Package: amavisd-milter
Version: 1.5.0-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty ubuntu-patch
[This is a resurrection of Debian bug #542722]
Hello!
Since amavisd-milter processes untrusted input, I think it might
benefit from having hardening[1] enabled for its build. The attached
patch implements this.
Thanks!
-- Steve Beattie
[1] http://wiki.debian.org/Hardening
*** /home/steve/tmp/tmpsYv2qc
In Ubuntu, the attached patch was applied to achieve the following:
* Re-enable hardened build for PIE (LP: #768713)
Thanks for considering the patch.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty-updates
APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500,
'natty-proposed'), (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-8-server (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru amavisd-milter-1.5.0/debian/changelog amavisd-milter-1.5.0/debian/changelog
diff -Nru amavisd-milter-1.5.0/debian/control amavisd-milter-1.5.0/debian/control
--- amavisd-milter-1.5.0/debian/control 2010-07-11 13:18:36.0 -0700
+++ amavisd-milter-1.5.0/debian/control 2011-04-21 17:53:38.0 -0700
@@ -1,7 +1,7 @@
Section: mail
Priority: extra
Maintainer: Harald Jenny
-Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libmilter-dev
+Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libmilter-dev, hardening-wrapper
Homepage: http://amavisd-milter.sourceforge.net/
Vcs-Browser: http://hg.debian.org/hg/amavisd-new/amavisd-milter
Vcs-Hg: http://hg.debian.org/hg/amavisd-new/amavisd-milter
diff -Nru amavisd-milter-1.5.0/debian/rules amavisd-milter-1.5.0/debian/rules
--- amavisd-milter-1.5.0/debian/rules 2010-07-11 17:09:11.0 -0700
+++ amavisd-milter-1.5.0/debian/rules 2011-04-21 17:22:29.0 -0700
@@ -1,5 +1,7 @@
#!/usr/bin/make -f
+export DEB_BUILD_HARDENING=1
+
%:
dh $@