Bug#623740: enable hardening-wrapper for amavisd-milter

[Harald Jenny]

Dear Steve Beattie,

first thanks for your bug report and your patch, I really appreciate the work
you've done but I personally prefer hardening-includes so I already added this
feature to the mercurial repository long ago:

changeset:   34:55ef61a0a65e
user:Harald Jenny 
date:Tue Jul 27 20:09:03 2010 +
files:   debian/changelog debian/control debian/rules
description:
use hardening-includes for compilation

The problem was that upstream configure had a typo which prevented the correct
usage of the LDFLAGS variable - this bug was patched too:

changeset:   49:0c398eacf304
user:Harald Jenny 
date:Fri Nov 26 16:50:07 2010 +0100
files:   debian/changelog debian/patches/ax_path_milter-flags-fix 
debian/patches/configure-flags-fix debian/patches/series
description:
patches to fix compilation of amavisd-milter with HARDENING_LDFLAGS

The problem is that I lack a sponsor who uploads my package to the archive but
I hope to remedy this situation soon. If you don't have any objections I will
close this bug report as won't fix and you can drop your patch with the next
Debian package.

Kind regards
Harald Jenny



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#623740: enable hardening-wrapper for amavisd-milter

[Steve Beattie]

Package: amavisd-milter
Version: 1.5.0-2
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty ubuntu-patch


[This is a resurrection of Debian bug #542722]

Hello!

Since amavisd-milter processes untrusted input, I think it might
benefit from having hardening[1] enabled for its build.  The attached
patch implements this.

Thanks!

-- Steve Beattie

[1] http://wiki.debian.org/Hardening


*** /home/steve/tmp/tmpsYv2qc
In Ubuntu, the attached patch was applied to achieve the following:

  * Re-enable hardened build for PIE (LP: #768713)

Thanks for considering the patch.


-- System Information:
Debian Release: squeeze/sid
  APT prefers natty-updates
  APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 
'natty-proposed'), (500, 'natty')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38-8-server (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru amavisd-milter-1.5.0/debian/changelog amavisd-milter-1.5.0/debian/changelog
diff -Nru amavisd-milter-1.5.0/debian/control amavisd-milter-1.5.0/debian/control
--- amavisd-milter-1.5.0/debian/control	2010-07-11 13:18:36.0 -0700
+++ amavisd-milter-1.5.0/debian/control	2011-04-21 17:53:38.0 -0700
@@ -1,7 +1,7 @@
 Section: mail
 Priority: extra
 Maintainer: Harald Jenny 
-Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libmilter-dev
+Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libmilter-dev, hardening-wrapper
 Homepage: http://amavisd-milter.sourceforge.net/
 Vcs-Browser: http://hg.debian.org/hg/amavisd-new/amavisd-milter
 Vcs-Hg: http://hg.debian.org/hg/amavisd-new/amavisd-milter
diff -Nru amavisd-milter-1.5.0/debian/rules amavisd-milter-1.5.0/debian/rules
--- amavisd-milter-1.5.0/debian/rules	2010-07-11 17:09:11.0 -0700
+++ amavisd-milter-1.5.0/debian/rules	2011-04-21 17:22:29.0 -0700
@@ -1,5 +1,7 @@
 #!/usr/bin/make -f
 
+export DEB_BUILD_HARDENING=1
+
 %:
 	dh $@