From: Daniel Gryniewicz <dang@gentoo.org>
Date: Wed, 6 Sep 2006 23:47:56 +0000 (+0000)
Subject: Bump with several CVE fixes
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=bf3a2ae7b4064fbafaddde38d10bb4d2d2669dc7;p=gentoo.git

Bump with several CVE fixes
Package-Manager: portage-2.1.1_rc1-r2
---

diff --git a/sys-kernel/usermode-sources/ChangeLog b/sys-kernel/usermode-sources/ChangeLog
index 14bd25d35fd3..d86353f9735e 100644
--- a/sys-kernel/usermode-sources/ChangeLog
+++ b/sys-kernel/usermode-sources/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-kernel/usermode-sources
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.82 2006/07/15 18:18:43 dang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/ChangeLog,v 1.83 2006/09/06 23:47:56 dang Exp $
+
+*usermode-sources-2.6.16-r5 (06 Sep 2006)
+
+  06 Sep 2006; Daniel Gryniewicz <dang@gentoo.org>
+  +files/usermode-sources-2.6.16-CVE-2006-2935.patch,
+  +files/usermode-sources-2.6.16-CVE-2006-3468.patch,
+  +files/usermode-sources-2.6.16-CVE-2006-4145.patch,
+  +usermode-sources-2.6.16-r5.ebuild:
+  Bump with several CVE fixes
 
   15 Jul 2006; Daniel Gryniewicz <dang@gentoo.org>
   -usermode-sources-2.6.16-r1.ebuild, -usermode-sources-2.6.16-r2.ebuild:
diff --git a/sys-kernel/usermode-sources/Manifest b/sys-kernel/usermode-sources/Manifest
index 28cc18dab64e..5da606f88bc7 100644
--- a/sys-kernel/usermode-sources/Manifest
+++ b/sys-kernel/usermode-sources/Manifest
@@ -5,6 +5,18 @@ AUX uml-2.6.16-bs2-new-glibc.patch 1210 RMD160 26ae9898a3a666f415fcaabed470f1b9c
 MD5 3f0abc012a8ac90dca4de1ce99f666da files/uml-2.6.16-bs2-new-glibc.patch 1210
 RMD160 26ae9898a3a666f415fcaabed470f1b9c0dda480 files/uml-2.6.16-bs2-new-glibc.patch 1210
 SHA256 744d827ab362884581a77bc18c3b9736a362d14aa94bc8d93b167b3733055182 files/uml-2.6.16-bs2-new-glibc.patch 1210
+AUX usermode-sources-2.6.16-CVE-2006-2935.patch 987 RMD160 fd8896a08cbca676cc76ed713cd4e223d44ee0ba SHA1 fddc4204532f9a0e22e364bd4952b90e50de2ea3 SHA256 34eb3014c59ca234ff0ab0e22540fadb97f54d2cdca14743845820200a9245f3
+MD5 54151e6ebaffe8c0e120a81039a8ccda files/usermode-sources-2.6.16-CVE-2006-2935.patch 987
+RMD160 fd8896a08cbca676cc76ed713cd4e223d44ee0ba files/usermode-sources-2.6.16-CVE-2006-2935.patch 987
+SHA256 34eb3014c59ca234ff0ab0e22540fadb97f54d2cdca14743845820200a9245f3 files/usermode-sources-2.6.16-CVE-2006-2935.patch 987
+AUX usermode-sources-2.6.16-CVE-2006-3468.patch 3700 RMD160 6f4f016f1e8586384824803228729490e15478c4 SHA1 8409d2d61224c3ca6c8341baed9de4a0e28bb04b SHA256 235e7d34d6545480e6fa1e1e190860ed2c081d7890bb6532c0aad2d973084fdc
+MD5 07597cf53abbd6bf2a90bba4c514a8fb files/usermode-sources-2.6.16-CVE-2006-3468.patch 3700
+RMD160 6f4f016f1e8586384824803228729490e15478c4 files/usermode-sources-2.6.16-CVE-2006-3468.patch 3700
+SHA256 235e7d34d6545480e6fa1e1e190860ed2c081d7890bb6532c0aad2d973084fdc files/usermode-sources-2.6.16-CVE-2006-3468.patch 3700
+AUX usermode-sources-2.6.16-CVE-2006-4145.patch 3586 RMD160 ccf1179aeab055f2e408225bc0e2026fb3ce7328 SHA1 9d16d7b37ba0d0ee7ace9f6e7f5a09ed8f93be1d SHA256 e9c50befb4e9157cabc94f76c9ca0a7e80422d82d4c3280d8f852673f669adf1
+MD5 4b3491d14a0b79b71f9a3029718df69d files/usermode-sources-2.6.16-CVE-2006-4145.patch 3586
+RMD160 ccf1179aeab055f2e408225bc0e2026fb3ce7328 files/usermode-sources-2.6.16-CVE-2006-4145.patch 3586
+SHA256 e9c50befb4e9157cabc94f76c9ca0a7e80422d82d4c3280d8f852673f669adf1 files/usermode-sources-2.6.16-CVE-2006-4145.patch 3586
 DIST genpatches-2.6.16-13.base.tar.bz2 98287 RMD160 55e01ae4090fdbb65c2033d7df3f6d667bcd874f SHA1 0d5bc13616264f0e58c67337dafe72e92a7b7025 SHA256 3bfa570f10939a838a3d460563f30b429d227e9f5b4cd0bd6b448a22bdb63858
 DIST genpatches-2.6.16-15.base.tar.bz2 98632 RMD160 46e8cfcae8fea262d7599c2e4d3e7fbc8af239b2 SHA1 e0f253ad01a4da388675af4b90223289d9bcd578 SHA256 fb78f2a4d32d1770a34d9ee254686a6a12102fa99c1bb73e9c282ab5f82dddaa
 DIST linux-2.6.16.tar.bz2 40845005 RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 SHA1 bef21cd5063a648f33a99a26f4742dd05eb4dca2 SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7
@@ -17,10 +29,14 @@ EBUILD usermode-sources-2.6.16-r4.ebuild 934 RMD160 f4288532f467d4c2964a8b0b6793
 MD5 81526c2f805fc250275d0c4753b07320 usermode-sources-2.6.16-r4.ebuild 934
 RMD160 f4288532f467d4c2964a8b0b6793682c017bceb3 usermode-sources-2.6.16-r4.ebuild 934
 SHA256 6f50163682734e09be749b00f564a686dc3262099133ab42eee5079c214fb790 usermode-sources-2.6.16-r4.ebuild 934
-MISC ChangeLog 23007 RMD160 6bff2c26dc0bb5f3efdaec82c4fe1f38c6e3dff6 SHA1 4d9739c78246844f73180e0dfb4f7cecead50480 SHA256 586105e8984706aefb89d951e4fad2da37695cac66abc43c4994293c9299bb1c
-MD5 a6ccfda1bf197e2ff9eee76947aa71f1 ChangeLog 23007
-RMD160 6bff2c26dc0bb5f3efdaec82c4fe1f38c6e3dff6 ChangeLog 23007
-SHA256 586105e8984706aefb89d951e4fad2da37695cac66abc43c4994293c9299bb1c ChangeLog 23007
+EBUILD usermode-sources-2.6.16-r5.ebuild 1048 RMD160 3d16510ec77d98dd389df63a222c55e0e84298b3 SHA1 13c1855da1399896a53ce2385510027f94f7a905 SHA256 c41f8ca0d95b147c26cab5158c58744a345ed14610052956a4b54895bdc9ee18
+MD5 e1d1ee47b1cc11e17ad384ad6ce293bc usermode-sources-2.6.16-r5.ebuild 1048
+RMD160 3d16510ec77d98dd389df63a222c55e0e84298b3 usermode-sources-2.6.16-r5.ebuild 1048
+SHA256 c41f8ca0d95b147c26cab5158c58744a345ed14610052956a4b54895bdc9ee18 usermode-sources-2.6.16-r5.ebuild 1048
+MISC ChangeLog 23332 RMD160 0817ce37c7a158c62936b7a664a2d8aba050d064 SHA1 85b66e2cd2bef4524f1f00cdaf529064250a354f SHA256 77a247a5a93e8e9753355e500dd338c1fcb72b53025dd6b5e8e26708afe30f5d
+MD5 b995f9ad55f7eb3e90db4240bb3100c3 ChangeLog 23332
+RMD160 0817ce37c7a158c62936b7a664a2d8aba050d064 ChangeLog 23332
+SHA256 77a247a5a93e8e9753355e500dd338c1fcb72b53025dd6b5e8e26708afe30f5d ChangeLog 23332
 MISC metadata.xml 250 RMD160 9657d63a141d387fa3a42ef4087ee0ed3757cf67 SHA1 7a59aecd3ddaed1b49f15c552a7893929b5155ed SHA256 c1aa14289c2eb84cdf6c739f3d48b122a09d4c99de38bd22ae558ac47be0cf90
 MD5 5811f74eb87a97c082114675db0ef41b metadata.xml 250
 RMD160 9657d63a141d387fa3a42ef4087ee0ed3757cf67 metadata.xml 250
@@ -31,10 +47,13 @@ SHA256 2a4591c924c641d35587b60b48cdf9ad8c37b8ba75541a1e1106fd71767835d1 files/di
 MD5 f137099abce994ae348e252e17849f4d files/digest-usermode-sources-2.6.16-r4 774
 RMD160 f38a8ec3085b7de51b0384cc8a05bcda03337deb files/digest-usermode-sources-2.6.16-r4 774
 SHA256 c5f0c87d798f8977a4b89600fc6f19382a0b09b8140c59d8d3e2367840a9c484 files/digest-usermode-sources-2.6.16-r4 774
+MD5 f137099abce994ae348e252e17849f4d files/digest-usermode-sources-2.6.16-r5 774
+RMD160 f38a8ec3085b7de51b0384cc8a05bcda03337deb files/digest-usermode-sources-2.6.16-r5 774
+SHA256 c5f0c87d798f8977a4b89600fc6f19382a0b09b8140c59d8d3e2367840a9c484 files/digest-usermode-sources-2.6.16-r5 774
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.4-ecc0.1.6 (GNU/Linux)
+Version: GnuPG v1.4.5-ecc0.1.6 (GNU/Linux)
 
-iD8DBQFEuTF3omPajV0RnrERAht/AJ0eR9Q3quFTzOaOWr4pnjPXhnnDlQCffKc8
-U9PxdTADdjwPFSleN03Okvo=
-=6arj
+iD8DBQFE/15BomPajV0RnrERAqBuAJ0SyaEwtA3+EesxoeSY0gF431lywwCdFent
+c67y1yYth8LaviK1YG8LLNM=
+=pT0Z
 -----END PGP SIGNATURE-----
diff --git a/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.16-r5 b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.16-r5
new file mode 100644
index 000000000000..c0ae8374c8e3
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/digest-usermode-sources-2.6.16-r5
@@ -0,0 +1,9 @@
+MD5 80f99e02526b3c82be494970c6e5925a genpatches-2.6.16-15.base.tar.bz2 98632
+RMD160 46e8cfcae8fea262d7599c2e4d3e7fbc8af239b2 genpatches-2.6.16-15.base.tar.bz2 98632
+SHA256 fb78f2a4d32d1770a34d9ee254686a6a12102fa99c1bb73e9c282ab5f82dddaa genpatches-2.6.16-15.base.tar.bz2 98632
+MD5 9a91b2719949ff0856b40bc467fd47be linux-2.6.16.tar.bz2 40845005
+RMD160 af5c2f55733fadd2fdf8b00da55e7b31d516d4e8 linux-2.6.16.tar.bz2 40845005
+SHA256 1200dcc7e60fcdaf68618dba991917a47e41e67099e8b22143976ec972e2cad7 linux-2.6.16.tar.bz2 40845005
+MD5 97a67a09e25292f7d2a9bb8f38d85cbc uml-2.6.16-bs2.patch.bz2 33936
+RMD160 8a46545ae3ad355feb494d4e5a3f0dad76690aa3 uml-2.6.16-bs2.patch.bz2 33936
+SHA256 aba5949f52f03b08c85171101824c323c7b6a812666ce4049699a8cb9de9d84e uml-2.6.16-bs2.patch.bz2 33936
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-2935.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-2935.patch
new file mode 100644
index 000000000000..927d77d58dd3
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-2935.patch
@@ -0,0 +1,28 @@
+From: Jens Axboe <axboe@suse.de>
+Date: Mon, 10 Jul 2006 11:44:08 +0000 (-0700)
+Subject: [PATCH] cdrom: fix bad cgc.buflen assignment
+X-Git-Tag: v2.6.18-rc2
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=454d6fbc48374be8f53b9bafaa86530cf8eb3bc1
+
+[PATCH] cdrom: fix bad cgc.buflen assignment
+
+The code really means to mask off the high bits, not assign 0xff.
+
+Signed-off-by: Jens Axboe <axboe@suse.de>
+Cc: Marcus Meissner <meissner@suse.de>
+Cc: <stable@kernel.org>
+Signed-off-by: Andrew Morton <akpm@osdl.org>
+Signed-off-by: Linus Torvalds <torvalds@osdl.org>
+---
+
+--- a/drivers/cdrom/cdrom.c
++++ b/drivers/cdrom/cdrom.c
+@@ -1837,7 +1837,7 @@ static int dvd_read_bca(struct cdrom_dev
+ 	init_cdrom_command(&cgc, buf, sizeof(buf), CGC_DATA_READ);
+ 	cgc.cmd[0] = GPCMD_READ_DVD_STRUCTURE;
+ 	cgc.cmd[7] = s->type;
+-	cgc.cmd[9] = cgc.buflen = 0xff;
++	cgc.cmd[9] = cgc.buflen & 0xff;
+ 
+ 	if ((ret = cdo->generic_packet(cdi, &cgc)))
+ 		return ret;
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-3468.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-3468.patch
new file mode 100644
index 000000000000..1452939ae341
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-3468.patch
@@ -0,0 +1,106 @@
+diff --exclude-from=/home/dang/.diffrc -u -ruN linux-2.6.16.orig/fs/ext3/inode.c linux-2.6.16/fs/ext3/inode.c
+--- linux-2.6.16.orig/fs/ext3/inode.c	2006-03-20 00:53:29.000000000 -0500
++++ linux-2.6.16/fs/ext3/inode.c	2006-09-06 17:58:38.000000000 -0400
+@@ -1005,7 +1005,7 @@
+ 		ret = PTR_ERR(handle);
+ 		goto out;
+ 	}
+-	if (test_opt(inode->i_sb, NOBH))
++	if (test_opt(inode->i_sb, NOBH) && ext3_should_writeback_data(inode))
+ 		ret = nobh_prepare_write(page, from, to, ext3_get_block);
+ 	else
+ 		ret = block_prepare_write(page, from, to, ext3_get_block);
+@@ -1093,7 +1093,7 @@
+ 	if (new_i_size > EXT3_I(inode)->i_disksize)
+ 		EXT3_I(inode)->i_disksize = new_i_size;
+ 
+-	if (test_opt(inode->i_sb, NOBH))
++	if (test_opt(inode->i_sb, NOBH) && ext3_should_writeback_data(inode))
+ 		ret = nobh_commit_write(file, page, from, to);
+ 	else
+ 		ret = generic_commit_write(file, page, from, to);
+@@ -1343,7 +1343,7 @@
+ 		goto out_fail;
+ 	}
+ 
+-	if (test_opt(inode->i_sb, NOBH))
++	if (test_opt(inode->i_sb, NOBH) && ext3_should_writeback_data(inode))
+ 		ret = nobh_writepage(page, ext3_get_block, wbc);
+ 	else
+ 		ret = block_write_full_page(page, ext3_get_block, wbc);
+@@ -2258,17 +2258,15 @@
+ 	struct buffer_head *bh;
+ 	struct ext3_group_desc * gdp;
+ 
+-
+-	if ((ino != EXT3_ROOT_INO &&
+-		ino != EXT3_JOURNAL_INO &&
+-		ino != EXT3_RESIZE_INO &&
+-		ino < EXT3_FIRST_INO(sb)) ||
+-		ino > le32_to_cpu(
+-			EXT3_SB(sb)->s_es->s_inodes_count)) {
+-		ext3_error (sb, "ext3_get_inode_block",
+-			    "bad inode number: %lu", ino);
++	if (!ext3_valid_inum(sb, ino)) {
++		/*
++		 * This error is already checked for in namei.c unless we are
++		 * looking at an NFS filehandle, in which case no error
++		 * report is needed
++		 */
+ 		return 0;
+ 	}
++
+ 	block_group = (ino - 1) / EXT3_INODES_PER_GROUP(sb);
+ 	if (block_group >= EXT3_SB(sb)->s_groups_count) {
+ 		ext3_error (sb, "ext3_get_inode_block",
+diff --exclude-from=/home/dang/.diffrc -u -ruN linux-2.6.16.orig/fs/ext3/namei.c linux-2.6.16/fs/ext3/namei.c
+--- linux-2.6.16.orig/fs/ext3/namei.c	2006-03-20 00:53:29.000000000 -0500
++++ linux-2.6.16/fs/ext3/namei.c	2006-09-06 17:55:59.000000000 -0400
+@@ -1000,7 +1000,12 @@
+ 	if (bh) {
+ 		unsigned long ino = le32_to_cpu(de->inode);
+ 		brelse (bh);
+-		inode = iget(dir->i_sb, ino);
++		if (!ext3_valid_inum(dir->i_sb, ino)) {
++			ext3_error(dir->i_sb, "ext3_lookup",
++				   "bad inode number: %lu", ino);
++			inode = NULL;
++		} else
++			inode = iget(dir->i_sb, ino);
+ 
+ 		if (!inode)
+ 			return ERR_PTR(-EACCES);
+@@ -1028,7 +1033,13 @@
+ 		return ERR_PTR(-ENOENT);
+ 	ino = le32_to_cpu(de->inode);
+ 	brelse(bh);
+-	inode = iget(child->d_inode->i_sb, ino);
++
++	if (!ext3_valid_inum(child->d_inode->i_sb, ino)) {
++		ext3_error(child->d_inode->i_sb, "ext3_get_parent",
++			   "bad inode number: %lu", ino);
++		inode = NULL;
++	} else
++		inode = iget(child->d_inode->i_sb, ino);
+ 
+ 	if (!inode)
+ 		return ERR_PTR(-EACCES);
+diff --exclude-from=/home/dang/.diffrc -u -ruN linux-2.6.16.orig/include/linux/ext3_fs.h linux-2.6.16/include/linux/ext3_fs.h
+--- linux-2.6.16.orig/include/linux/ext3_fs.h	2006-03-20 00:53:29.000000000 -0500
++++ linux-2.6.16/include/linux/ext3_fs.h	2006-09-06 17:55:59.000000000 -0400
+@@ -494,6 +494,15 @@
+ {
+ 	return container_of(inode, struct ext3_inode_info, vfs_inode);
+ }
++
++static inline int ext3_valid_inum(struct super_block *sb, unsigned long ino)
++{
++	return ino == EXT3_ROOT_INO ||
++		ino == EXT3_JOURNAL_INO ||
++		ino == EXT3_RESIZE_INO ||
++		(ino >= EXT3_FIRST_INO(sb) &&
++		 ino <= le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count));
++}
+ #else
+ /* Assume that user mode programs are passing in an ext3fs superblock, not
+  * a kernel struct super_block.  This will allow us to call the feature-test
diff --git a/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-4145.patch b/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-4145.patch
new file mode 100644
index 000000000000..7b6457798ee5
--- /dev/null
+++ b/sys-kernel/usermode-sources/files/usermode-sources-2.6.16-CVE-2006-4145.patch
@@ -0,0 +1,92 @@
+diff --exclude-from=/home/dang/.diffrc -u -ruN linux-2.6.16.orig/fs/udf/super.c linux-2.6.16/fs/udf/super.c
+--- linux-2.6.16.orig/fs/udf/super.c	2006-03-20 00:53:29.000000000 -0500
++++ linux-2.6.16/fs/udf/super.c	2006-09-06 19:10:33.000000000 -0400
+@@ -1657,7 +1657,7 @@
+ 		iput(inode);
+ 		goto error_out;
+ 	}
+-	sb->s_maxbytes = MAX_LFS_FILESIZE;
++	sb->s_maxbytes = 1<<30;
+ 	return 0;
+ 
+ error_out:
+diff --exclude-from=/home/dang/.diffrc -u -ruN linux-2.6.16.orig/fs/udf/truncate.c linux-2.6.16/fs/udf/truncate.c
+--- linux-2.6.16.orig/fs/udf/truncate.c	2006-03-20 00:53:29.000000000 -0500
++++ linux-2.6.16/fs/udf/truncate.c	2006-09-06 19:10:33.000000000 -0400
+@@ -239,37 +239,51 @@
+ 	{
+ 		if (offset)
+ 		{
+-			extoffset -= adsize;
+-			etype = udf_next_aext(inode, &bloc, &extoffset, &eloc, &elen, &bh, 1);
+-			if (etype == (EXT_NOT_RECORDED_NOT_ALLOCATED >> 30))
+-			{
+-				extoffset -= adsize;
+-				elen = EXT_NOT_RECORDED_NOT_ALLOCATED | (elen + offset);
+-				udf_write_aext(inode, bloc, &extoffset, eloc, elen, bh, 0);
++			/*
++			 *  OK, there is not extent covering inode->i_size and
++			 *  no extent above inode->i_size => truncate is
++			 *  extending the file by 'offset'.
++			 */
++			if ((!bh && extoffset == udf_file_entry_alloc_offset(inode)) ||
++			    (bh && extoffset == sizeof(struct allocExtDesc))) {
++				/* File has no extents at all! */
++				memset(&eloc, 0x00, sizeof(kernel_lb_addr));
++				elen = EXT_NOT_RECORDED_NOT_ALLOCATED | offset;
++				udf_add_aext(inode, &bloc, &extoffset, eloc, elen, &bh, 1);
+ 			}
+-			else if (etype == (EXT_NOT_RECORDED_ALLOCATED >> 30))
+-			{
+-				kernel_lb_addr neloc = { 0, 0 };
++			else {
+ 				extoffset -= adsize;
+-				nelen = EXT_NOT_RECORDED_NOT_ALLOCATED |
+-					((elen + offset + inode->i_sb->s_blocksize - 1) &
+-					~(inode->i_sb->s_blocksize - 1));
+-				udf_write_aext(inode, bloc, &extoffset, neloc, nelen, bh, 1);
+-				udf_add_aext(inode, &bloc, &extoffset, eloc, (etype << 30) | elen, &bh, 1);
+-			}
+-			else
+-			{
+-				if (elen & (inode->i_sb->s_blocksize - 1))
++				etype = udf_next_aext(inode, &bloc, &extoffset, &eloc, &elen, &bh, 1);
++				if (etype == (EXT_NOT_RECORDED_NOT_ALLOCATED >> 30))
+ 				{
+ 					extoffset -= adsize;
+-					elen = EXT_RECORDED_ALLOCATED |
+-						((elen + inode->i_sb->s_blocksize - 1) &
++					elen = EXT_NOT_RECORDED_NOT_ALLOCATED | (elen + offset);
++					udf_write_aext(inode, bloc, &extoffset, eloc, elen, bh, 0);
++				}
++				else if (etype == (EXT_NOT_RECORDED_ALLOCATED >> 30))
++				{
++					kernel_lb_addr neloc = { 0, 0 };
++					extoffset -= adsize;
++					nelen = EXT_NOT_RECORDED_NOT_ALLOCATED |
++						((elen + offset + inode->i_sb->s_blocksize - 1) &
+ 						~(inode->i_sb->s_blocksize - 1));
+-					udf_write_aext(inode, bloc, &extoffset, eloc, elen, bh, 1);
++					udf_write_aext(inode, bloc, &extoffset, neloc, nelen, bh, 1);
++					udf_add_aext(inode, &bloc, &extoffset, eloc, (etype << 30) | elen, &bh, 1);
++				}
++				else
++				{
++					if (elen & (inode->i_sb->s_blocksize - 1))
++					{
++						extoffset -= adsize;
++						elen = EXT_RECORDED_ALLOCATED |
++							((elen + inode->i_sb->s_blocksize - 1) &
++							~(inode->i_sb->s_blocksize - 1));
++						udf_write_aext(inode, bloc, &extoffset, eloc, elen, bh, 1);
++					}
++					memset(&eloc, 0x00, sizeof(kernel_lb_addr));
++					elen = EXT_NOT_RECORDED_NOT_ALLOCATED | offset;
++					udf_add_aext(inode, &bloc, &extoffset, eloc, elen, &bh, 1);
+ 				}
+-				memset(&eloc, 0x00, sizeof(kernel_lb_addr));
+-				elen = EXT_NOT_RECORDED_NOT_ALLOCATED | offset;
+-				udf_add_aext(inode, &bloc, &extoffset, eloc, elen, &bh, 1);
+ 			}
+ 		}
+ 	}
diff --git a/sys-kernel/usermode-sources/usermode-sources-2.6.16-r5.ebuild b/sys-kernel/usermode-sources/usermode-sources-2.6.16-r5.ebuild
new file mode 100644
index 000000000000..3a90d6d903fd
--- /dev/null
+++ b/sys-kernel/usermode-sources/usermode-sources-2.6.16-r5.ebuild
@@ -0,0 +1,26 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/usermode-sources/usermode-sources-2.6.16-r5.ebuild,v 1.1 2006/09/06 23:47:56 dang Exp $
+
+ETYPE="sources"
+K_WANT_GENPATCHES="base"
+K_GENPATCHES_VER="15"
+inherit kernel-2
+detect_version
+
+UML_VER="uml-2.6.16-bs2"
+UNIPATCH_LIST="${DISTDIR}/${UML_VER}.patch.bz2
+	${FILESDIR}/${UML_VER}-new-glibc.patch
+	${FILESDIR}/${P}-CVE-2006-2935.patch
+	${FILESDIR}/${P}-CVE-2006-3468.patch
+	${FILESDIR}/${P}-CVE-2006-4145.patch"
+
+DESCRIPTION="Full sources for the User Mode Linux kernel"
+SRC_URI="${KERNEL_URI} ${GENPATCHES_URI}
+	http://www.user-mode-linux.org/~blaisorblade/patches/guest/${UML_VER}/${UML_VER}.patch.bz2"
+HOMEPAGE="http://www.kernel.org/ http://user-mode-linux.sourceforge.net"
+KEYWORDS="~amd64 ~x86"
+
+K_EXTRAEINFO="Since you are using UML, you may want to read the Gentoo Linux
+Developer's guide to system testing with User-Mode Linux that
+can be found at http://www.gentoo.org/doc/en/uml.xml"