Package: src:polipo Version: 1.0.4.1-1.1 Severity: important Tags: patch User: hardening-disc...@lists.alioth.debian.org Usertags: goal-hardening X-Debbugs-CC: hardening-disc...@lists.alioth.debian.org
Hi, Please enable security hardening build flags for polipo. Since it handles untrusted data (HTTP responses) from the network, and has been affected by a number of potential security issues in past years relating to its handling of those, it seems like an ideal candidate for the Wheezy security hardening release goal (hence severity: important) : http://wiki.debian.org/ReleaseGoals/SecurityHardeningBuildFlags For me, the attached diff seemed sufficient. There were no issues compiling it. I'm running a rebuilt, hardened polipo binary now and there are no obvious new problems. Thanks, Regards, -- Steven Chamberlain ste...@pyro.eu.org
--- polipo-1.0.4.1.orig/debian/rules 2012-03-30 22:10:08.000000000 +0100 +++ polipo-1.0.4.1/debian/rules 2012-03-30 22:10:24.000000000 +0100 @@ -5,6 +5,9 @@ include debian/cdbs/helper-scripts.mk include debian/cdbs/options.mk +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + DEB_MAKE_INVOKE = $(DEB_MAKE_ENVVARS) make -C $(DEB_BUILDDIR) DEB_MAKE_BUILD_TARGET = all
