secure-testing/hardening/subgoal-dsa.txt

Hardening subgoal for Wheezy:
All packages, which had a DSA since 2006. 

Instructions:
- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
- After NMUing a candidate where all build flags have been successfully enabled, 
  add it to the "Resolved/fixed:" list
- After NMUing a candidate with only some of the build flags enabled, add it to
  the "Partially fixed: list (in order to remember what needs further work in the 
  future)
- cdbs packages should be fixed automatically, but needs to be double-checked


Candidates:

alsaplayer (654518)
amarok (653354)
barnowl (653506)
beid (653956)
bochs (653511)
bzip2 (655164)
capi4hylafax (653539)
chrony (655123)
clamav (653958)
courier-authlib (655168)
cpio (654522)
cscope (653490)
ctorrent (653536)
devil (653535)
dovecot (653530)
drbd8 (currently broken: #654459)
e2fsprogs (654457)
ejabberd
ekg (653531)
emacs23 (655118)
expat (653526)
file (653481)
flex (655414)
freeciv (654809)
freeradius
ganglia (655126)
eglibc
gmime2.4 (657328)
pioneers
gnumeric
gnupg (653480)
gzip (currently broken: 653960)
hashcash (655864)
heartbeat
hostapd (657332)
hplip
hylafax (656260)
iceape
iceweasel (653191)
imagemagick
imlib2 (656512)
inotify-tools
ircd-hybrid
isakmpd (657210)
iscsitarget (656867)
krb5-appl
l2tpns
lasso
lcms (654821)
libapache2-mod-authnz-external
libapache2-mod-auth-pgsql
libapache-mod-auth-kerb
libapache-mod-jk (656876)
libav
cairo (655128)
libcgroup (654819)
libdumb
libexif (650998)
libextractor (656780)
libfishsound
libmikmod (656779)
libmodplug (654817)
librpcsecgss (654808)
libtk-img (657209)
libtool
libtunepimp (654832)
libvorbis
libwpd (653947)
libxfont (654154)
libxslt (655601)
links2 (654807)
linux-ftpd (656005)
loop-aes-utils (656009)
ltsp
lurker
lvm2
maildrop (655133)
mapserver
maradns
memcached (655134)
mono (657518)
mplayer
mplayer2
forked-daapd (654147)
multipath-tools
mutt (654148)
icinga (656866)
nbd (653954)
ndiswrapper (655249)
netpbm-free (655737)
netrik (656004)
net-snmp
newt
nginx
noweb
nspr
nss (657325)
openafs
open-iscsi
openjdk-6
libreoffice (656643)
opensaml2 (656006)
openssl (653495)
openswan (655139)
openvpn (655130)
pam-pgsql (656003)
pcre3 (656008)
pdns (656861)
pdns-recursor (656859)
perdition (655412)
perl
ppp
pptpd (656650)
proftpd-dfsg (657213)
pstotext (655105)
python2.7
python3.2
qemu (656276)
qemu-kvm
rssh (654155)
rsync (652248)
ruby-gnome2 (655415)
sash (654909)
screen (656513)
smstools (656531)
snmptrapfmt (656783)
socat (654152)
spamassassin
spamass-milter
speex (655880)
splitvt (656027)
squidguard (656028)
subversion
suphp (655419)
syslog-ng (655163)
systemtap (655882)
texinfo (656659)
tgt (656127)
tk8.4
tk8.5
unbound
unicon
unzip (656268)
vlc
vnc4 (656862)
webcit (656515)
webkit
wine
wxwidgets2.8
wzdftpd (655141)
x11-xserver-utils (655503)
xapian-omega
xmlsec1 (656655)
xmltooling (656656)
zabbix (656774)
collectd (656271)
id3lib3.8.3 (656272)
opensc (656350)
openexr (656506)
vsftpd (655103)


Packages using Makefile.PL, needs additional research:
libhtml-parser-perl
libdbd-pg-perl
libimager-perl
libnet-dns-perl
wml

Python packages, need additional research:
zodb
python-cjson
pygresql


Packages using Scons, needs additional research:
blender

Packages using cmake, needs additional research:
kaffeine
kdebase
kde4libs
kdegraphics
ktorrent
kvirc
wesnoth-1.9

Packages using qmake, needs additional research:
psi
qt4-x11
qt-x11-free

Ocaml packages, needs additional research:
mysql-ocaml


Packages, which should rather be removed than hardened:
cgiirc (suggested removal in #653510)
djbdns
dkim-milter (currently broken, dropped from testing: #629663)
kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
osiris (suggested removal in 655116)
scponly (RM bug: 650590)


Candidate packages using cdbs, needs further studying:
sympa
libgd2
icedove
ghostscript
libvirt
gimp
koffice
libspf2
wordnet
sendmail
afuse
bomberclone
camlimages
couchdb
crossfire
dvipng
eggdrop
gdm3
glib2.0
gnutls26
gst-plugins-bad0.10
gst-plugins-good0.10
heimdal
icu
jabberd14
libapache2-mod-fcgid
evince
libast
libgtop2
libnss-ldap
libpam-ldap
libsoup2.4
libtasn1-3
libtheora
link-grammar
lsh-server
mediawiki
moin
pango1.0
pmount
polipo
poppler
postgresql-ocaml
pulseaudio
ruby1.8
ruby1.9.1
squid3
streamripper
sword
t1lib
unalz
uw-imap
vino


Fixed:
samba (2:3.5.11~dfsg-2)
mailman (1:2.1.14-3)
flac (1.2.1-6)
xorg-server (2:1.11.1.901-1)
openldap (2.4.25-4)
vim (2:7.3.346-1)
freetype (2.4.7-2)
python-crypto (2.4-1)
xorg-server (2:1.11.1.901-1)
xpdf (3.03-7)
fetchmail (6.3.21-3)
libmusicbrainz-2.1 (2.1_2.1.5-6.1)
network-manager (0.9.1.95-1)
libmusicbrainz-2.1 (2.1_2.1.5-6.1)
tmux (1.6~svn2630-2)
tcpdump (4.2.0~rc1-2)
libthai (0.1.16-1)
git (1:1.7.7.2-1)
man-db (2.6.0.2-3)
elinks (0.12~pre5-6)
zgv (5.9-4)
jasper (1.900.1-11)
xfs (1.0.8-7)
fbi (2.07-9) 
reprepro (4.5.0-1)
antiword (0.37-8) (653499)
wv2 (0.4.2.dfsg.1-5)
dpkg (1.16.1)
fuse (2.8.6-3)
fontforge (0.0.20110222-6) (653534)
apache2 (2.2.21-4)
cabextract (1.4-2) (653509)
htdig (3.2.0b6-12)
xterm (276-2) (653488)
enscript (1.6.5.90-2) (653528)
amule (2.3.1-2) (653503)
gv (1:3.7.1-2)
bluez-hcidump (2.1-2) (653507)
lighttpd (1.4.30-1) (654151)
pimd (2.1.8-2) (654081)
chmlib (2:0.40a-2) (653955)
lynx-cur (6.6.7-4) (654097)
rdesktop (1.7.0-2) (653498)
libpam-krb5 (4.5-3) (654293)
curl (7.23.1-3) (654521)
audiofile (0.3.2-1) (651029)
libarchive (2.8.5-2)
courier (0.66.3-2) (654794)
libsndfile (1.0.25-4) (654831)
libwmf (0.2.8.4-10)
exiftags (1.01-5) (654804) 
nss-pam-ldapd (0.8.5)
isc-dhcp (4.2.2-2)
sdl-image1.2 (1.2.10-3)
mtr (0.82-2) (654117)
dia (0.97.2-4)
libpng (1.2.46-4) (654149)
mldonkey (3.1.0-3) (655140)
avahi (0.6.30-6) (655188)
mon (1.2.0-5) (655137)
acpid (1:2.0.14-2) (653502)
libsmi (0.4.8+dfsg2-5) (654812)
sudo (1.8.3p1-3) (655417)
zoo (2.10-25) (655499)
citadel (8.04-1) (653514)
firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
wget (1.13.4-2) (654908)
krb5 (1.10+dfsg~beta1-1) (655248)
libxml2 (2.7.8.dfsg-6) (654903)
lftp (4.3.4-1)
libcdaudio (0.99.12p2-11) (656507)
asterisk (1:1.8.8.2~dfsg-1) (653944)
ntp (1:4.2.6.p3+dfsg-2)
pcsc-lite (1.8.2-1) (656273)
libtorrent-rasterbar (0.15.9-1) (656519)
tcpreen (1.4.4-2) (655250)
slurm-llnl (2.3.2-2) (656781)
mlmmj (1.2.17-4) (655893)
nas (1.9.3-3) (655743, 656857)
dspam (3.10.1+dfsg-3+b1) (655189)
tinyproxy (1.8.3-2) (655870)
xine-lib (1.1.20.1-2) (655146)
apt (0.8.16~exp12) (653504)
exiv2 (0.22-2) (656356)
xml-security-c (1.6.1-2) (656658)
httrack (3.44.2-1) (657334)
telepathy-gabble (0.14.1-1) (656517)
mimetex (1.73-2) (656646)


Hardening incomplete:
gtetrinet (653443)
ncompress (relro missing)


Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
apr
apr-util
pound (654833)
mpg123


Packages using hardening-wrapper/-includes (these are considered fixed, although
   switching them over to dpkg-buildflags might be worthwhile later on):
netatalk
strongswan
graphicsmagick
udev
xfce4-terminal
openssh
evolution
dbus
libgsf
tor
evolution-data-server
cyrus-imapd-2.4
aria2
mysql-5.1
cups
wireshark
squid
exim4
php5
ipsec-tools
postgresql-8.4
postgresql-9.0
postgresql-9.1
gnupg2
nagios3
tiff
bind9
postfix
chromium-browser
pidgin
nagios-plugins
znc
cyrus-sasl2
ldns
quagga
nsd3


1	jmm	17231	Hardening subgoal for Wheezy:
2			All packages, which had a DSA since 2006.
3
4	gilbert-guest	17234	Instructions:
5			- After checking a package, add it to the "Candidates:" or "Non-candidates:" list
6	gilbert-guest	17235	- After NMUing a candidate where all build flags have been successfully enabled,
7			add it to the "Resolved/fixed:" list
8			- After NMUing a candidate with only some of the build flags enabled, add it to
9			the "Partially fixed: list (in order to remember what needs further work in the
10			future)
11	jmm	17351	- cdbs packages should be fixed automatically, but needs to be double-checked
12	jmm	17231
13
14	jmm	17351	Candidates:
15	jmm	17231
16	jmm	18016	alsaplayer (654518)
17	jmm	17885	amarok (653354)
18	jmm	17893	barnowl (653506)
19	jmm	17970	beid (653956)
20	jmm	17895	bochs (653511)
21	jmm	18085	bzip2 (655164)
22	jmm	17901	capi4hylafax (653539)
23	jmm	18075	chrony (655123)
24	jmm	17971	clamav (653958)
25	jmm	18090	courier-authlib (655168)
26	jmm	18024	cpio (654522)
27	jmm	17889	cscope (653490)
28	jmm	17900	ctorrent (653536)
29			devil (653535)
30	jmm	17899	dovecot (653530)
31	jmm	18016	drbd8 (currently broken: #654459)
32	jmm	18012	e2fsprogs (654457)
33	jmm	17231	ejabberd
34	jmm	17899	ekg (653531)
35	jmm	18074	emacs23 (655118)
36	jmm	17898	expat (653526)
37	jmm	17886	file (653481)
38	jmm	18113	flex (655414)
39	jmm	18048	freeciv (654809)
40	jmm	17231	freeradius
41	jmm	18075	ganglia (655126)
42	jmm	17285	eglibc
43	jmm	18295	gmime2.4 (657328)
44	jmm	17285	pioneers
45	jmm	17231	gnumeric
46	jmm	17885	gnupg (653480)
47	jmm	18149	gzip (currently broken: 653960)
48	jmm	18151	hashcash (655864)
49	jmm	17231	heartbeat
50	jmm	18301	hostapd (657332)
51	jmm	17231	hplip
52	jmm	18196	hylafax (656260)
53	jmm	17231	iceape
54	jmm	17883	iceweasel (653191)
55	jmm	17231	imagemagick
56	jmm	18221	imlib2 (656512)
57	jmm	17231	inotify-tools
58			ircd-hybrid
59	jmm	18282	isakmpd (657210)
60	jmm	18253	iscsitarget (656867)
61	jmm	17231	krb5-appl
62			l2tpns
63			lasso
64	jmm	18050	lcms (654821)
65	jmm	17231	libapache2-mod-authnz-external
66			libapache2-mod-auth-pgsql
67			libapache-mod-auth-kerb
68	jmm	18254	libapache-mod-jk (656876)
69	jmm	17231	libav
70	jmm	18076	cairo (655128)
71	jmm	18050	libcgroup (654819)
72	jmm	17231	libdumb
73	jmm	17972	libexif (650998)
74	jmm	18245	libextractor (656780)
75	jmm	17231	libfishsound
76	jmm	18245	libmikmod (656779)
77	jmm	18049	libmodplug (654817)
78	jmm	18048	librpcsecgss (654808)
79	jmm	18281	libtk-img (657209)
80	jmm	17231	libtool
81	jmm	18052	libtunepimp (654832)
82	jmm	17231	libvorbis
83	jmm	17969	libwpd (653947)
84	jmm	17984	libxfont (654154)
85	jmm	18141	libxslt (655601)
86	jmm	18047	links2 (654807)
87	jmm	18174	linux-ftpd (656005)
88	jmm	18175	loop-aes-utils (656009)
89	jmm	17231	ltsp
90			lurker
91			lvm2
92	jmm	18077	maildrop (655133)
93	jmm	17231	mapserver
94			maradns
95	jmm	18077	memcached (655134)
96	jmm	18302	mono (657518)
97	jmm	17231	mplayer
98	jmm	17281	mplayer2
99	jmm	17982	forked-daapd (654147)
100	jmm	17231	multipath-tools
101	jmm	17983	mutt (654148)
102	jmm	18253	icinga (656866)
103	jmm	17970	nbd (653954)
104	jmm	18098	ndiswrapper (655249)
105	jmm	18142	netpbm-free (655737)
106	jmm	18173	netrik (656004)
107	jmm	17231	net-snmp
108			newt
109			nginx
110			noweb
111			nspr
112	jmm	18294	nss (657325)
113	jmm	17231	openafs
114			open-iscsi
115			openjdk-6
116	jmm	18234	libreoffice (656643)
117	jmm	18174	opensaml2 (656006)
118	jmm	17889	openssl (653495)
119	jmm	18079	openswan (655139)
120	jmm	18076	openvpn (655130)
121	jmm	18173	pam-pgsql (656003)
122	jmm	18174	pcre3 (656008)
123	jmm	18252	pdns (656861)
124	jmm	18251	pdns-recursor (656859)
125	jmm	18113	perdition (655412)
126	jmm	17231	perl
127			ppp
128	jmm	18235	pptpd (656650)
129	jmm	18284	proftpd-dfsg (657213)
130	jmm	18072	pstotext (655105)
131	thijs	17273	python2.7
132			python3.2
133	jmm	18203	qemu (656276)
134	jmm	17231	qemu-kvm
135	jmm	17984	rssh (654155)
136	jmm	17802	rsync (652248)
137	jmm	18114	ruby-gnome2 (655415)
138	jmm	18065	sash (654909)
139	jmm	18221	screen (656513)
140	jmm	18232	smstools (656531)
141	jmm	18247	snmptrapfmt (656783)
142	jmm	17984	socat (654152)
143	jmm	17231	spamassassin
144			spamass-milter
145	jmm	18153	speex (655880)
146	jmm	18181	splitvt (656027)
147			squidguard (656028)
148	jmm	17231	subversion
149	jmm	18121	suphp (655419)
150	jmm	18084	syslog-ng (655163)
151	jmm	18154	systemtap (655882)
152	jmm	18236	texinfo (656659)
153	jmm	18188	tgt (656127)
154	jmm	17231	tk8.4
155	thijs	17273	tk8.5
156	jmm	17231	unbound
157			unicon
158	jmm	18197	unzip (656268)
159	jmm	17231	vlc
160	jmm	18252	vnc4 (656862)
161	jmm	18222	webcit (656515)
162	jmm	17231	webkit
163			wine
164	thijs	17273	wxwidgets2.8
165	jmm	18080	wzdftpd (655141)
166	jmm	18123	x11-xserver-utils (655503)
167	jmm	17231	xapian-omega
168	jmm	18235	xmlsec1 (656655)
169			xmltooling (656656)
170	jmm	18244	zabbix (656774)
171	jmm	18198	collectd (656271)
172			id3lib3.8.3 (656272)
173	jmm	18218	opensc (656350)
174	jmm	18220	openexr (656506)
175	jmm	18262	vsftpd (655103)
176	thijs	17273
177	jmm	17985
178	jmm	18188	Packages using Makefile.PL, needs additional research:
179			libhtml-parser-perl
180			libdbd-pg-perl
181			libimager-perl
182			libnet-dns-perl
183			wml
184
185	jmm	18284	Python packages, need additional research:
186	jmm	18222	zodb
187	jmm	18284	python-cjson
188			pygresql
189	jmm	18188
190	jmm	18222
191	jmm	17965	Packages using Scons, needs additional research:
192			blender
193	jmm	17772
194	jmm	18073	Packages using cmake, needs additional research:
195			kaffeine
196	jmm	18095	kdebase
197			kde4libs
198			kdegraphics
199			ktorrent
200			kvirc
201	jmm	18153	wesnoth-1.9
202	jmm	18232
203			Packages using qmake, needs additional research:
204	jmm	18186	psi
205	jmm	18232	qt4-x11
206			qt-x11-free
207	jmm	17965
208	jmm	18253	Ocaml packages, needs additional research:
209			mysql-ocaml
210	jmm	18073
211	jmm	18253
212	jmm	18090	Packages, which should rather be removed than hardened:
213			cgiirc (suggested removal in #653510)
214			djbdns
215			dkim-milter (currently broken, dropped from testing: #629663)
216			kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
217			osiris (suggested removal in 655116)
218	jmm	18198	scponly (RM bug: 650590)
219	jmm	18090
220
221
222	jmm	18134	Candidate packages using cdbs, needs further studying:
223			sympa
224			libgd2
225			icedove
226			ghostscript
227			libvirt
228			gimp
229	jmm	17286	koffice
230	jmm	17288	libspf2
231	jmm	17338	wordnet
232			sendmail
233	jmm	17349	afuse
234			bomberclone
235			camlimages
236			couchdb
237			crossfire
238			dvipng
239			eggdrop
240			gdm3
241			glib2.0
242			gnutls26
243			gst-plugins-bad0.10
244			gst-plugins-good0.10
245			heimdal
246			icu
247			jabberd14
248			libapache2-mod-fcgid
249			evince
250			libast
251			libgtop2
252			libnss-ldap
253			libpam-ldap
254			libsoup2.4
255			libtasn1-3
256			libtheora
257			link-grammar
258			lsh-server
259			mediawiki
260			moin
261			pango1.0
262			pmount
263			polipo
264			poppler
265			postgresql-ocaml
266			pulseaudio
267			ruby1.8
268			ruby1.9.1
269			squid3
270			streamripper
271			sword
272			t1lib
273			unalz
274			uw-imap
275			vino
276	jmm	17280
277	jmm	17286
278	jmm	17719	Fixed:
279			samba (2:3.5.11~dfsg-2)
280	thijs	17395	mailman (1:2.1.14-3)
281	jmm	17719	flac (1.2.1-6)
282	thijs	17673	xorg-server (2:1.11.1.901-1)
283	jmm	17719	openldap (2.4.25-4)
284			vim (2:7.3.346-1)
285			freetype (2.4.7-2)
286			python-crypto (2.4-1)
287			xorg-server (2:1.11.1.901-1)
288	gilbert-guest	17529	xpdf (3.03-7)
289	nion	17908	fetchmail (6.3.21-3)
290	jmm	17772	libmusicbrainz-2.1 (2.1_2.1.5-6.1)
291	jmm	17719	network-manager (0.9.1.95-1)
292			libmusicbrainz-2.1 (2.1_2.1.5-6.1)
293			tmux (1.6~svn2630-2)
294			tcpdump (4.2.0~rc1-2)
295			libthai (0.1.16-1)
296			git (1:1.7.7.2-1)
297			man-db (2.6.0.2-3)
298	jmm	17802	elinks (0.12~pre5-6)
299	jmm	17883	zgv (5.9-4)
300	jmm	17886	jasper (1.900.1-11)
301			xfs (1.0.8-7)
302	jmm	17902	fbi (2.07-9)
303	jmm	17889	reprepro (4.5.0-1)
304	jmm	17902	antiword (0.37-8) (653499)
305	jmm	17893	wv2 (0.4.2.dfsg.1-5)
306	jmm	17896	dpkg (1.16.1)
307	jmm	17899	fuse (2.8.6-3)
308	jmm	17902	fontforge (0.0.20110222-6) (653534)
309	jmm	17917	apache2 (2.2.21-4)
310			cabextract (1.4-2) (653509)
311	jmm	17921	htdig (3.2.0b6-12)
312	jmm	17957	xterm (276-2) (653488)
313			enscript (1.6.5.90-2) (653528)
314			amule (2.3.1-2) (653503)
315	jmm	17969	gv (1:3.7.1-2)
316	jmm	17979	bluez-hcidump (2.1-2) (653507)
317	jmm	17998	lighttpd (1.4.30-1) (654151)
318	jmm	17996	pimd (2.1.8-2) (654081)
319			chmlib (2:0.40a-2) (653955)
320	jmm	18007	lynx-cur (6.6.7-4) (654097)
321	jmm	18016	rdesktop (1.7.0-2) (653498)
322	jmm	18023	libpam-krb5 (4.5-3) (654293)
323			curl (7.23.1-3) (654521)
324	jmm	18043	audiofile (0.3.2-1) (651029)
325	jmm	18047	libarchive (2.8.5-2)
326	jmm	18053	courier (0.66.3-2) (654794)
327	jmm	18062	libsndfile (1.0.25-4) (654831)
328	jmm	18064	libwmf (0.2.8.4-10)
329	jmm	18065	exiftags (1.01-5) (654804)
330	jmm	18073	nss-pam-ldapd (0.8.5)
331			isc-dhcp (4.2.2-2)
332	jmm	18080	sdl-image1.2 (1.2.10-3)
333	jmm	18082	mtr (0.82-2) (654117)
334	jmm	18084	dia (0.97.2-4)
335	jmm	18095	libpng (1.2.46-4) (654149)
336	jmm	18101	mldonkey (3.1.0-3) (655140)
337			avahi (0.6.30-6) (655188)
338	jmm	18106	mon (1.2.0-5) (655137)
339	jmm	18107	acpid (1:2.0.14-2) (653502)
340			libsmi (0.4.8+dfsg2-5) (654812)
341	jmm	18134	sudo (1.8.3p1-3) (655417)
342			zoo (2.10-25) (655499)
343			citadel (8.04-1) (653514)
344	jmm	18141	firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
345	jmm	18148	wget (1.13.4-2) (654908)
346	jmm	18149	krb5 (1.10+dfsg~beta1-1) (655248)
347	jmm	18170	libxml2 (2.7.8.dfsg-6) (654903)
348	jmm	18186	lftp (4.3.4-1)
349	jmm	18232	libcdaudio (0.99.12p2-11) (656507)
350			asterisk (1:1.8.8.2~dfsg-1) (653944)
351	jmm	18236	ntp (1:4.2.6.p3+dfsg-2)
352	jmm	18237	pcsc-lite (1.8.2-1) (656273)
353	jmm	18246	libtorrent-rasterbar (0.15.9-1) (656519)
354	jmm	18250	tcpreen (1.4.4-2) (655250)
355			slurm-llnl (2.3.2-2) (656781)
356	jmm	18262	mlmmj (1.2.17-4) (655893)
357			nas (1.9.3-3) (655743, 656857)
358			dspam (3.10.1+dfsg-3+b1) (655189)
359			tinyproxy (1.8.3-2) (655870)
360	jmm	18279	xine-lib (1.1.20.1-2) (655146)
361			apt (0.8.16~exp12) (653504)
362	jmm	18282	exiv2 (0.22-2) (656356)
363	jmm	18301	xml-security-c (1.6.1-2) (656658)
364			httrack (3.44.2-1) (657334)
365	jmm	18302	telepathy-gabble (0.14.1-1) (656517)
366			mimetex (1.73-2) (656646)
367	jmm	17231
368	jmm	17312
369	jmm	18149
370	jmm	18301
371	jmm	17883	Hardening incomplete:
372			gtetrinet (653443)
373	jmm	18134	ncompress (relro missing)
374	jmm	17883
375
376	jmm	17890	Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
377			apr
378			apr-util
379	jmm	18053	pound (654833)
380	jmm	18078	mpg123
381	jmm	17883
382	jmm	17890
383
384	jmm	17291	Packages using hardening-wrapper/-includes (these are considered fixed, although
385	jmm	17289	switching them over to dpkg-buildflags might be worthwhile later on):
386	jmm	17291	netatalk
387	jmm	18220	strongswan
388	jmm	17291	graphicsmagick
389			udev
390			xfce4-terminal
391			openssh
392			evolution
393			dbus
394			libgsf
395			tor
396			evolution-data-server
397	jmm	17289	cyrus-imapd-2.4
398			aria2
399			mysql-5.1
400			cups
401			wireshark
402			squid
403			exim4
404			php5
405			ipsec-tools
406			postgresql-8.4
407			postgresql-9.0
408			postgresql-9.1
409			gnupg2
410			nagios3
411			tiff
412			bind9
413			postfix
414			chromium-browser
415			pidgin
416			nagios-plugins
417			znc
418			cyrus-sasl2
419			ldns
420			quagga
421	jmm	18113	nsd3
422	jmm	17289
423
424
425	jmm	17349
426
427
428	jmm	17354
429
430
431
432
433