d8fc27780f4eba5dd965a8d52a4651042 files/CVE-2006-6056.patch 1945
+AUX CVE-2006-6060.patch 1009 RMD160 cbca5269ae092df03ac4264713b089d5bd21f4ed SHA1 10189c5167ec9f562493d3a8a807b43d40d3bd4a SHA256 e1100a17c22066e783902de9171903ea39c6bcb8749eeced4617f65ff3ac99f1
+MD5 dc98940f230020a2011a70b230354d0f files/CVE-2006-6060.patch 1009
+RMD160 cbca5269ae092df03ac4264713b089d5bd21f4ed files/CVE-2006-6060.patch 1009
+SHA256 e1100a17c22066e783902de9171903ea39c6bcb8749eeced4617f65ff3ac99f1 files/CVE-2006-6060.patch 1009
+AUX dvb-core-ule-sndu.patch 521 RMD160 eb2bf2eda731bb950e7a0193a91da5e1a66026d9 SHA1 f2085d9af6b522c1550368bf4fc62975f443ec28 SHA256 753d0cb8b908ef2dded700ec93ea8356a00f1ffe52f6d969af82f71df2c3cfc2
+MD5 65d3a003106b0562faf7fca509a37f33 files/dvb-core-ule-sndu.patch 521
+RMD160 eb2bf2eda731bb950e7a0193a91da5e1a66026d9 files/dvb-core-ule-sndu.patch 521
+SHA256 753d0cb8b908ef2dded700ec93ea8356a00f1ffe52f6d969af82f71df2c3cfc2 files/dvb-core-ule-sndu.patch 521
AUX xen-sources-2.6.16.28-CVE-2006-3468.patch 3700 RMD160 6f4f016f1e8586384824803228729490e15478c4 SHA1 8409d2d61224c3ca6c8341baed9de4a0e28bb04b SHA256 235e7d34d6545480e6fa1e1e190860ed2c081d7890bb6532c0aad2d973084fdc
MD5 07597cf53abbd6bf2a90bba4c514a8fb files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700
RMD160 6f4f016f1e8586384824803228729490e15478c4 files/xen-sources-2.6.16.28-CVE-2006-3468.patch 3700
DIST linux-2.6.16.tar.bz2 40845005 RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 SHA1 bef21cd5063a648f33a99a26f4742dd05eb4dca2 SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7
DIST patch-2.6.16.28.bz2 76693 RMD160 5235c0b5f9665a279f5bf5d42f942cef215e822f SHA1 7b1d450cf300ec6788919e4b5601389e258d28cc SHA256 6b05fd7121a86a5a6cfd0177200259eeb9a3d276a3cb16ba8cf2acdd747fa6be
DIST xen-3.0.2-src.tgz 4933621 RMD160 34e4431a981891319f8a5ea0c3f604e7d8d7d7af SHA1 b7e797048b516f8b385afd3da9ae2eded1b8033a SHA256 f18ffab16a457fa721d11933c75f8288f6958c88c2669857c7c11d5107ba2951
+DIST xen-sources-2.6.16.28-3.0.2.patch.bz2 467924 RMD160 8b62dc416b08e4ef4a10add18b3287eef856c613 SHA1 56ae78337b7754031aa82cf64b277ff6e320f5a0 SHA256 0f3400e1c877b765fc62453664b80cf2e51002299476d532fe8f6af6db0fdb99
EBUILD xen-sources-2.6.16.28-r1.ebuild 1617 RMD160 6f916500b3f8b0127d57fced94c8fbbc515e3374 SHA1 7f9f57a0a7b9c0d1c629e7d086bfcef21496e4f9 SHA256 72332a391cff4553dc0f4da8d85f3204b310ab5660d46181f0d3349501bc99d9
MD5 29d2470766f3717e27ef32f61422fe23 xen-sources-2.6.16.28-r1.ebuild 1617
RMD160 6f916500b3f8b0127d57fced94c8fbbc515e3374 xen-sources-2.6.16.28-r1.ebuild 1617
SHA256 72332a391cff4553dc0f4da8d85f3204b310ab5660d46181f0d3349501bc99d9 xen-sources-2.6.16.28-r1.ebuild 1617
+EBUILD xen-sources-2.6.16.28-r2.ebuild 894 RMD160 9806044184bb7196e0f43171b6554d9565cdd4ec SHA1 22f16d46b752b7c0f6488ee1211fbbe09009f18f SHA256 80f0fb0985bdea1416e8f9523680f9809a5373573a9419cf6f4160bb1920c8c1
+MD5 a396b3c7d91c019451119f3e33765041 xen-sources-2.6.16.28-r2.ebuild 894
+RMD160 9806044184bb7196e0f43171b6554d9565cdd4ec xen-sources-2.6.16.28-r2.ebuild 894
+SHA256 80f0fb0985bdea1416e8f9523680f9809a5373573a9419cf6f4160bb1920c8c1 xen-sources-2.6.16.28-r2.ebuild 894
EBUILD xen-sources-2.6.16.28.ebuild 1612 RMD160 e10fd59aae61b3c1c1d256053c166b47b7f575c7 SHA1 afad39fe7539a2796593edc95be1d498be995ff8 SHA256 1579641cae4d4e6cf4ce1c11f4b860b36d2b01ae81ea2ae64e49eb1decb7804c
MD5 cdd1574a18b704893fa9dee6e63e59a9 xen-sources-2.6.16.28.ebuild 1612
RMD160 e10fd59aae61b3c1c1d256053c166b47b7f575c7 xen-sources-2.6.16.28.ebuild 1612
SHA256 1579641cae4d4e6cf4ce1c11f4b860b36d2b01ae81ea2ae64e49eb1decb7804c xen-sources-2.6.16.28.ebuild 1612
-MISC ChangeLog 6043 RMD160 bbcfb377cc5666cc3ea865e42567c9fdd82a34f9 SHA1 b57d2dadc0f795bb859b7ba0b0daac25ffb82118 SHA256 b0474c2ccd1f27707a3fd06fdf6e2f6e639bee6265b5b9fe7ff469b3ba6c11d3
-MD5 a1197d40eb0160070c369790e263592d ChangeLog 6043
-RMD160 bbcfb377cc5666cc3ea865e42567c9fdd82a34f9 ChangeLog 6043
-SHA256 b0474c2ccd1f27707a3fd06fdf6e2f6e639bee6265b5b9fe7ff469b3ba6c11d3 ChangeLog 6043
+MISC ChangeLog 6536 RMD160 8b62cbeb347332fc0c72503066c7d09b354312b9 SHA1 4bb641adaddbfd5aef8016dbbb4eba3a4f6c3050 SHA256 e433ffda58ef920e34b44083627fc7bf65ee049e925aef9e4fdfc88ff67d3b77
+MD5 33f7e63ab31acfd2092c8e8283add39f ChangeLog 6536
+RMD160 8b62cbeb347332fc0c72503066c7d09b354312b9 ChangeLog 6536
+SHA256 e433ffda58ef920e34b44083627fc7bf65ee049e925aef9e4fdfc88ff67d3b77 ChangeLog 6536
MISC metadata.xml 156 RMD160 bb062b1ba5554779dcfd0e73baf533ce9fbcdf68 SHA1 e6da014f2004758c7a806592ef9450489eebf593 SHA256 4a030777459245372bda9f7925f3a5ed3ef2b29b77e1a2971f3400ac2059b1e2
MD5 559b4095659a2a2a489784de8a6ef95e metadata.xml 156
RMD160 bb062b1ba5554779dcfd0e73baf533ce9fbcdf68 metadata.xml 156
MD5 577d28e423cb641a10a19426dd7d4b75 files/digest-xen-sources-2.6.16.28-r1 717
RMD160 733fddcdf423e30d8e952092cf4d2d2b8ecae621 files/digest-xen-sources-2.6.16.28-r1 717
SHA256 432b14d8eb07be2c7b17c028a5724598eae329997631a5bd3cee8251eec694bb files/digest-xen-sources-2.6.16.28-r1 717
+MD5 e2dae1c1afad19bc2176f26ce227e357 files/digest-xen-sources-2.6.16.28-r2 774
+RMD160 09ae69cf9d8371ce2c029550634638bc90c97aea files/digest-xen-sources-2.6.16.28-r2 774
+SHA256 762405cda08757f9ac33201f825a9997a64a4aef2daf78afc9890e2a10c520fc files/digest-xen-sources-2.6.16.28-r2 774
--- /dev/null
+--- security/seclvl.c-original 2007-01-27 14:14:55.000000000 +1100
++++ security/seclvl.c 2007-01-27 14:16:12.000000000 +1100
+@@ -381,6 +381,8 @@
+ current->group_leader->pid);
+ return -EPERM;
+ } /* if attempt to decrement time */
++ if (tv->tv_sec > 1924988400) /* disallow dates after 2030) */
++ return -EPERM; /* CVE-2005-4352 */
+ } /* if seclvl > 1 */
+ return 0;
+ }
--- /dev/null
+From: Patrick McHardy <kaber@trash.net>
+Date: Sun, 5 Nov 2006 08:04:23 +0000 (+0100)
+Subject: [NETFILTER]: Fix ip6_tables extension header bypass bug (CVE-2006-4572)
+X-Git-Tag: v2.6.16.31-rc1^0~1
+X-Git-Url: http://www.kernel.org/git/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-2.6.16.y.git;a=commitdiff_plain;h=0ddfcc96928145d6a6425fdd26dad6abfe7f891d;hp=6ac62be885810e1f8390f0c3b9d3ee451d3d3f19
+
+[NETFILTER]: Fix ip6_tables extension header bypass bug (CVE-2006-4572)
+
+As reported by Mark Dowd <Mark_Dowd@McAfee.com>, ip6_tables is susceptible
+to a fragmentation attack causing false negatives on extension header
+matches.
+
+When extension headers occur in the non-first fragment after the fragment
+header (possibly with an incorrect nexthdr value in the fragment header)
+a rule looking for this extension header will never match.
+
+Drop fragments that are at offset 0 and don't contain the final protocol
+header regardless of the ruleset, since this should not happen normally.
+Since all extension headers are before the protocol header this makes sure
+an extension header is either not present or in the first fragment, where
+we can properly parse it.
+
+With help from Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>.
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Adrian Bunk <bunk@stusta.de>
+---
+
+diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
+index a3e3da1..e2bb9ac 100644
+--- a/net/ipv6/netfilter/ip6_tables.c
++++ b/net/ipv6/netfilter/ip6_tables.c
+@@ -1447,6 +1447,9 @@ static void __exit fini(void)
+ * If target header is found, its offset is set in *offset and return protocol
+ * number. Otherwise, return -1.
+ *
++ * If the first fragment doesn't contain the final protocol header or
++ * NEXTHDR_NONE it is considered invalid.
++ *
+ * Note that non-1st fragment is special case that "the protocol number
+ * of last header" is "next header" field in Fragment header. In this case,
+ * *offset is meaningless and fragment offset is stored in *fragoff if fragoff
+@@ -1470,12 +1473,12 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
+ if ((!ipv6_ext_hdr(nexthdr)) || nexthdr == NEXTHDR_NONE) {
+ if (target < 0)
+ break;
+- return -1;
++ return -ENOENT;
+ }
+
+ hp = skb_header_pointer(skb, start, sizeof(_hdr), &_hdr);
+ if (hp == NULL)
+- return -1;
++ return -EBADMSG;
+ if (nexthdr == NEXTHDR_FRAGMENT) {
+ unsigned short _frag_off, *fp;
+ fp = skb_header_pointer(skb,
+@@ -1484,7 +1487,7 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
+ sizeof(_frag_off),
+ &_frag_off);
+ if (fp == NULL)
+- return -1;
++ return -EBADMSG;
+
+ _frag_off = ntohs(*fp) & ~0x7;
+ if (_frag_off) {
+@@ -1495,7 +1498,7 @@ int ipv6_find_hdr(const struct sk_buff *skb, unsigned int *offset,
+ *fragoff = _frag_off;
+ return hp->nexthdr;
+ }
+- return -1;
++ return -ENOENT;
+ }
+ hdrlen = 8;
+ } else if (nexthdr == NEXTHDR_AUTH)
+diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
+index 219a303..002b8a1 100644
+--- a/net/ipv6/netfilter/ip6t_ah.c
++++ b/net/ipv6/netfilter/ip6t_ah.c
+@@ -53,9 +53,14 @@ match(const struct sk_buff *skb,
+ const struct ip6t_ah *ahinfo = matchinfo;
+ unsigned int ptr;
+ unsigned int hdrlen = 0;
++ int err;
+
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL) < 0)
++ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_AUTH, NULL);
++ if (err < 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
+ return 0;
++ }
+
+ ah = skb_header_pointer(skb, ptr, sizeof(_ah), &_ah);
+ if (ah == NULL) {
+diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
+index b4c153a..2441228 100644
+--- a/net/ipv6/netfilter/ip6t_dst.c
++++ b/net/ipv6/netfilter/ip6t_dst.c
+@@ -69,13 +69,18 @@ match(const struct sk_buff *skb,
+ u8 _opttype, *tp = NULL;
+ u8 _optlen, *lp = NULL;
+ unsigned int optlen;
++ int err;
+
+ #if HOPBYHOP
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0)
++ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL);
+ #else
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL) < 0)
++ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL);
+ #endif
++ if (err < 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
+ return 0;
++ }
+
+ oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
+ if (oh == NULL) {
+diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
+index 4c14125..185f583 100644
+--- a/net/ipv6/netfilter/ip6t_frag.c
++++ b/net/ipv6/netfilter/ip6t_frag.c
+@@ -51,9 +51,14 @@ match(const struct sk_buff *skb,
+ struct frag_hdr _frag, *fh;
+ const struct ip6t_frag *fraginfo = matchinfo;
+ unsigned int ptr;
++ int err;
+
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL) < 0)
++ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_FRAGMENT, NULL);
++ if (err < 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
+ return 0;
++ }
+
+ fh = skb_header_pointer(skb, ptr, sizeof(_frag), &_frag);
+ if (fh == NULL) {
+diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
+index 37a8474..af56eaf 100644
+--- a/net/ipv6/netfilter/ip6t_hbh.c
++++ b/net/ipv6/netfilter/ip6t_hbh.c
+@@ -69,13 +69,18 @@ match(const struct sk_buff *skb,
+ u8 _opttype, *tp = NULL;
+ u8 _optlen, *lp = NULL;
+ unsigned int optlen;
++ int err;
+
+ #if HOPBYHOP
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL) < 0)
++ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_HOP, NULL);
+ #else
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL) < 0)
++ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_DEST, NULL);
+ #endif
++ if (err < 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
+ return 0;
++ }
+
+ oh = skb_header_pointer(skb, ptr, sizeof(_optsh), &_optsh);
+ if (oh == NULL) {
+diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
+index 8f82476..537b311 100644
+--- a/net/ipv6/netfilter/ip6t_rt.c
++++ b/net/ipv6/netfilter/ip6t_rt.c
+@@ -57,9 +57,14 @@ match(const struct sk_buff *skb,
+ unsigned int hdrlen = 0;
+ unsigned int ret = 0;
+ struct in6_addr *ap, _addr;
++ int err;
+
+- if (ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL) < 0)
++ err = ipv6_find_hdr(skb, &ptr, NEXTHDR_ROUTING, NULL);
++ if (err < 0) {
++ if (err != -ENOENT)
++ *hotdrop = 1;
+ return 0;
++ }
+
+ rh = skb_header_pointer(skb, ptr, sizeof(_route), &_route);
+ if (rh == NULL) {
--- /dev/null
+--- net/ipv6/ip6_flowlabel.c-original 2007-01-27 15:31:44.000000000 +1100
++++ net/ipv6/ip6_flowlabel.c 2007-01-27 15:32:16.000000000 +1100
+@@ -589,6 +589,8 @@
+ while (!fl) {
+ if (++state->bucket <= FL_HASH_MASK)
+ fl = fl_ht[state->bucket];
++ else
++ break;
+ }
+ return fl;
+ }
--- /dev/null
+From: Eric Sandeen <sandeen@redhat.com>
+Date: Thu, 16 Nov 2006 09:19:22 +0000 (-0800)
+Subject: [PATCH] hfs_fill_super returns success even if no root inode
+X-Git-Tag: v2.6.19
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=d6ddf55440833fd9404138026af246c51ebeef22
+
+[PATCH] hfs_fill_super returns success even if no root inode
+
+http://kernelfun.blogspot.com/2006/11/mokb-14-11-2006-linux-26x-selinux.html
+
+mount that image...
+fs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only.
+hfs: get root inode failed.
+BUG: unable to handle kernel NULL pointer dereference at virtual address 00000018
+ printing eip
+...
+EIP is at superblock_doinit+0x21/0x767
+...
+ [] selinux_sb_kern_mount+0xc/0x4b
+ [] vfs_kern_mount+0x99/0xf6
+ [] do_kern_mount+0x2d/0x3e
+ [] do_mount+0x5fa/0x66d
+ [] sys_mount+0x77/0xae
+ [] syscall_call+0x7/0xb
+DWARF2 unwinder stuck at syscall_call+0x7/0xb
+
+hfs_fill_super() returns success even if
+ root_inode = hfs_iget(sb, &fd.search_key->cat, &rec);
+or
+ sb->s_root = d_alloc_root(root_inode);
+
+fails. This superblock finds its way to superblock_doinit() which does:
+
+ struct dentry *root = sb->s_root;
+ struct inode *inode = root->d_inode;
+
+and boom. Need to make sure the error cases return an error, I think.
+
+[akpm@osdl.org: return -ENOMEM on oom]
+Signed-off-by: Eric Sandeen <sandeen@redhat.com>
+Cc: Roman Zippel <zippel@linux-m68k.org>
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+---
+
+--- a/fs/hfs/super.c
++++ b/fs/hfs/super.c
+@@ -390,11 +390,13 @@ static int hfs_fill_super(struct super_b
+ hfs_find_exit(&fd);
+ goto bail_no_root;
+ }
++ res = -EINVAL;
+ root_inode = hfs_iget(sb, &fd.search_key->cat, &rec);
+ hfs_find_exit(&fd);
+ if (!root_inode)
+ goto bail_no_root;
+
++ res = -ENOMEM;
+ sb->s_root = d_alloc_root(root_inode);
+ if (!sb->s_root)
+ goto bail_iput;
--- /dev/null
+--- fs/buffer.c-original 2007-01-27 14:46:34.000000000 +1100
++++ fs/buffer.c 2007-01-27 14:51:17.000000000 +1100
+@@ -1179,6 +1179,19 @@
+ } while ((size << sizebits) < PAGE_SIZE);
+
+ index = block >> sizebits;
++ /*
++ * Check for a block which wants to lie outside our maximum possible
++ * pagecache index. (this comparison is done using sector_t types).
++ */
++ if (unlikely(index != block >> sizebits)) {
++ char b[BDEVNAME_SIZE];
++
++ printk(KERN_ERR "%s: requested out-of-range block %llu for "
++ "device %s\n",
++ __FUNCTION__, (unsigned long long)block,
++ bdevname(bdev, b));
++ return -EIO;
++ }
+ block = index << sizebits;
+
+ /* Create a page with the proper size buffers.. */
+@@ -1207,12 +1220,16 @@
+
+ for (;;) {
+ struct buffer_head * bh;
++ int ret;
+
+ bh = __find_get_block(bdev, block, size);
+ if (bh)
+ return bh;
+
+- if (!grow_buffers(bdev, block, size))
++ ret = grow_buffers(bdev, block, size);
++ if (ret < 0)
++ return NULL;
++ if (ret == 0)
+ free_more_memory();
+ }
+ }
--- /dev/null
+MD5 9a91b2719949ff0856b40bc467fd47be linux-2.6.16.tar.bz2 40845005
+RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 linux-2.6.16.tar.bz2 40845005
+SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7 linux-2.6.16.tar.bz2 40845005
+MD5 736e7d741c0650c320c2b37bf6de3c0b patch-2.6.16.28.bz2 76693
+RMD160 5235c0b5f9665a279f5bf5d42f942cef215e822f patch-2.6.16.28.bz2 76693
+SHA256 6b05fd7121a86a5a6cfd0177200259eeb9a3d276a3cb16ba8cf2acdd747fa6be patch-2.6.16.28.bz2 76693
+MD5 9a7d359557c1dbc887a1a54c015589f7 xen-sources-2.6.16.28-3.0.2.patch.bz2 467924
+RMD160 8b62dc416b08e4ef4a10add18b3287eef856c613 xen-sources-2.6.16.28-3.0.2.patch.bz2 467924
+SHA256 0f3400e1c877b765fc62453664b80cf2e51002299476d532fe8f6af6db0fdb99 xen-sources-2.6.16.28-3.0.2.patch.bz2 467924
--- /dev/null
+--- drivers/media/dvb/dvb-core/dvb_net.c-original 2007-01-27 10:27:13.000000000 +1100
++++ drivers/media/dvb/dvb-core/dvb_net.c 2007-01-27 10:27:55.000000000 +1100
+@@ -492,7 +492,7 @@
+ } else
+ priv->ule_dbit = 0;
+
+- if (priv->ule_sndu_len > 32763) {
++ if (priv->ule_sndu_len > 32763 || priv->ule_sndu_len < ((priv->ule_dbit) ? 4 : 4 + ETH_ALEN)) {
+ printk(KERN_WARNING "%lu: Invalid ULE SNDU length %u. "
+ "Resyncing.\n", priv->ts_count, priv->ule_sndu_len);
+ priv->ule_sndu_len = 0;
--- /dev/null
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/xen-sources/xen-sources-2.6.16.28-r2.ebuild,v 1.1 2007/01/27 07:44:34 aross Exp $
+
+ETYPE="sources"
+inherit kernel-2 eutils
+detect_arch
+detect_version
+
+XEN_VERSION="3.0.2"
+XEN_URI="mirror://gentoo/${P}-${XEN_VERSION}.patch.bz2"
+
+DESCRIPTION="Linux kernel ${OKV} with Xen ${XEN_VERSION}"
+HOMEPAGE="http://kernel.org http://www.xensource.com/xen/xen/"
+SRC_URI="${KERNEL_URI} ${ARCH_URI} ${XEN_URI}"
+
+KEYWORDS="~x86 ~amd64"
+
+UNIPATCH_LIST="${DISTDIR}/${XEN_URI##*/}
+ ${FILESDIR}/${P}-CVE-2006-3468.patch
+ ${FILESDIR}/${P}-CVE-2006-6333.patch
+ ${FILESDIR}/CVE-2005-4352.patch
+ ${FILESDIR}/CVE-2006-4572.patch
+ ${FILESDIR}/CVE-2006-5619.patch
+ ${FILESDIR}/CVE-2006-6056.patch
+ ${FILESDIR}/CVE-2006-6060.patch
+ ${FILESDIR}/dvb-core-ule-sndu.patch"
projects / gentoo.git / commitdiff