/[secure-testing]/hardening/subgoal-dsa.txt
ViewVC logotype

Contents of /hardening/subgoal-dsa.txt

Parent Directory Parent Directory | Revision Log Revision Log

Revision 18218 - (hide annotations) (download)
Thu Jan 19 19:12:13 2012 UTC (16 months ago) by jmm
File MIME type: text/plain
File size: 6660 byte(s) 
bsdmainutils fixed, submitted patches for exiv2 and opensc
1 jmm 17231 Hardening subgoal for Wheezy:
2     All packages, which had a DSA since 2006.
3    
4 gilbert-guest 17234 Instructions:
5     - After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6 gilbert-guest 17235 - After NMUing a candidate where all build flags have been successfully enabled,
7     add it to the "Resolved/fixed:" list
8     - After NMUing a candidate with only some of the build flags enabled, add it to
9     the "Partially fixed: list (in order to remember what needs further work in the
10     future)
11 jmm 17351 - cdbs packages should be fixed automatically, but needs to be double-checked
12 jmm 17231
13    
14 jmm 17351 Candidates:
15 jmm 17231
16 jmm 18016 alsaplayer (654518)
17 jmm 17885 amarok (653354)
18 jmm 17893 apt (653504)
19 jmm 17965 asterisk (653944)
20 jmm 17893 barnowl (653506)
21 jmm 17970 beid (653956)
22 jmm 17895 bochs (653511)
23 jmm 18085 bzip2 (655164)
24 jmm 17901 capi4hylafax (653539)
25 jmm 18075 chrony (655123)
26 jmm 17971 clamav (653958)
27 jmm 18090 courier-authlib (655168)
28 jmm 18024 cpio (654522)
29 jmm 17889 cscope (653490)
30 jmm 17900 ctorrent (653536)
31     devil (653535)
32 jmm 18091 dspam (655189)
33 jmm 17899 dovecot (653530)
34 jmm 18016 drbd8 (currently broken: #654459)
35 jmm 18012 e2fsprogs (654457)
36 jmm 17231 ejabberd
37 jmm 17899 ekg (653531)
38 jmm 18074 emacs23 (655118)
39 jmm 17898 expat (653526)
40 jmm 17886 file (653481)
41 jmm 18113 flex (655414)
42 jmm 18048 freeciv (654809)
43 jmm 17231 freeradius
44 jmm 18075 ganglia (655126)
45 jmm 17285 eglibc
46     gmime2.4
47     pioneers
48 jmm 17231 gnumeric
49 jmm 17885 gnupg (653480)
50 jmm 18149 gzip (currently broken: 653960)
51 jmm 18151 hashcash (655864)
52 jmm 17231 heartbeat
53     hostapd
54     hplip
55     httrack
56 jmm 18196 hylafax (656260)
57 jmm 17231 iceape
58 jmm 17883 iceweasel (653191)
59 jmm 17231 imagemagick
60     imlib2
61     inotify-tools
62     ircd-hybrid
63     isakmpd
64     iscsitarget
65     kazehakase
66     krb5-appl
67     l2tpns
68     lasso
69 jmm 18050 lcms (654821)
70 jmm 17231 libapache2-mod-authnz-external
71     libapache2-mod-auth-pgsql
72     libapache-mod-auth-kerb
73     libapache-mod-jk
74     libav
75 jmm 18076 cairo (655128)
76 jmm 18050 libcgroup (654819)
77 jmm 17231 libdumb
78 jmm 17972 libexif (650998)
79 jmm 17231 libextractor
80     libfishsound
81     libmikmod
82 jmm 18049 libmodplug (654817)
83 jmm 18048 librpcsecgss (654808)
84 jmm 17231 libtk-img
85     libtool
86 jmm 18052 libtunepimp (654832)
87 jmm 17231 libvorbis
88 jmm 17969 libwpd (653947)
89 jmm 17984 libxfont (654154)
90 jmm 18141 libxslt (655601)
91 jmm 18047 links2 (654807)
92 jmm 18174 linux-ftpd (656005)
93 jmm 18175 loop-aes-utils (656009)
94 jmm 17231 ltsp
95     lurker
96     lvm2
97 jmm 18077 maildrop (655133)
98 jmm 17231 mapserver
99     maradns
100 jmm 18077 memcached (655134)
101 jmm 17231 mimetex
102 jmm 18173 mlmmj (655893)
103 jmm 17231 mono
104     mplayer
105 jmm 17281 mplayer2
106 jmm 17982 forked-daapd (654147)
107 jmm 17231 multipath-tools
108 jmm 17983 mutt (654148)
109 jmm 17231 mysql-ocaml
110     icinga
111 jmm 18148 nas (655743)
112 jmm 17970 nbd (653954)
113 jmm 18098 ndiswrapper (655249)
114 jmm 18142 netpbm-free (655737)
115 jmm 18173 netrik (656004)
116 jmm 17231 net-snmp
117     newt
118     nginx
119     noweb
120     nspr
121     nss
122     ntp
123     openafs
124     open-iscsi
125     openjdk-6
126     libreoffice
127 jmm 18174 opensaml2 (656006)
128 jmm 17889 openssl (653495)
129 jmm 18079 openswan (655139)
130 jmm 18076 openvpn (655130)
131 jmm 18173 pam-pgsql (656003)
132 jmm 18174 pcre3 (656008)
133 jmm 17231 pdns
134     pdns-recursor
135 jmm 18113 perdition (655412)
136 jmm 17231 perl
137     ppp
138     pptpd
139     proftpd-dfsg
140 jmm 18072 pstotext (655105)
141 jmm 17231 pygresql
142 thijs 17273 python2.7
143     python3.2
144 jmm 17231 python-cjson
145 jmm 18203 qemu (656276)
146 jmm 17231 qemu-kvm
147     qt4-x11
148     qt-x11-free
149 jmm 17984 rssh (654155)
150 jmm 17802 rsync (652248)
151 jmm 18114 ruby-gnome2 (655415)
152 jmm 18065 sash (654909)
153 jmm 17231 screen
154     slurm-llnl
155     smstools
156     snmptrapfmt
157 jmm 17984 socat (654152)
158 jmm 17231 spamassassin
159     spamass-milter
160 jmm 18153 speex (655880)
161 jmm 18181 splitvt (656027)
162     squidguard (656028)
163 jmm 17231 strongswan
164     subversion
165 jmm 18121 suphp (655419)
166 jmm 18084 syslog-ng (655163)
167 jmm 18154 systemtap (655882)
168 jmm 18101 tcpreen (655250)
169 jmm 17231 telepathy-gabble
170     texinfo
171 jmm 18188 tgt (656127)
172 jmm 18151 tinyproxy (655870)
173 jmm 17231 tk8.4
174 thijs 17273 tk8.5
175 jmm 17231 unbound
176     unicon
177 jmm 18197 unzip (656268)
178 jmm 17231 vlc
179     vnc4
180     webcit
181     webkit
182     wine
183 thijs 17273 wxwidgets2.8
184 jmm 18080 wzdftpd (655141)
185 jmm 18123 x11-xserver-utils (655503)
186 jmm 17231 xapian-omega
187 jmm 18081 xine-lib (655146)
188 jmm 17231 xmlsec1
189     xml-security-c
190     xmltooling
191     zabbix
192     zodb
193 jmm 18072 vsftpd (655103)
194 jmm 18198 collectd (656271)
195     id3lib3.8.3 (656272)
196     pcsc-lite (656273)
197 jmm 18218 exiv2 (656356)
198     opensc (656350)
199 thijs 17273
200    
201 jmm 17985 Packages using dh, but which need additional multiarch changes for compat 9:
202 jmm 18053 openexr
203     libtorrent-rasterbar
204 jmm 18076 libcdaudio
205 jmm 17985
206    
207 jmm 18188 Packages using Makefile.PL, needs additional research:
208     libhtml-parser-perl
209     libdbd-pg-perl
210     libimager-perl
211     libnet-dns-perl
212     wml
213    
214    
215 jmm 17965 Packages using Scons, needs additional research:
216     blender
217 jmm 17772
218 jmm 18073 Packages using cmake, needs additional research:
219     kaffeine
220 jmm 18095 kdebase
221     kde4libs
222     kdegraphics
223     ktorrent
224     kvirc
225 jmm 18153 wesnoth-1.9
226 jmm 18186 psi
227 jmm 17965
228 jmm 18073
229 jmm 18090 Packages, which should rather be removed than hardened:
230     cgiirc (suggested removal in #653510)
231     djbdns
232     dkim-milter (currently broken, dropped from testing: #629663)
233     kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
234     osiris (suggested removal in 655116)
235 jmm 18198 scponly (RM bug: 650590)
236 jmm 18090
237    
238    
239 jmm 18134 Candidate packages using cdbs, needs further studying:
240     sympa
241     libgd2
242     icedove
243     ghostscript
244     libvirt
245     gimp
246 jmm 17286 koffice
247 jmm 17288 libspf2
248 jmm 17338 wordnet
249     sendmail
250 jmm 17349 afuse
251     bomberclone
252     camlimages
253     couchdb
254     crossfire
255     dvipng
256     eggdrop
257     gdm3
258     glib2.0
259     gnutls26
260     gst-plugins-bad0.10
261     gst-plugins-good0.10
262     heimdal
263     icu
264     jabberd14
265     libapache2-mod-fcgid
266     evince
267     libast
268     libgtop2
269     libnss-ldap
270     libpam-ldap
271     libsoup2.4
272     libtasn1-3
273     libtheora
274     link-grammar
275     lsh-server
276     mediawiki
277     moin
278     pango1.0
279     pmount
280     polipo
281     poppler
282     postgresql-ocaml
283     pulseaudio
284     ruby1.8
285     ruby1.9.1
286     squid3
287     streamripper
288     sword
289     t1lib
290     unalz
291     uw-imap
292     vino
293 jmm 17280
294 jmm 17286
295 jmm 17719 Fixed:
296     samba (2:3.5.11~dfsg-2)
297 thijs 17395 mailman (1:2.1.14-3)
298 jmm 17719 flac (1.2.1-6)
299 thijs 17673 xorg-server (2:1.11.1.901-1)
300 jmm 17719 openldap (2.4.25-4)
301     vim (2:7.3.346-1)
302     freetype (2.4.7-2)
303     python-crypto (2.4-1)
304     xorg-server (2:1.11.1.901-1)
305 gilbert-guest 17529 xpdf (3.03-7)
306 nion 17908 fetchmail (6.3.21-3)
307 jmm 17772 libmusicbrainz-2.1 (2.1_2.1.5-6.1)
308 jmm 17719 network-manager (0.9.1.95-1)
309     libmusicbrainz-2.1 (2.1_2.1.5-6.1)
310     tmux (1.6~svn2630-2)
311     tcpdump (4.2.0~rc1-2)
312     libthai (0.1.16-1)
313     git (1:1.7.7.2-1)
314     man-db (2.6.0.2-3)
315 jmm 17802 elinks (0.12~pre5-6)
316 jmm 17883 zgv (5.9-4)
317 jmm 17886 jasper (1.900.1-11)
318     xfs (1.0.8-7)
319 jmm 17902 fbi (2.07-9)
320 jmm 17889 reprepro (4.5.0-1)
321 jmm 17902 antiword (0.37-8) (653499)
322 jmm 17893 wv2 (0.4.2.dfsg.1-5)
323 jmm 17896 dpkg (1.16.1)
324 jmm 17899 fuse (2.8.6-3)
325 jmm 17902 fontforge (0.0.20110222-6) (653534)
326 jmm 17917 apache2 (2.2.21-4)
327     cabextract (1.4-2) (653509)
328 jmm 17921 htdig (3.2.0b6-12)
329 jmm 17957 xterm (276-2) (653488)
330     enscript (1.6.5.90-2) (653528)
331     amule (2.3.1-2) (653503)
332 jmm 17969 gv (1:3.7.1-2)
333 jmm 17979 bluez-hcidump (2.1-2) (653507)
334 jmm 17998 lighttpd (1.4.30-1) (654151)
335 jmm 17996 pimd (2.1.8-2) (654081)
336     chmlib (2:0.40a-2) (653955)
337 jmm 18007 lynx-cur (6.6.7-4) (654097)
338 jmm 18016 rdesktop (1.7.0-2) (653498)
339 jmm 18023 libpam-krb5 (4.5-3) (654293)
340     curl (7.23.1-3) (654521)
341 jmm 18043 audiofile (0.3.2-1) (651029)
342 jmm 18047 libarchive (2.8.5-2)
343 jmm 18053 courier (0.66.3-2) (654794)
344 jmm 18062 libsndfile (1.0.25-4) (654831)
345 jmm 18064 libwmf (0.2.8.4-10)
346 jmm 18065 exiftags (1.01-5) (654804)
347 jmm 18073 nss-pam-ldapd (0.8.5)
348     isc-dhcp (4.2.2-2)
349 jmm 18080 sdl-image1.2 (1.2.10-3)
350 jmm 18082 mtr (0.82-2) (654117)
351 jmm 18084 dia (0.97.2-4)
352 jmm 18095 libpng (1.2.46-4) (654149)
353 jmm 18101 mldonkey (3.1.0-3) (655140)
354     avahi (0.6.30-6) (655188)
355 jmm 18106 mon (1.2.0-5) (655137)
356 jmm 18107 acpid (1:2.0.14-2) (653502)
357     libsmi (0.4.8+dfsg2-5) (654812)
358 jmm 18134 sudo (1.8.3p1-3) (655417)
359     zoo (2.10-25) (655499)
360     citadel (8.04-1) (653514)
361 jmm 18141 firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
362 jmm 18148 wget (1.13.4-2) (654908)
363 jmm 18149 krb5 (1.10+dfsg~beta1-1) (655248)
364 jmm 18170 libxml2 (2.7.8.dfsg-6) (654903)
365 jmm 18186 lftp (4.3.4-1)
366 jmm 17231
367 jmm 17312
368 jmm 18149
369 jmm 18186
370 jmm 17883 Hardening incomplete:
371     gtetrinet (653443)
372 jmm 18134 ncompress (relro missing)
373 jmm 17883
374    
375 jmm 17890 Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
376     apr
377     apr-util
378 jmm 18053 pound (654833)
379 jmm 18078 mpg123
380 jmm 17883
381 jmm 17890
382    
383 jmm 17291 Packages using hardening-wrapper/-includes (these are considered fixed, although
384 jmm 17289 switching them over to dpkg-buildflags might be worthwhile later on):
385 jmm 17291 netatalk
386     graphicsmagick
387     udev
388     xfce4-terminal
389     openssh
390     evolution
391     dbus
392     libgsf
393     tor
394     evolution-data-server
395 jmm 17289 cyrus-imapd-2.4
396     aria2
397     mysql-5.1
398     cups
399     wireshark
400     squid
401     exim4
402     php5
403     ipsec-tools
404     postgresql-8.4
405     postgresql-9.0
406     postgresql-9.1
407     gnupg2
408     nagios3
409     tiff
410     bind9
411     postfix
412     chromium-browser
413     pidgin
414     nagios-plugins
415     znc
416     cyrus-sasl2
417     ldns
418     quagga
419 jmm 18113 nsd3
420 jmm 17289
421    
422    
423 jmm 17349
424    
425    
426 jmm 17354
427    
428    
429    
430    
431    
  ViewVC Help
Powered by ViewVC 1.1.5