Package: nagios3 Version: 3.0.6-5 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! Since nagios3 handles semi-untrusted inputs and potentially listens on a network port, I think it might benefit from having hardening[1] enabled for its build. The attached patch implements this. Thanks! -Kees [1] http://wiki.debian.org/Hardening -- Kees Cook @debian.org
diff -uNrp nagios3-3.0.6~/debian/control nagios3-3.0.6/debian/control --- nagios3-3.0.6~/debian/control 2009-08-17 12:04:20.869773462 -0700 +++ nagios3-3.0.6/debian/control 2009-08-20 17:34:12.000000000 -0700 @@ -10,7 +10,7 @@ Vcs-Svn: svn://svn.debian.org/pkg-nagios Standards-Version: 3.8.2 Build-Depends: debhelper (>= 5), dpatch (>= 2.0.10), po-debconf, libperl-dev, libpng12-dev, libgd2-noxpm-dev (>= 2.0.1) | libgd2-xpm-dev (>= 2.0.1), iputils-ping, - autotools-dev, dpkg-dev (>= 1.13.19) + autotools-dev, dpkg-dev (>= 1.13.19), hardening-wrapper Package: nagios3-common Architecture: all diff -uNrp nagios3-3.0.6~/debian/rules nagios3-3.0.6/debian/rules --- nagios3-3.0.6~/debian/rules 2009-08-17 12:04:20.865773268 -0700 +++ nagios3-3.0.6/debian/rules 2009-08-20 17:34:20.000000000 -0700 @@ -4,6 +4,7 @@ # $Id: rules 1661 2009-06-04 08:20:27Z formorer $ # export DH_VERBOSE=1 +export DEB_BUILD_HARDENING=1 b := $(shell pwd)/debian bnc := $b/nagios3-common
