/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Contents of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 17999 - (hide annotations) (download)
Mon Jan 2 20:02:40 2012 UTC (17 months, 2 weeks ago) by jmm
File MIME type: text/plain
File size: 5588 byte(s) 
submitted patch for libpam-krb5
1 jmm 17231 Hardening subgoal for Wheezy:
2     All packages, which had a DSA since 2006.
3    
4 gilbert-guest 17234 Instructions:
5     - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6 gilbert-guest 17235 - After NMUing a candidate where all build flags have been successfully enabled,
7     add it to the "Resolved/fixed:" list
8     - After NMUing a candidate with only some of the build flags enabled, add it to
9     the "Partially fixed: list (in order to remember what needs further work in the
10     future)
11 jmm 17351 - cdbs packages should be fixed automatically, but needs to be double-checked
12 jmm 17231
13    
14 jmm 17351 Candidates:
15 jmm 17231
16 jmm 17891 acpid (653502)
17 jmm 17231 alsaplayer
18 jmm 17885 amarok (653354)
19 jmm 17893 apt (653504)
20 jmm 17965 asterisk (653944)
21 jmm 17892 audiofile (651029)
22 jmm 17965 avahi (all changes present, fixed with next upload)
23 jmm 17893 barnowl (653506)
24 jmm 17970 beid (653956)
25 jmm 17895 bochs (653511)
26 jmm 17231 bsdgames
27     bzip2
28 jmm 17901 capi4hylafax (653539)
29 jmm 17969 cgiirc (suggested removal in #653510)
30 jmm 17231 cheesetracker
31     chrony
32 jmm 17895 citadel (653514)
33 jmm 17971 clamav (653958)
34 jmm 17231 collectd
35     courier
36     courier-authlib
37     cpio
38 jmm 17889 cscope (653490)
39 jmm 17900 ctorrent (653536)
40 jmm 17231 curl
41 jmm 17900 devil (653535)
42 jmm 17231 devscripts
43     djbdns
44     dkim-milter
45 jmm 17899 dovecot (653530)
46 jmm 17231 drbd8
47     dspam
48     e2fsprogs
49     ejabberd
50 jmm 17899 ekg (653531)
51 jmm 17284 emacs23
52 jmm 17231 exiftags
53     exiv2
54 jmm 17898 expat (653526)
55 jmm 17886 file (653481)
56 jmm 17346 firebird2.5
57 jmm 17231 flex
58     freeciv
59     freeradius
60 jmm 17346 ganglia
61 jmm 17285 eglibc
62     gmime2.4
63     pioneers
64 jmm 17231 gnumeric
65 jmm 17885 gnupg (653480)
66 jmm 17231 gzip
67     hashcash
68     heartbeat
69     hostapd
70     hplip
71     httrack
72     hybserv
73     hylafax
74     iceape
75 jmm 17883 iceweasel (653191)
76 jmm 17231 id3lib3.8.3
77     imagemagick
78     imlib2
79     inotify-tools
80     ircd-hybrid
81     isakmpd
82     isc-dhcp
83     iscsitarget
84     kaffeine
85     kazehakase
86     kde4libs
87     kdebase
88     kdegraphics
89     kolab-cyrus-imapd
90     krb5
91     krb5-appl
92     ktorrent
93     kvirc
94     l2tpns
95     lasso
96     lcms
97     lftp
98     libapache2-mod-authnz-external
99     libapache2-mod-auth-pgsql
100     libapache-mod-auth-kerb
101     libapache-mod-jk
102     libarchive
103     libav
104 jmm 17347 cairo
105 jmm 17231 libcdaudio
106     libcgroup
107     libdbd-pg-perl
108     libdumb
109 jmm 17972 libexif (650998)
110 jmm 17231 libextractor
111     libfishsound
112     libhtml-parser-perl
113     libimager-perl
114     libmikmod
115     libmodplug
116     libnet-dns-perl
117     libpam-heimdal
118 jmm 17999 libpam-krb5 (654293)
119 jmm 17983 libpng (654149)
120 jmm 17231 librpcsecgss
121     libsmi
122     libsndfile
123     libtk-img
124     libtool
125     libtorrent-rasterbar
126     libtunepimp
127     libvorbis
128 jmm 17969 libwpd (653947)
129 jmm 17984 libxfont (654154)
130 jmm 17231 libxml2
131     libxslt
132     links2
133     linux-ftpd
134     loop-aes-utils
135     ltsp
136     lurker
137     lvm2
138 jmm 17982 lynx-cur (654097)
139 jmm 17231 maildrop
140     mapserver
141     maradns
142     memcached
143     mimetex
144     mldonkey
145     mlmmj
146     mon
147     mono
148     mpg123
149     mplayer
150 jmm 17281 mplayer2
151 jmm 17982 forked-daapd (654147)
152     mtr (654117)
153 jmm 17231 multipath-tools
154 jmm 17983 mutt (654148)
155 jmm 17231 mysql-ocaml
156     icinga
157     nas
158 jmm 17970 nbd (653954)
159 jmm 17231 ndiswrapper
160     netpbm-free
161     netrik
162     net-snmp
163     newt
164     nginx
165     no-ip
166     noweb
167 jmm 17290 nsd3
168 jmm 17231 nspr
169     nss
170 jmm 17348 nss-pam-ldapd
171 jmm 17231 ntp
172     openafs
173     openexr
174     open-iscsi
175     openjdk-6
176     libreoffice
177     opensaml2
178 jmm 17889 openssl (653495)
179 jmm 17231 openswan
180     openvpn
181     osiris
182     pam-pgsql
183     pcre3
184     pcsc-lite
185     pdns
186     pdns-recursor
187     perdition
188     perl
189     pound
190     ppp
191     pptpd
192     proftpd-dfsg
193     psi
194     pstotext
195     pygresql
196 thijs 17273 python2.6
197     python2.7
198     python3.2
199 jmm 17231 python-cjson
200     qemu
201     qemu-kvm
202     qt4-x11
203     qt-x11-free
204 jmm 17889 rdesktop (653498)
205 jmm 17984 rssh (654155)
206 jmm 17802 rsync (652248)
207 jmm 17231 ruby-gnome2
208     sash
209     scponly
210     screen
211     sdl-image1.2
212     slurm-llnl
213     smstools
214     snmptrapfmt
215 jmm 17984 socat (654152)
216 jmm 17231 spamassassin
217     spamass-milter
218     speex
219     splitvt
220     squidguard
221     strongswan
222     subversion
223     sudo
224     suphp
225     syslog-ng
226     systemtap
227     tcpreen
228     telepathy-gabble
229     texinfo
230     tgt
231     tinymux
232     tinyproxy
233     tk8.4
234 thijs 17273 tk8.5
235 jmm 17231 unbound
236     unicon
237     unzip
238     vlc
239     vnc4
240     webcit
241     webkit
242     wesnoth
243     wget
244     wine
245     wml
246     wxwidgets2.6
247 thijs 17273 wxwidgets2.8
248 jmm 17231 wzdftpd
249     x11-xserver-utils
250     xapian-omega
251     xine-lib
252     xmlsec1
253     xml-security-c
254     xmltooling
255     zabbix
256     zodb
257 thijs 17273 zoo
258    
259    
260 jmm 17985 Packages using dh, but which need additional multiarch changes for compat 9:
261     opensc
262     dia
263    
264    
265 jmm 17772 Packages using cdbs, which need additional fixes:
266     icedove
267    
268 jmm 17965 Packages using Scons, needs additional research:
269     blender
270 jmm 17772
271 jmm 17965
272 jmm 17312 Candidate packages using cdbs, fixed with the next upload after 2011-09-23 with
273 jmm 17286 the upload of dpkg/1.16.1:
274     koffice
275 jmm 17288 libspf2
276 jmm 17338 wordnet
277     sendmail
278 jmm 17349 afuse
279     bomberclone
280     camlimages
281     couchdb
282     crossfire
283     dvipng
284     eggdrop
285     gdm3
286     glib2.0
287     gnutls26
288     gst-plugins-bad0.10
289     gst-plugins-good0.10
290     heimdal
291     icu
292     jabberd14
293     libapache2-mod-fcgid
294     evince
295     libast
296     libgtop2
297     libnss-ldap
298     libpam-ldap
299     libsoup2.4
300     libtasn1-3
301     libtheora
302     libwmf
303     link-grammar
304     lsh-server
305     mediawiki
306     moin
307     pango1.0
308     pmount
309     polipo
310     poppler
311     postgresql-ocaml
312     pulseaudio
313     ruby1.8
314     ruby1.9.1
315     squid3
316     streamripper
317     sword
318     t1lib
319     unalz
320     uw-imap
321     vino
322 jmm 17280
323 jmm 17286
324 jmm 17719 Fixed:
325 jmm 17349 libvirt (0.9.6-1)
326     gimp (2.6.11-4)
327 jmm 17355 ghostscript (9.04~dfsg-1)
328 jmm 17719 samba (2:3.5.11~dfsg-2)
329     libgd2 (2.0.36~rc1~dfsg-6)
330 thijs 17649 sympa (6.1.7~dfsg-1)
331 thijs 17395 mailman (1:2.1.14-3)
332 jmm 17312 ncompress (4.2.4.4-3)
333 jmm 17344 xzgv (5.9-3)
334 jmm 17719 flac (1.2.1-6)
335 thijs 17673 xorg-server (2:1.11.1.901-1)
336 jmm 17719 openldap (2.4.25-4)
337     vim (2:7.3.346-1)
338     freetype (2.4.7-2)
339     python-crypto (2.4-1)
340     xorg-server (2:1.11.1.901-1)
341 gilbert-guest 17529 xpdf (3.03-7)
342 nion 17908 fetchmail (6.3.21-3)
343 jmm 17772 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
344 jmm 17719 network-manager (0.9.1.95-1)
345     libmusicbrainz-2.1 (2.1_2.1.5-6.1)
346     tmux (1.6~svn2630-2)
347     tcpdump (4.2.0~rc1-2)
348     libthai (0.1.16-1)
349     git (1:1.7.7.2-1)
350     man-db (2.6.0.2-3)
351 jmm 17802 elinks (0.12~pre5-6)
352 jmm 17883 zgv (5.9-4)
353 jmm 17886 jasper (1.900.1-11)
354     xfs (1.0.8-7)
355 jmm 17902 fbi (2.07-9)
356 jmm 17889 reprepro (4.5.0-1)
357 jmm 17902 antiword (0.37-8) (653499)
358 jmm 17893 wv2 (0.4.2.dfsg.1-5)
359 jmm 17896 dpkg (1.16.1)
360 jmm 17899 fuse (2.8.6-3)
361 jmm 17902 fontforge (0.0.20110222-6) (653534)
362 jmm 17917 apache2 (2.2.21-4)
363     cabextract (1.4-2) (653509)
364 jmm 17921 htdig (3.2.0b6-12)
365 jmm 17957 xterm (276-2) (653488)
366     enscript (1.6.5.90-2) (653528)
367     amule (2.3.1-2) (653503)
368 jmm 17969 gv (1:3.7.1-2)
369 jmm 17979 bluez-hcidump (2.1-2) (653507)
370 jmm 17998 lighttpd (1.4.30-1) (654151)
371 jmm 17996 pimd (2.1.8-2) (654081)
372     chmlib (2:0.40a-2) (653955)
373 jmm 17231
374 jmm 17312
375 jmm 17883 Hardening incomplete:
376     gtetrinet (653443)
377    
378    
379 jmm 17890 Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
380     apr
381     apr-util
382 jmm 17883
383 jmm 17890
384    
385 jmm 17291 Packages using hardening-wrapper/-includes (these are considered fixed, although
386 jmm 17289 switching them over to dpkg-buildflags might be worthwhile later on):
387 jmm 17291 netatalk
388     graphicsmagick
389     udev
390     xfce4-terminal
391     openssh
392     evolution
393     dbus
394     libgsf
395     tor
396     evolution-data-server
397 jmm 17289 cyrus-imapd-2.4
398     aria2
399     mysql-5.1
400     cups
401     wireshark
402     squid
403     exim4
404     php5
405     ipsec-tools
406     postgresql-8.4
407     postgresql-9.0
408     postgresql-9.1
409     gnupg2
410     nagios3
411     tiff
412     bind9
413     postfix
414     chromium-browser
415     pidgin
416     nagios-plugins
417     znc
418     cyrus-sasl2
419     ldns
420     quagga
421    
422    
423    
424 jmm 17349
425    
426    
427 jmm 17354
428    
429    
430    
431    
432    
  ViewVC Help
Powered by ViewVC 1.1.5