Package: wireshark Version: 1.2.1-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! Since wireshark processing untrusted inputs, I think it might benefit from having hardening[1] enabled for its build. The attached patch implements this. Thanks! -Kees [1] http://wiki.debian.org/Hardening -- Kees Cook @debian.org
diff -u wireshark-1.2.1/debian/control wireshark-1.2.1/debian/control --- wireshark-1.2.1/debian/control +++ wireshark-1.2.1/debian/control @@ -3,7 +3,7 @@ Maintainer: Frederic Peters <fpet...@debian.org> Uploaders: Joost Yervante Damad <and...@debian.org> Standards-Version: 3.8.2 -Build-Depends: libgtk2.0-dev (>=2.4.0-0), libpcap0.8-dev, flex, libz-dev, dpatch, debhelper (>= 6), libtool, python, automake1.9, autoconf, autotools-dev, libc-ares-dev, xsltproc, docbook-xsl (>= 1.64.1.0-0), libpcre3-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], bison, libgnutls-dev, python-support (>= 0.3), portaudio19-dev, libkrb5-dev, liblua5.1-0-dev, libsmi2-dev, libgeoip-dev +Build-Depends: libgtk2.0-dev (>=2.4.0-0), libpcap0.8-dev, flex, libz-dev, dpatch, debhelper (>= 6), libtool, python, automake1.9, autoconf, autotools-dev, libc-ares-dev, xsltproc, docbook-xsl (>= 1.64.1.0-0), libpcre3-dev, libcap2-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], bison, libgnutls-dev, python-support (>= 0.3), portaudio19-dev, libkrb5-dev, liblua5.1-0-dev, libsmi2-dev, libgeoip-dev, hardening-wrapper Build-Conflicts: libsnmp4.2-dev, libsnmp-dev XS-Python-Version: all diff -u wireshark-1.2.1/debian/rules wireshark-1.2.1/debian/rules --- wireshark-1.2.1/debian/rules +++ wireshark-1.2.1/debian/rules @@ -5,6 +5,7 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 +export DEB_BUILD_HARDENING=1 include /usr/share/dpatch/dpatch.make DB2MAN=/usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl
