/[secure-testing]/hardening/subgoal-dsa.txt

Diff of /hardening/subgoal-dsa.txt

Parent Directory | Revision Log | View Patch Patch

-revision 17396 by thijs,
Sun Oct  9 13:34:01 2011 UTC
+revision 18197 by jmm,
Tue Jan 17 22:44:42 2012 UTC
 Line 13 
 Instructions:
  Candidates:
- abcmidi
+ alsaplayer (654518)
- acpid
+ amarok (653354)
- alsaplayer
+ apt (653504)
- amarok
+ asterisk (653944)
- amule
+ barnowl (653506)
- antiword
+ beid (653956)
- apache2
+ bochs (653511)
- apr
+ bzip2 (655164)
- apr-util
+ capi4hylafax (653539)
- apt
+ chrony (655123)
- asterisk
+ clamav (653958)
- audiofile
+ courier-authlib (655168)
- avahi
+ cpio (654522)
- barnowl
+ cscope (653490)
- beid
+ ctorrent (653536)
- blender
+ devil (653535)
- bluez-hcidump
+ dspam (655189)
- bochs
+ dovecot (653530)
- bsdgames
+ drbd8 (currently broken: #654459)
- bzip2
+ e2fsprogs (654457)
- cabextract
- capi4hylafax
- cgiirc
- cheesetracker
- chmlib
- chrony
- citadel
- clamav
- collectd
- courier
- courier-authlib
- cpio
- crawl
- cscope
- ctorrent
- curl
- cyrus-imapd-2.2
- devil
- devscripts
- dia
- djbdns
- dkim-milter
- dovecot
- dpkg
- drbd8
- dspam
- e2fsprogs
  ejabberd
- ekg
+ ekg (653531)
- elinks
+ emacs23 (655118)
- emacs23
+ expat (653526)
- enscript
+ file (653481)
- exiftags
+ flex (655414)
- exiv2
+ freeciv (654809)
- expat
- fbi
- fetchmail
- file
- firebird2.5
- flac
- flex
- fontforge
- freeciv
  freeradius
- freetype
+ ganglia (655126)
- fuse
- ganglia
- git-core
  eglibc
  gmime2.4
  pioneers
  gnumeric
- gnupg
+ gnupg (653480)
- gv
+ gzip (currently broken: 653960)
- gzip
+ hashcash (655864)
- hashcash
  heartbeat
  hostapd
  hplip
- htdig
  httrack
- hybserv
+ hylafax (656260)
- hylafax
  iceape
- iceweasel
+ iceweasel (653191)
- id3lib3.8.3
  imagemagick
  imlib2
  inotify-tools
  ircd-hybrid
  isakmpd
- isc-dhcp
  iscsitarget
- jasper
- kaffeine
  kazehakase
- kde4libs
- kdebase
- kdegraphics
- kolab-cyrus-imapd
- krb5
  krb5-appl
- ktorrent
- kvirc
  l2tpns
  lasso
- lcms
+ lcms (654821)
- lftp
  libapache2-mod-authnz-external
  libapache2-mod-auth-pgsql
  libapache-mod-auth-kerb
  libapache-mod-jk
- libarchive
  libav
- cairo
+ cairo (655128)
- libcdaudio
+ libcgroup (654819)
- libcgroup
- libdbd-pg-perl
  libdumb
- libexif
+ libexif (650998)
  libextractor
  libfishsound
- libhtml-parser-perl
- libimager-perl
  libmikmod
- libmodplug
+ libmodplug (654817)
- libnet-dns-perl
+ librpcsecgss (654808)
- libpam-heimdal
- libpam-krb5
- libpng
- librpcsecgss
- libsmi
- libsndfile
- libthai
  libtk-img
  libtool
- libtorrent-rasterbar
+ libtunepimp (654832)
- libtunepimp
  libvorbis
- libwpd
+ libwpd (653947)
- libxfont
+ libxfont (654154)
- libxml2
+ libxslt (655601)
- libxslt
+ links2 (654807)
- lighttpd
+ linux-ftpd (656005)
- links2
+ loop-aes-utils (656009)
- linux-ftpd
- loop-aes-utils
  ltsp
  lurker
  lvm2
- lynx-cur
+ maildrop (655133)
- maildrop
  mapserver
  maradns
- memcached
+ memcached (655134)
  mimetex
- mldonkey
+ mlmmj (655893)
- mlmmj
- mon
  mono
- mpg123
  mplayer
  mplayer2
- forked-daapd
+ forked-daapd (654147)
- mtr
  multipath-tools
- mutt
+ mutt (654148)
  mysql-ocaml
  icinga
- nas
+ nas (655743)
- nbd
+ nbd (653954)
- ndiswrapper
+ ndiswrapper (655249)
- netpbm-free
+ netpbm-free (655737)
- netrik
+ netrik (656004)
  net-snmp
- network-manager
  newt
  nginx
- no-ip
  noweb
- nsd3
  nspr
  nss
- nss-pam-ldapd
  ntp
  openafs
- openexr
  open-iscsi
  openjdk-6
- openldap
  libreoffice
- opensaml2
+ opensaml2 (656006)
- opensc
+ openssl (653495)
- openssl
+ openswan (655139)
- openswan
+ openvpn (655130)
- openvpn
+ pam-pgsql (656003)
- oprofile
+ pcre3 (656008)
- osiris
- pam-pgsql
- pcre3
- pcsc-lite
  pdns
  pdns-recursor
- perdition
+ perdition (655412)
  perl
- petris
- pimd
- pinball
- pound
  ppp
  pptpd
  proftpd-dfsg
- psi
+ pstotext (655105)
- pstotext
  pygresql
- python2.6
  python2.7
  python3.2
  python-cjson
- python-crypto
  qemu
  qemu-kvm
  qt4-x11
  qt-x11-free
- rdesktop
+ rssh (654155)
- reprepro
+ rsync (652248)
- rssh
+ ruby-gnome2 (655415)
- rsync
+ sash (654909)
- ruby-gnome2
- samba
- sash
  scponly
  screen
- sdl-image1.2
  slurm-llnl
  smstools
  snmptrapfmt
- socat
+ socat (654152)
  spamassassin
  spamass-milter
- speex
+ speex (655880)
- splitvt
+ splitvt (656027)
- squidguard
+ squidguard (656028)
  strongswan
  subversion
- sudo
+ suphp (655419)
- suphp
+ syslog-ng (655163)
- syslog-ng
+ systemtap (655882)
- systemtap
+ tcpreen (655250)
- tcpreen
  telepathy-gabble
  texinfo
- tgt
+ tgt (656127)
- thttpd
+ tinyproxy (655870)
- tinymux
- tinyproxy
  tk8.4
  tk8.5
- tuxpaint
- typespeed
  unbound
  unicon
- unzip
+ unzip (656268)
- util-linux
- vim
  vlc
  vnc4
  webcit
  webkit
- wesnoth
- wget
  wine
- wml
- wv2
- wxwidgets2.6
  wxwidgets2.8
- wzdftpd
+ wzdftpd (655141)
- x11-xserver-utils
+ x11-xserver-utils (655503)
  xapian-omega
- xfs
+ xine-lib (655146)
- xine-lib
- xmcd
  xmlsec1
  xml-security-c
  xmltooling
- xorg-server
- xpdf
- xterm
  zabbix
- zgv
  zodb
- zoo
+ vsftpd (655103)
+ collectd
- Candidate packages using cdbs, fixed with the next upload after 2011-09-23 with
+ Packages using dh, but which need additional multiarch changes for compat 9:
-   the upload of dpkg/1.16.1:
+ opensc
- koffice
+ openexr
- kphone
+ libtorrent-rasterbar
+ exiv2
+ libcdaudio
+ pcsc-lite
+ id3lib3.8.3
+ Packages using Makefile.PL, needs additional research:
+ libhtml-parser-perl
+ libdbd-pg-perl
+ libimager-perl
+ libnet-dns-perl
+ wml
+ Packages using Scons, needs additional research:
+ blender
+ Packages using cmake, needs additional research:
+ kaffeine
+ kdebase
+ kde4libs
+ kdegraphics
+ ktorrent
+ kvirc
+ wesnoth-1.9
+ psi
+ Packages, which should rather be removed than hardened:
+ cgiirc (suggested removal in #653510)
+ djbdns
+ dkim-milter (currently broken, dropped from testing: #629663)
+ kolab-cyrus-imapd (will be removed and built from the cyrus-2.4 package; #647221)
+ osiris (suggested removal in 655116)
+ Candidate packages using cdbs, needs further studying:
+ sympa
  libgd2
+ icedove
+ ghostscript
+ libvirt
+ gimp
+ koffice
  libspf2
  wordnet
  sendmail
-Line 327 
 glib2.0
+Line 259 
 glib2.0
  gnutls26
  gst-plugins-bad0.10
  gst-plugins-good0.10
- gtetrinet
  heimdal
- icedove
  icu
  jabberd14
  libapache2-mod-fcgid
-Line 341 
 libpam-ldap
+Line 271 
 libpam-ldap
  libsoup2.4
  libtasn1-3
  libtheora
- libwmf
  link-grammar
  lsh-server
  mediawiki
-Line 357 
 ruby1.9.1
+Line 286 
 ruby1.9.1
  squid3
  streamripper
  sword
- sympa (#644827)
  t1lib
  unalz
  uw-imap
  vino
- Partially fixed:
+ Fixed:
- -
+ samba (2:3.5.11~dfsg-2)
+ mailman (1:2.1.14-3)
+ flac (1.2.1-6)
+ xorg-server (2:1.11.1.901-1)
+ openldap (2.4.25-4)
+ vim (2:7.3.346-1)
+ freetype (2.4.7-2)
+ python-crypto (2.4-1)
+ xorg-server (2:1.11.1.901-1)
+ xpdf (3.03-7)
+ fetchmail (6.3.21-3)
+ libmusicbrainz-2.1 (2.1_2.1.5-6.1)
+ network-manager (0.9.1.95-1)
+ libmusicbrainz-2.1 (2.1_2.1.5-6.1)
+ tmux (1.6~svn2630-2)
+ tcpdump (4.2.0~rc1-2)
+ libthai (0.1.16-1)
+ git (1:1.7.7.2-1)
+ man-db (2.6.0.2-3)
+ elinks (0.12~pre5-6)
+ zgv (5.9-4)
+ jasper (1.900.1-11)
+ xfs (1.0.8-7)
+ fbi (2.07-9)
+ reprepro (4.5.0-1)
+ antiword (0.37-8) (653499)
+ wv2 (0.4.2.dfsg.1-5)
+ dpkg (1.16.1)
+ fuse (2.8.6-3)
+ fontforge (0.0.20110222-6) (653534)
+ apache2 (2.2.21-4)
+ cabextract (1.4-2) (653509)
+ htdig (3.2.0b6-12)
+ xterm (276-2) (653488)
+ enscript (1.6.5.90-2) (653528)
+ amule (2.3.1-2) (653503)
+ gv (1:3.7.1-2)
+ bluez-hcidump (2.1-2) (653507)
+ lighttpd (1.4.30-1) (654151)
+ pimd (2.1.8-2) (654081)
+ chmlib (2:0.40a-2) (653955)
+ lynx-cur (6.6.7-4) (654097)
+ rdesktop (1.7.0-2) (653498)
+ libpam-krb5 (4.5-3) (654293)
+ curl (7.23.1-3) (654521)
+ audiofile (0.3.2-1) (651029)
+ libarchive (2.8.5-2)
+ courier (0.66.3-2) (654794)
+ libsndfile (1.0.25-4) (654831)
+ libwmf (0.2.8.4-10)
+ exiftags (1.01-5) (654804)
+ nss-pam-ldapd (0.8.5)
+ isc-dhcp (4.2.2-2)
+ sdl-image1.2 (1.2.10-3)
+ mtr (0.82-2) (654117)
+ dia (0.97.2-4)
+ libpng (1.2.46-4) (654149)
+ mldonkey (3.1.0-3) (655140)
+ avahi (0.6.30-6) (655188)
+ mon (1.2.0-5) (655137)
+ acpid (1:2.0.14-2) (653502)
+ libsmi (0.4.8+dfsg2-5) (654812)
+ sudo (1.8.3p1-3) (655417)
+ zoo (2.10-25) (655499)
+ citadel (8.04-1) (653514)
+ firebird2.5 (2.5.2~svn+53854.ds4-1) (654793)
+ wget (1.13.4-2) (654908)
+ krb5 (1.10+dfsg~beta1-1) (655248)
+ libxml2 (2.7.8.dfsg-6) (654903)
+ lftp (4.3.4-1)
+ Hardening incomplete:
+ gtetrinet (653443)
+ ncompress (relro missing)
- Fixed through cdbs (log or pkg should be checked, before moving to
- Resolved/fixed, since some Makefile or buildsystem foo might reset
- flags)
- libvirt (0.9.6-1)
- gimp (2.6.11-4)
- ghostscript (9.04~dfsg-1)
+ Packages, which use hardened build flags manually, but not yet dpkg-buildflags:
+ apr
+ apr-util
+ pound (654833)
+ mpg123
- Resolved/fixed:
- mailman (1:2.1.14-3)
- ncompress (4.2.4.4-3)
- xzgv (5.9-3)
- libmusicbrainz-2.1 (2.1_2.1.5-6.1)
  Packages using hardening-wrapper/-includes (these are considered fixed, although
     switching them over to dpkg-buildflags might be worthwhile later on):
- tmux
  netatalk
- man-db
  graphicsmagick
  udev
  xfce4-terminal
  openssh
  evolution
  dbus
- tcpdump
  libgsf
  tor
  evolution-data-server
-Line 421 
 znc
+Line 416 
 znc
  cyrus-sasl2
  ldns
  quagga
+ nsd3

 Legend:



Removed from v.17396
 


changed lines


 
Added in v.18197
 Legend:



Removed from v.17396
 


changed lines


 
Added in v.18197
-Removed from v.17396
+Added in v.18197

	ViewVC Help
Powered by ViewVC 1.1.5