Package: gnupg Version: 1.4.10-4 Severity: normal User: debian-secur...@lists.debian.org Usertags: hardening
Hi! Since gnupg process unstrusted user input, having hardening options enabled during its build might be a good idea. Actuallly I did try a build with hardening-wrapper and it went fine [1]. Attached is a patch to enable this feature. [1] http://wiki.debian.org/Hardening
diff -Naur gnupg-1.4.10~//debian/control gnupg-1.4.10//debian/control --- gnupg-1.4.10~//debian/control 2010-12-26 17:40:32.000000000 +0100 +++ gnupg-1.4.10//debian/control 2010-12-26 17:41:55.949580423 +0100 @@ -9,7 +9,7 @@ Build-Depends: debhelper (>> 7), libz-dev, libldap2-dev, libbz2-dev, libusb-dev [!hurd-i386], libreadline-dev, file, gettext, dpatch, - libcurl4-gnutls-dev + libcurl4-gnutls-dev, hardening-wrapper Homepage: http://www.gnupg.org Vcs-Browser: http://svn.debian.org/wsvn/pkg-gnupg/gnupg/ Vcs-Svn: svn://svn.debian.org/svn/pkg-gnupg/gnupg/trunk/ diff -Naur gnupg-1.4.10~//debian/rules gnupg-1.4.10//debian/rules --- gnupg-1.4.10~//debian/rules 2010-12-26 17:40:32.000000000 +0100 +++ gnupg-1.4.10//debian/rules 2010-12-26 17:42:49.948198756 +0100 @@ -13,6 +13,8 @@ ################################## variables ################################# +export DEB_BUILD_HARDENING=1 + #VERSION := $(shell dpkg-parsechangelog | grep ^Version: | cut -d' ' -f2) DEB_BUILD_GNU_TYPE = $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
