[packages/kernel.git] / ow1-fix-2.2.22-rc2.patch

diff -urN linux.orig/linux-2.2.21-ow1/linux-2.2.21-ow1.diff linux/linux-2.2.21-ow1/linux-2.2.21-ow1.diff
--- linux.orig/linux-2.2.21-ow1/linux-2.2.21-ow1.diff	Sat May 25 19:44:23 2002
+++ linux/linux-2.2.21-ow1/linux-2.2.21-ow1.diff	Sun Sep  8 15:45:24 2002
@@ -193,18 +193,6 @@
  
  #
  # Kernel hacking
-diff -urPX nopatch linux-2.2.21/arch/alpha/kernel/entry.S linux/arch/alpha/kernel/entry.S
---- linux-2.2.21/arch/alpha/kernel/entry.S	Fri Nov  2 19:39:05 2001
-+++ linux/arch/alpha/kernel/entry.S	Sat May 25 20:26:03 2002
-@@ -556,7 +556,7 @@
- 	lda	$5,sys_call_table
- 	lda	$27,sys_ni_syscall
- 	cmpult	$0,$4,$4
--	ldq	$3,TASK_FLAGS($8)
-+	ldq	$3,TASK_PTRACE($8)
- 	stq	$17,SP_OFF+32($30)
- 	s8addq	$0,$5,$5
- 	and     $3,PT_PTRACED,$3
 diff -urPX nopatch linux-2.2.21/arch/arm/config.in linux/arch/arm/config.in
 --- linux-2.2.21/arch/arm/config.in	Sun Mar 25 20:31:54 2001
 +++ linux/arch/arm/config.in	Sat May 25 20:26:03 2002
@@ -964,29 +952,6 @@
  
  #
  # Watchdog
-diff -urPX nopatch linux-2.2.21/drivers/net/zlib.c linux/drivers/net/zlib.c
---- linux-2.2.21/drivers/net/zlib.c	Tue May 21 03:32:35 2002
-+++ linux/drivers/net/zlib.c	Sat May 25 20:33:16 2002
-@@ -3938,7 +3938,6 @@
-           r = t;
-           LEAVE
-         }
--        ZFREE(z, s->sub.trees.blens);
-         Tracev((stderr, "inflate:       trees ok, %d * %d bytes used\n",
-               inflate_hufts, sizeof(inflate_huft)));
-         if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL)
-diff -urPX nopatch linux-2.2.21/drivers/scsi/st.c linux/drivers/scsi/st.c
---- linux-2.2.21/drivers/scsi/st.c	Fri Nov  2 19:39:08 2001
-+++ linux/drivers/scsi/st.c	Sat May 25 20:26:27 2002
-@@ -1463,7 +1463,7 @@
- 			if (transfer < 0) {
- 			    if (STps->drv_block >= 0)
- 				STps->drv_block += 1;
--			    return (-ENOMEM);
-+			    return (-EIO);
- 			}
- 			(STp->buffer)->buffer_bytes = bytes - transfer;
- 		    }
 diff -urPX nopatch linux-2.2.21/fs/binfmt_aout.c linux/fs/binfmt_aout.c
 --- linux-2.2.21/fs/binfmt_aout.c	Fri Nov  2 19:39:08 2001
 +++ linux/fs/binfmt_aout.c	Sat May 25 20:26:27 2002
@@ -1159,77 +1124,6 @@
  
  /*
   * Note that some platforms still use traditional core dumps and not
-diff -urPX nopatch linux-2.2.21/fs/dcache.c linux/fs/dcache.c
---- linux-2.2.21/fs/dcache.c	Fri Nov  2 19:39:08 2001
-+++ linux/fs/dcache.c	Sat May 25 21:22:21 2002
-@@ -764,12 +764,15 @@
- /*
-  * "buflen" should be PAGE_SIZE or more.
-  */
--char * d_path(struct dentry *dentry, char *buffer, int buflen)
-+static char * d_path_error(struct dentry *dentry,
-+			   char *buffer, int buflen, int *error)
- {
- 	char * end = buffer+buflen;
- 	char * retval;
- 	struct dentry * root = current->fs->root;
- 
-+	*error = 0;
-+
- 	*--end = '\0';
- 	buflen--;
- 	if (dentry->d_parent != dentry && list_empty(&dentry->d_hash)) {
-@@ -794,8 +797,10 @@
- 			break;
- 		namelen = dentry->d_name.len;
- 		buflen -= namelen + 1;
--		if (buflen < 0)
-+		if (buflen < 0) {
-+			*error = -ENAMETOOLONG;
- 			break;
-+		}
- 		end -= namelen;
- 		memcpy(end, dentry->d_name.name, namelen);
- 		*--end = '/';
-@@ -805,6 +810,13 @@
- 	return retval;
- }
- 
-+char * d_path(struct dentry *dentry, char *buffer, int buflen)
-+{
-+	int error;
-+
-+	return d_path_error(dentry, buffer, buflen, &error);
-+}
-+
- /*
-  * NOTE! The user-level library version returns a
-  * character pointer. The kernel system call just
-@@ -835,14 +847,17 @@
- 		error = -ENOMEM;
- 		if (page) {
- 			unsigned long len;
--			char * cwd = d_path(pwd, page, PAGE_SIZE);
-+			char * cwd;
- 
--			error = -ERANGE;
--			len = PAGE_SIZE + page - cwd;
--			if (len <= size) {
--				error = len;
--				if (copy_to_user(buf, cwd, len))
--					error = -EFAULT;
-+			cwd = d_path_error(pwd, page, PAGE_SIZE, &error);
-+			if (!error) {
-+				error = -ERANGE;
-+				len = PAGE_SIZE + page - cwd;
-+				if (len <= size) {
-+					error = len;
-+					if (copy_to_user(buf, cwd, len))
-+						error = -EFAULT;
-+				}
- 			}
- 			free_page((unsigned long) page);
- 		}
 diff -urPX nopatch linux-2.2.21/fs/exec.c linux/fs/exec.c
 --- linux-2.2.21/fs/exec.c	Fri Nov  2 19:39:08 2001
 +++ linux/fs/exec.c	Sat May 25 20:26:27 2002
@@ -1430,59 +1324,6 @@
  
  	current->dumpable = was_dumpable;
  
-diff -urPX nopatch linux-2.2.21/fs/ext2/file.c linux/fs/ext2/file.c
---- linux-2.2.21/fs/ext2/file.c	Sun Mar 25 20:30:58 2001
-+++ linux/fs/ext2/file.c	Sat May 25 20:26:27 2002
-@@ -164,15 +164,15 @@
- 	int err;
- 	int i,buffercount,write_error, new_buffer;
- 	unsigned long limit;
--	
-+
- 	/* POSIX: mtime/ctime may not change for 0 count */
- 	if (!count)
- 		return 0;
- 	/* This makes the bounds-checking arithmetic later on much more
- 	 * sane. */
--	if (((signed) count) < 0)
-+	if (((ssize_t) count) < 0)
- 		return -EINVAL;
--	
-+
- 	write_error = buffercount = 0;
- 	if (!inode) {
- 		printk("ext2_file_write: inode = NULL\n");
-@@ -206,15 +206,15 @@
- 	/* If the fd's pos is already greater than or equal to the file
- 	 * descriptor's offset maximum, then we need to return EFBIG for
- 	 * any non-zero count (and we already tested for zero above). */
--	if (((unsigned) pos) >= 0x7FFFFFFFUL)
-+	if (((unsigned long) pos) >= 0x7FFFFFFFUL)
- 		return -EFBIG;
- 	
- 	/* If we are about to overflow the maximum file size, we also
- 	 * need to return the error, but only if no bytes can be written
- 	 * successfully. */
--	if (((unsigned) pos + count) > 0x7FFFFFFFUL) {
-+	if (((unsigned long) pos + count) > 0x7FFFFFFFUL) {
- 		count = 0x7FFFFFFFL - pos;
--		if (((signed) count) < 0)
-+		if (((ssize_t) count) < 0)
- 			return -EFBIG;
- 	}
- #else
-@@ -246,9 +246,9 @@
- 
- 	limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
- 	if (limit < RLIM_INFINITY) {
--		if (((unsigned) pos+count) >= limit) {
-+		if (((unsigned long) pos + count) >= limit) {
- 			count = limit - pos;
--			if (((signed) count) <= 0) {
-+			if (((ssize_t) count) <= 0) {
- 				send_sig(SIGXFSZ, current, 0);
- 				return -EFBIG;
- 			}
 diff -urPX nopatch linux-2.2.21/fs/namei.c linux/fs/namei.c
 --- linux-2.2.21/fs/namei.c	Fri Nov  2 19:39:08 2001
 +++ linux/fs/namei.c	Sat May 25 20:26:27 2002
@@ -1717,25 +1558,6 @@
  	}
  	if (ino & PROC_PID_FD_DIR) {
  		struct file * file;
-diff -urPX nopatch linux-2.2.21/fs/proc/proc_tty.c linux/fs/proc/proc_tty.c
---- linux-2.2.21/fs/proc/proc_tty.c	Sun Mar 25 20:30:58 2001
-+++ linux/fs/proc/proc_tty.c	Sat May 25 20:26:27 2002
-@@ -178,7 +178,14 @@
- 	if (!ent)
- 		return;
- 	proc_tty_ldisc = create_proc_entry("tty/ldisc", S_IFDIR, 0);
--	proc_tty_driver = create_proc_entry("tty/driver", S_IFDIR, 0);
-+	/*
-+	 * /proc/tty/driver/serial reveals the exact character counts for
-+	 * serial links which is just too easy to abuse for inferring
-+	 * password lengths and inter-keystroke timings during password
-+	 * entry.
-+	 */
-+	proc_tty_driver = create_proc_entry("tty/driver",
-+		S_IFDIR | S_IRUSR | S_IXUSR, 0);
- 
- 	ent = create_proc_entry("tty/ldiscs", 0, 0);
- 	ent->read_proc = tty_ldiscs_read_proc;
 diff -urPX nopatch linux-2.2.21/fs/proc/root.c linux/fs/proc/root.c
 --- linux-2.2.21/fs/proc/root.c	Tue May 21 03:32:35 2002
 +++ linux/fs/proc/root.c	Sat May 25 20:26:27 2002
@@ -1954,17 +1776,6 @@
  
  /*
   * Ptrace flags
-diff -urPX nopatch linux-2.2.21/include/linux/stat.h linux/include/linux/stat.h
---- linux-2.2.21/include/linux/stat.h	Sun Mar 25 20:31:03 2001
-+++ linux/include/linux/stat.h	Sat May 25 20:26:53 2002
-@@ -52,6 +52,7 @@
- #define S_IRUGO		(S_IRUSR|S_IRGRP|S_IROTH)
- #define S_IWUGO		(S_IWUSR|S_IWGRP|S_IWOTH)
- #define S_IXUGO		(S_IXUSR|S_IXGRP|S_IXOTH)
-+#define S_IRXUG		(S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP)
- #endif
- 
- #endif
 diff -urPX nopatch linux-2.2.21/ipc/shm.c linux/ipc/shm.c
 --- linux-2.2.21/ipc/shm.c	Sun Mar 25 20:37:40 2001
 +++ linux/ipc/shm.c	Sat May 25 20:26:53 2002
@@ -2094,120 +1905,6 @@
  	return do_syslog(type, buf, len);
  }
  
-@@ -260,7 +266,7 @@
- 
- 	spin_lock_irqsave(&console_lock, flags);
- 	va_start(args, fmt);
--	i = vsprintf(buf + 3, fmt, args); /* hopefully i < sizeof(buf)-4 */
-+	i = _vsnprintf(buf + 3, sizeof(buf) - sizeof(buf) / 8 - 3, fmt, args);
- 	buf_end = buf + 3 + i;
- 	va_end(args);
- 	for (p = buf + 3; p < buf_end; p++) {
-diff -urPX nopatch linux-2.2.21/kernel/sys.c linux/kernel/sys.c
---- linux-2.2.21/kernel/sys.c	Sun Mar 25 20:37:40 2001
-+++ linux/kernel/sys.c	Sat May 25 21:27:04 2002
-@@ -507,8 +507,8 @@
- 		if (euid != current->euid)
- 			current->dumpable = 0;
- 		current->euid = euid;
--		current->fsuid = euid;
- 	}
-+	current->fsuid = current->euid;
- 	if (suid != (uid_t) -1)
- 		current->suid = suid;
- 
-@@ -554,8 +554,8 @@
- 		if (egid != current->egid)
- 			current->dumpable = 0;
- 		current->egid = egid;
--		current->fsgid = egid;
- 	}
-+	current->fsgid = current->egid;
- 	if (sgid != (gid_t) -1)
- 		current->sgid = sgid;
- 	return 0;
-diff -urPX nopatch linux-2.2.21/kernel/sysctl.c linux/kernel/sysctl.c
---- linux-2.2.21/kernel/sysctl.c	Sun Mar 25 20:37:40 2001
-+++ linux/kernel/sysctl.c	Sat May 25 20:26:53 2002
-@@ -338,8 +338,11 @@
- 		size_t old_len;
- 		if (!oldlenp)
- 			return -EFAULT;
--		if(get_user(old_len, oldlenp))
-+		if (get_user(old_len, oldlenp))
- 			return -EFAULT;
-+		/* XXX: insufficient for SMP, but should be redundant anyway */
-+		if ((ssize_t)old_len < 0)
-+			return -EINVAL;
- 	}
- 	tmp = &root_table_header;
- 	do {
-@@ -459,7 +462,8 @@
- 	 * zero, proceed with automatic r/w */
- 	if (table->data && table->maxlen) {
- 		if (oldval && oldlenp) {
--			get_user(len, oldlenp);
-+			if (get_user(len, oldlenp))
-+				return -EFAULT;
- 			if (len) {
- 				if (len > table->maxlen)
- 					len = table->maxlen;
-@@ -1047,7 +1051,8 @@
- 
- 		for (i = 0; i < length; i++) {
- 			int value;
--			get_user(value, vec + i);
-+			if (get_user(value, vec + i))
-+				return -EFAULT;
- 			if (min && value < min[i])
- 				return -EINVAL;
- 			if (max && value > max[i])
-diff -urPX nopatch linux-2.2.21/lib/vsprintf.c linux/lib/vsprintf.c
---- linux-2.2.21/lib/vsprintf.c	Sun Mar 25 20:31:02 2001
-+++ linux/lib/vsprintf.c	Sat May 25 20:26:53 2002
-@@ -142,7 +142,7 @@
- /* Forward decl. needed for IP address printing stuff... */
- int sprintf(char * buf, const char *fmt, ...);
- 
--int vsprintf(char *buf, const char *fmt, va_list args)
-+int _vsnprintf(char *buf, int n, const char *fmt, va_list args)
- {
- 	int len;
- 	unsigned long num;
-@@ -157,7 +157,7 @@
- 				   number of chars for from string */
- 	int qualifier;		/* 'h', 'l', or 'L' for integer fields */
- 
--	for (str=buf ; *fmt ; ++fmt) {
-+	for (str = buf; *fmt && (n == -1 || str - buf < n); ++fmt) {
- 		if (*fmt != '%') {
- 			*str++ = *fmt;
- 			continue;
-@@ -231,6 +231,12 @@
- 
- 			len = strnlen(s, precision);
- 
-+			if (n != -1 && len >= n - (str - buf)) {
-+				len = n - 1 - (str - buf);
-+				if (len <= 0) break;
-+				if (len < field_width) field_width = len;
-+			}
-+
- 			if (!(flags & LEFT))
- 				while (len < field_width--)
- 					*str++ = ' ';
-@@ -304,6 +310,11 @@
- 	}
- 	*str = '\0';
- 	return str-buf;
-+}
-+
-+int vsprintf(char *buf, const char *fmt, va_list args)
-+{
-+	return _vsnprintf(buf, -1, fmt, args);
- }
- 
- int sprintf(char * buf, const char *fmt, ...)
 diff -urPX nopatch linux-2.2.21/mm/mmap.c linux/mm/mmap.c
 --- linux-2.2.21/mm/mmap.c	Sun Mar 25 20:31:02 2001
 +++ linux/mm/mmap.c	Sat May 25 20:26:53 2002
@@ -2254,29 +1951,6 @@
  		}
  		prev = type;
  	}
-diff -urPX nopatch linux-2.2.21/net/socket.c linux/net/socket.c
---- linux-2.2.21/net/socket.c	Sun Mar 25 20:37:41 2001
-+++ linux/net/socket.c	Sat May 25 20:26:53 2002
-@@ -1073,11 +1073,19 @@
- asmlinkage int sys_getsockopt(int fd, int level, int optname, char *optval, int *optlen)
- {
- 	int err;
-+	int len;
- 	struct socket *sock;
- 
- 	lock_kernel();
- 	if ((sock = sockfd_lookup(fd, &err))!=NULL)
- 	{
-+		/* XXX: insufficient for SMP, but should be redundant anyway */
-+		if (get_user(len, optlen))
-+			err = -EFAULT;
-+		else
-+		if (len < 0)
-+			err = -EINVAL;
-+		else
- 		if (level == SOL_SOCKET)
- 			err=sock_getsockopt(sock,level,optname,optval,optlen);
- 		else
 diff -urPX nopatch linux-2.2.21/security/Common.in linux/security/Common.in
 --- linux-2.2.21/security/Common.in	Thu Jan  1 03:00:00 1970
 +++ linux/security/Common.in	Sat May 25 20:26:53 2002
Commit	Line	Data
32be57da KT	1	diff -urN linux.orig/linux-2.2.21-ow1/linux-2.2.21-ow1.diff linux/linux-2.2.21-ow1/linux-2.2.21-ow1.diff
	2	--- linux.orig/linux-2.2.21-ow1/linux-2.2.21-ow1.diff Sat May 25 19:44:23 2002
	3	+++ linux/linux-2.2.21-ow1/linux-2.2.21-ow1.diff Sun Sep 8 15:45:24 2002
	4	@@ -193,18 +193,6 @@
	5
	6	#
	7	# Kernel hacking
	8	-diff -urPX nopatch linux-2.2.21/arch/alpha/kernel/entry.S linux/arch/alpha/kernel/entry.S
	9	---- linux-2.2.21/arch/alpha/kernel/entry.S Fri Nov 2 19:39:05 2001
	10	-+++ linux/arch/alpha/kernel/entry.S Sat May 25 20:26:03 2002
	11	-@@ -556,7 +556,7 @@
	12	- lda $5,sys_call_table
	13	- lda $27,sys_ni_syscall
	14	- cmpult $0,$4,$4
	15	-- ldq $3,TASK_FLAGS($8)
	16	-+ ldq $3,TASK_PTRACE($8)
	17	- stq $17,SP_OFF+32($30)
	18	- s8addq $0,$5,$5
	19	- and $3,PT_PTRACED,$3
	20	diff -urPX nopatch linux-2.2.21/arch/arm/config.in linux/arch/arm/config.in
	21	--- linux-2.2.21/arch/arm/config.in Sun Mar 25 20:31:54 2001
	22	+++ linux/arch/arm/config.in Sat May 25 20:26:03 2002
	23	@@ -964,29 +952,6 @@
	24
	25	#
	26	# Watchdog
	27	-diff -urPX nopatch linux-2.2.21/drivers/net/zlib.c linux/drivers/net/zlib.c
	28	---- linux-2.2.21/drivers/net/zlib.c Tue May 21 03:32:35 2002
	29	-+++ linux/drivers/net/zlib.c Sat May 25 20:33:16 2002
	30	-@@ -3938,7 +3938,6 @@
	31	- r = t;
	32	- LEAVE
	33	- }
	34	-- ZFREE(z, s->sub.trees.blens);
	35	- Tracev((stderr, "inflate: trees ok, %d * %d bytes used\n",
	36	- inflate_hufts, sizeof(inflate_huft)));
	37	- if ((c = inflate_codes_new(bl, bd, tl, td, z)) == Z_NULL)
	38	-diff -urPX nopatch linux-2.2.21/drivers/scsi/st.c linux/drivers/scsi/st.c
	39	---- linux-2.2.21/drivers/scsi/st.c Fri Nov 2 19:39:08 2001
	40	-+++ linux/drivers/scsi/st.c Sat May 25 20:26:27 2002
	41	-@@ -1463,7 +1463,7 @@
	42	- if (transfer < 0) {
	43	- if (STps->drv_block >= 0)
	44	- STps->drv_block += 1;
	45	-- return (-ENOMEM);
	46	-+ return (-EIO);
	47	- }
	48	- (STp->buffer)->buffer_bytes = bytes - transfer;
	49	- }
	50	diff -urPX nopatch linux-2.2.21/fs/binfmt_aout.c linux/fs/binfmt_aout.c
	51	--- linux-2.2.21/fs/binfmt_aout.c Fri Nov 2 19:39:08 2001
	52	+++ linux/fs/binfmt_aout.c Sat May 25 20:26:27 2002
	53	@@ -1159,77 +1124,6 @@
	54
	55	/*
	56	* Note that some platforms still use traditional core dumps and not
	57	-diff -urPX nopatch linux-2.2.21/fs/dcache.c linux/fs/dcache.c
	58	---- linux-2.2.21/fs/dcache.c Fri Nov 2 19:39:08 2001
	59	-+++ linux/fs/dcache.c Sat May 25 21:22:21 2002
	60	-@@ -764,12 +764,15 @@
	61	- /*
	62	- * "buflen" should be PAGE_SIZE or more.
	63	- */
	64	--char * d_path(struct dentry dentry, char buffer, int buflen)
65	-+static char * d_path_error(struct dentry *dentry,
66	-+ char buffer, int buflen, int error)
67	- {
68	- char * end = buffer+buflen;
69	- char * retval;
70	- struct dentry * root = current->fs->root;
71	-
72	-+ *error = 0;
73	-+
74	- *--end = '\0';
75	- buflen--;
76	- if (dentry->d_parent != dentry && list_empty(&dentry->d_hash)) {
77	-@@ -794,8 +797,10 @@
78	- break;
79	- namelen = dentry->d_name.len;
80	- buflen -= namelen + 1;
81	-- if (buflen < 0)
82	-+ if (buflen < 0) {
83	-+ *error = -ENAMETOOLONG;
84	- break;
85	-+ }
86	- end -= namelen;
87	- memcpy(end, dentry->d_name.name, namelen);
88	- *--end = '/';
89	-@@ -805,6 +810,13 @@
90	- return retval;
91	- }
92	-
93	-+char * d_path(struct dentry dentry, char buffer, int buflen)
94	-+{
95	-+ int error;
96	-+
97	-+ return d_path_error(dentry, buffer, buflen, &error);
98	-+}
99	-+
100	- /*
101	- * NOTE! The user-level library version returns a
102	- * character pointer. The kernel system call just
103	-@@ -835,14 +847,17 @@
104	- error = -ENOMEM;
105	- if (page) {
106	- unsigned long len;
107	-- char * cwd = d_path(pwd, page, PAGE_SIZE);
108	-+ char * cwd;
109	-
110	-- error = -ERANGE;
111	-- len = PAGE_SIZE + page - cwd;
112	-- if (len <= size) {
113	-- error = len;
114	-- if (copy_to_user(buf, cwd, len))
115	-- error = -EFAULT;
116	-+ cwd = d_path_error(pwd, page, PAGE_SIZE, &error);
117	-+ if (!error) {
118	-+ error = -ERANGE;
119	-+ len = PAGE_SIZE + page - cwd;
120	-+ if (len <= size) {
121	-+ error = len;
122	-+ if (copy_to_user(buf, cwd, len))
123	-+ error = -EFAULT;
124	-+ }
125	- }
126	- free_page((unsigned long) page);
127	- }
128	diff -urPX nopatch linux-2.2.21/fs/exec.c linux/fs/exec.c
129	--- linux-2.2.21/fs/exec.c Fri Nov 2 19:39:08 2001
130	+++ linux/fs/exec.c Sat May 25 20:26:27 2002
131	@@ -1430,59 +1324,6 @@
132
133	current->dumpable = was_dumpable;
134
135	-diff -urPX nopatch linux-2.2.21/fs/ext2/file.c linux/fs/ext2/file.c
136	---- linux-2.2.21/fs/ext2/file.c Sun Mar 25 20:30:58 2001
137	-+++ linux/fs/ext2/file.c Sat May 25 20:26:27 2002
138	-@@ -164,15 +164,15 @@
139	- int err;
140	- int i,buffercount,write_error, new_buffer;
141	- unsigned long limit;
142	--
143	-+
144	- /* POSIX: mtime/ctime may not change for 0 count */
145	- if (!count)
146	- return 0;
147	- /* This makes the bounds-checking arithmetic later on much more
148	- * sane. */
149	-- if (((signed) count) < 0)
150	-+ if (((ssize_t) count) < 0)
151	- return -EINVAL;
152	--
153	-+
154	- write_error = buffercount = 0;
155	- if (!inode) {
156	- printk("ext2_file_write: inode = NULL\n");
157	-@@ -206,15 +206,15 @@
158	- /* If the fd's pos is already greater than or equal to the file
159	- * descriptor's offset maximum, then we need to return EFBIG for
160	- * any non-zero count (and we already tested for zero above). */
161	-- if (((unsigned) pos) >= 0x7FFFFFFFUL)
162	-+ if (((unsigned long) pos) >= 0x7FFFFFFFUL)
163	- return -EFBIG;
164	-
165	- /* If we are about to overflow the maximum file size, we also
166	- * need to return the error, but only if no bytes can be written
167	- * successfully. */
168	-- if (((unsigned) pos + count) > 0x7FFFFFFFUL) {
169	-+ if (((unsigned long) pos + count) > 0x7FFFFFFFUL) {
170	- count = 0x7FFFFFFFL - pos;
171	-- if (((signed) count) < 0)
172	-+ if (((ssize_t) count) < 0)
173	- return -EFBIG;
174	- }
175	- #else
176	-@@ -246,9 +246,9 @@
177	-
178	- limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
179	- if (limit < RLIM_INFINITY) {
180	-- if (((unsigned) pos+count) >= limit) {
181	-+ if (((unsigned long) pos + count) >= limit) {
182	- count = limit - pos;
183	-- if (((signed) count) <= 0) {
184	-+ if (((ssize_t) count) <= 0) {
185	- send_sig(SIGXFSZ, current, 0);
186	- return -EFBIG;
187	- }
188	diff -urPX nopatch linux-2.2.21/fs/namei.c linux/fs/namei.c
189	--- linux-2.2.21/fs/namei.c Fri Nov 2 19:39:08 2001
190	+++ linux/fs/namei.c Sat May 25 20:26:27 2002
191	@@ -1717,25 +1558,6 @@
192	}
193	if (ino & PROC_PID_FD_DIR) {
194	struct file * file;
195	-diff -urPX nopatch linux-2.2.21/fs/proc/proc_tty.c linux/fs/proc/proc_tty.c
196	---- linux-2.2.21/fs/proc/proc_tty.c Sun Mar 25 20:30:58 2001
197	-+++ linux/fs/proc/proc_tty.c Sat May 25 20:26:27 2002
198	-@@ -178,7 +178,14 @@
199	- if (!ent)
200	- return;
201	- proc_tty_ldisc = create_proc_entry("tty/ldisc", S_IFDIR, 0);
202	-- proc_tty_driver = create_proc_entry("tty/driver", S_IFDIR, 0);
203	-+ /*
204	-+ * /proc/tty/driver/serial reveals the exact character counts for
205	-+ * serial links which is just too easy to abuse for inferring
206	-+ * password lengths and inter-keystroke timings during password
207	-+ * entry.
208	-+ */
209	-+ proc_tty_driver = create_proc_entry("tty/driver",
210	-+ S_IFDIR \| S_IRUSR \| S_IXUSR, 0);
211	-
212	- ent = create_proc_entry("tty/ldiscs", 0, 0);
213	- ent->read_proc = tty_ldiscs_read_proc;
214	diff -urPX nopatch linux-2.2.21/fs/proc/root.c linux/fs/proc/root.c
215	--- linux-2.2.21/fs/proc/root.c Tue May 21 03:32:35 2002
216	+++ linux/fs/proc/root.c Sat May 25 20:26:27 2002
217	@@ -1954,17 +1776,6 @@
218
219	/*
220	* Ptrace flags
221	-diff -urPX nopatch linux-2.2.21/include/linux/stat.h linux/include/linux/stat.h
222	---- linux-2.2.21/include/linux/stat.h Sun Mar 25 20:31:03 2001
223	-+++ linux/include/linux/stat.h Sat May 25 20:26:53 2002
224	-@@ -52,6 +52,7 @@
225	- #define S_IRUGO (S_IRUSR\|S_IRGRP\|S_IROTH)
226	- #define S_IWUGO (S_IWUSR\|S_IWGRP\|S_IWOTH)
227	- #define S_IXUGO (S_IXUSR\|S_IXGRP\|S_IXOTH)
228	-+#define S_IRXUG (S_IRUSR\|S_IXUSR\|S_IRGRP\|S_IXGRP)
229	- #endif
230	-
231	- #endif
232	diff -urPX nopatch linux-2.2.21/ipc/shm.c linux/ipc/shm.c
233	--- linux-2.2.21/ipc/shm.c Sun Mar 25 20:37:40 2001
234	+++ linux/ipc/shm.c Sat May 25 20:26:53 2002
235	@@ -2094,120 +1905,6 @@
236	return do_syslog(type, buf, len);
237	}
238
239	-@@ -260,7 +266,7 @@
240	-
241	- spin_lock_irqsave(&console_lock, flags);
242	- va_start(args, fmt);
243	-- i = vsprintf(buf + 3, fmt, args); /* hopefully i < sizeof(buf)-4 */
244	-+ i = _vsnprintf(buf + 3, sizeof(buf) - sizeof(buf) / 8 - 3, fmt, args);
245	- buf_end = buf + 3 + i;
246	- va_end(args);
247	- for (p = buf + 3; p < buf_end; p++) {
248	-diff -urPX nopatch linux-2.2.21/kernel/sys.c linux/kernel/sys.c
249	---- linux-2.2.21/kernel/sys.c Sun Mar 25 20:37:40 2001
250	-+++ linux/kernel/sys.c Sat May 25 21:27:04 2002
251	-@@ -507,8 +507,8 @@
252	- if (euid != current->euid)
253	- current->dumpable = 0;
254	- current->euid = euid;
255	-- current->fsuid = euid;
256	- }
257	-+ current->fsuid = current->euid;
258	- if (suid != (uid_t) -1)
259	- current->suid = suid;
260	-
261	-@@ -554,8 +554,8 @@
262	- if (egid != current->egid)
263	- current->dumpable = 0;
264	- current->egid = egid;
265	-- current->fsgid = egid;
266	- }
267	-+ current->fsgid = current->egid;
268	- if (sgid != (gid_t) -1)
269	- current->sgid = sgid;
270	- return 0;
271	-diff -urPX nopatch linux-2.2.21/kernel/sysctl.c linux/kernel/sysctl.c
272	---- linux-2.2.21/kernel/sysctl.c Sun Mar 25 20:37:40 2001
273	-+++ linux/kernel/sysctl.c Sat May 25 20:26:53 2002
274	-@@ -338,8 +338,11 @@
275	- size_t old_len;
276	- if (!oldlenp)
277	- return -EFAULT;
278	-- if(get_user(old_len, oldlenp))
279	-+ if (get_user(old_len, oldlenp))
280	- return -EFAULT;
281	-+ /* XXX: insufficient for SMP, but should be redundant anyway */
282	-+ if ((ssize_t)old_len < 0)
283	-+ return -EINVAL;
284	- }
285	- tmp = &root_table_header;
286	- do {
287	-@@ -459,7 +462,8 @@
288	- * zero, proceed with automatic r/w */
289	- if (table->data && table->maxlen) {
290	- if (oldval && oldlenp) {
291	-- get_user(len, oldlenp);
292	-+ if (get_user(len, oldlenp))
293	-+ return -EFAULT;
294	- if (len) {
295	- if (len > table->maxlen)
296	- len = table->maxlen;
297	-@@ -1047,7 +1051,8 @@
298	-
299	- for (i = 0; i < length; i++) {
300	- int value;
301	-- get_user(value, vec + i);
302	-+ if (get_user(value, vec + i))
303	-+ return -EFAULT;
304	- if (min && value < min[i])
305	- return -EINVAL;
306	- if (max && value > max[i])
307	-diff -urPX nopatch linux-2.2.21/lib/vsprintf.c linux/lib/vsprintf.c
308	---- linux-2.2.21/lib/vsprintf.c Sun Mar 25 20:31:02 2001
309	-+++ linux/lib/vsprintf.c Sat May 25 20:26:53 2002
310	-@@ -142,7 +142,7 @@
311	- /* Forward decl. needed for IP address printing stuff... */
312	- int sprintf(char * buf, const char *fmt, ...);
313	-
314	--int vsprintf(char buf, const char fmt, va_list args)
315	-+int _vsnprintf(char buf, int n, const char fmt, va_list args)
316	- {
317	- int len;
318	- unsigned long num;
319	-@@ -157,7 +157,7 @@
320	- number of chars for from string */
321	- int qualifier; /* 'h', 'l', or 'L' for integer fields */
322	-
323	-- for (str=buf ; *fmt ; ++fmt) {
324	-+ for (str = buf; *fmt && (n == -1 \|\| str - buf < n); ++fmt) {
325	- if (*fmt != '%') {
326	- str++ = fmt;
327	- continue;
328	-@@ -231,6 +231,12 @@
329	-
330	- len = strnlen(s, precision);
331	-
332	-+ if (n != -1 && len >= n - (str - buf)) {
333	-+ len = n - 1 - (str - buf);
334	-+ if (len <= 0) break;
335	-+ if (len < field_width) field_width = len;
336	-+ }
337	-+
338	- if (!(flags & LEFT))
339	- while (len < field_width--)
340	- *str++ = ' ';
341	-@@ -304,6 +310,11 @@
342	- }
343	- *str = '\0';
344	- return str-buf;
345	-+}
346	-+
347	-+int vsprintf(char buf, const char fmt, va_list args)
348	-+{
349	-+ return _vsnprintf(buf, -1, fmt, args);
350	- }
351	-
352	- int sprintf(char * buf, const char *fmt, ...)
353	diff -urPX nopatch linux-2.2.21/mm/mmap.c linux/mm/mmap.c
354	--- linux-2.2.21/mm/mmap.c Sun Mar 25 20:31:02 2001
355	+++ linux/mm/mmap.c Sat May 25 20:26:53 2002
356	@@ -2254,29 +1951,6 @@
357	}
358	prev = type;
359	}
360	-diff -urPX nopatch linux-2.2.21/net/socket.c linux/net/socket.c
361	---- linux-2.2.21/net/socket.c Sun Mar 25 20:37:41 2001
362	-+++ linux/net/socket.c Sat May 25 20:26:53 2002
363	-@@ -1073,11 +1073,19 @@
364	- asmlinkage int sys_getsockopt(int fd, int level, int optname, char optval, int optlen)
365	- {
366	- int err;
367	-+ int len;
368	- struct socket *sock;
369	-
370	- lock_kernel();
371	- if ((sock = sockfd_lookup(fd, &err))!=NULL)
372	- {
373	-+ /* XXX: insufficient for SMP, but should be redundant anyway */
374	-+ if (get_user(len, optlen))
375	-+ err = -EFAULT;
376	-+ else
377	-+ if (len < 0)
378	-+ err = -EINVAL;
379	-+ else
380	- if (level == SOL_SOCKET)
381	- err=sock_getsockopt(sock,level,optname,optval,optlen);
382	- else
383	diff -urPX nopatch linux-2.2.21/security/Common.in linux/security/Common.in
384	--- linux-2.2.21/security/Common.in Thu Jan 1 03:00:00 1970
385	+++ linux/security/Common.in Sat May 25 20:26:53 2002