diff options
Diffstat (limited to 'main/linux-grsec')
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch) | 147 |
2 files changed, 147 insertions, 6 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 6af7a98cf..e861009c7 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.32.24 _kernver=2.6.32 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.2.0-2.6.32.24-201010021153.patch + grsecurity-2.2.0-2.6.32.24-201010121028.patch 0001-grsec-revert-conflicting-flow-cache-changes.patch 0002-gre-fix-hard-header-destination-address-checking.patch 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch @@ -150,7 +150,7 @@ firmware() { md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 e3346e3b4b92f048b8ecded829f45cdf patch-2.6.32.24.bz2 -18b64a2ec06196468d2df1a84fe51354 grsecurity-2.2.0-2.6.32.24-201010021153.patch +09ea9b3a8d3f3df001d306ef56e26068 grsecurity-2.2.0-2.6.32.24-201010121028.patch 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch index 16dfdbec1..52451a14f 100644 --- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch +++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch @@ -26286,6 +26286,43 @@ diff -urNp linux-2.6.32.24/drivers/isdn/icn/icn.c linux-2.6.32.24/drivers/isdn/i return -EFAULT; } else memcpy(msg, buf, count); +diff -urNp linux-2.6.32.24/drivers/isdn/sc/interrupt.c linux-2.6.32.24/drivers/isdn/sc/interrupt.c +--- linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-10-10 15:57:56.000000000 -0400 +@@ -112,11 +112,19 @@ irqreturn_t interrupt_handler(int dummy, + } + else if(callid>=0x0000 && callid<=0x7FFF) + { ++ int len; ++ + pr_debug("%s: Got Incoming Call\n", + sc_adapter[card]->devicename); +- strcpy(setup.phone,&(rcvmsg.msg_data.byte_array[4])); +- strcpy(setup.eazmsn, +- sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn); ++ len = strlcpy(setup.phone, &(rcvmsg.msg_data.byte_array[4]), ++ sizeof(setup.phone)); ++ if (len >= sizeof(setup.phone)) ++ continue; ++ len = strlcpy(setup.eazmsn, ++ sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn, ++ sizeof(setup.eazmsn)); ++ if (len >= sizeof(setup.eazmsn)) ++ continue; + setup.si1 = 7; + setup.si2 = 0; + setup.plan = 0; +@@ -176,7 +184,9 @@ irqreturn_t interrupt_handler(int dummy, + * Handle a GetMyNumber Rsp + */ + if (IS_CE_MESSAGE(rcvmsg,Call,0,GetMyNumber)){ +- strcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn,rcvmsg.msg_data.byte_array); ++ strlcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn, ++ rcvmsg.msg_data.byte_array, ++ sizeof(rcvmsg.msg_data.byte_array)); + continue; + } + diff -urNp linux-2.6.32.24/drivers/lguest/core.c linux-2.6.32.24/drivers/lguest/core.c --- linux-2.6.32.24/drivers/lguest/core.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.24/drivers/lguest/core.c 2010-09-04 15:54:52.000000000 -0400 @@ -49288,6 +49325,58 @@ diff -urNp linux-2.6.32.24/init/noinitramfs.c linux-2.6.32.24/init/noinitramfs.c if (err < 0) goto out; +diff -urNp linux-2.6.32.24/ipc/compat.c linux-2.6.32.24/ipc/compat.c +--- linux-2.6.32.24/ipc/compat.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.24/ipc/compat.c 2010-10-10 16:05:38.000000000 -0400 +@@ -242,6 +242,8 @@ long compat_sys_semctl(int first, int se + struct semid64_ds __user *up64; + int version = compat_ipc_parse_version(&third); + ++ memset(&s64, 0, sizeof(s64)); ++ + if (!uptr) + return -EINVAL; + if (get_user(pad, (u32 __user *) uptr)) +@@ -422,6 +424,8 @@ long compat_sys_msgctl(int first, int se + int version = compat_ipc_parse_version(&second); + void __user *p; + ++ memset(&m64, 0, sizeof(m64)); ++ + switch (second & (~IPC_64)) { + case IPC_INFO: + case IPC_RMID: +@@ -595,6 +599,8 @@ long compat_sys_shmctl(int first, int se + int err, err2; + int version = compat_ipc_parse_version(&second); + ++ memset(&s64, 0, sizeof(s64)); ++ + switch (second & (~IPC_64)) { + case IPC_RMID: + case SHM_LOCK: +diff -urNp linux-2.6.32.24/ipc/compat_mq.c linux-2.6.32.24/ipc/compat_mq.c +--- linux-2.6.32.24/ipc/compat_mq.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.24/ipc/compat_mq.c 2010-10-10 16:06:07.000000000 -0400 +@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const + void __user *p = NULL; + if (u_attr && oflag & O_CREAT) { + struct mq_attr attr; ++ ++ memset(&attr, 0, sizeof(attr)); ++ + p = compat_alloc_user_space(sizeof(attr)); + if (get_compat_mq_attr(&attr, u_attr) || + copy_to_user(p, &attr, sizeof(attr))) +@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr + struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p)); + long ret; + ++ memset(&mqstat, 0, sizeof(mqstat)); ++ + if (u_mqstat) { + if (get_compat_mq_attr(&mqstat, u_mqstat) || + copy_to_user(p, &mqstat, sizeof(mqstat))) diff -urNp linux-2.6.32.24/ipc/ipc_sysctl.c linux-2.6.32.24/ipc/ipc_sysctl.c --- linux-2.6.32.24/ipc/ipc_sysctl.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.24/ipc/ipc_sysctl.c 2010-09-04 15:54:52.000000000 -0400 @@ -49334,7 +49423,7 @@ diff -urNp linux-2.6.32.24/ipc/sem.c linux-2.6.32.24/ipc/sem.c out.sem_otime = in->sem_otime; diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c --- linux-2.6.32.24/ipc/shm.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.24/ipc/shm.c 2010-09-04 15:54:52.000000000 -0400 ++++ linux-2.6.32.24/ipc/shm.c 2010-10-10 16:04:50.000000000 -0400 @@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name static int sysvipc_shm_proc_show(struct seq_file *s, void *it); #endif @@ -49365,7 +49454,16 @@ diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -879,9 +895,21 @@ long do_shmat(int shmid, char __user *sh +@@ -474,6 +490,8 @@ static inline unsigned long copy_shmid_t + { + struct shmid_ds out; + ++ memset(&out, 0, sizeof(out)); ++ + ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm); + out.shm_segsz = in->shm_segsz; + out.shm_atime = in->shm_atime; +@@ -879,9 +897,21 @@ long do_shmat(int shmid, char __user *sh if (err) goto out_unlock; @@ -51338,7 +51436,7 @@ diff -urNp linux-2.6.32.24/kernel/sys.c linux-2.6.32.24/kernel/sys.c } diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c --- linux-2.6.32.24/kernel/sysctl.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.24/kernel/sysctl.c 2010-09-17 18:34:04.000000000 -0400 ++++ linux-2.6.32.24/kernel/sysctl.c 2010-10-10 15:59:01.000000000 -0400 @@ -63,6 +63,13 @@ static int deprecated_sysctl_warning(struct __sysctl_args *args); @@ -51474,6 +51572,15 @@ diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC)); if (error) return error; +@@ -2609,7 +2686,7 @@ static int __do_proc_doulongvec_minmax(v + vleft = table->maxlen / sizeof(unsigned long); + left = *lenp; + +- for (; left && vleft--; i++, min++, max++, first=0) { ++ for (; left && vleft--; i++, first=0) { + if (write) { + while (left) { + char c; diff -urNp linux-2.6.32.24/kernel/taskstats.c linux-2.6.32.24/kernel/taskstats.c --- linux-2.6.32.24/kernel/taskstats.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.24/kernel/taskstats.c 2010-09-04 15:54:52.000000000 -0400 @@ -55656,6 +55763,18 @@ diff -urNp linux-2.6.32.24/net/core/dev.c linux-2.6.32.24/net/core/dev.c { struct list_head *list = &__get_cpu_var(softnet_data).poll_list; unsigned long time_limit = jiffies + 2; +diff -urNp linux-2.6.32.24/net/core/ethtool.c linux-2.6.32.24/net/core/ethtool.c +--- linux-2.6.32.24/net/core/ethtool.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.24/net/core/ethtool.c 2010-10-10 15:55:54.000000000 -0400 +@@ -265,7 +265,7 @@ static int ethtool_get_rxnfc(struct net_ + if (info.cmd == ETHTOOL_GRXCLSRLALL) { + if (info.rule_cnt > 0) { + if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32)) +- rule_buf = kmalloc(info.rule_cnt * sizeof(u32), ++ rule_buf = kzalloc(info.rule_cnt * sizeof(u32), + GFP_USER); + if (!rule_buf) + return -ENOMEM; diff -urNp linux-2.6.32.24/net/core/flow.c linux-2.6.32.24/net/core/flow.c --- linux-2.6.32.24/net/core/flow.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.24/net/core/flow.c 2010-09-04 15:54:52.000000000 -0400 @@ -57934,6 +58053,28 @@ diff -urNp linux-2.6.32.24/sound/aoa/codecs/onyx.c linux-2.6.32.24/sound/aoa/cod onyx->spdif_locked = onyx->analog_locked = 0; mutex_unlock(&onyx->mutex); +diff -urNp linux-2.6.32.24/sound/core/control.c linux-2.6.32.24/sound/core/control.c +--- linux-2.6.32.24/sound/core/control.c 2010-08-13 16:24:37.000000000 -0400 ++++ linux-2.6.32.24/sound/core/control.c 2010-10-12 10:26:46.000000000 -0400 +@@ -31,6 +31,7 @@ + + /* max number of user-defined controls */ + #define MAX_USER_CONTROLS 32 ++#define MAX_CONTROL_COUNT 1028 + + struct snd_kctl_ioctl { + struct list_head list; /* list of all ioctls */ +@@ -190,6 +191,10 @@ static struct snd_kcontrol *snd_ctl_new( + + if (snd_BUG_ON(!control || !control->count)) + return NULL; ++ ++ if (control->count > MAX_CONTROL_COUNT) ++ return NULL; ++ + kctl = kzalloc(sizeof(*kctl) + sizeof(struct snd_kcontrol_volatile) * control->count, GFP_KERNEL); + if (kctl == NULL) { + snd_printk(KERN_ERR "Cannot allocate control instance\n"); diff -urNp linux-2.6.32.24/sound/core/oss/pcm_oss.c linux-2.6.32.24/sound/core/oss/pcm_oss.c --- linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-09-04 15:54:52.000000000 -0400 |