234571 – PATCH sys-kernel/hardened-sources-2.6.25-r3 working patch for fbcondecor-0.9.4

Bug 234571 - PATCH sys-kernel/hardened-sources-2.6.25-r3 working patch for fbcondecor-0.9.4

Summary: PATCH sys-kernel/hardened-sources-2.6.25-r3 working patch for fbcondecor-0.9.4

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Hardened (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	The Gentoo Linux Hardened Team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-08-12 20:38 UTC by Magnus Granberg
Modified:	2009-06-01 07:00 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
working fbcondecor-0.9.4 patch (4460_fbcondecor-0.9.4.patch,53.75 KB, patch) 2008-08-12 20:41 UTC, Magnus Granberg	Details \| Diff
diff 4200_fbcondecor-0.9.4 and 4460_fbcondecor-0.9.4 (hardened-sources-fbcondecor.diff,951 bytes, patch) 2008-08-12 20:43 UTC, Magnus Granberg	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Magnus Granberg gentoo-dev

2008-08-12 20:38:15 UTC

* Applying 4200_fbcondecor-0.9.4.patch (-p0+) ...                                                                                 [ ok ]
 * Applying 4300_squashfs-3.3.patch (-p0+) ...                                                                                     [ ok ]
 * Applying 4400_speakup-support.patch (-p0+) ...                                                                                  [ ok ]
 * Applying 4405_alpha-sysctl-uac.patch (-p0+) ...                                                                                 [ ok ]
 * Applying 4420_grsec-2.1.12-2.6.25.12-200807261355.patch (-p0+) ...                                                              [ !! ]
 * Please attach /var/tmp/portage/sys-kernel/hardened-sources-2.6.25-r3/temp/4420_grsec-2.1.12-2.6.25.12-200807261355.err to any bug you may post.

Comment 1 Magnus Granberg gentoo-dev

2008-08-12 20:41:09 UTC

Created attachment 162774 [details, diff]
working fbcondecor-0.9.4 patch

Need to be after 4450_selinux-avc_audit-log-curr_ip.patch

Comment 2 Magnus Granberg gentoo-dev

2008-08-12 20:43:19 UTC

Created attachment 162776 [details, diff]
diff 4200_fbcondecor-0.9.4 and 4460_fbcondecor-0.9.4

Comment 3 Magnus Granberg gentoo-dev

2008-08-12 20:46:53 UTC

 * Applying 4445_grsec-2.1.11-mute-warnings.patch (-p0+) ...                                                                       [ ok ]
 * Applying 4450_selinux-avc_audit-log-curr_ip.patch (-p0+) ...                                                                    [ ok ]
 * Applying 4460_fbcondecor-0.9.4.patch (-p0+) ...                                                                                 [ ok ]
>>> Source unpacked.
Working on vanilla toolchain with hardened-sources-2.6.25-r3 and no PAX or GRSEC enable.

Comment 4 Gordon Malm (RETIRED) gentoo-dev

2008-08-13 02:15:38 UTC

I'm not carrying fbcondecor patches in hardened-extras.  If you submit an fbcondecor patch to kernel@g.o that fixes the conflicts with the grsecurity patch (appears that it should be a trivial task) I'll consider removing fbcondecor from UNIPATCH_EXCLUDE in hardened-sources.  Nice work though and thanks for your inquiry.

Comment 5 Magnus Granberg gentoo-dev

2008-08-13 21:28:02 UTC

Thats okey with me.

Comment 6 Martin Väth 2009-06-01 07:00:49 UTC

When I tried last time (with kernel 2.6.29), there was no obvious conflict
between grsecurity and fbcondecor. And at least applying the patch works with
hardened-sources-2.6.29.

However, fbcondecor is still in UNIPATCH_EXCLUDE; actually, meanwhile it is
the only item there. Is there a particular reason for this?

If not, I would suggest to remove it from that list. It is certainly not a "must"
but a "nice to have", even on hardened systems...