main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.32.24-201010121028

(cherry picked from commit 90b7d529aeac4b6f4c3792772baa6cc4e5e69f7a)
author: Natanael Copa <ncopa@alpinelinux.org> 2010-10-18 13:31:31 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2010-10-18 14:20:48 +0000
commit: ad7605847f191d5ca185291d29e6d50d916e9d64 (patch)
tree: b75920dc76c08c0d7433a68119b71220e0249899
parent: 45b641394157610188e606bfdc08f2a202313292 (diff)
download: alpine_aports-ad7605847f191d5ca185291d29e6d50d916e9d64.tar.bz2
alpine_aports-ad7605847f191d5ca185291d29e6d50d916e9d64.tar.xz
alpine_aports-ad7605847f191d5ca185291d29e6d50d916e9d64.zip
2 files changed, 147 insertions, 6 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 6af7a98cf1..e861009c74 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.24
 _kernver=2.6.32
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
        ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
-        grsecurity-2.2.0-2.6.32.24-201010021153.patch
+        grsecurity-2.2.0-2.6.32.24-201010121028.patch
        0001-grsec-revert-conflicting-flow-cache-changes.patch
        0002-gre-fix-hard-header-destination-address-checking.patch
        0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -150,7 +150,7 @@ firmware() {
 md5sums="260551284ac224c3a43c4adac7df4879  linux-2.6.32.tar.bz2
 e3346e3b4b92f048b8ecded829f45cdf  patch-2.6.32.24.bz2
-18b64a2ec06196468d2df1a84fe51354  grsecurity-2.2.0-2.6.32.24-201010021153.patch
+09ea9b3a8d3f3df001d306ef56e26068  grsecurity-2.2.0-2.6.32.24-201010121028.patch
 1d247140abec49b96250aec9aa59b324  0001-grsec-revert-conflicting-flow-cache-changes.patch
 437317f88ec13ace8d39c31983a41696  0002-gre-fix-hard-header-destination-address-checking.patch
 151b29a161178ed39d62a08f21f3484d  0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
index 16dfdbec13..52451a14f3 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
@@ -26286,6 +26286,43 @@ diff -urNp linux-2.6.32.24/drivers/isdn/icn/icn.c linux-2.6.32.24/drivers/isdn/i
                                return -EFAULT;
                } else
                        memcpy(msg, buf, count);
+diff -urNp linux-2.6.32.24/drivers/isdn/sc/interrupt.c linux-2.6.32.24/drivers/isdn/sc/interrupt.c
+--- linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-10-10 15:57:56.000000000 -0400
+@@ -112,11 +112,19 @@ irqreturn_t interrupt_handler(int dummy,
+                        }
+                        else if(callid>=0x0000 && callid<=0x7FFF)
+                        {
+                               int len;
+
+                                pr_debug("%s: Got Incoming Call\n",
+                                                sc_adapter[card]->devicename);
+-                               strcpy(setup.phone,&(rcvmsg.msg_data.byte_array[4]));
+-                               strcpy(setup.eazmsn,
+-                                       sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn);
+                               len = strlcpy(setup.phone, &(rcvmsg.msg_data.byte_array[4]),
+                                               sizeof(setup.phone));
+                               if (len >= sizeof(setup.phone))
+                                       continue;
+                               len = strlcpy(setup.eazmsn,
+                                               sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
+                                               sizeof(setup.eazmsn));
+                               if (len >= sizeof(setup.eazmsn))
+                                       continue;
+                                setup.si1 = 7;
+                                setup.si2 = 0;
+                                setup.plan = 0;
+@@ -176,7 +184,9 @@ irqreturn_t interrupt_handler(int dummy,
+                 * Handle a GetMyNumber Rsp
+                 */
+                if (IS_CE_MESSAGE(rcvmsg,Call,0,GetMyNumber)){
+-                       strcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn,rcvmsg.msg_data.byte_array);
+                       strlcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
+                               rcvmsg.msg_data.byte_array,
+                               sizeof(rcvmsg.msg_data.byte_array));
+                        continue;
+                }
+                        
 diff -urNp linux-2.6.32.24/drivers/lguest/core.c linux-2.6.32.24/drivers/lguest/core.c
 --- linux-2.6.32.24/drivers/lguest/core.c       2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/drivers/lguest/core.c       2010-09-04 15:54:52.000000000 -0400
@@ -49288,6 +49325,58 @@ diff -urNp linux-2.6.32.24/init/noinitramfs.c linux-2.6.32.24/init/noinitramfs.c
        if (err < 0)
                goto out;
 
+diff -urNp linux-2.6.32.24/ipc/compat.c linux-2.6.32.24/ipc/compat.c
+--- linux-2.6.32.24/ipc/compat.c        2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/ipc/compat.c        2010-10-10 16:05:38.000000000 -0400
+@@ -242,6 +242,8 @@ long compat_sys_semctl(int first, int se
+        struct semid64_ds __user *up64;
+        int version = compat_ipc_parse_version(&third);
+ 
+       memset(&s64, 0, sizeof(s64));
+
+        if (!uptr)
+                return -EINVAL;
+        if (get_user(pad, (u32 __user *) uptr))
+@@ -422,6 +424,8 @@ long compat_sys_msgctl(int first, int se
+        int version = compat_ipc_parse_version(&second);
+        void __user *p;
+ 
+       memset(&m64, 0, sizeof(m64));
+
+        switch (second & (~IPC_64)) {
+        case IPC_INFO:
+        case IPC_RMID:
+@@ -595,6 +599,8 @@ long compat_sys_shmctl(int first, int se
+        int err, err2;
+        int version = compat_ipc_parse_version(&second);
+ 
+       memset(&s64, 0, sizeof(s64));
+
+        switch (second & (~IPC_64)) {
+        case IPC_RMID:
+        case SHM_LOCK:
+diff -urNp linux-2.6.32.24/ipc/compat_mq.c linux-2.6.32.24/ipc/compat_mq.c
+--- linux-2.6.32.24/ipc/compat_mq.c     2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/ipc/compat_mq.c     2010-10-10 16:06:07.000000000 -0400
+@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const
+        void __user *p = NULL;
+        if (u_attr && oflag & O_CREAT) {
+                struct mq_attr attr;
+
+               memset(&attr, 0, sizeof(attr));
+
+                p = compat_alloc_user_space(sizeof(attr));
+                if (get_compat_mq_attr(&attr, u_attr) ||
+                    copy_to_user(p, &attr, sizeof(attr)))
+@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr
+        struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p));
+        long ret;
+ 
+       memset(&mqstat, 0, sizeof(mqstat));
+
+        if (u_mqstat) {
+                if (get_compat_mq_attr(&mqstat, u_mqstat) ||
+                    copy_to_user(p, &mqstat, sizeof(mqstat)))
 diff -urNp linux-2.6.32.24/ipc/ipc_sysctl.c linux-2.6.32.24/ipc/ipc_sysctl.c
 --- linux-2.6.32.24/ipc/ipc_sysctl.c    2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/ipc/ipc_sysctl.c    2010-09-04 15:54:52.000000000 -0400
@@ -49334,7 +49423,7 @@ diff -urNp linux-2.6.32.24/ipc/sem.c linux-2.6.32.24/ipc/sem.c
                out.sem_otime   = in->sem_otime;
 diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
 --- linux-2.6.32.24/ipc/shm.c   2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/ipc/shm.c   2010-09-04 15:54:52.000000000 -0400
+++ linux-2.6.32.24/ipc/shm.c   2010-10-10 16:04:50.000000000 -0400
 @@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name
 static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
 #endif
@@ -49365,7 +49454,16 @@ diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
        shp->shm_segsz = size;
        shp->shm_nattch = 0;
        shp->shm_file = file;
-@@ -879,9 +895,21 @@ long do_shmat(int shmid, char __user *sh
+@@ -474,6 +490,8 @@ static inline unsigned long copy_shmid_t
+            {
+                struct shmid_ds out;
+ 
+               memset(&out, 0, sizeof(out));
+
+                ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
+                out.shm_segsz   = in->shm_segsz;
+                out.shm_atime   = in->shm_atime;
+@@ -879,9 +897,21 @@ long do_shmat(int shmid, char __user *sh
        if (err)
                goto out_unlock;
 
@@ -51338,7 +51436,7 @@ diff -urNp linux-2.6.32.24/kernel/sys.c linux-2.6.32.24/kernel/sys.c
                        }
 diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
 --- linux-2.6.32.24/kernel/sysctl.c     2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/kernel/sysctl.c     2010-09-17 18:34:04.000000000 -0400
+++ linux-2.6.32.24/kernel/sysctl.c     2010-10-10 15:59:01.000000000 -0400
 @@ -63,6 +63,13 @@
 static int deprecated_sysctl_warning(struct __sysctl_args *args);
 
@@ -51474,6 +51572,15 @@ diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
        error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
        if (error)
                return error;
+@@ -2609,7 +2686,7 @@ static int __do_proc_doulongvec_minmax(v
+        vleft = table->maxlen / sizeof(unsigned long);
+        left = *lenp;
+        
+-       for (; left && vleft--; i++, min++, max++, first=0) {
+       for (; left && vleft--; i++, first=0) {
+                if (write) {
+                        while (left) {
+                                char c;
 diff -urNp linux-2.6.32.24/kernel/taskstats.c linux-2.6.32.24/kernel/taskstats.c
 --- linux-2.6.32.24/kernel/taskstats.c  2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/kernel/taskstats.c  2010-09-04 15:54:52.000000000 -0400
@@ -55656,6 +55763,18 @@ diff -urNp linux-2.6.32.24/net/core/dev.c linux-2.6.32.24/net/core/dev.c
 {
        struct list_head *list = &__get_cpu_var(softnet_data).poll_list;
        unsigned long time_limit = jiffies + 2;
+diff -urNp linux-2.6.32.24/net/core/ethtool.c linux-2.6.32.24/net/core/ethtool.c
+--- linux-2.6.32.24/net/core/ethtool.c  2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/net/core/ethtool.c  2010-10-10 15:55:54.000000000 -0400
+@@ -265,7 +265,7 @@ static int ethtool_get_rxnfc(struct net_
+        if (info.cmd == ETHTOOL_GRXCLSRLALL) {
+                if (info.rule_cnt > 0) {
+                        if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32))
+-                               rule_buf = kmalloc(info.rule_cnt * sizeof(u32),
+                               rule_buf = kzalloc(info.rule_cnt * sizeof(u32),
+                                                   GFP_USER);
+                        if (!rule_buf)
+                                return -ENOMEM;
 diff -urNp linux-2.6.32.24/net/core/flow.c linux-2.6.32.24/net/core/flow.c
 --- linux-2.6.32.24/net/core/flow.c     2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/net/core/flow.c     2010-09-04 15:54:52.000000000 -0400
@@ -57934,6 +58053,28 @@ diff -urNp linux-2.6.32.24/sound/aoa/codecs/onyx.c linux-2.6.32.24/sound/aoa/cod
                onyx->spdif_locked = onyx->analog_locked = 0;
        mutex_unlock(&onyx->mutex);
 
+diff -urNp linux-2.6.32.24/sound/core/control.c linux-2.6.32.24/sound/core/control.c
+--- linux-2.6.32.24/sound/core/control.c        2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.24/sound/core/control.c        2010-10-12 10:26:46.000000000 -0400
+@@ -31,6 +31,7 @@
+ 
+ /* max number of user-defined controls */
+ #define MAX_USER_CONTROLS      32
+#define MAX_CONTROL_COUNT      1028
+ 
+ struct snd_kctl_ioctl {
+        struct list_head list;          /* list of all ioctls */
+@@ -190,6 +191,10 @@ static struct snd_kcontrol *snd_ctl_new(
+        
+        if (snd_BUG_ON(!control || !control->count))
+                return NULL;
+
+       if (control->count > MAX_CONTROL_COUNT)
+               return NULL;
+
+        kctl = kzalloc(sizeof(*kctl) + sizeof(struct snd_kcontrol_volatile) * control->count, GFP_KERNEL);
+        if (kctl == NULL) {
+                snd_printk(KERN_ERR "Cannot allocate control instance\n");
 diff -urNp linux-2.6.32.24/sound/core/oss/pcm_oss.c linux-2.6.32.24/sound/core/oss/pcm_oss.c
 --- linux-2.6.32.24/sound/core/oss/pcm_oss.c    2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/sound/core/oss/pcm_oss.c    2010-09-04 15:54:52.000000000 -0400
author	Natanael Copa <ncopa@alpinelinux.org>	2010-10-18 13:31:31 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2010-10-18 14:20:48 +0000
commit	ad7605847f191d5ca185291d29e6d50d916e9d64 (patch)
tree	b75920dc76c08c0d7433a68119b71220e0249899
parent	45b641394157610188e606bfdc08f2a202313292 (diff)
download	alpine_aports-ad7605847f191d5ca185291d29e6d50d916e9d64.tar.bz2 alpine_aports-ad7605847f191d5ca185291d29e6d50d916e9d64.tar.xz alpine_aports-ad7605847f191d5ca185291d29e6d50d916e9d64.zip

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 6af7a98cf1..e861009c74 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
4	pkgname=linux-${_flavor}	4	pkgname=linux-${_flavor}
5	pkgver=2.6.32.24	5	pkgver=2.6.32.24
6	_kernver=2.6.32	6	_kernver=2.6.32
7	pkgrel=0	7	pkgrel=1
8	pkgdesc="Linux kernel with grsecurity"	8	pkgdesc="Linux kernel with grsecurity"
9	url=http://grsecurity.net	9	url=http://grsecurity.net
10	depends="mkinitfs linux-firmware"	10	depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
14	install=	14	install=
15	source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2	15	source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
16	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2	16	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
17	grsecurity-2.2.0-2.6.32.24-201010021153.patch	17	grsecurity-2.2.0-2.6.32.24-201010121028.patch
18	0001-grsec-revert-conflicting-flow-cache-changes.patch	18	0001-grsec-revert-conflicting-flow-cache-changes.patch
19	0002-gre-fix-hard-header-destination-address-checking.patch	19	0002-gre-fix-hard-header-destination-address-checking.patch
20	0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch	20	0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -150,7 +150,7 @@ firmware() {
150		150
151	md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2	151	md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
152	e3346e3b4b92f048b8ecded829f45cdf patch-2.6.32.24.bz2	152	e3346e3b4b92f048b8ecded829f45cdf patch-2.6.32.24.bz2
153	18b64a2ec06196468d2df1a84fe51354 grsecurity-2.2.0-2.6.32.24-201010021153.patch	153	09ea9b3a8d3f3df001d306ef56e26068 grsecurity-2.2.0-2.6.32.24-201010121028.patch
154	1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch	154	1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
155	437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch	155	437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
156	151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch	156	151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch


diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch index 16dfdbec13..52451a14f3 100644 --- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch +++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
@@ -26286,6 +26286,43 @@ diff -urNp linux-2.6.32.24/drivers/isdn/icn/icn.c linux-2.6.32.24/drivers/isdn/i
26286	return -EFAULT;	26286	return -EFAULT;
26287	} else	26287	} else
26288	memcpy(msg, buf, count);	26288	memcpy(msg, buf, count);
		26289	diff -urNp linux-2.6.32.24/drivers/isdn/sc/interrupt.c linux-2.6.32.24/drivers/isdn/sc/interrupt.c
		26290	--- linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-08-13 16:24:37.000000000 -0400
		26291	+++ linux-2.6.32.24/drivers/isdn/sc/interrupt.c 2010-10-10 15:57:56.000000000 -0400
		26292	@@ -112,11 +112,19 @@ irqreturn_t interrupt_handler(int dummy,
		26293	}
		26294	else if(callid>=0x0000 && callid<=0x7FFF)
		26295	{
		26296	+ int len;
		26297	+
		26298	pr_debug("%s: Got Incoming Call\n",
		26299	sc_adapter[card]->devicename);
		26300	- strcpy(setup.phone,&(rcvmsg.msg_data.byte_array[4]));
		26301	- strcpy(setup.eazmsn,
		26302	- sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn);
		26303	+ len = strlcpy(setup.phone, &(rcvmsg.msg_data.byte_array[4]),
		26304	+ sizeof(setup.phone));
		26305	+ if (len >= sizeof(setup.phone))
		26306	+ continue;
		26307	+ len = strlcpy(setup.eazmsn,
		26308	+ sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
		26309	+ sizeof(setup.eazmsn));
		26310	+ if (len >= sizeof(setup.eazmsn))
		26311	+ continue;
		26312	setup.si1 = 7;
		26313	setup.si2 = 0;
		26314	setup.plan = 0;
		26315	@@ -176,7 +184,9 @@ irqreturn_t interrupt_handler(int dummy,
		26316	* Handle a GetMyNumber Rsp
		26317	*/
		26318	if (IS_CE_MESSAGE(rcvmsg,Call,0,GetMyNumber)){
		26319	- strcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn,rcvmsg.msg_data.byte_array);
		26320	+ strlcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
		26321	+ rcvmsg.msg_data.byte_array,
		26322	+ sizeof(rcvmsg.msg_data.byte_array));
		26323	continue;
		26324	}
		26325
26289	diff -urNp linux-2.6.32.24/drivers/lguest/core.c linux-2.6.32.24/drivers/lguest/core.c	26326	diff -urNp linux-2.6.32.24/drivers/lguest/core.c linux-2.6.32.24/drivers/lguest/core.c
26290	--- linux-2.6.32.24/drivers/lguest/core.c 2010-08-13 16:24:37.000000000 -0400	26327	--- linux-2.6.32.24/drivers/lguest/core.c 2010-08-13 16:24:37.000000000 -0400
26291	+++ linux-2.6.32.24/drivers/lguest/core.c 2010-09-04 15:54:52.000000000 -0400	26328	+++ linux-2.6.32.24/drivers/lguest/core.c 2010-09-04 15:54:52.000000000 -0400
@@ -49288,6 +49325,58 @@ diff -urNp linux-2.6.32.24/init/noinitramfs.c linux-2.6.32.24/init/noinitramfs.c
49288	if (err < 0)	49325	if (err < 0)
49289	goto out;	49326	goto out;
49290		49327
		49328	diff -urNp linux-2.6.32.24/ipc/compat.c linux-2.6.32.24/ipc/compat.c
		49329	--- linux-2.6.32.24/ipc/compat.c 2010-08-13 16:24:37.000000000 -0400
		49330	+++ linux-2.6.32.24/ipc/compat.c 2010-10-10 16:05:38.000000000 -0400
		49331	@@ -242,6 +242,8 @@ long compat_sys_semctl(int first, int se
		49332	struct semid64_ds __user *up64;
		49333	int version = compat_ipc_parse_version(&third);
		49334
		49335	+ memset(&s64, 0, sizeof(s64));
		49336	+
		49337	if (!uptr)
		49338	return -EINVAL;
		49339	if (get_user(pad, (u32 __user *) uptr))
		49340	@@ -422,6 +424,8 @@ long compat_sys_msgctl(int first, int se
		49341	int version = compat_ipc_parse_version(&second);
		49342	void __user *p;
		49343
		49344	+ memset(&m64, 0, sizeof(m64));
		49345	+
		49346	switch (second & (~IPC_64)) {
		49347	case IPC_INFO:
		49348	case IPC_RMID:
		49349	@@ -595,6 +599,8 @@ long compat_sys_shmctl(int first, int se
		49350	int err, err2;
		49351	int version = compat_ipc_parse_version(&second);
		49352
		49353	+ memset(&s64, 0, sizeof(s64));
		49354	+
		49355	switch (second & (~IPC_64)) {
		49356	case IPC_RMID:
		49357	case SHM_LOCK:
		49358	diff -urNp linux-2.6.32.24/ipc/compat_mq.c linux-2.6.32.24/ipc/compat_mq.c
		49359	--- linux-2.6.32.24/ipc/compat_mq.c 2010-08-13 16:24:37.000000000 -0400
		49360	+++ linux-2.6.32.24/ipc/compat_mq.c 2010-10-10 16:06:07.000000000 -0400
		49361	@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const
		49362	void __user *p = NULL;
		49363	if (u_attr && oflag & O_CREAT) {
		49364	struct mq_attr attr;
		49365	+
		49366	+ memset(&attr, 0, sizeof(attr));
		49367	+
		49368	p = compat_alloc_user_space(sizeof(attr));
		49369	if (get_compat_mq_attr(&attr, u_attr) \|\|
		49370	copy_to_user(p, &attr, sizeof(attr)))
		49371	@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr
		49372	struct mq_attr __user p = compat_alloc_user_space(2 sizeof(*p));
		49373	long ret;
		49374
		49375	+ memset(&mqstat, 0, sizeof(mqstat));
		49376	+
		49377	if (u_mqstat) {
		49378	if (get_compat_mq_attr(&mqstat, u_mqstat) \|\|
		49379	copy_to_user(p, &mqstat, sizeof(mqstat)))
49291	diff -urNp linux-2.6.32.24/ipc/ipc_sysctl.c linux-2.6.32.24/ipc/ipc_sysctl.c	49380	diff -urNp linux-2.6.32.24/ipc/ipc_sysctl.c linux-2.6.32.24/ipc/ipc_sysctl.c
49292	--- linux-2.6.32.24/ipc/ipc_sysctl.c 2010-08-13 16:24:37.000000000 -0400	49381	--- linux-2.6.32.24/ipc/ipc_sysctl.c 2010-08-13 16:24:37.000000000 -0400
49293	+++ linux-2.6.32.24/ipc/ipc_sysctl.c 2010-09-04 15:54:52.000000000 -0400	49382	+++ linux-2.6.32.24/ipc/ipc_sysctl.c 2010-09-04 15:54:52.000000000 -0400
@@ -49334,7 +49423,7 @@ diff -urNp linux-2.6.32.24/ipc/sem.c linux-2.6.32.24/ipc/sem.c
49334	out.sem_otime = in->sem_otime;	49423	out.sem_otime = in->sem_otime;
49335	diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c	49424	diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
49336	--- linux-2.6.32.24/ipc/shm.c 2010-08-13 16:24:37.000000000 -0400	49425	--- linux-2.6.32.24/ipc/shm.c 2010-08-13 16:24:37.000000000 -0400
49337	+++ linux-2.6.32.24/ipc/shm.c 2010-09-04 15:54:52.000000000 -0400	49426	+++ linux-2.6.32.24/ipc/shm.c 2010-10-10 16:04:50.000000000 -0400
49338	@@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name	49427	@@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name
49339	static int sysvipc_shm_proc_show(struct seq_file s, void it);	49428	static int sysvipc_shm_proc_show(struct seq_file s, void it);
49340	#endif	49429	#endif
@@ -49365,7 +49454,16 @@ diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
49365	shp->shm_segsz = size;	49454	shp->shm_segsz = size;
49366	shp->shm_nattch = 0;	49455	shp->shm_nattch = 0;
49367	shp->shm_file = file;	49456	shp->shm_file = file;
49368	@@ -879,9 +895,21 @@ long do_shmat(int shmid, char __user *sh	49457	@@ -474,6 +490,8 @@ static inline unsigned long copy_shmid_t
		49458	{
		49459	struct shmid_ds out;
		49460
		49461	+ memset(&out, 0, sizeof(out));
		49462	+
		49463	ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
		49464	out.shm_segsz = in->shm_segsz;
		49465	out.shm_atime = in->shm_atime;
		49466	@@ -879,9 +897,21 @@ long do_shmat(int shmid, char __user *sh
49369	if (err)	49467	if (err)
49370	goto out_unlock;	49468	goto out_unlock;
49371		49469
@@ -51338,7 +51436,7 @@ diff -urNp linux-2.6.32.24/kernel/sys.c linux-2.6.32.24/kernel/sys.c
51338	}	51436	}
51339	diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c	51437	diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
51340	--- linux-2.6.32.24/kernel/sysctl.c 2010-08-13 16:24:37.000000000 -0400	51438	--- linux-2.6.32.24/kernel/sysctl.c 2010-08-13 16:24:37.000000000 -0400
51341	+++ linux-2.6.32.24/kernel/sysctl.c 2010-09-17 18:34:04.000000000 -0400	51439	+++ linux-2.6.32.24/kernel/sysctl.c 2010-10-10 15:59:01.000000000 -0400
51342	@@ -63,6 +63,13 @@	51440	@@ -63,6 +63,13 @@
51343	static int deprecated_sysctl_warning(struct __sysctl_args *args);	51441	static int deprecated_sysctl_warning(struct __sysctl_args *args);
51344		51442
@@ -51474,6 +51572,15 @@ diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
51474	error = security_sysctl(table, op & (MAY_READ \| MAY_WRITE \| MAY_EXEC));	51572	error = security_sysctl(table, op & (MAY_READ \| MAY_WRITE \| MAY_EXEC));
51475	if (error)	51573	if (error)
51476	return error;	51574	return error;
		51575	@@ -2609,7 +2686,7 @@ static int __do_proc_doulongvec_minmax(v
		51576	vleft = table->maxlen / sizeof(unsigned long);
		51577	left = *lenp;
		51578
		51579	- for (; left && vleft--; i++, min++, max++, first=0) {
		51580	+ for (; left && vleft--; i++, first=0) {
		51581	if (write) {
		51582	while (left) {
		51583	char c;
51477	diff -urNp linux-2.6.32.24/kernel/taskstats.c linux-2.6.32.24/kernel/taskstats.c	51584	diff -urNp linux-2.6.32.24/kernel/taskstats.c linux-2.6.32.24/kernel/taskstats.c
51478	--- linux-2.6.32.24/kernel/taskstats.c 2010-08-13 16:24:37.000000000 -0400	51585	--- linux-2.6.32.24/kernel/taskstats.c 2010-08-13 16:24:37.000000000 -0400
51479	+++ linux-2.6.32.24/kernel/taskstats.c 2010-09-04 15:54:52.000000000 -0400	51586	+++ linux-2.6.32.24/kernel/taskstats.c 2010-09-04 15:54:52.000000000 -0400
@@ -55656,6 +55763,18 @@ diff -urNp linux-2.6.32.24/net/core/dev.c linux-2.6.32.24/net/core/dev.c
55656	{	55763	{
55657	struct list_head *list = &__get_cpu_var(softnet_data).poll_list;	55764	struct list_head *list = &__get_cpu_var(softnet_data).poll_list;
55658	unsigned long time_limit = jiffies + 2;	55765	unsigned long time_limit = jiffies + 2;
		55766	diff -urNp linux-2.6.32.24/net/core/ethtool.c linux-2.6.32.24/net/core/ethtool.c
		55767	--- linux-2.6.32.24/net/core/ethtool.c 2010-08-13 16:24:37.000000000 -0400
		55768	+++ linux-2.6.32.24/net/core/ethtool.c 2010-10-10 15:55:54.000000000 -0400
		55769	@@ -265,7 +265,7 @@ static int ethtool_get_rxnfc(struct net_
		55770	if (info.cmd == ETHTOOL_GRXCLSRLALL) {
		55771	if (info.rule_cnt > 0) {
		55772	if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32))
		55773	- rule_buf = kmalloc(info.rule_cnt * sizeof(u32),
		55774	+ rule_buf = kzalloc(info.rule_cnt * sizeof(u32),
		55775	GFP_USER);
		55776	if (!rule_buf)
		55777	return -ENOMEM;
55659	diff -urNp linux-2.6.32.24/net/core/flow.c linux-2.6.32.24/net/core/flow.c	55778	diff -urNp linux-2.6.32.24/net/core/flow.c linux-2.6.32.24/net/core/flow.c
55660	--- linux-2.6.32.24/net/core/flow.c 2010-08-13 16:24:37.000000000 -0400	55779	--- linux-2.6.32.24/net/core/flow.c 2010-08-13 16:24:37.000000000 -0400
55661	+++ linux-2.6.32.24/net/core/flow.c 2010-09-04 15:54:52.000000000 -0400	55780	+++ linux-2.6.32.24/net/core/flow.c 2010-09-04 15:54:52.000000000 -0400
@@ -57934,6 +58053,28 @@ diff -urNp linux-2.6.32.24/sound/aoa/codecs/onyx.c linux-2.6.32.24/sound/aoa/cod
57934	onyx->spdif_locked = onyx->analog_locked = 0;	58053	onyx->spdif_locked = onyx->analog_locked = 0;
57935	mutex_unlock(&onyx->mutex);	58054	mutex_unlock(&onyx->mutex);
57936		58055
		58056	diff -urNp linux-2.6.32.24/sound/core/control.c linux-2.6.32.24/sound/core/control.c
		58057	--- linux-2.6.32.24/sound/core/control.c 2010-08-13 16:24:37.000000000 -0400
		58058	+++ linux-2.6.32.24/sound/core/control.c 2010-10-12 10:26:46.000000000 -0400
		58059	@@ -31,6 +31,7 @@
		58060
		58061	/* max number of user-defined controls */
		58062	#define MAX_USER_CONTROLS 32
		58063	+#define MAX_CONTROL_COUNT 1028
		58064
		58065	struct snd_kctl_ioctl {
		58066	struct list_head list; /* list of all ioctls */
		58067	@@ -190,6 +191,10 @@ static struct snd_kcontrol *snd_ctl_new(
		58068
		58069	if (snd_BUG_ON(!control \|\| !control->count))
		58070	return NULL;
		58071	+
		58072	+ if (control->count > MAX_CONTROL_COUNT)
		58073	+ return NULL;
		58074	+
		58075	kctl = kzalloc(sizeof(kctl) + sizeof(struct snd_kcontrol_volatile) control->count, GFP_KERNEL);
		58076	if (kctl == NULL) {
		58077	snd_printk(KERN_ERR "Cannot allocate control instance\n");
57937	diff -urNp linux-2.6.32.24/sound/core/oss/pcm_oss.c linux-2.6.32.24/sound/core/oss/pcm_oss.c	58078	diff -urNp linux-2.6.32.24/sound/core/oss/pcm_oss.c linux-2.6.32.24/sound/core/oss/pcm_oss.c
57938	--- linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-08-13 16:24:37.000000000 -0400	58079	--- linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-08-13 16:24:37.000000000 -0400
57939	+++ linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-09-04 15:54:52.000000000 -0400	58080	+++ linux-2.6.32.24/sound/core/oss/pcm_oss.c 2010-09-04 15:54:52.000000000 -0400