diff -u --recursive --new-file v2.0.37/linux/Makefile linux/Makefile
--- v2.0.37/linux/Makefile	Sun Jun 13 10:20:59 1999
+++ linux/Makefile	Wed Aug 25 15:08:27 1999
@@ -1,6 +1,6 @@
 VERSION = 2
 PATCHLEVEL = 0
-SUBLEVEL = 37
+SUBLEVEL = 38
 
 ARCH := $(shell uname -m | sed -e s/i.86/i386/ -e s/sun4u/sparc64/ -e s/arm.*/arm/ -e s/sa110/arm/)
 
diff -u --recursive --new-file v2.0.37/linux/arch/i386/config.in linux/arch/i386/config.in
--- v2.0.37/linux/arch/i386/config.in	Sun Jun 13 10:20:59 1999
+++ linux/arch/i386/config.in	Wed Aug 25 15:08:27 1999
@@ -28,7 +28,7 @@
 	 Custom		CONFIG_MEM_SPECIAL" Standard
 
 if [ "$CONFIG_MEM_SPECIAL" = "y" ]; then
-	int ' Max physical memory in MB' CONFIG_MAX_MEMSIZE 1024
+	int ' Max physical memory in MB (must be a multiple of 4)' CONFIG_MAX_MEMSIZE 1024
 fi
 if [ "$CONFIG_MEM_ENT" = "y" ]; then
 	define_int CONFIG_MAX_MEMSIZE 2048
diff -u --recursive --new-file v2.0.37/linux/arch/i386/kernel/head.S linux/arch/i386/kernel/head.S
--- v2.0.37/linux/arch/i386/kernel/head.S	Sun Jun 13 10:21:00 1999
+++ linux/arch/i386/kernel/head.S	Wed Aug 25 15:08:27 1999
@@ -491,7 +491,7 @@
 
 #define lower_seg(type,dpl,base,limit) \
         (((base) & 0x0000ffff)<<16) | \
-        ((limit) & 0x0ffff)
+        (((limit)>>12) & 0x0ffff)
 
 #define x86_seg(type,dpl,base,limit) \
 	.long lower_seg(type,dpl,base,limit); \
diff -u --recursive --new-file v2.0.37/linux/include/asm-i386/pgtable.h linux/include/asm-i386/pgtable.h
--- v2.0.37/linux/include/asm-i386/pgtable.h	Sun Jun 13 10:21:03 1999
+++ linux/include/asm-i386/pgtable.h	Wed Aug 25 15:08:27 1999
@@ -210,6 +210,10 @@
  * pgd entries used up by user/kernel:
  */
 
+#if CONFIG_MAX_MEMSIZE & 3
+#error Invalid max physical memory size requested
+#endif
+
 #define USER_PGD_PTRS ((unsigned long)__PAGE_OFFSET >> PGDIR_SHIFT)
 #define KERNEL_PGD_PTRS (PTRS_PER_PGD-USER_PGD_PTRS)
 #define __USER_PGD_PTRS (__PAGE_OFFSET >> PGDIR_SHIFT)
diff -u --recursive --new-file v2.0.37/linux/net/ipv4/tcp.c linux/net/ipv4/tcp.c
--- v2.0.37/linux/net/ipv4/tcp.c	Sun Nov 15 10:33:21 1998
+++ linux/net/ipv4/tcp.c	Wed Aug 25 15:08:27 1999
@@ -1236,7 +1236,7 @@
 					 *	this frame.
 					 */
 					 
-					if (copy <= 0)
+					if (tcp_size >= sk->mss)
 					{
 						/*
 						 *	Send the now forced complete frame out. 
diff -u --recursive --new-file v2.0.37/linux/net/ipv4/tcp_input.c linux/net/ipv4/tcp_input.c
--- v2.0.37/linux/net/ipv4/tcp_input.c	Sun Nov 15 10:33:22 1998
+++ linux/net/ipv4/tcp_input.c	Wed Aug 25 15:08:27 1999
@@ -1759,7 +1759,14 @@
 		if(sk->ip_xmit_timeout==TIME_KEEPOPEN)
 			tcp_reset_xmit_timer(sk, TIME_KEEPOPEN, TCP_TIMEOUT_LEN);
 	}
-	return 1;
+
+	/*
+	 * A zero return from tcp_ack(), while in SYN_RECV, means that the
+	 * handshake has failed, and an RST packet should be generated. We
+	 * really have to generate an RST here, or a blind spoofing attack
+	 * would be possible.
+	 */
+	return sk->state != TCP_SYN_RECV;
 }
 
 
@@ -2297,6 +2304,7 @@
 	struct tcphdr *th;
 	struct sock *sk;
 	__u32 seq;
+	int was_ack;
 #ifdef CONFIG_IP_TRANSPARENT_PROXY
 	int r;
 #endif
@@ -2308,6 +2316,7 @@
 	 * etc).
 	 */
 	th = skb->h.th;
+	was_ack = th->ack; /* Remember for later when we've freed the skb */
 	sk = skb->sk;
 #ifdef CONFIG_RST_COOKIES
 	if (th->rst && secure_tcp_probe_number(saddr,daddr,ntohs(th->source),ntohs(th->dest),ntohl(th->seq),1)) {
@@ -2789,7 +2798,7 @@
 	 *	If we had a partial packet being help up due to
 	 *	application of Nagle's rule we are now free to send it.
 	 */
-	if (th->ack
+	if (was_ack
 	    && sk->packets_out == 0
 	    && sk->partial != NULL
 	    && skb_queue_empty(&sk->write_queue)