Package: mysql-dfsg-5.1 Version: 5.1.37-1 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch
Hello! Since mysql handles untrusted inputs and listens on a network port, I think it might benefit from having hardening[1] enabled for its build. The attached patch implements this. Thanks! -Kees [1] http://wiki.debian.org/Hardening -- Kees Cook @debian.org
diff -u mysql-dfsg-5.1-5.1.37/debian/control mysql-dfsg-5.1-5.1.37/debian/control --- mysql-dfsg-5.1-5.1.37/debian/control +++ mysql-dfsg-5.1-5.1.37/debian/control @@ -4,6 +4,6 @@ Maintainer: Debian MySQL Maintainers <pkg-mysql-ma...@lists.alioth.debian.org> Uploaders: Norbert Tretkowski <no...@debian.org>, Christian Hammers <c...@debian.org> -Build-Depends: libtool (>= 1.4.2-7), procps | hurd, debhelper (>= 7.0.15), file (>= 3.28), libncurses5-dev (>= 5.0-6), perl (>= 5.6.0), libwrap0-dev (>= 7.6-8.3), zlib1g-dev (>= 1:1.1.3-5), libreadline5-dev | libreadline-dev, psmisc, po-debconf, chrpath, automake1.9, doxygen, texlive-latex-base, ghostscript, dpatch, gawk, bison, lsb-release +Build-Depends: libtool (>= 1.4.2-7), procps | hurd, debhelper (>= 7.0.15), file (>= 3.28), libncurses5-dev (>= 5.0-6), perl (>= 5.6.0), libwrap0-dev (>= 7.6-8.3), zlib1g-dev (>= 1:1.1.3-5), libreadline5-dev | libreadline-dev, psmisc, po-debconf, chrpath, automake1.9, doxygen, texlive-latex-base, ghostscript, dpatch, gawk, bison, lsb-release, hardening-wrapper Standards-Version: 3.8.2 Homepage: http://dev.mysql.com/ Vcs-Browser: http://svn.debian.org/wsvn/pkg-mysql/ diff -u mysql-dfsg-5.1-5.1.37/debian/rules mysql-dfsg-5.1-5.1.37/debian/rules --- mysql-dfsg-5.1-5.1.37/debian/rules +++ mysql-dfsg-5.1-5.1.37/debian/rules @@ -1,6 +1,7 @@ #!/usr/bin/make -f export DH_VERBOSE=1 +export DEB_BUILD_HARDENING=1 PACKAGE=mysql-dfsg-5.1
