Package: squid3 Version: 3.1.19-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu precise ubuntu-patch
Dear Maintainer, In http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542723 all of the hardening options were enabled for squid v2, due to it's handling and parsing of data received from the network and because of its security history. Please enable all options for squid3; see http://wiki.debian.org/Hardening for more details. The attached patch enables the missing -fPIE and ld bind-now options. To determine which hardening options squid3 has been compiled with, the hardening-check script from the hardening-includes package can be used like so: $ /usr/bin/hardening-check /usr/sbin/squid3 /usr/sbin/squid3: Position Independent Executable: no, normal executable! Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no not found! If all options have been enabled during compilation, the output should be: $ hardening-check /usr/sbin/squid3 /usr/sbin/squid3: Position Independent Executable: yes Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes Thanks for considering the patch. -- System Information: Debian Release: wheezy/sid APT prefers precise-updates APT policy: (500, 'precise-updates'), (500, 'precise-security'), (500, 'precise-proposed'), (500, 'precise') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-21-generic (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru squid3-3.1.19/debian/changelog squid3-3.1.19/debian/changelog diff -Nru squid3-3.1.19/debian/rules squid3-3.1.19/debian/rules --- squid3-3.1.19/debian/rules 2012-04-12 13:57:10.000000000 -0700 +++ squid3-3.1.19/debian/rules 2012-04-19 23:48:14.000000000 -0700 @@ -1,7 +1,9 @@ #! /usr/bin/make -f +export DEB_BUILD_MAINT_OPTIONS = hardening=+all include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/class/autotools.mk +include /usr/share/dpkg/buildflags.mk INSTALLDIR := $(CURDIR)/debian/tmp datadir=/usr/share/squid3
