summaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch)147
2 files changed, 147 insertions, 6 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 6af7a98cf..e861009c7 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.24
_kernver=2.6.32
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.2.0-2.6.32.24-201010021153.patch
+ grsecurity-2.2.0-2.6.32.24-201010121028.patch
0001-grsec-revert-conflicting-flow-cache-changes.patch
0002-gre-fix-hard-header-destination-address-checking.patch
0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -150,7 +150,7 @@ firmware() {
md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
e3346e3b4b92f048b8ecded829f45cdf patch-2.6.32.24.bz2
-18b64a2ec06196468d2df1a84fe51354 grsecurity-2.2.0-2.6.32.24-201010021153.patch
+09ea9b3a8d3f3df001d306ef56e26068 grsecurity-2.2.0-2.6.32.24-201010121028.patch
1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
index 16dfdbec1..52451a14f 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
@@ -26286,6 +26286,43 @@ diff -urNp linux-2.6.32.24/drivers/isdn/icn/icn.c linux-2.6.32.24/drivers/isdn/i
return -EFAULT;
} else
memcpy(msg, buf, count);
+diff -urNp linux-2.6.32.24/drivers/isdn/sc/interrupt.c linux-2.6.32.24/drivers/isdn/sc/interrupt.c
+--- linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-10-10 15:57:56.000000000 -0400
+@@ -112,11 +112,19 @@ irqreturn_t interrupt_handler(int dummy,
+ }
+ else if(callid>=0x0000 && callid<=0x7FFF)
+ {
++ int len;
++
+ pr_debug("%s: Got Incoming Call\n",
+ sc_adapter[card]->devicename);
+- strcpy(setup.phone,&(rcvmsg.msg_data.byte_array[4]));
+- strcpy(setup.eazmsn,
+- sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn);
++ len = strlcpy(setup.phone, &(rcvmsg.msg_data.byte_array[4]),
++ sizeof(setup.phone));
++ if (len >= sizeof(setup.phone))
++ continue;
++ len = strlcpy(setup.eazmsn,
++ sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
++ sizeof(setup.eazmsn));
++ if (len >= sizeof(setup.eazmsn))
++ continue;
+ setup.si1 = 7;
+ setup.si2 = 0;
+ setup.plan = 0;
+@@ -176,7 +184,9 @@ irqreturn_t interrupt_handler(int dummy,
+ * Handle a GetMyNumber Rsp
+ */
+ if (IS_CE_MESSAGE(rcvmsg,Call,0,GetMyNumber)){
+- strcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn,rcvmsg.msg_data.byte_array);
++ strlcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
++ rcvmsg.msg_data.byte_array,
++ sizeof(rcvmsg.msg_data.byte_array));
+ continue;
+ }
+
diff -urNp linux-2.6.32.24/drivers/lguest/core.c linux-2.6.32.24/drivers/lguest/core.c
--- linux-2.6.32.24/drivers/lguest/core.c 2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/drivers/lguest/core.c 2010-09-04 15:54:52.000000000 -0400
@@ -49288,6 +49325,58 @@ diff -urNp linux-2.6.32.24/init/noinitramfs.c linux-2.6.32.24/init/noinitramfs.c
if (err < 0)
goto out;
+diff -urNp linux-2.6.32.24/ipc/compat.c linux-2.6.32.24/ipc/compat.c
+--- linux-2.6.32.24/ipc/compat.c 2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/ipc/compat.c 2010-10-10 16:05:38.000000000 -0400
+@@ -242,6 +242,8 @@ long compat_sys_semctl(int first, int se
+ struct semid64_ds __user *up64;
+ int version = compat_ipc_parse_version(&third);
+
++ memset(&s64, 0, sizeof(s64));
++
+ if (!uptr)
+ return -EINVAL;
+ if (get_user(pad, (u32 __user *) uptr))
+@@ -422,6 +424,8 @@ long compat_sys_msgctl(int first, int se
+ int version = compat_ipc_parse_version(&second);
+ void __user *p;
+
++ memset(&m64, 0, sizeof(m64));
++
+ switch (second & (~IPC_64)) {
+ case IPC_INFO:
+ case IPC_RMID:
+@@ -595,6 +599,8 @@ long compat_sys_shmctl(int first, int se
+ int err, err2;
+ int version = compat_ipc_parse_version(&second);
+
++ memset(&s64, 0, sizeof(s64));
++
+ switch (second & (~IPC_64)) {
+ case IPC_RMID:
+ case SHM_LOCK:
+diff -urNp linux-2.6.32.24/ipc/compat_mq.c linux-2.6.32.24/ipc/compat_mq.c
+--- linux-2.6.32.24/ipc/compat_mq.c 2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/ipc/compat_mq.c 2010-10-10 16:06:07.000000000 -0400
+@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const
+ void __user *p = NULL;
+ if (u_attr && oflag & O_CREAT) {
+ struct mq_attr attr;
++
++ memset(&attr, 0, sizeof(attr));
++
+ p = compat_alloc_user_space(sizeof(attr));
+ if (get_compat_mq_attr(&attr, u_attr) ||
+ copy_to_user(p, &attr, sizeof(attr)))
+@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr
+ struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p));
+ long ret;
+
++ memset(&mqstat, 0, sizeof(mqstat));
++
+ if (u_mqstat) {
+ if (get_compat_mq_attr(&mqstat, u_mqstat) ||
+ copy_to_user(p, &mqstat, sizeof(mqstat)))
diff -urNp linux-2.6.32.24/ipc/ipc_sysctl.c linux-2.6.32.24/ipc/ipc_sysctl.c
--- linux-2.6.32.24/ipc/ipc_sysctl.c 2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/ipc/ipc_sysctl.c 2010-09-04 15:54:52.000000000 -0400
@@ -49334,7 +49423,7 @@ diff -urNp linux-2.6.32.24/ipc/sem.c linux-2.6.32.24/ipc/sem.c
out.sem_otime = in->sem_otime;
diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
--- linux-2.6.32.24/ipc/shm.c 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/ipc/shm.c 2010-09-04 15:54:52.000000000 -0400
++++ linux-2.6.32.24/ipc/shm.c 2010-10-10 16:04:50.000000000 -0400
@@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name
static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
#endif
@@ -49365,7 +49454,16 @@ diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
shp->shm_segsz = size;
shp->shm_nattch = 0;
shp->shm_file = file;
-@@ -879,9 +895,21 @@ long do_shmat(int shmid, char __user *sh
+@@ -474,6 +490,8 @@ static inline unsigned long copy_shmid_t
+ {
+ struct shmid_ds out;
+
++ memset(&out, 0, sizeof(out));
++
+ ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
+ out.shm_segsz = in->shm_segsz;
+ out.shm_atime = in->shm_atime;
+@@ -879,9 +897,21 @@ long do_shmat(int shmid, char __user *sh
if (err)
goto out_unlock;
@@ -51338,7 +51436,7 @@ diff -urNp linux-2.6.32.24/kernel/sys.c linux-2.6.32.24/kernel/sys.c
}
diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
--- linux-2.6.32.24/kernel/sysctl.c 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/kernel/sysctl.c 2010-09-17 18:34:04.000000000 -0400
++++ linux-2.6.32.24/kernel/sysctl.c 2010-10-10 15:59:01.000000000 -0400
@@ -63,6 +63,13 @@
static int deprecated_sysctl_warning(struct __sysctl_args *args);
@@ -51474,6 +51572,15 @@ diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
if (error)
return error;
+@@ -2609,7 +2686,7 @@ static int __do_proc_doulongvec_minmax(v
+ vleft = table->maxlen / sizeof(unsigned long);
+ left = *lenp;
+
+- for (; left && vleft--; i++, min++, max++, first=0) {
++ for (; left && vleft--; i++, first=0) {
+ if (write) {
+ while (left) {
+ char c;
diff -urNp linux-2.6.32.24/kernel/taskstats.c linux-2.6.32.24/kernel/taskstats.c
--- linux-2.6.32.24/kernel/taskstats.c 2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/kernel/taskstats.c 2010-09-04 15:54:52.000000000 -0400
@@ -55656,6 +55763,18 @@ diff -urNp linux-2.6.32.24/net/core/dev.c linux-2.6.32.24/net/core/dev.c
{
struct list_head *list = &__get_cpu_var(softnet_data).poll_list;
unsigned long time_limit = jiffies + 2;
+diff -urNp linux-2.6.32.24/net/core/ethtool.c linux-2.6.32.24/net/core/ethtool.c
+--- linux-2.6.32.24/net/core/ethtool.c 2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/net/core/ethtool.c 2010-10-10 15:55:54.000000000 -0400
+@@ -265,7 +265,7 @@ static int ethtool_get_rxnfc(struct net_
+ if (info.cmd == ETHTOOL_GRXCLSRLALL) {
+ if (info.rule_cnt > 0) {
+ if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32))
+- rule_buf = kmalloc(info.rule_cnt * sizeof(u32),
++ rule_buf = kzalloc(info.rule_cnt * sizeof(u32),
+ GFP_USER);
+ if (!rule_buf)
+ return -ENOMEM;
diff -urNp linux-2.6.32.24/net/core/flow.c linux-2.6.32.24/net/core/flow.c
--- linux-2.6.32.24/net/core/flow.c 2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/net/core/flow.c 2010-09-04 15:54:52.000000000 -0400
@@ -57934,6 +58053,28 @@ diff -urNp linux-2.6.32.24/sound/aoa/codecs/onyx.c linux-2.6.32.24/sound/aoa/cod
onyx->spdif_locked = onyx->analog_locked = 0;
mutex_unlock(&onyx->mutex);
+diff -urNp linux-2.6.32.24/sound/core/control.c linux-2.6.32.24/sound/core/control.c
+--- linux-2.6.32.24/sound/core/control.c 2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/sound/core/control.c 2010-10-12 10:26:46.000000000 -0400
+@@ -31,6 +31,7 @@
+
+ /* max number of user-defined controls */
+ #define MAX_USER_CONTROLS 32
++#define MAX_CONTROL_COUNT 1028
+
+ struct snd_kctl_ioctl {
+ struct list_head list; /* list of all ioctls */
+@@ -190,6 +191,10 @@ static struct snd_kcontrol *snd_ctl_new(
+
+ if (snd_BUG_ON(!control || !control->count))
+ return NULL;
++
++ if (control->count > MAX_CONTROL_COUNT)
++ return NULL;
++
+ kctl = kzalloc(sizeof(*kctl) + sizeof(struct snd_kcontrol_volatile) * control->count, GFP_KERNEL);
+ if (kctl == NULL) {
+ snd_printk(KERN_ERR "Cannot allocate control instance\n");
diff -urNp linux-2.6.32.24/sound/core/oss/pcm_oss.c linux-2.6.32.24/sound/core/oss/pcm_oss.c
--- linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-09-04 15:54:52.000000000 -0400