Package: amavisd-milter Version: 1.5.0-2 Severity: normal Tags: patch User: ubuntu-de...@lists.ubuntu.com Usertags: origin-ubuntu natty ubuntu-patch
[This is a resurrection of Debian bug #542722] Hello! Since amavisd-milter processes untrusted input, I think it might benefit from having hardening[1] enabled for its build. The attached patch implements this. Thanks! -- Steve Beattie [1] http://wiki.debian.org/Hardening *** /home/steve/tmp/tmpsYv2qc In Ubuntu, the attached patch was applied to achieve the following: * Re-enable hardened build for PIE (LP: #768713) Thanks for considering the patch. -- System Information: Debian Release: squeeze/sid APT prefers natty-updates APT policy: (500, 'natty-updates'), (500, 'natty-security'), (500, 'natty-proposed'), (500, 'natty') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38-8-server (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
diff -Nru amavisd-milter-1.5.0/debian/changelog amavisd-milter-1.5.0/debian/changelog diff -Nru amavisd-milter-1.5.0/debian/control amavisd-milter-1.5.0/debian/control --- amavisd-milter-1.5.0/debian/control 2010-07-11 13:18:36.000000000 -0700 +++ amavisd-milter-1.5.0/debian/control 2011-04-21 17:53:38.000000000 -0700 @@ -1,7 +1,7 @@ Section: mail Priority: extra Maintainer: Harald Jenny <har...@a-little-linux-box.at> -Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libmilter-dev +Build-Depends: debhelper (>= 7.0.50~), autotools-dev, libmilter-dev, hardening-wrapper Homepage: http://amavisd-milter.sourceforge.net/ Vcs-Browser: http://hg.debian.org/hg/amavisd-new/amavisd-milter Vcs-Hg: http://hg.debian.org/hg/amavisd-new/amavisd-milter diff -Nru amavisd-milter-1.5.0/debian/rules amavisd-milter-1.5.0/debian/rules --- amavisd-milter-1.5.0/debian/rules 2010-07-11 17:09:11.000000000 -0700 +++ amavisd-milter-1.5.0/debian/rules 2011-04-21 17:22:29.000000000 -0700 @@ -1,5 +1,7 @@ #!/usr/bin/make -f +export DEB_BUILD_HARDENING=1 + %: dh $@
