Package: nagios-plugins Version: 1.4.13+git20090617120 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! Since nagios-plugins handles semi-untrusted inputs and potentially listens on network ports, I think it might benefit from having hardening[1] enabled for its build. The attached patch implements this. Thanks! -Kees [1] http://wiki.debian.org/Hardening -- Kees Cook @debian.org
diff -uNrp nagios-plugins-1.4.13+git200906171200~/debian/control nagios-plugins-1.4.13+git200906171200/debian/control --- nagios-plugins-1.4.13+git200906171200~/debian/control 2009-08-20 17:37:16.000000000 -0700 +++ nagios-plugins-1.4.13+git200906171200/debian/control 2009-08-20 17:37:36.000000000 -0700 @@ -4,6 +4,6 @@ Priority: extra Maintainer: Debian Nagios Maintainer Group <pkg-nagios-de...@lists.alioth.debian.org> Uploaders: Sean Finney <sean...@debian.org>, Guido Trotter <ultrot...@debian.org>, Jan Wagner <w...@cyconet.org>, Alexander Wirt <formo...@debian.org> -Build-Depends: debhelper (>= 4.0.0), dpatch (>= 2.0.9), autotools-dev, libldap2-dev, libpq-dev, libmysqlclient-dev, libradius1-dev, libkrb5-dev, libnet-snmp-perl, procps, coreutils, mawk | awk +Build-Depends: debhelper (>= 4.0.0), dpatch (>= 2.0.9), autotools-dev, libldap2-dev, libpq-dev, libmysqlclient-dev, libradius1-dev, libkrb5-dev, libnet-snmp-perl, procps, coreutils, mawk | awk, hardening-wrapper Homepage: http://nagiosplug.sourceforge.net Vcs-Browser: http://svn.debian.org/wsvn/pkg-nagios/nagios-plugins/ Vcs-Svn: svn://svn.debian.org/pkg-nagios/nagios-plugins/ diff -uNrp nagios-plugins-1.4.13+git200906171200~/debian/rules nagios-plugins-1.4.13+git200906171200/debian/rules --- nagios-plugins-1.4.13+git200906171200~/debian/rules 2009-08-20 17:37:16.000000000 -0700 +++ nagios-plugins-1.4.13+git200906171200/debian/rules 2009-08-20 17:37:47.000000000 -0700 @@ -5,6 +5,7 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_HARDENING=1 PACKAGE = nagios-plugins
