main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.35.8-201011022021

(cherry picked from commit f4dbbef2987efe748a576eec670614b5132a97ee)

2 files changed, 106 insertions, 21 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index bd25e8bef0..c46238b233 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.35.8
 _kernver=2.6.35
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
         ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
-        grsecurity-2.2.0-2.6.35.8-201010311944.patch
+        grsecurity-2.2.0-2.6.35.8-201011022021.patch
         0004-arp-flush-arp-cache-on-device-change.patch
         r8169-fix-rx-checksum-offload.patch
         r8169-add-gro-support.patch
@@ -140,7 +140,7 @@ firmware() {
 
 md5sums="091abeb4684ce03d1d936851618687b6  linux-2.6.35.tar.bz2
 198e4e72ea9cc7f9f25bb5881167aa2e  patch-2.6.35.8.bz2
-3ad2911a6009758d1df3fff0bce11405  grsecurity-2.2.0-2.6.35.8-201010311944.patch
+ec3743cf416ebdc47dbc088aaf33e8e8  grsecurity-2.2.0-2.6.35.8-201011022021.patch
 776adeeb5272093574f8836c5037dd7d  0004-arp-flush-arp-cache-on-device-change.patch
 0ccecafd4123dcad0b0cd7787553d734  r8169-fix-rx-checksum-offload.patch
 139b39da44ecb577275be53d7d365949  r8169-add-gro-support.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201010311944.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201011022021.patch
index 25d1ccbc21..ed9ad022f8 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201010311944.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.35.8-201011022021.patch
@@ -11753,7 +11753,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/head32.c linux-2.6.35.8/arch/x86/kerne
         /* Reserve INITRD */
 diff -urNp linux-2.6.35.8/arch/x86/kernel/head_32.S linux-2.6.35.8/arch/x86/kernel/head_32.S
 --- linux-2.6.35.8/arch/x86/kernel/head_32.S    2010-10-31 17:13:58.000000000 -0400
-+++ linux-2.6.35.8/arch/x86/kernel/head_32.S    2010-10-31 17:21:20.000000000 -0400
++++ linux-2.6.35.8/arch/x86/kernel/head_32.S    2010-11-02 19:22:48.000000000 -0400
 @@ -25,6 +25,12 @@
  /* Physical address */
  #define pa(X) ((X) - __PAGE_OFFSET)
@@ -12045,7 +12045,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/head_32.S linux-2.6.35.8/arch/x86/kern
  ENTRY(swapper_pg_dir)
         .fill 1024,4,0
  #endif
-+
++.section .swapper_pg_fixmap,"a",@progbits
  swapper_pg_fixmap:
         .fill 1024,4,0
  #ifdef CONFIG_X86_TRAMPOLINE
@@ -14567,7 +14567,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmi_32.c linux-2.6.35.8/arch/x86/kerne
         local_irq_save(flags);
 diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S
 --- linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S        2010-08-26 19:47:12.000000000 -0400
-+++ linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S        2010-09-17 20:12:09.000000000 -0400
++++ linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S        2010-11-02 19:23:16.000000000 -0400
 @@ -26,6 +26,13 @@
  #include <asm/page_types.h>
  #include <asm/cache.h>
@@ -14653,7 +14653,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
                 HEAD_TEXT
  #ifdef CONFIG_X86_32
                 . = ALIGN(PAGE_SIZE);
-@@ -108,13 +130,50 @@ SECTIONS
+@@ -108,13 +130,52 @@ SECTIONS
                 IRQENTRY_TEXT
                 *(.fixup)
                 *(.gnu.warning)
@@ -14695,8 +14695,10 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
 +               *(.idt)
 +               . = ALIGN(PAGE_SIZE);
 +               *(.empty_zero_page)
++               *(.swapper_pg_fixmap)
 +               *(.swapper_pg_pmd)
 +               *(.swapper_pg_dir)
++               *(.trampoline_pg_dir)
 +       } :rodata
 +#endif
 +
@@ -14708,7 +14710,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
  
         X64_ALIGN_DEBUG_RODATA_BEGIN
         RO_DATA(PAGE_SIZE)
-@@ -122,16 +181,20 @@ SECTIONS
+@@ -122,16 +183,20 @@ SECTIONS
  
         /* Data */
         .data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -14732,7 +14734,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
  
                 PAGE_ALIGNED_DATA(PAGE_SIZE)
  
-@@ -194,12 +257,6 @@ SECTIONS
+@@ -194,12 +259,6 @@ SECTIONS
         }
         vgetcpu_mode = VVIRT(.vgetcpu_mode);
  
@@ -14745,7 +14747,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
         .vsyscall_3 ADDR(.vsyscall_0) + 3072: AT(VLOAD(.vsyscall_3)) {
                 *(.vsyscall_3)
         }
-@@ -215,12 +272,19 @@ SECTIONS
+@@ -215,12 +274,19 @@ SECTIONS
  #endif /* CONFIG_X86_64 */
  
         /* Init code and data - will be freed after init */
@@ -14768,7 +14770,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
         /*
          * percpu offsets are zero-based on SMP.  PERCPU_VADDR() changes the
          * output PHDR, so the next output section - .init.text - should
-@@ -229,12 +293,27 @@ SECTIONS
+@@ -229,12 +295,27 @@ SECTIONS
         PERCPU_VADDR(0, :percpu)
  #endif
  
@@ -14801,7 +14803,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
  
         .x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
                 __x86_cpu_dev_start = .;
-@@ -260,19 +339,11 @@ SECTIONS
+@@ -260,19 +341,11 @@ SECTIONS
                 *(.altinstr_replacement)
         }
  
@@ -14822,7 +14824,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
         PERCPU(PAGE_SIZE)
  #endif
  
-@@ -291,16 +362,10 @@ SECTIONS
+@@ -291,16 +364,10 @@ SECTIONS
         .smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
                 __smp_locks = .;
                 *(.smp_locks)
@@ -14840,7 +14842,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
         /* BSS */
         . = ALIGN(PAGE_SIZE);
         .bss : AT(ADDR(.bss) - LOAD_OFFSET) {
-@@ -316,6 +381,7 @@ SECTIONS
+@@ -316,6 +383,7 @@ SECTIONS
                 __brk_base = .;
                 . += 64 * 1024;         /* 64k alignment slop space */
                 *(.brk_reservation)     /* areas brk users have reserved */
@@ -14848,7 +14850,7 @@ diff -urNp linux-2.6.35.8/arch/x86/kernel/vmlinux.lds.S linux-2.6.35.8/arch/x86/
                 __brk_limit = .;
         }
  
-@@ -342,13 +408,12 @@ SECTIONS
+@@ -342,13 +410,12 @@ SECTIONS
   * for the boot processor.
   */
  #define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
@@ -54778,6 +54780,25 @@ diff -urNp linux-2.6.35.8/net/atm/resources.c linux-2.6.35.8/net/atm/resources.c
         __AAL_STAT_ITEMS
  #undef __HANDLE_ITEM
  }
+diff -urNp linux-2.6.35.8/net/ax25/af_ax25.c linux-2.6.35.8/net/ax25/af_ax25.c
+--- linux-2.6.35.8/net/ax25/af_ax25.c   2010-08-26 19:47:12.000000000 -0400
++++ linux-2.6.35.8/net/ax25/af_ax25.c   2010-11-02 19:44:50.000000000 -0400
+@@ -1392,6 +1392,7 @@ static int ax25_getname(struct socket *s
+        ax25_cb *ax25;
+        int err = 0;
+ 
++       memset(fsa, 0, sizeof(*fsa));
+        lock_sock(sk);
+        ax25 = ax25_sk(sk);
+ 
+@@ -1403,7 +1404,6 @@ static int ax25_getname(struct socket *s
+ 
+                fsa->fsa_ax25.sax25_family = AF_AX25;
+                fsa->fsa_ax25.sax25_call   = ax25->dest_addr;
+-               fsa->fsa_ax25.sax25_ndigis = 0;
+ 
+                if (ax25->digipeat != NULL) {
+                        ndigi = ax25->digipeat->ndigi;
 diff -urNp linux-2.6.35.8/net/bridge/br_multicast.c linux-2.6.35.8/net/bridge/br_multicast.c
 --- linux-2.6.35.8/net/bridge/br_multicast.c    2010-08-26 19:47:12.000000000 -0400
 +++ linux-2.6.35.8/net/bridge/br_multicast.c    2010-10-11 22:41:44.000000000 -0400
@@ -55753,9 +55774,28 @@ diff -urNp linux-2.6.35.8/net/netlink/af_netlink.c linux-2.6.35.8/net/netlink/af
                            atomic_read(&s->sk_refcnt),
                            atomic_read(&s->sk_drops),
                            sock_i_ino(s)
+diff -urNp linux-2.6.35.8/net/netrom/af_netrom.c linux-2.6.35.8/net/netrom/af_netrom.c
+--- linux-2.6.35.8/net/netrom/af_netrom.c       2010-08-26 19:47:12.000000000 -0400
++++ linux-2.6.35.8/net/netrom/af_netrom.c       2010-11-02 19:46:20.000000000 -0400
+@@ -840,6 +840,7 @@ static int nr_getname(struct socket *soc
+        struct sock *sk = sock->sk;
+        struct nr_sock *nr = nr_sk(sk);
+ 
++       memset(sax, 0, sizeof(*sax));
+        lock_sock(sk);
+        if (peer != 0) {
+                if (sk->sk_state != TCP_ESTABLISHED) {
+@@ -854,7 +855,6 @@ static int nr_getname(struct socket *soc
+                *uaddr_len = sizeof(struct full_sockaddr_ax25);
+        } else {
+                sax->fsa_ax25.sax25_family = AF_NETROM;
+-               sax->fsa_ax25.sax25_ndigis = 0;
+                sax->fsa_ax25.sax25_call   = nr->source_addr;
+                *uaddr_len = sizeof(struct sockaddr_ax25);
+        }
 diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_packet.c
 --- linux-2.6.35.8/net/packet/af_packet.c       2010-08-26 19:47:12.000000000 -0400
-+++ linux-2.6.35.8/net/packet/af_packet.c       2010-10-11 22:41:44.000000000 -0400
++++ linux-2.6.35.8/net/packet/af_packet.c       2010-11-02 19:42:44.000000000 -0400
 @@ -1595,8 +1595,9 @@ static int packet_recvmsg(struct kiocb *
  
                 err = -EINVAL;
@@ -55767,7 +55807,24 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
  
                 if (skb_is_gso(skb)) {
                         struct skb_shared_info *sinfo = skb_shinfo(skb);
-@@ -2093,7 +2094,7 @@ static int packet_getsockopt(struct sock
+@@ -1704,7 +1705,7 @@ static int packet_getname_spkt(struct so
+        rcu_read_lock();
+        dev = dev_get_by_index_rcu(sock_net(sk), pkt_sk(sk)->ifindex);
+        if (dev)
+-               strlcpy(uaddr->sa_data, dev->name, 15);
++               strncpy(uaddr->sa_data, dev->name, 14);
+        else
+                memset(uaddr->sa_data, 0, 14);
+        rcu_read_unlock();
+@@ -1727,6 +1728,7 @@ static int packet_getname(struct socket 
+        sll->sll_family = AF_PACKET;
+        sll->sll_ifindex = po->ifindex;
+        sll->sll_protocol = po->num;
++       sll->sll_pkttype = 0;
+        rcu_read_lock();
+        dev = dev_get_by_index_rcu(sock_net(sk), po->ifindex);
+        if (dev) {
+@@ -2093,7 +2095,7 @@ static int packet_getsockopt(struct sock
         case PACKET_HDRLEN:
                 if (len > sizeof(int))
                         len = sizeof(int);
@@ -55776,7 +55833,7 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
                         return -EFAULT;
                 switch (val) {
                 case TPACKET_V1:
-@@ -2125,7 +2126,7 @@ static int packet_getsockopt(struct sock
+@@ -2125,7 +2127,7 @@ static int packet_getsockopt(struct sock
  
         if (put_user(len, optlen))
                 return -EFAULT;
@@ -55785,7 +55842,7 @@ diff -urNp linux-2.6.35.8/net/packet/af_packet.c linux-2.6.35.8/net/packet/af_pa
                 return -EFAULT;
         return 0;
  }
-@@ -2604,7 +2605,11 @@ static int packet_seq_show(struct seq_fi
+@@ -2604,7 +2606,11 @@ static int packet_seq_show(struct seq_fi
  
                 seq_printf(seq,
                            "%p %-6d %-4d %04x   %-5d %1d %-6u %-6u %-6lu\n",
@@ -56080,8 +56137,16 @@ diff -urNp linux-2.6.35.8/net/sysctl_net.c linux-2.6.35.8/net/sysctl_net.c
         }
 diff -urNp linux-2.6.35.8/net/tipc/socket.c linux-2.6.35.8/net/tipc/socket.c
 --- linux-2.6.35.8/net/tipc/socket.c    2010-08-26 19:47:12.000000000 -0400
-+++ linux-2.6.35.8/net/tipc/socket.c    2010-09-17 20:12:09.000000000 -0400
-@@ -1451,8 +1451,9 @@ static int connect(struct socket *sock, 
++++ linux-2.6.35.8/net/tipc/socket.c    2010-11-02 19:49:48.000000000 -0400
+@@ -395,6 +395,7 @@ static int get_name(struct socket *sock,
+        struct sockaddr_tipc *addr = (struct sockaddr_tipc *)uaddr;
+        struct tipc_sock *tsock = tipc_sk(sock->sk);
+ 
++       memset(addr, 0, sizeof(*addr));
+        if (peer) {
+                if ((sock->state != SS_CONNECTED) &&
+                        ((peer != 2) || (sock->state != SS_DISCONNECTING)))
+@@ -1451,8 +1452,9 @@ static int connect(struct socket *sock, 
         } else {
                 if (res == 0)
                         res = -ETIMEDOUT;
@@ -56213,6 +56278,26 @@ diff -urNp linux-2.6.35.8/net/wireless/wext-core.c linux-2.6.35.8/net/wireless/w
         err = handler(dev, info, (union iwreq_data *) iwp, extra);
  
         iwp->length += essid_compat;
+diff -urNp linux-2.6.35.8/net/x25/x25_facilities.c linux-2.6.35.8/net/x25/x25_facilities.c
+--- linux-2.6.35.8/net/x25/x25_facilities.c     2010-08-26 19:47:12.000000000 -0400
++++ linux-2.6.35.8/net/x25/x25_facilities.c     2010-11-02 19:50:35.000000000 -0400
+@@ -134,14 +134,14 @@ int x25_parse_facilities(struct sk_buff 
+                case X25_FAC_CLASS_D:
+                        switch (*p) {
+                        case X25_FAC_CALLING_AE:
+-                               if (p[1] > X25_MAX_DTE_FACIL_LEN)
++                               if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] == 0)
+                                        break;
+                                dte_facs->calling_len = p[2];
+                                memcpy(dte_facs->calling_ae, &p[3], p[1] - 1);
+                                *vc_fac_mask |= X25_MASK_CALLING_AE;
+                                break;
+                        case X25_FAC_CALLED_AE:
+-                               if (p[1] > X25_MAX_DTE_FACIL_LEN)
++                               if (p[1] > X25_MAX_DTE_FACIL_LEN || p[1] == 0)
+                                        break;
+                                dte_facs->called_len = p[2];
+                                memcpy(dte_facs->called_ae, &p[3], p[1] - 1);
 diff -urNp linux-2.6.35.8/net/xfrm/xfrm_policy.c linux-2.6.35.8/net/xfrm/xfrm_policy.c
 --- linux-2.6.35.8/net/xfrm/xfrm_policy.c       2010-08-26 19:47:12.000000000 -0400
 +++ linux-2.6.35.8/net/xfrm/xfrm_policy.c       2010-09-17 20:12:09.000000000 -0400