Bug#542741: enable hardening options

Kees Cook Thu, 20 Aug 2009 19:21:35 -0700

Package: asterisk
Version: 1:1.6.2.0~dfsg~beta3-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch


Hello!

Since asterisk listens on external ports and processes untrusted inputs,
I think it might benefit from having hardening[1] enabled for its build.
The attached patch implements this.

Thanks!

-Kees

[1] http://wiki.debian.org/Hardening

-- 
Kees Cook                                            @debian.org

diff -uNrp asterisk-1.4.21.2~dfsg~/debian/control asterisk-1.4.21.2~dfsg/debian/control
--- asterisk-1.4.21.2~dfsg~/debian/control	2009-08-20 19:02:37.000000000 -0700
+++ asterisk-1.4.21.2~dfsg/debian/control	2009-08-20 19:03:13.000000000 -0700
@@ -4,6 +4,6 @@ Section: comm
 Maintainer: Debian VoIP Team <pkg-voip-maintain...@lists.alioth.debian.org>
 Uploaders: Mark Purcell <m...@debian.org>, Kilian Krause <kil...@debian.org>, Tzafrir Cohen <tzafrir.co...@xorcom.com>, Faidon Liambotis <parav...@debian.org>
-Build-Depends: debhelper (>= 6.0.7), quilt, zlib1g-dev, libreadline5-dev, libgsm1-dev, libssl-dev, libtonezone-dev (>= 1:1.4.1~0), libasound2-dev, libpq-dev, unixodbc-dev, libpri-dev (>= 1.4.1), libvpb-dev, zaptel-source (>= 1:1.4.1~0), autotools-dev, libnewt-dev, libsqlite-dev, libspeex-dev, libspeexdsp-dev, graphviz, libcurl4-openssl-dev | libcurl-dev, doxygen, gsfonts, libpopt-dev, libopenh323-dev (>= 1.17.4), libiksemel-dev, libradiusclient-ng-dev, freetds-dev, libvorbis-dev, libsnmp-dev, libc-client2007b-dev, libcap2-dev
+Build-Depends: debhelper (>= 6.0.7), quilt, zlib1g-dev, libreadline5-dev, libgsm1-dev, libssl-dev, libtonezone-dev (>= 1:1.4.1~0), libasound2-dev, libpq-dev, unixodbc-dev, libpri-dev (>= 1.4.1), libvpb-dev, zaptel-source (>= 1:1.4.1~0), autotools-dev, libnewt-dev, libsqlite-dev, libspeex-dev, libspeexdsp-dev, graphviz, libcurl4-openssl-dev | libcurl-dev, doxygen, gsfonts, libpopt-dev, libopenh323-dev (>= 1.17.4), libiksemel-dev, libradiusclient-ng-dev, freetds-dev, libvorbis-dev, libsnmp-dev, libc-client2007b-dev, libcap2-dev, hardening-wrapper
 Standards-Version: 3.8.0
 Homepage: http://www.asterisk.org/
 Vcs-Svn: svn://svn.debian.org/pkg-voip/asterisk/trunk/
diff -uNrp asterisk-1.4.21.2~dfsg~/debian/rules asterisk-1.4.21.2~dfsg/debian/rules
--- asterisk-1.4.21.2~dfsg~/debian/rules	2009-08-20 19:02:37.000000000 -0700
+++ asterisk-1.4.21.2~dfsg/debian/rules	2009-08-20 19:03:24.000000000 -0700
@@ -4,6 +4,7 @@
 
 # Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
+export DEB_BUILD_HARDENING=1
 
 export DEB_HOST_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)

Bug#542741: enable hardening options

Reply via email to