diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 6af7a98cf1e7ac73845ee41592eac3b8580ccd42..e861009c748e74f916bea3cd52d682a1db5a6d2b 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.24
 _kernver=2.6.32
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
 	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
-	grsecurity-2.2.0-2.6.32.24-201010021153.patch
+	grsecurity-2.2.0-2.6.32.24-201010121028.patch
 	0001-grsec-revert-conflicting-flow-cache-changes.patch
 	0002-gre-fix-hard-header-destination-address-checking.patch
 	0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -150,7 +150,7 @@ firmware() {
 
 md5sums="260551284ac224c3a43c4adac7df4879  linux-2.6.32.tar.bz2
 e3346e3b4b92f048b8ecded829f45cdf  patch-2.6.32.24.bz2
-18b64a2ec06196468d2df1a84fe51354  grsecurity-2.2.0-2.6.32.24-201010021153.patch
+09ea9b3a8d3f3df001d306ef56e26068  grsecurity-2.2.0-2.6.32.24-201010121028.patch
 1d247140abec49b96250aec9aa59b324  0001-grsec-revert-conflicting-flow-cache-changes.patch
 437317f88ec13ace8d39c31983a41696  0002-gre-fix-hard-header-destination-address-checking.patch
 151b29a161178ed39d62a08f21f3484d  0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
similarity index 99%
rename from main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch
rename to main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
index 16dfdbec1384d3b6aed3ebf84b0f8c9ffb32a071..52451a14f3108d11a06d5a081811fd1db628a052 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010021153.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.24-201010121028.patch
@@ -26286,6 +26286,43 @@ diff -urNp linux-2.6.32.24/drivers/isdn/icn/icn.c linux-2.6.32.24/drivers/isdn/i
  				return -EFAULT;
  		} else
  			memcpy(msg, buf, count);
+diff -urNp linux-2.6.32.24/drivers/isdn/sc/interrupt.c linux-2.6.32.24/drivers/isdn/sc/interrupt.c
+--- linux-2.6.32.24/drivers/isdn/sc/interrupt.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/drivers/isdn/sc/interrupt.c	2010-10-10 15:57:56.000000000 -0400
+@@ -112,11 +112,19 @@ irqreturn_t interrupt_handler(int dummy,
+ 			}
+ 			else if(callid>=0x0000 && callid<=0x7FFF)
+ 			{
++				int len;
++
+ 				pr_debug("%s: Got Incoming Call\n",
+ 						sc_adapter[card]->devicename);
+-				strcpy(setup.phone,&(rcvmsg.msg_data.byte_array[4]));
+-				strcpy(setup.eazmsn,
+-					sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn);
++				len = strlcpy(setup.phone, &(rcvmsg.msg_data.byte_array[4]),
++						sizeof(setup.phone));
++				if (len >= sizeof(setup.phone))
++					continue;
++				len = strlcpy(setup.eazmsn,
++						sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
++						sizeof(setup.eazmsn));
++				if (len >= sizeof(setup.eazmsn))
++					continue;
+ 				setup.si1 = 7;
+ 				setup.si2 = 0;
+ 				setup.plan = 0;
+@@ -176,7 +184,9 @@ irqreturn_t interrupt_handler(int dummy,
+ 		 * Handle a GetMyNumber Rsp
+ 		 */
+ 		if (IS_CE_MESSAGE(rcvmsg,Call,0,GetMyNumber)){
+-			strcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no-1].dn,rcvmsg.msg_data.byte_array);
++			strlcpy(sc_adapter[card]->channel[rcvmsg.phy_link_no - 1].dn,
++				rcvmsg.msg_data.byte_array,
++				sizeof(rcvmsg.msg_data.byte_array));
+ 			continue;
+ 		}
+ 			
 diff -urNp linux-2.6.32.24/drivers/lguest/core.c linux-2.6.32.24/drivers/lguest/core.c
 --- linux-2.6.32.24/drivers/lguest/core.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/drivers/lguest/core.c	2010-09-04 15:54:52.000000000 -0400
@@ -49288,6 +49325,58 @@ diff -urNp linux-2.6.32.24/init/noinitramfs.c linux-2.6.32.24/init/noinitramfs.c
  	if (err < 0)
  		goto out;
  
+diff -urNp linux-2.6.32.24/ipc/compat.c linux-2.6.32.24/ipc/compat.c
+--- linux-2.6.32.24/ipc/compat.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/ipc/compat.c	2010-10-10 16:05:38.000000000 -0400
+@@ -242,6 +242,8 @@ long compat_sys_semctl(int first, int se
+ 	struct semid64_ds __user *up64;
+ 	int version = compat_ipc_parse_version(&third);
+ 
++	memset(&s64, 0, sizeof(s64));
++
+ 	if (!uptr)
+ 		return -EINVAL;
+ 	if (get_user(pad, (u32 __user *) uptr))
+@@ -422,6 +424,8 @@ long compat_sys_msgctl(int first, int se
+ 	int version = compat_ipc_parse_version(&second);
+ 	void __user *p;
+ 
++	memset(&m64, 0, sizeof(m64));
++
+ 	switch (second & (~IPC_64)) {
+ 	case IPC_INFO:
+ 	case IPC_RMID:
+@@ -595,6 +599,8 @@ long compat_sys_shmctl(int first, int se
+ 	int err, err2;
+ 	int version = compat_ipc_parse_version(&second);
+ 
++	memset(&s64, 0, sizeof(s64));
++
+ 	switch (second & (~IPC_64)) {
+ 	case IPC_RMID:
+ 	case SHM_LOCK:
+diff -urNp linux-2.6.32.24/ipc/compat_mq.c linux-2.6.32.24/ipc/compat_mq.c
+--- linux-2.6.32.24/ipc/compat_mq.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/ipc/compat_mq.c	2010-10-10 16:06:07.000000000 -0400
+@@ -53,6 +53,9 @@ asmlinkage long compat_sys_mq_open(const
+ 	void __user *p = NULL;
+ 	if (u_attr && oflag & O_CREAT) {
+ 		struct mq_attr attr;
++
++		memset(&attr, 0, sizeof(attr));
++
+ 		p = compat_alloc_user_space(sizeof(attr));
+ 		if (get_compat_mq_attr(&attr, u_attr) ||
+ 		    copy_to_user(p, &attr, sizeof(attr)))
+@@ -127,6 +130,8 @@ asmlinkage long compat_sys_mq_getsetattr
+ 	struct mq_attr __user *p = compat_alloc_user_space(2 * sizeof(*p));
+ 	long ret;
+ 
++	memset(&mqstat, 0, sizeof(mqstat));
++
+ 	if (u_mqstat) {
+ 		if (get_compat_mq_attr(&mqstat, u_mqstat) ||
+ 		    copy_to_user(p, &mqstat, sizeof(mqstat)))
 diff -urNp linux-2.6.32.24/ipc/ipc_sysctl.c linux-2.6.32.24/ipc/ipc_sysctl.c
 --- linux-2.6.32.24/ipc/ipc_sysctl.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/ipc/ipc_sysctl.c	2010-09-04 15:54:52.000000000 -0400
@@ -49334,7 +49423,7 @@ diff -urNp linux-2.6.32.24/ipc/sem.c linux-2.6.32.24/ipc/sem.c
  		out.sem_otime	= in->sem_otime;
 diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
 --- linux-2.6.32.24/ipc/shm.c	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/ipc/shm.c	2010-09-04 15:54:52.000000000 -0400
++++ linux-2.6.32.24/ipc/shm.c	2010-10-10 16:04:50.000000000 -0400
 @@ -70,6 +70,14 @@ static void shm_destroy (struct ipc_name
  static int sysvipc_shm_proc_show(struct seq_file *s, void *it);
  #endif
@@ -49365,7 +49454,16 @@ diff -urNp linux-2.6.32.24/ipc/shm.c linux-2.6.32.24/ipc/shm.c
  	shp->shm_segsz = size;
  	shp->shm_nattch = 0;
  	shp->shm_file = file;
-@@ -879,9 +895,21 @@ long do_shmat(int shmid, char __user *sh
+@@ -474,6 +490,8 @@ static inline unsigned long copy_shmid_t
+ 	    {
+ 		struct shmid_ds out;
+ 
++		memset(&out, 0, sizeof(out));
++
+ 		ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
+ 		out.shm_segsz	= in->shm_segsz;
+ 		out.shm_atime	= in->shm_atime;
+@@ -879,9 +897,21 @@ long do_shmat(int shmid, char __user *sh
  	if (err)
  		goto out_unlock;
  
@@ -51338,7 +51436,7 @@ diff -urNp linux-2.6.32.24/kernel/sys.c linux-2.6.32.24/kernel/sys.c
  			}
 diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
 --- linux-2.6.32.24/kernel/sysctl.c	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.24/kernel/sysctl.c	2010-09-17 18:34:04.000000000 -0400
++++ linux-2.6.32.24/kernel/sysctl.c	2010-10-10 15:59:01.000000000 -0400
 @@ -63,6 +63,13 @@
  static int deprecated_sysctl_warning(struct __sysctl_args *args);
  
@@ -51474,6 +51572,15 @@ diff -urNp linux-2.6.32.24/kernel/sysctl.c linux-2.6.32.24/kernel/sysctl.c
  	error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC));
  	if (error)
  		return error;
+@@ -2609,7 +2686,7 @@ static int __do_proc_doulongvec_minmax(v
+ 	vleft = table->maxlen / sizeof(unsigned long);
+ 	left = *lenp;
+ 	
+-	for (; left && vleft--; i++, min++, max++, first=0) {
++	for (; left && vleft--; i++, first=0) {
+ 		if (write) {
+ 			while (left) {
+ 				char c;
 diff -urNp linux-2.6.32.24/kernel/taskstats.c linux-2.6.32.24/kernel/taskstats.c
 --- linux-2.6.32.24/kernel/taskstats.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/kernel/taskstats.c	2010-09-04 15:54:52.000000000 -0400
@@ -55656,6 +55763,18 @@ diff -urNp linux-2.6.32.24/net/core/dev.c linux-2.6.32.24/net/core/dev.c
  {
  	struct list_head *list = &__get_cpu_var(softnet_data).poll_list;
  	unsigned long time_limit = jiffies + 2;
+diff -urNp linux-2.6.32.24/net/core/ethtool.c linux-2.6.32.24/net/core/ethtool.c
+--- linux-2.6.32.24/net/core/ethtool.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/net/core/ethtool.c	2010-10-10 15:55:54.000000000 -0400
+@@ -265,7 +265,7 @@ static int ethtool_get_rxnfc(struct net_
+ 	if (info.cmd == ETHTOOL_GRXCLSRLALL) {
+ 		if (info.rule_cnt > 0) {
+ 			if (info.rule_cnt <= KMALLOC_MAX_SIZE / sizeof(u32))
+-				rule_buf = kmalloc(info.rule_cnt * sizeof(u32),
++				rule_buf = kzalloc(info.rule_cnt * sizeof(u32),
+ 						   GFP_USER);
+ 			if (!rule_buf)
+ 				return -ENOMEM;
 diff -urNp linux-2.6.32.24/net/core/flow.c linux-2.6.32.24/net/core/flow.c
 --- linux-2.6.32.24/net/core/flow.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/net/core/flow.c	2010-09-04 15:54:52.000000000 -0400
@@ -57934,6 +58053,28 @@ diff -urNp linux-2.6.32.24/sound/aoa/codecs/onyx.c linux-2.6.32.24/sound/aoa/cod
  		onyx->spdif_locked = onyx->analog_locked = 0;
  	mutex_unlock(&onyx->mutex);
  
+diff -urNp linux-2.6.32.24/sound/core/control.c linux-2.6.32.24/sound/core/control.c
+--- linux-2.6.32.24/sound/core/control.c	2010-08-13 16:24:37.000000000 -0400
++++ linux-2.6.32.24/sound/core/control.c	2010-10-12 10:26:46.000000000 -0400
+@@ -31,6 +31,7 @@
+ 
+ /* max number of user-defined controls */
+ #define MAX_USER_CONTROLS	32
++#define MAX_CONTROL_COUNT	1028
+ 
+ struct snd_kctl_ioctl {
+ 	struct list_head list;		/* list of all ioctls */
+@@ -190,6 +191,10 @@ static struct snd_kcontrol *snd_ctl_new(
+ 	
+ 	if (snd_BUG_ON(!control || !control->count))
+ 		return NULL;
++
++	if (control->count > MAX_CONTROL_COUNT)
++		return NULL;
++
+ 	kctl = kzalloc(sizeof(*kctl) + sizeof(struct snd_kcontrol_volatile) * control->count, GFP_KERNEL);
+ 	if (kctl == NULL) {
+ 		snd_printk(KERN_ERR "Cannot allocate control instance\n");
 diff -urNp linux-2.6.32.24/sound/core/oss/pcm_oss.c linux-2.6.32.24/sound/core/oss/pcm_oss.c
 --- linux-2.6.32.24/sound/core/oss/pcm_oss.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.24/sound/core/oss/pcm_oss.c	2010-09-04 15:54:52.000000000 -0400