Package: exim4 Version: 4.69-11 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! Since exim4 handles untrusted inputs and listens on a network port, I think it might benefit from having hardening[1] enabled for its build. The attached patch implements this. Thanks! -Kees [1] http://wiki.debian.org/Hardening -- Kees Cook @debian.org
diff -uNrp exim4-4.69~/debian/control exim4-4.69/debian/control --- exim4-4.69~/debian/control 2009-08-20 17:31:29.000000000 -0700 +++ exim4-4.69/debian/control 2009-08-20 17:31:56.000000000 -0700 @@ -6,7 +6,7 @@ XSBC-Original-Maintainer: Exim4 Maintain Uploaders: Andreas Metzler <ametz...@debian.org>,Marc Haber <mh+debian-packa...@zugschlus.de> Homepage: http://www.exim.org/ Standards-Version: 3.7.3 -Build-Depends: dpatch (>=2.0.10), debhelper (>= 5), po-debconf, bzip2, docbook-xsl, xsltproc, lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, libident-dev, libdb4.6-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, libxaw7-dev, libpq-dev, libmysqlclient-dev, libsqlite3-dev, libperl-dev, libgnutls-dev, libsasl2-dev +Build-Depends: dpatch (>=2.0.10), debhelper (>= 5), po-debconf, bzip2, docbook-xsl, xsltproc, lynx-cur | lynx, docbook-xml, libpcre3-dev, libldap2-dev, libpam0g-dev, libident-dev, libdb4.6-dev, libxmu-dev, libxt-dev, libxext-dev, libx11-dev, libxaw7-dev, libpq-dev, libmysqlclient-dev, libsqlite3-dev, libperl-dev, libgnutls-dev, libsasl2-dev, hardening-wrapper Package: exim4-base Architecture: any diff -uNrp exim4-4.69~/debian/rules exim4-4.69/debian/rules --- exim4-4.69~/debian/rules 2009-08-20 17:31:29.000000000 -0700 +++ exim4-4.69/debian/rules 2009-08-20 17:31:45.000000000 -0700 @@ -4,6 +4,7 @@ # # Uncomment this to turn on verbose mode. # export DH_VERBOSE=1 +export DEB_BUILD_HARDENING=1 buildname=$${build:-`$(SHELL) scripts/os-type`-`$(SHELL) scripts/arch-type`}
