Package: tiff
Version: 3.9.4-5
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty ubuntu-patch
Hi,
In Ubuntu, the attached patch was applied to achieve the following:
* debian/{control,rules}: enable PIE build for security hardening.
The goal is to reduce the change of attacks against the tiff libraries
or helper tools.
Thanks for considering the patch.
-Kees
-- System Information:
Debian Release: squeeze/sid
APT prefers natty
APT policy: (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38-3-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru tiff-3.9.4/debian/changelog tiff-3.9.4/debian/changelog
diff -Nru tiff-3.9.4/debian/control tiff-3.9.4/debian/control
--- tiff-3.9.4/debian/control 2010-08-14 13:20:54.000000000 -0700
+++ tiff-3.9.4/debian/control 2011-02-16 16:44:54.000000000 -0800
@@ -1,7 +1,7 @@
Priority: optional
Maintainer: Jay Berkenbilt <q...@debian.org>
Uploaders: Josip Rodin <joy-packa...@debian.org>
-Build-Depends: cdbs, debhelper (>= 5), zlib1g-dev, libjpeg-dev, libxmu-dev, libglu1-mesa-dev, freeglut3-dev, libxi-dev
+Build-Depends: cdbs, debhelper (>= 5), zlib1g-dev, libjpeg-dev, libxmu-dev, libglu1-mesa-dev, freeglut3-dev, libxi-dev, hardening-wrapper
Standards-Version: 3.9.1
Homepage: http://libtiff.maptools.org
diff -Nru tiff-3.9.4/debian/rules tiff-3.9.4/debian/rules
--- tiff-3.9.4/debian/rules 2010-08-14 13:27:44.000000000 -0700
+++ tiff-3.9.4/debian/rules 2011-02-16 16:44:09.000000000 -0800
@@ -1,5 +1,7 @@
#!/usr/bin/make -f
+export DEB_BUILD_HARDENING=1
+
# Variables used by cdbs
VERSION := $(shell dpkg-parsechangelog | \
awk '/Version:/ {print $$2}' | cut -d- -f 1)
