Package: sendmail Version: 8.14.3-9 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! Since sendmail handles untrusted inputs and listens on a network port, I think it might benefit from having hardening[1] enabled for its build. The attached patch implements this. Thanks! -Kees [1] http://wiki.debian.org/Hardening -- Kees Cook @debian.org
diff -u sendmail-8.14.3/debian/control sendmail-8.14.3/debian/control --- sendmail-8.14.3/debian/control +++ sendmail-8.14.3/debian/control @@ -4,7 +4,7 @@ Maintainer: Richard A Nelson (Rick) <cow...@debian.org> Standards-Version: 3.7.2 Build-Depends-Indep: groff, bsdmainutils -Build-Depends: make (>> 3.79.1-14), m4, cdbs, quilt, patchutils, dh-buildinfo, debhelper (>= 5), linux-libc-dev (>= 2.6.21-3) [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], groff, bsdmainutils , libdb4.7-dev, libldap2-dev, libwrap0-dev, liblockfile-dev, libsasl2-dev, libssl-dev +Build-Depends: make (>> 3.79.1-14), m4, cdbs, quilt, patchutils, dh-buildinfo, debhelper (>= 5), linux-libc-dev (>= 2.6.21-3) [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386], groff, bsdmainutils , libdb4.7-dev, libldap2-dev, libwrap0-dev, liblockfile-dev, libsasl2-dev, libssl-dev, hardening-wrapper Build-Conflicts: libbind-dev, bind-dev, fakeroot (<< 0.4.5) Homepage: http://www.sendmail.org diff -u sendmail-8.14.3/debian/rules sendmail-8.14.3/debian/rules --- sendmail-8.14.3/debian/rules +++ sendmail-8.14.3/debian/rules @@ -4,6 +4,7 @@ # # $Sendmail: rules,v 8.14.1 2007-05-27 18:30:00 cowboy Exp $ #------------------------------------------------------------------------------ +export DEB_BUILD_HARDENING=1 # CDBS crud #include /usr/share/cdbs/1/class/makefile.mk
